From c47db4bd50a2da84ebf5ccb277f0c14c604c0615 Mon Sep 17 00:00:00 2001 From: igorjnzl <86031696+igorjnzl@users.noreply.github.com> Date: Mon, 4 Nov 2024 01:59:07 +0000 Subject: [PATCH] [create-pull-request] automated change --- checklists-ext/fullwaf_checklist.en.json | 4 +- checklists/alz_checklist.en.json | 2 +- checklists/checklist.en.master.json | 4348 +++-- checklists/waf_checklist.en.json | 15822 ++++++++-------- checklists/waf_checklist.es.json | 2 +- checklists/waf_checklist.ja.json | 2 +- checklists/waf_checklist.ko.json | 2 +- checklists/waf_checklist.pt.json | 2 +- checklists/waf_checklist.zh-Hant.json | 2 +- spreadsheet/macrofree/alz_checklist.en.xlsx | Bin 51409 -> 51449 bytes spreadsheet/macrofree/alz_checklist.es.xlsx | Bin 54122 -> 54059 bytes spreadsheet/macrofree/alz_checklist.ja.xlsx | Bin 59652 -> 55883 bytes spreadsheet/macrofree/alz_checklist.ko.xlsx | Bin 57623 -> 54440 bytes spreadsheet/macrofree/alz_checklist.pt.xlsx | Bin 54195 -> 54042 bytes .../macrofree/alz_checklist.zh-Hant.xlsx | Bin 56275 -> 54097 bytes .../macrofree/checklist.en.master.xlsx | Bin 581621 -> 583121 bytes spreadsheet/macrofree/waf_checklist.en.xlsx | Bin 236447 -> 237331 bytes spreadsheet/macrofree/waf_checklist.es.xlsx | Bin 231056 -> 231495 bytes spreadsheet/macrofree/waf_checklist.ja.xlsx | Bin 253146 -> 236457 bytes spreadsheet/macrofree/waf_checklist.ko.xlsx | Bin 246028 -> 232260 bytes spreadsheet/macrofree/waf_checklist.pt.xlsx | Bin 232093 -> 231636 bytes .../macrofree/waf_checklist.zh-Hant.xlsx | Bin 238731 -> 228927 bytes .../alz_checklist.en_counters_workbook.json | 10 +- ...ecklist.en_counters_workbook_template.json | 2 +- .../alz_checklist.en_network_counters.json | 1582 +- ...hecklist.en_network_counters_template.json | 2 +- .../alz_checklist.en_network_tabcounters.json | 4034 ++-- ...klist.en_network_tabcounters_template.json | 2 +- .../alz_checklist.en_network_workbook.json | 1860 +- ...hecklist.en_network_workbook_template.json | 2 +- workbooks/alz_checklist.en_workbook.json | 10 +- .../alz_checklist.en_workbook_template.json | 2 +- ...hecklist.en_network_counters_workbook.json | 318 +- ...en_network_counters_workbook_template.json | 2 +- ...elivery_checklist.en_network_workbook.json | 4 +- ...hecklist.en_network_workbook_template.json | 2 +- 36 files changed, 13994 insertions(+), 14024 deletions(-) diff --git a/checklists-ext/fullwaf_checklist.en.json b/checklists-ext/fullwaf_checklist.en.json index ab4016b3..f6780302 100644 --- a/checklists-ext/fullwaf_checklist.en.json +++ b/checklists-ext/fullwaf_checklist.en.json @@ -9549,7 +9549,7 @@ { "checklist": "Azure Landing Zone Review", "guid": "5d82e6df-6f61-42f2-82e2-3132d293be3d", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-microsoft-customer-agreement#design-recommendations", + "link": "https://learn.microsoft.com/azure/lighthouse/overview", "service": "Entra", "severity": "High", "text": "If you give a partner access to administer your tenant, use Azure Lighthouse.", @@ -27463,7 +27463,7 @@ ], "metadata": { "name": "WAF checklist", - "timestamp": "October 24, 2024" + "timestamp": "November 04, 2024" }, "severities": [ { diff --git a/checklists/alz_checklist.en.json b/checklists/alz_checklist.en.json index f6133dd7..730f46bc 100644 --- a/checklists/alz_checklist.en.json +++ b/checklists/alz_checklist.en.json @@ -2951,6 +2951,6 @@ "name": "Azure Landing Zone Review", "state": "GA", "waf": "all", - "timestamp": "October 24, 2024" + "timestamp": "November 04, 2024" } } \ No newline at end of file diff --git a/checklists/checklist.en.master.json b/checklists/checklist.en.master.json index f2273d96..365b46eb 100644 --- a/checklists/checklist.en.master.json +++ b/checklists/checklist.en.master.json @@ -238,8 +238,8 @@ "guid": "c851fd44-7cf1-459c-95a4-f6455d75a981", "link": "https://learn.microsoft.com/azure/architecture/guide/multitenant/approaches/cost-management-allocation", "services": [ - "Cost", - "Monitor" + "Monitor", + "Cost" ], "severity": "Medium", "subcategory": "Cost Optimization", @@ -411,8 +411,8 @@ "link": "https://learn.microsoft.com/azure/container-registry/container-registry-tutorial-sign-build-push", "service": "ACR", "services": [ - "AKV", - "ACR" + "ACR", + "AKV" ], "severity": "High", "subcategory": "Data Protection", @@ -428,8 +428,8 @@ "link": "https://learn.microsoft.com/azure/container-registry/tutorial-customer-managed-keys", "service": "ACR", "services": [ - "AKV", - "ACR" + "ACR", + "AKV" ], "severity": "Medium", "subcategory": "Data Protection", @@ -480,9 +480,9 @@ "link": "https://learn.microsoft.com/azure/container-registry/container-registry-roles?tabs=azure-cli", "service": "ACR", "services": [ - "Entra", + "RBAC", "ACR", - "RBAC" + "Entra" ], "severity": "High", "subcategory": "Identity and Access Control", @@ -529,10 +529,10 @@ "guid": "b3bec3d4-f343-47c1-936d-b55f27a71eee", "service": "ACR", "services": [ - "EventHubs", + "PrivateLink", "ACR", - "Entra", - "PrivateLink" + "EventHubs", + "Entra" ], "severity": "High", "subcategory": "Identity and Access Control", @@ -564,9 +564,9 @@ "link": "https://learn.microsoft.com/azure/container-registry/monitor-service", "service": "ACR", "services": [ - "Entra", "ACR", - "Monitor" + "Monitor", + "Entra" ], "severity": "Medium", "subcategory": "Logging and Monitoring", @@ -581,10 +581,10 @@ "link": "https://learn.microsoft.com/azure/container-registry/container-registry-private-link", "service": "ACR", "services": [ - "VNet", - "Firewall", + "PrivateLink", "ACR", - "PrivateLink" + "VNet", + "Firewall" ], "severity": "Medium", "subcategory": "Network Security", @@ -600,8 +600,8 @@ "link": "https://learn.microsoft.com/azure/container-registry/container-registry-access-selected-networks#disable-public-network-access", "service": "ACR", "services": [ - "ACR", - "PrivateLink" + "PrivateLink", + "ACR" ], "severity": "Medium", "subcategory": "Network Security", @@ -617,8 +617,8 @@ "link": "https://learn.microsoft.com/azure/container-registry/container-registry-skus", "service": "ACR", "services": [ - "ACR", - "PrivateLink" + "PrivateLink", + "ACR" ], "severity": "Medium", "subcategory": "Network Security", @@ -633,8 +633,8 @@ "link": "https://learn.microsoft.com/azure/defender-for-cloud/defender-for-containers-introduction", "service": "ACR", "services": [ - "Defender", - "ACR" + "ACR", + "Defender" ], "severity": "Low", "subcategory": "Network Security", @@ -1088,8 +1088,8 @@ "link": "https://learn.microsoft.com/azure/backup/backup-azure-vms-introduction", "service": "VM", "services": [ - "VM", - "Backup" + "Backup", + "VM" ], "severity": "High", "subcategory": "Virtual Machines", @@ -1134,9 +1134,9 @@ "link": "https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk", "service": "VM", "services": [ - "Storage", "VM", - "SQL" + "SQL", + "Storage" ], "severity": "Medium", "subcategory": "Virtual Machines", @@ -1151,9 +1151,9 @@ "link": "https://learn.microsoft.com/azure/reliability/availability-zones-overview", "service": "VM", "services": [ - "Storage", "ACR", - "VM" + "VM", + "Storage" ], "severity": "Medium", "subcategory": "Virtual Machines", @@ -1183,8 +1183,8 @@ "link": "https://learn.microsoft.com/azure/virtual-machines/availability", "service": "VM", "services": [ - "VM", - "ASR" + "ASR", + "VM" ], "severity": "High", "subcategory": "Virtual Machines", @@ -1200,8 +1200,8 @@ "service": "VM", "services": [ "AVS", - "VM", - "ASR" + "ASR", + "VM" ], "severity": "High", "subcategory": "Virtual Machines", @@ -1231,8 +1231,8 @@ "link": "https://learn.microsoft.com/azure/quotas/per-vm-quota-requests", "service": "VM", "services": [ - "VM", - "ASR" + "ASR", + "VM" ], "severity": "Medium", "subcategory": "Virtual Machines", @@ -1352,8 +1352,8 @@ "link": "https://learn.microsoft.com/azure/backup/backup-azure-immutable-vault-concept?source=recommendations&tabs=recovery-services-vault", "service": "Backup", "services": [ - "Storage", - "Backup" + "Backup", + "Storage" ], "severity": "Low", "subcategory": "Backup", @@ -1436,8 +1436,8 @@ "guid": "ced126cd-032a-4f5b-8fc6-998a535e3378", "link": "https://learn.microsoft.com/azure/application-gateway/overview-v2", "services": [ - "Storage", - "AppGW" + "AppGW", + "Storage" ], "severity": "High", "subcategory": "Application Gateways", @@ -1466,9 +1466,9 @@ "link": "https://learn.microsoft.com/azure/networking/disaster-recovery-dns-traffic-manager", "services": [ "ASR", - "DNS", "Monitor", - "TrafficManager" + "TrafficManager", + "DNS" ], "severity": "Low", "subcategory": "DNS", @@ -1483,8 +1483,8 @@ "link": "https://learn.microsoft.com/azure/dns/tutorial-dns-private-resolver-failover", "service": "DNS", "services": [ - "DNS", "ACR", + "DNS", "ASR" ], "severity": "Low", @@ -1543,10 +1543,10 @@ "guid": "ead53cc7-de2e-48aa-ab35-71549ab9153d", "link": "https://learn.microsoft.com/azure/expressroute/use-s2s-vpn-as-backup-for-expressroute-privatepeering", "services": [ - "VPN", - "Cost", "ExpressRoute", - "Backup" + "Backup", + "Cost", + "VPN" ], "severity": "Low", "subcategory": "ExpressRoute", @@ -1574,8 +1574,8 @@ "guid": "b2b38c88-6ba2-4c02-8499-114a5d3ce574", "link": "https://learn.microsoft.com/azure/load-balancer/load-balancer-standard-availability-zones", "services": [ - "VM", - "LoadBalancer" + "LoadBalancer", + "VM" ], "severity": "Low", "subcategory": "Load Balancers", @@ -1619,8 +1619,8 @@ "guid": "927139b8-2110-42db-b6ea-f11e6f843e53", "link": "https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-highlyavailable", "services": [ - "VPN", - "ACR" + "ACR", + "VPN" ], "severity": "Medium", "subcategory": "VPN Gateways", @@ -1660,8 +1660,8 @@ "guid": "aa359271-8e6e-4205-8725-769e46691e88", "link": "https://learn.microsoft.com/azure/azure-arc/servers/prerequisites#azure-subscription-and-service-limits", "services": [ - "Arc", - "Entra" + "Entra", + "Arc" ], "severity": "Medium", "subcategory": "Capacity Planning", @@ -1760,9 +1760,9 @@ "guid": "9bf39d95-d44c-47c8-a19c-a1f6d5215ae5", "link": "https://learn.microsoft.com/azure/azure-arc/servers/security-overview#identity-and-access-control", "services": [ + "RBAC", "Entra", - "Arc", - "RBAC" + "Arc" ], "severity": "Medium", "subcategory": "Access", @@ -1775,9 +1775,9 @@ "guid": "14ba34d4-585e-4111-89bd-7ba012f7b94e", "link": "https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-nonaad", "services": [ - "AKV", + "Entra", "Arc", - "Entra" + "AKV" ], "severity": "Low", "subcategory": "Access", @@ -1808,8 +1808,8 @@ "link": "https://learn.microsoft.com/azure/azure-arc/servers/prerequisites#required-permissions", "services": [ "RBAC", - "Arc", - "Entra" + "Entra", + "Arc" ], "severity": "Medium", "subcategory": "Requirements", @@ -1824,8 +1824,8 @@ "link": "https://learn.microsoft.com/azure/azure-arc/servers/onboard-service-principal#create-a-service-principal-for-onboarding-at-scale", "services": [ "RBAC", - "Arc", - "Entra" + "Entra", + "Arc" ], "severity": "Medium", "subcategory": "Security", @@ -1840,8 +1840,8 @@ "link": "https://learn.microsoft.com/azure/azure-arc/servers/onboard-service-principal#create-a-service-principal-for-onboarding-at-scale", "services": [ "RBAC", - "Arc", - "Entra" + "Entra", + "Arc" ], "severity": "Medium", "subcategory": "Security", @@ -1856,8 +1856,8 @@ "link": "https://learn.microsoft.com/azure/azure-arc/servers/prerequisites#required-permissions", "services": [ "RBAC", - "Arc", - "Entra" + "Entra", + "Arc" ], "severity": "Medium", "subcategory": "Security", @@ -1871,8 +1871,8 @@ "guid": "6ee79d6b-5c2a-4364-a4b6-9bad38aad53c", "link": "https://learn.microsoft.com/azure/azure-arc/servers/plan-at-scale-deployment", "services": [ - "Arc", - "Monitor" + "Monitor", + "Arc" ], "severity": "Medium", "subcategory": "Management", @@ -1886,8 +1886,8 @@ "guid": "c78e1d76-6673-457c-9496-74c5ed85b859", "link": "https://learn.microsoft.com/azure/azure-arc/servers/manage-agent#upgrade-the-agent", "services": [ - "Arc", - "Monitor" + "Monitor", + "Arc" ], "severity": "High", "subcategory": "Management", @@ -1901,9 +1901,9 @@ "guid": "c7733be2-a1a2-47b7-95a9-1be1f388ff39", "link": "https://learn.microsoft.com/azure/azure-arc/servers/manage-vm-extensions", "services": [ - "Arc", + "AzurePolicy", "Monitor", - "AzurePolicy" + "Arc" ], "severity": "Medium", "subcategory": "Management", @@ -1918,8 +1918,8 @@ "guid": "4c2bd463-cbbb-4c86-a195-abb91a4ed90d", "link": "https://learn.microsoft.com/azure/azure-arc/servers/manage-automatic-vm-extension-upgrade?tabs=azure-portal", "services": [ - "Arc", - "Monitor" + "Monitor", + "Arc" ], "severity": "High", "subcategory": "Management", @@ -1933,8 +1933,8 @@ "guid": "7a927c39-74d1-4102-aac6-aae01e6a84de", "link": "https://learn.microsoft.com/azure/governance/machine-configuration/overview", "services": [ - "Arc", - "Monitor" + "Monitor", + "Arc" ], "severity": "Medium", "subcategory": "Management", @@ -1947,8 +1947,8 @@ "guid": "37b6b780-cbaf-4e6c-9658-9d457a927c39", "link": "https://learn.microsoft.com/azure/azure-arc/servers/plan-at-scale-deployment#phase-3-manage-and-operate", "services": [ - "Arc", - "Monitor" + "Monitor", + "Arc" ], "severity": "High", "subcategory": "Monitoring", @@ -1962,8 +1962,8 @@ "guid": "74d1102c-ac6a-4ae0-8e6a-84de5df47d2d", "link": "https://learn.microsoft.com/azure/azure-monitor/agents/log-analytics-agent#data-collected", "services": [ - "Arc", - "Monitor" + "Monitor", + "Arc" ], "severity": "Medium", "subcategory": "Monitoring", @@ -1976,8 +1976,8 @@ "guid": "92881b1c-d5d1-4e54-a296-59e3958fd782", "link": "https://learn.microsoft.com/azure/service-health/resource-health-alert-monitor-guide", "services": [ - "Arc", - "Monitor" + "Monitor", + "Arc" ], "severity": "Medium", "subcategory": "Monitoring", @@ -1990,8 +1990,8 @@ "guid": "89c93555-6d02-4bfe-9564-b0d834a34872", "link": "https://learn.microsoft.com/azure/azure-arc/servers/learn/tutorial-enable-vm-insights", "services": [ - "Arc", - "Monitor" + "Monitor", + "Arc" ], "severity": "Medium", "subcategory": "Monitoring", @@ -2004,8 +2004,8 @@ "guid": "5df47d2d-9288-41b1-ad5d-1e54a29659e3", "link": "https://learn.microsoft.com/azure/azure-arc/servers/plan-at-scale-deployment#phase-3-manage-and-operate", "services": [ - "Arc", - "Monitor" + "Monitor", + "Arc" ], "severity": "Medium", "subcategory": "Monitoring", @@ -2021,8 +2021,8 @@ "link": "https://learn.microsoft.com/azure/update-manager/scheduled-patching?tabs=schedule-updates-single-machine%2Cschedule-updates-scale-overview%2Cwindows-maintenance", "services": [ "ACR", - "Arc", - "Monitor" + "Monitor", + "Arc" ], "severity": "Low", "subcategory": "Security", @@ -2064,10 +2064,10 @@ "guid": "94174158-33ee-47ad-9c6d-3733165c7acb", "link": "https://learn.microsoft.com/azure/azure-arc/servers/private-link-security", "services": [ - "VPN", "ExpressRoute", + "PrivateLink", "Arc", - "PrivateLink" + "VPN" ], "severity": "Medium", "subcategory": "Networking", @@ -2123,9 +2123,9 @@ "guid": "a264f9a1-9bf3-49d9-9d44-c7c8919ca1f6", "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/hybrid/arc-enabled-servers/eslz-arc-servers-connectivity#define-extensions-connectivity-method", "services": [ - "Arc", + "PrivateLink", "Monitor", - "PrivateLink" + "Arc" ], "severity": "Low", "subcategory": "Networking", @@ -2138,8 +2138,8 @@ "guid": "ac6aae01-e6a8-44de-9df4-7d2d92881b1c", "link": "https://learn.microsoft.com/azure/governance/policy/", "services": [ - "Arc", - "AzurePolicy" + "AzurePolicy", + "Arc" ], "severity": "Medium", "subcategory": "Management", @@ -2165,8 +2165,8 @@ "guid": "667357c4-4967-44c5-bd85-b859c7733be2", "link": "https://learn.microsoft.com/azure/governance/machine-configuration/machine-configuration-create", "services": [ - "Arc", - "AzurePolicy" + "AzurePolicy", + "Arc" ], "severity": "Medium", "subcategory": "Management", @@ -2179,8 +2179,8 @@ "guid": "49674c5e-d85b-4859-a773-3be2a1a27b77", "link": "https://learn.microsoft.com/azure/automation/change-tracking/overview", "services": [ - "Arc", - "Monitor" + "Monitor", + "Arc" ], "severity": "Medium", "subcategory": "Monitoring", @@ -2206,8 +2206,8 @@ "guid": "195abb91-a4ed-490d-ae2c-c84c37b6b780", "link": "https://learn.microsoft.com/azure/key-vault/general/basic-concepts", "services": [ - "AKV", - "Arc" + "Arc", + "AKV" ], "severity": "Medium", "subcategory": "Secrets", @@ -2221,10 +2221,10 @@ "guid": "6d02bfe4-564b-40d8-94a3-48726ee79d6b", "link": "https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret", "services": [ - "Storage", "AKV", + "Entra", "Arc", - "Entra" + "Storage" ], "severity": "High", "subcategory": "Secrets", @@ -2238,8 +2238,8 @@ "guid": "a1a27b77-5a91-4be1-b388-ff394c2bd463", "link": "https://learn.microsoft.com/azure/azure-arc/servers/security-overview#using-disk-encryption", "services": [ - "AKV", - "Arc" + "Arc", + "AKV" ], "severity": "Medium", "subcategory": "Secrets", @@ -2280,8 +2280,8 @@ "guid": "4b69bad3-8aad-453c-a78e-1d76667357c4", "link": "https://learn.microsoft.com/azure/azure-arc/servers/managed-identity-authentication", "services": [ - "Arc", - "Entra" + "Entra", + "Arc" ], "severity": "Medium", "subcategory": "Security", @@ -2352,8 +2352,8 @@ "link": "https://learn.microsoft.com/azure/storage/common/storage-private-endpoints", "service": "Storage", "services": [ - "Storage", - "PrivateLink" + "PrivateLink", + "Storage" ], "severity": "High", "subcategory": "Networking", @@ -2368,9 +2368,9 @@ "link": "https://learn.microsoft.com/azure/virtual-machines/migration-classic-resource-manager-overview#migration-of-storage-accounts", "service": "Storage", "services": [ - "Storage", + "RBAC", "Subscriptions", - "RBAC" + "Storage" ], "severity": "Medium", "subcategory": "Governance", @@ -2386,8 +2386,8 @@ "link": "https://learn.microsoft.com/azure/storage/common/azure-defender-storage-configure", "service": "Storage", "services": [ - "Storage", - "Defender" + "Defender", + "Storage" ], "severity": "High", "subcategory": "Governance", @@ -2477,9 +2477,9 @@ "link": "https://learn.microsoft.com/azure/storage/blobs/immutable-storage-overview", "service": "Storage", "services": [ - "Storage", + "AzurePolicy", "Subscriptions", - "AzurePolicy" + "Storage" ], "severity": "High", "subcategory": "Data Availability, Compliance", @@ -2556,8 +2556,8 @@ "link": "https://learn.microsoft.com/azure/storage/common/authorize-data-access", "service": "Storage", "services": [ - "Storage", - "Entra" + "Entra", + "Storage" ], "severity": "High", "subcategory": "Identity and Access Management", @@ -2571,9 +2571,9 @@ "guid": "a4b1410d-4395-48a8-a228-9b3d6b57cfc6", "service": "Storage", "services": [ - "Storage", "RBAC", - "Entra" + "Entra", + "Storage" ], "severity": "Medium", "subcategory": "Identity and Access Management", @@ -2588,8 +2588,8 @@ "link": "https://learn.microsoft.com/azure/storage/common/storage-sas-overview?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json#best-practices-when-using-sas", "service": "Storage", "services": [ - "Storage", - "Entra" + "Entra", + "Storage" ], "severity": "High", "subcategory": "Identity and Access Management", @@ -2605,10 +2605,10 @@ "link": "https://learn.microsoft.com/rest/api/storageservices/authorize-with-shared-key", "service": "Storage", "services": [ - "Storage", - "AKV", + "Monitor", "Entra", - "Monitor" + "AKV", + "Storage" ], "severity": "High", "subcategory": "Identity and Access Management", @@ -2623,10 +2623,10 @@ "link": "https://learn.microsoft.com/azure/storage/blobs/blob-storage-monitoring-scenarios#audit-account-activity", "service": "Storage", "services": [ - "Storage", - "AKV", "Monitor", - "AzurePolicy" + "AKV", + "AzurePolicy", + "Storage" ], "severity": "High", "subcategory": "Monitoring", @@ -2641,10 +2641,10 @@ "link": "https://learn.microsoft.com/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#create-a-key-expiration-policy", "service": "Storage", "services": [ - "Storage", - "Entra", "AKV", - "AzurePolicy" + "Entra", + "AzurePolicy", + "Storage" ], "severity": "Medium", "subcategory": "Identity and Access Management", @@ -2659,9 +2659,9 @@ "link": "https://learn.microsoft.com/azure/storage/common/sas-expiration-policy", "service": "Storage", "services": [ - "Storage", "Entra", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "Medium", "subcategory": "Identity and Access Management", @@ -2676,10 +2676,10 @@ "link": "https://learn.microsoft.com/rest/api/storageservices/define-stored-access-policy", "service": "Storage", "services": [ - "Storage", - "Entra", "AKV", - "AzurePolicy" + "Entra", + "AzurePolicy", + "Storage" ], "severity": "Medium", "subcategory": "Identity and Access Management", @@ -2693,8 +2693,8 @@ "link": "https://microsoft.github.io/code-with-engineering-playbook/continuous-integration/dev-sec-ops/secret-management/recipes/detect-secrets-ado/", "service": "Storage", "services": [ - "Storage", - "AKV" + "AKV", + "Storage" ], "severity": "Medium", "subcategory": "CI/CD", @@ -2709,8 +2709,8 @@ "link": "https://learn.microsoft.com/azure/architecture/framework/security/design-storage-keys", "service": "Storage", "services": [ - "Storage", - "Entra" + "Entra", + "Storage" ], "severity": "High", "subcategory": "Identity and Access Management", @@ -2725,9 +2725,9 @@ "link": "https://learn.microsoft.com/rest/api/storageservices/delegate-access-with-shared-access-signature", "service": "Storage", "services": [ - "Storage", "Entra", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "High", "subcategory": "Identity and Access Management", @@ -2742,8 +2742,8 @@ "link": "https://learn.microsoft.com/rest/api/storageservices/delegate-access-with-shared-access-signature", "service": "Storage", "services": [ - "Storage", - "Entra" + "Entra", + "Storage" ], "severity": "Medium", "subcategory": "Identity and Access Management", @@ -2758,8 +2758,8 @@ "link": "https://learn.microsoft.com/rest/api/storageservices/create-account-sas", "service": "Storage", "services": [ - "Storage", - "Entra" + "Entra", + "Storage" ], "severity": "Medium", "subcategory": "Identity and Access Management", @@ -2773,8 +2773,8 @@ "guid": "348b263e-6dd6-4051-8a36-498f6dbad38e", "service": "Storage", "services": [ - "Storage", - "Entra" + "Entra", + "Storage" ], "severity": "Low", "subcategory": "Identity and Access Management", @@ -2789,9 +2789,9 @@ "link": "https://learn.microsoft.com/azure/storage/blobs/secure-file-transfer-protocol-support#sftp-permission-model", "service": "Storage", "services": [ - "Storage", "RBAC", - "Entra" + "Entra", + "Storage" ], "severity": "High", "subcategory": "Identity and Access Management", @@ -2805,8 +2805,8 @@ "link": "https://learn.microsoft.com/azure/storage/blobs/secure-file-transfer-protocol-known-issues#authentication-and-authorization", "service": "Storage", "services": [ - "Storage", - "Entra" + "Entra", + "Storage" ], "severity": "Medium", "subcategory": "Identity and Access Management", @@ -2821,8 +2821,8 @@ "link": "https://learn.microsoft.com/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services", "service": "Storage", "services": [ - "Storage", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "High", "subcategory": "Networking", @@ -2881,8 +2881,8 @@ "link": "https://learn.microsoft.com/azure/storage/blobs/anonymous-read-access-configure?tabs=portal#allow-or-disallow-public-read-access-for-a-storage-account", "service": "Storage", "services": [ - "Storage", - "Entra" + "Entra", + "Storage" ], "severity": "High", "subcategory": "Identity and Access Management", @@ -2997,9 +2997,9 @@ "guid": "2ea55b56-ad48-4408-be72-734b476ba18f", "link": "https://learn.microsoft.com/azure/virtual-machines/premium-storage-performance#counters-to-measure-application-performance-requirements", "services": [ - "Storage", "VM", - "SQL" + "SQL", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -3013,8 +3013,8 @@ "guid": "dbf590ce-65de-48e0-9f9c-cbd468266abc", "link": "https://learn.microsoft.com/azure/azure-sql/virtual-machines/windows/performance-guidelines-best-practices-checklist?view=azuresql#storage", "services": [ - "Storage", - "SQL" + "SQL", + "Storage" ], "severity": "High", "subcategory": "Storage", @@ -3028,8 +3028,8 @@ "guid": "e6a84de5-df43-4d19-a248-1718d5d1e5f6", "link": "https://learn.microsoft.com/azure/azure-sql/virtual-machines/windows/performance-guidelines-best-practices-checklist?view=azuresql#storage", "services": [ - "Storage", - "SQL" + "SQL", + "Storage" ], "severity": "High", "subcategory": "Storage", @@ -3043,9 +3043,9 @@ "guid": "25659d35-58fd-4772-99c9-31112d027fe4", "link": "https://learn.microsoft.com/azure/azure-sql/virtual-machines/windows/performance-guidelines-best-practices-checklist?view=azuresql#storage", "services": [ - "Storage", "Cost", - "SQL" + "SQL", + "Storage" ], "severity": "High", "subcategory": "Storage", @@ -3059,9 +3059,9 @@ "guid": "12f70983-f630-4472-8ee6-9d6b5c2622f5", "link": "https://learn.microsoft.com/azure/azure-sql/virtual-machines/windows/performance-guidelines-best-practices-checklist?view=azuresql#storage", "services": [ - "Storage", "VM", - "SQL" + "SQL", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -3075,9 +3075,9 @@ "guid": "4b69bad3-4aad-45e8-a78e-1d76667313c4", "link": "https://learn.microsoft.com/azure/azure-sql/virtual-machines/windows/performance-guidelines-best-practices-checklist?view=azuresql#storage", "services": [ - "Storage", "VM", - "SQL" + "SQL", + "Storage" ], "severity": "High", "subcategory": "Storage", @@ -3091,9 +3091,9 @@ "guid": "05674b5e-985b-4859-a773-e7e261623b77", "link": "https://learn.microsoft.com/azure/azure-sql/virtual-machines/windows/performance-guidelines-best-practices-checklist?view=azuresql#storage", "services": [ - "Storage", "AzurePolicy", - "SQL" + "SQL", + "Storage" ], "severity": "High", "subcategory": "Storage", @@ -3107,9 +3107,9 @@ "guid": "5a917e1f-348e-4f35-9c27-d42e8bbac868", "link": "https://learn.microsoft.com/azure/azure-sql/virtual-machines/windows/performance-guidelines-best-practices-checklist?view=azuresql#storage", "services": [ - "Storage", "VM", - "SQL" + "SQL", + "Storage" ], "severity": "High", "subcategory": "Storage", @@ -3123,8 +3123,8 @@ "guid": "155abb91-63e9-4908-ae28-c84c33b6b780", "link": "https://learn.microsoft.com/azure/azure-sql/virtual-machines/windows/performance-guidelines-best-practices-checklist?view=azuresql#storage", "services": [ - "Storage", - "SQL" + "SQL", + "Storage" ], "severity": "High", "subcategory": "Storage", @@ -3169,8 +3169,8 @@ "link": "https://learn.microsoft.com/azure/azure-sql/virtual-machines/windows/availability-group-azure-portal-configure?view=azuresql&tabs=azure-cli", "services": [ "LoadBalancer", - "VNet", "VM", + "VNet", "SQL" ], "severity": "Medium", @@ -3214,9 +3214,9 @@ "guid": "667313c4-0567-44b5-b985-b859c773e7e2", "link": "https://learn.microsoft.com/azure/azure-sql/virtual-machines/windows/availability-group-vnn-azure-load-balancer-configure?view=azuresql-vm&tabs=ilb", "services": [ - "VNet", "LoadBalancer", "VM", + "VNet", "SQL" ], "severity": "High", @@ -3231,8 +3231,8 @@ "guid": "61623b77-5a91-47e1-b348-ef354c27d42e", "link": "https://learn.microsoft.com/sql/relational-databases/data-compression/data-compression?view=sql-server-ver16", "services": [ - "Storage", - "SQL" + "SQL", + "Storage" ], "severity": "Low", "subcategory": "SQL Server", @@ -3246,8 +3246,8 @@ "guid": "8bbac868-155a-4bb9-863e-9908ae28c84c", "link": "https://learn.microsoft.com/sql/relational-databases/databases/database-instant-file-initialization?view=sql-server-ver16", "services": [ - "Storage", - "SQL" + "SQL", + "Storage" ], "severity": "High", "subcategory": "SQL Server", @@ -3275,9 +3275,9 @@ "guid": "b824546c-e1ae-4e34-93ae-c8239248725d", "link": "https://learn.microsoft.com/azure/azure-sql/virtual-machines/windows/performance-guidelines-best-practices-checklist?view=azuresql-vm#sql-server-features", "services": [ - "Storage", "VM", - "SQL" + "SQL", + "Storage" ], "severity": "Low", "subcategory": "SQL Server", @@ -3381,10 +3381,10 @@ "guid": "e36c1c81-770a-4fbc-9c0d-43918648d285", "link": "https://learn.microsoft.com/azure/virtual-machines/constrained-vcpu", "services": [ - "Storage", "VM", "Cost", - "SQL" + "SQL", + "Storage" ], "severity": "Low", "subcategory": "Cost Optimization", @@ -3445,8 +3445,8 @@ "guid": "74a748b6-633a-4d2a-8916-a66498fad0e2", "link": "https://learn.microsoft.com/azure/defender-for-cloud/secure-score-security-controls", "services": [ - "Defender", "VM", + "Defender", "SQL" ], "severity": "High", @@ -3777,8 +3777,8 @@ "guid": "141acdce-5793-477b-adb3-751ab2ac1fad", "link": "https://learn.microsoft.com/azure/azure-sql/managed-instance/auto-failover-group-configure-sql-mi?view=azuresql&tabs=azure-portal#test-failover", "services": [ - "EventHubs", "LoadBalancer", + "EventHubs", "SQL" ], "severity": "High", @@ -3793,8 +3793,8 @@ "guid": "aa359272-8e6e-4205-8726-76ae46691e88", "link": "https://techcommunity.microsoft.com/t5/azure-sql-blog/storage-performance-best-practices-and-considerations-for-azure/ba-p/305525", "services": [ - "Storage", - "SQL" + "SQL", + "Storage" ], "severity": "High", "subcategory": "Post Migration", @@ -3809,10 +3809,10 @@ "guid": "35ad9422-23e1-4381-8523-081a94174158", "link": "https://learn.microsoft.com/azure/architecture/example-scenario/data/sql-managed-instance-cmk", "services": [ - "AKV", "Backup", "AzurePolicy", - "SQL" + "SQL", + "AKV" ], "severity": "Low", "subcategory": "Post Migration", @@ -3842,10 +3842,10 @@ "guid": "9d89f2e8-7778-4424-b516-785c6fa96b96", "link": "https://learn.microsoft.com/azure/azure-sql/database/long-term-retention-overview?view=azuresql-mi", "services": [ - "Storage", "ARS", "Backup", - "SQL" + "SQL", + "Storage" ], "severity": "Low", "subcategory": "Post Migration", @@ -3923,8 +3923,8 @@ "service": "SAP", "services": [ "SAP", - "Backup", - "ASR" + "ASR", + "Backup" ], "severity": "Medium", "subcategory": "Backup and restore", @@ -3938,8 +3938,8 @@ "service": "SAP", "services": [ "SAP", - "Backup", - "ASR" + "ASR", + "Backup" ], "severity": "Medium", "subcategory": "Disaster recovery", @@ -3953,11 +3953,11 @@ "link": "https://learn.microsoft.com/azure/reliability/cross-region-replication-azure", "service": "SAP", "services": [ - "SQL", + "Backup", "Storage", "SAP", - "Backup", - "ASR" + "ASR", + "SQL" ], "severity": "High", "subcategory": "Disaster recovery", @@ -3990,9 +3990,9 @@ "service": "SAP", "services": [ "SAP", - "VPN", + "ASR", "ExpressRoute", - "ASR" + "VPN" ], "severity": "High", "subcategory": "Disaster recovery", @@ -4008,9 +4008,9 @@ "service": "SAP", "services": [ "SAP", - "AKV", "ACR", - "ASR" + "ASR", + "AKV" ], "severity": "Low", "subcategory": "Disaster recovery", @@ -4025,8 +4025,8 @@ "service": "SAP", "services": [ "SAP", - "VNet", - "ASR" + "ASR", + "VNet" ], "severity": "Medium", "subcategory": "Disaster recovery", @@ -4040,9 +4040,9 @@ "link": "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-service-levels", "service": "SAP", "services": [ - "Storage", "SAP", - "ASR" + "ASR", + "Storage" ], "severity": "Low", "subcategory": "Disaster recovery", @@ -4075,8 +4075,8 @@ "service": "SAP", "services": [ "SAP", - "VNet", - "ASR" + "ASR", + "VNet" ], "severity": "High", "subcategory": "Disaster recovery", @@ -4092,8 +4092,8 @@ "services": [ "SAP", "VM", - "Entra", - "ASR" + "ASR", + "Entra" ], "severity": "High", "subcategory": "Disaster recovery", @@ -4140,10 +4140,10 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows", "service": "SAP", "services": [ - "Storage", "SAP", + "ASR", "VM", - "ASR" + "Storage" ], "severity": "High", "subcategory": "High availability", @@ -4158,9 +4158,9 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/dbms-guide-general", "service": "SAP", "services": [ - "Storage", "SAP", - "ASR" + "ASR", + "Storage" ], "severity": "High", "subcategory": "High availability", @@ -4244,8 +4244,8 @@ "services": [ "SAP", "VM", - "Entra", - "ASR" + "ASR", + "Entra" ], "severity": "High", "subcategory": "High availability", @@ -4259,11 +4259,11 @@ "link": "https://learn.microsoft.com/azure/virtual-machines/availability-set-overview", "service": "SAP", "services": [ - "RBAC", "SAP", + "RBAC", "VM", - "Entra", - "ASR" + "ASR", + "Entra" ], "severity": "High", "subcategory": "High availability", @@ -4295,8 +4295,8 @@ "service": "SAP", "services": [ "SAP", - "VM", - "ASR" + "ASR", + "VM" ], "severity": "High", "subcategory": "High availability", @@ -4312,8 +4312,8 @@ "service": "SAP", "services": [ "SAP", - "Entra", - "ASR" + "ASR", + "Entra" ], "severity": "High", "subcategory": "High availability", @@ -4344,8 +4344,8 @@ "service": "SAP", "services": [ "SAP", - "Entra", - "ASR" + "ASR", + "Entra" ], "severity": "High", "subcategory": "High availability", @@ -4362,8 +4362,8 @@ "services": [ "SAP", "VM", - "Entra", - "ASR" + "ASR", + "Entra" ], "severity": "Medium", "subcategory": "High availability", @@ -4379,10 +4379,10 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-business-continuity-and-disaster-recovery", "service": "SAP", "services": [ - "Storage", "SAP", + "ASR", "VM", - "ASR" + "Storage" ], "severity": "Medium", "subcategory": "High availability", @@ -4412,9 +4412,9 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/planning-guide-storage", "service": "SAP", "services": [ - "Storage", "SAP", - "ASR" + "ASR", + "Storage" ], "severity": "High", "subcategory": "Storage", @@ -4429,9 +4429,9 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/hana-vm-operations-storage", "service": "SAP", "services": [ - "Storage", "SAP", - "ASR" + "ASR", + "Storage" ], "severity": "High", "subcategory": "Storage", @@ -4446,9 +4446,9 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/disaster-recovery-overview-guide#storage", "service": "SAP", "services": [ - "Storage", "SAP", - "ASR" + "ASR", + "Storage" ], "severity": "High", "subcategory": "Storage", @@ -4463,9 +4463,9 @@ "link": "https://azure.microsoft.com/ja-jp/explore/global-infrastructure/products-by-region/", "service": "SAP", "services": [ - "Storage", "SAP", - "ASR" + "ASR", + "Storage" ], "severity": "High", "subcategory": "Storage", @@ -4494,10 +4494,10 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/hana-vm-premium-ssd-v1", "service": "SAP", "services": [ - "Storage", - "VM", "SAP", - "Cost" + "VM", + "Cost", + "Storage" ], "severity": "Low", "subcategory": " ", @@ -4511,10 +4511,10 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/hana-vm-premium-ssd-v1", "service": "SAP", "services": [ - "Storage", - "VM", "SAP", - "Cost" + "VM", + "Cost", + "Storage" ], "severity": "Low", "subcategory": " ", @@ -4530,9 +4530,9 @@ "service": "SAP", "services": [ "SAP", + "RBAC", "Entra", - "Subscriptions", - "RBAC" + "Subscriptions" ], "severity": "High", "subcategory": "Identity", @@ -4625,8 +4625,8 @@ "service": "SAP", "services": [ "SAP", - "AKV", - "Entra" + "Entra", + "AKV" ], "severity": "Medium", "subcategory": "Identity", @@ -4642,8 +4642,8 @@ "service": "SAP", "services": [ "SAP", - "AKV", - "Entra" + "Entra", + "AKV" ], "severity": "Medium", "subcategory": "Identity", @@ -4765,8 +4765,8 @@ "service": "SAP", "services": [ "SAP", - "Subscriptions", - "AzurePolicy" + "AzurePolicy", + "Subscriptions" ], "severity": "Medium", "subcategory": "Subscriptions", @@ -4883,8 +4883,8 @@ "services": [ "SAP", "Cost", - "Subscriptions", - "TrafficManager" + "TrafficManager", + "Subscriptions" ], "severity": "Medium", "subcategory": "Subscriptions", @@ -4900,8 +4900,8 @@ "service": "SAP", "services": [ "SAP", - "Backup", - "Monitor" + "Monitor", + "Backup" ], "severity": "High", "subcategory": "BCDR", @@ -4918,9 +4918,9 @@ "services": [ "Storage", "SAP", - "Monitor", "VM", - "Entra" + "Entra", + "Monitor" ], "severity": "Medium", "subcategory": "BCDR", @@ -4950,8 +4950,8 @@ "service": "SAP", "services": [ "SAP", - "Entra", - "Monitor" + "Monitor", + "Entra" ], "severity": "Medium", "subcategory": "Management", @@ -4967,8 +4967,8 @@ "service": "SAP", "services": [ "SAP", - "Cost", - "Monitor" + "Monitor", + "Cost" ], "severity": "Low", "subcategory": "Management", @@ -4983,8 +4983,8 @@ "service": "SAP", "services": [ "SAP", - "Entra", - "Monitor" + "Monitor", + "Entra" ], "severity": "Medium", "subcategory": "Management", @@ -4999,8 +4999,8 @@ "service": "SAP", "services": [ "SAP", - "VM", - "Monitor" + "Monitor", + "VM" ], "severity": "Medium", "subcategory": "Management", @@ -5050,8 +5050,8 @@ "services": [ "SAP", "VM", - "Entra", - "Monitor" + "Monitor", + "Entra" ], "severity": "High", "subcategory": "Monitoring", @@ -5067,8 +5067,8 @@ "service": "SAP", "services": [ "SAP", - "AzurePolicy", - "Monitor" + "Monitor", + "AzurePolicy" ], "severity": "Medium", "subcategory": "Monitoring", @@ -5084,8 +5084,8 @@ "service": "SAP", "services": [ "SAP", - "Monitor", - "NetworkWatcher" + "NetworkWatcher", + "Monitor" ], "severity": "Medium", "subcategory": "Monitoring", @@ -5101,8 +5101,8 @@ "service": "SAP", "services": [ "SAP", - "VM", - "Monitor" + "Monitor", + "VM" ], "severity": "Medium", "subcategory": "Monitoring", @@ -5117,8 +5117,8 @@ "service": "SAP", "services": [ "SAP", - "Subscriptions", - "Monitor" + "Monitor", + "Subscriptions" ], "severity": "High", "subcategory": "Monitoring", @@ -5133,10 +5133,10 @@ "link": "https://learn.microsoft.com/azure/advisor/advisor-how-to-improve-reliability", "service": "SAP", "services": [ - "Storage", "SAP", + "ASR", "Monitor", - "ASR" + "Storage" ], "severity": "Medium", "subcategory": "Monitoring", @@ -5152,8 +5152,8 @@ "service": "SAP", "services": [ "SAP", - "Sentinel", - "Monitor" + "Monitor", + "Sentinel" ], "severity": "Medium", "subcategory": "Monitoring", @@ -5170,8 +5170,8 @@ "service": "SAP", "services": [ "SAP", - "Cost", - "Monitor" + "Monitor", + "Cost" ], "severity": "Medium", "subcategory": "Monitoring", @@ -5187,8 +5187,8 @@ "service": "SAP", "services": [ "SAP", - "VM", - "Monitor" + "Monitor", + "VM" ], "severity": "Low", "subcategory": "Performance", @@ -5203,8 +5203,8 @@ "service": "SAP", "services": [ "SAP", - "Monitor", - "ASR" + "ASR", + "Monitor" ], "severity": "Medium", "subcategory": "Performance", @@ -5219,9 +5219,9 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-management-and-monitoring", "service": "SAP", "services": [ - "Storage", "SAP", - "Monitor" + "Monitor", + "Storage" ], "severity": "Medium", "subcategory": "Performance", @@ -5250,9 +5250,9 @@ "link": "https://learn.microsoft.com/azure/virtual-machines/workloads/oracle/configure-oracle-asm", "service": "SAP", "services": [ - "Storage", "SAP", - "Monitor" + "Monitor", + "Storage" ], "severity": "Medium", "subcategory": "Performance", @@ -5285,8 +5285,8 @@ "service": "SAP", "services": [ "SAP", - "Monitor", - "ASR" + "ASR", + "Monitor" ], "severity": "High", "subcategory": "Reliability", @@ -5303,8 +5303,8 @@ "services": [ "SAP", "WAF", - "AppGW", - "AzurePolicy" + "AzurePolicy", + "AppGW" ], "severity": "Medium", "subcategory": "App delivery", @@ -5320,8 +5320,8 @@ "service": "SAP", "services": [ "SAP", - "DNS", - "VM" + "VM", + "DNS" ], "severity": "Medium", "subcategory": "DNS", @@ -5337,8 +5337,8 @@ "service": "SAP", "services": [ "SAP", - "DNS", - "VNet" + "VNet", + "DNS" ], "severity": "Medium", "subcategory": "DNS", @@ -5389,8 +5389,8 @@ "link": "https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/?source=recommendations", "service": "SAP", "services": [ - "ACR", "SAP", + "ACR", "VWAN" ], "severity": "Medium", @@ -5407,8 +5407,8 @@ "service": "SAP", "services": [ "SAP", - "VNet", - "NVA" + "NVA", + "VNet" ], "severity": "Medium", "subcategory": "Hybrid", @@ -5423,10 +5423,10 @@ "link": "https://learn.microsoft.com/azure/architecture/networking/hub-spoke-vwan-architecture", "service": "SAP", "services": [ - "VNet", "SAP", - "VWAN", - "NVA" + "NVA", + "VNet", + "VWAN" ], "severity": "Medium", "subcategory": "Hybrid", @@ -5443,8 +5443,8 @@ "service": "SAP", "services": [ "SAP", - "VM", - "VNet" + "VNet", + "VM" ], "severity": "High", "subcategory": "IP plan", @@ -5461,8 +5461,8 @@ "service": "SAP", "services": [ "SAP", - "VNet", - "ASR" + "ASR", + "VNet" ], "severity": "High", "subcategory": "IP plan", @@ -5493,9 +5493,9 @@ "link": "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-delegate-subnet", "service": "SAP", "services": [ - "Storage", "SAP", - "VNet" + "VNet", + "Storage" ], "severity": "Medium", "subcategory": "IP plan", @@ -5544,10 +5544,10 @@ "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview", "service": "SAP", "services": [ - "SAP", "WAF", - "ACR", "FrontDoor", + "SAP", + "ACR", "AzurePolicy" ], "severity": "Medium", @@ -5563,10 +5563,10 @@ "link": "https://learn.microsoft.com/azure/web-application-firewall/afds/afds-overview", "service": "SAP", "services": [ - "SAP", "WAF", - "AppGW", "FrontDoor", + "SAP", + "AppGW", "AzurePolicy" ], "severity": "Medium", @@ -5600,8 +5600,8 @@ "link": "https://learn.microsoft.com/azure/frontdoor/front-door-overview", "service": "SAP", "services": [ - "ACR", "SAP", + "ACR", "VWAN" ], "severity": "Medium", @@ -5617,12 +5617,12 @@ "link": "https://learn.microsoft.com/azure/virtual-network/vnet-integration-for-azure-services", "service": "SAP", "services": [ + "PrivateLink", + "Backup", + "VNet", "Storage", "SAP", - "ACR", - "Backup", - "PrivateLink", - "VNet" + "ACR" ], "severity": "Medium", "subcategory": "Internet", @@ -5735,8 +5735,8 @@ "service": "SAP", "services": [ "SAP", - "Cost", - "VNet" + "VNet", + "Cost" ], "severity": "High", "subcategory": "Segmentation", @@ -5782,9 +5782,9 @@ "link": "https://learn.microsoft.com/azure/backup/sap-hana-database-about", "service": "SAP", "services": [ - "VM", "SAP", - "Backup" + "Backup", + "VM" ], "severity": "High", "subcategory": " ", @@ -5799,8 +5799,8 @@ "service": "SAP", "services": [ "SAP", - "Monitor", - "ASR" + "ASR", + "Monitor" ], "severity": "Medium", "subcategory": " ", @@ -5829,9 +5829,9 @@ "link": "https://learn.microsoft.com/azure/virtual-machines/workloads/oracle/oracle-database-backup-strategies", "service": "SAP", "services": [ - "VM", "SAP", - "Backup" + "Backup", + "VM" ], "severity": "Medium", "subcategory": " ", @@ -5845,9 +5845,9 @@ "link": "https://learn.microsoft.com/sql/relational-databases/tutorial-use-azure-blob-storage-service-with-sql-server-2016?view=sql-server-ver16", "service": "SAP", "services": [ - "Storage", "SAP", - "SQL" + "SQL", + "Storage" ], "severity": "Medium", "subcategory": " ", @@ -5861,9 +5861,9 @@ "link": "https://learn.microsoft.com/azure/azure-sql/virtual-machines/windows/automated-backup?view=azuresql", "service": "SAP", "services": [ - "VM", "SAP", - "Backup" + "Backup", + "VM" ], "severity": "Medium", "subcategory": " ", @@ -6056,11 +6056,11 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-security-governance-and-compliance", "service": "SAP", "services": [ + "Backup", "AKV", - "SQL", - "Storage", "SAP", - "Backup" + "Storage", + "SQL" ], "severity": "High", "subcategory": "Secrets", @@ -6075,9 +6075,9 @@ "link": "https://learn.microsoft.com/azure/storage/common/storage-service-encryption", "service": "SAP", "services": [ - "Storage", "SAP", - "AKV" + "AKV", + "Storage" ], "severity": "Medium", "subcategory": "Secrets", @@ -6110,9 +6110,9 @@ "service": "SAP", "services": [ "AKV", - "Subscriptions", - "RBAC", "SAP", + "RBAC", + "Subscriptions", "AzurePolicy" ], "severity": "Medium", @@ -6129,8 +6129,8 @@ "service": "SAP", "services": [ "SAP", - "AKV", - "AzurePolicy" + "AzurePolicy", + "AKV" ], "severity": "Medium", "subcategory": "Secrets", @@ -6146,9 +6146,9 @@ "service": "SAP", "services": [ "SAP", - "AKV", "RBAC", - "AzurePolicy" + "AzurePolicy", + "AKV" ], "severity": "High", "subcategory": "Secrets", @@ -6163,10 +6163,10 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-security-governance-and-compliance", "service": "SAP", "services": [ - "Storage", "SAP", + "AKV", "Defender", - "AKV" + "Storage" ], "severity": "High", "subcategory": "Secrets", @@ -6181,10 +6181,10 @@ "link": "https://learn.microsoft.com/azure/defender-for-cloud/just-in-time-access-overview?tabs=defender-for-container-arch-aks", "service": "SAP", "services": [ - "AKV", "SAP", + "RBAC", "Defender", - "RBAC" + "AKV" ], "severity": "High", "subcategory": "Secrets", @@ -6265,8 +6265,8 @@ "service": "SAP", "services": [ "SAP", - "Subscriptions", - "RBAC" + "RBAC", + "Subscriptions" ], "severity": "High", "subcategory": "Security", @@ -6298,9 +6298,9 @@ "link": "https://learn.microsoft.com/en-us/training/modules/secure-vms-with-azure-security-center/?source=recommendations", "service": "SAP", "services": [ - "Storage", "SAP", - "VM" + "VM", + "Storage" ], "severity": "Low", "subcategory": "Security", @@ -6364,8 +6364,8 @@ "service": "SAP", "services": [ "SAP", - "AKV", - "Monitor" + "Monitor", + "AKV" ], "severity": "Medium", "subcategory": "Security", @@ -6380,9 +6380,9 @@ "guid": "676f6951-0368-49e9-808d-c33a692c9a64", "link": "https://learn.microsoft.com/security/benchmark/azure/baselines/sql-database-security-baseline#br-2-encrypt-backup-data", "services": [ - "AKV", "Backup", - "SQL" + "SQL", + "AKV" ], "severity": "Medium", "subcategory": "Azure Key Vault", @@ -6396,9 +6396,9 @@ "guid": "e2518261-b3bc-4bd1-b331-637fb2df833f", "link": "https://learn.microsoft.com/security/benchmark/azure/baselines/sql-database-security-baseline#br-1-ensure-regular-automated-backups", "services": [ - "Storage", "Backup", - "SQL" + "SQL", + "Storage" ], "severity": "Medium", "subcategory": "Backup", @@ -6412,9 +6412,9 @@ "guid": "f8c7cda2-3ed7-43fb-a100-85dcd12a0ee4", "link": "https://learn.microsoft.com/azure/azure-sql/database/automated-backups-overview?tabs=single-database&view=azuresql#backup-storage-redundancy", "services": [ - "Storage", "Backup", - "SQL" + "SQL", + "Storage" ], "severity": "Low", "subcategory": "Backup", @@ -6486,8 +6486,8 @@ "guid": "dff87489-9edb-4cef-bdda-86e8212b2aa1", "link": "https://learn.microsoft.com/azure/azure-sql/database/azure-defender-for-sql?view=azuresql#enable-microsoft-defender-for-sql ", "services": [ - "Defender", "Subscriptions", + "Defender", "SQL" ], "severity": "High", @@ -6502,8 +6502,8 @@ "guid": "ca342fdf-d25a-4427-b105-fcd50ff8a0ea", "link": "https://learn.microsoft.com/azure/azure-sql/database/threat-detection-configure", "services": [ - "Defender", "Monitor", + "Defender", "SQL" ], "severity": "High", @@ -6518,8 +6518,8 @@ "guid": "a6101ae7-534c-45ab-86fd-b34c55ea21ca", "link": "https://learn.microsoft.com/azure/defender-for-cloud/sql-azure-vulnerability-assessment-overview", "services": [ - "Defender", "Monitor", + "Defender", "SQL" ], "severity": "High", @@ -6563,9 +6563,9 @@ "guid": "c03ce136-e3d5-4e17-bf25-ed955ee480d3", "link": "https://learn.microsoft.com/azure/azure-sql/database/security-best-practice?view=azuresql#control-access-of-application-users-to-sensitive-data-through-encryption", "services": [ - "Storage", "AKV", - "SQL" + "SQL", + "Storage" ], "severity": "Low", "subcategory": "Column Encryption", @@ -6579,9 +6579,9 @@ "guid": "c614ac47-bebf-4061-b0a1-43e0c6b5e00d", "link": "https://learn.microsoft.com/azure/azure-sql/database/transparent-data-encryption-byok-create-server", "services": [ - "Storage", "Backup", - "SQL" + "SQL", + "Storage" ], "severity": "High", "subcategory": "Transparent Data Encryption", @@ -6595,8 +6595,8 @@ "guid": "2edb4165-4f54-47cc-a891-5c82c2f21e25", "link": "https://learn.microsoft.com/azure/azure-sql/database/transparent-data-encryption-byok-overview", "services": [ - "AKV", - "SQL" + "SQL", + "AKV" ], "severity": "Medium", "subcategory": "Transparent Data Encryption", @@ -6672,9 +6672,9 @@ "services": [ "AKV", "RBAC", - "SQL", "ACR", - "Entra" + "Entra", + "SQL" ], "severity": "Low", "subcategory": "Managed Identities", @@ -6703,8 +6703,8 @@ "guid": "0e853380-50ba-4bce-b2fd-5c7391c85ecc", "link": "https://learn.microsoft.com/azure/architecture/guide/technology-choices/multiparty-computing-service#confidential-ledger-and-azure-blob-storage", "services": [ - "Storage", - "SQL" + "SQL", + "Storage" ], "severity": "Medium", "subcategory": "Database Digest", @@ -6718,9 +6718,9 @@ "guid": "afefb2d3-95da-4ac9-acf5-33d18b32ef9a", "link": "https://learn.microsoft.com/sql/relational-databases/security/ledger/ledger-digest-management", "services": [ - "Storage", "AzurePolicy", - "SQL" + "SQL", + "Storage" ], "severity": "Medium", "subcategory": "Database Digest", @@ -6734,8 +6734,8 @@ "guid": "f8d4ffda-8aac-4cc6-b72b-c81cb8625420", "link": "https://learn.microsoft.com/sql/relational-databases/security/ledger/ledger-database-verification", "services": [ - "Storage", - "SQL" + "SQL", + "Storage" ], "severity": "Medium", "subcategory": "Integrity", @@ -6777,9 +6777,9 @@ "guid": "4082e31d-35f4-4a49-8507-d3172cc930a6", "link": "https://learn.microsoft.com/azure/azure-sql/database/auditing-overview", "services": [ - "Storage", "AzurePolicy", - "SQL" + "SQL", + "Storage" ], "severity": "Medium", "subcategory": "Auditing", @@ -6793,12 +6793,12 @@ "guid": "9b64bc50-b60f-4035-bf7a-28c4806dfb46", "link": "https://learn.microsoft.com/azure/azure-sql/database/auditing-overview", "services": [ - "SQL", + "Backup", "Storage", "EventHubs", - "Backup", - "Monitor", - "Entra" + "Entra", + "SQL", + "Monitor" ], "severity": "Low", "subcategory": "Auditing", @@ -6812,10 +6812,10 @@ "guid": "fcd34708-87ac-4efc-aaf6-57a47f76644a", "link": "https://learn.microsoft.com/azure/azure-monitor/essentials/activity-log", "services": [ - "Subscriptions", - "SQL", "Storage", "EventHubs", + "Subscriptions", + "SQL", "Monitor" ], "severity": "Medium", @@ -6937,8 +6937,8 @@ "guid": "a566dd3d-314e-4a94-9378-102c42d82b38", "link": "https://learn.microsoft.com/azure/azure-sql/database/outbound-firewall-rule-overview", "services": [ - "Storage", - "SQL" + "SQL", + "Storage" ], "severity": "Medium", "subcategory": "Outbound Control", @@ -6952,11 +6952,11 @@ "guid": "246cd832-f550-4af0-9c74-ca9baeeb8860", "link": "https://learn.microsoft.com/azure/azure-sql/database/private-endpoint-overview?view=azuresql#disable-public-access-to-your-logical-server", "services": [ - "SQL", - "VNet", - "Monitor", "PrivateLink", - "Firewall" + "VNet", + "Firewall", + "SQL", + "Monitor" ], "severity": "Medium", "subcategory": "Private Access", @@ -7034,8 +7034,8 @@ "guid": "a73e32da-b3f4-4960-b5ec-2f42a557bf31", "link": "https://learn.microsoft.com/azure/azure-sql/database/network-access-controls-overview", "services": [ - "Storage", - "SQL" + "SQL", + "Storage" ], "severity": "Medium", "subcategory": "Public Access", @@ -7049,8 +7049,8 @@ "guid": "e0f31ac9-35c8-4bfd-9865-edb60ffc6768", "link": "https://learn.microsoft.com/azure/azure-sql/database/firewall-configure", "services": [ - "Storage", - "SQL" + "SQL", + "Storage" ], "severity": "Low", "subcategory": "Public Access", @@ -7172,8 +7172,8 @@ "link": "https://learn.microsoft.com/azure/reliability/migrate-app-service", "service": "App Services", "services": [ - "AppSvc", - "ACR" + "ACR", + "AppSvc" ], "severity": "High", "subcategory": "High Availability", @@ -7346,8 +7346,8 @@ "service": "App Services", "services": [ "AppSvc", - "AKV", - "Entra" + "Entra", + "AKV" ], "severity": "High", "subcategory": "Data Protection", @@ -7363,8 +7363,8 @@ "service": "App Services", "services": [ "AppSvc", - "AKV", - "Entra" + "Entra", + "AKV" ], "severity": "High", "subcategory": "Data Protection", @@ -7411,8 +7411,8 @@ "link": "https://learn.microsoft.com/azure/app-service/overview-authentication-authorization", "service": "App Services", "services": [ - "AppSvc", "ACR", + "AppSvc", "Entra" ], "severity": "Medium", @@ -7461,8 +7461,8 @@ "service": "App Services", "services": [ "AppSvc", - "AKV", - "Entra" + "Entra", + "AKV" ], "severity": "High", "subcategory": "Identity and Access Control", @@ -7477,8 +7477,8 @@ "link": "https://learn.microsoft.com/azure/app-service/configure-custom-container#use-managed-identity-to-pull-image-from-azure-container-registry", "service": "App Services", "services": [ - "AppSvc", "ACR", + "AppSvc", "Entra" ], "severity": "High", @@ -7495,8 +7495,8 @@ "service": "App Services", "services": [ "AppSvc", - "Entra", - "Monitor" + "Monitor", + "Entra" ], "severity": "Medium", "subcategory": "Logging and Monitoring", @@ -7512,8 +7512,8 @@ "service": "App Services", "services": [ "AppSvc", - "Entra", - "Monitor" + "Monitor", + "Entra" ], "severity": "Medium", "subcategory": "Logging and Monitoring", @@ -7530,9 +7530,9 @@ "services": [ "AppSvc", "VNet", - "Monitor", "Firewall", - "NVA" + "NVA", + "Monitor" ], "severity": "Medium", "subcategory": "Network Security", @@ -7547,11 +7547,11 @@ "link": "https://learn.microsoft.com/azure/app-service/networking/nat-gateway-integration", "service": "App Services", "services": [ - "AppSvc", - "Storage", - "VNet", "PrivateLink", + "AppSvc", + "VNet", "Firewall", + "Storage", "NVA" ], "severity": "Low", @@ -7567,8 +7567,8 @@ "link": "https://learn.microsoft.com/azure/app-service/networking-features#access-restrictions", "service": "App Services", "services": [ - "AppSvc", - "PrivateLink" + "PrivateLink", + "AppSvc" ], "severity": "High", "subcategory": "Network Security", @@ -7583,11 +7583,11 @@ "link": "https://learn.microsoft.com/azure/app-service/networking/app-gateway-with-service-endpoints", "service": "App Services", "services": [ - "AppSvc", "WAF", + "AppSvc", + "FrontDoor", "AppGW", - "Monitor", - "FrontDoor" + "Monitor" ], "severity": "High", "subcategory": "Network Security", @@ -7602,9 +7602,9 @@ "link": "https://learn.microsoft.com/azure/app-service/networking-features#access-restrictions", "service": "App Services", "services": [ - "AppSvc", "WAF", - "PrivateLink" + "PrivateLink", + "AppSvc" ], "severity": "High", "subcategory": "Network Security", @@ -7637,8 +7637,8 @@ "link": "https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-https", "service": "App Services", "services": [ - "AppSvc", - "WAF" + "WAF", + "AppSvc" ], "severity": "High", "subcategory": "Network Security", @@ -7653,8 +7653,8 @@ "link": "https://learn.microsoft.com/azure/app-service/app-service-web-tutorial-rest-api", "service": "App Services", "services": [ - "Storage", - "AppSvc" + "AppSvc", + "Storage" ], "severity": "High", "subcategory": "Network Security", @@ -7701,13 +7701,13 @@ "link": "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview", "service": "App Services", "services": [ - "AppSvc", - "DDoS", - "EventHubs", "WAF", + "AppSvc", "VNet", - "AppGW", - "NVA" + "DDoS", + "NVA", + "EventHubs", + "AppGW" ], "severity": "Medium", "subcategory": "Network Security", @@ -7722,9 +7722,9 @@ "link": "https://learn.microsoft.com/azure/app-service/configure-custom-container#use-an-image-from-a-network-protected-registry", "service": "App Services", "services": [ - "AppSvc", - "PrivateLink", "ACR", + "PrivateLink", + "AppSvc", "VNet" ], "severity": "Medium", @@ -7816,9 +7816,9 @@ "link": "https://learn.microsoft.com/azure/governance/policy/overview", "service": "App Services", "services": [ - "Backup", - "AppSvc", "ACR", + "AppSvc", + "Backup", "AzurePolicy" ], "severity": "High", @@ -7835,8 +7835,8 @@ "service": "App Services", "services": [ "AppSvc", - "Cost", - "Monitor" + "Monitor", + "Cost" ], "severity": "Low", "subcategory": "Cost Monitoring", @@ -7851,10 +7851,10 @@ "link": "https://learn.microsoft.com/azure/cost-management-billing/reservations/", "service": "App Services", "services": [ - "Storage", - "AppSvc", "ARS", - "Cost" + "AppSvc", + "Cost", + "Storage" ], "severity": "Medium", "subcategory": "Cost Optimization", @@ -7867,8 +7867,8 @@ "guid": "d7e47431-76c8-4bdb-b55b-ce619e8a03f9", "link": "https://learn.microsoft.com/azure/openshift/howto-create-service-principal?pivots=aro-azurecli", "services": [ - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "High", "subcategory": "Identity", @@ -7907,8 +7907,8 @@ "guid": "483835c9-86bb-4291-8155-a11475e39f54", "link": "https://docs.openshift.com/container-platform/4.13/applications/projects/working-with-projects.html", "services": [ - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "High", "subcategory": "Identity", @@ -7921,8 +7921,8 @@ "guid": "0acccd97-9376-4bcd-a375-0ab2ab039da6", "link": "https://docs.openshift.com/container-platform/4.13/authentication/using-rbac.html", "services": [ - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "subcategory": "Identity", @@ -7935,8 +7935,8 @@ "guid": "d54d7c89-29db-4107-b532-5ae625ca44e4", "link": "https://learn.microsoft.com/azure/cost-management-billing/manage/direct-ea-administration#manage-notification-contacts", "services": [ - "AKV", - "Entra" + "Entra", + "AKV" ], "severity": "Medium", "subcategory": "Identity", @@ -7949,8 +7949,8 @@ "guid": "685e2223-ace8-4bb1-8307-ca5f16f154e3", "link": "https://learn.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure", "services": [ - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "subcategory": "Identity", @@ -7963,12 +7963,12 @@ "guid": "aa369282-9e7e-4216-8836-87af467a1f89", "link": "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview", "services": [ - "Subscriptions", - "DDoS", "WAF", "VNet", "Firewall", - "Entra" + "DDoS", + "Entra", + "Subscriptions" ], "severity": "Low", "subcategory": "DDoS", @@ -8006,8 +8006,8 @@ "guid": "9e8a03f9-7879-4424-b626-786d60b96c97", "link": "https://learn.microsoft.com/azure/openshift/howto-secure-openshift-with-front-door", "services": [ - "FrontDoor", - "PrivateLink" + "PrivateLink", + "FrontDoor" ], "severity": "Medium", "subcategory": "Internet", @@ -8048,8 +8048,8 @@ "guid": "ab039da6-d54d-47c8-a29d-b107d5325ae6", "link": "https://learn.microsoft.com/azure/container-registry/container-registry-private-link", "services": [ - "ACR", - "PrivateLink" + "PrivateLink", + "ACR" ], "severity": "Medium", "subcategory": "Private access", @@ -8363,8 +8363,8 @@ "guid": "a2c02149-9014-4a5d-9ce5-74dccbd9792a", "link": "https://access.redhat.com/documentation/red_hat_openshift_container_storage/4.4/html/deploying_and_managing_openshift_container_storage_on_microsoft_azure/deploying-openshift-container-storage-on-microsoft-azure_rhocs", "services": [ - "Storage", - "ACR" + "ACR", + "Storage" ], "severity": "Medium", "subcategory": "Data Store", @@ -8421,8 +8421,8 @@ "guid": "08fe8273-4c48-46ba-880d-c0591cf75ee8", "link": "https://learn.microsoft.com/azure/azure-arc/kubernetes/quickstart-connect-cluster", "services": [ - "Arc", - "AKS" + "AKS", + "Arc" ], "severity": "High", "subcategory": "Control plane", @@ -8446,9 +8446,9 @@ "guid": "d55d14c3-c492-49cb-8b3d-1325ae124ba3", "link": "https://learn.microsoft.com/azure/defender-for-cloud/defender-for-containers-introduction", "services": [ + "AKS", "Defender", - "Arc", - "AKS" + "Arc" ], "severity": "Medium", "subcategory": "Posture", @@ -8461,9 +8461,9 @@ "guid": "4d0685ed-dce9-4be3-ab0d-db3b55fb2ec1", "link": "https://learn.microsoft.com/azure/azure-arc/kubernetes/tutorial-akv-secrets-provider", "services": [ - "AKV", + "AKS", "Arc", - "AKS" + "AKV" ], "severity": "Medium", "subcategory": "Secrets", @@ -8541,8 +8541,8 @@ "guid": "f7c015e0-7d97-4283-b006-567afeb2b5ca", "link": "https://learn.microsoft.com/azure-stack/hci/concepts/drive-symmetry-considerations#understand-capacity-imbalance", "services": [ - "Storage", - "ACR" + "ACR", + "Storage" ], "severity": "Medium", "subcategory": "Physical", @@ -8555,8 +8555,8 @@ "guid": "f785b143-2c1e-4466-9baa-dde8ba4c7aaa", "link": "https://learn.microsoft.com/azure-stack/hci/concepts/fault-tolerance#parity", "services": [ - "Storage", - "Backup" + "Backup", + "Storage" ], "severity": "Medium", "subcategory": "S2D", @@ -8720,8 +8720,8 @@ "guid": "8f6d58d9-6c1a-4ec1-b2d7-b2c6ba8f3949", "link": "https://learn.microsoft.com/azure-stack/hci/concepts/host-network-requirements", "services": [ - "Storage", - "VNet" + "VNet", + "Storage" ], "severity": "Medium", "subcategory": "Host", @@ -8921,9 +8921,9 @@ "guid": "074541e3-fe08-458a-8062-32d13dcc10c6", "link": "https://learn.microsoft.com/azure/backup/back-up-azure-stack-hyperconverged-infrastructure-virtual-machines", "services": [ - "VM", + "ASR", "Backup", - "ASR" + "VM" ], "severity": "High", "subcategory": "VM", @@ -9038,8 +9038,8 @@ "checklist": "Azure Stack HCI Review", "guid": "3277558e-3155-4088-b49a-78594cb4ce1a", "services": [ - "Storage", - "VNet" + "VNet", + "Storage" ], "severity": "High", "subcategory": "Stretch Clustering", @@ -9111,8 +9111,8 @@ "guid": "8ea49f70-1038-4283-b0c4-230165d3eabc", "link": "https://learn.microsoft.com/azure-stack/hci/manage/azure-site-recovery", "services": [ - "Backup", - "ASR" + "ASR", + "Backup" ], "severity": "Medium", "subcategory": "Disaster Recovery", @@ -9372,9 +9372,9 @@ "link": "https://learn.microsoft.com/azure/search/search-reliability#back-up-and-restore-alternatives", "service": "Cognitive Search", "services": [ - "Storage", + "ASR", "Backup", - "ASR" + "Storage" ], "severity": "High", "subcategory": "Disaster Recovery", @@ -9424,8 +9424,8 @@ "link": "https://learn.microsoft.com/azure/architecture/guide/multitenant/considerations/tenancy-models", "service": "Monitor", "services": [ - "Cost", - "Monitor" + "Monitor", + "Cost" ], "severity": "Medium", "subcategory": "Azure Monitor - enforce data collection rules", @@ -9481,9 +9481,9 @@ "guid": "3b0d834a-3487-426d-b69c-6b5c2a26494b", "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-microsoft-customer-agreement#design-recommendations", "services": [ - "Storage", + "Backup", "Cost", - "Backup" + "Storage" ], "severity": "Medium", "subcategory": "Delete/archive", @@ -9497,10 +9497,10 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-microsoft-customer-agreement#design-recommendations", "service": "Backup", "services": [ - "Storage", "ASR", + "Backup", "Cost", - "Backup" + "Storage" ], "severity": "Medium", "subcategory": "Delete/archive", @@ -9514,8 +9514,8 @@ "link": "https://learn.microsoft.com/azure/cost-management-billing/manage/direct-ea-administration#manage-notification-contacts", "service": "Monitor", "services": [ - "Cost", - "Monitor" + "Monitor", + "Cost" ], "severity": "Medium", "subcategory": "Log Analytics retention for workspaces", @@ -9530,9 +9530,9 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-enterprise-agreement#design-considerations", "service": "Monitor", "services": [ - "Storage", "Cost", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "Medium", "subcategory": "Policy", @@ -9575,10 +9575,10 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-enterprise-agreement#design-considerations", "service": "VM", "services": [ - "Storage", "VM", + "Backup", "Cost", - "Backup" + "Storage" ], "severity": "Medium", "subcategory": "stopped/deallocated VMs: check disks", @@ -9593,9 +9593,9 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-enterprise-agreement#design-considerations", "service": "Storage", "services": [ - "Storage", "Cost", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "Medium", "subcategory": "storage accounts lifecycle policy", @@ -9648,9 +9648,9 @@ "guid": "a27b765a-91be-41f3-a8ef-394c2bd463cb", "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-microsoft-customer-agreement#design-recommendations", "services": [ - "Storage", "VM", - "Cost" + "Cost", + "Storage" ], "severity": "Medium", "subcategory": "DB optimization", @@ -9676,8 +9676,8 @@ "guid": "b6b780cb-9fe5-4c46-989d-457a927c3874", "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging", "services": [ - "Cost", - "Entra" + "Entra", + "Cost" ], "severity": "Medium", "subcategory": "Advisor", @@ -9718,8 +9718,8 @@ "guid": "b835556d-f2bf-4e45-93b0-d834a348726d", "link": "https://learn.microsoft.com/azure/governance/policy/overview", "services": [ - "Cost", - "Monitor" + "Monitor", + "Cost" ], "severity": "Medium", "subcategory": "Automation", @@ -9758,8 +9758,8 @@ "guid": "733be2a1-a27b-4765-a91b-e1f388ef394c", "link": "https://learn.microsoft.com/azure/governance/policy/overview#azure-rbac-permissions-in-azure-policy", "services": [ - "Storage", - "Cost" + "Cost", + "Storage" ], "severity": "Medium", "subcategory": "Baseline", @@ -9969,8 +9969,8 @@ "service": "VM", "services": [ "ARS", - "Cost", - "VM" + "VM", + "Cost" ], "severity": "Medium", "subcategory": "Reservations/savings plans", @@ -10010,8 +10010,8 @@ "link": "https://learn.microsoft.com/azure/active-directory-domain-services/overview", "service": "VM", "services": [ - "Storage", - "Cost" + "Cost", + "Storage" ], "severity": "Medium", "subcategory": "Reserve storage", @@ -10213,8 +10213,8 @@ "service": "Databricks", "services": [ "LoadBalancer", - "Cost", - "VM" + "VM", + "Cost" ], "severity": "Medium", "subcategory": "Databricks", @@ -10258,8 +10258,8 @@ "link": "https://learn.microsoft.com/azure/network-watcher/network-watcher-monitoring-overview", "service": "Functions", "services": [ - "Storage", - "Cost" + "Cost", + "Storage" ], "severity": "Medium", "subcategory": "Functions", @@ -10344,8 +10344,8 @@ "link": "https://learn.microsoft.com/azure/azure-monitor/logs/design-logs-deployment", "service": "Front Door", "services": [ - "FrontDoor", "EventHubs", + "FrontDoor", "Cost" ], "severity": "Medium", @@ -10402,8 +10402,8 @@ "link": "https://learn.microsoft.com/azure/architecture/best-practices/monitoring", "service": "Storage", "services": [ - "Storage", - "Cost" + "Cost", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -10417,8 +10417,8 @@ "link": "https://learn.microsoft.com/azure/automation/how-to/region-mappings", "service": "VM", "services": [ - "Storage", - "Cost" + "Cost", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -10432,8 +10432,8 @@ "link": "https://learn.microsoft.com/azure/governance/policy/concepts/guest-configuration", "service": "Storage", "services": [ - "Storage", - "Cost" + "Cost", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -10447,8 +10447,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/management-operational-compliance#monitoring-for-configuration-drift", "service": "Storage", "services": [ - "Storage", - "Cost" + "Cost", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -10462,9 +10462,9 @@ "link": "https://learn.microsoft.com/azure/site-recovery/site-recovery-overview", "service": "Site Recovery", "services": [ - "Storage", + "ASR", "Cost", - "ASR" + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -10478,8 +10478,8 @@ "link": "https://learn.microsoft.com/azure/architecture/framework/resiliency/backup-and-recovery", "service": "Storage", "services": [ - "Storage", - "Cost" + "Cost", + "Storage" ], "severity": "Medium", "subcategory": "storage", @@ -10493,8 +10493,8 @@ "link": "https://learn.microsoft.com/azure/backup/backup-center-overview", "service": "VM", "services": [ - "Storage", - "Cost" + "Cost", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -10509,8 +10509,8 @@ "service": "Synapse", "services": [ "EventHubs", - "Cost", - "Monitor" + "Monitor", + "Cost" ], "severity": "Medium", "subcategory": "Synapse", @@ -10524,8 +10524,8 @@ "link": "https://learn.microsoft.com/azure/virtual-machines/availability", "service": "Synapse", "services": [ - "Storage", - "Cost" + "Cost", + "Storage" ], "severity": "Medium", "subcategory": "Synapse", @@ -10645,8 +10645,8 @@ "service": "VM", "services": [ "VM", - "Cost", - "Monitor" + "Monitor", + "Cost" ], "severity": "Medium", "subcategory": "VM", @@ -10678,8 +10678,8 @@ "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#use-latest-version-for-customer-managed-certificates", "service": "Front Door", "services": [ - "AKV", - "FrontDoor" + "FrontDoor", + "AKV" ], "severity": "Medium", "subcategory": "Front Door", @@ -10713,8 +10713,8 @@ "services": [ "WAF", "FrontDoor", - "AppGW", - "AzurePolicy" + "AzurePolicy", + "AppGW" ], "severity": "Medium", "subcategory": "Front Door", @@ -10747,8 +10747,8 @@ "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#avoid-combining-traffic-manager-and-front-door", "service": "Front Door", "services": [ - "EventHubs", "FrontDoor", + "EventHubs", "TrafficManager" ], "severity": "High", @@ -10824,8 +10824,8 @@ "service": "Front Door", "services": [ "FrontDoor", - "AKV", - "Cost" + "Cost", + "AKV" ], "severity": "High", "subcategory": "Front Door", @@ -11168,8 +11168,8 @@ "link": "https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-reports", "service": "Front Door", "services": [ - "Storage", - "FrontDoor" + "FrontDoor", + "Storage" ], "severity": "Medium", "subcategory": "Front Door", @@ -11183,8 +11183,8 @@ "link": "https://learn.microsoft.com/azure/frontdoor/front-door-wildcard-domain", "service": "Front Door", "services": [ - "AKV", - "FrontDoor" + "FrontDoor", + "AKV" ], "severity": "Medium", "subcategory": "Front Door", @@ -11212,8 +11212,8 @@ "link": "https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-compression", "service": "Front Door", "services": [ - "Storage", - "FrontDoor" + "FrontDoor", + "Storage" ], "severity": "Medium", "subcategory": "Front Door", @@ -11242,9 +11242,9 @@ "link": "https://learn.microsoft.com/azure/architecture/guide/networking/global-web-applications/mission-critical-content-delivery", "service": "Front Door", "services": [ - "Storage", "FrontDoor", - "TrafficManager" + "TrafficManager", + "Storage" ], "severity": "Medium", "subcategory": "Front Door", @@ -11354,9 +11354,9 @@ "guid": "170265f4-bb46-4a39-9af7-f317284797b1", "link": "https://learn.microsoft.com/azure/aks/operator-best-practices-multi-region", "services": [ - "TrafficManager", - "FrontDoor", "LoadBalancer", + "FrontDoor", + "TrafficManager", "AKS" ], "severity": "Medium", @@ -11429,9 +11429,9 @@ "guid": "daa9a260-c3ea-4490-b077-5fc1f2a80cb0", "link": "https://learn.microsoft.com/azure/aks/availability-zones#azure-disk-availability-zone-support", "services": [ - "Storage", "ASR", - "AKS" + "AKS", + "Storage" ], "severity": "High", "subcategory": "Disaster Recovery", @@ -11633,8 +11633,8 @@ "link": "https://github.com/Azure/secrets-store-csi-driver-provider-azure", "service": "AKS", "services": [ - "AKV", - "AKS" + "AKS", + "AKV" ], "severity": "Medium", "subcategory": "Secrets", @@ -11648,8 +11648,8 @@ "link": "https://learn.microsoft.com/azure/aks/update-credentials", "service": "AKS", "services": [ - "AKV", - "AKS" + "AKS", + "AKV" ], "severity": "High", "subcategory": "Secrets", @@ -11663,8 +11663,8 @@ "link": "https://learn.microsoft.com/azure/aks/use-kms-etcd-encryption", "service": "AKS", "services": [ - "AKV", - "AKS" + "AKS", + "AKV" ], "severity": "Medium", "subcategory": "Secrets", @@ -11678,8 +11678,8 @@ "link": "https://learn.microsoft.com/azure/confidential-computing/confidential-nodes-aks-overview", "service": "AKS", "services": [ - "AKV", - "AKS" + "AKS", + "AKV" ], "severity": "Low", "subcategory": "Secrets", @@ -11693,9 +11693,9 @@ "link": "https://learn.microsoft.com/azure/defender-for-cloud/defender-for-containers-enable", "service": "AKS", "services": [ - "AKV", "Defender", - "AKS" + "AKS", + "AKV" ], "severity": "Medium", "subcategory": "Secrets", @@ -11756,8 +11756,8 @@ "link": "https://learn.microsoft.com/azure/aks/manage-azure-rbac", "service": "AKS", "services": [ - "Entra", "RBAC", + "Entra", "AKS" ], "severity": "Medium", @@ -11772,8 +11772,8 @@ "link": "https://learn.microsoft.com/azure/aks/operator-best-practices-identity", "service": "AKS", "services": [ - "Entra", "RBAC", + "Entra", "AKS" ], "severity": "High", @@ -11895,8 +11895,8 @@ "service": "AKS", "services": [ "ACR", - "AppGW", - "AKS" + "AKS", + "AppGW" ], "severity": "Medium", "subcategory": "Best practices", @@ -11970,8 +11970,8 @@ "link": "https://learn.microsoft.com/azure/private-link/private-link-overview", "service": "AKS", "services": [ - "PrivateLink", "Cost", + "PrivateLink", "VNet", "AKS" ], @@ -12624,8 +12624,8 @@ "ServiceBus", "Storage", "EventHubs", - "Monitor", - "AKS" + "AKS", + "Monitor" ], "severity": "Medium", "subcategory": "Monitoring", @@ -12639,8 +12639,8 @@ "link": "https://learn.microsoft.com/azure/aks/load-balancer-standard", "service": "AKS", "services": [ - "NVA", "LoadBalancer", + "NVA", "Monitor", "AKS" ], @@ -12699,8 +12699,8 @@ "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits", "service": "AKS", "services": [ - "Subscriptions", - "AKS" + "AKS", + "Subscriptions" ], "severity": "High", "subcategory": "Resources", @@ -12844,8 +12844,8 @@ "link": "https://learn.microsoft.com/azure/aks/cluster-configuration", "service": "AKS", "services": [ - "Storage", - "AKS" + "AKS", + "Storage" ], "severity": "High", "subcategory": "Storage", @@ -12859,8 +12859,8 @@ "link": "https://learn.microsoft.com/azure/virtual-machines/disks-types", "service": "AKS", "services": [ - "Storage", - "AKS" + "AKS", + "Storage" ], "severity": "High", "subcategory": "Storage", @@ -12874,8 +12874,8 @@ "link": "https://learn.microsoft.com/azure/aks/use-ultra-disks", "service": "AKS", "services": [ - "Storage", - "AKS" + "AKS", + "Storage" ], "severity": "Low", "subcategory": "Storage", @@ -12889,9 +12889,9 @@ "link": "https://learn.microsoft.com/azure/aks/operator-best-practices-multi-region", "service": "AKS", "services": [ - "Storage", + "AKS", "SQL", - "AKS" + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -12905,8 +12905,8 @@ "link": "https://learn.microsoft.com/azure/aks/operator-best-practices-storage", "service": "AKS", "services": [ - "Storage", - "AKS" + "AKS", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -12920,8 +12920,8 @@ "link": "https://learn.microsoft.com/azure/aks/availability-zones#azure-disk-availability-zone-support", "service": "AKS", "services": [ - "Storage", - "AKS" + "AKS", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -13701,9 +13701,9 @@ "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring#set-up-alerts", "service": "OpenAI", "services": [ - "AKV", + "Monitor", "Subscriptions", - "Monitor" + "AKV" ], "severity": "High", "subcategory": "Alerts", @@ -13845,8 +13845,8 @@ "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching", "service": "OpenAI", "services": [ - "Storage", - "ServiceBus" + "ServiceBus", + "Storage" ], "severity": "Medium", "subcategory": "Elasticity segregation", @@ -13975,8 +13975,8 @@ "link": "https://learn.microsoft.com/azure/backup/backup-overview", "service": "OpenAI", "services": [ - "Backup", - "ASR" + "ASR", + "Backup" ], "severity": "Medium", "subcategory": "Data Backup and Disaster Recovery", @@ -14067,9 +14067,9 @@ "link": "https://learn.microsoft.com/azure/defender-for-cloud/ai-onboarding", "service": "OpenAI", "services": [ - "Defender", + "Monitor", "Sentinel", - "Monitor" + "Defender" ], "severity": "High", "subcategory": "Threat Detection and Monitoring", @@ -14248,8 +14248,8 @@ "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity", "service": "OpenAI", "services": [ - "AKV", - "Entra" + "Entra", + "AKV" ], "severity": "High", "subcategory": "Secure APIs and Endpoints", @@ -14351,8 +14351,8 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", "service": "OpenAI", "services": [ - "AKV", - "Entra" + "Entra", + "AKV" ], "severity": "High", "subcategory": "Secure Key Management", @@ -14460,8 +14460,8 @@ "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs", "service": "OpenAI", "services": [ - "Cost", - "Monitor" + "Monitor", + "Cost" ], "severity": "Medium", "subcategory": "Cost monitoring", @@ -14517,8 +14517,8 @@ "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/provisioned-throughput-onboarding#understanding-the-provisioned-throughput-purchase-model", "service": "OpenAI", "services": [ - "Storage", - "Cost" + "Cost", + "Storage" ], "severity": "High", "subcategory": "Costing Model", @@ -14631,9 +14631,9 @@ "link": "https://github.com/Azure/aoai-apim/blob/main/README.md", "service": "OpenAI", "services": [ - "APIM", - "ACR", "LoadBalancer", + "ACR", + "APIM", "Entra" ], "severity": "Medium", @@ -14838,8 +14838,8 @@ "link": "https://learn.microsoft.com/azure/data-explorer/kusto/management/data-export/continuous-data-export", "service": "Azure Data Explorer", "services": [ - "Storage", - "Cost" + "Cost", + "Storage" ], "subcategory": "Replication", "text": "Leverage External Tables and Continuous data export overview to reduce costs", @@ -14880,8 +14880,8 @@ "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-create-solution#replicate-management-activities", "service": "Azure Data Explorer", "services": [ - "Storage", - "RBAC" + "RBAC", + "Storage" ], "subcategory": "Replication", "text": "Replicate all management activities such as creating new tables or managing user roles on each cluster.", @@ -14946,10 +14946,10 @@ "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-overview#on-demand-data-recovery-configuration", "service": "Azure Data Explorer", "services": [ - "Storage", + "ASR", "Cost", "AzurePolicy", - "ASR" + "Storage" ], "subcategory": "DR Configuration", "text": "For applications, where cost is a concern and can withstand some downtime during failure, create on-demand data recovery cluster configuration", @@ -15000,8 +15000,8 @@ "guid": "a96b96ad-8840-48f3-9273-4c876ba28021", "link": "https://learn.microsoft.com/azure/dns/private-dns-resiliency", "services": [ - "DNS", - "VNet" + "VNet", + "DNS" ], "severity": "High", "subcategory": "Azure Private DNS", @@ -15027,9 +15027,9 @@ "guid": "74faa19b-f39d-495d-94c7-c8919ca1f6d5", "link": "https://learn.microsoft.com/azure/reliability/reliability-traffic-manager?toc=%2Fazure%2Fdns%2Ftoc.json", "services": [ + "ASR", "TrafficManager", - "DNS", - "ASR" + "DNS" ], "severity": "Medium", "subcategory": "Azure DNS", @@ -15055,8 +15055,8 @@ "guid": "f7b95e06-e154-4e2a-a359-2828e6e20517", "link": "https://learn.microsoft.com/azure/dns/tutorial-dns-private-resolver-failover", "services": [ - "DNS", - "ASR" + "ASR", + "DNS" ], "severity": "Medium", "subcategory": "Azure DNS Resolver", @@ -15069,8 +15069,8 @@ "guid": "2676ae46-691e-4883-9ad9-42223e138105", "link": "https://learn.microsoft.com/azure/reliability/reliability-virtual-machines?toc=%2Fazure%2Fvirtual-machines%2Ftoc.json&bc=%2Fazure%2Fvirtual-machines%2Fbreadcrumb%2Ftoc.json&tabs=graph", "services": [ - "DNS", - "VM" + "VM", + "DNS" ], "severity": "Medium", "subcategory": "VM Based DNS Service", @@ -15083,9 +15083,9 @@ "guid": "23081a94-1741-4583-9ff7-ad7c6d373316", "link": "https://www.windows-active-directory.com/azure-ad-dns-for-custom-domain-names-with-advanced-dns-settings.html", "services": [ - "DNS", "VM", - "Entra" + "Entra", + "DNS" ], "severity": "Medium", "subcategory": "VM Based DNS Service", @@ -15236,8 +15236,8 @@ "service": "AVS", "services": [ "AVS", - "Subscriptions", - "Entra" + "Entra", + "Subscriptions" ], "severity": "High", "subcategory": "Identity", @@ -15321,8 +15321,8 @@ "service": "AVS", "services": [ "AVS", - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "subcategory": "Identity", @@ -15336,8 +15336,8 @@ "service": "AVS", "services": [ "AVS", - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "subcategory": "Identity", @@ -15351,8 +15351,8 @@ "service": "AVS", "services": [ "AVS", - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "High", "subcategory": "Identity", @@ -15366,8 +15366,8 @@ "service": "AVS", "services": [ "AVS", - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "High", "subcategory": "Identity", @@ -15394,11 +15394,11 @@ "guid": "eb710a37-cbc1-4055-8dd5-a936a8bb7cf5", "service": "AVS", "services": [ - "Monitor", + "ExpressRoute", "NetworkWatcher", - "VPN", "AVS", - "ExpressRoute" + "Monitor", + "VPN" ], "severity": "High", "subcategory": "Monitoring", @@ -15411,11 +15411,11 @@ "guid": "976e24f2-a7f8-426c-9253-2a92a2a7ed99", "service": "AVS", "services": [ - "Monitor", - "NetworkWatcher", "VM", + "ExpressRoute", + "NetworkWatcher", "AVS", - "ExpressRoute" + "Monitor" ], "severity": "Medium", "subcategory": "Monitoring", @@ -15429,9 +15429,9 @@ "service": "AVS", "services": [ "AVS", - "VM", + "NetworkWatcher", "Monitor", - "NetworkWatcher" + "VM" ], "severity": "Medium", "subcategory": "Monitoring", @@ -15444,8 +15444,8 @@ "guid": "563b4dc7-4a74-48b6-933a-d1a0916a6649", "service": "AVS", "services": [ - "ARS", - "AVS" + "AVS", + "ARS" ], "severity": "High", "subcategory": "Routing", @@ -15459,8 +15459,8 @@ "service": "AVS", "services": [ "AVS", - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "High", "subcategory": "Security (identity)", @@ -15474,8 +15474,8 @@ "service": "AVS", "services": [ "AVS", - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "High", "subcategory": "Security (identity)", @@ -15517,8 +15517,8 @@ "service": "AVS", "services": [ "AVS", - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "subcategory": "Security (identity)", @@ -15616,11 +15616,11 @@ "guid": "334fdf91-c234-4182-a652-75269440b4be", "service": "AVS", "services": [ - "DDoS", "VNet", - "VPN", + "DDoS", + "ExpressRoute", "AVS", - "ExpressRoute" + "VPN" ], "severity": "Medium", "subcategory": "Security (network)", @@ -15728,9 +15728,9 @@ "guid": "d88408f3-7273-44c8-96ba-280214590146", "service": "AVS", "services": [ - "Storage", "AVS", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "High", "subcategory": "Governance (platform)", @@ -15839,8 +15839,8 @@ "service": "AVS", "services": [ "AVS", - "Defender", - "VM" + "VM", + "Defender" ], "severity": "Medium", "subcategory": "Governance (guest/VM)", @@ -15882,8 +15882,8 @@ "service": "AVS", "services": [ "AVS", - "VM", - "Monitor" + "Monitor", + "VM" ], "severity": "Medium", "subcategory": "Governance (guest/VM)", @@ -15896,9 +15896,9 @@ "guid": "589d457a-927c-4397-9d11-02cad6aae11e", "service": "AVS", "services": [ - "VM", "AVS", "Backup", + "VM", "AzurePolicy" ], "severity": "Medium", @@ -15913,8 +15913,8 @@ "service": "AVS", "services": [ "AVS", - "Defender", - "Monitor" + "Monitor", + "Defender" ], "severity": "Medium", "subcategory": "Compliance", @@ -16039,9 +16039,9 @@ "guid": "b6abad38-aad5-43cc-99e1-d86667357c54", "service": "AVS", "services": [ - "Storage", "AVS", - "Monitor" + "Monitor", + "Storage" ], "severity": "Medium", "subcategory": "Monitoring", @@ -16068,10 +16068,10 @@ "guid": "a91be1f3-88f0-43a4-b2cd-463cbbbc8682", "service": "AVS", "services": [ - "Storage", "AVS", "VM", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "High", "subcategory": "Operations", @@ -16097,9 +16097,9 @@ "guid": "0e43a18a-9cd2-489b-bd6b-17db8255461e", "service": "AVS", "services": [ - "Storage", "AVS", - "Backup" + "Backup", + "Storage" ], "severity": "Medium", "subcategory": "Operations", @@ -16266,10 +16266,10 @@ "guid": "d1d79a9b-2460-4448-aa8f-42d78e78cb6a", "service": "AVS", "services": [ - "ASR", "AVS", + "NVA", "ExpressRoute", - "NVA" + "ASR" ], "severity": "Medium", "subcategory": "Disaster Recovery", @@ -16472,9 +16472,9 @@ "guid": "d352caaa-b79b-4198-bab8-1932c9fc9d1b", "service": "AVS", "services": [ - "Storage", "AVS", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "Medium", "subcategory": "Automated Scale", @@ -16612,9 +16612,9 @@ "link": "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-policy-settings", "service": "AVS", "services": [ - "Storage", "AVS", - "VM" + "VM", + "Storage" ], "severity": "Medium", "subcategory": "Architecture", @@ -16628,9 +16628,9 @@ "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#avoid-combining-traffic-manager-and-front-door", "service": "AVS", "services": [ - "Storage", "AVS", - "ExpressRoute" + "ExpressRoute", + "Storage" ], "severity": "Medium", "subcategory": "Architecture", @@ -16644,9 +16644,9 @@ "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#use-the-same-domain-name-on-front-door-and-your-origin", "service": "AVS", "services": [ - "Storage", "AVS", - "ExpressRoute" + "ExpressRoute", + "Storage" ], "severity": "Medium", "subcategory": "Architecture", @@ -16767,8 +16767,8 @@ "service": "ACR", "services": [ "WAF", - "AKV", - "ACR" + "ACR", + "AKV" ], "severity": "High", "text": "Sign and Verify containers with notation (Notary v2)", @@ -16784,8 +16784,8 @@ "service": "ACR", "services": [ "WAF", - "AKV", - "ACR" + "ACR", + "AKV" ], "severity": "Medium", "text": "Encrypt registry with a customer managed key", @@ -16799,8 +16799,8 @@ "link": "https://learn.microsoft.com/azure/container-registry/container-registry-authentication-managed-identity", "service": "ACR", "services": [ - "RBAC", "WAF", + "RBAC", "ACR", "Entra" ], @@ -16833,10 +16833,10 @@ "link": "https://learn.microsoft.com/azure/container-registry/container-registry-roles?tabs=azure-cli", "service": "ACR", "services": [ - "Entra", "WAF", + "RBAC", "ACR", - "RBAC" + "Entra" ], "severity": "High", "text": "Assign AcrPull & AcrPush RBAC roles rather than granting Administrative access to identity principals", @@ -16879,10 +16879,10 @@ "guid": "b3bec3d4-f343-47c1-936d-b55f27a71eee", "service": "ACR", "services": [ - "EventHubs", "WAF", + "PrivateLink", "ACR", - "PrivateLink" + "EventHubs" ], "severity": "High", "text": "Deploy images from a trusted environment", @@ -16915,8 +16915,8 @@ "services": [ "WAF", "ACR", - "Entra", - "Monitor" + "Monitor", + "Entra" ], "severity": "Medium", "text": "Enable diagnostics logging", @@ -16930,10 +16930,10 @@ "link": "https://learn.microsoft.com/azure/container-registry/container-registry-private-link", "service": "ACR", "services": [ - "Firewall", "WAF", + "PrivateLink", "VNet", - "PrivateLink" + "Firewall" ], "severity": "Medium", "text": "Control inbound network access with Private Link", @@ -16965,8 +16965,8 @@ "service": "ACR", "services": [ "WAF", - "ACR", - "PrivateLink" + "PrivateLink", + "ACR" ], "severity": "Medium", "text": "Use an Azure Container Registry SKU that supports Private Link (Premium SKU)", @@ -16981,8 +16981,8 @@ "service": "ACR", "services": [ "WAF", - "Defender", - "ACR" + "ACR", + "Defender" ], "severity": "Low", "text": "Enable Defender for Containers to scan Azure Container Registry for vulnerabilities", @@ -17105,9 +17105,9 @@ "link": "https://learn.microsoft.com/azure/data-explorer/kusto/management/data-export/continuous-data-export", "service": "Azure Data Explorer", "services": [ - "Storage", "WAF", - "Cost" + "Cost", + "Storage" ], "text": "Leverage External Tables and Continuous data export overview to reduce costs", "waf": "Reliability" @@ -17120,8 +17120,8 @@ "link": "https://learn.microsoft.com/azure/data-explorer/follower?tabs=csharp", "service": "Azure Data Explorer", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "text": "To share data, explore Leader-follower cluster configuration", "waf": "Reliability" @@ -17147,9 +17147,9 @@ "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-create-solution#replicate-management-activities", "service": "Azure Data Explorer", "services": [ - "Storage", "WAF", - "RBAC" + "RBAC", + "Storage" ], "text": "Replicate all management activities such as creating new tables or managing user roles on each cluster.", "waf": "Reliability" @@ -17215,11 +17215,11 @@ "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-overview#on-demand-data-recovery-configuration", "service": "Azure Data Explorer", "services": [ - "Storage", "WAF", + "Storage", + "ASR", "Cost", - "AzurePolicy", - "ASR" + "AzurePolicy" ], "text": "For applications, where cost is a concern and can withstand some downtime during failure, create on-demand data recovery cluster configuration", "waf": "Reliability" @@ -17274,8 +17274,8 @@ "service": "Front Door", "services": [ "WAF", - "AKV", - "FrontDoor" + "FrontDoor", + "AKV" ], "severity": "Medium", "text": "If you use customer-managed TLS certificates with Azure Front Door, use the 'Latest' certificate version. Reduce the risk of outages caused by manual certificate renewal.", @@ -17307,8 +17307,8 @@ "services": [ "WAF", "FrontDoor", - "AppGW", - "AzurePolicy" + "AzurePolicy", + "AppGW" ], "severity": "Medium", "text": "When using Front Door and Application Gateway to help protect HTTP/S apps, use WAF policies in Front Door. Lock down Application Gateway to receive traffic only from Front Door.", @@ -17339,9 +17339,9 @@ "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#avoid-combining-traffic-manager-and-front-door", "service": "Front Door", "services": [ - "EventHubs", "WAF", "FrontDoor", + "EventHubs", "TrafficManager" ], "severity": "High", @@ -17415,10 +17415,10 @@ "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#use-managed-tls-certificates", "service": "Front Door", "services": [ - "FrontDoor", "WAF", - "AKV", - "Cost" + "FrontDoor", + "Cost", + "AKV" ], "severity": "High", "text": "Use managed TLS certificates with Azure Front Door. Reduce operational cost and risk of outages due to certificate renewals.", @@ -17741,9 +17741,9 @@ "link": "https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-reports", "service": "Front Door", "services": [ - "Storage", "WAF", - "FrontDoor" + "FrontDoor", + "Storage" ], "severity": "Medium", "text": "We recommend using the Premium Tier for leveraging the Security reports while the Standard Azure Front Door Profile provides only traffic reports under built-in analytics/reports.", @@ -17784,8 +17784,8 @@ "link": "https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-compression", "service": "Front Door", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Use file compression when you're accessing downloadable content.", @@ -17813,10 +17813,10 @@ "link": "https://learn.microsoft.com/azure/architecture/guide/networking/global-web-applications/mission-critical-content-delivery", "service": "Front Door", "services": [ - "Storage", "WAF", "FrontDoor", - "TrafficManager" + "TrafficManager", + "Storage" ], "severity": "Medium", "text": "Consider using Traffic Manager load balancing Azure Front Door and a third party CDN provider CDN profile for mission critical high availability scenario. ", @@ -17829,8 +17829,8 @@ "link": "https://learn.microsoft.com/azure/app-service/app-service-ip-restrictions?tabs=azurecli#restrict-access-to-a-specific-azure-front-door-instance", "service": "Front Door", "services": [ - "AppSvc", "WAF", + "AppSvc", "FrontDoor" ], "severity": "High", @@ -17983,8 +17983,8 @@ "service": "AKS", "services": [ "WAF", - "AzurePolicy", - "AKS" + "AKS", + "AzurePolicy" ], "severity": "Medium", "text": "Use Azure Policy for Kubernetes to ensure cluster compliance", @@ -18175,9 +18175,9 @@ "link": "https://learn.microsoft.com/azure/aks/manage-azure-rbac", "service": "AKS", "services": [ - "Entra", "WAF", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "text": "Integrate authorization with AAD RBAC", @@ -18377,8 +18377,8 @@ "service": "AKS", "services": [ "WAF", - "VNet", - "PrivateLink" + "PrivateLink", + "VNet" ], "severity": "Medium", "text": "Use Private Endpoints (preferred) or Virtual Network Service Endpoints to access PaaS services from the cluster", @@ -18528,8 +18528,8 @@ "link": "https://learn.microsoft.com/azure/aks/limit-egress-traffic", "service": "AKS", "services": [ - "NVA", - "WAF" + "WAF", + "NVA" ], "severity": "High", "text": "Filter egress traffic with AzFW/NVA if your security requirements mandate it", @@ -18572,8 +18572,8 @@ "service": "AKS", "services": [ "WAF", - "AzurePolicy", - "AKS" + "AKS", + "AzurePolicy" ], "severity": "Medium", "text": "For Windows 2019 and 2022 AKS nodes Calico Network Policies can be used ", @@ -18588,8 +18588,8 @@ "service": "AKS", "services": [ "WAF", - "AzurePolicy", - "AKS" + "AKS", + "AzurePolicy" ], "severity": "High", "text": "Enable a Kubernetes Network Policy option (Calico/Azure)", @@ -18603,8 +18603,8 @@ "service": "AKS", "services": [ "WAF", - "AzurePolicy", - "AKS" + "AKS", + "AzurePolicy" ], "severity": "High", "text": "Use Kubernetes network policies to increase intra-cluster security", @@ -18631,9 +18631,9 @@ "link": "https://learn.microsoft.com/azure/virtual-network/ddos-protection-overview", "service": "AKS", "services": [ - "AKS", "WAF", "VNet", + "AKS", "DDoS" ], "severity": "Medium", @@ -18976,10 +18976,10 @@ "link": "https://learn.microsoft.com/azure/virtual-machines/premium-storage-performance", "service": "AKS", "services": [ + "WAF", "ServiceBus", "Storage", "EventHubs", - "WAF", "Monitor" ], "severity": "Medium", @@ -18993,9 +18993,9 @@ "link": "https://learn.microsoft.com/azure/aks/load-balancer-standard", "service": "AKS", "services": [ - "NVA", "WAF", "LoadBalancer", + "NVA", "Monitor" ], "severity": "Medium", @@ -19216,9 +19216,9 @@ "link": "https://learn.microsoft.com/azure/aks/use-ultra-disks", "service": "AKS", "services": [ - "Storage", "WAF", - "AKS" + "AKS", + "Storage" ], "severity": "Low", "text": "For hyper performance storage option use Ultra Disks on AKS", @@ -19231,9 +19231,9 @@ "link": "https://learn.microsoft.com/azure/aks/operator-best-practices-multi-region", "service": "AKS", "services": [ - "Storage", "WAF", - "SQL" + "SQL", + "Storage" ], "severity": "Medium", "text": "Avoid keeping state in the cluster, and store data outside (AzStorage, AzSQL, Cosmos, etc)", @@ -19246,8 +19246,8 @@ "link": "https://learn.microsoft.com/azure/aks/operator-best-practices-storage", "service": "AKS", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "If using AzFiles Standard, consider AzFiles Premium and/or ANF for performance reasons", @@ -19260,28 +19260,13 @@ "link": "https://learn.microsoft.com/azure/aks/availability-zones#azure-disk-availability-zone-support", "service": "AKS", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "If using Azure Disks and AZs, consider having nodepools within a zone for LRS disk with VolumeBindingMode:WaitForFirstConsumer for provisioning storage in right zone or use ZRS disk for nodepools spanning multiple zones", "waf": "Performance" }, - { - "arm-service": "Microsoft.Network/virtualNetworks", - "checklist": "WAF checklist", - "guid": "7bc1c396-2461-4698-b57f-30ca69525252", - "link": "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/considerations/regions", - "service": "VNet", - "services": [ - "WAF", - "ASR" - ], - "severity": "Medium", - "text": "Deploy your Azure landing zone connectivity resources in multiple regions, so that you can quickly support multi-region application landing zones and disaster recovery scenarios.", - "training": "https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/", - "waf": "Reliability" - }, { "checklist": "WAF checklist", "guid": "70c15989-c726-42c7-b0d3-24b7375b9201", @@ -19343,8 +19328,8 @@ "service": "Entra", "services": [ "WAF", - "ACR", "RBAC", + "ACR", "Subscriptions" ], "severity": "High", @@ -19457,8 +19442,8 @@ "service": "Entra", "services": [ "WAF", - "Entra", - "Monitor" + "Monitor", + "Entra" ], "severity": "Medium", "text": "Integrate Microsoft Entra ID logs with the platform-central Azure Monitor. Azure Monitor allows for a single source of truth around log and monitoring data in Azure, giving organizations a cloud native options to meet requirements around log collection and retention.", @@ -19486,9 +19471,9 @@ "link": "https://learn.microsoft.com/azure/active-directory/roles/best-practices", "service": "Entra", "services": [ - "Entra", "WAF", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "text": "Do not use on-premises synced accounts for Microsoft Entra ID role assignments, unless you have a scenario that specifically requires it.", @@ -19524,6 +19509,21 @@ "training": "https://learn.microsoft.com/learn/paths/architect-network-infrastructure/", "waf": "Security" }, + { + "arm-service": "Microsoft.Network/virtualNetworks", + "checklist": "WAF checklist", + "guid": "7bc1c396-2461-4698-b57f-30ca69525252", + "link": "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/considerations/regions", + "service": "VNet", + "services": [ + "WAF", + "ASR" + ], + "severity": "Medium", + "text": "Deploy your Azure landing zone connectivity resources in multiple regions, so that you can quickly support multi-region application landing zones and disaster recovery scenarios.", + "training": "https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/", + "waf": "Reliability" + }, { "arm-service": "Microsoft.Network/virtualNetworks", "checklist": "WAF checklist", @@ -19531,35 +19531,20 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/traditional-azure-networking-topology", "service": "VNet", "services": [ - "NVA", "WAF", "VNet", - "DNS", "Firewall", - "VPN", + "NVA", "ExpressRoute", - "Entra" + "Entra", + "DNS", + "VPN" ], "severity": "High", "text": "Deploy shared networking services, including ExpressRoute gateways, VPN gateways, and Azure Firewall or partner NVAs in the central-hub virtual network. If necessary, also deploy DNS services.", "training": "https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/", "waf": "Cost" }, - { - "arm-service": "Microsoft.Network/virtualNetworks", - "checklist": "WAF checklist", - "guid": "143b16c3-1d7a-4a9b-9470-4489a8042d88", - "link": "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview", - "service": "VNet", - "services": [ - "WAF", - "DDoS" - ], - "severity": "High", - "text": "Use a DDoS Network or IP protection plan for all public IP addresses in application landing zones.", - "training": "https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/", - "waf": "Security" - }, { "arm-service": "Microsoft.Compute/virtualMachines", "checklist": "WAF checklist", @@ -19567,8 +19552,8 @@ "link": "https://learn.microsoft.com/azure/architecture/reference-architectures/dmz/nva-ha", "service": "NVA", "services": [ - "NVA", - "WAF" + "WAF", + "NVA" ], "severity": "Medium", "text": "When deploying partner networking technologies or NVAs, follow the partner vendor's guidance.", @@ -19581,10 +19566,10 @@ "link": "https://learn.microsoft.com/azure/expressroute/expressroute-howto-coexist-resource-manager#to-enable-transit-routing-between-expressroute-and-azure-vpn", "service": "ExpressRoute", "services": [ - "ARS", - "VPN", "WAF", - "ExpressRoute" + "ARS", + "ExpressRoute", + "VPN" ], "severity": "Low", "text": "If you need transit between ExpressRoute and VPN gateways in hub and spoke scenarios, use Azure Route Server.", @@ -19599,8 +19584,8 @@ "link": "https://learn.microsoft.com/azure/route-server/quickstart-configure-route-server-portal#create-a-route-server-1", "service": "ARS", "services": [ - "ARS", "WAF", + "ARS", "VNet" ], "severity": "Low", @@ -19648,8 +19633,8 @@ "service": "VNet", "services": [ "WAF", - "ExpressRoute", - "VNet" + "VNet", + "ExpressRoute" ], "severity": "Medium", "text": "If you have more than 400 spoke networks in a region, deploy an additional hub to bypass VNet peering limits (500) and the maximum number of prefixes that can be advertised via ExpressRoute (1000).", @@ -19664,8 +19649,8 @@ "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits", "service": "VNet", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Limit the number of routes per route table to 400.", @@ -19740,9 +19725,9 @@ "link": "https://learn.microsoft.com/azure/vpn-gateway/site-to-site-vpn-private-peering", "service": "ExpressRoute", "services": [ - "VPN", "WAF", - "ExpressRoute" + "ExpressRoute", + "VPN" ], "severity": "Medium", "text": "For scenarios where MACsec isn't an option (for example, not using ExpressRoute Direct), use a VPN gateway to establish IPsec tunnels over ExpressRoute private peering.", @@ -19847,8 +19832,8 @@ "link": "https://learn.microsoft.com/azure/dns/dns-private-resolver-overview", "service": "DNS", "services": [ - "ACR", "WAF", + "ACR", "DNS" ], "severity": "Medium", @@ -19878,10 +19863,10 @@ "link": "https://learn.microsoft.com/azure/dns/private-dns-autoregistration", "service": "DNS", "services": [ - "VM", "WAF", - "DNS", - "VNet" + "VM", + "VNet", + "DNS" ], "severity": "High", "text": "Enable auto-registration for Azure DNS to automatically manage the lifecycle of the DNS records for the virtual machines deployed within a virtual network.", @@ -19927,8 +19912,8 @@ "service": "Bastion", "services": [ "WAF", - "VNet", - "Bastion" + "Bastion", + "VNet" ], "severity": "Medium", "text": "Use Azure Bastion in a subnet /26 or larger.", @@ -19942,9 +19927,9 @@ "link": "https://learn.microsoft.com/azure/web-application-firewall/afds/afds-overview", "service": "WAF", "services": [ - "FrontDoor", "WAF", "ACR", + "FrontDoor", "AzurePolicy" ], "severity": "Medium", @@ -19961,8 +19946,8 @@ "services": [ "WAF", "FrontDoor", - "AppGW", - "AzurePolicy" + "AzurePolicy", + "AppGW" ], "severity": "Low", "text": "When using Azure Front Door and Azure Application Gateway to help protect HTTP/S apps, use WAF policies in Azure Front Door. Lock down Azure Application Gateway to receive traffic only from Azure Front Door.", @@ -19996,7 +19981,7 @@ "DDoS" ], "severity": "High", - "text": "Use Azure DDoS Network or IP Protection plans to help protect Public IP Addresses endpoints within the virtual networks.", + "text": "Use Azure DDoS Network or IP Protection plans to help protect Public IP Addresses endpoints within the virtual networks including application landing zones.", "training": "https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/", "waf": "Security" }, @@ -20052,10 +20037,10 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/connectivity-to-azure", "service": "ExpressRoute", "services": [ - "VPN", "WAF", + "Backup", "ExpressRoute", - "Backup" + "VPN" ], "severity": "Medium", "text": "Use ExpressRoute as the primary connection to Azure. Use VPNs as a source of backup connectivity.", @@ -20086,9 +20071,9 @@ "link": "https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways?source=recommendations#gwsku", "service": "ExpressRoute", "services": [ - "VPN", "WAF", - "ExpressRoute" + "ExpressRoute", + "VPN" ], "severity": "Medium", "text": "Select the right SKU for the ExpressRoute/VPN gateways based on bandwidth and performance requirements.", @@ -20183,8 +20168,8 @@ "link": "https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway", "service": "VPN", "services": [ - "VPN", - "WAF" + "WAF", + "VPN" ], "severity": "Medium", "text": "Use zone-redundant VPN gateways to connect branches or remote locations to Azure (where available).", @@ -20198,8 +20183,8 @@ "link": "https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-highlyavailable", "service": "VPN", "services": [ - "VPN", - "WAF" + "WAF", + "VPN" ], "severity": "Medium", "text": "Use redundant VPN appliances on-premises (active/active or active/passive).", @@ -20245,8 +20230,8 @@ "service": "ExpressRoute", "services": [ "WAF", - "ExpressRoute", - "Monitor" + "Monitor", + "ExpressRoute" ], "severity": "Medium", "text": "Monitor ExpressRoute availability and utilization using built-in Express Route Insights.", @@ -20293,9 +20278,9 @@ "link": "https://learn.microsoft.com/azure/expressroute/expressroute-howto-coexist-resource-manager", "service": "ExpressRoute", "services": [ - "VPN", "WAF", - "ExpressRoute" + "ExpressRoute", + "VPN" ], "severity": "Medium", "text": "Use site-to-site VPN as failover of ExpressRoute, if only using a single ExpressRoute circuit.", @@ -20310,9 +20295,9 @@ "link": "https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub", "service": "ExpressRoute", "services": [ - "Storage", "WAF", - "VNet" + "VNet", + "Storage" ], "severity": "High", "text": "If you are using a route table in the GatewaySubnet, make sure that gateway routes are propagated.", @@ -20326,8 +20311,8 @@ "service": "ExpressRoute", "services": [ "WAF", - "ExpressRoute", - "ACR" + "ACR", + "ExpressRoute" ], "severity": "High", "text": "If using ExpressRoute, your on-premises routing should be dynamic: in the event of a connection failure it should converge to the remaining connection of the circuit. Load should be shared across both connections ideally as active/active, although active/passive is supported too.", @@ -20386,9 +20371,9 @@ "service": "ExpressRoute", "services": [ "WAF", + "Monitor", "ExpressRoute", - "VNet", - "Monitor" + "VNet" ], "severity": "Medium", "text": "Configure diagnostic logs and alerts for ExpressRoute virtual network gateway.", @@ -20403,8 +20388,8 @@ "service": "ExpressRoute", "services": [ "WAF", - "ExpressRoute", - "VNet" + "VNet", + "ExpressRoute" ], "severity": "Medium", "text": "Do not use ExpressRoute circuits for VNet-to-VNet communication.", @@ -20446,10 +20431,10 @@ "link": "https://learn.microsoft.com/azure/firewall-manager/policy-overview", "service": "Firewall", "services": [ - "RBAC", "WAF", - "ACR", "Firewall", + "RBAC", + "ACR", "AzurePolicy" ], "severity": "Medium", @@ -20544,10 +20529,10 @@ "link": "https://learn.microsoft.com/azure/virtual-network/virtual-networks-udr-overview", "service": "Firewall", "services": [ - "Storage", "WAF", "VNet", "Firewall", + "Storage", "NVA", "VWAN" ], @@ -20562,9 +20547,9 @@ "link": "https://learn.microsoft.com/azure/firewall/firewall-structured-logs", "service": "Firewall", "services": [ - "Storage", "WAF", - "Firewall" + "Firewall", + "Storage" ], "severity": "Medium", "text": "Add diagnostic settings to save logs, using the Resource Specific destination table, for all Azure Firewall deployments.", @@ -20626,8 +20611,8 @@ "link": "https://learn.microsoft.com/azure/firewall/ip-groups", "service": "Firewall", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Use IP Groups or IP prefixes to reduce number of IP table rules.", @@ -20772,15 +20757,15 @@ { "arm-service": "Microsoft.Network/azureFirewalls", "checklist": "WAF checklist", - "graph": "resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, /subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | where isempty(ddosProtectionPlanId) | , name, id = firewallId, tags, param1 = strcat('vNet: ', vNetName), param2 = 'ddosProtection: Disabled'", + "graph": "resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName)", "guid": "e8143efa-0301-4d62-be54-ca7b5ce566dc", "link": "https://learn.microsoft.com/en-gb/azure/ddos-protection/ddos-protection-overview", "service": "Firewall", "services": [ - "Firewall", "WAF", "VNet", - "DDoS" + "DDoS", + "Firewall" ], "severity": "High", "text": "Configure DDoS Protection on the Azure Firewall VNet, Associate a DDoS protection plan with the virtual network hosting Azure Firewall to provide enhanced mitigation against DDoS attacks. Azure Firewall Manager integrates the creation of firewall infrastructure and DDoS protection plans. ", @@ -20809,8 +20794,8 @@ "service": "ExpressRoute", "services": [ "WAF", - "ExpressRoute", - "PrivateLink" + "PrivateLink", + "ExpressRoute" ], "severity": "Medium", "text": "Access Azure PaaS services from on-premises via private endpoints and ExpressRoute private peering. This method avoids transiting over the public internet.", @@ -20842,9 +20827,9 @@ "services": [ "WAF", "PrivateLink", - "DNS", "Firewall", - "NVA" + "NVA", + "DNS" ], "severity": "Medium", "text": "Filter egress traffic to Azure PaaS services using FQDNs instead of IP addresses in Azure Firewall or an NVA to prevent data exfiltration. If using Private Link you can block all FQDNs, otherwise allow only the required PaaS services.", @@ -20859,10 +20844,10 @@ "link": "https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway", "service": "ExpressRoute", "services": [ - "VPN", "WAF", + "VNet", "ExpressRoute", - "VNet" + "VPN" ], "severity": "High", "text": "Use at least a /27 prefix for your Gateway subnets.", @@ -20907,10 +20892,10 @@ "link": "https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works", "service": "NSG", "services": [ - "NVA", "WAF", - "VNet", - "Entra" + "NVA", + "Entra", + "VNet" ], "severity": "Medium", "text": "Use NSGs and application security groups to micro-segment traffic within the landing zone and avoid using a central NVA to filter traffic flows.", @@ -20926,8 +20911,8 @@ "service": "NSG", "services": [ "WAF", - "VNet", - "NetworkWatcher" + "NetworkWatcher", + "VNet" ], "severity": "Medium", "text": "Enable VNet Flow Logs and feed them into Traffic Analytics to gain insights into internal and external traffic flows.", @@ -20972,8 +20957,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/virtual-wan-network-topology#virtual-wan-network-design-recommendationst", "service": "VWAN", "services": [ - "ACR", "WAF", + "ACR", "VWAN" ], "severity": "Medium", @@ -21020,8 +21005,8 @@ "service": "VWAN", "services": [ "WAF", - "VWAN", - "Monitor" + "Monitor", + "VWAN" ], "severity": "Medium", "text": "Use Azure Monitor Insights for Virtual WAN to monitor the end-to-end topology of the Virtual WAN, status, and key metrics.", @@ -21052,9 +21037,9 @@ "link": "https://learn.microsoft.com/azure/virtual-wan/about-virtual-hub-routing-preference", "service": "VWAN", "services": [ - "VPN", "WAF", - "ExpressRoute" + "ExpressRoute", + "VPN" ], "severity": "Medium", "text": "Use AS-Path as hub routing preference, since it is more flexible than ExpressRoute or VPN.", @@ -21130,8 +21115,8 @@ "service": "Policy", "services": [ "WAF", - "Subscriptions", - "AzurePolicy" + "AzurePolicy", + "Subscriptions" ], "severity": "Medium", "text": "Establish Azure Policy definitions at the intermediate root management group so that they can be assigned at inherited scopes.", @@ -21161,8 +21146,8 @@ "service": "Policy", "services": [ "WAF", - "Subscriptions", - "AzurePolicy" + "AzurePolicy", + "Subscriptions" ], "severity": "Low", "text": "Use Azure Policy to control which services users can provision at the subscription/management group level.", @@ -21192,11 +21177,11 @@ "link": "https://learn.microsoft.com/azure/governance/policy/overview#azure-rbac-permissions-in-azure-policy", "service": "Policy", "services": [ - "Subscriptions", - "RBAC", "WAF", - "AzurePolicy", - "Entra" + "RBAC", + "Entra", + "Subscriptions", + "AzurePolicy" ], "severity": "Medium", "text": "Assign the built-in Resource Policy Contributor role at a particular scope to enable application-level governance.", @@ -21211,8 +21196,8 @@ "service": "Policy", "services": [ "WAF", - "Subscriptions", - "AzurePolicy" + "AzurePolicy", + "Subscriptions" ], "severity": "Medium", "text": "Limit the number of Azure Policy assignments made at the root management group scope to avoid managing through exclusions at inherited scopes.", @@ -21242,8 +21227,8 @@ "service": "Policy", "services": [ "WAF", - "Subscriptions", - "AzurePolicy" + "AzurePolicy", + "Subscriptions" ], "severity": "Medium", "text": "For Sovereign Landing Zone, deploy sovereignty policy baseline and assign at correct management group level.", @@ -21284,11 +21269,11 @@ "link": "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/workspace-design#azure-regions", "service": "Monitor", "services": [ - "RBAC", "WAF", + "RBAC", + "Entra", "Monitor", - "AzurePolicy", - "Entra" + "AzurePolicy" ], "severity": "Medium", "text": "Use a single monitor logs workspace to manage platforms centrally except where Azure role-based access control (Azure RBAC), data sovereignty requirements, or data retention policies mandate separate workspaces.", @@ -21317,10 +21302,10 @@ "link": "https://learn.microsoft.com/azure/azure-monitor/logs/data-retention-archive?tabs=portal-1%2Cportal-2#how-retention-and-archiving-work", "service": "Monitor", "services": [ - "Storage", - "ARS", "WAF", - "AzurePolicy" + "ARS", + "AzurePolicy", + "Storage" ], "severity": "High", "text": "Export logs to Azure Storage if your log retention requirements exceed twelve years. Use immutable storage with a write-once, read-many policy to make data non-erasable and non-modifiable for a user-specified interval.", @@ -21335,8 +21320,8 @@ "service": "VM", "services": [ "WAF", - "VM", "Monitor", + "VM", "AzurePolicy" ], "severity": "Medium", @@ -21382,8 +21367,8 @@ "service": "Network Watcher", "services": [ "WAF", - "Monitor", - "NetworkWatcher" + "NetworkWatcher", + "Monitor" ], "severity": "Medium", "text": "Use Network Watcher to proactively monitor traffic flows.", @@ -21474,8 +21459,8 @@ "service": "VM", "services": [ "WAF", - "VM", "Monitor", + "VM", "AzurePolicy" ], "severity": "Medium", @@ -21490,9 +21475,9 @@ "link": "https://learn.microsoft.com/azure/site-recovery/site-recovery-overview", "service": "VM", "services": [ - "VM", "WAF", "ACR", + "VM", "ASR" ], "severity": "Medium", @@ -21538,10 +21523,10 @@ "link": "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-best-practices#send-logs-to-microsoft-sentinel", "service": "WAF", "services": [ - "AppGW", "WAF", "FrontDoor", - "Sentinel" + "Sentinel", + "AppGW" ], "severity": "Medium", "text": "Send WAF logs from your application delivery services like Azure Front Door and Azure Application Gateway to Microsoft Sentinel. Detect attacks and integrate WAF telemetry into your overall Azure environment.", @@ -21575,7 +21560,7 @@ "AKV" ], "severity": "Medium", - "text": "Use different Azure Key Vaults for different applications and regions to avoid transaction scale limits and restrict access to secrets.", + "text": "Use different Azure Key Vaults for different applications, environments and regions to avoid transaction scale limits and restrict access to secrets.", "training": "https://learn.microsoft.com/training/modules/configure-and-manage-azure-key-vault/", "waf": "Security" }, @@ -21587,8 +21572,8 @@ "service": "Key Vault", "services": [ "WAF", - "AKV", - "AzurePolicy" + "AzurePolicy", + "AKV" ], "severity": "Medium", "text": "Provision Azure Key Vault with the soft delete and purge policies enabled to allow retention protection for deleted objects.", @@ -21602,10 +21587,10 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", "service": "Key Vault", "services": [ - "Entra", "WAF", - "AKV", - "RBAC" + "RBAC", + "Entra", + "AKV" ], "severity": "Medium", "text": "Follow a least privilege model by limiting authorization to permanently delete keys, secrets, and certificates to specialized custom Microsoft Entra ID roles.", @@ -21648,9 +21633,9 @@ "service": "Key Vault", "services": [ "WAF", - "AKV", + "PrivateLink", "VNet", - "PrivateLink" + "AKV" ], "severity": "Medium", "text": "Enable firewall and virtual network service endpoint or private endpoint on the vault to control access to the key vault.", @@ -21665,9 +21650,9 @@ "service": "Key Vault", "services": [ "WAF", - "AKV", + "Monitor", "Entra", - "Monitor" + "AKV" ], "severity": "Medium", "text": "Use the platform-central Azure Monitor Log Analytics workspace to audit key, certificate, and secret usage within each instance of Key Vault.", @@ -21682,29 +21667,14 @@ "service": "Key Vault", "services": [ "WAF", - "AKV", - "AzurePolicy" + "AzurePolicy", + "AKV" ], "severity": "Medium", "text": "Delegate Key Vault instantiation and privileged access and use Azure Policy to enforce a consistent compliant configuration.", "training": "https://learn.microsoft.com/training/modules/configure-azure-key-vault-networking-settings/", "waf": "Security" }, - { - "arm-service": "Microsoft.KeyVault/vaults", - "checklist": "WAF checklist", - "guid": "91163418-2ba5-4275-8694-4008be7d7e48", - "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", - "service": "Key Vault", - "services": [ - "WAF", - "AKV" - ], - "severity": "Medium", - "text": "Use an Azure Key Vault per application per environment per region.", - "training": "https://learn.microsoft.com/training/modules/implement-azure-key-vault/", - "waf": "Security" - }, { "arm-service": "Microsoft.KeyVault/vaults", "checklist": "WAF checklist", @@ -21713,8 +21683,8 @@ "service": "Key Vault", "services": [ "WAF", - "AKV", "ACR", + "AKV", "ASR" ], "severity": "Medium", @@ -21818,8 +21788,8 @@ "service": "VM", "services": [ "WAF", - "Defender", - "Monitor" + "Monitor", + "Defender" ], "severity": "Medium", "text": "Monitor base operating system patching drift via Azure Monitor Logs and Defender for Cloud.", @@ -21834,8 +21804,8 @@ "service": "Monitor", "services": [ "WAF", - "Entra", - "Monitor" + "Monitor", + "Entra" ], "severity": "Medium", "text": "Connect default resource configurations to a centralized Azure Monitor Log Analytics workspace.", @@ -21890,8 +21860,8 @@ "link": "https://learn.microsoft.com/azure/storage/common/storage-require-secure-transfer", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "High", "text": "Enable secure transfer to storage accounts.", @@ -21905,8 +21875,8 @@ "link": "https://learn.microsoft.com/azure/storage/blobs/data-protection-overview#recommendations-for-basic-data-protection", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "High", "text": "Enable container soft delete for the storage account to recover a deleted container and its contents.", @@ -21920,8 +21890,8 @@ "service": "Key Vault", "services": [ "WAF", - "AKV", - "VM" + "VM", + "AKV" ], "severity": "High", "text": "Use Key Vault secrets to avoid hard-coding sensitive information such as credentials (virtual machines user passwords), certificates or keys.", @@ -21948,8 +21918,8 @@ "link": "https://github.com/Azure-Samples/AI-Gateway", "service": "OpenAI", "services": [ - "APIM", "WAF", + "APIM", "Entra" ], "severity": "High", @@ -21979,9 +21949,9 @@ "service": "OpenAI", "services": [ "WAF", - "AKV", + "Monitor", "Subscriptions", - "Monitor" + "AKV" ], "severity": "High", "text": "Create alerts to notify teams of events such as an entry in the activity log created by an action performed on the resource, such as regenerating its subscription keys or a metric threshold such as the number of errors exceeding 10 in an hour", @@ -22022,8 +21992,8 @@ "link": "https://techcommunity.microsoft.com/t5/apps-on-azure-blog/build-an-enterprise-ready-azure-openai-solution-with-azure-api/ba-p/3907562", "service": "OpenAI", "services": [ - "APIM", - "WAF" + "WAF", + "APIM" ], "severity": "Low", "text": "Enable and configure Diagnostics for the Azure OpenAI Service. If not sufficient, consider using a gateway such as Azure API Managements in front of Azure OpenAI to log both incoming prompts and outgoing responses, where permitted", @@ -22128,9 +22098,9 @@ "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching", "service": "OpenAI", "services": [ - "Storage", "WAF", - "ServiceBus" + "ServiceBus", + "Storage" ], "severity": "Medium", "text": "Estimate elasticity demands to determine synchronous and batch request segregation based on priority. For high priority, use synchronous approach and for low priority, asynchronous batch processing with queue is preferred", @@ -22209,8 +22179,8 @@ "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability", "service": "OpenAI", "services": [ - "APIM", "WAF", + "APIM", "Entra" ], "severity": "High", @@ -22265,8 +22235,8 @@ "service": "OpenAI", "services": [ "WAF", - "Backup", - "ASR" + "ASR", + "Backup" ], "severity": "Medium", "text": "Regularly backup and replicate critical data to ensure data availability and recoverability in case of data loss or system failures. Leverage Azure's backup and disaster recovery services to protect your data.", @@ -22361,9 +22331,9 @@ "service": "OpenAI", "services": [ "WAF", - "Defender", + "Monitor", "Sentinel", - "Monitor" + "Defender" ], "severity": "High", "text": "Utilize Azure Defender to detect and respond to security threats and set up monitoring and alerting mechanisms to identify suspicious activities or breaches. Leverage Azure Sentinel for advanced threat detection and response", @@ -22548,8 +22518,8 @@ "service": "OpenAI", "services": [ "WAF", - "AKV", - "Entra" + "Entra", + "AKV" ], "severity": "High", "text": "Ensure that APIs and endpoints used by the LLM application are properly secured with authentication and authorization mechanisms, such as Managed identities, API keys or OAuth, to prevent unauthorized access.", @@ -22656,8 +22626,8 @@ "service": "OpenAI", "services": [ "WAF", - "AKV", - "Entra" + "Entra", + "AKV" ], "severity": "High", "text": "Store and manage keys securely using Azure Key Vault. Avoid hard-coding or embedding sensitive keys within your LLM application's code and retrieve them securely from Azure Key Vault using managed identities", @@ -22766,8 +22736,8 @@ "service": "OpenAI", "services": [ "WAF", - "Cost", - "Monitor" + "Monitor", + "Cost" ], "severity": "Medium", "text": "Set up a cost tracking system that monitors model usage and use that information to help inform model choices and prompt sizes", @@ -22793,8 +22763,8 @@ "link": "https://learn.microsoft.com/azure/search/vector-search-index-size?tabs=portal-vector-quota", "service": "OpenAI", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Plan and manage AI Search Vector storage", @@ -22821,8 +22791,8 @@ "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/provisioned-throughput-onboarding#understanding-the-provisioned-throughput-purchase-model", "service": "OpenAI", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "High", "text": "Evaluate usage of billing models - PAYG vs PTU. Start with PAYG and consider PTU when the usage is predictable in production since it offers dedicated memory and compute, reserved capacity, and consistent maximum latency for the specified model version", @@ -22939,11 +22909,11 @@ "link": "https://github.com/Azure/aoai-apim/blob/main/README.md", "service": "OpenAI", "services": [ - "LoadBalancer", - "APIM", "WAF", "ACR", - "Entra" + "APIM", + "Entra", + "LoadBalancer" ], "severity": "Medium", "text": "Use Load balancer solutions like APIM based gateway for balancing load and capacity across services and regions", @@ -22956,8 +22926,8 @@ "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/fine-tuning?tabs=turbo%2Cpython-new&pivots=programming-language-studio#import-training-data-from-azure-blob-store", "service": "OpenAI", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Follow the guidance for fine-tuning with large data files and import the data from an Azure blob store. Large files, 100 MB or larger, can become unstable when uploaded through multipart forms because the requests are atomic and can't be retried or resumed", @@ -23383,8 +23353,8 @@ "link": "https://learn.microsoft.com/azure/api-management/api-management-howto-log-event-hubs", "service": "APIM", "services": [ - "EventHubs", "WAF", + "EventHubs", "AzurePolicy" ], "severity": "Low", @@ -23467,8 +23437,8 @@ "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits#api-management-limits", "service": "APIM", "services": [ - "APIM", "WAF", + "APIM", "Entra" ], "severity": "High", @@ -23509,9 +23479,9 @@ "link": "https://learn.microsoft.com/azure/api-management/front-door-api-management", "service": "APIM", "services": [ - "APIM", "WAF", "FrontDoor", + "APIM", "Entra" ], "severity": "Medium", @@ -23540,11 +23510,11 @@ "link": "https://learn.microsoft.com/security/benchmark/azure/baselines/api-management-security-baseline?toc=%2Fazure%2Fapi-management%2F&bc=%2Fazure%2Fapi-management%2Fbreadcrumb%2Ftoc.json#network-security-group-support", "service": "APIM", "services": [ - "APIM", "WAF", "VNet", - "Monitor", - "Entra" + "APIM", + "Entra", + "Monitor" ], "severity": "Medium", "text": "Deploy network security groups (NSG) to your subnets to restrict or monitor traffic to/from APIM.", @@ -23558,10 +23528,10 @@ "link": "https://learn.microsoft.com/security/benchmark/azure/baselines/api-management-security-baseline?toc=%2Fazure%2Fapi-management%2F&bc=%2Fazure%2Fapi-management%2Fbreadcrumb%2Ftoc.json#azure-private-link", "service": "APIM", "services": [ - "APIM", "WAF", - "VNet", "PrivateLink", + "VNet", + "APIM", "Entra" ], "severity": "Medium", @@ -23602,8 +23572,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/app-platform/api-management/platform-automation-and-devops#design-recommendations", "service": "APIM", "services": [ - "APIM", "WAF", + "APIM", "Entra" ], "severity": "Medium", @@ -23617,8 +23587,8 @@ "link": "https://learn.microsoft.com/azure/api-management/visual-studio-code-tutorial", "service": "APIM", "services": [ - "APIM", "WAF", + "APIM", "Entra" ], "severity": "Medium", @@ -23739,10 +23709,10 @@ "link": "https://learn.microsoft.com/security/benchmark/azure/baselines/api-management-security-baseline?toc=%2Fazure%2Fapi-management%2F&bc=%2Fazure%2Fapi-management%2Fbreadcrumb%2Ftoc.json#ns-6-deploy-web-application-firewall", "service": "APIM", "services": [ - "APIM", - "AppGW", "WAF", - "Entra" + "APIM", + "Entra", + "AppGW" ], "severity": "High", "text": "Use web application firewall (WAF) by deploying Application Gateway in front of APIM", @@ -23756,8 +23726,8 @@ "link": "https://learn.microsoft.com/azure/architecture/reference-architectures/app-service-web-app/zone-redundant?source=recommendations", "service": "App Services", "services": [ - "AppSvc", - "WAF" + "WAF", + "AppSvc" ], "severity": "Low", "text": "Implement a baseline highly available zone-redundant web application architecture. Ensure your Azure App Service is on Premium V2/V3 or Isolated v2 tiers for zone-redundant support.", @@ -23773,8 +23743,8 @@ "service": "App Services", "services": [ "WAF", - "Backup", - "ASR" + "ASR", + "Backup" ], "severity": "Medium", "text": "Use Premium and Standard tiers for staging slots and automated backups. Align your backup retention period with disaster recovery needs.", @@ -23804,8 +23774,8 @@ "link": "https://learn.microsoft.com/azure/app-service/monitor-instances-health-check", "service": "App Services", "services": [ - "AppSvc", "WAF", + "AppSvc", "Monitor" ], "severity": "Medium", @@ -23820,8 +23790,8 @@ "link": "https://learn.microsoft.com/azure/app-service/manage-backup", "service": "App Services", "services": [ - "AppSvc", "WAF", + "AppSvc", "Backup" ], "severity": "High", @@ -23836,8 +23806,8 @@ "link": "https://learn.microsoft.com/azure/architecture/framework/services/compute/azure-app-service/reliability", "service": "App Services", "services": [ - "AppSvc", "WAF", + "AppSvc", "Monitor" ], "severity": "High", @@ -23852,8 +23822,8 @@ "link": "https://learn.microsoft.com/azure/app-service/manage-disaster-recovery#recover-app-content-only", "service": "App Services", "services": [ - "AppSvc", "WAF", + "AppSvc", "ASR" ], "severity": "Low", @@ -23868,8 +23838,8 @@ "link": "https://learn.microsoft.com/azure/reliability/reliability-app-service", "service": "App Services", "services": [ - "AppSvc", - "WAF" + "WAF", + "AppSvc" ], "severity": "High", "text": "Familiarize with reliability support in Azure App Service, including scaling options, SLAs, and automated recovery mechanisms.", @@ -23883,8 +23853,8 @@ "link": "https://learn.microsoft.com/azure/azure-functions/dedicated-plan#always-on", "service": "App Services", "services": [ - "AppSvc", - "WAF" + "WAF", + "AppSvc" ], "severity": "Medium", "text": "Ensure 'Always On' is enabled for Function Apps running on App Service plans to prevent idling and ensure continuous availability.", @@ -23898,8 +23868,8 @@ "link": "https://learn.microsoft.com/azure/app-service/monitor-instances-health-check", "service": "App Services", "services": [ - "AppSvc", "WAF", + "AppSvc", "Monitor" ], "severity": "Medium", @@ -23942,8 +23912,8 @@ "link": "https://learn.microsoft.com/azure/app-service/app-service-key-vault-references", "service": "App Services", "services": [ - "AppSvc", "WAF", + "AppSvc", "AKV" ], "severity": "High", @@ -23958,10 +23928,10 @@ "link": "https://learn.microsoft.com/azure/app-service/app-service-key-vault-references", "service": "App Services", "services": [ - "AppSvc", "WAF", - "AKV", - "Entra" + "AppSvc", + "Entra", + "AKV" ], "severity": "High", "text": "Use Managed Identity to securely connect to Azure Key Vault for accessing secrets, through App Service Key Vault References.", @@ -23975,10 +23945,10 @@ "link": "https://learn.microsoft.com/azure/app-service/configure-ssl-certificate", "service": "App Services", "services": [ - "AppSvc", "WAF", - "AKV", - "Entra" + "AppSvc", + "Entra", + "AKV" ], "severity": "High", "text": "Use Azure Key Vault to securely store and manage TLS certificates for App Service.", @@ -23992,8 +23962,8 @@ "link": "https://learn.microsoft.com/azure/app-service/overview-hosting-plans", "service": "App Services", "services": [ - "AppSvc", "WAF", + "AppSvc", "Subscriptions" ], "severity": "Medium", @@ -24008,8 +23978,8 @@ "link": "https://learn.microsoft.com/azure/app-service/operating-system-functionality#file-access", "service": "App Services", "services": [ - "AppSvc", "WAF", + "AppSvc", "TrafficManager" ], "severity": "Medium", @@ -24024,8 +23994,8 @@ "link": "https://learn.microsoft.com/azure/app-service/overview-authentication-authorization", "service": "App Services", "services": [ - "AppSvc", "WAF", + "AppSvc", "ACR", "Entra" ], @@ -24041,8 +24011,8 @@ "link": "https://learn.microsoft.com/azure/app-service/deploy-best-practices", "service": "App Services", "services": [ - "AppSvc", - "WAF" + "WAF", + "AppSvc" ], "severity": "High", "text": "Deploy code to App Service from a trusted and secure environment.", @@ -24072,8 +24042,8 @@ "service": "App Services", "services": [ "WAF", - "AKV", - "Entra" + "Entra", + "AKV" ], "severity": "High", "text": "Use Managed Identity to connect to Microsoft Entra ID secured resources.", @@ -24103,10 +24073,10 @@ "link": "https://learn.microsoft.com/azure/app-service/troubleshoot-diagnostic-logs", "service": "App Services", "services": [ - "AppSvc", "WAF", - "Entra", - "Monitor" + "AppSvc", + "Monitor", + "Entra" ], "severity": "Medium", "text": "Send App Service runtime and security logs to Log Analytics for centralized monitoring and alerting.", @@ -24120,10 +24090,10 @@ "link": "https://learn.microsoft.com/azure/azure-monitor/essentials/activity-log", "service": "App Services", "services": [ - "AppSvc", - "Entra", "WAF", - "Monitor" + "AppSvc", + "Monitor", + "Entra" ], "severity": "Medium", "text": "Send App Service activity logs to Log Analytics", @@ -24137,12 +24107,12 @@ "link": "https://learn.microsoft.com/azure/app-service/overview-vnet-integration", "service": "App Services", "services": [ - "AppSvc", "WAF", + "AppSvc", "VNet", - "Monitor", "Firewall", - "NVA" + "NVA", + "Monitor" ], "severity": "Medium", "text": "Control outbound network access for App Service using VNet integration, NSGs, UDRs, and firewalls.", @@ -24156,11 +24126,11 @@ "link": "https://learn.microsoft.com/azure/app-service/networking/nat-gateway-integration", "service": "App Services", "services": [ - "Storage", "WAF", - "VNet", "PrivateLink", + "VNet", "Firewall", + "Storage", "NVA" ], "severity": "Low", @@ -24175,9 +24145,9 @@ "link": "https://learn.microsoft.com/azure/app-service/networking-features#access-restrictions", "service": "App Services", "services": [ - "AppSvc", "WAF", - "PrivateLink" + "PrivateLink", + "AppSvc" ], "severity": "High", "text": "Control inbound network access using Access Restrictions, Service Endpoints, or Private Endpoints.", @@ -24191,11 +24161,11 @@ "link": "https://learn.microsoft.com/azure/app-service/networking/app-gateway-with-service-endpoints", "service": "App Services", "services": [ - "AppSvc", "WAF", + "AppSvc", + "FrontDoor", "AppGW", - "Monitor", - "FrontDoor" + "Monitor" ], "severity": "High", "text": "Use a Web Application Firewall (WAF) in front of App Service.", @@ -24209,9 +24179,9 @@ "link": "https://learn.microsoft.com/azure/app-service/networking-features#access-restrictions", "service": "App Services", "services": [ - "AppSvc", "WAF", - "PrivateLink" + "PrivateLink", + "AppSvc" ], "severity": "High", "text": "Ensure the WAF cannot be bypassed by securing access to App Service.", @@ -24226,8 +24196,8 @@ "link": "https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-tls-versions", "service": "App Services", "services": [ - "AppSvc", "WAF", + "AppSvc", "AzurePolicy" ], "severity": "Medium", @@ -24243,8 +24213,8 @@ "link": "https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-https", "service": "App Services", "services": [ - "AppSvc", - "WAF" + "WAF", + "AppSvc" ], "severity": "High", "text": "Use HTTPS only and consider enabling HTTP Strict Transport Security (HSTS).", @@ -24258,8 +24228,8 @@ "link": "https://learn.microsoft.com/azure/app-service/app-service-web-tutorial-rest-api", "service": "App Services", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "High", "text": "Avoid using wildcards for CORS; specify allowed origins explicitly.", @@ -24274,8 +24244,8 @@ "link": "https://learn.microsoft.com/azure/app-service/configure-common#configure-general-settings", "service": "App Services", "services": [ - "AppSvc", - "WAF" + "WAF", + "AppSvc" ], "severity": "High", "text": "Turn off remote debugging in production environments.", @@ -24289,8 +24259,8 @@ "link": "https://learn.microsoft.com/azure/defender-for-cloud/defender-for-app-service-introduction", "service": "App Services", "services": [ - "AppSvc", "WAF", + "AppSvc", "Defender" ], "severity": "Medium", @@ -24305,12 +24275,12 @@ "link": "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview", "service": "App Services", "services": [ - "DDoS", - "EventHubs", "WAF", "VNet", - "AppGW", - "NVA" + "DDoS", + "NVA", + "EventHubs", + "AppGW" ], "severity": "Medium", "text": "Enable DDOS Protection Standard on the WAF VNet", @@ -24324,11 +24294,11 @@ "link": "https://learn.microsoft.com/azure/app-service/configure-custom-container#use-an-image-from-a-network-protected-registry", "service": "App Services", "services": [ - "AppSvc", "WAF", - "ACR", + "PrivateLink", + "AppSvc", "VNet", - "PrivateLink" + "ACR" ], "severity": "Medium", "text": "Pull container images over a Virtual Network from Azure Container Registry.", @@ -24384,8 +24354,8 @@ "link": "https://learn.microsoft.com/azure/app-service/overview-diagnostics", "service": "App Services", "services": [ - "AppSvc", - "WAF" + "WAF", + "AppSvc" ], "severity": "Medium", "text": "Use Auto-Healing with custom rules to restart App Service instances automatically when failures occur.", @@ -24414,8 +24384,8 @@ "link": "https://learn.microsoft.com/azure/governance/policy/overview", "service": "App Services", "services": [ - "AppSvc", "WAF", + "AppSvc", "Backup", "ACR", "AzurePolicy" @@ -24432,10 +24402,10 @@ "link": "https://learn.microsoft.com/azure/cost-management-billing/", "service": "App Services", "services": [ - "AppSvc", "WAF", - "Cost", - "Monitor" + "AppSvc", + "Monitor", + "Cost" ], "severity": "Low", "text": "Monitor App Service costs using Azure Cost Management and create cost alerts.", @@ -24449,10 +24419,10 @@ "link": "https://learn.microsoft.com/azure/cost-management-billing/reservations/", "service": "App Services", "services": [ - "AppSvc", - "ARS", - "Storage", "WAF", + "AppSvc", + "Storage", + "ARS", "Cost" ], "severity": "Medium", @@ -24466,8 +24436,8 @@ "service": "AVS", "services": [ "WAF", - "Subscriptions", - "Entra" + "Entra", + "Subscriptions" ], "severity": "High", "text": "Ensure ADDS domain controller(s) are deployed in the identity subscription in native Azure", @@ -24479,8 +24449,8 @@ "guid": "75089c20-990d-4927-b105-885576f76fc2", "service": "AVS", "services": [ - "AVS", - "WAF" + "WAF", + "AVS" ], "severity": "Medium", "text": "Ensure ADDS sites and services is configured to keep authentication requests from Azure-based resources (including Azure VMware Solution) local to Azure", @@ -24541,9 +24511,9 @@ "guid": "ae0e37ce-e297-411b-b352-caaab79b198d", "service": "AVS", "services": [ - "AVS", "WAF", - "RBAC" + "RBAC", + "AVS" ], "severity": "Medium", "text": "Has an RBAC model been created for use within VMware vSphere", @@ -24568,9 +24538,9 @@ "guid": "d503547c-c447-4e82-9128-a71f0f1cac6d", "service": "AVS", "services": [ - "AVS", "WAF", - "RBAC" + "RBAC", + "AVS" ], "severity": "High", "text": "RBAC permissions on the Azure VMware Solution resource in Azure are 'locked down' to a limited set of owners only", @@ -24596,8 +24566,8 @@ "link": "https://github.com/Azure/AzureCAT-AVS/tree/main/networking", "service": "AVS", "services": [ - "AVS", - "WAF" + "WAF", + "AVS" ], "severity": "High", "text": "Is the correct Azure VMware Solution connectivity model selected for the customer use case at hand", @@ -24610,10 +24580,10 @@ "service": "AVS", "services": [ "WAF", - "Monitor", + "ExpressRoute", "NetworkWatcher", - "VPN", - "ExpressRoute" + "Monitor", + "VPN" ], "severity": "High", "text": "Ensure ExpressRoute or VPN connections from on-premises to Azure are monitored using 'connection monitor'", @@ -24626,11 +24596,11 @@ "service": "AVS", "services": [ "WAF", - "Monitor", - "NetworkWatcher", "VM", + "ExpressRoute", + "NetworkWatcher", "AVS", - "ExpressRoute" + "Monitor" ], "severity": "Medium", "text": "Ensure a connection monitor is created from an Azure native resource to an Azure VMware Solution virtual machine to monitor the Azure VMware Solution back-end ExpressRoute connection", @@ -24643,10 +24613,10 @@ "service": "AVS", "services": [ "WAF", - "Monitor", - "NetworkWatcher", "VM", - "AVS" + "NetworkWatcher", + "AVS", + "Monitor" ], "severity": "Medium", "text": "Ensure a connection monitor is created from an on-premises resource to an Azure VMware Solution virtual machine to monitor end-2-end connectivity", @@ -24658,8 +24628,8 @@ "guid": "563b4dc7-4a74-48b6-933a-d1a0916a6649", "service": "AVS", "services": [ - "ARS", - "WAF" + "WAF", + "ARS" ], "severity": "High", "text": "When route server is used, ensure no more then 1000 routes are propagated from route server to ExR gateway to on-premises (ARS limit).", @@ -24671,10 +24641,10 @@ "guid": "6128a71f-0f1c-4ac6-b9ef-1d5e832e42e3", "service": "AVS", "services": [ - "Entra", - "AVS", "WAF", - "RBAC" + "RBAC", + "AVS", + "Entra" ], "severity": "High", "text": "Is Privileged Identity Management implemented for roles managing the Azure VMware Solution resource in the Azure Portal (no standing permissions allowed)", @@ -24686,10 +24656,10 @@ "guid": "c4e2436b-b336-4d71-9f17-960eee0b9b5c", "service": "AVS", "services": [ - "Entra", - "AVS", "WAF", - "RBAC" + "RBAC", + "AVS", + "Entra" ], "severity": "High", "text": "Privileged Identity Management audit reporting should be implemented for the Azure VMware Solution PIM roles", @@ -24701,8 +24671,8 @@ "guid": "78c447a8-26b2-4863-af0f-1cac599ef1d5", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "Entra" ], "severity": "Medium", @@ -24752,9 +24722,9 @@ "guid": "586cb291-ec16-4a1d-876e-f9f141acdce5", "service": "AVS", "services": [ - "AVS", "WAF", "VM", + "AVS", "Entra" ], "severity": "High", @@ -24779,8 +24749,8 @@ "guid": "a2adb1c3-d232-46af-825c-a44e1695fddd", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "AppGW", "Firewall" ], @@ -24794,8 +24764,8 @@ "guid": "eace4cb1-deb4-4c65-8c3f-c14eeab36938", "service": "AVS", "services": [ - "AVS", - "WAF" + "WAF", + "AVS" ], "severity": "High", "text": "Auditing and logging is implemented for inbound internet requests to Azure VMware Solution and Azure VMware Solution based workloads", @@ -24807,8 +24777,8 @@ "guid": "29e3eec2-1836-487a-8077-a2b5945bda43", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "Monitor" ], "severity": "Medium", @@ -24822,11 +24792,11 @@ "guid": "334fdf91-c234-4182-a652-75269440b4be", "service": "AVS", "services": [ - "DDoS", "WAF", "VNet", - "VPN", - "ExpressRoute" + "DDoS", + "ExpressRoute", + "VPN" ], "severity": "Medium", "text": "Is DDoS standard protection enabled on ExR/VPN Gateway subnet in Azure", @@ -24838,8 +24808,8 @@ "guid": "3d3e0843-276d-44bd-a015-bcf219e4a1eb", "service": "AVS", "services": [ - "AVS", - "WAF" + "WAF", + "AVS" ], "severity": "Medium", "text": "Use a dedicated privileged access workstation (PAW) to manage Azure VMware Solution, vCenter, NSX manager and HCX manager", @@ -24851,8 +24821,8 @@ "guid": "9ccbd869-266a-4cca-874f-aa19bf39d95d", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "Defender" ], "severity": "Medium", @@ -24865,8 +24835,8 @@ "guid": "44c7c891-9ca1-4f6d-9315-ae524ba34d45", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "Arc" ], "severity": "Medium", @@ -24879,8 +24849,8 @@ "guid": "85e12139-bd7b-4b01-8f7b-95ef6e043e2a", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "SQL" ], "severity": "Low", @@ -24906,8 +24876,8 @@ "guid": "5ac94222-3e13-4810-9230-81a941741583", "service": "AVS", "services": [ - "AVS", - "WAF" + "WAF", + "AVS" ], "severity": "Medium", "text": "Consider using extended security update support for workloads running on Azure VMware Solution (Azure VMware Solution is eligible for ESU)", @@ -24931,9 +24901,9 @@ "guid": "d88408f3-7273-44c8-96ba-280214590146", "service": "AVS", "services": [ - "Storage", "WAF", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "High", "text": "Ensure that the Failure-to-tolerate policy is in place to meet your vSAN storage needs", @@ -24983,8 +24953,8 @@ "guid": "4ba34d45-85e1-4213-abd7-bb012f7b95ef", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "Cost" ], "severity": "Medium", @@ -24997,8 +24967,8 @@ "guid": "6e043e2a-a359-4271-ae6e-205172676ae4", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "Cost" ], "severity": "Low", @@ -25035,10 +25005,10 @@ "guid": "48b262d6-cc5f-4512-a253-98e6db9d37da", "service": "AVS", "services": [ - "AVS", "WAF", - "Defender", - "VM" + "AVS", + "VM", + "Defender" ], "severity": "Medium", "text": "Enable Microsoft Defender for Cloud for Azure VMware Solution guest VM workloads", @@ -25050,8 +25020,8 @@ "guid": "41741583-3ef7-4ad7-a6d3-733165c7acbe", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "VM", "Arc" ], @@ -25065,8 +25035,8 @@ "guid": "88f03a4d-2cd4-463c-abbc-868295abc91a", "service": "AVS", "services": [ - "AVS", - "WAF" + "WAF", + "AVS" ], "severity": "High", "text": "Enable Diagnostic and metric logging on Azure VMware Solution", @@ -25078,10 +25048,10 @@ "guid": "4ed90dae-2cc8-44c4-9b6b-781cbafe6c46", "service": "AVS", "services": [ - "AVS", "WAF", - "VM", - "Monitor" + "AVS", + "Monitor", + "VM" ], "severity": "Medium", "text": "Deploy the Log Analytics Agents to Azure VMware Solution guest VM workloads", @@ -25109,10 +25079,10 @@ "guid": "ee29711b-d352-4caa-ab79-b198dab81932", "service": "AVS", "services": [ - "AVS", "WAF", - "Defender", - "Monitor" + "AVS", + "Monitor", + "Defender" ], "severity": "Medium", "text": "Use Microsoft Defender for Cloud for compliance monitoring of workloads running on Azure VMware Solution", @@ -25137,8 +25107,8 @@ "guid": "cc447e82-6128-4a71-b0f1-cac6d9ef1d5e", "service": "AVS", "services": [ - "AVS", - "WAF" + "WAF", + "AVS" ], "severity": "High", "text": "Was data residency evaluated when selecting Azure regions to use for Azure VMware Solution deployment", @@ -25174,8 +25144,8 @@ "guid": "e43a18a9-cd28-49ce-b6b1-7db8255461e2", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "Monitor" ], "severity": "High", @@ -25189,8 +25159,8 @@ "guid": "6b84ee5d-f47d-42d9-8881-b1cd5d1e54a2", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "Monitor" ], "severity": "High", @@ -25204,8 +25174,8 @@ "guid": "9659e396-80e7-4828-ac93-5657d02bff45", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "Monitor" ], "severity": "High", @@ -25232,9 +25202,9 @@ "guid": "b6abad38-aad5-43cc-99e1-d86667357c54", "service": "AVS", "services": [ - "Storage", + "WAF", "AVS", - "WAF" + "Storage" ], "severity": "Medium", "text": "Configure Azure VMware Solution logging to be send to an Azure Storage account or Azure EventHub for processing", @@ -25246,8 +25216,8 @@ "guid": "9674c5ed-85b8-459c-9733-be2b1a27b775", "service": "AVS", "services": [ - "AVS", - "WAF" + "WAF", + "AVS" ], "severity": "Low", "text": "If deep insight in VMware vSphere is required: Is vRealize Operations and/or vRealize Network Insights used in the solution?", @@ -25259,10 +25229,10 @@ "guid": "a91be1f3-88f0-43a4-b2cd-463cbbbc8682", "service": "AVS", "services": [ - "Storage", "WAF", "VM", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "High", "text": "Ensure the vSAN storage policy for VM's is NOT the default storage policy as this policy applies thick provisioning", @@ -25286,9 +25256,9 @@ "guid": "0e43a18a-9cd2-489b-bd6b-17db8255461e", "service": "AVS", "services": [ - "Storage", "WAF", - "Backup" + "Backup", + "Storage" ], "severity": "Medium", "text": "Ensure data repositories for the backup solution are stored outside of vSAN storage. Either in Azure native or on a disk pool-backed datastore", @@ -25300,8 +25270,8 @@ "guid": "2aee3453-aec8-4339-848b-262d6cc5f512", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "Arc" ], "severity": "Medium", @@ -25314,8 +25284,8 @@ "guid": "925398e6-da9d-437d-ac43-bc6cd1d79a9b", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "Monitor" ], "severity": "Medium", @@ -25328,8 +25298,8 @@ "guid": "24604489-a8f4-42d7-ae78-cb6a33bd2a09", "service": "AVS", "services": [ - "AVS", - "WAF" + "WAF", + "AVS" ], "severity": "Medium", "text": "Include workloads running on Azure VMware Solution in existing update management tooling or in Azure Update Management", @@ -25341,8 +25311,8 @@ "guid": "17e7a8d9-0ae0-4e27-aee2-9711bd352caa", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "Monitor", "AzurePolicy" ], @@ -25356,8 +25326,8 @@ "guid": "aee3553a-fc83-4392-98b2-62d6cc5f5129", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "Defender" ], "severity": "Medium", @@ -25445,10 +25415,10 @@ "guid": "d1d79a9b-2460-4448-aa8f-42d78e78cb6a", "service": "AVS", "services": [ - "AVS", "WAF", - "ExpressRoute", - "NVA" + "AVS", + "NVA", + "ExpressRoute" ], "severity": "Medium", "text": "Will ExpressRoute Global Reach be used for connectivity between the primary and secondary Azure VMware Solution Private Clouds or is routing done through network virtual appliances?", @@ -25473,8 +25443,8 @@ "guid": "bd352caa-ab79-4b18-adab-81932c9fc9d1", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "Backup" ], "severity": "Medium", @@ -25500,8 +25470,8 @@ "guid": "26028a71-f0f1-4cac-9d9e-f1d5e832d42e", "service": "AVS", "services": [ - "AVS", - "WAF" + "WAF", + "AVS" ], "severity": "Low", "text": "Is a process in place to request a restore of the VMware components managed by the Azure Platform?", @@ -25525,8 +25495,8 @@ "guid": "7e7a8d90-ae0e-437c-be29-711bd352caaa", "service": "AVS", "services": [ - "AVS", - "WAF" + "WAF", + "AVS" ], "severity": "Low", "text": "For manual deployments, consider implementing resource locks to prevent accidental actions on your Azure VMware Solution Private Cloud", @@ -25588,8 +25558,8 @@ "guid": "255461e2-aee3-4553-afc8-339248b262d6", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "ExpressRoute", "AKV" ], @@ -25603,8 +25573,8 @@ "guid": "cc5f5129-2539-48e6-bb9d-37dac43bc6cd", "service": "AVS", "services": [ - "AVS", - "WAF" + "WAF", + "AVS" ], "severity": "Low", "text": "Define resource dependencies for serializing actions in IaC when many resources need to be deployed in/on Azure VMware Solution as Azure VMware Solution only supports a limited number of parallel operations.", @@ -25628,8 +25598,8 @@ "guid": "3bd2a0a1-7e7a-48d9-8ae0-e37cee29711b", "service": "AVS", "services": [ - "AVS", "WAF", + "AVS", "Subscriptions" ], "severity": "Medium", @@ -25642,9 +25612,9 @@ "guid": "d352caaa-b79b-4198-bab8-1932c9fc9d1b", "service": "AVS", "services": [ - "Storage", "WAF", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "Medium", "text": "When intending to use automated scale-in, be sure to take storage policy requirements into account before performing such action", @@ -25734,8 +25704,8 @@ "guid": "bc91a43d-90da-4e2c-a881-4706f7c1cbaf", "service": "AVS", "services": [ - "VPN", - "WAF" + "WAF", + "VPN" ], "severity": "Medium", "text": "If using a VPN connection for migrations, adjust your MTU size accordingly.", @@ -25772,10 +25742,10 @@ "link": "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-policy-settings", "service": "AVS", "services": [ - "Storage", - "AVS", "WAF", - "VM" + "AVS", + "VM", + "Storage" ], "severity": "Medium", "text": "When Azure Netapp Files is used to extend storage for Azure VMware Solution,consider using this as a VMware datastore instead of attaching directly to a VM.", @@ -25788,9 +25758,9 @@ "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#avoid-combining-traffic-manager-and-front-door", "service": "AVS", "services": [ - "Storage", "WAF", - "ExpressRoute" + "ExpressRoute", + "Storage" ], "severity": "Medium", "text": "Ensure that a dedicated ExpressRoute Gateway is being used for external data storage solutions", @@ -25803,9 +25773,9 @@ "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#use-the-same-domain-name-on-front-door-and-your-origin", "service": "AVS", "services": [ - "Storage", "WAF", - "ExpressRoute" + "ExpressRoute", + "Storage" ], "severity": "Medium", "text": "Ensure that FastPath is enabled on the ExpressRoute Gateway that is being used for external data storage solutions", @@ -25926,8 +25896,8 @@ "link": "https://learn.microsoft.com/en-us/azure/app-service/environment/intro", "service": "Azure Functions", "services": [ - "AppSvc", - "WAF" + "WAF", + "AppSvc" ], "severity": "High", "text": "If deploying to an Isolated environment, use or migrate to App Service Environment (ASE) v3", @@ -25941,8 +25911,8 @@ "query": "resources | where type =~ 'Microsoft.Web/sites' and kind has 'functionapp' | where tolower(kind) !contains 'workflow' | where isnotempty(properties.serverFarmId) | extend sku = tostring(properties.sku) | where isnotempty(sku) | where sku !in ('Dynamic', 'FlexConsumption', 'ElasticPremium') | extend alwaysOn = properties.siteConfig.alwaysOn | project functionAppName = name, functionAppId = id, serverFarmId = tostring(properties.serverFarmId), sku, alwaysOn, compliant = tobool(alwaysOn)", "service": "Azure Functions", "services": [ - "AppSvc", - "WAF" + "WAF", + "AppSvc" ], "severity": "High", "text": "Ensure 'Always On' is enabled for all Function Apps running on App Service Plan", @@ -25955,8 +25925,8 @@ "link": "https://learn.microsoft.com/en-us/azure/azure-functions/storage-considerations?tabs=azure-cli#shared-storage-accounts", "service": "Azure Functions", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Pair a Function App to its own storage account. Try not to re-use storage accounts for Function Apps unless they are tightly coupled", @@ -26130,8 +26100,8 @@ "link": "https://learn.microsoft.com/security/benchmark/azure/baselines/storage-security-baseline", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Consider the 'Azure security baseline for storage'", @@ -26146,9 +26116,9 @@ "link": "https://learn.microsoft.com/azure/storage/common/storage-private-endpoints", "service": "Storage", "services": [ - "Storage", "WAF", - "PrivateLink" + "PrivateLink", + "Storage" ], "severity": "High", "text": "Consider using private endpoints for Azure Storage", @@ -26162,10 +26132,10 @@ "link": "https://learn.microsoft.com/azure/virtual-machines/migration-classic-resource-manager-overview#migration-of-storage-accounts", "service": "Storage", "services": [ - "Storage", "WAF", + "RBAC", "Subscriptions", - "RBAC" + "Storage" ], "severity": "Medium", "text": "Ensure older storage accounts are not using 'classic deployment model'", @@ -26180,9 +26150,9 @@ "link": "https://learn.microsoft.com/azure/storage/common/azure-defender-storage-configure", "service": "Storage", "services": [ - "Storage", "WAF", - "Defender" + "Defender", + "Storage" ], "severity": "High", "text": "Enable Microsoft Defender for all of your storage accounts", @@ -26196,8 +26166,8 @@ "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-blob-overview", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Enable 'soft delete' for blobs", @@ -26211,8 +26181,8 @@ "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-blob-enable", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Disable 'soft delete' for blobs", @@ -26240,8 +26210,8 @@ "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-container-enable", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Disable 'soft delete' for containers", @@ -26255,8 +26225,8 @@ "link": "https://learn.microsoft.com/azure/storage/common/lock-account-resource", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "High", "text": "Enable resource locks on storage accounts", @@ -26270,10 +26240,10 @@ "link": "https://learn.microsoft.com/azure/storage/blobs/immutable-storage-overview", "service": "Storage", "services": [ - "Storage", "WAF", + "AzurePolicy", "Subscriptions", - "AzurePolicy" + "Storage" ], "severity": "High", "text": "Consider immutable blobs", @@ -26288,8 +26258,8 @@ "link": "https://learn.microsoft.com/azure/storage/common/storage-require-secure-transfer", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "High", "text": "Require HTTPS, i.e. disable port 80 on the storage account", @@ -26303,8 +26273,8 @@ "link": "https://learn.microsoft.com/azure/storage/blobs/storage-custom-domain-name", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "High", "text": "When enforcing HTTPS (disabling HTTP), check that you do not use custom domains (CNAME) for the storage account.", @@ -26318,8 +26288,8 @@ "link": "https://learn.microsoft.com/azure/storage/common/storage-sas-overview", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Limit shared access signature (SAS) tokens to HTTPS connections only", @@ -26334,8 +26304,8 @@ "link": "https://learn.microsoft.com/azure/storage/common/transport-layer-security-configure-minimum-version", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "High", "text": "Enforce the latest TLS version for a storage account", @@ -26349,9 +26319,9 @@ "link": "https://learn.microsoft.com/azure/storage/common/authorize-data-access", "service": "Storage", "services": [ - "Storage", "WAF", - "Entra" + "Entra", + "Storage" ], "severity": "High", "text": "Use Microsoft Entra ID tokens for blob access", @@ -26379,9 +26349,9 @@ "link": "https://learn.microsoft.com/azure/storage/common/storage-sas-overview?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json#best-practices-when-using-sas", "service": "Storage", "services": [ - "Storage", "WAF", - "Entra" + "Entra", + "Storage" ], "severity": "High", "text": "When using SAS, prefer 'user delegation SAS' over storage-account-key based SAS.", @@ -26396,11 +26366,11 @@ "link": "https://learn.microsoft.com/rest/api/storageservices/authorize-with-shared-key", "service": "Storage", "services": [ - "AKV", - "Storage", "WAF", - "Monitor", - "Entra" + "Storage", + "AKV", + "Entra", + "Monitor" ], "severity": "High", "text": "Consider disabling storage account keys, so that only Microsoft Entra ID access (and user delegation SAS) is supported.", @@ -26414,9 +26384,9 @@ "link": "https://learn.microsoft.com/azure/storage/blobs/blob-storage-monitoring-scenarios#audit-account-activity", "service": "Storage", "services": [ + "WAF", "AKV", "Storage", - "WAF", "Monitor", "AzurePolicy" ], @@ -26432,10 +26402,10 @@ "link": "https://learn.microsoft.com/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#create-a-key-expiration-policy", "service": "Storage", "services": [ - "Storage", "WAF", - "AKV", - "AzurePolicy" + "AzurePolicy", + "Storage", + "AKV" ], "severity": "Medium", "text": "When using storage account keys, consider enabling a 'key expiration policy'", @@ -26464,10 +26434,10 @@ "link": "https://learn.microsoft.com/rest/api/storageservices/define-stored-access-policy", "service": "Storage", "services": [ - "Storage", "WAF", - "AKV", - "AzurePolicy" + "AzurePolicy", + "Storage", + "AKV" ], "severity": "Medium", "text": "Consider linking SAS to a stored access policy", @@ -26480,8 +26450,8 @@ "link": "https://microsoft.github.io/code-with-engineering-playbook/continuous-integration/dev-sec-ops/secret-management/recipes/detect-secrets-ado/", "service": "Storage", "services": [ - "Storage", "WAF", + "Storage", "AKV" ], "severity": "Medium", @@ -26496,9 +26466,9 @@ "link": "https://learn.microsoft.com/azure/architecture/framework/security/design-storage-keys", "service": "Storage", "services": [ - "Storage", "WAF", - "Entra" + "Entra", + "Storage" ], "severity": "High", "text": "Consider storing connection strings in Azure KeyVault (in scenarios where managed identities are not possible)", @@ -26512,9 +26482,9 @@ "link": "https://learn.microsoft.com/rest/api/storageservices/delegate-access-with-shared-access-signature", "service": "Storage", "services": [ - "Storage", "WAF", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "High", "text": "Strive for short validity periods for ad-hoc SAS", @@ -26555,8 +26525,8 @@ "guid": "348b263e-6dd6-4051-8a36-498f6dbad38e", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Low", "text": "Consider checking uploaded data, after clients used a SAS to upload a file. ", @@ -26570,10 +26540,10 @@ "link": "https://learn.microsoft.com/azure/storage/blobs/secure-file-transfer-protocol-support#sftp-permission-model", "service": "Storage", "services": [ - "Storage", - "Entra", "WAF", - "RBAC" + "RBAC", + "Entra", + "Storage" ], "severity": "High", "text": "SFTP: Limit the amount of 'local users' for SFTP access, and audit whether access is needed over time.", @@ -26600,9 +26570,9 @@ "link": "https://learn.microsoft.com/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services", "service": "Storage", "services": [ - "Storage", "WAF", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "High", "text": "Avoid overly broad CORS policies", @@ -26616,8 +26586,8 @@ "link": "https://learn.microsoft.com/azure/storage/common/storage-service-encryption", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "High", "text": "Determine how data at rest should be encrypted. Understand the thread model for data.", @@ -26658,8 +26628,8 @@ "link": "https://learn.microsoft.com/azure/storage/blobs/anonymous-read-access-configure?tabs=portal#allow-or-disallow-public-read-access-for-a-storage-account", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "High", "text": "Consider whether public blob anonymous access is needed, or whether it can be disabled for certain storage accounts. ", @@ -26672,8 +26642,8 @@ "link": "https://learn.microsoft.com/azure/storage/common/storage-account-upgrade?tabs=azure-portal", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "High", "text": "Leverage a storagev2 account type for better performance and reliability", @@ -26687,8 +26657,8 @@ "link": "https://learn.microsoft.com/azure/storage/common/storage-redundancy", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "High", "text": "Leverage GRS, ZRS or GZRS storage for the highest availability", @@ -26821,9 +26791,9 @@ "link": "https://learn.microsoft.com/azure/search/search-reliability#back-up-and-restore-alternatives", "service": "Cognitive Search", "services": [ - "Storage", "WAF", - "Backup" + "Backup", + "Storage" ], "severity": "High", "text": "Backup and Restore an Azure Cognitive Search Index. Use this sample code to back up index definition and snapshot to a series of Json files", @@ -27072,10 +27042,10 @@ "link": "https://learn.microsoft.com/azure/cosmos-db/online-backup-and-restore", "service": "CosmosDB", "services": [ - "Storage", "WAF", "Backup", - "CosmosDB" + "CosmosDB", + "Storage" ], "severity": "Medium", "text": "Enable Automatic Backups", @@ -27164,10 +27134,10 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-microsoft-customer-agreement#design-recommendations", "service": "Backup", "services": [ - "Storage", "WAF", + "ASR", "Backup", - "ASR" + "Storage" ], "severity": "Medium", "text": "Consider a good balance between site recovery storage and backup for non mission critical applications", @@ -27195,9 +27165,9 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-enterprise-agreement#design-considerations", "service": "Monitor", "services": [ - "Storage", "WAF", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "Medium", "text": "Enforce a purging log policy and automation (if needed, logs can be moved to cold storage)", @@ -27211,9 +27181,9 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-enterprise-agreement#design-considerations", "service": "VM", "services": [ - "Storage", "WAF", - "Backup" + "Backup", + "Storage" ], "severity": "Medium", "text": "Check that the disks are really needed, if not: delete. If they are needed, find lower storage tiers or use backup -", @@ -27227,9 +27197,9 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-enterprise-agreement#design-considerations", "service": "Storage", "services": [ - "Storage", "WAF", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "Medium", "text": "Consider moving unused storage to lower tier, with customized rule - https://learn.microsoft.com/azure/storage/blobs/lifecycle-management-policy-configure ", @@ -27259,9 +27229,9 @@ "service": "VM", "services": [ "WAF", - "Cost", "VM", - "AzurePolicy" + "AzurePolicy", + "Cost" ], "severity": "Medium", "text": "run the script on all windows VMs https://learn.microsoft.com/azure/virtual-machines/windows/hybrid-use-benefit-licensing?ref=andrewmatveychuk.com#convert-an-existing-vm-using-azure-hybrid-benefit-for-windows-server- consider implementing a policy if windows VMs are created frequently", @@ -27303,10 +27273,10 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access#prerequisites-for-a-landing-zone---design-recommendations", "service": "VM", "services": [ - "ARS", "WAF", - "Cost", - "VM" + "ARS", + "VM", + "Cost" ], "severity": "Medium", "text": "Utilize Azure Reserved Instances: This feature allows you to reserve VMs for a period of 1 or 3 years, providing significant cost savings compared to PAYG prices.", @@ -27417,9 +27387,9 @@ "link": "https://learn.microsoft.com/azure/databricks/clusters/cluster-config-best-practices#automatic-termination", "service": "Databricks", "services": [ - "VM", "WAF", - "LoadBalancer" + "LoadBalancer", + "VM" ], "severity": "Medium", "text": "Consider using Spot VMs with fallback where possible. Consider autotermination of clusters.", @@ -27460,8 +27430,8 @@ "link": "https://learn.microsoft.com/azure/network-watcher/network-watcher-monitoring-overview", "service": "Functions", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Functions - Cold starts-Use the 'Run from package' functionality. This way, the code is downloaded as a single zip file. This can, for example, result in significant improvements with Javascript functions, which have a lot of node modules.Use language specific tools to reduce the package size, for example, tree shaking Javascript applications.", @@ -27528,9 +27498,9 @@ "link": "https://learn.microsoft.com/azure/azure-monitor/logs/design-logs-deployment", "service": "Front Door", "services": [ - "EventHubs", "WAF", - "FrontDoor" + "FrontDoor", + "EventHubs" ], "severity": "Medium", "text": "Frontdoor - Turn off the default homepageIn the application settings of your App, set AzureWebJobsDisableHomepage to true. This will return a 204 (No Content) to the PoP so only header data is returned.", @@ -27543,8 +27513,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-setup-guide/monitoring-reporting?tabs=AzureMonitor", "service": "Front Door", "services": [ - "AppSvc", "WAF", + "AppSvc", "FrontDoor" ], "severity": "Medium", @@ -27597,8 +27567,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/management-operational-compliance#monitoring-for-configuration-drift", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "For storage accounts, make sure that the chosen tier is not adding up transaction charges (it might be cheaper to move to the next tier)", @@ -27625,8 +27595,8 @@ "link": "https://learn.microsoft.com/azure/architecture/framework/resiliency/backup-and-recovery", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Storage accounts: check hot tier and/or GRS necessary", @@ -27652,10 +27622,10 @@ "link": "https://learn.microsoft.com/azure/reliability/availability-zones-overview", "service": "Synapse", "services": [ - "EventHubs", "WAF", - "Cost", - "Monitor" + "Monitor", + "EventHubs", + "Cost" ], "severity": "Medium", "text": "Create budgets to manage costs and create alerts that automatically notify stakeholders of spending anomalies and overspending risks.", @@ -27668,9 +27638,9 @@ "link": "https://learn.microsoft.com/azure/virtual-machines/availability", "service": "Synapse", "services": [ - "Storage", "WAF", - "Cost" + "Cost", + "Storage" ], "severity": "Medium", "text": "Export cost data to a storage account for additional data analysis.", @@ -27739,8 +27709,8 @@ "link": "https://learn.microsoft.com/azure/application-gateway/overview-v2", "service": "VM", "services": [ - "VM", "WAF", + "VM", "Cost" ], "severity": "Medium", @@ -27785,8 +27755,8 @@ "service": "VM", "services": [ "WAF", - "VM", - "Monitor" + "Monitor", + "VM" ], "severity": "Medium", "text": "right-sizing VMs - start with monitoring usage below 5% and then work up to 40%", @@ -27898,9 +27868,9 @@ "link": "https://techcommunity.microsoft.com/t5/azure-paas-blog/download-the-blob-using-secondary-endpoint-in-ragrs-storage/ba-p/2403750", "service": "Data Factory", "services": [ - "Storage", "WAF", - "Backup" + "Backup", + "Storage" ], "severity": "Medium", "text": "Backup your data to Azure Storage RA-GRS", @@ -28042,10 +28012,10 @@ "link": "https://learn.microsoft.com/azure/synapse-analytics/security/synapse-workspace-understand-what-role-you-need", "service": "Synapse Analytics", "services": [ - "Storage", "WAF", "RBAC", - "Monitor" + "Monitor", + "Storage" ], "severity": "Medium", "text": "Use Azure RBAC to control access on storage and Synapse RBAC to control access on workspace level depending on the personas of the team to fine grain the access on data and compute", @@ -28213,11 +28183,11 @@ "link": "https://learn.microsoft.com/azure/event-hubs/authenticate-shared-access-signature", "service": "Event Hubs", "services": [ - "EventHubs", "WAF", - "AzurePolicy", "TrafficManager", - "Entra" + "EventHubs", + "Entra", + "AzurePolicy" ], "severity": "Medium", "text": "Authenticate access to Event Hubs resources using shared access signatures (SAS) and restrict local users", @@ -28231,9 +28201,9 @@ "link": "https://learn.microsoft.com/azure/event-hubs/authorize-access-azure-active-directory", "service": "Event Hubs", "services": [ - "Entra", "WAF", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "text": "Use Azure RBACs to fine grain the access ", @@ -28347,9 +28317,9 @@ "link": "https://learn.microsoft.com/fabric/security/permission-model", "service": "Microsoft Fabric", "services": [ - "ARS", "WAF", - "RBAC" + "RBAC", + "ARS" ], "severity": "Medium", "text": "Use Workspace roles to provide access to the users on the data", @@ -28362,9 +28332,9 @@ "link": "https://learn.microsoft.com/fabric/onelake/security/data-access-control-model", "service": "Microsoft Fabric", "services": [ - "Storage", "WAF", - "RBAC" + "RBAC", + "Storage" ], "severity": "Medium", "text": "Use RBAC on Onelake to provide fine grain access on the data in Tables/Files Onelake ", @@ -28407,8 +28377,8 @@ "link": "https://learn.microsoft.com/fabric/data-warehouse/tutorial-row-level-security", "service": "Microsoft Fabric", "services": [ - "EventHubs", "WAF", + "EventHubs", "SQL" ], "severity": "Medium", @@ -28507,8 +28477,8 @@ "link": "https://learn.microsoft.com/fabric/security/workspace-identity", "service": "Microsoft Fabric", "services": [ - "RBAC", "WAF", + "RBAC", "Entra" ], "severity": "Medium", @@ -28537,10 +28507,10 @@ "link": "https://learn.microsoft.com/fabric/security/workspace-identity-authenticate#step-2-grant-the-identity-permissions-on-the-storage-account", "service": "Microsoft Fabric", "services": [ - "Storage", - "Entra", "WAF", - "RBAC" + "RBAC", + "Entra", + "Storage" ], "severity": "Medium", "text": "Provide RBAC roles on storage account to the managed identity to make a successful connection", @@ -28565,10 +28535,10 @@ "link": "https://learn.microsoft.com/fabric/security/security-trusted-workspace-access", "service": "Microsoft Fabric", "services": [ - "Storage", - "EventHubs", "WAF", - "Entra" + "EventHubs", + "Entra", + "Storage" ], "severity": "Medium", "text": "Configure trusted workspace access to access storage account behind firewall ", @@ -28611,8 +28581,8 @@ "service": "Data Factory", "services": [ "WAF", - "VNet", - "PrivateLink" + "PrivateLink", + "VNet" ], "severity": "Medium", "text": "Use managed vnet IR to restrict the access over public internet for Azure Integration Runtime", @@ -28641,10 +28611,10 @@ "link": "https://learn.microsoft.com/azure/data-factory/managed-virtual-network-private-endpoint#managed-private-endpoints", "service": "Data Factory", "services": [ - "EventHubs", "WAF", - "VNet", - "PrivateLink" + "PrivateLink", + "EventHubs", + "VNet" ], "severity": "Medium", "text": "Configure managed private endpoints to connect to resources using managed azure IR", @@ -28658,8 +28628,8 @@ "service": "Microsoft Fabric", "services": [ "WAF", - "VNet", - "PrivateLink" + "PrivateLink", + "VNet" ], "severity": "Medium", "text": "Configure Private Links to access resources in your own Azure vnet i.e traffic coming in your Fabric environment", @@ -28731,8 +28701,8 @@ "link": "https://learn.microsoft.com/data-integration/gateway/service-gateway-install", "service": "Microsoft Fabric", "services": [ - "EventHubs", "WAF", + "EventHubs", "VNet" ], "severity": "Medium", @@ -28748,8 +28718,8 @@ "service": "Data Factory", "services": [ "WAF", - "VNet", - "PrivateLink" + "PrivateLink", + "VNet" ], "severity": "Medium", "text": "Configure Private Links to connect to sources in customer Vnet and data factory", @@ -28861,8 +28831,8 @@ "service": "Microsoft Purview", "services": [ "WAF", - "Subscriptions", - "RBAC" + "RBAC", + "Subscriptions" ], "severity": "Medium", "text": "Define roles and tasks required to deploy and manage Microsoft Purview inside an Azure subscription (control plane)", @@ -28887,9 +28857,9 @@ "guid": "628637a5-5119-4b08-b8f5-854387e9cec1", "service": "Microsoft Purview", "services": [ - "Entra", "WAF", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "text": "Assign roles to Microsoft Entra groups instead of assigning roles to individual users.", @@ -28974,10 +28944,10 @@ "link": "https://learn.microsoft.com/purview/concept-best-practices-security#use-network-security-groups", "service": "Microsoft Purview", "services": [ - "VNet", "WAF", + "PrivateLink", "VM", - "PrivateLink" + "VNet" ], "severity": "Medium", "text": "Deploy�Network Security Group (NSG) rules�for subnets where Azure data sources private endpoints, Microsoft Purview private endpoints and self-hosted runtime VMs are deployed. (Microsoft Purview Data Map)", @@ -28989,10 +28959,10 @@ "link": "https://learn.microsoft.com/azure/firewall/overview", "service": "Microsoft Purview", "services": [ - "NVA", "WAF", - "Firewall", - "PrivateLink" + "PrivateLink", + "NVA", + "Firewall" ], "severity": "Medium", "text": "Implement Microsoft Purview with private endpoints managed by a Network Virtual Appliance, such as�Azure Firewall�for network inspection and network filtering. (Microsoft Purview Data Map)", @@ -29006,8 +28976,8 @@ "service": "Microsoft Purview", "services": [ "WAF", - "VNet", - "PrivateLink" + "PrivateLink", + "VNet" ], "severity": "Medium", "text": "Deploy private endpoints for Microsoft Purview accounts to add another layer of security, so only client calls that are originated from within the virtual network are allowed to access the Microsoft Purview account", @@ -29058,9 +29028,9 @@ "guid": "7f3165c3-a87a-405b-9a20-9949bda47778", "service": "Microsoft Purview", "services": [ - "Storage", "WAF", - "RBAC" + "RBAC", + "Storage" ], "severity": "Medium", "text": "Use Azure RBACs to restrict the access of your storage account (not managed by MS) only to intended users.", @@ -29095,8 +29065,8 @@ "service": "Microsoft Purview", "services": [ "WAF", - "AKV", - "Entra" + "Entra", + "AKV" ], "severity": "High", "text": "Always use Azure key vaults to store all credentials if not using managed identities or without password need methods", @@ -29121,8 +29091,8 @@ "service": "Microsoft Purview", "services": [ "WAF", - "Subscriptions", - "Entra" + "Entra", + "Subscriptions" ], "severity": "Medium", "text": "Plan for a break glass strategy for your Microsoft Entra tenant, Azure subscription and Microsoft Purview accounts to prevent tenant-wide account lockout.", @@ -29219,10 +29189,10 @@ "guid": "11cc57b4-a4b1-4410-b43a-58a9c2289b3d", "service": "Databricks", "services": [ - "SQL", + "WAF", "Storage", "EventHubs", - "WAF", + "SQL", "AzurePolicy" ], "severity": "Medium", @@ -29252,8 +29222,8 @@ "service": "Databricks", "services": [ "WAF", - "AKV", - "Entra" + "Entra", + "AKV" ], "severity": "High", "text": "Store passwords, secrets in Azure Key Vault", @@ -29295,8 +29265,8 @@ "guid": "d4cd21b0-7703-46e5-b6b4-bfd3d503547c", "service": "Databricks", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "High", "text": "Avoid storing production data in DBFS.", @@ -29310,8 +29280,8 @@ "link": "https://learn.microsoft.com/azure/databricks/security/keys/customer-managed-keys", "service": "Databricks", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Encrypt storage and restrict access.", @@ -29325,11 +29295,11 @@ "link": "https://learn.microsoft.com/azure/databricks/security/keys/customer-managed-keys", "service": "Databricks", "services": [ - "AKV", - "SQL", - "Storage", "WAF", - "Backup" + "Backup", + "AKV", + "Storage", + "SQL" ], "severity": "Medium", "text": "Add a customer-managed key for managed services and workspace storage", @@ -29343,8 +29313,8 @@ "link": "https://learn.microsoft.com/azure/databricks/security/network/front-end/ip-access-list", "service": "Databricks", "services": [ - "VPN", - "WAF" + "WAF", + "VPN" ], "severity": "Medium", "text": "Enable IP access lists to restrict access to certain IP addresses.", @@ -29411,8 +29381,8 @@ "link": "https://learn.microsoft.com/en-us/azure/app-service/environment/intro", "service": "IoT Hub DPS", "services": [ - "AppSvc", - "WAF" + "WAF", + "AppSvc" ], "severity": "High", "text": "If deploying to an Isolated environment, use or migrate to App Service Environment (ASE) v3", @@ -29477,8 +29447,8 @@ "link": "https://learn.microsoft.com/en-us/azure/app-service/environment/intro", "service": "Device Update for IoT Hub", "services": [ - "AppSvc", - "WAF" + "WAF", + "AppSvc" ], "severity": "High", "text": "If deploying to an Isolated environment, use or migrate to App Service Environment (ASE) v3", @@ -29493,8 +29463,8 @@ "query": "resources | where type =~ 'Microsoft.EventHub/namespaces' | extend SkuName = tostring(sku.name) | extend EncryptionEnabled = iif(isnotempty(properties.encryption.keySource), 'Enabled', 'Disabled') | extend compliant = iif(EncryptionEnabled == 'Enabled', true, false) | project name, resourceGroup, location, SkuName, EncryptionEnabled, compliant | where SkuName == 'Premium'", "service": "Event Hubs", "services": [ - "EventHubs", - "WAF" + "WAF", + "EventHubs" ], "severity": "Low", "text": "Use customer-managed key option in data at rest encryption when required", @@ -29510,8 +29480,8 @@ "query": "resources | where type =~ 'Microsoft.EventHub/namespaces' | extend MinimumTlsVersion = tostring(properties.minimumTlsVersion) | extend compliant = iif(MinimumTlsVersion == '1.2' or MinimumTlsVersion == '1.3', true, false) | project name, resourceGroup, location, MinimumTlsVersion, compliant", "service": "Event Hubs", "services": [ - "EventHubs", - "WAF" + "WAF", + "EventHubs" ], "severity": "Medium", "text": "Enforce a minimum required version of Transport Layer Security (TLS) for requests ", @@ -29526,12 +29496,12 @@ "link": "https://learn.microsoft.com/azure/event-hubs/authorize-access-shared-access-signature#shared-access-authorization-policies", "service": "Event Hubs", "services": [ - "RBAC", - "EventHubs", "WAF", "TrafficManager", - "AzurePolicy", - "Entra" + "RBAC", + "EventHubs", + "Entra", + "AzurePolicy" ], "severity": "Medium", "text": "Avoid using root account when it is not necessary", @@ -29546,10 +29516,10 @@ "link": "https://learn.microsoft.com/azure/event-hubs/authenticate-managed-identity?tabs=latest", "service": "Event Hubs", "services": [ - "AKV", - "Storage", - "EventHubs", "WAF", + "Storage", + "AKV", + "EventHubs", "VM", "Entra" ], @@ -29566,9 +29536,9 @@ "link": "https://learn.microsoft.com/azure/event-hubs/authorize-access-azure-active-directory#azure-built-in-roles-for-azure-event-hubs", "service": "Event Hubs", "services": [ - "EventHubs", "WAF", - "RBAC" + "RBAC", + "EventHubs" ], "severity": "High", "text": "Use least privilege data plane RBAC", @@ -29583,10 +29553,10 @@ "link": "https://learn.microsoft.com/azure/event-hubs/monitor-event-hubs-reference", "service": "Event Hubs", "services": [ - "EventHubs", "WAF", - "VNet", - "Monitor" + "Monitor", + "EventHubs", + "VNet" ], "severity": "Medium", "text": "Enable logging for security investigation. Use Azure Monitor to captured metrics and logs such as resource logs, runtime audit logs and Kafka logs", @@ -29601,10 +29571,10 @@ "link": "https://learn.microsoft.com/azure/event-hubs/private-link-service", "service": "Event Hubs", "services": [ - "EventHubs", "WAF", - "VNet", - "PrivateLink" + "PrivateLink", + "EventHubs", + "VNet" ], "severity": "Medium", "text": "Consider using private endpoints to access Azure Event Hub and disable public network access when applicable.", @@ -29619,8 +29589,8 @@ "link": "https://learn.microsoft.com/azure/event-hubs/event-hubs-ip-filtering", "service": "Event Hubs", "services": [ - "EventHubs", - "WAF" + "WAF", + "EventHubs" ], "severity": "Medium", "text": "Consider only allowing access to Azure Event Hub namespace from specific IP addresses or ranges", @@ -29649,9 +29619,9 @@ "query": "resources | where type =~ 'Microsoft.EventHub/namespaces' | extend zoneRedundant = tobool(properties.zoneRedundant) | extend compliant = iff(zoneRedundant == true, true, false) | project name, resourceGroup, zoneRedundant, compliant", "service": "Event Hubs", "services": [ - "EventHubs", "WAF", - "ACR" + "ACR", + "EventHubs" ], "severity": "High", "text": "Leverage Availability Zones if regionally applicable", @@ -29679,9 +29649,9 @@ "link": "https://learn.microsoft.com/azure/event-hubs/event-hubs-geo-dr?tabs=portal", "service": "Event Hubs", "services": [ - "EventHubs", "WAF", - "ASR" + "ASR", + "EventHubs" ], "severity": "High", "text": "Plan for Geo Disaster Recovery using Active Passive configuration", @@ -29695,9 +29665,9 @@ "link": "https://learn.microsoft.com/azure/event-hubs/event-hubs-federation-overview", "service": "Event Hubs", "services": [ - "EventHubs", "WAF", - "ASR" + "ASR", + "EventHubs" ], "severity": "Medium", "text": "For Business Critical Applications, use Active Active configuration", @@ -29710,8 +29680,8 @@ "link": "https://learn.microsoft.com/azure/architecture/serverless/event-hubs-functions/resilient-design", "service": "Event Hubs", "services": [ - "EventHubs", - "WAF" + "WAF", + "EventHubs" ], "severity": "Medium", "text": "Design Resilient Event Hubs", @@ -29901,8 +29871,8 @@ "service": "Key Vault", "services": [ "WAF", - "AKV", - "Backup" + "Backup", + "AKV" ], "severity": "High", "text": "Familiarize yourself with the Key Vault's best practices such as isolation recommendations, access control, data protection, backup, and logging.", @@ -29916,8 +29886,8 @@ "service": "Key Vault", "services": [ "WAF", - "AKV", - "ACR" + "ACR", + "AKV" ], "severity": "Medium", "text": "Key Vault is a managed service and Microsoft will handle the failover within and across region. Familiarize yourself with the Key Vault's availability and redundancy.", @@ -29945,8 +29915,8 @@ "service": "Key Vault", "services": [ "WAF", - "AKV", - "AzurePolicy" + "AzurePolicy", + "AKV" ], "severity": "Medium", "text": "During failover, access policy or firewall configurations and settings can't be changed. The key vault will be in read-only mode during failover. Familiarize yourself with the Key Vault's failover guidance.", @@ -29959,11 +29929,11 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/backup?tabs=azure-cli#design-considerations", "service": "Key Vault", "services": [ - "AKV", - "Subscriptions", - "Storage", "WAF", - "Backup" + "Backup", + "Storage", + "AKV", + "Subscriptions" ], "severity": "Medium", "text": "When you back up a key vault object, such as a secret, key, or certificate, the backup operation will download the object as an encrypted blob. This blob can't be decrypted outside of Azure. To get usable data from this blob, you must restore the blob into a key vault within the same Azure subscription and Azure geography. Familiarize yourself with the Key Vault's backup and restore guidance.", @@ -30005,8 +29975,8 @@ "service": "Key Vault", "services": [ "WAF", - "AKV", - "Backup" + "Backup", + "AKV" ], "severity": "Low", "text": "Understand Key Vault's backup limitations. Key Vault does not support the ability to backup more than 500 past versions of a key, secret, or certificate object. Attempting to backup a key, secret, or certificate object may result in an error. It is not possible to delete previous versions of a key, secret, or certificate.", @@ -30020,8 +29990,8 @@ "service": "Key Vault", "services": [ "WAF", - "AKV", - "Backup" + "Backup", + "AKV" ], "severity": "Low", "text": "Key Vault doesn't currently provide a way to back up an entire key vault in a single operation and keys, secrets and certitificates must be backup indvidually. Familiarize yourself with the Key Vault's backup and restore guidance.", @@ -30034,8 +30004,8 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview#purge-protection", "service": "Key Vault", "services": [ - "EventHubs", "WAF", + "EventHubs", "AKV" ], "severity": "Medium", @@ -30051,8 +30021,8 @@ "service": "Key Vault", "services": [ "WAF", - "AKV", - "RBAC" + "RBAC", + "AKV" ], "severity": "Medium", "text": "RBAC is recommended to control access to your key vault. Familiarize yourself with the Key Vault's access control guidance.", @@ -30104,8 +30074,8 @@ "link": "https://learn.microsoft.com/azure/app-service/environment/intro", "service": "Logic Apps", "services": [ - "AppSvc", - "WAF" + "WAF", + "AppSvc" ], "severity": "High", "text": "If deploying to an Isolated environment, use or migrate to App Service Environment (ASE) v3", @@ -30233,12 +30203,12 @@ "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview", "service": "App Gateway", "services": [ - "Subscriptions", "WAF", "VNet", - "AppGW", "NVA", - "Entra" + "Entra", + "AppGW", + "Subscriptions" ], "severity": "Medium", "text": "Deploy Azure Application Gateway v2 or partner NVAs used for proxying inbound HTTP(S) connections within the landing-zone virtual network and with the apps that they're securing.", @@ -30301,8 +30271,8 @@ "services": [ "WAF", "FrontDoor", - "AppGW", - "AzurePolicy" + "AzurePolicy", + "AppGW" ], "severity": "Medium", "text": "When using Front Door and Application Gateway to help protect HTTP/S apps, use WAF policies in Front Door. Lock down Application Gateway to receive traffic only from Front Door.", @@ -30331,9 +30301,9 @@ "link": "https://learn.microsoft.com/azure/active-directory/app-proxy/application-proxy#how-application-proxy-works", "service": "Entra", "services": [ - "AVD", "WAF", - "Entra" + "Entra", + "AVD" ], "severity": "Low", "text": "If users only need access to internal applications, has Microsoft Entra ID Application Proxy been considered as an alternative to Azure Virtual Desktop (AVD)?", @@ -30396,8 +30366,8 @@ "service": "App Gateway", "services": [ "WAF", - "AppGW", - "AzurePolicy" + "AzurePolicy", + "AppGW" ], "severity": "High", "text": "Ensure if request body inspection feature is enabled in Azure Application Gateway WAF policy.", @@ -30428,8 +30398,8 @@ "service": "App Gateway", "services": [ "WAF", - "AppGW", - "AzurePolicy" + "AzurePolicy", + "AppGW" ], "severity": "High", "text": "Deploy your WAF policy for Application Gateway in 'Prevention' mode.", @@ -30525,9 +30495,9 @@ "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/best-practices#send-logs-to-microsoft-sentinel", "service": "App Gateway", "services": [ - "AppGW", "WAF", - "Sentinel" + "Sentinel", + "AppGW" ], "severity": "Medium", "text": "Send Azure Application Gateway WAF logs to Microsoft Sentinel.", @@ -30570,9 +30540,9 @@ "services": [ "WAF", "VNet", + "ExpressRoute", "AppGW", - "VPN", - "ExpressRoute" + "VPN" ], "severity": "Medium", "text": "Filter inbound traffic in the backends so that they only accept connections from the Application Gateway subnet, for example with NSGs.", @@ -30838,8 +30808,8 @@ "link": "https://learn.microsoft.com/purview/manage-kafka-dotnet", "service": "Purview", "services": [ - "EventHubs", - "WAF" + "WAF", + "EventHubs" ], "severity": "Low", "text": "Use Microsoft Purview's Event Hubs to subscribe and create entities to another account", @@ -31009,8 +30979,8 @@ "link": "https://learn.microsoft.com/purview/concept-data-share", "service": "Purview", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Low", "text": "Leverage Azure Storage in-place data sharing with Microsoft Purview", @@ -31157,8 +31127,8 @@ "link": "https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-high-availability#persistence", "service": "Redis", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Configure data persistence for an Azure Cache for Redis instance. Because your cache data is stored in memory, a rare and unplanned failure of multiple nodes can cause all the data to be dropped. To avoid losing data completely, Redis persistence allows you to take periodic snapshots of in-memory data, and store it to your storage account.", @@ -31171,8 +31141,8 @@ "link": "https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-high-availability#storage-account-for-persistence", "service": "Redis", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Use Geo-redundant storage account to persist Azure Cache for Redis data, or zonally redundant where geo-redundancy is not available", @@ -31215,9 +31185,9 @@ "link": "https://learn.microsoft.com/azure/backup/backup-azure-vms-introduction", "service": "VM", "services": [ - "VM", "WAF", - "Backup" + "Backup", + "VM" ], "severity": "High", "text": "Consider Azure Backup to meet your resiliency requirements for Azure VMs", @@ -31261,10 +31231,10 @@ "link": "https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk", "service": "VM", "services": [ - "Storage", "WAF", "VM", - "SQL" + "SQL", + "Storage" ], "severity": "Medium", "text": "Do not use the Temp disk for anything that is not acceptable to be lost", @@ -31278,10 +31248,10 @@ "link": "https://learn.microsoft.com/azure/reliability/availability-zones-overview", "service": "VM", "services": [ - "Storage", - "ACR", "WAF", - "VM" + "ACR", + "VM", + "Storage" ], "severity": "Medium", "text": "Leverage Availability Zones for your VMs in regions where they are supported", @@ -31311,8 +31281,8 @@ "service": "VM", "services": [ "WAF", - "VM", - "ASR" + "ASR", + "VM" ], "severity": "High", "text": "Avoid running a production workload on a single VM", @@ -31326,8 +31296,8 @@ "link": "https://learn.microsoft.com/azure/site-recovery/site-recovery-overview", "service": "VM", "services": [ - "AVS", "WAF", + "AVS", "VM", "ASR" ], @@ -31358,8 +31328,8 @@ "service": "VM", "services": [ "WAF", - "VM", - "ASR" + "ASR", + "VM" ], "severity": "Medium", "text": "Increase quotas in DR region before testing failover with ASR", @@ -31388,8 +31358,8 @@ "link": "https://learn.microsoft.com/azure/storage/common/storage-redundancy", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Choose the most appropriate data redundancy option for Azure Storage based on your requirements", @@ -31403,8 +31373,8 @@ "link": "https://learn.microsoft.com/azure/storage/common/lock-account-resource", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Low", "text": "Apply a Delete lock to prevent accidental or malicious deletion of storage accounts", @@ -31418,8 +31388,8 @@ "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-container-enable", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Low", "text": "Enable soft delete for Storage Account Containers", @@ -31433,8 +31403,8 @@ "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-blob-enable", "service": "Storage", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Low", "text": "Enable soft delete for blobs", @@ -31478,9 +31448,9 @@ "link": "https://learn.microsoft.com/azure/backup/backup-azure-immutable-vault-concept?source=recommendations&tabs=recovery-services-vault", "service": "Backup", "services": [ - "Storage", "WAF", - "Backup" + "Backup", + "Storage" ], "severity": "Low", "text": "Implement Immutable Storage for your vaults to protect against ransomware and prevent unauthorized modifications to backups", @@ -31494,8 +31464,8 @@ "link": "https://learn.microsoft.com/azure/dns/tutorial-dns-private-resolver-failover", "service": "DNS", "services": [ - "ACR", "WAF", + "ACR", "DNS", "ASR" ], @@ -31526,8 +31496,8 @@ "link": "https://learn.microsoft.com/azure/architecture/reference-architectures/dmz/nva-ha", "service": "NVA", "services": [ - "NVA", - "WAF" + "WAF", + "NVA" ], "severity": "High", "text": "Deploy Network Virtual Appliances (NVAs) in a vendor supported configuration for High Availability", @@ -31539,8 +31509,8 @@ "link": "https://learn.microsoft.com/azure/sap/center-sap-solutions/overview", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Medium", "text": "Azure Center for SAP solutions (ACSS) is an Azure offering that makes SAP a top-level workload on Azure. ACSS is an end-to-end solution that enables you to create and run SAP systems as a unified workload on Azure and provides a more seamless foundation for innovation. You can take advantage of the management capabilities for both new and existing Azure-based SAP systems.", @@ -31553,8 +31523,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-platform-automation-and-devops", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Medium", "text": "Azure supports automating SAP deployments in Linux and Windows. SAP Deployment Automation Framework is an open-source orchestration tool that can deploy, install, and maintain SAP environments.", @@ -31567,8 +31537,8 @@ "link": "https://learn.microsoft.com/azure/well-architected/sap/design-areas/data-platform", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Medium", "text": "Perform a point-in-time recovery for your production databases at any point and in a time frame that meets your RTO; point-in-time recovery typically includes operator errors deleting data either on the DBMS layer or through SAP, incidentally", @@ -31592,12 +31562,12 @@ "link": "https://learn.microsoft.com/azure/reliability/cross-region-replication-azure", "service": "SAP", "services": [ - "SQL", - "Storage", - "SAP", "WAF", "Backup", - "ASR" + "Storage", + "SAP", + "ASR", + "SQL" ], "severity": "High", "text": "You can replicate standard storage between paired regions, but you can't use standard storage to store your databases or virtual hard disks. You can replicate backups only between paired regions that you use. For all your other data, run your replication by using native DBMS features like SQL Server Always On or SAP HANA System Replication. Use a combination of Site Recovery, rsync or robocopy, and other third-party software for the SAP application layer.", @@ -31610,8 +31580,8 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-zones", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Medium", "text": "When using Azure Availability Zones to achieve high availability, you must consider latency between SAP application servers and database servers. For zones with high latencies, operational procedures need to be in place to ensure that SAP application servers and database servers are running in the same zone at all times.", @@ -31625,10 +31595,10 @@ "link": "https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering", "service": "SAP", "services": [ - "VPN", "WAF", + "ASR", "ExpressRoute", - "ASR" + "VPN" ], "severity": "High", "text": "Set up ExpressRoute connections from on-premises to the primary and secondary Azure disaster recovery regions. Also, as an alternative to using ExpressRoute, consider setting up VPN connections from on-premises to the primary and secondary Azure disaster recovery regions.", @@ -31642,8 +31612,8 @@ "service": "SAP", "services": [ "WAF", - "AKV", - "ACR" + "ACR", + "AKV" ], "severity": "Low", "text": "Replicate key vault contents like certificates, secrets, or keys across regions so you can decrypt data in the DR region.", @@ -31655,10 +31625,10 @@ "link": "https://learn.microsoft.com/azure/architecture/guide/sap/sap-s4hana", "service": "SAP", "services": [ - "SAP", "WAF", - "VNet", - "ASR" + "ASR", + "SAP", + "VNet" ], "severity": "Medium", "text": "Peer the primary and disaster recovery virtual networks. For example, for HANA System Replication, an SAP HANA DB virtual network needs to be peered to the disaster recovery site's SAP HANA DB virtual network.", @@ -31670,9 +31640,9 @@ "link": "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-service-levels", "service": "SAP", "services": [ - "Storage", + "WAF", "SAP", - "WAF" + "Storage" ], "severity": "Low", "text": "If you use Azure NetApp Files storage for your SAP deployments, at a minimum, create two Azure NetApp Files accounts in the Premium tier, in two regions.", @@ -31714,8 +31684,8 @@ "services": [ "WAF", "VM", - "Entra", - "ASR" + "ASR", + "Entra" ], "severity": "High", "text": "Use Site Recovery to replicate an application server to a DR site. Site Recovery can also help with replicating central-services cluster VMs to the DR site. When you invoke DR, you'll need to reconfigure the Linux Pacemaker cluster on the DR site (for example, replace the VIP or SBD, run corosync.conf, and more).", @@ -31728,8 +31698,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-business-continuity-and-disaster-recovery", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "High", "text": "Consider the availability of SAP software against single points of failure. This includes single points of failure within applications such as DBMSs utilized in SAP NetWeaver and SAP S/4HANA architectures, SAP ABAP and ASCS + SCS. Also, other tools such as SAP Web Dispatcher.", @@ -31742,8 +31712,8 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/planning-supported-configurations", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "High", "text": "For SAP and SAP databases, consider implementing automatic failover clusters. In Windows, Windows Server Failover Clustering supports failover. In Linux, Linux Pacemaker or third-party tools like SIOS Protection Suite and Veritas InfoScale support failover.", @@ -31756,9 +31726,9 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows", "service": "SAP", "services": [ - "Storage", "WAF", - "VM" + "VM", + "Storage" ], "severity": "High", "text": "Azure doesn't support architectures in which the primary and secondary VMs share storage for DBMS data. For the DBMS layer, the common architecture pattern is to replicate databases at the same time and with different storage stacks than the ones that the primary and secondary VMs use.", @@ -31771,9 +31741,9 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/dbms-guide-general", "service": "SAP", "services": [ - "Storage", + "WAF", "SAP", - "WAF" + "Storage" ], "severity": "High", "text": "The DBMS data and transaction/redo log files are stored in Azure supported block storage or Azure NetApp Files. Azure Files or Azure Premium Files isn't supported as storage for DBMS data and/or redo log files with SAP workload.", @@ -31786,8 +31756,8 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/sap-high-availability-guide-wsfc-shared-disk", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "High", "text": "You can use Azure shared disks in Windows for ASCS + SCS components and specific high-availability scenarios. Set up your failover clusters separately for SAP application layer components and the DBMS layer. Azure doesn't currently support high-availability architectures that combine SAP application layer components and the DBMS layer into one failover cluster.", @@ -31801,9 +31771,9 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-guide-standard-load-balancer-outbound-connections", "service": "SAP", "services": [ - "SAP", "WAF", - "LoadBalancer" + "LoadBalancer", + "SAP" ], "severity": "High", "text": "Most failover clusters for SAP application layer components (ASCS) and the DBMS layer require a virtual IP address for a failover cluster. Azure Load Balancer should handle the virtual IP address for all other cases. One design principle is to use one load balancer per cluster configuration. We recommend that you use the standard version of the load balancer (Standard Load Balancer SKU).", @@ -31843,9 +31813,9 @@ "link": "https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1", "service": "SAP", "services": [ - "SAP", "WAF", "VM", + "SAP", "Entra" ], "severity": "High", @@ -31858,10 +31828,10 @@ "link": "https://learn.microsoft.com/azure/virtual-machines/availability-set-overview", "service": "SAP", "services": [ - "Entra", "WAF", + "RBAC", "VM", - "RBAC" + "Entra" ], "severity": "High", "text": "Do not mix servers of different roles in the same availability set. Keep central services VMs, database VMs, application VMs in their own availability sets", @@ -31901,8 +31871,8 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/proximity-placement-scenarios", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "Entra" ], "severity": "High", @@ -31915,9 +31885,9 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/proximity-placement-scenarios", "service": "SAP", "services": [ - "SAP", "WAF", - "ACR" + "ACR", + "SAP" ], "severity": "High", "text": "Use one proximity placement group per SAP SID. Groups don't span across Availability Zones or Azure regions", @@ -31929,8 +31899,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-business-continuity-and-disaster-recovery", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "Entra" ], "severity": "High", @@ -31960,9 +31930,9 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-business-continuity-and-disaster-recovery", "service": "SAP", "services": [ - "Storage", "WAF", - "VM" + "VM", + "Storage" ], "severity": "Medium", "text": "Deploy both VMs in the high-availability pair in an availability set or in availability zones. These VMs should be the same size and have the same storage configuration.", @@ -31974,8 +31944,8 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-guide-rhel-with-hana-ascs-ers-dialog-instance", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Medium", "text": "Azure supports installing and configuring SAP HANA and ASCS/SCS and ERS instances on the same high availability cluster running on Red Hat Enterprise Linux (RHEL).", @@ -31988,8 +31958,8 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/planning-guide-storage", "service": "SAP", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "High", "text": "Run all production systems on Premium managed SSDs and use Azure NetApp Files or Ultra Disk Storage. At least the OS disk should be on the Premium tier so you can achieve better performance and the best SLA.", @@ -32002,9 +31972,9 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/hana-vm-operations-storage", "service": "SAP", "services": [ - "Storage", + "WAF", "SAP", - "WAF" + "Storage" ], "severity": "High", "text": "You should run SAP HANA on Azure only on the types of storage that are certified by SAP. Note that certain volumes must be run on certain disk configurations, where applicable. These configurations include enabling Write Accelerator and using Premium storage. You also need to ensure that the file system that runs on storage is compatible with the DBMS that runs on the machine.", @@ -32017,10 +31987,10 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/disaster-recovery-overview-guide#storage", "service": "SAP", "services": [ - "Storage", - "SAP", "WAF", - "ASR" + "ASR", + "SAP", + "Storage" ], "severity": "High", "text": "Consider configuring high availability depending on the type of storage you use for your SAP workloads. Some storage services available in Azure are not supported by Azure Site Recovery, so your high availability configuration may differ.", @@ -32033,9 +32003,9 @@ "link": "https://azure.microsoft.com/ja-jp/explore/global-infrastructure/products-by-region/", "service": "SAP", "services": [ - "Storage", + "WAF", "SAP", - "WAF" + "Storage" ], "severity": "High", "text": "Different native Azure storage services (like Azure Files, Azure NetApp Files, Azure Shared Disk) may not be available in all regions. So to have similar SAP setup on the DR region after failover, ensure the respective storage service is offered in DR site.", @@ -32047,8 +32017,8 @@ "link": "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/optimize-your-azure-costs-by-automating-sap-system-start-stop/ba-p/2120675", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "Cost" ], "severity": "Medium", @@ -32061,11 +32031,11 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/hana-vm-premium-ssd-v1", "service": "SAP", "services": [ + "WAF", "Storage", "SAP", - "WAF", - "Cost", - "VM" + "VM", + "Cost" ], "severity": "Low", "text": "In the case of using Azure Premium Storage with SAP HANA, Azure Standard SSD storage can be used to select a cost-conscious storage solution. However, please note that choosing Standard SSD or Standard HDD Azure storage will affect the SLA of the individual VMs. Also, for systems with lower I/O throughput and low latency, such as non-production environments, lower series VMs can be used.", @@ -32077,11 +32047,11 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/hana-vm-premium-ssd-v1", "service": "SAP", "services": [ + "WAF", "Storage", "SAP", - "WAF", - "Cost", - "VM" + "VM", + "Cost" ], "severity": "Low", "text": "As a lower-cost alternative configuration (multipurpose), you can choose a low-performance SKU for your non-production HANA database server VMs. However, it is important to note that some VM types, such as E-series, are not HANA certified (SAP HANA Hardware Directory) or cannot achieve storage latency of less than 1ms.", @@ -32095,8 +32065,8 @@ "service": "SAP", "services": [ "WAF", - "Subscriptions", - "RBAC" + "RBAC", + "Subscriptions" ], "severity": "High", "text": "Enforce a RBAC model for management groups, subscriptions, resource groups and resources", @@ -32109,8 +32079,8 @@ "link": "https://learn.microsoft.com/azure/active-directory/fundamentals/scenario-azure-first-sap-identity-integration", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "Entra" ], "severity": "Medium", @@ -32124,8 +32094,8 @@ "link": "https://learn.microsoft.com/azure/active-directory/fundamentals/scenario-azure-first-sap-identity-integration", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "Entra" ], "severity": "Medium", @@ -32138,8 +32108,8 @@ "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-netweaver-tutorial", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Medium", "text": "Implement SSO to SAP NetWeaver-based web applications like SAP Fiori and SAP Web GUI by using SAML.", @@ -32151,8 +32121,8 @@ "guid": "9eb54dad-7861-4e1c-973a-f3bb003fc9c1", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Medium", "text": "Implement SSO to SAP NetWeaver-based web applications like SAP Fiori and SAP Web GUI by using SAML.", @@ -32165,8 +32135,8 @@ "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-netweaver-tutorial", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Medium", "text": "You can implement SSO to SAP GUI by using SAP NetWeaver SSO or a partner solution.", @@ -32178,8 +32148,8 @@ "guid": "23181aa4-1742-4694-9ff8-ae7d7d474317", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "AKV" ], "severity": "Medium", @@ -32193,8 +32163,8 @@ "link": "https://blogs.sap.com/2017/07/12/sap-single-sign-on-protect-your-sap-landscape-with-x.509-certificates/", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "AKV" ], "severity": "Medium", @@ -32207,8 +32177,8 @@ "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-netweaver-tutorial#configure-sap-netweaver-for-oauth", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Medium", "text": "Implement SSO by using OAuth for SAP NetWeaver to allow third-party or custom applications to access SAP NetWeaver OData services.", @@ -32220,8 +32190,8 @@ "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/saphana-tutorial", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Medium", "text": "Implement SSO to SAP HANA", @@ -32233,8 +32203,8 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/rise-integration#connectivity-with-sap-rise", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "Entra" ], "severity": "Medium", @@ -32247,8 +32217,8 @@ "link": "https://github.com/azuredevcollege/SAP/blob/master/sap-oauth-saml-flow/README.md", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Medium", "text": "For applications that access SAP, you might want to use principal propagation to establish SSO.", @@ -32260,8 +32230,8 @@ "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-hana-cloud-platform-identity-authentication-tutorial", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "Entra" ], "severity": "Medium", @@ -32274,8 +32244,8 @@ "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-hana-cloud-platform-tutorial", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Medium", "text": "Implement SSO to SAP BTP", @@ -32287,8 +32257,8 @@ "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-successfactors-inbound-provisioning-cloud-only-tutorial", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "Entra" ], "severity": "Medium", @@ -32303,10 +32273,10 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups", "service": "SAP", "services": [ - "SAP", "WAF", - "Subscriptions", - "AzurePolicy" + "SAP", + "AzurePolicy", + "Subscriptions" ], "severity": "Medium", "text": "enforce existing Management Group policies to SAP Subscriptions", @@ -32320,8 +32290,8 @@ "link": "https://learn.microsoft.com/azure/architecture/guide/sap/sap-whole-landscape", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "Subscriptions" ], "severity": "High", @@ -32435,10 +32405,10 @@ "link": "https://learn.microsoft.com/azure/azure-netapp-files/azacsnap-introduction", "service": "SAP", "services": [ - "Storage", "WAF", "VM", - "Entra" + "Entra", + "Storage" ], "severity": "Medium", "text": "If you deploy Azure NetApp Files for your HANA, Oracle, or DB2 database, use the Azure Application Consistent Snapshot tool (AzAcSnap) to take application-consistent snapshots. AzAcSnap also supports Oracle databases. Consider using AzAcSnap on a central VM rather than on individual VMs.", @@ -32450,8 +32420,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-management-and-monitoring", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "High", "text": "Ensure time-zone matches between the operating system and the SAP system.", @@ -32490,8 +32460,8 @@ "link": "https://learn.microsoft.com/azure/lighthouse/overview", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "Entra" ], "severity": "Medium", @@ -32518,8 +32488,8 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/lama-installation", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Low", "text": "Optimize and manage SAP Basis operations by using SAP Landscape Management (LaMa). Use the SAP LaMa connector for Azure to relocate, copy, clone, and refresh SAP systems.", @@ -32532,9 +32502,9 @@ "link": "https://learn.microsoft.com/azure/sap/monitor/about-azure-monitor-sap-solutions", "service": "SAP", "services": [ - "SAP", "WAF", "Monitor", + "SAP", "SQL" ], "severity": "Medium", @@ -32548,11 +32518,11 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/vm-extension-for-sap", "service": "SAP", "services": [ - "SAP", "WAF", - "Monitor", + "SAP", "VM", - "Entra" + "Entra", + "Monitor" ], "severity": "High", "text": "Run a VM Extension for SAP check. VM Extension for SAP uses the assigned managed identity of a virtual machine (VM) to access VM monitoring and configuration data. The check ensures that all performance metrics in your SAP application come from the underlying Azure Extension for SAP.", @@ -32579,10 +32549,10 @@ "link": "https://learn.microsoft.com/azure/network-watcher/connection-monitor-overview", "service": "SAP", "services": [ - "SAP", "WAF", - "Monitor", - "NetworkWatcher" + "NetworkWatcher", + "SAP", + "Monitor" ], "severity": "Medium", "text": "Use Connection Monitor in Azure Network Watcher to monitor latency metrics for SAP databases and application servers. Or collect and display network latency measurements by using Azure Monitor.", @@ -32595,8 +32565,8 @@ "link": "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "VM" ], "severity": "Medium", @@ -32609,8 +32579,8 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-zones", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "Subscriptions" ], "severity": "High", @@ -32624,9 +32594,9 @@ "link": "https://learn.microsoft.com/azure/advisor/advisor-how-to-improve-reliability", "service": "SAP", "services": [ - "Storage", "WAF", - "ASR" + "ASR", + "Storage" ], "severity": "Medium", "text": "Run the Resiliency Report to ensure that the configuration of the entire provisioned Azure infrastructure (Compute, Database, Networking, Storage, Site Recovery) complies with the configuration defined by Cloud Adaption Framework for Azure.", @@ -32639,10 +32609,10 @@ "link": "https://learn.microsoft.com/azure/sentinel/sap/deployment-overview", "service": "SAP", "services": [ - "SAP", "WAF", - "Sentinel", - "Monitor" + "Monitor", + "SAP", + "Sentinel" ], "severity": "Medium", "text": "Implement threat protection by using the Microsoft Sentinel solution for SAP. Use this solution to monitor your SAP systems and detect sophisticated threats throughout the business logic and application layers.", @@ -32671,8 +32641,8 @@ "service": "SAP", "services": [ "WAF", - "VM", - "Monitor" + "Monitor", + "VM" ], "severity": "Low", "text": "Use inter-VM latency monitoring for latency-sensitive applications.", @@ -32684,10 +32654,10 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/planning-guide-storage", "service": "SAP", "services": [ - "SAP", "WAF", - "Monitor", - "ASR" + "ASR", + "SAP", + "Monitor" ], "severity": "Medium", "text": "Use Azure Site Recovery monitoring to maintain the health of the disaster recovery service for SAP application servers.", @@ -32700,9 +32670,9 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-management-and-monitoring", "service": "SAP", "services": [ - "Storage", + "WAF", "SAP", - "WAF" + "Storage" ], "severity": "Medium", "text": "Exclude all the database file systems and executable programs from antivirus scans. Including them could lead to performance problems. Check with the database vendors for prescriptive details on the exclusion list. For example, Oracle recommends excluding /oracle//sapdata from antivirus scans.", @@ -32714,8 +32684,8 @@ "link": "https://sapit-forme-prod.authentication.eu11.hana.ondemand.com/login", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Low", "text": "Consider collecting full database statistics for non-HANA databases after migration. For example, implement SAP note 1020260 - Delivery of Oracle statistics.", @@ -32727,9 +32697,9 @@ "link": "https://learn.microsoft.com/azure/virtual-machines/workloads/oracle/configure-oracle-asm", "service": "SAP", "services": [ - "Storage", + "WAF", "SAP", - "WAF" + "Storage" ], "severity": "Medium", "text": "Consider using Oracle Automatic Storage Management (ASM) for all Oracle deployments that use SAP on Azure.", @@ -32742,8 +32712,8 @@ "link": "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/announcement-sap-on-azure-oracle-performance-efficiency-scripts/ba-p/3725178", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "SQL" ], "severity": "Medium", @@ -32757,10 +32727,10 @@ "link": "https://learn.microsoft.com/azure/site-recovery/site-recovery-monitor-and-troubleshoot", "service": "SAP", "services": [ - "SAP", "WAF", - "Monitor", - "ASR" + "ASR", + "SAP", + "Monitor" ], "severity": "High", "text": "Use Azure Site Recovery monitoring to maintain the health of the disaster recovery service for SAP application servers.", @@ -32774,8 +32744,8 @@ "service": "SAP", "services": [ "WAF", - "AppGW", - "AzurePolicy" + "AzurePolicy", + "AppGW" ], "severity": "Medium", "text": "For secure delivery of HTTP/S apps, use Application Gateway v2 and ensure that WAF protection and policies are enabled.", @@ -32788,9 +32758,9 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-network-topology-and-connectivity", "service": "SAP", "services": [ - "VM", - "SAP", "WAF", + "SAP", + "VM", "DNS" ], "severity": "Medium", @@ -32804,10 +32774,10 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-network-topology-and-connectivity", "service": "SAP", "services": [ - "SAP", "WAF", - "DNS", - "VNet" + "SAP", + "VNet", + "DNS" ], "severity": "Medium", "text": "Use different DNS zones to distinguish each environment (sandbox, development, preproduction, and production) from each other. The exception is for SAP deployments with their own VNet; here, private DNS zones might not be necessary.", @@ -32822,9 +32792,9 @@ "link": "https://learn.microsoft.com/azure/virtual-network/virtual-network-peering-overview", "service": "SAP", "services": [ - "SAP", "WAF", "ACR", + "SAP", "VNet" ], "severity": "Medium", @@ -32838,8 +32808,8 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/planning-guide", "service": "SAP", "services": [ - "NVA", "WAF", + "NVA", "SAP" ], "severity": "High", @@ -32854,9 +32824,9 @@ "link": "https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/?source=recommendations", "service": "SAP", "services": [ + "WAF", "ACR", "SAP", - "WAF", "VWAN" ], "severity": "Medium", @@ -32870,8 +32840,8 @@ "link": "https://learn.microsoft.com/azure/well-architected/services/networking/network-virtual-appliances/reliability", "service": "SAP", "services": [ - "NVA", "WAF", + "NVA", "VNet" ], "severity": "Medium", @@ -32885,9 +32855,9 @@ "link": "https://learn.microsoft.com/azure/architecture/networking/hub-spoke-vwan-architecture", "service": "SAP", "services": [ - "SAP", "WAF", "VNet", + "SAP", "NVA", "VWAN" ], @@ -32903,8 +32873,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "VM" ], "severity": "High", @@ -32946,9 +32916,9 @@ "link": "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-delegate-subnet", "service": "SAP", "services": [ - "Storage", "WAF", - "VNet" + "VNet", + "Storage" ], "severity": "Medium", "text": "While Azure does help you to create multiple delegated subnets in a VNet, only one delegated subnet can exist in a VNet for Azure NetApp Files. Attempts to create a new volume will fail if you use more than one delegated subnet for Azure NetApp Files.", @@ -32976,8 +32946,8 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/expose-sap-process-orchestration-on-azure", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "AppGW" ], "severity": "Medium", @@ -32991,9 +32961,9 @@ "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview", "service": "SAP", "services": [ - "FrontDoor", "WAF", "ACR", + "FrontDoor", "AzurePolicy" ], "severity": "Medium", @@ -33009,8 +32979,8 @@ "services": [ "WAF", "FrontDoor", - "AppGW", - "AzurePolicy" + "AzurePolicy", + "AppGW" ], "severity": "Medium", "text": "Take advantage of Web Application Firewall policies in Azure Front Door when you're using Azure Front Door and Application Gateway to protect HTTP/S applications. Lock down Application Gateway to receive traffic only from Azure Front Door.", @@ -33038,9 +33008,9 @@ "link": "https://learn.microsoft.com/azure/frontdoor/front-door-overview", "service": "SAP", "services": [ + "WAF", "ACR", "SAP", - "WAF", "VWAN" ], "severity": "Medium", @@ -33054,12 +33024,12 @@ "link": "https://learn.microsoft.com/azure/virtual-network/vnet-integration-for-azure-services", "service": "SAP", "services": [ - "Storage", "WAF", - "ACR", - "Backup", "PrivateLink", - "VNet" + "Backup", + "VNet", + "Storage", + "ACR" ], "severity": "Medium", "text": "To prevent data leakage, use Azure Private Link to securely access platform as a service resources like Azure Blob Storage, Azure Files, Azure Data Lake Storage Gen2, Azure Data Factory, and more. Azure Private Endpoint can also help to secure traffic between VNets and services like Azure Storage, Azure Backup, and more. Traffic between your VNet and the Private Endpoint enabled service travels across the Microsoft global network, which prevents its exposure to the public internet.", @@ -33073,8 +33043,8 @@ "link": "https://learn.microsoft.com/azure/virtual-network/accelerated-networking-overview?tabs=redhat", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "VM" ], "severity": "High", @@ -33103,9 +33073,9 @@ "link": "https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works", "service": "SAP", "services": [ - "SAP", "WAF", "VM", + "SAP", "VNet" ], "severity": "Medium", @@ -33119,8 +33089,8 @@ "link": "https://me.sap.com/notes/2015553", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "VNet" ], "severity": "High", @@ -33134,8 +33104,8 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/proximity-placement-scenarios", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Medium", "text": "For optimal network latency with SAP applications, consider using Azure proximity placement groups.", @@ -33148,8 +33118,8 @@ "link": "https://me.sap.com/notes/2015553", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "High", "text": "It is NOT supported at all to run an SAP Application Server layer and DBMS layer split between on-premise and Azure. Both layers need to completely reside either on-premise or in Azure.", @@ -33162,10 +33132,10 @@ "link": "https://me.sap.com/notes/2015553", "service": "SAP", "services": [ - "SAP", "WAF", - "Cost", - "VNet" + "SAP", + "VNet", + "Cost" ], "severity": "High", "text": "It isn't recommended to host the database management system (DBMS) and application layers of SAP systems in different VNets and connect them with VNet peering because of the substantial costs that excessive network traffic between the layers can produce. Recommend using subnets within the Azure virtual network to separate the SAP application layer and DBMS layer.", @@ -33192,8 +33162,8 @@ "link": "https://learn.microsoft.com/azure/sap/workloads/rise-integration", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "VNet" ], "severity": "Medium", @@ -33206,9 +33176,9 @@ "link": "https://learn.microsoft.com/azure/backup/sap-hana-database-about", "service": "SAP", "services": [ + "WAF", "VM", "SAP", - "WAF", "Backup" ], "severity": "High", @@ -33221,10 +33191,10 @@ "link": "https://learn.microsoft.com/azure/site-recovery/site-recovery-monitor-and-troubleshoot", "service": "SAP", "services": [ - "SAP", "WAF", - "Monitor", - "ASR" + "ASR", + "SAP", + "Monitor" ], "severity": "Medium", "text": "Review Site Recovery built-in monitoring, where used for SAP.", @@ -33236,9 +33206,9 @@ "link": "https://help.sap.com/docs/SAP_HANA_PLATFORM/c4d7c773af4a4e5dbebb6548d6e2d4f4/e3111d2ebb5710149510cc120646bf3f.html?locale=en-US", "service": "SAP", "services": [ - "SAP", "WAF", - "Monitor" + "Monitor", + "SAP" ], "severity": "High", "text": "Review the Monitoring the SAP HANA System Landscape guidance.", @@ -33250,9 +33220,9 @@ "link": "https://learn.microsoft.com/azure/virtual-machines/workloads/oracle/oracle-database-backup-strategies", "service": "SAP", "services": [ - "VM", "WAF", - "Backup" + "Backup", + "VM" ], "severity": "Medium", "text": "Review Oracle Database in Azure Linux VM backup strategies.", @@ -33264,9 +33234,9 @@ "link": "https://learn.microsoft.com/sql/relational-databases/tutorial-use-azure-blob-storage-service-with-sql-server-2016?view=sql-server-ver16", "service": "SAP", "services": [ - "Storage", "WAF", - "SQL" + "SQL", + "Storage" ], "severity": "Medium", "text": "Review the use of Azure Blob Storage with SQL Server 2016.", @@ -33278,9 +33248,9 @@ "link": "https://learn.microsoft.com/azure/azure-sql/virtual-machines/windows/automated-backup?view=azuresql", "service": "SAP", "services": [ - "VM", "WAF", - "Backup" + "Backup", + "VM" ], "severity": "Medium", "text": "Review the use of Automated Backup v2 for Azure VMs.", @@ -33315,8 +33285,8 @@ "link": "https://support.sap.com/en/offerings-programs/support-services/earlywatch-alert.html", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Medium", "text": "Activate SAP EarlyWatch Alert for all SAP components.", @@ -33329,8 +33299,8 @@ "link": "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/sap-on-azure-general-update-march-2019/ba-p/377456", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Medium", "text": "Review SAP application server to database server latency using SAP ABAPMeter report /SSA/CAT.", @@ -33356,8 +33326,8 @@ "link": "https://me.sap.com/notes/500235", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "VM" ], "severity": "Medium", @@ -33371,9 +33341,9 @@ "link": "https://learn.microsoft.com/en-us/azure/sap/large-instances/hana-monitor-troubleshoot", "service": "SAP", "services": [ - "SAP", "WAF", - "Monitor" + "Monitor", + "SAP" ], "severity": "Medium", "text": "Review SAP HANA studio alerts.", @@ -33385,8 +33355,8 @@ "link": "https://me.sap.com/notes/1969700", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Medium", "text": "Perform SAP HANA health checks using HANA_Configuration_Minichecks.", @@ -33412,8 +33382,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/sap-lza-security-operations", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Medium", "text": "Routinely review the SAP security OSS notes because SAP releases highly critical security patches, or hot fixes, that require immediate action to protect your SAP systems.", @@ -33426,8 +33396,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/sap-lza-database-security", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "SQL" ], "severity": "Low", @@ -33454,11 +33424,11 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-security-governance-and-compliance", "service": "SAP", "services": [ - "SQL", + "WAF", + "Backup", "Storage", "SAP", - "WAF", - "Backup" + "SQL" ], "severity": "High", "text": "Encrypting SAP HANA database servers on Azure uses SAP HANA native encryption technology. Additionally, if you are using SQL Server on Azure, use Transparent Data Encryption (TDE) to protect your data and log files and ensure that your backups are also encrypted.", @@ -33471,8 +33441,8 @@ "link": "https://learn.microsoft.com/azure/storage/common/storage-service-encryption", "service": "SAP", "services": [ - "Storage", - "WAF" + "WAF", + "Storage" ], "severity": "Medium", "text": "Azure Storage encryption is enabled for all Azure Resource Manager and classic storage accounts, and can't be disabled. Because your data is encrypted by default, you don't need to modify your code or applications to use Azure Storage encryption.", @@ -33501,9 +33471,9 @@ "service": "SAP", "services": [ "WAF", - "Subscriptions", "RBAC", - "AzurePolicy" + "AzurePolicy", + "Subscriptions" ], "severity": "Medium", "text": "It is recommended to LOCK the Azure Resources post successful deployment to safeguard against unauthorized changes. You can also enforce LOCK constraints and rules on your per-subscription basis using customized Azure policies(Custome role).", @@ -33517,8 +33487,8 @@ "service": "SAP", "services": [ "WAF", - "AKV", - "AzurePolicy" + "AzurePolicy", + "AKV" ], "severity": "Medium", "text": "Provision Azure Key Vault with the soft delete and purge policies enabled to allow retention protection for deleted objects.", @@ -33546,10 +33516,10 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-security-governance-and-compliance", "service": "SAP", "services": [ - "Storage", - "SAP", "WAF", - "Defender" + "SAP", + "Defender", + "Storage" ], "severity": "High", "text": "When enabling Microsoft Defender for Endpoint on SAP environment, recommend excluding data and log files on DBMS servers instead of targeting all servers. Follow your DBMS vendor's recommendations when excluding target files.", @@ -33562,10 +33532,10 @@ "link": "https://learn.microsoft.com/azure/defender-for-cloud/just-in-time-access-overview?tabs=defender-for-container-arch-aks", "service": "SAP", "services": [ - "SAP", "WAF", - "Defender", - "RBAC" + "RBAC", + "SAP", + "Defender" ], "severity": "High", "text": "Delegate an SAP admin custom role with just-in-time access of Microsoft Defender for Cloud.", @@ -33578,8 +33548,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-security-governance-and-compliance", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Low", "text": "encrypt data in transit by integrating the third-party security product with secure network communications (SNC) for DIAG (SAP GUI), RFC, and SPNEGO for HTTPS", @@ -33621,8 +33591,8 @@ "link": "https://learn.microsoft.com/azure/key-vault/certificates/certificate-scenarios", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "AKV" ], "severity": "High", @@ -33636,10 +33606,10 @@ "link": "https://learn.microsoft.com/azure/role-based-access-control/built-in-roles", "service": "SAP", "services": [ - "SAP", "WAF", - "Subscriptions", - "RBAC" + "RBAC", + "SAP", + "Subscriptions" ], "severity": "High", "text": "Customize role-based access control (RBAC) roles for SAP on Azure spoke subscriptions to avoid accidental network-related changes", @@ -33652,10 +33622,10 @@ "link": "https://blogs.sap.com/2019/07/21/sap-security-operations-on-azure/", "service": "SAP", "services": [ - "NVA", "WAF", - "SAP", - "PrivateLink" + "PrivateLink", + "NVA", + "SAP" ], "severity": "High", "text": "Isolate DMZs and NVAs from the rest of the SAP estate, configure Azure Private Link, and securely manage and control the SAP on Azure resources", @@ -33668,9 +33638,9 @@ "link": "https://learn.microsoft.com/en-us/training/modules/secure-vms-with-azure-security-center/?source=recommendations", "service": "SAP", "services": [ - "Storage", "WAF", - "VM" + "VM", + "Storage" ], "severity": "Low", "text": "Consider using Microsoft anti-malware software on Azure to protect your virtual machines from malicious files, adware, and other threats.", @@ -33697,8 +33667,8 @@ "link": "https://learn.microsoft.com/azure/architecture/guide/sap/sap-whole-landscape", "service": "SAP", "services": [ - "SAP", "WAF", + "SAP", "VNet" ], "severity": "High", @@ -33712,8 +33682,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-security-governance-and-compliance", "service": "SAP", "services": [ - "SAP", - "WAF" + "WAF", + "SAP" ], "severity": "Low", "text": "For internet-facing applications like SAP Fiori, make sure to distribute load per application requirements while maintaining security levels. For Layer 7 security, you can use a third-party Web Application Firewall (WAF) available in the Azure Marketplace.", @@ -33726,10 +33696,10 @@ "link": "https://learn.microsoft.com/azure/sap/monitor/enable-tls-azure-monitor-sap-solutions", "service": "SAP", "services": [ - "SAP", "WAF", - "AKV", - "Monitor" + "Monitor", + "SAP", + "AKV" ], "severity": "Medium", "text": "To enable secure communication in Azure Monitor for SAP solutions, you can choose to use either a root certificate or a server certificate. We highly recommend that you use root certificates.", @@ -33776,12 +33746,12 @@ "link": "https://learn.microsoft.com/azure/service-bus-messaging/service-bus-sas#shared-access-authorization-policies", "service": "Service Bus", "services": [ - "ServiceBus", - "RBAC", "WAF", + "ServiceBus", "TrafficManager", - "AzurePolicy", - "Entra" + "RBAC", + "Entra", + "AzurePolicy" ], "severity": "Medium", "text": "Avoid using root account when it is not necessary", @@ -33798,8 +33768,8 @@ "service": "Service Bus", "services": [ "WAF", - "Entra", - "ServiceBus" + "ServiceBus", + "Entra" ], "severity": "Medium", "text": "When possible, disable SAS key authentication (or local authentication) and use only Microsoft Entra ID for authentication", @@ -33814,11 +33784,11 @@ "link": "https://learn.microsoft.com/azure/service-bus-messaging/authenticate-application#azure-built-in-roles-for-azure-service-bus", "service": "Service Bus", "services": [ + "WAF", "ServiceBus", - "Subscriptions", - "RBAC", "Storage", - "WAF" + "RBAC", + "Subscriptions" ], "severity": "High", "text": "Use least privilege data plane RBAC", @@ -33834,9 +33804,9 @@ "service": "Service Bus", "services": [ "WAF", - "VNet", + "ServiceBus", "Monitor", - "ServiceBus" + "VNet" ], "severity": "Medium", "text": "Enable logging for security investigation. Use Azure Monitor to trace resource logs and runtime audit logs (currently available only in the premium tier)", @@ -33851,10 +33821,10 @@ "link": "https://learn.microsoft.com/azure/service-bus-messaging/private-link-service", "service": "Service Bus", "services": [ - "PrivateLink", "WAF", - "VNet", - "ServiceBus" + "PrivateLink", + "ServiceBus", + "VNet" ], "severity": "Medium", "text": "Consider using private endpoints to access Azure Service Bus and disable public network access when applicable.", @@ -33924,8 +33894,8 @@ "link": "https://learn.microsoft.com/azure/service-fabric/service-fabric-api-management-overview", "service": "Azure Service Fabric", "services": [ - "APIM", - "WAF" + "WAF", + "APIM" ], "severity": "Medium", "text": "Consider using Azure API Management to expose and offload cross-cutting functionality for APIs hosted on the cluster. API Management can integrate with Service Fabric directly.", @@ -33986,8 +33956,8 @@ "link": "https://learn.microsoft.com/azure/service-fabric/how-to-managed-cluster-networking#manage-nsg-rules", "service": "Azure Service Fabric", "services": [ - "APIM", "WAF", + "APIM", "VNet" ], "severity": "Medium", @@ -34001,9 +33971,9 @@ "link": "https://learn.microsoft.com/azure/service-fabric/service-fabric-best-practices-security#deploy-key-vault-certificates-to-service-fabric-cluster-virtual-machine-scale-sets", "service": "Azure Service Fabric", "services": [ - "AKV", - "Storage", "WAF", + "Storage", + "AKV", "VM", "Entra" ], @@ -34128,10 +34098,10 @@ "link": "https://learn.microsoft.com/azure/event-hubs/authorize-access-shared-access-signature#shared-access-authorization-policies", "service": "Event Hubs", "services": [ - "Entra", + "TrafficManager", "RBAC", "EventHubs", - "TrafficManager", + "Entra", "AzurePolicy" ], "severity": "Medium", @@ -34148,8 +34118,8 @@ "link": "https://learn.microsoft.com/azure/event-hubs/authenticate-managed-identity?tabs=latest", "service": "Event Hubs", "services": [ - "AKV", "Storage", + "AKV", "EventHubs", "VM", "Entra" @@ -34168,9 +34138,9 @@ "link": "https://learn.microsoft.com/azure/event-hubs/authorize-access-azure-active-directory#azure-built-in-roles-for-azure-event-hubs", "service": "Event Hubs", "services": [ - "Entra", + "RBAC", "EventHubs", - "RBAC" + "Entra" ], "severity": "High", "subcategory": "Identity and Access Management", @@ -34186,9 +34156,9 @@ "link": "https://learn.microsoft.com/azure/event-hubs/monitor-event-hubs-reference", "service": "Event Hubs", "services": [ + "Monitor", "EventHubs", - "VNet", - "Monitor" + "VNet" ], "severity": "Medium", "subcategory": "Monitoring", @@ -34204,9 +34174,9 @@ "link": "https://learn.microsoft.com/azure/event-hubs/private-link-service", "service": "Event Hubs", "services": [ + "PrivateLink", "EventHubs", - "VNet", - "PrivateLink" + "VNet" ], "severity": "Medium", "subcategory": "Networking", @@ -34253,8 +34223,8 @@ "query": "resources | where type =~ 'Microsoft.EventHub/namespaces' | extend zoneRedundant = tobool(properties.zoneRedundant) | extend compliant = iff(zoneRedundant == true, true, false) | project name, resourceGroup, zoneRedundant, compliant", "service": "Event Hubs", "services": [ - "EventHubs", - "ACR" + "ACR", + "EventHubs" ], "severity": "High", "subcategory": "Zone Redudancy", @@ -34284,8 +34254,8 @@ "link": "https://learn.microsoft.com/azure/event-hubs/event-hubs-geo-dr?tabs=portal", "service": "Event Hubs", "services": [ - "EventHubs", - "ASR" + "ASR", + "EventHubs" ], "severity": "High", "subcategory": "Geo Redudancy", @@ -34300,8 +34270,8 @@ "link": "https://learn.microsoft.com/azure/event-hubs/event-hubs-federation-overview", "service": "Event Hubs", "services": [ - "EventHubs", - "ASR" + "ASR", + "EventHubs" ], "severity": "Medium", "subcategory": "Geo Redudancy", @@ -34355,8 +34325,8 @@ "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/business-continuity-disaster-recovery", "service": "Cognitive Services", "services": [ - "Backup", - "ASR" + "ASR", + "Backup" ], "severity": "High", "subcategory": "Backup", @@ -34532,10 +34502,10 @@ "link": "https://learn.microsoft.com/azure/service-fabric/service-fabric-best-practices-security#deploy-key-vault-certificates-to-service-fabric-cluster-virtual-machine-scale-sets", "service": "Azure Service Fabric", "services": [ - "Storage", - "AKV", "VM", - "Entra" + "Entra", + "Storage", + "AKV" ], "severity": "Medium", "subcategory": "Cluster architecture", @@ -34756,8 +34726,8 @@ "guid": "1549ab81-53d8-49f8-ad17-b84b33b5a67f", "link": "https://learn.microsoft.com/azure/well-architected/service-guides/service-bus/reliability#checklist", "services": [ - "Storage", "ServiceBus", + "Storage", "ASR" ], "severity": "Medium", @@ -34837,8 +34807,8 @@ "guid": "338ee253-c17d-432e-aaaa-b7571549ab81", "link": "https://learn.microsoft.com/azure/service-bus-messaging/service-bus-outages-disasters#availability-zones", "services": [ - "ServiceBus", - "ACR" + "ACR", + "ServiceBus" ], "severity": "High", "subcategory": "Best Practices", @@ -34852,8 +34822,8 @@ "guid": "53d89f89-d17b-484b-93b5-a67f7b9ed5b3", "link": "https://learn.microsoft.com/azure/service-bus-messaging/service-bus-outages-disasters#geo-disaster-recovery", "services": [ - "Storage", "ServiceBus", + "Storage", "ASR" ], "severity": "Medium", @@ -34868,8 +34838,8 @@ "guid": "1f38c403-a822-4c24-93cf-0f18ac699ef1", "link": "https://learn.microsoft.com/azure/service-bus-messaging/service-bus-federation-overview", "services": [ - "ServiceBus", "ACR", + "ServiceBus", "ASR" ], "severity": "Medium", @@ -34884,8 +34854,8 @@ "guid": "d5a83de4-de32-4c18-a147-0607c5c0e4e6", "link": "https://learn.microsoft.com/azure/architecture/best-practices/data-partitioning-strategies#partitioning-azure-service-bus", "services": [ - "Storage", - "ServiceBus" + "ServiceBus", + "Storage" ], "severity": "Medium", "subcategory": "Best Practices", @@ -34924,9 +34894,9 @@ "guid": "4a69b9d3-39ac-44e7-a68d-1d75657202b4", "link": "https://learn.microsoft.com/azure/well-architected/service-guides/service-bus/reliability#checklist", "services": [ - "Storage", + "PrivateLink", "ServiceBus", - "PrivateLink" + "Storage" ], "severity": "Medium", "subcategory": "Best Practices", @@ -34987,9 +34957,9 @@ "service": "Service Bus", "services": [ "ServiceBus", - "Entra", - "RBAC", "TrafficManager", + "RBAC", + "Entra", "AzurePolicy" ], "severity": "Medium", @@ -35025,10 +34995,10 @@ "service": "Service Bus", "services": [ "ServiceBus", - "Subscriptions", - "RBAC", "Storage", - "Entra" + "RBAC", + "Entra", + "Subscriptions" ], "severity": "High", "subcategory": "Identity and Access Management", @@ -35045,8 +35015,8 @@ "service": "Service Bus", "services": [ "ServiceBus", - "VNet", - "Monitor" + "Monitor", + "VNet" ], "severity": "Medium", "subcategory": "Monitoring", @@ -35062,9 +35032,9 @@ "link": "https://learn.microsoft.com/azure/service-bus-messaging/private-link-service", "service": "Service Bus", "services": [ + "PrivateLink", "ServiceBus", - "VNet", - "PrivateLink" + "VNet" ], "severity": "Medium", "subcategory": "Networking", @@ -35224,10 +35194,10 @@ "link": "https://learn.microsoft.com/azure/synapse-analytics/security/synapse-workspace-understand-what-role-you-need", "service": "Synapse Analytics", "services": [ - "Storage", - "Entra", "RBAC", - "Monitor" + "Monitor", + "Entra", + "Storage" ], "severity": "Medium", "subcategory": "", @@ -35355,8 +35325,8 @@ "guid": "9a80822b-8eb9-4d1b-a77f-26e5e6beba8e", "service": "Event Hubs", "services": [ - "AKV", - "Entra" + "Entra", + "AKV" ], "severity": "High", "subcategory": "", @@ -35415,8 +35385,8 @@ "link": "https://learn.microsoft.com/azure/event-hubs/authorize-access-azure-active-directory", "service": "Event Hubs", "services": [ - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "subcategory": "", @@ -35548,8 +35518,8 @@ "link": "https://learn.microsoft.com/fabric/onelake/security/data-access-control-model", "service": "Microsoft Fabric", "services": [ - "Storage", - "RBAC" + "RBAC", + "Storage" ], "severity": "Medium", "subcategory": "", @@ -35730,9 +35700,9 @@ "link": "https://learn.microsoft.com/fabric/security/workspace-identity-authenticate#step-2-grant-the-identity-permissions-on-the-storage-account", "service": "Microsoft Fabric", "services": [ - "Storage", + "RBAC", "Entra", - "RBAC" + "Storage" ], "severity": "Medium", "subcategory": "", @@ -35758,9 +35728,9 @@ "link": "https://learn.microsoft.com/fabric/security/security-trusted-workspace-access", "service": "Microsoft Fabric", "services": [ - "Storage", "EventHubs", - "Entra" + "Entra", + "Storage" ], "severity": "Medium", "subcategory": "", @@ -35804,8 +35774,8 @@ "guid": "1193846d-697c-4c39-8ed1-6b2d186f0a12", "service": "Data Factory", "services": [ - "VNet", - "PrivateLink" + "PrivateLink", + "VNet" ], "severity": "Medium", "subcategory": "", @@ -35836,9 +35806,9 @@ "link": "https://learn.microsoft.com/azure/data-factory/managed-virtual-network-private-endpoint#managed-private-endpoints", "service": "Data Factory", "services": [ + "PrivateLink", "EventHubs", - "VNet", - "PrivateLink" + "VNet" ], "severity": "Medium", "subcategory": "", @@ -35853,8 +35823,8 @@ "link": "https://learn.microsoft.com/fabric/security/security-private-links-use", "service": "Microsoft Fabric", "services": [ - "VNet", - "PrivateLink" + "PrivateLink", + "VNet" ], "severity": "Medium", "subcategory": "", @@ -35945,8 +35915,8 @@ "link": "https://learn.microsoft.com/azure/data-factory/data-factory-private-link", "service": "Data Factory", "services": [ - "VNet", - "PrivateLink" + "PrivateLink", + "VNet" ], "severity": "Medium", "subcategory": "", @@ -36044,8 +36014,8 @@ "guid": "6db55f57-9603-4334-adf9-cc23418db612", "service": "Microsoft Purview", "services": [ - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "subcategory": "", @@ -36060,9 +36030,9 @@ "link": "https://learn.microsoft.com/azure/role-based-access-control/best-practices", "service": "Microsoft Purview", "services": [ + "RBAC", "Entra", - "Subscriptions", - "RBAC" + "Subscriptions" ], "severity": "Medium", "subcategory": "", @@ -36077,8 +36047,8 @@ "link": "https://learn.microsoft.com/purview/classic-data-governance-permissions#roles, https://learn.microsoft.com/azure/role-based-access-control/best-practices", "service": "Microsoft Purview", "services": [ - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "subcategory": "", @@ -36091,8 +36061,8 @@ "guid": "628637a5-5119-4b08-b8f5-854387e9cec1", "service": "Microsoft Purview", "services": [ - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "subcategory": "", @@ -36119,8 +36089,8 @@ "guid": "1ca7da8c-faa6-42a1-9949-56da97dc3a23", "service": "Microsoft Purview", "services": [ - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "High", "subcategory": "", @@ -36186,9 +36156,9 @@ "link": "https://learn.microsoft.com/purview/concept-best-practices-security#use-network-security-groups", "service": "Microsoft Purview", "services": [ - "VNet", + "PrivateLink", "VM", - "PrivateLink" + "VNet" ], "severity": "Medium", "subcategory": "", @@ -36202,9 +36172,9 @@ "link": "https://learn.microsoft.com/azure/firewall/overview", "service": "Microsoft Purview", "services": [ + "PrivateLink", "NVA", - "Firewall", - "PrivateLink" + "Firewall" ], "severity": "Medium", "subcategory": "", @@ -36219,8 +36189,8 @@ "link": "https://learn.microsoft.com/purview/concept-best-practices-network", "service": "Microsoft Purview", "services": [ - "VNet", - "PrivateLink" + "PrivateLink", + "VNet" ], "severity": "Medium", "subcategory": "", @@ -36275,8 +36245,8 @@ "guid": "7f3165c3-a87a-405b-9a20-9949bda47778", "service": "Microsoft Purview", "services": [ - "Storage", - "RBAC" + "RBAC", + "Storage" ], "severity": "Medium", "subcategory": "", @@ -36313,8 +36283,8 @@ "guid": "bc8ac199-ebb9-41a4-9d90-dae2cc881370", "service": "Microsoft Purview", "services": [ - "AKV", - "Entra" + "Entra", + "AKV" ], "severity": "High", "subcategory": "", @@ -36340,8 +36310,8 @@ "link": "https://learn.microsoft.com/entra/identity/role-based-access-control/security-emergency-access", "service": "Microsoft Purview", "services": [ - "Subscriptions", - "Entra" + "Entra", + "Subscriptions" ], "severity": "Medium", "subcategory": "", @@ -36443,11 +36413,11 @@ "guid": "11cc57b4-a4b1-4410-b43a-58a9c2289b3d", "service": "Databricks", "services": [ - "SQL", "Storage", "EventHubs", - "AzurePolicy", - "Entra" + "Entra", + "SQL", + "AzurePolicy" ], "severity": "Medium", "subcategory": "", @@ -36476,8 +36446,8 @@ "guid": "8b662d6c-15f5-4129-9539-8e6ded237dd1", "service": "Databricks", "services": [ - "AKV", - "Entra" + "Entra", + "AKV" ], "severity": "High", "subcategory": "", @@ -36519,8 +36489,8 @@ "link": "https://learn.microsoft.com/azure/databricks/security/auth/access-control/", "service": "Databricks", "services": [ - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "subcategory": "", @@ -36564,10 +36534,10 @@ "link": "https://learn.microsoft.com/azure/databricks/security/keys/customer-managed-keys", "service": "Databricks", "services": [ - "Storage", - "AKV", "Backup", - "SQL" + "AKV", + "SQL", + "Storage" ], "severity": "Medium", "subcategory": "", @@ -36728,12 +36698,12 @@ "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview", "service": "App Gateway", "services": [ - "Subscriptions", "WAF", "VNet", - "AppGW", "NVA", - "Entra" + "Entra", + "AppGW", + "Subscriptions" ], "severity": "Medium", "subcategory": "App Gateway", @@ -36796,8 +36766,8 @@ "services": [ "WAF", "FrontDoor", - "AppGW", - "AzurePolicy" + "AzurePolicy", + "AppGW" ], "severity": "Medium", "subcategory": "App delivery", @@ -36828,8 +36798,8 @@ "link": "https://learn.microsoft.com/azure/active-directory/app-proxy/application-proxy#how-application-proxy-works", "service": "Entra", "services": [ - "AVD", - "Entra" + "Entra", + "AVD" ], "severity": "Low", "subcategory": "App delivery", @@ -36895,8 +36865,8 @@ "service": "App Gateway", "services": [ "WAF", - "AppGW", - "AzurePolicy" + "AzurePolicy", + "AppGW" ], "severity": "High", "subcategory": "App Gateway", @@ -36929,8 +36899,8 @@ "service": "App Gateway", "services": [ "WAF", - "AppGW", - "AzurePolicy" + "AzurePolicy", + "AppGW" ], "severity": "High", "subcategory": "App Gateway", @@ -37031,9 +37001,9 @@ "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/best-practices#send-logs-to-microsoft-sentinel", "service": "App Gateway", "services": [ - "AppGW", "WAF", - "Sentinel" + "Sentinel", + "AppGW" ], "severity": "Medium", "subcategory": "App Gateway", @@ -37077,9 +37047,9 @@ "link": "https://learn.microsoft.com/azure/virtual-wan/scenario-secured-hub-app-gateway", "service": "App Gateway", "services": [ - "VPN", "ExpressRoute", "VNet", + "VPN", "AppGW" ], "severity": "Medium", @@ -37435,8 +37405,8 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", "service": "Key Vault", "services": [ - "AKV", - "Backup" + "Backup", + "AKV" ], "severity": "High", "subcategory": "Deployment best practices", @@ -37450,8 +37420,8 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/disaster-recovery-guidance", "service": "Key Vault", "services": [ - "AKV", - "ACR" + "ACR", + "AKV" ], "severity": "Medium", "subcategory": "High Availability", @@ -37479,8 +37449,8 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/disaster-recovery-guidance#failover-across-regions", "service": "Key Vault", "services": [ - "AKV", - "AzurePolicy" + "AzurePolicy", + "AKV" ], "severity": "Medium", "subcategory": "High Availability", @@ -37494,11 +37464,11 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/backup?tabs=azure-cli#design-considerations", "service": "Key Vault", "services": [ - "AKV", - "Subscriptions", - "Storage", "Backup", - "ASR" + "Storage", + "AKV", + "ASR", + "Subscriptions" ], "severity": "Medium", "subcategory": "Business continuity and disaster recovery", @@ -37512,8 +37482,8 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview", "service": "Key Vault", "services": [ - "AKV", - "ASR" + "ASR", + "AKV" ], "severity": "High", "subcategory": "Business continuity and disaster recovery", @@ -37527,8 +37497,8 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview", "service": "Key Vault", "services": [ - "AKV", - "ASR" + "ASR", + "AKV" ], "severity": "Low", "subcategory": "Business continuity and disaster recovery", @@ -37542,9 +37512,9 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/backup?tabs=azure-cli#limitations", "service": "Key Vault", "services": [ - "AKV", + "ASR", "Backup", - "ASR" + "AKV" ], "severity": "Low", "subcategory": "Business continuity and disaster recovery", @@ -37558,9 +37528,9 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/backup?tabs=azure-cli#limitations", "service": "Key Vault", "services": [ - "AKV", + "ASR", "Backup", - "ASR" + "AKV" ], "severity": "Low", "subcategory": "Business continuity and disaster recovery", @@ -37574,9 +37544,9 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview#purge-protection", "service": "Key Vault", "services": [ + "ASR", "EventHubs", - "AKV", - "ASR" + "AKV" ], "severity": "Medium", "subcategory": "Business continuity and disaster recovery", @@ -37591,9 +37561,9 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/rbac-guide?tabs=azure-cli", "service": "Key Vault", "services": [ + "RBAC", "Entra", - "AKV", - "RBAC" + "AKV" ], "severity": "Medium", "subcategory": "Identity and Access Management", @@ -37607,10 +37577,10 @@ "guid": "56c57ba5-9119-4bf8-b8f5-c586c7d9cdc1", "link": "https://azure.microsoft.com/support/legal/sla/virtual-desktop/v1_0/", "services": [ - "AVD", + "ASR", "VM", "Subscriptions", - "ASR" + "AVD" ], "severity": "High", "subcategory": "Compute", @@ -37624,10 +37594,10 @@ "guid": "6acc076e-f9b1-441a-a989-579e76b897e7", "link": "https://learn.microsoft.com/azure/architecture/example-scenario/wvd/azure-virtual-desktop-multi-region-bcdr", "services": [ - "Storage", - "AVD", + "ASR", "VM", - "ASR" + "Storage", + "AVD" ], "severity": "Medium", "subcategory": "Compute", @@ -37641,8 +37611,8 @@ "guid": "10a7da7b-e996-46e1-9d3c-4ada97cc3d13", "link": "https://docs.microsoft.com/azure/virtual-desktop/disaster-recovery", "services": [ - "AVD", - "ASR" + "ASR", + "AVD" ], "severity": "Low", "subcategory": "Compute", @@ -37656,9 +37626,9 @@ "guid": "25ab225c-6f4e-4168-9fdd-dea8a4b7cdeb", "link": "https://techcommunity.microsoft.com/t5/azure-virtual-desktop-blog/announcing-general-availability-of-support-for-azure/ba-p/3636262", "services": [ - "AVD", "ACR", - "ASR" + "ASR", + "AVD" ], "severity": "High", "subcategory": "Compute", @@ -37672,10 +37642,10 @@ "guid": "4c61fc3f-c14e-4ea6-b69e-8d9a3eec218e", "link": "https://docs.microsoft.com/azure/virtual-desktop/disaster-recovery", "services": [ - "AVD", + "ASR", "Backup", "VM", - "ASR" + "AVD" ], "severity": "Medium", "subcategory": "Compute", @@ -37689,11 +37659,11 @@ "guid": "5da58639-ca3a-4961-890b-29663c5e10d", "link": "https://learn.microsoft.com/azure/site-recovery/azure-to-azure-how-to-enable-zone-to-zone-disaster-recovery", "services": [ - "AVD", - "Cost", "Backup", + "AVD", "VM", - "ASR" + "ASR", + "Cost" ], "severity": "Medium", "subcategory": "Compute", @@ -37725,8 +37695,8 @@ "guid": "fd339489-8c12-488b-9c6a-57cfb644451e", "link": "https://docs.microsoft.com/azure/virtual-desktop/disaster-recovery", "services": [ - "AVD", - "ASR" + "ASR", + "AVD" ], "severity": "Medium", "subcategory": "Dependencies", @@ -37740,9 +37710,9 @@ "guid": "687ab077-adb5-49e5-a960-3334fdf8cc23", "link": "https://docs.microsoft.com/fslogix/manage-profile-content-cncpt", "services": [ + "ASR", "Storage", - "AVD", - "ASR" + "AVD" ], "severity": "Medium", "subcategory": "Storage", @@ -37756,11 +37726,11 @@ "guid": "fc4972cc-3cd2-45bf-a707-6e9eab4bed32", "link": "https://docs.microsoft.com/azure/virtual-desktop/disaster-recovery", "services": [ + "Backup", "Storage", "AVD", - "Backup", - "AzurePolicy", - "ASR" + "ASR", + "AzurePolicy" ], "severity": "Medium", "subcategory": "Storage", @@ -37774,9 +37744,9 @@ "guid": "9f7547c1-746d-4c56-868a-714435bd09dd", "link": "https://docs.microsoft.com/azure/virtual-desktop/disaster-recovery", "services": [ + "ASR", "Storage", - "AVD", - "ASR" + "AVD" ], "severity": "Medium", "subcategory": "Storage", @@ -37790,10 +37760,10 @@ "guid": "3d4f3537-c134-46dc-9602-7a71efe1bd05", "link": "https://docs.microsoft.com/azure/backup/backup-afs", "services": [ - "Storage", - "AVD", + "ASR", "Backup", - "ASR" + "Storage", + "AVD" ], "severity": "Medium", "subcategory": "Storage", @@ -37807,9 +37777,9 @@ "guid": "10d4e875-d502-4142-a795-f2b6eff34f88", "link": "https://learn.microsoft.com/azure/storage/files/files-redundancy#zone-redundant-storage", "services": [ + "ASR", "Storage", - "AVD", - "ASR" + "AVD" ], "severity": "High", "subcategory": "Storage", @@ -37823,10 +37793,10 @@ "guid": "23429db7-2281-4376-85cc-57b4a4b18142", "link": "https://learn.microsoft.com/azure/azure-netapp-files/cross-region-replication-create-peering", "services": [ + "Backup", "Storage", "AVD", "ACR", - "Backup", "ASR" ], "severity": "Medium", @@ -37883,9 +37853,9 @@ "guid": "5a2adb2c-3e23-426b-b225-ca44e1696fdd", "link": "https://learn.microsoft.com/azure/virtual-machines/shared-image-galleries", "services": [ + "VM", "Storage", - "AVD", - "VM" + "AVD" ], "severity": "Low", "subcategory": "Golden Images", @@ -37941,8 +37911,8 @@ "guid": "829e3fec-2183-4687-a017-7a2b5945bda4", "link": "https://github.com/The-Virtual-Desktop-Team/Virtual-Desktop-Optimization-Tool", "services": [ - "AVD", - "RBAC" + "RBAC", + "AVD" ], "severity": "Low", "subcategory": "Golden Images", @@ -37999,9 +37969,9 @@ "guid": "90083845-c587-4cb3-a1ec-16a1d076ef9f", "link": "https://docs.microsoft.com/azure/virtual-desktop/app-attach-file-share", "services": [ + "Cost", "Storage", - "AVD", - "Cost" + "AVD" ], "severity": "Medium", "subcategory": "MSIX & AppAttach", @@ -38029,10 +37999,10 @@ "guid": "66e15d4d-5a2a-4db2-a3e2-326bf225ca41", "link": "https://docs.microsoft.com/azure/virtual-desktop/app-attach-file-share", "services": [ - "Storage", - "AVD", + "RBAC", "VM", - "RBAC" + "Storage", + "AVD" ], "severity": "Medium", "subcategory": "MSIX & AppAttach", @@ -38088,8 +38058,8 @@ "guid": "e4633254-3185-40a1-b120-bd563a1c8e9d", "link": "https://docs.microsoft.com/azure/virtual-machines/generation-2", "services": [ - "AVD", - "VM" + "VM", + "AVD" ], "severity": "Medium", "subcategory": "Session Host", @@ -38117,8 +38087,8 @@ "guid": "8468c55a-775c-46ee-a5b8-6ad8844ce3b2", "link": "https://learn.microsoft.com/azure/virtual-desktop/terminology#host-pools", "services": [ - "AVD", - "VM" + "VM", + "AVD" ], "severity": "High", "subcategory": "Capacity Planning", @@ -38132,8 +38102,8 @@ "guid": "4e98495f-d3c0-4af2-aa59-a793395a32a7", "link": "https://learn.microsoft.com/azure/virtual-desktop/terminology?WT.mc_id=Portal-fx#host-pools", "services": [ - "AVD", - "VM" + "VM", + "AVD" ], "severity": "High", "subcategory": "Capacity Planning", @@ -38175,8 +38145,8 @@ "guid": "b3724959-4943-4577-a3a9-e10ff6345f24", "link": "https://learn.microsoft.com/windows-server/remote/remote-desktop-services/virtual-machine-recs", "services": [ - "AVD", - "VM" + "VM", + "AVD" ], "severity": "Medium", "subcategory": "Capacity Planning", @@ -38205,9 +38175,9 @@ "guid": "971cc4a4-b1f7-4c12-90e0-1ad96808f00c", "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits#azure-virtual-desktop-service-limits", "services": [ - "AVD", "ACR", - "Entra" + "Entra", + "AVD" ], "severity": "Medium", "subcategory": "Capacity Planning", @@ -38235,9 +38205,9 @@ "guid": "38b19ab6-0693-4992-9394-5590883916ec", "link": "https://learn.microsoft.com/azure/virtual-desktop/configure-host-pool-personal-desktop-assignment-type?tabs=azure#reassign-a-personal-desktop", "services": [ + "VM", "Storage", - "AVD", - "VM" + "AVD" ], "severity": "Low", "subcategory": "Capacity Planning", @@ -38251,8 +38221,8 @@ "guid": "e1112dbd-7ba0-412e-9b94-ef6e047d2ea2", "link": "https://docs.microsoft.com/windows-server/remote/remote-desktop-services/virtual-machine-recs", "services": [ - "AVD", - "VM" + "VM", + "AVD" ], "severity": "High", "subcategory": "Capacity Planning", @@ -38295,8 +38265,8 @@ "guid": "b47a393a-0803-4272-a479-8b1578b219a4", "link": "https://learn.microsoft.com/azure/virtual-network/accelerated-networking-overview", "services": [ - "AVD", - "VM" + "VM", + "AVD" ], "severity": "Low", "subcategory": "Capacity Planning", @@ -38324,10 +38294,10 @@ "guid": "6abca2a4-fda1-4dbf-9dc9-5d48c7c791dc", "link": "https://learn.microsoft.com/azure/architecture/example-scenario/wvd/windows-virtual-desktop?toc=%2Fazure%2Fvirtual-desktop%2Ftoc.json&bc=%2Fazure%2Fvirtual-desktop%2Fbreadcrumb%2Ftoc.json", "services": [ - "Storage", - "AVD", + "ExpressRoute", "VPN", - "ExpressRoute" + "Storage", + "AVD" ], "severity": "Medium", "subcategory": "Clients & Users", @@ -38411,9 +38381,9 @@ "guid": "8053d89e-89dc-47b3-9be2-a1a27f7a9e91", "link": "https://docs.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits", "services": [ + "VM", "Storage", - "AVD", - "VM" + "AVD" ], "severity": "Low", "subcategory": "General", @@ -38427,10 +38397,10 @@ "guid": "c14aea7e-65e8-4d9a-9aec-218e6436b073", "link": "https://docs.microsoft.com/azure/architecture/reference-architectures/identity/adds-extend-domain", "services": [ - "Storage", - "AVD", + "Entra", "VNet", - "Entra" + "Storage", + "AVD" ], "severity": "Medium", "subcategory": "Active Directory", @@ -38444,8 +38414,8 @@ "guid": "6db55f57-9603-4334-adf9-cc23418db612", "link": "https://docs.microsoft.com/azure/virtual-desktop/create-host-pools-azure-marketplace", "services": [ - "AVD", - "Entra" + "Entra", + "AVD" ], "severity": "Medium", "subcategory": "Active Directory", @@ -38459,8 +38429,8 @@ "guid": "7126504b-b47a-4393-a080-327294798b15", "link": "https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-hierarchy", "services": [ - "AVD", - "Entra" + "Entra", + "AVD" ], "severity": "Medium", "subcategory": "Active Directory", @@ -38474,8 +38444,8 @@ "guid": "2226a8e3-50a4-4ac3-8bd6-ee150553051f", "link": "https://learn.microsoft.com/fslogix/how-to-use-group-policy-templates", "services": [ - "AVD", - "Entra" + "Entra", + "AVD" ], "severity": "Medium", "subcategory": "Active Directory", @@ -38489,9 +38459,9 @@ "guid": "347dc560-28a7-41ff-b1cd-15dd2f0d5e77", "link": "https://learn.microsoft.com/azure/virtual-desktop/prerequisites?tabs=portal#session-hosts", "services": [ - "AVD", + "Entra", "VM", - "Entra" + "AVD" ], "severity": "Medium", "subcategory": "Active Directory", @@ -38505,8 +38475,8 @@ "guid": "2d41e361-1cc5-47b4-a4b1-410d43958a8c", "link": "https://docs.microsoft.com/azure/virtual-desktop/manage-app-groups", "services": [ - "AVD", - "Entra" + "Entra", + "AVD" ], "severity": "Medium", "subcategory": "Active Directory", @@ -38520,10 +38490,10 @@ "guid": "2289b3d6-b57c-4fc6-9546-1e1a3e3453a3", "link": "https://docs.microsoft.com/azure/storage/files/storage-files-identity-ad-ds-enable", "services": [ - "Storage", - "AVD", "Entra", - "AzurePolicy" + "AzurePolicy", + "Storage", + "AVD" ], "severity": "High", "subcategory": "Active Directory", @@ -38537,8 +38507,8 @@ "guid": "5119bf8e-8f58-4542-a7d9-cec166cd072a", "link": "https://learn.microsoft.com/azure/virtual-desktop/prerequisites?tabs=portal#identity", "services": [ - "AVD", - "Entra" + "Entra", + "AVD" ], "severity": "High", "subcategory": "Active Directory", @@ -38552,9 +38522,9 @@ "guid": "e777fd5e-c5f1-4d6e-8fa9-fc210b88e338", "link": "https://learn.microsoft.com/azure/storage/files/storage-files-identity-auth-hybrid-identities-enable", "services": [ + "Entra", "Storage", - "AVD", - "Entra" + "AVD" ], "severity": "Medium", "subcategory": "Microsoft Entra ID", @@ -38568,10 +38538,10 @@ "guid": "6ceb5443-5125-4922-9442-93bb628537a5", "link": "https://learn.microsoft.com/azure/virtual-desktop/prerequisites?tabs=portal#identity", "services": [ - "AVD", - "Subscriptions", + "VNet", "Entra", - "VNet" + "Subscriptions", + "AVD" ], "severity": "High", "subcategory": "Requirements", @@ -38585,8 +38555,8 @@ "guid": "b4ce4781-7557-4a1f-8043-332ae199d44c", "link": "https://learn.microsoft.com/azure/virtual-desktop/authentication", "services": [ - "AVD", - "Entra" + "Entra", + "AVD" ], "severity": "High", "subcategory": "Requirements", @@ -38600,8 +38570,8 @@ "guid": "f9b141a8-98a5-435e-9378-97e71ca7da7b", "link": "https://learn.microsoft.com/azure/virtual-desktop/prerequisites?tabs=portal#supported-identity-scenarios", "services": [ - "AVD", - "Entra" + "Entra", + "AVD" ], "severity": "Medium", "subcategory": "Requirements", @@ -38615,8 +38585,8 @@ "guid": "5f9f680a-ba07-4429-bbf7-93d7071561f4", "link": "https://learn.microsoft.com/azure/virtual-desktop/authentication#single-sign-on-sso", "services": [ - "AVD", - "Entra" + "Entra", + "AVD" ], "severity": "Medium", "subcategory": "Requirements", @@ -38630,9 +38600,9 @@ "guid": "ea962a15-9394-46da-a7cc-3923266b2258", "link": "https://learn.microsoft.com/azure/virtual-desktop/prerequisites?tabs=portal#supported-identity-scenarios", "services": [ - "AVD", "VM", - "Entra" + "Entra", + "AVD" ], "severity": "High", "subcategory": "Requirements", @@ -38646,8 +38616,8 @@ "guid": "6f4a1651-bddd-4ea8-a487-cdeb4861bc3b", "link": "https://docs.microsoft.com/azure/active-directory-domain-services/compare-identity-solutions", "services": [ - "AVD", - "Entra" + "Entra", + "AVD" ], "severity": "Low", "subcategory": "Requirements", @@ -38661,9 +38631,9 @@ "guid": "5549524b-36c0-4f1a-892b-ab3ca78f5db2", "link": "https://learn.microsoft.com/azure/virtual-desktop/administrative-template", "services": [ - "AVD", + "Monitor", "Entra", - "Monitor" + "AVD" ], "severity": "Low", "subcategory": "Management", @@ -38677,9 +38647,9 @@ "guid": "3334fdf9-1c23-4418-8b65-285269440b4b", "link": "https://learn.microsoft.com/azure/virtual-desktop/management", "services": [ - "AVD", + "Monitor", "VM", - "Monitor" + "AVD" ], "severity": "Low", "subcategory": "Management", @@ -38693,8 +38663,8 @@ "guid": "63a08be1-6004-4b4a-a79b-f3239faae113", "link": "https://learn.microsoft.com/mem/intune/fundamentals/azure-virtual-desktop", "services": [ - "AVD", - "Monitor" + "Monitor", + "AVD" ], "severity": "Medium", "subcategory": "Management", @@ -38708,10 +38678,10 @@ "guid": "7138b820-102c-4e16-be30-1e6e872e52e3", "link": "https://learn.microsoft.com/azure/virtual-desktop/autoscale-scenarios", "services": [ - "AVD", "VM", + "Monitor", "Cost", - "Monitor" + "AVD" ], "severity": "Medium", "subcategory": "Management", @@ -38725,10 +38695,10 @@ "guid": "55f612fe-f215-4f0d-a956-10e7dd96bcbc", "link": "https://learn.microsoft.com/azure/virtual-desktop/start-virtual-machine-connect", "services": [ - "AVD", "Cost", + "Monitor", "VM", - "Monitor" + "AVD" ], "severity": "Low", "subcategory": "Management", @@ -38743,9 +38713,9 @@ "link": "https://learn.microsoft.com/azure/virtual-desktop/start-virtual-machine-connect-faq#are-vms-automatically-deallocated-when-a-user-stops-using-them", "services": [ "AVD", + "VM", "Cost", "Monitor", - "VM", "AzurePolicy" ], "severity": "Low", @@ -38760,13 +38730,13 @@ "guid": "51bcafca-476a-48fa-9b91-9645a7679f20", "link": "https://learn.microsoft.com/azure/virtual-desktop/tag-virtual-desktop-resources", "services": [ + "VPN", "Storage", "AVD", - "Cost", - "Monitor", - "DNS", - "VPN", "ExpressRoute", + "Cost", + "DNS", + "Monitor", "VWAN" ], "severity": "Low", @@ -38781,10 +38751,10 @@ "guid": "611dd68c-5a4b-4252-8e44-a59a9c2399c4", "link": "https://learn.microsoft.com/azure/virtual-desktop/azure-advisor-recommendations", "services": [ - "AVD", "Cost", + "Monitor", "Entra", - "Monitor" + "AVD" ], "severity": "Low", "subcategory": "Management", @@ -38798,8 +38768,8 @@ "guid": "04722da2-9c2b-41cd-922f-54b29bade3aa", "link": "https://learn.microsoft.com/mem/intune/fundamentals/azure-virtual-desktop-multi-session", "services": [ - "AVD", - "Monitor" + "Monitor", + "AVD" ], "severity": "Medium", "subcategory": "Management", @@ -38813,8 +38783,8 @@ "guid": "c067939b-e5ca-4698-b9ce-3bd91843e73f", "link": "https://learn.microsoft.com/azure/virtual-desktop/scheduled-agent-updates", "services": [ - "AVD", - "Monitor" + "Monitor", + "AVD" ], "severity": "Low", "subcategory": "Management", @@ -38828,9 +38798,9 @@ "guid": "d1e8c38e-c936-4667-913c-005674b1e944", "link": "https://docs.microsoft.com/azure/virtual-desktop/create-validation-host-pool", "services": [ - "AVD", + "Monitor", "VM", - "Monitor" + "AVD" ], "severity": "Medium", "subcategory": "Management", @@ -38844,9 +38814,9 @@ "guid": "a459c373-e7ed-4616-83b3-65a917ecbe48", "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/wvd/eslz-platform-automation-and-devops", "services": [ - "AVD", + "Monitor", "VM", - "Monitor" + "AVD" ], "severity": "Medium", "subcategory": "Management", @@ -38860,9 +38830,9 @@ "guid": "ebe54cd7-df2e-48bb-ac35-81559bb9153e", "link": "https://docs.microsoft.com/azure/virtual-desktop/faq", "services": [ - "AVD", + "Monitor", "VM", - "Monitor" + "AVD" ], "severity": "Medium", "subcategory": "Management", @@ -38876,8 +38846,8 @@ "guid": "63cfff1c-ac59-49ef-8d5a-83dd4de36c1c", "link": "https://learn.microsoft.com/azure/virtual-desktop/insights", "services": [ - "AVD", - "Monitor" + "Monitor", + "AVD" ], "severity": "High", "subcategory": "Monitoring", @@ -38891,9 +38861,9 @@ "guid": "81770afb-c4c0-4e43-a186-58d2857ed671", "link": "https://docs.microsoft.com/azure/virtual-desktop/diagnostics-log-analytics", "services": [ - "AVD", + "Monitor", "VM", - "Monitor" + "AVD" ], "severity": "Medium", "subcategory": "Monitoring", @@ -38907,9 +38877,9 @@ "guid": "2463cffe-179c-4599-be0d-5973dd4ce32c", "link": "https://docs.microsoft.com/azure/storage/files/storage-files-monitoring?tabs=azure-portal", "services": [ + "Monitor", "Storage", - "AVD", - "Monitor" + "AVD" ], "severity": "Medium", "subcategory": "Monitoring", @@ -38923,8 +38893,8 @@ "guid": "18813706-f7c4-4c0d-9e51-4548d2457ed6", "link": "https://docs.microsoft.com/azure/virtual-desktop/set-up-service-alerts", "services": [ - "AVD", - "Monitor" + "Monitor", + "AVD" ], "severity": "Medium", "subcategory": "Monitoring", @@ -38938,10 +38908,10 @@ "guid": "dd399cfd-7b28-4dc8-9555-6202bfe4563b", "link": "https://docs.microsoft.com/azure/architecture/reference-architectures/hybrid-networking/", "services": [ - "AVD", - "VPN", "ExpressRoute", - "NVA" + "NVA", + "VPN", + "AVD" ], "severity": "Medium", "subcategory": "Networking", @@ -38955,9 +38925,9 @@ "guid": "c8639648-a652-4d6c-85e5-02965388e5de", "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/wvd/eslz-network-topology-and-connectivity", "services": [ - "AVD", + "VNet", "VWAN", - "VNet" + "AVD" ], "severity": "Medium", "subcategory": "Networking", @@ -38971,8 +38941,8 @@ "guid": "d227dd14-2b06-4c21-a799-9a646f4389a7", "link": "https://docs.microsoft.com/azure/architecture/reference-architectures/hybrid-networking/", "services": [ - "AVD", - "VPN" + "VPN", + "AVD" ], "severity": "Medium", "subcategory": "Networking", @@ -38986,10 +38956,10 @@ "guid": "fc4972cd-3cd2-41bf-9703-6e5e6b4bed3d", "link": "https://docs.microsoft.com/azure/firewall/protect-windows-virtual-desktop", "services": [ - "AVD", "NVA", "VNet", - "Firewall" + "Firewall", + "AVD" ], "severity": "Medium", "subcategory": "Networking", @@ -39017,8 +38987,8 @@ "guid": "73676ae4-6691-4e88-95ad-a42223e13810", "link": "https://learn.microsoft.com/microsoft-365/security/defender-endpoint/onboard-windows-multi-session-device?view=o365-worldwide", "services": [ - "AVD", - "Defender" + "Defender", + "AVD" ], "severity": "Medium", "subcategory": "Networking", @@ -39032,10 +39002,10 @@ "guid": "523181a9-4174-4158-93ff-7ae7c6d37431", "link": "https://docs.microsoft.com/azure/firewall/protect-windows-virtual-desktop", "services": [ - "AVD", "NVA", "VNet", - "Firewall" + "Firewall", + "AVD" ], "severity": "Low", "subcategory": "Networking", @@ -39049,8 +39019,8 @@ "guid": "cc6edca0-aeca-4566-9e92-cf246f1465af", "link": "https://learn.microsoft.com/azure/virtual-desktop/proxy-server-support", "services": [ - "AVD", - "VM" + "VM", + "AVD" ], "severity": "High", "subcategory": "Networking", @@ -39064,8 +39034,8 @@ "guid": "516785c6-fa96-4c96-ad88-408f372734c8", "link": "https://learn.microsoft.com/azure/virtual-desktop/rdp-bandwidth", "services": [ - "AVD", - "VM" + "VM", + "AVD" ], "severity": "Low", "subcategory": "Networking", @@ -39079,11 +39049,11 @@ "guid": "ec27d589-9178-426d-8df2-ff60020f30a6", "link": "https://learn.microsoft.com/azure/storage/files/storage-files-networking-endpoints", "services": [ + "PrivateLink", + "VNet", "Storage", "AVD", - "VNet", - "Cost", - "PrivateLink" + "Cost" ], "severity": "Medium", "subcategory": "Networking", @@ -39097,8 +39067,8 @@ "guid": "b2074747-d01a-4f61-b1aa-92ad793d9ff4", "link": "https://docs.microsoft.com/azure/virtual-desktop/shortpath", "services": [ - "AVD", - "VPN" + "VPN", + "AVD" ], "severity": "Medium", "subcategory": "Networking", @@ -39126,8 +39096,8 @@ "guid": "b1172576-9ef6-4691-a483-5ac932223ece", "link": "https://learn.microsoft.com/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus", "services": [ - "AVD", - "Defender" + "Defender", + "AVD" ], "severity": "High", "subcategory": "Host Configuration", @@ -39141,10 +39111,10 @@ "guid": "0fd32907-98bc-4178-adc5-a06ca7144351", "link": "https://learn.microsoft.com/azure/virtual-machines/disk-encryption-overview", "services": [ - "Storage", - "AVD", + "VM", "AKV", - "VM" + "Storage", + "AVD" ], "severity": "Low", "subcategory": "Host Configuration", @@ -39158,9 +39128,9 @@ "guid": "36a5a67f-bb9e-4d5b-9547-8c4479816b28", "link": "https://learn.microsoft.com/azure/virtual-desktop/security-guide#azure-virtual-desktop-support-for-trusted-launch", "services": [ - "AVD", + "Monitor", "VM", - "Monitor" + "AVD" ], "severity": "Medium", "subcategory": "Host Configuration", @@ -39174,8 +39144,8 @@ "guid": "135d3899-4b31-44d3-bc8f-028871a359d8", "link": "https://learn.microsoft.com/windows/whats-new/windows-11-requirements", "services": [ - "AVD", - "VM" + "VM", + "AVD" ], "severity": "High", "subcategory": "Host Configuration", @@ -39231,8 +39201,8 @@ "guid": "e19dd344-29eb-4722-a237-a151c5bb4e4f", "link": "https://learn.microsoft.com/microsoft-365/security/defender-endpoint/web-protection-overview", "services": [ - "AVD", - "Defender" + "Defender", + "AVD" ], "severity": "Medium", "subcategory": "Management", @@ -39260,12 +39230,12 @@ "guid": "1814387e-5ca9-4c26-a9b3-2ab5bdfc6998", "link": "https://learn.microsoft.com/azure/virtual-desktop/security-guide#enable-microsoft-defender-for-cloud", "services": [ + "Defender", "AKV", - "Subscriptions", "Storage", "AVD", - "Defender", - "VM" + "VM", + "Subscriptions" ], "severity": "Medium", "subcategory": "Management", @@ -39279,9 +39249,9 @@ "guid": "a0916a76-4980-4ad0-b278-ee293c1bc352", "link": "https://learn.microsoft.com/azure/virtual-desktop/security-guide#collect-audit-logs", "services": [ - "AVD", + "Monitor", "Entra", - "Monitor" + "AVD" ], "severity": "Medium", "subcategory": "Management", @@ -39295,9 +39265,9 @@ "guid": "baaab757-1849-4ab8-893d-c9fc9d1bb73b", "link": "https://docs.microsoft.com/azure/virtual-desktop/rbac", "services": [ - "AVD", + "RBAC", "Entra", - "RBAC" + "AVD" ], "severity": "Low", "subcategory": "Management", @@ -39311,8 +39281,8 @@ "guid": "b9ea80c8-0628-49fc-ae63-125aa4c0a284", "link": "https://learn.microsoft.com/azure/virtual-desktop/security-guide#windows-defender-application-control", "services": [ - "AVD", - "Defender" + "Defender", + "AVD" ], "severity": "Medium", "subcategory": "Management", @@ -39326,8 +39296,8 @@ "guid": "916d697d-8ead-4ed2-9bdd-186f1ac252b9", "link": "https://learn.microsoft.com/azure/virtual-desktop/set-up-mfa", "services": [ - "AVD", - "Entra" + "Entra", + "AVD" ], "severity": "Medium", "subcategory": "Microsoft Entra ID", @@ -39370,10 +39340,10 @@ "guid": "5784b6ca-5e9e-4bcf-8b54-c95459ea7369", "link": "https://learn.microsoft.com/azure/storage/files/storage-files-smb-multichannel-performance", "services": [ - "Storage", - "AVD", "ACR", - "Cost" + "Cost", + "Storage", + "AVD" ], "severity": "Low", "subcategory": "Azure Files", @@ -39417,9 +39387,9 @@ "guid": "6647e977-db49-48a8-bc35-743f17499d42", "link": "https://docs.microsoft.com/azure/azure-netapp-files/create-active-directory-connections", "services": [ + "VNet", "Storage", - "AVD", - "VNet" + "AVD" ], "severity": "High", "subcategory": "Azure NetApp Files", @@ -39448,9 +39418,9 @@ "guid": "ed6b17db-8255-4462-b2ae-e4553afc8339", "link": "https://docs.microsoft.com/azure/virtual-desktop/store-fslogix-profile", "services": [ + "VM", "Storage", - "AVD", - "VM" + "AVD" ], "severity": "High", "subcategory": "Capacity Planning", @@ -39494,9 +39464,9 @@ "guid": "8aad53cc-79e2-4e86-9673-57c549675c5e", "link": "https://docs.microsoft.com/azure/virtual-desktop/fslogix-containers-azure-files", "services": [ + "Cost", "Storage", - "AVD", - "Cost" + "AVD" ], "severity": "High", "subcategory": "Capacity Planning", @@ -39510,9 +39480,9 @@ "guid": "df47d2d9-2881-4b1c-b5d1-e54a29759e39", "link": "https://learn.microsoft.com/fslogix/concepts-container-types#when-to-use-profile-and-odfc-containers", "services": [ + "ASR", "Storage", - "AVD", - "ASR" + "AVD" ], "severity": "High", "subcategory": "FSLogix", @@ -39556,10 +39526,10 @@ "guid": "d34aad5e-8c78-4e1d-9666-7313c405674c", "link": "https://learn.microsoft.com/fslogix/concepts-configuration-examples", "services": [ - "Storage", - "AVD", + "ACR", "AKV", - "ACR" + "Storage", + "AVD" ], "severity": "High", "subcategory": "FSLogix", @@ -39588,9 +39558,9 @@ "guid": "b2d1215a-e114-4ba3-9df5-85ecdcd9bd3b", "link": "https://docs.microsoft.com/fslogix/cloud-cache-configuration-reference", "services": [ + "VM", "Storage", - "AVD", - "VM" + "AVD" ], "severity": "Low", "subcategory": "FSLogix", @@ -39661,7 +39631,7 @@ "category": "Azure Billing and Microsoft Entra ID Tenants", "checklist": "Azure Landing Zone Review", "guid": "5d82e6df-6f61-42f2-82e2-3132d293be3d", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-microsoft-customer-agreement#design-recommendations", + "link": "https://learn.microsoft.com/azure/lighthouse/overview", "service": "Entra", "services": [ "Entra" @@ -39691,8 +39661,8 @@ "guid": "32952499-58c8-4e6f-ada5-972e67893d55", "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-microsoft-customer-agreement#design-recommendations", "services": [ - "Cost", - "Entra" + "Entra", + "Cost" ], "severity": "Medium", "subcategory": "Cloud Solution Provider", @@ -39735,8 +39705,8 @@ "guid": "ca0fe401-12ad-46fc-8a7e-86293866a9f6", "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-enterprise-agreement#design-recommendations", "services": [ - "Cost", - "Entra" + "Entra", + "Cost" ], "severity": "Medium", "subcategory": "Enterprise Agreement", @@ -39748,7 +39718,7 @@ "category": "Azure Billing and Microsoft Entra ID Tenants", "checklist": "Azure Landing Zone Review", "guid": "5cf9f485-2784-49b3-9824-75d9b8bdb57b", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-enterprise-agreement#design-considerations", + "link": "https://azure.microsoft.com/pricing/offers/ms-azr-0148p", "services": [ "Entra", "Cost", @@ -39780,9 +39750,9 @@ "guid": "90e87802-602f-4dfb-acea-67c60689f1d7", "link": "https://learn.microsoft.com/azure/cost-management-billing/manage/mca-section-invoice", "services": [ - "Storage", + "Entra", "Cost", - "Entra" + "Storage" ], "severity": "Low", "subcategory": "Microsoft Customer Agreement", @@ -39796,8 +39766,8 @@ "guid": "e81a73f0-84c4-4641-b406-14db3b4d1f50", "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-microsoft-customer-agreement#design-recommendations", "services": [ - "Cost", - "Entra" + "Entra", + "Cost" ], "severity": "Low", "subcategory": "Microsoft Customer Agreement", @@ -39811,8 +39781,8 @@ "guid": "ae757485-92a4-482a-8bc9-eefe6f5b5ec3", "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-microsoft-customer-agreement#design-recommendations", "services": [ - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "subcategory": "Microsoft Customer Agreement", @@ -39827,9 +39797,9 @@ "link": "https://learn.microsoft.com/azure/role-based-access-control/overview", "service": "Entra", "services": [ - "Entra", - "ACR", "RBAC", + "ACR", + "Entra", "Subscriptions" ], "severity": "High", @@ -39842,7 +39812,7 @@ "category": "Identity and Access Management", "checklist": "Azure Landing Zone Review", "guid": "4348bf81-7573-4512-8f46-9061cc198fea", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access-landing-zones#identity-and-access-management-in-the-azure-landing-zone-accelerator", + "link": "https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/overview", "services": [ "Entra" ], @@ -39919,8 +39889,8 @@ "guid": "e6a83de5-de32-4c19-a248-1607d5d1e4e6", "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/manage/centralize-operations", "services": [ - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "High", "subcategory": "Identity", @@ -39949,9 +39919,9 @@ "guid": "1559ab91-53e8-4908-ae28-c84c33b6b780", "link": "https://learn.microsoft.com/azure/architecture/reference-architectures/identity/adds-extend-domain#vm-recommendations", "services": [ - "VM", "ACR", - "Entra" + "Entra", + "VM" ], "severity": "High", "subcategory": "Identity", @@ -39979,9 +39949,9 @@ "guid": "f5664b5e-984a-4859-a773-e7d261623a76", "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access#prerequisites-for-a-landing-zone---design-recommendations", "services": [ - "Entra", - "ACR", "RBAC", + "ACR", + "Entra", "Subscriptions" ], "severity": "Medium", @@ -40028,8 +39998,8 @@ "link": "https://learn.microsoft.com/azure/active-directory/reports-monitoring/concept-activity-logs-azure-monitor", "service": "Entra", "services": [ - "Entra", - "Monitor" + "Monitor", + "Entra" ], "severity": "Medium", "subcategory": "Identity", @@ -40059,8 +40029,8 @@ "guid": "cd163e39-84a5-4b39-97b7-6973abd70d94", "link": "https://learn.microsoft.com/azure/active-directory/hybrid/how-to-connect-sync-staging-server", "services": [ - "Entra", - "ASR" + "ASR", + "Entra" ], "severity": "Medium", "subcategory": "Microsoft Entra ID", @@ -40075,8 +40045,8 @@ "link": "https://learn.microsoft.com/azure/active-directory/roles/best-practices", "service": "Entra", "services": [ - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "subcategory": "Identity", @@ -40105,8 +40075,8 @@ "guid": "9cf5418b-1520-4b7b-add7-88eb28f833e8", "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access-landing-zones#identity-and-access-management-in-the-azure-landing-zone-accelerator", "services": [ - "VNet", - "Entra" + "Entra", + "VNet" ], "severity": "High", "subcategory": "Landing zones", @@ -40120,9 +40090,9 @@ "guid": "d4d1ad54-1abc-4919-b267-3f342d3b49e4", "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access-landing-zones#rbac-recommendations", "services": [ + "Storage", "AKV", "RBAC", - "Storage", "ACR", "Entra" ], @@ -40193,9 +40163,9 @@ "guid": "61623a76-5a91-47e1-b348-ef254c27d42e", "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups#management-group-recommendations", "services": [ - "Subscriptions", "RBAC", - "AzurePolicy" + "AzurePolicy", + "Subscriptions" ], "severity": "Medium", "subcategory": "Subscriptions", @@ -40209,10 +40179,10 @@ "guid": "8bbac757-1559-4ab9-853e-8908ae28c84c", "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups#management-group-recommendations", "services": [ - "DNS", "ExpressRoute", "VWAN", - "Subscriptions" + "Subscriptions", + "DNS" ], "severity": "Medium", "subcategory": "Subscriptions", @@ -40241,8 +40211,8 @@ "guid": "74d00018-ac6a-49e0-8e6a-83de5de32c19", "link": "https://learn.microsoft.com/azure/governance/management-groups/how-to/protect-resource-hierarchy#setting---require-authorization", "services": [ - "Subscriptions", - "RBAC" + "RBAC", + "Subscriptions" ], "severity": "Medium", "subcategory": "Subscriptions", @@ -40269,10 +40239,10 @@ "guid": "49b82111-2df2-47ee-912e-7f983f630472", "link": "https://learn.microsoft.com/entra/id-governance/access-reviews-overview", "services": [ - "Subscriptions", - "Cost", "RBAC", - "AzurePolicy" + "Cost", + "AzurePolicy", + "Subscriptions" ], "severity": "High", "subcategory": "Subscriptions", @@ -40316,9 +40286,9 @@ "guid": "c773e7d2-6162-43a7-95a9-17e1f348ef25", "link": "https://learn.microsoft.com/azure/azure-portal/azure-portal-dashboards", "services": [ - "Storage", + "Monitor", "Subscriptions", - "Monitor" + "Storage" ], "severity": "Medium", "subcategory": "Subscriptions", @@ -40347,8 +40317,8 @@ "guid": "3a923c34-74d0-4001-aac6-a9e01e6a83de", "link": "https://learn.microsoft.com/azure/governance/management-groups/overview", "services": [ - "Subscriptions", - "Entra" + "Entra", + "Subscriptions" ], "severity": "Medium", "subcategory": "Subscriptions", @@ -40478,12 +40448,12 @@ "service": "VNet", "services": [ "VNet", - "VPN", - "DNS", "Firewall", "NVA", "ExpressRoute", - "Entra" + "Entra", + "DNS", + "VPN" ], "severity": "High", "subcategory": "Hub and spoke", @@ -40512,9 +40482,9 @@ "link": "https://learn.microsoft.com/azure/expressroute/expressroute-howto-coexist-resource-manager#to-enable-transit-routing-between-expressroute-and-azure-vpn", "service": "ExpressRoute", "services": [ + "ExpressRoute", "ARS", - "VPN", - "ExpressRoute" + "VPN" ], "severity": "Low", "subcategory": "Hub and spoke", @@ -40671,8 +40641,8 @@ "link": "https://learn.microsoft.com/azure/vpn-gateway/site-to-site-vpn-private-peering", "service": "ExpressRoute", "services": [ - "VPN", - "ExpressRoute" + "ExpressRoute", + "VPN" ], "severity": "Medium", "subcategory": "Encryption", @@ -40735,8 +40705,8 @@ "link": "https://learn.microsoft.com/azure/site-recovery/concepts-on-premises-to-azure-networking#retain-ip-addresses", "service": "VNet", "services": [ - "VNet", - "ASR" + "ASR", + "VNet" ], "severity": "High", "subcategory": "IP plan", @@ -40768,8 +40738,8 @@ "link": "https://learn.microsoft.com/azure/dns/private-dns-getstarted-portal", "service": "DNS", "services": [ - "DNS", - "VNet" + "VNet", + "DNS" ], "severity": "Medium", "subcategory": "IP plan", @@ -40784,9 +40754,9 @@ "link": "https://learn.microsoft.com/azure/dns/dns-private-resolver-overview", "service": "DNS", "services": [ - "DNS", "ACR", - "VNet" + "VNet", + "DNS" ], "severity": "Medium", "subcategory": "IP plan", @@ -40801,8 +40771,8 @@ "link": "https://learn.microsoft.com/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances", "service": "DNS", "services": [ - "DNS", - "VNet" + "VNet", + "DNS" ], "severity": "Low", "subcategory": "IP plan", @@ -40817,9 +40787,9 @@ "link": "https://learn.microsoft.com/azure/dns/private-dns-autoregistration", "service": "DNS", "services": [ - "DNS", "VM", - "VNet" + "VNet", + "DNS" ], "severity": "High", "subcategory": "IP plan", @@ -40834,8 +40804,8 @@ "link": "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/private-link-and-dns-integration-at-scale#private-link-and-dns-integration-in-hub-and-spoke-network-architectures", "service": "DNS", "services": [ - "DNS", - "VNet" + "VNet", + "DNS" ], "severity": "Medium", "subcategory": "IP plan", @@ -40866,8 +40836,8 @@ "link": "https://learn.microsoft.com/azure/bastion/bastion-faq#subnet", "service": "Bastion", "services": [ - "VNet", - "Bastion" + "Bastion", + "VNet" ], "severity": "Medium", "subcategory": "Internet", @@ -40882,9 +40852,9 @@ "link": "https://learn.microsoft.com/azure/web-application-firewall/afds/afds-overview", "service": "WAF", "services": [ - "FrontDoor", "WAF", "ACR", + "FrontDoor", "AzurePolicy" ], "severity": "Medium", @@ -40902,8 +40872,8 @@ "services": [ "WAF", "FrontDoor", - "AppGW", - "AzurePolicy" + "AzurePolicy", + "AppGW" ], "severity": "Low", "subcategory": "Internet", @@ -40934,8 +40904,8 @@ "link": "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-reference-architectures", "service": "VNet", "services": [ - "VNet", - "DDoS" + "DDoS", + "VNet" ], "severity": "High", "subcategory": "Internet", @@ -40994,9 +40964,9 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/connectivity-to-azure", "service": "ExpressRoute", "services": [ - "VPN", "ExpressRoute", - "Backup" + "Backup", + "VPN" ], "severity": "Medium", "subcategory": "Hybrid", @@ -41028,8 +40998,8 @@ "link": "https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways?source=recommendations#gwsku", "service": "ExpressRoute", "services": [ - "VPN", - "ExpressRoute" + "ExpressRoute", + "VPN" ], "severity": "Medium", "subcategory": "Hybrid", @@ -41235,8 +41205,8 @@ "link": "https://learn.microsoft.com/azure/expressroute/expressroute-howto-coexist-resource-manager", "service": "ExpressRoute", "services": [ - "VPN", - "ExpressRoute" + "ExpressRoute", + "VPN" ], "severity": "Medium", "subcategory": "Hybrid", @@ -41252,8 +41222,8 @@ "link": "https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub", "service": "ExpressRoute", "services": [ - "Storage", - "VNet" + "VNet", + "Storage" ], "severity": "High", "subcategory": "Hybrid", @@ -41327,8 +41297,8 @@ "service": "ExpressRoute", "services": [ "ExpressRoute", - "VNet", - "Monitor" + "Monitor", + "VNet" ], "severity": "Medium", "subcategory": "Hybrid", @@ -41486,9 +41456,9 @@ "link": "https://learn.microsoft.com/azure/virtual-network/virtual-networks-udr-overview", "service": "Firewall", "services": [ - "Storage", "VNet", "Firewall", + "Storage", "NVA", "VWAN" ], @@ -41504,8 +41474,8 @@ "link": "https://learn.microsoft.com/azure/firewall/firewall-structured-logs", "service": "Firewall", "services": [ - "Storage", - "Firewall" + "Firewall", + "Storage" ], "severity": "Medium", "subcategory": "Firewall", @@ -41717,9 +41687,9 @@ "link": "https://learn.microsoft.com/en-gb/azure/ddos-protection/ddos-protection-overview", "service": "Firewall", "services": [ - "Firewall", + "DDoS", "VNet", - "DDoS" + "Firewall" ], "severity": "High", "subcategory": "Firewall", @@ -41794,10 +41764,10 @@ "link": "azure/private-link/inspect-traffic-with-azure-firewall", "service": "Firewall", "services": [ + "PrivateLink", "NVA", "DNS", - "Firewall", - "PrivateLink" + "Firewall" ], "severity": "Medium", "subcategory": "PaaS", @@ -41813,9 +41783,9 @@ "link": "https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway", "service": "ExpressRoute", "services": [ - "VPN", "ExpressRoute", - "VNet" + "VNet", + "VPN" ], "severity": "High", "subcategory": "Segmentation", @@ -41876,8 +41846,8 @@ "service": "NSG", "services": [ "NVA", - "VNet", - "Entra" + "Entra", + "VNet" ], "severity": "Medium", "subcategory": "Segmentation", @@ -41893,8 +41863,8 @@ "link": "https://learn.microsoft.com/azure/network-watcher/vnet-flow-logs-overview", "service": "NSG", "services": [ - "VNet", - "NetworkWatcher" + "NetworkWatcher", + "VNet" ], "severity": "Medium", "subcategory": "Segmentation", @@ -41988,8 +41958,8 @@ "link": "https://learn.microsoft.com/azure/virtual-wan/azure-monitor-insights", "service": "VWAN", "services": [ - "VWAN", - "Monitor" + "Monitor", + "VWAN" ], "severity": "Medium", "subcategory": "Virtual WAN", @@ -42021,9 +41991,9 @@ "link": "https://learn.microsoft.com/azure/virtual-wan/about-virtual-hub-routing-preference", "service": "VWAN", "services": [ - "VPN", "ExpressRoute", - "VWAN" + "VWAN", + "VPN" ], "severity": "Medium", "subcategory": "Virtual WAN", @@ -42100,8 +42070,8 @@ "link": "https://learn.microsoft.com/azure/governance/policy/overview", "service": "Policy", "services": [ - "Subscriptions", - "AzurePolicy" + "AzurePolicy", + "Subscriptions" ], "severity": "Medium", "subcategory": "Governance", @@ -42131,8 +42101,8 @@ "link": "https://learn.microsoft.com/security/benchmark/azure/mcsb-asset-management#am-2-use-only-approved-services", "service": "Policy", "services": [ - "Subscriptions", - "AzurePolicy" + "AzurePolicy", + "Subscriptions" ], "severity": "Low", "subcategory": "Governance", @@ -42163,10 +42133,10 @@ "link": "https://learn.microsoft.com/azure/governance/policy/overview#azure-rbac-permissions-in-azure-policy", "service": "Policy", "services": [ - "Entra", - "Subscriptions", "RBAC", - "AzurePolicy" + "Entra", + "AzurePolicy", + "Subscriptions" ], "severity": "Medium", "subcategory": "Governance", @@ -42181,8 +42151,8 @@ "link": "https://learn.microsoft.com/azure/governance/policy/overview", "service": "Policy", "services": [ - "Subscriptions", - "AzurePolicy" + "AzurePolicy", + "Subscriptions" ], "severity": "Medium", "subcategory": "Governance", @@ -42212,8 +42182,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/sovereign-landing-zone", "service": "Policy", "services": [ - "Subscriptions", - "AzurePolicy" + "AzurePolicy", + "Subscriptions" ], "severity": "Medium", "subcategory": "Governance", @@ -42254,8 +42224,8 @@ "guid": "29fd366b-a180-452b-9bd7-954b7700c667", "link": "https://learn.microsoft.com/azure/cost-management-billing/costs/tutorial-acm-create-budgets?bc=%2Fazure%2Fcloud-adoption-framework%2F_bread%2Ftoc.json&toc=%2Fazure%2Fcloud-adoption-framework%2Ftoc.json", "services": [ - "Cost", "Monitor", + "Cost", "TrafficManager" ], "severity": "Medium", @@ -42271,9 +42241,9 @@ "link": "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/workspace-design#azure-regions", "service": "Monitor", "services": [ + "RBAC", "Monitor", "Entra", - "RBAC", "AzurePolicy" ], "severity": "Medium", @@ -42304,10 +42274,10 @@ "link": "https://learn.microsoft.com/azure/azure-monitor/logs/data-retention-archive?tabs=portal-1%2Cportal-2#how-retention-and-archiving-work", "service": "Monitor", "services": [ - "Storage", "ARS", + "Monitor", "AzurePolicy", - "Monitor" + "Storage" ], "severity": "High", "subcategory": "Monitoring", @@ -42322,8 +42292,8 @@ "link": "https://learn.microsoft.com/azure/governance/machine-configuration/overview", "service": "VM", "services": [ - "VM", "Monitor", + "VM", "AzurePolicy" ], "severity": "Medium", @@ -42369,8 +42339,8 @@ "link": "https://learn.microsoft.com/azure/network-watcher/network-watcher-monitoring-overview", "service": "Network Watcher", "services": [ - "Monitor", - "NetworkWatcher" + "NetworkWatcher", + "Monitor" ], "severity": "Medium", "subcategory": "Monitoring", @@ -42398,8 +42368,8 @@ "guid": "a6e55d7d-8a2a-4db1-87d6-326af625ca44", "link": "https://learn.microsoft.com/azure/governance/policy/concepts/effect-deny", "services": [ - "Monitor", "RBAC", + "Monitor", "AzurePolicy" ], "severity": "Low", @@ -42471,8 +42441,8 @@ "guid": "619e8a13-f988-4795-85d6-26886d70ba6c", "link": "https://learn.microsoft.com/azure/azure-monitor/agents/diagnostics-extension-overview", "services": [ - "Storage", - "Monitor" + "Monitor", + "Storage" ], "severity": "Medium", "subcategory": "Monitoring", @@ -42560,8 +42530,8 @@ "guid": "0d83fd81-952c-4d47-a6cb-3a930925ef2e", "link": "https://learn.microsoft.com/en-gb/azure/storage/common/redundancy-migration?tabs=portal", "services": [ - "Storage", - "Cost" + "Cost", + "Storage" ], "severity": "High", "subcategory": "Data Protection", @@ -42619,8 +42589,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/management-operational-compliance#monitoring-for-configuration-drift", "service": "VM", "services": [ - "VM", "Monitor", + "VM", "AzurePolicy" ], "severity": "Medium", @@ -42636,8 +42606,8 @@ "link": "https://learn.microsoft.com/azure/site-recovery/site-recovery-overview", "service": "VM", "services": [ - "VM", "ACR", + "VM", "ASR" ], "severity": "Medium", @@ -42699,10 +42669,10 @@ "link": "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-best-practices#send-logs-to-microsoft-sentinel", "service": "WAF", "services": [ - "AppGW", "WAF", "FrontDoor", - "Sentinel" + "Sentinel", + "AppGW" ], "severity": "Medium", "subcategory": "App delivery", @@ -42772,8 +42742,8 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", "service": "Key Vault", "services": [ - "AKV", - "AzurePolicy" + "AzurePolicy", + "AKV" ], "severity": "Medium", "subcategory": "Encryption and keys", @@ -42788,9 +42758,9 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", "service": "Key Vault", "services": [ + "RBAC", "Entra", - "AKV", - "RBAC" + "AKV" ], "severity": "Medium", "subcategory": "Encryption and keys", @@ -42835,9 +42805,9 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", "service": "Key Vault", "services": [ - "AKV", + "PrivateLink", "VNet", - "PrivateLink" + "AKV" ], "severity": "Medium", "subcategory": "Encryption and keys", @@ -42852,9 +42822,9 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/monitor-key-vault", "service": "Key Vault", "services": [ - "AKV", + "Monitor", "Entra", - "Monitor" + "AKV" ], "severity": "Medium", "subcategory": "Encryption and keys", @@ -42869,8 +42839,8 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", "service": "Key Vault", "services": [ - "AKV", - "AzurePolicy" + "AzurePolicy", + "AKV" ], "severity": "Medium", "subcategory": "Encryption and keys", @@ -42899,8 +42869,8 @@ "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", "service": "Key Vault", "services": [ - "AKV", "ACR", + "AKV", "ASR" ], "severity": "Medium", @@ -42945,9 +42915,9 @@ "guid": "4e3ab369-3829-4e7e-9161-83687a0477a2", "link": "https://learn.microsoft.com/azure/azure-monitor/logs/logs-data-export?tabs=portal", "services": [ - "Storage", "ARS", - "Monitor" + "Monitor", + "Storage" ], "severity": "Medium", "subcategory": "Operations", @@ -43023,8 +42993,8 @@ "link": "https://learn.microsoft.com/azure/security-center/", "service": "VM", "services": [ - "Defender", - "Monitor" + "Monitor", + "Defender" ], "severity": "Medium", "subcategory": "Operations", @@ -43039,8 +43009,8 @@ "link": "https://learn.microsoft.com/azure/azure-monitor/logs/design-logs-deployment", "service": "Monitor", "services": [ - "Entra", - "Monitor" + "Monitor", + "Entra" ], "severity": "Medium", "subcategory": "Operations", @@ -43240,8 +43210,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/considerations/development-strategy-development-lifecycle#automated-builds", "service": "Key Vault", "services": [ - "AKV", - "VM" + "VM", + "AKV" ], "severity": "High", "subcategory": "DevOps Team Topologies", @@ -43341,9 +43311,9 @@ "guid": "976f32a7-30d1-6caa-c2a0-207fdc26571b", "link": "https://learn.microsoft.com/azure/azure-vmware/set-up-backup-server-for-azure-vmware-solution", "services": [ - "Storage", "AVS", - "Backup" + "Backup", + "Storage" ], "severity": "Medium", "subcategory": "Backup", @@ -43373,8 +43343,8 @@ "link": "Best practice to deploy backup in the same region as your AVS deployment", "services": [ "AVS", - "Backup", - "ASR" + "ASR", + "Backup" ], "severity": "Medium", "subcategory": "Business Continuity", @@ -43491,10 +43461,10 @@ "guid": "b44fb6ec-bfc1-3a8e-dba2-ca97f0991d2c", "link": "This depends if you have multiple AVS Private Clouds. If so and they are in the same region then use AVS Interconnect. If they are in separate regions then use ExpressRoute Global Reach.", "services": [ - "NVA", "AVS", - "ExpressRoute", - "ASR" + "ASR", + "NVA", + "ExpressRoute" ], "severity": "Medium", "subcategory": "Disaster Recovery", @@ -43599,9 +43569,9 @@ "link": "https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings", "services": [ "AVS", - "VPN", + "VNet", "ExpressRoute", - "VNet" + "VPN" ], "severity": "Medium", "subcategory": "Hub & Spoke", @@ -43616,9 +43586,9 @@ "link": "https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings", "services": [ "AVS", - "VPN", + "VNet", "ExpressRoute", - "VNet" + "VPN" ], "severity": "Medium", "subcategory": "Hub & Spoke", @@ -43633,9 +43603,9 @@ "link": "https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings", "services": [ "AVS", - "VPN", + "VNet", "ExpressRoute", - "VNet" + "VPN" ], "severity": "Medium", "subcategory": "Hub & Spoke", @@ -43680,8 +43650,8 @@ "link": "https://learn.microsoft.com/azure/bastion/tutorial-create-host-portal", "services": [ "AVS", - "VNet", - "Bastion" + "Bastion", + "VNet" ], "severity": "Medium", "subcategory": "Jumpbox & Bastion", @@ -43696,8 +43666,8 @@ "link": "https://learn.microsoft.com/azure/virtual-network/network-security-groups-overview", "services": [ "AVS", - "VM", - "Bastion" + "Bastion", + "VM" ], "severity": "Medium", "subcategory": "Jumpbox & Bastion", @@ -43772,8 +43742,8 @@ "link": "https://learn.microsoft.com/azure/virtual-wan/virtual-wan-point-to-site-portal", "services": [ "AVS", - "VPN", - "VWAN" + "VWAN", + "VPN" ], "severity": "Medium", "subcategory": "vWAN hub", @@ -43879,8 +43849,8 @@ "link": "https://learn.microsoft.com/azure/azure-vmware/concepts-identity", "services": [ "AVS", - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "subcategory": "Security", @@ -43895,8 +43865,8 @@ "link": "https://learn.microsoft.com/azure/azure-vmware/concepts-identity#view-the-vcenter-server-privileges", "services": [ "AVS", - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "subcategory": "Security", @@ -43911,8 +43881,8 @@ "link": "Best practice", "services": [ "AVS", - "Entra", - "RBAC" + "RBAC", + "Entra" ], "severity": "Medium", "subcategory": "Security", @@ -43926,8 +43896,8 @@ "guid": "00e0b729-f9be-f600-8c32-5ec0e8f2ed63", "link": "https://learn.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure", "services": [ - "RBAC", "AVS", + "RBAC", "Entra" ], "severity": "Medium", @@ -43942,8 +43912,8 @@ "guid": "0842d45f-41a8-8274-1155-2f6ed554d315", "link": "https://learn.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure", "services": [ - "RBAC", "AVS", + "RBAC", "Entra" ], "severity": "Medium", @@ -43959,8 +43929,8 @@ "link": "Best practice", "services": [ "AVS", - "Entra", - "Monitor" + "Monitor", + "Entra" ], "severity": "Medium", "subcategory": "Security ", @@ -44006,8 +43976,8 @@ "link": "https://docs.microsoft.com/azure/governance/policy/overview", "services": [ "AVS", - "AzurePolicy", - "Monitor" + "Monitor", + "AzurePolicy" ], "severity": "Medium", "subcategory": "Operations", @@ -44110,9 +44080,9 @@ "link": "https://docs.microsoft.com/azure/azure-vmware/set-up-backup-server-for-azure-vmware-solution", "services": [ "Backup", - "Monitor", "VM", "AVS", + "Monitor", "AzurePolicy" ], "severity": "Medium", @@ -44128,8 +44098,8 @@ "link": "https://docs.microsoft.com/azure/azure-vmware/configure-alerts-for-azure-vmware-solution", "services": [ "AVS", - "AzurePolicy", - "Monitor" + "Monitor", + "AzurePolicy" ], "severity": "Medium", "subcategory": "Capacity", @@ -44144,8 +44114,8 @@ "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/azure-vmware/govern", "services": [ "AVS", - "Cost", "Monitor", + "Cost", "Subscriptions" ], "severity": "Medium", @@ -44161,8 +44131,8 @@ "link": "https://docs.microsoft.com/azure/azure-portal/azure-portal-dashboards", "services": [ "AVS", - "Monitor", - "NetworkWatcher" + "NetworkWatcher", + "Monitor" ], "severity": "Medium", "subcategory": "Dashboard", @@ -44176,9 +44146,9 @@ "guid": "f9afdcc9-649d-d840-9fb5-a3c0edcc697d", "link": "https://docs.microsoft.com/azure/azure-vmware/configure-vmware-syslogs", "services": [ - "Storage", "AVS", - "Monitor" + "Monitor", + "Storage" ], "severity": "Medium", "subcategory": "Logs & Metrics", @@ -44208,8 +44178,8 @@ "link": "https://docs.microsoft.com/azure/azure-vmware/configure-vmware-syslogs", "services": [ "AVS", - "VM", - "Monitor" + "Monitor", + "VM" ], "severity": "Medium", "subcategory": "Logs & Metrics", @@ -44223,11 +44193,11 @@ "guid": "2ca97d91-dd36-7229-b668-01036ccc3cd3", "link": "https://learn.microsoft.com/azure/network-watcher/connection-monitor-create-using-portal", "services": [ - "Monitor", + "ExpressRoute", "NetworkWatcher", - "VPN", "AVS", - "ExpressRoute" + "Monitor", + "VPN" ], "severity": "Medium", "subcategory": "Network", @@ -44242,8 +44212,8 @@ "link": "https://learn.microsoft.com/azure/network-watcher/connection-monitor-create-using-portal", "services": [ "AVS", - "ExpressRoute", - "Monitor" + "Monitor", + "ExpressRoute" ], "severity": "Medium", "subcategory": "Network", @@ -44318,8 +44288,8 @@ "link": "https://docs.microsoft.com/azure/azure-monitor/agents/agent-windows?tabs=setup-wizard", "services": [ "AVS", - "VM", - "Monitor" + "Monitor", + "VM" ], "severity": "Medium", "subcategory": "VMware", @@ -44361,8 +44331,8 @@ "guid": "ebd3cc3c-ac3d-4293-950d-cecd8445a523", "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/azure-vmware/eslz-network-topology-connectivity", "services": [ - "ARS", "AVS", + "ARS", "NVA" ], "severity": "Medium", @@ -44377,8 +44347,8 @@ "guid": "ffb5c5ca-bd89-ff1b-8b73-8a54d503d506", "link": "https://learn.microsoft.com/azure/route-server/route-server-faq", "services": [ - "ARS", - "AVS" + "AVS", + "ARS" ], "severity": "Medium", "subcategory": "Hub & Spoke", @@ -44407,9 +44377,9 @@ "link": "Research and choose optimal solution for each application", "services": [ "AVS", + "NVA", "FrontDoor", - "AppGW", - "NVA" + "AppGW" ], "severity": "Medium", "subcategory": "Internet", @@ -44423,8 +44393,8 @@ "guid": "e778a2ec-b4d7-1d27-574c-14476b167d37", "link": "https://docs.microsoft.com/azure/route-server/route-server-faq#route-server-limits", "services": [ - "ARS", - "AVS" + "AVS", + "ARS" ], "severity": "Medium", "subcategory": "Routing", @@ -44438,15 +44408,15 @@ "guid": "66c97b30-81b9-139a-cc76-dd1d94aef42a", "link": "https://docs.microsoft.com/azure/ddos-protection/manage-ddos-protection", "services": [ - "LoadBalancer", - "DDoS", - "VNet", - "AppGW", - "VPN", - "VM", "FrontDoor", + "VNet", + "DDoS", + "VM", + "ExpressRoute", + "AppGW", "AVS", - "ExpressRoute" + "LoadBalancer", + "VPN" ], "severity": "Medium", "subcategory": "Security", @@ -44534,9 +44504,9 @@ "guid": "7242c1de-da37-27f3-1ddd-565ccccb8ece", "link": "https://docs.microsoft.com/azure/cloud-adoption-framework/scenarios/azure-vmware/eslz-platform-automation-and-devops#automated-scale", "services": [ - "Storage", "AVS", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "Medium", "subcategory": "Automated Scale", @@ -44897,8 +44867,8 @@ "link": "https://docs.microsoft.com/azure/key-vault/general/authentication", "services": [ "AVS", - "AKV", - "ExpressRoute" + "ExpressRoute", + "AKV" ], "severity": "Medium", "subcategory": "Encryption", @@ -45111,8 +45081,8 @@ "guid": "16ab821a-27c6-b6d3-6042-10dc4d6dfcb7", "link": "https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.storage.doc/GUID-01D3CF47-A84A-4988-8103-A0487D6441AA.html", "services": [ - "Storage", - "AVS" + "AVS", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -45126,9 +45096,9 @@ "guid": "eb2f9313-afb2-ab35-aa24-6d97a3cb0611", "link": "3rd-Party tools", "services": [ - "Storage", "AVS", - "VM" + "VM", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -45142,9 +45112,9 @@ "guid": "3f2a5cff-c8a6-634a-1f1b-53ef9d321381", "link": "Contact VMware", "services": [ - "Storage", "AVS", - "VM" + "VM", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -45158,8 +45128,8 @@ "guid": "efc8a311-74f8-0252-c6a0-4bac7610e266", "link": "Contact VMware", "services": [ - "Storage", - "AVS" + "AVS", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -45173,8 +45143,8 @@ "guid": "ab6c89cd-a26f-b894-fe59-61863975458e", "link": "Contact VMware", "services": [ - "Storage", - "AVS" + "AVS", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -45188,10 +45158,10 @@ "guid": "7628d446-6b10-9678-9cec-f407d990de43", "link": "https://learn.microsoft.com/azure/azure-vmware/concepts-storage#storage-policies-and-fault-tolerance", "services": [ - "Storage", "AVS", "VM", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -45205,10 +45175,10 @@ "guid": "37fef358-7ab9-43a9-542c-22673955200e", "link": "https://learn.microsoft.com/azure/azure-vmware/configure-storage-policy", "services": [ - "Storage", "AVS", "VM", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -45222,9 +45192,9 @@ "guid": "ebebd109-9f9d-d85e-1b2f-d302012843b7", "link": "https://learn.microsoft.com/azure/azure-vmware/concepts-storage#storage-policies-and-fault-tolerance", "services": [ - "Storage", "AVS", - "AzurePolicy" + "AzurePolicy", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -45238,8 +45208,8 @@ "guid": "1be821bd-4f37-216a-3e3d-2a5ac6996863", "link": "https://learn.microsoft.com/azure/azure-vmware/netapp-files-with-azure-vmware-solution", "services": [ - "Storage", - "AVS" + "AVS", + "Storage" ], "severity": "Medium", "subcategory": "Storage", @@ -45375,8 +45345,8 @@ "link": "https://learn.microsoft.com/azure/api-management/policy-fragments", "service": "APIM", "services": [ - "APIM", "ACR", + "APIM", "AzurePolicy" ], "severity": "Medium", @@ -45405,8 +45375,8 @@ "link": "https://learn.microsoft.com/azure/api-management/api-management-howto-use-azure-monitor#resource-logs", "service": "APIM", "services": [ - "APIM", - "Monitor" + "Monitor", + "APIM" ], "severity": "High", "subcategory": "Monitoring", @@ -45420,8 +45390,8 @@ "link": "https://learn.microsoft.com/azure/api-management/api-management-howto-app-insights", "service": "APIM", "services": [ - "APIM", - "Monitor" + "Monitor", + "APIM" ], "severity": "Medium", "subcategory": "Monitoring", @@ -45435,8 +45405,8 @@ "link": "https://learn.microsoft.com/azure/api-management/api-management-howto-use-azure-monitor", "service": "APIM", "services": [ - "APIM", - "Monitor" + "Monitor", + "APIM" ], "severity": "High", "subcategory": "Monitoring", @@ -45451,8 +45421,8 @@ "service": "APIM", "services": [ "APIM", - "AKV", - "Entra" + "Entra", + "AKV" ], "severity": "High", "subcategory": "Data protection", @@ -45541,8 +45511,8 @@ "link": "https://learn.microsoft.com/azure/api-management/api-management-howto-deploy-multi-region", "service": "APIM", "services": [ - "APIM", "ACR", + "APIM", "ASR" ], "severity": "Medium", @@ -45558,8 +45528,8 @@ "link": "https://learn.microsoft.com/azure/api-management/high-availability", "service": "APIM", "services": [ - "APIM", - "ASR" + "ASR", + "APIM" ], "severity": "Medium", "subcategory": "Business continuity and disaster recovery", @@ -45573,9 +45543,9 @@ "link": "https://learn.microsoft.com/security/benchmark/azure/baselines/api-management-security-baseline?toc=%2Fazure%2Fapi-management%2F&bc=%2Fazure%2Fapi-management%2Fbreadcrumb%2Ftoc.json#service-native-backup-capability", "service": "APIM", "services": [ + "ASR", "APIM", - "Backup", - "ASR" + "Backup" ], "severity": "High", "subcategory": "Business continuity and disaster recovery", @@ -45752,8 +45722,8 @@ "link": "https://learn.microsoft.com/azure/api-management/front-door-api-management", "service": "APIM", "services": [ - "APIM", "FrontDoor", + "APIM", "Entra" ], "severity": "Medium", @@ -45784,10 +45754,10 @@ "link": "https://learn.microsoft.com/security/benchmark/azure/baselines/api-management-security-baseline?toc=%2Fazure%2Fapi-management%2F&bc=%2Fazure%2Fapi-management%2Fbreadcrumb%2Ftoc.json#network-security-group-support", "service": "APIM", "services": [ - "APIM", - "VNet", "Entra", - "Monitor" + "Monitor", + "APIM", + "VNet" ], "severity": "Medium", "subcategory": "Security", @@ -45802,10 +45772,10 @@ "link": "https://learn.microsoft.com/security/benchmark/azure/baselines/api-management-security-baseline?toc=%2Fazure%2Fapi-management%2F&bc=%2Fazure%2Fapi-management%2Fbreadcrumb%2Ftoc.json#azure-private-link", "service": "APIM", "services": [ - "APIM", - "VNet", + "PrivateLink", "Entra", - "PrivateLink" + "APIM", + "VNet" ], "severity": "Medium", "subcategory": "Security", @@ -45993,10 +45963,10 @@ "link": "https://learn.microsoft.com/security/benchmark/azure/baselines/api-management-security-baseline?toc=%2Fazure%2Fapi-management%2F&bc=%2Fazure%2Fapi-management%2Fbreadcrumb%2Ftoc.json#ns-6-deploy-web-application-firewall", "service": "APIM", "services": [ - "APIM", - "AppGW", "WAF", - "Entra" + "APIM", + "Entra", + "AppGW" ], "severity": "High", "subcategory": "Network", @@ -46053,8 +46023,8 @@ "link": "https://learn.microsoft.com/azure/cosmos-db/high-availability#multiple-write-regions", "service": "CosmosDB", "services": [ - "CosmosDB", - "ACR" + "ACR", + "CosmosDB" ], "severity": "Medium", "subcategory": "High Availability", @@ -46069,8 +46039,8 @@ "link": "https://learn.microsoft.com/azure/cosmos-db/high-availability#slas", "service": "CosmosDB", "services": [ - "CosmosDB", - "ACR" + "ACR", + "CosmosDB" ], "severity": "Medium", "subcategory": "High Availability", @@ -46115,9 +46085,9 @@ "link": "https://learn.microsoft.com/azure/cosmos-db/online-backup-and-restore", "service": "CosmosDB", "services": [ - "Storage", + "Backup", "CosmosDB", - "Backup" + "Storage" ], "severity": "Medium", "subcategory": "Backup Strategy", @@ -46133,8 +46103,8 @@ "link": "https://learn.microsoft.com/azure/cosmos-db/periodic-backup-restore-introduction", "service": "CosmosDB", "services": [ - "CosmosDB", - "Backup" + "Backup", + "CosmosDB" ], "severity": "Medium", "subcategory": "Backup Strategy", @@ -46150,8 +46120,8 @@ "link": "https://learn.microsoft.com/azure/cosmos-db/continuous-backup-restore-introduction", "service": "CosmosDB", "services": [ - "CosmosDB", - "Backup" + "Backup", + "CosmosDB" ], "severity": "Medium", "subcategory": "Backup Strategy", @@ -46296,8 +46266,8 @@ "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/sharing-metadata-across-different-databricks-workspaces-using/ba-p/3679757", "service": "Data Factory", "services": [ - "Backup", - "ACR" + "ACR", + "Backup" ], "severity": "Medium", "subcategory": "Backup", @@ -46311,8 +46281,8 @@ "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/disaster-recovery-strategy-in-azure-databricks-using-the-hive/ba-p/3684581", "service": "Data Factory", "services": [ - "Backup", - "ASR" + "ASR", + "Backup" ], "severity": "Medium", "subcategory": "Backup", @@ -46341,8 +46311,8 @@ "link": "https://techcommunity.microsoft.com/t5/azure-paas-blog/download-the-blob-using-secondary-endpoint-in-ragrs-storage/ba-p/2403750", "service": "Data Factory", "services": [ - "Storage", - "Backup" + "Backup", + "Storage" ], "severity": "Medium", "subcategory": "Backup", @@ -46409,9 +46379,9 @@ "guid": "67b23587-05a1-4652-aded-fa8a488cdec4", "link": "https://learn.microsoft.com/azure/site-recovery/azure-to-azure-how-to-enable-policy", "services": [ + "ASR", "VM", - "AzurePolicy", - "ASR" + "AzurePolicy" ], "severity": "High", "subcategory": "Replication", @@ -46596,7 +46566,7 @@ ], "metadata": { "name": "Master checklist", - "timestamp": "October 24, 2024" + "timestamp": "November 04, 2024" }, "severities": [ { diff --git a/checklists/waf_checklist.en.json b/checklists/waf_checklist.en.json index c65719ee..6dd4f46a 100644 --- a/checklists/waf_checklist.en.json +++ b/checklists/waf_checklist.en.json @@ -203,185 +203,3652 @@ "waf": "Security" }, { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Azure Data Factory Review Checklist", - "guid": "ab91932c-9fc9-4d1b-a881-37f5e6c0cb9e", - "link": "https://github.com/Azure/fta-resiliencyplaybooks/blob/main/paas-foundations-playbooks-ADF_v1.docx", - "service": "Azure Data Factory", - "severity": "Medium", - "text": "Leverage FTA Resiliency Playbook for Azure Data Factory", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Azure Data Factory Review Checklist", - "guid": "e503547c-d447-4e82-9138-a7200f1cac6d", - "link": "https://learn.microsoft.com/azure/architecture/example-scenario/analytics/pipelines-disaster-recovery", - "service": "Azure Data Factory", + "arm-service": "Microsoft.App/containerApps", + "checklist": "Container Apps Review", + "guid": "af416482-663c-4ed6-b195-b44c7068e09c", + "link": "https://learn.microsoft.com/azure/reliability/reliability-azure-container-apps?tabs=azure-cli#availability-zone-support", + "query": "resources | where type =~ 'Microsoft.App/managedEnvironments' | project name, resourceGroup, location, zoneRedundancy = tolower(tostring(properties.zoneRedundant)) | extend Compliance = iff(zoneRedundancy == 'true', true, false)", + "service": "Container Apps", "severity": "High", - "text": "Use zone redundant pipelines in regions that support Availability Zones", + "text": "Leverage Availability Zones if regionally applicable", "waf": "Reliability" }, { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Azure Data Factory Review Checklist", - "guid": "9ef1d6e8-32e5-42e3-911c-818b1a0bc511", - "link": "https://learn.microsoft.com/azure/data-factory/source-control", - "service": "Azure Data Factory", + "arm-service": "Microsoft.App/containerApps", + "checklist": "Container Apps Review", + "guid": "95bc80ec-6499-4d14-a7d2-7d296b1d8abc", + "link": "https://learn.microsoft.com/azure/reliability/reliability-azure-container-apps?tabs=azure-cli#set-up-zone-redundancy-in-your-container-apps-environment", + "query": "resources | where type =~ 'Microsoft.App/containerApps' | project name, resourceGroup, location, minReplicas = toint(properties.template.scale.minReplicas), maxReplicas = toint(properties.template.scale.maxReplicas) | extend Compliance = iff(minReplicas >= 1, true, false)", + "service": "Container Apps", + "severity": "High", + "text": "Use more than one replica and enable Zone Redundancy.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.App/containerApps", + "checklist": "Container Apps Review", + "guid": "ccaa4fc2-fdbc-4432-8bb7-f7e6469e4dc3", + "link": "https://learn.microsoft.com/azure/reliability/reliability-azure-container-apps?tabs=azure-cli#cross-region-disaster-recovery-and-business-continuity", + "service": "Container Apps", + "severity": "High", + "text": "For cross-region DR, deploy container apps in multiple regions and follow active/active or active/passive application guidance.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.App/containerApps", + "checklist": "Container Apps Review", + "guid": "2ffada86-c031-4933-bf7d-0c45bc4e5919", + "link": "https://learn.microsoft.com/azure/reliability/reliability-azure-container-apps?tabs=azure-cli#cross-region-disaster-recovery-and-business-continuity", + "service": "Container Apps", + "severity": "High", + "text": "Use Front Door or Traffic Manager to route traffic to the closest region", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "1fc2fc14-eea6-4e69-b8d9-a3edc218e687", + "link": "https://polite-sea-0995b240f.2.azurestaticapps.net/technical-delivery-playbook/azure-services/analytics/purview/", + "service": "Purview", "severity": "Medium", - "text": "Use DevOps to Backup the ARM templates with Github/Azure DevOps integration ", + "text": "Leverage FTA Resillency Handbook", "waf": "Reliability" }, { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Azure Data Factory Review Checklist", - "guid": "e43a18a9-cd29-49cf-b7b1-7db8255562f2", - "link": "https://learn.microsoft.com/azure/architecture/example-scenario/analytics/pipelines-disaster-recovery", - "service": "Azure Data Factory", + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "ab067acb-49e5-4b96-8332-4ecf8cc13318", + "link": "https://learn.microsoft.com/purview/disaster-recovery", + "service": "Purview", + "severity": "High", + "text": "Plan for Data Center level outage", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "description": "1. Create the new account 2. Migrate configuration items 3. Run scans 4. Migrate custom typedefs and custom assets 5. Migrate relationships 6. Migrate glossary terms 7. Assign classifications to assets 8. Assign contacts to assets", + "guid": "da611702-69f4-4fb4-aa3d-3ef7f3176c4b", + "link": "https://learn.microsoft.com/purview/disaster-recovery", + "service": "Purview", "severity": "Medium", - "text": "Make sure you replicate the Self-Hosted Integration Runtime VMs in another region ", + "text": "Practice Failover for BCDR", "waf": "Reliability" }, { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Azure Data Factory Review Checklist", - "guid": "aee4563a-fd83-4393-98b2-62d6dc5f512a", - "link": "https://learn.microsoft.com/azure/architecture/example-scenario/analytics/pipelines-disaster-recovery", - "service": "Azure Data Factory", - "severity": "Medium", - "text": "Make sure you replicate or duplicate your network in the sister region. You have to make a copy of your Vnet in another region", + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "97b15b8a-219a-44ab-bb57-879024d22678", + "link": "https://learn.microsoft.com/purview/disaster-recovery", + "service": "Purview", + "severity": "High", + "text": "Plan a backup strategy and take regular backups", "waf": "Reliability" }, { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Azure Data Factory Review Checklist", - "description": "If your ADF Pipelines use Key Vault you don't have to do anything to replicate Key Vault. Key Vault is a managed service and Microsoft takes care of it for you", - "guid": "25498f6d-bad3-47da-a43b-c6ce1d7aa9b2", - "link": "https://learn.microsoft.com/azure/key-vault/general/disaster-recovery-guidance", - "service": "Azure Data Factory", + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "6d20b56c-56a9-4581-89bf-8d8e5c586b7d", + "link": "https://learn.microsoft.com/purview/manage-kafka-dotnet", + "service": "Purview", "severity": "Low", - "text": "If using Keyvault integration, use SLA of Keyvault to understand your availablity", + "text": "Use Microsoft Purview's Event Hubs to subscribe and create entities to another account", "waf": "Reliability" }, { - "arm-service": "Microsoft.Kusto/clusters", - "checklist": "Azure Data Explorer Review Checklist", - "description": "Using the correct approach to feed a datalake with cold data and having the Kusto query engine at your disposal at the same time, as in the short-term storage", - "guid": "ba7da7be-9951-4914-a384-5d997cb39132", - "link": "https://learn.microsoft.com/azure/data-explorer/kusto/management/data-export/continuous-data-export", - "service": "Azure Data Explorer", - "text": "Leverage External Tables and Continuous data export overview to reduce costs", + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "8cdc15ac-c075-4ee9-a130-a8889579e76b", + "link": "https://learn.microsoft.com/purview/deployment-best-practices", + "service": "Purview", + "severity": "Medium", + "text": "Follow Purview accounts architectures and deployment best practices", "waf": "Reliability" }, { - "arm-service": "Microsoft.Kusto/clusters", - "checklist": "Azure Data Explorer Review Checklist", - "description": "Azure Data Explorer provides an optional follower capability for a leader cluster to be followed by other follower clusters for read-only access to the leader's data and metadata. Changes in the leader, such as create, append, and drop are automatically synchronized to the follower. While the leaders could span Azure regions, the follower clusters should be hosted in the same region(s) as the leader. If the leader cluster is down or databases or tables are accidentally dropped, the follower clusters will lose access until access is recovered in the leader.", - "guid": "56a22586-f490-4641-addd-ea8a377cdeb3", - "link": "https://learn.microsoft.com/azure/data-explorer/follower?tabs=csharp", - "service": "Azure Data Explorer", - "text": "To share data, explore Leader-follower cluster configuration", + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "896e710a-7da7-4be9-a56d-14d3c49d997c", + "link": "https://learn.microsoft.com/purview/concept-best-practices-collections", + "service": "Purview", + "severity": "Medium", + "text": "Follow Collection Architectures and best practices", "waf": "Reliability" }, { - "arm-service": "Microsoft.Kusto/clusters", - "checklist": "Azure Data Explorer Review Checklist", - "description": "Azure Data Explorer doesn't support automatic protection against the outage of an entire Azure region. This disruption can happen during a natural disaster, like an earthquake. If you require a solution for a disaster recovery situation, do the following steps to ensure business continuity. In these steps, you'll replicate your clusters, management, and data ingestion in two Azure paired regions.", - "guid": "861bb2bc-14ae-4a6e-95d8-d9a3adc218e6", - "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-create-solution#create-multiple-independent-clusters", - "service": "Azure Data Explorer", - "text": "To protect against regional failure, create Multiple independent clusters, preferably in two Azure Paired regions", + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "b3d1325a-a225-4c6f-9e06-85edddea8a4b", + "link": "https://learn.microsoft.com/purview/concept-best-practices-asset-lifecycle", + "service": "Purview", + "severity": "Medium", + "text": "Follow Assest lifecycle best practices", "waf": "Reliability" }, { - "arm-service": "Microsoft.Kusto/clusters", - "checklist": "Azure Data Explorer Review Checklist", - "guid": "436b0635-cb45-4e57-a603-324ace8cc123", - "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-create-solution#replicate-management-activities", - "service": "Azure Data Explorer", - "text": "Replicate all management activities such as creating new tables or managing user roles on each cluster.", + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "7cdeb3c6-1fc2-4fc1-9eea-6e69d8d9a3ed", + "link": "https://learn.microsoft.com/purview/concept-best-practices-automation", + "service": "Purview", + "severity": "Medium", + "text": "Follow automation best practices", "waf": "Reliability" }, { - "arm-service": "Microsoft.Kusto/clusters", - "checklist": "Azure Data Explorer Review Checklist", - "guid": "18ca6017-0265-4f4b-a46a-393af7f31728", - "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-create-solution", - "service": "Azure Data Explorer", - "text": "Ingest data into each cluster in parallel", + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "c218e687-ab06-47ac-a49e-5b9603324ecf", + "link": "https://learn.microsoft.com/purview/disaster-recovery", + "service": "Purview", + "severity": "Medium", + "text": "Follow Backup and Migration Best practices", "waf": "Reliability" }, { - "arm-service": "Microsoft.Kusto/clusters", - "checklist": "Azure Data Explorer Review Checklist", - "description": "This configuration is also called 'always-on'. For critical application deployments with no tolerance for outages, you should use multiple Azure Data Explorer clusters across Azure paired regions.", - "guid": "58a9c279-9c42-4bb6-9d0c-65556246b338", - "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-overview#active-active-active-configuration", - "service": "Azure Data Explorer", - "text": "For critical application with no tolerance for outages, create Active-Active-Active (always-on) configuration", + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "8cc13318-da61-4170-869f-4fb4aa3d3ef7", + "link": "https://learn.microsoft.com/purview/concept-best-practices-glossary", + "service": "Purview", + "severity": "Medium", + "text": "Follow Purview Glossary Best Practices", "waf": "Reliability" }, { - "arm-service": "Microsoft.Kusto/clusters", - "checklist": "Azure Data Explorer Review Checklist", - "description": "This configuration is identical to the active-active-active configuration, but only involves two Azure paired regions. Configure dual ingestion, processing, and curation. Users are routed to the nearest region. The cluster SKU must be the same across regions.", - "guid": "563a4dc7-4a74-48b6-922a-d190916a6649", - "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-overview#active-active-configuration", - "service": "Azure Data Explorer", - "text": "For critical applications, create Active-Active configuration in two paired regions", + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "f3176c4b-97b1-45b8-a219-a4abeb578790", + "link": "https://learn.microsoft.com/purview/concept-workflow", + "service": "Purview", + "severity": "Low", + "text": "Leverage Workflows ", "waf": "Reliability" }, { - "arm-service": "Microsoft.Kusto/clusters", - "checklist": "Azure Data Explorer Review Checklist", - "description": "The Active-Hot configuration is similar to the Active-Active configuration in dual ingest, processing, and curation. While the standby cluster is online for ingestion, process, and curation, it isn't available to query. The standby cluster doesn't need to be in the same SKU as the primary cluster. It can be of a smaller SKU and scale, which may result in it being less performant. In a disaster scenario, users are redirected to the standby cluster, which can optionally be scaled up to increase performance.", - "guid": "8fadfe27-7de2-483b-8ac3-52baa9b75708", - "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-overview#active-hot-standby-configuration", - "service": "Azure Data Explorer", - "text": "For applications, which required only read during failure, create Active-Hot standby configuration", + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "24d22678-6d20-4b56-a56a-958119bf8d8e", + "link": "https://learn.microsoft.com/purview/concept-best-practices-security", + "service": "Purview", + "severity": "Medium", + "text": "Follow Purview Security Best Practices", "waf": "Reliability" }, { - "arm-service": "Microsoft.Kusto/clusters", - "checklist": "Azure Data Explorer Review Checklist", - "description": "This solution offers the least resiliency (highest RPO and RTO), is the lowest in cost and highest in effort. In this configuration, there's no data recovery cluster. Configure continuous export of curated data (unless raw and intermediate data is also required) to a storage account that is configured GRS (Geo Redundant Storage). A data recovery cluster is spun up if there is a disaster recovery scenario. At that time, DDLs, configuration, policies, and processes are applied. Data is ingested from storage with the ingestion property kustoCreationTime to over-ride the ingestion time that defaults to system time.", - "guid": "49aa8092-dc8e-4b9d-8bb7-3b26a5a67eba", - "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-overview#on-demand-data-recovery-configuration", - "service": "Azure Data Explorer", - "text": "For applications, where cost is a concern and can withstand some downtime during failure, create on-demand data recovery cluster configuration", + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "5c586b7d-8cdc-415a-ac07-5ee9b130a888", + "link": "https://learn.microsoft.com/purview/concept-best-practices-lineage-azure-data-factory", + "service": "Purview", + "severity": "Medium", + "text": "Follow Purview Data Lineage Best Practices", "waf": "Reliability" }, { - "arm-service": "Microsoft.Kusto/clusters", - "checklist": "Azure Data Explorer Review Checklist", - "description": "All database objects, policies, and configurations should be persisted in source control so they can be released to the cluster from your release automation tool.", - "guid": "5a907e1e-348e-4f25-9c27-d32e8bbac757", - "link": "https://learn.microsoft.com/azure/data-explorer/devops", - "service": "Azure Data Explorer", - "text": "Wrap DevOps and source control around all your code", - "training": "https://learn.microsoft.com/learn/paths/secure-your-cloud-data/", + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "9579e76b-896e-4710-a7da-7be9956d14d3", + "link": "https://learn.microsoft.com/purview/concept-best-practices-scanning", + "service": "Purview", + "severity": "Medium", + "text": "Follow Best Practices for Scanning Registered Sources", "waf": "Reliability" }, { - "arm-service": "Microsoft.Kusto/clusters", - "checklist": "Azure Data Explorer Review Checklist", - "guid": "1559ab91-53e8-4908-ae28-b84c33b6b780", - "link": "https://learn.microsoft.com/azure/data-explorer/devops", - "service": "Azure Data Explorer", - "text": "Design, develop, and implement validation routines to ensure all clusters are in-sync from a data perspective.", - "training": "https://learn.microsoft.com/learn/modules/azure-active-directory/", + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "c49d997c-b3d1-4325-aa22-5c6f4e0685ed", + "link": "https://learn.microsoft.com/purview/concept-best-practices-classification", + "service": "Purview", + "severity": "Medium", + "text": "Follow Classification Best Practices in Governance Portal", "waf": "Reliability" }, { - "arm-service": "Microsoft.Kusto/clusters", - "checklist": "Azure Data Explorer Review Checklist", - "guid": "8b9fe5c4-1049-4d40-9a82-2c3474d00f18", - "link": "https://learn.microsoft.com/azure/data-explorer/devops", - "service": "Azure Data Explorer", - "text": "Be fully cognizant of what it takes to build a cluster from scratch. Leverage Infrastructure as a Code for your deployments", - "training": "https://learn.microsoft.com/learn/modules/implement-hybrid-identity-windows-server/", + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "ddea8a4b-7cde-4b3c-91fc-2fc14eea6e69", + "link": "https://learn.microsoft.com/purview/sensitivity-labels-frequently-asked-questions", + "service": "Purview", + "severity": "Medium", + "text": "Perform Sensitivity Labelling in the Purview Data Map", "waf": "Reliability" }, + { + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "d8d9a3ed-c218-4e68-9ab0-67acb49e5b96", + "link": "https://learn.microsoft.com/purview/concept-data-share", + "service": "Purview", + "severity": "Low", + "text": "Leverage Azure Storage in-place data sharing with Microsoft Purview", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "03324ecf-8cc1-4331-ada6-1170269f4fb4", + "link": "https://learn.microsoft.com/purview/concept-insights", + "service": "Purview", + "severity": "Low", + "text": "Leverage Data Estate Insights", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "aa3d3ef7-f317-46c4-a97b-15b8a219a4ab", + "link": "https://learn.microsoft.com/purview/catalog-adoption-insights", + "service": "Purview", + "severity": "Low", + "text": "Use Data stewardship and Catalog adoption", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "eb578790-24d2-4267-a6d2-0b56c56a9581", + "link": "https://learn.microsoft.com/purview/concept-insights", + "service": "Purview", + "severity": "Low", + "text": "Use Inventory and Ownership", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "19bf8d8e-5c58-46b7-b8cd-c15acc075ee9", + "link": "https://learn.microsoft.com/purview/glossary-insights", + "service": "Purview", + "severity": "Low", + "text": "Leverage Insights for Glossary, Classifications, Sensitivity Labels", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "b130a888-9579-4e76-a896-e710a7da7be9", + "link": "https://learn.microsoft.com/purview/compliance-manager", + "service": "Purview", + "severity": "Medium", + "text": "Generate assessment scores", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "956d14d3-c49d-4997-ab3d-1325aa225c6f", + "link": "https://learn.microsoft.com/purview/compliance-manager-scoring", + "service": "Purview", + "severity": "Medium", + "text": "Profiling- get summaries of data content", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "4e0685ed-ddea-48a4-a7cd-eb3c61fc2fc1", + "link": "https://learn.microsoft.com/purview/concept-policies-data-owner#microsoft-purview-policy-concepts", + "service": "Purview", + "severity": "Low", + "text": "Follow Microsoft Purview Data Owner access policies", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "4eea6e69-d8d9-4a3e-bc21-8e687ab067ac", + "link": "https://learn.microsoft.com/purview/concept-self-service-data-access-policy", + "service": "Purview", + "severity": "Low", + "text": "Follow Self-service access policies", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Purview/accounts", + "checklist": "Microsoft Purview Review Checklist", + "guid": "b49e5b96-0332-44ec-b8cc-13318da61170", + "link": "https://learn.microsoft.com/purview/concept-policies-devops", + "service": "Purview", + "severity": "Low", + "text": "Follow DevOps policies", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Compute/virtualMachineScaleSets", + "checklist": "Resiliency Review", + "description": "Automatic instance repairs ensure that unhealthy instances are promptly identified and replaced, maintaining a set of healthy instances within your scale set.", + "guid": "7e13c105-675c-41e9-95b4-59837ff7ae7c", + "link": "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-instance-repairs", + "service": "VMSS", + "severity": "Low", + "text": "Enable automatic instance repairs for enhanced VM Scale Sets resiliency", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Resiliency Review", + "description": "Ensure that Azure Backup is utilized appropriately to meet your organization's resiliency requirements for Azure virtual machines (VMs).", + "guid": "4d874a74-8b66-42d6-b150-512a66498f6d", + "link": "https://learn.microsoft.com/azure/backup/backup-azure-vms-introduction", + "service": "VM", + "severity": "High", + "text": "Consider Azure Backup to meet your resiliency requirements for Azure VMs", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Resiliency Review", + "description": "Single Instance VMs using Premium SSD or Ultra Disk for all Operating System Disks and Data Disks are guaranteed to have Virtual Machine Connectivity of at least 99.9%", + "guid": "8052d88e-79d1-47b7-9b22-a5a67e7a8ed4", + "link": "https://learn.microsoft.com/azure/virtual-machines/disks-types", + "service": "VM", + "severity": "High", + "text": "Use Premium or Ultra disks for production VMs", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Resiliency Review", + "description": "Azure automatically replicates managed disks within a region to ensure data durability and protect against single-point failures.", + "guid": "b31e38c3-f298-412b-8363-cffe179b599d", + "link": "https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview", + "service": "VM", + "severity": "High", + "text": "Ensure Managed Disks are used for all VMs", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Resiliency Review", + "description": "Temporary disks are intended for short-term storage of non-persistent data such as page files, swap files, or SQL Server tempdb. Storing persistent data on temporary disks can lead to data loss during maintenance events or VM redeployment.", + "guid": "e0d5973c-d4ce-432c-8881-37f6f7c4c0d4", + "link": "https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk", + "service": "VM", + "severity": "Medium", + "text": "Do not use the Temp disk for anything that is not acceptable to be lost", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Resiliency Review", + "description": "Co-locate your compute, storage, networking, and data resources across an availability zone, and replicate this arrangement in other availability zones.", + "guid": "e514548d-2447-4ec6-9138-b8200f1ce16e", + "link": "https://learn.microsoft.com/azure/reliability/availability-zones-overview", + "service": "VM", + "severity": "Medium", + "text": "Leverage Availability Zones for your VMs in regions where they are supported", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Resiliency Review", + "description": "Use at least two VMs in Availability Sets to isolate VMs on different fault and update domains.", + "guid": "5a785d6f-e96c-496a-b884-4cf3b2b38c88", + "link": "https://learn.microsoft.com/azure/virtual-machines/availability-set-overview", + "service": "VM", + "severity": "Medium", + "text": "For regions that do not support Availability Zones deploy VMs into Availability Sets", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Resiliency Review", + "description": "Azure provides multiple options for VM redundancy to meet different requirements (Availability Zones, Virtual Machine Scale Sets, Availability Sets, Azure Site Recovery)", + "guid": "6ba2c021-4991-414a-9d3c-e574dccbd979", + "link": "https://learn.microsoft.com/azure/virtual-machines/availability", + "service": "VM", + "severity": "High", + "text": "Avoid running a production workload on a single VM", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Resiliency Review", + "description": "Azure Site Recovery enables you to achieve low RTO (Recovery Time Objective) for your Azure and hybrid VMs by providing continuous replication and failover capabilities.", + "guid": "2a6bcca2-b5fe-4a1e-af3d-d95d48c7c891", + "link": "https://learn.microsoft.com/azure/site-recovery/site-recovery-overview", + "service": "VM", + "severity": "High", + "text": "For Azure and on-premises VMs (Hyper-V/Phyiscal/VMware) with low RTO requirements use Azure Site Recovery", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Resiliency Review", + "description": "By using Capacity Reservations, you can effectively manage capacity for critical workloads, ensuring resource availability in specified regions.", + "guid": "bd7bb012-f7b9-45e0-9e15-8e3ea3992c2d", + "link": "https://learn.microsoft.com/azure/virtual-machines/capacity-reservation-overview", + "service": "VM", + "severity": "Low", + "text": "Use Capacity Reservations for critical workloads that require guaranteed capacity", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Resiliency Review", + "description": "By ensuring that the necessary quotas are increased in your DR region before testing failover with ASR, you can avoid any potential resource constraints during the recovery process for failed over VMs.", + "guid": "e6e2065b-3a76-4af4-a691-e8939ada4666", + "link": "https://learn.microsoft.com/azure/quotas/per-vm-quota-requests", + "service": "VM", + "severity": "Medium", + "text": "Increase quotas in DR region before testing failover with ASR", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Resiliency Review", + "description": "Scheduled Events is an Azure Metadata Service that provides information about upcoming maintenance events for virtual machines (VMs). By leveraging Scheduled Events, you can proactively prepare your applications for VM maintenance, minimizing disruption and improving the availability of your VMs.", + "guid": "6d3b475a-5c7a-4cbe-99bb-e64dd8902e87", + "link": "https://learn.microsoft.com/azure/virtual-machines/windows/scheduled-events", + "service": "VM", + "severity": "Low", + "text": "Utilize Scheduled Events to prepare for VM maintenance", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Resiliency Review", + "description": "Use Zone-redundant Storage (ZRS) in the primary region for scenarios that require high availability and for restricting replication to a particular country or region. For protection against regional disasters, use Geo-zone-redundant Storage (GZRS), which combines ZRS in the primary region with geo-replication to a secondary region?.", + "guid": "48c7c891-dcb1-4f7d-9769-ae568ba38d4a", + "link": "https://learn.microsoft.com/azure/storage/common/storage-redundancy", + "service": "Storage", + "severity": "Medium", + "text": "Choose the most appropriate data redundancy option for Azure Storage based on your requirements", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Resiliency Review", + "description": "Assigning a Delete lock to your storage account helps protect the availability of your data, minimizing the risk of disruptions to your business operations.", + "guid": "85e2213d-bd7b-4b01-8f7b-95e06e158e3e", + "link": "https://learn.microsoft.com/azure/storage/common/lock-account-resource", + "service": "Storage", + "severity": "Low", + "text": "Apply a Delete lock to prevent accidental or malicious deletion of storage accounts", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Resiliency Review", + "description": "Container soft delete protects your data from being accidentally deleted by maintaining the deleted data in the system for a specified period of time.", + "guid": "a3992c2d-e6e2-4065-a3a7-6af4a691e893", + "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-container-enable", + "service": "Storage", + "severity": "Low", + "text": "Enable soft delete for Storage Account Containers", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Resiliency Review", + "description": "Blob soft delete protects an individual blob and its versions, snapshots, and metadata from accidental deletes or overwrites by maintaining the deleted data in the system for a specified period of time.", + "guid": "9ada4666-7e13-4c10-96b9-153d89f89dc7", + "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-blob-enable", + "service": "Storage", + "severity": "Low", + "text": "Enable soft delete for blobs", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.RecoveryServices/vaults", + "checklist": "Resiliency Review", + "description": "Azure Backup enhanced soft delete provides critical protection against ransomware attacks by retaining deleted backups, enabling recovery from potential ransomware encryption or deletion.", + "guid": "b44be3b1-a27f-48b9-b91b-e1038df03a82", + "link": "https://learn.microsoft.com/azure/backup/backup-azure-enhanced-soft-delete-about", + "service": "Backup", + "severity": "Medium", + "text": "Enable Azure Backup enhanced soft delete for improved data protection and recovery", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.RecoveryServices/vaults", + "checklist": "Resiliency Review", + "description": "Azure Backup's multi-user authorization enables fine-grained control over user access to backup resources, allowing you to restrict privileges and ensure proper authentication and authorization for backup operations.", + "guid": "2cd463cb-bbc8-4ac2-a9eb-c92a43da1dae", + "link": "https://learn.microsoft.com/azure/backup/multi-user-authorization-concept", + "service": "Backup", + "severity": "Low", + "text": "Implement multi-user authorization for Azure Backup to ensure secure and controlled access to backup resources", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.RecoveryServices/vaults", + "checklist": "Resiliency Review", + "description": "Azure Immutable Storage provides an additional layer of security by ensuring that backup data stored in the vault cannot be modified or deleted for a specified retention period. This helps safeguard your backups from ransomware attacks that may attempt to compromise or manipulate your backup data.", + "guid": "2cc88147-0607-4c1c-aa0e-614658dd458e", + "link": "https://learn.microsoft.com/azure/backup/backup-azure-immutable-vault-concept?source=recommendations&tabs=recovery-services-vault", + "service": "Backup", + "severity": "Low", + "text": "Implement Immutable Storage for your vaults to protect against ransomware and prevent unauthorized modifications to backups", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Network/dnsZones", + "checklist": "Resiliency Review", + "description": "To eliminate a single point of failure in your on-premises DNS services and ensure reliable DNS resolution during business continuity and disaster recovery scenarios, it is recommended to utilize Azure DNS Private Resolvers in multiple regions. By deploying two or more Azure DNS private resolvers across different regions, you can enable DNS failover and achieve resiliency in your DNS infrastructure.", + "guid": "43da1dae-2cc8-4814-9060-7c1cca0e6146", + "link": "https://learn.microsoft.com/azure/dns/tutorial-dns-private-resolver-failover", + "service": "DNS", + "severity": "Low", + "text": "Implement DNS Failover using Azure DNS Private Resolvers", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.PowerBI/gateways", + "checklist": "Resiliency Review", + "description": "Use an on-premises data gateway cluster to avoid single points of failure and to load balance traffic across gateways.", + "guid": "89f89dc7-b44b-4e3b-8a27-f8b9e91be103", + "link": "https://learn.microsoft.com/data-integration/gateway/service-gateway-high-availability-clusters", + "service": "Data Gateways", + "severity": "Medium", + "text": "Use on-premises data gateway clusters to ensure high availability for business-critical data", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Resiliency Review", + "description": "When choosing the best option for deploying NVAs in Azure, it is crucial to consider the vendor's recommendations and validate that the specific design has been vetted and validated by the NVA vendor. The vendor should also provide the necessary NVA configuration for seamless integration in Azure.", + "guid": "8b1188b3-c6a4-46ce-a544-451e192d3442", + "link": "https://learn.microsoft.com/azure/architecture/reference-architectures/dmz/nva-ha", + "service": "NVA", + "severity": "High", + "text": "Deploy Network Virtual Appliances (NVAs) in a vendor supported configuration for High Availability", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Apply guidance from the Microsoft cloud security benchmark related to Storage", + "guid": "d237de14-3b16-4c21-b7aa-9b64604489a8", + "link": "https://learn.microsoft.com/security/benchmark/azure/baselines/storage-security-baseline", + "service": "Storage", + "severity": "Medium", + "text": "Consider the 'Azure security baseline for storage'", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Azure Storage by default has a public IP address and is Internet-reachable. Private endpoints allow to securely expose Azure Storage only to those Azure Compute resources that need access, thus eliminating exposure to the public Internet", + "graph": "resources | where type =~ 'Microsoft.Storage/StorageAccounts' | where isnull(properties.privateEndpointConnections) or properties.privateEndpointConnections[0].properties.provisioningState != ('Succeeded') or (isnull(properties.networkAcls) and properties.publicNetworkAccess == 'Enabled') | extend compliant = (isnotnull(properties.privateEndpointConnections) and properties.privateEndpointConnections[0].properties.provisioningState == 'Succeeded' and properties.publicNetworkAccess == 'Disabled') | distinct id, compliant", + "guid": "f42d78e7-9d17-4a73-a22a-5a67e7a8ed4b", + "link": "https://learn.microsoft.com/azure/storage/common/storage-private-endpoints", + "service": "Storage", + "severity": "High", + "text": "Consider using private endpoints for Azure Storage", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Newly created storage accounts are created using the ARM deployment model, so that RBAC, auditing etc. are all enabled. Ensure that there are no old storage accounts with classic deployment model in a subscription", + "guid": "30e37c3e-2971-41b2-963c-eee079b598de", + "link": "https://learn.microsoft.com/azure/virtual-machines/migration-classic-resource-manager-overview#migration-of-storage-accounts", + "service": "Storage", + "severity": "Medium", + "text": "Ensure older storage accounts are not using 'classic deployment model'", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Leverage Microsoft Defender to learn about suspicious activity and misconfigurations.", + "graph": "resources | where type =~ 'Microsoft.Storage/StorageAccounts' | project storageAccountId = id | join kind=leftouter (resourceContainers | where type == 'microsoft.security/pricings' | where name == 'StorageAccounts' | project resourceId = id, pricingTier = properties.pricingTier) on $left.storageAccountId == $right.resourceId | where isnull(pricingTier) or pricingTier != 'Standard' | extend compliant = false | distinct storageAccountId, compliant", + "guid": "fc5972cd-4cd2-41b0-a803-7f5e6b4bfd3d", + "link": "https://learn.microsoft.com/azure/storage/common/azure-defender-storage-configure", + "service": "Storage", + "severity": "High", + "text": "Enable Microsoft Defender for all of your storage accounts", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "The soft-delete mechanism allows to recover accidentally deleted blobs.", + "guid": "503547c1-447e-4c66-828a-7100f1ce16dd", + "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-blob-overview", + "service": "Storage", + "severity": "Medium", + "text": "Enable 'soft delete' for blobs", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Consider selectively disabling 'soft delete' for certain blob containers, for example if the application must ensure that deleted information is immediately deleted, e.g. for confidentiality, privacy or compliance reasons. ", + "guid": "3f1d5e87-2e52-4e36-81cc-58b4a4b1510e", + "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-blob-enable", + "service": "Storage", + "severity": "Medium", + "text": "Disable 'soft delete' for blobs", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Soft delete for containers enables you to recover a container after it has been deleted, for example recover from an accidental delete operation.", + "guid": "43a58a9c-2289-4c3d-9b57-d0c655462f2a", + "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-container-overview", + "service": "Storage", + "severity": "High", + "text": "Enable 'soft delete' for containers", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Consider selectively disabling 'soft delete' for certain blob containers, for example if the application must ensure that deleted information is immediately deleted, e.g. for confidentiality, privacy or compliance reasons. ", + "guid": "3e3453a3-c863-4964-ab65-2d6c15f51296", + "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-container-enable", + "service": "Storage", + "severity": "Medium", + "text": "Disable 'soft delete' for containers", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Prevents accidental deletion of a storage account, by forcing the user to first remove the deletion lock, prior to deletion", + "guid": "5398e6de-d227-4dd1-92b0-6c21d7999a64", + "link": "https://learn.microsoft.com/azure/storage/common/lock-account-resource", + "service": "Storage", + "severity": "High", + "text": "Enable resource locks on storage accounts", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Consider 'legal hold' or 'time-based retention' policies for blobs, so that is is impossible to delete the blob, the container, or the storage account. Please note that 'impossible' actually means 'impossible'; once a storage account contains an immutable blob, the only way to 'get rid' of that storage account is by cancelling the Azure subscription.", + "guid": "6f4389a8-f42c-478e-98c0-6a73a22a4956", + "link": "https://learn.microsoft.com/azure/storage/blobs/immutable-storage-overview", + "service": "Storage", + "severity": "High", + "text": "Consider immutable blobs", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Consider disabling unprotected HTTP/80 access to the storage account, so that all data transfers are encrypted, integrity protected, and the server is authenticated. ", + "graph": "resources | where type =~ 'Microsoft.Storage/StorageAccounts' | extend compliant = (properties.supportsHttpsTrafficOnly == false) | distinct id, compliant", + "guid": "e7a8dc4a-20e2-47c3-b297-11b1352beee0", + "link": "https://learn.microsoft.com/azure/storage/common/storage-require-secure-transfer", + "service": "Storage", + "severity": "High", + "text": "Require HTTPS, i.e. disable port 80 on the storage account", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "When configuring a custom domain (hostname) on a storage account, check whether you need TLS/HTTPS; if so, you might have to put Azure CDN in front of your storage account.", + "guid": "79b588de-fc49-472c-b3cd-21bf77036e5e", + "link": "https://learn.microsoft.com/azure/storage/blobs/storage-custom-domain-name", + "service": "Storage", + "severity": "High", + "text": "When enforcing HTTPS (disabling HTTP), check that you do not use custom domains (CNAME) for the storage account.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Requiring HTTPS when a client uses a SAS token to access blob data helps to minimize the risk of credential loss.", + "guid": "6b4bed3d-5035-447c-8347-dc56028a71ff", + "link": "https://learn.microsoft.com/azure/storage/common/storage-sas-overview", + "service": "Storage", + "severity": "Medium", + "text": "Limit shared access signature (SAS) tokens to HTTPS connections only", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": ". Enforcing the latest TLS version will reject request from clients using the older version. ", + "graph": "resources | where type == 'microsoft.storage/storageaccounts' | extend compliant = (isnull(properties.minimumTlsVersion) == false and properties.minimumTlsVersion in ('TLS1_2', 'TLS1_3')) | distinct id, compliant", + "guid": "e12be569-a18f-4562-8d5d-ce151b9e7d55", + "link": "https://learn.microsoft.com/azure/storage/common/transport-layer-security-configure-minimum-version", + "service": "Storage", + "severity": "High", + "text": "Enforce the latest TLS version for a storage account", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Microsoft Entra ID tokens should be favored over shared access signatures, wherever possible", + "guid": "e1ce15dd-3f0d-45e7-92d4-1e3611cc57b4", + "link": "https://learn.microsoft.com/azure/storage/common/authorize-data-access", + "service": "Storage", + "severity": "High", + "text": "Use Microsoft Entra ID tokens for blob access", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "When assigning a role to a user, group, or application, grant that security principal only those permissions that are necessary for them to perform their tasks. Limiting access to resources helps prevent both unintentional and malicious misuse of your data.", + "guid": "a4b1410d-4395-48a8-a228-9b3d6b57cfc6", + "service": "Storage", + "severity": "Medium", + "text": "Least privilege in IaM permissions", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "A user delegation SAS is secured with Azure Active Directory (Azure AD) credentials and also by the permissions specified for the SAS. A user delegation SAS is analogous to a service SAS in terms of its scope and function, but offers security benefits over the service SAS. ", + "guid": "55461e1a-3e34-453a-9c86-39648b652d6c", + "link": "https://learn.microsoft.com/azure/storage/common/storage-sas-overview?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json#best-practices-when-using-sas", + "service": "Storage", + "severity": "High", + "text": "When using SAS, prefer 'user delegation SAS' over storage-account-key based SAS.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Storage account keys ('shared keys') have very little audit capabilities. While it can be monitored on who/when fetched a copy of the keys, once the keys are in the hands of multiple people, it is impossible to attribute usage to a specific user. Solely relying on Entra ID authentication makes it easier to tie storage access to a user. ", + "graph": "resources | where type == 'microsoft.storage/storageaccounts' | extend allowSharedKeyAccess = tostring(properties.allowSharedKeyAccess) | extend compliant = (isnotempty(allowSharedKeyAccess) and allowSharedKeyAccess == 'false') | distinct id, compliant", + "guid": "15f51296-5398-4e6d-bd22-7dd142b06c21", + "link": "https://learn.microsoft.com/rest/api/storageservices/authorize-with-shared-key", + "service": "Storage", + "severity": "High", + "text": "Consider disabling storage account keys, so that only Microsoft Entra ID access (and user delegation SAS) is supported.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Use Activity Log data to identify 'when', 'who', 'what' and 'how' the security of your storage account is being viewed or changed (i.e. storage account keys, access policies, etc.).", + "guid": "d7999a64-6f43-489a-af42-c78e78c06a73", + "link": "https://learn.microsoft.com/azure/storage/blobs/blob-storage-monitoring-scenarios#audit-account-activity", + "service": "Storage", + "severity": "High", + "text": "Consider using Azure Monitor to audit control plane operations on the storage account", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "A key expiration policy enables you to set a reminder for the rotation of the account access keys. The reminder is displayed if the specified interval has elapsed and the keys have not yet been rotated.", + "guid": "a22a4956-e7a8-4dc4-a20e-27c3e29711b1", + "link": "https://learn.microsoft.com/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#create-a-key-expiration-policy", + "service": "Storage", + "severity": "Medium", + "text": "When using storage account keys, consider enabling a 'key expiration policy'", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "A SAS expiration policy specifies a recommended interval over which the SAS is valid. SAS expiration policies apply to a service SAS or an account SAS. When a user generates service SAS or an account SAS with a validity interval that is larger than the recommended interval, they'll see a warning.", + "guid": "352beee0-79b5-488d-bfc4-972cd3cd21bf", + "link": "https://learn.microsoft.com/azure/storage/common/sas-expiration-policy", + "service": "Storage", + "severity": "Medium", + "text": "Consider configuring an SAS expiration policy", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Stored access policies give you the option to revoke permissions for a service SAS without having to regenerate the storage account keys. ", + "guid": "77036e5e-6b4b-4ed3-b503-547c1347dc56", + "link": "https://learn.microsoft.com/rest/api/storageservices/define-stored-access-policy", + "service": "Storage", + "severity": "Medium", + "text": "Consider linking SAS to a stored access policy", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "guid": "028a71ff-e1ce-415d-b3f0-d5e772d41e36", + "link": "https://microsoft.github.io/code-with-engineering-playbook/continuous-integration/dev-sec-ops/secret-management/recipes/detect-secrets-ado/", + "service": "Storage", + "severity": "Medium", + "text": "Consider configuring your application's source code repository to detect checked-in connection strings and storage account keys.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Ideally, your application should be using a managed identity to authenticate to Azure Storage. If that is not possible, consider having the storage credential (connection string, storage account key, SAS, service principal credential) in Azure KeyVault or an equivalent service.", + "guid": "11cc57b4-a4b1-4410-b439-58a8c2289b3d", + "link": "https://learn.microsoft.com/azure/architecture/framework/security/design-storage-keys", + "service": "Storage", + "severity": "High", + "text": "Consider storing connection strings in Azure KeyVault (in scenarios where managed identities are not possible)", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Use near-term expiration times on an ad hoc SAS service SAS or account SAS. In this way, even if a SAS is compromised, it's valid only for a short time. This practice is especially important if you cannot reference a stored access policy. Near-term expiration times also limit the amount of data that can be written to a blob by limiting the time available to upload to it.", + "guid": "27138b82-1102-4cac-9eae-01e6e842e52f", + "link": "https://learn.microsoft.com/rest/api/storageservices/delegate-access-with-shared-access-signature", + "service": "Storage", + "severity": "High", + "text": "Strive for short validity periods for ad-hoc SAS", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "When creating a SAS, be as specific and restrictive as possible. Prefer a SAS for a single resource and operation over a SAS which gives much broader access.", + "guid": "4721d928-c1b1-4cd5-81e5-4a29a9de399c", + "link": "https://learn.microsoft.com/rest/api/storageservices/delegate-access-with-shared-access-signature", + "service": "Storage", + "severity": "Medium", + "text": "Apply a narrow scope to a SAS", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "A SAS can include parameters on which client IP addresses or address ranges are authorized to request a resource using the SAS. ", + "guid": "fd7b28dc-9355-4562-82bf-e4564b0d834a", + "link": "https://learn.microsoft.com/rest/api/storageservices/create-account-sas", + "service": "Storage", + "severity": "Medium", + "text": "Consider scoping SAS to a specific client IP address, wherever possible", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "A SAS cannot constrain how much data a client uploads; given the pricing model of amount of storage over time, it might make sense to validate whether clients uploaded maliciously large contents.", + "guid": "348b263e-6dd6-4051-8a36-498f6dbad38e", + "service": "Storage", + "severity": "Low", + "text": "Consider checking uploaded data, after clients used a SAS to upload a file. ", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "When accessing blob storage via SFTP using a 'local user account', the 'usual' RBAC controls do not apply. Blob access via NFS or REST might be more restrictive than SFTP access. Unfortunately, as of early 2023, local users are the only form of identity management that is currently supported for the SFTP endpoint", + "guid": "ad53cc7c-e1d7-4aaa-a357-1449ab8053d8", + "link": "https://learn.microsoft.com/azure/storage/blobs/secure-file-transfer-protocol-support#sftp-permission-model", + "service": "Storage", + "severity": "High", + "text": "SFTP: Limit the amount of 'local users' for SFTP access, and audit whether access is needed over time.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "guid": "9f89dc7b-33be-42a1-a27f-7b9e91be1f38", + "link": "https://learn.microsoft.com/azure/storage/blobs/secure-file-transfer-protocol-known-issues#authentication-and-authorization", + "service": "Storage", + "severity": "Medium", + "text": "SFTP: The SFTP endpoint does not support POSIX-like ACLs.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Storage supports CORS (Cross-Origin Resource Sharing), i.e. an HTTP feature that enables web apps from a different domain to loosen the same-origin policy. When enabling CORS, keep the CorsRules to the least privilege.", + "guid": "cef39812-bd46-43cb-aac8-ac199ebb91a3", + "link": "https://learn.microsoft.com/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services", + "service": "Storage", + "severity": "High", + "text": "Avoid overly broad CORS policies", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Data at rest is always encrypted server-side, and in addition might be encrypted client-side as well. Server-side encryption might happen using a platform-managed key (default) or customer-managed key. Client-side encryption might happen by either having the client supply an encryption/decryption key on a per-blob basis to Azure storage, or by completely handling encryption on the client-side. thus not relying on Azure Storage at all for confidentiality guarantees.", + "guid": "3d90cae2-cc88-4137-86f7-c0cbafe61464", + "link": "https://learn.microsoft.com/azure/storage/common/storage-service-encryption", + "service": "Storage", + "severity": "High", + "text": "Determine how data at rest should be encrypted. Understand the thread model for data.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "guid": "8dd457e9-2713-48b8-8110-2cac6eae01e6", + "link": "https://learn.microsoft.com/azure/storage/common/customer-managed-keys-overview?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json", + "service": "Storage", + "severity": "Medium", + "text": "Determine which/if platform encryption should be used.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "guid": "e842e52f-4721-4d92-ac1b-1cd521e54a29", + "link": "https://learn.microsoft.com/azure/storage/blobs/encryption-customer-provided-keys", + "service": "Storage", + "severity": "Medium", + "text": "Determine which/if client-side encryption should be used.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "description": "Anonymous access may present a security risk. We recommend that you disable anonymous access for optimal security. Disallowing anonymous access helps to prevent data breaches caused by undesired anonymous access.", + "graph": "resources | where type == 'microsoft.storage/storageaccounts' | extend compliant = (properties.allowBlobPublicAccess == 'false') | distinct id, compliant", + "guid": "659ae558-b937-4d49-a5e1-112dbd7ba012", + "link": "https://learn.microsoft.com/azure/storage/blobs/anonymous-read-access-configure?tabs=portal#allow-or-disallow-public-read-access-for-a-storage-account", + "service": "Storage", + "severity": "High", + "text": "Consider whether public blob anonymous access is needed, or whether it can be disabled for certain storage accounts. ", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "guid": "cb8eb8c0-aa62-4a25-a495-6eaa8dc4a243", + "link": "https://learn.microsoft.com/azure/storage/common/storage-account-upgrade?tabs=azure-portal", + "service": "Storage", + "severity": "High", + "text": "Leverage a storagev2 account type for better performance and reliability", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "graph": "resources | where type =~ 'Microsoft.Storage/StorageAccounts' | extend compliant = (sku.name != 'Standard_LRS' and sku.name != 'Premium_LRS') | distinct id, compliant", + "guid": "e05bbe20-9d49-4fda-9777-8424d116785c", + "link": "https://learn.microsoft.com/azure/storage/common/storage-redundancy", + "service": "Storage", + "severity": "High", + "text": "Leverage GRS, ZRS or GZRS storage for the highest availability", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "guid": "2fa56c56-ad48-4408-be72-734c486ba280", + "link": "https://learn.microsoft.com/azure/storage/common/storage-disaster-recovery-guidance", + "service": "Storage", + "severity": "Medium", + "text": "For write operation after failover, use customer-Managed Failover ", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "guid": "dc0590cf-65de-48e1-909c-cbd579266bcc", + "link": "https://learn.microsoft.com/azure/storage/common/storage-disaster-recovery-guidance#microsoft-managed-failover", + "service": "Storage", + "severity": "Medium", + "text": "Understand Microsoft-Managed Failover details", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Azure Storage Review Checklist", + "guid": "a274faa1-abfe-49d5-9d04-c3c4919cb1b3", + "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-blob-enable?tabs=azure-portal", + "service": "Storage", + "severity": "Medium", + "text": "Enable Soft Delete", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "4620dc87-e948-4ce8-8426-f3e6e5d7bd85", + "link": "https://learn.microsoft.com/azure/sap/center-sap-solutions/overview", + "service": "SAP", + "severity": "Medium", + "text": "Azure Center for SAP solutions (ACSS) is an Azure offering that makes SAP a top-level workload on Azure. ACSS is an end-to-end solution that enables you to create and run SAP systems as a unified workload on Azure and provides a more seamless foundation for innovation. You can take advantage of the management capabilities for both new and existing Azure-based SAP systems.", + "training": "https://learn.microsoft.com/training/modules/explore-azure-center-sap-solutions/?source=recommendations", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "5d75e99d-624d-4afe-91d9-e17adc580790", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-platform-automation-and-devops", + "service": "SAP", + "severity": "Medium", + "text": "Azure supports automating SAP deployments in Linux and Windows. SAP Deployment Automation Framework is an open-source orchestration tool that can deploy, install, and maintain SAP environments.", + "training": "https://github.com/Azure/sap-automation", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "d17f6f39-a377-48a2-931f-5ead3ebe33a8", + "link": "https://learn.microsoft.com/azure/well-architected/sap/design-areas/data-platform", + "service": "SAP", + "severity": "Medium", + "text": "Perform a point-in-time recovery for your production databases at any point and in a time frame that meets your RTO; point-in-time recovery typically includes operator errors deleting data either on the DBMS layer or through SAP, incidentally", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "c4b8e117-930b-4dbd-ae50-7bc5faf6f91a", + "service": "SAP", + "severity": "Medium", + "text": "Test the backup and recovery times to verify that they meet your RTO requirements for restoring all systems simultaneously after a disaster.", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "b651423c-8552-42db-a545-5cb50c05527a", + "link": "https://learn.microsoft.com/azure/reliability/cross-region-replication-azure", + "service": "SAP", + "severity": "High", + "text": "You can replicate standard storage between paired regions, but you can't use standard storage to store your databases or virtual hard disks. You can replicate backups only between paired regions that you use. For all your other data, run your replication by using native DBMS features like SQL Server Always On or SAP HANA System Replication. Use a combination of Site Recovery, rsync or robocopy, and other third-party software for the SAP application layer.", + "training": "https://learn.microsoft.com/training/paths/ensure-business-continuity-implement-disaster-recovery/", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "aa208dca-784f-46c6-9014-cc919c542dc9", + "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-zones", + "service": "SAP", + "severity": "Medium", + "text": "When using Azure Availability Zones to achieve high availability, you must consider latency between SAP application servers and database servers. For zones with high latencies, operational procedures need to be in place to ensure that SAP application servers and database servers are running in the same zone at all times.", + "training": "https://learn.microsoft.com/training/modules/implement-high-availability-for-sap-workloads-azure/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "graph": "resources| where type =~ 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType =~ 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant", + "guid": "ba07c007-1f90-43e9-aa4f-601346b80352", + "link": "https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering", + "service": "SAP", + "severity": "High", + "text": "Set up ExpressRoute connections from on-premises to the primary and secondary Azure disaster recovery regions. Also, as an alternative to using ExpressRoute, consider setting up VPN connections from on-premises to the primary and secondary Azure disaster recovery regions.", + "training": "https://learn.microsoft.com/azure/expressroute/use-s2s-vpn-as-backup-for-expressroute-privatepeering", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "d2b30195-b11d-4a8f-a672-28b2b4169a7c", + "link": "https://learn.microsoft.com/azure/key-vault/general/disaster-recovery-guidance", + "service": "SAP", + "severity": "Low", + "text": "Replicate key vault contents like certificates, secrets, or keys across regions so you can decrypt data in the DR region.", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "05f1101d-250f-40e7-b2a1-b674ab50edbd", + "link": "https://learn.microsoft.com/azure/architecture/guide/sap/sap-s4hana", + "service": "SAP", + "severity": "Medium", + "text": "Peer the primary and disaster recovery virtual networks. For example, for HANA System Replication, an SAP HANA DB virtual network needs to be peered to the disaster recovery site's SAP HANA DB virtual network.", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "d3351bf7-628a-46de-917d-dfc11d3b6b40", + "link": "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-service-levels", + "service": "SAP", + "severity": "Low", + "text": "If you use Azure NetApp Files storage for your SAP deployments, at a minimum, create two Azure NetApp Files accounts in the Premium tier, in two regions.", + "training": "https://learn.microsoft.com/training/modules/choose-service-level-azure-netapp-files-hpc-applications/2-identify-decision-criteria", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "726a1d3e-5508-4a06-9d54-93f4b50040c1", + "link": "https://learn.microsoft.com/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows", + "service": "SAP", + "severity": "High", + "text": "Native database replication technology should be used to synchronize the database in a HA pair.", + "training": "https://learn.microsoft.com/training/modules/implement-disaster-recovery-for-sap-workloads-azure/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "graph": "resources | where type =~ 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\.|172\\.(1[6-9]|2[0-9]|3[01])\\.|192\\.168\\.)') | project id, compliant, cidr", + "guid": "6561f847-3db5-4ff8-9200-5ad3c3b436ad", + "link": "https://learn.microsoft.com/ja-jp/azure/virtual-network/virtual-networks-faq", + "service": "SAP", + "severity": "High", + "text": "The CIDR for the primary virtual network (VNet) shouldn't conflict or overlap with the CIDR of the DR site's VNet", + "training": "https://learn.microsoft.com/training/paths/azure-fundamentals-describe-azure-architecture-services/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "0258ed30-fe42-434f-87b9-58f91f908e0a", + "service": "SAP", + "severity": "High", + "text": "Use Site Recovery to replicate an application server to a DR site. Site Recovery can also help with replicating central-services cluster VMs to the DR site. When you invoke DR, you'll need to reconfigure the Linux Pacemaker cluster on the DR site (for example, replace the VIP or SBD, run corosync.conf, and more).", + "training": "https://learn.microsoft.com/training/paths/ensure-business-continuity-implement-disaster-recovery/", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "8300cb30-766b-4084-b126-0dd8fb1269a1", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-business-continuity-and-disaster-recovery", + "service": "SAP", + "severity": "High", + "text": "Consider the availability of SAP software against single points of failure. This includes single points of failure within applications such as DBMSs utilized in SAP NetWeaver and SAP S/4HANA architectures, SAP ABAP and ASCS + SCS. Also, other tools such as SAP Web Dispatcher.", + "training": "https://learn.microsoft.com/training/modules/implement-high-availability-for-sap-workloads-azure/2-explore-high-availability-disaster-recovery-support-azure-for-sap-workloads?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "56402f11-ccbe-42c3-a2f6-c6f6f38ab579", + "link": "https://learn.microsoft.com/azure/sap/workloads/planning-supported-configurations", + "service": "SAP", + "severity": "High", + "text": "For SAP and SAP databases, consider implementing automatic failover clusters. In Windows, Windows Server Failover Clustering supports failover. In Linux, Linux Pacemaker or third-party tools like SIOS Protection Suite and Veritas InfoScale support failover.", + "training": "https://learn.microsoft.com/training/modules/implement-ha-sap-netweaver-anydb/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "afae6bec-2671-49ae-bc69-140b8ec8d320", + "link": "https://learn.microsoft.com/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows", + "service": "SAP", + "severity": "High", + "text": "Azure doesn't support architectures in which the primary and secondary VMs share storage for DBMS data. For the DBMS layer, the common architecture pattern is to replicate databases at the same time and with different storage stacks than the ones that the primary and secondary VMs use.", + "training": "https://learn.microsoft.com/training/paths/ensure-business-continuity-implement-disaster-recovery/?source=recommendationshttps%3A%2F%2Flearn.microsoft.com%2Fja-jp%2Ftraining%2Fpaths%2Fensure-business-continuity-implement-disaster-recovery%2F%3Fsource%3Drecommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "ac614e95-6767-4bc3-b8a4-9953533da6ba", + "link": "https://learn.microsoft.com/azure/sap/workloads/dbms-guide-general", + "service": "SAP", + "severity": "High", + "text": "The DBMS data and transaction/redo log files are stored in Azure supported block storage or Azure NetApp Files. Azure Files or Azure Premium Files isn't supported as storage for DBMS data and/or redo log files with SAP workload.", + "training": "https://learn.microsoft.com/training/modules/explore-azure-databases/2-explore-database-support-azure-for-sap-workloads", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "1f737179-8e7f-4e1a-a30c-e5a649a3092b", + "link": "https://learn.microsoft.com/azure/sap/workloads/sap-high-availability-guide-wsfc-shared-disk", + "service": "SAP", + "severity": "High", + "text": "You can use Azure shared disks in Windows for ASCS + SCS components and specific high-availability scenarios. Set up your failover clusters separately for SAP application layer components and the DBMS layer. Azure doesn't currently support high-availability architectures that combine SAP application layer components and the DBMS layer into one failover cluster.", + "training": "https://learn.microsoft.com/training/modules/implement-ha-sap-netweaver-anydb/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "graph": "resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools =~ 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name =~ 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name =~ 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses))", + "guid": "a78b3d31-3170-44f2-b5d7-651a29f4ccf5", + "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-guide-standard-load-balancer-outbound-connections", + "service": "SAP", + "severity": "High", + "text": "Most failover clusters for SAP application layer components (ASCS) and the DBMS layer require a virtual IP address for a failover cluster. Azure Load Balancer should handle the virtual IP address for all other cases. One design principle is to use one load balancer per cluster configuration. We recommend that you use the standard version of the load balancer (Standard Load Balancer SKU).", + "training": "https://learn.microsoft.com/training/modules/implement-high-availability-for-sap-workloads-azure/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "1a541741-5833-4fb4-ae3c-2df743165c3a", + "link": "https://learn.microsoft.com/azure/load-balancer/load-balancer-ha-ports-overview?source=recommendations", + "service": "SAP", + "severity": "High", + "text": "Make sure the Floating IP is enabled on the Load balancer", + "training": "https://learn.microsoft.com/training/modules/load-balancing-non-https-traffic-azure/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "c47cc4f3-f105-452c-845e-9b307b3856c1", + "link": "https://learn.microsoft.com/azure/virtual-machines/availability", + "service": "SAP", + "severity": "High", + "text": "Before you deploy your high-availability infrastructure, and depending on the region you choose, determine whether to deploy with an Azure availability set or an availability zone.", + "training": "https://learn.microsoft.com/training/modules/configure-virtual-machine-availability/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "844f69c3-07e5-4ec1-bff7-4be27bcf5fea", + "link": "https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1", + "service": "SAP", + "severity": "High", + "text": "If you want to meet the infrastructure SLAs for your applications for SAP components (central services, application servers, and databases), you must choose the same high availability options (VMs, availability sets, availability zones) for all components.", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "cbe05bbe-209d-4490-ba47-778424d11678", + "link": "https://learn.microsoft.com/azure/virtual-machines/availability-set-overview", + "service": "SAP", + "severity": "High", + "text": "Do not mix servers of different roles in the same availability set. Keep central services VMs, database VMs, application VMs in their own availability sets", + "training": "https://learn.microsoft.com/training/modules/configure-virtual-machine-availability/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "f2201000-d045-40a6-a79a-d7cdc01b4d86", + "link": "https://learn.microsoft.com/azure/virtual-machines/co-location", + "service": "SAP", + "severity": "Medium", + "text": "You can't deploy Azure availability sets within an Azure availability zone unless you use proximity placement groups.", + "training": "https://learn.microsoft.com/azure/sap/workloads/proximity-placement-scenarios", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "9674e7c7-7796-4181-8920-09f4429543ba", + "link": "https://learn.microsoft.com/azure/virtual-machines/availability-set-overview", + "service": "SAP", + "severity": "High", + "text": "When you create availability sets, use the maximum number of fault domains and update domains available. For example, if you deploy more than two VMs in one availability set, use the maximum number of fault domains (three) and enough update domains to limit the effect of potential physical hardware failures, network outages, or power interruptions, in addition to Azure planned maintenance. The default number of fault domains is two, and you can't change it online later.", + "training": "https://learn.microsoft.com/training/modules/configure-virtual-machine-availability/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "ae4ecb95-b70f-428f-8b9a-4c5b7e3478a2", + "link": "https://learn.microsoft.com/azure/sap/workloads/proximity-placement-scenarios", + "service": "SAP", + "severity": "High", + "text": "When you use Azure proximity placement groups in an availability set deployment, all three SAP components (central services, application server, and database) should be in the same proximity placement group.", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "5d2fa56c-56ad-4484-88fe-72734c486ba2", + "link": "https://learn.microsoft.com/azure/sap/workloads/proximity-placement-scenarios", + "service": "SAP", + "severity": "High", + "text": "Use one proximity placement group per SAP SID. Groups don't span across Availability Zones or Azure regions", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "bca3b10e-0ff5-4aec-ac16-4c4bd1a1c13f", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-business-continuity-and-disaster-recovery", + "service": "SAP", + "severity": "High", + "text": "Use one of the following services to run SAP central services clusters, depending on the operating system.", + "training": "https://learn.microsoft.com/training/modules/implement-ha-sap-netweaver-anydb/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "ed46b937-913e-4018-9c62-8393ab037e53", + "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-guide-suse-multi-sid", + "service": "SAP", + "severity": "Medium", + "text": "Azure doesn't currently support combining ASCS and DB HA in the same Linux Pacemaker cluster; separate them into individual clusters. However, you can combine up to five multiple central-services clusters into a pair of VMs.", + "training": "https://learn.microsoft.com/training/modules/implement-ha-sap-netweaver-anydb/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "graph": "Resources | where type =~ 'Microsoft.Storage/storageAccounts' | where sku.name in~ ('Standard_LRS', 'Premium_LRS') | project name, id, tags, param1 = strcat('sku: ', sku.name)", + "guid": "f656e745-0cfb-453e-8008-0528fa21c933", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-business-continuity-and-disaster-recovery", + "service": "SAP", + "severity": "Medium", + "text": "Deploy both VMs in the high-availability pair in an availability set or in availability zones. These VMs should be the same size and have the same storage configuration.", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "7f684ebc-95da-425e-b329-e782dbed050f", + "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-guide-rhel-with-hana-ascs-ers-dialog-instance", + "service": "SAP", + "severity": "Medium", + "text": "Azure supports installing and configuring SAP HANA and ASCS/SCS and ERS instances on the same high availability cluster running on Red Hat Enterprise Linux (RHEL).", + "training": "https://learn.microsoft.com/training/modules/implement-ha-sap-netweaver-anydb/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "07991f7d-6598-4d90-9431-45c62605d3a5", + "link": "https://learn.microsoft.com/azure/sap/workloads/planning-guide-storage", + "service": "SAP", + "severity": "High", + "text": "Run all production systems on Premium managed SSDs and use Azure NetApp Files or Ultra Disk Storage. At least the OS disk should be on the Premium tier so you can achieve better performance and the best SLA.", + "training": "https://learn.microsoft.com/training/modules/explore-azure-storage/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "73cdaecc-7d74-48d8-a040-88416eebc98c", + "link": "https://learn.microsoft.com/azure/sap/workloads/hana-vm-operations-storage", + "service": "SAP", + "severity": "High", + "text": "You should run SAP HANA on Azure only on the types of storage that are certified by SAP. Note that certain volumes must be run on certain disk configurations, where applicable. These configurations include enabling Write Accelerator and using Premium storage. You also need to ensure that the file system that runs on storage is compatible with the DBMS that runs on the machine.", + "training": "https://learn.microsoft.com/azure/sap/workloads/hana-vm-premium-ssd-v1?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "51904867-a70e-4fa0-b4ff-3e6292846d7c", + "link": "https://learn.microsoft.com/azure/sap/workloads/disaster-recovery-overview-guide#storage", + "service": "SAP", + "severity": "High", + "text": "Consider configuring high availability depending on the type of storage you use for your SAP workloads. Some storage services available in Azure are not supported by Azure Site Recovery, so your high availability configuration may differ.", + "training": "https://learn.microsoft.com/training/modules/implement-disaster-recovery-for-sap-workloads-azure/2-explore-disaster-recovery-sap-workloads", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "1ac2d928-c9b7-42c6-ba18-23b1aea78693", + "link": "https://azure.microsoft.com/ja-jp/explore/global-infrastructure/products-by-region/", + "service": "SAP", + "severity": "High", + "text": "Different native Azure storage services (like Azure Files, Azure NetApp Files, Azure Shared Disk) may not be available in all regions. So to have similar SAP setup on the DR region after failover, ensure the respective storage service is offered in DR site.", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "925d1f8c-01f3-4a67-948e-aabf0a1fad60", + "link": "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/optimize-your-azure-costs-by-automating-sap-system-start-stop/ba-p/2120675", + "service": "SAP", + "severity": "Medium", + "text": "Automate SAP System Start-Stop to manage costs.", + "waf": "Cost" + }, + { + "checklist": "SAP Checklist", + "guid": "71dc00cd-4392-4262-8949-20c05e6c0333", + "link": "https://learn.microsoft.com/azure/sap/workloads/hana-vm-premium-ssd-v1", + "service": "SAP", + "severity": "Low", + "text": "In the case of using Azure Premium Storage with SAP HANA, Azure Standard SSD storage can be used to select a cost-conscious storage solution. However, please note that choosing Standard SSD or Standard HDD Azure storage will affect the SLA of the individual VMs. Also, for systems with lower I/O throughput and low latency, such as non-production environments, lower series VMs can be used.", + "waf": "Cost" + }, + { + "checklist": "SAP Checklist", + "guid": "9877f353-2591-4e8b-8381-e9043fed1010", + "link": "https://learn.microsoft.com/azure/sap/workloads/hana-vm-premium-ssd-v1", + "service": "SAP", + "severity": "Low", + "text": "As a lower-cost alternative configuration (multipurpose), you can choose a low-performance SKU for your non-production HANA database server VMs. However, it is important to note that some VM types, such as E-series, are not HANA certified (SAP HANA Hardware Directory) or cannot achieve storage latency of less than 1ms.", + "waf": "Cost" + }, + { + "checklist": "SAP Checklist", + "graph": "resources | where type =~ 'microsoft.aad/domainservices' | extend replicaSets = properties.replicaSets | where array_length(replicaSets) < 2 | project name=name, id=id, tags=tags, param1=strcat('replicaSetLocation:', replicaSets[0].location)", + "guid": "fda1dbf3-dc95-4d48-a7c7-91dca0f6c565", + "link": "https://learn.microsoft.com/azure/well-architected/sap/design-areas/security", + "service": "SAP", + "severity": "High", + "text": "Enforce a RBAC model for management groups, subscriptions, resource groups and resources", + "training": "https://learn.microsoft.com/training/paths/implement-resource-mgmt-security/", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "45911475-e39e-4530-accc-d979366bcda2", + "link": "https://learn.microsoft.com/azure/active-directory/fundamentals/scenario-azure-first-sap-identity-integration", + "service": "SAP", + "severity": "Medium", + "text": "Enforce Principal propagation for forwarding the identity from SAP cloud application to SAP on-premises (Including IaaS) through cloud connector", + "training": "https://learn.microsoft.com/training/modules/explore-identity-services/2-explore-azure-virtual-machine-auth-access-control", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "750ab1ab-039d-495d-94c7-c8929cb107d5", + "link": "https://learn.microsoft.com/azure/active-directory/fundamentals/scenario-azure-first-sap-identity-integration", + "service": "SAP", + "severity": "Medium", + "text": "Implement SSO to SAP SaaS applications like SAP Analytics Cloud, SAP Cloud Platform, Business by design, SAP Qualtrics and SAP C4C with Azure AD using SAML.", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "325ae525-ba34-4d46-a5e2-213ace7bb122", + "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-netweaver-tutorial", + "service": "SAP", + "severity": "Medium", + "text": "Implement SSO to SAP NetWeaver-based web applications like SAP Fiori and SAP Web GUI by using SAML.", + "training": "https://learn.microsoft.com/training/modules/explore-identity-services/8-exercise-integrate-azure-active-directory-sap-netweaver", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "9eb54dad-7861-4e1c-973a-f3bb003fc9c1", + "service": "SAP", + "severity": "Medium", + "text": "Implement SSO to SAP NetWeaver-based web applications like SAP Fiori and SAP Web GUI by using SAML.", + "training": "https://learn.microsoft.com/training/modules/explore-identity-services/6-exercise-integrate-azure-active-directory-sap-fiori", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "f29676ef-0c9c-4c4d-ab21-a55504c0c829", + "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-netweaver-tutorial", + "service": "SAP", + "severity": "Medium", + "text": "You can implement SSO to SAP GUI by using SAP NetWeaver SSO or a partner solution.", + "training": "https://learn.microsoft.com/training/modules/explore-identity-services/8-exercise-integrate-azure-active-directory-sap-netweaver", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "23181aa4-1742-4694-9ff8-ae7d7d474317", + "service": "SAP", + "severity": "Medium", + "text": "For SSO for SAP GUI and web browser access, implement SNC / Kerberos/SPNEGO (simple and protected GSSAPI negotiation mechanism) due to its ease of configuration and maintenance. For SSO with X.509 client certificates, consider the SAP Secure Login Server, which is a component of the SAP SSO solution.", + "training": "https://learn.microsoft.com/training/modules/explore-identity-services/9-exercise-integrate-active-directory-sap-single-sign-on", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "6c8bcbf4-5bbe-4609-b8a0-3e97778424d6", + "link": "https://blogs.sap.com/2017/07/12/sap-single-sign-on-protect-your-sap-landscape-with-x.509-certificates/", + "service": "SAP", + "severity": "Medium", + "text": "For SSO for SAP GUI and web browser access, implement SNC / Kerberos/SPNEGO (simple and protected GSSAPI negotiation mechanism) due to its ease of configuration and maintenance. For SSO with X.509 client certificates, consider the SAP Secure Login Server, which is a component of the SAP SSO solution.", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "16785d6f-a96c-496a-b885-18f482734c88", + "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-netweaver-tutorial#configure-sap-netweaver-for-oauth", + "service": "SAP", + "severity": "Medium", + "text": "Implement SSO by using OAuth for SAP NetWeaver to allow third-party or custom applications to access SAP NetWeaver OData services.", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "a747c350-8d4c-449c-93af-393dbca77c48", + "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/saphana-tutorial", + "service": "SAP", + "severity": "Medium", + "text": "Implement SSO to SAP HANA", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "c7bae5bf-daf9-4761-9c56-f92891890aa4", + "link": "https://learn.microsoft.com/azure/sap/workloads/rise-integration#connectivity-with-sap-rise", + "service": "SAP", + "severity": "Medium", + "text": "Consider Azure AD an identity provider for SAP systems hosted on RISE. For more information, see Integrating the Service with Azure AD.", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "e4e48226-ce54-44b6-bb6b-bfa15bd8f753", + "link": "https://github.com/azuredevcollege/SAP/blob/master/sap-oauth-saml-flow/README.md", + "service": "SAP", + "severity": "Medium", + "text": "For applications that access SAP, you might want to use principal propagation to establish SSO.", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "59921095-4980-4fc1-a5b6-524a5a560c79", + "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-hana-cloud-platform-identity-authentication-tutorial", + "service": "SAP", + "severity": "Medium", + "text": "If you're using SAP BTP services or SaaS solutions that require SAP Identity Authentication Service (IAS), consider implementing SSO between SAP Cloud Identity Authentication Services and Azure AD to access those SAP services. This integration lets SAP IAS act as a proxy identity provider and forwards authentication requests to Azure AD as the central user store and identity provider.", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "a709c664-317e-41e4-9e34-67d9016a86f4", + "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-hana-cloud-platform-tutorial", + "service": "SAP", + "severity": "Medium", + "text": "Implement SSO to SAP BTP", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "01f11b7f-38df-4251-9c76-4dec19abd3e8", + "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-successfactors-inbound-provisioning-cloud-only-tutorial", + "service": "SAP", + "severity": "Medium", + "text": "If you're using SAP SuccessFactors, consider using the Azure AD automated user provisioning. With this integration, as you add new employees to SAP SuccessFactors, you can automatically create their user accounts in Azure AD. Optionally, you can create user accounts in Microsoft 365 or other SaaS applications that are supported by Azure AD. Use write-back of the email address to SAP SuccessFactors.", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "description": "Keep your management group hierarchy reasonably flat, no more than four.", + "graph": "resourcecontainers| where type =~ 'microsoft.resources/subscriptions'| extend ManagementGroup = tostring(tags),mgmtChain = properties.managementGroupAncestorsChain| extend compliant =( array_length(mgmtChain) <= 4 and array_length(mgmtChain) > 1)", + "guid": "6ba28021-4591-4147-9e39-e5309cccd979", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups", + "service": "SAP", + "severity": "Medium", + "text": "enforce existing Management Group policies to SAP Subscriptions", + "training": "https://learn.microsoft.com/training/modules/enterprise-scale-organization/4-management-group-subscription-organization", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "graph": "Resources | summarize count()", + "guid": "366bcda2-750a-4b1a-a039-d95d54c7c892", + "link": "https://learn.microsoft.com/azure/architecture/guide/sap/sap-whole-landscape", + "service": "SAP", + "severity": "High", + "text": "Integrate tightly coupled applications into the same SAP subscription to avoid additional routing and management complexity", + "training": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-subscriptions", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "graph": "Resources | where type contains 'publicIPAddresses' and isnotempty(properties.ipAddress) | summarize count () by subscriptionId", + "guid": "9cb107d5-325a-4e52-9ba3-4d4685e2213a", + "link": "https://learn.microsoft.com/azure/architecture/guide/sap/sap-whole-landscape", + "service": "SAP", + "severity": "High", + "text": "Leverage Subscription as scale unit and scaling our resources, consider deploying subscription per environment eg. Sandbox, non-prod, prod ", + "training": "https://learn.microsoft.com/training/modules/configure-subscriptions/?source=recommendations", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "graph": "QuotaResources | where type =~ 'microsoft.compute/locations/usages' | where subscriptionId in~ ('','') | mv-expand json = properties.value limit 400 | extend usagevCPUs = json.currentValue, QuotaLimit = json['limit'], quotaName = tostring(json['name'].localizedValue) | extend usagePercent = toint(usagevCPUs)*100 / toint(QuotaLimit) |where quotaName =~ 'Total Regional vCPUs' or quotaName =~ 'Total Regional Low-priority vCPUs' |project subscriptionId,quotaName,usagevCPUs,QuotaLimit,usagePercent,location,['json'] | order by ['usagePercent'] desc", + "guid": "ce7bb122-f7c9-45f0-9e15-4e3aa3592829", + "link": "https://learn.microsoft.com/azure/quotas/quotas-overview", + "service": "SAP", + "severity": "High", + "text": "Ensure quota increase as a part of subscription provisioning (e.g. total available VM cores within a subscription)", + "training": "https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "ce4fab2f-433a-4d59-a5a9-3d1032e03ebc", + "link": "https://learn.microsoft.com/rest/api/reserved-vm-instances/quotaapi?branch=capacity", + "service": "SAP", + "severity": "Low", + "text": "The Quota API is a REST API that you can use to view and manage quotas for Azure services. Consider using it if necessary.", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "cbfad17b-f240-42bf-a1d8-f4f4cee661c8", + "link": "https://learn.microsoft.com/azure/quotas/quickstart-increase-quota-portal", + "service": "SAP", + "severity": "High", + "text": "If deploying to an availability zone, ensure that the VM's zone deployment is available once the quota has been approved. Submit a support request with the subscription, VM series, number of CPUs and availability zone required.", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "e6e20617-3686-4af4-9791-f8935ada4332", + "link": "https://azure.microsoft.com/explore/global-infrastructure/products-by-region/", + "service": "SAP", + "severity": "High", + "text": "Ensure required services and features are available within the chosen deployment regions eg. ANF , Zone etc.", + "training": "https://learn.microsoft.com/azure/cloud-adoption-framework/migrate/azure-best-practices/multiple-regions?source=recommendations", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "graph": "resources | extend compliant = isnotnull(['tags']) | project name, id, subscriptionId, resourceGroup, tags, compliant", + "guid": "4e138115-2318-41aa-9174-26943ff8ae7d", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-resource-organization", + "service": "SAP", + "severity": "Medium", + "text": "Leverage Azure resource tag for cost categorization and resource grouping (: BillTo, Department (or Business Unit), Environment (Production, Stage, Development), Tier (Web Tier, Application Tier), Application Owner, ProjectName)", + "training": "https://learn.microsoft.com/training/paths/implement-resource-mgmt-security/", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "2f7c95f0-6e15-44e3-aa35-92829e6e2061", + "link": "https://learn.microsoft.com/azure/backup/sap-hana-database-about", + "service": "SAP", + "severity": "High", + "text": "Help protect your HANA database by using the Azure Backup service.", + "training": "https://learn.microsoft.com/training/modules/implement-azure-backup-sap-workloads-azure-virtual-machines/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "302a2fbf-3745-4a5f-a365-c9d1a16ca22c", + "link": "https://learn.microsoft.com/azure/azure-netapp-files/azacsnap-introduction", + "service": "SAP", + "severity": "Medium", + "text": "If you deploy Azure NetApp Files for your HANA, Oracle, or DB2 database, use the Azure Application Consistent Snapshot tool (AzAcSnap) to take application-consistent snapshots. AzAcSnap also supports Oracle databases. Consider using AzAcSnap on a central VM rather than on individual VMs.", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "42d37218-a3a7-45df-bff6-1173e7f249ea", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-management-and-monitoring", + "service": "SAP", + "severity": "High", + "text": "Ensure time-zone matches between the operating system and the SAP system.", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "c3c7abc0-716c-4486-893c-40e181d65539", + "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-guide-rhel-multi-sid", + "service": "SAP", + "severity": "Medium", + "text": "Don't group different application services in the same cluster. For example, don't combine DRBD and central services clusters on the same cluster. However, you can use the same Pacemaker cluster to manage approximately five different central services (multi-SID cluster).", + "training": "https://learn.microsoft.com/training/modules/implement-ha-sap-netweaver-anydb/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "a491dfc4-9353-4213-9217-eef0949f9467", + "link": "https://azure.microsoft.com/pricing/offers/dev-test/", + "service": "SAP", + "severity": "Low", + "text": "Consider running dev/test systems in a snooze model to save and optimize Azure run costs.", + "waf": "Cost" + }, + { + "checklist": "SAP Checklist", + "guid": "b7056168-6199-4732-a514-cdbb2d5c9c54", + "link": "https://learn.microsoft.com/azure/lighthouse/overview", + "service": "SAP", + "severity": "Medium", + "text": "If you partner with customers by managing their SAP estates, consider Azure Lighthouse. Azure Lighthouse allows managed service providers to use Azure native identity services to authenticate to the customers' environment. It puts the control in the hands of customers, because they can revoke access at any time and audit service providers' actions.", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "4d116785-d2fa-456c-96ad-48408fe72734", + "link": "https://learn.microsoft.com/azure/update-manager/scheduled-patching?tabs=schedule-updates-single-machine%2Cschedule-updates-scale-overview", + "service": "SAP", + "severity": "Medium", + "text": "Use Azure Update Manager to check the status of available updates for a single VM or multiple VMs and consider scheduling regular patching.", + "training": "https://learn.microsoft.com/training/modules/keep-your-virtual-machines-updated/?source=recommendations", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "76c8bcbf-45bb-4e60-ad8a-03e97778424d", + "link": "https://learn.microsoft.com/azure/sap/workloads/lama-installation", + "service": "SAP", + "severity": "Low", + "text": "Optimize and manage SAP Basis operations by using SAP Landscape Management (LaMa). Use the SAP LaMa connector for Azure to relocate, copy, clone, and refresh SAP systems.", + "training": "https://learn.microsoft.com/training/modules/explore-azure-remote-management/?source=recommendations", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "14591147-5e39-4e53-89cc-cd979366bcda", + "link": "https://learn.microsoft.com/azure/sap/monitor/about-azure-monitor-sap-solutions", + "service": "SAP", + "severity": "Medium", + "text": "Use Azure Monitor for SAP solutions to monitor your SAP workloads(SAP HANA, high-availability SUSE clusters, and SQL systems) on Azure. Consider supplementing Azure Monitor for SAP solutions with SAP Solution Manager.", + "training": "https://learn.microsoft.com/training/modules/implement-azure-monitoring-sap-workloads-azure-virtual-machines/?source=recommendations", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "2750ab1a-b039-4d95-b54c-7c8929cb107d", + "link": "https://learn.microsoft.com/azure/sap/workloads/vm-extension-for-sap", + "service": "SAP", + "severity": "High", + "text": "Run a VM Extension for SAP check. VM Extension for SAP uses the assigned managed identity of a virtual machine (VM) to access VM monitoring and configuration data. The check ensures that all performance metrics in your SAP application come from the underlying Azure Extension for SAP.", + "training": "https://learn.microsoft.com/training/modules/configure-azure-enhanced-monitoring-extension-for-sap/?source=recommendations", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "5325ae52-5ba3-44d4-985e-2213ace7bb12", + "link": "https://learn.microsoft.com/azure/azure-monitor/logs/design-logs-deployment", + "service": "SAP", + "severity": "Medium", + "text": "Use Azure Policy for access control and compliance reporting. Azure Policy provides the ability to enforce organization-wide settings to ensure consistent policy adherence and fast violation detection. ", + "training": "https://learn.microsoft.com/learn/paths/architect-infrastructure-operations/", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "523181aa-4174-4269-93ff-8ae7d7d47431", + "link": "https://learn.microsoft.com/azure/network-watcher/connection-monitor-overview", + "service": "SAP", + "severity": "Medium", + "text": "Use Connection Monitor in Azure Network Watcher to monitor latency metrics for SAP databases and application servers. Or collect and display network latency measurements by using Azure Monitor.", + "training": "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/collecting-and-displaying-niping-network-latency-measurements/ba-p/1833979", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "73686af4-6791-4f89-95ad-a43324e13811", + "link": "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck", + "service": "SAP", + "severity": "Medium", + "text": "Perform a quality check for SAP HANA on the provisioned Azure infrastructure to verify that provisioned VMs comply with SAP HANA on Azure best practices.", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "616785d6-fa96-4c96-ad88-518f482734c8", + "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-zones", + "service": "SAP", + "severity": "High", + "text": "For each Azure subscription, run a latency test on Azure availability zones before zonal deployment to choose low-latency zones for deployment of SAP on Azure.", + "training": "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/AvZone-Latency-Test", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "410adcba-db46-424f-a6c4-05ecde75c52e", + "link": "https://learn.microsoft.com/azure/advisor/advisor-how-to-improve-reliability", + "service": "SAP", + "severity": "Medium", + "text": "Run the Resiliency Report to ensure that the configuration of the entire provisioned Azure infrastructure (Compute, Database, Networking, Storage, Site Recovery) complies with the configuration defined by Cloud Adaption Framework for Azure.", + "training": "https://learn.microsoft.com/training/paths/azure-well-architected-framework/", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "86ba2802-1459-4114-95e3-9e5309cccd97", + "link": "https://learn.microsoft.com/azure/sentinel/sap/deployment-overview", + "service": "SAP", + "severity": "Medium", + "text": "Implement threat protection by using the Microsoft Sentinel solution for SAP. Use this solution to monitor your SAP systems and detect sophisticated threats throughout the business logic and application layers.", + "training": "https://learn.microsoft.com/training/modules/plan-microsoft-sentinel-deployment-sap/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "graph": "resources | extend compliant = isnotnull(['tags']) | project name, id, subscriptionId, resourceGroup, tags, compliant", + "guid": "579266bc-ca27-45fa-a1ab-fe9d55d04c3c", + "link": "https://learn.microsoft.com/azure/cost-management-billing/costs/enable-tag-inheritance", + "service": "SAP", + "severity": "Medium", + "text": "Azure tagging can be leveraged to logically group and track resources, automate their deployments, and most importantly, provide visibility on the incurred costs.", + "training": "https://learn.microsoft.com/training/modules/analyze-costs-create-budgets-azure-cost-management/?source=recommendations", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "04b8e5e5-13cb-4b22-af62-5a8ecfcf0337", + "link": "https://learn.microsoft.com/azure/virtual-network/virtual-network-test-latency?tabs=windows", + "service": "SAP", + "severity": "Low", + "text": "Use inter-VM latency monitoring for latency-sensitive applications.", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "07e5ed53-3d96-43d8-87ea-631b77da5aba", + "link": "https://learn.microsoft.com/azure/sap/workloads/planning-guide-storage", + "service": "SAP", + "severity": "Medium", + "text": "Use Azure Site Recovery monitoring to maintain the health of the disaster recovery service for SAP application servers.", + "training": "https://learn.microsoft.com/training/modules/explore-azure-storage/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "abb6af9c-982c-4cf1-83fb-329fafd1ee56", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-management-and-monitoring", + "service": "SAP", + "severity": "Medium", + "text": "Exclude all the database file systems and executable programs from antivirus scans. Including them could lead to performance problems. Check with the database vendors for prescriptive details on the exclusion list. For example, Oracle recommends excluding /oracle//sapdata from antivirus scans.", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "c027f893-f404-41a9-b33d-39d625a14964", + "link": "https://sapit-forme-prod.authentication.eu11.hana.ondemand.com/login", + "service": "SAP", + "severity": "Low", + "text": "Consider collecting full database statistics for non-HANA databases after migration. For example, implement SAP note 1020260 - Delivery of Oracle statistics.", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "fdafb1f5-3eee-4354-a8c9-deb8127ebc2e", + "link": "https://learn.microsoft.com/azure/virtual-machines/workloads/oracle/configure-oracle-asm", + "service": "SAP", + "severity": "Medium", + "text": "Consider using Oracle Automatic Storage Management (ASM) for all Oracle deployments that use SAP on Azure.", + "training": "https://learn.microsoft.com/training/paths/administer-infrastructure-resources-in-azure/?source=recommendations", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "33c5d5bf-daf3-4f0d-bd50-6010fdcec22e", + "link": "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/announcement-sap-on-azure-oracle-performance-efficiency-scripts/ba-p/3725178", + "service": "SAP", + "severity": "Medium", + "text": "For SAP on Azure running Oracle, a collection of SQL scripts can help you diagnose performance problems. Automatic Workload Repository (AWR) reports contain valuable information for diagnosing problems in the Oracle system. We recommend that you run an AWR report during several sessions and choose peak times for it, to ensure broad coverage for the analysis.", + "training": "https://learn.microsoft.com/ja-jp/azure/well-architected/oracle-iaas/performance-efficiency", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "d89fd98d-23e4-4b40-a92e-32db9365522c", + "link": "https://learn.microsoft.com/azure/site-recovery/site-recovery-monitor-and-troubleshoot", + "service": "SAP", + "severity": "High", + "text": "Use Azure Site Recovery monitoring to maintain the health of the disaster recovery service for SAP application servers.", + "training": "https://learn.microsoft.com/training/modules/protect-on-premises-infrastructure-with-azure-site-recovery/?source=recommendations", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "5ba34d46-85e2-4213-ace7-bb122f7c95f0", + "link": "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview", + "service": "SAP", + "severity": "Medium", + "text": "For secure delivery of HTTP/S apps, use Application Gateway v2 and ensure that WAF protection and policies are enabled.", + "training": "https://learn.microsoft.com/training/modules/introduction-azure-web-application-firewall/", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "fa9d30bc-1b82-4e4b-bfdf-6b017938b9e6", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-network-topology-and-connectivity", + "service": "SAP", + "severity": "Medium", + "text": "If the virtual machine's DNS or virtual name is not changed during migration to Azure, Background DNS and virtual names connect many system interfaces in the SAP landscape, and customers are only sometimes aware of the interfaces that developers define over time. Connection challenges arise between various systems when virtual or DNS names change after migrations, and it's recommended to retain DNS aliases to prevent these types of difficulties.", + "training": "https://learn.microsoft.com/training/modules/explore-azure-networking/4-explore-name-resolution", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "a2858f78-105b-4f52-b7a9-5b0f4439743b", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-network-topology-and-connectivity", + "service": "SAP", + "severity": "Medium", + "text": "Use different DNS zones to distinguish each environment (sandbox, development, preproduction, and production) from each other. The exception is for SAP deployments with their own VNet; here, private DNS zones might not be necessary.", + "training": "https://learn.microsoft.com/training/modules/explore-azure-networking/4-explore-name-resolution", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "description": "When configuring VNet peering, use the Allow traffic to remote virtual networks setting.", + "graph": "resources | where type =~ 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess =~ True)", + "guid": "a3592829-e6e2-4061-9368-6af46791f893", + "link": "https://learn.microsoft.com/azure/virtual-network/virtual-network-peering-overview", + "service": "SAP", + "severity": "Medium", + "text": "Local and global VNet peering provide connectivity and are the preferred approaches to ensure connectivity between landing zones for SAP deployments across multiple Azure regions", + "training": "https://learn.microsoft.com/training/modules/configure-vnet-peering/?source=recommendations", + "waf": "Reliability" + }, + { + "checklist": "SAP Checklist", + "guid": "41742694-3ff8-4ae7-b7d4-743176c8bcbf", + "link": "https://learn.microsoft.com/azure/sap/workloads/planning-guide", + "service": "SAP", + "severity": "High", + "text": "It is not supported to deploy any NVA between SAP application and SAP Database server", + "training": "https://me.sap.com/notes/2731110", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "graph": "resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic =~ 'true') | distinct id,compliant", + "guid": "7d4bc7d2-c34a-452e-8f1d-6ae3c8eafcc3", + "link": "https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/?source=recommendations", + "service": "SAP", + "severity": "Medium", + "text": "Use Virtual WAN for Azure deployments in new, large, or global networks where you need global transit connectivity across Azure regions and on-premises locations. With this approach, you won't need to manually set up transitive routing for Azure networking, and you can follow a standard for SAP on Azure deployments.", + "training": "https://learn.microsoft.com/azure/virtual-wan/virtual-wan-about", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "0cedb1f6-ae6c-492b-8b17-8061f50b16d3", + "link": "https://learn.microsoft.com/azure/well-architected/services/networking/network-virtual-appliances/reliability", + "service": "SAP", + "severity": "Medium", + "text": "Consider deploying network virtual appliances (NVAs) between regions only if partner NVAs are used. NVAs between regions or VNets aren't required if native NVAs are present. When you're deploying partner networking technologies and NVAs, follow the vendor's guidance to verify conflicting configurations with Azure networking.", + "training": "https://learn.microsoft.com/training/modules/control-network-traffic-flow-with-routes/?source=recommendations", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "facc08c6-ea95-4641-91cd-fa09e573adbd", + "link": "https://learn.microsoft.com/azure/architecture/networking/hub-spoke-vwan-architecture", + "service": "SAP", + "severity": "Medium", + "text": "Virtual WAN manages connectivity between spoke VNets for virtual-WAN-based topologies (no need to set up user-defined routing [UDR] or NVAs), and maximum network throughput for VNet-to-VNet traffic in the same virtual hub is 50 gigabits per second. If necessary, SAP landing zones can use VNet peering to connect to other landing zones and overcome this bandwidth limitation.", + "training": "https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/?source=recommendations", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "graph": "Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az)", + "guid": "82734c88-6ba2-4802-8459-11475e39e530", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing", + "service": "SAP", + "severity": "High", + "text": "Public IP assignment to VM running SAP Workload is not recommended.", + "training": "https://learn.microsoft.com/training/modules/design-ip-addressing-for-azure/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "graph": "Resources | where type contains 'publicIPAddresses' and isnotempty(properties.ipAddress) | summarize count () by subscriptionId", + "guid": "9cccd979-366b-4cda-8750-ab1ab039d95d", + "link": "https://learn.microsoft.com/training/modules/protect-on-premises-infrastructure-with-azure-site-recovery/?source=recommendations", + "service": "SAP", + "severity": "High", + "text": "Consider reserving IP address on DR side when configuring ASR", + "training": "https://learn.microsoft.com/learn/paths/architect-network-infrastructure/", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "54c7c892-9cb1-407d-9325-ae525ba34d46", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing", + "service": "SAP", + "severity": "High", + "text": "Avoid using overlapping IP address ranges for production and DR sites.", + "training": "https://learn.microsoft.com/training/modules/design-ip-addressing-for-azure/?source=recommendations", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "6e154e3a-a359-4282-ae6e-206173686af4", + "link": "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-delegate-subnet", + "service": "SAP", + "severity": "Medium", + "text": "While Azure does help you to create multiple delegated subnets in a VNet, only one delegated subnet can exist in a VNet for Azure NetApp Files. Attempts to create a new volume will fail if you use more than one delegated subnet for Azure NetApp Files.", + "training": "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-network-topologies?source=recommendations", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "graph": "resources | where type=~'microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant", + "guid": "d8a03e97-7784-424d-9167-85d6fa96c96a", + "link": "https://learn.microsoft.com/azure/well-architected/services/networking/azure-firewall?toc=%2Fazure%2Ffirewall%2Ftoc.json&bc=%2Fazure%2Ffirewall%2Fbreadcrumb%2Ftoc.json", + "service": "SAP", + "severity": "Medium", + "text": "Use Azure Firewall to govern Azure outbound traffic to the internet, non-HTTP/S inbound connections, and East/West traffic filtering (if the organization requires it)", + "training": "https://learn.microsoft.com/training/paths/secure-networking-infrastructure/", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "91a65e40-be90-45b3-9f73-f3edbf8dc324", + "link": "https://learn.microsoft.com/azure/sap/workloads/expose-sap-process-orchestration-on-azure", + "service": "SAP", + "severity": "Medium", + "text": "Application Gateway and Web Application Firewall have limitations when Application Gateway serves as a reverse proxy for SAP web apps, as shown in the comparison between Application Gateway, SAP Web Dispatcher, and other third-party services.", + "training": "https://help.sap.com/docs/SUPPORT_CONTENT/si/3362959506.html", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "5e39e530-9ccc-4d97-a366-bcda2750ab1a", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview", + "service": "SAP", + "severity": "Medium", + "text": "Use Azure Front Door and WAF policies to provide global protection across Azure regions for inbound HTTP/S connections to a landing zone.", + "training": "https://learn.microsoft.com/training/paths/secure-application-delivery/", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "b039d95d-54c7-4c89-89cb-107d5325ae52", + "link": "https://learn.microsoft.com/azure/web-application-firewall/afds/afds-overview", + "service": "SAP", + "severity": "Medium", + "text": "Take advantage of Web Application Firewall policies in Azure Front Door when you're using Azure Front Door and Application Gateway to protect HTTP/S applications. Lock down Application Gateway to receive traffic only from Azure Front Door.", + "training": "https://learn.microsoft.com/training/modules/introduction-azure-web-application-firewall/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "5ada4332-4e13-4811-9231-81aa41742694", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview", + "service": "SAP", + "severity": "Medium", + "text": "Use a web application firewall to scan your traffic when it's exposed to the internet. Another option is to use it with your load balancer or with resources that have built-in firewall capabilities like Application Gateway or third-party solutions.", + "training": "https://learn.microsoft.com/training/modules/introduction-azure-web-application-firewall/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "e73de7d5-6f36-4217-a526-e1a621ecddde", + "link": "https://learn.microsoft.com/azure/frontdoor/front-door-overview", + "service": "SAP", + "severity": "Medium", + "text": "Use Virtual WAN for Azure deployments in new, large, or global networks where you need global transit connectivity across Azure regions and on-premises locations. With this approach, you won't need to manually set up transitive routing for Azure networking, and you can follow a standard for SAP on Azure deployments.", + "training": "https://learn.microsoft.com/training/modules/explore-azure-networking/10-explore-azure-front-door", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "3c536a3e-1b6b-4e87-95ca-15edb47251c0", + "link": "https://learn.microsoft.com/azure/virtual-network/vnet-integration-for-azure-services", + "service": "SAP", + "severity": "Medium", + "text": "To prevent data leakage, use Azure Private Link to securely access platform as a service resources like Azure Blob Storage, Azure Files, Azure Data Lake Storage Gen2, Azure Data Factory, and more. Azure Private Endpoint can also help to secure traffic between VNets and services like Azure Storage, Azure Backup, and more. Traffic between your VNet and the Private Endpoint enabled service travels across the Microsoft global network, which prevents its exposure to the public internet.", + "training": "https://learn.microsoft.com/training/modules/design-implement-private-access-to-azure-services/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "graph": "Resources | where type =~ 'Microsoft.Network/NetworkInterfaces' | where properties.enableAcceleratedNetworking =~ 'false' | project name, subscriptionId, properties.enableAcceleratedNetworking", + "guid": "85e2213a-ce7b-4b12-8f7c-95f06e154e3a", + "link": "https://learn.microsoft.com/azure/virtual-network/accelerated-networking-overview?tabs=redhat", + "service": "SAP", + "severity": "High", + "text": "Make sure that Azure accelerated networking is enabled on the VMs used in the SAP application and DBMS layers.", + "training": "https://learn.microsoft.com/training/paths/azure-fundamentals-describe-azure-architecture-services/?source=recommendations", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "3ff8ae7d-7d47-4431-96c8-bcbf45bbe609", + "link": "https://learn.microsoft.com/azure/load-balancer/load-balancer-multivip-overview", + "service": "SAP", + "severity": "Medium", + "text": "Make sure that internal deployments for Azure Load Balancer are set up to use Direct Server Return (DSR). This setting (Enabling Floating IP) will reduce latency when internal load balancer configurations are used for high-availability configurations on the DBMS layer.", + "training": "https://learn.microsoft.com/ja-jp/training/modules/load-balancing-non-https-traffic-azure/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "graph": "Resources | where type =~ 'microsoft.network/networksecuritygroups' and isnull(properties.networkInterfaces) and isnull(properties.subnets) | project name, resourceGroup | sort by name asc", + "guid": "6791f893-5ada-4433-84e1-3811523181aa", + "link": "https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works", + "service": "SAP", + "severity": "Medium", + "text": "You can use application security group (ASG) and NSG rules to define network security access-control lists between the SAP application and DBMS layers. ASGs group virtual machines to help manage their security.", + "training": "https://learn.microsoft.com/training/modules/configure-network-security-groups/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "45bbe609-d8a0-43e9-9778-424d616785d6", + "link": "https://me.sap.com/notes/2015553", + "service": "SAP", + "severity": "High", + "text": "Placing of the SAP application layer and SAP DBMS in different Azure VNets that aren't peered isn't supported.", + "training": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-network-topology-and-connectivity", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "fa96c96a-d885-418f-9827-34c886ba2802", + "link": "https://learn.microsoft.com/azure/sap/workloads/proximity-placement-scenarios", + "service": "SAP", + "severity": "Medium", + "text": "For optimal network latency with SAP applications, consider using Azure proximity placement groups.", + "training": "https://learn.microsoft.com/azure/virtual-machines/co-location#planned-maintenance-and-proximity-placement-groups", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "18c8b61c-855a-4405-b6ed-266455e4f4ce", + "link": "https://me.sap.com/notes/2015553", + "service": "SAP", + "severity": "High", + "text": "It is NOT supported at all to run an SAP Application Server layer and DBMS layer split between on-premise and Azure. Both layers need to completely reside either on-premise or in Azure.", + "training": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-network-topology-and-connectivity", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "b65c878b-4b14-4f4e-92d8-d873936493f2", + "link": "https://me.sap.com/notes/2015553", + "service": "SAP", + "severity": "High", + "text": "It isn't recommended to host the database management system (DBMS) and application layers of SAP systems in different VNets and connect them with VNet peering because of the substantial costs that excessive network traffic between the layers can produce. Recommend using subnets within the Azure virtual network to separate the SAP application layer and DBMS layer.", + "training": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-network-topology-and-connectivity", + "waf": "Cost" + }, + { + "checklist": "SAP Checklist", + "guid": "402a9846-d515-4061-aff8-cd30088693fa", + "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-guide-rhel", + "service": "SAP", + "severity": "High", + "text": "If using Load Balancer with Linux guest operating systems, check that the Linux network parameter net.ipv4.tcp_timestamps is set to 0.", + "training": "https://learn.microsoft.com/training/modules/implement-ha-sap-netweaver-anydb/?source=recommendations", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "87585797-5551-4d53-bb7d-a94ee415734d", + "link": "https://learn.microsoft.com/azure/sap/workloads/rise-integration", + "service": "SAP", + "severity": "Medium", + "text": "For SAP RISE/ECS deployments, virtual peering is the preferred way to establish connectivity with customer's existing Azure environment. Both the SAP vnet and customer vnet(s) are protected with network security groups (NSG), enabling communication on SAP and database ports through the vnet peering", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "ff5136bd-dcf1-4d2b-ae52-39333efdf45a", + "link": "https://learn.microsoft.com/azure/backup/sap-hana-database-about", + "service": "SAP", + "severity": "High", + "text": "Review SAP HANA database backups for Azure VMs.", + "waf": "Cost" + }, + { + "checklist": "SAP Checklist", + "guid": "cafde29d-a0af-4bcd-87c0-0f299d63f0e8", + "link": "https://learn.microsoft.com/azure/site-recovery/site-recovery-monitor-and-troubleshoot", + "service": "SAP", + "severity": "Medium", + "text": "Review Site Recovery built-in monitoring, where used for SAP.", + "waf": "Cost" + }, + { + "checklist": "SAP Checklist", + "guid": "82d7b8de-d3f1-44a0-830b-38e200e82acf", + "link": "https://help.sap.com/docs/SAP_HANA_PLATFORM/c4d7c773af4a4e5dbebb6548d6e2d4f4/e3111d2ebb5710149510cc120646bf3f.html?locale=en-US", + "service": "SAP", + "severity": "High", + "text": "Review the Monitoring the SAP HANA System Landscape guidance.", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "c823873a-2bec-4c2a-b684-a1ce8ae80efd", + "link": "https://learn.microsoft.com/azure/virtual-machines/workloads/oracle/oracle-database-backup-strategies", + "service": "SAP", + "severity": "Medium", + "text": "Review Oracle Database in Azure Linux VM backup strategies.", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "2943b6d8-1d31-4e19-ade7-78e6b26d1962", + "link": "https://learn.microsoft.com/sql/relational-databases/tutorial-use-azure-blob-storage-service-with-sql-server-2016?view=sql-server-ver16", + "service": "SAP", + "severity": "Medium", + "text": "Review the use of Azure Blob Storage with SQL Server 2016.", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "b82e650f-676d-417d-994d-fc33ca54ec14", + "link": "https://learn.microsoft.com/azure/azure-sql/virtual-machines/windows/automated-backup?view=azuresql", + "service": "SAP", + "severity": "Medium", + "text": "Review the use of Automated Backup v2 for Azure VMs.", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "347c2dcc-e6eb-4b04-80c5-628b171aa62d", + "service": "SAP", + "severity": "High", + "text": "Enabling Write accelerator for M series when using premium disks(V1)", + "waf": "Operations" + }, + { + "checklist": "SAP Checklist", + "guid": "b96512cf-996f-4b17-b9b8-6b16db1a2a94", + "link": "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/AvZone-Latency-Test", + "service": "SAP", + "severity": "Medium", + "text": "Test availability zone latency.", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "9fd7ffd4-da11-49f6-a374-8d03e94c511d", + "link": "https://support.sap.com/en/offerings-programs/support-services/earlywatch-alert.html", + "service": "SAP", + "severity": "Medium", + "text": "Activate SAP EarlyWatch Alert for all SAP components.", + "training": "https://help.sap.com/docs/SUPPORT_CONTENT/techops/3362700736.html", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "b9b140cf-413a-483d-aad2-8802c4e3c017", + "link": "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/sap-on-azure-general-update-march-2019/ba-p/377456", + "service": "SAP", + "severity": "Medium", + "text": "Review SAP application server to database server latency using SAP ABAPMeter report /SSA/CAT.", + "training": "https://me.sap.com/notes/0002879613", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "62fbf0f8-51db-49e1-a961-bb5df7a35f80", + "service": "SAP", + "severity": "Medium", + "text": "Review SQL Server performance monitoring using CCMS.", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "35709da7-fc7d-4efe-bb20-2e91547b7390", + "link": "https://me.sap.com/notes/500235", + "service": "SAP", + "severity": "Medium", + "text": "Test network latency between SAP application layer VMs and DBMS VMs (NIPING).", + "training": "https://me.sap.com/notes/1100926/E", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "9e9bb4c8-e934-4e4b-a13c-6f7c7c38eb43", + "link": "https://learn.microsoft.com/en-us/azure/sap/large-instances/hana-monitor-troubleshoot", + "service": "SAP", + "severity": "Medium", + "text": "Review SAP HANA studio alerts.", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "f1a92ab5-9509-4b57-86ff-b0ade361b694", + "link": "https://me.sap.com/notes/1969700", + "service": "SAP", + "severity": "Medium", + "text": "Perform SAP HANA health checks using HANA_Configuration_Minichecks.", + "waf": "Performance" + }, + { + "checklist": "SAP Checklist", + "guid": "18dffcf3-248c-4039-a67c-dec8e3a5f804", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/sap-lza-security-operations", + "service": "SAP", + "severity": "Medium", + "text": "If you run Windows and Linux VMs in Azure, on-premises, or in other cloud environments, you can use the Update management center in Azure Automation to manage operating system updates, including security patches.", + "training": "https://learn.microsoft.com/azure/automation/update-management/overview", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "08951710-79a2-492a-adbc-06d7a401545b", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/sap-lza-security-operations", + "service": "SAP", + "severity": "Medium", + "text": "Routinely review the SAP security OSS notes because SAP releases highly critical security patches, or hot fixes, that require immediate action to protect your SAP systems.", + "training": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "1b8b394e-ae64-4a74-8933-357b523ea0a0", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/sap-lza-database-security", + "service": "SAP", + "severity": "Low", + "text": "For SAP on SQL Server, you can disable the SQL Server system administrator account because the SAP systems on SQL Server don't use the account. Ensure that another user with system administrator rights can access the server before disabling the original system administrator account.", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "5a76a033-ced9-4eef-9a43-5e4f96634c8e", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/sap-lza-database-security", + "service": "SAP", + "severity": "High", + "text": "Disable xp_cmdshell. The SQL Server feature xp_cmdshell enables a SQL Server internal operating system command shell. It's a potential risk in security audits.", + "training": "https://me.sap.com/notes/3019299/E", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "cf65de8e-1309-4ccc-b579-266bcca275fa", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-security-governance-and-compliance", + "service": "SAP", + "severity": "High", + "text": "Encrypting SAP HANA database servers on Azure uses SAP HANA native encryption technology. Additionally, if you are using SQL Server on Azure, use Transparent Data Encryption (TDE) to protect your data and log files and ensure that your backups are also encrypted.", + "training": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/sap-lza-database-security", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "a1abfe9d-55d0-44c3-a491-9cb1b3d1325a", + "link": "https://learn.microsoft.com/azure/storage/common/storage-service-encryption", + "service": "SAP", + "severity": "Medium", + "text": "Azure Storage encryption is enabled for all Azure Resource Manager and classic storage accounts, and can't be disabled. Because your data is encrypted by default, you don't need to modify your code or applications to use Azure Storage encryption.", + "training": "https://learn.microsoft.com/training/modules/encrypt-sector-data/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "graph": "Resources | join kind=leftouter (ResourceContainers | where type=~'microsoft.resources/subscriptions' | project SubName=name, subscriptionId) on subscriptionId | where type =~ 'microsoft.keyvault/vaults' | project type, name, SubName", + "guid": "ce9bd3bb-0cdb-43b5-9eb2-ec14eeaa3592", + "link": "https://learn.microsoft.com/azure/key-vault/general/overview", + "service": "SAP", + "severity": "High", + "text": "Use Azure Key Vault to store your secrets and credentials", + "training": "https://learn.microsoft.com/training/modules/manage-secrets-with-azure-key-vault/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "829e2edb-2173-4676-aff6-691b4935ada4", + "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/lock-resources?tabs=json", + "service": "SAP", + "severity": "Medium", + "text": "It is recommended to LOCK the Azure Resources post successful deployment to safeguard against unauthorized changes. You can also enforce LOCK constraints and rules on your per-subscription basis using customized Azure policies(Custome role).", + "training": "https://learn.microsoft.com/training/modules/use-azure-resource-manager/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "2223ece8-1b12-4318-8a54-17415833fb4a", + "link": "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview", + "service": "SAP", + "severity": "Medium", + "text": "Provision Azure Key Vault with the soft delete and purge policies enabled to allow retention protection for deleted objects.", + "training": "https://learn.microsoft.com/training/modules/manage-secrets-with-azure-key-vault/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "e3c2df74-3165-4c3a-abe0-5bbe209d490d", + "link": "https://learn.microsoft.com/azure/role-based-access-control/security-controls-policy", + "service": "SAP", + "severity": "High", + "text": "Based on existing requirements, regulatory and compliance controls (internal/external) - Determine what Azure Policies and Azure RBAC role are needed", + "training": "https://learn.microsoft.com/training/paths/describe-azure-management-governance/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "a4777842-4d11-4678-9d2f-a56c56ad4840", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-security-governance-and-compliance", + "service": "SAP", + "severity": "High", + "text": "When enabling Microsoft Defender for Endpoint on SAP environment, recommend excluding data and log files on DBMS servers instead of targeting all servers. Follow your DBMS vendor's recommendations when excluding target files.", + "training": "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/microsoft-defender-endpoint-mde-for-sap-applications-on-windows/ba-p/3912268", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "8fe72734-c486-4ba2-a0dc-0591cf65de8e", + "link": "https://learn.microsoft.com/azure/defender-for-cloud/just-in-time-access-overview?tabs=defender-for-container-arch-aks", + "service": "SAP", + "severity": "High", + "text": "Delegate an SAP admin custom role with just-in-time access of Microsoft Defender for Cloud.", + "training": "https://learn.microsoft.com/training/modules/secure-vms-with-azure-security-center/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "1309cccd-5792-466b-aca2-75faa1abfe9d", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-security-governance-and-compliance", + "service": "SAP", + "severity": "Low", + "text": "encrypt data in transit by integrating the third-party security product with secure network communications (SNC) for DIAG (SAP GUI), RFC, and SPNEGO for HTTPS", + "training": "https://learn.microsoft.com/azure/security/fundamentals/encryption-overview#encryption-of-data-in-transit", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "eeaa3592-829e-42ed-a217-3676aff6691b", + "link": "https://learn.microsoft.com/azure/storage/common/storage-encryption-key-model-get?tabs=portal", + "service": "SAP", + "severity": "Medium", + "text": "Default to Microsoft-managed keys for principal encryption functionality and use customer-managed keys when required.", + "training": "https://learn.microsoft.com/training/modules/manage-secrets-with-azure-key-vault/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "graph": "Resources | join kind=leftouter (ResourceContainers | where type=~'microsoft.resources/subscriptions' | project SubName=name, subscriptionId) on subscriptionId | where type =~ 'microsoft.keyvault/vaults' | project type, name, SubName", + "guid": "4935ada4-2223-4ece-a1b1-23181a541741", + "link": "https://learn.microsoft.com/ja-jp/azure/key-vault/general/best-practices", + "service": "SAP", + "severity": "High", + "text": "Use an Azure Key Vault per application per environment per region.", + "training": "https://learn.microsoft.com/training/modules/manage-secrets-with-azure-key-vault/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "abc9634d-c44d-41e9-a530-e8444e16aa3c", + "link": "https://learn.microsoft.com/azure/key-vault/certificates/certificate-scenarios", + "service": "SAP", + "severity": "High", + "text": "To control and manage disk encryption keys and secrets for non-HANA Windows and non-Windows operating systems, use Azure Key Vault. SAP HANA isn't supported with Azure Key Vault, so you must use alternate methods like SAP ABAP or SSH keys.", + "training": "https://learn.microsoft.com/training/modules/configure-and-manage-azure-key-vault/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "209d490d-a477-4784-84d1-16785d2fa56c", + "link": "https://learn.microsoft.com/azure/role-based-access-control/built-in-roles", + "service": "SAP", + "severity": "High", + "text": "Customize role-based access control (RBAC) roles for SAP on Azure spoke subscriptions to avoid accidental network-related changes", + "training": "https://learn.microsoft.com/training/modules/secure-azure-resources-with-rbac/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "56ad4840-8fe7-4273-9c48-6ba280dc0591", + "link": "https://blogs.sap.com/2019/07/21/sap-security-operations-on-azure/", + "service": "SAP", + "severity": "High", + "text": "Isolate DMZs and NVAs from the rest of the SAP estate, configure Azure Private Link, and securely manage and control the SAP on Azure resources", + "training": "https://learn.microsoft.com/azure/architecture/reference-architectures/dmz/secure-vnet-dmz?tabs=portal", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "e124ba34-df68-45ed-bce9-bd3bb0cdb3b5", + "link": "https://learn.microsoft.com/en-us/training/modules/secure-vms-with-azure-security-center/?source=recommendations", + "service": "SAP", + "severity": "Low", + "text": "Consider using Microsoft anti-malware software on Azure to protect your virtual machines from malicious files, adware, and other threats.", + "training": "https://azure.microsoft.com/blog/deploying-antimalware-solutions-on-azure-virtual-machines/", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "5eb2ec14-eeaa-4359-8829-e2edb2173676", + "link": "https://learn.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide", + "service": "SAP", + "severity": "Low", + "text": "For even more powerful protection, consider using Microsoft Defender for Endpoint.", + "training": "https://learn.microsoft.com/training/modules/implement-endpoint-protection-use-microsoft-defender/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "87a924c4-25c2-419f-a2f0-96c7c4fe4525", + "link": "https://learn.microsoft.com/azure/architecture/guide/sap/sap-whole-landscape", + "service": "SAP", + "severity": "High", + "text": "Isolate the SAP application and database servers from the internet or from the on-premises network by passing all traffic through the hub virtual network, which is connected to the spoke network by virtual network peering. The peered virtual networks guarantee that the SAP on Azure solution is isolated from the public internet.", + "training": "https://learn.microsoft.com/training/modules/explore-azure-networking/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "491ca1c4-3d40-42c0-9d85-b8933999590b", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-security-governance-and-compliance", + "service": "SAP", + "severity": "Low", + "text": "For internet-facing applications like SAP Fiori, make sure to distribute load per application requirements while maintaining security levels. For Layer 7 security, you can use a third-party Web Application Firewall (WAF) available in the Azure Marketplace.", + "training": "https://learn.microsoft.com/training/modules/simplify-cloud-procurement-governance-azure-marketplace/?source=recommendations", + "waf": "Security" + }, + { + "checklist": "SAP Checklist", + "guid": "9fc945b9-0527-47af-8200-9d652fe02fcc", + "link": "https://learn.microsoft.com/azure/sap/monitor/enable-tls-azure-monitor-sap-solutions", + "service": "SAP", + "severity": "Medium", + "text": "To enable secure communication in Azure Monitor for SAP solutions, you can choose to use either a root certificate or a server certificate. We highly recommend that you use root certificates.", + "training": "https://learn.microsoft.com/training/modules/implement-azure-monitoring-sap-workloads-azure-virtual-machines/?source=recommendations", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Leverage zone-redundancy to ensure high availability in the event of zone-level failures. Use Premium V2/V3 or Isolated v2 tiers, which provide support for zone-redundant deployments and ensure minimal downtime during disasters.", + "guid": "b32e1aa1-4813-4602-88fe-27ca2891f421", + "link": "https://learn.microsoft.com/azure/architecture/reference-architectures/app-service-web-app/zone-redundant?source=recommendations", + "service": "App Services", + "severity": "Low", + "text": "Implement a baseline highly available zone-redundant web application architecture. Ensure your Azure App Service is on Premium V2/V3 or Isolated v2 tiers for zone-redundant support.", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Leverage staging slots for zero-downtime deployments and automated backups to ensure disaster recovery. Choose the appropriate tier (Standard or Premium) based on the number of slots and disaster recovery requirements.", + "graph": "resources | where type =~ 'microsoft.web/serverfarms' | extend compliant = (sku.tier == 'Premium' or sku.tier == 'Standard') | distinct id,compliant", + "guid": "e4b31c6a-2e3f-4df1-8e8b-9c3aa5a27820", + "link": "https://learn.microsoft.com/azure/app-service/overview-hosting-plans", + "service": "App Services", + "severity": "Medium", + "text": "Use Premium and Standard tiers for staging slots and automated backups. Align your backup retention period with disaster recovery needs.", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Availability Zones provide physical isolation across datacenters in a region, reducing downtime during outages. Verify your region supports Availability Zones and use Premium V2/V3 tiers for zone-redundant deployments.", + "guid": "a7e2e6c2-491f-4fa4-a82b-521d0bc3b202", + "link": "https://learn.microsoft.com/azure/reliability/migrate-app-service", + "service": "App Services", + "severity": "High", + "text": "Leverage Availability Zones where regionally applicable (Premium V2/V3 tier required). Check region support for Availability Zones.", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Enable health checks to detect unhealthy instances in real-time and automatically replace them to maintain high availability and application reliability.", + "graph": "appserviceresources | where type =~ 'microsoft.web/sites/config' | extend compliant = (properties.HealthCheckPath != '') | distinct id,compliant", + "guid": "1275e4a9-7b6a-43c3-a9cd-5ee18d8995ad", + "link": "https://learn.microsoft.com/azure/app-service/monitor-instances-health-check", + "service": "App Services", + "severity": "Medium", + "text": "Implement health checks to monitor and detect issues with App Service instances. Health checks enable automatic instance replacement on failure.", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Follow best practices for configuring backups and restores in Azure App Service and ASE to guarantee data availability and ensure recovery during disaster scenarios.", + "guid": "35a91c5d-4ad6-4d9b-8e0f-c47db9e6d1e7", + "link": "https://learn.microsoft.com/azure/app-service/manage-backup", + "service": "App Services", + "severity": "High", + "text": "Refer to backup and restore best practices for Azure App Service and App Service Environments (ASE) to ensure data availability and recovery.", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Ensure high availability by incorporating scaling, fault tolerance, monitoring, and zone redundancy into your App Service architecture. Leverage health checks and availability zones to maintain uptime.", + "guid": "e68cd0ec-afc6-4bd8-a27f-7860ad9a0db2", + "link": "https://learn.microsoft.com/azure/architecture/framework/services/compute/azure-app-service/reliability", + "service": "App Services", + "severity": "High", + "text": "Implement Azure App Service reliability best practices, including auto-scaling, fault tolerance, health checks, and zone redundancy.", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Prepare for disaster recovery by implementing region failover strategies. Utilize active-active and active-passive configurations, automated failover, and Infrastructure as Code (IaC) for seamless failover during outages.", + "guid": "bd2a865c-0835-4418-bb58-4df91a5a9b3f", + "link": "https://learn.microsoft.com/azure/app-service/manage-disaster-recovery#recover-app-content-only", + "service": "App Services", + "severity": "Low", + "text": "Familiarize with App Service region failover, including active-active and active-passive configurations, automated failover, and IaC deployment.", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Azure App Service offers built-in reliability features, including scaling, fault tolerance, and service-level agreements (SLAs). Leverage these features to maintain consistent performance during outages.", + "guid": "f3d2f1e4-e6d4-4b7a-a5a5-e2a9b2c6f293", + "link": "https://learn.microsoft.com/azure/reliability/reliability-app-service", + "service": "App Services", + "severity": "High", + "text": "Familiarize with reliability support in Azure App Service, including scaling options, SLAs, and automated recovery mechanisms.", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Enabling 'Always On' for Function Apps ensures that the app does not go idle, maintaining its availability and responsiveness at all times.", + "guid": "c7b5f3d1-0569-4fd2-9f32-c0b64e9c0c5e", + "link": "https://learn.microsoft.com/azure/azure-functions/dedicated-plan#always-on", + "service": "App Services", + "severity": "Medium", + "text": "Ensure 'Always On' is enabled for Function Apps running on App Service plans to prevent idling and ensure continuous availability.", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Health checks monitor the health of App Service instances, enabling automatic replacement of unhealthy instances to maintain high availability.", + "guid": "a3b4d5f6-758c-4f9d-9e1a-d7c6b7e8f9ab", + "link": "https://learn.microsoft.com/azure/app-service/monitor-instances-health-check", + "service": "App Services", + "severity": "Medium", + "text": "Monitor App Service instances using Health checks to detect unhealthy instances and automatically replace them.", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "guid": "c7d3e5f9-a19c-4833-8ca6-1dcb0128e129", + "link": "https://learn.microsoft.com/azure/azure-monitor/app/availability-overview", + "service": "App Services", + "severity": "Medium", + "text": "Monitor availability and responsiveness of web app or website using Application Insights availability tests, ensuring proactive detection of performance issues and downtime.", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "guid": "b4e3f2d5-a5c6-4d7e-8b2f-c5d9e7a8f0ea", + "link": "https://learn.microsoft.com/azure/azure-monitor/app/availability-standard-tests", + "service": "App Services", + "severity": "Low", + "text": "Use Application Insights Standard test to monitor availability and responsiveness of web app or website", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Azure Key Vault ensures secrets are encrypted, securely stored, and accessed only by authorized applications. It supports audit logging, and secret versioning, and reduces the risk of accidental exposure of sensitive information.", + "guid": "834ac932-223e-4ce8-8b12-3071a5416415", + "link": "https://learn.microsoft.com/azure/app-service/app-service-key-vault-references", + "service": "App Services", + "severity": "High", + "text": "Use Azure Key Vault to store any secrets the application needs. Key Vault provides a secure, managed, and audited environment for storing secrets, and integrates seamlessly with App Service via App Service Key Vault References for enhanced security.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Managed Identity eliminates the need for hard-coded credentials by allowing App Service to authenticate to Azure Key Vault securely. This reduces the risk of credential exposure and simplifies secret management for enhanced security.", + "guid": "833ea3ad-2c2d-4e73-8165-c3acbef4abe1", + "link": "https://learn.microsoft.com/azure/app-service/app-service-key-vault-references", + "service": "App Services", + "severity": "High", + "text": "Use Managed Identity to securely connect to Azure Key Vault for accessing secrets, through App Service Key Vault References.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Storing TLS certificates in Azure Key Vault enhances security by providing centralized, secure management and automated renewal of certificates. This reduces the risk of manual handling errors and certificate expiration.", + "guid": "f8d39fda-4776-4831-9c11-5775c2ea55b4", + "link": "https://learn.microsoft.com/azure/app-service/configure-ssl-certificate", + "service": "App Services", + "severity": "High", + "text": "Use Azure Key Vault to securely store and manage TLS certificates for App Service.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "To minimize exposure and improve security, isolate systems processing sensitive data. Leverage separate App Service Plans or App Service Environments for isolation, and use different subscriptions or management groups to enforce stricter boundaries and governance.", + "guid": "6ad48408-ee72-4734-a475-ba18fdbf590c", + "link": "https://learn.microsoft.com/azure/app-service/overview-hosting-plans", + "service": "App Services", + "severity": "Medium", + "text": "Isolate systems that process sensitive information using separate App Service Plans, App Service Environments (ASE), and consider different subscriptions or management groups for enhanced security.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Local disks on App Service are not encrypted and sensitive data should not be stored on those. (For example: D:\\\\Local and %TMP%).", + "guid": "e65de8e0-3f9b-4cbd-9682-66abca264f9a", + "link": "https://learn.microsoft.com/azure/app-service/operating-system-functionality#file-access", + "service": "App Services", + "severity": "Medium", + "text": "Do not store sensitive data on local disk", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Use Microsoft Entra ID or B2C for secure user authentication and Single Sign-On (SSO) across applications. Integrate using the built-in App Service Authentication/Authorization feature for streamlined security and compliance with modern authentication protocols like OpenID Connect.", + "guid": "919ca0b2-c121-459e-814b-933df574eccc", + "link": "https://learn.microsoft.com/azure/app-service/overview-authentication-authorization", + "service": "App Services", + "severity": "Medium", + "text": "Use Microsoft Entra ID or B2C for secure authentication and Single Sign-On (SSO).", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Ensure all code deployments to App Service originate from a controlled, secured environment, such as a well-managed DevOps pipeline. This practice mitigates the risk of deploying unauthorized or malicious code by enforcing version control, code verification, and secure hosting.", + "guid": "3f9bcbd4-6826-46ab-aa26-4f9a19aed9c5", + "link": "https://learn.microsoft.com/azure/app-service/deploy-best-practices", + "service": "App Services", + "severity": "High", + "text": "Deploy code to App Service from a trusted and secure environment.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Disable basic authentication for FTP/FTPS and WebDeploy/SCM to enhance security by enforcing Microsoft Entra ID secured endpoints for deployment. This ensures that only authenticated users using Microsoft Entra ID credentials can access deployment services, including the SCM site.", + "guid": "5d04c2c3-919c-4a0b-8c12-159e114b933d", + "link": "https://learn.microsoft.com/azure/app-service/deploy-configure-credentials#disable-basic-authentication", + "service": "App Services", + "severity": "High", + "text": "Disable basic authentication for FTP/FTPS and WebDeploy/SCM.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Wherever possible, use Managed Identity to securely connect to Microsoft Entra ID-secured resources without storing credentials. If this is not feasible, store secrets in Azure Key Vault and access them using Managed Identity to maintain security and reduce the risk of credential exposure.", + "guid": "f574eccc-d9bd-43ba-bcda-3b54eb2eb03d", + "link": "https://learn.microsoft.com/azure/app-service/overview-managed-identity?tabs=portal%2Chttp", + "service": "App Services", + "severity": "High", + "text": "Use Managed Identity to connect to Microsoft Entra ID secured resources.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "When using images stored in Azure Container Registry, pull these images using a Managed Identity to avoid storing credentials. This ensures secure access to container images and reduces the risk of credential exposure.", + "guid": "d9a25827-18d2-4ddb-8072-5769ee6691a4", + "link": "https://learn.microsoft.com/azure/app-service/configure-custom-container#use-managed-identity-to-pull-image-from-azure-container-registry", + "service": "App Services", + "severity": "High", + "text": "Pull container images from Azure Container Registry using a Managed Identity.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Configure diagnostic settings to send telemetry and security logs (including HTTP, platform, and audit logs) to Log Analytics. Centralized logging enhances monitoring, threat detection, and compliance reporting.", + "guid": "47768314-c115-4775-a2ea-55b46ad48408", + "link": "https://learn.microsoft.com/azure/app-service/troubleshoot-diagnostic-logs", + "service": "App Services", + "severity": "Medium", + "text": "Send App Service runtime and security logs to Log Analytics for centralized monitoring and alerting.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Set up a diagnostic setting to send the activity log to Log Analytics as the central destination for logging and monitoring. This allows you to monitor control plane activity on the App Service resource itself.", + "guid": "ee72734b-475b-4a18-bdbf-590ce65de8e0", + "link": "https://learn.microsoft.com/azure/azure-monitor/essentials/activity-log", + "service": "App Services", + "severity": "Medium", + "text": "Send App Service activity logs to Log Analytics", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Use regional VNet integration, Network Security Groups (NSGs), and User-Defined Routes (UDRs) to control outbound network access. Route traffic through a Network Virtual Appliance (NVA), such as Azure Firewall, and monitor firewall logs to ensure traffic is properly controlled and secure.", + "guid": "c12159e1-14b9-433d-b574-ecccd9bd3baf", + "link": "https://learn.microsoft.com/azure/app-service/overview-vnet-integration", + "service": "App Services", + "severity": "Medium", + "text": "Control outbound network access for App Service using VNet integration, NSGs, UDRs, and firewalls.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Provide a stable outbound IP by using VNet integration with a NAT Gateway or Network Virtual Appliance (NVA) like Azure Firewall. This enables the receiving party to allow-list based on IP, if necessary. For communications with Azure services, use mechanisms like Service Endpoints or private endpoints to avoid relying on static IPs, ensuring secure and efficient connectivity.", + "guid": "cda3b54e-b2eb-403d-b9a2-582718d2ddb1", + "link": "https://learn.microsoft.com/azure/app-service/networking/nat-gateway-integration", + "service": "App Services", + "severity": "Low", + "text": "Ensure a stable IP for outbound communications by using VNet NAT Gateway or Azure Firewall.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Control inbound network access by configuring App Service Access Restrictions, Service Endpoints, or Private Endpoints. Ensure appropriate restrictions are set for both the web app and the SCM (deployment) site to limit unauthorized access and enhance security.", + "guid": "0725769e-e669-41a4-a34a-c932223ece80", + "link": "https://learn.microsoft.com/azure/app-service/networking-features#access-restrictions", + "service": "App Services", + "severity": "High", + "text": "Control inbound network access using Access Restrictions, Service Endpoints, or Private Endpoints.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Protect App Service from malicious inbound traffic by deploying a Web Application Firewall (WAF) using Azure Application Gateway or Azure Front Door. Ensure WAF logs are monitored regularly to detect and respond to security threats.", + "guid": "b123071a-5416-4415-a33e-a3ad2c2de732", + "link": "https://learn.microsoft.com/azure/app-service/networking/app-gateway-with-service-endpoints", + "service": "App Services", + "severity": "High", + "text": "Use a Web Application Firewall (WAF) in front of App Service.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "To prevent the Web Application Firewall (WAF) from being bypassed, lock down access to App Service by using Access Restrictions, Service Endpoints, and Private Endpoints. This ensures that all traffic is routed through the WAF, providing a secure front layer of protection.", + "guid": "165c3acb-ef4a-4be1-b8d3-9fda47768314", + "link": "https://learn.microsoft.com/azure/app-service/networking-features#access-restrictions", + "service": "App Services", + "severity": "High", + "text": "Ensure the WAF cannot be bypassed by securing access to App Service.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Ensure that the minimum TLS policy is set to 1.2 or higher, with a preference for TLS 1.3, to enhance security through stronger encryption protocols. TLS 1.3 provides additional security improvements and faster handshake times, reducing vulnerabilities associated with older versions.", + "graph": "appserviceresources | where type =~ 'microsoft.web/sites/config' | extend compliant = (properties.MinTlsVersion>=1.2) | distinct id,compliant", + "guid": "c115775c-2ea5-45b4-9ad4-8408ee72734b", + "link": "https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-tls-versions", + "service": "App Services", + "severity": "Medium", + "text": "Set minimum TLS policy to 1.2 or higher, preferably 1.3, in App Service configuration.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Configure App Service to enforce HTTPS-only, automatically redirecting all HTTP traffic to HTTPS. Additionally, implement HTTP Strict Transport Security (HSTS) in your code or via a Web Application Firewall (WAF) to ensure browsers only access the site over HTTPS, enhancing security by preventing downgrade attacks.", + "graph": "where (type=='microsoft.web/sites' and (kind == 'app' or kind == 'app,linux' )) | extend compliant = (properties.httpsOnly==true) | distinct id,compliant", + "guid": "475ba18f-dbf5-490c-b65d-e8e03f9bcbd4", + "link": "https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-https", + "service": "App Services", + "severity": "High", + "text": "Use HTTPS only and consider enabling HTTP Strict Transport Security (HSTS).", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Do not use wildcards (*) in your CORS configuration, as this permits unrestricted access from any origin, compromising security. Instead, explicitly specify trusted origins that are allowed to access the service, ensuring controlled access.", + "guid": "68266abc-a264-4f9a-89ae-d9c55d04c2c3", + "link": "https://learn.microsoft.com/azure/app-service/app-service-web-tutorial-rest-api", + "service": "App Services", + "severity": "High", + "text": "Avoid using wildcards for CORS; specify allowed origins explicitly.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Remote debugging should not be enabled in production as it opens additional ports, increasing the attack surface. Although App Service automatically turns off remote debugging after 48 hours, it is recommended to disable it manually in production to maintain a secure environment.", + "graph": "appserviceresources | where type =~ 'microsoft.web/sites/config' | extend compliant = (properties.RemoteDebuggingEnabled == false) | distinct id,compliant", + "guid": "d9bd3baf-cda3-4b54-bb2e-b03dd9a25827", + "link": "https://learn.microsoft.com/azure/app-service/configure-common#configure-general-settings", + "service": "App Services", + "severity": "High", + "text": "Turn off remote debugging in production environments.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Enable Defender for App Service. This (amongst other threats) detects communications to known malicious IP addresses. Review the recommendations from Defender for App Service as part of your operations.", + "guid": "18d2ddb1-0725-4769-be66-91a4834ac932", + "link": "https://learn.microsoft.com/azure/defender-for-cloud/defender-for-app-service-introduction", + "service": "App Services", + "severity": "Medium", + "text": "Enable Defender for Cloud - Defender for App Service", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Azure provides DDoS Basic protection on its network, which can be improved with intelligent DDoS Standard capabilities which learns about normal traffic patterns and can detect unusual behavior. DDoS Standard applies to a Virtual Network so it must be configured for the network resource in front of the app, such as Application Gateway or an NVA.", + "guid": "223ece80-b123-4071-a541-6415833ea3ad", + "link": "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview", + "service": "App Services", + "severity": "Medium", + "text": "Enable DDOS Protection Standard on the WAF VNet", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "When using images stored in Azure Container Registry, ensure they are pulled over a virtual network by using a private endpoint and configuring the app setting 'WEBSITE_PULL_IMAGE_OVER_VNET'. This ensures secure communication between App Service and the registry, preventing exposure to the public internet.", + "guid": "2c2de732-165c-43ac-aef4-abe1f8d39fda", + "link": "https://learn.microsoft.com/azure/app-service/configure-custom-container#use-an-image-from-a-network-protected-registry", + "service": "App Services", + "severity": "Medium", + "text": "Pull container images over a Virtual Network from Azure Container Registry.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Perform a penetration test on the web application in accordance with Azure's penetration testing rules of engagement. This helps identify vulnerabilities and security weaknesses that can be addressed before they are exploited.", + "guid": "eb2eb03d-d9a2-4582-918d-2ddb10725769", + "link": "https://learn.microsoft.com/azure/security/fundamentals/pen-testing", + "service": "App Services", + "severity": "Medium", + "text": "Conduct a penetration test on the web application.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Ensure that only trusted code, which has been validated and scanned for vulnerabilities, is deployed to production following DevSecOps practices. This minimizes the risk of introducing security vulnerabilities into the application environment.", + "guid": "19aed9c5-5d04-4c2c-9919-ca0b2c12159e", + "link": "https://learn.microsoft.com/azure/architecture/solution-ideas/articles/devsecops-in-azure", + "service": "App Services", + "severity": "Medium", + "text": "Deploy validated and vulnerability-scanned code.", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Ensure that the latest versions of supported platforms, programming languages, protocols, and frameworks are used. Regular updates mitigate the risk of security vulnerabilities and ensure compatibility with security patches.", + "guid": "114b933d-f574-4ecc-ad9b-d3bafcda3b54", + "link": "https://learn.microsoft.com/azure/app-service/overview-patch-os-runtime", + "service": "App Services", + "severity": "High", + "text": "Use up-to-date platforms, languages, protocols and frameworks", + "waf": "Security" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Leverage Auto-Healing in Azure App Service to automatically restart instances or trigger custom actions based on pre-defined failure conditions like memory thresholds, HTTP errors, or specific event logs.", + "guid": "60b3a935-33e5-45c9-87c7-53882e395b46", + "link": "https://learn.microsoft.com/azure/app-service/overview-diagnostics", + "service": "App Services", + "severity": "Medium", + "text": "Use Auto-Healing with custom rules to restart App Service instances automatically when failures occur.", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Configure Azure Monitor alerts based on Application Insights metrics for response times, failure rates, and overall availability. Alerts help detect issues proactively and reduce mean-time-to-recovery (MTTR).", + "guid": "e52e4514-02a7-4e81-a98e-88ce1b18e557", + "link": "https://learn.microsoft.com/azure/azure-monitor/app/alerts", + "service": "App Services", + "severity": "Medium", + "text": "Set up alerts for critical Application Insights metrics, such as response time and failure rates.", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Use Azure Policy to enforce security, compliance, and governance configurations for App Service. Policies can ensure that critical settings such as TLS versions, backup configurations, and network restrictions are enforced across all App Service instances.", + "guid": "361e886f-ca40-4ead-a8e9-1379c642ae9c", + "link": "https://learn.microsoft.com/azure/governance/policy/overview", + "service": "App Services", + "severity": "High", + "text": "Apply Azure Policy to enforce compliance across App Service configurations.", + "waf": "Governance" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "Leverage Azure Cost Management to track and forecast App Service expenses. Set up alerts for budget thresholds to avoid overspending, and optimize costs based on resource utilization trends.", + "guid": "42eb48f0-28ff-497c-b2c0-a8fa1f989832", + "link": "https://learn.microsoft.com/azure/cost-management-billing/", + "service": "App Services", + "severity": "Low", + "text": "Monitor App Service costs using Azure Cost Management and create cost alerts.", + "waf": "Cost" + }, + { + "arm-service": "microsoft.web/sites", + "checklist": "Azure App Service Review", + "description": "If you have predictable and steady usage of App Service, purchasing Reserved Instances can significantly reduce long-term costs. Commit to one or three years for lower pricing compared to pay-as-you-go.", + "guid": "e489221b-487e-48a3-aaab-48e3d205ca12", + "link": "https://learn.microsoft.com/azure/cost-management-billing/reservations/", + "service": "App Services", + "severity": "Medium", + "text": "Purchase reserved instances for App Service plans to optimize long-term costs.", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Web/sites", + "checklist": "Logic Apps checklist", + "guid": "3b7a56de-5020-4642-b3cb-c976e80b6d6d", + "link": "https://learn.microsoft.com/azure/logic-apps/single-tenant-overview-compare", + "service": "Logic Apps", + "severity": "High", + "text": "Select the right Logic App hosting plan based on your business & SLO requirements", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Web/sites", + "checklist": "Logic Apps checklist", + "guid": "3d7008bd-6bc1-4b03-8aa8-ec2a3b55786a", + "link": "https://learn.microsoft.com/azure/logic-apps/set-up-zone-redundancy-availability-zones?tabs=standard#next-steps", + "service": "Logic Apps", + "severity": "High", + "text": "Protect logic apps from region failures with zone redundancy and availability zones", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Web/sites", + "checklist": "Logic Apps checklist", + "guid": "1cda768f-a206-445d-8234-56f6a6e7286e", + "link": "https://learn.microsoft.com/azure/logic-apps/business-continuity-disaster-recovery-guidance?toc=%2Fazure%2Freliability%2Ftoc.json&bc=%2Fazure%2Freliability%2Fbreadcrumb%2Ftoc.json", + "service": "Logic Apps", + "severity": "High", + "text": "Consider a Cross-Region DR strategy for critical workloads", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Web/sites", + "checklist": "Logic Apps checklist", + "guid": "82118ec5-ed6f-4c68-9471-eb0da98a1b34", + "link": "https://learn.microsoft.com/azure/app-service/environment/intro", + "service": "Logic Apps", + "severity": "High", + "text": "If deploying to an Isolated environment, use or migrate to App Service Environment (ASE) v3", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Web/sites", + "checklist": "Logic Apps checklist", + "guid": "74275fa5-9e08-4c7e-b096-13b538fe1501", + "link": "https://learn.microsoft.com/training/modules/deploy-azure-functions/", + "service": "Logic Apps", + "severity": "Medium", + "text": "Leverage Azure DevOps or GitHub to streamline CI/CD and safeguard your Logic App code", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.Devices/IotHubs", + "checklist": "IoT Hub Review", + "guid": "ac1d6380-f866-4bbd-a9b4-b1ee5d7908b8", + "link": "https://learn.microsoft.com/azure/iot-hub/iot-hub-ha-dr#availability-zones", + "service": "IoT", + "severity": "High", + "text": "Leverage Availability Zones if regionally applicable (this is automatically enabled)", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Devices/IotHubs", + "checklist": "IoT Hub Review", + "guid": "35f651e8-0124-4ef7-8c57-658e38609e6e", + "link": "https://learn.microsoft.com/azure/iot-hub/iot-hub-ha-dr#microsoft-initiated-failover", + "service": "IoT", + "severity": "Medium", + "text": "Be aware of Microsoft-initiated failovers. These are exercised by Microsoft in rare situations to fail over all the IoT hubs from an affected region to the corresponding geo-paired region.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Devices/IotHubs", + "checklist": "IoT Hub Review", + "guid": "4ed3e490-dc06-4a1e-b467-5d0239d85540", + "link": "https://learn.microsoft.com/azure/iot-hub/iot-hub-ha-dr#cross-region-dr", + "service": "IoT", + "severity": "High", + "text": "Consider a Cross-Region DR strategy for critical workloads", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Devices/IotHubs", + "checklist": "IoT Hub Review", + "guid": "a11ecab0-db47-46f7-9aa7-17764e7e45a1", + "link": "https://learn.microsoft.com/azure/iot-hub/iot-hub-ha-dr#microsoft-initiated-failover", + "service": "IoT", + "severity": "High", + "text": "Learn how to trigger a manual failover.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Devices/IotHubs", + "checklist": "IoT Hub Review", + "guid": "f9db8dfb-1194-460b-aedd-34dd6a69db22", + "link": "https://learn.microsoft.com/azure/iot-hub/iot-hub-ha-dr#failback", + "service": "IoT", + "severity": "High", + "text": "Learn how to fail back after a failover.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Search/searchServices", + "checklist": "Cognitive Search Review Checklist", + "guid": "41faa1ed-b7f0-447d-8cba-4a4905e5bb83", + "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability", + "service": "Cognitive Search", + "severity": "High", + "text": "Enable 2 replicas to have 99.9% availability for read operations", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Search/searchServices", + "checklist": "Cognitive Search Review Checklist", + "guid": "7d956fd9-788a-4845-9b9f-c0340972d810", + "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability", + "service": "Cognitive Search", + "severity": "Medium", + "text": "Enable 3 replicas to have 99.9% availability for read/write operations", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Search/searchServices", + "checklist": "Cognitive Search Review Checklist", + "guid": "44dc5f2b-a032-4d03-aae8-90c3f2c0a4c3", + "link": "https://learn.microsoft.com/azure/search/search-reliability#availability-zone-support", + "service": "Cognitive Search", + "severity": "High", + "text": "Leverage Availability Zones by enabling read and/or write replicas", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Search/searchServices", + "checklist": "Cognitive Search Review Checklist", + "guid": "cd0730f0-0ff1-4b77-9a2b-2a1f7dd5e291", + "link": "https://learn.microsoft.com/azure/search/search-reliability#multiple-services-in-separate-geographic-regions", + "service": "Cognitive Search", + "severity": "Medium", + "text": "For regional redudancy, Manually create services in 2 or more regions for Search as it doesn't provide an automated method of replicating search indexes across geographic regions", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Search/searchServices", + "checklist": "Cognitive Search Review Checklist", + "guid": "3c964882-aec9-4d44-9f68-4b5f2efbbdb6", + "link": "https://learn.microsoft.com/azure/search/search-reliability#synchronize-data-across-multiple-services", + "service": "Cognitive Search", + "severity": "Medium", + "text": "To synchronize data across multiple services either Use indexers for updating content on multiple services or Use REST APIs for pushing content updates on multiple services", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Search/searchServices", + "checklist": "Cognitive Search Review Checklist", + "guid": "85ee93c9-f53c-4803-be51-e6e4aa37ff4e", + "link": "https://learn.microsoft.com/azure/search/search-reliability#use-azure-traffic-manager-to-coordinate-requests", + "service": "Cognitive Search", + "severity": "Medium", + "text": "Use Azure Traffic Manager to coordinate requests", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Search/searchServices", + "checklist": "Cognitive Search Review Checklist", + "guid": "7be10278-57c1-4a61-8ee3-895aebfec5aa", + "link": "https://learn.microsoft.com/azure/search/search-reliability#back-up-and-restore-alternatives", + "service": "Cognitive Search", + "severity": "High", + "text": "Backup and Restore an Azure Cognitive Search Index. Use this sample code to back up index definition and snapshot to a series of Json files", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.BotService/botServices", + "checklist": "Azure Bot Service", + "guid": "6ad48408-ee72-4734-a476-ba28fdcf590c", + "link": "https://learn.microsoft.com/en-us/azure/reliability/reliability-bot", + "service": "Bot service", + "severity": "Medium", + "text": "Follow reliability support recommendations in Azure Bot Service", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.BotService/botServices", + "checklist": "Azure Bot Service", + "guid": "e65de8e1-3f9c-4cbd-9682-66abca264f9a", + "link": "https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-concept-regionalization", + "service": "Bot service", + "severity": "Medium", + "text": "Deploying bots with local data residency and regional compliance", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.BotService/botServices", + "checklist": "Azure Bot Service", + "guid": "19bfe9d5-5d04-4c3c-9919-ca1b2d1215ae", + "link": "https://learn.microsoft.com/en-us/azure/reliability/reliability-bot#cross-region-disaster-recovery-in-multi-region-geography", + "service": "Bot service", + "severity": "Medium", + "text": "Azure Bot Service runs in active-active mode for both global and regional services. When an outage occurs, you don't need to detect errors or manage the service. Azure Bot Service automatically performs auto failover and auto recovery in a multi-region geographical architecture. For the EU bot regional service, Azure Bot Service provides two full regions inside Europe with active/active replication to ensure redundancy. For the global bot service, all available regions/geographies can be served as the global footprint.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Insights/components", + "checklist": "Cost Optimization Checklist", + "guid": "a95b86ad-8840-48e3-9273-4b875ba18f20", + "link": "https://learn.microsoft.com/azure/architecture/guide/multitenant/considerations/tenancy-models", + "service": "Monitor", + "severity": "Medium", + "text": "Data collection rules in Azure Monitor -https://learn.microsoft.com/azure/azure-monitor/essentials/data-collection-rule-overview", + "training": "https://azure.microsoft.com/pricing/reservations/", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.RecoveryServices/vaults", + "checklist": "Cost Optimization Checklist", + "guid": "45901365-d38e-443f-abcb-d868266abca2", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/multi-tenant/automation", + "service": "Backup", + "severity": "Medium", + "text": "check backup instances with the underlying datasource not found", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "guid": "64f9a19a-f29c-495d-94c6-c7919ca0f6c5", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/multi-tenant/lighthouse", + "service": "VM", + "severity": "Medium", + "text": "Delete or archive unassociated services (disks, nics, ip addresses etc)", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.RecoveryServices/vaults", + "checklist": "Cost Optimization Checklist", + "guid": "69bad37a-ad53-4cc7-ae1d-76667357c449", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-microsoft-customer-agreement#design-recommendations", + "service": "Backup", + "severity": "Medium", + "text": "Consider a good balance between site recovery storage and backup for non mission critical applications", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Insights/components", + "checklist": "Cost Optimization Checklist", + "guid": "674b5ed8-5a85-49c7-933b-e2a1a27b765a", + "link": "https://learn.microsoft.com/azure/cost-management-billing/manage/direct-ea-administration#manage-notification-contacts", + "service": "Monitor", + "severity": "Medium", + "text": "Check spending and savings opportunities among the 40 different log analytics workspaces- use different retention and data collection for nonprod workspaces-create daily cap for awareness and tier sizing - If you do set a daily cap, in addition to creating an alert when the cap is reached,ensure that you also create an alert rule to be notified when some percentage has been reached (90% for example). - consider workspace transformation if possible - https://learn.microsoft.com/azure/azure-monitor/essentials/data-collection-transformations#workspace-transformation-dcr ", + "training": "https://learn.microsoft.com/azure/cost-management-billing/costs/understand-work-scopes", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Insights/components", + "checklist": "Cost Optimization Checklist", + "guid": "91be1f38-8ef3-494c-8bd4-63cbbac75819", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-enterprise-agreement#design-considerations", + "service": "Monitor", + "severity": "Medium", + "text": "Enforce a purging log policy and automation (if needed, logs can be moved to cold storage)", + "training": "https://www.youtube.com/watch?v=nHQYcYGKuyw", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "guid": "6aae01e6-a84d-4e5d-b36d-1d92881a1bd5", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-enterprise-agreement#design-considerations", + "service": "VM", + "severity": "Medium", + "text": "Check that the disks are really needed, if not: delete. If they are needed, find lower storage tiers or use backup -", + "training": "https://learn.microsoft.com/azure/cost-management-billing/costs/manage-automation", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Cost Optimization Checklist", + "guid": "d1e44a19-659d-4395-afd7-7289b835556d", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-enterprise-agreement#design-considerations", + "service": "Storage", + "severity": "Medium", + "text": "Consider moving unused storage to lower tier, with customized rule - https://learn.microsoft.com/azure/storage/blobs/lifecycle-management-policy-configure ", + "training": "https://learn.microsoft.com/azure/cost-management-billing/costs/enable-tag-inheritance", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "guid": "d0102cac-6aae-401e-9a84-de5de36d1d92", + "link": "https://learn.microsoft.com/azure/governance/policy/overview", + "service": "VM", + "severity": "Medium", + "text": "Make sure advisor is configured for VM right sizing ", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "description": "check by searching the Meter Category Licenses in the Cost analysys", + "guid": "59ae568b-a38d-4498-9e22-13dbd7bb012f", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/manage/centralize-operations", + "service": "VM", + "severity": "Medium", + "text": "run the script on all windows VMs https://learn.microsoft.com/azure/virtual-machines/windows/hybrid-use-benefit-licensing?ref=andrewmatveychuk.com#convert-an-existing-vm-using-azure-hybrid-benefit-for-windows-server- consider implementing a policy if windows VMs are created frequently", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "guid": "7b95e06e-158e-42ea-9992-c2de6e2065b3", + "link": "https://learn.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure", + "service": "VM", + "severity": "Medium", + "text": " this can be also put under AHUB if you already have licenses https://learn.microsoft.com/azure/virtual-machines/linux/azure-hybrid-benefit-linux?tabs=rhelpayg%2Crhelbyos%2CrhelEnablebyos%2Crhelcompliance", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "guid": "75c1e945-b459-4837-bf7a-e7c6d3b475a5", + "link": "https://learn.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal", + "service": "VM", + "severity": "Medium", + "text": "Consolidate reserved VM families with flexibility option (no more than 4-5 families)", + "training": "https://learn.microsoft.com/azure/automation/automation-solution-vm-management", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "guid": "c7acbe49-bbe6-44dd-a9f2-e87778468d55", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access#prerequisites-for-a-landing-zone---design-recommendations", + "service": "VM", + "severity": "Medium", + "text": "Utilize Azure Reserved Instances: This feature allows you to reserve VMs for a period of 1 or 3 years, providing significant cost savings compared to PAYG prices.", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "guid": "a6bcca2b-4fea-41db-b3dd-95d48c7c891d", + "link": "https://learn.microsoft.com/azure/active-directory-domain-services/overview", + "service": "VM", + "severity": "Medium", + "text": "Only larger disks can be reserved => 1 TiB -", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "guid": "cb1f7d57-59ae-4568-aa38-d4985e2213db", + "link": "https://learn.microsoft.com/azure/architecture/reference-architectures/identity/adds-extend-domain", + "service": "VM", + "severity": "Medium", + "text": "After the right-sizing optimization", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Sql/servers", + "checklist": "Cost Optimization Checklist", + "guid": "d7bb012f-7b95-4e06-b158-e2ea3992c2de", + "link": "https://learn.microsoft.com/azure/active-directory/app-proxy/application-proxy", + "service": "SQL", + "severity": "Medium", + "text": "Check if applicable and enforce policy/change https://learn.microsoft.com/azure/azure-sql/azure-hybrid-benefit?view=azuresql&tabs=azure-portalhttps://learn.microsoft.com/azure/cost-management-billing/scope-level/create-sql-license-assignments?source=recommendations", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "guid": "6e2065b3-a76a-4f4a-991e-8839ada46667", + "link": "https://learn.microsoft.com/azure/active-directory/roles/best-practices", + "service": "VM", + "severity": "Medium", + "text": "The VM + license part discount (ahub + 3YRI) is around 70% discount", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "guid": "ccbd9792-a6bc-4ca2-a4fe-a1dbf3dd95d4", + "link": "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-best-practices#send-logs-to-microsoft-sentinel", + "service": "VM", + "severity": "Medium", + "text": "Consider using a VMSS to match demand rather than flat sizing", + "waf": "Cost" + }, + { + "arm-service": "microsoft.containerservice/managedClusters", + "checklist": "Cost Optimization Checklist", + "guid": "c1b1cd52-1e54-4a29-a9de-39ac0e7c28dc", + "link": "https://learn.microsoft.com/azure/reliability/cross-region-replication-azure", + "service": "AKS", + "severity": "Medium", + "text": "Use AKS autoscaler to match your clusters usage (make sure the pods requirements match the scaler)", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.RecoveryServices/vaults", + "checklist": "Cost Optimization Checklist", + "guid": "44be3b1a-27f8-4b9e-a1be-1f38df03a822", + "link": "https://learn.microsoft.com/azure/azure-monitor/logs/data-retention-archive?tabs=portal-1%2Cportal-2#how-retention-and-archiving-work", + "service": "Backup", + "severity": "Medium", + "text": "Move recovery points to vault-archive where applicable (Validate)", + "training": "https://azure.microsoft.com/pricing/reservations/", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Databricks/workspaces", + "checklist": "Cost Optimization Checklist", + "guid": "cd463cbb-bc8a-4c29-aebc-91a43da1dae2", + "link": "https://learn.microsoft.com/azure/databricks/clusters/cluster-config-best-practices#automatic-termination", + "service": "Databricks", + "severity": "Medium", + "text": "Consider using Spot VMs with fallback where possible. Consider autotermination of clusters.", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Web/sites", + "checklist": "Cost Optimization Checklist", + "guid": "cc881470-607c-41cc-a0e6-14658dd458e9", + "link": "https://learn.microsoft.com/azure/governance/policy/how-to/guest-configuration-create", + "service": "Functions", + "severity": "Medium", + "text": "Functions - Reuse connections", + "training": "https://learn.microsoft.com/azure/cost-management-billing/reservations/reservation-apis?toc=%2Fazure%2Fcost-management-billing%2Ftoc.json", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Web/sites", + "checklist": "Cost Optimization Checklist", + "guid": "27139b82-1102-4dbd-9eaf-11e6f843e52f", + "link": "https://learn.microsoft.com/azure/automation/update-management/overview", + "service": "Functions", + "severity": "Medium", + "text": "Functions - Cache data locally", + "training": "https://learn.microsoft.com/learn/paths/azure-administrator-manage-compute-resources/", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Web/sites", + "checklist": "Cost Optimization Checklist", + "guid": "4722d928-c1b1-4cd5-81e5-4a29b9de39ac", + "link": "https://learn.microsoft.com/azure/network-watcher/network-watcher-monitoring-overview", + "service": "Functions", + "severity": "Medium", + "text": "Functions - Cold starts-Use the 'Run from package' functionality. This way, the code is downloaded as a single zip file. This can, for example, result in significant improvements with Javascript functions, which have a lot of node modules.Use language specific tools to reduce the package size, for example, tree shaking Javascript applications.", + "training": "https://learn.microsoft.com/learn/modules/configure-network-watcher/", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Web/sites", + "checklist": "Cost Optimization Checklist", + "guid": "0e7c28dc-9366-4572-82bf-f4564b0d934a", + "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/lock-resources?tabs=json", + "service": "Functions", + "severity": "Medium", + "text": "Functions - Keep your functions warm", + "training": "https://learn.microsoft.com/learn/paths/implement-resource-mgmt-security/", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Web/sites", + "checklist": "Cost Optimization Checklist", + "guid": "359c363e-7dd6-4162-9a36-4a907ebae38e", + "link": "https://learn.microsoft.com/azure/governance/policy/overview", + "service": "Functions", + "severity": "Medium", + "text": "When using autoscale with different functions, there might be one driving all the autoscale for all the resources - consider moving it to a separate consumption plan (and consider higher plan for CPU)", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Web/sites", + "checklist": "Cost Optimization Checklist", + "guid": "ad53cc7d-e2e8-4aaa-a357-1549ab9153d8", + "link": "https://learn.microsoft.com/azure/service-health/alerts-activity-log-service-notifications-portal", + "service": "Functions", + "severity": "Medium", + "text": "Function apps in a given plan are all scaled together, so any issues with scaling can affect all apps in the plan.", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Web/sites", + "checklist": "Cost Optimization Checklist", + "guid": "9f89dc7b-44be-43b1-a27f-8b9e91be1f38", + "link": "https://learn.microsoft.com/azure/azure-monitor/alerts/action-groups", + "service": "Functions", + "severity": "Medium", + "text": "Am I billed for 'await time'? This question is typically asked in the context of a C# function that does an async operation and waits for the result, e.g. await Task.Delay(1000) or await client.GetAsync('http://google.com'). The answer is yes - the GB second calculation is based on the start and end time of the function and the memory usage over that period. What actually happens over that time in terms of CPU activity is not factored into the calculation.One exception to this rule is if you are using durable functions. You are not billed for time spent at awaits in orchestrator functions.apply demand shaping techinques where possible (dev environments?) https://github.com/Azure-Samples/functions-csharp-premium-scaler", + "waf": "Cost" + }, + { + "arm-service": "microsoft.network/frontdoors", + "checklist": "Cost Optimization Checklist", + "guid": "3da1dae2-cc88-4147-8607-c1cca0e61465", + "link": "https://learn.microsoft.com/azure/azure-monitor/logs/design-logs-deployment", + "service": "Front Door", + "severity": "Medium", + "text": "Frontdoor - Turn off the default homepageIn the application settings of your App, set AzureWebJobsDisableHomepage to true. This will return a 204 (No Content) to the PoP so only header data is returned.", + "waf": "Cost" + }, + { + "arm-service": "microsoft.network/frontdoors", + "checklist": "Cost Optimization Checklist", + "guid": "8dd458e9-2713-49b8-8110-2dbd6eaf11e6", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-setup-guide/monitoring-reporting?tabs=AzureMonitor", + "service": "Front Door", + "severity": "Medium", + "text": "Frontdoor - Route to something that returns nothing. Either set up a Function, Function Proxy, or add a route in your WebApp that returns 200 (OK) and sends no or minimal content. The advantage of this is you will be able to log out when it is called.", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Cost Optimization Checklist", + "guid": "7e31c67d-68cf-46a6-8a11-94956d697dc3", + "link": "https://learn.microsoft.com/azure/architecture/best-practices/monitoring", + "service": "Storage", + "severity": "Medium", + "text": "Consider archiving tiers for less used data", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "guid": "a2ed27b2-d186-4f1a-8252-bddde68a487c", + "link": "https://learn.microsoft.com/azure/automation/how-to/region-mappings", + "service": "VM", + "severity": "Medium", + "text": "Check disk sizes where the size does not match the tier (i.e. A 513 GiB disk will pay a P30 (1TiB) and consider resizing", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Cost Optimization Checklist", + "guid": "dec4861b-c3bc-410a-b77e-26e4d5a3bec2", + "link": "https://learn.microsoft.com/azure/governance/policy/concepts/guest-configuration", + "service": "Storage", + "severity": "Medium", + "text": "Consider using standard SSD rather than Premium or Ultra where possible", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Cost Optimization Checklist", + "guid": "c4e2436b-1336-4db5-9f17-960eee0bdf5c", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/management-operational-compliance#monitoring-for-configuration-drift", + "service": "Storage", + "severity": "Medium", + "text": "For storage accounts, make sure that the chosen tier is not adding up transaction charges (it might be cheaper to move to the next tier)", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.RecoveryServices/vaults", + "checklist": "Cost Optimization Checklist", + "guid": "c2efc5d7-61d4-41d2-900b-b47a393a040f", + "link": "https://learn.microsoft.com/azure/site-recovery/site-recovery-overview", + "service": "Site Recovery", + "severity": "Medium", + "text": "For ASR, consider using Standard SSD disks if the RPO/RTO and replication throughput allow it", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Storage/storageAccounts", + "checklist": "Cost Optimization Checklist", + "guid": "d3294798-b118-48b2-a5a4-6ceb544451e1", + "link": "https://learn.microsoft.com/azure/architecture/framework/resiliency/backup-and-recovery", + "service": "Storage", + "severity": "Medium", + "text": "Storage accounts: check hot tier and/or GRS necessary", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "guid": "92d34429-3c76-4286-97a5-51c5b04e4f18", + "link": "https://learn.microsoft.com/azure/backup/backup-center-overview", + "service": "VM", + "severity": "Medium", + "text": "Disks - validate use of Premium SSD disks everywhere: for example, non-prod could swap to Standard SSD or on-demand Premium SSD ", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Cost Optimization Checklist", + "guid": "54387e5c-ed12-46cd-832a-f5b2fc6998a5", + "link": "https://learn.microsoft.com/azure/reliability/availability-zones-overview", + "service": "Synapse", + "severity": "Medium", + "text": "Create budgets to manage costs and create alerts that automatically notify stakeholders of spending anomalies and overspending risks.", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Cost Optimization Checklist", + "guid": "35e33789-7e31-4c67-b68c-f6a62a119495", + "link": "https://learn.microsoft.com/azure/virtual-machines/availability", + "service": "Synapse", + "severity": "Medium", + "text": "Export cost data to a storage account for additional data analysis.", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Cost Optimization Checklist", + "guid": "6d697dc3-a2ed-427b-8d18-6f1a1252bddd", + "link": "https://learn.microsoft.com/azure/load-balancer/load-balancer-overview", + "service": "Synapse", + "severity": "Medium", + "text": "Control costs for a dedicated SQL pool by pausing the resource when it is not in use.", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Cost Optimization Checklist", + "guid": "e68a487c-dec4-4861-ac3b-c10ae77e26e4", + "link": "https://learn.microsoft.com/azure/virtual-machine-scale-sets/overview", + "service": "Synapse", + "severity": "Medium", + "text": "Enable the serverless Apache Spark automatic pause feature and set your timeout value accordingly.", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Cost Optimization Checklist", + "guid": "d5a3bec2-c4e2-4436-a133-6db55f17960e", + "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#use-latest-version-for-customer-managed-certificates", + "service": "Synapse", + "severity": "Medium", + "text": "Create multiple Apache Spark pool definitions of various sizes.", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Cost Optimization Checklist", + "guid": "ee0bdf5c-c2ef-4c5d-961d-41d2500bb47a", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups#management-groups-in-the-azure-landing-zone-accelerator", + "service": "Synapse", + "severity": "Medium", + "text": "Purchase Azure Synapse commit units (SCU) for one year with a pre-purchase plan to save on your Azure Synapse Analytics costs.", + "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "guid": "393a040f-d329-4479-ab11-88b2c5a46ceb", + "link": "https://learn.microsoft.com/azure/application-gateway/overview-v2", + "service": "VM", + "severity": "Medium", + "text": "Use Spot VMs for interruptible jobs: These are VMs that can be bid on and purchased at a discounted price, providing a cost-effective solution for non-critical workloads.", + "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "guid": "544451e1-92d3-4442-a3c7-628637a551c5", + "link": "https://learn.microsoft.com/azure/load-balancer/load-balancer-overview", + "service": "VM", + "severity": "Medium", + "text": "Right-sizing all VMs", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "guid": "b04e4f18-5438-47e5-aed1-26cd032af5b2", + "link": "https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet", + "service": "VM", + "severity": "Medium", + "text": "Swap VM sized with normalized and most recent sizes", + "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "guid": "fc6998a5-35e3-4378-a7e3-1c67d68cf6a6", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview", + "service": "VM", + "severity": "Medium", + "text": "right-sizing VMs - start with monitoring usage below 5% and then work up to 40%", + "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.Compute/virtualMachines", + "checklist": "Cost Optimization Checklist", + "guid": "2a119495-6d69-47dc-9a2e-d27b2d186f1a", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview", + "service": "VM", + "severity": "Medium", + "text": "Containerizing an application can improve VM density and save money on scaling it", + "training": "https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/", + "waf": "Cost" + }, { "arm-service": "microsoft.network/frontdoors", "checklist": "Azure Application Delivery Networking", @@ -1834,6 +5301,4221 @@ "text": "If using Azure Disks and AZs, consider having nodepools within a zone for LRS disk with VolumeBindingMode:WaitForFirstConsumer for provisioning storage in right zone or use ZRS disk for nodepools spanning multiple zones", "waf": "Performance" }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "a85b86ad-884f-48e3-9273-4b875ba18f10", + "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/system-message#define-additional-safety-and-behavioral-guardrails", + "service": "OpenAI", + "severity": "High", + "text": "Follow Metaprompting guardrails for resonsible AI", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "d4391898-cd28-48be-b6b1-7cb8245451e1", + "link": "https://github.com/Azure-Samples/AI-Gateway", + "service": "OpenAI", + "severity": "High", + "text": "Consider Gateway patterns with APIM or solutions like AI central for better rate limiting, load balancing, authentication and logging", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "aed3453a-ec72-4392-97a1-52d6cc5e4029", + "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/azure-openai-insights-monitoring-ai-with-confidence/ba-p/4026850", + "service": "OpenAI", + "severity": "High", + "text": "Enable monitoring for your AOAI instances", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "graph": "resources | where type == 'microsoft.insights/metricalerts' | extend compliant = (properties.targetResourceType =~ 'Microsoft.CognitiveServices/accounts') | project id, compliant", + "guid": "697cb391-ed16-4b2d-886f-0a0241addde6", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring#set-up-alerts", + "service": "OpenAI", + "severity": "High", + "text": "Create alerts to notify teams of events such as an entry in the activity log created by an action performed on the resource, such as regenerating its subscription keys or a metric threshold such as the number of errors exceeding 10 in an hour", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "8a477cde-b486-41bc-9bc1-0ae66e25d4d5", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring", + "service": "OpenAI", + "severity": "High", + "text": "Monitor token usage to prevent service disruptions due to capacity", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "a3aec2c4-e243-46b0-936c-b45e17960eee", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring", + "service": "OpenAI", + "severity": "Medium", + "text": "observe metrics like processed inference tokens, generated completion tokens monitor for rate limit", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "fbdf4cc2-eec4-4d76-8c31-d25ffbb46a39", + "link": "https://techcommunity.microsoft.com/t5/apps-on-azure-blog/build-an-enterprise-ready-azure-openai-solution-with-azure-api/ba-p/3907562", + "service": "OpenAI", + "severity": "Low", + "text": "Enable and configure Diagnostics for the Azure OpenAI Service. If not sufficient, consider using a gateway such as Azure API Managements in front of Azure OpenAI to log both incoming prompts and outgoing responses, where permitted", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "3af30ed3-2947-498b-8178-a2c5a46ceb54", + "link": "https://github.com/Azure-Samples/openai-enterprise-iac", + "service": "OpenAI", + "severity": "High", + "text": "Use Infrastructure as code to deploy the Azure OpenAI Service, model deployments, and all related resources", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "4350d092-d234-4292-a752-8537a551c5bf", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity", + "service": "OpenAI", + "severity": "High", + "text": "Use Microsoft Entra Authentication with Managed Identity instead of API Key", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "4e4f1854-287d-45cd-a126-cc031af5b1fc", + "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-bulk-test-evaluate-flow?view=azureml-api-2", + "service": "OpenAI", + "severity": "High", + "text": "Evaluate the performance/accuracy of the system with a known golden dataset which has the inputs and the correct answers. Leverage capabilities in PromptFlow for Evaluation.", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "68889535-e327-4897-b31b-67d67be5962a", + "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---performance-efficiency", + "service": "OpenAI", + "severity": "High", + "text": "Evaluate usage of Provisioned throughput model ", + "waf": "Performance" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "cd288bed-6b17-4cb8-8454-51e1aed3453a", + "link": "https://learn.microsoft.com/azure/ai-services/content-safety/overview", + "service": "OpenAI", + "severity": "High", + "text": "Review and implement Azure AI content safety", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "1193846d-697c-4b39-8ed1-6b2d186f0a02", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#system-level-throughput", + "service": "OpenAI", + "severity": "High", + "text": "Define and evaluate the throughput of the system based on tokens & response per minute and align with requirements", + "waf": "Performance" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "41addde6-8a47-47cd-bb48-61bc3bc10ae6", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#improve-performance", + "service": "OpenAI", + "severity": "Medium", + "text": "Improve latency of the system by limiting token sizes, streaming options for applications like chatbots or conversational interfaces. Streaming can enhance the perceived performance of Azure OpenAI applications by delivering responses to users in an incremental manner", + "waf": "Performance" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "6e25d4d5-a3ae-4c2c-9e24-36b0336cb45e", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching", + "service": "OpenAI", + "severity": "Medium", + "text": "Estimate elasticity demands to determine synchronous and batch request segregation based on priority. For high priority, use synchronous approach and for low priority, asynchronous batch processing with queue is preferred", + "waf": "Performance" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "5bda4332-4f24-4811-9331-82ba51752694", + "link": "https://github.com/Azure/azure-openai-benchmark/", + "service": "OpenAI", + "severity": "High", + "text": "Benchmark token consumption requirements based on estimated demands from consumers. Consider using the Azure OpenAI benchmarking tool to help you validate the throughput if you are using Provisioned Throughput Unit deployments", + "waf": "Performance" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "4008ae7d-7e47-4432-96d8-bdcf55bce619", + "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268", + "service": "OpenAI", + "severity": "Medium", + "text": "If you are using Provisioned Throughput Units (PTUs), consider deploying a token-per-minute (TPM) deployment for overflow requests. Use a gateway to route requests to the TPM deployment when the PTU limits are reached.", + "waf": "Performance" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "e8a13f98-8794-424d-9267-86d60b96c97b", + "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/models", + "service": "OpenAI", + "severity": "High", + "text": "Choose the right model for the right task. Pick models with right tradeoff between speed, quality of response and output complexity", + "waf": "Performance" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "e9951904-8384-45c9-a6cb-2912156a1147", + "link": "https://github.com/Azure/azure-openai-benchmark/", + "service": "OpenAI", + "severity": "Medium", + "text": "Have a baseline for performance without fine-tuning for knowing whether or not fine-tuning has improved model performance", + "waf": "Performance" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "5e39f541-accc-4d97-a376-bcdb3750ab2a", + "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability", + "service": "OpenAI", + "severity": "Low", + "text": "Deploy multiple OAI instances across regions", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "b039da6d-55d7-4c89-8adb-107d5325af62", + "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability", + "service": "OpenAI", + "severity": "High", + "text": "Implement retry & healthchecks with Gateway pattern like APIM", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "5ca44e46-85e2-4223-ace8-bb12308ca5f1", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#introduction-to-quota", + "service": "OpenAI", + "severity": "Medium", + "text": "Ensure having adequate quotas of TPM & RPM for the workload", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "ec723923-7a15-42d6-ac5e-402925387e5c", + "link": "https://www.microsoft.com/research/project/guidelines-for-human-ai-interaction/", + "service": "OpenAI", + "severity": "Medium", + "text": "Review the considerations in HAI toolkit guidance and apply those interaction practices for the slution", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "7f154e3a-a369-4282-ae7e-316183687a04", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/business-continuity-disaster-recovery", + "service": "OpenAI", + "severity": "Medium", + "text": "Deploy separate fine tuned models across regions if finetuning is employed", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "77a1f893-5bda-4433-84f2-4811633182ba", + "link": "https://learn.microsoft.com/azure/backup/backup-overview", + "service": "OpenAI", + "severity": "Medium", + "text": "Regularly backup and replicate critical data to ensure data availability and recoverability in case of data loss or system failures. Leverage Azure's backup and disaster recovery services to protect your data.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "graph": "resources | where type == 'microsoft.search/searchservices' | extend compliant = (sku.name != 'free' and properties.replicaCount >= 3) | project id, compliant", + "guid": "95b96ad8-844c-4e3b-8b38-b876ba2cf204", + "link": "https://learn.microsoft.com/azure/search/search-reliability", + "service": "OpenAI", + "severity": "High", + "text": "Azure AI search service tiers should be choosen to have a SLA ", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "99013a5d-3ce4-474d-acbd-8682a6abca2a", + "link": "https://learn.microsoft.com/purview/purview", + "service": "OpenAI", + "severity": "Low", + "text": "Classify data and sensitivity, labeling with Microsoft Purview before generating the embeddings and make sure to treat the embeddings generated with same sensitivity and classification", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "4fda1dbf-3dd9-45d4-ac7c-891dca1f6d56", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/use-your-data-securely", + "service": "OpenAI", + "severity": "High", + "text": "Encrypt data used for RAG with SSE/Disk encryption with optional BYOK", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "59ae558b-937d-4498-9e11-12dbd7ba012f", + "link": "https://learn.microsoft.com/azure/search/search-security-overview", + "service": "OpenAI", + "severity": "High", + "text": "Ensure TLS is enforced for data in transit across data sources, AI search used for Retrieval-Augmented Generation (RAG) and LLM communication", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "7b94ef6e-047d-42ea-8992-b1cd6e2054b2", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control", + "service": "OpenAI", + "severity": "High", + "text": "Use RBAC to manage access to Azure OpenAI services. Assign appropriate permissions to users and restrict access based on their roles and responsibilities", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "9769e4a6-91e8-4838-ac93-6667e13c0056", + "link": "https://learn.microsoft.com/azure/security/fundamentals/data-encryption-best-practices", + "service": "OpenAI", + "severity": "Medium", + "text": "Implement data encryption, masking or redaction techniques to hide sensitive data or replace it with obfuscated values in non-production environments or when sharing data for testing or troubleshooting purposes", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "74b1e945-b459-4837-be7a-d6c6d3b375a5", + "link": "https://learn.microsoft.com/azure/defender-for-cloud/ai-onboarding", + "service": "OpenAI", + "severity": "High", + "text": "Utilize Azure Defender to detect and respond to security threats and set up monitoring and alerting mechanisms to identify suspicious activities or breaches. Leverage Azure Sentinel for advanced threat detection and response", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "c7acbe48-abe5-44cd-99f2-e87768468c55", + "link": "https://techcommunity.microsoft.com/t5/azure-storage-blog/managing-long-term-log-retention-or-any-business-data/ba-p/2494791", + "service": "OpenAI", + "severity": "Medium", + "text": "Establish data retention and disposal policies to adhere to compliance regulations. Implement secure deletion methods for data that is no longer required and maintain an audit trail of data retention and disposal activities", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "a9c27d9c-42bb-46bd-8c69-99a246f3389a", + "link": "https://learn.microsoft.com/azure/ai-services/content-safety/concepts/jailbreak-detection", + "service": "OpenAI", + "severity": "High", + "text": "Implement Prompt shields and groundedness detection using Content Safety ", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "a775c6ee-95b9-46ad-a844-ce3b2b38b876", + "link": "https://learn.microsoft.com/azure/compliance/", + "service": "OpenAI", + "severity": "High", + "text": "Ensure compliance with relevant data protection regulations, such as GDPR or HIPAA, by implementing privacy controls and obtaining necessary consents or permissions for data processing activities.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "ba2cf204-9901-43a5-b3ce-474dccbd8682", + "service": "OpenAI", + "severity": "Medium", + "text": "Educate your employees about data security best practices, the importance of handling data securely, and potential risks associated with data breaches. Encourage them to follow data security protocols diligently.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "eae01e6e-842e-452f-9721-d928c1b1cd52", + "service": "OpenAI", + "severity": "High", + "text": "Keep production data separate from development and testing data. Only use real sensitive data in production and utilize anonymized or synthetic data in development and test environments.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "1e54a29a-9de3-499c-bd7b-28dc93555620", + "service": "OpenAI", + "severity": "Medium", + "text": "If you have varying levels of data sensitivity, consider creating separate indexes for each level. For instance, you could have one index for general data and another for sensitive data, each governed by different access protocols", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "2bfe4564-b0d8-434a-948b-263e6dd60512", + "service": "OpenAI", + "severity": "Medium", + "text": "Take segregation a step further by placing sensitive datasets in different instances of the service. Each instance can be controlled with its own specific set of RBAC policies", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "a36498f6-dbad-438e-ad53-cc7ce1d7aaab", + "service": "OpenAI", + "severity": "High", + "text": "Recognize that embeddings and vectors generated from sensitive information are themselves sensitive. This data should be afforded the same protective measures as the source material", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "3571449a-b805-43d8-af89-dc7b33be2a1a", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control", + "service": "OpenAI", + "severity": "High", + "text": "Apply RBAC to th data stores having embeddings and vectors and scope access based on role's access requirements", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "graph": "resources | where type =~ 'Microsoft.CognitiveServices/accounts' or type == 'microsoft.search/searchservices' | project id, compliant = (properties.privateEndpointConnections != '[]' and properties.publicNetworkAccess !~ 'enabled')", + "guid": "27f7b9e9-1be1-4f38-aef3-9812bd463cbb", + "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/azure-openai-private-endpoints-connecting-across-vnet-s/ba-p/3913325", + "service": "OpenAI", + "severity": "High", + "text": "Configure private endpoint for AI services to restrict service access within your network", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "ac8ac199-ebb9-41a3-9d90-cae2cc881370", + "service": "OpenAI", + "severity": "High", + "text": "Enforce strict inbound and outbound traffic control with Azure Firewall and UDRs and limit the external integration points", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "6f7c0cba-fe51-4464-add4-57e927138b82", + "service": "OpenAI", + "severity": "High", + "text": "Implement network segmentation and access controls to restrict access to the LLM application only to authorized users and systems and prevent lateral movement", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "7f42c78e-78cb-46a2-8ad1-90916e6a8d8f", + "link": "https://www.microsoft.com/research/blog/llmlingua-innovating-llm-efficiency-with-prompt-compression/", + "service": "OpenAI", + "severity": "Medium", + "text": "Use prompt compression tools like LLMLingua or gprtrim", + "waf": "Cost Optimization" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "graph": "resources | where type =~ 'Microsoft.CognitiveServices/accounts' or type == 'microsoft.search/searchservices' | project id, compliant = (isnotnull(identity))", + "guid": "1102cac6-eae0-41e6-b842-e52f4721d928", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity", + "service": "OpenAI", + "severity": "High", + "text": "Ensure that APIs and endpoints used by the LLM application are properly secured with authentication and authorization mechanisms, such as Managed identities, API keys or OAuth, to prevent unauthorized access.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "c1b1cd52-1e54-4a29-a9de-399cfd7b28dc", + "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/security-best-practices-for-genai-applications-openai-in-azure/ba-p/4027885", + "service": "OpenAI", + "severity": "Medium", + "text": "Enforce strong end user authentication mechanisms, such as multi-factor authentication, to prevent unauthorized access to the LLM application and associated network resources", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "93555620-2bfe-4456-9b0d-834a348b263e", + "service": "OpenAI", + "severity": "Medium", + "text": "Implement network monitoring tools to detect and analyze network traffic for any suspicious or malicious activities. Enable logging to capture network events and facilitate forensic analysis in case of security incidents", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "6dd60512-a364-498f-9dba-d38ead53cc7c", + "service": "OpenAI", + "severity": "Medium", + "text": "Conduct security audits and penetration testing to identify and address any network security weaknesses or vulnerabilities in the LLM application's network infrastructure", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "graph": "resources | where type == 'microsoft.cognitiveservices/accounts' or type == 'microsoft.search/searchservices' | project id, compliant = (tags != '{}')", + "guid": "e1d7aaab-3571-4449-ab80-53d89f89dc7b", + "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/tag-resources?tabs=json", + "service": "OpenAI", + "severity": "Low", + "text": "Azure AI Services are properly tagged for better management", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "77036e5e-6b4b-4ed3-b503-547c1347dc56", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations", + "service": "OpenAI", + "severity": "Low", + "text": "Azure AI Service accounts follows organizational naming conventions", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "028a71ff-e1ce-415d-b3f0-d5e772d41e36", + "link": "https://learn.microsoft.com/azure/ai-services/diagnostic-logging", + "service": "OpenAI", + "severity": "High", + "text": "Diagnostic logs in Azure AI services resources should be enabled", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "graph": "resources | where type =~ 'Microsoft.CognitiveServices/accounts' or type == 'microsoft.search/searchservices' | project id, compliant = (properties.disableLocalAuth == true)", + "guid": "11cc57b4-a4b1-4410-b439-58a8c2289b3d", + "link": "https://learn.microsoft.com/azure/ai-services/authentication", + "service": "OpenAI", + "severity": "High", + "text": "Key access (local authentication) is recommended to be disabled for security. After disabling key based access, Microsoft Entra ID becomes the only access method, which allows maintaining minimum privilege principle and granular control. ", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "6b57cfc6-5546-41e1-a3e3-453a3c863964", + "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", + "service": "OpenAI", + "severity": "High", + "text": "Store and manage keys securely using Azure Key Vault. Avoid hard-coding or embedding sensitive keys within your LLM application's code and retrieve them securely from Azure Key Vault using managed identities", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "8b652d6c-15f5-4129-9539-8e6ded227dd1", + "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", + "service": "OpenAI", + "severity": "High", + "text": "Regularly rotate and expire keys stored in Azure Key Vault to minimize the risk of unauthorized access.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "adfe27be-e297-401a-a352-baaab79b088d", + "link": "https://github.com/openai/tiktoken", + "service": "OpenAI", + "severity": "High", + "text": "Use tiktoken to understand token sizes for token optimizations in conversational mode", + "waf": "Cost Optimization" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "42b06c21-d799-49a6-96f4-389a7f42c78e", + "link": "https://learn.microsoft.com/azure/security/develop/secure-dev-overview", + "service": "OpenAI", + "severity": "High", + "text": "Follow secure coding practices to prevent common vulnerabilities such as injection attacks, cross-site scripting (XSS), or security misconfigurations", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "78c06a73-a22a-4495-9e6a-8dc4a20e27c3", + "link": "https://learn.microsoft.com/azure/devops/repos/security/github-advanced-security-dependency-scanning?view=azure-devops", + "service": "OpenAI", + "severity": "High", + "text": "Setup a process to regularly update and patch the LLM libraries and other system components", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "e29711b1-352b-4eee-879b-588defc4972c", + "link": "https://learn.microsoft.com/legal/cognitive-services/openai/code-of-conduct", + "service": "OpenAI", + "severity": "High", + "text": "Adhere to Azure OpenAI or other LLMs terms of use, policies and guidance and allowed use cases", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "d3cd21bf-7703-46e5-b6b4-bed3d503547c", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs#base-series-and-codex-series-fine-tuned-models", + "service": "OpenAI", + "severity": "Medium", + "text": "Understand difference in cost of base models and fine tuned models and token step sizes", + "waf": "Cost Optimization" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "1347dc56-028a-471f-be1c-e15dd3f0d5e7", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching", + "service": "OpenAI", + "severity": "High", + "text": "Batch requests, where possible, to minimize the per-call overhead which can reduce overall costs. Ensure you optimize batch size", + "waf": "Cost Optimization" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "72d41e36-11cc-457b-9a4b-1410d43958a8", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs", + "service": "OpenAI", + "severity": "Medium", + "text": "Set up a cost tracking system that monitors model usage and use that information to help inform model choices and prompt sizes", + "waf": "Cost Optimization" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "166cd072-af9b-4141-a898-a535e737897e", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#understanding-rate-limits", + "service": "OpenAI", + "severity": "Medium", + "text": "Set a maximum limit on the number of tokens per model response (max_tokens and the number of completions to generate). Optimize the size to ensure it is large enough for a valid response", + "waf": "Cost Optimization" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "3266b225-86f4-4a16-92bd-ddea8a487cde", + "link": "https://learn.microsoft.com/azure/search/vector-search-index-size?tabs=portal-vector-quota", + "service": "OpenAI", + "severity": "Medium", + "text": "Plan and manage AI Search Vector storage", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "b4861bc3-bc14-4aeb-9e66-e8d9a3aec218", + "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-end-to-end-llmops-with-prompt-flow?view=azureml-api-2", + "service": "OpenAI", + "severity": "Medium", + "text": "Ensure deployment of Azure OpenAI instances across your various environments, such as development, test, and production supporting lrarning & experimentation. Apply LLMOps practices to automate the lifecycle management of your GenAI applications", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "aa80932c-8ec9-4d1b-a770-26e5e6beba9e", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/provisioned-throughput-onboarding#understanding-the-provisioned-throughput-purchase-model", + "service": "OpenAI", + "severity": "High", + "text": "Evaluate usage of billing models - PAYG vs PTU. Start with PAYG and consider PTU when the usage is predictable in production since it offers dedicated memory and compute, reserved capacity, and consistent maximum latency for the specified model version", + "waf": "Cost Optimization" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "e6436b07-36db-455f-9796-03334bdf9cc2", + "link": "https://techcommunity.microsoft.com/t5/ai-azure-ai-services-blog/how-to-control-azure-openai-models/ba-p/4146793", + "service": "OpenAI", + "severity": "Medium", + "text": "Evaluate the quality of prompts and applications when switching between model versions", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "3418db61-2712-4650-9bb4-7a393a080327", + "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/concept-model-monitoring-generative-ai-evaluation-metrics?view=azureml-api-2", + "service": "OpenAI", + "severity": "Medium", + "text": "Evaluate, monitor and refine your GenAI apps for features like groundedness, relevance, accuracy, coherence and fluency", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "294798b1-578b-4219-a46c-eb5443513592", + "service": "OpenAI", + "severity": "Medium", + "text": "Evaluate your Azure AI Search results based on different search parameters", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "2744293b-b628-4537-a551-19b08e8f5854", + "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/fine-tuning-considerations", + "service": "OpenAI", + "severity": "Medium", + "text": "Look at fine tuning models as way of increasing accuracy only when you have tried other basic approaches like prompt engineering and RAG with your data", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "287d9cec-166c-4d07-8af9-b141a898a535", + "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/advanced-prompt-engineering?pivots=programming-language-chat-completions", + "service": "OpenAI", + "severity": "Medium", + "text": "Use prompt engineering techniques to improve the accuracy of LLM responses", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "e737897e-71ca-47da-acfa-962a1594946d", + "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/red-teaming", + "service": "OpenAI", + "severity": "Medium", + "text": "Red team your GenAI applications", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "edb117e6-76aa-4f66-aca4-8e5a95f2223e", + "link": "https://www.microsoft.com/haxtoolkit/guideline/encourage-granular-feedback/", + "service": "OpenAI", + "severity": "Medium", + "text": "Provide end users with scoring options for LLM responses and track these scores. ", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "d5f3547c-c346-4d81-9028-a71ffe1b9b5d", + "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268", + "service": "OpenAI", + "severity": "High", + "text": "Consider Quota management practices. Use dynamic quota for certain use cases when your application can use extra capacity opportunistically or the application itself is driving the rate at which the Azure OpenAI API is called", + "waf": "Cost Optimization" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc410", + "link": "https://github.com/Azure/aoai-apim/blob/main/README.md", + "service": "OpenAI", + "severity": "Medium", + "text": "Use Load balancer solutions like APIM based gateway for balancing load and capacity across services and regions", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc411", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/fine-tuning?tabs=turbo%2Cpython-new&pivots=programming-language-studio#import-training-data-from-azure-blob-store", + "service": "OpenAI", + "severity": "Medium", + "text": "Follow the guidance for fine-tuning with large data files and import the data from an Azure blob store. Large files, 100 MB or larger, can become unstable when uploaded through multipart forms because the requests are atomic and can't be retried or resumed", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc412", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest", + "service": "OpenAI", + "severity": "Medium", + "text": "Manage rate limits for your model deployments and monitor usage of tokens per minute (TPM) and requests per minute (RPM) for pay-as-you-go deployments", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc413", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitor-openai", + "service": "OpenAI", + "severity": "Medium", + "text": "Monitor provision-managed utilization if you're using the provisioned throughput payment model", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc414", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/content-filters", + "service": "OpenAI", + "severity": "Medium", + "text": "Tune content filters to minimize false positives from overly aggressive filters", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc415", + "link": "https://learn.microsoft.com/azure/ai-services/openai/encrypt-data-at-rest", + "service": "OpenAI", + "severity": "Medium", + "text": "Use customer-managed keys for fine-tuned models and training data that's uploaded to Azure OpenAI", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "graph": "resources | where type == 'microsoft.cognitiveservices/accounts' and kind =~ 'contentsafety' | project id, compliant = 1", + "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc416", + "link": "https://learn.microsoft.com/azure/ai-services/content-safety/concepts/jailbreak-detection", + "service": "OpenAI", + "severity": "Medium", + "text": "Implement jailbreak risk detection to safeguard your language model deployments against prompt injection attacks", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc417", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitor-openai", + "service": "OpenAI", + "severity": "Medium", + "text": "Use security controls like throttling, service isolation and gateway pattern to prevent attacks that might exhaust model usage quotas", + "waf": "Security" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "72d41e36-11cc-457b-9a4b-1410d43958a9", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs", + "service": "OpenAI", + "severity": "Medium", + "text": "Develop your cost model, considering prompt sizes. Understanding prompt input and response sizes and how text translates into tokens helps you create a viable cost model", + "waf": "Cost Optimization" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "72d41e36-11cc-457b-9a4b-1410d43958a1", + "link": "https://azure.microsoft.com/pricing/details/cognitive-services/openai-service/", + "service": "OpenAI", + "severity": "Medium", + "text": "Consider model pricing and capabilities when you choose models. Start with less-costly models for less-complex tasks like text generation or completion tasks and for complex tasks like language translation or content understanding, consider using more advanced models. Optimize costs while still achieving the desired application performance", + "waf": "Cost Optimization" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "72d41e36-11cc-457b-9a4b-1410d43958a2", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs", + "service": "OpenAI", + "severity": "Medium", + "text": "Maximize Azure OpenAI price breakpoints like fine-tuning and model breakpoints like image generation to your advantage. Fine-tuning is charged per hour, use as much time as you have available per hour to improve results without slipping into the next billing period. The cost for generating 100 images is the same as the cost for 1 image", + "waf": "Cost Optimization" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "72d41e36-11cc-457b-9a4b-1410d43958a3", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs", + "service": "OpenAI", + "severity": "Medium", + "text": "Remove unused fine-tuned models when they're no longer being consumed to avoid incurring an ongoing hosting fee", + "waf": "Cost Optimization" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "7f42c78e-78cb-46a2-8ad1-90916e6a8d8g", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs", + "service": "OpenAI", + "severity": "Medium", + "text": "Create concise prompts that provide enough context for the model to generate a useful response. Also ensure that you optimize the limit of the response length.", + "waf": "Cost Optimization" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "b4861bc3-bc14-4aeb-9e66-e8d9a3aec219", + "link": "https://learn.microsoft.com/azure/ai-services/create-account-bicep", + "service": "OpenAI", + "severity": "Medium", + "text": "Use infrastructure as code (IaC) to deploy Azure OpenAI, model deployments, and other infrastructure required for fine-tuning models", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Azure OpenAI Review", + "guid": "2744293b-b628-4537-a551-19b08e8f5855", + "link": "https://learn.microsoft.com/azure/architecture/guide/multitenant/service/openai", + "service": "OpenAI", + "severity": "Medium", + "text": "Consider using dedicated model deployments per consumer group to provide per-model usage isolation that can help prevent noisy neighbors between your consumer groups", + "waf": "Operational Excellence" + }, + { + "arm-service": "Microsoft.Kusto/clusters", + "checklist": "Azure Data Explorer Review Checklist", + "description": "Using the correct approach to feed a datalake with cold data and having the Kusto query engine at your disposal at the same time, as in the short-term storage", + "guid": "ba7da7be-9951-4914-a384-5d997cb39132", + "link": "https://learn.microsoft.com/azure/data-explorer/kusto/management/data-export/continuous-data-export", + "service": "Azure Data Explorer", + "text": "Leverage External Tables and Continuous data export overview to reduce costs", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Kusto/clusters", + "checklist": "Azure Data Explorer Review Checklist", + "description": "Azure Data Explorer provides an optional follower capability for a leader cluster to be followed by other follower clusters for read-only access to the leader's data and metadata. Changes in the leader, such as create, append, and drop are automatically synchronized to the follower. While the leaders could span Azure regions, the follower clusters should be hosted in the same region(s) as the leader. If the leader cluster is down or databases or tables are accidentally dropped, the follower clusters will lose access until access is recovered in the leader.", + "guid": "56a22586-f490-4641-addd-ea8a377cdeb3", + "link": "https://learn.microsoft.com/azure/data-explorer/follower?tabs=csharp", + "service": "Azure Data Explorer", + "text": "To share data, explore Leader-follower cluster configuration", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Kusto/clusters", + "checklist": "Azure Data Explorer Review Checklist", + "description": "Azure Data Explorer doesn't support automatic protection against the outage of an entire Azure region. This disruption can happen during a natural disaster, like an earthquake. If you require a solution for a disaster recovery situation, do the following steps to ensure business continuity. In these steps, you'll replicate your clusters, management, and data ingestion in two Azure paired regions.", + "guid": "861bb2bc-14ae-4a6e-95d8-d9a3adc218e6", + "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-create-solution#create-multiple-independent-clusters", + "service": "Azure Data Explorer", + "text": "To protect against regional failure, create Multiple independent clusters, preferably in two Azure Paired regions", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Kusto/clusters", + "checklist": "Azure Data Explorer Review Checklist", + "guid": "436b0635-cb45-4e57-a603-324ace8cc123", + "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-create-solution#replicate-management-activities", + "service": "Azure Data Explorer", + "text": "Replicate all management activities such as creating new tables or managing user roles on each cluster.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Kusto/clusters", + "checklist": "Azure Data Explorer Review Checklist", + "guid": "18ca6017-0265-4f4b-a46a-393af7f31728", + "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-create-solution", + "service": "Azure Data Explorer", + "text": "Ingest data into each cluster in parallel", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Kusto/clusters", + "checklist": "Azure Data Explorer Review Checklist", + "description": "This configuration is also called 'always-on'. For critical application deployments with no tolerance for outages, you should use multiple Azure Data Explorer clusters across Azure paired regions.", + "guid": "58a9c279-9c42-4bb6-9d0c-65556246b338", + "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-overview#active-active-active-configuration", + "service": "Azure Data Explorer", + "text": "For critical application with no tolerance for outages, create Active-Active-Active (always-on) configuration", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Kusto/clusters", + "checklist": "Azure Data Explorer Review Checklist", + "description": "This configuration is identical to the active-active-active configuration, but only involves two Azure paired regions. Configure dual ingestion, processing, and curation. Users are routed to the nearest region. The cluster SKU must be the same across regions.", + "guid": "563a4dc7-4a74-48b6-922a-d190916a6649", + "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-overview#active-active-configuration", + "service": "Azure Data Explorer", + "text": "For critical applications, create Active-Active configuration in two paired regions", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Kusto/clusters", + "checklist": "Azure Data Explorer Review Checklist", + "description": "The Active-Hot configuration is similar to the Active-Active configuration in dual ingest, processing, and curation. While the standby cluster is online for ingestion, process, and curation, it isn't available to query. The standby cluster doesn't need to be in the same SKU as the primary cluster. It can be of a smaller SKU and scale, which may result in it being less performant. In a disaster scenario, users are redirected to the standby cluster, which can optionally be scaled up to increase performance.", + "guid": "8fadfe27-7de2-483b-8ac3-52baa9b75708", + "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-overview#active-hot-standby-configuration", + "service": "Azure Data Explorer", + "text": "For applications, which required only read during failure, create Active-Hot standby configuration", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Kusto/clusters", + "checklist": "Azure Data Explorer Review Checklist", + "description": "This solution offers the least resiliency (highest RPO and RTO), is the lowest in cost and highest in effort. In this configuration, there's no data recovery cluster. Configure continuous export of curated data (unless raw and intermediate data is also required) to a storage account that is configured GRS (Geo Redundant Storage). A data recovery cluster is spun up if there is a disaster recovery scenario. At that time, DDLs, configuration, policies, and processes are applied. Data is ingested from storage with the ingestion property kustoCreationTime to over-ride the ingestion time that defaults to system time.", + "guid": "49aa8092-dc8e-4b9d-8bb7-3b26a5a67eba", + "link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-overview#on-demand-data-recovery-configuration", + "service": "Azure Data Explorer", + "text": "For applications, where cost is a concern and can withstand some downtime during failure, create on-demand data recovery cluster configuration", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Kusto/clusters", + "checklist": "Azure Data Explorer Review Checklist", + "description": "All database objects, policies, and configurations should be persisted in source control so they can be released to the cluster from your release automation tool.", + "guid": "5a907e1e-348e-4f25-9c27-d32e8bbac757", + "link": "https://learn.microsoft.com/azure/data-explorer/devops", + "service": "Azure Data Explorer", + "text": "Wrap DevOps and source control around all your code", + "training": "https://learn.microsoft.com/learn/paths/secure-your-cloud-data/", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Kusto/clusters", + "checklist": "Azure Data Explorer Review Checklist", + "guid": "1559ab91-53e8-4908-ae28-b84c33b6b780", + "link": "https://learn.microsoft.com/azure/data-explorer/devops", + "service": "Azure Data Explorer", + "text": "Design, develop, and implement validation routines to ensure all clusters are in-sync from a data perspective.", + "training": "https://learn.microsoft.com/learn/modules/azure-active-directory/", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Kusto/clusters", + "checklist": "Azure Data Explorer Review Checklist", + "guid": "8b9fe5c4-1049-4d40-9a82-2c3474d00f18", + "link": "https://learn.microsoft.com/azure/data-explorer/devops", + "service": "Azure Data Explorer", + "text": "Be fully cognizant of what it takes to build a cluster from scratch. Leverage Infrastructure as a Code for your deployments", + "training": "https://learn.microsoft.com/learn/modules/implement-hybrid-identity-windows-server/", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Azure Data Factory Review Checklist", + "guid": "ab91932c-9fc9-4d1b-a881-37f5e6c0cb9e", + "link": "https://github.com/Azure/fta-resiliencyplaybooks/blob/main/paas-foundations-playbooks-ADF_v1.docx", + "service": "Azure Data Factory", + "severity": "Medium", + "text": "Leverage FTA Resiliency Playbook for Azure Data Factory", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Azure Data Factory Review Checklist", + "guid": "e503547c-d447-4e82-9138-a7200f1cac6d", + "link": "https://learn.microsoft.com/azure/architecture/example-scenario/analytics/pipelines-disaster-recovery", + "service": "Azure Data Factory", + "severity": "High", + "text": "Use zone redundant pipelines in regions that support Availability Zones", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Azure Data Factory Review Checklist", + "guid": "9ef1d6e8-32e5-42e3-911c-818b1a0bc511", + "link": "https://learn.microsoft.com/azure/data-factory/source-control", + "service": "Azure Data Factory", + "severity": "Medium", + "text": "Use DevOps to Backup the ARM templates with Github/Azure DevOps integration ", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Azure Data Factory Review Checklist", + "guid": "e43a18a9-cd29-49cf-b7b1-7db8255562f2", + "link": "https://learn.microsoft.com/azure/architecture/example-scenario/analytics/pipelines-disaster-recovery", + "service": "Azure Data Factory", + "severity": "Medium", + "text": "Make sure you replicate the Self-Hosted Integration Runtime VMs in another region ", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Azure Data Factory Review Checklist", + "guid": "aee4563a-fd83-4393-98b2-62d6dc5f512a", + "link": "https://learn.microsoft.com/azure/architecture/example-scenario/analytics/pipelines-disaster-recovery", + "service": "Azure Data Factory", + "severity": "Medium", + "text": "Make sure you replicate or duplicate your network in the sister region. You have to make a copy of your Vnet in another region", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Azure Data Factory Review Checklist", + "description": "If your ADF Pipelines use Key Vault you don't have to do anything to replicate Key Vault. Key Vault is a managed service and Microsoft takes care of it for you", + "guid": "25498f6d-bad3-47da-a43b-c6ce1d7aa9b2", + "link": "https://learn.microsoft.com/azure/key-vault/general/disaster-recovery-guidance", + "service": "Azure Data Factory", + "severity": "Low", + "text": "If using Keyvault integration, use SLA of Keyvault to understand your availablity", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.cache/redis", + "checklist": "Redis Resiliency checklist", + "guid": "65285269-440b-44be-9d3e-0844276d4bdc", + "link": "https://learn.microsoft.com/azure/azure-cache-for-redis/cache-how-to-zone-redundancy", + "service": "Redis", + "severity": "High", + "text": "Enable zone redundancy for Azure Cache for Redis. Azure Cache for Redis supports zone redundant configurations in the Premium and Enterprise tiers. A zone redundant cache can place its nodes across different Azure Availability Zones in the same region. It eliminates data center or AZ outage as a single point of failure and increases the overall availability of your cache.", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.cache/redis", + "checklist": "Redis Resiliency checklist", + "guid": "bc178bdc-5a06-4ca7-8443-51e19dd34429", + "link": "https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-high-availability#persistence", + "service": "Redis", + "severity": "Medium", + "text": "Configure data persistence for an Azure Cache for Redis instance. Because your cache data is stored in memory, a rare and unplanned failure of multiple nodes can cause all the data to be dropped. To avoid losing data completely, Redis persistence allows you to take periodic snapshots of in-memory data, and store it to your storage account.", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.cache/redis", + "checklist": "Redis Resiliency checklist", + "guid": "eb722823-7a15-41c5-ab4e-4f1814387e5c", + "link": "https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-high-availability#storage-account-for-persistence", + "service": "Redis", + "severity": "Medium", + "text": "Use Geo-redundant storage account to persist Azure Cache for Redis data, or zonally redundant where geo-redundancy is not available", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.cache/redis", + "checklist": "Redis Resiliency checklist", + "guid": "a8c26c9b-32ab-45bd-bc69-98a135e33789", + "link": "https://learn.microsoft.com/azure/azure-cache-for-redis/cache-how-to-geo-replication", + "service": "Redis", + "severity": "Medium", + "text": "Configure passive geo-replication for Premium Azure Cache for Redis instances. Geo-replication is a mechanism for linking two or more Azure Cache for Redis instances, typically spanning two Azure regions. Geo-replication is designed mainly for cross-region disaster recovery. Two Premium tier cache instances are connected through geo-replication in a way that provides reads and writes to your primary cache, and that data is replicated to the secondary cache.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "32e42e36-11c8-418b-8a0b-c510e43a18a9", + "service": "AVS", + "severity": "High", + "text": "Ensure ADDS domain controller(s) are deployed in the identity subscription in native Azure", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "75089c20-990d-4927-b105-885576f76fc2", + "service": "AVS", + "severity": "Medium", + "text": "Ensure ADDS sites and services is configured to keep authentication requests from Azure-based resources (including Azure VMware Solution) local to Azure", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "de3aad1e-7c28-4ec9-9666-b7570449aa80", + "service": "AVS", + "severity": "High", + "text": "Ensure that vCenter is connected to ADDS to enable authentication based on 'named user accounts'", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "cd289ced-6b17-4db8-8554-61e2aee3553a", + "service": "AVS", + "severity": "Medium", + "text": "Ensure that the connection from vCenter to ADDS is using a secure protocol (LDAPS)", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "b9d37dac-43bc-46cd-8d79-a9b24604489a", + "service": "AVS", + "severity": "Medium", + "text": "CloudAdmin account in vCenter IdP is used only as an emergency account (break-glass)", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "53d88e89-d17b-473b-82a5-a67e7a9ed5b3", + "service": "AVS", + "severity": "High", + "text": "Ensure that NSX-Manager is integrated with an external Identity provider (LDAPS)", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "ae0e37ce-e297-411b-b352-caaab79b198d", + "service": "AVS", + "severity": "Medium", + "text": "Has an RBAC model been created for use within VMware vSphere", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "ab81932c-9fc9-4d1b-a780-36f5e6bfbb9e", + "service": "AVS", + "severity": "Medium", + "text": "RBAC permissions should be granted on ADDS groups and not on specific users", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "d503547c-c447-4e82-9128-a71f0f1cac6d", + "service": "AVS", + "severity": "High", + "text": "RBAC permissions on the Azure VMware Solution resource in Azure are 'locked down' to a limited set of owners only", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "fd9f0df4-68dc-4976-b9a9-e6a79f7682c5", + "service": "AVS", + "severity": "High", + "text": "Ensure all custom roles are scoped with CloudAdmin permitted authorizations", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "9ef1d5e8-32e4-42e3-911c-818b0a0bc510", + "link": "https://github.com/Azure/AzureCAT-AVS/tree/main/networking", + "service": "AVS", + "severity": "High", + "text": "Is the correct Azure VMware Solution connectivity model selected for the customer use case at hand", + "waf": "Performance" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "eb710a37-cbc1-4055-8dd5-a936a8bb7cf5", + "service": "AVS", + "severity": "High", + "text": "Ensure ExpressRoute or VPN connections from on-premises to Azure are monitored using 'connection monitor'", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "976e24f2-a7f8-426c-9253-2a92a2a7ed99", + "service": "AVS", + "severity": "Medium", + "text": "Ensure a connection monitor is created from an Azure native resource to an Azure VMware Solution virtual machine to monitor the Azure VMware Solution back-end ExpressRoute connection", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "f41ce6a0-64f3-4805-bc65-3ab50df01265", + "service": "AVS", + "severity": "Medium", + "text": "Ensure a connection monitor is created from an on-premises resource to an Azure VMware Solution virtual machine to monitor end-2-end connectivity", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "563b4dc7-4a74-48b6-933a-d1a0916a6649", + "service": "AVS", + "severity": "High", + "text": "When route server is used, ensure no more then 1000 routes are propagated from route server to ExR gateway to on-premises (ARS limit).", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "6128a71f-0f1c-4ac6-b9ef-1d5e832e42e3", + "service": "AVS", + "severity": "High", + "text": "Is Privileged Identity Management implemented for roles managing the Azure VMware Solution resource in the Azure Portal (no standing permissions allowed)", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "c4e2436b-b336-4d71-9f17-960eee0b9b5c", + "service": "AVS", + "severity": "High", + "text": "Privileged Identity Management audit reporting should be implemented for the Azure VMware Solution PIM roles", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "78c447a8-26b2-4863-af0f-1cac599ef1d5", + "service": "AVS", + "severity": "Medium", + "text": "If using Privileged Identity Management is being used, ensure that a valid Entra ID enabled account is created with a valid SMTP record for Azure VMware Solution Automatic Host replacement notifications. (standing permissions required)", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "8defc4d7-21d3-41d2-90fb-707ae9eab40e", + "service": "AVS", + "severity": "High", + "text": "Limit use of CloudAdmin account to emergency access only", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "d329f798-bc17-48bd-a5a0-6ca7144351d1", + "service": "AVS", + "severity": "Medium", + "text": "Create custom RBAC roles in vCenter to implement a least-privilege model inside vCenter", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "9dd24429-eb72-4281-97a1-51c5bb4e4f18", + "service": "AVS", + "severity": "Medium", + "text": "Is a process defined to regularly rotate cloudadmin (vCenter) and admin (NSX) credentials", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "586cb291-ec16-4a1d-876e-f9f141acdce5", + "service": "AVS", + "severity": "High", + "text": "Use a centralized identity provider to be used for workloads (VM's) running on Azure VMware Solution", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "79377bcd-b375-41ab-8ab0-ead66e15d3d4", + "service": "AVS", + "severity": "Medium", + "text": "Is East-West traffic filtering implemented within NSX-T", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "a2adb1c3-d232-46af-825c-a44e1695fddd", + "service": "AVS", + "severity": "High", + "text": "Workloads on Azure VMware Solution are not directly exposed to the internet. Traffic is filtered and inspected by Azure Application Gateway, Azure Firewall or 3rd party solutions", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "eace4cb1-deb4-4c65-8c3f-c14eeab36938", + "service": "AVS", + "severity": "High", + "text": "Auditing and logging is implemented for inbound internet requests to Azure VMware Solution and Azure VMware Solution based workloads", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "29e3eec2-1836-487a-8077-a2b5945bda43", + "service": "AVS", + "severity": "Medium", + "text": "Session monitoring is implemented for outbound internet connections from Azure VMware Solution or Azure VMware Solution based workloads to identify suspicious/malicious activity", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "graph": "resources| where type =~ 'Microsoft.Network/virtualNetworkGateways'| mv-expand ipConfigurations=properties.ipConfigurations| project subnetId=tostring(ipConfigurations.properties.subnet.id)| where isnotempty(subnetId)| join (resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,enableDdosProtection=tostring(properties.enableDdosProtection),subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,enableDdosProtection,subnetId=tostring(subnets.id)) on subnetId | distinct id,resourceGroup,name,enableDdosProtection | project id, compliant = (enableDdosProtection == 'true')", + "guid": "334fdf91-c234-4182-a652-75269440b4be", + "service": "AVS", + "severity": "Medium", + "text": "Is DDoS standard protection enabled on ExR/VPN Gateway subnet in Azure", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "3d3e0843-276d-44bd-a015-bcf219e4a1eb", + "service": "AVS", + "severity": "Medium", + "text": "Use a dedicated privileged access workstation (PAW) to manage Azure VMware Solution, vCenter, NSX manager and HCX manager", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "9ccbd869-266a-4cca-874f-aa19bf39d95d", + "service": "AVS", + "severity": "Medium", + "text": "Enable Advanced Threat Detection (Microsoft Defender for Cloud aka ASC) for workloads running on Azure VMware Solution", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "44c7c891-9ca1-4f6d-9315-ae524ba34d45", + "service": "AVS", + "severity": "Medium", + "text": "Use Azure ARC for Servers to properly govern workloads running on Azure VMware Solution using Azure native technologies (Azure ARC for Azure VMware Solution is not yet available)", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "85e12139-bd7b-4b01-8f7b-95ef6e043e2a", + "service": "AVS", + "severity": "Low", + "text": "Ensure workloads on Azure VMware Solution use sufficient data encryption during run-time (like in-guest disk encryption and SQL TDE). (vSAN encryption at rest is default)", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "a3592718-e6e2-4051-9267-6ae46691e883", + "service": "AVS", + "severity": "Low", + "text": "When in-guest encryption is used, store encryption keys in Azure Key vault when possible", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "5ac94222-3e13-4810-9230-81a941741583", + "service": "AVS", + "severity": "Medium", + "text": "Consider using extended security update support for workloads running on Azure VMware Solution (Azure VMware Solution is eligible for ESU)", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "3ef7ad7c-6d37-4331-95c7-acbe44bbe609", + "service": "AVS", + "severity": "High", + "text": "Ensure that the appropriate vSAN Data redundancy method is used (RAID specification)", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "d88408f3-7273-44c8-96ba-280214590146", + "service": "AVS", + "severity": "High", + "text": "Ensure that the Failure-to-tolerate policy is in place to meet your vSAN storage needs", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "d89f2e87-7784-424d-9167-85c6fa95b96a", + "service": "AVS", + "severity": "High", + "text": "Ensure that you have requested enough quota, ensuring you have considered growth and Disaster Recovery requirement", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "5d38e53f-9ccb-4d86-a266-acca274faa19", + "service": "AVS", + "severity": "Medium", + "text": "Ensure that access constraints to ESXi are understood, there are access limits which might affect 3rd party solutions.", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "bf39d95d-44c7-4c89-89ca-1f6d5315ae52", + "service": "AVS", + "severity": "Medium", + "text": "Ensure that you have a policy around ESXi host density and efficiency, keeping in mind the lead time for requesting new nodes", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "4ba34d45-85e1-4213-abd7-bb012f7b95ef", + "service": "AVS", + "severity": "Medium", + "text": "Ensure a good cost management process is in place for Azure VMware Solution - Azure Cost Management can be used", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "6e043e2a-a359-4271-ae6e-205172676ae4", + "service": "AVS", + "severity": "Low", + "text": "Are Azure reserved instances used to optimize cost for using Azure VMware Solution", + "waf": "Cost" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "6691e883-5ac9-4422-83e1-3810523081a9", + "service": "AVS", + "severity": "Medium", + "text": "Consider the use of Azure Private-Link when using other Azure Native Services", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "db611712-6904-40b4-aa3d-3e0803276d4b", + "service": "AVS", + "severity": "High", + "text": "Ensure all required resource reside within the same Azure availability zone(s)", + "waf": "Performance" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "48b262d6-cc5f-4512-a253-98e6db9d37da", + "service": "AVS", + "severity": "Medium", + "text": "Enable Microsoft Defender for Cloud for Azure VMware Solution guest VM workloads", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "41741583-3ef7-4ad7-a6d3-733165c7acbe", + "service": "AVS", + "severity": "Medium", + "text": "Use Azure Arc enabled servers to manage your Azure VMware Solution guest VM workloads", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "88f03a4d-2cd4-463c-abbc-868295abc91a", + "service": "AVS", + "severity": "High", + "text": "Enable Diagnostic and metric logging on Azure VMware Solution", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "4ed90dae-2cc8-44c4-9b6b-781cbafe6c46", + "service": "AVS", + "severity": "Medium", + "text": "Deploy the Log Analytics Agents to Azure VMware Solution guest VM workloads", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "589d457a-927c-4397-9d11-02cad6aae11e", + "service": "AVS", + "severity": "Medium", + "text": "Ensure you have a documented and implemented backup policy and solution for Azure VMware Solution VM workloads", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "ee29711b-d352-4caa-ab79-b198dab81932", + "service": "AVS", + "severity": "Medium", + "text": "Use Microsoft Defender for Cloud for compliance monitoring of workloads running on Azure VMware Solution", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "c9fc9d1b-b780-436f-9e6b-fbb9ed503547", + "service": "AVS", + "severity": "Medium", + "text": "Are the applicable compliance baselines added to Microsoft Defender for Cloud", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "cc447e82-6128-4a71-b0f1-cac6d9ef1d5e", + "service": "AVS", + "severity": "High", + "text": "Was data residency evaluated when selecting Azure regions to use for Azure VMware Solution deployment", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "832e42e3-611c-4818-a0a0-bc510e43a18a", + "service": "AVS", + "severity": "High", + "text": "Are data processing implications (service provider / service consumer model) clear and documented", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "547c1747-dc56-4068-a714-435cd19dd244", + "service": "AVS", + "severity": "Medium", + "text": "Consider using CMK (Customer Managed Key) for vSAN only if needed for compliance reason(s).", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "e43a18a9-cd28-49ce-b6b1-7db8255461e2", + "service": "AVS", + "severity": "High", + "text": "Create dashboards to enable core Azure VMware Solution monitoring insights", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "graph": "resources| where type =~ 'Microsoft.AVS/privateClouds'| join kind=leftouter(resources| where type =~ 'Microsoft.Insights/metricalerts'| mv-expand scopes=properties.scopes| mv-expand criteria=properties.criteria.allOf| extend metricName=criteria.metricName| distinct tostring(scopes), tostring(metricName))on $left.id == $right.scopes| extend compliant=toint(metricName in ('UsageAverage', 'EffectiveCpuAverage', 'DiskUsedPercentage'))| summarize compliant=min(compliant) by id", + "guid": "6b84ee5d-f47d-42d9-8881-b1cd5d1e54a2", + "service": "AVS", + "severity": "High", + "text": "Create warning alerts for critical thresholds for automatic alerting on Azure VMware Solution performance (CPU >80%, Avg Memory >80%, vSAN >70%)", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "graph": "resources| where type =~ 'Microsoft.AVS/privateClouds'| join kind=leftouter(resources| where type =~ 'Microsoft.Insights/metricalerts'| mv-expand scopes=properties.scopes| mv-expand criteria=properties.criteria.allOf| extend metricName=criteria.metricName| distinct tostring(scopes), tostring(metricName))on $left.id == $right.scopes| extend compliant=toint(metricName in ('UsageAverage', 'EffectiveCpuAverage', 'DiskUsedPercentage'))| summarize compliant=min(compliant) by id", + "guid": "9659e396-80e7-4828-ac93-5657d02bff45", + "service": "AVS", + "severity": "High", + "text": "Ensure critical alert is created to monitor if vSAN consumption is below 75% as this is a support threshold from VMware", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "graph": "resources| distinct subscriptionId| join kind=leftouter( resources | where type =~ 'microsoft.insights/activitylogalerts' | mv-expand condition1 = properties.condition.allOf | mv-expand condition2 = condition1.anyOf | extend alertEnabled = tostring(properties.enabled) | summarize set_condition1=make_set(condition1.equals), set_condition2=make_set(condition2.equals) by id, name,type,tenantId,resourceGroup,subscriptionId, alertEnabled | where set_has_element(set_condition1, 'ServiceHealth') | extend category = 'ServiceHealth' | extend all = iff(set_has_element(set_condition1, 'ServiceHealth') and array_length(set_condition2) == 0, true, false) | extend incident = iff(all, true, iff(set_has_element(set_condition1, 'Incident'), true, set_has_element(set_condition2, 'Incident'))) | extend maintenance = iff(all, true, iff(set_has_element(set_condition1, 'Maintenance'), true, set_has_element(set_condition2, 'Maintenance'))) | extend informational = iff(all, true, iff(set_has_element(set_condition1, 'Informational') or set_has_element(set_condition1, 'ActionRequired'), true, set_has_element(set_condition2, 'Informational') or set_has_element(set_condition2, 'ActionRequired'))) | extend security = iff(all, true, iff(set_has_element(set_condition1, 'Security'), true, set_has_element(set_condition2, 'Security'))) | project id, name, subscriptionId, category, tostring(alertEnabled), tostring(incident), tostring(maintenance), tostring(informational), tostring(security) | summarize count_alertEnabled=countif(alertEnabled == 'true'), count_incident=countif(incident == 'True'), count_maintenance=countif(maintenance == 'True'), count_informational=countif(informational == 'True'), count_security=countif(security == 'True') by subscriptionId) on subscriptionId| project subscriptionId, alertEnabled=iff(isnotnull(count_alertEnabled), count_alertEnabled, 0), incident=iff(isnotnull(count_incident), count_incident, 0), security=iff(isnotnull(count_security), count_security, 0), maintenance=iff(isnotnull(count_maintenance), count_maintenance, 0), informational=iff(isnotnull(count_informational), count_informational, 0)| order by incident, maintenance, informational, security desc| project id=subscriptionId, compliant=(alertEnabled > 0 and incident > 0 and security > 0 and maintenance > 0 and informational > 0)", + "guid": "64b0d934-a348-4726-be79-d6b5c3a36495", + "service": "AVS", + "severity": "High", + "text": "Ensure alerts are configured for Azure Service Health alerts and notifications", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "b6abad38-aad5-43cc-99e1-d86667357c54", + "service": "AVS", + "severity": "Medium", + "text": "Configure Azure VMware Solution logging to be send to an Azure Storage account or Azure EventHub for processing", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "9674c5ed-85b8-459c-9733-be2b1a27b775", + "service": "AVS", + "severity": "Low", + "text": "If deep insight in VMware vSphere is required: Is vRealize Operations and/or vRealize Network Insights used in the solution?", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "a91be1f3-88f0-43a4-b2cd-463cbbbc8682", + "service": "AVS", + "severity": "High", + "text": "Ensure the vSAN storage policy for VM's is NOT the default storage policy as this policy applies thick provisioning", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "d9ef1d5e-832d-442e-9611-c818b0afbc51", + "service": "AVS", + "severity": "Medium", + "text": "Ensure vSphere content libraries are not placed on vSAN as vSAN is a finite resource", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "0e43a18a-9cd2-489b-bd6b-17db8255461e", + "service": "AVS", + "severity": "Medium", + "text": "Ensure data repositories for the backup solution are stored outside of vSAN storage. Either in Azure native or on a disk pool-backed datastore", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "2aee3453-aec8-4339-848b-262d6cc5f512", + "service": "AVS", + "severity": "Medium", + "text": "Ensure workloads running on Azure VMware Solution are hybrid managed using Azure Arc for Servers (Arc for Azure VMware Solution is in preview)", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "925398e6-da9d-437d-ac43-bc6cd1d79a9b", + "service": "AVS", + "severity": "Medium", + "text": "Ensure workloads running on Azure VMware Solution are monitored using Azure Log Analytics and Azure Monitor", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "24604489-a8f4-42d7-ae78-cb6a33bd2a09", + "service": "AVS", + "severity": "Medium", + "text": "Include workloads running on Azure VMware Solution in existing update management tooling or in Azure Update Management", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "17e7a8d9-0ae0-4e27-aee2-9711bd352caa", + "service": "AVS", + "severity": "Medium", + "text": "Use Azure Policy to onboard Azure VMware Solution workloads in the Azure Management, Monitoring and Security solutions", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "aee3553a-fc83-4392-98b2-62d6cc5f5129", + "service": "AVS", + "severity": "Medium", + "text": "Ensure workloads running on Azure VMware Solution are onboarded to Microsoft Defender for Cloud", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "25398e6d-b9d3-47da-a43b-c6cd1d79a9b2", + "service": "AVS", + "severity": "Medium", + "text": "Ensure backups are not stored on vSAN as vSAN is a finite resource", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "5e6bfbb9-ed50-4354-9cc4-47e826028a71", + "service": "AVS", + "severity": "Medium", + "text": "Have all DR solutions been considered and a solution that is best for your business been decided upon? [SRM/JetStream/Zerto/Veeam/...]", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "f0f1cac6-d9ef-41d5-b832-d42e3611c818", + "service": "AVS", + "severity": "Medium", + "text": "Use Azure Site Recovery when the Disaster Recovery technology is native Azure IaaS", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "b0afbc51-0e43-4a18-a9cd-289bed6b17db", + "service": "AVS", + "severity": "High", + "text": "Use Automated recovery plans with either of the Disaster solutions, avoid manual tasks as much as possible", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "8255461e-2aee-4345-9aec-8339248b262d", + "service": "AVS", + "severity": "Medium", + "text": "Use the geopolitical region pair as the secondary disaster recovery environment", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "6cc5f512-9253-498e-9da9-d37dac43bc6c", + "service": "AVS", + "severity": "High", + "text": "Use 2 different address spaces between the regions, for example: 10.0.0.0/16 and 192.168.0.0/16 for the different regions", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "d1d79a9b-2460-4448-aa8f-42d78e78cb6a", + "service": "AVS", + "severity": "Medium", + "text": "Will ExpressRoute Global Reach be used for connectivity between the primary and secondary Azure VMware Solution Private Clouds or is routing done through network virtual appliances?", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "33bd2a09-17e7-4a8d-a0ae-0e27cee29711", + "service": "AVS", + "severity": "Medium", + "text": "Have all Backup solutions been considered and a solution that is best for your business been decided upon? [ MABS/CommVault/Metallic.io/Veeam/�. ]", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "bd352caa-ab79-4b18-adab-81932c9fc9d1", + "service": "AVS", + "severity": "Medium", + "text": "Deploy your backup solution in the same region as your Azure VMware Solution private cloud", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "bb77036f-5e6b-4fbb-aed5-03547cc447e8", + "service": "AVS", + "severity": "Medium", + "text": "Deploy your backup solution outside of vSan, on Azure native components", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "26028a71-f0f1-4cac-9d9e-f1d5e832d42e", + "service": "AVS", + "severity": "Low", + "text": "Is a process in place to request a restore of the VMware components managed by the Azure Platform?", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "4604489a-8f42-4d78-b78c-b7a33bd2a0a1", + "service": "AVS", + "severity": "Low", + "text": "For manual deployments, all configuration and deployments must be documented", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "7e7a8d90-ae0e-437c-be29-711bd352caaa", + "service": "AVS", + "severity": "Low", + "text": "For manual deployments, consider implementing resource locks to prevent accidental actions on your Azure VMware Solution Private Cloud", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "b79b198d-ab81-4932-a9fc-9d1bb78036f5", + "service": "AVS", + "severity": "Low", + "text": "For automated deployments, deploy a minimal private cloud and scale as needed", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "e6bfbb9e-d503-4547-ac44-7e826128a71f", + "service": "AVS", + "severity": "Low", + "text": "For automated deployments, request or reserve quota prior to starting the deployment", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "0f1cac6d-9ef1-4d5e-a32e-42e3611c818b", + "service": "AVS", + "severity": "Low", + "text": "For automated deployment, ensure that relevant resource locks are created through the automation or through Azure Policy for proper governance", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "e2cc95d4-8c6b-4791-bca0-f6c56589e558", + "service": "AVS", + "severity": "Low", + "text": "Implement human understandable names for ExR authorization keys to allow for easy identification of the keys purpose/use", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "255461e2-aee3-4553-afc8-339248b262d6", + "service": "AVS", + "severity": "Low", + "text": "Use Key vault to store secrets and authorization keys when separate Service Principles are used for deploying Azure VMware Solution and ExpressRoute", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "cc5f5129-2539-48e6-bb9d-37dac43bc6cd", + "service": "AVS", + "severity": "Low", + "text": "Define resource dependencies for serializing actions in IaC when many resources need to be deployed in/on Azure VMware Solution as Azure VMware Solution only supports a limited number of parallel operations.", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "1d79a9b2-4604-4489-a8f4-2d78e78cb7a3", + "service": "AVS", + "severity": "Low", + "text": "When performing automated configuration of NSX-T segments with a single Tier-1 gateway, use Azure Portal APIs instead of NSX-Manager APIs", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "3bd2a0a1-7e7a-48d9-8ae0-e37cee29711b", + "service": "AVS", + "severity": "Medium", + "text": "When intending to use automated scale-out, be sure to apply for sufficient Azure VMware Solution quota for the subscriptions running Azure VMware Solution", + "waf": "Performance" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "d352caaa-b79b-4198-bab8-1932c9fc9d1b", + "service": "AVS", + "severity": "Medium", + "text": "When intending to use automated scale-in, be sure to take storage policy requirements into account before performing such action", + "waf": "Performance" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "b78036f5-e6bf-4bb9-bd50-3547cc447e82", + "service": "AVS", + "severity": "Medium", + "text": "Scaling operations always need to be serialized within a single SDDC as only one scale operation can be performed at a time (even when multiple clusters are used)", + "waf": "Performance" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "bf15bce2-19e4-4a0e-a588-79424d226786", + "service": "AVS", + "severity": "Medium", + "text": "Consider and validate scaling operations on 3rd party solutions used in the architecture (supported or not)", + "waf": "Performance" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "d20b56c5-7be5-4851-a0f8-3835c586cb29", + "service": "AVS", + "severity": "Medium", + "text": "Define and enforce scale in/out maximum limits for your environment in the automations", + "waf": "Performance" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "1dc15a1c-075e-4e9f-841a-cccd579376bc", + "service": "AVS", + "severity": "Medium", + "text": "Implement monitoring rules to monitor automated scaling operations and monitor success and failure to enable appropriate (automated) responses", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "c5972cd4-cd21-4b07-9036-f5e6b4bfd3d5", + "link": "https://learn.microsoft.com/azure/active-directory/app-proxy/application-proxy#how-application-proxy-works", + "service": "AVS", + "severity": "High", + "text": "When using MON, be aware of the limits of simulataneously configured VMs (MON Limit for HCX [400 - standard, 1000 - Larger appliance])", + "training": "https://learn.microsoft.com/learn/modules/configure-azure-ad-application-proxy/", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "be1f38cf-03a8-422b-b463-cbbbc8ac299e", + "link": "https://learn.microsoft.com/azure/active-directory/app-proxy/application-proxy#how-application-proxy-works", + "service": "AVS", + "severity": "High", + "text": "When using MON, you cannot enable MON on more than 100 Network extensions", + "training": "https://learn.microsoft.com/learn/paths/implement-applications-external-access-azure-ad/", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "bc91a43d-90da-4e2c-a881-4706f7c1cbaf", + "service": "AVS", + "severity": "Medium", + "text": "If using a VPN connection for migrations, adjust your MTU size accordingly.", + "waf": "Performance" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "e614658d-d457-4e92-9139-b821102cad6e", + "service": "AVS", + "severity": "Medium", + "text": "For low connectivity regions connecting into Azure (500Mbps or less), considering deploying the HCX WAN optimization appliance", + "waf": "Performance" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "ae01e6e8-43e5-42f4-922d-928c1b1cd521", + "service": "AVS", + "severity": "Medium", + "text": "Ensure that migrations are started from the on-premises appliance and NOT from the Cloud appliance (do NOT perform a reverse migration)", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "e54a29a9-de39-4ac0-b7c2-8dc935657202", + "link": "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-policy-settings", + "service": "AVS", + "severity": "Medium", + "text": "When Azure Netapp Files is used to extend storage for Azure VMware Solution,consider using this as a VMware datastore instead of attaching directly to a VM.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "bff4564b-0d93-44a3-98b2-63e7dd60513a", + "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#avoid-combining-traffic-manager-and-front-door", + "service": "AVS", + "severity": "Medium", + "text": "Ensure that a dedicated ExpressRoute Gateway is being used for external data storage solutions", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "3649906e-bad3-48ea-b53c-c7de1d8aaab3", + "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#use-the-same-domain-name-on-front-door-and-your-origin", + "service": "AVS", + "severity": "Medium", + "text": "Ensure that FastPath is enabled on the ExpressRoute Gateway that is being used for external data storage solutions", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "571549ab-8153-4d89-b89d-c7b33be2b1a2", + "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#disable-health-probes-when-theres-only-one-origin-in-an-origin-group", + "service": "AVS", + "severity": "High", + "text": "If using stretched cluster, ensure that your selected Disaster Recovery solution is supported by the vendor", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "4c486b6d-8bdc-4059-acf7-5ee8a1309888", + "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#select-good-health-probe-endpoints", + "service": "AVS", + "severity": "High", + "text": "If using stretched cluster, ensure that the SLA provided will meet your requirements", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "9579d66b-896d-471f-a6ca-7be9955d04c3", + "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#use-head-health-probes", + "service": "AVS", + "severity": "High", + "text": "If using stretched cluster, ensure that both ExpressRoute circuits are connected to your connectivity hub.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "c49d987c-b3d1-4325-aa12-4b6e4d0685ed", + "link": "https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity", + "service": "AVS", + "severity": "High", + "text": "If using stretched cluster, ensure that both ExpressRoute circuits have GlobalReach enabled.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AVS/privateClouds", + "checklist": "Azure VMware Solution Design Review", + "guid": "dce9793b-7bcd-4b3b-91eb-2ec14eea6e59", + "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#use-managed-tls-certificates", + "service": "AVS", + "severity": "High", + "text": "Have site disaster tolerance settings been properly considered and changed for your business if needed.", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Azure Event Hub Review", + "description": "Azure Event Hub provides encryption of data at rest. If you use your own key, the data is still encrypted using the Microsoft-managed key, but in addition the Microsoft-managed key will be encrypted using the customer-managed key. ", + "guid": "7aaf12e7-b94e-4f6e-847d-2d92981b1cd6", + "link": "https://learn.microsoft.com/azure/event-hubs/configure-customer-managed-key", + "query": "resources | where type =~ 'Microsoft.EventHub/namespaces' | extend SkuName = tostring(sku.name) | extend EncryptionEnabled = iif(isnotempty(properties.encryption.keySource), 'Enabled', 'Disabled') | extend compliant = iif(EncryptionEnabled == 'Enabled', true, false) | project name, resourceGroup, location, SkuName, EncryptionEnabled, compliant | where SkuName == 'Premium'", + "service": "Event Hubs", + "severity": "Low", + "text": "Use customer-managed key option in data at rest encryption when required", + "training": "https://learn.microsoft.com/learn/modules/plan-implement-administer-conditional-access/", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Azure Event Hub Review", + "description": "Azure Event Hubs namespaces permit clients to send and receive data with TLS 1.0 and above. To enforce stricter security measures, you can configure your Event Hubs namespace to require that clients send and receive data with a newer version of TLS. If an Event Hubs namespace requires a minimum version of TLS, then any requests made with an older version will fail. ", + "guid": "d2f54b29-769e-43a6-a0e7-828ac936657e", + "link": "https://learn.microsoft.com/azure/event-hubs/transport-layer-security-configure-minimum-version", + "query": "resources | where type =~ 'Microsoft.EventHub/namespaces' | extend MinimumTlsVersion = tostring(properties.minimumTlsVersion) | extend compliant = iif(MinimumTlsVersion == '1.2' or MinimumTlsVersion == '1.3', true, false) | project name, resourceGroup, location, MinimumTlsVersion, compliant", + "service": "Event Hubs", + "severity": "Medium", + "text": "Enforce a minimum required version of Transport Layer Security (TLS) for requests ", + "training": "https://learn.microsoft.com/learn/modules/secure-aad-users-with-mfa/", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Azure Event Hub Review", + "description": "When you create an Event Hubs namespace, a policy rule named RootManageSharedAccessKey is automatically created for the namespace. This policy has manage permissions for the entire namespace. It�s recommended that you treat this rule like an administrative root account and don�t use it in your application. Using AAD as an authentication provider with RBAC is recommended. ", + "guid": "13b0f566-4b1e-4944-a459-837ee79d6c6d", + "link": "https://learn.microsoft.com/azure/event-hubs/authorize-access-shared-access-signature#shared-access-authorization-policies", + "service": "Event Hubs", + "severity": "Medium", + "text": "Avoid using root account when it is not necessary", + "training": "https://learn.microsoft.com/learn/paths/azure-administrator-manage-identities-governance/", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Azure Event Hub Review", + "description": "Managed identities for Azure resources can authorize access to Event Hubs resources using Azure AD credentials from applications running in Azure Virtual Machines (VMs), Function apps, Virtual Machine Scale Sets, and other services. By using managed identities for Azure resources together with Azure AD authentication, you can avoid storing credentials with your applications that run in the cloud. ", + "guid": "3a365a5c-7acb-4e48-abd5-4cd79f2e8776", + "link": "https://learn.microsoft.com/azure/event-hubs/authenticate-managed-identity?tabs=latest", + "service": "Event Hubs", + "severity": "Medium", + "text": "When possible, your application should be using a managed identity to authenticate to Azure Event Hub. If not, consider having the storage credential (SAS, service principal credential) in Azure Key Vault or an equivalent service", + "training": "https://learn.microsoft.com/learn/modules/azure-ad-privileged-identity-management/", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Azure Event Hub Review", + "description": "When creating permissions, provide fine-grained control over a client's access to Azure Event Hub. Permissions in Azure Event Hub can and should be scoped to the individual resource level e.g. consumer group, event hub entity, event hub namespaces, etc.", + "guid": "8357c559-675c-45ee-a5b8-6ad8844ce3b2", + "link": "https://learn.microsoft.com/azure/event-hubs/authorize-access-azure-active-directory#azure-built-in-roles-for-azure-event-hubs", + "service": "Event Hubs", + "severity": "High", + "text": "Use least privilege data plane RBAC", + "training": "https://learn.microsoft.com/learn/modules/explore-basic-services-identity-types/", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Azure Event Hub Review", + "description": "Azure Event Hub resource logs include operational logs, virtual network and Kafka logs. Runtime audit logs capture aggregated diagnostic information for all data plane access operations (such as send or receive events) in Event Hubs.", + "guid": "b38b875b-a1cf-4104-a900-3a4d3ce474db", + "link": "https://learn.microsoft.com/azure/event-hubs/monitor-event-hubs-reference", + "service": "Event Hubs", + "severity": "Medium", + "text": "Enable logging for security investigation. Use Azure Monitor to captured metrics and logs such as resource logs, runtime audit logs and Kafka logs", + "training": "https://learn.microsoft.com/learn/paths/manage-identity-and-access/", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Azure Event Hub Review", + "description": "Azure Event Hub by default has a public IP address and is Internet-reachable. Private endpoints allow traffic between your virtual network and Azure Event Hub traverses over the Microsoft backbone network. In addition to that, you should disable public endpoints if those are not used. ", + "guid": "5abca2a4-eda1-4dae-8cc9-5d48c6b791dc", + "link": "https://learn.microsoft.com/azure/event-hubs/private-link-service", + "service": "Event Hubs", + "severity": "Medium", + "text": "Consider using private endpoints to access Azure Event Hub and disable public network access when applicable.", + "training": "https://learn.microsoft.com/learn/modules/azure-ad-privileged-identity-management/", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Azure Event Hub Review", + "description": "With IP firewall, you can restrict public endpoint further to only a set of IPv4 addresses or IPv4 address ranges in CIDR (Classless Inter-Domain Routing) notation. ", + "guid": "a0e6c465-89e5-458b-a37d-3974d1112dbd", + "link": "https://learn.microsoft.com/azure/event-hubs/event-hubs-ip-filtering", + "service": "Event Hubs", + "severity": "Medium", + "text": "Consider only allowing access to Azure Event Hub namespace from specific IP addresses or ranges", + "training": "https://learn.microsoft.com/learn/paths/implement-resource-mgmt-security/", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Azure Event Hub Review", + "guid": "31d41e36-11c8-417b-8afb-c410d4391898", + "link": "https://github.com/Azure/fta-resiliencyplaybooks/blob/main/paas-foundations-playbooks-AEH_v1.docx", + "service": "Event Hubs", + "severity": "Medium", + "text": "Leverage FTA Resillency HandBook", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Azure Event Hub Review", + "description": " This will be turned on automatically for a new EH namespace created from the portal with Premium, Dedicated, or Standard SKUs in a zone-enabled region. Both the EH metadata and the event data itself are replicated across zones", + "guid": "f15bce21-9e4a-40eb-9787-9424d226786d", + "link": "https://learn.microsoft.com/azure/event-hubs/event-hubs-premium-overview#high-availability-with-availability-zones", + "query": "resources | where type =~ 'Microsoft.EventHub/namespaces' | extend zoneRedundant = tobool(properties.zoneRedundant) | extend compliant = iff(zoneRedundant == true, true, false) | project name, resourceGroup, zoneRedundant, compliant", + "service": "Event Hubs", + "severity": "High", + "text": "Leverage Availability Zones if regionally applicable", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Azure Event Hub Review", + "guid": "20b56c56-ad58-4519-8f82-735c586bb281", + "link": "https://learn.microsoft.com/azure/event-hubs/compare-tiers", + "query": "resources | where type =~ 'Microsoft.EventHub/namespaces' | extend sku = tostring(sku.name) | extend compliant = iff(sku == 'Premium', true, false) | project name, resourceGroup, location, sku, compliant", + "service": "Event Hubs", + "severity": "Medium", + "text": "Use the Premium or Dedicated SKUs for predicable performance", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Azure Event Hub Review", + "description": "The built-in geo-disaster recovery feature, when enabled, ensures that the entire configuration of anamespace (Event Hubs, Consumer Groups and settings) is continuously replicated from a primary namespace to a secondary namespace, and it allows a once-only failover move from the primary to the secondary at any time. Active/Passive feature is designed to make it easier to recover from and abandon a failed Azure region without having to change application configurations", + "guid": "dc15a1c0-75ee-49f1-90ac-ccd579376bcd", + "link": "https://learn.microsoft.com/azure/event-hubs/event-hubs-geo-dr?tabs=portal", + "service": "Event Hubs", + "severity": "High", + "text": "Plan for Geo Disaster Recovery using Active Passive configuration", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Azure Event Hub Review", + "description": "Should be used for DR configurations where an outage or loss of event data in the downed region cannot be tolerated. For these cases, follow the replication guidance and do not use the built-in geo-disaster recovery capability (active/passive). With Active/Active, Maintain multiple Event Hubs in different regions and namespaces, and events will be replicated between the hubs", + "guid": "6e31b67d-67ba-4591-89c0-9e805d597c7e", + "link": "https://learn.microsoft.com/azure/event-hubs/event-hubs-federation-overview", + "service": "Event Hubs", + "severity": "Medium", + "text": "For Business Critical Applications, use Active Active configuration", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Azure Event Hub Review", + "guid": "9ced16ad-d186-4f0a-a241-a999a68af77c", + "link": "https://learn.microsoft.com/azure/architecture/serverless/event-hubs-functions/resilient-design", + "service": "Event Hubs", + "severity": "Medium", + "text": "Design Resilient Event Hubs", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Cognitive Services Review Checklist", + "guid": "21c30d25-ffb7-4f6a-b9ea-b3fec328f787", + "link": "https://github.com/Azure/fta-resiliencyplaybooks/blob/main/paas-foundations-playbooks-cog_svcs_v1.docx", + "service": "Cognitive Services", + "severity": "Medium", + "text": "Leverage FTA HandBook for Cognitive Services", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Cognitive Services Review Checklist", + "guid": "78c34698-16b2-4763-aefe-1b9b599de0d5", + "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/advanced-prompt-engineering?pivots=programming-language-chat-completions", + "service": "Cognitive Services", + "severity": "Medium", + "text": "Backup Your Prompts", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Cognitive Services Review Checklist", + "guid": "750ab2ab-039d-4a6d-95d7-c892adb107d5", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/business-continuity-disaster-recovery", + "service": "Cognitive Services", + "severity": "High", + "text": "Business Continuity and Disaster Recovery (BCDR) considerations with Azure OpenAI Service", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Cognitive Services Review Checklist", + "guid": "325af625-ca44-4e46-a5e2-223ace8bb123", + "link": "https://github.com/abacaj/chatgpt-backup#backup-your-chatgpt-conversations", + "service": "Cognitive Services", + "severity": "Medium", + "text": "Backup Your ChatGPT conversations", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Cognitive Services Review Checklist", + "guid": "07ca5f17-f154-4e3a-a369-2829e7e31618", + "link": "https://learn.microsoft.com/azure/ai-services/speech-service/how-to-custom-speech-continuous-integration-continuous-deployment", + "service": "Cognitive Services", + "severity": "Medium", + "text": "CI/CD for custom speech", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.CognitiveServices/accounts", + "checklist": "Cognitive Services Review Checklist", + "guid": "3687a046-7a1f-4893-9bda-43324f248116", + "link": "https://learn.microsoft.com/azure/ai-services/qnamaker/tutorials/export-knowledge-base", + "service": "Cognitive Services", + "severity": "Low", + "text": "Move a knowledge base using export-import", + "waf": "Reliability" + }, + { + "checklist": "Azure Service Fabric Review Checklist", + "graph": "resources | where type=~'Microsoft.ServiceFabric/managedClusters' | extend compliant = (sku=~'{\"name\":\"Standard\"}') | distinct id,compliant", + "guid": "182840d2-9ef8-4238-8fd6-0d76186830ac", + "link": "https://learn.microsoft.com/azure/service-fabric/overview-managed-cluster#service-fabric-managed-cluster-skus", + "service": "Azure Service Fabric", + "severity": "Medium", + "text": "Use Standard SKU for production scenarios.", + "waf": "Reliability" + }, + { + "checklist": "Azure Service Fabric Review Checklist", + "graph": "resources | where type=~'Microsoft.ServiceFabric/clusters' | extend nodeTypes= array_concat(properties.nodeTypes) | mv-expand nodeTypes | summarize BronzeDurabilityCount = countif(nodeTypes.durabilityLevel == 'Bronze') by id | extend compliant = (BronzeDurabilityCount == 0) | distinct id,compliant", + "guid": "182840d2-9ef8-4238-8fd6-0d76186830ac", + "link": "https://learn.microsoft.com/azure/service-fabric/service-fabric-cluster-capacity#durability-characteristics-of-the-cluster", + "service": "Azure Service Fabric", + "severity": "Medium", + "text": "Use durability level Silver (5 VMs) or greater for production scenarios", + "waf": "Reliability" + }, + { + "checklist": "Azure Service Fabric Review Checklist", + "graph": "resources | where type=~'Microsoft.ServiceFabric/managedClusters' | extend compliant= ( properties.zonalResiliency =~ 'true') | distinct id,compliant", + "guid": "2363878d-55c4-4cbd-9bc2-94523c85f12e", + "link": "https://learn.microsoft.com/azure/service-fabric/how-to-managed-cluster-availability-zones", + "service": "Azure Service Fabric", + "severity": "Medium", + "text": "Consider using Availability Zones for your Service Fabric clusters. Service Fabric managed cluster supports deployments that span across multiple Availability Zones to provide zone resiliency. This configuration will ensure high-availability of the critical system services and your applications to protect from single-points-of-failure.", + "waf": "Reliability" + }, + { + "checklist": "Azure Service Fabric Review Checklist", + "guid": "5ba74cc8-3ca2-44d5-9a67-bdc8e102e7b4", + "link": "https://learn.microsoft.com/azure/service-fabric/service-fabric-api-management-overview", + "service": "Azure Service Fabric", + "severity": "Medium", + "text": "Consider using Azure API Management to expose and offload cross-cutting functionality for APIs hosted on the cluster. API Management can integrate with Service Fabric directly.", + "waf": "Reliability" + }, + { + "checklist": "Azure Service Fabric Review Checklist", + "guid": "ef17bb8f-4e2c-488b-8ceb-a07c3d750dd3", + "link": "https://learn.microsoft.com/azure/service-fabric/service-fabric-reliable-services-introduction", + "service": "Azure Service Fabric", + "severity": "Medium", + "text": "For stateful workload scenarios, consider using Reliable Services. The Reliable Services model allows your services to stay up even in unreliable environments where your machines fail or hit network issues, or in cases where the services themselves encounter errors and crash or fail. For stateful services, your state is preserved even in the presence of network or other failures.", + "waf": "Reliability" + }, + { + "checklist": "Azure Service Fabric Review Checklist", + "graph": "resources | where type=~'Microsoft.Compute/virtualMachineScaleSets' | extend vmssExtension= array_concat(properties.virtualMachineProfile.extensionProfile.extensions) | mv-expand vmssExtension | where vmssExtension.properties.publisher matches regex '^Microsoft.Azure.ServiceFabric.*' | summarize arg_max(id, *) | summarize compliant = countif(sku.name matches regex '^Standard_[^d]*$' ) by id", + "guid": "4da21268-f775-4c89-a271-eb80543c8df7", + "service": "Azure Service Fabric", + "severity": "Medium", + "text": "Avoid VM SKUs with temp disk offerings. Service Fabric uses managed disks by default, so avoiding temp disk offerings ensures you don't pay for unneeded resources.", + "waf": "Cost" + }, + { + "checklist": "Azure Service Fabric Review Checklist", + "guid": "1890b796-f300-41a3-a8d4-29738c1f4ad0", + "link": "https://learn.microsoft.com/azure/service-fabric/how-to-managed-cluster-stateless-node-type#temporary-disk-support", + "service": "Azure Service Fabric", + "severity": "Medium", + "text": "If you need to select a certain VM SKU for capacity reasons and it happens to offer temp disk, consider using temporary disk support for your stateless workloads.", + "waf": "Cost" + }, + { + "checklist": "Azure Service Fabric Review Checklist", + "guid": "5247bb32-6778-49c7-8b40-e171c9a3ce1e", + "service": "Azure Service Fabric", + "severity": "Medium", + "text": "Align SKU selection and managed disk size with workload requirements. Matching your selection to your workload demands ensures you don't pay for unneeded resources.", + "waf": "Cost" + }, + { + "checklist": "Azure Service Fabric Review Checklist", + "guid": "6028759b-446a-41bc-8b0e-7728e61ca704", + "link": "https://learn.microsoft.com/azure/service-fabric/how-to-managed-cluster-networking#manage-nsg-rules", + "service": "Azure Service Fabric", + "severity": "Medium", + "text": "Ensure Network Security Groups (NSG) are configured to restrict traffic flow between subnets and node types. For example, you may have an API Management instance (one subnet), a frontend subnet (exposing a website directly), and a backend subnet (accessible only to frontend).", + "waf": "Security" + }, + { + "checklist": "Azure Service Fabric Review Checklist", + "graph": "resources | where type=~'Microsoft.Compute/virtualMachineScaleSets' | extend vmssExtension= array_concat(properties.virtualMachineProfile.extensionProfile.extensions) | mv-expand vmssExtension | where vmssExtension.properties.publisher matches regex '^Microsoft.Azure.ServiceFabric.*' | summarize arg_max(id, *) | extend compliant = (isnotnull(properties.virtualMachineProfile.osProfile.secrets))", + "guid": "4e98c903-14cf-4c72-9c45-b8b23bc4cbd8", + "link": "https://learn.microsoft.com/azure/service-fabric/service-fabric-best-practices-security#deploy-key-vault-certificates-to-service-fabric-cluster-virtual-machine-scale-sets", + "service": "Azure Service Fabric", + "severity": "Medium", + "text": "Deploy Key Vault certificates to Service Fabric cluster virtual machine scale sets. Centralizing storage of application secrets in Azure Key Vault allows you to control their distribution. Key Vault greatly reduces the chances that secrets may be accidentally leaked.", + "waf": "Security" + }, + { + "checklist": "Azure Service Fabric Review Checklist", + "guid": "001cbb6f-d88d-4431-8434-d01333397776", + "link": "https://learn.microsoft.com/azure/service-fabric/service-fabric-best-practices-security#apply-an-access-control-list-acl-to-your-certificate-for-your-service-fabric-cluster", + "service": "Azure Service Fabric", + "severity": "Medium", + "text": "Apply an Access Control List (ACL) to your client certificate for your Service Fabric cluster. Using an ACL provides an additional level of authentication.", + "waf": "Security" + }, + { + "checklist": "Azure Service Fabric Review Checklist", + "guid": "4b74b7a5-bb1e-4fca-948c-037ba95fb73b", + "link": "https://learn.microsoft.com/azure/service-fabric/service-fabric-resource-governance#resource-governance-mechanism", + "service": "Azure Service Fabric", + "severity": "Medium", + "text": "Use resource requests and limits to govern resource usage across the nodes in your cluster. Enforcing resource limits helps ensure that one service doesn't consume too many resources and starve other services.", + "waf": "Security" + }, + { + "checklist": "Azure Service Fabric Review Checklist", + "guid": "cd9233ba-f3aa-4353-8d2f-7ea4a64160e6", + "link": "", + "service": "Azure Service Fabric", + "severity": "Medium", + "text": "Encrypt Service Fabric package secret values. Encryption on your secret values provides an additional level of security.", + "waf": "Security" + }, + { + "checklist": "Azure Service Fabric Review Checklist", + "guid": "44b989d4-9f72-42b6-99da-ec2a79f83299", + "link": "", + "service": "Azure Service Fabric", + "severity": "Medium", + "text": "Include client certificates in Service Fabric applications. Having your applications use client certificates for authentication provides opportunities for security at both the cluster and workload level.", + "waf": "Security" + }, + { + "checklist": "Azure Service Fabric Review Checklist", + "guid": "28e66ff7-4a77-4b2c-910d-0335f141208a", + "link": "https://learn.microsoft.com/azure/service-fabric/how-to-managed-identity-managed-cluster-virtual-machine-scale-sets", + "service": "Azure Service Fabric", + "severity": "Medium", + "text": "Authenticate Service Fabric applications to Azure Resources using Managed Identity. Using Managed Identity allow you to securely manage the credentials in your code for authenticating to various services without saving them locally on a developer workstation or in source control.", + "waf": "Security" + }, + { + "checklist": "Azure Service Fabric Review Checklist", + "guid": "f16c413c-00a6-43aa-852c-b97292c33a56", + "link": "https://learn.microsoft.com/azure/service-fabric/service-fabric-best-practices-security#hosting-untrusted-applications-in-a-service-fabric-cluster", + "service": "Azure Service Fabric", + "severity": "Medium", + "text": "Follow Service Fabric best practices when hosting untrusted applications. Following the best practices provides a security standard to follow.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.AppPlatform/Spring", + "checklist": "Azure Spring Apps Review", + "guid": "6d8e32a8-3892-479d-a40b-10f6b4f6f298", + "link": "https://learn.microsoft.com/azure/spring-apps/concepts-blue-green-deployment-strategies", + "service": "Spring Apps", + "severity": "Medium", + "text": "Azure Spring Apps permits two deployments for every app, only one of which receives production traffic. You can achieve zero downtime with blue green deployment strategies. Blue green deployment is only available in Standard and Enterprise tiers. You could automate deployment using CI/CD with ADO/GitHub actions", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AppPlatform/Spring", + "checklist": "Azure Spring Apps Review", + "guid": "fbcb40ac-9480-4a6d-bcf4-8081252a6716", + "link": "https://learn.microsoft.com/azure/architecture/web-apps/spring-apps/architectures/spring-apps-multi-region", + "service": "Spring Apps", + "severity": "Medium", + "text": "Azure Spring Apps instances could be created in multiple regions for your applications and traffic could be routed by Traffic Manager/Front Door.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AppPlatform/Spring", + "checklist": "Azure Spring Apps Review", + "guid": "ff1ae6a7-9301-4feb-9d11-56cd72f1d4ef", + "link": "https://learn.microsoft.com/azure/reliability/reliability-spring-apps", + "service": "Spring Apps", + "severity": "Medium", + "text": "In supported region, Azure Spring Apps can be deployed as zone redundant, which means that instances are automatically distributed across availability zones. This feature is only available in Standard and Enterprise tiers.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AppPlatform/Spring", + "checklist": "Azure Spring Apps Review", + "guid": "ffc735ad-fbb1-4802-b43f-ad6387c4c066", + "link": "https://learn.microsoft.com/azure/spring-apps/concept-understand-app-and-deployment", + "service": "Spring Apps", + "severity": "Medium", + "text": "Use more than 1 app instance for your apps", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AppPlatform/Spring", + "checklist": "Azure Spring Apps Review", + "guid": "7504c230-6035-4183-95a5-85762acc6075", + "link": "https://learn.microsoft.com/azure/spring-apps/diagnostic-services", + "service": "Spring Apps", + "severity": "Medium", + "text": "Monitor Azure Spring Apps with logs, metrics and tracing. Integrate ASA with application insights and track failures and create workbooks.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AppPlatform/Spring", + "checklist": "Azure Spring Apps Review", + "guid": "1eb48d58-3eec-4ef5-80b0-d2b0dde3f0c6", + "link": "https://learn.microsoft.com/azure/spring-apps/how-to-configure-enterprise-spring-cloud-gateway", + "service": "Spring Apps", + "severity": "Medium", + "text": "Set up autoscaling in Spring Cloud Gateway", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AppPlatform/Spring", + "checklist": "Azure Spring Apps Review", + "guid": "97411607-b6fd-4335-99d1-9885faf4e392", + "link": "https://learn.microsoft.com/azure/spring-apps/how-to-setup-autoscale", + "service": "Spring Apps", + "severity": "Low", + "text": "Enable autoscale for the apps with Standard consumption & dedicated plan.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.AppPlatform/Spring", + "checklist": "Azure Spring Apps Review", + "guid": "dfcaffd1-d27c-4ef2-998d-64c1df3a7ac3", + "link": "https://learn.microsoft.com/azure/spring-apps/overview", + "service": "Spring Apps", + "severity": "Medium", + "text": "Use Enterprise plan for commercial support of spring boot for mission critical apps. With other tiers you get OSS support.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.ServiceBus/namespaces", + "checklist": "Service Bus Review Checklist", + "description": "Azure Service Bus Premium provides encryption of data at rest. If you use your own key, the data is still encrypted using the Microsoft-managed key, but in addition the Microsoft-managed key will be encrypted using the customer-managed key. ", + "guid": "87af4a79-1f89-439b-ba47-768e14c11567", + "link": "https://learn.microsoft.com/azure/service-bus-messaging/configure-customer-managed-key", + "service": "Service Bus", + "severity": "Low", + "text": "Use customer-managed key option in data at rest encryption when required", + "training": "https://learn.microsoft.com/learn/modules/plan-implement-administer-conditional-access/", + "waf": "Security" + }, + { + "arm-service": "Microsoft.ServiceBus/namespaces", + "checklist": "Service Bus Review Checklist", + "description": "Communication between a client application and an Azure Service Bus namespace is encrypted using Transport Layer Security (TLS). Azure Service Bus namespaces permit clients to send and receive data with TLS 1.0 and above. To enforce stricter security measures, you can configure your Service Bus namespace to require that clients send and receive data with a newer version of TLS.", + "guid": "5c1ea55b-46a9-448f-b8ae-7d7e4b475b6c", + "link": "https://learn.microsoft.com/azure/service-bus-messaging/transport-layer-security-enforce-minimum-version", + "service": "Service Bus", + "severity": "Medium", + "text": "Enforce a minimum required version of Transport Layer Security (TLS) for requests ", + "training": "https://learn.microsoft.com/learn/modules/secure-aad-users-with-mfa/", + "waf": "Security" + }, + { + "arm-service": "Microsoft.ServiceBus/namespaces", + "checklist": "Service Bus Review Checklist", + "description": "When you create a Service Bus namespace, a SAS rule named RootManageSharedAccessKey is automatically created for the namespace. This policy has Manage permissions for the entire namespace. It's recommended that you treat this rule like an administrative root account and don't use it in your application. Using AAD as an authentication provider with RBAC is recommended. ", + "guid": "8bcbf59b-ce65-4de8-a03f-97879468d66a", + "link": "https://learn.microsoft.com/azure/service-bus-messaging/service-bus-sas#shared-access-authorization-policies", + "service": "Service Bus", + "severity": "Medium", + "text": "Avoid using root account when it is not necessary", + "training": "https://learn.microsoft.com/learn/paths/azure-administrator-manage-identities-governance/", + "waf": "Security" + }, + { + "arm-service": "Microsoft.ServiceBus/namespaces", + "checklist": "Service Bus Review Checklist", + "description": "Microsoft Entra ID provides superior security and ease of use over shared access signatures (SAS). With Microsoft Entra ID, there’s no need to store the tokens in your code and risk potential security vulnerabilities. We recommend that you use Microsoft Entra ID with your Azure Service Bus applications when possible.", + "graph": "Resources | where type =~ 'microsoft.servicebus/namespaces' | extend compliant = iif(properties.disableLocalAuth == 'false', 'No', 'Yes') | project id, compliant", + "guid": "786d60f9-6c96-4ad8-a55d-04c2b39c986b", + "link": "https://learn.microsoft.com/en-us/azure/service-bus-messaging/disable-local-authentication", + "service": "Service Bus", + "severity": "Medium", + "text": "When possible, disable SAS key authentication (or local authentication) and use only Microsoft Entra ID for authentication", + "training": "https://learn.microsoft.com/learn/modules/azure-ad-privileged-identity-management/", + "waf": "Security" + }, + { + "arm-service": "Microsoft.ServiceBus/namespaces", + "checklist": "Service Bus Review Checklist", + "description": "When creating permissions, provide fine-grained control over a client's access to Azure Service Bus. Permissions in Azure Service Bus can and should be scoped to the individual resource level e.g. queue, topic or subscription. ", + "guid": "f615658d-e558-4f93-9249-b831112dbd7e", + "link": "https://learn.microsoft.com/azure/service-bus-messaging/authenticate-application#azure-built-in-roles-for-azure-service-bus", + "service": "Service Bus", + "severity": "High", + "text": "Use least privilege data plane RBAC", + "training": "https://learn.microsoft.com/learn/modules/explore-basic-services-identity-types/", + "waf": "Security" + }, + { + "arm-service": "Microsoft.ServiceBus/namespaces", + "checklist": "Service Bus Review Checklist", + "description": "Azure Service Bus resource logs include operational logs, virtual network and IP filtering logs. Runtime audit logs capture aggregated diagnostic information for various data plane access operations (such as send or receive messages) in Service Bus.", + "guid": "af12e7f9-43f6-4304-922d-929c2b1cd622", + "link": "https://learn.microsoft.com/azure/service-bus-messaging/monitor-service-bus-reference", + "service": "Service Bus", + "severity": "Medium", + "text": "Enable logging for security investigation. Use Azure Monitor to trace resource logs and runtime audit logs (currently available only in the premium tier)", + "training": "https://learn.microsoft.com/learn/paths/manage-identity-and-access/", + "waf": "Security" + }, + { + "arm-service": "Microsoft.ServiceBus/namespaces", + "checklist": "Service Bus Review Checklist", + "description": "Azure Service Bus by default has a public IP address and is Internet-reachable. Private endpoints allow traffic between your virtual network and Azure Service Bus traverses over the Microsoft backbone network. In addition to that, you should disable public endpoints if those are not used. ", + "guid": "9ae669ca-48e4-4a85-b222-3ece8bb12307", + "link": "https://learn.microsoft.com/azure/service-bus-messaging/private-link-service", + "service": "Service Bus", + "severity": "Medium", + "text": "Consider using private endpoints to access Azure Service Bus and disable public network access when applicable.", + "training": "https://learn.microsoft.com/learn/modules/azure-ad-privileged-identity-management/", + "waf": "Security" + }, + { + "arm-service": "Microsoft.ServiceBus/namespaces", + "checklist": "Service Bus Review Checklist", + "description": "With IP firewall, you can restrict the public endpoint further to only a set of IPv4 addresses or IPv4 address ranges in CIDR (Classless Inter-Domain Routing) notation. ", + "guid": "ca5f06f1-58e3-4ea3-a92c-2de7e2165c3a", + "link": "https://learn.microsoft.com/azure/service-bus-messaging/service-bus-ip-filtering", + "service": "Service Bus", + "severity": "Medium", + "text": "Consider only allowing access to Azure Service Bus namespace from specific IP addresses or ranges", + "training": "https://learn.microsoft.com/learn/paths/implement-resource-mgmt-security/", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Data Security review checklist", + "description": "Restrict the use of local authentication methods for data plane access. Instead, use Microsoft Entra ID as the default authentication method to control your data plane access.", + "guid": "32d41e36-11c8-417b-8afb-c410d4391898", + "service": "Synapse Analytics", + "severity": "High", + "text": "Restrict use of local users on sql workloads on Synapse", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Data Security review checklist", + "description": "No additional configurations are required as this is enabled on a default deployment.", + "guid": "21d41d25-00c8-417b-b9ea-c41fd3390798", + "link": "https://learn.microsoft.com/azure/event-hubs/transport-layer-security-configure-minimum-version", + "service": "Event Hubs", + "severity": "Medium", + "text": "Encrypt sensitive data in transit", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Data Security review checklist", + "description": "Use Microsoft Entra ID as the default authentication method to control your data plane access.", + "guid": "cd289bed-6b17-4cb8-8454-61e1aee3453a", + "link": "https://learn.microsoft.com/azure/synapse-analytics/synapse-service-identity?context=%2Fazure%2Fsynapse-analytics%2Fcontext%2Fcontext", + "service": "Synapse Analytics", + "severity": "Medium", + "text": "Use managed identity to authenticate to the services", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Data Security review checklist", + "guid": "bc288bec-6a17-4ca7-8444-51e1add3452a", + "service": "Event Hubs", + "severity": "Medium", + "text": "Enable data at rest encryption by default", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Data Security review checklist", + "description": "If not required for routine administrative operations, disable or restrict any local admin accounts for only emergency use.", + "guid": "ec823923-7a15-42d6-ac5e-402925388e5d", + "service": "Synapse Analytics", + "severity": "High", + "text": "Separate and limit highly privileged/administrative users and enable MFA and conditional policies", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Data Security review checklist", + "description": "Use Keyvaults to store your CMK", + "guid": "ec723923-7a15-41c5-ab5e-401915387e5c", + "link": "https://learn.microsoft.com/azure/event-hubs/configure-customer-managed-key?tabs=Key-Vault", + "service": "Event Hubs", + "severity": "Medium", + "text": "Use customer-managed key option in data at rest encryption when required", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Data Security review checklist", + "description": "Azure Synapse also includes Synapse role-based access control (RBAC) roles to manage different aspects of Synapse Studio. Leverage these built-in roles to assign permissions to users, groups, or other security principals to manage who can Publish code artifacts and list or access published code artifacts,Execute code on Apache Spark pools and integration runtimes,Access linked (data) services that are protected by credentials,Monitor or cancel job executions, review job output and execution logs.", + "guid": "a9c27d9c-42bb-46cd-8c79-99a246f3389a", + "link": "https://learn.microsoft.com/azure/synapse-analytics/security/synapse-workspace-understand-what-role-you-need", + "service": "Synapse Analytics", + "severity": "Medium", + "text": "Use Azure RBAC to control access on storage and Synapse RBAC to control access on workspace level depending on the personas of the team to fine grain the access on data and compute", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Data Security review checklist", + "guid": "7f42c78e-78cb-46a2-8ad1-a0916e6a8d8f", + "link": "https://learn.microsoft.com/sql/relational-databases/security/row-level-security?view=sql-server-ver16&context=%2Fazure%2Fsynapse-analytics%2Fcontext%2Fcontext", + "service": "Synapse Analytics", + "severity": "Medium", + "text": "Implement RLS, CLS and data masking on sql workloads in dedicated sql pool to add additional layer of security", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Data Security review checklist", + "description": "When you create your Azure Synapse workspace, you can choose to associate it to a Microsoft Azure Virtual Network. The Virtual Network associated with your workspace is managed by Azure Synapse. This Virtual Network is called a Managed workspace Virtual Network. This can be selected when deploying a workspace", + "guid": "e2436b03-36db-455e-8796-0eee0bdf4cc2", + "link": "https://learn.microsoft.com/azure/synapse-analytics/security/synapse-workspace-managed-vnet?view=sql-server-ver16", + "service": "Synapse Analytics", + "severity": "Medium", + "text": "Use managed vnet workspace to restrict the access over public internet", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Data Security review checklist", + "description": "Use Microsoft Entra ID as the default authentication method.", + "guid": "a9c26d9c-42bb-45bd-8c69-99a246e3389a", + "service": "Event Hubs", + "severity": "High", + "text": "Use Microsoft Entra ID as the default authentication method and disable local access wherever possible", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Data Security review checklist", + "description": "To protect any sensitive data, it's recommended to disable public access to the workspace endpoints entirely. By doing so, it ensures all workspace endpoints can only be accessed using�private endpoints.", + "guid": "efc4d761-c31d-425f-bbb4-7a393a040ed3", + "link": "https://learn.microsoft.com/azure/synapse-analytics/security/synapse-workspace-managed-private-endpoints?view=sql-server-ver16", + "service": "Synapse Analytics", + "severity": "Medium", + "text": "Configure private endpoints to connect to the external services and disable public access", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Data Security review checklist", + "description": "Use Microsoft Entra ID as the default authentication method.", + "guid": "7e42c77d-78cb-46a2-8ad1-9f916e698d8f", + "service": "Event Hubs", + "severity": "Medium", + "text": "Use managed identity to authenticate to the services", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Data Security review checklist", + "description": "If public access needs to be enabled, it's highly recommended to configure the IP firewall rules to allow inbound connections only from the specified list of public IP addresses.", + "guid": "294798b1-178a-42c5-a46c-eb544350d092", + "link": "https://learn.microsoft.com/azure/synapse-analytics/security/synapse-workspace-ip-firewall", + "service": "Synapse Analytics", + "text": "If enabling public access highly recommended to configure IP firewall rules", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Data Security review checklist", + "guid": "adfe27bd-e187-401a-a352-baa9b68a088c", + "service": "Event Hubs", + "severity": "Medium", + "text": "Configure conditional access policies to restrict the access on Data plane", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Data Security review checklist", + "guid": "d234292b-7528-4537-a551-c5bf4e4f1854", + "link": "https://learn.microsoft.com/azure/data-factory/create-self-hosted-integration-runtime?tabs=data-factory", + "service": "Synapse Analytics", + "severity": "Medium", + "text": "Deploy SHIR VMs in your vnet if you are working with sensitive data that shouldn�t leave your corporate network", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Data Security review checklist", + "description": "Restrict exposure of keys and secerts", + "guid": "9a80822b-8eb9-4d1b-a77f-26e5e6beba8e", + "service": "Event Hubs", + "severity": "High", + "text": "Use Azure Key Vaults to store secrets and crendentials.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Data Security review checklist", + "description": "This can be done only when deploying the workspace, but Python libraries installed from public repositories like PyPI are not supported. (Think about the limitation before enabling it)", + "guid": "287d5cdc-126c-4c03-8af5-b1fc6898a535", + "link": "https://learn.microsoft.com/azure/synapse-analytics/security/how-to-create-a-workspace-with-data-exfiltration-protection", + "service": "Synapse Analytics", + "severity": "Medium", + "text": "Enable Data Exfiltration Protection (DEP)", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Data Security review checklist", + "guid": "d4f3437c-c336-4d81-9f27-a71efe1b9b5d", + "service": "Event Hubs", + "severity": "High", + "text": "Separate and limit highly privileged/administrative users", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Data Security review checklist", + "description": "When you create an Event Hubs namespace, a policy rule named RootManageSharedAccessKey is automatically created for the namespace. This policy has manage permissions for the entire namespace. It�s recommended that you treat this rule like an administrative root account and don�t use it in your application. You can create additional policy rules in the Configure tab for the namespace in the portal, via PowerShell or Azure CLI. Avoid the usage of local authentication methods or accounts, these should be disabled wherever possible. Instead use Azure AD to authenticate where possible.", + "guid": "9de0d5d7-21d4-41d2-900c-817bf9eac41f", + "link": "https://learn.microsoft.com/azure/event-hubs/authenticate-shared-access-signature", + "service": "Event Hubs", + "severity": "Medium", + "text": "Authenticate access to Event Hubs resources using shared access signatures (SAS) and restrict local users", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Data Security review checklist", + "description": "Use Azure role-based access control (Azure RBAC) to manage Azure resource access through built-in role assignments. Azure RBAC roles can be assigned to users, groups, service principals, and managed identities.", + "guid": "387e5ced-127d-4d14-8b06-b20c6999a646", + "link": "https://learn.microsoft.com/azure/event-hubs/authorize-access-azure-active-directory", + "service": "Event Hubs", + "severity": "Medium", + "text": "Use Azure RBACs to fine grain the access ", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Data Security review checklist", + "description": "First layer of encryption is done by Microsoft managed keys, you can add a second layer of encryption using Customer managed Keys", + "guid": "e337897e-31b6-47d6-9be5-962a1193846d", + "link": "https://learn.microsoft.com/azure/synapse-analytics/security/workspaces-encryption", + "service": "Synapse Analytics", + "severity": "Medium", + "text": "Data Encryption at rest using Customer managed Keys for workspace", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Data Security review checklist", + "description": "Service supports disabling public network access either through using service-level IP ACL filtering rule (not NSG or Azure Firewall) or using a 'Disable Public Network Access' toggle switch.", + "guid": "f3389a7e-42c7-48e7-ac06-a62a2194956e", + "service": "Event Hubs", + "severity": "Medium", + "text": "Disable Public Network Access", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Data Security review checklist", + "description": "Azure Synapse leverages TLS to ensure data is encrypted in motion. SQL dedicated pools support TLS 1.0, TLS 1.1, and TLS 1.2 versions for encryption wherein Microsoft-provided drivers use TLS 1.2 by default. Serverless SQL pool and Apache Spark pool use TLS 1.2 for all outbound connections.", + "guid": "697cc391-ed16-4b2d-886f-0a1241bddde6", + "link": "https://learn.microsoft.com/azure/synapse-analytics/guidance/security-white-paper-data-protection#data-in-transit", + "service": "Synapse Analytics", + "severity": "Medium", + "text": "Data Encryption in transit ", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Data Security review checklist", + "guid": "6a8dc4a2-fe27-4b2e-8870-1a1352beedf7", + "service": "Event Hubs", + "severity": "Medium", + "text": "Use Vnets to isolate traffic over restricted network ", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Synapse/workspaces", + "checklist": "Data Security review checklist", + "description": "Use Keyvaults to store your secrets and credentials", + "guid": "8a477cde-b486-41bc-9bc1-0ae66e25e4d5", + "service": "Synapse Analytics", + "severity": "High", + "text": "Store passwords, secerts and keys in Azure key vault", + "waf": "Security" + }, + { + "arm-service": "microsoft.eventhub/namespaces", + "checklist": "Data Security review checklist", + "guid": "9b488dee-c496-42cc-9cd2-1bf77f26e5e6", + "link": "https://learn.microsoft.com/azure/event-hubs/private-link-service", + "service": "Event Hubs", + "severity": "Medium", + "text": "Deploy private endpoints for all Azure resources that support the Private Link feature, to establish a private access point for the resources.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Data Security review checklist", + "description": "You can store credentials or secret values in an Azure Key Vault and use them during pipeline execution to pass to your activities.", + "guid": "a3aec2c4-e243-46b0-936d-b55e17960eee", + "link": "https://learn.microsoft.com/azure/data-factory/how-to-use-azure-key-vault-secrets-pipeline-activities", + "service": "Data Factory", + "severity": "Medium", + "text": "Use Azure Key Vault secrets in pipeline activities", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "Fabric controls data access using workspaces. In workspaces, data appears in the form of Fabric items, and users can't view or use items (data) unless you give them access to the workspace. You can find more information about workspace and item permissions, in Permission model.", + "guid": "b3bed3d5-f353-47c1-946d-c56028a71ffe", + "link": "https://learn.microsoft.com/fabric/security/permission-model", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "Use Workspace roles to provide access to the users on the data", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "OneLake RBAC uses role assignments to apply permissions to its members.", + "guid": "1bd05dd2-e0d5-4d77-8d41-e3611cc57b4a", + "link": "https://learn.microsoft.com/fabric/onelake/security/data-access-control-model", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "Use RBAC on Onelake to provide fine grain access on the data in Tables/Files Onelake ", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "Take into account the access of the user at both target and source location of the shortcut", + "guid": "4b1410d4-3958-498c-8288-b3c6a57cfc64", + "link": "https://learn.microsoft.com/fabric/onelake/security/data-access-control-model#shortcuts", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "When using shortcuts the user identity of the user should have access on the target location of the shortcut as well", + "training": "https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "Not all users need to have access on the entire workspace using roles so instead restrict giving roles on the entire workspace and only share the item to the user using share item feature or managing permission in Fabric", + "guid": "4451e1a3-d345-43a3-a763-9637a552d5c1", + "link": "https://learn.microsoft.com/fabric/get-started/share-items", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "Restrict providing workspace level role to users instead share an item only to the users", + "training": "https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "Use features like RLS, CLS and Dynamic data masking to enhance your data security requirements on sql workloads.", + "guid": "5e401965-387e-45ce-b127-dd142b06b20c", + "link": "https://learn.microsoft.com/fabric/data-warehouse/tutorial-row-level-security", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "Limit access to the data by defining RLS, CLS and dynamic data masking on Warehouse and SQL analytics endpoints", + "training": "https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "Use features like RLS and OLS on Power BI to have more security features on semantic models", + "guid": "6999a646-f338-49a7-b42c-78e78c06a62a", + "link": "https://learn.microsoft.com/fabric/security/service-admin-row-level-security", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "Limit access to the data by defining RLS and OLS on semantic models in Power BI", + "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "In Fabric, all data that is stored in OneLake is encrypted at rest", + "guid": "2194956e-6a8d-4c4a-8fe2-7b2e28701a13", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "Encrypt Data at rest", + "training": "https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "Data in transit across the public internet between Microsoft services is always encrypted with at least TLS 1.2. Fabric negotiates to TLS 1.3 whenever possible.", + "guid": "52beedf7-9b48-48de-bc49-62cc3cd21bf7", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "Encrypt data in transit", + "training": "https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn", + "waf": "Security" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Data Security review checklist", + "description": "Restrict the use of local authentication methods for data plane access. Instead, use Microsoft Entra ID as the default authentication method to control your data plane access.", + "guid": "0bdf4cc2-efc4-4d76-8c31-d25ffbb47a39", + "service": "Data Factory", + "severity": "High", + "text": "Restrict use of local users whereever necessary", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "No need to do anything. Every request to connect to Fabric is authenticated with Microsoft Entra ID, allowing users to safely connect to Fabric from their corporate office, when working at home, or from a remote location.", + "guid": "7f26e5e6-b3be-4d3d-9f35-37c1346dc560", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "Use Microsoft Entra ID as default authentication method", + "training": "https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn", + "waf": "Security" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Data Security review checklist", + "description": "Managed identities eliminate the need to manage credentials. Managed identities provide an identity for the service instance when connecting to resources that support Microsoft Entra authentication.", + "guid": "3a040ed3-2947-498b-8178-a2c5a46ceb54", + "link": "https://learn.microsoft.com/azure/data-factory/data-factory-service-identity", + "service": "Data Factory", + "severity": "Medium", + "text": "Use managed identity to authenticate to the services", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "A Fabric workspace identity is an automatically managed service principal that can be associated with a Fabric workspace. Workspace identities can be created in the workspace settings of any workspace except My workspaces. A workspace identity is automatically assigned the workspace contributor role and has access to workspace items. Limitation: Write to shortcut destination fails when using workspace identity as the authentication method. Connections with workspace-identity-authentication can only be used in Onelake shortcuts and data pipelines.", + "guid": "28a71ffe-1bd0-45dd-8e0d-5d771d41e361", + "link": "https://learn.microsoft.com/fabric/security/workspace-identity", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "Use workspace identity to authenticate to the services", + "waf": "Security" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Data Security review checklist", + "description": "If not required for routine administrative operations, disable or restrict any local admin accounts for only emergency use.", + "guid": "4350d092-d234-4292-a752-8537a551c5bf", + "service": "Data Factory", + "severity": "High", + "text": "Separate and limit highly privileged/administrative users and enable MFA and conditional policies", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "Grant the identity permissions on the storage account", + "guid": "1cc57b4a-4b14-410d-9395-898c2288b3c6", + "link": "https://learn.microsoft.com/fabric/security/workspace-identity-authenticate#step-2-grant-the-identity-permissions-on-the-storage-account", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "Provide RBAC roles on storage account to the managed identity to make a successful connection", + "waf": "Security" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Data Security review checklist", + "guid": "4e4f1854-287d-45cd-a126-cc032af5b1fc", + "service": "Data Factory", + "severity": "Medium", + "text": "Disable access over public internet and configure either firewall rules or trusted services rules", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "Fabric workspaces with a workspace identity can securely read or write to firewall-enabled Azure Data Lake Storage Gen2 accounts through�trusted workspace access�for OneLake shortcuts.", + "guid": "a57cfc64-4451-4e1a-9d34-53a3c7639637", + "link": "https://learn.microsoft.com/fabric/security/security-trusted-workspace-access", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "Configure trusted workspace access to access storage account behind firewall ", + "waf": "Security" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Data Security review checklist", + "guid": "6898a535-e337-4897-b31b-67d67be5962a", + "service": "Data Factory", + "severity": "Medium", + "text": "Deploy SHIR VMs in your vnet if you are working with sensitive data that shouldn�t leave your corporate network", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "Managed virtual networks are virtual networks that are created and managed by Microsoft Fabric for each Fabric workspace. Managed virtual networks provide network isolation for Fabric Spark workloads, meaning that the compute clusters are deployed in a dedicated network and are no longer part of the shared virtual network. It is only supported for spark workload in Fabric.", + "guid": "a552d5c1-5e40-4196-9387-e5ced127dd14", + "link": "https://learn.microsoft.com/fabric/security/security-managed-vnets-fabric-overview", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "Use managed vnet option if you have network isolation needs", + "training": "https://learn.microsoft.com/learn/paths/implement-resource-mgmt-security/", + "waf": "Security" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Data Security review checklist", + "description": "When you create an Azure integration runtime within a Data Factory managed virtual network, the integration runtime is provisioned with the managed virtual network. It uses private endpoints to securely connect to supported data stores.", + "guid": "1193846d-697c-4c39-8ed1-6b2d186f0a12", + "service": "Data Factory", + "severity": "Medium", + "text": "Use managed vnet IR to restrict the access over public internet for Azure Integration Runtime", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "Managed private endpoints are feature that allows secure and private access to data sources from Fabric Spark workloads. You cannot use starter pool with managed PE", + "guid": "6f4a0641-addd-4ea8-a477-cdeb3861bc3b", + "link": "https://learn.microsoft.com/fabric/security/security-managed-private-endpoints-overview", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "Configure managed private endpoints to access Azure services", + "training": "https://learn.microsoft.com/learn/paths/implement-network-security/", + "waf": "Security" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Data Security review checklist", + "description": "Managed private endpoints are private endpoints created in the Data Factory managed virtual network that establishes a private link to Azure resources. Data Factory manages these private endpoints on your behalf.", + "guid": "41bddde6-8a47-47cd-bb48-61bc3bc10ae6", + "link": "https://learn.microsoft.com/azure/data-factory/managed-virtual-network-private-endpoint#managed-private-endpoints", + "service": "Data Factory", + "severity": "Medium", + "text": "Configure managed private endpoints to connect to resources using managed azure IR", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "Fabric uses a private IP address from your virtual network. The endpoint allows users in your network to communicate with Fabric over the private IP address using private links.", + "guid": "c14aea6e-65d8-4d9a-9aec-218e6436b063", + "link": "https://learn.microsoft.com/fabric/security/security-private-links-use", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "Configure Private Links to access resources in your own Azure vnet i.e traffic coming in your Fabric environment", + "training": "https://learn.microsoft.com/learn/paths/implement-network-security/", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "When a user authenticates access is determined based on a set of policies that might include IP address, location, and managed devices.", + "guid": "6cb45e57-9603-4324-adf8-cc23318da611", + "link": "https://learn.microsoft.com/fabric/security/security-conditional-access", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "Configure Microsoft Entra ID conditional access if a user is trying to access your Fabric environment", + "training": "https://learn.microsoft.com/learn/paths/implement-network-security/", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "In Azure, a service tag is a defined group of IP addresses that is automatically managed, as a group, to minimize the complexity of updates or changes to network security rules.", + "guid": "70265f4b-b46a-4393-af70-317294797b15", + "link": "https://learn.microsoft.com/fabric/security/security-service-tags", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "You can use Azure service tags to enable connections to and from Microsoft Fabric.", + "training": "https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "optional", + "guid": "78a219a4-6beb-4544-9502-4922634292bb", + "link": "https://learn.microsoft.com/fabric/security/fabric-allow-list-urls", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "You can add Fabric URLs to your allowlist", + "training": "https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "optional", + "guid": "528537a5-4119-4bf8-b8f5-854287d9cdc1", + "link": "https://learn.microsoft.com/fabric/security/power-bi-allow-list-urls", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "You can add Power BI URLs to your allowlist", + "training": "https://learn.microsoft.com/learn/modules/introduction-azure-virtual-wan/", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "The data gateway lets you connect your Azure and other data services to Microsoft Fabric and the Power Platform to securely communicate with the data source, execute queries, and transmit results back to the service.", + "guid": "56cc071a-e9b1-441a-a889-535e727897e7", + "link": "https://learn.microsoft.com/data-integration/gateway/service-gateway-install", + "service": "Microsoft Fabric", + "severity": "Medium", + "text": "Configure and use On-prem data gateway or Vnet data gateway to connect to sources either on prem or behind a virtual network", + "waf": "Security" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Data Security review checklist", + "description": "By using Azure Private Link, you can connect to various platform as a service (PaaS) deployments in Azure via a private endpoint. A private endpoint is a private IP address within a specific virtual network and subnet", + "guid": "b47a393a-0804-4272-a479-8b1578b219a4", + "link": "https://learn.microsoft.com/azure/data-factory/data-factory-private-link", + "service": "Data Factory", + "severity": "Medium", + "text": "Configure Private Links to connect to sources in customer Vnet and data factory", + "waf": "Security" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Data Security review checklist", + "description": "This is a default setting", + "guid": "6ceb5443-5135-4922-9442-93bb628637a5", + "service": "Data Factory", + "severity": "Medium", + "text": "Data Encryption at rest by Microsoft managed keys", + "waf": "Security" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Data Security review checklist", + "description": "This is a default setting", + "guid": "5119b08e-8f58-4543-a7e9-cec166cd072a", + "service": "Data Factory", + "severity": "Medium", + "text": "Data Encryption in transit by Microsoft managed keys", + "waf": "Security" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Data Security review checklist", + "description": "When you specify a customer-managed key, Data Factory uses�both�the factory system key and the CMK to encrypt customer data. Missing either would result in Deny of Access to data and factory.", + "guid": "f9b241a9-98a5-435e-9378-97e71ca7da8c", + "link": "https://learn.microsoft.com/azure/data-factory/enable-customer-managed-key", + "service": "Data Factory", + "severity": "Medium", + "text": "Data Encryption in transit by BYOK (Customer managed keys)", + "waf": "Security" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Data Security review checklist", + "guid": "faa62a15-9495-46da-a7dc-3a23267b2258", + "link": "https://learn.microsoft.com/azure/data-factory/store-credentials-in-key-vault, https:/learn.microsoft.com/azure/data-factory/how-to-use-azure-key-vault-secrets-pipeline-activities", + "service": "Data Factory", + "severity": "High", + "text": "Store passwords, secrets in Azure Key Vault", + "waf": "Security" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Data Security review checklist", + "description": "You can store credentials or secret values in an Azure Key Vault and use them during pipeline execution to pass to your activities.", + "guid": "6f4a1652-bddd-4ea8-a487-cdec4861bc3b", + "link": "https://learn.microsoft.com/azure/data-factory/how-to-use-azure-key-vault-secrets-pipeline-activities", + "service": "Data Factory", + "severity": "Medium", + "text": "Use Azure Key Vault secrets in pipeline activities", + "waf": "Security" + }, + { + "arm-service": "Microsoft.DataFactory/datafactories", + "checklist": "Data Security review checklist", + "description": "You can encrypt and store credentials for any of your on-premises data stores (linked services with sensitive information) on a machine with self-hosted integration runtime.", + "guid": "c14aeb7e-66e8-4d9a-9bec-218e6436b173", + "link": "https://learn.microsoft.com/azure/data-factory/encrypt-credentials-self-hosted-integration-runtime", + "service": "Data Factory", + "severity": "Medium", + "text": "Encrypt credentials for on-premises using SHIR data stores in Azure Data Factory", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "guid": "6db55f57-9603-4334-adf9-cc23418db612", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Define roles and responsibilities to manage Microsoft Purview in control plane and data plane", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "Use Azure RBACs for this", + "guid": "8126504b-b47a-4393-a080-427294798b15", + "link": "https://learn.microsoft.com/azure/role-based-access-control/best-practices", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Define roles and tasks required to deploy and manage Microsoft Purview inside an Azure subscription (control plane)", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "Use Microsoft Purview roles for this.", + "guid": "78b219a4-6ceb-4544-9513-5922744293bb", + "link": "https://learn.microsoft.com/purview/classic-data-governance-permissions#roles, https://learn.microsoft.com/azure/role-based-access-control/best-practices", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Define roles and task needed to perform data management and governance using Microsoft Purview. (Data plane for Data Map and Data Catalog.)", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "guid": "628637a5-5119-4b08-b8f5-854387e9cec1", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Assign roles to Microsoft Entra groups instead of assigning roles to individual users.", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "guid": "66cd072a-f9b2-441a-a98a-535e737897e7", + "link": "https://learn.microsoft.com/azure/active-directory/governance/entitlement-management-overview", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Use Azure�Active Directory Entitlement Management�to map user access to Microsoft Entra groups using Access Packages.", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "guid": "1ca7da8c-faa6-42a1-9949-56da97dc3a23", + "service": "Microsoft Purview", + "severity": "High", + "text": "Enforce multifactor authentication for Microsoft Purview users, especially, for users with privileged roles such as collection admins, data source admins or data curators.", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "guid": "267b2258-6f4a-4165-8bdd-dea8a487cdec", + "service": "Microsoft Purview", + "severity": "High", + "text": "Use Microsoft Entra ID to provide authentication and authorization to all users, security groups registered in Entra, service principal and managed identities inside collections in Microsoft Purview", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "guid": "4861bc3b-c14a-4eb7-b66e-8d9a3bec218e", + "service": "Microsoft Purview", + "severity": "High", + "text": "Define Least Privilege model and Lower exposure of privileged accounts", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "guid": "6436b173-6db5-45f5-9960-3334bdf9cc23", + "link": "https://learn.microsoft.com/purview/catalog-private-link-end-to-end", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Enable�end-to-end network isolation�using Private Link Service. (Microsoft Purview Data Map)", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "guid": "418db612-8126-4504-ab47-a393a0804272", + "link": "https://learn.microsoft.com/purview/catalog-private-link-end-to-end#firewalls-to-restrict-public-access", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Use�Microsoft Purview Firewall�to disable Public access. (Microsoft Purview Data Map)", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "guid": "94798b15-78b2-419a-96ce-b54435135922", + "link": "https://learn.microsoft.com/purview/concept-best-practices-security#use-network-security-groups", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Deploy�Network Security Group (NSG) rules�for subnets where Azure data sources private endpoints, Microsoft Purview private endpoints and self-hosted runtime VMs are deployed. (Microsoft Purview Data Map)", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "guid": "744293bb-6286-437a-9511-9b08e8f58543", + "link": "https://learn.microsoft.com/azure/firewall/overview", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Implement Microsoft Purview with private endpoints managed by a Network Virtual Appliance, such as�Azure Firewall�for network inspection and network filtering. (Microsoft Purview Data Map)", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "This private endpoint is also a prerequisite for the portal private endpoint. The Microsoft Purview�portal�private endpoint is required to enable connectivity to Microsoft Purview governance portal using a private network. Microsoft Purview can scan data sources in Azure or an on-premises environment by using ingestion private endpoints. Limitations on using private endpoints https://learn.microsoft.com/purview/catalog-private-link-troubleshoot", + "guid": "87e9cec1-66cd-4072-af9b-241a998a535e", + "link": "https://learn.microsoft.com/purview/concept-best-practices-network", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Deploy private endpoints for Microsoft Purview accounts to add another layer of security, so only client calls that are originated from within the virtual network are allowed to access the Microsoft Purview account", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "https://learn.microsoft.com/purview/catalog-private-link-end-to-end#firewalls-to-restrict-public-access. Limitation to be reviewed: https://learn.microsoft.com/purview/catalog-private-link-troubleshoot", + "guid": "b7bcdb3b-51eb-42ec-84ed-a6e59d8d9a2e", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Block public access using Microsoft Purview firewall", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "guid": "db217e67-6abf-4669-aa48-e5a96f2223ec", + "link": "https://learn.microsoft.com/azure/private-link/disable-private-endpoint-network-policy, https:/learn.microsoft.com/purview/concept-best-practices-security#use-network-security-groups", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Use Network Security Groups to filter network traffic to and from Azure resources in an Azure virtual network", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "https://learn.microsoft.com/purview/concept-best-practices-security#apply-security-best-practices-for-self-hosted-runtime-vms", + "guid": "e8cb1231-8ca5-4017-b158-e3fb3aa3c2de", + "service": "Microsoft Purview", + "severity": "High", + "text": "If you have sensitive data that cannot leave the boundary of your on-prem vnet it is highly recommended to use SHIR VMs inside your corporate vnet to extract your metadata ", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "Metadata is extracted and stored in Microsoft Purview Data Map, if you are not using managed storage account for your Purview account they are open to be accessed by all so implement proper RBACs and retrict the access of Data to only intended users. Applicable to Accounts deployed after December 15, 2023 (or deployed using API version 2023-05-01-preview onwards", + "guid": "7f3165c3-a87a-405b-9a20-9949bda47778", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Use Azure RBACs to restrict the access of your storage account (not managed by MS) only to intended users.", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "guid": "f24d1167-85c2-4fa5-9c56-a948008be7d7", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Data in rest is encrypted by microsoft managed keys", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "guid": "27f7b9e9-1be1-4f38-aff3-9812bd463cbb", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Data in transit is encrypted by TLS 1.3", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "guid": "bc8ac199-ebb9-41a4-9d90-dae2cc881370", + "service": "Microsoft Purview", + "severity": "High", + "text": "Always use Azure key vaults to store all credentials if not using managed identities or without password need methods", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "guid": "6f7c0cba-fe61-4465-add4-57e927139b82", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Prevent accidental deletion of Microsoft Purview accounts by applying resource Locks", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "description": "https://learn.microsoft.com/purview/concept-best-practices-collections#design-recommendations", + "guid": "1102cac6-eae0-41e6-b842-e52f4722d928", + "link": "https://learn.microsoft.com/entra/identity/role-based-access-control/security-emergency-access", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Plan for a break glass strategy for your Microsoft Entra tenant, Azure subscription and Microsoft Purview accounts to prevent tenant-wide account lockout.", + "waf": "Security" + }, + { + "checklist": "Data Security review checklist", + "guid": "15f51296-5398-4e6d-bd23-7dd142b16c21", + "service": "Microsoft Purview", + "severity": "Medium", + "text": "Integrate with Microsoft 365 and Microsoft Defender for Cloud", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Databricks/workspaces", + "checklist": "Data Security review checklist", + "description": "Separate admin accounts from normal user accounts.", + "guid": "d7999a64-6f43-489a-af42-c78e78c06a73", + "service": "Databricks", + "severity": "High", + "text": "Define Least Privilege model and Lower exposure of privileged accounts", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Databricks/workspaces", + "checklist": "Data Security review checklist", + "description": "Azure Databricks supports Microsoft Entra ID conditional access, which allows administrators to control where and when users are permitted to sign in to Azure Databricks. Conditional access policies can restrict sign-in to your corporate network or can require multi-factor authentication (MFA).", + "guid": "a22a4956-e7a8-4dc4-a20e-27c3e29711b1", + "link": "https://learn.microsoft.com/azure/databricks/security/auth/#single-sign-on", + "service": "Databricks", + "severity": "High", + "text": "Configure single sign-on and unified login. Enable multi-factor authentication.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Databricks/workspaces", + "checklist": "Data Security review checklist", + "description": "Customers can use the Token Management API or UI controls to enable or disable personal access tokens (PATs) for REST API authentication, limit the users who are allowed to use PATs, set the maximum lifetime for new tokens, and manage existing tokens. Highly-secure customers typically provision a maximum token lifetime for new tokens for a workspace. This feature requires the Premium pricing tier.", + "guid": "352beee0-79b5-488d-bfc5-972cd4cd21b0", + "link": "https://learn.microsoft.com/azure/databricks/admin/access-control/tokens", + "service": "Databricks", + "severity": "Medium", + "text": "Use token management.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Databricks/workspaces", + "checklist": "Data Security review checklist", + "description": "If you have Databricks administrators who are also normal users of the Databricks platform (for example, there�s a lead data engineer who administers the platform and also does data engineering work), Databricks recommends creating a separate account for administrative tasks. It�s important to note that as part of the Azure RBAC model, users that are given Contributor or above permissions to the Resource Group for a deployed Azure Databricks workspace automatically become administrators when they login to that workspace. Therefore, the same considerations outlined above should be applied to Azure portal users too.", + "guid": "77036e5e-6b4b-4fd3-b503-547c1447dc56", + "service": "Databricks", + "severity": "High", + "text": "Separate admin accounts from normal user accounts", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Databricks/workspaces", + "checklist": "Data Security review checklist", + "description": "SCIM (System for Cross-domain Identity Management) allows you to sync users and groups from Microsoft Entra ID to Azure Databricks. There are three major benefits of this approach: 1. When you remove a user, the user is automatically removed from Databricks. 2. Users can also be disabled temporarily via SCIM. Customers have used this capability for scenarios where customers believe that an account may be compromised and need to investigate 3. Groups are automatically synchronized Please refer to the documentation for detailed instructions on how to configure SCIM for Azure Databricks. This feature requires the Premium pricing tier", + "guid": "028a71ff-f1ce-415d-b3f0-d5e872d42e36", + "link": "https://learn.microsoft.com/azure/databricks/admin/users-groups/scim/", + "service": "Databricks", + "severity": "Medium", + "text": "SCIM synchronization of users and groups.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Databricks/workspaces", + "checklist": "Data Security review checklist", + "description": "Using either cluster policies or the older cluster ACLs, admins can define what users or groups within the organization are able to create clusters. Cluster ACLs allow you to specify which users can attach a notebook to a given cluster. Note that if a user shares a notebook already attached to a standard mode cluster, the recipient will also be able to execute code on that cluster. This does not apply to clusters that enforce user isolation: SQL Warehouses, high concurrency with table ACLs clusters, and high concurrency with credential passthrough clusters. Customers who use Unity Catalog can also enable single-user clusters to enforce isolation clusters.", + "guid": "11cc57b4-a4b1-4410-b43a-58a9c2289b3d", + "service": "Databricks", + "severity": "Medium", + "text": "Limit cluster creation rights.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Databricks/workspaces", + "checklist": "Data Security review checklist", + "description": "Account admins can configure a workspace setting called RestrictWorkspaceAdmins to restrict workspace admins to only change a job owner to themselves and the job run as setting to a service principal that they have the Service Principal User role on.", + "guid": "6b57dfc6-5546-41e1-a3e3-453a3c863964", + "link": "https://learn.microsoft.com/azure/databricks/admin/workspace-settings/restrict-workspace-admins", + "service": "Databricks", + "severity": "High", + "text": "Restrict workspace admins", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Databricks/workspaces", + "checklist": "Data Security review checklist", + "description": "It�s important to note that even if customers use Azure Key Vault to store their secrets, access controls still need to be defined within Azure Databricks. This is because the same service identity is used to retrieve the secret for all users of an Azure Databricks workspace.", + "guid": "8b662d6c-15f5-4129-9539-8e6ded237dd1", + "service": "Databricks", + "severity": "High", + "text": "Store passwords, secrets in Azure Key Vault", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Databricks/workspaces", + "checklist": "Data Security review checklist", + "description": "Clusters with user isolation include enforcement such that each user runs as a different non-privileged user account on the cluster host. Languages are also limited to those that can be implemented in an isolated manner (SQL and Python), and Spark APIs must be on an allowlist of those we believe to be isolation-safe.", + "guid": "78c06a73-a22a-4495-9e7a-8dc4a20e27c3", + "service": "Databricks", + "severity": "Medium", + "text": "Use clusters that support user isolation.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Databricks/workspaces", + "checklist": "Data Security review checklist", + "description": "It is against security best practices to tie production workloads to individual user accounts, and so we recommend configuring Service Principals within Databricks. Service Principles separate administrator and user actions from the workload and prevent workloads from being impacted if a user leaves an organization. With Databricks, you can configure jobs to run as service principals and generate Personal Access Tokens for Service Principals.", + "guid": "e29711b1-352b-4eee-879b-588defc5972c", + "link": "https://learn.microsoft.com/azure/databricks/security/auth/access-control/", + "service": "Databricks", + "severity": "Medium", + "text": "Use service principals to run production jobs. Use proper access control for workspace level (ACLs), account level (RBACs) and data level (Unity catalog) security controls", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Databricks/workspaces", + "checklist": "Data Security review checklist", + "description": "By default, DBFS is a filesystem that is accessible to all users of the given workspace and can be accessed via API. This is not necessarily a major data exfiltration concern as you can limit access to accessing data via the DBFS API or Databricks cli using IP access lists or private network access. However, as use of Azure Databricks grows and more users join a workspace, those users would have access to any data stored in DBFS, creating the potential for undesired information sharing. Databricks recommends that our customers do not store production data in DBFS.", + "guid": "d4cd21b0-7703-46e5-b6b4-bfd3d503547c", + "service": "Databricks", + "severity": "High", + "text": "Avoid storing production data in DBFS.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Databricks/workspaces", + "checklist": "Data Security review checklist", + "description": "For the storage accounts that you manage, it is your responsibility to ensure that the storage accounts are protected according to your requirements. Examples might include: Encryption with your customer-managed key, Restrict access to trusted networks with a storage firewall, Anonymous public access is not allowed", + "guid": "1447dc56-028a-471f-bf1c-e15dd3f0d5e8", + "link": "https://learn.microsoft.com/azure/databricks/security/keys/customer-managed-keys", + "service": "Databricks", + "severity": "Medium", + "text": "Encrypt storage and restrict access.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Databricks/workspaces", + "checklist": "Data Security review checklist", + "description": "Add a customer-managed key for select data stored within the Azure Databricks control plane, such as notebooks, secrets, Databricks SQL queries, and Databricks SQL query history and for the root storage account used for DBFS. Azure Databricks requires access to this key for ongoing operations. You can revoke access to the key to prevent Azure Databricks from accessing encrypted data within the control plane (or in our backups). This is like a �nuclear option� where the workspace ceases to function, but it provides an emergency control for extreme situations. This feature requires the Premium pricing tier.", + "guid": "72d42e36-11cc-457b-9a4b-1410e43a58a9", + "link": "https://learn.microsoft.com/azure/databricks/security/keys/customer-managed-keys", + "service": "Databricks", + "severity": "Medium", + "text": "Add a customer-managed key for managed services and workspace storage", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Databricks/workspaces", + "checklist": "Data Security review checklist", + "description": "Configure IP access lists that restrict the IP addresses that can authenticate to Databricks at account console and workspace level by checking if the user or API client is coming from a known good IP address range such as a VPN or office network. Established user sessions do not work if the user moves to a bad IP address, such as when disconnecting from the VPN. ", + "guid": "277de183-b1ac-4252-a9a9-b64608489a8f", + "link": "https://learn.microsoft.com/azure/databricks/security/network/front-end/ip-access-list", + "service": "Databricks", + "severity": "Medium", + "text": "Enable IP access lists to restrict access to certain IP addresses.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Databricks/workspaces", + "checklist": "Data Security review checklist", + "description": "Azure Private Link provides a private network route from one Azure environment to another. Private Link can be configured both between Azure Databricks users and the control plane, and also between the control plane and the data plane. Between Databricks users and the control plane, Private Link provides strong controls that limit the source for inbound requests. If a company already routes traffic through an Azure environment, they can use Private Link so that the communication between users and the Azure Databricks control plane does not traverse public IP addresses. This feature requires the Premium pricing tier. Use Azure Private Link to connect from Azure Databricks to your Azure resources. Not only does Private Link ensure", + "guid": "82db8eb9-d1ba-473b-86a5-a57eba8dd4b3", + "link": "https://learn.microsoft.com/azure/databricks/security/network/classic/private-link", + "service": "Databricks", + "severity": "Medium", + "text": "Configure and use Azure Private Link to access Azure resources.", + "waf": "Security" + }, + { + "arm-service": "Microsoft.DBforMySQL/servers", + "checklist": "MySQL Review Checklist", + "guid": "388c3e25-e800-4ad2-9df3-f3d6ae1050b7", + "link": "https://learn.microsoft.com/azure/mysql/flexible-server/overview", + "service": "Azure MySQL", + "severity": "Medium", + "text": "Leverage Flexible Server", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.DBforMySQL/servers", + "checklist": "MySQL Review Checklist", + "guid": "de3aad1e-8c38-4ec9-9666-7313c005674b", + "link": "https://learn.microsoft.com/azure/mysql/flexible-server/overview#high-availability-within-and-across-availability-zones", + "service": "Azure MySQL", + "severity": "High", + "text": "Leverage Availability Zones where regionally applicable", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.DBforMySQL/servers", + "checklist": "MySQL Review Checklist", + "guid": "1e944a45-9c37-43e7-bd61-623b365a917e", + "link": "https://learn.microsoft.com/azure/mysql/flexible-server/overview#setup-hybrid-or-multi-cloud-data-synchronization-with-data-in-replication", + "service": "Azure MySQL", + "severity": "Medium", + "text": "Leverage Data-in replication for cross-region DR scenarios", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "graph": "resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant", + "guid": "553585a6-abe0-11ed-afa1-0242ac120002", + "link": "https://learn.microsoft.com/azure/application-gateway/overview-v2", + "service": "App Gateway", + "severity": "Medium", + "text": "Ensure you are using Application Gateway v2 SKU", + "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Network/loadBalancers", + "checklist": "Azure Application Delivery Networking", + "graph": "resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard')", + "guid": "4e35fbf5-0ae2-48b2-97ce-753353edbd1a", + "link": "https://learn.microsoft.com/azure/load-balancer/load-balancer-overview", + "service": "Load Balancer", + "severity": "Medium", + "text": "Ensure you are using the Standard SKU for your Azure Load Balancers", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Network/loadBalancers", + "checklist": "Azure Application Delivery Networking", + "guid": "9432621a-8397-4654-a882-5bc856b7ef83", + "link": "https://learn.microsoft.com/azure/load-balancer/load-balancer-standard-availability-zones", + "service": "Load Balancer", + "severity": "Medium", + "text": "Ensure your Load Balancers frontend IP addresses are zone-redundant (unless you require zonal frontends).", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "graph": "resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant", + "guid": "dfc50f87-3800-424c-937b-ed5f186e7c15", + "link": "https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet", + "service": "App Gateway", + "severity": "Medium", + "text": "Your Application Gateways v2 should be deployed in subnets with IP prefixes equal or larger than /24", + "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "description": "Administration of reverse proxies in general and WAF in particular is closer to the application than to networking, so they belong in the same subscription as the app. Centralizing the Application Gateway and WAF in the connectivity subscription might be OK if it is managed by one single team.", + "guid": "48b662d6-d15f-4512-a654-98f6dfe237de", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview", + "service": "App Gateway", + "severity": "Medium", + "text": "Deploy Azure Application Gateway v2 or partner NVAs used for proxying inbound HTTP(S) connections within the landing-zone virtual network and with the apps that they're securing.", + "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "f109e1f3-c79b-4f14-82de-6b5c22314d08", + "link": "https://learn.microsoft.com/azure/application-gateway/tutorial-protect-application-gateway-ddos", + "service": "App Gateway", + "severity": "Medium", + "text": "Use a DDoS Network or IP protection plans for all Public IP addresses in application landing zones.", + "training": "https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "graph": "resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant", + "guid": "135bf4ac-f9db-461f-b76b-2ee9e30b12c0", + "link": "https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant", + "service": "App Gateway", + "severity": "Medium", + "text": "Configure autoscaling with a minimum amount of instances of two.", + "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "graph": "resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant", + "guid": "060c6964-52b5-48db-af8b-83e4b2d85349", + "link": "https://learn.microsoft.com/azure/reliability/migrate-app-gateway-v2", + "service": "App Gateway", + "severity": "Medium", + "text": "Deploy Application Gateway across Availability Zones", + "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", + "waf": "Reliability" + }, + { + "arm-service": "microsoft.network/frontdoors", + "checklist": "Azure Application Delivery Networking", + "guid": "3f29812b-2363-4cef-b179-b599de0d5973", + "link": "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview", + "service": "Front Door", + "severity": "Medium", + "text": "When using Front Door and Application Gateway to help protect HTTP/S apps, use WAF policies in Front Door. Lock down Application Gateway to receive traffic only from Front Door.", + "training": "https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/", + "waf": "Security" + }, + { + "ammp": true, + "arm-service": "microsoft.network/trafficManagerProfiles", + "checklist": "Azure Application Delivery Networking", + "guid": "cd4cd21b-0881-437f-9e6c-4cfd3e504547", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview", + "service": "Traffic Manager", + "severity": "High", + "text": "Use Traffic Manager to deliver global apps that span protocols other than HTTP/S.", + "training": "https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/", + "waf": "Reliability" + }, + { + "checklist": "Azure Application Delivery Networking", + "guid": "3b4b3e88-a459-4ed5-a22f-644dfbc58204", + "link": "https://learn.microsoft.com/azure/active-directory/app-proxy/application-proxy#how-application-proxy-works", + "service": "Entra", + "severity": "Low", + "text": "If users only need access to internal applications, has Microsoft Entra ID Application Proxy been considered as an alternative to Azure Virtual Desktop (AVD)?", + "training": "https://learn.microsoft.com/learn/modules/configure-azure-ad-application-proxy/", + "waf": "Security" + }, + { + "checklist": "Azure Application Delivery Networking", + "guid": "01ca7cf1-5754-442d-babb-8ba6772e5c30", + "link": "https://learn.microsoft.com/azure/active-directory/app-proxy/application-proxy#how-application-proxy-works", + "service": "Entra", + "severity": "Medium", + "text": "To reduce the number of firewall ports open for incoming connections in your network, consider using Microsoft Entra ID Application Proxy to give remote users secure and authenticated access to internal applications.", + "training": "https://learn.microsoft.com/learn/paths/implement-applications-external-access-azure-ad/", + "waf": "Security" + }, + { + "ammp": true, + "arm-service": "Microsoft.Network/loadBalancers", + "checklist": "Azure Application Delivery Networking", + "graph": "resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant", + "guid": "97a2fd46-64b0-1dfa-b72d-9c8869496d75", + "link": "https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity", + "service": "Load Balancer", + "severity": "High", + "text": "Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability", + "waf": "Reliability" + }, + { + "ammp": true, + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "graph": "resources | where type == 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | mv-expand properties.managedRules.managedRuleSets | project id, rulesettype = properties_managedRules_managedRuleSets.ruleSetType | extend compliant1 = (rulesettype == 'Microsoft_BotManagerRuleSet') | project id, compliant1 | summarize compliant = max(compliant1) by id", + "guid": "2f8e81eb-8e68-4026-8b1f-70f9b05f7cf9", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/bot-protection", + "service": "App Gateway", + "severity": "High", + "text": "Enable the Azure Application Gateway WAF bot protection rule set. The bot rules detect good and bad bots.", + "waf": "Security" + }, + { + "ammp": true, + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "graph": "resources | where type =~ 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | extend compliant = (properties['policySettings']['requestBodyCheck'] == 'true' and properties['policySettings']['state'] =~ 'Enabled') | distinct id, name, compliant", + "guid": "8ea8e0d4-84e8-4b33-aeab-493f6391b4d6", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits#request-body-inspection", + "service": "App Gateway", + "severity": "High", + "text": "Ensure if request body inspection feature is enabled in Azure Application Gateway WAF policy.", + "waf": "Security" + }, + { + "ammp": true, + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "a4dd86d3-5ffa-408c-b660-cce073d085b8", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/best-practices#tune-your-waf", + "service": "App Gateway", + "severity": "High", + "text": "Tune the Azure Application Gateway WAF in detection mode for your workload. Reduce false positive detections.", + "waf": "Security" + }, + { + "ammp": true, + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "graph": "resources | where type =~ 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | extend compliant = (properties['policySettings']['mode'] =~ 'Prevention')| where properties['policySettings']['mode'] =~ 'Prevention' | distinct id, name, compliant", + "guid": "baf8e317-2397-4d49-b3d1-0dcc16d8778d", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/policy-overview?source=recommendations", + "service": "App Gateway", + "severity": "High", + "text": "Deploy your WAF policy for Application Gateway in 'Prevention' mode.", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "43fae595-8a32-4299-a69e-0f32c454dcc9", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/rate-limiting-overview", + "service": "App Gateway", + "severity": "Medium", + "text": "Add rate limiting to the Azure Application Gateway WAF. Rate limiting blocks clients accidentally or intentionally sending large amounts of traffic in a short period of time.", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "041e0ad8-7b12-4694-a0b7-a0e25ee2470f", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/rate-limiting-overview#rate-limiting-details", + "service": "App Gateway", + "severity": "Medium", + "text": "Use a high threshold for Azure Application Gateway WAF rate limits. High rate limit thresholds avoid blocking legitimate traffic, while still providing protection against extremely high numbers of requests that might overwhelm your infrastructure. ", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "99937189-ff78-492a-b9ca-18d828d82b37", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/best-practices#geo-filtering-best-practices", + "service": "App Gateway", + "severity": "Low", + "text": "If you are not expecting traffic from all geographical regions, use geo-filters to block traffic from non-expected countries.", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "349a15c1-52f4-4319-9078-3895d95ecafd", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/geomatch-custom-rules", + "service": "App Gateway", + "severity": "Medium", + "text": "Specify the unknown (ZZ) location when geo-filtering traffic with the Azure Application Gateway WAF. Avoid accidentally blocking legitimate requests when IP addresses can't be geo-matched.", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "6c19dfd5-a61c-436c-9001-491b9b3d0228", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/best-practices#use-the-latest-ruleset-versions", + "service": "App Gateway", + "severity": "Medium", + "text": "Use the latest Azure Application Gateway WAF rule set version. Rule set updates are regularly updated to take account of the current threat landscape.", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "f84106a2-2e9e-42ac-add6-d3416ecfed53", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/best-practices#add-diagnostic-settings-to-save-your-wafs-logs", + "service": "App Gateway", + "severity": "Medium", + "text": "Add diagnostic settings to save your Azure Application Gateway WAF logs.", + "waf": "Operations" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "92664c60-47e3-4591-8b1b-8d557656e686", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/best-practices#send-logs-to-microsoft-sentinel", + "service": "App Gateway", + "severity": "Medium", + "text": "Send Azure Application Gateway WAF logs to Microsoft Sentinel.", + "waf": "Operations" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "ba0e9b26-6e0d-4ec8-8541-023c00afd5b7", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/best-practices#define-your-waf-configuration-as-code", + "service": "App Gateway", + "severity": "Medium", + "text": "Define your Azure Application Gateway WAF configuration as code. By using code, you can more easily adopt new rule set version and gain additional protection.", + "waf": "Operations" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "f17ec301-8470-4afd-aabc-c1fdfe47dcc0", + "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/policy-overview", + "service": "App Gateway", + "severity": "Medium", + "text": "Use WAF Policies instead of the legacy WAF configuration.", + "waf": "Operations" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "d4eb8667-f8cb-4cdd-94e6-2f967ba98f88", + "link": "https://learn.microsoft.com/azure/virtual-wan/scenario-secured-hub-app-gateway", + "service": "App Gateway", + "severity": "Medium", + "text": "Filter inbound traffic in the backends so that they only accept connections from the Application Gateway subnet, for example with NSGs.", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "graph": "resources | where type == 'microsoft.network/applicationgateways'| extend compliant = (properties['backendHttpSettingsCollection'][0]['properties']['port'] =~ '443') |where properties['backendHttpSettingsCollection'][0]['properties']['port'] =~ '443'|distinct id,name,compliant", + "guid": "a66f0fd8-2ca4-422e-8df3-235148127ca2", + "link": "https://learn.microsoft.com/azure/application-gateway/ssl-overview", + "service": "App Gateway", + "severity": "High", + "text": "You should encrypt traffic to the backend servers.", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "3dba65cb-834d-44d8-a3ca-a6aa2f1587be", + "link": "https://learn.microsoft.com/azure/web-application-firewall/overview", + "service": "App Gateway", + "severity": "High", + "text": "You should use a Web Application Firewall.", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "0158fcb6-0bc1-4687-832f-cc7c359c22d2", + "link": "https://learn.microsoft.com/azure/application-gateway/redirect-overview", + "service": "App Gateway", + "severity": "Medium", + "text": "Redirect HTTP to HTTPS", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "bb697864-1b4c-43af-8667-90cc69aaed5f", + "link": "https://learn.microsoft.com/azure/application-gateway/how-application-gateway-works#modifications-to-the-request", + "service": "App Gateway", + "severity": "Medium", + "text": "Use gateway-managed cookies to direct traffic from a user session to the same server for processing", + "waf": "Operations" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "ff353ad8-15fb-4ae8-9fc5-a85a36d36a35", + "link": "https://learn.microsoft.com/azure/application-gateway/configuration-http-settings", + "service": "App Gateway", + "severity": "High", + "text": "Enable connection draining during planned service updates to prevent connection loss to existing members of the backend pool", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "c8741f03-45a4-4183-a6b8-139e0773b8b5", + "link": "https://learn.microsoft.com/azure/application-gateway/custom-error", + "service": "App Gateway", + "severity": "Low", + "text": "Create custom error pages to display a personalized user experience", + "waf": "Operations" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "f850d46f-f5d7-4b17-b48c-a780741402e1", + "link": "https://learn.microsoft.com/azure/application-gateway/rewrite-http-headers-url", + "service": "App Gateway", + "severity": "Medium", + "text": "Edit HTTP requests and response headers for easier routing and information exchange between the client and server", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "eadc3164-4a0f-461c-85f1-1a372c04dfd1", + "link": "https://learn.microsoft.com/azure/frontdoor/front-door-overview", + "service": "App Gateway", + "severity": "Medium", + "text": "Configure Front Door to optimize global web traffic routing and top-tier end-user performance, and reliability through quick global failover", + "waf": "Performance" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "29dcc19f-a8fa-4c35-8281-290577538793", + "link": "https://learn.microsoft.com/azure/load-balancer/load-balancer-overview", + "service": "App Gateway", + "severity": "Medium", + "text": "Use transport layer load balancing", + "waf": "Performance" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "276898c1-af5e-4819-9e8e-049c7801ab9d", + "link": "https://learn.microsoft.com/azure/application-gateway/multiple-site-overview", + "service": "App Gateway", + "severity": "Medium", + "text": "Configure routing based on host or domain name for multiple web applications on a single gateway", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "5fe365b6-58e8-47ed-a8cf-5163850380a2", + "link": "https://learn.microsoft.com/azure/application-gateway/create-ssl-portal", + "service": "App Gateway", + "severity": "Medium", + "text": "Centralize SSL certificate management to reduce encryption and decryption overhead from a backend server farm", + "waf": "Security" + }, + { + "arm-service": "microsoft.network/applicationGateways", + "checklist": "Azure Application Delivery Networking", + "guid": "fa64b4dd-35c2-4047-ac5c-45dfbf8b0db9", + "link": "https://learn.microsoft.com/azure/application-gateway/application-gateway-websocket", + "service": "App Gateway", + "severity": "Low", + "text": "Use Application Gateway for native support for WebSocket and HTTP/2 protocols", + "waf": "Security" + }, + { + "arm-service": "Microsoft.Devices/provisioningServices", + "checklist": "Device Provisioning Service Review", + "guid": "cb26b2ba-a9db-45d1-8260-d9c6ec1447d9", + "link": "https://learn.microsoft.com/en-us/azure/logic-apps/single-tenant-overview-compare", + "service": "IoT Hub DPS", + "severity": "High", + "text": "Select the right Logic App hosting plan based on your business & SLO requirements", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Devices/provisioningServices", + "checklist": "Device Provisioning Service Review", + "guid": "f6dd7977-1123-4f39-b488-f91415a8430a", + "link": "https://learn.microsoft.com/en-us/azure/logic-apps/set-up-zone-redundancy-availability-zones?tabs=standard#next-steps", + "service": "IoT Hub DPS", + "severity": "High", + "text": "Protect logic apps from region failures with zone redundancy and availability zones", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Devices/provisioningServices", + "checklist": "Device Provisioning Service Review", + "guid": "8aed4fbf-0830-4883-899d-222a154af478", + "link": "https://learn.microsoft.com/en-us/azure/logic-apps/business-continuity-disaster-recovery-guidance?toc=%2Fazure%2Freliability%2Ftoc.json&bc=%2Fazure%2Freliability%2Fbreadcrumb%2Ftoc.json", + "service": "IoT Hub DPS", + "severity": "High", + "text": "Consider a Cross-Region DR strategy for critical workloads", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Devices/provisioningServices", + "checklist": "Device Provisioning Service Review", + "guid": "da0f033e-d180-4f36-9aa4-c468dba14203", + "link": "https://learn.microsoft.com/en-us/azure/app-service/environment/intro", + "service": "IoT Hub DPS", + "severity": "High", + "text": "If deploying to an Isolated environment, use or migrate to App Service Environment (ASE) v3", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.Devices/provisioningServices", + "checklist": "Device Provisioning Service Review", + "guid": "62711604-c9d1-4b0a-bdb7-5fda54a4f6c1", + "link": "https://learn.microsoft.com/en-us/training/modules/deploy-azure-functions/", + "service": "IoT Hub DPS", + "severity": "Medium", + "text": "Leverage Azure DevOps or GitHub to streamline CI/CD and safeguard your Logic App code", + "waf": "Operations" + }, + { + "arm-service": "Microsoft.KeyVault/vaults", + "checklist": "Azure Key Vault", + "guid": "6d37a33b-531c-4a91-871a-b69d8044f04e", + "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", + "service": "Key Vault", + "severity": "High", + "text": "Familiarize yourself with the Key Vault's best practices such as isolation recommendations, access control, data protection, backup, and logging.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.KeyVault/vaults", + "checklist": "Azure Key Vault", + "guid": "7ba4d380-7b9e-4a8b-a0c3-2d8e49c11872", + "link": "https://learn.microsoft.com/azure/key-vault/general/disaster-recovery-guidance", + "service": "Key Vault", + "severity": "Medium", + "text": "Key Vault is a managed service and Microsoft will handle the failover within and across region. Familiarize yourself with the Key Vault's availability and redundancy.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.KeyVault/vaults", + "checklist": "Azure Key Vault", + "guid": "17fb86a2-eb45-42a4-9c34-52b92a2a1842", + "link": "https://learn.microsoft.com/azure/key-vault/general/disaster-recovery-guidance#data-replication", + "service": "Key Vault", + "severity": "Medium", + "text": "The contents of your key vault are replicated within the region and to a secondary region at least 150 miles away, but within the same geography to maintain high durability of your keys and secrets. Familiarize yourself with the Key Vault's data replication.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.KeyVault/vaults", + "checklist": "Azure Key Vault", + "guid": "614682ca-6e0c-4f34-9f03-c6d3f2b99a32", + "link": "https://learn.microsoft.com/azure/key-vault/general/disaster-recovery-guidance#failover-across-regions", + "service": "Key Vault", + "severity": "Medium", + "text": "During failover, access policy or firewall configurations and settings can't be changed. The key vault will be in read-only mode during failover. Familiarize yourself with the Key Vault's failover guidance.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.KeyVault/vaults", + "checklist": "Azure Key Vault", + "guid": "9ef2b0d2-3206-4c94-b47a-4f07e6a1c509", + "link": "https://learn.microsoft.com/azure/key-vault/general/backup?tabs=azure-cli#design-considerations", + "service": "Key Vault", + "severity": "Medium", + "text": "When you back up a key vault object, such as a secret, key, or certificate, the backup operation will download the object as an encrypted blob. This blob can't be decrypted outside of Azure. To get usable data from this blob, you must restore the blob into a key vault within the same Azure subscription and Azure geography. Familiarize yourself with the Key Vault's backup and restore guidance.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.KeyVault/vaults", + "checklist": "Azure Key Vault", + "guid": "2df045b1-c0f6-47d3-9a9b-99cf6999684e", + "link": "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview", + "service": "Key Vault", + "severity": "High", + "text": "If you want protection against accidental or malicious deletion of your secrets, configure soft-delete and purge protection features on your key vault.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.KeyVault/vaults", + "checklist": "Azure Key Vault", + "guid": "cbfa96b0-5249-4e6f-947c-d0e79509708c", + "link": "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview", + "service": "Key Vault", + "severity": "Low", + "text": "Key Vault's soft-deleted resources are retained for a set period of 90 calendar days. Familiarize yourself with the Key Vault's soft-delete guidance.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.KeyVault/vaults", + "checklist": "Azure Key Vault", + "guid": "e8659d11-7e02-4db0-848c-c6541dbab68c", + "link": "https://learn.microsoft.com/azure/key-vault/general/backup?tabs=azure-cli#limitations", + "service": "Key Vault", + "severity": "Low", + "text": "Understand Key Vault's backup limitations. Key Vault does not support the ability to backup more than 500 past versions of a key, secret, or certificate object. Attempting to backup a key, secret, or certificate object may result in an error. It is not possible to delete previous versions of a key, secret, or certificate.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.KeyVault/vaults", + "checklist": "Azure Key Vault", + "guid": "45c25e29-d0ef-4f07-aa04-0f8c64cbcc04", + "link": "https://learn.microsoft.com/azure/key-vault/general/backup?tabs=azure-cli#limitations", + "service": "Key Vault", + "severity": "Low", + "text": "Key Vault doesn't currently provide a way to back up an entire key vault in a single operation and keys, secrets and certitificates must be backup indvidually. Familiarize yourself with the Key Vault's backup and restore guidance.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.KeyVault/vaults", + "checklist": "Azure Key Vault", + "guid": "0f15640b-31e5-4de6-85a7-d2c652fa09d3", + "link": "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview#purge-protection", + "service": "Key Vault", + "severity": "Medium", + "text": "Purge protection is recommended when using keys for encryption to prevent data loss. Purge protection is an optional Key Vault behavior and is not enabled by default. Purge protection can only be enabled once soft-delete is enabled. It can be turned on via CLI, PowerShell or Portal.", + "waf": "Reliability" + }, + { + "arm-service": "Microsoft.KeyVault/vaults", + "checklist": "Azure Key Vault", + "graph": "resources| where type =~ 'microsoft.keyvault/vaults' | extend compliant = (properties.enableRbacAuthorization == true) | distinct id, compliant", + "guid": "d0642c1c-312b-4116-94ab-439e1c836819", + "link": "https://learn.microsoft.com/azure/key-vault/general/rbac-guide?tabs=azure-cli", + "service": "Key Vault", + "severity": "Medium", + "text": "RBAC is recommended to control access to your key vault. Familiarize yourself with the Key Vault's access control guidance.", + "waf": "Security" + }, { "checklist": "Azure Landing Zone Review", "guid": "70c15989-c726-42c7-b0d3-24b7375b9201", @@ -1867,7 +9549,7 @@ { "checklist": "Azure Landing Zone Review", "guid": "5d82e6df-6f61-42f2-82e2-3132d293be3d", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-microsoft-customer-agreement#design-recommendations", + "link": "https://learn.microsoft.com/azure/lighthouse/overview", "service": "Entra", "severity": "High", "text": "If you give a partner access to administer your tenant, use Azure Lighthouse.", @@ -3691,891 +11373,76 @@ "waf": "Operations" }, { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "a85b86ad-884f-48e3-9273-4b875ba18f10", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/system-message#define-additional-safety-and-behavioral-guardrails", - "service": "OpenAI", + "arm-service": "Microsoft.Web/sites", + "checklist": "Azure Function Review", + "guid": "4238f409-2ea0-43be-a06b-2a993c98aa7b", + "link": "https://learn.microsoft.com/en-us/azure/azure-functions/functions-scale#overview-of-plans", + "service": "Azure Functions", "severity": "High", - "text": "Follow Metaprompting guardrails for resonsible AI", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "d4391898-cd28-48be-b6b1-7cb8245451e1", - "link": "https://github.com/Azure-Samples/AI-Gateway", - "service": "OpenAI", - "severity": "High", - "text": "Consider Gateway patterns with APIM or solutions like AI central for better rate limiting, load balancing, authentication and logging", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "aed3453a-ec72-4392-97a1-52d6cc5e4029", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/azure-openai-insights-monitoring-ai-with-confidence/ba-p/4026850", - "service": "OpenAI", - "severity": "High", - "text": "Enable monitoring for your AOAI instances", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "graph": "resources | where type == 'microsoft.insights/metricalerts' | extend compliant = (properties.targetResourceType =~ 'Microsoft.CognitiveServices/accounts') | project id, compliant", - "guid": "697cb391-ed16-4b2d-886f-0a0241addde6", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring#set-up-alerts", - "service": "OpenAI", - "severity": "High", - "text": "Create alerts to notify teams of events such as an entry in the activity log created by an action performed on the resource, such as regenerating its subscription keys or a metric threshold such as the number of errors exceeding 10 in an hour", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "8a477cde-b486-41bc-9bc1-0ae66e25d4d5", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring", - "service": "OpenAI", - "severity": "High", - "text": "Monitor token usage to prevent service disruptions due to capacity", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "a3aec2c4-e243-46b0-936c-b45e17960eee", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring", - "service": "OpenAI", - "severity": "Medium", - "text": "observe metrics like processed inference tokens, generated completion tokens monitor for rate limit", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "fbdf4cc2-eec4-4d76-8c31-d25ffbb46a39", - "link": "https://techcommunity.microsoft.com/t5/apps-on-azure-blog/build-an-enterprise-ready-azure-openai-solution-with-azure-api/ba-p/3907562", - "service": "OpenAI", - "severity": "Low", - "text": "Enable and configure Diagnostics for the Azure OpenAI Service. If not sufficient, consider using a gateway such as Azure API Managements in front of Azure OpenAI to log both incoming prompts and outgoing responses, where permitted", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "3af30ed3-2947-498b-8178-a2c5a46ceb54", - "link": "https://github.com/Azure-Samples/openai-enterprise-iac", - "service": "OpenAI", - "severity": "High", - "text": "Use Infrastructure as code to deploy the Azure OpenAI Service, model deployments, and all related resources", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "4350d092-d234-4292-a752-8537a551c5bf", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity", - "service": "OpenAI", - "severity": "High", - "text": "Use Microsoft Entra Authentication with Managed Identity instead of API Key", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "4e4f1854-287d-45cd-a126-cc031af5b1fc", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-bulk-test-evaluate-flow?view=azureml-api-2", - "service": "OpenAI", - "severity": "High", - "text": "Evaluate the performance/accuracy of the system with a known golden dataset which has the inputs and the correct answers. Leverage capabilities in PromptFlow for Evaluation.", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "68889535-e327-4897-b31b-67d67be5962a", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---performance-efficiency", - "service": "OpenAI", - "severity": "High", - "text": "Evaluate usage of Provisioned throughput model ", - "waf": "Performance" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "cd288bed-6b17-4cb8-8454-51e1aed3453a", - "link": "https://learn.microsoft.com/azure/ai-services/content-safety/overview", - "service": "OpenAI", - "severity": "High", - "text": "Review and implement Azure AI content safety", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "1193846d-697c-4b39-8ed1-6b2d186f0a02", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#system-level-throughput", - "service": "OpenAI", - "severity": "High", - "text": "Define and evaluate the throughput of the system based on tokens & response per minute and align with requirements", - "waf": "Performance" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "41addde6-8a47-47cd-bb48-61bc3bc10ae6", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#improve-performance", - "service": "OpenAI", - "severity": "Medium", - "text": "Improve latency of the system by limiting token sizes, streaming options for applications like chatbots or conversational interfaces. Streaming can enhance the perceived performance of Azure OpenAI applications by delivering responses to users in an incremental manner", - "waf": "Performance" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "6e25d4d5-a3ae-4c2c-9e24-36b0336cb45e", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching", - "service": "OpenAI", - "severity": "Medium", - "text": "Estimate elasticity demands to determine synchronous and batch request segregation based on priority. For high priority, use synchronous approach and for low priority, asynchronous batch processing with queue is preferred", - "waf": "Performance" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "5bda4332-4f24-4811-9331-82ba51752694", - "link": "https://github.com/Azure/azure-openai-benchmark/", - "service": "OpenAI", - "severity": "High", - "text": "Benchmark token consumption requirements based on estimated demands from consumers. Consider using the Azure OpenAI benchmarking tool to help you validate the throughput if you are using Provisioned Throughput Unit deployments", - "waf": "Performance" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "4008ae7d-7e47-4432-96d8-bdcf55bce619", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268", - "service": "OpenAI", - "severity": "Medium", - "text": "If you are using Provisioned Throughput Units (PTUs), consider deploying a token-per-minute (TPM) deployment for overflow requests. Use a gateway to route requests to the TPM deployment when the PTU limits are reached.", - "waf": "Performance" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "e8a13f98-8794-424d-9267-86d60b96c97b", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/models", - "service": "OpenAI", - "severity": "High", - "text": "Choose the right model for the right task. Pick models with right tradeoff between speed, quality of response and output complexity", - "waf": "Performance" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "e9951904-8384-45c9-a6cb-2912156a1147", - "link": "https://github.com/Azure/azure-openai-benchmark/", - "service": "OpenAI", - "severity": "Medium", - "text": "Have a baseline for performance without fine-tuning for knowing whether or not fine-tuning has improved model performance", - "waf": "Performance" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "5e39f541-accc-4d97-a376-bcdb3750ab2a", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability", - "service": "OpenAI", - "severity": "Low", - "text": "Deploy multiple OAI instances across regions", + "text": "Select the right Function hosting plan based on your business & SLO requirements", "waf": "Reliability" }, { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "b039da6d-55d7-4c89-8adb-107d5325af62", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability", - "service": "OpenAI", + "arm-service": "Microsoft.Web/sites", + "checklist": "Azure Function Review", + "guid": "a9808100-d640-4f77-ac56-1ec0600f6752", + "link": "https://learn.microsoft.com/en-us/azure/azure-functions/functions-scale#overview-of-plans", + "query": "resources | where type =~ 'Microsoft.Web/sites' and kind has 'functionapp' and tolower(kind) !contains 'workflow' | extend aspResourceId = tostring(properties.serverFarmId), managedEnvId = tostring(properties.managedEnvironmentId), sku = tostring(properties.sku) | extend sku = iif(isnotempty(sku), sku, iif(isnotempty(managedEnvId), 'ContainerApps', '')) | where sku !in ('Dynamic', 'FlexConsumption', '') | extend aspName = tostring(split(aspResourceId, '/').[-1]), managedEnvName = tostring(split(managedEnvId, '/').[-1]) | extend HostingPlan = tostring(iif(isnotempty(aspName), aspName, managedEnvName)) | project functionAppName = name, functionAppId = id, HostingPlan, sku | join kind=inner ( resources | where type =~ 'Microsoft.Web/serverfarms' or type =~ 'Microsoft.App/managedEnvironments' | extend HostingPlan = tostring(name), zoneRedundant = tostring(properties.zoneRedundant), compliant = tobool(properties.zoneRedundant) | project HostingPlan, resourceId = id, zoneRedundant, compliant ) on HostingPlan | project functionAppName, functionAppId, sku, HostingPlan, resourceId, zoneRedundant, compliant", + "service": "Azure Functions", "severity": "High", - "text": "Implement retry & healthchecks with Gateway pattern like APIM", + "text": "Leverage Availability Zones where regionally applicable (not available for Consumption tier)", "waf": "Reliability" }, { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "5ca44e46-85e2-4223-ace8-bb12308ca5f1", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#introduction-to-quota", - "service": "OpenAI", + "arm-service": "Microsoft.Web/sites", + "checklist": "Azure Function Review", + "guid": "5969d03e-eacf-4042-b127-73c55e3575fa", + "link": "https://learn.microsoft.com/en-us/azure/reliability/reliability-functions?tabs=azure-portal#cross-region-disaster-recovery-and-business-continuity", + "service": "Azure Functions", "severity": "Medium", - "text": "Ensure having adequate quotas of TPM & RPM for the workload", + "text": "Consider a Cross-Region DR strategy for critical workloads", "waf": "Reliability" }, { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "ec723923-7a15-42d6-ac5e-402925387e5c", - "link": "https://www.microsoft.com/research/project/guidelines-for-human-ai-interaction/", - "service": "OpenAI", - "severity": "Medium", - "text": "Review the considerations in HAI toolkit guidance and apply those interaction practices for the slution", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "7f154e3a-a369-4282-ae7e-316183687a04", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/business-continuity-disaster-recovery", - "service": "OpenAI", - "severity": "Medium", - "text": "Deploy separate fine tuned models across regions if finetuning is employed", + "arm-service": "Microsoft.Web/sites", + "checklist": "Azure Function Review", + "guid": "47a0aae0-d8a0-43b1-9791-e934dee3754c", + "link": "https://learn.microsoft.com/en-us/azure/app-service/environment/intro", + "service": "Azure Functions", + "severity": "High", + "text": "If deploying to an Isolated environment, use or migrate to App Service Environment (ASE) v3", "waf": "Reliability" }, { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "77a1f893-5bda-4433-84f2-4811633182ba", - "link": "https://learn.microsoft.com/azure/backup/backup-overview", - "service": "OpenAI", - "severity": "Medium", - "text": "Regularly backup and replicate critical data to ensure data availability and recoverability in case of data loss or system failures. Leverage Azure's backup and disaster recovery services to protect your data.", + "arm-service": "Microsoft.Web/sites", + "checklist": "Azure Function Review", + "guid": "17232891-f89f-4eaa-90f1-3b34bf798ed5", + "link": "https://learn.microsoft.com/en-us/azure/azure-functions/dedicated-plan#always-on", + "query": "resources | where type =~ 'Microsoft.Web/sites' and kind has 'functionapp' | where tolower(kind) !contains 'workflow' | where isnotempty(properties.serverFarmId) | extend sku = tostring(properties.sku) | where isnotempty(sku) | where sku !in ('Dynamic', 'FlexConsumption', 'ElasticPremium') | extend alwaysOn = properties.siteConfig.alwaysOn | project functionAppName = name, functionAppId = id, serverFarmId = tostring(properties.serverFarmId), sku, alwaysOn, compliant = tobool(alwaysOn)", + "service": "Azure Functions", + "severity": "High", + "text": "Ensure 'Always On' is enabled for all Function Apps running on App Service Plan", "waf": "Reliability" }, { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "graph": "resources | where type == 'microsoft.search/searchservices' | extend compliant = (sku.name != 'free' and properties.replicaCount >= 3) | project id, compliant", - "guid": "95b96ad8-844c-4e3b-8b38-b876ba2cf204", - "link": "https://learn.microsoft.com/azure/search/search-reliability", - "service": "OpenAI", - "severity": "High", - "text": "Azure AI search service tiers should be choosen to have a SLA ", + "arm-service": "Microsoft.Web/sites", + "checklist": "Azure Function Review", + "guid": "40a325c2-7c0e-49e6-86d8-c273b4dc21ba", + "link": "https://learn.microsoft.com/en-us/azure/azure-functions/storage-considerations?tabs=azure-cli#shared-storage-accounts", + "service": "Azure Functions", + "severity": "Medium", + "text": "Pair a Function App to its own storage account. Try not to re-use storage accounts for Function Apps unless they are tightly coupled", "waf": "Reliability" }, { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "99013a5d-3ce4-474d-acbd-8682a6abca2a", - "link": "https://learn.microsoft.com/purview/purview", - "service": "OpenAI", - "severity": "Low", - "text": "Classify data and sensitivity, labeling with Microsoft Purview before generating the embeddings and make sure to treat the embeddings generated with same sensitivity and classification", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "4fda1dbf-3dd9-45d4-ac7c-891dca1f6d56", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/use-your-data-securely", - "service": "OpenAI", - "severity": "High", - "text": "Encrypt data used for RAG with SSE/Disk encryption with optional BYOK", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "59ae558b-937d-4498-9e11-12dbd7ba012f", - "link": "https://learn.microsoft.com/azure/search/search-security-overview", - "service": "OpenAI", - "severity": "High", - "text": "Ensure TLS is enforced for data in transit across data sources, AI search used for Retrieval-Augmented Generation (RAG) and LLM communication", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "7b94ef6e-047d-42ea-8992-b1cd6e2054b2", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control", - "service": "OpenAI", - "severity": "High", - "text": "Use RBAC to manage access to Azure OpenAI services. Assign appropriate permissions to users and restrict access based on their roles and responsibilities", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "9769e4a6-91e8-4838-ac93-6667e13c0056", - "link": "https://learn.microsoft.com/azure/security/fundamentals/data-encryption-best-practices", - "service": "OpenAI", + "arm-service": "Microsoft.Web/sites", + "checklist": "Azure Function Review", + "guid": "bb42650c-257d-4cb0-822a-131138b8e6f0", + "link": "https://learn.microsoft.com/en-us/training/modules/deploy-azure-functions/", + "service": "Azure Functions", "severity": "Medium", - "text": "Implement data encryption, masking or redaction techniques to hide sensitive data or replace it with obfuscated values in non-production environments or when sharing data for testing or troubleshooting purposes", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "74b1e945-b459-4837-be7a-d6c6d3b375a5", - "link": "https://learn.microsoft.com/azure/defender-for-cloud/ai-onboarding", - "service": "OpenAI", - "severity": "High", - "text": "Utilize Azure Defender to detect and respond to security threats and set up monitoring and alerting mechanisms to identify suspicious activities or breaches. Leverage Azure Sentinel for advanced threat detection and response", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "c7acbe48-abe5-44cd-99f2-e87768468c55", - "link": "https://techcommunity.microsoft.com/t5/azure-storage-blog/managing-long-term-log-retention-or-any-business-data/ba-p/2494791", - "service": "OpenAI", - "severity": "Medium", - "text": "Establish data retention and disposal policies to adhere to compliance regulations. Implement secure deletion methods for data that is no longer required and maintain an audit trail of data retention and disposal activities", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "a9c27d9c-42bb-46bd-8c69-99a246f3389a", - "link": "https://learn.microsoft.com/azure/ai-services/content-safety/concepts/jailbreak-detection", - "service": "OpenAI", - "severity": "High", - "text": "Implement Prompt shields and groundedness detection using Content Safety ", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "a775c6ee-95b9-46ad-a844-ce3b2b38b876", - "link": "https://learn.microsoft.com/azure/compliance/", - "service": "OpenAI", - "severity": "High", - "text": "Ensure compliance with relevant data protection regulations, such as GDPR or HIPAA, by implementing privacy controls and obtaining necessary consents or permissions for data processing activities.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "ba2cf204-9901-43a5-b3ce-474dccbd8682", - "service": "OpenAI", - "severity": "Medium", - "text": "Educate your employees about data security best practices, the importance of handling data securely, and potential risks associated with data breaches. Encourage them to follow data security protocols diligently.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "eae01e6e-842e-452f-9721-d928c1b1cd52", - "service": "OpenAI", - "severity": "High", - "text": "Keep production data separate from development and testing data. Only use real sensitive data in production and utilize anonymized or synthetic data in development and test environments.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "1e54a29a-9de3-499c-bd7b-28dc93555620", - "service": "OpenAI", - "severity": "Medium", - "text": "If you have varying levels of data sensitivity, consider creating separate indexes for each level. For instance, you could have one index for general data and another for sensitive data, each governed by different access protocols", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "2bfe4564-b0d8-434a-948b-263e6dd60512", - "service": "OpenAI", - "severity": "Medium", - "text": "Take segregation a step further by placing sensitive datasets in different instances of the service. Each instance can be controlled with its own specific set of RBAC policies", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "a36498f6-dbad-438e-ad53-cc7ce1d7aaab", - "service": "OpenAI", - "severity": "High", - "text": "Recognize that embeddings and vectors generated from sensitive information are themselves sensitive. This data should be afforded the same protective measures as the source material", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "3571449a-b805-43d8-af89-dc7b33be2a1a", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control", - "service": "OpenAI", - "severity": "High", - "text": "Apply RBAC to th data stores having embeddings and vectors and scope access based on role's access requirements", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "graph": "resources | where type =~ 'Microsoft.CognitiveServices/accounts' or type == 'microsoft.search/searchservices' | project id, compliant = (properties.privateEndpointConnections != '[]' and properties.publicNetworkAccess !~ 'enabled')", - "guid": "27f7b9e9-1be1-4f38-aef3-9812bd463cbb", - "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/azure-openai-private-endpoints-connecting-across-vnet-s/ba-p/3913325", - "service": "OpenAI", - "severity": "High", - "text": "Configure private endpoint for AI services to restrict service access within your network", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "ac8ac199-ebb9-41a3-9d90-cae2cc881370", - "service": "OpenAI", - "severity": "High", - "text": "Enforce strict inbound and outbound traffic control with Azure Firewall and UDRs and limit the external integration points", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "6f7c0cba-fe51-4464-add4-57e927138b82", - "service": "OpenAI", - "severity": "High", - "text": "Implement network segmentation and access controls to restrict access to the LLM application only to authorized users and systems and prevent lateral movement", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "7f42c78e-78cb-46a2-8ad1-90916e6a8d8f", - "link": "https://www.microsoft.com/research/blog/llmlingua-innovating-llm-efficiency-with-prompt-compression/", - "service": "OpenAI", - "severity": "Medium", - "text": "Use prompt compression tools like LLMLingua or gprtrim", - "waf": "Cost Optimization" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "graph": "resources | where type =~ 'Microsoft.CognitiveServices/accounts' or type == 'microsoft.search/searchservices' | project id, compliant = (isnotnull(identity))", - "guid": "1102cac6-eae0-41e6-b842-e52f4721d928", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity", - "service": "OpenAI", - "severity": "High", - "text": "Ensure that APIs and endpoints used by the LLM application are properly secured with authentication and authorization mechanisms, such as Managed identities, API keys or OAuth, to prevent unauthorized access.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "c1b1cd52-1e54-4a29-a9de-399cfd7b28dc", - "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/security-best-practices-for-genai-applications-openai-in-azure/ba-p/4027885", - "service": "OpenAI", - "severity": "Medium", - "text": "Enforce strong end user authentication mechanisms, such as multi-factor authentication, to prevent unauthorized access to the LLM application and associated network resources", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "93555620-2bfe-4456-9b0d-834a348b263e", - "service": "OpenAI", - "severity": "Medium", - "text": "Implement network monitoring tools to detect and analyze network traffic for any suspicious or malicious activities. Enable logging to capture network events and facilitate forensic analysis in case of security incidents", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "6dd60512-a364-498f-9dba-d38ead53cc7c", - "service": "OpenAI", - "severity": "Medium", - "text": "Conduct security audits and penetration testing to identify and address any network security weaknesses or vulnerabilities in the LLM application's network infrastructure", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "graph": "resources | where type == 'microsoft.cognitiveservices/accounts' or type == 'microsoft.search/searchservices' | project id, compliant = (tags != '{}')", - "guid": "e1d7aaab-3571-4449-ab80-53d89f89dc7b", - "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/tag-resources?tabs=json", - "service": "OpenAI", - "severity": "Low", - "text": "Azure AI Services are properly tagged for better management", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "77036e5e-6b4b-4ed3-b503-547c1347dc56", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations", - "service": "OpenAI", - "severity": "Low", - "text": "Azure AI Service accounts follows organizational naming conventions", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "028a71ff-e1ce-415d-b3f0-d5e772d41e36", - "link": "https://learn.microsoft.com/azure/ai-services/diagnostic-logging", - "service": "OpenAI", - "severity": "High", - "text": "Diagnostic logs in Azure AI services resources should be enabled", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "graph": "resources | where type =~ 'Microsoft.CognitiveServices/accounts' or type == 'microsoft.search/searchservices' | project id, compliant = (properties.disableLocalAuth == true)", - "guid": "11cc57b4-a4b1-4410-b439-58a8c2289b3d", - "link": "https://learn.microsoft.com/azure/ai-services/authentication", - "service": "OpenAI", - "severity": "High", - "text": "Key access (local authentication) is recommended to be disabled for security. After disabling key based access, Microsoft Entra ID becomes the only access method, which allows maintaining minimum privilege principle and granular control. ", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "6b57cfc6-5546-41e1-a3e3-453a3c863964", - "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", - "service": "OpenAI", - "severity": "High", - "text": "Store and manage keys securely using Azure Key Vault. Avoid hard-coding or embedding sensitive keys within your LLM application's code and retrieve them securely from Azure Key Vault using managed identities", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "8b652d6c-15f5-4129-9539-8e6ded227dd1", - "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", - "service": "OpenAI", - "severity": "High", - "text": "Regularly rotate and expire keys stored in Azure Key Vault to minimize the risk of unauthorized access.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "adfe27be-e297-401a-a352-baaab79b088d", - "link": "https://github.com/openai/tiktoken", - "service": "OpenAI", - "severity": "High", - "text": "Use tiktoken to understand token sizes for token optimizations in conversational mode", - "waf": "Cost Optimization" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "42b06c21-d799-49a6-96f4-389a7f42c78e", - "link": "https://learn.microsoft.com/azure/security/develop/secure-dev-overview", - "service": "OpenAI", - "severity": "High", - "text": "Follow secure coding practices to prevent common vulnerabilities such as injection attacks, cross-site scripting (XSS), or security misconfigurations", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "78c06a73-a22a-4495-9e6a-8dc4a20e27c3", - "link": "https://learn.microsoft.com/azure/devops/repos/security/github-advanced-security-dependency-scanning?view=azure-devops", - "service": "OpenAI", - "severity": "High", - "text": "Setup a process to regularly update and patch the LLM libraries and other system components", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "e29711b1-352b-4eee-879b-588defc4972c", - "link": "https://learn.microsoft.com/legal/cognitive-services/openai/code-of-conduct", - "service": "OpenAI", - "severity": "High", - "text": "Adhere to Azure OpenAI or other LLMs terms of use, policies and guidance and allowed use cases", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "d3cd21bf-7703-46e5-b6b4-bed3d503547c", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs#base-series-and-codex-series-fine-tuned-models", - "service": "OpenAI", - "severity": "Medium", - "text": "Understand difference in cost of base models and fine tuned models and token step sizes", - "waf": "Cost Optimization" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "1347dc56-028a-471f-be1c-e15dd3f0d5e7", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching", - "service": "OpenAI", - "severity": "High", - "text": "Batch requests, where possible, to minimize the per-call overhead which can reduce overall costs. Ensure you optimize batch size", - "waf": "Cost Optimization" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "72d41e36-11cc-457b-9a4b-1410d43958a8", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs", - "service": "OpenAI", - "severity": "Medium", - "text": "Set up a cost tracking system that monitors model usage and use that information to help inform model choices and prompt sizes", - "waf": "Cost Optimization" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "166cd072-af9b-4141-a898-a535e737897e", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#understanding-rate-limits", - "service": "OpenAI", - "severity": "Medium", - "text": "Set a maximum limit on the number of tokens per model response (max_tokens and the number of completions to generate). Optimize the size to ensure it is large enough for a valid response", - "waf": "Cost Optimization" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "3266b225-86f4-4a16-92bd-ddea8a487cde", - "link": "https://learn.microsoft.com/azure/search/vector-search-index-size?tabs=portal-vector-quota", - "service": "OpenAI", - "severity": "Medium", - "text": "Plan and manage AI Search Vector storage", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "b4861bc3-bc14-4aeb-9e66-e8d9a3aec218", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-end-to-end-llmops-with-prompt-flow?view=azureml-api-2", - "service": "OpenAI", - "severity": "Medium", - "text": "Ensure deployment of Azure OpenAI instances across your various environments, such as development, test, and production supporting lrarning & experimentation. Apply LLMOps practices to automate the lifecycle management of your GenAI applications", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "aa80932c-8ec9-4d1b-a770-26e5e6beba9e", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/provisioned-throughput-onboarding#understanding-the-provisioned-throughput-purchase-model", - "service": "OpenAI", - "severity": "High", - "text": "Evaluate usage of billing models - PAYG vs PTU. Start with PAYG and consider PTU when the usage is predictable in production since it offers dedicated memory and compute, reserved capacity, and consistent maximum latency for the specified model version", - "waf": "Cost Optimization" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "e6436b07-36db-455f-9796-03334bdf9cc2", - "link": "https://techcommunity.microsoft.com/t5/ai-azure-ai-services-blog/how-to-control-azure-openai-models/ba-p/4146793", - "service": "OpenAI", - "severity": "Medium", - "text": "Evaluate the quality of prompts and applications when switching between model versions", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "3418db61-2712-4650-9bb4-7a393a080327", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/concept-model-monitoring-generative-ai-evaluation-metrics?view=azureml-api-2", - "service": "OpenAI", - "severity": "Medium", - "text": "Evaluate, monitor and refine your GenAI apps for features like groundedness, relevance, accuracy, coherence and fluency", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "294798b1-578b-4219-a46c-eb5443513592", - "service": "OpenAI", - "severity": "Medium", - "text": "Evaluate your Azure AI Search results based on different search parameters", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "2744293b-b628-4537-a551-19b08e8f5854", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/fine-tuning-considerations", - "service": "OpenAI", - "severity": "Medium", - "text": "Look at fine tuning models as way of increasing accuracy only when you have tried other basic approaches like prompt engineering and RAG with your data", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "287d9cec-166c-4d07-8af9-b141a898a535", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/advanced-prompt-engineering?pivots=programming-language-chat-completions", - "service": "OpenAI", - "severity": "Medium", - "text": "Use prompt engineering techniques to improve the accuracy of LLM responses", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "e737897e-71ca-47da-acfa-962a1594946d", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/red-teaming", - "service": "OpenAI", - "severity": "Medium", - "text": "Red team your GenAI applications", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "edb117e6-76aa-4f66-aca4-8e5a95f2223e", - "link": "https://www.microsoft.com/haxtoolkit/guideline/encourage-granular-feedback/", - "service": "OpenAI", - "severity": "Medium", - "text": "Provide end users with scoring options for LLM responses and track these scores. ", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "d5f3547c-c346-4d81-9028-a71ffe1b9b5d", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268", - "service": "OpenAI", - "severity": "High", - "text": "Consider Quota management practices. Use dynamic quota for certain use cases when your application can use extra capacity opportunistically or the application itself is driving the rate at which the Azure OpenAI API is called", - "waf": "Cost Optimization" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc410", - "link": "https://github.com/Azure/aoai-apim/blob/main/README.md", - "service": "OpenAI", - "severity": "Medium", - "text": "Use Load balancer solutions like APIM based gateway for balancing load and capacity across services and regions", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc411", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/fine-tuning?tabs=turbo%2Cpython-new&pivots=programming-language-studio#import-training-data-from-azure-blob-store", - "service": "OpenAI", - "severity": "Medium", - "text": "Follow the guidance for fine-tuning with large data files and import the data from an Azure blob store. Large files, 100 MB or larger, can become unstable when uploaded through multipart forms because the requests are atomic and can't be retried or resumed", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc412", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest", - "service": "OpenAI", - "severity": "Medium", - "text": "Manage rate limits for your model deployments and monitor usage of tokens per minute (TPM) and requests per minute (RPM) for pay-as-you-go deployments", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc413", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitor-openai", - "service": "OpenAI", - "severity": "Medium", - "text": "Monitor provision-managed utilization if you're using the provisioned throughput payment model", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc414", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/content-filters", - "service": "OpenAI", - "severity": "Medium", - "text": "Tune content filters to minimize false positives from overly aggressive filters", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc415", - "link": "https://learn.microsoft.com/azure/ai-services/openai/encrypt-data-at-rest", - "service": "OpenAI", - "severity": "Medium", - "text": "Use customer-managed keys for fine-tuned models and training data that's uploaded to Azure OpenAI", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "graph": "resources | where type == 'microsoft.cognitiveservices/accounts' and kind =~ 'contentsafety' | project id, compliant = 1", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc416", - "link": "https://learn.microsoft.com/azure/ai-services/content-safety/concepts/jailbreak-detection", - "service": "OpenAI", - "severity": "Medium", - "text": "Implement jailbreak risk detection to safeguard your language model deployments against prompt injection attacks", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc417", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitor-openai", - "service": "OpenAI", - "severity": "Medium", - "text": "Use security controls like throttling, service isolation and gateway pattern to prevent attacks that might exhaust model usage quotas", - "waf": "Security" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "72d41e36-11cc-457b-9a4b-1410d43958a9", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs", - "service": "OpenAI", - "severity": "Medium", - "text": "Develop your cost model, considering prompt sizes. Understanding prompt input and response sizes and how text translates into tokens helps you create a viable cost model", - "waf": "Cost Optimization" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "72d41e36-11cc-457b-9a4b-1410d43958a1", - "link": "https://azure.microsoft.com/pricing/details/cognitive-services/openai-service/", - "service": "OpenAI", - "severity": "Medium", - "text": "Consider model pricing and capabilities when you choose models. Start with less-costly models for less-complex tasks like text generation or completion tasks and for complex tasks like language translation or content understanding, consider using more advanced models. Optimize costs while still achieving the desired application performance", - "waf": "Cost Optimization" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "72d41e36-11cc-457b-9a4b-1410d43958a2", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs", - "service": "OpenAI", - "severity": "Medium", - "text": "Maximize Azure OpenAI price breakpoints like fine-tuning and model breakpoints like image generation to your advantage. Fine-tuning is charged per hour, use as much time as you have available per hour to improve results without slipping into the next billing period. The cost for generating 100 images is the same as the cost for 1 image", - "waf": "Cost Optimization" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "72d41e36-11cc-457b-9a4b-1410d43958a3", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs", - "service": "OpenAI", - "severity": "Medium", - "text": "Remove unused fine-tuned models when they're no longer being consumed to avoid incurring an ongoing hosting fee", - "waf": "Cost Optimization" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "7f42c78e-78cb-46a2-8ad1-90916e6a8d8g", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs", - "service": "OpenAI", - "severity": "Medium", - "text": "Create concise prompts that provide enough context for the model to generate a useful response. Also ensure that you optimize the limit of the response length.", - "waf": "Cost Optimization" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "b4861bc3-bc14-4aeb-9e66-e8d9a3aec219", - "link": "https://learn.microsoft.com/azure/ai-services/create-account-bicep", - "service": "OpenAI", - "severity": "Medium", - "text": "Use infrastructure as code (IaC) to deploy Azure OpenAI, model deployments, and other infrastructure required for fine-tuning models", - "waf": "Operational Excellence" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Azure OpenAI Review", - "guid": "2744293b-b628-4537-a551-19b08e8f5855", - "link": "https://learn.microsoft.com/azure/architecture/guide/multitenant/service/openai", - "service": "OpenAI", - "severity": "Medium", - "text": "Consider using dedicated model deployments per consumer group to provide per-model usage isolation that can help prevent noisy neighbors between your consumer groups", - "waf": "Operational Excellence" + "text": "Leverage Azure DevOps or GitHub to streamline CI/CD and safeguard your Function App code", + "waf": "Operations" }, { "arm-service": "Microsoft.ApiManagement/service", @@ -5016,2245 +11883,6 @@ "text": "Use web application firewall (WAF) by deploying Application Gateway in front of APIM", "waf": "Security" }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Leverage zone-redundancy to ensure high availability in the event of zone-level failures. Use Premium V2/V3 or Isolated v2 tiers, which provide support for zone-redundant deployments and ensure minimal downtime during disasters.", - "guid": "b32e1aa1-4813-4602-88fe-27ca2891f421", - "link": "https://learn.microsoft.com/azure/architecture/reference-architectures/app-service-web-app/zone-redundant?source=recommendations", - "service": "App Services", - "severity": "Low", - "text": "Implement a baseline highly available zone-redundant web application architecture. Ensure your Azure App Service is on Premium V2/V3 or Isolated v2 tiers for zone-redundant support.", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Leverage staging slots for zero-downtime deployments and automated backups to ensure disaster recovery. Choose the appropriate tier (Standard or Premium) based on the number of slots and disaster recovery requirements.", - "graph": "resources | where type =~ 'microsoft.web/serverfarms' | extend compliant = (sku.tier == 'Premium' or sku.tier == 'Standard') | distinct id,compliant", - "guid": "e4b31c6a-2e3f-4df1-8e8b-9c3aa5a27820", - "link": "https://learn.microsoft.com/azure/app-service/overview-hosting-plans", - "service": "App Services", - "severity": "Medium", - "text": "Use Premium and Standard tiers for staging slots and automated backups. Align your backup retention period with disaster recovery needs.", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Availability Zones provide physical isolation across datacenters in a region, reducing downtime during outages. Verify your region supports Availability Zones and use Premium V2/V3 tiers for zone-redundant deployments.", - "guid": "a7e2e6c2-491f-4fa4-a82b-521d0bc3b202", - "link": "https://learn.microsoft.com/azure/reliability/migrate-app-service", - "service": "App Services", - "severity": "High", - "text": "Leverage Availability Zones where regionally applicable (Premium V2/V3 tier required). Check region support for Availability Zones.", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Enable health checks to detect unhealthy instances in real-time and automatically replace them to maintain high availability and application reliability.", - "graph": "appserviceresources | where type =~ 'microsoft.web/sites/config' | extend compliant = (properties.HealthCheckPath != '') | distinct id,compliant", - "guid": "1275e4a9-7b6a-43c3-a9cd-5ee18d8995ad", - "link": "https://learn.microsoft.com/azure/app-service/monitor-instances-health-check", - "service": "App Services", - "severity": "Medium", - "text": "Implement health checks to monitor and detect issues with App Service instances. Health checks enable automatic instance replacement on failure.", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Follow best practices for configuring backups and restores in Azure App Service and ASE to guarantee data availability and ensure recovery during disaster scenarios.", - "guid": "35a91c5d-4ad6-4d9b-8e0f-c47db9e6d1e7", - "link": "https://learn.microsoft.com/azure/app-service/manage-backup", - "service": "App Services", - "severity": "High", - "text": "Refer to backup and restore best practices for Azure App Service and App Service Environments (ASE) to ensure data availability and recovery.", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Ensure high availability by incorporating scaling, fault tolerance, monitoring, and zone redundancy into your App Service architecture. Leverage health checks and availability zones to maintain uptime.", - "guid": "e68cd0ec-afc6-4bd8-a27f-7860ad9a0db2", - "link": "https://learn.microsoft.com/azure/architecture/framework/services/compute/azure-app-service/reliability", - "service": "App Services", - "severity": "High", - "text": "Implement Azure App Service reliability best practices, including auto-scaling, fault tolerance, health checks, and zone redundancy.", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Prepare for disaster recovery by implementing region failover strategies. Utilize active-active and active-passive configurations, automated failover, and Infrastructure as Code (IaC) for seamless failover during outages.", - "guid": "bd2a865c-0835-4418-bb58-4df91a5a9b3f", - "link": "https://learn.microsoft.com/azure/app-service/manage-disaster-recovery#recover-app-content-only", - "service": "App Services", - "severity": "Low", - "text": "Familiarize with App Service region failover, including active-active and active-passive configurations, automated failover, and IaC deployment.", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Azure App Service offers built-in reliability features, including scaling, fault tolerance, and service-level agreements (SLAs). Leverage these features to maintain consistent performance during outages.", - "guid": "f3d2f1e4-e6d4-4b7a-a5a5-e2a9b2c6f293", - "link": "https://learn.microsoft.com/azure/reliability/reliability-app-service", - "service": "App Services", - "severity": "High", - "text": "Familiarize with reliability support in Azure App Service, including scaling options, SLAs, and automated recovery mechanisms.", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Enabling 'Always On' for Function Apps ensures that the app does not go idle, maintaining its availability and responsiveness at all times.", - "guid": "c7b5f3d1-0569-4fd2-9f32-c0b64e9c0c5e", - "link": "https://learn.microsoft.com/azure/azure-functions/dedicated-plan#always-on", - "service": "App Services", - "severity": "Medium", - "text": "Ensure 'Always On' is enabled for Function Apps running on App Service plans to prevent idling and ensure continuous availability.", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Health checks monitor the health of App Service instances, enabling automatic replacement of unhealthy instances to maintain high availability.", - "guid": "a3b4d5f6-758c-4f9d-9e1a-d7c6b7e8f9ab", - "link": "https://learn.microsoft.com/azure/app-service/monitor-instances-health-check", - "service": "App Services", - "severity": "Medium", - "text": "Monitor App Service instances using Health checks to detect unhealthy instances and automatically replace them.", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "guid": "c7d3e5f9-a19c-4833-8ca6-1dcb0128e129", - "link": "https://learn.microsoft.com/azure/azure-monitor/app/availability-overview", - "service": "App Services", - "severity": "Medium", - "text": "Monitor availability and responsiveness of web app or website using Application Insights availability tests, ensuring proactive detection of performance issues and downtime.", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "guid": "b4e3f2d5-a5c6-4d7e-8b2f-c5d9e7a8f0ea", - "link": "https://learn.microsoft.com/azure/azure-monitor/app/availability-standard-tests", - "service": "App Services", - "severity": "Low", - "text": "Use Application Insights Standard test to monitor availability and responsiveness of web app or website", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Azure Key Vault ensures secrets are encrypted, securely stored, and accessed only by authorized applications. It supports audit logging, and secret versioning, and reduces the risk of accidental exposure of sensitive information.", - "guid": "834ac932-223e-4ce8-8b12-3071a5416415", - "link": "https://learn.microsoft.com/azure/app-service/app-service-key-vault-references", - "service": "App Services", - "severity": "High", - "text": "Use Azure Key Vault to store any secrets the application needs. Key Vault provides a secure, managed, and audited environment for storing secrets, and integrates seamlessly with App Service via App Service Key Vault References for enhanced security.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Managed Identity eliminates the need for hard-coded credentials by allowing App Service to authenticate to Azure Key Vault securely. This reduces the risk of credential exposure and simplifies secret management for enhanced security.", - "guid": "833ea3ad-2c2d-4e73-8165-c3acbef4abe1", - "link": "https://learn.microsoft.com/azure/app-service/app-service-key-vault-references", - "service": "App Services", - "severity": "High", - "text": "Use Managed Identity to securely connect to Azure Key Vault for accessing secrets, through App Service Key Vault References.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Storing TLS certificates in Azure Key Vault enhances security by providing centralized, secure management and automated renewal of certificates. This reduces the risk of manual handling errors and certificate expiration.", - "guid": "f8d39fda-4776-4831-9c11-5775c2ea55b4", - "link": "https://learn.microsoft.com/azure/app-service/configure-ssl-certificate", - "service": "App Services", - "severity": "High", - "text": "Use Azure Key Vault to securely store and manage TLS certificates for App Service.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "To minimize exposure and improve security, isolate systems processing sensitive data. Leverage separate App Service Plans or App Service Environments for isolation, and use different subscriptions or management groups to enforce stricter boundaries and governance.", - "guid": "6ad48408-ee72-4734-a475-ba18fdbf590c", - "link": "https://learn.microsoft.com/azure/app-service/overview-hosting-plans", - "service": "App Services", - "severity": "Medium", - "text": "Isolate systems that process sensitive information using separate App Service Plans, App Service Environments (ASE), and consider different subscriptions or management groups for enhanced security.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Local disks on App Service are not encrypted and sensitive data should not be stored on those. (For example: D:\\\\Local and %TMP%).", - "guid": "e65de8e0-3f9b-4cbd-9682-66abca264f9a", - "link": "https://learn.microsoft.com/azure/app-service/operating-system-functionality#file-access", - "service": "App Services", - "severity": "Medium", - "text": "Do not store sensitive data on local disk", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Use Microsoft Entra ID or B2C for secure user authentication and Single Sign-On (SSO) across applications. Integrate using the built-in App Service Authentication/Authorization feature for streamlined security and compliance with modern authentication protocols like OpenID Connect.", - "guid": "919ca0b2-c121-459e-814b-933df574eccc", - "link": "https://learn.microsoft.com/azure/app-service/overview-authentication-authorization", - "service": "App Services", - "severity": "Medium", - "text": "Use Microsoft Entra ID or B2C for secure authentication and Single Sign-On (SSO).", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Ensure all code deployments to App Service originate from a controlled, secured environment, such as a well-managed DevOps pipeline. This practice mitigates the risk of deploying unauthorized or malicious code by enforcing version control, code verification, and secure hosting.", - "guid": "3f9bcbd4-6826-46ab-aa26-4f9a19aed9c5", - "link": "https://learn.microsoft.com/azure/app-service/deploy-best-practices", - "service": "App Services", - "severity": "High", - "text": "Deploy code to App Service from a trusted and secure environment.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Disable basic authentication for FTP/FTPS and WebDeploy/SCM to enhance security by enforcing Microsoft Entra ID secured endpoints for deployment. This ensures that only authenticated users using Microsoft Entra ID credentials can access deployment services, including the SCM site.", - "guid": "5d04c2c3-919c-4a0b-8c12-159e114b933d", - "link": "https://learn.microsoft.com/azure/app-service/deploy-configure-credentials#disable-basic-authentication", - "service": "App Services", - "severity": "High", - "text": "Disable basic authentication for FTP/FTPS and WebDeploy/SCM.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Wherever possible, use Managed Identity to securely connect to Microsoft Entra ID-secured resources without storing credentials. If this is not feasible, store secrets in Azure Key Vault and access them using Managed Identity to maintain security and reduce the risk of credential exposure.", - "guid": "f574eccc-d9bd-43ba-bcda-3b54eb2eb03d", - "link": "https://learn.microsoft.com/azure/app-service/overview-managed-identity?tabs=portal%2Chttp", - "service": "App Services", - "severity": "High", - "text": "Use Managed Identity to connect to Microsoft Entra ID secured resources.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "When using images stored in Azure Container Registry, pull these images using a Managed Identity to avoid storing credentials. This ensures secure access to container images and reduces the risk of credential exposure.", - "guid": "d9a25827-18d2-4ddb-8072-5769ee6691a4", - "link": "https://learn.microsoft.com/azure/app-service/configure-custom-container#use-managed-identity-to-pull-image-from-azure-container-registry", - "service": "App Services", - "severity": "High", - "text": "Pull container images from Azure Container Registry using a Managed Identity.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Configure diagnostic settings to send telemetry and security logs (including HTTP, platform, and audit logs) to Log Analytics. Centralized logging enhances monitoring, threat detection, and compliance reporting.", - "guid": "47768314-c115-4775-a2ea-55b46ad48408", - "link": "https://learn.microsoft.com/azure/app-service/troubleshoot-diagnostic-logs", - "service": "App Services", - "severity": "Medium", - "text": "Send App Service runtime and security logs to Log Analytics for centralized monitoring and alerting.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Set up a diagnostic setting to send the activity log to Log Analytics as the central destination for logging and monitoring. This allows you to monitor control plane activity on the App Service resource itself.", - "guid": "ee72734b-475b-4a18-bdbf-590ce65de8e0", - "link": "https://learn.microsoft.com/azure/azure-monitor/essentials/activity-log", - "service": "App Services", - "severity": "Medium", - "text": "Send App Service activity logs to Log Analytics", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Use regional VNet integration, Network Security Groups (NSGs), and User-Defined Routes (UDRs) to control outbound network access. Route traffic through a Network Virtual Appliance (NVA), such as Azure Firewall, and monitor firewall logs to ensure traffic is properly controlled and secure.", - "guid": "c12159e1-14b9-433d-b574-ecccd9bd3baf", - "link": "https://learn.microsoft.com/azure/app-service/overview-vnet-integration", - "service": "App Services", - "severity": "Medium", - "text": "Control outbound network access for App Service using VNet integration, NSGs, UDRs, and firewalls.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Provide a stable outbound IP by using VNet integration with a NAT Gateway or Network Virtual Appliance (NVA) like Azure Firewall. This enables the receiving party to allow-list based on IP, if necessary. For communications with Azure services, use mechanisms like Service Endpoints or private endpoints to avoid relying on static IPs, ensuring secure and efficient connectivity.", - "guid": "cda3b54e-b2eb-403d-b9a2-582718d2ddb1", - "link": "https://learn.microsoft.com/azure/app-service/networking/nat-gateway-integration", - "service": "App Services", - "severity": "Low", - "text": "Ensure a stable IP for outbound communications by using VNet NAT Gateway or Azure Firewall.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Control inbound network access by configuring App Service Access Restrictions, Service Endpoints, or Private Endpoints. Ensure appropriate restrictions are set for both the web app and the SCM (deployment) site to limit unauthorized access and enhance security.", - "guid": "0725769e-e669-41a4-a34a-c932223ece80", - "link": "https://learn.microsoft.com/azure/app-service/networking-features#access-restrictions", - "service": "App Services", - "severity": "High", - "text": "Control inbound network access using Access Restrictions, Service Endpoints, or Private Endpoints.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Protect App Service from malicious inbound traffic by deploying a Web Application Firewall (WAF) using Azure Application Gateway or Azure Front Door. Ensure WAF logs are monitored regularly to detect and respond to security threats.", - "guid": "b123071a-5416-4415-a33e-a3ad2c2de732", - "link": "https://learn.microsoft.com/azure/app-service/networking/app-gateway-with-service-endpoints", - "service": "App Services", - "severity": "High", - "text": "Use a Web Application Firewall (WAF) in front of App Service.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "To prevent the Web Application Firewall (WAF) from being bypassed, lock down access to App Service by using Access Restrictions, Service Endpoints, and Private Endpoints. This ensures that all traffic is routed through the WAF, providing a secure front layer of protection.", - "guid": "165c3acb-ef4a-4be1-b8d3-9fda47768314", - "link": "https://learn.microsoft.com/azure/app-service/networking-features#access-restrictions", - "service": "App Services", - "severity": "High", - "text": "Ensure the WAF cannot be bypassed by securing access to App Service.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Ensure that the minimum TLS policy is set to 1.2 or higher, with a preference for TLS 1.3, to enhance security through stronger encryption protocols. TLS 1.3 provides additional security improvements and faster handshake times, reducing vulnerabilities associated with older versions.", - "graph": "appserviceresources | where type =~ 'microsoft.web/sites/config' | extend compliant = (properties.MinTlsVersion>=1.2) | distinct id,compliant", - "guid": "c115775c-2ea5-45b4-9ad4-8408ee72734b", - "link": "https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-tls-versions", - "service": "App Services", - "severity": "Medium", - "text": "Set minimum TLS policy to 1.2 or higher, preferably 1.3, in App Service configuration.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Configure App Service to enforce HTTPS-only, automatically redirecting all HTTP traffic to HTTPS. Additionally, implement HTTP Strict Transport Security (HSTS) in your code or via a Web Application Firewall (WAF) to ensure browsers only access the site over HTTPS, enhancing security by preventing downgrade attacks.", - "graph": "where (type=='microsoft.web/sites' and (kind == 'app' or kind == 'app,linux' )) | extend compliant = (properties.httpsOnly==true) | distinct id,compliant", - "guid": "475ba18f-dbf5-490c-b65d-e8e03f9bcbd4", - "link": "https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-https", - "service": "App Services", - "severity": "High", - "text": "Use HTTPS only and consider enabling HTTP Strict Transport Security (HSTS).", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Do not use wildcards (*) in your CORS configuration, as this permits unrestricted access from any origin, compromising security. Instead, explicitly specify trusted origins that are allowed to access the service, ensuring controlled access.", - "guid": "68266abc-a264-4f9a-89ae-d9c55d04c2c3", - "link": "https://learn.microsoft.com/azure/app-service/app-service-web-tutorial-rest-api", - "service": "App Services", - "severity": "High", - "text": "Avoid using wildcards for CORS; specify allowed origins explicitly.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Remote debugging should not be enabled in production as it opens additional ports, increasing the attack surface. Although App Service automatically turns off remote debugging after 48 hours, it is recommended to disable it manually in production to maintain a secure environment.", - "graph": "appserviceresources | where type =~ 'microsoft.web/sites/config' | extend compliant = (properties.RemoteDebuggingEnabled == false) | distinct id,compliant", - "guid": "d9bd3baf-cda3-4b54-bb2e-b03dd9a25827", - "link": "https://learn.microsoft.com/azure/app-service/configure-common#configure-general-settings", - "service": "App Services", - "severity": "High", - "text": "Turn off remote debugging in production environments.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Enable Defender for App Service. This (amongst other threats) detects communications to known malicious IP addresses. Review the recommendations from Defender for App Service as part of your operations.", - "guid": "18d2ddb1-0725-4769-be66-91a4834ac932", - "link": "https://learn.microsoft.com/azure/defender-for-cloud/defender-for-app-service-introduction", - "service": "App Services", - "severity": "Medium", - "text": "Enable Defender for Cloud - Defender for App Service", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Azure provides DDoS Basic protection on its network, which can be improved with intelligent DDoS Standard capabilities which learns about normal traffic patterns and can detect unusual behavior. DDoS Standard applies to a Virtual Network so it must be configured for the network resource in front of the app, such as Application Gateway or an NVA.", - "guid": "223ece80-b123-4071-a541-6415833ea3ad", - "link": "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview", - "service": "App Services", - "severity": "Medium", - "text": "Enable DDOS Protection Standard on the WAF VNet", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "When using images stored in Azure Container Registry, ensure they are pulled over a virtual network by using a private endpoint and configuring the app setting 'WEBSITE_PULL_IMAGE_OVER_VNET'. This ensures secure communication between App Service and the registry, preventing exposure to the public internet.", - "guid": "2c2de732-165c-43ac-aef4-abe1f8d39fda", - "link": "https://learn.microsoft.com/azure/app-service/configure-custom-container#use-an-image-from-a-network-protected-registry", - "service": "App Services", - "severity": "Medium", - "text": "Pull container images over a Virtual Network from Azure Container Registry.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Perform a penetration test on the web application in accordance with Azure's penetration testing rules of engagement. This helps identify vulnerabilities and security weaknesses that can be addressed before they are exploited.", - "guid": "eb2eb03d-d9a2-4582-918d-2ddb10725769", - "link": "https://learn.microsoft.com/azure/security/fundamentals/pen-testing", - "service": "App Services", - "severity": "Medium", - "text": "Conduct a penetration test on the web application.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Ensure that only trusted code, which has been validated and scanned for vulnerabilities, is deployed to production following DevSecOps practices. This minimizes the risk of introducing security vulnerabilities into the application environment.", - "guid": "19aed9c5-5d04-4c2c-9919-ca0b2c12159e", - "link": "https://learn.microsoft.com/azure/architecture/solution-ideas/articles/devsecops-in-azure", - "service": "App Services", - "severity": "Medium", - "text": "Deploy validated and vulnerability-scanned code.", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Ensure that the latest versions of supported platforms, programming languages, protocols, and frameworks are used. Regular updates mitigate the risk of security vulnerabilities and ensure compatibility with security patches.", - "guid": "114b933d-f574-4ecc-ad9b-d3bafcda3b54", - "link": "https://learn.microsoft.com/azure/app-service/overview-patch-os-runtime", - "service": "App Services", - "severity": "High", - "text": "Use up-to-date platforms, languages, protocols and frameworks", - "waf": "Security" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Leverage Auto-Healing in Azure App Service to automatically restart instances or trigger custom actions based on pre-defined failure conditions like memory thresholds, HTTP errors, or specific event logs.", - "guid": "60b3a935-33e5-45c9-87c7-53882e395b46", - "link": "https://learn.microsoft.com/azure/app-service/overview-diagnostics", - "service": "App Services", - "severity": "Medium", - "text": "Use Auto-Healing with custom rules to restart App Service instances automatically when failures occur.", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Configure Azure Monitor alerts based on Application Insights metrics for response times, failure rates, and overall availability. Alerts help detect issues proactively and reduce mean-time-to-recovery (MTTR).", - "guid": "e52e4514-02a7-4e81-a98e-88ce1b18e557", - "link": "https://learn.microsoft.com/azure/azure-monitor/app/alerts", - "service": "App Services", - "severity": "Medium", - "text": "Set up alerts for critical Application Insights metrics, such as response time and failure rates.", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Use Azure Policy to enforce security, compliance, and governance configurations for App Service. Policies can ensure that critical settings such as TLS versions, backup configurations, and network restrictions are enforced across all App Service instances.", - "guid": "361e886f-ca40-4ead-a8e9-1379c642ae9c", - "link": "https://learn.microsoft.com/azure/governance/policy/overview", - "service": "App Services", - "severity": "High", - "text": "Apply Azure Policy to enforce compliance across App Service configurations.", - "waf": "Governance" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "Leverage Azure Cost Management to track and forecast App Service expenses. Set up alerts for budget thresholds to avoid overspending, and optimize costs based on resource utilization trends.", - "guid": "42eb48f0-28ff-497c-b2c0-a8fa1f989832", - "link": "https://learn.microsoft.com/azure/cost-management-billing/", - "service": "App Services", - "severity": "Low", - "text": "Monitor App Service costs using Azure Cost Management and create cost alerts.", - "waf": "Cost" - }, - { - "arm-service": "microsoft.web/sites", - "checklist": "Azure App Service Review", - "description": "If you have predictable and steady usage of App Service, purchasing Reserved Instances can significantly reduce long-term costs. Commit to one or three years for lower pricing compared to pay-as-you-go.", - "guid": "e489221b-487e-48a3-aaab-48e3d205ca12", - "link": "https://learn.microsoft.com/azure/cost-management-billing/reservations/", - "service": "App Services", - "severity": "Medium", - "text": "Purchase reserved instances for App Service plans to optimize long-term costs.", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "32e42e36-11c8-418b-8a0b-c510e43a18a9", - "service": "AVS", - "severity": "High", - "text": "Ensure ADDS domain controller(s) are deployed in the identity subscription in native Azure", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "75089c20-990d-4927-b105-885576f76fc2", - "service": "AVS", - "severity": "Medium", - "text": "Ensure ADDS sites and services is configured to keep authentication requests from Azure-based resources (including Azure VMware Solution) local to Azure", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "de3aad1e-7c28-4ec9-9666-b7570449aa80", - "service": "AVS", - "severity": "High", - "text": "Ensure that vCenter is connected to ADDS to enable authentication based on 'named user accounts'", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "cd289ced-6b17-4db8-8554-61e2aee3553a", - "service": "AVS", - "severity": "Medium", - "text": "Ensure that the connection from vCenter to ADDS is using a secure protocol (LDAPS)", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "b9d37dac-43bc-46cd-8d79-a9b24604489a", - "service": "AVS", - "severity": "Medium", - "text": "CloudAdmin account in vCenter IdP is used only as an emergency account (break-glass)", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "53d88e89-d17b-473b-82a5-a67e7a9ed5b3", - "service": "AVS", - "severity": "High", - "text": "Ensure that NSX-Manager is integrated with an external Identity provider (LDAPS)", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "ae0e37ce-e297-411b-b352-caaab79b198d", - "service": "AVS", - "severity": "Medium", - "text": "Has an RBAC model been created for use within VMware vSphere", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "ab81932c-9fc9-4d1b-a780-36f5e6bfbb9e", - "service": "AVS", - "severity": "Medium", - "text": "RBAC permissions should be granted on ADDS groups and not on specific users", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "d503547c-c447-4e82-9128-a71f0f1cac6d", - "service": "AVS", - "severity": "High", - "text": "RBAC permissions on the Azure VMware Solution resource in Azure are 'locked down' to a limited set of owners only", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "fd9f0df4-68dc-4976-b9a9-e6a79f7682c5", - "service": "AVS", - "severity": "High", - "text": "Ensure all custom roles are scoped with CloudAdmin permitted authorizations", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "9ef1d5e8-32e4-42e3-911c-818b0a0bc510", - "link": "https://github.com/Azure/AzureCAT-AVS/tree/main/networking", - "service": "AVS", - "severity": "High", - "text": "Is the correct Azure VMware Solution connectivity model selected for the customer use case at hand", - "waf": "Performance" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "eb710a37-cbc1-4055-8dd5-a936a8bb7cf5", - "service": "AVS", - "severity": "High", - "text": "Ensure ExpressRoute or VPN connections from on-premises to Azure are monitored using 'connection monitor'", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "976e24f2-a7f8-426c-9253-2a92a2a7ed99", - "service": "AVS", - "severity": "Medium", - "text": "Ensure a connection monitor is created from an Azure native resource to an Azure VMware Solution virtual machine to monitor the Azure VMware Solution back-end ExpressRoute connection", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "f41ce6a0-64f3-4805-bc65-3ab50df01265", - "service": "AVS", - "severity": "Medium", - "text": "Ensure a connection monitor is created from an on-premises resource to an Azure VMware Solution virtual machine to monitor end-2-end connectivity", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "563b4dc7-4a74-48b6-933a-d1a0916a6649", - "service": "AVS", - "severity": "High", - "text": "When route server is used, ensure no more then 1000 routes are propagated from route server to ExR gateway to on-premises (ARS limit).", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "6128a71f-0f1c-4ac6-b9ef-1d5e832e42e3", - "service": "AVS", - "severity": "High", - "text": "Is Privileged Identity Management implemented for roles managing the Azure VMware Solution resource in the Azure Portal (no standing permissions allowed)", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "c4e2436b-b336-4d71-9f17-960eee0b9b5c", - "service": "AVS", - "severity": "High", - "text": "Privileged Identity Management audit reporting should be implemented for the Azure VMware Solution PIM roles", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "78c447a8-26b2-4863-af0f-1cac599ef1d5", - "service": "AVS", - "severity": "Medium", - "text": "If using Privileged Identity Management is being used, ensure that a valid Entra ID enabled account is created with a valid SMTP record for Azure VMware Solution Automatic Host replacement notifications. (standing permissions required)", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "8defc4d7-21d3-41d2-90fb-707ae9eab40e", - "service": "AVS", - "severity": "High", - "text": "Limit use of CloudAdmin account to emergency access only", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "d329f798-bc17-48bd-a5a0-6ca7144351d1", - "service": "AVS", - "severity": "Medium", - "text": "Create custom RBAC roles in vCenter to implement a least-privilege model inside vCenter", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "9dd24429-eb72-4281-97a1-51c5bb4e4f18", - "service": "AVS", - "severity": "Medium", - "text": "Is a process defined to regularly rotate cloudadmin (vCenter) and admin (NSX) credentials", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "586cb291-ec16-4a1d-876e-f9f141acdce5", - "service": "AVS", - "severity": "High", - "text": "Use a centralized identity provider to be used for workloads (VM's) running on Azure VMware Solution", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "79377bcd-b375-41ab-8ab0-ead66e15d3d4", - "service": "AVS", - "severity": "Medium", - "text": "Is East-West traffic filtering implemented within NSX-T", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "a2adb1c3-d232-46af-825c-a44e1695fddd", - "service": "AVS", - "severity": "High", - "text": "Workloads on Azure VMware Solution are not directly exposed to the internet. Traffic is filtered and inspected by Azure Application Gateway, Azure Firewall or 3rd party solutions", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "eace4cb1-deb4-4c65-8c3f-c14eeab36938", - "service": "AVS", - "severity": "High", - "text": "Auditing and logging is implemented for inbound internet requests to Azure VMware Solution and Azure VMware Solution based workloads", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "29e3eec2-1836-487a-8077-a2b5945bda43", - "service": "AVS", - "severity": "Medium", - "text": "Session monitoring is implemented for outbound internet connections from Azure VMware Solution or Azure VMware Solution based workloads to identify suspicious/malicious activity", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "graph": "resources| where type =~ 'Microsoft.Network/virtualNetworkGateways'| mv-expand ipConfigurations=properties.ipConfigurations| project subnetId=tostring(ipConfigurations.properties.subnet.id)| where isnotempty(subnetId)| join (resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,enableDdosProtection=tostring(properties.enableDdosProtection),subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,enableDdosProtection,subnetId=tostring(subnets.id)) on subnetId | distinct id,resourceGroup,name,enableDdosProtection | project id, compliant = (enableDdosProtection == 'true')", - "guid": "334fdf91-c234-4182-a652-75269440b4be", - "service": "AVS", - "severity": "Medium", - "text": "Is DDoS standard protection enabled on ExR/VPN Gateway subnet in Azure", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "3d3e0843-276d-44bd-a015-bcf219e4a1eb", - "service": "AVS", - "severity": "Medium", - "text": "Use a dedicated privileged access workstation (PAW) to manage Azure VMware Solution, vCenter, NSX manager and HCX manager", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "9ccbd869-266a-4cca-874f-aa19bf39d95d", - "service": "AVS", - "severity": "Medium", - "text": "Enable Advanced Threat Detection (Microsoft Defender for Cloud aka ASC) for workloads running on Azure VMware Solution", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "44c7c891-9ca1-4f6d-9315-ae524ba34d45", - "service": "AVS", - "severity": "Medium", - "text": "Use Azure ARC for Servers to properly govern workloads running on Azure VMware Solution using Azure native technologies (Azure ARC for Azure VMware Solution is not yet available)", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "85e12139-bd7b-4b01-8f7b-95ef6e043e2a", - "service": "AVS", - "severity": "Low", - "text": "Ensure workloads on Azure VMware Solution use sufficient data encryption during run-time (like in-guest disk encryption and SQL TDE). (vSAN encryption at rest is default)", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "a3592718-e6e2-4051-9267-6ae46691e883", - "service": "AVS", - "severity": "Low", - "text": "When in-guest encryption is used, store encryption keys in Azure Key vault when possible", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "5ac94222-3e13-4810-9230-81a941741583", - "service": "AVS", - "severity": "Medium", - "text": "Consider using extended security update support for workloads running on Azure VMware Solution (Azure VMware Solution is eligible for ESU)", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "3ef7ad7c-6d37-4331-95c7-acbe44bbe609", - "service": "AVS", - "severity": "High", - "text": "Ensure that the appropriate vSAN Data redundancy method is used (RAID specification)", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "d88408f3-7273-44c8-96ba-280214590146", - "service": "AVS", - "severity": "High", - "text": "Ensure that the Failure-to-tolerate policy is in place to meet your vSAN storage needs", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "d89f2e87-7784-424d-9167-85c6fa95b96a", - "service": "AVS", - "severity": "High", - "text": "Ensure that you have requested enough quota, ensuring you have considered growth and Disaster Recovery requirement", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "5d38e53f-9ccb-4d86-a266-acca274faa19", - "service": "AVS", - "severity": "Medium", - "text": "Ensure that access constraints to ESXi are understood, there are access limits which might affect 3rd party solutions.", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "bf39d95d-44c7-4c89-89ca-1f6d5315ae52", - "service": "AVS", - "severity": "Medium", - "text": "Ensure that you have a policy around ESXi host density and efficiency, keeping in mind the lead time for requesting new nodes", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "4ba34d45-85e1-4213-abd7-bb012f7b95ef", - "service": "AVS", - "severity": "Medium", - "text": "Ensure a good cost management process is in place for Azure VMware Solution - Azure Cost Management can be used", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "6e043e2a-a359-4271-ae6e-205172676ae4", - "service": "AVS", - "severity": "Low", - "text": "Are Azure reserved instances used to optimize cost for using Azure VMware Solution", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "6691e883-5ac9-4422-83e1-3810523081a9", - "service": "AVS", - "severity": "Medium", - "text": "Consider the use of Azure Private-Link when using other Azure Native Services", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "db611712-6904-40b4-aa3d-3e0803276d4b", - "service": "AVS", - "severity": "High", - "text": "Ensure all required resource reside within the same Azure availability zone(s)", - "waf": "Performance" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "48b262d6-cc5f-4512-a253-98e6db9d37da", - "service": "AVS", - "severity": "Medium", - "text": "Enable Microsoft Defender for Cloud for Azure VMware Solution guest VM workloads", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "41741583-3ef7-4ad7-a6d3-733165c7acbe", - "service": "AVS", - "severity": "Medium", - "text": "Use Azure Arc enabled servers to manage your Azure VMware Solution guest VM workloads", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "88f03a4d-2cd4-463c-abbc-868295abc91a", - "service": "AVS", - "severity": "High", - "text": "Enable Diagnostic and metric logging on Azure VMware Solution", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "4ed90dae-2cc8-44c4-9b6b-781cbafe6c46", - "service": "AVS", - "severity": "Medium", - "text": "Deploy the Log Analytics Agents to Azure VMware Solution guest VM workloads", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "589d457a-927c-4397-9d11-02cad6aae11e", - "service": "AVS", - "severity": "Medium", - "text": "Ensure you have a documented and implemented backup policy and solution for Azure VMware Solution VM workloads", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "ee29711b-d352-4caa-ab79-b198dab81932", - "service": "AVS", - "severity": "Medium", - "text": "Use Microsoft Defender for Cloud for compliance monitoring of workloads running on Azure VMware Solution", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "c9fc9d1b-b780-436f-9e6b-fbb9ed503547", - "service": "AVS", - "severity": "Medium", - "text": "Are the applicable compliance baselines added to Microsoft Defender for Cloud", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "cc447e82-6128-4a71-b0f1-cac6d9ef1d5e", - "service": "AVS", - "severity": "High", - "text": "Was data residency evaluated when selecting Azure regions to use for Azure VMware Solution deployment", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "832e42e3-611c-4818-a0a0-bc510e43a18a", - "service": "AVS", - "severity": "High", - "text": "Are data processing implications (service provider / service consumer model) clear and documented", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "547c1747-dc56-4068-a714-435cd19dd244", - "service": "AVS", - "severity": "Medium", - "text": "Consider using CMK (Customer Managed Key) for vSAN only if needed for compliance reason(s).", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "e43a18a9-cd28-49ce-b6b1-7db8255461e2", - "service": "AVS", - "severity": "High", - "text": "Create dashboards to enable core Azure VMware Solution monitoring insights", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "graph": "resources| where type =~ 'Microsoft.AVS/privateClouds'| join kind=leftouter(resources| where type =~ 'Microsoft.Insights/metricalerts'| mv-expand scopes=properties.scopes| mv-expand criteria=properties.criteria.allOf| extend metricName=criteria.metricName| distinct tostring(scopes), tostring(metricName))on $left.id == $right.scopes| extend compliant=toint(metricName in ('UsageAverage', 'EffectiveCpuAverage', 'DiskUsedPercentage'))| summarize compliant=min(compliant) by id", - "guid": "6b84ee5d-f47d-42d9-8881-b1cd5d1e54a2", - "service": "AVS", - "severity": "High", - "text": "Create warning alerts for critical thresholds for automatic alerting on Azure VMware Solution performance (CPU >80%, Avg Memory >80%, vSAN >70%)", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "graph": "resources| where type =~ 'Microsoft.AVS/privateClouds'| join kind=leftouter(resources| where type =~ 'Microsoft.Insights/metricalerts'| mv-expand scopes=properties.scopes| mv-expand criteria=properties.criteria.allOf| extend metricName=criteria.metricName| distinct tostring(scopes), tostring(metricName))on $left.id == $right.scopes| extend compliant=toint(metricName in ('UsageAverage', 'EffectiveCpuAverage', 'DiskUsedPercentage'))| summarize compliant=min(compliant) by id", - "guid": "9659e396-80e7-4828-ac93-5657d02bff45", - "service": "AVS", - "severity": "High", - "text": "Ensure critical alert is created to monitor if vSAN consumption is below 75% as this is a support threshold from VMware", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "graph": "resources| distinct subscriptionId| join kind=leftouter( resources | where type =~ 'microsoft.insights/activitylogalerts' | mv-expand condition1 = properties.condition.allOf | mv-expand condition2 = condition1.anyOf | extend alertEnabled = tostring(properties.enabled) | summarize set_condition1=make_set(condition1.equals), set_condition2=make_set(condition2.equals) by id, name,type,tenantId,resourceGroup,subscriptionId, alertEnabled | where set_has_element(set_condition1, 'ServiceHealth') | extend category = 'ServiceHealth' | extend all = iff(set_has_element(set_condition1, 'ServiceHealth') and array_length(set_condition2) == 0, true, false) | extend incident = iff(all, true, iff(set_has_element(set_condition1, 'Incident'), true, set_has_element(set_condition2, 'Incident'))) | extend maintenance = iff(all, true, iff(set_has_element(set_condition1, 'Maintenance'), true, set_has_element(set_condition2, 'Maintenance'))) | extend informational = iff(all, true, iff(set_has_element(set_condition1, 'Informational') or set_has_element(set_condition1, 'ActionRequired'), true, set_has_element(set_condition2, 'Informational') or set_has_element(set_condition2, 'ActionRequired'))) | extend security = iff(all, true, iff(set_has_element(set_condition1, 'Security'), true, set_has_element(set_condition2, 'Security'))) | project id, name, subscriptionId, category, tostring(alertEnabled), tostring(incident), tostring(maintenance), tostring(informational), tostring(security) | summarize count_alertEnabled=countif(alertEnabled == 'true'), count_incident=countif(incident == 'True'), count_maintenance=countif(maintenance == 'True'), count_informational=countif(informational == 'True'), count_security=countif(security == 'True') by subscriptionId) on subscriptionId| project subscriptionId, alertEnabled=iff(isnotnull(count_alertEnabled), count_alertEnabled, 0), incident=iff(isnotnull(count_incident), count_incident, 0), security=iff(isnotnull(count_security), count_security, 0), maintenance=iff(isnotnull(count_maintenance), count_maintenance, 0), informational=iff(isnotnull(count_informational), count_informational, 0)| order by incident, maintenance, informational, security desc| project id=subscriptionId, compliant=(alertEnabled > 0 and incident > 0 and security > 0 and maintenance > 0 and informational > 0)", - "guid": "64b0d934-a348-4726-be79-d6b5c3a36495", - "service": "AVS", - "severity": "High", - "text": "Ensure alerts are configured for Azure Service Health alerts and notifications", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "b6abad38-aad5-43cc-99e1-d86667357c54", - "service": "AVS", - "severity": "Medium", - "text": "Configure Azure VMware Solution logging to be send to an Azure Storage account or Azure EventHub for processing", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "9674c5ed-85b8-459c-9733-be2b1a27b775", - "service": "AVS", - "severity": "Low", - "text": "If deep insight in VMware vSphere is required: Is vRealize Operations and/or vRealize Network Insights used in the solution?", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "a91be1f3-88f0-43a4-b2cd-463cbbbc8682", - "service": "AVS", - "severity": "High", - "text": "Ensure the vSAN storage policy for VM's is NOT the default storage policy as this policy applies thick provisioning", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "d9ef1d5e-832d-442e-9611-c818b0afbc51", - "service": "AVS", - "severity": "Medium", - "text": "Ensure vSphere content libraries are not placed on vSAN as vSAN is a finite resource", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "0e43a18a-9cd2-489b-bd6b-17db8255461e", - "service": "AVS", - "severity": "Medium", - "text": "Ensure data repositories for the backup solution are stored outside of vSAN storage. Either in Azure native or on a disk pool-backed datastore", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "2aee3453-aec8-4339-848b-262d6cc5f512", - "service": "AVS", - "severity": "Medium", - "text": "Ensure workloads running on Azure VMware Solution are hybrid managed using Azure Arc for Servers (Arc for Azure VMware Solution is in preview)", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "925398e6-da9d-437d-ac43-bc6cd1d79a9b", - "service": "AVS", - "severity": "Medium", - "text": "Ensure workloads running on Azure VMware Solution are monitored using Azure Log Analytics and Azure Monitor", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "24604489-a8f4-42d7-ae78-cb6a33bd2a09", - "service": "AVS", - "severity": "Medium", - "text": "Include workloads running on Azure VMware Solution in existing update management tooling or in Azure Update Management", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "17e7a8d9-0ae0-4e27-aee2-9711bd352caa", - "service": "AVS", - "severity": "Medium", - "text": "Use Azure Policy to onboard Azure VMware Solution workloads in the Azure Management, Monitoring and Security solutions", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "aee3553a-fc83-4392-98b2-62d6cc5f5129", - "service": "AVS", - "severity": "Medium", - "text": "Ensure workloads running on Azure VMware Solution are onboarded to Microsoft Defender for Cloud", - "waf": "Security" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "25398e6d-b9d3-47da-a43b-c6cd1d79a9b2", - "service": "AVS", - "severity": "Medium", - "text": "Ensure backups are not stored on vSAN as vSAN is a finite resource", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "5e6bfbb9-ed50-4354-9cc4-47e826028a71", - "service": "AVS", - "severity": "Medium", - "text": "Have all DR solutions been considered and a solution that is best for your business been decided upon? [SRM/JetStream/Zerto/Veeam/...]", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "f0f1cac6-d9ef-41d5-b832-d42e3611c818", - "service": "AVS", - "severity": "Medium", - "text": "Use Azure Site Recovery when the Disaster Recovery technology is native Azure IaaS", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "b0afbc51-0e43-4a18-a9cd-289bed6b17db", - "service": "AVS", - "severity": "High", - "text": "Use Automated recovery plans with either of the Disaster solutions, avoid manual tasks as much as possible", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "8255461e-2aee-4345-9aec-8339248b262d", - "service": "AVS", - "severity": "Medium", - "text": "Use the geopolitical region pair as the secondary disaster recovery environment", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "6cc5f512-9253-498e-9da9-d37dac43bc6c", - "service": "AVS", - "severity": "High", - "text": "Use 2 different address spaces between the regions, for example: 10.0.0.0/16 and 192.168.0.0/16 for the different regions", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "d1d79a9b-2460-4448-aa8f-42d78e78cb6a", - "service": "AVS", - "severity": "Medium", - "text": "Will ExpressRoute Global Reach be used for connectivity between the primary and secondary Azure VMware Solution Private Clouds or is routing done through network virtual appliances?", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "33bd2a09-17e7-4a8d-a0ae-0e27cee29711", - "service": "AVS", - "severity": "Medium", - "text": "Have all Backup solutions been considered and a solution that is best for your business been decided upon? [ MABS/CommVault/Metallic.io/Veeam/�. ]", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "bd352caa-ab79-4b18-adab-81932c9fc9d1", - "service": "AVS", - "severity": "Medium", - "text": "Deploy your backup solution in the same region as your Azure VMware Solution private cloud", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "bb77036f-5e6b-4fbb-aed5-03547cc447e8", - "service": "AVS", - "severity": "Medium", - "text": "Deploy your backup solution outside of vSan, on Azure native components", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "26028a71-f0f1-4cac-9d9e-f1d5e832d42e", - "service": "AVS", - "severity": "Low", - "text": "Is a process in place to request a restore of the VMware components managed by the Azure Platform?", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "4604489a-8f42-4d78-b78c-b7a33bd2a0a1", - "service": "AVS", - "severity": "Low", - "text": "For manual deployments, all configuration and deployments must be documented", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "7e7a8d90-ae0e-437c-be29-711bd352caaa", - "service": "AVS", - "severity": "Low", - "text": "For manual deployments, consider implementing resource locks to prevent accidental actions on your Azure VMware Solution Private Cloud", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "b79b198d-ab81-4932-a9fc-9d1bb78036f5", - "service": "AVS", - "severity": "Low", - "text": "For automated deployments, deploy a minimal private cloud and scale as needed", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "e6bfbb9e-d503-4547-ac44-7e826128a71f", - "service": "AVS", - "severity": "Low", - "text": "For automated deployments, request or reserve quota prior to starting the deployment", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "0f1cac6d-9ef1-4d5e-a32e-42e3611c818b", - "service": "AVS", - "severity": "Low", - "text": "For automated deployment, ensure that relevant resource locks are created through the automation or through Azure Policy for proper governance", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "e2cc95d4-8c6b-4791-bca0-f6c56589e558", - "service": "AVS", - "severity": "Low", - "text": "Implement human understandable names for ExR authorization keys to allow for easy identification of the keys purpose/use", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "255461e2-aee3-4553-afc8-339248b262d6", - "service": "AVS", - "severity": "Low", - "text": "Use Key vault to store secrets and authorization keys when separate Service Principles are used for deploying Azure VMware Solution and ExpressRoute", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "cc5f5129-2539-48e6-bb9d-37dac43bc6cd", - "service": "AVS", - "severity": "Low", - "text": "Define resource dependencies for serializing actions in IaC when many resources need to be deployed in/on Azure VMware Solution as Azure VMware Solution only supports a limited number of parallel operations.", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "1d79a9b2-4604-4489-a8f4-2d78e78cb7a3", - "service": "AVS", - "severity": "Low", - "text": "When performing automated configuration of NSX-T segments with a single Tier-1 gateway, use Azure Portal APIs instead of NSX-Manager APIs", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "3bd2a0a1-7e7a-48d9-8ae0-e37cee29711b", - "service": "AVS", - "severity": "Medium", - "text": "When intending to use automated scale-out, be sure to apply for sufficient Azure VMware Solution quota for the subscriptions running Azure VMware Solution", - "waf": "Performance" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "d352caaa-b79b-4198-bab8-1932c9fc9d1b", - "service": "AVS", - "severity": "Medium", - "text": "When intending to use automated scale-in, be sure to take storage policy requirements into account before performing such action", - "waf": "Performance" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "b78036f5-e6bf-4bb9-bd50-3547cc447e82", - "service": "AVS", - "severity": "Medium", - "text": "Scaling operations always need to be serialized within a single SDDC as only one scale operation can be performed at a time (even when multiple clusters are used)", - "waf": "Performance" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "bf15bce2-19e4-4a0e-a588-79424d226786", - "service": "AVS", - "severity": "Medium", - "text": "Consider and validate scaling operations on 3rd party solutions used in the architecture (supported or not)", - "waf": "Performance" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "d20b56c5-7be5-4851-a0f8-3835c586cb29", - "service": "AVS", - "severity": "Medium", - "text": "Define and enforce scale in/out maximum limits for your environment in the automations", - "waf": "Performance" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "1dc15a1c-075e-4e9f-841a-cccd579376bc", - "service": "AVS", - "severity": "Medium", - "text": "Implement monitoring rules to monitor automated scaling operations and monitor success and failure to enable appropriate (automated) responses", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "c5972cd4-cd21-4b07-9036-f5e6b4bfd3d5", - "link": "https://learn.microsoft.com/azure/active-directory/app-proxy/application-proxy#how-application-proxy-works", - "service": "AVS", - "severity": "High", - "text": "When using MON, be aware of the limits of simulataneously configured VMs (MON Limit for HCX [400 - standard, 1000 - Larger appliance])", - "training": "https://learn.microsoft.com/learn/modules/configure-azure-ad-application-proxy/", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "be1f38cf-03a8-422b-b463-cbbbc8ac299e", - "link": "https://learn.microsoft.com/azure/active-directory/app-proxy/application-proxy#how-application-proxy-works", - "service": "AVS", - "severity": "High", - "text": "When using MON, you cannot enable MON on more than 100 Network extensions", - "training": "https://learn.microsoft.com/learn/paths/implement-applications-external-access-azure-ad/", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "bc91a43d-90da-4e2c-a881-4706f7c1cbaf", - "service": "AVS", - "severity": "Medium", - "text": "If using a VPN connection for migrations, adjust your MTU size accordingly.", - "waf": "Performance" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "e614658d-d457-4e92-9139-b821102cad6e", - "service": "AVS", - "severity": "Medium", - "text": "For low connectivity regions connecting into Azure (500Mbps or less), considering deploying the HCX WAN optimization appliance", - "waf": "Performance" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "ae01e6e8-43e5-42f4-922d-928c1b1cd521", - "service": "AVS", - "severity": "Medium", - "text": "Ensure that migrations are started from the on-premises appliance and NOT from the Cloud appliance (do NOT perform a reverse migration)", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "e54a29a9-de39-4ac0-b7c2-8dc935657202", - "link": "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-policy-settings", - "service": "AVS", - "severity": "Medium", - "text": "When Azure Netapp Files is used to extend storage for Azure VMware Solution,consider using this as a VMware datastore instead of attaching directly to a VM.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "bff4564b-0d93-44a3-98b2-63e7dd60513a", - "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#avoid-combining-traffic-manager-and-front-door", - "service": "AVS", - "severity": "Medium", - "text": "Ensure that a dedicated ExpressRoute Gateway is being used for external data storage solutions", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "3649906e-bad3-48ea-b53c-c7de1d8aaab3", - "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#use-the-same-domain-name-on-front-door-and-your-origin", - "service": "AVS", - "severity": "Medium", - "text": "Ensure that FastPath is enabled on the ExpressRoute Gateway that is being used for external data storage solutions", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "571549ab-8153-4d89-b89d-c7b33be2b1a2", - "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#disable-health-probes-when-theres-only-one-origin-in-an-origin-group", - "service": "AVS", - "severity": "High", - "text": "If using stretched cluster, ensure that your selected Disaster Recovery solution is supported by the vendor", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "4c486b6d-8bdc-4059-acf7-5ee8a1309888", - "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#select-good-health-probe-endpoints", - "service": "AVS", - "severity": "High", - "text": "If using stretched cluster, ensure that the SLA provided will meet your requirements", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "9579d66b-896d-471f-a6ca-7be9955d04c3", - "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#use-head-health-probes", - "service": "AVS", - "severity": "High", - "text": "If using stretched cluster, ensure that both ExpressRoute circuits are connected to your connectivity hub.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "c49d987c-b3d1-4325-aa12-4b6e4d0685ed", - "link": "https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity", - "service": "AVS", - "severity": "High", - "text": "If using stretched cluster, ensure that both ExpressRoute circuits have GlobalReach enabled.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AVS/privateClouds", - "checklist": "Azure VMware Solution Design Review", - "guid": "dce9793b-7bcd-4b3b-91eb-2ec14eea6e59", - "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#use-managed-tls-certificates", - "service": "AVS", - "severity": "High", - "text": "Have site disaster tolerance settings been properly considered and changed for your business if needed.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Azure Function Review", - "guid": "4238f409-2ea0-43be-a06b-2a993c98aa7b", - "link": "https://learn.microsoft.com/en-us/azure/azure-functions/functions-scale#overview-of-plans", - "service": "Azure Functions", - "severity": "High", - "text": "Select the right Function hosting plan based on your business & SLO requirements", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Azure Function Review", - "guid": "a9808100-d640-4f77-ac56-1ec0600f6752", - "link": "https://learn.microsoft.com/en-us/azure/azure-functions/functions-scale#overview-of-plans", - "query": "resources | where type =~ 'Microsoft.Web/sites' and kind has 'functionapp' and tolower(kind) !contains 'workflow' | extend aspResourceId = tostring(properties.serverFarmId), managedEnvId = tostring(properties.managedEnvironmentId), sku = tostring(properties.sku) | extend sku = iif(isnotempty(sku), sku, iif(isnotempty(managedEnvId), 'ContainerApps', '')) | where sku !in ('Dynamic', 'FlexConsumption', '') | extend aspName = tostring(split(aspResourceId, '/').[-1]), managedEnvName = tostring(split(managedEnvId, '/').[-1]) | extend HostingPlan = tostring(iif(isnotempty(aspName), aspName, managedEnvName)) | project functionAppName = name, functionAppId = id, HostingPlan, sku | join kind=inner ( resources | where type =~ 'Microsoft.Web/serverfarms' or type =~ 'Microsoft.App/managedEnvironments' | extend HostingPlan = tostring(name), zoneRedundant = tostring(properties.zoneRedundant), compliant = tobool(properties.zoneRedundant) | project HostingPlan, resourceId = id, zoneRedundant, compliant ) on HostingPlan | project functionAppName, functionAppId, sku, HostingPlan, resourceId, zoneRedundant, compliant", - "service": "Azure Functions", - "severity": "High", - "text": "Leverage Availability Zones where regionally applicable (not available for Consumption tier)", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Azure Function Review", - "guid": "5969d03e-eacf-4042-b127-73c55e3575fa", - "link": "https://learn.microsoft.com/en-us/azure/reliability/reliability-functions?tabs=azure-portal#cross-region-disaster-recovery-and-business-continuity", - "service": "Azure Functions", - "severity": "Medium", - "text": "Consider a Cross-Region DR strategy for critical workloads", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Azure Function Review", - "guid": "47a0aae0-d8a0-43b1-9791-e934dee3754c", - "link": "https://learn.microsoft.com/en-us/azure/app-service/environment/intro", - "service": "Azure Functions", - "severity": "High", - "text": "If deploying to an Isolated environment, use or migrate to App Service Environment (ASE) v3", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Azure Function Review", - "guid": "17232891-f89f-4eaa-90f1-3b34bf798ed5", - "link": "https://learn.microsoft.com/en-us/azure/azure-functions/dedicated-plan#always-on", - "query": "resources | where type =~ 'Microsoft.Web/sites' and kind has 'functionapp' | where tolower(kind) !contains 'workflow' | where isnotempty(properties.serverFarmId) | extend sku = tostring(properties.sku) | where isnotempty(sku) | where sku !in ('Dynamic', 'FlexConsumption', 'ElasticPremium') | extend alwaysOn = properties.siteConfig.alwaysOn | project functionAppName = name, functionAppId = id, serverFarmId = tostring(properties.serverFarmId), sku, alwaysOn, compliant = tobool(alwaysOn)", - "service": "Azure Functions", - "severity": "High", - "text": "Ensure 'Always On' is enabled for all Function Apps running on App Service Plan", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Azure Function Review", - "guid": "40a325c2-7c0e-49e6-86d8-c273b4dc21ba", - "link": "https://learn.microsoft.com/en-us/azure/azure-functions/storage-considerations?tabs=azure-cli#shared-storage-accounts", - "service": "Azure Functions", - "severity": "Medium", - "text": "Pair a Function App to its own storage account. Try not to re-use storage accounts for Function Apps unless they are tightly coupled", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Azure Function Review", - "guid": "bb42650c-257d-4cb0-822a-131138b8e6f0", - "link": "https://learn.microsoft.com/en-us/training/modules/deploy-azure-functions/", - "service": "Azure Functions", - "severity": "Medium", - "text": "Leverage Azure DevOps or GitHub to streamline CI/CD and safeguard your Function App code", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.BotService/botServices", - "checklist": "Azure Bot Service", - "guid": "6ad48408-ee72-4734-a476-ba28fdcf590c", - "link": "https://learn.microsoft.com/en-us/azure/reliability/reliability-bot", - "service": "Bot service", - "severity": "Medium", - "text": "Follow reliability support recommendations in Azure Bot Service", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.BotService/botServices", - "checklist": "Azure Bot Service", - "guid": "e65de8e1-3f9c-4cbd-9682-66abca264f9a", - "link": "https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-concept-regionalization", - "service": "Bot service", - "severity": "Medium", - "text": "Deploying bots with local data residency and regional compliance", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.BotService/botServices", - "checklist": "Azure Bot Service", - "guid": "19bfe9d5-5d04-4c3c-9919-ca1b2d1215ae", - "link": "https://learn.microsoft.com/en-us/azure/reliability/reliability-bot#cross-region-disaster-recovery-in-multi-region-geography", - "service": "Bot service", - "severity": "Medium", - "text": "Azure Bot Service runs in active-active mode for both global and regional services. When an outage occurs, you don't need to detect errors or manage the service. Azure Bot Service automatically performs auto failover and auto recovery in a multi-region geographical architecture. For the EU bot regional service, Azure Bot Service provides two full regions inside Europe with active/active replication to ensure redundancy. For the global bot service, all available regions/geographies can be served as the global footprint.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AppPlatform/Spring", - "checklist": "Azure Spring Apps Review", - "guid": "6d8e32a8-3892-479d-a40b-10f6b4f6f298", - "link": "https://learn.microsoft.com/azure/spring-apps/concepts-blue-green-deployment-strategies", - "service": "Spring Apps", - "severity": "Medium", - "text": "Azure Spring Apps permits two deployments for every app, only one of which receives production traffic. You can achieve zero downtime with blue green deployment strategies. Blue green deployment is only available in Standard and Enterprise tiers. You could automate deployment using CI/CD with ADO/GitHub actions", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AppPlatform/Spring", - "checklist": "Azure Spring Apps Review", - "guid": "fbcb40ac-9480-4a6d-bcf4-8081252a6716", - "link": "https://learn.microsoft.com/azure/architecture/web-apps/spring-apps/architectures/spring-apps-multi-region", - "service": "Spring Apps", - "severity": "Medium", - "text": "Azure Spring Apps instances could be created in multiple regions for your applications and traffic could be routed by Traffic Manager/Front Door.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AppPlatform/Spring", - "checklist": "Azure Spring Apps Review", - "guid": "ff1ae6a7-9301-4feb-9d11-56cd72f1d4ef", - "link": "https://learn.microsoft.com/azure/reliability/reliability-spring-apps", - "service": "Spring Apps", - "severity": "Medium", - "text": "In supported region, Azure Spring Apps can be deployed as zone redundant, which means that instances are automatically distributed across availability zones. This feature is only available in Standard and Enterprise tiers.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AppPlatform/Spring", - "checklist": "Azure Spring Apps Review", - "guid": "ffc735ad-fbb1-4802-b43f-ad6387c4c066", - "link": "https://learn.microsoft.com/azure/spring-apps/concept-understand-app-and-deployment", - "service": "Spring Apps", - "severity": "Medium", - "text": "Use more than 1 app instance for your apps", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AppPlatform/Spring", - "checklist": "Azure Spring Apps Review", - "guid": "7504c230-6035-4183-95a5-85762acc6075", - "link": "https://learn.microsoft.com/azure/spring-apps/diagnostic-services", - "service": "Spring Apps", - "severity": "Medium", - "text": "Monitor Azure Spring Apps with logs, metrics and tracing. Integrate ASA with application insights and track failures and create workbooks.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AppPlatform/Spring", - "checklist": "Azure Spring Apps Review", - "guid": "1eb48d58-3eec-4ef5-80b0-d2b0dde3f0c6", - "link": "https://learn.microsoft.com/azure/spring-apps/how-to-configure-enterprise-spring-cloud-gateway", - "service": "Spring Apps", - "severity": "Medium", - "text": "Set up autoscaling in Spring Cloud Gateway", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AppPlatform/Spring", - "checklist": "Azure Spring Apps Review", - "guid": "97411607-b6fd-4335-99d1-9885faf4e392", - "link": "https://learn.microsoft.com/azure/spring-apps/how-to-setup-autoscale", - "service": "Spring Apps", - "severity": "Low", - "text": "Enable autoscale for the apps with Standard consumption & dedicated plan.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.AppPlatform/Spring", - "checklist": "Azure Spring Apps Review", - "guid": "dfcaffd1-d27c-4ef2-998d-64c1df3a7ac3", - "link": "https://learn.microsoft.com/azure/spring-apps/overview", - "service": "Spring Apps", - "severity": "Medium", - "text": "Use Enterprise plan for commercial support of spring boot for mission critical apps. With other tiers you get OSS support.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Apply guidance from the Microsoft cloud security benchmark related to Storage", - "guid": "d237de14-3b16-4c21-b7aa-9b64604489a8", - "link": "https://learn.microsoft.com/security/benchmark/azure/baselines/storage-security-baseline", - "service": "Storage", - "severity": "Medium", - "text": "Consider the 'Azure security baseline for storage'", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Azure Storage by default has a public IP address and is Internet-reachable. Private endpoints allow to securely expose Azure Storage only to those Azure Compute resources that need access, thus eliminating exposure to the public Internet", - "graph": "resources | where type =~ 'Microsoft.Storage/StorageAccounts' | where isnull(properties.privateEndpointConnections) or properties.privateEndpointConnections[0].properties.provisioningState != ('Succeeded') or (isnull(properties.networkAcls) and properties.publicNetworkAccess == 'Enabled') | extend compliant = (isnotnull(properties.privateEndpointConnections) and properties.privateEndpointConnections[0].properties.provisioningState == 'Succeeded' and properties.publicNetworkAccess == 'Disabled') | distinct id, compliant", - "guid": "f42d78e7-9d17-4a73-a22a-5a67e7a8ed4b", - "link": "https://learn.microsoft.com/azure/storage/common/storage-private-endpoints", - "service": "Storage", - "severity": "High", - "text": "Consider using private endpoints for Azure Storage", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Newly created storage accounts are created using the ARM deployment model, so that RBAC, auditing etc. are all enabled. Ensure that there are no old storage accounts with classic deployment model in a subscription", - "guid": "30e37c3e-2971-41b2-963c-eee079b598de", - "link": "https://learn.microsoft.com/azure/virtual-machines/migration-classic-resource-manager-overview#migration-of-storage-accounts", - "service": "Storage", - "severity": "Medium", - "text": "Ensure older storage accounts are not using 'classic deployment model'", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Leverage Microsoft Defender to learn about suspicious activity and misconfigurations.", - "graph": "resources | where type =~ 'Microsoft.Storage/StorageAccounts' | project storageAccountId = id | join kind=leftouter (resourceContainers | where type == 'microsoft.security/pricings' | where name == 'StorageAccounts' | project resourceId = id, pricingTier = properties.pricingTier) on $left.storageAccountId == $right.resourceId | where isnull(pricingTier) or pricingTier != 'Standard' | extend compliant = false | distinct storageAccountId, compliant", - "guid": "fc5972cd-4cd2-41b0-a803-7f5e6b4bfd3d", - "link": "https://learn.microsoft.com/azure/storage/common/azure-defender-storage-configure", - "service": "Storage", - "severity": "High", - "text": "Enable Microsoft Defender for all of your storage accounts", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "The soft-delete mechanism allows to recover accidentally deleted blobs.", - "guid": "503547c1-447e-4c66-828a-7100f1ce16dd", - "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-blob-overview", - "service": "Storage", - "severity": "Medium", - "text": "Enable 'soft delete' for blobs", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Consider selectively disabling 'soft delete' for certain blob containers, for example if the application must ensure that deleted information is immediately deleted, e.g. for confidentiality, privacy or compliance reasons. ", - "guid": "3f1d5e87-2e52-4e36-81cc-58b4a4b1510e", - "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-blob-enable", - "service": "Storage", - "severity": "Medium", - "text": "Disable 'soft delete' for blobs", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Soft delete for containers enables you to recover a container after it has been deleted, for example recover from an accidental delete operation.", - "guid": "43a58a9c-2289-4c3d-9b57-d0c655462f2a", - "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-container-overview", - "service": "Storage", - "severity": "High", - "text": "Enable 'soft delete' for containers", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Consider selectively disabling 'soft delete' for certain blob containers, for example if the application must ensure that deleted information is immediately deleted, e.g. for confidentiality, privacy or compliance reasons. ", - "guid": "3e3453a3-c863-4964-ab65-2d6c15f51296", - "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-container-enable", - "service": "Storage", - "severity": "Medium", - "text": "Disable 'soft delete' for containers", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Prevents accidental deletion of a storage account, by forcing the user to first remove the deletion lock, prior to deletion", - "guid": "5398e6de-d227-4dd1-92b0-6c21d7999a64", - "link": "https://learn.microsoft.com/azure/storage/common/lock-account-resource", - "service": "Storage", - "severity": "High", - "text": "Enable resource locks on storage accounts", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Consider 'legal hold' or 'time-based retention' policies for blobs, so that is is impossible to delete the blob, the container, or the storage account. Please note that 'impossible' actually means 'impossible'; once a storage account contains an immutable blob, the only way to 'get rid' of that storage account is by cancelling the Azure subscription.", - "guid": "6f4389a8-f42c-478e-98c0-6a73a22a4956", - "link": "https://learn.microsoft.com/azure/storage/blobs/immutable-storage-overview", - "service": "Storage", - "severity": "High", - "text": "Consider immutable blobs", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Consider disabling unprotected HTTP/80 access to the storage account, so that all data transfers are encrypted, integrity protected, and the server is authenticated. ", - "graph": "resources | where type =~ 'Microsoft.Storage/StorageAccounts' | extend compliant = (properties.supportsHttpsTrafficOnly == false) | distinct id, compliant", - "guid": "e7a8dc4a-20e2-47c3-b297-11b1352beee0", - "link": "https://learn.microsoft.com/azure/storage/common/storage-require-secure-transfer", - "service": "Storage", - "severity": "High", - "text": "Require HTTPS, i.e. disable port 80 on the storage account", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "When configuring a custom domain (hostname) on a storage account, check whether you need TLS/HTTPS; if so, you might have to put Azure CDN in front of your storage account.", - "guid": "79b588de-fc49-472c-b3cd-21bf77036e5e", - "link": "https://learn.microsoft.com/azure/storage/blobs/storage-custom-domain-name", - "service": "Storage", - "severity": "High", - "text": "When enforcing HTTPS (disabling HTTP), check that you do not use custom domains (CNAME) for the storage account.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Requiring HTTPS when a client uses a SAS token to access blob data helps to minimize the risk of credential loss.", - "guid": "6b4bed3d-5035-447c-8347-dc56028a71ff", - "link": "https://learn.microsoft.com/azure/storage/common/storage-sas-overview", - "service": "Storage", - "severity": "Medium", - "text": "Limit shared access signature (SAS) tokens to HTTPS connections only", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": ". Enforcing the latest TLS version will reject request from clients using the older version. ", - "graph": "resources | where type == 'microsoft.storage/storageaccounts' | extend compliant = (isnull(properties.minimumTlsVersion) == false and properties.minimumTlsVersion in ('TLS1_2', 'TLS1_3')) | distinct id, compliant", - "guid": "e12be569-a18f-4562-8d5d-ce151b9e7d55", - "link": "https://learn.microsoft.com/azure/storage/common/transport-layer-security-configure-minimum-version", - "service": "Storage", - "severity": "High", - "text": "Enforce the latest TLS version for a storage account", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Microsoft Entra ID tokens should be favored over shared access signatures, wherever possible", - "guid": "e1ce15dd-3f0d-45e7-92d4-1e3611cc57b4", - "link": "https://learn.microsoft.com/azure/storage/common/authorize-data-access", - "service": "Storage", - "severity": "High", - "text": "Use Microsoft Entra ID tokens for blob access", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "When assigning a role to a user, group, or application, grant that security principal only those permissions that are necessary for them to perform their tasks. Limiting access to resources helps prevent both unintentional and malicious misuse of your data.", - "guid": "a4b1410d-4395-48a8-a228-9b3d6b57cfc6", - "service": "Storage", - "severity": "Medium", - "text": "Least privilege in IaM permissions", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "A user delegation SAS is secured with Azure Active Directory (Azure AD) credentials and also by the permissions specified for the SAS. A user delegation SAS is analogous to a service SAS in terms of its scope and function, but offers security benefits over the service SAS. ", - "guid": "55461e1a-3e34-453a-9c86-39648b652d6c", - "link": "https://learn.microsoft.com/azure/storage/common/storage-sas-overview?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json#best-practices-when-using-sas", - "service": "Storage", - "severity": "High", - "text": "When using SAS, prefer 'user delegation SAS' over storage-account-key based SAS.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Storage account keys ('shared keys') have very little audit capabilities. While it can be monitored on who/when fetched a copy of the keys, once the keys are in the hands of multiple people, it is impossible to attribute usage to a specific user. Solely relying on Entra ID authentication makes it easier to tie storage access to a user. ", - "graph": "resources | where type == 'microsoft.storage/storageaccounts' | extend allowSharedKeyAccess = tostring(properties.allowSharedKeyAccess) | extend compliant = (isnotempty(allowSharedKeyAccess) and allowSharedKeyAccess == 'false') | distinct id, compliant", - "guid": "15f51296-5398-4e6d-bd22-7dd142b06c21", - "link": "https://learn.microsoft.com/rest/api/storageservices/authorize-with-shared-key", - "service": "Storage", - "severity": "High", - "text": "Consider disabling storage account keys, so that only Microsoft Entra ID access (and user delegation SAS) is supported.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Use Activity Log data to identify 'when', 'who', 'what' and 'how' the security of your storage account is being viewed or changed (i.e. storage account keys, access policies, etc.).", - "guid": "d7999a64-6f43-489a-af42-c78e78c06a73", - "link": "https://learn.microsoft.com/azure/storage/blobs/blob-storage-monitoring-scenarios#audit-account-activity", - "service": "Storage", - "severity": "High", - "text": "Consider using Azure Monitor to audit control plane operations on the storage account", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "A key expiration policy enables you to set a reminder for the rotation of the account access keys. The reminder is displayed if the specified interval has elapsed and the keys have not yet been rotated.", - "guid": "a22a4956-e7a8-4dc4-a20e-27c3e29711b1", - "link": "https://learn.microsoft.com/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#create-a-key-expiration-policy", - "service": "Storage", - "severity": "Medium", - "text": "When using storage account keys, consider enabling a 'key expiration policy'", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "A SAS expiration policy specifies a recommended interval over which the SAS is valid. SAS expiration policies apply to a service SAS or an account SAS. When a user generates service SAS or an account SAS with a validity interval that is larger than the recommended interval, they'll see a warning.", - "guid": "352beee0-79b5-488d-bfc4-972cd3cd21bf", - "link": "https://learn.microsoft.com/azure/storage/common/sas-expiration-policy", - "service": "Storage", - "severity": "Medium", - "text": "Consider configuring an SAS expiration policy", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Stored access policies give you the option to revoke permissions for a service SAS without having to regenerate the storage account keys. ", - "guid": "77036e5e-6b4b-4ed3-b503-547c1347dc56", - "link": "https://learn.microsoft.com/rest/api/storageservices/define-stored-access-policy", - "service": "Storage", - "severity": "Medium", - "text": "Consider linking SAS to a stored access policy", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "guid": "028a71ff-e1ce-415d-b3f0-d5e772d41e36", - "link": "https://microsoft.github.io/code-with-engineering-playbook/continuous-integration/dev-sec-ops/secret-management/recipes/detect-secrets-ado/", - "service": "Storage", - "severity": "Medium", - "text": "Consider configuring your application's source code repository to detect checked-in connection strings and storage account keys.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Ideally, your application should be using a managed identity to authenticate to Azure Storage. If that is not possible, consider having the storage credential (connection string, storage account key, SAS, service principal credential) in Azure KeyVault or an equivalent service.", - "guid": "11cc57b4-a4b1-4410-b439-58a8c2289b3d", - "link": "https://learn.microsoft.com/azure/architecture/framework/security/design-storage-keys", - "service": "Storage", - "severity": "High", - "text": "Consider storing connection strings in Azure KeyVault (in scenarios where managed identities are not possible)", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Use near-term expiration times on an ad hoc SAS service SAS or account SAS. In this way, even if a SAS is compromised, it's valid only for a short time. This practice is especially important if you cannot reference a stored access policy. Near-term expiration times also limit the amount of data that can be written to a blob by limiting the time available to upload to it.", - "guid": "27138b82-1102-4cac-9eae-01e6e842e52f", - "link": "https://learn.microsoft.com/rest/api/storageservices/delegate-access-with-shared-access-signature", - "service": "Storage", - "severity": "High", - "text": "Strive for short validity periods for ad-hoc SAS", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "When creating a SAS, be as specific and restrictive as possible. Prefer a SAS for a single resource and operation over a SAS which gives much broader access.", - "guid": "4721d928-c1b1-4cd5-81e5-4a29a9de399c", - "link": "https://learn.microsoft.com/rest/api/storageservices/delegate-access-with-shared-access-signature", - "service": "Storage", - "severity": "Medium", - "text": "Apply a narrow scope to a SAS", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "A SAS can include parameters on which client IP addresses or address ranges are authorized to request a resource using the SAS. ", - "guid": "fd7b28dc-9355-4562-82bf-e4564b0d834a", - "link": "https://learn.microsoft.com/rest/api/storageservices/create-account-sas", - "service": "Storage", - "severity": "Medium", - "text": "Consider scoping SAS to a specific client IP address, wherever possible", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "A SAS cannot constrain how much data a client uploads; given the pricing model of amount of storage over time, it might make sense to validate whether clients uploaded maliciously large contents.", - "guid": "348b263e-6dd6-4051-8a36-498f6dbad38e", - "service": "Storage", - "severity": "Low", - "text": "Consider checking uploaded data, after clients used a SAS to upload a file. ", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "When accessing blob storage via SFTP using a 'local user account', the 'usual' RBAC controls do not apply. Blob access via NFS or REST might be more restrictive than SFTP access. Unfortunately, as of early 2023, local users are the only form of identity management that is currently supported for the SFTP endpoint", - "guid": "ad53cc7c-e1d7-4aaa-a357-1449ab8053d8", - "link": "https://learn.microsoft.com/azure/storage/blobs/secure-file-transfer-protocol-support#sftp-permission-model", - "service": "Storage", - "severity": "High", - "text": "SFTP: Limit the amount of 'local users' for SFTP access, and audit whether access is needed over time.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "guid": "9f89dc7b-33be-42a1-a27f-7b9e91be1f38", - "link": "https://learn.microsoft.com/azure/storage/blobs/secure-file-transfer-protocol-known-issues#authentication-and-authorization", - "service": "Storage", - "severity": "Medium", - "text": "SFTP: The SFTP endpoint does not support POSIX-like ACLs.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Storage supports CORS (Cross-Origin Resource Sharing), i.e. an HTTP feature that enables web apps from a different domain to loosen the same-origin policy. When enabling CORS, keep the CorsRules to the least privilege.", - "guid": "cef39812-bd46-43cb-aac8-ac199ebb91a3", - "link": "https://learn.microsoft.com/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services", - "service": "Storage", - "severity": "High", - "text": "Avoid overly broad CORS policies", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Data at rest is always encrypted server-side, and in addition might be encrypted client-side as well. Server-side encryption might happen using a platform-managed key (default) or customer-managed key. Client-side encryption might happen by either having the client supply an encryption/decryption key on a per-blob basis to Azure storage, or by completely handling encryption on the client-side. thus not relying on Azure Storage at all for confidentiality guarantees.", - "guid": "3d90cae2-cc88-4137-86f7-c0cbafe61464", - "link": "https://learn.microsoft.com/azure/storage/common/storage-service-encryption", - "service": "Storage", - "severity": "High", - "text": "Determine how data at rest should be encrypted. Understand the thread model for data.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "guid": "8dd457e9-2713-48b8-8110-2cac6eae01e6", - "link": "https://learn.microsoft.com/azure/storage/common/customer-managed-keys-overview?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json", - "service": "Storage", - "severity": "Medium", - "text": "Determine which/if platform encryption should be used.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "guid": "e842e52f-4721-4d92-ac1b-1cd521e54a29", - "link": "https://learn.microsoft.com/azure/storage/blobs/encryption-customer-provided-keys", - "service": "Storage", - "severity": "Medium", - "text": "Determine which/if client-side encryption should be used.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "description": "Anonymous access may present a security risk. We recommend that you disable anonymous access for optimal security. Disallowing anonymous access helps to prevent data breaches caused by undesired anonymous access.", - "graph": "resources | where type == 'microsoft.storage/storageaccounts' | extend compliant = (properties.allowBlobPublicAccess == 'false') | distinct id, compliant", - "guid": "659ae558-b937-4d49-a5e1-112dbd7ba012", - "link": "https://learn.microsoft.com/azure/storage/blobs/anonymous-read-access-configure?tabs=portal#allow-or-disallow-public-read-access-for-a-storage-account", - "service": "Storage", - "severity": "High", - "text": "Consider whether public blob anonymous access is needed, or whether it can be disabled for certain storage accounts. ", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "guid": "cb8eb8c0-aa62-4a25-a495-6eaa8dc4a243", - "link": "https://learn.microsoft.com/azure/storage/common/storage-account-upgrade?tabs=azure-portal", - "service": "Storage", - "severity": "High", - "text": "Leverage a storagev2 account type for better performance and reliability", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "graph": "resources | where type =~ 'Microsoft.Storage/StorageAccounts' | extend compliant = (sku.name != 'Standard_LRS' and sku.name != 'Premium_LRS') | distinct id, compliant", - "guid": "e05bbe20-9d49-4fda-9777-8424d116785c", - "link": "https://learn.microsoft.com/azure/storage/common/storage-redundancy", - "service": "Storage", - "severity": "High", - "text": "Leverage GRS, ZRS or GZRS storage for the highest availability", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "guid": "2fa56c56-ad48-4408-be72-734c486ba280", - "link": "https://learn.microsoft.com/azure/storage/common/storage-disaster-recovery-guidance", - "service": "Storage", - "severity": "Medium", - "text": "For write operation after failover, use customer-Managed Failover ", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "guid": "dc0590cf-65de-48e1-909c-cbd579266bcc", - "link": "https://learn.microsoft.com/azure/storage/common/storage-disaster-recovery-guidance#microsoft-managed-failover", - "service": "Storage", - "severity": "Medium", - "text": "Understand Microsoft-Managed Failover details", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Azure Storage Review Checklist", - "guid": "a274faa1-abfe-49d5-9d04-c3c4919cb1b3", - "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-blob-enable?tabs=azure-portal", - "service": "Storage", - "severity": "Medium", - "text": "Enable Soft Delete", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Search/searchServices", - "checklist": "Cognitive Search Review Checklist", - "guid": "41faa1ed-b7f0-447d-8cba-4a4905e5bb83", - "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability", - "service": "Cognitive Search", - "severity": "High", - "text": "Enable 2 replicas to have 99.9% availability for read operations", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Search/searchServices", - "checklist": "Cognitive Search Review Checklist", - "guid": "7d956fd9-788a-4845-9b9f-c0340972d810", - "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability", - "service": "Cognitive Search", - "severity": "Medium", - "text": "Enable 3 replicas to have 99.9% availability for read/write operations", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Search/searchServices", - "checklist": "Cognitive Search Review Checklist", - "guid": "44dc5f2b-a032-4d03-aae8-90c3f2c0a4c3", - "link": "https://learn.microsoft.com/azure/search/search-reliability#availability-zone-support", - "service": "Cognitive Search", - "severity": "High", - "text": "Leverage Availability Zones by enabling read and/or write replicas", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Search/searchServices", - "checklist": "Cognitive Search Review Checklist", - "guid": "cd0730f0-0ff1-4b77-9a2b-2a1f7dd5e291", - "link": "https://learn.microsoft.com/azure/search/search-reliability#multiple-services-in-separate-geographic-regions", - "service": "Cognitive Search", - "severity": "Medium", - "text": "For regional redudancy, Manually create services in 2 or more regions for Search as it doesn't provide an automated method of replicating search indexes across geographic regions", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Search/searchServices", - "checklist": "Cognitive Search Review Checklist", - "guid": "3c964882-aec9-4d44-9f68-4b5f2efbbdb6", - "link": "https://learn.microsoft.com/azure/search/search-reliability#synchronize-data-across-multiple-services", - "service": "Cognitive Search", - "severity": "Medium", - "text": "To synchronize data across multiple services either Use indexers for updating content on multiple services or Use REST APIs for pushing content updates on multiple services", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Search/searchServices", - "checklist": "Cognitive Search Review Checklist", - "guid": "85ee93c9-f53c-4803-be51-e6e4aa37ff4e", - "link": "https://learn.microsoft.com/azure/search/search-reliability#use-azure-traffic-manager-to-coordinate-requests", - "service": "Cognitive Search", - "severity": "Medium", - "text": "Use Azure Traffic Manager to coordinate requests", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Search/searchServices", - "checklist": "Cognitive Search Review Checklist", - "guid": "7be10278-57c1-4a61-8ee3-895aebfec5aa", - "link": "https://learn.microsoft.com/azure/search/search-reliability#back-up-and-restore-alternatives", - "service": "Cognitive Search", - "severity": "High", - "text": "Backup and Restore an Azure Cognitive Search Index. Use this sample code to back up index definition and snapshot to a series of Json files", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Cognitive Services Review Checklist", - "guid": "21c30d25-ffb7-4f6a-b9ea-b3fec328f787", - "link": "https://github.com/Azure/fta-resiliencyplaybooks/blob/main/paas-foundations-playbooks-cog_svcs_v1.docx", - "service": "Cognitive Services", - "severity": "Medium", - "text": "Leverage FTA HandBook for Cognitive Services", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Cognitive Services Review Checklist", - "guid": "78c34698-16b2-4763-aefe-1b9b599de0d5", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/advanced-prompt-engineering?pivots=programming-language-chat-completions", - "service": "Cognitive Services", - "severity": "Medium", - "text": "Backup Your Prompts", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Cognitive Services Review Checklist", - "guid": "750ab2ab-039d-4a6d-95d7-c892adb107d5", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/business-continuity-disaster-recovery", - "service": "Cognitive Services", - "severity": "High", - "text": "Business Continuity and Disaster Recovery (BCDR) considerations with Azure OpenAI Service", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Cognitive Services Review Checklist", - "guid": "325af625-ca44-4e46-a5e2-223ace8bb123", - "link": "https://github.com/abacaj/chatgpt-backup#backup-your-chatgpt-conversations", - "service": "Cognitive Services", - "severity": "Medium", - "text": "Backup Your ChatGPT conversations", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Cognitive Services Review Checklist", - "guid": "07ca5f17-f154-4e3a-a369-2829e7e31618", - "link": "https://learn.microsoft.com/azure/ai-services/speech-service/how-to-custom-speech-continuous-integration-continuous-deployment", - "service": "Cognitive Services", - "severity": "Medium", - "text": "CI/CD for custom speech", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.CognitiveServices/accounts", - "checklist": "Cognitive Services Review Checklist", - "guid": "3687a046-7a1f-4893-9bda-43324f248116", - "link": "https://learn.microsoft.com/azure/ai-services/qnamaker/tutorials/export-knowledge-base", - "service": "Cognitive Services", - "severity": "Low", - "text": "Move a knowledge base using export-import", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.App/containerApps", - "checklist": "Container Apps Review", - "guid": "af416482-663c-4ed6-b195-b44c7068e09c", - "link": "https://learn.microsoft.com/azure/reliability/reliability-azure-container-apps?tabs=azure-cli#availability-zone-support", - "query": "resources | where type =~ 'Microsoft.App/managedEnvironments' | project name, resourceGroup, location, zoneRedundancy = tolower(tostring(properties.zoneRedundant)) | extend Compliance = iff(zoneRedundancy == 'true', true, false)", - "service": "Container Apps", - "severity": "High", - "text": "Leverage Availability Zones if regionally applicable", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.App/containerApps", - "checklist": "Container Apps Review", - "guid": "95bc80ec-6499-4d14-a7d2-7d296b1d8abc", - "link": "https://learn.microsoft.com/azure/reliability/reliability-azure-container-apps?tabs=azure-cli#set-up-zone-redundancy-in-your-container-apps-environment", - "query": "resources | where type =~ 'Microsoft.App/containerApps' | project name, resourceGroup, location, minReplicas = toint(properties.template.scale.minReplicas), maxReplicas = toint(properties.template.scale.maxReplicas) | extend Compliance = iff(minReplicas >= 1, true, false)", - "service": "Container Apps", - "severity": "High", - "text": "Use more than one replica and enable Zone Redundancy.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.App/containerApps", - "checklist": "Container Apps Review", - "guid": "ccaa4fc2-fdbc-4432-8bb7-f7e6469e4dc3", - "link": "https://learn.microsoft.com/azure/reliability/reliability-azure-container-apps?tabs=azure-cli#cross-region-disaster-recovery-and-business-continuity", - "service": "Container Apps", - "severity": "High", - "text": "For cross-region DR, deploy container apps in multiple regions and follow active/active or active/passive application guidance.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.App/containerApps", - "checklist": "Container Apps Review", - "guid": "2ffada86-c031-4933-bf7d-0c45bc4e5919", - "link": "https://learn.microsoft.com/azure/reliability/reliability-azure-container-apps?tabs=azure-cli#cross-region-disaster-recovery-and-business-continuity", - "service": "Container Apps", - "severity": "High", - "text": "Use Front Door or Traffic Manager to route traffic to the closest region", - "waf": "Reliability" - }, { "arm-service": "microsoft.documentdb/databaseAccounts", "checklist": "CosmosDB Review Checklist", @@ -7366,501 +11994,74 @@ "waf": "Reliability" }, { - "arm-service": "Microsoft.Insights/components", - "checklist": "Cost Optimization Checklist", - "guid": "a95b86ad-8840-48e3-9273-4b875ba18f20", - "link": "https://learn.microsoft.com/azure/architecture/guide/multitenant/considerations/tenancy-models", - "service": "Monitor", + "arm-service": "Microsoft.DBforPostgreSQL/servers", + "checklist": "PostgreSQL Review Checklist", + "guid": "65285269-441c-44bf-9d3e-0844276d4bdc", + "link": "https://learn.microsoft.com/azure/postgresql/flexible-server/overview", + "service": "PostgreSQL", "severity": "Medium", - "text": "Data collection rules in Azure Monitor -https://learn.microsoft.com/azure/azure-monitor/essentials/data-collection-rule-overview", - "training": "https://azure.microsoft.com/pricing/reservations/", - "waf": "Cost" + "text": "Leverage Flexible Server", + "waf": "Reliability" }, { - "arm-service": "Microsoft.RecoveryServices/vaults", - "checklist": "Cost Optimization Checklist", - "guid": "45901365-d38e-443f-abcb-d868266abca2", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/multi-tenant/automation", - "service": "Backup", - "severity": "Medium", - "text": "check backup instances with the underlying datasource not found", - "waf": "Cost" + "arm-service": "Microsoft.DBforPostgreSQL/servers", + "checklist": "PostgreSQL Review Checklist", + "guid": "016ccf31-ae5a-41eb-9888-9535e227896d", + "link": "https://learn.microsoft.com/azure/postgresql/flexible-server/overview#architecture-and-high-availability", + "service": "PostgreSQL", + "severity": "High", + "text": "Leverage Availability Zones where regionally applicable", + "waf": "Reliability" }, { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "guid": "64f9a19a-f29c-495d-94c6-c7919ca0f6c5", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/multi-tenant/lighthouse", - "service": "VM", + "arm-service": "Microsoft.DBforPostgreSQL/servers", + "checklist": "PostgreSQL Review Checklist", + "guid": "31b67c67-be59-4519-8083-845d587cb391", + "link": "https://learn.microsoft.com/azure/postgresql/single-server/concepts-business-continuity#cross-region-read-replicas", + "service": "PostgreSQL", "severity": "Medium", - "text": "Delete or archive unassociated services (disks, nics, ip addresses etc)", - "waf": "Cost" + "text": "Leverage cross-region read replicas for BCDR", + "waf": "Reliability" }, { - "arm-service": "Microsoft.RecoveryServices/vaults", - "checklist": "Cost Optimization Checklist", - "guid": "69bad37a-ad53-4cc7-ae1d-76667357c449", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-microsoft-customer-agreement#design-recommendations", - "service": "Backup", - "severity": "Medium", - "text": "Consider a good balance between site recovery storage and backup for non mission critical applications", - "waf": "Cost" + "arm-service": "Microsoft.Devices/deviceUpdateServices", + "checklist": "Device Update Review", + "guid": "0e03f5ee-4648-423c-bb86-7239480f9171", + "link": "https://learn.microsoft.com/en-us/azure/iot-dps/iot-dps-ha-dr#high-availability", + "service": "Device Update for IoT Hub", + "severity": "High", + "text": "Leverage Availability Zones if regionally applicable (this is automatically enabled).", + "waf": "Reliability" }, { - "arm-service": "Microsoft.Insights/components", - "checklist": "Cost Optimization Checklist", - "guid": "674b5ed8-5a85-49c7-933b-e2a1a27b765a", - "link": "https://learn.microsoft.com/azure/cost-management-billing/manage/direct-ea-administration#manage-notification-contacts", - "service": "Monitor", - "severity": "Medium", - "text": "Check spending and savings opportunities among the 40 different log analytics workspaces- use different retention and data collection for nonprod workspaces-create daily cap for awareness and tier sizing - If you do set a daily cap, in addition to creating an alert when the cap is reached,ensure that you also create an alert rule to be notified when some percentage has been reached (90% for example). - consider workspace transformation if possible - https://learn.microsoft.com/azure/azure-monitor/essentials/data-collection-transformations#workspace-transformation-dcr ", - "training": "https://learn.microsoft.com/azure/cost-management-billing/costs/understand-work-scopes", - "waf": "Cost" + "arm-service": "Microsoft.Devices/deviceUpdateServices", + "checklist": "Device Update Review", + "guid": "c0c273bd-00ad-419a-9f2f-fc72fb181e55", + "link": "https://learn.microsoft.com/en-us/azure/iot-dps/iot-dps-ha-dr#high-availability", + "service": "Device Update for IoT Hub", + "severity": "High", + "text": "Be aware of Microsoft-initiated failovers. These are exercised by Microsoft in rare situations to fail over all the DPS instances from an affected region to the corresponding geo-paired region.", + "waf": "Reliability" }, { - "arm-service": "Microsoft.Insights/components", - "checklist": "Cost Optimization Checklist", - "guid": "91be1f38-8ef3-494c-8bd4-63cbbac75819", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-enterprise-agreement#design-considerations", - "service": "Monitor", - "severity": "Medium", - "text": "Enforce a purging log policy and automation (if needed, logs can be moved to cold storage)", - "training": "https://www.youtube.com/watch?v=nHQYcYGKuyw", - "waf": "Cost" + "arm-service": "Microsoft.Devices/deviceUpdateServices", + "checklist": "Device Update Review", + "guid": "3af8abe6-07eb-4287-b393-6c4abe3702eb", + "link": "https://learn.microsoft.com/en-us/azure/logic-apps/business-continuity-disaster-recovery-guidance?toc=%2Fazure%2Freliability%2Ftoc.json&bc=%2Fazure%2Freliability%2Fbreadcrumb%2Ftoc.json", + "service": "Device Update for IoT Hub", + "severity": "High", + "text": "Consider a Cross-Region DR strategy for critical workloads", + "waf": "Reliability" }, { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "guid": "6aae01e6-a84d-4e5d-b36d-1d92881a1bd5", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-enterprise-agreement#design-considerations", - "service": "VM", - "severity": "Medium", - "text": "Check that the disks are really needed, if not: delete. If they are needed, find lower storage tiers or use backup -", - "training": "https://learn.microsoft.com/azure/cost-management-billing/costs/manage-automation", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Cost Optimization Checklist", - "guid": "d1e44a19-659d-4395-afd7-7289b835556d", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/azure-billing-enterprise-agreement#design-considerations", - "service": "Storage", - "severity": "Medium", - "text": "Consider moving unused storage to lower tier, with customized rule - https://learn.microsoft.com/azure/storage/blobs/lifecycle-management-policy-configure ", - "training": "https://learn.microsoft.com/azure/cost-management-billing/costs/enable-tag-inheritance", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "guid": "d0102cac-6aae-401e-9a84-de5de36d1d92", - "link": "https://learn.microsoft.com/azure/governance/policy/overview", - "service": "VM", - "severity": "Medium", - "text": "Make sure advisor is configured for VM right sizing ", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "description": "check by searching the Meter Category Licenses in the Cost analysys", - "guid": "59ae568b-a38d-4498-9e22-13dbd7bb012f", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/manage/centralize-operations", - "service": "VM", - "severity": "Medium", - "text": "run the script on all windows VMs https://learn.microsoft.com/azure/virtual-machines/windows/hybrid-use-benefit-licensing?ref=andrewmatveychuk.com#convert-an-existing-vm-using-azure-hybrid-benefit-for-windows-server- consider implementing a policy if windows VMs are created frequently", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "guid": "7b95e06e-158e-42ea-9992-c2de6e2065b3", - "link": "https://learn.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure", - "service": "VM", - "severity": "Medium", - "text": " this can be also put under AHUB if you already have licenses https://learn.microsoft.com/azure/virtual-machines/linux/azure-hybrid-benefit-linux?tabs=rhelpayg%2Crhelbyos%2CrhelEnablebyos%2Crhelcompliance", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "guid": "75c1e945-b459-4837-bf7a-e7c6d3b475a5", - "link": "https://learn.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal", - "service": "VM", - "severity": "Medium", - "text": "Consolidate reserved VM families with flexibility option (no more than 4-5 families)", - "training": "https://learn.microsoft.com/azure/automation/automation-solution-vm-management", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "guid": "c7acbe49-bbe6-44dd-a9f2-e87778468d55", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access#prerequisites-for-a-landing-zone---design-recommendations", - "service": "VM", - "severity": "Medium", - "text": "Utilize Azure Reserved Instances: This feature allows you to reserve VMs for a period of 1 or 3 years, providing significant cost savings compared to PAYG prices.", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "guid": "a6bcca2b-4fea-41db-b3dd-95d48c7c891d", - "link": "https://learn.microsoft.com/azure/active-directory-domain-services/overview", - "service": "VM", - "severity": "Medium", - "text": "Only larger disks can be reserved => 1 TiB -", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "guid": "cb1f7d57-59ae-4568-aa38-d4985e2213db", - "link": "https://learn.microsoft.com/azure/architecture/reference-architectures/identity/adds-extend-domain", - "service": "VM", - "severity": "Medium", - "text": "After the right-sizing optimization", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Sql/servers", - "checklist": "Cost Optimization Checklist", - "guid": "d7bb012f-7b95-4e06-b158-e2ea3992c2de", - "link": "https://learn.microsoft.com/azure/active-directory/app-proxy/application-proxy", - "service": "SQL", - "severity": "Medium", - "text": "Check if applicable and enforce policy/change https://learn.microsoft.com/azure/azure-sql/azure-hybrid-benefit?view=azuresql&tabs=azure-portalhttps://learn.microsoft.com/azure/cost-management-billing/scope-level/create-sql-license-assignments?source=recommendations", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "guid": "6e2065b3-a76a-4f4a-991e-8839ada46667", - "link": "https://learn.microsoft.com/azure/active-directory/roles/best-practices", - "service": "VM", - "severity": "Medium", - "text": "The VM + license part discount (ahub + 3YRI) is around 70% discount", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "guid": "ccbd9792-a6bc-4ca2-a4fe-a1dbf3dd95d4", - "link": "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-best-practices#send-logs-to-microsoft-sentinel", - "service": "VM", - "severity": "Medium", - "text": "Consider using a VMSS to match demand rather than flat sizing", - "waf": "Cost" - }, - { - "arm-service": "microsoft.containerservice/managedClusters", - "checklist": "Cost Optimization Checklist", - "guid": "c1b1cd52-1e54-4a29-a9de-39ac0e7c28dc", - "link": "https://learn.microsoft.com/azure/reliability/cross-region-replication-azure", - "service": "AKS", - "severity": "Medium", - "text": "Use AKS autoscaler to match your clusters usage (make sure the pods requirements match the scaler)", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.RecoveryServices/vaults", - "checklist": "Cost Optimization Checklist", - "guid": "44be3b1a-27f8-4b9e-a1be-1f38df03a822", - "link": "https://learn.microsoft.com/azure/azure-monitor/logs/data-retention-archive?tabs=portal-1%2Cportal-2#how-retention-and-archiving-work", - "service": "Backup", - "severity": "Medium", - "text": "Move recovery points to vault-archive where applicable (Validate)", - "training": "https://azure.microsoft.com/pricing/reservations/", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Databricks/workspaces", - "checklist": "Cost Optimization Checklist", - "guid": "cd463cbb-bc8a-4c29-aebc-91a43da1dae2", - "link": "https://learn.microsoft.com/azure/databricks/clusters/cluster-config-best-practices#automatic-termination", - "service": "Databricks", - "severity": "Medium", - "text": "Consider using Spot VMs with fallback where possible. Consider autotermination of clusters.", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Cost Optimization Checklist", - "guid": "cc881470-607c-41cc-a0e6-14658dd458e9", - "link": "https://learn.microsoft.com/azure/governance/policy/how-to/guest-configuration-create", - "service": "Functions", - "severity": "Medium", - "text": "Functions - Reuse connections", - "training": "https://learn.microsoft.com/azure/cost-management-billing/reservations/reservation-apis?toc=%2Fazure%2Fcost-management-billing%2Ftoc.json", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Cost Optimization Checklist", - "guid": "27139b82-1102-4dbd-9eaf-11e6f843e52f", - "link": "https://learn.microsoft.com/azure/automation/update-management/overview", - "service": "Functions", - "severity": "Medium", - "text": "Functions - Cache data locally", - "training": "https://learn.microsoft.com/learn/paths/azure-administrator-manage-compute-resources/", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Cost Optimization Checklist", - "guid": "4722d928-c1b1-4cd5-81e5-4a29b9de39ac", - "link": "https://learn.microsoft.com/azure/network-watcher/network-watcher-monitoring-overview", - "service": "Functions", - "severity": "Medium", - "text": "Functions - Cold starts-Use the 'Run from package' functionality. This way, the code is downloaded as a single zip file. This can, for example, result in significant improvements with Javascript functions, which have a lot of node modules.Use language specific tools to reduce the package size, for example, tree shaking Javascript applications.", - "training": "https://learn.microsoft.com/learn/modules/configure-network-watcher/", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Cost Optimization Checklist", - "guid": "0e7c28dc-9366-4572-82bf-f4564b0d934a", - "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/lock-resources?tabs=json", - "service": "Functions", - "severity": "Medium", - "text": "Functions - Keep your functions warm", - "training": "https://learn.microsoft.com/learn/paths/implement-resource-mgmt-security/", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Cost Optimization Checklist", - "guid": "359c363e-7dd6-4162-9a36-4a907ebae38e", - "link": "https://learn.microsoft.com/azure/governance/policy/overview", - "service": "Functions", - "severity": "Medium", - "text": "When using autoscale with different functions, there might be one driving all the autoscale for all the resources - consider moving it to a separate consumption plan (and consider higher plan for CPU)", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Cost Optimization Checklist", - "guid": "ad53cc7d-e2e8-4aaa-a357-1549ab9153d8", - "link": "https://learn.microsoft.com/azure/service-health/alerts-activity-log-service-notifications-portal", - "service": "Functions", - "severity": "Medium", - "text": "Function apps in a given plan are all scaled together, so any issues with scaling can affect all apps in the plan.", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Cost Optimization Checklist", - "guid": "9f89dc7b-44be-43b1-a27f-8b9e91be1f38", - "link": "https://learn.microsoft.com/azure/azure-monitor/alerts/action-groups", - "service": "Functions", - "severity": "Medium", - "text": "Am I billed for 'await time'? This question is typically asked in the context of a C# function that does an async operation and waits for the result, e.g. await Task.Delay(1000) or await client.GetAsync('http://google.com'). The answer is yes - the GB second calculation is based on the start and end time of the function and the memory usage over that period. What actually happens over that time in terms of CPU activity is not factored into the calculation.One exception to this rule is if you are using durable functions. You are not billed for time spent at awaits in orchestrator functions.apply demand shaping techinques where possible (dev environments?) https://github.com/Azure-Samples/functions-csharp-premium-scaler", - "waf": "Cost" - }, - { - "arm-service": "microsoft.network/frontdoors", - "checklist": "Cost Optimization Checklist", - "guid": "3da1dae2-cc88-4147-8607-c1cca0e61465", - "link": "https://learn.microsoft.com/azure/azure-monitor/logs/design-logs-deployment", - "service": "Front Door", - "severity": "Medium", - "text": "Frontdoor - Turn off the default homepageIn the application settings of your App, set AzureWebJobsDisableHomepage to true. This will return a 204 (No Content) to the PoP so only header data is returned.", - "waf": "Cost" - }, - { - "arm-service": "microsoft.network/frontdoors", - "checklist": "Cost Optimization Checklist", - "guid": "8dd458e9-2713-49b8-8110-2dbd6eaf11e6", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-setup-guide/monitoring-reporting?tabs=AzureMonitor", - "service": "Front Door", - "severity": "Medium", - "text": "Frontdoor - Route to something that returns nothing. Either set up a Function, Function Proxy, or add a route in your WebApp that returns 200 (OK) and sends no or minimal content. The advantage of this is you will be able to log out when it is called.", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Cost Optimization Checklist", - "guid": "7e31c67d-68cf-46a6-8a11-94956d697dc3", - "link": "https://learn.microsoft.com/azure/architecture/best-practices/monitoring", - "service": "Storage", - "severity": "Medium", - "text": "Consider archiving tiers for less used data", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "guid": "a2ed27b2-d186-4f1a-8252-bddde68a487c", - "link": "https://learn.microsoft.com/azure/automation/how-to/region-mappings", - "service": "VM", - "severity": "Medium", - "text": "Check disk sizes where the size does not match the tier (i.e. A 513 GiB disk will pay a P30 (1TiB) and consider resizing", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Cost Optimization Checklist", - "guid": "dec4861b-c3bc-410a-b77e-26e4d5a3bec2", - "link": "https://learn.microsoft.com/azure/governance/policy/concepts/guest-configuration", - "service": "Storage", - "severity": "Medium", - "text": "Consider using standard SSD rather than Premium or Ultra where possible", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Cost Optimization Checklist", - "guid": "c4e2436b-1336-4db5-9f17-960eee0bdf5c", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/management-operational-compliance#monitoring-for-configuration-drift", - "service": "Storage", - "severity": "Medium", - "text": "For storage accounts, make sure that the chosen tier is not adding up transaction charges (it might be cheaper to move to the next tier)", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.RecoveryServices/vaults", - "checklist": "Cost Optimization Checklist", - "guid": "c2efc5d7-61d4-41d2-900b-b47a393a040f", - "link": "https://learn.microsoft.com/azure/site-recovery/site-recovery-overview", - "service": "Site Recovery", - "severity": "Medium", - "text": "For ASR, consider using Standard SSD disks if the RPO/RTO and replication throughput allow it", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Cost Optimization Checklist", - "guid": "d3294798-b118-48b2-a5a4-6ceb544451e1", - "link": "https://learn.microsoft.com/azure/architecture/framework/resiliency/backup-and-recovery", - "service": "Storage", - "severity": "Medium", - "text": "Storage accounts: check hot tier and/or GRS necessary", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "guid": "92d34429-3c76-4286-97a5-51c5b04e4f18", - "link": "https://learn.microsoft.com/azure/backup/backup-center-overview", - "service": "VM", - "severity": "Medium", - "text": "Disks - validate use of Premium SSD disks everywhere: for example, non-prod could swap to Standard SSD or on-demand Premium SSD ", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Cost Optimization Checklist", - "guid": "54387e5c-ed12-46cd-832a-f5b2fc6998a5", - "link": "https://learn.microsoft.com/azure/reliability/availability-zones-overview", - "service": "Synapse", - "severity": "Medium", - "text": "Create budgets to manage costs and create alerts that automatically notify stakeholders of spending anomalies and overspending risks.", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Cost Optimization Checklist", - "guid": "35e33789-7e31-4c67-b68c-f6a62a119495", - "link": "https://learn.microsoft.com/azure/virtual-machines/availability", - "service": "Synapse", - "severity": "Medium", - "text": "Export cost data to a storage account for additional data analysis.", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Cost Optimization Checklist", - "guid": "6d697dc3-a2ed-427b-8d18-6f1a1252bddd", - "link": "https://learn.microsoft.com/azure/load-balancer/load-balancer-overview", - "service": "Synapse", - "severity": "Medium", - "text": "Control costs for a dedicated SQL pool by pausing the resource when it is not in use.", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Cost Optimization Checklist", - "guid": "e68a487c-dec4-4861-ac3b-c10ae77e26e4", - "link": "https://learn.microsoft.com/azure/virtual-machine-scale-sets/overview", - "service": "Synapse", - "severity": "Medium", - "text": "Enable the serverless Apache Spark automatic pause feature and set your timeout value accordingly.", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Cost Optimization Checklist", - "guid": "d5a3bec2-c4e2-4436-a133-6db55f17960e", - "link": "https://learn.microsoft.com/azure/frontdoor/best-practices#use-latest-version-for-customer-managed-certificates", - "service": "Synapse", - "severity": "Medium", - "text": "Create multiple Apache Spark pool definitions of various sizes.", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Cost Optimization Checklist", - "guid": "ee0bdf5c-c2ef-4c5d-961d-41d2500bb47a", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups#management-groups-in-the-azure-landing-zone-accelerator", - "service": "Synapse", - "severity": "Medium", - "text": "Purchase Azure Synapse commit units (SCU) for one year with a pre-purchase plan to save on your Azure Synapse Analytics costs.", - "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "guid": "393a040f-d329-4479-ab11-88b2c5a46ceb", - "link": "https://learn.microsoft.com/azure/application-gateway/overview-v2", - "service": "VM", - "severity": "Medium", - "text": "Use Spot VMs for interruptible jobs: These are VMs that can be bid on and purchased at a discounted price, providing a cost-effective solution for non-critical workloads.", - "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "guid": "544451e1-92d3-4442-a3c7-628637a551c5", - "link": "https://learn.microsoft.com/azure/load-balancer/load-balancer-overview", - "service": "VM", - "severity": "Medium", - "text": "Right-sizing all VMs", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "guid": "b04e4f18-5438-47e5-aed1-26cd032af5b2", - "link": "https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet", - "service": "VM", - "severity": "Medium", - "text": "Swap VM sized with normalized and most recent sizes", - "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "guid": "fc6998a5-35e3-4378-a7e3-1c67d68cf6a6", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview", - "service": "VM", - "severity": "Medium", - "text": "right-sizing VMs - start with monitoring usage below 5% and then work up to 40%", - "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", - "waf": "Cost" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Cost Optimization Checklist", - "guid": "2a119495-6d69-47dc-9a2e-d27b2d186f1a", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview", - "service": "VM", - "severity": "Medium", - "text": "Containerizing an application can improve VM density and save money on scaling it", - "training": "https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/", - "waf": "Cost" + "arm-service": "Microsoft.Devices/deviceUpdateServices", + "checklist": "Device Update Review", + "guid": "bd91245c-fe32-4e98-a085-794a40f4bfe1", + "link": "https://learn.microsoft.com/en-us/azure/app-service/environment/intro", + "service": "Device Update for IoT Hub", + "severity": "High", + "text": "If deploying to an Isolated environment, use or migrate to App Service Environment (ASE) v3", + "waf": "Reliability" }, { "arm-service": "Microsoft.DataFactory/datafactories", @@ -7964,1252 +12165,6 @@ "text": "Use Databricks Migration tools", "waf": "Reliability" }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Data Security review checklist", - "description": "Restrict the use of local authentication methods for data plane access. Instead, use Microsoft Entra ID as the default authentication method to control your data plane access.", - "guid": "32d41e36-11c8-417b-8afb-c410d4391898", - "service": "Synapse Analytics", - "severity": "High", - "text": "Restrict use of local users on sql workloads on Synapse", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Data Security review checklist", - "description": "No additional configurations are required as this is enabled on a default deployment.", - "guid": "21d41d25-00c8-417b-b9ea-c41fd3390798", - "link": "https://learn.microsoft.com/azure/event-hubs/transport-layer-security-configure-minimum-version", - "service": "Event Hubs", - "severity": "Medium", - "text": "Encrypt sensitive data in transit", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Data Security review checklist", - "description": "Use Microsoft Entra ID as the default authentication method to control your data plane access.", - "guid": "cd289bed-6b17-4cb8-8454-61e1aee3453a", - "link": "https://learn.microsoft.com/azure/synapse-analytics/synapse-service-identity?context=%2Fazure%2Fsynapse-analytics%2Fcontext%2Fcontext", - "service": "Synapse Analytics", - "severity": "Medium", - "text": "Use managed identity to authenticate to the services", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Data Security review checklist", - "guid": "bc288bec-6a17-4ca7-8444-51e1add3452a", - "service": "Event Hubs", - "severity": "Medium", - "text": "Enable data at rest encryption by default", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Data Security review checklist", - "description": "If not required for routine administrative operations, disable or restrict any local admin accounts for only emergency use.", - "guid": "ec823923-7a15-42d6-ac5e-402925388e5d", - "service": "Synapse Analytics", - "severity": "High", - "text": "Separate and limit highly privileged/administrative users and enable MFA and conditional policies", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Data Security review checklist", - "description": "Use Keyvaults to store your CMK", - "guid": "ec723923-7a15-41c5-ab5e-401915387e5c", - "link": "https://learn.microsoft.com/azure/event-hubs/configure-customer-managed-key?tabs=Key-Vault", - "service": "Event Hubs", - "severity": "Medium", - "text": "Use customer-managed key option in data at rest encryption when required", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Data Security review checklist", - "description": "Azure Synapse also includes Synapse role-based access control (RBAC) roles to manage different aspects of Synapse Studio. Leverage these built-in roles to assign permissions to users, groups, or other security principals to manage who can Publish code artifacts and list or access published code artifacts,Execute code on Apache Spark pools and integration runtimes,Access linked (data) services that are protected by credentials,Monitor or cancel job executions, review job output and execution logs.", - "guid": "a9c27d9c-42bb-46cd-8c79-99a246f3389a", - "link": "https://learn.microsoft.com/azure/synapse-analytics/security/synapse-workspace-understand-what-role-you-need", - "service": "Synapse Analytics", - "severity": "Medium", - "text": "Use Azure RBAC to control access on storage and Synapse RBAC to control access on workspace level depending on the personas of the team to fine grain the access on data and compute", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Data Security review checklist", - "guid": "7f42c78e-78cb-46a2-8ad1-a0916e6a8d8f", - "link": "https://learn.microsoft.com/sql/relational-databases/security/row-level-security?view=sql-server-ver16&context=%2Fazure%2Fsynapse-analytics%2Fcontext%2Fcontext", - "service": "Synapse Analytics", - "severity": "Medium", - "text": "Implement RLS, CLS and data masking on sql workloads in dedicated sql pool to add additional layer of security", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Data Security review checklist", - "description": "When you create your Azure Synapse workspace, you can choose to associate it to a Microsoft Azure Virtual Network. The Virtual Network associated with your workspace is managed by Azure Synapse. This Virtual Network is called a Managed workspace Virtual Network. This can be selected when deploying a workspace", - "guid": "e2436b03-36db-455e-8796-0eee0bdf4cc2", - "link": "https://learn.microsoft.com/azure/synapse-analytics/security/synapse-workspace-managed-vnet?view=sql-server-ver16", - "service": "Synapse Analytics", - "severity": "Medium", - "text": "Use managed vnet workspace to restrict the access over public internet", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Data Security review checklist", - "description": "Use Microsoft Entra ID as the default authentication method.", - "guid": "a9c26d9c-42bb-45bd-8c69-99a246e3389a", - "service": "Event Hubs", - "severity": "High", - "text": "Use Microsoft Entra ID as the default authentication method and disable local access wherever possible", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Data Security review checklist", - "description": "To protect any sensitive data, it's recommended to disable public access to the workspace endpoints entirely. By doing so, it ensures all workspace endpoints can only be accessed using�private endpoints.", - "guid": "efc4d761-c31d-425f-bbb4-7a393a040ed3", - "link": "https://learn.microsoft.com/azure/synapse-analytics/security/synapse-workspace-managed-private-endpoints?view=sql-server-ver16", - "service": "Synapse Analytics", - "severity": "Medium", - "text": "Configure private endpoints to connect to the external services and disable public access", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Data Security review checklist", - "description": "Use Microsoft Entra ID as the default authentication method.", - "guid": "7e42c77d-78cb-46a2-8ad1-9f916e698d8f", - "service": "Event Hubs", - "severity": "Medium", - "text": "Use managed identity to authenticate to the services", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Data Security review checklist", - "description": "If public access needs to be enabled, it's highly recommended to configure the IP firewall rules to allow inbound connections only from the specified list of public IP addresses.", - "guid": "294798b1-178a-42c5-a46c-eb544350d092", - "link": "https://learn.microsoft.com/azure/synapse-analytics/security/synapse-workspace-ip-firewall", - "service": "Synapse Analytics", - "text": "If enabling public access highly recommended to configure IP firewall rules", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Data Security review checklist", - "guid": "adfe27bd-e187-401a-a352-baa9b68a088c", - "service": "Event Hubs", - "severity": "Medium", - "text": "Configure conditional access policies to restrict the access on Data plane", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Data Security review checklist", - "guid": "d234292b-7528-4537-a551-c5bf4e4f1854", - "link": "https://learn.microsoft.com/azure/data-factory/create-self-hosted-integration-runtime?tabs=data-factory", - "service": "Synapse Analytics", - "severity": "Medium", - "text": "Deploy SHIR VMs in your vnet if you are working with sensitive data that shouldn�t leave your corporate network", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Data Security review checklist", - "description": "Restrict exposure of keys and secerts", - "guid": "9a80822b-8eb9-4d1b-a77f-26e5e6beba8e", - "service": "Event Hubs", - "severity": "High", - "text": "Use Azure Key Vaults to store secrets and crendentials.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Data Security review checklist", - "description": "This can be done only when deploying the workspace, but Python libraries installed from public repositories like PyPI are not supported. (Think about the limitation before enabling it)", - "guid": "287d5cdc-126c-4c03-8af5-b1fc6898a535", - "link": "https://learn.microsoft.com/azure/synapse-analytics/security/how-to-create-a-workspace-with-data-exfiltration-protection", - "service": "Synapse Analytics", - "severity": "Medium", - "text": "Enable Data Exfiltration Protection (DEP)", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Data Security review checklist", - "guid": "d4f3437c-c336-4d81-9f27-a71efe1b9b5d", - "service": "Event Hubs", - "severity": "High", - "text": "Separate and limit highly privileged/administrative users", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Data Security review checklist", - "description": "When you create an Event Hubs namespace, a policy rule named RootManageSharedAccessKey is automatically created for the namespace. This policy has manage permissions for the entire namespace. It�s recommended that you treat this rule like an administrative root account and don�t use it in your application. You can create additional policy rules in the Configure tab for the namespace in the portal, via PowerShell or Azure CLI. Avoid the usage of local authentication methods or accounts, these should be disabled wherever possible. Instead use Azure AD to authenticate where possible.", - "guid": "9de0d5d7-21d4-41d2-900c-817bf9eac41f", - "link": "https://learn.microsoft.com/azure/event-hubs/authenticate-shared-access-signature", - "service": "Event Hubs", - "severity": "Medium", - "text": "Authenticate access to Event Hubs resources using shared access signatures (SAS) and restrict local users", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Data Security review checklist", - "description": "Use Azure role-based access control (Azure RBAC) to manage Azure resource access through built-in role assignments. Azure RBAC roles can be assigned to users, groups, service principals, and managed identities.", - "guid": "387e5ced-127d-4d14-8b06-b20c6999a646", - "link": "https://learn.microsoft.com/azure/event-hubs/authorize-access-azure-active-directory", - "service": "Event Hubs", - "severity": "Medium", - "text": "Use Azure RBACs to fine grain the access ", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Data Security review checklist", - "description": "First layer of encryption is done by Microsoft managed keys, you can add a second layer of encryption using Customer managed Keys", - "guid": "e337897e-31b6-47d6-9be5-962a1193846d", - "link": "https://learn.microsoft.com/azure/synapse-analytics/security/workspaces-encryption", - "service": "Synapse Analytics", - "severity": "Medium", - "text": "Data Encryption at rest using Customer managed Keys for workspace", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Data Security review checklist", - "description": "Service supports disabling public network access either through using service-level IP ACL filtering rule (not NSG or Azure Firewall) or using a 'Disable Public Network Access' toggle switch.", - "guid": "f3389a7e-42c7-48e7-ac06-a62a2194956e", - "service": "Event Hubs", - "severity": "Medium", - "text": "Disable Public Network Access", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Data Security review checklist", - "description": "Azure Synapse leverages TLS to ensure data is encrypted in motion. SQL dedicated pools support TLS 1.0, TLS 1.1, and TLS 1.2 versions for encryption wherein Microsoft-provided drivers use TLS 1.2 by default. Serverless SQL pool and Apache Spark pool use TLS 1.2 for all outbound connections.", - "guid": "697cc391-ed16-4b2d-886f-0a1241bddde6", - "link": "https://learn.microsoft.com/azure/synapse-analytics/guidance/security-white-paper-data-protection#data-in-transit", - "service": "Synapse Analytics", - "severity": "Medium", - "text": "Data Encryption in transit ", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Data Security review checklist", - "guid": "6a8dc4a2-fe27-4b2e-8870-1a1352beedf7", - "service": "Event Hubs", - "severity": "Medium", - "text": "Use Vnets to isolate traffic over restricted network ", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Synapse/workspaces", - "checklist": "Data Security review checklist", - "description": "Use Keyvaults to store your secrets and credentials", - "guid": "8a477cde-b486-41bc-9bc1-0ae66e25e4d5", - "service": "Synapse Analytics", - "severity": "High", - "text": "Store passwords, secerts and keys in Azure key vault", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Data Security review checklist", - "guid": "9b488dee-c496-42cc-9cd2-1bf77f26e5e6", - "link": "https://learn.microsoft.com/azure/event-hubs/private-link-service", - "service": "Event Hubs", - "severity": "Medium", - "text": "Deploy private endpoints for all Azure resources that support the Private Link feature, to establish a private access point for the resources.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Data Security review checklist", - "description": "You can store credentials or secret values in an Azure Key Vault and use them during pipeline execution to pass to your activities.", - "guid": "a3aec2c4-e243-46b0-936d-b55e17960eee", - "link": "https://learn.microsoft.com/azure/data-factory/how-to-use-azure-key-vault-secrets-pipeline-activities", - "service": "Data Factory", - "severity": "Medium", - "text": "Use Azure Key Vault secrets in pipeline activities", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "Fabric controls data access using workspaces. In workspaces, data appears in the form of Fabric items, and users can't view or use items (data) unless you give them access to the workspace. You can find more information about workspace and item permissions, in Permission model.", - "guid": "b3bed3d5-f353-47c1-946d-c56028a71ffe", - "link": "https://learn.microsoft.com/fabric/security/permission-model", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "Use Workspace roles to provide access to the users on the data", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "OneLake RBAC uses role assignments to apply permissions to its members.", - "guid": "1bd05dd2-e0d5-4d77-8d41-e3611cc57b4a", - "link": "https://learn.microsoft.com/fabric/onelake/security/data-access-control-model", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "Use RBAC on Onelake to provide fine grain access on the data in Tables/Files Onelake ", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "Take into account the access of the user at both target and source location of the shortcut", - "guid": "4b1410d4-3958-498c-8288-b3c6a57cfc64", - "link": "https://learn.microsoft.com/fabric/onelake/security/data-access-control-model#shortcuts", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "When using shortcuts the user identity of the user should have access on the target location of the shortcut as well", - "training": "https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "Not all users need to have access on the entire workspace using roles so instead restrict giving roles on the entire workspace and only share the item to the user using share item feature or managing permission in Fabric", - "guid": "4451e1a3-d345-43a3-a763-9637a552d5c1", - "link": "https://learn.microsoft.com/fabric/get-started/share-items", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "Restrict providing workspace level role to users instead share an item only to the users", - "training": "https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "Use features like RLS, CLS and Dynamic data masking to enhance your data security requirements on sql workloads.", - "guid": "5e401965-387e-45ce-b127-dd142b06b20c", - "link": "https://learn.microsoft.com/fabric/data-warehouse/tutorial-row-level-security", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "Limit access to the data by defining RLS, CLS and dynamic data masking on Warehouse and SQL analytics endpoints", - "training": "https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "Use features like RLS and OLS on Power BI to have more security features on semantic models", - "guid": "6999a646-f338-49a7-b42c-78e78c06a62a", - "link": "https://learn.microsoft.com/fabric/security/service-admin-row-level-security", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "Limit access to the data by defining RLS and OLS on semantic models in Power BI", - "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "In Fabric, all data that is stored in OneLake is encrypted at rest", - "guid": "2194956e-6a8d-4c4a-8fe2-7b2e28701a13", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "Encrypt Data at rest", - "training": "https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "Data in transit across the public internet between Microsoft services is always encrypted with at least TLS 1.2. Fabric negotiates to TLS 1.3 whenever possible.", - "guid": "52beedf7-9b48-48de-bc49-62cc3cd21bf7", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "Encrypt data in transit", - "training": "https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn", - "waf": "Security" - }, - { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Data Security review checklist", - "description": "Restrict the use of local authentication methods for data plane access. Instead, use Microsoft Entra ID as the default authentication method to control your data plane access.", - "guid": "0bdf4cc2-efc4-4d76-8c31-d25ffbb47a39", - "service": "Data Factory", - "severity": "High", - "text": "Restrict use of local users whereever necessary", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "No need to do anything. Every request to connect to Fabric is authenticated with Microsoft Entra ID, allowing users to safely connect to Fabric from their corporate office, when working at home, or from a remote location.", - "guid": "7f26e5e6-b3be-4d3d-9f35-37c1346dc560", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "Use Microsoft Entra ID as default authentication method", - "training": "https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn", - "waf": "Security" - }, - { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Data Security review checklist", - "description": "Managed identities eliminate the need to manage credentials. Managed identities provide an identity for the service instance when connecting to resources that support Microsoft Entra authentication.", - "guid": "3a040ed3-2947-498b-8178-a2c5a46ceb54", - "link": "https://learn.microsoft.com/azure/data-factory/data-factory-service-identity", - "service": "Data Factory", - "severity": "Medium", - "text": "Use managed identity to authenticate to the services", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "A Fabric workspace identity is an automatically managed service principal that can be associated with a Fabric workspace. Workspace identities can be created in the workspace settings of any workspace except My workspaces. A workspace identity is automatically assigned the workspace contributor role and has access to workspace items. Limitation: Write to shortcut destination fails when using workspace identity as the authentication method. Connections with workspace-identity-authentication can only be used in Onelake shortcuts and data pipelines.", - "guid": "28a71ffe-1bd0-45dd-8e0d-5d771d41e361", - "link": "https://learn.microsoft.com/fabric/security/workspace-identity", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "Use workspace identity to authenticate to the services", - "waf": "Security" - }, - { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Data Security review checklist", - "description": "If not required for routine administrative operations, disable or restrict any local admin accounts for only emergency use.", - "guid": "4350d092-d234-4292-a752-8537a551c5bf", - "service": "Data Factory", - "severity": "High", - "text": "Separate and limit highly privileged/administrative users and enable MFA and conditional policies", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "Grant the identity permissions on the storage account", - "guid": "1cc57b4a-4b14-410d-9395-898c2288b3c6", - "link": "https://learn.microsoft.com/fabric/security/workspace-identity-authenticate#step-2-grant-the-identity-permissions-on-the-storage-account", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "Provide RBAC roles on storage account to the managed identity to make a successful connection", - "waf": "Security" - }, - { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Data Security review checklist", - "guid": "4e4f1854-287d-45cd-a126-cc032af5b1fc", - "service": "Data Factory", - "severity": "Medium", - "text": "Disable access over public internet and configure either firewall rules or trusted services rules", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "Fabric workspaces with a workspace identity can securely read or write to firewall-enabled Azure Data Lake Storage Gen2 accounts through�trusted workspace access�for OneLake shortcuts.", - "guid": "a57cfc64-4451-4e1a-9d34-53a3c7639637", - "link": "https://learn.microsoft.com/fabric/security/security-trusted-workspace-access", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "Configure trusted workspace access to access storage account behind firewall ", - "waf": "Security" - }, - { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Data Security review checklist", - "guid": "6898a535-e337-4897-b31b-67d67be5962a", - "service": "Data Factory", - "severity": "Medium", - "text": "Deploy SHIR VMs in your vnet if you are working with sensitive data that shouldn�t leave your corporate network", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "Managed virtual networks are virtual networks that are created and managed by Microsoft Fabric for each Fabric workspace. Managed virtual networks provide network isolation for Fabric Spark workloads, meaning that the compute clusters are deployed in a dedicated network and are no longer part of the shared virtual network. It is only supported for spark workload in Fabric.", - "guid": "a552d5c1-5e40-4196-9387-e5ced127dd14", - "link": "https://learn.microsoft.com/fabric/security/security-managed-vnets-fabric-overview", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "Use managed vnet option if you have network isolation needs", - "training": "https://learn.microsoft.com/learn/paths/implement-resource-mgmt-security/", - "waf": "Security" - }, - { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Data Security review checklist", - "description": "When you create an Azure integration runtime within a Data Factory managed virtual network, the integration runtime is provisioned with the managed virtual network. It uses private endpoints to securely connect to supported data stores.", - "guid": "1193846d-697c-4c39-8ed1-6b2d186f0a12", - "service": "Data Factory", - "severity": "Medium", - "text": "Use managed vnet IR to restrict the access over public internet for Azure Integration Runtime", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "Managed private endpoints are feature that allows secure and private access to data sources from Fabric Spark workloads. You cannot use starter pool with managed PE", - "guid": "6f4a0641-addd-4ea8-a477-cdeb3861bc3b", - "link": "https://learn.microsoft.com/fabric/security/security-managed-private-endpoints-overview", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "Configure managed private endpoints to access Azure services", - "training": "https://learn.microsoft.com/learn/paths/implement-network-security/", - "waf": "Security" - }, - { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Data Security review checklist", - "description": "Managed private endpoints are private endpoints created in the Data Factory managed virtual network that establishes a private link to Azure resources. Data Factory manages these private endpoints on your behalf.", - "guid": "41bddde6-8a47-47cd-bb48-61bc3bc10ae6", - "link": "https://learn.microsoft.com/azure/data-factory/managed-virtual-network-private-endpoint#managed-private-endpoints", - "service": "Data Factory", - "severity": "Medium", - "text": "Configure managed private endpoints to connect to resources using managed azure IR", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "Fabric uses a private IP address from your virtual network. The endpoint allows users in your network to communicate with Fabric over the private IP address using private links.", - "guid": "c14aea6e-65d8-4d9a-9aec-218e6436b063", - "link": "https://learn.microsoft.com/fabric/security/security-private-links-use", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "Configure Private Links to access resources in your own Azure vnet i.e traffic coming in your Fabric environment", - "training": "https://learn.microsoft.com/learn/paths/implement-network-security/", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "When a user authenticates access is determined based on a set of policies that might include IP address, location, and managed devices.", - "guid": "6cb45e57-9603-4324-adf8-cc23318da611", - "link": "https://learn.microsoft.com/fabric/security/security-conditional-access", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "Configure Microsoft Entra ID conditional access if a user is trying to access your Fabric environment", - "training": "https://learn.microsoft.com/learn/paths/implement-network-security/", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "In Azure, a service tag is a defined group of IP addresses that is automatically managed, as a group, to minimize the complexity of updates or changes to network security rules.", - "guid": "70265f4b-b46a-4393-af70-317294797b15", - "link": "https://learn.microsoft.com/fabric/security/security-service-tags", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "You can use Azure service tags to enable connections to and from Microsoft Fabric.", - "training": "https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "optional", - "guid": "78a219a4-6beb-4544-9502-4922634292bb", - "link": "https://learn.microsoft.com/fabric/security/fabric-allow-list-urls", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "You can add Fabric URLs to your allowlist", - "training": "https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "optional", - "guid": "528537a5-4119-4bf8-b8f5-854287d9cdc1", - "link": "https://learn.microsoft.com/fabric/security/power-bi-allow-list-urls", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "You can add Power BI URLs to your allowlist", - "training": "https://learn.microsoft.com/learn/modules/introduction-azure-virtual-wan/", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "The data gateway lets you connect your Azure and other data services to Microsoft Fabric and the Power Platform to securely communicate with the data source, execute queries, and transmit results back to the service.", - "guid": "56cc071a-e9b1-441a-a889-535e727897e7", - "link": "https://learn.microsoft.com/data-integration/gateway/service-gateway-install", - "service": "Microsoft Fabric", - "severity": "Medium", - "text": "Configure and use On-prem data gateway or Vnet data gateway to connect to sources either on prem or behind a virtual network", - "waf": "Security" - }, - { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Data Security review checklist", - "description": "By using Azure Private Link, you can connect to various platform as a service (PaaS) deployments in Azure via a private endpoint. A private endpoint is a private IP address within a specific virtual network and subnet", - "guid": "b47a393a-0804-4272-a479-8b1578b219a4", - "link": "https://learn.microsoft.com/azure/data-factory/data-factory-private-link", - "service": "Data Factory", - "severity": "Medium", - "text": "Configure Private Links to connect to sources in customer Vnet and data factory", - "waf": "Security" - }, - { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Data Security review checklist", - "description": "This is a default setting", - "guid": "6ceb5443-5135-4922-9442-93bb628637a5", - "service": "Data Factory", - "severity": "Medium", - "text": "Data Encryption at rest by Microsoft managed keys", - "waf": "Security" - }, - { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Data Security review checklist", - "description": "This is a default setting", - "guid": "5119b08e-8f58-4543-a7e9-cec166cd072a", - "service": "Data Factory", - "severity": "Medium", - "text": "Data Encryption in transit by Microsoft managed keys", - "waf": "Security" - }, - { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Data Security review checklist", - "description": "When you specify a customer-managed key, Data Factory uses�both�the factory system key and the CMK to encrypt customer data. Missing either would result in Deny of Access to data and factory.", - "guid": "f9b241a9-98a5-435e-9378-97e71ca7da8c", - "link": "https://learn.microsoft.com/azure/data-factory/enable-customer-managed-key", - "service": "Data Factory", - "severity": "Medium", - "text": "Data Encryption in transit by BYOK (Customer managed keys)", - "waf": "Security" - }, - { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Data Security review checklist", - "guid": "faa62a15-9495-46da-a7dc-3a23267b2258", - "link": "https://learn.microsoft.com/azure/data-factory/store-credentials-in-key-vault, https:/learn.microsoft.com/azure/data-factory/how-to-use-azure-key-vault-secrets-pipeline-activities", - "service": "Data Factory", - "severity": "High", - "text": "Store passwords, secrets in Azure Key Vault", - "waf": "Security" - }, - { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Data Security review checklist", - "description": "You can store credentials or secret values in an Azure Key Vault and use them during pipeline execution to pass to your activities.", - "guid": "6f4a1652-bddd-4ea8-a487-cdec4861bc3b", - "link": "https://learn.microsoft.com/azure/data-factory/how-to-use-azure-key-vault-secrets-pipeline-activities", - "service": "Data Factory", - "severity": "Medium", - "text": "Use Azure Key Vault secrets in pipeline activities", - "waf": "Security" - }, - { - "arm-service": "Microsoft.DataFactory/datafactories", - "checklist": "Data Security review checklist", - "description": "You can encrypt and store credentials for any of your on-premises data stores (linked services with sensitive information) on a machine with self-hosted integration runtime.", - "guid": "c14aeb7e-66e8-4d9a-9bec-218e6436b173", - "link": "https://learn.microsoft.com/azure/data-factory/encrypt-credentials-self-hosted-integration-runtime", - "service": "Data Factory", - "severity": "Medium", - "text": "Encrypt credentials for on-premises using SHIR data stores in Azure Data Factory", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "guid": "6db55f57-9603-4334-adf9-cc23418db612", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Define roles and responsibilities to manage Microsoft Purview in control plane and data plane", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "Use Azure RBACs for this", - "guid": "8126504b-b47a-4393-a080-427294798b15", - "link": "https://learn.microsoft.com/azure/role-based-access-control/best-practices", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Define roles and tasks required to deploy and manage Microsoft Purview inside an Azure subscription (control plane)", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "Use Microsoft Purview roles for this.", - "guid": "78b219a4-6ceb-4544-9513-5922744293bb", - "link": "https://learn.microsoft.com/purview/classic-data-governance-permissions#roles, https://learn.microsoft.com/azure/role-based-access-control/best-practices", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Define roles and task needed to perform data management and governance using Microsoft Purview. (Data plane for Data Map and Data Catalog.)", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "guid": "628637a5-5119-4b08-b8f5-854387e9cec1", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Assign roles to Microsoft Entra groups instead of assigning roles to individual users.", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "guid": "66cd072a-f9b2-441a-a98a-535e737897e7", - "link": "https://learn.microsoft.com/azure/active-directory/governance/entitlement-management-overview", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Use Azure�Active Directory Entitlement Management�to map user access to Microsoft Entra groups using Access Packages.", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "guid": "1ca7da8c-faa6-42a1-9949-56da97dc3a23", - "service": "Microsoft Purview", - "severity": "High", - "text": "Enforce multifactor authentication for Microsoft Purview users, especially, for users with privileged roles such as collection admins, data source admins or data curators.", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "guid": "267b2258-6f4a-4165-8bdd-dea8a487cdec", - "service": "Microsoft Purview", - "severity": "High", - "text": "Use Microsoft Entra ID to provide authentication and authorization to all users, security groups registered in Entra, service principal and managed identities inside collections in Microsoft Purview", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "guid": "4861bc3b-c14a-4eb7-b66e-8d9a3bec218e", - "service": "Microsoft Purview", - "severity": "High", - "text": "Define Least Privilege model and Lower exposure of privileged accounts", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "guid": "6436b173-6db5-45f5-9960-3334bdf9cc23", - "link": "https://learn.microsoft.com/purview/catalog-private-link-end-to-end", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Enable�end-to-end network isolation�using Private Link Service. (Microsoft Purview Data Map)", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "guid": "418db612-8126-4504-ab47-a393a0804272", - "link": "https://learn.microsoft.com/purview/catalog-private-link-end-to-end#firewalls-to-restrict-public-access", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Use�Microsoft Purview Firewall�to disable Public access. (Microsoft Purview Data Map)", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "guid": "94798b15-78b2-419a-96ce-b54435135922", - "link": "https://learn.microsoft.com/purview/concept-best-practices-security#use-network-security-groups", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Deploy�Network Security Group (NSG) rules�for subnets where Azure data sources private endpoints, Microsoft Purview private endpoints and self-hosted runtime VMs are deployed. (Microsoft Purview Data Map)", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "guid": "744293bb-6286-437a-9511-9b08e8f58543", - "link": "https://learn.microsoft.com/azure/firewall/overview", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Implement Microsoft Purview with private endpoints managed by a Network Virtual Appliance, such as�Azure Firewall�for network inspection and network filtering. (Microsoft Purview Data Map)", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "This private endpoint is also a prerequisite for the portal private endpoint. The Microsoft Purview�portal�private endpoint is required to enable connectivity to Microsoft Purview governance portal using a private network. Microsoft Purview can scan data sources in Azure or an on-premises environment by using ingestion private endpoints. Limitations on using private endpoints https://learn.microsoft.com/purview/catalog-private-link-troubleshoot", - "guid": "87e9cec1-66cd-4072-af9b-241a998a535e", - "link": "https://learn.microsoft.com/purview/concept-best-practices-network", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Deploy private endpoints for Microsoft Purview accounts to add another layer of security, so only client calls that are originated from within the virtual network are allowed to access the Microsoft Purview account", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "https://learn.microsoft.com/purview/catalog-private-link-end-to-end#firewalls-to-restrict-public-access. Limitation to be reviewed: https://learn.microsoft.com/purview/catalog-private-link-troubleshoot", - "guid": "b7bcdb3b-51eb-42ec-84ed-a6e59d8d9a2e", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Block public access using Microsoft Purview firewall", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "guid": "db217e67-6abf-4669-aa48-e5a96f2223ec", - "link": "https://learn.microsoft.com/azure/private-link/disable-private-endpoint-network-policy, https:/learn.microsoft.com/purview/concept-best-practices-security#use-network-security-groups", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Use Network Security Groups to filter network traffic to and from Azure resources in an Azure virtual network", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "https://learn.microsoft.com/purview/concept-best-practices-security#apply-security-best-practices-for-self-hosted-runtime-vms", - "guid": "e8cb1231-8ca5-4017-b158-e3fb3aa3c2de", - "service": "Microsoft Purview", - "severity": "High", - "text": "If you have sensitive data that cannot leave the boundary of your on-prem vnet it is highly recommended to use SHIR VMs inside your corporate vnet to extract your metadata ", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "Metadata is extracted and stored in Microsoft Purview Data Map, if you are not using managed storage account for your Purview account they are open to be accessed by all so implement proper RBACs and retrict the access of Data to only intended users. Applicable to Accounts deployed after December 15, 2023 (or deployed using API version 2023-05-01-preview onwards", - "guid": "7f3165c3-a87a-405b-9a20-9949bda47778", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Use Azure RBACs to restrict the access of your storage account (not managed by MS) only to intended users.", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "guid": "f24d1167-85c2-4fa5-9c56-a948008be7d7", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Data in rest is encrypted by microsoft managed keys", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "guid": "27f7b9e9-1be1-4f38-aff3-9812bd463cbb", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Data in transit is encrypted by TLS 1.3", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "guid": "bc8ac199-ebb9-41a4-9d90-dae2cc881370", - "service": "Microsoft Purview", - "severity": "High", - "text": "Always use Azure key vaults to store all credentials if not using managed identities or without password need methods", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "guid": "6f7c0cba-fe61-4465-add4-57e927139b82", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Prevent accidental deletion of Microsoft Purview accounts by applying resource Locks", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "description": "https://learn.microsoft.com/purview/concept-best-practices-collections#design-recommendations", - "guid": "1102cac6-eae0-41e6-b842-e52f4722d928", - "link": "https://learn.microsoft.com/entra/identity/role-based-access-control/security-emergency-access", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Plan for a break glass strategy for your Microsoft Entra tenant, Azure subscription and Microsoft Purview accounts to prevent tenant-wide account lockout.", - "waf": "Security" - }, - { - "checklist": "Data Security review checklist", - "guid": "15f51296-5398-4e6d-bd23-7dd142b16c21", - "service": "Microsoft Purview", - "severity": "Medium", - "text": "Integrate with Microsoft 365 and Microsoft Defender for Cloud", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Databricks/workspaces", - "checklist": "Data Security review checklist", - "description": "Separate admin accounts from normal user accounts.", - "guid": "d7999a64-6f43-489a-af42-c78e78c06a73", - "service": "Databricks", - "severity": "High", - "text": "Define Least Privilege model and Lower exposure of privileged accounts", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Databricks/workspaces", - "checklist": "Data Security review checklist", - "description": "Azure Databricks supports Microsoft Entra ID conditional access, which allows administrators to control where and when users are permitted to sign in to Azure Databricks. Conditional access policies can restrict sign-in to your corporate network or can require multi-factor authentication (MFA).", - "guid": "a22a4956-e7a8-4dc4-a20e-27c3e29711b1", - "link": "https://learn.microsoft.com/azure/databricks/security/auth/#single-sign-on", - "service": "Databricks", - "severity": "High", - "text": "Configure single sign-on and unified login. Enable multi-factor authentication.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Databricks/workspaces", - "checklist": "Data Security review checklist", - "description": "Customers can use the Token Management API or UI controls to enable or disable personal access tokens (PATs) for REST API authentication, limit the users who are allowed to use PATs, set the maximum lifetime for new tokens, and manage existing tokens. Highly-secure customers typically provision a maximum token lifetime for new tokens for a workspace. This feature requires the Premium pricing tier.", - "guid": "352beee0-79b5-488d-bfc5-972cd4cd21b0", - "link": "https://learn.microsoft.com/azure/databricks/admin/access-control/tokens", - "service": "Databricks", - "severity": "Medium", - "text": "Use token management.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Databricks/workspaces", - "checklist": "Data Security review checklist", - "description": "If you have Databricks administrators who are also normal users of the Databricks platform (for example, there�s a lead data engineer who administers the platform and also does data engineering work), Databricks recommends creating a separate account for administrative tasks. It�s important to note that as part of the Azure RBAC model, users that are given Contributor or above permissions to the Resource Group for a deployed Azure Databricks workspace automatically become administrators when they login to that workspace. Therefore, the same considerations outlined above should be applied to Azure portal users too.", - "guid": "77036e5e-6b4b-4fd3-b503-547c1447dc56", - "service": "Databricks", - "severity": "High", - "text": "Separate admin accounts from normal user accounts", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Databricks/workspaces", - "checklist": "Data Security review checklist", - "description": "SCIM (System for Cross-domain Identity Management) allows you to sync users and groups from Microsoft Entra ID to Azure Databricks. There are three major benefits of this approach: 1. When you remove a user, the user is automatically removed from Databricks. 2. Users can also be disabled temporarily via SCIM. Customers have used this capability for scenarios where customers believe that an account may be compromised and need to investigate 3. Groups are automatically synchronized Please refer to the documentation for detailed instructions on how to configure SCIM for Azure Databricks. This feature requires the Premium pricing tier", - "guid": "028a71ff-f1ce-415d-b3f0-d5e872d42e36", - "link": "https://learn.microsoft.com/azure/databricks/admin/users-groups/scim/", - "service": "Databricks", - "severity": "Medium", - "text": "SCIM synchronization of users and groups.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Databricks/workspaces", - "checklist": "Data Security review checklist", - "description": "Using either cluster policies or the older cluster ACLs, admins can define what users or groups within the organization are able to create clusters. Cluster ACLs allow you to specify which users can attach a notebook to a given cluster. Note that if a user shares a notebook already attached to a standard mode cluster, the recipient will also be able to execute code on that cluster. This does not apply to clusters that enforce user isolation: SQL Warehouses, high concurrency with table ACLs clusters, and high concurrency with credential passthrough clusters. Customers who use Unity Catalog can also enable single-user clusters to enforce isolation clusters.", - "guid": "11cc57b4-a4b1-4410-b43a-58a9c2289b3d", - "service": "Databricks", - "severity": "Medium", - "text": "Limit cluster creation rights.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Databricks/workspaces", - "checklist": "Data Security review checklist", - "description": "Account admins can configure a workspace setting called RestrictWorkspaceAdmins to restrict workspace admins to only change a job owner to themselves and the job run as setting to a service principal that they have the Service Principal User role on.", - "guid": "6b57dfc6-5546-41e1-a3e3-453a3c863964", - "link": "https://learn.microsoft.com/azure/databricks/admin/workspace-settings/restrict-workspace-admins", - "service": "Databricks", - "severity": "High", - "text": "Restrict workspace admins", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Databricks/workspaces", - "checklist": "Data Security review checklist", - "description": "It�s important to note that even if customers use Azure Key Vault to store their secrets, access controls still need to be defined within Azure Databricks. This is because the same service identity is used to retrieve the secret for all users of an Azure Databricks workspace.", - "guid": "8b662d6c-15f5-4129-9539-8e6ded237dd1", - "service": "Databricks", - "severity": "High", - "text": "Store passwords, secrets in Azure Key Vault", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Databricks/workspaces", - "checklist": "Data Security review checklist", - "description": "Clusters with user isolation include enforcement such that each user runs as a different non-privileged user account on the cluster host. Languages are also limited to those that can be implemented in an isolated manner (SQL and Python), and Spark APIs must be on an allowlist of those we believe to be isolation-safe.", - "guid": "78c06a73-a22a-4495-9e7a-8dc4a20e27c3", - "service": "Databricks", - "severity": "Medium", - "text": "Use clusters that support user isolation.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Databricks/workspaces", - "checklist": "Data Security review checklist", - "description": "It is against security best practices to tie production workloads to individual user accounts, and so we recommend configuring Service Principals within Databricks. Service Principles separate administrator and user actions from the workload and prevent workloads from being impacted if a user leaves an organization. With Databricks, you can configure jobs to run as service principals and generate Personal Access Tokens for Service Principals.", - "guid": "e29711b1-352b-4eee-879b-588defc5972c", - "link": "https://learn.microsoft.com/azure/databricks/security/auth/access-control/", - "service": "Databricks", - "severity": "Medium", - "text": "Use service principals to run production jobs. Use proper access control for workspace level (ACLs), account level (RBACs) and data level (Unity catalog) security controls", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Databricks/workspaces", - "checklist": "Data Security review checklist", - "description": "By default, DBFS is a filesystem that is accessible to all users of the given workspace and can be accessed via API. This is not necessarily a major data exfiltration concern as you can limit access to accessing data via the DBFS API or Databricks cli using IP access lists or private network access. However, as use of Azure Databricks grows and more users join a workspace, those users would have access to any data stored in DBFS, creating the potential for undesired information sharing. Databricks recommends that our customers do not store production data in DBFS.", - "guid": "d4cd21b0-7703-46e5-b6b4-bfd3d503547c", - "service": "Databricks", - "severity": "High", - "text": "Avoid storing production data in DBFS.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Databricks/workspaces", - "checklist": "Data Security review checklist", - "description": "For the storage accounts that you manage, it is your responsibility to ensure that the storage accounts are protected according to your requirements. Examples might include: Encryption with your customer-managed key, Restrict access to trusted networks with a storage firewall, Anonymous public access is not allowed", - "guid": "1447dc56-028a-471f-bf1c-e15dd3f0d5e8", - "link": "https://learn.microsoft.com/azure/databricks/security/keys/customer-managed-keys", - "service": "Databricks", - "severity": "Medium", - "text": "Encrypt storage and restrict access.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Databricks/workspaces", - "checklist": "Data Security review checklist", - "description": "Add a customer-managed key for select data stored within the Azure Databricks control plane, such as notebooks, secrets, Databricks SQL queries, and Databricks SQL query history and for the root storage account used for DBFS. Azure Databricks requires access to this key for ongoing operations. You can revoke access to the key to prevent Azure Databricks from accessing encrypted data within the control plane (or in our backups). This is like a �nuclear option� where the workspace ceases to function, but it provides an emergency control for extreme situations. This feature requires the Premium pricing tier.", - "guid": "72d42e36-11cc-457b-9a4b-1410e43a58a9", - "link": "https://learn.microsoft.com/azure/databricks/security/keys/customer-managed-keys", - "service": "Databricks", - "severity": "Medium", - "text": "Add a customer-managed key for managed services and workspace storage", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Databricks/workspaces", - "checklist": "Data Security review checklist", - "description": "Configure IP access lists that restrict the IP addresses that can authenticate to Databricks at account console and workspace level by checking if the user or API client is coming from a known good IP address range such as a VPN or office network. Established user sessions do not work if the user moves to a bad IP address, such as when disconnecting from the VPN. ", - "guid": "277de183-b1ac-4252-a9a9-b64608489a8f", - "link": "https://learn.microsoft.com/azure/databricks/security/network/front-end/ip-access-list", - "service": "Databricks", - "severity": "Medium", - "text": "Enable IP access lists to restrict access to certain IP addresses.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Databricks/workspaces", - "checklist": "Data Security review checklist", - "description": "Azure Private Link provides a private network route from one Azure environment to another. Private Link can be configured both between Azure Databricks users and the control plane, and also between the control plane and the data plane. Between Databricks users and the control plane, Private Link provides strong controls that limit the source for inbound requests. If a company already routes traffic through an Azure environment, they can use Private Link so that the communication between users and the Azure Databricks control plane does not traverse public IP addresses. This feature requires the Premium pricing tier. Use Azure Private Link to connect from Azure Databricks to your Azure resources. Not only does Private Link ensure", - "guid": "82db8eb9-d1ba-473b-86a5-a57eba8dd4b3", - "link": "https://learn.microsoft.com/azure/databricks/security/network/classic/private-link", - "service": "Databricks", - "severity": "Medium", - "text": "Configure and use Azure Private Link to access Azure resources.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Devices/provisioningServices", - "checklist": "Device Provisioning Service Review", - "guid": "cb26b2ba-a9db-45d1-8260-d9c6ec1447d9", - "link": "https://learn.microsoft.com/en-us/azure/logic-apps/single-tenant-overview-compare", - "service": "IoT Hub DPS", - "severity": "High", - "text": "Select the right Logic App hosting plan based on your business & SLO requirements", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Devices/provisioningServices", - "checklist": "Device Provisioning Service Review", - "guid": "f6dd7977-1123-4f39-b488-f91415a8430a", - "link": "https://learn.microsoft.com/en-us/azure/logic-apps/set-up-zone-redundancy-availability-zones?tabs=standard#next-steps", - "service": "IoT Hub DPS", - "severity": "High", - "text": "Protect logic apps from region failures with zone redundancy and availability zones", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Devices/provisioningServices", - "checklist": "Device Provisioning Service Review", - "guid": "8aed4fbf-0830-4883-899d-222a154af478", - "link": "https://learn.microsoft.com/en-us/azure/logic-apps/business-continuity-disaster-recovery-guidance?toc=%2Fazure%2Freliability%2Ftoc.json&bc=%2Fazure%2Freliability%2Fbreadcrumb%2Ftoc.json", - "service": "IoT Hub DPS", - "severity": "High", - "text": "Consider a Cross-Region DR strategy for critical workloads", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Devices/provisioningServices", - "checklist": "Device Provisioning Service Review", - "guid": "da0f033e-d180-4f36-9aa4-c468dba14203", - "link": "https://learn.microsoft.com/en-us/azure/app-service/environment/intro", - "service": "IoT Hub DPS", - "severity": "High", - "text": "If deploying to an Isolated environment, use or migrate to App Service Environment (ASE) v3", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Devices/provisioningServices", - "checklist": "Device Provisioning Service Review", - "guid": "62711604-c9d1-4b0a-bdb7-5fda54a4f6c1", - "link": "https://learn.microsoft.com/en-us/training/modules/deploy-azure-functions/", - "service": "IoT Hub DPS", - "severity": "Medium", - "text": "Leverage Azure DevOps or GitHub to streamline CI/CD and safeguard your Logic App code", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.Devices/deviceUpdateServices", - "checklist": "Device Update Review", - "guid": "0e03f5ee-4648-423c-bb86-7239480f9171", - "link": "https://learn.microsoft.com/en-us/azure/iot-dps/iot-dps-ha-dr#high-availability", - "service": "Device Update for IoT Hub", - "severity": "High", - "text": "Leverage Availability Zones if regionally applicable (this is automatically enabled).", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Devices/deviceUpdateServices", - "checklist": "Device Update Review", - "guid": "c0c273bd-00ad-419a-9f2f-fc72fb181e55", - "link": "https://learn.microsoft.com/en-us/azure/iot-dps/iot-dps-ha-dr#high-availability", - "service": "Device Update for IoT Hub", - "severity": "High", - "text": "Be aware of Microsoft-initiated failovers. These are exercised by Microsoft in rare situations to fail over all the DPS instances from an affected region to the corresponding geo-paired region.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Devices/deviceUpdateServices", - "checklist": "Device Update Review", - "guid": "3af8abe6-07eb-4287-b393-6c4abe3702eb", - "link": "https://learn.microsoft.com/en-us/azure/logic-apps/business-continuity-disaster-recovery-guidance?toc=%2Fazure%2Freliability%2Ftoc.json&bc=%2Fazure%2Freliability%2Fbreadcrumb%2Ftoc.json", - "service": "Device Update for IoT Hub", - "severity": "High", - "text": "Consider a Cross-Region DR strategy for critical workloads", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Devices/deviceUpdateServices", - "checklist": "Device Update Review", - "guid": "bd91245c-fe32-4e98-a085-794a40f4bfe1", - "link": "https://learn.microsoft.com/en-us/azure/app-service/environment/intro", - "service": "Device Update for IoT Hub", - "severity": "High", - "text": "If deploying to an Isolated environment, use or migrate to App Service Environment (ASE) v3", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Azure Event Hub Review", - "description": "Azure Event Hub provides encryption of data at rest. If you use your own key, the data is still encrypted using the Microsoft-managed key, but in addition the Microsoft-managed key will be encrypted using the customer-managed key. ", - "guid": "7aaf12e7-b94e-4f6e-847d-2d92981b1cd6", - "link": "https://learn.microsoft.com/azure/event-hubs/configure-customer-managed-key", - "query": "resources | where type =~ 'Microsoft.EventHub/namespaces' | extend SkuName = tostring(sku.name) | extend EncryptionEnabled = iif(isnotempty(properties.encryption.keySource), 'Enabled', 'Disabled') | extend compliant = iif(EncryptionEnabled == 'Enabled', true, false) | project name, resourceGroup, location, SkuName, EncryptionEnabled, compliant | where SkuName == 'Premium'", - "service": "Event Hubs", - "severity": "Low", - "text": "Use customer-managed key option in data at rest encryption when required", - "training": "https://learn.microsoft.com/learn/modules/plan-implement-administer-conditional-access/", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Azure Event Hub Review", - "description": "Azure Event Hubs namespaces permit clients to send and receive data with TLS 1.0 and above. To enforce stricter security measures, you can configure your Event Hubs namespace to require that clients send and receive data with a newer version of TLS. If an Event Hubs namespace requires a minimum version of TLS, then any requests made with an older version will fail. ", - "guid": "d2f54b29-769e-43a6-a0e7-828ac936657e", - "link": "https://learn.microsoft.com/azure/event-hubs/transport-layer-security-configure-minimum-version", - "query": "resources | where type =~ 'Microsoft.EventHub/namespaces' | extend MinimumTlsVersion = tostring(properties.minimumTlsVersion) | extend compliant = iif(MinimumTlsVersion == '1.2' or MinimumTlsVersion == '1.3', true, false) | project name, resourceGroup, location, MinimumTlsVersion, compliant", - "service": "Event Hubs", - "severity": "Medium", - "text": "Enforce a minimum required version of Transport Layer Security (TLS) for requests ", - "training": "https://learn.microsoft.com/learn/modules/secure-aad-users-with-mfa/", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Azure Event Hub Review", - "description": "When you create an Event Hubs namespace, a policy rule named RootManageSharedAccessKey is automatically created for the namespace. This policy has manage permissions for the entire namespace. It�s recommended that you treat this rule like an administrative root account and don�t use it in your application. Using AAD as an authentication provider with RBAC is recommended. ", - "guid": "13b0f566-4b1e-4944-a459-837ee79d6c6d", - "link": "https://learn.microsoft.com/azure/event-hubs/authorize-access-shared-access-signature#shared-access-authorization-policies", - "service": "Event Hubs", - "severity": "Medium", - "text": "Avoid using root account when it is not necessary", - "training": "https://learn.microsoft.com/learn/paths/azure-administrator-manage-identities-governance/", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Azure Event Hub Review", - "description": "Managed identities for Azure resources can authorize access to Event Hubs resources using Azure AD credentials from applications running in Azure Virtual Machines (VMs), Function apps, Virtual Machine Scale Sets, and other services. By using managed identities for Azure resources together with Azure AD authentication, you can avoid storing credentials with your applications that run in the cloud. ", - "guid": "3a365a5c-7acb-4e48-abd5-4cd79f2e8776", - "link": "https://learn.microsoft.com/azure/event-hubs/authenticate-managed-identity?tabs=latest", - "service": "Event Hubs", - "severity": "Medium", - "text": "When possible, your application should be using a managed identity to authenticate to Azure Event Hub. If not, consider having the storage credential (SAS, service principal credential) in Azure Key Vault or an equivalent service", - "training": "https://learn.microsoft.com/learn/modules/azure-ad-privileged-identity-management/", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Azure Event Hub Review", - "description": "When creating permissions, provide fine-grained control over a client's access to Azure Event Hub. Permissions in Azure Event Hub can and should be scoped to the individual resource level e.g. consumer group, event hub entity, event hub namespaces, etc.", - "guid": "8357c559-675c-45ee-a5b8-6ad8844ce3b2", - "link": "https://learn.microsoft.com/azure/event-hubs/authorize-access-azure-active-directory#azure-built-in-roles-for-azure-event-hubs", - "service": "Event Hubs", - "severity": "High", - "text": "Use least privilege data plane RBAC", - "training": "https://learn.microsoft.com/learn/modules/explore-basic-services-identity-types/", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Azure Event Hub Review", - "description": "Azure Event Hub resource logs include operational logs, virtual network and Kafka logs. Runtime audit logs capture aggregated diagnostic information for all data plane access operations (such as send or receive events) in Event Hubs.", - "guid": "b38b875b-a1cf-4104-a900-3a4d3ce474db", - "link": "https://learn.microsoft.com/azure/event-hubs/monitor-event-hubs-reference", - "service": "Event Hubs", - "severity": "Medium", - "text": "Enable logging for security investigation. Use Azure Monitor to captured metrics and logs such as resource logs, runtime audit logs and Kafka logs", - "training": "https://learn.microsoft.com/learn/paths/manage-identity-and-access/", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Azure Event Hub Review", - "description": "Azure Event Hub by default has a public IP address and is Internet-reachable. Private endpoints allow traffic between your virtual network and Azure Event Hub traverses over the Microsoft backbone network. In addition to that, you should disable public endpoints if those are not used. ", - "guid": "5abca2a4-eda1-4dae-8cc9-5d48c6b791dc", - "link": "https://learn.microsoft.com/azure/event-hubs/private-link-service", - "service": "Event Hubs", - "severity": "Medium", - "text": "Consider using private endpoints to access Azure Event Hub and disable public network access when applicable.", - "training": "https://learn.microsoft.com/learn/modules/azure-ad-privileged-identity-management/", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Azure Event Hub Review", - "description": "With IP firewall, you can restrict public endpoint further to only a set of IPv4 addresses or IPv4 address ranges in CIDR (Classless Inter-Domain Routing) notation. ", - "guid": "a0e6c465-89e5-458b-a37d-3974d1112dbd", - "link": "https://learn.microsoft.com/azure/event-hubs/event-hubs-ip-filtering", - "service": "Event Hubs", - "severity": "Medium", - "text": "Consider only allowing access to Azure Event Hub namespace from specific IP addresses or ranges", - "training": "https://learn.microsoft.com/learn/paths/implement-resource-mgmt-security/", - "waf": "Security" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Azure Event Hub Review", - "guid": "31d41e36-11c8-417b-8afb-c410d4391898", - "link": "https://github.com/Azure/fta-resiliencyplaybooks/blob/main/paas-foundations-playbooks-AEH_v1.docx", - "service": "Event Hubs", - "severity": "Medium", - "text": "Leverage FTA Resillency HandBook", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Azure Event Hub Review", - "description": " This will be turned on automatically for a new EH namespace created from the portal with Premium, Dedicated, or Standard SKUs in a zone-enabled region. Both the EH metadata and the event data itself are replicated across zones", - "guid": "f15bce21-9e4a-40eb-9787-9424d226786d", - "link": "https://learn.microsoft.com/azure/event-hubs/event-hubs-premium-overview#high-availability-with-availability-zones", - "query": "resources | where type =~ 'Microsoft.EventHub/namespaces' | extend zoneRedundant = tobool(properties.zoneRedundant) | extend compliant = iff(zoneRedundant == true, true, false) | project name, resourceGroup, zoneRedundant, compliant", - "service": "Event Hubs", - "severity": "High", - "text": "Leverage Availability Zones if regionally applicable", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Azure Event Hub Review", - "guid": "20b56c56-ad58-4519-8f82-735c586bb281", - "link": "https://learn.microsoft.com/azure/event-hubs/compare-tiers", - "query": "resources | where type =~ 'Microsoft.EventHub/namespaces' | extend sku = tostring(sku.name) | extend compliant = iff(sku == 'Premium', true, false) | project name, resourceGroup, location, sku, compliant", - "service": "Event Hubs", - "severity": "Medium", - "text": "Use the Premium or Dedicated SKUs for predicable performance", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Azure Event Hub Review", - "description": "The built-in geo-disaster recovery feature, when enabled, ensures that the entire configuration of anamespace (Event Hubs, Consumer Groups and settings) is continuously replicated from a primary namespace to a secondary namespace, and it allows a once-only failover move from the primary to the secondary at any time. Active/Passive feature is designed to make it easier to recover from and abandon a failed Azure region without having to change application configurations", - "guid": "dc15a1c0-75ee-49f1-90ac-ccd579376bcd", - "link": "https://learn.microsoft.com/azure/event-hubs/event-hubs-geo-dr?tabs=portal", - "service": "Event Hubs", - "severity": "High", - "text": "Plan for Geo Disaster Recovery using Active Passive configuration", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Azure Event Hub Review", - "description": "Should be used for DR configurations where an outage or loss of event data in the downed region cannot be tolerated. For these cases, follow the replication guidance and do not use the built-in geo-disaster recovery capability (active/passive). With Active/Active, Maintain multiple Event Hubs in different regions and namespaces, and events will be replicated between the hubs", - "guid": "6e31b67d-67ba-4591-89c0-9e805d597c7e", - "link": "https://learn.microsoft.com/azure/event-hubs/event-hubs-federation-overview", - "service": "Event Hubs", - "severity": "Medium", - "text": "For Business Critical Applications, use Active Active configuration", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.eventhub/namespaces", - "checklist": "Azure Event Hub Review", - "guid": "9ced16ad-d186-4f0a-a241-a999a68af77c", - "link": "https://learn.microsoft.com/azure/architecture/serverless/event-hubs-functions/resilient-design", - "service": "Event Hubs", - "severity": "Medium", - "text": "Design Resilient Event Hubs", - "waf": "Reliability" - }, { "checklist": "Identity Review Checklist", "guid": "bb235c70-5e17-496f-bedf-a8a4c8cdec4c", @@ -9290,2966 +12245,11 @@ "severity": "Medium", "text": "Use Replica Sets for DR", "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Devices/IotHubs", - "checklist": "IoT Hub Review", - "guid": "ac1d6380-f866-4bbd-a9b4-b1ee5d7908b8", - "link": "https://learn.microsoft.com/azure/iot-hub/iot-hub-ha-dr#availability-zones", - "service": "IoT", - "severity": "High", - "text": "Leverage Availability Zones if regionally applicable (this is automatically enabled)", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Devices/IotHubs", - "checklist": "IoT Hub Review", - "guid": "35f651e8-0124-4ef7-8c57-658e38609e6e", - "link": "https://learn.microsoft.com/azure/iot-hub/iot-hub-ha-dr#microsoft-initiated-failover", - "service": "IoT", - "severity": "Medium", - "text": "Be aware of Microsoft-initiated failovers. These are exercised by Microsoft in rare situations to fail over all the IoT hubs from an affected region to the corresponding geo-paired region.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Devices/IotHubs", - "checklist": "IoT Hub Review", - "guid": "4ed3e490-dc06-4a1e-b467-5d0239d85540", - "link": "https://learn.microsoft.com/azure/iot-hub/iot-hub-ha-dr#cross-region-dr", - "service": "IoT", - "severity": "High", - "text": "Consider a Cross-Region DR strategy for critical workloads", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Devices/IotHubs", - "checklist": "IoT Hub Review", - "guid": "a11ecab0-db47-46f7-9aa7-17764e7e45a1", - "link": "https://learn.microsoft.com/azure/iot-hub/iot-hub-ha-dr#microsoft-initiated-failover", - "service": "IoT", - "severity": "High", - "text": "Learn how to trigger a manual failover.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Devices/IotHubs", - "checklist": "IoT Hub Review", - "guid": "f9db8dfb-1194-460b-aedd-34dd6a69db22", - "link": "https://learn.microsoft.com/azure/iot-hub/iot-hub-ha-dr#failback", - "service": "IoT", - "severity": "High", - "text": "Learn how to fail back after a failover.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.KeyVault/vaults", - "checklist": "Azure Key Vault", - "guid": "6d37a33b-531c-4a91-871a-b69d8044f04e", - "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", - "service": "Key Vault", - "severity": "High", - "text": "Familiarize yourself with the Key Vault's best practices such as isolation recommendations, access control, data protection, backup, and logging.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.KeyVault/vaults", - "checklist": "Azure Key Vault", - "guid": "7ba4d380-7b9e-4a8b-a0c3-2d8e49c11872", - "link": "https://learn.microsoft.com/azure/key-vault/general/disaster-recovery-guidance", - "service": "Key Vault", - "severity": "Medium", - "text": "Key Vault is a managed service and Microsoft will handle the failover within and across region. Familiarize yourself with the Key Vault's availability and redundancy.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.KeyVault/vaults", - "checklist": "Azure Key Vault", - "guid": "17fb86a2-eb45-42a4-9c34-52b92a2a1842", - "link": "https://learn.microsoft.com/azure/key-vault/general/disaster-recovery-guidance#data-replication", - "service": "Key Vault", - "severity": "Medium", - "text": "The contents of your key vault are replicated within the region and to a secondary region at least 150 miles away, but within the same geography to maintain high durability of your keys and secrets. Familiarize yourself with the Key Vault's data replication.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.KeyVault/vaults", - "checklist": "Azure Key Vault", - "guid": "614682ca-6e0c-4f34-9f03-c6d3f2b99a32", - "link": "https://learn.microsoft.com/azure/key-vault/general/disaster-recovery-guidance#failover-across-regions", - "service": "Key Vault", - "severity": "Medium", - "text": "During failover, access policy or firewall configurations and settings can't be changed. The key vault will be in read-only mode during failover. Familiarize yourself with the Key Vault's failover guidance.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.KeyVault/vaults", - "checklist": "Azure Key Vault", - "guid": "9ef2b0d2-3206-4c94-b47a-4f07e6a1c509", - "link": "https://learn.microsoft.com/azure/key-vault/general/backup?tabs=azure-cli#design-considerations", - "service": "Key Vault", - "severity": "Medium", - "text": "When you back up a key vault object, such as a secret, key, or certificate, the backup operation will download the object as an encrypted blob. This blob can't be decrypted outside of Azure. To get usable data from this blob, you must restore the blob into a key vault within the same Azure subscription and Azure geography. Familiarize yourself with the Key Vault's backup and restore guidance.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.KeyVault/vaults", - "checklist": "Azure Key Vault", - "guid": "2df045b1-c0f6-47d3-9a9b-99cf6999684e", - "link": "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview", - "service": "Key Vault", - "severity": "High", - "text": "If you want protection against accidental or malicious deletion of your secrets, configure soft-delete and purge protection features on your key vault.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.KeyVault/vaults", - "checklist": "Azure Key Vault", - "guid": "cbfa96b0-5249-4e6f-947c-d0e79509708c", - "link": "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview", - "service": "Key Vault", - "severity": "Low", - "text": "Key Vault's soft-deleted resources are retained for a set period of 90 calendar days. Familiarize yourself with the Key Vault's soft-delete guidance.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.KeyVault/vaults", - "checklist": "Azure Key Vault", - "guid": "e8659d11-7e02-4db0-848c-c6541dbab68c", - "link": "https://learn.microsoft.com/azure/key-vault/general/backup?tabs=azure-cli#limitations", - "service": "Key Vault", - "severity": "Low", - "text": "Understand Key Vault's backup limitations. Key Vault does not support the ability to backup more than 500 past versions of a key, secret, or certificate object. Attempting to backup a key, secret, or certificate object may result in an error. It is not possible to delete previous versions of a key, secret, or certificate.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.KeyVault/vaults", - "checklist": "Azure Key Vault", - "guid": "45c25e29-d0ef-4f07-aa04-0f8c64cbcc04", - "link": "https://learn.microsoft.com/azure/key-vault/general/backup?tabs=azure-cli#limitations", - "service": "Key Vault", - "severity": "Low", - "text": "Key Vault doesn't currently provide a way to back up an entire key vault in a single operation and keys, secrets and certitificates must be backup indvidually. Familiarize yourself with the Key Vault's backup and restore guidance.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.KeyVault/vaults", - "checklist": "Azure Key Vault", - "guid": "0f15640b-31e5-4de6-85a7-d2c652fa09d3", - "link": "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview#purge-protection", - "service": "Key Vault", - "severity": "Medium", - "text": "Purge protection is recommended when using keys for encryption to prevent data loss. Purge protection is an optional Key Vault behavior and is not enabled by default. Purge protection can only be enabled once soft-delete is enabled. It can be turned on via CLI, PowerShell or Portal.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.KeyVault/vaults", - "checklist": "Azure Key Vault", - "graph": "resources| where type =~ 'microsoft.keyvault/vaults' | extend compliant = (properties.enableRbacAuthorization == true) | distinct id, compliant", - "guid": "d0642c1c-312b-4116-94ab-439e1c836819", - "link": "https://learn.microsoft.com/azure/key-vault/general/rbac-guide?tabs=azure-cli", - "service": "Key Vault", - "severity": "Medium", - "text": "RBAC is recommended to control access to your key vault. Familiarize yourself with the Key Vault's access control guidance.", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Logic Apps checklist", - "guid": "3b7a56de-5020-4642-b3cb-c976e80b6d6d", - "link": "https://learn.microsoft.com/azure/logic-apps/single-tenant-overview-compare", - "service": "Logic Apps", - "severity": "High", - "text": "Select the right Logic App hosting plan based on your business & SLO requirements", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Logic Apps checklist", - "guid": "3d7008bd-6bc1-4b03-8aa8-ec2a3b55786a", - "link": "https://learn.microsoft.com/azure/logic-apps/set-up-zone-redundancy-availability-zones?tabs=standard#next-steps", - "service": "Logic Apps", - "severity": "High", - "text": "Protect logic apps from region failures with zone redundancy and availability zones", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Logic Apps checklist", - "guid": "1cda768f-a206-445d-8234-56f6a6e7286e", - "link": "https://learn.microsoft.com/azure/logic-apps/business-continuity-disaster-recovery-guidance?toc=%2Fazure%2Freliability%2Ftoc.json&bc=%2Fazure%2Freliability%2Fbreadcrumb%2Ftoc.json", - "service": "Logic Apps", - "severity": "High", - "text": "Consider a Cross-Region DR strategy for critical workloads", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Logic Apps checklist", - "guid": "82118ec5-ed6f-4c68-9471-eb0da98a1b34", - "link": "https://learn.microsoft.com/azure/app-service/environment/intro", - "service": "Logic Apps", - "severity": "High", - "text": "If deploying to an Isolated environment, use or migrate to App Service Environment (ASE) v3", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Web/sites", - "checklist": "Logic Apps checklist", - "guid": "74275fa5-9e08-4c7e-b096-13b538fe1501", - "link": "https://learn.microsoft.com/training/modules/deploy-azure-functions/", - "service": "Logic Apps", - "severity": "Medium", - "text": "Leverage Azure DevOps or GitHub to streamline CI/CD and safeguard your Logic App code", - "waf": "Operations" - }, - { - "arm-service": "Microsoft.DBforMySQL/servers", - "checklist": "MySQL Review Checklist", - "guid": "388c3e25-e800-4ad2-9df3-f3d6ae1050b7", - "link": "https://learn.microsoft.com/azure/mysql/flexible-server/overview", - "service": "Azure MySQL", - "severity": "Medium", - "text": "Leverage Flexible Server", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.DBforMySQL/servers", - "checklist": "MySQL Review Checklist", - "guid": "de3aad1e-8c38-4ec9-9666-7313c005674b", - "link": "https://learn.microsoft.com/azure/mysql/flexible-server/overview#high-availability-within-and-across-availability-zones", - "service": "Azure MySQL", - "severity": "High", - "text": "Leverage Availability Zones where regionally applicable", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.DBforMySQL/servers", - "checklist": "MySQL Review Checklist", - "guid": "1e944a45-9c37-43e7-bd61-623b365a917e", - "link": "https://learn.microsoft.com/azure/mysql/flexible-server/overview#setup-hybrid-or-multi-cloud-data-synchronization-with-data-in-replication", - "service": "Azure MySQL", - "severity": "Medium", - "text": "Leverage Data-in replication for cross-region DR scenarios", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "graph": "resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant", - "guid": "553585a6-abe0-11ed-afa1-0242ac120002", - "link": "https://learn.microsoft.com/azure/application-gateway/overview-v2", - "service": "App Gateway", - "severity": "Medium", - "text": "Ensure you are using Application Gateway v2 SKU", - "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Network/loadBalancers", - "checklist": "Azure Application Delivery Networking", - "graph": "resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard')", - "guid": "4e35fbf5-0ae2-48b2-97ce-753353edbd1a", - "link": "https://learn.microsoft.com/azure/load-balancer/load-balancer-overview", - "service": "Load Balancer", - "severity": "Medium", - "text": "Ensure you are using the Standard SKU for your Azure Load Balancers", - "waf": "Security" - }, - { - "arm-service": "Microsoft.Network/loadBalancers", - "checklist": "Azure Application Delivery Networking", - "guid": "9432621a-8397-4654-a882-5bc856b7ef83", - "link": "https://learn.microsoft.com/azure/load-balancer/load-balancer-standard-availability-zones", - "service": "Load Balancer", - "severity": "Medium", - "text": "Ensure your Load Balancers frontend IP addresses are zone-redundant (unless you require zonal frontends).", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "graph": "resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant", - "guid": "dfc50f87-3800-424c-937b-ed5f186e7c15", - "link": "https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet", - "service": "App Gateway", - "severity": "Medium", - "text": "Your Application Gateways v2 should be deployed in subnets with IP prefixes equal or larger than /24", - "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "description": "Administration of reverse proxies in general and WAF in particular is closer to the application than to networking, so they belong in the same subscription as the app. Centralizing the Application Gateway and WAF in the connectivity subscription might be OK if it is managed by one single team.", - "guid": "48b662d6-d15f-4512-a654-98f6dfe237de", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview", - "service": "App Gateway", - "severity": "Medium", - "text": "Deploy Azure Application Gateway v2 or partner NVAs used for proxying inbound HTTP(S) connections within the landing-zone virtual network and with the apps that they're securing.", - "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "f109e1f3-c79b-4f14-82de-6b5c22314d08", - "link": "https://learn.microsoft.com/azure/application-gateway/tutorial-protect-application-gateway-ddos", - "service": "App Gateway", - "severity": "Medium", - "text": "Use a DDoS Network or IP protection plans for all Public IP addresses in application landing zones.", - "training": "https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "graph": "resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant", - "guid": "135bf4ac-f9db-461f-b76b-2ee9e30b12c0", - "link": "https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant", - "service": "App Gateway", - "severity": "Medium", - "text": "Configure autoscaling with a minimum amount of instances of two.", - "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "graph": "resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant", - "guid": "060c6964-52b5-48db-af8b-83e4b2d85349", - "link": "https://learn.microsoft.com/azure/reliability/migrate-app-gateway-v2", - "service": "App Gateway", - "severity": "Medium", - "text": "Deploy Application Gateway across Availability Zones", - "training": "https://learn.microsoft.com/learn/paths/secure-application-delivery/", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.network/frontdoors", - "checklist": "Azure Application Delivery Networking", - "guid": "3f29812b-2363-4cef-b179-b599de0d5973", - "link": "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview", - "service": "Front Door", - "severity": "Medium", - "text": "When using Front Door and Application Gateway to help protect HTTP/S apps, use WAF policies in Front Door. Lock down Application Gateway to receive traffic only from Front Door.", - "training": "https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/", - "waf": "Security" - }, - { - "ammp": true, - "arm-service": "microsoft.network/trafficManagerProfiles", - "checklist": "Azure Application Delivery Networking", - "guid": "cd4cd21b-0881-437f-9e6c-4cfd3e504547", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview", - "service": "Traffic Manager", - "severity": "High", - "text": "Use Traffic Manager to deliver global apps that span protocols other than HTTP/S.", - "training": "https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/", - "waf": "Reliability" - }, - { - "checklist": "Azure Application Delivery Networking", - "guid": "3b4b3e88-a459-4ed5-a22f-644dfbc58204", - "link": "https://learn.microsoft.com/azure/active-directory/app-proxy/application-proxy#how-application-proxy-works", - "service": "Entra", - "severity": "Low", - "text": "If users only need access to internal applications, has Microsoft Entra ID Application Proxy been considered as an alternative to Azure Virtual Desktop (AVD)?", - "training": "https://learn.microsoft.com/learn/modules/configure-azure-ad-application-proxy/", - "waf": "Security" - }, - { - "checklist": "Azure Application Delivery Networking", - "guid": "01ca7cf1-5754-442d-babb-8ba6772e5c30", - "link": "https://learn.microsoft.com/azure/active-directory/app-proxy/application-proxy#how-application-proxy-works", - "service": "Entra", - "severity": "Medium", - "text": "To reduce the number of firewall ports open for incoming connections in your network, consider using Microsoft Entra ID Application Proxy to give remote users secure and authenticated access to internal applications.", - "training": "https://learn.microsoft.com/learn/paths/implement-applications-external-access-azure-ad/", - "waf": "Security" - }, - { - "ammp": true, - "arm-service": "Microsoft.Network/loadBalancers", - "checklist": "Azure Application Delivery Networking", - "graph": "resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant", - "guid": "97a2fd46-64b0-1dfa-b72d-9c8869496d75", - "link": "https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity", - "service": "Load Balancer", - "severity": "High", - "text": "Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability", - "waf": "Reliability" - }, - { - "ammp": true, - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "graph": "resources | where type == 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | mv-expand properties.managedRules.managedRuleSets | project id, rulesettype = properties_managedRules_managedRuleSets.ruleSetType | extend compliant1 = (rulesettype == 'Microsoft_BotManagerRuleSet') | project id, compliant1 | summarize compliant = max(compliant1) by id", - "guid": "2f8e81eb-8e68-4026-8b1f-70f9b05f7cf9", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/bot-protection", - "service": "App Gateway", - "severity": "High", - "text": "Enable the Azure Application Gateway WAF bot protection rule set. The bot rules detect good and bad bots.", - "waf": "Security" - }, - { - "ammp": true, - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "graph": "resources | where type =~ 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | extend compliant = (properties['policySettings']['requestBodyCheck'] == 'true' and properties['policySettings']['state'] =~ 'Enabled') | distinct id, name, compliant", - "guid": "8ea8e0d4-84e8-4b33-aeab-493f6391b4d6", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits#request-body-inspection", - "service": "App Gateway", - "severity": "High", - "text": "Ensure if request body inspection feature is enabled in Azure Application Gateway WAF policy.", - "waf": "Security" - }, - { - "ammp": true, - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "a4dd86d3-5ffa-408c-b660-cce073d085b8", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/best-practices#tune-your-waf", - "service": "App Gateway", - "severity": "High", - "text": "Tune the Azure Application Gateway WAF in detection mode for your workload. Reduce false positive detections.", - "waf": "Security" - }, - { - "ammp": true, - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "graph": "resources | where type =~ 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | extend compliant = (properties['policySettings']['mode'] =~ 'Prevention')| where properties['policySettings']['mode'] =~ 'Prevention' | distinct id, name, compliant", - "guid": "baf8e317-2397-4d49-b3d1-0dcc16d8778d", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/policy-overview?source=recommendations", - "service": "App Gateway", - "severity": "High", - "text": "Deploy your WAF policy for Application Gateway in 'Prevention' mode.", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "43fae595-8a32-4299-a69e-0f32c454dcc9", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/rate-limiting-overview", - "service": "App Gateway", - "severity": "Medium", - "text": "Add rate limiting to the Azure Application Gateway WAF. Rate limiting blocks clients accidentally or intentionally sending large amounts of traffic in a short period of time.", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "041e0ad8-7b12-4694-a0b7-a0e25ee2470f", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/rate-limiting-overview#rate-limiting-details", - "service": "App Gateway", - "severity": "Medium", - "text": "Use a high threshold for Azure Application Gateway WAF rate limits. High rate limit thresholds avoid blocking legitimate traffic, while still providing protection against extremely high numbers of requests that might overwhelm your infrastructure. ", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "99937189-ff78-492a-b9ca-18d828d82b37", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/best-practices#geo-filtering-best-practices", - "service": "App Gateway", - "severity": "Low", - "text": "If you are not expecting traffic from all geographical regions, use geo-filters to block traffic from non-expected countries.", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "349a15c1-52f4-4319-9078-3895d95ecafd", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/geomatch-custom-rules", - "service": "App Gateway", - "severity": "Medium", - "text": "Specify the unknown (ZZ) location when geo-filtering traffic with the Azure Application Gateway WAF. Avoid accidentally blocking legitimate requests when IP addresses can't be geo-matched.", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "6c19dfd5-a61c-436c-9001-491b9b3d0228", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/best-practices#use-the-latest-ruleset-versions", - "service": "App Gateway", - "severity": "Medium", - "text": "Use the latest Azure Application Gateway WAF rule set version. Rule set updates are regularly updated to take account of the current threat landscape.", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "f84106a2-2e9e-42ac-add6-d3416ecfed53", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/best-practices#add-diagnostic-settings-to-save-your-wafs-logs", - "service": "App Gateway", - "severity": "Medium", - "text": "Add diagnostic settings to save your Azure Application Gateway WAF logs.", - "waf": "Operations" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "92664c60-47e3-4591-8b1b-8d557656e686", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/best-practices#send-logs-to-microsoft-sentinel", - "service": "App Gateway", - "severity": "Medium", - "text": "Send Azure Application Gateway WAF logs to Microsoft Sentinel.", - "waf": "Operations" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "ba0e9b26-6e0d-4ec8-8541-023c00afd5b7", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/best-practices#define-your-waf-configuration-as-code", - "service": "App Gateway", - "severity": "Medium", - "text": "Define your Azure Application Gateway WAF configuration as code. By using code, you can more easily adopt new rule set version and gain additional protection.", - "waf": "Operations" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "f17ec301-8470-4afd-aabc-c1fdfe47dcc0", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/policy-overview", - "service": "App Gateway", - "severity": "Medium", - "text": "Use WAF Policies instead of the legacy WAF configuration.", - "waf": "Operations" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "d4eb8667-f8cb-4cdd-94e6-2f967ba98f88", - "link": "https://learn.microsoft.com/azure/virtual-wan/scenario-secured-hub-app-gateway", - "service": "App Gateway", - "severity": "Medium", - "text": "Filter inbound traffic in the backends so that they only accept connections from the Application Gateway subnet, for example with NSGs.", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "graph": "resources | where type == 'microsoft.network/applicationgateways'| extend compliant = (properties['backendHttpSettingsCollection'][0]['properties']['port'] =~ '443') |where properties['backendHttpSettingsCollection'][0]['properties']['port'] =~ '443'|distinct id,name,compliant", - "guid": "a66f0fd8-2ca4-422e-8df3-235148127ca2", - "link": "https://learn.microsoft.com/azure/application-gateway/ssl-overview", - "service": "App Gateway", - "severity": "High", - "text": "You should encrypt traffic to the backend servers.", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "3dba65cb-834d-44d8-a3ca-a6aa2f1587be", - "link": "https://learn.microsoft.com/azure/web-application-firewall/overview", - "service": "App Gateway", - "severity": "High", - "text": "You should use a Web Application Firewall.", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "0158fcb6-0bc1-4687-832f-cc7c359c22d2", - "link": "https://learn.microsoft.com/azure/application-gateway/redirect-overview", - "service": "App Gateway", - "severity": "Medium", - "text": "Redirect HTTP to HTTPS", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "bb697864-1b4c-43af-8667-90cc69aaed5f", - "link": "https://learn.microsoft.com/azure/application-gateway/how-application-gateway-works#modifications-to-the-request", - "service": "App Gateway", - "severity": "Medium", - "text": "Use gateway-managed cookies to direct traffic from a user session to the same server for processing", - "waf": "Operations" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "ff353ad8-15fb-4ae8-9fc5-a85a36d36a35", - "link": "https://learn.microsoft.com/azure/application-gateway/configuration-http-settings", - "service": "App Gateway", - "severity": "High", - "text": "Enable connection draining during planned service updates to prevent connection loss to existing members of the backend pool", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "c8741f03-45a4-4183-a6b8-139e0773b8b5", - "link": "https://learn.microsoft.com/azure/application-gateway/custom-error", - "service": "App Gateway", - "severity": "Low", - "text": "Create custom error pages to display a personalized user experience", - "waf": "Operations" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "f850d46f-f5d7-4b17-b48c-a780741402e1", - "link": "https://learn.microsoft.com/azure/application-gateway/rewrite-http-headers-url", - "service": "App Gateway", - "severity": "Medium", - "text": "Edit HTTP requests and response headers for easier routing and information exchange between the client and server", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "eadc3164-4a0f-461c-85f1-1a372c04dfd1", - "link": "https://learn.microsoft.com/azure/frontdoor/front-door-overview", - "service": "App Gateway", - "severity": "Medium", - "text": "Configure Front Door to optimize global web traffic routing and top-tier end-user performance, and reliability through quick global failover", - "waf": "Performance" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "29dcc19f-a8fa-4c35-8281-290577538793", - "link": "https://learn.microsoft.com/azure/load-balancer/load-balancer-overview", - "service": "App Gateway", - "severity": "Medium", - "text": "Use transport layer load balancing", - "waf": "Performance" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "276898c1-af5e-4819-9e8e-049c7801ab9d", - "link": "https://learn.microsoft.com/azure/application-gateway/multiple-site-overview", - "service": "App Gateway", - "severity": "Medium", - "text": "Configure routing based on host or domain name for multiple web applications on a single gateway", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "5fe365b6-58e8-47ed-a8cf-5163850380a2", - "link": "https://learn.microsoft.com/azure/application-gateway/create-ssl-portal", - "service": "App Gateway", - "severity": "Medium", - "text": "Centralize SSL certificate management to reduce encryption and decryption overhead from a backend server farm", - "waf": "Security" - }, - { - "arm-service": "microsoft.network/applicationGateways", - "checklist": "Azure Application Delivery Networking", - "guid": "fa64b4dd-35c2-4047-ac5c-45dfbf8b0db9", - "link": "https://learn.microsoft.com/azure/application-gateway/application-gateway-websocket", - "service": "App Gateway", - "severity": "Low", - "text": "Use Application Gateway for native support for WebSocket and HTTP/2 protocols", - "waf": "Security" - }, - { - "arm-service": "Microsoft.DBforPostgreSQL/servers", - "checklist": "PostgreSQL Review Checklist", - "guid": "65285269-441c-44bf-9d3e-0844276d4bdc", - "link": "https://learn.microsoft.com/azure/postgresql/flexible-server/overview", - "service": "PostgreSQL", - "severity": "Medium", - "text": "Leverage Flexible Server", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.DBforPostgreSQL/servers", - "checklist": "PostgreSQL Review Checklist", - "guid": "016ccf31-ae5a-41eb-9888-9535e227896d", - "link": "https://learn.microsoft.com/azure/postgresql/flexible-server/overview#architecture-and-high-availability", - "service": "PostgreSQL", - "severity": "High", - "text": "Leverage Availability Zones where regionally applicable", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.DBforPostgreSQL/servers", - "checklist": "PostgreSQL Review Checklist", - "guid": "31b67c67-be59-4519-8083-845d587cb391", - "link": "https://learn.microsoft.com/azure/postgresql/single-server/concepts-business-continuity#cross-region-read-replicas", - "service": "PostgreSQL", - "severity": "Medium", - "text": "Leverage cross-region read replicas for BCDR", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "1fc2fc14-eea6-4e69-b8d9-a3edc218e687", - "link": "https://polite-sea-0995b240f.2.azurestaticapps.net/technical-delivery-playbook/azure-services/analytics/purview/", - "service": "Purview", - "severity": "Medium", - "text": "Leverage FTA Resillency Handbook", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "ab067acb-49e5-4b96-8332-4ecf8cc13318", - "link": "https://learn.microsoft.com/purview/disaster-recovery", - "service": "Purview", - "severity": "High", - "text": "Plan for Data Center level outage", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "description": "1. Create the new account 2. Migrate configuration items 3. Run scans 4. Migrate custom typedefs and custom assets 5. Migrate relationships 6. Migrate glossary terms 7. Assign classifications to assets 8. Assign contacts to assets", - "guid": "da611702-69f4-4fb4-aa3d-3ef7f3176c4b", - "link": "https://learn.microsoft.com/purview/disaster-recovery", - "service": "Purview", - "severity": "Medium", - "text": "Practice Failover for BCDR", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "97b15b8a-219a-44ab-bb57-879024d22678", - "link": "https://learn.microsoft.com/purview/disaster-recovery", - "service": "Purview", - "severity": "High", - "text": "Plan a backup strategy and take regular backups", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "6d20b56c-56a9-4581-89bf-8d8e5c586b7d", - "link": "https://learn.microsoft.com/purview/manage-kafka-dotnet", - "service": "Purview", - "severity": "Low", - "text": "Use Microsoft Purview's Event Hubs to subscribe and create entities to another account", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "8cdc15ac-c075-4ee9-a130-a8889579e76b", - "link": "https://learn.microsoft.com/purview/deployment-best-practices", - "service": "Purview", - "severity": "Medium", - "text": "Follow Purview accounts architectures and deployment best practices", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "896e710a-7da7-4be9-a56d-14d3c49d997c", - "link": "https://learn.microsoft.com/purview/concept-best-practices-collections", - "service": "Purview", - "severity": "Medium", - "text": "Follow Collection Architectures and best practices", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "b3d1325a-a225-4c6f-9e06-85edddea8a4b", - "link": "https://learn.microsoft.com/purview/concept-best-practices-asset-lifecycle", - "service": "Purview", - "severity": "Medium", - "text": "Follow Assest lifecycle best practices", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "7cdeb3c6-1fc2-4fc1-9eea-6e69d8d9a3ed", - "link": "https://learn.microsoft.com/purview/concept-best-practices-automation", - "service": "Purview", - "severity": "Medium", - "text": "Follow automation best practices", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "c218e687-ab06-47ac-a49e-5b9603324ecf", - "link": "https://learn.microsoft.com/purview/disaster-recovery", - "service": "Purview", - "severity": "Medium", - "text": "Follow Backup and Migration Best practices", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "8cc13318-da61-4170-869f-4fb4aa3d3ef7", - "link": "https://learn.microsoft.com/purview/concept-best-practices-glossary", - "service": "Purview", - "severity": "Medium", - "text": "Follow Purview Glossary Best Practices", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "f3176c4b-97b1-45b8-a219-a4abeb578790", - "link": "https://learn.microsoft.com/purview/concept-workflow", - "service": "Purview", - "severity": "Low", - "text": "Leverage Workflows ", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "24d22678-6d20-4b56-a56a-958119bf8d8e", - "link": "https://learn.microsoft.com/purview/concept-best-practices-security", - "service": "Purview", - "severity": "Medium", - "text": "Follow Purview Security Best Practices", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "5c586b7d-8cdc-415a-ac07-5ee9b130a888", - "link": "https://learn.microsoft.com/purview/concept-best-practices-lineage-azure-data-factory", - "service": "Purview", - "severity": "Medium", - "text": "Follow Purview Data Lineage Best Practices", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "9579e76b-896e-4710-a7da-7be9956d14d3", - "link": "https://learn.microsoft.com/purview/concept-best-practices-scanning", - "service": "Purview", - "severity": "Medium", - "text": "Follow Best Practices for Scanning Registered Sources", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "c49d997c-b3d1-4325-aa22-5c6f4e0685ed", - "link": "https://learn.microsoft.com/purview/concept-best-practices-classification", - "service": "Purview", - "severity": "Medium", - "text": "Follow Classification Best Practices in Governance Portal", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "ddea8a4b-7cde-4b3c-91fc-2fc14eea6e69", - "link": "https://learn.microsoft.com/purview/sensitivity-labels-frequently-asked-questions", - "service": "Purview", - "severity": "Medium", - "text": "Perform Sensitivity Labelling in the Purview Data Map", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "d8d9a3ed-c218-4e68-9ab0-67acb49e5b96", - "link": "https://learn.microsoft.com/purview/concept-data-share", - "service": "Purview", - "severity": "Low", - "text": "Leverage Azure Storage in-place data sharing with Microsoft Purview", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "03324ecf-8cc1-4331-ada6-1170269f4fb4", - "link": "https://learn.microsoft.com/purview/concept-insights", - "service": "Purview", - "severity": "Low", - "text": "Leverage Data Estate Insights", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "aa3d3ef7-f317-46c4-a97b-15b8a219a4ab", - "link": "https://learn.microsoft.com/purview/catalog-adoption-insights", - "service": "Purview", - "severity": "Low", - "text": "Use Data stewardship and Catalog adoption", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "eb578790-24d2-4267-a6d2-0b56c56a9581", - "link": "https://learn.microsoft.com/purview/concept-insights", - "service": "Purview", - "severity": "Low", - "text": "Use Inventory and Ownership", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "19bf8d8e-5c58-46b7-b8cd-c15acc075ee9", - "link": "https://learn.microsoft.com/purview/glossary-insights", - "service": "Purview", - "severity": "Low", - "text": "Leverage Insights for Glossary, Classifications, Sensitivity Labels", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "b130a888-9579-4e76-a896-e710a7da7be9", - "link": "https://learn.microsoft.com/purview/compliance-manager", - "service": "Purview", - "severity": "Medium", - "text": "Generate assessment scores", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "956d14d3-c49d-4997-ab3d-1325aa225c6f", - "link": "https://learn.microsoft.com/purview/compliance-manager-scoring", - "service": "Purview", - "severity": "Medium", - "text": "Profiling- get summaries of data content", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "4e0685ed-ddea-48a4-a7cd-eb3c61fc2fc1", - "link": "https://learn.microsoft.com/purview/concept-policies-data-owner#microsoft-purview-policy-concepts", - "service": "Purview", - "severity": "Low", - "text": "Follow Microsoft Purview Data Owner access policies", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "4eea6e69-d8d9-4a3e-bc21-8e687ab067ac", - "link": "https://learn.microsoft.com/purview/concept-self-service-data-access-policy", - "service": "Purview", - "severity": "Low", - "text": "Follow Self-service access policies", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Purview/accounts", - "checklist": "Microsoft Purview Review Checklist", - "guid": "b49e5b96-0332-44ec-b8cc-13318da61170", - "link": "https://learn.microsoft.com/purview/concept-policies-devops", - "service": "Purview", - "severity": "Low", - "text": "Follow DevOps policies", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.cache/redis", - "checklist": "Redis Resiliency checklist", - "guid": "65285269-440b-44be-9d3e-0844276d4bdc", - "link": "https://learn.microsoft.com/azure/azure-cache-for-redis/cache-how-to-zone-redundancy", - "service": "Redis", - "severity": "High", - "text": "Enable zone redundancy for Azure Cache for Redis. Azure Cache for Redis supports zone redundant configurations in the Premium and Enterprise tiers. A zone redundant cache can place its nodes across different Azure Availability Zones in the same region. It eliminates data center or AZ outage as a single point of failure and increases the overall availability of your cache.", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.cache/redis", - "checklist": "Redis Resiliency checklist", - "guid": "bc178bdc-5a06-4ca7-8443-51e19dd34429", - "link": "https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-high-availability#persistence", - "service": "Redis", - "severity": "Medium", - "text": "Configure data persistence for an Azure Cache for Redis instance. Because your cache data is stored in memory, a rare and unplanned failure of multiple nodes can cause all the data to be dropped. To avoid losing data completely, Redis persistence allows you to take periodic snapshots of in-memory data, and store it to your storage account.", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.cache/redis", - "checklist": "Redis Resiliency checklist", - "guid": "eb722823-7a15-41c5-ab4e-4f1814387e5c", - "link": "https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-high-availability#storage-account-for-persistence", - "service": "Redis", - "severity": "Medium", - "text": "Use Geo-redundant storage account to persist Azure Cache for Redis data, or zonally redundant where geo-redundancy is not available", - "waf": "Reliability" - }, - { - "arm-service": "microsoft.cache/redis", - "checklist": "Redis Resiliency checklist", - "guid": "a8c26c9b-32ab-45bd-bc69-98a135e33789", - "link": "https://learn.microsoft.com/azure/azure-cache-for-redis/cache-how-to-geo-replication", - "service": "Redis", - "severity": "Medium", - "text": "Configure passive geo-replication for Premium Azure Cache for Redis instances. Geo-replication is a mechanism for linking two or more Azure Cache for Redis instances, typically spanning two Azure regions. Geo-replication is designed mainly for cross-region disaster recovery. Two Premium tier cache instances are connected through geo-replication in a way that provides reads and writes to your primary cache, and that data is replicated to the secondary cache.", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Compute/virtualMachineScaleSets", - "checklist": "Resiliency Review", - "description": "Automatic instance repairs ensure that unhealthy instances are promptly identified and replaced, maintaining a set of healthy instances within your scale set.", - "guid": "7e13c105-675c-41e9-95b4-59837ff7ae7c", - "link": "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-instance-repairs", - "service": "VMSS", - "severity": "Low", - "text": "Enable automatic instance repairs for enhanced VM Scale Sets resiliency", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Resiliency Review", - "description": "Ensure that Azure Backup is utilized appropriately to meet your organization's resiliency requirements for Azure virtual machines (VMs).", - "guid": "4d874a74-8b66-42d6-b150-512a66498f6d", - "link": "https://learn.microsoft.com/azure/backup/backup-azure-vms-introduction", - "service": "VM", - "severity": "High", - "text": "Consider Azure Backup to meet your resiliency requirements for Azure VMs", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Resiliency Review", - "description": "Single Instance VMs using Premium SSD or Ultra Disk for all Operating System Disks and Data Disks are guaranteed to have Virtual Machine Connectivity of at least 99.9%", - "guid": "8052d88e-79d1-47b7-9b22-a5a67e7a8ed4", - "link": "https://learn.microsoft.com/azure/virtual-machines/disks-types", - "service": "VM", - "severity": "High", - "text": "Use Premium or Ultra disks for production VMs", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Resiliency Review", - "description": "Azure automatically replicates managed disks within a region to ensure data durability and protect against single-point failures.", - "guid": "b31e38c3-f298-412b-8363-cffe179b599d", - "link": "https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview", - "service": "VM", - "severity": "High", - "text": "Ensure Managed Disks are used for all VMs", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Resiliency Review", - "description": "Temporary disks are intended for short-term storage of non-persistent data such as page files, swap files, or SQL Server tempdb. Storing persistent data on temporary disks can lead to data loss during maintenance events or VM redeployment.", - "guid": "e0d5973c-d4ce-432c-8881-37f6f7c4c0d4", - "link": "https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk", - "service": "VM", - "severity": "Medium", - "text": "Do not use the Temp disk for anything that is not acceptable to be lost", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Resiliency Review", - "description": "Co-locate your compute, storage, networking, and data resources across an availability zone, and replicate this arrangement in other availability zones.", - "guid": "e514548d-2447-4ec6-9138-b8200f1ce16e", - "link": "https://learn.microsoft.com/azure/reliability/availability-zones-overview", - "service": "VM", - "severity": "Medium", - "text": "Leverage Availability Zones for your VMs in regions where they are supported", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Resiliency Review", - "description": "Use at least two VMs in Availability Sets to isolate VMs on different fault and update domains.", - "guid": "5a785d6f-e96c-496a-b884-4cf3b2b38c88", - "link": "https://learn.microsoft.com/azure/virtual-machines/availability-set-overview", - "service": "VM", - "severity": "Medium", - "text": "For regions that do not support Availability Zones deploy VMs into Availability Sets", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Resiliency Review", - "description": "Azure provides multiple options for VM redundancy to meet different requirements (Availability Zones, Virtual Machine Scale Sets, Availability Sets, Azure Site Recovery)", - "guid": "6ba2c021-4991-414a-9d3c-e574dccbd979", - "link": "https://learn.microsoft.com/azure/virtual-machines/availability", - "service": "VM", - "severity": "High", - "text": "Avoid running a production workload on a single VM", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Resiliency Review", - "description": "Azure Site Recovery enables you to achieve low RTO (Recovery Time Objective) for your Azure and hybrid VMs by providing continuous replication and failover capabilities.", - "guid": "2a6bcca2-b5fe-4a1e-af3d-d95d48c7c891", - "link": "https://learn.microsoft.com/azure/site-recovery/site-recovery-overview", - "service": "VM", - "severity": "High", - "text": "For Azure and on-premises VMs (Hyper-V/Phyiscal/VMware) with low RTO requirements use Azure Site Recovery", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Resiliency Review", - "description": "By using Capacity Reservations, you can effectively manage capacity for critical workloads, ensuring resource availability in specified regions.", - "guid": "bd7bb012-f7b9-45e0-9e15-8e3ea3992c2d", - "link": "https://learn.microsoft.com/azure/virtual-machines/capacity-reservation-overview", - "service": "VM", - "severity": "Low", - "text": "Use Capacity Reservations for critical workloads that require guaranteed capacity", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Resiliency Review", - "description": "By ensuring that the necessary quotas are increased in your DR region before testing failover with ASR, you can avoid any potential resource constraints during the recovery process for failed over VMs.", - "guid": "e6e2065b-3a76-4af4-a691-e8939ada4666", - "link": "https://learn.microsoft.com/azure/quotas/per-vm-quota-requests", - "service": "VM", - "severity": "Medium", - "text": "Increase quotas in DR region before testing failover with ASR", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Resiliency Review", - "description": "Scheduled Events is an Azure Metadata Service that provides information about upcoming maintenance events for virtual machines (VMs). By leveraging Scheduled Events, you can proactively prepare your applications for VM maintenance, minimizing disruption and improving the availability of your VMs.", - "guid": "6d3b475a-5c7a-4cbe-99bb-e64dd8902e87", - "link": "https://learn.microsoft.com/azure/virtual-machines/windows/scheduled-events", - "service": "VM", - "severity": "Low", - "text": "Utilize Scheduled Events to prepare for VM maintenance", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Resiliency Review", - "description": "Use Zone-redundant Storage (ZRS) in the primary region for scenarios that require high availability and for restricting replication to a particular country or region. For protection against regional disasters, use Geo-zone-redundant Storage (GZRS), which combines ZRS in the primary region with geo-replication to a secondary region?.", - "guid": "48c7c891-dcb1-4f7d-9769-ae568ba38d4a", - "link": "https://learn.microsoft.com/azure/storage/common/storage-redundancy", - "service": "Storage", - "severity": "Medium", - "text": "Choose the most appropriate data redundancy option for Azure Storage based on your requirements", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Resiliency Review", - "description": "Assigning a Delete lock to your storage account helps protect the availability of your data, minimizing the risk of disruptions to your business operations.", - "guid": "85e2213d-bd7b-4b01-8f7b-95e06e158e3e", - "link": "https://learn.microsoft.com/azure/storage/common/lock-account-resource", - "service": "Storage", - "severity": "Low", - "text": "Apply a Delete lock to prevent accidental or malicious deletion of storage accounts", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Resiliency Review", - "description": "Container soft delete protects your data from being accidentally deleted by maintaining the deleted data in the system for a specified period of time.", - "guid": "a3992c2d-e6e2-4065-a3a7-6af4a691e893", - "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-container-enable", - "service": "Storage", - "severity": "Low", - "text": "Enable soft delete for Storage Account Containers", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Storage/storageAccounts", - "checklist": "Resiliency Review", - "description": "Blob soft delete protects an individual blob and its versions, snapshots, and metadata from accidental deletes or overwrites by maintaining the deleted data in the system for a specified period of time.", - "guid": "9ada4666-7e13-4c10-96b9-153d89f89dc7", - "link": "https://learn.microsoft.com/azure/storage/blobs/soft-delete-blob-enable", - "service": "Storage", - "severity": "Low", - "text": "Enable soft delete for blobs", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.RecoveryServices/vaults", - "checklist": "Resiliency Review", - "description": "Azure Backup enhanced soft delete provides critical protection against ransomware attacks by retaining deleted backups, enabling recovery from potential ransomware encryption or deletion.", - "guid": "b44be3b1-a27f-48b9-b91b-e1038df03a82", - "link": "https://learn.microsoft.com/azure/backup/backup-azure-enhanced-soft-delete-about", - "service": "Backup", - "severity": "Medium", - "text": "Enable Azure Backup enhanced soft delete for improved data protection and recovery", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.RecoveryServices/vaults", - "checklist": "Resiliency Review", - "description": "Azure Backup's multi-user authorization enables fine-grained control over user access to backup resources, allowing you to restrict privileges and ensure proper authentication and authorization for backup operations.", - "guid": "2cd463cb-bbc8-4ac2-a9eb-c92a43da1dae", - "link": "https://learn.microsoft.com/azure/backup/multi-user-authorization-concept", - "service": "Backup", - "severity": "Low", - "text": "Implement multi-user authorization for Azure Backup to ensure secure and controlled access to backup resources", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.RecoveryServices/vaults", - "checklist": "Resiliency Review", - "description": "Azure Immutable Storage provides an additional layer of security by ensuring that backup data stored in the vault cannot be modified or deleted for a specified retention period. This helps safeguard your backups from ransomware attacks that may attempt to compromise or manipulate your backup data.", - "guid": "2cc88147-0607-4c1c-aa0e-614658dd458e", - "link": "https://learn.microsoft.com/azure/backup/backup-azure-immutable-vault-concept?source=recommendations&tabs=recovery-services-vault", - "service": "Backup", - "severity": "Low", - "text": "Implement Immutable Storage for your vaults to protect against ransomware and prevent unauthorized modifications to backups", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Network/dnsZones", - "checklist": "Resiliency Review", - "description": "To eliminate a single point of failure in your on-premises DNS services and ensure reliable DNS resolution during business continuity and disaster recovery scenarios, it is recommended to utilize Azure DNS Private Resolvers in multiple regions. By deploying two or more Azure DNS private resolvers across different regions, you can enable DNS failover and achieve resiliency in your DNS infrastructure.", - "guid": "43da1dae-2cc8-4814-9060-7c1cca0e6146", - "link": "https://learn.microsoft.com/azure/dns/tutorial-dns-private-resolver-failover", - "service": "DNS", - "severity": "Low", - "text": "Implement DNS Failover using Azure DNS Private Resolvers", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.PowerBI/gateways", - "checklist": "Resiliency Review", - "description": "Use an on-premises data gateway cluster to avoid single points of failure and to load balance traffic across gateways.", - "guid": "89f89dc7-b44b-4e3b-8a27-f8b9e91be103", - "link": "https://learn.microsoft.com/data-integration/gateway/service-gateway-high-availability-clusters", - "service": "Data Gateways", - "severity": "Medium", - "text": "Use on-premises data gateway clusters to ensure high availability for business-critical data", - "waf": "Reliability" - }, - { - "arm-service": "Microsoft.Compute/virtualMachines", - "checklist": "Resiliency Review", - "description": "When choosing the best option for deploying NVAs in Azure, it is crucial to consider the vendor's recommendations and validate that the specific design has been vetted and validated by the NVA vendor. The vendor should also provide the necessary NVA configuration for seamless integration in Azure.", - "guid": "8b1188b3-c6a4-46ce-a544-451e192d3442", - "link": "https://learn.microsoft.com/azure/architecture/reference-architectures/dmz/nva-ha", - "service": "NVA", - "severity": "High", - "text": "Deploy Network Virtual Appliances (NVAs) in a vendor supported configuration for High Availability", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "4620dc87-e948-4ce8-8426-f3e6e5d7bd85", - "link": "https://learn.microsoft.com/azure/sap/center-sap-solutions/overview", - "service": "SAP", - "severity": "Medium", - "text": "Azure Center for SAP solutions (ACSS) is an Azure offering that makes SAP a top-level workload on Azure. ACSS is an end-to-end solution that enables you to create and run SAP systems as a unified workload on Azure and provides a more seamless foundation for innovation. You can take advantage of the management capabilities for both new and existing Azure-based SAP systems.", - "training": "https://learn.microsoft.com/training/modules/explore-azure-center-sap-solutions/?source=recommendations", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "5d75e99d-624d-4afe-91d9-e17adc580790", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-platform-automation-and-devops", - "service": "SAP", - "severity": "Medium", - "text": "Azure supports automating SAP deployments in Linux and Windows. SAP Deployment Automation Framework is an open-source orchestration tool that can deploy, install, and maintain SAP environments.", - "training": "https://github.com/Azure/sap-automation", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "d17f6f39-a377-48a2-931f-5ead3ebe33a8", - "link": "https://learn.microsoft.com/azure/well-architected/sap/design-areas/data-platform", - "service": "SAP", - "severity": "Medium", - "text": "Perform a point-in-time recovery for your production databases at any point and in a time frame that meets your RTO; point-in-time recovery typically includes operator errors deleting data either on the DBMS layer or through SAP, incidentally", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "c4b8e117-930b-4dbd-ae50-7bc5faf6f91a", - "service": "SAP", - "severity": "Medium", - "text": "Test the backup and recovery times to verify that they meet your RTO requirements for restoring all systems simultaneously after a disaster.", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "b651423c-8552-42db-a545-5cb50c05527a", - "link": "https://learn.microsoft.com/azure/reliability/cross-region-replication-azure", - "service": "SAP", - "severity": "High", - "text": "You can replicate standard storage between paired regions, but you can't use standard storage to store your databases or virtual hard disks. You can replicate backups only between paired regions that you use. For all your other data, run your replication by using native DBMS features like SQL Server Always On or SAP HANA System Replication. Use a combination of Site Recovery, rsync or robocopy, and other third-party software for the SAP application layer.", - "training": "https://learn.microsoft.com/training/paths/ensure-business-continuity-implement-disaster-recovery/", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "aa208dca-784f-46c6-9014-cc919c542dc9", - "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-zones", - "service": "SAP", - "severity": "Medium", - "text": "When using Azure Availability Zones to achieve high availability, you must consider latency between SAP application servers and database servers. For zones with high latencies, operational procedures need to be in place to ensure that SAP application servers and database servers are running in the same zone at all times.", - "training": "https://learn.microsoft.com/training/modules/implement-high-availability-for-sap-workloads-azure/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "graph": "resources| where type =~ 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType =~ 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant", - "guid": "ba07c007-1f90-43e9-aa4f-601346b80352", - "link": "https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering", - "service": "SAP", - "severity": "High", - "text": "Set up ExpressRoute connections from on-premises to the primary and secondary Azure disaster recovery regions. Also, as an alternative to using ExpressRoute, consider setting up VPN connections from on-premises to the primary and secondary Azure disaster recovery regions.", - "training": "https://learn.microsoft.com/azure/expressroute/use-s2s-vpn-as-backup-for-expressroute-privatepeering", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "d2b30195-b11d-4a8f-a672-28b2b4169a7c", - "link": "https://learn.microsoft.com/azure/key-vault/general/disaster-recovery-guidance", - "service": "SAP", - "severity": "Low", - "text": "Replicate key vault contents like certificates, secrets, or keys across regions so you can decrypt data in the DR region.", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "05f1101d-250f-40e7-b2a1-b674ab50edbd", - "link": "https://learn.microsoft.com/azure/architecture/guide/sap/sap-s4hana", - "service": "SAP", - "severity": "Medium", - "text": "Peer the primary and disaster recovery virtual networks. For example, for HANA System Replication, an SAP HANA DB virtual network needs to be peered to the disaster recovery site's SAP HANA DB virtual network.", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "d3351bf7-628a-46de-917d-dfc11d3b6b40", - "link": "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-service-levels", - "service": "SAP", - "severity": "Low", - "text": "If you use Azure NetApp Files storage for your SAP deployments, at a minimum, create two Azure NetApp Files accounts in the Premium tier, in two regions.", - "training": "https://learn.microsoft.com/training/modules/choose-service-level-azure-netapp-files-hpc-applications/2-identify-decision-criteria", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "726a1d3e-5508-4a06-9d54-93f4b50040c1", - "link": "https://learn.microsoft.com/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows", - "service": "SAP", - "severity": "High", - "text": "Native database replication technology should be used to synchronize the database in a HA pair.", - "training": "https://learn.microsoft.com/training/modules/implement-disaster-recovery-for-sap-workloads-azure/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "graph": "resources | where type =~ 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\.|172\\.(1[6-9]|2[0-9]|3[01])\\.|192\\.168\\.)') | project id, compliant, cidr", - "guid": "6561f847-3db5-4ff8-9200-5ad3c3b436ad", - "link": "https://learn.microsoft.com/ja-jp/azure/virtual-network/virtual-networks-faq", - "service": "SAP", - "severity": "High", - "text": "The CIDR for the primary virtual network (VNet) shouldn't conflict or overlap with the CIDR of the DR site's VNet", - "training": "https://learn.microsoft.com/training/paths/azure-fundamentals-describe-azure-architecture-services/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "0258ed30-fe42-434f-87b9-58f91f908e0a", - "service": "SAP", - "severity": "High", - "text": "Use Site Recovery to replicate an application server to a DR site. Site Recovery can also help with replicating central-services cluster VMs to the DR site. When you invoke DR, you'll need to reconfigure the Linux Pacemaker cluster on the DR site (for example, replace the VIP or SBD, run corosync.conf, and more).", - "training": "https://learn.microsoft.com/training/paths/ensure-business-continuity-implement-disaster-recovery/", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "8300cb30-766b-4084-b126-0dd8fb1269a1", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-business-continuity-and-disaster-recovery", - "service": "SAP", - "severity": "High", - "text": "Consider the availability of SAP software against single points of failure. This includes single points of failure within applications such as DBMSs utilized in SAP NetWeaver and SAP S/4HANA architectures, SAP ABAP and ASCS + SCS. Also, other tools such as SAP Web Dispatcher.", - "training": "https://learn.microsoft.com/training/modules/implement-high-availability-for-sap-workloads-azure/2-explore-high-availability-disaster-recovery-support-azure-for-sap-workloads?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "56402f11-ccbe-42c3-a2f6-c6f6f38ab579", - "link": "https://learn.microsoft.com/azure/sap/workloads/planning-supported-configurations", - "service": "SAP", - "severity": "High", - "text": "For SAP and SAP databases, consider implementing automatic failover clusters. In Windows, Windows Server Failover Clustering supports failover. In Linux, Linux Pacemaker or third-party tools like SIOS Protection Suite and Veritas InfoScale support failover.", - "training": "https://learn.microsoft.com/training/modules/implement-ha-sap-netweaver-anydb/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "afae6bec-2671-49ae-bc69-140b8ec8d320", - "link": "https://learn.microsoft.com/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows", - "service": "SAP", - "severity": "High", - "text": "Azure doesn't support architectures in which the primary and secondary VMs share storage for DBMS data. For the DBMS layer, the common architecture pattern is to replicate databases at the same time and with different storage stacks than the ones that the primary and secondary VMs use.", - "training": "https://learn.microsoft.com/training/paths/ensure-business-continuity-implement-disaster-recovery/?source=recommendationshttps%3A%2F%2Flearn.microsoft.com%2Fja-jp%2Ftraining%2Fpaths%2Fensure-business-continuity-implement-disaster-recovery%2F%3Fsource%3Drecommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "ac614e95-6767-4bc3-b8a4-9953533da6ba", - "link": "https://learn.microsoft.com/azure/sap/workloads/dbms-guide-general", - "service": "SAP", - "severity": "High", - "text": "The DBMS data and transaction/redo log files are stored in Azure supported block storage or Azure NetApp Files. Azure Files or Azure Premium Files isn't supported as storage for DBMS data and/or redo log files with SAP workload.", - "training": "https://learn.microsoft.com/training/modules/explore-azure-databases/2-explore-database-support-azure-for-sap-workloads", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "1f737179-8e7f-4e1a-a30c-e5a649a3092b", - "link": "https://learn.microsoft.com/azure/sap/workloads/sap-high-availability-guide-wsfc-shared-disk", - "service": "SAP", - "severity": "High", - "text": "You can use Azure shared disks in Windows for ASCS + SCS components and specific high-availability scenarios. Set up your failover clusters separately for SAP application layer components and the DBMS layer. Azure doesn't currently support high-availability architectures that combine SAP application layer components and the DBMS layer into one failover cluster.", - "training": "https://learn.microsoft.com/training/modules/implement-ha-sap-netweaver-anydb/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "graph": "resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools =~ 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name =~ 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name =~ 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses))", - "guid": "a78b3d31-3170-44f2-b5d7-651a29f4ccf5", - "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-guide-standard-load-balancer-outbound-connections", - "service": "SAP", - "severity": "High", - "text": "Most failover clusters for SAP application layer components (ASCS) and the DBMS layer require a virtual IP address for a failover cluster. Azure Load Balancer should handle the virtual IP address for all other cases. One design principle is to use one load balancer per cluster configuration. We recommend that you use the standard version of the load balancer (Standard Load Balancer SKU).", - "training": "https://learn.microsoft.com/training/modules/implement-high-availability-for-sap-workloads-azure/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "1a541741-5833-4fb4-ae3c-2df743165c3a", - "link": "https://learn.microsoft.com/azure/load-balancer/load-balancer-ha-ports-overview?source=recommendations", - "service": "SAP", - "severity": "High", - "text": "Make sure the Floating IP is enabled on the Load balancer", - "training": "https://learn.microsoft.com/training/modules/load-balancing-non-https-traffic-azure/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "c47cc4f3-f105-452c-845e-9b307b3856c1", - "link": "https://learn.microsoft.com/azure/virtual-machines/availability", - "service": "SAP", - "severity": "High", - "text": "Before you deploy your high-availability infrastructure, and depending on the region you choose, determine whether to deploy with an Azure availability set or an availability zone.", - "training": "https://learn.microsoft.com/training/modules/configure-virtual-machine-availability/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "844f69c3-07e5-4ec1-bff7-4be27bcf5fea", - "link": "https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1", - "service": "SAP", - "severity": "High", - "text": "If you want to meet the infrastructure SLAs for your applications for SAP components (central services, application servers, and databases), you must choose the same high availability options (VMs, availability sets, availability zones) for all components.", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "cbe05bbe-209d-4490-ba47-778424d11678", - "link": "https://learn.microsoft.com/azure/virtual-machines/availability-set-overview", - "service": "SAP", - "severity": "High", - "text": "Do not mix servers of different roles in the same availability set. Keep central services VMs, database VMs, application VMs in their own availability sets", - "training": "https://learn.microsoft.com/training/modules/configure-virtual-machine-availability/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "f2201000-d045-40a6-a79a-d7cdc01b4d86", - "link": "https://learn.microsoft.com/azure/virtual-machines/co-location", - "service": "SAP", - "severity": "Medium", - "text": "You can't deploy Azure availability sets within an Azure availability zone unless you use proximity placement groups.", - "training": "https://learn.microsoft.com/azure/sap/workloads/proximity-placement-scenarios", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "9674e7c7-7796-4181-8920-09f4429543ba", - "link": "https://learn.microsoft.com/azure/virtual-machines/availability-set-overview", - "service": "SAP", - "severity": "High", - "text": "When you create availability sets, use the maximum number of fault domains and update domains available. For example, if you deploy more than two VMs in one availability set, use the maximum number of fault domains (three) and enough update domains to limit the effect of potential physical hardware failures, network outages, or power interruptions, in addition to Azure planned maintenance. The default number of fault domains is two, and you can't change it online later.", - "training": "https://learn.microsoft.com/training/modules/configure-virtual-machine-availability/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "ae4ecb95-b70f-428f-8b9a-4c5b7e3478a2", - "link": "https://learn.microsoft.com/azure/sap/workloads/proximity-placement-scenarios", - "service": "SAP", - "severity": "High", - "text": "When you use Azure proximity placement groups in an availability set deployment, all three SAP components (central services, application server, and database) should be in the same proximity placement group.", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "5d2fa56c-56ad-4484-88fe-72734c486ba2", - "link": "https://learn.microsoft.com/azure/sap/workloads/proximity-placement-scenarios", - "service": "SAP", - "severity": "High", - "text": "Use one proximity placement group per SAP SID. Groups don't span across Availability Zones or Azure regions", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "bca3b10e-0ff5-4aec-ac16-4c4bd1a1c13f", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-business-continuity-and-disaster-recovery", - "service": "SAP", - "severity": "High", - "text": "Use one of the following services to run SAP central services clusters, depending on the operating system.", - "training": "https://learn.microsoft.com/training/modules/implement-ha-sap-netweaver-anydb/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "ed46b937-913e-4018-9c62-8393ab037e53", - "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-guide-suse-multi-sid", - "service": "SAP", - "severity": "Medium", - "text": "Azure doesn't currently support combining ASCS and DB HA in the same Linux Pacemaker cluster; separate them into individual clusters. However, you can combine up to five multiple central-services clusters into a pair of VMs.", - "training": "https://learn.microsoft.com/training/modules/implement-ha-sap-netweaver-anydb/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "graph": "Resources | where type =~ 'Microsoft.Storage/storageAccounts' | where sku.name in~ ('Standard_LRS', 'Premium_LRS') | project name, id, tags, param1 = strcat('sku: ', sku.name)", - "guid": "f656e745-0cfb-453e-8008-0528fa21c933", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-business-continuity-and-disaster-recovery", - "service": "SAP", - "severity": "Medium", - "text": "Deploy both VMs in the high-availability pair in an availability set or in availability zones. These VMs should be the same size and have the same storage configuration.", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "7f684ebc-95da-425e-b329-e782dbed050f", - "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-guide-rhel-with-hana-ascs-ers-dialog-instance", - "service": "SAP", - "severity": "Medium", - "text": "Azure supports installing and configuring SAP HANA and ASCS/SCS and ERS instances on the same high availability cluster running on Red Hat Enterprise Linux (RHEL).", - "training": "https://learn.microsoft.com/training/modules/implement-ha-sap-netweaver-anydb/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "07991f7d-6598-4d90-9431-45c62605d3a5", - "link": "https://learn.microsoft.com/azure/sap/workloads/planning-guide-storage", - "service": "SAP", - "severity": "High", - "text": "Run all production systems on Premium managed SSDs and use Azure NetApp Files or Ultra Disk Storage. At least the OS disk should be on the Premium tier so you can achieve better performance and the best SLA.", - "training": "https://learn.microsoft.com/training/modules/explore-azure-storage/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "73cdaecc-7d74-48d8-a040-88416eebc98c", - "link": "https://learn.microsoft.com/azure/sap/workloads/hana-vm-operations-storage", - "service": "SAP", - "severity": "High", - "text": "You should run SAP HANA on Azure only on the types of storage that are certified by SAP. Note that certain volumes must be run on certain disk configurations, where applicable. These configurations include enabling Write Accelerator and using Premium storage. You also need to ensure that the file system that runs on storage is compatible with the DBMS that runs on the machine.", - "training": "https://learn.microsoft.com/azure/sap/workloads/hana-vm-premium-ssd-v1?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "51904867-a70e-4fa0-b4ff-3e6292846d7c", - "link": "https://learn.microsoft.com/azure/sap/workloads/disaster-recovery-overview-guide#storage", - "service": "SAP", - "severity": "High", - "text": "Consider configuring high availability depending on the type of storage you use for your SAP workloads. Some storage services available in Azure are not supported by Azure Site Recovery, so your high availability configuration may differ.", - "training": "https://learn.microsoft.com/training/modules/implement-disaster-recovery-for-sap-workloads-azure/2-explore-disaster-recovery-sap-workloads", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "1ac2d928-c9b7-42c6-ba18-23b1aea78693", - "link": "https://azure.microsoft.com/ja-jp/explore/global-infrastructure/products-by-region/", - "service": "SAP", - "severity": "High", - "text": "Different native Azure storage services (like Azure Files, Azure NetApp Files, Azure Shared Disk) may not be available in all regions. So to have similar SAP setup on the DR region after failover, ensure the respective storage service is offered in DR site.", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "925d1f8c-01f3-4a67-948e-aabf0a1fad60", - "link": "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/optimize-your-azure-costs-by-automating-sap-system-start-stop/ba-p/2120675", - "service": "SAP", - "severity": "Medium", - "text": "Automate SAP System Start-Stop to manage costs.", - "waf": "Cost" - }, - { - "checklist": "SAP Checklist", - "guid": "71dc00cd-4392-4262-8949-20c05e6c0333", - "link": "https://learn.microsoft.com/azure/sap/workloads/hana-vm-premium-ssd-v1", - "service": "SAP", - "severity": "Low", - "text": "In the case of using Azure Premium Storage with SAP HANA, Azure Standard SSD storage can be used to select a cost-conscious storage solution. However, please note that choosing Standard SSD or Standard HDD Azure storage will affect the SLA of the individual VMs. Also, for systems with lower I/O throughput and low latency, such as non-production environments, lower series VMs can be used.", - "waf": "Cost" - }, - { - "checklist": "SAP Checklist", - "guid": "9877f353-2591-4e8b-8381-e9043fed1010", - "link": "https://learn.microsoft.com/azure/sap/workloads/hana-vm-premium-ssd-v1", - "service": "SAP", - "severity": "Low", - "text": "As a lower-cost alternative configuration (multipurpose), you can choose a low-performance SKU for your non-production HANA database server VMs. However, it is important to note that some VM types, such as E-series, are not HANA certified (SAP HANA Hardware Directory) or cannot achieve storage latency of less than 1ms.", - "waf": "Cost" - }, - { - "checklist": "SAP Checklist", - "graph": "resources | where type =~ 'microsoft.aad/domainservices' | extend replicaSets = properties.replicaSets | where array_length(replicaSets) < 2 | project name=name, id=id, tags=tags, param1=strcat('replicaSetLocation:', replicaSets[0].location)", - "guid": "fda1dbf3-dc95-4d48-a7c7-91dca0f6c565", - "link": "https://learn.microsoft.com/azure/well-architected/sap/design-areas/security", - "service": "SAP", - "severity": "High", - "text": "Enforce a RBAC model for management groups, subscriptions, resource groups and resources", - "training": "https://learn.microsoft.com/training/paths/implement-resource-mgmt-security/", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "45911475-e39e-4530-accc-d979366bcda2", - "link": "https://learn.microsoft.com/azure/active-directory/fundamentals/scenario-azure-first-sap-identity-integration", - "service": "SAP", - "severity": "Medium", - "text": "Enforce Principal propagation for forwarding the identity from SAP cloud application to SAP on-premises (Including IaaS) through cloud connector", - "training": "https://learn.microsoft.com/training/modules/explore-identity-services/2-explore-azure-virtual-machine-auth-access-control", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "750ab1ab-039d-495d-94c7-c8929cb107d5", - "link": "https://learn.microsoft.com/azure/active-directory/fundamentals/scenario-azure-first-sap-identity-integration", - "service": "SAP", - "severity": "Medium", - "text": "Implement SSO to SAP SaaS applications like SAP Analytics Cloud, SAP Cloud Platform, Business by design, SAP Qualtrics and SAP C4C with Azure AD using SAML.", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "325ae525-ba34-4d46-a5e2-213ace7bb122", - "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-netweaver-tutorial", - "service": "SAP", - "severity": "Medium", - "text": "Implement SSO to SAP NetWeaver-based web applications like SAP Fiori and SAP Web GUI by using SAML.", - "training": "https://learn.microsoft.com/training/modules/explore-identity-services/8-exercise-integrate-azure-active-directory-sap-netweaver", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "9eb54dad-7861-4e1c-973a-f3bb003fc9c1", - "service": "SAP", - "severity": "Medium", - "text": "Implement SSO to SAP NetWeaver-based web applications like SAP Fiori and SAP Web GUI by using SAML.", - "training": "https://learn.microsoft.com/training/modules/explore-identity-services/6-exercise-integrate-azure-active-directory-sap-fiori", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "f29676ef-0c9c-4c4d-ab21-a55504c0c829", - "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-netweaver-tutorial", - "service": "SAP", - "severity": "Medium", - "text": "You can implement SSO to SAP GUI by using SAP NetWeaver SSO or a partner solution.", - "training": "https://learn.microsoft.com/training/modules/explore-identity-services/8-exercise-integrate-azure-active-directory-sap-netweaver", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "23181aa4-1742-4694-9ff8-ae7d7d474317", - "service": "SAP", - "severity": "Medium", - "text": "For SSO for SAP GUI and web browser access, implement SNC / Kerberos/SPNEGO (simple and protected GSSAPI negotiation mechanism) due to its ease of configuration and maintenance. For SSO with X.509 client certificates, consider the SAP Secure Login Server, which is a component of the SAP SSO solution.", - "training": "https://learn.microsoft.com/training/modules/explore-identity-services/9-exercise-integrate-active-directory-sap-single-sign-on", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "6c8bcbf4-5bbe-4609-b8a0-3e97778424d6", - "link": "https://blogs.sap.com/2017/07/12/sap-single-sign-on-protect-your-sap-landscape-with-x.509-certificates/", - "service": "SAP", - "severity": "Medium", - "text": "For SSO for SAP GUI and web browser access, implement SNC / Kerberos/SPNEGO (simple and protected GSSAPI negotiation mechanism) due to its ease of configuration and maintenance. For SSO with X.509 client certificates, consider the SAP Secure Login Server, which is a component of the SAP SSO solution.", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "16785d6f-a96c-496a-b885-18f482734c88", - "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-netweaver-tutorial#configure-sap-netweaver-for-oauth", - "service": "SAP", - "severity": "Medium", - "text": "Implement SSO by using OAuth for SAP NetWeaver to allow third-party or custom applications to access SAP NetWeaver OData services.", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "a747c350-8d4c-449c-93af-393dbca77c48", - "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/saphana-tutorial", - "service": "SAP", - "severity": "Medium", - "text": "Implement SSO to SAP HANA", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "c7bae5bf-daf9-4761-9c56-f92891890aa4", - "link": "https://learn.microsoft.com/azure/sap/workloads/rise-integration#connectivity-with-sap-rise", - "service": "SAP", - "severity": "Medium", - "text": "Consider Azure AD an identity provider for SAP systems hosted on RISE. For more information, see Integrating the Service with Azure AD.", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "e4e48226-ce54-44b6-bb6b-bfa15bd8f753", - "link": "https://github.com/azuredevcollege/SAP/blob/master/sap-oauth-saml-flow/README.md", - "service": "SAP", - "severity": "Medium", - "text": "For applications that access SAP, you might want to use principal propagation to establish SSO.", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "59921095-4980-4fc1-a5b6-524a5a560c79", - "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-hana-cloud-platform-identity-authentication-tutorial", - "service": "SAP", - "severity": "Medium", - "text": "If you're using SAP BTP services or SaaS solutions that require SAP Identity Authentication Service (IAS), consider implementing SSO between SAP Cloud Identity Authentication Services and Azure AD to access those SAP services. This integration lets SAP IAS act as a proxy identity provider and forwards authentication requests to Azure AD as the central user store and identity provider.", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "a709c664-317e-41e4-9e34-67d9016a86f4", - "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-hana-cloud-platform-tutorial", - "service": "SAP", - "severity": "Medium", - "text": "Implement SSO to SAP BTP", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "01f11b7f-38df-4251-9c76-4dec19abd3e8", - "link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-successfactors-inbound-provisioning-cloud-only-tutorial", - "service": "SAP", - "severity": "Medium", - "text": "If you're using SAP SuccessFactors, consider using the Azure AD automated user provisioning. With this integration, as you add new employees to SAP SuccessFactors, you can automatically create their user accounts in Azure AD. Optionally, you can create user accounts in Microsoft 365 or other SaaS applications that are supported by Azure AD. Use write-back of the email address to SAP SuccessFactors.", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "description": "Keep your management group hierarchy reasonably flat, no more than four.", - "graph": "resourcecontainers| where type =~ 'microsoft.resources/subscriptions'| extend ManagementGroup = tostring(tags),mgmtChain = properties.managementGroupAncestorsChain| extend compliant =( array_length(mgmtChain) <= 4 and array_length(mgmtChain) > 1)", - "guid": "6ba28021-4591-4147-9e39-e5309cccd979", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups", - "service": "SAP", - "severity": "Medium", - "text": "enforce existing Management Group policies to SAP Subscriptions", - "training": "https://learn.microsoft.com/training/modules/enterprise-scale-organization/4-management-group-subscription-organization", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "graph": "Resources | summarize count()", - "guid": "366bcda2-750a-4b1a-a039-d95d54c7c892", - "link": "https://learn.microsoft.com/azure/architecture/guide/sap/sap-whole-landscape", - "service": "SAP", - "severity": "High", - "text": "Integrate tightly coupled applications into the same SAP subscription to avoid additional routing and management complexity", - "training": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-subscriptions", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "graph": "Resources | where type contains 'publicIPAddresses' and isnotempty(properties.ipAddress) | summarize count () by subscriptionId", - "guid": "9cb107d5-325a-4e52-9ba3-4d4685e2213a", - "link": "https://learn.microsoft.com/azure/architecture/guide/sap/sap-whole-landscape", - "service": "SAP", - "severity": "High", - "text": "Leverage Subscription as scale unit and scaling our resources, consider deploying subscription per environment eg. Sandbox, non-prod, prod ", - "training": "https://learn.microsoft.com/training/modules/configure-subscriptions/?source=recommendations", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "graph": "QuotaResources | where type =~ 'microsoft.compute/locations/usages' | where subscriptionId in~ ('','') | mv-expand json = properties.value limit 400 | extend usagevCPUs = json.currentValue, QuotaLimit = json['limit'], quotaName = tostring(json['name'].localizedValue) | extend usagePercent = toint(usagevCPUs)*100 / toint(QuotaLimit) |where quotaName =~ 'Total Regional vCPUs' or quotaName =~ 'Total Regional Low-priority vCPUs' |project subscriptionId,quotaName,usagevCPUs,QuotaLimit,usagePercent,location,['json'] | order by ['usagePercent'] desc", - "guid": "ce7bb122-f7c9-45f0-9e15-4e3aa3592829", - "link": "https://learn.microsoft.com/azure/quotas/quotas-overview", - "service": "SAP", - "severity": "High", - "text": "Ensure quota increase as a part of subscription provisioning (e.g. total available VM cores within a subscription)", - "training": "https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "ce4fab2f-433a-4d59-a5a9-3d1032e03ebc", - "link": "https://learn.microsoft.com/rest/api/reserved-vm-instances/quotaapi?branch=capacity", - "service": "SAP", - "severity": "Low", - "text": "The Quota API is a REST API that you can use to view and manage quotas for Azure services. Consider using it if necessary.", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "cbfad17b-f240-42bf-a1d8-f4f4cee661c8", - "link": "https://learn.microsoft.com/azure/quotas/quickstart-increase-quota-portal", - "service": "SAP", - "severity": "High", - "text": "If deploying to an availability zone, ensure that the VM's zone deployment is available once the quota has been approved. Submit a support request with the subscription, VM series, number of CPUs and availability zone required.", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "e6e20617-3686-4af4-9791-f8935ada4332", - "link": "https://azure.microsoft.com/explore/global-infrastructure/products-by-region/", - "service": "SAP", - "severity": "High", - "text": "Ensure required services and features are available within the chosen deployment regions eg. ANF , Zone etc.", - "training": "https://learn.microsoft.com/azure/cloud-adoption-framework/migrate/azure-best-practices/multiple-regions?source=recommendations", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "graph": "resources | extend compliant = isnotnull(['tags']) | project name, id, subscriptionId, resourceGroup, tags, compliant", - "guid": "4e138115-2318-41aa-9174-26943ff8ae7d", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-resource-organization", - "service": "SAP", - "severity": "Medium", - "text": "Leverage Azure resource tag for cost categorization and resource grouping (: BillTo, Department (or Business Unit), Environment (Production, Stage, Development), Tier (Web Tier, Application Tier), Application Owner, ProjectName)", - "training": "https://learn.microsoft.com/training/paths/implement-resource-mgmt-security/", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "2f7c95f0-6e15-44e3-aa35-92829e6e2061", - "link": "https://learn.microsoft.com/azure/backup/sap-hana-database-about", - "service": "SAP", - "severity": "High", - "text": "Help protect your HANA database by using the Azure Backup service.", - "training": "https://learn.microsoft.com/training/modules/implement-azure-backup-sap-workloads-azure-virtual-machines/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "302a2fbf-3745-4a5f-a365-c9d1a16ca22c", - "link": "https://learn.microsoft.com/azure/azure-netapp-files/azacsnap-introduction", - "service": "SAP", - "severity": "Medium", - "text": "If you deploy Azure NetApp Files for your HANA, Oracle, or DB2 database, use the Azure Application Consistent Snapshot tool (AzAcSnap) to take application-consistent snapshots. AzAcSnap also supports Oracle databases. Consider using AzAcSnap on a central VM rather than on individual VMs.", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "42d37218-a3a7-45df-bff6-1173e7f249ea", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-management-and-monitoring", - "service": "SAP", - "severity": "High", - "text": "Ensure time-zone matches between the operating system and the SAP system.", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "c3c7abc0-716c-4486-893c-40e181d65539", - "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-guide-rhel-multi-sid", - "service": "SAP", - "severity": "Medium", - "text": "Don't group different application services in the same cluster. For example, don't combine DRBD and central services clusters on the same cluster. However, you can use the same Pacemaker cluster to manage approximately five different central services (multi-SID cluster).", - "training": "https://learn.microsoft.com/training/modules/implement-ha-sap-netweaver-anydb/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "a491dfc4-9353-4213-9217-eef0949f9467", - "link": "https://azure.microsoft.com/pricing/offers/dev-test/", - "service": "SAP", - "severity": "Low", - "text": "Consider running dev/test systems in a snooze model to save and optimize Azure run costs.", - "waf": "Cost" - }, - { - "checklist": "SAP Checklist", - "guid": "b7056168-6199-4732-a514-cdbb2d5c9c54", - "link": "https://learn.microsoft.com/azure/lighthouse/overview", - "service": "SAP", - "severity": "Medium", - "text": "If you partner with customers by managing their SAP estates, consider Azure Lighthouse. Azure Lighthouse allows managed service providers to use Azure native identity services to authenticate to the customers' environment. It puts the control in the hands of customers, because they can revoke access at any time and audit service providers' actions.", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "4d116785-d2fa-456c-96ad-48408fe72734", - "link": "https://learn.microsoft.com/azure/update-manager/scheduled-patching?tabs=schedule-updates-single-machine%2Cschedule-updates-scale-overview", - "service": "SAP", - "severity": "Medium", - "text": "Use Azure Update Manager to check the status of available updates for a single VM or multiple VMs and consider scheduling regular patching.", - "training": "https://learn.microsoft.com/training/modules/keep-your-virtual-machines-updated/?source=recommendations", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "76c8bcbf-45bb-4e60-ad8a-03e97778424d", - "link": "https://learn.microsoft.com/azure/sap/workloads/lama-installation", - "service": "SAP", - "severity": "Low", - "text": "Optimize and manage SAP Basis operations by using SAP Landscape Management (LaMa). Use the SAP LaMa connector for Azure to relocate, copy, clone, and refresh SAP systems.", - "training": "https://learn.microsoft.com/training/modules/explore-azure-remote-management/?source=recommendations", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "14591147-5e39-4e53-89cc-cd979366bcda", - "link": "https://learn.microsoft.com/azure/sap/monitor/about-azure-monitor-sap-solutions", - "service": "SAP", - "severity": "Medium", - "text": "Use Azure Monitor for SAP solutions to monitor your SAP workloads(SAP HANA, high-availability SUSE clusters, and SQL systems) on Azure. Consider supplementing Azure Monitor for SAP solutions with SAP Solution Manager.", - "training": "https://learn.microsoft.com/training/modules/implement-azure-monitoring-sap-workloads-azure-virtual-machines/?source=recommendations", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "2750ab1a-b039-4d95-b54c-7c8929cb107d", - "link": "https://learn.microsoft.com/azure/sap/workloads/vm-extension-for-sap", - "service": "SAP", - "severity": "High", - "text": "Run a VM Extension for SAP check. VM Extension for SAP uses the assigned managed identity of a virtual machine (VM) to access VM monitoring and configuration data. The check ensures that all performance metrics in your SAP application come from the underlying Azure Extension for SAP.", - "training": "https://learn.microsoft.com/training/modules/configure-azure-enhanced-monitoring-extension-for-sap/?source=recommendations", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "5325ae52-5ba3-44d4-985e-2213ace7bb12", - "link": "https://learn.microsoft.com/azure/azure-monitor/logs/design-logs-deployment", - "service": "SAP", - "severity": "Medium", - "text": "Use Azure Policy for access control and compliance reporting. Azure Policy provides the ability to enforce organization-wide settings to ensure consistent policy adherence and fast violation detection. ", - "training": "https://learn.microsoft.com/learn/paths/architect-infrastructure-operations/", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "523181aa-4174-4269-93ff-8ae7d7d47431", - "link": "https://learn.microsoft.com/azure/network-watcher/connection-monitor-overview", - "service": "SAP", - "severity": "Medium", - "text": "Use Connection Monitor in Azure Network Watcher to monitor latency metrics for SAP databases and application servers. Or collect and display network latency measurements by using Azure Monitor.", - "training": "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/collecting-and-displaying-niping-network-latency-measurements/ba-p/1833979", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "73686af4-6791-4f89-95ad-a43324e13811", - "link": "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck", - "service": "SAP", - "severity": "Medium", - "text": "Perform a quality check for SAP HANA on the provisioned Azure infrastructure to verify that provisioned VMs comply with SAP HANA on Azure best practices.", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "616785d6-fa96-4c96-ad88-518f482734c8", - "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-zones", - "service": "SAP", - "severity": "High", - "text": "For each Azure subscription, run a latency test on Azure availability zones before zonal deployment to choose low-latency zones for deployment of SAP on Azure.", - "training": "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/AvZone-Latency-Test", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "410adcba-db46-424f-a6c4-05ecde75c52e", - "link": "https://learn.microsoft.com/azure/advisor/advisor-how-to-improve-reliability", - "service": "SAP", - "severity": "Medium", - "text": "Run the Resiliency Report to ensure that the configuration of the entire provisioned Azure infrastructure (Compute, Database, Networking, Storage, Site Recovery) complies with the configuration defined by Cloud Adaption Framework for Azure.", - "training": "https://learn.microsoft.com/training/paths/azure-well-architected-framework/", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "86ba2802-1459-4114-95e3-9e5309cccd97", - "link": "https://learn.microsoft.com/azure/sentinel/sap/deployment-overview", - "service": "SAP", - "severity": "Medium", - "text": "Implement threat protection by using the Microsoft Sentinel solution for SAP. Use this solution to monitor your SAP systems and detect sophisticated threats throughout the business logic and application layers.", - "training": "https://learn.microsoft.com/training/modules/plan-microsoft-sentinel-deployment-sap/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "graph": "resources | extend compliant = isnotnull(['tags']) | project name, id, subscriptionId, resourceGroup, tags, compliant", - "guid": "579266bc-ca27-45fa-a1ab-fe9d55d04c3c", - "link": "https://learn.microsoft.com/azure/cost-management-billing/costs/enable-tag-inheritance", - "service": "SAP", - "severity": "Medium", - "text": "Azure tagging can be leveraged to logically group and track resources, automate their deployments, and most importantly, provide visibility on the incurred costs.", - "training": "https://learn.microsoft.com/training/modules/analyze-costs-create-budgets-azure-cost-management/?source=recommendations", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "04b8e5e5-13cb-4b22-af62-5a8ecfcf0337", - "link": "https://learn.microsoft.com/azure/virtual-network/virtual-network-test-latency?tabs=windows", - "service": "SAP", - "severity": "Low", - "text": "Use inter-VM latency monitoring for latency-sensitive applications.", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "07e5ed53-3d96-43d8-87ea-631b77da5aba", - "link": "https://learn.microsoft.com/azure/sap/workloads/planning-guide-storage", - "service": "SAP", - "severity": "Medium", - "text": "Use Azure Site Recovery monitoring to maintain the health of the disaster recovery service for SAP application servers.", - "training": "https://learn.microsoft.com/training/modules/explore-azure-storage/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "abb6af9c-982c-4cf1-83fb-329fafd1ee56", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-management-and-monitoring", - "service": "SAP", - "severity": "Medium", - "text": "Exclude all the database file systems and executable programs from antivirus scans. Including them could lead to performance problems. Check with the database vendors for prescriptive details on the exclusion list. For example, Oracle recommends excluding /oracle//sapdata from antivirus scans.", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "c027f893-f404-41a9-b33d-39d625a14964", - "link": "https://sapit-forme-prod.authentication.eu11.hana.ondemand.com/login", - "service": "SAP", - "severity": "Low", - "text": "Consider collecting full database statistics for non-HANA databases after migration. For example, implement SAP note 1020260 - Delivery of Oracle statistics.", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "fdafb1f5-3eee-4354-a8c9-deb8127ebc2e", - "link": "https://learn.microsoft.com/azure/virtual-machines/workloads/oracle/configure-oracle-asm", - "service": "SAP", - "severity": "Medium", - "text": "Consider using Oracle Automatic Storage Management (ASM) for all Oracle deployments that use SAP on Azure.", - "training": "https://learn.microsoft.com/training/paths/administer-infrastructure-resources-in-azure/?source=recommendations", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "33c5d5bf-daf3-4f0d-bd50-6010fdcec22e", - "link": "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/announcement-sap-on-azure-oracle-performance-efficiency-scripts/ba-p/3725178", - "service": "SAP", - "severity": "Medium", - "text": "For SAP on Azure running Oracle, a collection of SQL scripts can help you diagnose performance problems. Automatic Workload Repository (AWR) reports contain valuable information for diagnosing problems in the Oracle system. We recommend that you run an AWR report during several sessions and choose peak times for it, to ensure broad coverage for the analysis.", - "training": "https://learn.microsoft.com/ja-jp/azure/well-architected/oracle-iaas/performance-efficiency", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "d89fd98d-23e4-4b40-a92e-32db9365522c", - "link": "https://learn.microsoft.com/azure/site-recovery/site-recovery-monitor-and-troubleshoot", - "service": "SAP", - "severity": "High", - "text": "Use Azure Site Recovery monitoring to maintain the health of the disaster recovery service for SAP application servers.", - "training": "https://learn.microsoft.com/training/modules/protect-on-premises-infrastructure-with-azure-site-recovery/?source=recommendations", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "5ba34d46-85e2-4213-ace7-bb122f7c95f0", - "link": "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview", - "service": "SAP", - "severity": "Medium", - "text": "For secure delivery of HTTP/S apps, use Application Gateway v2 and ensure that WAF protection and policies are enabled.", - "training": "https://learn.microsoft.com/training/modules/introduction-azure-web-application-firewall/", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "fa9d30bc-1b82-4e4b-bfdf-6b017938b9e6", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-network-topology-and-connectivity", - "service": "SAP", - "severity": "Medium", - "text": "If the virtual machine's DNS or virtual name is not changed during migration to Azure, Background DNS and virtual names connect many system interfaces in the SAP landscape, and customers are only sometimes aware of the interfaces that developers define over time. Connection challenges arise between various systems when virtual or DNS names change after migrations, and it's recommended to retain DNS aliases to prevent these types of difficulties.", - "training": "https://learn.microsoft.com/training/modules/explore-azure-networking/4-explore-name-resolution", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "a2858f78-105b-4f52-b7a9-5b0f4439743b", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-network-topology-and-connectivity", - "service": "SAP", - "severity": "Medium", - "text": "Use different DNS zones to distinguish each environment (sandbox, development, preproduction, and production) from each other. The exception is for SAP deployments with their own VNet; here, private DNS zones might not be necessary.", - "training": "https://learn.microsoft.com/training/modules/explore-azure-networking/4-explore-name-resolution", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "description": "When configuring VNet peering, use the Allow traffic to remote virtual networks setting.", - "graph": "resources | where type =~ 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess =~ True)", - "guid": "a3592829-e6e2-4061-9368-6af46791f893", - "link": "https://learn.microsoft.com/azure/virtual-network/virtual-network-peering-overview", - "service": "SAP", - "severity": "Medium", - "text": "Local and global VNet peering provide connectivity and are the preferred approaches to ensure connectivity between landing zones for SAP deployments across multiple Azure regions", - "training": "https://learn.microsoft.com/training/modules/configure-vnet-peering/?source=recommendations", - "waf": "Reliability" - }, - { - "checklist": "SAP Checklist", - "guid": "41742694-3ff8-4ae7-b7d4-743176c8bcbf", - "link": "https://learn.microsoft.com/azure/sap/workloads/planning-guide", - "service": "SAP", - "severity": "High", - "text": "It is not supported to deploy any NVA between SAP application and SAP Database server", - "training": "https://me.sap.com/notes/2731110", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "graph": "resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic =~ 'true') | distinct id,compliant", - "guid": "7d4bc7d2-c34a-452e-8f1d-6ae3c8eafcc3", - "link": "https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/?source=recommendations", - "service": "SAP", - "severity": "Medium", - "text": "Use Virtual WAN for Azure deployments in new, large, or global networks where you need global transit connectivity across Azure regions and on-premises locations. With this approach, you won't need to manually set up transitive routing for Azure networking, and you can follow a standard for SAP on Azure deployments.", - "training": "https://learn.microsoft.com/azure/virtual-wan/virtual-wan-about", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "0cedb1f6-ae6c-492b-8b17-8061f50b16d3", - "link": "https://learn.microsoft.com/azure/well-architected/services/networking/network-virtual-appliances/reliability", - "service": "SAP", - "severity": "Medium", - "text": "Consider deploying network virtual appliances (NVAs) between regions only if partner NVAs are used. NVAs between regions or VNets aren't required if native NVAs are present. When you're deploying partner networking technologies and NVAs, follow the vendor's guidance to verify conflicting configurations with Azure networking.", - "training": "https://learn.microsoft.com/training/modules/control-network-traffic-flow-with-routes/?source=recommendations", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "facc08c6-ea95-4641-91cd-fa09e573adbd", - "link": "https://learn.microsoft.com/azure/architecture/networking/hub-spoke-vwan-architecture", - "service": "SAP", - "severity": "Medium", - "text": "Virtual WAN manages connectivity between spoke VNets for virtual-WAN-based topologies (no need to set up user-defined routing [UDR] or NVAs), and maximum network throughput for VNet-to-VNet traffic in the same virtual hub is 50 gigabits per second. If necessary, SAP landing zones can use VNet peering to connect to other landing zones and overcome this bandwidth limitation.", - "training": "https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/?source=recommendations", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "graph": "Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az)", - "guid": "82734c88-6ba2-4802-8459-11475e39e530", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing", - "service": "SAP", - "severity": "High", - "text": "Public IP assignment to VM running SAP Workload is not recommended.", - "training": "https://learn.microsoft.com/training/modules/design-ip-addressing-for-azure/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "graph": "Resources | where type contains 'publicIPAddresses' and isnotempty(properties.ipAddress) | summarize count () by subscriptionId", - "guid": "9cccd979-366b-4cda-8750-ab1ab039d95d", - "link": "https://learn.microsoft.com/training/modules/protect-on-premises-infrastructure-with-azure-site-recovery/?source=recommendations", - "service": "SAP", - "severity": "High", - "text": "Consider reserving IP address on DR side when configuring ASR", - "training": "https://learn.microsoft.com/learn/paths/architect-network-infrastructure/", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "54c7c892-9cb1-407d-9325-ae525ba34d46", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing", - "service": "SAP", - "severity": "High", - "text": "Avoid using overlapping IP address ranges for production and DR sites.", - "training": "https://learn.microsoft.com/training/modules/design-ip-addressing-for-azure/?source=recommendations", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "6e154e3a-a359-4282-ae6e-206173686af4", - "link": "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-delegate-subnet", - "service": "SAP", - "severity": "Medium", - "text": "While Azure does help you to create multiple delegated subnets in a VNet, only one delegated subnet can exist in a VNet for Azure NetApp Files. Attempts to create a new volume will fail if you use more than one delegated subnet for Azure NetApp Files.", - "training": "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-network-topologies?source=recommendations", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "graph": "resources | where type=~'microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant", - "guid": "d8a03e97-7784-424d-9167-85d6fa96c96a", - "link": "https://learn.microsoft.com/azure/well-architected/services/networking/azure-firewall?toc=%2Fazure%2Ffirewall%2Ftoc.json&bc=%2Fazure%2Ffirewall%2Fbreadcrumb%2Ftoc.json", - "service": "SAP", - "severity": "Medium", - "text": "Use Azure Firewall to govern Azure outbound traffic to the internet, non-HTTP/S inbound connections, and East/West traffic filtering (if the organization requires it)", - "training": "https://learn.microsoft.com/training/paths/secure-networking-infrastructure/", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "91a65e40-be90-45b3-9f73-f3edbf8dc324", - "link": "https://learn.microsoft.com/azure/sap/workloads/expose-sap-process-orchestration-on-azure", - "service": "SAP", - "severity": "Medium", - "text": "Application Gateway and Web Application Firewall have limitations when Application Gateway serves as a reverse proxy for SAP web apps, as shown in the comparison between Application Gateway, SAP Web Dispatcher, and other third-party services.", - "training": "https://help.sap.com/docs/SUPPORT_CONTENT/si/3362959506.html", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "5e39e530-9ccc-4d97-a366-bcda2750ab1a", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview", - "service": "SAP", - "severity": "Medium", - "text": "Use Azure Front Door and WAF policies to provide global protection across Azure regions for inbound HTTP/S connections to a landing zone.", - "training": "https://learn.microsoft.com/training/paths/secure-application-delivery/", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "b039d95d-54c7-4c89-89cb-107d5325ae52", - "link": "https://learn.microsoft.com/azure/web-application-firewall/afds/afds-overview", - "service": "SAP", - "severity": "Medium", - "text": "Take advantage of Web Application Firewall policies in Azure Front Door when you're using Azure Front Door and Application Gateway to protect HTTP/S applications. Lock down Application Gateway to receive traffic only from Azure Front Door.", - "training": "https://learn.microsoft.com/training/modules/introduction-azure-web-application-firewall/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "5ada4332-4e13-4811-9231-81aa41742694", - "link": "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview", - "service": "SAP", - "severity": "Medium", - "text": "Use a web application firewall to scan your traffic when it's exposed to the internet. Another option is to use it with your load balancer or with resources that have built-in firewall capabilities like Application Gateway or third-party solutions.", - "training": "https://learn.microsoft.com/training/modules/introduction-azure-web-application-firewall/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "e73de7d5-6f36-4217-a526-e1a621ecddde", - "link": "https://learn.microsoft.com/azure/frontdoor/front-door-overview", - "service": "SAP", - "severity": "Medium", - "text": "Use Virtual WAN for Azure deployments in new, large, or global networks where you need global transit connectivity across Azure regions and on-premises locations. With this approach, you won't need to manually set up transitive routing for Azure networking, and you can follow a standard for SAP on Azure deployments.", - "training": "https://learn.microsoft.com/training/modules/explore-azure-networking/10-explore-azure-front-door", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "3c536a3e-1b6b-4e87-95ca-15edb47251c0", - "link": "https://learn.microsoft.com/azure/virtual-network/vnet-integration-for-azure-services", - "service": "SAP", - "severity": "Medium", - "text": "To prevent data leakage, use Azure Private Link to securely access platform as a service resources like Azure Blob Storage, Azure Files, Azure Data Lake Storage Gen2, Azure Data Factory, and more. Azure Private Endpoint can also help to secure traffic between VNets and services like Azure Storage, Azure Backup, and more. Traffic between your VNet and the Private Endpoint enabled service travels across the Microsoft global network, which prevents its exposure to the public internet.", - "training": "https://learn.microsoft.com/training/modules/design-implement-private-access-to-azure-services/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "graph": "Resources | where type =~ 'Microsoft.Network/NetworkInterfaces' | where properties.enableAcceleratedNetworking =~ 'false' | project name, subscriptionId, properties.enableAcceleratedNetworking", - "guid": "85e2213a-ce7b-4b12-8f7c-95f06e154e3a", - "link": "https://learn.microsoft.com/azure/virtual-network/accelerated-networking-overview?tabs=redhat", - "service": "SAP", - "severity": "High", - "text": "Make sure that Azure accelerated networking is enabled on the VMs used in the SAP application and DBMS layers.", - "training": "https://learn.microsoft.com/training/paths/azure-fundamentals-describe-azure-architecture-services/?source=recommendations", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "3ff8ae7d-7d47-4431-96c8-bcbf45bbe609", - "link": "https://learn.microsoft.com/azure/load-balancer/load-balancer-multivip-overview", - "service": "SAP", - "severity": "Medium", - "text": "Make sure that internal deployments for Azure Load Balancer are set up to use Direct Server Return (DSR). This setting (Enabling Floating IP) will reduce latency when internal load balancer configurations are used for high-availability configurations on the DBMS layer.", - "training": "https://learn.microsoft.com/ja-jp/training/modules/load-balancing-non-https-traffic-azure/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "graph": "Resources | where type =~ 'microsoft.network/networksecuritygroups' and isnull(properties.networkInterfaces) and isnull(properties.subnets) | project name, resourceGroup | sort by name asc", - "guid": "6791f893-5ada-4433-84e1-3811523181aa", - "link": "https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works", - "service": "SAP", - "severity": "Medium", - "text": "You can use application security group (ASG) and NSG rules to define network security access-control lists between the SAP application and DBMS layers. ASGs group virtual machines to help manage their security.", - "training": "https://learn.microsoft.com/training/modules/configure-network-security-groups/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "45bbe609-d8a0-43e9-9778-424d616785d6", - "link": "https://me.sap.com/notes/2015553", - "service": "SAP", - "severity": "High", - "text": "Placing of the SAP application layer and SAP DBMS in different Azure VNets that aren't peered isn't supported.", - "training": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-network-topology-and-connectivity", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "fa96c96a-d885-418f-9827-34c886ba2802", - "link": "https://learn.microsoft.com/azure/sap/workloads/proximity-placement-scenarios", - "service": "SAP", - "severity": "Medium", - "text": "For optimal network latency with SAP applications, consider using Azure proximity placement groups.", - "training": "https://learn.microsoft.com/azure/virtual-machines/co-location#planned-maintenance-and-proximity-placement-groups", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "18c8b61c-855a-4405-b6ed-266455e4f4ce", - "link": "https://me.sap.com/notes/2015553", - "service": "SAP", - "severity": "High", - "text": "It is NOT supported at all to run an SAP Application Server layer and DBMS layer split between on-premise and Azure. Both layers need to completely reside either on-premise or in Azure.", - "training": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-network-topology-and-connectivity", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "b65c878b-4b14-4f4e-92d8-d873936493f2", - "link": "https://me.sap.com/notes/2015553", - "service": "SAP", - "severity": "High", - "text": "It isn't recommended to host the database management system (DBMS) and application layers of SAP systems in different VNets and connect them with VNet peering because of the substantial costs that excessive network traffic between the layers can produce. Recommend using subnets within the Azure virtual network to separate the SAP application layer and DBMS layer.", - "training": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-network-topology-and-connectivity", - "waf": "Cost" - }, - { - "checklist": "SAP Checklist", - "guid": "402a9846-d515-4061-aff8-cd30088693fa", - "link": "https://learn.microsoft.com/azure/sap/workloads/high-availability-guide-rhel", - "service": "SAP", - "severity": "High", - "text": "If using Load Balancer with Linux guest operating systems, check that the Linux network parameter net.ipv4.tcp_timestamps is set to 0.", - "training": "https://learn.microsoft.com/training/modules/implement-ha-sap-netweaver-anydb/?source=recommendations", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "87585797-5551-4d53-bb7d-a94ee415734d", - "link": "https://learn.microsoft.com/azure/sap/workloads/rise-integration", - "service": "SAP", - "severity": "Medium", - "text": "For SAP RISE/ECS deployments, virtual peering is the preferred way to establish connectivity with customer's existing Azure environment. Both the SAP vnet and customer vnet(s) are protected with network security groups (NSG), enabling communication on SAP and database ports through the vnet peering", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "ff5136bd-dcf1-4d2b-ae52-39333efdf45a", - "link": "https://learn.microsoft.com/azure/backup/sap-hana-database-about", - "service": "SAP", - "severity": "High", - "text": "Review SAP HANA database backups for Azure VMs.", - "waf": "Cost" - }, - { - "checklist": "SAP Checklist", - "guid": "cafde29d-a0af-4bcd-87c0-0f299d63f0e8", - "link": "https://learn.microsoft.com/azure/site-recovery/site-recovery-monitor-and-troubleshoot", - "service": "SAP", - "severity": "Medium", - "text": "Review Site Recovery built-in monitoring, where used for SAP.", - "waf": "Cost" - }, - { - "checklist": "SAP Checklist", - "guid": "82d7b8de-d3f1-44a0-830b-38e200e82acf", - "link": "https://help.sap.com/docs/SAP_HANA_PLATFORM/c4d7c773af4a4e5dbebb6548d6e2d4f4/e3111d2ebb5710149510cc120646bf3f.html?locale=en-US", - "service": "SAP", - "severity": "High", - "text": "Review the Monitoring the SAP HANA System Landscape guidance.", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "c823873a-2bec-4c2a-b684-a1ce8ae80efd", - "link": "https://learn.microsoft.com/azure/virtual-machines/workloads/oracle/oracle-database-backup-strategies", - "service": "SAP", - "severity": "Medium", - "text": "Review Oracle Database in Azure Linux VM backup strategies.", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "2943b6d8-1d31-4e19-ade7-78e6b26d1962", - "link": "https://learn.microsoft.com/sql/relational-databases/tutorial-use-azure-blob-storage-service-with-sql-server-2016?view=sql-server-ver16", - "service": "SAP", - "severity": "Medium", - "text": "Review the use of Azure Blob Storage with SQL Server 2016.", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "b82e650f-676d-417d-994d-fc33ca54ec14", - "link": "https://learn.microsoft.com/azure/azure-sql/virtual-machines/windows/automated-backup?view=azuresql", - "service": "SAP", - "severity": "Medium", - "text": "Review the use of Automated Backup v2 for Azure VMs.", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "347c2dcc-e6eb-4b04-80c5-628b171aa62d", - "service": "SAP", - "severity": "High", - "text": "Enabling Write accelerator for M series when using premium disks(V1)", - "waf": "Operations" - }, - { - "checklist": "SAP Checklist", - "guid": "b96512cf-996f-4b17-b9b8-6b16db1a2a94", - "link": "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/AvZone-Latency-Test", - "service": "SAP", - "severity": "Medium", - "text": "Test availability zone latency.", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "9fd7ffd4-da11-49f6-a374-8d03e94c511d", - "link": "https://support.sap.com/en/offerings-programs/support-services/earlywatch-alert.html", - "service": "SAP", - "severity": "Medium", - "text": "Activate SAP EarlyWatch Alert for all SAP components.", - "training": "https://help.sap.com/docs/SUPPORT_CONTENT/techops/3362700736.html", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "b9b140cf-413a-483d-aad2-8802c4e3c017", - "link": "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/sap-on-azure-general-update-march-2019/ba-p/377456", - "service": "SAP", - "severity": "Medium", - "text": "Review SAP application server to database server latency using SAP ABAPMeter report /SSA/CAT.", - "training": "https://me.sap.com/notes/0002879613", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "62fbf0f8-51db-49e1-a961-bb5df7a35f80", - "service": "SAP", - "severity": "Medium", - "text": "Review SQL Server performance monitoring using CCMS.", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "35709da7-fc7d-4efe-bb20-2e91547b7390", - "link": "https://me.sap.com/notes/500235", - "service": "SAP", - "severity": "Medium", - "text": "Test network latency between SAP application layer VMs and DBMS VMs (NIPING).", - "training": "https://me.sap.com/notes/1100926/E", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "9e9bb4c8-e934-4e4b-a13c-6f7c7c38eb43", - "link": "https://learn.microsoft.com/en-us/azure/sap/large-instances/hana-monitor-troubleshoot", - "service": "SAP", - "severity": "Medium", - "text": "Review SAP HANA studio alerts.", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "f1a92ab5-9509-4b57-86ff-b0ade361b694", - "link": "https://me.sap.com/notes/1969700", - "service": "SAP", - "severity": "Medium", - "text": "Perform SAP HANA health checks using HANA_Configuration_Minichecks.", - "waf": "Performance" - }, - { - "checklist": "SAP Checklist", - "guid": "18dffcf3-248c-4039-a67c-dec8e3a5f804", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/sap-lza-security-operations", - "service": "SAP", - "severity": "Medium", - "text": "If you run Windows and Linux VMs in Azure, on-premises, or in other cloud environments, you can use the Update management center in Azure Automation to manage operating system updates, including security patches.", - "training": "https://learn.microsoft.com/azure/automation/update-management/overview", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "08951710-79a2-492a-adbc-06d7a401545b", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/sap-lza-security-operations", - "service": "SAP", - "severity": "Medium", - "text": "Routinely review the SAP security OSS notes because SAP releases highly critical security patches, or hot fixes, that require immediate action to protect your SAP systems.", - "training": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "1b8b394e-ae64-4a74-8933-357b523ea0a0", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/sap-lza-database-security", - "service": "SAP", - "severity": "Low", - "text": "For SAP on SQL Server, you can disable the SQL Server system administrator account because the SAP systems on SQL Server don't use the account. Ensure that another user with system administrator rights can access the server before disabling the original system administrator account.", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "5a76a033-ced9-4eef-9a43-5e4f96634c8e", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/sap-lza-database-security", - "service": "SAP", - "severity": "High", - "text": "Disable xp_cmdshell. The SQL Server feature xp_cmdshell enables a SQL Server internal operating system command shell. It's a potential risk in security audits.", - "training": "https://me.sap.com/notes/3019299/E", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "cf65de8e-1309-4ccc-b579-266bcca275fa", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-security-governance-and-compliance", - "service": "SAP", - "severity": "High", - "text": "Encrypting SAP HANA database servers on Azure uses SAP HANA native encryption technology. Additionally, if you are using SQL Server on Azure, use Transparent Data Encryption (TDE) to protect your data and log files and ensure that your backups are also encrypted.", - "training": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/sap-lza-database-security", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "a1abfe9d-55d0-44c3-a491-9cb1b3d1325a", - "link": "https://learn.microsoft.com/azure/storage/common/storage-service-encryption", - "service": "SAP", - "severity": "Medium", - "text": "Azure Storage encryption is enabled for all Azure Resource Manager and classic storage accounts, and can't be disabled. Because your data is encrypted by default, you don't need to modify your code or applications to use Azure Storage encryption.", - "training": "https://learn.microsoft.com/training/modules/encrypt-sector-data/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "graph": "Resources | join kind=leftouter (ResourceContainers | where type=~'microsoft.resources/subscriptions' | project SubName=name, subscriptionId) on subscriptionId | where type =~ 'microsoft.keyvault/vaults' | project type, name, SubName", - "guid": "ce9bd3bb-0cdb-43b5-9eb2-ec14eeaa3592", - "link": "https://learn.microsoft.com/azure/key-vault/general/overview", - "service": "SAP", - "severity": "High", - "text": "Use Azure Key Vault to store your secrets and credentials", - "training": "https://learn.microsoft.com/training/modules/manage-secrets-with-azure-key-vault/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "829e2edb-2173-4676-aff6-691b4935ada4", - "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/lock-resources?tabs=json", - "service": "SAP", - "severity": "Medium", - "text": "It is recommended to LOCK the Azure Resources post successful deployment to safeguard against unauthorized changes. You can also enforce LOCK constraints and rules on your per-subscription basis using customized Azure policies(Custome role).", - "training": "https://learn.microsoft.com/training/modules/use-azure-resource-manager/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "2223ece8-1b12-4318-8a54-17415833fb4a", - "link": "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview", - "service": "SAP", - "severity": "Medium", - "text": "Provision Azure Key Vault with the soft delete and purge policies enabled to allow retention protection for deleted objects.", - "training": "https://learn.microsoft.com/training/modules/manage-secrets-with-azure-key-vault/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "e3c2df74-3165-4c3a-abe0-5bbe209d490d", - "link": "https://learn.microsoft.com/azure/role-based-access-control/security-controls-policy", - "service": "SAP", - "severity": "High", - "text": "Based on existing requirements, regulatory and compliance controls (internal/external) - Determine what Azure Policies and Azure RBAC role are needed", - "training": "https://learn.microsoft.com/training/paths/describe-azure-management-governance/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "a4777842-4d11-4678-9d2f-a56c56ad4840", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-security-governance-and-compliance", - "service": "SAP", - "severity": "High", - "text": "When enabling Microsoft Defender for Endpoint on SAP environment, recommend excluding data and log files on DBMS servers instead of targeting all servers. Follow your DBMS vendor's recommendations when excluding target files.", - "training": "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/microsoft-defender-endpoint-mde-for-sap-applications-on-windows/ba-p/3912268", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "8fe72734-c486-4ba2-a0dc-0591cf65de8e", - "link": "https://learn.microsoft.com/azure/defender-for-cloud/just-in-time-access-overview?tabs=defender-for-container-arch-aks", - "service": "SAP", - "severity": "High", - "text": "Delegate an SAP admin custom role with just-in-time access of Microsoft Defender for Cloud.", - "training": "https://learn.microsoft.com/training/modules/secure-vms-with-azure-security-center/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "1309cccd-5792-466b-aca2-75faa1abfe9d", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-security-governance-and-compliance", - "service": "SAP", - "severity": "Low", - "text": "encrypt data in transit by integrating the third-party security product with secure network communications (SNC) for DIAG (SAP GUI), RFC, and SPNEGO for HTTPS", - "training": "https://learn.microsoft.com/azure/security/fundamentals/encryption-overview#encryption-of-data-in-transit", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "eeaa3592-829e-42ed-a217-3676aff6691b", - "link": "https://learn.microsoft.com/azure/storage/common/storage-encryption-key-model-get?tabs=portal", - "service": "SAP", - "severity": "Medium", - "text": "Default to Microsoft-managed keys for principal encryption functionality and use customer-managed keys when required.", - "training": "https://learn.microsoft.com/training/modules/manage-secrets-with-azure-key-vault/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "graph": "Resources | join kind=leftouter (ResourceContainers | where type=~'microsoft.resources/subscriptions' | project SubName=name, subscriptionId) on subscriptionId | where type =~ 'microsoft.keyvault/vaults' | project type, name, SubName", - "guid": "4935ada4-2223-4ece-a1b1-23181a541741", - "link": "https://learn.microsoft.com/ja-jp/azure/key-vault/general/best-practices", - "service": "SAP", - "severity": "High", - "text": "Use an Azure Key Vault per application per environment per region.", - "training": "https://learn.microsoft.com/training/modules/manage-secrets-with-azure-key-vault/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "abc9634d-c44d-41e9-a530-e8444e16aa3c", - "link": "https://learn.microsoft.com/azure/key-vault/certificates/certificate-scenarios", - "service": "SAP", - "severity": "High", - "text": "To control and manage disk encryption keys and secrets for non-HANA Windows and non-Windows operating systems, use Azure Key Vault. SAP HANA isn't supported with Azure Key Vault, so you must use alternate methods like SAP ABAP or SSH keys.", - "training": "https://learn.microsoft.com/training/modules/configure-and-manage-azure-key-vault/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "209d490d-a477-4784-84d1-16785d2fa56c", - "link": "https://learn.microsoft.com/azure/role-based-access-control/built-in-roles", - "service": "SAP", - "severity": "High", - "text": "Customize role-based access control (RBAC) roles for SAP on Azure spoke subscriptions to avoid accidental network-related changes", - "training": "https://learn.microsoft.com/training/modules/secure-azure-resources-with-rbac/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "56ad4840-8fe7-4273-9c48-6ba280dc0591", - "link": "https://blogs.sap.com/2019/07/21/sap-security-operations-on-azure/", - "service": "SAP", - "severity": "High", - "text": "Isolate DMZs and NVAs from the rest of the SAP estate, configure Azure Private Link, and securely manage and control the SAP on Azure resources", - "training": "https://learn.microsoft.com/azure/architecture/reference-architectures/dmz/secure-vnet-dmz?tabs=portal", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "e124ba34-df68-45ed-bce9-bd3bb0cdb3b5", - "link": "https://learn.microsoft.com/en-us/training/modules/secure-vms-with-azure-security-center/?source=recommendations", - "service": "SAP", - "severity": "Low", - "text": "Consider using Microsoft anti-malware software on Azure to protect your virtual machines from malicious files, adware, and other threats.", - "training": "https://azure.microsoft.com/blog/deploying-antimalware-solutions-on-azure-virtual-machines/", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "5eb2ec14-eeaa-4359-8829-e2edb2173676", - "link": "https://learn.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide", - "service": "SAP", - "severity": "Low", - "text": "For even more powerful protection, consider using Microsoft Defender for Endpoint.", - "training": "https://learn.microsoft.com/training/modules/implement-endpoint-protection-use-microsoft-defender/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "87a924c4-25c2-419f-a2f0-96c7c4fe4525", - "link": "https://learn.microsoft.com/azure/architecture/guide/sap/sap-whole-landscape", - "service": "SAP", - "severity": "High", - "text": "Isolate the SAP application and database servers from the internet or from the on-premises network by passing all traffic through the hub virtual network, which is connected to the spoke network by virtual network peering. The peered virtual networks guarantee that the SAP on Azure solution is isolated from the public internet.", - "training": "https://learn.microsoft.com/training/modules/explore-azure-networking/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "491ca1c4-3d40-42c0-9d85-b8933999590b", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-security-governance-and-compliance", - "service": "SAP", - "severity": "Low", - "text": "For internet-facing applications like SAP Fiori, make sure to distribute load per application requirements while maintaining security levels. For Layer 7 security, you can use a third-party Web Application Firewall (WAF) available in the Azure Marketplace.", - "training": "https://learn.microsoft.com/training/modules/simplify-cloud-procurement-governance-azure-marketplace/?source=recommendations", - "waf": "Security" - }, - { - "checklist": "SAP Checklist", - "guid": "9fc945b9-0527-47af-8200-9d652fe02fcc", - "link": "https://learn.microsoft.com/azure/sap/monitor/enable-tls-azure-monitor-sap-solutions", - "service": "SAP", - "severity": "Medium", - "text": "To enable secure communication in Azure Monitor for SAP solutions, you can choose to use either a root certificate or a server certificate. We highly recommend that you use root certificates.", - "training": "https://learn.microsoft.com/training/modules/implement-azure-monitoring-sap-workloads-azure-virtual-machines/?source=recommendations", - "waf": "Security" - }, - { - "arm-service": "Microsoft.ServiceBus/namespaces", - "checklist": "Service Bus Review Checklist", - "description": "Azure Service Bus Premium provides encryption of data at rest. If you use your own key, the data is still encrypted using the Microsoft-managed key, but in addition the Microsoft-managed key will be encrypted using the customer-managed key. ", - "guid": "87af4a79-1f89-439b-ba47-768e14c11567", - "link": "https://learn.microsoft.com/azure/service-bus-messaging/configure-customer-managed-key", - "service": "Service Bus", - "severity": "Low", - "text": "Use customer-managed key option in data at rest encryption when required", - "training": "https://learn.microsoft.com/learn/modules/plan-implement-administer-conditional-access/", - "waf": "Security" - }, - { - "arm-service": "Microsoft.ServiceBus/namespaces", - "checklist": "Service Bus Review Checklist", - "description": "Communication between a client application and an Azure Service Bus namespace is encrypted using Transport Layer Security (TLS). Azure Service Bus namespaces permit clients to send and receive data with TLS 1.0 and above. To enforce stricter security measures, you can configure your Service Bus namespace to require that clients send and receive data with a newer version of TLS.", - "guid": "5c1ea55b-46a9-448f-b8ae-7d7e4b475b6c", - "link": "https://learn.microsoft.com/azure/service-bus-messaging/transport-layer-security-enforce-minimum-version", - "service": "Service Bus", - "severity": "Medium", - "text": "Enforce a minimum required version of Transport Layer Security (TLS) for requests ", - "training": "https://learn.microsoft.com/learn/modules/secure-aad-users-with-mfa/", - "waf": "Security" - }, - { - "arm-service": "Microsoft.ServiceBus/namespaces", - "checklist": "Service Bus Review Checklist", - "description": "When you create a Service Bus namespace, a SAS rule named RootManageSharedAccessKey is automatically created for the namespace. This policy has Manage permissions for the entire namespace. It's recommended that you treat this rule like an administrative root account and don't use it in your application. Using AAD as an authentication provider with RBAC is recommended. ", - "guid": "8bcbf59b-ce65-4de8-a03f-97879468d66a", - "link": "https://learn.microsoft.com/azure/service-bus-messaging/service-bus-sas#shared-access-authorization-policies", - "service": "Service Bus", - "severity": "Medium", - "text": "Avoid using root account when it is not necessary", - "training": "https://learn.microsoft.com/learn/paths/azure-administrator-manage-identities-governance/", - "waf": "Security" - }, - { - "arm-service": "Microsoft.ServiceBus/namespaces", - "checklist": "Service Bus Review Checklist", - "description": "Microsoft Entra ID provides superior security and ease of use over shared access signatures (SAS). With Microsoft Entra ID, there’s no need to store the tokens in your code and risk potential security vulnerabilities. We recommend that you use Microsoft Entra ID with your Azure Service Bus applications when possible.", - "graph": "Resources | where type =~ 'microsoft.servicebus/namespaces' | extend compliant = iif(properties.disableLocalAuth == 'false', 'No', 'Yes') | project id, compliant", - "guid": "786d60f9-6c96-4ad8-a55d-04c2b39c986b", - "link": "https://learn.microsoft.com/en-us/azure/service-bus-messaging/disable-local-authentication", - "service": "Service Bus", - "severity": "Medium", - "text": "When possible, disable SAS key authentication (or local authentication) and use only Microsoft Entra ID for authentication", - "training": "https://learn.microsoft.com/learn/modules/azure-ad-privileged-identity-management/", - "waf": "Security" - }, - { - "arm-service": "Microsoft.ServiceBus/namespaces", - "checklist": "Service Bus Review Checklist", - "description": "When creating permissions, provide fine-grained control over a client's access to Azure Service Bus. Permissions in Azure Service Bus can and should be scoped to the individual resource level e.g. queue, topic or subscription. ", - "guid": "f615658d-e558-4f93-9249-b831112dbd7e", - "link": "https://learn.microsoft.com/azure/service-bus-messaging/authenticate-application#azure-built-in-roles-for-azure-service-bus", - "service": "Service Bus", - "severity": "High", - "text": "Use least privilege data plane RBAC", - "training": "https://learn.microsoft.com/learn/modules/explore-basic-services-identity-types/", - "waf": "Security" - }, - { - "arm-service": "Microsoft.ServiceBus/namespaces", - "checklist": "Service Bus Review Checklist", - "description": "Azure Service Bus resource logs include operational logs, virtual network and IP filtering logs. Runtime audit logs capture aggregated diagnostic information for various data plane access operations (such as send or receive messages) in Service Bus.", - "guid": "af12e7f9-43f6-4304-922d-929c2b1cd622", - "link": "https://learn.microsoft.com/azure/service-bus-messaging/monitor-service-bus-reference", - "service": "Service Bus", - "severity": "Medium", - "text": "Enable logging for security investigation. Use Azure Monitor to trace resource logs and runtime audit logs (currently available only in the premium tier)", - "training": "https://learn.microsoft.com/learn/paths/manage-identity-and-access/", - "waf": "Security" - }, - { - "arm-service": "Microsoft.ServiceBus/namespaces", - "checklist": "Service Bus Review Checklist", - "description": "Azure Service Bus by default has a public IP address and is Internet-reachable. Private endpoints allow traffic between your virtual network and Azure Service Bus traverses over the Microsoft backbone network. In addition to that, you should disable public endpoints if those are not used. ", - "guid": "9ae669ca-48e4-4a85-b222-3ece8bb12307", - "link": "https://learn.microsoft.com/azure/service-bus-messaging/private-link-service", - "service": "Service Bus", - "severity": "Medium", - "text": "Consider using private endpoints to access Azure Service Bus and disable public network access when applicable.", - "training": "https://learn.microsoft.com/learn/modules/azure-ad-privileged-identity-management/", - "waf": "Security" - }, - { - "arm-service": "Microsoft.ServiceBus/namespaces", - "checklist": "Service Bus Review Checklist", - "description": "With IP firewall, you can restrict the public endpoint further to only a set of IPv4 addresses or IPv4 address ranges in CIDR (Classless Inter-Domain Routing) notation. ", - "guid": "ca5f06f1-58e3-4ea3-a92c-2de7e2165c3a", - "link": "https://learn.microsoft.com/azure/service-bus-messaging/service-bus-ip-filtering", - "service": "Service Bus", - "severity": "Medium", - "text": "Consider only allowing access to Azure Service Bus namespace from specific IP addresses or ranges", - "training": "https://learn.microsoft.com/learn/paths/implement-resource-mgmt-security/", - "waf": "Security" - }, - { - "checklist": "Azure Service Fabric Review Checklist", - "graph": "resources | where type=~'Microsoft.ServiceFabric/managedClusters' | extend compliant = (sku=~'{\"name\":\"Standard\"}') | distinct id,compliant", - "guid": "182840d2-9ef8-4238-8fd6-0d76186830ac", - "link": "https://learn.microsoft.com/azure/service-fabric/overview-managed-cluster#service-fabric-managed-cluster-skus", - "service": "Azure Service Fabric", - "severity": "Medium", - "text": "Use Standard SKU for production scenarios.", - "waf": "Reliability" - }, - { - "checklist": "Azure Service Fabric Review Checklist", - "graph": "resources | where type=~'Microsoft.ServiceFabric/clusters' | extend nodeTypes= array_concat(properties.nodeTypes) | mv-expand nodeTypes | summarize BronzeDurabilityCount = countif(nodeTypes.durabilityLevel == 'Bronze') by id | extend compliant = (BronzeDurabilityCount == 0) | distinct id,compliant", - "guid": "182840d2-9ef8-4238-8fd6-0d76186830ac", - "link": "https://learn.microsoft.com/azure/service-fabric/service-fabric-cluster-capacity#durability-characteristics-of-the-cluster", - "service": "Azure Service Fabric", - "severity": "Medium", - "text": "Use durability level Silver (5 VMs) or greater for production scenarios", - "waf": "Reliability" - }, - { - "checklist": "Azure Service Fabric Review Checklist", - "graph": "resources | where type=~'Microsoft.ServiceFabric/managedClusters' | extend compliant= ( properties.zonalResiliency =~ 'true') | distinct id,compliant", - "guid": "2363878d-55c4-4cbd-9bc2-94523c85f12e", - "link": "https://learn.microsoft.com/azure/service-fabric/how-to-managed-cluster-availability-zones", - "service": "Azure Service Fabric", - "severity": "Medium", - "text": "Consider using Availability Zones for your Service Fabric clusters. Service Fabric managed cluster supports deployments that span across multiple Availability Zones to provide zone resiliency. This configuration will ensure high-availability of the critical system services and your applications to protect from single-points-of-failure.", - "waf": "Reliability" - }, - { - "checklist": "Azure Service Fabric Review Checklist", - "guid": "5ba74cc8-3ca2-44d5-9a67-bdc8e102e7b4", - "link": "https://learn.microsoft.com/azure/service-fabric/service-fabric-api-management-overview", - "service": "Azure Service Fabric", - "severity": "Medium", - "text": "Consider using Azure API Management to expose and offload cross-cutting functionality for APIs hosted on the cluster. API Management can integrate with Service Fabric directly.", - "waf": "Reliability" - }, - { - "checklist": "Azure Service Fabric Review Checklist", - "guid": "ef17bb8f-4e2c-488b-8ceb-a07c3d750dd3", - "link": "https://learn.microsoft.com/azure/service-fabric/service-fabric-reliable-services-introduction", - "service": "Azure Service Fabric", - "severity": "Medium", - "text": "For stateful workload scenarios, consider using Reliable Services. The Reliable Services model allows your services to stay up even in unreliable environments where your machines fail or hit network issues, or in cases where the services themselves encounter errors and crash or fail. For stateful services, your state is preserved even in the presence of network or other failures.", - "waf": "Reliability" - }, - { - "checklist": "Azure Service Fabric Review Checklist", - "graph": "resources | where type=~'Microsoft.Compute/virtualMachineScaleSets' | extend vmssExtension= array_concat(properties.virtualMachineProfile.extensionProfile.extensions) | mv-expand vmssExtension | where vmssExtension.properties.publisher matches regex '^Microsoft.Azure.ServiceFabric.*' | summarize arg_max(id, *) | summarize compliant = countif(sku.name matches regex '^Standard_[^d]*$' ) by id", - "guid": "4da21268-f775-4c89-a271-eb80543c8df7", - "service": "Azure Service Fabric", - "severity": "Medium", - "text": "Avoid VM SKUs with temp disk offerings. Service Fabric uses managed disks by default, so avoiding temp disk offerings ensures you don't pay for unneeded resources.", - "waf": "Cost" - }, - { - "checklist": "Azure Service Fabric Review Checklist", - "guid": "1890b796-f300-41a3-a8d4-29738c1f4ad0", - "link": "https://learn.microsoft.com/azure/service-fabric/how-to-managed-cluster-stateless-node-type#temporary-disk-support", - "service": "Azure Service Fabric", - "severity": "Medium", - "text": "If you need to select a certain VM SKU for capacity reasons and it happens to offer temp disk, consider using temporary disk support for your stateless workloads.", - "waf": "Cost" - }, - { - "checklist": "Azure Service Fabric Review Checklist", - "guid": "5247bb32-6778-49c7-8b40-e171c9a3ce1e", - "service": "Azure Service Fabric", - "severity": "Medium", - "text": "Align SKU selection and managed disk size with workload requirements. Matching your selection to your workload demands ensures you don't pay for unneeded resources.", - "waf": "Cost" - }, - { - "checklist": "Azure Service Fabric Review Checklist", - "guid": "6028759b-446a-41bc-8b0e-7728e61ca704", - "link": "https://learn.microsoft.com/azure/service-fabric/how-to-managed-cluster-networking#manage-nsg-rules", - "service": "Azure Service Fabric", - "severity": "Medium", - "text": "Ensure Network Security Groups (NSG) are configured to restrict traffic flow between subnets and node types. For example, you may have an API Management instance (one subnet), a frontend subnet (exposing a website directly), and a backend subnet (accessible only to frontend).", - "waf": "Security" - }, - { - "checklist": "Azure Service Fabric Review Checklist", - "graph": "resources | where type=~'Microsoft.Compute/virtualMachineScaleSets' | extend vmssExtension= array_concat(properties.virtualMachineProfile.extensionProfile.extensions) | mv-expand vmssExtension | where vmssExtension.properties.publisher matches regex '^Microsoft.Azure.ServiceFabric.*' | summarize arg_max(id, *) | extend compliant = (isnotnull(properties.virtualMachineProfile.osProfile.secrets))", - "guid": "4e98c903-14cf-4c72-9c45-b8b23bc4cbd8", - "link": "https://learn.microsoft.com/azure/service-fabric/service-fabric-best-practices-security#deploy-key-vault-certificates-to-service-fabric-cluster-virtual-machine-scale-sets", - "service": "Azure Service Fabric", - "severity": "Medium", - "text": "Deploy Key Vault certificates to Service Fabric cluster virtual machine scale sets. Centralizing storage of application secrets in Azure Key Vault allows you to control their distribution. Key Vault greatly reduces the chances that secrets may be accidentally leaked.", - "waf": "Security" - }, - { - "checklist": "Azure Service Fabric Review Checklist", - "guid": "001cbb6f-d88d-4431-8434-d01333397776", - "link": "https://learn.microsoft.com/azure/service-fabric/service-fabric-best-practices-security#apply-an-access-control-list-acl-to-your-certificate-for-your-service-fabric-cluster", - "service": "Azure Service Fabric", - "severity": "Medium", - "text": "Apply an Access Control List (ACL) to your client certificate for your Service Fabric cluster. Using an ACL provides an additional level of authentication.", - "waf": "Security" - }, - { - "checklist": "Azure Service Fabric Review Checklist", - "guid": "4b74b7a5-bb1e-4fca-948c-037ba95fb73b", - "link": "https://learn.microsoft.com/azure/service-fabric/service-fabric-resource-governance#resource-governance-mechanism", - "service": "Azure Service Fabric", - "severity": "Medium", - "text": "Use resource requests and limits to govern resource usage across the nodes in your cluster. Enforcing resource limits helps ensure that one service doesn't consume too many resources and starve other services.", - "waf": "Security" - }, - { - "checklist": "Azure Service Fabric Review Checklist", - "guid": "cd9233ba-f3aa-4353-8d2f-7ea4a64160e6", - "link": "", - "service": "Azure Service Fabric", - "severity": "Medium", - "text": "Encrypt Service Fabric package secret values. Encryption on your secret values provides an additional level of security.", - "waf": "Security" - }, - { - "checklist": "Azure Service Fabric Review Checklist", - "guid": "44b989d4-9f72-42b6-99da-ec2a79f83299", - "link": "", - "service": "Azure Service Fabric", - "severity": "Medium", - "text": "Include client certificates in Service Fabric applications. Having your applications use client certificates for authentication provides opportunities for security at both the cluster and workload level.", - "waf": "Security" - }, - { - "checklist": "Azure Service Fabric Review Checklist", - "guid": "28e66ff7-4a77-4b2c-910d-0335f141208a", - "link": "https://learn.microsoft.com/azure/service-fabric/how-to-managed-identity-managed-cluster-virtual-machine-scale-sets", - "service": "Azure Service Fabric", - "severity": "Medium", - "text": "Authenticate Service Fabric applications to Azure Resources using Managed Identity. Using Managed Identity allow you to securely manage the credentials in your code for authenticating to various services without saving them locally on a developer workstation or in source control.", - "waf": "Security" - }, - { - "checklist": "Azure Service Fabric Review Checklist", - "guid": "f16c413c-00a6-43aa-852c-b97292c33a56", - "link": "https://learn.microsoft.com/azure/service-fabric/service-fabric-best-practices-security#hosting-untrusted-applications-in-a-service-fabric-cluster", - "service": "Azure Service Fabric", - "severity": "Medium", - "text": "Follow Service Fabric best practices when hosting untrusted applications. Following the best practices provides a security standard to follow.", - "waf": "Security" } ], "metadata": { "name": "WAF checklist", - "timestamp": "October 25, 2024" + "timestamp": "November 04, 2024" }, "severities": [ { diff --git a/checklists/waf_checklist.es.json b/checklists/waf_checklist.es.json index 33c8e239..fec542d2 100644 --- a/checklists/waf_checklist.es.json +++ b/checklists/waf_checklist.es.json @@ -11279,7 +11279,7 @@ ], "metadata": { "name": "WAF checklist", - "timestamp": "October 24, 2024" + "timestamp": "November 04, 2024" }, "severities": [ { diff --git a/checklists/waf_checklist.ja.json b/checklists/waf_checklist.ja.json index b158bf54..2b31079f 100644 --- a/checklists/waf_checklist.ja.json +++ b/checklists/waf_checklist.ja.json @@ -11279,7 +11279,7 @@ ], "metadata": { "name": "WAF checklist", - "timestamp": "October 24, 2024" + "timestamp": "November 04, 2024" }, "severities": [ { diff --git a/checklists/waf_checklist.ko.json b/checklists/waf_checklist.ko.json index 9f75295e..c172e724 100644 --- a/checklists/waf_checklist.ko.json +++ b/checklists/waf_checklist.ko.json @@ -11279,7 +11279,7 @@ ], "metadata": { "name": "WAF checklist", - "timestamp": "October 24, 2024" + "timestamp": "November 04, 2024" }, "severities": [ { diff --git a/checklists/waf_checklist.pt.json b/checklists/waf_checklist.pt.json index a004ba8f..ded3dc1f 100644 --- a/checklists/waf_checklist.pt.json +++ b/checklists/waf_checklist.pt.json @@ -11279,7 +11279,7 @@ ], "metadata": { "name": "WAF checklist", - "timestamp": "October 24, 2024" + "timestamp": "November 04, 2024" }, "severities": [ { diff --git a/checklists/waf_checklist.zh-Hant.json b/checklists/waf_checklist.zh-Hant.json index 49fa8bc6..2752853c 100644 --- a/checklists/waf_checklist.zh-Hant.json +++ b/checklists/waf_checklist.zh-Hant.json @@ -11279,7 +11279,7 @@ ], "metadata": { "name": "WAF checklist", - "timestamp": "October 24, 2024" + "timestamp": "November 04, 2024" }, "severities": [ { diff --git a/spreadsheet/macrofree/alz_checklist.en.xlsx b/spreadsheet/macrofree/alz_checklist.en.xlsx index 46bce0d4c5f73960a378b52ac5aa6d2f0637c985..95f6db6c749e46faff4be29b7f87b2be35b9865e 100644 GIT binary patch delta 24900 zcmY(qb8uaa_dOh|v2CNV)!4ReHFi#8HMZH z!nkc83u=hbz=PxHl@fl)wwRs|Ehna}^`U}vR{v~6NYlXZik34G4Rt6nC;Rhh1XHMq zsGe8z@|OW@{m;q<=jkk2pX01?$rMjSoN=DT&&R7G$a*6euIG3jfE4m48eKxE9D12`atuFV{+$^}6FI*~2#-9r(n4;5u8{W^yBvCL@w z*Okf&|4!$ZI{I(My%16kl~$*uW&SIMX*;sarMKM>Lp{tUUL1AslM}vo7mEU+8kxl$ zvewDiNCx#)#*a_e{kmgDUt~u;R^Ft>D2@uelaw{9bOJmj1RyJ>jcT@$k7e+_3xDi( zwToN6TAV}q|GBIY4x$GJ{jbw*p`>)dYr(*{C85A@!IH=Z@qw|<)5LAARHi3-M6Ld2 zfAWOk^Ejc?3~8+;O>cGVxS7+~41g5g(nXf8LZZB3x_iQI6}U$_<6o8HRdT5Z47J=C>>~D5v_8g?hgQQ&)Fyly|f?xEEO8dHd+xY18$5WYWFyw!2p{OtMJfP;<<* z^0~OmGtO=D9avr4;8-Cl3bnrZ-sSAT|HHd@Zm$w}u6$rz)A2T_GdiGnKC9$^=-*WK zU#zV}+BSCe@+xpaw0uhDN3 z!MRQN=;`ufshy*v{r%eu^qDu4aEQss(G!K+W7ikQ2TpMsV}#xJ$Nu#O&iA|O!Se%> zX`b`SqRXjFOByJs`mP?$&ID_?OQ+;{EXZt+vAsaA?JO(AiSsd-^L7BgE18q~C$x zS&3if<(RZV(5e`v^|a6K`9kse;>B*Tb#P4C;K2ds%?8IWgxUkG$pDJEJ))LkQ1Qpm zs?_2gTJ9ZM=&u%)6|QOh4bNcOT()HA6`7YpAn8z8YWgnW$Ae6a0+F7e+MSIVaD}qz zhO!q;GgDu?O?uJi)$6obCN<-IX@BMT6~${I#)mHlC(h~$`d1n3toLI`KqTuCnY*EY z2}S_nZ3r)WfKKbPg&1?{{bvdpDbywY_R{ye1%p@fQ*i=P8txxL>#Bp=+5D~#(@gK0 z0EJWvpzrVp+PQVZ`TJJR+572TTwkn?6N&blvjOLG_xi~r7I^#c3UL?7O?_!0mL<#p z1I^K^=2bOiZqN(~3g3rz{_E105V>|bpklo9*621&r@KMv<+k*h)xzj4y8e?85bpOD z{IcrLDk{V!DlHYAmWKj!#)A;}uoYc;;k$F)dUc&9{PF5B4&0L0C2(ML5;iqFXP3;B z_vwVv?tg{C+U`sz_N;4G}P2Nv-G8d4KC-uBDS192vA=moXcz?pLVDQQ1cfc)(u z5O!pqDK5`_^4)8uLoBS>kAJwly;#fMpf@ zx!+^%O=spxN^DecjRaqzBM;HjQ26RF=xn^6$75Y%Z!kp|*`5$p+ZjBwk z*|f4XR}!}_hm{v>Zh0(P|2cMkzWPurwUw-G*n{Uk>~B=PaFMuu&UY-9a(-0u@qQj9 z>or#Qd_$+Z9%=2wee&Wy?5w-2u{CVsZJy=BdT&Ez=fU7sqc8E2!-3!;@UBndk^18s zk=+9cuU$=5pXGQa%%|hP08{MdE6yVRx0L6;%(LUQ#sU6eWF+}Ug11Xy*4js z;%4$Im+|J{A4kWL zzK-rasl3`Qc)xmynFu&t0q*{^a7>ipi7rwkcvXz6JwYSatMG|D0GanrSik3Wgt^Bi z+QKBc5HN|p;NfP@eb7Q;WZZ)Qsfxt%C)*rhpE7NiQ0(657jM|a7gwPODeXIxHR1;* zwKlhwwKLmHVeRLqkf6^PO)m+?FD5LGI>&qD!qn`;knCm&FLLp)r;>(Jm{yBJf4JKV zI$iU1iaZOS$<>rCCgSzF4p+A{JQD$e>zKdJxI_ z)qa*v#e|O>`Qc`|GEOc$jV2a^1_@KeLOKTqY5IkVot?d>HHjL9jz9YN(AaB9h$J0R z_cOcO*FTHwbl{v8zsUhEx~h)Ag@oQmN#f`5KcR#0&wDUkbF?l8mk`fCcEyGtT9cws z;sN&`wR>Eo(Y5DBx1uPw7)uM>x73w~HKbQIb3!n}m3j-`Il>sRf|l?x>qmPFDNXSB z{E(H~U%pN1Z}H~peUD6IRk~;Q!@cAGY=fv%AYCCA_VHBF#pb^Eqr<_woc{8Z#_{wi zMDI$6dfP3Qz5O-whwErQ;Rx=|&&PXpYx6)yr?!gmxS?M#C$GWiBV?W+7}){Qssz!h zF)bV2=he2i7@Y>|1Yt5L)au6{1_IpTchgPXY)dWOS6M9sAsS(uIX7pQR_^!sID_%u zMC+UjYK#`4ucbGw;4h;S2X7@*;u#ri4!;}9+|In1bVGuyu%e3j%n!EKDRJ&Uo+Oc= zAv;dj-7-K9YG8jDk49Wy@i%ywV69p3tqb?5`-$wQgSuA9!N+PjRw(i2MswzKw*Eb2 z{X89agZXlY-En^)i0nOZVG>|Tyw2+&94!h+N^pSQRr=PYJX72c=y&Zu4*F)ETkJTko!d^Z#Wm?# z-C7B{KG3@2BI24L+lLPi5vH?7WAlcCP+9c-k7R(Gn)>SIV^bzNr%@sStP`aoSEtBc zEG?{#9D>l3&%Me*KgcOl1MNIR?0JKy97--*R*ItNG+&*h6TPbH*e7p^I_;jy>`aFc zBvgsm+{TR)?O<>`6vW<>3}&WK80WAMMLiA*&{D4+z5ExYyZwsw@ER97eA~<4P*LU< zVg~Zsg0<1Zm?N3%#%l~~CF0+e>xmc%g!PnAG~SGN-OL2*ZZ*RYko1%4(J3)~qjm9l z-ar0=uWSt*l8F|ke)1PfIz+dnqp09@B;UD3HjJN7JtY=txsbWhX#Id>>-A}+f+iQ0 zinz}|CIm0NVJOKD10S3<8mob#>Fd=(4d9?rbIj8t+B<%r9m&?QoVSP>|^Y4V}YAf*Bbp~$PzX|j4TUhjTq?NnB)I?=P`t$rTx)X{&5osP=iGTmQBu$`0-B5vq1(%m>2q#z z-ZPg-;wWFcTl?|M(NwhK!VIv~8En{yiZa`5Wo8pYUAqijqMV|Dz`cYYxL!{QeD^vxisV-6}d)b1$v?!-6in66sM-)Wr zq>c<3{fOJ#P`rr3Trm9LGf;t4`t>Si|O)~0c~%dAbWCVfRogz5!BT*Svg)x5RJ zib8g8*2IS*UcnkpIvos*UEU6BKf%Sk8G`J2+Pd(S!Q+7>saecqd%VDz_JkH?h8aK!%QTJD8;U>>%BbC`@bOkey_pEF2} z!#|+n;BxP+_WAX_>FkR|MND(mdDdOhjOBcLS1n7BNJ@1Hs|dVhO%2xHZ%qc30xP;g za@ywKiL>*-&_YnUCUfOH!mDQjFu2~Jm4{b)?(5z(MkA=Im>=Rpl?%}nR(&Pv^&X@M z`176e<7+&n$H7ipQvWxu*HKs;tm4A|-&Y%v9=wtc1Sbv@+N z>@+8rV`kCa*YO0Z`W%m92DKdq#3EeB+Zz`K6CYdiY!&_Ek+uzQynte9Kbk)|(YBfj z^KtSvd$yV?X4q#-nR7T@w7o9`x9c=@h0x?z+|%5n`|CFn@W>(oztfto-o%-q3MCs% zRvYg*hjDFkD+Fo0FKNcIq&q3Dq)wiu*(UHj>4FKreX+`GJ@%p5s-mYkLMry!&xnwc zBstC>(Z$qhhq0*MZUD;UP2-Xatgf|bTsHq8?x$xfeRkn?TT`v9a#yin`jbODta4iBAc;k>sZ($T)AP zLoYOzX8Juba`!T%Wa2aj_66+fHNiF!JgfBqLJ#ZLFMvPdJ!h|wt3^{8>xX-L@S_iR zbSPOtz44dQ=g_h{7nMm2FwG0ku4BiOF}jyBQs{N0e2l-7&Yo@x%Bm8UD8pTs2usV` zmURF#MgC{$$?E(ueYkf5oFrF}nTP6Dd$6;0>@`Wtqxz|B8+N4?xcZcB171$rSW07I z3FB&`dpms^@cIfGzom#|}{6P4p9NzMv4|BQlf z#TQ<=iqgMc2u(xEyJAPA6(kG0gtVlhG8;ZmVtaO7+-_P|WOMA)7w;78_0idqTXzz7 zbTVth{rsqCvI4z@blEq$k%QP>bsM1W6Gbk!Kq}~NFHGmRLc!rIxV4|Fgx*~j2{`bx zj*Dfoye|3Rq~!j?_05~iwAw;`ZuaIY2-iN{1=Uw?`U0HCM<|*@o!Tvy_X2N>q%`~3 ziZ&K=x*x+T`n@~da#H0x;i5~n1ky-DJ&LA+VtN@=93V>YPLY|qLo)sET|LQv1j=eC zw1!{((yyks9qH}N)@)t_Dg@pni`U|MxfJR6j!O zI!^4tVIJ=D2|tpAb^RT+AtSNRPCc zQj{qCh@aR@6#4Y3e^U#qd^=o3-wPamtAR8CvyD=wA^m&o_IHUx$*+f2$YoKO5}LG$ zNAV^$K&%YC>LjV_i;HCXa#1Xryusx_}><41gi!Rdd)-~1lRD?i% z*@?|~jk;Zce>s$h2xo3UG_;2A#gnK3iKlbbdozN}`K} zCk#6+v5K5Ot<8IdKIM%JiH**U5%?VtrONQmb@kAV#H?9;yg%!?! zXLTaZ<%=p~>d-@Jm8l(ldWr*h8oW`HLRe*91SnOKSqGUR2TPW>UHbxH)q@d4RQ@Wz ziVRAqTSEglzGf+=IoxI9nZVI!-jSi*JD4i-WKQ!dFyhCdTs_3(LpFy3Xb2A%6z_xf zjIW3)lmOHFG4o(ByDzQ1?VJ)h>|t2sx9)Y~qd8}d9iD-GlDnIt3V?OZalzJK)6dOe zEy%4I=_?<@{a2xpFGmBi$e#`7N|;qr)Ne3DE7TPF_(fG*Z_7b6d9F0-;Iqnwh0>FC z8XKv>~)t9_Zi7@lN?no!I#Ld}OwtBjoRhAUC?-1Ivp5ywF11jB%YG&|8ImbmpL(y>(EosPq9yYyW^y}-6T4=pjHQU#PV zUbUqvDPoIsO_JPSCfiQpp<;czQAAn%^}9A}zZVABhKSggT0sEnp%w9I&}ag|2pSF- z=!>xA0h=q71(9+;R<9|#>r4owN1@6Pu>LP)$S~wp3w&y8M01vlQsIBCh$7u}bLeF@ zo_B54GG2B7R15AqKMvjM?~{>?d94P;NqaMlC-?Qc@7}h+VeWn2eq4T%nTF_wv4UzD zhNg+=5gR^5*AqhHC6?IY7+RfJDlr&BgT_q)NQp4g{1fckJbjQeL_oz^uCOQPD>|Wi1$iJF1}18< z`A3+orHXkus#^jd^C{y;+Q<_`MRaTdk1HFQEpnMFwm6KDoBy)`iBDv_t7XdZs{5nN zrE)=AZ-*b%LLNS~L3Y|=d+&>D(Z;0)I6+a(eh6;~tF`6Y)O>pldj@_%mJXo}G}_v# zR(|vDZ}mbawbdxX>mxuq{r2XpNozt><_TWK(p2A*7oRkB&hAOe$bG6^$6NEQXGGU> zGt6-v(~h%coAxYs2=}Y-`}6yn%d>I)aTdu&w_e-EmC_N>d!D1`(#TSc0`~&(!JG|D zTc>nHSVe$BH*Wg^m)31`X2XS{(XFq`S()#rWp@gu)*O=o_*P)Ev{og0y>9aHN%`~q z3PwGWobhdizabnWp0#cIJU*l26^nRgM z>?d@P5kyHrDf(ANe#%^#oX_p{l@J^Kvd|UcxN#wegR=KQV(QCsCj8jYND}E#BrL`CroYbEd^^sX@ za=CeJ!dneSeqW8?-DO|M+DX}c5irTGT3X0PJo5dDsLaV4#V8n@$-|sIWo9VKLkHDA z`Ouw68!eqKPCOnp^bx(9d`N7r|9`!qF_4(K=O^jvn-_rKMVy2BVB~T&S3YM2}QG8MTQ7Xu}*5=`q z#^%t9elh-Nbnlm*O%TCvIYm}}?Hzq~{V1q!=E&XJp0fL~3)R-tBhJ3MD9Qv=2k?Oz zsKZ$_>^Bx$3m({Ag_quwKz3f^`TR0H8Ldi!pa0kBzqyh?WwwX z6>D#w7Ur29K76lc+Rn}U{Zho&{qT9HW`(|ZOQ82NRgvJ#EY2$8PQ*r!O8Lv99#ixK z2rq6ci?ZRuS{h$LD1UD%ZlUST2$bF{dpfqDI4E@?#O%i#vis9vM~(dP5cl}ynW(JH zBs^LTN98BVVY;8Ll&(;Pp=820CuQcOEKupMcrNq7`^TF$3aZS{wKaxZx7O55Vz5#M z1*n+BC<;;jH0k7xhW0auk+r0)BQ1ML`S#;A)g(3NwGyl>c5}nvDeV`+i;cJZRZoUG zo-e%NT}~^|X1Flc(02Z7mYun|%9r(rFqfo*c??35F**-c5pm2i%K7P8z2 zS>Nz}WNM)nXK9&{uRTxH>-R2#7A5cX%I14V(_VwH7;#Q5v$Z!*Aypgx3-Q6EekkfUIR*yd#O~l!l!-bmrmnk5BPEtpVR%v9%ia06s$T|u zD(mL zXp|JAVO8}wvU;J;S^p>3m88e&4$4a;+J~mj_+s82l)79O^PKa7BdO&YD&1-g&wR)t ze(`lXwj&4Mi_)}y)n7{0HoghaYD5FpS#>r4v{i_<3j!v+D6-OgVd{^QWW?pS9>c>Mm~}4 zCgN18Mh}y$IC2ghjDAca;lDwyGys+q($*zX&zl2=NR$EJGxf9nO`I?tz)*xVA{&cZ{X^GY}s5wVD=F7L3#hS1hFtW)sr=&L|x6D z-GS2=8#+TE*i;E{Ct>;e#jD zv7%-9``#L}=Z2w? zAhS~Rzb{d#{GRe~_%(|+DNlKgK8n#l*pYLB4FS3bjxv{AXdE3KmY9N^m1}1p*8eq% zwnFb;RELz3+$y_7RC#mqKtX-9F@;%G5Hu#|nHn^|jq1fbIe-UG$;xEJCktr+(;{ZGL#8u5`?BcBFMT6c}ZIyL7hcexy#gv6!B1j4~#=HTZ=+yk9A~39%qN#YAW9J|7IAad6Y`GNbN(1icSYZCpQ>L zO9)tP@!`atQ_Hu=WQ15i;fK54O#-Y^=||e^9<#bA`e|cg36gw@O3zdO3Tg_us%i#O za2R?i&b1S`ys?y`!e5Lpjk{&Fzi3Va!Pp+~n#|c~n9id0;ntRpN-HW0!J6hF&)cjPH=9cYnR6ps+dLU(}t*NHRxdw)vkvESHZ!P*% z{Z~BEGFVDQ<{5!ix^ay*7N;dzHq&}G0r(FR!}e}&{CsppOdS|%_|oIS_{H2WU^#;@ zLfiF$010}+IsUYPRD#DX`zNaGe<;lHN(^CV8Glz#30~1s17)@rJC|9Ch={c zOK?h&JUc2d7`cZ>jp?sf1to1H#C+xg*#Y>-&?~z_`rtVOfl{p#)d?J4&YMG0GC zg8QxZA;V3s+2WABN!?L#DUv!6Nj};`REqSinp8PB?V(05v42vOoc^;Y_{1kb$b9kq z3zzaM)!!ACG(pl$+D|*+kXeB!!^SM==1MDrF~U{M7ri+U=S4A_Wo2$9$7}aG9a3|V zq*9nP!xPSE+{>p7G;U&R05fTX81Hd^$}9k0Oy?eG5w45po_Qyy3yh z?x>+Y7VXTo1f9&~u`8rf4G6Raa5nO5?2A32EnSEn$GZ=T-$m&G`2aHFy7xWkbW; z)xlrQpwSLEc6e%Kcv~{-+;)90v=!1NS6XV-mHi}+yY7P-iQzzx&(O;rI+Sqycf2u%he6E%T+^x6zn z%-WwgMelzzu16V{(Lc>QsU@*vLQV&NT7dc%x7PDS;?br;Ta4F{idY-S>Y&rdV}mlv z%%6r7V|>1)6kTsqmWru4ky?ujw&SAjPf{uA)X%>c-t~#7LGJ#ZjhqxN6_0DzY86`H z$td0>c>cqY)v(Q8@(chBax zSbEz3)&j_QPtTOl78kk*vT9P60QW8y6H|tF_2HE}vGE-7-tk((wAo>Z`)z`aojMVN z<=w8D!7D?KTLq+&Cr%CDTC)68`A5LP|I5Jmw#zSPZ*Wa|e4)~K8xe_n=IRp#Df(tQ zG8!@;bkWf45)mSJo;?I!72vOTMJFCR5Es|<6(=$Ceg5-g=eI;=)WxrqT@L&q(*l%* z*`9hsT5^JA>;H@Vt^BkeDDtg;BTrnkuIj_qnfA7FsmT8Un>`|FO7y&}tnjyaZ$#0A z1_y{TgX9?Sn_=m^&GP`lNaDKZmn(hkL5s2HLBKyvTIqbCj2=xQHBcm_Y!(8_gCg=g zgi9tWpOl$<((%2fxBxzz=n$zXJyl{Rm=MxqEGMuKZ_Wu5`HA-H?= z1b;y$Zn5p(9R6bTCs4G*eWuKrgwnTdc;4Lu^5>+2%KmuFY2wPd-R+Z#)w=IZ*RP2D zWy}}wbwLuQP2`QLcifdfFT9`TB54~C5s&&=CLJUV(jFXB(KbB2Xg43hBOUTAxtfz$ zX6LOxD7%yYD^B})#egEBpePSPkTl5+vLk|sSZ_e*SA@|oaG8@HGBS5l z{EnJFh}Rj7Sq#Zl`yZ#x^H|Psa!^*p{g2I`EDd(fh{^iRYBwb`QE&nyykj zkNBb0F^J3J^6H2()hXeloJHGFj(X(!$v6Ig7`gw{vz8A}rGvxcjuDatwneGWrc3as zVAE&ssV6*T#6dCMjO2GLe}?!2{P2n&t;(MK@HQD{K3OexEO0F7qlDvOtsV(l9)#x0 z&fcL4imN3*c=s34(foNAV}CP>`zfMXEmkC}{;#!17L z?2qFLXKQ)Z=IyRAfKb8T0pxKco<9hV4Un4os^9G^nagsD0%kl%!d?P*NftCHL`gF| zK7T&Zn`A1BpX2yMvC5`36ouaiH;LUap_75V>?V|`EFSn(Kwg-kj}!Atg{+uoHpGu1 zhSx==NZOtq9OckRKs8UC5w4G|$&7pEBQDZ2kuq2X{eOc|I^)C&4i2jAYzc7cf?cwt zN|HbBy2$CttJj8m| zW#k)3w-Um0W?10$AB36e^JO*vp`o8mW*8s;Cha<6fbxg~J-Q$`RXYG0<-%iV8vp6Xux}lb5qG& zYrDMp&$5pZvC^pFaI89^5xO#3aa9q~&M6up1^dLhZ1lZBfRO=0n3;SH<=F%z z&VrPknf?=JB1!$t1tR{uaY6EPt1+172Y-qWnoOgJaW2EROlDF^Vc5XY+qN)B6P9t) z#hV}dxgNI_Ec`|(T>$t+@!{GQH z1{F#><*RUb8Bp&gblMuuh(Sa`a*C>|Afs_Et7Wy6qYsuhBk@r*ls)PvM)|0K`WNod+(@ zRBJz)n`<8u@sx7vnY3m_{#!F1t<)&p1~_0c^&1;+GCyt%NL>{Kpx>@9?N=;y^X$Kc znUNFVQJmI_<>UP*UNMS9^ucJx8aRHL(aa(~&erq3e5(1g3YJ{ygmU-+V@C)6)t6wd zsc?vm!&=vMFWfM}f^yVsvFtNl0pqC5mg)vWnVND*9$$Xu|8PRcCNqPN4{)Si^Yl-Z zXNbvb?2USe6`Y?WLY291OXjc9R!*80pc_uV*8Z%=c?()lgRD^C)Cp1P(>I~F9VQpx z-`(r6>&O4fGcWl>cM!W_J=xY}Gn(?7tc=0n<&6+y($iagIEs99D&Jfon{o3u&xte} zF&Cz{~~qE+zymybDn-h})@d7U91 z$ru~MuA-+cKm7DD-H89IBM{DF|VY39JZOL@+n3Ej&QUk{%5@m$b=2R2dzx8=3ZO6#@x~bbQnmztJ z=yeBLeQV=&{4|0hIdhX^HlU0(H&4t%T&(8N1S1+!c>MsE!biVjkHDJ~*yFcowmNSr z%Z(r~yP^R!$Hrj07*|!SDD;pleFUg6f zu3lpgC!tB<*{gM$&ILRB(D%{)(1Y&68gAbcuVT!uiEnR$5SSFi*hHCKLsQED)@bX( zsjEVr*EfHo{SC5ur0|;ej&g3Nn+0AZ9Mb-uYS6i^t+mbD1pyzB5(?0jLXACE7)RF9 zcPTIPN%c_MDDT*^k^^v`GSn!$YMB=JPCP%Em-S=(J;R>7m{;OO%W{LD1 z?IHBDv*j6_)McW9?8`^E^9!vm@2*m#4I>ttfrFXsgTweE3vBnmcU|p}lGiU%wFME% zGG&)SXh;$qTBx9FgNO<25PVIkSw1m-b=`2`zA!CUFZCOcq8lQ88Y^O%gg8RaWKH8i z#uTM17qegRv^o1OkUqyRK>zel&mCMOiRb;M63;7997lFK03&=;%mLTw<&8Z*#8*e+ zKRy$FqfP_#%j3NVp% zCp>A~bIa{0YZIf0syWa`un34%#-oj5qzFdjpt~Y>gUq6AQ;Iwv$ab?%OdySZ6}TB) zrEAvtMXnC>zhR;+_3)=6xuH)AIhp0ZrbK*en)dCp@z^qf5a<~PgW7JJE-cuw2jD}r z@A~={3KijlPerw?#i#Cub$9ZQZ7lqxnI3V{8=5kr9dc)jG(XAK=pGyl9K^5YQu%jY z=^MUmbP#DNb=#J$w_L47$LUU z_yZ|5$Id$fA*#hwLYmi8v!;4-B=B$aiAo*GRwNg}rjYYiH|#m7xAWymPtC4i$gc*) zD0(%RIeFt;e7U~TQSxUMN~;q=YB0t^hiJ)fZ*N zMkt4E+~9}H%he!@aCL(}?|4aTq{^xk|F-YKcK@@>3v*1c_{$=XPJl~mKI|DyR%C;| zSx2dW{(Grh+lx@B+zEj4vc3=l-I3ZCpq}vP5mdX6q+Vg$evG!BUa1L^@ZwgL8p00T z#Y6*HC0lMk+eBY*zIYT%rimJsr#_FquK!LhN26!fh@ggG9g@@8Tv9}1LzntU5zzBa z15Xsb?~Ula!#qMChT= zs&@gblQAKDHqb$kV5Uy`0Cn-bVX$J;=%^veJtO&6F*Zt3VZIO}q^&}2Hd(^0<>;o$ z9&;|WsT)iZ%xcl|ZulN9B^yK=Y|@Gvk(v-#_>t!>FcE8ol#c!B=id<#IBade{u=yu zIRk)J1c@^T=!t4-rDhz))(E3{Ql;Utk@1T#)Cf_q2fE&^%|%(yE$M|mrCRahCXn>M zodRAjt9L0CzYZ}gGnEbZC*Zv3Gtq+T#M6E;YR>s*vosDGmgMY4+W~0_NYM>BNb4#%;+0*JQ;IO0J0L^%D)fg2n;wFYXE=EWX3CO>>3NIjnT;ML(X9X>v20@d| zeyd~FffGX{SjytzCG6R?!N-})u?3a48%x;TQ!c>`D_y2p-a90eFQ|ie-3Mdg_#83Y zMZGei#(NdZQJd7-AhAl7zDgB*OvrkB?>3E_PGAYSRCzojfLLCa!FwWe4;(Czr`Phw|mShptpDLk7KrucYvQFN)Z> zh9or-KSOwnco$^mWtcY zb=6TbM9pFKITEobrfv9&#HOn80m%9^r@Q6bCY3nE9O1B{D1VI_HE&xEo09OqwOg(X z+w=oEn<^-$X3ea9S}k~IEBtKbkh9InagLdq555QLB@VJh8^vDN6=nBoag3&*4tidOW)8JAL zIC3p{#01Vm=32D{ekzqcbE*S)Fdpg&3*iP7vf1%NE%z-Guz+T8@g^i9=m-i)Vi{r% z>SzOfW1Ofr@+VC_#Df5BNRf)&^}8#iUzaPl)@XR)HS%oZGxv*M=qNl)j4H3rk;)WS|12QU zfLI#Qa)RccpsOv1Q^qyxR&+2jq;EkBD!oE_cs_h$f%WI_e7fj7+ZFqY%F0xrN^2I3 zu8#GCI{%b308N7OF6nE3%{GstN>G#7C_))JCh%_p%^;5Y zhvUXpf*PYQ20UjlsgTYaqB=2sB16||VDK5^Wn*ZjMkFcU8>U{=&rQ`AY}#WIY$%YqBuG!1;j7i7Whk!|aIl&=-111+K4CgZkrtNmWRXJ##ov^_|E_ z|GV+DibeRm3ZQaH^VdlaNvz>}B7fpnnIX2qy=B-|K1iFWF^5;oBpAM76>TZ~YszE! zWM1%$L|<%<+-6m1%7nvX>4Us8xEI@<#k6rTuRi(*P2ys?XVwU8<+@7bfJPM$_A2}3 zzM?`(yt2Bmg4;e;ytEaQ;vgcOvI_fZ2|o&mqK7(4zVH}RT5?b;ezH+EpPfK>4I=q# z^xtOpPyR5azoiSje+h`UU^$xw`3~yM%UF)iTZMI3f6<4BbiY;{uoXbQyG~xE5unl6 zgwu&M4z*qqAC?@pd_Gs&i{b_iYKND$#%X}m1j7U_ z)fUb)M{6C9EkJT(VIOxYuG#{Mvrc@DX>M912!UP2JOei*LlI46IU@c64dvQjSP?Gf zv0I;5r;(N}n>O0bEk3_j{-29L%a!yDebID~i;|HM9R@NkTYBnZv3A1Sm-|+WNEUr6 zBSd%wfz;*MKaiq_zzy=N=)fr7yERr_DT_}A(J0=DLIwNbZP?(;miln?$L8XoC{cyr z;1fDZSI&Yms^}ei1=YxY zM?#4xORxdJeB+|Ywj~aq*90Xa%4UfJ)u8stC92o`=0{Kz{lC(6HBu~|IZVZo0;=iW z7NW@G9`~09{-qVrJ*vIWv$ApQ7>n7~hT_yxOAih-1Xfw1#U-|w)i<70zIekLNE%Ir z4Y{Psr^SbgDnaR$*`Pv8xz9iojUOUr`v54tQ%j$UGMW5H%x#Df@sR;aQDG{|KnOKe zR$q2zY?wurRudytL6Xrnc0IZ%TD^UZ*eyt9QI`1MZ$x_2i_7Fc7L;+g^U30dwUjS^ z^ZTOS(L7Ca;|W{!RF@VQo~cD^B78cL8;Ruc>zu~yTa|uKRbQ&G>z}u!SaKDWeGcGD zpWVW|t=U@rX>R1|pIm>7wibd^=^}_>2rxD2!E5XTlphUWXPbC~>v(s*sv}R)|x*%nr z7+E;zE40sV-pf7EbhQ_LW{%hfX)-&mc3a=xX7Gk1vx0TP?cKRz8@b7uwYnk0^} zwS|mK&mL~^u4uHE-c^@V@f_EM`Ob8`R7$n`o>fPCgjea}ybHd53v^PGOYH&Q z-4rz6Xt+_Y93zSfJ)y|;c}|-xTmmt}>ZJ6PwxrOs_F2!Lzydv6AEs9(iE;@#k1BXm zVTDN0BZIzdDms=g56uxRDrnLTU4FQo{N`a_ffq<3Pr=d~KCEEYnsN@Ph+zZ+icM>X9`Gk8s3dnDri&|}3jU2~f!JH=@ALorv64qtF^0m& z0t}F}>2(ZCZRiEHpvbM{4PfPsCjN;Xhu`3wyp(5#mSlg80~H9;0pJ=^i?OZ#A=mM? zRytKBM|4P7>6u@Nop0M9K(`d2jP1enbkDqe&#n=#zy!9&yGKc{_<0)chX(88&l9-s zmBt5yQ;8=ONqx8k^XWDILx*igsU61RAeqp~j(J^DQd;OBgr5Dj^&z-M`M)sa!w%+B zs$m)Vx(Bh`MX`s}+XyEdgsr1YOW1nUbNMWT-b>aG+dVhquTl6e9gT1+Iag z5DWIpu1DT$2e-sDzwTuE1fYhF!mW9tIX>HABls{aqdtnRBx$km@!bm_XVz-^7ZW6> z5q|l9U3~{MoK4ua)m!x52^P_NjjT=(f`}f`d+%itWm(ad5H)&<5G#5_XA@nBlIWc% z8#YmbZ`b?2|9`%3&)GfC%$etzd1kKry30;c9VY8_Pj#0;gfH_rAgJym`BgLI^tFF+ zL;m&?c>o0i1ihzxitxRi<5a8ZOuq2@Dhb>%O<+<2;F&BJ}9152#$%xoohe}KTA$;;Iw;(@kh z82!kNixH->%RFTt&FcY*_AeNlJIy1LaARr=eVpe(JA!>qhHLSe?|+a4Gf@6I9uBgk zqKTuHv(BL{Zf4up9#X{y(N@cXGhK_Rv0roR(AsohMdxI~?&3ao7T9P0RNE&1hTJ5f zDl4W*u{(*AfCD|x3iPsh6-GSiUol=-3)Rg zGcVSD3(}m{w-5Wiil`r;t1^cDdBh3kQ{D|m&{bK|Bs>=K@1=v$l&-naKO=!X_K6iD z)f-3|&Ryn)yq7-rQ!cO2qF$miU1s}z#ukG@4B^D){NW-$O*4J7)UH*Jy6f?q|7X^* zBRZBRJqnE*7iQb70Vd9n&DnyS@lAr5j>3~2w*(Y@!q7N*$DkI^%ENBNzzSCK$@dwU zA01Qwr>}QA>9KX90l|eY+P>thcYKQ?6GV!)C2ouFvb@>~ z1GB;pSa{9W34IuHV{q5)9mVFFR`lzrrtKBlKeOjRL}de}!@k|~pYuV;h~IdbwmuM9 zRcvtELE^)P6eH_Ws9T(h!Ea0jd>6Ln*i+=r`++Qb_d=;;`v{H5UVaJ*{i8{nFZZve#3%28NRH}rmf#=&40Nsp1y?Ie-ge&LZh zy2|So^tk#VR{!4st8x-Ga8lqs z1~4);i2hr^{NXmNzyKz!S@7%JX+)x_cvp-}m=Uew#B8|cA+>*4#=&Rb2C_(aHPG=C>0g~UM2k)YTOS3lqB z6Mgy!na3KwkII@XVd5}VDt-t<=ml;jkd?d*YsPNPpe9bg^;rhDQTPG2rKm-wi@U%# z!pyYyu6s>CBw1?d*|O;fNC*XN@4ItJgWVslZtwz=Vb2rtLcd;?+0dxf$kA&B z+7sONudEC4XbDz8SKVbPDon$pZUK=`43&SG7V1ueX5D^Q$Lz7?wYwI6#*eHa-QqJj zp z!)jK%@C6OMR1cetBd)Y==$Rp1I=7z{c6A7c#G?^nk2`Q!N`igdmwP^ZGb%uPDQ#Q+ zPk{h=T8l|AM)#426Nkv;urxyXJgbgvqKKlgMPT-7&)Cc?FKZ+B8b7>WV zs@f^{Z9>)&+9w!E^iRjyG)w`@vFwN2Us`3!#MaGwrv8k)-u?2~GvEI()fK2fD4}@b zp6(5eLgb#MB!UD$xG6a3dIOSUOBuRf$Icrq|E?$zF`-)a*~y zW4w`VT z@b%ZA%|mxyMhmNCnNIrQORL+o;~o-qxAee)8B1Eb?)1rOVe#_1iw>W~e^RoQjnYnKdE= z*Ti8WAo&Fap>Ua`nSusKV_asH5(%D_Jzb9-0i`^o_gx7YM?S)p{5gkhALG`?!g%wS z*(szGpfaR%?C0q>jn z!#yF|@?lDq?g7|f-aw#I{`{2oG)BX{N6pvNgcVi&wDsmbd1G+`20zyypDOCen>gpI zd*+`^tT9CPOOZEITqk^xg=(9U2mHbN9I9C2ppPObXR+*osN7@GX_`n()i)BAr#BSM z4P`wsH0sq|)ZaA8qbrtiGPS_+C|*i78#syo<@8JBOX@r@2lx1o!ojvz6n)p+!@0K= zEE{BgU-m@Wg^;eh6O(NxVT8X z2d(=<&Vf)&H|%a6MxG9Ss-tx5L1hdU5jwn@M=y29yqbg&zzT1-o~SFo`eS6CEG+l2X7b^ zqoHz!Xf-xh6>po-rvE^DEIjqhdLs?oO8QW1>`2pL2N+nb_aSTwnFjP00}^9&Jg_2B zt^f*=)9Xw@#uo2dpel}>w&>gbl=D*AEA(y>aQm8j)mmk$KEv%hLnPV{sGiVq z>*jZpeTkAUzg}s1vCsW4W2{EI$fFrU9>W-l&zvvnnx%jESaS!+4&vqGL~c9wY4H7> zjp>IZ=vk1FBEv1oUEoe5CrF|;8)NNN4lLn&m~VNh5Fxu8yffR1MHTm0Nb=MzC>Lw06M}{2 zQix4nZgb?~`?}-?`8EI^wt5$^A)*P;Q0nbUayk~K0lk;=J}^eE zIg%%I&J@{L=m`ZW5!e?u%S{(X){FWUY$sUtt%FGfgi#=+pIljB{BnIw`ny(^E-p-b zWg`vFGN~R0c4%WQ4%_CD|JR#8h}Z8|r3gBTh3f)t-(ZN{nQba|zTcM9nDaMr1|Hts z!aN1-wTlL7SGWCqe?@Qbzq;TDIQQFRC*<4Y^nR+xXEP;$u7N@`ZSQx_?vo?1E!TqF zqRX9b*sm^AZ!YMEtVEOIHBj91)=~B|?mt^cwe#$-5!3xnOQo}ljPFIL!$Qw#5cKy` zhCkOzzI$Q8UaCRTyQ&Q+oWCs+7ZSo{{^N9y10CXqh>42=3L5vl0&w1x5?O9maTssT z2{00IXVPVXhyo&tAR|6$vckS#%G_>~lz(YqqF*wrG>kH2{l0 zvmnWi(&T30*>t&nYFr?&IRNL8?#-Oq_c(Kw9oCghC~-+EJt1Fk(8T%YreG{Med67^ zcNUcX4~%`gO7qZrIF<2ajYy*qbCGF3*_!Wna9QtJhWvJ?bss$hZ<-mgbs$9iNQQe3 znhL&@?k-*-kGBo+xer`Wp`(zI9&oKn`*sl*O*~XiPx&)~22miirFLM(w?nI?n<(kE zVJBhEeN{XB3A=LjxgL#qAcg!%aU{OWKHAR1E zEgU~YnNa(Duwpd`HjC_pHiY_6_cF9DeD&|!VR3Apqn2_+TM%U=X1KZDsUB}WL|=qx zU6$_du8-HgUV53Da^IV^+HE2|9z^lrmpt}7x{3ARyVD}ixuz^ZukN)>ywXEEBUU{j^)EYA_b;ok9@_1jU~tsuf|_)=HoTCM_I8)650Ud&TjpmVtls#;&T)Ai ze_#Cd;hGjGpK9-;_1m>Fup0jOfK){3sY> zzQ7pR^>e9!fpb$(h|<+chQZgURlmCV3`0br}`C*>^~PqAkea}VjA66cdNZyO9soX~%co{EAfo_l$K z_4mi?$`fl#lN~1GxM}Ef<%YW%{cL4%sVpikuVMWpAKxUKc@A9|5enA{sQu$r^@mkf z6E8xmh|!E2R$q+tFg(o~*qe^b{>fN2XnK(7@wDNhX$IE}9OTMe-&Mw|c&_saZsW=F zWz+8C9xAaxwLZUI)8A>I5>0=^p;1%DpqKtcj(TtpU!C!G9OX|3g3TsXN?&&kt zfG!*laI~zM{~FwD_6QKG-{GPW`ceRsbwe5qW?66pjdiI@y+GW1 z1wj?UnejkUACyY5GuXO+7SBl=suf$ZL>Y4 zg+8gce+M!6R8p@vh*Gb(dR8G&L=7yeCEwXHNY;Ot6R;j1J~;AauQ8ba&z^eF()Ynb z$mJTbG7QjqIrikN7^4Mij@C1-*GIqhN$|UV%h&Zw)QZz0@=@g?NRymlzj%SOb7dVk z_74By_DU<00ccLP-IMY{zgLT{-C$TRA1{gcxq`NKDF<>*tBXYHXYkHSs|XVXMnKk9 zzD`FisZU3t1;l1Pez2v3b+P+A5^3%!B}P$5PU~mDm)lhZ-dt`}v*iZ>$YGw(i@-L3 zPQGnYwxEAje{T@cMH$nvHx&w}t|W>(aaHq|rn*hMsFB>9{T9amj6Pxu1sGd%Z|TTQ z(ith?wnIHVsIPUs0bl>Q5y~MV+l8=7*y@f?Yo3X5xVfMZj0ww>z0$2)Ba)Bp+$Agm z;ujhXCf-c)Ki?K3s{^TGOr(cL)*Cc!!|N&C#r>&OLw&(R zK+eVjLH;UsJgwstw+VxPV?y~ZOp-@jOp-?R>&bS`f4OYitj$BqW6QgQj#dyifx1}h zt6UN=xwDK#_jE?|#C{MxW%tk7J94}_6PL8YBAB{tHNqmn43~j))I($uY~u;Z3BR

{yd^A*q?a4|6? z2sjB>WSc_UaI9WUm7Vo1CMkHkt=%K`bb;5ydGAD2U!p0R>u_M`70b|*BkR@;lDJo_ zvF)&AduDKW2qt+8aOyv~yyw4!xz5E=@`u*wF?=aoInM)+pPfqgsINW9^;|Hwlv|gM z2~^w6m-Q51_G}T*k4&G}I0|WX9=1n5?UuJ_j>Gh_o5=}!R>Vd!m);mow3W$n6-{90 ziI-Jmdor@e9!S!Eu|n5@5+U|XoxuTb@<>T@rVG{GyX_TKW;i_gX%6)mz9Jlz1WARM zW{92^{1}y}KTdCx#1#4`)*Wj0*}SFeFo&2+0HxhZlfoD=Z$u|RmV>&KX?9xB0ACahgMW0 z!nf7Mw+%Y7aNv{emAuDBB8V zkki|1_Xscp1|RhTqH-zKOS6;AA$m4{d^i~}e85ariSSS+3?FllyBlfd7<)l<7sNKm zwqD0Zf6?+jm89oiI3iIlDxx=BDxzpOe)4qwYwf^9d(LS4qSYumATo)yJ1l7Gazf?~ z{h(v}wfh0R>xc@-sdbBbeQ8epM=iM3WknVj?9F+%)|=B#@a58c_C<}|Wo!Lft}uoj znZz!WsbfbW+21*l>rv^+m%^XTD6=A0wi##G6IlWkPfaYp#;KqKrN|kVT;Ut8TwzQr zT%FPDj8bGH_*-1Qvytz2YV9u6KeN9w^ird1hMgD~FqiDkKw2$+5ru(!n%(cZ4o|0j zf45sOcvj@?`SxBcnzWw7!kqDo)@H+&;8Z3@HJa%~i9wxq`#Mr_l#6gyV7}&GmT%q$ z@icY%@8 zy5a(u;I>$l%^A_>UNASOc7IH-$S-j?sza|YC4uzC!vO9ibyM>KSPFC}6|A@SBw zR5PahkR9hNP_?8-*D>#!J7D3idf51?GpWQA z;p44;!>0UTZ+%J*GiagTxVLOUG>P%RwF6F8;inyI-P(} z9r{s2cOXNY`R}H)F6Is;Md2s>wKj*5RMd?8kk8+wwh0_kc@A8HIMQTsO_yHd1O9B! zw=3LQ1t*HKEY^mZM0KQ64I8nVS32MeZ~GLwda&ogQ+!n(f1}TE&ugnBU>CK`tPyct zABGfGeUc7nIHB4b@TfE47cVt{K=iyP0jJu+$KI@L{|F>7Q(P}$+eR(HX^*y&MpbpL z?U6%+l$)8yeQUEv=};8o#Oj&YR0j7lP42x#Q#Jr>v_& z%4F9Jk4}@9M(Nqq4vubU!&L}*P-&m>g*|SSgHQC)Bu53&XDfPcRNEtQHcASuy;|{> zy#j{p=HdxrOvrkz|7)4YwR)LHg|!b*TJmF764Te^2j@4NxmmhMl>d{dl zRxD*fjIzRTy=Y9C+y69HlU#h2Zn%7vjOt~G-`;!KGrOJL81eF$&6FJD#=Zxg-u?b( zJvL)5-cDMbW% z<={c4MRroEJ240?;M9KLd-EdFp&caO`VuvK)Z(jW$hOPBQ)vEEVuQkqN7H*n!}^W# zB8BhY{1*C$gfTY#sCs+f-<8C0S1m@Q_VSaRlz z9;VdeT`BH&7vsWEyi+XI3+InFnijlyU%e`&pQx*t;3vsofv3_X0+fTA_Z7)Z=`ZjD zYp@SnN|NP3cQ+aVB}%`Yg9yv=!1mG5vOOU6&P+ z7CCfA0$)^(-3&3wc^r2n9yBV}XrI@H%7#sVAH_`=VL;9 zSL+3VnEDqX`P*;n57s8%g~EUNEW<{;PAl<8Hb@B@_MT?4@^LM)2F~V^K4O8fdp;7& zHwsi^y>y{{Hr+Hdjw#g#xR~%dQ$-l}54tZ2DPnn6Q^Dc>s_8(PfWC`?J(8#&NM| zSb&!k_OAull9wNix=f?k`wx|(B{M_LhCpgp-ya5xFb8jK^mFUI`2g=>bKVcJ_a06dtq z|3hX}oy>Ps{Om6NAu delta 24825 zcmY&;bx>8``!z^+cQ+Cef^>J+rMpYI^Ux_B(y4SwN`ruOH%NDvbiG$Uet$FXU(B7e zXU^t1>silQYw!C6sL2E<6lFOmXlw`w2zUszGOYxZE(Gu&?YlcJ350|>QovBIhZVc8 zQ})0ol6~=mYjXLKHuZ1`cW`!mTlv8spdIr#XMa=p!2)UIvl6Ex}d6 zd~u_J!9w+9t@8gsnn>F?Tl53Zo3r{AN0`J*%9jT?nB^*OrQ@}Bm+o$c}Od>$TEND``%TGE@>ZQPL7J|jKId2Md(v~J{+M4H@p z^4kKI+&!I*D3JGXsZO&@iki9=iqD}y_6jFw`Nr}H-B4syu$mw z*YJcM_O|>eZer*0P0Pj_1uvu;{p&d0O={)+Y!hi`At1fgRvr6OZ1|-!B|#`EVW%m5 zGOWFF9;l9bhI*Z%X z+4-NkOH$Z`%aV4>(pS$N zMB*38`Ja{*H}SINUwIN64P>;{v;MwNrAkvVY=UPpH$FFuQm}f&$mkGM$#{aTUJ? z?LQ$4C#hQ%ta;jMvAF@-7q1+k_h}t`?))cuBv-K@9CXQfVOAT2eG#7mAcai2lnB?u z)&MSe1CPR-?^Axpqqq3yb3MoX0c6Wn$9NWv%%UUmhA$e5Gmn+qx-$GQ#X_X6xUL?% zO7{q#UDZIDK1aYIN}a!X?%fffbZa`)@q}j@==*|t{{(m6{Ad#5`!OUw7MDec4EdK6 z_8X^-=;Cvq?W?BCtItC3F7M+YEqE?rqCe-NF`@Adi}gB#A5oa_T;3~53n6V^eSP|c zq7;aRe~tuO!Ad?05j+{GbBS10`~X#~#+jFJM=t)f0fm-asY@z!l=BK)6nTUr+upmk znfK>uG+4%E+?@Sf?le{CC~u^kc`m|z{d(lU`TS(`9qK0Xr0lt_XeTZ#)u%;>Bg0*Y z;Iz$udm3gX)71Db+eT4$wy1(rVJ(j9*{&Zj9dpk}6&g;BjpKN>mTE$qdljh3w*T}p zJoDgiwq~8dZ2lh4*1aEa9-GVvBSS`6n_Kd@WGOleZcZs$8Jel`{$)c{6c!e}Y+M*v z-G4I7(ncDoW^xZRwl8=3Xwx3{nHZSYCM)yR*R8M zmB?=AbiHW`(>}*d)jyFC!p&W|8n72T>wejLsHxj#KGEuV9nc0`%t=1j&T&BKp#8?G zD@my)Sh?O@b4OH7!xnXnEw7!1eia}*8 z3yz)f|CE5+Ipc#AQBt9mUx+=D7z#}eF@J-^NH=O|Z*QdcVLt9qvvusKp9pcwE2;WO zOvH+UCpnq#VZaD5-+;vhp zngg9~zHVVFkEtW}q(_@wxe)eq?)pMWr-S4Q1`hW?EraDU(P!chzv?Z<&q4;|HZZJM zrr1pQ7FdEBUVj9bBN=&MEjD9OJBeNnphTYSVhkStpsE6LC466UXsS;32ka;8ggUwc zaA3a>8g=muVvotZ8|Dc+?fm3|oDI3>iyl{V+|wd(u3O}M@UeAemIJ7{xkiB5ptZWE z>b~nS`c*qOD&a40kqBq;lk)yEIoeW8TP*!pO+vSWtC+_>b+z^$~h$m*WP%e-T=s9vn+hkam7UPA?ah@Tdy^Wa?{$HrV zps8SywTy+!AYpqUrkNtTFyTKrOT z3Tq&RxJTr5OcsPkN_U(|^u0`FdtwXb#%nk{@uEB_4J{r}%7dTG=)c}nq0k=}7xaFz zQ#|vK=RV17Tns54xNn-KN(z67JU+_wPMUSqbPcnP>=B8C5=%ww{)iH_U~a6ESc6O= zI8Cols>Ax(Gj=`uzN=$=3@i3mk>3dQ{Pdlp<{=+NgCadc#rc|r^ z#mzhQZ6_FDdGE=@*k5H24nqn4(h7Ciu6;S$4QcMU52s@AKxa(#ju^&DN{Q;7EETL+ zLTUKcm^sEsBKY4sV50P~UNTJoxNLYY2XE#`*Y5MAz0&@(kIk$U{i9yV5uSTDzv`W~ z=u^RVU3dY#bZSbyt6ue&hrSTwPAI(oc$}y&yk`4JWEeQWoBC@;sD5=^B=eXo%KFxR z$5E%7yjvr*YolP2yG^PVDjQdmk+eTAReaLP?;>crGSN*M>4Z+%MJafOs73ANnJZGNSM7|^1isKPk4EdGL)nO;!c}5B6&OL zXglc0N$nVT09%LmZauWg{+?a?+j5_plt-%DKD~~;`+lE{vz@0OEo-w`=A_mQV~6A3 zyXPvqtoW=yh!+G?6L?rnahaV_!7!C_>W+EZFDm)ob2Z3EW1~UaM7JuP_0c3M;H?dn(d)&IJJyVdDRTD)Exxjrp zN5+dpTCmWpo~IlDN)}LYi*qZB!x?}Y=az4z3*L-kp|BmXQRD@FHP@@8d8_u{>6oUH zrZBOw`OFD8T_&3`Z{28$5VEU5%bA3%3Z(Wq|qIG!GLsIl_$7~st>S}!1B zMCGYL1LAvg4kh2UG(4Vef~H%FU}|d!@+(YhFpxY7nv;XIYpoIh>!Eb?(=0zcn8*6P zxGn|#)Q|J_pX!mtNskm7sy)86OAeD_43Xm3g5X;O56toGW!y4q-K4~xt8+e7blzePojjB~N} zA<4ZwyIvPLRqVHGAOp9;Pa{`0&8|qDTE`a-ggx_A(D$lOT0hdWiSe|#o5eRCxXl?tpsJzp{jQxq8FX?#4s9Xe6x%U9s$XO zUyXho^;v;Ke1G-`ofA3A&9?9k!LBJevw>sp7(>#_D%?qxH&kQ&AP-RqTRUI6Obj+_ zLlM)f1rOINfl0a7Jg=mk2Ip9BEdtpZBrq-J=f z?=GBqB{WF4O49)b)YLq$?qO;KKp(^QLEx#(Y>7592J1bD6Rw4J^hFueQs*tyT4I7N zky<6fHsnc<>Gf5?L}>4Q=7fjz?lOhb6Xg|qr{hr997aqugQSXCC}k-s0p=)mUx|-# zUrFgJ3oW4-aK?ejQUP7C^xfRtKciku1Kdp@HiI)R6@#CEx5_G zojjaOi`fZG6w%3~>}jm7<|uysy&W>76eAY)?yx}N(^Ckd^2%!`bV;=%Uy?^EIfH0Z z>P&=f1cLe(2I!RXZ}bsHgEUU}dV_KLvYSjw@TN3K!{kU>r`D0+6$Sqxi@HcA3N%lB z#dNo?`DocJMCEr5(EpxNo$MuTs5iBG>iwCV0q#e~CYzLCQ$ z2Xjjq&r_~UL|3ESCv@@#ju|2AqJ6V2lX*pmgKJZ~g&fiiAWh|86*@K6aSsrO(}_tZ zM2*=h)IppejXTj9mFXdMDXKLhcDNU8O zz)tQU_j3($8%lCa+-~wLtA}#RB8BA`mx_1bBbFyVgDSq2Db($;2&Ex&o~Jo)E}WJr z7}$Xa2jH?F2uJgD>3*M57mnP!G@NOB)Oi#f|7|;dMeJRHZxvzp+YCV=_1~T@ukM|% z9!IEJMN3-44;|J*Ja!h9M~{e9_#h5jLabz?U0DkiHQdu&+H^bM*iu6787Y%X%5@rJ ze%)k^j^u{9Eq{GQ{+b+;>$h5UlpV2K zmQ`{~d{Cmw&;AgBm;zfkFvTeyOagqCFvs-yf-I0J1xi4o1GxLQeF;-q^N&(>tZSlW zga37w^9Z$djct7K*m_!|fDO;jiN>uoAD#_JmFz66K;J4GLbii%_DG~c-6pJCxff}N zo}8>Qctd zF&Ue5d>UaeEm!Ol>+HM=NyVV_%={jr@gIaQVou?82ofu#w1o4gCiBnua!VY*SI(O@ zSt^nj8Eo%=R$KTL=qdJee(6Ei6Wy>Hhp6`l($H10Cv>3>J|VPKQcu6GWH#|We6s`S zioB$;ij+{-3*Kn{NA6*(LNe=zgd7>~+W?a|oina__0`L=aD$Ghv49Gz;kAFc;&= z-QR)+jYd(*&F5K|Q^d3f!F(~w8BYHpvp!%bpEVI1mFJi?UJqxj_h-?6!}Bd|skVM_ zuQRNg{ISX~c32~oT8OKrUm3Sy%@(c_(0ZNu`#Ibp@Pk%e@nQ>LLs}uUfC^p7ELPuw z_Fdrx`-9H{R|3i50R&EE#;LK{hEbJ04yVONP9>fnhP3OJDly$*yEyUkAx4m=7paIG z@`Ao%t{}Y)IjnB|rvMxEKb5X8izS0~+JK>s7!JBq*-oS$G}+{h-NOA!#8#Bclc%Hp zuh2O1w1Bm`KycdSFoCg69Iqs6!!sWm&N7#f=S5|5cBh(B`E^y8jRhqRJn^x4tK=^B zm$?>uI$ZY72|At1(g>Cu3G<{P6p=j3=u=(Qb>rIW$8gC59?yvGN6glM`MF0-)I}}O zO}&L?8Rx5i3xR(R$@K65KWNK_5T0r1d^bu@1yI9XT`ZdrvDhGCTtsyaNqp&7aJW&% zMlsI4MV^X}Ub`AC?tgp9`g^rA%|=m1xu1!YK~W;%t0j6dLo-}pAHpV`yF9&%X=1-` z*rqu}g~EPXpIBcheXVE$C>%N6Jdu0$Jw1gb>o9o4jhH0oAnu*uDDNxLCckVob3tzS z1MhafEpy7to$maEoe27cnG#o(a$6elK_OeyH`bI*I`f^bjO3dkZu7b@pYYik)hPET z6ZF_F!y}~%eUwu7ptZRSmf0&*218C1EYdMgm!0wwHl#D;cDm(wvG)pa?EG6k(=Vyn zV`6fg3!?^MHp|yFG9WyE18|*BS~g1d~HGl_r1#Is=6fTy?2x-XHC%tNq$K)gVs!1=xs5Lr2s~0 z`{HSu)@;ycNikV1ZIYpJ`1Gp!Bw;cFNb4jWGJ2q1;!pi~91^GIeB8dC%#b!@S=#98 z$X-yR;v#h?s-JQ{8Yg|%m}J10sCulQj7h}P*FMJ5CnL{F^vWP@dWy6!)^mHyVY_9C zEC7PDZOO$*OfL_Sh|%`6q!&|awAe;>N35JgS$FAhmwwaVz6M7zEckBiTvJa)i1P<| zBQX6QvP@KcV7LV%MF!YvPKIqvngL!n(!|*~g^=_pz@rc)X)wN~8X9%_?tIm`XeM7!x&!x)H2e^O; z_7MP9J@cro0|7Wo=*B@9x`-|bvB(EqK@1rNiCr#ff$_y6{Q(R&23`tTuD)qZ1O{79 zlpXklk(7plpGy}p2MG)xDRo`XK9RDAA|gD>lTnDK;wAkcSHKt>aa|;tg^sM( z%|2;62p(xoBBvk&Hd{v5X;MS>bAHq&>|Y_4ZFLntgTBXN~C| zrl+9Jt`*C)^Af?&Y~_PV{L8L=?^g((^&8IQ#U!PRNIR2FfP+=pw`zwI^#1Q8jGpnb zwsaDaF|%|u__qEnNl6Y9PbTrRSC(?o-rqICz&yH!_p6?bh6*!kUEX#4~~ z1Zc&mtude(vvK9vaMHQ{X%TkYca}}+9Zh=6*VUDsV!vmrIJLsXd9_=2j+ihPbPdIdWmKzXGm#BJqpUIm@5ayL(Y7XYbZdZ00 z0>Be*^@uS*X^h+rO|CWU%TDwA3T|M7=c$d$W|HWJ$B+zhEWn4d(M-lC9y5pJ%`hAx z0-K776EjtTstLBXH|$$BCb~Y6#3cGl{ENaLp{mfnA7lzy^CGd>q;x|k#J=|aBP#-@ z#N-7Zx3}L)`#-Z~q!OXDXGudT^7-jHeE5ZwOdOy@e!63Adzux*M0y7Zm#p}H3jqhE zC^$5TfxUO;;}1rN>i9%wL}*33HlM&+X7$MS(~eH8tXAeQB<<)GE#1j^<1nv|0Z&g3 zmVxz&6-sMEujFfF}7wp*JOO{8LvuCM|At?rh+h!5pR5 zXEC~+lffXpaIQ_cqJEOsKq z(oc;mkY$D;Uci_p+I;46OqG2~b2LjxZQ2Ue@^OhbJ|K~rBO-7N(}>5mpm%GO&*SkX z(JMhrj|-K!^Y>N3OgJof(Z9VC$*ZD)w@UhFt0>5JQgg}8O=~wdwbS~~+Dx}m-hEjg z4h3xY-nS?A^}}WnE^Wc%hq z-I)2d%#Z1+!S%a7W;@ABOxO4TPDKVq%3cez;Xch}zi5ZQ&K27<2~9Ly%PqgLw;lez zXUXweGR7`QTzk~`rHnh1Rd3L0oa?%e3(9(v%kd)v@S-tHDOkq(VdX>P)W*0veqj;Q zlMr*vX>QWN!P6rNeVK7nv>KjD_d!~+j+BmInHd-!4$ACwUIcfFSr~MHqn#j96#L5& zHb$grYO@o859zdh&0|R-!M~zgE2y$RR#%yQxVEBY7K4+D$w$W{MN^IvpiiT$Gx#`d z9bHX6KGe9Il=pG8s*Arw#O4sc!$GspD8}96^yOl z%Fp(k9A%2y1K0~n^8Q>#amg6%J4^Tku&c?-$)w!lTYJ%N<^?pU%8YSA-;?ZVNr4W+ z8$KiOk57N>Ir}j6M(yk24|BCR3ybtTgE^7`-&YZgDEV*C?1r~=EmepM$!D}Oo4a#V z{Wak~k?)Kf5f^gH-~4?|d4OehYx0y%X;CQpS2;6Ap~TMMRJ5@gP3Df9aT6uhR3QXW zi;JDPmx`bIJ(MNb3mzy;m`O-<1pNJfLQXB{lsARo0nokvLaTGh z>iQdLpzKS9xzd?&sNpa<*5#qtcXn^R8@^A4v7skhj@h z7s9A!-)FkHjhK#^69xGw{i!bQFu)H4cTD8k#j|sj9MF$3VyTQmZAy)BpDQ9BJat_{ zM7#8{9uO>plKjuhNJAyLc6Er@@Mgmzlc2CK*b;P21j-(Fk);%cO*M~eG#5Qj8QYch z8yt9`AKTq=6opY2u^gw@L@z2$ zP)-8@`V#$5ctg-ey7~osyYNEd^RiUxnanX3#m$>aP0)88XW^8pe_TFjoH#YhMNd?m6r4}> zo=1KJSuU>lvtdmzHw@+Y?Mwr$W5D~caOQ~i4ZU^KcAguWnZT2%sEBi=5HfFE5uC!J zRs!RM<_r}uvj9M&#c#t%i7`cCzD#-L1o|i@zhG$)2`gBQrs`N-ibFIT#ux|UcI^*1}%!;o1wE&P<;te#s$H$+w96FDqexH zx}QrDc|Tm_C`9Dn2CYjzdnG*z;2a^YkzUw-0kIXU4Y#EkpP0TiRs}%gmk`go)=~MgYsN-_#n*Uh zVFzJuJ=~jtb<2sw!7S`%mP<-kODcq_*@-Dc25qp@aRA~g%CH%rRS&R)jI)gJUq4HK zLGh}0p_}|~!QYTUn6aCB(8dT|RTjwa>nRLh(GX2Ox0ZQmj@SC&RK0x@?hC{USAi$j)iP_v0T zFq0unAMtutnz0d#QoFES6DL&%YeEb7%RDF3a zB*TXIf0VJ`n?#)zD5A){5{W{Rp1m+3;&APv$r!jx^}LXz5cwD}jgX=4I~w?yBtc&MWw9!P6d?J2@^!`jTh2N)%B|%pjD%u0>Y2@YTi9ctI9j(J z0iDedCAS!CX_7#L!@S0sq@@1sr)vL;GNIDq+0;RNtwO)q@`TA6Xoh|eyv29kKv5$) zoK((08a+vINX3%Q11hG#A+~>UNNq1QkA)FBj-n-kn3P2-tLu4B5x{f2gaB=}=9yll zuG;;$_FcCp^pju|O=v6!Ec1&~$t|cc;8qZ5w0b8RaJrr$FMzbe=aXJyPD;(q*+lTW zxELNZY~8Y$aQmpoOlLDf$!$2yL;r21Wv}YC%AtBcE^SCra&Ff2YxSH@tT9zxXm?ps z&IjdZnkXhHkE{>LjX;pFfWc;~y$q%hQe??bgg$Pl=lgiDM_dxV{`}V?+R0BD!d8Fn z92l2GzCdfnHYnyealVW33oF|yv3wD@RKH^P;r zfgr92HxN6b+m-nkVT%CKy2!%4foRQkk9WbUM9V{wh3?5cU4Htt7y{%INjcp0r5)K6 z*3BJZfGOh4lR#!D;1%I*#&R;R4x(_w=YP%h)+q6Y-IMv`Ybn)xn6&!O`VtjEAJDW> zqO8w>Q=*r5dn|WQAfLkiFTr-3JvTBb>c5w^46<*9YM-lyz>#g{VTQi0!*r+q#W?8^ zN$w+_`qd;R&v3`A>KleBj+K6CWme5Ek%V>dW4P8g(Kcu=VErI+^t(EpPyM;$Qx}`? zn{r-leL&ooG)4Chwg;F~Y@z}PgYHOUqyfx{kO*w;9I{}1(W9%9Uzq<V==DdW$%y`Y%{udT+{gZgL<`E1sInG1AH%RS6=i~M1a<9r3~hz zsE8XP3Ve|#5_RSOhL9|`uu&mKY+yfiY+Xpi_K_WmL1kwlqU^tL=S5IPgrF@oXlf>5 zaZQ0oQcljoz_#UAHk?*N_`SEsm)}~F#`=C{OWx}Jhv|OzAWbAWy6nTQ>6OrOMJ^hw zfU@e&M!~MlT_=EN>w6mnBMwTg+5mQb!Q*F*nfy`Fd$XTwAj^vYP}10EpIq!qhyugV?+A(-O3zv9F!1t;^@ zjtj+#qb>OPd%dgJV&8q<>X7?Vd}{(qi2!3RPZneY`KC3Y*F!XuT0$8;0i&F`xBU9= z)4yhPBATugGk9K=2K-u|Z~4Jw%{{B#azP?qTq*D0Anq8Hg3=75Y0NGfivimOvju-< zU!OZK=9ZU-uXDl{yjnuHUl0s$r*$rxd&6^o_XaQ!DR^*-BDWxOm7FivaKsrOfAaZLKyRbc`^+U7e4C>Nm=a!$e`vf? zQl$fPfFg&7Yg|ja%)&rkM8ph2;PYWX^8SV7>1`wobh@Q(TkEndgLJUhc&whHqKw#dYkoWI@eW+zR~V%+TGmw-p_0lP6*@09L4n`db?*v=bX@DjbqD zA!Sb$=W4sV<;xO(bhn%b^Je1{pB25qhUjv80X4+bnWx?|iOxP8knMU-nqW5xwVT-I_fw_dSasdCnNVey4sejTMR>ueaHHT(Ba z!E15|O(4}E;@TDcEd@@Ap3oV-;P^6uQXoTUCVoy5yFgb{IX7>MQiLIVl$?MK-42Q( zS(^62)9zWJVzR)4vc!93Mhx>PEq!(_`UhMPVVn)SKMz#)56P5OrrwE&+V=%tEH#PB zpD*o;;g4DJXe!R=EPHKYspGDX|KES@l$iWlR5{!;8Ro7w@zP;S-c6rRqou%;nFBr_s1ilVgP z(y`gXRd3R6I5hgQ11)O@mLK>)%Sk}^o*Xhbor;=OGXbny;OT}$L#MMCRE4e*0zwT4 zTs4UlA+qq$oYPaTyt-c(JHYc!dz1V%jnBDH=xpmh_`*kUVR|H^1G4E zYtAUGe6lcFk0jaS4~HF4CaVHA^J0i;Ul>pn2DvR&0%WYb2DT63JhM}wXlZVJxy>m1 z%lC^IKi6oc1{J$;VlP!($1FYLYy@6Q3u(rMOO@-@0ppkC(J$*V5jL_4sj=K!df;Xp zp=@*Q7@by_&vf@yhvCrfB_{*;S947*fY*{}*a-G5YW_*~Hw^3&3FcPl>9rp!VIs+~ z&%Kz0>Cs@}kG?ic{P*y`11k6=@uGYYOrAIl1gGpz!QO8dd=x_+j+UZH(CqrQ{=G?e*>eQiC!@oBJ?UP?~HGVRd@ zJ0!~X51NyMqC}~2sArJ;Hm7@O5r*Fy`;XL8o?lT;J=gs4`}FWQ^96tWJ~oGp9ueWp z=PUXF(CCV^NEoVOlpHVZ#o%Q6r}_8iKR$kiGe;GoP8*$jWEm?;{Jpu;YMV9|ct|^W>&pT_V6>1J@Sx zb;O)4v`o$b{bFA5%TVx+1mzswF!$R_=}Z=WarLkN^p>A}Vi^Yq{M)_ztbDb)@pQzA zXfY2L);j9aPfr%}O8{JwIp&j9M#Y4}SMnV7#eZpUag4dEKXbK5GMih0@K zZ}ZA&#b^Anl&=M;;9fB=l}Ft{l{7sEM}@iK?H)JHHa9F|&7B)*1Cl?bACJ(jU|9}s zG%15u#qA_6cwg&hi~4!@Gz{807`eG1b`F=t9)3W3X^6hAN^<^Xvy8c{`+Pvtj9~B* z{{w@bEd8)^;`fW3+-X`j@1IU{)@o zZnBOt8}$fCf?B5f&VX^Y3*XODDHVVCRd%j-5R){fCzg84SS-Pk`dxNnGRLMFdWe78 zQ6KF8K{tO`=?`?RH~Bwv9gxJlbJ$<+U(M+uk4lCSZ|VEFF(<)S9kSkD>BAeJBRga@ zTS0dOQ84y?d-}K_sc{Y*f05-EsmI#$cH5Q10#Hskqhw}p90dmR3RI@?KaD`{4oQNA z(8glzq`UAe)8p^6u-0**)$MqsXxHs2RPUx~6^D?cB&9YC_#FC!kRKCq!%n$`vwgpIrws5hX*F>Hg8JSzKU!IIO6xMh&kkwV} zP6D??c+I73$;Ih;?}o>W z+*OaI1wARr4#b(aCB=9kD{I0;4DWQtdhr--ajei(ywStk+(+J5)JQvS*XK@!cCW(M zoM}f$QDT1ebsmpL9X`^-rU`Tch6}J8Z5l236{D?)iH2AUlOSipQYUi|o}bGjvH7^< zTnU~a;$gDjcPLu)4PJL`C(3D zr!WZv7PKoQZRX*YF>_aFe9Wn75tUIJVIX6%^tkfyO3Ug@Z42zaZf}@fWpiggSlsnm$=Dg`jPK`C zfncL3hX=@^6r$STSGs6rPSrMj*yuXK!#=T( z$*!zcY*EJMI+4S8!b4;k_Gy>QxZ72C{>UN2p%3!?%a6^RrlvbF1h|eIn{rixiRucE z>WLGlj2_2H>+z@9PmNU{DDQ2CNiO|yw7Z;8c%6Tkd%i-6roBao z*_HkK%?JpG<*-BpFy8=vai801Rpb`}2St|FaGw z!_dFLM;a_A(kE%e(~A^=h3(coW@q8&%F+g9Gr{@rYKhZsyrDA>%990ku0o@^@Z~0y z;qJ&IeTr!-R%;P1fqds~Q-$37WI|uVIi(|qqq%mMYYIayXM!)x-Ip7u;bc{nYwP>A z68B<{R-9ds_v-t+4a_$SK{5V9WtV(VfGL&3?Y^h2=x)YzUrK^-1-4!OV;<`tp(=8XOlmSM0lAy~6A1yWGs*Vz;NszeDfZ8X_$Z1BYxl zN9=EpvWaoBGb$wL;9b;e|K)L9%| zB>$FN1iwOdtY>Gbbtm`HL3wBPdw!A2$ju=Jn>)F(&&=@GJKrvBoT=ANiDLqS2Y2iOIkb9;I>L+rb%&a` zuMN6nFZik#3lzGF^>B3`P=b#AFSBNp#|--U89gY2m&6oCY}&)Em9nd*xtkmv{eVb< zl*q4<@J0Aw2ThC*w#q@Z*`x|A^drH{F+OJ+wb)LGDlMH<$6V4HcU8QVUS0TfFp4^~ zZ0FrEUawQ)a!f=DK@ocbOs1o8S`qe3g(e|(kEl1`Y}5nR;!i(3WN`caLAa ztu@P#y-}3(D5LCKPytd2}4GEGB1Dms8W8e6_=m{N+`*2&a&&4<3SRi z=rrKF#x+U-K)^of>`ud~zynhoJgZi5s zoRekMhLa0F=IS<$#t8xuOa>w_L_fyIlu>U$Uj|)Dzr8`YZu=DS_p+PtqzNW0LvKJZ|F2Li-=7xDp3$?ZcBiCe&aceUZKy}0IAkU6n65xVM z{3$rvr#GNxRp<3H*mw&LpY%PQk+(o>Hv~}ELlZ|le19yV-u78_vdrw>rQ_7uZQzc) z+CyTR21iYoFOCB!S@(=GBT&S!TcmoRY^X_nr)*bpAUTdkRij>a=T%_@K>&xarVGn`&_sJh^5suY z^9G9D>BI+L>gp13qve?@qaAr zv#W5HzFV%2dWXe(E_BNTG-Kp%dZ%H6GAjhnt8hD?Q&)d!_w&~mi1E@(6kWeSr`TuM zBi+83Re54@S|nsKulfQe1P3_QROY%a2VtoaR4HeARrcmj5A(8Sh}!h$E@XO7!7-fospxWEK+10P-7QvRz(h; zrQl)@@Q168-Cfqj#g(v4o+D;Rt5KwN166q5Jd6ZR1tCg0LDUokbx3a(-;(o4Z18#; zh)AUT^K@S3s+6PKm>IHa#f5F`6yX-Fk9SoaYO`;Q-fsBWeC zrcQxERgE)BlXcF&fOtquooK?-`En!y(MAa$ThL?x)Sr?4f_?yeYjitptbVr z-D~)l6Na12wpF`^?eh!-?zrxtU%4r0Kv)i*@>lS24p#8g)G!p`vXjUqYoORwtdiCK z4t1Or?qt`u^y<<4&v~+P|2VacRmM79Pt@A_(DfqggkeSPac%}P%T24l-5M(3FyS=E z$F^`qqcBdg3!nx5#5)uC$$3No|0pu@M!rNL6Tr+CfQCkQt*k@(6gD>Qvl7ptM?g)?9i zve&<}oL!|BSeAxL7{mM2UsL;I zU!3rtf^V_jo#GmK`?U1b6>92B^j~)EiBoE$v;G=nRwruy0mV1OfWq@4@myC*l4&Ek z4mS<|sb*cz*eVE7EU7Lu-!tdphHavDd67qS+=2_l7)1#T_vYc)afRr=Y31t;f6m6g z@d%<;DeZ6QU&Z?K{J-m!E40=UNpe;aV6jk>ng6xInfj=+r!qob_|R7?ciZ0E`Uer| z42N@LqSIAw*&9qF;T?>|EjzLe`7cZQxQu1qvSJcNw1rZ7epLh5e;Ja!Pe0q@NvOCS zNMMNZyvk*dctVXm5x8_>+VzmlTnsfL5Z4^M@x(mrjqCpl_Tb&{}y2 zj(4}sH@hkD#3#XL*Yv=v$Z*(&1edg7Q=syjd!dO3?&|#6xaPoW=UpB#WE73+ewdk;o5iXn@*_|R zIf*VK$dMprx&A7KB-YtbE(=vmGfI?I*K>!YW&O?j6PlKWHez4~;fe;xov)Di-c<|% zwT5Rhxfwrvv~C?L*PA6g`9oa}VTG*^|?qKMiyOT!{vO05e5 z0@AURNOzZ{bl1|ofYj2kgmfq^9RiBfk|H1}ARr;qNC^nYzpH-Vf6h1O>^U>DckbSO z<9XlrnLBqjAJ+r!1NFR|7$2l_ZH{O_ov8^sloGTjVS?_sh25miQ;zwzgPi2}RZ9KE zws^%&M1}HjI-Oomp0Ad2Lw!6eP-QJjjSYWGgUE%P*K7QEPMJIR}JM$r3+7O|pu-=i0|cRkE#Cs2EjD_={qbDsWE9 zgfsB{%F8%ydShSGs=FB+btw>Ywf2>_!C-AMQA>>qLMq1(DS6%!r$Kr`ak7=vVnDufg5_hdee& z2CKcKs?s$&1*-~AXt|qKbaWgY17LEDe+`j%9bi&)K2MIpskVy13MMB`>6%AQ>yZR#iCSmJETq}VLpsv;*Z zm?9ZxDDXJ;k;PQRrN-Y}Pwep?z4F`^k72_aIKj)3wv(e4?0uo)^lH8L!1kf_Pg z=85e{?ox^GK{n{JvD!Gzi?W~vpM_5SpATCzN*R8DFE(kxCOE0YTu=5$2J?c~D2RRF z1=wS}z3GZC-3yj)w5iyLABp1&%=4@bse%iUcMF{^+yEaC(#n{FrIugWpm&{4mQc#_ zhUpE%(aM6}DqCrwl=Wrhl{P&TCaddlTl_u##0o6C3sSg8o>RLcXrgUD`sd=s}zvf{6P{5|qsc ziUwa14D)ZM@mjR6D?-;;jB#d_2W4*+sInpHPQ?_r1uP?!S!Uf`_8<5Y)mO6og-$sA zn?&?`utGixc@`EeB3v}H;(dM~@^O49v0=WC>V*{aDjeSjcpF;QYEitgD=vzE&D)rt z-ua|>|IUz@|%T84QE8RsU|BIJ;9~BdlCron&wCRDWn{lkrAZkLf=c&KgkZwuwIZN}C z>+st90sFKh*tQw`l14Y%BO@@kFWxp$PMjz$OSFch_QgLT=UG!Ul1m%)A$avYd{2Up zv)N}zLyR$vilYu$tOv|bnPG`4ZQH}N5i+rMboo`htQT~E?2~=a*&EO+GlsjnLo#g5 zA3aPw6R260=;Sb*c^FWHb?h2RtYuU>KSn0@g7YbMy?*)S_Tn_zw%i)f1 z*0jVpe{(&RfmniUe_@)@@FlhL-<$_;Qv*_kju=Fk8)yQt8@Ha2GfX_)U1HMLT$><7 ziCWMbW}g!_*&Z7FmwDXd!v@3O+3LB70a` zImf5LD;NSDXg0|sT}&99@2});bgWJuu^lsoWu9)pc4L;^>Rm<`?VXvlQR)hOpyr6o&zTnh#m%RqVE>Kr!; zzZJMKwc#xD4Zez#PlBp)j+|_EnBCjzH+tzjiueE;&3o?Di)S8os%+Zm0M|WhUtM(& zQo3y5D+~CDXBfH~M=s}?xdNK|0|o4;#_2{1 zhr8IN>9ySyG$wI9|iG?6PYz znx174#nJzK=xYF2-%ofMf( zAg}f~9|E7d+k1@KqCgQGSal&V2Z2hm5~47B>D=RaTl4c5Hp+KpZh9hY+)Ptg8W_a6 z_P=nFMRcFNKsgHx?JcB8LCG>NGRZQOw?w?iG&{LcQHi>Uk8A2nK0AOP$mvx1sp%74 zY+f;~gaB6~Br>%tg7rOn%vo|$`!Jmu#Pum%*|JNfw3P;)&|=P^3T*3y`*zMEXn*P$ z3RE!I84XBY8IpRA;nDMFTy&*r?bE}U$&t1OFj6TJ<}@6>2T(1!U@@DMfE4pr-@Znu zQ~u4w@GWvIrrKjIrlxmk0kk>q^{K)&ll9I<;(BtKCO4(6Zh0259LM92%`dByR!#1= znNIodZk<}Sno_i&;s`7wkyKLCLge@OR|3;fxC|=3D+m!GMtv|5H=pfB`;;ck4BufVXa6M$-><$C%Mhh& zQslQRU~CG-CUmYez0Nh=nE%}&j#ENND-s0RtNDGs;N;Z4D+&U(d@TNX8q}Yqwtzx{q7u(q8Mp+naB)KO?g&Tt7%2&oUBp;E4caZ$o+u&E4Q(_%7 zpTu$kZyFwnSF?o?I1RR{_%Gh^|1AkqlM^o&ufg)y!Mq^Uut{wdYv3@DsL&yLbBR^B zv3#8`bY-1(>C~B3jklubdDXPMG?ggk@QD$)zTBm#5khk4x;4fc!rmGhcI&GE8;D9j zn3ox;ZT|68d$sBP_q}_jOBh=Yn1-Sp`1+!)DhikcrSd*nGG;4mU@v->qZX{I68_{{ zOpO{AJM`F00%JZNNj5iIgD(c+XkYpC(Nf)SGEK!UH_*mKO39bR zq|l6v$EQ{zsFkqQ?i_af`eCx!M*o*yPmdti@?(cUKbXXIKsrD<$hgy70POXHi8J-! zvK&8Z)kdfx1VeLO48 zA+F+Z&>{D#GJ;D#s^()ZZ1O1OPcw81Jyix5T7t#L3ZdemS5EN})b)ftYGHCIw9j{z zq0~>3+}Tg)t<@I8-H;T`#!{e#|GP&5#@$tL$U-eK`#Y|l<^HFgZ3LD?ru&W^mfpky zCVQx8_lTlpQ>TQFF^jE^e_DNXi6ItxNQlq(#&e~8YxD6>1Ei&?(! z9JksoN+Krvvu^!$MQr&^x{d|%Vr{jk2?h+2^LrQaX~+h3Q%K5=A{XoQQ80OjAjcX= zGg$83!CHsLKLk~> g2jIBi>C}f-Vo^z(NPReU0#-8%U>Go#!s)q(sGf}(`3cIAY z-H_GLjIv?ymuh=wL3B6|yi>P40%dlxIV}htI7dvFIRT=Y#Le*mu#oW@75Bt??Aidq zC7v2)Jk$(EQ%nRy841L0C!CA8Mt@0+&<*GKoe` z^0UEd{H5fhD7-s2mt9{h+2V|!sl4Hy7f?#9TcB91 zw>opKCTN5mObeUCl-2!@GlFfqzChAH4EoRPQdq~Bi#|)<8k=QC=Srs>)h15aohAkx zPplK(b$_oW9XFor#fe2@hf4~WjooUT)1TIDFc`e&$zSiNkvDp@B++;Snxct@LIL2v znTRamk1_(%&Uk!Ml#%L$RUXCcgyJp0FrkfGNZXZK={qTJfXg5X^6k*~IH3^kFu0jb zr)p5!+PDqPuaYx6)!$lZIey%4R1~c*8p@>GH%?YK+-zjrU(Jz0XAFXiiD++@*HEubj>0fr-PbfoC&oZqW%=&TaGz0hu|C;-8#QL^H`Wgig%!UB17yF zABuIqOvuidu|Lu|n2A4l_a9zjUP#UMtM-x3z9w87R%7c+T<&}WW_zD0@HeHQ(65aj8JHk(H)>^(eS%D;&I5vy4 z1Yz2@BXvz~mJa~{Cd3P?LReOqdAb*F^4nUjpYU3eV{G6Pj`(C_%`C+qa@hi@)9IfE zg|?*ibB>*NJ1OhqAD{ffu!puTnyJe_u+vU!2z>q1(4gh^jYz|;+%5NK0^*%mGXYDj z@h^%O(jYI#vmv9H6{=oH+rg-yv2}ugNkH@h3KFW{ZHWZ2W^KxqF~P=!UkYV^TD<(; zKwK*;i>6*a9GY)Xwtuir?k+|qR}9Jq46@yC%IA7m!GxoPk-R&h^;ZX$`Ho_OhhQ;5 z6db&^cDM#Rwws#=mLf~L9vy!DeCw-*y}l|VfDpZCTyiPCi*{fdvYx%UJEE+r6IWE+ zeCXe@RDcDA(q8#eQw$P^FiyoJ#GEKAT_<#zyRv!4KY4~CejeEUt6(l>1mW3!Wbo|D zIcOKZU^M)Q;sY1Ef8hAaf~S~TKU`lM=yMV*0iI-}iZXL=sq3tJqo0Jc(>63}L+y(@ znp?vsn~1LR4*CZ(=?4uC&D-{XDA+(W+AzRE0?-Erf6Ddq9M-F2ZtxZVnb?7O^uU`$ zNcH@Krs%oJRM)!K`#Ek4fu^GC!V#fz-|``Df-7!sI1EBlmlO^I+B`nk96jw8GwFyz z%h*}})VA>9Mj}{!3@hABf2Bguw^P8wEU6>msKU3Iygk?6e3kjc5#8u-(k!nwl^Hjzu;p?#%vuJ}uon^Y(BZIOJYR7%NJ;Av z|Dem(ugm0RZttv$)*68tKToE)*laiK{F+})LNKd8XjwJ10VxZ7rs%#Q6tXnfZ}A71 zAbH?7H=rM)S>F;aY_rLB*b=Y5<)OxViYhpbAh**8Q#=YK`3yJ~TICS@WLZH#tqxeI>8WDz4(g24Q& z=5)5_!C{BhXjV@54dbg z-NEAPY1lcXj^@ZAxuTNPdzSayOnEu0LmyA*b;O!|9>1-y_g9m#^O^X9cS|nmz6utd z(u_Tsb%E2P5v9pL-gPKsw$V^~`i>~^*!IeLj8cf{;~111$&BYBugMK`tb$tmlplC2 z4_qWLmupjRaN+mKbkTfWKNkH@LSPHa2_EZ;4IZ0zR@u%k&?-~@9#=Kb&>EECk`cCE zk7z#TJxn>s8QDt`*B?BFeVcbHHYhLm{zQ-C7olBY`z-$UZNnnghE+!IuWtuze5t7s zFI>#LLbZNAoh5I{$jOh9#S=Xf;-$)Idg@g3F>mn#7I{X}>8(@8w z9^riS50Hz~9gQV!!NwB0b&yipd%a^J9Kc$m4^AgXBY}YyZ`}+^G+w+BY8Og~xDcuJ z5ik;L%=$V$+fn=zh9Xj;W8UEG;=5l$e+>FJ+Ml|;|H117yRG|5A;VrBqbBU(NQWLp zA}}}^mrq^kpaWDr9+Gwx8}`J?KBH6r5ZTsz=O2Kw6|lOV@PJ(f&f>%yidSp&rni>Q zt!@jYXk~PIzrO?r1zjZ^4|RQ>rDAcTmgoG{QVW}Y;7T>%y!$4mD!e8trsL~|mSL1q zeTO3l-&;~q{iw2^DK+wB^x02wE%8kG?K@`pd|y1ukwuesE%VZe@51l@MtZhA=AQc# zQu=U|^PZC)chf-Sf_cKz1&x$I@m{OgwqM(ZgmKVq{u0)lWy5FJ@k3{7oog`EO{R<5 z<={@k+=TLYoJX#wvC@?cC(54)_=`ANlxcPMQ~^BD&w5wSBv02 zD||NjQ>Zt{R5BI~+_;~TT~?AQRIKQd7AT>k%+FteG}7hGH#-E2etp@0T+8^6_(Cq0 zSK{5oSKz64t}VNzGr+)iKlwC7q$6bse=1NGST;M5G)$I+5&xRm#(lUdJj>IyG9n}& z@VdMx$f;pGMe$t*eNQpnCC<%ubjteocb!jVNUy=~Z&g?wU{#=|=yWpo*>P~MgYy?k zMA>~5%_Qh)9X{ZK!;B^r+3!0>zzw>T7Yg+m>$4ku#1x}1V1atit4XyT=B2kT?@@nx zK^45SI-h_?4b@0X(^Rw?{AkK^>S?gU9~}(Y_E!>WBP9F7mI+Pi#r~Gpi!C!x9QIIS zh_!(P#YI0PZf>2RWLzl1K(qNLo@0>l1?`WM_MbM#HBt@9=@QG%OuJ^VZU z1fOf4P<+Wd;abl|5uo3v;xAVu*aup&dE3;nQh#XZ`^u5D@!Wv01bwqcwAv_vY% zCmufCJYpC3EnWkhFdr0;vifG@q<0aZp06_QBJy|u`bW`)imDUPn#vJ4?9A+CMH4R% ztHi$!8D|g~Sd5c%=D?BBIX!8%yshgvcXy*#Y?SYcb30$&&yJNbxmJh#JQz*nn0L*n z8?o~Km<#_5GY?~Na5l+o{-r&0pn01DB1jcXDk|A42q2@F;${F~-!HIX^+;()_`2F) zn{vGjL@c}V0bmGHH|qPClQlVw$IunTsQYO-?&t;)e#6ewbOv^oB?jNQ93o9dgrb`! zUB0fb9K)3(mF4u=Se2Sn6``P{{zri-S4B=oM1vb8CXfR$=*9$SMSOQ-1neMi-6bi$ zAF~&5tgfs$DRh;imhNKI$Y??sxI;)<9%vk1^_X;6BzN5%=Yu2i-R&_k7ZJD~UX=PG zO?>su<-8>`gAUqk6i%LBwDu8+9?F1z#GD5^pg9eyis|$Tp$_H2yX;(*Ff-;rJcqIZ z+7MOHdw7*I!;hcoy+C|`LI58T*q#BXafEvM;Tv@=p4=4It|M+dBY`Z*Htz*lo#+}K zZX*)BKmZ7$#;YD6k1+REr4yk+;V83O73hN!BP zqe!&ePWVpUGwP-op8y#w)JpSBSZ!w5e|D_jk>a3t5WYQ|e@;B>9RvJ1!HeAfbArBK z^Y00_0rCG|&L7b@ApEDN^rKHuL~jWB}dS{{cshFs%Rp diff --git a/spreadsheet/macrofree/alz_checklist.es.xlsx b/spreadsheet/macrofree/alz_checklist.es.xlsx index 71eaea9dce4d3f4ee0483442f9bcc2e800c32445..604b2676f07d7b7057549fae758b61eea5b85377 100644 GIT binary patch delta 49537 zcmY&i|LE% z>fO6)@9O6`AF?DL5=s6mBoqc17#JLw8j4XgQYSp7RSnx&Fb3WcHYYh~cXMPzQ_2Mz0(NAVX)=8_{tc2{~ zF4l3UIA!N1)({WIhLvBX{G8?2#3E~tDAz!l5GL0S8UlIJYi5?n!B zvdbUxXaAgBe@`*IbzRXQLtD!HI~=j9K73DXfVHFj`t@_r9aC`)YmU9tPN~&V${sll zJCW(U!5e~-xKqoyfC1_Z7~OJQwL=Y=4%iP&`i1Y2V`Qu82^)_XmXXWXi? ziB(Cfa>CD&7U$kyK4eKl)uO|>amq(ao){>6mz$y!ZYc~-Rbaj({l?HJGY!=*xIK4{$*`;Q@mUqqj_DtK1uLi z18i@xu4l_h<}|Bm|3ORBxHg&XaYY0~%_uuo*DyZiY1RjNUV-yhH5Dyi%!>^*RxR1G z*LuCgl$FQy*DiWt8{V%H>Dmm57SAsa8CI-eNHERM^Fo$1M`x zZ~H6{CTJEMdYQI)-T{jR`S%y<-*r8ofcf;*&;mRiyeEBDUt&?L#-<5IdXKz{i^qcE z%9~oE=bmqP8u#m7KH7X!R2C47yC(OLMIX}>z^FOygv6`N}BIrDBvzpi00DIrZ z`G+c2UY?KImy}cQTpAZzzBJ0dRmdm|zfVsb=imSQk)|rUyW+L^&@Y}=k9yD;z39Fd zlwg@*-ebOEx5B=)A^f2Mx0Dlg+=jlOP={(>A~)oq)4DVGwg6Ht%YlGPNEX-&#$ zLy8za5O`LVwg2*KCuk~36Q?dh6i68n{?4^sAMvnD$wp|Qd7NDR6Xj0){iD;p-Y?$d z`djL2PljOe7p!_W*0WgCSPnyv&K8r|8S@O@Ustwv;(VERN9a$QX$mMsp4a{n5B9U@ zCUOtP>F0?^s}edrWf%mXjckv8z76OeAJ3Fx4R~{Mb(Qpx{|N1?V+mkr+Xrq~>}u~3 zVUxEK^PgJS(7WWcyt};4w42m$+|$15YqPd=te!vMbUCKh(|K^2WyLK(1#*;q=4EfS zMw+VHq8YtpGkFjj{EnaNmleW*>49~kEG7XPx! z)g(gb6ciP>Uyy-fv${q9upLGzx0N_}V7q%zAV7cpxWK>9<>32xbO1TwH+} zw#GCsmGlV zFrjnvpnm_7A@IA0zw4*R_qRb=A=AE})~o{^e83mY`P?5>m|5r8@ed5z?~*g)s)00m zD5dmHktw7d?D$PNEuJ}C=XgEws(AcblWko4fg45J)yi?Md0fBO9!1_&ZZ?ui()R~# z_oC~A@SkL48t!Y}+f0FV=Y+2XM~599?j>ASpHaS7_V8E6S=R1%-UmW%C@ni*JLlhY zElPb~op#i!TCzaV!a+{!AS7fxJW+VQ{-Bc{@{Pn50`Ix6#JaBh{Fhgrhe!WF-qL9_ ziqF?i`1}|+V~(C{le?*&idQNYDVWV)E+e)so$X3ChfHgJ%-JOZALLdqfp+&#Kf5+8 zhrhJuU8bF@X=4jaMIye%RM@DD6Pjtuo9+H|_LyJww*O{4cRIkAYJE?e!;)ehs;w|_ zT#(Vws_$xIR?lUfXtN+D^=%64#dDUo!-AfpbT>mPsOyog{bs2j@DcSRWLU-i%)bbKf@rR)RirChDXF?Nd8-3sXXxIbeZ$>ZkK6Op; z&T0kO7xb5=3&U%4K(af_`PKCc^zI$LX{!>VPgG0Dyd<@<7#EK#lxsd4+~!snbCR=n z8A zaqPzo0z&xK8txGU+*$OmScYn|(TH8D@G8|<0Q=cB%khZ0PSl(8e~`;v6YuTY&D0K~ z84epX3M;8^7Y+NmGDjBN?<%BJCx~!$_oc5n5YV4XtvBGbt(`8k_+GY5U_ME>!o3fP z5+@9G{6KK@*`P#-t2%3T+cmW=_Dru11QFogyJTpbwJkw4LzCqgvZ$07=DO-xqT@6M z&~Vxx2dhdbrF8ag2S8zd2-W+2I*LqX-yu&*nB#ZsVwF`oYhMzpejvGtnmHn*x$hEB z4SQFEmz+Iwx@{d}eKx;<@XZdL>~5CeMg}9c3hcF)gLQ z)0pN#^@;TbW_*ZMqnZ}yKi2tm99Eqs8w>d01ny(mS4BiY=3pho%TXhVX37MA!`eVP zA}P!;OEp@#*4~?$KyIOaL@N?s^`$8Mm8T?p%Oh5)f0Ck5nnxWW5vY4LAVEFU3}m2K zWBUa~%UFpnRYR46r1pg77akWVi-gg)d46&$TLD-EHxcXdNNxZHsxZHHk*ypTmd;y? zvV|V06SWt-Q%Bn z9krD%^8%P`3;6~^!-&=vP5V0g;>ftlmxg?EiJQ^h8ndcUAZrWdEDZg`E2`X^TuPF} za5H}mTNuolg2F#<$>>an{^)qE=d(U1{re>GOrNy>Yoe~Kob7puoRR7pP{mkriu(kA z#v;tm;)97g;KP1Nh8XgP>NF^>(OJ%>o*u0Ij|)!eqakblP0d`h_dQOq%f9Lfg~oX` zh;@Agd35I&rF4NeGP77BC0d$JFRwi?&E0aB`#lKzK{wgCFDcd3YYjD%7~|TxeKr}A zU+R^|1UC3yV-my=zOQL{0_%T}$AtiW*r>E;kOT(Gr%Qf@760sVc4YOZGe}j2y)j}F6*3N(AeU50^c|F3fn|1&vlO2C@xu$fcO)#lWyUTu}Z&IjH{${EA0VkGVO>& z%r0vK0Y||TPKI#g1B1IF!aiY#c zZMe=^DcuyVBn^-0f%^!xl~;@Y0~ml`=M2-#a&SFcgl5#J|T--NI8?-k_j)?16U$5ltf z_N>#ee^gFWty>?aSFLZ>IKg(D^PC5u|AlbNSuRc_xdR&P=vJ4%DLQ|!eaOx-*I|s@ znNo=~c(HVnafpTr_lSIQH&9_1<86G{h;u{Dn3} z_sr6ZiBfkN9^9?X-!5l~1C~k=u%cR#*J-Uz=gK)rVP-NRM?7!YOM-Mr{0>8x#nENT z)*1#4IWW<^%Zwa3QL+U$Ol$m^+Bgu;Z-9Nvh^{9ML?=K?Iy@FBVDk&}M<#TUJk4c^ z0sZPRq4k_xeh9(0Zim=Ed(BzHYRJq9l z3G;)*a!Lm!aDfrBrR<(|i+R>?R}HUvj&`LWKvZ2r2<@~|Nh0LYK>(c)4StHIMEzR` zUM=Qj56+aZz4i=S*42WM4)(3FjjrI}8(yC-wysz|;RB7Ov*sRG$;yu$mF~fO>M(8P z*gGDLMR3A8& ze>qo=f|Pn7C0dWU4R_E?|2!iA=(fDZRZbm3WH=sKed__NpNvxKdT|{Dd8Wq21fJb# z!i5#L0iAjl8rVaxvJ(QV!CWCz9*a`1rt&8SQgwce|VbmXk;OBqg+Vr5D*QwdR$Ffcm-66 z8N||%G{M`eW9!JXKsFR2!v$Lli8i&TZ_(CFk~Vb6_s_2 zF=<$kyZ0=yX%#P*cTiKWwAAAzL0DTQiB7z}Qr}!6yDIfw)JbRzNnC2OHQz%Z4^kLG zt1ER($kK`+2}<8c#%E8r1;%LMEPJ?zUYw2m9E+uKc>!O(T7&`oE&!UelG2P;n5*6+ zf0H)Agn7GqO{~~R!>gnU*pZ_OD7x7`O03R9)HG11h0P}ISbFBDxSbA!7|z%984u%$ zg*To}Zn}AA5Prm=H~nou)N6cbkY%KIBiuLqan!68~2zc%qEg~70%cM_h zDs)cC|5dxJFl&(c9}qF>6b7pe!Av@~Y(LHo?AB+8n~;3-J56kEdCM!BaxVT{CW?dX z)uxU8aotXPSxHNnnu`8Xp=S=FojyNGkYSlYNt21?N&c2`K((ge-88ln>uNx@o=mp3 zL^D`|qLLH09mt1FIenY$cRkb}CgLQ<8T)87o7nW7DFbosr{MXpbeUw=EWvy22l3i% zyDry0(+17v7F(MS@rSu9XEN;0sRW3h?xQRuM$otcmEj;nfU7yR1@Ha5h@ORK*>*)H zWt9X-Hpwow6U~s#LyRCJ(B}LrGeV!BX?b88flevJpK#}3#cI}ZOz!16DA?W;RhSXS zAmeB6Zzl^_sHYBI2{1)}Z}Bh|Ku$1T><6_aJrj6jeIe{tllDA|ir=2IBF`jy>%E?& zLS+$0nr43=3c<`Lh8+UUA9NJ%kKDMiQr*kf@)N3 z3CNY%Zr_;ncJ$jJAZ9)vFKl?uXcG6<`20mbv(CfODN<_pN!Ln;u+*5+&yQ}it?%(I zdb`Eag-N-2P33~VLnk>UNn*98m}q5_inMG5`WuE*BK=O99q=R*pWQ;869#!@XFGW} zTBcE@x%b98NVEw%Y7ya-wQdKnVAAG(0sOn{FYC;XE8y1~b_N%i7i3M{bj5AyvGLvh zuBgTvyi!;yUsSQK4{P6Si|%1a`fU_32nDD9qna}xd*N0OkpnfW7s#F$Gd!~hGo$*_Rsjx|T3ekrPD6*(Mg&_O3 zh*w(oRTl#Km}RY%ZweuixS5ofaa?bVUqAOz>2%utv0!jYc`jG-qQqjYE^jXPL%Cw0 zjfExLbE~#$T`*x-+~5NGeGU4|+D-!SYl$#GNG`lm2}lV=nP1LY@W#TH zC%-?PJH6E&JHJ~4v)0aoP}-Iv<4^YVrf`{^6_b}?a?iDngEs7kd8^85&PreA^+i0E zS6g*-ZTu*c-=|=@Ki-#i8}f1QS#keI?#X_y)cLVR$C;Be4l%ITIk9np=%sEon&M$P z3`WW`Cn3Nvv%QTh7(Jz_H?NcbiI#*l_)}F4Bb@JK-CFNV=-)N}>+PpLiFxwCNV%k# zeZu8qzzy`9F6aRTQI89U0dYVuBy^%q!EXkTFB93YO&6B)8 zq%tp$9{5bkSEiUrTYr^Oc{OW;l9}f zkRd!WpQO3MClLI$^vDql(Ah}}(1E4+_Nbqhb{4h;a@_b3Snvq?-Cm87aQ=i54xaJb z%`5g|PaDhpd>Kl`DE6C!?v;HYfF5@XWn71maMqTO5l`C>d(7VBwh7{;_V{Jiy=g;tHbl;ei4u+t0tu?zg=f1_0 zMH-7@~eXM8SA+7D-5EaJ<`d{*$d zEv;3gh+Hv8WBEWO>N->4+izruv>1oEsUU2C%U>GfH35%U4SysvEbqDP{i)wzE_&LD zz#>qSJW%Uij*r1BPWQit9y3bZXP_M1G(DFxUwq;?8 zAB4;3xP~R+t!8}ln+1h;voI)o{j6`6O4>5`w^nwOY7Gi>RL@IJK}Jj90&jSJi&S2fF~7dZx*_nkT91a@aAj=mg(GR{1XUqI*9woX#NYd2Ro94#E8e4tZkpA z6WIJc_etl%F9*D__C|unJ`E$cJ#3UJ4m=fMlE@wnke@+ZK{H!k^m-|?(M7WOviv z{`%ck4ENSyK#K+!O2gg^1yF`7tc?xQX^H z-D0cg(qV}SBM&}=Ob_);vw3<$9lB=K3t5+Flp@Soc=V;vea-M1(?8+Dj?j*WpT4-= z?s%td*R4!X!cL%W)Se*-fGVh^5%|FkRjTep8V%g(5f8R;I1rz)fW-)_H7RgXW<#mB z9nvqft?yzYK1p}r~mX|N=lhWzAWcs91MIL~xjJ818 zTnh+Emi{cXNzPAdzpJn<<|S?Rso6gu8GX@bXIh@eaxXiI^&f6$rxl`V-H{}gL7Aar z!yoNoQlr@$j-HlLlvsWg$i_5!0(X>mAgq5hMVK`$+`~9S?u^&V;4l=r2^8jp47vo zPqT1AYGv4PaZrCR8AM6EJ;aG|?+9;LFRN2h&wt&eU^t1-nq^cc zhz~yWKKhwvaGVHmXr@$mw0n1gc|Bt@T9VtX?NFUGY)4y*0l|kMdJyAN5MwMg2 z15lu`neVgu*;gtfm1Rx}GWzOiy)>$@N$7UzUCCM6&TtvQ+fB4%#5gNC$|$f;Q1<+b z47~M3i!t#q=-JmSwX7(5`u>~<#OWPcRnulIWz(iR4|}wNw&0@aFwh(tm9VLJ?sFXU zpNrE~J`5aYj)eXxw>|qc_{*y|8NWYmInlNEkW;r{i1D2lbzM1B2}bi5@I%lPxisLH>Nfjx)l%bUl}gU)ob#fnWhU#ac;drXwY zXzYt*%zoP2# zGdp|DQho|_&Lanpez*Esw!erhobt4@%8*Jfj9Qh)EIu_4`Dh5}3%Gw=;&&Bbx1+L7v=tM@m5&p|TO&bL~(ia)=T zq=QNWvDW7JfcA$0e zB}sn)!EO)9pVP|kaj?e-woJW$OE}QbpSqHAT|nVFq*;l*a+AS`!8^=W+aZArx@a-4 zv=~N5oU86pA4N(JTIrt7f+_-LO-=i`zl;8QHGu3KIEQ;&sHUQ+Df5K&Bn@s7j-NT> z9Lnm~3AXW=jH+Ld zS*-qdkgj@usccFsRa`3g=6WM}qn7XA0e4O;6?3Daan#hAL3(8VYDN(CEFZ_gLwI-- z^z{FtWMd7MRHo2bQO=^CXN<6oYHmHfzpDf zCNT1QpFF#0_e6|vu&2ZVP8=cUQ!;JBc1~U%bm-OTo?3_J`%NW6*z1B!7ue3A3 zmanpWX^yto;4MXW^wOx_TrDD#Fc>6%;suLtY2OP(^oGGUS^2g?8G^UmYfrLq=fE)L z;OXxpy!%gG3o^ATd~9+?3SON(RPSRXD5aP;-rAXngec>ty~*h54Z`TL+f=HNsYBn% zVK>d5Os&_ROvO@jdBQXZV*?@vuw$A@geit}DRRg-LGm1k>98#-F`Sgz&*?K){7~q& zq7Nr%;%VE;kTv9u6XjR~C>gd6k#Qf7uDW}nrQ0-!zI0z!)KM1$_@^Yt$O#X>=iJKD zP|Y-Rlq*Cvt2pt-34``BA(&P2N(E)-xGk3a)j(ia5-ad0HYMuhA&`6NN*;mWU*dhgSjRpy(HDEF4QmaZ?&zaD5ANA$r(gc623Hw>i{%@C6S_ZH zli}d?57V#(@RpZ}^CN$k=ngko2-aDY7hQ7{xpc8$&i={Ga{pFYI)4z4)H%RJw!il# zHyrg`)|`VYDXi`^!6d4qV=^;(A1o6a=Tb!w+Y2wey!(~PTSQULV--#;7#Jdjq`~kC}{@a zz%ZAYbKclXEKzOPVlBF>n=4(qoWhxsQ+7B4CngcmeD2S$KJCl3nxn*MG#5_Fc_Zo% z@k0uZm7K{u_wwhfElyac^@M|ZiZAsu7_K?B%N%y42iFaR2w@;WY3kkgZTO2CKZ;S( zKxUyBz-!b~(~csLGPuq>hYthm%RfQE&4Pe+k63zTJA)%)Nc1#EQ@d^yXFpOs(Wb+6VbdS;`g@PROHY_3MQ zCZ0~lFh(R+hXCBg*o|`2I(M#S>sMIBOBO^2f1|jXYz*|t7N^FUu64I8K~$5O_)TFZ z9H72F5G#XyQOdcnYm+{^Z{gX zN=bZIQ9W0|y@2E#Omqyx|D>1!GlJnA;>TlKbaW9z6DFMG#U)~jwzdapTBa=B@}rpw z0fK!mA9-P#*X1sWQTtzw= zzjo*Voxdx!WtXxKDX8Qytb5&W$&v7oiK-UEu*QD-Y%2z7u2A4!==LyYx=1wbp?l^m zpIeW%a{7dmX^}6ty`Objb#%9lz>&=NcM~-O@3IISzn5SY@lH3XFwF!eycME&?wHBXZ}w(94H5`Gzc+*Ww=vVNo*$j-h-q7?En zRLKOYXdR!}z1Ydo@Wl0yojY2v1wJVf?yQmXXBa^pG25Z1#Y`Q=L^=$C;>Bw;iq{Jk z6hhwa3#Y-@c}EMm`#j-gF~F^Ttw0ZQK>pT)<7oi>5=UoQhfE@3MDmXz|K)l=`q<$# zJfje?oHt&%vEFlMV3px_wXolu@Jo`O$b)zzK?b~;7nqjk)f~h4_zqpqCY)yO{{7~| zkk*SjpB;$I_uvC!WSkKa3x<@K{{);gosR3$iubFzBd&CH&e1b&P8ln1?nf(}l8C_~ph@;oyWoJ_#taF_wQ|eAc`NB{uY_Mox6X1YPNbLlKxd);FzyX9Cv0n^ytPT;x7p*PuOn4D$-`<9=0+3c?)u`-5hfYIE0h#=E26$oWZJsx z_-%_JJ1K8RxA@_a%#DA5@=2?&`D3A$EbqXO#;%$8HWHJxJLC|IV9I z6cEeb(-6yxm}+K|8dvJ0TpKtva`g`;(g&fY0^vyQt76fx|`<))c#i)=)|LI-@eDx=J$_U=$mcQ zs9#17plZQNW$KtlHnbjKL`d5#h<_F)RkBg|3@bl)k_gnM6DKi{%|VBK8<-K;%7TH% zIcN4@dlohm)tKd|;V9|Y7-hHmHU~{+XWPWPh$+u%eoI;Ak$G8m#C^4C!0ZtQYJ(U8 zZH*7Xk_C_4E@8JwyfTz($A3Rv()wZDp0Ie;6OdPKrYXQTa|0&N8Fff|l(O&m=0 z^RKTWXuxMy3X-F=6S2-LGidNWv;Raqad@}c>p`!XOhhtt*JLN&qEk;xi!|@*sVNxI z??f?T>`R%BW}?xwO9lGjU#!eunSd_Pb}JKGnI>8~t0AFNPC?DS)Q@T}eSMtip&r$rzO$)0LDM_t;S0?K%}#9v(U9u zz-CMX1FH*{ZW^scFW=}=%pzLeUSt~iHw_K=8+{leGdYmzbxet-am z$i(Mqi4VfD5x*)-ShrFtm8v=Nxx$^{Tos6? zO+D*;7?3{mGkf%bMOT23cMEr_6v*A+@=_KFQSv9f-gCqb8j|6Uu%o=wbdN#6vMg1T~~z=xS_icb+Y@S+NK+RYZ%piwIs1LkK~lUmm?l z*22W%ot$bDb96C>oX1pd=m6yhl?p&(sm0+xXL8#L`za z;zvs!s?1-UI$^ICdP1!R`P_OYfL${Y0zsp8rRn;KBrnHHCmItztk6~Ymz35 zt>(rwH9cV)rS@c#P_b%vYh28AdCKFB8Jw9tNnfo7{*>vpXdJ}unVD$9_@S=)fiX_8 z{M;0A|3?cRht`E{Lyigw<&8Ga)7}M`*YEa^gM!+X`{jvIO+I--M*}~*$b)A`vylS| zC9`97*AHpw8bftZJ|5=}nP-okb$Nb*aJ`nv6UFwd=0k+au?} z608LksOp83$;$SJ7M*}+oOw2ceZ3JPfcL~jva49{htZ$DolYV_|1+suVdPVA|1=I; zmUc$Nop&pV>%}_{ZETMq zo!NMIeko3nf~wB+|DKu(0U;>W%DM}ld3N)j1^-?#q8Hmxe~{zP^3NkaeawM7=^wCqpTaViUA*VZUr0vnjWu5#243Du1MOB?vH#?ZMm0O@lB z78y8SSs579Y!@ji(PZi2S@yAYHn%r)1g%Y;_3~EL$B|4YKSxlrD{JNf0p=~A?$!Whc=vZDi6T`LDb0}<256i=0JnosoMilg}_oh_F} z;W$4`2(@_RF0OE&tcRTRROTp+mlEp9@&G91XTuY{tj=4o3O4wCBFg}%zGQ_F62{HZ z(lI6x;b1;qLXVHbIVjz3TqdB#V0-lcH3nOwKH#P4xmbbh5f=KK?Hr_RdeNOcK$of+ zH%il-FlOzG4@?0araxMILgOt{LWQIS1m+^%Xx`O4orCE@QwDHPZcA|k;jGQ6=O4kC zM8D+)fCcYr2zK}@&(9Sr^0e!W@dr0Eta+P*={e1a^?)y|T<{;xeF!L&xyMW=%NUi< zX$M^goZ}G0?yU3r2jLR(%C|x#pbU)xcB6Z@E{cwBdI}CW`41L0jlh`2Vc$mrlVk}P zi9$S=-kd5ig9OFy)?o7Fi#+whlkJP3Gvr!C@~XdWzQqy%jfYXME4FrYa^Dt50Vm}c zR%ml|rC}~eeeR&bI6vNI^xB5pFhiR>6fCT-vsruA%K!FAcSu9JuND|fhYPl~_`NMZ z6HtGYEiaQCZtyoyh0|~vcJrI1PLJWK4b%Jh9935KPSnh4!RUS{PJn-e29^(acRe3R zmESD66PDt~0RLVcGt`MN16=iAv0_i=SQy>^3FB-=gl=R+(K9jy##(bkJL#j4g|?ze zxBiUw>RX^f-zRIa0{Y=Xla1FMwz$ZaSZG&$X8_Qu*}~p{p&!z)`uM(?M{#3Cfp=+_ zlm9I_oboS_uXej=8cZN!B!bY>$E@ogkLo=#cXd?HcGf0Cx{>?$Y^tWehHM?cv1VIqfB~ z6hA?)hPwKCnPNE_0-u>4{8m*noG>M6?wZV;DBt`gr_hgs3Id;os!8g)tb*@pxx@t?0Hd4)P<@0A7!rHJ{h&vN4GuaqXc8(8~pvCag>V=(P|O3d z1-$L9Ps$}ypAqg;Y;d`c;V5U?Ks~wZIKClaqe+niDdXTNb`l8ZkhR82N7+b1Yzz9UPFmRo%YLvLG3hVwq0d)T0#I4 zlAT?Oc=Xwof`VQE)zv90`K$qWG+sHgL`{(lGkUh&e-rMwas@j(vrPg@$;2#~97mj= z@9rFCuDbCaN=hZHO>6z9I=(m(ZVQ4(>LGE!@kLX5q*M!WvG|X9o@=78I*8_nbAoL7 z%sE>|CKwU;69Fnj zynsK2R4PE|tZy+y(n3V&koALv(E2shNQkK4p zr0{3a-+UJL1G?E-A+{_mW(sjBy6aGXw=8=-801MQUhL-ceR{&TH((@Qp2B8n=FiP7 zM*7C)mIoAaRf%2r)P^eCuMVP)tv=2YeFHHWh1%~_%jZBJl!^IQ1*1PfKvt&&3Z*>E zerDB2uCgxljr*3W_VZwJ*2%@JM6Kw-$%N)tCG#vyjSiea@-ME2L+& zp<9yA6vZY(cD*xK`aMt|t7qY71NgW*Mt@K4p~UC zgQRH?c2qv-ix+V^F9Jp2{kzQkOA)c;v(gI#VHrCRb0tVu_=zB!uqIuF0Ji*A9s36t z?%4Gdyf$PCuBkZ|XS>+;Y)_^GnJfFk@r}D9M4$uTy9gq_GcY<6ao>jDk zIjQt5ReX#&D|MNmBM8?52*3N?Fi*=>#WS|PWTM)6cns(qCF(eaS?CY?5>&Ni)1-bf zUpfkX2ogG$oGjXDnKvu_>nS)K0X>Y|JN4(r<@1#yk}QF!My=vujlBb|1|opyk?Iaz zufHMlYv>a*3PYxD1sy&(H9nv{R0AsuT=zDc*x|aDf;|jk+to`HXx90@x6)bbo`u)) z^r(lSEB4Qa?`A^KMXK)zw$-~K8TbG_4^MjJ)`J)lE>5%A3N>Y z=(l5aH(7x*%({7y9KflBHbuVIdo4CZ7!L>lIQ{1eU>ajM;pu?4u+^EXU>HJrnj{Rh z*?o+ug-}$XM#@Ohe}tegT>8?Vk#P)jN)pl_{_~9t^;2}W9C1rQuT4vj+Ae)i)$GqN znAr)#EtqMo0{$9A401waCr;@tK!>*eOvZ|%w@qA@)?WhG`6I5dmYfE3vS zW`g<-?bm47a&yCq?UFfxQ<`r&Zt?+H;g4%44Cyt(yii@^9Sv~&bmj3TV6V4ACi4oo zDoR{z|HNu~``=^81ce7{7wDJy+5O@*{06rIOst-%0>89sw5BdR@R^Wov9s_& zJ_DLBXa6ucRSmb?#@pGhvJ|HXS(j*`)A&kpI;aHnkcS6NI7ZWdx%b zI@AOGrk&7LLsVU5}8_m47xx5+{X|z zj6^(bpAoh?R~<6xFD2)F@kV_6^cPxMK0fbTz0#asPyabN5$AR*Vcu{VIP zCME+;xdmTI;=VvSjLK0dlGOeqyZqk~L_KW9&4D!-gf1gh4gm)X| z(CAg?vm?3bbEY`Qd#X0O!YX?M7xsPnvi5O}%FLJXiI@15V^a?lg-`mxjg@7vy+eD9 zlrTXZjdpl(=n~Z60vrxZR-^uKz2HF4Z-^BPBuivX&>VGfB<0LZ;ciwab$D-${0)g? z`s2#A*UUQ3j~UkKO}(4c=`?#rTHM>}dnVjGV0&9G}%sVO^v;RuMc5MTkn8QEFRL%;VAazRRFM7RSY2Y0W0O zIx_uommae}v)s}oq(9rz#~IxE`Xm@ur-2bzr&}hdvx!ABr0vj5?6_FxnH}r13~=49 z;BS0p7e>{btqw*EE{k{5KNkase<3E-`8Yr(r5$!T9{&uK6gA|S%MS>b@BPmn4?P6* zvNuB*SX#_vW(DR%I?0ZxFBQ`Vjfg>1?V(j&P?!x{#Lg<(G&{)3r@_tUB!Wf-F~;PH zl*I1_iN0AI`PmQ4QdE{su(ynk8>i{7AF|5cMJRk=Edrfk4-wxXakjHWD~{N=z6-}j z>i}nyK|7mHjo0#Dz9oLMbr^867CU9v_EYirMYD72e~1|13=)dWoh{Tgd_JqyyrN;e z!rC04h0w%R;(F!rG-+r7t^W~NfH6iZo;LV8h`>IAuKkXG-cgK9BwF%70%#NwV=4Ud zO>H2MSN!GU+p#Z#81+`kBp$Hd=i#GC;5;*~JJP*anUU(Pp>E+O7`e)ZpFk^K!`CH< zl;|a#hlAF~HA0G{O}J%3Bs?^?y3Q^~n=K0$Y}inv#*Ri3nS4u-dp8B`cqSAr7!pT4 zcb3lAa`hB5lY-WFm^NjJj&KAr8>=%*39tt_Z)hRn%R>(G=|e;qNP!8)OQG~tpVQ-v6C7YIW@-En}qpbRD2|mOK4fAN! z!TXo&eMb&W8}-Mn_CaUhHWFo}E8ZcFSFhl_C>+@}#r4R-2t??33O&+SHcT0DQ&7V) z)fZwI!KDrQj>o*^KxbS2K1qyC0;*k5QA=P6_3P zUU*r8AZinZAy!pxrj*A?b&<6|FUKMb`TNAxuX|A=TF?hXj{keTgO=mHdWaxc4!TGZ zpML%t>1tN{3BjL-T7-4?a{S9{9o#temJ|kvN{p}gJlkelKcesv3G+w;A2xBe%%{P6 zL@!Hbt2=V{7_ueQ?Soc2oN;X;&h`sMKirfONm@-+ersT?ND10NqW+hDghJ zwe04w+0wC zAk;K~P&4_VXX-+>VW$xPH|4e+_bh4;Mpq9(BH!6(`!l24%1r2v<1s=A^r}(1eMd3w zLVC+^6)bt9dB^03Mnh(1&`2SY9!%vq^*cqGYlB7i#G_v@hoFic(zPr#LKctu#zEdy zs+i3C9Y6m*2WRqVqrGFd$Sh8nDZ{m{QT>3FtfK`Zfwlp7Wf^E2_y0U@pP3@S$0iV z1VyB~L+S4B?(Poh?uJW{?(XjHZlxQfyIVS>`EGc8zkmKXYcco4-h1YpxwH^S)a1uk z&l)KoMAQ->5o`o?Rr?0}EYU8KPk$f7dQlaZD0u7AQS(jY0nlHcs0~|Sy7o%V)7eF) z6?2GDtB_>~Z6TkIgGW?=1D*MA`-R^mTy(Pb9Ccq^F?Ell^k9B!Z1Llx)#9NhX_9h` zJ2{0{!~+Jgo;0Z_rzuzRcM!+-qa#=K>M8P7gwWt2?p|G>oM>u{u#ary|8?;`SrT){`w?^VOG|WS97+e|`m~RK zv*81AJ|EhXz8qc8Y5VBQPM8h$7{9YcxQ?(C_FIEBf0fx18A-cWrOQkMzNPS zhAdL54QN>pKtoKgbi##wy-Pq<<7d={P` zvSy}t)ko=mXW5JM%NHmE#tW_3~*Yg1tMsUJVC`Fn=$LJ5w z_S#QPCL@mat18h~wH3_qNduNlzJ=&mahc33^p^aD86)E$U9uH=r>SD8}~wPK2R< zRuX0?{C{^q!I-__eX8ps(pDMqN%Usw{B*N*xY<{tjHfEKG@WfleVjNyO}}EAnpa-b zNSsevLhx*!4adfyuV@tO5X;?9IW`wbNCohMz~X%8tS}pkR-sz46l>hiPo`uN8_1Od z_1--n$)-cTMtcSE-G6xx6(ly|8G00mUJ$Y8PX$|7;vw1L$S^J8T2pa0E;?{Ih)m zCQdN{Z2{*T8a;}?fA|x-uH_@*vJ6F1o9_?yYJhC>fI@C$c-L9k&VmmrKWtq?A+d~` z?ur7W`-ESAb8pjr^9nQO@PT(b;f!~pk_Q>r=f5(Qy5mq$84Kb-Zai%qw(#qt-bZPw zIZ5hNNbZK-9~oWwM0VhP{mK>Sbi59;hZ4yt z4_+5+q~<)nh#K5ojf>do3!t3b)CG{4h`G*KQb!>5_UpeR`bB8hrN4;|>t@)d6tqpc zOb}6ST&e?X6Q9OB+gju z)1$##99;W@_7XX4j$&fT=5y%pZ=pM)j;cLD1iCLpmzNstdR?Jy9kh)dkdUKW4H zKAh$OQEFAfY+Vr7dG3Uhzjq^>Z0boP3&_4WL*vZHki9o&`Js>V`hqpwvWlEQK|X#_ z^3kwt8mYuL3%EzU=SJ$tVk$Y`)yHB=76J9W{e;aEtp+ZgvO+fK-AhZA>j(3*!rcRq z1l`uWsJtkRmFO?hDh90x7CHsW?K2Xi4kSL@LKODu?$9Qp#(+EmXf|K~9&`v4@PwC< z5t<3K(;brXw!&U#76n_muAK8EY^P5ljw+ zr(=hR?JHx?U_@IzJ9BTRJ#=ogWi^`~6`abY?qRjBIe`1Ud`Z*OI#i+EaHvaW=&`_h zeA1~8_jGB(y;>!8J~X16Yz`;0dp>3~ z0NQ_@Kb2`A!p~NGRcpQ2QZpKwBOwZs&-kAjF3PkDe{bG9m!bI*7M_93xAha>aFX@} z+|hYpp6EBvdG>Gpud2H>HUWcw9xhy=!H`Zj*yDJtuf=38&Nk!}>nzmjq)sW-j|)c( zn=2S7$H+FLFQ1wQUA2pdf(Q%EfcGckTFDhTpP4pZ*faE$#ZOaTh(qI^Q5mMKT!FD3 z4%f?z6UEDJokAk?yL&E$-z$TP)IX&|$Nbn=Y3wv1RO*5tEi|CY%<|oK8P<@XH8_~r z&6{XRo6Le!RWzoebHX+Okny_mFyR@hDBV8`6*;(!e{NDF&1avPeffL&X=lNmPBDmRF7MUX82f9CbAFF5lg5 z3W>G6u7HpkL-;17lDiWN04=~(ek5s1jD*2cb6@jEXISL@On@SvdORf%mLL?UqAyg4 z%Sr&SG1;3aKV5tMg zgV-olNr8TQ9#-Nj(AH!&nLL3Q+W%`FicG)w=n{i){XE%(vuB(E;H+CA7<_N_w3QnW zSmNsoI-1XnTRcRTpz3*ir`$WS@1{(j-F2wn6>5b$`uFg%rv@qdV>WhGNtoFC&vRJX zyo_|oBXgV2puY`|k+h$`VX%8+ugy28xm>p|Mdm@t-~4^vTBw(Jip z=n#jQYx+Z6N3S$MS$-gfE&|rHX)#_29UwA(^ebqjJaEywJIn}_PZ-(GpU3w{8jRP7 zG{tzS>x87#40Af6r=P_U+dHqljqYV`$UI!_=$Lq3aHPWV4{!Yh<@=ZC#Np759Qu4TRBsL z)_c*zAYh>dk-iB{eeHN~mM-{a-)s5#t1ua}UM4rQG@A$tlJaZw9xJSC^R_-n0X;9?#2V_)82-7KZcZX()#_C#Pf~ zA*pETP{*gQzGsk$i6Cr z()!`ygH*}+I=sIc1~4;1wEW#fI=cP?0UxYh(?m>x?>o*i+d72B!FN7zCM+JhM>d=t zmFDxNWC@y8`rw}{v1k!>pOd62|Eo8}bh$uOZ*2CxV)PK+G}&Y82pJkVfqKU5OJwIb zk__yap3hX9xAIas1MorJ28s7(2u=4e`J%A!JMaCK?4|$-3yzpj`LvST#mnK|4|yf$ zdZUjJ)G1CjGqpb`OSgh$m=oO?vE!alktXPFWxa}o9279>$|86a7vg#{=z}D#Z2LT3r zx0G8DP^<>9Y_5}UjTvO$91ZPQ+G%lmLwCGr1<&)R23taFbXHgskfk*P*c=yESkv>e z=gmNQ8c8L)?MxW89PX-*6vJkR^ByXNfLF1H!OFiK1S2s4F@>)%0!uuK*PpRCrza~N zo)OP9^%Gyu_$nKLoUk=Ggk{3bFL|~-4Vc2|Va8r%7q;8HnM!`V#f4A0#Wgdwim)>z z9gCI)SEp+Z9roqMB^Q25rkqm#l?>ZCqjjpkbR2Me_|@tYJp56*_v8(dY=-zpOB@X0 zH)6iJ3cBlr80J(4gXK%LHbg6e6aHo|-GBFg?;hQ&W>(t0jXd6LAL zAuCT=f+Zo*ntcQruIda4!QbF5D8Ty!XUeB626_P~UD`w>9BgG0RYKyAmP%H}Abjw5 zjTj{iC#!)X()rP5Q6(%)OU%X+l9KSo4dR1rmeU;{SAi&T+_uB{sg06i|(SV76y9@yU!y%SSsm z$czaxA`kvC;X*~}Vj2)8Z2KLBnc8j&R7wg#cJGS4V82g;mL2`+a9~0is^A`C^E#cG z)Fsz$IFmOErNLhK;}n{cCu2vg4Q7mhHD5eZ3{^rBg~luEaS0(DTfOORu9js3**#%- zm)#*pf6xmK%2Ti3Rk)U6=&c%mTY3XrL{F}`o*G&|X$SUJOD_dkEhc0ZAZEwOZ_*pb zlEIQ^CwJ>!e;HLQS<^M%nkO;W*er;jb)44k*H67+u960A0&V;nw5o zl7_~@cUO!6UMa6&q)c&|k>A)--4PCN{^rc;hj%M}J>i!AFQX5zd1eWiOCF49%dpYP z%30YIWUkDba_ZWexbQz>wZT5@Zf`@Z5dFZpWUc-B&HP!wkM#Xv7SctQmfH=nYugXY zig)hJQdZ6uon-s)maac?vkI^yfY1>~Borr55auvf-aYec+zV3qrbSrmgtQKdJ!Ez( zePU3&hZH4Y6L<^5CHEy^YM+jnZxTljG+|;-Mz>hnjx~a7#a8}(IdykHpg53CsAe2V z9Nl`)bC)j&V|v`)%`h;=u*r*T&exO^G%B!)`ho9B$p4dF8yNlZi*xG|AUr~kSW7cd zh5^h1?xNKPmGe@Fg%elfAfefv*0& zn2`s;)B;cjI9lqmbEJ%wjt{~p4qrtqgM7?(OaCseH*sg6-nt&et7U&^c1E(DH(QAY zV#8d`5Mp{F$$}rLwgo9eBa5%{lEZ-?#YO+5s$Lkl;<3f|V$fbBbil?s>*gQJX%;3- zE~TiurbwSb3fE36tB<>yELYXOGsyw{IDbYCVIuNUXyEWWq(l{7llAJfhAlTSnm0qU z-p(48nVJK6*A<~B_}fEV-iSl+UI0t*1wo(yqD~T|j^)l`+AxTPfEkEA75TT)iM3lU z@q)FU0hJCjyN!u@zpwhFj&HsmwJ7qC=XCb6CtUpJfAoNk6H_dFU#%6o7+s&-o{-p1g7P546Cqn3&x=*0AAry@W;> z>4?DY^x|x3$MXz)jp0*u8jtgOOBeo7igEF1o}QY*iuI)rATOfXla(w$ACqUTfy3Zr|W;pfhA%M$DihpLiNt{L(VW1bYqEsTBzVByKamS}v* z)~tlVne>|+#kltCv*HTQ-08_@mr!qAmD&OdWqF(Gb0XSV z&UrzGd6oWKwTA}ZmvpZ$mr*L$xYVJU8qI2|+70xE<4KKZzh0x^zIB1Lw%u$cy-5D`kz;>VF8D&!9E4ZvY=1o^HPfpX;y zC-Vrlr|H; zp4f6nrz%~DHAB0yO7+MUoV((T9o+9#YvYUjBsqP{9Ga6??1~p13iUFNy}{Mnnd?zo zyq=%z9jfMmUne~c8#*43OC>h;g}*gscm3maD6j&Y8*65|jY_Y;p5#o*t<`A3)djGl zq`ebw_u3u7gYY&9$`1Ou8HG~ee!W2wCWJg#MPto-T=vRH^g_vYF?_p;w*urq%hh>b z3=6f*;^!C`H!*D&B&PULeTYF)H~;5Pe${E9uIH`s!0-2|7-QyBRm>IfV#2F5HWpqW zt4A4*XnBT|;0=;3Q9>Db?`TDe6ml+`{qmz4`S;(8jf{i$d11_96dh=EZC4o~_V5qR zBcu*7L1AEwiwQSI*LGJ0LurKAFSs~a%qxhVT+Fyx!Yd#ZQUZdp$Fu0!QbS)ESNs0l3!ec8Nz6`+VDL+}4jN+gE=)}tyL#3fM%t*b z^nWsn$rvZ~NbAQaGqd?LM)&y>MGBXQx+1fvK;w~hhOnat`!-g@p^~gkX@C3-31YIc z$zSDKE+g+ zV;6i|Qh34f?jQ#?Vx?f=${!X%)*Dh42Q*thx(}pi4#%{TGrrj-y(Gm$oRp|#oEVo` zBni%j&V1PO{#gC%PGcI>iYARWB=*{&sQ37c_Ua6L6|kBk^bzc)0xqWJ1zC__u<=4r z$L4ZgiJC}d>sDhA%d;GmfNJ3bzuoh|D0#RjZm<^~P{CEfhh!C>M|hq-L(gB48RT%) zAVT0`<*etG4T`pv%0e2w;V_Q27o`pHAf`WDfa57SOc~FxK|>-r^!6{sy?_qgty{`B zYS_(dhzIUihQ;yv>EQ()!-$~jKb=mZNhYJZ>lB^Nu|5A!a$O(U-IhAQKF&-RRqJ9$ zs)FM_udXWDYoP1Q9Bs;wxY(2k{rRa+{3OoGPnZx2k@Kr^kD77;7u|Cra=mw0vn?!I7gF&_b;{^E^ynb(vIXzzKaIA;MjoZqe0qx^z{|%Sgz0<`o=0lr1QAu!| z1j9&{lHm7{FQx~TFYZq(u&00U|CYR4p5%FgJ7B{qbm?}W$BaUCI*)dCLgvW#sUw&$ z1wwNA(}A3aH5?pP<`rTsor0-?B2EV*_m5GzxV-o;D^Xr5nVJi?4Gyw%$95f4^k?bQ zu!OV?0!X4XN(`T@1k5sG=C8GRBh}1>?_r7H#$5gpNw@WB#1`j@#aViRi1f;;aiJY>@)6HZ@^*TviZcxhI#F8`*yW^X*xx^oy||>?7(&} zQqkdxMe9GC%S8tz=fdJH9IPR)WM`5bq(}+10;Bd(t%*m0uX4Ag)`lh`;J+?I!Sq3W zy9E;;LJbi=pHqvADg}wNnwu1sdR+GELyQ&rcm_{yxmDboG6|M#zYd+Whv?``U}i!E48Ku$4;nqQ&^=e=J6qISyd!cG zhx}GV`v>2TM_`J-hYZ0DIo8$}q2e4f1NQr^Q4Upq2f)HVut(^;0l@Tle|F*t^Ms^g zZl6o@#%=z(cf{NiDizWG(DhVhl_Tgqu{wKe>0fHkBo&L~U|;fIh#GFwfH!#m?!yJ2 z<%tRVpGCcryv+`NiuX-yex@xWjOWjepAcVLopDTe1a!Pbkz8CR^WL*7ciqNi>wzLkn+W~QNW#D=0nOd z*VJ&~H=iP22P42eLN9whrnP0!g7mTT*mL5V2B+Ntc0WCSazGj>m8}^YnYMsk{E>+S zF|t;1{BLsVK`l)an|t8DZt%LoZa>`v_G%0SO)i)bf!ecHkUt)y)xl_`qQzreD6)Q= zt34&G938tX)RtEI5#{r{Tc1?mW?>{|)swlwHrLBeMy| zhGQS>o3|#RTs(^E1m^->bW{|ctVORh3Lv)vHF8B2uLiKuNtflOau~CT!uIm{t?3OQ z@$iAEE|O_DWP{#_SOoy z-D>VahTD{Ir&6*2x!+SV8!^u|t-OKd85p<(??_FFWL|jdM6Q)}+%JgA$A*@$5LNde z{bhg2aFnIajrl?DJ0(L-;tpIsXSkSWY7N$nex-@05*WK}_PZ$4HhtL_QJSUtVV`d3 zMD(`u8Z2+p0a&d#Z0~Uis{F7}&{(U$0}%OHkn8ap4)+8)fmx*``eeP3(z%7t2m9BL z-V_0sp07f7BK|#VUG4NnbhwS;rvLN~;in}+u-ZRFV@2rq15IFicXI!_98~Q7%jUWD zJE?FiH{7=BSaWH`sR06DELikPDch^UDM%SGp_0X^h=RR zc<%YK#e{2tNI3VfZ5vi}q1MVNg)2Ertt?fv{Ikj*`CZV}oPz`syiSq*mQAB_;F$AS z-w7=+`Yjg>r=RgI*m~NbaLe_zv|A)Hw;B`c8e923siBi@zs1;#CgNM@B2BOrFL6d@ zzaK}kyi zWHWU*;O_`8x++z%-oBO^(e`E%yH2nALR8qXY4xn4_5O#j!(V3gmDsEP2eL$UW$8u- zoF##bR!=kMu zmQw&rDz#YtnO0a^xwkg-yIoJJ3+(3Tbdfw5 zOn;{$3P;&5tI)0TP22}(wILp4l@4x>m8woGF8=-$0mUq~= ztJ}+Ks-&F5@5HgEg|iPbW|9rHhc${nk~A(B0nq2FsFCqPd?1t|xrf;DMm{&I1^B_UahkMLy57>^rVG9@ZEYB~ zVMIB@#R?9QcwR_7oTMo|`mNOB)qmIk`b* z5`gGlz^b94uBk`cj~zFq(eqGVS#ti-Lzx+JA-_F-vwQXYQwHup26tlZz+Cp|>Apjw zaY88W@}9(V+{h!pWq}c|T>4|Fmszh4r=1dh(GQXw9<$#w7`zAd(-%G6Uaa)7xCsc0 zJT6ksTd00joR?Tw!p;W6CsQF8_IJhx?m(33VD-!80eAjn9J&kOt#i%O|393JlaoI`j%-3_*VTi%<4Mv2m! zY^ZoTZLGco0){Ff>_Fh5YrR@U$_iX*Cv3d4{MSc?Mu_Hy2v}AjK8<7%tTzMu)M zhv|M+-PunJ&R>bcq*c2}0-+xTe(d`zf_Br!a>&zv4CRW+aBilJ{$g@e?BC#FO(Z^h zJtYZ4EK=0}shcTr)xwm8@hWeOWAZM*diByZib|2%Vj$EkMxo?c z!DY3GTwI>o;AD0?K&7-^lKrs&GM6EV_=!4)h6<`a{36(G*j1eD&v;t^feYp?$qYRt zNuUL>O$j^;?1DU=F46+ z_B5}u^SbNLV?vMTNV0ErqQv~?2L6xYIW#Wu$fd|{YI;>Pww z??%?!18n1h{9i|lhq*FLs6LC`(>p9LU*q77k9d^v%vuWkmybENNybwE>}WyxB$&LZ z*@jHJm}-gKbwl~s;VxJ{Tyy(kLtguboo~NqT$Ce)Igu{nD;lJFy{Um|uq8vh_}cSy zZ(=384)3BpsAGPxjd1_8hW_3SZk++BR)DcG8(oU&u*YEhG?KlyF`nn!l%*!wGR}mW zFBGVD`Jr~H(2FTe{zeP#@cN+-O`s{VXy@}JR?evR5IXREgCg-uz>o-&qsG0qv;MwB zi>(%Ij%!p-+?9SixP7Mag^A#v8xHF{s$U$Ch=hUoJp7;*XoektjKZW71oZ&&=}V^k z1jfN`SJ|2rk6PcWC$p==#rpWZ27DKS(b*LZd(hf_%KKIXGzg7u|1e7Xhk_TFBwJUy zf_-Kdj_>Z~%ityLLR>Qt)aHoT6C`KXno9(qhVrQUXZC6_7jc!n zHs7QavIcF-jD48yH7}Tx-a`H{;3g~A@47<#TDN0a5uk`}Jp75BH(S{;CrtJ|tVmnM z_8)f)P{}zN|G^U@Wg;^&;uD{MpuvQoq*39w70|55I4+&c3eA8vei3DdSIA#)Wo`^t zR`(Ab>HF#O^IxzeBsFuvle&MuhiZ#7S;gykRR7?>mEJH`vnHU9O=EI2M$@ts$V#57mHfnf2oz;2pRgXR%Yk> zy-3SlOl{hd@v_vkPkma4@G!g6RxvBI!)|Nyh1c-HE^4lR*(^ zo;DX?dU071nvh>Zshsb0hL{KX%Xs2YYic&Wv-J6p*dWUG6K(55;%hOv`#@}?ceEFY zrko$g+DomZJgINg!enw|9Jbea7({qe)%bzvFbl{t-wm=w6&=z3VCb~vPi23R_Q7tq z(0dmm;v3D~=C^3#fAxJI7)vkYD&be7tU|!ZJi8+XaSGi`<|la?~X<;4+ZIz+X`s83afNJ%S(rG@blVHU6DfX;e8JbFFDSoc+x~HGF7@iDcDaGMdK1;wO&>3gyfRNJ zZ?sXRp95fL%{oul_O#r=IEsztF@im+U!1dW_+m0>yNctR2rJh7(ZaA~YO2KhT z{wOu`T8EX0iw-sR=W4ar%XPh1Gc@-ILZ+hAG5q`r&FBU`H=AJbZ90imE9ZdKO|S}E zDKK~{el5JfOP?%((ixCVfpmbRJN>!o`u>&EXYR>w5Gk*t=hL{qA(S-ySW=(m7!XRu zTdFbLP7Q1HslrLst=fap4cJ7r+FzNQ5qXrrV?9i?8V(Vszx(!Hg$lgvQ~mWbgl?Fs z-x~(y8^adkq>#KL@6C$Ujk{&V_Z8QB!sA^&iUmXScx@cy5XgUx>3OsW2~BgjrMD>KX&(kf*tf4?7^->;BKLQ&vUze&uD0PNG1o=-twf1 za&gYBaKfrs1w>tx=vbC@*a(a=8>)HVUHVm;DiTA&F@vdCF5;a)sD`Opz8P2FytxD` z`+*GlJ^r6-xAzt-uf>^UaVsAs($SBjT7aq3lu|vg#hBpXePYzSHCFJQw95F+AONHt zk-M2ve_EKbfGl$RW&fnPh#)B1xiXZt=@xdxNMZiN=QM&cCG!@UT5W)A%IFSa;bW!K z@o673`~;YazD6b(E-`FhD4o6wi0CAe`)D(7GX@>My@=!dB{wqQ=lXe>R-iAHOkexR zXD|L?;!eOd3?ky!ks>6T707J>U(u2s+WnnGSrUE==B2NCpDThWRnVi_bLXijdMWb)OU^(r3Z)`kNd-hA+ozXnL0=H@Pa|5B7@Rv3Q2nhJdTMu=Mk) z=)8q~AgWhBDjzP??AIr-a!foXzyi(0Q_QyMn_?=n;-qmUQEXuA!i8oR4RcLv`jpJJ_9emOr z2iR6=m%eu&x9lzdAMniOccqm7Q6S)s$RnkVsRrTE@QHWtLh@*5ZYP6F(tG&!ASqw? zN5U4&IR5rpLU{6W1aLQObH9$-zFj)x6NeEuL`Si=M6vENJ)OwQn-?O%1Ccdp_6|zw(FQ6R5jdqg&M#%D+{nbt;p2rMz|b?^{D@BtvQ(4ob&z0DJM@LPoR- z;|@}-j253eB9-qm!T*V|_9*-U85k-C4$Xl~hr9gii$`vnBaHM_iA*xQMOV+klN5G5Y?L{Vaq{`0U z7UiE$ZrX=A>L??D7gD_WaTI8KB4E+U- z^lfs%7Jt;TI&@w%1}lBrj=3c>lzi&ff!ve9nw}zkBtQl7{#(a7`HRlZz*K&4!E_^S z7yy;eTta2}oTsv9Fb>IZy{qeTu=(!Tj&8ifXF2swOQVFB)C58b$bhiZle;`u6wdl2 zNMBs&&sORFHrKXo83@iM5t?4-jrT>I>F6D5Y;SHnlNL@2{FRH|g3LfWK-hO_IpoPZ zs`8Tx4Uv`ddkd^fH##)r7tjzz=N5oNh6_M*OQrT4Z+`sk?pFU*wAVf~oad%#!z??F zD?Q(_eTr;N(8w*sBcpW|i=LK-I0<(!6$Q0^_cRlco2EvM+I&Z! z^!1*>erNHfx02?{H_1MK%Vg&%pXXqx+~UWpF&p|p1*eGE-*E@~ojL1Y<*;_q!J3*P zQZ25&dqWz}YVV@DjU`&Z3*mlS6hJJDy*-9l8!#PB1yIuopEMI4Jw6EC1JmpetD2v& zS_ZHU4vMU(WU2;S4?rC~PUHOrau2$Epf@VFo-&yq8m!;GKALR%Ksc9(N29%OQa)9P z2~Fx9SSGuUm}aA~dsm6vzabenjG})4T6j)4-q>q+@A~V*1TnLRN^%xz@)yABhZ}+T zPtx(vZi?w}(ZCW8<>?Sji!r7 zxAVgaVb^rn6#Jk20W_H%LwNEXI7vi0De}nBReqlhU$Ff(87HLG2ohOtrnQS+MFh@xyRbWl)8&Qvj?0-K) z=L&wxJpfHShx-04OPgzwZqp(62a)Q!^WlNwp-L40vevZ4oG#TVHKGI_Q49|?IOlH_@ryPj&Z-FA~|NXj$(okngz|0%m1 znN+~K?HS=UkhpZR)I$w;KKVzZ0V>h^e|LJH`A+_LcDvqWMPfrG;9YoB)4ni|KA&}_ z<10~KbeeWhX1~zpvjdfn{T%}x55-gsF9Y~^FXGR1XZQCE4mposCB$TmAia^LxSdY< zOLuBl`Fy0XN{L>TT~SP!YBM&3y#h~Y!N_Gg=)DGB&HUfrbZIiR1n-iWRK)*H44RCR zBp7f?6#aHDPRp#6WF)V3;*({lK>w=MeQqJfPoM>Wgf$p#Yv01Q3d_k77kSK2%9O^V zj7q6Lq_4{_TtiA0Wt1eZY)nzLxg=tS;2020gt+p%G<~xi=%N6R{T*tAW-oE0y)kBg+)J3hyI@sFh7p;T&&c$lcx-*8fZvK|U4Ia9Nm0P;fNLRb<47<>RjPJ*?E_*G9zT5Yh59cnQViCS8Ro-cYq=>t1zeZ;7d!GU1LaHKEqRpmc94@uY6swHis!&g+JV){teeIHBJKIi+dv0C|ne zwq~qcN&4s*=;lv%D-Cn6?|5{o)#aVFpVz3&-xFQRahj&4 zc4pdIs@SolQ?=_z-L8Ss=!{nscak|_Ttm_LrGn^FqCoJVNq#cQSbQ?!9Bf{e#DYaz z;J=c*rP4q7;W(>=_IpG2yiw+CW^d;Ze9a@cSF)iu!11s)W^^sPr&$6!eSc}Cqbx2h|RVp2O;i_7YY^*>UN5HP(>qR`75`C2CTzQGr ztVT58Fr8~1r1nhZCc_|a_59Sz>wW8`$*mESwY5=HXQOUb7q7D>jV20ZbM$e?&}p9H zZy4+XtXVJy@Ag%kGDA_Sn@3b`#Vjice$ykxaI$K9Qb9+%cDt&kxTJ7tY3++dj)t>I zTx!Di210Y?p{a|rs)F~ChuMdqZ>KEPIAw?f_m3Be3edX2z4*||SME*-t!oH&27-!5 zf5FDj`Ye<|+O^B_|v0ox@df~f?0&Gori|L z{aU0jNr|H5lC{O-8l=cwk8se6|0Z4AtWrr>>f2F22F8E)8EJx5+=_^1C4UG6Fk&f; z?*P0V>@+oDW%Oy9eE6?hHLdWtDyGIR_b3L6&Mi3u4X6v9m5pxa&^vyi*EeUB)Pd<| zaKTk0(>EBTpY+;BP+k$xOMO&4-q#MQeux`ykHY>dF?K>G^!Z>T|g7nvO=eJ5)5b!qCAc{9Md9g_sIU{0Zud z^-E)4?;uNwk9a)=ISUzXdRSj_4@?YpGwHDwFYh2j&A!wDAT&h{Dd1l-%sFNm~4YY)xJ2+xl4_ww5N3Gv(+kq0io z5YC*M8#Ji)`4^&izHBktvl`;vVcTD@TBb+QpN2bOpY$=StO|gx=-Qj`3fjUg15yPy z7fHBqk>(Ou4x47{|K4lHB_QT9?c-+d~|*xkFBG zu9LfJ=5d%RmnCl&l`qpNw#=;bas9*Bq$^lU-d(pS+X6$LM_P`j8KE`i(tk|9wcS)7 z)XDP11eWLQ2{hLuP)?$IEIBT&-~V3jt`Q6Sur>=1D?8K&-SL`I%A6ibWA=Yy*HfPg zq4Q&CF)Jw-twJ6aJtM53wbj+itM%Ty@m6r|Y9K3_$s(&%<{Iz*a<_P$4V>VaRhk7x zb5dUd1DOf2yvIyK1L-QsQz^;NN9F$zV}x1C2DknD>f&r4!EQ~RJfo_Y>y~&X0}bU< zZ3Z1TVF?<)lET-gmE@5b7s#3NVkXWQRMS0=!dcgNM7)Ki12f&3aL~xh#XrrDJL^Xr zA{vKgAlzlYYc}Is{?*^(NaLex0q8-^Yp8*uRhUc)8eW+xK?0=faeae-`N-#KkDf>i z?sHTkD4+{MqYfhCH6Vo8rbPcr+_&P^8}Fi0`2~Q+2?&+j&qLRbj>HZ;84Stq0;p1Y zF`N8_fk>&HJ_``!7TGiT1soS8YFb2eaT z5A8vwogMnZ6I~KF7o%SXKtgkH2&<2FI%tTqHRMu2%|d_{V-++ld|(?I&Ktg{ zW+5vz!Hb$$)R_3y4vY5GV`li|z)^pcdj$HhhrUbq0DGywqnpsnD!3jPGrs1F5dMZ0FUQ#Fw(smoB zO$rWy49Y}>*8S=&?f7^W@(AQdTQp(zdHx);l}VLj2aL{LCYkK;uCwvusX6^Y@8Q2Ct;GK=Y4R?U-5=xF zY4(GT!;RyZkh0V+QI9b1QBR^dlTM;|MTYY9arW6A{5~BDjG$xpZ_Kwjl`D&QNpM=^ z5`m*7Swp08qy@7};1B@c1ES1*T*0Z5#~wAKYvSaP3r$w@hzWSM?A{@!`6rbU!oscV zV54+_KsXrE?5^C+pR23b+40xj^zoriiE-2jRBFcB_dFpg(~*m z1}x7~gCbJcxb{>}h&uF}iq-=F?hVPyaB7p!u0!`I@%qBV(jC)Q`r-_qxjiXyT6mv` z8V~m%x2O~b^Urv^zR1rC;hKtPVg>V|*|IiAb`Wjw(q*Bv+|s6VSu1I}%zoTt%`bW8 zEskHL;9cU7d5_F4|6#3V_epWFes<5GQW5cF6IkN-)iifhy8=fnQ1|Ir@pZ7`Hg>YS z9jt{9^0q|Az0V@AztF$Eb{y+&#elmb>#f7&<1adRYwa;Q&NUXcvu)Pu{JL3}U{-I_ za$TF&%t`ENGrw-nfbZR$0JA#8ehFTguUha?*Xi&6aA< zHm~fwXXbP*P8#s#XVoT=GL(_-fq2V3Enwi$pT+gPvD5e|%3@&^@27ZyMgu+ek#|L0 zgXM9)lEbr0Kf+j^^iGFdmiE`Ckbcd7mlTA@n6Hd-x)_joMWDZMwMO#Q$s_JSt#i9R zt++7G`C(BHscXZvw8~?73A~f8d?j_tMt8j2sYlR}{7)K2YQvzOyq=Ci@C4wbAFtnQ zpT30)qA=*zpli3Lw{Yrlle7)f|6=oayjhJ5$(g1w8sh8M^`4QOE&4W{*?M0gLy@)B z#k#mdi>uFVa`v5k{N#Mzar%9aT)4%mOMP{TuW6_K=UObZH;B;oyU&P_lcoo^N!gBR zUvHxlos~ADYQ>M#jz~5@BeJ{bLcC;w^~CrkGh+V=)@1zt$0^FavMSyW&gr?CwN;?U zNyR!p@9Vqu#utY_u69e%6xHBXf>nZ;eY0{6v43i{T5rHYqzBy}GTl0wd87zAmcw8X zeQX^K`-VbdT{{vfz#4O%!_Bv9Uo7zFM6J=M5szoiB$8-*fYbA|B!dSUsKTtXPfRiy z5$W_VVLb2kVC{}pZEW_z6;|1UxWPQfS16b7-^S%GyLXDI|Mp4>4T2*t#ng{1EIR5T z5t)1TJ93c40{^pAos)?=>?DfKjYr=q9kVw;(dGJ$Z5vSCrA0SBQD1MavnUEth3mQQ zU!76SfP-s5y5W)ezM7)@IXNh5-)CerM5EKev_f)wRah-quy8O;;W8hsQyF!80A7d` za9BEl*`J1UfYk|g7)NAzJB2eXp1v^+GnY%NK=}Y)b$GI$MR5wS!p?{ii_DzTKAuxK zm&@hY69*--Yanm)%$TF0{|4~sqC>;MfT&ziRNtllqmdS7L9(=H4|>islAba@`e zb=fI0HTl_Oq>KruyiLn0CY9w?8VJ=D-f-U&ep0bEC747*E+feSSBe^S)mj2}04Ip! zVCEy{)FLN^Wi7$y-{0PX6L3UdbAqooH-oEtgq!JpNhS4(06}ha4_aKRaA(I^9^0(M z#_LaibH&h&V67R<2QwNJ4{k+k+AZ;yW`~>)T!wFTo~M?NTuUzt!i(Bd{5#33;N0|h z`IK{}b0gR3Uni?AMk_!|xyoGk%Cc^pX<`8H;%*TpNjH(kL}lb@6{qRf#K)=n+d31& zcId~Tyr{LQbB@&c)?vn(pYrv3&kX`EJeQq{xRAKB*WWVsE@cxlQHOiQr?ptbQpt0* z&?y9o{k;D^2$!k(e!P^P!ctAnfhGPjv*j7jXMVCr9vrt248Su*x7if+F4mr*M!$@WqG|Wg+7>^MBQP@=f%U8VmoTp^uTKq ziM_adJ~F+W#*zpTpBjx^LdHj)+dqp2Bu_RP{oL-vqU)w#-NTBAM~7X*^Mt#PU+^1s zG8Y_-bPJa|o&elM#ECNK46|>mZOqsGl8n*e3xcwgom!`*PM1&;VIDU}>_MxV0@_&N zkQ|v3SNLyll^yvq$r!HrszJFC3!}zd9Yradhv6I1m_$sSmn;tIAVFy&7K`|RgQz)q zIyKsuDeoCFQ(r^HnXjHQ5cXHN%u~%OF%-}T!hrK8DmQXm+xUvmOWf?Zwi-k!Op`Ha zIwnrVSM3dxYAqbbm3}zJVY3{;kvhb)mNDhf@6k;@c4K>*=AvV3h?lG)?R4BRBcIqIH>l1opMA zCMOr)SeZPp)gsRF2+7CmJb0@P6yqF7X~O8F?=uBS zMD{Lqz0wwN)^oDtj6oiKfZzgvV+*>BK1w3EFg3D*B~^v&cr+tLC1TlL)h5W3$@M-@ zjcH@Fs}53k#`Zx9IdQVUsbwS{TvdQYy zncc?IKv5rh3wCRe9B2Bb(a%Chw+m>E&vvMqYo(r|$ljNSa|fbiKmhCWT7pSO9`ANO zGj$u4ZXYDRm&j#4F7IAT>OYT9%J3zuw*Hc5_^RjBac0uGF$UH&skf_cU~t*0X)8g2 z*NgTma$qvwL3$hzdMO`??((zj=}z@00Dlv)+hCieMoZl<#Fw`+sHl1%6(f)tsXsNhldXM9^gQ2NU&oVcAqMNn&1t`^obue>NkXWC0OKII=RlgpW(TF{ z@%Dz3-KcVA!x!+;dX?}>{xe)PZr#p}@3B^uSwtrmk$|p`z5!!kUx(VIES)v61w=JA zF}TA8QjMu+-j}FgwdNrkCJ4f^Zcgg?($godw24rym&ijs$&!wg^?1*b4;thm*J5om z8rZ}3+0)ExhjH^J-X;WP{2)T0WA~Ise^G_qKQc)LeJ1L1I?AomE^c6uusYX)m)UE< zhupvvb0pq(Yo9#t92R|Ww$}6=Ze0-{0r0rn#({<>kz3>R*CiePm~Jd05w*z;!-V@C zQ!`+uPAJmo?k^3+c8v;;PoZ|lYwvb^?a}ABm8Q)qEUwX(kpK+m>G2{Dg@XO%?D+oq z&#ffu9wZNn^IstkW_Ov4yjI#nrZ+81kYol9RYk%y21XA|oZZER*?!BKtpTRtuFL&3 zez!_bn7zTS)%a{Zv+-A3)iV=A2hW2o2hK_C`d_PkIosLRUqradP=?W-)QzX52LBv> zq(6h$t~he_O2)pCSE}4Hh1x}~5k&8TKgXLEoVz!exM?_U3O#aUSZKe+f0+Wy_kFh| z<=nSJJvd7~wh^H)XW>!z*WkL(V_?!Y5ZebnWeJd!YUS<^ppx`-h|<}&w(oIq zoM9$|76wVq`1Qppp(UhjY5jL5k|oSVTJGrlj#tPjp0kLQhNvhWypyL8492n*(+8CT zGSYPEjkz|d=98S&TNNU*|B#xH4F(4~z>D12FWnvv^dYnTN;!w%A{YJ!_^B~2HQ}CP(oC31 zHuZ*wv0G&BQV)W}IQ4l^MKrX3cv zx)bq@mn@<(=iWjSAJuc}Su7UxH3Sc8HH6aO2bS%edc3IWG52jzfg?r>71ZR<3NqcGRu-vKpI(unuOQsW#4hYo5(xS1A;%III)21pJ zi^b-?hR?R6u>4Ln$G2dNwA@Jk?Xn)6-&rTYi7(SOi;ke|jBYVG{z<%Kaq?6xx8PTr zi&fDig8pH5{$$afL~y(Rwl4WS7JQm1z|)P|vNH_lPk&Pc!!&6)#acnPFouB%h1Kv# z5vBgv&$&%}Cg2=C^+QZ?_J~e_SAP=on)^j>Azg#a3)Z!sS~WVvRt@%xHZ|k+YHUm5 zTVBl07lsAwcBy(wY#R;yP#r%T2Br)Hm3~MMkF0vgT=N=!p2D%9r2Q^i)ic}gA8Pjm6(jC$R~T!763?o&`vW zQ+>zrU?!mkaIVt(xS-&OzQcEwk|BLgYh$_?kgdmHqxsD|5NGHP{?AEr_(XMqa}ksvFXiB1T|z56@4+ttv?9B{EFH?Y1su(~oZO%5Z`$ z=Z8z6U3=OnUk(8ni`Z|sQ%4X{@wDCon@ERqBlYR_dlOxA^JH)qsG0HL6$AX2W#gEC zl;@hIXm*piD0OSyc)`JHQAQ5z=Fyp349@sEastaro@$BVdJnVqN|$rDx|>T&w4&zbPMM8%V=wY07xo;Ds)E-K4j& zSga8{C!cgja_YW)qv6~Hi4!G&vt&DAe@~rL19qqcQq|GEpa7YHM=XWDSA_bp1U0|b~CUVle#sC=3p~( z`fWmfsR1?uJi(zZ%Lc5blA~&a*sVJ2x zObgL|Rd_Y5L6*Y!LtEZ_LsDUPQunf6-1eoMiX_IHSiOsG?o#Y^GeqFLo^0IGdNxb( zy=pN!lrbNh!Lg`1*6({M4%NJX=8Cnx3P>IeA2*lgdf%{;Ou6`(csVnbfEJ4-2^jYk zrvb|YL|NR|F5(3Q_`=Njl^GM)dettjrepS6-Ia)pnG&&Dv8UIhRN)bBJ!4l4c;8-O z)G?Z60-EXSqt|-z2eSu@iT4}gmwjPbKh;AYzcC$HjlR5@1ONSx9>_OyLyNs>aj?RT zVMyGM<*cmO>`W&QhKkv94#5TR%$6}3Db$QS|K)AJ7oAXXge=K7ztH%*7!9eS-WTQ%42DgH=g0M} zyGQd6l^tROe++JwWi8V={&2_@!ZQ>E#+0Vk^VmPcJR#~IHvU);*OSuYhvxMG$t~Lb}aH%_=nHBmMl7=FYysXiTV) zYFA|@r*Q%W)dO#4HiWd4=IfEM$hIYHA%M=qL=JaV{2+s_JfWj6?^e!zt&i`!lr~`h zVeFK}1I}0jg0Wqe35vPh$}F~Kqqr~Q{AF{o!B#4vC3#4Ngq6bBd47BEU;api7nV15 z4f*HQseg)tB_F9(dx~x^mk^$4iQX=$HSl{}_B1)SCE}sF>54=IfRM?|lJ;tyc0978 z66yx(pK#J~4vHmUv4(1=sSEq*(Uwob6Z?E~>eSG!k}^Ue0*bH#`y0J}lwVq^LmP z55TU*?%_>JMF3D$P~>P+FUa6E0gj1JUT<8h`;^M*7QfW|1*WUtltGtp$cpqbD$u*C zlfUc{pFtPu?G6vYzPi~1xy(afy$fKFZ`t)d=8HH)rh<8V#6=LsNuckvQWBEL-xXPEkO)WnK) z?%E0ur3v>;m7b5{Xp48o>>hj>Mqo<9hoG?9+cj91=$n&|SeONc4ebxpO#L+a8!8fS z)r(!Cyse(FnC~^~&x=LIn}1%fQQmkL#CkwNQ5zP@ItIoUa2-zfhy~%R2Vj3xz~frP z;U$10q_un>KH&>@%Q$J$Jg9V0n&iR{tooqb&Odt48scD&r2GPHCo*IT{84*nC=m#| z-AYsYZEa4z>9O(ovM1E!_(I;F_R`bT=LN|PFV1(r>G0|%CZ``xAw`v5$7t=G#_q_7mCC^C8r-wtts@2%R4yMDFTjB=@y*73#gXk4H9 z=^w8zp(^`&IgR!y!t2xNO3$hshHBG{d^-O@z$!qLY}UC zpH_mETQIbMQQFQxmom0Asds$NjdPAi3hK^50G}_Q+B)hfkF@!T(~POoRw6NP#isM9 zeA<^dMv(377-_OrEDBsEnLonCqJj)!%PBu1ucMrWx2pmjrr!7AC**%cj?^&jaobdO#((xFKAZhe zj}tnkhKPLG#B{A0Pndb)w$@+b2&e(dkcAfGMgcaeo#+Yc4N-M-Rz{a}DSMw3mF`NN z3ErRUi=!@IKY}8u$uxs)8k!ytA2+FIW0UbI~JW!v4n2cr)8!3X{+1Iv02 z8S7$$O9Cd1vV9yOfeMJo3*vwSSm6QxPCn zRRAvo=EZBTi_sLx`&-X_Bb|?T#XVz*ne*|?HaEP!c-Qp?T4TREn;>cv<-hgPn|GW5 z1v&gkejK&EKp2Li@Hae( zL}3*S<`vIjT!}8{n9p@r-z?$$Ig2->(?fH@ycE5)KK#zyY68!4@}=aI&V8bObE_~; z-5o5C3xh8*7w?DK7-=@LVM8P(obM5tzzuyMc{~bY+;2^kPPy13^p}?bwI59TC}HMY zL2wXfp0|LrMhoFgdpYIr{L+5agGKwJ1rz7wk0lDT@`wcc{7R?vgs40uPYb(?xzNrx zsx!cuta{{zV$hLErutDvzpNLqGUAo~*QKVsW8#vV=sm zr3X*Xx7pP}hf5y{+!uKp=d<2QE;vcOBwe|CPyUsHRCN$Ya@<0K%fz9f?*T&Dd>ZHT z217*XG&JoPRx^fHT2GhUMT>(5C4$pKv!2>uckC>sB<@KiVjOJ7c=T)qQ}ykXi#5A5XBP$h$K}3F3-U{9sVFVHZ>{>S2lTq zM87jC;JZv{&8N9IeLK=AHT2oa?QsxELi4GoObeJ&7g%up$Y=269-@wwCjT&^KUv0v z&1I;faURR`xI|3r8PM`+%$>9CasVQCVq{^oja6vguacn6yi_YXZ1YW4_n0bLF8c z>|`S{QiP5GZWwnBbDDy+*K5;K?ntDxx9PI+x%8&U2!mYjrwAL?(E!P7Q6&iXd1LOu1u<_ z1eboIIrMY}zXb=iJ6Ex$Q-*O$=NiG*P z;2B=aivGwH8bU6eI|=>vgkJWAD@CQOxQSW7Pj{l*9N}CvEwICdboAYIj{x4$+oabI z!mw=~DCp-YZ!5w+1ACKlTNCHZ{n@c0iG6;rHodqynZs9kXK1OI#Sj-Tcs?C{Oy$W7 znc;tGYUPFZPmJfptqMdYuy8js^0T=k@V%8XBC+!eUY~Z~`%!6+Iw#V! zL^N)91kr6|i?$GNK3tK%J@C-j#!TzXST)SFuaNFijo7T3iI=1zZ+L2QAdju66x!3_ zEB{2_lB|L^aE%xe(`Mv``(;2u12q$^O33g-?j20V1gp9}=WG35euJX*A}e(Vr;7U^ zz*xBOL!}5~3RAeIcq;-(2n^;%RK$Mrly{Mzy8|Y^;?L$$-i3BrzeboGhh)`b`*|pN z1cgk;Tk5FXL<;t8ey+JE2E55han$4*;(xFrgxR?t4sChOSJ*#5EH@`OKgieBHmz81 zsjA_s>JMuBN~ve4(dGo>lLOth=FLBar)#=HF%-j6e<+ZDSM1>hbuBRF-?y zsGm*P@k+G+jdj@jL*`6~w_5+?w2-^B|Gl`I4QzQN9klK4`%rYg+&#r+cw8X*{0@}6tlCd zNQuipHe6jkfR_|6J{E^r-)~FD~AE3#nsl)E6~Xz_pzB@ zL4@Z*;>P#H)PP$v1c(zFg6+sXC_@dwap6DZ7%#q8pJdhR9=QLo9i3Fv2|&^FS1(5} zthf8N274w^CFD`MM?RBQQVA)3Kv{E-6JM`t>HIqc4dON%{o*}cM(vv?>g82c%}F-4 z7zPPmpJZ<0pB*%KmPl}PW#+VxhZ3Z1-7o^vxrIqSn@yKz%C28?JVH46KI%yvqt;J- zAKa~u>weux2Tfre*`PeqQJ{(G?sCht5B>mg-AeLi<^4o*m=$U(L*zExCWMEzUc(S) zF_a5R12e5=tQt6|tcXDuO>dS&D~cBJxyH`4;%rC^DTZ5|A={@^=D_Ymjn2|?C88Y8E-Fgr7cIC`%@+WtC zI|cOq_!VP_OU*UY`dd3YLpM5h-tuyg+Wv?Il|^T$x=6^Z0>#6Lf`WB@`t<~|S+?o7 zKGcw@t6@EjEflM}32wk4rgyf`&B;c8oMYbN7DkG&?2$f|$}n*xjyPD|EZBCRt(h ze)v-Xs2u-R;mV zq}RYJbwj)MEIk)ln~=iKPP*PA(!^TLHe{gJ#IU3KTQ?*dBk6TL5_^5Fk^YrWwX-)L z6a`$2MEJB=&=$|2^^=;~C_WWikzcxe5Nxq-%sq^Xzk5Dlb>3CZuxOuD)`vxwg%#8u z*`*!ZU9CxcufoWhcMx&b0E>D4_N>9-@Z;U{*KKE*;t7OxtwTH??AcwWU*rv<$v*YT zk-qfH6#R`m`59dODpKTeTVvZ0E%2e3-6bNE1bvqGqt*AahCV6JVl2YCw%_I62zOb^ zWtxRSL3I5$tB=Gd2m<{lO)-TC+?8)40a=|`#$vKLotVo zf9CXk&WPvnBB!ryc9F&1e(xhT;y8p5cvl)<{ly~in@5~Z-A<9If~&vt$P4&X+MWDG z`7gp`6OpNi^S={TReM*~?)?{`?mZEmn47-{w}VlOB(9N)%9`NA{%h0#??>bB2#i!) zu=pyb_-*x>?^ls}4^k02LOy>HBE++|FN*;mJX^+#-@9g#4G_P_8I|W`A6PkD0yAyU zXN^{?-pSEKa*ZS922-%R1pP}q8UsZ0DY#<)F)uis{1$$Iv%-T}<9{_5=Y0S9O2Gf< z)$#Yc{}$m=3i1Fyl}kt_6S}_1>V0we&nyxz!L+`jww z$^7+ClZnucl|MK6z%~8<*5!Zn2*8E*zvvS2>fhDpZ<76&O~cg(!R;UQnZ=3H;kO9* zYmmTilO~cRg>TJphCdJ3X8*TjY5qyFg;XQKFnELiGL;mr)_(umjQ76lgxlyR{lPM@V|89ZzH&U_wNRP(18E) zX8&aX|Jdb!^avol#{XZJnrEMkTheJ7&2>W5NZZWQXj08*);I(+faGKjsz!73B6IW7 z#Ff`2L|?|j?CoTlCMimIOZQH&=y{*ZTlLra3*42aT@u|iaB4*>X) z)X&%Nn5~X4j*fj*uBC5`53e91OAY6Hr8qHHBiW~Ie7`0-QyIFSohEnFXipWLC<3RF zzCX@N3Qo=_nlg=_dL_4gxar-wUa&iiO1=`kf?Zvw!#`YJ08L+`fu^AdOlu));`DbN z&1W4yjsy43Y@@bDoTXw&&gN=G0B75sEZhv_-DCyd3)m6Xjm;+Eb1LF{H*u0w*Vj5F z-cy1EZ9!2{6aYKf#b(7b@8eVTG~q|h&G`loj(^s2oz7xKDN;z7r2iE5-N&)Mp-sPD zpVSn=P42%aKd_4}EGEr34tz@eQlc`FB6?(fiLY0x?5g8@@q?f{{q}s-4)E4(&vg`I z2A6MlitiL&pD7$qj_8t_?c{f)Xg;89Z*s~c_V_ZXDKs2{N_#2 zSACX@ak1%eD3R3Y`l@dLYhBqel_F~gAUx08GjvYFd6DIVk#=RgJ45ZcRVxurehFH} z=Nmo=q3C(2ap}W(=-lchRL3r+d>9Ob;fptSh3xXJFQJ1bpyCX_&aYQv)1C0XW|2LTJ}|d4)Tt z#UosvM{3RKvFV|P*Ij(5nHPygA_QY`SR0Hy_E(`dI%c)WVsypKNiaRGz+Bl4* z9`%B|X#v;!QBymg3ZK)%E3Df`sKbF%Y&=`?3|`(4Ci0R{!>UoMqp*|d&bDj+OT5!Y zOJ9%1=_mEaY-i@Gm;3f@)uK$-BUljagbNrw_eFx}*9C@~3DJfN)D^EY(U%9v{a|__ z*X>ER9^h<6%A**d#zXIn^-C11^ zW4wpdl{b?qSY6sE+OKz?M^ilIHyy#a+3hzeqX`;rybP{QvGvxwp;NnaCVf5T5O`V9 zKL*qBolN}^=C5RjIwU1g{MA|+W_Zn}BzyNB9ugAL10*dhY*X#<$edS-_mGgZFp!W4 zkv>6*fe6iBCm1jGAjG&9fM?Jp9;J3ysQqQMp-*2My0^omw{`P0nd~ET^c>uqK`7@-Y5` zK$Ltg4wUXI-d@I>XsGNwCoxvCSF=t0S3FVi5FmT?=Pc0>jk@kPTBx{c0_|!$(IXxT z39sSv4zfYC>6zfpwnt74QWr|fNEomu`|h9jALlN}a7Iir2+UqQ7q+5KA_Cr~BuCgR z$MdPK4`bLvl}Fvwvs%6jJjiIKPszXz;Lea~s?P9V<;f45X)tIrJ5NLCdJ&2Zf(3XdP%HlBVdb!ODlKKyS%m7===gJ4_NiC-ReS92 z%w>I+&d0m}=TdfZYaWX!d3sAX$90BWj(&PIR(M@FEZX2W& ziVeC3>XbtE?kTw5Q)qcpT*7?oN|5F*N%8YxXl`^vMvHfR7mn%N zkuLmV#EmsKkOOplpN`JT^_tr?ESqB7q_* zV4)XyTGpdrXdPkut>)6eIjN9zVv}yGwplmL(oD^KGO&`^TMTo_G19tAg{RMpzgj}L z0Au}?bQtvbv3iI6vK9>YthXe!Pu`?puj9v;6Qyxf0qUw3__MKb(D;V}?_FF3xSi6b zbU0rYXek`;EEg|hr$)4a!;x(YJR=Ss0(@$1fn_iHGYTt{irhaeHGh(B|5|s4P~@&h z3NV*Pr53AeS~b^gD~jzK_UvTcwt0Bc@pUR!KSa?WQ%LjGl8%m0Zqf3yp-I|zFF$1{ z8=yUSr{DH|?340J*0GeJE_5SGgHPyZwly|*?WQimA`%|pr;dCnr#IWY0 z4(f|7pPfJQ&nf;4O^Fn(IVn+I)G4@cKkas~ZDM^%@pr#ts;%*HRc#gSb{N=^kl>yN z$=#OC*~P=w%$c=fr{n0}T`errn3djT#Q%z+z5(Rh2blwFw+|u)6@NdN8xnj7r_fHL zO6fz5p&91ACDR)wK|YIdAEu^6e8<0{d5%+ygoNjO5ANXp{pa_t;lU^9lbFF_90~;8 ze>%dy)7_1^8K%E&`5BZ%D7fSA+`8M@D#;?>!Mpn}mujkAEwvHa0)HR>4iXaDzuQ6b zLr#wIgA(61lnNz54v49RlHY!sf|A@(ABZU(AZ7ZWjpZ(oXi*>|AsNACh5H|ky^IkV Mp}QYFgn0OW0M})v+5i9m delta 49583 zcmY&V!%MIhZ(c4 zLw4UYh59(qzZ`{5Fc`YaZ$nr5q~7>4h;r(9DfL(R(x=}hV?4KRN{#WA^0=@SV_KiG zAu|cpD+DlHV^72?5lxtGvKq&YMWvi=(l*EhSCDlX+wYK>M=v=vP#d>=H_?KRMCC1h zV7{C3Zt;eY_RWTc=5?26^#jHiz!dLOA!BPOQQCD?dzekdShkHR{De{x8;bZ3YEksw zNgv80P!paR>OI@?Q!3b&Cr|Wf zg~q#OQXE>pAgW8cE}aM&he$_SE~s`(f|^J(z+AAH=A21Vv>Sy!0@%A10#V!uy91Iul8u}k#{r;i`hU1!s_GqzinwM5YwsAd*p+E;=47=+FWaiN;J2Rx3O9a!BXlvwx4K_aj&c z$A{$C!(&19L$0^s5%Xi~%F)580Y4$~W5>$c+&<*e)We4+3qJe7VQV>*r*Ug9gHw7* zHpdB9XW&#z<5Ndo-$@_vqW`tN*xV|)%3wdi>vaS2tFg112fuA7(dN&G#+9jqeb{FDFo2Bm^n=M9Z+PF)ncEAyA@fq-iQ{EqVXG`ze{0k7hA1ebja#HeAP4yUuRc zs6cR1i8SYF=J|_?OC96mv_F@v-&%IG!kq%fi#En&$wa*|7kdL5yB$;yXLqN&?K~lY z_1GzoH*Q2zyvnrn=U)SNnH2Vm!QJ;Sjc!%b8fi_hnxTBMwW`UeFR+xw?7Z6o2BxdiTY7mRirVjQT>F%bcN z%Mpi)5rRt$#yv)Q*TaR^1U}A3AVT0`F7u>6&d$T)7UKTt{l$IMh4bzavd27;D1J&N zu-f8S(DFNsDMKJYh%~b!Iy3XNabQ>IK52IVerGrHmLElD9J1GW>yit6gXiLYT$=Cg zd%)8&d|=>h(z@nIWiKLqM7En-w`A*+rpY5@qMD1C*tv+$RnRTJaz-1lb6#_D-|=-X z$i$E6e&-^(%x^3da>+Up@VvikC{-*mW)fX-kUckOzSo!@iwdMSj4Gu=R!X4&SP4C{ zf=tSIPAq!j6LkgkCfay*0@sSRsy`fEs5$RwMU-Ab9K>_G+S?dp)0W>^TLI!j()HUBe8mCA-j$+7VOR)-elX8S#7A>wIriS z+*mJUBEYB3yhQ}oT+28x{^tZnj(a$2Ut;EBCTMwD5yh(I3>K@%s)sUD+C?_6ta2*6u9X>#?svNhii)X3u>%#BN*R+ui9 z3oi;=M^JGIDJXuoGsvH@nkuzFB#C?shvVToUe~B~>i%ke} z(#a4D9IEdjbd0NmOdb{Pd&hMW`{~R$il&{$Ut=+8m)7{U8aK;lVNvPsKe#(^7)%YS z0pWuf=32cl9@VN#QMpM!vN2G{WyE5%l80yM;8!M;jQguyE-+0l{P7Z!jPh8nw&2Y# zM;@To9yH&@?Wd_>4$V+YV=kR_f|x{1NK<$&2)apjJ9u$unmc8F)*j4uSg%UC2IZ$} z;=9$+&A8Rmi{%gB`FhU`eYaDXC7Vg~08H)|Wq)`VI2EX++oYMEL9W~yr=BEx{P;;% zoyXUVt-?clciSW!f<&%u)>4+W6tmMpB zokn>jnm%>4bS#Txt(}t)KQ^UF;2F0#Zy;iaxSRHaGmulnE+s_05gLUGi2IRZ3pD#p zwT#t(!N7QlI@U|HLCa}cf1gxatIDXx)$?xS*^7tf>nvqRV!Hf!Q5SDE{lckZ*0eaN z_K2!@KCrF4*3)23#Y|*plzA`RWcZ}3V^pPL)Wz`5Ohhaxc)|7POK+G7BZJ_ubnnG? z<)N=a;Z9+BO&VIZ>RQah=yj!^6M*(g?p*)AdxUOd?%iTK57D#4T)p7aWS2ZZ69o3{F)E2G0ymTHm)R2aI6)2Z@NgnS&bZ4^0)1s7Gc;tJ+T+mZot=s>R>a zr{`5Loq)U?JN(*l$9Pl>5X+prc+PH753Sw_b)}-vCy9-P5pB=K#qU=o7v+CCA%BnD zFV9=eME`ORPCd7BI;9`ood$4gW_x`=2-q+%c9G@!JUs3Ux<1&8tsC#)d5l-n;mUr$htocg>yJ12=wc%|5??-d95vt_G-riv+ z!REp0a7r0P=Osty;!J`4hNW1T|Jlrhv3P?P}WZC=20ccd00A|z#*sh z)ZV!4a4615XDGK7Ng8|lZAb4ir@WY5B>5f&F;KAZN2-;vk9hTHZioci$-Ltvdrd^f z0PurY?yYP<2Di_C=TRs7TsgaoL2jmcO8Y@{GYTF5l^!l)Jxve&E;E#54EJ?xr**oM;b|-Fb@!?U3Kt z5%ww?_;!+|*=2#%S^%xqKi<7{ffBVj{330WRvJ)Pif4~X{OBL+g7haeFJ&%(-AM4k z!?3Ww0%FOD)qA2K8E?U2*#>_;F@tI%1x|Udub@;BttyHj*k6e4hJumywRE^Sbivx# zLw@>}vSn!=2@1AB=DqJO;>6iaDG}1}rLT%ZD||nf z#$so`Y)K2*KA6>H%yI_kUsjhpOOM-mtNn*nf|^Veq&2IKlCaT3to&s@4XV;o364C= zy9ZPDI%tj^s4i!<`G62N0*pKJ4@FI?2ML)EhL_v@TA#T>2g}<-!{0dG+Wjf!sulZGT5xMerCOmOgrNH1Cw6Z8upPg@wd zdFl&Cp8bMDQE_j;{PEC0TFC`5F}Qfl^aS_X?BpxQ$sIM?^mXDiNh56pc_#6mFJ>Kn z4Vn?PlV99SP_FlvGaQ#qj_Lr_p|_-j+>BP;+rbWLjf>iZ7^e=gfbPAi?p0_V8S|2( z*9GN;>-+~FW;U34M_-`<*@e$zGSz05m&ZKR?#p#gnR;kjD3iYZyuxk6C8O>^8q!89 zrMMaSdA+j8Pn!)SA3Io(4&pY>X%f0;Jjt|s^~E?jf7EK3w{pv-wE>qpOl}}TyJn8P z065zjr|+8raIc(wp-5lVoo9V2!is1nB6i+we;g?lOdzVgm^~8uxLEbL z!s%Ofs8kl0j+!q9%nHk~4hEVR-p*tu&4r;3NfR((E@ZFEoBvQT*cqD*Xa6h)(ZtDC zHwHZoJWX>NPKNej?P6uFobIn@w==1$Cb)9(E|fRG;_4BTal|B;eO9)_|C1H$$6wHf ziPk8JFwA=|2_-FKlw+J$D!qjAWl96`i7-aq3S@W#PDr;Oy#iYih4!h2oV_Hgp3=({6^0a2aN+D@u>zQLuO2KHmQ4sSgLV z-+q=X$OK{tq>K23@X6P`PfWYmWCkw+BU^@S}KohcaJNL7@>c-r&@$-f0 zO5Mf$QuQi0c(YXKsr~Qm4+pOPZ7nZf%tFn`C#S2wSo@WRvoqqzPp;dgM9KNRgnheM zFEm@nz55guW*sBNxsHE;KHfltzWq_yn7(ovn2F5QOKm%C`+MwfNia~8I$w_jx5_9l z3Jhd|)ernOi;3el(qQOYfd_Rlxtu+psE{9-joKdF!5_Y;&9VCCEhZGBBUhA=- zHfy4x_})v+gHHu3z0BbK=8&_25ILycX%(16NTm2e%Kv@L2TdBcNC+$FO5}ysDIy-L zXga8Rxz^6=dOx%zZasamy<6~<%Z!SAgq-T)L*KJ)!1Y<}?%EU`dT49z8$tSwO8f4T z+ewDF5j*Na6t@1SqlD}|Dzgg!(LY!>;MuW~L7qLp_cz}q@B>=;V7$LHljGsHmr7Ho zw5j}P-hym3Px_TR4?Qy|;K||HRzCkQkG#WaMh8Y)F1ZoA0Bh+drDkXP0jGv$QQVMu ztaP13HxvnSb_d%OEZFZbU#=J0inS?{m(8u*ynP&sR_MgET(-Gr94Ix_kMH+t!59S- zX>a-2b|PH0p3V-Q{E=T7g6K~k`<_sVq)m)aF+$%=S)gT$^aiH~h@kqHA5&*&{C7rW zSk_`ctRDoi!lFDh-Pbd5W_Hd@Si19lYkI&0ji-;oB5gVb_IDAYrsNiKY;i2{{?52b z7hPXu7;RxVaDGD~%aY;$o@=(84}Yc@dgvQL1w4U;!q2Y1_mA*8Su41OQO&Rf*~4)I zuBG^#3>r#$i{0@@T>1y`%`go@WoCjub|xLSFoc!`qwk2*o|7|CRi#2v!c)-8Zlv88 zef;mte|GkOn3q_TJE!});&ShExB*;bjg73#WwfRuL#)uSu7QjWv{$^@N0qF_J@#LZ zG?24}OwPO3nD?c(mjutGr?t{cbCet8OKCAdF;N2IJnzep4d*NrX$y_PuC_1}nn>06 zpLTw{nw2qRWwBdpbHgYv*0*wBG9*sSJBB1S6Nj{okSCZ)u_IZITs3hMVghmh1A>QY zW`sCbME8@=+RRiR+ClFEzr{1Cm#!wZ=-4X73g&Hi_$gR1yF5YJEZe?+@#3j+dOXQa zMupL0w5r^@tUY(jqU6sxft<-{qJFK`@eMMg6eQX>sigO_|O6^FrQtk%aici3+eN}wX6re z$p(kJ?R3QN7?}bl5*;*7SAi0x;KixY%4=pb0?3D;Ho2mYU)LVTF?H$)7c%I8o@e!AoGBP%pyWWmZ`@}!o3YLLUmf>GzfyR>n z7+PQuU7P)I->w?zTN!cS&GsJ|?dbta2DDHIs0Kpe-hT|E`EsKnFv&U#vNhwTZZkp- zH(G>X(*`F~niS`+Lj0&%o{?N2q%R9^8Rt8K~;h?;n3C|62IUcP$dhm+bOJm0C1=y4rg8 zu!ip&V_{L-beLT%3S-SU-rC$kPKu|htiF@&O;^O(ppQ>D^mEE;b)o^RLxpeML!mOq z6_PJ4_C}wEILMhiM)E87HZ}N2rDXtuS=>J+q8woyrw`f5t6zwS1Q=k`O?SEPmtxF+ zL-J8fy7pKp)nxk~XQH5T-V$r2>e1T+N#m%ex!;RFF2WSe`du|yL?=_ik+INQEs

G z%>R$2X=3RN;RUYIp|JJ>Q09WNUp_Esuu` z!>)W{ifYP2!Z=%r33kbs4!;}-1~n1Y{}>>Cy=Al?C@8vd+p4Tvb7MxO5l6=XV{)C5 z=ad%TNxYu@#Edd)cpP6MCEFlFMtg{&uk+9y96wxqQ)0Y&X#bOVUs5!b zwN1Kd<&s7(LQlj=Hi>)sq;S>-6+tkS5x|(s8r)(#7+G%fgCb@K8gw)op4Zn4?AWRG zir{|VE5r{z1EkD6s2^2dsJ$mNj{gW!K6srF4CvGIWcCMNvJm^i7*h_ikjX#9Rpg!X7VESP|0SIih@XR-`kMMLp^3mKpiNH3#c zPHs1{6P0oKWbs9@8?3--M7>IqIdm2Q6@fkVM1WB^*4KO{xycjyz%v3&-*K^q@IE~~ zZvezhdc?NfQ4fI)TW$^1!EZ;YyvZ(=CDqjC6)w zV9&0ei~bk=e;e;QD@@>MHB^X``h7HNLAQ zUAI3<2ksxH6~nc?)$hUFrO+_0n3GCfD?Qp1Q#9^rIm=Jhf#kB5)L$t^c|&tv_;sRu zdT2^KodHhqbR^r6vi=vfO&ZZEdN-lg(zNQf6e*~=R>_7q`LlPy&eKb}x-8jsZP9kl znb*QBy?c?vP;hSj5{5`tk~06KUN^GP#WwcXy1!>`#?0co^BCz3;S*NoQqyEwtU$siB=hsjCk=|NzN z=dFYG^1k?5>7Xc}Wv!|}AFJuk@?D1C0peg%?uKWDkc}}5wtF0`D0550Xg)~FX%&wh zifq+Qi|a@C~USnAlb0P#ST{ZyxhO(IcnGFAd%jIL^Zg-l*r6wXSNhH?Km1x&ZN zLu9*XT)d=TPh@?eMlGOA`(|=}+f>B1+_90B-JsQN@x-Ct^dSB8O{qnWx;oNIq4Jdd=`>;2J{)B$B-iH zr?92Jto8~@l| zg62jEB*~DHY_&s_cxxQ2a1@*=o<>tfd547FX*FQG{cwMF8g5$_K6p1=YdUu(0;Mh#J1F9Af_BejVTZ zHq*sV5eP8t%*Ybd*rv8Hq7kT`yO@?4Jo1C9pJE~I(@0|1KU3v<-yWrHmu6$%Td9`` z>2tw>HMMjMs!1df0|)K+MX0ruqz#y>*dI3@nW1V_XyE4Un5= zYP9F>hz^cb5lf1axBk!ZP!T!nZMu_Z`GK#RzPmIJYV?wU=8Ex^;7-OiEEjm#q(xf4 zc9j}hrKYGGCRJo%2Ee~ofG=(b;?-}*^a)PA&oXeDW{ML-vz;zkC@wJFRbvla@&0mP zeKQKV>3zn0q}zs=J<_rdXc(z+ubS=*(Y5qL}(iHgbvRigpD zCrCHyPwgJN{?T;0pdxC!R&|&3UjD8kHh?lzYeU>)t66?n_D%F3Bp&*e`$zOoY*Vpq zbEB_cojKE5U}J~8E7s$RyF2)Va$!Z0MW;r3I}`jtbTN1N)SMIxJ^XqIpL6$<_GUKf z<3OH+S_VsgHF$mMGnZ$|b1X4eP>U-ZJWkz$s=Fyc+t-8Let*1)dbGC2?BLe@z~3yt zOvQ=c7@}95?P}sI66r9@%cg?0=zWjIEvyW(CncU>bKuMs{~_!pJZm8Q*XQ=WfQlT?+r z<36d0@88XAI-7P(7l&te85p_nuPCb|N1#+9f5%+UI^}ebk9cOBtJE4@`tCvCwz7jk z?01IZOpIQ{O8HzUB~Jjas%EFMQ!!%BXHWr9HMP)eca!$uPX_DlI@}=C8Rz3r^aQk8 zxpvDiBj!|M43;y43sRSws=IjS9h>J(BijT|s9XF1CN!7KhY7^ZTduPiT<&oIcAijV zQkt3*;-O~GhOvv48Hs&`oVA8Ua)&q#NY6+Yy_Y^QaF;*1?(;?VzHoTg7wHlg6VR8% z4S{?qAW;=^(>s8w;(T8p1aa^W8XY9T4>EksUYy!k*zdA+o5V_30$~(gr1y>}NZ>vI z#M?7$0#yEetUom{^S`1)b9Uj%J7u@1ZYx`|8mT2wEuPvN74+xc>G16iAG<6;sNbl;!q&m8pu1{(seBqXsP zE#$J3DglRAF#-B}rA`SN2o(80$&AAo6Lf;dyvj5OC-%)ef|-4y=mVvi!Y1Aiyzfz! z$v+Co+=Oe0e;rX+O{1it_KY*5qF+>{V)3z9d07UEy$1}-aS$F!89~Rciswx;Vy+3d5rI8`@5dZBh z{1}j&i-m<5|Bq+oup-3YAbvVb3=7Q`sVNMX|0p1;&dURtq?OU^E-YaNb~$G?2H@6O zh$(qg!$w@})+_{(b3SHbsT@uT<6y#5MJY5uX#N=7V|gQjE%*X2ZmK`%8FyqQM72%+ zm{3}^*r)`?K>cyRHm32TxHv6mVebx4GtclX@euyMZb|~b58o5!=z17ya3V`PTGD(Z zFnfYIIT-h693L6U=m-EUzigh1Y2{uzkr!0G%9ex>_~X+t>%(ut(b|5YRIJBWkLSac zteF1tW$JH;3Tv&;*F6p77}Vm1#qFH2(;x>4NGp{*sY2ZQO^f+l)mIH-6y>`H%%#_6 zyfV6cCHdX#)|!3J%{MXG?M-*|)Vv&fRkY@!lDms%4a%7;Gy~T0CiXxwAj}xb@57Pq z>>)B+E#bkT;L6OT7guZ}ApD4b(x^Qq{xP2PGE*YYTbz^G*v~e1jaS0^{24!uqAd-% zKC@ODU|R1}LG&dmFm9l;;2He=zs=$F>x`Pn)uXV+HBG9kn(4(c$jaZXj{i+3m&wXDHvBIAqbCp86vmiZvcJ>Yg^lZkQrR8Egh#TL1aK z-~Xzh0vu;j>tpS{vCqaF%p8{LkZO>6NP@0s>#IkIBb{mJ)(wN?(9CLhJArv$YFp2b zL`)UG{lGM@(=<;!-i?VITFw-nEnsMyvzfLV9wRUjgzTo3u*0i54zSq@C_<3gZ| z*1xLs^_F{8wbUAnyChjE=ng|U?Ou=(lE8fqHEPhNH)BL=8t|SYITGlCw;Y1}Tz4(D zWe3;*Z(030m*9LgSZLN0Fbx=kg~P;mrrvNC~dE1YZu>O5DM7;e-# z>d$w5 z35SU20nm1wZ&Q%FF|%!z)GD~r?>*rxps1c;&>`Z7bOCV>W%jq$ z>u+;RKMrD_=kh5rDCZA^867gQ{LKN>4aZZ!;dK&KLANU8v8iXgK!q&>RMqls&IQk# zM3#W+y{4?20%KP7g6Ahr+V?uYqsV8jVheT-y4CN*?)RyF$SV~)4?QtCUF{V#FD(my zX%d+iTV#1I*0`lXftNrrEji^F+$nb3Zp_A1C0F|Wpbp253aYjCd1OXsSh$f zj&I$8Xx^Irc3%vQWh7tO^Iqq)wBC;ZI;sjLzP0G%!>Fp@5d1&b*vIRGe;gl$PsL}K ziwZ%qN9b>OY>^24@^Tb%gsregN{$e0pq{{_)jL1ruTNlK)`y(W(Qt&kp_cS1Tlg$^ zyMWlXWgn9ctwf+Bo<+bNu4;f&d1;gz5Bh9P;V;H=25Z`j3w+%2POX3|}$! z3B(bLdoV~Hf-PF$L!2{T;X{s6`E_;rgk=n7{x^-s&6PHIZIUri`)1z9%zl>3kTbA} zP!7#U>S&>K+jQLt_4-{C4uyL_1_;_J zS>O_7n#yTTZPR}C=31(@)5iL~)ouiBgd?U>u-%|TE7D~+eZA53)07$ajrkZL!3--y zux3puoT79?KaBA3!pa)@^1Uthp*jM>Xm6$}W2+P5Z$yGYiSZ`} zQr=j}i~9-8h57hShC+tk<@|5t;)ok?_b?uDmx9k8_AT3&tMWszn^&?=li(PbJ1%3B zu;NyW{j7MB<9hCT*s|RF8qP~tZLqGDR!r;qoj!v5GJBYZX6G@S2U18X9|fE+7`#|; z!xvD|b-@=$ zvWcdIXo0e$G-~g;C9zagbtVW9b=ccQ1CRZ{4DY*bwz1$Vu`x0pJTNjhQ!*C{7CQJZ zqG-4Qz~Ea*2mgfB2R=4Fqi@3C*+Iaqqi z&;H}5GWW@6Vfm(^>vf`Brj$0h(O(1M-~jn^u?5o$uae!R@y&}xTYZ*t`5PBsWW^i$ zV=+bcvWufTH+2riJL|Ldz%w84fHjIsAXXuHS&Xsiu~h!hbC|4xkLgBJS3hOmZ7)E7 zD#keRTu@mcoqs(=#o?v7R`@wA%CGLNxhCjbBvp7XNfhL+7=t=qdij+Z6%E57`TQid#i#%OLG7rOz?0vUT93rj@+=EdHga)LT z*Vm~{XX&PCIaSu-!d-KT6eE22u8`JW^tpZqgR01_SZGKb@& zzC~zLs!7Gjebi8Y#?!m+z<49=MW51u1L;VDAFu5Dz-kt9I|B=Ww~0fek_2rR@rNO~ zl34Iim{e~sTUXj7d6?Yxk#8k~zg5VzMv?mkv`OxVW#X&m_Nl%EG>meiWyLXBYeT^d zCBnXHn_kW{$)ZcP@?Xf<-gCki5={;`+V0rUq(H=7Nc=Zxd;m6hLNAaqQZG0-+*SCI z`d#VFvUviQkRZr=?wdY$yAfM``26{J_Nbpt%Z+Ul9BZN@<2hZPBE=pG-ks+2V^Xcm z!nU-cUstugb&K4F;&IUL6U4CvN|TCI^`jN|>#>AOYBT;3&ksa-o_>gV`)Gnk`9VTd zzht!I5tQc5A=v;8p&N98s22K9kTIg|NUo500!n6UvaB{dLvk)oTVdkOslzxvr4}%j zBZ^Znc;D`~Zt`#LznRn9(_ZLS@a0;+jQxI3_|BI_9lB&L9cqq)K`rAeFLNVh^oh>Q z6Y90l=iP&`<9!2okgMI7{K*NPq;UPW-uzoh)nU=8ec;6oDu>b&Xe1}uhT;X%O`kG3WHRtM zCR~Qy_9Rxckd#H=MqF{wRJEzCM5xlL8+l|Xly;e~C<=FgK1}LrowX18|4GA0l4y&* zzNgPY3^l)GNa3!jGrka{*X9^n;sEHNnmR-%zN+sU6o?9K@25@PF?^U&)Mjc5fF-_cq)3|D{Q zNG%h;0%_pkb2_Wdu=3IU_QyIkOk!#aR*A_BA;fM7(a%$1QUm?AYi?J_t zC{4Xlw|ud9LR{;agdJ`F;XhmMr=w0`c%@%>Y8e|Q5NfJ9I5vG|lyOLq(cgYaQHvLB zh;h=nCX5kBh78<~0+10xDJ+`0JjztR(Tu|BNI*L;DI&jjjpZ!v1HCk+Egnw7r{?ny zyIL+y2?<=xiI;gvE4yhxN&H+{5x>&!RsJ<+N#nrynNT{wiGW^4!1?$4=9Ak3VheFmJYykmL>}(6xWLG zXHjo}6*lsL6{UQqlZF+ofOmi6T||E8LxCz+S(5(x37*)hXMA0;IaJ}y=!_-4Y%Kk| z9k(Pi@?`RC``>6$Ke0o!W#KQ$6HMC^&9lo>JO1n;vd2+N{oO;f%C)@c^kGx_#V*!j zzp<0A?JbS8L-Jp%#G@>HFy?cZF?~l*+g=E z$pSUA=5R1+xbz8&nPMHC-ZoP|aVTauLenUelOzFnPhO5B0$(Idz7d0~T+dj^Pki&+ z`r~zBrzK|$K52bp3o>Y5Y3ZW??DJMoe)Kkv_K(a25fP{VWeO8&uJ8rWDg3I44JX#} zGpj!i;>&chXqovF{IbiFdXWU|lro0cn72sFfK3)&3oD$P|OnlJum~+eF%JyZQ z_+ufi44c{H-XDKn=E<>`GdomZyBx#jfs zld#Z1%aJKB{)WNlD2u&5*ko#7IBGeQJ) zEpe_hef;VAV=e`R$smao8>id}ibj!5QIo~7KDRksdjaW0=wSPTmnkOW zG-}6ur;IRE`I+rsO-WTHCcu^JDw)h_r|6S2`%li%mCT;?^<7FYeIMu=v1m+Q`>qbC z2e)}|t(1Ir>JFy0HIIxB7Bv_awSBY-zqEpV%@WOqk@D@j**9mLT2o~uNnY@8^_xb! zZJx>OCw~?@LZ@0`NGWh&Zy7P*bMTsjQ9<{No8C+z9c=NM8@s1(@q>rXZ)!dysIh5icG&yJ(L` z0_)TCfsj1T_vN21@tPSRQD87ik0?IOGNq~&EsVmXCy+(?3s-khTJb&8&d96|QF};w zDtdfDT-zUW_O-0lLym={OU8i_aIEyE_b zb;4>V{?^~6yirjt;!GtN!LI_}Pg>1!wBIH;P#R2~9P`D+FQN;z;+BO6fNDz_cJn;N zAZyd|RZKm<)?#WI$@23lz}IOBZ<$viszzI59QlK4|8KX;7PFQRKWS)?)!cFpWD>Xu zIKZ-=0>eZkv>)ioKDF$(#_GYMgZ)w_*4ijxyGfSotxr=?36a=0S9h&H@BRz99eHL3kwwQU11-SF|< z2L{{L-m?BSH3kpIiA}xYrOZNGfh5q?N-TD$?mM;(3H2|l4R~*#tWz$epR<@X-;fk8 zHtu0n2_Hm8m;>*BHk3M;bx)-0aV}IBANf$4#a80})UIQI>)L{W`TbzD33Vindjb$2 zDu8*J=sroF?kKwqm^x;5RL)l;0+kt6zr3Z|TN%r=js9kC2_h67c- zs}r~QpF{sGgcIjVFP=$KmKEveeo2yE)Iq&nc^}K9Q5=4^UJDeV2FgNWBf%)cJ{U`K z71Zj*8-+?$@PfE(E{G{ay9ehP4u<(#@l!eEe->Irn7>HSLu=lh*{b^FRJ|b?{=_^x z;#6+|ayGnku$|a!QQBg!6Ms;CeNT^m8)lXz!~cYzL_ZZvTXzcfUo+(@2#Ec!j5Pj2 zPq(KVLV&Vpq{f1+%9QO5iFs+Ux}Zpv z#7j{k|EC+B?G4MZOUSaYE5%=;7R5)s`O?KX{D7T?b$(N(X$%qz+;gRSS)wH7Pmbr5 zLUzSK$G6Rxb*#_yOVK7}*fWaz(=D&m1TUYz|M1{_36rY1zBMknl#}KWpP_J@pfew@ zW0cEfl*%;`esg&_X+Ha7;HF9*}(lR9{#dszM6E=sq#guhuj-p38?`KyQl zb5$zbZ=NCiBv3Qoz4|bt@3N~cjb_~klDyHO`lCE2wGI53a{ET|$lG6`(XVb8FiTDEFb8HYXzu_)1q+WTLN6fnNmJ-; zl(U4fdgUj@Bde|UkQ$4F&-XibDk$55pg5am`n%8LrXZX*3ic6cI|Z)ey~4dx!SRh| z+M{i+OMNI+LC}{~s~|nlO$kGaa-Yw$`N+@{_h*?D5889qe(IS}a^n`GlN!?NDZL72 z&`sF?WL*Hu9P@@?74DIvj!)4jJmPb*KK1Rs$iNibP`P>$d`k`cT4yigaI4QuHoBCmCXy>gV**>b0rAV6C9+C~j0;9q($^OP)TpT#-30aG@^ z;GFKCVO@b#u_{J?a)X2J>j#K9^3CsByHbR+oz>kgW7r z$>%c)+Ikz9;7kMY4Gz4Q|NW^fEbLy^RI!0a#KIX}u+d z)@4{@1>L*qHG3s4Wm}v-?-8}zhj+W?5*W4QyCO9kai_Q?n&>J%g2g9u?R5Pt`bA{A zS_GsLQZKL^D+Z^injQu~n3*Zy_#yO}s$;+LHT{U8P(0WHDR?~0>`v368{v~4OsFMn zjuNFM2qp2w;ZP#WszXo!C)H?+&C{X76KrnzqY&vL;)ZQ%+jtewT2(Gb{C*L>^WC(?6(}c&-};VkdhBjW{WT zzx_v4?R;UMxt7{5gdHsVDk5!~-FI>YM7tKvc!d$^7B2^o9R}o>*Anl;27DfLig0#5 zVt(&LVcmdsl+T%|gF7{B$`l9KUDfOkhT$Z<{>gHMk)mF?1ljFxF-x)L{!)3UJGPN9 zTi&rniE6-z(Z6as_BM)&k4vvt$Hw%8z}nwR=g&*f9?U};U|GnI#;q@r?#{m$2`tP0 z2zPTFiL(Y*_AJCoE2zxd>M6W?Cp7R0H7`t|0Wni5B^)Pr3>e8RIp47DmnhO!+jyn6 zakVT?;3}f2HNMi*cBK(_07<`T=F#Ak8p$v4ThrTQdRu4*&G7Is%+)!Rfe+g{*&-sw z|N0sBT;Yv9Nz$sfAWq;$64S7|q*{8`?(uW*%T1^0X>Me8KX7kZYy_QYrWD`&Kwm*X zGS&rxDU2koC@AXYJ^?cb9@+vfeeaN!A#Mon`dU8Mh%^2sOt$j_#!`g{jf@c@vqmQ? zRdUoCh~yKoJ0IL?3KRn$!%L=3yZ^wlzQ|q147|Dwt@`ZpLKwk71y30*c;pyfn__m> z+x!CbZs^vrDx7VcT-i6x-Tokk`-;_A8%Q9UWcPvC(n%K;G5SYX)N+N__aw6_|70Ux zWZ+~Xsn?<_(tzz#x|xvZ7O2AmWEY zc7JfL7q3STAeS;ChJp+b=NzDtUi`g)9g~t5`Owh>CiPA zNvw;5?v5VQX8zS3`JTRt>++Jo8%LR(-8=oH4kaY!>?UCaD$~<*{AB|x0XldCs%Y?Q zB-4*{iC`LHtqh1VTYc~$giH1546wzLB_w}NBmjTc9o?HOg73m>q8@qSSJlbWst(X6${EstC zU{KWRE$+dHwUtD9(S7J)chO=Y7X4^4PC``LnE#KaYYxlvZNsg$rB%zewY03|TDEQ5 zc(S==+irPj*|xoG>wD|l@BjNa-s`z=p67MlcvY1)45Ze~e*O@lp#6{QNX=1bah8M8 zSZYh6Im>h~Be@M{AADxA{q^Y9^K-piKDP$U!}mRo?F5a9U{max+r3YS>CdDCwO&nF zmy%n{axX1h&9-lvZ92$F4&1wlK6w4L)ljQ>Z&M2 z3V7cS{|(Gr;IX5KoHnr$L4Z!@s4`i#i(7{Y^>wfLBuz)@dv!j=)!nmxYy)!|&Qb1} z!3G+rD6}P);5jKtI=1V@fZbJ1`&RQN)9^nvAnA;~Ht#)70vL&X`_nEKjD8m`7%tp( zO?g%0uO^nC<{U2T^4|>Gc~bV&!h_faq`JDT%-EE6)Xf?Yjs?)!*ilJ$q@G6)G8Xvz zVa5wbik)jQYdE?3?lLn~6;M0Du2r#iUv7K%wcyFY;`~Z&(x&I6Wa(NIGQ-REKCa0z zU{(tOX-U1x0(BWG;2(k&2~B^n2H>2SrcZAGUs^XRY`@8mmK=mog_O?1qhx}%Ukv&5 z&uRP($ljgt^YD9vYrUs(L8Msk{=-(&Nit;y2{ZQJ&cYGKhp`@3a1+TRttoh7N2&y* zuV#e26N+33^03mq5(aUWCFNniUY5TDxpD|w946YS-$E9I=B(B)@maPrM0zC1cP&x- z=~FZ`L&Zkbh`ro8_*69~H9OJxH~LFoIk`1?y8Fs#_~oQ}h6_3PpGW_-$o!`yNISEdT|VXmy9KIMn+T%I=l2PIaB+UkMG_u5cKGe({oTAOZ6=g+ zURC1-^CB^b(BG<=*v;3JK6B3DxAUCb^)}C&;%93a%9Kw#v{eelxG>I!f+(zFN3B9O ziCW6*sx=eCP+oSBh@}!Jio|Z99K@{ZOhgEIWFv#FVFd4&C1Cx&Gv`*sH?Qy?wln9< zP2CDx6c;Ur$uW_ApoQuUWXXwNr`TOKo7tI1M~!$O#+Gz|7{*n6R;3i|+cAK9Y2&1Z zo+z)~SA-yykW7dy?lEXb0U@6@LLwFw7V)%HE!DZi9I%(m(aQjno*ge_0VZ8Wft2(U zDp!gqnk%GhsJTb)9w|2WbZ=5FX zz{6#N!s6HIK+;#%JsHo5QY;>om1m7S<`&#@CzgybW za#o9IZY+?qSNr}Tl0-W(>Xp0Mm_C%TXTif^W|o=&FWH-Gd*Y5@dZaJxk?c_bA>`R~ z;(i`3@7s$c1lwoPu_6>ZFgMZ_)}zosxz^lrP8@5j@@sl`JWA5ciqob*iq&=d<+kUM z*h2L5>X)O_^A6oH<^O-x|FQj?B~&@Wx~n94p@qUapQiL6v@A+uHjEH*OKM++mhCGc z(gAT90oDGb0qSBfv5=2523v^DcO0AKZ><=3{TL;mp*0$0akNJOCBIJmJBO-pmIdy`I)`gK9a>mA^`nNsOenXG8 zfy~p7U`3lO?00w_4B+(_m4|h9G9a1}1P@GXBCpn9e_)~0(-DDA2v zQ)-hKG^>cq-jxV;54G5`yTu!c9AeDTp)mtgyFSv-NP1$a$_h^q1o|V?iI}YAlfaoG z$*tBU77UAFzOMTBXh4>%4hRS7K{%*Um#7eMedejp@qD9eWLcGz&uiR?Kdq^DxF>8` z1L66Xq|lF~Zlm(Cu*Yn9@CUm3#U_&{(IG~jhUCiT;QUWYWzewJ!;yahp!6syhIoP! zgF|V|jteZooH9o??4<|=jjXEP2{}HoISM4i$ZVz5Km>J7ZNFq!p;n`SqtSBX=TK1n zGYdULmcq<~7-bsN!IOOIb*?_;9pIV=ol5EjH*#^`kfr*n_0vb`i`ArnB8dpwX;6l; zWR>y?c3ro&WSR+3)vs(+I};W_DMq&y5kq~2O+^-VZK!!U=;z@bLY|mwRBIKf=F%;2 zF3dB>z9ET#*Nd4>v zjS`ooA6Mgs-JvpFtVgpR9YhMYwh;08r-f?bg`M{VD5)uq7**jd6Hw8o>}=jG&keX( z7IJ~~XTcuC@u)_URrcqv>o1s6YsDL2S3o~_)v7>zEA7c*l1f5_b~*1ffa6$f7gsS# zOnsEbHH*6R%S1A9bNENIkd9D`=<~Qd?VAWHCL*Jz|{Ng&|zmV#h?8K496oNKO&`WU5?%xo*>%}Uc%T1;Exv4Q#gdD zpp`-6PP@>Ar+FjAH}OPqgX7h^)(HTQG&KT?a6f3qX0q_UE-7Q6aP>%1mzieL=gjG! z)h<$mXX)1bNjx>Yl3D8>{CLrGztm_EBB5vWm(L$4;U*N;N_rxEd!8DH< z?otWb^uGfg_Lf@g&P(FRAP3WOb9!#JN7fHslQ* z^&5}Bo5FdOZ(Czsc$ZFafc6+wBN;a153h%_!#T8# zq*p+B_DDgNW{~ z1YBJINuz^Dt_GRlM7>iovNi~IUp6*vq zHXa(v{_V*U$@WLE;v)A;QsgCXJsNAj*`Pr9HJ|bk?&b>ogPrZX@nXBVIHo+W-M-%cHxr`7?g$ zLr!7I_$2Hyz<3n;z@(gSy#JgA{Dgddv`9}r=f*Y=Jx|>_K)-QE0p6^-cISohrHK+v z76EIYNF;%_7hS8Fy8c5^r%$`cV$!gBBKsbVwd_|uUmLzqM`*=z{;GC=2MEPvf&&1> zVT(>&7iDx+c^U|XcY#Q7^HicWlf|MC&1rCWCIH&6i`rwQ{h(^!;U9WQAF<^!D@)Ii z&Padu|Dt)THbz<)W~=r3n2Q{@j@x}M3wL{mY9FMkGU&9<%ABufOVK1sI*7eddPqWE z-*C{Hr=G|)Lx?1h3LPF{Qe(6+S1lX_-)s#11e0?xx*b-I^7 zcg%vECHdQ5Xd}}oJ09Q{`i+GvIcj%iinQ_hrZZROhI4*8^WAJr8XrW4+qsS%dIF?7 zM{DRkC=F8lIn}*N?l{5fK3UIaQB5SDo>p=EMfa{a+e+GM?^#!vdLxAp^AHq=_qWa) z^HTgotTxaj(Y}we-fiaF|6kJeif;svn`;UWN;W`ok!}qR2G(azf7Y6t^Kn6^af{?U z?JwBe)oItxP%M}ZDJXQ#mbjJq5>XUQSw-BzR-Ue$r>%52fw0X4IFo#eQyGnn+zB>Z zu^Bo>o4*>BX&>S_^N8K1+rJ!Z6QZ+Kg(icLx7pU~2c&F#PnV;I@NWtSu^%Fc{lvZ3 zD#rjl@8pHSQ{aQ04{}N2D;93);Z&KehN>_#Tf~FPh5#MC@M=;tueseWGIKy^ajV^_ zbpOjT0hRYf9vMJa*zN#Q^~U8Aqj})f)coyWwf8Q+gbyG}pbl+(6sosC7YhG6N+?Fy zk79IT(m974Zp=+CNJQbw)`DHB**P)-O9!MML=@usr$s~G$ttECKpp-hOxM4FA_=ts z@82c3!Lj%`E)Ek}n4M2*rDiG#A%+=LxKPipAPJX3+C2s)3R61tt+mdVH%#V1`B8bB z-aA{ppy-GESy=~x(CLX@%BLYPeCL|{PzH%PivE4+l)v2{$(1CP?f5M6K_AQu*c&$W zs|57o6Fq)b%n}-xnNy#&NaN#=qF!?4DO~Q!Qhbdm#it+5?68lqTQs%7=nt`iG~!}7 z{;m3|jRH&tL%sqa$NisE8G86iuFEnN@ZV zjUeZ`=$w}E9APm|J{~)8J>|7PY3_F0$}R?nEyQQ!BWA_QZZH`Aq=2K$O6u(Nj^3f1 zK5?zF)j(mUeS<@X72AeFPil>+smjI+EUdB8u@yM^z+Vr*8Wz%5Y9~8gKi-t>)y$v* zg%LS^k@6JBpKWqy3)X&qD}p^~77;+t17dD{Jmv{x4ek3IA6J;S$Wog7ja-Ked&0C=wC^6MyR@_w+NL3Od zM&>4afoXUE`N&0uoS+~K2SY_8PkbiV)7|zEyp&s#6i$8tZ7fHt&Q{>GtWi*#z4Ft| zP?QChJ0Y~*{%5*y4J3DXV%zv;zO}~4g#G%ZOYCD7rr2tiaEU5BT!6czo zuEwEg>d#+ZC{ltPq8=+Wo)zuqOWc#EG61)j!r}oLxCZL4LPCDr;PBpVDsItJFj0rF zajP%<%i|rWSKUU8OJ>qR>awpAV|q%sf^shJnVL+-W(JiRBr%%&H*aOF?hwT`xV*pT zVTz?v5ZhYJD@Cgpr4al2)|CI395Ovs<=15@%An-nONtFt`V=y9AqLcF=Fo4`P%d0n zaLwKC1ZAvvx%;k6OJP$Xp@4=dOpT~6h13GoTe(bfwaJ$++Y%&PI+${q7B)qmc}YX# z3zO_>uK=)Ya8BCq7&XE9`287`-?y`-&~!YxvN@J1Xd&d}2Z1!>MjoFi5^pxic}+CJ zI1LZWq`VCa{AhMQ@c*hJ#DpAOsP{DnRaHROSUdLmJM7vBsgLM+1D}_LCJluC(5b`v zx~9^4Qt2`m?$|;%S7Q0+)a1i<1@TOdt4^ggGCnoaeB2}5KDel58JW$_7c&2YgW$_% zYmxCI*7eKT(ioX6-j<9vlwyI4l8o&(VMW5>MP4gr5v)cT?;Q_r3 zbJU(O%ABl{rn9fe-%u>63CsdaWM*u-lHnr@lDXPGD@pXqgJR)QqI@`rD9+BziE{&I z9cV~I__#M-(uGoyE{Gy7+zO4Bxc>wVIWThFe*7JE+c-DM zt~!qiVvv{CSrV!52C!6~Fvo=NO}1iD8eML^yhzObWUQZ7GOv=SmGQUy;RF^N@?rO| zjFDQ}(ahJrc)K%OdDfZt#$E;oa`oSDdR(~Z4XX#ArWCfVe)^mO&$Tf^RDs;BMQ95#Sc*7@ zRw`jFw12)h=z!jjvMYf36(;%BwTivnE3u}`FFb1gMErJjo|RGCT(xYk{I-OcFr|9< zPv92zUu~f6Kzg`gUjkB3)_G^ZL1@6X;P$f)ARAQH9ls})@(4Ap+^BC#YEISpoe4EU zV9|a4eD56e)SWKdFIm>gpLw)d%%W6n`i~b<3m*iDZKG!|^|dkfB_Unkz~>WD5!kZ3 z>W65JnV}N-A+5Y5w!*Mie#f1ZrSth3{r>zLznSQFlYKV9TsuDrtE9XNkM*_8FM!$q zh5Oi$ZDzSWwahF?5HUscmZ)mW=8MxlRr|d6$h`Es&6N<6Wo$oyCz{84LHP<6Ue?f> zfN=W>Hl0z4srXjs8{{M;)qpWh3PaA&I8im}kcoU~l42*6bX=(j5*{1d(r0aciY%lJky-l0o`DG=qho0z{o?uN=vW;17rOSGN{u!w^1 z5kQmplS~Z~5lyu7p|O#}UaI-ocmIc-<~_FEBV`SG@}0tE3^=Q01_PV%aEkU+4sCnG zqrt~?LB_i|-=+^ziand{Qi8*O)dW@Z1fx=a9MY&USuR`vvLps2wHuNr2FXR%zJ#0# zS;^e)y|g|l9(nMHVH5QKZW)!Xsc-XYIQ(nc;D(i#E=?Jymvyv7lx@f+Zqambt7FF@ z9{%=K7!o^x5hu8_GEGE%%?9d_{K1FAP%&I$x zY0m<5(e6wS39*Uq;ch;B+Vz!v?NFfR*uKm)qM}=X5J!iYaS8rXr#ncd+m<@++nEch zg-|9XV1>-8H8(|C*YPTe zvL;7jmH@p`jrH;gyVv2>#k#EIKyBGjy{gnXTcoS^hB1j)p^(dHoytJz*ag4mOAmwQ z|3T1ntgTnKX{3x^Q@*q3*^)~OF7US5Lw%q~*TvB~v{oWkJ0WCFyvym5ZrMLl#TUut zQ(JnyMemHpC$}V&E}eXV$2t!0LNKYt*4GEO5Foz(N~YB>@e{L2Rch z1Dbe3kt-v8ybW!!w!ONvn=o@(p_lyyRrisT^KH{*l3gS+!rD8aRsOR|q!+Prqzp<0 zWEGFuM;%Dd%jLysNKa{xc=+I)QZnT;cs5)^q2(m%$zhJnXU%ZUfr!;^wx~DZyUd7e ztP~Fj5U$W%1Sc3Fh7iRg@>U;umrN@$>v=lb4J8SHG@jihmWJdSPB-Rf2n-RKLTLd=q+7?wwBZavsV6fYBPTkq}w9a8&8SrEr; z$5Sn+&LGMnfym#~uAt^IP;&jW{jq+9>IgIA%l*l{D76ZgiR?AdEblcXSuj}A_-B;_ zl0`*GaW9KAtPv*c@GuUOX3wm-HjJq(pVOPpp=lDdGymFA48BiSi!(7EVQinhih1wG zT%T5JZ)@?!s!l)o7e|R^hi`Q{LT?LK*7fwpW9LGS*iB7by|U>fwm0Ue{^3n@wC!B6 zJGBMy+JW(Z>TRQ&LFN1aXVwI;RkfKq_4@>ZU6WRuRV~+NX9_}6?h&AfYWF5d|19}S zy_7cM@g{-UXL0KvjRdNS1jI;IGEWZXwwD?zHf1PZi_OD{pz{2yXs`%!kc%qP=VvjA zrLhZ3Jo+xz$V*2Ys{dl^33%ct?61I3F*85?0Uxd!y+#;InAa)UJQQLv~tS4L% zp11P9ys_;oaHrmyoT@xqwqo<5oXaMZ&-5nYbF|8xt$aV*i9c^uR~`v>m>7?pWavj( zjHKo^0eC_7?(}MApmC4b%}M@Ia2?c-P*Ah6{X6c^h~5J}nI-ZTJY#P#`vw)rCb|aI>WvCBC)T=TXvm}>_t)9~L-{JetMeQgWD<2f~(YMct#zr+;d(+-_ z4e?*wK+(gtHr|4IYGO85h!MDn>hG}saH2%C7ZHp)1xcjg?XhG^*q)vyu~K8GI6n?K z$Chn`v{Dwm5-A@{rc8Hvy@x@x51Oq4>BQa?*PuteM2@mM=*ke9v;uRy%HLhpFk&@| z=^>Ll>u+>_B@fByA=zMX*}vnlXYyo$Mi+UKnM8VZ08MRlAXUU|O1$Hza;y?R;KWZ<5NpgEl(c^}98eGNz|{~81_ z11Xux;z5XuDDqcA**=R{%J{F$tE9)lJ+tvQ6Lzq7dokoJUX2LR8oVTUQn+!XuZ{Zc zY3mFBs`9_jxoBZ+p%FW+ot?46S@0jx6Dl3Dv7-ll6%OsX!9G3!mm14@Z9T>UY~QE3 zQ~Qp9QXU<2)bJLn-yXPwjVmAQEOOWs-if9(#?K@!;SkolkW)V@y}`xv<(-Hqg$nrs z_g8N6+kXz^Oo;M=`piNH>U|R()v9A0CAl&01{RgYpcyW?6!9UVxrCVU~Big!7qh z-KW(sNNVRGETxg{DJVJqZBXkr$96y3g8F1^HaFM#skda@eIU+DvpB(k`=JYo9cwP^ zY06^^-dbMlr9)iFO3JDpetiDj$_~)E?Pam$P3%nuj7Rt%JG}qw2pUZT zp*#;Z6!2cZ{ntykt%d9&Y1L6d*TqGm47q&>KAURdhoS_3H>%O@BCh{9>7_^3^|-8% z>y;^uxxA>MQUq!;BY*cE8%39UGeiHBt2^=J%jns=@~Q|0Uk6OHFQ1T&cO+)*37^y8 zhqGRXU5!*JHKQorByt57A|=_sl^aR-v?_y$Bosr4k>eA%RF0&B4)nJvi%3TGw&gVy zT)#(1i)Mz)d%m@H>e!WB2&&OY3zL$VYG3au5{EZB4-g}%fLbezKdxaM{m$cNO*q#zO_hu5i*5rIS87AkLUQWUO z7%awg+~m2+^l$3PHc=B*$iWF`6$DVtylM((!fU&Ps_>Y^bG|ZTA;b{e=L(XLBK%vW zRP&6L8^1tzT(tit4|BGkfHY_7Ku|$cbz(&VzX^gSA_x2l3f@mi6S=m$-bI~4TNpgmeBr;RqDO7L$nSK19T&JMX^1RsB3aR8 zf0S=%rc;7QtrmEl4==-WiqnqXaF;t#5^JTC`@1m^dtnKF0XFqM8{W@4x2?Bgt;OP+ zy$+I?F+}EF>$49*m@?gN^T;XG(Ye3UieY7Gt=c@vco$%EakS>}#AAN?9#`9a5|Q(j z4m8J&c^OtD7ctTeZ&no*vpUBVO zyU&WpCh{M$S1wq&e$O|yRg5_Oes@1pLM|{#T*BBtc^E2E7lZU})J>M?QN!6@QvVLV zm1<_>JC6dG^GHil9C_3U0Rweusbc~#R(Ghc+D{UtSIIZ+Bh4s0Zy2EAEx-?xI?J@I z&y|}Pd64xwZc^<*Wdu|ze&Dq|g&z(|mloq=kVz?5x$AdB7hL{7?&S8w$sd%y|A_5H z)!OMMf!;{$BD`Rt6TcXnsK|9?%lofVyG(KNc9%mZn3ye43V^}hQ66hnpybBG;PeT$ zkh9&ktq_&m{fpAg^KitbO7&mm@uQVy24q6t<>|HT7IWH%b@tBE^4%X($XT_cXmnms`QvV z(CQ%JROtCHt4@tkAfa$xM=L2L4%VYjLI{b+KecJ|Bm#%J0mT0CaPOtDgnnRkCD#;j zrilf@;KaiuAsKQ>JW1U0MW;CPbCufokHH9pAnr3v(Ff$*D8Y!RcS7%aCm&7-!*o17 z-`>7AU$IcEM7=lhxfZqR3caE!OeKjcDUQ4xE+?r%l1wfZlMb_>@+7H>=8uHrNqWwF zJ~88ojo!&d-7AaxM zcFBwJre!FKVXGKmP6k}B_sAcmEu2@@S-0Ge%8f*CsmppU4RNUmKxY|3tT&E3#6uG4 zWf6Pqu=_gc8)FVWQj{H~4iEV;$9`7RrC{La-T^T4vo2S@3z(W?FpYvebOm`IK@vU(%EQC5oTgQIbf3EC@P2p?~atx>g9gUF1tf2OP0{Im-yREphe=Dxd z>Dg{R1D9unHQm6uCPQzF8Yt$s2~{W;uWeG(Q$a*TBObJtCKcyQ>(!IxcIS2yo)fbo=az z!U(zo?L`TPf%$8f2{;X~Q0|MT(VmlrE zA?{*JMD6KwBU?0%y@)tYQ=pV#jzS7O7*e~N_#(twuKw>8Bqw88K)`y}N68oqjy4ue z3q!y6)~yk82H-cD|7P;J#b)1Cc1ZPW-i5j=N`H}9YK>}Qpw&Lx((VotJl^Z7fUGX4 zt3=(z=Sg?!r-Cxwp-=I!KsFJiuyj{`Pe-1ZxPEJXG1b^T&Gg-rJNrYA?z;X&?5RaF z<-|hI)9T7WxG*rxIi(d@-aN+axA~)d3X_&2XnZ&>J@SWbF)89an55qKY2*C~PG&{Q z;(#&GS(H^XQdi10n8{Ar{_!6?VJ4pjmMDgoiR~t;( z7f=y!s_0Fi1mFVyOvpjeVnd~OAQ46hevv10rrKH}9Z&&&$D1mAwU_IKTaqZ1Y-P)E zgLB4&5f>+n#mM?1aMzie_pB}^ZV88A?_FIhmw_CEj5Mz%>vWXKUxTagQd!7e>RHNE zdj&Hh^?1f8KbIy1*P`Tjeyu&1u))gloVXkDTSJfP-pnuV1bPd7#9)QllU4Aw-u>~+ zk8IL|d;$M#`2<(4Q5BTvC4-%Y#shY)^rRbG&rMA;L@Y!yf!b`0J01p1)fMx5UT&wzyAIGpFrq zb-(N+9gV1ic3SbWT$}A2GdE3%1svLnTIS8z(F>NRhVdWKFMGQ0Wz=_11s4E(y3YY` zWxPSZh$eEkG89JMvfHp5#s47}XYsLdA}BwbtCF0GL8v)e`By@T6Ztk^&nTeyy=)Tn zCr!g^bC)7qD62fAyprH}cnAd{jY$NRT`2s6ANh$>+0#Y3>oFBqxDbjKaI^^+1m zWH0o5MSdTj_%C;%0KLSnDS$epsBGQmy{>6M9WA9N4|{o9%K%@??6VofFsxMWc{ycM zSuLV*#+U8f+RPW`^3b5cjTR#SbGN{Y0sbjLLUfN3fTLk_rMD30wBbEVRFMF zro?T~(;*|H0X-&L?K3tfOp->hF8J*aG~ESpkLNK%URq%tpgr8>zn%B5r1h}K=&n}3 zYnhq55HQS_5{TP|#HJ&v%sR5i70Y~!7Ng6&(nI4famtdtg{AhfF5MA%(3@L={aC|GbWT$f_I^ol$2Jpa@dEmfQ)H9bJv~ePluT- z6aWhImxT!_s-qmaH1nMgQX?B4J5054Shrd@Wy23-JW65zxym?E4dkiXLXfBY^-T@O zSJb(2?eb{lL-(GQsKogDtt3jwp8IZ<#06f86PCzNoIM^SjJcaX9J6pTm#~xSHJOm+ z!2xqYl%kWD+YZBiiVBv@Ko%U#*b25ppTm zzv8Ltr~d#d9vB%=@yvHkz(9{n8{guUoHI`iyKq>hwRBShg$8!evWBhA{bA`Tq**nl z_7LsJD(q(N#jsoqTI{cwl9j-AUYJ_Y_GFv)BCaiU1)WqMKkt=;T;O)6P$uGM+J|Af zXFlS8oNUV^3q6y3k5;xf6;ZH4Gn90)!-#x-o|t#Mps$M3II?iHImHy#?^(+H&pg?F zdZ4W61+*cp-dR>0Z-i8(A@_nm?n&*~vOmT>Ax?M7uqVMd0-YC_E-Epv)Ypf_98+_}~2@)%=^kB^^+ zgfnY*WXradU>kl27dBdn4c92Dt6|L_l1vw3aUv`dZEx{i79!^=(H(yE14#4hY@5C@ zZ8GP-QsO;i#e5x9mKYcOeZj+H3v}s3Tuby#Tt%Qp*>3#KcL>x*X1t}?Mnc)oMiq5<4`|<%3lfNd$>$gPavhjQ@vc_0#@Bb zqT+h-XwOYlL&@Y9H%x$emR!fy_GEzUR+F=h<3@B`LUq3jx;#+_vG7Rj%jaRxG2+9~ z>_9D3o}3SQ=y{o^3@ddog;C6zpVe4CPkHZn@gS$`bPT~J?uxL7dGhKVaDBq1lOl#p zjlQb-i1L5$4ZiE3hch`vjxD8n}6DFdXf8bRtuC zPZ#B|Qp;v}REOnOkRaPPA^`uctjj4vqK5VbX3J{1ckeuKTa50s$7P=K&2b^D4(&>d z*a`;%o+3s~-=Z$A9efPSUcHA!L7oVFh#V9^yX7)kp+TWhYsL%fS~zPNg0>&^cx+v? zN%&G(ipmdCz2n{Vs^+Ik)k^A}N==m-fb_aXon`n#lCMPOUVF-Yl*D@u-O&;V^5Wmh zu56Y~#UY{t&IQCKfmaIcP%2>N?uoGB^jcuBuhp!q=YP!)5l6HdOS62T30wy#iI(v8 zuZmy!v2!scnW40WX#5c2{4tDjuEgAbgyI`e@oKBYw^W%C>aOrS23md_Rs)ZH7mJ;) zyD59F-u@wI(fai-0Xpl{{z$}AInla*X4lI6E9wHvP#C|R-#;^n8^jma7CBspm&%qb zthHDo8s?T?X}MMbtgbr%s%NT`CF+pQwdniQX z+#TD@bv=V8Dp2|NUn+{gbP5)Lf-MCKwpho02(VB~=ec1?Hx`=^Cn@Y1U&fW9o|-0m zlBQR}qA0qjNGGM##+kK)&&b7`A#t0`Vq&-U2U%yj@QCm=#M5uJv69T%x_YkQjYNIg zv69YIY4ys#zKy~7A56F0B|b*$Xf>o)^=&f6yL%lQHg1mOd%vxD)7(HWW~W0=hdStR zESx%fr`?nLf`UNr-130KCfCfBD^@K-$4vq17~NwM8mmF>9%HaCO+0H8nfoRV6vaDg z-m+2e$Uh%912QT(L3%pp(^fs*W4i&C-7S%ndm7_9LHU}i)Ffkmc!{bPNk~5UUkwtj z6>yRDqdf>%p;s1}0*=^VpFC)1h7gv+T{~#>xq^w&1iffpR&R2W?o!1;f%VkMqIe5z zlrH~xd$#ItTDhv#vt|5z$cNMF!QGj`)xpLtYaM$$Dd$sZ}13l~dzY9RyhV#(UX8=QgiAjX^0!5r?QW;;guKQY6-5ahgb_c1L93B#8Eh;JT`A;yM~#5BOb& z^r|Ud+UEe&?M>E}wW5x+ zy@)5i43oB%$qu1O^3pV4W~hSdemVLwZdfUS zTrY;Ds)kqF_}7nxrD*!(tkH&u?&=VT&@PI4|3q_6vRyx-plHKYf)>4%4EFIly{*1U z%$n+-C!trTWsrzZo44>N^FcRzkb<~G@sZ7Sf(lqngE_58kweGL@#cvaF_c>*{IETo zCq{&Gm zq!Y*P9XDVA&l&HF+I++mcbOTG^k`R`Df{GxDCDnl3I*cgjvS5h12^;DoThKFpIw-G z(qfrbp*_iixve>vu`dE%7oi5e;$yI`Z|_)kU5#v)_?HZIfUbhp%Dv*bSO=BeG#>lx z_80neY5Jga{C9pC)tN(%pcg`6!k{#8(Kek4o{rAG)5p>rWO(25ob-<^-W^GYuBQ>7uYQu^$OeH=)SM#vAE zKD2zsBLnz9(VnxZL$z(4H(s5aO-F`)MpyUTvKyS_FY@LXJaQ9}YYiLNKv@s?f;=}e zOioU|OqEk%5Y91#pL{H}V3=giTQX?vHdsUB`ZM;|Ai;#+aEE+cTJOfP&_}-O^W-^E zCsnE7hFDTwOJl2UKQEHWd*K^Ax2RY&q5eT}7F!^iy8vsNx36*9i^wa6q>*-oQnvp7 zv*yce6!{CSB5NiwG~Gk)ptPT>Dg2dH_Kenz#-PCB)Ba*;90`(q`0vS$^BVVk$|X}Q zk%Y7XZDr!=hlwK2l*@*3Qscd#SyiNw5}qPAJB10#U3b|BQnV@byFU%LoQ+k_Qm07L zY+69{LW}7QGrjPRsXLs9wyRezm%dq{c(P3b38&@H`a8=rs-{V6H+7vB%2%wh|Ko@w zq42 z2h{7=7(a#VloZOhg>Y0-p}rQ&6hl~n)|N0{j;9{`_>df0H&ep!qxUEdU9P1blcSE} zf6|X5ut-iI?8}5OE?uLCRm@Pjq+b%IJGw(y{fR!@5 z_Jo<=0RPa+;Q8c6Et14~Cl54Z#=RkK5y7HVrGVB(Vew$*{C}O{M~r+1I9f(gY>3~l znQCVkcGmcuB^kdE;(oq*zPwb`NWerl{E@RmEcT08^QF_ZZf4|ePlRUvFZC5|%T~6* zzEEyN*g2Jb9<>B68fi}-t{!t~P;&@0Orxh<{wkZS!20u-tvIC<-JI(cz+Gl&zT+D2 zaL`=!4RR&shr2fpo;&`6*TnO8HBtf`Kt)71|P4iU`ndN(H2@5}doP@Y#-GybBWX8Q6zBQ$aN zuSEgt;B5FqWU6SF?M^vv5TyAij;o3)^#8FY?6>Z~z^UQD0J5ej$3(^ZvE6$+jHPdpi@OK$pVfJ?(~}g`7Hxm zyq{XRx65Cu(%lF5`uR*(A~@@uC1)jlB0j`r3CUmhk>#RYngQDrxB;AS(pYAuB9=(e6*00Emyg<9qv!$lFG%Lr9LkH*@Bb znWd|%^Q28}sZ&80lPWQ0M@fsEJ0yDC)T}L@Y^B~b8_=~5tbLK0)1}QVLq`8&^&1Vu zbw292^v<*cb@0Ae%diWg2%kz}-IM{x0FgOH#RZ_^v9;bgRKz}vW0$CQn;0E!5 z(W-RL|21>raoP zC-(*7r|0XrW5(ic*e#IfZGV-`3;M_DJe;vYtGUt6YrmxX57}NtmL=&|olXJw!+Mdp z6-(WLiJ_C2ks6sKT zGj%RxR!s8PN(Ha-J9xpj_?hEEPFXI+hPcP@OV@_dlOt2DuH!!(N?6F&-Jj~)v0;y1 zusHgZ$D+nFMHPyv|MFzwvhxQbTstcGB zit$cXUIka)EJvrIjy!`q+e4`;haScDJf7^#nO(XX85#YsNipY59|sVSlP~)z(N}rw zs*%cpSf!NZP1&^FlJG#d2kPSe&}u9z+rJkE>URjrLI`z1!}7FyWz2?dTD8<_B6kyd z(o8+e!Xsq%-R~a6zNBO^>#>t6?t-15=&o~h#buZMJPyc+)M_B81)cL8}e zriX|dKNeN~4J22WKQ(UV#mfBH8 zq00)DDM34)IaZyT_nk2MP@ruE5ug*LCq{CUGxph{sXyz|*mT#P)IhP6WHso(3<#@N z`rzpJOI<4iKURZ6wV37m%j7E0Q)8JMt(eBS3kUaD^=H$Paj!%g=^tAw5d;1A4e}#| z>ecEKax7j$dqwKd`BukIvR>F`xQ6E;gBcB}Wz%6!`^ui>Lgv)IMPn}8Kqg6@p|fz4 zCA1G`wnknuZB!ICRdo?w(>`%!h$lk*XI6L~0h#+GnNH zLz~|{Xs_V%MD}4R=b1=#=9!2Nc0+i1PNV2Xq3vY-Os7hrFzAn9q>7BXKrl|pBs!jb z8oiDdULMVGK96}?E110iP2sbP_T~XIP{KZAPuGVKEnvqUQ^N_1y<7Oh7 z#{WKHkiOs2KsFMd3_ZpAfHfv8uL^)~9OKGicHbW!UO8cE=TNCLcOQW*Wzwnx%^SSS zq`ZKo=fe2jmvh{swE;Gi)u*WZ?2x3e9uqI^5g|b3@%4B4;N-u;RTrT%kc$eikN3~g zfUa60mlq_Vf2`U}fiohedH(nNw&V0?)&_{#@H<2)nT{rCCZ+{ETwWF81(MI=vkkn| zz@!Bw&k<~SRJN5gDXqec169O3(f5PSWzu0{2ERSfUt?JdsjB($f|Wb^scjZ87wN)G zU`l4t{2PD6op!S4Jb<&QLip*`Cib5^>zhn=z6N-%e0Jx)7HOvpC;cG(+{2~>CGe`B zG4S(0M_TOU3g|D9MdM;^#yjm}%w8FV9-AJl*z)ipr(VxnrW+Rj!JQrCj2QgX(s%ou z>C{&3S)&&L|179NZh`v|zX)Rqv z2-x_ywsNavS?fbs=bWJy#t&(y{pzudv#IsHA!fA_V4r!36r4sS@O48%kY1t^XMRW} z2+2p%g)%gG%jplcqr}Y>iHC9D);4+9+dQ zh!oWuW&^^Ebw3pU)KNEK&)fIoV|mINa?Xx(+8KT98nAlZgJB>*@ITqr9qD6K&ga|< z7cxjb;CQFHL)ELn1fgfh`VWiW1yME=hdH^@Lo9q96Tlps7!i>>Qg=} z*35l%80a)R-3p+dG})oA;_ov>8&+|r0}VTTjEk+w_==eF)(3|qBagavHHra$Sj)1t zcfM?8FNSHvDw^v_r(D$H%M^H??{XcZ1fUNr2dad6{cX;_Xs0Y_j52(O1v_7+O_bgj zfnMGDN-IvnMXC35=pFSzbjshKv>COO(U;H=YLoC6QJd~-)M`3%&uulFhpxDR!u>3= zDlL&=i$KS%SNd7Xn^;+aCx+D7iGidiM_4nBje)3S1Y@beoQVP<)R4-(!4q?U36*?u{QXy)oc2p4@WRV;_2;Pv-qZiJG=${Ogqu5;+Ujo!BziA0PAyiDZL$|d{C+82jp+gw&0gSD z5@_22M{ZtC@pnYhNfLMhXu})f|10e+qv~3gc3}b`5FCO95AN6I_DawMh26_u23H#&^fK{9&+G)7{lo^>lUB({sYs6el_oZR!~_ z5@Hy#fVBre^3#d>tA_6muj0GD*SiLvfXdUoc;Qb}D-S+|GD>S@{uqnt4ZXEcG1H`= z*yi{l1+9X&C9*)88$rW^JU{NxdZ1|PaYSk9CH6czD3#NuS;R@7s` zft74IeUm%JVLc?7EqTTCap% zSBV=7%0^to=JMrNTn5pKgs6WJro&C%VFCh1F4pN;miRg-1cN5atO` zT!=IoafW5&|CcGZ1wU_DQ^#;$00$NN39jai(q;;Yqw$zK{;b?3&TndRUMPOp%^dTu zv4v~;VdEuEu(ZZ8`UoH(w~jr&b$joLPPgg#RZC%crk0}4%AO?|WTPevj{4Fq{mq}f z&}I;?A`+Vv-=ZO7$pnTXTRwCf7Z9u~rkE*j%>GWdQqX4Fuit-N zo*2;~cFI>am+g*mi#3wm7&RYPE0kPZ!!6Wh(5e*Jx2lX1q^(5tJ-I15;PPZR8?6dm zrf7^?G;z2Gzc-fZmA!-3Tdr87ga<7NjMyRfYoIifilb@GKT4@Zk!d43+&v`Z<^+Ri#89h}-i;_!+HdRVhS(4f) z(uTh8&wkW>!7OBZD;1yvUL&K08RA?`bxD^A6O5nnc2TwbM)s}Sm9~5h71JfUtzBch z%K4+H9LUy{kn%8VIM{dQ9`oq(Ow4tm{xWmHm9 zN`uOZ5o8^9IvG+vmFwdd&1z+gcNH|KZ6j6yD#p=;L7E@px5i5!RKE^>ZR_&zak!`2 zJ*kBXM4O_no}a$(QgQl~w13pzl7h>eS#1UvQRUX-*#hp9{OO&}c>jTjLw>KG=~H?6 z7>Xf$ZXnmzol_URUC;((inTWNA^}v{{UV2mehrcySgCpy-JE<>`4UyQvxWNXQQMoe0kJhAmfH< zOpeMIT?S;DQLeyo%igFPPAQ#<#P*K>Te7#ro~MXxKS>D-`BCof5dS3hxN?;`Qh`>M z4?eHK8#%lM8ylz2hPstcQYk}by~Ealust(O@HOM^{w$9+jLH*n=5BF4J;OE)A|^7P zaFzkSVJ>{p079<^e%?bF2j%xb5FT^hVN_nML$lV^QBn4tEV7=JUb_3NU(5^F+*?*316jgG`*~#P z^QeT4c)$Rz4VcA0)aHn1sew*dhMeP;2M`ohs)TW&)jCeJf1lWi=#XNUdn(D>>*`|9 zrq0iygOc&A(^*YMmPb&<94#mq}((O)4ZMY3vXFgf#N2fg{-@=i|RxnN18-}Q@`bFFp- z<7KR<#Pi2IuB(GizWVrut@_C_g@`VP(e)4!7wXMVmxZ=LnIxt$Y&SdoyZH1b!%b0u zeidSAXjF2ieY#uY;oWVqEKHZe$txzsGJEgb@LsoRyr$eblWz@f2A>66&>+>+7a^fw zbHf0e+cl?LEqnc#nuhSC`sh*i9?ASfyW+&9q3@lO*mDj!?Qg3%T6)j2Bl8>Tef5%X zBNCS$;RXf;wqHdwYWEZ?8!*`j94a}UzVJFzbn=U8Je@;`9P(!Pfuw z^z?6T1@E8M?;2I2{hD!YqqsOoFG+}VQ2-QvA!-#0JB5ho0$3@Wq0X%wN}HvZp1O?X zX}3EUTcbym4|k_q{SU7-?{BY1ha=CfRgWk~&yD-m&o9ZBMPv``UDDoi+N?(}y|44= zx*6IQ1tT^=#0n&bZg*OL&wUtdwy#*eGUk}7cgS-fn2sJ6&6C2yV}^nRp1q~EGLeb% zS??(uYY{NGe*5ZNWYakL?IJr0n_=12cdO6C1h{|bakzOls>EJco1bb=8Hki-dPYW_ z>|EE^KW4I8^IL=ukBW$S> zK}})Nv9Ol^;dHu6P76#qISf$%tIi($m+Nq#$&nsi=q01=xtK&LaS^WKEaT+RGlktS z$bMa(Juv4V${n7(73}gQGJhA^d~=i1*4^0F(h`InR5 z>M&pNgM9bY!s~LS5-S#HfM9niv2m|(6*Y&y($DIx0KfFqSJrWntn_nLT(DaHmOTA}FUnT&x{TU5oFwGh3PE-Fm}TgYrs5eS4zMM0SExCuGw|rzi2EqL8)a%Z5|B_Cl>Cs*{Zizy-qQQ< zzN;T>Lth>eTvdo93o=K;D7MW^=abU4@p)|;d%>m;^^$) zrKm4#U@~sJua-;Hg-kxlg>YFM*_6r~*s45_2#XofotpMI_FV*selGc8nD3qHujGzn zn19cNwRL$TOar$cSLbr?>JVl7onMwtselzt3U2WrC0RJ@8J-AutHV^nf5Ms~#TrE! zOCw9Up~D)lEXfhet_(l*#^`sDOl|z}nU>GKDs|Vyh&@8pOAK{Je^1j3(U5Z0^8i9S z)x#PkiNQ`v;K%JLYV32>xB0G_7ZTB&FZfD4C$*e&p5q>*7l)$nB#o3%Lk;*LfM=+e z6+VveIKy*%tg(aVGBoY1Rk6heb+mc%ulKGvocfaFwwvB7q<{X=Vl2N4)Zf10Wp$+v zvni$&(>FF?zK^%7pVqoviKi>d>VaU+_>}m2AbgX4C|6Tjss@|KBDtRjlv14(`i!=S z8fw%vaEGJK&)Ar zDff^A=&m=(@`hKEgb6Go@Zl?3MW2l3_8CpSRd@nVWn7ggPJgB>0Gb(@IyG|oAX3iq zd##ze*3>>|vsWdcHR$j&ciH5aUf*QjZITrS&8lqX&%NDh7BoJ2b+4L0?uVuEFhdB+oFBM`rJ_9mA_}z!CQ7!EJL=JxrAY~ar8n+PMsB7KyL<=^ z)HD!3U2y=v9qy_TpXEoR)n-4R2#Oizrw>YD>}zr>{teu5n7;wXMZ}wvKj>iAH3#it*-%E$7Wbw(s=9y zqA7UjTprFnx6*c7!T4g`;)ml3$yG_5SFR@eSiQ1^~tZ;nA^=gNl-Y0cOzhFa0a03_7t8+NS*N_IC|HPBy-?UoNG(}Sr%xh`v z;l$QRHV(A*f%CG)uue-d5sn4rm3qPN732@zybY7ZT?I9E80v9UPJvSDRdo1HKvN6f z$EOxGM{V<<7dU<^y(O9plWT4_)-9HgVWp4cS1Q58`B&Qmo+;f`Ti_}k4@g&Cu6H&PXVlam*c&EgqcW&s{1eK*NW-T3)>WCv(^>G9 zu*U zst)*2oe_#NPKSG!yu>ja5&j{Tu@`8pWJCD`Qto-Yco6NkK>7rPFeVJ0P#O~LSB{tp z=g6JXccg8NsGDqm>Qa-R*fL`<*`F|+dy5#fD&+Ol-i5Ystx3sjk5=!}r5usRzX)Z& zh_P*N=(4{{r8g$cIIV;RD51ziP(Y5Caz75aA$UGQBUW@zE9g7VoaKXt;tnm%VMFHZ zPt_yM0j^bokzh4+)}iE1Jfovp1`-F-Hq+&Lir-HTfv&>4_qg9F;{J-vgfkYj*?dkv z_-Ee7fwQa6L1&|1UV!I)94LFQnS5vkRXBzW;q&wzrCDXp+N>sUG6K(?g*C0D%lo87#NL`9sa!q(&$@sy}w9v(oUnBWIz;-hX4)5YREO zST88Hl3@$sosbtO^B5=CN@TmQpfAy~-fp`ST6yP?TONV~?bh-c9g>6bDedsV@>xR^ z#@@qwBrsji^Jk17Ba{fesF}Jnm5Dbjq}?}!FSyp2{X@7woXf(h#=cIWFlJCkMbwlg zi_nkq=9u-2+7!#J9SDCrY~L{ zmEE5Ud>ebZ0!vR`i~JQ<54V#1u}ZrfhNCC;pniarQE;{^&HtfE!=pWk>05QGAqxqF z<^DEDK(Bk-{OPG_#qA5!r^@jI#R?u7coFGd$ZnF*peL^YFa{Gz)^_=^f&7MqF(9VZ z1%*1*DX?$GVZy3v=j3%b{+;KDv5&8aJLsy}_i&6J?d`MvzHy00yBUR`V@hYBvc%LXyAL#=M#2?-{ zzXW@cRoay!M++~UNPX<~h@f=C=$O>#*s-Gw9y zp&yAq7exDJP%dzHN9;VTFs;4r(_35g-id9H!(0#*UE8*eq)A#fNEe#616p9=t6o;X zF|@!p2ByTw9unH=Ju49 znqn?0`j6!si);qzss=AcwW#}c_FpHFwnVNU;d8-!s)sCGK#ji?OV?ZBj+T$F>BEeo zt}RCRXI&(P3<{o<9lZaI6cc`v6Bj&86Bpoh6NRZ451$u!8D|!$OsjN`PH>l)aNfux zN=ScPbB+*F1hDC?!96}mT5BAwcpZj3LRxQoT7em+m z9Kv^b{QmLc$-A2TGbg>gvl?A~dQKbNZ(}_C+15V;XTB-1kfo&0zHAsXbLrR5qV-pi zalL_^uOZ^bjEi%Nn(YIaxOf`dur^R*3xK}Z`r-uwPSgWgKGi~%?A>YoS@w@i9+vqk ztHjrC9+#x?nxd}cd-1w11dVa+1D1*U7qW|orp?!4bb)hoXZ@*7{>GpXuI z&k>x5Z{kMX+_OuMr^B!Zb$_U5+J=^mz#)4)_}YmnKNu6fqmRgpyEb-jVo6Atnz#|VyGq*Tt5Ui5rxzbdo>scb52PKbHEx8H?de3x4|-QX;Elt zqgT5AwV;|De0#NeTIi}a<~SGFi#(69))bz1-Y3*>y7-2ef!VnS5$O>-rTrV`HY9ig zM%5{H!n-#Osb0W^eToIr^LPgI8*T5nBzUm#9{17#{tQ?PG*fz)#S*OjhQhViUZ(($YVORFL6iuUXDwuQE;k7451+GUA%mdi6h zjl4?(Ha>^qW$hbf*Nl!k5uwyb0Fza+=ur1pr|%30v)oo_^Lan7`W|a7zSd9@wJz(T z^@UxniJ~pFQ#CycuZE2|el=nstDX%!#EyNfkj3go3+Z`^$kAR{UV)z#-LrTv>ql~0Q5}d7`v4957BA({Q>N?_ynkNk7%fI*SdIh`q>7= zs3&Y5O2n8O&*D(V=I#!YXnXyws<4}NR4|=beHo)n>X-RUaK2|Y^B;&eZM<4BG`=#z zL)+F!hX+^sJoO@?IK!#h{hPus( zw)6u=6yU6nk+MGR)rxbS$NdePHNFUGZ9^SCfOrrCqG8Ni+YXTsFLdq7Sz%N3rMT{F zoN5~RJByXZw#*cM1VVc0Kf63EAf2$?@;1S|c^>aJVNc%9OY1mM@YBHPUjFfN+-D1= z2s?%oRN zrf0iA`Fjh>+g(PfOm-4HIA)ytM4M0~XT&kb7}4j-G8v4;Y^ z-Mnl&uIL9fh(4UNOR))_b(9EVBmL3WY6Ar>SYNnceMRUmEDCwFtCcr=S80};9pj^0 zGt(pmyaif+Yz$hm7G6Tbd(%VL@=pX|H64?_f$Uc;@)FcC z5aCuvg%qhfUUwCb;P*`n1sX9xw)&@ae!lBX!hzviLOm@cZvA3!3pRbRPw25SdVe>0 zJS1{`Sxmql^NGeDbFE|eVlz7mfYPfsII)7urnoF)7O@Z~9b1PsA_~Jx*hHO!lNO=~ zlGhfx5rh|Deq6cs(!oC>nIhfK>DOvZU8OkuIzjj@Yh0RMZdGk)kZt{#@s=amzA{;) z`BD#8l-{)^{JMq&>5d+akCUmpQA7Wai-9f^+Q74D8*>HfIF=Y@^+6-#EyQKy99w`n zqj_tIs?S0>BW4=TMwHYW4QsCH*Sbe5=ZV`pSEDQkxB={2h@kYFv%s*yl8M^Fi_0e5 z&h^p?A`c9P3|T4xpyitVT6wuw^gsZosl$(V+h9rbswUa}6Xh6ZHFK_guQW7-kD}Uq zB%v#805qG(#&bnyju1?t16RT|0VlsUB}h+pmy=3}a#2XB3yRtV=MYM)9B27Jp%kAA zDudCa?FB#NP`hYQlWKj+^rRo&C?ko;>2MHRr;9uu_`S}6jTVkrU( z(`pHybTY@F7q+xyIW;YDcKdPweVH=Y-cB=dTb=$vyt53e;u z;eKS<8_I_2)Vg;%`#^CPlg)FRz7@5$qP}xe`6^Y4Ps62%fiKkj=WcF=Haj=X@tC0B zL+bbk<9U>W`$CbaNM$hKC-o&nL^kz%G!-ii%;*juhj!~g)+B6{`pkV>j0O?Y0c#=A_8b}wRAZgq+4#-f0egQ0x`B7arNE_J{Y2k*UiBgV zAjtcG&aEIEx`0T*$+#_yptMQ3j!MVny_u%NcmFl~bHAheVX7!3zWK)!w~o0|?Lk2YRM0 zsJ2DPa&Pj&hRyCSBTPwfV8>?U+_aQY2hg=;ooVhONYx;L1;g$ShNPrZdc7LzEG233 z#1CoK!v&K=p)-6a*O)CrRc{b}GvIMj8T{jZk^09S>|V|j6<3L`4)lrEn=_W0TG=jn zO4p-E9R9kOX5|>_j=lA_o>#@(2!f+Uo4L^5!LEhN4yjX^*$T<#(nEx8t^vTC6OV{0 zd!+yc_tMEC%CzZAmt}uagw9(w z{KgpqXN{_-kOTVzrT}QN4u6pP)P#4}<0Ytu+O&pyjV(F+28Fw3`&~E2?`#6owpJL$ zrC1on!ZZ^Cuk-@-c6DxelPs1!`(S?gu(cES<^kZPN2`qV1+6r$?5p2b`xdF^kbvwi z6Ej#t4Kh?GvgnV|7IxRQSS+Jl z!_;VFIsQ9mMqB>Gf{!kLa=^~}y1RC4`R;o6qR73yiFbgYZ3aU56x_kc!Ciu~8KBE) z%rwxH!`z56d6p=J%*ACf_hRptEK$_L*Meh;vY~+uJDZ0J4t&b=A7tt;OBjW#6B(2k z#Xu@!E$fbXUK*9gK6>n47d?aVkH*%3=zNp0ZS~H@B{Tr#l@CL>;K!&nPj^Q1TO~{i z%^2o;lC9}*!T#`MGyS1SOH?`_i3A*G6d8ow)@^Y=k)Bm930k?KUsW6sW(-Vx?Xl9d zd7z3)2X6Fu(Rpe@iP?iQe^9!(d*a^QvZ~grW}4%(ERW@FPI!_$spo7&~JK$*4~ z++;QaDsP~5=Zd>@5GwYH;w4_zObaiuY0{J+lT=HS3D6?i1jp#FP~N2pe*EsKe=Q_1 zKrWn2k%7S3_Z*Xl_6|(AZPAWL|A?bzJogMWcGg|!5t?oUqg(XWn=c$szG$&R@-&-@ zRq(eK+$PELF8DM-VG}ML)pJA0E#KEr04^poFq=FEXC~(H$bDjI(a#5B-|b#Eu>jaT zkeRKOVR1jB9LpVT5m#=;V`*D;D;5aDRc&fgY~J^6os1K$hq#_yc`;~O?JqSPSjm?Q zT9Hl#kJn>ipi0kJkA|qfZ8?tNcszaAJuh&>c%Mj5=Qw%ttJlGYm+Rd)kPt!Zk+58t z7hRd^Q%TJ#r7!wXNCR|9=fbtiknytOO3q%$rq6b`~UY8)% z6_>VH?iOKdo(===n{-DtGrUWtb1XTkEL2k|;P!@R)G%khLi1~1GJWiI4v{W()l2u-^}Xy=bb6U0#nLP+BbhH-m$eR zei^bS7fO^>wSp;<^am4s`3}w_qh*=hvk`i?!>Zc{J7l~+iqqZ^bC$H}9OWhQ4rt8@ zw@=DUUW8`c?kFBz^ih554=FBrSEA%<%sVKZ%};jzo@kJaQ2duu<(RHRRhP+SXY(05 zpw_k>k;wE|wSHKevykZ(I@q%-D^>*GcH)9Oi?ytGxNKCq)us zyu=DFUF;w->}M83d;<9^Bk!>D*zNKZ4Z|sT%MVP-njm$n24Q_2_app@i)JH={bF9?_P{ zm36k;iEprK+D&U`5GbE&Btsq{^6H{*<_ogUJj{tmKat#e75gbn55L)F^Or$W~@ za94jc4S3bYC1(u#9^~&EG9>*f-#3hnu_gMfC66`Tr8--k(5{R{U+$nSHc&Hc5pQHEQ*RXZx(XN_`SBv>u#B^lL?yp zvP*L)<1r*huEE4FFwJEd>eApO;9oY; z4|Ltr8nnYGAAE;S2f@5+nz&@)46pD?vXPeJLCv^=SD;l3&NajO%_>Q_o8npf#LQ10 z9`6btD@%9nYMv!BZBkiLEZc2RX@~4=(IFvCk5?-VxACVR?_M7Y6r|>)EdJaw0_3!X zs3LR{{XY!vB07#|6J0CIP8%}09BKulOI#yh_snOUei=A$H>7{`Lcs`iz3yipy$QSR zrV-xSCB*yuXoeeKMEB&iZP+cNW!QyY>MYTPSPf$ww+{TFOff;oXv-89{qQUb;+Jpw zW{s&EG#b>9Hjh@r2pnB8OjkVgl;~>zS{`~`|IBUxroZ8#FYc8=Ye;U=y2iv88xZlx zMQXf_irVm7+Pk~heGSP|ERzwEYtTOaMV-*AD{qqorOHC~!qu}I$yV&Cw=S$Fkwy5W zA&stNsoo6rF-&JU;ns35W5&PoV@K^4(Z%PFZ3JbM(rtg-69Vi$ZV69pt!K?TR;RBM zu)*GFuvp_e%J|>A_cK3=>}thX2u)t5hKjFgr!qUDAupf(E%)0VPkeHpcNuyxq>vlU zBZO=J1J>ARz@l4S0m~%$Xv2fiosz9(YF~fTD1!MM&+s9F<4gU89d9fFe&`%8 zod>X2`mx5mn^nKdw=$}3PgU!j2=g5D@i5V*Q9xDufIgkOV%}<^fSq`o@LFz~kK4L_ zVHfFeG?TJ>z0w&KFT|}}8G-3_67w}3m1~ShbZMDla;a4b6RHc0sp>mziJ}`jInrU# z;Pc@bLy1AO&Wri}l-My7taNka$K^aW>lL5e-jp6uZM{iYM2kek+eD^$;kR(U7 zT$*w*v7xcaxTZ1Lt1jAicQ`r787z6B7FOmQ$WWH>b2*noEl96&%3%8^}>a7|u`hE;axc*+0(pgV!B-zit zkVyPRgn@t6kxoH0JxKVl0Q``pu~&Ew8v7s8#FD*Z^M#nf&~B6k21>k6=->Ad$Qb;q zqS*6^nb~{C0FGc=W@k`#^D|Z-eU0iJvWRsmq{TlR0`V4#rn6|YBbeY#+@_u}at;Wp84h6L9tgF{MG7dWW{?(y#qBe-YwraoG9Rjoez9k+wqbw@<8 zWB;Qa02w)gJ3;yCZTrvXBA363FRkcy&q=*&kMEv{I3ej8Z9fxfz-_W3nf$QEU`~8+ z?fYen|92tOu1h<$PhkG=mtQtda0QF=`)qBbMGo+o#|0@-u2uh>Vz~_qu}z?N#~6Xg zEN)Zh7(?(OULQNK>i)V@V(&7O**WTW2v2yNRrd-l%Vic7H^pchPlOA%se4Qp=A}3R zIKjXg&K-F8hnqmQq}7NthA<9?G|b{0k&TbE_-?zxUxq9)(a^GwebxOH>|aus2gO0< zPya*e-$IXQz{CNh{~-*InV*v!{J;8h8iCqMLu=~&on4P`r`tlZA9?;SfgMI(uB5#X z{(Av8(w>a)y!w|yMtH2iQ{&$HlQoNQ2mYTrgGqA|{@V!3)7UzAr~?0GE5Akh+oa;1 zoWZ)+yM`l|gEgEcNi?|^_F8mDG10i#Jq=`L_`QsmB{?CxY zG^@Zr(I(zW{J*Iw9AfSN6!YIRdsI34zs3A-L)HX?{S&OG$ITaFKEVGH^Z&jxwl81< z{TmJbKi1+=q`%>c$1L!l9uEA545!Cw{N>`2?%xM^jQ+i_xDMdBqK|p?Kae0CvdsSp zeGVg%n^ZeVQg)8sGu`A3DSR7b=FAdiOK0Y`v{aRwKpg{gmvKHyQq#-vsW= z%!!RMZ+56`dI*WrDe^4EL2H;B{Iw{TlPchgzG^>=dMkLJF7@KJc8;jaw;IQ4&fsdT z_vMa#ar(PNJCqXg3wdK{CvIz3)Yy}woA={UTsLv2H(P6JGAN_+t4zzG%b6EBvZ0)87=rZx5njhL4A8%@A>MR*Vf32ogg2-4`zgq z=jGY3MA6->_sw2SrZ;8%LX^qYEH$91+xUhMK~gjT!9Bf=v~YUxNKO9TW%_wPvfEF_ z@0~WwKkj$$its<<*sj#s{hV}Y*0rnGj*e=Ia{3|QyCoDRvLVcIB3EPQo`Z7gxzcJLsBbWk;I*|ZNm*e-{^|^rfcKIF9NcV!Z}f9gY1KW3e^0dW9C@Px7<=c8hlD>eV#kZU?t9eNi0C_NiK~?ET~OHuok*-v!0O zX+iJr{Di2P>kS>mqNh<@;1i(T1KF}IXj#De`cSF3rEuLM6QV+?#YiXLXU_!Pm1f`F%Vncybu3$xA{Z*ZcF4i@19)0 z&BB2jGwOV~4L$?Je zz?VlPJ7KMexE$`#L+_g@Nk%wr-|>?JBe5q_5$b)hiUZPd!F2uXrfcT&56)f_qU>z< z8=u+nZ8r7nDyCxhzUQqKZK;Jqzt|)3yT|4hc?ECrhVFVU041j(kI}KFHMrdxH+y5a zb44cf!QB$%;7m}3$yO8uw5ktU>9kIMdLk3YJj|qBAN#BI!|?bw>7_PzCH&F>ER1t$ z#$I%Wg21iKWrh-1iv)WVY)Z271exZYrw4e-5;W%)0@;o`=D?>EA}55}SU8=m%?lGu z?EohuhiU}=1uV~fcoq-{w3hJLwDcr zwH;T8rY)@JDwA6m(3|&Bswgct>O(2v5B)cr92N^WUU#o9B=soATO6S;vc2!O5nDcm zBN{s=vEA=KX}Vh}tz|A4@qHgEnUXF5mo6aUr)(H6ANSss@b1kw_3pGRwv0Espv<5X z-HGE$4)WVk!Dn#43W1m;lgU{vGA~1&`!XI_>Rzs9$;`Zw5%aq$xg z&v}ELy?NOkGv~Efg-bQ$C_099hhItIC#t@LnW@-i7@=Ak!vh$@VQJw_@~6GuTV?fp zl0YuTEw6?O9)07xwfuDfjdy?{X5omuff&C1Yn&HH!?O7ycivRv<~&uMLIz!qv$82) zzRecRm?mYFP)wGho;3Uuy|0L+6uDC38y{Vxn4fP%=;mU`sZ1R|N*{*)%Uu6N=SL7-zyVV%qfh>{aw$g!@_^qq=<22lI>;+v+gly_RaU$)B`(L&A zIcqnzd7zk(pySk%QOLeTl9z2@qO4`)kb~6L#)aCKd~MW%RcHOCQPkOsp#*LgDZeB_C)f^(3L!5uf7l zoi*;1>qx&yh`^tyPb`hw*A^JMV!}TZIDNc5_lcfLn!4fo>KWqw{S_R4Z9ysHH~lKQ z62UQV8*VecUZA_dQadA-QU2{ub<0St0PpiAjTVP!*JT2?EGI_f7fI+^c2Vx*2ZU`F z+NvB37>hcJ8}zfS0c{@?nu!|C3*ruV?TFc2y5lyD5mydv*ZSg(k-yhp-W-Zpp9uaZ z_^5r{R@nxF4>dCs6c~S?+^w0MoNG#ZZl1z`u_?A_a1-*oCVFV($>Rs_Ms^-QkQ*o*@dlzdP^gMQbjPtP>;W+-2U$H#nq$H5>apwHaeThsou!A^ z@IvCLAn=%+so+Gw7V{Sk;PTn^U~k&P#RfanY-mv5N_^Po=7l#kj_)kN7EHxJ=2tL8 z?7+OzKyNv$ePh`WQ)kA)I}EXwF>G&Ah`p=R#`Sa99ZPvVdx4YeZiU@Z#y$ldCz0iX z$s3%yq#%*^K!54~t^UFuP?0ug?(e^Rs9y zXg388@n7Uo?LH)*zDdLZ6)ax(_V4+;@Zv}S+P zh2Q3v#I3x`TJ7&{iW_&uT*@FTOWcI(;aYFKL}J3H zsHVoYVQ{z1ydi<&i*j*sc+URTySy+g)REiq)9^vDaEux(#SUDi(V4#vD>V%9_Z2U=G7&;GCi@6u=sI8 z{rFN6s!QsjO_#9Lab82u`?2pRG$gx>KMLaCA*c;Jn9T!wNgNz}8NKr2yvaj|?FRRo zZ;k7`IySSmFg#@ka=kPZ(IKs~RF1sCoAVJlwEnF;N^ipWXH6_?eL?Q;XH%P)tHwtu zyLs;mcJ;Hbi|LGAWC0d0p26Q*Q4R`tP_|OAYwCV(W7pLG{DFLl3;Ck*VQlM>3Q0tc zvV7X3oNNK;_yksM75|ESsmrhK)i?G4hsLTFCrH;X>!&$wMDfHh@msB~*AX?jF93GVsIeEIZa`s8>BZ6=Qj@{>A_U$)Pe-jdH# zT(Q3JMo@+Tg}2{r??*#m{3|`QgEHvr`ZalaE-+v;V9|&L4D|U96RiejSS?xo!vfP2 z0(>L*D=y^R#}D_e6=@yO-y*A^is5hPnivARQV3+@}v`2jFgQNKL=H&rhQQoeWdPi1|^PGS@vIwYn%<>rULU_ySMf zsDX4ZTSP}Jae#+5ak4DL`UlUZ6)dAbB5?G5^?_}`j;iJQ&u>`?XvSC5RReCrr|u|Y zz1!$F1NT1wJ`a6M1+GD{=r;lczp?2+_|16z2U)oXu1AIC*P#vBF9r(k1}+XFp2h~w z#{0+sO7p_mL)`aA)!6SQQe4Vk@$9Pf*8qK;WqqFd)@v)5{loEnDT=4j!%R9Pu5Uz+ zcMDM8x>nw<>VM6YTP@2;0f5W?u~4fE{Ci#NOK_~L14%yEu=F(1?s&>`Cf%leRY!B{ z3&o@Hc1ghk|7Rgp;N1Du#8 zrzrhqzi_w{Ts~c2)j#gPnC$X0b$LYeVV)v2rj|7mm?7 znC{L@KIwIG)qB=>^ICE*E^Y~d1t2)^FLm9x9{!R*85K!YC;fT~8yuAQS@H0@rG8itMK=c*+C)MBM6_HN8rz$lEsL-Nasr=C!+L9cFu#R#;UU54{-j5S z$dWtk$}c8DviHbRCvcxO7RQOP#=!pN8a5Z-X|W|I@$8TVJ(3Kh_CC_RCg64VVKQx# z!aa(c(_fS9e6w3jm;;KqfMHV0cbp}mJQHq4VNf#1m?K{E&R~{B{Td*B+6z_ip+{B@ z`r7tkOM8r_$3zju-LsX4Pfp*h<6PFUX0qh=nE%aHRtj-9P2(G7>$cyx zzD;(*OhrRXN1GkDvhPNVvBgthSiYDWgnzauKp=g>+aR8RG%oS70|=RJr?S)avd%bF zxUxJB+i`G3&!$Sw4Uk_M^9x{43G)hw_0#M-gDzIA8Jb>ef_VLH!QOW{UcVSiN<`f( zH7I^#*1Xl+@fvVMy-J3-LWfi*fK^KI>;Ga0{g`S)YVe0)F9iZ&Hr3KPb(_aV2jyR( zIpSQ#58OGVEPx1)N`i+%c9|I$PEfg-7+jh8VJGzK4beT5zWMpI*m2dZrvs^fN*}2& z*lwq9b0`;^0(Tv(-K#TfeR{Y<@-??Fgsy5t!e*w^n#9Y;qFYjvZ!*!JhNZZBdDxEl zOc&|x3V1v=1Ta+zt#|HCN%IdCM4Q6|MpXojhpcKsNPsCw`N~u7(0vj;4gEsffIxn# zFY)u2c##I00&>mb(LHgQ#puXo0n!G+mlgTwCK&t8pD~6N28=O=<6lRYMjw)6gFU!O zBW2d|RPkde;to9FfqvNnLS%7VIB8teXZJ;+5NU`u^6%`#aCFdhie@=su$$b9PPQnLx?+-Ypl%);(V zHSs5*p~lNG&cC^Wv+}-Xfst?^mqj7xu+52P<-K8Mk+cpUT$7=a=yWx=I;WmH6WUez zrXc1rH*d2>^ie{E$qrohrH@--ZSm4&yt;X$^R6f9TG_7+5Zy9i+L}cs&2C9u|??3u@N$LK`bjN zIqiY#gK}Q$F1@@Z?5h(HGrKn{Q#*IHATwt_-f+;Fx{8R}8ysC27!66H5h~n-8&DYv zSWF391ob)2g+{)nD@$bLmjxVK8J2z&l~fgx42;JOpOb)@l-4DYobiX3Ok6YT#+Gr; z)QVk@BYO$V&Q`;*kdgB8IR68+NuN}Db&VT?Wor5RBHhXby~ZC?qWKx`yZyVj(25yC zRTo#wTiR*AS#)7QG*rX*nFq9}8{c;|S9y4P-&N!ojxl)Nn9$t^dx?_=; zv3p{72j2EIo>naPaHrf`8BrABW7{FIfYsKS5;Ek_4X%TjN@FM;V!`FEv+Ms%!FVg` zn)i}cR`7jrED@*VtpP5YFA8UTOCk;hddjY4CxvV zNuGKj>G11j-IwrdbXnif#RSCje!4t!c0wBCTgF(|O*8W2gWRl$AZJ??g5jswkcY(~ zU+^M#^_`_C#2MsZbsX?k4n@O>+AadEAPiaXBQGcqESLjOZ)Be-FUV8 zx30CfZTENfWe$5rKw+0@4{B*^^_J@88G#g;n6HG&GmKqZK#1E#N0tdnnhCZ3`sm|R z&;BgDnLLFgWgeD)2un{|gkc73MjA#Nwd>VAfXK9|$i@4C7a7>L>YBIb%nGmHNJz0EVSg78kG_5ci4sWNkZP)tt+hQAWnFblj{8m3LtJCiNi_P<}RAwhahdT(e z5*~&cE!zRCuJzYb)%VPHb=aGa^B?>~8Fh}&D!!Mj#>c#+dw5iDk{k|p^Di3;buYJP zcmG!SGA(zISYP`!+2)asu&xl5th-$-pq12)sUb7_%Ur@%Tx5tH^CSJW7o8hnbnB1x z3=ATO`a}9H!oT;aGf;W`(2j_(mzEdl2W=qYsRa~}XsF=^dwtTn3RyD^T!Z*8pnWPt z*GykA*T`CjvDe6OuI9yx-dgouXN@Gp?Cvz>!jMuD4TiRk8`tjziR*dP@%-FOPp-~> zX`pstuW_#m-3Lc3!)PE7`pW=<9NO(lAyisWSl;5`_0DnU4*t=-)OKXS7bx`@D8S9D z{6Y9~%yrKOh099?&s!pYoNq}#Zd4DkDJWkdDHu!Ki6$vQY%#ZyWH|99Y$k~P8%51B%L|r^k9ZN(q&+dE0Z(LAh=ewnZP@Dg6>S>w-R$H`v+~_ev>dZOt)vU@ zqc5H&2b0EOke2>S`mM4MwQ*M3zmtsRt@@x>UtgluH@vRll62T=$8@~e`ycEcW#3O* zf9;;AR)PQNtSj4l&@~dJ_bRf4Q7~guv8gOH32#BcrfsT*^-J5ZT zA2B=kFg(!cAA_Vd5{3d1y0_U~SB1;XlV%;1#9}LthgiV}>pOq4(JKw{r4@oY+D*R;0?>t`-~ra`^?02%9|8q(xrc^wCp_uD zn56+%<}nX!igwbq4-;w^T}nHFt2vT2(na3sB}+e9o-4T^^{o!GgqcC{jIpFvU^Nux zzd6)xl(n!VDTQr*V#yJqifcERJFW3U&S&PGKBaG~FP$~`l#y?Dx40aHrHn)kZUMs{ zhTP7Sx5TwWR6DTy=9$4NR3cHUq}cjLw@@2Jl=2-U*|VPA?ZQKDV1VX zT^Xi+J=zzmPR0(YK*QQQZ3dOKPu;%KjjZAXTrEyXyo@KSi{1EZzMS$>-uuedhrgQ1 z3A1?w$h;QCvM-s#vk--m#KzP=(=Y607dRbWz>Qu%l)2bZdQrDdTe{I#GF!<@yaMmv zG(Cxm)gH)WxHY#_aD8^bDIxlMKY`7E%`?{~AK5MS6f0gWkFuNeP{!sItvB|R{B0}x zSA_WAxJj>w_tZ`aSF=V`>G(Y($GuVpV=c#O@_rpsIViW&gH=7msCWXEzUUH`qgt5+ z@n>{t+zY4=^UKPN9>i|*1+5$;OFERIgBOsYh{q>3VU=b>wrkvvy_w|WC}if+pBllg7&h>!NHZ?uPBp$=*BURm#oM zxr=s@wxwravyzc`U2hm0|Dc9Yj3McE#O03oY5FnvQ|sQ@+_2}9?9+yhv+DwCkr+X` zZ#z-kFEVcUs}v;qiFb?4%w{uiMu)IN5BG!g4^iaDum3x!RZxhOIc%RZJye zeM(_3S)uEjC7zE)G_QnNl^B00*)0pBSfQT=r8cDByA z)g{B#rOwxnKm2=-efsCpbJKKFuPCc-H~BihKQ(ui(7T|y=)P}v{;FI}S9vcHC)=0| z2~G!ISg<)lIv=MQyPEF78nJzVW=vr}ec;Cl9Eu*& zY-4Dm@M+G{D`N6$F&?UX-4BIP*(MXc)b+haIuOOqS=Q%C;jV1-|E=vo@ z^#wg-7-K)irsvL270F%PO45YwB8>?g-Pd>SD6wa~oga)aWO#bVIInxZpU43qNKJtM z#x&&w;xdV9Dw?_-tJVr*byqU>>8vfkWk@b@*?Y2<{IkXU0(Az&<}Hi zqBmRHPN2srrvLFL#YPI>Dvro>t-Gxg$?)$)Y1BA*6GLw$T=+!Djoh?2;Ulhab&ZHy zy?gmV7YGDvMio)qycqpiL?8iGyVzPcBj2kn{vWA1;X=@b1Zl}%H7PQ-SstW87b3z? z&380IBAIZQZQuP5Q5S-_anHA|2}GM^qsFCcLyXzLXmx z$ko*2oX$en)E2e>Cvbbbg1KKXHvkEaishZL7%dSt+H;^5`5hi%S7U4(ZdLkoR6Mot zF#F$=nypNUuF|YB!fC8ZwN*Y3P4lC9r5ZE|l%U{trTruH??Lma$ML`Eu zL0A2vB#!POwA#A3`u3*TfkW4EATnM*c96v(lzM;zO5utXn1nhv=O*{ukD2)95kOs? zj#brm{w_mDUYFd;>K#>*YR0ih)zzKfqxRrxV5AW&J2 zrJovcSf(+-B(?G|oE}TS8#Cm#iWotn7{p7xRav%i!s;BVr z;?XrPK-OXzz<1fjSR%@r zp(g*lK<>T5LM;Yz67!+kx!Y$Q-m$Ll6!`$NVe7bJK?Gqa;aK0yuVXOLzxwT z78Tc;xPMlI(j?<%T*V+q)p!pZhzPfN9$H8z8r1+R_{F3uyc9X>A?Ju*u0iw;oMVbu z)f{HXu=Wl*K^lH0yDnx;xiP_U_ci4poqUSaj7b>+;lGNa6V5u9Bf{VP(_P|lvdi+1 zcyhk(>N!dBQNs3ljWNjn@B|^iVpwg|EmvXQ7Sd8N z^E$+#sNIJ$pv|yvVB=}x_*;-;&Uxnn^t)1er0+DQjO4`)(y#MHf zoI)YGZR#HE^UR^FDZcaaoVsUneC3sAf3{4W#-ys1@Iw*W&@ZO1cZT=z3c|DWNL5rD z8R1lnHdQq%NJj`o00cW){){3N&!gKmwf+il4=TH-FCiG?MwD6`G$v!hRanh^W%n

x?glfC##_f3wLnj`4m#21;dqxPqp`CzFhi7>A#5>_-b^0Q5tIUUs)hm;}=k#u@uw zkt%a*>IU$6b$JaJ24iXk2#mx33N7oV_#ORKkN#G>KHrR#qv3kRW#hIVGz2kjRunx6 zqn1e)L0OwA7l_Qvj{CW)yMgb>ip-W>$`^?kD)K3AWvy?dT4 zuBuKV0Li|igkpj`F-1>MF=bY0rMYaDPSb?!DhLNTFG|jOIsBoP?}M9HE92_wXJ#&f zR@tY@K|M`rBEtO~e`9bbgW!_P`7-QQn2BuAO}+3j!{JCIJ?j}32U1=Cf3;M+Xr!(E zCdOhN$_Q{sOj|R0Bu%##{O^m2q^VJHObg& zBBQue8*co0J}thzdam!1b41Nn495ent{WtsLNZk`B9a?cY(qS_C{WlQ3PkV+JqTqO z8(+w&FsPNPYz^*n|04(9g?z<$?4`BRo5QVWX_8SlagbbIN3(sj!pv>0)#=;JP9D$J^@OO_X5W9K zY$IrUTS>oF)IIR7O39)9VOPFkc*edNcA_8W0u=_Uz_>@Jt@s*@N?Odz<^ ze`v?9D@|N=)-J3M(pJn!d3Z_W&%zP-FJ%rYKN)Q>ox{3hJDS#&y4Oz)Eb!|Uc~M_n z9cpedfa=!pn{#)e_x$$(yp!ED)ojh5HvO{3^tj&E{LF)_UhZI$yc1_s7nHAgbM1x zj6#Zh$#xDZ<+Xy41-n^C@L2lN4(Nn(N|lYI(rkNf!8&>d@ivUoLbgvEzU`^jEwLsc zKxB6R*weU`F&^P8H|(`zq{J1$ljrQ2@d5pheK*B=xe zP4B#K)V>49!1J_aDDTDCGmN8g910OYA6W?7Y7Oqgx`w`rf`?4;z--&bAWvOsik$cL z*blkP2K7%D5p^-94PsB93GsTb5KpQl$!snAB7BAOR=AsUt~b$tWJDgi>V@rd)yB7& zw2K)T#tlI^{_MA#*{cNF<>l-G{L8P!pU_fp#*cWY6ptWmFHqWsEKrhwd;Kov7ALl5 zqj`u7s+tTLM@&>$>WOa(eBY%9W)6b})EgrHJbty^O<+xjw-1bj(2=5S4vH{jsHzCA|<@Q88bGZsxg})*xMexVU2jb%}Yc0yL{4)hpicmWe28s^G?ugCyPyX5gD-#X7=_Lf%rg%Y>_mAPeol zt;U*6DWchb7UxalCVrN7E|VvsbNawu44ND6d~L50mW}EL6o3r#80I57QpwCdaHrSK zIeW57N4~~Z6P}Nv?z6uN!H~<26AQso<$|T}KFpj6i^UpqDSy@}KlkL6Aw;gtM5ILc z`d`c1EGh%>)J26bB#A#iMwzHXvMCd~>fOXb+-vS;h$D!1Kn%MfJ9L0k8SBi4m~GIK z0e3V7hzF$HN03Kn@%xKEUWnNFJc*+p=x9^w^Gat`o4<5_H>6i#S)#?#+-Y<~<_d@a zs~dz4i@U8wg%Fmbed>zsLx9aW2wz|{+x)+GNmWQDv{`z;sA+JphCbD@C3Ar5Z zV=k&A*!vvkuIX>we_dmG>*idHbL1+OF>two?6$F_Vi|D;2gC-OXAyhM8Rrjz+lre> zUOZiF^A&ZsMAaLVClGlAkWG7oT59OmR7{Cp7=($;s_u5<{0O$vZ4 zOr@dqZA|VqAL!`*ZOLz;q9L-paNDBfCJS=dv$&*>;xeu6?yU~ z?ST&MRc=jEnRjH9>(xf42)hpg4umo04}ZBto=WA=fUXN1s5+GU5$nWlaj$);jje}L z@iGbrBl_JIgbuQ^@2%gD_*hy1pP&W26mFf|DMQXEUsfDBD9>wn+Ai z_o^^4<7is$40$F)!GsAuqhwS8o!Onlj!XBfm8HVZ0DAt8x3p=I!shuWHD2DK&yX|! z$D{HhvOy+ON_B?KJ5jA>0%O%A#PYNMa*UcHNnlsI3hFdoDX7YY2 zk@~$wvON+Yc%?PV5Lm|0dcdEV94)lh6hPcd-5|H=H!Ug$#*GH%s7q>9ol- zzU9(L*g6g>B>klneoi>2lhksk02$dx_~j4iE&r>Gf&fu)4+ByO z#tEppfV&|miO}cR;-71uS;wdX7gP#TYFpG=O0^%%olOQ%>p^8(w^Uuoy|Ru7bjn7Z z_1;atwyYy4w+q(J`0)BV5kJf3Sq%%$gAZ~cta>)jl86|4q*7tClzg>u{HwJ_F1p7U z=?Uf;w@Kj~)01#G}u<~-=jvU>;2^NrOUw#(QAnIsNO}6^*>_01EcKTqNw)aQbVneohGpfr z27Q0np9sWo>WC_qa<7`_N30^TFt!x5{97|ov$9nBqM)!%{wGrFtou7~Lz8TwM$C4= zxD0rWI{PkI@CQ|}#QwQT)nu$3t}dmUQ>$uF%9ynYqJOatI&0G1G@@F>6qNCHP5|;I zyb`$QV0P%^hQBv*U1>UOEu^C+Edon8_eQKkU=VLWg0SxWe6l0WS~~mRjg(wMTvyt} zN%XT0{@&=I&>iE;fHMqG`ZAhG$K8*C#_yFkz5JLLlOi)sbpYfjFAovfU|gPzH+sYZhY}qD5Kl#YlS? z#xQ3B?glXHws)@g_3fyR7u^Ho4vNfof_*rOLx(j*jMY)h3kRrlmFc}L&x`?xi%U&8 zn*OP+Qtx9ABCV+Q>G??sYiW?5T1(q#oi-?Qj5ku7CGGx1htrNzUn*qsA9SAhJrHeGZ0$U# z%Cz#Fz^nXl_{>$7hT>Q;FC1Z+lQm zNL=k~oJkOxJqI84kS$AG#=5q3AEcPgucuY*w`V}y7-$S++!DZEf7#Rdh1gA4x3m6Z zjx8dw)$@#4!CgQs(Exa~xIef-mqI)_r=$oZm5jdz&`SkU1@?R`&FRlrtmOOC^nLK> zJ1zK%!^u}@1}XfdET>N%&MeS*V&Nt7mk;#o>7p+J(Fj}?le;>#yG_4}8Y7qCqUJHr z{wD6#QYidk1Hsc~NxBl3*|5vm_oxX)jsCxkq8k$2GvE&!QUr>=MzgkE6s;g#Su%j@ zfzy+SHKRo^Bcp;;!q4i|e@@=q8AHJ2+YKyRtW|$9PW{EGTkcnqrX`%h46;zV>{5dmMUA|8 zAHTE~I}#59#JjBbhra&4;12Ne;Qz4gMwTR{rq+no_(<4i52MULP95<9ZT)R6+!S}T z#Qof0z4cxvIU&c!$%_d??vZ+frC;K6LC0;Q{Eqn;T3<}-xF>}w5nvcGx>lUFyG8fs zJr}QLwE=D@h+8g6os?|W+%%yu3@d~l;yB(sj%3paM=tCWt{MyF0*TZH3=QtdgmZW9 z&olgcU2;BgY4Yc~qQ5gRNd*9+`GnNj^BlB|2{r~s8~K+>kLNK7AtD9GE3~Z&!S8iL zW?(5j;+$TDNrwQ`(f@~qv7(VCrrqfMpzJe*KeHYBC->RN==l2^txbKW-~LJA0D{g> zIV?%IE0>f)wC`p|CX|s$cZTlgfD|5wfb<4Yf8g#0X+B(yXy}KO!MdY^2NKiaSP(5b zaBDU=*uzLey>uQb($N~hk4&N^JWG3Q-$%t;3e+P@CT2Xu_R)d2fUCm=Nzcbqhopb_ znBZcm%FrX(bjA~Y2TNiv3U07e1?n<-{v%^r^W#;QmY9laTyq7SL*^L0z7LdE^hg#v zTdB*?uYa~8I3?|wH&!(0Dch<-klUH{p7r#d4w&`MN06ugkP=Y9@UvckF5Sk_70|;_ zpj_5GD?2)9ylv&Gac{|?yo!LIy`Jr%quFT9P|nqjck~YVzWG! z`@$qrmrgN!%8k9MJ{K@u4wcf$3V);ZM|;E&1lcV1=GDv|xQ-4l&CXf5G8k>WNhQXv zk4ySoG)c6E*SXT58EdF`;V3&pc$O!b0n6wRZ1jie{J_HETmq{e3ZzKa|J;-5QIyoc zv|GFlWY3npqTW~0f<_fEvlHXZY0en=_Y#KPYrn&3I$jFgFDj2#3hBzHg*cU$wZ1nX%qn{)2 z-ER<8tP`HmQcm2+m!CyYO|{p&I-%o6jv}GDvCZFH*#|EqLSeCYyb!Xm`%#CM;7X)@ z^RDqp&(YZ)Yr8>tv#zW<^TP}0QQm@{Tt?X$edQ-b$1eun-dOIN?b3kKtuq{K zMsAhP9mdxJjRWm`3lNU*)Rwl!uP(s0N5TJIGGT+cIvLDOV*TPi%aCat2yTvCmVp{j zXOj$}_v;nYX$LDABZvzCXHaw)l@;uF5L|F#7G!3=Wz=QSs04~K0 zTV^K{n$nlUbDy9%5VEi^taYsNDK$q#kXvIv;ifuUh)}z44@}%3QP)-n7X2xxc{+pl zU5XZe^q6?b)@1QTemz_IMTV^D6CXKjkc(j)<~L(9TEEu`{1W(KN7WEcKin4=QkmGn zq*AeUaF~sLe|RxIfi@|{(pzaHG>GJPf1F);IBND)PRqS|JqC(62BnH&7Ph`EWtxc1 z`A{0;iJhh`^^K8g@H?n@a{vI^CXyA!t#0^9e;odYFw%lL9q zAo7@nY9RrLdtTfYF0_J?p*d^qUv@}Jt{vFSGqv~F_Dn)g3waM0Mlv1&#D%^1!a)mG z0!IB;29?Hq(k}Ef7_(~emY$TXqWzo-67}j@X&Iw&qpv7n`)7YwLtcmyM6caly7$gN zYJUqKs>0`#m;J6&QQLr!ol@Z#BO~W+%gr9;N2JQ8pKXs}gwcIS@HDf6d=oC88 zOqjSI{EcYz3bigk9hm4KJGIL0YWefh6puq*fRF2*MDvRBZoqrgrG}eI?_If`agmDH z{6M)a1KVUbqZ4tiEo2!Z9u9$~1H~mHd#$}u^e!L~MG|8+V%+2P_Bhe|ofUEO^V!N4 zjlH7tpUz)@25W7Soe-CfX_{aGpV84DwWoB~{&kh>=hOThjc;1EdP1oYt#f z(9p|91rvSU@#G5sF&SoAoJ)sDy%BCDr?o|J;Fl&ZQakuns;h&d`g3_@RgenQNNE=7 zEAv)uAg1qPy@kE`+p1zKrkKY=b(%Dkuu<4WWO)9YOL^0h12kMkiPyuwWqA2%_->WX z*Lu1Obwq|#LP8_i*1|urORyHaMz!$76Z|tkJEuK@i@@1Ekm8$kNL0q#5F1cLS)GGz zqbzEdtHPpFun$ahUS_{peAO;@2IX>|v&1PKiC<&BOBBquOSp~Lk?k#iDR{VavG-d_HU|-wurp139IDFApiqEN^<9j)n9~ z>qvn)^hf{H7;Xp=y^jsDZWRt(*A}%kql|3bZDa`64=bdNz&jxCIe>y!%Rh+d8yO#< zjEwY`cug`O5$T}8=u?t(S2gg-J2Tu?xtmI1p>6J?phk0O&oCQLj-4wQU(i|UN@)7+ ze`{M8!t2}OroLp&Y9Z_F)zKZLq}xrm2HOXja#JUj&?{+5a|o(E4*EtOiLKm}^+h6r zBUrl+QyD&3s?B-iXE4W(Mm{L!S^$LN<;CJ`)xR@J(z-&Ee>%fvdk#%kvd*}zI-S*3 zK{auEL)skt2dT3%B;y@4^TkS%R5ROA&x$j7o>Ed)kL|9u?h!bXnu2bTLyzVw@7VS+ z*`2>QMl|FqP)9bc)4U@%1`IFWpGf#J@tb}Jz(AsZ8$HPGHo}wBM+E++AXZ-HtK3Y$x11p9C726La}M0ja-WPAF; z2O{vA&>m82M8aUpfBg^n??r9CsFg!~w`-LPW9nLiN6?V%VM))ufFk11VHj@G>}*W* zbZqqDICk*{LR%r@bl`L0hrKj2D0g&YZUv>THhY=z8YW!Ggjw27o&K&`JChBl<_D#! zk42>XHojG97$)2C7a7!}YG>GM?rF}!l-smG*Tx4wI&RaGCWP+Rh9f)im!mj1h;iv|f!J55Th(trlY5H2ZZ)Zw4%2qh2v z)b+p1*EJhvs8kk0yA}$@>0w|{VJmAgW{M&HiY}r7jTF+*v~mv?HjJ<`-}Klkv4A4F z3dBtmENE`zW;r)6WfaswNJ>RT{9G7*+XX;UpoiW1146gUA6?P_D84j=_DW7V|M=|a z_;-3`#fkW7_sLXo#q;N;%HN)VWhw*FQRD?#GkylO>?^!83NkwGDDoXUD})lzD+oCMxYL-mU010%GQnX=|fG)49RBW#MtF6uQv(THD3fq zhd;9eH~Sc_g?k?qYPIYTcCI_NIA~FxBe+oDM*;7UmUNJ(5OYE$`=>%5TAEjEn^-!2 z^_{_eY=}9;puYrnw2CyJolIkI5=*G-!%nmcAiO_Dp~pqA@M`OZ zWFck`q2W=kYH>l*<*hlcaq;-Elx*WE|9cT|uDOF88(dEj4OO0NuEhU+dO%g=uK@wr zNTUlqmeu!J`$yoz8q257+jm#p8|c3KVQ=m}x*)neMb_0<-gwLJAz%4KUK@)JTr7DS zeCHAU_N)qpDvisA7CKmMeixVd$Zq{^qrQBH5@H<8&V9rEOMo0sh(6icwmsQCUiP=D z@v5&m1`{Ut7r89L;-F?ktd&0ym;ooPpyj%S4R7%v)kv_SA=ch&8VhztTs?N^}Zj5c(U*+Xyr_J@LB^Rd))kJZ$!Ge3duqnCgB3i&61IUA!R7 z@Cd+jDMbBwZprn8XC~EN@0xyYHd%K~=ae9qq0Lu8eF@a9T0a$)ihlSp>>QgaycIR> z>tlPk1EL@=5Cz{r-4oGH9My4T43SDoWI-qegtH7ke|o$F6%HG6Of<_D@6-Mp>bqJ;S}GHUAdWy``eYmW=HnXlz%e#6hBT^ z)16>q>J>3Pbf~HI z5Rxm=Q9wCyv)!unbVVpiM%Ou4-z}tU-~Xx-HIj%H4ugmmy9ZzIMEx;M!7C`%Y*MY^ zK&rRVvIf=;SLF$-JzPo4hE`SmM>Oevf@zA&k()v_#_c9Gf$E4hSyr=m3brNeu7q6{e#Lz#&~#6)VJh5Q;6M9=bjdg)iM{K8%4kZq*&_pMD*f2?UiW6%mbFX!9R!7`NykdNz>#f&uqWCr~&#y>;=h%!y=<4D{@i#1VHunL8#&#X zd0oR+g+;_}U!Bd53O^rX%l-KD_rEUC&I(KN-O9N4^A!T76-12jX7H%XFozl0HEi;D z1m&-Y4ZT&XSxQb))X8rOCPd#SLz3&dO3)earXc(BL`Agq#;Fh&Rx%1Z^`wzpF}#`% zNmLKw)p^MKvqSp8B0-GjKf4@g&}bNVOgdg;ECw32cAhvc(u{}d9M%Eyg(DFyU*&?B z2-aHP0fzO)Pf0sQ@`-Jcb5GvtBWrFP=QXu+e;=2qbF~oOyQosJkl~vsw52EL7nx7{ z?l88O9h-@9Oxm=~qZ(Dc>9;{h$x5;3-{CZ=$;w2l+T^dD;Zb*{`X%zX@}!>Qg8C+< ziuMUv92T&Fa+^~X2Jd=>@4I~v=djH@qZ2*Aa6)rD1r;-0megR!biof}oIsR1cAc5? z@J^HW3pczu#lL=HRWjP;z~Qj76PC*AM`P= zY|n?K2aq;zYVk%>)O(U zGAaAs*Khot7rOPMGRa8Rd+qcwJgL~X$f_cwt<+;V8SkU^V1!O-UjEyw9c&uds8wHJ zLgbYr#oocP4)7jN(`CxCYEqow0d zNOgGsZJ}jl!8)Sn)H9XQj5qX$u&W%#(NlPPCC6ZdntP+4Aw_xtq7N<6+ml=dv|fKc z*D4eo?cZPbA03UHpox3d2&UE@`tFGM^-oiPko_=}b$Cf8`Flv_+^M>pMY9z4-C6 zjYSRa`lqS-7T2rf;&|Ao7#ac8TI=Dv@9DM5y&z`y`~YjmC1Y6;f1hG<%Da(A2c3)E zt^yS;D($~&JL`7%?J{%Bon*oXotyW8#1JpI4G<)WiqcHyeJ+@9@!05G8;OO+GXq+HnC~6!_*P)Afw5q}Wsrs(IMSSjHRwS!34_rG*cHyHMSBukj(*F1@z$D zt^1%{0zG(`f^;7+cat#z!KFE`e4Irz0`!k_eg7CpwMj`_=TKTrhX%Lv?{E@qg2ocd zB4d79A!vM~uTQx?@vmBV<{3whxw@(1v4cxL5-jL!dZ zNIoyWzXG-Hok{NXm;onV@=Iys)Usfw706iJHa10=1=bG}w4S~U2>aje|9>C)xh>{- zA+_pRjmvBE6D_8BgN27(C1~P6ms&vye^S3^BCqS$*OQKte$|&Jxu&cQI+f?gKlh_k zNDt|J)^*ACT|-G>H-uL}@9sO=WhNMx9=@)4Wydf?4iARKcjbKrW zt|^pH`ZwX*48)DG%|KQQHq=yh?;iNVdlT_G(nY?=5>pIcpouHtw zm};Nrf0B{ab0MVnRWw+-2!IdCs4eIQ)o^BprKcqAEI-G{$6Fi(TIqohW!%tJwK?fA zcx*yN8iX0wbO{2^BT0bk~m||yZ>)| z_MsrXcu9z}d$W8XPQ6 zhtw2|(tpm02YH6M8nK0}x^36zj+LTNOGiGLQSWu<`pePVYaj2?^#K)3#@O9S-bch>yQKRA~F zB_S@bT~IWdKpI!8%{z5f=toOX8buGyYVTN>hBP~-*#-s8$*UMdae*c)%yJ&l-zF>S zh0gWN+RpX%P6PL(nI^}VXMWBFOGHD=!-e1R*A{nAr%t=4A^rJ7aMf)dMlMBx;Z8Dj zNC4*k{|OBJ4b5xROEOAg8e z^C|BjD9C%Nu;T%o9P{FzJ~_A&7{U$*3l{8)@ARbEwYV(7#n^Eb6a?iFFU)%FXjPfD z1}VZh8!#$BB*6b8VNl_8ZU8cZ!QJVJ5|LrJ{cc5!A4&eHNq~|@l)_Cp$=btbFLbog z@!1;jTG6t;9$d>A^20RPw1rFNHPKq;?$4f4! zUm+R&^eO(62kiCyLzh>*XFS}^EfVD-@|CpCJ}Fe0*G+h&;(ji|#k>gW)N!aZL6ON~ zR}HThF7Z!cZ5uvE~(i>?`au)5T6s_;)~WWbBaHbQA>xI zt@k`MwX|T4i35)%z=i3{kcDRI8Ccu%$&6H&eq;;Vsj1z;QZx_%XUn&C=q>u0X5GjJ zHouc?+AutovVfOs@6ch%Pq)Lh?b}f)gE>{erpIlz^=zth_TR_s64(oT@s57Z_F1qp zn!h+4E_E04c_GGRbG3^=w#=y8L+Kr4^_ z*Wq5~sDC*yXY8BP|N#R9%iF59`eF;`7>ns7cwyL}!OfI+RMTXd73fLX) zphE624b{=06fuD(c9=Q+61o5;9z}65*$p-oyx1tc2r-hL)1M`O6T;P{B+YA8NBvK- z3sJ?b#fGN7yer>NGQ98Ecqy(JoC&tcQL*FV2CrEzAn zmJSqD0_3b=vM#hyEZPZWELuWYBkKK*fB5&lvV00Jf0{?BenLe!0P`Ivy3o4MA?F@*D$F2R}&<#qKnI$EW3JuRjAb z3XxZ{oupA-H(k0#x}#qtC?|eB8GDVzd9SH{P_GLRBp!17MU1bNy-4{gZDntM?f48yZ;OEv{ztdyp>$-L z(vJhpR%v`wr`U*70iDK63n@rD8hh4PnICoqMP-%10C15QilQ2*;}$&>@Zr)|>0>rK z%ebPdAqLN3roR^-5)UxI7?;7$%?PbAu&PNLV7)CFZlcIi}s5(D&K z3>4kjx`wEhFEiFThJ9u1u^4yZ95aIId{buNz8KX!bJU8&hLnAthaVXYGK1HE-SxW0 z0CiGcZOPZj7yZ3IhK#KQ7d-sJHyr&6s{P8)4iS0SM_CG760vX$SqX|FD=63UgCN;~ zuZ=}iA@NF2Ivt<`D?YktP9UtHGc$?%-2hrD!UX(x=|>d#9(f%|lahj%ptMe#GG!v% zE{sI+zQugJF{*>6D+1Fb?ouB_*F2@e>7N`1)T&TAnM03R=c!C5#KBwCPFgO`@EsOR z%$pV>OcGF$5rqyxuPBmjPIAS}71b47f6~iaXX?v42l!BB-HhVr9AXBQL47OE+ zn^5ta!F#mf$=u@ML8$_X$tGV+NvgGngy6%Yn+SGlr{zw=qb8S((bt>)@#R8Z94G&2 zi@lj4ZomyoiW3$aq(NoB0R!%wY#S6&w3+dfsz_P9s1Pp!XQvOoxj22-ygKzUYHTCo ztkw`qO$J1)PAm(jGD^s5eB&^q@$eKeZ&Jm`5k|6rq#82QQ=XnS$kQFHkeORP{-gJ` znnrIg+uil%9ycpU`~hQ_$6-)-{>$mHOlM z>u-$<8urlJ6kT4pDc^G=a2Wxoy^r&$2IAZj`S@fR=NXG|X6g2Jii{A?$4I+7tw1OT z0tzKLf^mz^yoI}%$UZmG+BwaRTUnU+6N@6>7#x_v&D1N>_;HzlkcKb|EYVQX#AH~~ zPMyK{Ulm>#9Mk9ltKTF^s!^@2NH6>hqMk|A_QbilXCb+$o%;K(2-D z@Nl2ZeN&);kIBvX93w-R&7T0A?F{DdqJqoxDWqAAv4d^`B~-FMe?KbP5InYCJPw0j zB(F8jz7_KA>nBi_AsGBBM?J$77E-`YprgQRY*iE_F2Sq_dS#3q^6tMg{%`If%2->= zWKvt}^=Rlth)D*w92aupo^*XFzDSh^U?C3%7y7T5?Zw6u0P+n<8J;$Wx=%4^%OOE# z8MV3$O+DCS@xjJ?Naq-GvM|da-|&eY0KFoGq=QM8R9}BF&$Erh=qP~vKuZBOkLnMC z%^V0bH`p0CF9?e=M547OmK|1WY*uTPsh%J#EMN7R0r*iR@Cs`1SJC9ZFzSFr(|Hvw zfe;fQgN6`u&vToy=6%sdXdom+Y46Q%IRR6r=JDXmtd~HF|3vdKX-q^2ZQH_E(31*g znZ7PWmFA3A{ADa>$)0(xlw8C?LOy#(B7uz^4|E}odZChq)( zk~Amsf=^b4yFM$UKg;_I@!4LQF{D@&%7StL+C|k`OR#{0s5DZXsi1chtUOe(1YFpe zFu@?p(9+Ok*wXOswl77DDI$ej68f6uc)H~XLO#cx1^t6%Z}N`Q3||(tSq*u8^E6hf z#%Tac><@KJIsG@SDL3&gCgx^I-@4S#6pr~x?3-jze{y3)PN@etp`j}n!9idI_@1W* z%|puch(%7)6R$C98wdMFpfXLxBxS;f@F9(bUuG z`#1x8fJo$wzegPrLH9ZHiAp^QMhKL+S;NC<+2gJW6>XP^H(SGUwqX&Go0}JvT9qA# zJ2v0?y88v13=zEYmme*elxh);R8q8Fgg$8xq*bC#!mN37Q?2(kAEh+@KmcB!(+8F= z4BbB2dCFMBJa_Fp33wK7-x^0E;iP+wRv6%8c!J4H(&1)5GNu2uGREci*q9W{9E)c( z1w!@uS7|;(*C_YcCct95%l44i#DeXVx_rYau1FaBvb2EpZsJFp2}0S=SFUm^N-@<) ztuxi&^I^=2g}FGl3Wo1ojreGBYnRQf;=Y>}=m@<;bd57Rn&m}mg>>oF{txj^|KnJ~(f zL`v$E-EDNE_>RP{XvTm7tWM0M677B+3G8wzSi&v&RKF$d^2rs@A;-#vexJ;rbCQe* zP9u~g!(bQ8k_Cy$Qq-LTBp}l>et&$HH2I`T^$I`)Ju)+A%6(sB@%OQ&S)~MBdaPrj zINIhIoQqcx=7T3dBn4BU{02ZV(u{?5OeTeOpg1BS1~7w&F-wlJTL#T%g~*T9g}oxU z?RhAv&d{5O1#iS>Jhre zk2qZfP|7NTrrG1roumE5QsbgVYzt!$3i~}1ZXX3UY>x`o7Bng}&EBUsT_DJzSu#pg za{(q2)n1Q6#)R0v>Ft8nrjO^~T|wJLw4)2V9;py4y=|I11QLOPZJ@b;QUP4KlFx5& z%!$0jIw7GKMau@}x{fZ!PR3}QEiMq~-1f>5@=nE;Zo5{nJE=i_PNa}AI@hQHda5)d zjwt*n_=@E)S?ykCH#Qtu!XRpK zNon`;)!-rDPW;{O^(T+&&nzXLru8?rPBZ9=uDD}k9tq}=3wwm~-dn&aO*W7#0`xd~ zGy{94FNdBxqlXLdh2*l2+kZ6Vi#VQlks7l7_{Y4U19toOdmW7WJ;>MYE+;rsGah+c znH^0_Ljv{p=>2~j5-qUnkkb%@roanUG{5l>L&g@}hi#X%Ri<739o_E&(2{x^6Yb<`QdWRu3g~DX%^`O+P*zMF*~h zL4QRBJUe>-rYOp(7VqMY`*{iFV}--2vELEa{K))*>C*P$H+8Mv{9ea)i}c>F|L(Cx z;2Q6YWi;*lSjCg9Q*VR2nR{=qg67Ux`rq*A2Lcdz>z_%;n20=fT9ATDmh>V!Im7J! zj%dsG0FoI}`MG~zR|Jb-vj5MZiZkxiR!#w1N#TcHFlyi*NfBll4(mA&59{6CdJ^JU zux?gwx54%HsH3~1vdnQys^tCQoM1~n`=qD9L=en*d-a@(&+I*wD%Tj>A(*r`eFX4B z9jt};(<(H7+UnMpaHYj-<@?=7o{*JyOn=~oJeA_7*g4UoUfAvs>HN4N&Mr1kzxU#i zu6}X&SQGV-DR*zS9+>6rf~OrAIVGk_wEJ@~usNi$9N&i5vp;e2$MLoz{hl?KV!D50 zv&QQ#fA2C^{hzh(A;9AEvlS8(IbcDQp;Ixq*p`uDFw}U+O}f+@Mc(>`HTbuw5~XH& zP5BhrRpeD`Jcv3yah9(^)}rO?9E~C`THr@TS+-BKpr#@+f)Ym+D5$a8{Uwle?jK=J zIx|W%a+ydpdOdbbHd-^ZBycA}O)p3={?3*X)43`6=21s}2_&EedEI|$cqge$+`xtP zU@FSGW$n5TrW<1R#nwCZ`4o2@kJb!rJoO!s`o=EzP`RB)P%XiGAZTMogNw~Hv@EW*mrhXOv*^UuV&HHPP3orllAf=rytu%vHa zE8PCOYg6@Mn3)U_O9F=QVFPC?9ODRv(z{8h&H9SH>PBw+PA{4&_ljPRq=Jx$(nHCh zL9XUtmrJ7S8i4Q8*y0(Cg*W)K{=lLQG_h?pY$d~WNwhV5!DYjX3ua*2eeE`fA8a1R zVd%*Ud=sw2uuWT0QB5J0CN`ciH}Q?}h~$vxWA*HtJfxwPJ|I8e5{9 z<0AQkW#ceSU^)wR+yNf}eehH8wIUn~!{dmuNsg5)`}9}UoLFtj$+)ZvbrA?U`76*3 z%g-=TQiF#R@LJE7^j-eiPq_MZes9sQGIb3pp-&!==_ zqm;^T*-{WSIa;Rnc(@V8zd`LY26O(u`h*@0C5Uath#ycGqU5!-(b&`@_7gTJ4tYCoz6ny-~%z{awq&`5*ml3)U;-j0c6g%tgn%j^0^0A#%LI5 zF#rmgUR_bT%E8ZJl7M#5UqGx4e{ry>=N)EKUW(+B5-)1VPPgR$a|~4<5P5RFk!MGR z*N{FC8bDO|!gFaVkzpv2C_+l562Zh~0kdOiS>N?@VHn}#N0F76^}s1Nk+{x8Z@=0& z&Dk737btH5!@-?#pm>V}Kuec6h{~D9zog_VzBw2Q{hXvWlI4VFA6Z=aW>5TCk+XUJ z2TurE@S}GB(goxTk$?~7sVbpqOLH_@uES^!){#yrwJ1Anpxw^2TufN*%aJCIF3G^T z(f$yn9MYO*ao5}VraWU`pQHa?IPjUm`2Xy^$z5e<_+W(+xP zhhWhJz9mEOLy8eU<{RFf2oJMO!=gG$EM3KJQMT=CnXH}m9v!o&L&FNaHvV#9{88eC ztN^7Xp^FEj@$(VcCty@GblZr{b>r~LV(E&?M2s>3z|4T%hGhKWFRn5R8XKMu_kJ3pL30SX?8m&Bd^ z%{=qr5HjiE+Y4gmhhTQRbOq~=Iym|ml0BVxF7Nc(#KZY^InO#eD4R|ss-+XH`mj!(i^p2f^ zo6EU}p})CKx2CL2-YyM9Ri%5D-)zutf;D^WL1r(AB{$|@2SJFIzAdX^;8vXf?5L64 z*O0NC(3k;&&pJ9%e_Wr7$?WLq_)v}pw*o$zo9H8Q2(W`o6lP6JGx+BdU~E_E_>o&7 zeh^)0LW{UJ24CF4DaoF+kc`*gGX=ls2%#; zADNy^Gf)O~1h*h|d4iJGs{-|sA~^}q~yq~fsc_%Q7=#P%kXH&IS$SAM^Fvq z3qhS$_^~r=jYQZ!*0vREeUO5Ssi$s>)3;m;yvEyCH0>XooN6=17O|Pc7J-tI)75nm zAT36~v*2kcyIf4lJ~6EWvYu7lm9n0N-is^i80odvDGh0FtH+(qIH3_q4C}K(RMqx- zEqL--*BY+s%!muE_uWPegWQ_8Qp9gg@$xFvE%igvX)J5Dkp4^aQybN#?Mt7!<~pog zaYU2o9@X}LWYo9u_m)td3`qkMG%*3gTqbH&rt8Oz?fa zq*!$&+XD4aO3why)G|v}QnCzbX5XkjaXlE`t(luE3#^iN8VzB6u?Uuh2rP;#O$WBZ zq%OiYp+&CNTU5T1PQp;5KTcUEP{N5-Xrcn-v4x`$s4y%*%?6LrE%Ccs2u8&r{Zw>( zSm@)*6Ws@ow(1xZIZwdDxe<*WOR5)QtJ~DRgZLV5*T}(WV|}Hqn7tWx}dZcTl>_IFMS4UMi7Ut<|AFk7bqr|3~t8?Q*q07kQMnPFQy376S z=W)B;@XS*xXWbjl%^8>RDcVntAMiNP#Dq!`h0HA?Yi1aQd&q$V?h=S9a55dlMqwCX ztJ|=XQeSWvtQrm^AsZM@AqqJPP0$y({PzU}C`i8|Wc@lly4@Oyhu@joyns(O3*YDZQke!sA<7n|3W$}NL$@98B|d+hy?Sq^ z9Ls>0!d#<|C{&3eG%^MG*j99awJX9;qFD@DTdx<+dk88FN?@uGcwC-<&-epFqaF}L z8~~l6AX`&{Td%JGazBpzE&ZkZ7YhrMq(!H!)=%jR{oMG+-X4TpNC?<0Nfg6mti)am zWuW)xHjUGuoFM&u7z@}kz`+d|*o{lYE+;bQ9RCE7JKt>@;m&qrJHu*mB;mapZnAbk zNRs+0ro?BBAgwUCHy=&zk%56bt?Dj|S~h1KKBM_74ey&YXu7fz~xC-7?}t-k(g1XXEDD@P$|w0TNwZbKV_L*j(AZ_+P9V7LL6rMZCaJ;PQK@C~H^nGREK?aEMxD$?RX`&4R zi32n#160Z7Y1tX}`Odudv(0@?ktb?w4AXP*%zZZ)54MPfV5xBkXZv53&7&&23HrS5 zS7p0NGpYLmZu9JoFU#FRFRf|Je+OvUty+VW53nD8QAnjPjIZiZ-Dzqf(R*%%q?yz< zp|SJ1w?FUYKLE3%8xekFK0QNPH{=WB%yjJ!1Vot~4==yABm{B8x@qD*{}g^%ni{avVNPv^^?AIApXPUhw`u*~>a;lISGP+1 zORr5>+>!FpKZl>Bd{0mM>|rT&7faRs)szfJBY6b?f{V7I+5zmaOps7}47f_Cl}8)? zeh^}aoDoaK`9Bo-s>GRC>@rFvw{#nIz@$@@5=OEx|C0J*SCwVzrTb`dL7Js>Mw`8( zW+7=-&>poi1$iL7{;LZwvxgzCB-6vTGzqFJ1twvkEdYn5_5Q2ZX0?P#1iX=|W8OZ{ z5B%AFBrV}xK{lzNnxmg;8af+h z|M36?E704X29nLCOqwt~o$F{b5oKMv3~S=)A;v?==a&2Vz_6-2P7$(E5%NLd>Wh8= z8e^h7c^Xn3^G=YQ*V=j9*52Cz;J+yUpq3b)U^zfTnHb3*Urw?RMeoJzeuDHn;An6x z1O-px!k@deKdeo*J=vymPRG4dl}}Km$5Lu3f;50K2RO!cdP96 zE5tvqPg?d%x$hV2*M{;a2Xyd@i+W38sR z%bi&7HS)bHBbo~-8nE*|b=xMy-&cW>GaxOo&Lrhgk%58!Gb5do|GV@nsrr%9hG@6S zUwfaxrhKfV+&A!URlfjR)92OxFhY`MS>L9UC8&PmpOfo)8T3K6s0If04Z2HyXzm)9 zEHjSCn`}=Q(+)MpH}h|%O|J~~pEs1ucOqdmn>o>E14wZC&0B&uf*)`y#1nbfE8Z2S z5uv{N?tq#heW<14Ifmq7zU10uez;?e5ZWsshL@x|%hX#Zt2-xgp{t`^c^rOYk)BZI z6}5L(TNM@Uf!6qEQy@WU5QN+@uQuf;S;+ItY*Yf=xXQ3bnRfU$tr1Au?TY||-!C4k zWhB*(13sgK+#xl*YihUWyvDi{8|?knj}81rwqI6B2mOcU2&A*fx|(~va|_IVHB4DB zi7yu_x7&+!l$J(y1!x7b{;Y#n+)`DU`Pc)ZBFMPHAI@Pjri13cT)1@jB`c{NhxJ4k zJ)KxWoI73#e6-@T%mOqR7I0pA71O4WBzFi03sxDlMOl`6Zy=@&>=_&U;(;~Pp%1_z zOehxY$f#1|H`S?jdIVD?iH}S!dUr@IiYBJ1*M)gTz|Ft0S}{iX+u$I6PyK;9{Rl=* zqMGdSEoKOL3bk+Jo`N#=x&|He{0U^<=U}i;7krzDhjB6^*`Wi99nmppUy%>5JiogSg0$4b@pnC-EzWi$$XmFFXAQzXHqGM2kKw3PsgB^m2MjqEj z_|EkGPKT7|0XmaSjme2FO?%>)W7A2c+6=J%mN_7>?cdy6UE*S0s^vQ__ZsI*)M=(coq`cTmI`t|ltWZbSVHjGA{h9FQR5+0Pu}ziK%x%jXLx`V zdQ}BdXk4%{PZb1WvuCE_@HRH^zO_TktA{WS5S7auHsZ(9TlBbucQLS;!j1a3GJ2n10frc+Bn;3-N|ZCfCNJP7Y8OvQ8K11j#m+QP zp?~!N*QBK(W^UK{#nyULiubktL9(|~^|@9}bBNgld+KwabJ>D$2$gf{9m;f{QdByo z&)_A^;?DAD{CkhBwzT)IB40w_K3K|Cw{$qtL^k&$mlB2jlA%K8%1^kueVk|EysyW8 z1hn3Vn*0qa#_VmC;z{>#c<#Q_wq zPXzdjXRPcgC>qEVnBpt<{NW53B~6`JqWGLm$`vXBK4MQeD@jN(a1;<`2~KEXUMAKM zw2Ay3F{RhpW+G&wrjNvbw*|q{Xb?aY`V>b=J}?)p5k-yrl0!m_S*=hl#|)+3?Of-N zZ9=YV0I`&gUC~YLTD86vnAK#(_TBPgdHn{o_20s8ub-CZ{o_feVl|OBB!Ie%(sk1d zl+C3$$nq>wWsQuAzL?Bozx00{!@l>oMX4oyXzw^)I)-$kP$}pT+asYZJ^;w_kSng{ zNHsUwEEgJsFcEZM%^{0Ev7OCEeeoJmOpGd9$s$v|IZ!|Nzq;ccH1(cR8awOGh#6P# zv-wEL;D_c~=~`>gx-$ADJ+<_XY;+B3YQiaC;|H!b@i{1J6Ep`-jPwwmbJ4s#yX@|Vdg z>RdKB2Uf*}%+T*go#rdC4{u>fn!8wsm*D!NhE7WxQVI&dtSo>497Ys0nKE5l@ed&c z5O$3l?-@rdO}3>Vg&dqojJ8*3`5hy9POcLG4@CE8x6C8TlNEnVz1!bsT-7(jt69}? z!>22?B30s_1Es%pSKj%Y9W|8nj9$=VnfK{*nc(;*wocDwjxql8i~B_O7-s7jaFYCI z%j_VLKUpZg_882Nd)}qQD5qn)xh>q_+66sL)A5cNN!PCw`j>c;b)trsod77?uX}vQ zOHyU0PEz0-Z-7y>EZ-N|?o4wO_+JJ0Rh`qK+GliHcj*=hE}pd{x?J)zlCQ{?*8Xwt zA6czC?`4ZNB)iH72P)r{F50m=m@UDr_WcxG_NG7+;$Bh5UgN;N+G&#v8P&Po+BfYI z1yd;YjwK9si*c;m0v%lQ{jU?PA zMF_7VqZ=U@nrRsVXMRr%q*&W63xvx2`fb87Vi$Af*r>vlPK&Z!O1fq%{n-D*7VmJV zQ=}2v-f(|%P4LdX7vmZ-weYo9k7lrszv~x1`r~wwR$+VHEvZM!ZM%yJNzOm#H$ePn zHMenDFYU{}>rWICX29H<1$oUAv(ain)*N|0(TDs5B>^zd@wkZ7?|*(j~=! z9Emys%qyY>Dnzz_me;|LO* zzBTrvpf}rYk%(fob#}mtfbDP>LAJ%?5Q3aghsWpcjOdoo0p+l`weB@NS*jU`1l$j` zj)h|*5!$-X*k^S%VflKZaUJRBP8AbILQ{hj=jSz!PQySIJ`F04GQw~`vm zg2F|90Yyf^%YG*wpF@sQT@~h)@+pclDi%3RHEONBpmqn#-tmj!VBy#2#RYEBrPI$n z|6-`#B_a+Q8ygC?J6d~TD2u`-JuLV$F$EWLn-VG}Ry(3}u0QyrOmEL{)HKerOphbm z^aE}p{nk{W93T@P$WCJvbEGl}UxW2^31@Om z@obPaRcesP_q3I_HO)^6g!q2~WmB(y`6-Qp{4Z;i#w0bio)B_e`9;={&2jMR&b1Ho zKJ)msD&X^S)~}Vy^j$&iSEY2U%FlN5J{Kzq}po_P`6wgp5{SqT+JXY(|Jx zg66f`5tWXXb=ay4c@On7n9E1Hz103?yw^KxG>&{3ME3^KOB-(Nfrex17#Myg;Gq=I-93}FuW1&zZ$rmsQsn%NcEJQU$Mb;C``%#o)} zorYR1qA}8}6}>DtmlFcAq{HwT#h5hVfv;69i;^swmH2Gxci_eJy!pWpywqc_{c^e` zOtEX>YT|795uJad<9Wfn+3W3l7<>NftO8*5H``2P6VpFVD1;^cxj3BQFX zI}=LJV50^(HS*~^u|xnkEHJJz4sJ^A%@>mJVQkhnsjx;h1?;6*HE3Qx4elpxajLja zU!lR^D%H!*Z_~2ho5VO}1{PjsjFkHJ)UO$VGk&KHW@j(j^-s&e`l;Kb<*wAhVG)mqO03P$BXs#H=MBK zo!NlPUI-$|1d}mhuv%8_b)_ zqBv!4uyVy$?`)aUZw?FBoe1cId5JkfbAn_prL0=-~4W`Wj?vuv$570hnIHj12{VD8GNxnBPI`b zi^wRo)7^p~RvRu}!&0Z$+=4R0^kVIxc=b>pQGb3U)<3@Mzt#I*%gdjcA4Llhqjr(2 zb5C9RX8RTnU=3Zc+R)0Xim|pv*}=*={V}k_ zX&O}?tlp#<(#X+nm#R9uvcdJ16{P_noQY8>PcjUya5CsISHG08Rqu5q7175dC%-L@|G+2akpdz0d8A0uHdK;7zk)DHT z3(g4w+C$4I$;Y9YXFj@ju`S#ePl;1G2bGMOt}grfDoq!J6Nv?Xx12bU(En;aa~Kj+ z^`w*@rCC+};8wS`Z+qa zDwDRd@V4&$F85;f58GPOuyxLk=g8cmMK7{dUcLOy@EQ{N2iZ~lEsBo;>{VpdDC^+P zF6q~zd%--O+x-&=L`=Ms zQt!g02mw$KV|;M29$~V{q~KZ^RWXPBi{&e^pJjF1v=`V^2|BE<4gH^8-JlYXlhcqo zwkwha=A`}`sZ!~PbFiE~ zlDkIw;h?l6BwmuAwu&-d3^Jw1z^OP2PzbU0v4SKJ6etMfEQf8TrAc2FG3lIPyrb1! zgh^r7zG8=&))8wnlIxRF{zEt9VM+;^&_#PR@;7v|SpL30)$tHtNnZrfcxm%A$Gv^i zwAB!=?O1lR-HY0ZJ-XeQKGSAuA>^%)6+2Q&zf)%|x#}C(?Y}ej1jsWf)~7|hNt9s{ zu$K7kc^77U3|0slzI5tpHIcKhs)W9cK0s2N)OfHW``M;4Vtg!+x?M)}SJdj^gpm~~ z9&Uh)z$kJsZ7bHF-RyiHw$P&f-|s0tP)of6WXZ9|FGVd})}0q>A5 z)Y(<_jTEmw;`GR567F$#J7cm?ea=#AR1y+J83hnj_Y&i^<;XYve$*7Ue)UEb0$-v%FiDzLI`Xz#OB>0t1*H&F&z42D?$k>Ra#HR9m*yLRHOH z^%aKp6jJORRO{p> z?yxN^Tp8ZJcrgyDw+l|+4;WZn5IVblj*j@&&w$izH-wG6l%yT+WDf8=TExhn5N zyp}3g8d+`W#<{G37(Z5Ln1Jx&KT&Z}xeSWj=(^cHYRiNtXMa|pAfOulb=xkT*BUCC zT9+7);l`>!mI26t0NV-t*?8Va&L^eim<0>pc}?Nw)27C;1D7)*qP{{QC8El5mMKdF z_*D+?3~`#}O0R>rKi6!o8Jp8wok}fAPj8;&zm6MX0X5)Ezk2l`j9Eqj&1? zdqcYio*SJ=nRZNxvvb&nX)&tMF2TEOLs7{5-&>H`y#^8MBE_=;CKzvaDC zEW1P0d80|SdPQ7GoLSID1rSk4q+h1uU{ui%<;>LYGKPwAa! zonSd|-eCB5=q>v!qb%NKG4Ydr4nkFmRF1iWk_$^yZAU>4H%>A16D5PlID;BFH>Q6c z9H@RGyT97tzqov~tLHt=2fVx8;$v*U`F;(gxfXYwo<0rDMYe}rUb{UF-)`yMAsS^M zYYn2Ud7t*(4v&f5Y}}b_kEy@YrO@aEarM|lUeQe?)=i`f)8}{=$I?(cd24XeKTePbxX@M4x_AUlU8N$ZE0XU0Y?rf?|A0?VrIzJgQfZ!Nwuj4K}A-9@27YY>oiI< zdkbTcYyb5wb6dW&g|b%sV|2FqVGDKIR0P!e)WhjGYckv*teyVosk`k?%fHQ5P@=Qv zfXcIEoQP8f;@tlC@yZwQmz(k1j_N%}W)F(hxWa7P0Y!En_aY*$wgt~r2W+*JjoUG~ zPwcjj{ZgT2#D+(a7NJIhnAe$4g%D)ywtPOjGEId&jp*%glbL#Ko%%!_2mI1>l}hN2 zH$Bz2=&g)!{uG+EjBF@Ky;rS}EIU12-cs-P;T< zrM+0|%G}w0exGC;-i7~f18LO*t{f`B2CfuCN*e;rLGTQZxbE!Y@Hz4+ z3SKW9sysp3Tm89g_j`eLLT)axTa~qt;WZCak0f4%IwinSF#HwB0sfqN{CTr0THEfH zyXitCf35#T`S&(`B0#QDT{>D_{qcRX^fgwFL4s5;%!F@}}SPG~!1e*Hpy%z^u zL&kFNHejgD{!tc=sw}6~(Emz%>!7&0rEioN5?lfVC%C)2yE_DTm*50865N6Z5ANT-SuMZb`&StgyR?IObSyEg!iOy;jrXdu zq)(%ip06e`nf6#ULan%0th11J@SCUvp1So95y>>DE;NgpDlhYPu=jwKL;5JG&j*(* ztFgD_GgGNg-^5~L9f5T#hjN2rbk*JgJjsqX(^H_*jSTntIHmTw_&|<)F5%A9-S<*t zT-Tae|!ye?MhrzYe3LpYnLkDC5k#6mq013xg>B`F$+ z;d|?{PD3bWv&X0OcXLT|>nD~4X{ZI++T9ZB)mgyc=oZxq`bS^SKaOS}IF0 z*`GWvbs!j^N%VDrr^8O4SjEw89Fp5F>y2Cb*7b8? z!{zaEu*VW5rk7D~o=9A}6-a`^1V@9^O~G8t{6VWl?-^vvj``9bJLuiV1^eZ55^>sd zA!mq$KqWdmLsrTmER@A+mCQuaBKyOFt|{!&ym}oWr}iS;{iwf6xuq)`Y1J>>%`~J- zN=a+}7_CpLRvNx~{n=RoL&9ff*wQ1tm2IUV$+HMHfJOn>bs{U2Y!~4xd#bdjl0a_7 z!S^8JuAwt0k8q0)U&>xlKH|2ZLS~XE8(0>P-Kme6>Db6YxPG*8r0&7nqcn~aLtK^n zHOVA_D3xW5zZABhs>-6x{Oo>6BIiwe!;7-kKF;lyD`gOTM4shf@6v{P(CM3=W=1&k zR3%+C1#R#)^ z?4!OY2!@Ci?slK`_mK_DQ`sB!vw-C_o<3j%UBk`MHq~~%tBcdiFgZrT-SJI!Fg3&7 zqBbjA+Ps4E>Fg!mqv3I2lf`h9`$$T4o4$c|0unbie` zEc&vIvnNi|bEW}qb#)r8H!xAksH)FgL%ll}=4RX$<#CclytOR)SzM4Adsj_n0M~}y zHNHx@ng6wU4mXwXGwtU^ic(P)(`Yk;PH~nlyGqU-rqPgx74L9TQcUV*aD@@6{k6N; zv}2i&kjN|%vki0bbh)Pi^Ip<+qse!Tbx3@4bR8k!xv97b(?d(vTw4TNW}FaDj5$v~ zCEAm~hxLSH{7KlivxFG&0s%vCRYJDijQ(8zS2Qv2IO0d%YX@bLV+Nw|K@Y^$bxKS7 z$#tFpB~{cG<0MnXO@urXcP6!IcLM5;s&R)M(=krnwKiV<7O%m z%~-GIr(_8C z4wP1OONx4LSTE4m%pw{ms9IIAjwM(Ep!wP;O%3vs6f<*95>1q;+dEE|OV^d24D9?R z0mGp3e^_jy%{n`E*Bne#7K1L*Skg)WHf*}~{%3gq4eUl_>ze*-f)d9CbC!_Ff_gS} za!yxu(QYirC%bkDrF)T8^qX0;Fg7;~F{oKMkC(zdS*=HkO2ew;0u&|g3H3$>lf9Wn z;Ly$_TI6Dorz6&r*2J2%p^Z~XrEdaQ z65Er)u_>~zvRR0WhzyXZVPpyV2r3Q|=pXQ$@T^kRi;GJQ)Z>xAHRqOo6DTLf{0l`O z*d%Uuc9JLu9Uq*cBxDLFqFW$-wP@c1Ad5282Zs~tZmbjw&WPwzKnan$lMwNOZmRXT znBslyxk=DmVFf0*qw5>}P2EoF8*6}BF@5Rq+l|Vj+~Nj`n4X{#tWZ$H?>UWC)s_vj zRKwU9prx^#u6+NSCY1Tg;W%_ZQvHytb?wIiJI9@jGhR8t04zff&&-zBc6Md~EEfbBSc ziF`|#7s#U*>3IT@h21ZlBaKVJX-lPtRGsH^X%z|wylOJtd61gzn61pMY@O3Atn>*? zNI014Id5qK=*T|R6b*g^iL%C{pMD-r0KG}_^DVKi8&#=MG9LP*gw;V;Z`sWR%KUJr z>XYN4xoUCnP3d>~Hiq@eC&l5z>UZV({x65 zlQYXM?en4f7EH()N06vQ-hNV;$HsbHT&gIF4B#&-H?HyWk=##Ol%?CKN}CG${`P;Q z%%muu0~bZ~O64*0TT5MnEWZ(sQ!9~`V!sx4;!!)COC?bD@$h}u^mijklzDSCMO4n9 zedJK|)61oQ-r7z2Zo^7t%TiTO$GKecqD0KyIi}Xpgjk8F#tia33yk;yZ5Jn?3vhc~ z;Eu@h_4H5na~gHI%%YMki&2owcxRf#qj&c>7|h>Fg5E5a@_bF-t1yO-j4bHH4Tp`c zr^`*!n-AY@+wkGH%M>N|WZ+y>imvJTcRK=*)c*e6U`Z&?HzXbT2S^o1pvcEp!tY7@ zQ!>c#FbitIhC{NewRZppe_gp$94h+aw0}3ql~=|ZeOsD=ejqC58D>4OXmh*$HQDwq z4;dZjgL5s8wcm;?bTD#+q8hX6+dPwL(qrx7g7Af3hi#RHvsZlInrm4e_f=a5F{yZo zNTI1);&_t25EK^JKKp_Yk6bsZO}^NJvilHJ*UBbF0H>h^&&9lp*e3_nkIoqrkm#s1 zh^Cj}M^O*?+sGgYc2NA-)QG0$Y+k#wy`sh!^j@&AGu6|#BMCisL`u`D8mZ+VOxG)U zy2^0#&_=9b%y-P#ljzJcG3Dhh9A4YqitF~`axz~<_(F2>LGjK-Q*7NezgA2UcGGGb zFxZyHD*D|8_xN)krujyRtF4QtU%>@iTljHZ#f9r#>MncoEUC-t!rjgNud1udTAjg! zs^C+yI)I}Mmxuo(C`f7jSIdPiD_hnV@0JTTya!i8y!g7sO$znh5?eVPU}M}*>lB`> zcr(tkl60gH#J@N zuFx#@kC!KPMx5{rZw%&X!Mzmnay)elvU04hnRj4(;6(k%l^L^Xk(1VVXT*m+Ir~a_ zyR?@TRv6%RpS&K&e5tl}Emc!B+MD>Ip=SH0%c1*@V^jsNj7BmhX9X8Ebl^qnAUT!l zlvjNlv-!B9mLwm@7z%4hTuzogRg#-0= zi%{rxcCu}>is7^Loq^AC(l6B2|A;y^3nE8HQhg98!FnT3MqY{Bby8F}utyMZ0(BmO>BpMCz6 zXMct&Myotps@w=V?6!xBNCbxQ1P!-|Ab3?=SqS)@2FBE+oQD-mtcK^C1QiA+QIzI#P#hhubDoW5&Z9Wu82bzdlbDdf(wI$gEVWcV-20Z9wS? z55>rNZ7o;MwX9Dt^(R^JG}g6V4Y>5fu(B`dtoEri8j2A`**dY&W?T*4ur;&+)ls!Y za&ywE=`IS5ttc~v#2qwC%%hsqBK5s$i?lJ2Kbn(q?xOU@4xyW9l|ABpf9EN_OL6oO zIe>L)rg*J{y^(}OT>f!SwISBE1Oy);QbH9RYL)K|{UZ~-RYgu6kWA*)a&0z!Fj%%u zN)XBEf_7_TgRUBASsqt`URuYDSURd^q;2#^LKF|Bq@M=1s&;31rchp6tv5V;ixG>8 z%MzTOOKYo4@l8X3JDJilSJk4FMlgllDT{4LiH;4dMQBy(_j^)>kA?cq%fCAYe&LpM z_J!O`tB}JEgq#GCth3Ine}Ip0SRLlREOeF|caF@zc`=K=okwZ{yw9iV0mrI?#GB{P zXBR;|%{-BA9#ivY`DMM@JPd>U+6)1Il2K#H-H@9y7324bUuxk7#cTS@PJ?!gONTRf z=OZ>6M>hu>4)UTX{DVNf@>)xVPgXhxBzj*)FqQ6v-&xnX)t-&o_foQ^;uGoGH=nJo z^r~&Peo+1Z3?|sKnkp-P*Z`*tP|6=nQ&aToX5rP$%F&Noh5I|AUW7_y4-jXLc*x(( zIxQ1wY(AYYAz#FgL@TtdVmtKi!qvd7xBhhYIFWVP#r=?P^t_u%;;wcaZbn%~R|0LIE% zJ7+k(3DL5WMY~bv*8RBtbdA(j>olZUtsR-TX=a&jWr1R9z~|d}=@b9JG7dg-`nXiIuP!&OY5Vku}Nv{U_E8A zR+=xdRLC3p`w7bXSJR!Y!W>V{nC@MvULo0&xMOk^v&o;h+U<@+>V!BC{Ky2-k%eh- z_a$;q)3N49ZK6+2^@n6kM$@>t0 zmxy06(Xb6cX)pb!!AnmbE9Rhmix=U=%8}}|SYKs#=4&U$-o3ivlD7)`+h=58>Qs(< z*F7OM$f!aga#A)dQWMj^s(aW_Z>B&~sHc*@6+1Rs^TlB<*MWIz@UzF(Mzy>u_r6&f zR{>sQ>QquRGAe*ZE2SpCj;(@1`>cVzgEF08A&paBkz?oh#bj^AehVvFts2vm+ zl7W~{Kg`VK_5N%R#v>M$o9h*-*Ln9Rk@rw7Cit#x%y_E#l$9XdY^(7kUz z?k=k1eds>GdPV}tK;UB?$*vVW_-jDdd|f3mYsVV zN!%wiX0$UQZQk$Gk`4NI+Z}i7h&WJrnVd24MXp(YHK33^a1qX9#)cYefgQM)U$r^it`1N3 z`NGOpe%>OOxCy@e3Xh8X;|XCD1k)+K5X}rQt>`$SbvYarGv@&{Wf*~*o$Y!_V$V3> z{Ori(G&KM+eq>;a!!R#HL535A((NJ|uztAtjpOE1@@r|=js&N^C9x%`XxY4NH@7fi z$C@Yg%a|y(Isq74N{B5pu#Bp@6lYebkGiO6g_4x9K#zr9bVyk}4vF6P7e8#pTxCE1 z6`IC$KL6K5CBRDg9x|klRd*qQaF8-Z9bt#&xPsJPaox{3oea2eHGt1Fk@EBHI`2r=np<-L?L7&N0Tx9 zaQE-$N;SzNlrNi5y29rrQJ_@Uo`)asIcTq?t+as2;H@{b6)JJJH@G5I*ziKrSn=Q3 z%im)BNgVlcBm>xuMAS@?0zu4n5xzIEz3Vx`raL40!e!so@j1P+{|ckGY?+RH_pHD% zJrtAp7N*P1*%4FTKz?S8H@8Jpz|vRJjYlV}eYpX|zwRPdMk z4(YS_&*Z7bSxF-(&$R?vDPBQ|O~NHF>V#(;iaA-%0!-1pG;?yCece9RTKKqzt|PFj z)Rh~)8U2@?$r+|xnyAfTMr#l^GFpt%_mHb|1Df`yA)XCmMNEh1$qc`$*OW&lVkUwZ zKlOx&&UcY)eUur8e(o$JaNq~$pCAQ=vZR&8HqyZpoCYF9qH zd;SH&(sEumN)BmrB`>FUlM|RJ1GPSEW%>J4-(_!Xvk-M8B^Xck@W|W8>1QY zXH2>;<0Rg^2-edl0Hs;Ps;1N!Ide$?MwpQsuFYlpyHiP+V#*xj2dO7C(9bRd-KQKZHNK~p!+r^c_c zH)hU@<&Xee!EpVE&=uA9IuxE{vfyi+U6+xd^jvJVG(=Nxv;eqvCJDJgP1#`tBfQV- zXmK^r5bAoSd?fv$9HxA<;-a}v1OmU zsU}-@qv3>u9xu%4FI8g%tXnAV9y=@U(%Ep6n5l8_@Lv;9a=ZwTz9w4e_|^}v?m@2g z5{6BA67M-(G+vPF-CIYXTJHV)xsELbbOE+Eh==b)KoX9Spe2aa){I6l>O4?_5`I{Z zGNM2smnqWiUj2Zp)K6{k1{T)%EZurglEoS{A__Vs>Ej#8E3RT>Ds_GEsO4ICk2sw0 zH-2xkkOI`faw324-UW%kq-%Ql_P0XNz@Ov@*%U26(#byqRG$;2es6L$kl<0alnA*2 z%Kg=L@2)mlpw9O%>e=b2(vYUD8=LC9yd3n&X!v`nKW&KVINFe<8@qa_0<0!$E)BW# zdwLH03Bzsjuz=(7bpJ&@&hP1dkGkkBQo6&(hwy%=wG0K4R! z%F*&u@2{1TAxcm{yrVMIM(gyP5KAlYM~^N}J=adv-z?1&Hw-fDof zx1J+aD=#UMlce~}5w(I?L~En2UI{N`2H&32EBr6Tkz-$_i(267z5^l-3^}Rl$cigP36NW42v9f?9Oi6@e496^L%%5+HbuZk)nSQu~S8@b66G zoSSG*zH$P?04>kAR4GWQ5H!$hbYR;bNNztUtr7$I@1Iggm~BY{6V1P)puVuoMxWJd zjIs9V$jlnHY!3P*Rd539Of$;{pv|;LJse$Ote5*DCQf-uZmKPw9HfQ1TTlINHc^C+ zR~(3!7i5{vj(xu41h{BUQAKoozSJOnSWExbK8Tg5()3V~;z6md4aQ&U_b6yP&j`%v zLyZeE5j%I9A+^F{nSKm@4^>3<_l^#WQBb3to(5rL5PR4wf%XtBJhp3E{;ArNL#zF* z1;IHOHD5dVWK$;yVIFwekMDJFh*e}0Y>ZXE8LcdloTW#}!9V2^*G4$S+X*+6K%K0M z#GTH+BpnvYJkGVfn11|*3AVwNjyfnNm6;+XME~jfFKM@+5 z&-l1wp_`E6s^&wJ_E3LRg z5VN8pbf3ql_uj>K_r!AR@;_;Mc*hT=4to9)ICA8aho4pcIQ$`1mMmK!P?fB~P{e+zcFWrqH?t4c`ZL0shd&`y!`_5d znh#g5TkMH|&%r*PFcp5ZhwIc-4l(+OVX9Eg;U`o2H-vy8#m~3XNfg z`aS*SW&_|I)$ndAsY&`p)X>}RGxbrh%WVH7NK+0kSAv>_Jdx0li`8X)%?lG&u2jdZ z%f@1-=zReSFP_WyL?b)za-}gsxPPLvf?y7 zb1*h0?|2x$aZR*YP}yDXzDGuG!ylSI*~%*m(cXO3S+LzA!S_J|QXY|}o)^sfKgU}x zPW;d2(LirFRm5J5nSE@$Yia&n5h4;^+563U)q+KV=(&wx&cx@1Eaq{$gzeqr7H9LB zdhwbvp8MIktq8Sr4kWk)br`)!GFR_XWlrCL?__pbh1S+;&dD?AC;D@*wXZNmi`6v# zQgGgF2M)AJKQ}uapM=XXiuoJ_(K4RxOxYgiz;2X;=Z_17L$e-F8VZac+CTof&N?Pd zm^n*D_?Gp1DY!eP4H*YQ_(MkanQb&MY!I-c{IkyL_nlhwNb4+z{nF2;mHxN1S*?lZ z!FXlB?GEq7(`w2kgh{x5Za8CinBR0@rGE;tHIP4@9r#?3Zl;!;_>?hAWWL=*|1DR7 zIDnV4GsOp#ZSP~&w;ZK+597?(wWFO>GgY$sk+;b zCt{#Ct?d5XZk=}gkzb(Ox1{ytR`!&qQSv@vGBNl7Uh0>!Mh;)j+Cm5l(z1(8{L%)B zls$ar9`2+PR%*a3GTB~{`Uj{#MU(QnFk#se+Nc<9cX|&h5+F*;Xrgyv;`?AkvQ4g- z0!h+0(YTIz4@-xOxD#w!QifBq=J8XZqbe^nr?e5&L8dGpmz-T-;^--yc z+W>PajfKbzKx!&wgJv-msw#;|BklpC%7N2p)Ir7WU^d4G9kkW8a@TY9Su)X*Ee=uu}Y7xW>xvuB`OI% zpmr-(y!PE>*t5Vi3lS-aiR;bBCbgFtB#tkAA8&f+CH9VOsvm@xRiJ+NELhT{s1T4~ z4JxHf6Z4ggNg2jdJw;BOU)S7-h+JGwPtb)4SwDK3JkjZ59^YfKY-93W3)-Bi)027t za~iC=GW3w(N<(~|TiNVYz^9McygZ_^JWFI6cgIyz$Oub2V{8`4ya%`0cENL;pw}{j zwJwjlcK_BnP#x0JrMntCe%(d9<%mkPw??K8LFc=A!<)a-9tm@hDk)ux)}|yU?oJjz z@VxMwGm@&AlVP4kB-%v30-RiW_SJeYG{g>f(#DSuN_5FJSr}=ko1}f1b=vzu zby*dMmfPLIaLaU$qk*>;21>iFB;8nqbb9lL{&}4QrTQ={h3e*Sz!zB)3#W;;WjWSN z<0?VY%nnjA?)Yu(w4S7u(4^0@LC(9s9>|7ClB%Y0Led#9zjXZI-c+$Mc{Yoh*d?}0 zSTGl6TytRa8TVbFIB|T#9x9i@Nnn3CKG~|ywzi4uzQ*n#a%id1S(Mcql}YV(aM`$b zJ}x@Jmt-wuznevW!m_(I;Ee)U*Qg;kSgp#k7N+VQv5YK|kRE-efBm zsw2J00G?-P%WJ|2Bui+6qP5-CwWwyPSZ(#^Z42(WZ%kquD)>sy+$Y!&t=!Znh?7&h zP75WHeu8lYPqOiWEaKqb;dX|*2-upZRCqO0HasC@z=HL*qUFc=lDp8ZxBD^W41vHO zln0I6pxIaE#IMlK0wb5AbDGe)WFD9<@g_WlI0N!j5cHCIFhxZO!pQgN$78%$0>LLgYS=*K|Lj= z!A-1t>6<>(FdZ1T9ek6h(8HtVGm>hl+)LAW;XgINTiAeB6_ z@;oA!9P)(IX~tb}I(SnPk71d9>Lm%ivdU-iB7HZszbLj4##3^cTzgLLcM?bP!6C$k z@fn#Y_vJD1#_x}T=B7c`Dx0mH^_h`hdsGgMKQu|_KMk=fO%$3Zf}Kj2(4@ay=ei9N zLS}eLLl9CQx#MVM4?@v{&XXe>4)1$Z34MHNX&jZUB$VDlF3wJbT=f=F+9J}tCZg8W zp15UZ2mAmA>lX;^l$78c74oofW(=-OXs9u#>iaTjDX_bnEhOa9tqg}H1@VUn{M4J5 zfkw*8NzyHjt_V>}87P6`ENb8F4qAWp6^pgw?F8EPaH+XGJ&G!;@g`w^^gD>HdPhmI z-KFv|Q^{7<;Pks=tZM%+jh~4<32ngE?u~TO;Qfhvf0hIMZYg?>6j$g>VepUV%{>7T z)z0|~4uN?r#kyeVtzN82V1N$We%GwVwlw;84V_*BudEC#&F>8%R4e!(pYu!zzD%m) z$IHwakr&p?WgG$}t4ZH~dhA-_My+V+cVaY;Daq`~b?!(llcBBTtZPbW{TW`XD}mAt zx-My+VoF?BnJDsFm>vgvfR#Fz%={41PY%58m2C4&!z=dVh5akf3Z9i4D~J`uMeN0g zWWAK0&zkozZIme(YdY(mbz~7~{kwS#_grlbVf1S;yvESB(}Nw$41BS(nvgSJ7nyoG z6gZG$k`O}V;i(SJE5LG!p-z~~$czdwe_uFJ4wpknOP-_e3E=%z5;?|OZW+=_F79-3 zkdnv|8#1Q-d<>k^3Q78HPZzA%QFP3GE2a#8+}qc?)_qdzwi;#?IvSoTb~S^azABlL zKH6(*bw=|&@wIP_M`hqwBypA-yytWrj#pxCzw8uObAafGoZBv~0T`iY&AaG)dqFy7+sP+M+4Lr_*TyFzoHLq!uIA2)#lK4LR5|zy+AJZGs3eMtK zATU4|oofgN3-@iljyBVt0c$%7r~>k=ILSuDzDd%>F0QO##YqLO=N^!w{q?=F&OwrVNK`G_zj6UCs zlBae ziSD@a>Y0_*R!rcQZARPhVYzyp)`q8=WKK9UB}QEQ()Ob%>U}O1@gBto6Fln5Sf2CZ zmL!W0QsCJC1T(UdDXyUpmhg$D!r#z`1YDhBGL0)gT101nA0L)c0WR_-b0+v-QcVpxds&}(RFj~q5+E{4Zk z&HG}EC`I4{C!tNbXq)1y7bTQa=L@;~d%VqIKe$4sn(OvWY#q3$7`wo=sQ|#Gbg|Lq=~U<`7>;%3SrSsLHWM|Z!`MxJxO}l&DASPrG$&TtuMO> zLl^JqFucEe)TQhxE^Z6phku+TPG%sI(D&z~C8KGp?Ja9%Y5h#KV8;XWslpOuT5b&T z9kpJ*mAjma05GT5zoW&n(hvTI*-T=x)H$5TdkCBO8Iu zYT5>FX%f^;M{FM_f#Z5-0#d5t?7!poUsXgUisHF@+bp!hC^XQNYgiNDz&VtTT~d1C&b=6CefQF)T~i@pQ(5rGgSQF@PkbW;;U;IeyuRQ1K-DUitNsDDk&n{2i&7QiH>s*S2l_dL zI`$MKD;{XOCae-tra7b@drI%;5p&_X3D{kZ1$huQEvi)-fdR2hiq052;lI$$3xJwk z&yA3L$Nc0geBFmd=9`P~1VyuZ?^(LVZ2iSe?H&`hP^aOyty8x>zfNygdVvg`*_BmZ ztg4G9QJAkTZmBZ@LQ{E$H5FDlrb_8LGIpS;bP&dV^>Vnn_pL;AuV8HvbB(7JMuXTd zEB2s!5(b}Lb$#&IJmE_vxJf%9U|8>+s&*{~PG#C8b2+RpfukqZfZIBjC8sK;(4Pm+ zKvQSY&qQkLQ#T0->qT9CFez4aST~)64XZJJc<9$$s!Ei37*sE>YdyhV)B9Q3_QO1z zdF95@*3$F7JxE7Sd8mZL#5@lH3}4f&juF6U)Szspq>?JThNi6$B)QX*5N zmWt(;UvH-$@qjOF>8G1|X31g8Xxp;!_N^l>tw3fcr}-{fm`lOA1*iG5vA5YJ6i%dE zrn^;m7V6OyO409OJT$nz)Bq5W2;#-S=;f~v4?pT&Et2|d-wA&*PccizP5ol>eGlDf z>!Z>;)Muh_06bq0O-~dF+94iI)2pFhDG54QMF|=dvt}Nj_fLA_@;P6)e6~58sHA(S zJo&0Ju=u&9z9d!Y!U{HIMp2DQH!(hD-BLoPT-h;I3CbRFz1J>z_VVb-(BU|q*>{M~ zEKQr(l0HsCnbIEEF>+MR|Yqw+wKA5^n2?e!k|%8 zZoi8G@TjSeDWkhFE{tk=`xtisI(>Ce1_>NZ-q)S84tIH67z)lb6qWW)+{OzD{;Gv2__7?{Bb4N?$m+Ec%lBp44d zq(J<0i-J~E#KSFM`R@hkg~TL-{$s&vK{2Rbqkx_no)9diX4e=>K)jN8_4;+brkH6b z8H3~7KmFeF^~6pS+|<{+ei?3XGO!`on0oZb}D2oA!3)6H*_T_Cyr^Jqt2gLDK$_y<`-l@|QG_#C%{R`tKDBlu|BL%`0{_Z{fP zl>cj42C}gKloNP^s33y{G50Us{;$Qria06wPZRhT8SpQA{x;e14-?S*KbpYWKTLq; z|IP%!i~mzjvakSXTmNAK;MM=j1pNPD0{`Ow{}=lp697P3i~Y}|{Xd#O_5Ym-{MTY& zIa&Xg3H%Qk@NZ5HME6e<2>(Bs0P8?~PaH<5Mll^}GiebqS=wssmjtWqQZ&D(j+wWo8E`L6P` z$49A5Y3?^XT_ywW3%9y0<8Ak4lUcw`Uf$vAf%{;xFNUKq z>7dY?)5E5yR`_W#%pqb^Ng1vh!kx393~0MPc*<{t3<*XT;LBAhPuC1{=G}~`TI*b# zj9krE^Sl(r^9WzOP;hZ<@mWq_#iISp02felty?r5Y75-!?^l} z!&=pp9lt)I`217x=?B=8Y2TM&1_PQ{A3k+-4~}S)DE? zj=^`lxQpO5%Ui|ISsfC2#fK3wqiT8X2d5@_AJFDuP{XJ9PE_oi$hn~EP1dD6j>ejS_}vV)OH%0A>bPfrl3tve|FSP~|b zUfD!K$ZrM$l`KrWPlCl{^f70Y5%1gVgm5v@$rFON{&<`PS9{iK>qi_D4r zi@{{4ar;)Fr;kasUN6ZfwKwhE`PY}1YZCGDqXv2tDeuw9YfXUcnC+y3l@)=>Dx6hJ z$-xF&ipqYt$Awe7o^NPO6t2P{Lr$OJ5dAW@H5|QOH)Y2%+=k6`eTf-l;?PIPfmKD2 zGhkJLfTABJJ(YLwIVs0y?-D~ZW$Lk8^{3j-3H*4{;wRN!!GN-uOlqWxnPAE&TGofs zG-vX%!#ACSJ4746_^SA|Uk=7>fc-5ccVwj2?~Q0=aodHrzsc$Y!xW}5xDic} z1evcBBuh(^-mj~JvHPC#W2uk!S;m+V=IUdtmS`cvTxE#Md3r}NzlND=C$xPicrBbu zZ^B?nE+YY>P=WKkTTfm7Eo(89axX@;9OK(aTstG77*_-(AaFQO2GY)8q&m5jX!&De zcZg4ieRb$Yez#qOyvk4oZ7C{yD8;397=P4d@&0RR#fV(eQp%sS&OX>u2v7`x4eD!r zE8S0AR@ip`Ae7_!3fWb6% z|Lu3Gyd}w(AmnOQdiytm;aXlLYtKCh>{0xa-xzV!N)n`=SiO6zwj-^`|KrkX>iJYel-Ul*e1ystpMSG0P_{oK6m2s7& zu;G(rq8N5O!oK4;ey*r(fYkK0DkKi2jx}=nl{ZmH3x&6`u|^vyglB!izBP`AxOPm0 z$hMa}$i4K1D1IxQyD?8O6#?@Ow`+P8U9GL>!R|?MwBde}vxy{nWwh(igumIDOR@^$Xb?qcxKA%2avfbvl zT~5Viz5Pc2T02qVtut5yOYLiK26*pzDd%@u!w8KqNGAzA`QMWL!M?`?dGCP z(Ay<@U0(B@e2Bbqy~pbln79t@rE{%DB+=3KRP_KJ#4dW`LqHBxa(p^(|Kjv+j~C~d z4A16-etjIJ4LPKHd|<7;s`G(l&FM63tY2th-&MTv<@hFt6lcmL|9*-nBxj}0P4(EE zdMww1rA?s_ZPqK!Z_A5u{*@udsbWqwAKg@WKi4hIse8}K6J3;$aeub!l6b9B{}OH1 z>p>mRpnKJDG5q`YPp4?AU+^YW$GA1?r8~YD>QH--i&OBVWf?l~lAd?Qo1HxGA2LFU z1;W!?Nz8aO(SBc}N9ssPv`97z5-pW3)71s-6ARWtn2|NU5imA}xA1@)^;Fu4y}NNH zPQA8#dQ|ds`|e90xm?$s*Uu8Vg~P{BJMvP|7O`9)rl=K%N%1Su*dntJTj^}&>F>2K z1?ArtOQsbz>iU0VtxN0f%^bd!qT4lF{@a7fBH^%s^ zZGr!-vREH^@%#bTuifVl$TsEveBidl1q1e?X@n_5P%$lAtoY#nwPPT)MnghC^bkNm zpn^Q@|NMEsxQRj8{y+exssAoRl-LFVQ5*Fd(?dXj9QptLdB4aXj`_Kb{mlL2HulS=i5Tpi_u60%FqEMj zvR^XitKtOoE$ex6NaJ8ayv30OCu(h?Mb+xvVmwNFM?bW}ojUpWf+G^03 l!e2r_VExCJou*@=cF3Q9uz3gjrT$FJ{0<3Z#VnZU{{g7XRf7Nk delta 55223 zcmY&&c&IFJ$tWN zGqYySXdQUq3^<~KG&lqX2nYxa2y&@<9AX#j$Crjdf=v)?+yW7xC*8}8(cdX`^6p>oykx8VfWy{mjvQnd^Ybk&5qT@H8_fpQfe zx=X^jNHu~X(_MDcq=E2PN6U3XY24 z^1Jq{6)%OXRheuM(;o}ncRF90Z8WTCtj|Zo?o32Pt3`E%T$D7_p_Q7yO!~usvW>FrNH&n;|n;m+({HGneX=F`$CFQ3(k z9)q`9y2>c9+QkDDZkw)dNCnguWl;2ivv|Z^Yol1 z%JlBuwRj#4osIX*O^!6Y0N$6yjwY|z0H2yqqCfZv8P`oEpO^Kbvleojb%E(ceGVBP z-i)$$9q-c4=)L=!qMJRp%@59dmrhc#lR5GNQpyU7;_}y zU}(vuMSTJVuRWZ6E-340p^(AsQ_C@bOPfQH>U|U|HyHOIUS!nIAuwMGU zi_Z~|;}MZZXLLrTZw@41;R3LR=Z>`Qjwt-xq3>rBX@(SeTE{Q6NPpNc5rDBaTL>HC zvFU`cfGT&KU!k6B@a4p^ydIzT^fQp%JaJx~wx@S~$k>SsWV^it%GrwxPiwsy&D!50HE z={MQ=-{(65fhnR_M~MLS^wcH1(E}!{6>0B;0du9?ny(u0P=E1EvZbsy)$~LHwh^MY zE9!n*ks+{}`F>%`gwO`TW*YbJH+eu0JbM4gday}W&Ca^KO=g;6!PI!Mrqi^}HK*S*Mdh{g!?h${l zp8InzMPL!=>_d1s%920Y37LO)N26ZlctT#RdcP@ZOwO`C&O$vjy%1$&S-I}jBM^9b zGm9GTY#I1wNjG}YP`P<_L0loQ#^uxWw(t^nRe3}8Af~7Hqv+BD1Oefa$(C6k_O#s*_h0{&&BqU-=JTf0`0s7!_(=M^kA`&_+!)^#SCoR6aalU$T>gBoyXrZ zpG|v;pNJ3xI7@u8MBAEk*B-p@TlZ}~eFw$;90lsYJ>ifsOCb!`AJ-;EV63lAhPP{;7zn2x%7BC)awhLh+Ka_{ zN)JU&K*hhsd<6@-d4>#Kzd!p>^CY&JKaY%jjaA{}vD()?c)y5m-H+;+#E2Qg-m^ zDRl8`sduvaG6WT3I7ezcOhPfV@bR-VNphUlvVE6@9huOcxgg#oj(Mdf#<~C@qo)%p@=>p`@9`nUwZ*c^9I!g&9lS~I#MHO5^`H^$!O#EG!Cw5} z<$>mX_^#Qljr{OPsKuqD7(@Y3senmmTK+EJ_nny43Jv-cnhOa%Gnbt)$vk=JU;C)+>0`9YT2v6E+nYs#^sH8N`3QHw~ z7%DoM^_A_l8$pkF6ZG~Ka|kgd@5?mNU|ATt!42zO&AhkY9_+CqW$vmVCNzBZr^D@* znl|>zLiuZsa>2Ra9LEfdgpyeaI^{sTa#kP9)buk-t6)Ru#%6SM}gSZH>Dl z?!r}fJELq=Y6}8x0ovMMfaH|mMiEcT^2^Vw!{-kc!JnuDQf_`eEokIvBmeHZh}o{g zzSdH8>LqCrN{(vqtrccumZK4Im?xiRz<}J&jZ{nvXO48o4Q;E-#fO?k{ADFHI$^>x z9p#pT@2=?N7^zDQb30ecrJ5jPqFu$6e%m@Bv%TfvlVMaZyX+MF4WJIW)l?=Ng!{qY zvB_(CQZ=dKpW`>bzZM*3;vJO=)oZaXYfv5|l5UxdP#JYc4jVa{?j_{we%ng1^|>=N z0~304E=Q=>bwVm{W=X`u;%*?Vfm zt>g54QzBZw$D-L@;2C*P{?MU~hu>)Mk8)kKM$J#(B_xf{D`1a!SQ(+kG>XclqD-`5 z8NG1+G==#ju;UO6qA0KeN zUeBQx^RA3)j_r}(&~#Tz=XpkQ-)$12fHa^(2S1MCA!wioE@p%G(q8rBr}*TFVj=u zurV>4Fu@H(1Jmy%-AgAUC2588OlK`qmJKDfmGt4VP6=xE#=j}mGqUen(Vi*I;WW+o zh>PgkP~UK1fC>DQ&MnA=B3XZ-q4~cD!_l@_;n{H#*V4ak=JR?B5p4DfpQK5V)64Ib z@Ao8qFJD(H)ZOmQ95W_?6ZwFV;DL}NS}8O^5HD~L8djX>N`k0}Hu}S13|%uY2Qvsa zv?taWUeo1sL|9J_He3i(cu(~7^S8!3^%__{!ZeG-1!Dxv1ytR6NyWznHl8$YZv_s` z+g2i#)raGYmT0Ep!d8mkLLUWc8Ef4NHTQM>fFdvRA=5GV(Tn(86~5UGioL?JO0vez zo+$8wAoSv-8x8va+b*1NiSFRMuD<`f2$mEN_2M|@JiI-y9UiU3tNVhI|0k2PepmWR zG*NVlck^V~Bn1JV_RNbx$N)+PRWOO*f8o(8%R9zKrFLwdxf^QCDFhpBkVv77Atb){ z%>cR>1%hVi7bF8udOt+*5PWtnHYCj;a0tK%a(QRl$Ijgf_t7+;?}<3imooBZs=IU0 zz)%UPz{u=D$Q^ujM^3>I6n}lx6)d|lBT#YwHX@>$6gW%6ZaMU);m3f0_gNir3rRC= z@p;8f*;PP(rQ!~1n8zSxWQ~Q_n3*HL7n!a&i7xj=^q>Pi*>{;9$^Q^_NP(;B#W+yyix%t){udB^(d{TaK8k%Vk#8X+4ZR`69Xcgz#Fa>NrZMb9gbf|^ z59#x(wrZFDX`({oG(gy1Za(DOeB)|ZXGu3(aYB(|S0r9VG1S*1+ww1~GA4ew1QKKM zLg%$DYaTZhYIB;z0{Jol4!z4=RIVb9Y{A2ZTFJTaK074Szw}misKjHB$;&(5Zrvt( z>zIkr$%{FOw_y`5-NJr@HMiK%zt45|Q@gXgv-=(@88e^HI09#GnGrV{Z;mnfY)AN4 zu_n+t0v!bDUW0F-I{cwjlUHuMIx_(r82#UA{OR$n{p8r?1C**k$Yo~0YKq5Dl+wtK4B>?vFk=Y)FTzY{t_^q$n8G(}gUE=Y8i9^CHL>}^>4 z&&1P-CS?GLI<5;rYMRsL^DuaLqQz%ZMPc-v=g-&XuaDIoO~kXmai$-F0*b?B3BJ_m zvjzt^aow-qtK-lMC4%c{@8HhW0l7ilr?oVFgArbr7tzMFaEnS&Q!%W8A0I}+A4dMkKgSJvs1LW8VfkV(R(r4v%;e*JPuZsa7b?D@+hT&`Oj3f5QT)hgI$s+r#=m;i zWOIQR=EUMm8SCwww3O<4tJdwlC?5z)C}RsxWlQ_&jY=-L5z3x-X%3yj;Z|%01U{eL z8bMGrH(wOu_Y9*^e3|O!_#y9b(+#wRvr#SX6UTVcHE$Ok+~keQs&x_Kmn?1J z57K(wYqjmvTPCRl(tj_2!E;U_gu#vA%wnRpC@+!_4Z+&|1V5COp=0uIx%LxPWCLx0 zWALi_jGsg!7sPc2m1B!3NvH3U6a;Ns-u(HkE2;&Q=hEbt_#8!RI%3C@Cezmy<}5t& zjHWE=3q*lm5E{r%&a!WtWG4)E+#AM}7RN{nNr!YcVbmm^fV`GqPiSbbx^WzO{D@nR zWVl;0wM3|rsBvl#S#;%{m9b|5Y*b( z(KN2h1e@E`0u0{cAlfS3;~cL*72Ei9z50<|A0Tsxb`P2_+S6lXlYbxhF;)&+`D6-n z<*#&Mv@{4MeI1owHE+a>FpbpmcDYa0< z=I1`4rM$=pC4Ma$YI{E%arr9Z(O$`pQ<0L|QgBtQi<`U58=CN;9T<0W; zA|A|3-G-x+pVe?d7u3E2o5fk@^TyOvR*g@|w<@g~Gr6C5cAaH8_g>S^O}UQFOI;>` zk>>~&&F756fZMmvST-u6_%Cj#YJ+*|Yo#elMD-CJ(ipMoM;=e@+Y4xcQXf&{&LX_m z5j!m|jzxI(q{rKNRE})T%T96RG4J!Lr@F~kypob9d%08ec%aqjDZ(**3=takgMw@y`85KUP?$#%s(7s{Mu<%@OFQ3usK-_Tx}IG5u5T;CEMJZFHdA@ahleikyF; zp7yAqWbKTV;qY%Nam`3+9^tB-cdZ*g7K2g${BI~ zhnfOgR2*qWf^Ed22=|FKc~>86pMosEPRVe52k(D&AH+R?#$-WnuYjDzlic(p=B=jB zyByVf$Tb8)SEgA>arSZv8msj-+R{t*&*TF3$2qZ&+G``8~oX*;?CkBf6>S_|5DG~hGt zLZiW)hi&vgL_9qMO>W7yLXdwR`!?7XS#&N#WT`W z68ok&5b>kDZA(QrB9=zRLlEpP;;OKrWkE#lxNOj4FbyUN1Z^IzA)l1+J7K0%@Zm_5 zg@c+V+jQjDfb~a7Em75KNb{O=({6IedI&-Q%gJ8W%pl7q<@PnM*9>Bwb4~STqy|)W}Q`NKq{V6cY<$`1WG3PfJQW0nix%ldsl5fhQ1B7 zN^C0Jzy2)ySWJcz$>FzSKxumVA#!P^HT(OKP}1eonXRZ%Nybrvt<`W|zb_K78{Kjd z13ksiO$e!@ov>U!iaJ#wpMq>LqY7_vBnN%iAv66UwtCN>Ol4O1%FVBHip!&ScYjmi z%{Qr4=?!63sU*7@RfT}y%K4k2G871^^J7tbX95-a97Ys+!a;^1q2zC9WCL~Hl6*51 z{>781Ad?)8Ju`R~J^;GjCkj9~5tpH6AID>!H8_oao4KVcEVRRZ+2*@gpV7V|n=XJ>W=WRR z)-{}TF-_Ce_po6g1iCxZLd+JET@8`)_r^10q*s-{?PFR2#CPu~hYxPDm>|60HhG1A zRvl6<$F#(#1CD>%)4~PvS=E=Qdq|M6{$4#aU2fv6a9}Y?;t;bhIwjTsYP5e73_N{m z^`|}%#V1?UDDFfkar zB_3;17c%rZ{#9@-Erqr2xp~buhR+nvKPEFj-|f8VR;-V{dOlj>Yx|p?W^qjUh7oiu z*~R-4s7(FJL5lulqBsPPmm8Y`8Gi%sA5XCZNXYdt(@LSi>&xOO#OD1Ud^nH#6$_9$ zwj6iz)6WlM5*S;oZ>_2}j!j#00CNTrZ{YxkwuV?wg*E1VwdG&Q{5OlRKRfsfpGDHn zkl`lZwUT^sTh(8;<2Q1I+j;g@%;resZ-c+HaTps_^O*c>x&H!ji=k`ke>(>>UxDA) zsv50Lz1nt`7wR;ZIcFvRLa%k2J`FoxiAjXdYf&oV(tRbsoAlB;;`v@N&WUVU3^v?* z-Z;#cP$V52B80u@^m%o`Y}ga6fU_hsvH1O}ImL%IoDHp0FYwsfr%nDI*_MCf`LeO= zgqh0@QKXbZ&M#kY>Z7G#mg4|KLGoGGLMcJNmXHwaW$Y!I#7Ws{?O;eeK{EW;V2^R` zi9Hn{eU#9Hv|nOo1mxVWQle5>nM!85EFHsm(aH4{WRE1(v*eggDx}At3!X$EGbn#w z#K24w1${|?Q`7k^{o1bPIG8&+1L$<#*Hw7p9vaqJ zpB=JoChU(1D`hDXoYbwbSyH7l6`(3(=PS%o(#&O-S#k$B(i2V1F2_`Smogne-Yf&O zKKpZ|OF!9G^Ae|u~PPYBb9 zKj3eb4W+`g&*rTG?AKa8ND9rDL0S@zikHxZ?b|#eRK%E6hEaeiyXD_2w)8{N_o90A zXId;bK3>dss&fsBFskl>!>R`ap>lZH@2&mecU$^{Z1!Ufi~e;nvvO8K+M^o9g5$mi zl)7c(*leMwg%~6$TRy6|VAwBjM|1w?fEKsTwZlkeD%{ODz}FM!o?*H%h)8eJva<4K&@)2E(b1ca15!216!XuJ*$yopXRwpoOe21G#d%?9_nD$|Ho4+wARfImd>?rZTa1$6yZqCc2Z?OD>)>Pc5gcJLLYW z*=7fcj8k=lnbwc&#(lWn;(}dr{kabgE1N;~e$G@%Zhid_^k zNnf}i3cyAX4&o)VEoI|OtUcNm&QEbD!!DjNp#M~;zc^bf6uYJeM;e(&a~$8Htlow* z)o}q ziH9iLwj<#jQzZ5YF0+?ZM|aZeJf%e<;*{A+Y;!tcqC0tOXu2|hzUyj%nU^KIe@UPl zq0=cM+qiXwA}8{3Az>o*6-Oj>>LTn+-&%`utL`l&;)w~q13}(VP^|$(DeOfddhbnD z5`={xMsvq>5VtdA7;o06>3P(c%FOpBiO#EZ^mc|~4nu?1EW&p0OS3x)LABRq;l_)l z$;gEtlT<${iT5pmk_ndz)1wO=JwL^fNAVvlaA?PTu{{EKOhU!bIy$p^u(#AXFxRH* z&XwoHnrv~U7p2ZCTMxPs4jg*51E;tXh=p)J*$x9FkW-LL#Wwar?~t*t-jwa15jRV{ zGPl0pHgnhnoO=Ex|2w{kQIZ|8@NJTBx#>aL3cu<^+a!SawlVj3IL|ex<@VE62i8VFlw=*rvH*SM{dO;Bz_9g{}K0IytjfQ~;8JG)_Rds$;w8L$Y zEPOvuE|zr`u{6o=fxLRwRdUB2NN1o6IS1jPOEH_3+{DL@@dv%CN#qVC9X;Kp8`Z2T z!dZaUdbXA{QlU{_#xKQ+MPv@fdv%cofCtX1Xg#pFwRNtIq0Q}H zj6nN(d{v<=be_%Nuh!Q3J1dNFyZd;b+4rA6F)MiDO9G*4pV3YrggRF= zL~!EdkT%Lo%uN*ddk_VQj2oqgzWOp&9$f?1sNl|A_DpgY{UVi(@D+|BxVi}YNYyBu zhtv31o<44$cFVW@cVSA&%h;UxoBkqkA}B+{A2u>d64SBlm+L z(2vnFyR0&j+LoL(j%epk;K!KhNMU)U)L4hGGAUt|hCwDzKioB%x_7^C=cw!kKdvc` zUz>S4UH0NDovFS+sjz5&ahsX3gLOujn&;5bCCuBXoLwKjdD;>?m_+8{)|0&KaG?@ znu!rdF2iMqKV7)gNLJ>NOonG z(ZKzQxr_XlP$y@<=-tZ-ou!ru(>Kl3*PX=_6<6EzwqH$3nZQaX#jDp(t-Lw7iEQqm zLBxCL14`vjf@+IS4N{QI!xPHSLxTywR_;rD(%9-W2B#A*>*w*$oLXi|Q7-(HJQZTV z>a2=IV*E!!c(F>mGE2dt2|{QRB6uk_8&PWG_r%PzU;{ib{y`hGdrUgUzrCC&$nt>} z<&+z14lr{R=eWrpTch8x(O*lLn4d6nj(BLWkv+I>n~}VkDDG&csy%;_C9=@1v#O%l zYEVL8MUJBP_NOWl@>DgzAR@+*x7yYB z1W^lpOujuoE}6b&Knltt-ZvT1(JbD~n<~Fg5@iQcOmawCxv$2novpG?(yAujFOA~= z!k4a{U2L>`b)E5l?_y!kKGq-m9(3pPtqv&YI+MH7Ma<__%~%~ zNSs!~F5ck%5eu#y7=A6}=S2(cpgqY`grGXwwaYE!Rb@e|FE<=cs>)mWkzR)x5g~u- z1a#5WYX*1~HX-Uhh6QW1!=tf)ekLhFJV*`w#O^w+L0|I_3=>yDkLGV%qQy}6><-w! z(*l#Ro0%{AOl7v)cyAhpnIR2Qd{_mb-BkPa@oI<*kbEmnDp^acE#4_19h$g#^XUb} z_SH7Vc_&*1K`_$uy2yq);~~1Dka-b*h_`Q!ZI5QR4Eh$`a1Nm9_EG@^Ue|o|R?MRI z%UMVcui%L6LpA@ zuDsrDEvVmWJ93l1Lmh`RZ>x9JfE9@ip~%$|)Idb84cY}>w-LbU3~6J{N*6$Ov7+t9sgx32DLAtSz~UE> zPR1$m5W-vXC=S*9*Q{^KeM()Ae6uqHwsW}wLMu8;u z6Krv;nd+38I5gWJ|B3{KQ_AhG3=B6tg6zO4@ha-?E^D_+R%X={{un29Oq!MtYk%c8nV3XSQx#x4ksZ(qxzBtHLE7d~W5g5NE&T1i6hb8lxY5a5YEM9t+)1r{_!L`R!OD!73f0*%P z+B}uZR1HRU;4ZsYM#^h(el}NT*oa_&=Mxvz=e~8n;&>SKBrBwS&z^xuCw=_QaZ;6_ zVlv*N6LENZ^F4|;*pM#;Fv;eHFk5C0;T6pU_Kk5ynj60RlVTZzQO3QnMb1`JuqRE5 zTZp+U5PfjVf8#{O4QV2Ou9AKD+_ph=X_|Zu#SN~8g7&Lhmm%JAU2jNULiTcX+Z3%_ z*_lg8Ef)jl5~syT3yWoB5|1yqE7msfQ`J9&TU6TS+UN&F-Gvar8Ump}Kg!i{6aYLm zCCaSk$jxI@zGKllxI%%WbE0&a?3{8rZu)kKdlhmXM)0GqCy8+$gv-}lB3Gp%pfna$ z>@pAzCsQIkt>A6(ab9bFyq_H?m|MEb`nVt6(vUxN{ngFR*%A z=L%11>O5b)?ltFUDDPAUs36ZSm0=^m!;7%RDxP=1qE|b^igW!vn@OSoazh8M&vw$C zPH|2vfpP|s{B!Nff($Yh&gvDmQBuGMB~_0&Z@T2yk)s-Fg#HR-Q;zGxfTm{*#RP;@ zx&Emq+f~?Q8SV--*u8qhEBB6DRg3OvZW{7$g*%q3cEAjZ@>J<+g30u#0ua$OH;2 zRsuou^Oz9Df=91JO)zQ%q&TiIL6{PM3s)GtxE0~Ek3LBp&cDY5kHC&g<)Tf4hr)`f z0Wuk?n@WoH5d{-}Pw8T9BhjcZCI-)6JX@$?k|0HQjy206l5lvvTLUe;1tIf*_p{}< z5Q_zG|M}OnC}w&(mTRVZn33bv#!S`;aLDn`MD;HTq&FJgTceGg9nVtFPrVm0Xblqp z7r#zvoeOy(EwQB4!mvU+X*Ok|`#aVaAPL!wp2lB7_gMj^nWM?i$TEg{O`wTEsNp{s zjZT2V-%vVbrjZsTO!#$HsR1eDwe;gV%;Kf3ga+oxBt%MnyYvZV=PsqqKRHVM+N}O5 zERhzvZC3lc4U9PRyaOH$#rw{gldamCpTg&lXz><3!4gG9zt(hboB_T+OeVid21cBi zP=n5<#h}Mw8OgO)JwfE__;VrtWtJba?coWix}R6DTw{vz{L3m^c6)U*Fv7ik9I;X& zgbn6<@|E|h$>-_~J~^qFJbBhXpcrZXg$7GSx=pr(`93*S4*}(ej4w%w-D@tKXw-qJ zEL6zx4;+B6#bJLP($BV`J;8a?@&hoH`z1}-JVT_`ALHXMGbqj%g>~6pxzkri3v2Ne zyq@8qt%x!q*Zn(iS&yCr?B(5h*nj4Hsu14%G}8kaxbG%#vCuPcV1#37Pp|Ubp#AM& z3z-j(xiiKwbm>u)+bid=&Sv*|uj<~va@047`EddKG0LYmJ0i_Mm8bf$<*c(J1kLseE6S@s_0sW{wxSBEl8$pX0|_f-i?sfs{-fFHNO+>PFuha<*6uvDWZ^5l98Ie%M2|GL@0d7 zKEZ9ucxbAr(C&5rH<`K71$bAcB8FN}#ymfc&n)oFyY*I$DDw^NI5^M*KT2Ouy*S2F zD|Z$KO|<66C*0)INQlf+UUg;!gy;PYnfw{8rTVwPNHygP&gYj2(-6)3Ep>_wbqFN< zEfGH5wHS2K%4m!FrO!w*{jRaE$3FDyw-;Mzz93^6Kx3^AG%RwCouE1I~9#SY6N)TLxMYHG*(~ON} z(JY!ot5AiPLxG~F&r4u|(&S4O+A3^m+Mqz=N! za}v4_{uRcioR~=KAQOsb2M@Chqsd06>@5lbgHVRge*JhMYC&g&n)%gikl0C^P%4!wz|u{u zbUe6H=Y*H1C1%NQ+#N~lQCDP#sdMwy^nFe1QH`NZZp?Y6$y9L@8d&9Wa=_Qq$RXYp zYbE{xd-F)?Hl1B|V)vP;C9|Ros`{w=0UYz_QN%_0iBdIGk3#;|9`KPuegq)5_)rYYLq9o$8IF$Nn*`-NoUd0%sJ>f?ry}19<56gPQ7Qvez zf@xMwCgLp6K0s7B>RhkHF`M+Q!DCoEb-kJ5a#p-oC+}-=+y)JFFSh8 z1Z>|ldRaXg2)63cw>8Nn>PoUBMuu+$-Fmp+>P!7^2@Eoe&>1tf1KnuoTf^6(3K5>~1^~6H= zz!^~pb+~b}sQ-Sjv;yYC0#Tv_$+`sSOAkS#( z!Y5kVKLuSO>|=-K_L?D;2o*q4%e=kzb~aG0k*8j$N8IH}zJ;i(IO~ zOUC}@km9j4VLxS1MgvYb1*Jg9QoQC8ew(&z)&Kqecf$yXfOXMT-oHf7XMO%);O_@) z4g8%Zr~3H6C_Rw>P~TT{y!j$AYeqtJ|Js3mNY{H?YjqT2>m-b;x*ghCN4APwYp^!I z@4MAufu%jOU#Sn*$UZr4lLAM-!@jp&s`R9hF?g_NBP}G)`ikC*E`jGNu!-I?iE$+3%Bi5pdNE-^#gMoZOxhJk7`^<{;=79)!Oe}1;8bHf*X81U5C_4! zFzBWL2Aa5h7LUBq5*P8CeTCb@0SblBU&N63e03)ZO+@LFNG2Vq&bS}tAl(L)t|dW? zrwK17h52jr-|m+#j{Ar#{i{|R85i(;dSa2!p{dhZb0}7<5 z5Gqs8C(l^@GA%}ySCqCzamk}^hnlmjv1=Lqb^s1ei;AvR{tLja@24G+E%P~8K6MkEQ#w{K_%t}01Q;Ket4B*~n z(l>GEJSP!fFIjuX*+P)*y#UJ*gKU+|;S)6iriry*yjjvrb!yW{4jsW|_w$r%k@4QM z!bMlSt5~-c&G4)Y9;J2CxjLq7IM}J`Ooe6WRnxPu>;&yD+7j@vN(h9(z_24v@l0UU z6qW#SvL_tJLc7##&FtShLTv|D0Bm8OH=<9;;PQ9wx7*|j7$9|4WFa)Z5Jmom&1U-= zR48=rq46YrG*T?`T%_uO3$HCO7?2?UL}=Q86dJ)l(BWWBgV(97oYB+BU~iVZ)!@z{ z{7no#W+|L$UOTAPs!(luKS$iWE{=6$AvDUD*}WHzIWy52$_rnV8N>hOb6)wbpLJo7Z+gHNLU?}U3yg(%NYLt_s;{~!cEP|=rx(Ai#-rHnD zp4Hg|9LF>6f*&4}@;Z)W)QW-+_}1QcW!^Le`I+ZVI&jvGI;HzuCO8~D?Z%^O^6)FF zebe;^j!vDg_e9VYfVJO!udAgUyUrnB%0>UQn`vvf4Epm^25185=L`#cYA)5TOLrXm zD(cC(3N7iY;>-#>o@)oAXwRy8uVVIB5d6CE>g1kWZR|@VU3?uQtSwEgJkL|#!lJx> z@#1fq;EYWR5H)wZe0l(FIGfc&V*~&V+UEnMt z-5@kCFjVUT2Vg!pC9Q(R;e`HHR<;tw?A`Y~3n}GwM~LKcrBk3FhWM`Zm6i8LP~|Y2 zyot~e`rmod;nOySy!kM?XhM_1_!s7p9(v)NF5YnFC`k*I1dbR>ng1DnDAvQ}DSssY zKucu-e_w8_B}Sig50QPi`-#CIifx|)R?exucn_u_bGnE+_E1Z3?gbyo0dcZU&w2wM zTo(J(l$ass6ttx!ns<-m(;wVVo_~kA$`3@Zx z9HKrJTgfENUBuUW2UEK+AXVN_nj6ElOO!J{=Vh<=*BFz*g$8ZthX% z&(FEIo4uc#T6${O$s-CA;##D!AsXuVoYar0m`5GoXIR8b)yhd8?}*o94W_Lu#lHHgFOCKXiu}jiq9W&-XqyP3PBfWLeh~r{T2OT*lw1wwx5FEG;e52h5DP~f z^PfClC8WTVE((T{1X-8k7#*5w9Tppb&?0H?lJvW~MOU9i;S2Qf%W1qbK?d~uh&{!q z+Q4Ag!|jhS)OR3H$X_a}DuPx9a$vbjchy1!EbG#@&L!S=d%vj$E#2%~H79X>A7 zAN3$Airwho>tK6o_h9m*Cv9`F%9z8)0ztOW*=LFp^v1mJ-A1KPo>KczM8DSFs)TR5 ziOVKX*Q>ETJeP{|xH)u4XM_V^%>wbVD3OZG!8AX|iD*EwrESp^!C>2$PVtMtMu6uV zy?-NOR`p@KlVQF?zP>%LU6WzwS;>p$Ahc;+Q5>wC{mBPRp$E3e7YAPn$u5NxW znQ^mg9!|GWwEnr-f;_FFu6TW7^1>CBvUW#h>&z5h+H20*9;RYr(0>x*Z2KN8|RA$S2M(m9Kq0< z{FycR18`<%N#d|Szo+f(;!w77+{w@?#w7`rzJEr}oO&=2Alb%v9F<)GyASbRxNhOR zeX;u@_kc;`CSM{XhI~Iu@^#UJaw^dSmJ<1+r)1X}7MYuzm(A-@YU$eDhf-6bU#-s`Z zCC;hF++DHRu9Ar8nVm2Z6!dQhfycu?=3;9E|H>$nqKnT}HsX?!7%_|6Cc|9VkVK^c z2m9x(eUCI0#dX}E+ZE^5-Y%Mb56cup^>r3R3^I43Flc3GT36+{1aCHtC1?+jgEruc z^t(jn1hFw&IOzG@z3U8Z1S31*Wa!%uuwX6lu(!9mNubO~U$K+V={`z);#t-Qtu$YN zBWejQk4-xRIWIdA(rj52i8cblR1y`tR7Pd!$R*A+G^I(@7*E<4ksNF9PRU1M z{_~Yy`-#n(wZ?}L=)36%=NGOXgE{^h# z5zd$s7Qy~PNL-2&^zlDV+6}GnaBmIDct*ssUM$*!2b)Cx`LXD2-GPZ(gq)NeNxDj8 z`2jq3LxnLRtwS2K0VI|X-UEVKoIILP$3DBvJa!b+(s^k3`PbEza~i0Ag8$p)H1i1K z>LW5hVgiWS+cUJu%seE;UL3rZMxpIhM&94+-Jhs#xK|$1DXy4(%5*2bt22N5#nRk?_I%Yn1uL0G`qpt;X#i4^~K3pZODvyI`@tf zDV`JL%JasFtDgJ`%QR5q zW+8I1WZ(fFJ11?j1N9y&KWtEXs_$b3uZCLoMFZdH{bH2m9lg3CuCVI8^X6(R$~$Ar zL5RWrcjc<%giDF0sy7ooDi%fY;4a`1h$xzY&ghU&r_nqKc-Y=Z5oagsy^EK!|o-@eo6r`&h6Lu9bRQC>CEjb<=`w!_1qhZbUoP zUn2@?R+OHBEfxtE7XkkB@HaQuc(#vhmnrMulK<{Z);|28b>$I^9I?eAVFbmHz9eKc zu|qT2lbFqp4xvvEmzYc|?&n1_OE9`D^nK7Wb_n4g`?#Hn8Aa=X$1P6|Q(msHOtnUM zLCt=vSs|D;xYhAchys@{bA7+cGC>0~Fqj9@95d?hdl>yp(p?B6@8H(8u#>(Ort@jn z4_$VLyrj@oK>U`I?9;Eh;c`$>Agnqf*&w?A*gIR`%;gP}1=2iJ*ZO|g07lt0r)_^G z`wj%>fVE1_9N3#a?f9SE5H{BF%udg9#LpTscYosxO~SbE{j$50J$ zXoilJ?JZ`J!pm2Pxyn~(J(0D%2FB6SmYYg9 zP2wm}Ve|h@?1Yvg)CoJG4C=EIq#^VN1(UN26W)5o0*z}|%ImGu`H&As7>qUZe&J#! z?e>MM&rgRS9*FmxiJ+w;sndV{Zgs?8YSiSnV_%{BCqA{+C5<~7Vlu0CD`O4@*i`) z$G<>DPWfILz*xD1J9c{z9fFF3EOh)acIiVpZuYX^q-Be&{*7utze^Lf3k0ddMh%%V z=iFUG$9f?BgUZzu5aB`833c4ODv34^&)4i>;lhxJQO>c;6>V&_*two1>hnXH%>)Wr zt)GQbD9SJYWDU$}zK;q^r5>`g?RhIi<-UyNYYissv^}URzJx5y(FlaF;qM0etwN{V z*I@O4fCBpOx1)`lSz;TVm&v@R9E9aQb2iDHInkvi!;SpJfMd7utOH9lbfz8~PZuc1 zD*+!#hY)!FkY^j#+p4Lw!tMvFTv>&;MdZ0>?O%u0h=<@B#>D64akqK2j$cls5kg8n ztQcsda!EV{!G!-mnyxae%BBee(%mI0T_Pdf-I4;*-Q5ij-O}CN-Hmj2cY}a*_jmC1 z`*VKnb)DIrd+v#y*@r%uY6u~oL{*iGXz^`&Jnuy%`{aF%;6L5u(jo<)U=n(EtFx_x;h4b|H;4or&T zBAE@n{MAD#JIf+t2_pKAdm zs`BaYZF-`pzf*#fHdEbjVKYj$6%f&%RwGJ9vyI?i+JS;j1_-YX@bQpkpsb&mLI zI9%6H*z&2?ToF{trdscHbjz{$UZNBp*@`N#7G zf8m*yqCls5oJuCi1pkHw(BW0s3$T~II;|iocJF~m%P$Tcw=bB(XP^pC?i)v6>$tz5 zj%o!ECi2n?e$1pu!=kM%*`LhW{~eMkVSLK@wAdu zQcWqeQ>8yiMJ*pWrgW9Kyhl27pN)NIZ2#TkL0Zt6vI9snwh1v9{L3ywOcKVr z-(aqZTc$Jj+87UtrIwIH+a_5`ElheVmhJ0R0;k7=O3Nc!)ep0Iqi&Kg>B2h*OBS~^ zo6eo!SU~P2dEAikhsj#ZK%7MXe#_Gx5E&{;wv=_zzU2veLPUD0BB!s7Jy^0C_zhlJ zd9ky1XEa1XgcnFbMSc)!$gc%qL1}CI!9#MWky5}18dN&p) z*p8`~eOljVE)CmgE2a412`_Us=ta7r0RCusFJ-I`=Q--v=1KF1~7DkUm!6An1< zckn^9z2D*zxI^!8ndk+WGo(^KO_3PLS{k3*7G1@DxM@NwSkL`5{mlO(u6Rq%Y$ts) z-kI;T#>PaJLW>K2BWliq;NDDY;dzArg7Xb&_uK<2>R&%*QHH^jp6dHJOTQz9mkYp? z!AMqX>9UP{`ajuDu7*C1X}!B&-QDTgIAK%ewZ_j20UF2n(FhcdKHx{g4~Y{TMUNb% zQK4%xzKYF&x)`p74HwcC6s8?NUQ=&ZHCpDba!J>TcaVvf8B11%8~Uc{J&!2s4jc}@ zDiXy&`UZyjK|#U44#!!hw7@{f@2pyN`Ef^*6<+)`5o#?iu@NhH#~mQ&c1zx*KQuck zxB<|8mVa)uQqJ?vb)Kl+M3(0&Po{w)D3V^YE$YLQpc<8p?d94~kq?=mh92ja=lWOr z-)h96O7DP{Zyg>CW&`czQ@<6}DBe-rc*MKauY1c+)vtv|0ucq{dlDA4?DBTt5Skj+ zOXL-VR4bjdte6t9kXu6yCd?n`LGxb^3X%$TWIbxd>jxzjzC+L3>ZksG}Ov(un3`-^t-f>dc|wTGXXNrOWRatI|vbd__8C zLy;TW)Q=@pNk)-`bzd*&vX#rGhfNK4TnwT>o%O`T5wAVObY58;^zA;9M6(^?ySMDv6Ezj)xmwt=~ zXP_LiPP*S$w)q@K*rxuJV${0Q|K{n=o+H$>2_2@BtWsxhoPbmWboK6pno|`dFOA^c zB_P`)79Is@8^HE&QbCc@&$q|;AG!2c(E++l08)=J$UM)NZE7tqmZcJyqcOfwSLT72 zEz9vFayea72qqu7~ub7Bq2i-?CG|9+FQ1Ir?0_T$G2}oq@ zpewglsC@+g62BM5!TJap9S-VV<`nCfTjdER?p5V04btmTi6)|5H~$tQAB9~?i1N1L z?@S)XPMcW&6LVxZNJo$^`&7%E(B=7Ghrcm|&>k@iu$wgbF$f^_#I{y*JvX(tOTDa0 zAnqUq;tQy@2BSRT>dU5H0KXI$5Y3QCsT1n^{L<&PhupjzMtj(5bcGEg50BcnF}_ku z%6foe5O?Uw`U(d7@3R)ZN46vD#Rtt0chB9ztrb-t@^I|OrhT2apY~qBn}qF;5xo2p z`x+n-A}v5oDJz{UeO&wA0}zZU@x<>G60KWSF_Yy!O(A6^l zNalKU6jmGYDuTf{IQK1ArJ5mwKX3ELua{RfhKw0+S@SzDALDEz=a1S?F!&tdJn2Ba zI^%n{hSy(aUp2>-c=hNkj{~vB__Ar=$Vu)8Z0ep)kla`ZY854&9C?O;0wmRFcjg8I zAJx0y=1kzf8BK7bU>rGC7bGDKItm;g#(8Buwj(3=(;!{-D6sk7;%&>UvV77ec#BHZ zd!|AOzNym3ByivRZ_C}}>;?=YWffzomKQUbkM?d$D> zJ8P9T?vFAWyhE=KH~n!gbIth>De2!%sCX%na3|^?$li_4CA4uZ|1lD*l-?=kfh@V! zdTnm`o&-6pFFi~V*f}t%vWQSKv)N1!s9h4Tmf>7fVVkLmDXh0%LRWHTbie_>+99j{ z+r*qFx~=!~o%6!}b#lu}Mo+<&b))3)miqJftjPfZ%mc!)#4kzQbj+>FiUmWZTp011 zH#*s%ZV8Gb1pJg~=AS|WyyR(LLkA4%gJK~1Rm_E5BbojU1tp4|3MWfxzB8E{9?Xke zW55o(s@q*YnFQ3Io3J}CD-_K(v7Mp=EwUFewF$OXnXBimFA!7TY0;`KPR#B81i=R-Z(YO$a+wPHL|x8Efnc*eu(4?sCs0!N$?|; zqz?mG+Msy=13}Q*@N3IQKkRH28Ds%MC(vblEtG=g001lAtw75vlsdEuXKHW}sU%Zbwr7ur>>NnGj^THbS*F1J zx&(su&J#L1j-Oh)u?F%Tcy~_F~`sUO%8eo;NtzLgYSxF)1-lr`m$jkGVVN04>}iqbB%ibkA6oQy6EX0iHB#)WF| zeMMf(T>NapS#&5eVnouV8a9fsUgC&ST$E~q|1;Ni+d}oAnKm#Cs)u6s(Yf<;_~oKS zbXh&z$1Gobjqg(&z3#~^0z-U!4_PlEMiPY$Rl4`{qVSV=vzT|uki@;Qs0aT?{2rur z=6q(|S>~;a)5C|z!tbdiw;B+7Sq$aMt7{z zRM&I7kh3$DG#r5X)AAHslkBQ+<&CyhYM$I505$WEA0?WnT;kb#nk-Ts57)ONdR)tl zx_ej29Ivu5lvme{b>ZvoR$*QT?m1i#d+4odpxW!#6el++`9f5K2m8j%?P)Sj9&Sv^ z(cS(V?Iu!;+Yt9iW+fj;^|xEHf%R`Z4K7~0uCOq++yLezrU4VWnCuWSS|1sa(zPNe z=`MwYYy6vZS51X_rL;mrlqbYU_DVQKEJiAE0l_(>CT9Wo&PzRoh2h+g+h-5O23%DQ zQ6;Vn$mlU@rgawvb!*e>ex%ss_lgZpvov3JC(Q~&opsAQo7D{pz$QObP$V!o zutNgT_T1^M?Lnm>8*6*URJ-UYbTo+_;zG*rJu!)y zY*=9!$(MdhC0%^sAd>z2Xn{a0jwpyf2|)ar;N#q{43rpQmuSh~ukZ$47PEGsm{KfZ zyw8kZik_@aM3Oi}c*nGCit&Ol1T-8HQ)grSOtkp9LyI$EmU?7iT`5eiu@gc z=!={Vjj|H(*c*ACVhg@+VJD}_+87HQBGg2BYCxa|uAT;pimCdrfno+}E~?hk+XNID z6{r_Q+xwHiz)&{s^cy4ZHLAmf)q-cM#}+Hr*Po94-8}1|mnl!quC*fR09gyRlUZmp z_PyLs3wn?@hn4MwaZqg0px3zt`Np zm92ZwYy%5%&8SL%UO!z>bZCb$0b}Nyn2uY1fW2D(5Ul>NPtj{g!$u1P96(G*ZB@qr=zG*ds*uOi>JKLjEDUc zXI;Bzp@6m_&JO$!0e1hWo1_zNx@(1K=-T97tb?P|E1E-y8z)m~qE{CzPv+T9d z3m}xqbZg&hw#iJ8%&)~94mU7`O*yz>XjQC9HGTd3m{U8(R@ZHXPp6m~kQZj44#-#jmSb-umN>E>WzKO6Jb=mB@<&dA5 zJaB9JqAL1GXbm^01S=sg*;CtcXZ@>(+BM!dH;!de;}C5oQrO1)gqk`YC_6>^J z=;#oryE2PMYWQz9etC=pNU1H<)+9q$9+QC_;xX2*`h)~Ko#jyht7Iz-0tG&@%^;Ne z$9sC;_&XXgZlj@YBx-Kpu&_I=Q@pDz$gG8ip(IgHNwR?{MeMmZt!NM_FrqTRrcbKl zXp4T>$B~a<_H#(D_NQ3zw3|UnhCL3TAd_k%p17L0x){?MNG6P^K^_3<@%t(>Tl9rhd zOP~2H>FD-}8}uS41I8-Di`tO0cr2ErvY92w9VTN#&%O#c$zb;J*Fg{xG>}zq3;CGJ zaDL2Mdpx;uQ_V}%sd-PxAWr0uyS&>d{=Gpe=W3@1I*!;Km9vy#e9jdI5rVL7eY@xi z4nh+3Nr!HJ=?b8+d-?kOc>nW!a5HhaWn%O~uk#m}?W@joKC`z9F8P+95EVK*(rzqI z^e|BX9DFE5f1-#A8k(Cn*uiV12||ja(ljBxvpAT7mK&6J=kRcocc&3*hSJn_v{&!} zK5+Mb22V}<4EoB0R{CKBK85foUNbRLTg4|G*{x+R9|sVtTwriwG4SBo@ab__s5Oxy zbZ9fA6@mSpF7b;De2Z)>>Q@w{u~(>=HRp!U3TTDD6laMESfl3C^`Th>m~~rgDnes8 zzjft<-Hr3fXo-oC{r0;YGwxK2N~`tH_dIyZW-q?4%xzZpr0Ui< zielZS76CZ#L?#L!!)a9+m>ZYK?`Rj)n>ZFAHW1JU>kcyN%uV9~$t(sjhCr#5ImkWX zAlTqc^q)5AB=_`2l;SD@I~VW>BGZut!5@C|$FrL+b>*kcGV$rr<-1(h{qXA3)EpDm z+b8^rAIKb)Ff+Xd+wb82Qz>c|(!24v8~6Rj&N@&rskt)a_)WRktkTFqtQ190>DTXW zl#H-q$b}%yK4ls&(VCuq3dPehRaSegOwb*;x**mkHj zxr;5(Y^Vb85IESoovkxyQ>bgL zt*P(V+@a40PgYcY8C6W$xx2GSN!sz>wR{{NIb5&v*(QhfWWV_yY9ot}nrK#FvN?Q3 zgulXwk;nZ&|Cn=yu5PukT*opxdEx9n0kCJbsMCI@g?Qe+%S@)nkwFor?!4UgZTwxa z;O!P%Kg_or(eCCr0IjlCX)>Kmn4r?Bm)wJRP7{Jk;=fdcBuSdl%LK2|H9W9XY;3KK zQO%#vYQCf*^={yX*zE@hlaa@}yXpfsTd^{EYGFhgIVv#6B9YM-1*g8?a=HBgo6K*m-TeF6=` zVuMdA+Wm%+UnX>(_Mqbgyruy#!6o*AtC@P<-m-T0c~b+-`9dGaVEPf;r;qF~DT9&H zn9mY<%0o#1RTFgDktKP{k(|$*pNF z-)M0Mt03DI<#1Kg4cFP`!NJYOyc3L6yMf&LJ@_S;9+QX)DwG(|z6!U+6^4oiC)Ldr zQrM<(vGL209*lkAFDdzW;~=$wNC_4i07F~WL&Ya!I?%xqcg|VF_ZL4Mp^WGbIN!c& z@B5W&h0CDw)J#a%2r||vEPZIR>9B#N1g6%bn^QHHWoe%Y#4ZY(g@VPG z$__C0Y8)e!hWSx!d;S+|GarI|@DhA7;#n%RDz;ESE*i~8f${U~a7d`nqA%?L;Xf}j zk{S9e)^n#A8T8zmif6Ck3ziCUe#;@eJfm839*;Hf8L{jT$@tUZyUiCM0`dnX)B*Tf#%P* z#o-#)LWfNNLgJ^>l~?aAN0 zW*Yn5E#~*&FO53^^JJ$k#eRPeCzM>`g*NNI!aBrNfRiCx;Iuk0$ z7wf0oi>tJtqH;EF9%H`xZaVvP0P>{kNo@i|))W2+HD9-c(+MR6ymv7DvrBgf;?$*; zg~WxF7fh7)yrowB?;A4T{G0WB1Q4nP^*T2`+|+n9NxQg`_5ptW0GL;5Kut`avUuea-O&{RjFW={^PDa+Fye^B;=#ScflGl;SN?idJjPTBDjU+zy8I;y2C zatNB7##O3bh*X2`fgafSOZ_nhd87jcUXDCxy?(PqY=q?heDc{+1U5+KFK;qCALI5Q z%qcadn;+r}lUz zdmo*u(h6&Y{kDPe=*mdDebYl4&-DyC^i(sfYCxn1I+11E+K4?30&&`q|IO{j{UQ4z zjJa2c>EcBSksB0BEGmu}co9V@t_l{6kjV0X>A)5vSU}QQyh-Qv2X|-O!DGIq;19og z820DwG?sEYKRAyxndh?7qGUauIL;U5tIxj?5BcOd#i)H$wbVz-B4q(9K(!!cah3ts zaJ%^val|2RD=Y%el`Tk8S&~Iq!Ydy3(9r0|GJVnv^Ex74q?H4g2Rk=(mN5Up$_4R& zUjD>=g1jOzGzHJQvFO`{ZA%5!j`Jqw=c-a!u z@X>7jfPE1^K5?&?Cw}nqr6tt7g~JX+;$qso|qj<99ioY-rTThRx0aY{TkMHs$rqzEP;B3HW zWwpOk<+sXrj=qIQ+Cy)t8ls4$>mq_~Q#YHw)L+Eh250sQEIu(zHE_#eV&Q?Gd73_U z1A82$Yt{E1?Eh=A>!Fd`Ogao9(XoWsb|L5@kP;!$B4{~&yN-Dzm%sMxA;>@ZzIlK| z>AR?ibD)Iq)1wQ!6UQcQPm*BCp-~X%*PCu->o(nNebhDAxc{!}Flff4r? zQ+YzR#A?t)qAKztLBcNHU%L=uNx_k`zXAg$aKAXeDM0^=ozG5075XZC3jgfysyjO& zUaUq~bv#*WF?#OQl5>}Oa;5X+6$rFbmNaA^EW9WNPN9z%f3TWmNJ<%CQgFjHwL^}w zU$FZH(R+PbfW6rg*`jF}<{x0~ugL6k%OTLgmfgK$aLdR9HHkw+=L;g313=|QrFyE~ z>I}nO9)Q&D4m0>mD~i-m;x^dwm~krJ${%|v5nMu?m3v%Lp-qyO#Z7SyX?*_?->(}z zn(ZH*$~Pe5)0VM3bdOm;;Udwjtt{llqW~|zBoRkXapm16gJNpds6svv@EnQmrPr8LkOs7@>uJ3;ftW3X79} z>cZUhk?YxU2S5Kxjn)SqIvhmCAAI}^sV0mXBQJlsPzK9r9 z;6Q|zz4%pcS%g%XvKPmsb7Y&_Ht@JyiNn@1up1C~(N0b)UFXrV=w@HL{V4VFWY zPG~ojzmM@hY6sBBDDv84ClvGt96-XI<#eNg&8W4i!i(z+Q5u7SH&}5KJc?{s2qB2% zK`LwXY@t}F5Oe})9lZR;+F@?J#INxG5m}O$#1m!Cj-spx$d?7@mh->dn1LQ}s!KEJ z0aB2J`s_bC2PfYs`D9sKaL9(It11g>`xHDjOM9_b!**i)W!_QZKxf05vJPMg=RnYM zyl>1#pU8`Zz5|2FLKS0xkys%c|BD>9KQ4nhW)KX!$b}w3zlx8Y4qXiC-!*?jNU+pT z9Wkx&o&^~RcHm=Ds7y+j8~sy_!mTEeXW4W)PM^EZnY$lsPbIYGn)eI;5{{CypZ${=o z@U^4DxH(A=U$J=UyIPQMQSB1sPOW#c-Fhml1wdLc@n|*Y_dy*w8_1N9n4z-2>0gBpJcf0&$nCDm$i7GlOwi&w?(|GFt~lb1XG1v@^+60@jnM zB!7RYImz-WD00*Lmcr~Mj8w>SRAt#YQz1Xukx-*P=Z*}KBS|MPAL*tJCaG}z5vh$B zpY+yYrgxUSld@?2P~oie&=>i}_+6XqpJI3Om#~~0LN+9x`BGSd--ju#IQ~#GxZ~K$ z=0^gY;GBriKOBBp;K@N;P0P+BGXqX4$3iJx8OrmpD*N;oMWIIpw0P*fR?ZFNE0)80 zGdSoO53Q`q`r$K^`o-@l_wDLr;V0pc1F0LwFn?!nsd^Uw$Y)kQY*7=RZ_&9X5V`Ms zXb8cuBv)5;ggp~*OfH&T5gYq`wf`_V+4V(}E;FwvY7u4}*n^zDS{36YI|f=|r9Qn` z7{W*<)AP&8Iq3Q!WAYkq_7C=44Y>k6(x*2AOVpB9$#=~mo+VJcmXwl9#_%bowJRP} zN87o9!}`_@^N+kSsCn^uT(FqjKhY&*$lj|bH>EPAd3@77I$aK!zPOxiVe(*QFP>Su zpT)fGtWB|clJ5YnKgTf2cfRHl2Y5OkmIq2X);HMC%?@^_ENEs7+_fGR!BqZ8!4ocH z6zOK8?~awU`Zm74gf~iQwi1Ss;*{GaXyH8TWJ#~p(&QT=-sjhiPxF1lbIqf=HFN;e z>kUeS)=EMB-RF$aXuIxcP{qXIOF|ysWD;QbEDXcnBLIG^%HZH{dsH^T3CKG98KPjP zkh_$V9g9Vv_~BkbkVjtV<_!8Xq1S(m?|Zga;Kiru58)G$FdWF5A<1}{GLMLlgyZVS zhEUW-(xZTvEUjsnWX%a5#E~jgwW$?jna}Z|^P1K`+e|iZW8n|1joQLt`EuFgRKrfW z2C(UNz5VL)Xja4FNOM_Wu{ab{5`(d-L|#SCT|B=2@?dGu<{vfY+(=x+9Ehqd9Ts!u zCY1SXXg)acZT&}41O{G%*ioRu7wU{_JQI0maYZ^#BNT}E@78*e;~#s7ZQ@!6wK{{E8XH zMC+VLfheo`6~%mvQQHJ^;;p)MiO6dLc|o0v=H9CAnZAi@4|dfO)40yNx?Y)3#*$HT zszZ>h%wsc8M2=#SR76O<>5X4~6 zR%ob|w_{(@P2pae73v(i!+}aius5szy|u$eDL^BkFhrqRUeg6(pn^{r?Cw1vjLL|; ze2y}Q4E7Iucl!k&KzecX0_kNtLr?ZdD1r6v`>0e={0;snRo#$L3strU5{#WpTg5Dx zLW8A*s+Zcc%qzfT@h9(fd9>?QRKsZsbK5Vhw%(K+B_Ap<=0pd-99&fi$QUrg!R@$( zQBHh1^@Mc?b3~is{k^N2lKxJ6{ZD8=qrCs)?E1#e<^CM+`=`!t?pxYhp``l;1H0}O zva5W$$wZnvL=u-=R5eVaiIpY87>U6s|Kj_N@dzMTMiUBSy?=OjbDV(^3@FK1J6Utl znd4Qs!n76QiT9`~&Hr61hI$Jwv7fLiW z6vCfi8x{s{5Vq0;@pAtEQNhan`TStXM#ZCZ6W0nm^s}1OXXWSlhK`#k(`tZFGXt&G zv@k6{SIfi3p}m#;%SJw;vv_6eBa--NN^~ri-GI_9bfKZtEDu2uY#0m22%eK!!`$pO zBb@hn3ya!&B-*=;n`UJ(M*kN#6#G&q>{>xXlQclzcNS)aE?q`nO~?W4Euu%5@K4S? zJUeA{rIwx#$@R2ctq~?j1omYJxL#xXQpxzk(4|R8KYaCt%+TV6ULTCzIAI$}7J-v?vskri6Qt06wevrP_gyN#)}vtOf97 zQ@UEzUKBU2@AWX}=)m3%StA!W5UQY-?_0Tglshb$AB;)3bpYPrwwJ$(DU>Dr5zaqm zc(-vgO_y0A(D4hTOz&leLZpi9&MT&mG8ttSanu4`2_F>D1gsW!qX zHZ5?KS`X`F%_T)*8tOGz6Sn@LV~ttNbm{rHt_jnysW~Hq>ON3dxjeH0M1r>YrH8~5 zfo*Jg1yAqjr2?eQTtQ!O!MNa0oeEzNgdDMkdQF5A?m;88LbC~nw z-vdZT?>&6mC#h-{#_bZE5qOE12C+#|Li~C> zD=Cdp6#&noQ_>AR4-&sUT#33!0ZYdRk=K$5)};|!cUwk8*W0VTj&-NB@2fg<%eDJs zR68U}XVyz}O3Ev~)Zf3gzaG8LS_fZx)W1xrf4f3C>v&x@Im8H5ugY!jpsYK)lUiK; z&M7ewK6S7>yNuFaC{vw|R7EiIl#Zy=EvK(zT@QQ*|JfPvIR9+eGNJ^tUZHOE5R!9N zKeiqfnO>0m3ye#K2Htn#n}94PzX=*`YDgo|HSDNBg1%)e2E}XXm zJg9+vQtCdA7RE516yi)v!4Xdaf}e|AUp+vrUp)nj zVe4-9n|z7Ch*ETcOO6HCB13`ZLc`txX66vkH!Z1?45P-zOzv103_GOk5_nUi2pq%Q zV=?HA^^UuxHv-$+My=-pWXSS3hAOfjh6sCBgVtIw2YFdFf)kcD_52rcp1UbOxVh@@- zMqZc{!3jA?z&idrxQ4KCjn?siZJV3PlKfE=5%*#Wp{37G=CDianbfvh&>HLO=hAYv>L2hvtv1ms=V| z{Ji?kZ0VztVq@fxrd`EMcs}6NIcVDp!>bjUXr5J$RdnSLvL8jDgpvHIQTUt(z+@&$ z-BsZGLDV#^C=I{2&TUmMnQ3%W^$SIS5sp7vkFGGLiAQ`TlaNW7l=M;}12XG}h=KA1 z*A&8&JI$Hz1c6`?w!GMw^u|7b1;Lx55-wvKz#r8=9W6iAQ<1I9vj(W~*zdSrUVL>i zhQP7lIl2E*WZ$NM+^+J9%)zuGwBUW(5I4TUNT$ydADQ&&I5N`#lL{~OSb+~`0$+wf z`J{xLx&DE98wqQ$yl`&Ov8f5|gJn%Z!fdn+LBto~$E8+Pb7j9pnGX{%jr&Zs-0;?+ zqpnr%o^gVvdyv^`r4GOwxQ$J^O{;>6D+$AlRP2uu(A3ZXet{cpgo=UZXder`QiuOG zau`EbH{Cp0A#h~KI6OHx&s2!Mx-=WYMT^1UYA;bWGTa*eE-^fu_|m5)4c-_Lrd<70 zOy#&{SEAyN&#kWTkKR3p7Crm8XA$E5Mb7Z_SjssYe!!TVs1_bh<4#dgiFEL5MkPH7 zd2s(r+`c%r-=EL*16Ll#RG?-5Sy!%p!FINmfB3Lr{C3O~9tW*fJgakq3f*mrMZr8p z%lO{L@5-DxPB!`7Rt?SfeOjW`YY5ZcQR+%}jRMOy&J04ckYw~$`=91inb+;q<*>4! zTLCsgJN$8Gw0`E3ByWdTw3~Yu#4Owo!j#ZP>{t_p=pnXA+!d@X&(&a%9^oS9^!$3l zxPFG{0>hi}{(`<mFn>>FP%74j4txY2i^TZ0F ze^dU%kB_ytT71EUr**BKG?-Z2@W53{jVEs;<^p@k{C7Mh-=z6Y-H6EWY-rz_RQTTz z)Q{>6H_>PgifezI;jnLn0Z)y1=3QJp1Lp+6rl0Fps@&*)O?Si z$j=3o(g+59iMVg_S#rE>zbDXT?ZxOZzq4<~nUwI|m_>Z3)BHMTStMguSW1oRP^Z(r zEw-<)vm&%Evo^kFKi=h=*^Zkdoa7dI+G&yhL90Ibp*x2mL#cvDzvXC{%<;Jcho|Mw zH*%+#IM!*!J-X<*r6-`&k(EQ7Snj?wLCd`@mNF#IV$Z7hrwngMF4CASb*9{nYBKVV z#RBuDp^M!Rr-lcMn(~3+J-fP9kHSd2REE%u3y?*IkAn}5p?&f_q{I*c7 zpy}xk>c+GekNNsSlNC%MZW*spxe~JT?n?0)Hp;^>%9_&B%`Eoas(x#mEaJMAqQ;G^ zr|9MZ0rEAvasbcX{7|TLO>WZU>Tp28DX+o#sK0Ynz)dpvI(Uz+=4T#(a02Wb7FFV_ zRb%#B>k6va_>ZrtG!FE`7yf296enYgonP4YXc0A?Xc2gPMerd1q zzUFUP^fjnct!ChVAne^@gB>M>Ts1p1;!h>Z)wV*&5(iCN5tyOJNfRw)0Y_9wq1*qE zDN%#b529BBqvX7#DRay3u-OJrHu_bpP2!_p3 zN{Idq?^sl4o81@bWmdHtCsvb?5(d2JKCf{`5fEIF6BH&_oW=tl-f-RclAt~N#ecs2 zEW+t2VvHy1_W*bL7#&D@HB@Qu3w2qZa{{ZRm7I|~dNM$HD9JWl zI$slYG5yD4Jz7>GYTT{OP{>GAZh5uHMyRvh;^q z+QHDM*`0#d$CJTkfqvQ7HaZ{PiHoe?M>_d9>F=+2DN2;C3GBwjli@W*nad1jOO;)6 zvdgzmg~b;jp@R!)=`+t}Hog?tnPw-B)I9*LU&7U669uG_%%nM$TN9XSLetJ3$D+L# zO-*^L8!p1^(4(TDhsaVtq3JwVCRGOr3FZ6_+%zwM@Ci`CxUL1=?R%zt!5+@0vN4ER za1V!d=86er{)L(>4y)8yoJ~_MAz`~-qzs9PL#pBo7py_I@5UiqH{o#WT%g`)Wm^S6 zodiHfHFfD=8ues zYmQ-nX=&N+TFCEs6+T9I6Ex^OyY9AO2KT2M^LC4Ch|ft!^1!yMNDqg`n~6F!TdM4O z%10-*)%Ynf>8>cV_o(df_i=Huj_Gof=%&&B7u0qIIdZISluR6`j$W9C88bH4i8@ic zsM@7c$WOo9z5PS3W-8oVoX_Jh&7ol~^Qbw)Nnwy1%hcPzEr(-X=@banzUTiQ^%^<{ z)&rzQ0HWEeH)M7%uE}(FFHd}Q+3-_I@>sp1lBbD7yGz}2OoD~dAD8O2(P3({=(`0# zaxI~Lj{k%1qS41?!%XQzwN~ox?S0?%`zIS9DEs;k9MRMf1cOXj@XZMsGD|B|f=M|og#qa+eu4YZXjQ(W~ObCl2Brjmm^jJp9N@OrBP z6|5(6$zc!5S+;ePH+{!_HK#(hnlX>&4ITG5IpLjdYptUX#*Vwyvkz*g?8UA*oAEH8 zO-JdjP=^^qsd%P>sFd(mkCOT{okTZ3%zu%vG4tY=^WCb03o?bq@27_ zM8iR%Yl^Q!6Kb*^<*Y!+Xw~#Cw3a{ZylMQ88uoxr|Iw)T#l*gHwr-D)^z_o&Qym!R z-h}{>4F_%zFFkV;fiaTkSFnEW*l`}fLD;r%z8i%u{$P<6ib5f(T&%}jQ9|?2r+T*? zmB!;kq_4HBD23T2Rnlp*z$k^B>ljKbhHqydW~k-p`V3K@J?8nBw-B4eQlx0F=m2xb z>15DW<`A006(QL2+7ugI((^3|;yT_9PUZR;bHOBy?@A^v!Aj^rZiG8Qs`;BS2!iI` z|38mQlbg1~dPhy#p;XhF?9YTqE2;Dw*J`Te)mxG8h=&`H!tdM}O}WpSx%MbKG3uH@((W$j!R1* z++CjH03R6_S z@Yc$zp?9=~u4NdSG-u4br$kJgA-{0O01!kZIYMXD$I<2hs2QU3*wxt06a9BXzS#^9XR;mt2I4@O;QwHsv13JjYL zB!-OObh#=4thWqO9Ed$qoFono?tpdS#KezU_$-M|E*uHt-=7-d|KF;=X|0X|r@!f$ zBBjD;O|8B{w*&s5T*5MPdgbpYn=`+x3Kt;}+sDn)_DliLUkwKAO3P|(N(LmNt)N3+wW;Ia@%v$ zeAo1~oAO6P4XwV4M45FhN<%Tpi%q~rONX#*en2X%pToyUcdJ!rINy=L4=HQoDy!7*&(ZP#hm>lhVec~&v*xOJ8B zs&M~0o)I{L=JA-~2=x&xMXYn-ETv*25GI0uJ7Y1-C!4{NN2L*mb$5XDlcrs@+v1bF zc%b_5;2CzsiGHB6J2l~JV!WX5odVmGA1y?>gMeMM0^AR%9)5YDC@tZK^g1H!jJNO! z6g}0NQ}7^lz@Hbn#K+f~H%fP`{#m{bub8*2*5*ZAg*vgUEd)yDqU46%CL6V$)Nk2K z{NriX^-ma(!#O$vfkE={?GHH2CdwKf@1&Uvu0I^IdN%B*9iZHPQqBnbvIgh&^`mh3 ze{$=uRBEUAcRtPRanIV(H`g55(Z{z4yk+pRn!f|mGlWSItNmnIi^W>csDewN9@{ZB z734jbw_f}o3Bq>EQ9%X1u1-hW`LmM9mSiK7!OnmqfUuei(^>x3TK@V5g`4LBlb>F@f0bz&)L;L|xHf(x__<(NzJkHQkUi8ou8 z<`=u2*JBbA|1vLCG>gdxWWMoJZs<9tK*T5uo?+O3O z7VQXJbb^FKc@r-BU4`9<7%^%+t@>evT;q(x2b-|jZ{b7V;0tco8IUJZLL=^QlqCf5zm?=2Yd^g7#N&k+pYyiRRjq{RTRdhNVU$r zG_bCiQiN~iNgUKGMw}lNH4bvCtuqx5qvCbUtvURNYUXpHyLPKrHTm<7`rI|T2A|$a z1ui|p=z+o~QGQJy{h)OK5#5`YsLJd?Q1w|U)<0dPs`_6gRY!@_K+AYWev$rY7pJMN zX&~!@5v!je8&fU=Qf^x^sgTUhr{%nzO=PQ15rwJ|!+(l-W-!IdvF^R=9+tdWO~Ud^ zTVVs{V_OQow6d~(Xq=L@Ag$6FfdDZ0fWD(obr9tiLw?Rp86roWXTt>+oXT1!VX zwnPlXDBY~Y>tVUkG4b-S5Y8Ybve|kL+5hEfb$@2;vYIr~q0BTqqtrq}2k0VKb~$-? zix&HlQkrk8{Su3^2~ea)|KvjETgEv030b+PWG^mX_1K_ExMFpnkg##SZ^od442*@? z1Wtb{P=4u=r~#K5_jwVKOYQ`DlPk`tbxMv(e$V%F0RI~`Tyx8nq(Z;(c4YtK?5o1+YL+%*BtZhfHty~c zT!Tx3y9aj&?yNv?cbDMq?!n#N6WrZ(_9mG*=l{-`ihU< z3l>Dgm`yL4-XDRzFD=S^UnO*_&k->bwwL-?Sw0I8Z76tJO5inYh-wV+!Ze)ft&$0J zh0gcE`8GR$XNUikL5*83^qC`o7-q;i;0=1}#1O_dqij1PIRvhv!MDh$mKSS276S|Q z^rT`N(nvxWk2)jxbge9SF?@f@rsrZb<&k_s8yh+XvRJm`@_%D2dS%;3qd7l~+adM_L9u+E!O zbeegUdl(PKBTg~KFB1&y^T)uleZUlIe`Uzt`7%j|5yN9+vi|CbVg6xkY^z%*Hqxx7 z;9^aBes_M4=(uOMm@x5t2ewyJvpNV+|0J{g3BY%sYNXYfc}tZ5sr6HHuHN!!I7Sf{ z_rEmUi5TerfaECi%NzPs65H)G_i4~mCC{fyj!8&Z!|z?Y<`WRMhIDpIc*sT9T_k7B z(f531knG*7xj9NntTudZ#13uvtDWQ#gslsty8=sL1k8~7%u}W zObziTwX?!H+nE}CN6BFb*!n4Ozt~YNVJ$2eBcxY#%Wf}gD~S`n@=NcOHWa!5Yvj4)fdw$O9Rph z0b?>g0~0kDm2uz(W!IllDM=!+%lcl@!S}VT5AwRlEN60ioQ<087X$_D;7eoW{JrRL zym^kz3tLl1Zg-2oyntsb_7zK(vDZ}7ld6ShP$i0A&NI)93$t0pkad~nnY)PG;weW= z3rRLz7EYw!;V>a&Kd>Jtt%Tc;Z%;do+u=IhE|VEfiDCh-EoT!oRX7oZOnj3+?yTI* zV#T`F3|w+cDs$X5+i569b(oS+Ni|Zee9a(GSU$bQ3Jss%dZxR)@1(vz>{=f{hVJkI zfjdP(p@nY(m9H4*yi&yvQ>vzfm&?edkbG;Yi+?uNOfbU_`c`hI!C_PM?DN55jrsZx z7gf)vs{2}CVc)TrlNMu-L*JS1E6U(6e7g6hP)|n)u{yC8Hp%nj7w#9k-UG03{eEmt zAdpy;k{Hrf)5k*8za`DakDNtc^yIB)9X(>T)}~enbyLpaPjK}|Yl*zy($xT!F2<<| zV`Irj651}8%d2K88~fO)seXO4vX~g#NQEF&UKb{GRoo9-*~HA}f|!z#q6u9Ef~*{$~s%cZKPk z^M@hIcs1aoL-(}t3j)bv+vC-mZgNC~99}jz#4S^AP7_t(gJ9K@0ZXTPIClZfn>qBp zG&@5jnPUyqd%K+G?54m46?kR)@p3QWuQ9t$Ib0PyXd!ttLBgXTaKL-~EC=1Bj&^q1 z`jCiAkWgZdA%9aG!Y&44S zWo}AQv;Nij)wrYudc2(~=+5a{$byD;Y?dvm$^rh|Z+<^FJfOSgAR}CC@B^d2Tv(}^ z#M{Hzsv3e}O&w`LRNt~9R;CN%hR&E|W=>tFv}-^gqirao2M$~car_ntd*Co%uq-Nk zV5c#CN)&SnalXn2WJBD;=iCu;ONU&x))Av)Wb1^Qg6<$;{WPiN1FhQOQ01XFkVyE> zh-@>kE9^A*E96vgHNVT12sY-@@?~kUbl^lNG|V0+q6o0DHT12WhfQEhz%ycHwFauE zXxmgdPcyLE6f=wteu1a)j7qC~m$usCcfUb{Rw-a1$?g|wEzTj?#$Vfm??qLf-(W-+7Xk_t!u53mCFl=-=rKUSEmSA&?|}{p%5R*~rCY z=K;rn-0A_*;V${$bs7>fC(!m-o_HwD{6U9BOFr&BVE8s=-B|@GnVA0fBRh9C_sL_( zofx0jz0Hs6);u&06tl1p`6CU@%>|Aa#3_`7=?kLor1ZVUJZ(ic@ER*GKKTR`zi&$~OeInY5}Bd-$Z#<*8OWto0BYVbDoP19@&lUQbHL~O;e`(&3;retE4@2N>A z-xuwL?OmI@Uwgzg!V|biMlP&&rsRH^0)L+;1*Q&JJchY&o z4xOJmBljGvZNTwa;FWE~E~$2;Yn|$`0K&uV;$X@qG))C+Z$PMoeqz8{$+}I|^1YJg z-4Sn7>P|uFV>(+b-=pP_uEs^^efHJu=W903Q>01S)5;2g})3qfho6zJMhXj6l}-e(1FXL;>Eo>kj^jMEj<_5>(xp; zc7He?++VI=Dp~BEIQEaabKy&14BbDoOO&)QyUtCXrsDirl^7Hra3RipD|~ty+SKc|K|Z zNUg31-bV&i-%0@~;dTIC(fu^Y}ZUIhE7=HW<|pq}j85IMlXeC{*C z@b=eL4^Hz~!4%Bb{5x|kp$}YAcAL##-JAp7HS(mp+M)P=8O6?=w4dJQ6xy+vB0!g~ zh`nv_Xm3cUS%oJbR69&zMs*-+*&NPQnMw|Mn_g=^<`z1`m9Ps{%yuu4a7k=(SJi$< zBWqAu&D@2gcdF#_%{*8noUk2$_|j=+6U)b354?39BQQq5F|u#dL~upkM8+TMX*COWNvbDc;>auM6h}9Wt`l{0GuD~E|3G>(6Gu7}_(I=C66wxAP`(h>W;1ng*&O}r0hsgk*sB5AP#h5fsy03nK6{K8x4f+MGfh0}y* zLL{UeHIY|}184<$ofiw>w*cRc21Yz2!NW;afmS)zS!PyEiyibZ65pyTlY*SaYF+T~ z31d%#l7&s3$eXhdX=aOGR&a{kcb(n$2vbE&0hhNiMsVJaTmk&pkN}cx`2CUIfO(bS zp4Rl~5(p27NzH$pGrT@{nD$$9$Sy?ts*C zN_Ve7r^Hs5EHTzZ4UKDgyGF2+Vqo3~(w27{)3#OX{SsD@q>L_-bGv1RAGq3FPZ?y?7| z>4fPDcHRXO?1)qq+E}Ol%jh%ZZ*CkPx#6D){mddR^yl`v7`-WPGE(FCL1A%NFTe1k zK!qHr{OSvJ(q4=)!KDiOyLO3dr8;@T@-pnBIZ76|2#kV2FS>lrpzC8eIJ}H`u3&B| z+21sTS!=o%gQul9Xth;MllqZ|2Ux%orwq&*QQ@F2Kz(0sYi^Dz?n(y(O|zP`=8YUC zX^#3nTU+IC8C7R{Pp_&>1<_P{djJh!r%kZs+qZ8bVXB%gq_}@{(&o`*c2cUiu}?3b z`u(bGY3**>TEl|pko3`&74a2UJk4}T3$FWkmq(Q@@cuP6iMtrVw;wCcpSDG@NfUef zi-fGE<+Zn{&c}kv(kJhteCe0S0~8^?;EQ_l#|FD7hOO+#dID}M5NRoFOCb=G^s&XQ zXt~)Up? zn5;1T_5{gDY)$~=zkkY<(wviKW}rq@`rK>6mY3f#Nk=(4=XJi~kLFCai1s$)v5RTd zFYnioZr2{e9#dVFW*47>&#O0TjNi(Irq_5^B)2^$ZE;t3Q%Ws=JbGv8 zHCS74vmqt1jLZ$B5=}KFwUn8lLF%VaZ*P}C@WK9Q8;Gah`k{J_TZK$ubAHIgIeIjU z83idc{5_6=`8<2wieFQnEi|ucVh_*JUpwVr+;OMg0aWv7c+}e)xg4nr9%yS6LH-dX zD1D6IEkZRW%|X+~EUehGGL;nCEP84p!+`Rri94pil_iQ06$Be!Hhk?)J9;-a{0n#k z2hAlNax%`qeQLq&Zd8>CvF&Z>Km$l5JHg7ttn#9bvl_9_rCPtyP%VcvkcSFv6Fl77 zz$i6@l`#^TY{bH{t3k8X%YW$1&OHmKQ>aRr#8hQ?REjwmerSiFw;q#`>x|jgq#!VR z&630XL#L5#C#c)Fh{A)!MizB_O8c<7rU0iuvg_-Y_-OP`x`PN`-tGqz27{Hk^4v`7 z0RGma$Ynz2RUu0!-O0;_E-lY`?+OEeu??4GY6}wlIbu$qWfY1ck??3Qe^|m}zZ65M zRXNbF+co?t(2faikv%m@U+gp0m#Ju)@_B$x=K3i{3O(Q&S*U1!@Dp)p+T9%2%fM*I zu1?oVx!DA!+Z9HQsbD`Xsfv@BH3_nx=I?Z^TdW$h#Nu)*+c*8eBE#9JFf3CegWOYSt)lx` zub-Tm#;cc2e!4{vv5P3-VrzI?W^43yU?W~xZm~1atpX7G?m~B}ICN{eyy~R}CNgZ3 za%|#}B&W{J?$X)dQ6|4H96TncxR{=-)PtZCy>quM3Kc>_QU@!>w(b%Xo*$PSjEHLB zXx&bUi~KagFAH0~qrpK+4Iy0fh3xwPX@Pm9FpvDK$>VQQH3hX|4Z4edDQe6$j+dii z!G)~1z`BkK)8?BQlO}FU4w01`lA0vF7Gv+TKEd-1q}?qDd_QLyV}`kSU2c&?IcyKk z%nK#e{^EAt1vNR__}iWR?bp>+j*oWhZfy;sVYI8O!s+DS5qyHjq1ccqPfMF{Q|cON zjEOY9SC#Cl0Bx!<%yhm*6*eyXj&%zJXH##h01_g|6Cj()&p_cOOAEY!qZ0}@>y!6o zT5U;N$CB(%WOiDz(A4_)VkjQwWK&(_XJ@&Y1B@2>y3*RI^`pmxOl-?ZgbLuiR+;C~^@AQ15++RfO z_|zm8?=++De0lLo8(8Q~wWXWK_T-${FRM-1rn6);iXJ$jZ*rgnF_mR&FpkzC*quD= zb4yi5tWPYsJJ3sf@`!X(EBhe>BI3NxmF!@%7wVr=3bur~C?HmypLn%fOVeC_!NQCo z)cwwov-9Ol2ZyOaZT{q7i&ktWU4vWK-h@H2WqHv--1a_+0MOb|TuvF&Fz468xLUue z+H7b+T(`cU$d$W7s%%PwT)6224g=}yk1LYM%pzt!QPO(pKEf=s9TE^6v4+ga1K zrQOmxKwG)yDG@sV=ZqegKRMv|$IjP159e8F!HJUPQN+O;qG|5Bb7;a+CYztfXC}m7 zQ97@*scJ$h;QbuT`};O+S(08S!eh{u#5gflnjpzVAyp}L<$l;Sb{`1;E;c!a6+@uk zw7CbpLq7(^#I^9pag*MDnzVonj@A}XZUB{n+|M;s{VX{_T3@D5d+dBn&)F^Ux`dYw zBj)kf8+RN{M{T+JFs;h8@@nb*@Jx9$QVFxeZi9r2g<$3!5M9r+16&~+aEGMxCEQZ3 z(?(7M>pG*0rltL@ei_kZ$*qY-gDcso>Tp6EwB|$Q!hu!=Dk8r!`#b5ce1#!ENM;$F z!pE>owLFU7CX^c*q|g1GQkCd}R!f6+NK2d}x)|mEdfv=^z1&`OM)^~rE_`FEc;o4Y zN?4I1Ikix`FZR>Zd)jdNq=oO8>F(bfUIXhkECPmc}Z+H8xDaVsV z*IU{pdKoSw_qhP+q>W@I%4?b{H+BN@+&J12WPfV&{37-VLwax$IoE``BjHZjeTvjO zUVY8t!J%tcWjtb%Nbkjm#;0@av4%r5m`Cw&cKkm@2BD{C^6P)F&$OVp=r%>#~;WJs8+nakXX_LvbnKA#j`c|%>u zK7V%g-joXyLDav2Ex((uNpL9kO^D0k_4GAhMb%L^Ujd5`unXs9L4wq^R9-Foja~USf zd&x~yAVJm7Ho;zpGaodI1xt$r&wJ`5z)3q>F!kPQ>YGT2%lU4<36X<6!UqEVbK_Ib zJ!DWXTetU>NOi%569yAaY=g_se@9c-{CJz9Zq?yv26W7KyIS0|=&v|r7mPs7A}XiD{V_>&d`^FBMjydh z@KynEVcKC!56mtqWR_Rk{c9zbOHJ4FvrvU0-`~Z%=i+8SfnRm|w34zaqap(!NhPdy zAKm&NPCeRpJSaqxbzvt7CoW_gI+isWwA9~NJ%$LNI&!aTGvr>Yz^66J2&O%i@#017 z+?MhH;~AVs9I~T*>!x|b0)>5G*BF5c5Cns4M0zf8HRdAy?Fg=--~Vo_8s@y0=#utJ zpnFjhqsCo>CkUTwY-D#_CI=GK#a~m+cpZAdT{pK7m|YfbqJHsM|@_qmLqQo8}3 zu;pE-O}%qlG-xXH`;Q`VL}sUn=0n$I_7%9r-2S8Vmr>s@mxp!1#=iNfs@CpKbDD`sXQHa#LHjxefZ1)4XOJTQJL1P7L$u z?3c?g3I+FQv$qMuLjS;G8M@iOe@|Qw`PwifO=m3tLZY$P<$gn z#1QIRhAXc(1*$Y`BMW2z35L)h45Vxy$Nbqm#bI1^%jZ5NUI8=`RkF*dhNjiiy>27- zSUyiCWVuckHgVx=2@v}lZ@pumDuzH=uP2%D0!@D}g7^rA{}X07HMRAMA+(FArZi2X zxMfe7J?bCxWLUGGo798b&%Y*&MYrBv8n)~1!?Qee2c}@Q%@g0_T37k9PP0i*{hkm6 zxyrptYI}n|<$5AN9+o!YK>>+ZfBE^gupzuu$x`c2V`$K0_T zKd4s>eMpv7baegopI)Gf6nrm1W9?Arh5@*=iSFD_lqUT!Dz6yY6TPVu4ZYfeVO2n8Z@Ak{?I|XIv2zF$WoOa&)Vw zFPjvT4%qh%;PzeWtI1}H&i(JRBc3<#>O&KI6yVlA98X0XCRFj;OlL;GuUq9-Ryx}4 zH*MbN5FN40tFAn!&4<0d>-zxkx!kXuWx`Abp@SWWL49Rsm{_zRw6+$QI*_I3;hckB zo+6)?fGF^kUlJ%#G3(x!^@~lqhA(@_myFiQpS?(5alsDQQqNPv3d~)Yv`$=5mfv}X zXSI$YA%4!qXv++*mf8*4ybAepI{Lh*GWtGbNkx#CCGO7dq4~B3h-ISOSN0*cxbb$@ z9znys@_%%j=2cQFsn1<1+d>u6e>0v!vy)&djZ#kGwo+L@t@dkY{@K=2#m!ARb^M{f zWVXrDruTKmoxAg3u4Aznuh}Z9iF0zLqv&K;FynfGyKhK0O0MAkW~ZZc+*~>AHR0%x*?uAW8*Vr9c>Lq0RFjii-TD7Ak77@ljS? zo&`ZFk2AsINcKC7yBg1OqdWi5%haDy6`6rGqVWv2)xhEV&PSGkj_WdFi6-Nkv7Tlv zMwXkp;3_FQoqd!ub5o=Hic#$kv;}rE=HlVwgIIQGj6m>tuv>GY!Wj%^EZ_X_cHZm^Oj_XV>81y}zX0ZJ7ooO6Q1;W~K(_lgR&>H-+5R?y*U8G0@jg~nC=nwRY)c9rQMJQ;8vqfQ($+z zp3N<36o9~jowvDdLn>3$y9?jnAEQ!DM0fsJSk7&8#~X2PP%$^j@bir@5AkgjjnckK z&3X8n2{B!;V-(y-$HMqc%aOJqHe44uG195fb?A;nCJH^ zTy#Dl;OI4WkS!XnKR2%~K!uFP?vms9_>Oy<|Cr9_&n>)q#g*k7@SF9;-dAYmx`8QR z;s>z=w=ws1f?+-iE!R-pb`1v7`O^9A#XHl7%EiLV$cA8YkqvfFspZC=z3N_p>JlD9 z9lVXwlBJBFffvWOuzIM^Z5`Yn&Np%*JDss2x2}E1-rBPt_5pTt-WP2KAH=zbSYnNg z5U4yejkz%d%bn}S?=*CO3WhWzUw~BZmTV%X;ICy77ao*QQ1j3>Pj-a*)Mi|f8e3Ag| zn-J9)MNijSy$UQw+t20%xXw0OKsR)Ru)2;-#jsg!be~gH#5!AMyAZjGKERHyK+mA( z9(IB=q0(ovvM7A(^~C)~Vn)9=i6!qMsPmJq8G}ms*JcFV{wh#MH$8*^gRjHXDx3k% zKico|@l6M>6InB60r^WYRJ{sK0%teEFJRsb9Q(a*|%AP4)f=NDn;&-L|Yo?vF z>f%)00tvYW3%CuZT*YcfV_&bAy1CKEkS^Ko$$hbE?7I?1pI9`q^yfY)zlP)Ut&{4h z-m1B|dp2xfo#?zy|K>LDE--v3-2=8UuOH}N_>$S6XQTM(h@(Je5;#kXp29-v!v5gr zEawQ1`@C=O;JpVR_b=NHt$ddU@5$VDZco&5HyyC}j%B18EfCR%?TqG|xa^;|V7=ZZ zO-eD4jZYZ;v^kbF#j9=7HO1`x4dv5e)C-gfs)l6Sn_>d$m-*XJPeLF*@Q?K*9l9eI(`Wx6%fm+%~3E6 zB`nrW#}&@#b(RykKI2;9L|N&8Ek9S?;hvuSK2Cl@>wVvfZFQ2Bs19z#rcf6y!_mTz zAmk^fmOE@$Z1am_8ld+7V3XV_)K=Z*|7pIBK$Do|QShfr*uGKS5R+)T-DANGqSdR^wLfD8_48VMTOCv-@%MTj<9 zoqTlQ>&2KM0#5ctQ5Bl8>KQEEbN`NbVqI8oC*jo@B*#G2#nCaos6&5KXImhNEjKfr zaipJzcf7n2*C7)^vy)$#QJT7vh(jnjIV}JsvDz%;f~$(&^c>7yy3{ zsN3W2R8*g`B`kl9=^7IXteIWPvK0xZeaabQOPObZ8HWWS z%Q~(8a<1PTuE=EREz)rY)VKW^p{~OB`4kEUB;6O{A^qx})wI8?>NT*Y-sos|&~AQ( z_Zh@BU+Q{}%@yz(9+FG3`F_8BL+5;hlU1=Q-GcFH0zz{^VO~=KehGPqIG$>>%^yY- z28bgmFl9HR9WOOF4|O6j|4saD?%_8RqS-)6;2Or;BvS^_mdec7D@i#E(XT1gjWqB~ zjhZTi;`)Z5*6@IN%!|5nb%!$ZHqg}|pZJ!uL^C?thsztTfdY79 zXj=+(qtZ^G{+0VQY2BMi@BF@B=J@bAXP2fIBuR};yUAOZ8izybboN$dAp>7i8HI>jov+zz06Mh_1VlcMWIyGw*($k>%Itk-(^;)tdKi zc!$uzIFqO3vCJt3V%vf8HsjOB-tLKYO6VIX9q=b970apY@ni+(wOWgeegX5gz>U20 zO2lvC%oCU6%4my8warswaGR zJov+=*oI*BVjE(w&2*X$Yrv^zadIiTWF#&1a#;kRW3he0qfxU?%RZixhHq~p4)kUJ z)-H@l`sZg?N@Xg=&`Qy!h#?ALavCL0I^u%kr%DLp`axSVsd&_9uD)1eNLMK4`RDAP zq1r2rtt*O$0$k$3M&vS^o5;^BCp9r?hoXplGkjrFnflyuYn|YQ0Ev>wYp39_aZ_ib zo-q|!hy0C)pF{R!viP@6*=xz?iJiFXv;mPA6WLHv&772tF5~R5Ll_roL2=L4ujN$0mrJG+T)3oHFn)%se zd#Wn&Dk4UmnhZjC>f!QhqxC|A!=E^xZ7DA$Y%D}8+3DPc+8TTrgZ%em?nW9Bne|{g z4D9I_unsp`vyXoX<;Aa1^^y1Svb98NRa-)X<^!r&0N z+~e!JbCgMutJx3K^*ps{)EUHa@n2p$6=B#X$;3tL!5)}Vme4yMg8#B7Ga>kt&$9>7 zaKMWTO3k6=dA>3>yel|S%PJa~JOp}31iqD(eS8b4<#&N5)!vq{d^8G|iIC?Ljrh`f zYRIT*_HlSd8UNKE&p>Z40^qNO5WFw1?RgtyjxH!-^1b(S{M2!LT$W4EOfGxi2}*fg zCQ%J}JQhr+bj#;PRpEyKl3yBy^yQ9dujzl2!w@}n*;Si&$#v3)EQA5r?}Y{2!=;-E z&j^OzQ2TicLFytffeYD5Fu(oFyl5A`mEk*R)?w0JAf=!c81ezs)PEtNTuMZ3-TfY< zqOSJ}R4GlD=Ts{4qBGMaC6v@oy?AGYi(@;*l9je(#_tIAP+oovDJy5<-D-A1ZT4ft zZBsEQs6Ko?Wpq4yEDFz2(xI5&Y#Z0%g@@s#@4ko3!DoS;d(KiajY8jY$Me@=2jtG= zPt~h*fWPp)1FhpSF>Z}v!JTUvsZun&BV8F}NJo6hpnwLS%PD$< z{8TiFIO>&CJVVNf(?NcUVOcKpQ;MHET%jp4u@+2V0@mg_mno)T?9J>U#inNACuzIa zrDR?gHnBSx!ns|W+A>j{0+oi;mMB&zz!MNjSdR;jX|pI1K4n52BhR*p>=yL!HSt6s z_=$J1$g_AQnO-@bD*1J7f0V!FNd+ALC{`cAz7;|u>1e00%%YB|l+e|tdKM(}il0v4 zrwUO61W86X47Y2OvwtM5T0fjGrJ_x?7)qi*Nrsu7jQPxl%*feB0oMsIMh*AF?0uV^ zOKAxR-x7vI#S0Hte*~R$IKQPt$;cYLn_Y zhp#n)yct~&lHYyQMEhOm@O?GRzGmUf^RE$^^NKwP?FJ1*_PbG<%kK!QWWPjGnr1|r ze-2|q+*g|5h7qe=JODV2O9x}W3sLXa5}wz%OK!REN&K?vH(^+2fGL|F7C0DTa@MbQ zymOTNms%zVT(;`tAJ)m8D`Df1K8-^*R7X4kRU20rs`oxfh$2vke}ytc^gvKWUS0-B ziM<(U1YZ#N?4M=)bU`2r$2fu2hiT9iv4)6V!30Rir>0ku9ZvG$ON$VHYi>vTu)fIa zJMnBh3oR)nH3RwX0` zDY_`7f3v7wn#h4xSWKW{a2q7wVlDen;udr0{_C;t%&u@4^MMk>6c;oCIi1W1a!8KEi=16BgD6K?{|Ww4tRe!k%Nv$jr3+gG+r=r1@KC(P1YAyN2+NW*p8iAce?v-{aQa~{fc$lF^Li^*=}=AsHev5%iW|+ zknH3}14Gkx*iWz8{(^(;Tl`etg%k7s;Pr>q-!_0u(_UgKyyQl|fzoLZg%_TXx`PoM zK3Q%m{14W`QV1=)^ni+Pvop|Xv_1|^|G+Y$mNpN8X#VDdvvWHP=ikj(;(+0_g!4{@ zYzAu}A0Xw-S({gH)7~7A9%Ep%^;LQPXfhdKVbZf0bKoRSfMgvh_B zRb5r|O~-DzW33eCac&O-YEXXTjmWK#@02U?99Rt3Fk#V2X$z-hHq7af7`uefv6_Ai zQPz45i80u3v_Vc7!M!?Vxo>H}g)=|lj$UiwHxme+>dVD_?Kg~nr-;pY!)OWT77v~x zz6f}VO3NkV9v^`iet7{qE%-+}8=@)mc)Y-OtRd;so)t+e&xh>Saf@ManHB2uf^fU9ArZ-ja^3xKzUx)M9z5y`FA!5AB)cTrEST`6##87`2+}}bc zyD!WxS5Ggp?-f6AIIEa9hfQnPwKw0>CF;{OqAfdeKL!!T%O=Pj&dpR#iCJ}rjgCYZ z_64Y<6|qq#LgEH`PTv@@xLbJW#eh292?VhX5EMnb$?py)L_w4!cHP-OjvNSUH2S_i_>*|&kOC!9k*X&>jb6SfnOw9dA?UA znfawd-rUaX?4ofOkLtbrIVfSl?iU<~dnaSYdAc0K#pp=in-1F_Ubpt=VUjX`m^Ib|?V#XusP z4eQM*<)XB9m2l&xM3qGtF^Dxhdb#jxU;rC$HdxY3E=2A_b@9DvXR?pVV+Cu_4Dx|1&e;M@DtXiW5)2wA)I=^#rlyKv|wJwLtvN$ zw4~o9e22|1;F}bKLr^CmW~@{{tS>xVUTV4BJ?h0J`+A!;ttEo!SuhFZLg4Zkc5S)X zU`M3HX==pxbK<%yW^d(tl%Iy;nd)E5<7GWWA(XD@R!@OGc zK{0y&Fs{nj0Tc6pj%D7wN+-o~d`)xsRyp(~#P$vi`Ov$q4#IN-uD2@%#55T#SwdIo zk5+yji@SNWfKQdi&~vt@Q{@(iJA~H?7Fz)I(`)sbYoo z5MQIFWkrT@(Q%c3q5Ii(N>%cLtg%_xj_~d4er0^fy8>T07(oCWMj*uU(ZO#*btW>z zGix-EJ-SpB1EflNFC9Kc6U{kTFA^xl(JgwDMtpTHa-Xrh`h(qlquwCI$XQuG&puuV`Mg5HKF0H=KO=eOPm*HHUMRVS(7R@$O#D+p4W*;P-X>5pr&J{x zHt6$3@s5sTfM6leOmYg>QwgUQ#lC^%cZxCFLxo*o^G2g9C+@@kg{58g>~9Edh*S0r z;Pp}dxkC8e;A z?;naVYf)`p3=OiCYp;UP-ZG;6akJHfXf)cHDRR@POQJB=JQkF~?@5@DAGPuRcuAyuL>s|7pFUv~3fw z-s%#sCerC}WGiw93V@=Gl(Xu^by`$n>9fd41AXYy7j0`YjYaJAir40RY?}fy_R1v= z1W|mO0^&Umr$wAQ$BBx%Fyn7q`J)om_ zH=LL*gUd$U@_9YWE!!KMzlj%JW#o5Bnz3#=Q+o;rfv<1uK~4(_sT*|lL|%Boa%K;e z+;{d;13x%**HI`>&NB5d8>pgj2_AC*PZ9t_ZniM|{8xvJy5(lQ#1BIcm4$tFYwWkq z+{etUL~T^2hO~?*q4{y0O-|S#8RFNKr&)c7X+ci6B7WAVV%2Tg>O3TPJ0vAwGBAIp zYQWM0K8c)YZ2f>EXjm@k%<=(ORj|@FO7Bmc<$O0pxOlHqaW7gveZQgGbSVV%?Tib5 z0$C0x{w~|vZa1h{)%O*<7|_v(XlgWLRXOIv+mTIrL;yScFAo4Vb?&A&u@)OaS~Ol5 zTc8b+zJk!F5;!-l)NCQE2i`x5*OB44ew-k*dkn26_o2|7Oh@l(_7SSX{Z2{-OIb5V zw+!3K?rEa>YS(iCOFyd<+0MI=T|b7iF(LL;D1k7bY( z`#?8t8GlK)Q1eZh>;>f74X88&ISqsq$~*T0GHX~P^xKR5L31h+F~OgsbhzYb5;TeW zt>%$67-XU{OMI1dXGmft&0{zpi#Ut}FpzF-Psa{Mf5szr0RU$cx z5E*@8t~I^3TrwMw)4E@Pld<6}D%SlixQqo-?P`^LA*8rrg&6MG${9y@0(Bdk8aAdu z|8p1zlf#*%YYzYK`5(+Vhi{VBbDc3eL*H3YUZxG~x$91(aewv|Bayn~NWP2K>NQQ0 ztA=-bSCgc&`{UDb);ury`=WxZ4K?S76;Y+dQ601!HNy~(W%&WrDiZ!thTRdpv=(9O zakA~Kv#Lbi6e(mkEv0Kw=!1Pi z9WbsIZ9}>g^^T*QrazR<96nqjQKc-2Bg2zf=Y=P2GjeQDK2k)TMRGoRSYwclY@KEo z*Wf@Zxx^G<~-cf&01fwpJqglA8u#7Sfh@ot$6frIqS#^(bOCQ_bw~|!7GGVA=!~vavbax&6T(JcJvxkb;@M~@= zjtAbdK@B(O3)S6U?-F7HqBPN%PM8FC)&L6tyXwKkFCAH5EaH3j+?{*lTCafG<%al5 zK<{Ow?|QSG$g=saS2?T99;ZL?WNT3Hqz}k4%=;y8z})*MB@9qg_6IckQ#KK1asJGj!<6@zvwl_|BAo5cuSILt1ag@M3=%2UXxg@F27Y zCx8gWVN@$ul99QZ!f`XkB9}h!a+%)HyU!k&U2P36ky}7ERhj)NXbE z4H(Fj^+d>8W|da{Wh#});uup^NoPHbD)zB;nyTjU?Pf4Gy;ZjDuI`>HB-!{ufnY4t zEEChJ$ZFtKvZR_I$vj(}Mh_z2VSRg^o~c0aMrSqODFu8DPV5%S-*wo0=-rFQJzE^= zUS{4{f}G9_QR^q7D=!vB=vWb8qIRq*wtvusl#7B_er_{4yyoPjQM6-idxwt^#xey9 zi34hT5A_wIo#4e5=<%5@sUl)wL%n2>r~}66`moJTbesOX=Omq4`8`CF?do*bdr+>C z(0INO;iT9c!3SaO;Cxz1aRbD@+FZs+&d|!r3x5gN_H|+aq*m6-n`mIyu zGgdHm(aW7d8|(WJHN1e^qr_ZNnAJ#bti>Puiy1BO2pFCB&{=%9>S`ITqElfQfOv@a=XN0 z2I$SnM&5n)NCto26%t+Uo5_I0;)yc{0zF3xGl~5{&-2nFoWiIn2MM(-4a>&+# z#ADNzskv6D_=Pxm=s_@Y$+ZErLo1n8cl9Rz+RmHu>Hy zWuJ2Bde7z)Nb7lTfU+>oysm=7uVjPUbia&&VOZH$;oY-KME*+A#I)sH{eVgj9>)zl z%02AmEN($P0VH4E=gdENMj;DyjL`TT(A$Qly@BHv7rksO{q^A^OuqxVbK9RLnqni- zEL_;DeG#}toh^8QOLXU-BN<+{R3Snd&t+wr+DDN8&{@h?a8wk(tzq!$Y=HzE(CfQL zUi#pYWU5&eI=%i9l~FVsCc7 zB1c@u@c~lkpIC-bsE2yhueR78{$nu+RWEG=?%)Na(4SsLyGKRf>>eZF$hbxns6nr9 zAK~`Fr9UGl7z}`T3h>`8=s&C}mE$1_5kHm__y4KJnia>I&mZeiyKglhZXKB9?+b9a zXy8XteDq6GgImQa8lm7^} zV6gQ~bAjXjvL(Y0ULb>^pRVNFf9=G76$Si%$U0Zz+UZC_{HG=g*}%ul82InMFY-S| z6|wz~H3F~{R7?KsL=X-BbCJU2g08-4WN=Rxuk<@P84SI^3;GAvb%)+|C%yldNg&$@ zLv-`+mQ%CBwh{Do0Q$d)0{-1@bS0mIp$QiEgfuWNbe@F&1G?Q$OF#4aQ(rE0B>N-$ zAJ`ed_zecZU(o*FMF9{6{XfaNM-2sQBIqBQV4{Kt=ZKKM|E{lpjsp9Jf2VHFZ*FR9r@K0DkHeC0g2J(MI0e{UGVj*%6vjmHK;^399fKd$* z{vW7@Eb8A;{UrRK*y;MGf&5=Y0sn8Zq=C*z$$|J^|IoyLaX$ZL)PGwe5ci?=zb(>} zzvJKCEwT;ie?#@>f1=v+AFzOI_|U6=7|6ei0-nwmh=rg)JRaCco^B06Q2iwQpQwIX z`oE(ZBK$wF1N{$Bf1Yy`tN7LJXB{tzA5DD3*e!a<*lgnme+B;jQ0yo{pZ>y-zPe+) zu3%lzbY0LJI-4M-*t%J_-28iu>fwju)W+Yxr1~eD=On8qJvHcW4vP9uzh2w1>{|B* z2I>{0vdo9hy0@tFO4&bJ@Sp<@%ehHtye-A~z5lDLbB||w|Ks@AHfd+H%JsO7lcdWr zkxL0D3Q@Qz^f#bDvZfFj{btA&MAbR`9D{`iBwf zbOkhy$zfd)5eIxzJDrv+UjbLLS(O${@sdTC8x(DsycOdoPhMbW<(%TOwv)IWqnsOE z)jam0#Su!;P_$|+@4YgNI~St}(ghzz+2gB2wLIi0bL(Cdm%Whc&VTG$Ji?9&-ho^0 zM4(T+@;G{y)5Ex7!;0|ccM9`eL0nx}=jNs6&2hwQPqU1DWIj`s;t5i#(-Gya`_2_T zJM6Ez&}?#K!P-dB@f2T++1IVwp?2A3SJ0Qb%2qDDmRrDQgxEaH_sam8f&IhG>0_a# zqLj;M@fqs!j8G2bQHt~7CDT6F?)sKC(kxsA3Y_xTWZ3X(L`?FH)!G9$GZNBb(g(~* z0heq@iz5p&7wKN96Fb86d?c_^gXtQVy9q$C?gHj3Ij4M!)1-I(at`Th`}#ds!3Bv_ zLu*bYL^TN0!d$~vfTckFB;vD}eFs#COIMHO+bfid(Hq z5?*J*7b~~Co=@7B4CsSF?rbA!Z_LMK^hgQTowv~E)cyy!m;Y8UPoT}O>tEQYo&;jN zX0iBn{~&z%&^+=~yQmGh96Gn&1`1bEBg8q-k{>^`vIR*oU29>Z#QeXkqtgSa>2oE& zGp-Kb=Mq~dn?M?OUT2;Y^rpk3 z?=qsCu*lUWV|3Q9rFu0!cT8|yt%8YQXSLtrE>hP5o6IX}qFu_;hwXj0TQ7$I;Mux8 z`1(T59Wm0;9tx8K0AMqKe0JXD5yeU#B?$oUw*i0>KpE{*28+)JhUFP;UEix5G)Xty ze7w%hvm29LJNdA-g0eKw4SQ=Oqj9c1h#9Z(hgrx&U>~5Z@q{0IyT>len(^O zeA7Y}KXi_n1c#@0!Q5}<>`8vuv~jiVoEbxB<@a^hz4k{9Da@wmBZd4HqYGTq5_)hW zkVxkqZaA+XUz%n4$@VMboj@t3>UhfaOpZ?@ud~tY!11xXCMo(0H@(Zk6Tg7l>|R%JwuaZ2Vb)k9vGz*{(3gqvx{F(LGN6LdzsGa@3)! z9%GbYzFs2#b9sT`Jkjp2S%@@4m}(K~QZR+UUNIHD>&}^;*zc59=w@)S%EYs(T@H&l zD8~h7ZchJ-4e6N8-r;y@-BBS$|9;*=C01%E_RtvnjkZ*wWm?SZb?!ES1&LmGYX)&p9g|pER6R5h+3!wmHg7NL@OsIBsDJ(Xwh%$GE_%$`oD}JNSjMF0V94&Cle7!< zA>#=LOk>FoRNNM3L!MvrB40q1$n^*}*K!0s_eERG$UVuWD7NQAmKf3XQUnR}vi}0;;xK z>!_bKG5qON>&9EjRB7evmb)a!&p6-gP(Sc!cJ)M}M_b6vXbi1yLZbq4Gh>VWMxd#Tvt!Ju=X-0)wdI1@qfZdkSS$wdUl@w>ds2Du1XUw@As; z`8V>CP_M)pQLx+a(w~0WOPuUSp5f%%GK*rT*1zXNZZApg*PMEh#`Pi{CBNv>FhbbD z*#_(xu_1RC1bc0K|L(jen&a1Gj99ZEeDJ+C1a`OTHtvSSO=Ox^RDM5oAfh?^kY>s4 z04iSI`b>d~>>UE+MbhRMHVOgPfs6lJv?aw#Nj(qJYq$ln?gV%D;2Id*335Vk65QRL;O_1cJh;0{aJiE_Z@#MgYijE3 zs_E0ad-dwoJ&E0rMa7Uv%5soU7;oOZfqkQmY!;2w2?zer$skP|g^8Xc0^~qFEGPl5 zvga!aJ5sRS7uk%0ad_~YwbxX63MSTqQT06cw;Fl_#a3BTW23(OCiKS1Ebk4{s@5wZ zJNQZryr_=3_(*gmL$G0#m#Im!{hQbo9TAlps1v>^wZp{ZAEeNTF!4G$z3X?Ql0;Vx z!?o(r6Nbnm`RNZ4p7Apv1^{7o(E`p!F1y>4?#|XYL1u#kdY{CHysn=35+eCeqCsy} z^kupNAS3!`mHK;1;B4!P2btSa=3Ze*w2a|;Vgqem99J(NgKt<%YB+KoWw**~4pMd~ z>A8q4=S*JU)g|3pPK8ZSr{6Fx##KAjP#C;%#blayjvS*{PET07#{fkxUjF*c{r@?s z1{R|89r7PHbr-0`aW=nsgX9Pm>o|cEdj|UsX!D6hmr8hj)Wo3LTx|c)d~|PoI%;QR z`q9H&uETf^zv^{X3~Rr+WtP0SYt+yP0Ro?(vw6wxILK=5SEt_7(mOmQ^q$u2gli(Z zj54}n*Dc_Un_?_9+GXwsmvx;X6 zz^WKKEuY@t?8i8szIj5?wEo4zvH9(&s{IeSwy4b7>ef8ku)5mKIxWM;#I?&?-4)%R za0gPW@Xsrt!VSXsWWJ;4of|sy{?&)!u=%!gF8$NA*A>tq=m5XNK9hH8&z|9V#D2b& z{hH(C^%0NXuT4)@_a$*H=mfKQ5#+83fb{X6PwUVZ?RA@TE}ZXJi5m{?4R+6T&usRd z9#`Cc8EIKI6t-#}dA(RQ%liu<-S5229F(QKZ#Ca7&owjfg}QAe=zxnHI&%^7qf!d| ziP-Ya9!l@xm+;;`ze_TqkEo^l^}sLQ=epu62aB7tnW5XeSo4MhFTn>z%X{HP!1$G+ zWgk=*CAs?G1UzK$d!F5!JZN|=0WtIW?{1<`@eK|dW z$9eO&FFOq@!WuVjUYNclinlGJ%NF4`uRFb& zb1k(u<2rcW)yt>9ftDFdEvRYLsM>S4^1#`?0t-#L}d%HIcdB^L>eJHv{_eMP~ciee1TaiQ3Fa3D&Ae=+*bM zOCj^?5OUfhR(p8stK!qkQ}DOe*Njll2)!)u<8f!uW>cU?1km~#0sd%x6`E2c^z1K{(%6H6_ftk{3*J->9D?GPFD?FBPthBrA?Ou1j?zQbmvw8oj`1RI;L%OTeyz1c4x}DWSWX~k2$zSK+ae1uecfs} zMFzZqA%nB;<=&jD%X}W6(;M!e$1ZjiZCzZyrF*z~n6k9G2d`XiZDbNtCldI0)nEm` zO-ATL&VP4e&@_JfK85J?v|GVW2+yEpIL%j%LcPgr>}7X^sJo`^B7To-!?Cgu@N#ys z1U#G(ga#&e6Lb0JB_8~F)gzHmejuaVN#=d z_2cDwG9&az`tK+YV}=%r!_V{>ROAUp?{^`-b!d5=M7ar8-uz0nTsMsVq;X!DNwYX5 zORZ;E(3W3wBxFoVc<{qjDBCRlri*;j)xYK#hHBq`jqJBv#;l&vjeSyfG!9Flt*|mA zuu>Odp-soiFi+ZUB_*x}G2x_u^rA#z(_~Ro1!eKcBq*UXY8t!YdwXM_;cDaU_ly@r zLbT@n;DZ4*FZXyKo;o#Z(ALO&u>X;Kkhmzh)hlMIm(-LV8BZ*g$eW;f<_PWvP)~=R z#WVa1-`&y8C(9bH}OKY8khY>ZV z%!c4t->l+8^o=_x_vCE|wpX7z$iONeDIWT7Plc~-01!6 zO3&?)Dtrw=?uV1#bd2Khz8gtXd4Yk$n%l5HC`oA?F+4;nqIo6}Ka5}IK02Szt zy=$60&`3JMaY@_wXYMS)DFi;yF>wds&pOKRvI@5O&puIQcgnEvvHs$sJ0_xmxOnB_ zMR6jW`U8}HKXiJ3LZsfw7O}5f+OBZo%68wXKYe1b#d&Hj48*QDB|f)G!) z0BxXAYIZUfhWX9J?!Emo(b{TJIN)YS_=MRVBb5tsmvn!JzVXZCLSZA^+`L%Y{Bqpf zT=MY7@->x{ZVFeUn2MuF>38oXNG`l#yggY@OT1dOPX?ZNTb1eikU=uEd99pgtHv4P z4#bqj06X+1NTmAQsN*O>6PAm>Z8k!~0H znJ-dK^*!yn=3=p}2)vU~yzV<4ER!MwS(FlxSH&6HzP6Lv83GpBpVZx)7KH*t84mYv z6V{6iN(gZmvNFpj?NY0A1Avt5oD@GDykcl1VSNE{y_2mKrid%7SSI8xD@eR&KoG9*=|d#3OkJfJ6lM#VIS>It5$XTpL!e8-$cNtfzkJ`oymHJNFL@KxJM zH?<_tFsT)WW#u)ER@T=5xe65_JSzpOjc1Obv%B!fq)pA6{K|h&HPH)TiivQS1^_ z{n{V^BKY?{V^X|ly&AsIDlt<1LXs>Q zFCQIm3_lIddt>@(b4r-Mcj7t}`tiUuVcwG-v@*_{6bg7^)(x%5>=Fq}pBZGqB;`lz zR_<+DNfrgDQ)h3q^um&J#liJN-T7`yloUv1cra0{*(oCbGnoh{|GHDVmgtYkf;2lE z3}>@KX#qbL8vT^MI6R&m=oT)))I-|Y-OcO!{#qA0dWmVb%kt6RBoyikEB~Hwa+C!8 ziRjYX-?{M2bj#z*+w_k?42E~;ly4t}uBAKEPT7O!d)VXJzOTTjSwK-_(6cHRcQJ&| zd|e4HZz|~T7wC0?2*#NS`$fH;+*_w3Zo*$qlv1E+8MBol^y&K zH*B#9U7xPbMD?RN&*z_k4P@rVu*y$HSH>2`pK3jQ?xy9mv4~dhANLQih;IZe2Lz)B zLqdl`dXph=yV@1a&7uDIv1CxXojSj}5~HIIqh9Ci4E?a`>>mE8pv||H%$cD+c2=>2 zunzKt=qSF_hk5@SX1BN)1o}zgANT&`RTx0@_D4c&?L-RM07{u0HAbk)OQ)4DT*s9A zo@c}#X)UaB5)uYu&I&b)eXSXrGi8}b&I)7R8Q~dM3O4&hH@x+G8eJUNUp?LLqSQ7B z6#5+bx{uu93$YKAR`r^8dkk|sklJ9xwmE6w)biA5`0m1q(eU=!x`C^e6~_meLDts8 znXQNQ;nGv30%-VYz}&*=o%Q8H&)iG!Z?qqFK~5tq>L1m6xd?q4tXPA`%zn_v0BKo7 zCmd)s)G!#NDrDA(04#Fkbw=%_x+v8wq-5n1oLJO2bjG7SbM{2r1r@L+!ri2erW zz~8Jriqw|{jwOyFw;`OKqdCq`L&X)0GK?z$eSXiJ{syNu=eeVdY(bO)^s(iSdfG3S z4jxAqw%%U&Iq#A{A$8VA7Y^>GcU!&|8P`U)oBJP1tZbs7oQb|45 z_d_z-!zeLBEN}-m%XFjTW6}+=)4(bnhlvK>t1B_Q&WLJQxTrmIq2zChrBPO3^AkY< zwF8noUGT=^9s~O&d(6|AXLj_ry7|x4V?-n zGer<4bnk_YEPp-;tcXhyjr&5aYDXX{5e_;5R%EC?@R#P>7(VL?{YURJzomZT4 zmIJcdd{3^Mg^iEAoYffQV>bcM*$u5!mQr-`{_}^U69$ce{BKfLw=lUaiQk~$pg)>XbACTW>PBw(WO||i0Ui6~SF|d&VEBMsGW2f` z>RJFNog3>_-K>3~$8jB+N1oK<5eTK-WiF7vKuB4I0jrKf9S#TNnT@+oihr4G^V3p1 zT9#nelx>qo6N6X&qx{7nfIw-g@*e=EegBldu5CN%P<9MaK|)?#fX2LaZraKl0wbw) z8h-ksjgMqd`N_;q^V8ExkH00e6n~=jnnJJ|YjZawKFL)Bh}Tor((~*@c0Py`BR+lw zu3T7GLLKXOak+++`G||QVn#J;f0N=z*w}R4G~($6yi>V70^p>({?xSi@`o$G3Vw3; zr1Br5IpDC4=;De4b5P|bb38N_5R&q=-Hd1xwj`}-dQCVnzDfMAOp2<)f1AY$?;B=1 zrxPW!Iy7?kYHVriUG`J>{^r-2P2}s5wZ$DOA zt4N&kDOa7*t%weT=~1*O0lASs#fWmKJq?yh_|JJCa&>Yw)G)N+m7D}BYpYNOPZhep z73*)icIMa~m?|+G@x&C*FDK|{l~t1yEG;810N`-~ofw&}kaTIhF?u5>a*yn0f5{kn zahmC_xE-vWC4x@jjy0>Wmt2EBcaSA-eCuS>LT zbnhIoni&#=9R0krx9zMy$Ou}ea*bXz;^D{OM(m;vAnS=*iT@b9R>0dAy%!zQ2L~bW zCkmMj^9S`6zDBXRg7cDAb0U~YG&_a^nis7dJI1}5{fcAF-7EKpoVWf_sR#OR{}vKF zz493MCPn?>uBXtgx`2AW)UVld;Uh!Vi{}UL@V_~hU~?I-$6)? zZQ*OP!5W=B+gbYj7>FEF(EH{Jmk)TFE4^J4$cpN-ebk5p(*Lir!N5fkj#`IE`O)S5fT3U}owkg-3-Q566_e zKU4}KTF+0K3-2}Zx6^2|9QqUPfgTk>n{7q;p}M+cat0i-8*M2859f4>Ccl&7pJ>CuHD;Ni~GTexrJU1B7G07vtj2(fdIYR-L@~^`h5h@KVpiB z;>qHSWN7-ms8f6gzwKg$Bo5FZR)8l@syaJN^oyUXu3XWDu>qQ|ra4_Ombe9R#Ds8C zF;{K&j9al;&Sbl4x-Cjvo>WH9ZW=>4V>^&WbrYEbLqw7hNdbZcUmodsPz4TMI31^; z1eKbNVUsQa531xyyxZH3*qY|ccisQMv9A*2OPNf_q86%{j2bk68i#mf?l?KmAM09i zl72C_D}H)|)+D!P3Bmbt%7-wcuqgF+QufAITQ%q)%Kq*FBNGJ%ndD!*70&OpR_MNI4||bLq5DaU3wV!7>FXSX(2Bp1`IGdUmLC@} z5|vXLW9<(l-VP)-c)rkMy?L2<87&``>E&Du)mpr}_r|k6BJ~T+PcJ=Ycp)%Br126COzsy_JR#d;YMk7F15iDzYqZR_p(m zlU9JLcNNu!p`ipSg#spxDD7ZV3|Zw1ck4|Ql0mhausNTg?E8^4ru}OGbI2H6TQ!rL z(vPlJKff|OJ@mIwPje`lQCM@jJY2Z=Mz1YeZ%ZJVP+<$sLKBCLUuH~QHw0K@4Xt#M#AI#mb zbKoL%Yah;KKQD=F*JU_=+I!nBh_gc2d5^-kOc;lS7Dth=V(%BFP7(Siw>PCX%>udC z^?jP2sb%><5|6MyQyKU}LSX2V!Kz-$I2*s^=XavXfJP+Tcb+H_TBAP@hQU%NAcb5k zBU%EI=TpbNG2|1k!{Fx-i^o%MRFM(;bLcN^Fq|mFfG(5sn9+)QucOxJGB}R$9YMEH z$UAq|HWS1=&CXGlF6;Z5?Wn`vqQyhtM^z2dCq#J-@Ae+&N2SxSwXG{#Du!g8NVa6a z*d^{deg#A5HA{=a2WbEdH*X#u27ptO# zGL!lJRB6Vp<8XmnDaA`T2xyj(r-lzTUcz(KUn5N^DbdBT;>z!i4vLuiKh!0Woos7{ zV)DWCi{j8AL1F7n0_Z{1z_dMOp4B>k&v}hn_^NOJ4iQ$-ZpDnT>+*Va-#No-a|_usXe1er zG&UhdVxv)2giRvFai@#XZJgsUng(SUdL#pnD0?5X$p{>E2Do{^n0f2zREQfXuWfmT z6f-*pTn|xp<_)dc^qI)cyy>3iaHZ2exre!aiiUhPVzvPDAGlEuLh}vm9ED-k>mwza zB|zh`Y0Q1ZlJ|x+hu!h~ADe1LjNkNhg(G~RW23Mt5ebt0(3jl(VO_(mkxk3`lOid6 z9EeN|cM?dd9gh`VULtxvVV#5c<~_B_pNh3irrzdJdCg0}7%FbiQ_W%wCjt0e$;y848e(ay3;haQyxIM z4Z1vi6_2g=^JZ5~;z63SJmZzF*j}cEjkl^*FdX`EAl~WnM8D(%UXG8ajq(7Yw{-HMw9 z-+{Lm=W*JZWAG;}23VSuZ@PHRP-6<%MQ~*wQOP+lHb0k3UW;(skgFRl$kO~h@Lx%X z&c;Y7B_>Rv2bGARgiVzBG*>^RuBKrBTx;w1t-Kp}UR)NxE<-WOt+kvmKD}QM3Sg1e zAGr5lf8qg1`^I>lKk=1ALi^=*bnq_UN7D~-3wO6p*PUEg-rf^n!t6oy$O{k~DHQS1 zJkfidLYJtazJOWt5oYBtx)QaGYUhI?c6^#>(o~84!c|!>&is1|JxqAC;lrE+N$ajt zSvWC&-4vPS&hyZXWULE?5Dk}Ui|Ck=g#?FZfi=KRF-lnz`>y~)5^v)AJJ;0JTmcg{ zW?OzTfxewG^o%Rz{q^STnMdny<1{;@eoOBGRZV**sqOe96*hw{QS`IW&5;|1q$W2^ z)$c-$9An%mV-}7l8~g9qu*V+&r0atPUpH;;6@FftV`P(enT$&Dck}-wjQ8hCkPcs8YzdpZ@ ztIM-&PO}@o?}xGFg}Hwe^%1`}1w%eS`Ba4`9(EQ$RE0^*l@P>W#NHahlYR6~WxbII z^N4(yIQM^zgbza>@sZR3@d%i=3~aLZy)hX2PZ|JxJmFbhOxWa|>P2VZ}B>~SuD==kibkfN$v zZ)4Z_t_vE-*&hi5#8Bk5)uu+Bx|n+3H%Q&mGf}_ZeT8qfAdRWJwlZuKYqi?@gW@Jt zG1~kl$j6I!@;CD>HR3^O@hxZ^idQhF9-~@zSn8LM-^GQe2+7- zOF!_PQO*p&8;tIgw`T*yzxQ#TIkXLslbvqhS|H4b!y3A~$Jx=;R-c1oS@#18=MwI|M${=2p-4D~D zkK2-D1pd=|50%5V<{~4u5;!$bEM>+CfP0fW8p5A{&L$IZ73|52A)WEFC@L`;e7S2E zT?Q_n#?I6|?v+`e9h;I693M}!!UPFW_BPBC%s!dAYFyPOZQ%p_-mC5SS)&;?Xykxr znt0Ku0nt1LA{RFQ^K2okB(1;_51+utIgE1HYIX^I?+mQ<1<126s-svDMu~zR4>a78 zo1k-N+iltNczPNkMg`v!=sao@Hs~5%76y~5K_lchUtw5b9@Y<^u4e!j1KVN84{m*C zOEM~*CRt{U$DW&HX6h6@;0o728N0E%h)1FM68Bn{Hg~ag7E)Uj2D7oPso!f^zEMj)66Uz-^0LqmoCVShfOWu*!Xm zM65SlCDlOECy~a8xx05JG|G}~UrDpKKE%X-KW1i+FO|yH@^OcK=00^?W+Xe>K9}q= z{6U?Yj(qKPO%_Y@+1ELQpW&8Og1qfZ`R5h4!Vp_*z#2C!Ar}mkANI_?4sxguP?r?b z+RT_g9#6yBZt~2`rwvZJ()FTVp6u2lN{sxc!0XV~F7xo!>dnQ8kC=I8xii1-c#59* z)!(Ji8UTa1VCA{r|eVwa*q*xFy$c0 z{=)m0a(tkJPQsUhNg7Fs0b{()1<<}+W-8z#z@!-4wS=YQbhpw26-w}Y&Xzg$av;&Z zZ-|4D%~O9(y1uD`Iw0v&f*@#Xa`m17+)4(m98a&oKjg|nRh z#C_g4iPM(%(DN3bhnrL`HSkyMU>zDgYknoOL13*MB^hB7w9_K2T#Bpp}q_QZx%MT)c zOX(gY!5HOQfPYh+s(xxm*+=go8V#Pdy_SY&oK_7M96QBb@5VZ=Fx*3_sSR;;-BtJC z`@4iQC`F7jw#-in?E*fVZFMon2f91%3ui9kaL=ppLQ38|+Nkfjm3fx6T~7D&TqNx- zy{yOxFCfun^~S5dj}YU~Oosmn`2F_+TtRF)m7+-Svu@t9df(bOY$v{RtV}a#CD|;9 zgxdWt=$WbWL+r$YAQPj}W$-T&II^v!$2nr!?gjXt0W507GedbYg#De-CYii0Ny+n$ zv6JL(43_-`AY5mOJ>ZQ z*+Y8GAt(onlE7`JV)!lixI9Tl@R-0e%>s%v>Lm#$`Ur))+9e04z929gdLc4U^h?al zAD#vL5oBOxqi2G?M=_E^Rp<3Jq71Gdxdg(^72Q{`oDB*4yj5$;1>Fv;*^Qk=O{lcbu`=D-u(R$7mHd`V-06fGn9%+QuqQxTFCjZ=pnV)4MCK;Fz4KITa ztxDSRfE>kVN(GB!`##A1p6=R3A4da9X!@-juU3X-gXQ^hpEpOGO=xE6_JE|++FBe9 z{P3de8G=?^SQ+CVZ;dX#u+z#0rWO~`(CC3lT@X~c0(UGriB+hv8hFW}c>~1&1Hsw^ zH-!eY6#Nc;{-1OxK?^;P$A(h-Jx6+xMj1ng$UK9`Qj$4F=W8R4=x1@gS36Bvlcu}I zm6Hmuk-Ar&3zcd-pR@{&HBY!{M&|awbfh|TY7n(B-?L;j|8Md+9qU5o>j#&ev8_6H z;lLHtHZTAHj~ItT=Y2Ls%?%y=FHa^Gq)#>2_sbGnKb{+@s>M^36}28N)~D2?r@@pD zKc065pt9nVKimyV2_OTvcE-|C1_QT(MIBNkez>dxYm^biYTY#rVwY|MC`z?C(%^RK zZ`(berz%}R3aL2qDJCx*LLo-Kjb~UU{u8n`07wV%9DH(q90*kXV$!JE;XqpyvXLV+ z8$OIyoGfYnm)(zwBb7qeMy&OqAJ4%1dwpEUkhmPW+e*{(JtngPuPcQ~gy=OAZLgU4PcW z_oztB2%WH@N=1onG#gH&K&XQ=Nj3Z-T_6)<^x7TEY9ozd8 zidshe!8FGM+UE|AOIgu3M1s@`jH-=(a?>&4Z`xVz(vd=3S=+uKRK=vI+4>KVCO}>|6F|U3% zi|fhe8`77cOhcwAY>d|URrYdb%&w1MFxSBq7qkg*paXz|V_oaR@~pEQ9&76lj_P9$ zSq~6z`!o99zca7$H%83}B#fzCs&_EpShFh!AENt%;`i+z;iWjui%gT->B(g-+CM%V z#vW&S_pGg?Rsyh^TKC=-RK>gLjc(I*{H$VtfM0h6q#@sfjr#*z25z_)+Ztw)iP=Hu z^m7m#@CpwjI?9?j7nXawaGgad3KJ(7FNB7X!$MzO2&P^&s^goU1oZcl;h`l&w8x8> zOoG^NN7cjR4qLWcQKjC{h=u9m6=;@`9Z(TK&{wly!_(!cbc3cuWpp7`P~%Adxsgsa zjFi)S)D#ypx>hBNth$uiwZgI*5faF8Jwz_c6eia9LTvIhJ|yL(F(AQxxkrdfSh(e( z>nmn^(;Q><4G|D(TF}OQqr3*T`ej0B6x2y#euS1c30VgoamVgobRoF>Y;2I-hRj#W zpMZ!&q?`I{J)ciXsYa&DvK^JIbj1FT$F{7c2x_TV3RknHwkfQ{dP%_kK58rMc&AS~ zI5Z~*oKUjLlNd`R%5^C?DOjlU=ZxL-Q=%Vq)mjDn#Z^@Pkr;}6WtA&fWfdKKXj!r? zh6Sa^@mU-B&YZBZjy>+X@rylXqqe}?-+MN94p!b?+`#%(Bm@-b!JtD-6~Ts}mf$UlulJr3v=86)o$F}KB#4m>_Avo~C_c#hu-UT&+3 z+x}{5PjqY`TmQIQz$yhS;RDYO-h#WFB1+}Qoq{53n|R9jLW^IPA%rh%;ufBgl6_q4 z&%<5LYG0mt2;Re7d_};=|G7>%9zt;Zeig$S20lvG9xIZL4kGVQT(OCyFe+zy0Utyw z+~>~T3^30Gk>h?(1KrMTO(kT{-@=w{KBSLRhu~z<(EQbW5Yd9Zy-E0hxKa}e`pmS! zJMPl+mQIZ39SwZgKV>}&1KyhGEj%44R|Jv5ayPbb73ce@LB!S9)_~q8R)m+&)s$`^ zXQ~DUWMYHNOp8HEPGg`axl4%H=e&pdDtY4F)>->-K^g-hk+O^WgU7{sHW^?Drt^hmf4?0>psSQYfMnuhGXbD@|2feO_Ql53W4r?Y_(MJ zYnFD&HDqT`e3&-f9~AtaPvq+f)l%FStxF{vnUfGin=Pfrs*{e zWnLW!zz0s{{u5lXWhZlYQGe!EbHQWCI$5;3CNS3tJmX?s~l{th54zo=!Zm>2TSbbUa|p!J22X&oj1}}-71rj)Z1P=2vC79yJV>*^E z62D{{!t;Nymzf+49i2G-NT02Y_#V=%UQ6tT^3)*db2p!l{k@U|eHC#MO;9Kp_Mm!d zzlvmM6rhS-`Iz9)Auzi1P(+w`v~SXuo5Rr~r~EnfpF#xHNf&6WEA_>AcrirGKKhMx z#rRd>K##v1(8{GGtEUKJjeN(yHE}kod9qQHu%J41@wA<{Jl_@jJjs4DA+*gxC`zaC zUSuXniCc2X-==GZXTEp4(Z9nE`SmhNi)K{OL%zNu{M2AP5jm`a*Sqsd?R$rJ7t!X0 zO&!vDC6()m@!?hJ^OnpnCvWihy4@Lw5w(mZMParEe8R&6Zem=@tT@BHT40oJcud(o zqVBIRj63YT$fJcnHt=w(VnFNA@X|fwOon2WlJSBwqJb_pH$Nwf=%k_|n*HcFnBs>P zqpHBQ5OxdhnkcRE%v2=>Mv(Ynf!PZJ1+`+@H0LU1c#OZC zA21slF{Fi`;e&uzpOf@^8Y=fa5jsjzdn?!LFr2RB9NUNKzG;n)PPq+DeM%AIN&FQ0&PH~wa0`x6`d7_m*=2*C(w5U(uspDwj4qvG&g1`#jQ zq&~iE&L5rN7yTHmr9WT^}jCFla}rm9|WB?*sTd8BX2a*49B&*jS<7Kp<~fE5K{au$*`XLL6@Oh!^@ zGoR~9rm6JX`YdqKGH33?vVR)_kREL3th&Ls)j_*EVJu4gX*NV#WMUv-e+igCaUuLt zk9{7vTIk>lROsnej1X=4AI7xDCVq8e#HC9aQx$HnW^V_oU=V&PBg6Q9yI;jN9!RX^ zU-XXYh3Xz>=6&p~9Th$CxhZvCZHXGPzcgs5S*%Du9-T=FKk_|yd9v9b>QAa1@7rvV zvqBsUF!MO6DvBE1Kl`{f!Y%bEP{DA$_T$;xjI+HCsRfqglXvUH;-<$Mg&oG;UStK< zUb1=5sFX5LLZRhCvpUPu{Ag-XnJgPiVuD_RF$^mw?4g%W$JPxlRi$j?-bu-B?W81! zF4-P1a0gD01Sjw#f!ix1r!3XVIbhMB0dBH%>9ZM+uDHh!R`P(arWuwfsVNDVI$^o@ z-Bzp!l%M}q+|f9)&y2Y4pS6>tYw`E!jRC{{$LUoj3`Qg*em`&02Y4y6LCodzLVEZ^iBvSdD(8C?nfTt0}k+GiBJuiB>cYXeo+4S?r z+_9x%dAJgsi-ocU-l`@-AO_qYrCZ(hKXIfe*DD`tKOAg2Z(tUif=RMQGM^9yDhuQH zQDkX#C@f?(LG)oQX!pI4on_=X@qs)BDUv9QIXhFx;IvRjG*A4S7Ny#>ZVNG8b-@~}I$swz0l%c{^Bp9LW~Bx0AZun7)^VVBQ%+ z41w^X3^5E~`lm0m(gZSnWOMsnX+mPv;37>9vP28o?na`ibatgaS(6EfsW=c4M8Baq z0p8}fWb`BOA~Qu82yCk{;J5T-hB*~z(_k?8RNj#kkzs%*9SwA1T}_5-OyQpr%irA> zPpzspUKZxhIur5Ims~i|or&AoLFRj?$N@bu%B||T5ip!RF4LN!Z)LEJFXPS^rUxB+ zIUs9RsEvN0`NbCe9kkcm)?%r$Be^a2tsw z|K1}Zn#+FSi2=Yw-py)}Tbj`!5BF_V%gfdcmLJJC)#rv?;ec+at{)VAdC}X%X$(98WnoCcH3Ag3vmLZg5*%z__F!_~<+WLZ*K=dGV0STk&z!B*&gB()o8ASBi zdSAtO5feco;$J=jPjR9VjJTLy+V|15A9Z~xPK;Ee7>hFmgOr$#4T;~s!25?#j#*ec zgFKF?_$z8-vO=n^jW=agQCY!i*vI&q-d(;0;`ya6YHvgGAu6#nqUd8lC_(-7>QYjr z>s(DkudEz}Cic57UP6G3o5mW_35up0ErN1)C$(apB*i6QQ$Sc?uI-1jEs|{ZzqBhv zaigVLNZ7~=R)^JTF~=00Q%rc=L49{V!m3F9UB9{k#WL*ME&1-8B^S)r#Azfm!1=j3 ze&J1Y?d^qBZDv0kuDYkMtcz~AkKF;6oVxuLBgWGQEc)1Rwyr5;RKliTn8|;pulmVw zLfF7Omh>L7h2gDs@Z(n18?^f9P=X&Si-AT|`gI3oPE{m(zhu5-dQ#X(c_Yp!gn4K82^&(V z{H?d8SaeW{cJ$mNSNi{!6e?7us{qC=2INwM7&p1ndHOpT=d7v}pI?I4q~u6C7$tMTd*ikodcsg_f_a@v&czNRtALfmm=l{36AQTxz&sF*C^K z`f0aMGB&Yo(egI20n7q+$pI9VSs$QJHS}BpMDr z3_NQLVia=~qau@+hjsNy4R0t?dSVF+DX%sfW|QyJ3cMQP`g7>NoxBgUfrpC-qORsA z2>=#`4F5e2&Cq9VJOLT4Btv2!;A;JV9K+$;m3t4_^~#Tn{x#B!jpExFHVH~n4E!C3 z{0Zzp<>N2{CUEajKDr@Ger(k29lSqZ zikdmy=vu3fu@$J396$isdyPa{{P@WKZ2ubZLymHwhWv7`*UD!LDePm9lvnb1j8K>- zM+!j5Yn;NWv8RE8O00TvR|6&0>{}PNFk8Ot)K;I+RkmS4z8UrJx#x{Y0l;KoPPBsA5pW*RV&wmq z2deqXx?Ue>ew3|Dkx^bTFX8IEKC_OqT~H*yDGz@=B8ybFTPYipM>nTKIWNX}|C;N` zxrHV*9kdf3R#>`M$DDq@v6yJ#)#wIzKO5_@?^vW6Y@vDq(b9-_y>=Wj&&oMOZQ-iz zQv=@+6eNcKuomEIJOF0iq6FfvJINJ;0)V1iR1Ch+aqyrlCOzy9=a zQ^yix`k&M!ss=w@haGS*yhvzk*ZF>X318GTIxTI<&ZT#jihMLr|^hE-(g2OYEem z>LAENdb|Dql(hdgCp~0I2X4Mbnd-Fkb(8aYE*@B3mV0|q7KgHtMr=J$vgN1TRB*Gy zM!u2DK=^q1k;%P*lvvYlmXxfRmJ!RDG@1Q&&I+6#O9z^rpjm zbDBfRJTL>Q6=M`Z2MDj&h@h1l-YmDUT^~9R62(txinkaAZ1pPT;5{@OI4yZGeHF29 zXajRJtnxR+^QszXPz77585^Yqu$fOkC7b?f`4z1BjV4|n^s35M)PC^X@6{`tQc&+H zcX>qYkowiqGXQ+|#2LgKii?SwUx5d*;y#{*^I` zOt?R!P(PWaJkCA8t$!TxLlkRh(YoQz69QKlHh8$e*!681ei9146HUw%Z{w4(I7h0g z*euNqfC&%%=fGd^;mvlC-RK+tdTyfA5-3Uv@blhJ21g)voB}>uw`Xl?YWlOD>@~1) zG@^P}oHFK!(f#5K!*)Cl%4J#)=RcD=i$i{c)$w#dzGO{o? zzBgCreQ%!cBb_f_oH$oD8vEW6)?MW5Pj)*AWay|ezMlY3K8byOGS@ErOQY(aT9B%& zv&zb^adSTes723$D4d`7`9~ zPRK9KKI#%lbrwGVEv4Q+lE#r2Pd?o)$-QSGI<*NZW5>luCNJdE0S%83{7aNo9r(Y+7XMbc`4J zi-o;s0k;T}WM`D}6bzY-0vVmJc@%P7I*cuLs+yEK7>amX>#}-@K||XUR_R|Vw5PRR z5azx(MU66qsG`GDz(dG&C^d>`LivG(TSapekAzOsm_(y?23g(P#HA04(2<^dtv621 zzKA2eqWWd)So)NfPxlhp2L)HWp0!g78O|?ZfN3)_0miNbBa#%v6`h~4RFEm^NUf-e zcDY=dh!!l8mDxkY-k~20cY%L5_{RQ&0e-oz*72`K24EPNqUH4@bEtH=QcJl?2~S~L zFzat<5D_jM5o$7RlBQ^hsR#d+0|6z%0xNz^alFuoQgpci=f^K4+7G;9qveyYT zN>;?6OlY3K$Q%LnqHy#UMY?1phjoA?qx`Y=(pJjR8yg;k&<7O={JX`ZxUWDubXP~U z+qXV(CnwckGL;w{0JLm%H>-k9AGL>~i0;12?{*VD7! z@Olx4{c_9BIhgz~!3~=cs*i#vt_hax8((lPxH^__1b1jDV_IazT9P@-uOF0P1ZKh( z(vK1;F9Tv)rX~mz3&Xbm@P%TLQ^g%PGurqfyUT5ahOb&c6Zqez;e)tU%GqzgJF0nD zaU-VI2SGuiS)E+0*CN#AwgKWQ7_%1;2!|kqKzQgc|K3J99^y+n^xIDG+XTuc$ljig zO->8$w>XAedg09-8g$I*<(3vs)aSmW5*&<$O=HwRJKkSH6PugUrS--$f;BD5^REa! z@j&%tO=v_hz;{)w3F(V)zv{2d$kUw1bmLHm7P2c@4L)S%5oL9HYjeEj+MN-B7} z1=LfKIXZ_X+qe{G_zi>rH>J}zJ3VC`Y4bCV=-L5rv88sVRYt>d`2I4^{k~KC4Jb$7aqMam}II-1`HQvCy%0Ht5*0WN=&McUoXd;3St8z43#v__g#r?f<` z?(iHo&K1@W3a{vS_Q8CGT2bQJ+G9tq#Nn3Te`cu>(G+YDbfwn z($dlm-+{;X`@gU2%$ZrUX3gxlm*wJ*Gq%>>n*nX?q3zk_8SObcwNk~YCr@09TibOK zjE$?IZC5OT^L7+~Y15`*tRjM9xcXh{>7=AsIQYWMv8sV)-I5nl14OnYOzRFM-_;v> zLlJmSie!|H%gsfJfkKH!jWF-cdaiVClF)0WmOy`SZmvsy`aBDZ7jy^5j6X^mywB4Y zGx9Ysx`3(!(<+%^MBzA>=>NB4ixg1C=78hCO0<1t>e%Zq)$jF3zNalL6e4=J zUJx1D4{a?tD+*}b)!TcN{oH*iIz!%7gn~aW);74Kp(xJf9zVF6px3`r$D%UG)6Wt_ z#w48ZQT+po{-hi#O*TQQ^q*faS|R?8|A?cCw6*Ayj+;;}Sj6>2)A4hU&H;KlQx(oS z4t(d~SEu>e2l-T$7pJ-W^Od1f;9p!BqB^n}4+?BbbU}1^sTL}Xh=0THds}LnIlT`UU~Dy?NXuu_ zmyGz_#-N?d5^)X!3B%`t!_!mxX;QFrey*J2Yez!+{&$2=6WTmk%L>pD!%>1nl!Mdt z;rDEhuDS>nHYD*6?c2`6S4zKmlu)w4Rj4&-ec^m21mcIKmJKR-5^+i!)#2$g`qLi` zhfj*gbO%z}%35@IR3E|lPzDvXDuNrIqS;ropa}u@6{Qq-Bc2QSv0+8A!AFPcbIjOhZmm^)PvGVO|>G>G?xbIqZo%~DQn91+c9H|4Gq%Fph!)ev8%xLJ^>y1dc#a?;78cUmlZdFwXvPrI1GA|P_Dp}!AB21TS{Qtkp!*>b zAdsZ_wIStMn`axp(7X`NBghjG*|_@}w7Bp>Rlg4R(&x~(V^TPE+&rlek9W?lDmZe zEPEVE=;{Gn47=vr$Q}_f0y^6F%um4yiYonQ{>tFC`oH4zSy~Bn>`$czE>364 z!OHx)mm59X8gGB)s6REIe&l;{6qNGnQ!_Oun8dPzf&+4-2?eS!FxFLGyn`>0gf1oy zDuip;42_);Ns@L|qQYok(}hh0aUqR+iV_{6`1MKj6&3fW_SL)_WwOE16h8Wtr~1En zC4Nz^s+*7^sA9$FC^oANYERFv`uAR9W4vf}0WIgIXtlS(Xk7%|PAFRaY9{Sxj=Lw| z+|r&^P948QCBp8DIaAwx=B}p9?}+Aw6^Y&wz9^RpnY8t|VvC)>XSqAk9c!g~Lx09( zIvUSzXW5jFot58zj4{7=ik7{4u>X@(j&Fl*q>!xMf|hej6xR1HBJ2_u8F^`x-kjz zg7ezI`~8KOBl`N2QJ<8w9tvpao@$+AZd$|^{z`MwSuMsD!*UAlE{$4#94i0spht~z z8>p4&vl>`m1`lS2ml&r7lea#b6(n=I+dw)f;-PGl;`_RCEWiok6k6>X0#PgYg}@g0 zn2v-SAR8iy4BcyuT$gs^F-SZ}1-q?Y_E$#ZQ3ONxhjpu~NcEUN%1IrDC!zug9zI+i=g7j;C77 zeO~YJCT2n>+U$AXCtOX1{Q%{S7<>|0c5L-Oxp+@(AbtD;Bt@|(dv zZ${NsLzW#^%8Z3fhX0PC8sMHx5ZiU-y~L^(gwyj7%@7WD_kY8TTdJUP@PAV?J&HbF z#eKXs&2yC;%cR#&os-VOPweA~AGBkd^^egZ>@VBRiR@_49D{z>?z_!X*o2iydI(%n zWzzVR-YhzbalJZO{?zj$9ed@NH_{Y*AwrlU5lumX+O%9Nl@R!#MO7fttQ_aWmn_tb z5@!|qsOIdkr!(FD;vxKC27MD>h!j%xd55B;3HqTW1d4Mp+`)z48SK`5 zlUY_4Jqf>8z~64B?hFQZkvEMluvQ3uYl3ZCVnXqwq0{xxxp8>IgM1K%8z8&g981jW z1l^~n+!^Pq)+sx(syYm6J**<_)<;h^>Zl#|6?U1@vVAT)s3QjwxujaQs{t zjJl*#-qGq69~7rO1cjmLqA&kz>K*UOXux+QeSeXlt1dDzV4y^G@Ph$EXK;KTO4 zB`qY9R9=eW^r+ll|G}UVmN~@$tNeH1dsZ$Nzo?a^R70VtcAV%~a~fjfmfKg*8^MNf zgx|KaD$~M1VAuJAVBK_;<m?OiUU+U)@d98@Ea>vTv*n%O@?w7H|~rK_qw>g z4e;SCzc7Ma7KjQ(Spu*-&p{-uJ0bMqL?$)%exH6i{`pbxP3khs+^77U3<=zo%cH&9bbD0}@YppxPsNV2%=fz{e&-r=lI znM;-Ngc4MgR7VjRIA~}*2F#^LR>=|;xfyh;K#gXFSt$;4uVRDR%9)6a=8i}4dRu00 zALFZuj>>R%+h7ajO}1?PGJnc%JH`^RaaV>?;;@uipNn+uxP;CO`0Va zBMenRM25ETbRgj4F54{eY>)<}zkx!|3uZB<*h~}=Q5JTr7>!JiJ!A*P)tG#hN5_Yvt@G!j%USiwlQh$#fMs5JTX*F zGCi3&{#wP{uk^N7va+ee;(va%SmXAcF8msp5KdKRCp7}4o2LaIh$b^_PRaIqWOu35c&f+ttd2!C25-uJp9xArbreAUF1{dgd&s@b?%Ci!Hab{8duX zn;=sM6=NgeqAq7T+DJT9QKaABvSqw;tom3ib8#9sK~=GS8DP9YQ8E1&V*owT$P66h zIDZk9x+xX%bF>9wao2{c{cZ-j^1n**x=$2Z;%QlGa+qe0DN;yT`WbRnSKJ|2&-dvz zKmGh0&lK_v%8E#=Ucm;RrdPBQ3wWNgm1~Omx}>_E*^6rXZ`6Zx?mmyl&+ZS$DTWMj z`d)LNgKUJw%q%}^4M3-t8Rr5{x#V0?usgx5psfrCdWoY9Qq-)p!ssEJ?;VV?@Ghld ziL8W~I2pcNpDDc~yUM0NSL{_Fbxc=})+6|ZjpOYy)b_OE^yIHZXvc)m;<|2K<{hTY zK`z`LXBMPo=lvux?oGrBvyNZ9+%1_NSgoyND61ZxoB-cPyUii&ruW#%+vR!|78j3V zpSfD>-<^-Jjzuiy)vEhiu`7vm&&{X`&3w~AOetpVNXQzQuJrSGJeb;cRW4AhaO>oG z;PJ2}X%{)24}*1DRzk?GivHBWWAv*-PFH^#rZCYzQW*&`NDamuXY2r9x@)62c_MM1 zw*l{6IRg;xm&C4{>-J4$nqG`=-Gqj-LDNpY^6EDM_<;(B+pzhSh!4s|QrI^Ry@YPf zix1nx)3Co}Zhyy{uoZ25sJN)zNY7IbGEi#TFS8`}n~*kdSUGVvBt3;Ya$6FLaUZT< z!m4J{INb_m6YfXRn0c)pK6>j5TQFT`eTwWk09Q*9+D~{W%e=2iSXP1Iq*bM5VXsUi zo+zR_D@I)PEjWU01H*g6dm(ApyCId=3GZqs^5k=tK5~l>Gqx1@HpkRxXkAMU`|@`| z@A{PEyEL5PvA(UxaqE!7Ik@@)n*Hz=FcC=<;e&Ts4H-;YJh=4ajw_0lNidNPF@a~4 za6i`S(w9s}9=jkNhJBavCtWIR{TI(E=>TzDK^b%un^mxpB>kHGXJ-2y4EBb=V(fmZ zfi_Tt(PvXcEb8FHnPwQTZ(&SjDty195Ax6bM(L2?A(R|zNax;UY9$GDK_He6Rph^v zTP4d+%P7P~Us-$%TX!$->SYXo0))aK^4+D!y6?7W$s4)_=nzrH<%z)$%X???NYYZn zZ^Dxb9gUXu{ry#{%cQVi!UH|!nl?~=*@_^@nG%O?mO@Sq3%PRt`a+6{p6MwjC-<7^ zkVSZxAck;HaBRt_SaPcP@kVWWWH2_mUDjn8+Xhmih#w@UNk$yc0nO8@cuQ2X<+1Xy z^>xh#8oY=XZ^2_X)G!4~5MNBYR*%Dn^n7kNK}JILQ?=jy^VI`m*I4N#$;09$V@ge- z$@2Y#5#}#KMS8zBCx5XDN45MM8u{5?0F(VcArKes=v~o5C7?cMALlG7FQ>eavqNq= zg&>7TS{?;3zSCw|Ui+DXnic*N!7DyYF?S+`1%Mn=Q&mQBAZ2Z+lwwm13%I~jt&uiK0P}t46=+g+519Ywes6R~+%Zlf-ON^w$LB~B{Wu6_5M0~qKR1Gw`&1hXX|ztu zavo4@+;xysKz3`+Gwwe!@-*atC_j{6{G%`MmLNTP|9h|;-TZW@Auo>uViYQ8r1LO~ z^C(Q;z3&;~E))u-snV-L>vJpwz>!gYi42jnJVsF0FQ} zH3KdZce91!bX30(pGhe+?K8n}prCM$l3>k}WX9iUje~-c71^)`^RWG8DDrS<^Paj$^R`;nOYq^vop!} z4OF;tQl}X3s@6u@Z{jQ%*3o?hpJBSY@^oH!s-^^8X;j5Wg;IShqz{HJFLd7erK4z_ z*ms48F_wp z&$vsI)x1qZv5|xwt27bH5ccJRno}s6i+*0<+0g#f26-rI2R-+P+h5(KvUY-!*l|;< z&N|M@X6D7!b+Jc+4kT(QaYoy7L-|ZNPe&TrZ)YtyT53j>-l@LRc}VYnUkdxX+I^cy z9P^TdNPO5FqD?xS7Ne~!zfmv!CLQEdrENOKj!|;HYISwukMDnLy@MI5q9A7E$68Vb zz^)8#Kqc=g2bF>k5dQI$^kyv-orjopVeeIs)SJhXs4mJ;lB^q_R3$DYZj2ZRuIUNNor-jFtrv{%K9bk9Z ze7~obsqw7h^+n#}zDeb8hD^x%R85VI!Xt>qPs*9vej=h_8z^DXcAhTUTs`hNtyWi6D-H(q-hsZDxZSwB`UhH&r> zlHFpy+Z+3fMTM5kmv%VXmxid!XxMu$N1z6t>`)hNdIngA?^mX!W4GDt6->5MTGETS zrgS3QSdF{x@HhbUCTV}xzgAwTFn-KbgR*(WA&e*^lzGYq$=5>7ceLhdm4$v>pCZy< zS~s|J1j2Yh)SpiA}Hs^86$@8AEua1Oq1E$(KQoP9oPkEd}b3LmVh=AipRwLH>3u;52( zb|DP)+U84$*HPa%30i+{>J0ySueQtu(cUek|H5e#>_pRS#4DtJ-Z79Y0;uCK_(0Ee zyHF!1eSM#2Ktjj=wAX4PsZWDgT*p*!#HIKT*tPFa3+hIVkZ?t7KAOBY2d*rL34}A- zCVn|x$Ho`eMX|uLNh7%x{1CxM4lY1?QE%|`ikZ4*PZgdiO^cNv((3= zfGhaCBYvxsx$_s?E8!SUfRNzfOF0F0fxLPjE2pD56YLTNsir*qK#<-^w|DZ0W$oSi zL-oZu{YPc>ZQwOJRKbapguQC04Jr5D4PGqwD?zswwOeYzzUqa1D=Y2R7&4a0= zt2?-`()W7Edp99|w*Az!y_a0HB5iH#4kF8&4y&*A?{FOwgqlthCArnY0Pi>wdjoWo ze3+ZZz)|eyK+yTO>~(yyce?Ga^F^txvVMJofU&@ZvON`w!YM*`x{UDZc#i&Q8t@1( zetg%_0J{@*W8@b3y{~ULVP%~W>((|;xquKaFKN|NXudjp;#E43v^>?iHqVjPAdKo4 z_;tNUdltn<+tp@=1?Ht!y24~b9{nNIl%y z*t^;ulBcMs^)al1VV&s}rXCY0@Xj>id+j2HrcXv7h{_iOogv#KSz5AvR!D&Z!zK&z z?SL?^{Hhqz!gNUDOXnr|?ows`a{V69}bL#z2Lo{^>+-=4+!&!!$;pAF`f& zNHJLA#PzWkI{1{zMVui3qvyU_nCfc|$6J1Pb}?ch#DuV9h(?<5(mvG9j23yVeTK+` z>Z22rm$Cg%;l1KJIB4+w@S*$V!I;0o4evJKRC$oH{zpEjN=Q7jSWsDD@=1mnT&Qz$ zNV)oD_wZ*i%f$CN%H-ssJ{Wy~$4m=OKx}+r8sPOJLgM}V{@yg@(l_%gah3h4yi%ix z@4rk-A=6kiZ&9=Ztr0Un5*jP8mc? z?KJ98Ak1EwDgT!78ll3@Ki~S4s5QD840UmjO)1u5H}0YtPJcQ91fN z%i{TzO}G z7hcS=^#+1#o5oQr-KbsmJ*(F}*7VIYcX$18m+o?7F^_^ z>EQRj&~~y>J)@8BX(mZl$b%2W`Z(XEaM6h)BTN^1QjMYKZ6*@^`|;_?AtnF2d@3Q! z-hO;JaoE)ku9kDh8}g?WJP)h zdBBB1)xP3CI0RB9+6NCj=>ui=8LuV1fQBZ_@wL!a;<0zHm6N*?H`$n~LqxTo{C(1^ z1>-IxrKX>URWWsiG|jeu$EzkGYh33mf^TC|Y(R}e#^VnWqc2jE?)ZSj`yynBwfa&G zvG*^WV@ZsE!FMUuB zdYk&$a-yfb|4A3w_w*9ydlC7!g@{;gih~Q&g!}?mo#&3;UbI@i63UWUnmXm=L4H%2 zGYR$d6=-JwpZq&aS>zvUKIHe``>1*M^soX))Tnu12^nOyd!d3n)fo5rlSaF3YhB__ z(#70d@=}Ghut^3*)P?1Y;prFO4qd#@gcMO*y6*gyVL1BAztK>2Ha~)MMppJ$L4yVQ z!VDZt!h1}egS^q~Py&=;mYGlR-u!H_9&hm8i30x(Y|hdR6MNr8i5Y&K3WjGFalMkY z$y%z)`0x<2s%-xIP0mHJy%ZA&!u!7z7MxhOiV3VgX-MfGA@Ia4x^tP(I=Ry9ym}I~ z5!<5;Z@$Li%6oO&6}m3z6g48X13w292l!NF)sLq$pLte#6$es`!S7xF zmbpj4!M`B!Y@7GQ7dsN#%_RM+vCou5Pz)#vq)GS!G<<3Z^u~79@~qFD_(U7_AM;O= z`rqzeE57uV1R*#8bhu$UG+O6ZRMK$o4QvK-GXriO)5YI`8#!0ry&eu-w_pRoqwBsr zyiRkv@U;XET{-DPY`_M_MS3Ul+G?3fvI3^j~O^p8Dr zHF~*}=50USEYbpQsFq8IF7m)*IF%qIpX_e}e6UZJ&A?1R6x-nel4ZWfKtk~4AH)tT zWDSgWC+l40uMWg%!%Z9v7Y-w!!equvK+U;yN1d36j(l!vY5HQj`EyG28E!6nrIs{P zBzJX~l^=~m3T;CevS)P(jalDz2AAx!2;_UnBXuC&bVy?*zV}M|nEgi2P_=B6oWY-EokU{ICKPbWxSDtOo z1~n}4V_G>aX&p}PcNNOW$F8NYV-grUin2MIkmRcbtG<(27%b$RWt4_8U?x3w8#bu? zk!6W)_SMSETCEPzL0KZ`AdGTlkO&ROoO&}?L{f1Tphy`oaTwUL8Kll?;M*mFK+2{I z?C4Yt>+-UQkRsfiovyO{t+pM33=72FB6g+ZETa%~@nJI!mh$>B>Ft3RMV8 z?nP|PZydu6I5Gi`#E1|h5K53%Cn~u%V5+L&nO?|Nz_rLXExYC=K1?Z^rTTC<6TntX zxGIyZI@L#4$7s%0VXf+$hY{IWT7`mCo+a$WtX<#Fa0^=#Ey#K7TT!9f+ z^Bg8m9=f|u3hDa1^rW_U)yAQvmTgCZZx)tsi8J75eT8Djtf9du>Ayb-tjtXF;p`T9 zsA3;0bx&!yD>8XJ9IA0|Q_-=3zZ$Zp%u0_K8;lQlO46dQ@mVN-dCOyaQ=y4v?|Bg$ zLJwPjLOWDeI;=)4#?aRX7Ww2SuR{Lp!e5hMpxYPptlA5l+*9$5)$5 zTV6<02sV!)*i*SwROk{t@rMUBm0Ga1Vl2qc!&^LT8fsk2Y=w>r=t?EPQ?KiDD8S-O zw{hlZTCMa6p6Z$s-4<210nyRO1@>B%Oh5$2I&Yag47tHSmoh*j6YfKei|umC^jg$N z`G^Q52PB1l*f;rrz>BcLia&1ZS3Ic{(Pbcj%=Hn&S0RFZ*oS}?g?Of4Q2{Q=yCWNQ zl8cc%f5;v&M?*6d*!1ElyO>V#CUc|6A)LsEMScKqPhu0(-3UTcfW<{l{eJgnVp8J} zPO0Hk7buCsILi_$d&xz2rHY;e@RoRM|7fPffWN=REIDmbX6xzt>P3N_qd=vmYPYcD z_Pk~{R|FjKdd(uW^IRm_m!KsPf)Far-RfUf%U!78n<6X#j2zaiA1D1jKMD^At8>Z_ z=PhP|@L$8>!wh;vn>_G5DmgTB&h0D?pYhYs^)HIe5!aY}Y=W8{Ak`W=E z86*PO!h%=W5C$$&rwcbf=WYJ&>POTXzWTEAavEzZiwuDdF-Q?hgr8cKB-(RIakH&3 zkEWMBRD``gCgu<1Jb}x>QqGfmte|O?b$A01x0PmnkOr(5cdst52}o@&Pl1=l0mOSiZVk zoU`Uh?Y3W4R4QU$|HXrl;A57swTLpPn8Cx^#$*sJ29cCp9MY2KVJp*t zWn-j9^Iu5g1?NWN7S*{pHzs04Xb^jz8a;87ngt8Zp&ocvD|U%0bLfookl?0*qHTlS1sI&UK@py`Dh zS3^8_>fRbFfOex%+T8wa@A<59Z1Dia>s7WxhG5CNypKhN8A=lp@Xpvt$&U(8oi_;6 zzRiGXdE2hrz8U{SBf58>(%e&_4T{Z&Nhgz4wHQMhTJhNhOytu$i4uSt=G@&{C6e1(ACVt_@t;L zPwk(dxo@|2(X+hIW-pL|&l?)2&m#iBy>ztA4W)Tk`7J?<%d{ODtzZ(Xem6@5jo=IB zE}mJF(sa9;pd`+OA~}FZ1I&9VqJSkjsj6qk#_)3LpIGmjy(Ifi?+2!Hs{1e3>pG(IL$~(S(O7{iNtzkVWVB7s^9L=l z?bdd4lkN5K2U73cJ;UbrIdUhyV(=O9o|t>oHwj)j$`Q*O5T^T=gYscCZ+cMWw^P)G zQJERlq6dM&GPykC`Lx>RR4HpZ3ZnmeU}^$jLE-I8&*@fl=4|8>H${*VU%VjA9Cz5 zXpzIX_=@un1`-GpcJKDFAKk+R9lZ#zv%?_p2lg5dumIF$b;hA?E5+?=B_Z+%kkE^D z^>302eeXLskr*TjG!YjG?RRp0xn?s!z~4d438TWz@2EMo#jH$@6y0|UU|NLP7rc)v zUNY>{4nAfrFohcV62x)NH{TThsLq{W@JRX3*o2wsmjrrN#a3qu+t{D89yL?>**djx zW2rQx`Bi8rymg>HocsHwN-svv=#l7%^KO1$G*_686FC~~rz90EAqXIX=F_Wvl12D& z!->~8$s5n{Iutp-7B1cVC(SZH6b+{ZjM8Qpf6yNxMd2U*V9uYxiLGETT3R*{$>Gvu zS$`Ot=J}HqkJLG>`Wg|FE4u2^W%?5FyZmxrx)O{F^NU!^E-k@kAD3YTv1Ce?J>5nj zax0bM=&tdk>aGDLGiJ|kld4A9S8QVAFAfS4mN;<|c-<^&FIVe+Y$3;#J|P7m0L?-e zEv#}_$TBz8e;%Yre1Be_jF3yt?!hEG(U>>;3t%QW^}HxBgsHge_R6Aq0j%@Js&MH# zowJt4zhV0WNbx&7w{buB-pFvhBvomjm1W$D8-DRMKu@z^{A*;gCsxbW;La>pE1lw` z+Smy8e;&r4Nw5dQVIAz@NxzLVOc z&bD0ht7$xd{Nu4DESZ}8+G?&aK^@jGEH(mx=V{+|f))x)cbd)+xG7E5-!HNQ$m{%j zW;NDcCu+#IOmL>Uy+6#tB*iF>(#aTOEL?lhLV5!Cro?(OTHi{!=S=Yh8a`0P>pE2@ zL9+Aws3{pJ=Mck&C<+#I!{08G8SJ2Kj6D7aW$M|45U}mYU?|7MZ=9(Fc`CSF$s>Q8 z{#4g6VS=UU3>TdOSR2EYYxs-GvujG0Wv;-1v{WTuD@SQ6{Ru$SubMTW$1< z+VSTZnn2KrLt!pA)f{2Uiv3=^SL183l)io!4J}`vt|{?P@%)5P=f^K{`OG7oWC#U6 z)7j>18`ye(`JR$fAX^|T!*02S)1!rQ$aE_f5Eqz4*&BAdrtEANiNWAa>p7*bs8^Mz za`m=WDk6X3)v=$a(`KEIlYik_+Yaioj@Db1Fa;#j-UzIG4}rwQbSRGXO-G;$3T5>< zVlA+n5)WGk57MO|Hd1X3z;7}P%S32v_We(ZL0^hy&Uu7!sRgTCIXH#rPbiL2Yo%q4tF+hLVC{I=YIF{-u@->9b0?kd%TmcZLz4uP-1s80N=}a zqHQ)-a-n>+FqGG*M6QvnR4L@fbt}=2VE=*oUAe?7eJiEUeq&pyOEdLkVAXc*%j~da zqTIJGMzL_U_^B{}1%OXbyeM9B=Cc5OagVeXK7+m`m> zw9SS}>;Hv11NSq5yD#Kje%Amm@VRU1m92{@i;ZuiEt$Zd2?;a2))`@L!-PjFR(z$#%`BzD+QhfSkYB%EE!rXy3$|2-oBxJK5 zMBESlFjI)f!W)Q3nCZ&9eR{#!H{b??{G{ma%M!%%Rab$afdnP%lzkK_Y@X_#5> z>A85Xe#=}fJU9Zk1?m<6T1(7_VYQb%}$O7k~EuK9UR==sovV90{xT8H=^NO zu4l6X^g)vQFasf*-x*KJZ=iq(5w&sMe#VG!k^jnMr!EQNP4WP1RMD5yD0;QF{%kd@wXazDaX+x>WPW2qL^2hJa zV$gZ};>6pu?tX6_o70^9Sd^RXDrX57Ysj$IJVL*N_q^u&Hmb79-&(fOmKwC3{?d5q z%G&dd!arhKFXZ(j=+&jpH?f&PXB&zZZ>Q&ORKG5IRcTdv3RRY6EfKVOUd-=?t={q7 zJOh7>mDv?j&I8)(Ngd-665l=U1&mwJ8lCZaibc5HpAeRWsKF@7){*LGTI8p-H?T$3fAJo~+rRReO57{xWD`EEL45r zLg)HoO>Ff+^p3b{VU=kE-jh)i-j1hSz(QjQyWTvL&jkK#kC6ln@Tw5R^qUUC@V}^i zkw~g$v@p=J{H@BOPi02>#N7T&J&1fGN0GCvNz*nGQAM9#5aH<>;&q$)^$y8&+j#TX zaGEh1gTT(XzhFO&#(sJ^ zVzckTlQu&#>kFFCF#k38eaM#=F^$4N$xcW=0v#=4rtMln>08mbkY!K3IIa$X>|6Rfr!agskbz>$JO_hX2Z z?u7f(BMRl$!PTRSQDmz@)jB_E)0_JN)z}0cH!?3o2{6pgEPeZmD0BEBsBz-qH-Cv! z5pEoXCM?bOp-dJgmlXac*lo^m2LHwPe8o}+W_mY-8&h8MIN$84JBJ-EsF6Wa`QXb& zvZJBDX*=(kNmnWFNq}&mGr}&qc+F>m>-O+#56h%NoVo!TJ@xFL@4n9aI#S%eIaXOr_X=2Bic*v>fBFAFvbhYRFzJLrQ#6R;D5QYwS4?g^ugt?yUuxeV$tKI6ibPmShcm`|N9qc`(<2Tf|eCW zVP8qto$`^_+IhohHVVMD70X}!EDQmwMwT{OS3pKA$uBU*1zZs-L?6p`&`ZGdo34w3c%eKnm zaX!)+tzT|;jmKK9AAeq=iuH}{WJr?)Yb$A9}BP9aOrh+H%zd_d7o+n7eOKCQ5sB7>&FmOt3q_ncN zV_Zw}{BD-_lS`2r=JQq5*XXo1mi9{nPxrt3YjBf)*E-no#Qd6AqkA-p?>S4xJJ#Pk z+Glwkt}G?2J!h)MVVYx?x1-R)tBI7K{SZqEve*1#(<+Y6yF6$OpW4a&al#7i(bwEk zR!1OX^{YpB(v6~0-^0pZWq@teBSJBin>nQ+CoR0k7zK}S9T zyLg9n9{I~oda&KnC^)13EqZN87t2b3dbL@c+XKM!`5pIqX`%1;d`U-NrH`R01FOF0 zQQI1D5-3v%lWv`1YjB65~JxyaG>rYT2xhmxgnqAIYo+TN0;CEH#r?xY2ZkHiGL?-h{8Rq*WM?4PDsObE4py)< zbnMJej3a>_3ooWNX>@XPs*1&za{EC8;nodYrgRy)F6|M@7MxTxmhxKZg%}W~=vP7tt#K%x7*mlpO3YFkbdN*nq zz4KSM%2d26?;vh^z9@0qfSCH={$SZ~Ziz8_j zj)QkXt9{;~9#Dm-HDYt}x08e*c$(R1pYH0y{cJrdQR~U0o}0qZ`9u4hdqxTVVSbYf zdsw~b`D}CX^VS}_Enfn+&uyGR&YA$%?VnhSlUD0l7WaG#lKOW>CA$g)VVG5Jc4NYP z4&2WZ^Ad%1Egg&;Du2Qk5UtgEspPHWa(1w~c_P9M)`1t<4)FXD&Huc6#Ged1K~7X}j!bpd;ZLT!M_na8M5$cikxK*27hK^8gpzk0P3N zn`Zo|jbNxVZ{{os>;^-%FL2%Mzkb3+<`S~-vv{zXr9vO|HfF`NbU1_e7gS-3PJFB_d^Qk~zjtbpc3OGt-C&ceH;SkYKSULS;$cLBJi z(%n6r@2GQm0}>UbZX8XnK))7kla#CD{rW|T4@gMharzx->-_$)@7kE*PO$OzKHXiC zjc~-t&?Pp2y#Um$!Tpe*uJnr5#&2v*2M!iYKC!Jx|Kat zC}U_qdOR|Fv)jCPOTEuMYak%yjkKwLeu-Ox{$AN6>K1&lH9uYb#aE9Tm0L2;V?cv* zwJojS{D<&LL-PUMp@4W^_TxVo8lf{Ywi>Dl^epN{X|lm_ZiKgfxkdAz8BGrO zm#A{P@Gn#pd;rwB8>Bfw&Q?i&3&gAUA%g@84k%aM=6eh`(}czEL+av59OfI|JFCh$ zQ`~G`{Qc^s)E53=Sm6Qm`RoHw$;35Z)xqCcita4^iuod-a>VX$x|!TL@4Mt5vV%aG z-^CrF4^TA+;a})yd!||0qEB~eHqCHJ)qP<;?Mow{{`o`lu^%U|`q@9Y#eL!@uP&h3 z0MA!xgh26-s@G3Xp(XI8rJ)sERNU9on|m5wxA;447>hSR+~;Nm^X*$TBYIYH!dhrr zq@R6ivS_0QwTVhCxNML6>1VxA!zIXD_*lIb^?hKV3{sMQl=)JHT*-$nrq?l)6MkG2@FuMB zXRiLjQgt~opPE*5xD>sPuU$Dj+Z~t(B=6(#4yy4&n;&D`B*T2%Fsbycx3B`u=gAJ} z*`l>RVA>g+0+S)fYo#Wn6(DtAVvO~fe2~=(gerG}3ej;}@jL=fx5@23L`h0!a)jU_ zFc!@&{+hFITUbNbFh!L`#M;4)Zu|0%y)vS#luePF(ol)@Mbf%?ZIF!O00kRWBe`c) z1W9gRc-~^TVKnG%X9kLm{*!K*stPlQBaBw+dY~P$%l05?uE|?|U-4TMluycBrMhk0 zN{f8}K~&?-`Oos8bLYgx;#KxqJf^a<%!EH`5;U6P6`84UwwkKq2qCjS8ueATQB`{5 zv96WAv*G+-U0)qnRoAo)N=YN#2uOD~(%p@OARUqlhuR3zCEXz1-K`?sE!{2M{hfn8 zzxTO)?$3Xaa~6Bgnz?4yteI==z5mWPEQuHJ>x=ime+H9m6s2eDG!yjmCV90_K2)N3 zj}kU4&ISj~hB|H(eXv$aEZBL=iK3Ef6PbbCAF|k+e=;-VmTwzkX9X9^7^@P;9G{xi zB>5kJK3MP^`=g@9;fwtaevbaHmCSw(GP8pxv4$M`al6e^_Bu?w(Z%s1A{r1Dc>Zkq zUQDu!6wOZYUX17yO(#Pgso>j1yNx7W*pBx-@W zQUwX&lOIMS0u^Hy^;dc7=-F6>y3<>qw_kf5thKv?I^;nq2YT8qctz$UJ%j4mN=cz~ zxSI$*m>?qq8=7@CT>9WxLp)%E%|%6m6|!|I#oV-U_#Ox+_t4mc-`vE0&LfOmcbmZ- zRT8MDy{2h@Ko{yWKrE8hlrsK7n%gy~I|$DjOXZcsIJGG)E`10Dz?4aU%8i*p#(jZInqz*lZU4X5dZK13tFP)8Op@_x7)vyyM7XE;vD>k6vF z*&)Ur5*uIOWLjw58Y+}3I^2}Nu7{+v?#n1E9Oifj@46OhV`kBNJs1sk(4*7(8&Z%q z@N+8(bP2S2?uh$rAFBtKw55D|?9a=O(RoG=F(|3ZO)6-r4>99@z< zXMS~XE-swZl0^COWl`@{K3R~&%OZ%7H-4B2a@EZZSnu58YyJ6G2i^oov=KHr#}#bA_41v;GGh(>LNi~!orz!bLP+DLv0G00(roIAVWtJWU4`~L5~c-@x?0c( za-FZ72^q>)@EpK?);_;gzF1O>k2B>EVFC_*oO5zo|{#!q+AA3q1-e- zWZqQl5g0y@C+9Qagwc`a`@rB}hdrj$1eBlC-ev)pBdCn$BTwFZ6?Deg?z4Q8QF_|L z+Gtn>XpTwC1YQ{&GAVJe4Lm#aEZ%smTpjS|5^lYVE-b0ecYD3Y-Zs7RP<_=j$0;aW zz21b$r0Mi0)L(fCa^~^3C8@nHn7P1)JC>SW5wq60O(pseg7&M^9eGY9jk3b6@}rKx zBo{yL9KL~7vq+664HM%e9hm|`K^Gu=wX;^le|6IV|0&OqL=bR{sRdJurBgQU>Xa~L zri-b*J0E<;A#QVJRsEKvx~{JExi>RO6%zjRebp=N-Ulgeh6l(w7-5m*+1WX5#@o5{ zzi(GFk~l5e`^NH`Fd^)d--vs=?GGAlSwzSJ)=sOE51%`2o@Of5Z*LO~fDG{1=1&A$ z4$j-9;YVQNqW(;bRaTI;fWIw9{e3}_iu&C)bL&;7e0S^`bk%7(&Qr(CAfIrf4`exb zQGstOQ6|xI*-^A*cCin*XT5g!4A

6QPwUzqUr! zWSY5N%$((S!|iGVv5TUx(+q`g!F~L>e&fcUMT}Q67=9T%Sgy@AxaYqi?%!U?sbCMUqexNDO z#QswY4%wmAoxj2^DU_Sg%Vs(3?BF(_Eml)DngO^i=6`8SbBXg>T}8>_t8fo23Q=54 zB_**oR7~0DK77c_s58d*r@1^oA|8!X@%#AGWbj#0&OVc7FdcQC4>=CFLJe7ZdE=Qw zyy(0Nw9hY*P?y#RN>VGh@dAe>6fw2AAbM}1QQ%P&#jHiKc+w~Nrv_`0nPvlwry6n< zHdZSy9GN^MrqHR6s!UV;aEPkR-YMa@K~LSFQUbnYQ*NK0o@)OkI&9-0$1-cn7m|X8^Ypap3izNbGI0wjALB-n?$^-aauDE#b16XUbe3C` zsA3p>hFlNksF?6Dh(b6jv3R9v2otG>pTPPdX{Qa9w*webqVvSs+_jCXc-lZtp!GdH zl|COH2Ce5&?61j*VrP@>4z@sVzm-@ZZw+j4M}0-#=&AM8nDg;0p+4#v*rJ*1>+!qJ}kX^CR!5Y%Z{2>-IWgiQF`?q(^X6&=q zyb{=|irpJ)9Mo?h>2v3{yW%T&b!7H0jwa9%&ppP>bkW6I_nSVT%ka;~A#d_Ri-G$j z0Ju?tY1PBi(Y3J-6N^}7#`z*ABLO!}I77@ldkbdM8vwED5Dn~MsF08q(kMRcy-1B8 z$a!L%MU9=knY@S%m*U(_v3kX^;!9uyt&!Oa-?{v$-kG)5n@+{XJ)^2N{)6RIz4ABZ z{YvGaAV~ZXj9beW3elT2^?x^Z75fg?xpopDDnRaoyhD8Imetqp zKjx=wxEfkDwE6l6x`W0UAO0b+RG_8Zd4L|tJ*{-zRG>`V3tJQ zYV+6~yo^}b8s5PMk5zN(kKs|qyzJMm1k$E`4CGC{6JFs%Uq^c7_C#fK0vI|aopvoc zazaMX$4883IoW8fgg@ud`vDs7Xa-!ArpZH!QCrZ*Z~~~zQE7ne4oEWTlpQ;Y=V#vk z1!^DqqvRak#Fi?okCOG0Wek8qO&n4xKsmRNx?05C1c{VM=%q zn-Kb^!-I$pT0(T*qwx?LZ+JH0y|&Q{F8EWIGpp4#$>*SFX$=j)afh9H1#!&J$t3z8 zXh^a)z!9VX0{+j5Nblgr8}^x%2KCBw3{u0eR1HPE6J+vz6S((|$!T@%wH*)0&8!h0 zN)O|Q?8_;hr1#AsC0vj^5ZC+7JFM0#52lf3eua{UF z>xfXXqQ2o+&2%Dp>AosMOy8uNjW{||uPH?8+9WdL3nd-0r3>vYqZ_`Rq#ba%80U zRd|q=;F!!#G%Fq6kNM^@R;e*TA$G;3I*!yG*q(W!9W&P7WX!qdIN+V8hm8TZmL6Zr zjc2C&=bJiNPWs#Pk`a6BIc@w=BhVmj5D&mVOJ`FITHW$Ipqmi#@H&lEj!$_<$j-}` zH0LIOBs7YHY1bSp>;t$m;uQbj|F(i)*EnA#wQ|2HH5E)3`RjXAwYK}E$c)EEPfc_L zsv0q)IgeGZ1pLSFQb3{YGE~!BQRtRqdsjm$%P^^sd^_KyN*RxwNk7#2iw(}KX7u1q zE_Y^Q zt$-$qPK95AW`HAHviVw`(i8Vt^64Joz%Ax(AQFe~X+Nw+EdWuLfY=(`NBkPy{*%zp zd4i2YL|SM%!pHhr)`>}ePq6YU|ARp$ekmmUIqmHA?r#)I7=WV|USqbS{4KU!_uePS!7X5%c!Vja##^q=HCQh#c&^W zw&^DB28te9>G#_a@MAaJ-OD@}J%En1(Z}#h4=0wZOQv;}wI;)behuevLU~F~8OOD# zck{{(nXhkmJXK1!xbm`wq{H2hYd&|x^1ti@L0M_WzAan%2+LXI3aPgDHdHF03eO-i z86HUws#0IS#$xf*GG|hRUV!E%67uc>tQ!g&;G}W zbwgHqkbwq|8&FS(YnD1+foI(h7ja9nqrnQ^#^t}Z+m6HEK@CA}8A498INWw-*icqn zhEFrYUur=;E5v&wJqCL%S`FT|<`nV--x+vr6IU#_N>Rd6Pnlj_RF2C2x_J<6oVm=Y zu!dG4z^K!ke|iGoXvP-$YgQBv>#A#jD`cIu6JGc4 zoMT(0#_FAEXM!aczEmdedARWH)h3#ddx;Fey*L}fnGA=d1>M49Pc}lWKC+3`>22^O z^^xOxGqT}Naq5he#$4?+pI%SK`dB&gz1z~&}pdqe{n=}exAXv)?YHXYyBN|gzD z_2%=}A-$51En{-$ubuHy?MJRq!AJuxV}+_2uZ>1m3aMn?)X+h4X5SDJn+YZe@eXR8 zy1Fq01Htpk6}ZaM3(@8G3quZzZfuzBz02QD4kAo+ProO!H|BiOkAn40Ki@)c^Fe>} zLSuv-u2i4&+TU}6kzZJT%2xTiv$c$32-%|NSwYqKY#ke zht>g57Oc7r2#AhI56U`p38!i+v!YdYnmIycSzQO|ol1+Q1O+GPKH%q{0nt0}t42OA_TQKjuWbG*2 zbu96RdnwHAbxZ^eO6FG6 ziQMzoA+paOkp;TiPt1Rgd#GD13E316FO4-Wh7NKlm!ZX9<&GFHv_i{#T+cs_&_>ua@q7&*G z7~Pr2q7YPh8o)SGWqvhzu*aFPi{M(!Qe~HE+i;{-FAtmgjwk|wScQz+WzdKYoLRN= zeYClRJco6z!9WIc$um9hMgy}LK>q~UY5b(jL${$d^-53xgWnj_FILCW&}zlyqDU2~ zJh*ZxZ;;oN9<-u;H3Cmwdb#Ht-ST$iie;Caa+1i5HGszgqwE!>HC%((>O{Y{hF4)% zsj zg1(f^iLekN&H}-m*}q;es=5_I+e6`8h(LA@bKvB{IGgH?WSglY>KF8nNg=9sD*U7C zMBW{qe~LjwpD{0LHgGQrm`ggKtvZM_auVoMqSUhZ>1!&8QAwO@0G+wL&cx;mkWmRmRhrnp$Upjy&pyB_9TT2 zfE3oSJq`Pw-Bw@0dhN*VUbfE2>acNu8sjxTJQwcVd2#%QiSltYuycK<_o+|~7oa3!6-r{Ax9!=8W2fg`6$|ysI|Xyz z^53Mj&GWAb3h^veQeQlhQM>E)2e3O+|-#^L3ntK+={e4r(p!uk&dLqMf_>?2b# zGf6w)0--bnOi|z=kL=F1m}oq!6FKAw@UlSd7waP3NMLI)W97UuM)%0-a9HorQ#+ov zYG*jLYjZjpCtuC%LJV$ayuP@t6tPvACVMRI9@h<&*t?j^zn>W0-VA!eJ6Rlv@pH$aJuavXD9q&^eW(d#?g9&27y29G0;Y$_wdU}Vdp8*#%$4BY&z!ap!ej5p zMNue!fSFX?fG+NMous5*oqTPz^o6Xr?-Psdoi~-s@x}YpS~u zS->o5SYrZng&>S9XG=Oq@t5HiVd?lHYb--{mh#0^=&P>%n?>7xXG{QU>gb;Ia@W}i%>)IBzV6Ol6CLw?ts1Ta%#eC_jkSBS^H1@~1K;AdtsBzA;4zUPTTM z3G_S6NfZyvNpggz)vn!IpSU@GV9}~F7mDb*2EQ9#-Ssx}TKF-?i0`sPYi88E6nu7= zIfD9d;2mr}0>8H4Mb-FKzwux&f$i#&*uc?k=8_Z{#PwNSeUa!L0NvKr`w9|*uUg)L zYB%svcQ0-*lwd-soNU|86o$By<1&(SnahatjZDe@EOLvRF&}4cdta^RV0#&6`MTT> zC=x=;(5_bN$SL;U#IHgXpQ;I|z``>Wo<0WLlh!kd)Mjz-rriUWtO46$_MPt@+`>{_ zUEhVl{6{tf-d0<}r0LCYQdpsuvlgloa^^Q_`>?g8@FGyb{#M$T@PF#!m%PjATy2L+ zAWOehdZw1owZiDkAjg}D5_|Xh2F`bB8v zvUC%|&3%Au_!+5Enm|I0lqaWFyKmFYDVUmbR{4urn1MBTwl2@bE~fB4`z_zkRTUp? zj6l2eJujn@ zy&XY6+Lhdb3sK)VQB{H8F+~HIbjS5Im={923qo-W=JoXINC8I}E^T$HcuQOGc0BFZ zd@jXZkHbuIM2F0cPJ23t?G#wK41UMc#-wPdjtl?TBh|+3qW%y9KSW_gr@btpodgHo zYA>%A2|U>1bM3ySQu1xj?eh>G)?O?RZOxU^g^4SB9~8xKM$Vw%3(4e~X{Z&(Hsf=_ z+CC)j$T@LWaojIvM_xD!XiHiQD}SZHc}~ZztNsNJav~ar$f0}R3uIuL&lBMb)F>?c2}NP8TQ0Q?SG8hOqYi`wy6~W zxgA|BC7pp{X1Ic($85s!uu4h~S$d`~rDaXNdU1`c@z>573wA6yIjI{bj>_>0Z#mwX z-3I_k(k}$DehE@fnu+-27Nx&}*{N^U-z@SeCdFxf&Do!}vU^T{JuS#j`;ibV-^C>` zYwuyEGbe~bZ^K$=S&Mg}*k_;GihXV>Xvq|Zj4OzVRPlI5eyIOh#p#uwcA;Fs>G71y zT3SKlt{rKLhqE-j*zG~wrnUM9UZ7xtt}{ADD_c{J)Kjeu&GV>M;vm`3B!`)<(g%_) zaxNHG)H(+}_~#jJ3s2KrPt7Z+?9q_fVXztt6ZFg<%bRHQq(%uYnBWLt5PgD8GV5>9 z96;dWzA%lfz5To)05BfFggEnsmfjH3oRAZPm6bR-f)vtq@ia0=-a$j{6b!RUG05k4 zkUJhu*^o&$JW)STb!dHMkSM+1Tr-nTWg5PU&^SzP6v3a{&4hFjDomQ*g>&!Kc3kcg z-l0%=vx;7H5faH@P2otEIba@Tu%Ai_QLsW4rB1}UH>!@(J3nbNQHmZR9`e%=% z7jr356^6M05uiU0%m9875rPku~UTZ76=X0%%dKV9H-FM?uh=E-drLy-1 zCl(+4yo8Fq2l)jc;JpY0*K=&4{c+1pd}CretLq6EPP&X?4PF*E230v{A`14zyFPzX z`<9{ZZ69R6;g?$C+$HhMAC|N-FB)enW1G2SsaE9(sp~*|7bD9()LrVJhbC)PbM

  • sD@G&Q$Z%VXOk?Q7Kl z1+gU;JoR|t4bK$|evqf+au?hrenDCpIU*O%#P125oV+C=jsQJz^8+=lE@MYVRGPHe4Ku$Z!4ztCXUf2@NH~2}{8DH6+%6@0$HYS1sd`%vYFL z?}Xe-(&s$8@yVHXh6JsJi=LimY|WhoNKvPE5P!vH@Sb>8SfTmr1}~)WBP7P0e`i2H zoO5Oml|1@Bruu8s1|R}y<>Nh^+p{!R+S+*}az*67Nk=ED zl1qMDK|;kbB;dIa^qlL-xc7T$h}rs6-e;L=d!u_*Up zY|EU_j^DoO*k&ZbI5om9&)T(Cq;L=m=x1-GZMkzaoN4R(cfTsk)>yCBs2I;QriHlH zU3z2=PN7IGkDO5|E=0jOzMPIh0xtl{xfGXp2vL z0LYr5O_z7Vrj8=M`G(f72iKU^uVfubu8&^yyT<{Kt?lWrm;=MZI0;4P-L19rtkdkV zk&zzih%va071EV&qoUI4usT?}cj?@Di}P4S;6ANBF#Poi>qM10gBD&0;*UqY>!?X> zfAy_v_c5Y*ecH;hn4mbt8ia&t08A5ya@WCE^Bpg2Skz1OQSjTi1hBCH?18n>j8}UD zdx84_u21QwAvsU|gn445og~u<%KXwu*eWacDDq?_vD}nycuvilUkGxs$)8+oB`hUs zKsmp9V;KcJpA{58M&nPH$Q|a+R&4to($_mTXoO?JYFgE|LQ6nNz?iRKRLrOuAWCX1 zlQYbw5~I>^ak2(x_A0(`1mzneG5D$pieSHHp!5A*K0vn+_g${l?pw=V4$G3$(z%cK z9q_`^LxCIV>oJzWVgp>9(0%e(<+I;s%`={tH7$78vUQE1Zelp}h4Mqae^WpVu?{^s zticxlM_?dDXyWz3306-=NksX?ruRNKN)c@yDnremxnzc?j1MYH_itpNg6EQn>Q|!k zaLZ(T5h%7d|a3}zA|v9uMCGT=OrUSnJ`)G&`DNV?nP-(w6=p$$K_T$ zk86h$1>KMDK|6z4YKbwyPUV+MXImObKt)LK!=r@&x4}g7r7zYeNVTrgd1{ip+I$J3 zEV`C_8Pm@C8#TJd?h__nTbB%0N2gSd3RyWl8pz;`r}x{a$YaLi=r}4Omhmn*z!8he zFwjx`SX`yFfE9G?edFG$cC*b%fHA%{X?e_FMY@p9>fxC(OV``3LvI1d)WLyIbn|BH z1Qo`~;KX7+Hm#lJk_NDyj1MGM)Epx^R7D~Clk}DGOtU4v{#uWCe1m8YZu`V_>(R19136CFI3$VoK7a$ z&*>P>t3w57Z0j9fg`^(|e#+O{ZxUd|0Ez28GmZ=X@lkAUM51<+Z?{|W#gCZ{Z3G6d zX8pGvPx>%p(R4A;80eH9Yoovbc8Fhg$Wi9T#-uApwov~8Y<2!KgJ0Tdklo&kB!uh8 zciYuP#xp5Y99?g`-stwTSH~4dNe)}}#uCEC0n~rW&m-cBX%;jvt|!BvzMFU^DTgsG zh$MRSi`|!z3IW$A#Vsp6LNbxj9X&QBqLmbwCr_zEpKJyaE$@Qy8^9i&7fWJUi(XXe zH5am5b)c~SK&HumK&0T69_zCC$q_VV*UX96nm(j(4oIWkfmt?TnMAN-Z(ig8R;7h2 zeiD8$kZk{^EFRQ7y(z!b^Kv(*I(;Rgxn#)^3pZ`&#EzIT*!cHRnCb3~BTqbn{#||& z_N2xxqQ$zzRW9E+b9m1oly#d=8YzEjLpCvL4g`oID*`szEIR37>c%o6P!0w0L*0?W zg3?=l4=Xb#)Bp}Zyb!&=r*x4^>Y4I+z*08R!#?@JtMTC#OR)0CjX=}uyR=4yIvc>3yR;KSLSwGUM)9f?>4gc6zb3e8w5h|xZM3zIqd_3f1{{CI&B@zrLC`7m;- zka9r1aRx|b%~HV%-iWPziee+cGfbz}8vHCGG*QxG?KgnTA7(LmYyz)LA?Q3xJ+@~? zJ(CS5Sco9z@TjYazzs(VEOT5ywk80+N@hWx3pFpcv<{F|A_ocBH{w`JuZe zXdNgk+%6{La8kLVf2>fo)kNvIAjQ!cjMV~9gK7xK+ zd%wiXN6z3)S^Wb0RDz=2&Tz0&Jt3(KDOz8oI-9o#C9E_ez1@p(pa=Zs8WFtujNQs% zv?pe+0xz8QT6@U(#}xtsRMJZNWFAL7(gmgI@|wZ(0Tr=58`@-~XAV0^(%fuz5x9yl z56iY;R{Hk*98&-t_mD|iv9dR1x>UJWoce}z*#Cs~WAC?xo_L2;s*$AEkpbB7hLlLL z&ue`ca5TOHkMX98D#QaT`hBMxuaGrUUTD==%OIC;mG9XB$aml~VgOR-VM}UYw=eK6 zT8j5oe3W8VC|5bw6Ub{}i|pM{KxTYv0V`I7r`ta42G?Uogrub^&9$oS_T+cj zgkzO=J1A%z!OqwMUyL44w_}*Vf07+C!u3sNDscagTRVRh=kNNTk*;V{;>o$Vtkoa? zbIAsMZOpwdEkPNk$R%$qu*IzLbce{MLsvcNFl~|be+ZhlCTuf{l{@{eP! z_Q}vdE-|tY^fh4*k3UhU_VU6I0|@^#Guhv*1e5sCg8D9fJq z+PZo;csLnPw{sZLUz4@kKjREJYJkV!gUk!C2!5Eqldc^6A;uJKni4Neu|7QAZ^Lx{ zlPuL~B9-`E_(guIKmJS`02?RiNN><`IR#VnuW`J2eol%Awr_r?p#!c=o7MJ%&;Fir z%Gh^a>QDb?m3Svzp3P6gZ2p=o)xjB@$R*~VZ8{wW6Gg#y1`m8B!GQJRsED+gg02hv za}I;Nj44i{7Egb3H7q-we#`Keg*Q`h26-_EdOWue-Vvqm1ncs0c;kO-~1`C+1FFJAnN&VM@x1{amszP!=FbHaI7|@jDaTr z{Lc&&3Bh*xht?o6{0}t3{)PrbhQGYw@ecoh#{Vb-fMCP&zh)WCzQ5+E2oJ%=e?z06 z2ORn-6CM5mN9TWoBfB5iy}-gfvdJE`f%af4$MFS{!45BJ`Q5O|8wVm5e;H* z;=fVr3zp!2P)kb*vBRH)2jWl8_Q1bs?b}}t#rJOz+Ftq#8jmvkH)KEZELTFCz}V>c3*7$}i28W-|MnEfJ>?-`2rS$q-|EqaL;g)0OtKiv#=t*( z{olv^?dyMw_GoY1zfilq@-L`0M+C1A;DNs%n#G>h#|!-H44nUVD5igdP~+dw;O>d1 z#PlMdP3(E8T8cD~B8g~ry1~HzC4Jq@M7l?w-aHo;{GqH_bqYR85^vZKv$ziclhlZ7 z2ci4JCE7UmO3A=C9s*8Dm2|>t!?s~^Vy0>QcYew0dOrx8If?X-I^XW}HlCCn!KY4X zt*Q;))w#f{y!Cj`f88NBQdTQ9GKku?k<)o@;Ut~&%IoO)LuI?+8S|$$*Pz_U9o;?D zX24_JZo&S3_Ra0Z!`|rS!NUd$a4`XB%SHm)!C{kZ`zD>Qzh25Q%h)o@q${2Mq!O$f z(_VeB?J^Ia5F2OUfHvdmj$btJ+->XUhffNl`X-R4V{d2}rX@7t>$Ke7R8T@DPi$-s^!y4Xw(VF|(y|`2||LqI- zP_g*3-o*&r{#zUp6P|a?xM5s3$xaIeXHS&Wk6xYJO<2tA(kEryk6EUU&}h_Mg($f1 zGM@&F^VvmMFz$~#-EB9oHv{*Y^W0&eGzWj!pmPD&^OBhgKc|HXzYvmJ591Kd&9gMi z6R1AV7OjhrF6L?W%axio3vbXz__$qxufGyF(B3~F^iR$~zhOKXkht&ONDAOWt76(x z$g3CxwkE>s$^ z!_sicc9r}1g*Pl74+Fr*y0g-yw#y8-Wd7A@?(yp`!@%vISIof4#-c^p$wNgYbAGJA zvW>knKdQO!0X$LB%n*srW&;Eczxnp&*-(nYzXj>pp|7mG!lV~ zI5L4F_&v0M)nBA?70WJ}NBbXqfyj|b?YTo-W?M8VbtC8gHZkJ}c)|mld%ow-)=cjU z4AHK-;OJ+QZzJ@bP^Kz7K0tYDsAFp|SlzBZz$?o=g~5V?fKfxrB9o1Bx*)$cbt^2iKUsZ*74HM~$UI9~L zk3viK*#eH(uy6nSemviCM!BX24=gy6ew8T{R{TB1V7XD;9%*GvTRx^wF3Vr4h zYDV6fyvLuZ9?8nk@IYt7JZ+Cmdja6Nc`zF{5EcUE}<)hjS z2~ZWS<&0lGiwGRD>FYQgJ|XV2MUs@9+5eN{go zGgsy9`&Md>fvb|DWIdJ@fkPsRGZJpcsCRzdDV<#>+Fh8?zd5QaDjsBO!v<~ib&+7u zcor@jpcFqALrxmsPeJUvcfj>xGKTs7npGg><++PyIQG~~jK3p~-6hv+%601c=rM5^ zi|4Z;UMjo`0!hQei0403u&Li&lTawaKiddj&*enuWSz_cFw~Ks`>|NFP(){Dhvxr8 z9X4iRr19hZ1+U(RUCqpj7{SP5lK8UOzo3Il72tcyQ<0lYJeFvb+yADOnzbL5wVwbP z7a{g4h1j?;@Fc-_>IVXrW$8>@7kTf<@rv5Bxz!i;RY%KYW~_vAzc&4U0=@&8ayF{v z<)MK?0SUsKb3SM@annK#xHn|XL)n@#2-^O~9iEs!UxE5M5rTQ`O60t8_7i21SFf%f zz5!cg18G9hf}Vv?zI*Au@wjX{RIAdG*#65ZVd-;lHvzYfm`5{A!Ueq?g~$ANSxT%c zQ+Bi5C|Dd9!|Z+8KPW){Bu$|N7G5}h%!ML31p5oUSjA6pO2&N+WW$c7zZpva9TzN| zL4Dh#Ykl@pV?+hyDYHJ|hX8X-dCEtQ5ehPY16dd+3R-nI2KOX1ymx^t3i*6|IKiS)9OdaWCeUWOvZiAP88G zJ23e2!J6H5{xe2_Pd!BxDYWHTuJ=!2$=g$E1K{KLnc1Za`ih|RePl|t^(FVWP>HL8 zY+V{ALJw*xRjU|@Xc{1m`xT%qGP2-Qy}|o0}`A?dgDjrTa;|z|=KR~ZpHOL3?g9#(%t4=`XlNDzICRbe*_&%aulko1vZlbudWPeO zmlpJsOcK}H4nzGj&bCrxNfY(_&%!O-9^xIoOxV-#g#>Q%OS2RCnDZQ8VBozK&c3SO zu?XbD*i_*E03`8s947-5k$AsD~9OW;K@cf$?LkzAlMlEF{^ zdWRg&BgGv5j+I&0gA>{l(tkv=s*mI7uus8ZEjng;1M;)Vb7m0w@dL%V?Z*%J=9PYb z5W2ws3=#m-UZnKHM-MM>Jq~-eNC$`Rn@87)yjt@CKrpmhc~?l?DF_Js54iMEodjk%1#qHTXhdPoSU( j{&C^ap=kX%qUf(n$d7+F1pd3$;pksWFX2!}Ap`#(MwKAm delta 53172 zcmY&fV{~2b(`{qhw%yoPV>@Y##^#M}+l|%OX&T$kjcprm+JAo^-Y@rlIJ4GS&pb1G z_UxHcQVN>#8x&sQD<~M+r%#`tJ|UKA#KHf9{`k{0Ot1-pj+-X{=zr~DLhI|2KJ-kd zI1LW0LZsmj1@HFX(w01HG`tQWn?7C1n6Fx~+b|mEx_6atPO6c?f~+3bu*(C@!BeT` zLv=|w6RCkSV!X?3o-h=aaJ0(YBIXAoXft#^ATW(xv#B99@Az#ahn@(_m=&VIPW!a^ zfJpk~L4tF;$*}kXCYCcC1KOT$p$ zT^Q)Re&;2V{a!8`#CT(=_fG38vxR~Yjlq66wR1z=`yv;My7ZJn^vSi7gM*r%FcOgk7$^eZJZMO!XY zbUcaF+RMgf?zJD&t|Cf2oz&ulv&-i*2oW?2y`acYHjum6P@CRQ7Rjr1>Y(`foY3W2 z0O1^qXZ)>w{X63O!xr%J;R1Min&&lecHPs|2HCh9@6psX5%ZGs+_uuw1IXT0y)Jkj zqet+6xZ~Hi?RwZ>&zMkq)@&(XtbXKs9>BEiqa?;WC5XwmO}5|MynN$d2fSokyAZxz ziai9qZ8Y5i+l;QePX*rJV%L8*ojm9xzCga@G+FKd-a53_>rTIQtc>4PybWM7Ub>c3 z{Tj1PKY!^oB}C}xnm{;r0TBAERhNTzad&lWL@Y5guGPZR##C4`+%MR;zBi6?=m1#{ zUa!^dCvYG0Qi}|mo<-muTTyy0tXKn}R2|+1JnukPE^NCZAMjtbX)wK~s2P2h-rLl! zicL))tuY?`UTaof?pwJ#w=rK0)qZjVR`J>~2~30ey?o*o{h=X7WIwN) z!k(-RTll+KrM!z+0IC6n1wt=`5=H%k;xV(2Gfb0KG+1w`ZUUh-x~T<8*bwVQiSeAb zZWwub>6_-(SKl&W+wsM#$L;EQ>%JsT!Ls62PdX+}MX=&kGR1@xsB1g~Qbw#$;!2dZ zhiF4{!^d_E$2`>u?lfo_>eaI?C9$O~t7T`H#IhG6v`;9}D{;5HWr;yy(UTZlsnkv#Ou|}SyjrOycuxo= zM8Rnma*jmvAfRc^!;|AV2betOV|3o~SjQ*Bg@HW=e(^}VaZR|p@5U+umQHMt`}p8! zwAHGaJBBGye&PA?XlH*r1lH>fHHa0Gfr$`cV@}YNKH$6eYhR%E?=R@~sNV$Ul_MS^ zxGhn4b*uq2v>JvVGfx-@<5T7N^RG=6dGl#6Bmn4n5AGS&gr39uQsbNa`^~A*=hv%{ znXd21PL2Gvo+Ib_S#PhjE>!o&A^mf&mJ2Uwww;ZU*9F@Mi=K`8gaTSVj|tl;11}G5 zH7{po16k*1k1pM&Tzk>`_1iTKYx6uK^7=V%hh29s*pBseFISk4Be9;_0V^e@upI7~AeNCUnSb?6&iM85zqx#(tTRef6Z)OccU9DA=cWTM&^txTz>jD~p zW``HMx9OL-%c|nxhradf3uPsDKcwbgW3a-c@o%Sl;885Xy*WbZn|tfXQSa=ifUs?G zK|8z)0Vx#IpAW8B*MwJ$v8-f@*JDI-y#RUWZlNa*Tp7-WJhEYl$3BgI>uyH6k%jSL=<7Y zit&TQ1x)N_lyE(JWn_D(KuHoGcV^u<9I~%7rbsk<)vj|y-DCUEQekg~*Fll-G5~}n zI9bV5gX`dF8C}$J{eBCYF66>7{NB&=@@$HT%*mLDJAI==7H>O_ED2{*r92!dJr!+) zd5tRi{L^Qh(@bH{6RC*Hqe!xaa$^C{^QI7yA#3*~tL1(I5G}b|iOU$X@`qu&>BC%` z$3k+#i!$QRHWxu?gFh&WmQ2Bk`T+Y%M0Yat5fKIpn{6vA@FVvtw&x4GKCX*%1GXc; zSNfIwfgWpy>`CjEB|bH(>cUHrTmCLH5;7-Rl5d2M4CbC1>fdu<5B&gclyCKE(a=wL zNxCf^>#8xhF3sNe8boIr1wB1yh{25~RII{}on8ZDUhZffE8k<&%i}y>asaUgd0?^A zQi{RkfM=vVd4xF5uZltmIATI+1K53A0QPG`xRv_@qHYwF3OW$b-7kcR6LO3WuT@HT zmnrQroG6)V2gPj9_9HoSC%5Gg_obpxZ`1Mff{O}3`&)~G_YEu{#QywG?Hv?<6&Oys zVZ?aR&!rwY+Mn~_(PoggYXFZ#(V*aBIP0jl@XM*e809#2RzyTmhNyd_-nUd1QDI=C zR0lDYvj@5JK{;T>!JFo%{*#q0!W2JsR&wufhj;9B16z_1VX}v^$(8(xehj&XW(kF! z`fSMcj#q^(#%^7o96}ui&EaB42m($UPZ|wFZh^^06eG6hgd78G+<;o^PCf)A{8P=P z6Ed1dTijatNzcF&bkD^T{;P5Vmzd{x{K>pkz6*hH=OF?cW{*{eIRuH%Z&&4p2?d?T z0WWa=UXnF~c(H_uFS4>Ts|7n)pc%+86|oZvnbJo;{sc&dP_!@d|nE4*vF3#lbW^vBB`%P>>nYNKnkaj?-zj z?YoY9SFAeE{>5B;-ZwXCoE2j-ra+-rG>C;>d4>CycrP2UF~UdKg5Hj`dXJjf zURK|dS{BCd4*1viTr0Z!*xvae=l4qHkC2aB@U{z*BexT^Kmfo`uEMpE6yVbKsiY{X z#5A=uB2v2Z-*7fah{NEC$Lybxprw;@jZG3#sjxlrj33+;r|ln0sSdF^L)>4yWqBs< zZfWrc)3O2zNqdh5Krjr?)=wXBIwJ$j*E0R=&sK_72Lz(*i~SX5m=UJEtH^S2x7km7 zY7JM7$=fc2L;%CyUE7;#UdOq4RUr;16OfJiU*70xdxMC2h2n#fedP>>e=|iuk!bc4 zN7usqsE||0{vw@FkD#HcP0RpBj1W&JG&D@XOpM?ug!k5twBPK7TBdrgNO5m1RQ84s zK7Be&W$ltDMb_lySFHA$c(G57tb0fB|sDsK=T|%;xX54ahG)mE+IV z;7%4@YmG)gV%CTl@s9bjyJm6x?auXx`$AAuQg~vofe9-B>m<_-5w2go&p`5z?;+r9 ze8xC>GNO>0NJ$@U9QPT!R_Y+o^-FTxPu7dq`5T^>6v(d$UQK*V9k z)767b1CrFJP3=_+nlX?yb&Sq}St9e9exr})`->%^r!j|)#u`IQtFecLjmBZJNaSFq z;itTd4xUVIg*268M~(-AAvX#ieR_X_RJFjkC#`nyfTT=9xxURKNxq-Z-J101ln8_A zDC?0&9q`nk1?}UGT}JFSER%!z@)!{*xtng#3vkcH^UFQ)+9JpRP!S)oaF#iG3eMmy2+By-f|1i^^oq)C1*Ps>lN4=VH=ne@D4yX zec^uE{Az!F$rvo%*@;lHBTd-yJ7x}l`#tdpR?&9f7SRF)iIjLq_-pQSsGT_T`Y~yG zGBpWZ)g$U4_0~C4L;`CBjdUfJlwf2a8Q`lzZLO3{WT76GlmMeRHv^y`Is>=8JI!UT z&`g|*NRxQNY*KQQChCc5flJ9=fWrL?|1KtD=W>%3nF6*n-YDrI6~)h%nV9-E*SqmF z|A+lfb&fY7+EelQdE6|dKRoU(4%t8o^k+h;uB8%XIX~)$;A_P9a#MIsK-BV*2CZjWj9g5&w%ZOFdI^60y`gx=7SS6XbG#|LWOE1ST{v ztbYy$OI?ID*qVT4iXIVwH&_iQ^VN=^6e3YpSm|!7%v#91kWGLIn=4Og$oNfAb-?K4 z+rvz!@;utx%(-VeEC^@{EV5k3!s5!6%4Z+#pE=YISTA`oh$WvrtFXWr>MGe$@CmS( zw28nKDk(O=x*Sy!=0j$IK%RcBSzXbf8hT}cg8myZXT%QQO`bzupMLdc=cSPti%lH5 z+T-kdx(nhR-?v5ay-G~fftUZe6(XRBj@l|_g(Ak6(JX)v3Q1>3G*a|$Eh4tDp6T#8 z=FqwSf_^RxQ;jkQvm8GKfTP9(@p`!nMg2_7_j$ceozVt z7+(kjufk0sg*x;2H7X$$VJ|=w0`f8O$iTqv$u6Yiz@Wq&fmAtPIoauDWT(`wjGUE(VA1mnr6G?&PVm@h~?gAi&*8lwC% ztggX~Hn466?!;0%49{)f`w#|}RtEBac;g_QJ1lA^;uG9Y(hWX!>m-mbJR71y@S_JZ z`L&y&noAm*kQrw#f*K0VCkzzWc}}YD^7*w+^gzoLnC%G3cSeMF2wcs1wUt{n0@U}f zVC<(}ZQA(H?j*ej!jp-#VG`+tA@#$Poz<>iNw?Y*<9Jm?skV=C$?J#1>q}tL(bVd} zpp|p~AycwmVd=$nZIMpOd2p9v@jw(0R!Da9VbK(pk%sMTsMmvpf?3w}P{)yA2!hfK zxQ~Z9dLe@QYCY~6dI;qp1F&9PO{4HI`mXPrZ*nf8fNi|loa@vuwzd_F0K3J#$pR(wYR1^bB^0R_;* zh&#SQ6`Evg-|Y;pB7ASM?*aK)BJ9UBI7{s=qkVo+@rjx6tKyEbGhmz`kp7oO(`&%$ z48vtffs5tQk(65(c8){C=FzosJky|rg8&Ez*>?F=oFH)Djhk=?vIoZlaUHB{y|R+} zqPn_R0yEg!X{p1^Q*rAkh#dm)S+@hiunud7z%L%$#V)4S*ZvbcQ#h#3h;dQ-4izq? z$tZqk1p+PYJygIdDL~TSLv66kpeOhZ|URHjY zQ%Ko3ku`j}+JLSFa=UhXS|7gl_FlWdQM@9kfykbS`mK667{obed!j$MHGGEW)n!z+ ztKaBmQ`blIIAHC(Ks<7-8ZqV(0zW!tZdvW@7?bZ3BNPD9qO1i11l=CDL7Dq3EhU8% zCKU?vmR}I7BBl~cQ(<8cWFE@{{*MA6o%Ut@&Pn0fZGBM*b#ZjUWA9kiu)$3b^8Z0P>}KEQZv<)CfCoN9T;lXtT2A()35Z2c|JU4KAvS{$ZOh-y8`*|`f-iA>+YG2aMMV3CMTK>d^s z8zGz{U_~P`+T`NZ&U{YxsKt|A#P?s~4m-I>n zJ>dRQ&_m;*;YtinGD)YQQ;w)guVj!>9-{A{iX*mUF?bZ!c>2gmv4_8fWN{WS3s!cgd29XZn%O^;>n zANF9{pMyOZI|M4?fbG7~G@s=!2Is!EcHPbUJ%5>bD1S|}Xd-Ndt6uMW>U{ddA%8;l z;+V}m817g}$w+Ibs)kqcj0a#>TW#H19JAM2iGIUGWaK_~U3fgb4mW<4tkrdSjv2PDj#Y9WV>PL&EOZ+tc=H#U#{1(2i)gzHm063>X6SIF zO$1bFE0hAd(4Jbjy81@78$iHcEC2W;S;KTP#%Vm4*eV9I_|+4JCfsv^0$H_a5ZwgR z)Uvozt!03P;AhX7WQmg{+!cAYXytfnS`=z3JhdKl3RUp$TTT_~U+gb6#Z8ewcoM>9 z=1cZdk`%JoGLUpFb(7VaMA#%ZuHAUgIEPiCy*^@=H|-aPe-%ZeT{)lW&969>3xD*d zc|uQS)TGiWP-75bM`kkPQ#7a!~f6jgT2R|h<)irNM6__T9T!76sbj|{)t)083k|( zNRZry9i#u;9;dkYDhg+U#exm4>eLi=$CPXev?k+%0<15uPJQ7VpoNA&c$xzXL+ePYNziuv`GqyZuQ*Mp zD&je#6R09#48e_Kze4?kA>Wfe@?HeJ`Q1-TvY#A5YZ))&&L336v)m0i$LFyMY~VK5 z2A?6Kk%)^|e7;uAQM^jz{ z#X~jD8t1gw6K6^sSq$NUEnSQ>yjHVf6%C+ccZ2y6=%0l^@c%@gU$i*gm_MroTroKb zHMJrJIx|f?t7JrlX?;B@kz_9DKLi51A({LJX?^4Xb+BjFf;^dWdXI;!5Fknl<==HU z_B!-%52gYDO>-cS{~cwiZZiBA9io?@=B@^|c{b&SV0c;w5p8=9cZHx(aK`# zghCWDL~Ub`TJ^p#1w@Dm%z-~IU(D?W1hD+-=A(o@c<}NiwW+e#G;6;1O#;p~(FU+G zLDuo>S4;0ne)0f)iU3H?lrPKH!HHEin+6J=?WBCmpd<#84`0V z%_ID*H-RigR#fIlh)bN4P@5jxV#saB;?VptkEiu@ZiL`(Tq;db zgx}hdhUsd^Vyu<4y-liECYo_1c)`R~mYGbZKz<3LP54AQA;6#R)o(oF0)s16G6j^I zV|NJNiNQs$&cm$w=E&MhNEe};){=;iIkQjv-XE;oIG>0O)-r}i=QzQMg$llCLvdch zyoh!looFRxt&__(i#HQt#C=6RU+YOoy+P;*NSnpe?6yx(ZfOyJvOq{05jsqO1S!|m zbr?{oUtrq?81A8~__naBXawaZ-OyFRfar0#j|CcAy#LcYOU~9wHJhO1nKxbL`*vV`FqOH_KLuiBZo+`T{o~V!`+NRg7(4%Qc4U!llLjcFE`-Dn-dhhv zvw|5mNJF9-o1eLfmPAcmP!cL;FlUJ@=<|_D9|#SQHPixQ^wHhP#nT-pX>O6ViP(^W znAO=HM@-Tzx-!*y_5x0RH9V2&%4Pq4D>^iyK{3ews|E&WpUkX(gkDK`I@tTtqNew$gJ#L5OPo)l~|LWn%a{|d+RdHRMoxz=;WPBs1SseV}* z0km)2E=C~PN2)Io&wF#MJFDlIWF}7z?>-wZ_W09P_E{gtCAoMEToWrQsBL_WtLdduINGinx?0rri5i7 zQFykuQU(Sr^y!Pw6_CGZ%Hg?bPfA!Dzx4CxkL;MyS^%MLGi3%nTOJ6}i!3_}-H44$ z^YjACGCPYbU5TB2<85lXe{?5iIk$TK*}gS-J&Z%q|S zIe1a9kOfwvORaMP*j+I0+%K-eR>p`VBW~P`fTkB^^^ywr?l(&wOYl(4j0AUH1-It| zw|=&@2qhT%MHF-3#DMvy#1$6nl3}z&Q=u=q>2Mc_$J;#hj91e(3PMLek|Upi5(q~o zvfHU>iFtJ7TwB$S!B=EqNM8XoqYKQ@SG^wdNPe>)#O<$Uz*?d=J940`$f%2X#Ztn6 zuscZ(mpjp0-U$V?N{1b$7X|hri{MbSbCwG`H>a~3HCb@BZdjzu zMxmSSo!sm~6{33Z5^#9vCCNb@@yAe19z$T0v$)J&vCEkr$hK4f!fbS-*V_xCbk$h_B+7g2Z(g264s?{|BZ> z`(nEh{OCy&&cuwNJbe8p6VGF=AtCL??+^YNN2Z!y%-lu|pO$9|*k2lA-sTEWp;(n{%ppx0SkBOW2CVPHg=#bt!XmBar?;hw~Qn-KrKQa zEY|ohppK}xC8HGw2rNi^YDKuf>R~}J=Nt*tW_RUD@82d8m2#eQNxtR^k&8KxuO8(~ zOrWZjzYtL%g#HL3Z7^lwHCW1tNri%B#mqD%7XSy+bUQ+xUa9Z0>Z}87zJz3Oe|Zx~ z7v?vnCzU{`p>)}h=0&2#$5-V=%P%v-^ zs0F!d^!Zjs^m9cC&V$!QF@6(|)o86m+000ZRfA(+viNK+t7(~3tSmc05o?JT)Roc^ zKVeqhA52J{qF9lFI9^7e#PbY$v38j^HumsRsnvQ-6*?{V?E2s;aMXL|*K00M_u#xX zi+<;0)uQ!x7uVLv(5Lh{7C8kQgIFFDz$8zyZS=Y5O8PcJWs`(UlWlWeu#IfZfI`jV zswKYA9mO9czcbaC7m8EklJ*xy1C~8BhVHOQm($T6vy3^IHboP8qJALxA0V$R!1Vm` zq;ewr;kAnGL*|nelE*W}u+mw3+@4`F-A&4$@CrPnp3KNV1V6IYo--mLz?{~)tCJ~H ztN1m1Ll^OI*)2;x+Dk9@(7GPNZgI+~?B=Hgao8zq7P!FRrCgFnaC5D)cr`PgJpaxB zFfD$otBFes@yYDe5}Z$CYA5A6dR43B}IrfG&wFuxQttZ+H#*i3E~l>z}Q#S)S)nj2}JPfoF6L<+WZy z!2PLR&CY-=_LJ<>^To#5eOfh7ZlMT2zMu#rf1C~jKyt=Fxb`yXmO4_ymWj|8MLNj2 zXJAJVeI$WPhI0$V-47xwtVB8zNGlDzhC)_aJ@1!r`uf? z3W-@k!3RV?W-a0j_8`(a$xWJl%92L>;aicF+rV|kxpsO+)DCLVlWUC3W!_`b7sVdI z(rX_>qIA(^A{9q8#m>xFMpnYYGX`1+AMmg3T63QYE|3?)b6D!jPs(gVs9X*`ZM1y>tfz_0~C<3_pGwo1BK4IM+cX4KX=gl)!!$T^-mq;jd za=72tm!8U61x4}Y%dWs>t(N`-@sa2W(7$|BG(*Sv5j}|;2$9>f9W1Uxwa8!VA!jND zmL`3d@M9-nl)Qz8NE{TrNpVD>Q8g>#I5QYT!o#Vck@a&}$=ImNm(O7QRrEjH4fvzc z`igIf-IC{oAN}D>tgZc@6pltkr+ggo4nc~1Mgthu@_X(@0|_z}BQx|2w={>d;YfbP zz>uJE?6%!lYj9iz6u5ipNNvAY2n6Qi)^myD>~k+@w60qZmsW|DzFsmFb%;P$2Ouz& zV;i^ES7wVR(R%@HK$Ob)^gaQK!HLy>s0Fl64DFWAJ@y2c&p(=7H$~BelM4LAj;F?1 zd^WpbpiT39)^ii8tEv0UHi4adS9NVj8_x~l=yOh>|3l$uCy6e4n=2}*#^QM#q-Zg#vxGHYmsSxgwA><>C&FMUUsAB~R~<`V?cMtk9cuGv z_@3=urjbwcqVmiS1l4JN&zQ2}I>GLgMwKVI$?W)@gi0z>pVDBkyQ` zTpRF~_?VGHjI$E#0(REd%4^wI_AKySd9=5)3Hj8bcw`(^m6$(E_3bS4Nt=-M@%D6B zZ)(U@%zeiSzg2k)@|7|8lNc0sX(?Cl~j)8Yhc-z+)pyNs)m$ zx`W1(c;nOja=!)SrYi*etQYe2R5OY(A~}jjE{qrj-N@C++dta=A+Wu}`d6O_{#s9D))<>yW_E){fq=csg@h^iLUs?CY+PWKwDkv1N*J2$Kh9l=*re3U8-sN& z0_`>&$70v&+#=_i^4eigfOpIWcB&9VU62PD5 ze<>14E@nquv%3^3(j;Fq?q@!<$ep;*J=j(t!=-6iA#K7Eq?wVdU#$?U3gIP3uH#X@ zDd{i+`;=O*QxUtX^kF(}Dap4dz&7om#kCu&jaLUv@kfs-N8z}fjoK;KoEG)~6Tc`p zd#|ifx^MMaH}K&I zucxB_G$?4hzF278VI~&K`c=P=D^^$pg^zC`Ky5Qxf?UR%qpp{BuC4jGcI>{Pg z!;DdXOz-vSj#d@xMEy;CV$FvaZ|QYmebnbgSz!;c>thS67RNq#ETD)TR*+CiEHD*a zK%ClKA5@Sg4Nmvz&(E@#J{eFYqDK6O-xuj4G6m{>{0U|YgFp3h)F zsk=6|6S(aWFjaz>=wyz>7Ib3ilbQI z6pG2qVSW+ePjd+!@jD&zSgQXN20O8iP={IBb$4zZcet}a+8kyIg7m?5>AK^>!&sM= z@&dd+4!qz`5DR#08K6C_=?)M-m;22Q%tRTCVM6m|`EbvHbwLyp% z+`=l?SO~wKO*aBJOzkSvI5L258(`%@9HBO7lDb5c?O)IKk4*)-F)riW8YJ-HZ}Baf z$c5f3*d4^-m|ZIC&W?xyETi-UYi|+ZA(Hk(^T7tJM{>TI8)0F^&W7)mSJf8i3QSU+ zmWAKdXcaxd_rnVO&xjk^Q_qX` zNGQOA`^0@RKeL8INGSJEz1q0*Nf0yV;A&?~T-7e6G&`Yq=E?c+h~W7SH|b(=_mNgo z85L`(APHUbuDGMGSwL!lPsT91h=gi2Br8T1-E8mDNg5$Zr7HB1AfD_@8$^9p|8+#%bmq6wm9>#uzD*O@w3L8Qfj--<%J6Uay_bLsl<&V8f>7Zo}me z?6uLFbA!<`B)Lnco}S64bvlJ(L6uY=vw1E{#N2QaN<}wQ@ewzwRrfWU;Bz;@7F%Na zVN^gg>y2qXJ=Q8VByjxemI46Q)Xac#k$!6XXIsZgIZDO{U^sFAv~XpTn-0GfxY5LnW1l6H{Rj^kL;pu?}~RyuuO5G z#srS7@{u39aAlk(-;#PI3l~UG#KDIxhu^6^2FqIa{uw|^1O7x_ksch4hb%G*_hZW~FywMfz(RG#X(&*=ZAE@J%-( zjvzT_!oRJZ(tAyte>Io9ewX{<5DS-4thQ~Vxb{XR33aXU$p&y!7RdCG{2c_uC(-y~ zs9~>hs+MMqe2TQ@!cFJL&SiA~CpQC@IyGHIw}DUQ{&)-uwYdlgDdQqyB+p+H0VFbt z=@{6S%kB|2Yv|AwxzG;H|CKb>4o;n$bUcQbZeZ>qLC_Z)q}siA}5Sc4{`SN+#C9hHJN=Rfad!7MH&;Y;}JV2z!uREm4|F zME;>?mIR;_U&qD`8jFxY2`BEGL|#RL6Gu444Vtp4|26ol0gNSKl1J+$pzJd@ujsT; z+lyP&@WX6Lx@?<&X>B!~rS$&RLzRZ~W4$i|1bz?#aGfg1F{zUT5AlIV3#I{@5sLVa z>u;Q!%mu2tac&r^D13F6qrkK3LVI+-r5l_X0hjspp-4Oc6%fF|Y^E>txZ z`}_Rgrq+(wN&W(v%SV9{Cmz7E4FYaAHDu9~N!Z^Bw9y|2p+Zz0rGyW2S`DKB09>Be zb^gWm@E|1%6Y*-#CXVyVi6f&Nbq-B{hgwh$0^6*gfV) z8?ZJSOt=ri!q;Npdc55>kna~BJnG;%S>9d3@2&marLU6c%eq?Il^w3ZP3?Y{m#4la z@-g*j)otUJ?ed#ZF|nBX?60ENFEGZ0&bbnJ{c{AlaX`#1#UdG_SJ|ld7 zHgt~_aXKq^o+YR*u99BdVne9TCsIX#-(seB%L7pHf*PZs!&k%2TYZ>83({*gJYq zsjRY<#`OG5i_fi0pWx8^WvUkvb-$`X=Zv)I)SR;Zoh~Z6FLPr!i~S{evc4we2$q|A z$*=n?mdALvt-ed9*r($7skujEI zz|vBN!9l6(VLq$1Jd4sXzLpZZbE_cPx?r@NCam~;M97nq*`&E*Tu-ZEO)hAKa&v3+ zXCzdEgBS~XkCw)wm|5GWe2felu@$R3lw&CX%S3<*2c5gemnn3Rp(+B-6F90~b@H~4 zHfDRsc%isen9&%88kHXT&$?)XxrEz*i|g~tCQz%s*PoBVyte9u*$+?WPcvig(^D~8 zz&)mrNS;K6ft&A-!JJPgv(33PLeYfL!!p3eOA#9Y`-kZqGP~Q`ZCg3m0Rub%ZZbCD z1Kprm<+B`QYRaJO&fxB4YQ?`+pFo1QS9>n`b$DMj1~UafK^Z5pnL23{(Ld%;p0#4Q zqgW`a?;q3QUg#TB^&Q-36TEkXf!6}wcke~VX6hJ76)zPxQ_$pvjVOKW2|<4vDot}} zNd;AKjXne>i9(r=Z&?ao1l+p;?~$ogS7v=*Vsl~sjRxKJ#1x`{tNiLsR#^ZB5OZ!o zuN$ss)aPesp$e!2m5?s*cogHOBsD50xVu^_I)Uf3j6=l70Xgj!`WK6?6#}zrm$r@& zeV_?>RBJ?eiAhHIGRoVWoRYVFCQ%`g=ELC5i?`gh6Pb9pp=K0dniHD|S*umq5@KZo z9w|%(^1RVHvIxQO7qxc4+ za;Dvy4}Xeles8IArlrFr(XI@CrU~D(oJU}CeLTXG0V-iOhTblrZOFCl)sbhH#;faE zs`|rkefK2e%#3I58cmI_UgN`%6`1_9lYQ3^BL^tXxwPmxI&BPq(}@u~3LYbk^(>OJwnx&f72O?C=L^?xA z)Raw5FIv@J?u+fLI z$-LYCs?0!RpiQ^8T0y~}%ECPMGPJk&%)B{gOL+Yu*D>B$)5}u1{(5#RH9pRLd(B*@ z@2FAE!blpqo$4O*$5=6Ylo#M**l5>)p+CVP=_AzLF}O4nJYZ=?QNm+LkLx32WtX`M z!Iy^N2zr&$05;82T2{1;IQ-a;6UPgy&_9gF9ABHCUs!>noxFwXsME9R`(pA}WOCf@ z(~suED$1E&ZC)BS6HWAj;9=xUS)6+%8L` zVwAN6V^b?peJ^H^x7!gqs-5`l0CK8YI`T12aAR?9DRY4=49|)ndfr&4v=Z}oJv~n4 z;DrS(^2T$Ft%sAw_!&??s{c$9IRX`=8V_4Yr_jGnBr2J{YawWtv}|-vWP$y!uZ^3I zsK;xAj>``>5 z7^0+V4nBdQmv4AP#Bz(!5~ne;_>XGD1nnT$>m*^rehj!MzZk)%SWj3snypOpQt_^; z-2;F&>-z_~HsF#X(4-J>N}3;t(L(12OXFAsyoi@sJ72}4`olz^mAV~c%ujk2aa10Y7Inb8!D;4~ zT{Usf>jtXWfadVB2b+T5d75%A>ZpZJf6_YlDLJxwyo^dgv4~_0bf3yhEQ}>Hp=7v+ z#%!K@hgtIWzpPHY%YOp&+Xx>}idhtMV+vUesJH)AwVX#N=xpJEINHerE zB{SjCiOW;k?1)RiEV}v2e?cdy{{a6Gt+$8hN#M~Q@3&iD3Q8Y>o~&D2ZA(DH8Hf2$ zvD;gy;VO|hh58PWpsqsyc>N-@u4b^T5arQ2lBY~nGq)bW3ZSwN4Jm<>&|GhJ=Fe;R zkKy?K>Wz@dbgOyfCkAVsYXJjmtumx+xZ~@oG8>B(a_S5@mH|89c*d^5(}@vBx87J! z$f6}pA2#JxG!$2s2$~#wet1=Psdw+E#2Pfq3Xsy*x(9`cI%-{Ww=53bR7|nw)Cx6Q ziUT9-2Y9qgkGqLDs2b9JBxIUQq<7aEA>nmYbTGoZ_r}G;Ipz=Zk^rsk%U_Fn5A)m! zhE3MF_#OKKC?~Oas>iKiI(VuW4P(D#rhtQWv1zk&d>mYmHtx}F9aTbH?bzj&Qi6Jw z$)cp%37l>XCTR{YlEP?^Qel!B$yA6Mk;aNy0BKgMIt&4MLB0R<*JT_=J?kwY?bpP{ z{;}SUz{)hY8Ju$!xXrPT9o6gv*UE6+NXHUg^;73~Qr$49%bDNx|(#4Gi4f<|L62*$Dr0wv$qO5E% zYK1>(bn?OrVtn#=uxL3?(rVvof`OcfBtkA(1E(#-S7j&M9}5ImcsM#f+@YCvO_%|a zu^3R&7-10r42`fL+`do~F@MQH7!?)gsQg&ZbLKoDWGzHo)IUc5YiW=U#b7^PPCxna za-wPbqyz+e0e>qM=)>oF7TVLVT-s%!ibx;X0zAX0$6Z}luLqKawbtkfgdIF7T#!vrM- ze2jS*Hdqm>7G~F(Apa9;W(x7%$YOLRk?Mc?WZXS+@2^RVaR@X@&TvjU@MT z#u%M@WnA-KbXtc?IDS#7-LP?Sckblbixj8)#LV{nx{G&fOkvcBm6H%K-tNo%Py&;H z$18Q?N2-A0#)|t&$(<;;_+2cxj5ZO$f{G)qi5xh1`pQW(*#9A$r-#-8e(gE z{z^a@_Z_w>#5w~U#(pz^Aiv2OOe&QB*JgdRIyvzN?@fTN;BOR*fy`Q;VY5Gb$G3jK z4TZUdcpG45M0hucx#&PT{ruolh$2?lC{aGes&c#^biDF2l?8^tkK5c=Q&o+*=<~32 zJSobL)e`7nSb8O;{z8VH<>jqGyagr`B6y@fi`p}Z?o*!<_Qe38PUVis%6pxMGr7|n z0VRA+MraUntQQ&kv57`j)goaCh7&ft(Vv#pTTTHIQH`S=<_$yKIkVtZkP+*@np}SH zaPQ+`H?C}Bz5cR699eQf4+hnBR7;CMih+?ShmN>K{++93%~RkIrEvs|ri*K`{~VUW zUtK%XtdryheZ&utr$Az?w$?G6Z1x@fh;vE2Q7Of6_yw_0;pG0%i~XRh)c2@hf1`2W zAzf__LckxJ|Lv$S=#38TxHD4%k1oh7j?9ipJo8zy=K?wVSzuDyway=1JeQNjlJYU` zt!L*6*yW~L=q#;n_fBI3%5;aRx|CQ5P?0%**8xl|O)6;n(mFgU*bZhx*p6>*Z6?0! zKJD!yLaN>QIpe7W(A+oe&Z9d^4;)6a1V-s3$zVQ1Sm^G6-~x5p96@Xhb;1;XEQhDB zr%}2EtSZE)_jxzktJ+Zgg+6%ase-fX_-Zs-Zu#arDm`{-)Oa)EV3&Dc>_PrHlo19% zPd9(1hQbtGn1W^;N*qiG72-5nkfM?@MoMADY49iGoPSK9i1@-Vhhiea`$%mcPGkei z3eMroV@U`Pdx@!-x>%pBYa`(jcw(Uj`N^*uaxXuJ-3bCPw_ZSq{tUCM2Sf9HpED6V za7eHEVRV8!f$9hZ>of7!bq8Aj2Oe3gM};#-ynfOF%n`pl1*-14!1t*vx@j*@4aZOW z2f!CN1#d(MP%8GAOF0f%#2iN+ruA@&YuWis(T~ zBA10tPar8|_gT*PYxVcr3JQNuX61zaJ{jjy(g=FzO3+7ILvVoY029-BnX+nNfr2Bm zE|RwU)bQrX^4JZJlqRo&Pm^qT!JBYbQGzCi<$TZ&&*%=DbK~g9giw#Nn>#Gh+ZLM^piXqDJGJSCBQfC zK&n2~D7)WS(9D3ZN26NoG@rvN{^_iKsil~4Y~FgJYAM{=p@;VBq)oEhQv1PuL+hPS zr^SS(-!O{wt*8=(mV~lLknRhcykDi{N&(h(dOQh+3K8z?526^9 ze>^pBJVGLkpON6lSA6}FYn=Xd<^m0ulzEewVouY5;7n>&&G~{O`J;$$(=IDEw9;8| z;ft`$tHJg;W~9rO$Ee-2ZhEcjjh039&b1;mgLyZa8Vu*m9W)^*v)#wP;E9!}lxSk}h6dGIKw6f0dMl4D-|^!NZdN)1piDdWUb^ zk!f|09)!yv9UUgs!%d%{_#$L~06T0NQaHlpmm?T*+Q13jvfu3I9cz%u;GQawDB1Or zm_D|^2wbc3OJb%kg-;{EBQ;N{HdyO$`UH2#Wl|Hsochv(Tm-NtqswXxCI zP8vIDtTs*>yHW4hw$<3SZQC{)JN=%d@9+Ej+3R{{XV08Dv%9l5CKP(hSK*`g6X+8` zA%s=`pCA;NANT79s7%~+rupKzTE~C7BrK%gCZ8drI1jv>`*HweXdil8@ACZUS_n=X z-1bQMlW$#_{2#9eA@;?Iy|UJ-bNF2H#7BefQa1%?QpivuP)h+WVhuXTv`%N#NFa5EStB z!=4>R!3FsTRlfsHc9>_%wAD-49J*5R&f*Jss}@xwEDj-ceXyVeK2%Z*{o+(+6+{YSV z7pD?*e*b}z?%$p7X$>BBsKA2%L33QEdm04IuOMiGSLqd^{!h2nw=+Xwc+3ZmXE@m^@Rjs=2Yayao7#Z?_?*-sf>0^isnfiMZJ+i(mzC9 z(v((4eP?_O#dG}FW_vuyA&$2+(5cY2o;$?$Mpkw>IXiZ@* zglMZvS6}V$i*=_uv9mK28LIea%P!&T<=@|#7RTtwDd)Y+8eEqN)V8uO*$=Si<&Wau zZ}Wq4#Nj%>AMNN=zFvR|tq^29(WbnlJnp~y<3P7$shr@;|DWmSWBp}x*Le~H#VYI} zcCG_f4PcR0eb~(hS4oN-KpXZ!%p$d;8%%oJwiReOpR5fPpMa* z;?Tyx^oMXK%-2j0_4^u@$%-U#u|)?P2yKVRGwG0F@fGPR8m-Cng^xoDFdYRz2Qe4K zq~J@|n4**DP}$(Ox5?fIcL_+o^xwK2%Q{-TYZR7lIGpBy?^lHc;jlwB#1JL`Hjva( zxR6wkY5+cFGlKr45R-FRWgYrH=zlm|)^Y2(az6j?io-gXlZk!&ZA)&_4GD|WP$zpx z7V1*MuJ$Z6XW&vW`|ulS0Vma{iJy@N!g5u-2EnF|W<}1yGhg(1+-@T40^hfpdlwSN zl5b9bz*Dj`Gto#PU1-UjJk|?+1VFN$%QI}QZ0I~&NfavoDG6X{EfY{_T{3n;S5o*T z?9a4Tjx}mkTGy|QFmWpLEg<~veGD{bAV_3$aRlmW0J&f^;N7VapCTEg6cnb=l}&LW zp-Qbksk`Fl5mKQ2mxmM zPd(DQ$g8835^T)qBXQ8*Q9kej)kOA8+T{^rU;jFD`MLDa#c80>PgOna#Gk&YIqik}`XPo#J`v zS5q}pnKODB;~<06Z<OZ|KFt!Sx^Egp_A%j5BM7RM|sR}|L8F6+5Ol-YsD9th;>+ht}NpJ`!O z*>_Q1eXW?2hnF7P?^G@~bgSrgPOEgz7X00+8b*!|$Dj7HjoC#!U*f8$es&?sP}i!n z`{2+ld!_Kal8AMiI$0K*ZOEOb2r7}O-$l${q)Q|UsY+_;plgzk)H_yUy>V2A z9%f#drHXf90!HNK@^iW~Cfew(M&U#jil6tBQ2NX%SN2%xAU!CEjHB;;8T{7H|EBkz zAwvE2}!>M@kM+Z7%}ozTFdaqW9a4 z{=1VI3r1RyjXZPn`ij*UKqcAYhD`VXi_`p*{mr&WN}m4gg4n!njJ{L z?R0QV*N!~^9RQAzGq2z+1h6-@N{*yi0Mz?&SO;IKkd4MEp(Pw4x1n4@)Z7iFFE~r1-kC)43 z?>bRB>q`hqlHj12EN}i|sK2Dwz8pjoa2yh!f?Y)r5DeDoR9V_7R}GV>d6EJ*?`7{j z$o0k!TVx7wksMf$&m92EV&rJAZg7o+jSE~F=(Z5<2rX2aNdHZnHT&XkZQnLhzO%bI zYzir9WiMgw2b{!+%FIwiM*emDP~8+k{hEouA3D8s4&$Y_8Zp5@Nxc z&#G;zUpp2F=5?W}He{7Y^3_uLEyGN1f6_XJFTwAS{hha5ryB_8Rv_y7u_mAaYREEy z%eF!j&PEh!ErEq-EeZJj>4U;BYA`W6bJ8@nCe39cu!Vbrl-=X`+N-$8POqVL(`;e` zTElWHe0MaMzJSkvb=BhgPbz_#W4Ucheeov;D>OtA+3ASce|5E!~(drKBf2m%ynB7Uj(}`(% z_WqDbzpz|(>20{X;a$&V9R+`}^*YTzTUk-NZlTKgA2^~^SfH*|0 zNzjmx|9`~Wu@FoEVyIs!ns^(-62gIZX68_aeb~>t_Mc_V@qY}Uk@ux5wbTQ4DtpQ>6>%Qfu^xDoq zcY11*!zU9OYFQvRTjs!Zv?nF@JW|8D^>D!oS<-EELHbwSFCRM>w4bt)%A$CVdCbNzs%*u zm|pzMbrwz;_ecm_Db^apMib7!xN=WRZgWSI6ky9`Zjmw>SHQ5E2Fr6lxk5Hu5~w~4 zDWqbc)f>~kr5l(lu{#<50vCh#RUwwyLNV;YZY8cCwd2xidN*5jap0oazNe*h-i&{1 zwUICBo~Q1EuqM-WU=I8Y&o{@~D~ai7xi;YH9ber-8#TZTai6?k@It=atM!Dn-^ILB z31Bhp5$1sUCzxPzzV7(xkun9LqH&58^iyT2=W-`&4iy@`{rr{>hn=y1+HfV8@sfC- zW`-|ixvnTJ6{#3H=;7it*5(DV1jbx2?J}Kq{-*g`mz=|)CTJsiSFRG$EG zIBH=@d39B^--6L7246-x+TG`UM5NTJD}$i>4@49!T5pOYro6KcMP*Tb0l!amqLVZO z*qHMz=BF&*L33l!+~D37zzVUj(%8@6vhiXm8hb>Lc0H^s*7+#d6c^7mD>n7y)!FB@ ztWv0=;SJZoHQ<{KeUP()ZXnH>!cHk&Q&!BZ`Pl-1EXb^%R<$>G6e9G}SH zE-yMrtBHak?hSGhJ{)Rnk@4>zzt|((ke>UhN5CG|z^*X3DpOMyzW`dnrJD=0_iZTj zA#!X@ldJ58QTSLsIuT^>!I&km%cmH9g-4eN63qg`B?)^JR-&*1>094$u6bKtw_h8 zOiy>XkP@~iA;&QV0w?N!F4}8Wi+Xj@sPiAv6^=b@Qp8_$_{b|#pB40Hotd=l$QdBH zxZ2F`Ib=jNu$M0wyA6$at0()IPnB3lqVu>EgeQyvC4c37^=Qws%IE2W)CPVRuVK-2 z)@{!;)g89Z!?BwE268v)$umW3_(^=-iL4Kv+>XPPMri(1<+NzP41CN^wg3^(gA-_* zv^(3o?d>VU0aXxQZesWWX?;5QdEV_ry`uo;?*vjFzIV5&UYATF*c?oCsbh0dbeg1O zE=N5us?He}RS#2=C8|Da3cU#1>K^XDF&w?&k$%x-6HBm`3caboZ>|Yj`?0A7@6ssm zVNQEja@J3rJbDubp}!jM6sxz(Q7e`SwupZ&OUik5a-sCz3yqV<(TrguD83S!Py+SU zquDftuZu2}KmW+>()X=sr0>bSb#=Q3 z8kR*X%G!zTlUFhKt9gWI;DcX?nx0!}w*?uzKvs@7jOP>?6r-0Uq-GO;s>!MFd749>|3eGM@FiT^jTV@n} z&<%vqWgk2hRv11bpp)gV4rP@jJ;YX zcnXE>&gb3kux^m$KDRh!gX;+KDf_x(pzKGN>Imvn^4bXEn3^8R2)HuTXR{S8)_A5L zg;F$icfctu?_mu*8zREe0#eT$Gm;5*2Bf$L-N3iTm<#CKAvD$6SzySG+B2&<{J1wt&eq_eeR(rWlc|l z_Md#TpYb&xo6&Mhn%-5F;A|(=B5&84PC#nTmF3wl;aS&SpEN#*<*F}Njd0P=CSRk$ zcDOmdXmVSzF~c&gzhWOZB6kD{-Q5yZA_&qDs#pB#E9%L6MHRFr8~~Ej`X8M{nnHi! z$JM$UHnFyJ=NZoElL;;Si7ivb5;jH}(YA`;-HrDIG54F9yQgE;ms6}q#eeG@VPd}B zL_18*Q%5s~Ix)wUE9=Q?W~_J*tF51P_C6f zPoy!hi$o)M0^ebo7X?7XA{d0FFn$#z=!F_09)Qr@(gYhw2az@4u@0dr$l!xxk?~(z zfPBWb*kIPLZn!=N>j-3@f#AL`ynS-I#82WvY;6CC9Kx`C$GrF6M~8!47lt#zY!^7+ z<`p_+E4X<doDFEreOeHgg8i-Gu z1rPiec=N`hO;UQAYXcrrQ{7XEadk zXUhiR%7LYyrUJ?{jSNu*7)aoN^4?MC&yu#&uKV{fz6+N47)PF!bB0Zxuk1nn=y&4gC1Z3apoK{KCxl3_3gqtgtip(%Mi!713r37HqA*y9ZpgUi z4<#6S2|wS~<-;yt?IS`{Wb!WdmrvcFM6}iAhdY5BebgD+hZFq@!@gu2%lH9m6U)e4 zQFKe(qa^S=Gu^ay`7*b)NG2}AMSdkxu+uuR&AQ*ww&_att6}L3Ya_;RoEQY1M;9vs z*LxcFzNE}OA5H;x+wWou_vKW3*CyOI0Iz&r-U0oI%)9_nZmO^BA`Xx~$Ry%CYAcM5 zprAp{IY=}7+(}wCw5&r(?qh2FKTu9TnHX;{|4w}cC2JqyY|^ouAo*X(E(-XkLpz5^ zKAKGGWAD__XuQZ?bej_^^GMN=>koOGMr-u|OAOC4$5cJ;!>qkiO~%(Mk?C9j(NP@sK3Lu7`Zeb4mwmml_VZQaRor%aUimj2 z_d%wMhXgLD>Jv#+HrgPp5oOU2T?r28_!|xE-S*rMz6UOE5mB5^piS>)WY1g2$EPyQ z7(ik&sg4*rK{^l`!YWJ z;6v+4NS`F$N?uJ3wtHj!$Q2HzW%g>$4Gu%km_Dydw`r-=ImAr5*@W>IQ*O*JQ|DBj z3k+K*??GulLEqC<1BOLJM5QmF+t3$2MTK$*{6*_1Bjm@s0Nq{!O5k7Gf2YUa`|WNR z8?bbD^O$GszvXXvIDD+xMzU5V2DKk8p73u!2GQRy(Bx`p{aWc$_Von+^u-nThM~nd zz>{UlH5BcK7hETw_2TU~QsIV7@-VlhC9k=1N!xfXslPgSHsNE}=V81nH3xiaSM5{6 z{1=eyM8~B6p$R11vbxo!gUjf45>kR>yh+>-zsvFrw4kFb(EBMEO5-eIR3%YN1K!Pa zC&#g<XT%*~cYiVcen&;ZMpD8lX!NmeS_?#Rk*mvVHf1A2vvpwQB742crFY->55M0H=X-11da+EQ;&fd3Z14D}iTQuj7rIG83) z&hY1yTR)$G^-%?B!KO0|pMbym1|7w^Tac1Fz+XbqKzHD{K^J@1 z(eu9ra=X}a+%WDvu|3-ImOD)*eunPgEygkTS(;>%k6(z(AJH_VC(O6=7%l@Wa~X$8A~~tLJdQZS${LoXqc_i8HYhpp za5)y(55dWya?3Xc-m?J~B7ECRFKcp2a7<;UqN)>BIten?E2bRh2-fxwq%~EF>l;gl2AMR7h&nFq?3FuWi+?{iD`` z=@IrNp(JC0&(hhK>X)OGw5@cJ$gi0lBcoP@=0&AjeXVQ(hPzpIw?2^T#D58b#+PRG zLxw(9$vl4t(M|%rkY3CqhSb%5uEfi9a`jkc7qZ5(ibfUZm|;Ba0w5Q z%FoX5w^3ZoZbH2d<*-IqqvVU6yY~Z zCVyOG)_vi|DL;;Y24Ik1Jarc{eoSiL1QaGMI6x|iehwsdpe(?s#tV_wo`n4&mxFZh z@!oIDMWK#yY1hDYJ~=LF!LrbVbQ(zBv$8Of`1<3{ZU0Ak!22c2|5{dw{^GG8@y~cHJhWty?1}@2j zEqq|^S4s-yprl;ttUUNqJ?`PIZTbJ{k;`A(@=wG4nfMPWV3+vPQv#v~4pfHpCz>6(DZITN8@5Dfgy{^^T)|6+_64OQC-{ul*;Q>W^;YjlAA*75xf>7*T?Hs*xCcg60zqwIE1wDs8K#Slqe)#dMOmjl0zZyd_RDM z?GoHqA;H%Tj(J&rNy=YFG4h~AEKd#V==H3{Jep1~CUFm)XsTKh1(|ffN%s zo{E|Jn1Ut~z>gY;`J>GadB3ArI-P6-y5*>nN$^#A!Hv7lS3O>D@fNBBbQ#d^8uL); zPFA`L#nji8cX?}m%%dUiYP{J;o`>iic3_2u>Peb^)y@`2U-?SYs*b?SmDJMzC^?sm_C)X!qv)DAkPaIPj{7rW%jdr-?dAAQ2(Ih zAfuq53>jG|sgP6&Kf!`{Uqx;0=}E$punO~^gwGfZU-btu(HMw{G6osv&zO82Zr135 z6A`)&Ca$%kze3QqC-0rl8K`GfTCm?YRP|2C`uFt;3NT)j18#m|O1AChJZ%KE zy~}j0I(V19nLoh4i$;kxEmuj^$rAn2Png}mq^{q1Zmbr4^9^B>X3wVIU%rgK9{{!0 zX1ogT$Ky_6p<_byT{Ne6m4t%oxIF>uq{7ZR@sz=LiUnU)pbJ{Eq5J}U{^{jNxTZ*g zNCp=pVIdU2{YiIDpFvD0Wj&z(ib}c(gYZ&Gg1xL(K@s;_sds6A{-7W>vxy{TqCqnr zHh=IQMI+cz+t5GzR5ze3-gNddbF8Z#mR#h4$Jm%l&0bsaA8XmJXJWuEM*B%xSDon4 z{_LCM-3j=y{`*}UmB8}>(8M^QI#6~};5!Q=G`A3xIsAWPo0$cWOoLj&mJ55vD{E*PAx z47x4w$maF{C6SOj3Y;Kxp)aSxMh-~d--i6#z)jfegAYl=p&9=|U}oElcR8vDmA2?0 zHFl2Khn^**oG>wpl|EV4ue9KkAr-Lz`s;lnB|{TYQ-tU zA?gq0ZXj?K|EOG*dp3fhB5^Vzw4A+dBE|)tPmV01Vf51(f3)o-x3Wgorr)r4oZys$RgUaL zmz&{Eteqt9P!{VyZZS(oT{uUaYM(nuC}up^eQwMSrbPCf05#X|Jzn6g6A0b9@?F8p z*?)(qCU(5@g;RWsqd_!|&+36VgGcqkq?C-3N1rZ1eL#L8J!mw?4UA~gKm_=ITjPI@ z#3F*ya0CZIk+eR?IDa$)d)#YGIuf6@iFNbE%NEs4Ya(p>A)AtIK!}CZ#h+GPgs&Vr z+Q-dk3CV1Z4DPM;MYr6009#@8n?$ByK!bU$K(ck@cTAPu6LmVo5Jl~s->mJwIH0 z>s_*ZKjPAI=->NfMrD)8L>wPf<`P;l;AOwf8TcpcEk8_{{(*kf(ZCP9 z&~i-;wOL&Kz810%`CBDp)@(_S35}$AX3QYltoUOQS)*xq<84AU*Xk8=x&4NOcKP}z zRova-yJlF+E<5c}#5ZxXDG6AGOXCx;mJrlWOyrE5^zL08C)$OgNN0n+Y6AQ$F$uNU z1lL=ZVKj*g*c}IP`C%_m3q^`P3M#EfAj^MD(SCP_W}0OznteXLhq$$ceSD!Ln6EX^ zhG~^^%}GCPt>E|_62s6<#q+WFuu&N2jYP=?p6fX?u7R6Bgk4*X<(^bbZ)Hx7$Ob3+ zdn$B0zxs1S%Fs&eNUyUKh|^xB_e&knx&8mcO8NQkeh^lOU$OFiE4Lp~J$sa|oO)7* z@}|S{>-9+hyxjMyAM5pXA%HferbGKnFQ8Q;+t41A^u>X92~0JwNPNCNYO+TPP_9+9 z`=-MI9qr(TnNTI9Xs-==RqwSt_0lI$^OQWTS~-(%aF!Aa>uZrIYef-PTpAN6@I(BUm#l}w`7wBzUqV2vu%4jL&_pveGoxgqsQtqs z1?{KGnqNE$N>%!f3h>2yNv4b(RSBwTrO5F!TxXm=34N5VODP1@l(<`(hilPKZCtol zgUH{7b1>-yTeelg$mQ;qO0^^gCjH;$T$`s>sRhn=wArQeCXv zK^*I%N?emgORK9nz3Bwp{MSw%tk+45Pxls=V%z{tu8+W8uf=E0t8eEryAPzw9gJ=K zw&ct+7ThY2g`ZVy*AffwcRsXj&xUGTL~ftjzdXQ1yn_`|Bfjd$J}XM(Iyg1-CKRVT zZmF1CRgj>>Py}(WUL)~KioA=pR2l6P^*b<`Vmr@q#4m|xhg16B^X%YSnNov$+>Q@y zOc+M;c$9#HqD&H*>ZiQfV7PLlZle)sxX;+C%%Bqlv~e=pf*&xg}NRK6LqMP!&fAXp)K3RPznQ;5|3kNb45LtEe$Gz2#z(+PtPRL zH$GT3Bo;+&-+W40Qt<}Uc*fyb!|<*d{6)?l3}+*S%ZlVNY(4GP36jBA0ZMoD79V&r zY*pVkt3|%H7m2(yYgjo2qn960fyew_ct0dV$P$aHfm}zON{9&2s2Rfww|nWeEvOL< zl!u_VETX?+ZADKX{!ln#pSL2I?n0Zk{GF5*Th;x|DxB%d zhFo)!mdVD(g-Uejt1bg~xsO5ER{;CQ3Bizvy(t5ht}-0RmtH!C@>LPyGEb9%uq&%S z6y+_64Yhmh8V_PbEKAE~2 z;3vH$RBI>q(>Orf^vbVD?8pHN`3CC{iEwGwvlFQ?=8J))yluc%7&(v%v?^?QJW+nB zR&S@GF43me3v)HAtiyaXjq*N%pZgjr)F^uik!7~_QXumczn0m>w@&U%KIQQbFh0~f znK`LqvjvmY^Fx!B5*04VI3*iW4Nw2F1}V98t5ARaiUPbb;P2W^LO=gbu%QlZTya}B z!I83z&TRV8$jz5f$MC9bfT^|#2D3-Ngqo
    i*wc{?VXvfvq4Nl-F~Qbq!IPWOY- z4v*uoGacCLD8JWfLhi%+H(=#PeHzyQq9Q_&Dp3iYs)@?vfFO z#d2h~w6fAT2PQ_pW0K!6FXhMb(t7Y-6iErYHopb*eA-knK0s;8u3=i0$v36VV9?f@ zAi23IYj8v`c7O|u8@}YQ8#l7P|G`yzGi>Fy8m8|fVL`A5RDSbr3ar?WdtzNqxr>%X zJ;lw;o}~#Ek&tAsD}$Ao+Kj>FJ+hV9R$x5_Tsn@r`yebEldAZ3x~=q z@Bzw;*6Wp(C`fM(BOrA~E}EC4VssS)c7Gc^^tsUf#~LpuS85%qxqY}vV+vRNZdR_o zT#(*D^FD|cM`WQn8;998_RwD|kIT%f?qbdkiw^XzlMk&^6pEUyKGTn4cg3-Fg*oByVY$kw(Mf1{#e&88gEfWQ2#;Bcep7xa;e3!n{7qqN(J zOGm}Krc&%R2>Y!ZGfY2n*lO`JCux)?qsE-A?NE6X2FFNC{ z!ntL!N9COst)qv{2YKrU3@~jMn0(clp(Kq)h^BXqCmY%Vq&q6CMj=F zjnFlw%^o*%cZU>np0w)aT$qY@y04GxZDq3OEE(6FaW)nR1Yen0u(V}v~z5>ZPq zZ(8P6Chf|~lK%U~d&Bi;E=@IXN{LG;>ZE4!YHly-GyeU`9P6hKrXJfCEu464!Qs+v z+*C#$zG`e%OV-2RwTLiNUW5gw3gwTw3y9Ys0$Mg8$zy+=h)+1;~?He~YsWr94Bq$g2H=Oi}jaMziT(t!4P>s z72)K{Z9_G8uPPzjeF`kNBP<`su^vy*Z6=iXLg@X*Re(FZQ1MljbE9{z3rFcB3dn>E zX6b942*GEB`|_9JLs{k6_cULNGe0O4K4?Pk!UXAp+TlN%K!c#2xs>GUtkc6fb;!vF z2YOBrkmy!y(H<*%Y9IPKmy(60cYyzI*+rQhCtLo|M4ze;@4+VFV23!7x&NrE@a_Op z!QLk*Br??I5tXy~dS&x0^eZ<7;r=w-^{ENNF#8g|lr@0I;zU6R=TiblKc@FkonqC94F)6)OB!CH$7?-h^6<>C!mK${{>o<>{s zf^71W{>u13?r0IcmW1l`5}xzI_D(z}N zu2tq^>Ds;Urcr*DsgIajuT!Y*%)x@R(H14OefC-WQ6YwId>U2h_&bS0KJfr4`20U0 zyHsIp`F=~p9@7K(#KxD}zfa?H^@8>=Fgc!YL75ZfE7s+}vvoS{uTOceO z)vN!$qrX`ZJhdzZ2X0+`gB=F?4YMqXFpJfj!7yogOTQz%0^#qF+Qa+6WW%S?;W4#S z=-2RCB&T(XH7pgSwPU61@&R4piXeB6&GSpV#~E4y{oo8*^r{l z`&i>x{gVUrY@s%WhHnJMAdoR-y(Ab6B{ZNXmgM!goBFP#!-N|Qv+C8kKWlp~TGVP)+bdi0 z2NWZ#ZNE&Cx``06D(~*b_@D+a{F_U4YP;+(<}X7%HjsF$z(7Ro6&`UFwx3z?bU>Wp ziY(kxQcF@PW1STdxxH!w7L7XVLTXbSft6@BaavSY*djo3=Dek-Z%$^O*O1@Zb5s45&t8IR(VD&8ti_LF5Yh3-MaRO zVvKgz4pJQjarZ@_;ZP%1B_T;KIjrbPX}NS%Fq(C?*R0d$gP?em)Oy#?s(!TsqS82P z=7bV4yl=Y7Nj-;}e^%-XSvZ~pJw~ahSG#Gim~WGB+Cn_<#G>p1iT}GKAW+<}x zQmpU&R!U4#PRRCwJj@01@Rjeozt_71(*9i#=X&2P_&<sahTi==eAgt8akmpx zM;?2b6hCPCPG?=bwo-EW6JK!aUFr+{gyOYptx z8a_=U?d+TvZ=bUL8*hNEz1X!jqNQSsw?0f>O=>1`-*!CK)SBy!cp49`XX7&aTBwO0&fXQY)~bm$s@u6IWb;i}*^w7dEev)&L3>>pWFpgBJA&lF({k_q%ly29yY4YsdJ zq_^5>Y-sXsGdPZpwsh|qJN%HGNhRUy~ zBHt3d`t|r6rGE|zsIocH+)be@{_x=MQ|`QLJ75I{iH45 z3B1$oMDQ@pyTlFt^yL>CCaHSy0mHq>7JSrO`G9)wu2oL#&C1F#M=;<&=VktFwryrI zgr$TuuYah8 zosd0x?{26;5qz(Po|QTp*feYbxaaEtl|@cPpEXNMT9!(iHd-n7SLm}gDZ_5o?*iMmvK+K0hxeay>> z>@!c#)hEeHw_8D`d>zHwZ-a;F3t#)-OVH*;8T2iI`wK!!iX9)|E^5@(bJ*J%%(c=z z_5E%5qa1&Ec)8cmrl4BHc0D}Z8)ywHF|TSOin~4mDp5XA6S;mo)prjN|@WzHjq?RR!2dxB3L2Ne{mHA>Gim_=KSeCgQ@p+yWINS~u1aQeO=bUK( zHSYH2cWA+}wD{3b{9!aIuT_wV`L8F(M67Fcj@!Ka7`m=dwbHjRvLhf@i1YzFcRQSe zIbSA|h-k_N^=wnpi~&w~?QetLiVBXkiNqU@gUzqFD}cdfeTH#HL!u#IU-c*WwF=H9-VX)5 zZk8lDYV_)|mhF*-JV%ZDYew-%VhGiZ$GiaIZJ1RLZJ@mp;ffI0*S!+)X<5*2J#u_w{VdQmxT6qANz6{ zMAVvDo*L)NFX}hR-csH79b@u7t(|GPHfPh-wPf!H>7PYn6F(YsMzF?Yq)Pn0-p7vE z2a$=tqIlOP&J;b?S4{C?CYmq=uoYVCPY`y980~5wks3!~>qIC0uj-UNAr+snZYsdo zzq;^V)j*^c2^~=_!|if~-{VDDFVhtQBW#H;#B zE!PK$ue+iR>_v)oGNE{Jg-oJWKLwX_!2S~nTU6XO@+_2-9KLyU{QD(68BC6Geo5I3 z=k+4-@SHOIAtu&#C3uPx3hJMDr`jI0p>oowupW$pN9K#iq>H5wN}N+)7=6FX5pk&iq7c-aKyO%L0;uZaYKFYgDRS z;rHb~U+Wg4-AfGm67_G0?6w#`W<}s6>?jCrQe0(|pmh~IP4F?t{_PE2C(_qqjCFgv z1Yjgs`3PFUz(7s#1j7$5qWnR}OobOsc@(8B*fAQHt=cRt{miWT3+U_QcNF$PnvZ4r zf__7Ow3(1)oZ?D*)T1WI{A8_8#kt3D)U!ox0?I~rgZ}m64-q0Q)ckJ4>}@v0PimG3 zQC4-=VfMb>tt0&C;mww2l{%l>%3m%&N`}W$;v4Ys@tNuv+Zcpgzxj2x=Z`yof-9JW zc6>vtr<843zXY(~lZmAu*KIR=!lqZ8_iw9ql4DX<4g+NnPj;h!2*t&WF`owpS$~b+ z1n)HG^jbELzbYf36TCZ(#+(=49?4cyUV&0tx8lwJ$Dk3j?ZN!Y+9PVCAUy{r?Bg|E?Hbf!{V2%^ zZ{Bm`xP9~yq63-Iu+(nbg{}jcL~1jopyfPYMnC2RZ|ii>>jWZXHgO)!Z1J zFDs;~iyG?g`TV=i&g(17UOqkM4pQkA5`Ep#)S0g7m%322;-jn8RM`#+Y*K>gGM~^A zUU7&K@mAJ;i=%>F)2MD!@#ctBUKg|)lPqd-*+?-%Tr7tqKcisiqDDd%;B8|gxL0=O z14@vSY=z0cur^NN&B|y}!LSCrxrM4+wiB~sMP?Pu-#a=Lr|aC*+U(5TY^iILsJrSz z({$0|CqjjX6(M?0rLWU`Tit02xI3cs>dvBvl_B$ios=o4*rEW_T`-v5p+ShsE|ptm z7}TZ@P-jX^B&-1T5&kPb#JML_dGc2|eF;I-4PusQ0E775Dmp1*&cJML4s@EsU;=GV z8PwSAsF2|~=(X_qSj@5?J?H4)8ZB+5=rolTw?+3SGXmv%%*ET4YPtw~A5{mS^7uPc z`MQ~cl|}eNN8*!ZWHvq<#u~OZo_`wqn*tQ_>HyyzhW0~$@f5AZC%epCWtU!Pm%ec4 zktmJ}&O;6h|Fq<%)$47Wm2aXQk4 z?M2aENnS-dz!wDO^}}*ZIouE%v6?FK1ZWp=fBj&4&rxcEAPabv zxjB-V)?gfkX1C~gt1!dq+Pr_==D8M&@@ma#6$|pH5e-cNoiFS}|419w=MUd3WHBDN zfjNyv#S{~Ktv=uu0)KBZb}Ntoh%Ve5`&6Xac427>D8#>3a+1D3xhy}P0*WJ)|<2eS*Gs_p2G>i)OLkxff zdfZ=EY;LTj&9HBd;cR_SaX9Pdhv&Dd&^X4txBNfG-a4$RuIn2`5$TZbl1@19FE*1k#~kA~#~eA=NpF121y!!a zDhnNQAoMz)aqFT;T)n!G2FfjU4jItf@9(T__og8|EvuO$jJfNS`0w#My}!W`E|=NYIY*nNhbOb?!oB;oe%@_uIzanAkps!@4d0ulr;RvXld<_K`%Lc7CG_Yp z3c6))zYam_=M{^^j05M5D{j(Y5}La%}cJllEsqTO>eDwBl&}kTwrN}zeQocrMF-wrjh$y z?Rrhli$rQ)#=)^3>H3452gOC4_BRWjZpP5xf`F+toZ^UUXi>km%gRyH1SI|&zGJN( zsaVyV>E#$-$)mQ(s@P_I4$C>RC1M1}k2}>qT>U~a!rQqVIBi~A+tqqSbLH3eboPzb zcIwaPwm_wJNzY#O^i8~SQH$=vf@Pvsn|XFlj%2b(R(_i5W3bZ|hbE6Gos-!M6Gu&D3Tk2lKUX- zw_a7^DBEhN{Z%tdq!JlM@iER}9d6au>79_$Y9In5R13DYqe2hUaz(^z!Mp0ipB3Bg zCL-_c2(+*y%o+kNSDh@3z9Qr};MSD9fAZI&GKv}y&> z)G-{5l`e>{%G_Y7uv9|%Ta#}yYHqif)-T20)UQL|@^t$ac_{N67Lb7KBc_YZPHC3) z4Qr0FZMbD03V{EqWKgf$`=`M}`y`{CR>aj!fwG(LokS$YRlUfEw0sP&o}U8Jeh#E9 zX~msu#~HU4HKw26Q?BrvSk`6R;w4#i<3Cq ziTo`dkFAktv%7G)wE4LC4fe&C_r(yX&zb_ayJEi-kZj8ASX78yh$g~J+kKkf=)9z~ z9|>m+xZ`b7e-u8NL*5(S4J)B}q@}CzbW+(g--)I!ocS`yVsBSBKHC?0A>L%%;F|Q- zUXMWX4pm734kjmdQWhurEb!V+gn;_CzI3AeJ2)U4u}A4-Hnh8qJiioInt=*-TrSDE zga8A*QEyX6?edXvf)++Z1ZOqb;F%JaUUlUs*QXSn-o4^L_6=KxZmDf#pv6IKv}>T& zTm6;wHDEBPk}zW}cg8Q@SSQu%=W&_P1t!bI6j(Y{w8I=<<-cdaEpMt^|`!8Raw|7piubp)-eAbiRQt z$RZZn@fM6YgDin5T>2YCUFep2h*dd9!CQ3mowRV44E0EC+I;w$CyC>t9U~%*xARoe zS)c|i+UIVLckW&|)NlBw%@4zvY?nyVT%tqH^H~u2&!GUQJYlUMxfJw$uJd5xQh?$8mgc`lnwwd@N;$E?8bGFNI8=lsSH6?=| z6r@k7@654cO5F#G9Bxz2i)$j*XK$ez7dnJ(cw{{>%)#bX1flZ1Gg%R7*sJqBGGh!b zLD~Dnpm;Ks(bs>|2B|3-^krZ1SS6g>;i`ke7k?Sl0yA~g2lU5>jwz;YPWLHkj88t^ zPJ>}+5-UiVhAIJN8s6$_MlxWK81pMIOC~8sK-$*Ke zJuSr>hY*xQhwT8`$Da6*UObarms;8n%FVRA2sqZWs;OlUY>+y`HcVN06EhcK?9{Hh z6dXn76(Acc5>I*V^|Ka}6F6Y{x4`!P z0I6j^wzoG+C&>%bps0#!b};}4(xyuc6uW`ey}<{^Zmh#oTp4hbv{kJ}j)^I)!aIMI z;;P+29T?yuR76RH&q*Vijf*CRE-1G}G%qr~rt_iY7HBFg$T*+F^qE54a8X9WTo7UW z@(YJFk|q)U)nzHgu-*YZm8FIxVe;cE?U_r7f}jHHJ7LjIt>XTrbpY8+-3x{yIE^_9 zUhuY*9R(b~vB{}kP?j8Hzkq$nQXTGXqqN@M^oheNPJ={42!bT}lMKAAK!c{hB&hb? zu>>)0dsxpfgIg=F>XECQv(#;?I5hlv`lwRK3wa|0Q6kca9{&Thb>-?+V3C6`U6(mu zm8=UCHfP);FiUog!vJR~WvL^sPjzK=IO%(M5Kqcke);w*G-)W|hPB@G$j1m-e|tH= zL-0c@s$`I*QLT>q`(i<~XV8jyltq#wHSJfkUAPXt$1HF*DDHCXQe@jRSb+IR8yQEw z$EQ)9v4UsMqVy9uY1B*ltrS93DT=@O03Y;;gc*oInQb}ELu#ifhS|dqemO( zx+DLZiQNj=D{jvka>)%xwrieutL=@u@a>iFUsy%E;8MY@{#wGXw6~xK%8AM_Z(ca$ zg4!m`Qun7cXbUAL8q;<1>AV4u8I+G~t}Po@`shlgLvZ_TDt%Z~Y$~n9c-UxBrc?p* zk9#sFv!7MoOP*DZ>6KiXt}28tkA+$Z?L08l$1X&w*nw$wp|2rTTYcQ60fZY zE^OQAk~V#lJz*b#&z?zi)!OF?H)N26NX61<2@vHfGfzSqv^p(U{ZNtoFz*{;xG7R} z>J2)!{ofW^N&O7elNw`Z6j|P65}mIk+n>R7B2?znvmj2>iJ^SXs>-CjmFJ2va)yn` z?IiBDSwH>((AiY6LVK)C?4^;C5RK9(tV+_*a{OiEyg6SAn?hz%MR^O^ z<~>!eTbEdoWI-8w;*$Of$9q`_S5>rUX_=IJH(AifBWeUOoiCGcAvXS){ zs>27gHL9AieBmgCFMj7(vuIKh#Cp0tlBKR>EzJ!80NDMcFbWEvk;Ql;Q4&;L4=rhL zXC%+M^x{Rdb&^<_+W2Ze?qbfE^<*O0x--Cwaud4pbapx`nHIX4vyYSC)h-FNYi8=) zSW2;>j^CA=+|Zlb4=S;3nSHN1{9(@Fw_#;|g5@uJmbKT>dXp4jv-h*}9MK$QQ4HO9 z#|Xe%W>|hc(_M$gobn|EPbN??>5tJn`}#}ntOR5FY$f)(H{w?-nVZR;BBYOTl3moV z=(k;Uiy*`L5c9ZgKBHBNH~8W(ybx{5d(M{NY92ALFu-^qLxbeQ}20WD~ig-NR7W99S~Oe z`8VNw5|N_D*yOD?tQU@U{k3)}J$q-|F3Ep3h&7wi*+`{G#Aj3xcSO$NLS5hDQ4XFP z6Xd`Dtj*VnN{#!rt#{w-9JmFU+i`jBFQkV#Jn2c;jS&Ef%O1ysg#x(T6_BM#CK0?P zQ*#R$^O3h#noTCb*?WyOSJB&O!^l=nda$eg!M+YNsB}UTwUqD+ z^&TH)j8ELyV2r_GqUh_r%D--QWZAfJcHD@uD#Evyy~!MT&VgL>I&>&igMzV<5}c=8 zB_}%WXhl*qd+$mw10I6uAFMu0uk6BwUz`D@mpKl-3VG8?TWV6f+4>^<7AP>w8P=aN<}guJBUNS#_cz$V$F-y247(HE2@q3;FaP>s zB80Ab_sa3how=clPh(~K%H>@YtW3e3QQrzqQSQs#WXb7aWlI$(o6WZP(CmxEI8Dv> z>0%fLjftNjps_xceEHms&eZBovgzKtL)%%039VJ%_cHe3i=F=L!zaQP!39gL!1A)i zfz_(YAN$r9hR=HmzAsiA=tQL5uTo#C+z8Lly*=g6pLFeWAA`Con!de?+feI*YDfq# zc&v2ia}6;t1RFV+Sb4N92<;rbnY9#rsD7Z-P~f#w#NC;#)+En6wX%W#SNx`2398Pp z2?=2FU;O%Ex!B@1&Q-|FX1U)-kf`q{7Jc-|VoOE}cw5A*W4&68*(usETpVxT^ORQyK$3;VzYQ)zdJj+IZ}Nu*{GdqSEXWPVOc_67FBhE>>4);Pi? z!2BW1(-T-KuJ6wDu2!n9@AMYJa%|0u994X9 zZyKC|3cZsU-d~H~SscNuGXXjLbh}iPz4L|Ji{YOqVoTgmyLAaBjb+BSj2H1rUnBoL z4)FGw9e2o?9l^%|8v?@Z=0nnvbAu9fezYdGy`z*`p6fJe=#T5~Vqmo)oH7StE?u94QIvhFlWCc|Xzp*Kk$qUICPs_D z#(=3u2a=*swyWlG%J3X5G%*{m#2ZE;;r8{B#w(?{bAEehpm}%tCV1Z{p&3 zQk^aO-L#o;854|$Sq-L!G{x4;#d3JdSSo@b9O8MeOED~U*h?l+~Q2_{| z-z#oR$6`z{Jr)|upzu5`aEyr+9>l7}ngII6(H*a9u<|&0(kOQJ9M0amx zxf$U(t}`?G(6eL4#_o)V=QM}!R%o~sK^ZzN7NoANq`mh+ z!nEPz{b?b89_&+ac08T6Q!!wsE~Ok{*2$wR*}M69=+Tmyx3^RC9J&o~6)w4Ip9G#x z_Y}v!+?w3>mn;!AORM8f#42U;6&i6WEac#P;l}L%Ys)Zw?Ix}RPnZ2}fuXsJ)2a|@ z2T=kS@2_8Y>L~68{J@F)#{8bB$VpE#Ja)x_=G^C%CnJJC6w9gg$ zPfYMkwKpk|h%4>JH%0_2PmsqEhXn8I@DByHnEn(g`q|6js~kxBWDZizNq0tKv9CY( zXiV$~tW>M^Lq7gwV8>OA+(0TWX*(;299w}sh~ccrRi@f1ce;E1bHFg1X$PaP?l@+c zhVb&f4|Us_96l{c zeoI*qt%!Eru&KN)1T-c-+zRxQ3Ny3ar7uVb0u}@WrA9rMi4_U)ZY@DMsTh#EN`0S= z2iHqtyhKti8w!qe$E4)H*!lDSxL-XM{AKmh%2q$b9ed;VCDH6xzXJPI&E=a#Uwu0J za@iP%S^PV$nVr6d6I^SMv%mS`++I-59MeXha)10#sGo{AAH7mTXFL?4(*@O2(an)w z5|AV3u>1I}9!Gw!gfv1H$|ENdUstSZOS}F^e2&?7n94!;NTj zJ=ZD*jrQ%gMzrVXl5BHk=F=h0p?pUL2Yk3o%5&&@p|^UBGSsCZQ^zmA25Guoz&ilQ ze!;rJvTt6qB_Vq%6<_$ynwRqV5u?b zTb_k{l#`4uQ5o~?E`qQnVz9Qig@nHbw&^x-Sk z`9EhElxfbNAIBMPuU< z>K)8q+G2pg_TOD)WfB`Nx13~-90uCiKiOvPJ{$wj9+cqpSiDX}WPNosB@&(w*66L~ zG95D9(>rit*yfA^-5Ucl*Oui9bI=yb2l&flO;y+@@Rlup4V_+M zg~z&2sgyWlEOIh!)ia!QVd7v{W6{4-x!zqh$M}A0bC+akGVP2p!~s801u*6fxUT(F z^ewcDCfFLXf8IpuXy}W=H;uE4u0va2hMGUf{ltN~3bb|Y zCmYtRVpbB4jCnI#emuqcq!7ipH;tGsV5Z6lm&trznQ){m)vulS!^8RQe&jxp;1z7C z3oYPrf0}fAANZ)Ur*CLz<#UIo z9QGW{y0YfjTFBA4ZdA%4zT6WU3R|(FQmAxtqAxm^^$BzYC$p_NT-8eoVri*O`&$F3 z6f7t}mGK2BG3Md`|4#yY?i#&OZ6-+Bi1;{BHXGK7cY2_+C;kUFvI+?d(q*_Gq6^?-W!-$$bGo$}O>ft5j(Neh zZA2LOWjj`K+&u|K6>`Th#;4leEu-O6cLhi>1R$C89LFG+`Em0z?ke7_=r`X;+ADm0 zF**{tk5R`g{~OzFC|Z0AgKLNdi##$&pY&ZGWfTfRHifL#s6#Bf=wKqR3zMi9DT%ep zy2bn4G+`h<5f)*$_pge7DUR_H4;^s^<@YghF3Rs;c`5mji2-(7i|O4?lHoyd*v3Um z9DGa>*_Dckx}j6)x&6wUc5DJT*cP$E15T%Bx=mp8L$4{U-YJj^6BEKonAT9>WDfr}zg z-=t{5?$HV5L58E&i{@m7nx-|o!TA#Q|_;uIM$olmRH6}KIU5s~?(@&276M~;~fw;%XDHL>oKYu;HMn-}nV@;mJJtw;F+?BSIkH8F3HQN$T zUC=o3mEgvKP6}Exd;I;?%gBteXc$I9fz;BC*g^d&;$dqa-sdEhd`|^Hth+fF1e{NE zPO)~@<3GE){XyL4t0QlV`iXVjUW;mh+;r31*SA^&i3o|ksC(c3GPL|0qa1%i_;+~r zAhA*S#_{nW<5Q`T&V{jmZY+$nqFQ8mgK+gGlL1f^Kftl%+x_k& z1Sz@}k#;P2F_EZH=52I+G8evEi%R(HpQvOxC#32LN7BUZfxD=v?AJl3fvKv9Cz*pN zr!-n*2esSBLVr6t=BVcp&mB}*xKvr3c|S@?6oDkZA!0?m1(e}&DaT8#Fusyv1ElnD z|#S0E0!0HIdOR*SsIh7?wADu%`GW#mW`Gu^m1ixjgBfzrSy z;Lo9|fkmUiMwL;z!U>{hxqf9ONt=)r3vXMt^izi20on3i4DlmG9vbcLc zN@Hfu?cw`GPfJY@MjrPem2W2h5KoY*nO6A}t{L6cH2#C^QtvLEUdq<2k91F%*F(wl zsHfX{5mrk6<*|rTcShVw+>q~NH%8NQB~G{AMUaT1BQPty#oA(qnWmz<*_efOxbcat z93$LqO>Y4Xv}yR!8O795DEcWp_QrWPWF=KdNR)*A^UDX(!|Z7PCWkv|>oKN3e|s-- z!s?aGchcUTS?!e(^ZG5Eapn~}AwGa{lBaU(ScL^+Dkt^;umn#lyhxZl(ZvN%Cz0^S%&2W!Ud>L08QE@jn z|A7IPskHAB1Rg)WvJ0q}5`?gR!$$uB!GKri3qW~+1D#M3c?|po3$Xwl2bdU{Z*AgQ zD6!U}o^^O~@4tM`B+7PQ&8Ax!lkipf_VRBkD4mqUnvsN~48UDScweb3>n}GLOfbvc z_x%Yn8G=TlI<94$u{P&e?5VVYOJR|h-dNqbr=iMvKnRzNC7=$e^q}IWg3_Gnr#2UH z=m}BQlo@;$c$b2X_wjEDmtPd%E5Cl;3)Oj4)E&+?Qx{%NbvNH!Yec>xE-m2(vxve)9uoz=7K8JdR78)&P+19s-K~^8{ zqotSPK&yxzCqN#CXfEC?q1Q7HJHh6>rMKNvCB2o&jQ@D}MY z3ID)a?6CqE+*UfDG}b3pW55(Yx-=EUXo}65GP_`MjYnxOU2U)JDFs}`2b{Z{Eyp6cEeEF8xm3&`9rHVXSqIV} z92$BmY4Zdf?xq>>v>7hC#Uvj+c3OAWfv~)=tFD(XiOS|nDnaAF0f)_mK5kjl{Ctz{iSYIMRtVpN9R;Tc5t+8EJ)$QaM8 zVlgjMQ9TP#%9#4N(QGu5Di}{&cRB6|Nbpk7Dm%`H5YgP5xM-}FX`iC09+lcHKYUk) zUbCoc=69){ZuPmYI(TrqcZ(NAH`Vt|t3nJ2Ee!E^juVIHCBoW_e`#a3Qz&$ei@J6A zZ17aqA9NtSFI`s`yC)h)M6TW4{_XiFs+$;|v1ZoY8YRnHOU#<6BOdGp5K1(3H|6N! z{#IVrDn#@<#)bE*An3Jbx37jZ{mSeS3rKd~G5RSntogA-S+U7@UOf%arAiw9LasvWDEZ#fjHW(y&&>xKw6ma>smZ}644DZd78y_$Fwm!Bpd zbV6pt(>0_iD)~!kyx8cpW8BCzm{NsyPhY;AND?L|`&A*4W@|bhfRP~zfG z)X~0GZ!yKq`Ha_0gr8AKDLdQ$UOQs3i3vRNHz?^^hEAPlM>b*1~F?9&9k!qeNPqE#4Xa}%2Sfhg~v`7;uX*C)Y?q5YlN|B zK}Dz(^S4jCBPUO+Q9MtK?sXY)wJwfl3M_@=&%!W9GjexQ4h5p8r)gV1z>XLb`IqNm z*QCeuu_#@&oR~_Wk$b6T)<2jby8ppuUI?8eZjGG|{(0`TRrcdHj*Z%Sx_GEKF0zud z$aQzEu4e66^6l$&T~(Mr&5K>ufpi@W-gF&$DDa_p*y|~ayQ)?FWF-qF1#uU8RSkXX zrpLMCFiO%00An;_NN{25cQBZUZXsQVrfH4UtAXaihD)I2Jx#x=*Sqz&Zpt zI@m)Z;o4HHAE_)W>X~<{dSVnOsEe~@APdchLUMg%0BLr3RH9 zeSCc9VqP#^!w7v4gYvaGGtaKJeSjL9m3OBtGx_vJ1@i@n6cqT$mE?=B$!K94W>Dt@Z}YLDy?JWb zk^1w7ls@|Q%m~>y>x_|v}pQO)v(MXSCH)pWjIYh+v&*1)NzY`-(cuzc#K~@(T}-=J0&GmjCZ3MD4|gw)u3piU9pbn& z4*PE#FK+1kE@1M-sxMSJIws-wYseRX%DKW)DS8`cU>m{fwlIM6elyp}R)6X7ZkqC8 zMcL-J>1FpM@-vA2f+7MhoBPRo**5&3Y{K>m#;4)x7uogR>SI7pFXp_ zK9mP)m^F*plAJ|D`rt0U0MS=^8DHrjP*5_qxwA^X$T^Y~quDp^yvoYUOIINi6 zIiayJ&wu>o7TEO?0tVDKnE6!*Vp*FXLWjv8N=Tc1P@Deg&@Y+7@w>#--CW^fwAD-t zosHjY^b<~5^<(6@>KZEb!(%P=!?Pch3CQ2>2x!Ry)*#!25t_$2SrHi|1gom7o}W9R z0-LfbQ9r)P$)RTpZ`#%*ySN`rE^iOBk+lYe5gJVjfJ64eC0{1*;(7{dusc>WiLlp) zueYmaamVd$)XN?pq@Sj&2_KHd=3MvIHb>jRDNkwoDp@&96`&}AXo{QW8}Q?7Ei*Y` zXS`c<|4~Nz_3)tlaG{9GCX;-@7TL+E|Mdzt1GmE=rj1QHGZAH(z#n%ZtvRyeP@6Ph zK@TNJ8elI|4bu`gwnWM1i6gB^&rBs#P4|&fY}QU`6yIz%!u2oo8_d}CsnAR%Njsf2 zEjv2fmM_TflxFl=SpxmR9hpiNrk?1+K~heNpj70#n6Nq`YUcsd{t|1Ca7 zzAD#hKog6Ryb`x(MTTEm zAYxc>62>zIc(Pqv)n>UuT+I?nl=9&3MW?GIz7!?7lLi?)Xec*k!@R4s!es_~Xk-|J z`jl3xZ1ttKuvHIRWCqlH28p#21DH@G#MH^J5&!xd(UGq~97P0ibe=w6`Flwj#+Pok zIG_(;Qof{3g!>?@D$#C)89+vB_0BC1Jyj_$YZ*6xykaI5qe3PSKGZ8_I7@#w8iJy#Dm4Qex7I!r^1#$VMVpa_Xtf z6w_k537x!*0NUF+H)HdXL3L?z{4lhA$N-<{*n81{q}V#Hu!0fD7)e*~sOM(16R*hS zeQnZKC&zGJKcXVJEGByVcbZlo*tNpEwKT-Vqup#WkB9X!lc&s1g6ZN7<|_@K0}|66 zbnM7D;Pdc2lGE0U^ddkTiUc;YlmhmFSwv02I$}J|5UF1N7Ch(!0BU{C8>aJ!^utHU zMOmxX$*C^Wv;GQMP|=syn{@ETqJ%P#gf?YD_Uv(+qO(PA-t*%`9}I+AzyUGl4Ras6@6O9)v5)tws_d4nwfPgz%JC#Vl+&)^#`!E_y`hAZ7lZcE8M>OI_H4UYhr#-(7z0ptr#;8mr0qMc?b0)( z@Wj|`AF-dyUsxkz_9pFRCzDwH-NxlGW+rchrwlI*nlyMBcMockS1aRd62_zw3bQKX z0M{#zY}8UijF7+(Zbo}av!*v=O=g&LiD)!BY{~J@fEftH#o|*KfVETO$E*+&CB!00 z$d%pb)Dm2f`(?q-1d<}Se_fxAoQVT_h?>xA;dQYyj(tUM9ZyEXaLggLL&bJMOguul zl3lA$#r@F$=Y`^?sW{eLqN~dy(CFOzaGNsaMlT~!GkP;?+ed>$xSmptNC&QLudWLc z5q%-cXg*FozJv2fGAzuS{?6umdC3vI)~BS82J`FIe;`+zo2)4Hc>fVJdha+3g4`Le<43ttCHr+_}IFx%h#r>VS_zy)MYU@>AWvE*p5LaW$BiZG_tW zFK?QNwx^Wod4JlM?Co+uzp$jh_j%aYP+h*gPQ`s8)kowWN5`MvS}S_<3@dS)yquh& znk)_F9QiT8A$QQY<<@x4Y;A4tTaBY?dCx&^r(u&``W(H}LiumuGO9hS)S9bu$NZTK z6c4=%2(WuF!yv1IrJE8-dJJh2P01l@%1CUHEYm$9Njl6DXO2|r4DmO}B_s3^1%dK0 zjPD1eaub3Fl13Ier=s`*;XtL`H+0ekc?6)3gTvY=k|U17;XKs2z+-$xdOa`jaa z5hckm^TJiRZ~084oy@jDyLOkUvb5;H7%d3bcZnEp7GHS+;`zL6Juiyei`)DaP;S&* znAU=FK@=C{r0Gr_cTvNwrLLUis7Xhw!wFY+5?xPhBlV7^8$mB5DP+>~_bt>=+U?@FxS30oqIjtu9 zt+sy&Ie(n4v@jNS>h%M)2qj`S!W*lbWLV!iHKj6(qOJ*Li7)LbTs#IugEuWgZt?t+G65|8xc#r;5pmiMt1mfSOht9rWhT)tm*ITs=rh7GC z6+3Ay(CXRx2Mppb=scuc$f{Hh09Mm-^(bj_uE>{4Z!uTE!CS%NjmFEjX$J2`prus8 z%;lnW1y6t32(%!HO*7@Ty;kx5djnHMA!!?|uMoR__+Dx3I_bKJwT;@#mjuD`Zw*-7 zv!Y-^JnCQs1D3 zKWyKdmuxyVN#&dmp%Su5N#aZ6JhYoyUz~k=xY0pr4@jD}YC(}&J{?OKJ*jI{K{hx+ zQvcnuwwwNES(?9E8yPjSAfb5O^_}24DYRpVcB^yllA9H_gAs$uz_GV^O1<4FWyMdY zPLWZ+PHZC40U?RV3F-xIhAk(xgezFOuD>Njm#{*?7zjaSUB4-PWB9OUDCu5_&?Mz! zny=n9;Zqr_T{$*9^v1qV!uKdNok>&;xV$t_8Yq^M9B_Zd2%Wy?vRlGwU1%FuIUf~3 zu(~sX29@Zw{Z$>e5EN<#uJ_F~E+`5qmi8xX^K#<*aeBdft!vNvy|vbGcc%11jYBhiH{aNJ5u$z2tLI4~$1RO|!p zD053i#4uL7juRR8EpdL6T2;$2I7?7OJrM&Zrl$%&BTJb_wg%@+ATx!WO-&V5UH}yJ zA=f2-_hY}4$491)G41#Int-3zxaKc1>2V%^}wDeew@(I z8(eb!!VC;ej#j^LV+Yb!&JejBg~~9X-w0am%!^|Ei4Q zT-W!DmZD-xoSh8jX2Bgv?BSm)FN|HnNEhIrP z7uhhmkdqwJ6GlLn#@`<~SM<*8(RvExe0?>C>$shC)+ho0=FNe7AW$(jBH)1kN;>d^ z6!|Io6}~^ua2Uk}>$|FuW;~0KWa>58_P6hn3LTPWax3kZlijjZBIQuyxkF32#klfgMGToW4#>=a6dK%W_ zjB_bV5K-_ae40PPL4%waf523REtT%RB}ULZ)In8^@L5!=d`3&r^U&EQ$Qdt}Se<7Slk+X>-kx}yudGZ)eMZVi zT0NOWD|ZEbI8KcT!w)pS}I}aq%THX5I*XD z1)lR^w8d0`{8?3wLFwuU3%c8c0?63T(c#9OWzHmm-#o6co!kE0Aflu(O5{z&a!c=P z!DQ=~4tj#lwk&@RM)yqD%lALohp>GA-*LTINU|2|pr`3=BME>W@M|Q~TY@%poLC^* z;hIoD`cL7;Y#=}z5KPk768fIt2omi1BLqnbiIL$`+q&M zh#dr!_n^5(zvPjacVeV{Xyc*u z{uiTpjJ(~XU_gTVyV&dGHwO#k|HG)a`!)do|8ThT4+Z~%z%Y(( z8XEt91V;OZf`7@?Z3yNr8RdUqa>4<6Hvj(zc3^^@*NygE-6aEb>VqZ(%0O%W=Zw0Y zB+N14pwEButLs1f`Uktv!2kvQ^|P}E=IVbP6&w-tPrQN14+b&tKjZ^{aOpOL{V)3U z{~P_!GyI`Hym~co7)Kw(ni}l-_K}aigzwI&NX7&8)8s#aHUvm=e`?tN|3-c20u4!h z2RzsIfiUL!OhJ9;2!Zb*)A{#wVb}yE{JUf(kaYi#oCpT9;Sa9=00;c+{{ZTz@o(U_{x|x;GyD_yu>V)U|F5Iaz`}jjEWl?Gb?eSQ6#Ns0U}z=i{0sR1eU1MD z&hxYXsc*r+e_r>0fG-c4@GtIx|7hF)3jCaZ^9#(b{{{U2I!fYy0YC7+2oe}V{}=u8 z{|)%hGyDVi33~rG!2hqKK6HYF`ybs3fPfFC;GZyjh8Fd|fS)t3{hsccCj&8)UCtQJ zZ${X;{aR{^pp-YskBMaVUGe*1c+i)Xy4(iX$Ve4omF@Fpyb~9P3`-kNCr3py)5Ad< z#fuu|yBq}X9#2yGPpxLy_Y|vifKH*)jp4n)Zr2+1qSTV=Cllb^%}KK&$1vceIi=jd z$ao>WG||#xwtEo!IK-yRnADjV^YUf~@3ypXY3ryUty#Cf$0VdF0WIM8AYU4_dX;nkpXY}w2d>Zae=l0Jtt<3_2BeBKfTDA{mx3o-J; zqx6Zo-}OHXKdnu$9P3rWtcVnbKRPab=JBJ9YfF-D=qBRGU2NF<T6N-1@CySFfz z>s%4fDAgG0(m_B_n?AmXJA8LC1n;X&aK&GNUq6smy?>Z?PFklAyg9rfx)3cH8tx6_ zojYV+iMRj!D!?8g^^< zk@cZ@u1NcEDoxpJY>>B6y{YkVaXdGiclwm*h%M>j^Fy~Q=r&FFh5_Xkmiy_&iEm{K zcG5i$VQGmQzaPT@mpjYFuycU)=DUWw-@^LkqwXEi(<6TgaLKd8&A6>ezsJ!;y>)aB zKS!6!>(6^M#WmU*S z@qDn~xt%8XaQp30e%Z+$D7#`!%sY~Ht1k(dIbD_iU~K5FZ|WShhHz0RqA@|6xDIr%*Z_^*_FAi#GBYLHJx((aw_=go$+2k!V zCoZFo*lv84Rc$D$8-3YmNeU%eWr`mRX`QN>KP&E_1t(}52ptSk7#<=Ad@EaTF~CT3 zc5nuKf6l;?3Yn#~sUt@o2Nc3SL0ExNB(t5`-S92-TMS8qCKELgTe_`3UXC(#83 zPD_%QklmQr2bv^ftxza;c_obY1o&-b&7Zd|V$L&3S{KH*>#|3r!c zdOtw4BXsWU>9rFwV1Vs$OjzzaEOg^grjP{W$2orORaR9mP%mrPTu3E_j1MYj0!D`z zkV^ds9W#sJ8crI`qw_e)u$6^AUJ%FAxUjZxQo-x-t9+qJlFa%|k{<_I>0Ub$-G)5{ zX(DSndlcoDNQD+}4)@rYDRQ|?^s zyu81m#2uyLm~OG|8}fT4W+vf*Mw$T&h`%6(dzXnD2o;~ml-bMS35~C7h=szvu74PK zwA!NdE#y-h^VA5lHk`-iU6_W90pzga zJ82jE42O%6X_ayMh|658M7^CZ_Jbvv(Am7^^=y#wh@Q{;FPWUb5qB2pVN!(5sB&I> zV9tsCEF<#ka;HPneS9rOwnqvELb!vUg1J20Ou?0{nBD1P#$D;O+xCyYXn{0fi8QpbVe}k-Xu8z2vi3pG$+r&%~kR3zjn}Y4ly}mr#^w9|OExvF^y@Bud zMR>A73V3%(4*ky(&TsqpdUT>yve4ng=J^=2&>6 zn_V1=;3JfOBswD;%Q|9CtS75lg?p?1UeiD@`nOpJUtcKgx(K418Zm)@sDmGH5;|sA zWir68w>5|@CwZw?n%xvP$QS)0yX1=iHWMQiQZKaKt3}?Nw^-0&dV<2ETEcOou=KwY zzK(lEg%b#G^R#9}@Vv2G2w!g1-<~xWXIbcC{Z&1A*k8Mb`Vy|EP>>I82eVWFnN{*t z7X`fa7~kPs-QxPm%xxy}NZ{Z&K&v+3xf~NHO?b{${L^AmWK|`N-SCLik<7;a&MF^v z^~xYLq*Pi&2Nr@H*fP6d7dDR+E z{jzk6W%p(L<)U!?uV&j%Vty}2&sLJq+C1-sm;7&SZe1v*g%*B9mi&U|f#k`4;AR;X zGaE!h@AUefq*+B|zO0`n{?QZChTMA>+VAMxKFFJHnI~~)I5I!CB=|jT^uw2fr|x%m zM1PgxUtOpaUV+hr2n7k!i&5l*o8bQ|kcNg{Jb$q?yz~4;|A_RTF9^oCV8I$xFUrCP zHcEGl^?6w07~YG!sOm9NBJl5at9gCDbU{G)#6v+~L;TOb?;g!jS7VgK;4%NBfg%1i zMrAmPXPiPEJV+^gTVWfdrm5aRKp_6lb0EIIu$_Q_a5Q7Iv2`*tuwigCHrPXZI^*F&ZO@&(j&x-W60M+&a l^+=)UalAA6-FX>cErMdn7AnSjw|4|3o z!&{;6Lv_lyqx{(>_oU-Jh;}frD%*F-x&1iF7qBpZUh*zi(#4B9&Uu8z>HAQouRW8QtFi8_ zcFmd_a~B0t}=Ip=%7D)b`L)xs28EWN7JVFtXOLhIMJmGdlQ`;N5L^V+sH zJzr9;VO+dEXWnT&^?N*?=`rfJy?zlo`^ng8bZ2n?4EB2HHh(SjLOa!JtGPe)jYjL& z;k5n=pvzav7>9Q8C}?p}v3VisrrGrblupi53i0*u->?^zULmd36`PmyY>X7HY*M%m zY#>c-<~eL_DmDS1h+$Kg}+kx&!~mX#uCK;uWyGE$j?Ru-_QQ@`tVl8`c43t-!+T>zNgPeYWK3yd>FuJ9b7K z=UmuE(>8}4&lfwMbC(Iuk#);#$84(gd8!A(td)>uj_n*yG(i*wc4r7beE<0{;Jf4x zn|P!w6Ud=Qy)}e>+EzAOJh*8*AoJBpTpoXRRjNW@fo;uVoL^ui=UL>_MzGf}Q|*JB znHyc9&zD-C&WfyZ1hTtu&mcEB=LK_?R(Emzg4oX>t#gD5@^<8&60|K8S3*#}`1Myw z`8K%UkNsAlsomC&ibHMCY$|=b{nFrRk+Oq>O1%d7cNHttx4BbYmSR8a0jXV;&-=bG z2B_R_V^bd-nqI$P6QfYF>u=WYjmYaS0v$DvxP7iU9E`pnERCpZ;Sibe#T>0Y7jgPk z2Q)LbZ6+^c`yHohdphA1JPP7GzxW+YrDtrH1V6^(eznhHn_jn#yJY3od(_erxoAw< zlHH-@dAZDIt?gv<7?)}*20A&mHt^o`PcyCvI}Z(j3KZ3r{oD zV-Hv>OQ+Z0KZXe}f~Yq=e_{AXcD<^6^?%(as|C)Ca>=PbeeMywT)*JIN1IMuHuxQJ zIC`>0a>kIboPO=LCdAp*hv>jM0MA~98P>M}hj(?It9XW@tFVTT2Si}|77KN42R2*< zjZ9Y@0?#wqVljk|&d;L?BC%cOIzv~r!|}jSMe*c4*}_W~s?g5^1PML^tD1m~Mz&fZ znz(0e7gPBYu@ath{HauI9YI|sKNkj$Jk>rk`Yp52otfp`@Yj;PJXTGDzPe(>&9IGE&2t%h(3>85&G%S+?#t4mLeM%# znC@^t4!N8KiOn1agY?^b#rN@XT52anDYv&@@XFZ0HfrrNUJQz#2MbNtv}zWcpziL# zg4+IVdKMRUS1WtbcWj}GIREkwzd3uBclWojN;cu+JB-F2pXk(7=CB_s-^9(mR zTzSovW<5DAb9y?q_TcuJq{9`a!S55!en?os9Nt$IqrAOb8c57zR39e^Xu_@j_hlBCInq{^}g!YuBXw9dmde%k1Y z(c?pz`fhVR=dv1FU(w~UQl8?FJY8wFFY8onn>;#^ z>}|!3vW>eIX%u`7y)8oH{s93pBE1F^PET>m%=If~Ag>s@M}2%{y|OX?%z$N}fz?m} z#>tpcVekFg9plb#WocvP(FhZ&g?N7a*DvVZB8@LRknB|~1KLJ7mWmt_K805>9$J@Q zT~8UAquYu*!{17~{cXGap@42HA@1Eu!nXyrtXr$Ytna5E>4*q4GyaP zgS1pzAbpR7O^nl~<}wNa37g<`TsgzKrL$>WrU8+C&55cOi&D1kS$L%21A zwY|FC8gOid;mk59 z8Q>PXQmR-s53-S+#r?gcNtm;2F!$Uo%loxua%2Me_*-H9^Jc%;5DX+znYejeGNNG7 ziHP{T5PSUeCz%#kn0VMxnQvRuchU@)v?h7K^m8X+NK%X@O~T9bA+HNlG7PvsjR$FKlmTYd4TwWSSrkl54zx^p?hQY83azjQOWZu* zJbu*tP@Gc||KUZ~p{&Z9^8VEp&zGdxY%%T4^F@}h3vmPIC}Ow|J6oHPd<9(9^xcj5 z>?eN*+*Q}S5EV&tJ}+BhQA(oJg+`0`6c6w9&}MWN`<(u~X2KdK2P;#r#V7 zt(5OKp0r$6LP+PHCw`87)4PgW7;>wRM$j(JF_Dd|SB~ssm{E!=0a`y8nD|(StLo$H#BWFCY zqpM5H06aJ4!Vr(2F)8@-yBg$$vMBl7y*nr5)*QxzZFwzet)1Eix`J$D>LP;XO`ft% zOa2iUk(IeSjK02gEsnG;Jx5de=T~BJ`e*yC0o%zhmQz1uy_X;CeD2^md;cW4fonu5 zmX4(lF-sFS@OLI@H5{$eRh>U|P2X!Tq{XOU9 zx))3z(-2D98NC(?fF*2{MeJAu^4~!MHmbK!Hx{#>4vr@3qMM_f7!5iUT$m6zjZz50 zBS=uDi*ru1o)`yd15wDz7w5JMoPxvM4JR9H8IN2ojwtIVMvyro(RYS5#K|U5q%l4) zaGH#`GrGb2nn8}y(kT1WXnb`-<&aN3W-v>iZLMLJI3OE=Y}(zI#x#SMR8uo+ZBB$* z*J)y{;CRA^_a0>^l!lbXmr5zEuIa$(y`$$NlLaLsz`LiWLe_d&hNa0r7@+>c54?B` zC0wmZt1t4=Av96h(%Up(yGS;_UD!7uFwj^v1k44rB>#KiU^m4fuK-rvC-tbo=SrOP z#!U$3^d_KTrEJ-4?Wrn(;?GJlF4A&}`HM%T_t>*XFlrJ++4k*=xE>2(K<%neb=aef=K zwU##CkL8aIG%jNCDkT%> zcozfN?VRhY24F1oCS>8}T4||V2g_pYtiD>gQ!h+Kx(7!R`tuqkI{?RewsQ}qX_zSs zi|yePYLU@^l_r zVtH?0{-5TV5~9%{WDpaY5Ut_Q^;Qap=qxh})n1~T5H>xPnXGxyVe9Nj7LYV`wS(7h zWuse)8D6TIbar9{y1hvJ(F~${Onv94gmUDtBh73`JavZ3zpoy+@Yd?RLC`*wsZrsV zc)2Zy&?O55A4qIyt=w2`(&}mT*85I68|=w;oZam|^C+Of8NmC0F%16QsPW$GC~JST zD={_+l!lef=*Fn2u9RH%Lut+!rDK+3{Z;TF_Y2E-m6{B2{+*^h8bpMD+LO{8z1`+5 zZLj9sG(IUqW`XIng&|B|_99dqgI}_SR&Wq6rqWQ*($+GSi=2Kc!usf5*pNdr1Yr{K z+n-%~v;TY{A)5D?&Q74+>@2>yF`Kog&R0R!FL!=(EX-Y8fnrtDakbULtzV!-gSoC< zXJg0@?7@AWq$tR~Oia7brf`?f`(%&DSD&q&X+ehxUlOGJKR_0hFAO@{N`ha?IaP)) zvAS9OkPNe~Kd~W0kRc?<8Sfdu%&f8*osG1fDssXWkJA0~^t3Kntl{FT@6|O&$}!TY zw)(Cj4W`ScPSL@e1Ib?a8)~%YM#gzDkjTw!P^ONwAM54;o;TlOfjUwqgz)snxbpzV zWN|G@C~kBltLHO<=^aKkS`8J7tn~wm#RX&4m*y~xi_++`cu0NBVzxVD z>o307B2*vDEN+YhOfs}~OL3)l7`raJ^ebHmCLP#0j#v7KI=?cmkidjR2gA4ndmee- z*DMjH@Ga@%G)(v91`-x+GMuiiu)6X?l+(<+OUS@_*Z(9#E8(Bysr5YbRy^rE)-Lu$ zyPmOMrCM9FLxLQHG(`qfAOg9@NsH1-s<#sexlJ?A+9~RTQ`%~#U}H^W(Q7c$4kb9^ zQV1Gio&WFR(5ak2i%arrqOkm~9wsrI|JWIBu$%N&v4ALl!*a{ZrS3M*LW`n9;)V1? z!-eVU&KfvCydC~_UYLtlbw+XDRT2b#r%S6%W*u_ z|GKea`IxdmtSxiWQ}6BGbj~}AZ@YEQSbQIkak0_Mt5fiu@y`48ZoI2soGnx0u>dYj zWv=Zr(1`W1R71uA?#H{_+9oqd=u!_VGkR;aEwU3T>?g`r5B4!SeeeY$R}gboMo1((lRm=8|5VnGD*ClseW6 zk-P-b+_%hose4LEmRpF>Fx(qb3t z)=J~-E_5AzANX*(f;9Ps`c8*epmR`d_wz?utC=_C8GOQ`Z0*sZm`-e8R~j zrJMwi-|vLki;_|Qk|78&$C1LlL2v#qs35I*oNXaQhM}=K(2BSkuETY3H!EM!oPlH8 zwqKIMdff0qpn7@Wjrx~Qiqz7F=wDB`JZzvw$VIx&z4P&pzu1$rIyi2CAd60y69S7(`4F100N~ zQ%7+O_(O?qnlTmQhlYRU3=1OTwaAs7QN^{`8I$j znJjHA1z9Z!Xh^x9#hpa_I+B$727~5nS?5hXA>$S^FWfkifr$#H)ym*U-KIIjF)pgj>-sC}P?}012Lfn&@^uKZ~^%FCNi~vmdh@ zVZ5hN8ag+uExLr0wCzO0DMusZa0)pp%zofMK2(z12_!`F{cTw=(^QEDKQ+r7#iT$p zBrB_B>*+wd-*8bWdTXJ@E5ScAT=^?7ZIvVY7#bf<^4Uk{{k}T#_Qy?0<~o+mG`m#* z@&}m>UUA)*=O^ye`rYMk04Ak+Ec1!Nuyq@e1-m- zCMOt34MYiQhj5%(i%WZOXwR1)Za%JQj6; z{U}{-8{%O=mu?QGE{NT0GE`Q0*i?q!3{?dM?NmohX15#@=ToJ|#1RchSg(q18*Wq+ z!hJUH?E}G%1++Y0Cz#quCrzq#m_;eu<)VxgB-B(ngc~Q&v&-M!K{AJ9iY=;&hZ)x{OhW z14~}FB!uDA46(5xMBwa7m?-jQVr_t~-cv^-rSsLX5<`bzu5hf+r0dh`6R}Y^q)=Ql zWeJV#TtzvJ=@vbqTT2|`-R~L-UElRv$ImP6ybkvnlDm_iZYwqfxb>xDw1%BVDt#W} z#{+Onx@r791j`o{K91>*+jbs0C@Zpjpee0-s*=QTgf0UWDB$Sd`aDX_@Ppl-d+m{5 zBN6c+H9UowbiP$)vc0Onm#gwZ1x() z2?e~K?D|YJED}U`9Z9p_L@Oa4&6f%Sj4(;Y|GW!rUbrxKrgvf|-xn>*503Oxpp{9U zM8vIKRR@43O5&HRqn`&6O!vdZ$DX#*y!ZX|tS>{mT|P`RatZ!x0>FAFE8VF$qj2jZ zaG0&SSQxT1))7sFR)QPAc0Apm34WT(U^=#K6h0iwlr#O|Oo<~d`p|?lB`u+tWpomFR9s)me#{4e8iRybr( z#xS6aX+|Dqho8<4;umxCUZ(Rzet_k@S+EpPDsA3mUTE(0r5Yy*4;f_iSW_pMifo1( zh|3MY#8<+z;_3|V=NFd{5MSRogL^#?xACE3xH-?;t)i;#$p?w^9DEvU6iNpc7hy}0 zU364_6z;~Hyb3fn?;~bLI|5x1aTcXpR>PBEJ zHCHB*Z_IYlZ;f-DX9MQ<$yvL}`(%47m$8#H%S;z2FfO`b3Y%1+A(7&jD8Sa0{+LvZ zF@5(+ALY5Q`XHrTIw!4qJM(iXN9IYEPRj{&WI}InJU8iHP@gt4IcJ1&{e`tv?{HMb zTI_ex8C&Wor<_DcxcEaGx?$gE0X-(IHs)h#c(XJ&4?pombAV+6)N_YFGxw9ggLRu% zq0F?^B4Hx$MN=R>YLqh$>}1cfx7Q>0h;m3hVx)FG65#8Z^7p8LaVSB7OZk`$XymBn z)ZgI{-^$E>T7p^7k4^H((ZWsQxHp&b6S!DO_H#rfF~E_JFZ>ttp9XlN0{`|c6wE@e z6AyU77t$t->$cx@uUC_fhpKO>>ay#nQm)tCn-F4^hThiSyP%2jRJ~l0!Rks_Ya+Rl z>`SdY!hH0x?_$~XeSv@uL=nOlZ4p+5lFm%i%YCuuUSZYbEG`sW2>+xYy;^!E$o(}q z5-kIJ6~ai1cyLdDb<*W7`MGs%@||*!&i#iXn@o0C`-SY#o7;EyV^|zllb1xZ-+XCHoWiiF=OU=lg$2Ba zH>tD5#w8l5o)HuFq|X~d8SNlMysC5F()=CmR-EQ&PYZNUj4U z%>@gv#Pf5#_m-wmlPXK%Zc3o2{|4%)BMP$hc2u+)n|p#bm8f#$mU9=}L(;to zzgP_K+p1QHp zU5{MFNoN1ADRKwmcs011BbW9K?CgJAu{J|QeC~}dHh`7l2l%E#o#cB^fd-GUr zR-L=4?(2DyIXbyVvmnr*$NhmBI1m1LIGhA{{mAZh!q|6UQW$&}^6zGlS8o1M}R$WT=+Gun^ zi>QHSa`4DP&7X|KFGY^*Vj;IeU9raq2g|Ia7?Id^{>RWCl7Begi#oQ~Y{VUHV#Amr zFuO4lOk_iVdC{w|yUxO(%200-HAV&M%apIGJbruX3Zca*``WeNG05fN4D56Uh{Wl> zaGxVzx$K@O)P~(K9C5XgPMiArQyZQ_O$3^`B(ziKCiEmq}skX0o z$oXEMmUrhQ>4>gWUSruMC+H=RLKl@mMpr&Nhs;5{2G0A5MtQ+Yc;nZf#o%yaSZhXD zyvV95Fd$eg4C_Ds1B(EngdKX-xjwAMaxZ}}OOyMYXS&0qNQq|@0#o z;Zitfyz6C2LdFi8vRMzQJjc6q zWQT%E1Vd-A88Tfwax8TkIf=!50f~IS1{)OePn!p2$z?1r zlJ721I}x5|X5VDLuV-8GbKgXrK7RNteagR{Y1(F37EUb3Kn#2Kj*Dnu+;?r{DE{`b zWfiIg^7f*I30@tduhvz+V4x2du`QbI$9YMz8u$JO==bZ(IhLb3B^a%NCIUcukDIb1 zelvp}Qd^FaVA!>1M!zmJrN6NxS>D@EsD%mJ@bCV`lgFopKe(*5{?23=NisiLDvkVw zGIu$+AZD^&)t&JmrxHX}+;iY2_(@}d$SRZ{)jUys$; z$=9=;NrO+T$3ejHIN9+e~Z=Q|M?Igg+KS}9EDf5gjDWsk}k|&lZyc*oU|JlQ=W)K50ll6jOw#Y$Si7C=&wp=B${mHeGyXq4fS}MX~Y=p zJB#ga!=7)6DHg*+lWIgMYZ9Oo2F_ae7U6_D29Yu(j7N|n%Wj~|zUu0P#&kI;+y8Tk z>82^{mluUg@=E!6CpCZ~{`WWB0|^Hi^hK-ry@RhA<_;g^%1TYH^t4e9JYnUg+eobE2J;qTsLo1npEe8RO&e-qua3ekfiYyTdtsVSM1K1P~u zCe!1M;=@&O5e0cF6&j0b#ws`Tj{edbPVCWe;|xEs4%e3j#3(?{6wDjB%!)~p%Jc#g z2Ib$KL=Sh8E4U>ID;W;&b4a)|CPIT^rk&giZBgs))04yKvMzL>i?wTJ5XOQO_|5}}VV za0x0t{3(!28}D^}x^M~pY*_XbxKQS=2*PI;a-Xt`LF&+jTu*_K!$w4Wy>B)_y9{)c z*Gi^1%?tuaZ0iSSq)KN&ZD_k$gAWd5*#Z=eidE7j;zUu1|MLOFD1odHL?1k?yZIDp zm=^04X&28*aq^BJlzxoOU>DW|nG=QC8Fg()Qk z^(uf9d9=lh5Y_;S;BOY<|Cc}r`Yu|K^#&o5u7 z!ZUX3LW>LKwczN`cTX$cMSY5-Kp=zuxlcfNX(6A6KWi5MD2e$&vX%mzIv)jY_yyb4 z=iEPhw2;Q@9?RRA@*|i>x9*Wxt$7}JZHk#cJyxE$DL@Vdxs}Y(g&&+-+o=dkv@`X? zO4$KxvubkcFhc8wkcqZFDh6aNeGx>UQLsMa#B_q*EQ5qki3auCG*NnndmdUKr+G#O zRAfCanuK3LX>GJL;`mVE|E|d*GY5yf@xpHADJ17J6pT5-0cPGnoRvD0nsk>BKjl4p z0cgt1%C?W=U4gC7`<#2!p&wlY{iH>xru#Dr*cXvrL z?q88*4+v0zz+EW`iiF8OdK;G$HR=8$ZsHdEQ_UO#(Pup$QGkHxgGd!uA9!lgJf#br z^(%v@BRLZ>M4Ha)HS#AcB2OhI!l@u-6oHMq3hmn#h6+ybDe0;Jg3td1Son_Ev=J zKE|7u2|2i|%>v-PeFOS1Nwx%@lWz0@Jp#nn7v}k~=2Q}4;_nBL<1?#X&|kpS>FfmOx_$E@ANRC>Z2K4M0a>06Gd&5toOLD+mKV zzKqA(S1>(JQRBBA4c|6c9n3oeGlVicP(RZAM8j3)NUe$5T^P4uF4@mW>^fEeZZmnK zgq=Q}+4U7h;Ic4)1ZF1zqR)i2^yRQneiN?Q=z|C?^vaNYEM}G)vdUTJo>UgQs9bOa z_;~G~irLoG`5x38#IT12D}ytPhGvGG_5Ft|tMH@xKY0wD{Gfh8`>3vG!pk~C;6Kn& zLD@j3JN&jGs(79n2b|dL3Y~M?b1lZEG@Eok?0!}`Nng$mDI-KFQvl;+;;c%y|IyBx z5%g0LXlkTA^LFq^WD{8Y6xp>~M^pPf>XUr6U~@u&YxOxhE}WV9Of!h99k}$K9@Mc< zgP35FylCD_?5Wj%yQPBvvF?a4lh0;He*C2EjN^67$>^b;u2 z$2o#m74xbCfgCksM+iS6D#4$2lwqVQCr_z~Kh3VMBx)6KBH>%HReu{{}pQ$RX+huOUV6i-d|^ zHka4zQ;`2x`BdvGoDPnyl4n|GAp(Kz3MD(ixawE`lL9$fYb|fQ(gj8IWaTxg8p4r5 zH%6iqo*F69`I35>snPpXH$s6FT8aO>FlhK~MPu2QFQ&3?v3|={96;Hgh{q`sv8C`; z0~LaDr|GOpuCPK~jWP7#xm}dc_GA6`*#Tzbs<~S0wI#x!HFuvMoJzm;SCZ*`&vJ~~u z{*Fvrv1)m#q$+MdRs^;iHX{_$41?IV6X08`%6}+52>kGndZlfF9`jz_cjDyR-fBnb z8MT}4zWykCb)!t8ai3|-&ijf;fOTiSJw0qh4W)otiQ?nzGb+IvqGQVl+dVu%_2E*v z3Dm`YNZ+k}%<;7OjS+S;(6|u<&@*!-e62${n(U&z#>WVWB>HQw8ON`Zx``gQonBT}{K#LCwZC|0IO}0#g}S?*(H*OZVQ^um%P(4e=|q zj5Y~7!1HDtP?+@+^Y!~g=t(rO|7x!E_Dt$FvP5xJq}p?MUOSnSS*m&o82l<69SbIR zGvoG$vTAN!R~z%JkinZ^ln}75U9WzdC#fluzZO1v$>-ih6}nT$7A9NT;icaIdte+KG?AG*$|O~hgk2W1UKfRJ1@3EO*`&hAoW zY5xg(v*S~f%R&rr`H!_g)Sjbm)x~lq2H%A}t~h*M)ezBZZY~yn!1j;X z)y;Hh!x$S}x3Rs?&aVp9vNX9>o!R6S9FU5VFIo?cS9>FqOVNG+Jbzqh11-h=6^)01 zR+-t6KA@Qr-#-W7Cr2&t zUqA98Eds@pY7Uf_%C?^l&!i1z^V+4D#0dI7!3ubcIFlXj^RTFu3@-89Dr^iQYn zl?U}QM6|gTc8JWH0wMlp31+;sXGID=h{J@!2D`5eZPd-rD61t5{%=m8K}ZHOHW;WE zRKVhhJ^sU!PITq*5RptMEG&#CfNovjVrt?=(iCYp$+kuq?4niJm&)8w+^yOz=jpHC zKE940WT?SMY4p6jhU#kWqL59HQZAeqW2w@~G6kYu!J6Hyw;8?6epBa5GTN~HHv6XO z;ILpF0x{Z=9ipHy-5U>5ldrbV4~dn}BfPUaNU*s>`?oiIqxM@8HPTR*_EatW6eP0qlcC zzKALr28ID>JTnMp)~R`~^q8^!#uEO0YIn4j?Y z@0{53t<)++b-)0}pAUydHIlhHNHVcT~J{??3-nm&&R4YnZ6t z=Qc~c#mMLbMG~P@gdoL@7^FJz|%2T}TMUHrI=w#$^?nD2aDWmg#^^S|aDFKHH zP@b4u2J214l=59iu_*-2b5`idERAeQvjNdzhn@a~VWdi6IR7)#rNvm_z>qm&4vLCJ zmdhmZT*D`-ArgSDW^>~n5ul^Nq`N~R?%32VSPI{Qzh)t!<+f8T%%t%w#5DRfsyD3l z=|x9F^NhnR+dOWIEYoB=0xJ4mvt7j+0wZs61KKwNZ4%59WFqz12DG%tpGCahUPO5m z(KpFS~Sv4JBLw)lKAjb&BX$88e79uziPr z98M&^;{b`|^}r)A$5Am)KDFIo+NrzZN#0l`&G`^la=5AqU+<)CuDufd`?%>b6Mi-T z5OX)#%`V`B9P;F7!JX{o`nv>M)nBa#2UiYn@VV*7zuSyy4RCV8Kkp7DOk0oJ6L8bF z_;VnO78jo0(IiFwp-RwYaFC&?6h(c$rBl*xiYB)BwtA$o)r|Mb`*VYJ8zQw*iE@8m zQFr^JC*fKe_K)0o%NKR%*M0!HvR@K{G5She9CYVxd7ZHBq7pHZ^WzG zWO9B?r>jMdqqaj)R&XN9iLV>^o@X9l2aSCfc=nqZH`!OI=OGIdO*P~Kn?jE+g5Dtf z&cVo^z}>PFhC6u};r4N_$XJ-b&N>_8x*jKpVim?MhxOKG0Q)C%P+16C5->o9eU&U9S zEFLaRyNRJ>l_%I{z)EC(P}fV@_4nl28fz)tQ5Rvc+AWtxn%z8TY&F zgEGknWm0o*gPi`JjQj0cv;Gu9y~8pSZz8C4INcS}YfzR|-RG+&w*I~Xv3t3kFMxy% z9)N{0T_#@BURndq5!WO)yXTs*V zqz>K3{kzxEIjUe8Z=W(&xdvc7yW~FD^A5~e45>gPN2+w(oh$q0s0V!@8&wT zi#h^DE6U7pElJe5Z^ihc0Y>Bc8S0vo(2(EH+|v*m8%Uo=l@(!&66pTNR|~N+37~?O zR$o5Se-?am*3i&gyzir3i8cs!;bO;0*V;qD17q5U)# z!qE9Le?X?^(DI>6lbj7aYWVnkZZzc^A_o?zQzj)%+%h)OsGfsWWqV^>@{sDkrRD8m z%=Gf@;~<1O=tPsr&i1y_va2$~6C@Sei>@!Uz;X^Gd{Rj8np9k;P_0CQ-}-08G-tls zf=&kl9Nc1$7bWL=z1u#f+YR*=Cnpl#W>RhF)u+F_x!^$5-^U1v45j*xWbpgV7Pz&J zgn)saj`K^&zdGQ!Eb?Cln3C5n?<@@cjKWm&E&aJ_oUE;-;8$*>io}|d1zFx`)ptt^`T4gG<);`Jz9lau(dd~AZZCa`<6PVy!!nF;; z7Cjl_#MYu!VVI{walZwDcs%XlH~wx)o5rC)Fp+w2H$^E{ot(}i9200WAle(0p=wKG zgXf-)zbSlSWO*;*oB5Y_uu6ki%?yx8#%oK`R7(3PZCvSrGYag+Ffr|EQ~9IiDhPi9 z{=28P6ybrZM`8|KImRQLhuElR@#9-(Md+1AUZp>`%1*-i?ZI5FcyEt}*A;eu4i=Yc z@Z7{E_;!Ah9)<~M72q+#DI;neGQO4&f9o{_@ehdYq<+mBvyAkt8lx8a(pzhV;eBnc zHkZrCq16l-BwzSwyR+tg&|Z(ymMx1Yn&R-k**?seCDH+jxvv$J1}5ZG{Wv-S6dryA zE0o$nz}c;jM(N`Ka6{dVYkP@?VspgPu1lNI4#=9{<(q9%{ODnP%n0eR;L&Yw@fGJ& zBGK@0`hP62I%d&jX>x87>2)}DePwqj)tWhn!3ft(S;wZv^skS=7=K?jPCHHS-RY}PF4ca zovR8ug^%fra1dgMh%d5-92KzaEb0r{5}V>_BF#M^XMy42tB@^I^csX7 zpd0Zz3nd29tvd>l%z|Hc1aDz$<`HHcc}=RN-B$1db@eh6Gepb5E$1|+he#3G9bAzE zAa?LWOo|urS1lpR=LeC@U;Y3Vg43w)a$!t@{zCUr8A%MW4d|og*U^EnkeA2C?yA%& z!S}(j;FI9(zH}JxK4=JS?Trmg-`l!yX8rh*lfc7vSv5770prwK)aa&jZ)r;A}{(fzv_0|G<4Z3~SpN-o2el2rZxA3Ei_U}Zvo-}X+ySIxd1o`>6)=Jv!PQjB%emg$?vbsW1 z(iuEd+rJaNoTLGAYGrc^MCFu!wQPMrk;2vWPPWpXiX>&I4F}5p=3_N+= z)h^pEr1?OC%o2F`_OuZH3m`0MPg7ml$x7ZR2(WwVffNZ(_OiT(u4fh|;VWOenVTw9 zhfGC2#^*1xzkWx6AyT@4uwfyg-R{~G!b;Bz1FIv1S3&NX2X=}jE}y7LMNWzB-|bq| z7zG=5*SpL=>C3r}2+GR+fYLHCFQahOB2($`d1%*TwSHd*?`Cz(GQMz?5C%x6p`pX~ z;fJryGI3zF9CC*eSAm+*bfLp*1FUWl7$Yk1h6{N3=zAe zn3T%RK$fRltEYIHxl&`9P_!d7r%wuHLXk$6tk>JbEaRe!LgmEILT5=vB^uwqZ4-Kw zWqkWiR`C6@3;{Zny{sHC-z1v#pme20`#0pj?;xP8(S7mtA-*nh^3o|~nHWGw=pf0e z^inj?YX;*xh==vYvQinX;S$oaF z;3QO}Eu-YF;c<7wFp204astu5QCTR$2soZ(>wL7K(47C=_>J%;zZirMe;N*pzYkZ}ip+k8oD4yD`p5Ci&1VzXV`LK$NB;Lf@T-iWZLbtlQ>&QP zluW5in$e^CW@iBgPuj6`|Cd;@k#1G^TB6YKVWd~$V1_?cT=fF6nwjjRn#^EjpflLO zy4)r8wYr<#yB~mlh`NbJA1Y6J$-%rNlagE`oI3LjcT9G6s)Ien7qC5&DfkLrfU*~y(4S3c)^Qq9Y3Y|H7 zz1gt3A6@pvFzITYAv(Og7swfYe9~?2yc^b=n`gJFT()hfZwg()OjCpd`(1m$0B{w- zHl3&d6|ec%(TAvh`CQecrB4Rtzrl5<=_>p9^Y!)}@#Paz4?L&lMpS4aB+EcvvJwP4 zXZ0l`Uua)7-9B88yeK8RzDA5*E zNEZI_(4nXA*AZ2{_4W_|bb-fC9vy`Bphu>Eq$MkH0XqJHZ!p7=W|S^M-2SST!vqDK z=uX`9WoHBZWwP_K3thr^GrAI~Svc9#FpLyoD# z{vkq{?P^(UwcA}iauw@rxfkGs_cC+fFI3$67)b9b!jhu|;xSe{u1rz}7Fj;eOPN6b ze9-%69E)y+<@3xylOO7WeNgoO)P5DjF|1?_^bI{Zf2jUZwQ`EYA9E)dJLUPk zk{)UCZdi|xhoAjRd^ORTD1m(R>C64lBwvV+6UTX@EkwT7H?ksn>h)sA-_Q(N9w9b8 zm5P266?9Gx5ATCVMh5}LD3l-@n=>GGDP3~XjfCe)A<=~t9U0_8aj?)d11e@{6men^ zqA=vJ6f=i=yMR8IRbTQ>MOJx%|22H!17rfMt>8puAgW=d=q@~hqCgpadDxR6G4mBm zRqp}ZZL6L*?FSP)-G=i$!D5S|xyuWt_lSt!pEccbB8l%6o!ndi1SM%FQSSSvcL&t8 zdcTO0R+uiU7iBcbEVpeK5d#55fN)c^=!9||dq7rVgW<{-pjJ&16ZIkFx914Ug~=Uo zo|?Z#_2A(tJ?D0xQd_tRL)~(_OHPvVH`u_iKqtGP!kYxzuu%{187QFop$96N{rT<7{B6lQc z-tPprE%rY7JeVW11?`;uZRbr+INwYVKAR*5vxc;Vbg6vfsK`tAtg?K9C1P5XSMY&K zsrETi!aDmsG$w?DwtZGL-Xe(aj;Sj+QMh)GnhRhmy)pdKpYk&&T)M#IO(K`){#x&HRr#!t&K3u3-k&30wTnt21Xt5j3<{m4hyV300+b< zK6dz6vwiPcPGy-Ak{c94Ev1pyv#u_Hk_64mU$wmnaRGnSqSkc(-^1`dZ-I$z!SBeANp%k#yXbX8$5=#hd`g$b&(l(jugMM4}AJY3u`%C3Z zbr-gZVIg%5m{fV$>K#NSQVkK=mtk`?DAgPGBn%657UOZYEhSthc)vbgFH>v^sD{qs z_L~TX-}dUR4k}nH@7@k6p2J(CgL=r(vG@mU{rXC5FC^{SPM=XX~MAx zDEoU|xO5XZ{CdTSriwH=Wk?Rr*3FF}>HMIDe`S87S`Pc?@InLBWgH#<;~9{{5n90u zN8>KMFZ(mMOdN*#NA|-E&jf`Zizv*>o`}^VOgKIbdf$(>{{406l@353o;5_P7^b$?YDid)@5T3Q!#M`Qw&ydN==~`EFrtF+r4MP#l_}C>z^@KYbtaqMqb;cO? z*JjKjTYO)h0MyWtA|Nf(sV#%6W`x37$r4upINcRyib~Z?F+$(|{$D>wm1!dT$*_Mp zOZ%|CGAbmM zU-Uc%`iPB;Tp=xqpLLxQJv9w^1OH)$oa$at8#PUsz~ahS;5|V~BUW3L40E=q*Hgkh zS!2ZyvRJI<*zNSB>{9Yig^u?BObbg9*?TjM1Z0|2AmY?&GN7L~p8J(}ASU*;6u%xK z2#L@UnUjR^PucR>Zu4Sy+SiUFl`*Aba9c>iKhvnVBH-Yn*4JuL zutV?zn6BoNX$+_-##hA$i+?cAsY^snf(hlQXsCQ5-aPlYzL_r6IvX{KgCLsQi=eJ0 zNv55(;nVOrU~@(dlbX-M4YbrhB7IJBI;=!G&#r%&frutebx>3k>ilc{QO>~ZeL@u% z@K81tTfllD(ch2iV|cIS>Sw%y5dlN{w|Kf@7nG12e5K&lLy}j=WT)pw3m=wj9;Hk| zQ>=peN*HUbDwML_ln6{9|1OJ5aPSd!WTU8I$_bDM6`!JU-UzqnS2SzSn-cf^T3x9+ z+40EwPF_&RW2jXcVVJcu>^5g+e z#+w&++zgi$5}K)D43Q2@Q((e)#z{Lf7lFOnFPMf0?;d zga8%t%PFG}odp~bjJTKr^!jx)>x(F9rk0hBeLtaythw=dk==S7O?8UWBgn;`qyMs; za+RZp1u59~x?Gg$?GF2t9QcK>q1gqtE>BmCXSk?ySIl6CwhlRyl?NRnLAPJVs&HQf zo#JD~h7A@ngpSy>g2Dto06ve%!#Z*Jb6XDVYQQh9qAf>Y?yaUNlJA-DQ%lIfms^Or zafMLj!#Q>S?2mC94D_1QXxEo(r(03{ROv`EeklmdwQiCnSMl5&l1UpyCT2q1%~%gU zX+dPag!H8>L^e_u`)<_@TLiH+Vo`~>E!-Ar#CiCryWd`}A1gn4r1=YMZQp;WT^LaS#fO z@Hpky2>b)`&eIY=d{`DM&kP(o=YRfTq);dZ`DY>mXQlM!k11jv(?!_={yYn}siHJ* zhKyLGsOUZ*`ltgTc2w72W)jVzUW^u4`pL0TtCHP3-rMasHlmvHt2>9_y1o z*wWn-?WIfHe3*wLzTe);+afsd`gTc&&`hJPqkXW$UbumFk>Y#VR_W}qE2VVXW04|z z!k1&|l+E1zaARxmS|AF0C>UygqYP0P>XtmLMp;FG>(rV2s{F{i>vLN*rUjG^Npea7 zRkI4t)1RM;7PjRDeIo)giiiGcp!5B-3Q2pt23Deap`K*~%LRMgvmvG5WtJMJ8j{g( zh8cl*PdxlM3}6eP6Mf6nh(Hdldz9{~Mf&n#o>J)5np)NB`LXk@u&eH#7KNGmBamf4 zqi}5t@IA*3O&4jQL09Mk9{(TTJ^-?5um4-q^PZnbMfUk~qRk3A<(nQkoa!gtR>~h8 zezfBsDOzOB63nsLwUzc*4T+Ge*#Ju;3%;53%x@AT#Xgf)%i@1N2-v|LxH3Q_4sWeD z2QdbcYd?2NCC5pSjhbK&n}cku zC&oC}riHF9HMy*`%Ai+RrCR}HylR@PvH>oQr4Bg8Yy(#nY+Ar87rqNs==r92LFP3_ zfB<(~y^fY37vGrk!3zH2o#T+~OrfZiM_Cl3Ct=_x`43UwjO#bPp!?a7$BZVl4RHorpWp;QZ!7|$fXeuu+EO?Z_%?o=4PGN-gIs!|c3n&>8YhIWpH*LULIGtLGM$(dfapk)R;69#~ z^zWu=%W0(Y28oE^Ntruf>6}1Y)h9kZZ_!Q%D(%9jVnsoNd#JYQqn@bG^2!&5Osc^$q0!7s=Sa= zI^Y(HRjR~8DK!W!{hyrxiQ7yuYfUWTug;ZGu6m1>+)Zdlx!}Xke*K(@qIq z;`uZC33ELum5V5Y*0L4&680#^n*F5@R)0RJyuew@B*Fm)pKzbH*lfz!>w!Ivn-JgI z+Y2|`>`m8D?qZ$C#y@#(_8UX24rsHRJ4>SgOtz@4%vg;bNW=pHGy=%Kd6xztGIZK0 zERZKEZJy4CRYPU#5`#$CfO58H@(!%G1j!kkB2)(xd2BkSXJ9eV7T7329tXZVcgXGs zUeeL%O)?l}=Lha@^c<4mX&|+6$$KpnA!aM^6uQ)hAQU1}H7cH98g<$hbxd(!!_XTX zQX7(AQ1V7uLx45bgqc=o$ucWv?Hg7oq{ih4YE*IVgj1i2A4h-ZC3l$nzR}pQg$6Sw zQX`7ufuSR)CPy%1NU=RVHYMG|eH&KGa^stcAFL~!!*4`)22rUGyQsn;qzkaC-wQe_ zE$@vH<~6MuN2D3a>=W+g&zQ-9pNq)CrH8LrSnQbrBCK{Z=xmjCZ|si}X;D(@j54D< zf6#1hj_6a0Ux8h%J{rfMbD+lEl3W0j(m4Ww1c8&pKCr9j^Lzj|ff!1ghCoZ=!ntD; z+|_7CGZoPtmDaOuM#_N>JVtZ?D-d@skEg{8|Gg=wYK1uT4h&eS!eK148QoS-nm%xV z(e8bfH-K8u`JEzDx!@R@-A`?g#!m#qQbhHz=pNLdAk;6lV1+AIQ}`z$M^nVAHL-Hl zKnY_Nyz?iyCsOcpTfBT848C#0ieOfsoO)3#-iBMgw&K=TE)i%uX%$!UJ987nqHrz{ zEWJ`mu~{zOJ!`1KnQ16Y18P|eq8@$Fmy^Cp^k|1P%j(B6U9wP}{(($A6*DawDfa@w zHm_Y02HTsozD^ma)x0YH%SM$W2BU2faP%A> z%Pt-1#8ZTQ^BCyQT+FN;Q4VQA7Zo3a_j(i^kzedfuK#?|24)O4YchR&c1 zRkuv*`A+3DEnW@$U`4lEEIdA94XBolpyaRVrFhL zNjkIQ={ALYK9zIexBy+$7@q&j?p)nuU!}A=BVOIKYnS;3FIUQ6ep=iTs{jvh(ko zXq{RwHpsjYt&s(>#IufL%^rodD978Dl%G0|Sqw^U4awKZS$Oi&Ct2Qs`+;T6 z{*sO}<}}PaPp#u{n{~RII-hN+uEh-C0MfTpX0;Zat6vgQf>DBWoPG(SA0IDK6TvVC z1quu#oyRw9pQYs?eleEXsqWZ+2-eKDt5SAFo19viyYrs^g%*{#R0o_=ja{46dA*H2 zcItIR#I)6tQ-Sp(&8mc1g%(1~78@bMyv%iIjE`H8!m&T<3ny7dpx4u=+b{T=3lRDf z3fdN}3?=Lrg!6hvf42k8=T_>d3e`}UP&0#inGErO5@RiE*>DJaI3>h2>9&nowT|CQ zgKM2pkHrU>ms+-7xlUY z-Y0gO#<&lBQ?}8^ro?G;%Vm@azB}EWXo8k!zJ*C%E!fi;oPe_x^@yc9=9fLMsvlZD zJ7BJ15g3Gtr;4p?dm0EqwvK=*Lz ztuQ~Mh-D|&sOQRy;I==DY_C?ves)=1YmXge{W{iuz_$t%T*TkOcmt;_0aUG|YfaTy z(oI-SZnOhBKu}+*>RbKq?M1YHDWD^ZsY9N^z8H&J_=>VPNOZ4mSr+kSfnz#6P4!*l zQ*E&p&2~ahzu_e@8x&!&&a%mDT^2xiKXTzkZa8q;L_q?-GPvHL1smL1=thihI+%p! zQ(@ee&M%0vJoy#_M{~>D-+!bFz(34lY`fe8(jV=XzZ3~Of$thP-|8Emu|kE4@`5B) zaYAguF?&B$k0*1qloE*tm-O)m_GaOjdrn&(zluK<^lvrm#5Q=zGo&I;q(SWG6cpHM zAujU5EUsr-+^MN*H;4HTR$~(_Dk{BE=2StjT49bDOpF)(O%lgyg7-B%9mY8^?@^5~X%)usJ&7#DOgp-(5P`L>?ljVNim9sm-4H?59P8 zncRl6hq@Cu+seARB9|k@0f3KqXRJksX)0LZ_=TEp3kd4sCELw?O%^f1x~MHf1im08 zrqg4f{;tHFEO6ni^uUAPl$aFSMOj%<+?*G50%2qA_oik|_l*6|Vj`@g5Iadm&-hSU z&WIb&UWjw=z$-U7etSU?_d{V%M||A}9#}S(mO@|*So+u!KGTwWGQ&~v&Yf+XVJ1ac z{mgNq3Vi_xjO6yxGCgf|zfesftME#=*$~U~iZE>7>NV2?x582nToq)=TB&o5C3`US z4|?g50%&oB1fl7osOA?!;7RJ~rPMZCD)k^AKC+X0Ck-?&2c> zU?r_^Ke=D=pU|D(MhKJl+1vY_BsFWaFJfKCUB^#K&N3M=4Q$e&3u{c5LN5^MLM~C= zVG=161i2EZCSMAH!!wTuHW@IYGPEmiQnhu5m13q78V!`7?N$e=69)5M&z9aSQ_nf` ziPo(X^VDxcs zOkp1!{czLBLX?g18uB39KO~5c;zgJT0hZN)=I7Iev;fibf&*k>W-N+<`EDH*hmQ@b zv|Y^Z$@>K}HpIr5 zey`F*!VM<)jocxwrkQT~mYj_JiDQOB5`F9ND2cwL`CaUh6&7TxMin};t+T$b?zoBB0zUq($a||% z(0wsAVXsJVluk_eV_BPBIt`h&QJWh^8ZaL*n;7xF?!WlW7~+nBEZhZIScRDuu)ftq z-W{dFjg@Up;8R5t_PM09{9|q_En@qn*Q9J^HMeGdhy~Fzz8QscR-WF>7``#;TOMUO z%zhs}{W?Qc21mmA$(enSVXtQu-;7ydx|ZcHnCJQkDnA87q|HVV04R4yi(>z2zRpb@ z*#u{5)Slv>v$*zmrc&f#cS7$0&AHC@A~5z*UHe?g{EAh+=WDpg1-8^ACS6Rfqou;tryN}x;Dwk z--+_s8&_gqJFo!cp_hg#PB(G`0#p311ts62er)gc*Upn}p+>e&Y9!AVkDJT2`MPSFyKzP=yU+?zcyBI15$2E71bnQp0c+DT47C!%n2*#JYmWF)AB06cAE$?C zS0>Y6CW3bgep!d9U2?Skm!^$UJb)x%M(#G?`CmSy6#aA?6V>Md z}^ztE~~1E7x{P2D?v=I7n;1?2udhhecJQZ_|Kz(VdDaf_0?lI|AlB4SO`Bl-%iH*Npg&`S&fS z|8VV+*kxADo>vudswZ@A2m#=TEg=quJ($X4 z<5j`1y2%nk{h~;2{cX6t*)|@3%G;4Y!l<@4#RMW+CPZoWVB+ozC&IYUrjd=byJV1@ zxb_bvrxMUOx<>1;jt(v*8<_!xhXLR+<-3kTN!od;8J5{6dq4u_l94C;AD0HV{*}$& zTZxc&YE}K_EbMx=fxU4vxa1&s)cox9pxF|EX3M1~_Rz&0Vki8@0L6D=vaT2s8ZwuW zxR%0<28xuj;ldi{veNu<-Kj7)vXa{sp5s1#qEfIa_ca&!EL@gerv_jH8LsiSO9H`3l zPdP~O_o!hMKrT(n=(7Ewd-Z%ggG*2)EZP=);E`?HXMp{D*Xn4_K9dU?ODXb+tt@;x zp`E%W1Z(vMILr?MLG=e}fRAgY`kZ*jx2KYrHcU07OYpvIko)X0tzGsiKhyJCyDePX zS0KE#q48Dx2v&}a{ta)a@{ksw*HmiZej7NF8R9)FycBgfL#nV<9v=_yS-SIdC%>2( z0L&!-CG!v4hp6+cMbTZljw=0pXh0}&dCeX`cBvV!qgn2_DQSP>8FO&@%|E%54a3dq zDL**E_R-j{u*2N>DPW`mMnI2XiVnPsK=X_L7J?=Q`%TklthXd?X`lr6Dd)UvSfR{& z8GHZzezPy%Zh#Aurkj!tyX$|>MiH|3*;UJIjOF9V3r>)CQihg<=2`P zk{<0tq>-Cn0nXo>Ryg7c!a8A_EL~cc>GDN32-&82lO#&}W|&2-P2?&USMcFJ2!^Sk z|0EGtG1bj<AM2 z^11x4^l(^a5V0l)N3I40uauiSdXFWWQaqur{_+tPaQGBrBS)~Oxf4H-+zvTy9$7PU z2GQ*x5)G4b%E(TU(in&pOm`KO&Sg=1HTV$E2qpE0sJ>giAczYeFeCSAw>=bmjP<|* zk<0shuebMM*=rc>{IR+us{{0$ry3XL%nSW9%hIqvdUEpO<7CmEMh?QWUZh)=*{`yR zMXBJ@MmQ%h@0VK_T68XjuJMaX@oSA*(b973Zx9o%q+E<8lDcQdw%0MG;X~VaXS~V1 z)CUE(B%SRPTnYGzfZtT&TCxp1$rLwn;A-DpN@h?5TS!%GX7i1kn+NgNx7bN}=M7YH z_E`qC*+tNxDOt;N>Y8P(7j(3lb<<2amC6gEUR%4eWfz=lbdiNFas693{fs{Vx2&zB zDdR$UBKm~}SYd9B*iou>3m-^fp$;L4|J%CAj2z=$J0Mhdg4MFGg`p=Cmr;3LhPiz; zD%^?B!Z4?HXPfP?R?AtTy9wHU@9^UOmA-;eQItPA=_#Meqe~J{D1JaKZkm{^DI9kc zKPcStlz+~C0KnR$LD7Sd&0oHq50Bq)rg#MbKvzid!$9Uh=SRuGbat{nPV$(>en*IX5mz@7Jm)aL{ zj?6jU?drQKgaG$92`DP$5G4{046u`|gY~fegp%%*F7f(PfCSJ>Fo~E%_vSM5mJpr8|+yyIm(l%O!YqiF9<2je;MI4C0D!G9%?+vN>hZ^8}ystpjVMs z5M2n+&nCy!hT386-m1i#L=eU1e;@?beE_tZWHrKPfS;uAff=RQ+m>`!`646(*5U^> zR*HY;r2sak@cwm_&wwKi!66N%BJd(s=mH~@BI}L8&d*wyt}UIy0N()T1Y}Kpswtt* z6nn+_PP!uBEO0Sc{1kj!R4dU9oS&x|KySwdAf9J~0}md>aUx0=V4Qy~m&_&=XkgXw zq_#Z&bv{@9U6@lvx*@D^-L+OM{Yy!~LPkyzXX&F{?5Ti;h zg`P_X+IU2-k{OM~BS6@9h)hX~?`b!tm)bhMcL;|9GTFV<)uy3{=&}~7f-!$tv!qi0 zc5j*0C4AQ;^UFcri@< z!1`Xt?9W$M1A59p68f1PhNkSKX>SzzVhd%*bJA((*Vg1HzzF35aod>jf^acrrKY$~ z>C=I-5KY6nhn5SlXqxr&UU{=HdZwKaD7aNGGoyOHZ?1S`tPq;|68cpz#5yTrvWFbo zOLwb)0??yY(5rJ(8$8z#7R-ZR9o^Dux=FVO`)ZYzfo>d=*$u7gc`&&U!5~Y3-9D%? zx1wZepkE#GRL?O8T)wcjYeCH)Rmf85haMz>q)ESjz6Rp&gRPUdV^}B5`hADXV{DUE z%B#IV&~!zR#*$)@x%HEA4P`}>HCGiJ$2L_q=+9dJOd4J-g)q>{mnPr5rVcDYeZ!-? z-x4&2S`RmVqR*Uxn^JWcMqhOY7?PuhCAz^nfB-`U^8c!KQ2jBCW)%xXB~9$upduKB zp%lqtQl*0$vLq{#tYYnidH*h~RYJ5q!~5L zpzimi>TK+vnl_Py7XQeeT^W@&{@4x&9!Cw!=?x%Z6_m+C1zoHs{C1@goS7`A2k>df zh&*934kUX{4es8p_P*@N9ddqz`%27OOsT2g2j}m zUP}F+6#vi$?E&U1$Zl(p-9KT1QTDFn`H~G@#|I!k^8SjpCeGhihrEz&W^IyYzvVWcudH6-SiWMsd@{}M+Fv@|G zjRm05@%J=Y5Q_%Tl3c{W<`;>T%DN!aJ?<~~YW8e^PPGHuCBN#C0=`+FXPIu}FAMjQ zb9XwOnBoliy|3&+JR8F2q<>)O{8(2PsI#z1{NFwIA*yuLFknkRG$M)RbFUq2* zIYJSFgBR5-5k`A9jy{PPB9O_y$${yG4q9n_&<&jg)1!_@9NZLZq&nt}^ALQIYB6%y z!8vwC4?^CDh_`?C&_7duG*8>04j|0)em5<~kdbC;&-OtN{dGz)xjN<}z#!{LRkT^r zhPlicBC3aTV`%qE#rD8?+WwQOR4Zh|)&k<-Sf5;~RWb96-Be8f&6I%z^1|GdOYg#@ zRIW}%QsBfV;aJQAJ0bptf=3cdiRqGU!4J;#Gc5jpJ;M3i>URH%OB9%>%UfHiYJNKR zGmKGDI8^ROzwm4yABv5U1@v{ovTiw2GJ2AQ8>P+F zQx7|qiVW2NJE4lnRAeV2O?&!FlwXmkq$7pLofQf&1`@u^WY18>MAMCffoaMhnX#|m}LzM??`+7^e;TF5ul@=m!RW!zFJ&8_FIPcOH4(6Q-Z_~)GQrX3Z`jd zY|MdwAC`qeQwbv$=DrBFZ>DeQYI@xRdW(!M+NC{-_yd^xFE>+nNCEPn(|;RNC0?v9 zoq-$sHe?h%a)?3-*Jr#dEDC0GTVi>_J(aO==VIQG3(ETj>Mr)jXz5_|MMjdu_DNPl zUe9)AVRIHweFVzD9X4<UJoh`y)Ls@cu_buif#U|RiK*V<%-aR%TL;Ue(~x*mjFz& z!r_Ly9Lqi`Op7F+9OF^KJS_oq^%RS=3+g;Te(qPBbq?e&iR&4KibcJ#e~){*+}NrzFHs=9-;QN zyF*QPPqeY4(IE-asLEdFHCaeF`p;_;w4PcZ()2lB1^%a_B3`LO-NmO5y{LO2< z@a$(B-Oec{!_d9w$!M4yUOkF~GMQuzN58P;!Bv%o{?pe~dD(eWo+zS)7Rsce*j0dz z^~w#fkj1G+*2l)M^3l-R!=tJalVQNtOlg!-&(5-W0%1XBCG344Z~@;I;URaOVTr7Ym4JCFIycllIo*X``)KGppo z`G$Hj+|pj`I^pDw-rNSDf5wD;+vDr*hxhwcn>}UEk#h;GNdoMUmiP@rEUu>2JRoEL zut}J+)9?$)Aq7-r<5mLz^sB+&6pr{4It=QrY3{{$QR~xvC=n!%@nU>HcR7(CHL?t z*v$390wgy(GN3;PQ&Ig*FvYl1W4(6li$( zL<)vk!$a9*p;#XC0^hg!FiF!+pqe(XLd;SA{s38|G@$l42Govtgz9`Ot$zw3i%!-4 z3N#y>`Bi-nR<}TmMYmkRub2(BR-!4W+}-9mHSaqJKHw%t!Z8QZ}1nkzK<8!><3Hq>;hW&MI=B|mEKLh z$IGV*S6tIpb!KRg*e0Hi49b4!$^F){%`zwjHZW~GqRlRwv_^*haX!KaRM|3EQjl+z z9kqWG5B~tEkUr@I^=67*=F<6Qm4-#<)lueeN)Krrk_gC{!DHw9;oB?m-x0y~Av7mN zz1*>0FY)y$%m8D?WkD*bE^gVz`;~Fr*)-q9+t!HLDtEk&ow37b|AD^CT3c?LZ&m%7 zG?=q%IpSJglu-BgHA}G0twaRW=`^omoy3K{Qjpqa)yg}j=XtGO=(92I<@k9DJ_~Wq z$po=WYb8+ME92LwJ=jq3EPs(xig^-kYjcU#lvLJ~6$9pRy7p`{*tM(M%e1;^B=^7a zH#jBEFVpwymkz1$Pgc+kOQC2{w0My&>U_DEY=dw#d6Jeps=E{3$~wNaVY%TXkwh~B z=%}`ay7$bq?p$&1k{wuIRAen=i_YGQ_C?KRyba{wXOaw%?{bIfk{b=^aZ2nNuNOIX zbWtCG0BB(~xg+(_e>F^e<6|kiP9(&N`uJYMyQ2FzhS6O-p*pb}vukntefCns7Mdus zzqVuS!V#8C9U~b8zt+v+X>oSknt4~eu&&-wuVLrCfJ*hRefIjaC#K&n7Ro0~mp82+ zicIl$0p_UNzzLa_w}Z@7kOQ~~=)1n_bMWE{nMHeF^**(M&dsiwW*Sq^c%^*cy)jdUyFXziZJsy%R3* z>K6g+$apGz{M(*uPo5U>Kdu^BKl0+i(}!ymB>_edxmBejcRq%G7-oNiMXJ6WTU^6h z<3=>-9Xk5tpfLCs#X(d-I&X^gS@z{KpcmTzOSG-@PC*-UGJnB&xybo)e-y8)?nhD{ zpf5F=itpt#IFRxp>ZrGEb ze%AP`ik7xx_xm8Y1O`O0ZYu-~R!Qv6kaW70^YuUx0AQT)2C6J!Z2ku&k|Vs?~$*X8pb>K^N%8K57FP~KB{g?5tuS0~5uVjFIcW>uZ5J6z--8rY!Uk=3ERc|PYj=XqZQ z_%|BReXt<#&fj5LKRj&f`l72fC#~ttr9isIDyD&=ssdiz&b1Niyr`I0@yzn@lq};- zq1p1OO$@BOoeP^TKBq4v(BF(}UJ0SJ3vlVd^y5Z+J>2MsjC{i?fu8&OdouUVZtQI%QzY9%WV@?*n~xgN#!zVMP7q*8!( z9*F&m)>D&(vXPt=hFf1-jETFAZQGM*Csh+K5D&I?#;% zi>5F`g62tNQhf1eSza!t3dZX9R?#hVrQS7Y%iCWUC3r>#=y8D2pP&gqTHU<5N_y z9*SIP*U*sfQQH$~7$Mm#&F588z2v;+xDVkE*oh>%r>qTXjWPSNc;*%bZHK z1nFhB3lYZarG29bJ{oKvC%$>javd}y44cwIXXU~&+Q*svw*D*m`rH09m#}k+rN1<9 zOiML?x&_k8&R4qhptoLcWlruZUW#!wptyOIjP9t{=6QhVAh(lmu{TMHPPM3dx=3;M zLuRy(8~ej?@2(zslZ~57C6dbTVs)Bw<=AyIKt&EW@mZVF zo{s4;I&;9if#(92<$|@->e3G%@0e`=r!^lEpD8B-5G5V_l_tnlJW5_ga37fm+#UoK z4mFVSsoV?R|1}V;MIrVsDWg{0B{;|qYie2~CO*-gO2Rjk)RvvOL&>t+3Eq=>uMEbi zFkZV~e0WPnH2g*+8Pm1Ex-~a9&s$4sC#R790*t`DDrr=^6q|bj$0;IHduA66Qi%`E z4(igd|IMIt+k6bCy2${LyrQnbR>h+pxCs7}m%7oGIT-v;hpK#)Chh7@C$!-Kl1;mU zWL|Z@32RAVX2|LbPqKo{u6x_OuDYo59)sFT?kyef1Tx(6bietsw3e!%!OcUEgqd{e|WgV9Wj`vwrQnnxpdH@kESn zf-AG{ALlaPvhefDv3SC+}bdU+3a~v(^(310YDZPAaWT<{z1X z{*&Bf!}Fedf(2*wFFYD;U=qbM{MXod0vOR3MZ53}etyJd`!d~A)NVHQGRxLcC2baw zGFU({Yrtj{A5TS>il<}OYxr*lsY5iqXC1T&@o|COJ?#({WX$$AYvkw9esmZgfsb4m z>Ul8k$Mwq!wYF|^*n2V7YkPN0eSp*bcZvf)BX@?I0$yH>Jw&#DgjRtwKox3+GJV^% zk$EbrqI0x>VA3|MO#PFK)qSb^GoS_{sRH-(6kH2FwgNPDIcwHiE9|)R%-4F@k2*G! z$z4skPU)S>Ojt_+(qO(#t`xIKBKl2~Wn(y%Y8Luy4d6`rD9Mw4Yra2ET>JI^eRth$82kr z@bLHWxw|FRH+8a^&WR<}-=oO+P+MKMRr~F9;tBOTxBt{a(5NXyp1 zOhEUK58xCF#%@a>xjbal`pacV6Fz*OEN(T|=xLw$SUzSh%Bbq$t+W0E^)iv+E|(NO zY5i0hgC9U;`BB-zxlO@{(cRUUQvp+*>qSsST-7=8YW|Z@ucX1WnZFeUgm7Swofr$x z2`5aWg9$2dbr;L9rGN$h-fqHd9m!2?%AC3d0EEv+ow5Kbwm1u(ib13sPl)I(wc~`L z4{CY{^(q>_^+YJRw}FR6KEF$(%izT}VBkvR%WT}0DO6M>X3=nyNQD0zg+NzkqjNGz z#LA(hNmML{Ou!qplas^UQ#)PcK?jY6ow_)Kh5Q!AnXQspbPby};0p7oz0TDK5Z&uD zw5QPoQ%BFb3#(Br%DQuYXV80$nE6Yi#_rSkJ6fG-{sjk1oi`KEkm$vv*)h1Ey zMP->sc~(+QAkIHMEA>n^^78{s-Tsnpy)kxvK_Lx_5IS{R|4)bg;d+gdpU@X<-3E`|7x;wlz>x6cKPxy1ToTloX_6VCWE}K^mz|r*sL@-Q7qxNOwy&NK3yN z^xS*ydH24@AMj&l?X|vMU#+!aQOdU#3l&sX@wyqtjMtlwLy_tZQuzIK6AJHQ^YG>btFeym;FEb0f69-6r> zJ;_ciJM^hDy6JQ{i~+JrpXjqEta6cy0y`Cs)Gsb%XVW^v-nA5nI`PIXPWpDGZpT^C zV%~f_5h9luzeO!3t2?(WUdXN18tsu!Z)OL;3(6hpr@rCOHjR9J#^eE66%u6vJONB8 zl_k`1mV^=H(AlnraO9>JJ3+~y{MBrYC+W^TAgfM?y29{k;e}^}ikYPH9Vb)sf=9|S zBdt8kM5LLC!~%g+(vl)1%0$9YQ#F)I^R9pP^E2g0M%h~tihOgXpBGc|r+Jkk=z6Ct ze;hvl%iPem2iw5=(aHvYsGrb;8NZBHi=z51n^nv})*i!RywJ$~#e2=7!x$OtLsSDs z7-&4d;A#RvXMX0odRW0;$urG?i71sn*Xni=O2&h4BNn<#k+EQQ%2-C!eCtd2 z8)-2HnP#E9_dA(_36$@_?aG#`5MQLsLYVsgy-iQA~S-rBLlQ6(p^-CQ|fke*HMv#`+<0Vb;v~ zFlETGLEaK-94!pitB#glg1wJgIX=BciPp*m#NoX?kCw}`K6;|(@kd76S0z0`-Btne z)89WW&?qGCM$P1o4o8-*dyv}qkk;Sili-ic#ysCVL+H1EoGWG#fi;s?Z)#2Is<4Dl zPzxr;2`Vhy-*xdP!H>_rtelb7ZvItvJYk;BuN{i}d^r8yoNw&ELBER0F8mcYGkiYh zI;74z5q`g){E{~j#i0S-d=ZY863)|q$48NyNsjpDB<8bS#-9yNazC341z}TMdh)DH zKN1tHZlC*=V`@P-j2w`i4WOgdzwMsPPx~xrr!f0{d@E@pPbsN#imR6#zlTHxq1Fc< zgEIo9)OV~#i|UuIzwf$bK~E<>?=l`-8UkV1Go)>o8JtgdesfbPCF(~>F+9C zx9cTcldnXmr93ox5X1uubw!Xo@F?wHWtGvPLeRy&MYHrllNzsOf)X5qMCIO-b`M4NZtTWNr4Oz58 zt7xHWhrL!$+`%OiV>NSB5Ci{-KlsraDCkwyrqD0C+RH~th4WwA(-mq1yH*o;{8q2q z{r0%?&tHbH>E=3quku$Y0ou`F!iqyjT8TEP$+~~x`P$=vbzn4Vns@z-RU@nQNz#*; zFMnmbGn3od@rhYDG-rbpp!U7cKq=zkLc=FbTFJh~s(_Rx2Xw5=qzXBa)%jz283yH~ zU5;zu?)*-%!DB>;J(@tN*L$QFEbVD4>Sh^EPrnKAJOg;f9^2-WMifKbZaGv7gQNre zNJ}Ux-)8L+^f?qNfj~hv5ve=_v zcNdr7cP3F|tuXc>-F4%tb32@rvGs7GBxs9q;-@|Lfo(*CbH!$}X_x7`$t%ULJc?ED zE{N5NqXp8kAJSv^K(pSBQNT0Ll#GXq2ukjmX@8`ic9RMN1wmX?dQvR&={I?Pd0B)k z+{!x5P`w=?=T`ZB$6XPpsf^@1E*h3C(cbeM&*(d10?{i90z@9%#J;86;JFQ8(BMR= zG2^4GvQmu5R@16>#-#Q2Y3kF8jM&!6^SpYEs#I^;BZ)D?NC2y$>3u{r9mivWc1+W^ zj01tJXEO(>{>9E^qmAi8ZQ%?ZAqf<(L#Bpa^~Vi!s3PVBz$HJWQ+h~+Ol4lsOgblNn00z|b z_&`k$*9uN24H7=0sC=;ZoxO3FZ&i?IIoD|4f#h>)D?zFT&*x4{xAe+k@#~JgJveE^ z_l$5RPw$4LLB>L{yw?p5Rh5e@<#~d&^0+ntn}v&>n859eq-T_I2^%AH(UwVJvd5)K zJ}#}%>mgs|d>~ZMppF5Fsj*_UcWdd3TEN{cFuu9i z2nf{S_BR1{_3vurzlCUg2CLc?s6LVA$jQtLy?Y%oX{wsawna&YeSomukxMs7@t8Lq z8ax^#Rag!>w^3=xS>z1atCU_@^HzNl0;v(^Os>*^bYMPv7S1to>Nm75>6|hMY4T0! z4jY|>h*?)^@>BD#GXu@igw4S3xcTQBrnoGp>1ke_nls6~M>q(ILctaT{5N8N

    ql zYt&-@F1Kt6;ESnDQyxV#^vqkAY~8fn))pyJ_O_z^y!6msl#U{eBL$kt$S3e{W!}Uc z=%Au>Jo@6RmFL`(95tSUS<32Ta3PZls4(>_6;+OC1buXM9>V~z&|s_2W{9Djiv@W* zB8ROm%q(9_FVZ~XE_o0n>Gqt`t@oQ4$wNK~VO@G(;CIJhhBM;(@xB2{O)qnuwjcu)YMsOeM}=y>ypyv7mgYg&XFNf%A9kel4t9~o_b z1J1|H7dCt6=?E;GO`JyDaW#;kx*0A8)(H;x>%u=e)H^!N2*Q#C$-Z{{{q^tqhw;hC zkG$AKX?xL8(XC>-#n21MpW~%DQb&>;D{pxX&53>$ z44w--PB0(8E4)bZM5r1pvn#@ncfP})DFV3IC9BBe}ewcT9+E9W#u$&AI*VYX5_In;PZ;Tg*0Jwei%X0_K)7l z2vg#W$hsMDC0>wg>=8N^)uJ8cVFur4tqeVq5A@N z+{@0l$Aakdh-=3+@@Nso;Kwsk+->YEZ$tn&4O1;SVsd$`Bw1lOwV*DJ(IF<%4=&EU zs#-<%M>ddRreCc6Om0h(RT-ebOq@dzI?YW}g({*^pWJr1%wKCtQS=+3p03d10Ht3y zm`;!{JCW@;JGadxUnpTcIA`DI2n04@Z#Iw%2!h2|-_w{SG+5%82NIQ@@YsL%1cqd$ z720);q&514laQ2_|EPVBw^0&jXUCF3VI2fmC7LDA8uwbI* zs;bcI^Ep52P!cx}!4M2&lJOxWvW*WsH&0?V<;{{_LNRYtV#~=ZjM7x+GTPLvlZduTTkY`>l|VE5F)8o}(nmdC&>VtC6F#i+2-`x@af! zZGGy_7ht&sg?K+YvV_9d(r2x zKrUQpr@6A)(iRnuQZ?>|eXl=4j`|@iuOG{kP{@!N6SwEUx;pXoth`%0+Bn-U&1~n8 zV792!>Zp4p^%_GM>T3#}2kh165-=}KNv?MT;=+uEKT6#_179u0Y`AxE{{>GagDWe) z+GTr67dxbG>uAfOa^BE^hjA~Qo#>nuZu~7)R(O0@!JV)R{!KGz$JKb+0JE9=B?K`Yuyd`hOVX!LLYL_|{t z?<1}CscEv$WVY~1( zDUXcS>sF|FJn~VA3&wqfS#4magXtU6m+)$hzQTMfl!<{VL5g=a4&Lc`^AY$@r5XW( z@|^i8oHV{pMDE!JT$}idHHx+ElI1P3I&^RqAiC8xV9i6)^z{??i*Wp{vdeP%)pCw{ z03!y+Soo`AXW^T-ICBRbS;Kv_L4eXU!!`l`9b)+ddMcA|^NME7B94gJ(BgGc+mpS* z*L*K{CHIDyPT@)z?^|zQW`C)VIZ*p-g2a}`_`T+*;yM!5N3*`{kyfXjt~zlTfB>|B zeL9P>!{vVp(d)|8(Q-8`<2F*U( zx>jjY2#uC}b`iP(Z+qSHKu||B!x#{idC`ulNq!$OE5IM}Lf@MiMqKjb9{$#?vZ7b% zBdy;Ne|h`#G3(^@@SWD2Km0+cgYs8PDRIIRL2P&@N>AqTXM3`!zTsN27Y4~=MJ~g= zVuvC;ES^bgUw2Ex-;J=_tcg)iq*TOz^NFQDx?nm~dyO3^8w2plGs4#*^SXv<^Wv~3 z#z)D))*eQ8<13Ba@HbQwcgdqf3mkNsN z+vHUz$nF%ue43|tuVrLvEHeBp99&%+w~2Imil1TS6f9Qf2%9R5Dj zA4}?K_~I=3t^3;pP1itY`BUTlDuKsTR%iuBUa(!CPRUsE^Gl2`Y^7_mb7)c=##w~@ z#sv&#vp6;V&me0Eum}&5ntJpVyF!mrnOWoZaluf2-Fkr9oUD^KK%N)8RHryn9SxE( zFbf&HR_Uj@6;~=1K(x$Jh2y}VRq?qfThSuZfiD!PxlVfu5|~Tw(7BYS*KO z@=AFl=t1t8`m4ox$nblhvm9c!7Cqk4!bClH5m(vPEUAtd-0YdCSkOy@6$YXitO`K(q)%dJ7FA43bS; zwHCS-^unn2BeF^97jpz0bJqqYQtObeMS^u#mAL}kra4jm(eHCpGgX!xN}nc}!AV<3 zw^f$70eT*7ZHlT%E@nhN{2j&McPKXsF+&r0xjr19vbGYK6-@nULHCu#)a+B$1FkV{ zhJt?BT0enX&C~{6TaiKhJ_pqwJ{>r&QYh{|=>m@BC7ht&A>I2#6!Rnwsjn~w6^yQqQu6!e1nt0-+fLk8Xjx3dhr=5K9xRfH>OQPWVxzauLU_pnC=y8J zdgKyp@&%kVn-{g>3O$APo40{cP*ORhgpHsm*YswP&|f~iQ=k5^Q)c$_ls_o9|1nda zYUqc9MS?bWvEZH!Nkk*r3iJ65q(_A$t#9tdFsibUb4&2$VpmXtcZ;4~b$Iy0xbf1d zw1tY~+Vo#oUpXJ87((6|;r(OQgUfQhS z$DXiW+O7(`hk~YG-VE7Z=&7IIjN#cP*ZJ?6l#WGyfOh=Vr`cC12dPY$WztFn$HtoT zDS|g5V`ySAsvQw9*PsZA|24vRc$M0)E_B{dP2u=g&1o9jm%Ii9>F~WYkT@o zC#gr&EDhlTL1o1=J4_1!Gv*Vb@^Owz1a&8rArx+~6gxY#geFoMWK^I0I^ZdGC>5q6 zo|i#j*g|`0`(NU+j1rK{A+>B+H)pi$yHm`Mp6HYxD4-v7qz<7undy+U;ieeFe~wv} zoF3R@0bs~PFPHZdh{9hhQo7!Pf*YHyqm&Qw&c0S&sZ}E29zr)iCF53OF%(A5xR+R8 zxj+mBAa;f^8d{t*&^?2jDw3193l;6yax#(8wiTIAi@6W>v{$8uTO$Nvc^0<7{w;Wq z;TI2WyqO@c4k@L~xndCCI*GMFzh+wQIe7{AE zKWR2;T+1sOXZ!A=7*`6ti6D7My>hG-8^jw_@DqZPla%7d-P~AOb$?j!0=SN%6OZ!@ z=|#8AI6(D{L{!9!F?biga6jPw?8Ey-6mzI7svAM+x#)`FWK@Rxh>>m{cMO(n{ev zGYo%DxalfE21LYweunf%D(EEk7^Tw3HuiEh@0L2kfD`&)={#3mgI2O;O{1UkFg=%IYp&uJsYQUb878sDA{@$D1PILS|+;~aY7P@ zTIAk5rzfC0Cx&_^Ide9TW-(h0c~4)iJLXDrIO|{UQS!^`Exp2ra4YZsJ_T9HFmFM9 zzN_2IH@ZeC$)zdK&ne1bW*#(oSx^L+92Jz=g~st45Xy!ZnMz#^&z1*|yJqzyml!(x z*WGU#e5P0pE>)Ocx3(XEswW1VRxn4845T$G*Cf<2sEpG_Lk(KVbs(oF2$aE%_1HScCi3CRX!8kO)Bd|NLy^Kgtp;V=5N zc{7{ukiN*j6_OX?SDvQO)QfI*l2T-N#KTvsV~}LLrcw?mG#h zwqqWPzQNmj@7Iy*GSnsbqgMGxNTE`4(JWz&G&}@y?`-*}kQ9{rA?`@U;svCHCOi+? z+Q-AQ9v^PVE1{V`6uNwebD_WCY)}_fr@jf;$tZm{8O$|z-JsjpCFy;Azk38l+l;r$ z)MZlS6HKjhmJn5XwW zn?$SJFJKb7cz@RzK~3?+=Y`ntpOH7aeanZRq!f7CQc4{Ap$CkRP5d2EWB^!eB$sC4 z<`2s5*V1l*<)G}#pYvmEqtjT*A=6pQA1A#1Vxn2OmiX6lK4L=V-dEM1yf-aNXqR-| zuL+KR|HlGcnNW8@1&jr10j{=(@2ciABkV)F6{9H~8t80kWknO7l%_m_|H7@H) zPE)MulWIOVb&-Yq#=r*-&0=2*pE|VZJ0YQ z;QEAXl&4d6SmcD(p+FBa>~Tgvc;*~DzkEunQ0$VVqQ|d?UJWy5)2g$TDXG~O=aA?z zOBt96x!*fQ@D%8szo7ToUV!Mp+NyTUqq9cZ446zBKwD;xMjI(IPmBqzNq&_`Z1Z)= zP%k?kelp4nwR?HtBQ#|Fwd}AgbSvtsH(qQ;<;Gv21kUg-$W((~I>H}Rk>`?qR8gJq zL^fi#SlI@r$qD{eo^o9(_4KabQm-lYC7wu6;n;qsv}SNps3G$=nsVi~Ux@Yf2-17SN$Av|IL;WAB)q zv9K>U-$V-GaljxT5uWTBo*`mau4kd3ZIstm0Rk`aF_7RjOI-|E|);JsLUs; z3^jI#0Tsj@jWjNa0$Wd*@Ap8m`xEezQT2y>8|jDuymFcTik04DNy1AP2F)&_9HV|-9s$T0K2 z!0eg+;KB$I4;ro7E+yLft4Io@tub~)FGQMHzOKh-pTSap#Ld|v=gY1xE#>H%itRQy z6NQ>5kIN{p?P-H9UMB@c`Y-t?&7k99O6Rfjm(f7lc|MZGkC&aC%G_}uY)q;R{U;Fb zec>JpuRI{0I+9RQLzyYJcw8M9lSB~el$DqvCVL-_JkK<)WnHjM@b-~FEtB~2GvG6) zCK5T?48;2nWlAf2pY{+^3bAUsRb|HY25~S*?_n24jNfkk=pAv3KA^uT0QbtCoIhUo z^AXFUNn&jx5hA&+O5nq+S>n9>Cjw*iibtgw z9jQ;StxfQc5Kap-(_Vi9>lhV#KREpb@;h|{PyX5&yJ1+Uo#UG+{Iw6(1ctrZJwQrS z;utg$hq?F`OtcDHNnHt5h6qT(pNSqH`6ZIDlHK>}trf)aqh9ht#=S_=zom3ZK_gn{ z1?1#spo4Py>^h>)ixRSNhlQVAKUo($L=hD5!bB|Pi27q}h`}d%t&m((_q{TA1eW7k zR2h@ZB=a3vDcGRD>Mw7FKdpX&r#C$E)19*U)kbcehUuz=C6{8&npIKZ6>I8Aw)+n_bQoU#X`aBvRU_|8DS91?i`~=YZrp?Yk8YO8WXS3iIm|t{L;$AXEGA02>ZCw0h+jQ zm-;dVy~HiK6UH3e7rj=n7TOsLv8S7ebXih#cAiPTPqXe(Yjj^ZS8d#HiD$N`Lvq4)1^F?p!X7g53^dl)2v5vN?U1%*=Wg7Jq*_m%IhH{)` ztYqwT$JtZ!qRnQ?K9=x*x22-0qE8^XWWE>X+Kcqay=I#j{alOVtG!P)PHHU~Il4J% z3w!bQ;)E*oX2R;^uX$F{fsT9;vp%n1+dE#}kC3Ke>h8DzY}At4i+1aE*=JayeZ+j$ zr;8@=)6Ddx{Z5cve-9ZviTbLzRj~Z@0`;O~UJwB%a zh@CXllOkdekWq2aq!KfCwWzh0pCM49QL(AyA0HoU3FI2}mbGd}?ZLZGbv@+wg&3+= z1_8M;kdFDc6W1$FmFPWP`V5VXT;d|V%WWo!5B*kD^=<3hd~>tgZpqRQB(%O6^kcg- zmlQmQX)Z?C>IN1b>p2VBb2b_6uYD$9=-&#GF@hG6>Z!ikP(F8J z0d%SSO$|YZzs+L|8YTXqM=Ff_qHdslBnWHf5l~(GWarWS z3Asu36ORyyK6}bZY^ao&A`5fka{Vl0u$cxoOoe22?xxGGEtsn9H()~cvU85MD~KYi zIrT&EC^T^Mk!OPr1)$d{Oy;)fDK=0dVBbx&*~T26A~HrsTAYb(O8vt_+0E`NfhcI-?0IOCiQ(p zN1|~M zhUz&h@o(>(?WkgSlu#hLfH7jLJQNeG6G}`vkLsW=^EL+tXvhY|Ch3O4$6FLcR}3E} zdXp%K-Wxp2T2mJBPROoB(PrP9#CRgKnR$3wXL>N~)ETNaxumW$XJUR$<0=x}M@T{q z;YtXHmH85RWT{rml1}blSD`TBDu{L|S?)?TGM^gr1u;pLz2okZ3q)B9i@1gaGc*C| zy>hsqyTU1Xrfkjg6N;V*-U0h%LH_wQo1_Z7%n+{`c0&-E;0A+1uUuAUa>dNKINQxc z7gzd$!585~@+v!su&3m5%#|?jrA6Y+!&gu8X{1eUS`D#Dv%J}$`|h26xPOvkQf9kG zt>!yJ+QSgb2xobvWVK!p+FpPj1r-1@Bmv#Aw{G#=pP3#FB$W26qIU5kwOX+*xs|Qz z=24Lrtp16(Q00Ytwy;n9H(rM48tkfy=*OGJ@A-rTBt7M;_B*XZe(lDaVcV-<+!4Pj z^a*XJ!6>FO@5`FtYL6O6Xf!<7^%%}shb3prS7tB%`3tZ65+ctCO2V zMHjpy1g4>$KivjJTjKe$Zatlv_daTi#-dol3eLB z1=k;+i8ebk&v;LyHe9GUMeJz=#j090oMPI7pyM|=Wz5{0ScqxxhxqJvh9 znBDQpr|@01!sKQ5O+0<(`S|tPCGQyWGb@4etTXS4K!lghsP(N}BW%$@9Hp?0NRPJf zn2!-ZwAa*n2EZ5#PPY3w?ZQmB?G1S#WhBr#b6? zabo5Z{jIZ7)LCpFm4pdaUb^C%W8*fJk(CYV?w0|Hx?S<_)M>B5$M0jMuoNu9I(~?Q zDU4rc>2{C2lK9eQppOMyO2#4zRL;M-)S9b4W%oU;|KsA}nr=GG#||IF`|`#8AUTZA%q} zi|Vk)7~-^~^O1QSb0KF&5J{`ry=vEPrEP7E%~v)u0%en@8HX;cGb^uc67%kI^uwIx zKR&^LBfAVMR+o@{YNVNGF!lmLd7^H@cv(E6dBZ-Tr2UkE^m&j^jJRr8cee8GCp61~ zV%bq>0EiD!MS{g({^_X&cHuKeD85wQx6}>maQBUW%!tty|K-_8 z;Vb3JH^19OpyN!e!fTfPuW{T@un-XzbT=`D@Aag78HK_#XdrnJ&@l>3l|b|9a(TI%mOkl#UDxq@|0-}?p`R4>v$AAn?--)+En>C}PW_4tU6cRFdKhQ)?;u(k zt)(3Yabd^nZN3y%!LI8Zl1AB5#!r4&V>Ek1;A_EhfAQ4}-9E?JAz#JU%O}E$$bhEa z<}=|*?7Cc%{yl^44RWyDvd8Ai>*(pDf0YSm_^57r{rVk z#FmNw!n)LMIkn{S|HAr3zMoM0-*F*ZKl%6_@o&=su=%XMZ!LX66RO6(zXvH1!?Hbr zFyuAKKM)Ri&4+Iz^lu6Ve;I9Kq4NF@7Grd=7{Wm7O870t|KGWQKkWD)lV$t8mwEbc zA$Vcq^lIJvAF}f5H%|YSDLokwbp3yDq3a$c+dqvUT2@UjY%Za50sk>s`7+e@gnj5B z`D>i&q1gAW6)0^Kk^jx8`M{Mg<({^5AyC-vJ363ptS3YC-`3=R_G0mGLI=gN>pw{b z2-iVrmL2*JG-06q2V~XDP&BQetou8f|8+?Ws1QT>^p`&TM)QBp1;8#C`G3F<6@&jT zE$(spBi-C|3;wTNVe9{=TH)VQ`!C6M?(h=(j`IUbSK#l2{cjq;V(1Q~jWmmGKq?)w z=KIYoUl`#BU|J7_?e|r3ur(k3w>6(oi~NVR(HnsK2bX|*VSVrqH19$CJ7h4Hvo%9m z_jfe^>ypa%`t;{GF-&~^-*W-5rjh>*KTHh%Z4LehEnqnP+gy>YBmbw0|JLw(F#c%x z9tH@H#n2x{SKx1iWv6=%&G8y5xAo*{WfDUS-VX)ob{ZrrwT@xmo|7oSHzT>2! z9{$Vj-D4^IPc8v4VfFndn)jgn4YGTdqy7`k|F)#6AWWaAe#fa$1NsNe|2Y=`Z7%)a z@Gt+vD(d1e8Dn14jNoLw5ceU$U#A(t?Ia{he{`uT@cH=`GMh0nn@1b3D0dqqSeO3Q zcf}0sb4n;+|^(--Mw>}+80UcGi}5*&yATkxjQ`9?g8=Kl(>Aoy`@tV zqqVSs91C2Z5osaZ)hyhN3M}m1Z4qhtHC=54J-gTl(i_t9LOA__#{5e~+qkQ7Xd!v4 zO0(`j$Clv^NW^&EwN9f(s0LS^v^u${?RvgAp!ulpZP1U#AzJT6EexLI^&X#}>uoDt z2f>34=RMd9&c8^{34bkW#e(3EcXtu5_piF@L7p}T3;b?J4{+~ZAKV`GsPMnoIi3A> zY93WkWFoM~CL!YKq(vY=n$OZ#jHzCF(d)Po@9wotp^Ozbbn+9(TZg;mN~oCA{HkO20EJ*~bFdQ4X?8j?P|>$G9G; zT#`y_&5%;I1z#2v4>+_`FP^%N)G%!sI))i(dm1+F?5V>u?Wucjc4~K4*F0|w*3jmL zELF=d0w6*G{p2OD>f5~M>*`yO1#twM{Soeyo0m0_Fvbb<`u?Ats^9zyK#Zr+H>=h_FsxPWsOVq6W=$76>nXm z77d%On2r3JfY)L@Bx2toiLX+^K)BTUwMi&Xs>-e0 zSbc^ zg;V0q(T9F60h(Jni@@FyB7xK%BDdlgvOCMWpX)>gmTPyPP7&B?4t~C>r2@L|eh#W% z02T+o_AMw5Oc-L0vN{*Vk!B0`_w$p_rb81@zD*Nq~bZwag^cWL^&+}!49*3PDfs_7&SQes4 z_W;hSb>jw>$clBo%mKAju1=YFQ9=(IDx|?y$F|QDn0$LI%G^HE_2OJ2Y#GTNzubpA zFtsLT(6Qj+ve6rT(;N+r5yxAjkUIn4Q0fathT5L zZtKiXXb^K{=`LnG&mv<}298f1QGg|!)HUf^pVFASKzzftRcb)@HTt)3$9ya_$eQhs z2W$+5cY~OFtMgi|SvrS86#<69qMC(a-9_HGloekB1unI#b1>VPmOhgap?ub2UdckM zz)N`bt|#lln>H%_<~d3O=Bj@>&lj&3zu3jYf6SG$tJfx3*ocM%qr3{KhHjxkxzg0@ z)0mU$)Xna_?%||BIRXv6Q}6W6o*&%Y1!hgTy$$xWDAb=#Q_FWaWpU73;~ol$XjoX? zHG`+as)QROxk_b^%Hm#BqJ4b2R$NW_v;7%~hdc|`G7FsTO{bC?_AGi+O9pwrO!AFP zGD|aB05^HBTYbp9|7_QqLw`aBQuraSH*-i<3R_5@Az4K_5FLCv_ObH1MYU+Ur@9mF zk-gn|0bV$cxt+(ZM(Pp?L6>KZuSsq?ZsQcq~w$YbzxzIOw#R~95 zt1p5_RqVz0OLNYZNM1dP(EwL+c9VmN!7_eg!P$Ztg#Pi-V>k12ff;ba zFCSYx^|o43U}5k3k>4y;FZG60t#0b$l|VG=L1AyLE*(MhuxTx-@&^B_{v$(1p$D?( z--bf;juLQng|-79*PXaZ4!zFt*B^=PHYT@D;?X=rEDV&h570{N*uR+`!h}>Kuu`u>P7oSAPP{m_ zvJvoJpD=v9h>;jz*H1ET(rybz~(J5hV2xrDRo zOG6IL3xIxaa8eB75yD{RKZvSXn!;g`vQv`2Q^LpU#L_qti7MbXEL4SElqvDOO<2LYFPpSq;qAjQWQ}FkC8n#+%4Jww+$iDBf@0w^{Q2svxKN zj{0d)wXnvQv&+4%98&>O18I&#m+_hS;VxusL;3gg6`cc)7tf7NvVv3g`{yf7ztoV8 zfArXk{&wYyd-HdD1JW-i=t6z`2m;cNWd6Pm`&*9FKk(rGgYAK>`wu1tWq*G_JH)|#P;gLS~$1@ zGk7@czXm}6x_f+k8kyRP5qa?RaU{VA^8Mg{89)@ce+)ipfeyx{my>+(5dF~~lL?(& zIc!sD6KXN3nc?7|&;0Ah{eeSgWatRqJvN0SctBtu9Gtebftd{xBkcD-=fP4!u+De@ z2S@b?4i5CMS)fopu=x%L=V->{U}C&xiB1tQjky4+TGjgTwugheZbN dAJ(>xd^<{V4~yw2-UH@HzfsC3?nAJl{|7SC;OhVY delta 49715 zcmY&nECAbrG;|_t~?k>R{7Vf@rcXxLuxVyW%1r7Yv6XxxY>is>tFii9uKAGJSB^x*8}y;eXG>k|tX}UrkaX&FIc2VV*?L2NjN{Jfdt+Rs)R&JHV=C5J zkQulN6+Ebp;4{HWczyccnT_Lm0-|>2sar(6tBC4!?e~b*G6UGupERyIFFy%666G`h z2>D>zp$U4Q+d1J2fybSX)d%cbyeoJf^&V7>`M6G7r2C~hE77(JxsPCUcv%78Vd-P} zhg=7;52%RF4CS6|_%Y=5v-#bauB;WW=zQchFmR%9DK|T7~! zeIap986?MMFYpQ?j>~5tykG!1w%b&Bq~`0p z|IbY|&=8%_NPitw9e>pj-SqBVVIUM3q5BIMnEU{&w0VHH>#G8v6jj!Wd)rwTHlHL@ zcV=AY>*qvUrY=ck6kj04tpn;whe%nUt`6z33BP&^z};BKj<%s28;j8TNQc}Pz2`o7 zISwp-DRa>&t>d*~Z`u2)%~N~&Lf_CJ{kyZi)&@0N!sY`5sr&}$qw>SGL<60FXp60JGT3H}2)0Tle`q^d!J3MyX zXFD$JTwW(aFs)u+=6TwTol5`grxSF(ww|iJJZWFs4m(P#o|Yz~15ZbBPYHF#En8nM z)3qgjXK_5Nn&B5Cf#wX`cZ~NFi~++smNq~iC%%pbv*1ZXak(YTs=dtUB!Tn0 zdFi=iWcj1#R7Ghj`c0*2WCdA|IY^lRqqIePbC@rcyo4?Me*Teg{p{k-I55AgeigX1 zu2}wVo%Y;d*#rh1_P^w3;2t;AuYR-knLr2&Z`33?YmDv%u!QROHB5R=moA#wT5WLB zU#BilC9Q6x?=?|h8eu#G$=Q(YrJ;B6hBbI{%wyWfvEOI$I&Y|VF zca?r=l3c2iOoJkF%}F?(#KHqP9f4P=#ckg|g9Lue+=<5D^YuHzd^?f0VKV%uLCIr_ zHG?UPyc>edf2I#pdC~_7tn&fBv}=l+$Zyl2+_6Pew#}Zy42FG}j8ZQ5>MYD*^TxPr z62B7!%ft0oHD!WQHC)K8odEjC1Qtq+`7!vln~;u@Xs5Uijk687t@5&_CSWJL9sq71 zWSNg|A%{JeW2K+wm*X>#r5aS{yPYK9xLl-loL8~3t2U*LgZcx`8GDctH$}rYk(0 ziJLq|D!Ku6zcN?S3Q;RIc4uBXcWXPcqMeC^9(%a(Db*{SpG)0<7kUC$C$TCLZEap# zS=kbcMJ2oEl;QpkU1_BRH{>Hv&EO3C>+t-va|Gp1d{xc*3>MKBop057r&*J@cR8Cw zCA0)|2kjgf0pmqm)rw~!5_Sj6!+|e3dl`(%T%*yTK@vOyj+_4EGlJ4ru1Ynh$d`Hh z8_;_DByN3dVABGi>qN7SUB+>dw%Iu!_nYgX?a-Z}ehRmN2~XMTZV7Te01~re#y7Sd z-$~nZa~RG>g68{%PKI+`1>3BLIPI^%cCIgIyzv~PSOn#lx@P5ek6eN&aBIs+vnM6% z_M#nZxPRi;shZ7QAWtT&G4Cl>6c8Hi_STKpl4vi@r{i0Ip&@EXPt%&R+xr5{avXQ{ z1T^d>`iBh93tDrlQl7G++b3_;NX1{;x6ePzJZ4#1$zVyIJru9O*9A!#(42%dh2P|I zQiD61*JH7E&&2jCue&@9Th=Jo;V|orS^aCc)_rIn>yMHPq}6K@IJ4x>mQ6==8nezf zSk@X`ioojtf!Ybsm2U1a3jCh)WTyQFl+sb!73UXu3U}sb zQ!d5URiy{rp5)~~K?!FSv0f4x$I=gxpUP@JzL3QMbsG&b{4H({7%PA1jZ_?=M-C}R zQ%58PwjQ$tpBaM1v4uWdo`eO6Z*;%fZxyn*VMpo&pc|=}!-t5F$+J*3J-?%;UK^jm zziE~*ZwCJfOuunEKE=5|)_i?XT|d7sD44DUd5#rHcd)Vi84pkmEUS|ndnX+VoyWae zlYCkYpg@T$cAZK5Y^1cY*{UcMn5$le^q({T{gh=fR1d+(Y0;bH{ynvb)0%9xI+?wr zsv4n;+GXricRIdUIb10SMJfm$(^EAl#znx7qfRV+?UF)#LIm+M%xi>BgGT4@6J7#@ z$j`n%q|d0E>qaD5#LtlEo0@d5b1-x89pg~cfbo;`ZE!|i5u(E{>?woU^jERru+yKK zwhK1%$rvos?da|I&FqJ$AM#$o)E8E@iB3fv z(9_bB`khP3)ti0$p?C6k&i7r(;`3@Rv_+{QCXTHp4BF~8Qq5At{HTaIQY}Dho+hk_=@ir4s4bugPoX(KOEO%7 zJ?5xvi6}TjM4|0C;|e&>$l!Lcv3fXhR-zzbBE`@$Hg7?It74E+DUtG1=wh-S;zd^x zIzA&0hq3Ja;xy@#pl6|@Vu3CIyDFM-|(C zl)rO{!`m@%u*+1Ew;U?97~fBLTC~I`o{fv8d!aICYA$kQ`Z0AJ9e5PINp<0kUVp-? z7{!qA=J-&!7z=*@^_J1v=4w0ag442`j}H+QuyJ`>G5@A*~R`KaoT74EQ|o~m>itobVZ4#+?sC( zD_7cS9GtN=ScfdcgJ#;+Ug^uD!d&F`b{Ug_wPE(d+flS zyZV$Uy{b~~7#Po}neWAk@z;fHws!e5PPT!F8_U zFcXO+d|Yfss=qPpA6XHrXZE*IlF6_xO=vMf?0NFRX zxV@m|s-}G3_aV!GwG05oD#S3}T^uN}bCY_jrjQ9;I;QAAav*jy zSKe@FV#MbvFdxdOLM{y>;j)eC`H(_*t+o1P;z_&Ai+*QmR^_J?A7&)9g7pUVS8F$= zpTqT~{_&UUE+&Zkp@7Vmw6q-);Wm*hHAA{IwpBKf zScuUP;of|9&9n0HMlAp0^Dv*EY}kmEDGA=V4n*YZ0?HY@N0%eZYURsr{n0O*-H2MG zQk;&i6M|I}MP>m-)EXK$IL9okI=H=ML>rA{R1ggl%5+flH^3g19#JqEElY`&M1hrY z7`Cp|0Yj0M!e%DIySgpH3|od%kriR|S$+(%$F~mETXCGTW>vq=g+@5lVfktzA}v*1 zLSyu*$GF^j6&DqLlQQzY_vcDOtQEciWyA4q7RTfi&u4;=?xQ+*!wl(!fIvIuF5{Uz ze`ZM57kb!zBS2et41Y7asVu~2cJ+r!fti8&=}>*K_#J*3aaJRXnJOo=4(C8f?!~rO zqa1wbRgq}S!mT*kjyQIK3${>^Qnaidc3r9Lu$r+Px+x0lsXL6tlKm8a^oB*s4;t}H z?~RFSrSuWY5OFfbD}8k}tL9ZgOQ-BKN88{GrB=~)7r=f~b-zH%O167(hl-A!`O@fZ zao2tC_K&4Z$2(Godj>2;#Cw){@CEXYGFNr)z`iJBg@%V;zU)Ws@$c=r-(X){mT03P z2ICF&QAG4)2Q?9Yc;qLA<;aOgH&Z>P3At|se>1+5v>wX`^9s95S;DqARbjJX@0O`* z#%?vs0DIZ@eb0n1F;$Zcm~6?_D3X_aTz6D6H_V&+GkP74AEz!Y><%XwN zKaT~EHr6lD!B{p#4L`DML!gPMngrVX_|_C}4LHhmWBunqLt~W96Hl1#Mf)j=!7+I+1N|05q3@N>|F|y+Ta|fTWqvVMh!eVZe|ygH?KYQIUkhx ziC@!;;-%j*3G;GK#K%g5m`J*%@Q3&K*mF&hT#8yQLAUH$IU1BatLl~JI^5hqNNYEF zRmSC{+5s2o?P=6E&ve(K3@%|E^EkM?0=fV2*hD@#eU^|}AWh*BV~e%qZZ}2>(XenG zfD*SCDL0%$ym48QdbeklTmWM*@9e7((;2eCs2+Oh5Nk|H7G;jV1< z>eZ=}jb#g<#vlx2+$sdJoGP>r6_E^Uq@DJzTAR7R6C!`q8ed~`HpaRQT zemiO8xKLKFs>^-?3-d!UD+CV*26&$QKq*ia_(H9s0%h9C^u6TGB3$j?43W$Zv*?Im zeSu}KviHoMwC3xesYq=e;JA)BYVu*k`ljShz8{Qvx!N*7Wt<{own6pIbIOfJ^w6FMEy&8$(7M(q#A?bfZjWgbg{WcBEFQ8D2T|8$G< z23mL)q$qSi0#2ZrGACRuzTA8A_j4k;)dqMZ+;;1Uj)X<}>tLhVH~y#zmPw{1x*?PQ zAYIHYrB|y7N&0Ny!cbd+kU^98@bREzvcYupb;c}c6OF;0i)|i$nv(;`hL8jKiH1!J z-jR{0mq7n3vS92?H`lN0rKsEOn^B6W`rBbZT!LibYUx&aA&R^_STq51Y=}1=AvGrD zx1y!xhamA5Yx%W2&}zfF+VGJUE_`r~V~^zXG4>kIN{`&JE3zPr?KGZ7veEa*r#S#x2x6t$@LOdii7ZnMke6{w!giI z9+JA-fbh~cqBP47t!S@E$>ssTt^hum2LjL01nT<|!XG*$=k>xfYHZd}Hc^7XA_@Pg zy)%oY=hFQU{s~Kh^UsNiexoF5_h=b1&`xiBfG<);*M2SC#D5ssaxlUM&xAULY08~) z`Go)FD^rmot7&y$@e;hH>8JVtzjmTElIc-QiN_`$#d!2$rK&N za7%8ux?!X8YiJ1RZ!u(7w#Z9j%-@?f!bA5L^mc;tw6#*LOXb;Ol&F#aY+MYS=sfSG z4pNPVKgC8fg*aXNI@N}oIp`%7v3|7ThE99Zn6lxx*lRkRH_W{Hh4 z-N63TRIdkdWO4c(A9yk+XkfL)Way3D^-w&9q(XCN*R0_$HJUmv)P{3nWA`Li>eHpL zbDEO2Ga|cla9BXXS%KHtS>`xPLnPw55JxRN^#72z@HfxNo_J!De;wu7lG|W}#6ZRV z752>qEkJjNL+i-=Uz>lcn+mzyN%?y{&+5uAO91Pq(8Gh%b|3igCo>Y!#Lt^S_d9W^ ziF=pfu_%e+*^fytyuP%n&z@eT?#*kQWgIg{hLc38G`2>5p*uVw_UOAkJY@1U~M=LJ_m>i#4{PYaeWv^r}`9mnb zntyKY6|5;qb3x0D{z;Bk?uJj#BC%ytk(Rg8#y_|2KH0fkyy!p2TzSf%MWY zWuYE*nkE-!+W3==ocsUk?FT&+-cxMZH3~StEKOg&#E3JfY$Jr%Jmlro9Rn-!^aAMz zRT(C`NcI!0XWpS2PEs(PVg4U0bF9*Qz5zywVt}LF?Y)jtR_mZdl5giT(_Ts1 z%XY3iJd%q`5?9W_r(HRooLx1$zGz}3jz_+9_<2HHfXKfiyKf+oe{@}uE;FzucujqKF^#mM^#Lp-uV4s(!Q;x4a$NR4k|@$4)*}w9`mUPBPLnSe>J6!e2$c9 zi5cK)_&$p+-;&_a=WJg_3#B^0t3NpFw>!6dc0Ajd0h=X}POnqHGl%c8wqMEv5YUsx*KdZ1+}7oNFGo zY7PuQ?y&u;eqasmCtEn*k4c`w1q26uG5|sS4Xgls`+;AN;G)q?^$om5&2}Jvs@r>* zEn*5!v?fyVsl>*J?M9bPkuXzH8vG%)|D|DTDZLaPNR}sqO@>t`BFrvppMOV3>e|I9%j!S$Z9BrQ2Cn&l zN`L78nF&D&q0M+ZzGrHd$D2CTLxu{(QZP5Y3ZQ# zJL6Zj9F}BQTP}1nMjEqGq+oFViq@(*&EeyM}p2n+~Eo#NfA{M{{rqE7eEpIYWGZR zZBe{hTU=ifgf&Ex^Or(~ERy0cwxC2>n9UO!1?05g6&Bdh+A8~X#yngUd-wTRtr^QQ zH0i7c0S}2kMxN8zJ9C^po7_~2Fn-b(yE<{&m-Hz`v>sjIsaC|lzQCRAZ1h)6PZ^@I z71z~z3Di)K4UNs!WTo$f`{j+ZI~SsgvOiwq%Ey|l%cdz9x|_De6xN5qjaO)$y*H&v zoLmYO2;T>r{i#hHDH*MId%^gV8y~o}kUu`338XV;S{& zZ$Zu~+I3l2VkHD7&-GVP-g$?HtnfiN!9h?7hXh#C=wWwAS}g(u6-wDWY3lMvy3-Lq zw{m19OQb2SEFT%*msn66{@EGd4#yJ9cCGQ?>-XQS#3W-;m67)9XRZdeJH<-%vYgm; zf2p0KWBL<~J!Fi5r-VDUA1MMM>6K5=M}r6)e>G@+OXX=bv5~Tab^iZ{5+g~qvB^deDnmKDB--hMQ0HiRO1f8rHYHQqQZ9@%>HUCi9^a& z)HtM=LmW$Araad|pw;D7v#daDfKaRQF7M&(!`tI%3|w&!HTH*eJ^vLn=}ZnAZ{E>D{Ke#`-Ye6jgQ9& zTVN`jx#T?-Ay(W<9lSb(xSX;&0`2$T+4n>!QQ0%xW~#2xX87bgTZDsv7@AAiz1*1q z3=VHZzTB6I-r&TXvdiPFzgGXKVX&v9W@{}dtUt}}a5<-8%V7jShH_&)lk>Ay{ZHMU zsX9qNF#){W9f!&LU!i&Zf`JU$Eg&BNJFbuJ~OX8DkxYR5OscM6QIDp4+Ef3i*>-Kh)gLnXWSfp$1g>ldQ z>-rEW`>Si*=*LRL!QBWJZnga9<%6km$g+v73DDnyZI3}o4Y3|9zXer3`q55q2$aT6 zY%}tMolb9DUoBa{QW-$zM0*tdn;FrY#V0xdvV--RGpH=)TEb!Sftd|h7`K%d4TP#$ zS?w%szFdmbKL|U<5Obaj^fyy#b{qx-O)HjEX!>!qmrAb*9@U;%fzodJr!v)H^7#H9 zd*hZFd&=NZu$h?=_e|pU&{RO&p zQXo;LoI7s`XdD^GOa91fW0H&vvO$Sy))i{)zFu9C{3Fz1^W!a{Q==XKv+TGMah11a zm;POLQ*yxXP^u3F#8Y2q9#6RhQ7Cl;uCE1PGl@MOF_9O=rKjOwV9Qfl**^_RS>xTB zZ;nF)^BJ`bYEv61?*iYMihZEd_Cbbs(ae%5>Bp?1<X7WEgu!9dA*1g0keu+)mc#*Ya zDVf8Ew+GJNT9AYeGnx-W>fJ)AJpf5jdC!$~Dv-N!g{8SJw#l)U59Y#6)Yn<55(K!x zs^sN#=7aF?LwWauuUbx--XnJGvJiSDQ{royZA@4z!0PER&ea1(Y5c_eLmm9&h6(Do z&rlw(IUSP;%U1oXh_d}p^~Lt$L>=rd0f=9XuP%9q`k&@yWY*$r<;Z7$egx#A8ziYc zL-Z-=UUzb2xy)1_p$mC(+;K53q5>Y^B}DSVNQqvVgG^)_@f~`EQbw0Wvm9ssZOWi0 zi_5nB+(^qHX9*DbJ``a>)(6$=}XzF+R02cVj2)A{y%r2R}f{ zJ|rru{uPg4n6}hkE|C<#=A^3*RCV|cV`S8|{UYUz`}bHf8~4LQ0>;#5?+T{5nLy?B z^yAuJkBu_F=i3FvlqusxXMW-M3-6I_UM_fVi{)PWm_$;MSpbyYD_ue42VZ)&z%lKN%?+ zJCQISN73Tu(PwM^jX~mE9P?(dd55?3-c5Vuil3l*!$N%hvRkgCE&KdG@_1{A;(3a5 zu>ceth6XpW9t`(NEo0v9l3I3^cay|k)x_c@nwlb3vU}g6lg0_H<&ZysVRA}d%Jkg} zJH+>ICWPYzh>WK37z<~lVzK_ZOeE--yE3Sk1Rvz$GAIbLIl><9lujL&7CwVFYW+*KuI9^KyMX@j(Y=twu?&}O1oO^7CY_<$l8HLN+ zNZ^(SvLsF}5wSVJ*%Pb-4CU-VL0B-|tLyFBW1e~|h}_)e`ep3#@k}KQirjYW#}{`J zTc>WBP@<-_5_WbarMbndSVOyx*H3Pm$r&Y(Cx86Ii5>FtHy~X3=q)J$YRl$uXw#HI ziGRFXdINxKdB}nvq@)F_%--lAf{H_GKH88j%0Q2(donpGBDaW;DP*C==cmUeBeW8c z|IS!C#ZU1G+U(9W*=VTRa-uf)>yWNRy?#qzbUo{d@~7~3l&yuvpB)bkAq-Qc)3FTn z$hX5D>n@C$fia2_ka1euva(G}1@(b>e;hu?Ydnv;>ttp92P|)Hi4P1g#xYsweg&ks z85`$)eO9r-f4$o)VTI8JwC66aE zg%%SsXEJe5(&M`6(^wW#g|*n|nKZSBTAFi(I^=NSk9D7nY9_|><%q!$BPaw*A1`5u zS!LG7E+1$hhoZRBHWDLbsvyu(L}-UQy`=9R5Ak5Q|1uO6aOGiV=Q^)+m6U7+e-(V-U5Ep}+lB7J;L(-MS)mc}N3WG+SG9!SH2TZp zedtL}sJ1CR`p#-~>Z5Tm<5r44`*5s8diWq;a@Jski{S4DG8LE)O=l{E8B)kS&Frs~ zcy15%9M8)|KFH=bHe^aw9rpvW5dNKXu=ox4Vg0n8VnTzEh0dRampBaSG=<-+zWmdU z`9RLt=j|=wkqr9lC%K&3*#IZcL#EerqK{nl}uhe2xsyvr|B)$P2wUyvPK0%MhIqctIq zkcQF@abD7utVmWJ>oz06tt-@Y@==Mx0m4jok%?+nx|g1!aTaT?UHpRv(`ih8APJaVwrU)t1AN`!?KTJJ&eeB?hqV)?3uswH%OvY=Z1vU3qFzGrusJ zsX{}CHGZ@ci)tde)NCLO&Ik}vs0+xR^Y#QQdg=B44={XShOG_kFI7cyUR40a>nX zd^Kt~KjAPkM|K?KA~Cw$wHnM~O*QbjtukvIGXhVN5IhW^Pyz@Dqj^9O*#SA4)aW(x zT1e_s4^Hn)7V~4TZ8JV$qTtJ=%{0wOeuRa76IOH}e0vi4)7&6*5HIoQ$;6Q_Ktx5J z3Eh&^c$8oMC#y^`!oVW}*4Hg45R%J95EBP*Kf4fU{xR9#l{_~0lu!w6uF|S_b-eINc-P@d&y{ijcyX2ngka#v|XSPfEaq zApVc7$4UtV`kH6<yuSW)J7<1K|>i2Bi#%XR}lm zZ_qbn%#@FWk@CRO8A(LA$>J1mWyNRF{%TqoTp8MoZ;hGx`5$x#HHw;iDpf-T*6Z;E zOfgWB8J2a4{DsZSR<|^Wx_CUNS@;` z_C`<58|%>bCOtkgi+##HU!}}6x1F45F@|U^)DGQP@+x;!XCbID=+OLRx93ye{~>Ez z=<-iJ-c-a<3-8cU_8U+E9ZNS1|IQz*muVB^;`lp4JI}tcfX$idzXt#GP|fBudY7Q* zbu6XBlbhQ&FX{#)E&jAfrrw1B1Q!*)(CvPuEmVfAuL8{+`Ix`-BSFTBqaQD~n=p|< zJ6mOj*T#~qKb;Nr6}z)Qp$5!RL9p=$HDaAXq)$oV>u#kW zV+Vz4fqzTo?k5VyrcKsF4fz~UMrqhVZjb#l9ziP~Q9B*v>>-on_kIYn?tmfM&#!m8 z=&{rsO6M_uH9{?e)#8G+VAGaZ|=JuK-F5 z3s>mMq#qLoBD>s^dSb{iJLwd#jXDmb# zmKvp-T~olhd}($sYaN&@H!4aIQl(cY8P z$^M4FR0Ma>E!Va`Df*Y(_BDJqOBmAv!<{OClE|FqW!7gkf*PpH#O3^(6;EC`#YNhP zWr7lfWF?p!#ISRTU=mRSv$lolX3q*0mlfO9WD)WH-XU&F3{e8{wR{EHS;n_74`F|K)ZN7!EHE}L&^F|`lYvZ~C z!#RDxR}JjORO>$80o6N?QMaFSY@~l?27Svj+J)&)hpxPAHw)iJX=LeICD9)gf=`=RVd8ytv8iqV3GLli9P4qkK;v4o5Ty$!G=Zc3VKgn#{G@dOH ztlwLmHF?+FHbDKnKpRw;bFeQf75yVah~`rdajic4>=!e1G^r_Om`_LuQCHKs z{SyaUQQa%(_CL$kq=pCqgt%*$WrikEZqD zn~KL%BBBttlvcKz)uf5PAZc}s*<<`{-J(yM_;i$CUHx78N@1pW{`aOaacAI!-;Gt6 z9+{<|PxqVpj)lGPb8Z)k7`c~>7fI^VZZwQ81&4PnllR|`z`sX<3f?%M=tKuelfPZg z47#oFZOkmfG+|)g>7>kAer+7t`$grnxF;(hYeO#>Vw9?Sve(;Psy%n!aP-`~q7a_GRl^)I3EHIo3!KuGwi9GWPPtQ=?c?o}I7@s1*%xdco zvDfzDnrp}|Ix$+7{wDZ4Y6>Y$j^6{L7# zZ5`6>kPpOOeyBj4A-T@mkijQo$UTmZq+Ce?C@@t{2ffvxXoa~MDM=@la6-Ni6Qx?j z-^@nqzMP!q2KK9n1hY23+xcZSJ>aSLl*B`t@WOTM~I=?v!Qsrw7M7u|eOntF>Yo%4uXun76KTmbae~UFcT@ z)El1xBHkSWe}F@ln4CZK+hC2Dx&pC~xXFLo#%UT@>|ny{hPTWK8=Li3rf1XXB)9ef z{~d0k5*j!Th*6*O&W^SVnsX`N+H+T^!W&iN#>H!`Ld;$|&}I`+>-~@HF{{3UI>w9fxvoV)jr;MX}9>xtq%=Vc+%`)7qWP~ zY!HE6%0GuX{IQmi^H}AoRN(RP@0K*Y?dWzbDrLLZuz1-HWxi^9T@seuX1yEI`WuWo z70i2qTIu)nd#7(9|iMPpR*ex1+45xMxuxE5Td&K{!=l}RN}4EgcIq%ACSqIS?yL&WH6 zs!%f2+VMp{FYu2iWzBkT`VZUW+UxrWE3U`Tasvv*@CYS*qsDLA__CdE4H`j6owRSJ zF`^u$eN6bFJE{^}-CxD{N$7C-frG##{3X8k=KuLUI?x0~2M_Dp9L1n-k(@7gB4UC% zGog$1aPLdR^r4KuF%HJ}&%t(;%@oBYSCPBPDN^M%J6JgDZG`&x#Kt!;P&>j}2_Wa`YA4hjl!Q4{;A z@QiYZ5soL^D7)aFEx1xWX*!|07)*59O|Rf93+=*T?$hr(XEEt(!X#}&Ppw6c@dxSE zwh{D6{GD#eT=}A~B(>safQa^C{3@zf2Kh4pav;hgxJD_~+>>2abOnXPW&iEp{(ccx zF*SIHmofK*5T5MXv1x5sFNA0SRWQzTW!Z8(AxKI*dGlTeq>6SbAvxJP(o2;-gYc3n zK5Ie~o$zBz-)w?d59Ro{v%Uj4bwQ>))IzmP=@lK0UhiP$lNMAIW7RwJ$IW*hun&z&AGNhWF+k`-9v}=qK3d zX(-4^?B_Bwhb7)1>0>$G8KMp6G4{KZ|Q1FX%^ zJ7#7xxzGVUz^=j2>g$U<%`P80r`rBpb#~J&-YTDGqngy8t*6wkp)^pCbf2b=LnEPA zPiCbg^9~N~0<(+2j)lU>hwL^Hgj++I0ErVnZux1Afo7IxBnRJ`n>@)4#855G>Z%&* z80NtVq3Ium{PKKjv-v-Je$)$g)M`0kVFuPYHrAh;0P;rcm2$0;g1+ z!@X;{o@;L3{35@f$5-5J1y42Qf5$-|PqL>wnj}v4ZmGuOVELoA#7OjXcy7>>fj6}} z{RlYUFF#A4*m=I^2nlkhd!Q(tRp_geAIa~)4WIgOP+R34DSbtQGg8odr&sR6 z*Zslt1TfChHjv4Z{#ICDLWwuj{}1}9R!Mo;nxP5I-+W{r(9^#heWzH5jK}5Q>SU21 zxPIzp+>lQDL~eh{i#eWdNmVW&%RwGEq>|H(Lg;M5`H91@tWc9=XL^EiOw z>12Q(LR{iFhVf^!531O?gb2-$z~j23OBmojxq%J=$x#U%p(jp_gMiK5W2Sc{^Of?X(TK)e@BZ9H&6CrA1+8MlPw4ca zSAWZBmJ6|;=-a!Hi@X=2yfSaL3oy+~8u-g0lf$2rt-EMP?>`pD1!L{=;>@Mdf(K10 z`?yXU5&c8lLdlmH`T96&t^vYe?wDOqk>?eMPj%ag-?S8l(AJWeyB>(wc3r3Hgdaa)nSuwLf6#-FJT7RYL?KD5G8Fd?sf6NH0| z1cxJ^@D9(eE#+-5H-|_(efU>ee_x?Z!z10eq(3F)g<_?X#4^1}ssnsjH7hk~+yA9O9o%so$Y)pcs_W1z$l?lCyrVR;uqD9jA0Z8YQ^zJP zrks@=V{OMHNBCtK4HGxlPiA0|L*D+Ep+RTZ6Xy<8F(m5x?$qZN7ygwX#&sJkw2yN~ zkbe#SoyX?w1v6~lV<%P>O-erMZ~_?lspC$Vknr*XGm{xL*Z=8?09l z`E;>JCw@IX?h|OK%WUMUuzb z4${?tKsO+y?Mk0@NjUcdJy1Ym@;2+?(NZSpe-K<4prNXzYw7-c$4an%aaY)rp-v%W z|H0p18Z*ov?@~(Y%dH9W_%FYTQp%e5TO1)i)o=Xyjf)8%7JHx;9!t7YMBZ1Dh6U|A z7imMin>01IEfE2nT3t56aKHwQFfrZykTfBPE-DVIT^c+5+fnqvgJs6B2s%qjvtOe2frleS%qKunwXE+1958r?6tff*6U^oDL zfeas0H}+9Mgf+ut#@cEnzubi>mcIxU#ty^m*8AuxXP_PB>zhDXkeqb~e6)6G;9F&9 zrO};E;Vlbu1|h-JSC-@ykDH_?#4Cx(B`)4XWeRYj>WlEG_0}-%G0F_&Rr$ucI6HXt zi^>gS-bBZzc*^0-mDfFT^w8Fm+#LcBJ~K8MPf1|`e>(wx*<18GmPXEHlx~$u(Pb8qGx!fmvkT&sw(baMi*HB@X2qkfPyRXm zL#h5~E?0;w+RW}-Xs+YzZ-W9O(EAnq-Yrzz#Wve`X!*UCzilfufIvBl(=blu`r*NK ztBN|PM)$6=GNRqX`rMqT9f*gye~+`}0p&W75j{yP!JlH4u8U#zPwyqjxMt!ZB2=LP zyAPnaD?OzubAn;0-MY~j^vL+Uk~PC@ruqx|sEM9|k1(7*@^t~hQkPJ(Eo}Dcx{%%~FvCtw zz8pV|*_BbS>un(OgqG5M0G)NvBZW`gVaqK^G-hBt*m7A$s^&9Qv3Vc-hm`+4QWzok z9=&AkG?LH3>>IH@F(-`0$*YBtat)p8FHnSy5RTysKonGM;jvKj;(c+T-~`pIs7(NK zYNv~5XIV5$Kb^N_KPsYec~g0-#i9Kmp3=Np&QgYrrD4+~Nq(kI55~x$qup980>THK z9PO8H=X_InD$K4LEqljGo0s?=*zmucG8r_R2l)D?8q8){3CWS8EIOJWKOTN(gr)h5 zsCV&r7*h+wSl((Uy-v)5)|VIJCxD-0>_?7Ry?Ha}zefM$$YLWYi1=;ucf)T7Vixc< zr7{)HOBRA5B>+fJx#_Hs7NIU%_(9m?bDfz@->o$)NEu5QFKOt$pkRcfdS8u(Ys*}_ zj;oJQuCyBL35u-@HCORGMu#Pj30T4F=P7ViZ9E2#AI{vzc<^b9aeO ztm-WhH#P31I-D)QkcG+(GqFYWWsTJAB6~RpWr!jN{~;x-I{p@sg4uatk_Y+M;@^30 zPV(r!OV$CsH^=AoSf4E8pXJ_Gb$6;@Rz{MZ4*^Oq`N`7yOHkh2I&p~>E_TaARW@pr8@-aMj8p}Zs~^a!t3|@K5N}M zGkf;znI}YCENv(zfEW#0CF(innUI_zIqH|4i7_EZMJ{fBtBm$|T;E?SVsa3kki&)7 zD%S69&6>gUWw#_=<7LN+7{|fuNr7^rdyr$-NHs6nvl`gb z(qlS)2QR8|_K7Q~M6NoZ?5F}Z;yFzLXl|usJ2e3RB`f|jp_``E)9^{klZiX;j<*xf z=YY5$#b&8EQp>Ru>_%2nx#RNS!=F(-QGGqI)QD#Z3sw~wIdV#I*#E8;@g9=LaW%gi zw6VT04&@-AJChe~3H}{^atARgnjAUgrv$r`h}*jzmbVUbk~Sr z7T1ZMwN{odFH=G>m*Rt$+hbGp*_9f8JHsR7vc&%d_etcnuq(*)!TW2QJb!s&3h(K?q_gGUOv%_P3Uc3`P&B1hAWG?w3n@!Kh#LluHev;!%S zP@HRv=ie3E(iP;g@B42yU1a8|>-AL!=T*NF@2kHz3z2U`(UXui7wHBM4oo@Oqu|H+ zpHFIT06uiohtOV_UjNqy^%IQB?}E2mBnW|M5iG;faS)~3y{Vc_(uYk8sgU3;VQ(dZ z|F(p^DGQe6D}*7z#hO|m#H2N!Q5ObJDLqhYe3kaB8e?$%CVsr5$5j2?e;`cIh7y{z z|Ho$jWQ7mHz@c=ty7{B0U(b7Hv(6ZR2a~P(Z|mD8amu&=fj=c5bl;c3ozUHsr!Vf> zN9#K%HO)G&R8b_EQtC!})=8On*E>O3^bK0rYsn}HVb#;4LlPf&<|J1Kpi;@)bkInl z#j)~I#m+;cwQg4AX%b?@{=an3q(Ti){(fUB|5aZt12)`KSkUmRILZe=X$5MVV^-_q z4oL`#G|is0_Rjg7q-n>2EOT`X!{^SuN>`a93zvg@eQu>6GtPU(Uq+xlfpy@Zch!v2 z0d5I22s6&2OD{|9EswB2xZ9LN=l~J+lb)mdPb)&j34RNL=1j&A9MWBh(ZaG0hJx1r zKWRu&zO5YO@B=i#tPyMqK|kzkhDOJ)S0o+K|6p1MvkK(C(x9 ziumTCC@AbS`PXrM@Mk|VxtcbhrI~fF9y~}OM16L1`~Wb!m~{lvTXrPnZto4 zKeEXcNR!19ZmSQ>9M<=+8buY4I;67$yJm0vs`{tM<=CNF}>B#zH>#06!nqeamN@X2{*6 zE799e9{1L__BB|oAgyzVD@X8i1s|OrKA7M(C$xvwl7Tx~Z?Ln&-?m@Y`1QGdkEfR- z<_O+E$MeJ;Bu$fG|MGd;2Hl48Wzm0EcLLa8+vO|XuB74V4IC%T7F^By*z)MFGs)EG zv6S&Du(-toZMu|0{7VD#YZX7rr-Q*G^;UXRaSDx0_GFl?cSv47fFz4f{7Hz}-&7n1 zaATR8@#&i8jje(3J!%c(#bKldvAJl46Pq6u^+5#KGJluL0P=Ivm~T?~V@@K;*W`0GEg zhu_NAdKRjSnQVkeaK99D5Z!7&Y%L3YwBDRMTpSe#Y{c)ujOfC6LTGe2?Qv$!ZmP& z$cwkDr7M5uE(+lA#0l+ltlx?ODm200w~bB6h@3gh8hsmbIOOOC2dt7K(d5dE7Wo(X zcQ3ze?pWcN{RkSiCPvC4gK4sfTz1A3&Zc>0$;>;F#bbXai`;ucM0;=Nq4}%#%=>)( zN%VYCn2NO4+vfu&?(t@G)N0|DVHd%P#+L;K+!L!V^$O z`%~8?Z&PkXP8pwVe%e467M`PCn}UO1xy~BeiFkrZCui06GobcH7*-Sle z>6H24`3|5VcstGu3a`FmckoBBZ%DPdw{7l%56CMf`ZmA1!O_8 z!xS7>d41tGQ#sO<-o*-H+z^e?I3tMEYnRIb(<|sO!OizZ^zc5NN8LMUA(-ow16!xv zgT%)Y2{ni5h8q#m%rg7SLqMhE3~_bF?_&8A6^vW2T**|!D^;OKBfM!~usTN)Q!E!@_zWNx~JQktXS=NH5h z5BaTkNi@nsrl-y^1IG)wTt5E(U-c=?^LoxXAfO{&|5BiIlM<4)A8q~2_b*TfdP4j z{sv#U>#qY?ur!~H;K)Pusn91rUNI2iL^NLD(sA^Xpq>Ik-;6dcQ+iA&d7@eycIBVT z;pJ){ycjuzON{^25yDb7Vail_FM>gsS%OjMh&Gd{5HHt?#)>8|1eHOnjBC!xuqO{O7sB4?u)6M>R&Gecqh-9RENGD6~ctAUisn9ppTi& zcHk>13c2il3-qoMam4SXcCqaCSp?tnFYVmhfqe<^P>)5vI@5)cqz&v$B|@+>XIR+Z za1U1*PGKgu>;A}JiK2<)FVJ+!8h9*`blL^h_2wK}W z%HO%evE1=F%3NI&qI+L>VtStHZ4KC#-9t81Z4*d01PwzHVacCQr5XNyJov4JP#5}V z=Kbmm3W#+e){WGO4KKx6MI8H#OZ!z*(~fK5w>BCNJO+S+`jVr&7d zk9y!|g_snEkhmm^2&w6KQ^q|IsD7!eL`qqQaykTZlQ<9r^_YcA2GS$&`xwuG0qC0D zME?rFqZF}`2rvM7%~@;v-nDo{4bi4sJLyWQHz}~VIB*ItjQQ`I^R~nZ=rw5HC}*h= zca;ty0cJtJ${oQ+!Rcsv8Jm(a!e?aW6^eNDR*h=S^pq)L-yIjgq`?8IXV8=vkY7v?D*-9uO91i)uHRMX+F`iEIJm z6wriCY&awH&*=X&J8L$J(qiNSGLX&O7-X{w3UsO}w)&XD+^;%@b$jwY_Oi$APePCW zE~=C^G%n~(*>CIrmIVJtMuiSlztp+4RKZ-t%ueh^;VSd?)<8e&=+|E6JUY9)!%q;g z?VuPdmk(;~S8^k>+?9>?40yoHYB}n=`eoM_Ldv!j*&n$T44zX?d%dEUZ_UM`?}P7W z)~$aJhw9T;$v!9+Lq)gezSJ^1-B>K6?-sD9fBaAdqxs^n9ONSAT)Z`!=m##<(iW;p z(YWs-(q1T%qA;iOm-@IS*s4Tk_P>fQ1Gyw?F?lJz8e0g~gadQH)Fq+V`!5nRo2An4 zx8q8SUy?*ugxHHL2u{f`R`N^TS~ZrxEqiQd68K&_Oo9DXqS$qmaL}o7zZPROf5jH{ zrnEta5))Oe)8Aj3nBQHFnoUC&0%t3NE>&IjjR)cUvTRY4W zz%#J;jh8C(iCs6Sf^K88#DrXtkawUaMQMoo6xT`WyLiI*pDhPrvB;=>uIZ259ua98 zFKO_#<&6Dox*5*H+Ir?sA|hgnhL?T9CV97cb3X|geRjS_b9^4`Q@#e^f1IhD>WDR+ zo$Y}Ue~LbHtyV|Iw?-I5w3PG^ z6)Pzu=RIya#1YJCjq8sO8qpRMC5;ynHvaUsQt5b!v%CZTG>u$K=yyX20!M>LN=rE( zM#;QD%WWw=t^l@f(zZ%Pu_{=uWptwZG30OP^u&$auI@p1+{Q#X3r5E?4om}w*wKz( z_^>z_V9>X{KJ*~TKZFIrx`Y$;evtM~{zlI9gZYC0_t?cJ@97YAtDaM>=@*$X$&DD} zQW4M(j*)C$&RYt8{}f061cj~R#y(op#jhhw;W5q%bYaea%H;TI7F1$+v|uaub?MPh zPYyJ;zx~kSba93*Z6Db%%K(~x(C@!U5SGLV8(7!Q=kSkMV72p7JS$F`gmveHD0Is{!?S)i{uXZ^P!nk)*(gFOZg-n`ZX(+d8Tt;d9&hfDF zuvkqJ$TO`dav0Ou2TTKNhsP70mIrI<(x>6%oa}~gp1Pq_W>Wj4V6&W_ zPnrVw`JeW@UscnTK>)j_k9&mX7zF}%MMPRsAT0X3$}qH~MNS7>rY#Z)wAdibkFe-e zRe_}03OR~mtE)}4|3xVuE|3>d)1@*11cnS;V2OXu6anKT<&p%jdSujppU4w*yTxx) zK%E}WlF~eZ?A)$e5MU94xF!LkRk6v zj=NlAaz*Ze;Gn-tmg{Sq-$h-o%`0cOJ*|YRyCko03#rrg-_hc#fIv+o_;bmLmovLT zqL1#>*iuGb<9{c?$ITpN#F?ZCpW%3sYXhk{`Rg==A#C8nQ_2`NsE%b>T*diR2AoF? zytpn%+A`Nh%JwAk%(e*6EllEA36fnbHfq{DeX?7DsTHQrf@)(W^sLvJ`_oX8nqKHF zup#Co@+tBJSRylSOjK5}Z0pUb@#Gamyg3c+zl)93<-a(CKMUNEq{)eDE`hQ^g&M$a zg!@6FDMW*gwhubl9!g>o=xgCkpboM6$1o)5-}VxTYcUjSF|E%n)~6%1Lx^0$t_`Qr zJrux5@p8qg!GTR@xB4ajQpVA+|E8VU*G(3slfcrqit>B=zo5;O!3xPL1PY;kiAmih z%O!K(3^EiyTNR5>-Ns(zbOuS8B9=)%!H9DD(udTMO~kryKs*7uU-SRauaWBpTe%9h zl8G*IZS}Vc&0F+(*44*C88Z>UB5$`NM}F~0)DEXC>(Dg0XekM=!|1NOuX{w&Eu?)N zks@2V>RCdGl5f{4=5rekZ^p;7Nu9`+epWl>2m3Ow<6i&Pe(0|aN~K0N6SZl$GHAgL z1;S4uh^^S{W5q`V&Q(q!lDhR_cO;$%wL0C>S1K}+T>0?l(K#wJE7Goj${wzaci8^; zClL4HuPYAyIrq)=hsr%^W<`p`AH2^1Q9s>OWV}0fGB6vm{lj6Xl+nD)rb(DCH6kqthLn(s}Ncu57u%LwxL!#n`+meVL)GQQ8{^|dI{l_F z%P;2-$tQ&Erc;E;!1I9@JvE+KLj0cincN>L0ZIi>LfhYALA~7}e*B&u>bckHVLJV< z6X&0DH@&9it0|coo;2ac35npVC^7pka{XYVR2YZerXRh6K-Nn*f@up)@z5d4TU`U~ zeO_S$g^@RO6U-$;>#MzR>28O*J*X4{hjbG9>~+382`;8^_7@ve2c!3`f~&ihrWIXJ?BEv%8cNc)w!`pI*r4Xob6S38rp(Q|(cxe{$)u-MVUDNti zfj>ougT$=@tk*|F)wYc2?g6)$-I@N>opY&(?ShVbnX;c7v6X|;KYot&dcDAY@8jLQ z{<543Gh7?O-i9KH+od-1d7#`Wv1aExu8R!(P*-Jehi=40<#fpRMN2q>T-u!&ZIfKS zMBcrzLA&p8;F`>5r!PnEpHrusi-cQ`)wA`$Sm14hog)PLgc9q6rL(_>+waSJ08s0j zhcNZ}w%S~A!jxW{$GMsTg=@cWGM8c`1Vl}9D-sch{4h|R9H@Ug`!_L<^g6uSh}ZQu zcjOw;zy9+n7ar;Z`%Te712@?L9*%aBsRL@ygDiI_Jr|q zZnDTU;Gdc~Vwae0gCn!CzI1HlIIp&D^tm_pam$evQ7p^)bN}URW|M09emk!6RZi3| z7d_kcG42knjB>ZX)`2CZ_)S-Rq2^V->+q~CmT;4#cw*P@{@gw+ckHG7dUY7C)V9(~x9RQVoG0f#8b2preED*< zmp?O&QC<79;v03N^>%ad+v*y-rK(6wBtKFF$Y{a8U!&2197=<~nf%G`#b0J%7LSZf zyC+NneBPuUy=fEU8DZ1K2`F6TU!~wB)6Qyr`{6z3e`iSU+9y?1+dOI!T{%*mxYQe^owizjHYI#V9*8^eRtVvaT@d0}8gu+2sPeAv*Noe)B2~gtub-eqd^gn*cCz|4xKB4`d4`!-6BW^8> zF~Wq^BOS^K)N0Y^q1exlPO$9b3WXBOH7)z^kE1zxe)0a$BYPyYz?An*ySvvlM0K&9 zNY5n8roP^6uRvNb3(0y%oSVMUXw;r}Hwt9!V)FC*32KxPGQbh9^m0dqzUay=7jHp$_;ggNi(Br@5TqQ1 z1T^rZ3*htlBD?<$l{0Y#D>(I~s(X`FlQ8?VU zD{<-PJy#NxrsNi2C%gYDPPA8;aPS7PJyS`0Tr0~b@)EctGFv`3>4YK<+`KVzD+WLN z0i|@pEJv%*pOaI2eVIkqXLgF{xkAXq9 zWB`W4Uo@OZIR=@GAS-CZb&|Zu7lSwuhJab@Uq2kcfyfLF1`aqF^jaZ-OqfbdLYONT zVl3#NVEP6*$^iP4*yWhK07}i%l7Z%8;{EAdEh%6w4qP{Zi)_OENg2LCjTuhr8<(;;sP^rR(?U*_GJ=ac%4D(K2 zVB;RKt+|JIe+Fz%0lKdt&7L51(Ddb(FyxnJa{)G-`j{(jZ@lE5Ar~M{-rP2HBL5YHsVs3Mb7Dm-#KI{h3*I{jG%`X8JDLBcrs3S`~ z4WQA7Rkr2i*xp6XI<+Qu-JzU^qXHR}71w%3UnVeXmRK}>6Vx-!jTrU<%hq}lx`?n~ z+_ke#6KkfJ8^TjKw2=1rX6^kg0ajSQDZl?DUwkRe6Fc7cPdG$N>&x826eN8D(T(#{ zub{AtZuea?x&3Kvmty?ol0A!; zGc1dD6$cx;gfDI1AtSl(8p~5tT+rFKD*JvGY2Bw!X_V~mA$e(v1vc_y^4$KZ&f)_F z(US*Iwi{S=yXkdz+V}p6@)cz`0`?B_YBz{+_P;G{fM4$c8ZX$qeS}L336~P&`ybAJ zHr7})Tyis@<-X-EuxR0SeseTdaG~^~gtWCkIK`E;GSH zgQDmN&`M)!z<-#I4t3I`?@Q9<&BhbHpo+NDA3Fb}dx&&tJ&|tiJcAr{{forY;?@=t z-}ojFK|5bOnYC|g7y4R)(N0Z{UN#oB74<8$N_?|0jB$&bd^PIg%!!XwTd zcCV*$q?PT}M_HSKMF|))8&>lr1_KT%@y~YdkX{YL^9sjfFhR$k(UF`-?bj}foUbi#5OMm209PWL2hSMP>ylnAx4T5nJic zu-6T-xu4s$cdhr0g9R|K@mKs8;nMdbzR0+f2)5#do z7uV`5RFU&{0Xy*`gE+>(;QVx|PF$0BI)%u#Bn>he6K3X##hoo0wha+UU58RxuxAg4 z-2HBQ_|=3d$F^=Vg8|+O__oO)i5o9%1suL^F)h^D<3Z`Lr*=ZKT*fX)wY}wHL<`f7 z-}Bx+_fVRCBlFBpRay#^JE=6u0v(ZAEYW3p7kIbQTgPaZ9ajSkF74p=8VvFzKbJKX z8Vu~+2zdvICl=y%6EJHiz`}5Va(4m0f_nrZm>7Tvnckg6YO zBJc>kI>nNr-J3w-arywAyao#*VyP3ifvs<{^5nj>=K$~CJ}n__d{N8l`CUfz7d7SG zCEt2qCGx2qqK>y(AWOUot8TM04OAps4NoVWn~=54hmR-{2#I1%+qWAmZX z=u2GRDAUS}Ex4>6r4I9X%y7Hj?L#Y<2N2u~kB_C7@(174Pz}bkB-#$**BwmSbLo;& zF^Ez9W{>iW454ifr?O5`4#j*@#J3J&nV+mKDde1L&|Q_@l|=}H9wwGoH6cx^HkRV9 z(?)FLtPTU@8%E8(8xbc1#)3}R!^|Y?_QdRZYU@kqCEa3J??zlmOV<-_qO5;dBsE^p z;~!oc;!^%+Ym9lwAT!ujBe1P$EI+DG!_CPw6$!RFLqb9oc#zRAKYKKQMiUvlhCJou zJKuFcX+>G#@hhwTgyLuOt-ZL;`*yMa*LzoI_vCl>1(C!^E#7L}A2Pv5B zKskk}WE5uiAzC|#UJ?|bXQa-BZ`%@WD5R&k9`#xO-aY<(y+xt^UPRBLC%L8@=pJ0K zlu(Z5Id*Z(&r25~9P=IDE8o`u&7gb0M!3VZh;!Vy#V26ToLRN8h;QwbzBBfwv*bcl zcwdfRI4YDvDAv2dG@rA zR`b=vIzF?DKdV9?6nR2Y&Az(o84um>%P_8>4`hAB_gsw9+xUu-25_OYloyP8V7;Hr zR3O|wqc_V@jKCUpW$mx`Fx|V3;HMW49)}RE#@hGTV5R}vqM{Z*gYBNzsd8?nA%e^@ zPhe(w^kYMdS|kJI+1rVp=6=A9Mo`+cbbrikD=>RMS0VJLy7xpX?CPXev~>&B;iSn{ z@fW39JkQ>X0tL-0;NdBy#M{71c6L-Fyz5dSDmWh{jSB@MPA650AeAkM^U@yGj(AC1 zZr(Z7T~|P*JT}yms!v4aKL})^BcsQ8+LMxVX#4o1Ry8Jo#luEuJ)SmR}p_+ItND6Wm0bFg$4w9B1G<|5YNXbxs!!?4xEd4?yb`@zFvv(2Ko9!anbgD0;ZNWX(S`%R zf#E4_&^BU_Id{EYa!UxCH9jNJo&RXp-lTC!mACSd@BS@Bq~suX~N`6 zG^oFe1X*!^O0GQ$X0Ag8(VCa&FJ6*blscxkG=?5I`V{YLH^@UWcAd#jA*3`}mW83e zaAIXj+C^JynXa@f^5=Ss()IXE!*RWK+)l$iYOtH2u=T7A5?$3x8~{!yA6^q>a}PP& zvb#+DVA)5;h|q#O6dgnASrPsKTuQ>rWicM>nmdR97A@=OK3UDosas7I-*^j*it4n26u~kH0Q{(6Gfx@?57WChW*JM#1V4g3!rmRr}CyP>8 z=cID9J|Nk%`K>YmBspbu;LKPK#IcG#$yxvxn|hmd4JufT`Pf=h+n0V&RZmmwa_F#8 zGeB3)sI{fs+YgEL7hL3wLx9x~NOQonR>}>;dRcYtzTsIQnDH9fD4R zKhW5DUrhBk9P9SS)Dg2k^v2<}&f0h((QVE@s2wiPz97>{{KFt0iyR9WgMjh0Y5hWM zwnD0>EAx*mR-EPI+Kh&6 zkG<9T_6KNwyj49@&ghiKICQ5$qUkf^bmSz!*{HZ)ZRF{wrn-x3UZn&4iKY8$wiWmt z!thM^sxtH!{jtt4jMd2sz@^q+l*Gm0SB?K--Igp#b}u}`iHwVq%zj8 z8L__;%Q8zYXGK=n-zfZ^t1vK+=(p_c{!ERMh{WCFw1z`DjdznFx-heL8&y#81_aSxCPTG)qus$k@Wu*s65r60Nk zbej(Sw~`CJSd@Qh-BP?5rB7o`Q=mN-!Mry5!xml%8N~Eb6^q+PevF`17`AWSja+s` ziDzQhm|;OR;8Wxv{%Y{l@`3#?pUohFl)Fg){jy-NG#oMNL=#D9=eIgmw;Mp9;ia71 zsI(AEdtQv3IbdN}Fuy%H2S934befG!4Z2zO7n)g%FR~=&?MZj^^Thf(xai4 zh>9@D1a_eMw^NqH1ZV$qjWG@-)a8oUd$4QB-*w*)1GOhh`*}nMk4TBN&NcY;6rV0} zNqYy{n@jdB>8r(V?cFFgGJeQZ@7zNk#l$u^H!kFZ7|JVLhY}zbI&_q#5YsG8%1AL@ zDMt(+JlcyN+vlg@|CF8X>DAB?q52Xw`GliS?MHw8Za>7N*gyva%l4b)Xf0%>F9>h% z1B#<=h;H)`bP6OdlHwDB>i0YQTy73+j+)@L$FHgb7}r|aP4S}SyzSCNk=2>rGjAJw)osmHV+NJPIq?QqY@zE+vKcEZ@4d^k`pW8BVY;j4~bLtzPB$ zWMx}-C++*S^km|RE`Cq)sc3*a2B^!>8KbnHN%=EEsTK1o5b}GFOoK@1lf>%8Iy3xE zOO9BFqiafRS{pL<1wobnzbbjP$huj4GdkYHJ(g#e+ zn*MVlrZ%}_8lHWAR1i|!#E|fRmq{hKTT=MCym;) zjPlh;dwG(T%92xFDb-)7f$c~>hU%|HWeS7oB7WQ{)f)|V`<-lLFk_?Ewr6U(`Pn@$ z^o75A&OZp=;S|DwA&B{soyb7<{mO|OXtQGt)=5%D==ai0m&DATyXGv-_D_d>&w&HT za-t1shuHQ8S_;CYEvyL_}%v)L5+>q_JnIl8hrA?ixNHlF_8QC>kvlJTz~~` zuZ>({mHE8?bPAl58w8Q2ztiazQ~*cLi~sOk6W-}JV90JmD+~d;D>As(d9k-S*n`hr z`j&fR<<5w1uuwK4uXyxFmkw&Pg8CjWJ%1&HL9yD_PuHBcptes22aE!?jy;~&bd&DxiV$DUwu zvdfOJGWfj^fS!PT;85JUR(?llDUAUy_4OLA*{sYN1IZfP*fedm-=(NJRI6u=_SVKZ zxU=OgFl%Ve#zSEFiC8WRDJg%G$jPGQjHK^3uGn$HTCnTzUXzd=t9OSRO1Rg0^G{=t z1sg#qtz@eZh{5IA>f+gYuYammp^|Z3kLiv8_8m&saY8vN)5uioOTvp~e5a&;ml9BG z;)CL-G~|~j(H&~>*S?l5$T#U}QJCdR9TiHMDynYa4wgTtzoo3q#IZgGzCs=n3jiIV*v#2a{M=`aF| z`Qtc_lD5T_ZKD&Ml_Tra<^`4WKV}sBptRQTWn~goZB99lQTpQ0-M%uYU@VcocNvBXq{l~t*Z^KJSx7puixCAn+aeUi&*;SXu)4n8>gU5 zaScGhDEC<6C!6CJgbJQpo`~J|AoV9gSv!bfdKQ~EE&N$!)zKuB=}C6>p~hpYE1mcu z-)>j0EyFbIrk0h5@|c$5hh9ZFa*)|B zmWd2m3W2@lFZlC@Wk~4J)*-fnI|=gMnFF`(?whSEbQ11zkwJqc=w7aTzIXh9DJL&R zz*hRD=03K_fyn&1ZTK&|-_$klt7u>K#Lh55ze93^EMgdS`4@)1qae01BtGzisBSzn znpf~Ii~ei+vAWe#{e?ephta=88(1K&*)4yY1Wi$lP~rYZ1}W#WADVyOfhMLSC#Zjh zi=tl*npUN~btm4N&UFiobng3Zbn(GsNN1M?z^ow;W`OPngU5MbHnFdnElK_*D+V&q zQBD27>{Z*tj9k{np3-Nqj>%3I*o%{HdgiG9{_;Dc`ZJmcxT9)5XPyU44N)!-9d{;P z9Jx;@<=YaW+04P8$7F^PtHd=`qip5oCG@n0?dgnZw$UY;u`^YeFExxUqga{*SIS8i z0e#%cH6DX~rjf`Xgcx{iS3kA1yy~?++9G}u5>a|A$N;M7ZKJ)L(PQ7UP#T&e3Z2m? z&OkpEqne2z+U(t<2HH)>T%Hs%k{Ar86W->f2@OY86F4BksmzV_nSg|(GkM9C6ne%yW(3lh`40?qi>%t4zF1XOU60^xE>!W%Cx8FM z>i?L%4W^IT?6VyPwtM%J&K-Ti;M(c^yr8?YoxDAhYsN10T76xKCTFmg^-kqeYDz^lm zCui6)UPmIus;g_jF=gxaPtB6wRqJpvPV{Vka@OJ&&2}7zoDY@HbtTW|#k936${cDt5)oNru|X;?p?242l>5Bs_&KRbO@1khGO9JTyT+^uf#4WMyA(Se zTpC{&f~8vKGm>h-yUJ`CLi>$LOVL~VqqdW4mV4b^N~+HuEbmI;7a^u?0xv)A}k+vA(c57Vq{3rt%vw@xvK zi{?^1Og*gQ9mJ6G%_!cqq~;Ua>c5AQqP!ZSXmhDuk{U)I3qaQ*^pO7_kgPG|TKZ`gIO}&hgj+;GTX!|Fl#NFSY z5LA74N>flN-`&duz%?zz_Gc#eamMJu1HswO=8>jrna;|kyEfa93MbdH69k02U(^mh z!;Pj<-=SbH?PIhCR1HE#NMY&6V96va7v5L3|D(H|!|scWPP$!Qc}^^^1z5~|`abJ( zu?f39vPlOnR!v`Ey7gzL^#Sv~&YgR+RMttUe-ieMCT>&tvwC0ebIVeAQQ~*V&0wuy zE469;DQo@<;YSF!vap7{yx)FkvWQR6Ph17$2*vL3~!*4s3!ps?k?Z~XoWtjimKQYQ& zZfQ7enRIz{(FP%avtlqaq~n7>?$%)nDy1x=9iFB=v?W~Xt3<{b64C*%YU zb>wFwJWXnOiYeRk6QZVk^R369hC{EDK%^*beXUJZU-)@r>SgS~?y3nqGpVDPX3 z#p_l*#%-H2+LUQ6C~7z=OuYQViRV=pn&y84Fh;N7Zt{v8=}c=wrm1^_E`7>RnxuMW z&QFOE0m>n&F1j|V8lekA$8wLkfe|xT9))$tOY1vvs>S8DAnO+LuULR)!Xk#+R)nW! zgDl8xaN z_F#3m-o&&jfBAZaSq)0$m#g(XyMb%MbL2S%(8T<-oe9juuFWwIv~QE0EB05g%7w8pfVCNxCLuD!2jEEsW6II9M4bUa7bQzWLjqoEI(kX zBTy3mG!ro5g)8lYp6=;Vuw9Z1AmO~@m`s6dV-;qRPZ|zNP-Sb9_8|6iJFNVGte&yu z_`IpSH?7d1f9&>9q6txwqqz{R9hq3#@u2nO(q=GN1ypTM6G|^w_RuaYu(wn({H$bZ zBW<@qNv%g=suMyBmXgt2=%s3}5DUZfNN~|uD8jlB{&YRHtFqJ_vGJvB9R~?4TeA8& z>K;MuEM__1^zN!W(VnY!q)*-Mu!hLz?pChMF7qDwFVn5tyyMmFa|nq&Z}#?1zmqgJ zM$T|t0i;XUrG0D#RGMGuFH)`eV|aXf(6;dcy!yKomz+~sB;8pXocNQkqV)>#B2)z( zKI~p+wuH1kgi(y3fHw?ch(e`PMB^XkdSWPzwq_Kgw+?LKZrsy9RGU>tml ziz@PcWWPNy8H9?X~QqH;8cB&v-d zI0b_M#aPiiERX2iwasg33;1jwy-ZC&>F*8X@#4m|dZ2ZZo53t=*)!(i& z(;TiTE=NfJAU?zeT4xcA>w*P@ZA<9vaH}8hN>UyShS;C;i$Aw75VWJX38>yv^mu-n z`YZn=s9_Hu$_W;FnnJ1+9=ams0(t#@5)z*-Og~kIDYOd~$5geM2>)ms+TWE_q~2MP z-tlY=X&h>*DwVh{UhzVxF2n{;yhOZJGTv6DCf{;8Ju;grW65bBAou}K(^_F1ZT~(& z0Jm@tQQlJ*Jqv+allQwKLZ6I430cBE&Wu+?_5z9C2|>sE!f%|>repxkt;902VA=_^ z*@+v?DhWL#=Tbv>Xy1?@n4rh6HitLvB?~68IN%g6wM_xL;>3gBws$@e^Wi`Gr3(LQqo{W(2aM5^_xgG_| z@IzTNk-+k}?^v+6BBSy@!&=sts@cX}lR-7f@)1+)x4X{pZ|MWJI{Lggss^+^G7~Hy zEOL5jFL7Te8k_H#x2+twkduDhIZty68Mk%y2KZE`i4v9vtJiT}hJt5BXKLU2i!Ugg zN^U5M)|1Os#qS8)D%L9EO?p{gh8|95MiCq1`B8i-qX{*oYJIUc!P9hUkvxyUT4+*!=#M?;=-HET` zdmOplw@tt+UN`PykV2%hMB_iti@{L#9?R}_7|N=qQRdw_K4ucAJAm#YRg;vt^IDEJ z`L(4r@a6Ye4RLnVrpslXf#fvXnT)C>u4ZpQH8}>3mzv?)L~(?{hf;GC^22Z%+NJW) zQhvRDJ8w-%F`OUab9QMs$kX8N8lt9W$ZpCa^1waVM11Ls8r$dl?}4+9t}4|_*x1I+ z`95^FD3h92I1cKQ!!%Y+atA7tBh@nEZo-;*q{gh_c}zYNzoLf90X}|Z<9Y6vt&6a@ z`>yjEViUCwT9lIEy&|+IhjRjnFd8%dmtx^&8~-4hOF)T_EMMb*uAC+|!$cwzSRRv) zl6w>8nuxJB?tA-KVHGwR9YHCtrG6=}K`us2qTVjxtS$2n!c0wlM>CP#zp*YWjzc}6 z-a{!zd#4NVccZsPFq}8Y$<)TehrEk>yoN5(a$!=<{Ro%zq zz9DJ;{%_y@>Wc_zNEIoC2sjk}d-=2`LP$YPp04(Y^ZV9E&m`9NtR}ocXR?$2?DWUl z?tPY0)<9gnC*;i3|62RXxHz_?Z#+Vfput0Mceen6;64PGz(DZeP7}f1-FwPJ3 zIpmZpa43i96y>oniu?WE?;4$EC2-?a@wIll3)&boD9kLq3=g6Wdmopy)2xv{sKL|| zUV8H_Cw16ri_f|w?L-^Gl0-&(DP#O(rqErlM*PDg3cSxm>mzM6M##%BS9g{3I4e?t z*=43{!z+%g#vpG??$IUSnMo1KzM6-lEKKsa{Z?m}ES@k(s}Le%s*6-atf4#*|Il=@ zUdnADv}n^61+@njBX@Bm)H>*}XbyNp(#TQA!J`(_f?K#8v4=i=K|3V@i7`I=vxFl# zPB~W65S-wo#XGE2wi)wlNy}9A90e^ZP>cin3<-q82~fOn(+_yYkfUTvh+KReZT?NZ z1WZreqRiFwQA^N-{R2Z%OTUd-0*CcrqWYGGHHGg_pKJ8mOk9vfnCjt4uMrZ3bWuRT zrF4ODUD$Nm1nX3l#S}x+&=ROt^H|&TP?jp3b4%qTB(LTnLstmd-0=in2*|$^79Egh zM0(HzmR*<7IuQL$bGY<@o}F~$af)@q`bxZPdvSwYHsl#)qli=}gH(sBqK*Vo4K_~H zQ*3i-h7K89mHUKH7SY>XIZRj?F)~tGEtdjgjs}DLf-d01}i?I zNzoT00_YW^KeD(o+%WwBIVd!R9`^mM{%n1$G4DB5s4Ss;duHq{RaZcoiAFXNaXU^@ zYNDB~jJt*Eq<`u=;`qy!@cX+WlxMI=H?0vtrKC`Jf4Nk})A?Y_Z*j2P33luI*pVQU zHYg?9sRQ{!qzu;EB9q-Ul75+WZU+=C{40IBVBNLmRB5z;PS`Y`jW`txx1C0~TcY3R z*N(_!TasUQhpk^a5c%v>;bfDqaD3sNBe4b3Sus2D>mRfel8$u9zF)H`isrb6(mn|E zY&qR0DsX%GVSHmO0oRYqcSEOW!QRs{yeB)hLm;BFd<9J}qbXpbxITzV@J4q{Af)br z5(?e~tc2sw4&A#*c_#w~7$FR_Sg~?U7Z%SuKlQCh<8AQhzF^G%L$h)ZtEd&HiV}=w z+D?OQPra$ZzObuWdFlhNW_+4ZMIy$k_W5k`l#e%Y^4uz<<`aXuiy(#9#Hu6wg<9l} zKqSywgp5pZk)h51Y3K!>-%(LhpnB@h@%@)fJNXk@g$=J27$~F8)pi5l?n%>#@RK|> zpeVZI^5R6{CM>+WFA5-j%jfq_v|-+uI2UfE9X#(#Hf)S3%2*oU+x|#n82qb3cm3;Z zk1Zu5w&Dez^3&KG*a8oJM)W059LEL&S04Q__CcJ-n@)6wn$J^5r zQeTBg4tUA$15a@YEIlnLO(Us=Jzew*JPW<13({N9acE;|YSnykZki1gih~uVgl>;K z-)T=No=Omg1SnjHfgSRZK0vG@ifM;#W$nFnMx0QK`}29mbHB>8m}_DIMh#kVLDXU3 z3VBF8{fn_Q)@hEXvE)P|1c=xnG358A2=tBS^seI>%TuUk{aV(eR`L7k2U`4k7}~8_ zXsn2$Iw2cU(PHDBU-p~;rfd8Hdu{;-e5i3w)B*HI;4hTKcu1)S5MV$%^b@*1_6&>N-8$o@`?5X1E>(1Fhk@s** zrQAo$)p~_4l8P7_zOX7%b2KTmj^y_o?!+5h2mE2Q+cWA;D5KxY?}rI|yi#yg5|W5F z=iXL-JFtqgYb{^>xDtEDFlzMSb(++q42#;~ARBpRd2`aiI5aiDOlPolr8B>i+IIlx zjn~whi=No1tF1|zt^d?Fp0K|@Etfko{@gi@0bww1$@tWYGnhXtKbtv@^ho*=h^hF@ zo!)3KV>lM5VC7VrBURDr?&#*1(?g{nNP?_87W*x{_>6Yb(-k>i^h4d_LO?!^u?Pt- zWby`zF)OpGG%ty)8p+yBg&2y+lr+%h#oCOO?$|o&lP+4nK^RwEe|Ttnel%IS!}~-? z;B5>GEYSF7o9Hvdj>?4R>NEh%e?c>DiKAv83`#aLc7JQOeQEBoMX*;vp?)C-g8(=Y z=N^SfLOh@v$R!{kX!Q%s-c}gfMu=tU?X_=oxeKWDg z@^NAh#Nl_X;*&VLJ{`@~HgbjpC_VvntT%O*6}P2(o6L~LcnDZJUyRdZ%T)-o7*{c{ zq^bm;R1^4k$f!qqCv{3_1l^bYxE~^=&34FW8e9n53+I|FXQ8qqWD~-#EE0YxK^D&nw}@ZXD=XK!GEf7}7pupO z{lFb?;amAsQdL;$|;2%r@vXY!;N0n=^CZ|lvIdxTf&K88vwBrfF0v-3)S?W$A{Ild-lbJ+3CX9)Ab zXwC!6mS=va`rXopI)bEV@-fpT6V7T9b@Vl5bIJmVre=`nbM@2DcQUn9EqyztDXrs^ zoL{ z5!N8qvc1Z~Z5k_UXRBL00x8>UNS*TyGhJ#ay;q}_SFt@BjPvxzqUsqJ~QlDkPX**|BsnOxkR14!WCvc}wOBhlQjr3^*^maKfaH0u!214pu zi7i_3qx54gJwYd#oomLcuiYX?5@Z`Zs)@_Tan(h1qYxC)Xg_f)_yuH04x}H#3a{Rl z%0u&PRNL2QJL>a*>+}Q@^X9AsEt7-uJ2#aN{O_JXBdZ7*UCMCfpM5%kB-nu@;Enjc zK4s+4--myL?+Tubi5A9%yuj_e@{1bqzU=OO!P>NGEa)xh=41YLNaT(+K?jJ~kKQTE z^Up6@>3(BzsZiiAh2z8PEANey-ZJANK&|qu0I=zSRkm3scxpezzO9ZO&HJ(okw`fb zwBO8di{&-N1P_blbLrUXl@(tOC+^cJ8(sLzu$rC zMfjB6zXi_HXgj#I03LtacP+(;OnvYqchQtVOM0|;pA)r%rZ;P_fz9KF@;JZ|RI_~7 za(7Y1Z@W-y1(hre(28|laij5 zgpAwC@GHtd|F|<$8r#SGDP+CbUee1=C)oxxJJIrVGDht-qonV_FLe53Hdu+Do>4|s zQ3G#f{;M$puu91ooE*#~fhAG1IwKtDmfrC%HaUw1P4x7~hwKB73JBztHS@7e_;KzY zy1Bh!>GXiK#zhT-CUeNB-*gF9DNnyw*1QZn5px%1@N=KEDJA9_o+K}G(`+nJhqihk zcaQg&adfLvbdS5h5-}@j2qyb$RpaMo1pwR77QLpMI=^XtGw8<)@R@@Q>Nt_s_k!0- zZ#D|d9X6#OZ9!mE=i_QMjI$oChI`DJmLv`ErKmh&kJXfS-H?qq;!wE58vJ7 zHjWve=yIbWbA2j9#H*L?Ltt5k_CHqTmEdnm!wvYc{lS=33)Hi+Rpg&%vH8>~E&4;4~D3x<_dmaIAI z54{rYYL@z=_4fBlU*N0nrIHM&bo4Sfbw;jyk2n{vXN8#y1_q!Jx(`<9`@GGVz)*?9 zmy$6oCL&n>DJ06$rREk#aqNvF*9KIZ2lR-CgM`N-yGx8X$|dM4HIk(yd7Ty(hMqT6a}ta`$z+Tg|vlQ?-)V`cSfR z+A0cagk_BuT$O6AVn9nH_fNt4czEh$l);c0=++Y`($$5}6uLwElKb zRok;=b|1q$!!x+@(`{KQ6%8mjX1>%}n3Y#|j3(+s)98T(DD6h0pcr#JiIU!V$`wXC zVuDT;dzPb&H1+u&DAE%19=aQ!q`Y7u8B|0{=K$jA{&30%`r^!2FN_>B?khFLQqTu@ zuC#=|Dnr4!PhXE9%)(h?(_hf)yEDN!6|DY(bAuibk7AmqMeu*3zX<=i7f(Muw|y88 zzcqnQ^Yl~B`Q%KCjd^dn1%QZ7EEZ8f*S^K#)?CZd?zZIyqNzuyE`SGb{1{Q7h+ zxH|D3z2u?0kvd9;X&#GR-eu2}>(-}=dhr}?264*#4`OA0#-_efG@hp`1&vzo`w)t( z{G$vH6${Piop(uZ{3N^MZWIK!w8;t`;mr?#H#L&vH{32XIg}6pJ*7@}Dz6tJ|9(-= zvq*pB0O>gjV=(7JMZmM30g8J|(0rfUHEHrzI*<;Hu|TOSEvlc_oXqc zQ#Mw~2ZHeyd`C2UsJVpss&^-hqj*Vs(3Ap6o%cSahx#cASg}I9;+C}t_O6HAtvT1R6aRaN& zO(*#$Z0bo5VR9KZ^lwNu|Fj|fHoB*b`jNttkBykSSC#gB43fV$dD%QBRExx(D5vec zb@=tEp3Yg5QZTK6baf&V(Ak(nI)CC!fG~)5kN6U=`sq96QlHV^h5D=`pI2vaIeOO- z?E6x9cFEE*^>FnvyG|bj77QgK$}CdLrQ0!Nd`fv&B;zzfxY{=G5)Y3u(R#WI(+D}> zw<5pwe=|yYmSn>%Zb(#~_W<=#?v_1~H%S@#eGd?S7qB&fPtlKP9~VnA^Woz|^D$W= zH^k+Q8Tf6?Kl-yXGDfbo;^N}}9BNh4fH`*;F{^B+uyUqr|u>-%FJDTSY7|l5siUWvy0txTM7;e1~W8x}3`3RsJ zTHpR5rtovmg3kV@dt}fC-w#KmAeMRSwt@S$8A;TbhJc7KAL`+2HJ?c^A4di^hOUGU zhz>u{NO<@=m0v|{%#o|=Wx$rF_C5a4kF|>J*Q;ul>Cr_dp|DzdYD;;U18UISui~Df zPV_Z?ujO7O2JPE{CQ+lt! zDhfOP`{uYfJ4QFV;ur|!#)0~ZfmZQqK4R{-h}46m>pb2O4yQM%)49U25)_yk1xg}u z!#nc3FC?Jdk=Z7l!g*GmQQ}hc*?ChBtAtoDG=Qb9&)I;?dGjxT20NT)vQAV29dwRD zKo;#P%I6mNIB>z*An-CRgU4Hs z)uQSeT3Rg3SauI*WupS{4^pJvHO~%j z_aVy*pvi+h`&6YQJiQpzv@gN{e=cFMTXw1QM5e$e|J;0#cIGgLwjI9U}Pg%Sv|9Njbdy10<`P{fx zimW`i&wW=3|Mfcm< zJ}c2iASF?LNacrv8+)epN+v(v&m{K&&R?}UYgqbP&9ynz3Z*rB5{;ho4ZhS(D$a!~ z^O_1@HM#4tz!=)|RpshqoVL^r1cfnBh#@qI+T|;7dJZDNF^}r{e5oeqIXBdJowO4* zt0DXd8YLJ`+4AnXvCf_ulsrTVVqAJ_&R4|`oaC62Fs6O}9cYy+$O@Z<#VIDrJuxBq zloC6;m7NPDGE}rrLnG(&v+;9f+l^(uaxOO_(bQ5 zcB;-DByoP5F8_=*%YEgh4vpJG(`2|N(3A$2LKV-76YUJYu<1$YxfcDJc%mdi417P< zFoIFn&i};0H%j4s!xmB=gHb4L1!FEAsBlHwEv=VO_D{FZa4l!-nM+7cf0scT8Kg{5 zP~k@dUR2BZ997I<9@%YWNo<(z9Y=SMW{c_#p}rWB2CrEIwj7cXRn&VWXxPvABK@sK z(Xq3Z9bTi@ZDa1%yAuRJ=uuN(^wG;{Do;6ep&fUfmoom2%#~pf;yd~!IR3V`GO*k1 z=!cc#wl(X%*uk9e06zh+@^=)=0c@MC#?W=DOS=eeJk>uE-$t2)g+bZ{65!BDg6lIih~dYr>CTKoFSWwCoH z9JLIJ5QN?_bTE-hcA2Q~{W&v!c`Fj&3xemD&A#)RC4L+$=Z2vT?-8PP=~PKoy@S-y zN$o$hD=?7MEgH{xRL{i8r3+iyegE+*`c6uh^Q0xnF*x_B!4gTK!9D(SxPCax1t^N$ zB-?j(tR>tWoO8U5A$e>|4k56t4_b89ml*!W@Lpd{xe1F+6fSAxRVKJ2bVX0R@p z@5~uV5?(*#5^Nq_JaZ;Vvt^LiTnk#|lv81O-+l%^#rcOeo!T6;s$L61mmjDAU_7r0|n2{SPuveVj!@bB8Qz=xT8-={$a>4i&@PbGt$>++qrRKA4=BO?zpYAU&uEABfKoHcYUg zZAc$#4U1{3u+VB*FPK5!k!4I%_c*#(InC?WS8PBowAydlArV$VCTohJ1o;DA-N{ga!9jwK3S7(a7}?d8BZ%C~ch9z?A}Ax>fcHkIzg2KL=%|JuVd$=`VTcVEr;3Sm z#;K<%`hkOqf91%UuzeFa{M*!+Ozfo_9J>0n=x<}ZF3l;i?a| zBBI>kYm%;G?s-EXr#nJj^|xKu`bH+wS_h!RFLQy!)evN+hQ)KhU1Y<7c7v$z39r1a zVMate2^Eq+V&M49jkQF?T55sWxGZ?Mq0g+NFmiSZbXpQbWey9;?G{+yyMFh5bnLm= zT9T&8nCONVwYS}J$_;#_SIJc7G;ivUyhR#H|jvj)rpsY zT3XMbl0DsQhDpL6iL7%>wYz{A=zFM!hY8`+A^6_F;qU3N!eMW!+`+Hrx^N(3Q}2dh zEHZ^Fl^fcpBM`kP z1O4RH=7NdBc%maBm&vKi4_qpUKotf$jsvDJ>lI8s2^@NcChTlqz3 zJlUKG^SgYzRcytQ?p@H5vzGH#bF=D^K4^zOKThe%uKel}9DxCR;-(%OK`?GQ^a%iE zyUWJmMaS87N?OM&YYy0#UWy?jWUJYxP4hC$Njdn1(Wi@<&VY6i66|3B2W!e*u7pgQ z8>*j}$3A>^YA_x*Gxw7vMfP}{TBY#_<#(iMKNpMjg`gCPBf+J#;B5|R$R)Su+S5_~ zS63fq)tZOw9QAIi(gC{LSR3ugnnKqbuhTA6@k-$bsLjDV=nFPQBdGUqG5a1yo77+# zo94A70Bvi*e#-H|z$>J}R>2pAf$u)PW>(QukOiAqEviib)04PN+B z^0%L__VF@j*sLFye7BoHSO1tG3DyD=0)-Dg!D0uSnE+J~1k64w4WZ}$>VBH)@1q4% zEk^y$Vp>i92nQj>wMyu_b7|2iOeE-Pjk&jHzNhDXf)4uKsi|oBs5<#jj43MM&EYFm z&4wBp$Rq^RFosjKkJDTtICdo+D$`?G7)<2$4)IO*561B_`4WEhWMlxAJ>AjN)2pk( z*8E;v%_TPJ6}mn9mK(m?N1s@5C2jx5&x%a$k07H08uG}$<=_aa&B?Ws7t#a``>NLe zD1XPXn=Z&y)4%#d;%< zG7Jjj&dI?kajWL#p?oPkhk7d&LN$P)jkEM7c~qNz+`fy?$cp#v;5kNBzXU)<8Izv0 zP%HhhOH7#yfWJCFt{adV0B*0p(4fxsUg!2%Ek&EY>g*ht#O(zGCRxS(hT;v zO4x>5H_$hF)oz&vvM>N{(zdjPea2S&`~lWp@j8(f{j%yY(DzYOftNz8vlPI0aTxn7 zjbHiUJq=Ie&CXIYO3ORgcp*@5zDPuiB&do=QD5U21r|W=&|$Ukpye{2<_FMFDHv9q zXqsz=?wc^z)_Y}SS=7nikApVUY!v3W+M~@Dm7joF0RY_-E#LjM&{a0o#|gIMF#NbT z@=0g}kixyBNa(|x^#?{oj$~aa&W~`DDx`mr`Kil$4Mc76IOU0Po;J!4k~2^BChYZ< z5&sCC>}`jkTBg@x7B{i<$~cD|f=e3ZNG}lk=L-wva{``+5#8vj3*$dFQVtbC&K%7&m{?LiQ_vb(-l7 zxqR&vYf7PRv7f`8WBHF^P8Vz-IOYbpCz{7!wu^rWGO1dv%DC5BaYi;>m?PDiYjNmV zjY+{CORT>A1c|Qn1=TzWx15mlnLdH1bKp@VS`r+4`kT#%G zEe>}wVYi@zr%7nIRa2za(E5|9Q$)p9jc`5Mkc@;Ww((n5Y2c}hDplh+sa$!0i^>Ax z>ail<0y?px>bmXr(d@oVs2T2jDs%&TzB__q@gUROut9~3lLsRQb47`mFyd}$(a}A5 z-OqF`%4xq`_VqeF=|XwnYuNF{Pyd@X$GRWe1 z@1T%sS^l<*W(jh-RHSvsR8HNayn1VPlefVLM}iNob6AvD*Ud9dY4#|cz2=_Wvn$UW za|jz|>rjU32hY5O_2kK0&Plh0X)7rHHRX*FUyen%s@*W&IOk){?=(;CFQTsn zLgLfDJyL}B7^r$Kq2mwI{V6}_Ekvp|P)mQ8D&=-$)$1R2&*Tp_t#_6;`~17W+CU$zv}t`sLnaG~qagIP zjbPkYC>k~Qp)b00T*o2F?C~K&Ke^LJ1?8znkM7(N@pA5zTIoyMa?3xx2)*P?Gr1NJ zQJzR~Iib+uADB@S(ZCrfdiE7^c{Qi@Ox)6&Rn9~MLk6dbM$73X5}9Kz#iJCL=uz)r zRH;uYo67k&uD85TtH>t!17pMk2ewXQ8GB`!MdZ99%y1lE&ZK6`Q_4`0y75v*rA=R? zd54vaO>jC7cM%&&cb5z#ex9?n@AGagw&E^*yzhEa{b5EV5&l|)8Zh)Pe4zel}o*RxtgL+5;Rr%zSTpO## za|@tBc|34W;{zis*u71Yg zaDFY2PuZ>2qPDQEzGl?>zA)dpzR)p8@_UpDT~Ns~`?oARO9{rzJ=S&< zRPm~eoRplb6n;cZlUW2T1@#)Md=pNTumGP=fSp0vTj>t3iK{Y0YT?Jy_v9VTx=#XL zY5@cc>c02gpz;j6v;~`D=boAwFBO?fY2=0Xs(DtQrAB8vu*g_vh}pj4IC5klkbq}W z5(?q}*lrFU_DVGv<9t#VmCbmHko2&}B!Y<@FZbwC+^?2Z#Z#^zXrBVor^$i)J_Q3U zb1()SNW@?ROZ?5VhMo~LUuz<%b63ESJl`)mE{)Z}?{{dIbQl{wE`Jzoem(p5s+ zG$CeifBw5-%dx0(<|5U12rnM@tf6Cs%h#IKVeVxEL2n`&MgS!sY`B5`dtaVsg=x~q z?`-mKH1e#t_|1uH5B!zHDbi{`ZuI{h=sqNVW%yqMQIh=5l!X6#)zB-_bcoB|!3F}q zSDj+pS{?U2E9TqZmi+~W%+5}*eYjxwTMbN_s$(~^skM*8CfE&l+0H0^Fz1V*VhG&I$ z{ls?YQHH>8-~{w?b_!(c$(Vl=%Fypq|INYT%#x>l)tI%{2iixbz%6uoc~spmE>^%M(!V8G;oks*$u({eU<+p zgBW`h-u2Ia=j@QCI8?2m*Sl{Cu<6m}GxfGtc&Ph!rY^6_t#Z^4TfR%6AAoANPPdpS^t0HELV1tEp+++ zGL;y6-+vMlLFRu90PwkIn)p94?Vggqt^o7zssUTU{i%O30FJJIlI8yxz@Hg`|2RXK z0sLQ1c~9+M)#vYwg{cH^PwsyVpxSQe;on#Jj|L$5Pn`W<1Ni(;VtV=?1Asn%;a(j( z{)uV#l>B7{!T)Fguv7nP02Kcu%l|ci-!lS#b5#F-Q)bcYkIDU_8{-(4${Cu)uC44*g)Zmg$1|7U({|UIOky_;IeAGPTm8QZ!^f zwTF>0jV(u}ctjPSK~~O&)yhm-^{w`3y2(~iJIP81Rfh)k(Jk0!fQ7(TfTqRLIg|FM zdrOjK0r#T$-Rb^PKZd|n#dZA6jXtrt+Jtdev3Pe9cXgw9cO-l{*Qz_w z*Qy&W`G5d}2w1^myC1U8((g z8~O;Piw!60XxQ}XK%VRSr%e|dzYed)?e`ZFJKVz-e=c@@?@ikJU_hE;)V}ZazUhip z@O&?2g@)|KRjKRw8yfu!wW4XVprKmjiU!Do>S3yO-gNBRup$8T`jGQ>c3z2}Jz+ z+D3CCdNU;#g+|R|wDNHme)5f{7?&?JZFZkdx#S6N7arUHS{W8k<6PA4ArPjVt^Gce z_MjJUS-Tg&d)jbV8^C1UL1x4f4zGS+gTiFG_^;5F7KOGmvvS^KbSD`h-|QIZqhRJ;m?^`;f6%6 zSJJLTdT55y`lC+~mmDP}!&0~QqkfRz9lvQ2_P0w0Hjn5^7cc4{Dl1cIzvAczb=TQ1 zniVNGZ+8UZ&AU%)k2_8Dy)bq2Z1(6An{o~?GX^tLobruPoQ=a(Nd1bk_fpa9fpE7xTxN%<-CbCyo z!>77u$>e_0+kakMr_}GVv3|?OIL_y>iW?m1&cl)Zra=^-!x@pCQ^VyMHhq3-7kv_S z+Lc1PzCkl~Shhwrk0?B0{Ib)*N04+a69Md_{^cc`jKWo#b!fBC-4A_u*{iLD`qi&h zUJjqOJ)%!^qMwtCKWN`Hg~tw$3`fD~AI5VCZ{l@~Elry~h)aF?*rta`uIgIxCodV* z>qmnb-$S|tfac^5bNMS$*732+JIfib`F$!&6g(D*#)G2r{6bu;5QYrNN64y&G^izFJ7qaOthC49o73Qml%HDM-#Mt)GgEUv_y*2Y!^<2|A zxd2HAZ(%8!Fm?SQlQ=Tvac<;Z(Y^626pun^AT zw0By?x!-7Qsl4>}FJxNNucId#bLw-tBtMhZ(xZOZV)g-56rC$>hME158 zu8YR&;qJC!rIW54Ur!%5eR80di5_4#(lZ(s?|E|^*8ctA6$j0>n6V&6hFs?02*K+I z<-ps|PA5P`Kq^7WJL_7YL$hRNv$O{e(aCd9vi1eX>=wd|k65R8Vkn>e*GUy;E{}TE z$H_dEJswC>hHuFcDj?Z&!f~r)Fem< zxiU~9F3HW+#}vM|=z5ALUz!x6_Gl7K2I)$5mOlfS8IPF7nX0#&MhEPMCfqdMwb%Xl z>Ag;FXY-c%rB(QnHBIY+|3z_-`8g#%d7f#b-sjhBn?u2@zk~QRm?yLUevE7Dn z`>6o8mH~{Iaz_FcC)L2B!H6e;B6yQoi{ZgHj_gBcJa%){V>LL>*d$ao6OH_jZZ_z$ zEcFuK`7gzcOnLo1W&yb#lyi3J8$3J|h5A=BwQJZp+Ffpy3no<4__89AXo%D5;PQb|lr3c+ z<^#6*bH8XFV&W3Mcw)&ftqG9~hugY@p6%d}ayRTtWk1s0I<%B%ptrBnsa^!-2R zL4eIEHBWC!l7@ti8N?KK)HW!lg+Hj#Vvva^C;c*33Deld?-$!HSDQ#y$qhE0O|IE= z@l+P{MTTv4Pr2sBEOt;>&NFgNW*^Sd)d}2&VAZA&F_$$HIyl!K-u<`RQ4ilx+kmk=r6U(ksTfJ6*OV|kj92;m{GG{ z4c#eFX6Qw8#3KOGmkGmzf4fXeo*UT0sp5#N+C-ZYsoDXbP`IB?C&t3>`4s%Nh3zDXcYukya3C1)8^I}r1QyrBd#Ah6qIp^3>s^!d-wR>!v*u{(aYu^9w zlIjqke!!vqxu#gU*C)~z2#6y#m_*+p{KQiPc)-SaNv84kQA>BLOk+2rEGA5_dVJ*Q zqIYm&L21B3D7EYvRp%>hLJ2v&V3tn8C%pvo1qBoO6l$ZbNZbBK?^I@^j^QYXgsKai zEITd;3{6%Z3H3xDl~GM5N62W{u*2AnC(nwttdiM|N;2manUk+IljjeozRuq!zud*f z#{;cCBP5)M*_yP=j<)Az4eWLPKm`d&sp^cuG@>dY5eden$7i#VZ&9y1x1A`WjB`$| zzZ^R``j^+9cM$HSeiR*;nbvchn3(!F*^Ye6d%;S0i)RHE;?D zejxoE+Z^4gw2pOFMX5I2`C6et;M{+hd;qvt?s#@Sj*6d)4yhX=k0Zw3+x!$(JH6xA z5!Dtx@7MoHzgfPuH2g|4$5ugkQewkvK-<17TK21kvXMVx<<})ir?2#hN0P4`X`)tz zuX4K3QQXHf?rxbdMw*x1=EqXOh*%N24Z#P&&nge2m6zKiW7(#(qG;Jn9m>Ps+Oh#{ z*;j2x!u~U9Ako=iJcIbtk?%*U?B`O?ymgsz#b+r*R#P3>!wtZhc5eepWHsv>Z<*=j z{k9&jO2T8WXtY+}e&-JFx#TII4z?)9XX&?^Y8yNhGSOix(fAj%5h!L|0E&ToL%Uw(0W~ZqH>^8Eb6Y?nJpJtrS1yo;=pi|E_o+mU$l8r4eMnd*a_krW zT&lG6be)ibu(j0MwA_toC`QAFqx(cBRh)}+H-++oEP2g{?xqSUO&+#Pv$?j zS<4j!zK3Ek2;|0*a1iaB0`JPR27Yxrhw+6U(6%)t(c#Xjd?j{4C(|lc#Q_WmXj#K3 zqX~I*9P*>r$e#MmMn`=-M;bawD`to~NvzfxF{i^w8qPvB-)voFg>6g^sbQ}I&9l-#E$ZL{s$8GEz@0S)R4^)GkYT))VY1ewQ1<4)N z`=#{nSJ|9Qs56gvUzW0!5LWUYow!^Wf+1wdgMG_*clvCzXn3aLbLd~)Xqq6>j$V@A z%i_zxN1s=(Y)`YPfU&3g+qCe29R?J)D94xF)m<{DL)Qup4A;-EF#9c@_iAZ$2s)8y3i2ap9EAV_hDhyp+yltY^3)@pYen<j4d3bunr8mns!|Q6czKVt`;MJu+>Y3t ze2)~%y&nW!4}mw&WcnkCF99pDQP@LC~qu3Pl*>v24i|~JC9IL!&92gZc_m#?6GrW93xdyd-UJ&lbDi*n$qsy5=s#oZvP19G^TZJ@7k*#*8i4$B0D`|l zuhCdBBtl9LC+-`eKrQyDr1~n4mL$gDtFC&Ib>rnR8i7Jw?g(1}cGo~2g3M_Z6H4=J zpTQxpz=ImUoO*6Vd%M8*vb2p#HpG4U9&N|4Ml)dghSlm&L*<>|spw|)>Oy*V9tOAU z(&D{C3m$RxHYk+SIh3V=4IC7NGnrLd#-i(YcTzIR&AwHWgYkyajX&* zX6Z!SrfrXIo*SC5s_lZVsERD73X+^$-;-a(#g^oas|aUEkbWnry&7NLuA5#!pF$4o zz@}v3$7P9yV4Bf!BGU_#UmAOhlgl1|%{wD}l}_lkiLzFpK&x1Qf9b9Te1or0vRE~= z5LG@IH~85@#YJ5e3UUXY&cLRaAl&;>LA&Im>-m0~WTQQIW70%O5kuZAP<&CLEcKP# zO?G4*sK{k^UKTnCQGeUjZ_13AD*pu#j=Ix3Ne-H?b&CNtit*+sc=WvGdb6KrOrhrl zV@43;&ozDnBh0Fw{;fuee8sMq!7l~VlD>|~>H|6lVqkT4_YbS5R7B|F8ae!rhFheP z&Yy;j1jrggKZDY#shWJhMRZEE+|1O?j$Vd`yq)xu5{HoX-+KGFVO~Th)_;o&zz#%9 znB6x>f8g?HS5m{DA6&VSFNVEEBfQ3N(iENzLDh5UOmnco!6W-Q0|Pk&GoT*DY%DA8 z2HO>9MnwcS3-j}H+=(Y4hq8_u*UE5PWB-4rpqR~5s4EanXq3@!HL&=io940_PM-0F zd=%jy1<7Uu7CeA^CJju0@6)}TD(u|sbD{lnVN2%i;mfh0;He=D-j3_)*yNYk&DWu{ z**=Ze&BXO$XLsZ&&t|a(vsec)O!5HCt~Na}irx+?D5pQy4jYaz-uHYzsb-?0FLPBM zYP7R6nN9?E?7vr!EE(5jUo5ELx!fc5nb^M|YQ1BoaKS z%zB5^$u#9}gJQq8;b&wg|CPf3yCcE!cj?ICGC8+OPzR+G5nH<02@c+9WZ>G;?|Q#ti!E z-_OXlDqEd&)%>3d4Uf8()vI5yjuGp5NV(TUi?Z){fvktMte#s8q2^z$ZBWvc$TBSB zhz=1L2HuAx?Qyih0~h7+r`3i}(92_4gR(*f_`>&ScniNg^J8p}T%ZMo_K82ASIzjC z9N_CzTi~0$6$B}=H;UbohlfyX#>1$)ypydh_q<~@W*C@oFcP0e8C1hAavjKV75guX zf#bIvR-v`oi(OXUyDMCJjJoYXMsrHv*E3G-#~O<(xvJKzRG;U)J)C!smu^NVaFGDJ zy88>I$E)F;t>QQlx*U_<=+TGXg2HDRNBNCxmCq-qQ8zK4>Q_z`x(& z=@*ep=>|kY{<(Gjrqry)$z87 za2zmNk|E?RDys=nddBcMP;ekKdjAxT;RIAMZViaCM*_c$z81&3lvwTBm7DWIt><7i`v7er`5c4GJqOj{>SyOdOJ) zXKj1TA|%71x_;Kb)NaZ?JY^6-LFq-*z+SvZ{{-LpL)fguosG4v*6++uOd^lUT}lL7 zqdE;LF93W>A*XPpwg6UYmPe-g=v#Mm3q6~Xm z`jp(?b)kLsj3Z~k_13~24fcfG(nlU;Tb{i3DK;gYi88dy9(p3(;f~E@7AW0nJf1z@ z>mrq$C%E(zwA0VGdveStMB!oBDsdc%h9kiGrQbtrj+6+8gk?tGhr1{9iSx9@$xtl7 zQb0~ym}tLfhvGdBioA~2^qFQ6n^g{*_&A*tuD56Vu;~~m^kFkowU|Ogv17hP z^5i^TwCx)1=1$WK_`N?CT6g?Qdb!Zj==*GY5YA!B>%-XC0e#Ge{S;IB^q<&>KwLfyGxdb}N4+VE`0zsP z8?2&j?vAA|uXnfvEkB&PtmxC-5XNIOQ2HfYJoC7p3+{Kw)3S7zZpfG$R6Ca!;Mi%= zqqpxN=p~KJsP<&U?|#h>Jf}4fKe>9wI``RP{aWeUhS|5&q)j7I??4yh!>q@KMI|jw zk12wf))$(*fEbr#{)%-vn?9JK9_c>geYyb2L@!@cDQ@Otxdv!r4b4kw~| z!o%td%Fp`UQqVSum4YcAkZ{VQq2JqqpfC{~z{e+^22kTlf-u}JV|5sn;P%g6?rQ}1 zF&@-~Pi6-~=Amm!lxNBeVZR_^i0gwRmqul_+J4Uj$)=JI1R*}DH|pz;*t{l062qA$OePnwD zMyQM7=I6(NEbQJ_pe9YSIdddZpa6ibJm^);Am;^rBX}oPH2e#|jvk4`ry%`3&}vDs zQj4$Xs7W7tmZ&w#tzlxXQ$K&s`Gt>cZ z>&w}9dCGw5*xjKSos=}ZIx70`_B}Fa#l%RL2As*n_`_83fpXe>w1(NBC)gJ*k7>>= zFTcZ(>}aJg(Wck&Y)caOYv(7bT&^zP#QRhdslwqC8!*LHu>K@UG5uicVR%H8t(tQj zQzQ!q^RN^T>Su8^+BK?iDqWznt^wb`7c*L{v2h8F_5N!ldl!MPLX-2PSAI=Ue)`9+ zma6ZqRE_38U%c`y-T`s};g=QxWDaYaLigY6tgI=WDbVcVVc!cpPdY*r;DL~b+5ihV z)&~l4abBd&DwzOnV&dO?d8WzxLe;*;a{^g=Z><9@`W38p(>7}I&CH927Rw#o&mIf) zcrmEw%Ni2Z;Csd6hjDoOq!OPGzb9S3!GMt#S5({f%j3{y9iD~_`l%pMOA#h_YlcJM zp;i5zcWq56z%!a3 zV<75;LQRf413i!l<+DzoA9Wi9(j#|vYr^V_MISgLCkY+;*BNb-O4&dvL(Z-Jx<#xR z*jEK0)TqQ0#MWv+6!R8o0%jIM!cn$$Bl8HqNeYd(mr=kIaBEt88KguYLTjvt_y+jtnZ%0)*tic!@CK?{nh50;&2vRIh<)*KgSm>Uxe^eK`cgD8b$pz8JB(<2(CKwN{yoo`;@jZb`s}aFW1UG9VSOu>HUCZ0Z50m@$-v}} z9E}M848v>{Ewp>b45We+GkK22*BLv0Cv=a)nJ!urCtR}2l#VuG8*exV#Gn2a)=Q~e zrQP;ttd=}GO1;!iW^ySJOv>YjDH|;jqo_{kum2!JJPYv^n;&F)0~((}=N$0h=RCK} zHNB_6Ir~nz-04#&+&0f$+7$(SM8DeRhnIFX%Ax&R^zqABqdR6>_#PTl(WZ_P_*^?_ zd%8Hc2R*fvBh4Wv(b>rizPy2Wyo0R>`w~GOjzWpe5mWG-J;X44e=;8;L&A`Un4gt= z8l9SIDIp4ZVKCp@a6pF;r!8IOZn_M z*^>RT?eb;I1NazNRNT9AHCAm`mH9K%!fE8YVpk*@)%D2L;cQ*@UOMe{X3?+fIbNs9 zD4m!Q_uo%xUfXAES~LZ)pvA#9Xt_5J5`ur~`Xx7W@*#&r=Fsvt8B3YU6-86myWvHP zV$;Bwv=G2L<7=gJ#2MZG$EdHml=G|}=)+*y5FcpXT2`tUQx57+mLh%*5a-F>mwS7e zp3fJ+*ft_eN)cur@IRTe|A3QLtrQN8`Z4Ck7NsUH+l{8m)UZ-3Mn`5PzcNvf_`8&o z5smY5OZM7mG8%Ay*>+EyOWL@`L&j1+XV?Iwo;$1ye5bFiuN7&ye395af?#~1j_cfB zffmY3eUM-iS4EoovA30V@!KFo|ijUl@$dCvZ8Dr2qAAPJpGVE@Zs;N|Mjpa13=Jw1!6I_ zHaIiuuu{kj&MnQm4INH5x)|n}^1*V55Aw^>>E-p7Un^Tj1EEX_U zf5z*4S<)yMw4ZCOJ#PA#{rGk5f%8^g<+#%~O$qD7mU*fu&!g)a<-vySbL18P!S%84}u#7e+2#Pkgv3C6YGfEi>$bbE}F&P;s8mVc00sad5TJqbt?QU8Ae zyO0t~lipFR^Jpr*l)T90%y01MGdBet1u4{a-bAs}R4!MW4K$$2LW9z@^D$rZ$xE~B z{y^_?!`k^%`E!q_&4avpZJ=Rz9yS&HTmyA&E8ArR3%`pY#uQH6k8R;(Qj&xY1f_|@ z04|7HJ_qv{7(Zj{L5QqtR(cR0qCU72*r`|60LintFvogPhLllCHfj}Er7#X;QEV&k z$ke#B(aS@2$pe3-XF>vEMp6i@%14_pdU_!TCug3@Z|skLPz#yu-21rS+9}C98vH0b zzTYMIs%(igH`iZ&sJQl|bgRBwqw;sXTnOEXRQBW*?QD}Ex>*ylAMHTt$fk+J)!=+h zPcQl$vHARA+66NR>g%1(kg+T2n%-6M)}@B-nB{mVARv7{ZrS9+2fJBiWM@Qvf4?^~ zIM!d@b#E0BAi)8%nbA(WAQ|#NA@C;=t5PiMA}0jc)OvjKJ5{w0nvFDNNz;BR)#)IZ z!*|2CRMdw^E7o!`nO-r#2&!lj_P-tF_|%x=KVxaT@D5sR^KE`sURiBn^T32T)?lj% zNMjnH+P01K%~Nf2a+7}j_Gj*hm>6;A+a7C@QV-oie*%Y?H=W~v zC%LB5R3HC6CC>5{^<^BctvfrGKA&+&51zLa%$;p?02`i%S6;8n`dmLTX>Ne-%t*^FYU0Hs+p38T z%mOG-=-_uwUD$`szm*RWvGF*X7z zPdL!e^R1$awPL6-Px%MX_`@6uzEVlozO#;Yf|Sl`>L+Bevb#Pu|a zHW~^Se}YRj#0Y*k5h88mO4S*Ru&d$-!5jcAFS0byTJ|F+VT9@BdMvnXSU#{EIzlm} zTgE!!ZqyV=vgr#Gp8g0!HI0~p82fCsQOUXY#U_R)Cf@daG()Mx4rxVjv*l2egKmNo z+fxR;5@-TkeVFij*tV?p`!V75?b5D|{LQ-*UrDD(da8xr@hYV<|2^~3(&6s19wTv|$fhlU$C&DnLipUGTH`!YO^wj($G@%MX`kw~X8;F5xN+qvt37#Adv zM~)@f9Gwgcq+J;WwAeqF+5^wWO%<|VyA~sj%{leekyxd7086ri!G)WquVy3 z&X6>1rQsBbpsY)$igXEjipQchug&KtqH0&db?bl@g!WbiY9C=e8h``*Ky7KPUy~8< zAzO7p4M^a-3)QDiWNI~;mz$=-8%(E6a5-{E{%BohLKv`vG;&~#DOd4d{##KGOI0ZJ z;`S(Ynb^xM*--#Cy7 zG=%gYADD__4Kbj+F&~{p=Unx$5HUEz6QKc?hMo#9yYdC=d&E+sbpxx$xJ2Y}ZZmIr zp#a(>GR@D@hm8;$04A1P21}-H8mYgwV-o;*V-36}hrjQHnFmS_=}5?&D7CR@L2P z4}(AI6(&h7EHS7s4MV@IRw9oVU&pD(Hb*@p3_K2ttCE`~K_rMcA(x$&TBvq`>ZlEp zg7eq;2jo;~emWkyKNzcWRhpydX@wp*N2;*)dk*x^o>h~efZRm58RZAW6JnTHBbhg> zUnBWWTvvVPvK}Ul+GKXE2cgCuWE6C}&4gzDD5!>=G49=6UtiwS@#RQ-oEIjk2RQZ3 z39@;HTi8Z$32gg!&A!@G?+`rsYJgbvpt=Ks4jKjRW*L4N!mw&Yi233Ekq>`8aIVvky_r9JxJ`a+V34@bo=VSbE+4|t&X!(z4(_# z+0H)4k{lKn{dC+}1<7lH3ue3$B8va%$>hW`&^h zA*f806ToNzqcbdmS4bovCuS+_TnK%^fG;;%R&e(r$*h#r5t&x;=&i8Wsg?REBb76X?s}I1h`F zDN6sdF$Cs0$xAt6seZ!>o<2FOA#(QdTe#XCt}W=>eoqHG5@&O>1602w8DEx3F!vRm z&BWM6qh+z$2>JoRGF3@(6!ik3D$gsZhdjAIPXNKUYaHlDwOQ7XpP7it#Y@Hs0dIsA z{*g(L2JbC{2Ix`?^`amLY?y;$w^r`Mwzs5eE%pY^G!cKBD`S($Qt$JnO``lc@poh* z(8_sUz<~z+TblROo3GUa-%8d6eq8%&Y&OmL5}MP~JSTG4O zTTqWP-{U}nr0W*7iWxxu`}6;qs~g$ji%A~U)T~b)yFDA(xlB*dyz&F5wg7WM!fCKg z^7{aE15Zo?Z}EeQO;k}~&`2!-ZcOplPl9X+awK953A>JHpZDHGfknbVr~c^e^V?8J zyN_a@A>`%$yc3mKdlNRs5yoITBSgsgL?9j4_OG>9NDOaF@|d7hwQ}F>QRv}Mj6hnTuH{#( zgOm;DVDSO9vD{p#=g`3q%4b0f=e4ssVS=9#O-aR7Y4SAuSJ+q5v=S}(k|ULVvhrqt z8&jMXZDvI#umnQhXd@nHMHpi|YS;H7=;K+_t^kFcKDeVCp=8dVc^`IU2_7cR51?Og zAYs8K3UxL18p^`R|1(o@CKPC<)Hfg#GW>S3(BQaEl@z2leweGkH}a5fRMUL-|9$x0 zR>I)}%iaF6UF&)z+CWIW7lLm~mBOQgj5?ndM4UI|Dmg@3Gsn`WsHEUR$=^ai+zFyUr!=HEU>GEPWI z-C|39v1n(sS5C5w+^$HwN!`(RW1Y(0--CHo3VE|3m;YS^M@YEga>Mp;N9OWosnXSQ zkV8&fEGEG%Rv5d0H3@v#Iml7CH;>&S867UWP{v0rlmg;E*c$!(a_J7K(s(H*IDM0c zS-}4okT`*tgrLs!z6?sGrmqny=xi{53^J0;GziIHc>IgJL^l!QOrbnB{Rc`x^n{`9 zivBg(B-M;syWQi3+3#fXt6xg(5vB2UAafS>yJy@!V4hZI@rMr+DUSAwQgzBChB>a& zECA23oK&2>2c;$L`>}^z7fo+n0+h&4N&S<(3IWy}beH@b@Ni?g%>RSB!?nO@D>ss`Co1_ z#33SUx*LO3VZph{@PiW3{yQ}RP0th3dwC|uII(caSu3m_8&H}TBHBD zWEGU6p?#T2twVPlS=kxdiq`k#6D=KdYgmL8QCjn`f?Y(%bzZ9;9z1wCeqm&m^bEwk ztcH)W1-P^c(vy-Qwxx7Ti-4^44gJx3SfsE!|Njgfhw-30dT0vY<;x9+-FTlvqT~I? z(cd~jJF#_D6Oep}^S`xP@#3+Mgf4%Gc4Ce&!ybxm=?z01spC5%TI4jj$z= zGGvH5+Q0xyUK=A-YwB)*&7qoOCAUyk$K2u<%I|JM1w~%|-OZ?Ds#x*DaUJ+3TI>rsL#Oz_%Z%Q_{*_gJFUftK{k@%-_OI`!N>L zT51$$IvcB}Rku?O?L+r`yOsPv#f-Z11%(s%_V7uo+z2`zWyTl3X|0RKE z>g~@Le>?1?XVcf1R+NOYl39n$=Dg2$xE6h!F7Nc#<|mW*%2b8NP)^XX zb>>l!Ny46qOa$7;HzcPE9d;5UbVn|{FqW}gVd*mKyyoL$;tgX)zG~DUB+^a2F~P|p z0gfsfoRfyZz>Q1@{023sw(9KXQy;u}+@x_D)i3 z)x@&?D}pyhI}iDQI~5RxAKSa(W;PRm&QO3NFGUUb+5dP^j0!&7AP+ zRUnjO+vRbaMxbmzq5Ld|Ykhzc@t?Y*VKKayF@r=!8~!E4LHtwv!)9*DCJm>)I1PaM z?@?`NXjBN|!v8!fV{G`60aeuvrPOQ9(pD*^`{3}Ck;bl|=JURphPB*zBFcX_{SU&2sVk_d(A z^q>4ItL3 zVbwe(KTe|2!fCTo?=2cDlVgIF2+7)*kZlrq3HL`N;mnb#3j588qTtW@N5N`uEZ(hQ z%?IZ+DekthD%o7p@Fa9x^$f2RdN12$OyECasB=!&zrn!mpwtK`(7-sYRYiJxZ^IiP z+qC}?@M+DH<9)%>2YrK@?C>02TeKc$*))P=R~Ju-y9%fr-CQVYVux~&@AijJrePyiyKuzrC$ z&d0x&?p%Q1j+>%5f*hR>8`g*Skub*ARV*j%ofGNQ(&OO_A>E_+Sn_v}~F8Jv^}Hj@xK(2kuQ2{*+_ zphroO-XlM%V+!Emn$Rs2A5`>?-V} zV?Y|LGt)81kn?lD8a#b8saN>Of37=3{8KH0k|@@NW}kRV3I%{qSSg`AG{Y|a7RQgg zIw2yF!qrmW6i%QJQhO|L8tGJzQ7QW7)Ww zmsj^r35npq;+TlZisPIW2sqjO+I_d7B(*%Ps z>WI~RoHArmYPFVXt+wU9YeZd!g4&2^iLa~M>)Ym`LQMcO$;+U57L{k{*E)?&m*<2 zc|f<}VafKbz_IsVCs^WMmxQV7k|z+PN}3QP;t5Br>>YTpt=)q95cDG$;7wifsi5R2 z?L7!OcjCj>E(ea~D1IROpqu`CmE3GZQ%!z!!<&g+u3j`B(%ELxen(m95Hr-CY!3y) z#hE2DlZz*%>N5=%AlWA92JMBL`+4p{r{!c!;_;$x=c;GtNl!wNWpsly001xWw&Ar@ zy?DlHIyHMS=w=tc`!XQ}r0lqwrFEDX7a8|tXTjkGw}hMDoF9}r2^ zb9=)c0xz|pJZo!``{7^+;^c&!E>>AT_e=2Fn3QqznbZ>-KyU$7n*?5)dgq+MMuy2j zttC@ywH?2)NaJL_(m*WTND|$kaBU8@u-pBZz{Wh-!uA;KRWBnJU~6l4AlyWyZN6^8 zYm2P!bCyPBQY0=>ZVo}3B}q&nz~ zjTzYCuJC96D!`_?&-Y6p0uw7v&#!XL>%GF9C5+UDy$1@#e5a$_$9n zao=8QDV-fXbxca&eXvWLySY+)?Fk&~0S5DWkJ>xEQ-WUZ^?*w#>_O1vz-3LpTrO)K z2AE$_4Y67;m35tkn|5NB_6M6D!Z>eY+3tRbsm+LY4?`H}-^`+UI0#fGgwE!?>`1uT50J3_G?wF%#ZjAU zgI{$qQxP#(le-;~$MbHI?6~}x`~BiOaNu#cf}6jG(J{AESd7Sn0!t&ub75z)`waV0 z^Cp=4?|awCq>6MCdIXgkP1GEOS1;B+Di^NK*WKPhG`4INaUW1DW06+roRQygU8L8a z5lw&YS1W6%*3}2*c|}FKM)0`?DvtIebp}uo)R_bp`AAyDY^3UpmOxlwGoK+ey#Bpj zGV!oPN<|{S&!kk5&B6e>vYwMtSJ#$zk++``7)t-{1*XI*DHRNL-PaDo7n65*pW(~5 zk_XVhDav{ncz&)qbbg)0yb+xW#ZVi*zl2e1kV)(tKQChSM z4K@xPB?!lZ7y0(Sp~L+ThVZaexwos^D5dA0gIXVN1yEx;$*SddKuL1_L5H()ycCAm zKeoIv=lA$T!q0?goEQxGJT0YM00>1xxO3qKGxTH|(w+bf`=Foiww{w#czZMnQF=*C zhgZ`-62iOHe|nE+CPbrlnI3J{)fk@^izIXyBZ-;Go(Qr8ogn<@uqV@Cos>8_G#n}P zScO$_2|2{<2&8qWy6LL-yWa1ymT%!a9S?BN`P#0$4;NWp5J)AS1HA8gvzK~bKd~sm za=sPms>h@Mut#(>{Q&hSri!%q!4;zxh{z%wRjeHqy*-8DlRAL9<#9(u(J!x zi*WqECDIe6i7cQ`a+d?1x0u}5!Ga-y_*3DYlDbqEslEz`$t5N6@}5|PA^j$j&(euh z-pbXBTB%g56^)8>=&Q|kR5jV;f<{ghYw5?F?MuohRNRIoCcxs*(I9@}s(ToHz7~+H2kIyZ|IW>LYTa1U#=}9So-RKrRiLO%>QP%Z zl(LRrJMyjViydzv_#DFDP3bz0jmX97GigIf@6k;zzkZ^w#7JHDJ#Vk`xanaNrhV@ipiu{8c0zf88#W1_N{iW*tH_SC?ugV-K;) z4_59YoB9JzLTK_(C-Wt>2~99Nwk2@gG5_gZeF~1Qn8j*iS@7=-UoRBTAm>c;5(Ev_ zQj^U5SzfF-z;Dl>(OWW9c~o3$1d8p~yA*cK`oYVLR+xBlDq`F5hqOfU6Azmt;N^|Q zAMKPDGL%_FVKnStFhu;&BqJT-tiZJw-NUt*Zv8HTo?_ZbnhK#nCeQ+jj&&%{>J7z7 zc`YTe8R37fpG%O131Pzr_UQJIJB%??LSBpgz5q+g?q3VDqhDVR0GX2k;F)?ZJ@O;f zbDe0ty;00f@;Fn-7bryU08q$R3M-QE!4rrrd`pm*eOVe*2Fvn&+w!VkKsJiOAu?b%=is{j;zgqZX_AWDF($Y<(rx zja2V+`D0tkjna^o%{Vkw2kIAW1+t>~>breP9|b$ivg!rQ%W}%JSaJovZX&n8zblgzK*L|WbO5g-Mn+a^-c#+*u3%5?X2#li%h5^68QS0$f?V#z zr&|NVM?5Zv7WR`dLPF@f=ro=eNjB5Zem18BJV$zGIU0EMr(d?<(Cea@qf$lS>s*%G z^YPPzY-JnckHVlhE?Z+@ggd%BrC0F>)E*wr+0wn-sp zPWKKa>Hrx)eRgBl&H1kIcug3GhDooWpG}iW9z=vV%Hln!-=9NZrqL|*MUTg=If^yQ z#;67Fq}0R)df>x_U1KQERj>)T390v28`;9z+ACRbQ2jzHd*FVjQXP6`Wb&m%D+Ws> zZ?3l+g0#9$q3;qA5WbYR1_^>$mM}Eag@m4!uPo9<*(Ltl`YV1J2(+Z_qR4Kp_*VDr zLMq{a%D?cH2YOYkdrW9OP)JyIE#X{?n9kY};32KT4%#le9#mf*Xp|SEjGnvdPUWEZ zh9pKq~?@QXPjJ0%L8=5%-(Edzhk{mWNkI#F?RsO)|8(I5$Lh*!8( zgbM!&Fs)k?TXL`rg~^TbP(||feV#mzD`}}@3S*&P=tFivPybKxs{2=31khZ65Kn9m z@q`mNH6v^t^`b&y^2KN>LR=Bc31;(sZmBa9 z(^R{{UQkC|=tcV9iN71$E?+DtaIZgLfa}RKlz%+(%!d@7(T90!)w|kP!2Lew+V-pK z$slR@eQGnU3e8dvPyiF;(dska**MX1mWqrh1A_w>GsRLUk-f!q<~jGci3>)-habzE zBK^-lq_#kgXx-qV0Q+Rku|upB>P;wv0r?xg?PcWhaZC#u2qe8s2T69kIJcmYza$`V z!r2w|P;Cq@obOv%!zaPw(ftdlmAtGg6du}wwOciNknG}Uwmo2A z-HhnS!6-zAPmK(}#63qdaW1beGw4c-5U3=xcA{H&GV9iaf7~quZ*AA}Ey_)*X_(3j z?ws{IB_yK9J>DmYFfu~QdTGl=6+Ev{SA)dpBios{qXCLqmthI23XDN(DRn#!Ng}fs zF-1h+4+^S2+}lN153WffbO& zJC#Q8-(h>H3~FISW-fW5(XYfAUJLDBZWdl%yU&1=#j05=lw8ccLj^ZZVFYbyHrdphu`We_ z0XfbKQYI=jpWLV%B3K{eq#7d8?mR62h~{i|t7z?`BvcZ%*ssZx?uBto2pq{)5KYUD zE;9#OSe~(BrRUmJ!Y{R6(nfor7%+PZz{`#-)$RhZt4?#tU>=Zwj#ib zGWe0kcv_qojK_aJHdL-dL##%I8#7>2(&TPF)V62j9arEgcOxg9Ctdth_;aUk8tnWB z+7z64{cr13<|3p7pF}3y!@H7u`EzXoW(326HfhnOriFBx!sX zcBNiReL4Z4rv}ab)31e8ShFQ)Z)~=?XWl8e+ZxeP6f7%9(TJQGiBi8wrjoH*DO*2p z8ACpi&j#Jn&JE&>$W(G|#E|i8pCjy{kBrf3*(|x~EKa|3G?k*u>L|1-&G`b4A-(zu zV&CMd16>--fFce>GIn{Pj?PRG?eYT7`anhQmg%*_r9_2*0z<<(OJ6g}NG9^SF$Ie2 z=UQ#FND&Zow*9sq`)x34KrEOtoqzN<8!}UvbHp<(LUl`kDBu6xN-a>J;d~K4`XVhwi{R**;Z+z{J$V)A(GsyN3<`OjY(C7*{}4zR?KDhQF<% zg(TCC1`#^#x4s@f-pouJKMP>rgJuTWAT4F`!0jlwJwj9Ba*f3qkzamwik&i}7jsGx zuN2sO3rU6l7a^k@gWpM6!chsPhqx?M$FU#Iu;0Syy&-ws^vY-uaIPm}dp75s32@${RXwS~lL*WFZn5efVjlyw zL->9O*K)+%Es-p&gp$X{KkuQ)$p!!^d1JYhuq(5dmC3RZEa`H%$Rv7MCX}*smmZ2P zQd%Z7MZd%a{`GN($}|G%WVj@QHgq2{zj*eHF3qzmp263VrdVH)jVF?Xn|%!63+4_? zIgS25o~}8r&-d$ZY1y`|Rm;n+W!qR@=ACWZtJSh?8_TXO+wS?a?|#qUU9VT?y6$t{ z=Y9C$kgkCQHzsc4>-3w#f`S3D{SW=b3=bh&fJgM>?MF1@qYtcXf>{7cExHrp#9p(X z1znhr)uKX7=@Mb}MVwzoE6rkoR2h_yEb+wu^iybNu$L9LXA8#-;TrzS+K@4tVM^yG z4$_iMtCc0VSN7sR=zpA6-Fw4yiFpx_^?t8GU}uTx-I4A|c41@d9U;oa1y%7`Y;xex z34CZ;BYywY2egsEoCX&kRl(`Yh#dolMTt3yhMIOkOJNj59~;I1%VkneMmQ*=_CLk? zU`~lTg^d~drdU1~vL_MkQJP`Ka+~Xj-dUD>Z|&{-;~Qb(XXILj;wXv8x{WiQjcIgG z_Y;3ms_(>4sAzQMn(qu2(Wz?%d1F03*qH;jqSPRN8{rGnhgL3nfZu;j9;;T|L^V1! zg)-xCunD-gM|`mNQTY6QCcg246jc0r097K5;1=YZ+2Z&FM5}{5jtjJ5Nv{==X;QYn z29cR3^@9pveE&;@feK)JY(b(#7a*^4*c$KA>t3r}-!OTQ9t@iMV{_aFCJV)#OlS-f zj1XcA5iz=Q*V{o|eeGbnkr8)t6UeKLS7CGZtIPC@usEk?rnE4FLKoRc4npgD;eimV z)Y#xPF_jVceXpk=SOFsdsselx{sSESdXXt*nH3#7$zzIDrx*hiS&3=uAv6RXHc1VOaMFf_MJ~Lkk5n-GG~2wcz_Hs4+UJ?b0ZTG3K|_$>+gCG zD=L|2HSZ9cgX5~5iw#x1(&{f^3Ldx6i2_+K?;}9+FV}(@CL;inJ0}JtckV`J2C0i8 zB)V`b7h~>THczD9Rc2cRBZ0pB)L3#+8dLJp@_f!76qi8Oyu9Nrx>1RndbcSssmR7@r>{HTb44EVn@W&e7=}fgB6?eQ&PpNa)4XYt4Tk_H z^8ac^9+aGu*qHcl+F0u#YqQ!G0>0Sc5q5;7z7FbViN|_gp+vOC?>Jr*eZ6VZKNhvy z9~)1HjHCFh4Rw?eb8EJ~1?WN^FU+)x8#^fTS|MNN#a*tq4&pTFdofb|ap*#Fu|pzJ zUzAbzxrzKf*H5;DxH=->nW9@13ab40Q7Txkd-^>>U%hiDkq{NYj=5zc#@G*s_^TN4 zK5gvuoaJV+QS95o9Yz>B7vWc?-B2_v-I zijF)5nnv8gmVF@k&+}gJVUsk{;RX(r1$uCeWja zxy|VP;nwRw8xCwo1^nJ!__pHtL*z2?ff^R{jmfX0RB;C=%b2ga&ld*GjCYLlREt~o zpu0T8WR=^?Bk<{8IB374t@h$?^9!I-WfvCeFsv}BcY$j1BxzYHeE1rakS-~&Q} zRo}16W`C<$Vy*9xIH@JZWLm5YW6A-obgXEpIB&=PnA?$(Xr7{IN*YrG9+|d~jubnS$C+@Fn_? zw)MvX*6Rm%MP?}3FAJc75UhDyUfFuWfy3ufSE7`0Jhrmp_d=lBvbi1cXUUINlJVN0 z7UgIN6_FsC&1@O6iY9iqKdia>-~m@4`uvwY|2FfxiZBp#2ZbCW-jqU2-QG&)>z-bL zP&Tkp28mRT-DrFX%F>WUN7Egm=4Yd(QmS4{i+(0PV0n;e-kyN#gD^(t5ou z{nUMMh{4^ywnx&H#M7u)Y_WM*xbtS2?W-%FWTrrr&S80oX1jCbPCR+vfs>U6{UkVK8F`ld$UbYh3eq@Wfh@rds@BFsDoXGD(@ z;D+Bbj&3;9E>dl=2{cpPZmkSozZP6CdW*9FpCdQ19lK{o9(?nu4)o-z^8jMKV6>N^ z_!Yd@%Hot1;(`3YAzso$90^J~TuhCr%Fp885%hTv4zbGIQXKGHhZwfCfvN&e^oBh;e;AsJlE9{M+1s z9a9e{8uflnyTIAL_Z06Th?=6nX5cs7p7-8E^Ys@R> zA+Mf`P#ql#bD=X59!4=jdZ9eunU5$Znndh6$d3Mn9pV$y4?><=!3UIo(!n0fK)gvO zls=*gIjEngo^y&7dHXhE^7j zvN?&mQqq3pwUR&?wK>XD25HFe~X_@2B$qA z7EB1R!hAQSz^O|Xzyh3jQozLiSInT<#GJMdNc@uB2vsHqK6HrEm;$&c z>=*zV+V4h&upomG#A*6KV~2_5L3wn@;yfzNI6Ar#<7$)l5U2)9Fzkt`g^U`55EMbd z2$GnM#w7G`D-ghDiHTV@;4;S#kuec>-n}B_@gR1&iN@^}lOv_f5SMUTE5MV{+BlN# zsDFunjI!V*7*fd^xWHDR8K%&D?#N~Ah!238_=Fd#_#!g=1?K!^Zx<90w}SuLU9ySz zJh^autj(scFFm)hto(TlX-HwoV9-hN=n=UNLQy`x2(rPO?S);)pc{g;J1+yI-PF6Y zcK!J;A>7bCUL2D{&VEWi$#3`O>N_fVgUO^z>)cqv!o`$ z_(MM0Z81HS+IRt8s5y{r$4zwmCta>E?QkYT(hFJe_ZmEB@j8|-w1;BImq(W4-MNgj zshNBJ`gczU5e64_>MZXRgF<2OC*Yc`hvI@tThqkz^6(_)F)%{QeLq~*mq;CH`+%Ou zWvSJ}o`rh*!NOQQ6c| zuT2byf z#GM+zTeHufX|cX!uIKhH3^WKE^JwmVP503K-oOmD%Ho~Q{z@=gHBV&9k>biKM?z9g z8jofuEnO8rv8!eV6~EgbhaZD0BNMaju8YV@O%f*rGnDq7qz6@0E+KYDd2C$nLCfOc-)FLsaL6l`?Z8SdEEg?Y@WA2k`h%t&T<4QD z!mmEEh!9G*5;qCR^ya!Lfq8m9BtqrMc2{uEf&n=INFQsN+QO<1T)!)n#XkEP+2pHM z9S-6xJO5k-TSKL?NwZj)R;MYA%opA?E>YCxNCPjc|T1 z1|j&LnUtGP1VO_J3q!auT!%T27iSuMz@IK_p?f(HQ$9JmhH{E+9oYuA8;!?@NN;!s zQq>C5$aEAWrpqaYCgQ)y9d!mP2$uJJ2J7J0M0NxLOc2K1Knc~LkGD&WeygH7L9~+( z!S!V1Gfy``Ka?N{^#qY*t9VshtiUDnwn#PR$&KBbqj+`DjpxyH`V9O9_k(6O5smzF z-k>kggWU@BXzZXzQ)@Jn%8)<&nQIMhq7SvBCr^-G z!QY_PAdo$h=>n6AA~-{8wUlE;Q*j3;^9Nhh_dJGjH1^Hr-+uu86{pOzmDM_bbaCWl zHbc1H&L-p!^Dx-N5nnuh@>5X`p1T6bq*~B1^stRuIfr1R8nF_JLS@!ImQ1i5lJ0&hcKw`W`$s||2z|Z!0$Kg#Rg2#;8?mhxhc>xMv z1>vm6wuA!yUw>cg#>COb1KuFG>$yWs zp{-ICySoIqk>iDhI?h+c=6(%JnefQlf0qxD!Vd9;;;&!&O^jzv4Ijz=yY81XqHC=I z^#|kh^9Qk$Xh)0#iIhS9>a0^C`%N0$6%VX$^#oUexsO%vjgBtXE3!ibMkWb!;E(kWlR=QBzcfyY-=I>>% zNUmw8rTO})wGLj(4#7MGAA4u2TW_wOHUP9~fQj=oTJmZZBJ!_&vRU zdIQX%}Z!s*+llfAL)On(>WeQ1S{Nw1bQJ@D?;x^u92nT_}2C&I_SGh z!j)#Jn%qsIxFI1hJVw4t{wL(pw$9Iv-+l)Jk1v6TWizMG4wm|pJx3&`vYiG3z!Axw zBnkVooQ8rvU2g>vH7s)ubXr&_%r|Wn1Zi}1w8e6I5{+qy0*?}L)a;S8qG7Q$BU6Fn zubd3%ZzqRkl#=C*!O;VA--op(xx+wCgq{pNkLOXvng^V^r=eu-Fbu5K6Ruv{b^`If z%$S1?Kjx*|`RPFx{H}qslh5C-zvG0Rl8O`=dYH{e?59A??e=VC9-is@zj!yr;Fh+@ zeb0+}85h_B8qa~BcR176lfMWnO7R<5lcn#ZC;rb&5~6HA;=xfPMnZz@m#o>XXba1; zG1>K$5#m9pC`bOJLazxxh!akDnapagzC5QyUm_iSI&XU~taTK9{~z$RjkOqY*3|=! z)mtgs>>jmzA!Nd^Us1$f1m5^2d<^xbL=vxYahQ*BmwilD17rX{CfgVb#Igy~PAK!m zhkvjJ>BRn94j=bo0ED~p4lvxPzY2nhFqjY;Fo6vcSC6l0Rz$E`Q4R0n?Y4-LRB zcb1X>`&h=ax+1*?BElz!ub)X@&G|Me%QBe) zQvkY%>)!!fYxfS(ZIb(zg_v+gavJ9dtlm{H5O;4|8#tmN)F?#1P<)79CBTx*W55og zKJ*(d6`r28<8C+TM|v~Q^1Jc=yHH`HCs&3#CVopKr=&Mt(`2NcrxO!c^-#D0=%Zz@RZisc{ZCcM-lez$B)624G zZxU%>xK0_AUKi$;f0RL`z7dB3WOEb&@dl?w(Xpjco%RhSJTZn2!%lbv+_N!22{^wWZ_QJQOk+9~ zD}HU!yv<%&y{{BF$e(fXD4?G|-+0w|+Z5!cxDhi)56`%AxvLwiYO6!$fj5KraLWkE z#20fo$pDqh^YZZLCea~);m!^y`{a~0Cuqg@IO$oHx}sY7Ty=fG#gLhB*vc<*Bql#y+bOivl$s4wrNOSXfEM(C(4YsLR0`$E zOh6c_w)WC}%7N6rCs;?AM){xPS9V_yC)Jt?0$AJN7rR=o!>;TR zy`0D!YM#kX7>*H>;c_xU$YkS`BJm_Plj2Dw|VEwG6`Re_0XF@dCOj z@X1GZx#BW5VtBk+l5;>SJ;Ps)F%+{u;j8-O!p8@#EC&cR0sNz&Ssvu{8?po><&02n zQt6=0(+#@&@Lqn^oUWtnL4#NAp1IGW1Ga*}zo93|;r64-Htd_NU6U*{t4G!z>AH{p zpA(rcF7Vr%9}!hh$mW=IzBYp~xZKI#OO*5Us{8hZ(qjMFUPD7ydCv9Bp#qV9TZKMv zX(6DYYQk1BWdQt*;G^CL#k=q-?oHUARWA0End-O@6zuusz`9A-is*YI?3@eyqxc(R z{oA3!+vlzf_I}9@>|FNO&tXAA6j1WDUKX!(>mPy`CalIkeGDx zsH9@x4f4qYYQl}bdhIW-3W0_809`9mYypTBzdX>Qp_RN>s30T-fe@m<7GqG%hil>d zsw*BZTQ(2zgca&hiX52B9Sc628do?1Dxd|)!Ulz>`N+)F#FEg&ZS9w5&M#WEK?^(O z6howgoG`b@cPsf!Hnty8^NOd)e=-SL*C?kjNvk-;&PLc^In%_+w1E~@~-%@DuJ1JX3$Hw0VNY3aVKf$jJ zy~xr_G8=t(BM0shX*rzDopgBdeC9vs*((fBwh|H%-x0miKCFL!@4b4&A0caZdr> z?YPf;(J!KXD0fh7+@qa}`xCz`RthhYHt*;B5p$4@Np=sm*#4Vq?h-cmbh=m)Xgq@& zd!$a=osBIqZ7kZ!WZ84+!yKf*{XcC6B5HCSrzhpPb){ccG=LWzo*=g(8^)7VJ6N8v zsnYY1A3IO?cFa!)kl01cd;KkZ*hSC2Hg5{V_N$@H?B%&L)QBop$>~r>7_?clg%t%= zMHvYVCfEHBk<~lG*2QN6tO2BOj3H)ptn{2+>aZwUxS())6>^Nq?o9eL{|mrxGd0an zqPbspUy>su${0Hg{I8Y8)d<>8Pv&rftPG2ViC`^~qd=2DN2vW9<*=uRQHz@ayNm_T za^zqjKK^IE#V{1vSPQ3`F0^ zeWt<_Ezck+g4{J5BFE%HgJ-~Y+PYt%t9{7N{7=l>*%b0R!qKT!mv~m2>RU_S+bN*I zr6EOo9-ZyXG(dxDQdvfZn4e^%{@{-e`41Mtk+c#Y8NnL)HDpnw;1=t5pY&%CipU5| zGX?%8tgfs|kD9_7`Dd!NK+){WMEusAaROqbSvQp55{)|T9>}_Gv zC=UUo2C%n~(d)f1ZoZQ;PKDg$O4*T}pCH}ae~p=mD?RwOHXR$IX0mdtsK z0`|0b*;1ZFM%m~MfVe1*fe#FYhJOCVSGfwaOb9Q(E6Ifljv;HtpJXic_~TPqIp#BR zM~%u2`M;#%v1$G?z+Z{Sc>F1fn%uTiagwOE9gQ9V!}(L)6f*ZKSZ?trKd~No_-OeX zB{P-lFWh8b{jq~oZ_p=HybyX@-VWgg9SE6&di#2YN^4_*p;F_|f6^f|4i|1mX;W{@ zFYQTKNgIL^6|1RsW3=cB6aEvdwBW@m{jST8bp|~=e`6!q@W;GnhOJT%w;pnhvL*H*2O?!)DGnvOg;UWFt`8wrXJ4Wb&$^S1+VH5je`0MblcCtp&#=$E)Ws%zeV8t@k;`0Xe-m7pra1}Uz%FHDAEbjLcLyQu16 z&<{S!n3wEsWNPGu9#8@kP?&$@LGfk&)7Pd}AHX~^NE&|(G2{d%30K}wtKBt_;K(&* zQJnxXw;6eu*@M$5ft|%Ep_B@y#$=oG!83aLY3`|qC$lb@e)aW6`XhK1zSIpHddAnj z-|}|kiF{X>@K5wP1=1Nio$K?aV8FxeP@I>TOl)({S>0Mf+@H80notv21-^h&@$^V;*Z}a$Ya~hQB7IvJWGg2n| zk%2Ta_HK=Ldt5*;n@O|geX6Aw=4b=bhe4UvMCY&StiCFWZx=};(5u5=r*`YT-g7Uz zPy3?XQy*##)m(9}+e06U^o^}F&QBge*oh?JBU(>!L2Ybtf$?X_(Exh5`G-Tm*WT0Q zj14J#fRa)(o4MBGl?F?q5SU(7N01}RxAAn@W@*_8RPxE9`ege@_!e zVN~rBfX+~e<^T4*6m)S+vB)2`kosj+QA5O$?bYA=J&+1Z==m-E#F&&Dot1-VJY9EX zxL6k@!qS2%1&I9RKlxTp$kRTG>7yvYIOfs3=dq&m=$&C`$evZQqNwzS7y1N08z|o| z1z$uoBUVThf1O}UK_015vNkp=K{5Q*?POIy0{^9>ofBh!Q1=Y1Qz-wvMdWwwYQaCp zwOH}ry1JAfCbgJ(%BMulNB9vvo1lKF(-1~1$v>nLL8)FUVfh`%j{ zhfZxs(0c8yn%wU{?!$~Nqh?`ALa}pC5QK046(=-JW14NmIYh;fgWq!`FTCS8zIs2c zN&bmltob4CgbWQlv+|p~#hz!`wYZm_$8kMJ?1?Vx?OsrlZo8&nZ#Bq+r5}%%RgV%@kjeP)L1|xj@(wy9NS#U+ zb0<^GsDFE2Fo;W$UKhZ1L^p+mJ9@j1D;_yB0o|Ded2SNefq*(;6&_o2<#5=~A3+C@ z2nvRw;Hgm`#$YiQ1VP>dYAlQ|qf?eBwNrLZN%kAM#>~l(_~uTwOEljpzR46H)}-ll ze#*raHMi>GkeJUCcw0&@VpPF&u$T&hV~!O^#oghZcV5bOKwad!_monPZ z#vIHy7oqzzmov&1N`_obF?8pSunOKeM^9B*Zx(%kF??dzu{72HKSax&vrFUhGEU>t zkaPPL#};|Jt>-oCb!9pFo!<_)AZ}!N0~-N*gP41_o2`Bq;|)JS_B z&JakEg2Wa-%|som*fUGeoR!EhfEtfDvPi7l^X4riI5IN65T#~(nNuR%FBoc5xb^PsX>1}Rco5qL7)KL+CA%X~*_gUoC- zwTxwy_O^^7k{sg^_X|lk8}6 zZ@g@K^CH-uw4an!1xL{zaa9>+8Aam1J*w$~5?kbKH+d;GrH=NOK&bvmmUF>sVAS`vqN<1RGzg9bC~MQkOwICrv=w+2F}2{ z-%z(!4&`($H2_{!%^ub*F4p1UN6uN9`(-*(*Y8Hw57bvFy?pU`6l6A_-jwi_zXnZ| z++H}S$q>%>k3Dh;0CHbi;RN>WIV0nZ+xcu&ft?qe|G*sXV+Jos z+jv3RmKBIi>yLd~+`*gPPJye|=jE9}5c}PgsC?y%#KdW2Pz7Nn9xW2#B_6|*dW4J2 zJ>Hsk=k1bi=Ekz+z38T6sZ4ykbW{~JrK~@Q@&UOh4|^I9=cC5-rj)F3F#G<-D46e%(cDqmC;ZZ#=4lEe@A`)Co6*s`ca z(K4u1hcpvlgJ~D(`LV=Fit&1k(qHv&+xcg-G!fM}xGe9#uu0XbuRL6t;f9{_@=vt^ zj|6paM_>=hWdAAzZsWlq}h&xTaWm5&M zrm6RrNCO*>t$ie}0I&F+lL%!b)+K)U(wh}if3<`N`}**n#* zAy{%S)?UL3RY-Xw0<7wNl+NuCESy{tN-X*mRiKUrA zh7J9d*BpWmcs3h9YWMEP-Wv5Lq(IBSC}Ipa{rH5+G>WmwKzQZbX^Plj#=kn#m;CYeW!!B0eyH6up7$IM3~U8~_v;(waA0DKH0aH=fZ4CMIpLl& zIT7{5rEsebO0F{wprWG<{q^GOu5`?Oi@lP1=3{l{DQEYOq|DC8yWkJn2S#^O>;_sH z#yGOm%X65qTDbI8Z^UA;ypWgHpE6j7;d6RPRo%yvdnCsi8TjjWk z<)<_vAQpl!{WqUonM`>vLVI@$!_#*oYdjF#K-5{cpCp4b5Q}NBh7@Y?RXMGaBCNAv zj5#wvYCF$V)g!#|8X$0zI6HE)*1CVN*19^2+%pN0eAs1t+t+bZo3Fhh+wml8zdQ>* z`$dQ!o3C*^FK92A*IEC|1Y=F$D|tdYj`{;7o;G4|q~XC|Tfs#Me!PCfy(}a9eU>M^ zih*rCkYHJHE6r z-~zZ~m)lGO_a4u?(-$YH-^XF41*RTH+)r1wpR61~@e$iQ#ZY4QcYU=kcFc)}z)r1~0||Mn=%(Y@WX*iE-c~buQc#+;r){deqel*wvsSm< zR?&Wv!Q032aEFn&HeHvw%keGh90~|#89dw~706G4M*jOLdk-C%$G-yOwV^zxqwc|r zVtP-B^J$qTIHr6iTF1WvZM`t>enAx6Q?o;ymO%elLDoMfdi&Z09(@HPp7NCCV_;6= zpF))s*%Vc+Itpmg@>~rEyeqc_g?;(}WRQP}AiGK-LTqB@i`g$9Dq-g)1_6wmnB zMo>lVe&k%=K3&zw7j!?JgXMoV`aVX8f5_X)>#CNun*1pIyrI6^U(r^f%F|&ZZ0Yme zdpdVV-QQ4={|zT`XK7ETHKg|Xo;;mb0|RFq5%Ib_nGZt`pS!U)5h> zJ5dTMmk$UvFE<0wmgnfVehLmL5NKJNch0|^`Y*9if>gA{Dpt4^e@&j>%saBW@pVFJ zIgle;X(F3@r-gsrH2q1O$f>LEBCiAepQb1>OEr*9-~0m{;S1|NA*bX2aqN(*)z}3Q|A~-P3v^>sYZb^X(u7H zV!wUoK1`GGeZ5g1;eRd$emPj_2!~AR2xOpDI_xp|6EiE{%Xz=^bQE&e%PHKR^_SBUG~HwqIAcNs*QZ#B zA3Q!-|B5#&aPiFMk}UYV>-zp2D>aD`to8n#^vx!Gs|Sw{hSyu9iCcf1+Pn^pE5e}? zZ7#M*7G-bUeGjQE6AiEEML=&>9$SkYNem8+mhw>#++7buhEwBsxkD z-*MF|*Tib?)>3f_%ceJFo7;JdZ_cb%YZ!VQFbtDtS*9F&NRoiO)Lv+|mRw7d0q}hb zgwnBp#M0o(Zi!d8aBRfDajI~8y71S~32$?^W1XI2v}dAs7i!tast;4lyqZ@Bx zIOPK!_BOi7;*nwQ_$pINk@w~yKRMmp`VdsgZa&t``hVyhQz2U5QgQBdnj06+3YD}1 zk_ZrB-mAy&J6~m?NpBZqQ~4M&!;GHi5mgA;Y;Z_CRp3kE@-JOuOd$KsY>?cA%a~!w zQG1C^v0=4{&tZ3tH7hf7HEP+r{c#2dMZ9UZ?ec&l>msy%&Fd!5;eexliI11CJR45! zvM=ZFE5=hs^`D5te%svGQJ|aedkLv!2>@(an+rN*!LLojn0(xSe6<%Ahaox_eAm zXq8>D%68HDRL49tK$^5Bz2=(}L$*+nt^!Z`RAQCD(0qf7S(Oj|BcNmYf9ueY1Ax0rbmRCQ1NWB=6?#>9d`!?XoY+{2RpR65CA_Safj zctX$ScOqcX&Dn-U6wPw>cMp29HETG`EXY0@2Y8_xwfmo4t>(&s+#Qq*PZ1?NsSu7xd9CYAkFGt%&q5>4SL^*+cQ6-$#X z>T+SnzF!zUbG3?+8EM14)t~->j46ObrNwGeU59UqWzEfK>%NVr%f>LC()=yiT3dX? z#&gKii>B2pnc};vEY|wi_*|sjuY6RmSq>W1qtJ$NtJ5 zThSDlb>%$T+s*QZcpqmFWY*!?>Q`tfr{LE~qfQe;%3E}MsF!{Jgj@sU{sc%YXmBIM zZ^=|sL@Ih#lkRGKQ%sOF*2AQ8N)zhp+}P#)=xyGfN4MuryDwq9YiT+u+4i6UNrJ6R zU+DKde6;-|7RN7ZZRZ3!c_eNoecIckNL0bt5JWd8+dTX8xnzg|WAQ6ny`u9c zx+hN$VP1SoTuAd3z)g8}A^0E2>^x?l?{$l>9h}{d`W2V6E;vR0qG(=9b2_-A6+O$< ztao%rsdRFU>v1-y^9kDPdkp-DM5Wa>**Ygy+K0S)Mz~Mj+>d9QnX7OWDH*53F15Sk zOv|;x=e@F0RP1IAo%Dsnc%EB1*K~PK@fsbs+bwtH+p$ghz{{Xa%UF5e$77u()6mG@ z61^_A#^hCdh;IR(uVha>{mfiwUd{dSF!r_x zf~1+NGFl{kwFn@XQrI1E z2sKGoQJh04DmAC%$wj-wr2|Fpe*;etVd)-EpgH>Hs#E)hw%Vu1FDmti9c^uw7qCp1 zl{Iy%O)hCfQ|DobjtWGL6T@n!K&Bd1H>>5iBB%HE&vHcXm7KBj=A~DcRYKa53ueaE zgwZrgvU4{SapB|gPH(tvzqjmX>F(hE{`V<2QE`3YUeY+A($0*;8;kR zQ6u$_Rk&}D$@!}!O_y^U@>}_*j>#Oo`imrBc;8rpl+XY&l|~`PO%|E+dncud^Q<)8 zBf{1mtj?JAvJzg{7B<3{QL<9vf4*sR$_|#LrqQqTFUXOoGBLg&X1{c|PJNiar@aP} z=I-75<)%2RSP~xirS;C0CtC2Bd-6l;OsaEtr+%i?!y^`gerbrHZB5Rj7xOyW6g%07%Pm=4L1*|Gbj|nGi^yzU?2Wv>G&mC1-~xzk1LcDDfm47VTsAltxF3u z%btH~XU>_yK1yGX5dR4w`V~7%C*0C=_3pdFgVgPm z1r&AO5M`1%yvlUoRC{%#a*pGN-bJ(nmzPXnsBKO=qT883;i!nO06N^v-_Tj62Cw}q z_AeAhEsDJTFlnoKj?gm8a*HIXECZka4*j(=t3kVNHl;$w@Fa;UgxF6Y+%suhFo#!Z zX4CfQ{6;5+qyCopCi1wuddy5d+-&;37Ks+I{FHLAn13>~E4dTo9oN6tO~rp_xDRCH zY3_K&5+MTz-x%6uPz4>WT6XiaW1r6jmIJSC zrY#1mbo$6`?U*rEj0k=GHL4c~2OsgxTo(sWn@_`8XfE*#6ukRi+?4G?2!unACG7uX z>c6ws9Hee(B^v#tmCc$?!j7Yk`2heqe3E#B-ax6)oswV15GA7c2iIskDnFF1SSsle z|E8WNbA~E|;`=mMtnt`!rVAI02h*IrP45@D)rhK@eXv+|`%)DP$>VovjO0`9Io&g^ zJEglsQ+3c1hHSHVPjtC!YMdBb2NA2gufLeO=M~9cxDe_tth#nybbf9Irg?7S5H{|j z+m0(VUIwrx_Oa*__*=64WTo+R3Xfl^zXa2=kz!(Q4N+1KgsAt` zy1re1yT#=6rDNW|D1Hbz1>tYXrrpA1p%lNMNWE8)9=9yvx^qtXQzdT6q?Nk5 z!~a5F_MjPHMT6y9D{3(YcDHgdhK*qGbsVl;#PYM=pY3Tx6BByR8_SFir%Piij&VL? zlgW53izA<-JEqcudrCU^t^`jc*-Ij4wSBoH?%Q@4q8IdXPdP7yuiASJs~@B{1MAdn zFYgRp?Gv@=yuCg#7Phy??z!`r$@OzlRS+DP=@`BO9o}5pO(R6}O^(6M{5)F8_YFK9 zpZB!AgIeRd+;G^aAu)VaKZ+9LOG4hNNBlavv*J_Fk%?jqoA3xW<3o6{?y_I*Fw(+i zYo>j5G2wktbjw!pm+bKO}8IhKzlDT-dsGo!C$IrWDzm$YO|+0`iPBas6L zMT4LLY4}HEUJp2Uxl3F=1@O!VrnK^^8jeU2QF;vo=>ha?FnDKP^N`A3WTCeLl1Psv zJVUB1^8oTt+732p>VgdM;co7P`f>cnWEB|gsuAZ{CI#B~A9aLOJ4VGbs^qo49izc3XOtNp4)5bq>wYb=wgs@W_YTl8sp&>{2pQp?gRtu z@=^w>*H?n)&k+P00Mavg%D$W@=jnGA!%MIvTQjE01UYWt3g1IPW*9^}d_PA$?@L_z zn#UP$Wvv9 z{6@~C;L1nlVWcxf*^+oi42EhHn?28C2lNO0k9xZW-$Kx!%pRBz45<%H!I{;CTt^9^ z7kBL&`SF>%SRT9c&bpaO2l!WsKa<@ z=H{7?AZVksFu<6xwx|o2{6hbPEl1ML4?hO0Dmn}rauMpKr3?)q0}-F_mG=DbN~}?a z+FQs-sO5oMaCzY5h9Qf4{VP;#Wn2(;)&T0MyEayP^ykPwOu6qNYv_+_lgFdkd&MBb z8A(9NWn*Q0vPq})D;VifaRR3X8TzC&ITiS%6sF-3Dt20RN0@&VIOQNT9Zi-glPHDQ zPh%fxS=x4XB-@*nZ2A$qE^wT=ZbngCuwS1>$8P{M!ef{6r(t7+3Bo`u_9pQ4wnv@a z-Q89n0=R>QB(RmYu%(r@aXMRMku32U(UF0}vRJvTj({?LUw zdnYwc&VsXk6~(^*;22xh$^rvRODcV50nq|xIbPfA3(abiV^nJBz`%!bc+Tw^kzG|1 zYli8?>!zB{8n?4@o}ZSRiEwRz?YPjmQDTAB(;GjH3;4@VmE$^TIwm$X4w1$hFn2p| z070D{5;YMU+y3b7NUpE4U>A#{-3F+U6ieA5mwrdAFhuIuK!l1gG5b!1HnTB=SScyzW&}QV*V<%iQV5eWTwzM|?|b zUZdsKM{5hPOc~p##pCz3H;CxiJWN1~$35l5d2C2=&-E2mIguF>uT$JTesMv;lY&w9 zQ8q90T#LOQ;Es6yx!j!I^Z!cw>aeQ1ZeNg88l+1?O1jx}NrQmWNSA}RaK<{Wd(k-ssgl^0>m-mp5zaSJ#gqhK>I zAkK9AkP=%QxJk393l7Njv;x(;S5vC@1#wL31S@cfr02%-XKdHR53lbkU7qtTAHY~; z5l@wif3TXC1swdQP>f~QVAfih^C;P0aE>cOm@ydpTixqjOGyOlA?9tsD(yRz9>88& zBO>FisgOl}_SZisi5IP#w7W~6q|HW%V93ot)-jW~8vA!Oqr9$e=d(;;tG<`W#{OGZ z>MpnSaDC)kj#@Geu?VVSpw#n+kyZ+j?OZP)1==ONzE(nb`qbaqnN-e+Z$|$+E`ApK zrouur1{VG{24p)qCj(#B2_2q>;|=8qmHPF4CnacDy?RgE?M6ezI!^JpFx}`b-27?U zTA?(SaiWIm-K`5MlTX}sP3c|VFHF`~%+*$4FZ`ISSx`{AV!P)0&f}{Y3d&P(E(pD2 zTy5va@>(VzW znG|k}Nmpz8tG+(8DCXv9gOLn=m4uPp^`>-lZJrS2ua?&tGz%3W;pr$OvzWHJfOvz^5& z9jv8LUZHyo?wtkrB}>{ebDc#RO}}SQroS%5@z=%}qdi1?EmUGoscD)#J8=sl=A;8s zLiG#P08h8}p^957LPJFc0uX0j@g47z6=fTmfMp+<*XPVnkZ3((8KGfo^OF}he4eId zEXamvf%?ZX=tJwr3(sdNw)A6v!crE*R;kmSB_)3F1ifD5oe(@V5#T!*@|Asyh23qi zYO0LEk?v@pgHu2>GZhkG1-^U7Fo**n+}3iJRPPDdOJ^OkD8FA5Ti>SM9C3}(``ujJ z?;Xfn_;H6%P#E0AcPQjsY`rbKev~&kldUj)<1_stsRoJwjvg(d-YrRyh6?RLdEQff zzol?-wJr%0Prt|(9c|RHzc;npHqJ&;D$~$)LrrUmR^x!2%u9hbK+Ljh9+# z??YO`kWS+{F4l9e02-x2SvxIdqp7|$Tdm*TrT)2}dqgKUD6EQ`wg znBA0SFTlAQ(R9EDDhtc!9 zdG=GrJ?9-dVLCC<>Y*RbB`-u3qvp|v=f~_4wu&8rEnqXI={7*;lA(f zx`-f5;JsnEFJ|~;djw!ji9MUH6^=zZtn8!wWj|do+btW_r;&S`w{(7e zXta+#Wjnoa;J0rc(w0bU3H<|%1;^nWk(zk1(^f)Gb`d^=3cTCdY7C`)c2bnAXG0fl z`<>2b-zcTj&(FH{oS2(^gW=pt$beNBly+FR2Ok|h&2(w*ml{fq)zZ_pI z5-oA6-vCCgFy--qmJ!;L&3G*dpay+id!;V;@Wq9$+&a8L7W5+ziR#F{CR$qIDGK8$ zX1^?6I-6S`dFhIF>0>i6U)%i1e7!Thk zOOtD(5&&8qyOUZIg$(k0@rPHt(AR`PCq-@yUW9DVe4ApZeJLnk51u8LjQ zzVuEaS)K8duYi`q+KNMg0oXdeQCtT_b*@~-?G-;4B++ito}&y{hb!2c&ca3P*)jsj z+YyUC#2G%@qO@D!!LQb2Y@)~VWw;~nAQbU>g)$z>cpjRylA;FLq@paGu4{(O?Z($9 zgYz*$9>y^R?d=F{^kQ$@d>z7EwPNs>UyLC2906%r;=fRhT&g-NYX+T6!xBkQDNixk zP^A}`!S=CAom6M&rKjbzn6ezz@Of@}LQUE$W1@%#y+=p@^GBLZ&6DD^pzwF?#6C8n z@5Zs$R?=mkk|sP;pYt?0<;=ktnm!WErdJnImHL&TF&W;q`;KWy@rM4c zxS)*McNm^7`EFF~Xq~f;5c-2pBk0C_bEAn zotM@cydu-DO!+q}F#fq{9KLvu(ex;(v>l#%KFz7oaGhR`;M=7pupc?s!_~PJaxCSB z!tHhtq!fR6eu5$m471$vydUF|Cv!VCJC85DIY_-edhQSe(mbybob`E#E>2{xp{v+UxPnZ&U*)1$C1#Uw3!TfV`xtNZoBITj~JEY2o@GdA$f41_e=$}NJU z@za>smJ@YEP;1F;tCxMbejxRnIK>A8G6|oQnR+$s*nXD zgy1orMn}%n3ldNnMgMi;+=}-^opf{K>kLeT@~^3Rb?tN((Z;3oUz(u| zu?|H}KZWqpPLwPv4PK@7HgWxbyc!}su|tM#g%JjJs=|tI$cucmE75yF2Q7KGUkI6FMDt085z{Z-8(G zSQsR?buq@^0kkEUv-U*>Au9W-&i4>u7J1;S7azZd--0$<%9c0QNTMsm&c$F^?ym z6f)SFJtHO1=qf=0QHrwoWx3eP%h1>R8Gnkhntllk;2OXDWzT0SpCXOuRK{QIT?Sux*0=I$Tr`mUp>r=4@&wF^v zt{L)fxes_8-7t;#cjj(_HNy8gJ~&_DW$=s=NlU~^9E+5QLZ-kH%G>q2{;%35Ad3lS zladUIsB@f9ll|=!X3TtQ3O-@4qJ1Ledl$wKt~5Fp;vTJ<&$4FJYiX4xThdol#T*ml zS$iO(JYfp=Ih+wN$sawnVV=G5YUFBlP<8yRv`*}sFdeyuL&Nn-E60k;%T;n5Be8ce z*R@ZFf~h5CXlNq@_(OpxZ%S|HhcqrPt8CS^c#|o+Lb@W0xwp1ZjT4V#u;bW#n@6AMeDb;9 zU(ktBTjGYnKs{yWkcO2BHyo}7QkAwnx?{OWaO=)8T1eI9jB$#q#=Z;S-*jN4T0eAK zohAJG&EAOq?!gb(yt;IH+LI^2K33#!Nz3`PSBQboC@^yj>w7^E1O@Yua?Fsi?2iOq z5|r}|cg3NKg49Xl*TF~M!K`wDk&TSTNp4g!3I%JM4EHz%3F-4p4qmYrX3O#O90XSa zslqJxU*1WE;`MI%zwTi%WRAM-nty2m$A}w#4Tc(6hgym1msmSDlot)cb_oaYvomFr zpk!5p4-Efc5J?7s>oDE4Pci#jnggIAtp&1*A4-K)siuzA7C9PIn978C$YhU(C+BBI z4nvPgw5X-}h+YmuIOcrKq$bb#^rvpl9~TVqyYY3pXbMk78h=mES7}H*M=T`-DFBP4 z1`-z89=eB?lymDm4wq)6lx)2}sfpc5VgqRp9zrd0Lz3BI%wuOt!2e|4Uc2MTLn!sb zP)kBpR-24oj!Ms;)gLQHz(3#+3@dMVS@$`7)A?JS+6x2-67ZXsKrepg@yYkA4Hk_Go zK_9e&{e~;Da=?pU%HWlW#l4u;pzl$A;LaZl6( zE{^AyQ+pjl{mVvMnVlk6eO4`{<}M%3{d@i3t2MNCRT#4z|BOggg2uuXDVrd098$;< zoA+4LXi+l3>@!xk-2MJK4HTO%o3&1-f298xSOVGQ^tsE+8X%AFs2ePO@6|~a$r@dzdr zjmhP*<eoV(P8kpwCzU&z4Lw_#?5=eD-vp+v)vt63@)I@2!U*sGEkr%FESe!XX!|YqC`rs4G3*lGTFxL8@?Ul(6e1?&*-w zqraUa{= zIs6I|`LHwq>t4(ZJVSgE6pkr`ls|~Oq$S{&hONQqd;HK$RS1R-d0BZl&(>x$vTTz% zDEidq+!oxYvl+hN_k%u?9mP$7-+0c(7|8liqQ6763D3apA9w)9g) z$CFyJArD1Xpds(nm9jg}0wddy#*kA@_XvfGd-GL0ba?SIBuJW_F8`thK`*;U%sj%O z+pywuX^Un4$9Vi4eJTTNoIl94aAmrDTN~^s@MvVCPMSx!+hONsoaD!hjI||tP9TsB z$BGJ9LG2JyBJG2Kk&b+;HV*tk;@~+?1Yp5YCE4)GGoeF+aSCb0rY0r|=^b)ZjQ zW>J*?rkBGpZr8mzpX;7S)rkk`7<$kQ`_qo5)msB$NUH!W?uy#I@T3&$kgNn*l%=_t zle>iSyGUZnK(in?^+#0;ZlQVW&qqZ(!?A#XdYoqhUvVMwl2OI!Z?&;nc!=$kCJpie6fRkZFzF#mWP~7hixnNo@Ly<<_$Wse8y|vYfXJofpYu z=F1$i&&MW!L}i)8Q{}l#gTzRLpxU~!tK#VVrXFt{-gB#C@o4R+AiniELe2Wde75S& z5zlqZ#*28K)Gmr`oX&G%YYd@8s0RjPx;xTzo52*N+A+4k{JBL4GI> z($c2JC~479S%QM3!cL1_3QEtud|G60k)QCDqIPtbd;MC}Vaqr4od8c0rf5T$q^mWb z7m&eF@Ju-%x8*^(@L~4#UIp&LMTz60%<~#p42nUJ9x#!h zF`@x$l#z6da?$9!*R514Lf~SAAt(zsreHg8paGtj#E@Ra7t*J~8YGw78nLv+tgf6y zr6@bP_$=pHgjQV%k4~ox!@Gue01m0?A#8}t*Z|uA38j$@f3%Y9z$5%148xx>Cb@)t z?bx$&Fzxy3%f1;yrisNQOx}(*En@$UyhiuFO-Bpzsk6iY_R)~bmluOa#c-IGKt&HbLntgi&Jg{Zl5!S^=sYq9m8lJYS6?o zUZB+~sKi9rulgQL6@I%_BcpO1<2%Du_Iq>&H126YYylq+O9S92FR+$V^6#XII~&8p z8Q=ne4v4+5fPL$`>yA}%DOc8n?5EAyO*yR{SZL-K422W?M~mZmMwrUdG7^My^sznp zo>eQ6+?jgbF*H9tpq0vs!Tv>EFou-S7NYoEw3Z^Vgd$?!ms-7bY)K zsd0juNmfrzmR%O7e5Phk!c&g-&&Gj{Y8Bq4z}{3a*xrJvU6NJk&>BjvIPIa;5BJ-Y zIIW|cbYOv$nf+MBu5GN?wdJ8VGRp(OV=f|#RyA#uaQ9QJ3n4g zF6aj%M#9@2iQ@p_O(y&yZDVA7)F1LL0(@rNv6R7={1BRb!Vgu{ru!2V@g zb0S?72b;RwrY%NcPMy4>b2#fIiTj83>+3o^bfz9GMjgat5$LQh?HVPXYnDRTSmqBh z-WpiGL^(@tyu&npzuhTx3|&hyWI;?WuR}`8kg&_+`)&kUnBm2%@dr)*rZiLY2LUXV zjaw@~5x1B}zljj6=P+Q;$2G`~@D1C%;t|+{^8KBhS;gp59E17@QHgYNjSDOIYGRi< zt({rTs{*^bYioy6r)Ah$k;A1H>vL*!iFfqV--DTa(?75b;Xq1{YNp}b?~g9t+m!9K zFl39Mc~H-^(nZ-nNKdKfyl$=$At0t_QWa;W)~3Q9x?$AH?l6Ezq*=G0p)ZB|$GDm( ze`hSO%8(gn4=rVd#w^r7jy~Nx67>*h!`g1Mm{Z#$(OJaL>imWG(z#BRh#0XrVHj7H zw%n;AswI={=F4b*k4KlB2mEt}-;knPQ;Cj5aIV9~$0GW3K1GHFz~*i{P?`R4w|%*m z5Uq;S0vt`wPiHzC4js3hK?N2X?uXQUERQ*Q7LxJBHDcj#-z4uNr<9T`^})H=ggXHv zk#UdZwR=Uu0B>I`(-Xlvd=9)~h5pU$^0jp@D(yJ;h+7Yk3oeF3vHcG;vMo@Jo_bUs zI$P0Xl#LWcfkLzhKM)}V4Qd7 zH~qAi4}RVTHtBmL8ePVebBW5+?79H?k*;52Uz-ES-bIl})AClNU5K3%g+IL^)~5{t zgx}Wd)ks$>Iub6K7tyI8|53N-RGD~6fv*?92nWtEHya3e>Nf_0_{ZcaMjt|Q)frikyG8mAdfFH_jYOnOO)JKj zZ+vo+S|AB`*tQSE56FtowB;chT0bewr>pJCuH)68QGLaTL(H8#&v()VQ-u}o0ZmrYo6aTK2*-8wUCwwR>*Y8mo(1)SWaL|VaPp*Ia64r_{5B5|SMOvDiAE0R&N9N3 znLzF-=PyhRkbweYl_dG|n>-pkdW4reAK#RGnRKW5p{hMJm zx|b~XYRDwZ*CV(N%}ie2y1OmZiF%S! z3&P})j5k1r<(KukmEO!KO6=`$WU>6{v*6DXtFRkJx?jh-ZcGtW~4Mi4iCol~Egm2vJ!ezNH|##FMtw)^Ed zR#Ous;jmv~`YrEDFa z+{p=rNW21a6&~EhduikrTZ{*kh7Q~(bvw(*9DzIxgH7n-ZX@r>0;?MN+LK=K2QZQ;GAHa*@rV)>2sqRj>8^lG7G*Ji!r0*qEk6s?(lI0rS z?s#0gtydPRg@m0d-+ZpVwok9UiO^#|h7QQ&Vi#xe zo1rOwJN-kRzSGu!6V`L>RYU5JB{mQW(wjfxmMxyBIG^iwaf$I+Q?W6@4zH;u@R2@vKt0)(vSl|276b2~|Aq;;*3TZvgo znTU>PQUTyXaLSIsmeSj}Is2X3(EULm*Q<|HTUj0CRKd7!k+|#+>b&xjiA7lZBJo~8 z<{6IE@Y!(GVfWj{`;FGaDx7!UvC8c3&-PHFej;l;rw<9M=P9FUk6?LN0zf?QNCkN6 zH$R`ItB3{(C0pTnnNPl}lPC2{s}=h-+Y-Vbb{mZiy7eg%+5F}QcQ=VQr;$8#H>G8W z@yE%&KYooPK0GyuV^nn_wtRgatWZ?HHh%;;d1fxUF=*GRqqC)Nte-1y*7yL*%WH>K zYDf2^G|(qHsy5W)Yj0;7=_Y_^Q&fPBb^EZ1(y4&gG<#+K6G!5N#n*wso2MCwe1(%? z?Q1Q)TH(7WZXmXWIHPzN%aTcBmO$QRIJ-lh-PvBPrX=5(&@m~qksOKpP*GN@vvbrhDlv6@d!%Us)N!O!;BMEg*wSzagVEHI|8R^a_3fDkYEC zfii~Zc1L=>mtX#dX#kb-+5BCI{}oNo1j*M|oqy^wTAj8pr(%w(-pdxlKGbEryah}v z*3#U$rCm(OxKDVb?u&Rv5bFl&jSoEPc+fA}v=hv(bjL{jpMCJKiMr`b8!_}XKoX7z zG(0!Lo*qLV7SlmauldrY$k*w_FhHr|wMzVP(7HumbKj#{7$6gwAHUkUm`B<=hLzZZ=Coh9`~EWNa-0cRmT^3v z>^V65*&nRay07E29lu!JV{bG!RWqV4I96RE4YZ)`+NGbCL8r>@&)#@A0k_EMw~OLV zJIhpw5(Jj#QI(%6RZ_^BKpa!o&8Jl{k|+?z_vX5KO@EpByPN!>JjqO+(|V%%zID@a z8~X;+bIS=mZ^-cqu)*F^#JUR;ej`OhX_0Sz)e6i@;!fXBvDEt*TjNNtL9?GDTx4NMG25%PxfxOEDi;M|3>w2RTr5GD~Nj6=qvPXE$hy`Iz${fOh-QD1Im-mGa2BeDTAkX?ZV5 zVu{$%7!A(r`ob=-&)9w@aCaBF^s^DT2tkF8Jb(>QBNAn{4S(Afvm5*DvyS48m-Um2 zPv_JP_v^aa*(1KnbdY|7b}CswdMY`;l&tTIz3j|@)Agzccju*|+r^AReP%ouvyP~9 z+jMc~99sjQPY#XpoP^XU*WhaXrdBWksj;>V#;JRLufx%K$-d_DJx1~FeygfUD-zl! zfLkBFZfd#)ZA&DHAo4D1gg3{HAu3juXk--rcf8&MdZ zMlp07!&_=^v>OIK*rx@X?Xuz zll1WCd&D?YmDYj|aclxIc7*uQ6J`j#B!dHeZwg@~0o1Dzni5zwqnuZlQBBA6BZ}Ig z&NaErGAZbqPu=ugLbj`X6gj1rEYKmdd6LiiI2&PUqa2FEX$d@n&OuloDi(I{)J<5- z+lC@eSqc4o7(9^QqgTncOzRLGLMcY7XG$cBg%{U0_}nK8OOkzAEh3!)yB8W6ApTP_ zjy;UXe=R{56w1sVlKK=`PT%yI=*UybI2(G44be3G&SBWcoJB0Yf)tj${p2l%PX`OT zXQ~vkoSrGjQ;aQSpxnX!n;VoU!k=QOF`onL&vd)K|Mrb;Ejj5F^^b!Dz=y%nur24Z zi4YUNaQ~WWgDj_OiYcm$7bpK>C}`P$fH*ObsA*96v8V}tIdR#B>HZxBadoH1TP#+Nk1PL}2<-V3Fi9LUNdyEZO@k%l;qyOO$0C{=6AdKaa z+kbm`VuS#A{&l#2Jah;lI*j+&f8!;$KF1qB=YO9#wjBZY+SfsDA1Y>c|5RFJIqGkw z9X7pYzhkgO{>2^$74SbJ`v?ctno_`4{{CP6a%y@&A?V z|C!2*?PHd{JXU7{`hQ4jFE`j?P=XiZ-{kLYuh|lqKg)P=O@ov^S^s4#Yk9Tq8UJQH5|EU#$|o!*xcIvP4T)c<&*gKJM^h)*Q#Qz&LcS3hP_#`- zN2`-G*V`G<^~hpTK9E}Fa!yacr8`qiry-T4iMvtA=1WuTCOPJcKRa63K+C-;z*qEe zRl>a*xtzTEy{xB7aI1ZV56@n<-_q~FS7xPGZ@$p-n(6MNTOjSW7f|z238CjMMPP@C zgsFt$qWu-1j9@3|K%brKr9L*rhkPxO5{<6$){QUiJh>M~7TFXJUZ={SNQ$xQlPeR5H}VScC;}Wm+AKodGI0BTS@8`&KK^-m zf|h7pdO9T`XL1%AcDu|pmSD!TbL-Q6e^qM=n!ev96}UoJ1z@g1!*0HG9}@1N?3I(2 z-Jj~LZH%CDANv|_XmWVLyXOuID*E&d5P@dzKc#Zux{KrLRDxkmpyB&H>)#j6eAgij zrs-oEk_}UxymyppY6*ntjlXmq$v*wwpN}{1D@9I6I#JzuW3n6`%k+ijGoP&Bsd%7A zJ`W3*==~(NCT%GS8wgdmkuD0GV|w&r;vVgd3=HgZC@3gIC^a-gb~fs4(Pk z_ihp(SXEPb=JoTtSG=E?Sl2MW7xTkVJ(nJKOeq@>c|W5``Lk9-Z$o**nwU}V#W&dw zHnVt6GD9LvRx)T2AlTth`CcTHlESps{8)d#;Ox4eC%KVd!{kRq-=t9xPaGRcPd}Ye z|0}1rW8*!OqdSZm%{Y9tO2!|Evhp*gv3<%#09aNOjzsCxysX#sFQfg(8;m5g;cm)} zm-1Qh3o;fl9IAxrkItna{{-%B|c7M zT|iotO0Ye{Y?aQ`uTG#LgVg`I=Sda^;d<^N4DErf3jUin(6}6(zp=_d0h%1A;$J}= zI~!QP}iB00YMVSV$A)_Y9`p1&C>>M@bA9B5b#cJc0J41(LCP*oP8Tx)eLFzp)01jv#D+5Lt*DH-ky8I<8Ar( zvb_K|h<&sJv<->WGk)(lEZ;n#$08!CaYei3YP_83AikTP(gqk(a_QfB3;X#dO)8e`r`6WR|dB z`R*;w2cHVXvVEnY)P@R74gpI}z#Q!hE)sd0DsAB`{mDaFu_GN|&t z`rV~4F{n027rztG>Aa`A7&mIZ)GWz5@M!0qITNJ6$_|}IN1+re@mNU$8qiewzeI{U zxev@u`i8RxnKb5>_3Sx{(3Pg$FKSyC)1!S$pagF7v`ctRM= z^HYqXsE^%SHNb`ERqFzDZwtPCE_o(jtk&F0;91Va5kav_<`gU?^B2dOCn3?MFhNKz_YKIvX3hyrh@ZZm1 zh;_JUH+J|wB3wBCH1Y%SzZ4|Y--yv$z{CXfZ)BjKJcs$0MpgN?@pc2OQE8Z=piut( z+o20O!V9MfA7;}xO$apiKtbu)8d=yeF+zU-{d;iVBG_g?LqSo)KtZAX$M^i`g@SUn zU~;muHP^SYGG}zQwD|kOdGBo*%fJr>KY@ZG_>YHO`yU?Gu?;twA$u50;0)mtlY#J@ MnV0aDgAm&P1q;+#asU7T delta 51797 zcmY&;Wl$X2(k<@p&IEUNcXxMpcZb0}xVyVUaF^f?A$Wiw!QJJNbI8aY? zyJhv-YrYJ8u?-wiNfsOe0|W#F1_ZfED-p3D_47mf@sU#;7WDJKU?3o<$$)tbU|6D| z><|;iNT19f->j0e@X$JB8i7d2f#6+Tsqu0o_3c>RU)av=sJ(ABw8xTwx?+e;zO++MJZF6?N2y7zhGW0$oIVp_c(Zc9m_g}$? zd3-5jRf&eQ?$Z|pE$N>N0VCuq1LBSx+JTh6P6v%^CqZx1R~q9q6=t|JqK*(xPp+#G zxvxRjL6*3aL!u*jG1Ucd5G7HxE|(2r`>@x4UnE00u4 zsn_YW7>Q2x%qKmuc}Gx_@K`?=G>M`T_Fg?m`Ksh1%m;c*V^DV}z}D;p#OZ#YG4x%i zi`V}E`Tru;3mmgh;4`Z}Ft2rgducP^|TQWAIDltOn zWW*kv&wt+c%HMX{_99yO=>vd%KM6l>Baq7%7l9j_geS;nrrxg(A4}( z?R~rggloX2Kgd3Q?L*Q@oBV0(o5b%o@o%2lLq%JhXN>!%FXe)-G=0)xRv&&oKhJf( z@CgVCq(#gE9fc1Yq6ZhW36#)DRe4aF3uNgkwy-gCNQ!u}?eVO}F z-ukEfWhLO_(NMgPWZ)(I3HE)XIi6GJ^YwaS9$O^G6s^kgND3U13#1D~;Fwi%- zSOW0&ij|8`>@fYUefd+5INSH2JY%2Ff*ROC6sian)khFURGgu=@T<_;N1&#CbOb4ehk1~ z*{NYI(5Z1;yR;2?K9U^LxHDxnMGn+U?Xu|VGJKs4SYdcy3&5xs+#XRgogdc$+3thv z{ZRIgr=%4t!~}!VQRr*KI`4+7`Pli*@XC7mhJ5_;XXMi)N;nG~ovwUaH_I~Q0Jnhq z^P7ME8U{M2^*_+w@z3ZD_)1;ElWBlV7`#ry81FJ# zv{OCzd4KRLu*&#yuWUD$JZ?pR234kkK@3m2Is2`B9O%Xn2Lr22==eY?!49lRJ}6qG zd@-jVT8p5&*!==!L4t+w|?EU`~0q& zf~WcTY8=Oq!JVQ{KPMU{a$_m{vGRt`+wIpxsY@lV_JKXGCn4MTx7^lty}lcqv&d&x z=R>Yx!#APNhp=aB$xAS)5zirB>OUwe+mJ`^bmZlxK7t`==>t<{s(EUq6TdhEOCv2H zB{3&?#gaOw;KKJm{7~!>d0V3a19)h5d|>d@F*qf34BM07K1?DkVQ|Nl$N8-zzOIc} zg6G4fI>2sUT3~h=p0rAIPX=zr?WDxp7p5vdI#^jr6jG?E$G{377EcOyt&cjC!wsO} zZ&)HwT96d5illep1MU-0S%Gm#BReix{)^(O7Wt1v^C=V8#z!gjegq8!ViND z-#0F5jeh#eM!`uw#XsVKw1B`Et#OooOjZzr65w{zql-{fa4Yowdl3-!;i1kte*Gmk zFr&5G*Drv}e!g-uwJRAs@M!Kw&(&JRtN@@}_yQJ%<7{#0y*cBq9VoDLhDvzymi(w{ ze{%l^srWEg>C7uht1^J*%;t@hSOg12L?l=pRcNe4A+w!bId>01S?{ny29E@!c|v-o z3MjHsCJ;&o2n~g>m1?+xp$knxon;c6Fzn%z2)B3>NkBm46_=&-}Y^}4qB#{ zX}wn2($-k@vM@Gng}&7~pLl7FD6M_$0rr0jaGkO3%lwuzn4Bm_swx4ND@3u?069rJ z?5sl~lZBx!u3FGt-IYSwK4E=dBG1>r%D1;lemmVO zT1J{u0F7``YGR-Ty5oqxBvq047p16gh`aXb#Z7j&liukq?uX)~7-Hm7O;F_c`NICtcS)=79rWKv}(+krYY?$8SV6oD_mE`NxcQ04k93T+1k> zn^SD6zlwXYW#@qwDb?+UYcJ^xF!Dk&FEJ+ase;yEZro=;!N>C0#9Lo%8Olp9)P1H% zmmOJ>&NZS^ouCev6*964Uu^8sA}L+b_50j?`;81S){g2{0FZ~2@3rA0 zRNyef^#F(y{q z;jq8_b!6IE`K!x@Am2kVAK^W*dCD1{RLhK+Tby8a^FtsOnKmwL3j=wX{6Y%^dkYPU zJS$ra^3A{$Eh>@TriofQqz^R-CU7!fp{OR6{N)*kfs1LXVDhtt~`iH9xgqrGVR75EW3=W}z_uFquwBV1)VaT-1kf#(qekU|Tt=%0$(j%?OaFAh z#G3x(KJ-V<v3jL|?ob+`6f-h*UE;Y4Ss`-NQm4`zbgtkfL9DA`q!bqJzrxZYA3 z{qj=5kE%~0IJ+;mZ>xQ|7*_4$O}!hB7eZ+9z=;G;Ff%7Jn#*bKEE;5{Jt>lCk%3n$ z(T0tJ8UkfU1+M!_lW!(PzW(W&o6?lmz7FcsYlw@-|cXkV1>QskssRJOi8J12=`%JU7ay)@S?L;6h!`9*8XkI9BC$kh-2uZUf5qyajfUNNRaM@ODTvO|Iv zD!nG{XJ)SBi^>9yik4I(JpP@s5tSugWb8E?U}p4#QDp2ggJS+iH1^x0MYO&M@T~KX z{wR^^cCYp=#1CSDl!%vmF1o?&Z#QpjscDpd9*QG-nlq^ZO|y@LEQ5h#?Y;$3V@aT$sG;$%L$s1UzTy5DG&9=oS$ghHt;O@pMf27S*e&p3nUete>?7QY$B*s)2z(Jj{iK5AFp_~vQgnu(nh+xD@3S9co5H^xj zWwRb?H~%Cf@ra zj0vV7GXE=0@{zT?VBfV%gWx+nm}xKgD2=q|K6?%UC}_ zxV0;}FBD&TN-cujz<{~n1c4Z2prNzpU{=$K@5oiHa(%dMpRDxnH3r#*Vm zh#=hGX1)#LzP4}ss9JCP^YhOX_8X+Xjot%JGP_v-?`}UmbpZmA!fT*Z+B+a;1yVYo zey|d|5@%|_UMX#Ox2bC$+2NO7S$xJbkdT(o!2dI{z7JEafxc6;gv`}&nwVtxC&YCe z7dPW5r0)^cV2o`>8M@RYdE%0rwhUJG_cUr|S%B4^`*^8H+h;95oo(v+YSVee6xs@1 zazK}Ys@X^N;g;@HYel!^$DJMGF^T01q)@i-1M#r2?@Vr;ef=1S=dNxy?EJ&j132I> z1|$TLwj@q|*TkwmbLH*&ym{<4Q8w(P}NyylGxnsANKc{~`ea2~@x(=NF++ ziyl*HAgI{s&IG{_v8Uce(&vDTsF<6GQS+ASs(P(U?Ferdr z#VYvUz(j0Owu2`);Ez1i9|2A=5%HFs@7eMC8F=-$Ffc}jM}d4do<>`v92@(!4dGyb zTsfcNJTk<28^w3FgCu+O2Ut(lSauAXc;pvOk63oD3|Iae7nP4b*hK*zueR(Pz3F`o zG>l@i09_#SfyOEYbPMAzQmMMgb_T#7gjwOb&l23t9>+w(OQ7T4%mDIhWMWYD62@{d z25vGrer#^4dOtgLpU8IHfmp!B6^y=&Cf}asn}-QG60t!2bs-Gg4qn82-B?2T>kX80 zw62p))~OXOnlVBc^>`ei@-? zpHw;sTsquQtKoj8!@{J(5Gq6iQ7uCUCsfpiCWALMo9L9ad=9^HO@FzlYkynH2c56= z<+NKigB;n8$GUni5z2Jp_z#_{M z+vs3gnh|CK{q)>Xf@zfl3;>CP7fAGR`FISZ+eAchNEN~*pNNe=1-<}0`yK>H&b!uU zHQhypXh{8mk2PNxp{!HeYK`*|mdhA=+ycG>J|I$RoC1L&BRAUaeBxk-uti|uC>K`Y zq3(%4+;uKzbgdrvp`IxJz3;Ct%CG1IzXhivUo>a-A#Y%MCDIPTf8IMVG)Dv1I`G%S zqG51YU9VYS3L5-hcZqlZ=$#_Rn7$eJ0kw|wXBzKxDzYkJ701mw!!VH>+3t!+#%!as z%L_sTpz9&koTD5MzRArMdFouml1Ju2cu8wyLv^3ujNz_emnp&%EE)`Zy-|UIO`@-T z1M^kzRr_}IXzg1iSP}1EI{O9$t&HJ|-5(jopHa!|2~S#if4^-IyiI#(#X6`1;n%iv z1i4u}r2GWDaKWeeN}s5ZtF3#wD;RyroDB7cV;uR4R)G=y#+}Z2w}-*~SN^)NV89F1 zKl2~5_$MdVSW^ZnWPQ$LOfYIq!j#<%7wpe9X%4Jx{6Yw{PH5dlAay>IlQTuB5uExY zZaLh6RgrAGMU=$q`$bC<*kV~rAr(5`!K?I*A@>R1GJCmXZarr94@tcSYT+O9Q_oQI zu1NQY6}xELQ@WW2mJi*wGS;AJ$fHpho5c6Cir|=B3F2?(Sa;vIdS`rZwQ2%Nz_r=_ zrZ63zj=8ux2Sg%Jg~G8pt(awxUM8DwvMHyeq{!fZM*qXMZpw6c1Z1CA=k|GZ;+;&| zL(Wz3byA@V(CQv(`f-e7S_73^`$QgHJqTDb7_Qun6-(~@th*f4%qxn#q2)-^f6%7!yvD^yf^}#UaYVPC5~g5bT(S9X~K6m zJLIwA80;dU0NB4hyDu~`4I7qGImY`dRXID2RB9p3A#8ngo%uK7|Cxj&eN{9ORm13m zh|sl|f>!=KZde6V>0o;icAKLxOg46wLB4JDf!I}U@ouaE4wyFuDm?tq9FTwyUFjQn zZ)PELP~r8{tuP){l|*pmeiTs`n*UGuzQ&7`V@R?iwITAaU!@@w3?|OZtUK<=<-1g> zqECr^uV8=22PR=6T}lpr)na4&QbETg+(LnY*&?05ROGE~X+Hl9uWFni2=?Ec#uyW%dvx2^Gw_3J22!%*5)^BHOJ>7reh{gU;gD-*C^35Q#97b+0}HhnXtsq#BcYpT=cd`9!KC+)@V?8Eg)$O?CPo95!j+?PcQpbhv9U@ zIV_a+PrxTjrezee(hAGSwLtWB#-iZ~O0|ix$@0OQLq!e15KVzJnW+K!e$b!Y_G?<3P4*;QoGz{a@VzE($_iTDI zu2R-&gXh*SRGaM%z88+Rk4SubUeF6h*lBd9Ut$6(h1q5Ez)5XgeEv7v^toMXCZh72uPO)aJVbJZLt_0) zjZkx9HK})1f7Nl~{lmj$-Ecz2Ue2HytXwYPgPL{PGlIJ22z)=hiW&(6klTtRiJOY1 zz(&@EwS4Hf+10A+9)Pc*C65|UI{VE!uHx-&X=29cWz?n1_wI_B0vAs&qT2YUzp$4w zc1c>`-wnK?8XY1LVe^X)89^%jLB+u!FNHbad1;cFha2VKJRq)CF>A$ZRLy&tW;EL= zsq(9dIwP3P)=AzoS>=4n`i$GwVZ+sArv9RiJx+wiZ!ouzn)JvQ3Om->0UuCxy(D}q z5>C$zLNxfE4F3=dL!?cBHe|{t61RX%GpDhozUD)PY6f~SDG8q-?0YYlwU}C~_|QuK z+|!vuOi~y6yKofpM%RcKB-FT^=@}fweW`Akx0sm2UmyVs4&@Ii7nRnW2Bn5mKl@&w zou|6F^MfZK*ddmAQ%a0*+f@_GQR9QvE$GD6JaVSAaHF{imvpdz$Ron4Dx5@1z24lr zFa*{n1gLuf1{=6nB^1ADxTPvCl6k1$v_gJ`u-CCX19lV9S!u}Ci<6$F4$za2$6fh!dZE#4wv-JFulcXM;vS+gyekpGR6!k3#DQ=$*-A+PT~By zx;*5P>8xV{MORxz>mAp=$^ zCBbq=ECZ%i5@(KEs}%#MAS)KO5-oFuQOMyK`jBs|aG}HVwaHU z^QJ$fVjN(1NGCgtBg(i2aJRC4nZd~NnpGp~XbX?%y_z$w!xzF?mOkpdekRit0M@yU z&h4crvFFF->-9?{%%V5u7~AE9tbkXwlW|_^d$LTQA|x6euJbzP3F%dNyM=z+2_RjBfTT5cpX@LYAp)i1w^g zO3I6H^GW6vCJV2mblBf5qi?3N)y(50acki3PVX1=+4GqX;iC_BRd zH_2+wsHXD;Uh3i;9nngtWM?l+P4O?(>5oQW5Zxi!!x+x%?GSh^v$MGEh#tND(Q~^C zvOzoPaiFA@m1A9j6vT!;)!j_sN+K~2NQeBF8x5K1WgR*mC!GKNCv2%sW&xC%hQrX z>BcrPsr~_#TC(<`v6hSc;yZNuL+}Rd4RM0|BE6aANK_XnkRvcAb5hQ~cCK*tR#?uZ z-Fc_bQ)=|lgMBKDhDN2G2m(u8+f}kFA9Y=lG$Mg#3|MRu?WT_ItoBxJ4QPOt{x1g+ z@0H2Ou7k-+KF2_?KLYIdjME4ga}>mIahuTbQWYR+VJn_8r^>|@N!mZ@YQnvvGlxc_ z1E?N(aaYnhzk2RIcHuoUYJL{mBcDvSC@#XPuce?2?~)o~yt^Y){~*|-9cyxFXuLt$49jcg3}-2sD&)*Ma|rmrSyhv2!&O{6%w&K(IP$6FZq1 zW(+pQ3+h)&GB=m;XM1K5q@1D#n-ge_c=6E8_G)_QaS6ei@r7iFgS5G=dg}@Bau~)x z3>`*jI;gDrMiK*8aNYpCb()-8d^gs01oZ^}oe`9T3F|avW~H4W!;U63N0P;<1#Dd( zminHiO>I}tan|h!NHB%^7b-XwP{rYT3&&|&)m29P@`ny%Z*^7LFb4j-@Ysdb)bLiHp#4$%A)p^lr(2BB9P*OuU8DU=7+vQ zP;-_(pv{5MvrBX+(*^%njjp?iGw?p z$xj87Wl0CSyNQ%`Wm16_2IciZkR^s`GJ#DT0Fs0L0s%9Ye!FV3@rUw|lxNY(3x~|L zEyzV}@S&|0qk_AXrh6hOYH(}Q0yA;27Un^;q&Aks*s-&E9`gz`PpYIXT^U{-&fM)* zu)ijVz`qPGq!wE=hlF7QhsT+oKtEhO>d$wTZ~P+G3WK9&Lmjb$d0>hu(2A~(Pu!x% zo`Z#l*B9-~AtV)S!AL(QymweT(5Z;9U zC*hekaD~^4C(X!`u8%09uzB*EI@MTaOoyrnuwU-**VLz5e_nGsuK!4TP(1g1tc27N z6!c#0+|c7ap76z&sk^hZh82A+dYMSt~n_ zXWtmJLq56uH}jX3{kWfl{W>B$7#7I8e-ajcwBs~E8&c2nf!4L|Zn$Yv#&H6pX1V)_ zvqr{`8@7E}VA&jKLyxxM;jqKWfj7V#@K8(UyGH~mT%T~dCll@AqZVzZEx%qIG$jfR?E8G9gXg|+ zSKsj44H%bH4>&n3DJXcR`zX+Af;I&%MYv^x*4aIazG z>XPc1&|mmie^_q?+zSG8wy@VaWEsaVy*PtsdSH&9pm=fG94A&QkCt>L@SE)vn8aOV zbHRekxATy===Uqbv%`_?$-{`n41Z&jnhuAo!(pB&b=EAiD47OeamFLs#fZ^7}$>mL?7Sq&is`5lk9z6$BdSqpJ~FZk|A1w-j9{sU_bi7i&f?WJB2E$hQte;gCNM%9$G zODUb~e3V<#%hRIda7O=}C12!BUI$~Izb4uy$QKaQDyW*ECob%QiI`B0m)6i)MVo@H z9$nF{sH{v0rr~UGQ$mQlSjj#47+?VHkVB`BjJ;| zG~Vra4?6w+XQcY_XW-WZ>4QezAd5;G*5dWS+#4-I{oLIAW>LY`tJCjM_xBerDd|JaRHQm|IYi7-XjZJ&^qpPi(Y;5I(l)hmW^T z{N2-!WpM*hRgtx!oMc?HKC0Xk0u+(+C=m%Bc1mv8$IC+U31Q7)Vetqqe9u}KRENr@ zA*PRld^-$r-DTS6?I)1?F;Cct)L=qEKvBu0acUhcXFb%_B! zvpeW39Yeq*>|e0E@G}J<*0h6Cq(7iMZw^7uHrj5@vg$YnFY%87@E>A*fGT=lj5I@1 zGep^IiU}voo4PRTx`P6{RQsTs#bm}*=Y9N(2H5&`S!mUzlX?+fF&TF@YY(>zs*jL@ z!f;1Kp(T<6(%(}}jX&|s-Aueu(6q3tS^}7@eNnc4E1xr@AaiIu?ZE!t|6EoPFJ0uo z0c5gH02$hFU{$c{Qn}2e+@J0N11~Ud?thyHqM~v)0p37r2VUNwY4{HHR3CF!QD+iA zgkX3ZS|}@LHaXUeR^pKz;kT|T&-_{Hx$}09QR01^{1{EhCTzxEgi=sZT2oA0)536{ ztH46G^p_6>FVCUzjYv-b{3m;46$oik1^Y!B_$0*UsH%oKp}Y;N&mmI&Q`uVTgJ_of+5cb~Y2!mtGhpHogp@RuPC+<~0geWCjt)cO&H!^cMt{q2bR{l9>|FO&6$ za@gz_@qL0(5g(5$Z#R`IID1PnC%8X%JdER|JC)qfQQ=gyKX)~p!oz~5Ph9zDS}hGo z8Ty_?A;&4gI_3lVnUh96msK<;Ir~yS(j;1H;D&LnmA7#fIKuaq`V>K%4F0RQtYR%j zw%{lib~Z^S)!;b-;DH4f3a?Uk1cXgj%z8_nMPY&^0LjpD%|M7C!5Ph2!+1C|#2Kur zy@ZohK_WW=ePa%xv#Wf_K%n&yaTIy|9*}=9TOW7!hYa69p5I967IX2;klf@_z{Q052W#ZS_S7zcK9wTM3SfcR@ zmC06#M264rl+?)M0HCtMT_!+;g8RpWzDqtvhXy514?KdX>osNL5;udI8kT9EkT}GQP!VFxE2HwfW*BE6#4$H!-eMiq8V?*X6)Y;Tw#J>8K)rOt zF>q>Q(X8NBpBhP?cb-THc-7av)M!tZ0n0Kgb0w?_f6iKq9AQ2u54Hpp@#pCW>Lnnc zIlB)f@Iq5Vs5y^2P)Pe#+CR+X`Q*TwEZz0vN~JQPCC~&>r`OUZlJ&q=$F~k17vmn| ze;*HU_CDX-Y#9Ca3!y|N@GmPhq>Z5-EUrXe7vB7NMlSgBMMYLYI|o|>Gn!{$IhT>8 zj98t^z{V0+!G18^YQ>JYtAqQUj=rU>8r=Lk@lX3)CL3I1O+i-bL0r~#oMX@K{;CKi zk0;M$eRM%O5yC%a!^#gBGHx^lNW0tw=4n*t1hixOXIL+II!;)PS94WGL#xbpXDihKuZ->#; z^ODW-C+T9g3)A5RC#if5V`8k`Fq3z&pYkBAQfQ_odWRwxmzEAlw2-#xjDUqdMesNt zP=!}E(UM~B0$zqIRS#3|8*0q~-2?VF{^gn#3Jl+8)va7`GOeGnM-Pv+h+A!5L{{D< zkk?1g#=FKr@*c3CJNN#)t$HE+7Ws4o-sy|ncR~~P8I+NBQOH^rH8pclDQ%9a*<5n~ zHdxC4o-~0w^wIDGywRmNvPm0N8jvZrxuF{fUPn4B4v8s+X&y}>{=z}UIr;mRhh7Kz-oH$_h;#7VARnGS8x5q4d;ka{ z3pXQI87S=`W1?vF?1cDU2AkYr<_8_#Fyq49U}5!9Ru(OzV({AVKQ!#3D+TV4IeXubI^L0|y%PmuWkOZm$)IXC* zE0D(6WiDZgJkdR!Yqy(5Y5P&}{>|2ESDYq+2K3)mP6|^z)yOc229?iM*taN-k5x=MvnihXWNN`=kY~D`i7N+o4sqjianHB-GSH`;lkS`{Z-<|( zaewKZU?_Q&G_u;93sSjGGt4b%dMpnX>+_95b5p*7*<60}7=q#z+H0)N((l~F-}@^g zfMpCNsy$-RVvhg;^`Be$a=p*nFqi4yV`mJ7#tr<;Dac3y3Tx!?6il%ZNO5y*%L=+R zGW%u~iyE(a95R>xf{rJN%KcLl;PM%CiM>l4hPd{2Bbt(u9G^)ld~6Qc26b(6qYnLk z$b@thfovGPjF5DYs&+HO?DSu?zrJ)2KDWW&uh+f?-)tRt>+Zf^v0>Cagg{9FnL)^D zu?lc9FgVE2MN#CNAuthbl?+j|e~2C+UIjx*eSZJ1XeF`;r=ebmITD8z0dL35PxVDV z)2we|C6$ZcdPT1e26|No4Oyzl6NQ0@5tttE@y-}?QxSu9LnpNl==T7cj zHD04fSvpUGA1)w@18U(uIC=eY_{EgrkJVxM%!V?6uy|t%gnZ-9$b=0b3Hl>EmU+ zEH0@aYr+zUj0T;M&Db%IwQMZvhFk1l_+1Kd1{JuqIo6|dqzm*zq%dJ#uB#~ z>jkU)!gtW289xk5oFg8~+>$USzbtPPvZ%M|_M8f0YCeS2RiI$aVmNyzoK@O0#4%pV zTG?hIhuOBmZ9a&Cuc?Sf;(%2Ap?ADuVS@mvz@+Hk&x7M&AuO+6CRUv74A>L^sQNE! z&{0cR@&nJ=s|p7pv|MU;I7JF5pln*CzicUF+I8xbCAd|s_pXDi68{lX3$ikyJ#1d9K@%qzG{G{ z#n%Pt4kcKlwT|@SS}N4N2%l1wc1OGTFfi_1cBr6u(P%YAo{7pwLj2HedUBrstOlr* zUai!P*2dB2J)ZZ(RmI#aCi#}6rY;&JcC)jPiC1$zIV*hUn(9}Y9+foAF^)H<{FXLHE_wip##RPc=(JMX^dbzV;rrFTZZ3GC$~y+vXX%V|O$j(nQ0mXR%Sk z9u}T$QF;au4)#@hmFR1SxdSVUnPTt8`K6mf;5uP*0$YpJ)bcN zKaKHs!ykb!M3HDP#0t31MGIl3Ym>E=19kLu<}VbHeLHv`8tNyYgGj)<k^K2M*hn3PXSTf3d z>vD0LL^~)j%^~?E*<02x7mfRP>9@`wB1Ui*Bbm&;XFe|k1EY;|knQ2z2PT^LISj%Y zzKdoHnFeJ#che)5?DC9pG7IOn>L2Fi$F!Xd-JAM8c2@|t+&Lnz?^&nx2f>%2Q(Bc( zCscqSOh!*4*0CfUVmRM~3VR^seeQ@XU73fsMx?80!ks{m>*06M zJ)II*t**NYh{=z=crGKoPLh@}Y$wPP67d=h98KUs0omVFs^0_~nGWb&|3*nIQU3Nx zSpw^MvVOd5)}{K_wNeW9P7N#K(earrIms#17ecEfe`m6CPzdr4D{vLODQdnj1q@)Lt>MNa@aCQY2dK{DLEhmJW^E5b8mum=uwLdzctz%PhD zt7RH#JO^N~GzxVae>4)R(>-2f8}hNVO>wOdxaCzh*aT%NkjU05Fo*vJH0T)9&U{M3 z`(EFs+XcT#GycH0P^kTS^KPXayA7^T@_NSD=fe`q7|0+M9Nmt)quqVFz699Bs_zjqMKac02TVl9UB0Kz7u06jNl zex!Q)s|OU`&~L*4i~lJ75tmRXdFEn{~Q@Cc$oS>DN{Mst{N5v_jH6}P{&}a zvDT{e=|@uKZ+;**W`6O38JU(;vdn(PzJN-_hL@7GObg7qW&P~>J`}U6LXFFp@L7hu zYoRFwGQ_ZSn!&c*5H^Ua_9+JnMD2s|!m~BeuIe-Y;644D$NH|#Q8fQc_HjQ;T4V9= zLTSiU+UB5XiZQwd6L~kgsmUZX_~2u?;7g8#ZrxVL8|y%RMsRI`|40WyWx9O2sj^ID z9x&IiLeip$82RBGvG0I3^hm9a#D*O%@p88f@iQ>6cjF`~fp!Lgpk%pb{N^bcmpiD{ znSfI3XcAizTE1%)dB$IeQWDWx+X9utF|4i$3ID{CtVBbO}dzM>&3jE{MxNgNunrdddpYFH_ zHc?rgN+sX~F$-1@jd*O|3-h#GwL$9K-02>j6}tkJ z+Y~oegKR)B!xyJRj5T*{i2cVId(E2B*ZkS_=eFK+NWAnj!4Hv@b8mHGolFUhwZWwr zWzGsOUWuRt9{%s!MPU-}jJ#hm|us+AeGC4!VAhSbTwhgR(w5 zkM$Dyn)?yDAbRrE;yuXclz7=4MPgNXt97)?H7WdgcNeOkUgzg(f9JDyo^+LBfkfQ!=g{5hI1*!c5{2$%HmLF!IUg9B|%hXVwx9e(;=~2!di&qWC|2 z5IuBhzI*GDD&mzn#fRz6c+^2)y3+GyAU6rQ_~G6pbJR0C+N!~PpeU!A4od@53*szr zYZuB2mfBWsw}@5-{SqL-{*l!`Dbppqeo}#j9fKLf7GOB}?3SIDY2libKe<|#SSgC| zW7*W~B08(0i=}G%U{nC`EG^l^aZHO8MEGbYJO~R^_|Sa2`JIQM(f*PcD4M<=S=gQcY&kQe|asmXMI zONSp498|>`OJ8O%D$GkJNLJjfx9~9(p~dHsEdCxT&;qD@sIA|KR@`L6ETg(g-ASvO zViY~elj=_W3V>Xo`>$z~6j@xP}SS$Tj28QD^h;6xK~Jj87CTJkh(Xdt99W z-`WsFR ziZw@Jz8_N49PnsZ-o*1>$q0EP zlSY6U?nW9zbE>eVnNYgMrM!?6cR14D&z}ndU1D`iF+?XUE-xzvi(Lu2$cZ-PZqtIMD7OuW*h^BoyH7c4o!96p~Nzv{&p&xbMjmS)^-b|=xUX0 zv?i5Dyb@jQ;ITV#6VFkTc0I@(+_S&oF6F8B??M388@is9|Ito!E}m?6l*b{l&5FR| z#1k8%&P-nu?U~v39WoL^n+}x|6d}>ILF=R_VNi&gGN7_-8}TYKNeHg9(CK! zAaFA&FEg-yqxo?xw+9!JIrb@`@K-Nm~t!|3SC$tp48cpF!-?9QaGfWU11bKfK~S_ifuN-t2@qRu+UP@#XI&gw=VXI(|7w#Z~M zmVWpnHQE2?0Ale^jwkpgdlA>3bvgsyP0gM_9F5iM+8sU*^u|Sdobc-!heBsgQ@&aF zYP{I&JZm^LN@?dULc`ngLk(RgUK2wQK!P=TBcLIl8+s8+%|3H`s->e6ShRgFO|Uxl z00kk-dF1IjUQ1B2`uAuBt7Cj;6tm1l;v=Y-im1Eoe^6%DH8%F`w=lPw;JBrl|Btrc zRc6C~4`$1r(@Xq?q2V2jRq24nS`gK$=O)>(gE4DI00j!miH>AhG`N}mW9HkwUz&(8UtKf4oKTWcEJejC_-{K`rjFJdG)&M#%c8|f9i-8v zNJfUINQ=G#hjgf%-W@)*)3w)}x(J6uvCfJG@;4b1l$ULF=ts}^aj?sQ!?Fi_+%Zg> zTo;{%H5t)&hZZD`92%8<5(rPzQz`WbmYl8{4neF5bzpyY#z9=_$?$Ik%edG?Mr*$Z z!KYlvh!Uec!!YZnk-z06n#7`@f$zBnaXM+`X}4goWK_ zOv&PgE@Jr6$|Kcq<5iPQM@>Mx${lf%1hN043eBW2PP<;wFnRznBy5^=7~)K*InQ9d zzj>IvrzS3SrG#)#@!J;CMB!RPE<_RR250bB!0$#YDD>&&z`MsYUDHbs@^PovFT*>t7B&KJ~J!Z z9T79^vwmj7); z(#kow@4-2lb9#;SCDrTcQe#a%W7;El*vX!fWm|lrqzh`k=hPe$ZDngm8V91f_Ib3S zs$tlq@C<9ZJ)M!g)gip)>nW~l8%t`(E8B{|?0y6HxVbv+QLZNg_AvC>Gikn!>-qCO z&g`?GNQklfsP>s1p%a3d|3}m}M%URrZ^yP8+l`$zwr!h@)igLsW2dog+iB9+ww=bd z-jnqCz5lOSvsUIFUDwQ>y$=y^c-oPCGkpwke|TbgVduP_@hD|&lN(mzF6dSvMyqeI zmBF^&{F}B0eNO?v_B!PpM( zFnrKChGwTJ+FSqr8_U@wPPjfE*G__QZGcdi65bqe--eyv3q$m0t))+chT+Hz1X0Si z%Z@iMwu04Nw29#U$5Py%AFSRPM`?sqB(;nZ&U(7rLK>yk7|ktOm0maWAV}+<3_&vd z;DBX)hf~3D41~^i-lu9OgdZ?a6Q5XuvC3jo^dny$habZ)9QT8b>gudmi3+2O41tkJ zS^W%6RVtBb6R6RTX@Git8}?5jw>>fYXD6 z5=H*vz8_9a^ymn#)PdP_Z@o;HuxnZEZROVCz2KTV0~pBm_)`a$zhv`SqNKvdcKBPd zC4+cIse->U-3wTeZ(jU4T(_ym1AZPRaId7J`9`YBd8fj2rs%TFwd)r8`r=}NwH^5h zdJ#-7DYF$9hG9Kx1H|Lz^}+tQl|7e7QZ58p-g}Q26Bs|=ec)mnGzTT8N$2Vy6m<$E zeDFni0HZN&hO$dajM~wDD%k()mK&&P5dc7<1^lXS@U@>+7V(Fxq+ICrj5TmH(9I$u zl@1r^$NM!`ggxh8+PSPTMaMA9ci@*nk*+`Oe@`=ZTw5iwA30_63e<1cPBbeJNh1X} z%Y*qoN*qM7)#oFec zH-|>fN`h*0iSMAL5*!B2*egqgPSQ>dCLJ`3GA5-Ex?n+zg-SK^amVSdiz<70i~Ww%l>1t)+pXzaJq_NUySPm}^IaMYR?AUOFp z(=}#vqU<)%{0)v1LE5cKTQnN^1{4|L>*STOqWlo@Z zFscvMTG<>4EkHM0ve$wYiT$nAGIa}i+zf#UDM1&a8Hb{R;e;X$9C`MR_Mm;DHDQe1 zcA{82=c{Tm{jJ@Z1Hw(3WugkfMXIT-CaP^pJ#HUBZBD;sGpIN;6vM8XtP;Ulr{{wY zK>aV~pu(slB`$vA|2o%E_Yv*U$k=}@?DlrkYFoWK5p~v$1GGIz+VJcRnMouK5j3x8 zl||DSpjo;rFP1US8*Lqm}JpHeE5{E)30B9(e|n^OgCP#E!5vgC7n& z{xNl6HQrJF{G3%-7-UnflWXe%u;7nJMs_ou$A5a$sdKbd?3^C+ER&q(`}Q>Bz-aIL z4duNWOyF2KYN|2{vwf;aCPyG%?8F~L+OyGPv(($w+W=eq-?j##j^elIEyzXU&E^V_ zir{Ke-=j3~tj0a4oQm{ZrUOP9!~pc2jGA!3~9`iV)-DYB*|jdM$0gNDYf_)pe?lrl4>(5|1uxRaQGGrcV{N`&z0 zyREmx3m3|i;n{mQN1gXMw?Kn#fWx4aA$Eg14MKN=peV&v2yCTf5PXJ_UDY74#Z-^p z{?}qwDgq*eLO39F2lJt(CF{84wILBq#c7F6jagZ%xniZ{PILkX`M}G=p znu%NIP>n+`Y2Zyi8OpvTGO+8j^=q;07v8ls_nsf)DWq{q7YJ^)O^BCR8$X>PboB!G zf%1Yk*|_3L6bz}!e=+}K0YAl0Y71t6R+r@W3JNG`ptCIito&@?l<{W$(+om`{~k8f z_!=woF3a`Qqwt$ywK)Q+scaHhpmFRVcxjI$pYrVgcPO_brpN`<-~L^HN3y<4ik081 zclKYosc`yPA^7pURtVIMyLB5ZwiPdMYqHCJm%QCxb0`lyfa&=ngam&^-UiI#kH7#s zGKa6MIg7(03onv4tgigI!pnE870c(RJM=@}%X$_2i?E-;aM0g1!$ybQ_p(tU4~r$$ z%)r2;mxhR$Y)gO`Y8Y#~hh(ArUs>wN!A9?eXQAwJ()HChY!6Dn#dSl-UsNy|?Gq`P zwhU4`gsu0Ktt9~zmogzx7>{H?;{7mCC=Dq{6+~Ou=m{yoWmfUE=h0~0xVBhrXW*7& z(!M7C>|?7)y%q3nPx29|NVBW|M5@Pp>*T`7c~?|ko5L$lM_0GyvMK>~xPOt|9A53| zPVViqGT=urGS_yCwLNH~ppj@#I{5Z2zCYaiC$na6p#eslKHlWgmpyZs%sI`|FAE zOw>MhJ%n8`YID8|nu&g|_)Pqj2TMLV@LPP%FwFd*XCC&S@n%;mEAFgGn}@z3L2vut@^!tkyYfP8TX}(t(U&z&{~8pSCg)$Q-dh1H^Sh%POSP6)J5g1J zbf*M?%Ujefkm(V~7Aou=$eLsS3B{MX1pfHsG5cLkw*uB-%wevZSD9H^HVMW&q(O4J za|~%du9A0f#XQ;*?aLcmc!xowp09$Y}BA5%DcVTfh zUfiRB1qg(t*KP3)eNm_6od6D6WASZmyj6U3px^DU1Kky>b|VKAqOFqr40)6gdIcBDp#km1FL zEB!}$q?qC@s)FrmW)$?=Jgz(TlvW?3P1DKj5y=xV^I?gTk)z%$l^X??Y!S}z1Kcuh z*}h)8@nx}4b<$CO)kW=?busSDFF%gdIzTUf{>*RtI{`YYJZaccCj7?d25=jKlk~4h zzr*L{jMPotJ6tIwGS2YXu(m|{DFcdT5}FFjVn5FNpr2KCPd`0&-2(c~*MYdk`Xw8d ztQj(@XvKfu5j_Jlz_NRv{#Ml|4d*{V`>~oQiD6mrwkX|hPf7{j;a~(cNv;pdd1%@d zrbC7Ii&+nMgee`c13j)aUp=*p-&a}mwdj*xc5Xp4!+nl0>KBu2zeF!cz5DXbw55gn z2<{`|k!!z|aMr2>X|hLJ3E=TyRO_4Jk2Qj~d51U8qGkTUuAL|_vJ^hazxRi)(-)2A zL|<0(j(E=5%62d^4JNHn1VfLWGa&|LT}5^|JSZ9$k19w2^wN*Ku0%rI;87%SSmlP3 zeV-i_XhX}V-;Q?`Xh)Dk1d6NrY`Lbt{Y_C3_oc_0?aQOBVZ-@Eh2J0~gW7c!SR3(U zi5#onyiciSgl#oG&c5VG?UOr4mc@WVhrbmuI+a;`C$SOW9KixA#y;GFf$a#d=I;>5 z&FfzZgf+H(z&GB|Akhm@^nq?1k?2$RpPHgHV!Cr!UHoS(D*2W{hd&4JOcU}n_n|4H zL%_r4sw}oKxjQj>`wjrNj-42k$|4}j-%;F@NvmHvLZS$*PL3Y;$`rU~!!L@Z3-A~$ z!eF;ZUGe8%S7@Mu~GpvaHkG ztINI%I17CQ(Y#<`9D2X}zA8e*yqYrxeKlMXhd9+)1vgQu(Q8Cjx)e>JdsX5k5bqo7 zd1KY4aczxcYex5O;nwJiQQe#_)&Sry$X9Pj&o*`-Xc4oMn+1>xSR=*2lMo)j+varT8oqjNytou$;4U{hB-#kg)mcaNU`5aC-c=0KZ|C|>1&U@7&b=v!@~aA|NLhG88XvJt7lblTTO zib&{ssFuk#rdtV7o(ku7Jl-rKI}IpC|?0A;gJJz;t70Ds1K9*3*-WF zk+-k_-uGqNyL=#WJ83I{rP7H6sRWlc~IM|%6rHDSo#5!ThD~AFq zfIr2{39F}yi%$mJ9mNj@Atb-8f_hLf-UPNQ{8O+~0?7(io{0;kEw7y-wYdS_v;Zvx z-O_haqyo`ulE=(;{DRTWpx{YtxRB;vDX!dwi7 zaIDFXG{{oa zxoK&`f0gyq4p(0`WP6W5AHY;uAik%3#DgV18Htyqn9%ncn2{)KlSA54D>_OnbHjBZ z-}Tm2MTW?w>HJ5T-7DCFM(*lnUv$%Zq+;cT76W%;H_iYYSY~sAo;+s&mKazOFxh{H zRzEbY+sHrpmFZkA0B6RJ!9zi}_Lo#~D>;KQ*l}H+;0o`Nx`iqEs5CC2lpB4nP21C( z8)D+Cq?xJ0lH2y5OyGN*{>kF{E%+GY>343zjEzA^zHx^ej(S@pH9gBFvp7@Fk3Mwc zAW|!Tg2@HYR(f^7bd6~E9wPU~o}UM)fk`%h*Vb#T{&Lq4lqTl^J7XXuG{O=nXoF?+ zq3Ir2J@S)03$a_p7o$t*+pm5O-XeZuR}@(YX4F2w*!_tWsjAzT+9Ci^ixtvHBdFTX zec1H9v4Ox=b9;QS9=aj>Loh;pM?e!_7yvY3Akc)^)U7qD1J;Fwy)*S~3E3$7p-4DH z1^N}|>n?%?lY9fF<@hOoXQjD+_>&t@kBn zMnS}ZmX2*qnOvG_7;Yp6=P-yp$qFR&AKX=8iL*=S$5^3c&_T_S7D1ib2GLv`6@+1k z3>r%n`ES{Ge@V_6479WII-`Gv_>$vWv7Cs4TEHwqX8=JuCS(j!uLHz12d;qZxn;|f zv*m3`fwZkQYdIQ&+*LrA-4Nzf9HRlq$~8!RA1IMzu@D#nc?@DWBM^ z0mYY38vH+n`b~fe4Sp!p<=0eYCPj4PP7&5owECw1L|KwsV5tn4jhsL)ar{p8)UK?@ z%L;FTFW%}Z{!Nu?U&qG2B|BaeNC~narU4jJsg`gGufb+&5x=<`s5DWF7~3z7m+d|G zi&&?w_czHsB|vK-r--$QWi@o2R1$1LES3v`=iNhw#DKF|Q}smeJ$JZTNP$UQESok` zXqv4BumkBD$gbF4V$tu>_s&s@_%yOJuLY@&o2P#d0(JZqL;Ei%W9`Ml$cZ51SO8)e zkz7);m!eGSiY{sjrM*du*=!M=GT>rnx2ouj>96>s@}bpu2gvsAgzWtr#Y?cWaUp4U zGxVDL3rkU>F(OXnO49tXdx=Hcz?J{ghcBR9s(||&F0uu3_M^}XUzrZ47p}4wb1%Ul zf3qB4o@m(bu+4@sB0YZ2pv~qa;sBo|`iQ?rTnj7@$OkJO-dE0t1|2bJwNdm_fU#eK z2C>_C%gIcoU>N04sCgdU-?iY3K}|(NP)E51A$#d*Q{;F=;taH&aB6QmZF7lv*M>KVjD0v2q|kY6H%~0}0}nqeK|!t~U7hGO!UyZ`LM_Ev`Cg z8f@m`M>~S2f)P@c-;zg3;A75o2GsV0NS@P0y8Zf1en!fpiIAbYe%6I;(S<)1uu>#? zEH9xKj@S~14q(h_imVG`YT5K3bs;E^o)!$Zw~;tp>kzJ!FPbDuEak&X3S<36v8!sf zl?nKPC%PtKcq!Hs5G+uyIe_<`h>x_We@d=Io7VnN-JoSbvT_K#Gu_ge`X-srVhVGr zh&e6^xuF+m4s$zQ@$&x2XXCbVhJ8@fTHWua0{E!m8Qne^YOmvHJ6Vb7H1|4hxAE9s@W;ZrFa@CMs(etakOMC`LqRDpAn3+Z7skd z3S2~17(emMYFZFvxdIh)TZFsq-fGhISam2KGlfiD9RDe|W zskUK@U(Ra@yknglU%FP172X+%bNIG*9^>E(j69ZKB&y%{MpnwE*SW6bvU}FX?d34q6~rGs_2Ie0>dDDpG|MzNT`oXc0z6{O*iRi77%Sj;(V} zmj|Zs!ORYusEtg^R{8Bx9o3(Vl^dy9(8~;xls^=a>FE^#7{DGV#8+cX)>)#+A7X@5 zPV-cT*4e%k6JYOQ_~fvE;CWe(1Khc^BOEZCJEiQSVauq`>;`7tXv)8knhez-+Ggg5 z^+z~S!w8Ge822tlqTlNNxr2jw(=ihmitY_41XNlp8Fy|BI_(G6W_5# zIOYQ117M~3tT@SBU&`%3(`#`2#Oi(c!~Sfvwgub9b4q2=WsmO<+jzk_4>yr9*5O{5 zai0jCQFnMq@YnLnn|<*^%_OvUSGQ1Hi27X>I&!|=1%QFyrm4AxP0m0kFj@Zz7C^Ij ze+Gq;+NKswQ4Uw7x)L4g-rZXOO zl3OrVIG?@v;{c}D=roH6h;m1X=JSm2d*qG}cSR*vr zEY+_tv-IVoTq3hqvz9Kg6@|jwaDc{6@R&b5{45oYts3tJdWtp@Q6J&t@(CsWS@PQ5z0@NDAAc41 za_TFLS(OM6KI&wICN|v%GuYHMNuqI+e+sgB!O`_*UtO`^E>K4wQ2-S!6@&<6meLvw zy_QJGOH@6SRsqam=l+(cEt^~+e^m>|HY@rs=Eq8DBC~($$7G{1FJe{}lqS6}7q5 z{sW<(8Ppsews2;!nb3{<2XEv^QN;HPEyWb0YEnR${&3A5z7Cst_(87Y4U$^%LE;2@ z!GefR2mG%NzPrW@be8Yj=_>!>%b<;^H+$F!eSqFaa-B`p79@=$G@PP_@ z4NVaykRIgH3uKx-gz*5ccgSGm+9YoMamAI%mj&(5g4aPDco)6g2ArV3S35oQ#-10`Z{APCP2wS~!)J8e&C>2EB?fM1Ol>c_>Z>*) zi%pQ}$*=`B@_(cTTa0Gdne_hJ3#Bh ztc`R{g1*lL@c*QqW{x7cEC(rPcC#JB5bhAB6P?*5c|f%VJpjiY?7_t8%1bco$y6}I zOJCXSxM`Jz6a$CbHp>{OJLl@48!iabv__4Ou109d#XV=y(!m!aR66E)$}KX54p`MC3k)^ zk(faW{5u2!fEd^*fjiPS&SFi>(bY>FVg)7Y4FL~!en|>TDy*FTf-OzN!n-*n~WgabZKY` zt-ygrv`kSq-RVBr4_g3IqN^l;aOMgWYhxl=w@&a=^0q5%puumEo~15Iq~rj`4>01c#U^aLgI+v;tP`h29EsuwUfeQ$_JzfH zPq>XHr37aeH4-f~?8$K%Xg`-@ z0dec{yY|)>=~=wpOar`Bd`+WaDRXQ^FhwlnnK&C)n}7<@9)L5!ssVeCC$oA*;4H9` z&+9%s#mmE)l(We0P=VB+)%mzoBzOB(-&=_8`>8%>xCz!UG#OL%pWrN)o+i}!QVYd+ zSolB=-bOyV=&G$&7IVnWW&qI&;X)v4(gH{*u!9FDbLfErT*mag;~|rASMzeqDUO*= z_5NyGf#LK3%{N=zrbAcHTqw=5rY=GU9E4bZ(gKOft=fmRr>|YfeQNPnmNf?BrXmb) zYkwVJA2;wHf?Xo*r_Ba`LBDr=X|6FV&q72ECxRS;km2Ni>ng-KEhD*^tT8Ug@Y9Hp z-+gKVs4&uNWVcmZG-c0`j6gk;qQhsupsu$OTN>&RmEU;&{+|^Eo0^`#U&cIKpvLO@ z+A}}QlI{Fx#4!{mqD)v92%LyMs=%X>-Y!)z{`(g-II(P?A3smJ3CujIKTQ`~-E5Hb zLnHix*<0B6m-*IS8Zw~?JjYqn0L8Lk$xD*Tj!LRDT?8~J^g~FhWeg~v>tR=S@ zg~c{xZ2r^1J!6}teo)%XN?gXZ_X?kI-)oM0Vjgy$~G7VFvQ>gwgJmIh zMzv?fxZ=J8_~YAtTcJOCT1rWTG4AjLao@?pg#6v(%49Ff>{D?(05|DCnJN2NFkQL| z)SNKr6EhTt*`NT_y8-d59DXFwM+^tm>P{R>0kYxG>wd2+;+CPgnIlw5Z9E&lgPy?_ zalXqO1w9%vgIL{&l1hPlKn&QnoPee-3b7~nK9S#l95%Ffmnb%Igg-Lr7!Cs-c`q6# z&Fr894xsZldD3}fMbkq+Ft+f@Kd=Nl{E$P1tACwwhB#I#d`v8r#7|zz?TU2z#uTxB z$H=dZM7Fa`nL(HHPQ{-)Pn&ppGNY9W#MXOUqC?#dp(IQr>4dkjd#q|S zF`o;sj#+DieBAjDneBYr?77{FX62l>PT*BTH=t1zfnhwR1JMdNebyXlUM*Jjz5ab! z-f5z2GZi&@W$vgSHfpcLNv(xQYHuySKq?y%5HL7}HrYnrfHeN7@3k*kCm%E%ZrWS^{htc(3idTxTSO^PvamV3$7{Ia=hG z!Um!GD%R5gWf*%_m^5L;_vG>X+q)VYMY}*oudG7QFZRhTpZ0b5l2Sd#3&5~Rm)MR zs`A+`M@(KWKrc+CB~Ue+iz2X>a~fF+;EmUGOckV06mtd-9Iz=pDOMfiI62ENBaeu5 zY5k16{E|*nq|e98`wcQnBB)DcxN^ysaRtuf>(JS(r{v3Xh`REb+v@GBd(u=c`o>h} z;CvPUSVyz+N0%ywm&?S!X8fgvQ*_E;4iqREzC|2`vSGk*{sBt;H*$1lV|YmUZE^|x zkPC@Vgd-R9VBgrXbb^G%T7Bp+#w;Qy*u&|Z6T;0tpu{kpt(DAbNx9kUoQm0R9}N=u zeJu&&T;UadSJF`mjUPsV%M^g~-aOR7L7qq~bI{Wc#So|1N5av)s;Y|8B=FL-OzEFz zbkPj|uY&+{pc%fVP);BN(g6tI-yKX`gnBsl%+KyxPb>i%;VfnvDdEGH2=yZAO4!*@ z{4x2t1{7p!y4N*M>z1w6oN1?e52oOz@61xCmAG>b+!jlxP;dYZ?9v{e^y zpXtff&Mm~xl_q2^X$SRAH4)`s3vb_4?kYwjwly05>R%M6#5$Zo*FAtpR$2X^Ecuog z&nFe8=wd71ORK!Ii20&4lt8e~iihz@`$MP-zxf-!-LLJPZ|K`IVVB^7@c6EUjG1qxCT-7%mp#b!nqE30>Guipy7L98@Dg3!Npy5>NA#V9pVx>?y z?l3CIEsIH^K~V#(nVL)as}57liGhy3o&n0NFn9^m>?E+dgkj6>DzgQ%G`7A&6|bWlRSOSntE}WSMjH#ViGn^l%;e^Gt*co_F^kr zkIBHjJgKX+9nDm>y5dC54L$-up@uwSHe?_im5E|yW=4v)G;e*s31gOC)Q@dHBqL(~ zyu)8fmkoXkld~r$w~cG-hg~Aw1XL^H~ey7l5TfnM}hX(g0e@n!o!6|M7Fg~vdP`!xc zD3r|5ucudXa~%nnl6ErRHOD&({zj+x7QHP?fTwb0nYb9`PqTZ0NYyV=*^C(|~>B7-z3E`ei)9GO!6 zihIRynbaYNZ%aT8x=Oy9GL-iosVw3tOPBy>`>TjWKduXOtWcGqr@j295f4ktGBTPBM893 zs~dsNO(JlKAICV6HM)%_o}Q})Lp(~}AvvmJRX;rtb!-x2Zo^{*pk;1hg?7TLvnnI3 ztQLSqGp2P$gKY)Gp4b^OZ2RNaQuwH&4D|W8=6zS2)z|u`rc|10EFvK% zaKkVTnAAE`@~|cUi6YFO(N&Z#U9_vZ{iAUjVaWeH%bcHymFX=_|GHp8D8pS*H#gdK z4~~J|z|8>Mf90tX2-_7u0;Bf|`F)Bp|JIJ2n_-M!#&FkU78N@yIkRgY&x+Xo(>=qr zlu<}&?CtXI5AwdY%b(94hSdqb&vPv2Kl4#3=qb=q2EC^cLasw{6$=%6hcwKnwG^$b z59(xsG-tX)EId}Mu!V1S7p&&a78PaTx{?eZM=~^^Ih=9cR@Eq02BQecFUG_on)Z+R zzWVAQ)NMy7)UA3UpnNy~lKHf)+1~zw*5CY&9)C#6i~4W+0g@R@Bum0=cknZuDk-9} zSF3zV-L-|i!j&?GNS|d&q`RNSBHyd-ee@bRoLkdSav<eg*^Wr_JzoY zji;yqX1-F1D@)_Lmbb~fZSg^31lQl7q~O8WBw7^5=jCu4cC&QpVk?5zNrn6^p7kGO zfhDuI4Fk$(85G$IVL?7x9vw8!%tguW3Hs&^@5WJfo5IRM(<7^V) zyH%c0OIq@>9-YUC$6$Sc#>~h8Nc4v!Wo|VLU$%A^?kXGFq75C&bLIrg7Bs(D6fb=XNvfE4@h#hD~o6CdCoDe%R}W?5Wd|iceoWhKLOT0)$C>z zG~LVOe(A_smN;sO_4f7KId*HWvvM&j_YgDTmi6X|&9E`gi)x+ptNXUicQ?l#zJXZ6 z6lRylFChf&=MbqTs&?{B=dLz7mFHIF?K>aAO5tf+;Q;O&BLn+xdE)7>;WF{;l1QzN z%{sFze#_zz&XO(N&iIkF00LrQjgr~0t&OQiysO*J+J&MjmHfT4#tENGyM?dbD6MYU zk382YjMTq~ghHD(5#5d6@hxaa+w5z&{GKA-tZ}bH9O1BY``5WO#d`OVUzO>`>}quE ztz{ZkKc|U#7@+V12g!lQ7cRgc?qb4k3Vb0NC_Ev`p%$J_QlX6mxJ1=6?A^74470|Q z5{@hpL~;A?K?x<+hY!^ZYW?a&>G4mHmDQl#@iD~UWR4i(asI4`mNpLZFR^&{ydMw- z8%NBsGe`EBi3oPCqm_RTY_l0eg7rb&SyXqg ziuj^Ke^?72Cbc278NFYhoI9I-l*_aZ6gELs=@Od8gu)3OQV!o|0!$c)Qo&t}4#W=$ zA>iAw4=4fh<<2gB=I!hBBr(+X`Bt)$kjd2d=YZ{&6}HmR{?8;G$8p-4gm_VTS4g#} z?w$4l-O!81&|<5BCNX7T?_Siq5STwYVFe^}E>qFKEyQOopAN3on_j6>V5*$F3S_vN zdZDoR9#Q?iO7|4-0#^d@aE9W8+s}fy(OKKpb#DfDtdrsM=EGk_;hf%RgMb-D^mlCn zUa|?|JfQIL znWDxyBcA6^a!B7$1l)LKVnp&6jmxuIz`-^GcgQtSg=0bXTQ~M)j0xyCN<=E2!xqSU z9C!@-w@C$;Dv?y=xO7P*$Hh56(o)3QJCXf=BR5U{pONji;o+;S8;49xGZ}->dsTM7 zvFM7(o4Hsc_E4)2qG<)^$_?$?GulPlWKb*;vkQKbt_L_HQ(f58w_(<&MFoKlan^yq z&gG1uQeyQzd7^LobB72JzN-f7C6fBn1kxSVoU|1DAk?cx6GithwVF6#SJ=Xq7`x>Y zDGZ5kmJpcWbP@w~;*{6#Bm+%8e=Ka;wCLWS-ZjrV+C!K9R9A+7E(8NH zzdLuB0d96OG0G=I+3TQ7l_i}dqn=x)yuae73LYEbJPz_RlW0n?%a&|&C1dB^DNh$N z{3x*0CO}VFU%o2M9B0Ov8+-Dk*p}f43H(q~ohi8>f`3T(rFc~m@x^g8M7oZLmoeTa z@eWQkQE%K_^IFs-uq6bcbnl&+sEjf$1E|MR68zaJU=XKMb_`>G)r^#?6jQH=1gc*B zS7LuX6z|2_6{iqojsy+#sh2s~Id|;FM(UPaMPP!ci((1C?x)j`PfsF}IQZFQagL&i z3T!zoS=7P(NRwZ#mV@153(Z?op;oTE{KGPKfuXkYbbQYxFPqa8RGMb_7r?HH_LXRc zub?&I4Q@{%bAey|=|^KsWEs+ErFy11w1KZK>0ss*j3?96UJgsyq`Vm0qhJ~|+X!w< z58|DSWo#_1o{|zPmiRE&;O9d*5UDCLqJKp=hlM}F`;wmhkuVlJxN8zGFgBTUh>eCYXq6OFMO{`pt}Xy?Nj6B=kZ9jsaE5uhSevb-fhy;{Tudb zA55~qc}q{7Ql&`^i*Yp-3p0*@7G+D63^JjzmAeP6z7TsfNPeAN8R7N&`)qN|K69RL znGGw}FOTi;Du9f=irp(mkLrU+%G*;Y8~bs+WkioOi|W^RZj)U}oUNLoZYsRhgn=V1 zDLwSXG;jB}O-g|#eqVg*htLOmBh})60bJ7Gyb;E_qn$JoQ_EeIf%ShZ~m};rI6fOlg!g{&|tap?TSxGBe|I z4PfbY4cB8xQt}*aeML;F`dm-=g64BRS(k?mG-``X4-RFy#M++FSzk=sSWVODN(6)w zU0cvUY|t2#{|=;tn}GIylZ>*R?2X1{n^JU{($k34^v7O1XKUZP)b@pTFMZny6{n@9(VQg>2L#B>C&WZ8lf)bV$-mfWoP@f|D8At+cP&wH zjvi547qxyFx8ER%-5ddd0djLAmW~mhYi%>A?=pLXCb{6*q3Gt@rViLpFD&SL66}NV z+n@fn9dDlbCUBZ5kDr7v1eZSMItHtD~yQG1teK<6J!7)rjsXk(Cp;nFaT=?GythnGo-}^+3QAT)@ zmjq21U|iNLNwcDQKSp5eZpPM?{}^Q;AfbFZ2Czg4yFaivW7hKEn~+%a1`;wBNImw_ zcTVG))lm1Xhl(fr6iZo|vpD$1&P&j$hN44y-kPMfQA%R?yc?JnzI5x!YC+(81ZlID zf5LqQfehw{pVa=Z`J_%?plL`gk|lf*r}l%OVCMpzXcLz@YuMJwOv zxW<43K4+yMwp+~00%ywE;7$=|;L|tmJvJknj()Qr3QOcl-tS?%mNNBQKT#Dv#k|Yf z)8k9Gk@vewtNs4@n9|gM5TjG>sc$%FV#CpFY?c7S(`lH}#N*7N z7K+i@i3vA>c54Sd%9ZFwbLO(0_r}Iz(LJ4Fv_?0EJj_~Xx{8wGj#PqnX@Y#KjoF#X z3<;XB23ze?_`N3xd!TtxCZgyl@kuk2b9fn7MsVC_hPkUZ(fva#L5^OW@T~-ijVe`d zEWd)a37}hfSP6XYxtj}+WKzdjw7RpO6m3~AUGp|3*EDlog!XmxIm=Z&&Z)4v72EXu zz;9TBbG=pzaGt5Ey`d*4%(-ru-_g(M7I;Rfc;7uc%61L+`-$2yf`j4?w=%N@Z}ain zC2CvFCseieRXTN|)|5vA?c(HBkpP#+_cq50P_L-H`#E1}r@ zYh333c77iY9?EjOAB{=1S8l!(>6|Q9zaN6VO=CJ4Qd!~M0tB+WEgCQHJ0t+sqXig# zO=Y4CI86N-Il_?s`_2r)d8=7yQ)$T!=kok7pF-n?*+?aIm6jZj_(0RSl<2bmD`E@X z@g5k^{dTXPDt<&&w*GQPg8tl}Go#D*XE&_?27F>y?m zQzuwPh1N#W2B^&a*Z?qSbujgYcvuh}YaVfn3u}y?R;LoOv4x}%yz?$Q3E^0aQGJts zgNXOO;HP0O_1-IGsbsGmt`PXEzA2hNxpp9|&34U}T4QQRRUiI8>^CCik8nTCWhOGs znMVeCKR8|3;xOX#*WK?X1=yb>@->uhCgyNyPsvOHUZ|AjWfF_5EG~;?Y{QK;%{>fS z#^a1|lj4L|A|Yr5*wsII;CT8)HOx*g^3yKzDSssb-Fyx)9Xn3J+8*gym4^=mN|H;| zvsE<}S)}P`2UcoRaz=2enlcPda@i6n5s!C~cbK%0;7iWTfO{Z0 zAV8|_{!$W3!)6}Cl@P_Fe;hTxQ1WFHMVE?ux)%=kGpi@KZ>R7$Sm7Qv$ohq`(lwI6 zr8^f^ob?&cjAlxnbA|z3x6 za>c98s5M`jMAcp6@LmF(lA0?4a*3#ztEvIuV!}#ds**9((m8B}Y%nXPNvw2u|G7D- zU!Ei5VW3Yuc^~NJdjzziJoZ)iXnxCzLx_UlIKGvdkp%Ql(y3Iau`k=QvYpfk?G`Hd zsR3o{r@pC*Q~5)}n!LWEEc+C(h6PR-evm7KPd=mZ-_SNWbXEZf@=VRmj*~K#WQb)G z??b>~wh|8Onglp$iXj+TJh7nyB#9W68y3W?gm_!}Z6GXJ8U%3o1LtMG0yBlaUMX5c z#q=FPH(y})+!MRwlfT>tntSf}%a}+FR+e!6YVfpeNbR;&X1<=p5z3j2XrdEgNu^6B354=@1VfU?dG_q*B0o_9(;7~sD>YKV^{M4tI zu{zEUFS>#Kc-T?8kf?{BtF6L^#c|TBPKF*gD(i1&)2MP^LJ!U;C6wl+vNx^3Tu&S0 zPT@GUnr}_K#C-dpz7|M-MWQ>oaQVy7VaB^;B(K`|g%2=!{>24Sr#NdH4+n{bPtZ?J z*_mEGDBhu0(EIHNE9IN&JY;6TSE2;$C^56xJUoO%7SDP;(k&v7dhbfBVpUVwjHT86 zS#L%u!{EH1uke#EP#NT<8=`gwX|nH7Y0znq%$l$Z8-nIwimfgYX3Swq zbA8tZB_P0E00$5qtPpKal~V!J5oOc`=;(=A22DnZZlXabBoO#Fpu*Tobd7$(izgsKkTN41?911?aU*ou6A>|+ikcVu->gj4#ueTm7*-vNX$EMO$nZ48ZKNxmu z7p+v05~8B4`D{fJlBr2-(hVb9ETbt)^k#TSJSK2}vc;f}9{+s$*j(A-mI`~P&p7%M zOF$?hA^)5xWaCi<9a4N>;OZ=g^mZ=SoFHjJ@a>9lM8GAX`r(CwJZTb;XKuo_g-8AN z%03P*JUOk}d28l1SL8{eXeQJxGa46DId)lWFrC;V$6&{?SfG>pjPa+S# zw%WqnP}@vn$g-bz3nIvBNg|NQ>fGJvGW~GtcU~wj(kJ0%9HreQJY~PRO!1J-4j67b zX>Y%Y^k%5D?KZ;P!IqSfvW)?px`w{&G6-p#8lu(mxDGe6lo|aWy7gwrW*ZR^k;6HA zJH{2G#~J#{B@Fqsk;l;QOcT5A(XZc^EzpK%SqcPT7$rCtG9O;d;;+EG1>eCYaFCGwVu zt7?U$CLqDGgT6Q;HR{ChEmQSn{tf44Dx&L6^c6JdbzSNn=9wS3A?%nFH?(O~f z>uuxV?s0s@Awp8+?D=tC|LvQk+w5FGNmE(9BJsH|=EXbNpxwGM?IyB4?E(JYHd_d7 zjJmAYCBR=z6AOYJaK2g=2$cFaRV{s>*{XF|z3x=8uU)z)K3vgp3`i~KfeX+^W12n} z6DJLXikLQ@FLMBC2(HBx}le+N<7NvZM@}jIZfhoas#TQ@9I(^JqS*xZ9P&MsS zQ^gjOHyXUoMk_=JulT$wq>c1+G|s<@07x;Yl@^+;u}?TUQ|WyWz%t_-9dGEHTn7Pw zK|RbE1dTiJ&)q();B2q(hx7r*M1fRX;yx#VJZI2|lPbQ`){|uyE!NDGrF_n#4A+8y zC&je0R`>f$74UvAm8ggcCzENu@NkARdT$G z-JuIFp_bcjadE>KvL^)jsE8BMj>-CjAb5%AQOXtl#M^OS`CtGO6r402zrMPb2>f)E zk7ZIE&93OLd{FgN#e;a4BW8%Vq3SbHKF7V=A>WdE*vh|y4}$U8>hMCYb7tKHfYVi|7@ff zxO*!LAsR8`O2TyT02bD6ceMZf&ib?~ zS>>Sm8=BQ4pDUdC>Mt=NJ!SdcdV-~SvZET+GE>VT!kXY8rfCC-#D%JT7_#2Sn%>DQ zlfKs6EYg963#JXOm0vchhvG4k;7gBRS8YWap*PiR^M3p;7E7o(YpRaC(H8KEjQXs} zlvi8}he|}O04O^v(Q;NA9cajjFo4MGJ@|i>y>(pFLDx2pf*=Ya-67pAxqzf}cOxw& z-F!v5ySux)L|VGLyFoy@-d*&$)#X9Cb;QAZ|{gj(x86lkW*6O*aCy5 z!a&)UmOK;sETGkW#M8fMT+{|_2bc(@fU$2 zCRvs&C%Im^9ozKBVRD zq2B-DzQXIiXV@q9kkk$L8$|iw)J7RG3h_6z1p_lh>8zfJ%PzA!jx#9M6 z33uIfcsK%YZeIVGh5b^*ZSpltcBv8N@;!wgA=@)Cs6Vt$DUVMAiq)L&&WLSs%w~BzlGrrP?i;U?G@p)G!<7yJ1l_l?bJN|_+;g#kUN0nrxJ2+VYM)jg{ z1#PF^jQyq66sG2SrJryf>SZu;?vHm9{%6HYaGZvRDj~IF3ySvFF$i1p*doyvMbulj zvvjX@IXa#}BJ^B&PIY9lL{{PjQv*_~%CEm|suxVh00d)>zfp(eX58wJ?kH4H{Aagt z6~-7pyX7{;M;XU6P4{s2u&U{x^)ipSNe7AVL(k$+R;9n)Z7ujzVY$_QN^T zNhB*Up@SLjPtR3L1QSQ=o_937{p*ie*P8<6C#KvOMewoWQh!R&b@NSP=_z_--hjj$A?J8{)Ayy`UQ>QQINE70AJkH zFjqdg>Q=LcLoZ6Uh69k;ZOYI$_=@8gq9p$7EXfT?f65oq`INBQfuB}dgrqME&cQ)9 z%}O)eQ!eO5Ycm{MYUN7Xt937@@^2s6zAj30gmn)Q#j=aW zqa|;7oRxF_hh`Hp)K0rEH!mPNKYqJeigYsP*dA}A1QTe5E>em1%D_JAU;#dW*We?oLYh#@iJVPwp~6hHr?k>lPE}Hd z0rH!bs0JLqw#c?X!gW#wcR#B@5Uo_P;d|vimt<1UB7zCAz{1#8)eQHf;V|?% zv@p1gHOE2#7zH^v%egMuHiw=mHy`mTYDY^&mOWQt??Ba*ul2&!x4*TU(W&dt;Yc%| z3u$^aN@KKWF>Mid-mbOKh~ZxOIic1Gpff_Pk!ld6QFULwMA?ieNgA;hL4cG#ytQ*J zB3ac0g#frCO67NYnH|ur(?Wn>X^YpNHcwRr;T;cbCUa10r`Jdi+zHX|lY_S;YS@WJ zJ#1fN1M=4_$hmpKa=Hc4nb)J!@qUW-eK}ZBjWkaDmVGMwx#tBs6X2JHy?^1Y{-q%1 zn`z?ZutCk1utI#U8~CS{Uo4oHG$Ijg8_B2aCzGuqfjO;M!&b&Zj9D9Z!{-^5 zx2UX|yJpMHl$f;r<0^3yUwYrPDn} z07#_}=T!43?n9JJ#0PM7jbk_jDf4~3h^4#vNh$Mt8!^1vXs*HdK2yaQ%ufXvtDsCp zld<=kVYz$HNuw$)nwSUdb3e+Q-3~=dW6+C0H#yO_T8inL8%!1SVsl;Q#E25n8Iw0pHu7& z+#QWYK|Ql9>z9#m0ozdq!#|XUe!=jH?E118Hhq7%Ju7^02Piq2EZHY(7aE8Yj&)ej zK_`}TE;YwXIK#<AD zcc}w?UmXrZlYb|#)8hQ~=G6O2lT)fn6Y$)oZ=cZO#QAQf*4vHs%vk-37Dz@W@2&r{)X_wv=sr zSa?@IdxTWvA~Ofz%}E)XCZjiNR(rD)|2C}Q2F00WDi9Aae}Ii&!p9U|^@c&@50n>! z6WVcakc*=54k$&C>rwUCM48-!D??7tk=jR1m)HCX z7lRn9Uh+&QBZh`XCfU#@Ov;A#aXm);y7VCj$;X@@FUYWb;`za%>J1?uy&e8_TM&Bo zA$sGraLHONvC`X9LKaK=4KcO%3AeNiJ;ZJ=>42x=oAI5{)ioNiTNppc$;d67U;1+N z+&@c5=|#kacYz7lZ%t_sVG2<}pJIIatJj7*8k6B%F^u&*Orl<<^jayT3T?QBHeNWn__6kU+$$kD=#uVfC0)54NrHUb=$*6HC zK(CO1>=63iy0HBUe8qiYR5taKlMxhye|Tw!xl_0%wBtfud3>FId>qx7{ZedA7&Udq z6R7365xJvwaDcJD%f-;(8taj5v14+1q;dt$3Q;nYB9HMb)-*#-tQP#(0E*tpC#(N1_GWk6 zcJ#U;#=hvP|KrgZuL_`M;kR^AvD0GH)ZpV{;)uHnJi@D@8(TbOTu$jsIKgXb z;K~$`6-(f|pkTwz+wi#6GtJTh{}y~MXbC;)hUI8ayGyUt-?UKSObID8x*#*7yxu6Z z3f8UEBUz8Um*A<}^auq=gl9)_ByH7J^BuqmeXDJsbxbc#y*XtR-hq*^?~1<#r&d+QzEYhD7v zo6-9CXzQPKP&#VATNxup|Ncsn?U;!oTJokYdAibbOX>Dd3qCTnwe-&T;d1OmseVz& zr1}z+Rmf3U`)h*J2gQBYCcW}tBf3Dp(zA;tA^NG+dZyKSAf+mQQA%m#mD&&cVUbxtWtoVCl=f!iQ3+?%M8GkBIu z#eS}G>U=JzOtKqyXxGZE9r1-JS^HizwEs&h!51TF$P!rQm#%kGsrRloDxbVM1KaU* zKd|Y7GtZmSG%lhjVgU{?TUp(IX3X{hT)COrZ)2!>mquKr=N2xZjkNC7NLJQEEnc{i zL;b7_iBHnUJueP8KN~zO(|VTU(JCw1 zk)G<3xc_qvM(@M(#Uf=~0gGB?F?nW}ZSrslBi;ZM-osiQWhp=+aq|0uEqknt_Uov# zA~j(N*0ztdC-3fdZC)L0~FO`oTq*h*ECaxUR zDU&#nsct!lm_ywwsyJcIFzn$5qGIt9PGLv;d2rb;) zYo|61=irV+98PV*iLC9O6H>$dFke0(Uzi8wqCt{AL`by!XWEv4REO5h|e}8C%n%~_6R`4$XPYL}q zu|?{p_c9joebwraa+z#Yl2kelq2Lp<;1eptdymVC>8jo>hStks&csDoo;P=<+tBFYD_IaRXIiSsr-ni08Jla8{u3#>P7vquTOPIw%(CUV+C4bAHneRdjxTjE z&=TnTVrt3k)k}#5&L&1Alr~9vcS+}$&(i2s*+#XjVYnKXH}xWrXX*Y);~Q+n1dq8N zoEvOKP*`&&w3J_VHtEBM)6*OlQuZ(7ou|~-&;!5}$S~2x=l9RoDtR4*@Zzz*K@}M! zN|f3?lqDTsq(PPRK{n9Y+F}QYhkJV|B&6|0Yc*2q-mJo4MEE~??e zJ_X+Bv}2&6DSjHK12k@un|tn9#$hvIsx5G1@D`fuS(fKK8}E& z@uTHaJ-wW}Omc%LFohghycF2`U%6E83apLRe6^ZoBW4(y4!3|W_DzT4Z&mFNddSfN zc}(3lQ|yi3MCV{^wR+s-FfbV*>n(tGlzohS@B#w!wj}qDa9LKB{qys!q&P(om zfOU$NqUI!f4eRU2{&EbwdjGQ`*Xt0NZPIxp~MoRF8-;rOJdJMRc~R%P?Q{`i_C>z-|xmE%jUQ7 zR|OA*UlGrqI9fdfSt6(->wu zexwj@!NHD-7K4JRXT9Ia-KM(|21Gis&R^M8d{EM# zkOE2>@!&P)mvgj!{8ECooD5Ljgm7siFV}4$5_C1R=dxHx?<^ib^%Xqc&f%J#P4KCh%w#Mh=w?d=>Jc#{mAH}jmkySxodhD_F zV{nM~-dxHg4~p3u3$A@W+xp=#gGOr905mHKH@d}~R+B}y_1G4}uyDFL^mxVO{@nQi zsp|~!>}`cteP%z;8{Rx}RNz*9-dKmkN#(e?l~lK*Hk#CEepT=4xC&dvNnh(Zix2zl zgfBK0Q9l}{7(HY)GkBx=6RAWYvw_3|ucQt8{Eve-2!Gga7N-RBPSxI6#sIhmrai<) z;QTIjv{SzD1!aTF5?o$pVeF3z8qH+K5MeTPqZc60-?5t<>}^g{yz zUzP{+uJtC@CFsd+QZ-zBG1lQqiZ1K!j7d99&>BK~jVHt;L{zcz#86qr#+<|`9bvB> zDx(=!FO}?jTR-V${3r$xpL&$>&e*#xf~DPB>w&}A2_bXM*o{%`XJ<8ZFv)DPu>YIn zg;l2decctHMyKpSnYRpS5k5zpWO5)UiAKFBAV2V=2qu!n9C=OA@8m^V0Ip9|HrEdb zOJJS$#Pv4D4OzqGzGAVu$;RECO%@oH%tLBHHWM3PsecJ+0C4v6h z&%JGs5;qotC@iMB_4;%;srr*;9Q{#o{v=$B^O`VSka~po31lw8E22{)k1}NytCU1I zBRpJ#g8m8q{g^vKwv3$RPD4@X(q_MA9<9g8lSxaSK{kI*h^7%8d5afcRJ~rM#!0!9rnKeC zA=dL0AQ&q^VsO=2A$!m}XK7S{qFhpEJX?0--n1Y_Nqrn<_Lx=kSARDfeVGI?Ard7# z`QXq(MRwMy&wHryK=D*sP`JxX2Cx}Ir85mv`pJfsji29`a&zhMYT6Wk&_gn>=Y3;n z-lb;_B&AKMydEBRuI7f*F&GQ9T)FipFrk>6n%-j|iX zB!Hwc7fqDNRrd6O?1kDu`Qu5@FS?cBuHTdbkJm+|@c7`Ob!AC_Fjx}^gITGT(;yzG#X zc)u2#m(mo{u!z!7N5k@yV))!ER5c;C?v^brJ6K>F_!&KX?}uC5lQ+DPE9^s6+x*5V zwO341qiiv@%X)7M{PxW`C1C#w*CIt6^HfS*3S7!Ho&6=?(oyO3#L{q6?58A7tbN

    ZQGmG&k>DE#a? zPgO@F6`@UV`oA4v_0!+G%Zo3d)T9Likw5YQdgege7%UtK9K{fVXiV2Ni^RFcO1lQf z%C(XjHNjVj0(gYd#G!wC_Kkd^t+gGo6UPx^upDBS{=}J{2pJ7KgfVc@j1Lb|d&vP0 zOqSB^;0AvjJt~rbBII=@4~Hpu^1qB-ttg+Ltfm`F=CZ~tsYPbr1F_%BOFX;Cw(Fls zjPR89c;S*qq=WgjzhJDo5To)(blP62y1xPY@yMEe4<#}4wa|KhvLZa9a7&1~;_}-7 zH%sLod$xbS41J7%Ciry&k1BWrp;F#{wIX7b^@;puP&!Mst2HNeG!&7E?7LAyv3=sl zUR`Tt0vo(uK;6)~aBaPIjQo}SHRtS|H>_#y=ij;T;Rc@goWqYSc;^IyCspcVqd;Yd- z7i2(OdG``gAIw;qLy`05pU{0P=3yDw!DRvb?fRMv*WrjDB9F8+WCqu?XFw|{Ss{Vc z3*u4QN(@C!xsKx$#s#VT^^2Y9l|ox3J8ZO#pMp#KvI;%`1fAc_y#~Fv594RVxara9 z`IPrPqkVHGcyIZnO`}8$AQ_Zz5|mQxh>ZS8liFkfQ^m@Gu1CXDYSwzdO#6qOoM$s4)b7gS7l3d^dKl@XIKN)9J9(y|uAFerlus0|AiE~Y# z;68{VA)T3Hj9Mlb`G8`N5<}fId2vW9mZbE{nwjA0|-*Y11!eIFRTQ zg+3rc>N-GkjPv^d<;HE+H$1|Xrbq%;l-Y?~Oh~`pPDwqneUp^0dxd`HywviA-+rg3 z6Tsz7+vlU+Hz=se{`cG*n1#TOFP)Kefwh4SV%1Jwrd~0R=sMvzU^Otuqv1xFWJ%{D z?^Qx=B=T2ed7JWCPiwk-r5!#jA(y0}7`V)IeOE+0M=>QQsWeo*H?-UEU_0PbvqZ3* z1!pUjdF~5Y20^b>c45MEC}rvHs%%b%_ zfyP>@7;%6RUZt6CPbTs951ht@SxHpCi*xNH?L3tV3ctC0(`$+OuXOqdCeS20G9 zS}mS{A|_#&l`1=#V?)W5e2{J8SXYMKr)aL_@m z(rU#FaXwb94+M);?0Hjgk5+`63KxUi{RQpuXGO(Fei;#bC(f0fO}pL4Y$h)6Bar^3 zT;>l{{?NAa*|+d~ae?#glXA`uvA`#O6Q$hjfvUi2&PSWmudjT3ZXs{~QP9+UCIwI) zmiu<;bXYb6 zXw=sxC^4WXHqlXnjz!}3J%6+sMg#ZZ-nws7+1e^^Y=R@|04d6~%3B2GeuyCpF;*9k zQxATY?;>Lti0e--kL9jZ3XcKQ7LAl9>xFSTJpEw2CQrdftipvEd1~BPebkrq!}P(_e~AYC5Hc|c1w4}hO?-$x50_Jn^BV-jeBuhA$~Pcl)Lm;+wE!rAY2pZ#q`9Ohp>fe&8(_1*+aSi^{QVv}ZA zOhtku1;>0ImAI;tpew*{|2c8`BXxo&5fIorV)BQB3q{JT`hCEdAZ`|*RvcJy*;Q0` zSh>i0c(f-nL0DOqXB%usuX?Rx@V_RiJC}boeeCCC?BeCOTr%X4b|k2$po%MC4ng z__t^qz6_gbsIc2x{?? z<>^vgUa=*wM~jgzJh4`D$i-C*)pNW-;G;f3oy&8c++`iMYg`m~WxFR&AypH}GUyG+ zE}_xOjDAKnUrBDLIi-d-ZI74;FQhv97xt0GWJd9&GIlPoI=w_e`x-heDvQTo2Umw0 zn;Pd?W#%Whz9_}tuHRLK=8Ub=@LU$l5J&hHB|-KymTB|DdlMUHJt>xeQg7OQ-uVR$ zm?}G6GWUIHebZxx0$Ea{CH123WJhtV-DP$7PFytjccHA^^PpS^_JZhhrBaoxKa7=c zvO$L^$otw$C01*}78gbZe;dc6P4xYfxgj`DHQ`DWU_E5=@5$n&4|S+1?8#7`9PXHT zey3%4;Hjr`dlU|cJoKm4<{MK8nbIq?7yBMMoLMiPY45~{%ykN@Rv%P^5m*n23H3jv zG+Ry7?EP(d(vKN%AAi?7P6ujEo?nnq*(d55BORoPk5b_Yu|OH?9x_8JG;^EYUDoqP z+2&)3Bh>-Ih&|!iVkt59lk)1%hknc%KE)jw?*QXYoUXST{V9;CpWG2M#W&xv6@<2n z@D}T^*<_8K6E2`47{WYyH)Rr)vlCNA8X+4rLTgAGW+D~II9Qo2JM$w*ZOeoP4>w-kcO44u<=vb>NI)-7s_Ps zYJmMOvpMGiZy6~`^=Iahl*OcOaxhE>$atVtd@Qxrme$*m{S>1TI^Nph;Dn0$C3j$K zv4`u|Xvvu5TT032&Wvb=#m7L)Zmv+_ZaByFYb~7~-LM6>K&6)Tx(@7Nx>TXT*AQO{ zR$&-V>7N4sP(WbaAd{^m%gkz2dCbM~>nwAXQWc;! zc08M`8XkP-jXfX~%bL?qX_W_sIfolC47_%oj#WeV=`RP=8)*hRRi$73JS8z2|psTNzHl8vUEYs#CCnpMc{@BPu4F;TQD z_OJpE^&&c5AqI8BA-4F4NNImN)q-~B_Z)#E=AKR?U+PLiw}2E!+ZD^ASZi<3BKZEv zQ8@Wh4N}2YlgM#KAG*1=@7NcvC;1|^ZZEf$RDM=s zglQOyGR&vkHlzwk78uEYg0Bg#EUg>H4foDv?>rCIzt8s7Ey*LY#KmEHa0*hF;ZKZU z*2mUcdoQ(e3hQV= zto?^uEgI3h&D5`G3@@ z{t;s^j4zcr1pee&5yliax)mt#cwj4#Di2Qi3ktj9$>H;3nRo+sC5x*2$jPFcW}Nw0 z(?7$X0P9&u*1Q9bKfbHfJ}yl=&*j{7RJ~+{P^X#3uzr~{YT5YH=qaFa(RJnOa(b1L*+Ya1DqrX7u7Hc(&AOtL_yzsSEN1ry5bLAQ1XV2j zdxjs4x=E)cd6OTfd=6v(C_EsHMnk~EhTDX0hmu30xd;Y22fWV3kPe%s zTgkrdjtg5%IU=cB!+p26OFFgf3c}}khYk#d#u29^jvS)bzpLkC&nfC!`75p$051PaO9t`Hl%mKt@iVP+beCnenA7pL;spkWej{q@G0Oay3Sd$yeP_D z>!7gSq7r9zY{1!A-y0DY zZ?cQXTl~CCoeG`pRpSQ?-cBao zDkb^Ry)O+-Vs8&M;_Wx%QMNuZYg%3{ocG#qzB%7cvuq?TV6I~e)gONtm{k>;>llp6XMgfQK-khl343zdmIWhK0KEO#f!(%9gi-sjM`{I+PQX|c zOI6UpC~YbT^yl04RQW<9HDJG%c?UTNo#fiCzy&U`2Pb{ZbwOuut%lhjyxmWlU%HM> z&m5W`e9q|@ZNuE)qODv^s>=rh&{fK<}(NC(G&gB z6Aoim)Q;Ly4x|9SUp$%SGJA=wv?~2Fu4K2G7f2}Hxx03DSLG=Yc020-T({^CwU`Pz z_94_N*}D)6uuN5!DTzm_K*v~u48v(9mE0nxnzO(}vVp8uJhBd%Os`wsQm8zdZ^E*+ zyM%J< zF9UTMt1HozO*qL!Ypqz_yv2|n1ghfR^Li&Fk3^xQ*N_Fa*^_^=v`$9rE_Gbd*@Vx7 z>|Uo-rN8z;y=?wiDZIo&^t@S}{YPV>&@nhA9^T3qXO=<5QSCaUxftzR0;Q&R&j4}q z8ub0j0@W1cTD1Gf*o9|+(b`5id>o#C(brthq~h`i%s;y$;-b`txX>a?3X-CT0&QXC z^*AQh5?CoS{E|YY%*wtuM$}Adn`mSWr~Ybl3}NXkt}-ae(7A7Dh;zuo(HyEr6xBU> z=c--wcY@dAyP1#T7}Y)smuZ+0@$W?p5&68|*76nz>fBb6jj3oXXZ52F3?D66ld)v#QICLnRn zU{(o&sCYnLxsSGHzSpyC6>m^4pti^23;6_FfDkUEGfsj9AIk#CuE!kGY{ubZjUl@e z%`>9UUR=hc5=F@)%x^p8w@FJf3yWjr6sL|b4AAyC$B7>#M5{(`?3{}M})dc zRM@}&n$wgGyT-4EN_?|zQDqSSUV6P7URtqqcjTy9C*`<7qC$H?-*^~HIclftkLMW` zA1JBYV0Y?RylJB2H1Ca5hdJ@|@jhRJV27M~i+O`S(U5dhu!4FgWdX29N=6paPHJh2 z4{JGz)8%6Q*Mi4fT&%h1%~FHMx?e1#%FbPp7VHs86qvJi9;zz=)Uy1<&MEvO!arP6 z(@5cN&E@M9g5nE{u_ZolG-rI~Hx(8I<^L%7bf4QMm&r9ozBgfHT1?6TcWi}X=`j|yYTb-~j(xJnG>{0Tn!hT-hTw@G9C zC*{02ph_Gza~~%9#xf-yy0Xq-ink!AgTtj+j&|Q8l5IxDcynWu=_$n^A8k(PB~11+ zTP@fHPX6OK^TouSou(!)c1mdf2}Qa>81Nj-KNCHgB>N?xCF(>uSGPL}^9v=R*-YHX zG>9djX0rgtlAwpQ(;D@RT}s0@*u;dZ*DuYMIWuYEOQdJdcjsg=$w-4In)+Q) z#5}1_l%vJ;Ck5Y8+WzVXMN8h=j`fMW?eoT>bfQoisOwdPCl+{?g&g=;6oBT>_60se zX(6&uO@wst)Ig2hdQp*R&XoQs2N8EJ!j|&al{>-8YHUECc5?$Wsy}eE8OxAA zY~or%+?S?++IO&Sm_?YiZ5EHnH4=sm-vJM`Yp*%ark z<2LPUEZ}Z4#e1?m$7mzd*)hfFMuskaF$vW~3WHfzDL`Y2u7t+%{WMIT^vsg%Kc=g)% z#}0KgT_N+A07Rb8wG^KS^~jX#vw8 zlVlQb9Zi%Tt`ZKeb&eJGexot}R^{~$?%LPZKlJTycUtWBOBLy-e!? z7n|O`JFXt-?|w;~1`VU`ygfEiqzO+YNrfuSW#;!5DXnq#z6+WFyOwyb+zWz5G(@%Mx9lhX(XIO;0p=tE`~oFR@}MDcenrMrzn9?+c=6QQR;iK%a5j_bRDr z9x|n&9TPgiDEz%cjr?gN>)1jY1w;1yE;s`hVe!+>8^KE~7sl}Y+jg#782EWU-5umV z+@86URC$1xe{3s_$<8Z717T5bhd>Ys*5;4{<28k7%I!13Fs!EoX;Yz>8{gsOMIQcL zqFGPHjI3ZOevb|RAJ8)EakXiK38?ny9zpcAWU}+ia7Ez3`dPEC8WuzJYyu8}=hL5f zo_k3_kxVrEl*JdYWV8#);6_-~-)Z{*5fuTm%fkDwU0fmIH(un^-+>jZ!)ojp;qfIv z*qF0+%S=uuSwO;a>HIT~4$Y3_$?4Gb|1lKaZt;6q6z&|UiFpSb|w)wq|= z{s{kf4IkL%&TM=CQyc&Pvi|QxjeO~;N*zwn`=bfqAFAjHg)Hyj$A25--)8@4HT_=) z*#RE%e+<%Bv-4l=W82mUGM;}o%o$*NpnMoU>2U$ z)Z`9zA40fIe)~^b`|q;0C%|@50hac3o#dg@@E_U#>V%N@pN9TFo&|(nx;+X1U&eEr zj14w|-~RtEvi@&Gu`XCoopC~B|1mJ&ug@QFfP+&T@Z-PQA!N}1(Jve@K7c>|Piy_J ztq>ag2^s&j`v(6-`P&9y{r{VZMg6z=etPkL6b2ro^naTnX+*Hgf&2SEfc5{;3i8o^ zqR<&9@K06z1N|M^fdk7OU~eudv_!g zPch0_#lL)G8~9VN^fGPk;)@1B-{Y0z=>B%xX8?fNGMCMamYKpm|sX7t&TwZh*WX za{pn;54Wgyr_I_7D*N{HnyfN*MyUp0-pzMR#yQlfm(nLwxwWCEG^F<*B~sq3vSqH< zNpp-+_vBt1%@cTJ;ZnKnQxLn|3%ZY%oV~tX#aw2WI*oM@c@=O$=X8N-HUF)p#v&r? zHGn(6mU=Hsip^erO89D-fuPlZ;tE*Hvihw1ecN{vnw@bwU|rhcviT?YxU+d2ut8TF0okZr;1zCJny3AE;+r4x zyzAsU-;M>$-EXVc*j=N?L4%F!P$xwFJ@tOPU+8Wa@NOH?SNLRB>tOHGOx z7$~UzH&9SmP*EA9=m0allZAPVik4#*+uM5@t^>~7sdS{bGVc_vy6Wwqze)eF+C%tELD0n$efS)69B_pv?0 za91=*$S;rIS#@aw%0P@nO9HIv*Vs=njxpb3n#?M66wIH!R;#%Pbg*P@d*<@C}!kdw;)%I+(Zbm}c{_gC1X__m| zZyBkJ0TdbH_ssC`eJ0zG`sTgwxxTfi6@i4j$ijndd{V`xHn z+0{39`r8M{Nc#tpK20K_4FerAfX^f+L5_(xX|BX@m_S=BW(jWI?c{cXcenJHOXV4K81m`82& zrP@I2UH{L>=n$$1o1_n^!rGC(EzIJ@f!M|aif0@rkiBrKi zy6zgw&lsDJgtx_;Q@ox=grs*m6MmzxZz2T}7?I82&`{a)Iq^U{Xpkzw1Huj0n<=nc zJ;Iwg4m}wUcU-qf{{S%vhE+9nzkLA>{!i3U{}$xms=9%pXHPHq5A8m^U^guD=Y{SO zZg>dnU0tyY!$-XuWg~<~0DDhL9nILR7>ozDT zhBq(3K>5$Vub$td(nl$XAaed4O#iiwVIKrqqwYqLpZfK74EH(Xa1`Ab?$c9=FoeNPsEjfECpm3k evG-F^OJkHzPvOULpYKjbk&lzXa?V0N^M3%4#BV?c|fg^vZrtL|?`OeDXx4d+E&vbR*kKVyWbq7Lfsvsgx_J^ZT#vnscZTH%R zFTGegpOth^Qd!bJ$5`NyDjbS9U_XeTjF#1f=Ku?YtUBIjgs~hlpTwaY2jdbjS=iWF zGh$Unq%Uln(MjI;p}f1?gO8#G8conk9RZZcu?&F*R|Vv5G}QUjizu4ALj9G#bLB<; zt=2DcnHclQ@PS|j>jWQScBpQT2~_p?0`ls=VeI=D#)ye^*7FW*EtkZBOcW@>k`j#)UL zn?e2m;Zy?;JphYp06_|QZmte|3ioO*lPzHto*1xBSZs)AyjOSU+t6{7dbhNZp3zKf z*!;Ms>RL~Ebxg>*`T?VKLj!{|7j(SO;{ZHJKvPJ_N>j=wk3Tt5U;nUWB!!9}>V>If zJFBlSy~^`N+c0=)Tt3`ye>wfkbNI5kn{{w0V&m~ty%h0H{JeVMJmAsX<;AJB0%jbP za|G;|n^(d6uACd)bPGS{3q9y)T7C`Fzx(v~6vF9k^s!KYh^tpYx>CrlzQxm%k!$-` z`-{QLgl{F?F)_-1K-SAyyeuE2}AusqWzY8j>Jh; zdzXa$Wyt5O`07V!Dqyf9@=y%duj=z%e~vpj*ZE?FsE5o;nH2W(XFS0lhcB&!Tl_B8 z+b&csSoTAs?GcBkB>YdEL*ipG>D|9;8Xj!ae4j|t@UdDVLEM&&MKeHI#r;9uqW~Z{ z8{)Y5BP89&-T%PZx3aER!KZo~sB>#w<&s=nkk>A-Jjkeb$w(5)zv5N?tmIlMFs8?cQz#R#D!TQ zYjC92#&<9#7pg~xy&N}~d`7_vMhDz81?}KnZ=9MQ1)~58*N5(EW?#))d$9G=^Y=C8 z?!J}1enYRaxQML0R(D(p5sR3n*lRc|{YTL}+$jk@_9Of0w%fSARhHCib1VI4g?3Yx zBgL7v+i#Po{g!~)SRnO*vm)1L@+TeN*~9{i%VgqP;pb0D`ekpmK5m|-=mQK z=fGnpx0Lcr%&)Ok-!X_#rEI}>J1wf1@6_B!auO!nDOD_DlNmzl}t}gIoG^k#BwO?UOS;~z{_Eb%~-@WQ9G$6Dd zvCOh+;kAZ0wW6>p`O1!U4PbeIS+w=W*xX<-ey|=~Iq>>!%W4`x^4;D4{q$C%iuJ zb*pbV5N=UC51}?GbUmuim)FrbXFR{t-nwub*gc6G7v>OaZV8>5+PZiNnrjpjdXWc?=XN{Hku;1t-oBoNHTcZkz4Nr*PH?c~ zdh=?ULaZ(d4LE7Le(NFsqxHRu1M@D2W3oBf8}QYAs)4+HSpJLe)z|`dI&uY4)T+u; z_8TZ&f@&dzmY^5|m(9`eNOxWqkbduwY_6WPIdXS}SnO z+IG?@*Hlm7vsQGvm;)Mr8^81?Y2vNbp8WugF;8nxnXw4Bzq)*m1+0fTrCX7CbJr?u0 zJYNj)Niz1Q@4i3HzV%871VDX6(lG2;c!hLJM%0acc5(K`a34=!&ffDQN9!22^rq_4 zM-8C;edD8ev(;u4a~YBLmlV6Z<02=uJNbhWq#_ED!y8kV*!HarrPI+JndaJRXJ+EH z_09$R+p)uL)}8L2&#c6KzE6p$#+wZh=C_|C@BS?B<&bY9F6{gWnrI=k7aIa*GKU_K zyJ2g;$sDF=xc`u_z%sBJ1VLH9W;q26HD2<*;j~@p=*i7D?ewuPtf<(=p&c{M9&dFg zZnt3$tJ~7)ug%tt^hkQ-#xk4T)(-L4$Nj9-YO1&#ZR>BZyj;{Cx^hAdUt@`qt0=ZgRx0%L?& z<^l%4$;KKtCELEiP^sG;;(6mrB-2!j#?>O=-q#2YWgVGcns?2r0hue;$yQ!Zy^*!Y z9-M{%T1`ZEfD(FbEhbqFN}gJTV9FEf>hgI#L$)f74-H9poo|S6DWd@8fuHboz)>)> zU8#=b^EtvacXA6;Er0vRpg>@_EOL3f;0D|hLhBT#mCiPUU9NxUf}o8Y0>>^tMTq8h=DLK#t-qKINbFz^B|$&Pb-n7Lf3!EpqWGwO1jN-A-zqOcO?d z;6V~xsSNIjr3^1sGO-m67GIAfd%KGp=3nWOM3Z0Nnzw)bNtj*-m=$fI0U5&u zU5Cd^`^VD>eanQ4CREFW|H0AO4ci5PeB5rDns#uWO#;;5<||9 zh$Llf{*bvLX@UpdO3YH3>>aPrxZPweEixeWe{VYD=GCl)89A%SdvBOiBeLT>Q3lalibfaIcjj`VfQ ztI!_PSc3X)1vK6l?D&fWQ*cr2Kdbq8z6xG7&Xl#LSG4a~haxg0Y#7Ux$$xIw?l4bs z{90+e@2`wAk7CYkUT_7|D?CJQQ3qxJ@foz+|DWA{Tb26HYCnD?yCzJ35OU&SnC15!0x!L1aLEzS z&ecl}*$Hco;S&yKP&Nr7v&Lj|el|$FfCI+&9s?PN?#%y(;O?V1T$F(9o8Nt}2$$Yx zc#sPMubocK0D1WZLwTjg#uT@kysLZn%4)}(4TGeZ$`&_fuXqKNqZoc((k~X@rPFuJ zvQU+>3W#`!M&MLiiT)$$%llVXf7V*lFMb(N_(V za}d)$BV6?6TE%vxljvdo*PRdLG2W zX7<2BAQG*4BGH7eqzH*=1UN%;)P9!}03tX~lu;%-PryQZnot9x%-9!Y^;&e_H^Mh2 z>|nUYfI!}GEq0}?91G}AD3??Qi;`cm{tK0TTW<LQuBHGRd#3NAY-|-ajCt2P}*$2BHa=d+hg*Xa`nhc;{xk@!bglqWdw& z#K@_?I|{%1pNS11vCe7D4UR*zM;efJEG4|)CDXG=R1lm}PQSmkKWmr`EL zYk1DL0?9OB7_KF{;st=PpEM2uEG+HI%9F(5|I`?r13orhh zBkj_oK|k7q1;0-27gbQ+l^5m74^MLYtzos_UPKX54cI<0$yJS>F&ESmZ=%jO*IDj; z<&e?5i246)M(H?%*Rg%}Fb}(aAP*ZgZWx8UKWZunz^{^~KuMTv>IPF>e8px4b6g8h z*GBO}q0rrk#r@BD>j}sn?+WBB#Z@CJ!u`k*ClD{=T8HA9*Y;QUhK(Z8fbft2#g~qAtIuo;@gPLM1R@WMT`C_Lm)#EzC?cW zXqE|)AU_m3BxiU-gTuK_Q3foAP@@=+y4*ybcjsAkSsr8&%g%;KNCY69P_nsg$HhfB=3)AVb7K(Gtjlqc(r*Gn0 zVfa*;tUy16jHX&V?tOTv{J?~%6v9J>`MYc7y7H#O%es1ieW9&);aVrTawP#OV|UkP z+xipjc?fvrXS3iY9Ln&?DXd~vqPf_LUWF-wU)PgEH>xS6{^olEclQQ%IMEh=;ax zpACSe`WHu^JegJQ9u&(SjN^*b zxor-zaz%b8%*!aZ65R!!o_ZG>p%RXKW0$Jh{T>bo!l@nd1{yItv&A)v^i6fRe5KCq zruu4L!xG(yX})wtb`goEc9=bYA@PZ(nu}D7n=o$v2#Qw9X^%);&t`3OTXR*elf;FNj~r;N6GtJ>f0% z1jb3Hy)?=6XB;xCd8$lJ+6Hv{wj=Oi9-!PL-t83evPsQ&{negWD9NIm40F(la$O&5 z2Rlw9p>fZ^tDg(4ISZWD*GGLSPiO#h-!SilPtb_ok4Tn+|U7lEoAB z*E@GI9qt)T4Aqz+51AQh5kZqL%Cv-kebwcQvI^fWZk}^unZxr7lB8Wf4(q+J3-^$& z15F7&A|-TJ2R$e83FXN&bD4T8z!~Aj*0dXxmeGCut$3*nczlq2dHw3jULLN0Ss@o( z?r~*uM9-`EC5PUQWYMjA%LjvTu;c#wr=8!e&1G$P%kq%sMIsq3*F@D<86_wpkIhpJ zqhgr<3e^8s8s}#Ox=wtu6vF&C``xd*RV<^ngOpW~bl%5R0;k@>h(1K*H3%U8kpFoF z0IAU=5oX*&5`oBcn1B@@VY`uGIl9hd6&EMN9|B72F~ ziNdQ)GhjC-zLnH*ex2+h*XtpJ_cxij-T-Fu99{eBm^+$jc|A+GJt3(2FC!#WNgT>~ zr!3`asd>DUyK%GMu0JSqb^+ru#Z1Nd7j?!D0;+cDW%t#(rzb^jToO!E1A5TN;EvHL#iU^t8Pspc4DsX_gV!VVBDR0(?jq6St}8(mo;N4-LPI>8c!A7G9tl_j|G$y%RnC_0 zG5gRHjrMBCt8vpmdt`qdoAg5Sa1x%6@*$7zn$r8HEwsgWFiqP$LuK?sB(b>uNlGI2 zl_1=2pKmSSADe21R&;*@!y|}=Mlp{vYb`8lH6bWFW8ZS-os>s2Bdo4 zlkCnvWxEIR!`X>oR;6F;FIy^WP|tkncaKcZ-!i?1d*T=wi!OdDTsKH~}`JV1^8{=6|THm2F*$LUe1X(oWl%B;)7;4qbF%8T8IZ6-rQkVBj!D)cuQ*z3;; z^gd>Pdk2AJt^dD})DWw>?S>O$%CB<7HBQjh#ya-iPqwu#_|aW1Cw#=^vZ7-4kM&}KbEst7?a zLhJl5MshGFBEnO?F5_;!`tryp7jN;--;zS=XF=Qy>hj3p9El!+^}*96g&=IalIw=T5C1qfozeI~ zqyzm&It^$4<$Tze>m5^F!F{g~VV6>3W9$l5vT0X9eJyVY{5GkyQ?IXj{7$67?AcyL zP#3*2Nb+UjMDrrw5Kou}{cPRUCnUc|guL>(;A5GUuJ3xk{5P008D<>p^ zf|%$SoDmES_Y2xSe>lkcP^UPg+P7)Zc^-Q)y^|S98i@}Lq4*aqF4<%?_JndOW2>(k z-MD%eb)Gv&XE}@gvPL1Pi3S^Rj;KizyZ>bckwbr^=I~8ZVSX$g7oMh^+B>jVqthq6+GUp&c4Y~-$SGks#WO%iBTU)Q`Ug<61o`W*4iVj6E16TW!CpA3i z?SM+!qe*Iri}qiv3~Mo9SRuD_RE=WJBy3auxOH>VA+Q z86+ukizb?sxC&(|mU2cA1QYhweesJj12Z+QkuChySTZ?}47ymAcb&4r_tQ^N{qWdl+Ubu7| z1E++&CuCRpjpswgL>T;!gDhrEnyM}+GpcwRHd1EBW*Ta%9R!fA^t1FSZ6B!izrtIn z3^V(A{(S4HwWfQG zXU)hw>HS=wN3a%|Wjmd)I+mO@`H6wUrXtGj`08c&*P7!hl!zoh2NJ5hXdqee`XJ*# z`DZaK=tz2*lSA@rv8y;F7>+6P*O?)Y1QZj7go^y^@LAPnU`y^d>=VdxN)B}G(iwMX zp@^}K^N`#TnTh@zp}%;vC|gOzptV@4#~nMZVHA}nHKYi)?GIY92QvzKakHYEK4?|5 z&s<{-`FWSip5g!$4n~qU_JfP(W~SjE2b8gEwZ48hv8sAQnR|;FO~ie7K8JGe`bG45 zw1}=aJp7iOnM=MXH^mXf1ccEWC`3e3RhnWar&%omN`Q`}5Z{^+rM; zj$U(`MVhu0g%25q_#~h0(9mhuq%iy>OJQIaM+%Ris5AZr#Ia`!M14(>@n2W|VPKc~ zKqh_8!J1XFmK`qp*9Q);<-AKGBF#$gWn+I!r()Y*ITG0vzGdrC(=@4b*0}VpZ(^U& zbn~dZpJzyJ^03v2dwGC=({sJQl;_f#&5xs*wje`56T0n9Gf(TJfX{)3kdm>;ok=mq zPce<8)D;5C{17@;K~UIlblH&+{f4#-s;ZF-(VegX!>S|k$dGFzC~D?>KL_1ev82?$ zP{%4t(y|JQW^+dSE5jZ$F$DJ}`b2=r^Y#I-dqKW}fue4Rv)SIedCmpd@y6H?4@Bd5YzFi2qT|qphJf1RpKuwRy%VL9RYQ%K~4C2VQ7guwYigj`R3Q@f~tZPv} z@wc9lQPpj3rhKwrat;#T-}G%)9@aQ2T!4C|cF_EGThb)3NJ3Q*q;}7puwjB;!L8PF zkWHp%uP~^9I&7^ff#}J>1<18~)veIIr|b zo8@T+oc*{@vNttWOFe^qe)>rDqGnQXl0h`0)n*Y>8)&!=0x4CVZ6o+-THj7rf8!C*z`Dh@O(rrmxTQggFD}b+oeU$tW>T)^<@! z?ETFvKh)b*Qwbk*E9H9Otn!jK+3+^uI2VN%AvS==`$uj*DVRiz@`%bs=>1f}qAD^r0h~n+%3X7{pBmQ=*J=BI>W* z4Wr+b0tGOtlu6gKhiv~Eq%>wzM>qz zEz+__o$>T?`msV(e02>kag!wNuqY9}Y$WZ%sRBaP6x>_{u02pTKA^;UyC&)JkCkQt z$--eTe6ypHpbIsZt{sI?ITQB`i~Wz1;dBDt*_+)|8jlD~9oQW=FBB&=n@OGw<4k!Tnith*zPeG%b0Z)Q-YJ%+P{78l_33osYyYXbnDu-JGwHG(3)rF zw&j=Adwp9DYGygdFBE2ZfKTkj@xxmahDsMFqoa)~AM_6vbA)BJ?L=M}0S9#hQTA{y zC|`(t?Y~kQiHa|7cJ>|xLAxjDR?jb4*X@`` zm^aH&qU!}@#&wvvl@BM?p}RsKGbHeO9C}_evrGx4N%;M*OhK{)Kv+Ri((C4vLWU1? zN2-GetI`iYL(Y?1Bz_@e)p*dTLcJ4K?qHmnAK}!etuZikr z9I`H^^d3*_q-OL@ne^h`nHn93a&x+w%&mXXue^+jp*b&-K-v<%>_$BKt>?TUIAeu_KXki5Zx9%fB1wcljFNBz4G>g9m0<0dQwpfj6><6`{gP3!} z)7d!X2s~=Q~kVp z;H#={dH7~l5TRzK##l+KLYf4mJE8$}GS? zuCvoaav7ZyD53DKsz?6yFn~oUJ}m+(BFeTbghO(w&2TfamyE93;J*K(E8a zY1u24@ad6PhF&P`$3_n15%&YbfjN9iu5vm8dWTo0xR=S5tc%4BdL41oc?3eM^fzHj ziIUYiYd4;HYx+Q!f^G}UB)kF+!lM>(pW5>l^u{`$W5t@PR^BJw(zVV?TLz9&ktGUW zm|$|dc-lag^+E;qnYz>G56#P6q8 zachsOBFp1zzord(4ld6A9w{feM_yhkp)})-9LOWicw_FXxq0+BR)l!4NknW71=hLn ziYTm=LJPd{CT$6X&i|iD*npzLUI?A!XcpBiBQ5yD`^+f5D%p-(j!0{RG9%~x&Z1hX zU`GQ%z!r|kkh{!Bzr_n|gzCo+$Xjn+T?$7?)%}hZG~;a zfxayIswD1{UYX5Topu*RwQUc-EQghZ&E;>G>kRZWv)d;gE7P_U%3a9&yz}CJm^6za zY%VO{xDllj56QNrnB=}VPKXz=tUM#^`Vx&r0_*8%!RRkB?b^&~?d_G*MIr$XGMAqY zGsoVO6!?t&+{y2}ADtkmnwJs0;BW%tP!Ne24X21Ei!+@2#Jo{B{!A*c>L%}0z3R=O z4)ZrxXnQBQ9e%sYsvcPFbCvhu2jP`UY8;7ZE#!$4R|YlgyvLXf^Iheo=|jR3qcoIn zf+UkNKzf46fVmW|^PC%WR!BDVp=M`3O$lAiE!~Aq$1}=#{UN45>M^q9o_mTtYKd?E z4n=a3z6B}|=H-E=(d9K+!gWs%m3;nko@Iz<6}f<2C~+aFFN1u0x&C93469JuyUlT# z@UzKW93VD>HT6u@5?{cnJF;NJ3G*(Cu=OLWKWy_2;&_CS)8~+U+kZxiftOUb z4)p&(hS(?u*~0VWgM%<9?~l;Z4c9)NmG~RDu!BN5__D3o72OW>!ucRLd<4^s$xmx> z$(pKC%B4*-jQ_HbvAarIW2?Z0@7PVAx1K~&{VibGJ2o>3Wnotky^`Q)3UpRA@Y|Y&q16im zrch0_?3`^=TYz|0oen6@no!)~MR^GT3eeRF&PyLu{pFEP$w{jXR1aoFj>Opyd4IGPB& zXAWp#u}A(PI`OakUM}+=2h= zf*VTx9`@*=-+QKB!N8G0UD$u4fM)7N& zf!A1D*7>XX=SKEvIg(!NE+{uubDG*bou=*Rqb2nST^}b1tkkk^HD9u$*?$oqk_I4I zF=V{8)V%2@>!v$uCq`*Jc`&wX9J~oAQn7;Uvy*_<1%TWExPjaOxCse0jNsZ{8de>E z4NwypchN|sARQJ%cNbx3VQ`UeBmS;p^*7nud&tS1hRPNpJb4JrK4=pLyYnAC1fmb! zgzcQrdC=Q^oRE9bbKseiu7Jnk#-K4iHByIVtb|`#p0i2Dojwy$^9U5aoXyGqT@zUYIOK85cN%97dK|>(PMpKBtkcZ z(j&D>Vt zqrxI14jx{tV!hy{QCE=*sD5SWX9Sh&!3<5pw?{R9;tNpP>**GfFJ+aY#y`hbbA$)K zmK(qK^VZwjcV|)4i9p$5N+mBxR&ucY5^nukRL6Q4+c|TnQU{)BfYt@AhGNL5Pd6?v znlOxnEt8Yz`-av(*nZ^n)Iw1vWbFJ1oHYBholCfqVX?eO~8)(Mft>o?)kYJXv6p(hY7hR$En!<0j1hm z0JpxRJ2&!Ba%P2UF3O@@%8-HwocH!qL(<-GVYYN}!!Jr^l*b4y69GH-8Sl=9USb2b zW>nCw#U7j58Dz%Al$vvksMM?fh3*+z^b9*B?1&oOJetsH$3wtSW+Q~*?Pk!XX*6cw z&cqwFN5~8Z_`e}e7IEG!B2C^bM;3Ky^o>WC5`Urky&!VLSM?ZhLmrY!v;xP8l_aju zH;dA-7oPT2W-Hy$A?Om>4f+?k5;AnYw23p>m#ygQh7~GTRuyQfuf1-^afO&0~KbYWt#e{pM?p^dpI>Z-?>D9S}DP<{8vXl;~1?qLCIgCKLTa_wX-w zBac+Megit1wT%3rK{yT%>eNb|{s_I6KBW;9WTlAyYO19^S=#wj!TwDhcTD|AZ^>o$ z7vr<(&R88v!!E2GI{L32c)y>A@P0qMN~rW9A*LZ(RGj&l9ngrl^KKJaX;2sVB6|!i z>WH1EY4spr`kUk;L*TW44a=qyu=74+4wcQ!>ub8F16F^w@-*gmHi3V}(vxH24wZe7w%7B=WaZv7 zQthjwux5#{Cxs4(>!CC_6U)Q7g)uJHt1&Ai}L1z5~*lL@| zkl8jScH)tc`I5udA~&)lR)j=2Vjds-; zLfdWtd38Bd?NImU@mUbm3r;sIMSY&n9&HJ> zPt-{@gSLucn=3TeLs5$hT4O*H$&k=Qdbp%YK~_fpH!B02=atEtV(GScMol4z>L#;@ zHysKX63!6lpXO_El`m=6|5`Lyo35}dkaTg}y6E}lS*-G3eze$N*+w+Ap`bvO^7peW zb5-VgG`rnP5pOOMcr+TyU*lg(7Dy&J{*zsi6zz7`2{Oyd*IXTATRs45>luY?QPbush~FeM^APOw?#pW*kG&1Sf$}wIy_jf>5-c5Hxd3k z>gm&!QpnoVlKm1h{|^@jsiHqzlK*hgk!6(PJr>9&fG9}AFMgJjZ*IlEfRvdOotY7? zCMLS59DoUNUhZuH-R4BxQjk-k18H$2qOz%uG|i^gJbZwU8D!K*QPAPau-YVm9!A{7 zRWoU?Y)bIAZ)HUVvcMA}V8^4{8r<&1{#&`C#$Yv3l>k?Fr$I1vQV z!VL1gx5^^wp>LZ+MJHxtIdBedhoo__zWtOK@Fv~p0bH>w*R7p(KodcK%NRnp#P9Tv zO#Vzm`|kaD#mTx(OCAf1r5@uBVJHi=MSd}Ky?1zYg(9Qmy1TL;8ZT>^POL5sL4bsi z&{9Z&Y~@5J1WF1GQo7E!$_SsNr7N{WU;~i#cY>~=!?{0WQIQ3A2O75j+UqWaK?ME< z?o%3sPq(@h8i_M!LIRThL3gJDckdyB>)zZ_w}&ml+-1@|EWL@9uMU7ln%%9AXMY8m zi-GCS(Kmbr)SUl&)~2`0lWL*i<)Wg_GgfRkhc9g7F5Z2On=Hb}j*1M>bI+XjtaMGH zf3s3wKtR^{y)X9UdsCMd;uv&YLtg>K&p{9YvQBoID~k+@@NO^9NH~33l*$Yph1Kg0 z5~{UDGfJ=6daBIvLsgvB2~y=$hs@8rc+*NC_i93vM`zF)4=a<*S?17^F%7v*tG*S; zQQC_g*TF~jz83{K{e#)ZJ#mK)cw|bWhu}<1l+&ms{P|Exwpehxe>!X_q?*kf)Si=; z`4+!er8UyS1i64rpR`!-zBFwjm_`QTg)igl$sjCV} z2HE6|5j)bAWFY_d*%+mvu?DqP$gtYopL;_4-3h4VOi9Hss{5l<_TV9;e+#8{LdwqY zwg{MrYQ7cwe(B2c+arND02V~U>c!#K>e~-V3>!+FzkXS5>p~En@`=g}A1W`5W>NfB z+$bvLh&?)~BT=|RC(5agp5175g^P6U|8*CJbkpxKeF!CZ%Rsmq@`hFUUu?4r>eA?6 zOx;J-+9USDAw1RkL(9t>_60`&D0Ok-eGziVA{wA^L{XbIm|jDaH(mG$^UENWm>@Fb;;G z)PF+Nbx&l02(^m=qR!ZvD!CD^>mKoc+(u9ln~vI7?8=&+QZJ}odi#2Uv9%zl%4t!K z#Cd>yHU0*jZjLOA@_0h^jW)!Tz`Xut@b7IT3JvJVV6@A=2Xxx8UTol0CoDx41sV=u zE4(&VPziin_YY~Y7z`VURf$RoO~R82V;JqMVfi?`;b4_f+HpcB6553a{$dYu*v6LL z{o?77M&90~1u^P@`8IUAT`&OqC1^>tRtJ(KfqAvc;b$Br3X|!{e(02q1$0WXU67%` zoejilQ(|*VbVMCTSvCIS>J>BP2;n;XhwF;*4;}R-ugr`HD}}}zp0ZzBHjcBIUj_TV zDXU@6knW7BQtJMPMSMAYlCwl%Ee&&Q=|*(*=@Ifp+dp6Q<~ z$8soiA+mIa$g=qYN9Naix6FclaGL6|9EbhV-6w%!%)$x}mg3*w`wjv3;_v^p$BCIV zPInf%Jv_2t1ZVOs14K3ODkg2IU!L4HHaBHu6j9{crvDuSh|PwJ!Elzy-6%>H{_N6% z=*xy>x+UMZOdNGEW?z^Oc>CMHZbhVzagj<(kMGKFKfdv1-bdf`w#l5W^U#`&aoiHdEdoOD z_&=QsXBKDRyUy)qx<@;fb9xO5GCB?liuJGr4T2{&v-`mm@Tt3n-7QaVE^I^K{II1w z3`S(bl(+xoAzPWsLyf7^$x-V>=aI@8UZMFp4d$6b(FFcqog^)Ggg%}yL~HXrUFfHa z^_G6hdC6jx5kcoGYYh(Hq}9?u8uT%~nXYIM0HGOnDAG z&a1FArC#CeqV>51PL3Yr=23HULTkobq~ufw@1)V9*(k+by%3VW{|hYn2aef%d1d2xO1~w-js7cV(`x#R`$iE=B@U-*9sFdvMgK`vUn` z9cfDQGxrDPk-gt@ zXohp#2F#fvm&~A=x)^+>0jqJ(`>|ooC-GAm zf5RL4EKM|N>ED0Zxlvmia{&dT##l!>hA8om36$sjrXRrrpxbNL* z)^Kr2f3u0jyV0)^@Gw;aP{1H!!*8q~YSUD3IQA2zCsL6s>H&sdcoBQwjFmpcynDihPvfY%D5VhEmyk34h=FE$)v)6 zhf9&9RW?>hJ}@wy`9Y0X(FOV{_dah#YF$Ru-ssl0MD^rA7_ zn+j5%FKYO6J;jvTACS&ALke08=ZJ*?Uw66>3Kti|S#3iyvx-f#nD9{Q?Jrzg@EUn+ zw~$s!A5Bb%8ACRQ0_Vv1H1Fd1*f6g#cOr2!^Ru2!(3SSNzEy-=bVIsOCezJ2ZBe+K zuI2gkDa9%47W(^UV~!B8%g`CYH^<2R zL}O3^0Vbbm2%JosV+f@$Q)<6$r~9!PL&Vca#1u=Ek@12EgzDdg8X#(lwm&!C4GBP( zEI-4Zbbbens*)#&vD9EqzNM0|&wZVb_Nf#EOD+rqaagJq%2zWbTA6)DmcP20{n-~9 z_bpVU#n~SeECmnkJ4BokXCZL}E?f41)MySo+(n@|hcetvVV22^#eh{ePPYE`xUVXK zZ-)`!16fA>Et7aH5~uilQSvxVxA5SUWp`N#I23K(B*;oyri}GsOJX_q6V$h zM%`NcldyqxDIc`j_($jLfbef71(H*weBMva8?X{qm81=ru?lbS4M$lnnZ6Nenbmsk zossj$VXI@RwI!@8Bc$60d4mY4fkB=kAy8%2tZhx_=VC6H1oWh#3+Utkp)Cy%H`^Lp z&CHf@+GbJlp<&AFuC$yXyHPxNL^V@X^zLw1k_?G8>XB_jl7RdrV}aP8!sxwrBkad- z{HmVKBa5s5iUZ1UK0>+L=Bjo+Q9`S+OVebLHJ5XPt-Kmb5FVP`xJFc_4hqPEA65{G z*Wvso{iBenEhry@u{iRC1alH&;nr0q+LSgUAuR+qqMO7_=T;=~Gxv}Hrsd--9v6fx zx&fUsLu)E6@H!9p8+9BpKRo-Sijga>g3LmdU9Tj8!M4!T zR8J;ate>+QCDg~2*dNu~N`S$uPaEvFeD3u~8CrR?{U@DXo&+wsOWY3?=Ejr1ySo)i z;i~+?;iB}2qITDGS>X|85^<)Rl=4dvQ4h+qU_PN6rs=r8p+YN8`-H4fn?9ggxB)rE z`Mcsq$SD++cPk&d9BjCaE9?4OOblyiQh*4bD)_*o?y1bL1xoXR01BgnMUa>^xpSXt z&X1dY>+ud%^0&8X9^n=|(FHqUC;cd0BdX$y`Dy;eX{UBceD;FAP=IX&{+;CAq;Dca35VN zRm^vYK}a!T9|^S9Cl=tposH8-wA?SSpN@zATpfKB;~?l4zMwcWhBMqD1~YaE59Z6E z6_X;hB{PmPbh}NdRc}-c7(gL=PL!x)cm}rM*Jf#++_w1wG=_sn9k$KB1))XQwU(Q7 zt+1aS+CRN{Ja~B}sNDDlM^Ij^JL`%kw}994cC0ciQ%T|x*LmK&S*GKA8{&nESLX&v z*w>?G&3C)X8F>SqxW!@p*_0?{pDk&KD$t8`aCGn_Q38(J7iITgu<|+S+De8QEfyGj zd8Dnwi|8iLLD;%Q(TQwgdTn~-)~>woU#?uG6tT8rN<61N2A%8uz|;tArHVLK`xyok zJanvWLFbp<^?<^Ljzik2D8P(vXT*LS$a_IHs4HVb4ag0Ary4pB8Yb_TGbp?!3Q6Yq z(Uo0`&PQIU4DEeYYfi$_HKYbjzMw~5=`r>2TeqD&{keMC-ns7^Mo*0~GOt^Ix0oj9 zRi-E6LqVFFJaUj$ZkhKx6R=vNUu#ePcg8KP16WVb}1r?FnXjYxxKt<2j6o6bbu`<0?5^8+Of>#(1hr zgNB|QEW*U-3AFID*%$Eh?$q_YU>C?sb@BwkM*!zSdcigE{MF1m>#4r57vFiim?mj) ze$8X?^O#tcISbL?H%9m93B|-YDMvBQ$*(Bh*bW~$o6Ux~p|KGpz4^>L%hdMzt5))R zxYqfGb;bDakW102c%OC>oJMuTS~^+3FnlP=95d^Gg|^MS$4+hl;?Yl1o|0AH^$~&GUbG48ogu)zI85hmwlH zxGoG@V}xpXNR$9Pqqvr)@JUxy=q)NGFU97ngHx6{yyFQN&HZ3Hw_?6%syd?-yJ%T( zfic5aOFYIp zY^7b(87Dp{V>lzp3%c2CwXVjsFjxI#xA`1T4Hl-(^^-%yT$YQ5S>#jy(&B5Kl3^m6 z7SbH_q#>3&+ovvu8RQ*JT#sb|Ud{;45{lC$A{rHco>J7F75#yP38a`K@6YJjFA-V3 zeKa@3D$Q~%At+&vBNo@3AO*kHx%9v5Ivy8vAZEi7gA2J)ae^uL|EQ8ABrBcQ9xbNfM*->Jr`{O#I(3`HOt9m zah*5~+d3;#^7K*IeFIWXq9gq=lGXw(u zXA2Qp#|ctJ3l-&XCs)?PW2s6NgpXrRTZfjeHzL@q#Ys?xgIyRgy zPC^}_PjgTR4absitjj>EH72zAKnG8hl#(q1RZwjB$a`{<6AgB#VK{OU4N$3J;v?e2 z(kFX~_J5=Lb$j#%%siBR2*i^Y-&n#WToM1%$g_vFz()KNDk(q7eiq5Zp(!6Y-**2^vqt(w<_G7Zn_ zV`4#(&?j$5LUfq8X5|Ni^%e9}49n+5D!EjCW-`!N#+4$aNT2!Bm#qnBCxaxI@=Fd_ zOcwBuEzZ5HHb!baxq+XQZYwM^Lu7QhTs>wcv#JW*j2UQ<7!m%JJmum|)@{~W#305I$&ZV?vzM`HP^XlZ0zGLyGH-u9z57$w z(PL(;oQbFZFl@%3+%{(|lH)_&GRW#Q#F>W!blvw(&#$VI$xDk8ZA*H)v*0A=N0%QIGx|5JAbf$yyz7#l-*xabiWD@T49+}k)q zWTN%8IPnC0!YFLzcWlQZQauqO>rU%fl_BZE4h#2vey z{X%23`%$;!1}+i!&h8snOnEVf=&h|E7` zQ%&v94$LA;Sz>ZRaZk;CvqtS3SH4f5;4B$y2V)8b6{xi?YSkI5a82ANFg;(xL#Q*2IY?sF%3he*F9PzFlmXuTT z5zT^60;pdAsN&Iie{MVf-A`W8L1x7IhH{n%W|X_HIx*qf0G4hSYlYj9n&YXpp=e6N zK{wR4xA0p>efO;lRLU)X&}A9%6zH*L?np%XMDIGU(#z>})*K;+>t!8nq(sC#YmF-h z1bW->wGQPZuNv=+@N?v>8l#Tz+v>tWw(k5!wIeYG2vM4NCiRmvp-SR&vLffK28sMH z!eO3j*(G?RpMqR&saW9(yi>#$A=?vX z+zjYNf%RfHA2{|Uyc_l+tdJ^+O(!}(LK^#3W@bifRQsXcF?+x-1pQDD8sVvh-?9$q zo~rP4-l#QJJ)N!(ylKjWty|m6WLR?#r}2=nyIfWHrn)}X*^1U(~AIvU5HgAt)C7kDF-=(9wQ`Cx;u57pW1n`T`o%X zf6BS$ST1_sP=unSUVY7w%=hj3{C9AHJ$84DYq1ZMX_Y4c0OR>P1Lw@dp4R6!(%!#V!d_KE+^$9Y{(h9eG#c7D(r6POxaYR5KM`#Svq3P1|anJRfS}%qBDX##QI)l;digobCBQX=nL-LyQvTP z?x+f-8pJkSPk%6QO_4GXu69Yi)vy1NGt}dH>TBC6u-z}KEq_cDIwCm$zjkD{l2!Vu^@mhV?Ts_{9cYs}(rVEnvde@`NARjmKwb zQjJhQsJ8f0g?tV08&+Mc9d#{ZJ8unIyt`NveR<2(Dv!|f({CC7 z9Dj6OVTeP8#FIsiHCTATx2J5k=x#`(+tKlrCHA9q{fDBnrB_=5EBD%P&rA#;OY2A+F~@Fq^YbUc4lOhRQ#5_jhd})IO@lu< z3F7W4$EFsVr(Q;8Dl$Ib8g$72;^V?H$0PBHh9cZgP%5K&&VG?oVnvM^{G2?fn-7&G zguMK*JxDjQlqK%a5m%_TxjFeB(Ijen$uBWZsCOAtoE(u93a3DSfVAI|?Dqu;^Az(= zzvCjFDh4NqFSaBoELM%)@Stfd<~Zzl92F2pG5KcTd#RI(dk98Vsq>ZJ?_nNF1d5r2 zqr`_0>vY!+gWLABd|ApT1jD*=Po-F0(=nuxi=S1$Pu??B))9~&3BYD=&YsFwb}m;C zR4LxrDCm%D87dr#12VoO`1*P}<$vGgJG1?!QF|ufQ83?0$7$O(w+TaZE%OW&)1MCn zCgSl?kEACj?QTj*A?76QewC7n0JbRMh|x*5^!;+#svV9pHd`ThVC6*jv(RgBxhx|4 z>u7d|$jP}U6O%sujP&)cCkflgq^txEYcT2vCm>Olbw-79DqPOnM)k|2$X-;cWos*T z78`VFqC%K0N`b>E+@z3B4oHV+ynjiQ0H5ZB zLGCvJ(JYqOu7&Y3EQ_bWA@Xm+2g^aH{vRb4PfD(Ymu!67LGSfuMU57Bu`%O5{z;JS zy`GKCv7}8(c`PvbLnHinRp#&4e7#gedFwMColV&@NF}{u=hLn|%)CSrf-ZkY5>h z`y`mbcq@fmKhb5D)pavU@Dyj_Xe6fB*gN{j^wCY5>v`z1ArKfZEC7@;VH)GUbLf`J z3sIL8j^0yra^_C^u|ekNTn#Mlczn)7J*@6{B+iu5HoTE2sl}jB9iB8;5Bx|hD4alC??i*i`6rb^p`60Nc&|CeKawGWPLkdN-QsQoe%r&pV_ken zEhrsI5df6r90}%$x3*OH&pz#B>y^UIgle-5rXBHf&j)yU&uS`oGifP(wpyy#OMk4( zmACxXmyN%8wAF}}w5_@~8vyBkX(!TR|J=$qv1@}1HQD57 zX1c=V(G(M8zQQHiBzGFzgiDF+Y~$U-M=7I;0u7jOTEP$|@T|T}m{a0gf&5nt<1WV~ zj!!XGKEvhb}$fO7)|e3&f@wKR@x>d7TjYy`VtlBIxbCqF;DHPQwn&heo-p7 z>aMp;wW(4~?y$n^ORM1xC>Sh`Kk(js9xqfUM&Lvsmfo(`B^@2{WJb)v-1$8k<#_oE z3u-dTG5lBBDjYs#6h20AQdgZqesQH($w0~V0NPKT01W%Ta6Ax6oUJw*q z-;1JuwNXyExarNu>@9m*5)S8YqW&52WI)V0*fvO~A#^-cfl^Pm2$D3qBGq4PI;-Ux z5!omA=^>#+(n9ejLF(^yW;Jn(psf2V!cS&~hymi=yB&)lCXp$~DIYT1uj&F(G-1<` zEC$Rskm->mrLvqD(!dNOe}I~oaaEjDw)y}8>rE`%O~6S(Y2`io+7C31jzb}Op}uJF zYxO%N4<|jNInjfQkqN`P@Ag;htZ6sI-7t!-&JeSfARms>dtOif6p&6oHxkh1-@C9r6pWIRLoFaL~cvIN1vcoV@ zP$5t^v!VC`_m1J#qy=&nk4amh)_ zT#%2NnwkJOivww4+tsO*;>jC7T)%612iNb;-Hz>#EGLyGx(JC|sW_duV6oUxTt7$I zw2jZgBP!V{HDk@twE!ESLirJ?MzfRo|KM;as={GYS^blfflSA3s~!gvMA&lK6+L*S zB+=~G!a9g$3X@~V;rIWSxhl=JoPxRoW<9ad#E`|QA~SsGM(LMQpfiWZhQcE)9_-aR z^&SxPKFGc$*sci{TnE3rsAbs z!W|Wl8hv)J8*?$;|NX3a8VhJLPIYcEJLP=i$#=q{k?5R90p;Rv2_4D4a=i=y{DNg; z5Qzw&z~>|E&Q31&Tw^4FgH`!6YOFPiiC?)EbmEgvKNV zYm}NW^SF!TNhM!C&P3ukFmbrc&)?GTdfFK0n9sX`T5T;SD0p-DQrTvC-IzytILe0B}=(#Z96?FKRQP`f(Uj+cbDH!yz6N-kE&F-p^jj^ zlRGlY++)4oj_8jww@{qj%iI9CD|GDnp+VIVvMHqPEqF`WoPq&3F_e15WVTx4yO znTF?6<%HgyBClJifKsQ?T#@)T`TeP9&XgurY2A+|!B+Et9TlNGT0N^|$Z0j)PH$R1 z%CGZl?0VtFpK@lcjqQj3_NM=7#XABEo2J=82v?gg22Iv-=8Be|J9+L0LMg~2X3;~q=XYbA&d+`dY+6WgB*-ht98IZ z5VAAVvEMmUK(;gwkEZrh(d?4rTEdtYpiO_SNKlUDH5wIg-Zn|RS{$uIiCMrb#}FKFk`FoeQnrL;SdhP(PPekS_p?W)CQ zGK6!Eut^9E9NPpl1B!E7?q}yJtw9hYbi8WP6`6A7(&RRrl{_?4^|?C`cRY7(yg%t^ z2B^%o0cm=*tJyzZ@ZEUGVzt^f=4&Ik9M&$rviyi;>*a`qwk#gjQp z&EqIrOU#zE+?r{=IL;9Kq3_~)O`IrVs#ftOs@cThl~c#?ZmD0)ET+46Fs%!tjp7&4 zT8+HNI^AMr93jB~NXU1C~W=1=IGSvY~sUNh`ZVNFH4@;OZU(rTHXta{d+};<%(^uA#MZofc z`yd?T&B#QvFj(Yaoa4r7$rH8fiJ~+!93!xF<`nC|!6$CTX? z1JXK^fS6!?7WQriL>VgGLU;0D;9Hw$On3yuq|_)WU;VcJl&P8V0z7B2l`8cH=|mt0 z7HFd8w~(#0guQvgW%qEPfUSd|6YPi++c;2M3tZiwS3T?#JEARObU_hR_gY^Exn+Xb zj2z>`3M6~!U{rX6H+76>*@oocR)78kWI%ppiM7Vl3AC2w_9PCDzBdc|8rdo>XkPzuo^s_Z7oIWrRW&mZbry$h{+o1rN@sM#|7DC8I`z$|Pxv)1> z;UeE7v|#yAVI$(Ai+>*Rgsf}<(G~f@Pr5@yq<39jj-qP|HQ~33o0ES7FsNY>FakOu zkLcj$BvcE$;ktj5^@wg)G$)-fN(tpNRgCf7qa3l?BV`J104mMkand`?Ok3e}|KW0T za)5DT+1m|aVq4C{4-MZ(gIDSR4ztFRMUza9ScG08OhpGI=y&%LeHL*9*XUB+PW|y8NET*Eq@234k1vW-5U%U ziMS06Sw2BLtt#|804-+#pz@iB69sZmT(&&jmNTHjnX#V71FgBE9mZSr-Pt1+u?Hx* zEorSJ+fs^)pZDc6#s5NBZpUJ#humW36Tu>=duOUQy!G5)@uIrhf= zg{u%lzDo8C_Ye-BUvgQpsA1!eQyOQqgpU*$4%adBKS5COLd+K!iR-~*lBJmUXMK^t+L?}?ee~BlT7CX!4>DdxVyi7B1 z`ejKN#Q4xJ@4#cbLm-_wI`#m_EEfWr#cU({0lHF5yCiBCuIgm5xOu6&-fz(rXtPUc z4)^is4mjAL!8UqRvWv={H)^awjDJ5spTAIGTq$X+Qq%vMQsLF5frnvxa}$Wfp4l3` zux)&md~x51r%(T2{G!2hTNyjaX>~HsX7RE5`_!0t<&5^pI$3a81K<6_`MyifJ!j~~ zZDFX3n$q+NXM6htadKCDaNKGCL-&f+j?VYHJ5r%(N7cR2O$)&5?$^jk5Ae}}9>C^7 z8ciApl}Z$+BCq!-p7#scKKO=3HSYASAJ-5fQ|CP`pJ2NVI-gp^_z!^63Di*kBFG`M z866;SeA4?GV1E&p4kB;Pa)eaz;gvQ4heUDHJ9Xv5Qc_+6m4#_1+eDSH9pWvuZDuzS z`L)TH1Rm>QIy|KOa)wC@-O*?g3V^@)%i(`UBI7yjYwS))Sn6iT=VU@*ikfHAgxD#W z3{5V$C=?Ojr}Z{mIsNzf=V$MZ_Z8Q(GA>?(0Udkt6JPYtw@fP7cybg5*&JJOhf?GE6kahc$fnvhk{#FBu`>T@>5P@$iGjrQ`@yize+ zsM))t%W%E)_1_=|G2ev*<51(7)4To)4Pb~91Axsx+VOSo66Mu&bOeq#=+aHuPMEy} zB*+U-5j|ZTp?8c~QYZ=iOfGrEWOeoN0ea;4H%wP9j$nA`bXiw%_Dl(n4Xmp`_;#%T zV$WrsT(Yqm@P>T!6>0ZRZI-~N@Gjvh#eEHB)1NXS!U)_BAlA)pO|(4|yVZxNKpY0^j{0P3kEkipHnV14V{PO? z5wn|C5V=I#;}l8dI-x#%Sju`|mcGPV>)YC(pGzJ-F6*DULE|K};0ERC*p0DHIkmgQ zqU+-2@h)4Jt|CbebguxrxK%e(Zy@cmoGsj^^BPv?$G`0> zIiHfFvon`T+{EeFcT~J@M<8CmQf`KsBVT^Y@+aJec#S98%(SY9zn+oWz2;Bx=rpL# z{cVd*J%sF=U-id9A=O8C)5k{SK!W%KLKRzyPG(}wubLtya)3{+!ZK`sdt@^ zUai&fn>S&u9#hNpM9eK0qbzE7=18^=QF;c|DGV6#Oe{Z(G)ZzC#-$_(@2FUS;>7vH zgbl25B?5p_#gMj#r4qHP$Wtluls@4vy_#5IIK68!iT!+`JV7dl};NaKeQB7e_ zFOkNUID_p7unrz3Lm_Grg&!73Dbe{(@tm+;*PFpJ@YD9G8a?qYil@o=b&#F@Bj)xl zb>N`VID>|l4%v9?^Y($?}?0hqq;&5W{4Rl}eFynn_iO;zV-UijtyhA<)tUWVd4B{ z3?TL+F<_z_Y0_vjj0;?_|MRk^o70mWo2<-Om`O%+e~3Wk4nO}_Vd{@l%^=pxzxre_ z&IRe`0Rt(p7u=iSoUxHGu3(J74uH2VbCau1!a)qXIS3f91Ig-S^Zs$%_WOrt`Z_Qh zTPw$chNzJmtMlx!Nge8U?h_Ec0r0!fLC^Q)m(N-v+bS-u?;-dSBSD(%{?SAGY0!Wc zpYP5hBnAv31_bvCS%pbFW9*j*XstGB=aSJ*;W^G6;s6-=iN7Wj1Y>7-X^VV#>2odV z{%rX+A&wg zXS|=s&dudLitAf`RC>2wF{2RIP1@(d_PT@gNFdUXw%(|0DAZKkHC7Lmu*PLhCx6Xj zcV@D^)rki;H)^raVNGXUzo~llzJGxA>SV6@6HS;covRC zJGt=XMq83#VGUt0F;T!_-O6Dw4U;C50Q`kxL0U(sgCT;{y8T(K`pMOq!X3o9tul5> zzSw>LE(gwpHAEH1&_h+4B?}oeCF{zIl{G|9Nr(^%V%%VG0%zuo%*F*1YRb5A_25vu z_1c7&b_Pdy5CT-V?(fb04JR>lGm=)q;FE<(u=VRQd^_ZT;GvMnR2ZY@qx(+27r-6# zvypJWnbJ{05_ajdr|@HaXIy0;M*oBxP>JUw)@m=MP3OXKW{_F|X?#d05K z^fWQ~Ed@Q|HJ1z^E5{)DGCh>u`j>a6ymOh^xxkn)?3r9o6Q+vc@b>3rsK|V*;>{-o z^^EE3Cvd&sPj2amZ`h=LFx6inm|R*Pno@!TqO+d^au#5|ru|M4`;XXxAQLGu4oxN@Ca;Yv3`ntu|5enLL@|?PEk=5 zi=T!MK{0Jn?xz1pIMl#5aKGHtICn7)YPM!V5IE3@?5%gnAJ%)y`vd~Fxe}DWymn*z zgv7`C`S}pP;GaT1&@aHF(nAjc>={+6?xRvM>o(GMZbgILv{Nb}e)P@k&bQlkd{}WZ%lWuF zpof#61{ejShnf*q z^k9eIX>CruF|#^q_Z;GKzfi(fOQN#h>aj|jG1I0q@+WT<8i-S%-VmZF-0_r8Q|kNH zMHj{5ejH}iY<_|w61o4>lF^HFJRprPwoJ`Sr)o z(StjzSxO)o*wdeugG-#LUh_(vBi}%L$|QnNuQuurh|p*Ms4jM)kCaoI2j~!5n@Kgi z3bxuVo#4tK@Lv)?rTaYGhD$4z8D_z1QLr+TW<_9U4*(N==m7{!rg*5VZ4jtHCl+j# z5@))L3Cq`5Ke|QkFH`5)T7BJ}Nl}_I-#zQ7n@tg567spC;kA$3sI^ItXoCZ{w7uK4OJ-3Zra87Q>!Y*2I8r@5^hgHk&?+ZlRs(=FZHe^w9!b4 z#jM@BUr>y&$&;-?H8`(8= zd)~9cS*;}boyAaPuHpv!`grbLJve25mSNC}rtfsg-t>@}^xtl43(@3{{)Jk3obnZy zw7CzAH07QNjdaYNwOBbTP8TUI;iU5q12J|&g34iuI#l-Aus;CwYnSlZ>YIWQJXqId zmw*n5r$sjRHLsRyKc>L-9tQRnRHCm6B~Ar9PbRXc!rfd={{GBbLV5P}tA}O@75o!< zk6dsfg64ek5a1N4`97M$M1$p7f0s?j056%f6C(MaWrGlZZVc+a9lRJGbT|4!9U$+( zL#2vzF}oCLj91=ht4diCZ$|lGPU>aNwU)Q8sqw2!Zl6Pv%O+00%(1&z+5YPVPOEiu z@8!zI+``?t-PY{fvw>*CxG+L~e6hF#tP91Aq;ZxwPOcab0l@r8MR;~Bimu2liaw1` zp0j+x*5?uw62d{Ui?&nT83P4c<}H8E_EyFCso60>sycZnN2<+U>cHGpX|?+Vc=%Xps}bIqHxR-?bDWh-EyFnag<0kH0RZvdbg?HG8!` zhLixJJ2Hx*pQ@gEC)ssx%HMIt`&?%*mSIskt@~qP4hgd6*hY5`Q0uC7;oaH`=&o{< zP+v9?w22iK%M7?AFK^pG3Z2)#nUN~IGMT3OPwaJP8wV6O&SJwsEmFD>Hy0u?6iz92 zYCwjD45^XpH0Pz;EK>T{+5sSInPS;+;z(jRX2T(IvR0rHK0v$7cqL`ct=5%evIRL$ z0O}!FfM@%7WTccHz>8q^Mkn}85A1jMgXjbNwMPicV5^lJj&7VTmXYMlRDoT!Fi83k z)q5vX{fk+R$Hx{wr*kCJ{LL0QO5Y#)*)^5lrjEYb+=L-$wB0q1!l9Be!{r`AIYE>f zn6iMf55kmPX#pqwSwH8+66^mtue?rp^%51q&m^TNNet`rCsRBppXQ373@+?BD$aNN z2?c@=2D3i?g6Zd;?Q?~sv!`b}UDf2-rwXDuZwsd0gvtl-=h`nBkMY7Qgw2Qzqd{ry z&y7=)sb*hOU%3Nz67wwExsJpbvy1CCN=aSaPMtNrj^(=n$ZG9I={3yTM!owsFD`B6 zO5Q=@9SK0IzGxu}tZ}99udB3=hd3kHr z=<}cF^%Givd-YCuB(3ZVX)(GV5$>d0wT41!)*gZ!TWr73(6EFJ10NFPGE4NzcTE5k@L^_1!c?iIZxph+@deXM2xOXDHcqe$El-`2^TX&cz@Z%=8V?P@~@qPCD zVD7BdoUyzFaoe$7@HZt5 zO`kYH+t2R9D#anJ0njUe;cpeUw(;4Wdq0HHAYV#jg5Zhxnr__3XLq#Byx%>eZi_x@d_8Ki()GVoVatB;^-Ai!5`Uhzx*q z{;3@tB{zWU&(&}zIs#NSWTsl*798VQf-F7G@&+YAmAMZl2ijwwM|89(*F@Rqnhtvh zIKUJ;cH_^SXT|uhQkr&5LGd-ppX8i~aC%mIxJ+Nqy67KPCvbvJJ(M#!vy^siSbpd_ zV3clfHFdx_$OAS^wtoD6WeRu3HiWE;&qEfYy8@t07`bz3x3)SIg7v^<&HR6{J>#I` z^Nv#1d+OGJ3(Fh*lI9+$%B)gs;Q+UdU;P#JPoiaxQenoRs2PE?1+OztH~JUuzp}N$eaAj zqFV~erw=p4t%f+vq|-i3)($55?4BWl4F{udl$m)zCtL3i^|>*C)dVhv7F6+n$?9Wc z?ayjJe6%vyFX)xe?+z*JVyyTWFnEliFAfJO|HN2D4T?zc)sf(FmlSpdwD0#H9y0H3)Tc_{~oROAa-rPH&bl*SlW0bj)XV_zBsDJ+TiP^J8LSMeB`su6*7=gUFf@Sw=23=1hq)a z)#~@4n{{Pc=P^pTjEpzZLU$2EYA3hj$QN+3WLeR`vD+E+!}?TY&s!aKt!#y2F%rnh zVQ7-Ibdzw?%DD$xGok1NC42>%htU9LKx_srnG%(7qEiFLU9S4*mmaYfb#gJBRupbdYh(My6t0 zvrGaq1pbqB{G0hI4QGj-5gZo|aC2ticw^b(beTCs^+m{i$47T;Sh7whgX$D;eE0y% zV1jh~=u7(8biVX1*2`Mv5y~J}+I@k?$IVYAHuc(rE_ZXRC&@*>CH2GQ;hViv0ZNqf zqiNLwJ)F4nHm^Q=y)Ahs8lDAZ<#!aFxx}nuD=7yxnZVC0kvWtqFhZ(*8*~ru-A80P zIVYH(eD?v)m_@`Wb6XV{vuuF>R(>)dg?Q!X5_RCff{KyqO^?`0mKmBJ;#0}7Grd*XY}u8OMvUF2kw_50??>VH=6(;!R~>^D zrR}TjT6QgV;ATboF5R4LV5J#~2#zyD@xWl+d9CPiAL%Q`3DV1(@tf_CMkUJ!!uscl zs=s0|>odxaK%85LiRWHrJy5Kib4~SdSQo~11aDako|p15G@kQHxb41gmK4vi`7b+4 z=k8uh6OQg#mhme9j-3B1XI_fMi$(+mO6YGhHR9@<<8aT*u!ZYVI0f}@*gBMGYJJui zC12H)Y*qi#ujr-&xXu7UJg(!B59OxfmVmHBVHARjh-<$X+$ly*TpwMS#&X z!pI7bxOe*MbtfTx_Q(==@6`}P?u@YI%>4A2Cdbts`EE#&ml^d@ zbs7TxW=7WrEjbd$tU0JsOQ&LHak9jlo!M|rc2o|{Dy@P(HpL(naCCUKgHAow1*Vi^0gLLU@bL68amg?vA9kz$A(8 z5_$`wR!3|L6TZw=$a+j`8;Y6snhB8M2@|(AH;TyD;sC}z?l=R+Nnce0dKrx>PnL=) zugIVPjx?19mg5|Z`YAy7w^4GUf@v8HC;VCOaCU>O*%H5n2C4x>wo=~u3ti!&xemYD z=uHV~_afdYrk#)K(Qq2Cu+Xx$LhPCCrV`?&y{w7?Ns3A;6dkdItl|Pm2LQSli;~#X z0yCTT#C~qpqLTn7QYB`u;f<~CM|D@y!dZ?pRfq4r610K7?udTi3+Ki0^3=z^euv+Y zS+d91-elZqCTVPU;$~eePde(}z`b6CH9B<1fLSpa2VKy=2_sefQd&ud8rnRa9C5XR zD~W79^^+nTVGe*2^;7iKFH&62BUc45hAl7@WBf*=(fpgM2?+Onl%k0GQ%RZ61F$ac zzPV~*#v54=bZLCGqG`fIahqSj!Pz9;=je|u@Ar3*&Hf>N=)N>G+b|0~ScjnE$S$&B z@(sHiSYYsO1!?Ime0_lq>KsDYYL^q{7^-u#Z3XcUM*{p)_sxK$VwI1H*U^g+YUPVz z5#6Dta*pK+u=+7~W?UOu!B6C|Cbf=KGaL6R!)e}yZvfqVoCFtq{h;kT*jRbHMyK(b zV6Cenq&wi|;c#glj&^%iI@0J$H(tWJT;{^jQ2=(V4psyN>%{8xW|45ibv-0^6DkP$ zVA#|51iVT3?v$;$2pT>yZ%(buNysHT)?0mS;x##x=Q9-L3xHWTJ+&nqj|Oxf<#US# z;WO5UWmoG+QqW>PXWu)1ogwfUl+*tXMA(Ja0+U1n!@L|<*n?!>f-zy0(#&{LEFhZD z;C32_97Fl*g@bf>h1;99|?!XYa4|=R8#7K1G?ul&0ufNl8Fa#t~s0;Ba zk#THBtXkVuvFWiV#Gc2nYhy#IZLpDw`3?H*D!})4)_k5WGMINfR$inRGQlxj#ICk# zd{DhQLT^XDb(UPN|J3H}QPL1T0#Gk8a>FD$kw~D8x2Rz?5J2RCf9j~I1bF*%hAfxJ zm(<&3cijH48ccHX);(~FE8)?{Z)%0SJ_T8TJ$7ozWK;T)7vS}0pP}U{(q^!n5eort zX2dGWFO|Prc2ZgUGlMD1P61bPFNfi0fF)Y(zzwd>GV8rbHx3McvP2`(LIa~-iY%wD zZu;wg{mXY|F#tzcua^ihYN6Zu19%!1-+k+4IZadahDM! z6(eQ)C>L2)R{7isr=sN1&i&(oyiAfnjQqn9VU3?u==#l1!z}*bO0n|0Hf+xw9FYdn z!=Tovzm6YryZ}lkD|hb>r{nG(l_TuOx555;!d5jZ_6O~W<`;TSP&Rv=m4K{A{4F5? zEw#k$ibTLIotji+rL?jLk5j&iS~9UwxnDtUKXBw5RadYV5~u4L>SuRAg%Vw~%%Qg# zT5s0adwR+|d0YJqkOVISafLpAs7WwnbUIqTxB;;(NIed4oL_Huq1Lwl!VTxw`kty^ z!J^X@JSG(bF%htl!Df(K`4Z}?#ZEq_t}ucAOKJ1?Tc_@=;G$~E z9ibR4CX?DDbI+L7fe;B!+1kDIl-k+F4dep?_s92QO&?pq$2_yhpbwK|g~&=Dz;uJE z0Cn}Xlw-1j^k*OQ#4u2}Y~c#$L5+YRC&~AWT~?y}6+=Xgr~l7`wmQ<}-d@xE<3ZC% zaTFr9Clj9HC!xMhie455#5pW;)7I5It`ZfF4(3g|)@=HSzCLMMz0NpXnoNSpOpMm? z;8Fm}1_%(721;xI&KxuxN{t8N17){!&OHu5b2Tl?#^qMUiRShs;%}GP&z@I?WPc~dRqYFXt;PSUEKwpzF#6h) zwFc%RC8M>f=}V(u@ngKBDc=(!FKUF~NK|0>I@3YxNo+2vHzqQ#mS@Yrk(z4u73BuAZKCMG8z`?CoS>RRVoK(MJT**U2@J08vcp*3huTUlQOfF@)8*SK6WvfSLZU&B3~=tF!aeZKcGH?#t3130?0A+2q^OJxyimHVUEie1F) zZ}EZ&zN9zvJVmEc&1}O+1o+h|+m-^;TaLPpY9#HViPDN2Xoy3=JK;Bm7YCmdfnlzu z9_DJK_1CR-8=fB{0r5%2+NRV z7;BLW^>V}Z#?OMMzD)DhU#EMfc@Li61n{!BhB7K9buLs&?zqQLOD$Z_la#~Vk{4gS zNGXIIwVsf8pJ7t$j1@MfjdQdrHY4K(Szb)BP z5i?7tX`pG%!P-caaqK2R@&dC9y{;M+sK64hTx)5WLlRahEr5{8t3f%F@V;&w4E^K= zgDElA5J~QDesv`sigIqqiHw1y0?=ioR6HsVtbWIAM&(r62uhT_<(}dt-Sol`3w-BY zxGzZX(dgd8tAoCeF7yY#G@j?vJyt7dA7EXN^8a!py7fwWxuZMUbzBS>1IzLo;_o?MLLtwJLu=Pd^)8+P_FE=%-l=Vn{BrF3i(@u;Zy^qTfF zE||VE(x%Q0#+9Pks=^Rd!Zf~0x^$OO0Gut$G3a>cNML05bG>z|T2<^KcD85DIBcnG zb0w-;Q=KYyQ>n2ye1G9~CEkAMz5m?XQX3l09~Ss9&P<$cJ(2xZABd-3OfJR3cmtW# zl|~K#cf_N}RsxQpHHRdd7*7$jg>?|aY_ATM;#m3Z=Hg87><%utsJO~4<+f=zeW6_s z&9`|4aPl^zqiYP3&)pq#21Npw6eW?9u;LW=C6ls^rYu0?^lEJT_v81oo%GklDXU50 ztrUe-fLl4Tuirs087oi1YH^}^atGegktraE@Ze?1a6WQpcjHDE++T*M6}@Y+#$?Qm za4hx~d&I9<&{lo4?AtQpI5f?Z0%?AB4dB8xw<3yQtrCp(01~Eg64~zeNBgQS{P=7(pk@J0Bq4 zg>s!V70+Y}=W!stO*r9(J|omWahc=`rrY+v)AhD;A<})FtmqX^AyWM{28@8{yf6nL zc(>XooNo_eS}g=s!KH1M+aKR|yXWgqlQR`4BL@e;H5}UD&2|J#XW}yVG}R`Ar@w{S z`Gt5J9GxV)dvu*J*AzgpIHBdlBWoX6d`FDWb<~hHtqLdlpD{@d!AkSq|0I=uzDQc* z%nvhky-d%rB*ZFOn(~)jdhF#6Md+%m&OQQfKS=ZquL8F_dT1G{Kj>afyKl9jf}*pz zxLLTUsr>e^R@0g0GZ4xh1xC>78&;b&M#tdGAbq_xGHqnEG({xBR|(a!P-B3fUsf72+Mc(L zutK5mgQ*Z#0fI$M#Yj#y5FrJlF^Maa5m;z4D-Q;;L zj(s_WGtJw6O~XgFy4jcUEb*aCAaLSR*0oCN_Qlq&fMl5v(|NCfvvT5nKtT#-epu;e zVxP)&SDED81>T%-HQ=i3W!XdZS47`v&Spod5N6_6HL<|S)s^agIh zbvIM;0P`1{+hoyA6tG@*8`4Qi6Ga>&J{I8dD~McHYqy>C@PIEK0$Yf;q1H>yATaCy zlhTYPhjT*xoDd;TZtnU^A)y%!mMyKQfoU`>j@iZfpDsRnEH-wgaxcjHLJHLv6%+ox ze;FvJs}dQo@71Ht%@sjdh)LhF$pFDkIj)NjLnp7r^GH&I#E}UP zsp9BBj5vITIT{z^YlqXv>Zrvm4aLg*y&nhj7e?x7PTvjhcBeo4!z5{iQ!D@$tGQG; zR_o&hd#)tB^*7=9n@DQHh;>DReZp1-%niUc_{ybR@oH5V`Za3FD&B83U$KgZ>J!0+ z&RM22%5^Y+y5JLQgW30n$o}MLCONItu?=9UlV-2LG2_fzTw@R?uPv8gPT39Q-yR{Q z$eZBr1PgL<(_#w19ZoXxmGyqHasMh`LCagHDlQQ6CR~2k4^yrR7o=*Xun3t*r_)yn zx_oIs=cz&`zCeQJlV8e?$??=ovVEz5^!A>A>;EPZ120)t;p^ke1~fA*Pl502qFMAN zOt)Vy1*z-}&K}=QfH@J1RK~CU8aeER2e5rM!h^NFQf|QiW((&HPyd{^&Tot-ozkQU zZdDqdZuGZzj)JnEa=an~8HbA1ww3P{De_Hrnh!p$e6Ky&QR#PtAJ(KaqM+Uh-{hI6 z?`^N|*Dvc^aw}%@&sK8eL?k7F)E~+kOCX~qH}<4t_SdI-&8pfH=VZ%E>GP2;>1z2W z*SZiO$MGo7Osy_N7Nwi+EIj=E_KuNJP!+kJFtN?BYcstJ1^_!V*WG8bE?ee=!G6%kCi~~e`xuJZxNS+JyZ_6Y z$?kvNXPBb$fE8$K*)>iMN8J-o_(_~TIvEzhkM$}{NUr>=%gn;?h$|2OKWV)_o=2Xu zx0_<8v4f|tPzNV>nPtbD^OpRMAVS?XanJAzQ&_+X>d2!Ekw+52B15Kb?1hJ;?q8;mCVl zg#{=>SLM&vX-Ya7{GZ{@t4IHi)X!EpM{_m#Gt?Ia9?7LUs-A^a5YuW2I{wZlwZS&M zKGA*Y;l#uIpGY!T9nV$c>yTIuAhkB)l@emUYOz~Gl50+{ip=f!k?~nB)WfG)-LHS?NRN`3xRDA?kcG z!f#UZTSuhT?(_ufLceCtgTKGxu?FIx)R&{lm*W&fxFml(pfhY;tdlDI$4IwhEm(i4 z{U*v;3(aHQjY}2yzLX96T*XSiLWfS%Z~jzR4Vnu%XuNmP-#A-Cc{YGxgo(z>gPK*a z<^c(9LD5Yg10@32YC_4!mGb8`$x8C~1BEW8Q_5Gs@c>{p`#0+#wHlr|yPm;8W1$d5tq5r2`Z_NK(m} z-dtOyIObJkKQ}9a8W4FQ1$^ZnlZe=ESy(5kkr&rmk_$JwF{COlE;A9>U{vhRhh=Lg6Y2$yyXRW%NNgFCZ$zxt6h?tZ^x@)wljJ_#hL z5+cx{L8!`d&P!N|g$ohIjm5r`RM!zA+7XR3H$bJ&X%Mg4R#OcI0=ID0SGAZK#N}?2 z7Q@foa-xzy&PBUIOl&WJRs;v<_9f1*E8F@S^IM`CvT}3k^xH&LD)u}JdK@WlX?5|B z;Lo0lkY!0U{R|4I?$d=Z9bDqeL%=6tRIG-8;KEpnPyio9+&qaRQg|=3J4}pf2yoPZ z|5LXJS^ z6W;u+$~b|uo1~CgU-PGl0sJ%rD`PAkEEGxeCl9%rx*bwU;g3%xVbY+Q!Gs?5IS=q~ zIPDM!*6Jh9lf!#OGo}eFw@f}j(J)tYYHJ5H{sxS}nc4kD%vkWF7~{+zO22L=|KRv^ zi!MnhuFv7-m%32Cad|mjUovVPRXVT`)W*Pu+v}Fv@k5HARY;G>@!?%H&}{2y_yupT z)iNF+qN0xOJYUyx%^xY-Bm>)Md@3WLJ9JFHGKmFE|WMbRhvh@u!kM~J-a1F0ha2<*_2k}D9ZZc13wanCoVn@OlpbJJNl2L07BdiLK49 z1r)eXH=K5O+HpK9LJjyNz;b`iCt7-poVGYfPE`DGX@rbT=Q>;Gk9M=iUqfN-Lruze zjEtxV>eg7V`2=OAqp2f670LsbLs+cpF^?Ot-!@Bd5ndK|^Sl5}t)VQ6CV&IS1FU-z zdFrkfM0ZX+XHKxCE`uhUq>s;@II1qpE?UMNyhy9|EC+9I<;6iT>38^)HD9({{1|Ob zi>%g4@yStxf@(wQd_q*&rb*~=5-2bHGAWn2h7oJ9^@?q{b@l)s{JP$QFbOA@*WKGiw z%c)-aF5p_&mfYrtx|Ic5F_*{Z+h?c!%+)?Yz~*Pu{qi=s!msGBUoYJK%1M-7TOpyc z@cXL_?FG9zXfiv7qbQYZ7=|vwqfJX;k$OfWH{We3y_e)5%o6j_&kL7hUDmqZG#;-f zXANi1i`9#HAOO7i%6q&{lt=QESC70G!kHdefdC+FLnxD3o4DGcUJu)+$}^QxKv(=D z1~M?DQ7j^&L_9gP4clvzwoxQA9DVyAObh9RgIp>nU(P0Q^v`NZWyy*5kga`BkZ2@= zw%&(uKPYnKK&u`bcJnDL;pnjeQpJUF(Du-*Zf){(?E|SvMN{G({CPLimI2om6JPSN zb3SGIAw#SuQ=NUzD=rRxd0D!zpm89AO64rtJsC)+4CTd>hId)IEejH!w}n(V6$B=6 zX82$3-1%J6zjTHFzU0sLzeK%zC5~2+T1B!BG2h0B3c2P&o%p&-9c8k0@8Yw)4}AF_ zS%~^~!Ilrks4swREXI)y%bXH@>vE)-d@LrBtkGIjx|QVj(B&)DLFHo1n_Uw-EaqJ= zR&^gyK(JlY0_c4EO1Cv0+6Ic~ljd?%Q>aOn@v&Oolt+ygUZ^L=TH)yPqWLW%gKt)~ z8D3}K1RJkH4zWn9>+h>%>s$Qi7 zM`+9N>U!+cg2mwrYxrZ%E5vd=kN1r6%N@boHP+Uh$ym2j8zNgL&CK=MOAZzWtj8e$C8F>2f|usbu7 z0fLoO2&=;PR;C182>j+H^I*M!m*oRy&U%PcABx!d{TM>gX{2GXX&Gdf2@BJ9hHu51 zZr>kX)9|2?@Q3o=oW4#TjJEZ99?j|IZ*(1F13MMcc|GW`RJv5kz>P44Mz2=KNZ#(4I!w>qG zI`-uO{#j)=fjRD1&~)qkiTf3|Dn5$|F2ofIl7HalqqkSHa8xBTC8w|Qw(kqhoV#?0 zl5VG_(61RWR-DrjF7S^R9ZmBTP=GQOrB6svyT}pD;*mzm*x7=FjAInAF7Fd0%JYuO z>mU0`irlp7S-ES(1gVaqTNWG^AgursG)SG`5`5tw zn^;erGn(@=;H5!2;ng3@oS9VY(a{U)Kga?8<7|YrQ+AZ~7clm5Q!_YkSv14+FcX!j zlxY$ynap1$d>$g&>~7QLJ3^(4N{`Vew=k1H4=W)l;dw1*8TR1D9hM8c;PUTI83_0h z?v}(;#Y&9HbP@|N{H<`pYJ^TV+=43d>Gb?uT?r4hJwIDT^2DM)xh=23>e-sv$16Lz zy<-D~tjX#bl1VZ;mjZJe;KeFstqQ^Lm$@qV82sh?>I5HoX8!`he}Q~yk;N55iN%*a zEBbzv8pjY4-0v`~3S&l+Ut}Z-7$~#8CaeP1N2tpr1*;C~)g^gLU*xA>;%&aws$J!t z>ztUwUu#w1!lF=fIds&3(t%jZ$#LSR)JVSDGF3J=)3UiPyHDSkXGc<(jxb`y8dKgr z@n;WT<_zsUIuiDT1D}G1r*9)f(cGYZFk(T38d=xDr5m&u++*^s1g20#%f`KvM-;2)g}~^Hh#Tk0tp0G zS6_KjS^CIe~67xJA!Q)YKa-_Q{ypZEdqad}`w)MU|w*OcMJ0~Ejum3bHb zc;(`?-?9l4H@}S|IlODU-!zjB43~xLY#@guWT3fnln#`Xh6CWD(Ssx5kPBUF<5JRT z4Ax;6d%J}iXN3A%6M7QF%j3i;DPZoSZ=k}4eN4+2ocfP3>)pe)VLbjdQ)u7^Dz1X2N zZi0I@)dP~k>-Ej86*j!FqM+gEbf6s{Q%pl=Xd_1xeM`+pVf;C@4sV5C)_3? zK{BkyI;B&7R+!EF@O3vJ)oE8hBj`X=PA3Jlyo}c%4Mpf*t9b=+YUj>e*2i~Sj-tny z;=SzNgmjOJtlN#WAspM&rxw2%me2i1oTR6frU={#PZvo4_l`gT|}>i=^pn znn^;@v5y7IGpfr^aK;L2CR+JmOn{(T$H1>=gA2SxSO~T5qQ#asE%gzA(#_A&ZR6@~ zRp+#mb@es6Hsw@mzn%p^aM&rxr9l-qWiT!C2SZmij+b^7zpufCdww>jS=3%WBJQHR zl9iy)n-E}y`cy6z9?1JEn$mU#1@ilOTJ`?Y>c4TkX+zy{J_~jlS@&|&i6rhjkp{e5 zND}BV1pI#_1*j6ay~XME_9W{W#S|r$i?)dRfQhurpQb;XQa#~$6%SK@A?Mv@2c3LuB9JQ;cyU!?5MKEsjW2d1*=g_*H13*@J|6EWscVeC+d8NTno`X12b)i*^Gt$|?$}V#E{0~7WK+wMC7{E=p7fPs{OQQm&PHjxXPte+z+)5d zRM&nkv&EUYfipA@(f4kJ2{c2fSQ%a8fvK#WhS4BG5Hv{LF8-G+1G96(LY{im!XLmT zxfLLdi|cOledZPks%T7Kha~EL!o1b{wS9Qp30Di-W+dhmt0$Ka>^Qg61-O_5B0=voG z6Hm9b_rlT;O6Tc!df!*qiMSuQwL_J8P0|GMA}eF{JoDd<;hp=jCnMtL>iy$+1T9;( z&PSiam(?i&T1!NJ6rTl+2(%mc%V$fREEeax&Yw6HSI;l|qJH<+*eKVhcPcaOs4h}M z6ZZ>>qO~UzGLUO52@AKUX0)wgtx6((ZQ*1~?2MeWdiE*?6*inUR|~?378_{3ag_YE zc=xL)ovrp5o|xGrbSjC@0{ei0zOUrr8tAE%w?~wKAJp2+~0ksx|mZM5g0k`sE+DH0{5i}JW{JpZcY`QDPhcMN5IGXpmO zHKL2LxYHs!w`Jv=KO0DgYO`={Qo0Om5aBl9zVo+WhS;kzW z2v(u=D8^GN4p>56d`m|a&_6_YBequ&{vj{%+^oe@+MLB-HJ1q>IBlU+%B*Al{r>M+4FhTcW%4E)&3FBmkz85kkI{o^d}TmXo%0=%8Wcgm*a%Ztlz3|8=ogg5+u2)%AzG4n3gIA??IcDh z%!W;ak7Vx-!7=>M&Gi(xf-_}ooV?}STaIFH zx74W3U(MTPOcKTRu^jk3ugG(K4|8jqb-rl|2(dGP$MK1s#V_Y%f(4_-oFfhpOih6WF?iZWEX(;{GZ{Qt;2Q2N^yKIx- zjN|73&PL#S{{_Ze1l1t`n(9Fy7^7M?((&$QYrh5B0MMKwnkNg=zNZS%`se6n;A)`U z&~=X{M~<%G3&tp*gV@QcZeRwH0@f*KDgd2^+h~4iccKLz|ouU|H4xMP!6kfGPCzC zJG(awOj6Mn>8}WfS}73RpiL^8z_B}zV0vmjV!f>SwElT-p;aww?HE{WdwqUbY4BNY@<7n-MX!j}YT&V_r5|f7y%W;4V`>mVi7y$`Ys1OeSEe*7|V!{i+ z;?likPLwcZGKDwHA=D4Zxb;gyOsHR;ev|rBmLK8NIrc?Sysv)(IhZR@4y%G7!SV3_ zf2)qXpAa0+#Phbw#53>+4mRhhsUcLDi5?)vE(j^5wl;m*nnv`n(DlahfNTM5X(bDi z)={sq#`vW5{xfNOBZ^MV@YCEe6!$pt_1uWXxMRy2SsM`40JHY14pKX2G>G0W>0shl zEDK|#Z)&YZ5Trdra4wU4hSp?M!mz(GadA2bm2J^~ilsuSNXERa7{)%pO=U!+HONGG z%Aviq88?l;@ z-RRO}%qYx??VsG?wOh}X>xA{AKD*@kM}Q9}XJkNHF`tYW4xT66p^?lv}T_?fQGj;VBO{9&_&cen-nv zPk>7u9BFEr9VC*2w^63a2zsA66mdex-yUj?@qzAR!VL_Sp(wSheKw#;loW8U#w?XRk%Ht{d^OK{hAj`=d#7T)#^lE@jh(qtS9 zNckJ!-$tJ6xxsy)E3(~G-p06XF*O4`SQyyaYyk*SB*VJ%Ox^b_c{v~AYoApITT63F zEo9z^&@OP_Y_|%f{cnBHP5e*7(@|)~s&Anbj$O6tlyOJ`%k+irjUs3kYQIgRz8pe3 z>y&X+CrK}ZD)b{wks7O3D?-|yIyi7(;ukOS_?mVa#dq9vASCiKuc7k_TyQ=RBU1T7 zLjZQxP`=_g7LlV_kn9?cn`GCNy`Lt-cbNEg&+9i}WwRlJmu% z$+HVahKQ{l+FaY^MmH(7mE{<^5eAoLw^Sau{IF$PZYOP(Y*|+W{omSW$MU_z*Syew{gFJq|N)i;jY|mpZeu=qbg0SG0=qVTu|ETa7 zAlL=h4Ig|d-@L~9IQ*g@tf1Ts9@9vRCj0}!s8O3>f9tV#b4FdHb+AvT!~p{^20AW( zocL9PKo!t8f9erDXrc1G(FQKU-7~o3@jY_evn@QSm=~0{MkR#ovlS<(FL4mk~jL zMT7OAfG=qlF4+%`8K&HMb9qDcxRU@_pqfdfC!Z-L+qeRpkzYXjYf^#}&-U0uB;Z_M zZ6*<%6~>{^Ei6cI85&bn-f_No;h*WHu5}f*!AWhKC~_B}{R&8vNewYlORIne|0xXv7JutuW&s+!SDABd60MyupDl%x;)R1Un3` zar|9)6%4WhwU_xnI)wj~A^cpPC5K3xBaZ=EAB$#;4>9^E5=~-aFfK~14R4ZHuOu;^y}gWU|iWk8#!+0gA5<4{l2} z<>6g(%>w9FY7>1bk`=CzpL&lynkhRZoI;&ANJE=*mA(Crj2Yw-8L&axa=m7z}5UjxaBB$ z`QoScV}C1o5%B!I6hZ&cIcV-bq2G4o?viSu-7EIf8J+X$d#g~tn%?*SsC86{;s@f$ z$vTtCO_Ph5J>|FyuhZ{@LMq5gO(4zcbF``|!Ig3pYII}EmGo*$aw^|jqF_M7T*rLd zIF~f}!mv95Z+B@$W`#ScY74jp6H37^7LQg>Tp$-<)FDES%0Kok3r?8?cZ?02y|lw$ z{V^Lj2)OkGp){(@>ZqLU2PWgZU97zmy@e!a-Z`K1bdBZNZvwLg;PQ9O*rj^L2?N3` zD}>7z_dwM);-q0x98Os*9SNXy8m%n7;c*%}(ado8z;w0h`($z%cE_M|J7_9W#v zi9V{7qr5Ohl?x}9YyxIVQ*$(9k$UL1xTOHf7s7)-<7=GLySlsrac2*V zIT06W&3`tptKM-6g;D%^pZqsrYhbuqCi&%c(?7ltR>6fR^%f)YUp$E;AP?7$%EbAn z`MvSTjtVysb}(LIU-spt`|eXYXitRLCWw!)&uKl`6AmFJ;q(#$aD_A^YfuejYM6lw zV}ukxHsHtY7?{%JrN92J=FI-_(t7g67mR3|TBm!+Q4Mj=w`b;pN`Ttplt#@uR_M8r zM9k1tQJ%P#JUgi5l-fd!hdqMI#@h@~{aMW=b1>f;t-z-7zP!mrR7oUKa=Em05vb^c ze+9m@BwS)#Lpr*`DZ~Ai1v45gkjcDg(lp(ab)zlqMdnTjren z1SKu{zcLlS;`GQnll9D!i`DiV^6yrL7ebo0kDj?R@AMA*u=H?i&Nlq*rYEqo@iR&LOSe$@u=q z+;~6Pu}7~;jbzM5wl9K+(HPcXU{@q^Z#+{x8OG5P>xf4wNUymp`r*ZuLi8NtAOPQ5 zZNdM=0;FzccsnI#ct!ZJBINzE`r{bQ1G8RZh?U%+l6#GK)7vAxfib^N2W-?2D{bED zoGC&a+o^|F{i}uD-Y$eob{QTu*_Gx_}N*1?Q z8mgpF?UnX}E5`b@3FfU$8nnYZck!%B-22wGZ{Ol~dSAsa#;a*O!47oQ8;gYWx0u`r z5%>_$#ZD7PMmnb2d~>T0Ti@A&c2wQycFZCA>S9ePJag=R+XFo12T=!{0Q%FZ$5*fr)e@#1Ga9)FS>yhOVkY1oB;-l% zD_HJ}J?t`aSR7*Qg$fqiN=->F#_XjMp$_bC`5^T5c>Ghke-2#3dk18eew_^G$4hmBd;9Chha*O_^GDPop? z6=8E{YY}x!YeNxzJ{k(4^G6JtlKGV<*THK;$la@wPOX&o-1b({AoKR0)) z0uL;Ar;jo-t1q?qDiX$NoQQ9<(UaPN0+)6h`tDfH75xFy!pnj4F9DN=@3)!kbDE1% zhPs}TSNNJ&At6DM7~N@8fZb%!$s|ap?{)OZ+*#t>@f*Y-sbvJyPLRm|e9d=B?b$C& z!F3pGWyopubV-2)#_3M8_4;Ezcb{LNP$7w04^@1K2~@tO|4oITb!0Gb07eQJ zT;N>b$o&da$fvZ-rHm|w)QJ~Qn0JC*2Pik2_bz)_``Kq7u=mH(67~cQ`pe14vQYO6 zr_vk&kfwms-Hb3boTC*ierw^{~T*o0|XnOx7EgTm@i|9}9dJ zE)Q7AFGEhEp6*O;12gH3=%CLULPf7~J%D1EhCf?hrK?gRF92+}aye<{S&g%< z{X9jKZ`&nOJnqX~PU|)N2+WErZGp9vZxa}?txp2#O7}Y9{u}CDkt;u)6d^30dnk$G zWFNI7=lDxHqAn7B(yOhgh-M(k*2X{%QDbP*H2$9^qmi!z_0Nvzj;GV(ZR36hP3kzY z+3_Hy{Kf}+fW_cYDnNUe_X+sBkid*8ihwrm{ADBZj-_;P`68LKugBETR)iq;VC|2o zq14NSYU7IH7t6cAC9tI7#PNUJNA z1t|@U+ln1Hp0->@O)liLf{{GW;vKbAw?l)K+t1m{-i3+9FaEH+94+X&Kq$~znG(v< zrQ#LxfGKC`#z|6>E?YZ*B@V*hE7XUcJ3TrbzSj}lY7m}`v!2hsD-bNF zTgvH6UQ<;O19yoh)jTeM*SH5rd`*;NO>SK5z;O!asC9a(3GBti2~%nQykNCj-soXh z3+vhNcl&gIy>@U&dnixHWQj{oS`Y!sSfspCb$~LK;&paPyj0YnT#+k12(Mr3U|fa5 zgmtc|ueK>2fhgLCk`-Me!Xfb9|8m+!+LANq`Z6=Dz=#JxUv$R?k(yI>Sdf`F_D8(3_lWhVLNq4$AK&H9GIe0++4*2IuK;}XL90wHJN#t%%pkJzmq*QWW6EO$RN z>iqg~I1QO9g5-Ch3|HP`RP-mh-jtBNsy*c*6Nl!h0}1SAWf7X`9$+WKFjMI^It`IA zk2T-NV$OP?RLaHEkEcyy06(v^A^TfpG19Ho&wcOjDBl}%e7 zW5=fOn4Ue+$#y_i?*JW@Hg8Zilu>Moj}uhD0*zH5Yl!~P0IO6u9h2|p9!1TK@IR(& z8bOMpD^1EYwPexNca_*|zU*QhRYz$yz-Pu00H07%h_d3^I`wU=A}`>1gJK0iEY{gY zD`RNA=8lrBvL2xN+;2$ZA#>2RQ+XIOI47@fCfQS4n?qEXWCbS0@m%ApwsQcre3=>J zwal}XE(25Z!!GVh1Vni~B)F_xW?#{WYmd_3*0DlK*Cf^@!+R=cqL(s)EtGT+pg>{v zeYy@j{PcIG_CmO1ga|UPko`(vHcc|7EgU9?qP{U>z<&H;&i2)&Y{4ka8}K6EU$3x=@D#+ z#6*AG;U2jPZt?yN8`=X@@x)Nf82%kh__a6sj~Z#VjXD?D-}o4D1}m4NI~7+Nk~yi- zt|?UthCkH8aUEw-XmdDk4jL!#W0NwHg3Q-0X5Bn$DkITi4{r|o?s%h*ruM1AB&HIre_;MAqI7qaoGo#c{5vMGdYK7nF>)Q%2rgx3 zv8Gq39|H{E$|Z-B$8W|Z3HV7ezRV!miZSZ1hpKOMd4#S0jx}l&=uPRhaZA{?C{Kg= zt+McTQdo>sx2l902zyG$S7({~11`!@UCA{yDPw{Kc+ipM5dlJi$X`e>hNYMfG~@)O zwxo5Fm>7zq7VFR@>%;;?z5R4(029XiQ3UK!h6P?lfC76Q{}NO{<(i16$W2oI7!ILD zc1J34ZjS~!K3k2n7BmpZVA%5P_hZ0E@0Oohl>NJKsw_?#fg+AEtF7nS1&Kjgkni5x zoE)Gea+=WNAnX!j#>NTtZMd1XF+}ph;XrE}*;$tnfGF=j{%~?U(S6Ewwl|G2zb1fBL(L!EDatoqI)x27Uu!ChU{{eUQ?4Tf zm@N7c*7(r?CQJLl4HGQM-laxSo|=V!3l!vppjyF|rg{pvK#6naPGbUGRoF#^cxWJZ zhNgWHRhRX7$>5Tekpye93j~1I)j)rZUUqLvU5blh?Ky4<=o1RPxFP~LdM>M(FW{zg za7}c~TImY?=;QuAwg zsZ0YtiV{AIRF4TGhvEx>CC(0&iD4@e<~gpQhSf;4o;Z&6SM-FX)A7y39(MxCg=6Hn z$3GzMHJ9uL0&(|WAZ{&IVADHugsUtEFkUq>4}@rX)NynH;g&x=7N6+SKHneB`IL%}Y6 z4&s8ht2Tk?g2nqAR35ykccy!jcnVT9`YQ_(SrbMRr$KQP@d`RL zADdQ~rImkYN08#UDa!WbDGT7)F+i+BT>=D+JyjL5rQ+8irLJ8|w+0K0r%E6o>utPj z>*7kxbDoX(s5ugQm6anOhUUFM0o-0?e@tlqx}xodf26gz?WV~TgW_si_r%6yx<$S^ zl+w{R#4Dv#NvArDFAVv8YlNg9&M1Z%70xI?;n`n8i=#$_l-u4{wgN5SvZle2({ zT;XeeZa^3orJX*JGHN~Sn5Wuqn(s3ECsImZZH~P9h`jv@ND&-Y+ZbP)PPCvpmS>Jx zb5^ZLT!-E_*vZoQiWT|tOxd3Bd9=~TCK^gP7TsUWbN&Ee8{q=Ul zWm9%1Xa8M)o|2f8IDsDXS_(O$DzTS?GC~#u=&h2lUtGntq;%)sDhc+~LPc7X%peO% z+AzQKs{1*>E!7IiF|QGegYXgah}b~9tWVLtGfbz5+{6q` zVkB%z%N}Nu?n#+zup_7EqLr#YgCA#F$tftwX_U2|B4PZRWn9V|waDq^yCTH-rrWTg z>837LG6MA?Z-W`{+Na?uCb4YK;VHF-6kfi-eK=Kn?H3m%6nm_TD=$ee(hncK)(ZT+nwCaaJwwnhnfbNHtkz-ySyj2~EgvYtk7>$b0f z+$#UhUv)Z@x?dx-*-{NmrR=?ZL)ZS32iYgt-V%k~@uj@89N%V*a@1ZIOEOl%GW7(B zC^Cxq;urLdE+1rhQWN?ADx!q=i-O|T<)}T~LBn!BJM3`u;-CF)W`6$}~I9u^s6T?M?==QWzZep zevd5gM;*elTCZw$`m9Mek41!~Z<9&P`~8FDg5L?8k=i7pb!Q$XVy)?&5$U~dz5H5v z0TysS=h1sWg?5h&?jPlg>_$Y(P03qBNaf+NyoCF}4B%4R#m7SMZb^}ow6jUGC|Y@- z{<2NbIIDk@65ce z>r9g2b$x#%1N9>s2xdxSqu_G)=^K}V%Qn;lK@NL+-d`J;%jOAjJ zF{;xLH_L3?zto%x6FkMhX8%2-+(rIgkzKmI9_O4Mu_sv%JzcPFr3|~8+r}IV5N}(p z3+=_<^NvrS@xidylPJk!`7_K6kM^f--a{4(&ftj@y*obnd#qCzv<Tm+li(07h2+?fQF!W*3?R^#zt zBFs~^{NG>A5%Wt6bSof@Q)+X40UF=RNBdhuEcv!+XE~s;8cyZOCHnWF1iwGJBk@a& z69N5&mqeioV&lD)ZaX7ng?B?N8*=sw4JDsVIuSD_+VR&eJ+dr=GMQT&0j{GR_`h$o zva-fAiTb4|3J&~6Hk3_h5%8VR5U5i^#B0&tm^C@*8u@2$fDqY+L6q2?!|1Faz0Ic-j!>k2SP?9rS(526~r0pda-fq8p^?Eq*j#%k)- zpT&b+S7RTZfY+VH3RcIjiuMI&O$jK}RD2nuH;~Q;_rh$o1-1!e(BMDY$K89^7L(*R z4hJ^84VjkvtgM6O`*51Nm*>(eV37K><*Kg9o^A5S52;dX6l>XvPe-#yT%><*JZn;CB zH%er>PZn?{t@O7En$zzwn^Qjs9q;ey-wkGnKxF{T7i2=7L{F&cTBGJdj5HH11N=_T zbUrBtJ{@-Bs-Na93xNd%-`DS5n5~*e-+?!C)VLzSN^u|}aDz|#xz2fkpE-Mnm1usJ zU%x220rbVYRW;`cmqh%{aMeMI{Q}NaLPad3CT+%s>`4xSE%;kl_4vzhWQ6p}m>|OC zxxc7$^jkofGcOFq@1t{LPsV8k=3ivs{npCP$p`bQ*PN|%`I^V`t;bT%|8%}N zbY-HF4phM57ECk7Ri1-Ak5e`(yW#&ab&b(+aNRm~<4hW(jg7`e8{1A}+n5+l(j<-T z#;b;v)1gh&(?XiIN&7!BGjS4db|oA*%ek4GW@+l0x!E>xc>x5 z`&wG#TXcZJm#BS7x5S{f*gJjDm#lFY0frg0yCZ%919>`^e*f?u;KO|SdH>}};{(YsN{b-!n(po?7=hp}4yL`wO zF1e(>-O(R*?Y&l#0JnHzd{~~<-M+gOq{Q{d5*r~fFkPsqe`_^vAtWRUxLN^nVCR3H zZRt;OUsZjBr()NWanc_Ru#X`IlE&#SF5V8_|G2XQpUPtiu36JLP)OLYSGmgI@92MS zzAc&Mo7IQo>xU%JzL-$VOW+3sB9uw69r$!CB*+Q=g+7&n;FAu6L~sIlP%dja!3nOzMoA;XuTY(;q?$#JBb;xklAOVcN+3YEwPZ~e$` z$dGU|hcuNxHNq(QsXgq=UYLX{%vq}ji^>s&l{Ck6{m9*>T%nSw1o|jAagi}o{^BRk zTOrB|SM8k2)e4}->=#lZ1Sy284{jgc)A8bz4h!P3u>Y)FgKx2pU{V)aEgP&N*)e+k zB`qA^NPnD6LAE7-%)~I*LTj57+uuk)Wt)ZcpUCj$n!+2QORNcffF>JB48l~xO3@b+ zbR~)QJI%xW=>0%!xpE!kcp)G15|epuhH5$+06bdH)FCLau+k~sku~haikFe4sVZ+f zYd)N|_m$g=9eXrmDXI-8EOIzSz3z0R1o<&XV=Q8v(lEiL-(-RXVEc*N?nnqxsv7Gb zG_i#8>Ttw3oF;{+?+P{^QX;zoMn$3*6y3=h?4kc-C?QyFEDb!_WhQtCuqciBoew3! zAR`#*Q8g-<$lZ^H9j*_~KU=2V(dY9gW8~nC>rqffQ$E?2jC@z_UO7NREuW#zq;K$S zX=gLE425B{;Td!3Pp*S|e}%T&*YELVjB@>p+v)=q1Nqv0bc;Oe51dl6zdRLS7L>d+ zU6H;5*+%Ro8`I^cgg{J3I^+{%Q=u<&csY-u7s( zv#M;ddF+O<4}i-%e;FScN)*-UQb)z=kPb&wiETt`ex@CQ;AUs)6s0Wqy_KiI%;?jN zKpB~kIC+>HB?^Y%_j5kfZ8(OH0~4(QHb-(4!0}?&(rm|*WZ=caigW#fSG@1Y%4vfy zy0ed8lj+PBTl>;kT@+YlT8eHAIMW)*H^f@HAuWbO8HE@vek4D7)MN*MyrU#67hEHfHvO`c4 z%}hxUbN1OG-S>M3iTsapoc?NlWp>in+|3LONBew&kmQ% zDODcpMn~HPjX4`4hnsCBobH4p{-D&SY=@wNj=2}?i+;#6_U(hS8)eI8=#(_|qx}<% z>w2_HC-7z*ugLhcZ<0>?trDVHvwFQmqi=2(K;5S5w~NiSmH8(k2KtruVU$k(*OjLy zq}Q!Cpx5r}7D9L-Ym@vXzmAr+7H8?LkYtMFe%(AfeaIeRV6-N=;IC&=M0L4%c*)j< z@W7UH2Y$q7IPvqebyC9V-+K#}YpRmn*K*=RD3WM5vv{PQ3DH(zy(7uZU16?&JY%-9 zH=k>Us^3PUZ@^L}6MQD`>89AFvW()_N1?I?#y-rp?5CC4p9?svDa#3X-cIY^pMydC7QfWof9C3Gt$C{CWljk=?lByBN5-DKGc;frT>KkjfFdm zwNv@?KQWi9$zzrvFAfKZxxAym$#>-Z$?w@1%AX>G`f`+qCLj+@{q3jNBk4uvnhDCCIiR zt6hh;NSqJej$kb@-@#CvB5<--<3B4AN}0NJ=1YelzO2HaI{J1Rqq#v3zEk~eg8>`} zV!V2yx2zl_oa`qmFA8ck2ezn5cnp%F=>rlwYi_CSVs1E(B})i0D(LsKmOrf*-)ZZ? z^r6HeSk5Iy+mVf5k$B0QXlKWW2mBW~3 zB~aZ&tRah;pM-p)Ne^n_brvBgbrAw;{?bNhp76i499Y} zJqRjuVSjuXdH@KNic>C-r!N!vO*BNA4J?@e`}Zd#$p2V`un7!mq?cMmz;3)%h!kAm zGV`qgyNo*N<`3wuo$#mX)X=Ce%-?QI3KJI4aIh7!{xep>+woD4g zTPm*RMjO6^L6Dgz1w+-uF~qMeW5u(I9aOniTkl07s%!HXH^gD|B~Ln7r&c%!q7OcD zam#!x3GSwL1V|sUN4su{M`Mfn+$p3JbvT$7hKM1h(y}G7vn`t2wUWAsOwrzh?6fRXMDHnlZ}jVwVrOo^?J?4DMIrvxrtk>!a!rtJia}y%uyr<= zSR?Vf`cG)GC$_9#gqhptmW19O)56(rpD*eo=DqorwIyU#r6rqSUxQ=hchwl*nmC_N zxch7Qm|Zbt3AG%o-!^zJyqw&_N7;ej*RIUdbRFH@OyBBOJL*OE8lR107Iq1M%C~V> z&8aB^h&Cc_K2pR_d(LtrMBa$KEE4pxLfl_p&Z}Mq3!}EYkBHchp+9id9i*~gKb9JO zp#PWw)uJ$S@v1XA{0apawZ76>HbGVQ+@loT+QG{GbAdvoUl6l~2Qs?z!@64}% z2E`bh?vn$T`iPWUA_pRI3rZ@qloAWdeqLuaSdlIMv{4Zf_g`6;AMop?aV?fL1C1xkSm@n}=TtpZ} zo12@lsMyUsNXs0y>WTM!h(ok`TKAk+-KPGQUw{iXy$*RA<)MnG+5Ft|qdogvUdFe2g`sW7;M#+j3=sAtYo%aWGwRB83P82LoPBSvKr9PKEx9&gU zHRH@xp(TKBDBs-~7v98omfFl`b!DYRZ85NAP~5nW8#pyMB7R>6(7>+R*>cc4E{MYr zjcZm!<|Ui;Zh;nnUL|r`RYI$uuj6V*PT`ves%zHj|Ms7KL#fi>nsu!D9(T!zRt2;F z4pv}Rgy6_Wr^z{fZLJL-Mk|)hWzTYFpi%d2V!LK7j*fKSyBnnpXbAxz)v4w_dih|2tKKmLq6kg~5<%Bjul%syEgqi}HoWfJsXu z8GUk+2cw#C80yN{tkVzFnH*}1TFoH?!9c0S{_O<%SV2qUf5@EIn4EO1s)+@WIo}ov z`V@j#!Zf3Dx&+!FNX%deJOO*k&7rbp3$v(~?3Rljca4Yd^xK~dyiiog+*G0c`Gq0g z(H?fzrc6tx4(=v>SFy?d^P~(<&RpI8nR+H&&FwMe$ZElr{K=4k8)1WbC{|8BKAqjc zq#B3D*cYkXnCB~x3@6QI%YcbB08`xX3yGF!=sz|F0yU_I9IL+l01+7277F?l${rWM zA`?+{{z!_?O2u)glo2l;r~hO5il3OKpqjUfJT|^mnDqLqOZnxS@ERcz0@)f9znKl* z#IRip{Su;8luZuc#B(J{PBQM};U{BPO?ng;4-(dwFP6%!YdTZgEiRB-s*M=TJ^|O7 zc~_uxP41~hLAT?bn&6DSaKcbo!NQ5Xu;;bG1^16+WV2*H!8zA5Mo$ad;w?I%6lM0L5X zJWsd^9PD>o4_fz9Wn9;mQNqgcnAcV`tGUh$9WSPD=Fo`{qs}=ZyNx@;;g=qW{EZ1v z6E}}M8#F2{s?K>uh%b?bOnRbPS0yFl4Vh8jT{4CR67|5>V=s!^)sp_Fx&+r3CKR=# z&mOpsQH11KC0lLNWP{4!&ie4TW@Ra^v6F`Z1{26VbZUcfVM+7zZVB7wO$!z#7bp;ka@=SJ%Xx#%qpNOG| zkT-57+31tOfr%*qqTw0Wf@hhhgHq%;xmhtFi5St zPQLoN64GfL=Kpd# zE-#bcB?~0p{hki=7YU_zqti+*Qux3t)sttFrSPFOs)1D`@AH}14{yrBQkAJ93E(y{ zzRJoyZ)~dRnBM9_%;IY)8gzHoorZREJlw63w$H$EZ0B+RifY!b>F{F8TI?hY=6%G6)Vj@9V#%40zDyFrwR`R;lY4)54KykXNgB8D}NLE<0RJ zfAK-b!d?F_#)2HmgpO4VgvkvK6?mWvfXT&1r=);;HxR=OG^+)}ErwjPRQjQzTo39c zdR~b&{zTPmBL(;1-Z)8Ntq*ltwc>1iD72+NH=RL_4nE$!V^ zfeL=Td9bW^LRik|*HY|BO!A}>;GHK8gB(ZkOmXtZuM9FYTdf)F_F#f{uhxq>rB3qx=qsao z&eh?oIC2RHd@WfnHe+aDns`Yn*ujF5bf%mmH?Qa^p$Wpc=>$)YU%SwY$(PaL9vEjK z=O^5ZPGi(sW&tFxOln}#q85;=^^&TSZQG=jAMEkVg5wPt<4Z*uCbUT1=ei4}4TYWE z!_-VF?{9{InatEB#6)D@hYSL-TrGC{SOIYqa5R>=JKPUc#=55q{@!&ZMF_XOUI4}% zg>UJD=zfoGoucX04Iz+#kD^`ow274;;g`h*=2@lfxj{cc_%pu}_~(7yfnV?ARut=Z z&4`v*c$)^fYX1BqIQ1joQ?ccpEK52Vd+1pDiT zuA;YvYv`p40C)@u=pW|WRR+@e0OO5lG-Da|f(;=|JE zieXt$FPBB5lzSpZtZ#~0VD~)L zE!g%9EIMl?h=gN!i(BJ=wuO|AHVvi;f>I-a-(YNXqA9*6<3u8D;`}G|*}`Sg zjFC$}Xz#;8MwkLSvnXbp_%R{09Tp;BmRCbVJorDHlf145>C})85;VYs99;)a3V$4i zn;aR93aLk=YsQMKQX)bXCWMTFTW(EZ43uZ#N=T0KSmr;bwwuX5J!CZ~dw^ORSdQ=()#Gr09#&s-9F`{$I znquoSs>Zm?ksoZ=I0J2vzKv7`tGxWa&RYG>V!gJH-$yB~O{DN`#pC0E1Jg)%?hNr>7e)L5k3AwR7`*-9aP(-pvO3%J(rYkV3{M_Xl#J^ z)BFC{2PXq-F;Pzqp`ms*tiZ*I53xSX6Bb*Bxii2%Rd(Yz;gRy6R*GhWd+A-4QQ7&6 z)EcPlJl#On)n5f&KWMZydJxM{_K&`lq2dLKxhK#52!iyhDRW-IBxjto+n@WX=Iixq z3m38|ZC@gsTSMRH&jSzkrC#p+{$z9hC#$LIW8mx6i=a@0ccgX6(IkBqfJ0GXa~gLv zEQL#4yw!TXC|p6+Nk@>cSmxzNT_?xcG^H6qro~4Nok-~Cv@8gq$$ZCJEmh|lj?nqw zRCAgP)A<9Js;!x z3}qYl#;`?Q>r!Z(@w0#E^Zi7aItW4 zd|hW+iB%>K(&u7d?_*QZl|J5z>Q6@HvVpt?BEfibMAW{_Uf%H_zG zewym2q)(E?P0nNfmAnkNzPZN(-t^ z#}^>%6%U|}yH>BB%#9?zDHGmxkJ*6Z4|IN4yeTBlz&p+vd^Gg{xijaAH!Q=Ke0>Sh zZp_Ltqvru)`5lu15xFn4T1<3m`m?f+O_Ssv6@H43+J2K~9wgXV*h8xQD0=2tOoRxL zZe?Q*pbG0Fl1>DfgD?N&M3_#ZojYk#79=OaAUV+w0m%s?Yd{kaCPwA~A6zxY;z1r5 z;Oh;e8$@>DGRu~Fpf8H(IxSx`^bEO1R3}lU=J5X5)^Do05RmR4GXZ5&^E*n_+&*He?B9h>9-J|BIg2wBQcpH}<7@YS>JO!A&e9#nw-i^a>L1iaN@x6bj;&y*IZ+a(7 zq{GENs&&jl5ge!w zi0Zps-=aDZ^_S`6a{5N_RHwMvfmfMK_eWsY+-)I4y>VP<`;9#JhQxfk}j z59Bh8U;eCz`tvFbPNef|&1iW1nwDC_Ik?2ZEfPHba|}s-^O_t_Tv*QcMt_RNzU*97eI$5kzxUJ`>lZOG%ihwA z1;OK5N`g1AoNs>aGKMy_{^okA0$jDWr?vZ=VA}#mR&rCRgAZe}Lc|}d3EtTa4nCHA zigvxqGui-G{R68-N*(nJz2p_+SD?`$Sz$^p%P1r_@%pvSzqF6fc=nxp%t32xaHkJr z;Hu@~4}@Q8q5dZLMPDsOHipe_}A4 zeGbh8^V3FOzU0!dKV-mirME42Csh)5hGY3g2{vF?Y6bWLpD#_&hN~zI)CX4>X?`$& z9{S+Q!2`Y&QPvE`u-qa=(Lu zD5T0bx-`hI^}c?~y?kyxStekC_qqD#RZ8UZ&eGD1vPEaPdcG2Nzzz6(5#|zLINr9f z5Lhc+VXuMCvFr<@Y_eI14UsDAVxdg>8J2i*5GH`TXrrFSZ4(?bM{DNHqXvrCHcw-i z80Cl!)?JWP)2S#LDN8YL3UL~`^?QW~;-h@)`QtVO-1|)^y~F5q$nFVHXa8@Lg&4#E zKHm-BK`01@JT>iLl4&9lgM&DPUkBP_K^mmfAx!wWny2ne-h%`D{eLGXd|wCGv1$mx zxTDYbUWNoL24t;}^3i+-gO*gNKjJQap&VVzD|4_8_-=gi2T_|x!`=LVx!30o#U9^Z z%^I2Q^I%P@w*Jj0uM0&D6Z_y-ge!X7Knv7fU-myK1ZL4$m#`<{NrI$MDBsrLw-gHH z+ZhZ7X?DfU$UF7mAum0gM2LF9d4|cZ?Q%J(X7LXn;%N;sH1eDWUKPt6FGm2%Haw7H z2y`$fV(B8E>C+pc+F zX)K%q;B{=tnQnZ>1h-7dnf{bp1%3_>er{u0$c)as8C{-qs%|j!RuHJXM2)xH41o?D zScx?WWQh8tl{y>tPuFoZYk)d7%%usJ=dZEDf^qY+NUo$VJ(5lO0l})d!5NN~I!_1X z!Pio0F2`Fk$ou^y@Jy5$*#Mg`enT6`&wK|hunn_K5q5j!50Gvnji@MG&~p4oK@Rot zyftHIggc(!RJp}2-}Yniyc?YBxLY$zE{|g`E%DZ$#oF;r-i#Bzse=jU9qDPBD;p_04?xi0tMDdqd8J!+qMkw<7ewbnjUxjCUr$ zxLBh9>8g3yS}3xwR0g_RAnvVQ5)(k=esa`WebjRP<@rC_TSe<9pvZ3f*XJ*TBgp6Q^ zVeFVqvWNtFJGYPZ*oBR|p4i0np(}9gPOeyGM3^2e_5)9{5&=@|Bkh3J=)F|7R&3?uFi917;pyA5#^fyOKARQ^-;H!a?C zEzdh$!fh}xhzsBY|EeH5$f?ZVqA0p!A#wJfXi(G#@+&7{;bgMui&@ZR$;D-Dgdmd- z;o0o9IQ8sd+dsC_Rjm-sNdwD8~&{_2<%xHLoj;>uI-q0 zq8|A8D~+#O#*v^;Wwf`ODMoj+p2+6r63+0u;u1I3M~YS;2aitO=Gcv}*ZhnkloNfq z9@9@R8XGIwJ;()6mMlPU6&w&UZeZ5u73WF}9|&s(dz|@Au~we`zeD>Kt!0}(#S|{a z21jQ~u!Tb@4?%(#LArn5gZb$jXMdxiO7l>kpbiNh4on?JO!TPNHNhrd#GaG&zMDSt zslC%BHX=Ye0G2wpiuy8mI$(Zp(xpfokqPBj)@*BezGvBf3AobP?&poge}o=waGv&R zQ`|FqT4RV!2m@*z30{Kl%9hr`dm-gMw~Q}vv7^5r?wl04EJS`q=>d1DOO4b{U$nnj z(^?ovNic*0rvkT5_zndQKwD$TWT$^6IrFFw9+2>UdiAcag#zCK2M0??f&upfYTF%8 zr6=rg&ABuYLFolt8Ml9yjZ1#yhJ95Z$yBmq9w5GQt1ow>O3UU+R>%bqzAZd>w=Q@t zYIB!El_(Zb*im`0hAshD%TQDWzVKSDYk6CKixCw3w1Cd>5;lKK*g+rpS`#lgMYgRR z2-N1TFNFY{4=dm0XS7*w6hyiM-$BPqM$JfToeQ>^ax@PT(cKIDDK8oqPkl*HMZSbT z5o@*|S2T`V-B=)GPZ@641v}W^BvNhNRDa3>Q6*k$yFbs7WwxExr+W7Bb)SCe;vCrbE(ZliCdXe$#K#n&% zF_m(Cdfh3`BM1n^ND$(4;hn0=IY%v&T)DT{^GJX5u2IhL6y|!AwDaQA4p-yO-NhPUFDt|KLfeJqNZkIZq$m5aT4V}?EJ3`Qcy;+Zc8@)M2;{Wo-=?Q z-#!FGd?1TU2wSk#IXSMHt5M%e*!dnOcfT+{^;4TCDlCo=r_HRrT&hI>A^I}^VB`4b zI>Fb+LyvObLW|Z%@5#p+A;#Jv9Rgr%nawa!Q8U3d&Ae6W@Djg`!~FpQ-~{>EWrAF! zsA%QJP1%bucBE{~?*8Xul2Lt;wdz!Qe%RB98)_xn;kxcBH#4AJ(G2wgVA;yN;%wUs z&9>d_O0I@aSMj$_?ED*|rKgtO76t?!aM!Nje`h-8I|;V@@nmJsFd)8l&^*t_T#=k! zB|_`VR{=|CKkPPDGHgyFD(IVZJ~a6JgEdyyt>G!32O$uKx>;cF^lWZBrBh}4sDza; zMyBDg@f5vvPU^5f=ctqnD;z7o)sTi6yS3`@t9FHYI>ZWlluu=a@^e7l%*kY>4$kw$ zsM_h!wFC3q7kj`X@*j^8gnaYqfy+QIENTY(UIcLO}Au;R(&wA%ZWp){tNunF(q1#8>3M@skQh555VxyGx5^iT}lk zK{T%oTf(}U_yD6lf23RdnA)+B&>V57+K88`9Wd!)TtPK1{qog}84BCf*DI=6EI`!5f+Qb|}d4c=+!1h%u` zX5iJpex#N!LqX09>24sWCh}0IYAJ=qD9Sn+x=3OE zJZJU95c6ttkb#TLQyG@=T|$<4s!CFB%p2M3_uPL6Iy<`Mi6^{RSz`Jiz+2uc2Vhg&UEE~`TT}vDI zq3lNhu3s)!zk3A4WZ)G%JY<0p7n-3Y>>`1yfYT@Nz5`bVa$ay$)lO4T2a=V~ z#;JdYVKd3^I^qs7w|^yGG|Qx4ySRInFbQIjoIS@_pHjgZwSd?72zDB%;0hmdPDr@( zW{tU{tyn$O>eI89KLifvvtem}I9j=&&6q6po$YrDWFm~iL+M2L!$Zp&fe20B)Kw;E zUjQsr9B&!0I6!=Qh#3%K+UFW=%VwbrUoDI+WAr~Th&COy2V>HZjGHUDqx|Y<+Uqx- zG`}*E>l^Y84Z78Zi?DP1Zx!aM`QJX|A8$pW$>3qpfR()C+?|XCG&!Gc^ZanSrY+7; zEl=5TdM90#1@og!uTxvQrPcwZ`6*usxT7>REv05OTnuDJBZY9`P)_%pH`%P6Fm(H) zJ7KOE1D7Aa9JaZgwe!kSci>!scP6@!c;S7tK_qe0Bo@jbGfQWQYcC!3HvA%z$`tv} zN}*|nKj<+Vq=T%KNNx*S2uB1Ne^*w>_91RCbCNd+FUE3;_ zzQ>IZtF`z|>t&n9PbP~pC;sHRd2e^fw5j!a`C6o`DEP?tj+y0)m9h`?5QdUE>J6>h zFuwHU#t6)hkA?Pf#KtYy!7p5@%@FTA>s^#~GBITu*H(&yi0aV;*&`{=z3gM)YBmks zi^}C8L>ZGMBI}HSpxg1i(Ud#LFjk%%psI5@@A<~og)sFZ<;=f+a+heH;wxGn}r)#R1gvH^}RU(J+v8pMdZ`yj8>(`GynRCHWOjSCnH07XZrG+|`PV2ZDBMA0v-Fg3MR;tCsk^kVeJ4mzazF&S`$G77ObPzr?0Qu3x z{^uf&Jddx^QMPaew+iJ8g*axs9#-Zu({uKRVYLbSsNkF6F$u$H;E_PrcnF_S3BdFesKC#eM%xN*=STMwUn#eMb&?L_< zBLn5UVK%#o^Ej}f5x94BGID|~=Fzh{GciV?PhfPGvQ(1==q=8=MM(ZhR)v z`3R4=0z!9)fy4(L5UFARBhR%OTF-jS*cl*sp3ZJTD-cbUIf#dG?5}lb)~L&plq@^R z6#cYUu$7coV3>lLOgrPQY!Oj7C_1k_$qo$$tcNYQkb)6OU~uBwv)EJq&|kI}SH+Oh z9QCF~l*#)b^R;(Nx%G#N33xqg4(g73u?5y))p$Mh997?1qN6$m0Kw0%;j51)-e`bA zjws|G+!X-ZE*coz=+#kSA~)_m^DgB5 zFt%-~y1;ogrbv6IqIJ&(|Lj8Y%6EF7DWXRT9g7-ugttxW02Y@^O`T9F)yf*rC}VZ=1J(d(A8I!q&!QgH9S}U(DH?# zicuWkiuej1l6NkOmG!#3ofYf<;jLBsU`VO2OjI+UNnUa1l;mRbk#O@%8?S)Vp?l1f z?|eo2#w?BLQ7Ltzd}@rnvrRFg{?-h_hG{LtUm&5vrcfoS{B8F_wo|E}SsOdmsDHDX z<9#0xFR@R-N1Eb!ECV;%-0XcmVa2i9DDMD-f_{T5 zt@-tvZB?QlNa`HPTGDiTJU(4K&j~;JuX1Fj3cxi4p${D=+~r#hV-S?_oWuwT$d|^! z)wcEqbr6*~WhMuh5p+#xz}7IS|E??Wa@~AJRmBSkSkwa;hQf&sXz`D!MY$1f8Esca zQIIlR+3!AyZ3h&;`xjeBoWw5@rOTRj9_Wq z&dvR8vj=$D%j2J&Q~35*Z$u$^s=CZ>Nd&9+)BzXFBkIYnoQRi`MxnaKzwRb~Bm~lk zyk9_jm%s22a22irjPRvORp;~YU`)W-e9V^Sdb^2wCHAB468wc>??48n+=Tx9YmJLuZZudC9O9uB_vx<`w~1f+qck|`MPgDxrk_?* z%YuDiM#J;10cl|oKYMfj#DYC=c0C>NMW4+j~NB>=JE&i2?XTp^j*8(uO7x7 zI9YqTTq-S>t?HWPeGhma6Yx^wT8e`ll^JF%706MT>X~ig7d(+`|2KMuh7{isZh+`* zea6`B@QRbFR-t|8?tR7>2eo z^;X~yVe`pD|Mm7_)?lszO`m)!UPu=WkGyzqdP67z^aBM!uL&!n-A3sV5k zUu8GgJa({sE>C?q0t#y@RE^CS<_dwoMQ4c19@Cqke0SR3mm{Ut$8 zGH)WtNu#C`zycUqR#)F9y<^<(Exh}Oie=V|wxUodo`LQ!K&NZzA@4?Y`vJ39AMPey zCyAovS+G98m%FS#p z1;;$x#=_X?ko;PYxx2R~J6(ok>yynymd+;$0S2g{$k*Sz*zs9}r1 z`bACD(^R%iSBDA>fOFk=b~$7lg_h5GIQy%vZEetRt>Vlu3w(#n9lypms_X2NKJgC#iGp`Hp5?o z(5*>7{A6*4YC@$oEo$s5NZky;7sRgTRVHVr1?J*-uzniDbSv5}B^5ufVJF`!Ax}sj zf(6Swsl#(?de)Sscu>7DP*;@1b3wpI)K0;ZnK37U^@IC_<~1?uL1H5-GrdF5MK&up zTSq^AEBe~#FWu`Nd~-zbthNTgOp0~USW7$1dR-Nfj?^YHykkQP+g&*gM37O|9ZYPQ z1lGbC@?47|VnPidf;tO_0LZu=CKaPUChwT$dlRp9#2|q({ZD2uPn@PQauaJOiuTJ8K5y^S3E0w<^7NzMX%fzgx zZ+!98QgzYDU8OeJ)KaP1`i)`2P;IELpN0jKcTK=KKR!ud(8rb&O#hr&Am}A(96ua( zqQRE4DDJKJJnLa{=TvNcZ-Z<|>wi?*?$fY7eeO|kmEFdZWDDF@#8U3Pi-fz}&;T!5 z8zosYEd~2?R?#+_Lack0fnZfuP}znfIs<$RvrHm4A`2iktG_BSpZ1rr5$e4e{(Ta` zgDpDWzqohXBKkaM@T2EYx7hZFme>2llexP32P`-0-Wh^%GJCcc`$CfO@7^DGc=xy- z5()^wQ^1K5L+!ivl||#)0={2($Bo5D6y#D1;1+=lPIKJC?~44h2tL_=*FJN>mBb7l=$; zznWV@an2>y>X>eR4d9&oQhch+jjLs2w0v`;(HG${;P^4JPRnHpy!-HCH)(K20Z)GAt9QbJo3BI(_bvTlM{j<;lQX{K`h?rXy?)a_3- z#c!Hp@*PitpFOanPz1_V4{Wbn1~QtkLU+{(u?dG?z^KWA?tWx>ngfh-_im)FNqb`N zLxz?A1ym%Sl4a=9@x^k4pGkQ(Zt%Ngi;a(t2Fn^$vfiDhzV{ca zwWr_dEh;8wWj!x(E}b<}#K!xsK!a+(sM9hIQfIeT z0%jpl%9X0Xf5g{il`94a9uBA5F8QXeYr6IwaVc}(H?hH$Im5*jon_ne5zPf|=BC@@ zb$?XrYd)+V7avw-xW47bfScZ0#62ub^?#hW#Qhrw++Y;R%mausm&Ib7T6K=}$#R2~ zd#LX9_^XrE1ByLKg?3nmMWY*ydVmcf_JCZSz8}9L)JaWNjW~vv3j}-sst^AoGmG&< z6v-u*SsZ+AN%X8Xv`isO7Z_ z^c7#cJxTK4Je+0~Ml9}kv+WwndS1FWE)={9%hs!h?>t`b@oX=UU3N{x9)TBWTj}xd z??Jl_FCElEhs*pe_BOk%hm|e@!j2r;%F+%i#vV2+WaQVK49($rime4~* zF%A$8Lktk52)wEld_u|#A_2OU5S-chV*NAaEjI8a*@F-uZi%%}w50bwnUNNQYb%76 zoPR>;60P3NI?{#cfqXvdd}q;E9*>Nl314ZY;MY<{aBP=`IrAR>_{&l5U+&Gzj*Bl0 zOD5k}(nM7uBL1@C#hA1hvE9)kW-L>vH_x@AJ17GZ9d?6Z7H_@qu9d$**?h?a=m<*O zSktR=|3tGYi_y+UI?S#nX5f(AwC&4WXPADXn?w!Ow<81mBUs9Usxo^}f)+%u)CUm3 zteaX0Q$Yh2wj4Ph4RxK5vPbbC95&toUHA1D(`g>tNA-*w%8HgSrwQa%d4cp<*&2ac zi>BaMf8xX5S{tg&$9O?n`aDnvr9u(0Ds&f)5}ZjVExp>I2Z=vI^JiltSb&zq|8!5P zZN|q^r_<(vWDgQBbi}EbHA?1VB#@AJaM8Fe5}N|5EqXUtJugmd_QRtCA#JF~d(#i_ z^#fn=CebDEsR1jQsN+bbAdQq0&DB0u0}K;bLNe9H*-}f!@CK20jJNRpFwnt6ZtbYZ z$qgA3YH!%up(Vj?$-UZ6g7d~_%JXRG1^lUU zsXW$%3%`C=HsLTm_y#kgJCep5iT$<$T;I;+<^->ej^VlyTVy43#TdbR{Hm>W19!Pc zC9d=o7BB`XnWFuUL8(eO0F0W7_zDxpn^j?w{`od_or&H}=)bbM;5@oPMIQA_5x4iD zc>!}*Y7#5c>a+yeu9G;T;~z<5Q8evQ_v3X%XT|X+^-c)hNHvyPYk#clewLr12_AlP z5D0H8SE6s?C&Z)PQ*}d2%NHS3TJcS;UOf$(0Ecid$X7iBPHNI;vDar6g3$DUFs<)~ z5i9O*kGA!z*hrL;(mLd{Lp?{ia=fm{Nna2X|IYnkM!{t4EXmmz!)|VAQh#~A*peNV zZEt-(=+2)b;#*NV!dr`MVU_Auzur8xwRuWyw>j+rFrr_kOz+53`r!m0;`y*?AL@LK5KdZPtt5#<1)py>N)6=5q+ByXIMQd$NG?V0F8pi)1!Lr|Csvb zuui+}?`+#O*)>hJJ(-i6Y`ebMwr$(CIoY=Dx96Pq_sseKzOH@m#m`!M!4k2`iF(AS zuim;qzE)^+tCn`O1N4LCL4cez?nS&{cDi>eRdQ1%)_`QXtUcaQPJJl3VhIKB2B8i@ zfK+orXnl!87^mX!zi)bg;5#~)1_%8Crw`JvLLF#S+htklVXtv|NQ8_jicIdIwi168i4<#qG@U;z4^1#&uIkXPC4DPH+P$#&AUX$;^D z1GO4m_ehM{P0xmE(m+~L>vgy4?M+mD>K((^In3SgA{}7f=10~g^*8d;E(m_`p&cp&*OX^HG zgaz}6Zr39*H*ev^1s;rztNg{FwwqH#S%H)q7r=9Z<0^Bk7{#}9M)Sx&T$W6ooQ)l? z0_@x7Z-=zvg2V|xUU5$SFbXJxLUWVnoq^+j7;;w7mh{`2wWi}Qrh#fS{Yt!r{5cQu zXQLd@WPH4KUs&z$wRs7&|2@XAs~{HqC(7ZZ8embSH{Kha%UtyHapHVMH(|Ouc!|Lu zj!j+Z1=)Z*@yEk-Sh9`lUJEfpXstvRauN@{BAul1y(r#0$U<*Qr#B=vxBq{IqV zpbTo``MyBHt-hQl8EJtKMctBJk^K{Q=>DR>G|OvvN`yPYXpUi5NGa&T(q%;bQ^#^^ z7leI)Sx7Ek2!q?XM+Y5&6O)Vr)+pP&jD2isB3n+wa%suH0nuu)v(}2`1dPaKZF)d&@mqCAybn0tmO^L+it`i-f)#=+LH_K8-RT0F=!rdDG zT#BqB*lQ7R(l>eQi5A&DlW!>hLF4btZ|H)gik5Nn5}GLl@I=8CW6pmrXK#CL+K1(& zO?2P5??^6S4~)7oF(t-l84t(dMPk5fFk4%+Kv8#bu>ODc0`Sk+iLgWn^2~CdFM#=` zEq9KRwLQNj{;;H)56Xl_nCmZ~6!oX&64+DLk(K$RXRHIbvjnU{g&rOo9G9|;M(Ybk zDU|T6n4Z5OMxZV)ImX=sHdzB;Wp;)!Xe7Ecn~IVy`;ON^y9(OnZLft>my|a( z5${ZlS&`Y`_r<@~{Ly082(ORdt0@d}__>h=3Ydv$X%_sCwmE80XSmc#27PIpNw)2f zC>Z%(VgGE_(C)i-e@c#CYyXTB2>y0DVKjvJi`b!H~NC)n}lkePN{bgA2Gm3+1JB!h&|8Ej&rhs;Do#jtvvHT!J|U_?9l!WK7FcE{b#~1 zn|}^8UgUFI@(|#m@xFDYCw+7_SSlPVVgDyxY3k^t{x<@5onme4x1I`;D%JVLi-ZgX zOqEj<&P7G7Z~dC9k)G>TN4kXbLdMk$*mU&&LGm$6Vi`P4)*Uk_DcVLSGu#X?tdHEp zFkX@iY`7SX?hf`i$F5PiUFSjLs>41F%@?Ml2zBI-06#a9&-Ie*P{)U2n#}7_m8Dxy z*FN$(Za+_cZ`&*~ADfh{W~-xTdJE8BdfYvZ3jd@1?FDg?Y8A5=46sfiq7GGeSPPr|=C;ELj@+{haEaI=Z6i|?| zikD8rl_wAtL@B`ne|KUep7gUDxU$>KYSfmo*WCiT+bRKx(9Ga2p3ne? zMjnnL(95D-yg$2lCJ-RfToGb<)(mI+wc__5EcD$(&@$Hw!v$4gOgsv^aPSkt6}>Sx zT2!rksrNO{rpT3`+?Bu)%jB!08!;Zqjflh|o-*E_)&>w4TM&ZzBcbH0NSo{jR|s>@ zJ^x=4%M}+uev#Pci^TH5@pp2R%r%r#-jOwV)7fs^gkCRyN{2vWB8@Q6wv~eRPfVu2A!Tv5{fD&ZBGKDg+reAqE z#NT)~qIuDpk3kSKV78sx0FvlmBh^TUO|+|GN|s9Kv%R2`3o-dK$B~uyZCnfr-CT`R zUG!g>q5CiMh0y056~c{)5394)WX1Fpue+Oq8sMOAwG7EqnGw5xbE$Q+*uq1GH5+~DFqHgn>!Z(jB zZ}!)p6~5}7S{Lz-+evCz8<%2g|_bPo{yBYTQ1rzbvWgZo1#)oqyW1+7W} z&*OHPOOl^l$}qW^lxa|Kq57xQwY=)@cF=7OZrDh}&Ni;i-Ekd89bo&KUTW_)jujFK zt^G^y@3!V3ZCYA(s@nO`5db~;Y^DNNhv(XJs^A78%1Y?m){ixmU6Y?k|8a-lGb=Tl z&i~XU%Y`EyklH5u+v3zQ!f9ckb`K%VoV1BI( zze8xvx0WetTlkg~@&j0(07@Bq@7=16S8X8GTAab?t`bp@Zi7F!P_fqE{aif>iW%4# z0QNl{8uH#oMSslbjCH&Hg}3TX|CS5eR+R&Q^ixFFfPHt(q4fJxkt_2L{Qt-V!T}oL zI6Hp3d9DAvHnOqAH?{4)B95&eiBEOm&mmVvc0}&n4Cj8>MSg#ukMPG$!w@oM3jMz7 zE50XFsUAY!ZUrtu-g;*Oi2Te)#dtCSE4Lnb4Lj8JR=c>d2A-4c(tEVSJd?GQ&{)p) zF*Y&d2F;fEQ&f|%qW{KFY?&JETMkSN$v0Q&*V4_zfWh18K%!k&C}fug7w67qxc!3r zfJ!#~tiqV$5tlIMz=xfQH7M+9_Ld~GkrrT{)Q$h&(oi3UXp*kH%EHr8m;~X4fevjC zyBT1hL$w;RI5-14*oW_20$`vbkt%2f9%2uEH-+V-e&l+)IVO&T_e9$4BK`;9E=pa@w z>|v6W;yq|%L+dzXVwxq2B zH%dK?Ey9KVSc(T;7Y8FStH zhRiHeFZ`GIG8)2T4oow#H`7Qa7DZj8vJ`;9gXu7mvkc%SYr=G;8%LsDhgcf^0*E|S z0p48p$Een|mZ&3>2g3hi%wUM8t$qn-Dv?&Hyy^QJ1usq#HFu}qi3Qk7+0J>y_ANs( zTXfk;z|xZ}xoMBAsjlH-okTIOcq6-@YGQs}{fS zt&Lt5(bL1&Au#$53r1=%r0J> zmtq+YfP{e$o`YsiPCj?*K3|>jX0H+fJ~pD34^xef=%>|G6&)-PDdH?t`Bimk&DW_) zyV3#ll4M`^Yki}={oOwsLgq0S#~p!1bgtvS;kX%`G_WTF&iK*=LT+oygpoE%QOxP8 zE%0Gz0hp?EAea?noV*|q$Bu751J+@{5FpmzVBhEJHU;-T-~7$2^aWt3(q@dK=W)w5 zGlmedKJ8%9!{vm`zmAweuSKGOhUga=o(Czm{Zfj}Itcp$ zlx*ayZ#Wcw1?QAp4w=Z0L+*VdPds|~z^oZjw>mWaBw z5>G%XMUgn&F8_2jS^=>|W+7}1-Z=n0O3PNMw{qXRVAL|F7tjv(CX>ml*IEq1Zi`t3 zDuw=tqyxqJcWlK5kdp?e3pH8zgPauD*LDzo+iWKFd7No?Y#ZX=r)0;EdlS6%kO0;( z-b%>*kov*xy%uXJWg>Vx!uQqx(U`iAs*M@2{Y zVk&<5uR2C=kyn+I7)}0@dDNVGqbmOPDyhzr-XR`|c6%kSJ@AE94|^rUKe+RUpcY_6 zZ*$sW4n0Q9T0b*5Q7q(I|CuI|1{hhUbiF0Da&WGj``zaAh$qOhnx4}_g`0}(!OliC z%EaJ#04_1bgYTffksgdwpk5(Gliz*ps ziIz)xro-1tJes15LphVjQZn7QP+v#lx|%ZNPs}~nPA)4%_{BheWq zO~{Fta5wVFKzv+t3SeSNLCFFS4-cjQNy_B;Y6uz9ov?Ph|B#(mX|t}4$cYx(Kecpq zSs`>hS*SjVs^{?^AmNduXr6b>TD8l51|b{DhiT5OxzVF3?e4hJR>l(pBQ)&m@)30# zFc{-5)N|pQj6z_V6mzNVVT13yb`#$PzSw7GZUGtP1 zsx-hu2J^eGNO0$>*}iyP!psKzjFmo>*moP^m7J0CU(D#|M)7uUg(r1#%eJ=+l6RM7 zr}lJ+vEOrmc{Z%>BmvBWa=#X#EeWbm^~+C%a*jk#p0=b>RL%_f%U z5z|cHr|qm7%QX6w>K#r8X6!_fhs+y=g~$Mt*G^_J-9;m75DVBH1&)#JZ{-)&2k-PA z?X|OxEjgB}@!Dl*C1dLDBn4>nF#(;Mw){6<@=a3&+x`A9)!8(^2F%=6@b<}6wS^qn z{D-vW|H#@|w3G>-g4SV%TXl!>;Q0obkuOehu;wUM~w>E!6^m zSMR>kc3*0oEIY}X_6dkNG2ENV*R>PdYSM|LC49?~zldw6eIqV^W2{zo$- z$wjCCr6EFsCk>C6p0<9vz=#gH?q-YEZuip(ubq51X*V1H1JCbsCa2&1VecKZ9ou$LI2uaB1lU_p zEh5wNc;+zXlV~TrES~z1k>51nBDLbNWm$#KTFrAUgQ)#Y8nETm#B+vGm zfUW%Fm(wBQ;YB8ZuI`L^oD}Ub;qDxXFNuxQKnN?F%b_+RIJ}1N@=G8nymDK=4>8I_cc=ucL?m^<2lexiSR{H4Fg|iP~#00U+=haa@x0TtsYdvR^j{)=~ zLHJps z-a_VbPbZqNX!oG?z~#9Ku{LIITJoZ_upHDVSmt%jutEY%)xtC#M@<_*oi;uqj=OT@ z$o8rXG_$Jbmsne2?9uAt;e+zQOT_0xJIITR$G(ch2TccJk8lat&)d$RU{=`7tWe_! z7+CS|t!X+o1(qNkFN6v0C79O=?Xf(cLLg}~3TUO=1+6C)T5?htSO9Z``bY2-$}9}Ha&_jNIvEL zG#0Uxxx*NXh5bQ2d{nw!xZGlay;}%SIs#wgBtVYLHq2*)pX?$!VLBh~o~Ap?v9Ov0 zSSw!6wCpwk9dMie+AleDM=WR=3~2#|a`UFbf_xzoN`djyzI0H`35Xc3==-qdbchv8 zf!f6;A^)f5W4csNb?PuO@QO2I6_{dG9B2VFjlv>q7i#cH{eAoFK~kGKa+p=8r*~~$ z*qrCR+-@Be4_uM*t#e-hruq1?Y}#JwJ9JXI5HKxZgIRs8Dog7m?sny8%XTGP%yf+& zJBo}EV|Lj;IvjH)2?5%FsVr5sJBNk5n-nyM!6;vU^rKJ0powe^4zLVQl<+c-ROt16 zuSVbh)4%+8mt^Mnm~ZU+7~`WKQO*6pQ^zV1t{LYN60_tSb69hWssMOC>4dm8I7^PL z!k{d4MJ{bE#rZQkE(ki^|B1aBjs+Be6}PuUkJ_yDey5lt2*!3G(Il-Z=;xm;d&;)m zqycvUIXQ3)qIZ?&_I!MD`r^+$01-SuC@EPO*aMKfi&b6=tt2{(k=kOtdI0rIWaHef zI?}a;#>LAV6nb{N{baycCG70H&l$%crpjzIJszhcx(Ha~#Y}d1yqMScko{2Zd>?8% z#N*#w8*NXxAL7&QdMDz&JuQ+YTy$FMErF;k8YqVNFen9XO@92c;0<_r>*@|KTyE-F z>;RyUi>5SsPq3R4X8F5Mrcafya1`6l;VfVLdYeYSOMNc?uy)$9(0l@Y za9K{UFI3V#btdtEzD}5GxqNm!I9|JZ2@s^J3kGNNxg^@FIK~(hBHMW=@~}#V4nW1y zM6~U3yp%0u%>Ivw-ae9q>H9=k?1)1B<^hQ;c&LUH%oIzhi=N|?70W1r8q6dZJrgO) zj{HB&!NC^(Vh-{@%)yx;64Y!X=fY`e+5^GifDn?z2J_nArwR4YT#cL%fR$t2!X;2;dnlZ< zWGvB)>IE<=<$VOd=cfH8Yyp}dW#m1C_g{!l3>Xhku?7t?uv?PA?A3}Kqe@xPABosj zde1sxynxOMNj>29UgiR^N7QYKQhDBo=sQ9R?Z9%`U~(dG#Up`IKy5#SY^*_5=CvW= zT}SSLX`V}YOBznCAc|a1_?sigwwZ`FEI0TWnvGwI3vQ%Ji&G_on{GmT}!+c02s8%Bbie?8Sw_B#*H!u!kR*yl_i5PG%Fd(Ty z9GD0ox(p0k1lCM|2w6Vj5A>fOqSl=t0xR~73%bei={I^B@|k~AXbCt?zdn30ynm{q z=N*lL@BMuL#50}wfO}wSz;v6NvJj$$WZ*YeM}qQ;r4$#6O+t3a&l6}YmJIe?L54j9 z&(0;I|Fxalpv){t>xa2DbpX!JA}vyW3}|_Gwuk8IG?LA3tR&Hx$k|KGD*j1kRti5i zfAp|)_1bqpli%H|(+_aCVxq^tDd519T{Cmbe;Zh03UK!DP-JaWq){AV4_D3>?M*4) zck*Co3`GVDEFjB2PzRL{ra&@j^mp4i{IZzz)$@iOJo2PQ?cQWaP2L9J* z!sk#iLIL+!2zo2_37fR4RH3ID!FhR3WZt>zsc71ndNakJ!LGVRarHR8jUw=moT-cU z>edP+vCJ(XF!mV&;D81j1mSdjN1k7g^#3vH-nJ1Rh3*=CfHHH3H!g}d(w6J!>Ch^_5(zE?Ae88DAQK5;=CIMj!Dl<@C z;o%>;PNH3keM(O$nF)aZ%7wp%D1dR*tKBwo;gJpCS-|u=rJBxIdA+qPgA~7pq`9$; z52pjV6|4q?+PSGhX8Q0_O^c0eNw96M!$6-mJ#?~Iq0g$l3i0PNP`p#5r^d&i1a%>i z6--rP4uE-K^#_C}n4zKc6C@$mi}WdQS4J9=G`c%io03@^NaFOcW$6pWdKOHl{5m~R za2P58TvG?m?G}z46?}TWeKEHrnk#R<$8|ritHpEidGt>cIN=ky+JNFm5V2INrQ|IU zH3>?;A%F9`5-QFg*jNg~U!p8wJKa|E;4Y(l)W7}@+NrT9eE2O>eSUc|Jx8~dkM;DP zs;cEU+{-Fe>$Bn$tT!X)qiCN$^=N=4V-A^_-S%XR+0I;WI4!7wwc!N=l*?@j1JKcub4FLs)HWZPX;=` zty$OaE*CQl^~=G;{m~L@2^h~A1iW>-UP4lV-rr<|ZO$poykri(WrzLa1_3o!Z8u2W z9~LJR#O8)}bEt1tBoL-U^yd$stJx^V^e(xCm`u5-hUZR4R0jKn3l5jhY_8+s1Ekx;6IXxHIY+8ij<^M&9Tbx0t*Btw_G*kwx-2*zD>3q zLK#~qJhY&8`ddnRyV_vT;DXsygB}nf#t^?$I^R}6{g47^`p*B{;TDAzfq@)hX(0@=#4E#PUzx>A*P)#MJI@ud;l zTb@ifF-0}&iASrCw(FBHv%Mg5>E}BcK*Dk%tXh+Nu&%XGenr+*h$Xt zv7HB8Wdj^y0#G%X(GKPr7s3QA6Ax{KY*??4d$(Od2LdVP2VRo}9wHlBO(~(IbfuFc z8_QS`mR*|TmVy6b6AAHG*^hp(Z6+;4FR=D99@CLJQUE zdX|zjr4~R_Nw(U2_3c$apJ5o?2t>ugXDP=a<*{cI++GUCNzOeGn36TFKS*qIVu%TQ zqF8R<9apbfWg>|?o^hT;W{k5z+jL4WhFRyLuU?^1xPu|oie)62s?T`)m+z>4Rs-mv z?w{xR!pdrIKwEX;zLVM3LjJuOH_I@A4~ZjyAhR_Xp$*2?t@Q|_)_Ag_hX7P-BlKIx z%;g$2!%n$5H2PtZ(~_}+6(ddYyR(>MTR5xjXvV#i%`{PZ zu0NcKPwq(@ln21+Cocd2!M2M7xlDpCpu-ke{$rSe=_GO1-1!#w){O)?vME?fMiPY# z9NSMr%d&7~dKE<20BL}4j5e)LCAFAG?o|j6fgWGA#i#^4H4A&7*p5zY{xEL}~_Xdm{H?kDI(# z=6Bln9)7$EvQd<}ZTJwF@2w3N8fAKQQ25 zIn;{`cMkee2&4r$hB=A?9EgIZ>uu@|DbM0!Yi2TvU?5u)IHRg~TLij6!K2ICwyO#V zSUHOek?z9|f*hqKj#IJVlCvS6k#pcRMyGpoiNPcl2l2`lRu{HQUGQHBqu%;VD8$|Y z?FkY77XU>dp!tcTv73CmML-L(^P%jT!?3$OGaljwca{N9ih^F$JxjI;2mL*#*}@H! z%;*8h6PpbcP<~FGBZkqC2-vf9$#BkV%zniOY=^6wLC z=N&_eGpu*#7Q^}HwmVHp0+HN;DIn6%Qtb5!h+vyC3z@*X$ZV|7CGy_b3VswjS> z>UttxXT482^FL8!w#u^VCsqtoA2he=JrYM!oVaT!^HooDHUJ3C0H@oWEa}ZICp5{Y zbD|!V`j++#W^UY9Ntf43yhrQ@;(qNpj8>0fYIL8IK1q8lQSQG8?gflC{;)Dnl2JdSC8U!S=|V^aEC*W=p8YU*IAxe+Hbou zL!GAAfP7q&m<$^o=~T1D&_1d+>Qu9Mc`vOHmL?7>+(Da5crzhzT9WI|a_W@9#c6E8 z_)F|t#M4y5P2BrDw#ui^b&e9#a&T>q_{$N?e=!208gL5&4!jWw621)?y~;K~BwT+B zGqaMVlcR=t=(cpG92_Y)tG4`FU9Dl0<4hC%N0nV>@5Ewi5vGr@Qm@v{_?sYvLtbdM z^^!n5tx;5cOeb&Wh7|Y=7ea`%_;wTGFyHRyTkpzm`^`GdE#Wep=gWuThuYZC{M6z& z*~(2oLgesi_lFNZlqtLVAbf;bQQ;hRiJ?I18L8|>#_2)5q z_PN|wPy&dTh!QnojYs@lBY&>rYGVZ8Rd54yE#7qVyL2*4_{=NEkHfmv^eTx_1y~(0 z9ep6sTE{R>Cf;Rt#S+aM#BzwUR>NNjWFJJ`nd0v9Y-+tmpw@OM79hSkpZPfSEVN?TNc6LGpFtY7Q;Lgma(lQ100Dqy#Zo~mY<6IqKdZrZ$ajEW_CK^JeTAvPPP%yH7-*RW#AUM6skHJa6Hr$lcVm0?{3U%3C0&o*w&yV!bS08eJn69A!77NpXmrt( z88!DP2HT}@8zbv;heS{xcS5qR+D%vl7)c3tBz@<4n~p~$mY7Q3>B?Z2lmPUwjO8mk zdZSsyXb$Twui12h!F0?IV79p%m_19v{H$h;E}8tez=;f%b|{5)X9RFa9F`|Kh(5vX z+3Ca#=la#YcmF92&PPf?qnEO|fgM}e z?Gjw(yNV&msqN>XEh~yEqZQc8PLYv>qliNhN{`2yBqj@Fr~2M65t8EaKZLj;vubPE;AvEbv0XJQj*)XuAjGtu)=d*rjieIv{>NJSxm zbtbvrWKiL4Q%#PtLlVQP4ZM<(FjT&WBxeC)a}o4=OSvPl!)iqgWtHJG@YX%3S?M{H9gS%$SGAUt6V%W4W%k^>a>Zskj*4(?r_W`?92wA?nDx(Bka|L8x?%<;QWC-)K_3kD^nG4sOq{zV3R5=Ute#zdvx zsJ4`O>!)H7Aenv<68iPR_v7n{FMBrI{p*$&#|js|l0#S4fukJZGKX7IhWDC&K2^VI zS_jWdS2s8Ln*L1OW?r{sCNXIN|Hj}mk0JHiuxu(b-QqzlSAJq+^p$+yO)Ap@CIj$+ z;%5!E-h7U-VrgdtRNQ!V=2;fa}{Bud^IdAtZS=3&$+U=^+9kw{~z!A8Sc!Wm0puqo7TF^%+neMAebwj{({?O5)gEg(X7>#4p zr}7t*B8L`mD!1cV2KS>)m2Sk9;p8tf!C01|Y0OT*P@guVtX(U(C8j~~ia>apz{Z+I zr^+4hRiZ7D7vH6S0e@oF>7ZIZmt zeCdKRHPnrhPr^!kbRL7&O&R(GhpM;|Rt3iFoPA%hx`T)e)CK8shjHS6qLu(TiQAW- z5{f!HcO)(-!aHnDwi^cx6{3sA+gd}sQ8|e%2g>kvUz}nnKr~$EyN8W+ja?;4=>iJ^ zM8GYO4{I2OMa(;kweE)%B@V@wd&im=Df^@do)_zkPff799v zj}cKrn}+;BqK;DNpO+~+##!k%u3h`>>yy96*=CZcR)jBh_&~u6`%v@ldxrmPhr3gF znvkCT1%iQbg_okW;Sf3@0Ufl1GmW`*inv6Vi$_d7{Qj-bBJY8>z z6|#(D7@krS>6G2(6bTB0f|XaTjX*8u$TMKxP;GFTScmqkI$Ux6?^{Ywt$<^g7wP;& z!5b58n_D9lF1)}l#~SORF6Ik>v*ouUtxSxl$&kj7N3Q5=V^@OU!G1@nG-JA0ay*>E z)3=722D)m`ZO``R1+hWk##l|w6Hmjty1hZ3(wDYD;{l!yq0P!r5JtzG2v2Y^u+JzG zRbXD};mkF+I~vc}PMP^7Fq;^DgjpN>8|n|$x(ea?;;f^9$H31f8<=1K6c1Xn0izCV zn&Nr(pDyO~SNHbN0$i>l^e7`w2%UsK0v|2rq`G4p$wC=Z$Z(k(()6k0abY%@n#^Go znA_YfP=_NT2$`CR;Of6b;tfP%Vkko}{8dZ`BlbBT`q)b`VEbXcZ}>+Y0Ie`-gghN{#R-_;R z6t%#wiJC(j%@b*9d_uE8_=<6*j%u7hk{DN^aRP`rdV?Pl-_E-79QK_P2#D}U~nzwa1Vit?nBvSbVubv-rvu8lOWt@)&a`}Crw zDyLRErB>kH!8}xns#I3`=wK<;N^SRII#F32%FFgqaa2&e?9R#hF^5d2MKr{Vs`^plfUnlfzAzw%ha}X}za>Vh(EA_)XO9j3ny>IOexG=iwLe zTf%H6wV1=~F}Ks(pbpnW5GL1s4Q;WEV7=TaDM^{GaP{R>N$KYpAIE5o#HUWaKKVcM zqs+|N2sf#9N5bJuzn>IIH#A)qiC)2B(N@NKuxm9JFRMC@q`9&&-{+iUVF*kGc>n5{ z4t9=;q8N$$16Y7=-F%*Y`NO8lu0YgIh0|zIIMRXS5rLa$8D+5w&XV->BV^RATLP2s zj`ycJOKH#ORhyS;5<=X_T_aRclSti>C9;fln2nppUUt(=s=(t?^q%biBI>ULFc45u zI2t~hUhnyqjuQp{xz+zl3)4RZ3Ham?9ds`-cdSV_Qb8fVkGQtcx@$eO@)!t7E)s(x zU!&7Ho^i|@#b4k z^p{AG68qr!{tyvcg(oLonZHlk^2(QJsm;!0SB45@AZhO*do zgAng3Rp=V}r4up>R)DcJ&=!#Fo*6R)fB-n$JPvRwt9faVWxqrAi_OePHSK{lWTn~LFml$uoiC)BHZb`W={5(} z-3Ag%(K;c|8{&zPezk4aQWCZ3ypZ1a5yPEuPhmn;ZlC>)?*f}KaL?MG#Aa+r%+E>Vl%EH@WC>meJlP6!F?o`OcS}AHm96LGXgv;bwXRER&g?&TIgJL*O4N zM0}#nFOEd*zQKoQhz}@U0G+0`p7adrxggMjNz>R|bqAm(keEYjf%YU@$VMl)Fz5N} zq^^rDP94ZiKCxtcetMNeh2uMl+2}Gpc=qbJbU8SNzG$zHqOP%_00o5pewJ1S>zMIE z+9oYFh*oH>6Cp1!nFg6?F#+A=wsCBf)BZWn$izcY@qoZHOEC|Q*NMQG+QDFBG~Dg; zQOZo_p_wFW222X_u9Db%KBW>Pr5#?IpRlOCxeL4$@t%KZl3_{roW~9%V z#9kYIL}?d(-kXTH1~n&@h9|5cmyDZ7sL_SxLe_x4jahKV!;=xfzCXwy6%ez;1`K4h{9Jn^M{}YGQ^$>*(^2O4gD0p34*wCHrEHeh-pWs<=po&gduP0Gj0Q&%F zTv<6Ur*|(3`Oc#6JQr2%M~t$hts-pg%(=tXaCY|=uqc`a5$w#hRP^HMnPLl&A`KiR zC@WA=ikKx&nI&?EGh0!1_f-By{mmB98oPuNR*qC%!DIB)2W^X8U77%whFZ{DJjpV1 z8&x#$+t4;Nk2aA>e^^0)5hAsQW&=O-m_y@6ftKs3<|1xF9!L%6_a=e-AoLTCSDjui zQ1Wf@Xv$l69jg7W&zs3a88!9Kr50?9>{q&04otF-BPL zsn*0Zz~$U1>bMuMJpK>go71M``7X#6#=(En!IcTn+&#E$AUF3z@CRww;&3# z2W^Awn=F|F&Jnhq=Ha(mzacjpCQ%O{sYqPYA>_tGV~OGP6&BTH)U_!@(3WFx4%`0X zcR@2hz$MP7cxRc^vq-)ZvI+yqJzi^>c{OfHhR5>h`R{p#euOy$T_@VzPrq)Dxg^O8 zg{FWRcd(%t2X2~XWmlVA?#<7@+aK&%lW7qYw?@Cy*>IH}sr1XI|8Zg;a;+;i0sLPj*VfwB#FwnFoho=CPinQ#kJ<1B zF`eRAa0)W=J3B4l^+pv#@eTisx#Z)QfHs}Ef|>Kh_m66@&)RTarVP&89ksmTHE}L+ zhBY1pp1yx*aW=S;2y}{ZSTRCh57^Dq} zzW0d(jtSMDX@rGQdFj4MgU}Ac4mMQ?)SYM|0-$He6{&xxD_~FMDh;w1Fbz^A)c7eJ zAC^mxag!OQ`%mwc5Ua~Eh~p_k)4Y2ZeAmz3iI@BVwq3OaxVU<1q>vlxidghnJAaXwwBpUlrZeat8n=$aIy5*TNA ze(RhHgQc=^Zjr5goFnFbtr8b@m{M9=orqki%g~~Em1^3Y7H6eaJaJ@^o0z>59hlQ= z5>nPy&KHIXs`k)ttaxaHfD`NKH0fZ7pp9aDwSN!sCS1~_nuvMHJ?_VmbGRgkB^gwv-_+oW3 z8~b{|m>OOC*oa)}UHlbqiq7Y4-6kkgrK}w$G!-@CLH&BLXtU@?#EDZej)lO%xKv63 z<=l~JTO2-s>Q$OxSy@C3CM|EK*||Mjh0zXfJ+pXZ72O)lv(@&Jh)`z(TzJ=&mTUIj zU4#p>KaL~y`{Ycxu`ToO^gQfcyosfr8Mx7Wm|cGqzKQH#mYPU7;AGnriis+QDhJ|+ zzF3DQehU@DF=i=?fV-%rEmiGJg@n(35@~Hr{)cQ7YwK~bt zP~XKRz1-q%{V2M}c8H&B@0prBSGOZIG(Ui?6paMs2{i1T#&h;tKmCARTUqxxz_!iQ z0I>{Wl=tQwB?(vj%o}EC&>xDn6{||^*PsEbes~@7uDV4(mNCg7JMMRr8B0}w5LMD5R zQ?Q&U9g5{Yf>o!nCA$DOMk6N)qioR;nhv>GO;(Gu4ht0pPdcTA2~_(JgMU_}8%Xlw zs-Y5!lol;5J0#am$92RxQKNuA8D}b-Rnow^>STvQRR$}4wTfZ(PPmN(;DgG9osEwd zz!AcyI3ucl(}j|rcG9+_kWyH>Wq44S-=;=XfiHwXS0tENw@(3V!b8xHtbNR%uMXfr zsv_wID<(&z`?lkSJTeBD|AbmTh5ms5s-&5wA8r0Aw?G<-G5y3@Ca$dvyF+1!M-QSx z$HYZKF_;qgH_*MB*Twm=B&J6S7rm-OSBR~44;8dPmP1P%OsWv zQ3&*avgtH+htIQ7-zx1YK35N7`Jz00QdH;0RD7nYcQbdWKpMLJ#f7RjjCG4hf0DRD zz*r(wE#FpR=pY(r2Lhw&-l8Kcs`-Tqq^U)8#9(nJRvJkg(26dZsK6py>Aql@JMag@ zB=+Sz0jJjH#YGb_^+JZED7pIMrZwVE$2nC1T|9a$KjG%WW{{SBYDFniEpm_aHR*H* z#K~?a_zkBH*=ajDjC)(H_RA^gU4Yvm@k|wy85kl#ZCw=E|6}T_0;=q`uGw^#ba!`1 zNq2X5H-dCNba#VvC=G&0H%K=~H%OOs|NA}X|6b44zSz&jiZRC;bFCR+Hk=12PeTP) zinBr^we7z*BIv3rb#mwqcz$SfZJ*q69|$wnLaaSqOXX)WI^&Ul9dLuS{*cwfm*eJT zG-l>(H}C_vg0yxx#i`VEG|LBwbasNYM90pvKjdG&v!-t z4MXp{qF~3%8BVZpZcP=KKw7w{oIuJ*j@b`$t&8b8RO>c=Iy0GyH?<@~EnHy#3p#F1tR_{8ry)9I^gB8+L7uu}{$3E}HA?61(<=iox>6 zJZ^DX1%ZS1m3yM#FV7z&a7o`4AFW+^#gsxH5wG)~ZtfOKgl2%3kCJ`;YH#o-oQQNAS+~)W73bl;w}sjl zr#*QvANOY1!kilU6ZeJLA;zb%ncwCye9Y1Gjxv{KBkRW0UgE0e}%lOn%1Z zGq^j{J~e7UUjBpV&{3p{lW_{275VT?cGCCw?J}ip2IbR-UWAFszYorCi+IoNyV8Ha z?w(;pocaCct&_0*@2P8pkiElCnqTVVu`^f77>k-3+NNGJy-cByF%FKLF14f?&0LIc zQt-<8jgw0vUA=(tkidLFTG02nG5aUEy&_+g#@%zf{2J;U8oN8uT@1D0G<&~+RM^}M zrazJr>2-38>JhOFY(}hcqBuo+Aq*G7c!O{HsTPi%CUr-P3ae4< zSrnO@SUnavl59Qn!3ati3Pe~vytfTp(PGIKE+R#(Wimis1_HfqGyKj6W?MU2L0Vo( z^nbl>j4}eOo?U4*Xu}c1f+LE<7EyOp=_$U&td&itMlY1q>;O4gkIh>4@4|nCK6)BA zJ=@g~lxQ=Y_Kbmk^!>&j$6?)NJg(vuk#-i2-20F#AWMZIMd3};8aKOBt3&M2!Q4TAY4NlbC3m*W)v_xbq{xmEWM<)IbW3QJru zI#*?QB0l~mI+5VV%{?Y4Nda<$Ez;+uq+D5o5}i#~BlWA41k@U-Jd?vgrt~+s7e>8< zr#1&V&&J_#^U^U)SATS+P;ux~hj$&DvFEJA+@GMZ+~|V*ZXtf^uI!^l>Y*3$Y!+0f z9wEbja43XDgiauJ;cB7F=5%P;?FfE`(rL9}z0jQPhG9O%m;s)US%AwDv8e~qR82ds zU9~+rkq8Hvvg$pd8&t3L7juz?KvqTSX9V~U%2XZHDY73Clzil^lGZVEuG2S5n)*e3 z%#lz#r%JeEM`I-<$E&B9q7W(zcwG!>Y=cXJwn}*ZD(6Lq#PwuSSszz=PtykTd+fyz z5jVdHo|yq{-v|cHc7t2dmR(qqdC$7yietu?X(tmlGegD&eCXC2`Fs)Q*;1!NyYtlx zEz-6mD=+o@1`KFr5J3h+dIc&KE9%FdpgLCW5lUJsPy6eGy z<=RKOBhK6rcX=AuwQzM*Q+J#NMaCaJ3={5z(G$QvQ$1a53NLv876;}7*G|S08CjHZ z7{=f)uG`bn(04h<|Ff4`C^h?94O@{OhZkM(;kxK)ilSQ1hlEO`(mX%rvql0C8o!fLN6;2-9Q+xe(UJ(PiT&+I(vF(rRx2F}v@S1P9JyU#mL81%1nh=T- zNu{bw0|oO9WYhz|_0z;w*|{|o2-%r%(LcMU@wwA}T#J{d)grdNn}qK|r1&XfP3bm0 zCFosLWIA;j%_kVu@%_R=W$N+$t7ebM(W9rNvwLw833GM$4Pm*=UnokJ0yapa63RrhU&-b~OUN_k09{w0@bdee*P z8B$=<!-GxoaqVOOyni3vYU51?40}cK zZN^CBC^VyU1h{RIQrMUN{Q=r0NFr`|?>b9gq6JYw33+;CTt4}T_t9;%@#h0hnduaZ`&e+7@Jjc~as z4p39rl!YWbtAu{YxH6Q8hqXSJ?RUx_8<2NlG2)Mj$=Eh%$J*a6MP)J4>z5=F*UiJy zneeV7gBextjpmXWAycw3Se}H*iTSIj4h-0uy$&@E+O?njGoI=F-`%=)7oKG3gGfDp z1Q0e&Oq(ov*LF@>iN{!lXiAQ_+3J2%3`qb^*Arg?UIuQNyIfHH;WjBoBM>_AhG2dN zDQgSi4weHh_Y_kT*7`xEJi&zVGJE1sf|2)kGmT`J_-OkXd_f>yVB<^t&~P^~oE^KC zk)GWvd)W;AEYB)hi2%RtWQ0eHPF{oA)A*Tei3J_-Stn1(j1je9FdWLoT}?4pFQApZ z$~e;1oDDvAY!5tlWB!;?@Z3AG_WywAZj1pt_H}MwtC2LBPS?4TzY-r|CK*=uY#}q` z!$6DQe}x+GPYy2G+~%KBZI_3dFqH@nxKMs6V}wFfW+iy{lr!GYb+4|-UspWqm5ryi z>%2FaI%H#N0o*kOO$KOo&p((S2^&A>o>kN6_XLILDX@NOYaU=`*LXdx67JxlzG-7E z`t)4tmmIGLO=0K=&n`?-jhar+H7zhF?tQq}!&YjzGIq1gY>FOlc8=MC3 ztL$j=?=-CNW>>afaPrPWvKGT3cHEA1`Lle|x91w%aBi3e%B{;ojDMv(yte&$68982 z-+$YBxh{i(V7)JVQ){iT^YL;3w)4ZDB4n;Y*U6ooUrq$=h4YOfS^wU$lL4QJdAE$oFRh1ex_Osq`yq8@@Gl&NR3@g1MHRQQKkI{cEoE#KLb#Alr~$Pc zaP7T+vtWi%iVS?P8ISa+Jn3A?9(Vq^ z2;df=$6CBT^3(XrykX^fn{g*=^s%E!-&zDN8$ea-!l1ppT?}r&s$W0cE2P>zJLR?1 zH+W6aFY@G^Xia=b~Gpvd7+YZ9|i3A_?sF{0m2;EA}2l$^?_y|bWXx{@+Dm#T$56H&r!YaQW zwR+UDPd7u4?zJDa<5Brp$nI~+2RfR|xWEoU&D-^;;N!L=)v5p$Yhi|4$3ljmGg zafGfqI)^%KQcYlL>%;rM%1y)?xLBO2^m15$%oWet`Rxz0wIBVtNj&D=t^whvxZ%U8 z>CZX)EB1KGl<4fo_94|$dQRn0HOKV`zg?QP_TigOox(i|#&E+czb?RqqC2}XJ#*uT zG2}_Wj6ikat0%?B)>gBEoDA_SMk;(dpzw$!Hu&!brZ%y|%UY^{DE$^&pd;_r_XU_`XhzKue7!Hn)BLb!2s5J4O)qr(K+Tnw?lqWJHosM{oa z1;l9yy>CVeK>;`eKd8b-553VEyFX+IrXgg8P^pP@uo%r&hM1loRBw5U2Tl##>@1ke zs6w`#ePDpHDI+(!J;nck?L2kgdM5dPS~%X1=XIcSXUFjv%6M{%st%JMX+!L#+WPrh z{^%4@aY7M>Z&O~E;*|tB^TCe}yVKA!kTXy5WFG8z!OQ2#a~K{k8kz!OV8A)PDFT z2L8enrw$j2D6!nPHFU*T4XunLE2ME2z_;|Ii-d(g^Jp2Dq9^m?+oNY9-^#7x@EBmN zVmPEX>cgy6^c&f^ngKg%ofJ>~&daN6KOCPfh3f_xDnyycwDhJ&T_9!UMkv{;J?*Ym6<=jmVV{dTOFWGjN4`PtmM7Q4&3N z*1iXgzq`dYxv6fceOV6F4155eIluX&jHA54XU>?b;}FbPTfF$qY~{H2Y zC04f~)kTD((OUKETi@44K3w(S)@`U{MbyS5aLr43W~vFX)6L8~D7UE#G?P&@?;HH6 za5Q6i_G|oPC)uE8D`M2BUJZNhS*Os9##n+$yqHiuPP%jk>c0nygXU>`pM9L;2Au8r zXX!qVag8{CQGFj{o4Tb?jBHI{iTXt~3x{2rHJ@plidNMShN`wNFg1oEO2>$0WO4nD zyDv-X@3ay}O$aQt+2d*?St2;3$9lO}F?c*sJk8SW8Ec%k4Ikid>FO%7pO1O^%~>N% zFiJiF?k)slwS7y0k|Qp#)mo0nU57}#H%Z5$-K{@_`UgbVgSBe>I|H>+9$4`wfMKgk zV~(7+XE?&!9^3!j1wNgv95~fO5y~Sz7{jUGXi)9RXOZHcO zjgiknsy65dB(mX7dDvc!wx2ozTBV)!aGyK0`f+8f_udc=VG+m2td!616Q3f!wR{R) z#;SO2pp%2VNeUB}hs-~K1!qT?F%(LbES52SfIepH9H>2u=z<_mc_967wjO-X11bK* z+Yr%n0!OtN&H`UyzyvuJl6Z0&7kPjt4wCRtCh4xnKVSW4)fE0y1ca=A6R_AwdD~L^ z9gMD>-2o+L#UY%d?}8F)(DPU)CZhZn=vA7((i0Kj~65q zJt6td+j-8xxLXovsbW|7)LH2<`9ua7*niGRs;wEl5Ro2K6a;$G|@Tfkt_b0 z>dz_41V>KA|KvzUpj3$63YH_XSZ25^vfnch<<0sIwqPShXbKWy#S_~>#JB0S)T_jj z-FeCsJ!)J#viq`Oo?=5cBX3^cJ1^#*0i-#+QDjAo89=)ZEJ{pM1qA-P!BCwgs3tPm zmJl^=t2N?o;h{23+$pCp6_1D=3co6>_T{VndEX*Eoki!`{PICTP;O!uXsEbQpICFP z&~4uPveMPlStDo6b;vnS{C&)R;?{=OzjOrp8UWaCrJM4Jg=!wWCmM0=;!q}LuFV$LilxXFDfCd_?odNks<0e6 z9En@0L1Uu$Wep5t$I;1jitn7;9;jIT^ZRWHGC;*H1`-}#ee_U&sbzD#02yo}9Ghw$ z`0GR=wZTn?NM5Jwh%g_I)u+=VtP&p3Hh8(q+i}i~N3VOGkt0^V{0T z;fU%xhmKbh|Hh2g1P}p8J7Ycplml$T%0`3>h;Cn#S&^;2{X|`eSSyxplk#OCV8|A@ zYvP5*s-UI+zceacX#nxZKZj3M-GglJlKw6Mtvn{R;8QQUK6 zXu(YLX~k(M!LuJ8WTZB_&WST`R(RqLSEwHj3i+TdJfD*I5HS~Y9d1h_9)=S$4b}E< zibAZ{7{b^9CEc`)+f3*9S@gf?=qVHxAL^n-=>emI$Y{Z4$A>p(cE7)c*@@T9rrBOk z6}qOtQ9XVfUldS&yuPG<>uU5`@6sW^yxM!b^@K(MRzqj*sGmbZAY>B6aoQTB71reS zrp|pCx!J8Ul=6zL*0k4JS0|5>&SbtjWDuBDLq!=JA3yvSOcAeQ zXg>L|O%bFqIm<(Jp2HfO!>q7s?D^F^gTmGXw@YoIzPiyabNu|L9sY6I!sg>o>9h;L$dh*$yDUy(-B zNP`LyNiMp+h>B@D5*x&bgQu{qfcjU9ve~ln{W%}rb*67aP66kzAg9dYUM+VpYx5Hl z+X?0M8)~%=5!Gf((*aTBwN;;XJ_;;FukoB-UX+jp;q)1y1wMQc3( zhRx5GY;hUPp!-|_FMG~km&+ZL;xo&Vk*+o78o2k)%N}8q0xOmcZMYvlY(SjPr#t1{ zr>V}Loz7myLZ;8CEQ|E!tijy=YN^xLoJUcUK6t@tx21L)gO02Ij?yGj6=L=&ux(v|xFbOe%0Ox{I+Y*%VgTw)5<$j0Azu zU_4>?Z@1JOEI34|1`#M8n1W^E-${JRAxjp3r%0s83=5Eu+lbK0uvM_>rVAnx&FwdX z6U-qC{_E*pBL~a83L;Q|aRrD@vft~Ad_-05Z=u|P@R@Lr6;XEoCK)&pZ#=;lPcmoQ z)UBOhgw|I+NuDkzE?3ATjStUo9nc?lxprMpa`L_h)wa;APF7HB3rUr5B-4;vn=qXy zt;v?Iv;RFer17kP)^5swp<~U?_bKN;cv|h*4ZLpUibb@U0Y={<#6V*eWeB?qhtT)} zep~+wqYKNwFfxws0qS-Z*0vfvMTggNu-iS(!ys#fAJm-MdB#C>2%ibh6NHToYXmmc zs%jQgDpf58ee`dtj-uZeIhDziF%_F5AcgED+^qcP8Bb0%(!Nn*tPAjj*_YsvZ5V(5 zDAwM@ad?N%B)+F5ZtnSM&@QRCetQy*dBZel@}}de*R?B=vb|Wr;l#%8`{&2W-_FqK z5p>IBvEQwqN4?giv-T#N-YSs&PCdQ~FltZ>3g$)%i)Y{;{?IUWq~wZ)D6h;Kh9S!x z!w2J1Mkt0ec_$}{Xdj5(MV){z`6)6KA~F^tVXBivp+pI(Bz*A@2GgjGIpHz^|MxzR zjGLG8;chp!In@wWZE*8A&<)kLpZk8N@Ifr$q{-^3^Ulw%2HyCJ6zMmF#s&QZiFr{|eTy4ZwW#%RJ2;qL; zwIx^q2rQ=)p?YNyt0)q6nmMwI{qRZxoh(%qN|A#<#g1G5i<3z&Uo;(Hc?u8H)b?CW4k zPT5YTisM$S>>C|5w*(&&uv1XE*fp2^k+FE{vzjHM&oVqRziI^?mUu6 z+<;}3=8QX-ufWrGjAn*2)%G?;m3b}Y`6?0eQGd6r3QzV-C_i&Htb6XZYuT~Hz6uX! z?xgO0P}#aUiOh%Gzcy-5Atax$)R8%re|6%i0Hkci$m)SUoOFj0~nx6u*9LW}jfc{MzXf zp83pSf^f~4X=7H2;{i3dKUw70;BWZy@}hT)elcQ3lDF>}qlMQY{|AC)y5cIVV!WLl z@%Ugne&h3v=PY!r}!;v&5(`S+cnyccLO&qwB2t79x%J=J~C< zJl7q1yADvq*Kdvlf=1)YBoDS|;dkH^EV3AzQOC(Nz zOGQoAgd!cS&(>O%p49$Il=2BkQV~{N)io{Asfv3mQjIa+aq^u+ZC&pRjDHq8W;;66 z(sWIADO1W|h^MrTqFAQ()esw~y$uSmst=lqQ?S75@0ztjT0xj^m3+whv6dERG8SpQ zrDWS^(oxq`Nr=f>^o`EkJ6ck+r_h@{P|Y-!TovvX{YOL z3<#WjXs!s_jlyg-S#t|vp1g~=A}2#Z7)iw_QjtP%mPh%@v9dv6jN|T z>$>G6`1fRhA)vQXsm;58uFfd!ZtgzK{EZhfrj75oUBjia2}@VO#57vdBj`4l=%Lql z9>iL9p!aHYr{ZiB^?pCtWPB2~O!Mp-_d4i4_^lIwNl`s>l3qw!SDIeXX1bCh<}zd} ztK_D42)O6eIlF^HoNn4lO3!C^%a<9)fTA@MkQ<*aDqoCObLGc?jlmqq2gSZUH=y)` zL%MIQ^9f(Ogx^kH`q4u2H<8}IIrlZ@y}l0nzOJI&pbhSHzI1o(z7=K zRWLx<6ugEQrD`XgY*IgVkOT9$Qd7u>5t`n=N#uW$Kz}xp6n8Z|@OOzrYM~zRu_*40 z4iM8g^1D&5S%@jnnOX0RKPzg^h*QtjI|*0)dOK_M)q3ApvBS)uBBC3MBg3&NA?S2c zMZVu&K|&}o{bZZ}vLRUCd)?;?bjK-hhwV~(c!hd={#uR7b~8<;TW$VSqUA%muJGFQ zgF~WA%Cx`8)Cs{32kR@Gtxr5rNV;20{qJvp)n|- zPw@s6V9tR5hckM|O)y&Swu51g@g5J|0t4K+o8U-2rRi?eb1Z0lD4lkne=|9NBgYd2 z*Uxfnx${hP##NgnNR&nktN46Y6&6wbAc{z1%M@K8Mw%Fu$e9HaLgW?Ye>yIps0>Ow zl7?$tBnb!D13-XY2q*c-hngLT6ymVEG|^x0cr2;fH7kTSz&Thu;oq+zsR!+7D5yg znn-S!_4_QjhPTDNwE5(zm!K&HC;I-d$~@;|^U8V?Q3)S3soVFLmgteD9V%7S zi2NpW$>Rp3b$@6ZVG;4Vbo;a}wA@^V9xW6cDaIdUyo_W~*c67nTrw{sHQR&wN@c>T^4>l<5(XjGNx_}E-= z5Sz#ffmA2Hq-hM;;wl77Uj$%auRSL6DnMsgrosC3RmXnuL*JW5{9>-ipai}2@LACn zEncOtO5aiT&fiPcZjlY~Jq>d~^fZp1_Vw1YAdhZVVsKRNSG5*}uczf-Yv z;wWD+!on^5L~b45Zm;gU^S39mJ$>K>b{1d6FgW{43_p3)PHrj9QZ>D z$_UK|sRAJPI2D3aVp+p$3i~)p3~D~OsF>1(M5IphS6l3Oos4(4RDKaEm+*ekpO%d0 z>bWhj{dK>vo61OUw5IxpSrBW#eeE)Os}Hz4yaD{42S0X!%PVdeclf`MlD_(NJSGUg zdA%Ic`bL!m-HdEq-=}?3-9b!C0uJoo->81A$pX;e?Cz&tH5|xd?2*bQ>)N`^^H~e` zHSA_=X2^Xe3TfP<9S@?^Qlu!5d@9D&A@Oyo5N&1YDk&kWvD}3@1bm9-s0{wC#dnZJ zcn>5f@^mTB>$O0gl}L**hI4? zwIT>l!rycV!5v+b4;z@AzIUc_lS|m2ab5u8hI}i_peY1t1MMiv74a190$RwQza=l6 z3HGp$acgjg-;41mO1i(nT?qmd%)1NXm4}95CF5;0>?z`si1G3F!E*lM0h^xvkX1!n zdeXLuEJ{grVWmtF^c7yTm`1HYh_A=2-dYYuM4pFydG7u0;K)vZ})e17G%28+>a zY%Fx7Cz5M`yAvXT-Yso|pI^@2&ZODHJ@4q?psrA7%w918J35`XQUN+&p{5Z!2GFJ{ z$$p{|-r)DwvlPwh`E%JtJ33f;B980T5VC}ADAulRY}23`XeG@ak&eB>b$`EbM%)5n z5nl*lQL98W7+~o}$qD|o8S8NG#Ceg}f*2+1(_(5Kl?x;_k!aK5H4(reI5>F7 z_sZlGpD^qC3^B+9cSx;^MLyn_8A=W{BcGMR#H@}Pp^H<;76ItBd-(Oqvi`m8x)>+x zxZg;*-d6kF%QJW}TI!kGm)q@OxsxTY$zZ_mCTmcJR8tY*+6U!qhR)*G9;`ponR1N-jE&;#}4_5Vl+*6*$}vdbjV_GnsRq?r<|{KYczjm zyZ{sUc}(@vB|cg>rg(dY2wS)xG$DF#;?iBTm@q_9K+m(ukw5jpoN83=H*Ubs?ZrIn z{hd&>zYYh4HM-FAx$M0&y)Tk5bzil!SPae}ZtWLT!zRNQKY?Y#4lIF1fBC0OW1EME z@1Cr0oIdYhnv?&sPIaJ$|6jArQvi*ay6rCYdm^4D8^(8daaX3WS zwvskKKW#_Y8quhV=sKOsS7Ym|V$env{Qs)f8eB3I!0R1VRCDUu*>bTbMuJoA>=p+^ z?UX58-$%#yAvQicb0y4`ZqG%et47LK+FT@IWW zIjKKZ0;HXYU**G`(ERAaO(yarfBAejTa|$5qbGf38i`0y7kb8nW7EFM48&H|VwFjp z=Z^aGok~)Lg*SSBuJ(#)GSR|<^sDmUw-HFT5TPybm0qa)k|u;lTs+zzTGoIW5BN5* z7~)=or*C?9w?sBA3dio{PeaC2a11~z5yYg-ZiVgsuS_EdM=fY{H`ZsXrVd(Z53kf( zAxMjO>h^aIFy}!5LCBT?-i(%x&KTk_N6Z%OpeYo4K{0!gZytdwX+|$?PB$hkm!D6y zzJK2!vFw3sc8SLw_q@cA``H`fD47HsDEM2D-N#1LKD$<7Zl8tP`p!iejll_!&xdzJ zFcxmvATM~IYq6zFqkGRg+?y|1f8mlGmXN~a2R9rnsY?PKAX>y^`3%^|(3M^&<7o9z zu#_ik5-8RGt<@W94?Eo3#Xt!R08(9Q-S2)F3Uf80ybEwSs=s0Ez=Q1Q&?_Zg{msT= z5Tf1H-r6yRKFaqBXf11NG@NdAtfi0VZ7iAi25vbog4(|aqSkw)%Uxi8$x_PkZ+zTL zBOJQrHR%rDTX{P&pbEhKob!@U^Sc8_(SPsq1R$M!y(3@I_*;#t~O9w{YlusL73{P((fcAQ!{RksaD)+=F9D%q=;J0Pz8H*KP zpzX<^aR-5>(z^m+N~X9)q3>u)ty?hNJ!$VFUhsH-qT&Bf8Q&YlpPbW;L$@>n9MiK* zBzh5)amyF#W;3V>%sjJ~YTTq_CRKl>dCEM5Bi~F%eh@=cI-2 zPsSJKCw#x7GlCoZbzX|EU7)WxT22XQB@{0PD5SX?d7Gpfr!SelTO5BRn*WtNya8P? zek`S-n!=v<$cX6Gx>OLoPf|4LJ^KG@x zn5V2kHP&dnyLPrHi9~LAn1dY=P6lQd`oYp(y0}Crcm7LwfK`UojnF74Te)4+8qQ~(^6v}=5s2>BdCr1TE3Xpq zu4cV=)rZDzACQ=r9!b6e{yDEV2#*VU6|lCw^<+_dmEM}1Bvcr#-iKE+DD~N&4|z$y z0;;xA@_a1VQntHKpqJyxBEb4F?_l)j9cLTY(`$0*n}+$`z30T>z`2#hih7+bpi(~C z>f*=H#!s|%{LnP`W93Gh(T7)HVk_mSrf>R@GFt!yNV%E^5TI4Qq%hgRBxnP02SrDFgea z$+}{{f9(LP0~vVx=f=oiZw#0Yf>45UFea?v&akNj(ZHOvW_*&(NT~#g>U|}s9JAVq z-Z6A)2$*4w-|Jki{(*M@C>!mh&1x*QJr3S&T`iavHJsfyhz*#gu_<{$IY3yv{c350 z{roWD(hwe43GB8n^0d>5%y6Z7{J?Zpw%0`U5N>A8V5|b4KKH5TzU=a|BCpE5pV^d} z7fODg`v^_w6wP2}d@^8&ouTVR#*+td%=tKb#}rCme!`1i`*>EcTgG!{l>GilkWX?a z_ySR?E1hM+ub!`VCz=Qm;VOf11!1e}_QwHyt6U3b`F-wlh#C*T=T?62juVikaol_e z;Jpq6yxcI>12f%I-T6aLJx!?9qLOZ0;60WC5ouhzs7%v}43II{lfZ(m`hJ?5W{$W^ zQN7K|`%h4^BKT8v#3Y17{~!Ljq9LJFrt@JKCSoBuIk~&o5mgEd^WDaYpjd{V6u7nQ z|-xG6cf=EE#}-)mK$!tO*La{CkQ0Jl}nI_cE=oRRDht z8Y8UkiIwHk9ee*7?H{8r>k?H-!v6uG6g<(xmCNoVZDJRj+gfT&Cr79Hz`2cMj!@U`rxb(BaHtBmNH z#H?kmhAamU1BiymJ8gQCJAaidvRz#sK387d0~SqFc;q}dE&xiEJM!CP#$z>z9MqUW zR0HAyM2c>Dg60=a5nbI1oJwlrF0vWQ1VopCw3BrK3kV%Y6PKxZk_;o(6-pKO7j-Y@ zcMn5oz>)wOWHJ_Ut3p??VzlSiWS%wOnDvDz!}fH=H>W$uNw!y8xBPw4a4%?e(Vql* z5`zs>$&QIVg_6u!!N?$HJGLayZg($P1)egnlbjX+o3%_~LNq1{8-eq$&0$%2!szPdaS+42Viy2>`&Iv?f(oE%gI@V`Rq|LLgQ8K(X$CbvVBwJI{c;Agx1;EUjIKc&(vJOd z`n=lp@!B4`gLf*Sa^r`W8mY>0rz22T&iK|O^y{c!?dhi;?7p~Q4Emg*LKP{b{d-K} zNiZL>i+MUkV(0-J{gJN27g@#o1$YO#u$N>iY8Rl*Ue4dk$&Z~66TM@x4Um4HFGnub*s;>bXT4ayJ26X74(o@c zna>dawIZ)l(c7RJ?PB~|cBqS2ZojJrJ;15WE>{KSeD?)VS7Y@u_g+-oy+Cu;N^S+Y zl?L*s#Y6Ja;~PlG!GeD_ODseZlL->dx;5*j?)=j)V)wjZkAB}%hpBR zfvLzfGIDDE9ps1x$<8;o^}juBu6k&d{(N(fk{IwTU$FmXRG#X&d>1j8%dq6jm^Y~g zbX8i;jqjuJG);6Gl0Jp1@juNi%xiUX-;oMcqZ$fm9#@CIgw1wgVnR9xC%0CYmj-f+ zM#WnfQm>E&zDoruslY;umbcKu9zY>+3R~LJVAA-p-p-K0{^=otb`Hi&OK(oy`R8~Q zH4#yP)uy5=?_5WRW*L_A@zuQ&`2Il229K^C$Qhs5IK1@Z>7~LTX0}Bt5|Q6H$N*=E zw=n*F%`R7l?KcoD@HDmr?5!dc^(qJMq|c3;QE8Zr>lKB7`TIS~W|d`NLprEO&u%#i zgxn)W0?TyO7w&C(K8{dg}v;}O?Wd~8?CEBbIAkok{^S> zyLp^jq(8uOS4AwDg~*Y8tw$}?qi;`ZEhoIN3Vk)7hZ041p_Cn7Sz2|Wlp7nE=JfC* z2%w1Ukm1Xw8B?;qYEpi^*HOygs|SY=^A5kufS7bz(Q|x^@dpxZJACwrVfDQYXM%5S zeLqC1=k=eFNklLzJD$PuX33y9*>yOL)BN{18sq(px9MOeQWxc-`zWeGJr)-_*vlKE zOK+U2)2B|NWvdx8@_fkJy(IB3J7sxy)4*z5yaTVUi50^gnPtXBJqQQHodMSXq6dA; zU~d3118N2&d($z?8-=G4B-AX^UvZibzbGu)FfzzkR?)1pwkLB|;5{?@IfMug(-xQb zYwO!&%J(l37v3&iLRhC6TU*;Kbw~;*Z$_OpJVR3uZIY3>tKYA;a>GW(TY>R_9%vp2 ziU+|$!)DU7Unhq)w8nDaymuM)I)Pz=@BQKdG_?MKvdI3)F7ofN!vaCDU>k=jdGry7 zC-cc>X>#>7eG;gDIX50VpOE0xi8yWu?U>K?H|9+9l$HABcL!mKI~U*!_tGn*-z53N z5bgastZvd>b+1?J^+7NFfYi_YzD~w&M0^SICvWEWzM3ILsiGE?x%B$(+JHK)Fw%SM z2y?jv4!!EOJILG}_}1NuYgE6Dl>$kJ$^3rrOmY%T600gvk^dZG;rK+*bIJ5$=wt;M z^Oh$M^jFV1;rKjm_-OJIz5M7-N8tgOpUv$GFH`$xO|sQHN@#GGZINakmnRa%PM<5DEjx#LPA`ZFY1(l*=52tpP; z@eYn?OZ@+s%2hi8DwMUIqF4Hcdt+WhIkl1%d>bqMBOlVO>_?Zo@uG$TH^}o{n{0fTywXP1EG> zduO4?hI^4UJOWZNd%ypTG5t~$%%^C29Q_esI{lP1;J%s09>X}KYw#&;p3OY%bM$wW zs3SVXv9tm)qK$tCs_KWg>AQt}DF|MzemI6&GHg;7J0Ri*>Dc2O^-u1Zn^ynEb9=t| zwbXS$UHEPJ^%6Lb(9AcYeeLiAGU$GQ3;9euHyS`ueKWDtdStrxN-zB&$6FtPx9v>w zFEM@)3cTuN?Df_#{&;aO88-Bh)d7$eP79;&m=Rp6simR-96kMjMdC`R4{Jd|^F^d1 z#c=>^=Sd@BBm03{BZu-{8}6VQF?lL0q`gseqmq0bse_DIH*cBW!HOQh8FGNF@q2d% zR!H{yXKpNvk8u9vE-c7__FvOd9_O(|(4TJ-`X*tzoTNj}8ZA|N7SPPLC{CPxRZskHbi^A@|2eZ&jar zglPFZJB3lFKm@&7(_rb?ICcLyk?E|}>?3hFurR5vbg5wNFYin&cvP$X^V}_;HMpbF zi96;rhSnZX4-1d%=%eD4>c9-pZ zyZo4l;tKg99+>Q%FTy`oayLTee*2aouv*{jK*OL`E>S%h~1qb+88i6aaLLS7GjenR9-A! zcFhrryeM*VOM)@DLr1}FH+T7qh=M;eEZu=P!8MY6f;=2L;vk~&d_Z=jX!+yrXaE-H z17N@}gtGP>qdY(Jsx*Q(B2rG?V8o@IO^$L9jko_Inuub4fsjb~`Z^&Gh+-Fb6@$mH z7dE&_@$~UxcKdX7!(+KhdpUPzbS(?9pH-W1@xFlSb^mx0Ne21{=I0}rb>#33JfjWN z*1djCKdcjD6fCC#6{+1Ek;t8hxl@IXYkjE511}uC`WqosvT)u&JWL2PoiJO2Px+-z zhTo>*IMTHgdnw4(wqTsJpfrbgGN4*P9N6{{H&$q0gId=oJs{g~&U0Cx(HcrABeztBQJ>o(~ zWL0Lsw}DK7mKLK^&%qiES??-RpLh|QF&h=~n?^G;&mtYgDPQSl`i)m?-zj1ObU>`a z?BS}9o+vMl4>Bj=k_l3!FFz6@iCZA@AL%j*Um);a0)iQzqPxW+vzaj|je<`1@K@t? z$Fn*PH}#by%vWqaGzv}#^sN)Je`$mQ=nf=~trS}}y3F4HUkPr^`Ke8P7#}~FZ0kPp3 zV&IiL65xF<3zUmL%Bua9Nce7P>+5pL`j@K*)r@=mKVG5~37>bI;Mh=0c3A>m57=l& z*R3(A)*W(5KRUUFT{-NEtvTrC^cRP-S?b#3q5UI?f20qXw!=qUQb7K+hrTxIGg^Q&*x+?cYwG7zXY5QCLgXCe=ktrbP`Hi1}e1i z8bthS4`^tctq0N0#9({)pm5DK*oXVaUE`^SgdO%oy;}HOA7-b$Re!u!{3DbsTnf9N zo3Z23{8dFbH0a5^CFst1J$IFp;P~AO#2esj((Sw>oWvv4i1qCY0%Z?_) z&Ss;q>81LuIJ6V%O%WC?hHp)cW{xu$brC$`TD++6PKsCYUkfc}dtZQ1%s3MYK1JZo zC6wth0QvXSeHo{v=hpB26<@y2LNvYPXYV|6vk!G*5_al0uDuV2@`lBddk)m(N^m|( zAXrRos_yx(`{@G^!o5)tJ;%Ubu*w!QI7$56W{A-pvVX|N2*rphaiFIQqHH(HcF45zr3yUsU!H8qYCjrJuB0m8lEZ(yq;fM zL##Unl@;>0FE>8oenu_{~WaMEK zk}U)Be@z8)B#;qoDcJv5N`cBSR8*iC7cCT`B92-H8y1QRHB>8bBbr}w(I_SY=%5SH zy&??A?TyCyQEyUj9REL}t~x5puL)CvNC`+IAgO?KtfYh>-6h@9EGfBwq@>is(jcAE z9n#(1F5TVnt@!=$4-dyZ3-8=_;?6wt+_`tO!}FFIZB_aIMw~| zTmNb}YC?JcVZ1k7B6-EdwFe(`^*Za}8ed(<-^Bt*963PO}uGA5r2!QdL;k^kD4h{C*=lIJ9`mNMt^u`rh7Rd>{9KDjkMa}S^Kq;Fc z3r$N$&Yz*)$GLX|!j^-jcgX^Lzfgj2hc*wGijD#+Fx9pXtk5hD@Z2+pvVB&^VE4uC ze8EUSxu%L;TX$DB^~^#J@r(^AWEK3Ah-wgja<*hCk45(v0Heq0f>OaPMDO2y??jC% z-W0I-@1{;4I%b1H&U*_GC-@(>4)edv$}U-o|wVElM;<( z_O;LLJ1{frUasgjB6}%yTf5NEa%nZrOnxo)2+Rbwg%cB6n^`pf%|2s0;F}0hZVV6( zM(Lc0NOz;`!7DAW8|gKs7j^7*dCL!NeQ2+mz)JLMQwJ;4&S3!MiW&JRT;?CU1oKvo zj!qWC2hgh_<6GUAcL7LpKX5~Bw+tXl>|hUoec_*q zKN7ztp|MZRD4 zEe+u@DLVjxgt!#x0*<{)A>?RfdA>*RoW}@)KJ1>hZG)s}w$HI2W93ghILZz+B<$SA zEJOJDFLan|2n_^U7h#?Vx1Y#!S{M8Ey*8HbZf-p9V+!xn_Yd-Lt{0Z%aX+8V-RkVu zS`9RYo#z^zJ5|jn=NGz9gZASE2xCVDU#?qJNlrQHUaD+G2x1Lc&C;NMNDmHs^Kq8WCs03K&S&HphkjKu3;;2tw=wV=laxTWSjek`S4eKa$kBT=-%ShOwU5Gkka-oMzc zVAy=yuC{WQ)0mZkJp9G3>E4H7F)cKp_=Ww|zAOl?5!rk6?#9h(&6+^|;8y?39D$-^ zPQAD5k(#FWyz^IWhPTx7Oor{p=5JH0BfN0$aTm`F67Mst4SS#yH{`Ha7;DKNb_`-2 zxNk?g&kjFj15kDeFQci(Hg-l*An#OpHH0}N> z-bNX6c}p0u^BDh)j^T|6bg@e_t{|0{G)Azg{A!IE}aUvPs756 zw0ktN`xq%QJBpDIYS4?vS=`aKZsz`{8V&auvz+#@_LRZ?z&H?w&{TE0Oqzye z7V#`kwGn4Lm`$dkV<&Q_dH2$k{pPg=h)ZJC^}DTxqNyG6*{D}c5ea+E+-m6STeiGD zx_KPZjK?DPyCDjpHXB+-!n*o1!vs6V@rfqRgqY9bkeJVlNk()xlA+!V1E&Y2Dw}Ng zwod5+*5;URj;?FeSBqYMP~$;aXqh}p**Xr;l{G%}+<5leW2tTncp3ug>qH$GRWMAn ztKwAn`*NJ2qS`*Vj;KOooOW-tUGf7E>jgz0J{^@v0>tM+aUCDAFuQZF z94QlQ$KyE}AuFZ5tQmv7Mi%bm+qnJi%52FQ1c4Cpt74r-rNg(y&HELQtnoDs5S-^* zo$7S(w}{dww0{d8mxDO1MO^~zE>L_96sRG3j2iD_=a_QqMsiq#o+x9ha}6!hmMakuZ!Ti9nR z&I*|X4g8pObk5UqsW1=kI3Y<9yG`L8Pkt*^FwOQ*Z$t1*dvOxqNy8M~L;M=hrv40!G7d7a%nxE85e!|G>qE z%H+{rO0VEprA%I#92W>=fa>YZ9rNCroT5c_PlsP7dpZn^nwPoq2zYZgSf@zeNq88l zUK?-ORC-LzPL6+RW$1EL5lPp??6vvnw&yg}m)x<*X6~z$T$$B7^w2OhON3ppQOo#h zqm*YAI983FFGXM{{Do7hq1HeGVqA|2DL;&;;F1OZ-?2d@G zK+J<(u6{}WJTq*ho4vbR^~7kOmo@RD?w_5{n}6qlV-a&*A+?WW&vV1M;`lX8r%6q2 zp(T4dL%!ErWVWad$_Ur6+3%#{7nYKzf>D%nB%S1s;NIJNN0GeHops%sduZ0z8mq)@ zUj03#i$n;tcv6^Fg%q$58Jzm(2M(#L)YFZ(`3>*I;vgS{7#B~X2vbja^y|&PtkfE7 z*R1u~p<*^XMy1zR=&4mk_$OS<$|tX8?#6`02$V3dHA~;tk5(RSiwnmi_&N=2&Y+ou4(Aln?tUy!Du?<3ATU7W z!Km#9^s?!X>|_g+WBgI#l1|?ZhJCPF)vEP;mqai0Og&NeaPDQw*@=dMOv;1PJBhV# zvcHXIlwSQ3j3`HK2M;FigQbWTy!K*;B&C;fYmxa?Mk3~7G~_KZ*5%ADO({0=E9jm5 z18)3fuN_-ZgR>^8iT-2+jBoRJxzv@Vkb{$9cTbnu88+py53KyEGSZJi4moDi(@?1u z!flTsfWQyG=uOFTr~C z)_pGDt+Kn=<5FoS0CN1Iz2BxYjx-H$`?)I5vr=)Fn`i~Pzl4IQ_Ok%}A26)UJu9+m z9{kS2B5_R;2w|Z4TvQ&k{kkyiTPmH^TY5R-dfAnGWnlLxZI`f-RmiB;zbJ6(wI*3C zZVyt>R;Z+fKr0(dXkSlw0-A8ZUg$p8Hu)l_)&3m%6?skdp!J-QwxfW1TL{#3moMm+ zO1dsW$Ndz2W5SG$%vQ%_{kJVXXZ4%)Ppujc@4}G@(=-#17^7$#OaATkbG+V_`_iF8 z_YSCHM*-6Iao zdJ8spW-vK=&HS=I+D2*LU@-B0fC% z0_^1yZB}@uRfS%9(+xrJHK5#8%mu?>_ft1xm%Tpl) zRrglt_{zLnZz1O4ZD@JZ#oCb(`soo%C;As_zOSSPcdw%mx-?lm(!3XSXEL-@`BHRW zaE&skREylbrAFf|plFhRYq+r{)KiO}{j;${ZUv6kGDX8sbDe;{tRWV?QaqEHu3PWg zzPs5sT4+vG=Ba?3de`l@OppRDOYuqG4@pJl+`h^|TUxaLWE86;XVI8GjbqGX=sA0_ z;5(iCSzNg_3*s!%+&7Riu53&Y@ihQ%SC$y)T#%}+4h~s5*{sQrq*{E&atuwy=R`kw z$yYV9#4E z-W10yOC>vsFIe)|zg5s?=RiI8Ls$h2UQ~3~UnQe-gD@5gKONI;p^G|sLJ%eM%NCbOzG)I95N|On zfo&o66+xG?#H@cy#$I3>V=H!9$ooDB`q?B-ODXNyQXi8Nr z7L{!(Te8j#>-N(W8oi0D>zwK|TL`K(b3TC(c^zVS7Qd5E8gTI>FP9LzKyg`{iB%u| zz7=}2eg%5KI2(ehg|MJqLY|Qf?i09t;{x=#h$jj={=lg*qR4ZqR(;OL{kz=@z93c` zOEsg`)et>(inB4l3HYOfA2c5K4B_Bsx8pRz{K|OImWiJ6ht+%?@u=GFP{WCg_FfP}g@k^)ZO>!^(D*gTI;+ zVdfbl<;1EO&tEiZ=?2)!_vRDFs%ZR*lxAu$B;)oBa-aSs^lxc3U*PhLClSYCsY#)| z2-p2>Z$zJ-9ksTZ<9g?O9v4nh6&PdFx+9`bEUTnaX?Q&$MG)(Y%@nilxn3^FJ#(SK zVVW;3?uYB4(-HZ#;pi4NN8MTXWoIWz*(h)*l$gwkjJ+&t4p#QcMw-!fU~|2V=aZ(e zjL|&KVO*7-tLAi13e$-F_DzVhChyrT+rjrxR#N?cS$P1;Q%xs+-_WgZS3EMmjPS{5 zuYT}Zc2+6$TZ3vZL3xoT$y*aAtL7(JaSpq8)qWT(>!a8s`U{E1@0U=TJCVEjV-m)j zqNfMH&@-Fojk=_q-`5wHq_ksg@=|CLzv~ z^26Q0u-`^sSn}oT7Xb)Zc<z%UZ;)c{B`oY4Gm72XNJ$tRcR4GLT z;^{e(sT*^7qUrIIkp#;H8>)%A!tgeZgLn@Gsya!7-EYJZRZl-8r-DP5KK`!!>A*NYef6@)Nt*l~iokqjYGb3h&5@TRG9jgg z|7WAnVj|Nv67z~VeTe@;#>my#Mv!Ls`8X|LJv7EcnPjBN$|B6_BLmgFVMXq&%{=$Y zDAyVGC!r_nD#up>Rt1ZE!~-?CZ!j_En^k4N?o;q2pqh6pOborSe&x%K^g{!|W0JB$ z1$uPwf9#h^Oq9w-Vm#RMrd`R9xjHAnnPeifSRVZLCAY6E)LBxJn%1yL&+_Zu7ORD; zy+%4VbLh6;SCp6;LYlmp;+pni-+b2q$8VR&|h;y}ZRhaO%lDCU-z_?D? zJt!BMh&z@{g2l|5 zxqpk+*2SQb^_j);2oC7~pmWDzbBEg3imsy9B)I*HdeC0QP#D_;mj#G=@zK4?MQ3*= z^h&_t_;sEj5-B8aa7j{$?Zx5DfTcn77-aybv4N%{8u_1A6s?$kQIruIE4+QC3O=3i zKzlB@I^u+^H1!83nh(oC9#0@5`Sh}|KGXk=4x~UF4__RPN0wjqYla~6lqiBx5pyJCDoz{=Q0+tyz7 z8gz@j&=-D9rCY4KbjyFA?tffyOY790pF&}QAhH3Z3Ur#&v*W*A}69nAkv7l))+)!5XikAo-GrL%3|shFMt>RQl>Uh>g%~< zjonhG$TiaDub7tWIogp?l%La7SUaPi(br9A{ke@zG=HI!5B{c(7w}5+ot9vG7emn} z+V_=KK36XC6OYOTqZHME0k)CjZg$!>m4$mWOY473lkZAp-b%${pt$eaGPov2_Lrvc zM4hgkkh&V0x>u1Tk-Pg`0ZC>UU*sxxa9#=hDmUB|m2)#*3e}>FK5EI?B>vX8uV$Cq zWS)52o8=lUb$j-dvtZ?gZql=zXajX;ao1a@xS@afaNt0LWzsKc&WaN@Nw8VBlYtm~ zd6ZEpFMR5_PP@wzC#WFr1~xEZvyAPSWDN{VR4xkCCZCQMf#>+Yfhh1))p5fO)o;Up zR#x+!&s}5Rm30*9?@@LujYXMmWx&6d6&O&XYIWzAWT^*7mASL#=(k`FZ8W+er!%ht z!)o3a0Ri9U$yO2WwRLrRbJb+1TKm>g8N3M*TQB1VK?sPByc_-vrWgee^+M~5@IO^$ z%klci`B#h^>Y#MxlICDa{93afNdQjd4+VTxV|CQQdc>t=4&s0KwqWXT{q`_S!Zw3M zbAicYaN1|};}+q>+Fxe$>jO^x%dbzpizjZ~Dj_W-my7hh@#U+Soz{Y(Ot4c;A2jFs z$~yWVirVgP0PD5o>Ui-b6B+`?oeoy1jAlc9bvxAwji>AHBz0nCHcUERJgqg%zyr>q z$2^dPyS^dL_0^GCi#dLfX;N-1j#sUZ;G`lCtTAHech|<+){sdw2g?lpd?r18ZlYqb zw|w=9V0&Ym7rdLM83m%keG`_hAd;xA?>50g%#++M!FEYN*Uy*8ar|_I5$|V;p8}#r z5B+5isY*xyrO_K|>{Hy=AIu6WGI+VJU|*E~%Q(N`rRcBU{%)eIHl{4ek+QwmYpysz z*wOYY{`2*$&PJc%T<*l~Pl4ed&#tUjLS|{m1#cU);LbZiTvr+wF)WUEE|$)nbQT+9 ztzSxDAWh4Dd!Rp8h(rB-qmZ5K7}# z>g8=;LHsMonev0AZlDU5S4!#;YSK*k+fXwT&-LHfLt?t7A~s z;O^ChuM6S&SWen9S>@W;L$bfEpQvwWP>tl9ydTR7&%C>UcAcCGXbVFuaIwuYrWQrx+hzJ8GnVn2mv0`Dvo^V<=H(mTvr zh1NLN!%F1&zlFaIsl&1DP=CgI?v~a92`xZReCZH)fN7rI$aBdRsEpzR?illd*+>I$ z2;=`YvVb@Qdr=!=j+_ck+y0gzc-Jrn9jw#2yp^zV59%CWURV8|v)Hm?m+PT))2KGE zvu625r4DRW#d1FpbKxRGVqVD@7Nj7OP+GuA>;Hi0_x_HH3otYw^A4)<4$R0ZiX+db zBqKAWIe!BE4)zt=h~+!#k8NjVeaw3`oVoHGs}V1BYOJF*;@k+z%y3aU z#)Ts840WF)RUOQqABNq=f%YCd$#ro@JMoZGoNZa#q66)LS+USg#QZkCUW!G>42rBD zVT)h$^Tax?gAppxGdFa~@SQr@Ms_ium&=vFwEnLrB)LtJv*_HN5;EuIOYAF#D(vgn z{#mA;YUWkbcjh$VPm#q*a^j8oGVid~WDD0PdCKUxI73j~t|kib9)PsnTwbmzB`IXL zWGQ5%vK8Q_8<_?Dq^Z7q&-vI7NeyVb&}ydH^NY1yaO^S+{2-C1_4(~@iJ_S~(8*+q zQmOAQbtY^DFx(BW&P-*6uXr<-o%&L_0w{|muTtSvXwv>U#(l9rn|T+w9(@pxDsXd$ z0-CwYR=T+fW|GDDk>!$i3RJcj80FxdCLR}lNMNFXkls!+rj*ngAGT!$Ewp#TS4?Qo zAyZ@dm;z8wr23B{EtUj}iOsN3*$y)%<-f!zI;_u3DHQH&yzv`>wnrg}YV3*bue$vz z$a!Ee%A~d%97FNAJ@jDi1#$x})`8P3RSbW{VX+gUW6l;dYt1%Lc)W;c?#C5;TPL8L zb6o@CVHs-qxB1oy7+-}dgXQG4g_5d4)}JOAnHa+TGD%9JkE4Tn)`f^ZNDwE$n~`VN zKEjMEQ26mx+?xS+a@?2L0?FRk{RfABq68D38;11u>i2Itmj^K3M>FoDyC<{;A=fB+ ze%WMUtO*Qg4Z?&2Z^upsY6FkV2dLO*$07B9-wEu4p3ZKD6h(^S`n)xXM6Qr)rXSbA z=CM~oUFp?9E{r&Wq2Hfy$m%=-$6ZB;M?G}%NtaGEJd`^;UkM@llW4gNc@6I9?PZ%v z3;fe3_M@gh18BhCq41>e?cgFPJTrp31b7h&F9XUp-f|IIC88*)#c0+%yy;a<8%t3Q zND0f#vj9$^-XUSUbflxd+jXHL8xx3gwfFRBD4HRjKKa$nU>>2Apfj=aU|g0BA!TX; z13H&TZZW=|IGlV2@jZdMG(Iub`0R2;#b3*@byi$Wn4vp(k9%7^pI))M52*Wc?ry7j ze`!pIqg_j8a6;Jwc9GSo-*juqnFs+c7*KOzSw3*@U!~neGStABA3|OqY~dw!Z~H}S zcig+ZERo_?jn@7XIk|Yj8lOyAKp{NC169|R5T(GKwB!i2`J0-~OO)JR2uJL;^=qm2 zGB%@3I#Ff1cy~W8klGOl*!+k*iII`PsS3bv_8qeLQOLN(QRc6?#4&XMcJ(3Ulr~BL zt<_FzlJ%2!afMt*j@7*rG&b-DUAJ!Qlj86-9!?Qe;yZbGJNjVe;=-k_QOuRwE!&+5 zESB#gSeOoJjbyD0fSYYTvR+Rqj66Q>(3~aMy(17y(0Jy}{BE1)thKrNnP6b7)up-f z)z9-adG8GEv9dVGLE$jdL$?SSjdb@2Sl&xFR77F^y9@V?J-?t)+Gm_tRfS)_U*ic8 z*TpyMi~!63VN@*!UQU-t+#Gc3&$XYo_!!i#JwZz+U{fCoA#e<`*w0!nm`oH0nQ-NC zZudx03~wE9z?n=qv1A38`i)ynwJHTmm-#!B82P zADL6UeAftLHhfs<{l4_G(+{JWDgU?~%2DPNYjGx7R}e6alXT7xKrx=7YkViEw)O61 z{CnUxi-BX-x)I1S=&#i?0R5$;Xw?+`DEZ~OCP_DY*re47dpFskeEK?(ZD}7x34tpf zM5fjMIo{@6OpDj@v!`62{TXtZva}^ClGi2k2zp}Fue}*^r4nlt-v%$krEA^h?bP|c z9pn`(TTMhUDmT{aw|?;Tk=RE(cNPbQu+(q%kcyL>%+Wx%qZ{e#CY9|~ z@~y)r9fyTWl!DSFQVdegHKHX*s`gXxU*ff?K}_rcOmq_W>IJ z>46>VpwKI?`m^cUv@wMQdz1I}uYUJe6R@ZVfsH@1SzD4ZxjV2zS@(S-1*In7%nS0! zZicK1cb0)*b!09umZ4dr$V;y#k|+3g)_{6s)<};T;m?9TV$~X<4U-_{GFVVlWc>_*@s8zhA|_hAg~3)i&bGI$+!tk`|--tOH}>^WK5OE`2t+64*%IofWi?!Zp60cN$Y z>+}4saK=5N@GFj~F~hAeQrczZWI7@|COs>1+f$BsJWK{qh6Q#m&VVYL!SPhjWMdTM z^vr|w`ePotUR+sAS{h#V#_%mMDisMxMOsI7GKkgA2yPZ^Z5MMEk+osIDe>nM2#E~; zfk&WB1!*E%V|b13Vfw7TwYsi2;S&zJEUh?{5LnmvMf!a4Zf;TgmTtP#(d6vqX0<>; z<+c#traefQcxd3NjwzAU@y%A=JgFDG6}SI{)g)UJgQuf_=j|NlJlT18YizARMJ|dx zM@u)?)^-lmt_|LmEiBZ2x z1e77OrTXT&-@g8^!ipUnaZF(b8It~q1UUK!<=SIKRC&>Bn3?WPuQEv3RuH&th^R||%F(zJJpE4>d_C?YSf3vX;{ zZniv@4pO+#)&-k3EzjO&oY0ZFdE>#4jYr$i+z*lsq!mp}ZNYUe`-qWZ^+efVVI;hHx!UkmScF zZNc{uxB74Ft0`QGe1qvIwd%b=L9N{6%%ZL&P&ZG;NSKbGb}UeUeWOh33hpzm6pKv3Ma)+;yD`` zt+r%&RuSa2eLw04#Ke&Q%q{b~8;X$@3j+%ArcOGTyZRi2kxII^fcEZP!R=6k(HVzF zPPrvkEwVV;O5P0C6l$}!qh!D+Cbe>LtOz@J_lBc(qsC)*H1)~E)0Yo?t=(WMhfi$N z;P)G%q~nx$WM~lSqWSz%6Ai}2QD__(?;Kjv9nno7zVR<|H!j1ap`pIFNcPCpSp&_2 zx6EQaa%Ep%8|mamNUt{cD)YZA0 z5~|)~810ibb^}Q#w?|E*Vhrw*>YzpQ-SLAM2);$%CYCtz~?F z4-qFkoXIqPJ@Jx6_-8D7+J)BD9Ylv#*Qu1pN90Kwdb?12X z@2P)h{e%zU63`_q?LfAk(`2f0`5?!pkx`P@Mj(q8?heW)+(xqlnYuImTND^=Kgx^> za;|LfV%!fSJUIfe_rlh+y=FC>EieZ}TRr9XNq+>ml?G^z%G5VfCGA}u+D`4=pDni% zFKwR7U6m}m)jWk=TnbME%AsS!W-jQKen?L`(9$bBx3;Fkl50b%Vzk&m5&4Ffuj}wS zQCd|R6a8(T@guEtm*q&WCXh<4=98i+VVCsDA>hZF;l#{Ik^ES42^2|wjPTF+5xdx_ zUk!5mljSw#4vA!5wo2yD4b)=TOUFC*=SB!Sq$(DJa^{sQ;%fz)89v>sqFDG-8CB~v zZ9uF&Vk$#9^hYK8NwIAUqKF5SMN2w(hW`*sNMIkZxBVQ5Xy$2sZQnoADNjtX!!1eDbO&G}=&{R2f>kmQ(Z;j**)Xr^4GFH5P5Yye7P}ob@TgC33_ii{-mbqUQ?7L)J-O zbI7>!L1cc%Ut`N_u3>X&dt9zQxN6>hIaj+&*-xx>L(gL|)P$EBHfu=<+yw4L65m8` z7S>2T$Oa)>XA()QLr2|X3oGU6N{{ArjC}818FI)Gs1AD3?g#~kKBZ!RgZF!m<}t6A z7F=QyiL7(a*v!4ll9nq^GQ1+HGUVbPwyma4S)*B-Z@>KEIhU^`Fwdhku)bTnr?x+G zynU8t-^er5k}t_LjCEwQGIn=&>(;gbz>x^G>Die0Nc|9OLc^%OzX}uee}SV>>j)zD zO?;yNOf1|&wZkqsyf^1)xmOAwf>!7c!1<@a46KN*2vN$#&kisRW+?fom=bz)?8b!( zG$n5_Rz*PpG|yZ=YucU?FSI8qk~Rt*LOh(W^6o2vY?or!x*i47aL*cM_Lp^6qZI<1 zXg_j(m3t*CtC*4e4IVVH@>eQDI9XYLz&j$G6{EzMdVfmg`Y;51Rh3`W2j;PDz(gbk zML&I$FnGYbN2xLhSt#g4A`{(VZMv(3Z}6hCDYGc+Q2%1x6`N}v9;7hj93Na;lb`dq zKNszeU0}{xWfq2^{E5%C7*vb0KA3&FIMxNaziX3ACqk_3DT&vXf3$y znkg8O*I1|Nbn$5iQ@+V!)R-???Ndt=Z!y`2+oJnu*Dot51! zGR}KH=2&f$g5(Y^K7vgu5Kwa7Q|BD0jL|1*oMc=7wrDy~Ty|eI`c&*$etwc6<{jWv z@-9{m31qQ{_kf(VqNlK)!!wsav6GICp7R zD?Vx@Vp|EsiT$3Vgn!6kpifJe!1z>>)_o5s_$CU#mLc$JU>fx3RG&+UY%5>Ee{OUs zO}k2fSO!+=YSu&xFC`OI=_gB@aO_-0?H#oVM{VpC-BS-F?E=r?gz&Qb3b!srhfjdp zC`8q83*O&?4xDmZBD2qGs9fp4!0!@dbfMA8t|?L_ePf<5VtO!QDBAF+PO!~lV*{9d z6tt}V3{SK1P~`MNcM!CAQ+|`O1rm50#+-$44kEKxI7X7y7zoL;qP`c@GFJuiK?sOte~PW>l!$ zCAa$^pHk_1Wi^lT+H<2zt&t97w8{fL>u>2OTIQdYzjqZZzzpwHyfvBJ{lvFVzWOXn zbI@VXD=8T^T4Cum3#V`H7yVF#j6bYSE}iFv%-Z3kMudyqAE=yAk8lBLC7~i z(ULHmP-Y_#?xCN#CLbA=d)brVfE6c z+}A?oe$2l#6|j6ncW>^D@2iS#Vl%p)+fS9y807jlfn0i#dETKrl9)qL&iux1b4Eyb z(*`g$&I!L{nqh&qC$;wV2_)}sg0B>A+506MQ3_{4HYM8Q`{k_*F+62(n#Q-WyzHHH ziGi7W`t$-CxIZ6qyihszAoW>1X}Xfha|L_RUqREb1;qcVvE|2RPxj|T`=DIL7HF|H z9-op$cHT47wU|v zjUHfJGm1KQVKy$%dz$Mn>VSp?pTt*&^E|g&a3r*LjNXd+M3C#T{qDNc14Q2AsJSPY zNVYv>K96gnQfH=$Rbp(tKo({j2X;+XYUv|h`|yWSZ^c6ONtd{<*1&3~nS9Fp__fWU zSEBzd%rBKhsg{;!aP_+yLf}E(ZNDgj32nA~X*?k@X3ychjKV$x_(J}P&*c@6!O+_J zNBq#w*RTtFUaHv7m1g?CC0U5VcvaJ*Q*@~o0hG8iaMGB-{B6dNfkK+_TB-F{7_evGOb@BB?se$? z7XOO4Jeme*cS~Oui3o3EyJ!TF12=E!wJ&nba{xN;teX3LL)-3)*fB8We6L^=t&z$$ z5`a7BYKBx*{^X=NU$E~GAv>~rHYt!`LYeJvWP2h@BMyim#a1rO!Xz4^WDF7Q|I(&} zZ>$oDB!pTL2#X=gY>(0EcRTE?BB)53M(MUckiZCwed1}QE!+6>N>x+KT%3jz=%fkQ z`DD-#EThowKaMQGus67NzvuCu<_m*y;&WcpD%UT3C7y3zwRS$&zPm*`3PPca%w?6k zT!efS`(uEG_dv>bzk*f*DIz(acEH`}rA;D*WT)#3;j4OT1T=fZ-G<|KgC29vqkFH9 zVMWr^Fli11$G?72^xC6ZOxHxHy!rd?Y}_2j?kzVWbZ;5f+qZw~)-+*ZMnpM+HZB%~ zNZ-4Mwq}iWWw~2nB>WxOF!?2N{Aqw76~f(E0Y2iAk6%39OQx-m8ax6|mCR<%IFHcQ z6xg#t|L04c!rg@wp@S4}J?1O$mNv+@VY8&1N?U2yNlNp>Pmj$PA#BNu1GR6<$|PKs zFkOCY!H+ir4(40ToOYuiBXxa3w@CoaIPiIA0Lo7_K+QXmsY{vx8A~|_u?bPS2j$2l z{-*8F@3ZgL`%M;T&@56?^2{(c6I7x>PQ!N`_00BZSrCvA_puj6OV%7W9HTFt*Hjf3 zCyB@l>%@0On&+sko1n;X!+_J9U-xk9!jh*8z4;CHSCwk{+D(g14i-QUgicFq(xxAK z<~?&07c>u#?hiFJ7?13pLqg4cM~nO!9!*=WBqaM){s-k?5JizUBTE7a-K+oR%xuoh z9eVkO6iW*$-Zr$%DXWoZcYTLdCnhIV#;w;x7;b!ePXc z2X~$JE!8yPcU6QY=m4TaNdaF$VJHBadWC)H>>iM~-%}uwy-bNJiN(!QM)5&MBRjQ* zps&*vMl9EVFhEYqwxxXDulsu;QueGdSBPw&i`+}~4u7@Y$qS^JLi z7VI|q$`@4Q5dzy%r}9s8j3?fyy_DY-Xu}%Zb=Jz52?4Fu#Yo=3D4q8udAyAZoZjbl z?d$^af^F@9gpUjBzR<#He9?!dF zYh*qn2q@wh@kSg$7iS@Fcg+v0+8dP%ra*2qqYqUw#h|n(iC;G>o2Ld>uTsdl%sc`xhfkgW^3$p<=v{6bwB3 zhg!6N^qUvj)lBwt?qF2*z@nTbJt?RLS3MmGPPS-&Si1(#mYq^qg~{e$vc7s^W-u_8 ziB_Gbe}Lse4^tDkG(~Mh--hK@bYZOOcSMFJm6EAJ8pu{vK(DO_e@0 zNNfv6#gQ9jx3&9eq>m#WVye@v?E0juD8kR=imO9{?=Q>=`ZMGy1U`sBH@+?7%1x?` z!rlt@mo#x~WLwMZh1YU~PVBe?@wfW#L%R5<8{L6nTM2xVZ$8!HhP~fLi+T3^w~r3f z``i@J^?n^Ft}tB0aZE3}zy@Rd0Vk2CK5yoR>#b+n885m`DSjH7 zM|^fLmBDcv|FNEUE_;}B@YWKmyL}>p^uZTzLqzOYF}vH5sI$F^kjYolmRxAEkHlDF zGT;qf~Og9{b7AB?#cSA5=p)G-)!OeTs2y)mb3sJPmlb3HNl_{vsGSF}r(H>~#G zx{?sb-ZrvriNV(8JU|4IEUnXhMON`-fsq6R+u#Llu9(elOOgb73nkgEOP~o*$o|UQ zmF%6k+g#72Y0bn$whGscL{i6o8Poyg)5*2lxnKXZ-L%_K!-8`Zm$HCB0fc}?1U@X) zg4*e0NV5db)?Su@FQ>%A`KVb!?EuULnSC#gHYUDQ(=m`mG&;tY{w zM;;}8Er$NF_M(US<@lneL0e*)Oy^V011%tL~UJUpvE_E^&8eEAA|14|?t; zl?kebmt=Y}B!j#WG_~tUYL?dRIC$v@untaE8ITz9c}~~QgqYAk0@lmxS7(UIrR@9kcDW z*6!(}9Bp`|OBG2E|M8#<0_ySvdrgz@8A=C-*1HSo^KLB<>HwMg)2o=ocMWUj z8WF=P0$~#{Rz~ShPB1(I!YkNGV=4p$N_bVU7y^Pdd_A}V0f7+|w|Mt+W^A{L-$>bY zeMNBowt!EO5yYjr7#o^F+_;v+GnipT+Q~mXzc-bnxhdQ9i-CP^yK2%c={wrBO9e0K zC4~QQOTnq>eu(@2;6iavm6Lbx3Bw=uA7WGn9*H{d&7>>`2rOqy*VsLE%&3#s2_+xe zY*N`3Bff6F@COA6uI~HX=%3xRjeYy-=ooet=9q2Q-g0HZRw4J3BszqTcf-x#Mzw!h zM%c`!$VU!C^Tj=1Pl|3rTB=Kv=$2HrS>6X4iNe`o`Hgg;%O8EuCFr4;dv(V56^phvmYrJY1jM#RS0I)chy!kTeO^>;rR&iEYz<2E|#$!A`oYy@-VDOS%y(-!C2%BZ~ z$ZS7NDE=am-))iET8O%Q^(dm)f_+KQ);{Fwr7;6~OZ#ARwSv_ztVv_M-%&23{{wg_ zN4&hHi~8Ox-VS4ff;N`!s&h*ws$kdfk~#(YlUL3Du7NxQh@yOOHZfzMQUj5pMtb*t z2!+zzV@g#tc+rn*e_JBUR}{45VhfW}M2u%Ed+ZI(YxD-QB)SWJLB5{$ z4_)a>xa{zb0ulCZvr%C|oSP40CN$k}3pY8(w>>A9!lm!nUyhTn)U8>BzG{6AYE0bg ze zb~s4mC9D^x8<^ENH^pRBHfgK>vMw!7kRGsD>srK5_hpEAhR% zylF>v2e1Ck81c?S10wSfwl6>}y7g}CyH7A9#Z=~=B0ohzGt?2$9*64CjBQB2iqOoj&w1)6U;U{Kq4siAvV2EpZ*9G79v=7kFx_oVnyUEF`F^*l6itNr)50PYs*DkH#(JxGqN4-L@!MZ zJkoBrn*6~rPF3PbV!(7e!0{2ir6K@f<@BEPjM0pf@BY?!>0ncDzG#J5;V_|X!rZl& zd$o6OzBMacpk_W{yu>|pJC z0sB8f>zE}z;+dD9LL%G1*XVKmSg~K{@cb;-#GNdU&bP7+?+=RCA!>y=pNEWtJR`^n zHuyzEmicsi-cnPO*j~03Mp>JV@u3?~4`Mn_yUFz5F?`u@lBNqBoZ3=NY`#mepkh7H z9b`D%-Ix3>ctn0bSJLtuK6s$W8C_QW-Dp|)=SMNh?}S^ zEf-{5xM}ToO`zIQGSDLGbpA~O@vZg+hpW%}at|51Od+e%Lk8&2K*}xy?Bk$eQIZj2 zg~L^UJr@_F6V0}aMrIU`rRDQZYdP-CV?FR|9FAS4I3ylsJly%P1DPh5yIYHOI%HHSNZB!^UWg290go zc7w*&##Ymyabvr&jg4*FR)cSw``+H~za+c)9SxqDdFC90Xr9hV)&XD5cP5?3_G$iq zZwmR=5A)u{!xTR5Fy@wHqO-y-99$T4cR6ZdvTgyRD7a!~WPR(Wp*cXI>a=@h6ggS1 z-ZPDT z;znHjT{a-#0M-D3VAMjQKrY|I9SO$rOusKMorQ;P5C1Oq8EjzB5Yp|;%jSjucC~i! zEBPSS6YY;SS2gM-M7T5Y3X6)OYZ{~@67b^k)~Q(+`gf4b3%%r=UJ^r9R#!{xJiZ3t z19luN5>X@NH%T-UC|zjp+ys)H)DPW)o!Om0)7J7f8Typ9r? zE!Q?Tkj)BwX>kT&QtaSo;l+OOCwU`)^8vW6%nAf>h%NKeE_uxA?S#59mb>5{ft@ap zu0Fc0Pqh}TIU7%QHM(;!dG)6|?hiDrV8?m`Z0(#+TiyG+!Y)e)ILcOFWQ&=}!PX1u zo5y`YLBa#XbjN}Gh$7&0rJKPCnmV5n4#AjtS;4AN!VnM?zeEdjB4dhu={e1)WCFBS zR>oF~*QBCfqaD{_qGwE=L%Jv@)5sp1+4iP~L)pUl437-B)Q5PtzAQ??sU2a~?D8@| z=X&t;dRl!VejC<3CIXDjWRsT!db)`Sni&kMsSO59j6u1PgqTePopdj}0S7f`mm_{l z!7wnmWz55<y!;}*|I=iKC5O9?#F}&LU=TOpp^=IZo?wpt zq+VxaOBGS5X1l4n@!LQ*H*%+QwmK5;bQ+b6p1HIt?Uivl zb|?myJQfnlPpoLogxs3vlV~?>6}KU(-JgIi8T=&r-X9ocapoortvd9Vv$N*@m#KdFR8rYjZ}1Ozx$jiPwO- zr>MSJ*}m{^mZ?~JeS1;;VA@A!p^2nv=i^?V4mZ^90XpodWGYS!L7JxPzFkab(C7a< z4gg3F=Q6TE=aCIMkE;YGf%6%)LGy+4XE>yhg}!T8B+?d_K<7jnZ_db0-NTCLk^L(5 zVA|C}8`+5kt&8AWbC*Cuv`b2)bhNsdLqu&&a0tyVY2g?Ep9^ps5w(4>)#tTn$xiSY%$=;;8q80e62$@nTVp@8bFr4 z2e&fCf76W+m+V>>>>;+uWvE=jcm3n)bi~nM*bAnC0}P1LXz_#qbDzmvIy#p5B3h^b z<{jrPXr7x9MR#0=YT+zSl()Qh&=mT-yYXoeVQ(H@?ZUIFRlAgHLDzBlgazSdD)q=am<%^_4mb7Ga z0+t5Zd;yr@RZ~z;Ecz%i;r#XlFtuqOzx0Ew+oSm_N-HzTYYfh}(3bPwHP^nNqz+VY zDezVOBt$fDe84Y$7Ni9(^z55>GR4f+<@4v0@`$)?6jRVG8Ka+=2JBqs5nM`TgXpO3 z;MP!?CEU>&2ZpB2Gxi?oO0#}MtVca5_sHTwlL}QQnKuNY{A+{66aXpIF~`b{JaQY6^JDTlj7`RHlPR1bvR( z1nG^aET@{)1nHan5ztPgxRkE2e>Ar&F|&s_b*8wD)d}~8N)MYS^?9Epf=tpqE3^6A zdA9(O70cn9nmFCfPcf{!8s-ux2|B>=pRZ*9d-NSKA5THAt-N?k@=Gn|JW*K~OvYqf zbA05tTsnU~cuqKVguW?Ga5&ummaD&ssF0=Wp$UQq z3BGhgyZQ<{;t$yuG6|8nuHP(ong%80@-7l6h*lP?_~lhj)@^|5N@w*(c?lDbR88p> z(+E_SNH@8jQwgn$nXLi!keV~Iw2hya7*uYc)8#HYW%vg-?LTc?)2OYKsRDy&8ez-_ zKD0qSVCmR3SWN-CyA2B*p(bOEYqZ@xAKIf5qgx)XQ!h|0uFr*&Ov{#4Wa)LWikGKj z%YZ@&sp13M@~}Jkv(}$b!z;%lK(~(*t4VzmiN|*$H3Rt5u-pIZfwtwJGWZ)y9lrk( z|Bcc0ZbP0fA+-)^4WvRET7@aL%Z-{|Xaq6tseshh1Z`pXn-5@wJBtgFFBPXd%+{{s zO|tZ4evr{RP1#a23%rY}w1gH@4c55Mjssp+6a|)+gI+3wMI_q0IZ~r!CPsV--Bro} z!Ma?P%XG)S04hVh_hvug!4yN29}43zLjLEM#fDKlhTBWyKvQDLWD;OnQyR2b0-WvQ5>$9 zGwD0l=png<{c^a3Zsy#ScrZJgZTvm&i*p;X`qI8H-G4}ix8d_$gS5jb;q*v$u z@G*ZSk+mhTbz`Tx%XpHIw*?j2$Kvkew-#PX-WYeUDiuP&cceA%4Io4*@=UO5eJzdm zlv%6J+JNGAFr(TfK}Gaf-r?;pxK_d<6wjsIO*4dr7uDnTSaJwJ-(7xG97+x!vb$}W zf|@M7dkjrHn+ed9m2wY_`66RzaA6P%w=jbItR(KDS_-$~i4MaQYLk@ZOfl*c@`ycE ze^wW4lp7J?#tonu^~oY;m)FpDvo&w@hxNT21Na?3;m}I$l^*ig@A{(~ktn0dv}#4^ z4-V+J50y}Y2HdH|q7YridoJFTpB=z&E)wqdO(2bjVe7lYXsmk730ROxbykhia zc;r-dsiAk@sb|!t2OcpK_`lnl4Nc4sWnTP&TSs5Udwzlp!57$(YBeh6SfZ+N1dPN! zn=YD)VgVn>L$aD2K{g=AU(ms7KQ^JGRwJ{RLx5!H>%f|rVp^S5F6I@NL}GmdXq9Q> zJ5Io!myCJ$3G|$!LkUH-mTG4RW18z%DS>m!kSHf)4-$a)Q__`1^NS0h4C|*eJ>vq+ zk^@2R@;4`eOOoJO?>XmkpLAaJtN3&sp)MpAS)x<@*un_OBeX*fFXv_nK7fX8n(k4X| z-~+1>uAWw2`s@V|>J}UjfgsIz2ER<@(Hh&&sZ;c+e$fj}9tRY@OFdqBpY;`L{>^(( zu%=jC!zRPZ7N*u}eDgyO31TB>D{hG^3Z#rZ3;ZqST=UtQoVD1d?;l7_>a<99Z8|fO z%bPMD=m$5c8pEU}NV!&{?Z#@2lYsw`%IA6YK>=!6laD*lgnS&q5 zbiv{#D~dAz72wdcn@}%JQD%#nkIaVeu%X&{4-ALt_|#*({GkZ43x(2Wngoz0JIs2| zAn+kJJi`mS5?gNGJATEidt0q310V$pwA>%kUkotN+*H%1>EueFrJ(xhb~5^_nIbm1 zM&p{`hlfSkD*wupN%`DVhX?j-htjRYt`c7s6J8Wu@#-dgXv!ekg~sQ*XVe@$%W2 zrrNTO@8Qv0+;$Mtjxr5kV_JF-_y1gKIdL*p5%Q(_z+Vw z9pj}o>rB5HA7Wt?-(}VPk=juqWivF0 zo2h%80u5f8A6QtKXtPu@{4-?62jF_LjCAx&wK8?$L8*2!uo{-*R^|{%_&GZF!Lom8 zaZJ$&KM*CybSW9|6qRr2>fgB4=T4J0F|jh zdP9sT(*&h$Pcw7w{EbN3UG4!|N{iMzfLS#v4*e#?=f@0f8QD4K>-7=v>8j%Eh0_Hw z#r&GhTuAEDh~e7oGpL9ql$k?_1ZT^Lb6pA*@DDEMVZgbz>-;GW3r(xfs;WXscYCNX z3SpUPTCNSKW|nb_g<3|^HST)%bzZ_vhbdI(Eq5StpJ6cGTxkGG9bjZIRi=`*lxdyE z2Sd&k#U12uc4Qh3Bm!TSoVf)c^7N$u=Om1Thps7{krA(jax(VwT2KGP$;exq{3zJ3 z?(z4G=QT`&N@^Z@LtQH6GwwaYSnAo4T>z#?o{i)`|MoX{@7c(>A8W3>2L+3cKWGMc zdkwXBK-e7)Szg<&ZH4}|W$9e1<#8%s)}G?!8qlt~#p2lJo%i}#RM7QhK-wL$nMW9g6# z%U5a%V>hzfbv4a4+(WzXV@dW$Ive%HgiBcx$9h4zj=yU&JOj<%^jg%yTp%&uwOfmen2@9 zGW^UTv>f8qK-hna?T!fTz|uny_IZQ^u!96sLJN(uZ@sYkR7WN|_DaK~+KV>nq#HHo zjyAx#{zm?dAsN1-&6U2<)#A-CMqM4bo|QA>>65WPgi*0py_ZVsJ$JygkbF`dj2gJU zI6FDFeyItn#g>|@YFVRa65E33DwbA`tWz7$dNY?34gRCum`;RQKM_dLASF{iarB2+ zw!zVE{W6jrHqP`U#80{>1g8K95AHw6n|=OXrvCfHV*zO&^lk+Gfy$s@D|E@I8U4oP z>cY8;ZAE5aKBH^M^9xjN2O4aCqwt&_?~18@SK4-)?SGS z66(t|W~SaNWx~DzM_};TLGTIu(`n^0pT+AmW|LwR@DZMvl>&1xm) zA1}@`AkdXpl8LKq>9gN*Fce|6h7e(FCd3!0%+?dGad^-$$8?ARKkOM{HFS~`r`_Pv zDn3XaZ;}4*+yS7J&$kB3>?=mPY*0*0o-g90OkRgMq50VhM4})sn5xG=bP(QdnR3>X z1D>63Uq4p*U-PN=rmkg_aB}5Fv|xKJVeUGA*6#eg=r4r|vr!w1;JFgig*?(0oX~)O z>w3~cbOF||9qo}qO=Ljd_%_Kh6k@H+lmfM#985rI5{V%4CJ+ig<%jb0W5dreN=R?5 z^zL;LeTKW76w@m860+w3XK9Xcc269g@&7aoWeVf^0UPTYq+uw+IQPIYvpu7dot!iF zsswqq;Oo17EyHzTtdiDw8>9U%aPf%2d? zm$-7tu(2I$VcpaAnu3_T4tH!NVB++I_O&Z;hzo88!S!fI(A#+&f`hHJ4#8PrT_7By z5YLyBOlM!5_aUC88td^*>SuA$%Gxtox=aK4NXVv#NT4SnIaefqZWrxUvC==&Y?4r6 z43EMlq5X}k2LQM?CV?+Orh)Oii@0deOy(vf#JOkeJCPaZzi5{Anm(|c*f$b6$51b7 z1E1eiTiR3SbZ^UnKQs2X1t%&5r!TqLJ`14=T*NagGCH9jUWbf~&gp;qWOTdj^Afb< z6VIFSBM>a|N1YV^qmOb=u87ai^jxq1+xUOCA=s_9es*-Zv;L6bHMu|EZyPrDKm6oXHbP zMVX5WU%B-Tp8rAmbUAoo1H&0DSG| zP`_p0Ai+51i~&H=Fjy=H@$T+5As+*+$lom5(f%O(GXfAE?_)f6SxY=?}; zXNCZGIzDwLyN@M;;EMA)`|wYlr8!t71i5PJ{V|oE)V$#hA>J^$-QZ#Hm-cMLGo93# zhGozqf3lrrW5ing6XrbIZf2K>+HFg=D41#Q$f6;z@gD=%6{KTv_Hnk;Ai}Ne^_dc^ z-YFrm5?1SnAt3+F!EbYT_zPzO6!L1dPb)n6@9NXFT|O#%ya;HWrf_G*a5hsIt~yb4 zWpVf|R4AzSlZY2Ugz=5M1bulaVIVcsLTlkZIsKYAF;~<6!yCzP(^y+ha7LQ{`1Xi9 zOZsAVbT1RW0DY;IhPG)g&wjCDf1|TP)mZiEnzF(2wR8=ZqdlM)S?(nkaD&e}WLMb4 zCy=5rz@A_IKH-iyflq*MBEzptBdo$J%-VhvT;g!BAnix(JM=$U_c}R5Y=OtXp{ina z6sYl+`cW3gcC^uwSGx?}`)2mqYo{f)=~UHG8`|4u^J>5Qx{zX$sFy15(scFFQw6Dh z%0airt=kr?wb>}Z5<{49^FkoBeTr>gn9w?ncSk z3jUA~BeufQEvAvgi~nLK=srWDw5!7esbu=E1JHmFcsX&h>iV0K)hnGlfL*&p#3cjm z{n~4A`s1?^#Ro=0edlL`iSzVlA)ilCN0%HWP|`Y~?2`Tpa)>(sfDxM5H~kAPVgE@l z9iQ;OqWik~J@YY;<^u6mPNVMnEKqf*U3qi1d@+Ba86ye+c=m~v&}wa#w|dx>xn2E! z>%*N9&(EWJG`W+WhJ+IwirzSUoG5gNS4 ze3^bF<2}`%xnGk}prRPka*S#XG=Yy%uDa6yB*j{aOAIsvqa&?r$_1Nv=?dt*S z;HIeBwIeU_Xznh|bbmN6<#P_s=eMzQcGNor_*RkYv%?y)gI=9%n@($PH18S2yDF_q zs9uxB4(YuU^?0qvD>WArQng<(MhKl_4)}e<;_ePqy*F0m|Gjhtqs)EqayuFM2w*qj zJKE@*`*=pByZgGiMBm=7^!lvNZK1E@JUdO5#%KGL_skpfGTEem=C|ilna*7%&>i^* z(8tH~5T$n~gL1roR`R;T(QUhzTao{}w%yw4<5NZUF?~>KFP2%bba&E>tYOxdc{wUs z+h@xOR`p=UQ&HEi}7IPRQY!u-Mt{O>Eb zU*GGt#$Z2VJy(RV*Lpd(R`ieGbuM{B0c_iBzYgc$S{(x_9tlbqp)z1WFJ#-f_SeT+ z#h$qwS%OU6~#6UoP#%%QHW*3GR9F z6Le3X!Jidf0hW(n8T(I)FL+NiL+;jEQYK}`)?r_%<4SMim<;&3nKDi zm*1wUK{2iIWZ`tvey-RFFd0<$LAh$|#4l%ew@NwrSRF_O+JepyCYhXf~`Yz_aV;0j8`haP$M_4aCTSh0U(H!-s~bB9a7%6kXIz zUrF!6*mrbEv6f!PMJ6bIR4=n3Fb(5uu8Ij!{rPW}c)S^^wKCinb#uv+eW*I!HK!DP zHOi9jV5P86UN=+eb~Sv&!Fx@WWRmYduZYmoMvkixV4hhA&ir|xVlUaTzPy*E&@mq? zyFJ3;{G|0PKNQ(SY2I(@`&G?}kg0y5llQ`B_mp3{5i_l~CT0a}Ucr7-*@S2Py(484 zrckqJgkNkyd1fcg#Y)3^MPYeer3~(>x$kwi>KDLnr^e^?oD?iqp z#&^Z+%8YX?{kH{=7#-aY*CkUQFXj&G+3i1dRPVX!_tYa*>fYqm!{c9XB?##k4mMr* z%Y&)|&eDA(%zAt-%9amO=WJWXQ>zL+E!e*&Zmi6xMMVrQGK!N53rsY|FigNp zE!4;ztU8GItnXH0Y#iI0t$i&`49eGQEocv9w33_{iBo5KK1Jk87cF>SUpXTv>m9<5 z8%^5te4z;F;Sz&A83Ebr9N3IRZQ;EPO{C9fvrD~EPih7*im!&=zBBbRHU+X7BF{Gq zCm!`7iU$j8X#jutFiYd-g$SF^6Q?59hU=a#Lt*g?l<15jQO{gb0g*v$CLdkAIrVMb z26XsucofY9>4u>?!Fk%?{w{>C3VZE60M(wx{9dH1I!`_qJphC6n^Xwj0fu}dyTj3) z$k-UPzlUa#EDC$w4!5k>kXF5|;vqWK1W zp~+t#wmYagjFSs9wiu?k;^5vE$ABTPNr(z2`YNjP@su8$+rEBb?XG@c=_7!DNWUkh zSm4G{BM6uMpw`nHS>Cv5{aew*dl$RqHN9o-gM!cgMM*?qVqEh-Smu!MuoCr#Ci9Cm zac3>4%nK4?2D%}5QV{;Gs=OY11XJN){6v@0aAERB$$buPPMY-M* zzQ2`mqNxN1#d#Uj!lg$7m^0O8mcsl26H{$fuSYV}`s~~-2giQDi>#U^?nO^1Aa-+A zaHC#RQX5Su%>4&bl=SBGgOiFJw}+On4a;c@5M=W&nDVFPFp|&Y67l{1l!?pz`Mrko zJ^k8qq0dt0dO?|3#EeHf7hO_-;`#=9EAUc>z~$vGFO~p+%L{7BXfIiha8cgbXmE6H zpzXb#yIt5Rn@-+I;7Z2Va3dGCgAN#|1kS|}PH?~ug*4%Zk$6E>_N0H zUVjmN@>yZt6g*UO_-QGH_0hCfszOdfmn|D^)3-l^^OmDS82>M%Vb!`3!iOLgI*ptN z2UJ>fYN4qWO@xPc#G~{Bd(m}i(;Pg#er1!A_9_+i&K`L%8F9uTeK;^}Dh=DpItX$s z4OSz>l1@O%vU(Y>l&$<(Ox4l$(qw^+*SfN0&Ru{Ni>z5{aD{`rb#5Sic<@n<2;#^< z`psS;JG$`(y+a8>47D4e3ddlVfx-YN;80wz{4iC0U&V~>j5Fh-+Gw^R>>DEdANCHo z?jnI8RX9aN5dyh*VvvguKph!;IHj)d=Y^fXbNS%ob@zDU)@6k(puiPq?Bth7N+my$ zdVgx5ja*K^jo2f+{wYD_Y(lfrS%6|O8N|X^fzXpAA>PDey^)K96by4HAq{>pzUbzKlSR6guC{vdjb$NhAz4YIYe`O41&= zCeI@P`BK`PMjDPOEdJ%xW>++tzST2qi)`}BY}JP#-x(Oywn^0cAldcvbJau5b0ou~ zb=6<&ppxsOc}u*gKwym4!`^4u%9XWxmvLb-dHeC-JLP9;p8O$x`Zkys@>Z}YWy1KL zOsDA~RyH+&k8R+qCW;9UY$X`{28I|8iFposU1=ZNi0-q#9FC{?@^p~7{gsmKOi#3y zPS=R_JUZ>iy(?0;qTP7F#}pJcC$lk`A8rU?;iCM;7Pg}ZTutzhs_Y?ksmLKud9`jJ zF3g%m=*E~8CKTdck_00-fsnaxt3O407fz<)R%g?+uv}SVS%C9D`8LoMU@Hcw7+gAz z7#rDoDR3FRdi~X8CN7J&j?Uq6&b4dk^;KTr;vrGru<%l#?d>WW9b^0tg z1%}}v!-wlqzJ@Rrhk7{VlIq!jouJ|!q0+@k^Ji5q+XA%b0pBglmMOR&E6{|rQoNXa zQ#H}=MLqv$@sxypfnXqsW)Rn9KHq7vR50Ofmq*(iJKK-b!Ls%qt(=vZVa+ zLF^btPk>MBcdN4-7Z9g^LZSONY^$2#dxycQ`5}Fi*F`XcjBvhF-xP-8M7z?(;8s1} zHmeWNCFP#b%2OMy9l;#oMq?afB%q!-NCrmt!E7c;&3y_?=~nbBWPuy2c9uyHjM{)OUU2(Al+%;m=PG826U<05H$8!#gBf z0$lR&MC#~bU3Yxcq2D2OUsX%FF#%OvcxoTMbQ}E`_~|Piqlm)Fmh=l`#Qp?ECzZbH z!xQ8D!9i!NbnB~6_~vq6RvAEdoQq(0`{hceQlUgP!Qr8XXy*1^hiu!?M@+!FqU&EW zhSRPg;~~S7jiPJ3DYv`#MCGc}4b4vYbot7gLji=?H#(wzeC`QQjBV#X;nGI zn*z~xS~NI|AFe}%SousvNMyYDO3yDuPTm(~iOiMw1^KQf%3g4Q3^sq+l54G6SQUGwjsUEVBTcIvTDBg!-jt~)nd)ro$QQoMf6tRMT2Dapeg%Ap3YZwZ)#A%s{P1gw z7>}O~4AQhBHR({-*Fkp;sQ+X$#R;kVMZMs=7LNZ1!b>sY(|0IjIUXU+5P%~l=C>I% zLGVP+wF$r>pC@~)j`a3v5mqom* z9D!J9gvLzEeu5|!pVbgtLyf`6dIUuLhCHG|`^Wx4@<@^Q4Drr}i++lI~P-LSs zw5h{RyVR(3UkSOCj$#BkOJ;D8TOb7dzcp1I3C1pxCmS^6cvH}WF?xXzGhT~9s8RCv zB-4PSaw~I$3us{PO7;vzDdlM2WoMqHeHAx6er|!r^rik!ZM!CqjS@8iT7KVmtY64m zhoi1(T-Q}xhDw~!tcVMoUFwO`<|UAUaPYnn+{3l&B&gHE@{L$W#ISGvxe1F0mNe3S zPAK#WNO!wJ9Q8we#y?1Jv2qw8&q`7laN4JN$Ug4^%`htd_e?=g++B5_eH<;I({4(< z>UmJPvY2ydW6fj+tHC&39&+|gp_4FUv@+iIZPcjeJ7`s?e#4acB9y^%iqKHN|N;ub3_wb zGGJa#IVWp41)B)B%EXVFuvg$iZ&~y9mA`iFQjvEAaKFO(3fg}n=ZxJ{pz>a`tP|V%7gJ4Y%r6I`17Vw8OM{m+5vp!CH}Fm%HaBRExCgVkx9I^@NQ zS=!kYEay~9^9ZvYoLjej`p}S0qf=q4JpMNvq6<}iJr_Huib{G;EbFe&?BB=}$lPt; z#aw@_sW8WfosIsD$y@~49*yHoJOF=c?mD9Kkc2+$XdI>sld5Ty-~}o2&Eb?Yq@R8x z9KOW$MC|I(Mun^PRh z5%CM&XQknsEShAG-O4RA?~>0h+P?_~7oHAxISJr<4hiH?Ik1Fl z2REXIJnksJ($M0E`!J&@euHKTl&Pf)Yl8spzm_;S`r{#7e9qZNg?zdtPP`$SjW30} zA_^=sUZn^R?yXwKXqmzb9^LFx*CcBra;>S{Bzq_c;S}FG;GZD82oQW~w180ZJNOiN zqy4J2Jky&RRsgw#Ctug%Qr&?1Z{<0^jbjT+yLV0u450z7@0v#q$qIyxA_%aMh|JbC z3is0N=)TqN;=U13qeVY_=DF(FH{EQ1saGO-7| z#vc!wR_8J7LSJI6WQycuCRVjf!{4Z;i(52Pu5dNa;jpyu=uC5x3Xwj=PQ9DMV+`FH^~Sn z?ALLTH<~UnyS$vL7`&O!R_Tub1C+OP@Lfc7A#;ZsJe03XpF0+U~z0*>+hx ziAi!Yys7!&&^bG#_m5FB&{_DfF|-=00Jw!VJ-B3rPhJP3^5o4-aHi21 zZ%|DpPi8DIFvE_d_52UJ`g;zo?l)6=QUeni?s-fZXVRQH%@Y`ZY8^SfLj{sOBb;lM zuh~3c?~ot^pN(p!GX!RSeg)$E8Z7L1F3e?3z0q>--T@_PlG)orb2@n;;g3l)PXMFw z=uNtu{)y%Vq_7Rw3r%3ho)w@nPDQjue)^5@LCWg_MW26){`#^3B4=5FnS4-0WKn%6 zJUp4zw@-gSj`j0<2Igp3iVHwkOLc%3)XA#vA|BI68m0t_eW;+@qNTR2-8 zGMJDp!{FyzghH+6;U5E{;RoO%hB|bVz52}8es^ARnrq^ui29m(Bx8eutDlyD%4XeN z*FSvYabpd5cI(eeNK^qjQ|@>VQ18WO`w8aPOYJ)}tQE_yjCj;ypg^$d519rHA(k+V z3ko&?#a2eLaaFzn#^^;6A5QOfxlUMg2@XUKiC+w&`=yd zI^g60Bh*zZvEQ;Ou8JIj#`>(@N>5bmD@!vEkJx|dJBA8uGF0z+9I&D4JRmotn6IT= zQ%envq(a#mJckl=How+;-+t|mzOc0CdP%_7RI{qM6`n`B9hi7#o8RZCO$4Cs>J579>BhTq_Spm6^jxSNbgCcJEiA62Bm^VYIwdL>#n=~aJ zn8tVG_TGfr+-F}>OWdZLS;HEZT?R-K4Txi94S5o2NF)5$$B6wp9XtTJm;w;`n0(~n zu@E;CiE(aF2im%cHiHUf{J8s+V8LNUc#7?95zsfv6pJF%=EDRVaX4uRy)Z_|C975 z+bH%%dfpP*BBI25&E%PgCEO`~y{P)gc8O!>=P4%&5&lVVzfUuL;2US){BlD$4$5Y5 zug`R@Ltvy^VCnva0oLDbLz-?iNCcg64d{$v4zK(*3wPt+Ur(n%&&gHk+df25*B$U$ z?B2cX>S_a!5wP|%>o(=&64S>J8fQZ+9+d_d{nx(e*oqJIm5~=CHK>kf1o#gT(?3r? z7BLX3JCRlEEm%p1B$NYM&0|pvdXw&ci`IHB==vgdx=A2_eEclbED8NT>JxMki-nXt z3#F15I9#zs9;K-|M~Ki}X{On`1MrXaOa>Lf$v>OphMmX$H~Xg425iuC8TGMPphR+W zRw?>vu%%o>>i5%CQ%+HuLZy!eJFm`FrL=a)G17%XJWFP+OZ3}rR=fA-&=AqecNyz$ z)&#o#Zycp)t8VCMtAUOS5|jB!gq32+ZEI4y#%;Ivjgd*0{Hn7({s8riz!8|JPlUSu z|Jo?B=(}v`%`+@r5T@V0cb}k8aV$1@maG@Ae^)r$K7@NuPzpns&hoMZw(7z`l&m}WEzsTz%W^Lr0FQ?5c9<_w)Y4q1-J?=2OSOWRKg<$X-XHdJz(fAI~m zyGU75f3+s!Yw{T%t-pc%4JCuN78^~J6#Ao}B^u-s#FE^HtX;migR#2oh(RcG<%;(5pBjOS>L<&jLOwkA0f%Gn zAIbvw|EW}i{y^3jz;8r)pW^@&5&32y+bb>k!eM4Q67&>vWNw4uX!tbpREz}pFc<>^ z`1wx*%C~mxCp19)I?7Nr#lslF%g+?$h|C%z{=!+?YmqG*dx+LAwb}h&(Q7|Vp4Ppu zS-Z{(i}ji+AQQ1=dc|AnGZkc3<|&zb%#J@cWi$=Pd89yP`v z#zG+`0@|WyRuJzk;=GZhbc+>}p_)07N;+8-YC>5$0eI&l6_Kisz3e`HuYT7aUpJgx zq*Xx!HofMRUzb``P&A|xZ$Y6R$O8v@677e5p$kStT!AwMf6|^Hh|>asRNSu*%ct`% z!|D!LA|oOBBV22ziGbCwZWMaYaQVWOLXT4c{noq&uKWefSyO7`o6?*~5cl7J0dpfe z)z&1fN5QstccZEG?fbfWWiP@bU3huzw&sR2E?G3Ebsp+3L5zu7=S?L&;kMXE*wG8x zoA7RjwQ?ivrI_bm0Dsu_H%SfPe0`YbpR#;ozSF>N(i!Thc+km^X4;cLIs!{0Cx2nd znwGB;Y{9$zwHTb48Q^>`Ht=pBpLNA44<^r+sZtSlW?4hsrlNBCxhs5O;t3g{Vs;QQ zU*@+qJ<~U3TKCtSpSAU0bHCSgGM6DCc}P%nc*+8rl*^Y+9__9gl-ykJ7%;vcr z0v|})pw)+z8PPM7HIKF@R{v0DE$q_0B9FF>g(x#Ad{jeJN1h6uG&Mdl0FAzV>I7C= z9||zs4HwVi%nj!JTVxuTx^}v}u;6;o+}Pd(3jLTC;~y7;j+QEb{^W_?HLZOi3ZR?& zko&A%&08CvlVPIvV+CfSJfWr+61z4@Yrk;*d*u+mNJNwe%L?I`GUxp_ zTV+aDE*xV|;32a={++e>DOjA2hD;(%EyTfaGrtrqEECcY^J5j~t7GKR_+L!eGoOLX z%O@Km$CSu?3E79950L0XKN(DbxuL=_4Ray-Ku|clla^$Aeb-wYyoIY9>bm#TuzJG( zbYpf9jT^N5TXHx>#U1yY5! zd^8ipv%?YtN7g3olww4bVk`%avqi`n=>$gqYr6nsa(5#87Z#*W{!{VaDD6_>td!F} zE`Bedp3X4<{m{w8<9T<>X8qj;g*M??MK#j=MvWm;4W;LE4HmYgva6V;75%i>+u&CA zS#`lOr4;XrmgQHPEJ+g^F{zYtQWA>JHO5U;Rc8&;9?V27BWacX+l|Ex04W=v>^G^( zKie^jo-Z+*LCHyx2}wpjfh_Sm(Ka4h$nHVBS#Y&HW(U&aFpDp;6opfI8E2=owiM%J z7*w%J>orZsW42F>b$+x@>8m}fW{#%iocu_!rMUZvkv3H&S5`%IS7zrE!_i-k2Z{Oj zj8Ya(*;&pJO~B;9L0X=SH~uuNlDPBHBI}nn3R$#k3L^L{#u+(Gd#>X-*OT8IrzSi6 z?N3jH94kTAci^?rA;w~2D7G91tTRbr6!u1CTW>TEiXsr9st81=xgrXrS3)W;c?=lJ0}{8>_Ci(a=)$0ie2B zj2Mp%Yv}0yN5$#8oemnbI27`)3Pkg-60uShJa<0BnH!#GQFc{60mMa25KU{c;U~za zW#^Rg2`bLFom_A>Qm>^BnS0mhBzZ0Hi=Sn;H091kd6}Z;;=I3NT9Gc<6uB=a#HzyJMJjQd>EeDJ^{+PFX;VY! zkh3}I;7H{BfqR8M>pFF_V_B_#i0;4!ABN5wN4Tua63(#(qUKWgK%M%KWS|tgq{g(0 z-qzK0nUrJeION>ef1QCq-e(;LxMzIRz;)&ct}{$trl}vS0^{>aEaJ7E2vg=8rJ#(J z7`_@!Lm(pz8-ChKR#Q+8SmVz%UG9fH{dC%ssVx6n93|b9MAm*#_T8oXGeHFpqY;WNr#!_Aq>XM?ET=pT{=V6svtNYX3 zU&Fi~+c9G!%zy!F3R@$+14 zzD8f<9vYB@MvAufl@54mv`p7R$As4~fnr9P0?AjClN-oYmsaK9`oy&IeX>?)4d+%;3k zp^|e~Ve=s!76($7$No13V^8?TYjk+dp#ccZ8Nv~f(FFF~GWK+i4vD9FldC~5M#|Pm zd8Gr273x|?)7sxGACDGJdqrXAk)qly#!9-XJ(RwOn=S^#_Ib!Q z^Zsv3Rmi?H3(DRZZxzPzy!hHCls6ENfuMeu*U-dBG40K>q4#~LR#{ER*X{>7o%9Dz z#v%X@qg-6!WzfS<63{>X-MegC`4y1Xt%&2gqkF??zxN)aev)g8qz)pQ(MTubL%%Bu ziZ^niU2EpcpdLz1hKoG9Eo6`x;VVt>eDh*EOy$ec_B(n~RCn2hh{hQ~bj~aBK|186 zG9m**OkqO}QottbVf?-X6VJb6ZraH=g2rt8GiJ!3*1;71#}s+TdFE#VcV!8~IkIBX z)1+>tQB!TqNpNn4o?7>5-hz9}veAEg=AHGzORkiJ(y>h)I#Fl{zB$0&+A?$Qess7@ z@{$K<=RMXX1eUgalNPJ`it=(-sjzHeQnOmrBSiV>L(;mUcZyM6E$rKU2zA4KqHcK1 zpHfjbR1@OHyTObgJ(JGm!I@cEGtKHuU$~2P`O!{vPJ0}7i&(Q| zog$KM=l|-xqz>|~NxDL=f41*ik(Yh;B0Ty0PGB7dUH&R0pr;s=8XDv-nV)nSYxI5> z%JfzLRA!kQuo1G;#w!%?y_UUKyueeT;A=6nWU8aSX#-Zw;cO2iSIz9^KYa+(4Ooob zwQjgsy%8b`?235Iih`4&T>nSZRYq0WEn&JrLO@DNxAqB3><98U8kYrx{W>Df!4iO_xu7DJ;C zRw(oNJ3tnrhFnylHks)C6*=ey&BgrJi;O|sN8?6ig+OGjntRp#peBN#(yg*3v+iT8 z^Pkf;yP9pE@I*7;kY(+!N?9&Og03{2?=(^h{Pwy4P|S(t5#oWds1Sj<}Q=7nnlz|?ibfpZxptJTtEg* z0xVpDF?LN+8^7(L|c3Ifr1hJg62M1U~l(%m^KUY$gKvuqa-#MlBf9(QD zS#_W$!`t{4b7a*vOHF>GopTZ@R`hDlqjkPu{V*|;*IeKraazGuGg^$)Sgkx)XEWx ztAL~95Ro9ypuBw&hxZ|eVXybW&WoaKIy&FgAEMuJ4*Uq-;2h7IJ4+(X$i$Tk0bRE` zv2IcB;CPQt)UDuFt86D)`VrVrU;4pwkot--r-c6lN=ag-GxL^pk)7?|@PVVwLQ*it z7b!h)!=3a&NRr4Wl|0NEh^b@+O)3_jl!%DdNk~Y!P%@wG`>M|F_qP|VYd6J$zR|}b zgju(97egWe$1TJ$#3bqY^lrFX@GN2fNn4IW>!_{uLdA& zG;kruQ;P5I`{Z@d{-RNYHlT}z((E62XBgw<;krU(OYpv-km;zVw{01S+&>cN18^_!OqR!!-ub zgHdYiqcm-yj~@?m1dFY|{(pjxkZGyN0b<_aXHvE*&^4d&(?)qmeLb(!{kKoZy!nbv zcWxx#HouDIEOa@sOkQd1I(>z_Ss?3%+0%c$`y}Y4W_m0yCl-*Iz>Pd7i$AqUK#b81 zKdfa+dB6V2`3P@d;x((Gd2$uhh zEDGA+4+--h_9-a|*ZYQHM1L{R7A>}yWr$xf(IYY76wzSU1_WPNfp#2p&#B-4Cl_s} z^=>2X?t`A&?DumI8|@x|o;%ThTRJL7y{7cFjR=EICK59=F@~A^Cy{02fbtq@uBP9^ zM3}J@#tG7&A1YfL9xL3vPWJ4s->YmElcuJ9o5;JwO@&U0EoT({5Tl4=WH9HGzLT9o z69gFBRO@8w@prrbona&#LUza*gZSeSL_cIpDAKUk=KF4_nK&mF^GQmGxyB`w$1@3V zU^CtJOIk#jV!^C-d-w?k^C6tzBNR}OoL$Ke4d7PTvE{9vz{Tgl`m8eiZ~|T0(N8U^ zg2krOUBPOnG6rQ4Y2AvIEmKj5j0dO$Av{_AZHiaMzfyJuZznYF`rb{Ez*>2Ov_?1= zr^`fl!&3H!ZDz|#k)h#SW@&ET$Hw7XCUN)?dTqXajF50Oh$0zt!6UZ-If>kSYnkLb z7rhvLgU*gTdz>AMF6wYLg>|xyz%T{wg2&DmBn;np8_tjhJdy^_qTV7M5zaX#^cfjH z=WUPFHg2U((cc&H^^Cd`1MPOgRu{JsOMXOzhP&>P2lDX7GW!*|<%}s*Ug~6~s}Z+X<>Zf+N(LP4e0qeBf{wOCTDk{%N@rT+;C1TzPxi z7{3t(Cgs=M`gD3WTrF3c9Gx|M9Al~AFJho9*6~)|G(4wos}-my+a4+$B+sMCLpGun%|yog{r&%MWMA@C zpBp$do^e;iqR*6EpG5vRrOiUN7wJN?IZhEu*H+=<*~N~OWD76l-rzxlVQWbVW*+3X zyN(+zUe|}M=kUH^tQ?+RD7MG*l7*4iu{qN;dIZ}tpi$T!yFB!9P^kaf_`max9f*Q8i+u*8BDLoYt8n&ul_lUxO>JE8KGn+YglCS_*wF6MZ#I$uXw^KYn4wrVN=^v0e*=8H3AE5r<{&9`kaO` z>xvq7>{IEJi%VnR7CcHt`0$;QaX@~seGeEzcQrFocskdO44LaF>{R7UZL zL8BL!!KF2HJ+#x-N$ru0kM1CZx2!NLP z>~4ZpI|;(y(u(OmJXW(992OO6Oo@M)bATzANd4#cPl2vQpj)_1=G%TDx881TTsg*8 zX|e`yqGw@oN73{_AoP+njFdXDcXxgYk`K)xC!8h$4UYpsnKPw&*X|mLa40GhsF^R| z^}ti z4w_wzu7B8z8Sr0Z=O~p9;wT-&(Iy9(?8D`q5zCR5qhpX56H^cqRm?qKHiDCe8V2J}XGI9YjJ9(f z%mgWGoMJ~Ezhs41h&Ula9pWkTCIc1&9q z5T-Sj>SvUh$3PaHUx=Q`<~EyGZNi))gk*#CQ>bU$DZmOY`0%=}uLyEROV+Ku->kSr z=#T!zTVG}S6*BM$xb59bypD12`J#!41(Q_y6N9SIOI}_Dwbxn~OWvjK4*exA(Lc^- zXco(304bM#j(#9zy#IG#LM=c@PZx|&!DJ2;p%U_OJ_?R+C~7x)w-MC4f?WmYUG2I< z56~0wxl$Y%!A!_%aJlX1hNYQ>s|rBwbHY15 zEsqbbG%e>_HrE}uu8p(#%HR~xKvC(GrFP|VZ9aguC7<0WFf4L2a!VZ} zwqtVE_sj#V^~G{Hf|%*Y8o+Bq(l8(>(Y%U z&5IJRAOXVa)E8T2s_NK|PkYkz*qBK3&WQ5S*1|RtH+8yE4Lo0TP1`B|oYfQ!LKJp; zMZrW|hcuW*3(4^eM=H859nu<~$AhI{jB#tc4O6aSzqa8e_EM+?HSE`2G7#5g1t~|w z$%^rcvkcRc&&y4ipHFFnUU)tQ0Hq;o#v0;xvNlR1Io<4G0Jqks{x2w8R@H^$g#y|1 zyCDL{^RqQi!Vun>JsY@-hu~HcbtGQW7ceZi|Duw8x0p(#&*E$svhb85}i_vP3Ygnj_Lo_|70+-;;baF@sw{6-=K{u zF*x{r=31t;Gy!|w)8?Cj6P-~jx7pZ(&VnbT4~qB3=kT5<8FtwBbe0LeRGq7S;}U*D zOC~)n)z6eHX2O1D*a^dAA$FXQ`#@)Jy{IY~bquvABH7PfztsDe~&ZPq&D<|N(`>%%F0MKX!f zniN}FYsdZbg5luPqZK*Wg~QoV457Vp^sn(@zsnkI`MYVaFMo_LGd}2_y0o7ZP|^9Q zIHCMx8XboOH3OB@zm(&;Ixf_YyXlz$s|~L&FZ;#RM3D#DuRPFxF)#93Z!Fm2wq~a8 zFqEEkN)?>lcca(T`FUF_DeSGRJU_|e`b|_T4o+U#A$c;G;V1gs+_kk6*^AA^mzUDq(-P1W#VP+L{R^IIC1v7<;8B)w*1}#qCz5Y1Y3V!^1gXy)Tm2qy;tJ-|vZg1m`)VIhk zypj&es|?D>5t+LIMii(G8@rymya{R~8nh_GYVXiNng3vi+{H%z8Qn%61UrdUQir#{ zl6p>dW4-D{GYE>tx%TFnKpiF4BfqlpaZ3cV?>wZYitO_K_7;4vLz$xJ$}!^Ttl5*p z51j*#h-{&_6_Vpb^RqJQ;zn0cm{N%-PYV)@JFt$44j&ZS3;c<^pU}IVhD(UO`Ql4~ zJb0-3Co-t|C^Rt#!_q=G7s(BW+~z1LQ%>{7ROJ*&0FTLt`6L(ZLW4oha=^i@l|})^ zW}01n+0hN@TIn(DP&%?h)+4Nzje?!<*VkPre~Od@3{^4qzr9N^)_XbMpVnX~7KzS6 zsKZ%#-#K5i+@><->-Lzo)=m*)v!nLlGR2gM%C+)NgZ0gh1IZH@bfU zg-jqbHZcPe8+%{~fdwd={&F2-0{2eQJer9J!xY*9W4Trv2_bQAIw2IUC8&E>Ad)AB zP?TNwXLG)Z&X={58TVPCaQGnYc!Zz2@u5nS6!_SFOf{gFkMqZ6uxO&h^c0=GEo3tz z`FnEx_rZ0z<;ZoI*syh3VOn?#t+2=6&mI1|MIUhYnx)vZ+zMe$XXVoRG$%IZdbJ<| zC*-qqo$T}lZIwiQzlQ@TR`^SPi=m_g*$UI*W1bZ!tOAqg69pB)J~-xrmR#4w6Q z)1O25?f9$I>Mv@2R-4;_OrPG79i)6d!)vtnTdhg)THPAy^VEMtA!h?K;r2-aJ37a{ z?IAWq3GqRJ#`!K%W&qT*uIe8ovBANffbr2~I}z}6=zT=0mcI$5pvT-aSv@(=bq*4G zD$^ijo1t;1C}9ut_@w}_ZwMFt3X4&k@eDgUX<c@%i8bi7D!^Ms z5b8U@|BOYZPEPIx3Vr%TPLMJR%P*>L|Hq!PblSbC7DUkOVI=)Gm*$=dj``k?RD7=Y{howqb^6}N7#-_6a@GINI zAlELc&h>0js=;0{eEgT)82|bckpYe#P4gp8Ile^RsaOAaSIZgqUAA^6{P^*3oo?~S zlr@EYt;s8|87(4+GJDmPvG%aGtFoU8C&xL|V4&bam*dwg>>H?QaF{>&O9J;(FmJF| zjBr1|Aj7j|>F8*HePdA+>Rbh>9(fiL4Lw!Iz0~kN4vJz-)f)=akRp_ zxhJv0j|vTEFrO;VLQ!q-W0cWeJ^XyNk!CW)`2j*b_2ry4sr&WiEvUWYHVQ3ZMd*Tk zX>lmdY~#qu0T5xMFd2;bV>Orb!&=aJvds+;2i-!p0o^-`j|7h}jCbfqT*PQiT<)`_D$sJl!UimMoAY6rDgL99W7lWdLF}+9k=+X zW&yP_crttlW~IS;`*~M8)Zjh#ZM|dpwhm|n=>B+J38!X zlCZ!%)+?{B_by=SNJ0N}i1gJM1|)1ODx{n+<*SdZxgXj%L7USGJ_Lz+w2B1v914ja z>ud&r2P}zrAIz?Ytl*cjMdHMQ$u)QOo6&&_|3Bh_FZ(X8PYzXW9VxE^{Q)anoz0Kw z-O#xp7Qf+s7vfLm_r0btb!k}t0Za?V)y1IG@g>wHIi35LPWIS6I1|k5EM;&tiH8gd1Bm^0)(buQ4|VdP zn+>dkVoab+fVnv&y7@Ren&E2NkufeT3l#|YA=lAb*+IRQ+6pi_&(5~`PVwIA2XhjL znW<>R$7z;7>lL1lVL+mnG8 zSU3Kkb|d;sbM)IKOc6V-LA^61*rk4ouod}~lu2UKF{wh`rOn;J(IcY?|1zg%WZe6V^m!ndFbn<*{c~P79wE%pAzq3jlxx(7L_|TgN{j6J zkluPm*qsji0K`GXg`j&i!+1l8Y&uu0cPZM8kw*&)U1#Q-kioV(c~$M%aIw0@tX8gm zh_)8(zB2rjy^&w1>NaA-bvE(Z@TJrN*vh&5Ln`e1J26-5UB5s0D>$^7->^e6G$Ht(wYoG0v}7B+UXF zlfYwo@ZTcD)cFq&6%%Crnuej4NL8@HMUG~xd%Y%G6b+-2Ettt!n>LEB~)vKB=V}>g5{QNG6u`0#a zzNz{c10-^{&sXge4ZgipjPgk8Cp znIF^9H^lTO4?cqiB=eXK7ImQwS*wTo`bUn>W*feN~ECf0^xv+P3)x9z=R+Zzz?#=L&ZJ<)2yv~R; z0491^q(z&0jD|Zd6#9|z7e?9^2|`Aip+!WX(}yH5??{H4gEA8xuhDGfx)&r*3lUN& zZ{Zi+?i+U()Q2Hj`Zlz>BtOKs-d{Y1bXIB5I>z%7yZ2IYfzn|sMsnZ2n*N6P6OK~$)i$dN))brH>@&9TJ35K)vq!J4`NRR>o=2IM4NJyp1>FetjiB%9J7eMB-bv zZZ#=uQn2@f12Y|8Ae_+xw%gXya~%ZX8?r<=I*SIB%OJ{c9QLh`t{Po0W?nh;v@l%& zkfUz{hi*>mm(y%vf}Us1oMv3!P@MOP;GCVBk-Rb=1wo24=neIxK3jN_(M>>7yYYiT zx}M6A=S6xQoFXj~oeO5%qMi7oqCGan`HQt%T|)`qS@!A!S-ZF7^tm6Jg8DM)Ll2HO z8FuzZJi*Ozdv%jk|DIrF2cPv*OU=H6VMlrvML$F9Qd z3!jodfaj-2#UkV^TYZXt)|G1e*|j2ZIcgz{!1A;Hj^4fWdG0C$bNDewQO1B7TL0IE zgt?QwSdNGk!wY}<5sHSu8zJl+42>kIZ}7b1OiOJw&_-;)sM&VgnUcTd!qDa7_M1L9yPV#C;NwaBF(HZv-AymWq!;-0EjStLeZ zEl$qc@Dy#Xi<7?KKJAJQ?vff~FbMb0C-MX)&j;gr{2d6-*t=N=LIMw=-a)i1np3nn zqPtQg({{%EHw2F+DOdgFJz*w^V_)!CL zH&}+}VW#7%qgf4)#1cwN4t{i@!>i4ykPi=-V||Yq9r~zDA|@U;F_AFU$uIQJp5Vq+ zLy|bxf}w$2K^6Z&_)7Xrw0>-l_~^Q0%_ozNnXB{o$Ax;1GZ?{57a4;3C;zuF>GyBR zfMc$6(JMn+zppO8AtIZ@VRvmYUBt@osEEtkn0tGc-srqU2@J7hd21 zGSqYa>kQB#%ovw8WA^e zBfZ^^N>nTGnH;J6sebu%z$e@Tp5P6C`OMRkV>4bf^I?#Ja^db^@E|&{w(nQl9wHew zWM%3+Ep6je%F$r7n0E@rE{}5*`uzhXND&8Ro)fI1w;(Q9L0s$_rP4jj2Is-)%{%VjHzGkoW3A~_9BYk&XQLr2pM{^ zKeF8#tc$jEN-|}aJgZ~-39@Z1O`L#T&|5EA4y#aG;;y4mOB9qAx$pOPhI8&q>H&|N zb7T1PDZgn`pbR@bW2SN5j=nAga$x-L_Y4m4u8`KKF;f!ZvEU{QN7%%1q?rAj(#ax4 zBWwn3FIAw7R$dqh`^0sa=z#bu7(u`QZQX`B5OpR}Mc**`!+ryMfq>@Ibxx2$tMmug zUu)Hx>@fRsh$zi6wLq^uhEt_Kdll1fS5nDpeVDYY<~gZJw)z$@)FpmPQZ_t^;2M~% zNr@q*>lXy;Ia+rR4?kLmLEcvfVRZ2yab+&E6bD4MPy_)oED-T>5OIG4!*mew8kh4H z%8S-chP#m)b^T<`0Ada6x+vH&3aq5AOu&L~+9+OPJ^e_f_UGcFSES=x$#o|v|JtoZ zq{w1zo$Uc|X#Bj9qe-1~oSa4Rq9LI#;Eo*r|LuOS{pSxSSnq!CK5ci0ObA&C1p#*@ z*IT(kO1sSg!i z&~d11EeksI=!dP)GR|E`H#8H~3{J8N<^tP0{kC@-XQGE&ty7ZLE?0}tQgY?q0ADx` zthHAFH1lS1c#^_ds^yj2CPn${CQ%u9GY;l2^en;zq!}ZyBLDAsdfvnJ|?4GxU-7TsAI<9!9H0tdm(*QeBdz4^^9dk zfaz04Z^vn%vF|+4u*v^~@qhcOe$mIA*lGh>Gcy0>Ha%G3?< zeri(t&P~RyrR(N9HzDkK-gMe=vc$&kWe0w$U$3*Kgibi}@^55^l(|jR%uORTHQcdb zt59-}8|td5Nfm|Ra1-X9z3AHNGD`5yidPRv0*=Y(E$xf;lf~4`be_5)l+)VFl%0WbVpy40go~(o9+c;P`sdSh>#czBxzKI#b(! zZq_HvCCjhNkm%*0+uNwhk{XXFl%LIMG{`Y7)=t|fZ&P)m{Z^ycP+cEc zd}$!;niM1SFT&w3*&B;^qWdaJ4Hs=n9`z__J1ig@;p)yjg9=VG^TCZ9B?haID??_o z5x^!od8pxzw(^0~k6-sNBX)nYSZb-ALA5Jw#3t?kC;RXi2pQeteIL8}`iRjEf&tS? zb|r?BW>l9yu6_t90+jW4-!;6u6(-zy{m&aQUR^=S-CgmL%kq+b%I4^1dZyQZ-M^#s zwB-6uT>O(0{rS)hbr%}%)D!^E+b6-3lEdwu%R3iMEuCxGL{+j4M|-|yNxy6P%< z8~+Pp#C5{jjJt-XHya(BlmQg7}m;RXN169*Pa zjF;9OV-#?LgVsgT?|3VVKBC;1Yc(uL$Zg;GcP4isiHiVtC7~GKUjhm%2S3J3OMw54 zEI*}#oX=WZBlb_<&5Ow69E9VmLc5mcFqhJ2qbVki$(~5QZ*!DI-{;S{M}u3j{haHb zm`o6U<;&chbRRciw{8}AEmJtn@jcUwN>vO#(=!xKBsN?csTlcHIF8WV-W|LZT6&Bv z7o(KY>}B}!9`z>mh;AP;e7;6rgcpdT@(2uj?M+B7-ds@rngtJ6XyJFlg$l+G#tk3$ z688$HYr9pzH*Y3lFeLZjY>KM@r7|V*o;$Bklds}v2l!`2s zPBQ3wtbBrRT`IVASJ|CiWY-VU`Vvo)vg+_)TRteKuVM>d@5l#p^eL?tV2^F_g22N` zK?;@H95#fxuRX+bMPr$Tna064g1P^B9eeHtVGe#BtL+W(795BLydez1`(wAgLHDso z#wz%LZf6gPb@YK41%63o8R?7NEs$ZaWMXSA?{G6e;c1_&M;+AON-MF`UWJO?hLOlRhoBe3PPbT-dR1pT>Pov!ck z;+AD4gS*P}R>zR^;UqBMHKC-pA{IIvi3`)m4fjEFkYdy7ZbBr5BU%a56TPVqgI#E= zK*##=PG8cHJm~%@MkU3{H};2*9-%@~_Vj z{v;u$VD4J}b@XMlYO%XT3j3$jYflvA!%%634dU3dg8AlH7W0Ioch0b*v?tg@Ju9Go zRYa^cOYo3ZXpSc=)El*JGxOeG7%}r!=yuzJp|j`N!Nc})L2m&>tB3zGc__!LmhJBz z%!k?|As%E;Wg9Km0c4!jz*U!xixOeh%eR{L8FcneGo4)oCDFCf{gbYh%Z;!1C?u`a zH^~BIEG4|lOO`8yJ~S16z%xO#%A-?;s)pv6#9EbB`}onEpS&hM@pg!r#gEg_u-vNp zi%Qvfq&cPIdQpw@=(;rCi`acw@SOJ&m0pN50-cI_b3u!y?PV03tQ`otv6NPWsPtfN zUwK=Z*p*t|b$v@T#3)tBemVcjly%mHd3N?;!c3gDjj3E4jT~z=PT50G7u?g|m&6uh z!7h%_!IsI78h%EUAWA7^Df?!Q!@_(FS^S9aWN6_{QQ8H70F5%WhRps~qR zbsa^*=vGUI>bg_(aBAD4t4b*EI9HJlc?b1Gbd!u>g2GMVGd20VU`j9m%HOdclROk6 z7qQTX09V;3Cwso>vkCEoj@m{;Xcj%_YPd7vkSwQ4uF+Y}4>WCO3@>ijn_6!GTI{UU z7`!J)3@T20(O?zZ9&nnelb7Kx_ojwfyqS5W6*Ou9KFH?0fbPjP)9H1>GU~AZa7A@P zj)`|dH)>daS9^HxfHpVRjP~HO2E?YYL)k3_*Blqi!Zqjly?o}HIsRxV)f9UD91Gj3VsP; zzw|_c#I$HAEfTKSUsauv1uqY^;J_Q$Unw`5w?c~oQID&MX3aSgTUoI+wI;@&F<@KC z8G<)c`xTSyaT^nBpc&Qx4`JZT5#{?5b4}Q%6rW! zm_v3vrqbi|7&mybc@mA5n{DrLdm8bzP35qAFMk#@^ls_RNxv1T;F1-aGUmFrLLFQY zf^`{nS9?JiSYgqa&C!@>9Cm>M@q$rOE=pzOBqB4*1&@BG&<}5g7w~4Zge^jd^-`FC z2#SyWP6JFS!`B4J5+EM%C zXssh6nH_Uq<$q+#tdX!%ca7(view5P1XtiQSZ~fuU1b>)Pz);XTBX+O?7P$?>toGe z+aX!ABK%u_826(znKfBf6IBnU)`;HnkUP6M>!R5$K%+I{Xknl=eeu9B81K(541 z<&}O>=DMy^k^&K|>8an(I;{tjEPBRa8rN)po_G=w?_eePu+u=mId~H`HN_2&W6+`yybcOB06(_;Mg% zqEpI?Nir&D8;ndx2`asvrNyuyH)HVqq}pt2{rbO69XU#qUXy)oq6*eg&uYv%S3g)r z36dvUsu)qO>sZ^C!63PKKHdQIJz_bX5R&2Am3hk_2dP z2{7q1G6j-C5UjbV-|gmMWoehG4r({YSdStr8$w$UF~7nxz2fcJ`)`?V>I6l6#r8nU z3`Zz;I*#bt6cp7#e{vURLYqX?>bG{>+Wd5RcE0J%f>EyBulR`*Q&<&<#)u~A;p=13 z$+u#ooodxv=>-C{^V!NqdO2vPVp)0iVDhxfJO=UC`ckTfYiW_qxT})DrY%8~b*Nr8 z_@)k0%vVe&|2O3cSOv*nXUtXzjZFu71qsoY%bk{l`(I)+$x~1%m(B_XFa-nq?W-Psv5qvnpu$8KtYcg# zD3-$+P1jd**^brP?^*NR58r$}VN*oBXL`uR_Brg(j2a8_ko7QsNZIXQJUBRbq=kq^ zT-eUUNtxVBA$zGC}wgO#1yEa`MXA3LcDlV<+;_RwB`QTUu>( z3fm>_=`|tLG$0PtgE|x;_wHS4%3!?T>uv*eEti#`ncO~xUyY36#JZfZGs`gP{}sp7 z%^cL5P-_z2cvvy1>>D=(Vz(>pZfRi4`PMqdcVZEB)pbo-ntn5-?Q>yF^tb<;&cZNjCT)S9KW)nd8e=$5? zvNsl5R91jq7-_)a!IO{>;>(+Tjj$Y*yd65`rd{>Jv5eLWZ@%nXF+) zyUSo|54j!TzuUnV*)j&`Aio<{uGL|GLyIA3Y=ly&L@amjq{Cf0hFxn6X-W{JtNj0p zDvCWfisla;2_)bnM;z@8>s)(a813bGiMQxGQwql^Eaj=hSgwkSWw<0P1NdivYRQ!v zmjQ2~V$9BEB{IF&dB}FJ=+Bx87=3VOS@_OC z#{{98i=fR=muAdD&jix6684Ml+TZfM{;SeR9xPcM3`o>DJuXaPgV0aXZ=9XjT~HnJ z@Zcnsq)Ma+g^)OUileAD;|Cesxo?+5-=4Q}pg-{7xYBwK`F6puA5nynh0T(cmEd^@ z0J@N(6Ubk|KqcAAff;OVQ+2|Z`FdX^0mBibUM4IKsq7n14PK4w1cD`Ave4&ZLl4bj# zer$F%$4!gDv!}1HmkVb9#C;hXm~*1w`*qcuYILZ)J$fto?G9#Twz^_<^lk(UArCq0 zL~XW%21&7N4dm}z(^SRH?;_nNu{?%^u$8g-rFr1~<&7T&o{LkTIE{@7EL<=L(nKCb zr7IW2oGqNSAFS(EVqJwOF7?M`%7A^=_j0J^z0BR}wB}Y5?m5b!+gm|O;S5F@!xqMR zY%YxnQ@B$0ZM%G|7C)zkr?bRJ1n6_YQ$EmqE!O$}lL3~q)+YkA<{-^)o+xJ>Xb#L{ z1xbzz1Vr0Hvh*myKjU5lP2)wAp%GVi@cGuTM}o<6judhZdt6~ zKhE);PXKaPw##orY;mqCA2*)53bq|lH%&uzEkP>!y_yKg`@O@qzD*gbl>+91t@bcM z%;ME8MEA1Q|7$JzsSHCXzYOWSmvf-sjAF|N?cI6>2yG%Bo=di*9TTN~Q@Xw^-zR;g zA7se)m3x>^vEL`iSMoZsa=hk=&c(l7-3O?VQIaBjh41jtR&wiUbpH^hL?KgwSli}M z#49J3N)iIK1iT07Yo z3so=@32COy*1cM}l>HKSF-?hV7~Is%<1yakA>=712j-Tj^|WFaA>l7T=~ue0uaHmS zMxg?YbBRG5%=nB(k>4H@e_?c!M1(XrJ7-9{K@&g5m)nvJ1n>t7*R0sQqghST)Vgbt zpzH1gBhn6uoTU|4ADP6u$U&;(1%3ARpTR(`5b&E|iM4T_fIwC83}8yZj7fKz-C8R8 zxX7#Di0(9MTeKH_LqT!tKcIaBPwH@ua4|gJL55$zmkvOpdY_ zA4tTrzn?D{WUpC%%-gr(lVO&F(I^%gS~l&t>L*X60=WYr;e}}CPXaRr5k&<$?_HuO zZfv$+4~^wvq74Ver^S<}daiT% zhb=-K(jdyzZoVhNo&%9;LV|7Vo6L;w0icw+$Pba-*MbDEu2PWR#|Rr@_>fDYCIrF> z?C(EkK_g(~VoG=^nmLif%tDk&f+Ioz-IFzUIWP^pz-krA%hH^S_$ji+{saO*Yje9{ zSVe;AKS0P@{CO!|kcKy^TSbd1B&lS#KoAo9vqfPKN3bcd2Eh z#3NQCmLT#G#)QB(!u$JsoI(#&T3JIR@TKQb{3)YybN6*wXm$cf5&TxFKeN8}e>c`` z6JzXUck794(=`zUw)Ur{4gZ|YpaIxx@W->mLBL0uBq<9mLaa@S&8KD{Z3lR z`59w}X!sNUJG-mP5+RL+AK3-pWCJC!W%GCV27PirOSUWCmg#_S;GYI5ksy}-dnJTEcD<2;x?pHYoxU6GrkAptX(cTU z)en76v!cQj(xTne>0n7hx(Q|*5Np!IkWwIUxk&G6TG_Ylam_$){yu`kA!AHWLY-fz z^`V+`F(Z2vm!oJdw#8B!QJJZYCQi?nZNo5vNdaI>&o3(d{h|NAP|>?+-1Gf#cG-3n zn9y{Zt~z#W*#Mk8oC$o(cSQJ2M~3Sl4Pu)FDdpuaUgDGUoX{$}8~#xzTe z31dtMSle6lfK1pX`4|ZT5Q{nzWvP`2=940)hj7A*_0TU8dI9MDSR4f)egI3|K^3Mp z`nbyI=g2tG4*9+BIc2T9YO8tV|5W9w(szpgeQ|akh@p)+uK=d`US+E@9%pL`G3he~ zuxTTiW7{g-)lQ%9nw6f`_{hIfkl21&mKm}nfKbfFyZXm?R*5@j)6ysu?M{>KsFM@d z1;N6_rRef%1luLxl;NfQ^spAfL+Kjdm z=ykVH_A!uEYW=`|x*-!Xy5B;I0i=Lcn$(*E)6AHkW!q$iTe8|s@yY_gdD@f2>uAwx z#1W*g(>WtQroOh4$9U0D(R6PURWX@iV{pybTvr-Due+p=k%0jwJ+Qd)P`YWJ8p{&M zlX`5gzPfS*=_SY!{<<3pTkdqFpGX)sQ00geg-+^Ps5^&i)`B~wE zt_C!IcNN_0%I@qpsAy&PG#-^~EI9$6St;;$DG)23+ZPri|Hsr@}I=u9A$Fe=>L=#dn%W$qLA|+ zU7-*8%2tY9i`?DId{%_Mi3$`Fv1)V>iqmc=6_;X-5qt&@mjTP3Nqt)#*%E8NTc{`F zD(UJ)(kUF;@XJBHKv@-9<O3pb5G%ScC04)xSu89t%W% zunR~``U`Um!jaTY>B(y;y=Bcpv8qlOh8qcxKfZ9_&Os8qu*@AOC}CW(%b{pxA{wQl zsaWU*7JR`^CD2jxS`64@p0Ij6{G_ElELyOOCgD$}E=*7yJus2{0aREhl#zyY;A1~gw)AqzhPgqWe;wq8qMeg@N z(%Md5Dl3e*Pmx!wIzu4RrAf2pakU~FI!;U0eUvDPAjql#{|)L`o!~LQCyNJZ1UyWQ zuoSI!Nk+v-u0c@Y-9m)sO(k7~x)upFdZ~Oj8cQUu&4%LwQsh1%)#?GV9(Aj)>H&S4w*c zYdF;g@_!jEY1gE!afEBz@96Yl7v|oqx1@A?7PzsqWf9*mDWhewqQ59SD12&Ve8+OM z@q3MlXo(P#+JqMm@o&6i@N3nar4Xrd71y-%m*(|cI_M& z{(y+3=8zNi{pWHuEU1V1)B^4SdguLB)t<4-(I-ux(bvnj_<7R#>QG9<3z4!-+||1y z_US(a5FIKCRq)F>Mpzo1boS*V!4-F7s&BkKH9k|rGkufUvNOD>F@shOjBK-%xGM_%p|kvG1%SvHgz#_Eh8XD8Hu;y zFV{7=V6qD$#5_a@H8o%kLgmi_(T{>z*kO_RMur_f$8!~%Z67zILN|3w@{%8V#n>#o zba4xz?Q`3YC8;=-N2O=&h&Ai*a&2a2U(dY&meY1Yinifca3jmexXrrwKeF`p#?unf zuKxMy?+tJqEx%n_+c(90z=vTh>~^j++CiA0feTomVqx1hN@<8nj2SG&-1S8>)Ou4; z(14@xQ`B)|@n-b(oh6J7H)_d3Bor4UzMPj(w#!hfLzJ(e*2iZm zErIbf?4;-V3lnXBK`pdU4jT0ris(5)llH?86&8vMMbMT>1-tHxb-d(Epl-``0BQZ1 zBA+oJuxoOZQ!2r>z}Cxz#<7R^*}4y>29Ghir;qlr$3^sQn!R9_S89^r+N?SEI-cio zg&^|j)IG>wnH$Q$yUxy(<7(^Uhb_e-LI( z@dtt3Skh`WZ_)pD11JyE-f}CfWz^3ZMRC}pFaJI5?HF^H(HL#Ss^EhHa=2_ntpR+BS zA*{Gtz0Xb_^$)A52q`0>&RKq(hOTL}MuGzYCb`>zn^qQ9p|#h{KMgi{i@%coip$+D zBjN8IlNfkk#pQ--&|VyzGFlp68kE<@Tpcc~_`!ZKgp;j;`T<+)nzve?eCT*)#lo-*8=ES~!NMZ{+eKgVJolc3;Y3^z|{ zUnTJO(b&U<)2LrZYuA-Dz|A&QcN3J#cc{OcC7g#F*P;^FABX80zJAs!j?&n>8d`T+ z41*^1txus9+4>4bf{*mMz;c+8vfLSXA$lUNnh+71Gxysu!n>wEslGYI{Ei*FnPV6~ z%FxujbiEN(wW0&L7o(Jwc+bFTgs6_EzPk;6 z5P1jmg?$D%`v_S2(0B;%CDnE?C%Y5i47%(Yx{Ex|Cl(%FL*X?#m<lU7E0q%q?ddBrwoNyPSkR_OrW^faL0DYKZXEP0{9uMjitCz%{?DZGm#(`R#^D)MD{yzKrGu6(AZ#n!g+e zEd|7enm*omZl5(gDRsMq$wSwI=GiJ+h~rJx@d<%8@8x0b9>R| zC>;GC`lkh^6^w0yD5G_PsL>R1u^qD-qkBpgDcZVfuBvI4PoivNB^$mBEgGlV8d z4gJ?eQ3av`xAs4n5Ytix4q4JA$^}G7(gv2=r^dmS{JOjkcJMh9xahV}E1=(;o_X|! z5c?%myW+nOkFoL}Ji~Bi&O=zZ@1q*GSuI+=Q0#6&fN_FU0rVU+HujC10B)$9aKI z*UOrVixcOr(1Nw6mBl$2-|^S+DgDd03v`N^?&4DlUFU6-YjB^MF%j>Sqfb4nA*)wR z);;w|r-~V{e-4QWcFp+TY0o(*N)j`j+Uu+|D4NI!l|T>{c9ko$s$yBK=ufg8&AEy*?$=U<_rykXg67DL@TYhc#Z0MIl z3vO=co1^{WKmVbtS3bU9e&(${K<_LXYrK&+nibpJW!nxwDj73^8s*r07IFR`vmY-83Dgm8RQWpZ2pUKokM^FRc2bC0Lg~k*pi>lxFio zXK4xg?S!xAJGQGC_5iH*O-^6Fni_Gx(sXysL3`FFKW487lqe*l~4Gy4X(sR&-wDz*+#6jYImv7#l$RWUb!Iw>6h=sA7r~V@(F{x zFyvg&vCnm*kyoKN-$;Otj(iIzu<;e|vq1Po00+#ASeXU3P`LqMt3|B0wOCQa1Sq8l z;13Y)1mPD0w4hx;j>Q0R=p|5XF+c|>e@na_pyhvWMvD`9nH(kY@UE%-$Y&Fm^pJ+I zrDzBy5!hm9Z#9_3@G4NAs#&b&RNt({$%%%X)3T>O>nr-ut1RcNCY%4XuTZRMPf7)X zJPgR#a_6dxjN!sE)rMakZmr_++JTAaeJB*)kLH$1c-uF?YXS?d zcd4XP{BMUE220>`L#ZEGs-{a>$)faRo|E?NJi5{pZhw56QlcN25zHjK96Wz&P+9Fb;f2)5mzO6EP6aCjpiv zPf8f%2%iNnvsj9!N^Yt{PrE#5LLbI&!<^(MQdCYPBQ8{ygYn)dS7!kOK6uEQlkTcy z91(PfWKT6?0W@O;s99o>`5-w%OO?3Rm<;o)BfB$q)4C({}>fo=F&iRx( z=0M(MfB@jxC&LXl;hbQ6a59a#{{w>MA@12dhwr3u7$CvL&l7<2k@>`?GY_qdRO%Ud zQp?64nUXQu$Z(I8?LdbecjZaTKnJWu%)c^8-g-~^ydCd+m z;|dXW;JH5XF;&CBPnO0xvnZzEq$MACFLROr{ZhU0LYe;ZygogknjNen)D~<$T}b<- zu1b67t8)=dw5X5EpO?t%yNcEgZSf4%VM#$cglp6++0ydj=Lmwqi@=C8g|zcs}CT4)HXS{&2- z((@*R;f+RaDMlo1muE38U%OHVciXiXK}(Tdrax$}XT8#oXQGg7WdZwN`dvMTl2|kE zn*&U2v)Wok4uwn9K}%0@I@MX|(=5$WchhaAOmj>Tlq3yqrt6LZlj}LEJsw zJDcuGJ^=P6N~EJOHcj&=aBv2ygw_k4TXLa+!aL{#4jsWiS(Uzq*DbckKUH}kqYjjd zcgeOXJ3}SdjO!G8aRb5|EFndJnGuw6K;{_HW>~;M(Xw+0gaL??OiZue@B|wfKpk$q zP)4?Ms%3;c)rTSbcR6_LgGHNp#K}r|u|AtK^g6!w$bRyB=G8*YLb?E$5WJneX1$+@ z(5du9pLIPNa})DtT`k)L^qt!Jv%j10@>uwWxQ$^a{I!%@inIR9Is~VrZ?vd7G^zEj z+8U&sJ!Y$#`1T!aK~8h?Fi_K)+o${ks;?kTOC zI5T{)l1NAW4{b6U8dKXdE#dhsMVipwAonVOB2w;Q1GTM@E7p@fXtWAo3T*^ptp?~Y zG`)0i=bGT8l~wI&!?)u>F30hg)WS$-&fJQfTraym!xW}O1HA>GM~pzV)c_}=%O;IW z;_&$(9)bFO;{@?ztavekd+)m5EFca@s0QE)T>+}80Z?I#u&rtH!8QxVU>^EqxkO!! zfOcyDI?y1HNG$*t#z?pyq*DuEe;dng|5RZ3Fc6!a14^m|*g=ng0Cj*8Xj)KN9bgFv zqU9pF)#@DnO+;OCA^v)A=A``i$2 z4gF=QSx<*YOoAu-Sx&>ul%aI*Nfo9C-{Y(;eeL{U0>6@AMh<+D?O8+f>W`W+YuyJN zvuw()nyZDv7g$KrJ*jKgNa?rjXx{xvps zb@=-$hY(*iXTxu)C29%317l#ZKidQM)^;yE+cyWD!ozs7l8Rb^Ie(Gojw&U=1qerH z<&4fJHi;|NoOlDyYXxmnw~bi$;~YS}Bn%2FLT}06{G)&#gC!!Jwsv+*BVKVaMOmdQ zH-z9Wav|>#7iHl5StB5fK`fE$h~s{v_sHAhDPzZG!lS*VnoicWN=`95#ECG;+rX5h zV1bii5%^D$g`xy+^x+04SZ1=MbYfbPw^sif0*Fs3t%h}3?*nZ6*_#-=0_KFTPJ}pr z&BVGyBHx=QPZeUqgRTs{z|b||of43QFA(D+nbeRrD;jm0L5bcN$lR$aLZMt7EWNfrGfqFl=Y96jIjIP zH?FV}@wcSH9sYjseGV+w*GE0fN5A6dE~m#zL5OacqQVF%={toFf#6J|gYg5y=69Lw zNxxo#-U*(Fd=^O^6)IdxkIwuzr7{aLEv_g~pn>%m_FGdFBFFDEVo&`Yb>8W$!*JXy ze+)Ix;>X?vtWp1;TRf!2>Ilw!;OSN>Qmrb+kFR5fccXi@pX*%O2~ z=WSN|sFj`M#Wce!?(ucF^?~6`MN=xxsD=gTKIHDQ{Sr5f+jSh)I`;0X_>u|yo4p77 zAPwz;xPn?=kjSvWar*(*hgYd9OyuhrX=$n#I|^L;i3bWl5S8%eRB>d%5GkZtU4O$z zIvCU_K5kE4lVb6}Pu6K>0fE++p|KqK|HbK~Bo;Fr7##9_UaBu-Xanu#K;1a0hEkm^ zuV87J(mPx77-`G4!W#1yEYyf!7Mr@q5&7Q4?$w5M^LZZG_#N*&)-EoYtav*yAzGATw3lSS3T&?0_v zOQX_)eS=DN!_Jtp<8k-Wnw`=L6^%kfpp{Sl{=@@ zZZUehR8LDV%bHI7O*F>J+iSV#5kAbSE}Z&CA|A5zzX z*5Ubp+Mr$YzY|bHh^c(w&Jsrey3NWrbUQ;>NM%fM64){{ShR8Uy>(we=BvY8@eYt- zfAMm%FK&~XuhRPrID1m`A^d?YD-DI>&&*R;#E#R*kJnA6h(i$u%O?qO)Ev{B=TH*x z_2~TbnK$KGIW6#tC%ZzeKfRZ|*$I7Ryu;W|6C5;N8WyM!F~SD(1CeMh;a{ zx=QZ)`pa7OV?(Eu!7tWvdfKpU&@utvnmpnkjei$BU$KHLuPrajAy^!q9EjLSXLi6? zGdn=D>4eW1!njQS{edP_lr^h~TR~j}$70uY{F=JLk626UFMq&gzZ3it{YjHyJTd`h zwg}jqoe|@7q7im(CyKMw`@^Gl0}RksXlP7~PZ~v@%2kvSrgEkeXL=vADPTcjbxjJs zsT!hG@FS)#Op9&t;Z}+GQyhsW>Pt*_?VK}18=$sytvC=56Gf%d#11{k3|NCBA5jyj zIg!*^o~eRpjY`DdTS(YRXrTNv5p*HMZ&E{1%o+6|9;zA^?OoG(k0dM)tN=ba2! z>DSGy>}Z=mp77(uR!Nca?-ZTrm{UHr`v=aETGHGP1;4L-(GlVPta)=>l{bL9P zGQGgG~JCG!Kk3Ev3b3*QFVnyZNO`GR`?|Zyg3#=7CSa)wDYcjBV;RoCUHI7nOhLDKYsCU z5+oVO*Us!Sw1X;HaDrStapABkXo(6PmcWgO!jC%Egs?>?lyC#qpc9=4jI1bVo%>=efrZnOjJH z4b$~R_69XW--$46s9V#@yL(FvcVEHfj<@+Q@Zu){PvXY$1EX24&ui#5BLe4FO9_Ob zqyns5?8}#u&q!uGQ?X7?u!}O`ksidX#k?VFM3XKWEz^p^#79BjJCn)m4c|C(%{!pyO#2C}&6#F}=~c z^gRDW;rl2jvL+@JZ(Ujbt@s@bl_IKN$Us78O^Q=R#g;w|y7i(4!TPuV!X7pAP&E_> z$G#JQPv`q{4+>432i_~2FM}Nmmn)uMBtD5C zGvVO3Y@XM&N5@}KW>ETsgQrwhRuUJGkn-s^5toX+#PRx1tK( z5!+L*UCJJ&MmInvU_><*g3RF8EZf{Fo>TF@eHco`G-eC(5Tq8tTf5LDr8po|cF_bQ z@8Vy(3vQhf(+?)ft$_H%ouqJB@Ntxx*H+MkxL&@l?VZ}0&`;VlYBxp?=SElYUZ6Vh zr{a;>=%)wdfpL!SkCx5mUp2gkAgoH;y9$oJrQQdL-&NIEHO#_SzN;jQrj{4Y4rxWf z7ZUE_lpRylptd3)hlj;=&-(epg0XNt;b@T-ByVL&U=~=Pv0*%@g%PW0Fk{FNqxK;& zt~NJLc1m6dgc3)A;_~z8EY;@Y7m+V(Ga>)`I>jiB%-;Co7UYE&4SjJsQGbD## z^xwRG4_!?my(;^p{mG+v^LYC8; zOH5khm_fVbAB^cuG1+MiTbA@{!d#u!+J6O@ZJsXxo>>r^6)py|42;6*{tE$T zI>&MSb`roM-Wx{x;pou#Aw|Wt$BiR-ehFvfgkD};2T9>~*enl=#Hi|}bOphie2EwA_;a_gSzCdFvWiny?t`ynQ zu7bdF`0NltWJ{=_&D55dc|x50@z798KUpJ5C;7EeZ!V=n~D^e>uD;0Z1;= zxzPH)^G4pNinTLW?a&BDS*-|-x!-5y)^mT!`QmMkD2(trd->LsKP|c z2-y&2C^_Q%;)MfeR`}EH8R(%$#W{qDr(S~M?l@02kFBZ|x4Li>qD=(r?KTxO~l-a{M9pO1u|J$#P7pz6-9cBg@`sBmpN|~ zTW;2V@;wxU=l_^F>PpA`mVczzk9*gs(O%27@(jPyNlt0nS;nQprv(QGL@D#qF83_1QADR zeE-oZptS>LC*qpc6g70vZxqaldUh7`q84{^%xZDm=GqYq1Z9u!??)!s)w5xpy7B&( zmORLj9iz8zL?ak6jB}c0N3dfobV!+=(n|e&$Zkd-OjUomE_es0G!~q1mxGBBHM@Ss zV7=A+QSW&#Z+a%}A%K3N)}}b^ruHlc=9t%y_DDIy~bj!UK1&RRjcvj>29zkzqARCOzA$3I_^Ryj{)iT1Ca4-so`gxq*)TT z5REmgQ%P||F1B97wz5I~{Qx8A-Nw~^Ks7Wp9w>GYKncOC>jnYgxLHvyeEsi~(acaZ z+;;`5L|%&%ij8nUDnkG+;Duk*6`_Sh)}QtrJVNVnmSGZENo*J z4ieWSJ`V(_1YyX4|A3n*3HS?SM_4a4XPP2-3i&pq5_z>l^&S*GXA$}cVahnx1G%DL zp;z_zICt~0ywx@@-ZLy!aF6^t0pmUsCo0R)5Dw7ziLUC&D7qXDsqF~chxYJ`cq;v3 z54ykitgzDxV(APJ`)f%HZWF(j|G~{2{9D73e*uz=hg+OmrzHcFDAPo_&O$jiK`oBCISiw0+ zLlVW-iqS9I*ED()U%u z&sd$@E>gIz$1Ivtf!%|JYO+5N{52=)+lGYkX;>yJ{Vb49@(4f&*X_qa&7?egvUw2v zGUAiQi0u>P+R>XZ^o=T{1E#NT&USE-qE&;yu5{qn92j$^i)MXlqAJMTFU=gE+)Ra*XX>L0RziwMj9!elTRfr z1q1}6Y)*r{zo8;VN9j1(#Cyk^-dk}uhW!DrFEPg7HzY8VVl10%!e*rwa4V=`UBt_N zQk*uW7!-GKjn|`LH|c7U`rmy{%IoNR5}shFK3P^F;IXg&1& zoz=5nb}tBs>dXQUXX*4=NEf<{@ZO=An{q}0fAsF@VeMVi-tgViPNVjPMXTWK8`;@4 ziMgf>d`2L^Lh*=Pg@iRUiXt;TOQWLvg?vi0QcHs@(k@rj3r?iu@a&|oovwrH=k36y z+%myfe-kp;?pz~N)2GSj4g7*ps0n*N`Lk9qh*cI8I0~S7V_8~u;|D4q1*ky_G`@}k zbfMwT6f9$`vMWJG;{bVR?MCo8AQl>fA~|z0kKV|hN^7Fi70J*)86-am&;;s`eSFuf zKT>-Yy8n^lXc`KMGsfy?817NMF(E>;^*Xl(C5aV-qiD!NMkE%k4f|>l+wF8W+4TK( z5(>47h;k@-Gnq^k^8ShCT8^RL!)x7brGNvKT-tsaEUrKqb{sR?DMlR~r-r;-p?Rqu zRax2Ys0rKeFeeL_UaE!G5(Xeqv|nAHSHUIHz}VJsT)M8A%2Q)Yuno0H^G^!d$8MJF zR6Zcj84UN}?7PG92Hoi~rOub~a8fhFE}xlfmDPr1L@N_$>KW_0AfzRiHh&ie15wZN zEb7v0%qyff-@bpLhWlpDK}`~)X@S@3a&r_gUg`~tU$4D!x|aNoh^-MA6^9k2`3VzM zk;sk{FPCBzx6TEFvWKa=P;LXe35|;=64sl|C!CeKIVrtRH%w7Zg@h(>48cz6(_4YL zy}a)uQfo5NLqy)=-$K}~FST&TV_hmh40o8DEr=YU_v+30H;s_z%`f%CMwA;-^{Ubv z5e3aEIm(a)LQftvRz>Q7^$6K2nVieEF#(wh(`Uu)@5c$HiTu~M95h$V^RAxCbikWpvGJ$ z=tPU)m6In2NXMAZ=*0CXmwD%)&3oX_vO#6JPq5vU>b>Uhw3HeQhviJ2ZTENaKHVzA{az{-n_H1pautXi1& z&1;WOSo|RHI@&k-dU+s|@*Te{ZTnN6dh)5KQqDVg>%vsbOpi{1YM+a0o&}>K%?nh{ z^f)u`0M*)2X-!2iu;svzCU!|?IsqHs_Hq-U0&W;-?u{=yaiy?{YsO`ZhmyuJNnzM9 z2}_!!0c7erd0@q*FmS(}q1%s{XVt;K?iHe={Cs%;}e2uWGyHw)oEvBN&*DMK* zjP}@3y}f};L9S8gkm4U*=9MYB?J2!8F8Y1tDe~rK>2Yd67xju78@Kh9-r3pR0+f}f zhx_Rfn?*G?8N5swr0m*6W$||*FRacTC;sT&??R9g+ms@N`pZ~VK}9IsX+j7%MG7UX z2GU>n0))_wze2uM|BB+{rkQejt7Z%lrRQBwNGz`p>z3Ee4@oaRC)SJ>e}h1Oy_rlP z{S~H_!3ilJW8%ZLNfr1Mr-(*LC@(YUSV`s+Y~A!_Siz|8{^N{k;9J<_)6ap_hg09X zr0bx_tKAR-3r7%`;Hv}b_svZg#sMLnn0>pj4b`T8xcf*XLhIn@U1)LT159su&`)*Lb!bVO9mqHK|CDvF++xM(*A@l<6^WaF&0G@%{}>$3X28OgCH<^;eX6+~pHC1o5{YmEB5s&36x8 z7d|E)C;&A}4x7ow(Y%#hfeDX!%ZihvC9loe4fbDr5bNLD-0$+Vv7#rF!KN zBk9ziOCF9k7jVSDRK-rmn(vOe_9|nQZS&<7MPA|Kr&-F@n@V=o!sX>uykNWOBL86sBxNjS=RzF|PwnkcvE#j<^Icnvd>5FOa8)EjBij))= zM$0NH9*3KJLm zQjyT0?n-$*KQU}|=R@i0r$Bqqp}9`*^T9s-0LVK5hDkl?^$XA%W#2e`v2&J4@je2M zmuR(o!Y0qg?pu0$G4pjjv92c-&&teOb-sKn=Au$jy9dGmUM)yUYghg&W|UM596y13 zSRDj6XpnoNbfSpj*0Opg@mjWzL3V4JkKoj5f$MI)24pvHouLY` z!0oeu<)*FvLIOO(`lQWqtAX543{MLDIg_Q#V-X%?qt_t25=n)!- zlw|4=>9K@!{D{ALz_2OrhxmJ!$8lO+(a)9ts;F3{u#!}EucS+R{4s`JWl1CesgiXu z5&n5jKmQ&CzlRZ#f4F4&Vl@mqSmjdB%~9no%47P2nGgsVZJnKN>+!B%N=0K&Q)_2bGgF-76IWnbXJPGJ5@`X(B?`?k6^m+ z{I%vUKw*tOa}bhos4MNnLSPG21WD_;p8g+aVII2pJ(|R3v>$bEp3Xzmjs0D2{eSv& zJUP1v5yciF$}kW$Dzz4V6w2cc^|Y190?ruT!K`T_e@oDai%S7~vSW~VZzp+gadN#^ zQ>y%NJeuFYkQmW5ZKw1E_j1^)PMFi)FzRO=w~Kk8$8?~DZun!FP+9%rGAXGcxt+L` zW7Auj1+&(hf7M_iWOCIz*hh2=g4_1V#bF^FO zCx^ec?Pd;N$b%h{-Q}(iMJpcJfcQZ42&2$qIKN6@m%cFADKG3KE15BHFf_wTz??{vlVZ4_b8USL(Dit3Dj#=!4_(m^v{ zW_MvLile5qpRHYz#k|Z;J9d-6P4#?FVw>4GWWQ)7?>#!;<8=+1agHTQ8QTCsu|^{- zU_q{t#-qHeLE?^)-6(4$af`h(+Ik?EL6U!G)9MVHu?>!Y|0r?5g9Vp6%+WZnp5bwZ z_}$etq95hEa3yb%>#9=V<>RZ4iK$n(3YiaxK2AtH@E8NhELN4wlAYNsgFe0}Ejma; z*`XjCmV#-DbDTrO-OtQ+mJ)mLzZC&BBbhnI0lctToX7SE3{AdXw)PUPe-6iDNsQ`6 zesM4BK?kFY2CM=0I@{d+wbUkny;Il*0rcZ~1KxbVS>4K0WuIejk*G(Sviqs7#FahG@7&CH14O?yPd!7H9+be$G~< zr>Z2>Pv`Qlz1#g6O!oYa_CA1Q@qGOpwR-wtYU7%<)8PwLbJ`B@%j|}AqR4S$`mD$> ziZv@x`|*DGekEhCkrdi?D$!!Cr?OO2b+)2Oh-kqucUJ>H=M4VXvMg^yk8IuLcx=Pm zk4ejam~n5b_R`YTD3{{b4O+f#z*1c5gHg4!mQdYI(RS6#Dz}WQz0;6@=BLVMXofFb zvK(L{;M7Em`*Y|E>oadqsKJrj&bteZ&Vmgfse;|HdZ0=MWc9~|#GOyS^r{E`^bC!^ zYGn=YWtXL;2+MhOR>cPJ7e27L$&XdPcNbra{%ac9NCtk5JhE#-hozl5yIDwf1O}(2 zorLRINXr$vIxR&PFu;|$15QOkxgjFaA(#3&&!>iDEq`_{hYy}&ZFFC-?bm55?Rb_?}B8XNFkxOcYL$DNmUW#qOlFWWZZi`rCofj_fOqMJJ{V zB8`?HZykeQ<=!Q;`L={Jz=??2b2ESO#)o140;Fv4T9bg=;)G?jCbVE0s0`t`(9KrkHT9}nHC(j!a6XIy=O_Ahzofw*e zn^ki)pV+uXpOBeV(}J67(o`>9=4DX^j6vCnjUEaN3z6D@(;6hmizep?r9yvW$G!c^ znN=dHdeXk1QRXrEsT+bab#S~fyU0&>yYCzGS$|V-=I#%ke)IU!U1_9Xe!RemGiVCa zg1AGaq#jEE%aU&M>#@R%;D%g`@vKEEAwNQ_IzLgx)(2EtZ#zA= zPc^f+H{VElMAH-_&4c^URh;iiU^b}*R7A3h{1F9eC-Rx=KaDo`al^E+|GywHzpiZV z2ClSTMvB%nHB!mqZiV=!d&sXyU=@ipZ~56PvLYuX@Qi%Ow1Zt=*b))nLck9u)yB4s z3Cx(192qB3SK_9#KGSC!%B(gm%X2-( z$JUJgB<1iWdp6KpBjA`c@Np&ueDG9qGN(+Fp0TEb8OJ>GTYp*o+!rEpFwZX6zAzmZ zPPB(tEeRaB;KBZ^BUCx(Vw8w1F+hTwPggFKY*$$zM6parI`;8QUs$lw?WjD)8^P{p zV^d&#NP$`B3;c}!1Cb`XWzo12XCPf!-RO${HQnvlp!WEHsb zm8?k1f%b?}x@$h&j0k$D^(rC8Mrm9YFo_$#DQRq=u`o z(?`MlE$f2Dp9VAak>ZM-ewqn&3z2>2I@}HFzf|ph#SIFm!rw_ZZpq}DK{SC(I(QG# z+OasBF!4Y7h9vA-ChW*nFT$372EyF}Xuw|@jX0ckynvjy04A8iqj=+E@b$A@ni<@0 zW_HT_#X&n;07`_t9{bmZlXV#o`Zj}P(O zC38jKKbU2d_)aukOdq~x7QL%r|8kjc5{@W&`lOCANnyU;^(r@IQ@DGJ9PtZK@h|U)4 z1BL44pZ17xDea@uO}@Az#?m-m+77{c57i`_pHAdInW%ZEJ(!SS?J`vdJk|!~541G# zQ3fc^a|z8{~h7E&~Se{ zm2L|1ex2+q5u^Db)|B7hja9}rIB1`+n#dNzjw;+k@2mC&d?RDVIjPG=3k~Zy-EnCe z9!gJeG11`_=vO$g6hz)j#(n)F8!U(mc{$yhdBt3VY!>KCK@Igc*O2k!q3+!K zcH5Jm1zD&P(&XY#9|Z!$r*F18woZO;OstVmO{E5&aZ4X)SZ58(k}a21`S5C7tm4_q|}#^t!94`P~mF(e~r0L`&tAzpZ3oGKf|Lhtr3exT?`+ zsoMQlC(8EPgw`iSt_0WlLQ4YB`bRqdB*omob=&ENfGRfq&TP{)|6}&?DHTPE++`K` z){BBT{}d#ab4(n1M@$o;Q-C;J%zt{)&Ip6XTYvpKz>-ObcAY@I!_UQ^llFFfCGVIx zJmjg6-DwqvVN=(SS7X!ZYR8wiB7$aVY;b2znz_-y20Pp??}q2L%gihmi1+vhJ#aI_ zGFb~ie}s#g{}s6@3ns%9=jgbRoj9YB-c{Fh|Kui!kwWfXaQ zHUoBSu4R;3O5PNj7_BDh@2%|q0BHoc){m|UIG$#dx92T^Z(`z!{K{hrh|kwfV_#S9 z+XPeC@hX7Xhu-*BwsDiRhd!>%@wp;~4FAF}xyrKCFyagZtZH%-*;JJuU^e;#8H3Qp zflX0gm^K9&p5||BV&fE&?dAOd!gtJ0bJ!JEsv*K^tAD$8N&L(`~LbiuJ zqTC0T*7-h(W;&iqq+LGUcC-h|d4u4O0M`&N@_Ym!C$F7mbWO>6#gjmuoh4~hvTh$u z$^yE?96D<^eB&YdOnLoE2!@A5}I-J#)++etuTe^=r@g z^a)$6i`Hhs|K`J0d!mQQZJ48IH02Q{|86yv?MZpQ}dW;9VS*YAhYIU&8_tVkvL(-(FoXiT|>w($y_ma*W^P5 zndSK8{ty3$_;&2kqQnG528f!X1L z!%6zRD#r-v_vn~Xf8FDRp+UGwC-@HOIseFRZV%boK&vc;2(`t_a_K9At^rta8##ws zs3|as``oUK6L^^6+nRJQLGQrY_>%Oz6zs z;{VYaDTJTjk8-ys2YA=xP@!#?CY7TVXN|9g+h;e;B7fGtGFZ>q%}%|EedVy0@}4vi zA&b!op60XTOWP@$>4iYx&+F(#du{VmE6uV}FslZxEu#W?mnnL}_{3G#^@oX%NC_tX zF9z2Z9x(o42plnZpY#44V;q=(3Bo#dO3L3+;w*@5vMlhxV7a1Km@&+^M&WXpu!h7q zVp`h>kYUPy*I^*aSbLqImT+*7jnXpKSlZ!E)MC3T!dQA7N_QigXqo;_UpqYDi^2O_ zo92t_1$6!osS(lRu?!&AJ)7VTdNDYzAHz00v5+O`apW2~HkYC=M%fOv&oR`N;!G0* zreXg~cnUyQI1=R?OXadGe=Zd+JPD*=drd#NgRe885BK zscl|z{l@1e#(&_G{wX8-MQI?HMScg+^>`_E%!NmZvoBmli2`Gr9XIXH7o&MtF|s?f zea_?IEn*YnU;Qucs9feUyUv*?=oqmfaqS76S}SDG9*0r{j(*~0e9URc%MABZr*PKC zg6|HYX4w~cRmEwxw@>P0KNGmQZfpojH7FKl6~_$;N^YS`VCrYI`ad|83E_>sES;5v zv{+f~{3YfDUX7as#t$z#Gh9)3W*%o4k#Nnh(IjzkvHw7xp}evj6y5Lxj-kz3il*h? zxn|C#PRSer+$cM6|BtD!jH;^Z+9n00O9Z4lq^0xFA>AO|-3?pe&`5WOfP^63At2q| zNOyOCNALI1?XHc!Nrcs*#Do9-9l6+oqAMhNud;`r&O zO1$>kq$@UVwRiHkY?jq2D}Vi}cIu$qv4`?zdvok%JdEe8y~3UOXqzLo=?=P<8ipmW zsp#%)W$HS~{ZvJ%o{5>xdm@*cY9|TxMAL6(8AFkJI@y43Q|VkCalp_B;wIbmIVqic zvlIS*CNoKqDH!a;V-i2W*4IL-z`p9O%&gE^ilJ4eQDRB{K}fZggl6_3LXqij$l}|7 zNT1Xx(!aSP_y{d@FaE)yvGhQLNSJhS0N3o>i)(mWT!_M6KIHNf~F5_0VWZ?PoAVaON=glS!**Fk*l-_JNcO`+C!uFN=at)tqu> z1Cf{M-euflxH2Ct@Su3rMPHIv+?F-D>Os3tkjg9_PbcrKrmic<%~kTgRS=hjtI{u= zIpea{szTfmHYa+kEI$2h#EeuP(|eu4el#!?FD2Y48O6uQPU+aKWw9^2aQzV;6}=a< zF_ea{C1oKm#_~7?;bFm8{ME`4v=7iO+)_{iK}7WgUpV+8ejm(i_EQtp8$OnG1~(S= z$8!4t_R?4^&iCx(qC^EuPFj&0>4Y-Gqt6}{F;T^|O`kLt_=EAJ;<07ShmDP1u;^_^ z@N(F)T1Q}$Z$)FU21kT6D7MB2mWZVT-d-=VodhPLa;1{h#YE;#p+g-(T@il)jBzuA z5gI~ha!(hxadPPCY2NY8m|TQ&9XQ<4%!jM{{Y-#NB2p8>34i%|E868$&N!KLA>%oE z6GD$|>jyqAp_P`~W{*&@cVzNgK9pHY>p%Ox%1*qh>VB8QkA}4A*bC4`op(%(*r|ok zIvZo+Xpvv2@L|N1@E66C1PSI6qabav{#DVa{jxLeH(&UPv1fEK-}9FBM76FXs)5fJUbD5lGQ@(-c*p?U! z`)UsCl6)QuL>!!s8$!TkxE4j)D10!OiQB~GhnDt@BbhViP0Eu(JRUjSn(D_~rjQGE zKIw{HYL_4X5)ze7jlUeCnLOl7oI$F*mH!bG^P8Z`l+z`eE9P(jTkUkXl1PURXQU28BEj8HDgKVV~T=3THvnA-Qj`4J|*<@voK4qwk zvQoVxwg2mRe=jziQI)reMf4qml18bD1G)c;<{y)ficLF3YS??aI3PUQ{f|d-&UJ7` zUQg?3buK2(P6KCjC~oOJwmH-CFVtEGS~CK9NZ>xa0@nh5i5mLtGe6NN(WP*(*A#{c z&*u2`o_=FHR_iy|^TPyH-K=?s@m9GH+!`RyqDg9(>baixjn^aM<%Fj*V_g?8 z=yd1TCZL9jBa-t)KPb|Wfwtdv9$4tSTl{qXeJee$gO`BW8d7eqO@3Rdbf6MG*Kzlz z3hbKbqjF9oPu&rfy`@k)IGQSinWOa&VHz$?F-k<>*!pO)2c>)`7P^Zh83Mm^mkkPh zN0W9Cd|AtXSi5p^cY>Sj+r#3;9#H%E9q+{Q2bEn z#c7ajH{Tlbh#}t_t^Qe>qd<#60s8cs^<`Hs6HL5&7?h_XT)u<}$E`6+HV?<|@ClnGoUiW9GT7K%yNkP3Zu^}Ik0cQpPn z`iWj+t6>)n&GVR0N7Hxbek%NY?5x(Jxf#{fV&1@bv#iFF0T<(C{ci{SPQ1CJGDKsP zVeK7VxChzx3TDp7e{`t=qiXHqGs^9bL0a^`Ce;>(_P%C0PM^9z+|>4xcEF}b9xBk* zxhC5yNV@K;YMk?N%m&(No1rN-c9LQYdpv*{9hG&S44Vn%9EA(`E3Uix?O>JsT_t>OPiQL&z z;_aF17~Jm<<(KOw9nGYj+na>8(b}o`JiH|sxaPOd>er}ZM+h;sg^wCT-t~J>k^bSO zsxU1y1qkUit4uq~SygtgF=j9KsA{x0`K2%2OAUEtu2>};gDM0N(m(wy$}WM60Lt>= zHc;wtL74Qfziv6(?NzI#Q6AaVlYw!9dSPw@UdqpUu%Lo8tl@vM6AtMwH2lyK`AmJI zQ4^{~Y?ADhR^aj@8+PdGLss2=UZ&Wh#W1U@#1DzmsoqFaPIZ~QAdq67JHODI&YN0rcGmR_dZarmEiZ%1Xx#EQ^QdM%MSVN_!;0aV15!*DML{x4#IB2`@vO;31Nv~Hj#e-8Y`soLY1vz^YPUc>B!;2 z{yMiPn6)xt*49Mf81_LWC@w!1c$9Z0g-};dEGck{Hw6XUT&CPRA;H%f-`M0}{9Ri6 zFNr3hD$MNK=a;Q)HEkiOf#sFEF{_H+DZ4WPm?_S(6#Ow{|7KspojTdu@c^=8?Si1 zp~=pT4L!*noIpTAtRKXEpre7Wo6;0_Eo`&~^c{C8&OLDs;(;5*m_(E~^@z zodu;Rk=%@ES*OTY^rKUM=|A9PJp)6o8*IR41{W82oIk+*9!}LhD5D$Hi!n^ge@csFcxsFM*HXHrkXC__=~uRuR)9@CSr zTho#AblQ}nm+k{SJ$K^pFmv~?6?UqMV$J9~UV2yG=l1jOg|Y{?xoY70uP_QS5lgpL zZQNP{jXJp6e7zh!b`KOxO*h`=N(h6pqWPWlu;cDdV2%wU1fW7Q|BpU1oG!R-K@2FFKA!pXGemn@eIkdaia7E01(N`|@faL@l z#ylGn(321OgPq{8ojQ`EvAZMES>zwNhtEJJekg}nl=0_7)Sy1{uz12(ewd_~azHQA z-!3&jIQLEPY0U;W-H_8C;njvQ#Z7L9-@zd(dCt;N=W*Te{gmD#*^D*i7kt?^E_CCA zU2Cw2B9N^q!W*CYqeRGkK~!gme!DX7At71Kr1(|p8{pR6( z5G;v|_?RvH6dv3y_ERh1;O2xr)xqHYJrF8~W8(;#mGE^ryBHA!ZzaegW*ExtpcqS- z(+X&r*d2v;oL{n$#>&Qc7&4h)&~nLinktcoj@5be2x>*u!Qi{62jL$gYV)xiaMBGtx zM8pE78gLgM(Xx;#dSqO`a|q6iow-ms^gt(i+e-X2w< zx5C0q=JC*BU0p33!u4@J9jj)G=mN7kf3*6L+fy{&^^=ECQArzuF11%+KBldoP<+$-@%4tEK zmT&M3b>GSKT3qeb8-!YHpK67YhnEBZ7RMxzKyvIUo9b_4IY%rY_;IzA3|K4>Wbrkmvj+In2gsAnAo{+HN^}#Y>J5u# zkQcg+Ksj&^j%gQXQ@wg>_c@n;J5}(#d&V2`+;64(RN5ND;^&UrOXzBwd5cH5CQCDk zA(|AbGNo_4XW=f(jLWSD89q^bXYz&t>XwZxA{-G?jTQE1S5Y8c1+kg$~`$OFy;u^9`Ox~B}n?Q)ug=`(|cl;qP zqki?2%wE;Tkjk{l?+_^$;M40QQf(O1(|0YS&07vaV{ zFB_!Z3@npmNB=x92ZMrK2c80i9D|#aI*}sBHAsV)H!xi0a_raI(tD;{T{UGRhAW2`msQ0t_!zM`I!NAicLAL zU4wYMmw^miOUnuTuc3*n5wx(O4bp)C2Eu^A+Bf#Pl+~ukQ7K+>fT%|RzOB_A$JkQn zVnOu?bXbsE4D;UZ=+&#_Vw!CRIL-qPyY!_i2hCl47_3cjY2rCf)Y)mV_GA_WM&zX{ zPEmu4ISo~7#?e)n-LP}WH$}*l1QbqkHN}+S0j2mxdg*ADawG)fbAaQ7U*V=d zklyb|tjb>qGn8SX{WC0=nARu7y}$JMs_)Rd##z(3LZB!E3i0vc!Sos85FCr1f!vU5 zcCSrMchRSree%hZL9|6D1aH)P+|f@dy(>TF4a&nN3ZkQtpT9<;FXZm7c(ViNr)8Fe zW|55FNonA!)02RDGbViIZ1LY-=Uo>Pv@HnH0$W0Ozr>U=oEuMRwTJw~_wg6{xn?iF zib%96eJbhHEfz@lU&2(hnIRjZy4euzAQSZ9Ct1@SQsC@Dm^uXWU3xa@Z7S3agGTx{ zTMoyU&$sSAJ?oWC-@!XB?mg>>hAQRL0B0v6ruO`IhaE-%HdhFw zQnpd~7m7k!SDfZHw4JnuSqSd}dLWG}$!nrOh{e^AQKT3zz}`r>%WIQ?U}^PC7~1UT zUov#%^8D-Jv09+NxcSxKRhs+O)S5`!r5?~zP~pD1_zmq0O6}bieK6mpszwtGDpLmx zcrBsng+F}v{)azlBvWY6v9_`LD}#$N@mMB-gf8+(Y>T%zIOMLE{X$6R7IYIVvJ^Hz z)Myig!N7lQA&_46y$^BLyB{DNMn)kXse&>ND_Iy?rf>-xK{@CKs95}y1&=nZRJMAX zbsiS_O;$66b+bu!7S>)-!>i3?TSXVO_&Pj!Xl|kp=b=g2+BLvYWm1Kr(T({YSx3P# zDgK~dSNr}4&R0U^_(PNwnZ>{J`w2FHdnXGm1B;0xP5A|H_j#k?V$A>v1Pg{o{6Y2? zRvUk+X5f}9r{dl~ab{%k;U9oWr;CK2^`6v$pQZa$Wt4%{>($D9P3_$My#rRYmGPn! zsupSWM|rV|sOCo>B`fnYd(KpJju-nOHL-Uj4ptU>-boWE9upFes}?r3@am!0i<{17 zznFrJf?S$WFn?08d>ogTvx9tP3CJ7fV|@aAZ?1O{p_?T}SI5w4(!o(Ade zI}aY>Klz9X`QB4yP-GIDQ?s@jgK!cJj8+#&B9Pf=#XXNDN+dD3i+>5=SC&XAnTcw{m5!oZHg>ZsNrbGqc~s@1cO-DIQkPO`Ek9@QZ1N}Z z0=OCN?^%PLH1r^6)q|W>^cMe&mnj}!#fBDLX-18TZWSrA>z(nY{NeNhP1W#|r}uI5 zT<>LE^_;WuiZRyK5 zS>+D*TLjVV^S(?qO3NyyuP)#>EClFn%>*09W`%QF?z}r@j$kc5DNZ^*#Z|NDDFy#= z%x^Km8VRb#VG6&>j*}xA(y;%Q^U9cXxA;5}pY^AgHQj?DP^9L^MKoT$V-u%h9XKvh-H0r=XEUwGL z;)eOkw|9>Jo4)b8XjNvcio@3&bqBqn z|JfM=1W<(MPL3#|d=lei3Nc=ypzy9HMRWg+t$VxS9Z}6b+ely}6%Ob^-W!Yg*(WA6 zlb0`*ka@&h#i%CEecDMXK~9L*wfZ+X-h0&;<4Yy-#ya`4jrz}Su`4Rvo0|oHoBj$| zASt*KQQgx5>rlL^n&$SC1lc48TO)aAlE6#a7Qra#!j9SB6>o|75c58B0isA9#6>ou{Et?yrZqMytwv2+LOdn; zbox21THlTn_-(kjf|IU%rZYubX3f&6%y;uH9qWJBc_g^XqO4i0U7SDU25`HtlfDus zmLN|S<83tN8a=;cVP35C(3}PWA>D-ma1@^!v_5ep4OXIa#8xWgGVDwk)UzxaZxcyt7uqt-HC_ zQUtV-g86<|GE~=P>R(hzyvqZZ5DygfA}1#lHehMR|LM;_?j&`>tt|;+SapC%EbwP` z%}-Tw>1%5&)^Cx0$CVjwWyVi9B?{-@qRRfN`0KR$v`yeZ%{&SECWV#)^#zCT;Tw_* ztVhEprv8~tX`zLDrLp$3J~l`oQ&?^epY^=;P4AV z*FW9RKN!DR-n@`9vJvNFcLErte_=JgsEUPS%CY_~OVGHh5Ao?K_9kxpIl*bWiC3mI zbbgv8o0yH)hxS3UcbcbH`^s!;PZGmk9Ykk`@)_=t=dGRV%~@Rly&!|H z2A8DA<>mmu>qT}?du_^V{>T$mGW7m@Ms_E!weqpwZxz5)N`#XM4Agw#NCs0bB_2yz z*1On@h^!I#sf!r39&o_=D+@vdYe#vjG9A*>EcX__x}Bqf1}0-4KChCXcJ||PjzD8y zE5?&@ji5O9Di0kQyfdF|TCB8`Ninzj);7icfG4@PyVlu1$r1g2Y<;Uw*$siIO&omV z_=C!u4DK}Ql`iCcR!EZjq5fCpk0<8SXZ^MEkgQuk{EJdDz0hYdHl+$gtQMAN&%JP# zm+MArrUO*tGX=FaG=92f;l}?>IG)mcSZj+NOnf(pCB&6U@ib6f10gRot73GcKD7pF zaiw{0vZPVkUM;fmJTBInR!OVngXE-{w~dU7afz?4_Q0Lw$*qOq+oRuQC7(!SYeE~y zaulvXH*QmeA>S>`yNd75b$QSF3m2NtZT8&Fhd#RYjm?SeS|#ffUf%kco;;PJlMC-F z{6}0fNYa_KX3CRnKBJvqe4p-SXz(mv(PjO1yXdYKJB5z6EYaYh6=~gfo*nr-HvhD$ z1P7xCO0xAC0a);W3mQDrbg z3EqhiKZzy~Or|;4U8>~1Ol33EYvykf7)`r^yz(w|u`<&XZv7ZJ<>YyOpb$_ldvtxa zD>QB84ES)9thRuIH^hWwuW4NO883;Hw~6=kY15}jN=9ZfC+&$hhI_1T!jmom7N-z* z&W+6mhA2fDl?1kJ$7LU@xBQ(sRZ7hFbv*}e?K+!Y7Xo{;qxvZYI&Oo66E!Y+QxqQ4 zOTNp&o{8xDO92Hx`sxSD6)G|vF%P5X6YQFtu;=B4{Pq?12ML?VmNFEk+it6P%5r{#_-guQ?Aed39LMne0?(X-?~CRqvjpz;%45h^NPcP5@b2LEY*p*6 z_;?EuZZ|S7^I|`GIV0P0^6KB;B5%%aDcc&Sl{W##{S`~)otzI3GnYevbCdT#Q8Ov=y9AfzwddOB z&>1t0LNisXOZp~Av$c`HDvhyH^!u<$bnr!h7+eKjsNByY+FZs#-(5+Ou($b;#c6N; zH@4XpFViGj#9#`rLHtra4p*j*%!kC*u9f7fFYv|J2-bVHE&d>RnLUn;^;cnT#J{AA zpXv4k685Tcn7G9%CKx-GeW%>73suafO~3WN)N)x3m3?p*k*1NLVOsqS9U2chu#*S| zy?Xm8nM`8_O;%|@{p2{GvbM?JCoqIjhULzpuk&|(!3I3mup<9AzG@6zmsY=_$KV*s zK3D<8muU!X$KL~U@Y#?{l^dBP=}xQ2tp*CF7PsX7!L@>Yzk4c&j^?U-xF_J;wJgbo zMZ_i}czek@T5)QWc@MEcPQFD}M;+}Oa+I3>FZ}~Khoe&-YzK`1wHNPTCC8!mMyh|> zZ~z~Tva|;!V7HTP_1~eLDdLhNu?yfMs=SA-INrzql+-XDUd1gz4a*es1N^t@WtpA! z143p1gv@a$_Dq!ZCgh$rLI>kiBT-R8{|f4~OsKu)a*c%VC{Y(Hf-Nk;W^E6b8t1LW z8Sc;DE>E=|X(*-X&b6QN%^_tiJFEY=O7YpL&~{SpwfzG7jXFB6UDM!u}gEZ3oyb$9aEirh%k05C%OG(V6g{ z?b<*8z?oQVr{CL`1X=?F56861D_a&tCp$8xWp69b005egB8bQ(BJKH|X;j1m)nzgDT*0f&o$~fF(xuH z7$h6=DWtz}9Knris;@=87~4D<)du2CXOkiTu3z0Q;fbRo?%m3`yK1THcHS)eb+fNw z*`Z$rw+6Jdljz4SMi3F+h*2lXni%EG7ABDqz`lo$O0p+_rFw<#tM8p7)GF41&&PQY z`aqx5TMnvFNGc|Pl>&HFkQ{L3wVZ8b{l~+0;pgjiq{45k$EcL4+lm)Z+Bi%J0Rp`AOk6kyM~C z_ei#|ioUF2;lKVH-e+Mn;=ewsVPoO$WF%u*4+Ugs-SIyAas4VdNkHSlURQ_06_5Dl z>v5#YJl=2|9(HkxkN+o#li-bsQ8J#EGKcg3K94S{A7+|)qd1|7;2Gy!}dK2ns_hpVpk~|%s53)93Dg+(rY}Irq27^TXC(yk3WRL!^ z_wD%{5q_h;BmU%e zj<*dkZDr{_qq|O$eA`&xhYX>uUtQY2e0toQDtR_F2RpBf;D2gj3d4jRxv+-vBc zf;GvXF^4Pc1<=&uMIMcy;UjV+v`NSLXTrT{KM}kKn#H<9;Mysw{r<5Cvr${hGQ;>eUXj5xqWf^PfXj_Ba_SduEA-9$m07m^Q+NCTZ zNq)60li$w$Soje#eWLd|r1$ebbepqyj<}iGLwlVVmyhfk4o~YV_UlznFMzdz4IeKQ zxK|jOMmqMM_WJLg`nk9#crVw)d#4+cH>Sjh=B2TAN^+Gi<>jW~+vYZv`kOTZ8ko&G zvX8UDTPu6s1?WinEhU=Y(tQ0+jjoTzvIOvNqMx)i9j<=wpYCN`p)m1H zKd#rFA!ObYB}xS#d9*Dgr7X#iJAR2t4diP$T6ZzhoJPk~ybjrMIb5X|9YmCn5B|0P zM%|Wu9cfDZ8pSTx#n0|!G01LqlT1Rs-)WqQkIIT(;Zt6lUBS#?lt6@(o}qgv3omGL zBx2V%>7qC}vxEVj_xW&GNBHn?xEQKupq~x=JnyzXg^UfnHAA%pg=-j3k8Zt8((vMg zULzFHLI=gjB!qWetCa8IMuItWe*TM?bC#yoJZHw&9D_nf%_PuJZM#uO<^v`@EG*db z$f^a1$_DcF3hg6DMJ&)|Pdep6o*8mP&x%vkEmk5<)~^os6p&h8JWn|SH06WOz@da$ z!g0Ye1DDKRl2wKMJyHTb7!Glj$epfh!ngSV?N3$dC8>!!F$wjtb4DDe)kZT}}~--H8^S#mwX7Yx3s%%{s2S;U*z> zj8p1^xF^aiJ8Y#B!A+INjW&eXYbf zJL`6^Jl|fI??9@xkW!rrqIi}hEri))8upLKqri0tDPlI1a3u#!me^0EUT+L}G92H3 zx}ee+CU~qJCJ505y2V~E?1w|QJm87uf;Nl2tExZxZf{bA#5|ja;O3NnVw<1`cDRsB zh)J()Nl@_V1zktEP*L8~hT4;r8VU9T@O=F2xoLm^559_Ol8L44wtiMj0w9d1LIT}y zW6ldjjXh1>2|}lmVD^6bSRgGU7mv5CHlhNiL_GW_el($FR}k^Lf{0%<9G4S|G)s_2 z?CacT3Tb~<2lG2zbwgHiao_5t$q1HQ$4pbL3bW%B!6so zj{MgLK`7VM=lwf#YMst2DMltIYD zJ&7;s^A%m`IwoiMbvEdcab3gCPNzlRl>l+`;sRt4;Ht>`e4?kTpS=nZ@0&m3{n;AS z2@&slGY%iES3TG}+9<(KgY+%-+V;9s_YSk$*=v|NX(S2+cJC~TpQJBnrqDaDBJb(XgS@k+Y8g%2du zedqmE2onDP~cY4g?MOGj`cg`9;_;)!sM^;x4 z)|OY?ot^7xaVMye$H)v<6?HE^+nbTTTDf$~ur##8iZ^g>P2Awyw|)BQA|BXJutmwr z9In$z?W<>Zzk3{}*_=fLz>p3KOFh-^ccd6LFQZ?YLns<>%l`y}T~yv|$03QQWnmfQFOkz(9r$Louo6h6(3e|~-%k!I3Y zFz4u;$5lVw%a!v@Y{yiI`(`{ zJYZI)((#@ufF|2u-ahBmtFrUXlF4fPw}>+Ls)zYLr7 zAM-XoGVk@-VD!Gb_{m9bpBpRIIJxwX{yo_DEp;nFCV3qGLIrwqgPT> zWox(005*k`b=(6S67kD9#U4{2-pdrRCP(2bs;`8trUp8;V!9NZq89hSILHMnHTsK0 zmLlQ5B4pxjG3ujr5h_n-r&bVzXvWT2Bdwq$5^}~)ln0_@5Wu~NDM|?piDwMpx~M)^ z-f*3km}T56e>dpImqG{&+pifaXQ;s|b1n~lBFnNfOVj>R$m! z$VDyu38+yGhiL6XyXP!;90u(g!{}EtohbI)tv6RYvSte-?_r&7%vENcaY%>DJX5h< z7slG#56Q4{IWyRG1@9~7@Rm|hx|}G^9kiJ=ypAe)$S1c7Z`9&w`B@26`^k`IdP zkTzK7Q;s}&&{6*JdmAEBWY&W+#1S}^iJ}0KqQp+0cuW|a3@$^Pv~~xlI1=5z&M=Co zY=%ITGOEB06m)9z=}xkZA6}g?2>as4P=UK%-6@3KWFUB#Ga$mf66 zS^}9xR5o8-%s3EKc<6dk))x1j3x1V_7=;-$f5rM!FDv-3UKR!!z4=`*i-!sfL|o*+ zOc}%)>+=L9laq=i`~x9$jk*25v~y*KPaFz<@xST9N#|lziBMB@g8gBs($PFI?DH)N z!<_KdrFyU*bRtp7`=%4k#if?OmX}ow&_6L`sML&y`!-+5sYXEEPDXn>>I%?rzvxPy zGV8Mhe8DZMH2PWDR^m;CVJ;%bh&5F1LzLDLc)I`fU=VneES=>f1$?K0g$yib)OjES+MbDq9IHCEHoPKU{ z6QyDNhZKS*FabO1WHNMNw{D|hB7?#RmMSR>j}j<$3I_D~A5EQY zCEX}x`P~qj(4T);$3DO^=eUoG#(%Z(QR=vuHNd)v6{3w4zTXMr!Y+^llS{E}fOC~$5W_bw z8^Xjx1ya9JS@2%XvN{OR%9+dcTVIV&>$35%rPJ8ADi^VhP?S9qb}LGH<0bDnG3$dA zT*PN9Z73%a!qTu$kz&-0hW)2up@7sS89JvE4aQV=LQO(y>v|H_v>MA&=1q8z8XZa5A(g#J`19l z#jG8BEjG3fyX9@k8KRa)j`<0t1yFb80hw49>IsB30z}gaL(qk0;VXhf>4XA{xA@Dp zTgXB!k6hcp3kWPvSN_q!Y)9m7q<5orv^rZ!SANsR_FWt%r+uRgnR%8VBFW(QgdWQK zn+Lf2Vg`YQ%H*dMk|ziLBedtcyG!l9$E_*jrJ$r>23QJcg`^S&SW&7J$!U0(zz&py ziC8_qc6rJRrxI#>VXiw)A-e&TSk&n7b6K??N!X0AU;wy(K<;3J_`QKJW6D{J{`dPj z$STP_cgw=iscS+x?GbbEw-@^>7bZI-{clo_R%zWH!8`1*psYT>cayPZ&0>G9cbW>7 zYzzf4)T~{Kql(|v^cS92t)i60c{*~6@SP`rXrklMR*IOi5-ce9pBM%-GK>Kb-57&Z zl*|pLt6N^)JB|dXuYml<1p>ZAdh63UkAgfiqRxoddP6 zKNq2|PzJOcA-;Oo);4w?xunGGQj8O4h995^MfSs_O)3oLzvX^!&GMl@fm+7uFAY?a z>BrFrS?I(t!K?>X9^|gTqpC^hcH{5DCs<$x377hB_6riKy=1RXd>Qw)6)L^2lBTuKT9ybi=$8}@n(@20Fq&fwoLb+5y480@OhX;gf4Z~2udOo; zP1!=_`Z?X4GcKCU7SB76R{SVz!xf;YTB%PX4z~{ACj8MJEa;rCkiKqAmN1zj>awu- z%!PXgh*5`)@yg63@Q^+-v(p0;EBi2!;{3CKQHUL7xopjexv}g%G*PjNM6E=>2%0{( zYZ)MYa?M#>HQ9(u$E_++NfrR%jMC8W7!L((ucb(*SY^!Sz>O4Lv!_S zi)~=cMQ=61sb0iNSdwm>xGVlziaAhF{bg*si6Ev{x;Hu9*(7=%%N2D`7T)yrdM9V)>(2O468c2 zkugJP8N^5M(uzX^Q51tsW>`O#tb2g=zpZm*i20^cv~NY_EgN)S7~+^1DSv52gxL+} z=;Oz{rDqDWz-km!o@b+sPy9y(S)&X9Awx!X_yj8Gm+m_L+PK|xDe{OZVz*ur+4BDF z4|7i+C~Dd$j+f>-R>h^@v8!))Xr&@wnH#K0wTzqZ{@g*HRse=Y5LlSq1TNJN=gTgo zGI?Aedf%q9NlsQcKU2I8rE))tG%+gDr+>m_{<%z;y*W`h4qz{R{uX%)y8%w}ghO<7 zcsiYQv{bQ~hOcyH;%ekc=H}q~B2&s;o@zc!foAoM8Fvr!_@Zdn7XHvB9L|kn0(36A zb)Ry^reU;?27spjDdcSq!#+wm)jq^8Y$6N`Ws)!*mJT(3Jalw|4OWH~yII@jQiMJ) zu{66yxLER4EjIdWheq204JM8|kNx%W)JpEZABF;b$H(#?ipI2g;TbKar5ZxX;DjmH zq1x+%AFfy=*7!vE9_x#go)jXdk`3^`WuFKx@M)_xaB1nQId2>)9OA0lo!c>1sa0f- z1nkXdDNJ-)=DBrrHcEW`U_8y|xChds5(#sH$cH19NaXQrWu<#Lcvg@yUo%fYdXFKC z$1+L7EQ7#aY$lU&mahxNadsO(#eL)oOI!|~K6k^+-)|Kx$Dajy>| zmD0l}ikbDA;(c1bJl7gcKWeoMGO%Jm!=8Ych7Z(9clbDxb((&Nw@JDONf=?9i4(6W) zpMbHi*-jX7r*$YXPp4?gr}HTDAXz?>DyHlbM6+KC7`+IGEh>{~FM1BO4?lOWW=E37 z`L{@XwKJF5NkSso8dOPm>kb*(Z76pm8>nq^of(^|wCW5PgUJaqA?mR-Y^KKgJyMlt z`6>E+5ZH#z#3W9HGmFk5-fLEpQ#p2S}5p@z3kG1qhxlln^g4_8yTsKt|M=r}@A7|7Js!MXJS z9G!^G>p&3Z3zxZ7xt0Z&*&nZq_jQfIpB%crkHi!jxpK7BGJM#WnKD!xHu>f8gAsW? zEG{F6f8=C~W|@%us;7h;(#Qg#rALq~9fEug*gK>x*5TE1#2}r*+4907hg6{Mqc2BG z0bP&}{)VAm6(p{KahNoF>&DNEU4Z97-Yn7cn9BjWLvy5WDdCHKC`PaWJ>(VX%ptgz zh~nbLYQOG8x|dvclFXMlt0ln}aSaN0mpKKmc3Mx@wF_1FVr9TH@=aocjmUh4%?pO>)!^XP5aE`uayR%fRL|J92x! zC4BWu-Tns;kIm{boh>=8J7fb3Q)m66U0->FcI;ZY#9TsQ_R&K=^*miBB;}&M+?nZ zJnr_%(w##~o0_tu@#a=~qA!o_u!G8m-GWo3-Z~m_8tcJzw^+AFNKPw)0>NL7U`Slr zwLG09D;@Oq6KV-8Dt$BT) zxnQD-dlfd-4xvV^JoVpwdgZlMpdY;t8HiJ`io%?Q=N-3bj>LJ?Qh=;t4aDRf4;c%q zB{Fxo*U5gCxA(PBjkU&OZ30(-3zNRrdRXyE8^ zr)+p)m_t`4;9~CS{2jAZc=&K>+hsu)3}6Tqg!}x_X7;WTh$asLKIgT$&+cjK%LUPX zBWeDLc3Jei_ZIW-I?xHJjiyeWxdIAin%+Mf#F%${ME}O);(C>XP|y6bZ13E%#qaUf z#e)TJFMjiFe^&O@`QQuE0oE?y-aj%>y~Gp9Mw`arkmkHp_<0Z z=z@w4`v8wluNy4+{SrH&F3gY|-kN9a$GGHO|6tn%Sl94FG!RPUl9`=v@%26BC7 z2T^UfJ3_X|hTKB1eww|qdrnZD2zS7~L&@9B&8;F#-*sw0Ogf@_Vr%`h`s=U7tLibC zj!%U{0?AszuBIB)R^LhzCK|_u>YrL5OLN^u+>C^k+t&9AIUm;^bVGy7&T|9s4>k13 zDki$v9T%)Dm`p!d#_fHsDAI=ACz5kU;v-)B^6dt8Jrm<-u-vbpYFa9tj?ku)cons% z+Y9!(B@%*ZBw*n~2YupcWwLi^aKiFS2KL~B9m_L^i z^d_iVVXI~`)nC;scNAni@MZ9N@8Z0Bt@6$CvKTxE7?*n{&L9XO)YRGCTNAfy7o+LA zO{C6tZu)+&+9S|VTDE>pePiXx--VA`u#m~A{g#h(xB;R20lnsdOJyLFD=R*5ke*Ho zXB$_{66~rD>E&E&xg7~5p3cun#n8zox84g-{X4s&`nV{MsiqN z_*or5+i*J)F@Mh7J605*OD(^T`4zoaoi(nJXk0d<4#2+O@I+#hmXSd&vgwq;4+*3t zO`xJ-jMBmxi#OAZ;Bgn8{Qrmo-o>CQjrjhwh#D1p{r%=Ys>Z~g0-L^p(1Ah$b*H(~ zoRen;Ee#pnpTpfM8v1hYJYR6lYz3sXS!{TnnoUrZ)S6{n!B|XcIygGkuAKnRt*3E}Y8Ge5;q!Hg{bpAt~EP;}L5HC59d;QMA3T1nhln|1Edgqo0&V zh-fbt1C&Rm4!_H2%2{DDY_=Oq_g5lHcja=2H?U1u4az}YtNZ_mPYC#|JR4w0Xf!ax6PsFgdO?k8qDvf-+l^|4>nC zek8xK%Qor?A@+HW&{xPpny-d^nLbx2V#aqL=2kf2$tUJ=ec-uszth&oS^1;R8bg%a zmvq^2BO=xD?xHB}3;>;3SRPXqNEP-UkSnyDguWRWtIB*(p5Qj@t=)rvtag11*F3E= zV~c9RRrtn9nEWgbdBLHH1!b#BTA*s|{8%esL_?2s-&t0`h8q zdbZYw;l(>HOnRJ5<9DyJ_(b;#9JZp(Z@?NY8N2@kTwwWa{IT_Up%%WnRKMtw&8+`` z;a04+c>3iAb)GXxz=z?`OE-NM!J~0wjN&q%K3WZIJ z`)8WIDbs8XZnCTICWbY4y}Xh;i`YidA^6CGt85G?@W~&ciPAvuN?B_K=x5M`$y;Jy z4%>z7Z{K(Zwng_LSgn7k>$Bft<+Rde1HPbRuOIMqZL<+3o*4#*uYWxMA-vDS!vKmu zTXA;03DuaIf*dnrraT*TD}O9d6RfelvI>vaDeTmIAK6r}bg-|E=u??X)y=2F5DQl6{MzKNk#nyweoe1c33f%iuJ7t<`?TRX^WxC>5$+{U_h&1Rn4eW> zV!{*VTyyVcbQ*0<_%!&Xk@Y?S*hFa8e~X+GS%O(ZX+603(VIq^ejznonY`RPql{)) zjuru#^gkQ0;R@ZQ2|seTQ$fG-U(C{b$x5n>DXi3rR92nKg9B2Y-Z>X-dvYG~P`2zmIa; zb!4EEu#h$w{}p|6{ODkqe~i=oD$95oMMLvD^wuv+DJRWFGx+hkE8~_%CJtFuKxX#f zn>!hz^lhg8`(Ie9LDn^8LCA0Bpj18A>};y1Ls~Jpo{F=siP~=Fie}I?LhaAz7fYhA zGR)K{9XwkGYR{lZ2{KJ>eVsb=nQ>t%p{b`Au%@ZZziU#;m}pog5Cz)VBcK!fyMj)( z>%8Ah_|e;)ww?Z2LBPhbbct#y?$iNe_q`P>N+>Sy;!_xNbBF3OTfMwJnbUJ!_S-^T z9W2xypmAUttnMjhIM51E%p|)CuHfl^gZM&wYJvW`P}ox)ul~BBRQ%$$Zzgy@Qt?p` zR`CAQFT$G9vI+l6t5cxH7 zhdzqc!*u#2zSi(mgO~@^l{ZMHFGmo7SH6|8gHmp7G|r#JkCv0O0)bh6OStjcPG0M$;$gQrt1rgaEMzT=uM00izNikjiusAp#}?$9 z_4%tjA{z8Wa9VpZSy3|k9>3omaCJJgkQ|Myr9Z3>Tim18Qr!MtU&Q7)_|RtCxa@HT z*c{Z6#dm*BcUwq?bwfx%Z{y@xIk=PK!DoBA_P?x;(&fQ~x#Wx)5317c4FXHKzDhT~cI1b*b36*y z$9s{Fda#U|lFZX=+_yBYcar#633#>?o^>mdbd13u0gL-zQq|>u7OWAp)r5k?+^Htuo_#{ZMBmo}w>q zmkNMA;@FK}sGtHF{@PJd-cipm20e*?<|s=OYW!UA=b+ecVkZSbDb9yVO-CRiw5NQ3 zjL2i|4GRNx_;qyMY$ zO0_E;T`v6Rb#B||O8>a3K0t@>jgMz#%~|udF*tCNNclsavrqV)VqYcr?KMju4CXLg z9+V}!u3aIf{JQ*@8-mZ54f?)pdFHl+lS+-CUsHaJzf3hN4bhr(j)+Gl_p0XApR)_n zF#VUnvjfQUb%9lxD9w~wr7Aodi0w))0>38lL6wukyQnJNYv>auZGZu{?HD5$ZzGpT z|F((C8*PhRwA&KM2~~otn&>c$zD3(nMZna`v^5;IUsC}Va`Y0)kVv2<9HD6>Q-u&d zJ>(mcif0TR4HLa;5|T`G)O${u4`(}pHHH65&jy2}NkbvLCKY{*_^IQ(w7?Kg8XR{ueT+wo z9#yGXm!a*Ur)?Ea{nN$h-^ZDtJo>$|7KKt^;B9 zKeMzq5hhr^`=4$xE^OQOo=|pO5*LirNuWEdC7YL4D;&EdKdx>krY9(U=;qugbJ(l_ zo^(>Tm9lhKxsT@psjS-%J-j2%N4Pg*3u6~I(0>{6p$Tj8ZwHsc3Tydn2W!v#;AM1G zDd(iN&XWj1qKGh~k&P3!Zu@YT7_$j5Qe()@?>9uf8tNdNpdlh8;;%X?H-_o|bB6gazfTm|k&<|MqlZ|F0;is}>b%0veKJTST-J)_SWMu0; z{cP%X@mS|wc5%7m_jQJ9&BKE(`}(WFrGv7Ac20`MHn8VbO*=b&CpJ0PUXiUY{MJ&g z`6iuwXP1R-m*<1;nN3Ukd$jHiq8vq^T;IMOmkXY+ob+vI4yg7uwC)8Qlh*3)vIv3A zZcx0k7=g`GRKQGO)29@6X_YiaUtSys&4AEK%^ z2Bdr)ZqW<`ta!q>J%af^r0ul;p!!nSFl~OLj8crS%%6f&$uVlAm`m)8h?7Gh)XozO z+8XM(re$%kVUhnLw2n{qgcf{ce}DT6(175$P~%5J$J@%KTqmbE9TFr35RIzjqaM0C z`|m@qLtBKik-3p`dW43ioHsR0Wc?H0plg_f`X?%Yng#MGWbBd7HC6WsBw1Gp?5qY* zMRG+%q7F$Ztk!=!Ew?i==Ofe7<_}E$U#E&>s#3V};Cts+)T6-a%zK#?vQ`j&+k{1K zwE%R=D{R-Y*7nJZ1av8k0i;%s;$_-&U-L587ZAeeuSh}J1@7lfUVfm3(@>0Nhc89k z3#|BS-#<_|aV}HYDX!jMu{>Lj7ywp&_Vy2&IJ=k_3G2C z@Oma_*%9VU1wtNV{YF`k7^&OFi~-lMW9o8m>3?@O!S8@nqn{e?wHaNe(a;>(0jW&b z9Pk-Pm1VD<|9RKc9#^nAz;Wxi<8lD)keVv_@sshOJH)--CBw4nDhy3}h+!PRM=hK zTEvS%Rk|{ggLHHk-D|mnN6s#ni{&V0K}Nc|RIdfiOU(zXIko(?+w=KpYtBbG`b3||kLe<`F7TxrVg)OYs& ztNs|Ahn)Y1&-pT^~x803}NO-(R4GARq}cTsR^o1shgC<#>NKKEcvY}Ico z=v@$b%dA1ivy=}McNHR}w!o72D3Um>Ey*pgvq({tuu}q)A<0SVNaH5x1?7~CqEiuW z{l)(gc?xIi&b%AHpbsR>riuL`td8e)S(QQR{=l)J#{>WX1rLV(RY--z+FGY-s#MCeT zwrTJP23gLQ0T5H1k^&Zr~FtBu3%1KO$FuqTha4550SQ z6SDQIjG`1h3M_M8e2twNh&O@}QI)0_q*-8TK@SBq}TaW08~Me_=u% z3%5?bg5-%Rg3jC0e@LEu7Rkc9p7)WCDR{ab^i}(Ab7=6OO<23q$v0vRb0LQ$Y`ETk z4)YI1(dIt^H9=uw+Jkq6l&fHN?m1f|cO(9qQ@Q9#u+=Z=X@m zczl%J943@yn%clT#X3TEhAgLoizCk4p7>|$X6?Gyy+3+Ap^HCyHY~4K|D5@ar!+b_ zFo@xJS(aq+=t7$ZuKeyV$@iS)r~m{TUSj4O5)!G?2NYn5fd3!zFMQ;#$yW%!Q$?ux z-&{`KzOG@V?izO|&G}&2u=kC5H*@L&_uV-p)S|lMXl*oJFz$~t=mv0ERs`vDPk~U| zEhmWOXYZ5JhwO_*BwVd zqkbjNGw`YsA?B?)QK$|(g!)(@<@bz7=56XE#mABs13vxSwyZ2*VJ)eFPsnz6i9o4(cK?X_pCa03CXFrGsGpqK51hjE`kyn$~X3ZBUgt)U*XDq({7qH*s<%F}uD)SVEeLj3UWo7_39MtGE>rX&^jOncijL6~ zTT@!61cu@KodU~ozt?}%rV5T^SH9e|yApO6_-om(RWmZC4phWDgb@$3jONjXTytk= z@^A0a7K)OfQNzyHDwtksD+}K9%ga|JYUS1Vt9FAOS#v zDzF42DFT0{59U~^7U|-{i%LcISXHHELHdHZ84Ztz|1$^&L~`iaw0YfXtp}riKE#oW zc&V#;67T49?|Jb^bcRlkiX0Lo{kzw2)SNLST>#08L$3nxdPgHAf&6Or6W!*Q*iJw- z1Mm?sW&hPkXf~7C(;nwbn{r^rC&2L2u;9~`?q<dSax zsk9#3CmI!jNdAVM{{+LtD6RhOa(kqLOOcLJKt#TZ00} zy5B{o;mqY3;LQZjU3yQO-N_HoG(k6yC(En{7~2@9|V z`|VmX-BOyW^^knADr4$nfM=VnOsT?A>*IIGO{S_P%)B;7;Kyf#HyLyd<+JAKW~jzIODq2XO|4Ti4G^HcVQ z^ws{ym*?0=&}#FgG41A`QGx3CDQx8BXpG0cGw1t}B8*;cu3~xsNXiN&>vRMFA72vgw4d{%o7{jmX>!=+<1%bNtFjOgmIXWIBxum=BlQTyX;|JuXmIfB>Cy;XSE_@9{j zi?tq8;JLUTXP{cgF+YFR=3cYIzCIh7GV6!Z%g4iQnil3`zjOnCL=tncF` z=H;%$ML+h14}t$mI;~bW4L_{Ms;*z@z-z$wKl$$#9<8m+nKuG%);6y*G|Ax^P#B5^ z;g(F2nqshY#)2ADqEg-$%E^@U^Shhf7eE|2@PFZYmZpaVMsD7!7+I#!U!*wNea%YB zQNIwrcfFgB#W=}xo~+lh*Tlqu^7U$P@D5OGddlqyYHYPM(oRe5ygkpfkO@B@@q6oM zQ{`AT2F-peqk*mDmW@}vXg>H3s`X%+_)X(1>8fO}=61{Mh~@i2S`E=7tO%o~GTIVjqVR)SQA%e#>$0LC#8PeJK{Rn5Mw+1{4vy|$5?*Z4^u5UZ5t7nE zB2?&KY@jyFwyOAk<5Uo~?K!yx=+-1G+l(me70xaRJde+@I)oXM7Ur!ex02ahzAix!DjVrn8vjzLZ{N(6Y3YFWZe=I`S zxr9_%QD=T@g8F=ljEc1H6jlBvoWx$KZREK9Ed1OCK9v@KYw0ahbX#+0%vb=-buZ21 z4)4u_Ty(+iq=*J15Rll%yaTt$*a&&v?&McN-VYtH%_XCeo z3ffF8&nwoS4sGY>q_qmFO0@sPcebn2_HI5ZB*WK+|6|(7Yu)7#A`EOPs>V4amW7ncl_K{u z=}k4B!n20s*>UJ5(Uz#91aF$xz+;4rTk2&B<399Fq-jJ9fR{IgY6#S zDkS;GAuNagWJzt})XL-TKk8NPJleIT%}!2NpA~R1&2j$JNw@PuAjtYe;9L&1H2_BS z-w7{7pX%?CYWUrR2Y25^A>{ZmxmD#0AC+;&0`;D<^aKbyq`XKjHB@t03(x*oidGCl zIs^YpIIL^NIa|>r4}?cfTp2|O?L~kg`4(W+Tmb!e)O6__9KXp{XJMP0^+>&{M>Zkz zlQ+=1pJ4UijrGM_&Qgvb%SVep6+*gIn{h*Hn1KHBOR5R{1=lXGc|`pIWD;s&&vUR7 z4du@mnqjc`c@&55PR3>22`qD&3xKPK_3`-M7EZ=bhZ$)vUze73zV-!%*!uTcaYvu| z^_G`=8Xox}UATQX1*S`N#sMS6v|>#7Ppv&4 zL|Vom@GX1gmtpx@$`ru4SK{_t*mGgEnX05un+OH-eYry15S6Vr8xgSbo)+gN-hTEvNX_HM{K#K`wi2Ul5R#Bf z!_nFd=AA;SZHl>+i{iv_R;TD0=t>NK;LR%v1^*xQOCEnFB+Ms%ViXZ96jyHLU4FkF zGwNn=b>{3ii$kRM>gMcj#feVU;AyY1O};6fa%a#6#Ef$N3f=As*Ck#b@@h--eD0v( z<4;8~oP`kbJzuW&-wT~NT1dZ;xLgNG7-AKW z;o|``dCOt{H~zvRIXiJazWOtx2w3sRgI37+sT)a~Z+jx7bxYx;&9BfA7;ah?QibVD zkMiJL6hSVu;o1x))hH&YKg$XvF!Rp#{fQUYD)~ljlmrRtier}wyik(z?z?Q1lIzUA zPZz5nzPu~1n49*qXB3uYxaTY%fJel8-0&BPXNUWVKcB*bB*q>F-Wupq)A(`X z#Zg$@pxTHw-Jz}-MOt*u`=df_R-ewwr=wTkF>#tGZ(%iS+?;2%7(L=D-roq9-Kg;K zuVNVflL4t!zJfdrmB;N>d0Ub#PLmq5&n9i9Fre{G1BZ$T$6QOpS-m`C7g3RC=s)?Q zqs$)g`|@luRObfpl^e&!!VKLR8_L7Q4Hf&;!hi%f+Ls$NChD(rL5?s)IZ`$^tW$Y< zx~+Z;bXb-Q0jtYOZJ6PR`!Ar?FyF-3*!MYrcmAX?U91An(BI^Uqiy#WX+;uax}D!D zHTXTig`TE2xjoCO*qOGhj9PCqUI*@CsuNgk+K=w__&MIt*K>*cB&p~LESz(NaGW{f zyVdTle0Fh;6~^58mY|@Pc^Zj=H(B7}epFkYCHG~Mq~Y}bAc)N@9wX<+?E|6+6Of$X zJR+TjPa|DiL}~sN+5(3yQ3gvokrG5QYd-Mrycae)YrEbbG?Ah@7j#|e;a@C}Z}_XQ zpcHipnOZq+FV`E2WDf#wA3^>8ma%Uae~GQb*JoxgWlNafER)qAMgFN7_z@jobk@D< z$P!g)FNiVxB&FbM=LV1?_m=!~LdJPl-^FL`BkseNl=JSRM-u3c>jN^8EQdxi-K=d= znYxTs?$3||N>xwuvY5Rc?A(p9p=12ntpV$Y|DEyKz;6TP=JdIK`1%DjeB;@z>br0z z{aYXcbQfb>@KW~Uxj*)o|7Gbkq9AIC+uo(d+=BLUjoTJ!8qAkO_nX(gn(SBdDbVkWL~R}ezGzv6QYOHm=?`z|^4x>L|7K~=Wpy_cXFz;}KSVZmAw5(I9lw;+kbK_o9r*>)-<}B2{Ei8< zOm-WC6toX;?B%VVhgT^(lJwK9dlWs5z0Zg;pDkom>F%2Hj?fv3o`iiww}10*j=JPv z7T>sE!b7q(^Y7vE>cQYQ&$)RuDH&mnbk$LxN#|VXrxB|&-+AY-8-%zI3_G3dIsDww zkF_k_{=fWjM|EXS^?S=wh%kYM>Z=;ui-kOWe-(|Wk4WnRMz-_r>AIVUhZPo8c)_c* znJm_8>Yp;vMCv^|*H;XN!AjjHuBVIh)^vZD>aZuOyzsVVpyyaRDFS(>h?2Xu)}Xsh6XzDHPK+~j4$Eib=|YVL7n_s0QZnkBS27{W7svc$LiQ#^w(92ZhFm=+CHogsI3273PPbP4 zq(UzJ^M401JM&D|aM;V{Cy>sly)}IIlxuU(iYdQS@3Cbg)wS7eWWht?HpD--*NZ0r zseNk42P%Llug?&F!(Jk+F1dHZp0Z8@9Tt70wq9~ejOrl!onmgP_DFLE7?&-Y3Zd;k zNpYv4wUui`AeivU<2W^Vxp|RP_3?pl+g=!kHZa8mp_ zpDv^ne_xh_(CK>JZ*A4=5ux=(nPUU1IYc@69?X*{=0p#JUu*hTWGUm#^A2byE7P~p zrWVSOL|9Iel2R2*RIBpkPRwYH!*zu9-m zw#+H^+^|N&1w4y3u(1{v#|2Q7YgXt0ZMj+8*QHJ3CHkbu=_zaSaOup%3hbm3Wo;bd zN)l{FKox(#CFW#^alX)O&1eiU7(_;uNmwt*PNw=ugJb$;W6W(*y0$9CXlmGKEqgwx z$Ed0rRtsv$(BqGcgnKF(b4Qu+MKSiC=4v)#X{>J z`{txsmGL%%(s9B?$_)_3nq8OWnB$^9e&5G&z&pBOja5D(lK0*vhf)~()XP?@Jc5_o zm8FWhz9}Q*_+0TDC@n-rBbhf*9XGu(A*f6Iy9BfZ;pqt>)~J^d<#`5nqHRpE{TQ_6 zeGxQ;j)zpN21XWUF?O%ys$kv9HPSm`{ZF2%>1xVSLfI!4`g5C-TOkj>2&RKF3QIq9 z0$@h!^qaLt4bE|tJzmif+Jch+=c$|&8rjcu(qrF3N~G(~A!SFTDL+q@)R@th>WblnG>&T0H|55u2l2(sqf^Z8sEDe4kjdYD>P;f zC8!sfrTlCeTX4=_Dv`7PY{GIwT|y)8b(E$`vX5n~6=?bsclXYmxr0^+MVKdg^-Zd3 z%v}<5Yk0t>U{+k^tV(5#%^3D8>+ zTP7(0ixhf4zdvLk>MyGa9(W2;yfD_YI-S~g;X2Ll@DL1BC6xTZ4N+-aIj`j7mdF!(C72&8T7J?If7=PLgABy!|@#WbazRS ztr}g$9{?#brolvy5*q(SS-CnLU&HL{2(@^G#$JF$om%9hq88D4`%!=Ln zM)Rh5oD#Nk)C)?6Zn~#{egV#R38MR@=tbQ{u7@<=wDln~(jOa@R}`i{?h1 zJWs`!Sa3SS2ZPX7wIQTv!-tHYkM^$(V>G(;XX*yrvwlmId}$x5S9*SOLlcr(M<2J= zSECu)%i7$vp_b_M)p|EAN$y}(scBTo6B@$GD#)q=GwN}5%=(#C3TMl^rQ7- zax2-I38fpF!QunA@P0uSnp!u8>oIZ_M5tXbDYMRuWcbdvG&@*$DZ{MWS0Nt`EJvqa zsjA#hKV8NSSE9{)I(=3e;6#zJji zKALe;imkQJavQTv59Q!IoBK7F7ILyvxRk78n6c={EV>TxT5C$w<(K)FzHj|3;FS++ zjke??e^YEF!w<`Hi^S-{psJ#tz>UvN$CS^ZqH4fKuB`2S`fCL}Vss@>P@>wjJD~PF zWAWrwBy)#*)Q#{Hk@-9QE;)ipdD|MCxugQ?R9b@9R(+D2LR0$4 zKD0FseY*;2;G8(w;*Qf!>J`&y zy3(rCiL{tx%h;tKCA2Gh#A^$_M-M?fo=l*5}4VMTuiHFSa@J#*EmT~Ln41< zU~*2lh0rOWd@ANBcOJ3L`y3+r#*8=&ekX;#a0=X2?dr4Y8a5Yx{`N=GFwmcYd?}zk z$Nd=WWK7$I`G=^2g*oe{^OLXr0AQpxN~3Gtw_~@Fo^dg&N!Wc}#oe=-k&5cgd2gpB z*Ps}OSxhP^br*to^^cNYqW&4;xcs=r0hOzG`td>iAaOL1H6(drzQC78dMGDKwDJ$G zh_!brR@zUl@!cAh=$bLDeKrMqPH{nK`7hUxFu`@w53s@67Q^J>Dp7z35Non!E>|e{ zL7=ZIT73};7tA%5$6X$BxzSUkUwezj5)t(k0Pu_0f(6LWH+6w3KCW#r#yTip6V+# zeYDlo4@yreKT{GdEJY}dj|JTZiS96rbAz39BrDBZmafWQ)Sk823ATABCGuV_oHfUyl}*%UGQ3Sp)G^iRg;o$HM$;uVY|IoIf_@C1Jz&-Cgk<$9 zEp6bls^_1!E$@sg-EjLsJW687a%-`1oU`NvmpH54k8#ga0nKI5n5OCR1#ePwd%F7q znc@2GC4yjU?VZ`c1^K;S7wsBJn19h43aBZSdp;1j{jvwkdOsKMt1}`7hPJ*D5mBWws{3V5DMWtPv^{o~q>!I@#nh=VDURw1gfg~2 zMTsyQN&Jb{6B4{&sNweRE?D1Ff3>GEswwz#H;)#!QswSsGhF@o=d?`Q3TJ}Kyq}@S zZzTU|y9XRvF4KNQh<&MWpv45v=!JGCXwypL>9f_9(9R+e$W;M@8DZ`-KX)A6-=)u3 zL)_=hDOMTJeA%YR0&QU<$6JTjm5rNLQ<3Ozd!z*%i}A-b@-IQ(rfvV|Zc*HQ5fel* z;^xnk+lUfwR=>mjYOME8B~lnI?yZRSANEYSA&df!_-gT1?ojbF{>u#!kPVjG*&=uDMt~pyv)4O*L&ir)O^fRDbD6i1ln>LDM=wY*ELL`HPs8u{T@!-nV31^ z-WykJ%PGg)?Rvu9YA;kUL}prAuc&FESPMe_z23*96EYXonNNqA=1QKKBu3$O9eh~+lvhK4E61Jrv zH9f1SsH=3Onc!ZlREp3pdLfMmCr>8kw7B>4@lvLVpYu~-1l@>-s^`@!x9iP4#jhJX zitVyRJY8LcxrX19RrA*{7ObkpHFCjD=x?UCS-sCP@MEP5NF^htTgDjqId-*yByo3z zBz9x!Y3lFUDW9f_Id_y_N+3KK9&lEKYjK0;iq2%5b zGk(Hu%&L4n|N15o$<9cRc0|%J*?L~n%>qBYu;Msot^sDtmo}nlk1}cDSY~=rKWoHc z%hv?*5z@S7%CavbKc6A~9#kUGVIq4Lm58bnXwCSYRN^@5n(|;8`%*mOa}H_eXTG?E z2W0!!XEAN4-8 z)p<+|m7~B6c)E}D|NgenI%6ze0!=b)Y#S5rMvX&BmQTiUQCIp_ctv>yc)8@v-tD$e z)0}R%mBN!`$#pC|Z3H#dEf^WDOmTJuh7_+3>V5L(QL@Vvr~W2I%NIFVm8vsQaBD~$ zN-1xpp%TBa2AydpD)MIUPPUeVGB{8vz~j=|om;oQjbDZIk1->8VV!>XkXGAWV+|Y| z1s5r{a@%rTrxPBJut>5TfHDVhgJcm&@A1a9H4<8?7)8OHG}_cuX%W=Z*zpu*2v$i* z(8MXrtV}ad)5Cj0l#GPgP5JBVxFs7s8G4VBQt*C4>t7;3YM|8b;tKEV8t41IHapl? zeyt9FX-TEV)aLK0BA##w`5+%HQNZzDJ@GxKqSQcBOiAMyVlK3Nj9vU4R~1Y`hdTm=gPN%ALq|l%Bp?X=5}ai2~p9_;sEseTr8hHz|1y zE7DE$Go%}uQLYW3VXA=i9mh!&y?f!tC;e7eiUSv_+0avSvqHKEk%Hi2m@h8B;3;!4 z(SHrIxiVlYi;1zw6uK#Aeh%3yeb-tcru@}CYt%tKY0cr*Er^6{&mA!Y48*N{=OyVN z@J&aDySl3seT-4Rbh1^2SE!9Qd_inQ3>j z7!ui4Dbx3gXw@?qy9g#wUE*t2$WPpYMv3>_$0o+TKhup)&v*|7G5&UW!NWdZw~fHh zHcVOi^^MaN(YlWN03+L?Vr8(^6kRVo<^io7>^F2c#l~uapOzDHykBgmn}|cK5(qw^ znXKYxDS4sC$8f`A<*g{kSv;&*#sVx@*_MSMKD)f# z=O^Gf7I5ah_9xJD3|+L^VM$qI;xl#{6fJ9=$)Gv(_>8v(%>=)3t3Y7hnsbPoC@J*b z-DyE`F(Mtp0^b|@m0RtnrTstx`wvxHDcfI0<*gz(vAsUOAFxllq6l@pC|Y zN%mOsl?$`%@R-_GE8i_fJ!Ascbl ztN6a-LfIfbgtzQ-2y8Cm9AX-wRioGH%wna9;2_5W5v?uCezO1;1RvDTzim{+}N z@S3xJvZQ1REm+2W)|Y?aChpqj>sR2&UsAQEDIu zsi+_iNaNyDGP+EdoeLMSudClheD%MM`0f7>luHf}R4a*b>}h=?~3h9T>(~ z>NV<#;{v5d2_FO@ae$wkD==HkF&WfMX^e!#@xkhZU9HUCAeo5;PH|91<~R{!T?o?V zETqlfPOuY=PUsUBDAKL@`%XxQK^mnZI~#i*R0621lr-;skCo%7KAUBgljmw{l**YC zCx4JuO_C6#?w;ZhE#^(6nRZF+$c@W9tDL3vI)>;-1h3HDgi|Om@jcj!HzTn)r7TnJ$I)Z`9^n-}lJJI9Q8a=YzOkDxf`PUq?)Fb1F)`#on%^3L^NqnF zh1gU>Ip4s1rncT>hZ3^Vh&l8xWr+#uV390b_fOtBY3Cre%rm%ITHXQ3(#P;ZpFRK` z9d3-DV*r0c3hwGvLyTJr)Y!2R!gOAUUf9XGMiz6(YL{}xGpf+&wSU_VArP1Up=ZH< z5V<_)CgZqp#?%79E|-j zz4&J;yw`}UYpbQnU>EHzWy`pQ@NY? zVvcC7FiITwFDVQ#(&`}+g(`yD1FC5*V-+qF3Jy=BH%KqeDa*_Pb@XKXZ_J-Mfoa-s z?s6mZ`n52P8wt%;_)6$?ao`pSi9b?SN{O~F;V1a}*5Op^H+pvkG3=|)na#!&h_Kr} z2I(<)=5*Nm!f`I^&$)_D0K`Tph{81_S3ybB@8}Y0KP>kM6rAxwo>KYq9TJZOeHfU1 zUS+%4n!%X&u=xeYdQ;?|UaXW49Ikn5SqN5{CVj@Du~zdcHgP=TFK5^kQ)4G36u>wbv-yDVxtM21QV6lu(aHYZ1{=yzl-=W9*!g zMyV*Ktkhn!qOj{11SZ_OTcUTGt||nB_%}vBQn3d+Ka7<|#{)d+mS3zE?(A@C@(Wn# zbu%ayl}o1P-7PzeXeS9T*dS`vAa_Gv%%Q25QWHgFoTRA~oQ#!)EI~PN@>wlGXb$<)!7&e!v-EhL zzCV4?E&EWeWdMTwIaif!xQPv2%P}{I_j_>!#8UKe{>(x^`s>TlmznSV<-4S&zYg1ZrmJH?M}0@ZQC+Kfwq>5vVt@o zT%EY6g2u-weXuA6yU8iR^56RBdozD-YvA%l`TQ{kHh5Xe^{JopCT*`PK zT9ow_oZCKcT_;na2E5{;en$dVp)u~KFQ()`Bh#eT%m%jUC{7g86&%Frvdwr65+on} zb5DIA_pKe~T;>_!aoENkQm9rkc4jK>+J{H5UF&L-x97xt;24?MdVoe|vmv4H3f}4_ z%>&6@(AZi=0z5=-YUG3WA$lX7Iv15jeV}*nZnR{o0z@ZHe~}dYy~(2MIU30Ufbe_1 z{9P8}W+-=mK62?hdZCxPrZ^z4aZqW^v|}!u-XuMM(S7wTcwod8Y~6hRv`A>jVdf$w zewmHSeD#>G3swa^Rc!TT$!d!5-T6tp4GwiDH&3v6SJI@|+@x{9;gw;fPOFSN9Mr|i z8cMcJM+?WRWN@)J%vG&A%8xwu3OIePf1)+9^`|{4I7fc;n>Kv9@eTj_Y=7VFkB+}? zS*LJU76wxdNmvjBh}^@sk&gBfzD1@l3l*KqjLuqAW=;0?^iP(EP1jo=CcN+(6ljED)5&%AB50Nbs z|4GDBL&G5LIs<#AVBU6+a3_&TIyI%KNILHzRN!8Dr7_+_^b~gQPRn~{1%Zw%JRRHo ze7KYuQPiRLRKKD24TG*eZ%I87xU#f;dk=0EhPC|ndcr$@HzpWCUgC`f4g1it;CQ=v zQTxSmom|7?I2QT7v6PZFmt1?U}gH)NqmQz}V6>j8B1M-pU)%olEt*WHyR^b%5z9E`Di!-WZ9_ z1yp6WHNC0_-9CFM!eOp-77NX-=~!?=YdtZurQxC&Dzdmxr>?sEqeFA;6^2t<&PA`RRw8 zvI|{z~&>7AZgcwgFwAm<3!mfSdij$+!3rWNI{;VB_+Dtk1 za4d^_##L}Y40Iu-Kms>0&Sf?SEjz0%P!p(2e^WvFL^Pg(3z%!rrHZD4oYV6ePOTK! zD6$|##+jz47}NrTGbdaF&b_YJOgeM^EW_M~jUI{gjDbLd!@~}@7>om4@F3se6uly^ z;x?!TaL^+#WHOnXLdC#QaL zK=8Xb_GMl+0IjN(-n!KKg!MMJ#a(NoZ8O3laE(YfLMe8F&RNE!vPEkIO)=Z%D7qOq(L-vK- z1G+;S$)+6vIeHwR3_d<9PCQi5=^;PrW`~DokV3EX}9jubp@jU4i%TvCb%mTuiRBdO| z?$3ffP0tCV9B>mnO6>$#x!___x=E}c4(5q3Gk-jzT~?y><>CJy01rX%zIDV+xl7T4 zw@!_CppTS*{l;iS3R!WI$`oq5L+qmxg{Wg$a?e$-w0|QW<%Ea_%Inz+jwz9C;0<)J zU}>!Ri!V2UY@@_yeFF85el6|rg6g!b7Z2SAW9l%WOh;^lX+06pnSbYvFob$s&LB)L zS0)>|+ZYD3*hc)@el|aVACG74v5(+n9WHn>JXlw5L5iC%_uxrdzdLnD;@LA<8D$w& z`%rDmG?&1C0~~+J@gkH1?3u0@cqc^tNp#u)bb6c!WjSKsO)GAN&OBk?8P-!|e0Z;U zkFt}t-%!?S;M+N922oX2f)J5+NrJ>K`JnqJaRmy3F zwa}UWvF(0wyq!uGbqtAnF;)MhMU@jKBqJ=Zq1L$IdG5J`+d-#tLeL52^=vy|Q|x25 z9X7^K`Ug-ZrPWMpZ!5h9jp;)C)@-zMJr@#RLZ@*YW8>pX<+Rq>=*)kILUjmitZk}w znx%&J<|uzfQI#|%Lh#7c`k+Nl36!|*8fUo$-wuk$VVnJj9o%W(UgN|V(f&O4!n<%$H*s-*7LM#pC^$3JBFRF)tods7{ z4H9xihtPg)#Ri>9O>UHhBszfiBSJDJG=?%AAtuw(qR^S|TZq)Uw=MNC`rjj4?TziT z_xyiC%+_+JfF z3`3sPHW}Je<^09SK>P8CZi2=xz7h>s${Y1PWr0~s-aY-$7vG(k#qPbP_D_2+XZN?$ zS9A8`n{0=BKNIiX1-fs%`Nn}gbL0fbonn9Rs~{)giFhvNDlsJKvh&8sx$G=l86upnt#Dtk=iIZ2{2kufW)*wcT< zh}y^kIssXL@_H24$*=;H0JJ|(1%QNnW0NnAy7lu-uhly1qf;RSR8ya46>btz3p zgdrf=Pwq+2g3rxjwrP;^1}N*UNFINiE6oF01_rXPltfS|IfiCwN}?dds_uPjDR*sc zf*U1(k58Mfkae3>X&wQ&7NQHmuZ1Yf5yCXBLlZFb-1EKiLigeqI5!76y^0wgfB3PNCd`q&0fIe*lG~4al7QZ?ecNO zM4Q|EZRfsLKiwLPnEk$Y$Pv@|qyW*L>V$|xnG4h2awRuC$LGKgfNjG(fNlEPg8mf8_PIw5}|i1KUP+qSTog7?4Ir_W%qq?&#wfG3RoHws_!A>1w>m;emX*0KW_5J7V zd^1y0?kOq7hDH4oU~k0SLn7oGlj0 zzL75)i+fPN4=R841sBQ!4z5-V$(F{)$0P&i@Jfbe9WNR9%t<5)#uz6>R)GDIQo^`8 zh_XbK>gr8JR5(3X|f>UYo#6lhv(+iUU9n7Tv7+0wUVjx&MC{yk*~5@J9VoE2cgU`uMLM zD@4s2oaG4Nn&ei-XO<$Y1%u9pQN#geS&)+FlE8(kNNS!IiAU|kws4JiE91Og;X1WA zAI<@ns!AO-&9l)jy)fML!l3&fA`)?GHy)hh2!WWCjfT(sH_S#;Z}i@d#RdPg-mukX zty2Que7;-!&lB^{@P{Z8p2RF;1RUK^5n2+S@q|QmQdUWwfS=nf)rl?DuUD#_ z{%y?O!r83a{K`^aNmJ0uf>Ht&4m6?mQT^-1=T8t?o7HlS^i;#Aazxf}rX!cDhXW{o zrzS_?9ADKg-}KoVI#&bv`A_v?;~Yo)_LIEW_{^Q(kbsj&*;Z9Zcq%hxb?0d*;uL&D z?%zJMfBW%XY@FBo+dC#jetV4LR?21Yz5VHT8b4UFP4yJa!SVtPv3^~&dE8GBWwoe? zq?}p=4d*yQQYLwy@tHeMA%VNR(h@R%B2?Yx)km32b(e>$yjxOoTT;e*pK)HVq&PED zT=93D^#M-&XQo{|^X74F>?O!>hEMOn8aHv&cKD#HZQK{rhA&zuj$qx)w@B>lqhld| znz7(&#vT_+BxhCdAUBZFuFU@ZVrwoj#fHYkbhNWuvrZ9HG<$?+ITL9~(y*+5Nh*t& z&?JQfs+_a93`JEt)25QJu*Gz|vm58VYzA3=a!-fI}`Ks}m^HfBvOmiaRl93ehRw+voh}P#xRz(?$BexKgwh)Z>RpY!~U3IFj z8t3Rejq9cQMf4@#pfn+Lu>fa(^z2!ZwN&5Iji&oF5kx{xbx7kJM@YydhcrHOm9dP+ zSxh3Crs{$OHZK)1NhpOrn>;UtGnSf!)RvI(4r!d%D7hRsYA|ij`Ch3F;>mgyI;sknFl(5j%^BO9RK}Y z&#}|nRpT$BDzYrgJq91j z+Sze7@U6#J>Px`@zVa;?e!86VMr+>r>>G4gX%yd++#*;@d=0pV6=m^nsA!t|9-TRd zbal!KQkSu^!+0qPD=TP!UYsW^&R9w_Cv+}}Z1;UM!F`YNdgbV3_dUw-uxWJ5P@(?E z=C579hu%DgE5u1s^i|H~$0amW-96N*RgMBv%(2o)DVTf0khn~0H1iD)F4rd-dy2F=?G99rsCIQ>=nL98A0RvYl zTNy)((1=7uoEJHjb)Gw0K_-#y_>U$y{!w19j5r7(lW_dMQ9qwB!$WeOqLPXMU6-tx6ioUoxgmGkQZDE4paawNAptfbEE z*#gxwA00#9od4Q|;k!|1>wxW2c)Bb;-GHS1niaQS2ak|{S-5#xHJgn(dH_A7#ym5v zN2+E!7r|WjoNj{cV!48rE*lNt=kkfY%$n61oTx3jQJs;nTei#Yan!eT(@0s(8Mu^` z$lj~bhEr=DFV3|+#z#k@Y0(jM<}}L6B$13HOe7?QIug7{5)$QEm9UD-(4BLZM0Ru} znh+g9dA-|z!-?^?OQGu$x4s?W=qa>=SGN^!YhC{q{;*f`cBgswTJpAqm6dEgKt1kd zv%*}I=pvlbH9n#eO^c|YGpoZnq#~iD7A#fvTu~5~#wig|low@I#Wi!gsv|q15>1Gx zpuAq`^40i4#0ZV1D5b149@j0AI*k`RNj6skqy)@=logb)tdK-VQPYTraa?(9J3F)yO$cqEyk2=ZIlzH(>=Iug z&H*S5ZT;)^LOUD>*mdirtT0t_GBh7&IYKa|g*(uhd6w#8oCK) zmGuvQ#=l!I>~KdkA>4uTdIjU;a0klqlX`)6+cRaIH5=AOJJ_?-)jBbGzy@`yit*u% zXj*s!ow>W}5isycs!V*sl!;HEHd>_&e6a7`5@Cloq6y&*l-DZ}&hSQiP%Nv&Hds-?0I`iL0w%3>Ejsq@#seNd0j!r{gLx&Og3FpBVbvxWCYA7nV=uvZs zT#s@5qfAGL_B6*oI&;lfM0qU<6`4A{p{^E7s+7=(RxIMNh&%|n*mnHK6CD32uU|G! z2K}QPJ@yHj4J~1Nu4a&TtJU0E>B2MZ-rO`zFlVbr2`FCpuzpq+->|12o$C`>46tgQ z_PWzH*G|$WW&NqYFL#fv?aa2Y$y!}iswZeqD3?$2Sy{hx9VIZvC^Sf#gGDSwR}x$e zc^2@kM*qH=dHTZOunjoC1%j0_Vz*`tAuVdx^6+uR7MJah13x3C4xZt4Zl2Vp$igse zMV7TLw^>(v#qJ8f0Tp_XsSJBch#8kpkOM$}b~xnL%inf{*WuWYtC=wWZ`~W2VD~@c zb;R(Qa7h{O)sLrn_0gGWRwh+g=OhnHWu+zR|1p+xBI*K)X3#L=?igcid-dZ9UVW6; zFDbr`7l@=_Y*77R-YDr>d>-(DBI5_ zX^b3PL(g=UA>3hun_s^?m{`2I>2^Cz>)Rb(&3Ied1O6F0HY^*lK5wtwaQ&TaI)%PA zBinalU5~iq?n`iz*^TS_r5+qx4W-GEzionq*w4D~$UNli2Zz zWI}ub<@F1dGg-kcPe&wwEBvfYsIEQR+3s4?k-n_tv--_JzRuw`^NZ>BXX`F->JH;1 zt{sbT%F_6FMlvm)fzBMKX-p+ANF0~SQcIvUR#sIcD|pIM9+gq*u3?ne@r-0bJOkzR z%aS{j!6{2Yh#*&k9o2Ri0*P z9wnKx3vQCw5s74fLPP@P^%3?lrm1{U15 z3sYB<#Te^glC9bz;2TI6RD*EXDe%4a(xI#I=+Qy$h?#Ev9+A5-NeL*^ z5pp*naPi5{{U4zFqP-gX&0pKqYvta{n!&yCoBsuz215O1V^;bdJkOZ6W< ztK{-LCfkM5F*@0U?7(sDmym6Ny_h1bqKv8?Q5A7c(zq%J4@E-alov^naTAWl+iEB1&UojDJfpoC zl8{nmq^KKs#FX74BEqSlq^PSpD#Ms7+t@A7cJwEi5dA@Uz4Cl=P6x^Xf^3xcCom44 z8n6mL1Mf-q=UuHdZHs8U0(+K9f>F^uJWOd=w?!oQq~1wOlDb8)}gGNJ=BuK z4nZXoLQp6#UTMuW9U`=juoD;-k27spEZJ%UMLPhIW7>)^@vM$Z9jerN*Zc&=UwSC) znE0N5+>0G&IYN9VgrPq9*-sMRr{+7^H0RBNH|hdROl|5x~B@+T*D6g~YsB_A*;QkL6muJDn<^554G3Z!b;uO;Z z2FkjVb3p%W0;YbEg%;+vSWUAPT}&SCW$?{^_rU`gbmnroUMmK*2SDf8`dY_h%ms9B zrI_5G9(_Yuj*$Ba(YH^2c9-1iznw4H=4pLCgH}RXHFpLzd47CW_HrvBn2CWsc#A}6%Ucvi)E9D6Fhrgk`gE1eL|LU}#%?TlqPE`%s!FXoR%-+~olRPqwg zQR}tVxxs~iG9hFMKIAo25b3`S!rb2q8yHQ~f?2Ij2lIdJip8(Wx_Q?1O6Du53IguE z<(yTRJ%cXXxdFz9#nK63u}^;XV>P>ZWjk>PhlsHgF`36^OnFW@)Feq5gI17#vLq}o zC5c3l=Xs&*8t%?pO6_=DIw2m1@_J<68I04ScV?{PFU@>b4UO`%W0cO68SrsjHj5n= z*%;|dm}1tYa4z)LS(&@#%2eL#t9Z-B%WTywbap2u+$VR)##xRK?FqrTPk#2}bvtyc zB0Jk5ZeG_!igx;5nEtFIPsI8{dje*Juym)ll~2fo#C>x{V+|Ay@4pr zvr;4(`Ty8^*Cn}?BTevsRnVHYuBzFJBJLN-YG--KL#eh&s+L6^*-E381%Nx;?7w+~d53+Jd6Er}3lPXkk3c34*<-uiYC9w|;Sm7RJ;KBN^UssKse$t< zBt=o?(0wfk>n6+?bFAcMS~H%J)V9fc6BWE^WT!_}4FlbOz^VtY*{&bCeYtL)M1>}({=AH)OMJTO4^GU(Q@LFjdaqgoiIXeaV!DsL0_~{~So2BDSAA0ORi8wB z(a-pr4@|Gm?D5za7 z`CEs${?OT3#Pa*I!aJtNZTZ+_>Pv`pEs>n2@51fjcnaho>ZljB}EevwUbP?46}S0J=i(y9Xn{qCU0IaCe6;=woS4nTaQ5(kFmxVP8U zUaK#$h^VLnlr-EgnWs4EfRTL5&kbCe*1MJL0Vc?Q%cZE`+6AC6Uyj6>myll+m5|$e zx>CI6f*)AqVxZpfvxcY37Ql>kCXlH$XR6lAC95PpL}-5p8{B$@c>>s*v#w>Q=g;GL z`E!@}5$C|+=OB`V6cUo%8XzB1W#rNZz5yr-0Yys@!{y?gUg(R1+qWVc;OPVMrk zFCWrLA&9aF#?jyN6+iUD_{#eu_!(TE9$|BT*==f>C*>ggF|5NqEa~14Hg8EkEPWYW12>9^(MV*o3@dK#H1oNGTA8?5uVZPh- zQoS%0c!XGF$3K0clc}Uv8+FBhU|*}{uI7f_5fLIFYw%L!Z${u$b|9WfbOaeObnIP! z7I{qbq^L-iMU0<@YknFIQhp+!S(?xy$XH;9(8MM#A)bLtKxG|DvRb|6cp(n>12l6hZYE`Yh`=cZ276G3gH+&B^IK%dNiW*w-I z+d7hY@CKLo@wgrHl@mB&ZjG%%2UZbFLEl52)B)pXIB3nCkT|a+QY3jp>MRT6qRb(J zYPS><=8(*QIiRu*OR>TnetORiP4~tk2WVmHJ?u)6NN+dmPfU}aamD9b^7{TsmJ+EC z^_t(xMPIG++$O#*9(Rvkvt(a?Rg4tV>{Do`+j-iBHw+9tuy?o8;%8X3Kq} z?M}ku5miPTndN0kt1KaaKO=EL`7anG5s^t=$noa(BtT-K7m^w11yt4<2(`_6>Ak%B zfG9I2_FBdmjrygf%2|mDxk@(t6i3aWvI!0yeNmhWNM3raa%%KCE?T#L@}<1pZJ?`) z${fqf&Fx_{qv8Zyw6e81oMyPLJ`Fa6naC-{$*9l-6Pbs9aETuk_Z%%ny{(K2Nf1lH zo-KNiV1v3W&j^hSsY_;n@%qHm);w`0Ds|L zw`xB0<5xJ{w;%Wcob@n&px5v3_~p0n5sSiRQ5Mxch=x@IE2fboTdd%$2cMY}d-vRx z{X(BwF{|+}0c{qxsc##C3>xvzAE52){$+TOaE%yRDa$(${kym=^V#V3i4VGL`wRnr z(*Eu+`#K(xfr?D9u6c+Im-u(GF6{ZUx=#6VJ0dhnp$T~5lY&)$l(0BwWu5TDM`kYz zNKEWSG6Q>o%DVRy;K#E)7)MV%_?*6Iklg;!;V zGN2D$u{e$DvLt1dQ)r9`M7L!{ijc-pO@o?y@pe@=p$y4?3@8IC>riz&w=Jl;JSi$}APR<->yn>U_RcKchKWY5 zZNFE;>IK^|+`R}hs{n<9Slw$F0t4!aHUALZjZeWAph6SYwt3hBm-yt6nu-F;B8e@4 z$`z`XsCTbVI9Ra+`VOip&x4qIpsAl#Bo3;IP+!H3^SVxwys@_lO-%GaG6Ow;%DN~e zY?C^FIuxU#1Gj{R=fE!fUcF=inNgpE3iA~YHXX6J3PQiNY`U#~6hZk2qhV@&N+U^B zXo6bL%elM6kIxYH$q;=|AD}dtLSs)KXJJ?uVL_^(wUE<#%!-Mg@5 zoj{VFy_C`REp3`b1-7WrKYItaGs&{Ak)$AM?&w&O3B3+u8$)o%h*bUcu&jzejdx(DkQtc*h5TuBnPOMqPx^7YV@Smc`rfK6t;&P~ z?JWyQ5CDd^p#ky3ID~=~?lL;o0TU#W&H#y^vhH=j3KDs{ru7eW3DG0uFpJ8=dZ1as z#W;87YrDulAGyg%@#=0}$w zfGg+{5Q_@G(&``;6t8-vxLMg|u;%VcBhZg4@9ynOY;ilDp92+{u(-{C>rIT#eAKc6 zZ>m(ks#sK%#G2bI+n%?dcCvAf_fK40kTac)BH0bQxs`j!UU^)zU9Z49xVe30wuv^H z{4`8{qXORN#!$Lh4;1y&j>(AgP0g?B*8HdDH)dY^EZBavs0ZPj+dl~vyf*LkN~k5j z=H_-WVc5;CTrR4c+m|wb$S%kK-`9)P&1*xLf7-u5(b1VbZn~%Qy@wcG11+D&_jv({ z^HCk){`Ut<2`@*l^HTa}yA{~Y`Tv&`;(PpFFb90|H!k3PTCD2p#cIX2{B8c19rMn; zqu!^ymBmKoXPEI$)$jlF;h+8Iy|hZ!JBKfSHltU31$({^n5LS2 zT{o^P&t70Z)!D@be~<GM>H23y6FE^OEsLS3lCV_s@b`=1K`%JX2X+_1YJ_o(UEI zwfBDQ{YkO^{|Q1*XX=WuFNuAlZqd8B^+q=dm9b~u+1MU14+HH#Qde~vCO*`}LM3d@ zeGOWaBq{T_O5>(~3L1NNuhazBr8B^FsI1$=uwv{cco;a%P%A*F!yd~Wf|6FBm}=y9 z&ec{mkmDO}r}$L3IrNnR{1<=S1Bn#Vt?6H=bk$*5jil?RlqGxZP)WPthTB1aLb(hQ z8lrs!qbV`w2ON*2Lq#U|0W*+v?<_N8%hW%-v%Y%d>bGgO$<0B2r?fAlL&p)^}+^SVU%_*)vQy+)d9sJ7Y{)Jpa+}qu> z=T_Nowatk|UHiem)N7G9{_N#kjP}uTaqJAkm+bk=Uu?|%(R}KC(Ff~z0Bta zmgRi!hwEj3_kX-+V_ytEBf8C={5$^e+*_IYehm#2Zm4kpJ|K4`yf5>_Enkp)Io(?A z*rP!&hPP&_%bDqi@QGoAg$UdB*cYVy5nwdfHnh?~zymL0&nIY+>;Afb-82Pryx9Kb zSSI?b@ttF$E9uD@=?4DkI|c#lb{x8Xi_PG{huQCT~x&ob&mL+{+TLQk% zl6yFR%MrrHB>OmPWte^|<1Fv)e*E#u`^Yb<7xbQMf!96&*+}=WX!TUE!ty(4_@NH- zflh&5qe2tBpn3FmF7YF~7VRMwBqoQ+A6C3;1gU_&fSUPrQe+XS>bN3t9R`H@c}{{T zYZ8`Lan(2s$V7mrGZ5gYtiyop>~_<@-{>HJZv?TruECTmr#6&!btY&$REO1b0OtTl z6#sE96&CXeZ@3mJ(M{+}WZ0#a2;UMA3`F|k)LrzU7TodFt0WgXUk zVF!)BLTWxyF?GgXt%Xi5=|(h=y}9*N7|9ciH;3VxGTd!&V`yeDAbJuk05zt^*zH)( zy{BWz(|K5Om-sg>VMZSuP?S)4PoVUk#35JXJggfc2uxK+0=q7o;N)}$I2o07=`UN-;_}j04*YK}u%V5<4Z&DUZmjnrNYQoe zc!D-mWWuU84=nBy|JJJ-_Tc}2UDd{uzoYG^zWQr)>E%%Ubzs>t#sB5L`;8Z*2UpDf zg>i4)9M9+~{z8At2pZc!Tbl~n+QdPf@v}mj5z*PENdTp5Z|anqnE!Nt2Ie1?b?4@+ zn17Ta1{E_&@eZFCM$VOPNsAG=aMMHaf5-RTLq#SmNAnQ(F7fFlSwPHwWEB?r*o|tt z2gT7DkiCbb%*&EcqwStmfin|fp3Oj*qq0r~w#{le?_y$yNnA%zHo%~Px&khMeCUyD zH@B?>vMRQs5`sdv0&_8cK6z-mWLF0%@pn2f7 zB@9$y=NQK3ivBFPb)q6}>&)gs>s{h@Hdk_AJ`ddXQTFFXniAGhA&U)B%E1RX z>`qwBX&Z}g;|gLUkT>3!iLL`3e;PnKJ)BGfe2i;M7%7;V5THLJsVnry@~b#&;yfj3 zlGZ?!Rgk=je8OthBxO#E$k8DzGph!&8C3(QtgGnNHmM-NLRMQ$45IC3i!Y^fB2f-b z+j6H9L~_Yo$R!L8LXc~cXD$29jGpP1Q-^%Taw3wMo~#p zql=#1L`*<^HUm(P%GyJgwkZ{v0&XRk>_jUWh2Zx??~B1)bXlylr`4J-*~$}O5arx# zxqwOY<_V1ZexE1P=-^^)e|WGZEkDb2vaH2}Z((lMnq4Z_;tKN?^^|Oj`TXb`vf9|` z!1!z)aidFo4#`ZtYKaO?iyqudoFNH)0kLZAMa_I07F%!qWhL~s-!b@sf57`4m*6+Px_ekO z-35RicFS6~^j>U5@j2UqB?^^S_KWE}cB?3>5-Kr4;pcHFy2K|be8oN5R&@6xneTVL zk7za8t&*iQk7`DennffIs{r~|#v~6?KT{0VcC9uMLfH(25Gw1`YAZ(Qr+1o-0oQN5 zZ>2m~?)X9iS=zSSe-7O_hQ%B>+4&`pv{U^C6eqg?11%a>Jypw|Z$z%|)p}dEJ!_bb zGC$JlVF5)i(rUQMgBK%X=LX%%}nf0HUqnZ$~q1YR_x9Xv_*P1zp;o8lu}Aw^lydRV0>Bc z8PV2~)!nfcf1lDX5*3=DrSot(F7Y|;cPU>crlQz0GZxS)Ndi*Ebwc8_YDnov38{S= zRf%8cnIpTMnUI`p1|$cSb*QM7EKsSKEys-x@LW-ammuqCy%%8$Cq|LN#%TJ`p{?q9 zI`Af&2fT5Ke(YsUfJ1j}SIz%r<;V>z)RWkk44)YraVL*rEO@^7Jy-J#*$ScV%G7cra% z;|aeF9!)pKlU)}f)zx#1@_%-^3F#q#D|n5IRVkX5{_f+)+ZT6z7ZgPv0~30)EU%8rzFm}Lm9_;L1@nZ7INp0 zWknriWoEYo6N{0}z+#}X4ok2CF%BESC3IT*?H>_aKnEOpw;ePI`Jvgv?YBe0!UJ1w zv{h)0=f9s~<{ep6pR^gqzw+L$t504HQ8Vi_QCn6qh&JmwB+=$gKz5%EiC7f&^mx?l zbZ|&E4;M(HFkD2PvXQcX3S%>{N*#R%T*RR(|*bS8){4fyK%+_#!vb(v3R-xM2f{_qzqjMyrj;j6NHb!n%nT+Di^IhvR7mQIQGeFfXa^5sK-*?TtN@d^)dA-R;Ky9+^0SH^J@1^ETkXi3a z@vk-qki6$Yn13`hX)rc13@C=)szuLF&*+nwm>H#(w-eO z^jtk1La6^g|E(4vFTSvM3+REj_7rKZ_fDnruRIT2Irf#iRjpX#7tLTI@+1WP^B8Op zUJIZa*u#E$hq_tEr}OFaq*Xbp?mpLVfKJMb5tcX_w$-mX#w>dK};w= zf{-esWk!?0XR)2PAUAXT`HUPtD(ftpw9R@csEMF>Ya+o1IvD8fxQk<}miomb-98zI z^d76Iw4Kk@!qwE1SrWj%l;W;Nt*68llR0eAr;n1Nin54* zkxUc`2WdzO8l|E=EiqYqHQ*r^*Vg5K4yum&Ly-{@9)pQ5``$mzj{9<==n(96?`ak* zdFq0Iv}UftCo;jx{n~(7`zcTfRA_>=&x1<1#J`KRV^6Q*%^`uH8i^sSmP1%ADGE(y zWiJZIP0&O>12loky7x9KZer@5hGRCCeP2Vc7Ez<9p_u02FGlT(OWH~Yt>ngk@?}v& zc?>Ws4iBTl+2Z_5eGkAmnjJv@sApQzz(lC;KI+oI z&zsemC+n{dUc#p{mFBDmIB>O6unZH}p(^Jt;p>m0kZ}KNC@;M9;gD&!&RlzT1KWg4glnxe z;Zm7+|H;s@Q}eF%#Q5TWvgb&v(LG?se>^P+Dl)JDJ86m z67J@tjLHNCIG zBB(`;)#C*XS-#MzZHFmT$i09S^YAw=@$Ye%LZANM4^syZQ+-36vzLE5JK+EY6F84i z=#Qe%9x35#5asKCOUMsYO;8aQq?&u#PD)#t$f#llG76P-26Jq)PFi1VbSMM)_^9%H zI1VWeCeb}T@V(!b8xhB?`2taiEOy|(2z;N2FN8lO1Gxui$+1P~6e<%`Xu={i5B1~{ z{~p0h^y#yZB_WHrz6VuB;v_FgLF1AHNf59&qDfBe9BYMt34JPNK%Y=qx4v6RO(y6& zDi5g&Xc7$Yi&gbxvXls-Gu6m*v+M8(y!W`{$BmM2yn1~ynFcOa zK5b~*J`0ZaJ9p0wErJ%1pTG>|6h0DEXo8{411-74zl)(@PhW*$QB-kFvN8cOLcbzK zk|ZPzo3M<3Se&Ghz1@9bLYIme&?QvX?RZ+zOK4ml6@#qvo~t7l$xKM7a4pIYV87yj zqUL%^izHNNg1OGaPr1aup}D@dJU4gF(zI@JQZ+eXsAxe-=5I#oZBiIe% z;ayZ@f}YRAP`Sjvi@$|EeHP?Z8All@{nRI6k{2Y;laz$4;HMIPLXRA5DTRrlDrR7) zP+2>I);8s&Q;8KorGY<-cDbhPOv_zFM!0PfTV< zc~Y+zO~W_+{lKEOp)2pElQk8hIttRJOeSFE&GOq*$Skj3Kg!<6P}s3tvd;^kXk4uq z?Gsr6u&M-ianXK4?d=pC6Dl;p;^yI)T;kuw;;^UB{aBQv6R1ZgaaLxeD8rCIp)J&Z z+2*Xa^Zynmj;WY|V?t$J#B{bvFTHo`)uMwM^$Es@f`;T6dk|fNfLZ7=*Y2h2IjQ!X za<^D^WUG4(zLyMzi&Q15xzC71YjQE%+&%g7hy;RNt{Bo4xoy^gC4 zQGOv{v66oToF{cky!2Qr=}MPRJx85+oaoscFzr8ub_5lgp#AfpGA{A&qW##@CuNi7 zbybikOc;szA()g+o|7gIgP1iTOKL~n)C7?fGe9J$toz(M8B2nwJ0}0E=Au7;4v0|e z;P321LR!V)F3-*tR$GBiY*pmbVIRdj*oRB}yJSuO=fZqcUvKJb3H-P@8Tf%neh1*k z4FddltMvHbeJQ%oTS+;!y&c~%zgSCOn3xgK(Y+7V!RvZ9+a5Y(x9Wb}>hIcXqt(2C zoQMGr_6XdQ6fL)|y%6bpfohb0#^@7(&_W+l?il2GK#Yddk!@*=eFIVg|2TDN#ARJe zqjlD)_I_{~_>OkBvh zW(v{M*G#AQ_i3w+zksTV8kQy%X;|fxxJW4B=edd$X_kb(--NWbdcU!MADBvhI<5hi zbu0M<(w95#j?(+X4gfyDjYN0T9vDtlZ-`DLXBAXRE$Wh2@zQ&wp8!6kf#o_oD+FbU zF)XH3^m4(J{Al(TTx5cZ&%iOfv&{U9(Q=NFJOc4Ehp7`C4scDwmS<9UUR;Ww?<4%| z=B9ao$#b|+ZQch7IY&BwbEdcWPm5K3y<|-%YWlo$tWVZKESQ*BDCX$>4fi7+Pdx7E zVZeQX9)|p1KiqG`8hoo16kGt~(eSIpPH&Dne&eJ486O26>oW&R)6_V&en+ zwOg;TRr+Y=A6#S&!YVxrMB^0yUXBR%0+-?Y1{!|_SjK*28t3Ua8eG%!;VFg8=A+Ki16%-4vnI>91|KZK+3s|QmOtRMO3zCvX6o*&4 zwp%~KA#|(hvA0s+`z)i>drZ$y0H@$W6ZCu*IK?UcUGyA#`i6xxD3ge!O<9w;N;6U> zIX`M9b;dm~pSxbxqI-$UCUdMTvDI7pTrsLE(Xd|9@b4YnZ`I}^ zJSp$)AxNxevh@0NQa6Wqp7y?NI^ILPf6!pF3MBp6%PXB87EWJb78v`37#?kXM1oN~(K$0qAAm zkEQwfNfP^BCJ|4uVp71Mm=Tb)Sqs%Kg4O_H4zmBOK4)@sX1qQLKsQ{j9%LPaFKkXv zpI=YCkKyKy#~7W=8^0*rzGcE=f^b7fxreA(eICVe7qvm4db~NSTz4|)##H545~vmpTB!@6g^A^2egH`8c!}BuVGJ@M z$-G=L^ji68XTPNmdJUq-$xX@PXp5oaV)N7BMID~aEm%fyq=jNq!Ko~H;sceX90@CTIEf2!fih}He^ z;e`g}f2#eM0KkYi9pbksoG4_9hi)Toj_J;!>e}C3LF!6g_l@e+<&L7eX?6|Vmvf@2 zyQ2r?rhlv6VGosT?le)kyTnwL67D)D|6Mq}Tr93qa%A=9!rynOMj*m*MCJA|d{m=C zW$`H`!bDCWYNlbAv(a(a{Gc4yDe&e2RV&%;^-h|@a{&#jU^Iyw#BdI#5oK!!qC#}% ztd%gD~^oMZ_7e0$<~3m9vK_j-rM=!Fy&#}h|Q9pdpbs!nSMdb2+F?|qtakGqtW zdG09As};EggNM&&oi4`O2t3(Ng&uroi4KFudCwb6HrR#CwMPCc0N3NzJZ$I}Sf8oZ zU{b@bq)b3c(_?-PJScigavHQQu+)DjUkY;m&2MP(19r83pPu463}LUG{$`Vo!t`lB z`Y;4eO>sWn+9Ov}>Rhx9#u`f~J*{sD>_p@KXRIL+eLI>#}tAPW%6OojeOmmOe z%9W=zIkUIA-pPkHdG5zf9gv$Imd0;NrXoBe#Ho#_`}8zRM>`r$-&auQi!0 zXwO$r`3>#Zv$KW-gC1TAb!}A$*-B+00|SeNb!{5LBsIWJH3ok8WMAgrpXtFg9l$EF zv+>UM{R@z}OqSOmBSmZb-kID5D7+c`6Il%g42pt@aC3&ekLQ>6x%RmbLyU&QgrxNr z{kI_g07ep3>i*=D1@9h-@M45dR=T0F>=B6k2-X2;s(NA9dKB=SECM0ITHi)W9zV*` z-Zn(KCFRp*)nKhk7}0b=gHP46fiZQ7?Eo>^C)Ue9h_TN$7)hI&mmeE|XfNb_9@Gf! z$T}BLci;V5nEPMJkxoA|sSk0~P+qJhf;Bn8wx0DzUNh_9mtEDEF#33R{K!$j@9Eb? zCF)5Y>Eh*PIXb41#4s#n+IGe)S+(%M2$YfQNXuKf6((hz;L-C}7Ve6X$$-(g zH-%r<+j#~fdgC8nJ;%R=YN;c?^Aae-YW&RbFyyl$an!JAl%^R)S_gEYu|IGo14IfM zSS|CM=Ant08>-BK;I?)==%#<_DPP2zG*()@e)9jc3AGqP^I7BL-QEz5LEBk%_Cm5n z!p*ERnTA#Zmoy&zkUm$;vZsQP_Ws4UKd|U1R)9QhYWm=>AWjiwd8Pp;;`Cn?rf|mK z64}0sgq4SSCTB!2+1uI;-RNR!I<~8{TVMRBL;V|6Z)hD*`$oXl%N!bBoKCiIP-GzS zmlFH#7v4^c#+$(z$HOj2_PtbI0c(Mi+Rdmm1W=Esk4g%t-H}@Odbc{L0LyiyUJlw1 zw;WOc`#^`ktgC7)`e2sM&Nb=z;zrfXO_%FvTtt(5dkgx5m7Muyw^s__HX}*G6KuNU z`AE?>n*uHf_@-vn7fj$qrLd&j$&V{qsNX=K%48vRBhXjk062n`b_Hf zo+V@`2IT~~51a8zWw2!Sd$hkSGkm5daH0l&8j0>TWzE=2) z@`lBDwoEty3U4sQlJ1&K8)~RIZgGay`dt<~Z1}C0z~}wraHJ!!;#njT;^tH?{)a6q zN<@GkA+<*ZoC&JrJ2x3LpjC_Q-49Ow79B{VM``@qZ+TU36#kPZ6V-S0k`x#ibW7nC zrV=B(y@gYP77qqd`(uWpt~^xM{S1wez>dbAhS<+{@bCdK~8K#QjyIuT9qyj|9$c03)&#F!Prko(3ZwXVeN4}gkV2z;dCZ;lQypJX7 znHhgM-jQIc!%<3(1k=0gsU(F?*ms2|U!n#>NQs-rX?BrM22@OsIx9=JCw)QI^6WHD{XScBA7{;GI9F^z+N zf2H?kxx!t+rFa+s%P8lljIYtPm+a@&|5zWcFGvw){|M9<>*Gl?$1h=g>cO>l!FXxKoBVcV-qg}m#P?d zF;awYOKhOKe5pYplV2ri@=}Pg$E5Y%g!v1V53rOk{MI`_HD46cJyV^Y+NcN^i}bQK z)!a6)j*Tq5vcpKAl+7nH*T5iL#snK#OrJJIPE5wuASk&@eT6mx_iIx|IGGCB(+4NC zakB0PHR_^K?t9a=t>ttgAv?^YW+*p`9H_&do+hTGU3O>WBQcHme~&|gYjEY;a$>_h znTukfKMBCPL<~Q?&p!PdY%$1=b2#qOFz}g|aEX9HZ!w-bCYTX4ULH$=R+%x4VpGhe zrspHN32u$ZW4Q;A9e%X6`k`47zpT``@#Y5`G~eIdS$t)CKgP-{uHG!!ZZR}CnW4UY zpMFf(<$Fp05`RFpt!Huw-20=)|8#)3(JULiNCkw!-bhg0w4^EuP542$o3}Q}&Tr7+ zsGjGmq#;j@_-@!7+Fa_Ymvh7Zxk;1<0MkSet=%3zYBRP*h;<=Pc7m;xl~IKDMlqaQ z`~YLU7=$I=0w^pJbYRm?7a@p%#6;!=n-qN`KJ*JKvjPQymC#ElMa*?|&B!>*cQpu$pVeS*=uEes8O!kFx zeXj$zLx!sLR>^Gd?OMg|2$MSJ&Uu4+V1kDIUYb|rFbSpaFo^Jf)~l$rhu$XEuwGj% zv0qt45t_$k3`d{U&d6#$zaga4MJF4w0CGd8popY4#)>XY3eF_Yx#(gN#Qs5>rZxW>=~ zk`Cm5{GnG@x|s$W2`p{a=A5nuhBIAua?WX+f8iWn`W|0gy$s5C6U54l+Q)XI0lqvk zQk&K|QwqrKgTOZ~ZyT@4BGsO~)%jPG@G9E7@K381@pMG|z zUtOXXKJh^Bi9r$ddY#dSBox3NS-AR@E}g5eztqT*7B1U~jOmNSzC99ONEMvK63-}EgWZ|vi}+w+;H1e51G z6S*h!*Vo$Ud4?|=9T#T>n)3kgC*kqB!D(el{QEk>pMqFvMWrxBqv*8G2GX?8|%T4XgxS(EEGxp24}zz=vjzUb8eu& z>HTpf7ytYG>4>6yG~~CV@hyhtWqB|;52V=e`i%k$HngsNeS-cNdW3bx%25gdhHYLo z^UFwAMZtNYiM4PK8M!tTTnT);cj#I>R7E4cO`0*92eP_0%F2q!`M7rTO+(z?ZHlv2 zW9`|nkV#dQ3~Svy`oD4$pt5G=!gRDXf5fH;A0>{*|Ia=r+U=Gw83^c^*+%mv_g7Mz z&F>ce^<=`FZ!E?*T|mJ4G=oUgXQi^m{!#r}Zz}P3AGN3JW9>d@0JwKHn7e#Kx%_Ws zdo3SR)&+afP4*%5Qkk&2^F| zYGr3E3&6cE+`8n=p*^Flb8iqTl>6#52K%c0ozBTaBBW>RMkr9F=#@xXpqFDXS6t{* z{_WrIT6-8N;(j0C(ZJ0&$?o9$pCf^gZZehaIHWj>nv-i7Ht>$(`jK)D&}N&v2K zR6+648y9v7$qs4|{Y|SoCYbzN z;mwDgx=00m(p(P7-Nz$0;VWbQUbP~kYSfb0Jhhl@+`JTRH)UpEEm#r6YYwZU%Zsge zdGGD9eDdq&I?6 z7`k&?{725sSbA;?Zo{dmh++1#TQ+|3f$%QPnIN5&_9FG@I5Q&{)L&F~{E~r?V+$t^ zrc;3UwSP_9+K?hS!3GYUJ^maG3PF8_qrwzyvQS_KzSQBh1X-rd>Gw@*6~vBJ3!9hg z_PviGgu^&3Hx<3j!VrftK407`K`&u@Uxh=3X}fv-y^N$$odg)Zq4qH6?L_|)6HzSa? z)2t5#)|6%j`J}k6l)y2*qpcfJJok)2qp_zJi0j#D!5&InYcwAtjdR?&h_i7M16N9y zf_V7uM*y3KdkTZ_*|k8usG7A%|GBOy;)@0kMTy5SgxsDCb*YEc4GvbG*q0?W;(1Ef zVsgcN9d793-{2~2W33Us-l|gp{pr?VxD_BxQ3xQ9xxCN!`>EIZbyn+*J5ut&ACQ5~ zm()bNqh8H>9x#1~+e#VwPzn1j#bs&+E&|ESKG(07TzuJ(_Sx6T{FdOaZ}PCY`{HgI z)*Y1IR}vOSho#6RWZgb3QCAcbH_D@aADp#hQCrrfb#kxZag1)YWO9f5R?i$#paDYH z%QPlUogQ2AKh~j-s}7^jF6L%XImslKYR5F)SLQApTJ~0qqbjqcemK9yt|TI>ghbz+ zbql}74ZvTWN|S~ES-0akGi~nzQTbZ#i7gF zl5e7Vr-|;1H6-qOjXFD%7#(s*NCQNj$tLJcA4p($n5g_e#wAQ!t=xuN(T}iu7_i6v z`pL^4wwn?nq@%6#F~J;z(!Zw(R$JfL&90!HjjuaVgM@<_0wTZju}XOcK>C;7_x|v` z9&#kGPfB_*Dt`2diK!{gsk zd=8#*JS|jkkufuB3a>P~0DaJh8_fRBu>~S?0KRDvOs6PkPG-gw0(QnkySJc|HKj5Q z!x{N)#eDuNN-4bH_rrLAR2a;=pII{5&t18ID5{<(UxTj5#Zeb>OF0OkO(y$Eu>l=p zmAHvH%WGCPhqB7Rc&0l60`fI5C0^WyR#49pt*JgS6*3_th~BxpDSiLQMNBK0B5e*| z!WwGTYQi;#{m~tRq-ZS4wmsECasE*;AYX|uZ9>vy2#BdntzH=5w=D$L%n9aKDZFhk zyZ&Q|LoqVXmqQ6;<)Bs`0M8^6};26|22QnPp;h0QjIblG8F39^;z! z8(o}217eFR{UymiPzPyuPQ?R4AtU}l`y{Id#L1hOh#!i!mWS9uprQ0vsp4&qpIJ^P zR&|t1KUIEkNNvpdG}#F-9xOlnA|+j-5vIziSn|(@74`JIJBfp$*E83GsH<#=LIuS@ z9AWkr>NHu2Tm;8Z1NNXWg=?2o&}=@ z-a%=n{j(W@6N>B`5c9^pF!sDoB0}Amd0iCeCSd&!qP@!|$NH=jv$~rLlU;S%kP99|X9{XD-bSIw#%SOA7`HyG*N5sYhT%eU#{RsYz z`3^Q^zX%Qb8Jp!CX8kd_!C<}ZesGuwH+ZT*@BzA?5JzsXM_>R-ATeShRKAq#7kEET z5yrQ#qxOlCJR&cH9%AF=5ppU2sjW)NsSSH}8aP5p0Q&^Js+!AMZZ=tq%Wse=!O(GY z>yZ4Wk#|NDDs=80x)Qf={;6Swd(Mceq^l1KfzVo|>qrVbBM|wx#BRl(L7A5f%m!d} z;zCZ?p?ieN&oi{EBKxWjah*{$IKQi}2ztvn-y$+`7)$n}56p~`n#vP7EBd)nE{e12 z5%;2PfPk-RdURxAPTC~7gIXKQXR)z3w`Mw#@6sL|cwGr*Gini)1^F&G)(1MSJ<#nc zl^7)qtQ2{g`Q^{1MbmS`i|MG@L5pDd`D(9VF<5@is&oaz)tf66G0{YCr&JgYrORa& zqHU-A<#BMHd#aGU;gKp_Dcf2Qx-4RxU-^y;kgZeIv%OeYz!f^1u+UVC2<}1vLF1cMe{JR0FC95vuwN<%Tu?DoXA@ z+(6}U_M)G;OL8Q2=?UE78nzn7NtANm=NI+xhNUvXVjF^1Vc3SbdZWO&qM+pvn?5fU zpm-@mZmwy?*5CKyc&`4a^x-3F#`mS~iSnYoJ|FdBnitLzIl(PsEA#G2)m?DjaVJxAGLvTn&L8<}wW|2i=~V!ood- zaN`}e^g)g!bMf&%Apa6wfDP`9Xorgh(0vP_SQT|^+wZNr40n*HzeAf*6HPahTzEz< z++q8Cuba!~v)6iEaQl5N_?;UJ*Q)xQuMKd^4uo4%E7^)Y{mn?|j4)4Zq*dHwoIG7s z#wEyd{qqaX5G}={_Rw>XxaRV!xpJCDB(dC|L%J+@Rg34=f`5PQL4zGBrn`sZz|@75 zr69L~$JnGqOK(IYp~j^~+oEa#;dzE<%&iZl0~9JcKT zSqP`EVUN4wntj&miVD09?6Vebvb@N+W#nmrH&Mc}xNR3aqA0I7Xp0B7 z`-7zUvB>(*{_<^)$4PAjH*xPkYyr zlyR8muq@ZgK6F$@Vb9W&^ZvMSe{yHS(=BdTkp=nyC}4pb*5rU_+n|kF-vq7qC|;=W4|QBG z{S*p@AbN7QMD;`<%uQMy4_^rjzUe!=Gz~2~c?Kj3IJX{m{tfH<^!KoefiaHufWda} zJ@#zRo9Ub6eS`Xa^J(F0lbQ!xv;LQUb6d@F^)iQiZd{_0YC9f(2|O}XaF1j476Xd) zx(Mf$^edo!6=Xzia~F7)9oobSjb-T}zelfFAYdk&7ZD9lsZo!55^O2Scd#Y2{Z zB&sgzAixtYa{^_gyu0&@-dDv(`lMb>)wYyFieW>a6PU>IrCJ?oRO9@nBJ}GwnkTQX zCi19Hf|uQ8x2^^bB7MFf>n?0W3LuuB=0Tx=3ybm(LDK+*H=>%8Rjx3zL7|dPN-K;= zG^ou$xi=u->Q)Y`F+5exUdD=+mK^;02;kRWcY%dz)A_-T%BHE^n#H4SR(*)RX&2Bh zIEU)oh&$eWU>tYK(%Y>)VN^9$X!vvMMa_T57z#YoD$O+0Pp}7@kyEVpzd&g40adM? zJ2LXpWhZAxm?!_Q$~!YD=!Ij9lki0fldh!52@o~6UP&TY^8oWWSC$uF=BnDOlU8hn z(!R2ZaX%lLsR^ZLi;7O6MR}ND=R5U*e*C(2tjE`nJ9(a)>INfK_QGucz_OH3`&gkL z#8PUTAsp=LLAO}&A)z!ha_KZ?`h)fVHWX^Gxps0VM_Y>;(0E#{H?}5PSyqfM@g`!K z0qyrcs%aIVXM0voJk^{weL<+5Ui|^6V|5HUVfM(HsgcI(d`j$OPvhlHnh(?zJfEXP zE01Aw-PD2TLAxAmeH~%B#0LBMeA92u|LtLM8Gs*?3VuvUbLsfuH+9^V*ySSzq!`p{ zsM5Oi2k+{r=)3iIB)m(hKhUe;f`a0JDK6nZ7Dj*OEqNRLPz@>NZAU~pzqG%i9bUD{T&n>9`m4$lMyIa z>lsJ00d?tkz@8~nB%{xDfelc?16@#Kl)!bDAy*4!BbP9*5-M~y6wUt%;sHVWK=8TM zhhDd;zS?xxY98H)D?d*H{>@I` zCSHOCbqdhrkdl>$-a6R7&eCZu;<6xkD3A%UhQ8e)qhPCRZcc&rQ-#A!s#^`z2s|g} z$hvs4GK<8Wc~k(K;-eh{>**U#lwf*lD-=z!3UqJ-E__jG+Y(c$vAux~L!ApgdwLWS ze5hiw(x9b>su{sUM#WV^k&P?r7TVvkdRfO%T>ibg@XkU(sg-D)Zm1O?R&rCdzHW2= zkRm7&W|D3B%TzX&`w`jjwq4ITW^#yiQ>RdH2_48^J|V}nt4=V(K>6;z@n}@ zt`tI!iL)oUqy}&VLTA>~x~<%wfAtd>z`0D$W&+DK{#qXxf|txHUlVQD+Y0Uh7r4lX zeb+DXZMC$*qgDfxv)R4uX+;(Y##F$GWvxY)JKL89{C{n@bH*&y>oKQTBy;b27=j3v z*de%Dz=JFYcMCshy>AdU+J-wL&Nu28+-{A;8Sp^aA6}4xLqjE7$XzgP&28orlE6YU z=96!TtN2J~s#u=DXH&M6 zB8tzQrW%;g6zz-ENKcnsdsxg~ese)}mm zaR(4hO*d7$6>M(Q|L$vN)i-4N9@rd@-^H;es=|KUHfb;BQ$C{#*Y42e)6%^&KLss1 zcgL=?9fyPaBcBiPjQs&Bvj2#G})>xk`UPVx}Lazv`-U2$%K_JQ&W+%D$q>prr|G}_aUVD!U$ zBb|UcY0P24G7-xYGPA?gQBtBzy}DplHV?188jv5Z$#7G)vCIb4^vVL2 zKv({JLu!%^sN2#-COGv38CZ6W!U@sOR(xWN~3z^L@~GSPdv3MA|9MBiIU5B0J&L$D95hLD$`cUs%AHoo1sgk*9V}_#99)0Y|1i^@ zgV#a4OP4fD72j`6OiszepbETPJ)A`G=BEk<+Z4sj8ascWaqubH_j0_OQ7QAc1N={} z+i>Z^eZHgwKL@m<9@Ne$07H=d=+^u&+0HPqaJ6RSktB5Kb+Vtx*HQNf%9n| zBA-jf$A$5@A6TVU!z;j1I|YqM*wrVuKdy}(Chddx%%WmRDVKT$7-ML>=z@N*UAPzl z9FQTUj*CMRji{dIh=S@j50434Y3uTeZgo8#@3QUq*=$a+@|2Ul9enbPR2RMt`y!oZ z;6jm8s2&cfOk2s)FM1ImK=@=ca$%RPMGt~oAM*wq#b`oOQb1l3Z-lNU)wOkEmz;aD zxohsQhUPI0FRaw>O{B~zCP~kTnf~(Qx*0Q6DKh=P846IBY0@9;EJ zx<>?=9={19z$*5&*6FEs41w4!;+Ki2eg*O=2kx-5ct;D2wt;OH@*H+K{(loJnoIrW z4mxIBeOXhoSKuATZ7KbA!5AGWT$l1)-9#u{J3y1YUL4x4yyU&DBn6=mI;xHU3RC{Q z0gD7`Ll_ryLe&NTLh#*KK^qa}uQRj*chzerq%J}afX~r{@av{|%XW^Fniyu&Dm|f+ zz-QWGGDKMp8?5qHv^BP?QFx=rhAM6G=s7@Viv!Ok^9~*&nG18#B>~TJ!pMXIYNQ#?xN92QDXy7LjJSk-U;EZwWzVUEZ z;p8C$)3M6}pDdP`A9sJJU-4hso?{*#2DXNJyHzVG${o4NeKuM^*p8-A%lmuj!xnsz z%RdURuowM|r&nqGliRD#wK|M1LsD;B1;bPWG;0)a3LJrd6;QCSalTp~f)ex_>N-oIcNNzFZHTGrh*yr>rJ`bNTaA@TvgU~vvLg0!?z?sMq4IE-aY?q zgd|Y4b7y$5q8Qf%63bt?onbx2xOWbR(w;=fh$#n72alUO*->uVi9f=K-3Z*3e@6=B z1Fy2}sN|>7UJ`GvUIxwGnnPv-^s@|>?XBP>bUBhkqqdr;wD`EZu(L~|){m!!WF2izZ|r&DY`U6m0CZv=dhkFnF> zL$Q3TAm{_P;s)zJQ|dmiFKQ1u@>bu@t<7i+8wn6~G?(r0mP4xUul_2wC#K|EE`*_A z6Oo%%XqIRqKB>H^*BqxAH&r7p(u&w|TnJc1`pNI%{(lvORSRxZ__vE{)PL8CLyR}N zrjo`^6pW^a)F(HEy}2C+3O1}6d9xBC!9U)1C#9k8zi0}N-Yfw-SyL{b;kMs+hbIVK z^X~kcodxK%S6Hz$>m+;;NfmpKGcR7;Ldq+i5yfimGbOD4JQY7;xap8?riwj3%*ShQ zZPh+WLl=MFpxN!B5MdA)XV}gCRf2`N;$cXo`DpgxGIxtT%8J(y@H&*Xe<>h>e}Hlg zAqHP%?ME~KnD2E+cPxF5O~nrrP;i4D{&K-yB~CPoua#0qPM$o>v%^7IULIpVU)Mn2 zPmZ{-Xr^UN_%$m5PTDF*+e!(VNZSJ*Vh-0}{Q{Zo{18ciml8AdWrziFvgDu8=FVNp zqrUF&s6T|FHyaW_vpdWWC+s;=hA-4UwAH7MjN$$*%Z<4obe0Um13oj|M>OR|dosjo z>yaVdDmZk1xS22MC)!-A{9z|M>+s`w>htg!$aqmTutv1x%E=C>BO4iO8~bbReOTG~ z8ke4<9eEfX&?Qz&4?OQ`MMzpGH66cZzcKmT_+w!jtQLT8s~oFZb#14NaqZilr3Pcj z4b<6)t1SpzHwOn{HiHW+5!S~QvWk*Oe{+=su1*z6nYj_=H_=&otX(x2wDuqzFI|k? z5@`K)`l*YO<3Aa-(>4cHVEtt5I&!cYNwZbunG_YjocrrKW24)^%J9uj?4B~A3x&on zp%jEq5*>gg#gA|!l2r?E^z%T@spB^?flsBFg4FobNZbLp6`|A9-aI4nkXCe;kVyE3 z@V51~1CD}&3Jruw*bxg+iC#_jqA;uH*LDKOkr);22}}fufX_Wg$#BXGt;>2m29lOf`0 zyy_(Hpt#KX&vmXlX_T`vl+~nw9rRc{?t; z#Jp+ulY=ItFr)ady z)TPWN8mh?7dT)({PwpGjks+f0W-Hgqs3>l{nlD-1vaB0%*P45>gWtDrNay*n7gJ!! zOQ~5SLk@nEVF#Y*#2B1cI`44;Hw0}c;NHV&Dg&mLjKjvOHm-XKhiJpk+*#WzrF?;# z?f$8>{prfqvH%qD)_Mz|Tkc|gvdZ*7rt;-qPs1cuLHx%in*kB%rKJPG8njtyWT8|p zCJb#KFwW1tjKtk`XbiVf*&4M}rtq)q5!C3#x+*IopL=9o|C`5)K~o#RPptALBf$!z z{Y!M50Ef5|lfC(*s4fF6yNM~Wa}P@FI@BS#AzDL~nIeOqPs@&Ou!|)^11s=EdrE@+ zj5HPBqNry25YUAdLq#4?Nacp1Rvu~vv-`DOE@6vQF&exS3-D6T`y$!F{%gv7+i-jk zEK4AL$s}Kqsu})p;P1Zz7sCm*soy5;SMzy~p4FwydZ0E94WYZHJypR4vNR6pZ?HuH z;KpaX*B4l@E*LyOGv{*>EyzXM!-NtxL=XOfHD3VVbQYl(SJrSY9fw&CvFX2grReiz zvqGF30(!75q8Z7;bGzF@@9?kcv74}8v6=>R%$SVY zH<+iMUAQ`xKq7&a8IlQNZ0hW5rc;5V;>CYD+cDd(VGr0Cyy_Qi9x5F}m3)Ml?A0q( zjnh5>Xw4YdP6cQ9s@$$ifnp{?pcNLPW=xF(x7iGz{2Zbpnb$k~$yL7kK;H7I0s0%T ze{9wgwMrQI!7Vug_$KrW=ri!1K)?!Y1uhrL4A~$EjSd9>W+7)gH7@i+*MDx z{ac_mJEX)$L8_9xIgq)Y-tt3|ml+g(Btb7Y0tKtuyFp(A$Sa+KS&1We9hSp{YMPr_ z+iif?=qlxP3*+Jy#3`2{qCaDyrq<6<%){$(-P0uB4+tv!M*&;m;2 zTV1y5r6lHGDTe4+qpYbAR}LzQ=yCq0wM-2EDMGlKp<+*rV^zl4V)$EQF=#ZE9efeO zrl9+OTWyrcf+d)6&>FUm`oxN%k&3GSc>x5*X-{sapdQ+0@8-%@x!OgdXM2w7VdG$D zb9r+}=kP$ab_6KOD^x}j#}#|7eS^u-r@{ub>K1F?xCQ$rn`ZkTt+gwFCXLqiMSyOb zkvgJ5+x~~}Zqn|epjJ;kQQh(5NyWOkapf{NUG@LBTOH}_F@CbD@x!Q78qN`+6gXK$ zj!@71%{?u*z#Uz?Q?C-qJRPnwF{rXnFDEaM*v+2QHWW?G%6K;G?r{I=mKlrc@#}r~ zu9L(b&qs0D4GHk|u?K7X`e!C~+Xp|ZaYzr@XZG0b+WH$SL+*24LOAs?3FjE23M(s# zOQ?QljI&r5e+OTW{bV`gQZ&iNz-Rd_cxd|VXHUVMa_vfbDe25>44C$}==IG2tdPv? z)BZzDd57Q<&2$cRqsuQ7&cD2RhOpl*TTmfI$llF9q9$*vs#UD4xBs72ie>$Nx-G41 z6ak_kIOJsu;l1~Tk>xc}ki_ZY+-HO$^erk*Bc$-+D}I#Wm{a6~A}>4u$+Ba8jYXxu zyeA$wVLQKVXk@+K?B$%1@KAvHQNKBe;577=&JdXU*_Q~1bV7(Fe#|yKpN(T?m_RMt$XuZ=O@f+;%=K4)Qnn2o zaIIE4Ly8$ojUS3HDFuJFpqT|E?3!T|kj9%!0mDQ>;jlw{+IKJ9YE?#76!o7h366cnvp2M1xv@< zhphO8+zcjVH@h1rJ9AXIEnExiId||SR>~W@#Saxa%DWsOFq|QH``4KePpu8;7D3M*3a^Q zi2tFX)-+6-vwn(_ox96wP2C2rlF&H)3z7Dsx$XMVwSi`n_y&;p{Gi=t2qtod&|b=u zv^l|tTjkAegZ5#)vYiI0p=;31F-?X~{8HKX_j~%SKAVDI>_2BWy|7E&AFVCcKikS9DaX)mzo*z) z_8@K*DFa;m7VCjA(e09LqcB_PDRCZ=WFDjO{}d&%4mT)Iok)b$cU6pEFst_2|AV&) zsCi}(k+FGmO`vnjOq0^$Nl0l5{+C(moSPdlWJS_$H#NBKv5??Z?QZr~{-Le$^sl0V z8X=iP$pj>uo^o|)OOjZ964`j{3`PiEQv zNoOkRx0l=u~agcc)<*3~-_C+)p!&hucT7T17v zt&+b<`@^;eauA6fQS0SB)+0F&l8lcM2I$!zp8=vvCWHGivxy);{cJ86N<#cQ5#V=S z)Z5&8n&eg)7cAi!yG^f6{uU*RY5n#K&_B{spC@;L+Nq(9sGu#Q!*g3JS{&S_e||X1 zc?ShX^r)}?%jI*H=!kXFsl+3MdoZ;+qhgPYzATN~57bTpVTU^*JllB(DyUfQE3_Zb z8G;9~6^0Hq6BfF^ZTiggNZ?!_yVJ6AieZBJyWqoDvtN#ILrJHFx@`)c%u)(ii8fSD z4t$Nk_J3<;GPh^kJIRnRe4v-gPLz>Mo>hCUpnR&czkmN`{E=IgStBp7sY*(=QbKG154sA*KLu|Ew{;AXFBE|g?>ko3&7lD- znhO(x@PMr=PC>j>u;m-HmBVCoeTELRi!U}ltjvHE)0eZwVufSC^1 zpOvl9bzmYq77;Ho}vw(<&*Fy8ICKkMI-5{|Gm9m50*`^fYCBYg2o1aJN*!p2VMXD9C9J3 z_SIK{9E7HR86C2lU;G9k^UjWDYqY}LY~bar|9p}m4cuNA4Vdv}#eL=~`%B5e z*>-MvCiP^kUfl2!24pa}TwP)B@6L&Pd}oQw>XQtmr@`h4+b_9N0^wJ&r0oTY#P|)l zQ*XM3qjh6A@KjTDrn5NTheL+vyT*5f8&b4Rf941_}Gxq_>fkHG0x)qc7s2F~2$MT}bNe2~U0 zg7{VU>z~XhwoqVqCi(1AZ1GsQznqhvJkS&D9^Vs+?y;ca4EKEi7OM?bWSV6D&yJok z(()Zznk&;Ub~d+=>CI#hY#lAxFZ=qWD|+%bj7YL1v`QMOZt_$ewIt~gMW)hw2q{AH zeJp$dj zH7eZII!Qc7d-EI^8zPmR&^9XNP?0@bCvTgr4N?Rh&dZrv13?69WSYyl@AXP{G28_~ zVU_YGu~g!e2Y1T2@;l+8ouZ!2Z|pizJh8RF=QzeETFzSGw=$bwL0$x;?nhtc-`4*N z`{a*)ng?)hdeq1TrjqE3}H7ItV8M26aI=>#p!1<^99gj=Qq$60i1`Ysc4RDE0-e@Urf(N&t|IFu$^CEI&Sx%QuzAI_|PMN*_{+ zr{h4p1%(P%^Aw1sCsy7R1@Oudd<75V$p}QWwlq~;+Yl4N=n~|=2$K6{LYCHphtYjz za?Mrw)%(p}Rolz|FmtU@O@W!E$>dPK%u`X)D0XHLjN&d@8Pme$5cCF0VbO$0QS2b! zQUX*~ILXvgr{F0`>cs^le{s_@(oLml;ZlU`r36}bk<*^Y4Ga-sBve|91mB5JZLjp# z*_lfN(VXVu7c{8*I&l#Bxh$n`5|^l1Ael5$zKvOQcZ=Ffh7Da1nwQE35inqBE_dbY zT1zcLCHY(GkD)!t=PRu<#QGFDT%^9IZJ9Hn zCxr)*L6mL;kYfrYu71d8-qQOQ3x^~zOg4+Ui#?lg^eZZgBFe-%Z8x31D6_kogo2jSK)~~` z9s3)4ceq$zrLkeb%4$nNklA?+nX;#ZKgM9v_@AoPJ+9d==q`tP(H7ip&&98$F+qf` zwy=xJRX21|S~N>Wz24eY!M|gB8aw$7sL{bms-?v~%ptkFm zwt!+Gt*bk&Np-FH!diCJ{M{LM5iSM)>|0L~$x0GlA`R+(*%#*UpHOBr0Qei!^&gGI zY=%ca^f6QbD-}q#uRmSV?nFjSU#xe%X4{&RIz0hJ%xde@DFb)TQgIKyJ5xk({(`RA zSwhq6kv?hmNL%EXPNUuAk&w+>U0%%X!H*|aQ3Uxt#asE05ePiA0p0Nr=3VlpU&8MI zpN|Rg2Az2pjs48BqPPJM0MKRO=gJN*=XwxlRvtgmOEWcIhRq@P61zu_B=tz^uZ#qx z=fd(OHi#K`?316Nq)rv@N9czYC@V06M5xx zN_6Wa7R`2vV#eKT65^yJ{d?1%czU8bpG!i5b}Nnnx->c-$1W$Sp@z^_bzr_X*8p*9 zQ~oPeYtVT6($jGW5@P|q3#_v&`}KH0+%(4c4F9@+`;9aH65VsNxJe~jYm@a^DP-~? zKHTL~X#Go~%Y&~Qa1rvjO?IzokA5y*+R#(zif|WuErktM=sDeDu^dk_mx&dx6N|M8 z*2rO&5{xbI-%n6hBl%dwP;+Cm{Ee1G1}o5b!3wmNf(kU-dF7!GG!sM~@Tlv2Z9@@3 z1on96)_Gk8ghXVvn?Sef&Hgb|^~EDA3}%zjV2kSHUlx8q!;aqNLVIaWZZhJ3G*+`2 zJQMZD>@b-Bf>bY!66+Ae=T>OKtGAqzW);UnxDq+b&*49UCpKXc=NhLN=_xU^1_nP& zj<#FIVu)eLWOM7so4z9c;=$UAHRPn$7Y&VX*`K|Ne2Brr zk3Xsj6)fG%Y&+=MI~(Zo=X%KYQTH)bK$-sU@NJI(nECO2s!XcTstMs6=ccN{7*~bQ zcJEd*y{2G44pLva)b*mZ0F2OpgMZA&=SM4l80fFM|Vd z#P>>_U^1;9R&?-nldC!Et%LS;JMFN`d6V zP8W|*E?xWFdvkd*ViZyFs)HK%f*EL97GsQ&SjXj$le~!3nKZ?n6s!`i=-g$-sK)sY zk}>A=FH8m)Qmgi~`V-Vj*oU`iFJ}pW`gLc^Ww|{Ha$Lpv`$J2T)_`J2r<2CDCq{hB zyPa48U##Q9)9r2l@x#hnv9^`!F}OM8lg#PbJCtDl2E%<{Q`0HK z%9)-K%-RJC@M4IiuURV5mCar`79lG)D7|G=z7vL}h9qnrYmOEDohb6xS*Wd zd3G_o?~LH)O@)+cqr!dFNUij5nlqd{1w~#eXt|he%}jckZ1j1~zPfWxX5lk^u>_{B z?7b3Q=zeCfywBEVjmWAV%?e4w;z7IyvZ;(m26pcDME`t#O6p3-@7vQzuXK~Opaxuh zn``zoKf+eV0M>(2lUgNs*_-cx|Fo90x(O}B5JRuz4s)$6N6cJ0=Ib+OqFW&sDSYL&VwV8Rg8-j`%kbfhK*DQ40Y+dM6mB$ha#&)sGnS6 z?7T{wOHfIKcXIDO;ZR*NJG=A2S+GO6kEcL6>^1Ds%ZG<0vK@@knD)wG1v5sNP~C>X z8Sb$h{?xe>?cDP0o~?+-iV}B+)l2EZSH%~^mACx z{gHh4niVhGht#A>vaEQb_mO`^ZK|X8xD9D!gtGW%Bg+}q3&f?n5=h94{S3?g8tp6=;{6Z<;ox(C^ z7l#_V`|$D|?BS7r&A}1N59hS1_+jfB`G@{pUAdSo?spfwR?`((3Hnml=vjTa~y z_pSedAq~4Xy!|)#@Q2_vdsqk|pJJI(BCT0U0hPa?dEyvfeCmivgev>vsmB2GAO=g0 zo75^=jAu~qo$H51yUhUKZMNXSK{f!_)T*a5; z&tUNb!QwXpNoK}f0sSNoj;-ISU6x7Z9nJ`} z8QsdmVM4z$@Oe)w@MYVFC9^5)jdWltGs{BQ{8G#1k2DDyk@))Mif z!`GhNTGB;kItDsyWChDH+Vz1?d#O1%-R*E2WgTx_*G{SW_4&Mb+D-M}&Bxs2Bv+Ek z{X&TZz+LnlwQ%25-ng7%r2g8$_g~0{crj&aHI8pg_yR)}-!S zXcFOYxmyr?DRsyEb3PWf>isD0l0?BaM0x?>n&`U~Fy;)%vllN$!=OhPe_$dte3+%5m-_bc=6Ndh->>jC2yH-_I^HXFJv zyZbm{J9onmo^d#0<`;qDU zwbHec0I*$rwZ^!_g=}6;rzyOXC(t4cGQ62+_pnOa-pZHOfWGYUPxZ z=;|D2OWwdH57o95c#(v&eBXm?Wo?z%feUPD+d zWnEln{d#9Kb4#rA9a29zUbtWs+DW-ca4N2@goB!)g_qJk7dP1gmfcsOo6O#2jUef|kTkZ2WqHPb@^iJa;w@7zbQ zDpYK0Dj@2)LZ&W4jZ89XPEZb=m!_Ot3PPs_xNf6O#dOCSP7HH9Ld~aSE{|h0Py^>G zJ9ki`B5osZ3F;(pK;XxwD2vH(+|Dum$yVp0DUu1p^|!@b+QjUnE_Fc=8nL~d*2(yV z1W}Db(AT;BI~Z_p)}r($mz<5eMgZStgEpHnoI`=#*=(7FC3irrEG{U~|J5~eqOi0r_x&hr|N#lekLAl$-bB~Z`s>-bC8-19U`#Cb$QwGK@ZAW7NMPCc2 zyVMK)iaNbdd~YJwR}rST*Xv{b4GrMn^^frLexeT`&_ZWRlyHudB!gY-L}Yj7OLu}W z7h8G3DX<;64UcKC^BQ2H99?X!$Z{zp?yqD`MLoRfUoL**hoDkX+^ zGx>~yF#FRhvTz*1W+YaCJ;cyA)9`oZwF*6Ua$$+7o}t%zv~2Q`G|m^Hf^*eor{1-(M~!CGy7%$&XrKtObL za&4g`0X@?&vS+)@H2c1NXOs1CV(->Rq>4uutL@z1-mKbd=3&}Gp$#4_C$0Z5Mgrrj zc&bYVav2`wa&vL;D$iP;i4HANr}5r8Dt+>_G|m-Y!8z4)7ARfr#_Wx`42h}^9eMg{M^F6#F#g3M_r2P2^&s}Av`G|1(p?m5&aC-AQ7x;u z+r0cZTouTgcxt;k4e_2?O>9%$gptor-!5n6jv>=R8#+JV;Upu(Vk>^@KI!63Cl40b zA#%$CE)SY&{U1s^s)4z#(jN)FcK*^T7=8{}cN+@nooSHomYigNbG^LK)F4}xchE$s`fB{Z1Z`>?2J2TP+NYhJ@ zZy+I;$C>hbY*T*)+gg@ddKhOZe5R2Djd1BX2z7pwKiGLxBNwDSHab#g8k>tEBq6-5mYWPS=cvd zWWHLoasCVo6vnpoyffq(`Mp&L#boQl#50%pgYEtNFXbvh%vmeL>#K?3+m~!)g|@s5 zxVFZqFBW=K5j0r*sD?ddl*}NlE79-D%IdXuEau78GB{Ui;FxxJKp2i3j6VLxMl+c7 z`NEk27_1j;v;XXv$Q~EB^1)8C7_?cG z(`C<(A#rziX8TWdd$2AFjOX9`69nVDS1ui^Sx;lS%@s51sN_An%r8!PeMt2olLiQAzO-~_r zPK#DCmmOTqbTSzd)9D-BpQ8L5*>ru5Qt2? zFaOg6H`*)No&)D!$f)3kPD;_ebf70Njd1p@2&aN~rn@go6`#YG$~R+0-+9J)9_|rHM18~NK?E7)RVIl0rGG*!oini{01qZdz$7f)9N{p) zIGD<4MS$YZ_sKrVtyl?+s|GomNJ7w%sDz;!M}&1fot@IY(X^aRvnGhQq5lCLziJ`_YXpWF3le}0)5AL;3+A~D{jR^C@kls`W z4wvAuf67#)4n__EJf6#3!Ia=rez;!)Gak?D5(FVoIdA?>msxD#XsflFb+&A2FCEWm z7L<`e-e09y`kdN`_NXmpliv5GvUm6I!@*rLStRwAEgp?n)Y>&OQhqBVAblH_C|IhQ z66hzlgC5Z8^VXUn*W?>dW?j5(}BU_91A*y69U%5h! zi>5DrD-b_RbQ)w%7nzK60)r#5{frpwBNRhcS9ft=Jgc!xd)@H+x$zFgQ=`{pb%)5b zdw64-aCGTA-U6Bn`7B;6CV7}2b2xAtbZ#|tk;|c44oP0a4{P;uCZbQx$9G=#M(h(z z)i4VydTPY``XdsRsZtZda0KZbt~ouPFllXcM6|yw(O9!UhKYi&M%R@|(|k#RYBnTw)uI6y}bVx5(A)^$i%q7SRH#4zoM7o?S~`wH9YZAHLD~ z$A}$zm2#~-IsmZRSX?XYBlwG?Z3rAB>O0C6iSbUswi1eu=I`o+mJ$5phnRQZ3aQi` z;Z7=96-SQ9fL0I41pf9=Gn}9@E{maxZbet-bx3LlpNIB!C$%ol+TR!>{x>C+bf1IE zu`|RQ;)ZOq$WPX{;r{nzZt~xg`+eu&#d@^?W><6A)XQPpumsI&z!}ew(!5$7?;w@3Yl;azvnX6+iOu);GHq*oM zEA>@Gq#I${BA$3+mm-S_b-|SIv$DI5(rs$oFT5Y3Q4{WH3HFqlx!*_8@zf*wiL%5~ za+1`_b_#*&Y26}9{hoxFrsT8xF8B;dL5mp*;@Iswq~@jcCfnc3*3s(0gsdzV_J&T@ z!-_TEf934~j9%%q7Mv)>UU-k+qAKbrr^-mp?Wuc*<$kDgF>Lz~58JDZwqf?^3#YfQ zNp|_Zl3KI)&%Mp!%r^8dIJ=%VwNmp(xOv>*%QUOMrr?BHGrVrvw^KCZ`1cN^rfk72OU5vOpZY`xOl)AcFp966+8)_J7 z)SF+<8kO7)OduGUM!R5UwkKnHv6d4Xm!4Q$!uMUU_qOBohD~H&ErxZzC!U9JVS)VS zD5E5me~peg%Sj*K!B`ek=nkQ+h?x{YlWI^V6Ax~~!OJAsM4UW3f}@0Aa4!C(r3E^u z;i(2#_tCxEBhV47@#7`5+A=!FYR2z3qhTv8e^EW%$77?Y$~S@F)Wi&#G;N@) z_?z?VPSN_pfOmmM^r+qPUY8ACaMJKQc(*Gs%PtW}$Tt>GNxvJW22wSU(V22f3uYWR z!%&;Ih<%CQbx1}V#bG4}k8jt}!W-CNHxE$i#ALXHTM%ziQQyz@8duIiwb>ChQcPNG zisH+E{lo4MK*&e0RH+Le>?dG1*;`KUrdvlZCyKOYxHc6{n!GlG6GKo?DH1)vL+OV% zw!?97%9!yn?pTVcm`ykJIXmicP_s?vD=S?S8|OGr+?h#YDb{;Pnr?hB1)BTzYut;ws9 zV}-)<6+FEqc0FH0&?r5UV`8n~u5T58Kl6j2VUUb_>Y_4cBxc|tGfNE17L3$ts2|Jb zGIY%mnsvoVH%T+x#gOEy-AOrC7GQFNW`#3&vUz{{<%j6Gvw6C3Y>8{`15F*S)X}ch zJc%aPJWTngEZltt=z6MKO<9Ruw!kF`ja;%!(84h@;r}+39PRmVS z7~ur^L<$j9{u1#txvzKZkO73CqQ)s+L-L_MXiyF#hMQrVk3x_dsF32d5Rf(4L;Q?1 z`;hnU5Yf{zRQ+JA?{sT8z8~!sX$V2jyZz%u)bZ*(^1W=mD%z}jenSYw#5Ua3m%Bso zXvO*6L0&$mF{;_cw~0_nzuTgZ$TiE@6D1#P8{chq2{7QDKp#^&0U{iOJ~cK{56(3Z zPtoA2W{3^+k?vbF#k_$5A|NeZL6rpY$MVm1x2@2#^JWFRAM@r0Ctq?3fCeV z+T!zb>%J<_O@G%;-!$OEzNEJ-yKiDQ<*rsIX=rWg&p3eI`44;{Z0ls5LUPCUX|&@HM}rCkUt zj?SlkVtE)-Z$3GjpE6n|b{&S=krf!mAAv49P(lU+J#tL>_#?4224ni^$}Os5wZ4|5 z*28ShY~5eAy!dS7!qMMewkyPowkV5R4^Gt&1qkR!905IJSdKCBwRH=&zn5hkR5ctS zCZv(n2Iio@Fnl-AXHNlrLF3Aph`b21izKtR$j7BA)RR|TWKmnyLM7haaK|bZOJrUu zpxS05Jn!tkIF-Bgnb=ThZfRod;8Jtd5Me?pndM6Z{BE(64mN@q{kjshHL7jR<`YYG z4(B)84P2W=$|H8CroH4sFmm4P)iH-1X6$Os9rTwD4n)BQR5GuKM$;~8^l%+Inx8mXD6px~pT1P8diCK^_I#4Tu*y4PV(dy@yED5FGN@0}48R(|U`7 zq+^*ukOJ*w%4l71Py6Kyic|S9D;>kjUGr>zJl&2PsWqK7peVnm!@Wlfr$z!H?S8^v z_@Q|2OU5GyxS}c-SDouukNvotW_n>Y95mqksCczQGr7;7+3(O7xdf!X9yQPJ$h{_| zH+7oXqNU-WF<78*NPzz-AU&SK2DUJR1ts$-yYV2TSwur-TO70cGdYtm!&wZ>Yx70y zt>D9q+JvCdcb9tI%I0)|i9S_zK9Hkq+mLKH88?C5hxN-of?nHT_l9j`jCUn%;G|(L zxE_Ai9ukeEQ2d%ABBR~LsM_iqL~cz(KEdy&*|;Ec+Vyj2{!Uv z59hK(vU@iCut%Qa+-eX;NnEW~=Q(X+Xc_tfoZn} z|6a|tP*3}JK{>$n{By97d!Dr-W40-N%6ekY2H{i~ILtatGqCt>0$0@k3Dr39l{-L~ zi?8Sfc7`7_%Cip}EY3V^TV1iMZHaj@O zy;?L_#5TF^9W=|J+n5uX($cTAl_3@e-sSYPMqpA%W&uic+ca!4$(Rf{F-8T}s8f#m zg986@FrY7_Zv6&7J(au@H&uBqZ%=rOiF}z8awZ2~AK5zwGG2@H9VeU$2Qz8OrWrVV zbra*13Gn9bi3^{S^UTCi+O<@1oXPwf_GYJZlb8>|_UMpWRc>(uRok~H9jK>57WO)w zPU@X~0WKg?^c;Qe9hc zCsk-YdPbE@ou-;HqbhNq@UCQpEMg+!Pcm?AVAFGFjfWIOARtjQLDCR8f6nAPfAQSY zJ5LBTIC2w@rVGUykCaAkqU)kobf~NkEETf?P#(dlrDvY~B7`utm|VJ?)XdJ#lrhwD zu#B}_QyEd&RFGx7hoqNQ_o7&*=RKw=Kc%e&DWt)znqyGTyq;_G*RSf1kaG#5s}pm} zXb4Qr+K*0U>gUIxcOln(YrUQyV6JdBCF^J95BqOlEm1(=!F=c0>w*bE1LB%j?4|(T z*$+nPn?S4}%&h`Au#P`&JmQsXKaOi3vM#uRC@3Mh@cMv0uBgfC@DF~O?s^%Njg&{c z3UK6Px6WKP{hllNGRT3hyDJJ_YK*h9`xB-fveU--awvapnJpzZ)1mKG>7DCPQbVVt z(BMywpv8#+*Ed=%<_jf7EzOuUUZ7##vt@aGeU;Hl-c#CnYf?)iE^pIu86yvOk9Gsu z)F+`+2iufJlDUq(!ac&3o@zUSUUn#-(!3G9j?pATX8%%AvrYNI;afr`c(%Wr-@q3t z{fYIS3;jf7+6d>XX+H)RF&yTdKYmf8wnY4Z4@s76B?3lru4)-26rwVUfX0ZMvc5jW zUUa?S3iK_q{;AwB@=8^8_gjs+p3vA`k%OIpru!mU_mF~mWs7=Og`*Xd!YUhEkt2VF zCyzh{)^8-kP1oDgt4|GSxLys7;$qXZbFGr8W4v>ZTV8lyg!s_48b)aw8jihw&QJ`S z#`R*A8ySWrJJFF3g?E_c0`%W;Z|G@dFB2IMMRBxl1J)bPKR0x!;W*Wcu3XLel((n$ z>w1-^XFgyF95rn@zst~Y=0jELrA?qSEZrvgjtzD)|BQ!M0%4{XNvfM-_Bqp;TST(s zxYL1R5AfCs$eB+CM-p)TWcEZ&eSW1i5&4BRw+ErpCy?olOgklV0ymku46>$;$iFD; z)9ph}!nROvZ@+!@kczevBar_znU}&Q}h@)tKD;H#JY) zbjIJhe&Rz2dqkBz9UOdj}AjibU(Kgg<|ngVlgt4jA%SYABaKQ ztr*GUlmb!8qO8hh)v!Z6^3v~gAV3n+v?j-m`Ok|_y!~dg768IhzCX>Qbi0%rQ{5399+I_U{f;-Xyfq|eHQhOLOcm5)PpeDeKqKJiw# zE)o8fRzvscEO5@W*5^F^L!ODyXS1q}Hwp`N#xJwZOD*YNLmOBG<7+8lmjad+m5Eo@ z9LLhA8C>gfe8%c*DiqQ*DE#21Wr$sWY|v}mjH>3AI^Gf!PQC0?wX970f5M@0^*K%U zZwfT>FQ3ZhtYnt$ZS=%2ZpHED-{NAO-7@xx#ZXWU zG&T&L%0lu*aztA*dHX64Zq(uhF0* zH7!QaaILxQpgAQl^B=&yS*+SSxlw%V`T*tCArHmOt`HP-=w9J!$g4DBY+)a1x5?8a zztB>Yua}6doR@^WDis8;;Q_l__Xy$NbCWH1%?KeojyfwN|8- zm6OJTCgS@52n1bAQk}2JF-^ueq?`gYCn8QZ#Mq$R@m_27JWjSN0NDvG<`-5D0`CK3_+D?FghC)uW1#{(929WD~Rr9)w z=r~ijX=Yk`if};4pty$+)_YQ|rWR_b#bd2*XOU^-wjXOfC#*4gxcV!6$?^&d>#spl zuj|)BIV^|2~@hx#+A*>5@9G>X0OhjCrg}T}}SdW3IPnY?c zZ*I3tvQX&CbQ4}qpMW++4`9pc)l*86lnh85gQmh+KbOfwJ$+>!#$?_~ky^cW2G}OQ zYc0n>pD1uJQV?PKY9oH@S0AsmRDPLP)m$}Lm#I(|>|K<1?c%Q62&9l#=x={HbX44C zzX&C4mFfvUP#c^@zYS!Vw87yE?|mGtV;@D>H*Xe8_C&z3Q!F??0um>9=po2Sp6?j% zvHkfnkbkzmawdn`prBfUvtK?I!P6na55VysjWrE&sxZAt6R zn3#F4EPD{56gAlJ_~V+?vv2Q1m>8_>-kSG0yYaGuLrz&Etf#LpnWYpJ{Au;Jw$A7* z3tE5LpeTbH_#!X?@Fv4z9GA{vuZG@4{VLE9?q?5b`TZaXSAHnAkpU?kG_(D*{3hzGRQ}<@f9cz zc*AlFxDpDiCYs4G;|^#Etx~3B5>=ectLV%I+F&){SDgulKguKA7(}RU@4WrO^jK-jm z*wXRge>~}?_7`~ThyNCQ-u`_`hI(tz?#kTzk9QReusJD7AWL@hnRt zCtS)WU==s`i4y-Gs4&A$9RyZY^{WiRxIM!(0aS_hePfK}VD^xT*EE%0MkI_pSvnM( zl@1JQ{aE1HyFWRtKIu>=v^Ix=H>+nmsZV)>irFr&p8T+bo+io)Tk2WB68^XE9vB1l z^hFdul7dpJCk7l)Z`s)mcHG{F?ax2YXH%yTG`&qJ|mz{K$9l}=UEyld%tCVgc5cg}WLZtR0jrF!|bu9y3V!{p8l zL(ht>pa;wFSkP0P6J(6V4#Zr^sYFk;{^k~DPjG))K8G)+cugP! zHAb-{Oxk>~4lpz#*{~O?*BFp+-BSVBXCP(33r)Y&X0yGyu4k00r4X~*bEJdMCCZ8o zO7+u$l2QzH@OJF-Ji&1VC^Bg!Gl$%3_697q#f^zL^FQ*waECO4Nd?khcvfOjZ`s{+ z@!HqP7ros!JY!^Evuw5mZjoK|Nzb+j<^r~EIOT4v&E3%t1?e>tBx`EGbss1UH1WUX zL=%VZzH=mw9e4kZ$csAbVq&N(=N5x)o34(N2=J?0X<}r`I^@gp!QcIu&SUvc&~nDI z#VG6{@v-Um{z&kPvuBBgIhef^BQX&snf4X~3uf&W#*NJI(^512B*o}1`~HWg&mKF= z4CFyj1CgxZ4YG`H>aYIUEudIaq%HH8^Voaw`K2Y`S*>)kS|Df1hFxpxqKcG2IM6;k zO=FN}3XR0)@Tom>V$RpkTnh}&LaL&Vrz*)nhYq}$0+^f*@F_nbAjDRp$OopoBlwXM zo@4fMJAE&a^*cpo<_2v1Oa44t-v9ml(xJ8qCJGdxJ>}|II*vO*fNivcGexUSS0w)r z)UjX1Pj9GAr~Us11YOq*mY$m6A#gkv_1-3nO~Ep4B)+=e;SFW6v2<2X6fErOftqt= zCTdjVle;E+HO>~PKOvaFGuW}kV-QONAlH65ht^wrKQ~&iG240aj+wQ41gzBH^Sw08 z_!(86B79QQvOo|7)OAti;ZjCwJ89FV_rH&~5IXG14G4}IULuSWy42EQR8&|^g;l7t zBb$y&(wmbfkB4I0fjNBIFyA>_XeW#K874eJuH=-?EEKi?F@)kPTrw)J6*4i-^AAtt}AM7iDI zI1+yNMbPIiJY%JG*(K`gSOnc_oprlOT=^RdH=;4+bC1N9Glq^AMA)})F-o7NB!b|x z6f+C4H0Tk+(58nAx$|J=VJ!q8qhwc^Bak@v3hu2>k|9h{Jip<~e;Q+d@F(Qk0WtSe zni+n9(t=(Cvcm+UG}WQSQ~kzOUJHNJFPpOLz?{KYoWg~H#UEeEm@4vLcQ_s*LMSBC zC?+}Eg*c^>s(fBgC(mil0jD`F@4px7hQ6SWuv7Kl>KiIJc-x-A0^H!c6}j^DLfAr> z?_?25XXoz7A~^9SH9IPV0}1gI@+lQgF)#Gt7c1<6-ZD;v)QP??7iXo65*b^|rbr{l z^52#PhkC$(I;%cKAi=V3lP5!%2l=0wtk%8&b8u6{iaZTJ3r`--MA!OX@JN%nP~bX+ zt0e&!<6?ooM_!6Bbldg`X%vZX@ymz$Z}h6WZ=@YsDWJ1ih-*lGu=Ke1&)_~@fq1fE z`6?MetgbJ-_K+&aUslcipWrz~Se@U!=gwm@#m8ZCd!Y=`%O)C*N!9%ODeFqbO420> z8}eZdmiB5ih_l@jGjBF}(|WZD!q}gfv{)WaN;)3iO}j`~Jc>}d5R>?~8lHhl^Y5)O zEK@m5_8~1EtOTD;ewX~cYkyik3jzOTkTuX@!NC(+qGlBRYd=vrl+A&a<=?n7#%Qa1 z4423qF$)6@m?}fm8?KYnq@}3f8i!J+1R(SINI#X(ad{~xuHr@nqS0{lz- zOZl)1bfnl)nx`j|RhuZ+3Jzzg4w4luB}OcjCDBL6$vlU?EhG01BZ^*ulk-L~>{hjM z#>-(h`qpEq^?OxWyid7vy+*fjbTk9*?taVD@+a0^fz76@%r=Ij~`cO*|%aR z*L5-cd=8i}(Kc*YpxPPX>i2niPF@%?!N9+)ov6z}?*Qk8n(i*GzZ9EmDv@&MHgL@w zRhfcC1FLyc3rk1$OSnIhHcpE)kFdVC-Hn%E3E?eq`|}=t`#5utCgHcJ1>%Q8B`d9e zQkN&6uKTTZw=$h%Y+*f|Q49rx&#aI1C_#Ugok5(`knAjdM1pa$FQb8HU+#0y`(6?3L zdFqT~FwtS`74bg@id`%s05^z8aNt+#*uI9RuTJ~8Q_QZxknZebw|m}pIxQ-BZn?He zPJ38=yI1{GI{1+>xo-9uC5JYyFKfFg+_gSYJ$M=t#fM3W@K9McBO_>YI?Ljb;l|0q z<6Fsl5;8APN1P?U4(gvic(A-5axxnZIt$x6S(z>WsP|VsH-B;fO5g<5=y8QR4zqpF zNlIy?EBpE8(JVL(>6pte$t1H>H=&9HTnHDs4qii&9EfX2^Z_&)@sH1%k2veecZ{#* z6V(M9{xW5}n0V%~Vah-k3MjW{l2LrZeJsD@_Z#T3cHCzWahYY-#f#_qq#zbQqX5)R zXuF1S1z65}z2yR2gX)j4kZO<0=jy>^v@Xv=a?1;Auyr~An%Lzt>pZOJ{7S?wPep@ReZpXKGqt9(ZMjYo}2`G#{`zs-aq-N zuP1m&-|@|p^SNWjPm84D;a7**9b&;45xq+4*IB;6Mh)OL@S40#6F-Q(Ssg$TG=TzBDb&*0-)c6Z0JKL`PkqGWH9- z#T<(t5?%oT9apSAf3hKMx#6DvaeTCKyIfGdZig2v&J$86ai-OjVYAkf2vPL6 zH`%9cyAcazZ?`RWard2Ls5l}=-T8ck_Pd4`HsfTE%)j;1DysF#{#p$S^Cvg!z>F)D z2?}By1DF4VfC1CEco;c$3xPIp<0Jdc9?) z=l!vL^3kk&9k=-9}kc7ika zRTF4TV$BK5b>05a(2NDcaL|}tk8U<`@DhIN(OYFOEoNg;30-$Sx%xsr^U_LyhGqLr zTs?Su^s%2x*X#JgiQ#&m8TkAn+kfm{4NPwzuIyfHd#`QVD^|9TYioePxyALm4k!nc zL@ZHQ8CJdg4F@VjSdHgf=R+dah8qLi-4&?U4!m9V(pVsy0 zPN{bZJdO!H>?o|&MEXXriv~NiBeJr8dMj#MBp;T6^*%`}bvjrMd;Cd&GErHeUqEWl zak3*UBBLq2zZ!OEMU;$)Yj#U3{iweV7T66+-RIOgWFzYuvR1>>8=R5~<(69-heJF#0ylCS6=EQ#vIRhUY^03BKzrMZV#}j0ZDTw5V_eX;= zc|2pDaQ0`PKSXRheLW6iC4_jIne+ysRmR7?qDby8L^Q^UzJhml{=>Q5h@;YR6c$R{E2;*VlGx z8)C&e(rB=LUY~wLkoX@unbi*ge*+T@7^%N^M0;A>)wl>vvLlmdp0-pwiX^{Nck!Dl zugzRuD?6J~7J`8!R{zsS%`{OAoFu(`QvTu#aKiaCV+zl(H$t9VD{~rmT?73a+kOIJ zLJ+aA#GjR3756zD1)ax`3KUZVrZ>gr(`$A@N?1Vqj03?HSV;A)zm^DDF}BDZl}7~5 z-rmAZK*!8{4v8f#Q6>l%oWY4ERhr7;To|Q{YE$9-O2Aq)Bab^7D5m4<%1gYFw-`Sg zRoR3uCrJTy$e3T(JL9I{LnGXx&^g=B*WkAHWN{Mc7o>RqZa5P6C!2t~ukAE{%Ir_o z=hA;*KHsdX%zMtKUk%0h1k`~5u;<>Ze3WBrK1AE?L zPhR}Sf+(HdguC+Rwgm>%W3|)Pdq;sE|86Qu#(eOr)%7nL)t_&%cp^9}csqZ}S6a;3 z0{AvF$9qC2IMatapy=CpmN-+>tG$t}H9BI)QF1itq!L0?uDXQKlyI2^`04}^K0fDo zoLQJr#DYpd=p{I#i+HqH3GQ~ZH_y-1pkQ2uNFFAAp0y`k)AX*r`S7OxkbBw+naOGO zn{%T_1B#!zm(mj*sp%X^B=b|YL_3cr5T2hL$5CNE*qg63^0~-h$KA4f^TL{}l7bzg zy!P)a3ja-h4i2^jdsoe@X)5C0h%?!4T~Y>>d)77;y-DF`v7`fcdh)@!hMQBEVw(fe zHd05w1|pDV{4BOjbfWS+1!s)Ujo=7&TE)unLk{t;H>|BNnq~K;k&Rnz6V{noK!{t| zQ1jV?^2dnVPw#e>zw)SOp4R`-!y=Oab4d&)Pro4;Gyr*o0juXmf_!o-;YFsSI7Sbj27%N}mw zczCZvLy8wMBCA_)QcUlBbzsp15IES)=ndYK?XuIwnbX@`S z`?rjF`R`IVl;q&KZDqv-<%}zJn7;4*xWlR%SLasL>;%Ho529xX(uc@@C4(ew#^<|x zFS^vPvfGhgt?S#`I^ThF#tfg2XS7v0LGig=V-hn#k^;_}UNNDj+&Wspq=bI( z0Tf>@-0fi5r><@75Q3>R>M%ci%}$Dh3lLREq*i0q4ktaYh`o6r@FLtm|beNopNz~e(pA-bu^q=YK?ar^?d+1LXK*f+w~~;BVDA1xWX?f z^QGpHY`*`{uX@nk7*17Qqoq5MNX@C@kgMK5E`r^;8F~yNByZefP8KDTr)F&ZzYJH3 zgpL-Pl9-kq%n^-ccToE!s^g1-py1V;?38>i*msq{{vkV+F2aUiUQj`I(UXfL7;_PR zS;8d+DBvUB>)_GPO}f#CUwg@%{Y_{XZx$l{&)Nl; zLl!|1{gmN64-@3L71loPdEg#n z)$Dh**fRgx!6WMM0>n6Ru(<}0lDYBPVN`&{?5GvE`J7$}Rn!zNYaOA0KA!hW;c@}D zAFq;#A|FV;^I??cQ67m0hAuh;Lr2Lyx4qRG0vWZVh|TKrUYz2O-m4?Gr`LO*&o0_r z60NfVYD{yVUYWLzXI2Y#LnTpGL2xW^?Y;O zb~%4;a(1NA<@HdcSGmD^Ibv3fBnaea(^#0ag$NFx78@pZ_Q~N)ds{1ne*&*|__dS# zMWZ4Db84_0Paz*aoDYg}z>cQ`wxqL5XkZAC37&J^lv5I8YtwHk zF_HHgQ7T^!1~X08$Kn8C{pmGA92aS*8n$KDwYRpxoYrR_qUAYhnydyull-j6YNaN) zO37ZL*;1?6G;4@sQ1nY_hXbq6&gc95uP|K9b|30jT%)5K3)Dlj;=Ah zuCCk0PGdK=n>0q#ys>TDHg{~Bjcwa#Y}z?oaKId6$FHejyCf=MnA;FFgOL`_n z0;4!Oh}=m(%z032C@nCTQwewaaJF2-NnX}};Iyqy(U&dalcS3l3fV?2}b)?#VT599_!ohYgJxev`8Wmv`eIT2tDfm6oGe z_j~5e{*drhFy@A_U@=frPbvN{hJj+)06)Y5pFRbumA;oUX_pa`InN&Yff_Ki&5&#+ zkpYFNSFwsY37%#{4~*K4I#;v!Q{P3PZ~;@R6~6eJV$ z(h9~(lMRygIV#&t4+`pP81(%jQ#$)H!>#Atq_9T2k%gd~1h$2U&Q5Sd(Akt=lBxzF zYwpDVdf~!&*IFp|yJy*luw$sRk}9+8S$2%FuLd08gJSU#vXa#=@Fs8Dwzr<;KqhR| z%WAhaPE6;Pgu#|vi4T=!n(*1b6R@nR9^^YfYQ3- zj>e#1?~l1;Q6#Bod130{LoE6bfD%<5JnwF$#wxjun{_qdJ09o@Jv^L@i*ww`;Tc+W z&N=%yIne4oh1sbwnSjQ)*#uP`WuU)3KjfX2#{b0NBT~4gRnlTpgty2_8vCQTqG5X4 z+&-@4Pe7~a)c3&YQJ<ln(qj<=K04jhE%dx)0_-bv~t_0;GZFICxiB ztj`EM_@?5iLD`(jY3Md~P{bt%!{~E*(eQJ{y1R0{=4k)@xC0o-@dX3ZDIJoQC8i~0 zs5MkK7)ofAR3A0zkDEWuU-`Tol0hEBE`*71CSM=Fz?LYad>t8~-&&JqYXK`?zV5@R zw0+16Ga<}WJwJNb-Ko&C?b%RFKRFnIWPdH}ZlTAVn>XaDIydtaMW6D?qb21tdU$`` zxm{B4*4+HZ3kLkkSF6r?bhRH}Agkkv#Nwb`V8MNu3*B*qE}aecK61Le51Z&x9alQD z&|N32iRFAqPG37e#pm3(&NQ?RcqPkE0Mx~BV5L~kNR5D_5+ts1~Mew$iy0xjd7WXU^-vz2408#h&REx&VmylXN{h{+D3c#MhW4$YNY{BlrjC!`6USs# z-vZppQ*554+4;$!#2Z|blo}pg^a?(cTmYF2sEGG?LheXBOC-_x2rhQQDTSwMk~WKU z!S$W*ht!x%z!)}#AZQ(>EdN8ttjnhvXa36%lqW3O)BNhCbf8pmVQWKk7A!XRw; z)M^aJN!H35-$4Hf_Vo6s|E96-cP~W%q}k>q^w)Cr*!(Evgj(4K`lC%_Uv(Jy9vWV^ zO1F7A));)ODyMBN|7&$3wTSlTyd)(tv{9h1+dD3F1mP~1-s_c_91miaOvKp?2zC=x z=*DrWaNO3kw~7)v%Cuhsl$qw1dX&9|T-%84wr%ZfUYB?~4L%$zHSJO@@A3$N+U-x* zj@Jb-bJ#wyO#CoAoX}rA)*~eZ93?1byNzlBXOhjN_)$W+fMxntH4bx1uu6HP>#8`G zsc+@-B;l6d!@#QtLN@_~_7S|*(5>?!*3zQ2yn#uW@%2uv>T64D+kku*_HErzP`u>k z{WbEOT*<)6nf-cy_cYUKz04X=^(!p4>XC-WZNoAMukXiwKWW<>=~d-TUg9^`Kcs=9 z{Wx-!hIg4aRfZrYG}iI>TpNf9O_fHPGn7Drf){bjqC9<$+4WwrB6B>3Q|JWRUKQ@1 zJj)iYRIA^Uy!T%I`%akc5u;$|^KDmY{@O$pFXjxdRm?|ju>O0eKn6Sjv|wBkOf8b6n6wn0X%OvO(-*NnC6qD5yZf<_ZL_*ZKKm z*%eq(SFKw?oP!~43q5lk0j!$?OF*%4^15lG+qjT3n~jc?-N48#2+E!WSZ{Hu zZxro#PnTPOGhXi)&A!5OIrCHn>LfQ!>@|I^1;v&RI?wh&XUN_X&DDJe!aIz+>g*Q_ z*_V1YYR3av_aK9jB!iixWD|APDimWY@OP`fGESi7=LRjm)!&~Kb*?msg#xj>t}Coi zHhNm{C))Run`j^PR$`ozB}f-9f&V>4&{&iI^~?Y`{a>SPYEY|D5b0^YA@--kBLT2R zzetLwC(m9-8~+K~2hHzd@x-LiLrhfc!?e3ekQ2ui3#9qa|tfhd`kK(B< zm3Z(hq5jFc?zmbSo@0!iR`zXv;AWt^ZD5f6t-Dpm>N-+=2VtO)(WgP_Z$)w*pS8tU zpy$e!48Dz5kB*dj6AyCV3Ca0{rw~Ga@ZUm!*RY?dsrcvs19X|FF0xh;fr|T;8tM+y zMj8dfbLSh2Fgd0Si=dUY4rW+=l{;cM-a*5I686vK8QWK3Y?qR`3eLTf7`?KQsQlZ8 zFinv7v)^`^*CmDv8&-um1En@=0yPyd6kYzIpRKc`!#^VSadLlf$Q~`~=1h%c8Q}tB zz1|s#)p`{KKhd|c+wBW%x)wMsG;>O?_-MKfxDfta`Z!Hh#Oif>7gMN@wp{C|++&#E zndI{xjL=0ZCxpNwlKmObPzj1k4K@@ZRaOrUmQ)hhP3{P%ehC=Fn0q|dJx^Cx_FW|; z`1ckcY4PwdN zVf=hNk>ShG?ug4JAM>?(P2Ghp(c+>{WOJOLJ1{pK`|J^GTGD=@QI_fhTdx+ZQ!`Ec zvB1;Grxpy_1qi8!<#FVHH9$Jm6}y_rP_+nc#+~w%i2I$G8t4uxuh42voN552UR=e0 zYu&4V*gcMkucE@>ZgX?^P`(Q($ zzP*0zD$VOgP>tTrC=#{6kN?4#de?{f+V4?V$hx+Xtew_R23^tI&jJ7OZy zOYOcFf!;xER14D4^i}f$T}I*v2$!KQK90@}inA#uDPXEH&^kf`H)#%2w>fkv3ULTT zuQ-akRE{7;F>Y}!APku1G-eLq$?HOT`A!hk;qmt9O4)+a+|)H%w5iv`+(bPeT0$@Y z&z?P)w|)x+gpVn1UwSwaX&eZfmxQq4^)1#A&Er!_b9$ zsM`zJDYmwO4+U(1fuxFXKZk|%?BKsgg|(W0KY16C>cvY(I{;|1v@s{Rl`Nl>B|U3C zKf@=HhRE>i%7h?I9nuZ8<0Zbx?F^G563wF3%QvP6gs!hp|r1=hBE^ z*486YWGyI6mH!amje$=cuMGJLk4GM+1Sww`vx8s}1(BncbN$ihfY^|TG=&9kHZCMV zG_y~~&*MW{Kftr+dMHFd9ol}9gP1e)5gI&r9E%Z@+Wnm?T@=BcnrGM+hJX~6S~&qy zCZ)+o>CRJ>dpUf8M99U%#}*h?Et7l7mA$wa z+QOM*tB0=l@trJzE#u};srWz9T11-Bdb$Y>vWkGdS3nL|+h^CeVvjBQgO)ycoB|s$ zO?b}rV7wKvnWs@wbuABugp=l-+rchaW{qPmM}dNiwc|jf~fo3zmw&LKJ5K z^>UsAtZxReIk))f*@2K7S7y(fPnY#JznFYK0DV(}tk*8rW|^nWSZlCUH%k&3D(^4j ziePo@U^+>vf$xU`M)p+Xe^~z<(j6BiSR69{rPF>bR{y;X^3b+>QafJW_a_N*q$E_= zGn%50+R+x*jEB=&lShMD7Q;flR!A#}pFdoI&?5H1C;rfM5KGT{KZ#b&Kf)<5EkbhT zMyS<5)d8Qyzh%6$vcLYO1RIB`NuD7W8x$k5+mK?|Q4{rEP0IdEaY;9~s^_w{&@NJ~ zUEze4irRIs(=s?)c~L#adyJ~FefiJ(X<=mR+SiotT`iWjCZaZqMWYmknmPVv^S%>+ zQ_or~8!K-w7o7`1;LO!wfHMcdU$(nAOZl7EM%PA4z)qm@rZ?|o%W)>?Z@9X)3M2N$IA;6Pu@Bd0LKKvQ=!{oE;k6yECO~y^PHJD4MUx{j1e@=9aDt%?_x?W)lM{@n6+dZzxaQ<(n~y3F-`7v=!f?->RXPjB90tUZTUaG_Tdb{e zmYdm;Om1nRyO=BQBwJVq{)h;)vt?=pc*8Cb(7nlRz$2|TUoD-T0vn0oYM=z|Mn!0%c5b*-}WRo+1R^sVFdVZH|HN)%Md{yv`GAC{X1o}hZe7Pk{YmN~J4^SflA zY$3d2r+q)(qnogKL{=)S?>%6YR9IGi_hZLlN|^G$6etUXWhMCKMAj*H1(mi^F;@ys zQ4OXrg@opU=UYi!;DalKbfsR@ab^U~)8+nHuOr6RwFR#rz|g_SBW`P4P|Z~6!b_)a z4HCy5MbWkbc@60I#tg}apk5&=76)^bT|@+>Arg{kvm)pu&*0wk+5taCMo2pzNh9oA z);+Z8WQLD_Qm3L)N)6Oe{ z!2Q*JXgI|du*!}~czqjtanPP)o7|&|hq$u(9!U^EH_*J3H5vzNl6K1=CF)Aa8KcD% zwx7`aDV1p_er$S;e3~!~Mok2Ynm6&BI-XEOJ&Xk`8FAtOe4G9q6_rG>Fi178jhn>! za_tb>h5=DWQJY|ai!kJd0|#$6`j)=dX>5}_OR=fGAuYaODZS^p<>`+nHrN5gO19Rm z+NcCnHex^6896TgVm?Hn{Z23T^%>`pCR#qLH19eee$vC}cqlCwIT zl9Od4CpWir2-Tg+me!J!`}PfF0&~E$5chb`MM!uB*4;n1pPm(~_UL~y__<65r!Sa# z&7^x%QTw{MxZ(^Hrkl#y89DWDfp~C1ip3uOdD6N-ElmX(*Y}3BTOPk?Y5VvTD$!lB zQi4Y&oS-g=b+jPQ5DIyTBlJvFhN`J+J|TCbfXH$40$WPLdaBS{Yr%V=r9ul*6-NDI z0|lBsvu`GYW4YDpLMBs&#)Bkf0eQ7Oeft!@$2 zGm8XzN#4K5jxk7Tzv!>DNXWINNXY9rGqm4Ye$$Z&f?8bx9doKWqw6kFt9B^(qzj#P~UeXy_vAjk8>w#HXSWB$T#4$_~3EG_K!&wm@r)de=a{P5@c1& zcj(j}U+>xO!H^Atb^Gf|HNoEfJ$F_cR`Bmh7MjNS5o2+*{+IslG#c?{5sN!@RHQh7 zB25i-9Be#d%*(Cunk&@z)T7Qh>{`Lj0m84EQvF$Y$fZgAr5*(~f@)fhY3PQ$Zq)7T zs2c_wwq1f^>3i0xdr9%u=mXkEwSkLgI{k=o29VH;QID|~(cl#)p8%iKdW`qL=ci@s zKO3>8YCG`TuEgn6HMXW8mj$GIE$K)AhKsJTGLu`t8BK)xIHU`weMuaKN0l9JBP4rQ zphB#DfAt}es&K@9$liqILsW~G@NBTH)c_APCi^7X*w)Jb(0<|#*>4$lnu;VL3?~X3 z*cYYDWirLXh9kDV+-ib`WdCW-*q1hM%8C1Og5TgKv&Q0aC$Uj*UbO6QQ3~{(a8H=E z4i-N^l?B~gpwL6G;QY0;NQ4i|lg84n$505CE=L&31fhJ%s?*^xpxu(W==af3C|%Hg z3aEkxM>1UV-_K#JmypHy;Fw-gzj-%N5WzPJO#lU*74;5^|J8IM{H^J)tJz?g9t!K? z#$U?W>uE3CshFL)VudopB0zYsA414UWJ&|=fO}sdIYmNK;*UFdt4Ca$cqVaQk&Rf~ zQS?r`;YVPpkysh1pKju7sG&6r1J=|pb^X8(wY-VC80O7=0Q($ty6Y;bE zC$duMgxI6*r~OJZtoFW|oZj1*M~ufqg=qK1(MID=Mrr8g?rpgj=KGbMR%gYZYbX1; zKy#?&v$DR4+lT%1vJ}o zPH!5<&73~o3z}jFfa&WZS+(XG_qjBKJ+P7no=XIW$A^_McmmcgE*!GY#lQtFSxb!p z5gB2J0Fi36eGU9NzUX>Zi2%B?PP8t*kU zDE5h3ut%W`_jJEH-!G>Yzl@s7kGeZv=(s6#S#_?ird~BA0uSSvpWA~e9OTV%1TtKE z;?dZ66}jSu*oW!H5&@(=B!gMuJP1{%; zD%n_zs&eKm^>eWbO&4%%*&sh_LsGwM--ci>gMxc2Ss4B=)K&=nAA4x;3>7pjs>ifq zugIPT9GT&{GKs6P$&? ztCzr+J&|c))g<)04uANEwnKZOSC7Io%Em1p?SgYSIiH%t8Ar9Efy&8n-*01j$sn_0hJ{h@J z4!88FBJFVZj;WBZL!ceVO-N@%9T1F9G% z+~cj1^_9ZAJYS2yoYSN1!4p9kUBBK;9626fq;NH}`mm1MNqV2>kj?N1#9H>Rr(j(f zH^pr3%!T$gp~e&H?v4+{CbtO#aS$+lBu`q2X^bL*47&mqBWeIF4g1_5F#!}Wm&pznU~H#vn+zxJM?pk=xw0ppWrR_G!f>{b^Yx)G0cIk?J-@1y|a5@ z@~y=OueRG4#Bk24{eKfb$)fTsYh1fldYD^k57#wD`5-D%vhSlzQDa92Yf31!77hm$ z8x#R~x;|!rA=Cg8jb6Fs6mAn0xJ4=V23(_0uMuM48K28tNL6`UWVc(fp3B;gb4BH> zLiB8s^3CBL(TTJtN+`vZG%zLPfd!WFg71&P!kCp4bW{0cVf_@0fipD+*`Z8~XiT}3 zAX=67b9(stebU0#m46Fq!9;H)HW{iERJ+Av@vCD6T&hwGY?&TZZn9M4AiU`GAxZrV7!s80d0Ez z5ThU38wA`?%-kbP0)sW#4Hy{Sxj_`TsN1dW=I-hESRQV?>s>*xhSs_fLE&Ml;te7o z*U_7EvGM*r^ng`kg;f7%w|_b{Zzl1dCr(2{pT)fLaIoZlhCyyHW&KF)Jm)(pRP0^h zFjpione7gTHfk%#dnDZhP&Q-2lID-hI5D;e$-Qg1WsuXor2nSW=HzadYqhRq{va}^ z(KGKb;A3mX+17Nhz=y^S_w5qgjpR6cS~R5(M~CpN)?JxE*-t3eIYFK#w3ifCsL#jD z3U;BI=aOcz-3yH-7)Hhka*)tcuYq-~%Cr@VLDZyB&ZKXg254bXVn?O^f0%H4ry^FzWtY#`$K?>PwxbHWRgVF0Dh|-_wk<-0VUFzYj!}3!u?dKzb}UH^?5JnbeH0>abTI%_#%eL>WYN7eWm$rU4p9 z=N!nZlUBa${_gY_GFeCmE8W3z_|d?1p#{!_A#RJ`K52wH+5k2xjzOHLgP#H7*VC0K zZvphIEa)&K4fE37F2;Ln(#^?}PVutF`Grz;A^mD~h3iWe_#b3+3FW4T0a1}t4f?75niVfzH;pxfQ zq9isv)nN{m@`9pL{e0M0pQ7OIbR$k9Zl;h)%#WxSHQg<_L0*2&E< zU`wR@&L{Y1H0{tKs;k8b$@F!02Zp5pT2Ok<^&;bxU_r<)&eT=Fef_2b`PnmihEr_5 zy=r=(o53pZ`?wS8M67f|v4{dJiyTE{P*5OABmn*VnXE6ODr_=FuMk2mwH+-jib$3S zqH?D4bDQA1f$wFO{4wYd+xPe~K&<`K*Vd2GrQqb1x>vEXpclk!fEhQEfJuPJTz#2y8xI5L&^D-+or<@yrBxz7UgB?*BT#0ZNXTfe=;dmY_d?8A_4-NW#2?c&T z?s)dM=8kIatUh;GwPt4`qNYxh&V9eE@{Y@LjMUFUu_VEzJ2GZ9!>ZOYZrskqdvTIu zA##5v{gy4K8e?9w`1GKg@c*Rvej`Xww87m| zm?;+GNd-us?++ZZ$p#}u!-Nw<+gh{gqGnRq{AD8R7A#S|O?XuG62Ai;yVvfz%1WAa zK-depvduP;p5|LV@PNqm;#n#TlHcjBUD$ZdGlmkhn1L1MBaRwa3K>)@g5xOQoFsV6 zaN;1x8Wk5s;+6FGsuo-?PNf}$tleR^RolD{9x&y_$n#-n$8=@8qov>T@-KB!V4Lt$ z8R`p4>C?C6wUns&?Juxv=DFSn9QFyI1;M`j;tR{bTX;WV$yWS>s5f?=P5RPEAC1-4 z{`jEP5HC=v;?s+8^0Am?*3~k8(FBj4VRu^CujbamRi&{g;Gh?{P1C7&)m{F!O5d&f zrTP^*Io#YgqW2Q`ngw`}4qcwNS6^n=I;jVsx+HyS;pEv0ST=|%4n0v( z9I7&|oMluU9_m>sqO7a95Wkg!(~{%IMkqSgjNeSH-o)P!5Zy?~;)k4tO+!q-F7VPb zj8%C2MxJ-J<|OqLw>%i2LACpg!sN?Sr~m)X9&$6JkFm!7%%nDvjIdaa$%{g}r^eAe$V7gS z>@UdeCIalkvu{v&<3ZG}CuG~potIC-<_sg}R;@L5QJ9HqJQ`lq3t-`eXHySJZ;aCt zxvlf-O!fmESl~!~8*@B3ZmVYLTUysF~7bRWOJmZ7{-7P?O{E8R4Sp>f~K+ev0 zL{ken@T?)<_GSm!gE{We==P6WSh?`d2fp;b;<7{6y4Lr{x9>Q|pEq=H57U2ZZf0<& zthT@W;|Yl$;x3-sa{w06B_G1j!Kc}W$?1@x4!e^ZjEjQXUO9u(uelB)?E%0ZGbXl` zbMt5XZIR?6qFY1PyJ>3l(cQ0%zEO;z6ks8L>1CD6|NbXVwbvdK*(5U@0{tAq_&iUN zN&@SjLQ1JfF0&>&I;wjf40yS_#*Es5P3>f3(P{)*UW-sKClw_4u$s=4B;w~S8oisi zYSWQYFD|eRB7N7nI*UH@E&%uv>AB}z$47qEagV57nwF3y4UV~?P|A0ivSPyUk=tiA zvLJ)1pu=L(IP$0lR}Hf!OWUC;q4=4gB)%$9m?h>W8qsCbh%aA3ijL|%Z$kK;LkQxX zIIzX%=CI&D*?avK<&`l`RCjz|lToC=J}-lE;}B&J#BKpJ^Sl&E)jl8&UF>%-det2n zRyqibZCRyUFDXf zg-Ap?O?3jfkl7tPt{tA?GztpTI09I=gj;%pu8-h112lugED&KkHqU%9mT=8F!1`M8 z;HkL9v1L<#Rb~0&G~;~d4ZGrM&8*7Bzuy!7w6#~U`K%o}ulKXm^g!=87b(wm}J^`XX zXD;+M@i80p(?GB%QEJq!<1@H~D0I_~)kBerUbsAGn>%yZ)O0SXh*7n2f+_qyg5pbJ zp`nT95>jMm?l67iJGJ7O=}h5IR&&rUK%Jb(B|V&moV&NZK1zJUBJKEw@NaC(UG+$0 z^hJWBkfw1d1VMnxqbRnjFfJ;R%|B)2KhgS9_rn@+8DNtl(^)hDnU*&^p^Sn6;(OA{ zdXc*Ip~T6Irr^gCz9_0x;IX`f^*^+ry(xtUv->ha6)68ir!#PgJaYU0!iO!0ieD)V zJFWfF;m*KS6j<}Fmn0O&)8yhZifp@udC2twlClR!XJ638l%eATFC#>vTTk7iJv^b@ zUAfk+9DvTi;nwQB)A1edoU2 z*T1fJcPS{RcQvuWhD;zRj$*m^l7-?Io~HE)}6! zA;e08t#3ify>FrT^Y2;O4_Td9Yn}mesWI6ex9Q5kw_=Jd{f`qvw9e1g`BTBFg}EZG zK?c7~WIT_lAInqdD5PJ%LAq$DYI%*ysKv7|=jB?Tw9hRavDbE=5;p%9A_TVHD>Uue zGxY$h_m9`t*KPQTEG15H1VVp2Nj4=9WGq7@$-!Jy66kMyHc`Jf<%xzVnW^{~s;xM( zcQYtWN?7*ISPPziO4MaHIly)R6rF<^EVY!~hyCB*AW0g^UDDH7wj6y&)P46g{BWR- z-!vpLSAvwuO*)V;hF{+9X+dZQf zVt>fqV$=|;A7EW8)rQ5E*x&4Nn)>x0X|w}7i%V~>pp*ys7_MOmh($L>Tj zvD^T3!ta$xd}cGQ&BmSR2}33-^y$kxT=)58PT4i9NXPV`jfSvYNwoMo0-S9pc^jzs z_8&b}@_JG<4E(v^*CGRE-PqW(Ci&|Noc{D1(ui_EgBEOHjj&fu6zW0_ToG> zD<;)UMJX%L6 zahlm($-dt6Aw?Vidda&8(w5|z#}W>K4-yBR{8gk>8d_fD1dE)L>7K2tCo76xp_m0r zsfA<|Uv1~6B_d+bo(ov-@-|08fFJWJ)vQ_cc4teehhim0C1qPdeo21sxX9%uA+}S^_DpvoV@nv%))s@e>)~6JKr7ky^ zld$^XM_GfHaH`&pB|xJMYsE3pCpjh?*ne*HuxAj^dPzd`SdZ|0X9*nJH@O*(1T2P5 zC(tEQn>}>D-)EN=n(N?*z)|q*kQ!JhEl1J&u!s^7N>%OwFVz_AnY+TEmDc-Iree4~ z;=cq{of_D*AU0}ygFIO4t2TMGv~Kyjs*1&fd`QGdd8yqY7||(4`erF;j7?7K07WML zRPGYWVxI~&lrj@y3l!m+(g+49;=f^tvo3dKOxo8Z)GN*MY!^ad(}WW@dgyNw@N!Vt zdz*I%wMN$=%S>I7_wB2ai>!AjEpQ(!{L>QH7L<%wLuE8GNgQTa4537|hX2SR6&|Pl z2EHr^YA+6S&qLmx(XyN^qJ$jA6rio^eB;}Wl=W@~K%N6mrvReT6`0#M10-c+ zoY>o1w-VCdLW~(Op!z2uK#HiTkdJZD4i_!d0gu{5_=K#sw05W^$3PxvLIaMB0Xo{- zff!nmQJ;}C;KXUaPUo!S(s2718;(xtJZ!~W95Y(Y$AK+M;UHQ~_P;c2tUE?l5^dwM zW^}w|Q!*gVb*Xo(WD*|u<8|dJeUC?^r09Cq^hU-1z9s=bZAFX>bMY2fxLr()*9qJN zxCr*_hRFXlZhL!q9AS^E$w^A{{U|I&E~168j$~MLB`fqPLK3n-Tl@BD%iMO(G-=i< zC9yiXd_DamTXKhVh?ZgH)2X>n8vyGvZG*BY09iH zlA?V2w>i2u+!x1=FS10?xtli`vnh{jl;lBYogm$iFZ_YD9&zZUfT`_V7SxB51n3of z=_*q$F;={|)R%=q(Xw$v@;Uvt>vv%-zhJGn)$?^puD_S3)zWjX^VgWBUkl9T8_&K6 z3cv=dpM}(kJ75AW(79Hvrc-0v%nyxWna(CX<>r%+Plug9W;`YdzC52Fq0Z<&lA&$v zp{hzZ{=PiF;o@`jQ#%J_7fBa;Y-j^*DBRst7#$p|?&Z$n(s@ncl;YfeIOE72dn-R& zc2sAFj};s7!$pasw>%3bMy`~(Muj(afaqg1bLH%77|_9i`7KTngn@*)C> zKCQ!P{%Zgkw9ffwoiJF1D^`mqITx}NAMK`m#psNdUzxj z(GLfx3w~Hu^g+muwJG-@veFmfdL-0kho2BVNE`gnITkJqe767JR3!Fg~nm z)_cvZ<^<>CezT`m4nOQ^xG#W~j?d2#!H3V+axp`suM7KQET=kd)$>RElKoTn$4&EJ zBJY`)`54o?!sTaP2-bymi;*ngx`vFKlAS zMqJn4g4xw$nYvM#gm@4KoCK5`!=~hMf5LTlYUF|7kQ!-J8^uM>svQJ$0J~oU+n}zD z&R42?F(^y_af#(s=v?_*4G2^mW1Y)#I?RZI363W!RKP@Wh+#dZiBj|7@_>}^F?k?_ zl1_FmjCSx1EtHchk6cEx;P#+Gw67h04R}d|S{(UF?~h#%9VQByV!&mMgXlwdnJyA2 z2(5!JEjMz@(Bbv*3Sg-Vo4@`37U}RUW&pX$pHY=$06ai(#po41YifyNz6HGY0J3i7 zKijRTeCji~QP{h^Q}4g5v^?%;c+VN?2;uAO6t=vA5tQg+kiJ_FOZ;+N3g7{ZPj0#xQn2SE&TOT!n=p!JgI zOv@xK{F%KyFt7U({m9_px zHGVIIAijJ7+jQ&yf^yRk(t>C;zoLq^W~=K)@8f5|@5~+Z0`VP;o*#X&HAA}-N9edC zM`Bhyf@VKn-yohgrM%q01mA%wC{9CxQbhNy!2@ym1JItZ7f7s6v|t7)?1?5fE>x4g zyy^Lh3Z?Ax54T5GeVhF{Ym(KtLDnm`UAICU+O_bkTh{s|npt!yB~7zx_F3~ zBU9z;FOW%KUftNaRmTx|HT!;XRF_z5XE)58a=U%oldy_ySF4x470|=Ki8@k3q-U(+ zU!@rwMQ)=R3|-M!HH0q?CUq`KHAmdZs2%IcGEg8pCQA-dtn~L(+`~J|BQI&L&NEyp z=lT89wU=eLgHqp(qCyB_W6R0>&sJv;CO1UuD8RQP8zu+oHpGeYF`0(5pWkG5qf?dY z-N*HZfxMU&N@*L?u_!s;z@T3$W!Pczj7=_WS8|`Mnhpri-1WSU#M|;xbX|k_*M1Fr z-24PLlDx1n5}XipXQ-+rG$da4@*32G*8YU0D9*!s{+!QgV*T2*cd71csBkc;MpSx?xJoKXWD%)1k?4Yn{Lw2`i`nRkkzbMGC zmn*D!BxIscV#DR?y4imw*df>FSRmnfrDC8?%3>fton;2L7juo&?OOEDt{ZRJ+SSs=h4PEfW;!m0Q@@TbNJXi*7K+~Ax@<#){ zQu>FG{g<7x_VsvFlo}F$>u-Bd){_Jv2D|;XCI+!yX_LNt}Q2u*h_E{+8p8T z*HB_ABW(|2>^QXfa;q(uHG3H2XyA=Y2hP6>aML;m5vpd{g??P5TIs zgGZuRgB;Ejm~Qzj3JWJ!YZ4!MOLieW{URso{H!?=LB(KkBkY!dQw& z2H2FJQCIygoj53L~ew{1hB^T>bnEPx^Xb5*M}# zSWJgoi%_CFoB}g;Ux6aFy)8Z@c+R{9uXsH94#s343T0|Uua)%ikgbY8taac=1(>XZL-md2Qmt_d5M@ULU?I!jOC&AkwD8>Y1KFn5CC1vyn7Di~! zc^tDD*8yk=!#tceV*PMOOZbQlQGR0>iklGQH#WYEh5E!O#ew2(Ht!g z@|+MBWsup6av&N?P4k691*UG||F;Y8CM0{qE}oEZPy7$<4`|n&5t~GFRBAYO$eIS3 zizCK_*>yf~Z+lapmejY8BP|HD8YD>1{xK~Sj-Z7}9+O67XdtLysVG`?K~-5;ezedj zvPUL|DHgd`vjR&Zr>~pic)o6+=ShM3ZBrtgx3Lu&9-pJ{)u01l15XW|vTuWoHI%>K z+JJo`y+?U>c!*u=eLch#I{Vi>1nS{t^r$a1gF8C0USdFUKNu3+stOn7ArI%iTvE8` z+C5l6sL@&H_7F*p59E{OBi>8} zhnU|OVTdxqN&p~RV(AC07t7gq^{7+#{Abg*9&(~izT?JEy_6%3(;%f!C?OXV`>pLW zn8l+T5QWI-8e=STFLUcn*-wEc?gvkLc2Lp^We7~olFoKRY)BSDX)dSylAB!w!Qh&s zdyMiel=zfG5@>_>8viNC%HpoLlMD$rT-&kw*TfjD0T2#B)1$|m(2Yh^-gdA^Ei33w z*(d$4;oJH2N>w+#Fe33n3J%-v1sy95_cq&%GrU)YK^c2xEOub`pZ~m#!cU%LA5RW1 zH=mdTnBo0P<_Rw1LC(0vA0<#gb*xA6b3o@B<6nt zGqbqq_9&RxjWg=!Ud0`z==7H*&nT)g^XV3a=X4HvS}X9r*@9wug54U_5VVCSum=fS z18_716F)!NzYmZ!3!m{kH~RLQVvh_B{|2P^-@-;6w*PLp!fP<;mkZ?eSU^7V=-xC} zKo2zvF|E3xC;T@*QgQUsGnzghcRt<|ra|hLU#7@S@1((sh9i+Ji6++cMNz5!<;Fhn zB?G##$KR+ZZ$uTdqD(nW$vai`d|5o?1)5jV@yjrBd!XT9YPPmIJ#9wP-3zW-W`Gd* zYX>iPtZa(A+z}IZ7Uyn^&WvLyYP0Hdwy6gBS}yv3i+T&B^!sTIG~xM$l~T!^dBj51 zpg-+GQJa)BrJAWi2qz7q5Y|^#x+#70XQ$`^@hajE$OQug*W6wYR|jHx$GDB>K_-@Z z`tc-{*;JeKI2%K{qR7M?nFO935Sg{e$3#GzQHk);ta#|zP=U8)4LT_F)Fr8j=rv+a z9ak`80V32PTwj`f4>q(&%P;naVnhmh0hHX?I1I;LWfdN}mX4;$W{Sy@>w+?rzw5+R z4^1ZSvX%q>daNm9geIOBRhzn(f$oXgtcxNl%5DWLeWn6*f3h3qh;#uUK+I<^H#<-v z)@z`q2R3(WfFJYA;hT$!?5E@COz;X1t+tPOoNUF0eQi5v+7oy4XL?#684+h zM-?l`7sFOAnKCCr(iddo_!BIV0{C@D_6 zZvq1tzLVL(%KpDR=!-P!!Vq6g3V9W_oQ`muk{V>UDNKOr9;(dGJw{7Kx;~K zv`Y2dv*K#WsK-Nnz7@0e?&96abuROE_g{qdB}YB@SYCVtVfktMq~)fiQtHa{vGFeG zyjj0{^g%fum6j8zj7AB%E7`pZ*Oo`nQMoJsWsN9^dc$a-=S&0SC*i0-H$K7Ffj$JS zL5F?Sk1wKY22XN>Cc@rjN~~dJmJLA=s%Q-j%30<{#V#9m#Xz#4HI$H~Wms~vlG{F0 z8x~+0k^wiKK2r$TUerXXvC|y+?&p=KYt4?oTnyd+<9bKhTCl*|?FOUDgnq?9&+e92 z>)LFjFNL6KDHedM3f648x^!&6{4YkO>?(}v%F5bad+qXE&$cq#7QQr0#!>bKoYr}e zDjkQF)NE;)EqU-eLMHu>BDyk}vRYGxl>?Wx0~zfXCpkJ!W5r3hbkJxr2c=%`2imnj z=J5>MQ(|8!r7_tf3j0dS8*KehT}vdidY93XHKAeDE+CH^*lyd0pTBgKz4>ECYnWnY zm2%y*ck?fFO#GDjTDelHSOqnqfHViYC>Btee ze)%@RG)qy`5KtVkxaYq;toUk)h%OzT)nu6eO0f z2&+G>t~YRm)4TBrm9@G*$3vfrnt#RoDHM(e?;E~>{g#TV_M*+(ulaS6sTCSQPKn{ ztyFu$<@1@jsC-jDyW#(V0sbpCW#K(hSUVA_Q3DAw>#FThV>#n=^J!6!IaQ`4$|z^( zR`Q6Rs;$BTz(==^_ppdj38wmrJjsI7THp6ZwyZ??D;kc1VhP}>fOqX!8-tJb< z`k#T(+Rb-xOWOw@6H*RQPCCA^rmKcm#hP-r8cMlhs#{(*8>u-13sbQ9wD8HYV2+;( z18Ne?>ty5j%!E%24-s)OO48ZDeDdJ|+pe)cdRs}uNLapCKIEH(pY4koLZ4*>7gkID z;O2oh6-U1ghGpSGM8*~-!+n@Zu31*M0_hc{nSgATq7bf@APlS*D z!z9u3B*d+ZaJPxRVWCJ44<{rL_*a!I1KgJ3t5&Clb=D?9xbTg{K@#R2g;Y==hRoF! zC-yz9kt>y}MbSEox3DeIlrOI*)=IZryQS6q`fE0CX}l0Q_db-b?V8I$8TDx4i^&O} z6)UZMPDNQ_q8*E#3)@x^8apWgOQ}kJJk83v--#*lT@8f8`k*NEmcVs(yeFVr7kKky z5A^Gg6Mn+b2Eku4y>o=D*_h7-z_iS{e)Cv*9P)~CbA&E~Zb6J34PTh!%YLq@Xa>#Dkt(A}do0?^!5-%nC>hiHDsD5!wMO=6KBqTDLuJCtTQgTf`f z_0~X4(Kvy%WJ-bGUd;wqIcb0l@M55M~reX$9!(GeV&EiGiUYoh3YkK?>vv6i8xUT!#ULZS*)=Og;^U~62l@I-wn{_|3 z>z{2dR#(~;zs28EKF6mI?vBuOSc^T+pk#l(d9t)SzSQfSPeMlhDSD{^l8OZTXR{f@ z;f>LTb9~wtNf1bYat~FR&d=@(K3AH0cO}VQ#Z}dSb1oO?cMJd%Cq-7`oZPY?C$TCa1m8Op4+wmJGW8o`n_VR@4 zzYaN$9T4enO5IeQVH8wL=aQg4V_6 zcb#7~nYNVmvHj`2WYJFB_w55Ey#+3~z3ZY{hok8Q#$$@C3hbrN@2^D3J*xL#SM{q^ zwzMwyKO;q`Lg#<0|1_wwf?lsp38vNG}) zH1-afjYZW;v_uVyh8D&%x2lj+Pdd)+ zTV;edXP{BeSB82wnThL2K{8aSH$Ry3SRE}vVh=VOH%07Csy4cD(*}(K3+d1@@zhA=wp$+hK~8gHmHT zZIh{rgqVIR&*#w!G5OHw5NG00Qz%q4euYgfo+uV~*csWo4CQn^zFLfX5n#BAY;m4K zdC;(IC}re9xrr)iEZrvC_+Qhp=d;giLMIE92IE#>}!~ zC%8HuE6JstkR-UMV1v{0H~9BH6h86+$x-Z{sz&Zd08b0Sxk9moS4jMo#fv9JmFFi6nVM=!F)*Sg!d zy)7exU+7q?+a9R7M<8N;#Qp88!d^M~HbK4&o<8EO(R?lOjAU~&AJd4!K-yeU- z9!Vo5I?p7*a}ZwcHoZJ8^_kEACVlBfW+hj!*d5|s%(^H{giBjgNfKpUG2`&vQDO|f z_eG42_a`Y3_6v0V%Ei_dmdEeB1akzuuls5~xKyH1#~8lX+ABxyo2Ion(sfLmDFsMT zklT#@?|MWA&?5T;tg}b}$i)k%ZT)hKP<_GOyAN^7g`64~!C-dw1xsn;yWqBCk3oG; zys3M*^zJ!q*7-jS%FojQLLRQp!)A8h*0t?A0=>1Gavjn71xkC4aD3ul$3SXrTH}qi z>X48j&@%i2dDgaUjyc`8fF(*$`B`#*Awr*z6+%xE|(J<(yS-!+@)Yf7nO?GY^gd3EGwW6e&?fH4Tq4qm``f6rI7 zs(qe5LsRENT69*gT+~1aRAAmgu#Cium?sZ?U7|?9=i;;frtp!j`@hSx?dSdejmKu7 zC)yW*!Jb|UElW`1ZzX&KC=%KcIrhBo16tfn>jR^0Uv-2kw*7s*yh71m6J4sW1i!U> zL}}zsoY!hj+Vv28@iO{EIoyL|x{cx^_24Whh?a~YE{3tf(O3pZ1_3*me{gR{wJrJ4 z!JQgY=n}6gsfB%Q;Oy6DbzNpCA-KRUyB^v5Tk-AX8I8uyH|Yu8U-;A+Ho&i+%hDy& ztHXaf zGyvVMnUlqDo2Jd+TL#dg{S##Z7o;0UBw@Ve%P1w;Fn?vkCt697lesK5hq5R}gEh&? z9K2`^#gy7+qHf`XpV=El=xk|3(8Z6s7?%g9?g_QFmj@?WccBQkd_k0ZXZI?zfAOO| zjCTbcm8^fU6(%m40WH@zDgU?|2W=+akaBGbuJ6+gxnGvIbrT5Dm&$B$mt9A0Tby5T zAQnR$eB^_Ob~2L|-d<>C!ou}RSJ<@hQ%OV0qdDNM?HtH$d>Oka zI!ij97T%N3cXgn#PQ?>|8!D~j+BMvz>fra)p#|X%=~EFo4<|ti-S}@ZIGNB0;Ke~0 zn2GqV_oNNib(=hRFYcgg$56oH7w9C$#l{g)wQD|iFAMKJ+<=aH8^=pBXQRrgL`;sB{`V14_B}9XFx@OHWb0JM z8xJCV7{C*ac5N*72m0mTc~W4*+k(!>g0%R?1@%Ce-rgr~BoW~`StF3_laEu9T?L5W zkpps3EvZZ?J3s=-2Fx{h_=g(odwEVNTuTUDY|YDHg%+M^8>)alrjIq*k(+M$0a_~U z{9zv`9#^y#q7DVSaPU^+4bD37R4mb7_A;GOfvcPL4uxA6vo5y44^X(upH*d?tx|?73PGqa}Q@%*a2?mID=#MO=~|4dtvP29kNcl55kEjtG8LPR$II; zJXg3IW|xs?m0b50Pv77yPJSz`l8!BjQkGctJ_T_taI}xZucbITjmam;c7qsC&Rd-56;fV!&RqtfIH5EH@wiwyg8FEKtPQ~NCFLC z`3b)h#(;F-CAJSOb|j-h%g0+`pG2p!eYrj!?z7w5wAWM)vBQR!h&ep-H!X(0rCqhY zB=n|)?}!ySxi6P-`GwN`V{wnTthBj4&_P^%@p3Y(B<_AKiwRUBQiij~rd0z=*Ns zTrncLdPLW&Gmrg7;m$4+P?J1)vt%udx`iIi2%v>?&(G?^x!cMt;+90>n(mPch#h>v z*1R8NKHcX^3aaWjRT6ICQOS%P<>LpdZF|QG3<6{VH6>G!LYW~l7){ty!TpmNO1T;& z<)CiuRd|DG3X%sTrj%_|oS~2zXVt*Dgsx01v2#_s6>FNoF&%vGAQL}=^yLf3EtVw3 z!LO9pDoCO!_CfY{zg21O8+tl`!9%RP1lf=wLZ zDdn5&XWzhRnz(4g_?mMjzP_-(w~i*jg2})%U>kX8jIMC8)ENw{MW0zNBmvNMIZ=l0 zP>{|DoR_i?tFD-(5!8G>XPfeoNzo+Hb|cWgT4ib4YC9IA#ll;O z|43c&ldZMxdk@}PI5qpzfaoG<1Po3iL&JISU)^4dDb)^{moCdCXItBUr^6PtINcGCyJe-_e!A+h_^e z$);A`MCQn4`o-Hs%L6}|?dqL|*(Cf2aeIC+oXv;_RiU!)5$g8QS2ptNc9Q7^Re3*2hCK-SFc$qy`vL2B=)` zVA}At_ok=?7_4f2Jirs&Z67eVf#z+`?a(ZVTO)iNh3W!_C(7bJ0+*F3ATcLY7Rip# ze$|ttsFNR#IJ`AM%|gERXCK1pQcj4^gk;D8|Hg zPdo?V2GsOa5Weilw|HKhWWt<^IOf&C2g@G($=g8#f=gvPv(vxHtx4~A@kh3F2rc#g z(ke|@RK!qbFobQrb-K9;9uahrlwHI8>FpvJAHkcz^juZbBUbf-;4ycuE?ik|lq>Y8 z2Cg7G?lf*Y*-$xjcgp#F-D|UxB>;5(LgPmHSZwX=P#0%>TjkXsjAqDvMFWcTH3#MG z7&x#1FYjCp;hl3A?Y?VY?4-gy{-$@JW4XM`y}7(xcgW)N%y|8% z3X=Q8!6sW%bo&#MD0-vmv>p0kF+#605v}a)46{v?`Jgk(DzK(xe)gb67Y1;CBI%MRa zs5+vj@e;(|>d4%r2kjR>Fb9RysG`FNo$&bxx6{u8+9H2y8u?I)UsLSK$vzu9_P7NC z-mCEA4NT1FK-8pv2fN37p~b&%V2o>{M#j%Ja}jVorX~}o!F%>?dWbKO?KBkex7&)# z|2|*7*9VutJRf@Ba9vM32j=2AVoTVqs)MXZW0-Jd7_}{tM&GeINO}9g25KK{psvrq zy^<_^i4aPM2RH5+2Mk(Eq4ufueFd^i#97UW3Yl}^`}8BbW-B|oaAngA-Hc13y)bj6 z4qVIj>_4bFnKDcy&OHvaKpZ^61$=ql__+99`>EH+or5|WOX(IqY5jLA^$hTB2z0TTUKamq7n5<(2 z5xnl7-&elxs^X%59rN!H_GB02B1GVKqly(^EnnOFnz7lt)w$-y z_`cqTW|>_U2tK!zpubv`1p|{>0vBE@^4Q1d7o#Pl{n6^ajSL$dBPd2PO&7E%Xp9RX z^f=cU4un>~(gb)LCna(^K{f>*;FdZ^fUN!&?L*esav6F`Q}StlCRRIfhU+;$A|@kW*$!au#jYmBz0y%xp%Z@~~giGHE$$sSdI){KA{1;r=Fg294=my70>)9g^He z#nFKd+2?|XO`Tzz7J%?vK-(_ei33@eHU1qdRz;lm(f0kjQP@BwNjM2nY%#MHSUs(T zfA@S3^P&eo&X1qH3a_=Q9jBSrS%*!c?>)fj_XtqttYR`Max3SbZ6SW+zUe;me3^76XursQKvtiGxjw(#YpX8G`Fjwx#xHP;|Kf+B4Kh=z&&W%DZEnw1d+V;LJ06g`$ts&5I^rSB<@p+&Z4 zGoJig1a`oAY0<~&`2SLQchXWY9|AWVP-Hi0$sEW4;Tz2s>rerF?jSv2k@@|~pDmA2xvst{_mw?IBjF)l<5;W-#UftkB0C;A^VzW<8A$jj>4FzSU8pF~B!MJ4AupSLP&Zvs zEMUC;!}iRqcgei{UtlS|f`VHREPLm^E4|FO7$H{`x=eEEgazt*P8e{GL^nL7HVaWL zgE>AWB;Ds5J7!D{FJs~oVolq~EQXww1p;`xvp{vIh{c=@Lj&#KPir9U+Av1^Rb_FOi`xOv@jL zw3de=OB;doj~dpy0)xu13jw2#o5) zJh700$xh1;n)sLYnRXsl=z80^5oi_xga*^cg``UTNdclLq`{#R4Rh091}BA)cF)4f z$|O^LPq)vey-!p_>&YOOhP}9P#q>&*-05~#imO_%J@$pZ)M4L&NQ+@BNiGB+jLhiK zI1vZtrDUe^ib;u3dkD8jY>$my9!~9`O>1YnevU@nw{ldyd-=9yV)L6l&qh4~e?HH= zb&!+$7{S4bw4)=eZd&S}xSi;ZYG$O@HGDa6P+}Sb;55_6ShB?CL?-t~Iv&Z?rxK{y zt9!OY);q5;NK3c@HZmlsZss$+6+r{q@ywKV(3oh`9zp)AwAjD({}Ro&6$rZodh=!D zklB^HV zpX2=MZ#%D#@Kv>2B1g_DTE#1p)$FzQIFWTwzq5H#T5ISZ!dc_L5l91l)T}<3qgPPz zD*;erW!EP>x3j+Z?`b2ZSl96EZwF2M5Xr@J7EjQhJ`u&2=PH8vDUV!QVOq2c( zOr&UG_c@~?ejMsZ0w&3C@5M?sJo6Sb_f7DL`ex3>?j-{hFs(G{2{WwKo7+~}b#b&p zqV=q#an5{LXxn0m`V_3CZori>i#*~1DjElcD8XguFG8s!SE6*BvPdLO<0MjWc$|c4cDU#JdA|?+iw~M$5Vg|u?AV|3NOJiY5Q=@1^33*lW z02AXHpZ2Q9W2CSoQav*Y>$Nu)LQ@`TKBaU*&{Xd^HoqGoq-vUl$70yPHKQ(rT?6WU z8xo*AKFt-1(aD`LA2XlQva^5n z6y}P=;IY%nPBOKg1Ne}5b`pt!{GznUbFp8O0F~9)x>)ORk=XnlQ$C8or-j7@4n|WlIn3N%8)V7T?Ds*D9vC~MU z5_8ZcA9VST;4@De)H#O_*PsB1LIp3GFRfzEqP^TDwT_<$@<*x_BY$!+5!?%wN&h47 z^6%wGz?KqHBgJy2^9v5&_BSo=uAevSdcek-iU!NyiI)`(t-|?-4q&EY@xr5h+llA2 zMtMO#g^HYnfHr2s6iN_H$EoCMttDLOuvj7-YMOsk8yp;&WS<$*S+fGl8RPNSETR|M zvqhZj)1?)EG5!)_$f12aJE&~%0m+fYF$+NId8GoP}Zs5&ONP|U@IQfylQSU;$&n?sxIkE9n51{*o+%6#ji8*ROC|&Ge#8uQ((6V9?D~*4t5=7mYmRB|(kFih z@@t&>cC-@gIfC(+h@ZOXr3t_^{6+*(|8CSh8*l%0kHWuMZX9QVGZV!DplIwII2oRK zOQkttSxQ99yyl8(Sk$tQ6`+MQN&eD z)10v+2_MByGSK$o83wL`ksats{m3It`n0lIRU_fs*+eoCNQ0u;)OqQz31^yYXMR6g zeT*DkPpRj;Q?JZrTmlT`HFG3G)Mt+P4kgk(NJax2zn%L2XeBTLzgI#WI=>%ZqqUu# zjrw@1BP$pz`qkx$w@#deO1(K;e&!0~o>kCVqahEr(lY8`SptKCVHol6V@53vswHUD zNdHYQbFM4p&$@gAGg$b1n@URZz2GsvLNC47KUvdO+Uebeo73qod8_EmBj}^VU@tx@ zUkGs|&mrp7zX`_JEJjrCuyRC+mpP}p zdEb8jNyn3W7ENQ_(4v=C{DoPC>2^eh;W#|Z3Fmt{a6OsXM>rV$|J6P(eA$h$X+i9` zGB8<-*n?Mz+QBOr7X=HB^N(li6%Cypy-$*FNZaxrNiC!<)V`e@K>QM+w?U+>rNQQ3 zF8X`U`eKBd0L6y2(6;;C&P^d+R{mCuyvq0}T`K$f=p|~aEt}N}#bVb0N3H6-s2reG z0}*fT;TTxflYHuN`~kr-WbCzo_6z@6lpmj-ftV?15JC`s2;vHjki_wt%>lJr$6dHg zjY#N=jleFE0yte=;j^a$4nb`@Pb|?02r(6EsZBk;$>GLm*tcm|YM!uxrVO1OM23mL zoPWtA@0IC9(wBp<_bL$X6y)f)TcGJ+;bp_CKR)CM{m*R-2Cn#E|AOQ6JbtC3Yc`e# z9G%NnCf4vZ`ec)y7EzI4$o0QD^Dez$RTMrSzjjudw-ZPpqmhAw&*qJAYFx&Bn>(yK zw@)jwoxx1OplG6eq2@oNo!ijLO1OehWU*BIkL!YohosCPOP1Irixbvb)&@C|=5BMBIIP+KsFy8qAu=)2hoZ-1H-h#=-$!;LJ5WK$4)}!6a0^H>A_I^W%U^q)sL&!}xOZ!Xr zwpc4t)ZZK{0O-h9<>2|@+FAVs;bG3LGZmm6uT^BJ*TVOWuuqM!MUR>zHnvWqOWi~P zw0I@3b5DTwAN<<4ckNu-Zv>P*$Vwq$T)N&hHMs{8Ug{yvr2Jb0`OC;8`^r&Z^k75T zf@tCq&vtPgf7|pd&wp@zjXfuX%zQFrJtc*Tf~Xz(Zp0n@n2RHGcNg4_wk@}| zi9LaHi`#zBBs+oLv3&yi0odY37r|`DJ(bCC2J_{x4H4}`pwIOyx)*Y}3&^!dmQs$%D z!AM&7V6KN~Sq++i8KrGH@eE_E{g#Zk-^v9O9rc!( z&Mkr*Ld6#N?kryfC6bL(y@>M3(x$9o%J-CFMICr*KN5L)kw@33uSjx}&PiwIo!Wrh zFxYjxmmRAT^P@pSYE8uvA*gX1C==WuA~Qg$G!n>&jS;h%{wuY@aRs|@jkne`yK_#I zHWqvz5#h9T*qGer#q2eU`fa&satayBRw(+0zn$xu`ml)?U6a+}^$?30z4&h@_WmJS zZr{wR{iMQ^y|QBwipRhW*x)4%i8q-U_zI(G2>y)!Tg6679BTTSy>a zhP_R#CfL`apjO~(PF}bvEy^zwoJ@YEJLc(Fol`ZT@1Y*%+5h5nXc+|S2@@El{np8IM|BC2+dpRTRO0XS<+%^?zC4LghT$e=S z7CP^!h&HMmlDZsBw$Ldj^^9jwi%!9P;a7?ULvzzYtC6T10)gLmL zno0N*O|4A+%sS>}j2B?$mw;0oM1`xC2|LnsrEA_uWZo^KnW*;E7E+Bu!+k0FBTBDI zm?U@cU(Ysx5HEK}?|sO;_HfvRL0*?Qj4Yu_+!(NboqBI}c`{?G6|RxSNap z3{u#9DtxUq*+hEZ_x#nys6q6-D)xzJzRsvAkIazmRC;|f`@XH(TjTrMNP2rktzru! z4nGzwhTq?&$?*QYYM0Wh(YSLkTml&@S{L~IcjC@zekG$V7ydc_=a)7AU^w%79^-VL zH($vf^XYS$kKg4$Vs|V9{>%*lXewS%$#zNTj0ZUurmU-)QCL3N6YFVsANUuMp!Q*{ z7og(GC9vaa4+>iCV;}THFFAN_?uQjfy=jg|4 zscvYOqYFF$9f})>)alzGt(@3x&$+bp+{s7qR0xegxV=6D{>|{U zxvcUsTqKzO3oZLeAuR41^%pf@6|acnscOA_ZTrwmM+iBjqXN)*-IfFEwLtItWBmb+ zo?B);@#CLFeKSq5P`x&7C~Uvl&N)WvAg5JxV)W3d6zoL>FG@r(G%|P#9+y z6S~3vi3vJz`!IBx@eNue3xw)JU<95lhDl}rdFv>)b<;9lTN?erWv*}d{_j(U$ro7g zaWjr1^op7qLRmqxc%?~kM#q8;NWldgHx*!)gtJAv{ourdM<8T7?^|#GW-ib!h#E7=<&7F-fp502?&n7D zt-!Oz2)LL!jd+ppAMxW;dKJtnQuU7MluUH4PsqG(C0WV*;#0mRS4!D@b0bvNqoH`{ zIC07Yh7g8+AcG*j(;!s{`;LF+jx9I!c-xyFYsk9!fIo%@-&jvyBj;;%IRbyPo=!?_#{^R(< zgTNRJp}>;ZRq2P-B9FXKbhvA=i84xi>~A&PIes-S_46oU0NbSqjfmHL7NuSVD$rn! zmFyw4$UJU?Z>58rD!oFeMyCK0R$kpQj<>}`+Ca-A+d?-(;dAV}`ORqDh9JY$Cf{Ds zYvWC{ql6sE9_`I|FFR|0Tc6e+a5hsix4@wPC;Hk3>+)VS!b<@b3b@o6bkhq`ceNsr zp>T(_D00`WS!Jzl+p<)*H!M$Q1)dv-TI^&wa8S`IO!<-@qmF%mKC*w(z<~w<3%>S5 zB(WYn5^L&mbuTsbuvPUhj{(52rMIO93O1dafWHukfxKF8r-#)>9Vxa-vvvVw&ReL< z$g7!_s6C?fn)m9tyY`Qog~i4zsooob5#pbFNzV@W#w`?sp#eS?S=KgG!0(<1rmFFF zR%aINslWgD?hM5fV5c|=*`owH0=m!r1|Cp*%< zT?bWP{WexQt+)>@HpG^mk_jvnQB9RtE@C}PCrSn2d8AjfYco%g11oTt=4xtUvZKnU zG>K0)rQlPRP=hi6P(@{R@GE-|^p>gKw0ci^{qn;SajF?6&RlPpb_v zb8VT^a}*|Db$Mbi_HbMgjUMvIFj=gnr1q6!$qw^K*mCELvp?E9UNYGd6E2j$|Xuvu0f*C zTo6Dq`VLVvmq5XhhfjQy7Q51VIIhm;DK!?*V&_28NK*GEw>XS)Cbjp{O?Q8bFiMlO zxL^MY2KGWHI;)a-7OVz?G12^S`OO+1Q1nB8F7`785E~M!SB_I_ zpKfn2EwVxV5^(F?!Oj#=(F^a~F2g--=Aw<`V)-XMCy670agRDt@f4;sO-yj4njP|(@ ztagN1=dn&j49*C@$k_NHOU%i_MZSI-5cg8OA>J_njgOokWIuvM8$K{^kWX8as0Z-Q z{4h8Or<#a;*_pAKT1nslfPpHa!m_Zx@5)Grl-DPJ%Zor`Y_RhH4=5o zN1K0P?J4HMlD(b6D9%NLz=Dzi3sOjWaApAbqb`Qg%EYBvBiA6#J~j5c<9F_@11P^~ zbS&N_^|`1vaGD{@n~J4FbQhEFFOL!E0u3PL3%O|^m}J6{pyN>NDBc(hvpAv9Aw-s- zw`u;@q-V^nzN2L925nePIl;~BKZL?02QQSu8dr@3F?$r{Y~984Wg*keuY(h+BW(X*>DbVJprd zqW|v^jFQ*VUVz_5k^TkQ>eZGd@WsZ$`A%yVt=f%}!++&59h%-C!>rq(m*S>E5}#VK zc~I&g3on|NoNx0xJKU9*ge2Ahj@eJ+AzwpV-SS&x7{T`_y4REb!1WJfbw617oukI_ zrGe3vM&#r_4P5={C|Z47{YWg3|4P-*M=`}IADi^c6!Jk+f}OM`PujL1UA;oL`t560 zIuUf0)d&Q5--oC)%uv!8!1RY)`+bXQI)@Q|eFg*WctdA`J778Bv)A&`_#G|&K3b-j zz@qa5OSQhf94CT~11~Vf7Qa+9LZEb#je@nLtVY3+Lx$pEsez^z+xbCMb1yC8a1&j2 z{n>c-_8sgJ^ZDBM_kK+-J11pTy5l!?_O%l5tT}*s@kyR^E}yp%{*YeK!9)vQv&X6f zfm={0LdKTsB=4^OlF&z$hZ-eAKR8&YJ-hjhr0=E2F_@|C1PPqN86gcyFE{)nUB4w8 zWwoh*ric1D((jV1&sA61zeFoldn20F3gKrDT`}}U%VPSb@vym#z^z}}vo!rneR1mz zZeMi6WPMX6(|xB4gZBJdr!Ld`J^Tkj9Dy~3Q!tTbRvs2BIP%(90u0fBBQKQ$VSHEE zO?Ag6Y*?(fRbbB6;0mA;cA;^cCUm-xC)#36KHzTEoat=RM4NiKRZqPzHI+k zv%tofJhfRH9H^n5*UiDW#A zbbn}oSyo#l>is2bR?<|SkaC6VcGE>uwT%kEa5WWj<-6Y{l+OLJpP*ENnwU>B&A~6m zRDT<)Fg@%z64a~y8QeceIz;xN_#!qj{^XQ#Z_dBktAobxmZC{Hi8YGEz^zv*WQ7A} z3cPV}fip(>V_k*8D^Jp;ORa!UACDqxyw=xOWtr4P8 zTYR75N`3ozn_?S91bQR13~{(MtYo;;M)I74LGmE42_2jzYB&uKn8+?3GK`XtP;FYV zIa;9PWYS54?C=X;*$y=5GA*=|*@#SgJh(goDm#~r{5HSk3EFO9iRe5q=C>(-QZsy; z#P5;2v)**$Rbf&foO+$t8-apDa9DM=X}>#I-B0vg#=e?FdquQKt}NeB^D}!Pu>ug7 zYH8asff!ZSpVxzRC+UP2AMJk}sAQ_)M?{dK0I7;%=TAYhKf1z$+1L)GR^cxL)@@UP zBy)?gcp0_so02SPMxR(UrdgNcH*IUHS8H48Y%mz0Em@c^90cy|C=gCKJSt*G9h|D^ z35k43G$J*!a@M?<=qJcyk-WA}U{%$yXlD@hF>D!Kqn5nBV9)&F#;pfqk=Amm&8|~U zvAAB95uWV}AE=1n_E=e=;dd3H`G z2FS3A_x>1YyPmJ4=go0yykj5#qkfTg=ndU7(kuJJDlZ;Uc-VJT%l@$n2Lk|vq?Yi> z$BLs4Pf#_w4@o|m(S&A!jL8YUDkw*6svnacmcK?csfm1_nnsn;0)!-kBNQK>&}3yd zzLRxeYdt!@Jn%LyR8r0caXdt2oBL%qSNL)z@{iiK{_|!1<}s_dcOwtc@QJA{SmIX8 zL_H?<^4?nWSzYUAGu@ENO!>Rd_bK5c)^* z8B+NSEroy#8~(~kwgag}US0N%hNJ+{gCXF4YMo=KHgTdO2Z-ZB`PU!V zJ(h07hiCyx{`2BS_vE?ab9&f@!~u||b{Kd=WJ>VEXtruR?J-C`z%ED{Z`J|y#?Tx6 znQ4e7Cv8HX&`EFZ4^%zX_b2yo*{ZaGgIIHWr39Vz^EKpsGGVmggS*T^Bm5j9>P^EO zI2N&bWQ}gP^{1lU8(x^ogh_~TVaRmB$01z0eJUK0yT0>Q;s86BJ=H8xx-tcDm$`pF zIL2U3;5;Z;5|57!sGudIHeseaZSWWFtxIG^yBNzp9GDmDqn9z#>(w0!@vOu-BF8b2 zSR@02W#`2m&{fG z%rj9!{nGqC7ZNDXxQ^AId79FfKnP zO#&cD=U2#$YUP|W(^6p2G`eeJ?o~cxj5Bo4CmSuZ6h0T=j=9LSU`vLME`QO3^YUtZ zULp|9Qh><=Is=U$)E+-H!y%>#4wb?B!={-Uwi4?M`7%q=RYmHgBmD5ZRq0}#yjl$_ zq3ZNoT1O4jqmW;3_*5)ckkgwSGJ4qEd5KcV?WIGj_ga$Ph`@7S@*(^9RLB+V+fzsu z@ND*l@8-a0czXTIA8T9J29u!a1EyRFM8xk;Ax$vANF)@WjbR10ZRDO-NmqISc+Zs? zO3m*%C)^L{lN4?F%{9?TTEB|b8S5-lmCmbH!gv1#bLg!>3j$L|dxn*8Z8?I7Q;K7( ztF0TxIHjH2;s1`K_wV?>J;eSlZ0?y9Xang)fAyfNSU(zF+%)9|zci{A2u7{=35&ry zxe8SvA|AlebG1$xxj+LEeR(05QY}0?w)Fm3udNPVb`OfaA5`~q^3K^Kn1qq3GwRdq*`nV2e~ZdfW|)FqLoQBZIs_#0Qrj8`)U z9#=%Gho)ir$L!?I<_pW!;6(KzwfYhJ=$JiFgNgaYthF{7US(g8!-(m~twGVPUb63l8%OeJgcLguZ;G-6B zuQuNC3*v>F&YQEKI=GPtImVxO$oBndwCu3peSLjf^j!(ca`WRB?kjYvM>rJt!_2?h z_5)9*pICiXYzXrS#6{=C80r9PTXkGUEX7HBD_d4-rqrxf+S+586HQG}HA_vCySR7Y zNl?aP&;k)ZyXMeGX$s-N>wc3nL5d=<2yf5A@|vuOws!c=^gi4%DN0I{B{~=2|Jb&G z*_r*Tw$fUeGo4ymm*ZBuS>pt@_Flb-_RMFd6k$g*a7TmHY3_M-xrKDcJKzzQS4zCg z`R6aIU6wjm&OBQ6e$C)ATi;%j)eGZwmBAQvVNO@@Yx zUC|Hz=YM}1ng+h_#x#lw{?>#Pwi~YrHO1dP#6P;jkY2>yUaP9+&a;T6gOWW7@#h1# zOZ|>L>z0!WKyOfhV`YLWasI zn=LmKDK*8CuZXB~|8C*V{;`EZ*u7O6n-4X~|I-<4g_CCP1HenND!`%9p4X=VNNEtK zE%PmvG=hMW=wH^KNoH>Yz@B50w{EY^c23%B5qduSd7Z;X&!2(}|8U?ho5VzxTY3qZ z`Cq%WqWuG@C@uQI3DXuR68$oxTEhrg-x2=W&}*MNTzdmIwwwD93lgxG=Dz2Fxju47 zt$Z-L-i)}L)mfjF>RIx*Q4%ircxd1R%7*`>hd#^XnJ%KyApQCfXlbewdNZB)ech65 z)@2iXJ8^!7Pev&MdO%zx%P|4NAkL>ZLuYNG8SdA_2AKkZa#6Twr(1?zX+5Oo?$H%d zK1=vsg=HEa6UoI-nRfonssyT;Y)(Uk#|C^Ggh*Cl2M1bM8fsNzsXx(fy`cZ7aWk#r z*|L{?7Zufcp%-5QzSp)rHpa0ldNWJiamr(c7tovEP&}O!5O9Q8R%fl^eT*mtDai7; z_)8*`**V?|%Ii!D5}aOl;blV-n-lW>PSCmiu&rV~hNadd#Cl(LK;XUo=DZ&dB?Tyf zD62dB?N=z#w4jDGDFIvoKMnrVUJN}>p2bJS> zYr?5VKuPcrBH{ak1IvRTbK7E0u-;oI51D|L1O79YEW_!5A_vo(+)}vdK|LjY&iG4V z+6(D7s=Sez(`_mZ$9?X&5_9E%dh)pJchiYZ<0I1;iYHdNVNr|?VLE>?@JY9;TklId z`WdlNUf^?!3~+&J;bM>e^$<6B;Rct3@bg^IPI;?N4_UAf+YltXzEX;ducl^ z{a8SVry2R6%mUO(WW&e6-j>6Z2+26BQi7u7EnjWz7Q`T;TS1%OHL`XCOb2ipA z32>%sV8sDJff~+`Uu{vMqht4f6kTITi>LRa0om!@vSO#5AHxqKwrNR-7G3rK!|BTsHnNWN2Yv9oh!MIGLv5Peh4 zv#@qkC9xNtD!>5jEW`gGCz)gcsH+2MrbFd4U`G?mCC$*p;{30DU+Zwa!YzUcBv(gM zuQOdwsywhDii%K}={xndHv%5|mPF|XjU)YH)?=@OqP-Tzj7`8#v`uP~yLc2YwYEKu zp0dq=l&yh#odV8S)|S8_m2b6n3pL~y;Cs*R5J5wmrDW6ZxsW3>xN@;z*!|G`(HUx=it zQ#901pnEWi$}kh*y~BV2#Ky38W7ltpd`BpW4n=OTlXpj;bAmA zvQt^AI66)7)LRoLHS6}*s8$X-v+P-|)IAK{f!D`AHUR**yrBMY_cLB0*`_o6y%T&q z+zs3+iOWO)2AnT=;Z&J3?={daq0>_p6sEG4;w$Hp&d*=)OhDV_>}LaQt>=jMnwQJD*QQ#zs=*p&U|ARg$f`=r za8JUJScweKVt4##+j{i~bzDuR=AzPMU=32%89O6n_(hVfWchy}oi+}xOsXIrHweT1OHsCouviBR=L?e8$ zTK|bhT9Qd}z#d|VOmG|_jg+(qynxslbP0Z|9^V1P^TIMVf^zQp_HH|ay`0Pm7Uj?= z$SX1w4MseG_&(LKJJBUqy0OkE%9;JQ;(csCE8xcP=|4AWq$?&&e{f#|iRNM@nicm{ zNk1nGA9`r4M{$YLE+*|E0plLe^#e*1iu@in+V zP)eL53=k?u&&=O|E-T(8RBWq*fBSYxFyDbg-y?TK*hoReoE;76U8wCW_DGU_-S+8)Gf=e;kfATTUjJb|?lS$2Iv^W96lN zy3x-6E<%ntzF|z8_U|{cCT~ND_y~9ny|+0>%0B7Vl`wQ%W|1Py!4JpuML8t`I@pC3 z$`=c~!KB$><&GE7Juvvow2!%-N7MHujfY6#`axrWfU};ucq!$OK?pq5<+j`jhpWVT zKhC$3#_~tTUs6J~V6u-{@Y*o2miNKO*Yfz$vfzqAAfL`i;EOzi-^Z|Vy3t7WK!;$O z=s64FWKO(aU!H90iI4t90WS(rEbBr&j{noDER{j-x6kHS2y<{36F_^q@htLmzznI} zm(ri+#XTZ%&Y_*3ul{3TK><7kS~3e2mnft}K}@+3!%=HVx;AT{=P<W{8;_Z7AtFlxn1R_AUb^NZ1%?>8>(Kip{*##euonjhqi-BIz4&E0{r z4!Tldw8}%}5D8{B@_{=eZH5)p52WQ1OG6@ifI%JV1;HUZUEMf~dq_@|wMc zQN?u=*qG_YR#+O2DM`hEv5&gDfoLW&7GrqeR7#A39lN|t4>4u)XUTj`ECSS-#mJua z>JDdFOKqPs2qvi9cB4QUrEPFn@(tD+v&3P=vjEBs7iFLjEWRWARHR`X3yo6iOQh(K zNAyb&ypBrG)o?CuucWysqvR^ghi5+~VRwh`VbP>lA=ZH;fItS&X2`jm#e9USpB*+6 zsGcffhVgl-_XfqD61pBlE?%p5fSw~j1UDOjf0A)+)0}4g zirWJUg7V~|PdFdowNB42E3n0xc3O+DJz`Sv4a>puslr=P{h%>xr@>cW>6Q||=>H?8 zt=Lk-XSe#~TqG=_@SDN;x{Gu;x+t<+`fCb|2F9}a-Y-4Gkw~VQtd;y($%c0YA0Bdo ztf50)E%~2o{6bK#XTu=>TvuN#3K@%5s-e2tn)4HqjoNW`nX81{LFS>`SQt_28C8jo(L!`C6K}_!%5$Db!-WkW>=FdDQ|no6gAN zq6}a2+fV=HPc9#KhPTWBqcxCUooX#gHFCb9ZD!HTwmWMTQ0>fb@Z+|5+k1G{RbUY` zbH_*0!YVF+k2-GC_%zrU*LN6bngsoC@)t~Mmq4@3P(VD(eR%|&65E+#m5oUEEE;;n zFM_|GnPg^cd&KQ88qA>IBxVw{nYn-ez<$LWU)wro?(9!)s@VZNnrd0`v_)T+m48%=RC#HVx{tv1k#O~qFI zoo>^Tbw#7X)RM-tQVSkX^T_ElQe*|^C09`n?}V+o{o+KKsHl%2g}P`Dhq(4@tuj!5 zHvh$VFcExTI~kijoR!*s!GNL6ll|m){+KC_s?<~^Hhq6Ed7GjRi^`O(mMT{Re5w_T za8*XDq8T%2IhmP6a|!0(haXhFjE94>BD|y%0JaU?j>j)CW$ulBR8sxxo`Th-bnO zi4VKK&jpb5@tV--jYLR8o2?fWjF2vo2{xlx&{dpsoAJ$7qWR5z4TK0J z!rV|&^VFwyMp^PZUsX`NMc+_tqjfg{?7AR8$V237r;;p*d)*lZx~}z`PC7ISyS&dx z(oP{D5|bWnl75fvmy1ew+PGE{R?b(Ou~_!zpkL@bKwjGisjs%w7!KrJV&@xmrMpw= zN>k6|EzJpE4E>Cy`@wo=$kj^Biv3)F)r>RfKQDIg9N;;ave+u+l4xO7DDXK4SSUS< z=>UWCS(xg&=iO-?mHoS$eK3*X-WH>&nxva98-7~i*&pZ5H7bmv?uW$bdOPI;wk0(d zL)F^ia;9nK=0Lk7;rZ0ndQGoFiX8d8(>ZyfCF^rj?rV z!32r?T|FxV-t9(k zkK8x-!1`?lp}V60p054ZDD-JEJdQg}>zh#gQF67-n91GDKmNB%9ZRzVX0mXo==W&R z2+UH%&nge>lse@s};OYsZW@C;jVCJ#1y+IA;BHjKlXbk+h5tCa`7y~X2kX4tN_|S$p$IxMqph3 zuqz6iM`egWq(3IC$|B{8QERDzU;fCa^0Qn)!NsWLXFkcXhD|&PB^F2hyVM$ml`?DP zY<7xttHIEjB`wM7SZVcHd}q$WkMKDd5EN>jI|Ogg0tK3_<_2*S)Q(9idAI2@82xsm zDB`J56$r*K6;Kne2>>XYaBeclDVXFA0&NGwwSJnL+)=BGGy$}Z*RPeL%JPO1asx>d z!L}|@-cvWAEF_B0MSHZL&d5HI3oHmH^qAmv^Wsc@WS5e+Ks~6}#17I%pEOS!in??d zq28`L?qS*0AX{&Ah{Re?mOPR(>tRo8Q^&PBexnWx9S$SbI>71~^B1dm=2o&>c)LrX zbMWSb4QfYQu){bb}ded>dDxxar~2HvxW{Cq;AcEfh^YS6_WK63fQK~`W|^yI0~ zI%?EM4_(cedLWTaK{B4-_ey99jW7Vx$B9og&(ykUy0@>(%`;PL$7$Dhxv?C&Af`GB zJchYk*fV&KLzHD_Rnf?$x8ok<#Phx#z};MBjGtr71FT#l4<@*`m0=GtF~F)tscFs` zEnM-ym`n%n7p6HA+Ix(+K{hD=J1M|j* zFhOboSc;AYK7C840#d0h)aY2$Plv>%(vL{>>)?)xQG0lSH?aGkAprzwO<*oOqEIO} zTb~U$d*ARStTFD^dqM1184ywB zli&_~@^WX1WDM|_kvZjZ8@<9x*2d#M@epj!P}R(sf)f-V;YF1Ok-jQk%rewW1%rn< zrv!goU>HJm7wv&O?qpFlK?)r1JF+J(uqrT}&2AVQkcX@8Z-`)YeWASS**SLXP>84i zy)ca(DPo!*+=f9Q{iFchBe+P@V}z&A%8d5BX<0sl7>I zbRiokwddHnj?J0iyooDJ2e^-ySjv_kD4CKCUaRrq&T1oG02} z6c=XP{GbV4L6%Gq%Y=GT+$lKAIV=nSxx_Y!pI(MrPJ=7QFfTHG+3adFJ8VJH0s%-zCM&gi4!KH4PC-uW_FA`?4i{gm%-q!OWTdiopNiJ`kglm}io53<@SZ zGG1#i=YTepPP}M?F@j-n2T5G-iqP<&s^QRG*1Yxm;O{p!$LVaB;~r(XND!6*9x02h zc0M_mb8%7)nsPlwRUWx3pfITxg(>o^nMym_^DTKsjHdy{5*Voqg13Za*5aZy)SehU zf9oZ|cxUlRBP(e)r2F>nAQ=sn!q{$T=`ajy_6`ojS($JsWW_Qdse`j4@-h~eL<-v8 z&doE}loqS3As%6UE%aXd^(ILJkt7Mil%)@>Xo*?rl)CJWiOf{M{NGAHtWw&k_l!2N z{kRaX4XTaGoE>!V{}g9U$LOy~Cqry~;@1HRv8*7X&L=h`i#3 zRUR={L;F}*x}rRaVHhpCSg&+^xeXveLTTPqEc@-egc*}{g2F$v=px+MK)YQ6PIxY0 z(n(Rj1#ri;^x4a#3c$*M{>TrgBqSns)yU`Yab<9Yg}~7yHG>L0i>bM@+|O3m{H`n5CuDwE~3m+OtXNS~X=m^k4C zay9k(#$UMVLuR9AMWdeTtagd-sO~J7w!kj}L>FC**xv_68(Kw7vP8sJG?JB3+ll~xtR)N;^i7euPIulqEhQV+`S!8 z9ws0V=0OJdM#Sdj!tw{j9`eR#x)%eiuD*6qNwOl`i+kx*{+7B?Md16wbe;MFNO`;f zU|pUp^k3fBmS?@LJo-6|JKZK$1z$svyhh3P!?=-^5g$BjAsP)ZH@|@CYvE^8f=B{! zv{F360%L>AGesa`j<~tG%*=|OanfIMjqOcPp|RYgxe8J@yOEr)>FBq_>0I^(bH3o2 zaJuV?7FL~+1Ep))!^gT}qK8M24*^6#mBlo`bY!N{rcL2o_%%M2s1mq`>keQNmy@k8 zW$O;+5snw~rcZQ!&)rQycYJ$(5HQHUlDxu%II$GUSI z(aUBj_(w=-ecM0CdHOuZ|NMK!zwl(RkegShoK0q}amvF7NyRwN^0K>myD0{k@^f)- zQ(1L0o`aZe##u*KEN&tD2pTB*(YBWO!$7?~`-*7t1Tcp14h3N%01Q z(<}RP7^vms9K~U!t=YsM?i5F@V1KQ5*QLSodl*eNps#B1tIV+0lKP`H$QMzRi+A`~ z-FWE}p$5`%VI)*F^_x1oC@X*)a*X!K;5D&gO>=d;&cogA-ha;q_YI&w_HNJ8|5S0N zInymy>t@gKp1Xpbn)D3xR2Nb4cUyoc7Eylx$wfo|p!!A#)-EZUlwr9DXA zc>Y}f-o$!R@BYYMZ(;AEyc%pc^VIwdI`S7;A6Hwg-}2a>Ew+7kNWX;y`3bUxg#ScY z#Kje)aKwP(qCk{5s{`1j21K)(?DYN$iXSZNV|Gqc`ac7$^vSE&JNM~r=biK{ud%lR zCKzLW$Bpp&=giER)qS2l>@qT}<|z-oD)@zRnAU;QKNUZ-%Fo?|8df=YUBQQ~pkT@^ z>CyontOezv3Ehk^#Ge-j$@CS?l_+PLo+lVT%OaHiR2slRE%qT-prBTV<_?A!1^E`2WFRWmMD@xeDWvCgK~7G$z3dZ&_=!jTlkiu)w#dM@m+r~2 zKG;7D4$!WVe${}%G_A_u;lMIaRMAqSf_PMbpeMDP3npf<~~TP zI(vh}A_&`4hsQp_GqkDd5c26KSiPX<>5aUfO;LLxPz7^s6wOPDZ+S`tfi0USF~5SN zq6OFXj(Iu2sZ@gy%zx@6j^70zf`gB6gfLKmy1192G^}LN)fapTiZ>!<`pCwP{7E@0 zv>2!6fm4VWE&W;5;U(uCB@I8|GNQdGYu%NQp;tE!H2oT8(JqJRbVWa*UI;eZFu0`H zHjZT-C^ZV%hD$pcY*-BcV_Z~8wB0eE&}nQlDcVPP43e71ICw~fU7o1nM)vEw2nn?< z=iAXYZ6w*t-Xm3oJ+UAKGafV>8(f%WD3aFPEOf>S!q(i6&n=Po4rUY?c#8;PDMa9X zO?=B-4>((fLY#lSZ+3C8KS~gm4{yx>NRzJi0dVj_tX*!D8Im@pX^&^3b6AOgLfFq` zjoJbQcJcwKMFerelvsOK#ft|M>;f@D+DJhI1nT5!Lu2K(#wW?CtY2?|8-ri>Fe?H; zL+r6=i6AGpt*iSx8{G6a)MjWw;96;grV=7Xgs*5NIOI@=XnN1T~JJt@pS+jlbWuvU|n3zUNJ6)@ah!X`AXO~oIt zDvC4K8vL4k{AHi?qhm7J?oOY4Kb!tR;5jL0Z``wp0k@bGw~;oPDFD6e>T4V=pJm;aWD6W(8HN>dMzowB_r#xByV zQx(rr6Xt@|>PsvcK^>{RyQad7p{MAX1>VA#I}IZ5bQh`BZ(`Z@gSSp;H_tj|YU?sw z?3=9G#!6UqN~Os=;R7+c25VZYdc_VUmksK3AN?fgRBzFg=g$nPy!d;7pwjeG8|1Jw{%N`be(sx>n!?gLf2IJzK=L07fHnOF#b6Zv}vJ@mJ>ki=K$_u6avcL zKRwUl>o$qdbZk`cRDE1VH-_!uW{#8`e7mj%orN(Qr$cs6AfFZl=o~y>CkGP|7~7YnljL<&9uWBI0xvpmMmRZFOTq_8|iM-o#;;Ue+3>+=6K|5?iq@55IoNq zIfau#lM&P^z)6){)Plgqk$sl4^o-GMzM4dYFfHjq(Y%iI)ZB&9I*xDX9!pbTm~kppfm8uFuy7C zxVXk@qhn3e2u@eoZ5G|;f}yQzYI0=f(q1n;y_aPM49y+q!{3T9h{98F1&Mc=OUjl4 z1|XGx*A^RYYa+@I3|@SJzLB%uS2?uos^t>2%LLGqweK#(bOxgUyQ)SK@+P8KsNbJ% zWPryJPnEyv6F`iUQQsVyeDeERN~P5vS%h@&{YdVRa_bF%3G@qibZ$i!(#Fq9KU0#d zEX|Fam)Jl2s>Wkb^j&eS``mOgwiMrcRSKH0+x*>+1iShs=M|z)E!wqJ?VvC4LEgtM zXIGaS@hAUv1XeOulgAe!&*@<_bdT~+0Ju}P;WNjcly;7;)X(7d$G!C+Ok-E_$8cs0 ztyT0Bv;<+ZYpMUn<3vR$P*pW_IM346X{_AktO0rFFpaV-?6e!WC)?I?)%rYif@vdQ zFWj^j;&b~N92#){z^ozwJ=GU4Pe(w~i^ktcf3Bskm)oITLWtuy4}XpvM>f`eK-_YIFnFGek7I%_$pl8c6v+VB;*=!$gYd3@1|Ydhm|xVo^h?gi>~>A(M2%) zz5Tgs|1mv8FWa8cuD`>$Ic839``H6pr&U_)SKo=}_Qf@GOHys79^kD6=m?QS3xQ)= zV4)C`r+WYq2%9D`V!gUt=h`NkJ)ys9#B4l~5`Hi-z@E~>{uovl?pN{^>8p1bsZggU z`kAua`P!+mA>?6sU~^;t1&1o(w^V>y5O^@5wZ&?L;z&`!ZEOYW+cjQqtd%fIG8Dt} zbx|}o$wN(fkR4Y~+A*C8aCb6Rjl&y2Mdz(=F(1#X%TD)eN-ro4t%{LE)%lb08Age! zJ)b$G*EhpFrZtS&mEpS1rYZp(NlL}=M)L9-f8B&j{K_BA_UZzhgp44O94L-Ae6#o_ zbN__6h(CQSv^7Tt-;6ybwb^ghC-}tJ^4bb=SJ2COQO4;NChagwP79xZ@>ZVQ9*BMDGRMoyDlDKHr!V@I`*I3CHi)4ugN4%zC~&g zE--AKLKch)IQZ@l?#IelnDu^U}wAP1jJ_w+nF*Zvrz$rKIujPbnsa{lCtx zgX>El@Oo_!^8lbLok0f*4{tf*rzB8sw+7=9BD0SDVXKe0>qIePN+8m1U-94q#RZz6 z%V1>me7kVOtLtGH;Pdc!=T#_IR58s2VQ>3o$>P4@q4%jsbvWm40{ht-(;Kqr>i;f9 zKogczVgSMRhxunCV!!=p>{&!7;~Q1`iJWVTXI-Q#T8 zDZ+6$wS$WROJz|-ng4=(1UUNN=gEVxN?~DN!L1%+Ge{JYQ9S0XhS5lc{Zg&e57#RL zn3O&xSwDm@%>?GgIQpiUTQ~={5;%OTM^xU~($JH6;w3aRQt_w{#@Yc)T+ZVGXAEOl z4i$hpR?IVdmGDqvPp@6$;zNkaq$K=VI0kj;^Fa@VV=G_h5ty&xr%7Us z3pUr(!mPta`sss-IAY90tqE&Nk?H~XHVQs+k!qLTAt$gE$+4KyhgCyTY9neeJ+}GB zeJtY4s&`$EN@l0II4GVIg4N*aSflKxnIXXXWx$pR534W#c@nXOx( z*E1xk)y@7=a^a0 zgieP&)GQG`Br#fqAd3RtVO@rw;+ag!SEVJ!(SOzFCEEHpTdeFs{=f#7RzusdgSqTtgp+D3|Ll{2&&DRmuEYm2|YGTiX}gk4!~-kOw-XVmn zqWccFc%>({*R^){Ag#{xlgHfs8qS@oIdvs=xnEj_5&etjJJxDN*2)Uv!=yl4vc)2| z4jP3gi5#QbM^PcH)=YuZM=uEIDKKczg)hnQ?*;nU3|H!WMruh1&kngrcXWhR@`c#; z#f#q?koRvXt{Nf$zs5R48czZ6D_A`q%QF$gbj8g;sIc{g4JAmkftBfi0#t1YzD9|2 zdQk~}4^g|)456FYVx?-tNo{BfG6v!os5*h}rM4S!Hqb3#aB7?a((KtM1-Bt@7%oTa z*m%2$kS_$_%Kl8;Cg@;$LbKI_GaD@ruX*>G2}0xAJud->+F_*%sYVvp(`#lQCnOi_ zNzvg#TfcVOV>XpiRld6ZJ}o$yuz3AKs(Q<$dd@a&PwN zAzTh&j^opm`$g#UQUhL%h6|UIqMQigNV*+fl8}e&=1|gkl?$V(R6*AOg zVmZtRC^dkmK;42AswkMdF)0VHyiXzYP2PJorS(bOxqGFW0<(06+{jJ&1Ohz+!<^Eh zxmN`;;8(G*(U?az27KZs(J~#qI9P>!+P@5BbD)P-9lNGV)(KD_Hg;*b@&I(L+j`9>g|V?rUc_egP!0!y&3O1{OGZzNAJ-Y`qsmcqrZlN_=ViXGkD}8`5(P71ccf) z6QH-2=k4AXMq}m+%m}bCb#!L!Z|6I;Xgs|?r+tBfGjB}iRfpki-dv{&Nz9%?@gt10 zqCG>noyZi4En`xiRqw-esj7qwh*%jc9TlV(sr|_ zkN$!wa_{%jh!}37Uij}lA1vR3iwkW?mh5GF%5&}5&(M5GUN}_b79>ebg+PcsUyme7Xwj$1HP)+Xn+?axSUf{W7(KP<4BTb+OEuErYV-~)y1S7WO{VFj;8Buuzazc-RVR5I z8$rV~K0OX2@oWTxY+8Xf2*DJqFjIrCyhtCyk6}zUfgcMU*j#^n6Tc3zNoN_1l_C9 zFv#323LTZ?dx@kDHJWHkl?te1DDiN_bzj`9k%H6>OU0V_6F$hDwp2ywk01>HKq<-c z(x6PAwTG!%)2ym&^nxEr1*r4q$jAly%w06nq)fu!Fozmlsv^HAM2Gub*fHsHjy~tj9;MQqeq$j+% zQNz4nuKim2WO$jM)I-*z9N_Tcmpw({-o-5z-7la!lUAoKH!JFzEmD1cVK-949&D1l zFS<4NEsvLZ#{Gw7@h}qOQ@CXxo|2ce(UJ5p{;KiS=$3|(|Md(fv4)+8+&f0hslIWR zujPG!>^!Ff$osu)dp~2x;oJ1rzNV^UQMn^myKtDN13CI*2c;@AfkR1+NoyHhhBT*M zT9p`8cSuepMM?Q(4LGtwqoG0{ipmF!aZVIWxe|No_!DWZTdXgS<+zn`&JjkahwL7G z3p-K%_c5crN78s3E|W^qZ7n(E9teZQX50j`opc$1+A=O1GsFoIPsqk^>Ty`DL9rxN z*Hfr%5=@^+3jg0lmEY&ja$Jp=cop-vQO-Qa+)Rm3kJ5M3y`Nbo$AYaQTLK7M=YC*0 zPBgDh&aRd8P`WAtC%2ZWN=SWO#)!F&k;L?6Q3$*9iAc=5p=YL7pNYg!mo@8IUS+@e zY;MZ{T-2-tdl4l8-Uky(XhR6UohaIZ`Q@1{T+@eS%^fo_9BIo}uE8bfTQTK8o+Ve~ z_4a-|>yKkp3(^={DAqThCY1T%qj8Tm@S(S`?AUvg4vl$(}K{HO?N?=>2)ZjHI4ctV#hjn^XrkY#`b1Ji`f4TD@2*?^?8}a> zl z4<2nvA^hlt3vdKb2R%Ri^)9RP`8Q169|nZxaYBV1UU@@PGeRfoDaFX+4z6CHsBXkcC$8yhkWR+Y-+O^Z8KT{MnoNwwlOU7LNhpJox zzAJK16jc!qn8^oum5{NMl7kwZ$~|jYohVMq*iqMOWE)LuKUYB$LB7LC;Qu;h6fIx4 zjJ>`faC}D<6kRO(E=Q<$b0tV^LCo3i`e^hE&>tKoyyo9^=qUF_p8$OyT9pF~E{L?` zo`a7E#aGuZhuQbO*fp=vCppkCnW!B1`m&*R{Nr2b{o5t8Sr6goj^8OJ`X@ccL++b` zT_Lt4UugRYgZl;+<4?PAcI?e1rck89Dg z4ri*-Ui-T-Z|LLNlYPK0|5{Jtl+!XsVOSBOPu5n-1)EOUF8)aWZ)JKmqA>lm92Gj} zVUn`n(v#)gjfRt$X}ZvW8DMSa*p4GlvX3{|9yhj@AkTgc>pbKsBJ@SLJ%-uvSRKks zRNmoQDy|YbQP(`-&{eyk5gn$Yfze1yn^h?TqhQp>?sH*;UJ^qNWEA+Qc;EjqI+CHf z?NhV$4{1qZ{K#mL&Mujn^=MZ9dd>x;AkXT%b^4msmogMJDX0rzE^Jk+Jnqg-`+e|& z#ZYO0_yoIQ(^L|qcEQ2#WMhexeWS1zJB-*$1GClFO&ap8yqUx?)GVZZUC4dxd4Cf| z)Q;!{rsB#Sbak$7s`1anY2{H8FjJ({Hb1=FOSrt$B>Z0D7I&MpfRSM6^I}~R3L@_4 zVRW`N<4tT?-vR>2-zUNS8i|jU4r5-9cIr}Zm|E(C-;$wQMEo?S(*hKghCyWpT&6Av zTi7I0`9nifkoW{l=$%L)lP$9k!y|=c|HW7Rk@5aZrW>-QB*ZUltuvx}weOiLX$-Dy zw}H!?l!~Xx?hSq??5d*8EnSBE*W?Vn&vOUwa4bpX47ntL9*DNZWecg8XL0^tS!pe$ zNr_Yo$80QGdMz$OHbsnfPLqPveBwu7A&el99NKuOQ>}(V%Hl8n$mVw&7rDJqbYw)6 z5X*Mpvyl&^;YZMwf00#Tx)6S#5sx{bgX0loQNl1Gq@CZU>riURhXNcCESb#L=PqkpAY4cSsFlpBy_kR%TDF)18SydN5T4Y?5~!{ zZ`2VP2-KnnSMt=!#M6jCn%-2au*KBTeL_M9%Yl?d$9cP5=lBu^Ai;vn zAX)6}SpAM=41QjflJ>Sp8N!W0#7DX;{5!UoGwlr=z5G$KUC#9Z1LXnv<=bzU1;Dtz zawDC*$hK}~e-4$WT#{}`2MTjT;vLERhY`vj55R@zTAbl zJzNpIp0N<2pBvVNe94@I7i5~_n4W=vO+2e1F57QRes&nyY$gUW1ESDyw#AA{ z#hS76Y{u9snAJxE8U)_PTE~pA4nZ&?IFe|3pPQbMy4u$yVDXLj<-Im8I z(7j=ZF_zAHh3&!87K+fin$?tmH_T=*vVvGi_8V=SSRejj_h|Sn$55Kb06yvW6BRK# zb2>s1&FVE5gh}WuQ6lXLfMwKya?*{okCep;GoR2f#J!UQ5;1Id+I$P<2zV>?N zaar%Va{V1mnfwZboPEd6+wi0s16jR~3QrTE!|)?~avnDaOh7}1R@;F0tS@~xG_u&v zhSt;FerLHix91IkX48t+63>1Hx`OKDp1=|%l;u!)Z+}C3VBsbP;D_Td(C;pWoggz; zCzI2CMlnP3!q%GIhLygoF)x+TT$$;$6EW-1 znX*ukSu!NH?!H%mCv-#P4fWxZonGM?bL!m|?zc%fLw#_-c3$bK%RvwCGWr#1$E-_6 zPtTzZMyWo+pMFzl%|4Oz${)j3Ki*JOh(R_vAF1*nu>k9ZqbFJuTW$u)ubO(j+&zz> zUq$-f_ym%MrB(H;W)H*3I$J zFdW2#7eDKLAOF5jQDPN~H0SR3Q2X_#IW8DjLTtHD{5XP_^FE(ted8DWleIG%_v%d% z;SV}DJf~}3Idz`2SS2ZnK>_mcN*A8ljj1rQ4aBh0hI0U>e+yA5t-t?eI9Z^Rckv%S z;WQE`B?d49l&=2aC>5&JYPil#CR2Y6Ei`90|5D)2h)6GGzj5ZoTmI7;-(IWs=|L_F zF$y0ch|GTS57BR76ne}kthMW3$_KFn58>YD;pif;w;xRCZUFBkTtQdghuvU!CD>_D zRs7Tnt6#o8F%Q-Odwmm+RcN7{9**wsrt_IG_6T@$3^7xVzvKp`GPgki*&_9Uw%0ljNihm4!&2-g_ zxUS&`386cahtAdHs<9VY{D^3-4ttlZRi~q;Ub2?q6PHC-J$l}MYd+$)`F@P42pR)k z1QqH4O=s${A+@b^9T^`{WW!cJC-UfG=CM{~CcK$E^r>;Z71}!)t z1l06?Uq(w*NPyRNnuo8_<7OLZ{f>|5XN(5yZ;G!@F7gFxUb&)&Ly!%iTVz)Gl6FgB zkd~$D!?}B6nDEj?#%HYxU%(U5rI`OnTKmfuIY*Ub)dxCzr^Cq+$&?c}2&}hja{k8H zuW2EK))9|Lm;LsQT^o!KG}y&gI4BL5!$}E(8=}X-yXA3mp0&xXw0P| znAvPlL(#-|1{*gwR|dINF@|anKQaNfvReqyZ|!eoI>><0M<>gcR1r;B+^p{`yn>Fv zf@vSUX2FbPvj68<;Mh|4;HGG=hj0NA5a>1dFCvh%^N!%wC~@_w;SFTND2~vQ>v?6k z)K`Ae&GcgTgS)l5hFcO_i0v}P&4^x(T)!qh|G~>$5w-p#$b-aR{oqU@vj(6{AT%7> zI1m){VLf8rycZVsFBxx5R3AzpO(B8yU{DO&Y)4ham_AI$jXSay^0$pS zIt~qCS78Jx7%O=4q&Kylp!87ITqYKq`}$cr=(#!0)FR;AzV%QD+PI^UP3DR2lD~3$ z9WMc}(C*(Zu?Dw1RpwN^{uA&KzhGekr6~t^|&i_OQ(mrc06j#zv6yRJ1N==SsSwvZcRC-d2YR7`e*cTY{5-Y_geNr8>Bx=fN z&NWEcNJjAZ_V#taivwF=-o*_JgoG&T126P5SPOXcY@5n7Y6!Q|jDV8w3C!50lmzZpgot$9Vt~^0Ozx@k*3cYNuy&F^;mM8!%t~x+3)t_ZIn9|Y7z!iU zq-Mj9#}n#!1Q9y;F#U5ekaq-=cBpIoLe*@!lPxssi0{80Aj=Ek)3A5{gbmMOKB8ob zBNFB{9)H09Qa*sVOb4V0iA`-B38Segm3nJufpjF?ZO_%4+7;VdV>8T?9r#^3vXt(@ zV5=5gv_56YWr|35GPCiY#Vt2s5jL%LezlG#%u&_+O!$PVO;Sv_SMisOM@=%7297&U zkf)N^ou`DD{S=lm?i(xrNgHEAU`G9W9%ZX@V3J6h!W22az7Qb2m-z@AliI;B>1akw zp3G1xGiTdX(q6mXn2w){bX$uqx}kBj1V5Y}QVnqFygp{Q_VYpUA?92iNuF5~{S#%Q z!Wa!3RxzElAC^bZp4HK5EHEB{R||8`pKE5QCRqq-6qO#reDG8VKQx%W#e zQht`u`baTUDpP87j+agghZ3RUoY_Jw3q+>W$@dS+rz7Z%DHw?SSj>5>g}N|+DuU3o zr`t)+Z9yZtepT6%vwbyc?$=31L8RDnyQZpNVuiW+NF-3ZWhdc~1`|`rUo0BA2RRKd zsEo439iVv%9j!@=*9h;iZjHRoc@8OO-JTpeh_cj`itl}pHkvOWetPz*OAnm(Y3D|u z26jOEDCiTkYZ(vvT+nRxQ<~&ZT3l7dna4lc&qxMGA&SzH@Rt`GPIVmF1NDCk#GWI@&?R~^Z3_w4k) zH~Phs(407b4}uf)}n8K~DSy%bRJY;X%AsoF@o#eAENY z1(5m62qW2XCYH}{=phMX#<@U_Rlmpj=$*M#6PTs1W>gRpiyQ}Bxx}nb{^(DNAP0eE z*-VUhE2THCKAi21{ig{lK;E67d8N7i=uQxU%Dx(0`aRj&8asjkc-kyLo!NNgf%a;&*VzQ? zB#mv`wr$(C8#HEfqQrCg;Z{A zIb=$N=KX3nx!}*ur|>YvzVn91(KbqYj7W_|&wX*W-fM@a`rS<@UPbjw+^H-N^j=(I zY8Pq#9PU@}?EvBjN&SsDlZTUv;JJ(z58*0QAMgAyKl@~L_D*J?My6V>OyTeh_>Mk~RZ-PugB+8-#M5OewJFG@es zDd{xHG$}U}IUI5L2sBJ-*DkXipwerFH(ZB0UWc8ek(&OSYIvKZjU7S;y$?F~oRByQ zFu`nmt|hV1TJB%+o;^B|y6`GpvT*w$IP2LppWSiW&@7C>rN;4qYt{o;E~QN>&D;0S!r@PAPRP7o0z9$~sl>qBruT#ol=vj0 z7yDNQ-Zp*NjHW4wb_vp^I7A21Q$S&oImc(chBX+6b@bxDgzo&{UN|5 zCU>uK>MXXGIJ{W9zexRq9&Y}g!MB31lJVs1Ih8%^uIT%(1aL1w=NRxW3cacO_qT5r zR0SbFo$Zwzmt1>*5~<60pVj9`wA^-Q{%}rq7c6oT7m|MXCa39g7ZqpfARZI7z1t&5 z%+I061O1Wi7lq0-!nC@^e?ZKgTHb{44o>NLU|Gt}A*n`JoL5 z-!1MPlIzc>e8A$M9XV1)p!>#%PQ;Z*Mxce>(`d8Cbnzqth}mmY#cy55$J8GF)|q(m z)7MFSwft1iYol7tmvluv@4MO*%BMb+ml3x{Y2`o_Qxk7vfc%IhSh=y-~$Bi zRQ!H!k#yuAprbqISY^h%mkVV#VVjH)?Uf7?KESjjSb2hMNa7*Zz1H7i=7X&#Xj2`x z$Blm!bn!^SWjwB4xBF{xN>_i0h4S3ldh=QmF;vAo<)r-=U+Fm&+}l4O`_gYBF9qp~ zbFx_i$J3-M^FTLpr}yT$gpQ8!)Nta6$b zQ#qenVoD5%B6;47*5HRVmeyd+Eeec(m+%+?D~M-a$-?_3

    x(g1f*s!&Y3>vK(IdbpBKCQ;na-nSplqVT_7U ziN1#0a+Y2Tyjb))v0q3+m0l*+_$-8yRuk}!9XEM3a)V`j;zT0;@IBp-!Uz(LkhQAu z6G4F<*8L_Wkr8H?>Kn&-%K)(vOzSEsXckrV+uw;B~VZE7Qo{!@~johi;(EF*xyh(h?>M|Xa@QVQP zupAUdO1?z1ky5%NNWW#1GG zadI12XFp%i49Ijc!Ugw+H1vUNXt=z>=+je^utRA83ay<|{pI&7$Fqv=axBdq`HdgU zw0m`<1?AMwZM%h{ebD3i8-WSj*sd$T?tzjplVZ?0!CY-@W@TIXlIG@QcB*_?@~=et z^g{jRx&!A~!b8p&?&^}3o6Nj27eymM3Sdqei5@ISajQ0QA2y%xR|+W4by%@*jI7v= zH+QPE!A{8}yeoF;)LUiY`p-nioCYxSFN1oBTXy(o9RqI!YCn|K+iyhVhkWP6FAuk5 zKde3KrmSc+b}As?#Kc(y{q-~);QjIr z)bq2Y@lIwdpJ(xei=eLkYWR!0Ib{)KaYjpeh`5hBT{<~$G;eMCDbO#}P_UjkKTiPl zoEa{LlaN{Emux-r|!kauA zF7hHqekq#$jSuPNBt|?BF&sV+yQq`Z+J4A*enN-u2`%_4_}AsdL;~K-r#iSQyCOe} zrDMlCKEL0;)-ehcu#Dn5wDRn|I54OeIXaeaX20;I{j>)SZqOOL(AA+sFF&(SOkw-w z69saZr4`%V?S`ajF57RR7a9F_q?077;;yD~a@<$0BS-oEg4566{5smjVKjd)e>AT+ z)NXkhjNa_t(AFqPp^5u^g+qtC+x5F#cJL78f@E+HMaUipDT~iB=g{wKV6{NS*4OCf z3sJc0FGbZ=rBF8JCNGVv94XRKdnC8)(~joOd!-;0%R&S#kTJWCF&Q=8EDlwA*@QMz z9wlnU!Dn|LQ5);a4kiX5Zt&elz-Ioms6m?@641mQzAMeB_>YBGy|LWo9Q_JvzA2Z= ztD_SY8HEvKJ@4T}yW%aF^uXR}P98Xr4~Y=Qy`jbH8Bs{o9H_cCaBS>)C)c-PhA-%D z1@VteZz#ZPKrWQW3A>@8*##Ab`sSe??_a7z>2YYxl`9JIzuhLQCu7~x$o-t_)msri zlW)^YZHo@X07+Dra*3cG-(4>RY;Il5GLEV9i(&@Ig0`i`UN(hSi;s;lKM79;oN(y@ z0wy-Is3HuEFUjofCa<`tb4k*$PH_MST0Pn!4g=sQrIJbWfaG}>P})l3BCW*O*U`B) z-Z_ZHNI0FD{WD2>;GNV`%J?gHB^O-|(Na^cqu0(unIPS)dz}0Bg*j6X99M1kBRImP zC;>z&S9*JJJ)sz%_C8Y&68MStwQ)Vypii)11LvNAu&j1 zOjW5T$n3Tl#$;TlRH|&iZgc5S{YzH9z!i*DlDOba6= zdP6iAw1DcqVnGHyOuvZsS8Hop;=zf~6-J=-*J|W=!nd2qT;YjsSY2sncoWA`LuP24+>PDD9$8!e6H<;Kx&dwvDigu-7TKKSxkWKqU$J+sv0H|G$ zi#1ZM)gcc1U?y6*g&7hxuSI^as61{>QKZP3$kRFYH@FZnyQ|5D7qXq&W&&k%BM!T4 z)X4tfN6!%}aJR64@(!YMVBC_XDH zL}Rtt6Y4<=cw}fVEH&CJEGL#r)_`8THRYIHf6HUzG@d29WMv~2*1D z0r;s!Q zevW1tAhJTp;X;X|w9A0O+;YzdU#Rb}$JCv`Nm6H=7fmE$usK;H#)|~g{!|AN2uFGG zQpuREUI9!|DjaW-e_f&IK;&E)^pX^;61o2c)|P~u(sRbzUb^X$oG0d$*px2%`MjYL zg*7F}slBtW6lF6qxh)9xSb(tTL6}f#y}_8_rrckDq)sWeeEWQk0_4A`)h$lRyi3w= z8?Ggg56VnuyNInPD?*Tgw(xw*eNNa8rcMK%I_(cTO_N4SuO3k7bh?>`aS}x?1ZPsq zevSw48wUd<1+B+lbCLpt8!W*u3J^Kif)a2QFhx_@e-5*0oT-cM%dB;nwO~=~i$0Wf zSE&*jiGt^7p^FqY+(`IyN3+sSQp19jWaTBp=8pLQSouPs!w*Mbq@FaT8aU}YjjqpH zX!W!v_)H$GyaUP`Zn>w+J#=XkEJUxTwUN7<;5&DFqo8>=LznD77p2g=fB7Pjl6c1D zS+>wwayzrvca^UOADG&*ALH-+ zGdJzAeuI1}+WxaF&}L4(G(2-KQ;i+1T$>b4tGya0rwMvm^c&*D7+0VHGb_E3YW$7J zzD2OG1?*2@4wWkvlMkRK6c!(cY-7mZ*()7pe#B&qsADNbo_GqM08#>k94x)cb2Fv# zHBzPy()Ggo+nT@Xy%S_fHeXxwq{HBqjpR$hRqxqjdIl#;W~oMpAwal2f}&-@o$HlT|`WCbfYoA zBB%3zM_?%?vtGzzTdpHE(1p++jB`U?3xQkI8WuK!`z{>{8?^yZVWH_3@ar=hlL zjn%C@l}@48$w@QaZ5Qt%;h5o!*i)>WrwJOp?TQ7Uq}XnT=-GJ!cnU+QWwr*GJZEj8 z2gQ`X>vRS6BOEp(PNS6eVUuqWB&>mz!I(f2v1ci>hC3_X*esT9xh7jk9GV>`ZiBmP z?NZG;Z?#cjGs#y7l|gN{{O!rI2g%Fb?nwEvixiT|fFAP!opaw4Sv{(DU zgq4}CU6U3Xb1qPwZ?og-yV3^u^oP(#bB)_ykcB?gKS>U+Tn3Gikrj9zwND*OJE=JV zbXI(I^Rx|CJ%2ow$yC}>s}(_~uQbKLSQ_a3LfjZ&h;K|gs|P8UK_!7waaOluN}7$E z$(ZnwMs~tUFHy`qUHETc{qrC2f{-tA`ccH=ul-~HS+0)W+jUzMYCotLjr0~8{?S#1 zpnOF3DEEpF9yE_>O?EQmkXEP0>qfMM6fm&#fjmBO2eGa@eOAn7lK{a1=RVDkP*8j> zPtL(~9L25+ndpS4Jgo}_Yn8sER0q-I+FCl>#FM-*7!^36;0qRsCYQgg0sA}crhK&< zR4@>42SlqaUBBz$HJ^#=FU~-E1!w6?ZbnASOtY|PL%3a=5PHF!A327m0d1df5?7t7 zfJ`28kaVJ>zB*hG=+S?7C1MljUC@bu;*VVSA6Q9o^Ak5CDwDgu@I}Zt$I@%w6-itC zS>~qo1|E)}4o)6e_AsDak$=1+=FLsq;ceO|#k*LjaO|XT>#rxNdk#E%>R5?XHC{Yw1p5`fL^&vMttIAtZ7*e zi&yDvd~@H~e?Aaz(hO;Yoqh>SKu|Ew=WlgEvT^coIDhnfZ@l+tAQtqF`@Ii$_ve>e z4^+f~1*R5m$KRf_`>kNj(c2$nKz5fWFXBCkYeI5|qgBvSWu1|SS$ddUFF{9V=}1TC z@Ng2P?aL2Pp(WHa5OUQNyXqzqrdT$Fxc`&o->%#Iv1i{RZ*qTTEzbm7&Kr%QylRHYFx z4=#cZAwOCy0Tr-|Se))>-AFd%L9vtGlMc*o9J9i$;eYULZDUnSWqanqwH1kj$6i9A{W9~ilXu=b|U?4JSo z0(@;dI{#1WBQPN}#Ny7Vk^397LhwI+3l5Y%YCF^|`st-6TLoxsH_4;A8Q&r4x|yKu znwanlr&e>ZclO-H7Ax{LZp?^j7G^3qAlFXPDmeIe2&c}gdPv8F#5|D zzX7-39&K>ir3lwUN5KG*KQgFD9=nUewNSjXo0_ z+y2N!N`CR;{ju-6yJRaH_lur)3&&>Gd*^8s0OsIUT{&Y*e7U@-GytmQbTWMy-(2ZtXM)(+33Z=Y5uJ%GnWf z3eEi+v}!)BM=vPTVq@-8^JHjbxXtq2#_`Fn-}g21=iei|Ei+Vl_ULdy~IgO*;dPqwPi!)&hOyK`h`t{&PK}Xpcs7ZFF3hg5{TX;GWlz1!OI_ zz_r(5M>D(W$wr;`@kDRw~oA z{nFu}CI^Z>r5)=&J)=!32g40+6t7}bg{<;w@lTzpQbB?)-X7p5kouH1pi`n$bg-wl z06GK57Z@t}C&T}0DGERKW_Z`}i$6_MJwZW->0R~*+!@+2Ug_?-h6Lb|6b&gsS>j86 zWi4)`{H6+0FLFpi7w||Pms!1u)8S-Jhr&r&u}E)~C(&2f0MjGAAuN?6ApreE6q?@4 z#80*&4H9Le;xeL{d+dZL88QtCOppR`Y6t*yfrh@)f)m&c1K#MkbQ}h$!+Up(R>d}i z&sfPG1m6twUrtdJ@lqM+%sGMWz|1pol2Ux62Tk0SKWeXDcN7?$ctikODpg^Db}%DJ zn->f3A4d&Vo~*FcDLAf^F99ZfFtcfbxJnntNWlo}p8y|}!cK2939~Pv_lRhY-PM_V za6y!XzqfYim-9hNqb`#pYT)P6bO1fm`t_DhQipzsEIEx(%Y-~}aKT21dCE172x)LR6F+Jl z;jNQ82WZqTB3pWHh>I@V^nrP)l|TBT_{p066YaJYi{5TPf#2lOI*L=!B`mLsQr%@9 z!sT5@n8e(KPNe?5YB=Yk=ohH`^LfzLXYzR%;_D}_t;JuBX20$9hPcY5t~&5~q~b>f zr|7^f)J$9jT&B}WGRfF+9m19tdE>p&zuA%B5DLpVP*7_khk$^fQ;ZbOosW^4m7- zp4gtJNAPjM7RwdXgi)^E`vrdeFx)($R<^bCjxF;6r>%nlQ(>DuHB$@q6efcs##5L> zIT4tRF8oGe1LN*KLovT-H|@1(w^pS7+sOrHNLKz|n;Z=~CYU~{_Ki2{C*lpAxTU(tmuRJc(W~QZ^p|zLQ+UPlX zWikFP6U*`q=w%A^o6avntK73H9{s?H|6Lr}0*hx;#Io{B@Wg2#ocX$Z8=qYKba!8| zz13CmF3s^2dRM?~$BIp{A3)M-Nq%Q#UiN_o_My6EfA9RM&F?N0iv)Ff_fZfZ_|x7S7g+oofcw}Dsr4N1R)N#L zoqxlcvj6=6R~wv+XO{JPKlw5t^vv}D8HdvM{Y+W-+ik)H`B`@33~$u(<-~Y+b5odI*@bW{OYtz>-OC7{H$e!&7DX8`p4#-FrT|$V|%M%l4e?bvYyL@ z&%EiY!1Hvh%V|*j1SUiR^8Nhn>_8ydC_`4bmB&}IgVP}1!K^UlKQKRd4c0SYl-O%< zDp6`vN^CW)owbiz>`P``f12<&iNgz6OkS2+)4BT&61iY|uZ4dqHD|HdMTzB5Vot^y)pLCQv!%?Z)R%eo zYuV5o5kz+C>ECW8o$ojjH z>G$>#6Szj|z{=Z=y^Ed0^~_&&YFx6XYp*cF=|WU&>@QLzn**=NZT4Ks-R)lYJPS}t zx&OM8110=|GSd_RJ{jV9Eb{gLxO7f^-+%hqdc{xO>VpoHr45kkk1WTBuIs?Oc=d6q zmcS50J_XiCBUK0xVBM()GC^hofB(XV?OVAW(BlWP3z6mG_b8Mlm6mB47B4<}4|H_z zw*IB%j*zj-QwIksI8Xp_Kc|{_FiBWa|pID?5`^Yoc# zOEXqvOk4HAinJCaWATM-jqXG5j!^4r-~<=ly}FE$C{+KX#no$(BO3?aVk!2=M_Zc8 zD`#DRv#3=UD+LP3dV>aL6-93^2MoOC5%WvB4X-N)=C0ozK&V@+QFGf~2m9fE>!5>$ z6WZAGxbpH%|6Z2Qy0o12RvNYnXKIR#+ZQp8lHM>3=RVJYTBa~!5`&LkYxVc1w!%G0 z#9!#GhAlqf>n*7gZ)Bb2+>swAuIh}QANlzB8Z7&TUMVKkj&Gkwa5RSHHax{G6E80? zZOEUf6*X8m*AlDlsK+7CXiH{(lR1&oTw4w%N&8oJ6I16J8## zJ)xtmT{l;wIEnu3{7m&PJ=arHMP3l_q!XE3htBEhjV`ZgRey>fz<=@L`~+(7~vMwj0%k z;ik>yl^Ua;gUwQFy-Q#2B175AKC20eFgc_h*T%xM0xD2kgJxTfP)P&*w4PZhL2Egy zG4>{znuwL&Xg&0--%*9~OUNEKe}#=!hxs)6%sjG4Q-%=|V)0cVLduTc=!#BgG(R9) zCt6kA>S28iWLYcZ+pz*&8H<2pKUAEeT7{~TG3hQM9kThYe(%3n{6ILNyEmC{78(C-j&Qvv_cGjk9ZNOO|$wth;IlkX%%UH-n!>S$Be<4wN#DJGFe9qU9|>M+k6=_(VnjoX8-}U z`_$h%ag*qw+wW4cOV2jfv8RgUxZd!WyVW|IoHvVCyK#!T6u`%jOG~}H4bY?bch4-# zK*cibu(a8>D={yzweHz3x0mcn;q&y`Z${b3WVB!#uCDaz;w9u9%V12`DabZFxtuBU zPDBd+BMO$ zz^?!5uj>NV`Sfbq190!dOdzZjdV>RBWNRS=< zVBCmDQ+tEAtsN;h>WJ~BP1NuWEM=TlG-=Sc87|Id3gpP&#v&RS6s9PXw;%^nZkhd z$^CqIc+o>aHk~aQDE<4b)H&k%rN^h=^p{?qS@mY+VQ7laL9g8jz7 z_@Eu4eSc8-#|=UmY6s&%pYR@mzKF}E|La|(ipm|-w}+$74Ab&8w;D$@N+bMwbT-Q^luosRGlpJi38Tl`!pV-31@M3^ zoX-CYzSoCv#7=dM`Lq0Ph4hvDO!a5-Q>RkpDLUvW80m};FGnh8^X@p)Kb4a1;u*mY z76?$x2q#4S)?N(s-d~jm_Ju}9-Y(ccLAL!vWXpJuh@RIQW?%H65T;v20?)D@{Yx`o zInOZu4Urd+Bz1`2JkWnbdRkPRQX+^+ORv`MX;#G?r%~_JR>-B((XJfcBky;BF!iNwMxI2ra1M-Etnf&^;-_C!Q_8YecqB5xM_(!-UnI;HF z%r|Dx$*8U;E!7-OW&1HoXUB%y)ZbhzHaP(u#1vX<^-c29`nFU%XiR(t#W_iJ;^2gn zjKZ)dZ6&pMOL2AW>>=4wLJ}>(@-Oo)JfQl#=WDKIV2at?vD*LUDiNNL0PR1}xKFO; z;w8NMWAMDcX2P4<&R6^BdK{Y4Xbf30x1u|Yok>eGW2;~tmN3UGDpg~DQ=Nl+-Cq=u zoA!Um^HJR6ErluG;7Q3OFKwg{Cis2{_P(54zHN9yuCC&`P~*BPpKs=xKz;$Ot~1_! zUnX$VkFdZ@@?1=YOya&g{d5I~*1MX!5xTzcZ^Vz%r)}XRL-xmXBDDVzw?o%VOdc=05 z{^iJ<$drgg_SMA(eB>AFtN)z z<3obJ34$C{L&`6DOSLCC$sXZOp}?bII+J$*nU=>zdKJIZ?JI-%b$rZ01NRdR_ht!A zOD$BJAlAxHEEdli;?2~HTR|gREckX-lwJe285-*VZV;RMqKk;hstAjpeQAj2LLga7KKb zjUs)Ov-o|sez?HLB2;1p!gH7OJ<{6ysQWt11?qY24QDPp{CXL08bQ(ldSuDu{hM}JP;ZR3ALUGJO5 zgE9S^*Tw-;rw%cFlh!6ZnlTl{RjzksS!Z<`!@} z7yZ1IfC6^-F18_xST?n`qy4uyO|iP{ogszK_0bOD*)es$xlEz;v9uOK1?x$(j_6(9 zzZ~!9RNDfABY(9Hvxvv8bhFaFNNKm`S|xizUq}r7j4@9y@ld&q zoc&vG>N8F|W)$x0ozf$o6;>+K?u zf8y}4PX2TVyP>zX*QrRZ2K{M>n&2x#1)jFpmU>H;#xZ+HC%B+6;Xj{ zLd~d~(JTUWLM=)h#@Gazg6Ww}zV#9#mDtGPEGELDU<63AeD!K=`ny%!TRd+r>8i4O zdlY4=N$4TL!_49tI<73~dy>6Xm84Q4T+Yc7Jk^F1ciU~DvK*sZ@y-4f$3;WGi_k-0 zSZX@q@zOM0&O`L|5#_i0dEyQ(;XL7Lq?xN2I-@iw{t?TRC7=bC4$~=M0}3V0mW_P| zNl=Ao5i7mVol8|^Z)1O41M92tX@&G2KegDI(M4nrUzw1%#1s=Cgrw?ky$UbhxR zHhm*r9wj0Q{d92Nm~%QFPb0YfU%*W=5=a{BCz|GJV^TjuA`>ygb>rCy*Q-VapH8DE zECh%{5zl01|q{Y{|%Gl7G2O1=G@;+O8r|pgUhV_Lgb&ye`;EzYaEiX zyjQrT!}0_$c;;JSYd&ioa#kqv`7VAL_n6z~1%pfOIqRg8W9@-nQxu@rlxj|vTRuAR ztjc&}Sf9Q5>X;)mqoY6~@R$XNw;#k%oXPD_SM;`dz2+n@hEg-XErxg6sAzF3=z@6M zm}QwmV|k^q7GO2KFTg;_XaPbI$_3%5*F58I^=bF~7mHv`je61^2t3{ADlFeV-h3*! z7DnN8mKD6TD*7$8swEm<2q5ARR2lg+nSCzU7{jS%pk0X`b;u&++JKl#+sF^cDlj0} zmHpDicvz0o#dCHMTFKWh!Rnrg#O5pIM_=f z4y5eacH`|x-plu$Ba3?Pbohw7_`(lbB<5P z(RInY7x>1imQ14D%VC8Ak$csYV22$A%Qa#!DMZjJkxhJ)lJ8X&awdm9=ySQ%87!iL z;%E4X*>~D+?fStrjkaf&ZoL?AB2)+!shD&p;I=u4)$AF>zntsq{5b5KMsigCsUKOF-1qRo-XBd4q0(zh5rG}5+Kd~I#H#$3) zX=ZGP-4Wg!=^C5;q_|Cg zT>?JPUnjg*1KX{n8fOz$fkfRqP~R2gXZfi%SLf}NDh=LI^jn9LFc<;X#p?spfn0{Q z+bpHwc7j3N6hDE;?7Rp7Bwq(g1eL2#^FXUZd0jEAgm5N^4?uEW`dK@8_>)O%^76&Qw1c3BxiJ3A^1 z;+^d>yl5lH@haK??PoN?hLO7A0+2%THZhbIN2Ht`$6!Xk zNTDzT8M=~P8;6m-DXjYBFB1N7p&~O7{*sQdDRu8!#_Cx%icrJFVyZH?eIs12MWLU< z!=W_NX5KqR=rw@lyp!QY?+AKRxEQb9N4N&cg>kiGLQKWHrSUjwrvr*;``^hj;p+Dt zBtE+z3CB(|&oO0GB>l}^WvP`eQLW@uS(%~%EgEtM(R>M8y$&w|sB{~k?d0keqW4-p z7)6jssHlPBb&`Xdz55Y6IJZJ2?Sqo*5aE-Nj7|nkZ3}g(n{k?s=e{jb{ilNuzHor1A|Nmi%2lnyc_9 znYECRs-z;Vpg&3(zt4ZZU67vV`e+T=5q0UqAuLO>gm8T6Le)HOB|Hs10I^XR#am<* zUf&T`b+`N)VG>xQ$cx954XkJqt%!8yEX*1q$G&mb~eQ=UV;bUa*V_w{ZuzPCMBj9?iX_IrI}w*++2+3?I=u5uQ>HV zCT!?L5?WhLX5fFb{=dA~sp3T@8LUe9)V%&wqnQi3b8Dfqx(7$ZO@o9>neYqvskE_0+o9yTBaW9BDQ!{JX{qlv1F1**+@7Y1 zWor_@y-68;xm%YsTJoO~Ot*mLWla9YT72tUobbhZUqY{qM71i($gIR|%G&d=x2Bf7 z7^nI*PRJ$B?IRyV7@>76lY+yn^e0lwnl|;vmXNd=yFo`kF$(CjEKOQJGQ7v7znm7T zW}+6ok$Ul`Wh>)h{PgMAG@B4L1zoLRhhTqd2bIvygqqH(SjyI8L@F)|KurA77MDAI zL5ny=`nyip;h1zjXCmD`Z7uIC#k>?z*>9-o(QcA}`uKjv5 zo4OkaW~)c?<3Th3+_)*f#(}$aexLl~U@X>#8b4?7U6TNRL9`^m5fmpFw~6_Y-dba8 zqg@W2A|c#f4b^}gmy%X4lfMRY5PAVNw~Z;q$hOp8tw+|y#4>UUQ)DbpYWcm8l+0B% zQ7g5)pBBi$=o#!EH;q@ybk0p4@`@hKRTLS8B%9JA{|2H*q!6*zL*p_dj-SN)KYh&N z6rKD^FTHSOsz&J|0abYZPZa||m3$QHBwPx&q$g^%SlI&^auz59j2^`-gMEAHRs3|X z+R+~dR?3!QZx&{HkAD5H-+wVKQOpFN#1~O8F}elI#!Zs|LJ;GJaKi(WVe)!#L6AP& zR)#H{Q{+gNYw%n?fD|Nv6!H9mK7bU?n1qTRK!B+T#s-#xX1rYaN4nQythiuUB#8o| z1ssh`3Y>%nZ_;d2ZFn|kylk1WhCzoSar}%7O}n-vc9zSNop~(3Jd3KtNr@y})mW!6 zLwAd+ImV>nRV&aC51y9?4eM*bCZj1J^%!RPE!s;LU;|2w{UA5dmJG-yA|z*2dBDk! z*6o_V2oVd*lJjMI`M^LCfbok(Bq^fUUo1QU3);w#yA6@d4bpMfGE6DzVk;O*?GD#a zG-toZ$(4y|7*s~A>+UpCRE4YBIcp!b<5cAPT^7pH4)#uMA&qA)mtNYmzFoQV%pEQkjDgyd^Gy=&_ z=WX}B&w}4rq&faM5sQ+Y^hZ6)O%v*(2#8z~Bu)pEFr7=|hCsv3e5;nn;KsoS#vANu zT1HKapY631rUYF^gS&Y~1(BbFc+CF7mG`zrp_(g5s8+HL@39*w`=Rfz6p`#u;h=1W zdO1}3N7B#zI9RG0g*4=1<%wyi<1&T5Aq|cKD@Z66!rLR0TY-mF9q@CjfA~r}0xS7> z_D8jbc8MNtvt2LFeqJw8|AerxWft12VHIIs0e1WZ4M+yqQQKH?pi6-bqO9IQ5gHL% zoLt3$gqwKOR+F1F8C%9?$MFkyAZ~gvVgEufY7S=xPf@hA>OY>3L(g||1colF&?;!e zX&Ig0|D^4OSuy^T$_P4zgj%&WYk`s}I`}KZ8CAu7iGmZY(|e5Y(e{ z3CuzKM@k4!Pmj*y8ASw9n8YfT!HUF1(EFPI?QFITd7s2@_E~t9rvYg5PgjHrE^=xU zwr5=)dPO&XQf|^rI2pawY-XrvWK295Z2eNw9C%~c zLC%_GQ{DJkVc=tEz{k>mFZ@c0ir`Nv$&?X-;Q-ZEP}_=f6C|U_*yQI}8r?ytNQ|Xd zY_~c{aYt@TQX0J03TGj>!I`B6}bX z7_aSmG<06hFY%Cmi+M6URU7^sJcx9D;F>EJ0xZEj=CQ2TIELOMRX4(C2bHAOL(jeQm--#dRoAm5FSSCP&isP$oWaI)elA9=11Md zit`dX$FgEP)`qjY9uv}{&c;^Y=}w)nHLMkvU8shZzivw@2I+^HjvQ4S$!Ydi+*@7M zMW`EgeZ|FH2|n03pD>ytFfYLO8G%f;RZ1?Wiunc4ef_6=QoZy zLFz(#lZp`?2$-esy+!mxR%Lh!{lg3B0gAJI-cSZsly!mi&&K+L``?4!JxrIODPPOM z>@9CK$%ws>EaskPUN{w;rCH*&eDQf;YEZ<}KO~q$C_jcuSf)#p{6eTdpNKKVefiT_ zf5PG*n?*r^W6a8-$d11i!o7l@qhW|@h0~w6Fv1jYL8NVq0^c1UWFyhN_3k8RVnzs;`1J{5(D3@oeJ`5?HF4EV7cm4v|8)WWGE);`+mz*)!gPk_VU6vQseqq!?}En z(Vp`@Bo^>7oL@tCt#^76g_-b-0hP>Sa?=#9V0VO3;SSQNd6TGVe=tM|_S4O#%{rUw zY&^mlv$+PTMU9iqGXUmTbiMBwegf_)4EHMFO2G+sn*+yT+u&p7EO1*9%o;eu71P+p zvlD1g0oNR%E16o1gD`D5?kO_o!)zIq9W4e*V}QZ7hcX zBcfYWvh+=Vc%o@zrXU9*VPgba0CokZ$M^IuT@a;5J)_+>lm_X`wUUWSJ@!;L9A(c# zPDK4QJq(9o%HwxM_>ud?C~cLI&^r3m;i2+^9Gn?XX&9_@ud`-norV2qpN~o-IWSz` zcy8C^fOsh8?=H3r2MTSKLsc{J9nvzNVl5ual7_2i8(a^;y_cCwmfB&?R~HJpja&_+ z1yHPEw&nxBSp)pl$Q=WH|Hs@B*W$6bj{atSty~rL;5JR8LnV5x&)$jT2hnr(yJu}x zwnz{q^VyANFEa;>)48L$rqKf|!8SwF_hDta$G9w*ii)Uc{*b9%JPz)Lcc(h(YzN;e4JV>8WG~qw+jcusWw&zPW(At?h4oM_?jQ zY*4W5Af=zIOU?)}t|2djyY7`8qK$cBZWOx-5640Q zcTGoURmN8BwbFKopG1QlkYv-91>X$Rm&uB1I4E_vcULX3jx!_^$&6CuZGJ2Kas5qb zuD@l{EmszM=&{>zOx;bjF$xT*TD-(cgiuBHH)eSS$Gk)Ke^#AJW}$y!!x@th{PmixOA#@d^HDkJ_Aa@At0?cDW%9OHHnccaU9 z3&nQ>%?TtU!+T=t)!`HxHIsbMme;5!OxkdyCa;O@g2O-@uq|K7DMbtRHhSR3$1}@0 z<5C!avZyB7xAZXskM8@xj5NZuwExLCx8SsYp(d5j{%vaAHTK%{5JRR_xz@hq_TAa@ zuq^@1uSBm`VW;0K`aqI!mQI$qKNKQBE`4_^NOxZr20MCW*Ga9u$cY@^J<_c+jGNW+boIJ~D*?EGrrdAV!v6 zUBgFz)}p4swcWH`r2J>04`Nsu@8}Rz^hBaC zuR%0PNU{wQ?J^-Ob(?g^B?+R?H78Z!Mn78J(tUvdTbCSNJvl2j{Jf_p-m7k!7Cjh!<=UKIttXYJ%gKxaN7{H@~5jp+EuqDK-LV(jwfF4|X zn?-x2kemU7kP;Qitzx>IE>bZy^Blli@}2X^lmph+iiDjI#6i*w#jN^V|d zUaH2cLNk(q?Sp&(fAud`W4}bAJE_YR`-=AR7lGKvxc{I!>bs=Cf8giD?xQTCkE-MM&eQra?^|frtqs$VR{jP+7N`9Wd|8 zf90oPml*8r=ILoIF~&L?=?n1B0Kigt@J)ETc`gX_yA15tGp%;eggdV{2TbDwg5O*2 zR2tvzUH0b}6ocxzUCF%Hl)eD@Nh9|Jh~3NW%9Jt$iD~XxC%~N(4-6S_z{{0PJp$wv zm;F(MzC$+gM`$TuL*#64%LxV5BS3qb+^ zKvMp3AeRxzl3BZ0PkWfD@hq4*A5F`PN*rL$qxz%a^Q!VjeVz#l&GeEZu(&Pc8fPL9oYy>2P*5fcsr&8V>&~{pfqJ#l{mp3D6qA^c-3?* z>OF>Ayjyq@exNcc(g%KU9b_-C-3nJ@*WHM+kU(mfyG6InKE^*K;JYQAe~MD}YDpXJ zI%qpm7eyV`Q?MDR&;cqx4x53ltn(!VVnh=2D3RnmN+b;r5*d#XAw;yRyot@oMqo2g zS+~ktu^D$?uMw5U#NNoxggez|=}&h;x3??m`l)+K#RY=xnvImf2UE55jN`5!*Kz3CfXk0sL%&f#W!zAgb3G8@fZl-Q{4NR zadIio84To^PTN|x{wQdbazHCZdgDFPj^7Etw`aCmDUuB>CDQsJ#BWHg170fY-`C@O zJ>??PZm!+xE%+7)?!L>8(WfaK&j0|?V{`TMV#azrO#v!$fT@mye{!HJ=VcJ&c^Q!^ zr7?_&V1yYb=fy#dD<9x(Y?MRO6Pl%;rVv5#Dl23}_*7YY( zJ9N+s@%kRX69(*Q4&G58l|9j4xiy0jaP}<-0F|a2ogGrGJh+g$4p(2YniB>*d)jpr z7uy1#1K@BakDBFre1?GsYX!_j;CzM0Zo<>$@jPEWa?ATB-Q@4BL_&(YArjHX&Mu!cWB4WCC$9v|lfR)We;%u^`L}Y#zVq#uzbh)< zm?T3b9bJ%K7q9-OOt<~8wbLSd01Ey{L%*)_jIbi+9%{vMlE-06nuw(=sk5@q6Z;-u zfALt%nCs^o-bT!igU=6v>4sF`vRJ`Q@-FKnoKezlC`o@DT_|%*J zQ=aCY;`a4!e@UO1Z~>&{&lhY)6xw&b`$&akwj9{sj3C4%AQz{ z&7Rxkd?s!SGpAFAZlXd5n9~S!#;sdio6|$PdR&*nio_Rp1y(})caE3?_E=ow6IK*8 zNyE4XWHBQ}P#1&+8Lg`%_g&MWa})ZJkAQxlvQF>Sf3~W{9#Anou#w8RhqN;S1!1E& zrcS^QFdLX;NI)ik9-ZOpU&I_2FJ8SC>5vB7Y@dTLX|}zX72y$YwyOklTRrai|Y; zMD{F;wyXUBbXP18EvO6QG;V8bqKKi zXn(D1AxB4NY`*RQW7vSZN&Ac-vV)_yZdJe&;TCrm(JC%;76cjB8=w}i%NoF zoF!X*gSZzsDTj8qiC3;yI@@|CS$B3sxl&4c?j9c}_g$ld;t@VC*l7lzez+N3&zS?; z?EV{(`VKe3Z$ZMgL7ioWTx_rsQwnj3g02ss>QeU*&M0(a$W6H6u?(#c1mb*N&a3(2Mfy(i zo>!0UvL=8~e-WUPZ@Nhab^#H?4UHo5)W8h$_<;ea$N}fV2vEnZTl}CnWkFYuJW3H6 zS~BEf`vM1Pbv1|RO^xWy^a|N+P_Rjw1aTNuB!5p57-U$NkfumTQk98c`TUoeW4AHE zCiw`k2`cN}ZR~>#P@fDHg9M&g8r#E%V)U!;?0D6iNGS}h&KNr+a(YGM5|MW{`A~Gd~AH<}pilC?xZt|6#E+aQ_F8K(Y3o7fja64TFcn)vB zFSyQkpXY*7>+7dG#OSdr-7{#K+_;P;b$^$wi~z_mi&=_vU3Wf-NgjQ3liW9Ui_m@1 z_m=W3$>DdY6H9tmFt$)Ep=6cVaeXzWf9_RNTntyce zWx>23{?j`fZcnkqT`31t{irLTXIfGM{{*Lr`r8+ME&c>&p6m|9K4PjLza;w(e30J# zAAh=o9sdVYwEJ~^Ipe>bz@NXsfP|et!`Ot0Cohhy+OHud?X=K-_(OleN;a=_-r4oP z^1Ia7_DJM6fMfnJ55i0B6LEX@z>py-)_Dp=2%u@wue>YQ!2>HL> zv3+a5vs~d5Q^j!eRNFnpba1XVN997Z?-bmyi7fN)4}Bqq9YW(bueL8Gyy{N5)v(DA z^H=s@&UnCl*4ZwHsq!g+6;$W|Z5{_$L09&ZCJ214$YJ7h=hJ5yDMK2NGR@;3KO>_l&n1i%&HQgk=J)BaW%<#)^bC>UTG{XieaezXOfMwje#gB^J1eS;C!NL-D zpo+)bih1}<1idwRTvWuQKe-BtnrZVw_<7bs+o6Ee@h9Jhrn|Gef3Z4>lAvrdl7>0u zQCtnRv#cg{Q}J^mD$_D{)Xq#eNj?Hjg37uL>FD9{sKlL&miiRM2G0bm9%u9E{NY8z zmP$1j0J6C+v+8jfTT<|$psl;TQXQsIyIzm)TW+~1Fu`?J`? z>5zwf9OS_zene(oZv71)yPiZ*yW`tCgrB9x6wzh%*g`uLfBc}k8ji4t50*DI@WCIQ zBk0b&KFp?d4FUfB0!og3k~`I(CyQSL%C?e{}uFE=Du2iJOfX5SZd z`$l$uuU6R?^b0b5;j(Xq``g)os;wa@v3(I>hByb$<9?7R1WpZ!1Qf&Xup z{}E*2zg?aOVt?ja&|m%|{Id`LiT>;df4P7^7W|Jvn*ZD7#o2{t+%Mc|zl6LOWDmr? z@ia+;CXX``)n!8BrpZYW`aVf$9aT{oM=7;C(S?bdDMsLCP+8|5Xj`@CI-bCs^yNO+ z=$+-46;}l*0Zo@bR|P76#LWQ!ugm`O^O<>R@4PW1S~V?EeB$fPCsE&h^+pzrt2y5l zxZiUL>nMC1-z>2)ap;T2w{=v+v8~@q(SO8>Df&o$nB=UEeA2KuBykisBnML2ByS2x z5a!IcS4;~N;Zux2_@J_GYqayaU=>qT?6ujZuuY34QQisxusQvIYPZ=(^~Ux9G_)y5 z58pEBCiVCs06`c77Zr??`!PQ=s@v$`H}_YuNXwYVbtj(RyM6_gQU1B>``7p0|LO7n z)kPbHZ>b*+Lv1SPX%_LW^;o&goK&;B>ili~r3lpdry%?OmDONJOEE zl@GRa&7%Sm^rh#2k?&U}H~%b6OA`BeOv)fkiC@=w1OFGecvdk2o`uS~&EE>o z!p+|{Pv&0Pi^x)GoRm?x?7w~i*Xu_H4z+uW~P)erKOuLI04)HmEt>~v06uN^D5jnn`DlSM6pRw0uCj^#o`|2}dj+ByV?l2Lq!r52No~10Oo&^^J5rBZhR0B`!;MKjM!AC`-g(kDrf&iX33DGX1{RCn$s78o=*?mK3JRHO zC`(ILkuc3*%n;?bQ>6t7V!zB;mDf>dPqr5(WU3eenL=gV`-&AZ<*r(x@?W&Ei_*O4 z%?F+uDvr&oC99!R|3Oat^z_Cdz3`3ZFX%ZIguDGrf6?Wh!quhvovdQ@AJOG2`Rmr) z=uI&KdV|WkEzt_S!M$xvOg9+} zbz^Zrf9t8#ZSOuyKD<7D6RH@yXI;M!BE)=N0$`31GlvU_`*UX1MIl%({h+<_cu2^i+>=fm~^?3=Od z1E&LxiV;AgTetY%)33)~O3-9c7Gwp<88Be7e}EDi`7q&+ru;OH{30yvR&QdUiV+wn zRMu_vRt(fF-wR(!Dx0Nk4?tl+Fa=}R91pU=bJ!9t_8Ed6M?w2S;>{;rHBqc~J0{{O z`-La+^dsrQJ9o|NsZ2^^SDa2&Lal-m<@ zx^;{H19drku)HTrRrEuD&x#}HYHC=YSraYUViTVX7;pZEYgITD*`of_(8l<7R?FZ1 zAf|1<{4!;;ht=abztTm2Cz~JqPtV_5FU|bK57MXLhcmUN`1G0jb@;;y65!|l1rM(2 z1Kh-V1}b|#?zyFe25<{0t?s|qmttH6CNKMR_0K;#8H}%H%@|U+<1wMbZd1iFT=YHA#++hmlc(MJef$B6bN>`1^?{__Edsv@Pix?b$$UY!<#oUe0%7(WnSq5D$(0lFpbFguxUTI z^_o}5Rq1p)L)=g7ETLImMs*aBD9C&g#|;e3tuvA)0S${LuBygP+f$gJ%0qCkaja7KZRZ>)RxLe1aG)byeYpBAl=}95J((z<(sK^1n(l}JH zOZ+Hb35=P@m&1QeX7d>l@VkMGmmdaRd9%m2>U@r9~AHKVyGf^;s2= zvS}b0&%&(au293QM@Q%z=u`ONRMp32U8-+gb>e+~b^Tfz0IvJ^CEmN?jO*MwgCX=oQ^`+9L*lY-CAXp>zkWaz9hK6Ee@!X9>s9Cq#1s7v zy}RCQ4Y?1AZUzp8dj2HXF2J){F9fT5|0{X5DckC3ZyPh35hTTk5IFqE%VXa)K4*9>EoP29wkTZ7qDyeovI=-{gNd#a>O3W--euI6sS& z#6cdAya;{b7fl?8MG{ALBuMB-=1y}u))SX??=&u=I=csI<*VCd62Q+yPoAwiX@`MX zU?Pd!z}!y?$u=Xh3!@3!bb`@4#LVnyY$h&pfSHXNI*6}K84sXJV0X!Y4inW<=jP3&_g?C9 zJr}^g1t_$n652!6*n_1yT5Fg>c{Fo9N40;Cw*ix`W`FF&;u>Nz*-if{ z_D#5wU=zYNu%l69xX1wtHVQT76#x67#_*R?Rx~ODpAo-lcq~F$MQ9apU!jW2I-o%n zM2%hdQ&aa(M~&gKZr!({##|{XOxT66l;BChcMCXCIKJP!0x}fyz}{}9QWo*gJq8p$ z`Xs@WEjNFV=e7pC*U;DXBX{S8d!RYqG-gu{YHongrJt^dHCcCZ0V;S}z?OM%gBjcj z99p>00VX#Jh~*Ujdzu{fQdk|QWf5hh2qMPA{~#wtm4+mbiinnel(ED*k1q5x)8tOC zl;g5)le1RJT@6^cxSC5RhBXbT+C4Q!p~;9>K9_%g*{MQ^=vF3$4gb2g)eg`fV8)O1 z+5EL?ir9onBG!Wf0BqKCa%oe|qOVNbZ;0 z&-Z5&?@YC$h#xO3P_c!8uy{Z4Z(_+~rt>p?-9LEz3i|r{p(^;(HEEKvEKZ1DH6@7? zZiRoj@8`r%cxXYxpeiDV0p_Lwo?h3-W!(mN(wI41Y-_}nn(HLmj%UNXM?G>%5&)=1 z|0{j`z5RSI1;qf#`OH>C)Zk-Hjm|&)nbqEpbOnbsTP~I`nOh#8=bwLkdyC+P@h7sH z+{x8^Av)&3`r9y!{VoRRFXuq+SjlGT3VJAA~#w3pNC z__(awUhE^;tcMl4=z1oyKE{wKJx+)JQ+M0Rp@g+}fB!}$r}tA=@>A=lDgTOr4&zsS zN0;99%Hz7A1_6D%7yU}c={4VFrZgFW^|*x+rk4uXKMc+i!+>=wgP5~=e|wGD*U^9V zcwFQF>l(#Z<`f^%zo$;QBTWi>6Mj|{L6g-aO^Tevb>WjDjskudaZfPylRBbSv}72V z_<&#pJ^+<!12N{0$}*KF_CXn4=}2FQtE&)BzXPe-_5J;rMZXL^?Mrg)53m(yiS5oMz*Z z@J=}5eg+a#kGn~1s^-JV-2nck?YGlr5AQ(GX=%bMa{!4*#k9bwA(@!PFZr#DeMi3s zn29`pTJXE!_c-tsiq54C0a?frH3(!6K))$`4?soSdq6M_{NNHlw(|SP_iuml{3Itt zte;5N)#N!iY8yabMix~yWmQG8I*Uo1*Eykn?2|l?gOu?jx5%x$X2UOO* z4OnTh2HtY}Uf?9jGF{MJcXB7cDB=}kSJ0K74Pxm2OTP5(=SHa4=TG{=@z975I}1RU zjD~y-%h;OqC6D3dKIeC10g~zrsZhFu!rY3zzucoI=-VuiquRa(30@ zZ!QT6KhD#P(9CBfZm3VnxM@hl(y$2gIIZn72ExEZZ3H7w8>p+wL=gldPz0##>-k=hxAx_f$|J(>EW&DpwygE5c^LOAx?B-%KO!?P!#=*% zcNo+ezq&1TfeIav;z~s5R3pYpt2SNv?CXeF+l7}*W8nr%0a+9 zHf9HI`r_xZmbzXp<{i5*s;;stMqGuMS+x5<{xrlCTgoYt7Fz>Br783_*sj2z;BGDt zB~%~KV2>TdBws(s6vto!Z;90KNgs=dg@$y;d7m-)QDa8mwA=^gukz&r?3sT*5s2yJ zptfZ_Zk5}wz={hjZ1990U&l@k!zB(dol%p+@Rf@^%bF;ONSG7>iCJEfJjw&YxU(NM ztPcFZadw&bhhPN$0hPUH6%Tt+m);6~kX<_W2DSgbu;-oSGH>}iT|&B8T+8E;8Jh}? zmky2rlH432&B5puUCJSMMS5LW`V&)4p6Fb-~*TV5oD4>psQaHd3tzSaZ8uq z{XV|+50+;?Xx;^-^_9YOtN6^|FHuCJ_t0Ik!7^h0L0^1>NyPYoWHRu=t?KR%y2Sf~ zuJZn1mU@5Ch2G&xw`yv|AI>J`o&DMW%cUM@fmDIfSJc!rs7vm!)>VIzkhqR>9@$rb z%BU;qH))lmjugBJ!w5#eFi=^C<-13$S#VFNv^Mxpl1NHU$6n9}c|d~Y^Z(Be6_ITd zex4ZDwR(}WbOjJ_I$zftAZLEA!5_>)yXQ9|K`wX@D80YX?w^uYLwe`?DG>16x5iGV zBQ1haBnVFNlL}M%#SeeOa)#WOEL!cf7_3*1gjSWNh+WR7h}B?kD(1&z5N8QtQNaK^ z;luSRQWsefrD<8!4y4#cD`(T#e(@9?|-@h4RmW1 zc1Ko?Ivp$!j01lQxWs>_JvrxlGFw*s%p=fe_W-D0J@HIrm`SaJvrP;SVh7m!io%4l zBuw}h9L3B+F9>$AgL#Sws*?6P2a!M@?1ODPy>Om`XgC zdTRwMe{%2L;kYWZOZ*>m??&HO6BcQfvWECv!J+r2CbSF#zJVu+A6I^rht`=a{QsG1 zKccpb$~x5EU0A;U<5xuYtrL>C9&4H-PAfAkKfl8InuV%o>uYwybYBU_e? zf9Y5EpYGni|LC1};uD@?s01E#zWcww=hwaQe`f4qzG@X3gFz#E+dW-)^%}?-y>``k zOx12Sv&CX4pxHgI?^w9v|LZdG3m(n3a91ij3zJ*S0Z*c20+9l|UEuzEfVpd`BUp}^ zX**HXQSHRKxFUr3N-nd;-mTTFPb@*-O40uUyDawFG$-Ci}n5a=cldQu#-P z4mfScRsPYH(<(2kvWbb{Y>HFAfJq}hiCB>-$|gILO=wpB!x5E#RMuf2u7N*@ZJ?$8 z4L7a#%|2eQx#nqu8N4)T%7l*Ujrn>|f1q1;tNGJrU;>{NR<(7Fk8fZ|kKP(Fg~M*x zs&J=Qy2EjmZggef|4Qn#A+$)jqg14nD_owCAaCMawCm?~ez4H2bcZ7<-KeZX;ZB-s zgNyAAa-sH%=mB;es~((QwhhOXZPAr!7H3tI_$0663V7mpoEXuDL`77W70t3LG7gt<q^{#b(bA5k-&07{893*tu%&5*eE-6cL{q8$BZL3EBkV!PUa@F+IcD19z*eL*2 zh#SAY=YlJMdr?8}^s;9chm}+7M86%NsrlcER%AFv-q?vuEwAm7HVF9~Cs&?NOM`yk{nGz*8}h{7Q% z>oC023WuoJUSE=%9HIuNRQph&1Jqy?RX4se&HSQD(-;Pq@EA5=F)3ISlQgRfKS+OR zo;LQ=JTmKM(TKVkDr;8*+mi167nR<(|K6{~X7-Lkg3U~r$dAD0GHf=gMWUAbjM!9Q zVjTbArT4RJN8Q~1Ca^()r$Fo4o3U>mdjd8XCRxVzt>3q~%e8y}d)s5R?5VIqUXgXy4iw)!A0igHLm=E-weca?wjNh0d`v_2x12&X#{NgTgH)Dl>OcPqm(LAJC^7kudI`Tcaez}@b!HqzG1@B4%NeOpR z=vCirz&DbOon`+dS^R$;nS^n}C`C0q5ivLHS{g=70NF|65(ZiO+}!FSsgtGr@siG5kn)-r0upJX(b8kwfxqY1E9ZaTCwb;-Bin@_{sPnqiJpv&-Sv3fb* z80)G&cCl;4o}7VdKE%zw*MDcZTaCsh097S1OF~kVG!j_VJYmpbZl6XFnbqQGM70=| zbsDy{UMzS|4={gj>>_U^0mZ+s=PL^QQA>eukU2oQ6d;35!!%-Q@0?w7yIgV6slkx( z^#lL@_;=b*2->*9zODI3%MDu0_4HbCG@@2~>lSyPo)XYEG~Nj}V|g{W8|o7quD8nK z5;466vs>(?{0Y8c3(4xnT`txucBQ-Ax~p{uvtA6A)eV1>R9vgz44ax5faiNQ+4+4a ze!n?a{I5KU+w{_(>2%H1oSNA8hbBRBFVC+({RBONAa|*FvcH1F#1qeXE9B(g|9mE{ za`u;r)bcwqd3y*JqC1E&GWrA(7orOCRp#;(rAECa=`*hkM{x zkgv>Gn!kVSFT!L#3r-mR4{?bzNby)db_1p$lvpnHY*_1cm~Yb#B9!MUg!hlYoIo;;Vn~0CFZ!U7z3He-S^4T%OJhikVMy z@402)jA%qEi5$hLm@)eD&g;$WDD?U_-i$#`k1k)ZWXRE7^{B)FTkkk{2D);^;)a%C zL*gjnCw-k1geJ5gQ62bE$oz=(FPwHv9iD4d?*zrZ8WoOQyD!*cUE9e`sxE7})K%#L75On3LY-k;1C27LgCvjLd zga&m^nz)H8#?myX9LZ`E0TPWsfS|HY{kDHBiYPPQG2Y2ZLGqh7=o6tp%_xj9?nF&w zP*mlPigGkm#%HEVD?T?7XkOpF^Cn^_k;hgQrd8OjS+weOBuF%_7u+R2BHi=UiY%P+ zSAp4?`zU~mht#be6GGJMJ&M8PW}WJN%lyoeH7Q+@(CvNeAu zd?gwIUqNM^reFoI0N>EW`?91>(^fLiy|2CJo#i@xenyYfQoJZD`XC$!K}rM|^at)v z{x*QvHwjckkoO1gRXd%2nNPeoFhOP|?B$$aqwf{}X~sQWDESTvoAXaSDG@L#2|lGa z{GO)s1^k_V`U~)epF@)){A=P}8{B^l@SBUxUw!;GgHL^u?(Q8jgW*TZE3uY#PREKw z@nlU~I{`9)9M=r4@y1=u~t zEQs=ehZ4{@L*jr^QUqB{!nBB^rpcji#=aMrh?-~wq6U?9Ql#2eop`Tk_3M9nftWwa zl+UIM-Q6OqsGH1SeVf35pOEY5lN3Akj;H2FMGi2naozSV@e_H0)k!B_*FHMnZ3>iQ zGOu@*_Z33$454!>LT4U369}G(h@RD%XjS#tL=D9wP(!G!Q`K#&8gtVeoWST+ZZ@VX z@0obf^X5si%a7bsfvL>=w{L%5g}r$U)0P#8#yE#Wgx#$KWNk(l-Qygv#q+6me*N2Z z1;4t0=xRlOWo9K(@M9{uPRRj5rIL}v`~55&d0+kg><0F|930y{x{?P@-0OH0-DFfu z71$!g+;7zA>$IJisF2&N<8gQ%bmhnoY1r_@g6r~BN3K)MYm{v3l?J0oR z#Ph@>@I0uj%P+JoYQa~cVk%BrwNFfxV!bE2;`iS5DC2#DG5a|!L%#;5Imgq)qap|B z%?J?9on_@XtfMUC?gNczM&hJyNZB+g34$zQ8IQLMW-k)OCfFh#0k%M8-5aYFZD9dp zqJnS4%wCDOs(Y^W?J|i^ZCDg7UV&lCP`$k9mFO!BOZT&%|K;wreWK1HeO-N zQpyj|Q|xN?e6@mPs&1^471!B({u@)&sle3@^9jJ>Ab;}&C3ck;SkJ6{@#uY^r2$mp z0OcOnGLEiH<07b=DkcT6?#5vdai2NJ2xE<3#6?rYshv|HHbDUK2oL}&>+}m;P2=`G z9_<~M{<0?Q5&3_3*$57MFb@*N_Nn5;RyJ@#queHSfmEeifZ;vP`IdaS^BdW6-t~j& z^k56!_S5P1JSnJnvit5JbMm**bR>#nBAu&m`OE|jU3xbwZ?Rsf4kXDv*^hVS#vo>R z^|BN06IE25C@ebWvHSRaraZzkWch z$u_xOD)3K>8q`yzZb41OBS>F`o6lOP-cXuYi_gpOlyBaGKn9{Y=!w>owqdw{8jLE< zuH)C_Coz9m=aN0FVe-rZynE<&K~(RQR(w?G0M#2e+}_$hTh~ z>91g~C9VTO8A0l>p*))4PD_!}n#6hR=MBq%GQw^bW+6HrQHVxmop#}33P214Ur#w5 z28cm4`q2(X8})ay$t-sZTXaPi%xp9{zoj4Oh3tQ6(jhARY9Mbma1q?@mP~+K7#vrN zmkBUELz!EaI+`Wx9!*vP%x3&`;}hIp6whx>vu_ z2P0-~r_d~*LI+sfxZ=7?d{mi1eW%b$@%xt=(03Ln&UKPN(^1TL*pwGlMJj`H-ENU) zg*_foVMk@17U`ylFv<-|c@ewBE+wXMgP(u)7OJD29#$ac5x`?z?*H2wW)Z;QMLXz= zVRauD^$`zvho1U!^`u0-&LxrB0 zWOwJ`QNMkdxxNYp1Bq!1aO3M4-vy>GgYoY?Bxc&!tF$DHPcO~K<4W@`@e{i;q~$uY z*(1F8+O%+{-=dy0dZamHZz@!T^`wNRrnoK=QYLXlGJ~+*Zq85rS}oAZc{m_l7FUdyTugd z`l`i-D^oBvG1YMhLpMBIIFWZM(a;3@- z!YMTyt_k19_*QqN-Z^}PzjmTtJN!6n7vewi3n1zXAm$fvRZ_CJ3i2r0X>->WiN3%@ zF({K5U|?~W7Nm%phU5l=vfUz05I`~l1c1sqEz(Wuf#oJq(NEIX<6h;zbC*&~gcnYs zwj==$Q$^Rl$B$`Ru~p6eQuL&Nj=o4=()_#_feOds%jRI&K8o}JBJA}LVa%vb;paew z4lt^5&;oSj3?Rw?P)-4$95*@F#)Q^HV3ZYh(XNdqv>+J)EkI>I4N(B1j=u|+XnqB0 z7*_DsTOQV|mW*8i^ZC{FGjvRlTeY8mVVCKC1touDTb0Kt_n#fmMttS9+?+qNt_31_ zuD_o}%wfa{eb?4zB0v*<%~n8C>D=AVU&{vIiT9?*Ln_~lAKd1AWbRD!o2ceodtWY8 zG^F~z_uNL!nsz3+$t17kbxmbc`8(ZBGUVC=dM(AfeL_r?tlDn))4rU&hVh7C zMFjHv^NUBIT&o1Np}dt&&n}&>rOB7N8E1bwe`u?nc!)dS3?=kKUx3xBPKP8Ucvvzc{bxw0zCSX!1ji@h&{vZyUM~U(b{?SwF?R=9L<)n~%WiZgW+EAZnLuTo z!HE?!fg{>bIaR8q4+3Wdu$z**X{vp#1{)C?Eoe3+8dboPmq2A{FbZkzPlZ$(zCM3d z(t3i1w|?q9@NcTroCl|&@*-6L)XoH_L~Vt}p$}v=n$y7)$v7~DOZ+IKp)gAJH%7$! zA(Ft9l^v6>;-2U~I13Lv1FV8X2N zXov+wfd_Tw^V2}?*2RV9hbFeJ1|Lz2*(RZZ3SQRFxtOdv!u0tkW1x&t69 z5<&(*?i{k0UV#N$e{KdQ`XCvBK0syN8>kz8V9x_!@^8Oa({(Kn)l#8#OK;Oo*+%rh zzVrBLCGe&E1bpCuVkay3{77q`+vQr2HS!(RyP3f?RWS1e?0eIiyI@p!UnWX`Ux#1r z3HlL5_PCGq`@4ANU;2D0vuaRKm8UGU+c0jC)4s8X!D9%(e*nDwt!^RJ{@80#CqFLk z@M$a8ChDxAfJxpyVLU|2$3I{C(47P}O&Yd``_`csimOj>#|-+tST}*w%j)U4f3X)XaoZ;FS4#f6P~>IXRTJeyl9tl$ z%FrLefN)C`*ARop?j(w;q*n78BN8`$P0Bj)N$LlFQ&+4CT?TK~`O^_~epJ?#*tIQs zaNv$!e&Woll@|uJZ<4$53`-B!D;{i)u7EzicE|QkiEb^x#iu|aoz3ymRa%^5N5-qR7acU0DSTDS=bpuOhJ-94iJ7D@ux?zehh&N{dh z^h4`EKrsi1h&q-9R+lv-?w!qIUQne!$9@~8ZCjJT%T(>$#4y0zXb->oH=yff9Zik^*~$; zumQF(xNXIW+W&kZbI{^iVqB+ez+>MlCZTSv(Y#<}a&#iSU3&9xGx4bZ>_LkUtk*sR zu3@-wIn^9CzLGh~{n6KAHN4Yd3h6kQf=m4GV|du>pkbcmO_r0uPf8y4B_Sy@T9Bml zn>db&ERIUM;hClWbVR8iU6pkfY;CJ@7xwjM!~77-!)xyqm7Q`A(|HLTl>8drg0ZE_ zqzL?tI(ge?K;XzxicIw(FmALM?-L{D(pIm;JJr62D~PozC4t#w`gFuCE&(yOvF@ z{7JtomlcQwDu1@(RqnoCTPl#K?9EDtCc{W>a5p3`F+>>r!u_7LoxBnZ9Q=10e*gdd zzcQVL>@6=qQo1U{mm*z-USATYrbpn@kc zg%~@lV**WpnsvsmpeB+e9f2f4Wu1<(6-Z(n&p%(^A%9wmT>%_pwHdcK7NesAk|mxu4hnJalIhlHfp51za9ewKbQ z3>;D}fFytYCirB_2bkkHh6|UtdoGM7p!r5;=D!Io`HM%6VduPw!%tzplsJL6 zvA`QgqdfRtaiyppzs%Ktl`{rcU-6?)3?!7{pgfx$=wI|9`1Vp(Ssjupih=$uWF&8b znxBa*s&Yn~s&br(CLkvr0mwmRom-9-k0XvmOMfunMCA-q$aE9F_JhSC2uF42o%3b7 zi~fkzTZKrkwN1}h3ZD}30(Z6ROZnrD%u?L0_#EsS{m>{FjVGB#`^yLp5TFhfo;}|h z&U&*KA&Xje*h4(%lb_9@MM1F;z_liNHxa2!0f{^7yoYsLi!$}lKMigzKljBJwb3o7 zQhx&5TNbwMoI>b<3LUWRj3e}Li60vo03l0HD4@bD(m<=PC}zPKa4aDJC16eTdY@NUAP0XniCPe>p0zHwbwh;eILUYz{pqA-;{e(VS;a)3gQ1Aj5O#E(+wn!$@C?Sjy{UIJ)r_8`dOjzuqiu)Gq> zl<>aM`BEj2t`_1;zWH=5?+3<&!*Af7 z>B}!r=3G7MUjxSf2QL`>d-|LA1K&hDcD{LmiFbC#BS^vfaW=7CYr@03C4Ubu&(Ho< zkc6C{>EHY!q~yo>^(JR<)eHDvb%lM6gtAkRyM^>A;J2o)&7b}c9$cBf1^DoV`b=ni z#-uL+<_sY~e?xL`=$EB(T}#UzI2;vAZbfxZ*iJE61KzVn#Kvup(N43%~IBQE3_ zvhQGG!;B0;=m+}@>_JjNA%B{G^Vx$B$a=Y%zTdyrkCwG8JI?8dv1}Y-%q4z2U!FcW zH=$z4JW2Gyk$pv>Z#(Y{*-J!MuQYcfsBahQV_=!x`ss--fnvOxuc3B(0R#=3ZN7+M zVRx(A@e2Zcw~(|`j%lWseq`+&M#dM7hj;Tw-t&FK^L_c*XbCuY#heSCI0t0&hIR*B#A3Q^h$u~ zmBfBllOhTe0=$(PiDp-16K$4_K%1emPDQq&%~Zr{Ys;Cjy0w{I|juuKpe z45i|lP1%DWVc|Q=jDM}vuqC;^NKL_rz3oqlsE>Vbfqz1O+{j0p^C>UA>y_B)I%9bX z`FHPmK3zY-5cBEOYq;kC*(ZB~VKxahQjYSYkvBIDc2Sv%8)R*C3_e$nv&RYrFG%1>O@|aux3YkBSK9tpfP6u3N;{aDK@go}TBy8Ql zSsmyv9zymq_kMLTr(nRWp~{Wlf+&G)%0+4%t(XT&U0id&D>-mrGpl5#T%ZxQ%*V zbyxR4efsqA^Os*S^D}aA$eeBA{u)VxN?(@L^z3 zM2aShNPiQtx@_{gibBVEX+n;&5s)KP)?r+IQ($IIux)JHwvCBx8xz}h^2PSVw(W^I zu{rU?wt2t*o~LtO_I~T`UEN*1dsWq1IvxQ8{jS}5cabmC1TbkiA&7I6xKcFwGa=_P zdLi*7TVNC{pJ?HgM)(%ZbAk=wRuUScl|O#QscFPg|E(}E!g7N1L;})DLdFg;0^N%c zzMh`tUPmFt~-}Y#0rrOXO z;m!X0l}dRC6TBtZLqlSi_6@P^8kD_LZB7PgGf8fw+yk`l?ACii>~-U7DQZ|)3L}8D z{vjm7JRPk3#=NW8#fmjqP!p;&3D5|+ngnx~IV<%i7$A&tT?!`YLFCak?KN62es`^ zLarS_fC3Z4kc@eqsXAYu=}*pv$?<~#gHCPDZ)>BZ-lqNw>9a8tkUD+Quhy;df`XNh!Rv9#EGE}Z zqI_U@RKKTsZVZ-ZBNUcOd51KZej1Y((Vnr8n!^B*i9J2emQ#G^g^}(vQoGZkm%5V+ zwki4rg2=qh=yjHbcqxz_2EYdZr4Ihw#~eL`SGHt7zj|mgAARtnhRc<2>1(>Z@m&kR z=ANpo8THpxl*D<@>a|zzd^EhJ*G|G7i>7!%D7^0H@u}tDe@^asK1`MQTkahR2Tc>Y z4|*=O`7G_=l@z8@mmIN0^~ywboe7Yc3H=Czhr|3~B!mZD>=Ko)4)DB;xU8bGB}>IC zD2N7?svLGUfPPCWqKi_+V?|2|q&4!Ej4mmnkk$7h3DIX5a2z$ z1Yv=|$T;FYi6GN0pcs0R!?te02+nVkqILI@@iEhG&s?eTze+`Sj1}e2=dxoJT#ztH z6)Bt1#{z+&8#3pua3M0jji7t`SqPqs=rO230Vb5Mek*0LW)T^EDAMul8nXVEV!44Q z#C{0OLvmpWpo5ZYY%%Pa1|GL5eJ=rs-vZ7f`6jLVSUeXh9tdMMv1=qIh zfQIF+V!q^ILZQ3Q5IcnGjklKdKjDmU8-m36#7Z=>~!{)J*5t8-&kWG=~J7BI%& z9-W)^92>a0ef-h-gcX#btt}4LL@JYXdD6-n!v_gK2m^8kIq&x?12Jq|ZjLA5#e{78 zrjZEbNt1!7pJ_&nI&CR;4F6PRQ12xEZ(EmBke_nls|V>9zH1PO1;SF#VGKon@z1ae z8k#jZXA_h$!NGX6Bz_CfAle2Whem%X)&T=x!8$hGxyLs$`I#sehTC7-T8Ng8zqTiX zz0d#y1QzeBbL0|(1=_@My((}p*+D`%ZH_oqGn=L=cZ+0+H23C!C0{3tbO0Y((LW+K_7OHj&! zn$cyr(O&T#>dSxCWH3yT7$#sDI4FICo`72pGhe7xwS)yO`ad8_8yU1DwIISuAQ?VE zOZt@5uw(vci|=av(m=PAC4>|UtY6G&7VU!is37lbxB>L@kKtBF6%-wXgS6}xTz=Y8 ze%fjrlN7zL!7scB)xCR*?vXeedB{nMW2a{!Td(?~52PdrvlRYUM-ZIhwAFqOpxpBR zFu9=|U}CE7j}{<)*r{o*+I8T;htirme;L*6x#m$%q~H;Y9ltS{F7(&+iueC54I=m# z?r!7b0$Llx)|}P5BNRkf$I`xF)|yvFF@o!Gzd!-Fv0{Hg_zH*^9Gc^)Qz)T1Repq~ z&~opvDC|=hJEJ?E-?VXNqEz?+ARypUB`k`1TbbKMe4-OHB$!F%WfyYoP~HUx36|oL zehwunPW$>HrMU%7p&1 zs5D_|E#=k^^x{u)IsI6pBZh8siTXCR1E*P`Q>fyfl#u15+C0Oh9sF@@X@`ZWf`_fL z&!etTqag@p3oK?uUJm)EIi?vnzQZvA!_{0iNaMKi_pR%>Asj2?_r)N%ZBm;+5;DC# zYOF|rZg#YlwI%&{gxg;xK;HhOM(c|NOMd;yV$r=>5vJY5s2xO?bxd4Ny!XVYai0Dj z@bR{{PacN4KS+ghh}<9d4_LQ4Wn#ii`6Q-$;4FJaAx$Ag4aqiK74MhNm$S)s!5c9M z@dJ}QP_d#$AjVp6A=61X?2)AEzYMnQ@=hQd z?Bs$gD1^GoU2HY^C<(5XL4}}I;D(23Mc~UcFGZc18TB#tIHbp2IUB+4%=Oidp}bj= z`dzeuK&|E5M;3jrO0V=a=oqbbG`fsS+H`ocPv5^H#}zEjB2kA$M#=unD+c;won&gA zq$CO%FtnkyzfFLt7hcWb*b$LriN>DkJ{D)O5tvOBx){F1w!>J2KJi)-tl;K;{`QM( z<+QlJ83wd<7MlCL0sSuUC(E~&gqXa-Qj)^*z;?M6(8R5Ee&HQe|8dujKJp&?8AD^D zur(ZIip*(@KLWD`MQ1yov}0O_?SooNi7(dUGyK4^WeX^BdH2^ysgF8Eh(>F?WGEM7 zjYd_D1!l@&+S_1Z`O)864-qa_QF&{=4m%DORV-HA>Nu?8HLn=PRy+d3W807$MLmDC z(F7~HRq;XH*{S*~O_eXWpV_c_mKQyI-sI)&<1JA|fQjE(sI9laX1%p7%?;R9r5cup zm#DoD0O=GHKvC5&SZj038m6ftSJt8vV3uv_A6<{D#%dTzgj7ws;v;(-hlfHLxj$5f zLKXM0UTt0o-+>7fqFPN??B&>=F{mS3z?LAUGDHw2LL6B)_7x}3;Dzp`KuI|w% z>ewta8gW!K#LaW*OquDvPFF;(gD3FcV<)%(m!e4;?uSb4KZ*(7M50fpXb+HpzUBve zk*t@cPNuDzdYQXo@DI2G=rWQP3*2#+v@~N~XbGFybPNm7IvkZiG4tFXrnP;%?YKZD zlK4MkGJ`dm*kP;+OnL~K5oqB@F}(s|_`2mWtEb^U zr-JnFR=#gMl3~`9WGv{T;i~yu36AJyx|(XZ@J?aD> zgutbZLFLA7=V((b~qwEQ6IG%{IDJPbKQ5vOxJb$PpEcN*|o z^}|opw^eQn7ZPR7Jcrvxi>x!&__esWGt%+UF8ASthl7*FV(1nOPj&yv(BuplC_vWd za9`nYm$$)lqAmkb{i505&_Fzpb54Z_axaheBX30%%BjljsFCBVt=?OYiow+ALL|1|Hz+J82gH_;!f91(qRWAunF zCa>_@LB6k%4za4w+e;X3pCSP~y)xm69ZTg%aTc~9$>hBoV>VaZg-q3z2UV7rmuEQZ zwCCxvPm58VD78lpb}meby|m(7jYyNwLHd8b4GEM*P;+qXi7Fz)VJi%k*?mw^%P6}d zR~dm8>f1}}P`Uq_r?GaiO*cG^9+pP|Ly!5v{6e)#KyqO7EzDe>E_+6Wq+6f}f%%*aS^966YDC zXtsHC=&DtqG!F+S8QKEv`2ILv92#l4xOo=%J&}MlQoO|4l4KKH?u4bhzG}j_OFS#s z{r++_lzp6nBp*q*C`u0So3CN(6>(m`_TF~Me7%j)3bj#H!Vn*4qxU9bcD%#Gj+T|K zeMq0e&cqIr$%FVCXam(|qnIGG*fdnd%S@v%No?7j^;xLDe8)qL>@kcQPc&8O^lN{H z=ErA=(riu?!|V{5IT^g@vS^O4$iN;QZ8Dj(1ksNTJjls8&Dc|bv!$+wHfv6hr7kfP z)dj|$;ti+S(?3wW9?}8kFF$kahtJnfn`YJg!W0Y9gG?;ELXKv#*@vmrQTF^})X5@q zs`>~OAb(_)cJDzcj0rO_$vkXYQZ2_K`D{xKy53&SLgRpn>NN%>_ipNU%X-QqcdK{i zl=vu(r}3|KeJgQ5qe-nOMlK?%HIpt8-lEc5!Umf6INz=XX~9^fT=+=_rCmuh1hmX` z{LRl8@OW}+ZTsj)P+ELFmMAhFN=~4pNe*yK1I<JS9+QQ$}D8%F?k0T`u8q>R}TG#uRvbT&5H z8-M&TshY<52_e6)?tXM-c#?3#>(GzAKq5HV+EO=Cp|0SS`_c8-G7sw3THQ~CZ&9P- zvIm2jtLxG`vi$&KhEWtQvg(*HpRy?v(Xo6iJY%e8S!<|~IGvNC*e3)!F6JxZjIYxe z=Ipl(-4sAOnBG&5Rkir7uL=HbZD9!C!w~Z#!yTIAcrwBp-nf7GEgSP18xuMa)1fuz z#MYmrwLh!^=faanIHSsOvFB~_mL=`mW_@l8Rt+Y$h)i3*o0%i}E>{4M&H-m=6&Fc3}! zCOT!EM*=7`vg_}5`dxh|0ci82rR?s?+27}$NKvRqJjH0oA*L40O7|r2kS*bf5w1wA zGYl{p-P4Cj#4x=F;O%WoZDFUhxVj$wSes!?CAi8atGcs*?XTY*%-MX62H^ElN~iP# zK@EUEU$In3U`1@_A&jM?ER9?_6#eR*c0SX#b7n;-9Jg)8tPbGxIkZwv?5npd9k>PGY(WBwUhyR zOnyJ7_s7rq={|Z(#gCv-;j`Oj{LL? zm;&a?+hz)!MD2<#LZJCe=F<6gIp|45IXI zVd02#+37F@XaIttS|45`y*u~9T7jy-m;mHWpsZt4vV_WSGh=Ot*oe%Ct&h8chd`Na zdk>GNx$GnX3UlbGnam%4ukZOVzlw)DXQ=wHkz?|O#~W=t4X;}S#+Z#)S4aWZ;+65X z#|9sIqx=tLBGIvPe{~otLiQ3CbT9`@-t1XBnymkfGVcZXhhe|d#8bcZtPv=ED^H@| zr!SX%1Ta?l`v-O$vfl^MFT-OYv6=yOH}zh^6#lNQ#m46&ze4}U4FJUdz2(g@d=qkE zRT|eS+=lr2n++-GUzl0+5E}}xSGz7n(J_GXo=Jl=iw1`&joGvWsl*5tQxc{|;J&$# zZ{#Ldlb=9ZYhzdVIE_fxlIqbD+%Uv7ep$+hraXw8-919q>T92PLTKq~$B;!^I{c7Z`E0%meL5e2dj|G^&q{TD zp2nw3mtA)1rA9x`>GYA3-pJ2!9t>FBT{ zVwm`_>7Y`)i)J6vjUeE8Y%7hz>XH2)ymf4EIs`-PFPw=|Q!GmZA`8&AI48Z5T#{!C ziZPkLpfPS1qwoGHW3}mkscEtL28-ow<}SpS4cT;7a%s&GN$ zHFXgOfd+w9{H}YPoQ!3h!=jmizp5gbE|rR=8F_$b3+E!F=x_Y19b$s(k>^ig3^H>f z7OaS%^rjRk();AOm<5uGJEvU)n_}>8+!GL0kAAwGxxiok(Jb%)n?z!-;^d zc^Gn_FVr8|-7HT{z|N1n0q6BxB>o$V+f1Zrq2R-h$c1jXZMJ0%oZdJoJoralapf2D z)KG?-y~y!*JWGB6wj5MW#1|X=klkrGr7suVV0KV6i8*wvdB)zouDTQ024a}PSW>}{ zGV_X)&Yv01&d^r)7FIKG@EFeXgy2CGvLV0^A5KV#-}NqLHe zoPK-NW_|9`B1!a3$k-Iz@~FaV>@7~${ZYGD?OHCTm9$O*pssKubFfl4)F20sWtp0N zJK2TJ$7~scdqiSzdn86J<5M9cFzbS9o-yacevUN1tFlzWTAKIKhEB)iG+)M$-1`YB z!pfBzkRqd7%`tekpuxfHQJCwTYQ;)9qmFbVEY9U>-P?hLbAtzpOdx4jp$8VWwdVDp zS;!)~GR_(S+9M<9Kz@#OpPk37JKk(QBi}*WQTEL&_pr$Pv^EOWF%((LVneZ^L;}x5 z%D*`ppbj4Tm4(uR>hG-da@Bz$g|L2p=uVCggP1j;?Tmx{um?J+Eh6#%FIp5 zJs!($K;jBmB@=qOCw??y_l*Szv-Dq3F=sI56A%#CZeRoM9B4kdBNEFgtDFl%$COfO8Uvo+hFf*lc}k{b5V*L#zJL?rt~$ z)Ke)-`5{EqB^({AeB`|r_FsD(7>@>DQc7Y;1cg5urb%W-ML|=Z4X#+1lPQ7&#_|@& z{PF+(n-%s*Y;qv?RH$?mE-C%hB(y@sU%u{NMFvN5+tALrS+D-Aoaz>ih=Qj^dH|SU z0uKUG{pA;~3*?lwGV@)msKBGUFYv#0s5j!x6Fo;r8oR&ZnMNtolRbI5SL$VF(K+_} z`+a?2+)6VWHY>)co~>EqomylVu20CkKrT) zQ=(hrgb&6XV(E8W&W3xvu#*s#TmS+;c}a;h2~5P_(h1Hd%oJGf0!N@qqquOy{GnV0 zMv*zn6*{x+KP4V=m_&15R(-r3? z#pl2B^!OJ@-np(aD21Q;ecuT-^-25EpF7LXIL&LMUB0Wj@K)8&dqtOG-gT?bVSks@ z+Z}t}PiK&K4wY`0YbA-vSCz74i=t#+H5#js<0d|( zCuxmw%tflGYyj=(IS{Og=Tu_ez&$dQ5n+Ub#vL9c>12lU+S%(5D0I?JL=8@_-x2tQ zbTL=vu@vvJP!`hwb*2F`i|k4iT2r%^5|%`xV=z{XNp=O|gnf{-foC@tECk*n3|zY* z=q*p=hXO68>hDzGu5Hla^wLMjO1LugE`&nyv8?Ln+!&@J^w`rDJBzYq>UY559n z*|TC629MmtTTuin^KFn7;Zn$-oKzeDRw~>rGI<2DQ`vt4Vdc~5x=R0SkqS9*L6*E! z?;$DIb^;Dc_L{%SK#Lo`IqT{3~O`(bVxgi1V8bUJh~b}Q+*W7 zpG!8xm<-k5v1sG~{1rhMxW;Gq!iZvf3G{C-Iu7QSh|+y-Fa7&dnLfDIgX}^KqDN9; zv!cw^IM3CTZlp@l4QR#($aY3t`~&%*O2C6;${SAzg7&F%yLDoWZke@1t9?nb-Jt$# z>r52L?$`^cS9GCFiLJj2d4QOc`l2v%G=1u4S?zCV8WeU)z%^%VpXCG#^N7JWqm^4X zeEO~H#jN*1o%H;s)tmOqAKdX)zBm3j+|(m3<%zK1Q((s*)%Su|_Al{c=Si-|53|91 z=u8|mfc^()+q%YMzdC8jrujcIcZf4vP{5_FUx_=jWjOv>9AQBbrgjboS0G#==*?_4+|`Jj@d!2gk*X$c{-kI)BidcV>b z%vZ49AYW_$KYv70@$7w~d%(4OmsM730Jj&T*|TuvFeYHSZ0Nl~K4sP0;f`JbuSMGR zAgHc>@Qxy!ZTleV;DS2&+rqddzL$XXx_@{)pF8zWKCE#z@3GZ1{}M?8X(0U(sn!p@ z;ICaOS28D?OS|1Y4-1@XX+VS)3{bBiBlIHt!>!dAqh+ry*hTAo6(l1@(VKZjCpx;% z0U?5gD_TBctY*IqQ}18c2+a>>#c&a$5G%Ny#Wa@2 zQ>D;wi?Vsozl~%vBUzAt(GZVGKyj&3Wdx;=nr{(}ah6^NG4*$ngqP~b%42;mOA;YS zElnidcMqF&u^I7u;1m7e53gw$_EiJdg1tcT^K|&&et0?dCr!gIq!q=3^4rq^?+!HV z{)jEzd|7n4m0?op37+-Tf13fMcQ}I{NY*VT24nSSmW*n;F*|8mMTDVjRjF_`Ajj}+ zTb*GahGapBVN1eA8+!^Emk^$7^ki305?O@eh!v;B{zInGyoR~!*LyHvhvL^`>%%09 zo}<+HdU0udArBB?HZ)-N3K1hZ*yDP~+O9xy$vQ@!M1C)QT`G)Rf=>s)lZA!_mTzghwoa5uv`*r@-sNxa~G1GZfFl_Qo8)S0*huYQUh~pDZxZNv6`l zDK{tRf_DSQ7ZDe{!s+8c6gkLhx=x=1M^%g96P zc!BJ3$AkF^%kbnz)NOD%{C&Ukefa&-2Yh^7?}qC2(n!>XEHgi1 zH(KlF2OX$*v4EEZpQ_YhKYv;P`iB2S z1ROKXvJ+NfPKnt7SB%gH&dyL<*YfJJ?wD=0^ABXMm`86G&fg&T@(P1#_>Xai5l0f9 zPf#~(>c90$Z{A0qW0tFYs8apmjd?2R)}&ePCW=AYEzXY^7gQheyLc~%ukHOlzdvYPIpND>3cz*QI5N=q9DoQ>s9Su2>PC^y5C9-mm_UoQy z%hWJZpv!n7Q#fwxUsnD{e)n3v7PCjgm>F4=5~hLGFon$S9Rklkdq1gfu(yfjFti_x zd&2|#wEzs}-tcS;Zd@QDrjtPXmM(Cezdd2a);1{-R8MQoUudA12{MG4CwaX?f63gRa``{Uw%)HlrK`#y#TOu%3m)pk>rjK?QKUKxm*2gA+u%_ zpAQ3{-!Qdx4+j|%tS62);@e^@rwcnmY;nSaSV+o?grA*6dNHS6z4Y3s$@RxEswjZR z2zw?p2LT$f@8g+aGf_j<5N-e!ai&%tb21#+Y$`t~#H8{Ya$gF->@IQ_)BK|A?;9At zG5}`^1S7c#{A&o7<^puy-g57TbSY3OaHAF~4PQKmu1h&9;K&M@6wY5_5v61WB^4p> z`4KUY=eDm`4dDsFB~b)U?qr8Z4!8`HYNtD`m!Pno=m)lcQ9BzwjI~``5lCQ!dB2e?z(uTd zqHBBZob-worLq54@Suk~EXkO?Sk@SnCSHu5dPFWAdd1`7cn=Z1$F~0m-qWhhw>UFF z+jq6+YChI%U7(~NVxLIDaGkAi1EacO>Bh0q0#DuTGF{jLQIc!$hH0NQz~ zgO!qYqp9Yg3oUF1rQh}>BjSmN(DzqD7C8j1YXfhqwU#iUe!1H+S(v2NAwulF@90!l zGivko_lD;sRX}CWs%@T}VPQhu;qn^@2ppZmQ_ZVOV#vqpPEgnT*3Q=qp!;m+(-8-s zJ}Frhax~n;bZMezNomOZv{_#L?&t!VR<4@OVv;SYheI)hl33bzU3=6BY9%R!P}7Qf zGwJM6S~f^E9hz``rC@jDco`4LVwUXW>4jkPk&z10vt$AtPYBXd8ZK_`1(#>&IX;uP z_I9MQ%JEF~1Lj}e^`WyHV3hbve?I#!`ii@@3{Z6=fzmd zF#vV-Qp+>Udj1+agXpKmtZwDx)p^f=BR1HatS%mwa!6{Z2%4H-pSIu%iHu3rUnuJ# zk`P=LX;qIklC4d3t$di6lHvF(pyZ9POy)75hC2(T0J={_x1B{7;OYGVA9A-y%<_RB zCqcDS!H~ueD=NfSxir0Ju#Ka2C+_S3TUCSszS7rkuAn;x7rZzUA_@>qSNR#ONbw?am)AubAejmfKyaD7r5(U*0M76OllcaQpN%&LD z!7=1$j^M!54aBv;F(W9F9xph4QSljPKpG&n?v z0ZC8ewPzi`fRvq!JK(@sM@Sm&NdWD_*WWu{?T??Y&pBOqu5Vy;Z+$e9MitB%(s{m#qFuBPk*e8>3%uM8lrzv9+WRuvkaj(@nq~)Q~?@*xQ0GW zc4!stFXCvm^qKt8q+ccphnTI)1ODr2fVH`zn_?EQ7#%jqtesKDD+iy%-YXwnAYWvz z1LdIBEMoKz0R@NFS0f+O`!FxQH!n#Q&f;y+H_5n`;E9{V@eCYI-u4(J$hD)nE0aq2hm{hVD?LI~Z8ZAdb>@{H#`HYm--I~i< z4E7Iz@2!D%?Cc#4onTClzv!FK4oCfNePCSyv&(0Y;FS%D`fm)$n*(Sm?A~pL%O+o; zo)(KC8ar^LJ%iQ==y1i``@OF31p%@=qBrP)$-dV*&%%SQ4WXU;{Cv=t6UV&g0P`KV z>CdKDmyS^B>G2XOhx_C22g8Z)5AN@)uCQK!8Ja=h+xB4cdmeFljVzj#P?AOLd(^0S z9#gS$9^B+at`Lkpff^6^sQAQ>?m+Y*aUalRY`N6rRvyX5a6RNvRVA2M`tLv}-5W;c z-GX-X?jT#VvL}-J_ANMfTT#C2i!ZbK@SP>TUSDMg5ksslJ!%JIoLt8kN?K}`(h+O` zEr*FzR?s_;)9|lcvw5BwYjyBpau^ZB;3At@KpKSgKMhjmEkrC)d}s6-;myP*q@Ql` zQYWOa5<2w`+!Z#mkP6ekdKSlgUzp#@=JMd}WrO9sd)7h>yE#Ys*cW;=g{((pLG35= zE%>s)@JPd;IBrA4IPS!}J7E2=sAVPqgEi9HSrKwn-NW>3L>PmvhVEkceyB4bhKWsA zEfu!1?z8TsjMArCbUY6t`Q96N9o$`bK9)l7H?PyKQ~T|hR;5+!?5EO*QWYTCMl7(? zq&pctOlj;`td14}yS`txPeV}6Hgcr__2z&ZA!^g_TYU3LKC?dF} zS*+O`s`%fVBiu>c)jd|sqqCS%cv5a5jKvGR)mY3_#N)AYj|voqg=(qg;FyEB!ePkq znfs;rRLbY5;jHP3oXjPZ43KhYLYR$OH)gy}#ciNq{}2K}X!(p_9RdSEsrx=Ym7?!w zRc=L)+~YuXV+yt`JVESviNOQ`7B9cJUE?vZb^-Me3}!uVkf%m&T6W$$E%Z8w@DFDx zWW8P4LmyZ%M>ea@i$*TJz~U;@JIxem|3XPF-AB(zzVp|96j$SW?;g{mJ_EHf1GO3RI?d^_ZAYZ@$D93?xYz8Jf#YM4PGSOp;ZK^Tma#O@ z`@y1Q?$lxEPF171@lO(FlAPR5!c4?pFqZukz}vUflT|DPE$FZ^az_ju|6-~KGPlcg zj3sluLtgtR|4$)D_8kO@HYRsoY6O7$qDIOs5(&(jrMye9(78r~%9kk|O$Y|wKOu`i zHlSBCVCo^8-H%SS)|~(_a^7g;fmxp{z#n`!QQ+>%BiLJs@qn)b!5x}H^i|<96&Y3# zt`_0fw0F=hy1FYZxXx-gjjjYjJc7aJIyvK1SUgVk9E>WFs-V4Uk?Ua}TP6k@ z%OSO5&EqDlwQmrn%?Mu_v6_EZ4|6{a)ql?9T_5PEL;5RxWGn!7Xi?yS|88G1f!cmf zQv^p*A42H{?9UMJ)xpgS^6+g4$vKuPsnkJTc8o1aApa03fU{cA7f%bjTuNbZ%H<$s z;6#6oRFH3zuj_Ys4z6!uphF;z?^@m_$a+GJ$e*~-KpW+vYBju^iN-iFg&dsIOsCw^ z04i5FZBFJjwhx$#NjK>q`Kz<%B$<|xLa3Z%Es!JK=-GL9>_%;Wp^8^4$mO-?a+?OQ z7h@67hV)?PW8bw_@G95ll!PgCK9dDBRbOs1-|0T9bEl)M2Fn^R`Qg%lC-#tb3LjNpV`I&^r6M#D_>66lYtLivw!JC~D($J%m zM89f9WW7t)R$;8RIQ-hJF^G4Y@LL}{=LG)PnI1Zf0IihnuTa&gkfv^=!>avn-Rzw( zD|7$Ec4c#n#4C*{SQk7PXC_%?)eh-`Z7w+fy5>J`AO*~Wp;W)>=S#;+=5DwMrzfYA z*~P4=>Ht-tVFXzj2LS_Yjye5e8T(jX_gFuNwSI z-hcO#xfooe+K5D98`%ptBB@Fs!E~MSnQ|tR9`oT9ZuIiiujAnS7=~BLSm>g))&^Q( zd)g@GWjEvZ-5%Kkm^YEWONCAfbRb9aM7m{EKHyaX~D5DM8Q9{DNEu@G!d%{Pke7ThxFg9itkwDHETq3``4^%Sk?`4wLj6@rFPZ+v_6|pn07t zHI%rs%WtFzclaB`?{ZuE5LuajM+U#g1Hd!Nh_Xu*6*mtgJ_MsKz^o%M**Zj{fm3fP zntVeia>g?W#vrediOVOLRh8}gS8hyO`iFR2)n}U(BwW-r>g!Cr^f`f??sFCJ1 z{o&FLne~^{$O$H)2^mF@CVk#vD&BExBRt)jh~mbaeUOrHf}2S3$2BBI&F&CM*G$_C zV+oNJV!n^R;XE7luu9?!&APkmU0fY&!491rlucO%Em4F26D)bXzapQV4RR*w{jJjv zdrogSwCMvem>?7lap3>mr~t6~u8^rSK~Hfk*1U;L8y&uT?J6FtuQTtuf^=w%Y{mwz zeXg~pD*vl|j;hn1%2RKs$5ZT>)y`qWVG;H>Vm%UZ3s4-~u5{~c?Vlev1*`5tS5eQ8 zwf&?uSC6}`zF(bu(bc`1aW-s=z6bF*ZN#h*Tatp^v~YvH$|aupV1Pj2&B5#0Tb~*@ zRhW*buTWq_!>9>xX*Xn+g)nM=?$PK_CMc@?l8``Y$?&JqlY}!zJ04*h^5`ShDB1-P zb;YA|h0f9HHb=(TqFPf4Zdb{yTDiiTA8K;RrYJ0z=g^EUDv&qe8JIRr7Zo3KH-t`$ z(C^CMgJnsTucONx0F)Av9qHb2ui?W0{4>qFSD@l}v@{XgzPL{Y3)(`Eg!hDrL76oU z7TMU=QcP0ZLNpD_baBokM8`_1*oFUwQk)aT;;ymS{bNG7*(WIPlzyAGLWVBW6{Pqv z#{xoyI^v~uLhIumK^#NmN1m1;&)2UTebc`CMvBH`8vHH^06!=%Lkm={BtlG{?EIid zgv^AT!oWb1DEY@ycUm~mD0uV?uVdbcN7iVEvA%&OPic2QvKiAEc8zf{$m9nX5c^~7 zKn%o#I*1Ols7P*s%a?e4=1-_?R`>_`h>v{B{^p{zYJoA?`W2!OCL&{No3qT{J{Yuh z2VOuDM#}-9{rbUpkv6Kxdm1ZZ7|>iz@CZeghrM}Bica~gt?e?fP&B5k9&U|#EOV6V z;L$h+6)TCsbECp!59abPLCSTqP)4dD(^yDxMUt76{n+Lkr8M9zS8Ks`d}&Cx!}z+M z8*ln!T$Q7qbT9Fxe#%o$kjF5(17<(6G&Azxk|7lkQAk3olQ=$<;86ST0lP8oE>7m) zg8T!LcZ|66zM0+4^$=$tTG+y$LwM*ODHMaqESroH+7E^n`XUvF3-Gx=3Ar#|n-qUl zySWRfIA=b#4duN1w4-bs7A+=g>A?431?Ny zgE%zDb=+=HYbn3H*Td!_RM2-k#=;{#&2VJUYp<>xosrt^019Eg9jD#XEMk zWk8hA%3H{nXUI@j+A3UEE#AbD4Tb;A8qWbJ07?jyE-Cr^ei=v!7{k3D$)iW0YMWYI z^^I%YHid*_#uL92JFn}Zgg2>Qf;rg%gMKst zzCjbi!_dOBsnzKbmp%R_fe>UzCcyz~nL-?^%}!xxgn}>GN@hxk7x77T8|2*g3SJ5T zl!1ep>kH#L$Rt9fVfwH9h2E&y%unkdF5G#evEnlq%=a`*McM}21=uUD1oL?LVL%ashW19KJJ!@k0aSKy}sm2*~zBdjB;uPX=}efR{hfs zd6vOId1cAGPKVq}6P)mc`Dh>AmcLL2Ecx}HXA*0k3;cQ?tgXkt4Nz-%QWZwmPlf3|Hbjx4@@iInR{C^!{6%7?{S`H0+d!n!MiZ_F zS)_sK2$iBrP6&_Drzf4U?OX0)B#TJEcjH!J&kt_%KEUd#!;+QBM|!_yT2Vj0##7Ebq7 z8kYTA*sb)*>`lm&05|HaHP8sp!sqjJjE3VBF>ndl_dq2$ZzFN1%I8=Q@__c-G5g64 zp^!2XW+E9|`8r-2qzocK`!v_ot%Ta7GiTEIrdW@wj`!vwuxjD z5Pjl}j`!f01hw(UqI(BRm^2;q$4B7hP%Djn8x_%ahZ#>EFwwFAykTq67EoE}fYX?kB%2Z8JP-MZp=aMo#@aM@D%&v8yiUQh51OWa|}i`;`Oi z?joZ4TxoVg6w$Tey5aM#$KIfq-4MKRbLj`c^X}o+6r&wjhTjd83zQ{u1p#@|>&I$uh&{f}?zMP|Bs#DlZsN`}^F8jddkcc9R@(2$ z-n3pWfFpA-!la&14FiaE>@m6IC5@x<04g-^+5`blIKf7>8`v#YTrv!WnZlXZM`h7qx>|L^6m9gKMMJ`7!76SaCxMwbQCHc zFSD!s41?!gD03;ce1}#e%QRTpA!VW|RDkv?!1&Dj%A|F8hJgBN>K1kWuXHX2dhTal z$??Z}s@TVblgw3g7v{~{7$%wzFYhluvcHRRTAf~s*-me9zq=0~mYmqgIX|{p?+yL3 zom>u^yU?gTRQa5#Tg!DY$EVFO9Q$j=xJ37-ZCtXlQ%c@UlEC_G?p<6o%Lx@{?Wx#Z z0NK}s?BA{4uiZz72Qj(VR2L=Ady05UuIOeHcAH0XQ9^@q@-t+M*C95L!pzV0gv)@K z__LO_-vmbw5cX{3BJaSyzaxHB{hDRzD)up<&P4Z2_Rex7V=v$LL#O5mhVGu zn&#`-{x)p!F7HzSimT3sP~YF}9!xa@HoB=ji1?kG`{bMP+3NXb9HfuX7ZZ&`|H&(c z=Sx31EG;zv?76f+wJ{*DW6CsJ?8@KnTnPVj*CK%e>?l&)r;L`Lyksu2$CpSqEa!jWN60uzlZmf7 zXeD7#yjZ7%f5$!Bpa?jv z`kLSrM+Ris>UT}w9X$C9S!Ak(=+2Nv0l_pYeqBio6VI9 z`uvwn@b@UP%AmSa&ky<)QbGw2P5cu~sIcU~FMfuSVa$uxkiMM=9Ys<}La>B$+TCzK;x+ zg;Cq3;vM3tabQLH)X!F`|GSqdNYhe;_Qpb7h~@_KsGE}M_uTAA?j}W z$K^0GxfnZK763B@*8Kd3zmwJ3$Cs5KExr%R0b38fLI3IfMrhUN~akxw+rLhpl zNFuQs!5&N&kWiICkj(4;xonFebP24#(u&U4YQ;Mf^sw4ZEGQ&h>#t%8Tkc<93qNy@ zWbD>ebmTnA)pndN)w+E38e26q(TRbo>+hrt)CWU}FiIC_W+oGv076g8|0-zVjMddx zoJ;0l0L59O&muGbgFC&$J~>pu%`~wvuCYnGFNHgl_JO&@5V)48sO%+3 z-zS?QXfHQvI|2&-_?5ox67|*8b~^>9R=5uD(Hj!)LVZk}U39U|lb)l8=tUO7ls@>u zr9@%iA%P_oNo2l?B)V#fOrEnuf~BPei~!IE#E2pcx-r1FcmCX#^nt}k0Q)IQw(le= ztXR~IpLY!DR!xpuaPtjYEJl92FUH<*{QA;VVaXl54V*dL3>@3{YU3tp(FiQ*H(und zx9QRz+al$5iyis>!iooNj-qxW0Q}650`Vc1*@YSe9nEn*k&|QA$);p>l^6bTKo!SL z^OQXbmoW7wCdiM2406OhSl}B697-gL*N1)Han2#}m?bd&<9$&jo#(z+zKhOPj_2$5 z6=XpObroz~clAkLJ{?bT=vOxhJ$ z7QzmUVopxqY4r$UVt=zm5yA;TZ&|;!bRjBqwYL+Vi$$dWAC1(8MC!YQO=j&QMmg^W zxS|Po0YIipyZ5?N)`M2yVxnn0$E*m?G`X6~K_GaW55o$dxr%A8rkRNpGZXfjh{Am% zovLJiTyPz6$qEsQ==x6Ul5|<&;XKUNY4t_`o?0dZFBnFdyfK_ZI0hcT81CLmbS#se znMss6F+G|xp)iWe(wgFubQVqMK89p>zJGo?+_41wCXSIS-S77nmtq;S4-UQZ|6}PI z12b!4b#2>jxAxYyZQHir+O}y7rW_Oc>wKtQktNn!RYMbURiPTLN(cdI*Fek%X;c*s=P z&{AzsNp3`Dp}E|Qs;KXL=EB*ao{Ac*M2xPd3^iQHHGqysXsu^eeAZ+nA&D_O%E?#f zGHTm7@sfH1mmdV2q0$OeKZ}S7-hB*2;oiH#%l*Ew-bPSe{^+v*zLvQ1+Fe}VdQJ@w zZ${*OL&}{HYv&>lEa!e7G}fdQt~I8Kvl64^AplOhIu za>6cDk^ujX#W9=RvU~!LpSW;I&?oE$q&YyiaINu=nZbVvPk|DvHvGNqu}^#q`6VpK zg{e+OxoeLw(_kLgtCia)xDnuTbaqg>mWej>Nb(jv`&Y!#>@7Iwbt#V$l(uY-x_Fk$ zlOM-tHEbhMSd&r*Vl`o>W=-$3=UCOl>>lGEHbC3PK3>(sD(w(kEOA&QuNG+ zH7cI&Pik5hg=aC5t>@1%rnPM5kclq+buWnof06m6Ln+PykNgJ^ z5!&ntdDtO}bgedY0TXFQB#6N6s*Wj*@{p|V&6vil|4EM=68(TSB^uMHH3rVOqflZA zZVh;DlHuCc4P6jnE#qBq&BP$k=ntZSjSwJlAB#A$)^k5@u(L;;kKALFg54%M%i%1RQi;c%nl4bo`3h0a&x<)F$@nOr_&oi zp#nQm8EKD@dxI*P6kv<@$Zhk5XXUZaLjjUcOjh z4IV2nsXJydXI&oi8ZdYm?WaqK98C<2&~c`5y)S_b4wy*?+*kpYet zm(L3}uSkU^b&0oFC`jo=D3ktS2lRg%o`7z;xd&^Uq{ftv2u5^vi%65|#^X0pD1Cy@M8nF0NA4ExsN#0?tdgLl#m4u?T%ndYd?S==#4VpfyHlDR9R0*O^Y9*Y&^>ERIZrIfBXRLV{l{mwx zd_QQ|MW)YAxF@sXs9Hz>QjiN)6D?u~l(h(cNiK6w6fPN6mLBVx6s3lJKhd;zhOW{7ekjv>0VW5Nbv>erm9J8BFP=kM(8PB&z{W0_nk0i+V=A zUO?;R+})H=0*j1$1=SwZ9#~yh>ONiNypWR07TdF+)LA#cYcHRB20q}Gcoz`hur!_6 zy1N>o8)lHv51I`wl0&?;9+Zw#G}H3v@jN50MlVinavJ75GKAp}pTwu1;d}_Go&TAC zX7&p(5Ziy-&Oml~@5p|%COowX;eYu*C8#AKVRV^#~Hxr#87MWT8kHQwK>}EMJftsO_ zw`o>|m@8y5#4vuZh5kF$exPrV8K<;Aa3DGn?}IrwDO*O4;>Zcgca*ld$O72 zs1`=d>ObMud1X4bskSvD>yEN=s2^o*qYARTEA*! zz^_m~%1JRlKDYVr;!NR2hO*X9A4i&%bGQ8U2sQ8-I3DT#{1Npmu|ut$=uGJ8d2yHr ztY=@T{oM-HN(6O>e31woFa=A=gTnCwhC|ifUf#0#$FZJq`jh(Y9N{l3x($AK#Jz?X zVuHD-#~r{4K!UvDqoIr`^fHaFnz;PJ5I@W0`N;;s5k?GIdyh7e{u%82AqbTukACZ% z<71Y?qhI%FrCPApo=0?KcOT#QURAXM7|dW{T#!b7S~Sz%!{==T|8rtoVTG9r&YVay z^g4OCXHz8qV6u2yqA^j~BJAtnEj4mkiMIfQT!(77zSPX|($^w`8R#F>q-ok~Rg_U@ zYSl-8;_oZaD$}std7?1)TzpQzOELKo!a7^cZd#Uc{HTF(>M}h`4n?Yt-s!RhFt*z| zNHO=hC?YbASiwnX8m@vh)OoZzbN@~9Gt@jp#=9biL`gF- z3UEUL5I(gxq?hfyhC-xSbk@UGzyb_>ei~|pWq6|t>HJD;Mc@3;5ONtLHfBgiGwgmR z16LEn`y}h(vramW&o7%h2K3*UMh9PQX9jW#L25jkpp`Me}Hi zq)yEfRkv0L-wngUN&n+7LYKzCI`m)s^=tTjD#x#9HwKw^mrQ|x>eZ7K0MDUG8N6hP zs=k|-Bf+-TAhWY$8nji7a3EhJ@A$>^A=B!$mS}h*XleLegL8LH5WoET+{WsG)<}!~ zuyYWdPX!SaXs!T#m2Xq|ct#c|wp*u{E&#lu%*(im(S2uS$@J!xPJGC($E9byp>ada zPz(l}9kgBuKF&$FWgqStFq23GBZJzk0;yUVq!etQ50cPfG7hps-ToX`sbTYv&lx^+Qy~y@L4GviZM%m@3pEd-40eLJdu3jL}CS+#gqJgMqL&=E+j1DnBXzQf2gdhY) zmGh`?vP&Gzgx=yh8L^r$y5Ee> zf5SlCU7#Qw12<0sHw=`D*M>kj84iK!Asu+x9g}_=Ha39wqrkV8&0q%{IXNDR_B5@< z7p!QtKG{~Jq5>SZ$6E+^)ziivG9$}EX?bB$DUW%fO*4?td~d|?2M%?+Z$hzpDMFh$ zA&4(I=yQ+MlZHPl7Y)u=h}Kugf7-k^SyOtDVn>U%G~AsmZayD>kP*2Z!zT;S@`rxx z^RpMT`vGdslU~gK<+An`Rqzula`o=zGNNhr@*!< zdRO*tv45@B=RhKtSyq+}C_b5NHyj=%6TD_wF0V4ZNcbh)?;29zJDPEJNbE?shY9;i zLMf5?h0r)Y+xWf{&~N|ubu^}JzkBw?e=EAM@(!>%Z?L_7V$6_@tpqu)L1jJU<=wwo zOR_Xe!cuJQn`OiH6nxLWVk?Di5XLu|3C$hCJmHe=>bldSyrz0k+o0QU1s|VhC@$L7F88&&Hd_j7Q0ktPSEBFqL2dRybL3fbj_15|`jrJ<5 zj++YriJ5@POr~AW*+T+4(R*;WrKY~6oO!@XQvjS&Brr~aZV3|R5I#EoB{pg_&Bc_p zz3PD&;yHdxr@$?QS9}ahB+dyy%OpEs6fA9tVrvf88H-u=B@B&Zh1(n;U>G_yEHRC_lo$nMG zl?H=nyo~&vpC*Mtn8yM>6O~wCWwMT&#_r{2F%7oP7D5uvHPx!a$>ny>%iHCb(-b3 zeU|-o1jH_U+>Z4B0o?t=zJ}8GyzD(34hh-9w&LC)9~ytcdp_Qo(uH6>@r?QM(Q+J7 z2>YE__pVs%s+lJl=3d}!^XviyF2KIQNHCMF@Ip>Xz{NQQu_fAZ4j&%PhmOHE-#EOu zw_&vxv+v#s`-(Cjy7t}m9wGYiY>_%Yd;@g-*6SqNg(r|_0Wr5Sk2@cXK{e{;?a(W) z-ryWCh@@D1fd2RT!z&3t&!+cVQAEJsUIGLkB$*~aAO<))sa*txANLENG+xF-^OTmJ z84J8OjlVZW8p6i@BMDtIy9aiT7l+7#FHdNpDRl+Y4^T%{zmL*-k`Tut`#hRO&0BoN0 zvtm#VFk4~RdGJcCUJsYF#PeC3_&)BYDP7+1^<&ILoH0oPkr^jQSYWdHKc(DzQ*6y1 z)ikybl6B0K-e#&VaxRXH(Kx&o`OYr?7vO*lDvy3Zzdn7>=wjeESridW1P;?tXXg~R zZji>jX!)zebDO~plIx}mHS!Ix{FB-())7uGP2n(X`d8mPSm$1;_wC0Z2wkk@utjf0$ShB|%O@w=8u#%Y)y$jCd(_1<6XgaE z+bZLTTaxQ`L2WL1x)i6bvJjivv^z{F^6mR6-^~EN5C2FVO0b3(&t??B(Irmb21Dpa zqL8{|XI~vt^{|5S!`kOX;U>I^&z(R3;+Jh3pcorTGXMVp4{JTvYxnriVb@)K8SV3< z6`vsOD`)%S9ZwFNLGd$1I>QELP$usdT7K6}mBUGysx008y?bn~D;2rWFZ+-Q)#iHM zft|=&)LsK#r`R(9CUG)9rugWAJluQxfo4UpbW&{helHs2D`a1*Kg@F>iAVfkY0~k= zZ|1&Oj^L*Ci^EdRC9>(iXQO918TPN%VSzqo!Q&w{&);#EaMGo>lh!Zg-hY0!(Nw6W zPg`nxRHc^$s{T_t>r#)s1;k|Go8hzMjiV^jyt*Wo+s4CI=up6JKIYZOt98CNhY6BN zwb)ClVlUwXat1N`Ssh-mQT)|iS4KfGL?AK$z7+h6^6E<8ZPbn|@NOFK%X>^E=^e3f zv|)H~0*x%?A9i9LPO!=zf%ZcB)6tXlv+ZvUPgO{RcI}k~fJRg3JrUNv*s2KCz>G*H zC%2ROo1N}Big&IzG|W7|nLSzr>nm+O45q}&s-#63uqgnmnSU;xALtrSa1>X0!m3u# z(-N5bU-1nxclz}Qip@qk^B_Iax&>T7TPF&VNul`q181Wxdf@y3s9x(Dpb6#c@UfE$ zX6YCK4kRQ)D}}(?nQtN=Ndl?;!qt7EOR%0yo0CZ|46@LX^c9X)z0cpjOUX^qBSG;+ zsB0N;c5;|TKr8?Oi&v>OR1-S&-N2#5h-jN}X8B$dU=|21+yiP*?T4(}k!f|NrTJrk z2!{zeoDxC1ngz4RuSB1yk*~D@PH+K-p!AvhQDIAhMnRwsOG2D`l4OiIPofN_9({r1mPD5j4W->mtmnx*{ifE=Ny6L`*OqiNe+$fl(Q!5v`;tTUg4PKU* ze4w)*Zd5}M#Pds%(Fi#E&=FSq8ASlg9dq=KX^lrle4pw6%Cg+wERg;2BQI2OilniQ z31+l?T-_zQELoRP(w{RM2u=G`#A%$utu?-Wae*_MOg#DAKJ0OgeJQm|qgFlhJMNvA zl++&zL#9VC)W$0Jq)kYevg;6n4c;ip@IZc^X}#|Yuq2Gc=l*^xP0t7zNe9T5oOn|O za<0|Lc=PE{iRw6ruK2+vvr11FAlQ4jTQue`DTWj$nIKWK(1h?8yX%)vvKv#iJ=G0~ zu^}h`v9jwJ{k@z8Lzt4l)L*K%p7ZexPU^%~p%|!e6iP5!{(T3EFc(g0qp-R_SYW0Z z_1qv-dx+^pzPX&J(xPdf2Oze}SXr&gGo$$jyFJ_|FeBpZQYiK`q`0hyL4R6F%a>G* z7XD~Lqh3Z|R{aiMZBnA;N1Mebtv-RJr|Nh4V8lP06>da2I+k9;eY)dvt%al*nd*TP zZXoCux%)V(+?&QzWXc`7H2c<|-my&!t+{G+)=kyp-1{JdesxI>3rL4Il~E_i@OM{g zs~>|}rI3`!l&(^6r+U7^Sd>AC9jmFTaf~G$( zSP3_WfX_flhh0(=12@LSCqGdAy&}DKL}0hDNF@6O!U-dI%AmOILv)>H#)58 zbRe$@5jq}K^Va{P72pEr6$lhMAXAc4Vvas~M8mcr5@%kyu6HKICNFYA|C?ar_gCQ5 zfP%8EOCwFr(4^6?^c1$vwp;Iqq?VhPy|OMP*SwIXlu@E#UpAXK@r^x8}chc{xf#~NS!7(QjI$nG<9n6FnfvrF7cGQy|U)? znKj1V3(ywn$o7*ls~Q5)ZN-kBKTo{` zz=*0lmnp-#0pHb!VG6;4ECWuTsO^_2T1uvX*TdC$m-1dE!F0m`*$;OSS$OZ%z{3%r zI^*J;-i}pcOT-~Z#@4|Jrh^!QcU(Wu`K=mV;PhADSK9Jj5g&E+`wcyu0YP^22${p5 zRH+d4QhAWA-opv*jIar`r|58^fZe)eoZ&^mfnt^ zhO~~C?_1ADvA?05Kl@d zrFtr1fPkdZU`p$tTp9sc?+cc`nI5eXJ_c3Gvt8y!Wt5;4n%kyqc`DbRBRg?;0;qQv zkL)TuDzS`CB;waf+v{-~y7=792-@0MEkD7zB!?X}y9@$1a;l^gqU5jf+nKKNo0Dm4UY2XEDlZjEZnSGQrX#YF5!3rSAffP?!AgZ`J{yoTqST3O@E_e= zhEVj8vKL@v-uhB0^cJ$DBdkm{jnvyGNz~9y9FwDAX*H z0H^%aEKKfp*?hOu@;bLo(%Sh2ITXgDbuCPH`qI;4Q=!rcCxl3hFjf8Syvt$&1@|WI z)hN^o9{gSuK1!b;0=whgvmv@fQ{+k>N(=RGR5(RxgEp9)mJ@&R@&35;%>v_T(PS+D zZf@1niqw21=jJ41`&&tzp}C)FtWcM=G z9m=DRe8}2EA@uvxPBb!}ysZOcvJi?r)!<2@87F5rO( zk~r9M$I8^R_S%dsL0i#ri7@$Sq{2uX*5FQ{R1;ZHGm&Frv9i7?;BG&-c`fY^cX{09 z$9{6eTw$GwzTePP{s*qvqv{l$l6jBnp@CtNC#f65MJ6ja$+h&(eKZGTBT;PFt%%>J zR>He9CIxJTwUCSxDRIeMSG+N*pnSF&xmi4X+;l6(6zqDs#p4L-R+Ymf-YnFD&~~_m zevPC?9yV-DfIkz#toOl*!gp@1!R#$y;DmB0kk%IV=NlXHH1y+fyIw#S6?|~Zk_o0^ z?~{O@3VHvEf274QJ}Cp@FFq8ELP&xuAcPY`m!G??kjBL{ALKJ6DjPPz z6~dGmacQ7EWS8~E=;+1>_XyzioBG4Sy^$KXZ`PO}BtPw#ViI2&ZCV|5uPh=+yr&q4 zf&02qYK5y2#HWH?3lps61MKff(8p&-kzW~_Vfg{F!P*K)nK@9U%9+}{k(*;L zG)UcW?vK+HI=X*Nq!>`a9AkaYUJv?)L`gN7;kF_qC)W5|SR#W5yP<#j#wX|x z%}`OZE&T!bGlEJy%Y_sgGKLiH|{q*0q?2a{w|Hu2J30-KP&-w_gxeW!jdlv?<5YYOvQR}>aVKOBwRjh@9kw}ZDF~I=*v^iE19eR=6C34~qEi{ohStw_-^i4K z@blpCUgw!NpSF~eb{y53V{wNsFVeZ2H9n2i*wrc&)EboPs)J-F3;OX(Shnn7B$61t(R*_eT++{2bul z*!MUBBTf`W#(}4iP-j#^JDU$2_f?XV6UqCmgnS9ww$(>mHFDkduM4uU2i(_dGbzoi zUY1iAOjf5TwMlM5$tUcV zme=(6iwW2@i7HrWVQbj!kM4H}RC9v;YSJa|--hJ~W}TsVMgP(m(90i1GjyIs7#O6N;c!W8?nmC!45A(zg?tsj!wARo7%ipZ<4&|&=FHCj67IHI4gvR&)fNXtd)wD5Y$4qEdv8VPS8|3lPRA% zu*Cux#k4!O;6gc`N&RHbLwp+t<%h%kNFs<9m}O%7N)pkH|9a9jEUL)L^!zkU#?mLX zaM*gaQPTgHw$JE&lsTl%21o^Xad=ybXcN!h{?}(tU55R{I2ohN$U9R;@cbmK2O1;) zIfN`ej5w;1V8ZhEK=?gP5F${9fCWes5=p`Z6&X8}WyOAU$VG0*=N$V^V#6iMsnbYM zRHo%uC@MoWuqPO7uK?>;y;Yqjk3U!@;dRt*m0g6no3|B>{0oNL_W%#UgqxsT?v%^C zbdg4~(7A#D($yYn|I-uoWHmVC1GT3K2@x^Hs8BB4+SN6>b*2WwX{Q=i8VMdfl|uxS zikIM}RR>L7P%@Rb*O~^LJia@JNmw}^32*J`Dn^?l$1;3FVl|m?M+FVjj_0!GJ*Fve z1B)$l_q30JmU;C{1;9z@CM0^eaQ%ik4$vPp7JIr!IG*9#FTRgS6t*XaKk@@6qZze{ z#D`>?ab)m!!i|q`iz`OhI-v1+s&l2@=q>RAgD`wQE}kG)U0>UP)jwy7_N1z^eT&T% zZ#HE*K05RliFbjGls3)ld>P|bDJu&MI4>Bq9?N4kNp5SOfU~f__a1cb^|JvYmXeVb zmqD7o&J8VSHdRYb{V6_(hCjn2LO&ymcDd~C`{0^3btl$~qtH%_^-X^12(JxWbz3u3 z4M^+D<0J=8Onx%>o^*8^bh{*~)Y3fVi|7DL=$Y@lOM&Im-ia}+)Z`kFN$huG`Pa=# z*`BDQvVtd308Mr9Q~M)npiC)1nb;k%149XX26`qXkTR#-mT;7tpUbe90V;_98c}Wk zif?#0QgZO__c!@091@fEZT5Kef<+iZk!*whCNd>=5JFgY4(u}>kCK6av}*^cx?BdS zJHERe^=FLBZ7!gh00BB9-!r06iEO^!ov||BN)UiR5cp{dV{2R=If$k+O!3s?qV9X{ z<|NQXRWk7H5X8*{csL;>ej`D2nLpCF5X`tEsXg}?3rxdyA^L=67MDZBHt*Af7&Ol} z7W1C%B7;?GbYMGl;>ZZ@$$KNe>F4mr(Et!ngMW#j%*`?`wcu0MIj#|lGlK4&m(xG~ zM8g1TvXh5_1yfq9u>^mCDYA_*{|P3Fjq=`CHtw@{&aa)KKsu(yjs(AZ=C?$)d`R49 z)A^;~vViPnK57#pN^$j(Ta);Sa1=2`SW=(?w_0I@0p)%UR8HAJJU_ZM5`}16e2LG^ zPC zKYb%|#p70n63Z`%wX%kTJMgL)?cE4F*sF zmCS>L?Gg<9>&}S;aD;!dXW&zYI3u6$_Rt>GYMYB{5OE|5u5XQp%c64=cfX}K)A^X$ zv-zLz9F76^L{*`~dZVAX%)LB;!zhT@% z0PFuYEuV)vaIpY>07LtGeak%npdns&?`Ryhq#|DsO$e4i5+N~yJ{E4!WnNKB+o!02 z$rOaBD{faJ5NHEHoPi2{W`uwNDtNK`{Ko{#INndZMdD+?AWG;qbWsyYxHB_V*uv*1 z@*PZxd)omQi;gcXn}e@R$GUm>Ww(vFqNe!983qC*a3unkM%2J`AAqG=48CKc&ww|3;yF7YV`f0yxKo&0pbo zYad~K-I1qI<0LbpQzf6E@tb&6qt(h#q{AvXg6fEt;varjnG4o}=*~o(GH&^xQjQ?z zqD(TNgFn}9)CiW;D#jz%gV^Ku~*`Fa6VXyvYdQOya;giG6wL%}RA3xt?wJjD(6-NPQ4Z|OV8 z)sJg??;-ZWQs;w7EhQ|0V*i$oZ8#2p?Sj|Q-?m@2gKA^|-eN{!z;lN#g@LAG08}Gk z?>tnBKQPFRMF_W%8IoNd)q?&thKyQ9U1DbJ~cj5?&ae%5%Qb|MW|A z?y<<>sMZ{DrRj^;yP`WZ`#BHJMTkMWU~+8$F5AGodH1(MhF_7_-~H-J;P9TT9yF!W z0M^QbKf1r=G=3VzkA{(Hvy5oD!1vbNL2~d4(=cWLe3=p$?Qg@G*&p>gIHbqn2{tK? zKtmTCTcnebjg&kPNMM)tLz2zaQJP3-dPrhrg(x}@ccJh`6=B)QpmWUb8Mje^@0CGC z5(QH8{P_6v+{15a!`?n0;t8as4XNUC#xWFQrWmdMVl z6?w>Eg&0&)hbmrt&iJ^$%%N@)$#U;S)sgB;!5WS%SzhoOE# zzm>;z7HpM=6fHVih2qn-ZM{WFOO(TQHu0JO(C`xUkd3ptsds|dBD=kNg3lx|OjT!> z{A!ZT3pohL%Qb%*$A1;rreT6@W;4>;$02czO^+Uyn~QvHjTV&l?PISL%gA__gBCzn zlt(wL#XZVPYE3&-eQpEt%kVoabaqYr=5JtTVh7^I>;?XaE{AWSFsudHY{n}=Vaw|S z2&H;my812(>%E97V{(6k5aSkhYvH6(%8oXhDQ8hE1P~7BJFHuVbOE=AJ5XvDf5upB zpvJFUO?o7lt+`LXIWM5)`XBmR0|t&|E^>HjSp8goh$Fglfh*`i)po@GNSa@Q5k?_W zI_#<&mrxv4jLQG-$MG{VV*<$lUOEQUjy}thMg3MH%wjYqZWC=#qAx+5Z^4|9x4<$g zO#K8`jqTGy(0_^6oy^ADvYYV+A(F05RF<@%>Ig!1iNVEfxSgWbC$izUGJ`*pg8w0% z4yHG;PR9~>u0V$Kgw(M!jX10rK}rgVJ38b?y~CYizefQ+GS`P~_pZ(XU{)T`@>><1 zO7T7t1FJ5cRQMz~)gnk7YBRoM8_V_9)R-#QskkdQF~p+=CQ0HpC(X=7HyH_WR3Ul=s#z5Pwv5E$@S$8#K?3+? zdSmbX6MBUyu1WD!M9>-&e0elM%Ir`AJ11yoQ0WO}=;uVcb&;#W7?slX-Hx?u4ViBg z=ML-cH!xwOKUiO8sNEp2^UN*hjQu_UT=T9sKG}su=W5@Uoa#sHX)m)D)?%N|OO~bU^(DS&AQY(PKd_Ba{)SQm^ zQ6Txko7ny|%Rqqj;jouxLaO+-7#);_XA)fyW0>uF-CW=3J55-aP za}MZG94*IC(GA}^-o5E3C*5nUgyeL=Lvh)AH%ys$H^`s^!YP^tP<4I4y%F&J&;=>q z!+{aCzZbzd!markHC>9v*6CB=ur-*b&Or4Nev_!{3}o^-uw z+*{wD&r^6l72#uqgx}x+!wue~2@U$EM-!h+YH~+2%yc(XBm>51q#lJQx%h*{S1sRu zTSx6-dgr--xM~zo5C(6qe332DnyY*7V6>lV%?R(WT3QgevSr%MTyL^Wadd@St~!<` z!+yyXp&yAMhxO@t7uL<~*GRrei=HK7*74Y+qgeNxa+iYEW4beIM04g^LI# z4=Y*C;%l5+BZp7{I z7Yaq#D^h6u_V4`2w;4aY#0ZQl`+g0K=-sHvB8ko3wiW`7&jqwTLN7!!ug9wRjVH!=#O?Djnu?fecM=k8Pd|OsE&6XbyVB`W?hBE1*whBNF-f z(jRjc_A-*bfLptj(8^24Q>~g{^$bG$dbc;gMyw*R2XDR!d0pi$3hq2-{K*CAea|MY z&N`;9{SvK{hu_@yLp>W^%NM>2H09DJJ6GA)*RX^qN$|Jse5@uEeKdET?g#zWXO$|; zho6FLUc8~S#lGf$u1)W3zR&RxeCNKBEmj&0{B&$fY)tTn0qr4kHw}wqp;us*kob}(tA`V39d`voO15qb%8Z?Uv=pq?HI*{yazHKN)6zP>u%r7W~pVv zXcUVF8c}zI=<%P^PYuHKz!qeX02KSHuKeNpfc~!DkW;(SPo>T9fJLy|ue=1AAWf{P z(+VZ3#VK~Xrzh$ZV6zMUoC+dt#zz1%n(|Py7tq(Z7xi9gP|?5$K=HDkG@VCGm$mCq zd`xvB2Cgp0Q`i@H{O$4yfTDIwQ~qo1Nb|$Z(J~n?44BD z_X@;hj0*%?Rj3>_9oVH&#^|h#D|2{pZTSPXZQ2GP*=cmrrKL~<+uxVifW`2u^+QYf zeUFXwbH>ZOKVu)K8kl9-roxh8U@!<%GZlrQR^PZBPu>ucqK9m>Q*pg}>-g8VJ)LFr z`97a!7vsv9r}W6Cj0^(sI1R~^@I4SVkj)ft+o|_aacVO8XjNiJ999pEv1r_vfur5b zGRK(!$2O{E-8*8z9j%#VfRh;2?g0LH2d(wQyfaRpdnEUbDG#L*YXX{;)V4V>PMcTJ z9qAZ>0fA!(0zZ0pO@GsBzAXyD#k`kAn&XW>Yxc0dp7G2Pa<>bl?m{0R!9x8e!!ivXx8{F8-+jsxwbHa zxAy>fcsV5t$8(%xC4Z>T{e-5I6PAy`*pMC(&Qoi&7G7AO{7keF-67s}%Do01gqJZZY zofmiJwnF6J<0jDe$1fillL({nmQ;I>4Xfvf8G3H|o+Q~(&Z0|uB0)&W{*Hhq)KM?D zWGb?4w5>a$+pD`21t*}GTDk|bx=o!IaQXYu32e;LKhq2ExGj~;_^Am)f2#wP%DR^z zfTPz@2Y3ZH?e=HzeB)-rp-(nbsdlf@(yeXQ4H^BgjQN&6W7>|LkYm+WPoi%EUcTKs z%gJPH(h_20M=>y~v&{vgFZP3Vjm@xFqWoun=TmikC}6frxVqXZu~5MG=5dUdZ}dBP zJ~4NBc0*KI&xV_t+4i-F33+SQXizN!ZbiK{09Ya-zl=JcH=BFJQdSwVIEZL{W%yEk zo2mkgpjXHj^PnThCMT4oZY{Z3iF0yQwJcgO=fG5N_P_gpG+3~*I@YXQoo0lDt0zw9(Jsh;}W!R3ePK% zz($VTqRy8)JXFZ%>))R@z+fp7^-&-Poe?f!4tPy(W6DhB2}C1QKdJ z4Wj``{>RNv|M5I_`%VZKj(MCqB{|}CJWG<4h`&7!1OE8T`quwhqpQt(WD&Q%m705 zxN9Ap+(|}4Hs)Q>pwcd2UwP{wq1&AY3nV;JIIVN$&N{MpKWpf)9+=^lYY~PiJX;Fl zOeYG^#`g{ElE3wgpnwElOMrvvN~rT~^r$-r|Fs>7OrrB*zWL#Z1VAAil$cruenDBI zH7^B!ox;4;9jfm4b;dyfNg(b6fQxd`O9TPZm~<8foA@bjYMle@`G^y{&)7v&5u;wC z!7@=eYTq4>QbZ#b++@e>;6kFnRjh-{0vBsVI47_eruVmIN5Z%va4q}bL(e$)*4rI= zsQjPP@5b(5s`vXL)%Y?Sr-7hS#pt0oJ?W&!b1?06Y=cW`I34=d!#9B78N~MK8!^AX zsZm}oP271NNLcujyFJHz(j32w69N# z@3y(R$Z9RACkFLRg{aeZEM5nLsB3vg7h6n}&;|F$*1Y1-+1bl0iRWAhv%H^}iaC_@ z$(ew}38-|MB59QiFMPhBIaaQoUHVD~>(Q|Sx{7F$Je^b5?{QQB%b*0DjKrErNE97^ z{wyEc-wTFRlG?_>M%F&0k+Z4p4kDj>@Q@=wz`pIzFT}q`X@AC>dwYvVB6vPJq`Q+e zUq~cUsZFgE#Rrs7(< zPbsDF%1@w)b1=vPjt2;?i)*xl<4_> z{FFt@GlEnur7|2v3$uBIRzpXCrY8y7KNaR}&lWUyNYk^!Lhe$j14_roWx4<_y_|#o z@2vmdm3dhHaa*gKTI*kIFN3h~U-=j!pGNr&?nN@hK0ko--%W{E3j7aOHL0=7aNHD{ z(|}@(W1U@Sv1-<&7$O`#;jOA3>lOJFqbu=;<<&6cvuesRazykaW3_zbY){VaQT#5A zr=$S{?MJe6-Fi;nh){;V=7bEN0IYBdS$m%$%KHmxfzz~=kVS$ArWRCw%eCyPdj@V) zZJwx%PO1SKOwO(NKn|bh`Peq3`cN1Z#U~*@%-ntjQeq)NfENprAbotEtGJrzsb}#hsULE+<<)osvN*JTLf|qj53gQ08cQj|9B%oB-D^cV)orHiwJuJ*jT<6 zg>9BJ5y)QXkyNbnQr%~523;dpL<@IkuRJW;yryPoJ2&VJJSlZ1^QgS?$Xp+IKEhL5 zK8VJd0$49KW+BI*{S!LO9?rUMNEpG~8$(n${8eEMeEqP}DY%2ysZ~<$jZrEsnyA?{ z0OeIi-um~I7?>kfJ3ST^$}tskCCM@V+cmTl9n)!&lD}Ag+v&;jSuVw>8`6!Pw$81<<4F+=#lqlCem(Rcvga%aX3AarB!6M9{zL zcqVBWWMySNNdJUn4`H=zJk6aU{%)?&e(ISa?rf2+VvZz{U3)eio8~f&yoNIJ%wXkDw(Z<{r0>s2voF;$GjLh1Km**a z?V4#3hDH|<(_6^uAVgt!NETw8M4Ybq%pX#{Wn7xjA;;6QDAw~)2%_yMxQGD&@85KG zB0duYwHLBZp~GK7Bbl>xNXy%7fV)#q{n;m%UIRuFcvovOEEG^N)RuaT#Gzdz9bt^p zH>%l$oKcm}D6SBX@Yb10#ic!fj?Ub)Vlr<|4{XQ)M@&hqr~;)?WIVK!ADW_;kVinX z*VG>hpi-9(r=);Nm4X-dFv%nS4p4LWtAr6R`4*mq$B;h$ltvq+{|F7JT(JMtBsVWr zkDIDF0W(A4Y1Q)I*_u7XvTVLIVC{-T+P{Hbbyf0%hkT<|wJARH9A8R)=BnU~&j=i) zki7a%f21iqS0u?V3gM=(c&B3*3x{=tE(1(*cgv)hwZAqB`x| z-V?N{7YDX>*~&zl)@zZSJ*oJfW?zO$v8U#_{tLn)_s_9{J+~mZer`q(l_v+T0PwQI z`cl&VjX^mq1ND=`lx*ABvM{D%MkpmFuaZHZ+tTF*)?T{)W3vfxIzRpE(af4*#eXj%WVUk6xMu~I7loTq zxan%TVr9}HKsI2+M<2C-2sSbrn@H4f^h1*$)4;=&4rEEqSpUq``5M}xWQOEBltw6c zTjyaDjGfshx&=_*VPCtYZC~g0R-3BvZy|5&B~*wvU+5#RFX8!Q6&BcuRu`00n00>7xjaTl|drKFlx$(^Qa1I z=UtNcfh~qln8BZaSZq=Z9VvTy=?O8U$P^OAHPMo$-3M?}vwgIT?T@d#0GYIBhuu6^ zo++XLw@Tzl4B#8b!9EyalVYr;P>(9Z5~TWQ3cnBVT-rna)EE(a0>b`dfZvJFx997^ zD|k>o^;#HnPrVWy$yzSK8SmS40^ngSFJbjERWZr2mx$>2m(!X0;5o*Vb)}2Aqp0hB9M#{{)gyzvij zdJ6^!)2J# zF2bsR%JU$~d^bZTHbXuka)4fJ;6;z$awr)A3uvJ~m^4+E!ojExKmonw1fx1Sd%GS( ze8X}veRk{UV9GfXIba}y--g98I_ToPZ>ys{soy$|;8cIJ%Ytdrw8<*JDmiOJ3T;5s z1m?iSEXhO>WTu;Nw91Q#&qSfs4Xd;_N>Q5Z376Rc<@D9E-5q0{w~oD>tU5DO`q4oeBux^8Maq(>$XP7Xnw51JF`T9y zmO)yD&O*n;&uw0N!c-@{*o-QI!^K8_d^RibNt4l41dccKqpAqrIG=CLk+HGbYq%0H zHMD|$JnRulzKV$A zJkodQNvbL^aSSeu!`p6Eq6tgs7pq}v?QpOw@73W{zkXmIK!^G;ycz_x>YLIHSt^t2 zg#lYgfjB4E`}8h8yngwdl56UJtvcj-c4`+%&#|Ydop~7YxJaZum2v2OpLTm`dL4H1$eM=Hes}3MNLv@flM@d);A-%AyfXcBvm*#O( zC9KH8s*bBV3`%#9EwIzk!BeKA$;D==4p(-X+-X8}xU))l7^0uB7z&6-j?#g?&#iK6n5%;`89L%cS3JoxqPsul1 z^Y8<9Kshg$`rY(k^jo=q@(PR{Y0Q*6ut;Fzvi+uQrLHrxPhq*wCQ7P`u#~#$bJ_>i zU9ZUYhLx7^4#eS?6f2d{NBdLlDUUf)hw@9wUDZePI)0B>aexSI4A^?N1xBj%Lv(l8 z1Rih!khWJhfjVf98^;&Ywv_gKbcX?&WZIn~Nwdt4QjrLjmT}2{;--#RnfMV);;ahd zIIF89bt^wR%N{&smYrN|mhy8Y-N~IMl;7h!3^=xW_3ne$J*=v`O}jGvF<_joaxzwW zZZCzXaj$!Eqh=mp#7a6u9jm3>NMYz-ji1 z-afqYe(Q`iiCR_4tu_v&;0jQAe6x^C!0ak`VbV|Q4KKVXc7XiBLsopvu|=$k(|47$ zH#dvc6o?K6TPdVo_-6EHf04(Uk%E;#D+y z+JRLh-6wg!bYRIf^2KPSTDR2>zURhrcip)cpQdinxxzR_x^++6}d8&aCp^n2L_imlc4>$yl{_4 zJ>NJM`^_E+W7h0LIl7{)UDnobU%q+|&Yx_;o9{e3Ngf=cWM!{O;d+p|y_g4aH z0u2(xM-XOxh%Q+>DK*|}aXmXnMY?u_I^1qKguc*!)+^f#c^?U?~VSk#}9YgTEU-Pk%Xp@ehH6-&P=sx{>T~Kj|2Tils6< z{P0|D|5W`04SNs@cMigeBs#&|q)3CHs*QoZ z@RSIvgT-u!0sYHs$1x@}AVmg#6`|Tl5)(FmwtOShGlW(nAz0c-v6R$c6<8r8GaC+z zkfo%X{r@n3@KP;c1Izc1)+3>-JH7%~w)gLC>9yZiy$y5UiRCxb-C61j`2A+L0&mpp zuT;!IPdF5Qbo%a0<%sT)1bH|8M_?3U!$j|R%Hgf!MLE2**$rrr^c*{d+Bq$gtZu4* zlqE@=0@xs6JQ5L$lZZ!Eo<>FLoFbY8HjFHIN*Ecr*epB6g&re!nvhb8YzpQ`?|0VN zt~aiC=8WM0{0Hvu!A02}nc&m|Ev3vX%$Oy(_S7fnBkj^hSuT681sp0gW@=-&5T3&V z9HWYxm_CMDjQB3hCtq~h;c8VOh0r2@tY? zG!5&tVgS;Rq8S#fNTPz}BCSOoMu5?9i>8ga3!V~lcd*##LUdv7$YV^18bwCS7&(kX z+=>+h?}U6^TQHKLP64=I0fliQ*jj$FwpRW$!6elB4knq2HT&owH6R@Z;0G3e7d&M} z+Qcl%3!XP|2-pWVlh|Of;3>gk`#4YstGoZdnUs`eXhRdnPH>&b3nq=253+wbzTL5gYis71qf1I3hcFqTH(f zc|52jz4G2mdu#_C(uWiXCPI~eO5Vyp5`B3tsQ$hXP8I0MAF6{3Oml)gcL5F;aKfht zNxpin+^Cy1-+YCKn3ae6bUOt##vrhF#r_+r{ET08-o`-B?gaNY?cVSFnHvDP7@+Lci;t0 z2{L@(H7Ivw2aR{yT7^f!<>)YcY-&8mb`aVkgJZLl?78$VAY$)H=>8zj2V||Wv*3cZ#tUITC_Kcn<@K>q9(}4+iLF!z z-^Gw|>^(%BVz}>R^^q)p+Z5dUD{NUmO8c7hof+Y&hH^r<8l(H5vdn?;PYk$ycnbWx zQea1=`?abg9)efcP@uzpOjdC1%KHOU?{Lyf44;j?VBiSDDCmeDa1o|SwE5wEGT;*} zKwkz(#^Jl7wAhR;Ff`E#erSH4A4=_PfLIJ57c3S+uskbDmgKpA^d71N5EpJGXk#~n zr^If$7n`cDJD?tEy?J0wn#@)5Pg1@7)-F^DylNTN3x2IjH?MzweM6Zn)S^E>fZGRt z<0aCg>VcLtLJwJ2G2>2a&4mu^j+{4;Wfg9=0z{xylx@-1-9v6pnhJv-31Q!rfZwX* z9oKn9g_ige8sq4H0i#%hvO#e*@~nVe!`v8sK>2Er95zFg2RxLpLL7ZNEz`wYh|IfCCIOiNZ zPy~!~Ss~=I8kH;l{o6J`$4XM80W{%n#a*5_=ORm+J_Zt zj5_Er!Xr5Ct%K7X4%bXD>PH8ufqgN6N3b{*2`kewW@S@Hb>c^Wj&Lff&_b>mapW64T{iJxg`)ivo&C-v<(q#>4x` z^Yj})s|@Us2V1UANbwPwQ5V zaXl`mxc7$*j~d=_UxBZWMFsF(;%-Qj_y(`HGgn_kLK$3ZLRwp`4H_Np*JBq@*g`X07AQ1M}GI;MG zyFKWCY=qHs99jxj?cphV+>WI-z^XD2-L7t1P+Z{gDgfk_XGY0O=9MnYh*EWGuxgAC zHbif1u(5{TAoyOb7doD*4ZV%zFF^m5$YR~|!Twt=;27Tj`S1T)?J6iimdDj2QZyLL zxQU8AD!@poo{76vrSSdb4x7g5fmP@bO7*;dxy7Wu?c+l;Dgn8Q#dc@j$djPxNxpO{ z(wRumzbevm6e$TL)p#ccDSj3w8MJGPOBTd|FXD(phTpA7Z6Im*lt5B)G2K>Eej!4K zxTmJ@%ahbjBmiFBJC(*!{aR+htj`) zgM)yfH0mp7Z$3njt)d%r4{cQbw%2I@$c9|~Sm&!CTKS-O0HZz4fDr`*qjcVM!*oDz zw)gNiN*#G$SMB$eciXnLbuw>*Xau9VxhFpiEYw0@RjdE^FCD;x7Tui*sdqx7+O_|q z1{PSS0eGr%&ZIW8w;b*X1gqDJ&U7k&H)n-4Vy)RJAI6%9K=|M zT=gYBnlm;G3)t%^OlcBow~Wzzx-5Cx%KnSoTSPJX?UMeV+DaITfuxkg0 z7=l8(l_@$lZ)yCnZi{&UbjovoK?_S^eACgr^;px(`;Fvht!eE}+1BBV=f2PGfQVJ# zH9YWWQ57a26!jb+Carp=74=!u_UN7Sur6~^7OW0RaGRr&2qsw;x-nG+E7CM&SrkN- z?iO9C-Ewc(Z@Q>8VHxu<`kt_Ai*&j-5BZ=||~MnUlF3+OAP zKuO}y@vr2nop;fH;;vNlAo6HV9-lo83`ytm`1@&cS3^tu*^4#b-gPfjcNWG6W@YC6 zzaXTGdgd|LmM0yx_jl#Qv_3k)*h<}sP*0htn+8S zggKnYJlAUn?Sv|DZRyzYwS)AiM!IVv1^WxG_57h=*{=R zvGb#370|n-c`u}t{^erZ0y<@LVI=f9u4jtPpB5FW{S46>0&X7KG&6(0iu6Kg;k+g2L`NCG54_Q)Hd6JfyXmWQzH?nb1a;%fA{}!WgEJ<$kn3Wvu20Y|5L%xFCKAjJzUlxQTJ|h z&53_GI0dYH|BZ=1*Svqcqd&7BKr8r9hMkG0u-=hbL_YJS7K1?kerj#=x8VtYE5^rv zHiZ4BQ$LUkEt=+H(XHC;YPVco=)(-h>i2xU|Jl_(@5Sm?inBbBWR$I@mmbQCXV3p0 z{Ns7MvOlAyw>_SVBa8j(a{E92;)OA&gkyXC#Y z0(EA&EAN$nZ@OIk(|D%GK8AHZ4NB=*c)YSISCD4KuYU!2n<|;GroqAo&{F`mg5Ohy z^Bl+;Errtt#2Jva_tWG*E^hIiQcRQ`q%H|oKEo4_wb&_t|) zlI6GwVwQ(BG)_*cFpPq@_T802kqvo@$PR30h#LvanJI4M87IYUHWccB(oTeu%Ua;o zowV;OdDlUgbXE8UcQnjM;P}XOy&LK+ z1W{5pF|Sxt)KYV#P-B>-B@2ZpMC6x2Sh)vGL^e7tqJTx`Xbuu4HB)ntXPnd=vr%jG zp07T;qibY8L+!sDGnNqxbOhB#Xp%W2Ug?iAtx3+nuDzco|ACr+gnH&5uSw8^Qrd!V zHvHk=mKf+TKL?%Q1&>t;)Z_T6U!_GFvn0fsGg2?`CNEhYiMR~wTq+ZHwOnL_03)(- z-We)^1ftDU3FH|kF;yh#gz-+1VZ`G#WOlCGb~EZI?p74!f@&HZ*c`a52kWY?Sx0n- zbm;HIa&7E>3~aoAxWTXl&QU=xyze9~4gO)xE1VK1q_9Ou_HhgoKej3e8v}yqvIy z^iZg75XyFcoC_v2@T1dQ?Qil4QU+cLHHT(;7p&Z=j-t4#ns{br6#cH#1lOYbx^36q zg?yCf|1Tk~)Wf`QzZ23rAFmmmhu54UpO)79w%#p8_o6SHW&EG`&w6CdW0HoFS?ckl zGA<*L=Zwcm!D3M-&=j>{X&l#0StWVsySvdxHqbGD`T;;ka?QCiOP+CBX6NA?Nis*X zRFdWkSe5mzQVmsByZaJaD>Qv4DNoH>Zr5U^3y^i21v^!@SSgH_R{fW~h-$<6B-xgd z3#|fi)YsPZztf{q(Q&gnNlfY#>Rz6Mx}-T~TGr1%UA~_tKlNtrdpO$y-m$(YM7_*j z4NyXVPrU~}sCZU20ZXzZW^o+WtmLJ1cuSsUStyb!a>u}88($g!0DL96=1id{*E<1U zNzzW5#Liva5KEGDD4zfL@=Nb)LJ%FMno315dLkH=sT&Z$6{1Ry#1^`X-vB+tUg<}8 z>o^B(7}MWwQvBjG0F@scJ3j&@bpUzp168|!)%Mrj_A|W4zl?%XRy^ChZv3m~M3`%| z6kvD!M@F*9=PWWFHg%lJ>$~(>P&b^FnUwCL%JZ~{i?q(%(4E)@j>bO#I7+TLSFmRT zM@dTeWloY|Aj=W3A_;ZpsG%Rnv0xH}p~`k^=chrUVe}G?^u%8(8LtIKvapj9yhLb! zZzO+9U9sf391=bsIvSq=9sS_g`OFfe@1nGRXlyAH_j|Sn9PGti18q={?f+HEB&X} z?e6dSX7Nuk(pLBU&x_&Do&%<6L3HqcB|lEs{v9Wk&)CWHJTl3t&L3opGBt! zCf36UElQ!Gd_7Qli8_lzFU?1!#b+SWJ~(!sn<_h5FC8;52JQ0qXX+i_s0n?4-LrrE z{h9uPKg$n@ttg)T1NFvsvlGwu^7F^YJDA`EH1ZMD)m1;+w_iLc0<+W$p)aVHmJ6N> zzm8cR3#l*4C}LdjlEp>Tq)`!+aqS-E8{1&I_y>UL$TjEci`ig0l5#>{P-K&43`O{5 zw>rg$S*)~yg6LHkCfgTdnt36ASKen8;b{00;Ja8%a6A{S?{b zZcB3Ft-`7xQxEr?n&Ey#ETl+0`=pvR%O5{Osh~Lg@gq>_k2THVXJFtBJ~(#%zwlCo zcdjor>zDE{1|xqD?l!kms^15fxLf6vPl6V2#+^8 zSH&B5^2UQkxkB>tQkAK>Ezdy^Vf+(N4?h_elJbSaxlrg(ki@MN!+UIpu0-fkUJ46{ zz2Vel)f8CI@iK<38TqFt6)YdraaFpmQ^jejA+Un2s4}irvWdKJmiNkZ7^5+$cH`tr zcgp8{pjdofXFGCdKMoIs&+D9JWgz7#~GLx4?G6pYybFG`)M3Zn#uz!=>UM0GA@yoXhaDo6V7w6AVw0OmGlo+-I=6c;>5s(>Y76SFu93Rd`1u%f(3>LL*pZzdch8_5*^03;K+=3H@d zA(`CbG!Mu`l1+*eMfh7Mbi;rxBo!tMIGykW2J3J_@MrUr-MWSq@RE`j4^;C@p;13o zbJF?OVIr3vbSfVeN3w%|?FaK4oNWW%-zAbS*xERB|!3(Q5F@st&6$o?=;EW$$70()5x8hJP!Pnhb$D* zw})n(Ox}tqtD`tbMb(Hpao2k!HUcL30SFj!&AH4y8v#R7PBOO>19Jn>sFhf{*_=k- zK&93s8w1-9C{?p1#oTlHqtTapGzK_Ew;M^}U}?JbQX_wIih{1}DtIWCs2~;O{rsSD z+3=s2{n&IIN-lVZ^VaKj4HMYEA6QBFrXd^!?!iLEiLFo-B{Fk50@0WGGzL3=kWM88 z$JM0=#NyLXf7`>H(Q6R5ygDK|6i?6Ty+ePVX`Vh0AVBWi1evHJX|d;V1_PFwnsHuM ztO}aC5imk~qJ>3b0|b&E01zP8oXgX*0RkkY+tVe5r`(mIL zdyNsIzNwy-p#$!QAJ)lkQb8>f_BD z(j%DDaEJcz)6#O@I5KkQIu>P~rWtGUs$_9h*Q|&|%EG2dvyvBilTWz2cH%tw0f}>R z&AHMtJ8@1@PDsl>nVnZ4*Mu47x-GIEK|ajCY;6g^5%bcRp&0e?lgQ|QH$Kg#XQZb; zICegJhQ>7NMZeCs+wIz*S6;QtrP3hJ{_%JJAAf%~{5=3$pq5YrTjDqZnCBrJ=ImAf z(?-c4NM-^fL%u_vrj6g!ISVTuOXoin(lu%#7Dh=B=RufN+u~YoX4@mKoYt9w* z*(rXKazfM{DSqPiqbMwY`QKqi{|`})-s)?O?4snJTG%1?^V8nRd1-HQ=cq1unpDtj zD3%UNEV-9Q6=yu7N>b8*)nW@SXE_JloVAM))NZU zPDv*}ASF$%IhPq{r=&^BNpE?daKw((s^AOjyPlc;&Q;rf1-BR);wWAnLo%=?Us_Kc z#(}g^rMgq2MP+(>LoxaBH~!XfA}4Rp&krZ(<%h|g%Q7vpJdIgU#*p^n4MVq}@T)2< zIEVK3Zr--@!^sbS$Pbfi&gJdd`C*cBLecJ%jX0a`f`Rp~gEQ;Z8@^aUytBqm@YsoY zC6phqs6?Obl^nfRcx#(_*{VJh;!m_IZ@qibqwZ|4V%@e&g5{~BIxLI%dEVr_JTJL( z(?m%GfVv=Qq~ps)&Wff=7|#fQRSUvc=^nL&+Z^xzxb!9l`aQ_+-4!&WnwBfxg!aT zqrbr<f*gW>Oh6*l+k zRf|8XJHEOV(2e9fGzmjM4pune-zo!zVDdTXT>6tu^Z9w{Typ0oPy9Mg8`dOs#^N%_ zSQ+OP<5})Y35fkr1a3aJ)4AynNavDk&gJvj>0FY3Qjgu{$5rAl4$8ji?D4n-NjLPj zxBAOUz1^<2i+gCFpqo;D7iDjc+hVY7*K7;2A&n4*T75k{!=;v}zOxXZ)7stbo%bKR zMfKIJ-SEY-r3GY8@|OPA(*kl{@|N6Ls*@@Tq{$w0zky!u70Z(*U;&S^u=3-&sV4-) zPTr<}KOlKat~pmgW+!h+%4q@FrySh{uH3BT?o|iTTu<67l8>Qy+f&VxNOzK4(8-(g zld$P|Nmz2{uzgweYA0dSACQD4*PP3nvy-qS z<%E&q8b3m=IjCo&bW09%%;c-PYr8E}OxEpxJ>X$*mN?id_q*kGfjLpBvh9w0K*Y`b ztXuLC-#U)tWb66a()7G+DY~SeyfjUgU!LaZyRLB;aM?M$xBswlw_# z*-~=NxokZIXa`Et^wZ>ocXRXJt02qPV9QNC1@0aZ?tRlxooO|=uv+wg z{|V*<81N=`I8MGwi(_+)i{CoV=4Ac(8QAo^0%3CJq!Ce?lqpMc=sJ^$TI%+yVM&li z(o&Cde)Il=ml4Jq^tNrRm*kAPi3qwD6<-ENKM3H;~} zQQowYrImk)-QdHaQ#`@i)ZTPBWqyW#F+DHCNbcP5G%n-1W>HdwEcWA!@hYiUoYYO( zC#4CBqiim&B|`7FLI#CH!HOf47Pu}uEYj>U$so9_A#YK&lFYK@ae?YxsROEc8`#n4gE5rF>f2(|uHd05)j20^ND`gEoadzt$({2;BuQQt zEXwMb#YGmgG6JPpm6%N|#nI_Z3a zf3xFWL*QzgcYMo5lW{t#nTbuBD!h^pQx46PWhAR2;c; zTn3_uV-7`?z_giQWyWikR%soTQJV0iax<-+ip$)oxJNSWbRpw3)6%7h4yL7urkQr1 za>TS`eI;};(eV#uh2E_B=Bp>ULX>U$f3>^x?xBkVcB0mEWGs^vn6?+JN|Fg9z)p>2?$p>L8FspiaGGIV zoqX;4lwe(oe42G#$uM$RFbS@uU!z7H0kDkXy*b%0lIR5XJ1_f1?wn;wl?qX?f27P) z76ZzR$8p6(REA}gmwA?yZuYaYUzt1m^+@)k7JCf)k)3@h8@lq9f2wXfK@-j%;eJ3lVoYjTV9XoL7%gGk+b2+ksy`V( z#ul5S-0{}2ppzTtCy}!Al1SvvDK9G?@|ZzT6P$A>L93*mtmC{&s|;eAZf>-bNSQl{ z^hj=`7JCdgQfoL3Ns4Hi2gx*(RCw~B$D{2e6)@+!QBzeMNb0?UF$B^999l22%WLb^ zkS|>eP_Rp(gP)FAC%K`MdFN+}vX?4922250mv=t~Pk)vbJ86|Uazs$^@(G$uLlqbJ z#y7eQMoA7KFVuoRzrqmDQA75XgU*%_iq)?j^wUD(%3G1k-iRgEz1>MO7<*{HZ*LbB z-~tfsWvYh;3>bD{DxsYc*eCzW@7MpsyLtbsF;84t-t}q-S(=~E%FfGYkvmsqm`WcF zg0gi97=M6(BM|1g>T5yVQU8$W@_;z+$>wt2^x74zq zR0A&PWhdE{uh+VRi^?7#zFVrPPKCDq3E2h!aII>-sua41TaSc)KymHkb6zCL30!+# z&Wqf+N$WZ*vW!V1L^^p*R6waj&YB{KgM{aC#Vv9}S%}6hTIi1gcoHZimSod6 zi|yN8iS3`a8^P~^(8F`<9Bw0ScYISTi+3=Kp@%5Jw{yzINTL%s_q^N~xpNw3L6G{A zRSRj|#--0$S(h10nwm>>EPb`gT{f26xv|`x8~dwx@P6mJB@wqEso#L#xgx5vUO5N{ zp7u)Uf0@7DfY)0cwg0Xi>r885ic*16FTIz4{hd(76y;}rhzRxv22E^82zh! z*6lr-*X^o1h}A7napUxJA>DrY7HTDOm)H}rgO0hY?WSE`dh!?C>T`RE1r2a)kPc~f z-%3qGbe1B|?@-|Lb9DK6IXZIZw2m?!MI}ojf9Uhip<8qoNLfgWI``wa@nd&qsoc)d zt7H|$mX7D;bU5wz)KkVnSY1DVt4Xq zOEn(Dl>4HrEL7@A<8&`DI75?swiejSQa6dUU42z2%4P*&D~kh zDM6#Crv%N_Uh)({o1OJ^KW{&nnv^;+N2|JNnaiX%ne=#S=~I|l%HwwGhU@jff0=%^ znCjqCUwI(TgY@F%RSJcL<~75P)i~+B9v|Q_0@UAtx4Q*gRn(9s^5LBlG(Q!apO=ay zcTNN8W``Arxdjz?-%^60B@*CK8!1Hvk0vC@PQ~W#RP2-l(HTm2!j&Za+2mi~5?HKu z#uBL)oz&gXHc0AqD2XLRYj!4K%PVUTl(zhL>6={k&JEW$%O(8HCCH;y&VAYUu9K^@Ce)yWt!}@su=fW1iCPuc zTbXiif%9xjkW^`X!v7qkSeJl9c5JtW=q_A%$QSa@TX{!ry#Wy{OrU<;-_4KF68iP%rc`*GDSa^~MNSf(pfAp= zp(J-MgwzUt9kM9&Qx;c6%*r_9Qgis3NO@2tzB{d#+v(`sT|+sgFUZorDSbgEtXMh~lrY-}gu-2OJ0;BI!%Yb@iBmXJm}lb<=ofLCFjM4X2?ak)kD^{afWh_+ zoG|V|FC#5V=sAKnw_R-PP|LzNoQI7dcaD=POhj0~ZP}oY#W?q4<~Mnj##LEWe(aVv8yiu$%Y~=p zjm+9l$s0v@uDs2z8>U|b$lEW_=>P4m>|7#8wh7+%h8EqBLWUdz1ZvcfRgCjv3xDgO zSDrO#0HYuPtqjd)O019 ztsH?7lIR3cJr4{*?(8=~lE!|?qJIEtT56H9JmDFuLwPxd4fl)M4Pz>7Fi3G07=)yD zbj^F^AbY2(8kBUtRKa|w)L+j#!!Hi9&p*F>C1n%3P`c#OMZPbKQrI+#!(=GrPxc}f zkI8qBfFYCj)0_%zlIR4!KLh>o!Lf7iHjl>%{%?DnpnRS9HecXByJz0i41d8ZrDi_M zYyahLd)LahuS|}={KeaDcH+5Q!Jg*lO-%A5Phb0K99BUkr8X>C90aNKPPzPFQ6YjV zkJ3DFhcgQsyHdEZE59!`TWR@t*P{EnZP!lNA-Pn4X}%g?n%Cyi{7he(uN>>Xl5cRg zJq8lHc2G@Uwd5;-tM>N~dp>CoDcZju!$ZDytaL4}rp>+lAxb1nE~y}%bC5puZr;CC z;T)^;@{3x1jLuu{u;vZ)g6@QW{3vf+5B2+Xm*7bTB>@kY21*7W61UIqJC#cv5$mZ% zW{MZ~u>Pi(H%bOYe@(mQ!3-||fCU>ZVi#Xgdf9~pBee2-1X6Jx0*Tx?Nvk9)dBTby zC|F!JIVT^MK5^#~C8U$x3xOI0B4hI>$EcaoI>wEnQFq&{Cs`|U-K^-@Ew zzu6SQ; z#lSBYk|UqP0os-HD_(g_p1M1`Ooje}m;O+$=ZWi6Wd=r@cs392w9-*|kA6TePF&ZQQc9~oXf<@A>tCqqHoqvX!?SGxrZ1P#!>Oj?#xSoTGxFE z%m&cWuLN_Gq<`M0o7%5AmW1_njiVtUBV~J%)+gVyXn?2W>YEl#v|GYv#0I#i#mrPG zX)iBsSC`%bvnGps$oFtH`eCt>r$)op*k{ruTma_CehT>A?tW}$W6IS$^pyt_yCGZi zT`%03_aZgNy}ChGQk&UtNg0r8zIXrUd)E)QUf)5Cv44LVDu~V3>dS*ON@$5k_v|Mr zPEZl&!T-pe1D|I#&q^kWB4u$Z0#?)!RB_b2$f_!;gNdk>4gV|L@V`f?h)GD_Ocg<` z>sAr7fq?WY!SW8bo}g$yL8l4CzX=71Tfjg=fYvI9?7%9tE_*^#P+R>15;3f!%?`EP zV0PF(7JoJ#mR85#(C8RD-~vlppCjP!p8u)F*bV20(pV@#1YqFb_M&w^fh}Ym1e(lZ z#C&m&fw?`as#~KCG7#KozZQPdnW7eeAZrIvnkFy*cIExnAK*rrmzWpUO%zb`Xww$L z^Oby`II;$tD4+$p^13_QQdB{8t6j4SlF7#dm463|_xoRYD80b}N64>8uO{pF?+V^M1_kUq~(v(hgbv`1L;(Ux_aURBz z+&N5m8HP#4(gs@Y1St$Ou4`#M^PIpoY?B$TD z$Co-G#ME|><{z)C1#_@L4$PWMmA~(=?8`kP1;XkZAqF7XVrAkZ!_zD@#MJze@qeZE zQj^`#aSY8o=*`r37pvq0UwWUv{QBbar(ad6`J(C9K_6_;DXAt1@xHT0PMq< z?~+{<6b3pBs&FNQ{%%!Yn2{-rX(MfXnnHg=<>DSvk~@+DTPf2!0i0zI>aS6j8-pcz2;q$1dJ1i`oKdWZT- z>p^{qdv7EKXj7BB-7_`^-D;j-@N38WaO)|o{Vr8x%yeehdY$@oIvqRYU#fNup)l{0 z3h+bf;X7Aw?yZ$`rp~=U^eH!)S(E=&cJW~>u9Kd%^k&=ca=8CYlYbUCzI^mMxY7D# z`1X72-Qu1LxTTM#rH*Pmnmed49!)W+?vQl8x}$fl>rnW0QnM@zYKZg;CRLu#D#!xI zJmx{{O!uaKVCy?KF8fjXZW3!fQ{U0e>n8QxT$r}wy|}`7B-!!lN!owiYag!q$J#B& zYU@FdO-y>@IImQEDu02hF&`?xG};hzo9&9pgWWIWiF%RMFtkLIwz zXrdET(pk`TdgrE&q9V=V)R4HdkRyAcB$8i!k9rDxYpjyrp~z;O$QeM1gPW*QS9B`jtt(A9u;=oq=1ybiqv*C|tcSwuji@ z0A@#(IVwF?;1cz{q%Bp~3k8v1K3sx>45-r$xcbJ-kxEG6IS_~cr_{3YQF?z*{_Hh8 zn;JCIy|}rPCJzPyxc0Q6nST#tK=jKnht=nVzX31rUTe1=L$cI9XxH8YVsQ&WO0QaM zs@*-*-cGB~X`b=Y&oajAGLdefNEk0tpMOPB6gPE~S5@dt zccy-1DEidsBdLDJ)Ux~H$V7N=qLcmUA$c)BC zK%7dr+8Rp9`o3nngcaaV@i>3h8^D0p{!38XOQl+haX#V-Y|c%)-Yme$?15o@oaq3F zi#3I|Mn3v#uEya$!n-x86zBI-N5`-%MhP)Is#brESH%q!Gedt`M81JJySw+c3rT8D z@lkA{VXgjin09j4>S9J@OR%u*qYZ=4MwAzDb>YIK8l6$|K@**zM$doh_(|{FRB@4o zRmGwTCPOD>!+7RrEER>|Wn7Bd-83roV_S_rS=9u+)VXSuTGy>c=T=QPUdf5J9Z9cr zj*+NdjCzB}>K!;n8tXv3@xwp{6gX_RS+_@L|GjaXLmD@D0rc@Dd*5Eo=!S4Z+GJk} z2VDzCtFHSOakDt7c98k5ULDZ2~FdSuUA|6#RZ$97H z#FxjE1dcQC^f-ghR-;DG8u#6Iq|{&9yZGDZ8-&vUB;4v)X^wpH27W*2CAHUnZtDH# z8x`)u{F>^QXMIxpuCK>z7}C8oz%Ju#$(jBL7-${6ap# z3wg?+L8ce@{+FM(>P)%J(XwEWEe)(e*ilke#%gO%43*qXdZ?}F@#9w`ib7TXtE^Es(@vGaayyuN>Y}m zIcHfA$5B$&eo;@P{}S6id9vy!dZ}~m6KY+zeKNQD$?-~T0M`k23Vi|`)@WZVN3ulP z$s=qJYHiS33Sn}vWqeK}IA_@_s!qtu(}W9+Ev zpY`aMXNOoCjS$|mL5{}%31u~-N{1#oL0O$ur9251*(S=9!APjiyRrSVxK_$$^00`}45 z1MMJyPUejUO^OEn5o#lM1f9SEeuD zCBBfpYlw-c+eX-`-He8`D#(`wW<6ewb*YRkOdTTfxNpy?k;YQ#sa%AvaC-SS48kwv zRijWM@?hV8pj7*$@}VPdL(L)@1u+;XWu{hTxD|FjA(ZWm9_lpF3F`K&`XYMgFp9$h z2E~P89RP}!hO3XDb3P7FD8JT+;? z(WB2z{~%}?F#-UY1`~a~<6?D6;kDy*qe^JyG)aqp3YxM5da*}U+^ScHsLmJAeqFbF z*lty_UZnv)+`Rjr12pU<{?fEx_Y|;lyIGXGtqKb6xA&2HxB<=C_w%rABDI6OC3=+! z0*;u^epwYE-`=$~iLQKfYj>LD1c5!PxQO04PfH%=(liRi_h~*-Q{GzJL zx^OmsQb_&67T6~%E~1xm3oJ!-iojB|lLAXVH7T%USnpg)Rtz^-I$xe-z?h!WwsL|vvhFkd8o1ta2PP?0GkxT2(Zl&k6R!yaC)qtn( z+tTPzurBA|E3gc3@KLqg)w-<1+}e0XN*ZT>RCmxsC&=Sj)gAQCMVO{#RdE((al>NH z1IEiHVnr>*GLEaP%AH;N(!eh72%fIIgIvlfk0jLz@<`H7`XuyYQvyj+3^%AUASLhX zn@de00VxC%91QrAdlHIY@jaEx8~pS(X7tGfN(d4cbJ>#q9$R4BiH zOYZ~Ud=*<|_rmXA*)<}^1&chYORz|yX~7E4t0N$H4vLBgOP@Lmm7^Bg{6Qn=hT7A;J&F5|dJ6xOENWQXq_l=H#slOGrlxN~k?3a8yxN%UU*ly(Y2)|JyzEsmL z<@)JsPnBGL5%=pQ&U4VVtYQ!KON8M{I>5B*gQ&8-(OC$Qq@JD@$@#GI;5=A4xpPt0 zSy}pj0SlX~WO0!QmP0G8Bo-m(QBs7tJD?NTu=3#PVCCdeZjq#@P7z6pc2XqCrzS;` zY*#-PoISaz?nL!5)5&I;jdj%vfCq zoW)Tb$$PWnFupw~iZG0VJar4LjnfOB4yQ*hJ*`+Xg`UKyan!|D3B0Z5<`a* zQ)tnp=zh^4E)5IOKnwl)n0|fi*Y$RPVJ;!|rEQmlq!POvhq2(;=&f9g0sQuk0~A}n zIOBs32IfL#h#_YBVB)IwrKfV4AVwS<2se=_6qSYe!qVA z+}pHE@odO~)@{}8B|*QdT^K&t=EX+bw_BnA#q`VxW`-ZU*wh{SRxjAz{mJ1z(tS6KU#Tm3sJ|9*WoCm8Tch18?M2)ls!XTG! za++t1`$5Js9+pWFCuPl@qtnvBhSdd62dg8Oa_bg~>J;5V(N5ar6G%OmcA-dz;O(OE zJ{Xx9VC}|OUrW0co3P1idooggOl>ATfqr3K>TTb@I&)%Qzax9PX_rgz0I>0@YNDke z7e`cwI99hs`a8(U|wA!z1?@Vc` zo*`KZsGm?ELYTm_0dS$XvRkLsDr{$siPeb0&!`k3gH2jHk8QP0Q=FiX&I8$zJBz4} zgrCPO4zrZSbzHKt@&lHXRTBnIT;qf zWzp#(tD~-s3M|;3i&}8c%bD-aP_K>_@cFQ=;5=9txpSH1c~&G5OX@IWahB)MOW$W@ znpSC6ilj)~O}GLZ))hP*tczUAE#POsx=7mT5X7T#T{H#R3EH54HTvq~C12g{93gtg zp)gNo7Bpjtws%&B%q))bgV^8}*1R$bK#QTwDzZb`$;sUuF;T(l?<} z=fIPxq#-8Cg_MioG;*^CtQS=own5*h9$l(ss12FzDWzfX70=tdQUUf9Y^xnS%Alxv zhiobcNxffM{O5yz#DeocV&u+Q6-8+il`IcKXgQh-mREJa(lo1sAo1%a=5Fz~L1Mwv zfyBtA+~QASg^qv@2`xZ&dY-)I=_7+le1iKyEpV--Z9(R^m$tp~k{7Djj&}z}FQFZX zy^e=C-r@ZU)!c}1A6>I>s{Oj(zUbwJDYj{K-XA{%$RY@Tze@EP%==|ejXFT89O*jj zz}M(I-7O#bg5^?R;{<6`U^#gC(ANRId-1CW`H6385RT6J;V8>)(4OP^aSdMEZ`JVO z-Oc}mc#X!e;&99U@kis!l*4ko#|rOslU1{q8mrki2?d8n^wrWExoQXSDxPw5|$Lf7c5hb{YnoR#x~hdQoo$c5jnh{WHe_uUFpG;(u@ zC=AU9PB@B=0_!9S_#@)a?KtzeH~)~h=;^QM5H6B`Xj-_!^Kf$H&S4x#!>AH4N-vV8 zepW(9xrk*+z{`+VLBrh`oY2O}g-?f*BbRau7x{ip7cLsL<{0-*ld0szX^1)cq0wzM zU^%=0{~BEXt{ZbXUa*ANIp5H5tr?RZQ-!r^v19KA84NvYUJC0_LyOn#+Gv;Jrbpmk4LrEzL7vz_6*#3f;fm2L~8MhIY!&C%4?ZLTV1g@EG#4{_cGd)!nLHwzm(upTI-675Co7$1ksMo{!#!o|T~90HHDFw8JHd zPS6 z_68tZ074C}+e$fFZ%sbJMBN6@9Rd$v<{OQtqY~H>7KrRVL+$sK*ib_EXiy$Wae~Bu zod?PzcP{HF4J*zWFEbc{9u)G9=F&Y6iYTm#rYhZOCGvV(05Za)*@aaHvLI8OYhc{ zQmN$4Xpk&c2%DP30Y&p72)tileARlh=&LqE1mDtE(wx?RbR^LU zB6l9-jocYfzxA5s8Z{$*Lks}+=S^abf zQJal;BPm@ILusnxc(*rV6+%(e<7yVkO@76(o~Gj_>?GHQHgBUkZqr_lkSO?8s}$njKEIc+W(HSi6p8x= zorY3@6b*M5-bm_-B4m?%{Z>;N=obcXrloE_4sa~|I(kCA5k#GMgl=0XjB?}SUy*m? zFzJJNN0JVV2^m~hs(fu^c308w4V3zll_Xl<$upU$m|7}#LF4i-j!n9^ZbR41I9^Z6~ zBsoF9m%V5PB7d~;WZ~1{$;hQ9^&5%mI#IvP?L9_6JgM5~XWR^iz}V8cG+;}sLyI-D z9sY#SW;EJu)hssm!;s}cWAqrO0n=^Gi?_C2Xo=c^E7EP-R#_OT7oZMD41+(oHSNn3 zpPNqdAbS4+N(@U^UiSMgl=D=JhD*g~)B`1()U(n)$bWonRd^n@irl%3@-okolJTHw zSRDE>javLRID@n*;nwbY~xkuanaWr(7mmLXTiF{IyKX6s{tx`C#xw#J!w57O?WRk(yg>Cxmi~IQ zLJ5St&cQH|L??*sc^D>=u9vlH1}}fVov25eY!d58k{&B;u%x%uNO?s00aDk~O$ekL zcm48>0`ggvxP8B9ERYab1c_Begm62MSwo+d9*}|NDcp5<9N0%~4XJ1x$a3YrO#a)RGpp8N~bW2U@JV<9p$_#!Y_*EuDI# zi7uh;m%+jbF)XBQcsw5Z>qjfTOyh0y3tfsqnF7>%r(Io=m(_wAf8YxHdHHmI;a-8)TCk|F8FRGBEPJ*8}3ps z6g3gOI}lK7u9zN70bpY*#HN3l-b!)7k-T@;-d4JqR9>Atm+GvBLH6b1et|-t`2Mkj z*=0$lql_+Tz|pP{RXTF43$VR}sYZHv{ahbZl})Nm^{U1IslAI%h`m~E$k*XUIynDa z)nOb%ep13dr&k+Ebb`2_2RkEoF0!DiVjivv zqNjtMkxNaAJBe32QQT+4&giEnMVz9T7V&Nnlmq!9DCh^DR78u2|PJ`#91eAJO z+A*JxP>aq(sF6E2yl8*IyhvD_Me;I^ijwg%7cAjP)f8csH50?#BO9R>Jsm=gTxwD} zNod=N(m8uhDoJ@-VG~Jy9I|H0m7Ak6YRYma->T`+Xs#!HtrM$*iChV#9HhSt82L<4tkmglY@3$fqeSb1haqJ>z9F_fTZ;&E74^}IP zR%;P>y6exLo^eP9`X1egjifk1pPUE1BX^GSGAMYNGCze{$)b?AeN@CONeVyDqasMf z#BFaw@1m!J-jRPxP3jX8)^?&knGL}sDcylSa&+o$g@81ShTE7r?CNunGRMeyKP|w_ zDDGgis0-vnZvUH(RiI_8OQVz=N#~t|{@7rAd@a3qHC7$=Gyoc{It)}s`_25|Ij*EB zk0Cwo$tPLd@9sfYHUJV(u|`yAo3`FnCJWXl#^CZFApn0b?rjMBb3$w%KNOTCIYDmE z1KN>0iy#QXx~y4Na-YRPC|FTSxfM++{5Y#a!6)nh8)z3j9ng+kYEo{`1lp1G({{kb zyiu3%l2AS1iU-x!Sl+T`;3GPuL+5a@`nK4#D;lv*t?%ky0;n3e*@xC(su7ZYi`eH# z9b>;e;*o#832M3NUAwG1-Q^XYXeG9wuP)K8-fhLu=L9v8YNu*-`=FY9 zkT2CCq4N=N(Rm0sa%Xv!mO)jgtPUG#uE$VQoTUX55l@Ri$jdc%cN~gr1l<2m-TUu2 zjw9=WuVP?;Q(1tSY5kVwpm9*0SyfYa>ep6wb)SE8E-n_7L}hx)Y2~%-s>;UxvF~v2 zd+a-$N7*M?Mv#;!r-PDZ&mW5cdMYy=Btq=R_2ooF z6)8WgFO;O)6Q!iSww;`mXDN+7peO8##aBfk-7?h&@uNBi4nNmh$2@;Xml0|31_d(%hFJru&L0v>{jF z`5;&1P(!*)3SO_4h~QP#xnGG(*Bi$OgW5|!Kc%^}gksrj(Yl5LbA>0-8c|m@`iFl= z6$3R@3Noee(L`3tv8x+{t$fs`O#vUDl}UCCSBm(?knTM2pBMz%kdt+x`mZa`v)=NR zevUTZ-JZO*zY6Wz_2=NZx;&45HaXW*tN#?xT~l_p0rozJ_F<(aH^_AtL<$Y-b$A*K zjGQ^oGmi&B3Eg@)3x!`Wo~9lPl0|=9CB>r12WaX-8wM7h4+cgKHK^Al3~aPsPX>aK zlCOV44A*?AF=+bz^T#piXL>i4Hi@6o(S@+hkV+OyaY$td6?fsmdLtrJZd30zg|H^o zXb-R~h@0rBJCw5PQYz)`LWZ~M^1$*KM{LFo!li2<%xuT)*sPF*QYC>Kvsr)jn#rAf zSjrhpylGl@=@rgRlnUx#w+?~xx?bZefW-asTR=%UN&o9-Ei-eZD|LGnQ+rp|@M)$$gg?Hd-&K5r*~hXmT)80`8-@ zJfE&X9omZ>d2Fz4%@lu4bk8?7bSAt&+?P3b_0dP@Ey+xV2Nc8;nwAnLGdH%)yfqEF zu+xq>R1g5(KB7PQY%To+?A0T``EI@Q**z|MKRUtdHmFLkA(-zn6B>K^00%tmij~Zl z+P>3GKMucVue)8+z@B>ZLUj+r8@7Huj2c5fSyz4AMJkuGU&Vh@EqB0+7P|3=+~WDO zZv^%rSMYiL{FEi3z6Ux5Pl}8%C8t5z$eAJY9_D_=k~kAA40sGI+bM(8yGb{?O^FR< z3(p5-BZnF^B_xz>v?-xRaD(FMhbQd_DWT#M%nN8@g?{C7rM+f+dlAt^P&?v(P2#V zTlWeTEF6wvHAfdw&+VC>L&71CsYK>heYMSRfKhd^0_+wNMXk5!pWveJW$bGgW<$J8 zsTs9;$00Z!;T4{S@FHgpeG&Opm@wZfGZy-30crW1m67j>Fywy5-IPqBjqnQ3hwvhY z8q_ng+ope0&q$or5I%%{W>U|F`)fXkEte0;`=~?J1{<}2&?v`R6km~QKhq9xHPlk| zkU03is%Dmm1Fbh50z_Yf$zR-w`fkG?@1HKEHvWLyws|XKHL5X`hQ?0(z={t`f8l7v zMJ*S8sV^^8hGh7HFS+2@Ds&8ta5PA)_D$ zeCWO)bFXB7F1Wy+&qP-hy~K7CDq{;M63rFL;1iAhI4n)7PUY|jL^B$Kvv|;=^_fsR0elxR)Wsu0n2jX%P^1oNtN(SWNsSy&<0tB=L1=hL%jp5 zc~}FkT`SnT5+PJ?a%V?UQr9H@F5j$CI!I!~RFETMEx=H0u?Bblp=LMICzFbHt-6@3 zAZ>GTbKSh`+N!`h>`aSt^UNjo(4`i+yElI`IZZcG z$e9Z-Lk(CKas}fo%T#tRQgEo) znG`gZq&q@CeMQyXw2phIg$Y26Z`GwPfedJ-+~x? z`f6PT!CBa;MjwA&?be0DFd*ywVQr;WbXZ%j_gWvS1NX58GH>N;=Q29|c2$2Z;XIVD zsEl8iTSZ-7>Bmw~7En;Fo7fGtmk^`$kla3(9+E=CdKjGs1S4loJosanGeCMm*>S-5 zB3-b+Py8%QG5~tI_0R@_Mdt&8kwXpWA-RHadPs>6>LCdM8`49%b);zqZfa}WTZxXV zCf~`|8z{BfIzIVkOF!{LbXZkKQsa}4 z=2X$?5U1!gh!Z(;5GG|2#R~?_rda4z6@yYi=0#=cSBo+diJLq+vLQ~<`5;c@Py;GT zu3(&sQsM(DO0r=Mouz*y9;;PPb&_=egf5n}@ALZ}@7;#4w_PhdhT* z`D!0|)BLD6B_QUO8~r<+PeGDQA_lXe`IFt~doMXl=rZ|jRQ<8`)$Rg#?X2P999PaY zz!CYTy@l;n7k5alhvBG(6`CU*Gr4Fr*7{a>ud(<=S7!0DwQm}NaXI^sdZ$2D_qEQw zw_Sa>>IQ`6|D9U{*Il~$e^uYXxv%~($4bgKul^6040{F|e|8ouW+i`;gf&q@sRZ%Mj?|)7O{k$&ggF{U+dUao%S^gPT9a z+kmYKh{-Md+H$R4X1NIaW&{%*D~^a!-CwsiU|s2^^m||aQriaeQduufE~;8r!6KU8vqcKa34}V zX}Aw5GU6;c4OU0a?E7h!2QuEvqoiPARm3cd!kBr& z>J$vZdfXnL_V?<}sWaK0TT=yhfgMes^34*9=89FlD|_c_BMsmIZ&5cW0qd{^O6Beb z^uRgTdX$6;ACK50MMkLbX^1^?=E(E1yh;U2t0-k*6asThnXy6?UK|(YBJthKF_Def zi_VAGeG`Ds>Htij%FP;jGcUD4rEC<8PF%SZ~1FhQqb8OfPNk|b3b306eV z2)&HK81al%h3_r$G!;SM?*9_mSjOmlSVnTF0TV=H61%Q^gz=dSXCx&Rn95k8UEUO% zf2HX}MB5^|8!JiI-ntN7%Oi9mS~wGQMry1D=)T2-aUoY=a8tdZ%-m4Viit711H=(j z?sKjC>h2ZmcJ&Km^cDXumdFLreym0sAq{8hW*>6F_T8Gp#(e)%kXYk19|*Z~4!>kN z*fKf|Y)Q@>7b1_sFkq4AM=Z>IpJibPe}u7l9{Xt&Bz)i!*allh=L1`kLk$=O8Z9|! z6e!UFk7NL4Nh?3SR7_^|is>+_Z=?7DhvB$yL6;KPtyL8~x~}Zgx3sHuRXI`r$X7WI zNFQC!J}Xi!i}+5@VtG5w44zC%b{D?(y{@@O>TQF%lIpj0wz2^2IM?XbY|ZWPf9332 z6KJk%;t}iVE`IfY1-tO8FGC`(+flV^hFaWxHa~2D)iQ?3y*l)Say|Fk?PK%Tt1G!9 zoAu>`u{)R2^Sa{jgHr0pj0LPbS zHcNy$LN~B~Y7LwyRpxs}G*u;6vXX{qBY62V zGZ(rB5Glj&8lJ+s6PzFJXl8NBNK?LnHLA-xIrAP(-ajCyH;sP7KsCuaq$qQX6dfv(A|v$qG^{i^ zv*20mb1zaokHWa*j3-6Gg3J%3Snm6gJIx*2Sn2qDSZQ*o0ez-96$ka179H|52B6Zk zI#YtbDwv55!^jKgS5m8Ptgxs;GyWhYz{s zp2O2Of3y0>x~o?<8$%T~3u0(LQ+b@FnGfAngMue% z6_vTW(m1v;-0}G^+~iQlS|4(pA?rg44qBgql@C-=k>b!b=Xojoo)UI##%5?6#2rC7 zOHR}46vgS`k+l_)AUX~Qd${5Snho_as|E!6f1CCO;+3j9UP3u?kG9t8j5@o$zW#7^ zd;Ll7mojNr*Y+stE0i1B(a@V-tkhi(`Pj75P6xZjr-5C`nS&q*E8qk03O|tXxRP+=9@yWv*hf05nS^_-)#{>bwCpv)zy7Oo8DbZl{a8n&36 zIS%+D&4tI}#Uf;39zw<=%UKopK~`}tJkMPo5Zl<|_{M#_Hm;ve+hH3@7Zex0d zs%ZB5^H=ObZRD^9znPUgd>h+IfArYW9DO$&7N(c=vw_W{%aCw~{n2CqCXGRd&wLW< ze&w^=N-U7-d`C!IQ|4(3?wAxBVV+LI9g{OBUXbRgzhK_NFIXtNnB^jnKZ;nS2{0Lp z0rO(~pHBaO?L*|L36qWA>VV7JYmSu8BVe}xn#7{v}z;BYTfB7w{rc~{E z-NHu>zs}UHFWrn=kNl|{c_pMF1T3MZUqpKXRRQQ~;ia(dOQL9;cAK@X*xWZp22!k9 z*P7Xd)X|rUivwHlNSP;%mAMxWoz22F_iEs(Ld9-B{zBt6K&n?a+ahhK-Fh^;1^R-eU#$gU^1he}9P0?L9Q_Iyg37)pv)+5BdF>Y!zi#j%JA^B}Q14(}2t5 z%u!Uuo?i)8`Ci1rYEd$tMX@w8A}Px(&WqfQ2#jsua(q7EGC9<-R)rjA$f}TZt+Z8f z^x{^wWY4@SNt*wRf8N3U4z7EDtUIIg zEZ8J$54DgN2aL}P+c|0;;O_uEgLbBNZvpMBJVIbq?;89?{rD&~x*z@KxM-oU8G2+n zF!5w)W8jmDr3Cx`wQ2Brqo8pzYLuP{CXIXeKHjzpRJGI)#KGu*>QS~593)l!-PuVU z)9zZ1+|CVDH6M+Fe~~b#2=5hJYBrLM97|4>@fav&qfM{~4W6d8qf6kEkBROVi^GCK;-*4MG z-)kJI%;L?*Tif;ed?Z;}qYr{s-^^^rJiQR*$_Oux{->q9qri#0k zQva0)sFQnlf7qsAt3ZsyX!1;eBJBz3O|3BU(tLFRk{9d#kN3vpyDc#hDPTYz+G;yYrBabreY9=!hcY82h!1bkXrr+_$#J?bWdom%INsIOS4%w7o7pEa1+`jCa^9k zh~|7&n{N+0VHPrQRGly%yWV4S-Iuo65`iQBZ*o3lFFDk)f0|E@Go<-bxsHcc?oxJ26tDh~jIDof zCfC2Y!_FIzdeGUnkU&w$UML*TwW|=Fe_Zy9vs= ze`wBm1E;eEv#;ul>)uWLI{&!+dW+xwUJ?JNTa~E0=-P$%>ZQhPNEgmtspn?hUF?-M zlj}RyJV{Ucf!Q}PFA;Vz`;4%Qt@2Gj?Y0dD@N4VUG-kJZN1LVG3I+H&=!iYkP(apJ zw8_z4EY}RtB`@}0ZfjKYn=VFx0v)z|f8f}PM!svCniuz!J)c5^O$v=L>8F9a$(a{n z;`=4{nY7>1qyxcj=KB@HmcThLMZn!ON{J2bPR{j3P$!PWtbor|`iIw00k|azxHTG}ABX*Yvx|PfB5yQzJHHNXsL4r9be`Rv| ztz9~5MFj(Wc&yh7C9zeIvF~DyCQ15dLWZn|lw5IdKOLM6(^qybup|dJ?79veZ7L=V4pOO1y479d!QIKISvgD>7Cf> zjluTH(6SYF0H)|ZsCTYf0nHK`e=db~r|iD67S|OPup2IXRSquQ!{?Wiki+g;f8x0yYJUjq z9EtsJdIYlv9?rTL#PpS6QZ-&FE?Bqqsg|3@mc1EF1_&Z8UmvJ~TQxf7G#NVk#P)6dW`Yr=ihF@eU^5xdj#>$Uy8#elzQShbfcN zHVxO26jleMGCq*esQNBHBNjkD$CnRXJ&TE|uHV1I0A;R#0u2BK=72ecZy(@TNY;#u zjN5xn>aAniZT(HiDCIY?*>K1V*-&#G^C;(L`G9Z)1^-gPhc3x|e-PXIy1Z)amegJU zc5BPF_nUfmcW>V?!Yg(C?&|tRPey1z`4zjge>$u^IStlM&dkFoD}p3oA`zw3elKQe zkOwS|c;+Rd$VKQbOHFK8dvZQlJ2}*`+CLT6P6`fc{~)a0t^JhvZyHk6%SHhTsHIp0 zC4HJ@ii94s7pO}Bf9&3f=1{HlTi17nC@ji^m6b18 znC3a-MG&#ni=r&gGcO8++Zx%B@#K7vadN0*tl8ep)1N=&bR_D8+>me=(+&Bi7@jmKv8?l^ripY7S>l<`wWhxgUrmIcOX+oUhA~T_y2u;H+u!Q z+gqqxZviQU4I$Qd3~WfA`OTh!!kYT)Pz?fm-!@-~jls=4K!UMW^k0gIy3gu|DPANB zXmnboe|nOJtl6Q9qoWO7#D(<)lo9cqgYpyvdnUe=kWEyvkV-LixT31IE2HW>H%DX(Yp_ zIPu)Z%Z7L-=Yx2YLmg|phQ}d{7fl^KWV{BZ9MeIA9K&Q+l@{wZTDsdq3j$P5K7K}} zJPNKN1juRXq7&sjZ0hZHb$Acn(yKUZr+`U=@GsP4-~x3RYRK6tS3`OlCf9MmRvC{> ze?Oe_5?$R%>rY-`2MqHQ+e&*Sjem1r*LWq3e`OY8htzfQ`*i90bUbr%8lIV)*$>fG z5zI@nf`w6*v0N-l7G(*zDuoFA0Y}BgGbiW6Gm}FdtLww#5V}r-hKF>0U`m&YAB7#> z@0_C zd2{co(l_`KL<6qA3o?S4LLE#BjW7+T0eH!oy)^ZLWD&C}DMBV)fs$n+@}P;9e{=*w zbOfBHA+-U#>G=S>#RGhRsSU|Z&j-mRhZ@x7NrE>H!Oxx7N9Zz1Xp23lepkgU zr2bOUo&NT>Pd~`)0)~I7c(CwJukD}SyVWF=mi(%0+2+udsNn$bElNHke`wGaKvddi zfAP0nKKmDW@c!%U_ObpZUUa>r>c?8f=1b8Ka4k)gz1Q1a&doc*ycdlcRBf`V*M4!o z%U>KI-zH9Eaub|dJROCZo`%9CXD-q>$l@?%JdS+mBv-IB5)oVYSsVpvDx%VTdyv{F z%=COHOme6}EuJKJ;}9G^e~~H4f#a9lEp=+C1|#;_))kHLjdeOXBJiLCS4+2ejhw#nNv~diu|8$ml8ZH@@7mAl09?k%TN7?oaB?z#Z+nWZRm--68-c*2NQfxRL-^ms(E8A*QF{5XqTKf8S5a(hHfNOK&+W zd=Ge_GM4c;jH@t6GoHBB(#9dC=ffeALk+6sB*7bppqt5_o)7(EwES=Mo9EI|dfBZP z3KgbTrfCe+V2I5cde85+dA)Man$d-0srz(-5(x$;uoMo}xnoASSqOh6e^7WSg ze<|NoWXFZPq|HL!KJsTUn7aqvt_boKXf8Dkpy|MIh>dr@f8B>+;wU2F=0Js;GP9BR;D zOcK0t2oCr`l-P}^;Qeu39Z<4|!-WYR5uW&97BsKX+VYQx%LVdz4iny~Z`M5P?6tOQ zGbF`*kh*WD?hsJeSkIu`jvpeQt@-!moxZn>6+SAu3jF9ON$fcK-QO#9Q>N>y$?g-zPI4*+&N0VwIZ$;Y<($J}EovWsoQa zPMGvlCTU={|F6HOFad$L8FMpX(W&(*Kg*PqTW{8sl!dpNcAW6WE|fT`eGUgU9)fjKObzOcyDv4Qb2oQArAyoiPz>IgsmK zZJK`Cksq?RQ7M_C?(PAImq(a;B3FGfKQGk`r8RY>z&Yf5en-e3_O^Ea{PIsNK!FkF z^L9=a7Iejps0t7E?rCnXph>T}aE>faZ0+2d9+6AY!zDAgDLlM)fMh;d`JxrCm)qPt zeHh7J6sc3X#`!J%yGO0nmjCpA2z#rw&M?l;Qz0;tC3*?}FscYpZqB^8*qCuREr}Z2 z45B3q%6X|u(4t@=L{BIDlb-n}`BlBGvg3uNuh0c0u&GQj_y2ygzp{*Cn=2_yyZtgU z?)&Z{uIZf4zlg}0+I}Qfk9cG^*gke6@bb^pEU4?Q` zVwDj9b11D^hxYiq@u`hE#Lpm1C=zCG^2yDv%)$d#s>UP7Gd;s*=!oq-&DKWD2ooM- zi0{dF;^l+FwvM=5vK2$Z!20JNwPmUm!#$d9)JLa(W z{L4;k2CRnXbPYtez!&yv?M&X=7i44)EC?`N#NTF-D7Uhz;9|mq{rp`mYCA2+Z(P3| z_i`&+ruaIJ*Yf;L#ohTTIeATZD`iCh>KiJ=RPwZRil;c&w^e@#C$3IHO(P1B{h?ybfl;KiqL5uUPhtpf|WT+6Z z@+}gLEH`lJl$O&AWC>l@_rpL2@bqb^MXM9>MW7Q~1Cc{uFI@!}+;=XYdEX%A+F!^{ zT{gk)|H~A7^gvsHL|BZ1GJ|g z|LgHz^t5clc)3vfl-9F?%(o>F3w4-{5LQG7rg)7}*t$X5hwnmP{hW=Wz3Z9#tpl8=92XuLrVwI=ElLm6+gG%oL4Ty9}jTWujs z%_8CHV{1$-whBAeas!|n`)oQUy0g@L+aNoZ&O~De0J51jh*K74?eL4CR&FCx>kQbD zbB>$y*}c`DVHB~}tKsG9SI~{Qxjs5`uKy~lcpC_BD*YUtK_^Z@j$$IRsobMOKG7(1 zlKSMz@0mY|fhI~h@OFNAc^v6#Ls@FKX0qOEf&j@|ER+Sk#OPdOqjBi_H={=l|tw#88NNQx5f$y{iKK>aS zbt`Fb^9z22#MQXTnk#~vpEx3ez;3WQNo1l)%W=53fza%rGg8K7M(`oW{fEe=wtolH z75~V+R&78p7aqWLs*?8U_p#Ml`=5elJ+pwhTcwK2+QJk}HPj4bI*$4Hk)J!F_i>jO z17F%k&Y-HLZ}@a<1K)2u>_^r*?jrgYukZ1!hU9hlwc;CD-G2l1!8&O&zO$wd#Y2NNex zArmHGff%#!my~|6?TvxjblpelQvTh*DqM9p13hIp7y0D3%8Xim51%8%KB{N1g?@lg z9V<5ru?2ty^>%XuycX`PIeEj(#CKf>u5)GdV)(|6*&1Nt_h;KxvwD9xAY$-Jsyl@( z8rv2**ym>hgM8teZ&sTMonk+qdm|g+bWR@BF{SlWNF~AogSjb@Hv_^{(2=BGQ+Ppn z^jIhjJv7D!)V_a=~;O zr&F@PH9St{yyJCVeIc=MzfMI`LQtJ$?UHpn!u^C}hUOAC6;kc`8i4%@V&ujwAbGIf z^#Rnu{v1LblZdCwlQJ=I_Ld7z_}!n3M$YlVaY4_^j@;6G6B0&A3nCPvV%NxQ=w8)p zWaMMnI1cTk?Ra7DDFj@!6aucrx5!1V8GJvB9FX2b?pHH6gBik?adXiqv$wb0F& zbTWPd!MkCZ{0~-JT9on0P&7JZFtWI^dK~c|A z>C+dDlX)Y;mH|IbX2$Xqh$9I?xm?Wr#ojgy4dsXLXJ~^a<_~LvGDy&e%sUp}OMqD1 zbt|dzH!VUQFmZYAf+v@n%S#((oca|~rb^V@C>N0aR%POXQ6`HLtM=>4(;+JkZDuwS z4fylhNJNpdFM=FOd*A0N$ZE?;1N&g6c!z|6J)Z;>cyo5EN(4xB^J~#><6oO*ax&@* zkj+Fnkr)jywC71%K0GL58m&Gz0n|kMAqpYjY3ssoW@c^&s5`}fcn?kk`hh$;Ei%iwFla>75hs@lq#cJ!CZIE6B&2z9Jw z+~n-T>Dnhd6ZdUVaI{@Z4mfj^u)liCI`&j`61qCsa1e@Vdr+P|2Rcy2O# zq1zV=J*{?y$&w6B`siI7p+qn z9T-&8VwpYkvp1JJJdaoef1(X(i_N}Aj&JgaF8k=11|U;`7JO_;va#{~S(e=eAQ)86 z&Kw1a)_2=`p|)4axpDwNgTyQ!68x)HNUZAg#5Z~_#i-Cqsn*9D+l3JSeQgqM9s754 z){hD)$_zBZ$f6-EJvfbV?^Y&4em!iSHsdXd7OmSBs<>M1Sz6+Tk>0Z>vD?5+buyRW zTuBJ+NH>?vr45>482+BAXIu-f(mp-SZd$p|q06I@xcZD$H6B6XDS z1@VTr*JlvT|3~Y35gYE|7hvr&bnt}c{4w_O0*OPU?QOmuYTA*P;5{GejC;Ic=&WrW zq_Q$af9K+nHUwGd##xM$r?pb#flz#hPDiu5hjFcfG7Yt~AY~e6fh;s8x_A*YB|nQf zh7I{HDxB%d$M|rGkP9vanI+?MlxC(B{%pUC4MS;(md?uPS62^!MYzHipqwd|+RTBdeu zc<;6+bKO<5pyw>_NG33OJuEVyw$NvU2H+R1J&Xm%u7D@#&VPOEe(ZB zOw;YtoOna|34-q4_KN2D_mRaUao08v?;m@3-IFlR`5FF2QdcKc1DQ=M4GA4|O4Ezn zaHi_u&Kpr%jwzNi5<0>)_OMgnz8~RmRwlkIUqRwCOd4^@U1@5AhiJvQKr>|F<5(=I z_t;Le`T$Gtp&Y0TbV2xqH|D=v1WbhHN_uPIPV;z}xs$`4bDCR#%Zi{B)_<+sr5yWR zX3v>m8p%tiFW$lm4&Q6ZMon&|sS#^EZWE^AP)bvDD$HQY@i%X8bX~G0MBN596xLJE zOVxJPOACJ};vbZXP1?v`Ad=W+N0w0?<|C&er@h(3B#?i~rHe$;?b+XJOw{ zSed3X>5NZ7PJL2XioNKnc>ADA^y|Zd>%-1LMV114CWoWzmZ)c*H%On3R<&2jIevhE z+TQ-H;TqulTVM;EuQ8_**ZfmNN^Fqux+1uDr<9jktmQ1I(F__sJAzDAZgz~@TSA#)0|RHGp?eZts_LZ z(n9K(nKE7=vC-W5+&n?FUv$`lp#SPItSGU!cpxHda8XDjKIZH1iYHgSjf0}{x~-(ZgG zuh6y5z9T>`H@~(}8((|(gZ+^lZ8&@Swo*!)`H834b8Tk*1_;cwd0%Qfw2P=*NyWQr zcv$yrlh8-}uF747aT6`wTkxOn_#sduMIcNg9JqGT#T7VIc2>AhX)fuh44AzZ zMKl5FN0zjN@tt?xd(wgVT>wON2mJCDQAVJVA)r$}6_}~hGq9N^Qi(DUDl6y}gNA5$ zzwXflW_!p>4Qe#`b0D!;%)@BKcf{i!zBR zAXIDG_q=p>fW0hbN7?gzK$itCsq=CEVADX8RQ@AkXSMU(8*a>`18Cn(b47F&R@Tvj zN`q;Z2vaH)YnE|<6u?(YCX(AhMR_|h0>S!&3MV6r)HIJ!zjTD9Qe0h(TPe480M+ay z*)U4|NZ?E;E_bQU{oy@l-54S{)er68Sx6E?T$c9$GDNV&ij`yemoR8f_ME0J3k0<^ zT*_uf7Dd$8%Eu|33@}x?@?)=sB|IJ=iP9)Ao8q2y+>53Z+|j|TxW|ddmKsJCo>-)R%ufi`_s$_Mrhs(iwy5a- z`AQGV%9CE43`oZ@RZ#*%SYVfy#XEKx(xoVjVqvCBKUN)&VSppY?V}bI*oCof7v;q_ z0qVk0Wefg=rhQ?|eIu>va|jyyf{hBPUB+)BU_&b9kD7GVYl`hgT@wdm406eSdahwJY*ATq@$(gU`PaeT;9RL zbVSCrBFoZB@hO(anp^hO1}p4D5~F%Ak^8Sn-vZ-orj^VPEoj0mbjH0>MkK*W{W0G| z36Cifz_8!XGA(`~o;JPxc(HnymRe9=a2hPP1-E7Rv096o7c0)SaTLaCAwH~2q4u#x zt}qoP*H5M+itvcEMSesJ>DlQ|o~H!{OIrdrEG%2vw8fMY6ID!Gh6VS%o|L70#OC{1 zAOlsTD}99@D0ym%)jhtNk{A6YDxDnS`~p=E0AraTd~PATL;m#0^vX>ckRQ-&E_!Kg z28&45;j73{Our6J-h@dAp)8m$`WIJwORD;F5d40S%b@q|<+zMghYNDZ*FP;vin;&P zv&b;q6Q(;#56SZNJG;h^Xbq=7s-SqSjgnV{Y0a{-pegHV|33I8cS{DZP9E5gO;I5V z*c#6|;8BoBr>LFY+u%E*1(!gSA1=I0W|^9tkE_3Rh|2L2io)kj-Aq(bTm4AF-W?4v znix#p*DgPT7Jn#u>}G&b)VKM8jW=`q5T$JtF#|u*<4bWN#U5$vJFbgtYz5#l(b<-H zX;@&BV?4@ned@@`@p)dnyhL2t%QET)+?`CVpO5+727Thl^&+#k5;69y`9FEIZT~3$ zH~XZoDMY@-iXCi)=ItPE)n2=VsU7VPr5pjS`}=LOetdwQ}s3U z??xuCim?caZYVZ)@`v%QNhAL%1)(iVl+305^jP)nZBZ^9(=QIXb4V)rDWpcYCiL~On1CqHFvlV zCvcQIQ6}-u%rhKBaOL=-{Zk*{vHO1T28ORIOGIQzumHjv>;%f$bc^2Chm-+)_<4pO zaYAaAVUp)Lna#S2Sdsz3yx>R(TOmvp;|H!WL@J8 zIfU9(OHvt*+_RX9yK6^D_#4x#2zn|BrVLEJ=FR#@DoacmC6QM!p>;+8PZ}~3tap!m z44v%`b3@k~QZ-n8;O1tj5q$XXp(E~UXao2JaT|h;6~}sXy}|0XWJ;cYd~AF{VyaA1 zIeZWWMchGgmb!v7iZ!mgg1n86B8?lK(L-YRBI{L1zGf{|+=`oZa748iZG%~#UmZC$ zfJp1*pfV>Y*QrMGM%fcU&5WI{!jrEfZAwR~u+Z@J%H}eW*&ycHEdbT+u-R)#5tgW%>fNepSqd(QRZA?0-0I}YUR9H ziQ>I*GQYzo;MFPng4gU{TDhm4L(3g%d-O*LiTc_zN@~$O;tpUp<9#*ha`@uBmx$d2 zS-j%xt5j^Zcl2VrVy=Uv;?_-XyJP$pLq?OP7SG1FN!JLxRM1+}(Hq?Nz+YMBLoBk| zuS2zwoFi}%moxtwS2W-Qr^p{CccOf9bydJfr#NNd@4y+?arOF+?{ngm@lu+ourPZ` z##udP+;pHzX&ivuNuFuw%VXzn^9YSP)rn2KxSmDW1TUhu^en*?39W2E5TgYs`~i=d zZdam_s%E$y{mNA z>o$OW33Zwg28YwoB-aMwzWZbBIZ^VL=fJA`g?C%klp&z#EJcr_ZriPD(D$sqCx?kV zf3DW%Lw9;F<%5h}Uh>hj#8Ggc3I>S^}?yK?w|tQW9el zASrq15TEGH1vSS{43$7ISr?m{8psKYn7dK3c{|u)EJeE;<+NR}n}?y3Q7j_T606MZ zTyH$=6AWmAPd{7(73h7MXUg_1_`85kJgZfG+{lH}V9vJlt(L)9DRZLKomO%NI=b^k zo<(g(bfh)sXM0PzuU=3bRS4Vu;ZYh$@0%d6T@zBRJJjP*HUl8CpCPKb<*hTuINx`Xx0Fn9aswid zg{GnieIjd$PC;&9I^WU`S%tr1d;}Wnb!$BHebKK|h_$t*@ZO^-bZ`)oP)JCU zH<%+43$LiX!W3j8Yq2mUR1!EijU5s$tJTbq0EhJ}cpz$6VAhrT+Gc+pN95WcM+E2_ zHq_Ld+R93!q!t)_>!Whv&NqLEef$3qbET;mPF7P2r!0da^m+>}0y8n-W?y}%96AmNV`&NI zCfW$6{e9aPJK@XNJ=ruur=a9ng5l9%P!0}9R|fHvGqa+~eOBvQ^VC4FDczN9%{mAz zF_u;JL&wLf^L(FgW@9t0!Yr5x1pq_eYYG~s#}>~D-8M{*{mi*N75f)cFH1Jb)bdF= zlsK6^LlnlP)5I2(a6Oz_d50%n7tLD~m8qBqc3T8&CxZCx1h`1ND=jP8mHyshdT*Z2 zkWS$W^EhLp+S`Xoc8<_F>!OFEMj>Ke&+g-V2vlDqq0UodEr7QLYKs^GaNXtmLPGL% zijL&uIoSg}$w1fIfwp~Yl5g*ysPWQ_g*YFcEtj*$xESf5gY1x(`05bZOW^;>L7$Fq zi#;SWsl9 zUBrG2PoV;`WcfbP{0%37O&*DFe;x@SL?nw!x3DbP-V##@pk>HLcRb>_9OrXqg6g(* zBH#S}b^--Fx4nN-`*R=#>6c6saaE{SHdD=2Zs)YP>`73up2}rtkw^}Jx;hTrh zkUwlase=aG;5CDyjDtx3fX;U~y7m=DW!y0a=XiK`Uom$8zN-O22q-p{bvz$GkBQ=@ zSOzZ9Y)Di1B(RTf{=5chPI;^=MMd(`bBSebqXw*Pqe`tS~xPZV!(7; zLJXtK^n+_6guP97=N6&iM<5sCoYg@TR8*IZ<_u+Te-u-#!u-}0aKbMK48h@~?768n z%HP#d#A3=uqecKOIi@Lj-L5k7uO)L~=iqfS?}IEYF`GEhBz04DjgW3aUb&7Jgo%%n z2__xaXlOf3$&<1zip^|%nCzw4h&)SiFHbi|1soG7Cz+B)`ulyJj~*YLuZ047Kc11V zHN#tJf1SDfa2cejl}qtvaT~_`uD^u8``}X3pT}MW1QY=nPcA$%3@?@lgeU?-^0V}n zMg*W7WjD|L1B`u^j``hg37uEzUksyz+6c2KT8#4)4bAbjh5yIY03cA<8L zAHHKpB>4_dD^so{U7re^Y6wvRcTZ+#zOzxiQSj9;I&EQrg-egL{B3sXb`(o@|KU2= z(F~f`k3auvlw$Bj-Ma0$LHx`!z=SDH?5_z8QyhqHABe-@eu?u|8SF#=9$?oc0eddl zp__h>W)++Kx)G#K_K@AtX#$BF#)q;-5$mqu%X$Zh1iM11^^?sbAN>hg>g7ov-=9T5 z!Hu256>ASKVqwR}md6_Ykbr?#L`Gc*w}TwpBY@lWEYsrqsFK0o)ubKs6xD{0l=?5> z?)$E+bx>Pqv0S}>u-05=ftZXVb0gD2)mt^)s#fMBGdz&g!$%cr8u^|=rdZ$}d-nJ= z+BpdbdR21~lDz zgT56`QJB6gZt0_SM1auoq#&r>Pnh9KO_D-pU_WO+5caa5Ff`b)7H5}GcZ_`o;SBES zJw`G}$EcCj)hBwtAH*M_hLIZ7U|e_xz#^VXYB%_6KlFQ@`2 zhtL+8#qyOA{**DTO0gE7{7yGjY*@4Edtxb@+$Wg5$@BnG8z8vrG| zrz*p_x)=P-S^>@?TlGe-quc7uw&AwUte%h=d zDwJ$VK{t)^{-~*#QOyfk zQ34>@$&3iZFavfOj1KOxh@qzJbsd9z`Uz%(fNv(LsCRa!Wt%i=Ex5w8}<%;Htk*ZN-cJ81#i8|CzCsc`9~K!`xB*9CoZ)SK=I zvU(h5pI^-qMBK3MBGFrofcn7*4@f7SRU1uwoD&R9^2k6$#Xw?i`5W6SuHiqV;RGQo z>}rPrGgHQ8wi*5HwiTW_I|M0s6fOQ8drXD)^uzFwfrl+Uii~M@!OYq|pD8LFu231p zNn#^0Sh-M6WY+PEmE+>4B)4Srg=8e=S=iJJQ(&r0cZ0}%!P*;80PdtI{--q01h)lx zMQ%vKPr1cL(z`UzX*lUI=ju+y^=EPF75p(Al*bGal}637wzZqzsqJRPm#Vz-kH_&1 z8GwEMZ?Ls>E`9}?HbvfFzUmEH{|vX8N1>9Hl<^>7wfE*Jz3<7Xd^HpN0 z3>kpE?#a19t3JXE03m{ji#%q9>zTB-<+L;k>|E0w7BRyKs=PqeN$^TD-Jh7jMPsGk z*et>~bSf)ReohQ#CghP|+^#mg-Q7U68lL87mMnYd2`jHoJ2}shMptI`rsKKa!v*xN zKMEE;rY-cpEqxo-=>{7QB==Zys1vHGge-EAtn&62{~d$`@Oy6AA=E!_phRRl??pKC zmes0P4#*UtzWIV7903p4JwOusF2)>Ls$7l#?wd%5_W6oArf2!XSKmI;t;_08em=tR)~li?`Z#P-4(^hbeJT922ANr^QWx35*N>wli6tEwnL zK87{VY|y?OLmC0rsRwf95r z`_V;;GKC14RD^Pcpo`#NM~+5fwqxvoD!FNb*Cftj*+E(%SI@C67LcYU_`XzDHq$AP zA5+to9s+N*D&l4ex)y<%DFL~y`L@B|aS+zSaR7v$Zpn9u2U7JOZyqYJvMa25u+%0} z1dExK^@f!$@^QfNN(mmX(@xNyi~A+h-WqGn4hm8xJc4!F_dz`ubO>1@Ks5_9S1@Wi*y8{OU;dXIuZ z_^MVHwO_G3Gjt8^<|1JD;Apw9;A||jvVdy7pP;yP)l9S0Vw!m`$kv&%_4u9mo|DjR zXS^;YK@E@|O1`q%yHqptX?(HNa&?g_lcy+2yBtyDi7!q0m8wEejb7~zKhY;|<}TjR zZ2Waww$tS4#N{u;6QM29G~m-C!rc`P=FNRNqq4BmeG((fv?bv?gf>``b`@BXf&nf{ z3)0P)ySH!N0$O1huXpD)_RnSDve+KGciA~Lw(|lYD9dGgq3PFAW+q2-xw<+d2zL?e zX*o9cqUBNV{rTJX)_v*11_K+QGFhEQ&q7>{bgcRwR4|HpHxq}2Z@^yV4Y#brp&-qzf z35C+k1(n07`N)$@3ZyubBx{mXc)B{jO8F+W0KFHvYNHB6oh|Mf%vtp-!N5CLPxv*j zw%E#=a<`)Jet&rExJjR@x>PkKyDAQbpBT7B+0?t5e}R{{20Fm&alGSs2B4`Axx7Nu z7}*n9_fu+_Uuw2(mTIvk1ZH611N3==~z~2 zJO#|*tL#sVQRP=F+5_&6<^>e2ie^4m_Aog$HWc4%PZs&M4a&suhNNs9pLGv6$?c7t zhE(b)uR8(AeR8Ml!K!O%0HC)k_fxu0UEpM`5H56~U<&H-bue=$qjz%{(6tHdM#kds z@5=9MxW@a;324Gy0$ZF65V%F9WfSXC9=Sw_MlR?fI0#t5nmq^au-JaCZcy7uE?JqN z;>f?aq|p>=P)m?SMApIa5t6TAv05j4iW#0-kn3Du6vJ;r&xdUTh{v-_9za9$*DjW3 z>Q~6JMk=MS6|AUuZ~il)@biUZEc^nwGbX`iyb6xoJakj7)83xD(XASb!2PXp=1G;H zWbif9B#^Nq59G`<_6Ey60lKW4Jv$M%c~qs@QP;l=@KzT^e}<_eHsx}g4)6Wuvq|K^ zp<2W5ek%G0mCD5d=u3O_Uz)D9om5n9LSu&6gJZ^BsBE|9O~QUBS;#oWxeZ6c#Fbd+ z#r3FPRhWH6-opoh%O4WjHCm4&po@roDdjhBSBN%jEH*^^!7y{u)!pq{nQ+WMJpCx- z^L1zp1#zb|aA`)%Gw4*ut|*BZUQ`hm-!~^T42WH~Bl?vKpo_0qO2}444M_)u=h=lJ zOJXCc2=TE*8)KbMKf0* z92>It@#2qqAPLc1@MP} z2Q~yeFWLJDC~}Sji%u8&eDoS|8hpl*RK+x9Z33`_fQ-d5T|?|$)(sDTKLOy!JoBKY zfgh_^<{n$o1PCj>GL-7bTkM&1zT4gFevgC!npJ!D8HZ~Tut5*9m=C(iV05w4;oEh* zX_?LPql1Sl=A|yeti>)84;0kei-uq<$^CA-(&EtYd*4VX<0dg*(reQJXHYn0I??+=tM3 zMti?68G^A^^kYO<9RD7um;3+pA{+@t{*ZDZb+R%C%fN_)yKw)}s~c!6_laSswASC& z`SNi!B7eaKOJH7O=_dTH?f`NQC>a0`c!znf)H4;z2Bm!@A5yE2a^@?g7C>BJrx5y! z%}F=DK}gpF@}p5HX$zG3XGtpp8CF>u0!Yd)Yu)sU>1TmCW_n>%vq8i*Qh~iJ5`jaW z6b@$_7O{JpCQ&?lU+miV-#fx6dNQ!zF32<6h8+u0M$aMXTrbA zv(DpN$8)N?&Bfzxy!st_l)tFaR%*<#r1IMYZ99bRx_SzH)*<6MxN zj%%gLYq##i#0U!VR~wV%BZS1rj{w6%6V^+5X6A(HD#l&t*g;pLwDSqCsrM|5P-!hpKRc5is=J? z1=SbHbqAE|4k%YLpR)K@q8T{Sjc$_gp$%bd_CE2MiI?IgVW)k_lcK=s0BEwZOZ+s* z&Dd2?QSoEMa#D@L*!%Z~edO3S82feYSFi+k`KIm3$4rk*yHnTUA#)ux$MAgNZ;Iv{ zZD2_=NOJ)?pl1?Lw~Jg(K4bKNXk}G3rG%(UXGvJ@u1y{;r4zXbA}hXsP#0Q`rOF&B zN;~+MZB4L!!bda~c9ye)BRU)*N}%_{tu z?jS5^m%lV##Wcf@KzTk4$;0CzTJTGlOuf)wF*@WL(c@(Z4KP2kH$il$WI{e4+@+a{{wbc;oSN@M4bE-hs ze`6KGg`WM8^n^MG&|_Ebqzm7ccq|~(7a7J@%z*ARS0ke;+i3>o!?96in|TwXLVa)Z zK+p{2>_gd;(}k~4++1g_kJE31=*R7+ui>}BsdXSX_BY@C5%dwvH^|?3P5{clAmErS z`NI;{(euUd9{$4`Nh9iG=)G*+sWjBVN!@8rf@_`7HMWI~iy8WQ=+^Lo13Z&;l4~zw35jQtthir7~FAVLIs0$Vk z^Xk8{`i_019zH^u{RWVzEwzzMmeA8!9>Rcsr_ArdbbjTkRP2p4^AlKUP@C-zo{2GQ zCh8QtadvEF608+N9leg>+|b1a4%C(|0A9;6tm5q<`!!@5<}Hi zL}M;6JPA}qhp*!e&kWtXc#2ph@npnkVi)+G0KyBSo8>2>PPTT=#E}|pDP7&0%w0*< z;MnH+2r2MD=%lm z@c8;w(_!~Bz6IMwxXhpL=kG57favIr1l{fSczcHWyX-@;FX{V~Zx#E86genNNFHe9 z4Z$nMGGkU-zv|4Q=lX1k4 zTB{+P6v-5Yi#TY572Ju!0jVt`kwvzo)lsuX-pX->I

    G3 z*{gM56<;OQh#-o@Tn&^QfOULlteZ^DFq<57V%bc?&OJ`jyyx{NYu5|tKQNr}KH@R( zc`m3&u4N|hmv!;FL~7OIk8KTMV#%=*`cFuI3H=!?qOy-epn0*XY9LmOl%!yrSLzj5 zp=|`|a;lJ0g8nO60eT(rYwUzsK6pCWaiv*M4mFbcssdnLC3a}N< zS6iY55d_`~#raTxd3-eCe80iJu28mvaYtQv7{q0*OF}p(4B)*)@QZ9Fx~W>V3TVR9 zcNn|APGxPTzJIbze1WP-O+O54{=qIG&#C4q;sy=V7WhpABgUxKe30SrJh-*Uy^oY{ zv`W9@e73#ach&WCg3TtpenSJWgjP++>`rq$%B`;DIxq!b_838vn12#ikMr$lc=qco zfd^T{R%WKX6eLQKj`=yiy~yGtzE55Wd7%~k!;K^@6IXbYPJ>py3^+=Uq5c{6rly~S zsfpohJKH;MECbCmQHDr^o?cG&yhw)##`;6orsT1hz334b)K)QbuHihESwJskVAunn z;re`jbsz@Zira8->OkL$Iw)(qg-qDPB!+qH>N!SaEMGLGGr9DK^dDw;WsFw{op%f1 z70&I9E?#(zyR-@9G@fP>g))PblGH31DXMkzLxxDh#m)a+B=HvCAK8#U$=P}!K4i}@ zJ-uav%Nn~63D3%C+Dbsj(h&WZAxdNgZt^lNwI>O%7TW_NUroI^VI77u4{DTr)L`Qu z*cM^6xX<$tP0@abpHljBUPC(NR#4ktrmMe`x|fpmBUS2)!S;V_2ir(*S))mMe%cqV z9J;&?9ugfm7KybDE&I#&mj$*J8C@pC=h2l&QrwYQ%chI#|E93eZA$dLqL$2tCo0dv zN5%)NlXU!3AmMh+Wj;=OvoJJ7gOf3<2I(ktlIi$BQp*a%QWEbHM9(qQJv%P`v)@8& z*0vCUxd(ivavkIO4oCx)=yA;1vrkk!t|SS7++Ul+?-WmcFCo6eVj=K%!>M~(Y05vx z``nC^+$`xA@2h6K`^xObsI+2j5cvMhOw0i=&=0^7lDGN1h0uRk<*U7?7C92)vtsIe z;3M}*oESu1GjSVg*7?Gr6sZ0PdUrXdYKd_S)AOea!{ePr<&%hKg*fVWnc!QtzDso` zXfAJbCHGbrugR>?ZQJLn={g>7;&T91FlP)<@uqEm9-r^soYva!(NT@W;THkBZtI2H*P3+5Yk;lZ85IYZXz}cvEzHwGv z+-Yu|dBK}gf6&wbmT^k zhAC$4MTTx=Q1p^@P~kkeiRqzM)`BVk>cfbkwmH>Olb}&D^CeLCx5)KTyC4?>gAh8y zPl6MiP4VGwskMCD#KsBrewT62+_t!_{@$2hVxrQCM5WeNjp{7Hz}|B~ zdEG+Ve{?|OhU7yu5R|ASgnbMjljxV#<2*BYrsIYW=Tw&)F*JuezTzw24 zA)b_RKX)DESw44SfEfPwLOjsX=cgk_Six}(jNU2_Y*ETcZ-MC*HDyP+IvkQnolKa7 zBhgGYi=R-#|K_osJX(h&ZnFS`5{EovmE;oxoMMC(E?!Ay4FIsO##goLb~B;(&jfAa z=LZ*|o>y;qnj@4h>5Y3(paYH6xH!=Qi%~h5jDqvNc*LC!V zIlHtO`nZs2MXEM;`G&;r5i`#k8)oLil-}IA3+a5!Da9szr<2P4HUq%eZv*O~^ZB>T z)O_V&Rv^dv!v_b>V&aRi=3G^U(tR%Y9zXbRNUS>nb6X6Uh{J%v?Tm;k1q}!DjD2>~ zjB%IvKW=D#9Aa}7d+Ailz^t+Tl8@mt26i=Qm{|g2!jKEVIlGLq%P-&nM1xBU zgFtgc$Su{qVi79id`mi(qj(kq!tHNM}hi7zoEKBJF@uB}8K58gb?854mz;zY#@8ZPUk4^&0 z13y#pP0c4;8?FAktP)zAjY`L?MY?$ zpzelp;Q;)EwwMJ$t#AJ_dGALsWcYAFFpjFQ;C!mX*=V4YL<=z#l7mZA5glUYARNfX zc%{^3e*A$^%!;rs&WNkXKKte8ZWlwvX|Jws=r;uY4|)TPA`wUC?T_$aN`$M?68I>h zdlZ_@-!T&z#EmpBosycsrPFGqfCn1BDg>uJy=nj=!qCJ9!CmmbDP7=?@P00oEAR*I ztaP)aWEG$S%6`ll_8rNA#S6Z2iMsi{ z0_LzT8lol&TVf?qE6?7G7EHGB6Bho^Hqru3I6WUK2M?{_U&51^jvRYcBv(f%LN`g% z{4;%exX*N>A-ubNG!)55Q(O>Gkf8qrVV4D2gqg{O3M3nK_j*TtI~9`&P^G+^Uo}db z;E4EhgsO&uFR*oZ3b%!cJSFUL?F*O}Eo$u%XTUU|qbSWJr8>m-@cqln7my6^Mi9B! zBzJ4uY9zidt+5Gmoh`uOYHS4#i!^@DP$~sYwBVXcsi( zzgp`2^;@3OdRQI^mLiu!9CD8MbPqcM+LeX13&R7O!*|n5a%sQqyUC2+F2J1qAV!Fp z;l#b1hnlmG#bD2JDd%p`@Fm<+;C$4()-BO5&lZO4srAu2HG|oDVL;y0j^GmhsdL8E z@g_nvD^l6_*Rij|*pM_Z0cP%sw`3>tQ5iaS(P5&3J4BK=d;W%B7I~mnQo4P?C+3`Zf6+m@?!aK|A>kZ}^mF{s)O3C$hSi;>1THfS1hRsets+Ir4dv4>Q-k7AkX|R`B$YxT26UV>X#}rIsAA$l~rXZ+v943w*QICT{ z=m}yeOL0X2&Oca@14i*wHm-z<^EnfNiMCLH(b6{C8UdEc!5H(-6f_)uY<%r)1X z;|jtCmGOL~GZ-ldm}szwS97c(J!UtMzo zf8bTy%6t?=dy*7v0JbF9I>Ai$%=TDkV>3-7Ikw9t9AO zLU_WOMT}d3S76z6YCqCdEcwg0-TvX@fr}{Q*6_t4P6xoqll^GIA z7A}<;vk16R5#MK0Z!*Z}vFh>ZwwvxCRTOJ^OX-rInuv^xH6!h0KF}4O)5Y<<%S9TF zDvM1#f$tyRU)ydYZQ274-|h~FWwW$Kl7ga-3(iGdaNk#nuLEj4UaK%aE zYw()Z{WQ3y)r7K7TP+N(cxLTY!*@b|tGwp=xFuq-Z^^OLoXBwAHr6g-5MBRj>O4^~rq`@mXNtYT!kX&7FmgyFGu(Uq z10tCt>oenluA%5}e9$REi?rG_#VAlMz<54`70-6sf?W=SeN|Fg7Mj)7KS_8|AQy-o z53mW~Q=#QWtmL5hQf8F=_~-2^te09v9gxm32MJ%pVYW_or!(D`TG4+UZ9`(#fhsqV zg(3&sb0)ekLI!WvR&7$?(S1GP8`GPRoaS z{zpXafNFNNN)%il1PVpK5ve3{Yod57zziuql!=J$%D(c~*b{mU<&U!V>;$@A{b!wn z!CKK!w^5}XmX5`+;D8>98<$Wv{$-s<}+B^xGai804E@L z9oB3abjA0--SMT`8>iuj{>RZZ2Ikc);WTK_*tQ!xjosLG8XJvqV%xTDHc1=XwrxB2 z{qB$Rdv|B{Jfml4R4fMk>At`{t^IOO9Hc|l!yVL%eS+Y-M8)Gt&V=O=k9LYgC>XR~ zt{sm0o+G)kMz~k|BP4h7tlsV`Td1N5R=Z5*#dEMt=|z$5kww>Qe!5PGvQ05rOZ;rC z_J7MXk&tM&w<1UTO!NSxaT48F!=HjY8b@C<=-2+n_61v0nE6}B?P4?ZZlb$4)_1!w z6XXf+wG$GJ{}Y>Pjn5~z#my5>+{%#c+}N12x1uirUZJt-JfqA0um4G9;e z-;JlZ7ZW;@74`}t$MD^K|CqYk)4bIHdKpwTG!2ITBn=)Q*0&LwC zl7Ck7IZYAzJE^;>k`c1k!*?WF)D>PO%AU}du-*^gE1qC$Yht3)0?12y=4!CxlS3$& zQk)3uMMWKS`XlBhq5YllJd-kEJ;kC~Rr`PLO);pWko++UjF#;+j5A`JrKQO)ExT~# zj*s5f(k`E`T80JOT(v(`$4{42PpNqyjbT2Vo@+f*Rli>=bE+2VUDEKOAKTeH-SZ<@ z|L4mpZ)EGpT#_d^*%p55Ugo|`ErrHvFHEMew+^~lGtwc{kf7!S$UFjSG~vD!+-3%|{tI71lw~k`DV@$Cc9=H#mpXr8RCw1OW3? zq2?K>n}FA!tVy5Gw>SkyOYo|_alR0ksr=+4LGn@d-{$_C_o*}&i5bgVl?(F8t7Rz& zRsX=Ko0GM^6XjOL&c8#Yc}Z#?ICc7uE_alFhfJ>sjK4^x&1vjSeFM%qKOONqTo@i` zZ3a!^IRobern;jeoD1ls4w*I*)5g!eX&;>B@_>%%J&j(Rjbj|iwSC8Z_8a|dikNsR zSWMpwAtbXetVeN~QeI~(@usGEct;EN)`R#CN zoJBO^6@@i%;^P-1?X|ATB`wzXq6n@iIV-tPIN@yuv98RAn<2nrZs&9w*jFMpH%J5r z=l~Z>lY2K-WcuvSUExJL@Sou5jAFiY7#qgh@;0|(bhpVB4GeBeW4J@6e-#dTTY5Uq z29_ba=BY-L+{eCAk}Aa)wx!Mp9zZoKg|10kMAVl#b*LE{I%bEXIb=_{cx~EOc8YA+ z3w)qia%BJ8csI&wpSp32ccE*jgxH40S_iBNRE(@!!FtS#{U_3#(8mN~OiNlw3d<=< zoN)`UI}5dqVE$g5AMSURc>MA#zgPrt?M6&|=Ga&vk|{MAo%u2_;4u`(RIGi3ta=^N zDP&dS${7rJSWN@3%PCF9%x7v#QN9cFyvWEYIgrYsu0%7w)IJ~z{k=!rEYZQCuYPB|ZxCjd06`Og{J=ep?+s zeQ4dQs|UBnBYxdDG0^^0POi8N3vD=1;w!rtL6)B(3ftuKCV5+J@G=aUgx7vAQ)%ir z0dBz3%+u@6*GD#vgwZ!>YnDx|mu}#?z5u~Wvy0bzx&rkVJE%oW zp4%d{$|q$ql)St(6bs!8f>IG?4fylnGnBc@1g^0S6N{g!kl?JntLl~(xCks7Mxs38ZDhGc$Ars&k2nE8jUVD4Qy{P@2Bk3@(luo)hc<`}QVGDJdfTZPq`|;Y};EC1gHNgU(J>?nchDzfTFxN4cOKhu9$JwaG- z$lPIL;ndp>db7D>)s@q@yIY($tyuw~SL?jHnmSDcEKuPllMjR5ri~fLRLopapaHqy zvZ#`d-hCsAF3?CIzZlr;>T4xzlT{7d^yWUCp0kAiAQl&eGKa3CqMyL->*C*)xAk%P zsd(hWP?5ZI)8*N;nn zyF%%9m=CE`b*3$|f`)?R&9yR%Dm?XLb9I*OJfN-3v&M`sE07CPonC$Oh^*MDfW~=z zbW2WEOUaCvGl~v{l(4Cl`F5}-x@BW5z3O^=U0_)KYUIx%=S>rOcUxNq!PMDpar)#* zMu+Q(hIG@X0Haw%hE=bI*AMtybl7eA$MPv1&s;IGq^UtBGb*uQ-*$wt*;)rJDExWBcsoa6U10vm1<0kt>TbVK8RO zPe{*Tvlp!Eq$BI`g+nuk|nKu$_=9+=C<2E@%^QG>85kk`YqJGegJKGhiNDHU| z!JK>UZJ9aW$dAia2@>P6B9MndU)#}hr+!SP{Ja0#Hit9-?|%2?+GjNznoq~EzkA5s zbjS|C>=He(I-wSivLkBtJ%MSUq}!f^Ly~=SpW25c1PuikNj-df+&Xi)%FKyOJEC%; zoFS~;ncPhii)nXxaNTjhOBj*g83m9c#JxS(UF!0S&f%FpwpEcYoYh@d6pyV&^mC45 zb}QI<_iwL++t?rBy)?Snp~NTuIA$M<+$tkPv|pb2c2g+>Zu$rg!m{`T6cF(&&fXtXrVa zLrSDnhD)< zx#9XJIM=exGSL7_QE99X<{2 z1sG-+0^i^eS*-)uGCVD`l|B?hL&aF?;nhSl_9|`Y-0{7v8_{7N&;fi0oP7y=A4b>y z)o>O=8cOn%@-bPo06*X@O^^Ln=_ic8II9W}b3xk@ehzGzpfm)zO)GNRPn(foTkxZP z28=zA6X+OqqCn7_+Wf>PYME6xTRddIcJVHZzjpl>wQfNpz;L@;6#vS~p7HaBN;<_o zAy6^FL1~YfiVfqFrh%H&ISW&D#2lk2j-bl4Ufw<5n5dCJA85?SVRNnDfC5+TW+U=K zJ~MWmle3GUOGc%1dU%5mptjYu6EA<^eC0krnKBlFtj{(@216VP3XtOdO3x+)w^@EQ z`GvM*AFOSxyP+O#<+^K!)~`M~Z~$CWY^{-eg1ba&jwuCk&YPE8lG}@WAB|7FuJWI?+O@ga0Q>i)rq!HL&YjYs9R51zcWUl0 zNN?I#0$J~Nhl)>|AFCNa#Er(A1L3=q_z3Xa@{}X;MD~2h^pf)J*%?+}LX+gf)4>Jh z%$fmyQIRw7N%5@iG06@VeH(qEQ4Uu6G}YK)t+;W7c>nK(#CT-(jVKNu=rZ`ATTNa_ zFn>1#v%)Z$X zEdW@eY4VzB*BH8z<3|l=r>JPuMN;N-dq(a+%078me0VbrIrGwY&ScYMHTQfvdXSd7 z!-{z{--}&+F!>Q5A20|_T|4JiY4EjoqWmXK$YSY}o*zyxVeNb!;-x*Iw(YFzd1SB@1QhP5%5DbFv5p*HvTr5xg4Wi~m0Orjcr6<)pWM_&N4 z36wXM1)sRMTx5|uwpM4~kXT+?U#v7!4ex_K?^D&jd1+w7V{6}x{>|@fJ4K(=Kh;yK zU3I5=*5B>lkuk%2EQ=U*si34^>0(n^(WCi z^rX~Q%HYl2DH)FW+kd_gPW(E921?nUswJoxucu49CemXAj?YP599~|9;4DA(k z>a`Eq&Vg5zlMZ%FTgCsX9~*LV4?Aq1dB0+3EZScy8V50amUfgP!sZL9%f%nf<*>Oe z))UsTN8-Kl2PJP>N~^5rtF`S7ItKHMtO`B>NyFwgSBCSO*V6FXD)1c9_+ydrW_cf{(c{bKJbi0vFmm2;v)JV)Sl~aum6Zg9sLj+w7vFR? zgYI8u3roFlR_QH`LqC&E5q?%D7nUZ(UIn*UsMfNSoqG%yr5&nfQ%{0?P1mn~R~jb4 zQj?@L!P!;fD;9Gu;$XoV0utzfF62^OhTn4jfqvxYf{lEecOkv2FNQr8J#d&4Y0fB! z%D!^Stwmd9Gh0Mj)37)QIk(W7?dseHv1Q9`8}2P-M25m#31(GxzLV5j2>eIzx{EJI znY)((s|fO=Bu;6-W-G#}i+*^3Z+;uh2Aq^eyb5{64JlnYDrmr>f_5Mv4u}4>i(cBl zdM!e~k&V#Qn&iy5!2;tw6%2vJ$&cJxuv@+Ut9lvpUnh8w|C137B?kec%{TT8+=23+ zk387>A6%ZW@q^j|U;-E3Uu4#98N=7}9mlq{TRAQh84~L?NAy!$mh|ImV*7FVg)x`3 z^{BDVipm7evJR93pVGwuiMz50IwW3+Ao}Ysxjku#2neuqbChglXi5i-B!<}HP!+7y zWj3y0amQeC35dQeyQg5a4`+yA4URIat$E+xQ`g^FYx49i)OFR(O1MJTZWKJ&%E8}n zPKAXnQq}vV7@iVpkzKo5fy}1UZ@ED>2eSHxX3g<4tX@zPLiq|n2ReMPTY0Y!v&<-~ z^Dp~&m$unAV)z9knwjArn&e2m&e)`ay$mypMN|qK=~J!Ip@R4nVu?ZS2^xEJ9o-We03<%nAl|NTI&IkIxPuVsclelPTE;KmxrzwJ92#3^*3h57b&{NjA3`tJ*5L@6C_ zGl8M|g)Ng@zU7bcZZrHy*N&R+^1hkE<_U*|xh7)aT;chx7JeB<5@tsEw``EIe+cw{ z=hN=1{WemoewSXGfs(!B_l(Z@`*p3hFWw8vfEQyZSfiB+kU{DxsgX2rly)kmhSd%T zcZOZk`{}Lp?gZ&ZC?h>8;w)l^Iy+w)@lZw)Us-a zast)LFo3j>@=mU|xo`D4h;XEN?l%pjr`~VrwKJ*(61KA#%!(?~vSw)CpDy${-PY_r zDdq4fzv_D!0Hgj$&M>8PxqoA>=t?zn21dUBUdG(}PS~P;%4Q@^RoY5oP|{ckC(kK3 z@U`6fgfp>!al-u|--u>3Q1~b$VA6w>T9fI%N}lCddtkRVRwxPN^>1aOGSotrDA2IhAx|U@APqTkt)c<{X4nDz}YXNoyU5xv`yt$iXs#4Uj#G5&Y zna4RQ*{j7;o6y`5};+xTDABY1yb?^0tNd@7M|&Wy>04p&ZhSt_`T*vO&;9f z16%H#`PcMUa|_$k%jTxcec#Yi$jK>E6&z$k{~wM-BXFSrxa#Hnhci)`NUVUi%4n4N ziG25m2k`jdQ+ir<3R|m)AUBrgL7k@3T zwx6qXK<(0e($Zs|ig#z)g&v~h(|>mvd;Pj1hD_nRmtMJPjILvrPc z`?~c6(eiRunv{xQ;!|e6RHe-1PGa=_^gqT5dU?jxg!h&A|6L}G!WGwUs6A%7ORBlDee5n2=1wJrV zqN%v1AI`Q!$1|bjYv=-6wBhr|H}0vVVu-!E&yaqP%bpvwX;!#5#wb`R(@85vZ~sY+ z_*dpuF#>ySa7(vAj{R!cpGNmvS3vk-Bx8#R^B*6eCw*N;49gh66{(yWuiczh)3T`i z+qFM?Pv7--(IGJs`N8Y`-}89C1|Zdzgi`-;;9kR`vL&JCB=z76zYf>L_2XdJtvT-c zf2l^q!k~jLq672p3Z^_~>@aRFxPJUhibxg70WpoNsmKy{yupRU22vJHwdpVoHIQ?~ zB%!J1l3Gwnb&4OE{tvPpc<6_&wkXtDFj}sHDt1PI=bm&?z?7L7{?4BQ(3vum!i9w6 z@IkiiR2=f*Fdxoncs0`Rn8_T$bl`NWemi-CRhwq>Pa1vWnXEP+tSDtLN^T^VGh!~` zpeGYc8zeW&#B@-?GBMheiI$lFiF5)aQN}Zci6jCSJz9@e9EIvk&%x6BSlSwzVVQHP zFyJW zKvilnGjiE+$z%&bM@oaz<{kau291oEp)a%5`4)}eQ`!#uN+%BH3VNo(?zzj9DU+)Z z${J8nCCH>wHOk|En5j<8Q18vrHc*h7p=D9+=;WP0<)c|$$^(q^md%%j`r45?HyEw^ z8fZx5QY1x$vje@WU*Mxek2OlD{w(Alnxj*f^V`wepW>+@;P&!sn$Rm1XgCzA~Nyg5>eQozL?``YUOCJkYqd^+|hyz|v_#IK}73gm?p!-R5y1 zqXhFcLH}_ zCTu!0y;Xudx!bGJt8dzJm^Pr{l=g`{8E~&hMA8q*Q3M-ga}3^GG+Teh?s)zj95<{R zA=jr1O7hEdOa0H+vec%<5KJdk$cs2%IGDr$3}?2xm<)ahC5mVymguMt|>W>JVDQ(qr7 zKE-?c&TN)>DvXgLz907u$$=Jn8^N3H1(Jc>9zYeO&V*92$5d#M1-(rngk0jwmvoDe z6LtIVIH9F5S>t3z;+HAwU4|b9%s3swg?=&3U*YMyYP0!U3|IW!FP!GbpG$I_Z5VMe3 ziA*udS~M*T&rhB+NuOmI>7lkd*Bdat5Ti1>09`5%9F?K*0~02)h?IXahz~5((g^0f z-k8UeS8zkA(v>daK4L8U>9SQm&_3XR4{3_PyS97T`uLTkKD&Vix~)~?a8BpJTJ*&i zCs7HjL(S~=RTNpWwYD)Jk*w$I7L0`PRZFv_nmA13yAN>Il#qKxT%1?IH=pZr;%ilG zT38-^g7vK~aPd4!(FVN?-8C`e+|GS6X`BZ&`_A%Iwm*aa&1dfX`_cV=^@5t!# z1I_q{-je<8<0Q-7>W999lfm1iPFMr@Ews=6@yKG5sT<~zpFgLRNDf2G^5U`Ux&uU z;?#dJ=Mr0Xm#2LU81lzDeFp#rw?_uIkRNqsmmkMtzv8}O*)uvTQkL&Dn2<}sQF`gp zVRqW6pb?sQ4-;5z$B?q5l}?AHmV!{W3vpj;#f!jnZ{w|(4(ZC7Bk8Zrdqv#bl*@4W zyi$Kl1TkEIfZF5@d_KxVc`|PrwHICxNu2%=mokCySy^NdwhS84i~jRcSx^oG*I(9Ams=vz77j5Hs{G+5?O69L}GU| zLTdW`3yD2R!pDjEM36&!jCs9IAARKFJ``W!>K)&9;BuWESjg&af=+Cc2y{|en z_}<3rFNktyftvR>W9`7j{J;nDG`yJa9wk=hElI8zk0}KG2O*abo;+D3NKBCC(;JHp zI?3!dKlO@o%Lx|>Wo8qN9q`m)ODvL^c+6#2%)Llgs6mi#u2^1x(3l$MCC#Sv8nXfSA8`h}$ITR!`{s@@36~pDr`kirEUf zyV5}-dJ;^Z#oAwS`;~aMaLweIdUMteHyLXsqg^ybqiGi}T{x-n#y0e^p>rh#Il2=i zrf>E%zwAhF>jC1g$KuNG+zCd1?BWd`7zTS8*UJ!Jd^WH=9s9n^IX z1js1|JaQz&bf?LwR8xb<5ICyYl39T^IQ=o@^4+4b@0_Ay8?t^^p;~kV`b_0Xiw$Bi3UU%6`)UQv?`BHK%0opR;yT)ZitW+HdxTQ$ofvVgHZ8WTTvahk^KRm0X zG*XV|g6puS0?=P`^tc_9FV28sGiT5Hy1{@2G~7Gt$F0O9b2QG&jf5&X{zMEDT=9D7 zxIwXGsOD&RP9MYUG|Z*5>kC9ccZ9d(&s2OnZp-6{Vm)E`BvI(~(5J{#c_;b1Ovx7h zU5Q*%SWp_WP}H~HCL~=_CQ@EhMidker6Vz;usaGP5I`Ys&uX-t%?5tbMacaMZ790} zIyVn=?!W?%=VTh-vgfc^WJSs@gnTPpxfmce%F@wpQ-pr5>i8h~8)Bn+_dQ&NoQm(T zh3AjHg%G2hdTTXlPR~(D?j)jV?ZK9<Fu^b@ zubJmM$Zs1uADI27iRB-mz|8d`rC40UDX!@u5>V$1wI|)D)qBu~=}E3o2*e#%9m(~g&#K6mHNIipiryc%eu)60@a|7Y z88H-;DOYfJs-dIW4vT~ltenu1kmlXfV((I~(zsPwBH{gpz2>}!t%^KqE^FxC9LpMA zj4yHQf-YQ(@$&SuTyx+-_o_jU++JhAE7RK*^wGoSEVd8BEs;>lhcS+CyR24r5xa#u z0jgGUWavF0J3=SF%Vhm)feTQhrp%$^N6Gn*AYjk$#WFX9z~wo->{(}QfTUp%7|v8a zM#Vuc%dCs#NFPR>&QL+cLm>>{@YYQV=A9>0dr*e6sW{Rz4KrzKVM453;|4wLI`!Is z17{14`w8<**bUqir%qCu5RKeh&9)+68aDp*7kPPg_x$1v2;(zB0-6QpgvK{cpbA_M zDv`YTCo#w8Gh3|6AdoYECG|bt`0WSnM{whIpT7@X3|~b5fH2I0(b&=#;Nu;A-jeIi zMaIR^?FA^vh#TgwLt}O@|6m*~NpM{5)m>F;TOT-$)-cuzLLZ`v8)_{=8Ah@SbI1Ht zJdCWR#QdT#v68-=01TrhNT+6oN{2S@9=lFISo>hHJHF`7IpPQY@%$Y1*^F4Z58G{PEw%+r~TK(a^ z%CPEU*CD0)=cH6JSFiK2(3q6D6qoP6IH=qT(UI>hpbx>O0lcB3zT=BAe`D72ME>H; zau9&Vgpsm-{g|7^fdH;ES;bkR{v5G<3Vp%-0Vb;@T3N_FEQN`djs;6&F($d(D49G> zUfh&*m6Q4=)|fH)BOL7(YxRLRrzP z+7A}Q*&&s7PhjeAt?glyJp_XKJ%(oxp{E}gK76tm>W9oacIJT1@3ha*tY3FKs+pKJ zshEYdtMF3&?1kYG!HFi=L7I3AlBZy~!w=GOeGeda4JsFD6=W14>=$RyQ^YgokzXx} z18Mu|D6j4v+FnM~9OtUt8LxdlW(QBdrPiR!b|0%Y0*QP1=nG|>>mJXL8R!*VsWVcB zHU{+6V}{tbBwu!7#-r*i$OS>x`5*SeYw{pn`And(%{;P}8F$%?e;lceBML?cDSk6r zJZb_QNR4nHHAXNK(Gpwk4J?sF3L3}vK8Li+9ot4nC;~8)jL0(qkJqiecv*;4S{Um) zPdES~f2^DD@g$^7G4q%IfYeRnvZ1nahZ;0Yl#PUKxSyqQTx&|B#64r0#rpiEE^HW5 zMy?MMglbUPNNC9Hjwt8~y`4J5+C^xMMUU??rnJ@4vd;arySYDSE|h{@z9Ap43&I=o zC-S@vw;6IoIUa&wld0Dur_p^lgNfV$NL4ZN`L3*V(~M%(PK_|jVWMa?i7zWNqU%UH zLIAQbV_wv*rJzPC=uK4y4IR4I19WQw>kbhiA>@pN14pEHJJ$&)995%T~yQ@XbffXEQ;wX z9HOAg9|F16MsQY_yVex>dC&MlN%|(Bkw4yzsW|(2&JbXw(8SvCmp8V~RarmcQeq#4 ze#4G-FUdUJLj%5)vnO+eJ&e>_ z-%@Q*%!ax$++OO$K%cvTUXc=8f45pg!Bmziq(u$|->-uxq75GbZ9&(U>V8gwKi?^bbvUPM_9M^e zo4zJe09%46QXP}}x`4Dyi&Yx(J0)l!phju{k(zZ~TEl$l)EnC2Y1{%=rU`tJ_Y362 z35EGnra-AEE3v2U|LRwMZ=Ml1$!mB#!iT$ zG(H z{rB6S9s6Fa=9Q6B2Z(vWDEtO6{VxF$Lm%Yz#_2F=qi>$QXs2$;#WX{hC{y&LxjLfQ zHgKf zbhJp){v_MG-Kziofzns%hhKu)+QNm^s=YAkt{-x_`|0>DDWBktpUc2*oNU9)_-!mg zZusPZabWxkIt{PALF?$0@N4)Wz15r@V>i+6k=qt<&G&J`B_vmJ?W1$BiMH3098Dyo za!yvkU)w_-FSD?h-?12^xmj9p&GY<2M>h=1pf@IQM1lupx|lA4l$?2QX*v@tPz;tr zbL^)0=V|76gM#LCZxX*S+=!&E`_AOITZM^r}9m`PspDLo4 zIun*D?V5sGNwSUjW;$tzupxQk`k( z(2|JWbXBY`8v5xTrI~u~Odw~H(0E+n+Cv(^z2V_fOYU_-zz8(Czo_zbBOGz~<+J^y z)cqvl^cnACs8|1`wwht0s0+Gj_gXtae>LjOZz zfg+}fuI7NT%K2I<`JPXe?*oE|cJNBRkndLsej?*4J7&N*3Dh0S)7@&v=vIqBw}?{B z^=b+p1Z|#ubF6Wq9AR6`4UErhBqK2WK{59nl<&UVIQ>!RrEzHobtot;a#N|Q%`*YR zE6-TZs&lAY(-8hllo%TFN(6}GWc{V?XwrH9tZFM1hj_gaE?NrYX;XPWP0_E>c`g*W z+-~CGbd)j?n{rS(HnFGN%=x%q_MuBtee|Lr+@G)mj0jo<-jDnH7hL)4FF=#NgEljr zcV<{v8@i9xaVKv|yjx6Yk2u;eqzq5@7T#m-a*a4|^7y@{k-n;uv?)g(+O9@uLbrCW zEO4POY2qpW(|_R1JzdRw-#^>Q=>-&n5R-6UupA^#_jikD&MdiAtvAy;YZAE=O7Ys~ zimdgze-2b}ZZcBJ0*%G{^{zo0QeYg{QTr(nyblluzRKQe(tFF-YT8+ zYwc6d`{6`&LvNgY|5tPbg}cxw6O~Dvuf01V%D_r`qGWoZ&A-#y+7duhAt6{wUQ|SE z^*ZaO?g3x9tLCBL)&sF0+6zBpV9(XnW7h>)`fJZ)k(^90-z&d}K6Te)+G>l{PVZx4lUsR@rmlB9=urdC_FSx*)na5=RhY~s57?jB8e3pk|vp#N$ zp)3UY*Y^aHB@P7OAR^?REOk^Y`8i2LsuM%H>`0%u?3}L^M5LAb%B? zEemc^CZM7TKR;$ns<{!%M5~=#VxqJc9pIesE-l~p0aD4mlh2v{+*sPP5fKc#HyJ-- zlTOtVcps#(K`xFPa#754t-_&3AY6B-ewbg{WRs8I8j2Ecc2>k-PfgID`Ad7J)|G;?+)~X?Wsy143 zx?UsjS`)<~o8pgSrelVRrUz*`9mpL*elM*rO~VVN9$skoAE+drYHd56CijQG22FIM z<|ix_i@3irx>ccRQo8P3!Ahy^H`r5F#sb)Ev1M}`eCl<$tu^9QR7H02GiAvBf zPnN^RP1>5Qb`NZ5r{~KrpC6l_NXKZzZPJ8mBN@!L_pp|)zAw9Hk_NhWFuiRtqWB*( ztq%NArN=Cveq4jLB=R?AG@K!G^d zBN>0bscq(~1Ce5b`j3@Y$tgf2=usc&g68u#`(6jviQ9z{B!JDCOc{$Opjn+cRhet3 z8cRJ^3IoH+VDyiLtT7xFSKNKA@PU-OY#32Sz7G-PiF*gUFZq?Gy&?>_2i2Dk%4c|& z;1baX*H%A|RDgvG@`p-FR+*;C>?PfkU@@+elVu5gD+zvY+wyqktpKKBkUMD8%R>Z6 z9xHhL$exBB_Y3JpW5r-;3REg5XPe3CY*FJ)9TGS-Wh>SuY^7ygv^_{&@K&NPE6xUO zMaI`^ZmRdqZ33c|sFYQpQFQFfv^!Hqx7;T%+dY)W#ay>}JJhq5vfDa6eJ(^Q)Z>|l zGS0{hg9XSQM|ov?#sCu^l}OgmtdpaGA&KAUXX4PryEYlOm6YK8q<& z{NvA(X+97m+fah8Q!VQ+;%nBPVJo7@9uvYjr8pUg9B4h22zcCDgy8#_#r7tlXjd(b z>L1*I4etd%Vy*{O)?fspq4Iwc7&mgfshWnJn!}xYO0EXp1}DUaB_Sb1_$SsqX{#pD zjnC9tr|HJivxm`x6ip9O^v1uKCI9rcQ2NqsVxp5PlvFZNb-yY!Sh@3*f&qpcZh6x1$@Kvu)E@v-UL z9Eq&56fO!o%1SeaVdEZoRRifZxSiN;YP9Txv4vT?nK2OA^bbo5napQfA&EIPJgJM_v%uhr|mEe^>uOgQIu(x)Qelz!flBxh1H3T?DeK~n{D{a zSHp+&fB&Xfwd+cbPAY-%zX`tq^Sp~SoE_k~R>(5mpIuWUp&U~P%*I@@ypm2b?Y1#b zcKsl4_vxQ;VIh@KVJ@hu!7m^VXL<18l?v*xd!ttt!9zeiBYJgi@ey*7Hve`~BLs&R zzxA>5^E3E6q^pQrOR?wq4*_TB%XVAM$;9@;#?=G=igR|Hg@9*U3^3%36(@Mod=G%0 zm`eCl;>wIPFsI6_{RgS10WnEgH3h4*K=;FFz=Tfsf!RdS#SwY((FpSi`nE!6@2v=UC)PdXWU%pjnjK? zrv#nZ(p=w0V&$mp+@9LrnWXTvF4o&k zul;!6&VP6ZE{%;4?V%*waMmo?74Z0E&GvVy>Ut|WL14Vjdwq$it417}KUQA3Sm>nY z(H3{yGu$*d<^N(m)&G^e3XF&~la8s}7Nu6ayu!}CAMH|-8%w-~PSQW| zY-MWKTSRiDJm=A9tvV8Tv`W^1Jw9~PF1k_xT}1WfpLl+Al)F&Fzp_zrow)L&ER{;c z=1-AUNv!I(>(T1AL1;x1F*9aA^fC;-qpmgH6&ibbxV*#auam)&3p6ACeXG|ODsy(s z5vv^icKLQ&Eth2%waIP-*S$%3huBRtC%_4VsVF}na=XCX+B)hqfX%KzJ*wSk&8pw~VZJT0{h#8TJX{GZ0++37#FXJAUTV~~IT^dgWb6ZR?~;4JhewfZFb9ggrXp@{Zt z=seUCRzEcyA3Eugu`J01Zk9w@!_7F0C)xF1sI{^cQ?)cs1nmZ2AfO&HJ?*PI^9lHY zqv*_|l_8`0%?!@yseU;Nl)hOmLtg1r#B)TX_ix}i|De_+9LWkDs94+Z#I>3OJ!o5a z)%bMEZt&+c%8L)wffN#x9Z{px3#YE$`9Ghf0}a&7XgTcXfAtJGFf*V%QIoD%&CK5I zUi*5JM^qo(Mog-)65_hAqiN1^Sl^-v-op0bCk#DYq=fJX-HbJO#2qL({i!19P*w;; z-t!|ZN+?QPIrz{aVR)<9jA=l}t7_eM1YV_6n3Z(T(%@gQSE2pTeLbLrJ?7M z?bBK_@iF=Uf!#h0?MOF}^S85ys?+T<7m^n@h`zz{t}au^7X8hYa?B97^~dG|csbXbbhdUm+i8x|TalH`&a z4Vr_KN^K8+RNC3andq4<=wSq4F{VE~Wn`H(U>zPj#1@>UQxV?cP1i`laZKvr#8(-v z{NnsieJL?e_h0+oU5SU;Z0QDwXP%PD=Q}*xJL}PLCCU`w{3n_w=*JQyoMFTiV~iw9 zGfJ6zqJ#I9^~$3!e+*GAg>(n-)KzTWw3#`x z>WpklL`Op0yJGOgI9{zWHSs8*eYnl6@&gDmANAFYV!8DrYnKc$PNwmiccyZ(vSfdm zb&Sc^-Uo;lQ5jlZRuwSmefhO|bAYN+?HkaYPXF;9T8~x`gCURc^{-mW4miog{r;E8 zDtA_{+4WNt%E_-P>yX62jD^~|tzr(}ckj-r&-!;AZ?Nwr+ng7t?N|$?dn8OQzBLJ7 z^g|XbgfvE|;}QwRWokXu6AZGmLJgup1tQ&RmQA_K6Lk{&%P(hpfCh}bsdGKYwaBrt ziC(c{v|H(3nZLe$4{9d(eSJj0FLo7aiM&W_oF2UiAQ*)M&SvdenOGP;KW8&Ns8dm#$hLh6*j`?#ue*kQ~Wuysz8Cw{vV zT%&y_nMPW9EpP;cwejwsi2+z zRZ~RI5u^@Sdl99q`iT!N;W+1~T51tex%WznCWKE>S4iTpa~oDxvWzp;$=gxt^9rEo zT7<3CFn zF32#!6U}?7lJ&sr>~e0tDTzItrQTz3TD7KlF0lh#MI|>c#3Mupu0Rc}lExN9+l7p0 zepJu#)*DN>PLB6icuc87Ulje?x8DAv(F7^ccZEr!ePlk_QwVR7$Vo1XTW3%tD_LGx zRLBrcZky0pS;{w0&bfT^9JX`=!sluTt4ZpQa5u!UnW8vTcsBagd`Uiz=J9af1h6n0VlmJ4`q|CVaqw1#s{>~Y;@G7`b^H&fBt1sNB z`lw|?)+uSI$2h#i{LHYcQbXT%rj_lh)Y(Q=?p?{m;cV$G!)=*rC*ogl?{a(%Ea4gX?z({RHwaUE+lrkqe z5kY3?&l_>FG3^n?t?6R)dY4f|x%`i$YYdFEX|}O#Yh&A+Ol+GQ+s+0PYh&BCy>T|S zZ9Ca;gFEkcf6U+MeyUGZR~Js5EphxFVX%+^cXIoD*yB5xnL%!`7PJJ#ff&DggIbX9 z7L~oI;lx~g;>}#jCz~pXMG7EM+-3!4vYI1#k0^gxNm}W0f{I0gniXfgT9|FClIF4I%RRK#B zl{)p19}&1v>Jwlo2c(a8T*pMdhrm0j6AzSyLm((;W<>JmZF{CAq?ImvW;QCh8|tTQ zLaKW%jbPiw{xLNvpD;QpJ}Ag$PAjk)$^OGyf6*!aPfI>>Qz)7@BhcSxfwUR0AB-yPa?wZ0)kk$4eph z3BMePg-HiU9EOi>43xIgNGoQv7Rd|=XEdg=ulTmfqm%d=shtSItPn_ruQ<9>yzXrG zjbSVrvDb2%qGlp1%TVeN7a-cY!2f9K^~tjlogRG@5^YP+?h0s8@#f)=q8J$thQCD! z%e1YeOZtH_$pNb*7e3iIIvT~vLy>S7*4vWB`9MYrWCcQ99%qbDk6CPL*hXG-SPc6S zOgAeZ#o2;X#o4_TaglJ;A2buov1ZVThMIutQYk!)uVb5&Uo5Fv;ZpHf3A$^nI;gTC zaE-HieV}IB@S`COwwQTP()_cDZQb)`&5Q7l?OLGE>#3x?fOvdgcJB(AoSC#>R*d~o zHgF^_NKxcg7-lXs@fmgBjI+fN`-PZ8ke}8(r%Yi&FY#DL!3t+7#N1q@k%DRXtIQgG z?STv-DM2$kA|b5xK}s1+pR8>1#t*rUDeMW7(e z3L37ipujj%khH?E3~AAkpU+eoU#ONR9`6qwo2OSCng^{uF!sOI1Cm+>&p&#Qu4B59 zi;H>IXTu$sAl7xBt@i$Fl+@!4EC~`xOMsmZHJ7BgoGo@F|d1K@Iqw>^d#xa zHLht)q|N#Trluu%v~&JidU2=Cv~qEj^w!e_b??H$6)A$y#UiJDs?eLp^9-z?lxs;j!P9^uiUrsZ`Co)bBvYnpHZOTp70Arr8RCx&|l)e?txE)n9F-=c55(tebzB&SS zIrVnY#WoySbz^pHcKm-cn&jAkAg-@?C+*2xz@_~f@S${7UlZtch?El(nK9WLw>_cemp4 z&jzW+9#V&<3i1845e-+#5$=0u2dh+SzqYJ;X4ROgM6Q2ZoQBF)6Kq=gsp)uZSArvd z?j{OkPo8WPqL<&SU4AaOj+-XDJW|YQqjo6tIetWHXR#qJbDI&Uh-dDx|LMn1d_{m+ z@!~<%^8wNPz-6hll?CR41{lbZaTwBEI6BsPMKu1P_>dWSt->z5{&|y|Z?b47$a_xT zU*r{e;(IZoJDi(cBdOM71wg5j-_LTd+%N&QbQ0?t+|_t5(!3T5Pb@*|P5R#$kh&Ec zSHT!;zB&C?E`sdd;jB#qN#v(+^^A;O6w5^N5Zxu+Fa?gKPEu06iH^ZBHp|4~^#^Eb zlQYFnto7K1f8O|pdPv0EGwXY%L?p|zGwgLFzGI-g#2xl+f>c9C$Ge{i^39;5nHI3Z z(@*xFjDKDBl5Fm5Y}%jjYqnSAGSI3|e30LvKVW7B!d!7Op&(|o z$OdP;rBFZ%7N?sy8-&^LsUV~CE25`>jioYb$=jw5Upe!=;9mTlyqOp`cH`GJQ&!1?n~JA#%AKRAmF` z-$11xhU(5lRBRQr;7oknU^W|;+NRX#3xnP6NVzl#C4rK zKF}@AJsT50zx|lKLfyWYS~P#GOJpu@ryE4LdBu+kqPVG#`-x%W)+Znsm~sya?q@nr ziy9`vHL_VPHiwk30cjL;mSqS>7;P&)h`Bq+k0RU2tpuh$SJMcC2>7>+ZNqDBSS_r5 z!ntA|yjzl6oGcs3HXn#y0_xv*y6d%bvx%Pz^NbxkQT3p>_;(fZ`fy%BU!gO{I8K2c zsqPI;WhSRu&yN`hUw2Qd5XIg=>X|}qUnGcb4{1O0T51{w{30ua=Aif)@U2frq8l{wS(~V>Y}&^Tf_}gEbLd~|BEV~q6?l+03R$Vv3w}FN z$~q3L3-)yF5ye+}nOfgA20lsf#rW;93)`4a0)+296>aW#`6(`JoK(j|F8-R}_fY7a z1crdP#)iy+8?Inx;l?@UvGF@*7RfXw7Wr3pROjes1!2LN zOhFWrvnl>@1eH_&z*Xuz@6ZK}ujrQOcaNrDe+_#R^BGw>Q`Av5+$Wl|M~}SIC+gI2BKGjsD@=4BlG8 zh#y{U6$U(`ABx1FfW32iL`-ZlIaCBxlb-2$75}E^c+V*hCBB~qHoARZkdT6}!3ea^ z#R`dRk587IQxRxYNR;-bNQ48K-Hq}B#EoqT?piqtv_I9g-rsF`LH*2s;F}%fmE)j! z{7J-sgeKx>E$2%|sUQ|%cs;*Prgp47@$T1t+}XA@w|>YULe;Ae-^?KXPIbcz)xW7E zbnmjnRU>Lcju`K&(Een%LPN>}w90(n8KwE?PBy}gk$Ds-G=FG~QWg1tvl;(KbOI_f zwGHkNmMO`WRCUe(0@F3f@>%!+FX*iL6y)2N#WTOlJ*{ zU1jw=UE5`S)|l<@dY|~s798h!HzZX^7y;Qw@P2#c-Jx5h<0FkYtALzXx36bPv9-on zXKox)=ldzah%r<}jfNE1e|cuzlnQ&7|harpHx z>YIr`)K4=bN_Xw#*vIcjItmx9{={iFZq#+8I}))9J;WcP$^jcjYEa>`B1t7OA9dv6y?uH8!e57~%t!Z7~mq zkhr;8L`hKlg2MwPfMo!&Jyd05z9pi!E>vr`<`&Tw=~HMEWAPLWmNiCipZyCs{YW$y zYwJNwC6jF#!Yv_D$uA$-U+XG=OWj{Ah~5unKN9Ibc}t4)=a@SKT=H*P&@Nt%tpbL$5 zYslVcI8hJ*aX^vvAzE68fciFY6ntqzx2ml^IuQ4+Hwvw+YyRwA=^x20ja)C60t2;m z(r}1{gvdBGYNW_QW0SgE5}9gl1X&PBr05o2Skc)rMy#S5R;+ky=MOn>k`q&%!O%~A zH|#Vko>c_FX{eSUvjk?i!21p4EFrN}@3^B|xJx5qSZXj^RFqPsXal38zM72{9;&0& zs$S&r2@cU;M(B1!+YSQKhG$8N_QO!5_rkhTp6s%eycil$N;Nm<6vl$ZS6>26CD0#{ z`D?F(yi@P`MNH2M5jp180Y;i&@j^zZ08$O&=DMMu4h>-k=oRG5 z)Ec8S@wT*VGm8}YX@r$q--1OU{WM9#2vE=A9o)cdsNoBFr+ROq;BMM+g!YOjCqiZg z>)>oFLk_KnD$_Mo28di0>_ksECvm%pY21{>aNPvuwD!UT%7Cf0#OU4RfTTXqpjt|_ zdpGVGKVw1hM@mqo)KFw@)VgpSFQNuRe#P1xl4}WO)zd7Z4YJ#=K$1n%DsI~&+x1bF^fW! zj7T9fe?+BJJfPBSG{Cql`-*|=VT_%C@xXfh5E(oN7d=E1oepqD70EH{oxslGF%q91 zyT>U`-c4L)>V)R*G!noOO%&VjEHQ*=q{(yN9RIvf2sOewBILpiOBcx^>sgre8tT^o zrk&j9ZK-4i*ZLR{?7+7(iqO=jTzRBYbOmu`^Gdlv1YE}m2D8LNdy*v{hPFx`_}8jE zLDl4y9~I8SX+HaKnZ=cg-mGx9?Mr3N54}ypvIWilh%oS0fc8jKFGF(CnQ9sZA2EW4 zaL_kxeGIt=u5bj~Y zIxJrcbKt1%OHC{$Z!WouU_qr;9q^5t#)eUVA~*Xj*NUC}U2!>G0xc>=E2$M;p-MAk z4=GBuDH}^gCy5ckdRTjVc7R?{JFFsdb^$FKcf&hMj;T~M z9db=eh7#ED#-dni{LxNYhT`w0-*arHs} zKwTBO^2mlwJ~-a^(}c(vis$N-{+Wl=fl6stBu_I6zD+B<6H2N<*;BB(xP>9TLIB(m z2;mDq3GP)N;Zy`k)JKVvu&_xiUv(+;>ISeaFleA*b`K{sl)ECkuSZ8IfDA$}rjl!} z;}z%GrVl70s)opo5KHJA%qmfS!G4enm zSOQHa@=0wQRaqfc;b$5y=^%Q*nN0-xUrs?jKG6RXC@RLrn1yG3;g=>uhxdim7&23h zwC?0A9r9|fOdvDzlWU$cloOWZP~|U<@^C!WYkQd3sE%K%<|12YZsEYNq5{tmLHgTA zt@0!LI2Y`K>zNBN3h7$}>+UW3sW&r};@z;gdTB9OM+z@PRP|WNaul(BXk_bxlM(3L zti+HFtR4=3^VUTKOe*-F(NGY#T2mG62D1D`7J;&iYG9LVO*`VYZ@(+;lwP1~=d*{e zfJ}3N^Qc!j9bE3?rSJ$yZDtU4(cLik?{}(;X|Pg(#u1 zb`VLq^TY^kj)R70Oyijuw5H-WFg6I!1pbl17nL-Js(9_D z(7=lX9-GY5t7&p|_}#FxkFm~0jp=-!BD?(Yxm+?Z-jCefnSJ)d?V}L6dY{)#UqxAGa0sTXtu!K zA;!28!Yab*SJ9)A&ChxBaw>YBO)8lqRVNq z!36x|7w!Atb`Z^xw(hN;*H2}h_lHL17{-%%0WEu8#=OH9K(cprZ;fM!xboKBTNb>h z*|1;9z%j$3~VaNbq`8ayZbv*0%sB!u&we zhmqt+BL31@u|1i3uqicp0M7IUeCnAws0SE z=snJ1sG2JQd?FqnErtNK149&C@fu&qL5m{i)Vu4Wi&VxubLis9k_qDc;ZIw zapb~eyzBPW?9Gs&P=JPbC%)qw}GB&!7PR?%|y+;0Z5B&lEmb0Sng{?QPwg%>hnMc0x`4UQ_@ zD64H+BA7!(vPZQ*PI*m7yl+bjeARcpr9j12*{L6Q7EM-oSTFx1zFPe8wO#9Uz4m># zW&#>*Wl;guG>^h7@!P0rKQp-?N@`xHn%(eykD6dJTG)R0A5{UySKyL4yihgFGnUHt zcm~LUqi-P~>OBX`wN_xDhBeAdl) zXA%B#0eawPZ}mss9m{~IKvSZu5V2;WRZDDvPh^J7vkBf&K@8<~bjMK-9CO#C5ObnC zpV0gJ_1mEe3C*Cn3G6YpqJ){hxBv!`qrLJ2?26umu3f)4A|>Y{BP2mjU)*qflH+~l z@88OPZL}b569^&MJ_T2jvL>SG+}Y>e12_V1Kg*t1ddvTsYN+_evxz9*45EmF=pH|S zoF4HL@8wGkhE-_sj%VU-On)@T`@7@)-T2NvAZoFr<0Pkb@E*#ky_3yDN*T#D7D_1@ z5#zU}?^|mx^VvFt=OWvMK|7eu&&~`698|G}=zUUpk|hLyaj>^`EcR7sF5;i+vR|Ye z*RAg)8+Id3f5Gw7eEps9yKTEXd%Xcd>;jV21g_+CYNp#>Udzdma)cA_FaDX42OwQO`&3+>2o!)K%MQsD1KZPx8h2S3IX&df3gl^?`Pit6 zYWg15@2T`<)iLexI^3iv<_z>@V{%-8M##u7ELwH-GuSiik(%)^sXcTg+17{oBBPcU zQ-DPY>zUM)%NTYucG`%UY~YLFyI8N7Iq$ZLevGlMfIc$H=-_Tc43_Z zTMZ8l0lC??){K;CujnTox%g#PJA^qplKDZr1@i4_6yt=6_!;INq(IaAxI)Z3(2VnJ zAsCLugj!#0pb9v`zL9UFwAaqgSK-#g2TO#Wb5p{#rS104%S7rQSU#C^*j{U6=9=Oq zXg@)mzjxZROTOTl8SI4a%V!v#VtgIOA7-PLY#sjYOj3UB3gvU)R-j%gP+5N$(H2c4 z4ZI?;G*)M!u^rye5+D?W2v`9cj5-=j1Z_TsNI*3BWgq950?6_!fM8{05*7}*kaiUE zOgvnqumF4C)*JDf*6@#9;DKvd-nfHD#A!t9{spHsvBc|2SALy!-(?@`V#c9bBAk3G zeB?hFG+PT&r*(W|vRl|YjKDV~_D=nplR6l{WGE= zJV{xC<4lm-dJJV7=N}$Ozd+@Ezi&#}FeSq@zBz>i(9zZw4CR$j2GWhJKYO5|Asjc& z_$f2o&zdugc*oW9y0@b(3@et z9M-y%%oi=^c{ufNJWL-L_`zPB=|L~x&NAmz{o|3N)_P0)_SkcSVBfBn{1t&d<(Msi z%Ch@-Q3R_bA^HHdatEii^hA}ac8T+GCWiuonlA+cCMX`Ubc)=rawTUXitMT4huV0K zCu1w)&uojbL1OFdefO%mWx!HW zSZi^qZhZPgu3jJsyX!+x0OBYas#VcS;zbh4wF3X80dFTZCH@^6X?qpykO}!0JLZ&y zvm|W|!+_{$L8-R^r#Jp`%y$(|ZhZB-NIamrl|U-;{&VX@+&C=x?Nj@4_;(BH1~7Zf z{KlU_Q+nx;|28Z0XKElSZwE#nh-P)~aJG5C(~q>g`#Ln0e;P*8<+nor78(!+fxJHB z54%f-68a|_`6O2RSv4Jk>_AZPz>n;tL`~?ig(wLL!f?(O%?D=Fq$D6_ zUPKb;0t7?;`6>oDaGpZ-nUu^Iag>&qU;#(;Ke^@A>ibP>13A{GvQ-~2sJU0Rqupn; zCpG{I4FwEyV#H3odudzMiL{!^(r*X8pupWP`c~})7D5rmu*xfq>pB4v6J1phJjCvppe z6yz$2C{yg|^D@Ef@7$6bMxSj2H4@6I;yBBAO()U*LWpl{FdZtM7@{eh$Om5WvIc3U z^5cE;m&fnkp_R0|Ot*lkzOF&J48TcY@Az2P)^RUVdonzcJklAs`$#*g20y!(C^J7( z*Io8~;w1Fns?lotX)kX|5R3Qji^mQ+2e54FqyzTnlrbI7PR%}Y?e3Onz|6Ps%;kNT zz6&1sBP}hv*S#V&%qAQiXKJBYgg8> z%ik`gKDpjR{Rbf8r#qh>RG#IpW1H!XM;AyM%@asifBC>(glHce$f7?IpIX~hJ>0V^ z*a?2VxVYfmZ`wd#^8S`4Z(|TID7d`UOLs?NWnHech!YPD1oQH z62~u;B+fh3FXlbS$^wg3*H=2)vapl6t}~LOlIEmGP#N5t{@wzXHC-d^ir`bRy93M1 zo{eQe+UE6UEl&qZz$3TRJB(n<9SFw2TNR-zOMQzzK~7kj$oJAwTXlsnNutEgi=Yez zftuLDgZEUB`MuwywE6X)=sxW!>qDFzJXYz#X|7fiOA{Xu7+|sw@r@OER2lwHvi)+L z9Gms2YM>n2Bo2CjmjtDyP7ubM-`a>$RF}3GgfByf3VnMJe}Nq{HR)ZB_A_%{w1WLw z-0rdN_)Ag!-vW8iCi`3n%*V|?{fr~syR^Phk`+o?^;4*}nv0lmangpRV#jvO7E2G) z6iS2qU86`~6+JP6TpS{>{*h3E!lu9l%uRM0hm*QNt40gwogoWWw^YZn$DW=IHg=Lz ze}#V-(5L6SEEu^WQ|)Po4|YndyLU8`6jgRttba@*NVlUgO*6s!_h$%H$O;^jNL4)& zUBXgs{;HaRPSs;-dV2aY_icV!Qy?stOE67_qzmZkh@T2nN<}{{frD56DWcp)sUiD~g5kSJL78Bi zR9vKtgXlkRM!R|sqWbQH?Q;-hL1em)c`xf2V!GFcOF?-xMkbjP z%zuF;weEb~ftL(8k24eaiz+%}MwnzRAM%mc{%4+}kLat@;F$TUpHRX1|4So)L6xy3 z=pPFS4%#P|kF?h{H0y;z3+Rj9lv>VU?*7FfphA*8a-l$E6!9x5ZA2`jqGqDwLuZ1w z9|@EK0a5U${!8$%-DtTh)9EbErwWZb5OwmJpz?eDt8M7Z@5ErS@vPH_627~N;cVSC z=qwa*?Pf*pa91NbYN&nr36C!4VDQCoSR;24iyd z9=m>mVQza^s`XoZHx+XXBTg^Pd)i%?QarEJDM4%ejhmyrZQ zS!_liFlH`Pu|J4b_(bI^V$elnYYGt0kj?Z|+Re|H<(7p;Gp-Hkq*LamI*BBXpjHD3 zLJcGcaB=<86J@fuxs+S~qE(=nd2F+2q)fq*9G3fmES>ri7e*7+jz`TFqfLs@PE`&# z!O}9-j~K#N1YHI{@^46PLYp)oH*{9vKnO(ndhtZHewAA+vMV1qn>}1iD{f;kv>#^Iss9%`$<*m?^fgX)H$<#)n-XTMf@2oP$saw*^S_j~6o z4V0~Pfq&4vc)w_OA2yF!qx(8%HRaLJ@~sN;)ov*;9BTIX9Z?@fk(OkUXq~A=@x~+_ z`)JMR+eCh(mj)+pA3HpOfy44XSE%HUFmu{gJD`4<7*d6e3%*xToj9FZwdF_mxsp>U zGliqGiu@)nF%QH02k=#IjPn!3s2+ZWX8diIR1~0^xJP-E>Y!k<5?JrN(w$0is~u2BE09hPZ?ppPCOHALhUNUzMdM&$jo%uRh)2A$8EjR=#rE z^DZt`^Y59-j`l5y4KeHo6SU`q15*KiYH#q;K?FpsF+vw(u3T^?Q9!x1I&Rvlv+Gtp z^73f`Rb}*F)`Ra=1;c$I$YOApHoKZ?V>P8F_Y4!X6p4m4Yx$b2DoJOeN<(fU8x6tm zT&{t@v6G*qj22RX@b(hHkyis}GrG;wXe}t$Ao4+lGiE0OiqBZ|^uayr+{q<9VM^f^ie zhAvJxE8C^PE#d1zZnzMP>|T0J5icHsWh}hRR>g7lxf&K-Kx(+ZzMu$GK^k%Q{pJoJnbyl0~6&3<0z1R0PG3WhRiWK%11Vz~1(hzM zo8}v&jOV3JBTv792(u#L{L}GN^{(VO0p3gWZXNHveasL7ny)36A_Sbh=|1Sc;Y&Omqukbl{ z*Hx2`0Mv}-?-E9Z*U`@1>XD(C>*P7iLz2)HjC$c4$K}&Al3%|Nfj(uZSXZkn?2I{2 zzMrH_JLnYm#HSl0^VPIb^wfMTMy7nl#Wv#F>ev#gesaMxDmG-oVoVif;ub}=|nq4RX&ce6jCy=yk-FDC(=!hl#(UEVvp?iJ|^gD6v6Cn>Y*ga`_C?{ZR<=P z2Y9yT1?1oUJ+XPc8r513=M5$xz8zO2oAw0-Ln6Ov{&5zY&x~Bp2bwr1X==!ov-Rsv1GJ7COiFcQ~SdnOl@hfij~ZWwij zVEhq6>x-8w-Ex_o;&KzsEaNfn8scwO-Cx)(yt|<}e`uUDNZY!T<)rbulVI5jS0OMi z>=V>d7YZqKsN+SOs42|TCB?z0ip=LM6l_^g6&3z~kZTG;E;vRq+dZ_Vs81cpz_*}s za}dS>5nJY^U|a%A2V-$;#F=0lu@@vx*pP^nz(Mp`VEvp3AZ?*VD`&gl7;xWm{H}{f zHcOynJU~c*3xODahhxEK?46KAQKF-g;=V=gv9z~n=2!fM>Uy(I)D~Ne{E2-{cq1Sc z%W7u`h)<8)h9{M2?Y95t#nd)40ALUr_&shA}0K|feYVQN!x`{PN5;Nv2gGt zkpb548!_=f_K=}YTAs&Brrg9z_NUncpB)h#qU9XCfcuOy&ul6thca#`?h`PPvW|G^rKBQ&Lr#Us$x}2Fp7@kxkzH zarYQ{&R?qN$qOCY#s#pbh^aC(nHR{xZN}5*w~uDV4G0fhqc6cPZll+bq@7~i1DMho zT9Uz-HAe%iXme=uWcUN$A^~tb8y6r{{zlT%y;YRtcxYMT4(J z;d=4N9=AC}8-5>ppK*v-o+mB6Zy^p*KnV|yCVbNj*eYc*{NgXR%Ucx zhI!rHlbov~)Fp=EY;?dtHv;&XkaQLCG7?aAbFrr1dpRZ|%OU-p7GDuY#mESQjYJAKIIx=c}JB+mtn6?Ib zpez20xyIF=HGl{F6G#TJ>@+hQE6hZeo5@t`t(|C0ZxYZ4Ws-mB3SoXkz2S!vOs=Vv z;}2gN!XS~42sCO*O0fY0N{o%?W8}AkM<-UuaDQd!&DYk1HX`_~TT3s@({Qf~?>xfm z8&WxLB3T$sAoCe&woO?0Eoe9f9HPc-QTm04-&=39otngjiFpcs=qXMdp>ceDA#_^p zVLE7MXws=rQTl{ym@_ebqn|*Kjp^ zr_QcPphKWY$pkFV;8 zkolhPGk850XK3;EIBwk4sm&TM*|k9leQ73Kp*d;5=FKh!f)_kQN)ATuBZ;x_xz>%NY&=1|GbwNxAsI zvKQKcU+J$AvNR*d2jZkca<&GgoA&TclX;NgX96dsI{Rtb2oDe}#Rh-$)-h zV6w`aOzR{0BaJb+1b18cZMx)2=sXUHH z_h4)h^Hcr7PdDXPK%CX$mmRPEYJuUuZ$986a~>0I%%It!3?9ccF|j7=h6f9uPWx$i z;Y<0~xr?V-!JNKiX&tVpH-%qYNDEL!216&fi-!TUdDKiGRdSBnv)vSHNq~he!yB~= z5~^$jmKs54Go_{kYZ$6gXpBYVdu!r^RWc&08Qam48qH9W0zRUHu#YeCv}4B4{xc=; z)vR?Jx(OH#?k~1ShCfUlNIa>u+D;I@^+8t3n zuF2jifg&;sQ=S`Cg~7X5y3~#axU94$aiPE&o&yOaJ6)5A^w)GX6khpD!|b!`YCRs! zRTY@G)5>w{3NEUF<)GPSwBpppAYBi7%#_BU3s&}UdW0u=dIS(q%=RAzP^6B_|6-*1 zAmx!^5;I@j?gn`G=FYSwMv-$nPQ7nm1y6pUnfXtvwV5~{Jjr-k!2jfb-g8J)NCz58 z6MSn2fQsD~nvu}h9uB5CeX*XpO7gBtpT%Ae57D;a&UWAsxH(b9nWOI>$2njg#}N;> zHMnW2_e(T7m31Y#HN+&~e5fVhKsvJu5fvZY&#j4e|7#Dkz91;xU~iOWiQ>cd25`jM zyro0))skCr6Pfb??GCd&35*y4jpsnQErEjhO1Cp3XAS*ardFkG>*@@Qg6SDb{Z}xx z^jNau8u*T_j0!4?j8r;b&^UvrL3l4_*}B}U*a*!MKXD*tmi}c<-C*wu^zx21yN_M9z?V*v7rl53;YUc?&Gi5b$iRUmo^_DVJ;QwoK8 z`!GwLos4|RuSO5d#`1xd?p5XIfn1sApf`Nz8+1NsW(W%vY0%gysQL7jXT)cB9U+-ylsAAKWuU!&+qB=o6nuT2fGF< zl1^hJH9xCfNIarCZQ}(j1`r;w83gE!vjA@*ZfD;7a05B!0Mj%KapS+F{M52bDYV5D zmDMhN#)@7JoE0hYqU@;+oW6tc$P$c!xoJSpY4 z*8w2{7kWYc-d8A&ny;OVfADRs29v&HHP^fzO2Ie#$WK)G*I76Y>tb}tQ}!dZ3|;^3 zXG;`3mlrGoWOv?eLY=Vo*>qSO}?Pz-%5uU ztdf@h`PY8wsl*WW8CsJ#9p%yq=h3WGP%0hLGP#z%RA=cz(}rNmpdsbAh&V_8UYL6K#FR1sz$wf|v-NP~kCG<` zY~%~uJP>#BG$106%H62pRAp^ww}W5k2r} zF>G)o{xByLpWcvj(Q(S+B=N2vY$K<)L01X^ zof`@+Tsv8YG%{WKl$qgZP~>ff1s7J7x^clMCuhO5Gv^+4cp>~Fngpg0&Q9$!BwWi& zH|O$I!r{Afk;GHes8J0RUT04`FYN7Kh9ZYia;bm*$-AZxn6gCT*k(;0A5ZEZqJj}? zM8NB&>u{KJUMS>6T9g=@%ycOGjPp%?!DI)EKs(HJdezhvisYtfx$Do+Fq%voTIz}c zlf=l`zHHe1z)T_}Z7MSwIU_4aNh_2)IGe`qp}Ro^j_;JsI8E34S|mr=#6A zw64z%iZsm0i$8PnSz?PDB`NO>ed$yFC2)tqt|@cPkFG4hi*5Q|`g zTslUpRvj~$ArFE{Pwv+w?x-=JnP;tQ;Y3h^`VqH=I=%x%JOP4CWqrIEMKS9MxO4$Q z;#B57Vozy1-0BE;Xsmdzi%2 zSQwY@wbTAoukWRkulpw{9Oa+Gevm~D7-|;8vzllv=VeOwAber}rrZA8CsRkJxsaNR zZmGI*ARdpNx3WISl!EfV#q;-LAjt#QM#uwW#qluG*MwV38uKUyzJUuJ_6n+u{0(}4 zL0?t~XP&sFx!!scdzzlI+tbBLV^@OZ09up}l@G{9N9Olu!vcb%SW%#mEl6RJ`7w-V zjVwqwiEoZH1+$2`7_)Fb_@~@PIzMcz{{?JdX|tdw=Mz7A>TD7qUKhVGn$}ZwUUVG( zE48{R9Iu;d>H{)6iPYWe$EOj_Y#7#}5IQk@>HXe#t zKL8sCNj?PfSP%@BQ|eEk6QBvGFTNK5k{U|64&oYW(sN#td0C(Vi-m(0@`f!-yO`;t zK_A^Dpkpw(#o`PaR+q*2VLL?_oa!BQfn}Hf>q<^ZEwdL2G|^t6@o&mk?+X5dO=$E< z9lNIEr;V8PweIN_SvrB56gWs6Y76JI`Ak*%Sc|l>E+`Tu$Z8IQ`#|n{Y9-{VkYwsa z!*+tiuO+%M;G#E}n$>+2Bpa75Y(U&lYS8Q7tEq{@`#K-E1D2_up`+l+N&yj`50aga zbGUI;$S}-3P$tg?eFya%N(Rqwt5;XdODXnQ-vhL*B7XlnxJZ+^WAKO@E0 zMV(3njLmZ)v)6RFcL9T7xJFyJ)5vgZb1YuJuWhP7rD+51=1t1%O`E|%7b{s#DKbDW zHCcBonqs~(8mo|7TrL5V%FA4Bnjt-PuEAHhE^sa9CTf+5>Kj)9p{%28|I0~4~qS-##9 z%hyzEEUQ95Off}0Of{hZoU7#lA76xJ|8l>WHs+7AHLHsPH2tzmLbstftG4dVH51Go zyhm_Q3rT5d1?p_7MD1qh+%aWMHCgCf=Ha-=WamdJqa1@b{xq=~@)GP4-4bm110-vx zrYGEt0513fFEA|VJ{Z!Xd-Q>N!?fwzCgPVF6juQf0ovCmzxhd%4%$jxm(B%Fk|hZu ziw6}74>CnO-Z%39sVFBr_0lnuduzfdS4yl@eSmai?QX8+0N6UWc9K43j5Tsa>YICXH>+Eim&a~le{;rwr# z%#I%;A|2mYFICGsG#-fGMI7|57jUnCEmr|H$ldZKo!u4})S;{<#!E9Q5o8*(H7T)E z$gmZ#*)q`i($=qv29hnmtD`TLsiWslqXJ;ZXGZ1%Ek+^=zma|8g(HseyIVD>t28J3fHs;=j)j5^j4=(=bc8I#9+OlHNU zR^PGU7R#{U{@V?r#ZNHZ*bav4NccJ$cjO2JbK7;HF`+p6Idf~ zj^DZyLpRGw7yph0U|=~H#IaCB{QBCIEOv@|kXHj`=CRAKJ3kJ~@dLqRYl5?KfmnWE zBSQbikHz03PY&G`F==bv+IU*)AZnn%*>WH2${IecCIp*O${A$tm!HmeaUCu=SpgD3q{M9{ z;L~D&qA>;3q8<`%v-K#73;JEbh~T>r|L-xgQhLkHiaIiUGTxf;1L~WBJOzr8${oy= z$@rRK3_ljdL_uFu@ZZUoJ=_(3E~Be)QpJC{P>#|uK~*d zL}@~Qj1Q|*k{K)l9V~}p z>q(yVM%9in_A!~^rf79tGlvrO!Q6fzy(xoYC|sFDb@(Kxq3xK^-5-pZb>Yj@&yyvq z_f2QtbB-dM3KyKzIbQsF#5AS{Io+Slb81{LC9<#oWZTyGM%3?iOew9r>(H2*e@~`K zA3mIbSM^@z{KWN(1NFp^@od-agY>X!$G=ERW!4Z%g(G*Pw#<3MYC^+8yG9-;;*~?F znwglud64msN=~gnZBSc#Q3JK(>MePb`}`ej(WrDJ--2^2CT<*ztN)>_FUfIf=&PeA zm}X6bWFYU@psz$Y6e9WEQkb*ny1VYfsB7cb7CjHb|$2Mbv>>vr|Mc`sk-v(N9HZGVz!%rKzORr$03)Ng;f3cwNshp&|IV2#DM z&hClWp16{F7^F8)%pxPHh+p8Y(4>m5bBG>-MCal!8$|?yfGDdP5qVLDvoF#BoCpUL z5oN9DRGx-@N_Iw8v9`?*`kRKPJQ4cyVNWC)(^J>Q(=@HME zkxF)S>Es<7+yN9@7Dbb2my2!&_PQM!;X#I*P>hU}9yc9JQ?yQ^Yz{S3taN62y8G}tRDc||{Kh(>TA;~^AdCZ$)ZJI9Y5MO(!Ae#@d>E%Hnl1_hcK>N@J~{hzEnRAOIhVkpE0CR9P)F9y}pS zfaBcst4Umy+E~tB_%}r`hDmnwVF_zj|5y18luYai#;StGPJ*$*1e>N=HgX(6mi6#y z)x3^o0U(Q@E!p!WCYzg|q$-u$`z-ZfRZ;AB_cu?vz*I6(7?t%j9kESS>K|dR9SVPY z#*gf9`Dx!_>q7M=gPL`}y;sJUSwRM^HfXD~c)?=dbQ}MLK0l9?u7}r_DU6Q2s8%$n zKF_NhrTyu-v|9D%Ad@RqC&`*!XqL{9P82-?O#roiRl|51YKM!z>=lt4F*w+IIT{#q zF&tPBy%!wVNz)o|=y6J-h>+U#ft5vnIMg;j`u9qhTgUFkfu?X4=Ki^tI}}+fH3G~0 z#y!O-Or@Wh?5y%$M+B`|_t- zw4muY-^kQ)i{x)BQ1mQ*O^@#P;+2x}$Xe~ty1iG@^$`o%*y|xK^ZSQ;y)*Ny9vYh| z&*`))f(0|5wYovNXi~GI;~c2vP8oEY?0B~h=%*q4=v*rg%NqovaQxwids7(` z$sYgp78(>0>~{eD#Ac>qq;HM+Su0phR1Q`ZwRD=QgpHbVl5JrqmR_Y1hw5<$o+R+} z=TX4D^ns~G;wXu+J3c|+AUVlY9!eqruwu1;i24}^7U`7|dwoUh)sEDC@zk%}yx51m zbj8UD2Pe|KI064_neCE;5RW46M>-^knl(Y_AhOctMTq;5(Ln_jVQYW7T zcFGo7XH|mKto0+wrqQezWHNW&5#C*X2$mr`qM;GT)j}s8B$Jb5DKY@nvUlrUYH7Lw zIbJx?^74kkRv<-|{}=iep+0ms%pPmn?Uj6aAG9q`t#zHXHT;yg!dZ6_#l(2hK^ne( znmVrbL0>h&z@cl52gs!uBi6XvV~hvH_8}Z!SLq9+z42Hw!cm*}!eQISgJM*CG|e1i zP1+BFrr_xRqBRt}-T}hhL<~DSO5B=aSh9QgD0=+axF)b+()V9)1LnXTGY8^fb&j+v zOXjg<@D(BxmC@NvdG=bVtEv{ukZde-kGrl#Q;ojwe*EeZ`=G+xgek!Xuzt8j!MaJ%|_e2UhPI;`3#Y zVf16e1(9RtTkPl*q+n12{zR5XnHp)Z0X^4pl)6Y_EA5XF`#|YbHj$sDrRXi}?8uZC zPI<3rtmURtkkcOLs8H+~dry9*;{T`zCuX@l(f9tQk7bvN3S%(4r40@*YjagiV~_j@ zYk%2(ndm6TtOxj94Hu#;Hp2*eK)R{pz^k8RfG%MebN=(QuWI^F^(RxaR__boJet;l zj$xV<`F%n1nJ+LX1_d=fLB~mLnqULxo6-Sn42tj`7P-)@v%U3njbdb&>tg3F#~6K+ z_=dVna+BU-p_zz87INgrMT)rK8Go4QB6HY)Q&@VTlP93D?!Nf0BXef42madLmH(P$ z!2^8Z8$?$cxaX88C*Stb@k(>>Ub0K*Rzoil{qsjjdoHkzlJL104p0h?RVe9%Wxj9# zZZ)BObW~GC8$n}}G3zPGnziJhS)GZU3KkNo!kz+aR-OV|FkMVNfK*IPVD5=e5dMk1 z2Z>|I`2%2jFX<{A{vIKP??q ztfR7y9%a%}uzwI-q81G*79A0Eb|SUP`Uz&w!$zr9vl}uoj@GX#BRhzws@|=c+0Ytu zBeteYpOC9cAHW+=4#yTlZk4iUZbhUFRY)7iu?TSgrF>)Lj_0{cH74o1X=vqv`FB?e z#%*JfKwz{B;ZHmo)JQc=M`+KLYq9GeV%se?xmSjQIsb?iV42=kq<(KN;ZK0t^|8ku6v2&UzT%2%F<%J1IG= z08psLy!WWElomWw16ERBVLoalS0Z%HKAU``W(nk(@_J9tlB1rSlA~;kS1;~|-${B5 znXa>!yA9e#*C2ofV#);doTFux$g^p-RM9ayS5K^&WD=V2qAhL(jpk_x3KBZv%cf#2 zBJQ#+;Ag&VC6WapPY8U!{=nf$7-KCGT0Hnk6oh143GrM!vO7qBh8ezupPq$ueuF+R z3F$^I`(uAZfN58h>$gFMEju%#e$3}t<=ETRpOcdd07~64aa9AV7rqV!iBP%5q+DP< z23rBoV6w_DYNqiJU&KPPhbR6mnqrCBT zV^7!LJ0X~y^)Gj%Se5^{Y$K~Ia&Y_1Q}#CPG585O1zJW1^zP9J>?CVNx?+ig6Z;D3 zQN>DW;an+}kSE#@vPtTw!h$!_m_p&S0ASF;?rwXpRHhz2i^qA7e^LyA8qh>&6?0yqrQ@{@ozl8X)znMCm_NH2Rf+NysAo}r!MIi`uT&5YO({4vj zs6rZ}2|g{QmDX@Ek8KW1-{Z4bQw{<-R1nCa{y`otg}(LlNZkbDOWdM6)EbbETh%^nhNSNdS^;Mi5r;q-b%b1&Ur?qB^R44lKWhOlu> zXE1{$2ZYUsT%^oHEqY-|TJ`wuJ>gb75pYC9&`^tWL-1P_eF|ozPpuE%A3g#meV;Cd zE-!U=HAu&iOPaC+{b5CLk3OzPHX&18xPo&M+o&=L=P2VJ0s^xU%O0aULtpnS*kdEN zZl1A&Mm=dnITfM;TIFM_QX1zO24pK(&&mjC0XCzz8fLVm4zB9d*@^f3DdeEgB?pBr zTEE&*+li=M4FWhx(2tjZGDE5r+qF)HaevJ=vS`8WI~rT2s#KF}8d6et>fyN@re#ZY5uB^l4MLA= zd@E!}l`3V0bN_-x5*S20Eic@@i$tyu3rC^`GZ~p_Hjuul)hsfkaKm4vDQg{f(R+I2 z28+WIAM1~5czFKi_ywEUi#@aiZ1ZRXsF6=@>Up_D%P8IA;`SlfVEvU9RPX_LgJ>X* zgQ_Y`+i0@6y^M;CLWM=rguJuH9J6NFdhkceIwWYy=rZ=gk1UcmPKvb|EDj2&TZ* zAnzb%x~C>ecF*NfF~}bdtI1r5EC9U@^zh7w?H3=3(MTxZwwN*@lj>-BB-U&i1Fk0B zFnqBdrv5^TBb^*MLMp*CYK&GPg30u~a!EqIY6-|yMUmO~@oY?o5nepSm9CW+!kHu| zEx*`h8g4xbZ_hN~rh+z~p#k>>S8*gsnOiaviMu4s`*e>rqD(M&8C^O zbFpB_saH)tO;mO-0d1S&P|QozU)BrajGy2mW3RtoNV6;;{%^9E1wf&=fhWi9F&PHq zJ;SLtkykVf8E~RyMk+rsAm{zUj5x+NvBfA|%KI~E$&2_5{Z8!+UHMq$qJZA5tw|V+O*0{YK#)P~sT%KQgi6ty6pb&>ls1yg>jTjnN z))2OzLo+4-bzs4#GT2kf5zA|Lh%visE3c%tqbXGx^_i}hl^ZUlfvT5tgAM+}n=3&E zs#R90fxmBYZGlg+$C1AE692n;-;OJh(LxA<)kMxQ&5V`EPaEX1b_JQSsG!A0GmSK@ zRII(O-B;xb&~#J)K=T2Cbl4jVMp&)h2TRto63K7UIK1dModH8rGX`ElWHDL=e$xG6 z-so&Q3%3>}qz*^B&w=>LJ_Q=2gR&a!Qfckep!V0l7<6nh2-#7zrZEJB%Z|rlQ=qw+ z0?h?NDtZUXf81sbQ4$4s|F{Yd@wPBR;uLo46bs=jKpgTncuwRL&iq0nTRSvLY8?8a z(I>FeHF+}3;v4<3|C&5Q1EJUav3iWLO-#W5gYQsCRuk&0vZ<})J&yV8>li9@a#1nk zywy=jO`}KF)JCI9G)Die$Q^CHTKk_e{rok8m`yp30c3wx50Tt zFhT@=vv@1aulRWE$ZXeUzqI*!J?H`iq)){C{Ikk?1HAgsK6Ymuiu**vi$VVm+I#wp zvhcv|wP%CIMbn0k%oXOd(!@`r(Dkh+Vi;`m!d6^|m1C51RAWF>*bl~W@zz8FQ=x(c z^MXg@x*D4$Bw*_AvR|L*t|i-Lcm4kN1!mcpMdGCEM!G>yZTPNJ3FiI&KYri3rNVu|5HtpBkTfgh*$@bM#} z%phwx^b0Nh51mbSD#f@d?7MO_#d+7V%FjAHdwO((#Qn+jn97x!xbxwn>x8DM)RnXc zC)`kHfOjbO3j&7AE#tEL6%Z(F5~BwOsC1H+Pev?oC#REblW?jotKk%1pWiEzr>tyo zkEY2YFbHL0#uDogc9QM*FS&uAykVA(sSXK1g$6zUQ*BrJ%D?#(^65Q^hI8ONkanP3 zT;Uui3(OJXx-yt@5AKEkMDE^pn1~Zwubfx`P&JnO_-Dyj4Auem)W+~i!GTBn?U`ll z!n)HP70{s*r3iI{*r6NF2QeL`xJ>psDP<8ALeYiu1>B|cAQoU4*}@agVPqWXrvGLQ zttSBOVS^A#tU`Xbo@p$8?QA*J_s(Hk8n@ig=rXtuwsvGzLp~rTrYmyfapZkF4Ga9I z+o3l`k{(?X+5|v5`Cts+?3){7ujww{cgjA)UqnO;B_KXP@(hAofn2>1e#%S4Gt94)vfPEXyi38%w6M5~?0? z8gvJd2E^P&YurKVoSMOsWc$fRRrd`-IdK`7E6c0l7cl73$!XAvl+^M3<_wn2*ATH$ zQPnRCegA6ssKu*7ic+gW0)@b4AvVfevL=+{{y597X+YgS=I9B+-LvHP5rz~{-%B5q zpMY#YWcl56f9r8+ezf4A-a(mUMM1`9eW~u?pRbsqcf5H}eeJDhzT{gm17enDB~BLB z`cGBM7OJp~C}}b4s-{JCUgt9oiqB}ZBw)q8Rd?|r%)qT+9Vdh!%uc8I%EZBCqjn7= z0l?z{2;9ntLo(S?tWgF^<3)8syPzA@HP`~|g!W9jB=0}Bnp3;aEfRqccF*eT0@%*B z$bNaGW+Ta8!|Zn?_G^w=bX=I+F>rg1gA6hgIp~ZoWvhL z*JeEc)@-h((J~rKo^%#v##=9~ts=oHOGm|~d5X6kHW2VHWdIDcssGv!0XLmwgtQ2b zJk378n>hGabb3D~w50oPU7fBCunGa{Pm+ZN~jUzZ~@*&lF+gq3# zJ8^~&9y&nye(|8|h&{`{UuWEa`2kMYW*x4N8n4D+zJt%Ck8VNwLrq(j8cZ3#`uc^=x8=Kj_u~rP2)o9o>39*@6;SXdyqo{Y7V0Fb`<0u`Yz3 zQ4@_-6;~eo#%(1dK5bhjpL+e^(JtTA$!OWUB zbA1g#I!3;8{;D9*9)MX;$ESS4UOJ8M)gJsT%E>=R&rYNTzEimRcgKMJ>6HBvY`t-` zMH#!LB;*c$Qh2&;p4p^H)Y&10hK(@pv(P;tPn8d}0*?qMi*yH041FtY2j`+0a9C$7judwcN zY6E4pYLW56#FCYX(0`?)L2y*e21n9E%qukyQ_7#-9{pfm_ zcK8I;4sCbi;DVpebcM{oY*{uYD`{P zlKlRbg|kjxSDT(dTyn_*D|Hp`Z(_6J=Rbl?&i4tZcWc4`O6~F5@cCZY7lnR5SUw4c z3gkA}6)uM-noXn2Rn04-WND;^$L=OIrdN-+I3Ny2&Gk#j}qTBjP8hJLsI0J!;n|tMA_3N^blG12G##r)lkiHK*YI$ z^m88YGh$89SfF{nZpq%T8WDU8&kYhpL7$XW63(Vo=N!>4gjuPmQ`Fmuu-0j{|2F49*7hS*6bJX={yDKxZc?454})my}@OK>b+G9@+p}B z#rRvt23$)M50i03vSBrbF$;3^EbEvUr!fI@sTj{R3L6fx+wB_^0+%8%QZaOvm&vI4 zBAMNB{hj}lz>Yp}8@AC=qavb1s{XLU=aqC11QqZNSvMj!ACfa6h;@+BYlS(2ndtLK zFMB0sRgG`rFy>4pqL|}8q%#=kr2Co3lYsA%%IsgF{o<3rD>>WC253WiK^%xyZC$DJ_X|*>0WZG2G#O-QvC6jlECYvN5I>=S^p>xZs zg>^M0>L{2HO>ELIvddF$8ZpE*^qT0ETt)_-nN9%8S|Uo7)xxg?YJnac;A1+JYx?dHJ+wlY4ui$baovr%gKqVR#!QES~h9gmSc z!vfMJn>GtmftI@YOr*JUf9^xD%Y^wz#Q%A&LFH0qgR;I7i&ARjN{Sq*v<@mA0+AY% zR$2hm)H!R7W0BYzlt8H+gquG-hSV4nBSe@J8cY-GgG9T~B+h$Mz#n9e&GhTMYc4-r z=B+vi<9~s{aU)Nbfq&E>KJlwQ34|uMW_-_*7VJle`bY8hpn&fG@G_}#gmsS`NfHp` zY!VTZnrMHdCSWJ3o6XOPTA`0f^I$2alw$!D3#Q|T;Ld)8p)WE=q5JAJP!ezBq;x=z zBMdxcYw=U;2zI}QNH3}g0mU61f3{^i=PhG<%$~a9)OMUIetv`wTqX{$WNIhb6*u{v z?k$@li?`e#OdUTvs;<@*$g5son%1iX0XE{9ns>;2_kM9k)jMZ#L)v$Y$F%S-m0+c( zxx!*$5=F6%t3|OXALrjr4SJ2*S&!DG|8a%I1Jq`AO#!#Tyl@-*QNtbB+|D&Mwx{CP ze6PlgtXtRA67WdAXM+xQ5x3Tj@Xd!QS)vDN$(@dDu$C>P+6XKLmYMJMyFAFry@$%2 zDtW4$fxPiU+&1pgF{UH8c&M^JiXLy3?-74vG{6V2+n>$(-E84ae|*BeH2-p(g=Odb z4JhzCcd(@=L%*H!X4F(J#6w7UuC2(E%gR)MXQ4nRS{Fql-fuxaWVeS}Z*(Gzk1?m* zlVzEK??_0DQEz7MWaV#R@k9dsfTjh#;vSA)xk+p{(2_l(|9e4*Fk0YG()6h=qGI4r z+uuFOq-9OO1(YQUU9@kTQw9rCA2j5i2YZumi@T zP#n-Y=~B7n9Dy#&Ro7ycEhATpzu#$M4TUBaE9xa13pzeQz%5>&2^)<#2}5DQ z!;#*!I&jLk=7;q#S*_>N3l!K=KHTm+ra2gbRUn`YYxJow|NDywHEs<7LJ7M8j8%(` zL1wbc6kMU%Nb}Qs95 z-&smEbT?Q024SQPRl`g0d7}J+e0yG~dHHyEY_Y!5h4EPbwEsjqD~X1;5C85=U>x5% znOTK*j7_83ACbcU!x}}xze4^nl)+wmIDm!XVnPk$2{eSvpdkzh#Qz(JE}!lQ$IJ{% zB3@4R{^LX~jEE;F3{2yCK~aqABwYzA$1kafkgJ~_*94q0?0U1N={lXz1C|y*#Cml| zgYU8E1%*(tMy4#R_CvhTk-eALs`^W3r#^M5Sw7?&#z^mxIaFZ=9aaT=_W^xa!!8AIWUw~M$y=;w=RokL!SRd zre%lc<%AVpI>6Ynz-bhn~(()g_9gE&j>RgTePcCl{2@%m%-@pyP)!2mXMY~hhYqU#P= zo!QTVX~+MZuCYHnz{~6J`L&rWzFNZQxe+0%3p+Lh-pNU?g@k4moa5>=prA~xY(7}_ zNi!tXiW#&t*NHr>RoY*eytL6%wSpRG8O|DOLSoJOjKs3Ca+As=bHhafvcG{rEOH}2 z_)>pdPAd5{wf{k0y#$00s3CX>p(&@MPFpffrN;Z5ow{Q~B(Vw0bm+Oh@)Icb7H52l2B*SO)l9 zaWWjBBcw%Wf`s$uGl0TUfbD|U9!D7;zN0jTm$%oRAVI^I4zMcsb#D2R54x`ChC^n$ z^XpUh4!bVRs8A@(K@x-zeOkM+t+STPFXgb9cx817IBTQXL`RiaE6}N}bgL)MlFUzC zq`0!3@ngKHomgyg6TC^`!U!`6+Vcd*(Vja9LLZ=ALrjwzkJKGqY+aP4Q^8BiFTXu5 zRat*1_}FX0U_Z#`2ENCpmtW(>#Qiy8VmUjIw@*o5^nzsvAiY|-%L)>>5%y1~j1q^oEYnPU!%0ezeBAUi98{n}9@Emlj(EEcUfwW6#&o9eiZ zZYiQ-wc`_jf|H_njb_XW6dTBDqgI>TyxAf3e+>a5%ueb80WNz$i?B3x(f3))bp5TU zRM_F#o6vIBe~HH=6blxh%2&L!+xlvA{WycbJ> ztX*aQ1^99DepNB7xV?>OCkDgV!Rg?)OkME;E1vTJPXxMr$uBg6Vk0V57RpAtNt$?F zA#hcZcY_4T=q_OQzRqs%4699z_7G#-e|sBQY)OC^2U3vLRW4EnW=)11b5NLTCgEjT z09*)aI=1cA zci~)^7XR$2xXN;=A2!m*bOi(=i>#=$Km&jOk$v#E&+x@O_o`RUXOPx%Teizb3C3TZ z5hRfdoyX0_&y{n5&)huDIHu;w?MDZ70HfRs#C zHH$jvm+o>QmTn4FvP%?dq6nt3=IoOajbw&1ieoFq)8B)w%_AFbQ9S^HuPo^dyEOXO79^ZiI%m1owk2T8*9 zQ+$pN&W8`9wZ_&4AG4K|fL_pma%{T33QnB9@NbGSdq9wG;f6EzT}oFovw}^NJ78%& zNgZENTmw#&66>|5h0*h%!e{ieNzM5Sv@L8iH&JhoPy+w{1-p4t<3MpG7|dyxDa^(M z!x4-vRgnwE$SX{O=z1Myco-0exGk7 z@5Z6-^iXslnS8ZPmMn-_TGu(EnbheR-4&n3F#Z&j$6~eAiEKt0w5d?7P^?r1!I(y& zhKK-1xzx4TzVZeZ1%t4#ekS}qBm3W4^j|n_!?TAAaBhQLPJoXRVG-v~;NADII%ROE zJqAO=uUiWeR7dOv6j7sYox-d#O;AFq8Wd!RUbT>dm6TpGjvy(Ym(JT#Y9jHoLlb!k z0VJwL08Iy!WQKkWTNhF+nD|%dM#w-V9>!;cJ@?xqWP%>=t2bhj`N~k45dmmNm*4f? z_;XMTIrrKP&^}KeOKgG*N@H1v0yWrZmS3O(0YzC8>SZ|*y%3$7IvC1k8~>4iK3zXA{N6qZ7K+FU&{>0??cxfy z%_%ojhO)ax8XAIC3r@mNQP8zGPQrA-<4hdDNf-k7>-k%hL!l<1l|FUZOTOt9Kaj?PpXVnMuRe&rma&c z4-ZPkuSn3T_Dfu;NhK}H>N1q)Loin~#D+!OWQW1e_~D=@sbQemx%}`Dq|TB4eUsm0 za%lck)M~C?>9JTS;N6jb--v?~W_~uz-e$sTdsqm~N7GxZR-C!%^wXoJc=-zl14~W4J6BP%jvy3)_mQ!$=z=eUjNc$E%y8a z9;!>-6CAq?%iMSrYc~el+ty9!N?B5bfSv!~G9_P&8PqfBwyGHM$$Uq9I(9 z6;U%9ChzAaTSn|g3^lttbXQ?aBrLTvBgG)d`3JA5!;t4h__S7{V&@v7hcRo<+8%dz z?C;S+FQ~>NjO?!zAMx%2o^!Lgxpk%L7`&Q#r+G?hiA5C!eOp-x&4fC(qLMl){@q&& z63-bw)^5ez?hv$dJlfYdU}MeZI<+P`p;+1AZDKaV=r&GA@42~6_lwCAKxqlk6I*4!-Xyb(ZOfszc z<1!wfBJ@Vp8<(p(j(Ij7(TPiK10W$BSRQ-*3*AHK^VN3+sk>#H40rmcn7FXP6W!OBf&$Mz z`qnl|SWL?q2m3tNr!)L8o1uo5>v*?CX`2L*27$_}S2^_yq!ME<&BI5ivf z15U7`G<4`o<@Dd@?2k6WuZg{~trfHT?4$DZ!4Ef_XEZ?l76LN(7~a``Wy}-{6}HWX zNO2j>78G=$8#vKLqyz0c=GrRh{0y?@13%;+6FTdZWb{GbLn=aJ)%^4>(MKBQXEq9Tzn@D8=ii&eJjKzw3qrPHs7v|l$xBK4#s21K| zPb@eOFW=os_RjCmpJmQ_wiC=9wj{oiBcvdRd+h;^eeq44r5ADkw?8Co%D|G<@ z9Jth9qV@Xv`-HZ@aF_-A^RLI(gLZrVJWM+a#gkLx77uGMPRZ{nW;a}j5SC3gkTal_ zIn7v2gic9R)=*aA#54pUBx$z^Fd~|EFgmyWiv%+s6<8@h$Wu8MAuaG22^JQfX#N`j zK`*5L8t|X9H{hB+e7XB4{E0iZ+ zSDrX#H8IlJ$J7|3zPL;gx=%JNE?a?BWuk54jI(U8D8||$NSPVKi#j6Yy~Kz2W%c{< z=SO&b1nfSEc?#2;_HNtz#$Wfcp^x%d01ejW%cYjG(S(0Z?!Ch)BqG^fEB100<;?(a z2+O zm@WJ`zqCt4qLcbQOE{+L|NC)xC3{Smb`4d7o$!gzr(N(>!*u`3>IExqdke>B!R9hORf> zYsP1&ulWsK9Zz0YT_Lqwgx6C7M`5HAKhc_#$!0+UuGw4bN$z!L6>Zb#Myk|wwQyK; zz>V+U@JVhVO13y&)F2egOtAt&x!`@sn}w-Ac)QF(zlQC$4QX{aT=u!B3tv&(9@w0H z{+cZ%-qFNFD@P{RlF`pUJ+r?gn+ZPLw>OKMc{Wi>#9q zW6jhpie^`8>MoNwaLhpU0!fFrLDFF;0OB|iY=2PWB})SoQ)u`t`Z({`(SmNT0i^yV zMxAzZMYTtv0XLT{eP_5mxw{di|YptS&Yp~9v4P(F)yrsRs2 z`v4!aggKO|gF4hCr-@hfApy10g}7{brw(^(_><|#*utN5FYfi_vs>=2o5^q(;MI3! zu!(I@E5w2wP+@JQNy>$9&sGzDl#7vwu}cP%i1yr2<=ySmo4P4Ik~ zX@(NvHp9Jiz|sf2?1M#mIGQC$f15G9xBlQ*XPt^(za-%vLnboEo<~b$Jta@Q7roVq zp!I#sLVdL*KB`BJR-crjS7qtq7yIt!>UU>IpD#{(^c3v$i%2kOu#WOe3o`wyD=Aao z?;A_L5XwDlPXAcyiQQX>+_3|U_Kw>alonf)csgMusIr6%d}bsjsQ^991gdei%*j1NY2Vr@MCj{_4H=`D8{8R+yI zF=~y(vhF;FzhZ41fj*9bU;~$Vh+T=Gkyb`s&8m8tjf!tVY!QJPEe*1pe6Fh(R`TG) zXZ%HN2e4x(bdgNhi;VZDEm%CkQTo~))}9SlA3dhF?5h-1u1W4bXeJUD`Tl;nG&a$n zTi?XBlFpPA4gr5S+ea42pSO3ofM?Kbt`n&aw=Y=h)`m96Ni3K%c-u@>_W10tNYCZYA=z90i&+?|73$6!7t6@jn891Q7t&Ge!hOqKkI&D}27? zmVIfNG@~#H9HYCiUo^;rUtpqqt_h@HOvUw@A|v_kVQBmvYOiuinhcTFe%Q8naEaA1f*mo!hw~3G4Q)*>Jl3~yi`NZ6WC3tv%nST!x5t=BAB>IvjP`OH*NwXf1 zR6ij#Gtrr^P4LgfQRp-AO6O+5(U9q=!OexQM@s3U&S>K}ZE||oKQ3}%mJv3ccz^Au zU~H^}ZdoPuo$6tUY9(0;p`=ZjZ3VfWbd^Tl*yz0J=*S&2q0i6RVnLWvaYoTnm1#)D z>78D|Ug08tdg%A)z2sr$Beyocds7#HF)`4w|D@=C%g(JOP2c;x6y3upcG4dUW1j=Ee|mXn=~W6#hCM_ z^2Fu4`z-HX4+mp&gkA#|)ZdbdMJ{Jir0s^rpQTUvS zHkwdke*?-V(m*qCvD{6$v z!qfF5&I}4N*wN@i5{~~TDW4YLlJWM)uJFhfc`WP8yyuOJ8^QncKeeKqJnq#yynT1B z5nTMyN%v_A+Q@}!W>vEZEg4`p#{6^#x|2rqCD%-{H77PXb8u#ryUcqE+Wq%b@o{%|b+{5Hne1Y^qbtivIB< z6JuCfvmo6ugL}v)nC2CU#BHbB;aDu;%8LwmA3QGhnRZ1;2H~--rANY-VCY{fwBd!d z`<{{$jLb06`*#uYZ%M+|A-?H{|I164hy~%d&>lY8vf(PRt%0NIUMErwd?vuwZf_8f9u^>t$p6rgYKG172%5?#tdyxw`#)r2B}c z7Wb%NL(VD6P=0Bv^VV9^MpR)_E-peZs)Vtd6xG;#x0Vg|C~j&d3bO^>ltHBj8aGE) z3Ha)t?Qz}21okX=bs3js5JS7dN1sKZpn_4~OO)+4PCAxgv7=N&ocgr)GzP6g;;?k` zIM^Qm^FbrzWY51)bVoD8>RZeSnFzI}F-`F?5JMCxXASkUYxMec0H{TVFzv;1{9X&qkiQ(cckYQF*RPfU~S=Vay`0?p>J7rT==At3+YNVu`C9c<&Ebdyue682zU4$iJJufdl8~L)Oz--awP-#pZSPWOpUPTHJ~t6QM@V%V z7iloLP;nB=BUa?0{%50)RJ@o=J@;uJfTTE1&~?U7an1B0va#+Lf=l-`3^P32xMdc2 zu7o$m`g-B+3GrP>GQp#L4%~@9vU^aMF&5E?cFR8wa!s$x(B_#$wf&LBa=dIlEPZq> zp?e}Pwp&afHqvx)?fCGb-#)^@X!)`336|Z41jWji-2^;VCr?bjx10;*SK8DYpyx7r zye3UK0J83WdVT8iW#p~b3CFt@?T~NVggQ^9*puIKVU)kwTsOP1Xgq<4wq3Q(hTO#z zzWP3DqIp`KyWcnsd93?lZIpjejoqDPa0k^$NO^y?6&2v<+7_PGC-ve{*pnUVz{R2e zfliPD^HUhEEA`I1FqBXfPi5^BaM9|`vOZHi+YmP3&L5br@cm{sO--|@TV5{7mT}Xv zy(mPDnob)xRbEYHmX_LeqLC~xU4Sq!+&e0a!NOB{HIDM~239DhUhI-AOem6XbnyF; z?ZOr9R+ss$J_vGs>wS73=>Ozt7h7NOkcNskJ_cb8oMy+3mZrzbN^@|MzgFxW()xY*bZfYx(FJUw59FQm*`SX- zN6+vc3DuloV9bSO46iW@dXVwN{B{s6g?1u#I){TgT;`5{5xZsc{z-jqk*OZqWXj}+ z{_{3Rk&StD<*nv%F!@RcnEujo{@g>xcs0f22ld(*&F|awLu&43w{J4&jMu&cJg0YS z#y?ZNZtNuOTygruYyIXLaXpQY8HI;n!__u(ak>vPZZ4dtv z98J>hveJxx^!1046Xtejy{y)EYe7};c-!gm+{@`oa79Ph@c48FtUv|XH78Z0m(g}? ze6zYt&_9TgKKCz7t)2T6l$_mYn$7xF4IY7Cg4SUA=I=!ZOLxe-*zH#zF&KMvHFh-s0#}B-V5N`+h zv2tFYgFjO9#||{WTi+U_IG;_32FS%JuU2V_KmooUGdf-$xXyj%&kRX zPkt2gLV#+*;*!|CcbDinCcnFg3f9P#pfb8u?_5vL!bTM!_K1>Y&Vg=T7m;0(QLt=( zA1w`sDzkO5Can*0=nxjMQAJ3yv;8N%3f+`#3H_mBY(F5RhkVAT<{tOCyPQL0Qp8ZF z6ge=Hv+D!k`#Ouee>1bPg*k6){xLJKLrpy!1Lt`wf~vs3AGvEsfF9E-k2t70MpIdW zk&uWmz6h|Ai%A8w%Rp<6yZ8zhcYLxFXFj7LSj^Zfh>+*n=~y9*n`KTWjGq-YU%5K- z(c)FTP(2o=7nBJ)iLC42_BXE4m0L4+X^YgQ;Fl^H8wOEDGw^zs;q9-NHf}q>^Yax4 zg$}*$_1cI{n}bIi8jAujKfjfe$Ia$?OOFJVX#iTA9{F=ux}p&mJitrpt?>JnaIYk3 zaBSG2yltVZs)i)G4fGE;eXItNN;{pS%8kYlGPZ;GCd>VJ6(yBXBIVvkuu(lIeu$s8c<- zPXIw9C$R0Z-xF37Zh56KE^;;sh}3Fn$?Fz5DXBEpn#ye!sLQmVsPD=VAnc0qjv9Fa zFV#Sex%@4m13BopD~{0#{eDswZr-Fb)y8%D<~Ea%qFZxa5^dI&xm`saVCk@>XclPY zcY}^PMY`{GWCt%Uy*c@KE$lJiVsXH|EBqA$)-!O1F&S| z2Ob^ibU6>6OFmwZmNyw_1HJEyfVXBqFOb6dD2$}z6_d-wqt~1Ny+!*Avn$TLo|8s9Cws}+K29J+ z%rGaVltGqCrZAMUIcSQQD{Qd_fRO;LFz%>{`AkXZADIUt@4ch^Bbf*Hd&OZrMSH~m z(%~p410T9MT;xcHOQHh_f3pheE5SxN*twam5C3wwr6t}ya+30=wApUfuQPcTStoMo zL&4w~>LFBNyCM>i2sr;4KUd;=2$-HFh?xg3kuQm{yo72t>Q&4 zS%Tp9JWXZGNonFG+7i@OM79zfh3udsfwE?XV_K4Lh0zwwDah(3l$ zz}ydTqZbzAia=eJEPMi7<8Ilz&jX|i>t?#;j=A`yVWNr=&kM2qlC|9K`|UkW1M(en z7+=WDcSQwEZUrS%L5vI9^}-c)F@t5}at%%ja~bKlNalBL%21XZ)hu525bby0(e>k* zk@e!dqT9Hp^DP3#SLUwl%cV90s9Mw8I6-gu;bLInJCM3@9(p z$ROXmtTmg=(*a41qe)!n*)7>FckJcTXe3I4#Z<6Rw@`PlrUmA9J|AB(I1xzh1KGFN zgH*3On@`x1?_8^1o%#0?z9?&+CVzy$f{e#0NK}tsn^cZLdj!-RZ(D;~*PSjGlwUEv z%g1l02V*LsmEyIgeP8l!ECZ9Z&h0&(+Sw5ZVM3*dW55EOQ}ZExi}}=i&g!DGsGA15 z!C}x%lD36vb`yJ}9tp<3*CzCT73E46(7Kfewk|u9+1ZMAuG{oDjvcSY0QOwi4+(iD zh_c%zjLEzIiDI*+T7WlaFfRY9=Um4m`t>1z!X8$i`EQg;=_w}dn=6GMg<646L5TOa zdftM7%WbxGXAO%@td@<4gtqDY*fvRl*w_nnj|`@f zOc2f4|M!;b8BH3`H0+bi=vn(}-agp1AG%SxXDY3_Wy8)P>psRmNoV= z+L4&Q0D#l~+ao(p@OK9j!~b}zjK?+3ypkAr6AUKrbC!-1sp8A7rVdD-r_;ABL~i7} z%;WVISE1E>6!7bVppo-!KPHS7N?XhE&wE>@gCIp?xhfV4ejwvMTAuqFp*_zO{sds0 z_ebL_eqqad=(()um`mOgxkeG3VH`skmglV<7WbL8*=jLxz*uPHg4GD7ZDNZYIB0k4 zm+nM`@mA3!_~4U2o!j%v!f#obFB{UUYijN{yuDKN`%>CQy%+}2A$AGAKI9r2CL6o!9fGRj>1>(H~HxaLs0pg7cFQ22k<&ake>@mYG4I{6LP z_d3(xRJmrpU?xPJux~<90g5Rv7D`GW7D4yn9}v9qhw{GFNtpF*p9q0X z2d4NN$L63s#Wk)w&8C4xEon3YIz!+aYyDgQmU@j>mQYt$Im9vE@x4WDGMCQ(5qH%A zQEgk_MnphB1*8NKE}$SHAZ;PiBHhx`Ai|Jy3{py@TS4iP8XBb=k&+x~i5a?K`1YCm zZoHem`|f?;Kbtjc|JHBC9?sc&4V-yoB#!2+jh#-STiE+Rd?ADWwN`4px9jys7h<{l zXU{U%Esxh;iKDetKV{E$5xP4*SfZO26(sn~RqeL4q_X;{E4fN%md0!I7ROVP6<)lL z{Ce;#Hy;MGQKS<$0`W8I_OaiU^XK+#>3<4$Wvhfxw#?ES{_J5N`a zMGIG<8B?YE25ol}eIF}ac@@YytPreyJ_(nIK?qm8`JBO}M-p!=gm$rPg(KX9=3Dzhd z6jSwnGAcTM;mos(_Tq+H&}>eVT}yRMU3E<4b~sM;$?2yG0&x&$(jsWozwCIbsPo=S z@q|YIQ=7UWslMEM#|)P812RIqcI*}{c6esk$U~n5&AaWmlh&+gGes% z-l$(_09|o1L4S$cnr(;EAKfN;`PODu{jHT*_Vbt=!At==B6XV7O-T8;)A(qgqhXgK z^NoXtI8VPGOBuZ@t>!-3jo7W2MR6Tj+E;QG6GmEb{F4RmL1Ou(`grRsv2C)!6`}xv z;0qociMKQQwHMFDA06vSnQtV0ap?NX@T^w^w5O~bFP43x>~FpQATT+~*R(gjBW$Qf z-uF|O`>|teI_^xlEj$V8P?*AbY3=$o!<){9j(pBwTTO_0Uu$q7zn(kiby&_vl8H9t zSVeMcZg%%7vy*x0)FbflLfk%IW@tjc)D~?~xw&**sEokl&^*=4Q@ny_9g~AH9yA+8 zsyuIs@^0$kbmTqgCO?T(<0OnpUw-)NJ+L?NHCttgSIvEZjB;j48mV0 zi;q$A_GuxX&eCJpH@8Nd)6Lh)Qq)r>#>%sEk6JtR&0l4_K78*&f8UI9E~9DGYE$^w zS1G%FY)1Vm7Z}_YU*6_jwpvdrA)6jV^IHnp)gArt+<}JG?ryMSMyF|CVMmyqrQeeY zuW>f5O+|r`7iaEumpq1cPO(gkl+(~H`K|Oh-Uh4Cqfm%_A;oKOru?{wJtF=Xhr+Xd zV)5Ec1!?eDKl?`C(hId*ayqY%U^LH`)GLNQ>i19qr(+_`2Xc~0b`4YtZ{H-fl;}Fv zrC&}4-*vCo$=E0n?>~N11U#05XI7ehPF}%{JFC3;NI@FfNJ0>i#I_Wcf8o2Pg zOiSQjMzEK-9+xsex2+r!k*^I+q?ZpKdlz5Kr^EcvPVw+*rRvKe^II+##L)Y$z4EeW zykzIcdTRR0Ju*vyc17{f`|jK?yp&|fBc)OCtKV{^%6l0p?fSc_>I1U37hx^ImHG__CI8 zQ&OK-WBTLpFOM$8k-h1px(>S25tmW+(Qpz*NcP3q?UIp ztCVHt9GMOgIkh$F4zJ#72;+6gucjO@4#L+2tUDmx;RrMP}A=e5=A2Omd1*&Hn| zlEPtKRh;=DoPFhw$%PpZ`MYPm(mdNVZ1&|GKjO&ul8{;g4_hd!O{ z+`iSyH4)H5OtL>FnW1!h<+Er({IY<-cCC`-AExi={JfBBS!q<=qSeB%sBoNx z^Yihp+_5=I#m?TxK5mRhIGR^UtA&Sr8YqFPbd2i6fe6r6^X2d^iTN>6pzKzqw=I*blN?Pqbjqj z7d^6!D3wizhOISr18pU79qF-5EKtrSGeGTPKi99s`VT#c;oVtcnWPOo?@Ti5*l_bH>hBFJ6#mvTd1-#{f&)9!qUkFDAkhx5d^X z^SrNmSW7;Z8R5F^u)bzzzlOqeckAbs7eO&Ep{o$PNR1&aoyyA4 zU~F_w{7{7$WXH$Z?QrokIy)=L6uBqfX@Xlc!{H|S)&~ZriKmR=ceQw+%FJp2${mu6 zmzR@EbuC(mo&rzZ{}d7>(#|TA+Gi(hC)G;7Hy+}=l)SLW#_RHV-r=HKz1k3T1*s-o zR0Mr$t50s9>#LxlRPOZX?%O&?8r@$OFGvSHka65amOL)qo!CvN*`?{)5E-t3*0Ed0 z&KaXP<%1i3`^{)L0i<!RByDluU}rkwx;lsY&=AeiCi>@%eI27ki!Kh7$p2D z23>bl9qa`5QeJN=*o?+PYp;?G*ek7Ck%dd_GkkoerE1yc4DnaFw)EXPW)fB`HA*tm zwPSEKk)*wI%Y)6^T@lV(lHKz4U2}=K>!cDi5by0aQaeUo#7ZZleF@gfcXW}(2_fR< z9V3~!d1_bNOvIv8xDtYpgDs`IbEW}P{netr%R@so)6XU`yLRIa2qRG~?`%<-=w?$6 zjC^{!=~iVQ@@nna6N-xwa;pvqJ(1R;?ubuQh;66hP?Itl`KXY|3<=cJECy)(9B+0O zJ&l=IS262x)BqxVn%|{B(@+D0bKc5ujZd~)-aK!KG9h)YgItjw_cq2lz2cp7>#+0m z4C(K7w@cF%%(;;@;Zwc@O687fAGKx7YfwD$y%D=O5ofXaDbt`qe%~D5617^viz-g# z>S4aV`OXRH%A)z?PFDUKii#7{{tfcUO>@C5@uBQoR)=u6hLT0i+Ub#KI;_Rc-o)x; zh1U!TBprGNcsh7m;?58N{Fw*S>gpwT~Hy?u}q@md;xx zTnr>pas|x+L08k+*w?Zb7$0G|Zmto&o4@YNuzxnbJ;?+)D57;7BXoaWw0}PA26#-U z31Xl-u>LI~{3rvx$kN6=67yk;QuPJ&PmL&R$@HT(=gI6K98Ju&o%??b%V% z>%2%F-*U-l>GWc2C*?x(b>Cby&gG4i!s)`VJxvK=G13LHk`7x~3DGw!PRN7n$#1(m zUE1Rzx%9r)`F5#vN`wcLfDJaa*C*YH=<0Oy*|xsVpNxpLI~{IKi3k_7Vz_tTd0DKa zCbBU<*|(dFTZ}LmehR=k`I#2J}V3-Kc%aJ8HNgdm)F6AA&b;xZ|d9HiQtU( zYMP@LgX4Tti|3IPqN_&czRRuoDMP(u37LMrY0ec^rv;??MadMs{Jv|qN~^4Z%C|?1 zw|Dop>!*%%n>@aiH|0pe93`?b9TO$=&~=@s;|ii??D-dzs=;mHL6xnqvTxAwS6dsM z79ZXU(e?5+<_NdAs5$NHePvkC!0p{v8Z>9v#VWJD8fQDCvkW~`g7CocFTwTWCih|H zo(R`>j8P&Fkusv;q}rnGq^-xHKKbzLd0xT>? zhwIFn%2c;3j~Q-^B{jMm_l!1P^uE|L;wX{&yd!hIdLQS4mJd2$z3cavYQAz)dqQXZ zHk$OtgRPd;Xf$$pDpFyKobZavN1nRrS>}%xM)I@w+NHHKP)={m<=i^LS|Q4dODw3x zuzC56hRK_RAyap1_y>lX>MQ39=VKnt=Ou5nTCcmQi>?uEVtmHpN;OvWHn z9f}VTVQ6e=_NBJj^c|veH+@z(c&i*T9ItHArj6g~Xz}X`PmkIWROZoiD%Rc-AGV@Y z(ANr!is$N?o$kzY3M?%9nhJ?>-y>C)jkA7_n+p;|JWswo!$HFyGC*DL98 zCv}^{tYtd*(*yL*^!76X4ED|Y8O&~dJ7#j^=ICxGXM47Fo!26w7uvr4P|PBma$Y5z zKTwyCpF?i_Nj%C|mOJrLD579V%2UZN=@qL6|Y(7?1Rm#=m? zl8-UnQX}D&inNx-4USxOdCuxNHfP&T8<1BoCO~TvxU)4>Iu8l%HC#u>UHwW*NkB86 zwE7rj0u_~4^dDYd!^ns8_gW_t?d~4rVtwPdS>3v8+@mlb1ZC`CtHa}VM`!1ubuJUJ z&HDPqMutH!&N0ddjx7mhUD9+apKfG|=i)51^8LJ4sCH3Pr;9#aO{ZpS)W_xi#0!oP zMWG$Y&dv$fJ79uzjTY%-bp>O+ooGcX{mx2}sOZuqWBHgheV4pg>?L`z^i`b6>UMVJ z8SZWDIJ8#W#}h~8#ieV^m2H0HlIG@@ir$9^wE4ErdU?~x0Ys!`b zP*;@5S89U|dzujw4*8piRt8EM= z);Qc!G9~~eL)!B>)&O->j3-7ncY_!Fl6x-Co~|_J$ab+nIk|9Kp3f_%Q7_2Xd9y6r z_r{mjT&Vn61uZ8sv~RLIUN}aqdbD>A5|AUAqU3UJrQcj#mnWX0Ag)1UoeMEhyb*)uOgv@05DI-Wj5}`NPfoE^;XMv&DqQR?l`(oVL~MBMLUx zeHcb=UB zOQ@#ZDn4)JrSU_f)!i|*cM;n47Y=YS{tnuj>4PsfP1%|v z(V1nC)U0p*O5s;Z>G=MS)~7M9G`^$JtIlr2QhA*>i|MoCy8F8GL_|zxW>sd4Ii|X|$_Cg^545sh z)XzH;&NMYOHuOb!#!0<5tW7@qMOSrbiC`s(J%c)0Oqj$NU9goJxlG+ND_53OZ;9ox zo2vD--?JGXk!qYXg-XwiS?XKN-yW|VS}m#^vh*D=jnO7}>?N|@i9_+H$0v!&k`kjK z5k(V`+iPe}{;@QpGZ=n`iqc)|OO(mLKxs1rLb}%)y;nqEy}LC!hk~}&3HSNyHbC0D z8`w%&*(ZA?=2u-y=ZO|j&D?K$2J%n?m@fKpTT~lvzgr$L6%ra9h=JrIMaHR@$Lu-0 z^FrHu?eom0D1E!rK0C@wI=y=yM+q6_&DisZWOB`|>|E8lp0R9h%@xfMuSd67WA1E* zEOR_>yVfw|R#WMUK|hVD&ROx)|8EbgwoEZ?D->O$Q@Ll;z9O6$)1GtRX_QxlH($5ROu%Ja*Er7Ovdeq^QcnejthHo>hgacd zu+H%Oyvtm{Lm^Cj+?)E7tp>ODmge?K=M!^FO3EvA2L_Sj(|w(6^)xNpZsxJ6Q1eEJ z?Vd$*Gefe7KLMA1f2jZun+}w_B>*m5Nwu>oVkR6Y{aHKRc&<-1;`-WLr_24?>!T~y zR@VkIEag%Av%S*e?UB<9MxCQP8Bf~c3{bB&l3C*-9*zn*o0-uvu&IjMC6~`9UiPmO z!?mMvf!xfHD|l2L4m_W{bH#38dfK))Uw&)gnL5vqMT~}h1zqn(CluOZ>{1ZRge)&F z8lDd-A4J^gTNN9??G8;ySQG5vYNUk)s&p&PYUrZQ3Tg_JWz}zR`L+s9iED+FsD+Lb zt*cpwx!GCaZY?lydiQL0*M$2owC7w9bP1U9U!cqm#8n4fu9}i_5v$tUoK3IHL{@0a zGz#nO?OxlRdd7|0fUYD?Uyo{c@5ob@C+QF8a_i~6=+>qp=a$FW*w3U+{mg-S)|OF6 z)%R9FYkIHc=`O>lzC1kv1=wiRS=2hE0 zfql7?JnLoBg0tUVYv#^rM-L+OhsEmc5Cc=L{Pt^*n~M`K@`@@c5dp(ms0fZ7=U7~! z-m0@#W=QM+x1#2IGe3YfRs4SIH`RwC^@NpE}%)9G%+s- ztvDB`cUAjbc`*{=b?Xvwv2$}lL8V=hd|Jrmy%xWZ;liy>aFssxUOd#UvX(hDm#!9r z65PK=?%VBrTyY>|IfUzBE_l3CVYSB>zEXjO&f8z-oJ959+v3K?kH(73G(L_OS*iij zc5XIub_s09>3i)Ya1$#xtxN*9*PIDl z_m+nGTD#P&*8A+uVjyH!w>4VM#L*U^sNKbQsANDA;E&K8(7*@o=l! zi;n(b)ATZSZUK@+je~P2_dy-hQ6bIZ3+FU+3u?tb8m$zTwcgvrLP4|^d(C|x4h&R;?q#)) z_Dx_g+g{C+ts832NQ4Mxbz>8=867=~3g2^jn$p@MDiEeyG1ISuni14=(p0s~i*($1 zD3m2TQ_R)VGt2aLF*X15rbDU7kX9poiSZNsT0R%u5y)xTRZh0MH*0)GS`J$6DrTYsJXRwx-2$_1IRZ zt7&kVYdRMf87`)t-Ow!Swvjp#+cPp*4l1(y%hqvOXlel#Dgtgs_BigLa z4q0GVn~Ihyp%GHj!18j<-3=@G!+g=rrMm}J=^^@9J~!bQY$Q6Cs)0-WYYf;yAKbJj zip>jc7VM#wc)bWZSw^5!##PcXQow+z4OPK(M;?G-4LVohHY1 zT^Bp-pw*7~1t04jbbmGuV}Rb+T$`C8MJ<(VQLYERE2gik$Lt|1OPpQbIxI+4ZmjKg z*G_bIJ1o}*i#>rdMw>U;k!lk*5fv$SopGq;sQLQIX68*~#nzVi6tup%%thKR_HYFw zK~(nO^G^Fx`h4?ZL}Z~X&e+~=V@cnccpVZOa@-xzRZ*QsZHGG`7duyXgT!r4#lrhqZ?O36R{JMI5$HC!eVc%7joXf;yxmI z&yVN76xLbd=kJ||k}P97(}#C!8HOudp!K1M;<2Hxi(C-G&d$wlBfPY=wX#^Fe0P@f z(i*yZ<;cbe>LqTqw=}*U18pXwcY=4#cI2IQh~I8oFIJ~-dsR{~ZWza`8jpX~CEeSe zn-|k5FW>E^B2{eP({%%10=XHD2}~c*4S2HTurq+gZ4ZI};bdpHmOJ&?ob@Rso7F5Bih0a)(sj7~onuW~N zz{@n)yXakY5hQtQ__N+HGn38SB^&afs}2!YeY|Of{99K0GNU>hL-%fVf(W&ACLKQOuaP;WH4S) z$1-0|rZbj1|NA2Ye)h)^I(Io4ytt{>rZ;(o$*zQoh{{uu6=Y*nP5J7 zh0#iY@QAFpmRwfk$A|QZPjXf9!Rqnq=PKWqd9`2+4XIKyq2p z_aiVGFK>Dq$vwSKkq{Yt>9f1zB=ZSA#smRE4_R+hxu<#*2~oi|pWTZlna}bu<_Zw{ z$a-7KF$%bUoeZ%TqR+EadU%wqP4be}4L>{bfantwF^9%kY6MsriwT3;*rZ7qdjyOc z8E*-(eyAs0Y?Iuuy-{OF{y65ua?Eqc>bNoAI{?875Z;vYc9lC2M4=xae0SXa>l8DU z03%L-P(sf8vD|@|6#B1%UyQqd_m%lO0Y(x*LTNc~cR6LAC)3G{k&hpIWmdY%NH0iu zTF%>BuF8W#KOy+>h(I+m(9$I6mk!F2ePDs|7YR+<2 zfVqsH(M*tVLDoB3?uIJ`Q*!WGwEO32<`#ZN=l+^amKyo!lmYjnW)u$5CvIAfT2VYr zu}qD8yh2Oi6n)~hBrMD8koWEIWLRVf|fbrU-b5f`=G* zi0iLGpBYV+-N|J9D-h^Z*A8=RJtvu;b zLCLT_uykl%dD`QElHq?~>DavTtS1cRoy^Bw>FH=jv26Yih|qsX41pjD6X3V@hUQJ- z0-s9W8pY^eijoHR;kiwCE<*Pg;=fx!zqbB4rw5?W?3B6o@Q%jJUta=k{K~!U$O7wE zy90Q%TeANpLO+xLg4hkeJG!fW7;38o0r`cDbHLBHiO_!n{s*wow}tuJp106&x;vS0 zx_?oG@OI8vn5ZQiCffNX@q3Gycd!Mu5HS92@mG{ThACJBiw02Ya&W_IwV55}hu`5f zH{o=?pZu#LKDL{%Yr!{DSuh(M;Y~O~!7l0_h8k)DpoC&<&%yv${{Il6|2NOyJBI#W z(|;5Hy?;Kq{1$fbO5nvUd~m|{utE{c=*;YyBs(uEi+gh9t8|b12mbvYP`W5<-1@o zCr%4Kj%sC1T zUmi{MEkgM@&M^Hn{0XoK z^%N$~JPSMIfE^AW!~6R|4gHS(f2D>%?mxuxU;A{sMFf&lD}@PrvOvyv7&>6NA{)+s z9-sdH^QLrWye-ncF2V>^6fzW#7psl_GMh$VX!35&Zlb> zRc%v&to*(FE(ew`SX>vjKSiVoma?`AhWtz&iZ@l>fh+;$UoXD5ot{>Q4frTwgI1Ww z!Vcyc(E2CT(4Uic^MSYPbIUC6cuy3l~=c7cLpD=V&V4zvIl0dLLMCHJS>-ipHy1@bG_34S`txG4fw=gR2;G43 z=+8s^MJNG|Gaw;wN%Bp`;`0Q1Ye4cB)zII<@(m zkc2)fNW!Jl)_43aJiPea2!kDRVMOfQ4}j9Ypw2%j+(&j-CS^bW^ z_;JLHg3{Cd*Siy;6y}2oX%Y(lN0NRdQ4UNXCpnrSCr##07u21Y;(qW(x`YBD zL5)ga!o$~3zW_sW!VWOOOkM>hB$;be0~21}IhsQ+em>}g9`MA(SR;6`md~L^4L^~K zpD@Btw15z9-G~7p__$x2g_)qB9+>JzCZ0+IZ&4^Gtq?%hfuE@QenJyJQG}G~_wS*zqnMf2_@DTsiKjC)h6L1KBA1GlsLrWsS*D1qZSWRDML79Y;% z*n7PeHy!}Z`eHtqBx817T6J z$JYwq8dD^eTc-Ba*x=Q}c=ZOXhR#*M`WJZpBwoK&_@=KW#abFzZo^^`UfhAj2E4cn zi=Xi#4i>-S#XY`G3;i8bq%p<8_pMi=srFkX_0^oP;b~>5dmL@b$9;5ACeKIVi!q=* z$Pb{jMKBcl(8?Q4MQ84p*82ZA7 z2teI6AMkO1H+Tckj+_QiBGg9@ptDPL217qlm*V44h2y~Du^GyKt#U?MLd0{tFTM?YVq>D^r~=oneWohb78+64F5=-7PA5Xtd6?i!@dxO? z9}N8v$X}-pEd%T4%IpME41B~fR<#^tWu)aO`Y98nC@~srJEC4|atUO(aU5iLD*i*! zLdGZ$6=j^V>yfc4DDQdueNd1^YJg@JefG!bKLi(q18S|ndruo#@M6Z=W#FY-2YAWr zZ-$+?z)sA#U?&(OIHdC9;QnLs?dZP*PJrXk>4M|%#mAul$H9eAUz{tbl?^Hwhs9{FR zIN+$u19oIT0z1-n{7p5+2&hG*2Q z^qb@eyiaYsPgQ&<-Eb&>ySi5tS^&vudpLlcRbRt7D?fl8o$CKnH9o9@b1uMgJu$M{ zFgR_Zs%Rn0tQcH^(lt2!h~{U!h{mc)rG{a3QXx>+cTgGUvIX3x2$r3Z0dp?2{*WF^ zw36%TI*;{phZ~C)kZ;a{w_V^#=CP{npr?jfj$-#-049lJFKtJ5?_9skS;oM22L@lP z2c#NVK#{JQ4iM}O?7){s7Wmc8N=t*)X=y;c`rtTE-y6K5_xm8z{v83$r=`J`Qi-ts zQwnT(1-4}O2Wl6wC;=J1RlMa)G>qVT10#r20mAGi`)E~t$LP-!lJ3>ol#D--!(Z!Tmg*-ypPVKIiuA z&p^LU`CqJs!Y^j^Zx`Ru{6{grt2MUBu# z7G7s!P*bzcG#S3s4s&lJ)SKJc|Go&nl_&H&%T{#0I}_&n#R~fo$+J7rj8z4%S(^cQ z#_K0JE$k;5#Kp}iochrUVE!c&S;P1$7*nzUj!bVj%U}rfJNo~X8v0o*|0|zAcM1J= zS^hkfV;H!IH%fo3GkZQ<+uv4q28Duqs$lLXum)ytg#b=t8f@C%sFXn9?2#G@4gtT= z^T3T71n9TGKpRDlA!@j*11!Of$OP`{026R$iiNv6CI1B&`Z;y?LqOfv;cArI7%<5J zF4A7G!(DJg zN*CcWrA@$PDuBzB76#W8U+Gj0tRDn7`QW0O6$5mB_AeIK!SF4xkx+>Oy+jpfSH@sj z{kQd$m;0E_oZuG;VfBPB7VMn2?9W3&B;)<14G{UBbA%9i1qNaSw8x7X`DTzVp_i)`Arzy{u?T~HTf zt3Cw|#3Hk%M%sChxpa-JuTvx4wzz;ZRYkbi2_@K4npv&<=uP1Ic87lSypvQJlxuI4O zL!UIT#FvM`M;_L0fL#(TEY{zH>t{PILrqC9(H8Q9I3oiV=Vq*_zLsMO4@i~NJ_*2H zw_O2OuC7Q3tdy5vXAS5lnM6@h(*H5~&%i=bgz$C_hOsxmoQER;XWCgff>VZY1QIeJ z0oAf|)?FlqNg5P49bF-frO z=7Y&geQz{4K@v*M=YhYpG}xbVD4atyph%?M)rqvYw;T)yU=1ti{lQ*y2Ht{7uFAr( zR7m;}L8RUMa5=VE08`rV1gzf#`k$+n(9Crn5<>8stpL9vi;9PRxxv(CH{ozC@4$A% zuw4Nopz8>%yA&+D`vCrMC{U#c?#!sT{WSJ~w!W-* zu-kRTj~TJ*z+s+)G4RzcVgB+r$NtFkARC5E_sg8Z<|bhvSl4{`Q2V{{az`51j}(xE zc`M*}4c^iKRMqEJP0*PG2B4vH^FG|rIqC-*I>b+a z%XG#|0K$6++!`}H-^1M>@GYvqauBw}6d3??zimCx7mNkKaAIzJ|A!IA(;;9Q@#jEq zUQY+J6a0i%M*qaaD+a?SVVdq8SRKUxqnBZ{84@OG4TQ-zVW)Vo7JR*lD=2*dtF12s z^{On)QPBvle{tRX)MHh4@P*7#McD|DfRh6t5n==CJPl63-6JOj!(&5!(whmuJ};WU z@CjI55CfBk@xY0`F@!@|0cvqPi?72y;FJ=t=jxYigj+SiFS$Xhh7~#wcoa;)X71l6 zQc`(=0dE0tn}ByKem)zI$HT=eegS{Lir2rk{88WK0hY|S#0F-E`{Z0RRsL{Kr3kR3 z5b@)iEHF95IS4n$z7hRjg25I7!~yPhAP&%?NdY}q2=4ZPtxy8oq6Kk)nLm93|Hokhw`0Ay>9cxv5@zU_c`%7R5l=>f{ z{w8MVTcQSy%rs76@ILMK0FBA?k_FKAQ>LWH*8}u1m9-r~b0Lk06km`33=BSh`KPGA zi5YzU@)x51V`}jEEvQE-%*<~;0_p)izlFP5aPh$Bx1e~6aPh2Xs-A(*KmHT+-w%d< z2;}dl2K{7^Gu+q2_me@Ma9BpS5D~%|s^PA`|W!LiQu4;I?5e+%_c2hQkb20e>>2?FhG9 zXJE*`5IsL3e%a$K0)AD$!S9b<-=7u&{0}P8`rDF)=l@=YZ|N!jt1uNxlsa(7`j;)| zZ>rlM6h2dhZ-xJP5BpbybsnttBj9)qiUmIKzDKD8&Qo0;s{fH1`p@8hI~w}Sk^d@` zVQ|Lj^5Dm(5BB!?vom-UtXfj z5gFLGFH0c2X_?>(rAF8;@duk?3CEh*M#?ai=10-?tt;ti;ipyzEcaXaz@S?0L-3wfI=%AYED{L@B43rsosK6E++^InEt(1cz@SMEg=bk1)i@2ywL zRxXq7edcGMplNl^v|D8jUJp$xrO=JB9Et9~*Gsy$;srH0Bns{ooUTAARspWv5NlRJdFnmK#r+PObszXL+w99F54vpY63z|L z5V&+)#=R%8I6pwp&HJ`R`N&?TN9dM-u5zn7)Ox|gqI3b`wm%dcdJtVrF zq;amKkQLPujgo_O*!#Ryc856zg7|60u$N^%mt+(9=w6gQYnXPLZr_1>x37=Z-~D8r zLmYRwp)TaTOJ>)`ivuk&buVTME`@d#r0C@~t~SNA(;5^w79Ql0<@JfAh+GV5_s4J= zCGxij94{|mHy!amz_qUYjFK&H&rx)^UE&OBAMu^!8^xI!ansGKm#UjNG6O?mw>iFd~eRP6U({bK!L*lcU`%e_Np9$BS5C*9)i z9~fFZr@U}VP*9U4@L2~>8>?D@*NQ$P;+}-O|Aw*Ic?Y43d&q6kto-xFa2^%{vOC|YS;7x|@L3e0 zIm9ZpZgCWjYlU5#0vxNn=uoJu>EHLdlCa-~0FqyCBBK&odbt zKimJEiebCS z%lkjbS}m5?6+A|B%XTHzK6_EE~OG> ztSY@3qU=r@asT|XR|VnTAx#5SNc*H-+0?BIa&772 z;Wf`r(YaCzNW?_cQeWZz(2^*1!DhS0$4cvvMMr8H_r+Xt*C$ntK0&lzQvnA)Pg6Ab zyorf?Pc698mZU#+OPxGN!R9L2%ezDVdL3V1#EMDBG0SO#QXSzr%cWH$Sk{Ovlw(p+l!*KowTO}0ln!K;AMlwu!r>MMD|4?-^G4Jl%nIzN8qTAtB zb%7=^^`5HadW#0s$rdM-tveRjYfiq^ii~TzzR?nBddM~FmHf)-Whj5k%Dn$>8D;s| zlb4V&V_h}V;IAdZUzP>$yZUr{bUipeC|GIX+_62>p1MkFWs!TqlZ=`-7xtXY?rtcY z4(}5ZEK8oz&i!oiHiPKowOgHM(_HU3vPGv{k7=kEY8ygL2o$CESvDc%@k^l@;rvuCA*bqY)!vjwY+R z?J%Q&mDjf8yuNaxP6%-pIi$Zu&eCbMYRtizbKZJ*`J6(s=lL`0`Y2|y#Y8y*mv)VU zW4k4t&8PK9<8~wpsvgbQm~Ee`T#y(n@vu}s>DhI!$f-Th!s8gDS|(KQq?M48`BlRQ z65!5tSdL>rv)>J6?J+s`Mvc)^MYg#5Ax)7G88=}7#ni)h=d}@LW3}qJjwW^IY53C< z>F$gh1yabSyDudw&X^zUG}gS23*s7)^F6Fsf0e-=b*fYT#pBI)Z&>#+pmQW1k7-zk zNO?1(%ckm6j5j`LkUJ1Uh1U+AtbTsq^ov^Ap(|nm%4gK~m5^Hw^GT;zmw_l{TCcan z5&9*b&b?S;>*{`^>2B!;+Z&w|hr-^dr*hYvx*!s=CaFL_!D;LoaQ##_Dq~pkT`2Pn zWYO7oI};~3=INoJ?!8*qGo zXXBSg@2@?tyAwfNGqlDLjp`RN{;1;HlG+uTbUs$#*jd&Q`YYA<75iU@oFfip;1Zlw zs@7@369D~H)J1>?7Nxo^2PI%NWso$QlHbqxbKE; zc$#P0z5H}FTl@uW)WMkdD$>xiPsq3X6KuYaAIj%EMYMqtbv%>Hwb{R4_$D>c|dmMhcT6)p5aCq?gc>$R!lKozpo;3R;kG3)kJZEL_ zzjML1wVi~@9nRW@Yvx~h-v=7$(Y4Awxkz;TLL0*2Y_jKO(z1d1Xe&fWcsSw$ z*^vakf{?=kBs*98NMB!|HHsh{)C=S~dZk3+jD~O!?&p`|GJKG_7xJ)EqJ%eUM_Jz>gc}i9}zpdlUSCO3A1~%7u z58`wYz7>7>x%;FIX|nE~pl0Wdhdhp&F1HTVM4x=Ex*RG0C~oVN92V^}ZXKvnA+gZ?WX(v#UiZ z46)BialW8pHaIC6OP$6ip^~GVJ6D)kT`xv?snL>>pvuML&I{`&T*d1Fg?FKkIUXYH z@50tSUkfe=7OQW*V?v9wvZ%|DkAs~bvTU(lri}AOFP+}V+k3Ugx8uVgVWbxgstBqU zN@(>f|Kcj4@BDuFK<9G}lw$H1t(}i6wF!4)y9}2nXgr^{F{2)FG~DOAcDU2OZ8tmX zJEHOrSH7UGH6(p%OFeUq|G0P@6kqB%cD=XJov{2gg^R1JaEsFAK;9#@c{a=C!G)V! z;*?_0#>W1kr9&sOx@ML(XEoF{uaMtjTaP$Q=2prtU8XG*+{vlsd7$0orY)b>^4sns zm5A<{1HnfQ$g?HriYXTEcp6Z1y_!%+bY?t8{sCEj+uSh!f(e&F>1-yW00(rF_p49s zga>0o4)e{-NmU*iYO@Q$pXGE;4J%8I8r@0pJmzr$-E_wB@SIAq^l`aZaTWH4DF-tX z%u^rlk@LAS%buYuxn3);)+$c39~>rFlZ(uJ)9sYz*hb9ZG0wyN{su}Nz4eDh*0em^?VTC7IJwYd}=>QE2*UW&Q%IV-ypNr9P-ylkq?11DrdT; znJzYV)&=gBMIC7+=Fpo_4JIyu^xi7FnYG?&OxssTiOBErv_2p|t^0hb=D_Z!$ek(h?zLrj3{|^)2`bea(RHjYMMD{>lmz8` z^r*Dc!$XI4?*x#rCOpF&<>~u+mB}FcgWjk%udlhhf;WMqy z8GR)i#_b!3gPJcGQzQhaas?5_g!EWjyzF$604VN$nyx2HtyiW)GVl2 z<*H%|U0myd!)>na;(lrN3(p=76>;AXczojNy9kzRo+Z>~&h6tQEYu_&l2nK2Mq>jJ z!agr4$XxV&!p+9kSSw4Cla(xPk~aJw0Cqr$zh#1$-3=?*?;nGh6GJ<=~QwgBpY#UwucuV6k2WDk!MO+iEqRw!H zoB{r#<=)2wt33vo9rM22@O0V=E8@*7e^l_z+rC;&K1q!sdx`XMIf!92gHBA5L~Ga! zrOVpX`wGb{PT)jA!TXlHg%)fx7s?hvYtKDy`c>%yhT}(Z$B>7yL2{TlvA-lM_SprG z3^mwa+P~q3q5S$8Ovfsbsj71f)zmM>IB7N*&xBO9SB8@5Nde$z+@PFToc+Db6pBjX z|Al?%#n2)^z$>CyeZiyrXO}eu2q*zJw_XGYX#)YTx5x(w4FLfkm(~afX#ruEKnV!Y z0d)2vY%hm;MR}C4W5-zJEu;Cw|$q%By&ZzyJF$&Yt<7E+j6(`|KB( z?#<6PBx+8CDPb0civuS*i5ND_I8jo9g?335G7LLjyy9GOr#ww-zGCXy9-UaZuZl*rkDNbAAB)z_vp=%y|W*kW*#!6s$9w)f6!IDZRxXi;gv$Cb#E+^cn^AQEoc zJ~+Q*Gfg;ib!y#KWl@+}?0>=T45ezhu^xMjhlbDFJ*)T=QeqMuKhEUZPGSoI*lS@|-DhiT0fB!) zmUbXc;Rapn)^_fegk2bD6L5)1M?4ZeKc@5}(evX;N9e7@62zwQ?tfv7N-61*s6#ad ziIE>^dVP%7Vo#X3YTv<+cIcMxZ|<}A_u0+T2fE>`#3WAKlU&)T7ie*ZE4~gKxUjiw zLZ8d8?>@Z$Jgp(HB+=m5LgLc7T}%?7XKz5)sX?I{auoPEsGc4LcM2!2?OTS;9_E~) z)lSB6*mM^$LW7-?Lw~DEm{@!piS=6iDfFEkAQoze)k|ulvcLcGAFjDgRyq5}tzx$< zu}HiW>(V@CfBW+w^qFqXGo14j@pA>jmb;;4Nxw66q3=t z0g5$8YkSv4ZY}XelsWK`SJ!h7m7357^n>9P%996zAKNE)YkI3vYYA^z$+UYEeN#Aj4|fx_?gtco34fHOksW4QZG4t>ye|CvZFB~P zbgZA2e>{FiE=!e6;8+Q`pSl@KSxHagf(i_Yh-dID?2nl{^+MDkT$@+OlKA-1n)!?Y z=^n+H*B%}TiXU&8O;Lsp`e?f2V^Juet9$&5BsP8&CKM%!N8D^+`x%qrhc%hJfn1Bl zOnj}sIDb%o|K&e0KH{E;zvr!PIxqF{zdAg{HFiH}6-wXhI{W{6i6{FXu^|cx@$C_o zlycr%hBD@|*lCNqr2kj=rUa;M++u&9b}Z2*!SQ1*7Jb~cDnpV%+&|K9HGVV((|V?s z0L)E^JkzE7483L~rX0dPqf@dDZ?C39p02Kc@PFKKX#syl)%pIC^0?cp>5_lf49nZA ziHTp?w7r`8IQ(?oA=#=>)4&w(<{`Crs=v8;hwhhmrY_(Y)P=7@G8;`2YKBte$NfNt z1q$~NY2hsbG#^wjmbag{yun~%pw@7 zieIuf4@a(P3~XQfDCRe$ijepjvZx=4pP_CzMX!Q9Px2CHs1N=Wt0LiWVpFa=8dChq zpxe=A(~w6vcH;a!$~t>q@%b%7@$TbX@qbW>osA8)2G2?y0(V~f`11wED=YEt6Uh$~ zz}tQ$Y-1i^)*rDO%H(Y%$~P1M^NBoudC%2k-OcR$oVvj_C$9fAZ7Q&m;Xb;lW0LW_ zP0chS?=v!krsa%*J@=01N4b9BYT!r8(qzgCRjLg}vV6-M5+^_Mm9(u7RU+z9mVf1! z&g4J;wET;^3jfCI@DN^k_nS4f6Wm^%d)EpVP~P^{YVr|k?5?K2oyuy|*Tz_%eh>Qx zrhb9}3cqP+!I`L^dCO2&`%$fC;`(tiGYN|$otZM!&_0iB4RebBNk_+#w7t%}@grpG z*3?~LOzR&Be3*`hAN4vi02Nlq^*8h%_PseUim5x{bU;az*J4PO8VV3=gH?me_ctFt;FkXM4`wfR{SxJ) z+p9@lKYKc^#W0@zgZYt$^mI@X96#Rhbk!vZh#zryS%Nt$LFw-o(7KwmG=JPA&9E^z zwadT%@*ltc>o5P~mtX(m-+%eXU;gLc{+i`?#eIH%e=FB_@=kpyR%*5S_~GtT@lh>{ zyY*eBZf|aGiX~kBaDVgu=I--{oA-H+8ZmbtSL@sLyKPsMUr=VTR6na){I9>0`S`3J zk+%$0s>g0Y$Lqr97G*(7NflusT+}q^_G&WLFH79~W%qwft;E0kWGnFxWy!toY8uu- z9e&vURP75ez`}E(dpL6|8{aipwHd65a_>@e1?*?=dEDJdkk_J7FMmv4ndPel1$Hr1 zN3<{oa9e+lIV$&eALyI;TAb^M0e^V^etAoYnB87Ym-^J^1BYjCCrq)#&rFJF9m9$w zQ@yqOvnM?7kdhfK12Rs>g^dXCdy}Ed_N3tus&{)64hp?F?~F9_y(8i(4|+_GE|vv zQKSYpP1tmtG?Pn#WB)!(A%8xJ=YJaWjA}Ala(a3)5Eyhws zrz;hwejZ|+e+U)<*xK;S8DNr*T3t=5n#(%is6>7Ga2*d-fg4=~fJ!jDJHHOngo9WK zR8PAw9&g?A^gI$6KaMm)nrXUDo}@=J8H!Y&Ka*CyF5Rw$Z=s=Gi!>c+_kKq0-sO## zKs>fa2X7ZCzJJ0>R@ys;juM3(KqYpSoh1YhbV6YZ_~)hsv(lU%o{8I!9|poSp0@Dc z#%TCc;~S4&^B#HwUx3LVW$~C${c$x>>K`G5$WVFu2lEDg#A&Kl6D#<^Ab7rH%^fT4 z>EX^@0TbF*5|i*k9)VS*3$S7M@W{U;;_Hi5E0&Q)#eWzqzMUKfPORxwhT#T=!FtcY zrY~hH4nvak(%?t9#>i^~e-vpww4Q=0SA4%q{+|V77elDtlkip**o~qlE$lmvBG<j&#PkcAWcH@yE3T(Tft& zUSXR8`}`8gsyl|-+0O&K)^%}Fe%0O8#I-NVwSOCE;CNtXvV4?#8;@`}q2N&|cl2?@ zP;vXj?K?8rscZ0HFAGkn!CAhZRgv`;yQy{t_)KlJZ-Rk`8|)0G-)z$Zmv;;WyT3cV zW2@)DZzeWC@=opv2aTro8H30aEa@1WHdk^ z9!*=s_{MzExO&z}Ml3m4{K(@`11P@|ipdfX^VAWWngw&mP?9zaqeVjw8Yj|uHdufu#7z(ey%5*UlS$`c|oXE`CWf(P4=Gk4zqEdHP(^P-H`{V)<%sYna z>fd7$-v(vb+fG%^mQaP)uq)7b%Pe;G+o8y*3eeD??S{NA;hcqV?}~)L07D7&6Ekl5 z&bMohifN+l)BB3uF%(cg0kUcJ4uAdD!#tje*caNm&}P%GN}b2M0BG#q^et}HV4jqT z-fxEb>s&^LAFYbRfS)@*CW|B8FLeGLyqomzF%)JW7slY&3zgvK54_|pf}u+LGfuvP z`$0EiXT_m_{cI1V7s7uDUdK@3{RGNk=8|(fIBK__zm3DbeYB;KC^-?j?|+AqA5|ON zYHLg&#ji%QG4Fx2Rtitt{9$FjrXze4JS`~#r>my)K}a}y>s&Xb3&O!4a-V^ds#J7@ zfRz&a%agQqC2l7=TC#{8gk2|7QwwX&VI(qa>EuZ9qieHRQ>)ghRjwpsa@l4mUOz~P zd3opz`(+ME+1>NXmF^e{w0}>q4uMy(HP-nBu~h*LiXTgB$3`kyrCppL7a`&G* zhT`le<`6A^i^037O}ZFjdhlj62VA0XUD9~@v8?G9GkJW`Hp7)!0e^9HY3ta}yl@5N zg*yrsA@7%tvNKd-f5jb?A+4E3i;%C(xZ5<-V`NZ8aI`^RUyIE4l%Wr zv=~ymC;^z2!uu2J^&nAvKUJUlY57O|RthRd(e{%EhIh`6s%i`L#~ls;#!Q>OEQPMn zx>~pJ3D1s3HMUl5wC!5bpt_p0d)mlMWuw82l$#olo*bjahG=GVYH=&tOJ*Tz07%#+*Cb6QLM9PofoDj^IU7F6W#w4Jk&r?oLhMMg~ zVO(RLAnbDZJlWIAQNcakG?Dep2pO{2!a#u0l4^)B6n8(JKLdZ>`Ir+*&=~5v&!Uo1 zl@TpV2}Vc@rWGo+7HS9BO=D3~*L{ve%9{ucHc8`JWq-k)+V(XnoRheCQ=b9XXd2VU z21AZ>9NNKVW+W7bO6sG!Yv$V`B#RiZ5=!@Aax<$T2gX^JXgHBj_%V}nP=Hp#^!RV5 zaq*)e_?O`0>n_`x$IeXEm5^kG^hQ~JY4px?_Gj4|zoX|RNu{r*lb!;1Bql?;VoxKw z7Re|~?tj13{dfmx^wl=-CHR-JyLUHt2Qne>Co0%M#6!PQvZ!>O(&6#$YHH}oIB&D5 zo((o${|!iqZ)A)93g?fBSJNdSCcuv z;GUg0j9b%pLn8|?ZQaw9TlWJ)?Q*c#>#i_BxZNXx57Q@(KNAY=MuyA&NExw`5IM6S z4>3CNh1#@qg31Sm65wa(Yb=P(%iiS;-+d*q@pH8t2jfp%64SC_5+p+}%gl5i@YxAe zU4L7>*>~d9Pn}>%*oM3wCUW@u%a8TqrFW_WvLbX+oUT>F`>V$QMZD@E$+QGq) z>>R7~70T6!4aIbJsH=?S4irv?>fdMfCK&|;T{8v}*IQsX@Y~^r4Y#6yI&8hAu5>3_ zS#J_o?A4ULpKE*m-kVOwe`54aH25KJe}AUIz7`|80Cpwe&aKt26H5d~Vvl&SZ;j0* zT5oB1InyKCH<%yjJJX`F?Cx$6uECxZB^SbQ2&=y(Y*6f7M|2c-gDBIKr3DGdldTumtZ@$vCptBS4k@Y-#W58f-R{(pq^FX4Rh zUIE)lXF_`WV|41Nl`#)uy?p=i(?@}g-EXkp?XU0OHN~1j&QMGHIFhdCOLGp8YQB^~ud-sx}p$}|DvJV#PP~s*Zc9^x&0=L4@(+&;pfXAZ^ny9g;dcx_aJAKL$s(D^yLjl2RZ);S31#mtUMp*tXd$hNs2@AIO?OklgOFzo1Ldo1qb z{x2;?Mk#U$LxQ0?U9Dt^dj>fG?AX_-0a!aRx6YIR8ZIpw*?-bPrXN^oX}|i?UNqai zb#DKOQAG|3C#IG*B!%+nLf$SGaI%@SfDS)B>{Ck{_3i>TyU4f3xcUujQ(4J+A72rJ zV~Iq~j=Y^holE!?BouaJjGRDU`lp7Cn1pyOGPTj&wqH491J10__Q5s<+?WqK``>^4 zOQ{s;W9O%mJ%5>`P%?z70=eCZv{lE65S?9hD3>`XBg~Ek`>3%VT~#Yp6biL#W#zkB z({st04f#`U?EBN@B%C+FZ6cs;UnG~x@KeCPXpNHaII)yNc(~tZfJtCfR`|P3x%ewg z-bNJ^IDRtNCr`CVE>G?;zR1*LFB7VSt|pCr@|gSkpMU;GwkpjEjt6w#W`7!mF0y~1 zYw2%ACEqpnhJ?k5pd7I2Nr|B?>ft183faX57_QdK(8Z$sq_K~WcsShv5L}3o%W0{( z{M50Jp~Zdz4xHHgjIkT96G$hQ&yq45+pP^K?-%8v+ z0`9;GUVq`fZ#WkZGpi3OCg@w0Gv^7@3I}4HavXBzH}jJsF~rGF4Exw}*vV2C2_6)F z^3}()<1epNt=5`8<@l*qpSICe4V!|gT^fk1B}!O$Z-ARzI9co{$-InUyI-}s$YvWo zoYw_CRqPl@BCv&1q%lpWtF)FDA2{k&e=n$BwG)0~dx zad-v0*-mwcR=UHk#;}~?Mfgx$Ibof|C=Jf~umV~&XxCa_R5yGTHFm57wa?sCu8UE; zR)4LA0VJ_;qE}-g@$JVC?U2Jj} zj17Xsrk8DTbRkHQk;vKcwX8H7Eah(C^PxF)r)oKA(~h$0jimi#3}v^c*i?rG`mEJ- zz8A+8-rnaDdmk=p^%aw{71;*h14Fs(34i_-p6r+phzV1=?h)@%6Ip@j_?Tkyr8D`@ zKP~^_z6Snn$AWoy1~0z*&6@h3W!3!4>WMe5ur@1i`)W1$6giFz+2ceYdSa#dLM;*x zCyMB5=t&i84M_&)1$JAr1dkh>8%T8gh|z1J<41eWqdPhcL@3xIQSu`t=TTOD*`a3OAQgyBN2~%8k1>snGMiR5 zTVRHMTP07#tLcD02fW?a`4$M8{(q)~b7n|?gd7bDiJBk9Igi?P4ssk07#{xdV34*h zb=H`+(6#J*3Uxv^_YVve!Ow#qqOWxklRAVf9V8SHr@($>B?qq13421PZ1PyF47Fi> zyqXR;g$aK9U`yfSRj*6*CxzUruqVkf%>nvd> zGSm=1A#Llhc_&jgFXqYI)qF3&I#nfo-|{0?uKZ5O!g#Hobt@}{F7OOJA^WThh3`l` zqQozH%KexG&l~o%Fjd;>=SRL?WduspncNyU)yNUxN6el(0wGZD`+ZDAK75-%bh$_6 zpGEi>?idwZDEv<*$BG}1<9|C={MaAgvEoM-uh2#3BSXRU*I6>~i&WdR8f}cjr7}Oj z$syvzN|_E3Cqm0~i1^W5c0=@^hZ=vkA^Ok5oxl4D&rq+PIN_^YVor`5M_uoXCdD8= zG8C%kyCD95dYnF1{OIwsdn$jtn!Nq9CqCw%Perq`+E<06$GDT54Sy}2{PAjn_upj} z`H{>QfZ<06UjT*^aT{_XSE|mpm4tiBP+@%IJ}p`4OlWOdvmoGsXob4}~>l?;h-` zDIfM-0Z5emxXC$UkAK&v(w=!0#l}~C0pD%E%u`X%(E@nsSC^Q2n8|vO^ZLZ+6H{3~ zGSs1eE=wM=;)AT{^o@2gzFH5$qmwCweWcsQ1cm7*-Fs2it|Pk#e`F|rf7GNrRFbtPW|M-VX8@Kr9U-hV9s5+Xm^b_`Kra+r;6 z@%%RA^Ay~B5qD`eR?NERk;pl5ypXK`a~Z_w!|jVv54f6qUS3U!{(|WQOoi@TdP#tp z4v!z7JAwzKV2k^(k6R5ZwOUJ5RMfr}j|9q(#GO5}g0C-!Kh|Q#kctJW30|42$Dt)nYH0pMdN&!W)Ke!4YK>vBN}w0({j~E*o}0ezyp1x6;llU% zQsizcQGN|20F78pq{`r_lk_qz_LMTF9KMShLXPtHheNo=$~OEHvb0C9icM?!#tuz- zf^FA!l4^4Bk)bO7D^b}+(<&$LhV|Xn3&hV!su0g}{C{3ePT!5s!I%wA05Vh@Qae}2 zZK|f!SnTOCrQt0&Ho2$q!)@q_xBZZli1~9mQGns>^5MN#DwzQ=)Wd&0Yz)cUG;y?5 zYq&>&&WPz{JKV~dEDGzpJQQINNXT!2&@~NKp?}@adVjhrBs_jJ?#yvNkIay`_|dlS z<5GzY6Mw_Ibi&Z^V|d?ZXq=z=!n2s49RBm@zGrTp;)Z$`cdUm?txDPM`Kjb*k7^~R zo7@^kic!TDrM^+6#&r#_5=M9rBP8G}tn<~7 zgTv4D_L9M|cqBR>6%5B{KUrK~wIX@{)g=0#@PAcJDr;tyG*clf_f`@dKS~$%g>Z8- z^+dZXN|unA7*e^Za}-5MY~1YKx*Qw0kk}Yph3(<(M)g`u<6| z#lHJSC~hB52%kIvkNp1m3%>WSX&D0i)cy}|#Errx_M_EpCp~tPH&}+m=Hzzcx7k!! z{JH_mo#_Xu@Z*Xlfia{qBM}WeJNN=B*)-?`A~C%M#xnG!I$=bR0Qs?)XG=tk8GnUC zo(EXaF^ZY1#bozgoA$ukDq6iJ&me~V2WGnC^JnRM5R~VRPwZ{krsg2UaTl9)FdK;9vmffS);OKlpaM2z&i&PM^|2_7=fXX|1?0jfkp5rM^~5FElEWDh|jC+Ukr)Q ziHVvs)p@VLg>{+DYqxA|zpBYr)*l&a=%0^aZ{UCF^U048y%sWlgy_efNq_tZ)GN&_ zL$UpFX2DwCxRgFm#wY?Ih11r~>@bYCshS9l}vv5TA(3}yQ- z%DM4=nj!Ougv*b9oxRoN&S>oKUaef?kRyF*w9dzoAd&OqO;2ue?#Klu8Z)bFeC+7y zF!wkBF2l^`=XUD^Wd60u4VN5X_6A>Gw(RV&SV)o?v2b6QDG(vs^?MZ}@s&u8jh^{bf5Ac#S z(L$}!ml9KD4_xOG>wyb0Q;A{MfG6i3Q)4^h{~_hZ?^(48NV#|6<9`UxeGO)ixzp4Id&z1Dw*u_svM)Q)_Q5Mo4g)_1_6oy*y+tO@UmOj3B>1tjmyAR- zV1lQ{4S^awHuPxlV}EiltrBW6RoQJCbh^tu!xjK9T@6yW{%+kCY`3i`3+J^P2Zde| z{0QDlhGe4*ydOJ7MYjeu01P$$UsN0hCnf4?;4abE54Cx$#kX&wG(*Q+DEXQ$d5V&g}oPA=U?T^2dQ zOw!o7XDBoOl7Bmrq0l_N0x>(j^+yPaj~}nei#qExW|ZhnQYyhcLlyZGJy1hoF$&6V zO0$xsIN;_s3o7iu;xtNnmQIlsU0H=HbwV!uJwpk46ts%Xe z$xFS6FGV#VSk+Q^(-q7#pU646n{|!%0@?59o}pZQl7Hx#>qiJSS8Fr*5acqwcyEaz zJV|Q2-gDHp2PEjBden7c9 zl}2Q%-hW~_i`VqlbsvTLk2;T&W5JIA;lAOE0gqf(vnJ{!G=AI%p&b`kkw6&oAKcqv ztyZugOM2^LNL!v*WcX`}zNFm~9EH^*lW;c)kgWZQO9G=L6KORPCr@&5d?$sjN3aV% zh@)49?He@RNwoY($kmPqhWhAd$HL~SmaR6PLw_qY~$siI7)Me z+keI#I#|tyyS2Z2T$YFwYxr*AQw@vpRT3&smT=Cti7pduO_{{~ucn>70j}1s9IRjB zvTRjn@vH@opIeRcKX7VcY;vayEL=-ah`whif9x>^^a0N4AHeArn<#Eg}<9|M3(dn34I(*Mi@w!lJRpSlhD!$RaI=D21 zC&Km5T5@AS5>5JZT6q|nVF|XE?!5nu2;z?ab?-`0rk24Zt zm)OsQ#PPP6L+TB~P%s){p^M1r&5V6mV*Y`^9%;EG-MtLeqYt)%MeU?!;D?7!G=EN1 zN!O#}t2A^$`#nd|=mVfJJq`2PliNMsGZcUm>U!aKA=O<>#I7bS z?GU~T=BPF&%UCD5AYdY3a$e>n#D6pA-7ZU^zG~~N2MQ)fscD#8eAledBxJRdaQKm& zC^i`q_Od}E5ZyjQ5?``C$53t>Cv2{*7gI?|Fgz*F(~i60LO3TxU+drdL}9&qhVszZ zHPBaZ)(^8M>5Gyd(NSMr(lYKFQSLK}dLMEU9?w71pMg3nJr;a>}y$J z%}5y~4p3JaL%HZCQ1uoGaDNfFU}_2=L$PJY=~2-`C}&@$%3Cm0S9ZCZjdp$ybZPb7 z*0lN?`T`o!%6dbm7co>;MpTij#}26^44&ixxBJ*9(`A3rt?KU?Dk47{3QrpGLgRs< zLh);$;zt<{{Yyn*Eas?mUcxTfhG!@%Ja_^D&R3E}Fw_C|)s@cOUVkaO6>?>Ik_|9a z`1SlJHZ{~W(C}?HsUsEf5~_~0jvlE5(E^4_zp~hAi;WxozhZ+d4s)&*>C9xP=j&MP zC`l|}S4hgjV<^MxZY58rLsTaOKoZ3WKQR>Fb!HNpt3DeKYkXUBoqb{`t~&tH6(*(h z&8C%Pt;i>aTDr6H`G44mB3AljD^;{6e~ABz&^r{?a2wfl7+nXtrhmV}?qzJM3*i$h{nlXm z=x^>TvY`AiQ8)41@+6@+i_NAmzZyQ}>vg?aOcV|Yexl|3e_j5x{A0X&^WI&d#)qN2 zt4n(F)IA}O=@Uaq)?sURQFmL*#%>K|M}1-_pXx|#W4h#epHB=`PiHX-R~}4)V8|Ad zE!sr?$tQ-=r+?o8BtxDt13B61Pr#G_X8(;|uMGVX&k9k0VyI|()FV5{4Z1=*v>xF* z-Or$l^gl6FIDK|9+$VFeNPNHTm~Q(SkU zS7bK!V~Lhczp{C&y*NwEY)@)M@#$(}r6=snPTJW9-+!25v|1+DQMc16?Vu8m*W7X5 z>Ane)$)t74QQh=nLdj8>6hXM|#h%<>WI76;AZ#^ZZ7za z<@@aBeYU*K9=AH*ie2Sfeu3@Smxa(G-x`DUBEFy+XN|slcoL4^djmU&un)ZrYK7Qt z!*7P+HGlN&rtOPYQx1J1nR|z_#hX?a;i3NtDeer0GNaS--IZxO;ScbXAQnR{(U|rU zwD45nLXCy%yFlY%$UL6ww`M2+dSq*%RG}3ed>1`6Jc$A>wZ80H>0}pa6g-*2D+tbh zVkigtq&4ErdlD5tkHz;B|NO*I{IgIy1E0mdBYzfEk+M}QYoJdtopJCLe!>6z9JhV^ z5QUbZyyp>G_`mRov0My$Eua_Y8Cb8yJ02e&-^s4TS_xS@qzJ3);r2tBr_4pZu&7O7 zy5PDrj}ACK7_N}u_|cG~iEI_lnP~d5j4gld@ihLkteSsu;lEW2BSHI080vzay<=4y zT7Q6?08Zk(7Mp>ehX$QJfEqwzp&9C^s6iYM1xSo9{TcN8hlT7bJAE;|ki{-kXT*~INc)eW&gg9RyY(&yb5~-2JAqH0G4cEu(=o)biCNS{fDQYZNcj<{fE50MtV3FZ zOG0sNM5EEzDOo+|j^@X#0^F66ZGn+-IDeKp%-UFE8=CO+89>>Rsx$NI^7g&+5FJ!a zYrG5%R*`5_-9>}#@^N4&i#nh10iewy(aM5TE{wrb2e#bka(E*-7W~{mVJz?kJM^>) zM^!xL;4eI5-mk^Zj;W`cBlvr5A0CSxdXwQP34%4xYP+nEb{p35^DQEVqN?*-bblrD z2V`ToS&6>!JS$v$23)rEDZm9Yp#>W^bLuDK_7u%|tb)x|F!W!+m|!W+dS;O$>k!DV za{{}reWSszr1yiNZfk(w=*IQJv$6lzTDR!U3YVXP|C`*&pO$~@)>bUv-+U67M4GxB z*fO+nJXXCfi>zz)W~16?kTZtzuz$yMK2ou>6Heh|C>wi(b5h(kUY(Y_omuBTDdT69 zPpaS-7XF7V0&gF`3EKi~uz$129Vy7YSm;{PnOzLkYLA95P*2zytER;ItuwHJku`cu4qc>3`rc{GDty zYT~A#U&$^fvj!Qe<({8=&k9_)&Q0x0P71apaKs%eph7{-AkO4H&8OA?iTVw2zi8Ka zAMrCVz5zZLSF~)fuZb+5yq)3a<`1Hgw7=zQ^107g)C2VFrNnGu@TAbUH^B^8&uie(6m9^H0maxX;1A{*&-v7$GhI+$C^ImEo@9jS7 zQwiAA8*@6~dg1=|2B=?5W`i&9uph*!FxzFQ8Oj=;nDSiJHZ+yX`?kf+?KiV}a>^^~ zQn~4qo}nD_`FVd)ZhsU*+2r#`F>v=Xv~PgHNz^!#c{h3VM4sxnxa)pHwru#sP+<9q z0f^VcaOuTc+Z$kQBYrofFNXXEh}&e!Q4Za1MJ0Etern!H*l)loH<{_CdhtB7C2Awg zScRF*3o4#5yPSww%!qTR?~Y&^y@~v}eTzIbfZlB*RfW`bjO)5!z|MxR~AdkjVK_9jRkJth-5T zsmDXm`>I5xtbdgo6?0BxG4$}ny%+9ftao3jt=wtT!qrVLThst0yTW|BnkaQ>`G~{t zi@Ra}?xx&kzx`^g!3r@3h8jtclTT3LMyDRLxBh+xw`H# zbWvz4on#>vmGt!RbMefV+7QW1zJGZbvYNA#)*7rhgX6pqGSA}%*pf|jJ~NaH zk2966`?`?$)mVSzRwGc-cJD)-^T;L%lOHW9)LPXA97}jIyErb+uc=+JN`iTNHBE8K zWA3

    {#MF=FX*xreSHY=v}oHJlcpM!C0UfS?|SgdgEk!!*F@``OdWgCkBHzNq;$T zxeW&5Z&H`5R>=oZsL+&}LdsBr92Mu_9LFdm`Rn;HlJBsoUQLQT>DHW@fd2lRnR`vE zcNh&AiXISkjf)d~J6@7&SECR{3}xNi-r`|NjLEe)&=Y2o17DUEd~nlCu!?E}(A`E= zRuhN658;I%3a)ne2Ag6#G1NVOy??;h)l|@*xylCyc%Z($cD>ATFh=3)6?8I7p2fMnq*P{m_{QMK3IV4xPbj4&}Td0~k}ClU*KH6E;uOw;nK_RV^=6 zgGM!SHk-@3KB-AS4g)98PpLL=N9AS%WJmARiC|*^)P0R49U~VcHipcEV59)ec6Nb= z7`_qvY+&#hfq#t`T&8o^*MG1U(t@rG1&LJ?`nGJ$L{p4{Ms2)KIlolQ3ia~^ezGj zvsm|~Y{gos0uxwBuldz<(Anm_UQIFmI7QSrKe?_jc(Q_>Uf0>*{`||I{`%*46(xi8 znW1v|c}6qYj6I$0`gUc0TK=)wcUw4>YV|mkFh99p*{(0N!GFyB&>=&+z1`(9tYPaL z%gR}oRN4#bg`sLs*QgB6ED66gKZLpL`H9z(tG*O@nl z>fo;g>@9JVi+_OeCMKcbhRng@g5zKX7aI~1LqamGOmfCk=6Y$s87JY-#C;=e*XO9F z?Gl*3HYL#fHhaK6TGQ;C_%dqNhvF5}`%KtynZ(SGuFNs7O<9^p)q0a4w_DlL3zZ); znS(l2aTM;zr~tB_#eW0QDxY8%^Us_DAf}1zfGp6N zA{^zjFC7C4BS*1p5@Sp-S-81WV*XET8n zk7Hec-k>^Wg|1!qp;%~o;SliSWb+|N%bwyWiTxZH+}Ttj42Jxv#!g$l$OImvD^8b5 z!b%(^sehjjh98+}$8zlHV+>s2AB;r z9F1?Lrl~3`wdxUN*JHAUEZtf?g1iQlcyN*6_)(Q}OLwQ+t_Qp!CFQ8)+u`en4c}JO zyV28L+<#X!A?Tmjg&YJ zeQfM4hBt{{{`8k$cQ@|}lYb=<^P@;lD{2p&6DPgUFP2qdsHW`$@zSmLEYyD`*7#mc z3xE5%bI6Z@{Rq_jsM>MS)e$O}fs~*EdGns5RJJ>KayVy|J9kj&$?DAPk)|j)nOGjo!tsp7&4>-evH!an7{nhJ&LpB zuPks1kFL62$&}>?*!l6KABUYEt9n$c8Jsl?!lNw9Os)%?J<2s^a>Axm7~GYxwd8)V ze`vh?_>@C~U=GT-7jkDbmR(jWpT&CM6>^!)<51Ah`H`x#&`}c)E0!$SyHnd&IDd7C zVfJwZoOGUP^+wY>HbeRCvqOON5?g0&l`MT}+X_wpt#W;!!D@!FDE9(6nMd!GQ|kD{ z^$Dj3gcC(02E?ioHbb#7rkD-ND4ayYEq58p*!j_?=PdDyr<@v#VtxNWH^An{wVt1&0dV-yrynwl{OHpU zfz6LQy=s~ULsjwbUDODm`H`v@S2Y4Ee$?nHWsNWr3~AKGBk{7j#+&yHh00&Mun|D= zqf|e#vJnP=DY^RIrHz1`9}oL+wT%FuA0PX{#f>lq{K(le>gfOncYhL=ii10^O2xsC zNj({UFEQ5Mi5;e|V)oEbQ!@$sT@;pQsEK|)Wo`riOKnGS^PZvb`8c;Bu_?Bm2qBIM z>X2hH6^WeWin)_SwkUzCD&1F$XcS+ztuho$|E>v>3`Nm@RKn!dl+O7iOfu9uziz@L zLxJ<}nJ~#v=KQr2CVv@9mVcjg!mBBmztYKdc)Ken80~g5eCO;K7t*?ZMf9NXBXdvA z{-p6qM>bu$d4Dw>^XJ~b@NvZFzQ)yPwMl}yfRrCEJBu_Vt>AeLE0>1GkAl7A#>K8- z!);50=SRYxw6>1z5w|h~Up0h=|21_g_FZDoo*a1q<2E`N1?r0gZ@A>0kHpJUuk zv^@qYRRTF-D1`nB+nTcQRoux<{a{S^QN5Rp30AB7juFw%L5=`JiT9U`03Min zy>~lBUq965v40ldzKPN#*6%YEhJWcUG3h@ZJ$y)~t=x^2%VKMC`gUQcF8`v%;(A3I zKOV!E!zf|=jqG{|!@-Y-j`l@sdYo%)+_yDF!rby>kRzDid!0YnPPSdlc(}l4%TR}Y zMApGP0mXyk3pk#(wnuAdat)`@b}AtV$549y>}p&rZ-1?_F8GGWRGm_A#ZZO*Fc9@6 zA;c71%UjryookX*dIaSBnA?baf;E>Zov{HAKh|~K2m(XB`EfuFS8(i|+bYZ*rS~O< zV)7?f@1rh@9C7+k8I6k{8G6xO$x!{BUWD*oxZ+L{8X!N0lNWW?Y0Ns&o5W-ThSKgQ zx(1ChV}IGEG%Hz(1EOxTN_zs3w;D@SOA&kNVfWgkS_6ji@TkcZyCh8>3*ESGhpl$* z+-doBUg|}BDHZ|3!j{6DvS79OlHJK2t!um;5{eZV3eU?2o1yC_Djshe+DE}qaz4yS zU;FvYhDYL|U%~HJ9Wa9jRY)4#wa8E*oA#YHRDTn|oA(UG;@v93uFp!?k{)AZonv$* z(H3sIW81cE+qP|^W1SP*w$-t1+fFAPn;rY*-uLdW_y5!xqpJ3(s=dCs<_ZB!VnwFH7ttvteL8$CIvDU;KNSQ=o^o>gU;nNK>_ z3>T~!&6vmFwrbjr=71RH_ur8+gij3=#6+0KHJ7XWqv4{d0gaYleEawN-X*0VvLg!# zcudroV=V?R*v(8qj2~PO`s!I^Ccy4?QHiIb&OF0P(8MMY3Py56)Y+O-A-1P?>ypg} zISMaYeTO=V0UtzI9iDLmGDGy-jjDBvj)N|!aEqo5BVHq-t4iS@=Hxy?hOzPW`bGI_F z_KVW^Ye$k3AtA=3s`sbk=(>x+pRqmBA449ju5a*FHdRW=uKS6&p&J`vH@D>i#B#54 zUB0K`lRj8d($Rq>jApq92Way!z=*N$n8-$Fx0PgBe`dUfqV$re2lkQLray;DI|Hnx z&!{h-cdb_cui1>fPO6CC^2$02n?f$%sCuS+L0A<#4x(TOYUe?ykZ&lie8h!ia_X>e zm)Tov0ThQqhABU-c44EZTuagX4H>TkFha(`D%b~DA-kWtAL67J-m}sRd=d(JMW3RI z$soMUpy8d()vIIhQpt5mm1ujg(&GC)CHCEgJ+@jL`wlM(er74UD=nKXA8gm4mw;45 zLHhC9*sn~$W4Bk?EgjSs$HnJ`pl$hUvRu3t*Y4-}-v9!2O$D}|ywKSswIM5)e-6{i z=h#kinN{;h&-Fp9Zv%yEz}1F2k6GoW~-dtsx$h;ev&zo=Q8Pet{!8miwh_Q zj0Tv)i|VDq8Qf6s>2Pt5jdqZ^*+mcC#WP1Me9pp@hfsz6He;%_=sFT-`4rvnqgwGi zKGyVy4%f-bDgH94$pZv1a)b9uTEIld_ca5Cv~G z)kD@`d@o`*Vww{UA>ZDwBXGFpP=0inkKVbD3eL?LgRMjedOU&gT_>?P~_ ziqcwFrha9U_x73qf>F zXzN~cZ7^EigSKv=8oo6C^Qeae_OQov!v4tPSQ^CvW0ToPg~ivVWKwuRPy-h7dj8)> zF9T5Lli8r#>$)Z$bV%uCuf zKZP?GDzp+fU#!e@06)&*(4ZPpz;W>;G#>9frKI5gj>@Hvx!?#bn_5u2m*H#|I#4yA zpv`?r6vB)^*||@%JeM7O?J7uGp!0pwV`s1`qgXJd9cvq)Hv3^KQwCMhp#w>BU0N9X zp#=)3v_DOyIDOTX^t=md7n*)LGr7K|OzU0_vzP!yJTv9)rk9(f6|r)2ni~Cjn1`)~ z0b<3U*M?i+1O=9H?06{YBQZP! z0`skt$is-aY*M|Kk^TxUHTgg;#wL2f(}7$d_uM?Zo`0Bi6#WV~zfw}`kcbdE?V0t9 zI%#P@ZC0s4KZlt~klZTJMa=7E6CbJAObo=hiZ5ovxZ+HqxTN17^1o`^wTbLebn!%NK$Q_;oXATetM!PyzHVpOgRjxtqN6 zg|m0y&Ua&`RoI$v!Zt3>y*RU-`G@)-_f!C9o+7-xCo8GD4WgYLTo?Pce{>E!Qr2i# zl~N?D@i&=Kfy!bbDL7y&ASVxuJj-7AgTB`?JNaDYND?~y(Fw^)B>+=^lUgopwH9Ue zAT}fJ6COO242R0^=g8jbz{Zm!rF3;nAEO^07D9v&onfONv|9dl{po7UF>Y3s_m~48 z5Kf5Klg-D!JK6l)riYXsZ9lFh z`|@;gJ40Qm=&>jMcw-6R`mAKTNdeP)NYj0ztRQ9#y9yxv31xY!?)g0(hIKxB#>``! z&%-;EVb(XDp!#C>aQrTnN`W}*X!`0r~OPBS#+&mXfJ+^rsHu%D4i-l@Ht6vh&4fA42wmV9A34i zRJ{ET=Sowi-FHQNs%hr5wUhe0$!Upq31PAcFN?Xf$z3X?q>IT##f^6W%D`M&(24SR z_%`5e2o+7Tcddau&$C-KWpqCmHTPB@CG6@3Cpf=g=<~NW$236j+n@tDxiX0cHO1X$ zW?pUYRV%6fM-M>k0*%rz#&`h(1X9KqB;FFk&QG6Y5QdOKhDQ~V;o-0eo~bVtA>r{! z6lCVBCSl#^v8b^~C_zzx07W153a4}Jx|o-kDdeAU9%&GppRzFRq&p|d%sQvS*C^R` zuMS4b5HM*hI6_jxq+jG^HAu!V+e#GkxK-z!vyJdjmQ-UeUCfR@USR*_)VVmmrTC0< z92qYWW_wAE@0wH1btSG0e+~AYdI*Y!9EsAMl*yvb8M2_+0@NzCfrF9F4*l6w|Jlu- zf4cOW-R>(N@7nJGF@^Re6Aj>TL}}PGyZKc5`A~Ta3%*slippCe)#iro1NU1K_ihQ9 zO?^sTFP+mT%_sB9l-q)FyKlXnHy=fSxpl^`Pv8&`>|saTVIx#xC<2c^4@3SA4MH^q zY*q>Owd;wgzI73pSU`2}rKGU%$W)4)6a5$!=lAX#U(mD0w-J_000p?W3Mr6TeJSOk=93|~Z^!%GK!>o0RVeXXnB+vX7e_`cK^t&6?2>j$kbOX*};j4MTX zNvE5 z|6H%QVAz1pzlJLiVz@0Q?#)n#$VJt!D6f9-`5nuEOM3K?s2K(WN92i(NB1S03^*{@ zOaMdY@A}<3Nr}m_8Uug-8jDgw`WMtaY13S~TbCISa*cEQU`D-K9ZXrT6Su5$cb&Q= z6cTlsm7@~`@K1QZa?OVuQQ-=J6*n5IRk%=5LglD?nL)%u=KzX?#bJtN9mrD5IXhBMADXu78ZRt0eV7K=PRa#{; z?~=uo;wuep(dC&yi34uBF>j1g6>9ICUI7xzf`ei@fUK&T!dd%M;g{K&&BD$scX}tv zqLcmphdx_Ns~8WHG*U?hXB`(R6uKz!O&QR~LjrP~4VlGTPy+^#%fp3sLTn_b#AMvn zhmyx)O!M+9@s^9W>Ce)LJCEXzp}1H+nm#5vCG{cy-*>XVmDHX37xrcO3MY58uG*O6 zDw=gu0^?9&mFtwNP#RT}s&T&yHIheJt1#G=3UfsSU??JOd7cFPwG=Cwn@M zGiWYHD)FZQiyBy59RazGTkEH*ej3n!0=k0YdI&G1!;qm;Z189@jfoC-T8`K@Pg0-q zV&uJT-o?GlTI^LR+|~JPc(EJS3K2`x{`wTyCk zQCr%Ra4?G+5Y^8R>$ADA-4;N)8$ z26=!ITDRvky7F<6&w+@q=t>JgVuu+x+HCb8sTLIW=fU3u()f$*JtP6&L5@Gwl1h zq|C-YENGzuKUqBMv+q{Ix^5X4cDR^J?{=I}9n>L#5S(;rZFQ;!7n`!tky+nB2pnP> ztm};8b}We66=|E_t__eVETo|L{(ubOa{l;ZdlB)dwG7LzNA|ie5ByzA5UCDiCn`&2 zUyJ^=RH%3NAm)xh{@&`A)O;1UT5xV~IN~7(!401;PllrSuc%|}@~|9sRgbH-!8%y0 zV-r-|d+u5A?q_D{Z>LG61aCm_v(DnpEV$}a#1XijDD7i@Xadj+1(efnF(2v&d?czP zY~(GIWZkCOi5R%i?kSN`f)OWca;88_RuLMY<&@coo43{{9FpP7 zUJjnHNn6hcw;iZz;`oZ;Il4iSa=g_;t#9M)T24PLu1hS}WtG@M{b5P26^N5?-CS|i&mfZiHK|nfinV60U*?ESquPsyD!6g~OYS{< zA&QxKDHXs?0T4UFQk@#bF(@#;En;QNqXCc|9Hw(IM*x$E@q)QBW!S#E6-c1|d4*{2 zi`1T&HJ}1Fr5Fcn*%SbO3YBc9K5V+{BQ>0x9>l|G5NX7X(78sJ!0#sFJhJ=FX+$hm z{eoOzzf!eGLmcz#|Lv2O9k;kAj!UwGu?Z<06sxEo>C-NkPK!)iRi$25PlVzO)#oOQ zeV3rT+kkIfwj@Q&H$@b+nAhgy|M+4y^U9?VPhAp10>CSF%IKU3cE?u#sv*}DGzn38 zx{If`TW?*Ng>qs!!tV915wYuR{3ZPa- z?P-r_Xv4InDR%GEhWOuKT?t!uHP-C|x}hf1$iUqSw#xW)XAwsuXC?W=nc0*k9!yBW zf>D1$P!bWsyLj%4C0_N+5ph1fGUev=sMBGUTJ@e;*=DF){=lDyVnGSWC=zm;szu>LleNP zl>SC@;>H{4V}`AAp3rdGxAeG9BNQZ7EQSaohUYcdAchm%GceNmB63P|(1*eXZvQ|y zmOqL`T9XOE!R6}!m6^KQDp-9I>lNeJ_*>PQ_xCTbk6i|SvblV1-JUZ)%V?FQ%=v~? zPmxadSb_%ZszzUgwCLLoIM1B2+zrYf*aufRLaRI!D_Gg%i-gbPxvY@dO$!>9)=M=1 zzV0WlzL$s&eV$Bgm^lG9V5WHpd|!w!A=JEAiSVWE9KK+{(DFP0(6-c!BU%Dr+n%!QMO)R{%&Fw%gO*b&ow93m zaZYqiWRXu`7Nb?$hL_DM<8(x3TT<(NQzZJ5@pD*=<~(cfIV~&Xc4hK__%V=is~{-7 zPo+s5SS2k{7E>RRtL6SUC;)|uGP-*hC$jW)P1GhpcgaK??6=j}YSBk`n`No9XM*X* zLijFd_)@Y*sVL;bs^GkaUHqEAuFk%FReDTQbqet9KmGwng{Huq`1O|w=G5IN+w_`i z`w_h*Z9(B<`Oq^xvu6;9eP*1Ox2W!jTqEwGU3N|Ynku=qXEpZzJkQ6^m(k0*G=*Th z^yM;tH6TOKdAbER1Ux1DqJWZXi%}9BK3wxzhro28MWqPO+qCT22qg=>#|s}o zrcOyBr3#+9Yl9z9$Dt7X{KYeMi9t5E=zbj(ib+BD>C}I2c__i#50~X_Zl+tj)~Siw zTk3l%&`3LUmBYBzt~0Mj2mcNkua+LdJdY*R*svY7i#2-s7`pfG>TZjlMqf3p$MAar z{S(d9VnM6^B+xxy7OPBhnEfq%ay_5%;;|;xk04TXa^3IPG$3uTiFGodGlY1buNMW+ zZ_LhpZ?0|ZtijkXRRM40(W$O2Z}L-M0273+ZAZC;WjxuW-2EfcxV{qFP|&3S(adRv z_z!p2t-w^h&|)k%4vCJL0POzfVp;G5a3;=h{@+#3AGliGYpR#&(rnr9sSz${b72Ju zv|Je;8($DGANZmX7pL+9)Rm!GMoB_U*H{y#ipb+Vn|m0Cj%qmYf-Cn6JXO4*6)TLR zuJqe%5i!B2^^1r(UP{omQF%$0Ohuv`5EG4Ggu})a ziWg#3=Kmk^!X3LunU>H%;=phpJPmj2fxRlUsr&+;_T_w4A+F7o$|;9qnvG?f@9^}* zG)_Qh6TH1_rFB&Hw7_*#>52!awZyAgPZxNnzj{@(^!F&TXjfi(euY=VWbO2K8r2%= zC-o$ZLS_cyZiaTc2ON3*Y^}$X%Hj#d?O`Y}rQ_bQKpSWs=~%`rn^B6r^Q6ZcH^1B} ziFvZ2$SB*b^IVrDNmb^KarUwL3oD%`p~IEHb`fq0&QHMo<#;E>$_Fp7YS9GCQHHA} z2%AG-z3y!jhf!4el_M~z+t>%~*Y%;)3rckI0?*jovM11Xs6 zk-H(+Vm52n*`tq*w(!?OHwd4F@V~1jHj2JVMT7W{eWw*oUe*KoMu=I@7Fu0bUF$*7w1d2~Gf2(Qz_Mi9*@gBSA)zl$(eX}k927WkA8ojK%|HM{%M zcL!3AJ!iPkVFA4K5x(Qp4Zk3W{IFJv+Gml#6*Wa}jj3^A!jWR4y83~V)c{HrX*cg@ z-~sai+&;jAUD)du$!Y{bYsDNl{#`;z(-)R3G)8Q9^{tDfgor@EP#yj+B!bvv$b-bP z7n{Kp82hj&6E3-%IdCz%6b4ecbMvLX;G z*(gnBo_+7P4YWB7z-&^`8VaR{^;9W@dSQ`keT^)Hc|mg31=8E*LZxIEQv7PUizYmL zJ23F^9E<+x?2tUg_=iEe^ws$+&2t0}`;zZ!J0L@@<(-_pP~xE9`mgEFEZ@@g6)Ome z=A=Y=58Ns{UgpJ;iRHBES3R$StY*Q(?WJc=|k(FFV(kK1$#vQ22?G`vlQw+9g9oOXCfn|(_xx71H zGGt*L#}LV0$gI}vQfJ?(N;)?zr5MfKN-&nJV=wCB!4Y@;;%_>9;OIbuw!+=FG7AfYmJTai}*p!A{FCbJnR& zYqx;H1%eDt%g7?kKp!%o-H44T6pEc$#eJn(7)p^)QI7*QieSSIVje&phyJ8Mnng8X z;O4$$Y?^(5d?VMk^+;=kUghcK*j*17I5+cz<^kKgVBnciM@f$;UtFobRqdGOf-b$y zsU^!N>SsKmXuR*6ubLludz*un5F<#~FDWNhfLUC2BQiH|x@9$D7aj}oXAE_a zIi-v|8U2W%L~pK&*rSqjtCUCTn``Mwu-ypP$j;(*;QhJUf2^fhSOuy6w5T-Fz4K$% zKygqx&0-%PJ6pn&FC0UNV%itjnAH<|6~b+aZ9%c-+CQUm#66f6iM1Pi;N?`|2RI(V z0U3sH+JAfOrZNt1gNznXbJH78R$N!+H6dM4?bOJn1-WN@Rhd@(e70guPunk=HdaG? zE0MuU05vQi#1a;``-K}|BKQMSy`*^fN9<|2?X^Ix<)mGLMSnA4(gOq*H&7Ry5ft+` zA(`;ZonJ?CXYhMt|W z*LoB(4xj6owiNjcTG)uPkaBhM=SL_b0)u4>Y*`n!7QC0Lt0%S0QoHwVqFU${Sf{Yk z-;)@rZF(u@gQ4B{T|RG_Mw|Y`c_Ed<7l%-@mFx-(M0cP?(?K2Gl{%C$W8s|?Ye1tu zaEk>urPZ<>`7~A@7-D;cB~mlk{uEnZ3!K39HqG$Gw@fw4fFjfg#mxw{iscoNQ}4i+ z{sjt&T8^@&-wSiEnPoDTx-()w|ALk_j*|tsNJ9vhtcelfRlG6@N^BHc@e*0Oj4ovk ztDy@DZ7hu#`6s&v&Rj09z~ffU5g3#l&P4^KC1? z@ypSEg0=JUrgy_(rQP8^veSmFX(@kbRJ&B9##q&ehEM(HyfxX?|BrZHcaU> z8}u(67$q(lS(~q^DpvjEEA7-V#t~H8NG@+wqOqeLGHP9+$1?Hy!L&hE4hme^ocP@Q z##TO*o%7_De(L$M%)bw6rE*b+*x*#7!x!$n8L@P~nbOw<0JyPj?$`!10kyuD?84J; zqFQy9zq(iQ2!2EhQI5{S#Jygp&Gt6T0>22@n~^#gg&lvq)+3P-)hBXGFX*@}crOfd zxV@AE&REcvSy|N@w!Bh_UxEHbK?KKK`0n0I2TCwDLzofK9KQY8AeKdhICf0PXpNdy zNK+b=>)3{A)Es_O#~s!ZsxI#k8Z|=XSx=(7VG42mc)_t6;HB%bJDdIpimVztvlR%n zjE-T*o-~`8DQ+Ed9~5N5@b5vQMnS$5($F02T>)L?I+ zhcN~*1_a-~3rSMWhdR$A^OwfnWF{|s3MrV=nl`)G3Z(TTUT~w!N?U1F+GSP43(Ck%UMq#!?fyR(H#JtFIJM5& z;L1aLO3Rh6CGw+ZB@uQIVcl{xC4O5NqN3FcHm%`D1GJL47W$hfb>QABf8nFQtb$0n zL%#{Dn8Q4Cy$z;C%a-k)Aysub*;^g$W3}$$W1ur9fj>>+lt5vdcWXA_(7lbsf znQRRUApnM@p2_Y+%jd6atc$<83?sURVCo007CN~4Kz*HT)95qNRm22>vU;TY6y6I} zPvjpKh0N1igNkH${)k? z7WfKs0KJQk`Yxmi7+AgJWfFZE>6%}e`UY7(gYSoaU2aoNEs{)c{=ryz7G6B0O-;;5 z^eo^N3SIvCzP3jQT1A^Wfk*sQNa0y4%Mf@Yjc%{d5cjFi0iU}CVqSFsD07UEoT)Ol z)T3>o78~q|6oDAeDiu>;XmepF1=U$MKVIEeUO*H|5Kmh`e>?q!SIq zvMKB7A8TytdS5rF2ovadF?%tO+#~ZBqzt&oh7^ZW?$pyA{Aro!JgVDWW7%P@>Lns$ zAk}aMs;Mq0uqv%^?TNTue4pq0PG4M&>R*RRMw1J2wZ#Uy7SKR3oK|%ba=FB9~X|kXM<@Zz|MnKmN)b7guF|*7c%MuN=p_@pdb# zg+5b=`}w7moE7+U4+HhHRjnh^EL&w2$WA?eN-B%D$Ss%ajS1FgAJdAjmC}uCZP*Gp-#v$$McfV2B;V)%|hYbgjMMDGwR4-7N4Ky7c(lrMa~& z7`~)$^$}>a2vJxtK_c*-{b^*HUSMXQ0~Ld zyQ00fBAB9uH0;y4a0oOgT4%A;b2b0Lv_$L&e~KNc1-F=PALx0$*%FfH|BNnl=90B9Q00(iU{x>G? z7qy|v4!Ufnw1#1KiDASnB6S`pU2C-uW03P86z`N%ofT=FoqJO>f#SSAcH#Bw!IS!C z1Y5T=_KgGbmV)u`Q41MRLcHje8}r=SeQAtNPDDz4cR*f#<6zH`t`LP5K zQDtFY4?R~CkEXJB*R-@(Vny+xZ2CT9(mS9Sm%ePe!4|V^>DN3B)+4!pWCS*!6VGWq zlLwH;oLubB?>qMgXr8>Wt~NoYBLRE^mtUgF{C}|H{=(+oK`KjXV5v*2MK?JlGjgLw zoRv~^yC1*{GvA83DR0s|Y3%@J^o2Af2AFr`1Auf=bgbhe^Vfd1kT3yEyG7E|1(Eq=%*BWw%H_*Sj4olmr%e zYu!v*XY|ow8?BhKNmP7==I^{1{nf6#5yv_m#(`{4z_LM2=z!aa-o3F5)sal_#+V^U zu|#)zL?UC53HPTgnTb7V6lO->p`K_viz}of&cdA7CFiG_ijL$@11ZhUH+Zdt6NYHD zZ489p73_qXs1o#mYKkx|?$suYzXB%OanW4uXy#-XiWX6ZQ6>t_Zt$u&uPTb`IAua3 z>_@O0$e2KV?oItU6SqE~t@eo-{d5|K7YBdV)Mkt2n3yra&TaW*CXu=vi$N9^kaCDV zNtir->Te^aQUp4UOe5nA5>_h5D>6N+^e;-p%R4*~3F&9Dp$4TkDHJHD907M>C^*5E zPdt7g;s|`}aL`xC8^Li&|8+P(oy`e85uIxU&UEFdH!GPypj07bg`I!0m|kSqMdoXK z%w#gXLio|~+~<>)%L&#|*w*`dg^*^$t7Bi@OY%wA^`X&44n+qNvhwS2m0m{@67tKm z2Gues!+L5RUPDU6g~iz5Gy)g3Kvw8DFf^|wXAsorJ79s(8}QV(uUr0qiTo{12yLR5 zbU#i`l$rciHz=IBToNWMs>Fj_Lg#Mcbr4}B*Ip1Y4X5HTD=ZW5+^d>YdjnU|417L~ z3nbT)C%YB)A)#BnqKr4LAVsHIGy&I1j&)ZJP%c3UiS>eJCh7OJOW}N<07^5%5IDQ=joSTr)JZ%{=0@c8r$t z*up*LovL``z@5)p5U@oG9TG2rT1H8G+jJz0#+%&T9whi<9Oe&FDotrrrKzO3G z%{kwM(NK9}jGE@+V-^;_gJ?(A(&+#&RT-^m_0*PU-u0O(8wj3=(k4h_ynLK55ma2* zhk_pX`iK)Mj#^2z8lF)k8Lrnlq0lYd25|u|9P*0a{mEQ1!wL3q(wInTH^a(DbiP}J zj4B?tVke(`B^r_JAl4L+kM=Q-QGxv^YhSfd*R$V}5;D@H(M?>g{-x(W=Y_h{*`C3_ zA(VB=7Zf7Y4a{F5Vhbbgf`gX$u}fJVcK!Ng-@98Qc>X$o7(oE;ogx~Y5BJ&g8>eBV z$seC6t3#d5nnGP*ScEgg@i^p$RVQ%cIjl%c_W5r(c8O$+0sMyA(h0bmai_U)o}^l^ zd}+)z(UqvA&`a@Me1TawAqaow0oWjqy-|^$op_=-9MF)`pH@yhwNFgXI8qLFZ+i@u4&v(jLl`8j}WCWIVG((ix8~iHt{niWrJhSvZ-s`KEht zmus9M_x6cB*r3~D<6TzKU^N|_9WW1%a8uDw)PSGbNn28ThMW4^bKauyWzJNo=qKee ziooF>AMn)^{7a(C+DUJUJu@5*18PozP5%W2fh~W{2gX;QS93C$Z?CU5^AF)tx*X=; zMk%=#g2>@=VVMc}f;Du6=mk4gc?Ki2$lyVyH4EQwUq??B`MKC%CoerczpgIv+6qUZ z6KCe*VlncUQaV=b5^)j&?d%4wThl_xCOo-85g-KW16J)1)(o`IU0ody>3d3+_{7%L zJJJ<=0OazXzMM@6}^l;X8hD@L6uJ zd>s&Cc+*X5Lw>kkqsFWdkAKnUuKo4O0yio--rZ;f<1w)@IK#@=nhFJa$$OB{cgyvc6C^A_WH=D=vS^{`>?2iq!i4+WEwz%mPOe z>pRW$!!5p^U&8!zAuqH=>lTGy+V_Rys$+2Cn$F&t099<-c)CtGza7r(ipMbQ)Iq#t zA#@zwU|TI6SO8mw_n>9Ra=a|#8ecPyw7_#pUG`DsvEhA^X}aBE4N?-h1^@idZc(J{ zE2_PAd4C6}iET&Wr5q@DCi^l6P5Wo%1ygUy)TaF~7)QYOYZ3woS+v}F-3O92$d?*9 zIC?(4aXp*i9lguV7NH_&N?aa%O=sZ)y)UUnJNmt%p>h9+96ev6m(&{`;K(P|02>Wb zG(@C9Gyd$b^^MBOKm!Z1;XXd`Hj~anlW)3(RWWXe5eKZ%#yUBAWyV41s+2sF(-*8f zS)n!MP+Na?;1@St!q1UIIN%t7eyPqQ5VgmQfz~PQaX>_67Qq`SZSdygGj2AAecVvp zW?q60b+jeZK5Czw+-CGw?+C0p15aM&l}%VSU5>Gm0z4h0PY2&_nO48&Y8h+S!$Me) z-(W>UxH+EJ3XjX=h_W~IuU(q4{4?%cQd%l?Nb%Z2OzDw)zoBYON60;=Op@!R=Mp?j zP3Gys+>a%-15=Wrvz*P?lrI_&YbGz+jJJdw9S{Tqdzrn`>vYFBV(^Tq0_v*pTtPY; zAMmpa2hD+obHK9n(Ft3%^{Sk^v*g?(NgdrR*>g3jaa2`*s1&vqv(0%_ZT%v(;ZT$; zA}I-U(38#q@-=9;xZh@s!ZiXw20&ZE#ODxIot~ubNsESb9*GvWNS`EzKh~(~Q~1}K zu72skiZ^(bR-p2vZRE{N0Y~M}vOCGkI{+wa$!oLQeg!7rLCgCQ2(QelCK9DbNUVZP z#w6>%j$_m=JIKi=44NlkBKD$#r18&{qzpl>a5h;>lpo6)8&zY`$yeNjI;N@9H3=f+ zG`-rF_X=7FsO_H|toss$)Ki4XpNOavTxY8?BL0~cj%NRfDO>1E z&~@w#^|nk@A>p17Rcz>^R%Q-(UFp6#-{ox;g>FUmrF+DI=I=k5uk(8_!{Q3J(4q=N zf7VL4oYie7r?T$R2htLFnVs$RkBv7)6+eb z;r&fagcJmG2F{-7$I#{&*1{xt=1jrdhM#JY_zxy7APX|V`QTt*{|;}F?#|0(ai5Go zGr)%<=#L^)YS%=kpN{Ktjs+2P-a2wQZhaq=j<9PVjKD{gi>LmT86{cKUPy>R-cVv3 z(42%(A*qwm1YDyR{$_9t-wNr~{69 zUVp9Cnkm?re3VyM+Y<+9nLOV3Y;BdpQ*7U_ANZe}<6skcQQ_lyvwf=?!TLB6#hO?K9BlyWvB=ctrYiBylY9hP+AJ46@r0|U*;Z- zN@P-S1J^JHI8+g4FY7u%iY-UDV+5oJoTg_vd^XeoKf3ql2Zs7o25ob zJ}Y%;giNIEOhgo{+NaWtid&sQQ~Uj^PKGYi2S%MzthBDCV2>V1KDdcIpPLmP+N?Y5 zs_A4>fW+Je=ZIHV#qnQJjgAj6yyq^BqfJwS^P{6?qOp-rG&RSxX8CzMyjgr*3Fj?Y z3sp~>;hZD|mX6jl>HUzK__Q5>m}N47IxD&!UFl9LaS|`VJEy|J{Mj`0L(1VeC&tLeXHhXRjY0nHQP?E9Zy{fRcH!3eQBj z0=63>>4eiQUiM=9>r`UALX|C$ly`m}bB)M?~a>60t^uFMd7AOe2!|L%$XwgjfQ7o>YVA2SK5VUq@M`^R}4T~(-5fi_) zxXiujXK^)=a_Yx6V}S|LrwKL4Ctis^m=7lllW)W*cS1qx5^LWkWgDvQIiuT1 z%QXZ{n8;ECi4=nWma)oA2{62Ozg$5@rp5{7g^Qofp>w$YbB5!l*nYmn7e>BACL2MF zBam$559jFe?`427C@WdXMT(HobITS0_};Ir30&tSuZMH{NdBS40-{j|+zz6G+bXs5 z4_HPe`#&2SZ2~f9en==z(=jHw8XKszLbJe`g1$-m6XgAa47g$CdEE(;G@PVKheO!Q}(Fsa&(RUF``1U`-p*f!mq&-gq7ZGc$S^2|(%Ie%kmSJ{fn78^&MTGLTKZJ{c7E#Y zkgke1oej2(dxSq_zH|5UoGvRtI2p8Ka3(6`EX=Xzjh!Cn^#if z<{ozi|Atf0M#l0Xs59&oA&c9lSnzEg_esbTF8hbcA*dT%iTBF5?mEq-f1AG5HN%G% zh%A6gS(^xc0gFjX#4j^)%pv$9!u$)zpy{Yw7wH=oW-p|r6(C!D?t%)XkP!R>5m7w% zZ4%Eob{__drHBxw^{1jpgd!hfllhviAJz4}s!0DJ#*oy<7smfqP&6|_kCJN$`FDUR z{|NSU6C{=X?;O$@P9<`7v$2e}O5>;bfJd=eZmV-K6VP;09hC_e?KJ3eVKS*f#h}HB zE7@9%3nsFwzabZy$qFT`YeHrDKo7U!vkrsW{&0|M2ZUa<_|LV}IJKi=qJcSP+}Vz=i^Ac07R#DPM7*(!1TW{*&Ip+iH*hbbBvLIvQKwZ zkK(4J2P`Xi#=E#%$|{%fO8ftlcCjrB6>w6v$^L2GrPC6jT_YV@R=x zV=Ez=?x|3d&^QS>H2%E?R%PZ|&uG~?3@gP`v}&i|d#TB5`*kPme#Zg+=_S%EvCG~y zD4-1P_0$>#ec~_DWldr9RnAy|t)^jW>M*TPJvL;`V!b@Llo04H{YYvvVu z>v2&8i1lrCw)uGFJth)(VZ++2$~Rs@7C(hk_6ARGGL($K+#;T|nF_TEj8mB~Df7~* z1sNmq$?Ap6-M-W`Ym8fs_O#bS63wEtf~5hM$RN`wwbzV<5bY zZIwIovG}x0fV7IfbiGAzOb^Qj;&-A_;87a@pz(W*a3Hau;qW!!91oWO64Z z)#qDgqj=7Hej8uK3k`j^mc7slvjHPtU`J0aOdP>W#*kb)W%)JkSd`MHW*CZj=Ckuc zkpQYZ7e52q_X7(i4L0n1nD|DfR(6Zq%+56~q9_-K_tMz0^-1R2Z|!Vw(ws;(YBitk zpuPGDnR`P^@^lMb{M{RZk$dm)BSngn1NG#NJh>*!kcK%|J6JBwmOhSE~ztXjPf zO(r2&G_RPO;+gu}h=qBMVe*ot9s91O_a5KChxnow15=MZlq69tbfA8=p>J3Jz4$B= za`KPu-mFTU18Z0z^MMrrYHU8p&G}B@Xwkd#wUT^-Ph?`xW=tzadSoOp(6V7whLb*N z5yuCkza_X43rg+oz~cIOcX3~iGDIz^Gd zIbDA@0{OfGvpqa|2i!c_w|4~;i0(>^p(0Xjp)0yktEbWRAoy}6FxLi`e#H^i2yQoO zEyZZ$A%9AoJfVeze6O;p&|@&%o}c^`8kks#~mXLv*1Juki8hAK_}w}?JQPggE;W* zJC1wSLi$1cYtkC_en!75q&kZXmdMSpl0PsF^if%ukYwrcqJzDsia}ayrzCIV z14Qr)fd|!cD|J#xrQhTxQ{A1E+kW@Du&5vTN!qEGF;kTGLq_R<5bCqqf#NwOE)>yW z!z9&AXhiPF4Ed-ePU1-Dl52h1y7J@ON5kl<4w{{I*}d^CUZ<^yTm5SRv^_VxA(Yr* z@NpCan=+s5$D)t*?%L^KJ7J{9IiBLDsIh-<&VrFmxeTJ{3JQ6HS#nwS^@00did1BY z?cWs@jv7HEp%t8O})vc!=vqyCE^%c&{BT-ifWZSrg6-(s3fNn`U>{x&N$|;K#Hc+L*3v;@;h+81bBB6&JFb5W5B;E@k*@4&p{=fx~A@%hx z`s4x=*sj`a(%OqJRH1^=U}7=B7t6udLAnz844R^R@tBbcOps*_PcIOD5D^%~rHQTCFq5dan-5wCYP7EG0Tr)1$%B ze>PS&p4j;uJ2QrMqh=eHXX|BZb$1?Wiis;A2Y9~N68Lzyv+sKQd{VmJhqgc%1DYdtKHlCV zIGS%VdQ{HLIa_)^HYhlENn3RE#CLDs-uPPlORDXs1hao^{Kx?!P1G`5TGJRAaELVI zvwcOthveR<5gv24-XTR&H1JWpGd%474$A9NnmI<8ed~^vmew8Hs=tJ+iHQdS4jME> zzVq#Q^-)?j3Fa(pFNGX*S)9TfrZ`-!`-o^f7u=D*5mEFVUOWXKM=erN>^v%z#O8AA8Do zi?jI17=D~mnN$?G-ejJUReMpMBaqHY}3#-6RB9J7VWjk!m;R zez_Utu?V`xYyG@cdLt8JWO2>K`)l?p^mtlA+pP?~eaxNgrrQhM+6|7(FBxxcoz)QV z$NM7T%yrH26{gJO8+d@d3qibS8?XD%t`g=jrS6egrbVT0gKD7Po6hmD9o2ZG28N$8I zRBRpF{lT4nx`6!E2as%2mmY4m8#nQ2H-`Pa3>*e2M0286(i()*KQN-=+vm6$6IuS^ z0Mp7lVy;#Ar(^WuKFzsyc~)1K9bJeTdGQ>#{(viG{HI;L2)au^rz8t;yks9Dl{$|6 zf_`;`UIPwV_sA($c>M+;VBE7YC%9MDtb#isG%d+VX`b z@~0uwuDijB>ZYD1)2*hgg*!e*FH`*j=Y=`C&{@j^W=O#I1MFy*Ox)LI&n5M5{DH&s zb&-Z(jq4C|%@GSQ6v<(BOF5kW#zk{eV8XRS&sc~cW%dRyJaYCvykS9+!a5hR#DqrQ&S+DxQ;KX1%o9wj8fykkPi``I7b`aZQ5P9VZvRU} z$8WLVmx#i!14Cg!xnn5A;?5d(GxruG99~R-7kRnvX7C3H$eSnKPbQ@{=^!#!FR{t| z`NkHp5ED%}bep4JM!RY)=3fU-TsTxupA4O|WVQZ0+IGe~&QO(ssjnCG+npY6)YLvIWCmp|`(#GM%0G#L zU`_CS zTgh*x(QSnZ>0KTX8{lOwo4S;W#4NW~nZ-aQ8Q4 zBB&r9>5F?0)8W(x9TfZMz&H4X@~p9xmnXRLB;IWlo=2~F6Mb)}g)xHeMU$l>E+hgk zYS0A0ta8H>EfAP~q-!$c+1`XIOmI9E`{QYZLiqX4#JP&VeQo2?C%O~#<^7YTx%2E9 zWqH4=lKFT;navVdPB|T;V@kObbJw$thI6Jdy(lm*q zt1nwP1#FNbXB}_$3w*rUcm0_XBsY6I4wD07Y%g-8iYj5;%O94<-4MrIfA@P(VGGMY zfTxYpHEU`oKxAB-kW6G{KI{FCr+6q`=L)Pld9D2}Mp_xDSsLWXVs+omhN+Jb8Qlmz z+oS{%n?Ii~!74r=rnra9{teb~X@r+Dwzbcb+(UI~`t4MblINnr{HFRAQ@&X%_nsS2 zTs-bq;*Yp1H_F!vuhccV{7a8#g zh}~%zW3@a+7KulsAP>GJUG-VZKanU7X3y2M5*O83?&YR znv#2os)k5E-Rp8|V?$eD8V)eAp8N-&x|~}P_HSF@O|E3a`pr|vHaCFgN`;@dKywz# zk9k1(WkkgS!`l&KUS80QI5WTSMJ>QV#p&E0AC9WD7sL_Z5a@Mg{|%0cy4~+qh>Pa= zK^3|ep0=_pLx@Y*_t72m^T>~ zt0DRszrLxD%{QqZxRbpRLJjQe$4ZZ;KocrDmI??6kq#pfNG+x;6cv=x?#M`EW&AtA zkh2x5-|^$55PpB+_W*We?C8dMXcn-}B*kORxJv_(Z%4%Te{fsAzn5&Ijhgn}?zNFx zH9DVQV~c0$flrIveC@M`DTceMS-t(I${U%CR>$4IILuT`GCfz09QB7fPCF4Lzx83*3V%haJ67VD zlRz38C>Upvn}+#)`XmHZeG9Sx*~(zS!Dok)X}4t=Pno;UBa11GuLkksbBMOI&#Q1z zP|EvYYn3^IQU_iXOFlo#{Q0nRO`3!+zgH~&?{Mb_vP;q=jrDz3detnqa2#l9L7gW@ zuKB~YW6e+xF8c!p$LTS+EHSU@@@}N?ZNc_3dkRjKY6^TvEmsS6^fMBlw%Uu9mxj7T zt6;p7a{76R3m?W(_i!^A$y+&JFjrC(p{r}0O*nz@M_liCH}Rv?cuK+yBB1%H*bfJ^ z@oeWY+5YEagqI#F>0b~#Wkbimu7NMFyv2N&GsZ06TG#q*B~W}EZTwI31mOQj~2SxHy(+HI|k`-+jJL0EVGwx z9(;hhCa`KgsAO+l0?+658{%UYJXXTrX-md^toF>0++~O0#iFP$_c(eq31ZB##OGTi zbCMnB?j2HL&bzi#UkwnNS^Lqjkh4BRV2``JiIdz?Byys64`L(@gS$vDLcsc8i3seWkaK=I}RC?+uuxVXx8mUPg_< zs9q5es*H%BYC&*{l8{si037I=QQh#p{9F=K#~;_Z2Thp>Wg7ZphN5^PaK9#FwHX>} zK*R_;Mqb*zvzNAF?AkP`QfJniomB%_JX93DU2U?+;*IQC?@A}${irc45hvR%ek@jF zszGz4(jzC{%$Hof5@1FBPLG)_8*J%bwq(e)ke+T1^lzdMBW= z?1iGm;a;)pBzmH^AiS;2xy4ndQf*+*>5Ulddnyex8JS#Q8c`}!oNdcp6K(F>@+ZD7 zSJ#ljw7{1;1+>CM@Xct3mb1$$j|H=`vK%VmXou}#!3+EvNDuOc8?N_Q*@&m4!^hoa zA(O>47+_Plzu9{%_6YhZB|d2pm!`=tDe?HR)9Y*(*EpJ&}@qxv40~uF}{6R%JiA`_zQCo7U3;yCtP7x!$^p zk^;Vaa>PswtRTfQPt%QE$;F;saXr}Z9Z@{7s$!|pr+RZfP`2`t;gNGD6tB8aGRW`y@Lb5C0=h#Pi~PvJE@ zdPi3+zX3LO>Ib>;isJ2o7q;rSFNxmcHW>Q)UGAUzPkA<}d^GAW?7H)OIMzRw0;v?0 zVIsiQ-5f5-HqfITJ!no{c6QoYCaETB&3UIvp^lPV)!T?FP==5~%4Mn*p16g-yGkzi zgf6{oirI9rAq$_}Rqn%ob;tF>{miF1T#*VF-2o=eJi>VvnVwJ~6aW6m=-O1|$RjSF z8`3w_UcN*iOpUF%t9%rFuAL(jF6mQ>;B|8 z7&XwnzW96a?B2tFu4P!K7n|dq#k9L;YT%-q!N6|CC z$rKM24i;o0=O~Cl!c@73GQ!DZ$1L|zCohhCsdMx+#Q6-@#0bMyULV!YwOo1=&VPLf z%x!=E^*qpy;G%B2{N6AVD{j)b3o$)MrcX9~M{X39Y{BzV@nQkoxB{Ni$w?sV1jP8> z{4>F;IIL266jKDovCtZKIfkZlbWQM z(w2hjwBI?aiG}y|53|=s?3TB?EY}a5Y=R`ef^dCRew>0 zI~2H|Q~4)Ew1#+X%o2Aa(NA|j+a$iqXNN5FxyyRUytdbSXo%Og(Caw5Ym`Ob?k{|g zpCX__xPe1hFWmgj_fC3a0*iSJe~%V_ZW_lvrzP4R)V28^(u z3&Qd}_59@tT8Se@TBf)v=k{m#miL1Dkrprz?0%j!8DH;(tpS!u>FARDR*ds7=td<< zu{r$4?~fN)W4r{_yduvGd8(wLS;F2laOV9CVch)zu;aM84rhWMCGu-=1kEglR4)w7 zk4^Ds?}!5|B#t;QjbD}Ka26^^q!JLv6CJ4AK#YBm|qah#L2NMu!O zK9_IF02d89i~Fa7#i($2``J||1qgYeqq$`kq?d7#>$A4b#%}E}3nV!nPE~jzG-&vY zti*33EFh|!?t0bn@RwQAASmC}I`QBX2KS>H@wA7$KON7MFh9BMg`+>%;1uo;=74*E zb7Bjajp5nUBFSKrP>Xe1IMYH(ZS}l7h1a{7TR(13##@n|)|_`Ds;usZ0bmvMF=D31 zkwocYQ$40nvS1LrsZr6bgQ z_6%2rp`6209MvL}r>qAOxHiKC)3!a7lx(~w)ubYD#NlDETmMcl5WJ9&LbHx#_559+ zOhYlz-_+aGTlYYuVWd>02gbsSCH>VX1E3Af@kQfLVLziQPRpb4(5MStQ(%fQWGlE6 z-1t92Y8ZT6h?|fRnk=-@>dGu%y!i5~2;K31H6U6p= zgnVGjDZV(L(>~ma*3B6$frGl0_^8)jD0cRpSoa+QggkqK(CcGy6MSO5a7Iw?^3U@ZL6%O`h8gYU$O`} zd-+Hq^dna-Y^?RfIRQc-#M+wZOm|_$V`1Fc7FXC8NBIHM&2KoKT_dcH=(kx0(IbixFu`Vz`VR>}}K5{~?GypW5> zU4HPVqC~=vCtZH;u|r)&BQagn2^rrBB?Bm?*llZD3<>D>yHs4=n|k=piE8LwI(gsZ z1#NHD3SrOYA;LWVNx@6&V%Xl_+Qg+qF@3lsSO9gN2annjlaKyba$9k`D^)?QtGP`E zIGBw^Nqwzz_e;W6Jg4e!c1Fs)DUMmEyX0%CtCr%IG4rTf`$Tv$gz3}m7;VZ;HB%Cl z`WTo6eo=SpBPr<%B3;8zlhw~*VM>b=@X->1B1=?j@Ch_Vf3~M80 zXFwk*#_Rgm+Ihr4p2f8}?C1~-bnl(ZH3soDuV)YL)ys?=&3FkVa&K?PQp&hEbPfx1 zruXh*V`uL<@4wZVlSyPnu`2Iaf~2?6Gz1G`S+_jO>2KF@@>1JwEDNW;360}2HAsJ7 zuJ2W!;2kKg3*Q_OJBcVrid~2)5b37sSOAng$dm+WWg@711egROc5ZC8=0NLOv_|Th zp31w1b6v4J@;Es#1~qM3=WH+g@UaoLvc4F?EX^736S;J!$urm)HQawoQ3eXd{2j1n z>JhFwO?9f1P4uL7zW`;Owm7Gssh^$Lk{}d=wf_~X7{tdXZ_2a?F;{|DZbPNX1_J3b zJK_3L(ARvu;`m@mKHC%frgS~~#5n5*re4#q%*f6r6J%MuqvzqHT=<2vi6T$Tv+h&` z2Km@^L=+vw`parf6Qhrr?1~Tp$XU99EVK4Zf1%im+|OxKCB(i^<~m3#k$Lqu=0%){ z%~l(q`CaEULlqUoOdX6<^U}Dp#{=#sSfwrGr4+v9Clo0^8#X$pQi(e>H>F&-EypU6 z>m}i3l&$P=O-5QdRqO zb_M-{gi%^rB!+*81;JJb%RkYjIfPhvNvuS!<8iF!50@lD1v zNy(UFd`#f7N)hW2i{&+l1jy*Co+s#8K1U|FFxH3R>ZVlnL&;wAkGzu&9G&$3-9LLk z+daXPW_t%m0KMj*(wKBUQ1QMzEM6D=e0*CcwF7TRS2eGx#hW@d0+kh1GJ`p}YDhkP z$7AY=@mo6zPU0J?P0r-LJkU%|kUhHYn0K^_#3!$dBW3w0q~@a-=37DF+3qygc+qz=wP>~6l`)`<9Q}7 z+y34{Xd7(6M1pM)YiL#@C%l3k@4ZN~ZcV?vkBx|>p>TtG8-rS!*zvaTH zPtUt0HG0;i!IS8Gk$FC)j{yA-6Q2t~88}*wD={M1qF*{*_;PWpi_g?QdTp2Cs_hw> zS69T9CZAJL#Sfh?`XV*)ZGTdLaywOo+S)%ylI$F1z~=;3R4{1BRC2lKyop{(b~Pq0 zlVjJw$Th@?YU8gv!gKZe$bDvC(%JME(xhw|F#KD3i3f`Tg_lCUrBd{RR}AtfZi0*$9-F9Hdc-#PSl1BbMVq#WhTyXFz~bb0uaz-VbY8M;N%`<4t$BU-M`85w%B91#2i4d3IT%H|AS5JAX9=V{^xB7G^+q)x$N?-8C|CkZah7jEG+K7 zV;j3Rd#7p2#a8TRzw}&-@;fiikvo3*GgKBcY$?s^;=^c@C$cj|NH2plfrPDbaBtRz z4Rp3Jk@+&S^rY!F>S41w=V6;AFsvJb#XuU57B)2eaGvSr#BfzFG0eZ9Pj(ckNP&9z zyX6-tVNWfC5aSP@w0{$%{0GCv;iGhA=&phns0qkz=GZYwB%a~(i#%i=62oVYwW?*9 z17o#jQNH-sOb#dG^o5Y#YrTn~hc?GK97vjWq%UkpgWieEN{r<6k(u!BkoQGG+V2l# zDRP2R@FI8O?JX%*eGDhZqJMMavR@`PAAz}P6@ZAjmfu^!&T7tyzK0ST{ zIw7N>r_R%-bo7L&h}poX3-VPP#9SyTgOk76b#U|fNL&Bbu;Z}t|gRbV7i%Y(}rDV@*eaU3Ncb8{g_ zGyUP39$r*2d-zL1(`wUm{(aw`CF{DI5_U={HT%z9t=xe%i|ft1JCBXo*A~3hm+O6u z59H*f_H?-)Zx1K7j1}e4H!H;56~NqG>g!l!?a|C?#R%poB;0mWuhFrY8+#h@b4H*S z?0p5cREge5+-35iM3pc_m2RBpJBQ%CyHID-GVl72Yh`iUzcoaAyu^k&@x7xHy5Rhu z1;TP1KH(*C45a@GiX?kc#*dlUS5eOiVj1K()G0pVbdz$kZ}tj?Y7I`}2>`uP{tG2- z)kA{lYK&-yalHAXr_ z|1H1_z zwD3QyzeEdNtKbmkyJk;bE`Kc>yrL)^JdwCCl#r^8HE1_Fhuqg=!*^R@43op2J7p)` z!M#6}%Tc~~^a$|AwV}3X;_X_q7`@<3(#8@S4$F-9OYDB8xzTfujI&O-ct-<{z1VFP zx-bvw4i{*}H8qxF0lDJ9F2*GdJ`L^9U2B6saBJBa6FEqH)zfeawfD5fTC|B;Kxa827vrAQ`*XSdG zdU7QP0&nf&-(pI&oSSZcYv{`tmjYi&Gk3v6Alht0QJLTsfDp3*6WR=dHAk3g+#SAD zKdtv`>?iij8*VuPS|1bv`GJlGIJE4bf*ExGI2FkrYY_2Prq_Uyg67-B;O z3J5iHx%S8xm`9wK24qgp&LnBUvvO5bc9r??>xwOj|Kxt2?pm?fpq^;0<1f$_C;%w-4 zhfEB4=dgaP#&rg~f*YEb7t&4Q@kwp>mwc*aIN=Lpxd0&x&FaY_7Gd#hnMzW6_jbs7 zo!s4YNI_znWHsL4cY5+aFNtsESr%4&{#^h0s2(Z%5XU~L(Sr;E?g}fOpZT>7B@B)h zj3+yweHXNsixvqTdd@AH!N2T5whp$Fdt%V7U6f}nP0AOq2J1b}IMC`)V}xg_1KyTE zn6qk7T1pwZ2~$zHHzXD=9pxZ<)#W@cwf$qBzZaqM?Pve&Fj9Wx_m?}1P50iB4(p>+ z3hgA+jS+$S*q5*r!nh3Q@EpSrg4)-UnL0b*)AyZlfqys}6G}MIE5Z9SPkKo^ff1t& z^hH1$O7}Z{=-=RvD1V6<@{Vt8fojw=MROplS7u%`-doWk$=GOR{ftN5ripgjHW?~G zIj_W%33C@(uZD!eduO7~kE-5(8TTYn0w1p*MqQ~KdG*be?=))(52_yes_PS~$8zd` zpoiD|LCwEuD9iWUW5?9KT&_&E2{*Yu9^3;eg4ZX<3NDkT_2IBZLA3khDMRAK*WnTO z2ME%IpFN!Q-Kqz+*K!(z;0Dkt8(0QSKJQv5j(KwgorSI6&(kdV{~|KAiSWe!h&!#X z!K-GLCg{6PpWJ7%zac9;!gE6B5v*4STJ_8n2NlokRb1G$heD3-h zkgD3}H;*e3U5d*KpJXkr(n@2wSdU5K()@M_*6zDPEY(^MX)eJx@Wz^dHiy--3CoCw zC}`}}e|BA!&G;7Lkl;$dH4|`21m=}_PMoAs(!dZgm$@I?5n=7;x8HBI!qL>jA88gq za*63g(-Dt9VGSXpDpOv3>ETma6xtG3x%d&G_MH`@)NL)vR$?sO{ ze0X%CVnqq&KChXMy1-6T_9CiUq&py3TZrjf;c}OLyX!E>@H16mS|w}my?G0quIH{+ zQ~XXeUsi@`k3!DmEjU_l>d zPTb<1QJL4ax8=<*C*1&f&sR!2_=q{h(kdF-uC_dyn_*|n*SK10kF4Z4*VyLp*u__7 zoa=}F#iDH@h+Zh@FN0s`Z$==B;~A(gLgZT6m;?glx2K_-b*Zbfyb>g;?@)?=JsctMn2#Z@ zlEf557CTcwFOUcC9j{aKspns!(uCMz)eKe4PyOPTZ$52O4e2GMdi~sQpz{BZ^=yf{NO;Z$f*#2CFhR zCcx=5N3tw&skrjF(0&)HTk$>xmd7IG4M4eeWmS>!tP*Boy2~pyzfxEp&lINQ=1CeG z1cqXS*TR^vg+clyIp_WXz8MnAa*-Ee{=6!~omzpmDKa#Rvi3rpwTghC)PXL(0;+Zox^x z>%_(xoIQVGVPEbLYvJp`-@m*wXIQ}(fC9DWG{>n#qOerJ@|QgVf6H$Riu(;)N8FE= zK6T&94BJCa{gEoWta~*R>q)jb4YEAYXRHTW-;cWN;H)KytPe}m`#z_Ve3xE@Q)^HH zx_;?Hf*^+*d0&J#Z%g-X*{%u4ux?Zhk&he?gLg!ki?H|3clM8Km3*_R-2HB4^t=i# z6$S^pQ))$>B@JSrbZCZMIO~+3I4VKudC>I`4kRwf@0EQ;71 zW_0EreFi+41r5fT9(URaT-WETw=euFdOiXELm8|-JGdMPk2v_l%uah)?%TbyZYFO@ z*`-oyIibOIk9zX1*2F4pPr|(CUd=)p&_G?=UnY4rE~u?{zr628?s!&P!H3ZqMm;k$ zU23c`h`NDSC?F8@(>pMJxy>yn={)8Wi-Ze>!~LR(#~553w#{{?@K~%QRdtxOgM(n` zXTa7=ly7B{US?6M2YvqO9(i+c3`u|8~v-i0mJ?#G?kPg3V7AL{z21|x3Sf~m717PUA z^}DzszacLj{(~$UaS_` zn?I@LvicbDBV>_e0vl2UCHAruVB9}GQy?|ujbQf#ai?OGK}m7mOR}dfF4A!^JK|J6 zS?u$DS#@O*Nk9aKre5z$;;`Syu|Ik>g_Q$eE2_m}(?3*LiaJ-Oy^;!ofG@3OW1o2> zB+7PcYeu>!8$TWqC6m{de>$AsfM2ci>2`ikpEZ6#9>zAd7MKCPU`x);fZR5_u=GWr zrB;3USn-I6ty>_^YFl@xWGvAa{?Jbw`u+0E81oF72;*n<31SES7k-%fh>;h+R?W{6 zaOSwBbXu>%f;}z7d(TptJvoW)zo%64q8^Z$w1%ylka=Hu^%E@zHv7ebm)qFe{o$-d zGTb0q1r^FLe$VLBX0e531Kep#Z(JwJk^EN1JkQ9^1N~&X-wx<0OG&eSL1Wu3th$E| zM!NE|B%o}LNCjO~g_`uw77a-}ZmX-H1RXK|6Q0KaO)!l?Zf$>p%%bz0HIavgRT|Jg z$U-q~r#Q*gxeUg$;a^_b-1Qp2OA}O2p}XGTPHIy&t@81I#SuaB15LMHY5j$!#T${= z{P6*ydDPKA6X^l7Kb@Mnau4h@X{Q~*uwXcKyIOni zn87EZxl#{)lLU~fEMa8WcZ5d=CN*K7svyEftpZLr?UH7{jP6AbPAK(K)WKhXy=syW z_Fi~l@$V&9X( z8~(sKEN`OCH~RT$^&rq2?-V0sxObfq!Fs(}q&wyg>N!II`b~l%pT63soIchpHho#{_v&@_eq1)B; zHP#FDn|!KL;8zvF{FzT*Qcksz-GJO?RWua$2HSmGDt$f2usuuKx~IzE?Y*U<{D&V# z9e4c*xP`oDaRI!=w`pyiOm;d)N+a%^6VlYrei}?`Pv>`AT{$6Pgg+@&8FS1D6({CF zbQ5*;)y0r+D_e4#A1nVF&^HPMv)8Lwjbh({S9?M>%6Q#v;WSs)ikh@n8w_z&(f)h|G?blZ1U8p-N%>a7~hF zhwu570$7|t*bmiX{fJ=YO*$=q6IVQ1!C}uLngq3TB^=OOd7(Ux7qGE22j<$ z{1P;Q3DTxIg|Dbh0KMi!eoS9@#Krsmb=o=A&OJ_ z&lG;ND$ErdX$jOyLQ&Vb#iZdyKByb?8}_N%8S0rtK|F{fVV$5wS~k5y5OF zx4&$ZxPd#d9smI!E$A^5F|MFQD$sC((-L`uRXDvX!E#R+1M0sOY)&a=)x+_m^0(lr!L+j-yDx$7SpF@Xeo`;HGBlu z6&Gc~?0u^M5HdRrAFCbN{VU`NsW`mD!+TF>MC49WGS=5gQZ3R8bC!pzpn&V6zas5v zat~_>-Pf5vDeJTOc68sC7DmLoK6;7zad}jjXcXE|TsL)FXeLjaQh}6%zO?9RUMmNS z0|?OvKgm(km(A+*{26)voGF`H1xUIa%DFcbg#l)pxqD>~Kf-O(m#q>>9xOnZsNyDR z+ew_LRLz4?z#vnSs2b%76zM-!6BC1TVA{K#U|Op{dFFe&Aggrzy6s8dbGYZKgVM1Y zs{IrfUm(UHPrzpg52Vm7{2l>{gc?hhsWvhNThg7-MNW=&N#e(_%Pht8)Z|jxb}VVix}g#h7H-7!pL13ydOfN> zSe;)`3-wzFH2got@ksbv<{vr9&H$JUoA59=bD@eeJfe9!fU9I>-4=&TS z3m$gPEGzRfcbW}i6clm7H$NX>FntV*Qgpu|F~{lV>F?uDQ~8HS)R|D`>g{0X4x!r7 zB^Rv3E9`QS z@#_Em>B>(C_*}h%7OYL7v(tvWoSv_`;Axn`WSIjz)RR>*cX%c|-OMlku|CmRXl*zh zHo)DAq{%(KZeKXKKu^Lbnp$PU{E}3leDOsy`K+HpmtdO#YkFuPS}shw{_uHBP#_|# zkyppR_&7|6$MF63^|O}Y3Q+brt={^`cpvRF?mfW)l9VyN?!+cS~z)YY}UVTb+KLNV4!$rAPcySQo4UWbIoE z8TbiD*-)M?FhIfl%~(#&)cWOf~pW)M67!0g#eGk*)*6QK6lo{W`_&}VS+ zrG1GNFOQd1W%g;uAl{ibZT{a`m8j$%V#*H>oLAjIjGd-&e8B#ixcT<@aldZ6fTjDV zG>uyhSI67qe*C7)x(ES2?RNxE_wUKAmZv8`rM>3o{kdOf^lTNgiry3xjEyIz&^kW# zsev{GPoBLPS!n9|i#1E@8oC$VyO@39`ymG|Fu$IsLs_sx- zx^pq2Uf%`r6NtS0UOdR*FsaDk!A~A}Ub)T9!tBZ!Y^u7Bp_aGF7&N!y zONTCKT0@fbMScS~uC_lqe#S4ifBDqFe8}r`N1CVYb+o*k++H5;DY~D(U0%lPZ}>is z`?Wr~jr{D=)AMNuc>$n@Lz~!thi(8%nHBq#E*%(3#@BbYa7&MLI|4~R>U%!6WVEl` zFupgh0dfPjj}zh4{)PBCX;sDg(AS><R1rbX*C5kh=9=z27cw`{ijE&8vX-cAF@KfpRMEq+|<@VtgB$%D(?95p8@cH_R2Kka{; z`Y2B+@B8$k^S;WTI9|hO8}xZK_+{?L+qiiP-C-XPXLJvre5a^A{5}QSPGFAYmMBG9 z*~WmebH8jymnv@LZT#Y>;&gM|lE5V&G8}l;`;#ic5QY4#X|`7mosyiM9Vh2gtr%^1 zFaP|E%D-_Sl<8-xs+{nd1mn9|gXp})?mt{LuP^#^jIqQDv>t<z=Mp3jy^(UB!EelKZ#(x4v>nSE1w zBSi0?BnRsig=1I7iqwkQp#xgaA_1oFF+D^^Hnry(099W#ndI~rXFXn=@tNaKP6{k; z{80q#m<)WLAMc(g9U~SuLPFHP(GgHb{*SbMn&d(l$_IEemyPFpt zq^FUGV$p!Db7(*BySbEVqUx)aqp`cG^HX4NfxAuc!(&1Kcz&FFKpuac`uhVSKyma+ zV(MurrxWDz@bE_Ec6U>P2P3#q^D3(arkT^Vu4jBT`5F@-o7F1Sz#Zg>=EQ~XfD~ve z9;h=d`T#&y>hMb^&eyYN^5FMux6Pjv5FHdI8GEN(ytFN{H@{yq>&R}F&8(;?SO8dC zIUhctgR==vH_zv1i9h;}b14ysZqIiM8AGavta{ zh4oXob`!Ibv#M5Z*8B*jNjZE*y}k-VecGaX`rwqq*LC#@HhbJeO1+@Ab`?t0VqsxF`fm# z&r-C)j4zgPZ>7{(daP%jl->AsCD19vy!(}yE17f=Ip*JSFgOS1PlZ9n={Nh?FYzjQ z`9++NPqO)+-IN}gTCeJH-yl>#VY^%e2=7QOH$F{q?Y5M z$Yz$tZ(#I>8Z6Fi$2Y5M_Qc>}%yp4+o#d7$5?Ci@}cGTqP1w2ESZ0Tgki?EHHxp@P!b4yJJ!4g#Um z24a13r0yX@+B^w{xJFE)?P+HXk{^Ur6bF@Id1aozS6-D3C`(7s0IR(eJJd)bJYg2~ zqAKf?YmzUn`ir*E7Rtr0Y-|tLkQ7o?p+d^|NN(11Mzd!)UBi`05E-3tlq~#6rA3V6 zx;d#@ca;lq*>wtUs~dkY#q+}ojAFkVR)k{ZDXE1Mij2x`$Da^+Wk+hxf4a?65LR+4 zoFF5<;G7HDm@HBp0io1k>nigpDE?8Aqzj~a;9qHO@^R$;;2e(>6~=&HKvX&__g7>t zp~CQHSL4R7*)8jj`uh%*6h{JYJG*#Gj<@!G|N6ds^xvKSI2_tymE2ft{&~mE=a2f9 z>*}s-WtI1-V!&#B@=f8{CvuV5k9y2K%R7L_D>hnbAF>G7;`cdQg%*05vZEY^XM6$0gvZ~8NuOMObJwlB^7p54SjD5EB z+(~L!%Ss?OmYz$)Qo3BR$ZF4YT**YDFBC9Rub?{G6=+TN0SN=1L-lK|1dIGe%hQr+ zp;1%XZN~O2fXnAkm39&l1w|lEG{(3f<>IL$@4qcQsHCo#g2b9A)}GHidOtaGXwjH_ zLddX`T=Dz6NbfR-SuESw#eb(LCOK21t&SSTE*E9~3LUUvXRpYBF7VAo_rK;L`Uw>f zM!Zu`%Agn{UDo0d(DgeQf5Nft0^?02?x@|K1ULZuRru%O_tL*<86C4COTR@Ci6)yQ zSmjV|k`pDKnJ~Fr7ETN0C^H^fZW}qz5Cyqp=uhFA`NOoDsi#M%9nMt#IRxqtY(=c1!a@E; zLb39wjzLAga0+Z!$-iqO38f~9-WC*y#r(^kt1r>ue509ePG#3R9^1@xkL} zyh+=-7i{6m+r}juRHsTg*9y2U`;{hY-Gc*XRnjxpMhBr|GT#r)L-KmS91@$)@+vH$ zOQIB5<99+gOzWN)_3~a?2PUD-^vvT2Xt4dD$M-*`Hbqu+)9ZOD+Eh!JGaqQBl#`Zy zaK9Y9b{?+kQ*VdIW{HK*&kzFd$-%hlJFzZHBdw6_T{9t~w}USMoW_%x*c{`uu}{E| zH?2YI|3)kODou6s#rqtqi>2gtsSM2&ml5@cWe>?A0rS|7-xhJpH7Vb-)`pz)D zJ^xPj>0j-Wg&tRJ4f?bD8I$^ZBel*|27A!|e7INgtT}mM&wPw_;Ja+mXVffsXT@E_xW15*xqM zb5}%%)ZM~!SCUvF!feDQJ>0nc3fH0O=G(uo3b|>n6MS)FI?w5Mg6pC_c0CP_?|aG9 zBgOkvCVpvlVtxD5cdw*2pQ<@*BpQA@$4tJ8C(Go)lBh$=V?bTP2lqS7dHcL~2HX&u zc#x@c^CpL#%TBj4GQ{S;$ir%%V@t%Dq?SJ_4=WC?8c=_d49?A** z2pkMty!GZEiIJO}4vwBu_U1FBkArZNEYOgB{@>pCpI_)-3{1K-jz|@`n zELFN;!aV-$jtd-IGBXa&3^`k{-ahst4G zlFLfAg7yw&Plc zcT7RfFh(h1v(`bwbuv+>{s~8}y0+c(&bQ{}Pt%LS3$A=GP1ioSIgNGxx;J+s3?6v! z*hSaQW%zh&_sLnJD^hp221}|IJX!H?RmGn?{jAj6?>1hOX_wypA&c#v?=|U!pbJxG zRnOxwQSIBhwRf`6-IaHHZ-19D`(4ieOKFMU-<2`t>eIifGe#M&J>jbR|NVdd0B>d% z5e5bZ4u%B&lpX}4m ze`Z&i9)FL62kgMSdmPftvR65#$DQYp1g^3qn276t}gO$G*D6q6p^ zn0^tY73A;tKnByByVH5@b4bR491s>@zkCHF1A`Vb0|P&bwyXCz7%Fn~%kzt}lk)Sk z^(u06(Cu6uSERQEsHvBUfk6sI^Qs3N(_i1>ke)v8KGgMV?*na~_Hg>C`y8rl&mM6A Gl>-1sXyb(d delta 555047 zcmY(q1yEdD(>0s`!GgP6Ah^4`ySrO(cR2~}1lK@-5MXe3cbDMq?oP0Oa-a9+et*@j znyQ&T)q8iZUZ-Wx2R`W^PeOvqkZAPnr~nOudEPn|4f%#`Umt(%T<-+3rDBvr`az?6?^ zIp#oS6R4H*qq`@ZidG<)GTwe~7&j4-bg{|YBo$ae(q(A7M`9YiV%I=v*#5GGjOS`P&s0ln>1^_2l1U!9_ryo-#I0*ZdE z*=PhN?U{gLN$=CU!l>iA6`%(#j$pDXKS=zOba|Mikbdv*&2p#(+G*@C*4b07q@CCC zZl8&R5X$z-_$o* za!=1T+I~gEL0npZJ!kW8hZ#YCPcDL6;PGLP#}7r z0$5_eYudddD64W&5Miy@@CXVoX4y@zo(`YS+8lOg~!?&{@j$A>0eQN%F>|&m8 z{?UI&_ac^f_B@SyV2>D`I?B4l8#%JJWbp^7k{uT##I7 zZE5R8p8Y~;Q;B*YYzAs?A98M1c#w$U)VY3npw+vU0AM}%sfQVjE>jRj1_TmOao(o@ zd=Z=`AKIT~kbb^6@bmDOWjA+Tzpf%(eru||>d^1>vZE0)LJqr5LmbrTxwo* zz|XTg`C0m_#%*kgXH0g^4XfD+&C?%Mv~c8%KZ( ze%alWLC+~Hy0Ix)OG9X<7P_)2K-R>B+KK?-fU4J+P#WD(iJH9x3;El!;u8S#z8jWr zoQM;u`H@@yC96*mt@+t_0lS^`DOKnkexb;`|u| zZH83YyoZsWvVroUa*cPT`A+v>(@NIeY{NVVzOHBF6~6Y{?41ejy*@qWaZLJN0S694 z&A%RZL#rKL=uSMo4Sad~$`hGV@HiXi%==k0hUhav%TvRAr>vu2A-Uc_9P!IT%v|Ui zZI*xKHtnqU&0HngYz6=m=f8k)vvDR!Y?giAYoF>+!|#Y_yg_a5QV$S1+x|XnHt1kvcG~gGEg`c(I!)an5B;X>jzK zESp^CTn|>0WbdvSN05BlnFtxEV7OlgzqqwG>#p7quTnmAqXR5z&9}P0J~A*oU_Ct1 zUq0||U)>Gt5vS)EE?bYg7W@4wy_Kt9ydG^HW=0?q_7F6DJd8Z;jYWQV`ak(+FGr_@ zuj9aEHgBM;FJY>Eh(igC)p#?8Lj=Z$qd>5@d4hoMh!%g4plh^B@V7d-A^ z);NesZ$G(;pY>wDfOc=olgQB!&5%BaB7gB4s)B~voCDt61DPK?8Vaq9Ks4=he0{8);j`VkNX(Gk}YCB}7C zo;yK-IV%y?nzna+AvU=ip_<(ikp2RIX!on6$992w_O7oY8yBZ&x8G53 ztc|H9IG06tLt>~U-bTG!4}8i`!$Ey~Dc|XYAR2uimj;W9-~SC-&j)^uU4n5lQV|g) z8?qhg^YAL)5>og4oi;;mrq?N%v0f083zqgFr7#9P%P-_ZPP9WSH*Q$5rkG>(e(JFDo##RFSr(6G(ppX1 z&{r9>9)Cj(m{P23}}?m&Ix~HOgqpZHE=38-arzE+!!u~ zZ|IKi^d^?t*z@I`(9dAOZLFG{C|{JA8&JSxnnTIi?8=oI*`NTQ@|r==K=%p;%1WkNwLhTv!^_io>7Sp2eZRckRTe^(3`=W{is_g^v{5#Sp-cS! zu@$7_--B$8H+DC*LqYwfx&wOiLwUrdmTtT)dF#NuklR!leyaYeuzr^JV#6@6sy-3^ zh<>1)s}}&{<^^7RO~d`~*O1US%`z!Dt^yLP=M_oRDkxALd9}pCCwB;^cbNa0e7HGJ zZ`DsCh0<2v?cpDj2Mwc_PO1xlHrk2B>Jwq&dAKRdgENb1v;9t5>grm3mP(&H-BxK; z?$v&%!wtJ8>x`AFa97p~TpUIMTmy~1G$W^{xu**JR?91u@)lDomH!yh!$bL>Ro?7# zYH8dNJlYkE&CEFN*Ow4fy{zCxwRUQp*dy^rr2i{LM2V7_ok+;(X|%J)8ScuridwXc z0LtFJmb)7ZgR3R4(KVA%A4c!0K*@>hfPzEZ-|hJ>)tV>rK!UK411u$JUv#D*#zCO^ z^tt;Q2DKsw#7`7G703Z4PKxob(rux?IhZwElFu&721M6#B5*@!RalYB=3Q%W-Re-tq_C z5-(u9IvmN{#qa#oa5&e$%0HMlYXC=YwZmi_8AkcUKqs5_0v7$wBn2~8+&$4@-~FwzttavZ1O1L{qlj4gPvW;$Pk1X>^{1-|0Hnu)U)$_>`c+k|9`uE@SFa# zo{z>DP1Y(K&samdOG_OU#SE8KKR@p$X_~E2w z*P(Kkznqfi6UT{lDT`UO1LZ4)+ODSEbHmHM?sI~U5#vlB!Et4_-?ueQ5yrF5Im1Dq ze6RHMr*2O58zqYl67q6F&a@=hB*Ns{;V;kmUG_=ka7gw-FxQx~sGg;5naN9j+QXLb z>o%4OaHZ=lsah5B4_*;Q647%LMV}WPhu{iSkT_DCq0^+eNoD@54YwgUuXS%<($sH# zX$Wj+8BSR|BYSQ55{<2nE=yo3K!zKqN-PdDqC|e+tFy$x+Y?I+D3v;@p|qJNcY~{X ztt+A(6v8Kl!@w-e&ve($%xm7o`4BW^R7fWhMq5vksd35s|NdnN%xprrG2&p_=2ufxrV}A z`1~XW+v$>A;6KtLjx#(cIi$UA>A&yEx53Be3_)`z8uxFAWirWJSqkRu$5x3ub(QSa zU!}MArr&XW*tb8)VirMaRT&|U@0Fmqx=y?1r9v_1r9_)v zQrlkTe3;MV-6!0P;yW$?LVtovkO(R7tbh7VC2&{C`e!#gV`(4mY(@>dog($TFHjnf znVgrY^czqk#WtC6OL^&JShBq?$Ye~%T~wAD(AU2^3u62Y?B2X>|1s8~XDVIIR!{Gx zC0x5T6}w49zordplF;C`#53=lo8&X~tf=(XVNTa8kiFWI!;rqd&;Y}VKj1R5Ncd%! z`Nz&F$qS#5C(=}wI~F7UG19s796k(9ETxwJ82Pf8b|hk~!bw%Uh4Fa!Z2# zS>O6?@|J$)_I9q;iAIRc=hyp3552LyYP1M59o{xfZy;7MS=@r3h?7_OfW1kCj7Dbs z{?s3mj+A$f@!52$M(~^wfS88B5+v~a{m$zuk4MOQzOY+y=IuXz+j=lXe!_3#a~t|p=X|G;Qs z=X2)Q^}E@*I?khIWx4#0EUEoZ$?Ckp?|K-LO0+V{{A7V($TXj*o$qEGB5s0*=P+Y1L?omgg>q_iKE}QGMH3(M_ zJ8FsB!C?MU23IgQMJhb5 zR32jl)ZYSS4hYm__E1!s20Zk$nwhV@@fl@hLq+u$4U_RYHJl9=HEQ8J6DLjm-M+b`8S}ua*GQE ziMtl11ef_%)uiSmU~M0G^ZljtV7*}}Ty2`YJgdZyVh_&IwHMLs(LS|BF_!{Yi+Fm7 zuhpY|W-h0hnzJ@tg}fJ^T_L90R7Wby5 zKC%!$&d*+ly`X3o^FpE}P*o{>{t2!4*4dKIE9JpeFpoOMc}=zYjb*yVu`+JM$=W8Z zIau^wuNMECBy0g82{?f801uwUB2UefMNp?aI3tKY3L-OF3R}{924fl0{uV zs^Pc5aDO+=n?Z(spxT65AkwEx(f;iu|1wc-^L8pya=zZGKjE-EO}7POVb%g&c4+NChp3 z!no{>O&&KET8xXc`!M7zphuD`1`m)^cm{Y?CRCD-`C;`cn>}*x*&BhMtNsu3UdD+Q z<9-sOMCM2Mo*RvHD=~FuyYCK9*J%+yWYCOxqWFGzZlApB8WZSwEX}M>8KiAMAh`a; z#LEl1%?k;XhX9s~bOgchX81Vw7)F+@r#7&MCL(aUJK0tLA=yizr^R)nqDNXac}H*C zAeAD=G0Hy*{z2()EkGQLb_sUbcAl+YAhBRd{?cUfh`-#*H(Gx=HosqDyCMbCB2$EG zVKQK5+{qcpc75w#cr{l9^}FDc5XD!}S8M=@R781BQaSKcQS=<%dg@Jtb;V5ub=|w$ zG09s0?dXoR2h|z>eWO!7xr#efae>Cd#BqurzS>!y3VnXbk~#E-`)$J}8?t2U!dcSE z75qyL1ADnD0)P2X3M%i1?PWwry z#c(=bKvlQ+mZWj@IKNOR77y}wRTj;JXsGkv80vmwq0qSaJ8uTk30Z8beMes7t{XGQ ztOgc_SS(bRAj)nRUQB~eC5v0R5d42t@Au_Fd7rYvUxQVz_x(?GHGaY+|4`fNJ}-Tf zepyxY0`RURrukdeJZJE8enMxH{z~6vptn)${&S!Ax_WZ*@0BtE9%)#ZZl%hOpDm0k zt!NE9yoJP`c-&|Z-@8OEQ-VX^s0Igv?X%3?C4!BK)l^t9K@k*Ol>NKwZ7Be;AV95% z8=LoTSaeJ^!-pk=$sV?$umVLqnW{=8t`-h=3K*s`&UuXL5*eD^TV23#aCv|X)tW1W z_UDkTUo#pUU^M$81cLNtobY8HufpEXO&77A|76Cjt{etVnZD&wxhjk2MAE?Pizufu zqVXzL!B)Ad?q2kmhgY!nRWoS?r6o`{9-sj(%HpJdqsaAHIYQ(P7c&?fMS$ZoIE)?< zlcUNMHQ;{m+>6ibex?J8lO4Pc4n?Wgqj}5}#i1P4h^Jpti0CP=dijG;EQ5p0nZ6#v z{xH<~zWfaY;YdY9)6D(TyS);?Qo;`@%o&GyeW(@tDuYh5EcAj*x!U?!8DO*(oce)3>;tc zTj2Qe52X0ugEBf7TD5ui^XFON&w7zD{<_O<0h@i$=iewf&dq{ELi*ny8!Fv5-#Cd- zl1-EWZDu(=@Gz-qQn>>`Ej7ovnT2VTO0}d9A36(g0M(h0f4pbiJzMgHTB&y9Pwu&H zMHJCv8Pl)78*DYu5GG==e!+7E7X6FBCeMO4C}Z@iKx z^XcqN$RKwDGH7|oJ3oiY0WG3X+$-NPZL~!=7ykZ>c)mLEUEDMnb>7^6Gk3_{3yC5^ zev$K^`r=LFUu1t&X#krBFZUqI;!&Ks>*JLkvBVRb!7;TZT`HK%Mw(93uRY4`45X6!)7It?t;M}qiC;GrxxAORhfR6+m)^oJa29|HX=pabTjtsF;|+$mr-f_S zRU&kV{a5|+es*rkwaED@pef}B?9$aD^dKEq+(_T zHhw#&_ppq=PopFY?X5#+CR&Vqm)VjE-RGtami}vMQ32fio@?0PRXTw*W%)R3-Vj9# z40Upc;T2*|EUYG_=Pq1@3YJTl1iBBj5Rk74+8@XPN#2TArEWD#_8QS7i_+&^PsTlU zLFfGhKd&e01qa64i(``|*!>!@o?_9sD~#Rff*gE*FTtV57xZJvB*UY+H{WQa^ZTHV z)~Xc!#GVg&7GKwaXG!hB*NfkRtG-X~Qq@bj)3!>&tJEDpwlkvU#jBZUNkkyq8zu8% zNh)1{b?)lhyu3C}1IrlvI)-(jK=$v0F7(x|7(de@8f5jl{|;wBkZ*efJGe<_kf~f1 z4?Y~WrCJ&IaO?);$khtP1^l)&?DZ;>2xntO4pmDm>r@|z75vQXkn}-FV`$zuH<$rD zNedd+4^!UHX69rtA$GZPBR>HF+`I!#_1O?NsfOL(jx^aT$#;kPj-@SMv1VzxF6Uk(Uk_tot^)e;wVoXMlEfIUH~-0P;`w$Of_elX>K}9cP8Hpy>hv ztkbp_v8)b*!!7w1mPLV?NveOV!E(-^iaMVC~P!&u&}# z;Y7G1Z}D1+rO-=a2QsKLyS>%CerQ;DdV0_j)N+iQ`UOn;X-KjaWQeqqC`eMKN?d%w zdxux9plsh*83zqH zpIT$|U;3uDNOWGxOYC={vXCfJ2c6Wbj6@w4t1T&Gh|YiVK;+0rc$yyk=;*cR=4Ph> zh(ptGK=LPlT3#8T7c*p%o_%f^s_R7}qQtO;iQGZ0Bd{*^>lFR85E4McFP42mQ*g%A zuNfIm=416%H(aE*sXfII>UfAo!Q?m8d`Mc|=DCuEn{2X#NV?~7GpG8|Nsf+#L(J@w zXzeOd&VCyjwSBWxr7l8InMA}PX|bg*up}@pOfc{^e!OhTra$fGYW$M&!mz(-A7Z;8Yi!SdsD5V@6%INAl4;3jW%;_M+X^ZLg7#JE7NW4m&c_HW1cTd>znUyA&{M3gGt1EhYS(?jffNx1bYZID5mU~Ychti!OEyYfmfrM2|TT8;kUevy|haNt)a`OPlGY>vN>94N^&u3zfJ$@c} zO7}$rsV7j>$1lxvn~mdWmT}Nd1Q#9eqiSL;l)wM`o)KLnP7>chRk_!$QJim+c~o=m z;+%T9&S{}=n7p~q`n2M7Shmb>H=K9PLh?c@{3I3VYjnO>ZA-=X7Hcg4;deK4(W7h$ zXGQDf0P?13<)evNLJKtwaCu8(7Q4_!=N`(@zs;8Xk#=l=5#2?yrKs^kHxkTKKtA9r z7NX?x}{Azr6A;2w~NeOqkM{kf-yNKLT)ghO9x zO2+;(YtyRE7YeA4Df*z%RJpmcqn_2vQ;+m-ADtJFUH2t6W?-xf?`!ZVxrDXgB~e#H|RT_28TiBt}P8ju_0SC2IF=#z59vf<?)A>8fV5le42v)o1Si0DNED7c*yDG*c$Gz9&EEV1(&RPt?9XRSiG3eyIPF|M@}!^jF^9RHeG|DV#}n zjObA*7Sgj}oWXmm7@j1+B93# zJ@E9Y+k5iqIXGVd5id$Mx8CH=wd@V|iAxp-C*rI_$ZpuE!eLrL8hS6u1uU9w8%7nm zN!*zaouhN;`;CV-o5khdqmnM-e0)>y49?3K_(oN7ta5MFFanK2j_j%?cx_bOqG zUhAz>0wseokOLmQ>%F9l2mf?ag-&N5pN)wqY+5Q&-I%iZ@qP{9v){JVn`w{Bvf7?i z9`|61FxWt(qPSm^94y60Nvom!$YI5D!XVE(9Z9(1B>E(TcwuVw+wFN%Q9j~g@&^u} zpb{1PvG+c3JE}7(TV`oJ4c~&#JS$`16{^Tc`D4K|z^6dKsO4#ZkrBwtW(WD#bMX^} zHHfdgKkdMti$|Hfja`j>EE>!aH^Z!F?Yl^B5rloGoQ9$^NZQ)``GZpRdt?r@A+EgA zjt}(JKkwHx4epw(6-*aT((P7Rvy>ii)MsrMmLnv+eEgRJV-Ve?%&tvV-{l}pbpTt< zMMYQw>DC*j3uwg3+X=+q<%Fr8`N!*nM+u>WKbbY4HAjVh8Q$zb%t1k%&S7SG2fCL0 z%NgMEP03zAX>>qeRfw2%s5^dOlaXPQsr$IV1p*s*0rgmB0dlb0gZ_wQU9GC2W5e8J|XgVp0^MA0T8x=udFA<5!2omPAZ8mQ?;lb{NvK&JZ6qeS5$<7YOhK&Y(-x08A}OL8~=W|JYdgYQjrrQi(FjZFO{4XUqpEpV@dWIxW)bnEn|<1@ zRD*H+3PU$AC)X~&)4R$h8GUPUNN{ReSzYHCFzo*!UDE+QDCIl%G)Uy4`bCt`vP^JZ z6dHG0iwkqA>NHk7M12tuBye84>tA+GID=8mp9b$UfLrBo_BbCns~^ZeLq_e!vKwkl zDfo&AUF?~4R6!*zk{n8Q9-!r^eVFbmD3m|_H*uY~lawxk6ba;6y@L~-^8>^#+!ycQ zJ|v!@kFKd-YAh$4yO};4IC0HOmBZrn{z_!_tfURZ(t- zC$dG8ZA=O(C}-~c*Xwc_CBF7&phBqf%~T8aTNFaqgkz8P_IS>6hH2DO#aS3>Kw2A5 zy!-7>%V!}0Mprk!RGKnz7#Hjj)H&$F1`eU#+P9=-wL9;56wS35ppdr{dBU{O%$c{! z22}cE#87a@@sO3A=>NX-To;u$7eB{KE4b)%9eNfJl2Vo;TN?v{!Kx=C4h~(gJN1cU z?sj^j1?hhF5QYm#7kvmE_6)?&5k!Iep-Be6{?QxlAC*(S8sOth!G*su9S2~)6SCdyYl89>-_OA(3kBeAI zbtY=IBwhk8zM6qZScTrDbrJ|$e1>O%M9yax2}r%@sOt{y4&b^=O`#;(S{_ZMy=3w@ zVUlX?kuoiWLjB9*Q}a}CCPMq|AE$7P-T0#QInACMSDs2&uhgElLj5R&fDe@Z_j@*3 z{$B{p4m?@xHAAIw7otI}@)h`#da+$nj$*QyC62U{DaxX8YEI>{1_bxmwF92Z=b(oG zr%1sLGk4;`vB?Q@&?YkBkUo>-1@`xd_BZNJ?}9cNkJ$r(kv0_M@zexIf11->F<#GVu!9)M?G?_44-pbNJd zgeU-yx1^1cQ*^a{Syis6zemu?ESBA|9l1O(9*ya`ItZ5X;(7n;_s-;zgXK5V_h*7; zE)3*x$XdO#5Rh$FudH(e`-;~F1g{5^XN%thL>oPYu(7`W4d{wV8{l#2``v+aooZ-G z33E@;p7kCl5)q$H?NleKD|kTR7zVexbws|ED{^as>JUx|_x~BTZ7Q?0e4cQVcQpZr zEagx5WEBNI#q?12Gj8Td;jNx>>stJFYUenCe0=6UCuMq~hY`pAZ=gQ#umO8Sd8^g} zF(wjp5i(#N8vcIBJ)8BE>+&Q6nme+W%qWhriVmG`a{w5^1Iz#WK8KFMk5SnQ4x+M2 z-%`<#vc)VBS?irjG#pP@teFoM1UK1osf&RpPYjtKa>1kZ zCfi88rsF^DO*z)LwUW5D)2xi4paBs_tT2+XT)GfH?}Xuy!Z4)2(b04aP@(EeVLE5- zR)HZ$HRT;wW+|bPW_L*yu|m)`FdeA zJ0c>~bMQ7e$MdX=iC4y_y#Wu>1ax|HUl4urRP$uG|MT5+UZV4chw_lJMn5mRahU6& z7Y{f1cFq~UoU3D9-A&s{!$%7LGf_2qNdeYnrvlIp7$?Cl)6S%z%NT895Qhb$25dhDt0p<^OPzLc4>h2u_XQWSFpwuYmD&b%3b0;1k;khV z@g_UyXNC138)q!+*B7$=_t%eumoVpW zF1mWRHHil-L)sk+tULcXQH>EP=-qo|dM&9>ojNA~OyG&pE`|Ra+0o2if3qd0_-^}( zNiddh{!+Hr7Hi@WBVCDvteMNDtMMH$4Y$cvhW?K<0B`8@j&-+fXkz(A~~@Jx|7|Ed<_L=}Ky@5lxA~ zuXMN>&ktwDFfJDPZlef|&Xvhyg8)t=Or}CaEdUb@twiH%r%`u`S5E8aO~lOL@URUg z{pW6XiF;w*!&85nwxq_J1myMJC`) zjJH;NV0I(B%PASbodFL&3c5l-iMFQFFFgzX-8;J6fwaXpNe8CO3`D_`E6Vv;+$3hT z-XOX6goFBAl0RqC+3$I1e&LZp8#=fWBHV`Od=%|5$)Zb@ISpApCFjUm!pUW!{~MF* zN0R_mn#Q%hnNH%&WSau6O501FzeqHo zXIpu^ewrV9I%r%((iwYn(z4cq(XUpV!OsnRv2=cj9mf`Ncz&@Kcigi>4VsmlX)pYu zWgm9N^1q`S66TLbv_%Sl5eBSk_U~7h-5>IKVa>Me6@Q3GD`K97xk%E)#h_5KF5&d% z9NE-v>>taDRl>xYq2H}nrO*OLYc4lh32c&)cp(%m8M#)ePGILO69MxkGf^mz3?2~*t-mj`2?t5(irh1@&fJoiyCr6{5?X&=#V^4C7-962Z|_eSd8Kd|X!Sp? z*Oxm6e04R-^++arMp7_u7S(U8Cerpr^gI)ZZT~ckD?10)QvRx{?^?a98ekn zuXL%!<*sdbQ(L3nAq&iCAweVo%I1{n&i_v73_hi)cp(8T*|t`xb6_V!rSHQ>QrTR! zF%MF99G1XfCI$=e&+q@E^lK_^ut&GGz??+nxAIjxzi`>tYx{8deO}%;x)m7PF$%8d z1|4yt&Smd!>VZQYitD+er|^ttY)p$dMP&Whn4j>~V5Smx3DQQT8HrFb))0fO))F zP(eEpu=JY6S4I_aBQ0Uw!h9^-8iT#^sE&C)c{&XL`FAz1MsLz%(iyC^`3{GE4)ZRH zaxXVs^^{-Xs1_?Dv)0lg*2z+BM%*o|@k&kle=2^^icsjI(i}v><>l z4N;VJQ=tG8au&`0KktH_zW;na18A^^kO%jQ=fd|2O7p!Td}=i2L@X z!3V|H#nbb!4VsU!l>XsNR!F39$`;H!IPgpIC&A+Z z6QOkUsNlQRe7pT|_`6;M!Hw~TK{TU(DgP~8Z(gDWb5Spzut;JYEjb{@{+w5cB-vIe zaH00{bF{#Da?UX+bb!>isq&mf0) zUg%mZ2p(#^2c6aP&*HioPS0MDJU+drvS19iG{k%&A-_X_*3h`~)qKi_Xv4kL^ zT&9gzUjiQLx&u2R^Z1x7@_P!M|I0(1$EkMocuO zmkRk@X?t5bEq5Jczb+Ec*qe(#i$8*{?~V&?AWeZD5!Z@j)B%Zucdn@)Mz#9!y5j4W zZhqfR-;^Hf+>CJI7pI8~ot0%D2F}x{%~5D1bnRwO?VQH8Y&HjeC8w}D_#!wI6B64K zf7}$v(k~N15=biTir;w@h}qA$^=h^KExbRmPc;c(20caYQN5a|Jz(bzwWlh*h`(PO z%#{Kvm_lqDnBcTCxsbL5kVQ~0rOYIH?W1U3|GJFyEK232_XmeP!WoK0*#*+1E5_N# zue&%=rYodLP&nr`b+`6-LTv2-4@3u7C{x*oD0>4+dj6s!)PZ=hW`ZPkwmG>ko-Xms z=aQ`NR5N}oR9f4|Y!XU`DG{%10(S%!${MBn(I>LpD^<=0w%?tbxFblRqpJqh+)ScC z=v&-}Jvi!=eT6*CAE(2^ZQgUr=qK|!ky|P$bdhm7YNzjYA#L@Fg3$k)SZ73m zV6hV}TbXS|a2oqQf<0o(q8K2>?x3=34}Kk&rVvLji-c3j0ydO>qAcMuh0pr7cSCdR zrN>zvYiBoVl4JJk#TA`Zf`v0A2QT3j9QjU@kNh+2*A$H3y{!j=X(f5W^k*w{o|QCU zphL-Y+!6?>Oyl$$O<87(au7ndQNMlklq04y(Dk`jFt8Q#Go3MfXnW>WJJ<5BnI(}d zqQfOTsou_)0l0&TdF!Ej+&StJ&qyFtP!oP56>@z!``)S}h}M++*;CDhb76xxn_M<4 z#*_JqAiqQW9odE2q(xK&#};?)C=RAwU*RX#k75}naSu-WKk2Si-l{{XV2Q_#E;Aut zGTltQL*vZJmH*3|1Fm^u8O%k71l_JdaW-;*BpYF`>lIt7+EvVfL96!L72LF#3a24X z|HK?g{DLRTMjM%@!hGCRr@=Rpp`0wMUMSW%l6=(epje+lc$hrX)`ILeONl6I2U#l5 zLiRe=&ERVx=d~qmQWA}m{i1Kj2VkXBaN}Ea-|lrd#XY~jmo?~+um4_}%fY=4v9C4; zTwW`X>8ZF_EPJVvzoeIlMHkR0o2rH5jVtH&6{4|ABo#8}h+(#!JQyT0_g{%{9q|}d zo=DJzXZDiSs~W@fp?zTniHZMPz=gE1$%Nx2bb^%lSL$t)?Woh4Mc096UeG~tf7RE{4yUup3c=i zXYTF^3iu@@lz?Xdlqe8o{;zfes1-8i=T0AhXk{YgQ7sXxOzYI_BA2?IZz(Q)_EduI zhEJ{Y@JIFA?bBFk1WufOeEO%|sw$XiO;g)N8`A5h10QJI`!BTsk1KW~i%$@=n?`Fg z4+esD5E)sh*rAtmYTulr4imSyd3JDSsQU{QxIelMAtA@J?I6iM=`qDF1zaqTYGFO5 zVdop;_4d^Sf~E5Q79B5m`KmF}6lXXuWKnusjJXF?FX;smA483@GEqy7RIVj>jNpxX zWz3l_0ad94jo?M{BatEt=(!0sz=7W`3TGi4r{}1^Vr`8p9=}(qf}GxrDxd4q)%5YS z+X`8C>mm5+Y~7xKx5#uA$Q4bR{hL;P4V0iR-P%*qQI#ljLdka} z>K4B0ncYSy3sMyOW$122(O{PMDv%6QhGk)|dD7=Y=6tVAELKV`sK5W+gwiGStO&_a z@LPj$9G)%gDbx?uP6;hmgjU&t&}8jWBJZaGh3(!Mv7|FIPqnUHT~cE8erbS30fdZc zTjI84%ajR1>@*Y0zij!u^BtKRYbF|@VZ@gGA$8XiMB_8R^SNTTunOFa?h;X75bdeR zC4{v^y@zx0!WsBZeTRd*eXS@~iGLO4BWzUiikk_a9OiKvWsX=2 z?g&=V4N=7<;>cYPI6Tz^(sgeEL6qcgzT}P8JaM0t^?l#VQ|PGSt_gq4rKq_$i69%(oaq}s4g^!hk;U&?MvuA@d6D@seCgP+5iOPK#v)6fSxmr%KTR<1^@ z+ewU9kxbAX#UeMq=a?lkzQ%MVBATmX$nST4I6o-~k)!EEk)|UbajC1y@X|4_4PSvZPJ5w0r zUFuvrRe9l=xIs3-Le-C&tkRuStJGEGQ-4h2%F<0reIv3tuzG6TO8 z+sa^`A3&d5!^h-wUNMp5<)u9}`4Or+B2 z30(eYw7%kUen@^)4OeZaUyU^m19hK_la^2eDLt*M=gtOzpNRB`)*x4k{INlqa-d#d z)$oH#BU1xg6an-KP@gmbM<-{a=Bt^aJ5i(kH*qq>m~KcbHCAfkUdCB;n=c~c0({fhe^-GP7dGp z>&w2052!PD=V3kS;f2MG8G>jau)$vYB1bB?R3ZIF4w3e1u+gH7^rL=~ zh|VuO?o@x!Ff=>t5ATn;jVSX|rAaf3-&4N{RhnHa+^Ys4Rib#>65l z@NM#_FcIpe*7Cb%*O0n5#o{Xbdc?f0N@=rI&1>7G> z5pt>oI07`SZwzm2X|#Fl*!H|sOz!?aroJ(}vSw*}GRefYZQHhuiS1-!V`pO9HYc`i z+Y{U7B;S6{dB11Quk~ZEeO=vs*L_!2cXh4rst59F!?OeG=W~-vQuof4hb69j)fwhb z-<&umgDLMfa6e~eHmaz8q&maIDITRQFKN`S_5gCyjdJA2gItut=Ief{HI3?W3xA`! z71}U<`Mys#h+L=IA0``GEYdKeN-l~*%sny?C@L*_47r6wkE@bxDtoIpW^~zmG8|3E zoAQRlQJmBi93>k{F1G!Dq6Q^FCSD38APTa26*JN7BR0yEOqk%h8^L6A0FMxcO zlwFnKC8YG4>ajE$_g0-W0kr)siQ_);s(yFAlR#X(-FH)dlhY=tV#QrXdMvpQaKXf7 zoFkbE8hPD@d4aT zxAKClYstzBUKH=s^KOyU@jnk+rU6-y%}7u1M@?m6DCWBGt+w)~qUI|DwidSoSk9~F zr!5Ydo>(vmg5n;l!j2hNZ@@YQ3WuO02>N_Ok$DPxi?ILtAfo2gJ!Q&sbE&-CUpjm2 z<(2$`LnF5L+tp4us~-;)92P?ut8E-UzYmfk3(E_3@k77=PE4!ueGdY3&z>C8bTQQ3 zRqM)xmhc?e5oV4@ycv6;$4Tq1^d!!fliIqh>ZKTFzb{=DQygp_i_Y!Z+sK|sTWvlW zRy5L4LIKQOoE{t9sTiakQnKG<=BR@)sBBe*tHH{Z8?++VDIM%+U9fO(XPiBB8ZS$& zb3^MRoAL}<-jv)f#(o3B__#EUR!;mr&oxJpD-A(E8)JWd2G5x0wAyblf@(tBj&&~>H`1Jjv^-}RlG}_j4h^jxk9qQOid)^t`)pX zG`!Jj7LIB&oVB(3qgav#*i?Y4L4c$|#b6hO-$<7N#8nY~op359jbR-43_c;q>7HXV zH$Ufb36@SX2MZxYcTG1> z393%*dymdTX~|#4pNEyCB&apJK+%-^+~uL9#;SQB^CxH}VJ{w3RCJWf0B*%hb0Ucd z8WiombnG}jg(JB&CRd{Dd?ZP-WKaP4xgB_B2M%>D)f0zx?-N=uRU4g4)f+pun~TU% zeX__e&)QUeg{v1)uhCVm>u?QNOZ4l_xUS;X2; z^5Y-fUk%C@;8*Xgn` zLopea!5|`{`Wi&t`DL1X6H>@aF2egW^yGtPiNpmm!D%h;&ea=Unx%16jTtiMYoV?$ zE1qtxb%SQdx$_`3ke|?Wn;R&O5?9>i!}w@Q28NuZZFoxt$Q=RF%5kgmv1T?q+{`nR ze*(q0P+4L~F5A28H)p>8XkoK4k>)J{3;M6?lI5Z=8SqWcL>?PcD<)mD((=$qx-|!A zCnu$mnHMK1UZ_1uUR{kWZB7lB75C;vG|5Y3XuGs>HOaVJw!T&GRh23JDi@u7+TmkE zKAXNcw2S8iC<8n6JSI_RQ~0*D^z-E@xQ*1*!kSmx=-G|8b846EACZ9}&n_f!UAFZ+ z6+Ps=L&N&cGuSLXtf4k38~(zjfpkTNR6@ZbKeVkIiwP<5sVCo|{a#~%E_9Y-kfrup z=^2mURNaQO|NCf5_?v%@Y(7eG-JBvS{nBsrR?-~}6D9&oLc`ga zxyE}?+>gJ&@Ng7nYHz^sGNfmqf~-q~M(PNq$(A892jQF3@VsgXOoVXFhMZEg`^Bq< zQJfVm0RIVfh935ioq-gb$@`^q;F*7MQEkoAIXy9zw^jk|U3Z6brqW7dBI<4Yr|LwL zfFX2-->^};#nwXgz8vdJxLA&2k|;RowGLPOtu<}8Otzq82mDQwpyXEjqAB^lP5f~M z-7vVV?3JH#Za$<7r{AD-tYC z4Rmbdx)j%t?n`u+wQt*pY-Ax7%->2M0vfR8w;1v5~lnJE^kVZdX( z3A7T>H&V@_o6ee|gqHi_uvuOL15rQHS+EJ%5^u z$Dn=rChHOcuu$i=3~i(P@NMmYr$7H<4th|0X%U!=|*W)A6;Unyu2^qS`KimiGsj&9pEXRj<)r zvsbb;p>G5HlVzD%Z)V?^H*pu)JsJ4!>bmmAL~XuDyNp+-wf-7;Qv!`Y7mhk%?@B^dCY;5V*z?Sph0A)_f}Kki*Nj=aS!~e39@)BLL2i0 z$sS6R6Y2v7pOv0v(_Vgvmtt@zcXizMoj(fzYIlcShQp;RMW)}5Y&p=3+Q&I`+fL%o z%*eCKtwg9pj#1&@tMsAZ!bKFE0DjNTB?oG9kA>kYYwc9SpJiXBXz%(bsorgG*FxeP z*TIvSo~Y{p+l{Rhfo@?LzEN%zCCG3*c(<3oRP&c=!rX3D^NCDWnzTY0UGgJ~YH>yY zP%Q*?7CWT0(|iKg@nY!hL&m*8a{eAv2~+%U8Zy+rryK_4CRsj^o4V8_Ke(GuLvC9}wYU;8 zGt1XjMWj#=%@Vpc*?9ccejx*RRm>gmpE2^z+)-b0UtQjOLdnRgo6Na8d_S?6hbxG= zgeTcJk=#@4qODG9+d&!IHFUNPV)cKA{FdX*(hI8D*%#5aN#wI&A4rG+hA{;I2KyDebh^?j4X~eL*2MyL+P&l>bQ*0l+LV7B0(SRAQ>0 zlmJM?TB5~d6OmWss(PZukC^H1-{0-Vw7_W!!s6;yZO?Ml=TCPDSMp4*OUT{=amjwS zxi@1l8BDvD*)o6yDu@dgir2X=l{c%9F5=hZ2j1y?efa4z;W%G8=u*V>Iv22W`DaS< z@uEc?LfB(m zQaqE&16+;(Y+gb)ur(aLyl6!2gBMG;7B@;S0lanDu>DciNknknr*8%E2}=a}Aj5+< zM50CYHn$kfr-6lZ7rm0B19g!?P0k^7&I@2#pzXVxj`|_F+UnDyL$le!~Lk*x#5| z?25iGuxh^vmpm;y%T06a?M_voQ5r0q&k@%bqvT7qvll56PT!rL-$t`pRZ=YTP?gFR ziXLpP>afq0;x7wkpyVen8%`@KPiLXorXL5?;?W)he-vsWt}drg05HnGP0jyicmB41 z89-rmG442DtPPj_g}A%W2RclIf`W|8T{)hGhHA7oAs&~PYLqBG9+|?SfHnMktbK^b zNuOaH#_&WF-=+Bv>i3xrvy*KpssCE`KieOpF*4GQ*<@52)sfzWs7%dK zarkVT{cYeQ&L*+QGJeo-0vDe&9zkNr-^oSAMLP{lqcmI!4Ji9fK9A4SI}wM8*y=C25)O7v9#YC@L}_mbt4zJ?w2C?+#c zg=m-D-}r1x^Z2sr3zK?{RvzTO=ZBM((6_~0@{(sU@?;VajyWo8Gxp{XuAc66;6Y)kDe8`Pl^vK)o=Y?ot=gHbO@@M`hQ(Mw?4I5w>|A{; z%2`FR7Nja@OdX?*9;=z0jnz_(dy*6tePKC3DtK4uhaB{9Fv2vJ(J7bR{Mae`p^Ri` zpK<$^#Dj$LB|SR>P>Q8TT^9%ei|lg}-6pxS@IZ}Gh=Rg>(O z6A6uPv0e^!bkvIsI2z=vzcs?;Wf_U9)o1^zI!mKz3g>eqDi^S?@TV zx%k(lXTW7Ush zA?h+o0>0kqwx+gyuEi_gew8c%Dw68UFqW*W6c^)GSG_d|N6Kd~XUFV_fTLE<@5N&h zxUUOB5pI@BzYaAY)a=ZZ?`*R#UUg32e=TWyPr@F0L)w2;-NXfP z!S30TFVkTV;3ZRw>!fP-DvIU@xr)i>?>JF#{sB8FUytqdo#|l#)!cEnuV$QxVp3Yi z0xp9SN2Myp_}06F?yC{h&PefR(8{v@pXq;5L9 z{xXz}5)R0wf!n0zFKqJpYr=g$-WuJg$fl);h?WdU1j%{H3Nu)pTU%wVjidRpt zuT7fWphe3qy(&a(^?QbyWF|0w9h;JR46d8aulvwFXVy*Qs^>><-^;mJIl!&LdXwvx zFU1WWi>q!F{UVQ0W$0+`jpt2R4fq-rp=gvV1u+d_Z+-yU;?D0EaRl08!Y_#F5uL)k z6+FK$ERf`Y6qA<23IzhQKVg6|4e@tNNzz=0-%lp1l_}g=lIq=MjwoH93@@KfjCh5edWg~Q2WfzCx15=h zh+OAyJ*_iGnqQU3jqGxQjnx*CzOjjOPaeJ&F|QWsSthG2Y(eU(12x{t6ln5u^rSbv_qt5WndxC63Py@f z!N1B6&nxeE5zVdp)6wA68LaPT7~rs5?VoayAgmTLIK_4DeL2kLN0~IsNAsjh_ZqSa zJIAYB2ri`7rq9>xb7*zXGu0`fwmv=6EArE<0zH6d#H(4$zy@CV=GG9qj2y7c-kLb! zV1%At!qt2Jotj7;{_zA$CRQ4vq{Gbf%~6A(GW~ztn)>qvMg&Mvz9|T{8lD@>dy+aojOmDvmu6i@q|Wo_F21fr`GOr=P0mUT175Eg%!tU)~WlmbNRSh zl59$i;ovbaGSY!BfF zvkGaIrue@ui_$UEY?W*vZI3dZIth?OT!y5RCz*fZ5?=V)`Bp$AsUs<}>dx|OC6|x8 z9@{sxZ107Yi8 zJ%Owh*m^?Cf*N5vUI!y(zb%loIm?&{adq@1#kQVOo*A9o+mOct5}SwRpEv&6BgBxD zxd0aDDwS%?QotB7yHwpo9&B<%35Sg!IXaJ%k^?pAk#pNA!QpA4d)Ww#BU3Y-7GMjz$k`4a#d7qI9sO{54RK<}x zM+EsdXs<0<^Urjv?zm5g;vb905|3)NGHO;$_eyvrf~(s`B$rIOuxfa|%a{B~Jd&{! zbt*-LZL5jps(r5Y& zOzkjX@ebUM3FibhQP{s*5!M}cQR#fFH$zlA`h`sG-ZG)WTIq+(6|tWHI6png=KMwT z!b$C@^mEL^kxYPbWCZ>2x=3SArO2vEpnsLe<8wT=2TrAPzf9xthVZ%RgA1k14+jB) z*Q9gNh@@F*84$GIG3vi#SOWUv&I~G8yC3|AH4$htT;4dpwhun&MPz282h^S+;pd)c ztFafqq3C z-s4_`xP`8&oi{P94WWtX)EqNH&_MTUsaqjQ9IUj6>BR@|-^J4!IqZYcZc9OXJ=X-; znNjFyM*eG`wey^&wNJQXMq?u-^YAp1vivR&B9qQ+Yw2kB3yZMlai#ZusAbLHvm|CCMTd z025OLI809M?aGpVvG%E7rbbCAzv)gUxdw6U)P3l?1j9o30>_(rLzu z(N4CA!d6+8uKWZsf6XuE`k}R5T(r0V3J5lo-P%T$)gK#$`Ds|g!NZ6+No9~*)(ysp z2tNhVe}lvvPizRag8?6fZQ68~B9VpEcy2O5Y@+C0P-lThke7_s&>S%Gy~=?x-5PgW zXU_n6nX{*L2xN*492uoJ9cG{nDN)x*fDI$OuRSeloDs_zr>mb_A`56rUG*)_Ujf1kS(fAEe3RZH~- z8ik!2%u2PwawbgxZX}m?k>{}fzwT#X{Z?UvwdoZxT)WRZAPIWLU={inU1iX zY-JHg3B%6m)&qxfsi&u6&Gz>Deuw`qtq}t26pl~$(~>tAV0J6&ZeC$((GY;DQEmDe zBux`P{v_ex<7fi#*wr5$hIVA2@gFhwNEYIXCjA=iIO3jMM2{dEH+6o%`8Bg3GX1c{ z@@Gb}x(Whih(lt4jC~>%1q0Yv@9%R#Db^Cd_;f^MO8p`2B@~;f0G`ptwWH1?&M)GY zO5E7^KRy58c3P}7N5LNo+29kYuODCCHuMJe;h(F@j#NDZI2m#XyB}DXHZ0bh{pO1U zq#91Xl*mDF+Hw*Aml~ zy9LZP9SDR)en*xyuri_~H*Cs6R&c&%r{ckDWAR|pPpA?;2vM?kq?cgi@|x3g@|c?c5I70n9=VgJ%9H;coQKT))@V>vV#Wur~Ke9YOQS% zE?r<*;juRM0>0?Iag5-iBDwvO>rKB}`|hS=^8wiZf3(dV&fx|S!qpn*Q15;FS@n#? zk<4G&jxg)eNCWIn?C$RQ&@p=UJ7L0}4zS=w0!tDDkwO@wBCq!>p4)+B7ifu9J_<#& z1qr&ce>)8OfT$n_DTjm|@Zl8)1Np{H5XjPz^?awKk8y|qydFLVX3w7><)*l~-0!aE z&X|r79etF*6y?LW-C=KBCl-dvupxuY;pC(qSaX45*wd0CPAeOf6FgcTisHo&Y@>J- zRPe7_4F=j{GVpeQF#vlnG0PHmW(|XtbNz(c4^&JQ%}7L_0m}=Y|U}``M>pPJ5AW42}uo>SEj2+L) zrv=sit{Zm~wNjCO&22e!dV=eQO({aC)y=&?v0Pa=bRDMdXnOH&2YrOX|oioXP;N3V-jHgiT`2d1dR`ccxP zXHX}MwshTGA;vGJq4)~0c_XqFDFI}>N~B!AW1M;;4mvnt`|k*4P!E@rAIT)X5RBv* za{2Vls-7U0NQWep&JoEc!9(%i55m_j>`WEE6FpWh4W0oo@GTopC7L0e50A^{mlrdN zvF9@8OSR>BAXF;5yRR+AmTuerXzaR=t=0eWv+DFTB{%}gNs{-jzRdF$AZe>_Ji4NE z3lu{yn?h)6n_Oh5+@UX?ch80_pEtA*jGpi4SnekHJ!5v2?o zkt7WYp}M^HqY@gLs@E}VMyeu>rX+Bd7r%az+l_y0uz4#?`8lgokSRuXA9pBrzJtK8ng1C&>h{dN2hTR*1;20<>kIz- z-DocKl^F(SrB7q6S_?_up0!)!I+2Co?hjah$5y&&(f*4$E_G)IzekJetOr1z1|A&$ z_sqH&x137K$Ji9<{#mq7iLOO%f=z^)ap!=HJzuAyY~8Gvi+l3!#9Aj^?SZM#qU`4l zd>>X2fdQ!J9n!D9p(xiPnSKPwVBRWn$wI!|VLDyI$kP}T4+*QZ_ui5U<`VRoet$tg zXbncX?w3KlrlJ6#I?7r8qnNP~79VfR`qf!(0O8sJE2VPj3af+I}r94Yt%LfpbamdoiLk@T%9a+~hd|bQ@bS^>KNV#VU-|Y)VCp z(N$}{V7$a3ihXzqln0T_QUZD6(-2N20aypcd}PPvmjpi-VgNoR97%gf3Sqm7Jf&j# z+M@c04_9)nvA`;w9$jH4INs4VXA7QbGGL%vc{< zm(~VZXOd2pAU2n9%k^7b8qza#7n`ByC~K_`oRc$#h-r-yRyEh}#6!_nH{$afBAJKy z^7*YHoRfS5mI*|zRDd!F>3)mL9Wsl{L=@=6V%Bbwj2sBE^u-?#WcizP%k3%PF#EUf zt$BDpLAfaJmyB3J1potBKqSF^Ls@`G{v<$# z^-j=85c20n2dfV>^*v`&+d>-S@f;nCX5$1UV4HN9|H?sES&Y8~YrGwjVz3QdxL;}i zSvY)ai@r`g>rz*jszhk`kh`OwlVx8ryI8$wE3C3K@0dF&cv$Lql{5sclo`F(?{tgc zQw8oQumEOhW%hbLZyny7v8)?7I6lXqs|@(5k%uR4?dSf3q}g2#HlPt;5HS9kw#aJC zBN)T}qJgx!MO-STTe+t=)3H5Z6y|^R8Z^Ri|NI(x-)0Qz8@fvRR@~%tz#vS^3TU)# zDe936oCGZA8t=FIOYJh)rFQbhgFk>NkH+$VY>rdarzkFX|ILVt!xO$gHJcMq)vD+z zavlsE{Nlu<@Go$xLeKDo&m%&nq;9^aZzrmaT}uxu&W8>vZOC66Ua@3x{?Ly6WMR@_ zt-_kbx_Vp*DwoQ1*joWt<23KEuG5)V)}+Bo)G-#)DkP+aO{MmNQM21j;!6RzhdK@Y zrMa*gYa|Q4u0M-B7n6a*MMucqsIEv2tI&8r^@(XM*{CK$G{=k=DC8-ih3cyJb zK>4g~6uBqsZQj{-T=;l0njET8GXKcka1+V-IB)-ax1?j%LY#{`TVaS588*@w1`{*k z8*Cdn4Ca2EG*SUgdh#evNDDkr!KMsbH&6C8JMT^BX%{dAM?ncJ9%ef+he7}GfW{d7 zQ!p|1dhVh(eNHiNO0ji>5!--mPl}yPA;6keLdsm%wSyj~Rr+4>w;x(sa-Bf}kr=>5 zz>w#{>bx#7Z7EJyfdNPcTQkEGW_G+yaY#6Emq{m-jq5$Qa9u5yUlpTz26iolTCnyV zPZJ!s^48x=%-8-m3X&lxF_ysZx-XkpR5}lFz#mx=2tVKvK+sety#>TGvH@BNFJuVJ z5C0}8+OPeot+QmQt%(Vluz-3MflLbcWgtz2dzFieuddy56Iity4!pua5p=JEb#KpmGA(E7N1x6 z?^-DO%`1>(`eGy9tBl}*SSf-#Dq;apA#-jRHJK#w4N;F=DSJ*z{wKmU!2HA72KFb> zkr^A>qTB0dUQZ9xs*+!Nl0r8PaycF}IH~2*{Hqi%S2qnvRQM-R)Ri<#xz?y)m~0W! zP{F$({Qia&!Q`3f@ZD(YP?c-uGS*JVROq%#n`P-O8jIw2T8%frF9X6w- zyd#(Y!QrCcJ!_WCJqw6KMb=|P^&^#yLS3yl-S{GH)g~4-zo8Sb^OY4~^87vTMAYQpUICiurkAP+2OmA`){s=ES8rANZi#l8-u2-3 zv;6?U+jbS70#Tsxh_LiwrO%QEn+3A4l4Ry#A;HRx$R<>Z_ViK4zJ+5gjKgp$5*tk? zPSo|oOwEYOIc+rb$jMZcK```Vrq7aLrUM6hE&MjPV+w7TkeO89I}n>~O_ZTt{Z5oU zRZn!zC=6GpH0B2g(?|QPDsm2&tF8KIq2OPfh&OuyIIcU+a3o`UZj0QqynLJ>CFLvj zb7Is*ni+|6qOhb7Bv^aX0Uj7lF;Q6Bz)%u^h^P!X(Owm^`bsFk1XGB%yP3g(zA4ii z0nc#;T|2ckViB>z`$uYu%1`Uq9AhDz%#>0F3Z%`IjGt{z>UHOJYV%YH$~9y)C^+N+ zx>w=1AyX^w9-TZNn)5>!xb{{$?wl;?%c~c4FnkH_SwppOp7weG^JSAAms40xssNL8 z+EA338&(CZ%&=6&VR$~yYLvg4aSyxaBA&ACqAV{iGVMNexS2R~b!^$28?z$p$iLy_CZ}5w|F?2kJ=!p*vh{kYye!eA`sK9Ny}DDI zP-iWbhf>;vZLIwYez)SDpG?sd;qOJqW!Ipc=I)B>v(3%Eva!k8P_wfDY+)jqsBPTi z$l|ym&M4Mw(S&1PCSVA{-EUENLuOG3wBTG8vf1mv|Kb&Fp;6-dYaT*_J1R}9C26*L z3{E^o8lI&{(zKHKo2y^1X5m85ROS0Dt+F$34)%O~;~N%-kELvrshpx{-ZAdJrD<$w z(l;^0y2KLvfO4l|_&6WUJyfOtNpU~bU}8Xx@zg}Px7J_U!|5(4`KG-j%9C_y zR8Iw9bXPOaVEzoSU0Tdbpm~Sbz-~4va(V23#Z+a*g4B;MfAg`k*klvPX2p&nkIMfi zVx<~aBbZbFyLN%NVmB1;?(|Pt`>Sz@(GT0V}SME{5k(}!NZ96E7yg?l=td* z$kXf`Q>ejK9>*X`KW%^PL5ASATqGb^nA)qguG;OC#@l;?m+NWRC2zY$io&N{Kg({+ zc=lB5{5FJ6qwOJT3>Aiy2?j8Oun#%aJ7)3KDiTF;Pb#6zj|Jda!yM^{jX<2+1*<-! zB49Tf<%1mnRv)@^id8Nkb%&UKro@i-+`k!@B9 z@w+Dl>((zR#s>gNgUu>8ovah;E4F~{!Dg<6omWsUk>eys-gG~lJ+KXTWDt%as1~N) zIzAP+B9G>c1^tzb*BrY$+#ev?-&~d#FI!eSJU2wb_&BAy%K$Bhzs{OQowPfH4LoNk zK99};o6h{-ef33R>AG(ZKztoO?-TA$tvnJ1U?itJig*RPJ^7QlamLrZNq9mC9M{WU z%igW{^De=2cSHI4XxG$K*A}Jq$~@Z`JdS<4_j0g<-8_%;5S*K<5HO z55L3uE!J)b(;vrwhwVYlHJj|sqyPSp&lH{_$H{Qpy-ihn@vUqLLhiy4=sl*(u8HfrNe&YSdRDB;2|#k7xL)azdZg`Yo(`G;v5^znxmc6avO;YskHv z_SyC3K=Wx?UhPx^TeiQkKW0#?yC41q5OoXsg#3Wi8#N!>^_*wsdomm-<<1W)=Gudg zd#es?sp5n2_(aTva`XsN(7MMog%?BNFl?O31MCQOle!)K#Ur->8Xi0%r&>2Et)jKiFeWbG_Nb82YZ5aR@Lv1b#OWm4kN- z$?&jvVCl5gDxezXr_uJsfZ*%-wz%mGnqyy2M3D%Vk{#HV%<;(Bo=~5}L(9~15o}K@ z72-FLk@_<@9*J;lD17Ib;@Dx%Al__Iq8JBg583O167bF9XWd1n#iHk$@PJ|!EGzsL z+?lSeH-(F@p@)P}xAcI++dm7?k7}ACXo0&VELn@jZLU@vTT70V0uNsejV;iSygy9j zqJn!=2J69qNT0_F-(tL$RgV_?W}<8R z0HRPd-*(hCBbQBspVh#-xQWqby)P$t??XRDy5@r+yL*o_+~fu_b#j$Xo0*hG z0Pa9fGC_zAKxWMkCDZHEJfAY7;lTKzO6dO6>Gf~Kzca`v58w@*|77mKR4DEy!>Qmk z2TK0!kSm0bB zYmZi|vQ|O~Dg33lCp>$npsH(51JIzz0+0x>5`smz>MxgldD(NN$rHO=P~ddA2+erQ zX#1scB-6PBas84|Amh9E4iV#a6^yc_VC9 z_Y7-i0*N{baB_q=%IUCSvaSch?e|mVKRho_QQDzh53*{G@3BIv4G5Z++-%Yi+fhCm zYA0FM+}^#H!+*&x7mX&HBUF}_2y(2BT6`039*2J>O+bYls{Q62Ir^1fH$m*@_8sGn zmC2YWmw#OrPF;tbH;J=~|!QYPxIZF7gZ@kBx_W@`fyrebh zjDBv;drmVVC+IUh;eFY6(Vw5kJ~O$4r8`Gl4!YG=x+rh#6**%ONPoaj}#I0Iwq%SK!j4S&Iq81WPq+GvwW5=Q;kY4(HO14$Bn+L0{G{TWAt@Zo6+=YIy72lJ4MW3R^`d zsLxrQY4ZWfsFMUbv#iyZL4osZ69dw2TTkQ!szwg*-M=P_4SOx*z0c0Xn<@uV{6Q}) z)MWfCwBn`8lfg6^Nn6Uvh*arjsjq(;O{xD(5s4<~og+;V95*K5bQ8iRR>G^Y5&}XF z_`g8CpFMZ7gB~vG-O_cg1X^RzkT4B1B{i3X} zq;avbmJRM1x=bNAf1h3Lt34;L`qra&qt;P(Z~I9}dh?C2I?DrRj}E<~B%1(AcHr8E zd0NWQgbT|uLMLphuWRXG692y;?L)3>>KsLD$6Sb`2fkGal@EaY{!jD|Z+NS)CP0z} zvEhh~I@&IGwR|cBz?}}z##oO%w#}VKX{}e!7*rbWSmEEK(cInj=k~I(O2HTk^WqDi zNo?>$35tqan~NS_;v$HoL3p+4YRuV<460(8+%{68_tE;%0nWq7=U0kIHIGVJ?Ps=A zUYpqKeRoFT+;)Ke&)SZ)6z;9esLN2Wc;h6#Q43QAe;TiNsj+M@jYm>ELvfB+QdXQE zC3)mlWBmig?+nSaCWlAg?lx@DhFJuV^Zwkj^|Imoo#Kpbsu@XZhgkq{ikp&^y&ldP z`KyFLz2wNRoI=**yY?wqbjp2a6X<#G(gJkpb|uTaBjnZ7T3wGTv{5uJH;|yu)h^z@FQ9KzkFAispei*#QU~ zzO*uhz}MmY`L94CxCcW~#E-*JP^KLH46%>}nMU0KTYbj8j&+0zExnHq(t%h6F@pQf znN+s*Kr3AfI{6ZP?xlff*;q|LOY&Ts%rny-*18;i6ImFUZc~Jmr+DaAKPXD zRYmhxQA5i6oxhD9xO@Y$t5llxqjY}UDod4agq)fTpny5e(^lL1vsdL@nVyhoNs6ZU zos-~7*4~_6=#+9ix&ieM!2{5;hUGx0n$+LDpz?~1#)%BgT`KcH_>F#uoTo~|LJlv? zS_S?{(Ur|A6laXKO%1O=Y9q%P`;v|N?M{P5avdffPz{+%^FHEo#~aDApN^qHlKbC- z902g#StQNSDscbS3T*7aBasL@MktMH7p$&U2#d~1Ab?Hv0;IP>{nppL$ai0VjqB~= zi%5%Fi4I|6_tptZl~37~S?g|$&RP1`Q|hL{fB*rJ!dyE6xvEMPOZKc;@uK<@R5ZnA zWWp@e>%r?k30!sS{DUvQxZS&6g#W3DqP4+{B#x8l^bHOm7B33lLp7UbxRBgri)(ljr$^|Rl(?3GQWF5 zdyuVn)gOu|*@El|fkkNuWYD|bNhBJ-T4+K3&B5tMiuz5UP7X|=636R-n|y5eAdVl+(Y1+=#}l_)$1kw>HkXt4VOTsi@nTVygPgN20!9y~PPI zLB4f8RvKdklrxmXd!li#OJ*&pI>cnPKj{5%kb$zRmi;rfT-nc(B_{h(&x%&RPN>Nj zuJcpWDGOwJFSkE->#ev00O77uYI|xzeKy4Lg#W;^{8TxepxUZZ%0c= z7rr@xJRFTx5yke>-@1ClEc4ZWwucF?vgz1$6=cFWeyxwQ$)KD`ld;jd?i#e85ZJ#R zt0q40H>kN~w&;XH0pVyqqU5N$teivRx4%KLEM9SwB!Hp1DOV?ZST+9!Q#OmZix9_6 z`jy(C)3qzHz45&r&(M-fDo1E{ZKicWcmR5cpARklARA|XD> z?RPElvyQfMw~lLljp~PQ<)Tp(=JouzCX^M(GF)7Mg$4!A9LJB>8gP%{UedDPrGEf9Gquteg3tp*9PuVF0lt{(fcr) z^Hb!PQG}2`+yT5X!_tdu%8*t1Us}^QaLlPd9bd!*UnQTX_8}Fv2EtMb2B_W|VZ{E<6@NA(lb0cw&R|x}%4d8ffl# z(9%P5T-RaEY+qD!=vW8*D`!^^?6TGgdV1C(t-PO}1=I!>q5YQ)|M5E;9)P4plDx9Z z#C5%J1HQdRw;)ICm$O%}7@RI^so;tfd#p zk>-dG2!Z3oA`OItmia|C0698$FLU@I@vd%#QGBrWLzG08BdF*NCjoNlCZhSZS3#{a^ zYihsR|9DV?AE{#$ogHKUc+kVpA>;gKDrSN@ha;0haY5u~$dbx>t*7`0f%)!NA>7w;Xs)P@UDr4Uz&`y zKv>?+1^j!S9nfotoq2zYjSEykOj7KapS@IVxOEN$;8b9^TDHag(@PTh(*~pP4htMs zPm4YBMX_+@h9bTz=#XV3^8^TI@4cCuU%jQq+gfU0Rl8I*Gt7^g%NflAVouN1ww6zv zQoL#dEYwwxa85w2s)oM^gq!^mPi+P4ym`6IjJwF%crg|Qc(*AJ3JVFn1YGS5Aqvgh zh&j*AI_9FLfEFd}3sTWTNQ2@EL0Lw{O*0zgjSDizy&WV4DkWhrPQwu9ts|kPEd8IV z|0C)%hI8rnw{zIQ>41>|MSX_K5vT5^RM62P4$tzrpv$vDNs=H0(9|3a8J&IgRbceO z0|K=pq@4wg=PStlEb8ZG#MJ@8CQn`Z*qSh352xe=od};8QIHupf$iHn_e4Vh29xd4 zjCF%E`Ct*t3F(P!xQw~74tIj`T$&bszu(x@SEXlK7;}D=Fs(m?;N3uO0Eicr#8q$x$5+DJsbLRgqR}rX!Ep_L{t#yH+N1VR} zFZonjK7a@ZAr~2mUVik;Lr@4D2r2!s-EM;Wt1jBR7ul!kfzj~OSzWo^dy^G$_$%gT zuB(-c3z<{I+ZsI9{V$Q=^fU97rF@q&Q2yTpfxpR{kePb`ZoX<9Q^RWYjn;seMi)kl zzCv|_1>~nrPj=&F_KuDvRXUX5tm7OCjcPiUN{-T8wZwJlZQCXI*vkFyaSGg8`w6?m zInMDT6oX>?mXW~kp?WbDI)N9;p@UsUngRWK|d-U`eC?s;1V{h zLUox7n%m^$3gI)mB*94N1*tsUob&$j@qa{`Y9VF**hcR0qZQE9p#%b)N zaq^zt@9(|6|DLm-XRozp*6g)rJ~MM^UP)A?zpORm|H4sz6808BV4L2$LTaJZQ7qzj zee9TxrgRq{6PuY(iMIZgq8#EuVb_sgmv{;2pC3)U7Xe<-W1M`ISMR%&nB3keN-F}ulMXD0Zbfo+6-=VSrfWHJ(A0K z9L1GxE&A5mbxv6w(*C^TYVKbgv9x(M3g1@A?3h?&QZ>=E7hq2#X1)zc!Mk;2y9L;& zmZJhAr1EVgrC$?|lW74+%$|)R8AK2DlVIp4w*<`b(MCw}YX3R40DstPLQRcZ>NaGi zRy`_te$tS17&g>sCN5C(Q+kM&@ic}&As){@{jEJFK(~EY&F%jpq0$TLl@kq1Hr4%% zY=!)T&ld$`^hVHu zx9D?L)1*hE#V+M(IaIeb>WT%M zLvsL5qqv?RH>9~I6JuMq#tp8J32Dj&c4&4}PwQW>G39Jbr3_$O7=w{CATr(ydA1i5 zgxcBEBQdj+QGzL*mAWg{^~*Vj9Ivfe@i~$0EDKfiC)?DW+^fhu3AaD^{z^mpt?p%<0t&LfZcc@vC$0d}uSQw+7_!WJ3 zMF((Y@7qOtb`~m zK-&B-n1#YGy_7HLW&@K$a!P_98?XagfYfp0|CHdI-}k5oc$RfUdzoo5JepbEP9gqe zYSEblIls8D;u9-g)yvEm1%^d0ovTtniT_&f&KDI1F|&qhKhep!nuI36*#3`aKPv4V zr&K2|3aXepCk-HFKfkGpAZb->rXzMD>Q$j0$jl@cdbSD zMSe`Hyz~iIj;?tZn;$LOoSRy&4Md#0L72&I&!=uinwYQOdV5m62Sa!w!3f*323K7z z&~bZ(6RfQ$^}g%cV%p%muOP>Z_^2;8yJwqrt7@e{C%zb7f^k{sEO$;sIzZC70)E3a zD&81P&Keu9&Jc_8S3tEM_UIDimv#h?mt<}ttW(BRF&E&)K(MN-8q1pnAS7e3C&Fbg z0fSBEK@^auW~opOunAxdPPI9;k(OI0y8M3%qTK(p*MF2|P;G4Wr$1|cs1ORCxReI{ zBx}a8Q^+S>Bf@mvcVVuW8XPo~hFKa_u8Z$iz3DEMTDZhtF!|=zz5xKsXEm*76xO8NK|0o8qg<6^Cn60 z)d)I8$~u_oweR?kn6 zT5qHZzP2^UehNzV+z{FO`6U}kybNt5Zdnr4^Q*q=NASw`Ut>Z9u1`NFG#3p3p{_c# za+u~vA7iBDMJQ`DyJKEdKy`eRlE58d$NE%Jku+=A6(XIuj{2VBvRluugof4THUZ(8mp z4l9*Ve}3Z3Te6Y2_W`^NT)Aos4>2oF#yDap=ziFoXGk4lMvu4rhV_(C#Sp=XN&>z5 z0SWAqJLGCLHR(wN%joZBX>?cC1@>P%x0MmA2miW<2e)we9HIb^WY|^r#hUtf<>$kn3w+T}$@F&^;G0^?1F<*~1+&Nj-ObreD}RPh zUW+F0zP|3=ztik{N^uc6{_)v@?El8>?iD*~*En+qhSll(*c5^>_?{`)ti`OL2+IL1 z=<||5i|t)j{YwjFeR=ij#7G*ztcO&7bQmOzl&^-xL9Oey|JIy5U7#V`P;>Tr-f!HM z$G?56uzxbro=6;~AIUojkgkyO(!1E~>gSDOHr}fB01TmAk{A-BLlTS8kjOUGp^vG&hw0Inv}@ZqZr4 z+PyvhG^93N@O~eR7&I0(ODGzq? zOwpVltuD(&1HI+F%Ulma+i3HW52H6wfYV^UPm01wO8vlV-<#IisNxxrO%^~%QR--Q zLl5(P9+AS-06qHFk75*8h|0i5_82oNu5^*z4wbB6&G%R*yFv1Qp=6IGUNASN*`!i^ zG!OBn4+%zPW6-t!aBKO%d1k{d!XG0jdw_uH+)c9PTiaEFCyn>4Re&S+_l~O<)ou55 zo4P9ygCAM%0X{=)rIMG{4cz~U<71UN3bsexjT;0iT~>SG9GVPypi?Kvg}0aACd-+}CrZSVxA%9%$Uz3NBz9}9CvEln$wH6k zqkz#s2sdC1(9D*m{{!kR;QVbnoNC^{C?Kqg! z;zo8WPt9PbQwfz6atFJtlz*JO1LbRVvXAE_%i%2~UHWxV8{t|41z@2E{LKPQ3MUa}n*>&~!)? zdv=ss-*kgn_i`ZVAMZ$97x`V-UVFBOPlo>aVl}_b={94ayME~OkX@dkDA($~>Jsiq zyHqPKWRg^9`vm%vmZ$1#42)R;~3-@Mh7!5bwx_Vb&Ew7#q4SzcGGd7DWtYUAxH&@i-+ z22cka2UL3kJmwOALcB3iIGgW6wR;uXW0Q0B2uY<>6XO&G7|xp}HSXFCKJdkHnGVbH^l+sGImnBSy%t0h-@>6wV+z`t6!S0 zZ(g~GQa@Wlw}2s{$$Z-?F2x#N=di^TK0RnTyH@sqROP_&0N-lz4%#2OZ@hxXW_l;B zIhqEoMwiVd4t`L@R5%YBpPMAv4*~;SudKkZ_e+v`E24mg8Z@vF0x5u+RL=mgQgK-h zf2r)N)uGCK0Kwp{%p%HV9G39Q?>(x}FR5d)Iug8J`RsF-wQJ_Y@E5yzkh_kGFR~6L zi;PyiKcH&Gd9gglLJ!y?fVZ1?>_h-NE2addlUrgfTO8HRDY7m~E!ZHCjNTFyS^{4V z?(;hgLAlrt0aAe3ISNiG%>Sn1OqD^VW6ZiTnUr18$taZgzo^2Xa_rsw6-WIq_nqOh(OpSSV zii}A?b}WnVtViR!>R1*hAggnz{K6mGMU&f51Z^-F8rmZ-&sUouU0*rgVo+zcC(*6TStCTTjz zyNx6~a`P|D=jO|R^Ob6$baJz%^~NwO z2eoSp4soG|Ww!(6IX?hnBtd3#Mo{{$ZpFgbJDFFtu&!vHRn{ey`H;)Fwbwseio(%%uSZ?-!Ud53&}lZFa<+VWI3du zq%$o43?Q^RLrlAzQyDb)GKiE|fGtk#29mnC9$Hzb^Mpzs8Nr+CRm`%fIya!`>YbP) zefarw7K76V(X!8^;y`vw`0WdJo2g=yfyG?Df=OVWj03^h&Ipn{unuyNHsh7<%MLnC z)}T$!5A#*M=X}Fs;8p3SVt;&rhHcnXDlG}^DlaA@#>;_MY3lLUg*z3-7ybQAkzUs? z7r^#3tLPZq+bcq=BFz*f=ON} zy}9s+#+hF-RWAE$p=q!&X%HcLf0Kbw8$>lgm^PD~l%PEAG|+sO3SG2IyzcP0P( z83;>bfNPaQO@b!>4O|6O7j~PM7&|$#-*Z(Lt*n7OL7Bk-{Gd$Mw#7PFGTrXasb})p z=*#0dA=jikEy8?l2}qeIbL!*pD<78w1)DI=Th^nmtc%*F(8`e}j8dh83K~*+xjZ#o zN*OQ1L=c}J-^u(>e*W@q_Fd&LQyA%%KOeI7os+RJj)U)y+9rX_0ei+j3Zjiv5t8xE zESNv@e%w0)crRz?>O&>q-T$H030#*MWFvRl)&9d93CBLMd+zFv=KYJiC7)o%5QsG3 zuQ9_d4j}8KRl#8mIbUUzcux3W7tyjY8Nzxqf?`|M{)4b3cxs0YAE_JuC@10XS(8k} z*UaP*ET@RJ2l(a+QBy$YbJjo9G;gt<0`$}NZba-TZSB;pEzyd&-9O(xyK3gI&k6mv zJ~un>w}Rtw^sreuZ&`x@S{IRu0G^33 zZ$N%v0mu*77$hEctmzFmvfr%J-dfSaP!v&$iqkU`&`))b-D&1yF7Ri8{7)*wf-Zzd zY=IAQXcK5msOV2?JYY%Dl;EcP^4(ccyc6?YKa3g8g5?*d#VqUc>Dr(5C-TanLv0X0 zyM7+kxC>*%=TD4s0eZ79<<33W%n|0IW&o7CU;|BFa_xK%OZU$EU2L6pu$iGCMT%!F zZ+S%%d$UsUgIkUKL`1QF^aqyO=K99*6?z{XU%I&>{H}KIy^%||y&>KO#|khKTEy^7 zaJfUsO!yTcT%x!m3)bAeFNoQOXedK{&sqi*+M#x$Px?)sn%Ab zZXpU)d^qtrifmR1m#U{b&2sq0X>>Kvx+TlmkI$cOIa-b`4wGtcn{!*>DZN;nzk56y zTmolh{Y_v~_>4EGTu}V2e#?%8XE?I5Px;Uh+G;er0ozu!a`8_S=so@ulzL6)W#Z)3 zt`^(mFVym*?K^{ES5$*%!leyU-?`Od%9U4BR}|eZ@)ttatu>8oe0ryqL!e$w6$67B zm|GNy6=m!|1|mbiAT$Chhjy9Ey= zQ~I21i{dk~=1q>*chin_PD~Wn?c`U_;7&BMi{3vDM*_g5ZoU9ErSH5fJ`A~h9^Ia& zpC=b?rhKQ=@E^`*g>x*Q5Wob7`kbzD8IW!qodDrnG6Z|Odnm}*VIINU6bI$_;GZ+d z=JGgIZ*j%#*o|b@;t3Y~N@U(Op1?=``MAMzQ@DpZleo>p3-fo_=v_MqeW)VEp#Jzm zdB8yT3SU8Y^JkJsEaN2N_fR_uz9ZOlQizr@Y|)XJSr?=uxSD5y0(`408vqmjWtfQq z11bjjE)Zufm8ypiwq%st!-;0wLj9!KAK`?(p@8^N*>C(BPRt$<8Yp_DL81OKf+!FX zDkQnEs^R_5`mcT>(anc7B||4KLcM;k7AI>th5|l(Ucn#2#VSfeG|l-L3J_-_6Kq}c zw+P6oRvw85xI~Pz*N&c{Qh;%`fjF@RPpoG$3lZK#J`>Oft3;B=clrra@$k#tTZDfn zdF|B%E05F!D+DKYjI*+?HHYeP+RL%fB=uxl0B0Lsmhs2n2A6x(5x=PfYGQrV(2ptW zfjaggbt__x-%p%U`$;r)xTCYJ&Ny)obrot>%}_;PRNa7^$_*M{C_B@`rxwv;Ax5EI z4cC5Dp|kf)Ou9C_eA?sRr*xggN48I@p(Tz8E>^8Z_8-FY}g^E?*i>Zh* zObS+||8q!YiD4Yb$z%*OckJK99l-x{77R3byloYGyomw#JWgb3G#SEtoH$Ow`%wb6 z&>f=PpFgWJSG|$oPS)bTwE&w*O0(ie{=z6UX>`MiGELb=6J0s0hhf?2G?X9%aF4`|b%R z9@*~rPsc|?q(3TOH8)f;aZ3v;e}a6kz_qwIv1|9O#KkI}<_k^RUtIAnq=Y15q`9V& zf#cU#-Puh5i%q~-q5x<^5wJ@8?=`Z^YgUDuF-hNHP@B6=4N*e=yT~v%Qqo*AQqth; zSyNl8%74RPiwLE#M7!8##I^!Su=aWFbAK#gWGJT5SN^6fLv?lasEmduUFO5oe+Dv~ zGz%f{U_i8)T@I%M^+dv#pQVi{c|v0!xhm{A7_O69E0v)(J|8f-f*%V4Zj^a3K5*?Thh#S3~Bv;5q$BUE-Y^lEpT4dsm~*fKA@* zNwI0(0RIX1rI!?9I(S@J08uNh{0f{PrF;5}L3?KczD2~sBi}ohbs5t2Wiziadl}lk z!{Wwid@Wsb*zDvxQPN$gyc1rN$Y2E$+y!(v@i7y=ME1OM0C40>=@i(&k(UKcLIUyn zZp-Oh3t>Rw=OBCvR8}L9PbB&Rw&vir)PD%}U)j0>R7M@fA>ZW2Aw#+G!g-VEFkH(* zF;0~)fc$5xo?xR=$y+&jgW2Fb7Y$Q~-s-l=Sp^)MPD{70M~_4W7hfHs} zk(>}fX|WksrFa&ZFjwL;YCg!K4DD@FDtjtZ@CcjT2ttVp|jbXXt(8-58P(SFG>L}2GD*| z)8&zbd*jI=B3(kdg7X&*;5Q!>&%sW10Ul<624SDS@gXroOW`~-k+=|gIrL{CnY7FIqsL*Ip&0j!sRz=?AS;(eS6~N zEyLXR3%>S<^Hlo5qm!RYc`1PQ%Fb^4Zmy+P{ZbBx15--}I3fI}<3I%dFwauwz5H529R-%T2c=w=~R-@lA|PQt047Z8ZEn+L_x4dA!-9rkL~ z#Pt7knjl+EAYWtoas2z}OKHlm;a4Nxk7Gs>tBmBd=0i;sFn6B zRIdDR7IdqJ^*@D;;?R4_qc zSOVHLvi71?$O8b~HpQ^b3W zZFuGUU0{;L_$q+U{rkd}Z7qC%N?rK=_Y1oW-Put1vLj3Are5mZ8pNZ~B+9rD3Xj;I z{}Uwlz6(Ug8NF)g+j64*@y6m8RDk}MDE}#yR+<2{$xx%3pH~4D~ntgC*$Fq>FEkS08Ot5KPVV z|7aZONLt|d?5p^9&?owVC8nsE^0ND#-_)V!ju#$ z(q2sJE4hz8{;tx3Bye~Gqs^#-`O#x&OfW&zRs)BkrqN6$BdMP$UviMU2G-!e%|2&3 z*$w0A;|FA50bQoRA{=!k#nIPH#nFFta0S85Vl*RSnXc@Q6-y{y2RFCghn3WO(HWQB ziXOw4Z5Zh_Dz~`$Rh;PnFT_L=e^pXMFzzLYw^UF9S%@I}c*(DnKKgXPvB*BPX#&TB zCYYa0T|j}%hP&udj@{6w1U^!jG^rym0Y<^yPveqjceS?`=DehPTn;w8-RZksOX{7Ti_qnGTtq8s|gwg0wSA+Oo z#`DAk&RcX3u}&Vng8I}J)0bOBe(gjU5PJsWBPxaREXc$!XjYEzge4yTLpuS}YFOUG zi7YtvWh|c&P(%JtVZwMA2m=5#g#AE;VX*=#%x{!wnJLnrxx)kn-!jqRq}59EFIZNV zi&F-0BWBWrDRI+LD*SD|L^Jt_*;@hUH9JOQ}zA{c-#w|FxGNYCe2U_>k_|fOcRYJ zaE2t}$`1MXLsaAaSv|ExbNSKca_QI8?P@R7)%pJY@vgb#d@RK9^6J_C9ogwc&Q0F| z4%mNH5X*6p9Q!Sw@fZOKRk#3-0H`2E^;4bzc9)(F3+y;5mZNAhd=kL!)N{=^l(f#d zl^?~Un(`30p~a8V0%MckVIo<=R8dPv(%dfpZh4F(kPN?l9BF>Pp-6#)+O*Npk*G|= z3KwMLf>TsnSh;Ra#)jP*`r(E_H(uh0QuQLQadeVNVOP%}`NvCe~Y2g@xcbxuu zZp?1dxnTnh&UlsYTZh#+53flvW~NWhpUc)=Q0| zD({cp@-NeYR4%HHP(QLxU}#?1oK#;Vn&gPfKus@t5{VhSYc2nflICi5m99X48F^mk zCHD}^Rx6?d3sre9uWHz2cD1kV70I<90QhvasO1+Ia+zIh^g5{Z`&8|&iOSCmUhD;w z(;Uc}flYsx)EtY-rD0Io$7tH00pG6rp75iWn6k^pB99iK!DzeIy?TNqhBis35&6!{ zmAbVV%$G@Qpi8rQP+S^WS@RwGhh3qiGz+OlITa;K>gRS6Jk)xWpky!SiKeT#G$0xF zNqC0DEfnKNi8nO&FTOPK#}Zv30;Jewp-l4YzL>5xj zB)ubsthtjq(@IuRFr`la(|#1S3ZvBk^80Dz1GDUnrWh&{Xl_`b5C=+hbK%#Pwzur$ zxTUMVKaF_w6Fr_?v5MOd+bNy1Z#bNb;3+;K!2kwYNp)FwBxNY3L`S-p%<^-g`l7*X zlL%p*2DtulUlewzJwbA)Jz?B0Y|`A(X9^rbQNiLHFSa+|a-yP@+e@>JT#14@ zvRW$+T`KIBHaf`Kq^6U)TRYC(i~qFHx(xL5*i(?O;HGn&V4m(BI8*2YjI;nKs10GN zskTgqv8J6GVZq2gMrGBNjDq@B?+F`U_$s0mf{A}n0X1_SIH^BKjt%bqiQV9V=iiQ# z5wz9m!w2Jv<9~D)&|fDq-v)?VjN)dU|BrC2bj`1JRL!q|!r4REJw=#_(?5G_8&%y` zj=ma#o9T)O25={(TCzP2cS#fOYhRSxYkcriv$jKW&v}b-{{q<((}*Qr7^}FRv_tnU zQ!niwSh(u`B4vY1U_LjC9M>T%spK4YyS5Qe!qXI-LI_P5Q4^R#}M`b zVccXuc({$+w>76B+BVcLTkL=Vm;jwrIF4Y@%u(%E2b{VG4Vjw3?)O^{c=)4_1jz(D zRd5hS2;2^eJ(P?qED^-jU%db6o0^4&?Q>N05_VibbV&kTj)Dvs)k)}Z7Q&Md$*AIH z?mq7ecUkynoIuT@5{dL969vaquH=W1qA=jSnH0$z2FZ5=;0CD;pWUAmUmd3^*Z{}U zSZLM@@%GQX%?W?Nd+8EEm1~JR#KkKL z2r{QVUtyFh#Q9`UCxuIu?jKGw!2WghnGiJ4TN#AFe+B+2X}BHg6;Mg9pn32h;=g-& z!I6Doy@KYCB*YnifrdkJ{upzC0m0-vQS;#7Bfco(GBvfx189O8gH~%YdQ2NHCMSHS zH+j*FE2G0sGpU z@nw#1QEDcNaiHx&N0>+^wiwfA;oh{^z?AAku)2qaDBMP|!;Rb0-mwyt^BmK`sAVPT z20fZavg9r#2K+ntq&4Hb_ZQ>52N58Gu|-xX2Ca+Be)>z*2jR|NYKDoFQv6X+e7@EB zzS_b4Rz_+ynG3>6!QZS_y>=6e1G6c_PaGV<_Vs7~2|6>8fxH&D$=5OtnnQK7Q~ti> zU(||1I8PoQ#xP(pm@p89kYK+UJ7KtGNQ42+L>(6#tH{$FitV)ygg>X^y}9L8LP$}x zhd5vj5<|*T5ACzeAt%KI%|w!1QaVKX-sUjvbus)w!1L6!WP2iHDG}c?2c+7#Rxb!6@%&eYKkN6y*zj~U;+r7?T zbvC4SR>7<5|685qv2F4J2}Y2C5OG5jefGYkVhMCRhJ!u@%NozvSEIWI-E0{WZl+!W zq_N$((%ybo)*Nz`9NF}4txoHd##*R}vA9YRE5jxcv}CR7yJJVWEVYzcuI37?k%Y=s zpVH^IincWq&nkH`9EL;ykj4)=lwpOfcmS+)Gc%4KXV5=#kVOeFIi(Z3XkE7d$|}~u zVn(gn9761(V2oqNOf~=K%N*XXqa24}q8!ILu!bR0ivhBy0w^Y@K%s%Lt}EK9FN2mT z0_#^vs#Djj&M7W`=t%^Fi1AwVY-XO(5e>o{`n>=qWmr{Qg&leF*&B zKruu~+Nd>e8lWi}0Gl?VjQ%gCaIg=>)|vf|Uy+UDORGgQilL>$d_{1SIE&|j)rYr2r{@k>z+s0P<-vM@U5@Q?-+E4aG z!yJjfdx-$2BARkFsD`pNEMxN|V`Kz~{#7;>pk=?^dl_%&tex-i?I+ysBPBRi+g<|A zOUd{@-qMtpg>MlJm1d~(zoAFf%P_=z#m2O{J$1CNb_@X z9{O_Yj-c+b#yBSY2(lI6&zU@gKO#v>A;M$OqhWZNu*|(72$0lgL_>2%?T1(KP#K9F zP|!xHwnPi=j%(M+DB+iVqODIX64Ph=ACMVO&pG~D)j1w01QGIGYY=ut^k{(cw5zWW z2ENRCI9yGR38Y7|$MxgBSFNJ+IjhOUYeWz^xTGt_`VFj;sUbGk^4KdOvtp`MV4x#h z!&FVDkR(LT2p!MBylf1LmUD1o5`p?zKB%5=Jc0vUiFhc&79$MVZbNij+_wXoSgnYo z26|Ln_ym12v{*B$E@cRbF-X9XbY18q=ReSvR8_78D2|rD;t(ez_{AY_!bhN>X0JRA z%Z*p^%L7UZ3duZ6lTfSDwWeYumsU#@rZmdg?tB$beRP{ho%Zr!w*rjTtr@C0q{GdB z+=r87+Ld!qRYhA*ZWR}2Q$xBovm>E2rgma~_hya44p9EyN4n)SSW8&*)s}W1hPm0b zec8?zP;1*b7)Hl|g$uUH4Jc>#a66|}4aUddVL9w@)Rc0~&~{iMt$o7MEjM6x=j8t^ z6uP!od3~6{;19U1rv0gsSL2YTiw>S>5-2TzhU=-tlX|yq9h0dnkmke?T^`QqoAUoV38n#VY((yvFKqcoFKE5X>-=el4K(tqL*WP#gq$| zGyS(xCLVHV=!UXrY`~R5C~bILR5=_1g8?TRj@eP~#cvi{_Q`xyrqM1KT;2buueyVJ zLokNY_UKIAA$98KsoGsrEI=Oc1Q4*Ded=UMeccY_RoAM4?$s+Ze_zwQPVdv|{fbIL zKoPn)vj4KqG;|AzphG`~0Oz&+tu(Eb(9;9^t7=>7>26!i-u1q9#0%}joTBCZogaD*w zy|HmKr$0T}rLt(djT=EhY_@ll?fPhVPRVA1J1~&}*fvy!HeVLb)x|r3E&ZEo*Kx z+D5VYPHalH!7$aLY2o}!>Y-Mc&{&Pj;KF1+(wa@! zFEs9DD@>_uZm5~nJhj>kz81~*%>nKZvrdpo($pT}y8!PKdPUqhejSuAxRbYWjXFtp zYlvXRoJF!q zfzy`BepVmQ`}GK9{PGjI$M+3e8ns1}r)0H7Ec5X|TM@ciA+KB!#kjU+w8V(_Z3)m@ zZvS?!y{uy_DlsOJUueypuKcMQuFt51&Qp2+-Vo~xt95~xT(L|S7*7swA6z&rM9TO9 z`y~PZoLAV`%DDzY1NDVcfuv=48Vu)NU|t*wL`cYygbZ5!K(2-I9=VlG7A#gte&&p3 zL@vY_3kV~O=)ahMGy_0H*@H%8jzlV`&Ixz~x)nCrmli2RAN@5ugSJ5Vhj}5sKEUU}A-{-k2zHg#=NnE|tam+{_ne{7Szk;(IEVZfLtsZt zxnask!6Zlj{Fg)8{tVtF4eiG^BRYG_@_9x!XaZVmDUev4$##HV#k_N_eW}4zCdFgE zF7o!zv$D6Qe6DAPG}X^=Z+fU9Okl3Og%UB9N{%Ou3*?YLs=E$n6gidV$poT)4)#j( z>tA;lkN$2@#{ZR^b*w4AhGir!2k{D|D&MoRnnDVGCK&s^A9nW}gU?JPPg@?>qJ+`7mZ ztdszyQVo6ZWSC0vDZRY)1*P<-c} zan>{!T#9$**^gxD*ptA3<)R1kCM-u;g~|VKK9$6MSutuPV=*co@IX_b76XF@23XF5 z(Szm>#hfm8<9HV)O*g$2k*^5k#SEr3v}B+SQ|kq`jH^Ej;C4#Iz~;kcEB3-Q#23j}9&m<1Rqj3Nc}3j_}Yz9Q5M z-8fAFEg^eOFTXEA8H9^vRtsStc{Q6&P>oyJiDYJrwsi$9gGtsAib@6INvkR|ecX&zk$U^YusQsR>6 zNIm6Y4a<7n50rb1z$3CTw%=HNsED`W#f_U*K#VSUj8#bXLIR0Qf9_xYA@ZbdV9v2> zV2%hN2Fe7txRkWcE+Zq%){k+6arsZG^OaAh_fc16qDSUg^4E6fM{gB@low+b?AIWD zHb*V*pW!Wyn(WV9exC~~s;v$`A7t|UCm89pX`qDbpeWIOLfn+-m{j{mQrWYYz@_KK%&u(oJU-9jhvxbYL=}8N1L*n-8 z>J0L{EITMgrcbY*`tBjt+EvC6&rP1~G+CIMDutM9Q4p2Q;Gm;2*#o7#&mq@0?S0k! zmLa?&R*u=~sXnT3_7DKskRhdc!rfY+*n`b<)#(7ac>bsWN$a_=AWafx6+GrjV@(~l z@U7IlqNB%AvGNgyUkZ!N{`=}}*cub@kffDm@9Xmgm$c}@$E#)b#WT@D`&kCI0u8fa zH7RAnhb%_ra?+d%sEf-VP?}Q_hM#kzim7G~p7dbnL#=@Z$5Jqbl-j6_{gG6O_Y)id zqKeie)%oHiRp2dA)O7$g;B+xq6+CAk=Jz0lDqhjSEj!vDyrQY$9}@)kFkv@d=v6f` z?7!+=VbzE+kPO$a#&^rFHKnpsqP{0rDjHQKjlwz3qtIq^-5xegK13&aQbA6(Y!sgT zX{?}invxH;}`o=9m$=O2A_vAO@8p7JBH!V==esrHI= zTux*W2%7Ar>hMxVp>au{yWkspq~Q2$-r#qCaF z3gk{=pm^|t!_AY^8pEZVN>H4N4#I685w*jX=566_tBPg=PuV80luH3dT%gqG$-Lk>!!gw2oqFV5Sb)ek59Jhp_hJhRO*xbHqhds9KLMw;b zQUuYbvNG~zvkq9UUAJV4b#X#Ik31Lq0g`wHy*F!HeQNzRqoQ_%+${1b`E3DoqhNrz z4X@{~Wp{duReW5YtE-R?0Uy&P zT@Kut*H=~C?zPv&p3L|~=(>c1JXXSM<{~+s@=(D%F65V3joe^8C4>u3)ky#3B<*11 zS|DfR3X~JXNs^`&NKs-1F4#iEpXvnjTsgzHDXwewSGLl^;K5kB(pqGnoo$gxGPiHl zhs}k1Q%o-m#>~nl0KPY90-_ZSoo1*KSfo2Q_MaFil}>w3}4WCGUI9k`xd ziesTBt(fw_Nw}2n6;cvk#%@$J#MHz->rqm$P?)?P~$P+L^}2>1K4Gl%?UQhjP-laQEv&w z46OP>fo)W+eqg81?#&&hkGhbE{oF-Mz4~XEf+kaZfQHHEuVHeODL01dqdW|h-WL&! z@==(C<^hi_@;|QA)BT6v-JyaNqGAaC=JR%Orn-Lt z7$j2V5+J%b@h;DCEW@d8JOMf&B4v2-D;{_T{m(ZePM0_HSd}*usMw%r#hSPv(o5Pi zn42Ydz3=z0&1N-?%Q0U@6^9G7i_CNnl)9yn3FaLCHKvXh^M?I+9^; z@1##T$}gbvy}kx{>r$JNZ!d1d6w&+lsFxx#NWnK9s4Nb_3k6vPee6-)!&;zTbV}Af8Co0%dn3%u*;#y%h&xJHDjwuJIP3tnWF_T za*i?#%lps_PmxH8)ulVLgJjZR54}$UeJ-ZVJkI2QR=P0ez7qylj2?wwSzj7YoVAA4 z&{cytup)5ulPc>bQ7Mbe(@0sgPs;WmOGYir zz&(*7xB{8Hp2!BPS&j3`$d<#Y{9@oa24AV+6y#2Ejsr-xbLSU+Yr z#k?c4^i=P2TYc0)3*m|K%!wcwV?|wOYaDJ9hWh8}3v7m9y(xxZ{cFRSE9#~}AjrRV zX9*EfPjlmBSVHL-!U#OVV}*5upR<>z0}Ggz{;Zrm6c( za+c2_1&DtN2{k`$;PXI0+3YF$^3@6g^tw3XJXDR(E|uVLpF;U;!mCzEF8rU0`ky`3 zEGJ0M-!W%0hLXW@n*6_(8q~xBJB>+OyIRd84uK&sM_7%B_INZ2QjI*Y+)(%;EWdzh z*q^<8NBlunZ*&gW8M-Ne^io3 z&pGQ!)j12OlB8cW@-0D}(HQNE;rYz}26xEHy*S^H$G|_buaH1cSZx>TZbU3BU4e{z zy)Ln?YcDpK$HIf(bC{xDNi8_5H`MUs0RRUtt;y9Fcom|e-dBk*a&DmeAfyd4;@fD5 z%iMHD{6V{OKzny!Oa7s*v*Vhu?$!gxbNL`CXWjBOJL6YyWOk-A9|)RK5ZI1&zuXUa z!#$Zm?1~5YiK8@kxQz&KN3=C$zqlKogh8&6Lv|L@(p`xJh(`0_x3#E4L#{F0SU}+q zV1kUNJxU4NDr0Gc6A$7)^Vs!u+-6U1+~)6R%w2sx3)Dj@`f!tnV);q23c{R|Kgc`D zUqmZ7q)FnT_9u&?2K9G%2~85b1U=GrwdKbW$9K3Pj7CINh(7WH@*>H+*^8`#-~*1+ zottYAt1w9+nC%BW5WsJO7_sJ)vvG(=It~TtBkM*%D4+d9Tgn~hXFOvjz})x3eZ{bp zSXRSe8|5tg#Z0vOG^?rS!kFV#oWgjo1sCt*d9Qe!)u^GwdouO2&m94FMwtj$8CeW0 zKQhtW>IDK?1}s=PH6~NkS(nS<{zw--8`cp@n*WKH$JJBHM9?6PY}C$N1dV;JRaMU~ z&K8BW>T&_u6}^t<3ul|KUYor{P-Ocs0oyLxfeuJfc|;Uvs7hy-rJGGUkDOIF(y5R6 zys#dS^$Ev%)#x^e(NSIPwWObni0HGRQq9C;7_QW~V=xLzKhsy5ICMr7R5En6$|OsM z0Dy|Feb|Pahms8TqX>N?F0DWZjqw}}Pdi!XRFbQWWL}?cr;p|sdgR%_9rRy%!%^Q5 z)D6{5Aez4?XYpcSyKf6fjQF6qNdRa znfjzS6S1{s+xwl*ypv)4SGW62mH=o%o?NMhYBcq_0U`R`1~x1T#<(c0PLa2p;AVLG zA|quwgvg!=m`Bc(bg%^d&1#M@*T@57+239vZ8jDh4?8Wz?h!Nr(1@+U&~WzUP+c9q zW?>sPfQb}PF8eUOQ#VZh<-PNX@b8%MI&Oy%c9kn3W(SSA-Qp>eR(aJ=R6=?VnNdvjW2dG?)WrCFZMP@M&?HM07POlh0jiyidpPP3?rY4Xz@YFp`OG68s8xzBHu$j>0@Dyn- zvokm$fRTG{kE>1pCi;@_r^X#qw-eeeEu$LKC2)Hx&2g>S-y zEQWZTh(FA^P=fORmf_HL6bsA+@Z(ItRP;)v%?UTzZ=#KOlwKMbR@`RLq4wB~l7A9Z zmE|0HAo?dp;fmtNaGG=|MAhK12oebohpuxcrdnwx3d#9yc96m{FB*~sWlXuBeP4ye zM8hY(F3$urAp5D8E&40ACUN*@gxVKl1#9$p-Re~5Q^9Y;0kUuWE5$bmw5KY#;&EUT z@!zDkHhAuF7y!Z>Y!31%@}OlWzGe*~;Q8Oig6L6e@a2U47bqk&nHdLgqZ;|?+r^`o z4&AK#ni2nvF)zRPTR07#5F#RQjB~;s#4w1#*l2jxyCcmms{9CGa0A6Udpw6UD$8;H z0BuWY)RMVHaHFq^5b8OVHQDDL%-*rs(A4&i_v&#|v^A1a_LXJ*uBhx9OzJd56^mYr zD<@&vY6+RK}nHNj5A zTOul4$sN=4Or3i)s%1mC{cK<+=CZs7S+DMUpfFfm#IjO3hRVrpq(BhB@{kzu0N@1E zPc=HG%pSzD+@b=X`L~RMU@-j@vu^_u9ds6<_g4g8C^$C;yhP>d9L*v!w8eSI{ zEeuNUtG_g%LqlbqS7(Rw)~OyxWsBPvcqmBL*_jUz_#fwGju5LRPjFKV-wQ|1gqB<} zpA`*My!GLq<89PI0dapo8{{zI(n&cgX|Ov(l8`eVHfJ0kvMi}Vow5f|2sjUo)pz}Q z4N~ATQIm$%v4s+p4)odibRh#pAWB|FpkXpS;L*o!yxv85E*WQ=R_J^K=*Rr{cgs%GtY*|A zXc7ecISfEb(nE2fHKozDOJZ9-iq~P-#QCViQE~muj*#Z1=z0{OxaiPINbs)Ruv6G4?$|Atq&dt@1$4+1nuUgH3 ztT{kaP^bW>wh}aa(C|ju*@!GK{h^G{{MQG;(ZF_K)7H-I#RGBL`P*zW8%xbT_xjv* z$CIpBGpIueyaPpCDg_B2$BzzKmI)FXz^-dzO1tGCE<^2VeXMdw!w%m)e zV`)UUvirr1Zlj;l_%ZUeJ~#cNs#OK3kaGy_iXYb;n}4$3%dYZ7|5@kAf*5j??$2pe zZR|xEr!mJ+gU92}ctEPx3+PPUA&qV(mnPvj^wqSX2i8H9%o^P+4!lP+)5IPnT}rbT z3czT144L~Rh_*XG@UI+hc?{{c5C6n(+a*t0Do};9d&=3#FALqf^pUy`2 zlFzZ15o(pLQ@=ZQ6#1K6te3KUtM{5&@E7!4@nArTmk1~z+rkIQF~@QMj*&58@JEYW zWWhZ_EH&~ZyUOm$W8{rt^_>RH#7?*1*L`;QhWnh}b+YgwmVEaN*i@yUvp>1YY?yq~ zQ{k$>MA%Pw9Wyox#wy{Owh|47J(Bf%Ai{P*Jdo)qG(nCc`-YBLK@LdtC&sT_jT49g zG&j_TIx!^Y&|(tdIS~2ps0Qz3R35kxDJ)wYY(=Wj#~P`N=8x#=c7TBV+1b$3QXu&~ zN4*yD9Q$6a*Uum3bh$ytX`B$Aj07W*hS2HikYXYy22*!q;bycTTLF4#TFo&iBk}5L zEx)7;BC#iS)7&Wx5?tjfI6}cQ0=~!_-o@#_R%r46o>$Z-O#`ID=cC(`5D4Ki1)fKt z6gaVjC=-JB&=V~L07SlhZuwH+vuRQW#9i?XnG)&GvtGYzV?=z5+Hdo=E^ZKg7WHsN z@bpCIm54Z+IX>fflhE{+?g}!N+3i*akg-uUvg<5+5Q(ia?l$0ZW$fmTiaz)#kv*`6OKbgHWX6q zEYst9rIjY_dFor04?c+iwFj?bEt7F{qAivXq%Hc6FQyTFFFkKqP1l69lr1XU@BU13 zYYla2?kI~8xtL*6jFDcUsE=*P5bQnhu=b7&>D^zqcahyNE0yCaw7>9luKfDiI>}Vk zyh6Y#*MkI*lfy1|TithgUc*8oZg9A^P}q)aG_NG!r_##gXTjEu!z-WQ)BM6(P>pg+ zH;-fTHL7zsLezJZ1x=s=)ji7eCpImDNl4n;IB5cwewRWgg5d=Vym7NOLE@%8;@oe3 z)783~6t}Lq7z?u4J>0mUkS-zMizEfSB1wljq<}(z5-55IEs()Q<0}N#7sS)a8Tu^_ zRTdf0QW(c;v|*$wEeP$ZE#yK&wGksak=XZ=LaWUlB()}5zZOvZDv>azsfFKXt%rzV zgpk#9xLK_13W~Pb8|q{XVSF|hOmXFw(L+nphd;jVdwn_{aNJ|IaNsK6HPLkpngq51 z7?#z&Y}%XYHnPy}^c7*X=t;Zrg||>|9i>KEtwfHZIR? zl%3iT8CrxqHNN52aQ;L;pMC!cGeE-+vy=1vzW?3*XyWaxAJ9~NZ^J;p);WUQz46xj ze1h<{^X|0&b_VyOn7Kv%%7&qWz9LNp;GUg7PVT6Aiih3j5ZNE%!MAY+S){8!fP=kk($u~JxR_5EI8-No#3#~SyA&mH6aplfbb6R{V`Fp&++bCtybzC z)Eg3&vVB51$s-^3&P4kyUf<#=M)x^GD(t;3z$z5sN%j&C;F6Ix?TL@YH+2`M4T$Sl zt_KXWuPM<-246yGX8;hYIOP5#ruzXQ-XnVXFkC}WN;PB?3Ro0IaGX6MNz3YauoX-K ze-$|>hb~^8N!>`uH7Pg;+}y>HE#4U;y@&~SO41}NmaUnZs6b(+0Vl7^UKQty`2fc| z0z|MM_-ao0)F%;T3!IYrBB2j0I(4WF27}aW+BU6h%DN@ryr8uxh|g3fE{Rhwg6LNe zt)gbVbs<^FEjJVArL*oFe)3!7tHh_TocqwhiLa_Ks7|~e#jD9XJB$ozRQvE(}g*3D)@L40eDd){|9-eT`X-ZJ;Du7GqB zcahMKy0a*cvhx^^8+PG7VUISBes9A77MKS+M3qIuX}x$Yq2!@t?0$N91^Sg#QECT2 z^@Lz9Y7gXWiA`MEzlz+_mD#|oc4UZ%1#}QD6xV}5dH0|Lz`SY_p)O;ScLo6y-XHC1 zhWqRdMoYRHCg#9Cm?nTLY1bJ~D_OmcY@(^yC^HvZ-0V)oI0M$j`IvC^@8l1@vxy}4qiT8T)lJzMaKE`X$ z13qhkEY1>L_7`%usn!tl?pZD1+l?tX`p=Z+&*A-tu$X~wtB~*xqhEz6{FSV6o~!W+ zX;JNl!M5xNUezarhCbr-Kh@5So(BJbFaE>NZZ|t(eoSI7DHbn-r65m8LCUn{NlYq> zp@4XpZ*h>00M>DUM@3f6>o*yv0|WPiD`15G;XACYrx7@{;)g`mzBWK35n{NQYS(u- zU77H5TiuA}&%MkYvDnL|&Y=5twZ$$=_Ao^{Y`j+47;g1%Z2?9hRvig`EjkcBk*It{ z64sf?lH7GoNP(#GCRtGP9##d#N1`O`~x5eJ~iuDu(+?@lBmXsn~FSCtttThCi#y^ks39`zA zFI)J9l=1R`B)|)l^d4J1cwWt&H z(FFU@Ild*Gj&qt$x?A~c3!lR~$@9pg^n~?ik85iKzu*zfrzJFo3&iLaovX>0rKO_Rhm4-@jC z1EVxz$;(zlM@QMRrDsQQA3{8l&-mv!nz+3#rdRGFIwf`nljA$3JmtTq8G3ECj=AjM z!28a8Q&;Pwh133(ZxnTq-~J*VTAD2XyBqP(Ef@#WFyD8qNlCr}Fxp`OqbN4`q#|R& zDM>#QP^B%lqERIrunRo)4$OSPz$GTVh51~#-gnQ%2=g;L8hUoZncBN1r@H+QK$#>B z43uvuI3PrgI985iE;~0G9eYqj(vCXuP$>2H_fwP5JG*{pvfHd-y!6D1Q}1fJaM;H* z!hf*F*ypLi`Vj^Q`?o568A+`)87yo?LJETkkm3`Nv1BTG;G#_A0*{I17pU7#{9)X( z?~Y=M@$KE0jes?eqxGd^4BPx2zq}<_kdDfrIfi4=PIX7WWu0=Cm5nfF8Ly;B7IT*u zEa|v_s#B>G7t#OZ6&z79G>D){2;vgq>_PG+q@zAWP5BW}ws-yY)<|p%pec^@uD3q7BO=|SlfVhDyqEQ#d z3XcFi0T5O`TuzWpiqJUdn;ByH4||0&XxEs#(P;ik+!%c2^mXi|E{*fl0A(rBIK2eD z75Iw!o6*lRl@^)?$0stz$Hyh<=9-{;A!oN_bd8_pE8ybZt_bmO^=jT@M;bln%Q`bs zLN_Vs(+IDem+TzsY;pexW83&_DQ5l?qTLXwV_8Vrld##ZT6J17!;n=Yb@d*Z_KR&P z88AtoKEtL6OcvmfLo@(ud07FWVZCG7ks$%io<6A|;uIc|cUcIB%GJxcjc!9zDTb~5 z&(-wW_>Tu(ukNw4UaAejSAYo#sa?EKB?_d37K8>n0lCHV^;~)uiUOL zd#>?75^)x6+E0^2PDW7Y?&bVv$rU>Sa&9Jn^xK-5Nr*`TuBCpn4UMJdL&EzyQc(8r zk8QKTwq@C_Q8i#!N!poF|8)$w^(@3CXNPALfKH&^GX?Mq4{NEImp?cBUP?`+EDLgm z-dTd`uTdCSVmWA6dYqa{w-NOE>;9HoEq+%U6X6X3mbt13deK^e)s7<7ghQh}q`?FL zj59x*`?|%Z+IO&y|2mbPoh~~vU5IKwrSdPOQWOwYcUvDzA2%*bf@Eq-xeUH!+bavc zCe3VCmm`ZN2(ZN@|F=F2^J1#m;ZG94^BqB7#Y|E$ z?r)rikWLMvOa3!8P5?1~ozq{+Z-B#<9l`8f&V9-=tB-E%5sOCd*@#zGb2;gioapAo zF+%MF2sWd8ThodQ^bCA*fag|%(9Ne8~F z;(&Rh=ADDJ(h$RVt{qX|6jSKayZ@>c>HwcZ_P-UTq7C>=Zx?bHg}sh+mrMSC54ExzLO^~5{*n5F!so~oU1aLC#c`r==(q?ZsmxQAv@3DllTdq*{#+IK*02E8 z^0A6DYM!405MXxF2T{;gL0!`+GIcD#Ko8!Bx?>`!6tfiwKnX&SPG)(CAS|D>=NXDq zfKL-6*Q!16r`ft^r(>wne6VK(xSKH5{%IyCT)0KQC;cE^qZ zq@%5al=~k@CjCAtI1%d|Zd)%|pNp2LKW~A9L|0UQE52QZK|L|N`KonTUl|VXN9coy zJr|N|3u^P*JZ=f>JW$g!7Zf&4ec^65R{KtloSPPa8e~*MrYEid2f%W#CfemkGji5q zjG$}s{ylK|KMWFk6^mYK{veu=V!Nkt>L6N2OzT6=BqvdP6b}N^+(>|ZRd zEup9Ra|v!1hd*z3y%V*-=o;syRz}i4anc{(Sg`;Bd$t!hSk;@tH2JJR`na<$S$G zh@S2OWbl{_&Y0J#C#HFaVF?^AYUPiVU3T&~z&J2i%57 zU#Zv<%+>;t#Nk9nk#o!dWZVq_#5|qg>5*#ql$p5wG?j;tPk8z)sjXY3w@*Pk4y4KV zI=;5tA0)jwOA5BX`!h82&ts>bv(eL6oaQ;xDM;oH=3ivGnD+b??$ijbwS*^%$(2jTd9Q|+DXPVl;HjnJYIbrR?-UK+)#TIEeP_jPw=if1VyjHh#> z#nk{VG_>&^EP>{g4RGtP#rjMn>6Pniq*Xy9U_-yURo@3jz%Ks8!H1q zRXLQ;Eh*Sh>3M==jTy9O%0dw!Ci)$;$2y$dIG118m{V|U&5AV=Dol?e&mY!!qBw>L z)Q>g@ACs|(q|@K=swetmM}wbq#K(hCYlpVP0~+Z#2)3pSN6Rs|H;z~}cF>vH;uOB@ zLua?pRqhFltmz!rU`Rl~(_}&Pe4d?O@daZTj^9X0jh{yXKYkF7=D#EPB#WZ5 zBsS`Dr8w5HS_}PZsjiH98um=9Cz6lB9ZL>zd+i&>Wnza4O)D1af2q#+O&qN$I;z?% zW!L%lzx?4M1h&@#lQ`b&)}Yr))R0H|q>PGZoX}&l5Ez1$(xBH6XTx-MIauvlcTOt(h8>rp!8pu(2 z7SLEB;N@YVm)+U0A~0fRsck^}7goJ;9P?o&?k3yx1!?P8Z@cve)So00`&9s8Y4{la)Y_JTK zxYMU9J!6R!pw2|w^vcyGDjM$=qpNE#4Kqiz`e1;3TlgqObnP^MOuv+1Xh0KObl%UB z;)VMw;_$Y3HhdxtVeJ!-Pi_8`CN;G>nWS=Acl=n^PL%EL-c=5T)++HVjPoXEYN5v; zhmiWK9m{yY{+N0LGhdsRtQr4|qazmW4EF#CvV=l)1eP+=1Upv!jLc@O3$_pi!%m2J zip{?eV{dU?0D+=nK5Sl4V${wJQnJ~tly@>}2ERbTZMjJEvasW4u_Adqb(9_^eNpP-am$K?z8ZP;v)tF*Hy^o@-W(cp^_=kFj%{GuP92URQG zE+-f3e<(C11oTK(tgqp|*@gK)BQyhAyqTo%$M=I;R>EieI@%v$A>^|7JlP19AU+{V zty1=Qcus9tBvjw*7u$)%!7KarMa%pJ~kZ9jpaXWw#{Nz8|A z$e^fqUo9}4-!Ak6VB>YZAaX2@*Cez|nc?l!EWiVm{i@;Z^YwQ=XL_uE8bOuMQ91#JA!KI;*>gXj zcoZz!koFQiF~kw;A)jhB*&^~nOA8d({{H_xf^mQb9E?j1nD5m^gEtw*bQ`POD3o#V2VSbd;R0mb z(iY;qp!~pAzyR1Ej`&aY)GB&J*G&W7=9DdHI}s`$vVQC668}3L22{(P=HBM*9Okl3l}Si3zt9?kEekF(RfIgFsX^0 zFfK%OISAODsKSr&TV$E>@`NJJ>mgyIp8)@G3{Wdcl`WYBWjR79@H0MM=d66|9oi`* zYR4?^g^1$5BPd1Q<4<~8(MN<2CIlbBnnvCe?c#s7D%Hx)e%teMsl=>IU8_DcoQ%pQ z_@ER_b+9GJyL(l>?N!tRn^svdmRHB48Cal+S-)KU0b5A!-o-e2oPZ7x3`|@C(PGmV zx>AayHG%6s+-_|PO8GCl8M~Mqgugzh=JLj=X|SIeKm`=80LkRqE&)wc zK=l8T(aiPj3sKDma17WC-vF~~jGI|Tb8Qo!0RUGEnCAU^AIUXJKwWCgy{{NQkV8FH z=R!E)naCT6rTcuL;%8Y6L?i0kQZ0A)Aus89{KN#oyk6$=?DS?$Rm?1{tQwJPgCNZT)946E`RCrY>c$K7jnU0FOVZyS_ zIIqO4n`fON;lqHd`AhI54PhYp@3)MTYpp)@eK)ZxUq#@ozyFVQbjyX!oXZs4C=x>T zP63bh!|$U-nD(^Aie-4j2Q`V6dXxu{1-#>U;3V{IsIS--1Yy!`%8M3%x<>W@EPZM= z7}u}rg_Suk(D;rdBLXDy`JJkSJT+he)G z5JgE5>Gj3wgV*^W`Iu6~B8zmKM(FUiS@+HcB~FBY!G4w+%66!Idf2)}=4DTe=jbW6 za3$I;W!T9fQkgl|G@;=+M>^36A|;-EX=&-S5B(Td?Ys~)g39t-DrpU3l74en&~N^@ z|L%%9p+LD&maWVJNah>R?fNnlo*^1tq2~nqgbVlVrDL;4#6fqn*y`j3?Fi*HLTz=Z zeoW>{4yJ6E!#e+XAm_w9k7qU6_IcTt*%$IHocK$d0@h_xJorsVGXb6f z8ia!^;g&riBP$XYmXKN3OpVkBY&%qJP^I_qv)~Z)F`%db|A$MF7>DWolA%Zf%If1j zP*#0;Kv@|e=_e}&i$6SU1heCOwkzNU{x*sO^DLp&>rGzHf50H9*eUd7u2oBI2B0%U$nv&2I=Rp zwNmYE-ei>y+q8H`66#P;44;mdlWR8n=hvKrx9iL%`-7jTRq97$iTh;sUl zq`$@lW`Ujb7O3uOZH3jOAU95jt(|>J;^#A-Xe?dixankNczx6Htg76jRA;j}Icn4g zuP_gB55n~GsI?Pdand{h(Pz%b{UatY-ym?X43@QzhwZLucBsbWG~bhJh$FNT_VxQl z<^Ylktl}nV(9V2aNA3TfcaUu1^IM8pcWPumP<^=e#J2ESZ^rO-$#kTT&3I0wO19Fg zx=#8Yk66gmk|=AH3D6>}E-asdaxa zkv?E0dK_(REG=E|)vc8&riVEJuTrLNpi7|JQc$!=1?cV7k=ZtZBbH3`DKbE?W&T$WLTpTJMJV1;z!E7WkT^btp(P@)jK2;PlA zKLqP0*KO-|7!rlC54LOWBR6zlE^OC-H9-h=U{yir-rT+*_yxrW6MU0#6ko97*ezux zg%AMk-a%YHj9o1^a_?-x82|2^o6!>0yL}i!Z=_d`F--u3!e)o|gUm;eSj5J1B{Al@ zNV&9nN$rDG7=rPi!hfE|kIa3dR1@L1FxIq@CT4`fpx0|^Rb7~%k^w|jRP-~+c$Z|K zqFrGp!iE0^#;gLGfK@dcCf0;2#_#?zTLUqTcFz7XI|DJmdNP{Q+~Z(Y{D$ilys#&f z2dvDFai`-70YJh$Yg3G_z3V3Yfol3vGaj8*?>#;RXB$;o`NMIrdl4$RzYVg~*Qk+q3i+PhWj;2@ zI6I+N&Cco_n^ieO#Z7dpsHBNT1xVu}MFA_$Lp+@*2t;FRcM4(y_j1IC?c8K6+yJ;u>c^moq*I^~AkzO%5ay${=PkTNf^Pt>{ z2aps#@%FbGsx*)HiEQAYKLF{Y@Ja5Cx+d5ZKd~2Oz3%7Ez3cCFiH!&ljsQxn>p5N6 z9qe$TYnA9@#)W;EC3LzvUN1OTUOlc1S386fNUvZfTAar`8^zakua(#%qx~Bdx5SSi z*M$o|{du4iymSsN)A2&y0Wv!Z@c(s;?QWFIsK&h$p(Gs0A zhn;o~pXP>66k97+?j5W$Zfl!}Wx9X2!P5hO4v{ScTkU7k}CXQ)SVsfEqAE_Kt+ z7gNUz*Xpk&x;XOP&=O}vW1C(N&Yo-`9p`4DCiVsk*p^x5)cudmD-Bb>wnA5p=JJ*s zO*z84DsSm7PFR(CL%!J0zaAA<0yNoXiOt8+^01;@*@QfI+x)9CfyJh%2Tc3=;AwZM^h z<@}Jo%0Q3S(OrN@6eA8E{WgS^?XziWhw$g-3fI~s&%F7YI9(JzsgqOrPubS)2pci9 zU$>3h0EiOL9{eo_{Q{iSR3hhU+=xA(;7_E=%NF%>2<&Z_k^Vh_LuSLyFT*tiBfVcp zf-V9Dk?cre*_A|->}%oNk6WiCO`CFp>`O4YZ{unQ5|Ouw1*s0kHIPCTkJPk%pDEd~ ze-3>e($)1mXJK?ISKW}+$W(zTPysBL`pw*0JqkKC`guUMhC8@E4_YDdYIowho4j-5|;TN_j;(^{6J6>^#6=gX8`sY9pjX z+z3RhZZ;fZB1A3zqU~TpsDHT_%Xa>i}g=movbg z;@h>9PQPpY%Uk@h89Fp`#&InT3}gnN<;Ct^xu|W3V8Vy}^y6fI`wxS=eFzu}b1dJV zOfQ~@+a_|0<(w`>Y0FgUgURQZHZShsWunH=bIo7|R%l}4B(ms~ zwbr$>wel6$@96T+s8Teo++(u9XEZk80Op!41|0?$8HbYj! zhrcesI)NYq6dI|nz4N^eYr7mg6WpxF{HaXLq7uwdmc!&8nm9oI`X|5CkTs6I^=df0 zuP)lEc~(=M$`lLHV>3Y8KU2}>yv)&jEr3fR#XS-_LuoLKUz10osQN~0-h8&Iz=W^Dg~Gk_uNhp)J|0Ns;5W*}skzwth$FKHAYX(&ONQisl2I*B{s>dddViIBqhDc50DD1(=G% zn(P@0N5g8S-tD^O9uQ>JbB#9ALESea{OKSK$wq_!_Y4Sc>eaTo4OQ5Hw{ePfDV5-< z;BzVjlvi3MfS)9wMkRfEXndD7a+vVp%0PNu6?< zT6{#y37LRJ7nJ$k7yi0gKJAX3^T+rJ1e1iaEy}LK@=s}tXmw&BtMK_3Xee9UTqEym zR3ohg#_{f;A)T`E;3y!y%e!;w-)dX+n3M6X#(>dp4z}H0(a#`}E7wlWU=@kN1Ac57 zBV?FQ?pmq<*w~_YBU+T{AD5(CmJ20l#zFLHBN6}Ln-&eFJ3XfO^s5W0!<@Es&R0xV z4oGdm!xO}hdiCE;1{r!rse4Ma(?3O|)kF%4uvsaUfmD6nO_Eg9IQ-chdo8vwU0dd* z({7!x$ih4vh%46O3+du?xiGUmSOUd<0KQm-eBzEr) zfI_=1O*|TlU;Mn^{(i?*3}P|{4e@O~;KnMdjn049$_K_XA8*j|Ihp{~Zh-5b zMHaIByze*s!xd$<#U6ZA};E=dT?9P7(1W<9887_rcgjuw&w$ zU!?LO{UDt$3M?uG6jXOT(G}gu)_yYE#aQ9|ZXk@OA8_PF(Moi2=V}|e=l}y#&z{$xtm}6~ruec(jXdeEID!XS*ms1HhLqjf zctwcr?Y5rEt-MP8G?xe*_KFKWE&^f`!fzi%2>^XmB#%5#Q?EQ(Jk%V_l!GjlX%mdc)tk2TA7U15d+FSxI(L=8}pV2+8=6jnKe7tL2S;H7p9C zSjCqf7X1_76|womRC<-p3rEGcA$pGN=HJ!S-Vfs6)SlKw8DM{aWNYUkKD;H#v-Z>K zv&xoO1vXVn#>z3qx0cITe;Z^^(~10d0S`28p7fa7Gk_N`Ew>GoO*BnrYc=ZW!?@6s zA6u9IzN#?2a8`sZOwpY}<#I8O8MnKYxy)Rm?Xg8&;s6ThHfUmEF)C;z;6o0`A$cJi zJdrY{NSuXqt8TsGQ3AJL}`W186rgXq&Nk0ayzc@L8l z2ao~{AeA~K?Ra1Sfsm~+k5lUd?vkkv&wsveluz5sBw9pda%hlJ;o1x5}}d z%BP3NN03Mhx{}mh9YAoZd&m0vs+Uil=&3frs|VVG{9Q-0G@d!C){9s)Z)k8lSGZc# z=sU1YuWCwqgc$S+ItGchtNG!dgyl;6`;jReE`bsjq8q{U(davhvko~$YVCM(Hi~uc z%uWS%rHv^l)kwohCz!XF)DO({0y!IYL8Bq8JdUs9fN#pj37}fk)Gn1v4CtV1lKK2LkT=RvEr){9hY7yBVoMQ+ zONaX(!p-(T_lb56UKb9nGju$V#X>K~G@q(gkceIyNIf>j>M{_fH9;Ci8#Q$RNe|o46B`kbv9Cnj5I+|c1ux;gzS3VTX#qmEqqWOiRBAG_Vd~m})0-ikRWA{wieCK+B7xFJBIXG5 zEmLlgKlri`%kinnnJtgyLjucSRf*TdDTX?)yX5R@6XZ=xL7}wlu>=62h?LfLjc-CB zU~)z!pO@w^pot2&6=12?% zrkce!vWrn8ldA?|KJUe{#s_zbPM;>trX4};~+0>ZRJ>C>3h8Zn?||!pKchEQ_T|0-IGq&7eU7PYNWzd1v2_PvrKapL{eSPhuZsz#PgBic6ii;}||^QA@2hDkm-z=3C) z{MPn^3+qZ~*GOl=gD51;wjT7a8E>y%Q^50&orj7GGKsM2!DDX-xh~GH0e$_f7x3fC z-oV2t5e^G91aS0LMYp_C9ei=~bnoFnt26_TNJsH*-@G0?fgAgvy*ucKmM}W?be%D} zf%#2mVC011nl$D1p#W2N zm+I%)tqhr*vC{*Rc%OgYfOKqyRF@T%FHajuJHDw?1YpisP36gUz9%)EX`PR5&|I4j zaxgX24=i=%d?F%;?K0Ej^JLbc=`rtriIi!O$THg$PqC>}*974MQ zoa^?wU85~HR1s&PUbDM@%8ybmT#HOOd-_}XnS1a;Ok*bi+kT^-ZOPc<`1@@!(fOf$ zhQTU3<40~Vrki8mkBz6BmrOOd{-j%lf1rpWq*W23`QLi%_sc;B$9L0uqhU~wdUWb} zX$a{Itr3Txiqi?2sr>r%8a~=5=3hLn!0QD5?*x z!iT&)nWse=cznxXT@83Ln38jVjqRQi65@DlySA`kaxO6{hbg~G0BA2PI)>(IAe7Ek zkmiL{e2Tvm7$#vcyXC*wP)ZRbm@7wKq)Sn62;x+bH1yuE^;Qt+u~w-c=wV8Olv ztD3+1Fd4)%EtLu6XsGQ#PBJG=nAR>KR6E-(;Xl)L(@=E3Wq8c}+l!U_&e>V_7Rr@r zz=DvyK1*}$pZKmqbIlf=(SjH!MifCY^Iugg1};D>k4U6`rjC<%iTAYswM9W+kCMlq zMWoi6A@lPWT(1?05{iAe>p&V=h0;<}ww@|6mqnv{=ZqEYlO z-V3cv*Wt;QY$NN+Xuc)e8nkA7|0oZd5RDC}7Mzfrp}~0mbnJx3X)Mp`oZ!U)AVYtv zY_w5YTOjf}%S*2E!`?#a5mEM4Vs?S7y4fj|C9+ZR=8UgUS*Vb|1LqB{e3^dSK4N*p z;@16IF8vL%b_BY*g2pwBPRIumOo#0~y(Qd%f6nxc^S>KdY10j`iTT0b5ZQvj_{H&| ztUS$l&y9g-$@m*(Z|X|j766SuFlY>!A61AJHlXnOMsOb*s+dUXR+y81%kcZ(oJ~s; zM*Yymv>_AMo<2UkypFD?n)+5SM*gL7W+wLK(-u$5=%mlY}2 zcn!RCA6+#bYH3ZZ6U6wi`3Guh zsMO=eSJ`f3X)*7l=V2(H{s-EoK1QIZ|MbTX=C8bL#E=f zEm?$$%8B1XlY?7YS@q(nDCMM6u!;X-M^CeC2gEfk{NgTXZ14L8(YH(?IA1;UVX;RR zk<4e0Pb0SPwM=jKTH@i0>gNsAKAyDKKDQ{}KVd^NC3N2|=<;dVnm=&Qxyl1{Go;wA zibG4bpG6@aZOcLCZ4RPr>Qq4f5m68%%gt9r4AX+t!gJ$7L82c4XgX+SA_*brXTZkULB~`|dBea-3{UYqnR3rr;)H%9M{Y^mtn71c zQ%y;0(fW>8l3Pe36KXf^Fs;4%v7je|4ph_)><95XWcUh@e{F;J`exL8Im2)$BfUe& z@LRX5K}IpbySGvF&CWb8_7?AXD3qPtN%6>3S5+%SH)-17Z6$zZN^VwNzqi2XPlP0Z zFOM>BkARlxQwBG@VWiilHosGSOLS^nx?lhG)G>0&tpdksE4}b%GhDEi;xXK5FV@pp zcGzfGgz>?KK#_&tHOp|*LbXgFpnIka-t${VlqGZIv9j(Z5uaM}l?o;*-R|i4$03?qBwkdN zzw2nrsQU4iD1k72b&NpXpUK)?I*)+kENQT3>yDS6ezY$nl|vdc$ALTxqu{Yl zQYg3P-@j>6@N@fcKsq}uf%soWC7!9^V-J=z2|3RLNS1UBp zF>0I8EbjwCS8?<2YD3r2<;yaw9|^jCfUWaibl~GG=Yn)<8Car7-~n%p%T-}4kHu8J zb6PsqzfUbft>Lo6PU4F09>dG|2@P(WxT1}Iv;bNmw9fq{L`XXLc`;L$?j35VR1eT5 zW7`kV-5@&0o2#t7<;F)oZkYmeUiw^5X0f1SAtDIL1$Q0a#A#ergEEmec{0hRIqJ*{ zBMh@*wa2DoH(5|fR zVt~-m_>-6Clz;>$&rS>F@#l=*gK0nu<)3R6Hn|~iZ+M~3V-ioV(Vm4U!Fuz2aGXx6 zb&etLMwxL?OBR{5X*T3bWvhO?4@vV#i>ZHlO)+Us^~v zf$mG+^dra|t>cPaqtEXTQ$e+nZ}0(Z0|rv^K$9rpl}S;LD&t^he!bMw}IKKjAT*uJKXd&|I@g6PZzDs ztZpdm`XS`rf3fyEue2#kmgHCpbU{sy7PAFm3ls$(S63(DYE{Cs`B4{W3dRZr#Zu*i z;CZNa6;Ww?sE9@WAGn-$Np?zNSyC$Hp_(S9CJcVeiW_~#V$F6>i;f>FBj%Dqwf4q_vkg{{M{acj+^%2|MFRe`Qkh+v*uOU%F~xota;b;vOHLN|jF zqHo87^-uIt7RA*$!{)R=(Mx@7%jjp`)`FW26sx{~Nr;ICrbWXzTwulmSYNiXgUsA3 z$Ur#4lDAq*0M?3fE_}`RO+P}-F(WK;g_Ztm=~?W^4?fm}s%}avv8Wj;_SM3KHIXAv zgRE`RD?SfEC^^L~jwevFWyk!x0ByYxP5YAXHEE$&j7Vx!l?UDd9El)UHIf|cp>qD& zt1oVi*1;M5GGOAdo8T&kN?-5LiRw@Qc$ey!AkiCx)g8Tk2FApPeS zLk%`aHde!rBeh21!q(o7yGZBbO;nI}renzdb7OwYE#FXh_4XtZkwdX_(~Qa%0>(3prJvau z&8#=TVu6Gkc)|X7P(23-Me(#3XvlZ25ZA`h7RP29`b-1D693{my&7_bP|C14D&&v) zF&9r*WD%M)0_{0A$E&2<-h|Bwz1r}pXCUl+1$o`QO`xVv2-8XWP-hWAQf6YB5O*TW z&5)K#uq5?rUV!%b!Ts=<+6B#ygxI`P-Ry+|yN}RQ{O1W;74<5PjqhWPC%nwxYS&c~ zi9M>yTVAGG>**81v2pryg+>0$35|9H42ezZIwkleG?-4k%&#tAH(hSLQp(7*#G=dL zu@@`G=1D91vQD>UGc5EgN0I?DVub2D#U946&Bg%RK=g0V2Z4Q!%2;j_Bf(+g9b(pAi_ z-sL6C)ari0+&L9bSh*6P{(TaZ|EWXa@z4ukS(K)`C+t{(<|^j|9XjFGiYEdM2tLd% z&}o;nY4%@V4J_!;P(`D+XOCfVK6yRqU31fA%%Wv!POhRtuZ$PC-DEc;q%#osgIW%8 z$@M|hMg;Qeo?aar-(C+!^3w6XzV68q@wC5P92ID6Jb3Nq>*G%3V7mml|39X_F|f|9 zX*;%U+qRP(Hnwfs*;$Xh8${|PHLv7(y z13Kj*%ncp4IicDds|9^MMELLSGEo#*&1)rY52QHBV{hPpEhjSnC=3b zE(yImbo3hHTKFL&-5|)Y=-x(R0K+i+S??x-2jj+#R}N@~aY&WH9>X ztpJZQw>wt)0ny=}yDyReYMb!odT4hPvr8lhti2~CQ39vYuQee+T_qz?!&+k%FgTMj zczU5|2r-LoIHP2Y_uS*rQ32E#-{sC=2W(;20<1ilLVfRB06q#z52k?HeFk{vBplIy zP$(E3Lm)wASkU$qx$+4O9SyIxeaNUX6w*7shGLX`Z)}U~rWK`L_QWbe&g$=hbIj$$ zJ`Ozbao}7^;Kzw|R6b737%pvvq0_c}x#imiN;~j&a*}ibLrTCsJpdIrG}lam;WFhu zg9t?{pw=|=!EwMpdUjTZ)aK;S;PcjK>w-EcZe(ccKaq>EtE7xk`@|IJQuwJTi84t* zK|ZB++sD=DSYz1bExTAJaOuabmNks}v78X#sIfC5!tA&G4wpJ8sDBfH;N6Cq zju&gAh+!iWF(~w_VCXjFh!wpo$cW>bnQQ&z#&rB&O@s{2xCnoIpJ0{UpwZSK8_tLG zt)lpy2|XO4?)dW>`pXb4_PegyTRC8twZbfisE;?1u-r`aUjwFjW=vwR0_O5~_BGd| z6+)CPXdm;pIy%flm4^aPNaH4f%ZeIq%pPOlC(=m{MrAIJ1o#<=T3Wvwv&A7E6< zh$ttZ-7WS3j7k$f?=qArpjLluAZhWz8I$f`Ty8Es{zR8<({%*$_pg&OT^uF`Xkua| zb#HUKcbe9&0JRJUg6OSrNf~tQLHN|yO2QF^JHo{sGrs4d6?LfeM-9#1qkYNP%N(hH zfWm-&LLMO6`5jUKp}KeiU46?p$1U)|d-Y2~Ii?4@)uU|<3z;96nigUAhfNW$jQsGA zi6y()857r7`?@^-o7Wx%z{s1rFGoj~8uh zrk)%1hrccJwX-WCdYm5@2Q_mFa!)=nBHuhFC zAt}D#eyXrK<$8E*a9m0nnk{d;{sk(&b*jtv(><+EZ?CdY=ijXSa~#lH1~@d>(Z9`& z{5ycJrI(hSdWfAd(|MpA9OZKjjbsbHJ00_o^7zW-^IrPCc&9k9LLPltBoY ziD_<>h5jQL(NVn`-=$d+(nn%?6i@k$W+p?0-CCs54LkC511P7Ca}->Ov|)BJZ}7&$ zNYJrM;3}AeG|0exaJ#N~EQk=9B-?e!5JvE9*r!OL$RdS6YaaU?#;4r^IKrL5Yj*c=saOu zhA)*3VYz_VGVq__d&6+pA##22Ync-`#i+v~$PqOoOnPQ{s)GIF*pbs^Fb%PA2w3T+ zFYs8{q9ef_p4xc3uptQfqTkKQ(h58ddfcV|L}vFKcI(5~_(493p>Cc7ie-Q(_2~wJ z8`1$LnJV<|CUBO%5X5JdF1cA73B%eaa0+-Jtaq61SW28O7!8}Tsg)$dW*w83aD=O$ z;V}|q=^?AZP0{GSb6fJX)HJ(F;M5eo_dqS@mo;E%2+@yw z^)LnJ55-B%)0MV?JGn_qM50=HR}#O7^u47e;WPh3t!)Y@0*5%P>nAag+hKd@RW8h= z5~4au!?bq+t)&ihZ%*VTqs0EO`+2fxDOte9b#89Q2!@uzqEYTia`08u57MX_ju>=G zfyfmasKq$Kc&8@RzwT1nX7FqLpbPm>H&9xd3{xC~0u@PGI+wo>NwUXVsRqa3?0I@_ z*cu6eAdpBvJv**60s5DBDG4dq<0SdX$NTbyt#4!GFrjk3KdG{!E+yrB|BIqf@;?=4 zM!_7#Y;X@*yJsGb5SXEPpNR+kNY7?Z<^^imV_B6wEe6r1Ih`wC0poK}xAcu*e!(SsD;PAsCmJD8R z7Acme37{-m)gQdUxGIE6*b7;-u6ahLD7dN=#fKB7$(%%N=gZu(lo{}>pOXM8(z>`p zsS4gPp%?B_YGGo5*b%>|GBWjONR>}}V(c5GzZ}5`G~+R%ihcB(3#$jXM9FRpvGg}p zazkU$nq)G~;(mOP!5MdP!)s&7OJzJTG_(2u2 zkAS2{J}ZJzfr?~sR(5~wBmGT}-|4RDk%%&sZziDzXpnT#qF)dhL@$YE#!)#xpmw5$ zt=tarX&RnHaqmls503zwYUgiud4X#GG>9$Fshr3|KH5I^I9DyDvZB1IVy}(mZXKx5 z#|pNDPd`ER)J0D0rtzhhz!K3OTwoA4 z(8zwLDh#L6E&(R5SN=b0iq*9#Fsspt_)t@8y z^s|D>g65~7v3*qQ44XB_dcXE8I@(~4T%8`>jvl9!a`EpqMKj^+)g*ei;b5sEp> zqs-p!C*w%j2LE>fzRbnEwr$^k9sFz(%0eB{O%Xl)J9>-PuAVr*(?yoQx5SDdd+1E@T=ZJp4Ti#*qrT zrvG|M=({r?&mT{-+L>N|uyJU{_c7>$89X^@Wr16s9J;!TR}^F>-AG3&57JS??}T#KVm9$5XF)Ia~%$5B~m`yLatl z2X02!dOG*Gg{TcC=N!W@ z``H!zMS`?<$Ij1FGuuV2|2|#87M>0uOu$jIa~;N$u!2P?GfRm}ss&EtJHiuIr0Ga#J)3 z|Iev#+pEB>FrxDe6a7~W{kN^9QiK8?+C&?4K5GT31hEe@z@JX&d_dxEb^KKCEQ`YU zN;1|;HlF$gBG%UeRL;VCfQ)%?Wnov~Di#KhTIXLnh=182@QWC8&G}NTWW23lIO?Yj zf$>G?rmhFQsCQ$5%MHj1bdP+o&U}NI*(xEEr6k14>CaO7XDd=}9M8!A${!#B?&q|X z-;zkSTA+O3<4r4^fm$Zm!a6*KKsV8%9M`n6Ej_o4LA{#uXDbXpopDN^FV#)TI~$7H znU9r+TICpOrOn?7ZGROE_zR-3c>-AZ7;ybSKNH~MuzRnHjSa~QjU#GC+RvCa!r9y8 zs75}9xHx&j{cp0xZw6hneo&(b9k+f;M5q2tn>lLo{^_&`!?L~rqLz^{s*xco5OXET zb-OMa=icl9JzCD$zN~lU-K7ZdpyiSjGY5?*&+@xLZ;ApTGAf^Ofi1~g`Fp~^6H2MJ9EVJ!0l;cplh#6Fg=wx829%<8qz=lXVER} zXyA31sSMlomB_>6$k%`W^EW@-6pNxyR@jSFCZf^%-h+(q=Zt`Tubm#C3*sl(2YgNFR7pojMl-7#ps#h&pki=? z=WSOA8*YREO*S`H?pr}-9PY_v5@Y(TdExtfijD?9;wf%wzY zpez3{gB)JXY-jwwIJVQV>Fk18iAJE~z2sI@)hWGN2_{AAqc(H>G0a@ zEmM$#T^kIEUk9b{d)H+q(_v==%*`o}Cf9FW(GuAvE=f zLW~Rjn(2(^hO$FJFl4*Q9bXAVz7}k5{-YqRK)mlIHDi= zBBi(seyoXT7VbR@L$0lOiNBGJdAod&ATT0-v`ZCM@iboJ>cgwN@}&+T8k)~sb&)s> zvvyoTjgths$W5`z1{eAOkiRp>CZP|-%^x|Rbln> zwR!&iWP0^@-x6DN5{F=oKI^+7B_xkSr~lj!qb*lp^A}VGv71#5da1PX=sSlm9_Vts zkwNH_Nb(l5xy4r8d5PQH>RDk!F+YIHx$TDfS@irmxr-I#laGymz4Kl(!A0t;-<4E=WPOk?it1RcpZZnRC8vqFRXKm18HP$} z0!?@{fVs3);xh#^d^-%iFv7{~PMrxoQto1Fqg7bcoW>*!v?@6CzQuhr=ciuL1_J`< zO1%U^=*qzdz~(sX12LiOZ%f6sED)aDws+J35imoYM?JKDq_X&X*=5%@!ci`X*oa?1 z(%z1UhoHSDn@P17r|37Tm)JP5-1^kOccnW~s;ouyM=-~o<%^y;cRMba*Zqn`pR6DD zx7VL%`&VJRhR1K99XyxG4e9kzMl^DT-;wj;ex4l+B8ueg`#&d4KDqkSy=~lWjn_c_ ze604Ib#25)ct2EGR%s)35$<_Mwg^%LuK(o9vymJ=d)Zvch~EWZVnJ#r#wHMo)xgk$ zfpNm(IA=b0U@(8;S{Z})HXcjVAN1Qz;QNlj-;3}g!d?W1kB z!HTU%&lGQzyl*n!bsnV@b$$4RPLM|18@H~49L}|$yQUdSW_!Q?sCyxd;LWkm7NLZ^ zs$u4QH->vyuLWlX=DZ}Ya`A=9C*xtG7dwPh(IVPrtqzgxtQj{L-??2+G9e;I4Ib{9 z9Q161$#c)=7Weli9qwroVy~0|HTy&Q43cbJ9_m%WM%9TU#!`Mj^1|at^>-+WqfuIe z>0_Y9?*yRklGYhZUMWoIx$D*S0OLVplQt?rExiwcmynsaW?G}pnZrTZoxBOdk zhYU4dGut6@3$y&Po5H{v3TCw$D#flabd2u=h?3pXn_J^~XJJbbG3hI!Klph{#6`bD zDPhEgR0@n3r~?o#C;xD-i#DarkY+}8Uu5c+nR2lmUC@2UX%(WGg+TFHfX{MA7oUsx z&)dvHo-?_-hL>*FZ(g1q1;Cx!%OA+I{yV}pPRDq8k^Lx8Nne}-nJ3_I9HkW5Kv?F* zbLX9aY%(DFqrQx3FoqSAnw|5RM8r!enBd?I6NTzot#a09EyUg2IVk~F@IHuu{b37Z zTs3#RxCuoQv?Nl>IwN>6`P~qJ0pPJqXIPxRJ_nmlXDb(zNk;9zwj>9*aqAw0A4h*oaX*3jWnW5hQ z^~0rGAD1l0wA+ayeZ)va^V%S)kZdyv0qV!O}2f0Sv zw;FsAy4!NnPyVI@roAxlaN7L=Ndl=Ukd)6U#%Iu?CdW~iz73*WGj3I+R*8kySkA7M z!En+tX>q^dY{a(nqm|Kh0NQ4XOV`d^5Pv0^;aEUyovj_7_0~8FkAV}$Ubs=W!@Cf)L;YZ=v&+lR>4icb#K#Mffsv#;RTvA=D zy*B$F1k4-*7*HAUgu37x;uR#%gbKfUoZ=dy-aWWKO9zir<&b>z2r zR<2#OUuizx5uaze_V~HdUu(<}zk9vjg*=Q@W(oQ0EgQoZ;WcJr<>5Uf6hj@D{NvVU zT%tWJCl5VuYJ{ADAZV+O-1<*2JG0ig2k+)@x{PeHJ&$DVa2^v~i%4xzrzlKUH4OA< zMZ67}@%bcmI|Gn1ZhW0RNIE>rpqPx#lW^GO<+-R+v*+pTQQ@FS<* zWIYf@>{(HZlA!n2TAxJZf-9j~>P1aApjEwjZ4o~EaLhXpOEwk2&UfBeG=;iNQGaNbfH&-~M2Hu=Ax@bw3aB*sa6&`=}3 zB!Z_D~yvqJXG6X$6J4wZyqNInYXpJu$$F zqq211&EgCkhvKc-I{yrmdwK0Rn>^7XwuEog2wfkes)d}G{r%wtI@m%OFSdhvMG+p} zJsp17db+tl1wGJ2Xbr;L!e>F`WIb}kkOCrscShw zRiU3isJp7`0;)?GB7Ew`qIwck!V7`u@d+nSLCZEcvBV|3^JV#JIXXKjRXt&Y_;x+z zO%jvg=F5qhpN#7DG`(* z+YiQJBm{n%(jf)f1#G`kT=!ZXEWe)G(Gh6EG2e0S+>_A_VSAJ}$()<()Vq(W0mo8+ zbrK{((n^2@{r9M99ciL4N|4mZyW-#xqZcXQrH=(J@bkReS<5N2+wIK{G{Rgk@6Ye9 z`G9Bkh2a^419{aA^I#M_rDTZ|Hz`uH^Mlc8z z{(-&mp@-_i{k!#1+?ORmuh_=V7>n+-O}o@Ksu5{6-EN%Cf?O|eRgZAARTs=#$b`S6 z<-+}}k^0da(uio^jqOsq_=VbNf2zuNS5VGv=RV*yUO&bJwTj_&GL1 z19Jw@)GtDQW*bYC@C{01)J9@Zw%@~+P_qbjlhuo(E5L{VIWyA=&J-ZfyVsK#qG+YgzF8aly*#p8O} zOaLGdE?|@LXkpF@H4Fn0*~(y1Y%=KdFA!dm!hap%11lTwDP$4%^}}K|EqyfJR?|Bx zD;LonP+mLjo-g}&b=KE!l7^zqyXw=`-H$6g;@x^;HkQubCJ*E%D8FDTHMQ8g2MfJ_ zopo0YW~}31m8070Enmews)`7O~!6XxMG%k?F8wUyZP4VQFN4eX5(2(>?`M#-85 zJ$P{hqUdw65^sjS6SpPsA5)Z2-ePvkbhCM^Q^n-w=rj^xICxeq=55xp+QIcIW_gL+SPl3FL0X6_XrO;hI^Wu2XTeS$u5m1&pVCl{A{*D+iHwg9 zNM{`x%|kO=?|pQ6IVJSly<+RO;A(&9w)d&T>BcL6LNn2@?vb&{e<6b_$p)5(#AJn+KZ(ef_~e1k+RDkV20~~`F9V*IaV`j zHGYiMm>SJ&`rZtWM7oC{n`5-o6CS_QAIF%(TzLNA(QWonMryEe=6kc$0gCf1!{_he z)aUf3S&qL;iUC65R_l2nfT7nwh`9co=j@{)c-fyeSumJdP+2j?Y`{%Hu4VLv)-`5H z`NvM5Uffxa^ljgIAUU)KsGPg+3EdL*5BFi-L}dK}nuLqSvLa)Xbvm zX1SjN(anRkC2-3Zp!~gTqdGb#jYLl@MYj^j7-Z2fF<)qJWY7xTQPnurDnItc#wP!I zU(gsY zYZ@267e8MIMYJ&gr{=qBAkhPi_)Pk?h0zb%B%k;z8Ju{?V^zYYSq6D&<*BeA&H8ro zMhz?p$Ucd74`pegIK7~^-+|a^YH9WN()87*^@?!w)jVWJ30Ck$is7ps*P$XMrt`|4 zCqT0{nZRrLU~ND2@`cYuJd5N`v4TfspN1o$D9kY1pTgZme~wqaY3n5=5l=vxexZ#> z5d3==Hj72?U_Mq^uP22%{0Z&jG{Tz%Zv_Z)_K2OE@7POKbZ%{}Ji4s-vv-UFkr0SvGBjcRdL&XVB zy^S9}6WE#A7WZDBE0?S2pj?k9xr8fEUL|Q6JwCmswt}j^%fCK$_ztYxVY>=3 zSQzGp98Z4~)o&(WrA%84Bh^_o{PDa|J zM6s)bL90?SS{pE9!4`w1CD25Gcb%V62H9w$GMXk+-IZv9j;V?MiNz4rP^y$pv50%3 zW#UZ_m@Az2z$Wy0o}k3s7OnD)?wEFAk>d>2V{;e}#6FS**0b%;4xGaht7lS*_gRPA zZ|hRymUt~Smt1P9!B8oIQXbjv$~N^~jx^~x-AzzI@877E=U}T;cF1AdptMqJvbNyQ z!5hvcs$}uYE2OMvdOq)+BE@g>C+UE$=ZzjZm)h-j0$EAqNTTmH!|t*Dl=fUA1T-|h z3T+9pJQXYk3btD=%c}WdQdPKoU;AEAsjh72tXF0FDE7pd?eU9;x#@MJZDKT{B-1k+ zdg*7w7AkReTj`DTbe>M;(g#1}*{0b`tcIb{R6wT^n36MV&T+L9g!pq{8?DHE=T%sZ zL|_gCBoN1FX-!lOF@T4Y!yLM%NUQr`cIM?U@LmS_`{>z&Mh@4r8QHW`-)0b7)IdJw zG7?6*GzUh;xHbS@*kA_|Ha?J;Mj0zEy^u5KHW%(8Yl=hMkAx=<=1-C_8DxSI0S3)z zwidLd#Duczxg_S0`FirbXk)B+rWcl9Jq?pL;Q1*IM#^eXV#)?B zmXv{U-eASh*oWv>o7uV19BHI=Py*EFXV!AWk36J6HU4^QBK)e44ao7gJ$@443%cSe zH9qUGh8d>o%4(G_YCrmIYkA4X9?tsGdiau0qXHr|Q|1%g-cucFR;kwVN>myV@=O1{ z7ag%1fos0#ni5XKGoUQ_gFS`PdvrT9S;{{)mHQW>*)}PUP}~vbr$Qe@OM!ql}=S?VSF!eRlWh!mH+f|QpzoF*x&En|3{h}q^jhWqpRNMpjGj_KU0 z94$5*knfd zpoR&T-Ji@BeH(B20q$|_eY^(ZQ1Y!PNRnxf!S}#U9dt^T00^pdq{lQ>h)KS*#zM?P z@Aiz{ylZg)MZkx03|@*gVtOiRox{5kB4s{Mz4)eDE^6*Kkejxw3ZEDmEa`3}4W{+S<+*w>PHg@T zJi8!u-P$+2HQ~+u4u6O}OZLB`;G+j~to+g{W zu}@@qqa+LoY+PW%gQgu}NfQan@X8_8qXU@Pt=Hl~XbG91^zn;Yrwjxdli=aK z1JtNIB&vANK2))Fi+wdZqlWK(kkNoUserNUaCS!FdTP1=Vr^_e9MXS*hHhFlw+YOuEysfyMuXjyl(Z-b5mWU#Ed z`O~czYlH16SL&dSz}uiy$iuNVmK2iLq0V`cCxW?^U&jYONw7Osav~k~hyq^fxE+wo zROWO~-$r@F7g%#?@12b#9jXFxvS zBi%szc!h2u8_8T-ChR_`J!geb4^)p%3V<0zK-ZZ6a2mZw0FJ!nJuS~e#e)NKqsr_{ zuA-p7ffGHgLJhKe*rOsvC8YY0j?KVZvfkF2;4^HcH%@d$&|Bj`x~nJ9eZ;0*63Vdl zFEaWXm%-vx`YgUF3n=?NIk}YoS6T#wpkwp>l)W~Z%z0sB;DdVS{W95Z^N3ssxn4ks zv+uM6tniPv4V=s=85im!8uz{1FWpB`3=a5Qp31aUDAD>_I4>w0e4t6P+86ngG%s|? z9@M^RHqgR%MJ7!q{4!T$BWf})HS$(}?E-axzU89J<>0By$6kIpGqEMao;VbhzL0%L zXF$=V<%Wg@Ltvmw7GhaV8L?Oscg%uytn88*SXz0kC%{unve-0(-wvah(ME6e$ zzbf&gcF|3TyN0T4t#~cY$;SLjydfNHs=zi`f3ETsEJKAqp3ehAYHE<8359wvtXA5E zR3RSTIbQF8WH3n^cfJisjFQz0k2Y&9dqolUSIA>ihRV-TsQ^o$VvMLZbvi|k=Dc&s_;GlKMonz-RW+?Vm zCpmrNy*bA)mThYNsiG`x6H1YE$owiD@a2+%t0e!KXu)onvlcUr5%t!f@8m*URp<+a zplRg0#}*CcE95*wg2pVUN)^C`G~C>^`w@-iMgyDK<9=Y~DhVUa$eu(s<8_sj05kPK z4f_sgLwxc0bv1_Dq-SG5_SnZb;vu&ngo`r^4`0a7h z)3QSvz9Nxk#gj^fx5Y8(geA|>W1UN?fR0GWG3kPuJc5kg)kQ}IM7>s3nGyY@mDJB_ zs$Bo`q&V{9KY%{~(ya@ZWAZ|3NqV)A*lnVC}0IvVKA4=8}g5AV2_inVFq6MZ8+~T_g zl0~k0OlwdCAwiX<^v!*zCClsU!VNQ{*O`~FSt-!^pr%-cws8~zYxWJL)*FK8W$F+7 zEWxs`yD5SCpp-yEaKfy<=Bu|OKhcyIo`i^`Zkg~2!6>a_%;ju+Y7Hd7zN=VE+<;lN8nby-1XuA%`});H z-zueMxKS|9U`SK_MsD4H}nkJZe-O5x+~>Q>%-sN>~R$2t|w?W z&(r)`AFw9BUbC&t$riM?1>T%pf=%Zvg}l*-FuZT;kk6mP?yE>P@`MDJW_46F16EiN zN;`b*nVH#k(RR|}mB()_cK?&Jp^=+At+$w>p}kdHWUN}T(VZ{Vl_%W=#<`X!T&Eg{ zxaBmqspKYPnbxNq$6$h1EbC@ zo@8|9VM)vMns+4_6|MXMYaxasNRCYE*qfuA51bA6G!EaJKYK#O_+;`Mg$s1F(ZpBD z_N~f3D~m)^s&+^ERW!W=Cl}4O?RWYrb;eweeQ*SBBp)#FZ_yCh)#gmliYL0O(|nMy zJ>QBdlEdmWJ$Gersxi9qC=)nH_%)g`Pl83U9sQanzw&yd3PP5IM_&fa(HpEeC7;>r{Tzl8o9yWFk15L#Hopm?%m;OLzcXz zT6=ffhc8k{j6lUcXnRbJK+8ZKQ&5aS34!ZVnZ%a;yz|c=!#@cTcBl$wQ5L9+Wa$G~ zn-cW{qGqK>u}m&~17r+v2O+6(46v$Q%Hu`mg!7^n%!??S5?p`FYCM)Gi@C%f>@l?M z(XJH^MtraZ&!>y54oG36P5daIwO_A}G&WYg-XD1sl*#b#HO)ki4$La?1E z^auZlS9gpXL@4mST)+8Rb`9 z)y<~hF8;@5LJULAGCswrai?4jSDhR!7TR$@eBF0i2I__AV-+RvbM@8T+loXb8Sjj7CxAoIl zndZMaEujHX#a>#_bdtCbCTN1YFc!PpnaeXgOt^6`>7xpaf^dobd>pHJ*`8)knG1N8 zVE)bh0vzw6B_X>}+KBJ;W3*HF6{7M!<#cv_Ntf(!lCB|;c8mL)t~lhybzZt7xs^4X zFN+*Upfy#GBb6F^Q=rKTOOdI|+XZzjA&Nkti2=T*E|O+2l8js#jS;4NDjI*-{UqF3 zjS=e$Hpu?q{~%!F5NhmK>CAMwN1$U_v(!UhMNY=5*Zc~*t?C|sQOvNCpS>Y3Ml>PZ zlha7K%woLn6!oxM&bF+8)iOXm8gBRK*H6Dxja$xmtQ5jVLfa6MM{xU=sRp_$13Qmh z%Z%_DMmuuN6?Q}@l_oo7>&*^{!;Ny;7;FGB1eYtjCM~K!^qn1CZFu|u6cA1Rdyh@q zR6VoTb(b&wJI%9O3>GP0w8+=blJN+b&!9Tr?Akxp<>xkbBJ71q{A25WJE*9Gz0;#V zBW$w1X*aLK=PpITJN^oq?{5z7iudoMTRkq|^~lK9QEx4>)tyq0n^v^-2vfgly7UAv z14h@Tt1l~KtUeyE7BG7R=?BK)JzajVYEbf>;(WWM7gP(*D5nj*^0SLse`0Kn(=4t; ztXuqyb6EY&uLN2mru;Cy#foj8sf*Whl3`3g)b)%k-4&ac#}hue*Z4c*!)Z=->_CU( z7g7DV#!uZV%(dT11xv}(UBmyhl@1ozcswV+?W{B<8uHZ>5Qtau)$diEribv?6P`@; zuNKl~F{K+L*`FV6I;QZMgVF*O{dIRBw^p~eWv(c0g^wXt&;6|YkABb-(4wqiAnLMB z?-;8|j&|fc=3m-J|(G8tm&eguDhbd|R z@U$|zOe|ZCX8YPnUo~!p!!o*p1%aY{PRhbG?l@X8aHs7$wEq`tv;W%;MM4i*!+MqW z`62gM(A~p&li>tsq}^6Aner{pHp1>;a8pG|sOpG94%(Jn_3cv%h6N}K5V`UE7ZP|& zJ>fU)j){#rkiL3n4J~d^0%a6|T|Az)Vg4Rb6>m`598vPd;^yY8{qIj_H1u3ik$BGu zch$wyqUn>E9vrfcy7OtrBrv3_m()lLo8Yab>T-;%ss)zC9wL2MVVt3QLZ2*AI)o83 ziTI#OPbWu1)EU(aW2$0Ifuoii)F|m?Ce!Lc=)72uI>qRb#A~A(7q7YjHi=&~R^13O zV{1)(`1`Hc+L^l^{U;d$3`4J<$Li;{0dk*O*oA@pIxh`D*Lx(nUqM2iH>}cYh!{I zXV`hF+Uw5=NY3_H{EGDTn|Nbm_>m0N3jnngXM#A0H|C+-z@31@gc;;0mY>%Gh9r%j zYp?$=>e1nC>DX0WZxIiUxzfJddjh|4y1O%da+d(sgZ;3*02sL%9cdw<5!mvys#A#mYezQ^;T3x`6l+xQVQjGUC2v4+g>DZzv2L=j za8~?1SCd&@sACX4G2!zkk?xQQXK9I5co8)D>-Rf3f3uUH{K4QM)#vDMUC#xj zsx$XT8krkyaUe8m1jCjkWCvgGLSU#xDMJ#wG8oxt0U=mcV*q@w>yFt)F>g-w?tz>1 zx+VS_=`1yDCoe)H4qwBKk=P*c*Afm&KfSXQVjEC$Fn`Sy2^&y7ARn~2te+$iZF z7u}X3%IC-T8Trol@hIw4t-MIAu1R;ZEvC-5&rmfTz63-ne&mn$UB0~l#TBCc{f@H> z?N2a8pBEgyopVe10i_FhtDJu|kqfRwndbVc!3LI~tr!8J?ETE~qIP8@6Qil~lvAQ% zOK;(Oa~t?L&TWSFtRyLUkkC-M^*o=oEXS4D`=M1*rzd z&Nl~m-LpN&OmZhoBvp}uFpukt8F<}ocRs4tTORi(4Cb;bXk&e~j02daGvIBTO)iLH zjYd(>4S9)1nt__1c74Zimz9Z4Qm&USY5o#h3rZc8`=^}3hmTNW^+G-4HlqzC*VadqJr3=m{W`@bA5T+LRMErJg!u=WqB7y{%soiO z>*^0NZ`DLaKAzp4GtUznl%I46gijseot*R@s9c<4@uD-qqze87+BwgHO)^X``lNX5 zmb>aZs>Q(d9QCX~#Sv-z+&^iDJxBN+N-ml^a_(P{Xjw(3E!KvAv#BJ+Vw~DlrAgPT zXsva~)5-1?z0WM*THE0a{+y%309X0k^eo1NllH9`j7`5tuL5$YH2US!M_g~YqVSnm zDV6mn<16NG8rW+G)|6|x(~+i{fd@rr*kO?DXM;4Czi7dKX34VgYzE>qEG6|zQ8r+W zfjd2}c=@&WxEH|pZb9B;7>>hB3#OjqZTro8VXbraJyx)ed447Io99#fPMjaTg=9sQ0Bb}es6*Ce-!C3%iYAT@PawxO}x8FA(Jjz2cO;m7C5l{xa` ztMi(jKomFr_U}cU{n0+8HM^busH&gr@t?^oR}4{f_BkVt>zK4rrJPlkHwpGf|1}lh ze^Y&~A>8=y(raaMj{qLeOAY4kM}na;+p5hQ5zy5|ZC4oKT(TDuZou0csI07X)aNV~ z#s$#_E&lsM|CF!6JbV=^Q0E~YDLxHO76c&rj#<7^lEm)K#>I4CVjFcBBZJCpqwH_* zioFi^+6;Gb4vJ*olmqhp9pvi0fp#;7(Kjh?aY^lB5*(Y;Xk8Q?!M~0Cmhm`B$8IlD zQ0&7$LOj^_~QiiPW_NA{Cpxw$<%sS_C(O20Atx_z~ z%Gop@`;{3EcGkNiOhgX&qk`|siH~?#*HA?*PPnCEp1ioS37KdCihIYvfIEMYzFV0y zGE%_q$Mz8ZB+UFkyYecMdI;k{x;O1dSqM+i-m`|>JPSBT-coWPZS2Z{cOR272`3qo zvy9H^-LmyHTao*WaA$kCCD2OXo4HhTTcy>0uos&YdmnGwB}0rwv@3^cdLAx6Pnu|| znsK_)RuQgR=~sBMyljdWv!SVyks*RZJ(O(%`M;S^Q9|crG>}4Sx?shfkN0znVi7M; zO@4l(^UzH{Enj@wx9^UyMr(zxfpEv0SbZsj0eZn3Iyy3N3;KN=y}=>Qa9wxbXYKXv zvioSdR9NWs2kS2zK^o&?emw{-TZm_`h1XTcBcF7QreJ0P=L?zdg!DGhjS7^Y2j`MW zCK6ykqiSG*B46l2ftG_OW}~13_tz7k@vO+ARGa>m3wQ*f(&oZ^>@T*mQiKTa=xVm?wE382G!9!jL$Jh%e#z#1FH6YuESy3$75&$gwkM`pTDo zab&pL(!MdPPY)%!_?p_-7cQYr$!LWRsg@kq*Beltx$iMkWJL4_wtqjE<1dvDUSFg( z1JIjlb~33!y0{b7W`FKh&uyu7I|hU9v&`t5uf_tzyBj92e2P!tYE@`U_~kv?HxG8) z8#*Uj$Gv9B)7JwBywTmz5&G>N(ot#}ED?lKhE!;FTa`LH7B-Q%(A|ORHXaU z!;37ldLSK7H1QL!zY0mai!0CNNYCVj4Ab3MU;$T!TWU5+=Z_VMvZQAYt)K^cGRiH& zM{Eu4kvp9V3SO3;lGby7jK(>cP2D&yqKV!?uc%CZ7b}_v-HUu_b}%*>T|FZCidZv= zGmCBNYKAR>U)Do&@Fe+5&&r*-W4(iSyLCyt=y-YcRYRh;S#@xL;`r_5ZbFUQe^%`O zG4+*UaV|@@3{D`pOYlH|V1eN7?(PZh?(ky4-Q9viaDuzL2X}XOyL0xr-_H3pKc=6V z?vmBj)m5uCND+YR3#%8edDg;(5*l&>v=K}>$Q6rh-cv1-iYt}sF^k;FdfKCWJ>qPJ z87`aFRo>sxt;K|nh8G+z3JA?%**)P@^VSSL8MHHMhp$pQT5wiMeST9k#7PMQXtl68J- znL8?$Mmt_ZrD{Y}>OLDwYaBcZ{6i?Y1w7V-f8MGzoGjYZ` z%X1a!VV+Iah>#YU%8+^l;4Eq3uXR_dkne9S3{eXTzs2keb@=Ht9r*d79w9j1AmX_d zRI%R~L_Pf!h{VJ2 zfUxAM&g(Gmlrz_CL~1~;vhsKH(cy9d>BJ2}_ip4tIm#HLVb*;^Y%-65(Fw}E;xJ36 zP{C5AxF#1ROBJI)nGU}X%MSOWK@6QZJrM_N{mA~Bk0UF5=wK8DHQ0P6W|=&3TdKYv z5fFYIV68M0%-9+CO%5(w(dgyvVH$kxn zi`~0gshp$O#YduOxk!k0M_6s<6j0JSQiCBj6n!V2Ey9?O6d@A3H5dIi{f?@#aB)nS z=f^gE){7$%l_?Qa;X0n=#C0V0zbK9hm@=-%5)b+~fb+lErF&agsO&)qd-%_fHre@g zwAQLjRIp9A8o8-hdYVxBqSj&+OW0{`(T#F2^p0h&P?Gl6$(%evm|345=}556QWb>;G| zKJd14gz?I{&O?0%qk9IYotbUxOSQ+#qX+a((RjNMS&mlT)`J3WNgHc(xqQ$f&Q3Gi zG|!`VPm^2KOJ&N~xYWn1EA;d%AZcWCkCL5_q4U8l#6N4##2dAmlPrE|jv`b;yt>wy z;@401lDLK;C66{+zpMW_?-6~4e{xJ;%lA=t9zqDZsY$D4b~03bSCboJsbyjPI+S=UGNr+6 zUL#7;KTIF8-#w%BUGRm)mW|>dsS>4ya4~&Ug2qTEOCHIE|Hv-F*!jsX#Geee-#bxM zK|GcYSzH+hYY@0%CZ$BgF-R|@lsU=UgD!;sd+LBx@h3}u77xvqYD84lq2OUF8ry*9 zgyV7`SpJ1w;j1_;_h}IM*#zk%s%3m>W$tr(YANhNf}{tdgU?B&n@CMB;=>RpE%F4~ zGRij&xjk9*5Wx~^nEs;a-}NyG8}&G!(P16|r+FAN&4_QDzpJ?nDpK)OS=oTzn~wEQ zC0rTIX=v$btLTg=(ri+;O&ZK$)`{zmHPD4=l*mnZGD6s}STp;+ngedtBqAe{=raoZ zzD^23!Ohr(X@Apjf}H-=iO=FqDd066Xa_K`O^t4(almoKjEU?u!5$a_g(N9Pbup9a zQX~}GxNMu)rPGnhp9eGY4EWV0Ul3gxHnyBu9O+&ey88})iX^%{(2>I-#upi0eqDZd zSku+?0(!?8&(G@tu~l|*1t!`#9R1-b}!f@z*UiS|CwZnh85qw*d8-m=r`odANwqKIPSAorfiFjqyqF; zXy{C;*wxs~T28w6Q*DcdQnO_J6s7&txCDf~Vo(cIi!Rnx?t02TT42KqP_ zfvFDLDT2RnWcgLx28_n7U^uE=V0wOMnc3~`@cuOsC~Xx=pwXp&%GS1riaO+)SD3w# z1ZoLz!`0`8oM3&eU#6%~mmQ0>nijd(T4wvL^YB(@_AH@0m3;areez2L5b{XH{qcM- zJ6zPFaB`8E8}~vDta#JQuX#TdtjrKTKA7JTgg#0a+ONb8YS(YX3#n)HI!%XKRfamO z1m<1=9AR|twkTwSiGPF(^N!x{@WP94su}cDu|{}#eA7{Q`v!o7C@FhWjEAkhWHv;Hb%Lfl znUp|Nd)H09zbV-drB`IT9BB`*P8h=Uziz0rr}VR?+Xw%san;tWdXH%LVGewUvqvUd zN;8mC<{lj#JQbk#b_H{BG*SVHO`i+V_`1bS|1XdRswd-fmtTurHfRs=-Rd|g@Hab| zKUk@G(>nuNofE9LWVoDg#Sm&$) zi_h(6nl)Hs5%hTE43%QY+!On+2K8~RJBI7RWVuENB_Y}Z%2#ft`$`g558UM|SJjW+ zd0em2aFg?xU3XF7x=4Se1?0sp`xSF7UyC}ru-Ia1TM?Aiwv`ZhgeWhjgHee?VW5hr!D87B|^Lto|f!0*7_s}G^@ zZ26Y;2R!YWx(MgRJ(zam!4(Q~hD8-%X~`mdu1-f6ilHoI`;4wiXO7-)Ad*X0Dk1ts za)^xKko)}u-+Z^hr!ld=mj#ZJxSqAwV!-93_D}^krMBjyAI)vtH)N_&4qUEJZ8_wb zbT@)VKQ4AZ1ee+N!ieo|9ZV|mu4=vo*CV}lqls(!=UPy6y{j;CIDc)VZPA=lsw5_i z%=aZW0DJ`7pCTHXY;b=x|Mu2E{mE$#6l*t2S3dfL-=DAdHm(E_|v zw_k$P83hO1-bAlgv_!n*I~${GeCvfX)TV;C^0Fm@m`Qe3wP79=yP7U;`JL3zYdDW@ z1G!xJLr*VjTI41MRPPqCC7t!^H(#u1$JM?2(RcSWuBe~qrxc{yk5k{>O3c{260A~U z*6$BPlCE=Sj3&w&*W|OOea`4LmQu3&sufzZpa_@txm<(L&|BtEBxBfnk!27v7OVEQ zCU;11ZMBxZcfs;+O~(0xeoa1K?C7qdHzjX#ZNs@6^3PFL^=rD`7yQ!=9%;2C9ROqs zoacy{dclPd*h41IC94{{LF6%OcJ^c83f7stD%7bJjw%rH=kCG2O_+J;PjOjW60<|*Kobxm^4tz0+ipxhBeQ2=2Vbo^KN-^NhB{nK zX=t}#?rr9?<1jecUQChEZ{iMJ=5^SQ`NMot&qPH5_V%@A+(T z7kGSk#PGZRxsT(T$R~`B_~ZRI5}af>UY!SR!ot_yjWB+$EGwAARd{Q5vILa(*Cd-~ z`4$2c%pb;*;C(^tfQ^#aw&8jtR2?oY!)MkvT;+rK1AxDWzD8eOG zz(egS9XgaQqDaKkHK=6FhC`c4_|x54j0j|IYV-bg>A*i-isrTtQ>6`_bAm-eDNuq$ zKPv*{gRrRrnj~BZ1#MdNgpVEw&Sn>HS!~kXrRh+OKegklO=y+Fv3f6IzeFsK%HFBQ z{aWu3_*{U~sI$D8h)eT!QpVTHLV07OC%khXbt%DVjuz}#M>>Pbp`FW5?K~gz!BrH( z=@tSOD9ZeG4%6O!;yjei!j;>B?Ka*-v{h4*;kl}mVjyi3cBkdqhGP7U05W{K*yOLmogJ|!j_ z#c&Vm=)9@9D|_*DC)M2^=kwqzzPrO{8TRD|+PAYZ9avX(YKpBnbrMaUyB|pCXaw7( zsS(uGL_>t)-Y|vx?WZ)wn;+>y%<<7u0T`GNsCG?EBXwv*kC0GIs)oPIgB0>#Pt+B$ZN^3-8fsdN z3AUK;KB1!b`R`og)20Er~VhJieMYX0()Y zFPtC*lxO0Q4xa8d7$mF%yKhdh&L9sEh@<4773$4*NN=B;GU)XeS>@M^aWHoV81Ayb zaAzWA$E$Tn_Uq*C*E8hJpW+gKOy9j#jodzHrSW=Cg#N+}S2~mb|6Pu-1T)RoG>0p7 zxX1FlUHbj!Yorr`!j;ea#T9Wx5k#TsrpJr%z8;;(ePfg})n6Mf;Rf2$*&f1+;h_h#&U z!XZMoGg^2)wdEEf&2*Bz#b^s@*`UbPZSFPQZdZKYU=2M2OV%lSDH%tdBpJr2=J$MJ z4OT8+YN3qU7`1u84<`lqq$_v5vsEb5Nb@qs;W1Zyj zPa{JhYz3q6sL_km@(>_%bW;oGfdlF&4zF=!-m(NIl^{%*#=v!<5S!sOIRl&S($&?P zm9Y~|+Ysu?csT-^aV%2UwL=HFG|@|6$JqaF`p`bGTXe0VcFvz6n%skRU^{5ldDS4Y z;|_Kp_~!ym=g6_S?ZW{f;)iX_REkW!p9xX#PrCs9ZX^;pOh2+qzRN=THzPSC$X${U zO!g?Wi>9J$ZfgPbNV63ZN9yr1Sj`x^Z`uBgD_N@Lg*}kdu|M^{P0^-RKcG0$v^y}ES zY%`$ut7Q+KDLA_6(1l@<+Ki>EX8fqIZIVa5i3G{gDA%~79spktVUqn#2D&Fd$ z;1EeWogl{OkJPun5*d#D_EG|vuke&{s{d5$h9wknKxvmsisatG_08~n_;A!{06Rn> z!_(cdjuG)mbASeS2D=6JvixC8gNY$+q!3@0qoc(VJ4=%Gw|*wJ2BQr%XI2ezY4)v# z@cjzg=B>UYf>={>rBAnx{70wgAk~p!TVAZchlY_a_sR<@fMCamtH+>3&~zZbF$0yH!2&xaT?KEdkBdxzj~V z!Qwu$(hwD_NK@*GnTt6bjxh9H`mk!9%*cFZ71Aldj$%#;b9THrKdJy_UXTU3TXCt(m#)B3MT6YcI0=1H5vlBHv7sq zWJm0+da-0%Xo)*Nz^JOk0WX2B$2+KWet>d0y{!L(6FWhrILBD_Y>Cwin-{2%*PaJn zeeO?C11`1b#8BNh&V)Jh8)f$c!vfu_RN$2!bNX8>$2|iJT`o;IMr@zP;3Q3j_?V|; zNv(8fypfYEBA4dIGtS@W#?0hYlTeBi4fV^ISuY(-q6cW|+`-Ep`Ms56 zUBFCfJP?zv@aLo~93K!7+rKe>Rg08Q6PyLGMI^F$t8Gms)-hK24?9JqDQAK)2@-w; z=@a$U-_O3Bp+IF|lap#@oFl-{K)gEkV^77D?d)+H&7$T6JPo`27Q7)C!iX z-2$J8m;NZUciv9)1P;g&PHrqEguBX;CRV5z4st-Lt}%-SR}cuOvhB`>xpSOc}ix z?JSPxciyaIz;w8klYJtMg|3s)C>r^834<-rqpio$w^m;VREylg8< zuBE@epOr9O%v#3>XH;C=yoJkFFPGy5_-}XFy%%0d8l+S(bpDEnD}0E5pp<^Orry@j zU`_HbAT;@Irf_Y1fjY#~1IUlrI?B3#CgV2t$>h@*0&&If@MKj6j1{n$(@UZ^lz)r} zs0?%kC%WNAlla)TQVz2tKY8-~BxT*v@Cu7_P;YtSdU>1rhmI zbZv07x}EHw&Tg2FSE^3wUe^x-x{^6QVpc7SiBNul1u71hR zQXW9Jm8#^&kN03lwxeg)c5pvU5^vz65-f8%bM$B~k|DbhN%tqH6n|!U6P4sSEJ}sckL%7?61tDP zA=51MP@-E6!N=!;O0a(mK|0d}@CMqbj5_jzA*xn0+N}|NBkufVSD9dB@yu9 zY=tNptsS~Pw3qxeAP_}5X-v<-!=(EjIIZ9A{^Rjm7pQ!#UGr{N;n#SxNXji`ju6D- z%=|f`+EC`q0(qsCloJI?2Xdn?A;mdamJ!ek;h3N{UfG-*c#l8uEV3>tP0CL$H@5eZ zX1fxZf$YzFM~qV@CTZ9iSHk3jbmi7)wYhF!H%J7HFU?N3h!$HVD zr?O^zB4`bM zzhyYS0w&Nr2h;sY&w#~63s5Dvxi@@sat4q7+JKOMCUp-72a5g>MCWW0mE4q6o4t0Y z?2QlxwVE)H!vxiva40}IDm_eRe6CTO7^@fVjXx?y#Hays-Do87M*|7rs6oMW57Gq@ zns98_s3UWX*$>zy3Z3e6^vsgc_%l;9iYx2_#$%IufGLL_~3KFd~FGO?{bb z&S{WEnT0mus~mc`99qc@?WeN+^deIo^xpa9Mp_oLjA?5Tv&^+nN(B^v=C^4t>|DCH z;>xM&%gAHa27}??8rn%%-$B~c$$0~N<~Z{H6v79(k7AKuIPB90W4MwDA5*1ET8hLm zvEwm~L?qOE&}bo5=@^rHQV9Rzk^Ypv{q|ZMxI)bt?<2U&1@B`a!)~32R=ML>&KXbc zkmj;`Qim3E;6n~YU`zE-MEi*$t@B!Ke|MZ8v^(rOcvVi-jw;3e(%EAg?@8b32XyNe zo-(b(SNWfnDmPYKzr;Bh3F^Mr*#z>e;?adXx`#LCYK0SReRNQ@Pp^p`-z?i^H=*q3 zpl$T8QQTn(t|6iHR)wJ`p|O5PKjqV77W*ZUqEYU|4EVw^rt!B&G{6qlgz_yj9SdwW zxO?Wvq!Q4Z9;fTSM%DW*?jn=bHiws4?>I%Bd{GLm)b3kqbiOuwT!ifrthX*sjbgMj zmn^n=ab_xXDB?>Jh$q)HcdT;aIG2_*2^_+=uKBV33W!X}u1fg5fgS85FO6(_=Lxiq zKT7TYhxnz%*PdEz0Fqgqbu(^!{KLr)7YpvB&B*JN5aWE={a%F6%B&H0#)Og_jO#h; z<^27;+MyBBAA`5q1t_vaPzUYM0;?coHV6`^Y;qQnoLCJvb+5Z>cbMw1uCsUK$t zVF>?4B;QN{)WLQtfgS)1N&6hI0OJ1WMhLshHUa;5VPX&#;rdq`Hd$pO3B2Z`7C_WudA3-Wjsd zRoysa+yCRoda!ZiZ<*4_V1=CT;6B4~d9M)hdf>z_k7{&U-04!UKgKcScmEXYJBdBd9VpJsooY#W5wuS_-yA7`8@`8I95WE>(%et$T6QGOwG48G}wLpH$$U$Oy7xl16}3y0yN4?Ow#sA*wlU}ovj9Y zx**F06BMTwd2V$)djofqbe;JtDe{O|KFz-HzeB$uq~Ug&^&fSWfLlN{D7*23NO;0j za4_>T^KQc&V>EyL7|DX zBqz9@MB?K)3G8=*zO}wX&bZF|lYLe-b&J1C&M`8dheIV&lW9(PVM7TPq_xRJ?vi+t z!0-EJwG%LNCg=!??yXxy+l{@`ZN3vE-O{UAg%7+~YL~X@@P!&)89SYDED5A#`yt#V zKqP3@={9~JKTc|>-A(s%u}_uIajYmgY_D<0>s?)-xEIsz{Je=Sms%-=E&wz|WoXT9 zrsyAW#&5sdJ|UD>SXmNrpLj77+R$CaNk0X`7*ut-VuHiMDkEDXTO1r1i!h+51XfHX zF%D}@@n@Vu$8*XtGK5yd!F?qgaJlX{zLz=^S5&+5ILweRR@s^FrGzZ_Sit?VP7VLE zD`k(dWuJ0YYorg+3uSyicamrG@7i2N#5g2O%vMTyRPYBu@g2unV}MupV(l8v+03Qj0~*e~o~swN~TD5Q4sq~79VW?W8K zJ-EOx@N}oG6NAB(RKzZXe3tI3+Eu|n>F({_F@MzF3SyCjzL7zAz&}dz*9akNvT{xM z5pceSo%a!-{eXKxM>BM!%l9{&?dY#AE5N#&yqf*gpQjB_%*bK7sN#OYw%BSno!Ojk zSX!;|FTZ2VCU2kM40mr*nI$wLESb&^-4fT#4R#*Xn_9VoBmij)4braaOy~ z9f?qe5aBw#*NS_?@Yci9n*KR{N{l z!N<3ir+4uH#MynV$?Eu9_tSww;eGr4P-xP6o~a&~CPD7G`}mCfi(*;i>iFsxJUjon ztIa#(C$s6-PkQ}88{g~G_%q^tdQ>UCcqVlY;vX5d`AbiLofvW|I$Ijgm(z$MG%R?# zHWYrF^gzFzXhMM(nf_m#a}ty!krX29L%>$eUJ_c>s zt$DB8JnUsf1z|jiM!Rsor?3zJNLe5gCdA_zBo!&_L`bxxYNk&}qN+n||K+0b^)&Q( zb}_`@NYH_G>t8?O_lEs3z@tuuw{FF~^7ILE^3w0EZb6xnN16Ha(QUW+%NdxUz(}c- zb2S$dCcf9ymjX(5W~*-u-+rw0uu1^4HS2caZH1gxny&?Jc>qvW64(6}BxYLgws;7k zMEpK>mh-oqc|O}_(%{=KGa1w$xgyI21+x(s6f50_Q{;~Z`SpU>$Y{+FXr55DPG9!u zZEZfP3?YaThGf^m&KQu(2g@k`A<>Y<^IgPG zwYL^ykCzGnyBhHSsW3ObL2a~=Ck=potqXi~39|j7E_~YB0AU%KlO+qcucqeUac<`l zpvc!NVVujhDLQ5|)&;)fyPw}W8B0;!LI|8CbduWMs3jaq{naEiFRq_ zANsS1sn~d4vA9FV3CLEIO*bGL zsSPQcfkl&9`z)#xcjTBQWweG!E?K0w0(3Y;hR(FW31dWc)?c-DI)3Z8b}@<#n8t26?U$vmvd)x6vPRfDf}P%UzblgHA#r)qL+N!PBwC9&$ozUpf+=iAE8cvWps8)pCAxXAykSbJ@?!kR2r6y~ZNKrox> z?eLLGJdS;08CmvHClHx=3M>sBgMWZz%pw{pchA=W7!fl2o zGpAk(#Ea1;N3s^PqZ#hmd>!Rs7yMCeT}Qccw?SEK&`mv`TiR#B*FR*Wmfm%4C`?u$z*{P0J}`>icmsQ>bt(;Dcvn`VTmz;&2Ilwh+P64$mhUx0^b*aaai=Eh>5cSAHTq}Y4l3r_%htTyUx7>%Z1mpxgZT6+Ubn{ibb-e~T{1KMR(p0HZzIc@20^23;>T1OubE;CV7J>B zpSP9|i(p`L5%TcM@#)$8p42`^LMltDV{oQJkwnHf0{7gRyqE#MOq#2Beo^cYK~40b z!(e_|k(H>C$V_Th1e|{v7~OYa-Mz)kW0e++t{stH2ku?eVlenZII;hbkvU*rEVdHi zcxGDfqPXrs2!&H|FgFnPSj#j;{PsZQcC?-bnPckky@#OuJiL-~$i)_%RG$rEg#?O| zPP0L3z%zcPGLgvri8_;IpCmYRf$nFVlb^-iL|kFPntdT2S$n`RBW?enDRV|cVYSK{ zl0rzMXzSR6qkKqk3Dr)Ht&jD7F4rVTY7ZXB4$C1!9i$FLqc3)8!nh@R>S9y74v?22 zadd7uO<<>!S>UJBpmcX$|0>G+nv?MriEG{o5dE(GFtZyQYh`eSe>>K}l zT13i5`oS=`VLdzQIKCm(YHvX6+})7vS&8HHHrx2g)N~ zTD~?Oev`p0ASx*KgqhPEbrHTVaHf3AAji)5Zl)u*-w8Z&!mUt;d8RYb<190vZz2Tk zesJYJJSd|1HmQQVNQ_&o{J?etv7Q%~!d>!Vg4|=7h(e*+Yu<_`GK;J=od~(vzw9Te z5^~y99EEIl0QvscjLa>$g1viop8hP6@e4cmNaFSTU6NLcFtR*1+&D%vy*j%Iy`vJ_~99|n<9?qLbtS&fLe7}q9-FRK@(10;tzTKit-F!5YBef~0 zW2?fGPVm78!{2tJ*=o2d9e{l2!Dh4shh>x#sH%94=_cm~#Ud`kjHFY_JkPl4R7y27 ze9U+-h2GnZq}s2>qn^fcO2P|@$1(@fm7?vajUn&SkaxaXd3?)_&MTT2{_6kA6cuib zFal}Jkk@QmC%0O&#^?wE^9z#c)qIZuM_T3{hBMO7}?~xjmE^vR|PPNgUfBf0=)BE}^gwL9UdM&A( zjw{YLS0|<}H;Tvld$_NNpZT(GQy+84%IF_|J5(fX<$*o|dWW`XdnsOmpO@K4u{*-0 z?1L_Ko?zeacg+8}+a*A*t33JXw#^*A9cM8570fiqHt$^~aDxsE0w{BsLpT;-2tC2}7y~Lx) zby7$CNwfC+@xjPZD>BkyJ^OfQR5Kynjg-&C7OscS4T}#{f{=1 z1+u`}@aoDxrh#Y{?T33vz|k|~3ed^vMK+*+?TsEDerwj0;;-3C7FrPlUZK3QbB96a z;lkyq&ejnJFcZci5CV7pYsbIuwg-@-E(@a|QobXcL2Gq-Wb2U#rRc3nY7l7m$osk@ z;@Lnrc56mW;LDd0tvlzdy_IY6s9Qf9H)DN1sTb2Y2U(|YiCm3(1jJUI>uV|Gf%K!? zA%hUd$OH)*WT3vH;r!MeCGE^F1y<+pqR-c>1(0QgCZfsE? zt_f7@DP1sa;l1(Uqf35zPWYix87y^3-Vhi^_jmOhsRGsK6+;7h7ZsBgnCAgj zb0{)aPiSwOGe$>h?o80`9(9sj4WkCy4X~w|>ZN*s?#d$C=&Xe3qMCBe$%aew=QN)7 zn$BB@?u|+)S2GZi;R#*BI;HfN4E87Un@(D`=o7mRpZCM{U_=yurvJ+EMEno$^kZCq z&6^kZ)0&Ino7$(aDe7y9)Ofs*&=L|6LYzFqkgS?;K^^obxew#7V*iFL*Kuq>_1jBn z^;^aBAeW=e!=PUA)N5Rp5RC16(Pn%uv3Ft18h2KHKD|u zCsz4NX>;`-c=Yk0LzQVMJh=Qmr3`!KFBa}=z7)6{Ts-Nz-ta~<(h*`x_)%KmWQ z;Fo3=t_Spw8Rpy@hPgZI$4I#D>&6L_aIs1QXa0PV`OhS-npW}M&0n~IlA`UrW+s+L zDtl$6I0p-50-|w2so$@C3Ra&}o@KHZTdak#Sn;-s^=cTg&kGm7qq&skp*bmg#4N0_ zmqbWPX%E>IGfM8g-oh3A=0lv#+_NcRKm^85ruJ=0F7n!o`)0P&&DUlHJiT%&X`cb* z#DGjV#RJS752q%pI&2hRMXs0AyZB8v%n&`2aAN@4ZS4ATpB;ibd8{$i|TQF>)jt3;DdGtp*#8`Fj zR5jKu0d%IMBwmIUlG4VM$Sb=?oP@-N_$@_)c+ocEiS}2zN0)-LkTy$Cz8a~TGX{x! zIo{;nGp`iDz2@Z8d@WzmjL`}^Z-Nd{#`AtW*wXeauvK?8I z%gI@yLhNkKJnxRQepZ675jCq>xgxtB+20*uP+JoHa8k_2yQ7s$8+U{I&Oh|CfeZJwPM!QfRrGy#M$OnHW|%lyHEZ3UDOe|9T3Xb zCcdFxes+vVkJ^MoVw%oT>3r$;k-FqnikPka)2N4PoJ5_Y_1e<%iOKx&apb;R2WUSYqfTK2?y|3_S~XLKXfWbR|R5E{v!-S zTT=z80umwqFnno42#!j|V4A*ZpusRdOQ7I4JT9C=bZ3r;vgW2@q|^@ue3%qa?YsK{43?MS6Q0SDCPBL85N5iU8Xr7+wY=;@ag!iy2oL&h^vGj_xCqf&Adw6 z*$4guz2!_@$ZfgM8ecq}|S zyn`k9MVbHmf6l1)oe-`_^?ti55)?VD{pOpWNqEyDws87Z?DhS#|5Z+=2>c=a$6XX(R)Ua7lN`!n z+#Ig2J@B9LzV!f&hV#4o9MrJS(1>v~M$6;ou!E&X)aRfq#=c+(6Y_tt5|bR(($H4q zYwY0>tFQW7bHo(-l?QWwfK=*Q%xIyaxV+Wbt?d||Dox{+qhv71BgedS)3xNVaWTGs z_7TFPKu++rSAp}*De&B3N#!Vj#+B+UE7rXez!~ngCJO?5YGP;JXMcg2DR#u{kQiJi zQ)C8zKu}Ra`NhxpU_zDq{b)O@30Lz28!n4IMhDG^0{F|nvx9-n1J6zoJiGS_>#+f) z^+~MlLTMuCD zdKu-v*t6N?Q-@SOpsDE9N=iR+I!K5^Z{{ub^$g={3Ll#BdE5ivtDcG|Dl^GVom%ra zs8z4>^a!a7g+|#TG9wP&wkQT4*4)UV2#sh2jD4zoIeid8_)w7M*F$-`X0rooo^*Oi z(A6MzgZo%2dQj%d?>fzEoTpckY4@92PNc-kraYLF>04LSLhg_ifna2{OwDB!Tjm)2 zgaR`s=ikz_IfLevjC>>5RH>Z-s(?y{*8>;$)?q>O41 z3y33Wsv7hORGsu(4f+h`3y%5FTJ%D+=)JG7iSA|Yn|7LjfM_KGQye}Uc86H8O`wAG ziv4wIUG8#_+H7qW8-Eww&RML;%bB}FV`r}ZOYL!6ZU)u4aQ$aKUwAlnc<~j?w%^tf zpxmDtrh{Lh*KzfIzWacDK?Mj5trQz&^gqLY$Y?Wv@BktDRTi%RW#!KhZZccAB>#$A zumb`LsXQ3;A8|vY^2j7DHMUm15G}mkG3?ryEV-)MBL9*(tDqzpAvkXy8Q_*5gB zx3>Cw8)W>_B3mklL$vWP8+cMR;MQ?>+=%~1zBO*JhNb@lDL4A11v{;^L_lGPq&j9S z{#R2eP#l&8lNQ>|lrM(&>(7dd@0cC5j=hRI-0j_0Q?#WkD!UKH!9f8*cowLr|Lk1` zuyCL{!*^ex;rET4@I1VSxcL$d`rhmGb;s6JA_t^3^09 zr|AU*hfsQVRaQ%^o92WYKl?(O7x6cQ#Qqa6mD&Z!NqtnqfY(zuHaifpO{b1tyH6L3 zzQ{IING(Xg;YWwwegcWz|KB!suspi~v4L0-e6HX%>cTpUv2!@QxCX?W6haV{oY<@& zr_qGvnwPW>+}$W;RX}{5+ZZh$LUfFh^b+fUT!oTdq`UW>;ui*Od6ytlsY1@48FmDi~f{pS_c=>%c@mZ4VY4aN^%Ohsv%s_Alt9 z+~REw-!t`WaR1*%f$!!CvG+qQ;Hs!?b^RjjUCf&9{A;8)4Wg2JzDKo=o`mr0;_3Zs zC6_9kYZDYysRUoV7{MFT@o^nN9pk=Z9kbj{GfuxE5otUzq=jy1ovc(PF`c+z2YZp{ z{*or}#eW}5d3SpY_BX}iD1K;gy?zMign973Wc4j-sf#6H09CTA?QyvxgH%{Bo-hv)`v3|n$!=%HVAfEthKQ>c2|j!!c$AJUZSiT}rV-MY=g!y_USN#S2yCEvu|J z$>8lX+N>EQQTPPx29+Yr7Tz-o9I>{nqkZ2}CT5ktma&$($?*r{#-CaCS)5H}J#l%j zVl_AK_56`7J8C|}*ywx({L1W4LiBz^6$IN*pu)$0t!DcWG>fAfbNKVoUD3bv16Co!2F75CLqb?W(!KIGbO_&ik7{0dUP{u zChw);EQ}~Tbp8$xdbJf&oW^?J{?a}&$)W-D9k8}{$WB)Ht#SSIS|JZQMk;yWa(32} zc_9`azLp@;5zJ2_HSB==R(~7J{y_|_Sm9@6{VwWcCpf4)a!nUPvO{K~U>D{q^J0)y z#Gdsg=ezxxJovUXbz!z&5F!53lg_}?!y){yggLxBNCVZjQH#M6cFipWt^w)rg$o?P zVD+bsvaFWrZi}3_w2JmmTf8BK&Ud+TknH20UI7&#$_qa5@t>cpGGShs;oOLE`Mc{2 z=Y9dkc;%;g0H1o9KPP;E!xyz5rFbdjalalG^`A)Z$cvC4$qs^v0-~q#-E_k?uhdG@ zw;Tc^x?iaQB7%8ch|6VACDA-d^@cB{gSir@U{~4h;bY~nzZ{yr@1Z~|j+yu=B|5X?|xNJedksI-|hA6~J z6)B|YAS!5#vOBC9UE`BqY=X6p)Y>qgk%AJlp0cfG%oPbU6a?BBa_$s*lD#%f_!Kn& zi8SB2A9_qOJ4ZkUF*)rB-GEBivxuU*JVSXcyZ#BSB)#hlg^MGE4>uC=xKvDm_$Eyk z9~b#Keag4fpr^A7;+rKnxzfjJWND#~`j2P!_4#(f!@-h6;)1y=FxrYV4m?6U>-rIf zU8gJA2V0m&Ao)E;z=H(-V?Dq>u{fRw1d^y4G;DDjY~M$k?AV{~yQQq#eZs2u#kYC& z2cF(Dl-_~dy3qq$yA4aAaHvm>VOe~fBZJj<8qgtZT6_IzOWGUU1RM%%TG&(?kn2eIWp`v0x=_>7H7K#fI4hTHjNEUlcN!_NpsZ8!yF2hdz$lfoO!O$kNEaQ26uyn^e;-!`+N*97svQd027YJlcW9mc_AK2?{`vL*1|RGO_nUw z@-1K#oRm^9uueACb+_U$e1K1H@Mfew1nN=l_xQ>PPpc9k^5K z#Ia+WT#kb?Jj^V@w)7klT$0(&J!7A@gS^(#7qi~Cj8)k674%^IlI~KS=C!-m#JJRg zti0#Z2SDZoLNgEkRBIJ8D`SZWlVtubr{IY+;r}sp)nQR~Pn%E>DWyR|r399)rAqy`q)S+00Ribw=?-aW=~$$@n{UP6i{Bq!t6VE*&OCGG+;dMn3kW49jV{G`+~~97$51P&9@}& zj24d}mV)~r#s}hA%$}NTPlUCZjLm=urbwMu-S+enFhBEf8U9I%X4?~4TbV1VFH4*b z`vXOB7QPsKQVw`3LfmPhYS)B83^FMzVR{xf=G2+aE0h0C%7A+0&;NRIZ(33M!o=cW z^=}xtjg1?vgkB%X4j-HaY?-+;+i`8Y$3l`kGN#JwHbqBZU~=UAMWGbg z4;N-EE67|E;zyzqw^A3u9rAapD^>Y4B^x;lyVw}b{K8ETmuAFwz_g?IuAc2VU&Vg& zxymj2iz+isK>k@oi9sm^FIi)UDtYPnq6K-QwEvPybt@QQEQ`-lV2pyU*7>L z$!5e>BGgAlNY6)6-H1uMkXO_*0rcN}@-GR)VJ+tT4)8CC-e0f&pAdzK^qxNdc9DpM z_8L~aP5u+lfxo0_k8JWxjYGeCme1@$R^AcW^A>`?)nCabwI(+vIMu)D?s<#JL~(i; zOu6f>`tH$=B!+1JW}-KQO@Hrcge;aVMpP{%DD&(W$?HF{84zs^Y8GiHLVaq4^m;Vg z20l~9$UrStLGY`o?t+AECwBN*f)OIt%YU~A0fun`ug`YdTeQEP`l8Pd z$?Na);iG&e-x(a-J*~644sUGBm)i316O;Wq=5XrKuo=g5$vc-FJv%*XpTDo-nONtC2(wi>tqN4NYw^CXG5P(UJ8dc}wk2NPd3Nj3=9(s= z)f+?K%aK5DVko+?0Uc7O^tqxUM1=T_ELs;*zasML|D(P*QD*c!-|R$eSn^st38S63 zWUf9Sn{qvS%bI<=^I*a92>>n}Y??6LQA2z32fd6@}9?W%BPU|8szL(AyBZ8)lj_A+G{R%Tp18$9g4YM*?vV zSoNDQp-(tGNLO$Fp}>8_TSC34+l-6E6Y!Ah6byhY!@0QATwsnzCGKYe86D*&M(U~? zUoT{CdLyiu+{;B^Rj%m|0wpEq$wM>Ja&Z02|8fm1c7Ov3aY<7I$I-P;?0YDJgJW~m zSz`%_hLJqb%6>#RxZZQ9Y$rZ#A;muy6}@DiT}FTLCe%I;w<-`C>o*0minR9|-`S=% z;?m3wc2!;}>`DqZ+m2q%lyH6ZZ4MbJ+|NBx2(9Les`xO`6~qk=pH!smB)lnn!RN>U zcc@dOfm?>8Wg%!kIn*k;U3#_sIgwf~XnF;d|c0c}IhFlcF&inW;`0|R) zlk`N#b!>kFd>2n=mUp2`8aw&379k%6PL1J%l;n3t5BxQA-SzUM0-;_m+1Ir_%`Dau zBWD}@4VIHQ^*6-?SP!rQ0^-Rf4ssMT7%s;p$$8`bOaA zjV|lMw#+&>7v?=T&NNs`}Rg#1Fn2f&i1q^{k<7{!1*ck1ur`9rCAZ%l8hx()f- zcry7R&j@A@Ned%q{;~KUW0pdD9vA0@e9QWjjNZIxBUPIX<$zVh=DWf%r#Aw`LO;5$ zz-KKK!4XZ~U-nmw_6N>)=bJt^C6a|vI*+bpt!$2eA>&PfODP+s?EH=`A@S>089;MT z#?q_t<$?))_LqtI)FZWhwou=So{cG)$qukd;D2<}YL*9L!L2Kt&(z-=RVrxnM;r6^o_8df7PP$%dBavDSHq8TT;TO34| z&&LH;lSb)Ek)GEp2j0?8gna6a=8Y*f5W>`0uVsxH(V6=^%$(8VIn3C?%6spRc$|HP zsLNSu-NG|js_43utgp4oHG`bLX|9HyC$rm;q>v)3LpK*q@`p`s7Pnq|&5V*NEuZch z#@40d>8z8Uq3HDjd4m+*Jh2^@X$+rFKknvrjj;m05Ky&`#i8|ERaMk1_t=c@cNV4Z1 zBXBtNui4+~@|3RHVf9{fY4FTm($f7nZ+V=k7Giddcvk7EddUj`t{*{*?M-b? zI0o7jDWL}yoH&7h*iI}7g z9Airq_+CS9?mq3*<&o8HDOt@Gbn?p9tnzyCJcHhSr^eIp2?07iN&^|w;UCXK=$|XL z(v9T_9gZUcCHb@nI&W^n17>Y`EL6|L6O&FQh7Fi@IEHUb!Fwa`WmZvW140->sK+Cp z-I@4on3xS3Rt@!o<(0#dplg}NbR!{sgRPp-?3abLzvkVx-C1w3*FJq{mHQCTvlgy6Y zfS}1fwd^TFwI-GX=ym+=y2L7fAyJq&_5 z{rnad*jH&+i}4r60q{g&3i(fyZcwdNN;ch3i=Gh`t-cXLwctvMLxIVYQ|434S3AyZ z3{>WGJ8Ihl>oFSnGsQaYw6580dSbfVYimwT?gv{zrtBse7nT@vY*7QHF-tDex!n-i~%J=2uaeZ=hmva!$xVZDl$Qsh>;lrgV zK>6^Yr7V;!O z2R;Y!{byz8@+;B#-;KpK!lVR|KJifQo*rTbLl>(j-HOc!GMT^zL!%_zcSf1{1`cyW zEV}iF9M&%_)oixZojMbsXK^5_VIMnP6i~ht_xtqf15x(piA&Z04ho33xqovo7|)dT-2bT6F%qrr6!dp7X1*MW+T_4^>=a*j7iJ*m~r|MfQR9<>es7?Xz>P z4s#}p_sYBKmWk+hbVF6Ac@bWAjgs$*R8n>LFiGAc_u=vMgKsUHuW#h>A^g_9pw}y% z;C}!Au1`uW?Ds`SfIA1_7`};RI*-jJx}~q-cHpl15>BLu?X9&_4*5hRO@Z1mwY0J+x5ofsR;T<%~84k4NO;!wB3|d+ zxEK2k-sfPG13+_4O%P^B*JN=Gvg^%pd`2a!5ZtDj^X9))y!{TsfK)N6nWB#30Cgg4 zpyA2S^eOow`XPV8k6}Me+(u8W8KE$OCqdb2X}F%S2eVRpd|zo)5Qw%aPbeVFgNR&+ znh?`Lcnfni{&Wh3!i855JP1^($67~T(tR9Vp@n2R9gzop3d11-v1r( zCV{>oMl}>QWl%{`y;QQSAh)L_SF)VA}GjC&?_N&lGp59fvbM*CmUy^wS?lIPF4% z#cAHXtb%0G^NFI)7hSFOqd&_rZs+wYqqm^fq#T^`mWPO$c!7!k!0{;J=oejVi}c!b zD6gL-8(*w%bXM7hVi<61=&g>^Kf3sBz6sAF4xPFGnsWX)fzM_N$ll(6KDsetDez&n z1SVUaHi%6x$u+Ro12wSNfv@pmzKK9u{y$7-mY`!Do4(ikr z-uU_}T_TJYL~Gp6rkECKf0AVO_Nj{?^?-71;uibNOpa_%qw-(J%IniC`t|#O#G`P!A+UTtYzUnvajPE`2=w_w_k44C^Xa&BpSD{>1DmCxjesH^lOb0 zhxOFxU;#Y#j&rO&A z%MrI}Ej-M-^PEZLu5O7^2>YyP%iWW3Z0y;!%n{eRSvuoyvkmdAD;WWK+r`GDml3a6 zelN77Oz=q*s3e3GmB^kl+tKGDe_Twa4}39Q;LJIFFuV90P(f~kb6a%qi@vF^FoEqZ zCTi@n%L1X>9^%SqlDNvYGYpi;aDa|pw<-x?X%N(CQrPBJKf(N(S2+m-8;Z|OwO>yEhm3mR$f)gUd8lw-BF6XxPD>fh$wD8{-$N6w@rBcy z$iGq@^~V=T-w50>Ggq~wpBmNerYSalB&n`*uG4D4nqgEaZ2E{_E0w(aBf^puULaww1+-ZZBj$6aQNUlMU6vJu_my)S*lGi#`!Z^= zgybFy8a5-S^%kM#E9x|`q9|;U%#Y23m0&4=h0Mc`ZmP8XB0l1)?duhy<{eiGgk_%-Jh0xQuBXfq{7OzO}jvXvZwjW_#x*wg5`59iu#ala)pF-b^> za5V;71>Af77%ctrE%y>)_>-2E8d8a&p(atL$=osS`G)6xlKfUa#JHRh2xfo3{DT%` zA)9u$vlG=2KMP{4Jd+1GajGV>XN^#J8;U}2K1rOaW^1&JT!Rrgw|CH%)#BHGThr!8 z7%SWSXrZDWGhXu|>GsA%(v*cKx~QV|5N4zLENEc5H^7nGNYa#2Sz|hP?XZ6^6}6tb z08;ExqN3uhw5tmTfC@57UaoxS5!a>W$Bz@R~R#HeW=7rm_vZK7h9S zh^F%?7h?jy%yX+)t-~D9@1$xw%U{XinsLFwBAhjOkFVMGqWmF0#}EmDsbm@hHgs%U zFD3FS*mRERccEEN)wk^OPL>z;obHM;wa&myD^mR7`lEH04+Ct^_mCHi{FYOC`Zx4? zw#@ir2{~0p2gf6cdE?>wKPL|Ct1v!bf0*$0kjq=4vU3V?GSJl;-(eFYh>u_rDE1|F93T z4f15bhr^hohJK0R(+S7l>h^0vKAf%ouf^!ha-Us-_5e%foctaK21>UgKCWM+kpGJF zxK2^Hnn+Z{ojC=LX_8K*r&o(v$_JTS`+lwzn~9r79P=+m+HaieIaU5bMW3~H+LF`C zvps89*U@x=L5|)Nt(sO*^{a?UvuAvpe0y=@A1bXU7u}uvK%5{;w)M>ymO;#y=TTek zAc)ZfA~!mR=1mo^)pLAb12RbF1R^C+to4PA?=1~3?v@7ZFy13lz5FRFdRvJpb+NQs ztjH7fT*;mv)x(*5T!};`UABK~%w$M0WIQ>YL*Zf9KEH-lco4H_*UuF(?7?RYmpKIA zfa!5ktw=TTn=T9G@AI_+%Oh+jPv40=Tva{15U?(o=O-Dc$)&@>(rH$c1sJWvlnmaL zRdP!CCsV}~qS1#2zI|dGreCVp?c(r5M=j30*_Su;4Xnd^h1*msLxqUxze+bNGAt`E zPI|Z$Wyky&R^f%r(gFch6c_F*`j=wkECzynKtBbzK;1=Jx0t+G;nB*-TJ-8%W^_dw zv$57NI>ny?y8+M-@LFiFh?QKk!pAG>-jMl1dX1mon80dd_Quh#vg z|5s;9xhjslsvCCnvMwFUhrOK$)6SzkB!)MZrnx1!udrV!TD>k$6tU0q^wHz}ikqOC zQ9{5ImrGc}Sl}P=Cz^kjQ8Eq>EaH1WD;=86&j839Ru%un8MB!XB%1#1OwHK`O!9qP z;s%V`|CNeOg2{iKS(Fe=;+q(ypFgwm)XZb8xZZmxqm9HBw97RJPeUkPigCkBBE*{0 zaxXB7IH<**7H{{_h`(jD*HEUZqORQglOVA)#9QJ0^Q2kS-|TWL!PW75HXlWHY!;Zj87UI5 zNiIS@e|Gf>bC?XWH4@xnMBWI&M?WZ)ma(myLd)5@SgNQ)ZPdJ$o<-H;>*}{C`KD8( zMa*tddC@RilnGoz8MQx92Y6_Sc7|urUuMNkO=TBu6{6b=STqT>LeA}gW%!Iv&!$zq zQQO9<`Sv1Lyv<6=8@$-5lMQ!3L~vH|B-B$yS)?mYpzTk}&HAUvWOt^u#^R4R{E9WM$Uiht>HM+g|MS~^H<16GHDan4_dzz z@OqLYaL_Cm)@f^FYUrwLT1DLl*E<~jB4beZ-5p5-8bfl9k5XRIqrbnQ@rnrBR0&&h2=6P^?Z{m*^XY|5)ATM1 z`mO@bO-N~D84M>R)K(M_F#mI21KT^82pqfa2qa_p1}=H$GIh$c3Li||iC!~emj$YW zPLe&L#o_^{$FExUbQ__+14S@#oqfblXW5^4(M34)J+ueH+7!1=UeTWIUL3rWYp@_8 zHswOqL2D->8tC#QAj+8*A>0zM)W;<2U!o$`-OqtTVPbxO$xG;0vwZX`sfXzGuME?Y zvI;&?zIaPwVxSrjyVu8nKrZ+H!tz68lKwjKFnDw+)0w;CAOH{t2XIozwC6HFb$>V^QESP@oI7h?Q+J!jCW8?ay18X*;iE8XuZ)VVV}>rj^kB z1`Za-v@;CY)@*wZr`u_}m-V0=hql9gl#=Bt?cN09n8tMZ%d`$EtmMIwnUSwY<-g)( zmX3$-{91#5@qa=b?D}vV7D*)j5ke{bT>Dm6Eyli+R>VY(-vFH!Q!sg^_XQK z*A1M#@)SCSft@sH4*&Z{H8p@2Dyd7Q>nmPy?w@FeL~33IYeFH9Z`~#`Weqw0yYuN$_3X?jHT~2PE@t9gN|8G4*! zzIbi9$`8Twr#%U?d|FatJ0{bzeN9f(-nt_JiHspehNC~TK$c-af0@uSFwM$he7uCd zq0RH9oLq*LuDs8IU7FoqEw0Pd22X0KBRtDZ>}38&^uc+)I5K_1xnmaAynORsoG`oI zDZM`uRDi~AApixc_|?Go^5h_Pz0pTmQ1gDzzl$V*39_hT*wH|skhYwYHyGZZFlaB_rF4I%8h%aSzpmi?}Om#+iEGO1%+ z&^j5cXP#r=47}uyo5LK5H{pMq@T}IGI=cO^f8E2WOMG`Jl#u?ekiud20=cudi5&LE ziE~{ik9A`fy~sU~i@aVn_Xa+7DJL>+*>ZIxYS%(}z^|rw{LnIaGKQp+N1liI5dB3s1A?xQ z)sgtDj1%;cm!b|z_RDvlaT2|9A+(aBHrBWE!DyBO{N?O97BDFJ*E|bE>Hgp$`twGQ z)W(XgWaU;aT&t@aRAA~RTlwlLgh>wbTh_ViCM;(hnr-e}#+m2;zs?*ENW_S?poqgm zlh%xCf`d1kb)ZnO)L0SKGJsy%FsjzR)v8D{n~#f^IJ-vSFI|KuA{_T#GhV{cbJ<2Ls8<^dYjaR0I+EjWp0JKkIT`J2n!+4S%Zo@#Ya$^v@5qldmd?85p^=sw?< z&LM@Oxk80lLS)ja6H6tyS7;=>8*(aF(}&{xIZiCczppObbSgQ^*8F4CN1taCG!#rS z+>v$e#Ad~w(1ruF6MD33Dht5i5K4$2QmdCp5UgzW<~oA+`h&ugFiKJ0MpM<;mAY+Uk{n0W(d zLRYp;vzR9W=(AF>97eyZaTf1*%gmS%Dix`lmV^A%lqsJweKmae>8dZP2-Nn;ztq#q z6iVAC9Sz0{dPEuS$qd7|-(7MY8xe~(Vhc*YE%jJO1w-!mq4wKj(Ha~}AzNyvAa?aU zb5>H}FXei%UXYUCZmVWh&_kclDvW|j#y<;cPAR!qm1M?Y09E{u#wOF4F_U-P)Q9yl z0~SW#jkQNP(OYZ7-9W1Ip87AECmHXJcGAAt=AlYZ>j|RZQi{Lw552mL(o-|Y5}8hF zmb;e@3Hhi7SKSGw0-?YZA#o5q2@j7D=+-A#~3>h&eh8e+_R@WCYpFTWvIN71;w z0A(>Thc2g!bC&MlX_RZPxdMNB-Z%&BAA)=FpMcbr%oJxviKT~C-tk~k#>Hy3(Q`kV z1?_K+vI7Gs;NE|{zcRK)k&kgqfs6p3CZYKTx3F$?F0*kxd_84lnHh8T^GltavUv^P zhsMW-ar49!--`L9H(%*gbt$;x>vP zx+S+hG~|nk4L*nW?}HN2xgqf8zqR?WHHv-cP2ZcXPNIF6=xW1-u`U$xS||+g+%LwG zn+?8RVMaBpvrJX5RNzybO{vI9rnPgmviwEBC%{Q8cA|4RmPG*cY#t@>P`th@flYU* zW-^GN^1h)5w9`2rslhbk#($w+2AW*eL+~WQ6TnzY!Ne{;OAwacvy4HFp*h}M zv#B(o^;$WOGg^$Lxtr_W_TR)HP7)|&(ru@AZ^`HybG&d*#Fb_GHkWhKwBtHbkhde= z_ZB~gsd#+L2FlYu091tx0 z&=P+B!JO(f4cP$64J2eb9_G4%Bh^mYkFX=2n*zVVWLQ|){B?M5XPJ9)S1GW!g}A>h;k=j+0R0N^{p zC%pLtZK)$p(TvM4SBB4sVZI!Bg_Q}+2e>3@+erd%o6aJ0+ zgy1VrjOW!p2zeJII|meHLLd_?!q?1xw)?L?g>bU~c4td4e@W7D@9Hy2?WIPY;zheA z-R?<>@6*mM3YE?&%g8yGv}MEl1{ZX2PjNU?*KV7odoylKdI#BOLt^aSvDHAH!whu; z;pOBqpWDq0a6Z9VCkReqZaz(qwu9&p0xj&`Q7q3P5)=0Id=#&Rto_E^@dA)v1;WRn z$zfRvIWi{*$ikZrru~XqhLCFV#*yK#XH`!gUaUYu8_WOwv(JQ2D2&P7M(>j2{YOsG zzvUd4OOKM{WKO7`@IIBOl=ScNrHOGk%`4C(=-oX6ub6aPgRR(>e}_;y-sgC1=52j` z`ak%}IoPPedxxRd9VIIup7Hc4h*9pDu;j^LGiX#7>CzQ^0&e`KSPmyvJ4BQV1@Ai*gV2AtER@;uD*jJ!rZ9BI5u>wA-wsPf}DWF#}OV{fr0d ziL^eEOH&IO-~vx`w{4sXpA0M}k#^ZN2wEo<;2rMHkhyHDIld_KD4@8=<^yTc1cJCO zVK(vDt4{paF@dbf0Z4(q?pualQ~Bq%wLFOU1Y8P{i0^*TV)u1gs>@E3SJjQJ=m*dY z0v`uNS%Kp^&Zog*mR2}-7(GqH#p+SVJGM_te-hm830J?mHy&Z(e`3Q!#qVWfHo`xZ zYC7?h_r@X?v-@lm^Pf^V9(N#Hu~C(FU$>l_cxVU|-i%#K$uobAye@n=Px^g@g+HHU z1L9oHD~Zgy4kBjA^Da)0rXU~QWqH;*J5>MJmT%Lhzr{_w&BgtF=R>@_K&=tkdT+?> zHX=R}4;qAE2ay{1e3=kTIBraHXLqoNL+^x~j;$o*bvmb|cEz;}B zwQ>8CBONSjs$?BVhi4urhx_L~(paHIMDOJYlG@3{RNCWje<6SGSo~8Emx-ezSD%St zkIk#Br43)@{+4x+Nw9mi63@1oxJ&xY&!Y@Lj&*-in3dNtdW|SJbWzM3&rbTH?fBx& zgyUv@h4nYIBsGhb&pt-UqqbQueL2VPdN-&4{NP2nQ^139V)2B{hj#57&+$PRegWOZ z)zM?QSKl_9*7~?QOXcomnRNAW3ZNQ47k{RFEjtE3!skkUK6jCvBt zn`scWfyHVmE$P!WHv|v$vJrRQ070I{glpoe5J4$&v=` zz1Q2~2by`sa5gyco}<^(JXxuBe5NCV3}2@DyE!=w!jZ~%maa0rXY#cLXZf`o2dAB82j?AhOsvudCq`FsEsG#smF`OXJj3KzTLgnz)k`0dF>f+)Z z+A}_icq7=gy$qHM@+F@l&~6C$V3&;-_(7rGbUwLp<Ev`^E`%%<2U>CjWT z3*qwF?pK^^8A1wbhxkw?n2xYg5RPgl`P$oXS?`g8n}>d8;fFQrr=NdwOZJI$HYks{ zSnO66sk{5B9M8^{wM`hh_+02DF~QR6haca}x*fmTaJg37Sd5}jS@mrAaIE=V+344p z0$%RB9+i(do3`_UXulx#2k_|xRk?gF1tezEJtY{Im3=i!H+|<$C%4WdEs_RKl@5I^ z6xq7D^9Q*LANm{q>iP_~a2<%1s!eRLe_5biI8l<13^d(-jq5Q$Y%tv`Zaz`1^5yzY%fT{8()o?GV_Lel-1RFOGEjlVLOPv^z{T)d2P6F zM!E_qj2DnxQR!(~Co)l_Q>IqK*K!w-D^f#WQpAH3q{AHP8#Q8T?(8^>`L!jPUZdCL ziEbm1fYqgx^XnjtBCqS#{pNBd`}eKN?V-7yC#!V@z=Ju1$MLA1`%r3;Q=~^}=m)U{ zff|T$GqOWOwWm0cN=m>uAQ;wgzlX;p$o1S*B|o`QG2vGARYb9-D{N$^D#FvD$`$!T zP?_~@B)jiL#pnq0rl9b?n1uHMAn<~Hg82IfEH1b+>khb>xHNEb<&WFouCtj~a=U$H z#xm=f<$@iWqN7fHD~%mQp-s=>-)YMTBDyOR<1%G%VcKu`~~CrKsS*al49u7 zrTUTbM5x?^VAkEHm`iN44^)M#*p*hZY(dq?0Hw9a;EeFAUrG=uQPp7!LxKZ~_ zR{Db>0_RWP)5#wMO`Tu&-h9wGXOxI~u~K3n-L8ZwPr=m$B$WEdVTsKKygU2o^ukFf z@2FEQ#{v0*4@J;?s%`#)XTn3nKU(NE-CN~WraT&$7uh^{22wv}*e-F-8~`;dX*Mkn z^zEb38s>V$2g{GY2K~KfM`T`(JEM%CZ5?}zl1AAYo@ldyvTT{O<=aEE4f;i&jul`m zCAvASWaoA@lyQ~wJeBLa_sg$dVt$@n>uCo~&a1qBITh}bmwcS}bWFOE;2N<1#6vpS zTA|X$T~z*L_65V4d+u4TzmrEp2Jo28n!@S%RQ)E)%*LxRT25xA&2fkEh|3$nFPl{} z09ar=ZLF5IFVA_TfLy9j6~(zF zL>|n`-;NPkpT(QoDrs9I0S{tiq#%D00@k@vH0di2hLPt;2;HPZwytpF_}`qDr`8DA z66yhgaQ(j|89GtFL14&RsWy?u)Z(hAeI{xj+WewnPAZs5{6UPP%qxH(` zJh_l=5>;&kf2RN%E<;APLEZWs8ms|Mi~WmFPxgMAotbk0d55132XQ6F`C0GuO!;^K zR{|_g`jo%46P5U@1W4wEs@RjP;YB;fr2?dbA6vFiTJig8t~OMDJ4ch0_>J9@E^Gw^ zLg(Hv-G+oAzY(lXqmw#DHLJebub_TvP+v@r)SY z!NTPjF7zY8g(O$~&%Pw#r{TEDeklj_oN}Re<*tJ;u-zwE`_qrOmeG-j7VtJZNupJ! zcHcZHrNuE}k_3SWSo{6?Ke$4m4KE7CRlfeX+T@*l#IIwfZSv-qHI2@PUi>?4d9QaB z6!yJ1s+>P7niKPW0B}Z)6_KyJj#M;g*r68?W>0$@F8V$a_hVa0xmU-;ti+6*!CNo7 z;fAY2OHnmWc^?PAyyAX?hi~Mu>o3|!nQiG4>Su#o4P>b^?wYK07gX#&DR(~=p|;$J zL}YAjl^hL~;5SiJqkjA33qnXd?4cZW#($-yuXHhhoaMD16}GYYP*;%?7Nc-|bXsN1 zCargzfmrDf@2jb;gYX--tung2UnNt`RZBNp*YjT3IS)Q$hTwD^>R0{ zmzN6&JesG0;k#t*i0u<#E2%K6o{8}ix;siy2zn3iwrx2Kr%ajCcNc9<*t zWp2}Kd>(LgJ}@heHDhIqL-V`NZ)9tV_E>6{4fWV%$!f8oUPzGtb3=~M4ewoxujLXRH!GG=iZlxDsW2Wgxv#$}KvWL$@3?rin2@UCBNi_k+7^FrO>FxJ zouNe-MoQNW9qlS4zvytMMdMW3*595x8XYz+5#FGJ36=6rb#=FsN9J@3)vmp7hxPZ0!4t)w;H9a*~$j` z>Ggld%E6%v8HcTr4ejmmDT;%#ju-T$1RQWD49&;E0XN6iz7IYrlb?<;%Z8aZYzyAi z;-P?`#F#R@JvUiYg*27#TOe=y`70kb>Mbd@t(0p&A4l*7B_PX0t$7Oy|I6!H0axpZdM#7kWxCJ0@PdKSFw{3w1O6(o2eaCEAp zkmTOX89LJ+(;7Hy1>4EBt(P~dVEg;LGfj3FLmacA^mesrf{~0FUa`*?sw~a#)LjOu z&hCfhp?N|WQue#+pAy2XUUK%(b!icn2i+wX8oWOkh+!G=#-peb~B8c^Wg$}F_pg|%hQ{34*mxdDo0oCg0xt=uj0oLf>g zL4DN_+HhaRuV@PpmALH3PV(h7eSd(O&Oi_THS7w11lrAo;%TUa*iZlww*8my1bJ$f9e^8&s9$T~FUZ)X?qXR22)5i$;Q zBU_Nf@oC&=5l2okR;#!5Jecb+5fx?^zxQd4SA(BtVzzq;S94C5YvhK8lWiZo)5}ru zc|v&Ph$wY^H4V&Pw^@0S=4GJpnRr>|VBLYI@vgL5qQDJ9q`Z*@3_l%L0`Xi7q$ucI zejjS&*;i5e%XY8|aNnIoxrzO?_N+&NY;0buK;Dtl+DofoplnfKat|_#JdXf6mLfl9wiYbxR53!a* zsm7jXEh^zil8R5LS7a<$vAXXGE8xc36`7FSiX{3N<2X7i+wsUU`tLJfMWS7=Fb;nD;BEFt5|n5Aprfx_cH3x`xT(j~ z;67F)fOh?!FN05VqJkT3^dF;TH5~YvW%P+r-VA=f+x*HDRCw`M**_)sd zp5P$Cs)trh)>$;xzAPP~b+c_xg+rYPQ0<}u8D}e9s+O43-{--DH3qNYc7R&}2-9!d z<@`5UM}gHt$uvFxG8vpaBtBz> zKA?yxG`EafXY<;UUHXtgf3MzqMduuaM{)N@qNytc*t{+CweAE%6;?9Hdq3@{HB-~*b#Yjx%BvXz-Qp0!_P9_-@isD>_L z;I1u2_?wh6idcUuS_c0$7xE6e+6UQdIKJtcEzmLA6NyWv9^yG1bN&jhh zPoTX-lN-7}K|eB(gPCgB-uyX05xS8-Z3e6p1S~>+4q;xx*k|Kvrl z9zSx92D*XTOHH?L8aGx|jf~GEI6eE9g%)6QFJRTQb<<>Z4h*yF>Sx9Q9@i)C#q9P5 zLdDL3lzQc~x&l2rrxX_}6y$n6vw5an4f>hCKASq}+gBJOI|SZN1+DBJpzXAC6MLj| zNFTdiA@g2;&zqGrq9B?FSl}}>bRvcNQc~j+?MjLU6z5BKR0hBrfNa({ycr@o$_&*@ zK6E~hr|#`5*`KO=xduT?sS@Xhmh5;OyAa83$2?=e%c7VWNy%yU2Lpda9pS3kF=_ky z%+LN!@r{sm$SLhXt+L2y;&T~WUzVEBcONZit)HGh$_Nd41;|Nv`c(uVi_-Oe+GS_X z>E)%9o;ZBw@T3FnUxW91Z5$hRCgm`)gpIV zT6+T_zvv~Lt`7ZJG3eKuuN~i*Hi7h^0WVLry_AY zCC-5G{}1Dcek}K3P>oRlWKo~7b|R7Da zrF}2o>D)3(Uo>W7y~s;yxLV4odyQ-{jPTYiIY6jzTqk9|En}qMH$=|miAb`NZ|l#b zaW~)j!?p~l_9qZ8Co8VPDl*Ua?*i-b8ZqH_l2vjKC8j7h6uDsD{8$zmQM?xMwrm_H zVgoQ1d)Mb=3_d-lkI6ZBO(0%?k%7@F+1f+1C_|;HjcOAAdPYWt2CVpRoE!@q{JRXe zu_}Ngk((GQMXg_p$5DqH-{wuhKE_;W|I_aU~qtSE$Pby4f z_ww)zI(w9aNxswuIH(HZnnzQa6JAsQPB^CM7W&5nMO$R$3!Zt*Vhf0@)g0EnX`$>LDMpaom1) zK7@!hF>LXZ7IFX(>SpzV!R)5#@d*Zjzh`= zW+dtwtvs5H?A}G6T>|{1H_CFCfX?-2JRNzvjp*8|FCm4w(tj5x%4SlA*2t}j6=XmJkJxvJrDub2 zf89D*Q=!~!x=}Y?>(CuY-1rGu-zpCw&knZQSvF=BBX0Wm;X8~|{JJSAo+{M01b;kE zGs@S0E`UfwG~Z_U5~%oftL`!d+vR)V5eq11G@+-8%kS}PPa0+Aa+(I;kw3QnMp<;> z30V(J^XOio=p&)~KPw*&QKIo|@dF)xlx7KJAZ35^U(BaiO`@N*9?PnnC&a7$lnm7Q@Xpm5u`!7k?xM~$ou{D-*Y|Z+TGcS zd+wRtrORnp)Mzk4(yEbEV$($Bd%TBrpxJ$y{1{skFlhpuLkJtII(V-|4k#6Oy=-N^ z6bJuGe|-2QxdaG2MJ;T)5{jBjfG&~vPW+nr9@wS%%GklPP*6+!z<95ZxpgB3I~q-; zo&t@-jNn6`#24`?>TlkAe(U24+F3!+&Jt4b++xTn>KAsWwY=B*#o<9Zb6VGoV+kPP zszPHN@M|9(M*VhbQPW7{Rdc^DbS7&VSUpao+Cy&_=Kx0GL*-)o*(KP!ssgxNYDH`H?Vk&h92o zfxui44Wj95+ICHpF-4q`B&dLnhGY&=1JkJzM9nskjUNP0#&-UOZ^ppgV1~pv^7@Vc zS2JXNIv(D9l60Qr>hm?E>4lCxxt&FFe`h=0c6!_3#55c6^!q38sIr1h7Ab|6OQ6+jKfMWr6 zkS^XjZI5+kY`N>twlz9)F!>F~+irKXZD47-gM1y_kDEP(7bGo5P~k;&KBxraGQ#zT za(2#}-Q6TcD45ROM9`#Qn5uR?!}R4zQde)12~*y12lWO7{9V>(7kTw0U3GPdh1>;M zxO-UVMR+)QGgt7IBAIwfz`3SjL$1%a0a9S+i&4vBPrEK)l@D2R6{>MThy|fUma)-R zhYh-P3p8x&K%WmT%UK2rg!wWuMDiO1omIa#WQj#fC{ehiaM2#3+HZq}9Po$j3Ymq3 zS4{Zc>pL5~CpM1U;xm5Z+EK!VHs?CLiESp&p4Q5k=Rsg(zdoi1cr%6u2@N<&KQO2r zxMKMIq;D#>v?f2V8~}?h>XJd>uED&?-b^+dj2Zk@`E?MN1;q^(hY{@q4KhT&Pg-Zw zV?`yZjB$WZ9*Uxs+(_K|2LHR1O@#>I090JmCaU8RM*8F2!wC`o?CvwjXsbHU0=Bq| zn^I=hWYeH=fT5(zhRC$k`FQ5Ma#5JH-+9j4X>M`3XG{A8U&5_&zWAXi~bbOy$kzM3<+=U>o`0YB24}GU8Ou+IQmLTtk1)4ujYX zR>TDs0<~x3#&agJI6wnsKyjmGlqoeZz~Eg?siQ@Lpy&m4i7ywkUXw}VIdZ@bSKOw8 zfxno{2@UX4jX?K8?ZGxBU#P;{<)|f?Y20&T)RQaGp%rvueFuHJd|W_FO?x77J+wVs;gZ6Mz@v(YnXs3cb>xR5rPP>6R48Lxm793_dg#CH zIIAnz8(}Qn18s*V#ak55I+b$`4o?6O5_YJ6&nN5$Taj*%o-d_`f0WD9qngn9G2wKQc_TBjhlLwLh>6NG+I~zLQzT@d zn>udflI24EU1z#R%8bfqe${c?HvGREkR~Y4l&GW5B)*WF4yNG`G~RDkzV`svvRg9q zl1r~p6so<#%JQmHrSRuGfI2MQj(I>3pudqZhK?h`9^W0C(Q{2@fLw6g9OknBh~D0* zi33VZzLP8#rJI&52iPN$xqubHbiTjDKnOPM6m`ZSsYd8gg3KRC&SaxO7COpE1g^&`V>o^n`9bWj9F>r{V zk*0w1V@)v9!1k@4CHZE=x+J0=qx4`uZ>yNcI=)sHqc>B%OPC5(i$z3%*B1kwK!k(B zY&mWe3j@$CEXjeE1h9;yBen)QVz39r^+Ik#!?fG}EI5 zU+bxArz!D9{A=)Usz1V#6eNFD`PC)fQ1 zU8(?b666$`i#G7k4!{XfxD95@OO>8l#q$DCAv5?Q9xfr`ecHF`(*JE?d|>YLIhj9Z zVi*dzAUMBn;us1zKJco^JZL#rab${sN7MSlq7D|t5Yg~`X+yf9e$@J5CDx&OD*S@d z8d^JvQPerPZd82HIPdtChPv>3tS-Dec~nj_>|od--Hdg#f2zkFkm1kNQt2OAE&c(j z`_1}0OAJpCD(V{;f`B=x)SVr(9&dOcfN%odq_OaiAk!5rl%J%1TT&cs&)}Aw^A~O} z$FeH!tayCZ^lI0flUhT@6_9{{q(RGyBeVRJ(0zB)*KdYdiFLO`@v%eo24e#+2>qu8 z$^}t^2er-5ah%3RKW*Riv5!Y~&jG-?&KVpZVLqO=a)VX1r~wy!r8&61Vm^n|MaWTt4P#wRP-w3@e+P$q|NLx4fjw9KTi-&5(9|a&^0Xa0>Uth zn9PT(G{ZpmlY^}CKs{u(*6^tPeUp+Fdl;T=1zlCpmeL{Jo=h+1S#Be_JuFVd7qrz1 zRsrLzs;Jajp3g-v?A48#@fr*tKN|qopij{L=N_QF+3bkOqfb{8FLU$wh9hI3DWCQv zBMr}U>k(Ho`E`Hun9HQSq78k`+bq=sjMWs^_Yh^a~ z@~lJ=s3{#D@5nvRi#W{>hYao^MMPfB6NG0CKunp_LJPgc6bl(w0y-?!(Z%f4o7wl6 zWsX1MaWq2U|IeE@K~(G_G18TiA59$l(E9QnA<+lKgC-J-2y|f3m4(l$O&q!B>wZ+U zD5P4}DnFdLJ0xhO7%Z;W9co)}&MxNMa|}iPaxaM)nF?2+R<&_8+ zum%y-!odgdYCH3&5hHSQw8Sruyeyjj9!!<*z+s9OLl$trg#nVvMx9+pL1Xr@)aVtIP{*2})Gb&oSl+2S+{ zn#9^*K3%bL`f{#L-DWh$x5b1B=Ah9ARr})a38UiiX}HzK{KZ?mLXFvO?TBLX04>aB7U z5i~0J49D23diQtOCoN#PY%IK(BFjI^#%Q%^-mN}7{18gtiXz-KUx(8tSnG(%BY^$Og zyUn(UX0@(Xvfr_^-UW4a+^Uox^fpLYM%2ZuA1o3k?B~g--7kh(Z>tm4OHDawQ@7hb zo7{lymE7bi7%p1rtH2>oc$**$=6qTXJ;rY~fgUS39++Hf^MU{R@|`mDt9EBoaUa&5 zdk1~}0pse*h2efD9yd^cFI6Y`>8z(z!Njm7abQKA!eicg{tMml*4xfsNyHbIzVMNf zDKen@cDfBc|3rN`roz)(*yQh6#W@}YR7P10pA8h;!yhDjCRxyv)!?HrlMAqvUBiX{ zAC=|)rZ|*kO2i-#V$<%ZxSjldY=HdS|@}UqI zco;Dc2dU%<9K^d52B&_bo*R3)l@6VX?JpOTURX0*DI{PM6Zh8F&)_7I9EZaof(>l zm-*JifC{I@an^l=%{vh%fnzgF7Eu7*@pcWLOEddS!4=i~ukvi#uCg^-*ZjP$_m_zX{7G*SKnih(iqOVvV0K7ZdR`2_C7#94 z@&Q-5=CAn4#L;i?e;Bim6R!6oDdUV~sreDIM zOgTln)@aT=DhCdn4Ym~B;OIKHi3<{FW;Y>_SNIGxe8B1&~WsW&Ylp>2SI zS~5TdJ+IA}j=#VO&_}7-B2~OYs?-u*LZdCF)Z32Js>V>+`~$#e8M1Ts$&Bo!{R=e_ z2ytMu)RW?Ar1{2;y>(`*))4nHN3G#NpZ>%Tvd5&G$VQli4%UO4zSg4>DFDZw>TpsX$XI?qrtW5tk1_^IKC z?bo{~DwL!nZ3f+7tT79!bMW1sji6cIUm7;IZA-up0Den%`JweTd%29r$wKQZ6$SyK z^BQ#FZjvoTMqMlBABdM={Uu4`qOee_dMZ9h{;v5YZHUQ1Xi`LUS6X_Y*-L{w z)k_^P7bt7}=6`TP%sQ*U>x!||EB|o9+J~9>H?(DZ1(h?;HuPXQ%;Mp)ZcGATV^Ki8 zf;0&Zm^*>l?p-h1cWhH_JrZ8=8P&Cc&(x@9<^0jagqcS0nI4Qn!t9S_q8Q(+mK4;$ z^5Czv$A-yKM*+gz8!;ztOmJ}lQcaF*WWI?6X3q^sAldQe4d)D6FPpXZ9%DIu^yo+{QV zq-&3zdU+NE(_4mb|BZ$!OqzGRVFQKB!EA>4-J_8=-o2crL7zch^bY_k)9TzVB4m`m zf^{>;fEReX5#t6nIB~%8S!0ueK1_$iUu#y@U*@`z7vqnZfY+?dI-5%VijiLakDR`O zfZDfM8*QSF8#`L(NCgI-JdIv zwt0Z8YmJ>|3c4PD7>&;5pX`)xe}e350LqX0zkJdE1P;0l0RfuEgKZrSqJ^e=u^6f- zkg60yuEtgy;t}V&Wz$iIP6Ild!hQZF4AJ>Uws%2tPvdPQZtuIGvOZwX^$TwGHZ$Y% zh3#3Uc*qO5075LiasF;T=mIp|ba7t5$c|!|`fbl3dd8o>{YzBwk3(Ks5yJlDsX;}) zOP}!TRi4x5f4>VVVBlIkP5@S{Tq$&)%%;9Kq5=0EtHpQ8+gL_4-% z$&xc)p2mA>vG41(%OQ}WB(~^QJHfpx-$rF7X6_52+}9J-!~&fG9@8Ev_Gq)+eE+2) zaN3Q#>)m{jD96U$1pe8XRasJ>8-v0$5>A6fbur?tsk{4G#i3mrZU4j=o8^yNOPmlkR|-8bsn8ij)aU^7qDPD@1V^{b3#LYU1(sdu}ec_)=<(ueGjdn z-~OUg5rnY!FZ(2P2e;rk=?3QkrJsbb5V6Nys>0&VQWYey2q*1Uvx{x#Z_1!MWVzoj z5!CWDH|v7l{{Dq5HCNTT%D^nP3C{!K7sKmSfBwgeOf>qA^W@jOgg6hdB?;8h# z%-iAUHful2jv8iq5Nan@5rR_yJr)H?FGgQj7u@Ss%M+LV%heC2W8~t~rY$P>Eoadf zPtp->#;@-sP4DepxK8vw!sCBE#lxCa^h?`lsH+6kAwerDOoijo~w1r#al!c+;wbeVsJY1ijn6P-qDoENZWV{2$ zuG7HwH^)8) zmQIFF9}z}QsXfTYLGGJZ0OY=T8!T@@W%T3D6Qq%+&tz}{`i&`V78CTUVH^zkOYXq> zV&8qGMVG~@^Ts3hDm$Ph0J)YmkhUa}MsPok6rA|xnkJ-9t~nz>Qm!~nZD+(WQ) zqd7dMUwX}ZS>iJh)%EO}9R^*YI|sN}LPA$h&ExU3t9LE}J0H*=k!`EN8B$S%9yfz*P3-f~^S9o&?XdG;bX(Q5m4$_7=__O^WL;*rO28ur)>4L<& z{GA-oqyRUsY@azcF-?1ct&LbrCU9p%ol8|tATi%zI({7w7zi1s`|k&|T%BjN^I(H5 z;i@hMG*jCW_kk%RcBY{+UglKnk;Gc9f-?Ce%biQbTL#~d zc-$}Jp?xfV^llN2CFb+1Z<%#UQ?GnH zFNa9Pxc4tru<*kkL{!Hnr`Zg7WQym0g9g*Pl(y0{VEm5&wyKw@8|EB?;L@;bG}4i(b?i@hWINrKBFVlv;K@?*bI_VNy&jYS6dvR=u%IUU%A0o z5vaRH+$h|&xbaF=h*uOcYl2dixyMRq&&#^7op5r!C=A8f8NAsE6~s@%HH}6N%>&)E z!S?uEhtTG!&msP@pDIHtN}l%l+BK!9}ZT=pR9Hh(ud+Q1fmjJcE)xM z$E+ojICVm7spa&q>6B;e1}A=h%#p7FNK#&k!z7ZNAy4)i*dL^sW(pVPP$>E9x8EtZ zUG`Xaw4*n_vpMp7F0!SqS}v*1@zB97cnT#XeAHxD?UM(5<&QG2@W6Im6lS`Hh=A%0 zKQSCel{pv*boje|<%FDb!n{eCL8@P@l^Aqq@l4TVa@ubs`R?M-YcN0lx9pI0aEVL> zZq=*(>^Hw&X5GFVb9TF35slTr05{(gGOSwy-D`#ytopofWH?Y(uNBzyCOT>&>n?^D z2&8`BlH*ihUe#^tjzrIGEH(p*FP_ep&yROi;%4p;dL{F1K2jDgpP2w0rie|~si*rD zUeBwxv26NFd$2kyJ(9pJroyMYr~Icb?h4(axP{3;%Tt%aHAgm5ajlMhzHz4)n47R# zY7dRBmnR#pqE#l<>a&frf^s5y-1Zv1L8k9^I)o;5`XLBsl#(dJ0olM~rn7CUI!6*jOxkplx913 zY}-v<+iC>oHnRLov*SW+4OkC~B56bNvZ_RzP&|whiz)KkW{q;`-xGc@Ge{lCp<$&lwWlo7_scmaptty_i_rl_i?%+Fe6Zkw|2Y+#{faM%a zVGwZvmI{UTvwt3tK;YY@HlTWr%(TYD-1g|zrVenQ$4^(J?Nn+Daa@!+Y|F@aR8$Ul z6pd_}b6kGUs%TXN+SDQ^zik>Y-XGKi4ec$gKHtlDw{Fuu8Y&7rEMCBT`tbYtdNTa} z#k${fw&z=g>@~H{&dbIkLq~_w%R`6rWP9U&X^{q(*UB&Vl?U1_)}gN@H#fIhO~(R> z7x=*SH!s(7ytd9F1=cW>XTb+2I$;A<_~E;;bx3#>w3IR@xlFT5-aIqLKbUp!_`)V*jSnZ)>&uT4iseiAh|^5cA#)}gbj-LY-&FB5;}Ads zTV9kP;VYf*bQ;3o0L0tBe!JH901Erof8{Y81K(i59!gw2U)5ImwtEXc!t~J;s$s$N z_Q^j0-}pM)(%FUr#-`+@&NGVsZurE2k5j$p3e)Cj)~oV9cICcn2Vu8>ot#Do&@uSF zu8J-q^}t}WHC9;0LH=|F=&Xjj!37WSDlqAr!jJ?PeKm;;Rh&2U~Z0uX>%rLxlKprbSBm*m{eq=DCc~!`i@cW?Rka&8No3Cidpi zPM&TEf*+vdlu;UwBaOp+uSjdy0qfd*V)mKV+fALZ0k|zp=v$6?i0q+j6Kr+fdh;^h zwhxqzTn$$}6+J_q+VVZ^*NQ&Y-5<$%V(W9Cw=iuiLeH0rO)f$q^`A*)GfjV9zWpli z*|O@S)lb5*!tX3?ekXOxw`n+K{xayhD{g^2vZW>-)&_M^Qc}_-?QvC#m{FQpmpo80 zz34VWb#Sq}`3=Fdzw!LL_ZRJ3gOq%G7ITQh89I1>KDx0;R2m+LAEy`c8 zy7OJPR^cOLaN2uL)C7iI%5GYAPQ@yTSO@fp#>9yNPGK)=oriIAEz@=;vJQVH3(1Ke zF=~~M$8UMkMGM|F*iH*Fcm<`uH9^e*JTa>xP=&-nN$C;2Z^8EL&n6dDz^|v}%Gr*r z1A|L&`lYhHbAQo1a*EO>=lTB7xoxqh^zzVVOh7O|#HsT6P_!Y%RGze+`Hb(ww%G6? zdPw3 z3zJkzAzg5p62_E3=4D91Sk=F5RIz>*N(z#e; z<6-H=hNR{&!8w}sPW{u%0+n_h{&{Acg8_;@11ySU13KTG$kBOHK$R{X%8Y7WV(`%C zutu3BEk@@J>za-eqUZ)$@3@X&B9*WEyOjv6gp(FG_xKq=|K(Tl?_$#PT~5Hm`iiW8 z6N*gRqXgSzSASZQ_0P)6OQi%3l^?^Ea>7kKWu790gliMpe+%pOZEdFIKEW6~Jy&Q6 z3_48lF6p*yA{X+X7e6Ww6tf)Bt)$QL9eah$>hQT1ZnnoAz~8knF2*Ppck;T%>3Cei zD+0$y6?k$|ja{5Bg&VvZ7H4l*%+mzQI#P7XoG!6>lKw1*fshXqh2-;#sCJow(=YIS zw5K7)hjl_Pk|N5d(}l>pQLf7D&f*@MI}l7g@5|tR zNd^AtnZg&fh&fs-=aZHXlYM>8%nnKuBM=ax|PoTvUntRMPNYxiqQS@UnNy}O+=3A`c$23cn+=&)X#QCgl%?%oj3 zY71+$^@wrQ)xA;6IK?B>{?2#Sn|KS~h{YDN3P~SOt7?E7L?0&78&hcMn@1z9m_h~% z&RhHLAIH{+rHPAD6=c$A&|RI6M_H<5on$H}5}ZEmK{f89|DKI9o&^%=&dknWAh@E= z8-QH-K5Bh1|4pcK-;Y+$4EC`b)7JHt_KN=YYo*gE?W;jOvFZ+!5_gN2Jv!h)&S#ux zeb~#6F5udGvY&G)Y0K>CWNHY#EnxQ#nk9+g!@e2o;cHkBK-UAasV*FTOqmHGs;q?L z9#Lx2mqTAgepFy{GL`#CxQ5yavLoRC8*j$jU{}^!L{F7KSnI+KwN=?+SOEP;5H3%R z38hSHfJk3XW>sy&4ite7ly7mW@CTV7;pa)sR$K4J6Sm&daSIHnw>Ne!YY~vE3<>8@ za|b_GqIKuN;M#_*R{}1IT>uCdpEh5L^lofD#m%nfX<@merZPXLi8H!CCDYn7{bhX= zbe<&#^z|Iw6u68&egqZ?n5cg9g#nG;gK1g14s)Tc=|lr2aAH93By*DUSX2%cDIT3| zu>xmws4l)dUrURm%#*yA!C|#btnYLG~^S7Ac zIK0}otFXc@ySf23ao3<1Z>P_$r@InfV;1r~-6ju6k46I8xewF;AMxe? zs0$Et@iRH7t+3^^MRZv);V6yUINo+g`9jh}j-7wK*N0_-&i)Gzv+KI&zEHpbmhsVf z`UkD{X2tEXJMVG2(xp>dYzQpbZzwtqL9~31B|EtL)xIcT&pxj;2!q%>jO|teH3vfXujNu^$mN zGu~Eks8AptW@80T_M{n*y#RaS~WQA8-{^lA( zpw3N^|A3Tp_6hx?!gaG#5kD05+*R9S-w8*$@Xr8eC!V4JlE!rs8^{f$Q)U)($Hosp zB@)@|49Y%q_6!OUxxk1-#U{orUG&7bd4q4)jwBg>J*gp5Wa$T6R9#=L6Tt>jJc_y4J>emixKZ9y81&cFo=H>E#=|qos$;sN zhBfUblxqzr8Zo9~Y`mxV7qgMtl43x66Q_{Ckly3=o6Y86KH{uU-S-zj*0H3EpT)I8H4Lj0lz|}5OpMb(Q;tPmG&-4)w@pp}rkPrc# z`0Q@WLP{Qg3JfSBVj&!QG0R~K9Uf$=L0J%3QzZR6{5f13bu>t0LqNlOb-O8&f`-rh zGdxuq3Kck#L6Oo+>QlFR%XRnAl^#;6CR~zRYQ*i=EIC@&O^Nw(<`;_U|e8%03xPpqSOH^9OSSLY*eGj)G8=RXn( z?k{LW0rs8d>S_X9{kAu(C-%{1(OnGh)^g1qsy@Ku=M|_=pLcw0SaZDURx9ICeFg*n znH7D>!Z}&8^!3vMO~s^W>DRQ`g=Jsc&t%;6Sk!MAkD2FugFY%C^KEOE`Vs#}p=q8H z2Q&BUAdrkP)y%v2v3=H6LBMo3>tSJvE2jVuoA6AER`myP8o7x6&bK_DY7Ds}l`9jZ zSDIt!yPtj(=#1P=dJaRD$~8LB-GG@_5hu5mev3Xi;@RHQaAv}v=e>MB|EbG^6Ys0w zMz}58`|VQH<#b{!Qu~9R4OV6M0#kxi{EKn+qnwRHuV4!kmdwVYH{G#6;3#JvXY~bs zJGS}LJmcCk(zz*@#hvt>J6%Hhm`jp3?wMlaPNuuZC;nm0i^$hf3sHc@v#|CB5n9Si zW4Ui*sOOHm{pvf8Z~Dn=h!+rwZr=NIIUKK_ME-@#L^D&5L94PC@*4G*io0gdMLSdc z`}98qW`O3BCz#aC8C=gUF$C6@D+#)rX#Op+Qk!~D2ZT@=o%tdLLSoce`UHh5=vmn# zgM+Lm^R~}rW{M3(&h@6M5$nN0E55GS^gH~us-R;af6BTlYf=DWvNjY6IPzp1OdVa) zh%hxPJ{7%#bS9M3kpl@WDx8DZ77EtaTo5?|{8!smxfEGjcR~O92?Trl+(>PU?`lh2 zl^D=!IV@2{^){2h@QvrnYs6!2G7>)hgD9;l|^ zcN=LH`Me$>*Msa0YAs?z_!mDIAH*~pHmT1T=UjRt47vPV?#ud-S#L!7PRk3+sDzPF!P07H# zAD$chF*>g42OPp?^Oe8PhyKGE$AivZgOUid$PyVcZDU+i+9|g1l)|szjPWN`%yL<8 z>xrrg(ad(fN7H%EftY6F(7!79>qhzegv+O75F|4LGKS;K<&4SrihzfNbAi+S$ew-~ z*Y4re#VbvMK_O+bQoJpt4QCw}jMBxyE*+0*jS?jz7uyj~J2B1S4=*~hJK8m39wi6_?dkkC^j9P2U;$YU>4#V=^>tPG3 zye1GwFhVj!_0{FsGzzbM@k;#eiGnWtIrKUjZ7Na<}_EbgjgJBcLt!ZN9W21oo zl3dHvS?=v9?|ft0FttVg3hp5R zsJ5`?`&+w2WNj}L!Gbe-)my*WU9sT$xKU!5VrKHB(7XdUhg4+#B0GU%x1aGDL=8t+dZzE4kS~krT5aDt z9`Tu-K!oiS!#Hm55{0tkxBS*EBBW?t+}#=>XqOj83SMztL_1%>X(AfT^zMx1LMJJq zmDt*}FSNmNm^Cu)lV(E4a0d4c+xuUE#FP#BM&xqB1$_eKYIfHz0Fg^&2YW*P5@v`Q z+%e`RrMMvm6y__EJ}LRriDM{z7C$&exyGwiVe@??@AcF};2p905htW)E(BinjO)*&P$^Z9FPiF0A7!R=b%Z;Tfvx6`r6 zK7tfwMI)ZPaMlJ&n+9Tn$O^u5lVNR5r2H9J%&V8JQ6DlO^h!8~kiu#3a)n(+iU``; zKcc%Og=JFSrLir}Zq-q%Jc>4}LGJQ{EZj{!Cz%xle|17vB(6~({bArlM525W<7Dwg z2oXderB?b4&6E;KBV3OXvSG~)B3MIDiNXG=@m-W|)W^$ZUr6ea1b$$vl^Cq}F7I+X zuiXwt$hpjw;a7KELviEYCi~>>;>tBZRj&tXg^fiB?x}`Wgnxl&X<_u;QwMJVP~2A& zdIFM2Cjw}Ntb2>mQlHM!RA*e3t9fSLz9k`qibTvJbREuBAArt!Z8yqYs{%tM#6v-? z0?Q_fm&I|V_j~jJvJWUrM;k90?0(dUiG(a=CG)`(;{6k4Yuh7vA73iOonIr_T2`(OD?G*cBswx_0LR9i|OTx@~# zGi}yH@^{f}?)_*ne||He4?Nz;fD881Q(vRC!%4aN^N99bu3qmQt}60y8GWJ^^#xcv zMAO-tmXlT6Ji&-CkqfPU>x8I4#?fMQlJ#fkAfDh)-6{{$9zDtrKy;ls5y2=3`x3&b z9a-!VapJx-PTan1eG9y#R(ld4vQQ$61S7H?FEai3o)UJMs|1~!H3%gYPYrcbaH(=W zGDUeT3N2j4oxPt$F4K+)`@E>Cna2AD$n0yVT zobNwcu}S_-LuHQe&l@EgecLaPBsVOX50aL^7z^4u3BzAJ?Z|1zlt=MwO~Mdo{J}+7 zgJKDBCe4;}YteV3XsSGr1?YOb z_146f`N0#|7>J|nHB`&z8!5E*Mh!5@d#jm%PJ)-&18AXBCruVJ<-OQ|^*2bwHu&nk zS9j(OKKcDZqC)_|!FvW(WV-ZrG%De260pZ-i}_P+ar{6z0|B zhCn~`x}J*5Kmy9v$-&fUrA4kZLqr3mrA<*UoA=3!z1r9SYlnG{*!gA`5%B+=NLwdR zK<_HUtsltfo-cd_3U{V=c1!1xi?8t7el}_?by91V?VTlw5QNtjF!UXAdeLNCzmLOn zt?_5B**^=-k?w&v9(K7cXcvO7MVrn-iTOU+oNzNX?y0rR(|$k|EZ*hERyZIE%03Q= z5gpk;MBY6*uLK#TNZh`2{)n>`$#T%&Q8Qxv|~ry=#;97}yQ` zf*(BpdYRx7ge!&br~C#i`Sj<$OCxJ6vRm~XntBI)Q#&w%mj3=!hM6>&AAk5lZF)q2 z_j}8-Qr1G)k5CEjR5unlPB?IG;a}n{f46eAV*EJc780j_Epl6|U#YvDQ7(B|*n8DrTar^6(-BL2- z`1xh21nAPVJvCrsf9=8i8thd3Jx%;YUMR_(u00socK53Vr0Wan?Wbc$;cFgHG1=P@M0oSlE6%e!$MjQfoHGbnnUMDNIHuc{7-;1vvp_c`soFBgu4BXExqi(dt` zf*C{7OzbOI%PhsQlb*#Amv)nL>;e&X1U!GmhP^nIJy7ubCtSahSVpIM_d8%nJ%_L9 zB8w0zmww{dFc)H`Iql;7+jG16j4fX-!r5^e(Ok<@!I7qHhwb2SetenKclZLzp!8@l zBC&L2Gud#2SkL}hQpZ=8*&Y`wd!P}Pk5Xi>HQaa5;xlF*n27=TS~Ue)>1B7;X)NTCTIJBPn9xSrX;A%d6A-ymFOAZN%&N!C#$o_5xm|kW{mm?~ zsODm=x$lw}3}&HOOm_;fUPaEu!BYku?G~#8XXJD*ciX!+oxd54TCfV8TJc#~+~?PQ zCZ^RX>w81$BG6xhN8W58V%}`j*J4L5J4&g6ejY zsWu?z?Eb&U004DfP4j`S?@Nh@C1y9+3gXy!CxDX){1_MMR& zTN;}LTe?;i15)p%-0nv>AFC7RjJK;eeIl8a0R}x zPUT?GzGT@`y$kzgnX91pBy|FX)kVb}rYn z+N?>a-99$MGH}Oy$oD2^-)zxV) zg!oH_mJ?MN4zl!4K!#S3AZC8@olzpK1UMb^H64h~#!J+a0G&bGTD#~e9LTmHf%aQQ zA)gK9dbKcjOl{P}wa`X?g1Lr1~ba^2t84v8KdII1@gidDUpXA02L+=J!Ep*JBSbx}2EYqAUjyhNn5WG4?w}^v1G;Q%j6rScR zsSV;Vh=fzn6G?jF;T}%5(p+zo_FLJk48ZJUqj&T@F$_F2C}- zlEHb3pWZu~++VNx_m)+@7~NF?TgoQ$P4{!Ht}DYkBw>E0NYX;Vv1{kt=J;HRWmgWb zO!+oTd8V}OleW;_uK5`2@c?59ILXbC!A|w0EE*W%pN2f56`$hB8UiM;!T`A%(D%7cFQVndFrBLPr56W(ZY54bCMrs6LOwL>O)AM_46h&zw>43cZRtj}f7 zG?7ONoC-)6U~K=l{B4homMyf655usQD(T3ltU4r`Gn`Zl%;+oS>n*Xkax&9YgGX6$ zn+<%tSN2h`lITy75acWYDXJFnRj_CfT&FPcpNn)mB?&FtkUvz3ezDa~5JyB=cGMa< z|Jn8DMC=#sgaQ)uR5%UY*n8TwjC>%Tj>?uXaeFCp3ourscg3@{`NGOL@^?lgsZ$yB zOl|)3ku3J`sq$3@Mm5GgE>!Hj3o>=k94EAlH~q9f- zye*Wvicn;)!(7b%L*c~~gN{ZQ1{?pIm>t5&I6ur)I(XoZ@zKEiy3L+ zXa=xEm1wUN?_iZ80X~OVvXm5L9M_m50vm2|@)uBwtYus?w)tO2u-K!0m9I3Qtkn4< zf;3|0iTh1q1ss=^P$njUFaqT-Du>Gc&!TeG#6Nv5brzpSK6k7nNrr`O6$)m3Dz6hl zdd-T$`!MWj%A=&=0@Cy-0e+XMn5OLA>dIongeIJ6>d;SwD&I0;FJ|mR>9+n(p?5w* z2s8zu2$u7Ys!n38(GJ^)W(TrVNX%$23=5ttt0R(3n^T&{8YfhRo}or^Z8NhmF%4r| zPK(pF3Z0Y-t`prkmMfC*ca7lzIG-9^?Cg>_B7cPEtS4~rO_n^S5gO? zy0*8Wocnm*{KKU|z`3Z}^!7~2(=~C%_poeTLDe&64Ey|Ov2K&>6Bzq-5+&7y45CKK zzTAHL6Ina%e@)D3YVvZ4x04yG> zsTb?*YQvf>x`~zAu8F0QAxNt;%7$N5$0ADH&f1aX7~Twzk5b)uS9QwD;*}p z-AcB2T7&%d1hr4JtJ!cfrlv45wKFxh&Lbx;b4sPw*9~gJ=MKGYgo}<8Q1+~Scn;?6?-K9+mhA@9uZ+BZQy6)JLVpvhk~Qbi z*w|2;c>CMYbj73nUtlYR2+;Wl2X3^tX7%y-&r#aYUV3Grok^@md5z7HxKPdU)v7nI zia+bHzTf^%?Iz#9Ig)D0LaE7RSPB*eDc0ZEjBJh~9@y=ZL{n*J)?)+x@n3`f|q#Igtp(K=!Wo+MrOiK`L4|{FH!o5prf0oEA56;P#rb9SV+8(VXR%ONX zd{e2oWM)*eQq(I%^&T&AP0=vrbA27`e@(oj{i3e8EbmiM)>YzTe)d3phBQg6lm};F zSCP#ysyBZAP^=?>dL(Q#`Vg5Zv%?=gil|{;R4QE-@AL}0@~O*9r=mh~{Hqx+Et-T9 zF%`hYfPM1zZ<+^YTNP{iswz>gMaWgU&IO&{Yi5vh`C)j!2l~OUuv#p?1}^##P=|Uj zs6#zE2y~{(f=O=wmvpk8uSos*_H)B1v6>uyzbtMZ4yT&=pzZQMeGgumS~gDnxvVIb zA!0Gyo3W1)Yq>_t;}0CKY2CM>5au>tco^)u(doLrp(8Namdpng9?Z+drrB}}S{}&C z#HFe2)=%t;CbQj5xmK5A;dNM#*H7brWIIa_b1 zr))D$xI3@UeA&5sJ=WQxx$r68uSfUCfs85I)*_oF&b)<&DIHK47F-lT=kKtgg|&%5 zKCPWAB}yrj-7JVx^PNUVt zj?C~E``6i|DfI#VzN~SnACrXSp01TK83<(= zj52cNY4SmONzFzT6=e_8=Va$a%mcE}Wz+D-IZ3!mnReVmcKPXkVR;5OGC(Q;XTYN? zk}uv~aE#4F&euLYLKq#egbaLjahjGWa_mMfyPt|U~$8ndTLr*5a!wbcikLU71Q6yLGcw=|uyQtKv?+>Tfyvu;`^Z zm=&ks5u?W9hj|+Vb$mk67QB84)U8!-a*0Y(umzY}TKo=v`ES?b~!?Hot=jNAm?)$BnwM!KRZK4%ye`_jR|$)71RrYh>-b*;hpM`q-u z1DsOTUso?z;WmA5Jy2OfnKp(1Ws)Jt`RsLEmPABBNk1?>GJq z9^y=@+S8yXx+0C72PFOG`C;5#{u-tojlnigt_GJ0bcm<$hl*iUs3l>1+)V3Q-ZYMT zJe3o1BnZ@p64#`$*O(9By!^svzfMwPEdmt3PNH3t{aLcI4~J8PGO)y`KWkUe{>N`0La)Vtgmi;yvq;(OrFwg|1l)) z;%0?Dw4x|3OtM5~t9(Qo8e#bi-eY5xdob1_g>@i}WV=E!5BsQhJ z(gE1St*$Ef!T(JYASD^#CD9YO2Z4bmKEqw)uQ_Fn9iMzs9L==!IuJaOAw_>A%S=+i-F@p2s$zwMs=2G$z28bj|vYa3SJLA0U(%)oNL@oE-)4C z<7jiSqZm10o69SOw4wJ zG>mwI=MuAqPROwO{np-ic7~U?!esKC%czfz4vhlrkBh+5POqDr;b+p=bUIqks5jPk zJ35V-RP?eH>it|JdBjLMkW3yxMx!$S9&i;ID5io`z{Ott2mhCdQDemPrAMFhyAA1| zK1k#E%^jYG>A~IXhFeUg$MU`qr0?4-GqH&_j5(J+tGS6p!LMgr>`cK~= zdVijahww;_flw0r=|yC62~8-Gdh?-S)Wb9Q!-1!GCw?!i($VU56h1-J`vmC(5O+%f zg!h*V*CVU=PRl%OJXhuuLzQQA_;=%4H-B7hY5qb)yoZz^1o$-Ki>C4XZPm;K+%h14 z9DG{2DNm{QuDAVc$@kLecCU`@;Uy) z2C~D5M%9XA_Z7z^~9HVk%z(G=Lw5}CVY z%Pw?p3WNN)%&-<8#yo>hZorU1C>N<%}y#-NOO(ZSu-Uh$fR=bTc5b52TvFY z0VvrtXp2Pb1vREN3d0L}V#E9h4dx8mODpIZQ<@L$jk#*~``}3?_fUEVqkT-b--MyyuxyVL`5bfsD?E!|dKcsh zOgnw0$x1flZ(*!TKKyYkK#$-ul#5r(3@Gn)x?z8k-hj;B>&tJc7Bx*czdS|JZFqZQos0p`36xg(9b#t2&_!w3UY z6s1hkC;tV+UYlVqQL|iGNxSfC^vGi+lPRH!C6>mcXsLuNeFt(gI_i=tc!oQQ8{!t^ z)-2fWPaDMM_}~kVU2?iHfIK@S`X||h_FkRdBY@}hzK=U13jczCMxEw<^MsD?vg;Fd z+#!24wxHIumI!UcWY8%D>wC?_*I9eFE*2g0C-xO&|3$kaflBgL`#M5alDO5*k_pRb zE|Ma`XI%c~^49#t26%GsK(67Sxj>2O3BRz~#o06E;rlJ7Ug5i1yYSYY%v!GHL`VD@ z+l^*+_W4eh5)tPH{K6a{$<8azjn2;1a(IVRB#`l6@8LExG4S!ITwPx$(wa=1NTec2`K>nsX?EG+duo=3+o+wMwj?{PUjo~5QOC11 zfYpVyGv3~^ui`t{1BdTK9I2-+f6ypyZH!fJE=dU-P&MDjIA4B1v~g84SKDTOd&*(r z2t4%Tz<z=QwN({^1>SY$o;c`$5DMJo1t2!-zmf*nXvE7$cYRWY+?wl{R+k z58RdXqJNd^ht@Ua%Z$;s{1n%EBxT^}dzdMQA%5|9 zOT+;Z&h5x8qeWF0MSRkl1+9~GZkpC#Cbx-w`1OYVQ5ue(iZtm%;dC7GunbFh=+(4i zx)&Qxc&O{=PH?%HJ4g#Vz9V5dvCQHWaeHk{U9l$49|@Rgc~PoRg6ynL>}F%F{Y>=f ztLl~mvh5W_6M6i*y8!y0##!UPjlgf#(_{$ejPC--YY~(<=xT!;zF2PGEg|B5(TRrP zIro>MPz)NrTqe(D zXCiwsbewqtSb&6AJ9ky3{7}&|AJe>q)?3Y2`h14dO$~+^Zw#jQV-|Ydzc;UFDTV&Q zNoy-kiZEH_E+M~$I*$nB4Sc(X0OGf_0up!)3~02Inh{x2mI?>S7X=B5G+&8Vxl4{w zQ4*uIkR>zAH}@`Vhyz1Z0Zu|5HeS>CP+)I+z2P*v6b<0oNIpEfY_K)+crs}(Cj14h z|484la@K=XHpzG3C1K|&SYSt2Eb=F!(BmLj5Dic5Eu@h8Hue-pWs z*G)C?>GAQHp}?U@$Esdtg);bVh&u#kd04Mg(*N3k)tC624OwDGeLmVBF~JxhOMC)h zN}7PE$XmH2dhB36pp~`KqRA(yDqNg+vBMy#!Mk6+(Cv*g)Y;prK9Fk zFjwssqkK}4P99T6rtgX3o69Q}QYtwp52CXjn|N1wLAmK4R_!sxO0Y#!ouekzgB*x( zl3Q8&MKje5G(tbKmf?E=qyD9rITqsc!26m9-q)3UZ^QA%Jysv_PK*&*v?KlKS;@Jm z5{PK41`q|^j6FUz+iR~9(+c6g{WvVWF2#Jr?7Tg=4YJvr?juMszzg1Q6lp`DfB7b#pLO!rnA zQfPHCW7!Lkn*+X^#obcYoNnb0gH_=57Nozs3&zW^_wVH{6`8z=`LQy-{Tv{P$)XEC z=Dy5o5i@J@o^%XZgI2H2 zt2p-*%8GdEQ7^T*f;p_HkvKs7(lB6*nxK$GL@qhg^c6K|-s;NhI}@Zo_;RGVxEM^4 zJqVU-?Xf5l53iquVk<~MG&YiHGMHH<;O|8=TRzy#ug9?(H^IIa3i9ldxalB-qeNBh z=KVa*j7>cv5{b>Bn-JFZ;qXBfj~(^>3+m9vk`DgT5)NSP0^P_k`1G4u2m3oaeL(zz zKhe(`9mUfW-erEt{Yhrtad$)tP13!8Kh~BHXOBuh!!)L6g-QP>w|X01W)B4n#6zJ5 zB1yFleMyxFKz7Uw`Nm&ByCFM>{)^4RG)f=I9+UpX)w)?y-gup?umNVcTdVBaizCj+ zwb;nD4jpV2dXb@^NzkDLw_MIS<8`;bI48=eOn+aU${P9r;ivkPKO?mofZ$&sb5cfI zzi+IZ@(9~tK5d0+!!+aFv_6y&kj8>L`GZFLsFH5Jn48_*l)>{HL60U*x2nqT_T1TIrq&T2Yj;(H| znuW6JJLwLvJ~4FG@qhW1?Ju5?j?<&uV8$d)no^Hcqys@)*6yxraU`Jro-|J?MW z#fc-q)78ZUkl!ahvl%=5?$$}%w&{{W%(DTVTVSj@g3$YN=;Lcx)o~f86Nc?C>@-#c zI(!vd-a_~f?--RHVvi68>0&w-uOz96s z?6(Ynbd=7;rng(n=R~5l=~av}JB0V4A>F3EA*M9V9j>fFR#_w{9Xdtf!o(Wpb5WK^?zU``&j`mYxKvh z?wxa&$$dzrll;4M0EhySOzLb9+PaXJrN9sJ39Z2BKgJqsi~516UsGmqz@O+%o-b^9 zsbNaN&a*L3RLb%B(6GosKW+`$z|PhS1%?jtd;~xtJ~`YR4H?!V4KKOl;~yNp6UpXt zZ$j5+PJ4VtsWmKFsnbhHuY=x4&LG;`0A?tL6s#-&Tqz)MUAK;^02x$Rjv+W|$iE|tlIUaNHKtc@Kq~AY%KG+C^D?TiXV{N*v@r7_xITqk&c5$X z9w6~f$cP+~R>E8CrqE+k4S>mHvj=i|I^CDnmRBI25c?0Ru2r~6TRP>$EKJ6~+V2{n z)`s?7K_5XCrY5J6!;QpQdOe~~IW+mXE4~fOa2?5O=?jqSE#_yj-xC|^so(uE-2@Qo zqE>_3kZ?>@CzIu2H4!tB+O>?EZ-x)FY|BN7IHoKPU_!0HE*TEai|!-%Oz|3tp7?cP zgaU!Dx!gzJzr>C}p&YFvK|e=B0h0x+U*Umx#r?;t`|vwCeHLX*fv;pDktk~Gp>h6t z*8OB%V9z=gWx8KhDG>8SL&S0EeSZw&FtR3eY6&`n#PIa{FSzS|S}*Qx9OutBmOavN zmQ@#}6LyA77&|D~l zE2hsR&?S1VZ|65O67^Kla74D#^?k@so_jC zHywv+q<{IycS4TT^tvd(uQzQ4`@g3TH&fmDaMXH({X@BvZ}`j6QXDCTAOMgr!3I%( zXbqA;wHawi++D;B#=ysGq!IL6Fx_<;L*H%XLkP}{ITdlu(cy*{LJdd_%{V+-|A0en zV^7sxph1K9bCLLKhIWj;3d&IB2LU$QIWo7-qBRIp_05*X$-LIhVmY&qv{@UUxo@G* z(ubzvxr`CH`hY&>WwmK@%##$Vj?%JD_=g}P>ijA6`C}wxg@k1P)#-Uo55|r?y{6Ml zR>5yOg!S%QJ)bkZd(fkOqvOn+49u-&D_G}F0oc3iz!YHzg9XcU2hcF>l+5S4z;VA` zbOh5HZ_ji}K@P=`0=27!fK|~I>___X!q)Ho<=PgN(he=d#3+@|U5nLcgfs_+d;R<> z6uMc|s$lyaZTB<>U)HA-y}1->Q{1uI(I<>jpe|mLMpkTlDtz2HtmC;CJIsI~>S2(1o#-Fjl2k(uSFuKOlYKcGm8J(yU8$A3bX|Vn7WbWj zJReV?sy1)cR49zQqR`D%w8a!0%-92h8qC0a6OV|L!wCr3MM2RD4`7Hq3?^r!6+uWFYX$Dd4dyVp0JT$X0 z1q**^RQf(G3;jVPr`=^g&OASbAYgw6UCTW$SjL6X<|+aK??9|RZCCh_r2GZ){Yd?w zpC@z`9Rz84#98_r;^H$)*cAQ6uXC<45hHRUH5(^^_nTcBH2XiLA<6yY(NXeB=Ya z2@zZ0if@DxRq5YK+3CH<5iUTa7j43@D){8h-Id}5uOIPNXu%DavEj$B>+PNGT^ecu z1gI8Xb*s_V&FWI|MSJsC5Bsnwz_K+*kQ0SQx*ERmg8yn5S`5prf2K~NnCj0lN_084 zz3U7-JEtf2m<1B~NR14AZEcg2r_%$C*B`}KA!N~O73-ex?=1{b!)9O47QA^cdMLfN zIwcE?Hk0ehP^~hFI-$c_L`q1%M6-n{qg^=&AK?Oo1xeun!|bVMr5;%~ToqWaL0FVv zMvy?C-VsUr%<#oo`NQ=^E$PQkEtT3WP(dT#cY@B4#az}04oU?2dmpRXkpV8^BdNcv z;}Cv}ttnS6V!4AUjYY;nGAp4y1xxdL2WA793{Hi&{M!wPtu;JLva-qAg|n&ja&iB7 zAQeAuq#Z^Q%mW!9NoGwgt9BjNwR_3yzRsnKnb9y8mjreNcuf~ntk1m2zF|9_U#W>f z2MPS)Ru*FIHV(iDOE}A=g(jRoszJlXCZFdM?xW^isp(%cd?`^^X~p)U z>1^D`Cgn`VR2tbZu=np!Hd8YEWi9pRvv;{Li+X{tU|LVllAh*6X=#vbh|AS^M$;{M zL~kJ*R;OWuWS?&f+f)kqRSdmCBRud+j$10tY*G^eew1wri#zjcDd#ipCVAfp-ZEC}%Ga}Q(T6y$2SP`F`u7hZ&Mo4~3Ysn?A z{AtHC1wSUw8L)^8zSZF&+?N`3)IOO)|EJb3pwN!d8QS%5o+r(py++>}`B#qtGE04a$@}P= zZW+0Gi;?%WBqZ<$1 zL_u&EUsiAi^tnV_MFaZK06aq%bmP}T)t7AwcEI<2|0LUin=;E29wYj#5N`6TZ*W`m z!l&e`-n~uA(NUa;;(hk8tI607vlZEiabAvt|oh1ZDnJ~eQ1#gmQRQJ~XRMmH!W4hE{(8(D5w|p?S z2zYrC@bVv1nljE#m`S2rcq&`t`7_J7p~PO-gu9t7_cS!Q?TI|$ADvo6n?1Y}=06QT zy{-k&K&wYFp7qRQr@}ov4d^XJ^4R=rW4@_3w$^_22ueKlS$fhi+mkop5z@SxQr66n ztKo;|b}<>@zUAOF&N!!MarHARJ?r1l7($56QlV=T;W^!VuN(HWkYk74cmNM=;dY)c z;eqNVTqd6zsjQe;TZB2S()5b^jw~v_Xu&Ht{5KAXPd?vIVL!AfLrQ-5M&#g3&j;jf z=0)j#g}w&Kt0?zPLPRDNv2y22uhE+smu(dFsN4;P>FI&PPM@ba!kPA^UlKD}QI~f; z@nf%RjB9+ zG^QXzJ=wA4hU|}D=iay8e`xWjD6Olt!RA!ih>CTbdi1;kMauAwhs2sG2b+8THgtmk zmw72JQuOH@2L3sr8v-ZrxOb#$;eH*xDjDOY?=oshi6m1{0GE*e^td;vC;q|rRu~rv z7~%*S9Uo2}$-^yCj?N-I2t&Ptmcx%I0z}$BT_)Q6c^k`i4KU7@?MwgGj;Ti%H;8%YvX;P95^Iv z;Rl14@)wM7E7z0`bFuQJ9O>L3k)>MOf@b=@W?|$#BwjymYqJ?#nI)zHSI(^*BPPHc zFXq>`rbidQUwC1Rrn(+{kH&SR5~2j@(BU`9^!~^t!|7Q^ilSZIgDNTa{-ud|9eJu0 z`KKQ;X^{GEPfM5ij*pXZrt41vqSzUDE!Ft(5yi2 zH2up(PS@8gI+GKO&$j0g3nhtf)*1|QrH{=sX8uWJ9(Q?`8@w7=B01BVGVCvyRieEh zQv$zDdfHIj3O~^zF$Th98mAbH&16TJ#D?5)kGQoKj?h|v7mf&ba#vBd-x}LJ`3{=> z?cX^#AdUBM@oxp3+_l}Q_wrLReVDm-;xPPUC-I$TAq?u{s;&T{%_l%wp;-` z$5`(PFawzBVQRiHpv#}(yM|G@JQlS8-q%naXZgUUxP>12SdA%toI-I^uu$?gxm1=X zh#FCJdv{1N9<=-Y3cNI^5`1OH*!>rX(QlwajYk$XiDhI4qqSl)IQ5c~Wtl306n3Wu zgCX}g&JlRJRGGL0?X0|U62Se7AK_0sX|UF&U1g_&LLH8h9IqMBlr=)aQnsx)*RF_p zcGj83ob)Jkda@8a=dprQEKdix5L+QwlHDF9Uj;k2AZ-g<-LIh>(OrvAPG?dxyU(ei zf$kw)?8-DJbV(jLGPI%i%mmPUTa{+yJX>-pL|bn&Mqf5T&~U%%<0{=e4>eq(M#%8D zULl}7c~WZNS@GfGuWzlnBhP+%7n!FegIw(x!Y!NjRLGy@X#t_)D?a7p%;~+tOSK>{ z^EJazobqJ!p2MNp4L9SGYk%z?NrZX}P{>>==@DX)X-?Hh4NZ7;VvmOW&!InxabKmA z0I$2F5f+&DUK%LRweY3SqYZ@gVpFtXA1=JN83G4_TWBtuayqidTNhC(mw zlfu!hoL)$H%N8u0GCK%oh49wa?8Dovk3)n8PTx=ONT%yVoTQ9RRQ4{u`AYV0#m^6e z$}%^v4w~V!3JqbOeMnf4HlZ=$jR(0&ImHtQ#0$E=l0L^isN65wZeFa!{nTyI&h{&ha7(M5^0B`C7keGA@Grw zmuDt!E}JQp#Awr;8efX1E<1$sGeYk12M}eOXd>Au6uu3c*yku)+b7ZjPYE!Mcm3aJ`KBnd{cw;6z~Ue42fImdA7ka? zV+J?^0!tNixjlV|1 zd{(U+kp7%FwXn?&wIo4iI(`-KD_wHx+R-1&1dxtxZuK%e-wZeKWf)^uj);u+c>=Uw zmi9ip!*3YtgwYmoSt(5Tc-IAX$EhteQ^S4< z1-kE;2QGkE0YJv_#y;2j728pTXP7I81Ed!QWdEh$_C#0A4L*1qZ8}c&_g>~ln)$g+ zyR5v*^w)KI)LQHIVPi}2QCG=iVCvWy8~DUi%2w=YHs$^o_jW+!-WF??Jm|Z7390p3 zolOH9)R)SRQBkZRxw_Q(*;#ZNqv8Q(ql{ztoUI8=^NtT)5ZxD3?XxG6H!C9Z6h z{esZ%P%bM1fetI@1X14?2QI7i#}Z$SZ;t1cX5|f$5R039x+*PR9Rlr+y9ggIfqYz; z)ryGi4?9(hluS>KRarWW)@Ecs!hjw&#(r?j;OLR$uM#9Ioua39w4umtJEO-3RwgnQ zH^v8q;z2LQ!FM)%s^5nfM^^kBKA2R8<-M@`1R_upEWQv0@}+fzSbe)-J6a{(x9a9> z3Eu2_?R4u_stcfn#yJK(V$6BE9qjnA_my-Ey5RY=XUs>4Z9{nnj`Ge#j~>936K@wa z)GE)!w!$Nz{B*qh=r$D1okLQrT_y^(uTfv6&yz_gTGXvc-T>6i@qu5*@vi~QkmgLq zgW6`4tA!89?g4a??QA^wbH<2EF$v`O9B>jv#-#x$XdZb;YY*F4jJXt z)=yT9W?C08uxxJCeRzq8ILZbmUDydqgTDyKlJk==%?c|n4*i%n&ME{V#wx3W09HC& z6@QlUUxW2+Rmkdlf4;+K0DO#0aq*#15tB&AI*&~kio?S+X zK_zN!RHfd;o_L!H2hx#ufMtn#=K#Sov-8NmZqhDb?MG|V=o?GM<-5wQBJy*5e*bgM z9kWGvz`5)|^~wj99)#5B-V(tV_MLANM!akM{2J^tj8a+JkL<#Sehs}Q06E-Tc=+&_ z#X2mjj5fE9DK<gbzqZMToNOGEL0^`_acR#seo5nmR|NhqpQ+=+xDL3y7Mv<2QK`VDa4hX(G z=B-e3ItjwSGN?UE6epSLB(lV>&eai4s1>E~-j-K+8Eq4W5kXU`eQGyAeSceUlU!kRpLiC&K`$hp6s zhUdu=D86iA7rcXe7{9{0{3KzcT}nzgg3%=^5%v`sy%3~3qY;*hi1_zhgyApj&xeF~ z2hEBzpM!ToWRe66>qXJf=e~JIyHc37#g%2z3d}aNH%EC5vZ&T}el)u9N}EHT8asxc>A0Z-)RtMx3n&HC)5*y|C%s*qTCdolVh+-6_> zZ6N|{s9`A$qPQ5&)Ktb__u8f(yD@c1(4xFm9K`X!9)%^z1WyjNkl^sD)WR3n3d{biQdx?^<~4e>wld1~AA z81X>x_78L#0i7^_C#>}wZGm;W)Y^LdC3y|Y9?9ucWM0GJWOnu?StgGMx~@}>7f}K< z`FFy^pENST%D+8P{wjUc5enik_8s>-j+AeGH}T!meIc}Aen$rx-K|M&RgGNveAMGu zsV)=n)gd;SQmmZ~vA@M*813|=^31xJt}CZOA9WgQT|wJd*ai}^9wv3()OMF;c;x+V zN@`#C47JJEA^C=!_0ZbI1Kx09n-`bl#2VHTo?OtzC@T{Kq(4$C;`=5`$JLL{_2XQv z^QX2-vofPpqrj6Ah11Yv3eGHVw1tmFvtK6kj|cUQ≧Fsv!n?{X|nVe2oktqe5Yz z$+5ylWUc26d>{&4yl~b$sA^x0%c+-Dq&gaVg&X|~A2Hg%qQfT{8cw~6NKJxc{8~2* z!36qwR%sE+&6>Fb3M^Q@rl?j=Z$+I#%W28hs%Om*Zlj1zZj;HrP$e!&F-QK${xs8R zwAK`U@`b%>tO@Wmlibl>gdJpPWlF#GDU(UO30KtB$9!rLvuwHDO%+jZt?gE9`ItZh}0`tNJM&$bl zb07BG6-&j%AGio3-GSehYJzY!JOx|z0W4s{Fv-mZyyTBbBd^92;dxb)v^IF^>*^O7~RPUq9E;j&= z39a=`4J6-uWx^X%&9@!Q;Gb%=9nSU4IBU<2jkyU_X$lE{>p)N4+gu#8o(quon&U9p z;|Qn#I|*MHrG*=0dq!m9x+JZ=k2+EIa$nedeHIBDlYS?+5auR<5QZ|uAQUISAo-Ib zSg-WN9r;&q2c@k%>HG{+8E5B@`2_L_W@Oa$w#{YD)NeO36H?f)hNJE!27fU$<|c|t zh_C`Nq#zmn^@B|sqegxp8Ua1LcM7em7lDTETdO*c)=iXuAN+Ii)93C26z~TJ=veei zq+J3tXgn(2aZv(wRxf|CM(xk@RIfHnL(TPQT&AuF&16^GAA<(%e}G%Z@dDpEU{C`C zgaQF?F*hkyBt9$9aemcLOybm5M$-AHUn|p;TGft$WpO#yr}%GE0ge7bfzpcLO@-T= z%%3pcqwmQD^V3*?2KoMS_Sh{wi=4^R4W(3muuLFl80(r(#W-B)`gEr<-ie`6{xHw= zHfYqI9UpVk84PyRTL&)c-u>d3&v{xgeqSx={4cfoc{%h`F`GUO@@SOL+~XAG{eyW6 z2_KWbAg>UH$V=v{IK#;)v(nqvwnL-RYJ0y2f}qyttGlh>;rPQ*nO;9KZOk1N9E(R) zIh8P+XQJ_dg6@SXmFFmLLJ)&r!D1H|;Z~K3-sD9--e^x9LEw3sN z`*l~K%30KPb}e>dfV{@ENBJ@R>ah(j%M$AF0Tj`r?7hF_*-#GS&!%&$gM<(M+Y#Wb zeT*qWqTN4u1V8`Ja7>>&HMMjrpR9#H@Gx~1XMe+)dXx!zcg^B)J2S5QZpoVahW2V8 z^C8KSd)_$1G{D=^e;HR?_pIF)s(jk-%gwn)SgBCf4*o}|<%xqy%_xH9xFwXZ_HMU=M4i#}l^Lk_reDCP$J;U2-!v zwvH&L&)5fIlvx%ugT_RwOT+V>=s&5}Q@-}E*WbOFtm6Ta$&?2i!3uRLRjoEtss&2_ zFZTnrr-i>q-&;!lnkYlMTAacD7s<%m_O?S{OLYx8f}28vC(YH_GYW$;ENE6&u1L&F zTM`;1G9_UUz@^>UKkbYw7BH%*YVeNnd1)H^FCDyoT&2Z?U3 zUFjX!noQP8q+`mY^)rjfM7m1RPM&l1d#UDP2u5K)LP3)U9%en2@x<+!c zgGBp#@p-U&-YwT0uan`-l2wg;r3_+=VKrI_TG6kPK`6-N9MKJwIob<6Y7^31E<`MM zVGJ|a_?xW(%pU>ViG$dfKoA@HHNYujSO%e*@58M~#ExNs&={u^Mf9w_F4&K z56=b8=OyNC*4D#9b4T9dK?H|P;{~;UG0ha!eRSr+F9SWDf~RW@_mutGzq}{pd{}*i zGa1c-8FqA!7rm|L9mv{AeZU;r(Dx|xiL2l1R_DhWx8H4V0G(Y84A&mizzPP|Kfw9- zS?rd_B?OjGO&>Tzq=!}rv__U7mX8upVg~)qkjC(~$z5qk1j-@^7)S4`;3V>52^##^ zS@|iroMTG_(BW<7^G0D>$7xh5j4`9{ygAx-qxd-ZyeV#av>7h41yU3*s7e0{d( zQEj6sU-pEI{L`Nuu565V=J$gi9`E>D080U@yTihEsLjSK0eiL(rQf*Ei*d zke@Xc1tyys1yym%eR?KS2ZYufQx>lfTC?yUiH~jcD?Alx5&x#)yV?x~+Tp9~z>GvMAdRp~0;-E_@wjsbmwdpwjw16c?FF}S zg~sVL!E_j1rfS`>PVnWE%U+PlrkNMxy$-({Io$?1jG-4^`Si>lf1m!PWdU_K3H{=7 zOo{{-uq4+wPrX91@Cze;mhH?sQ*pc0KC`4|`+oD@CHQLJ*tU4AHU6|21J-7RlvxSn zA!pVR(g&uf71GhgOkx8SdhG5BB^O!`c z3AuN1H`!=oNk#A)0@5j?*VJIsv9KY9!=&r-_p=vM6@$r@k=2|qm5${*_*Nz2w7d#o zw1@uK6lN2twEKE5u1F8`Ije&jm1_t=;ndh{AL1~Q8f_Yd53~QgfCNFsVS*y$HYSS` zZ<579VjKv)uc$7MZ&-I8=5j6gM2=y?k~y#A;T2Hd55=GV>f1X2wmBM5UmAnS7wfZ3 z^+30Cy`iP2r?NjVo6Vm7-@#imuLmYgy1B~&GNhadlnI|7^nSQX;OCj`Yurx%(>e z-+>}1O6t!PbP6ee3UjnN!(kStE-YV{w;CunG=&W_9Bkh&Z=s4XUlL$3{9JXp%?Tj2 z3@|o?9C?@}5-LxhEkqBH@U>2JXvglP9E=le;}opY0)M)6A?$H%MDl0#ex>YN8~<41 za>0FOI&WRXnQp-95HtboWmHm^A1B_Fza=rjl5|fjLOAov8d@D7i!4Srj6v|5iX#`5 zW|u*S()Hu)*k{Rt#!|++OZWSEhX4XU`_I0!4ie#OO#-E)<=_R3W6~$$R6bDqDz9&H!5{u20RmT@#ISP3i>b79 zj*shX4PZ|9XLUfD1ojGou{f5Ru8-6xm7=Ks;Y^(9@l-409<~jg(a8E{wPq&=M;{xZ z3m)rr>Nge8%BRBlHa?2=HnJBfauf<~WKBLx0!tC+r*bEbB=o<;jJ`4Unh9r1)0EDS zKNIM`E$*=Cud_e?VNd$efL+{T^L;^cNM3$r)}o*}mau*+uC!Yprx7l{0Sz&L)dKCi zakv`OI#tS65HqTK&6m$ZIINgQm!MFHVDf)V0mtH}5Sfo>hK= z#rSc2`!e?DDIo@Zf!~ktKpq+Qpm@m639*l%Zq}P6rABtEb1B!_-eW29D!FstIiV=1 zM@2=*TrR_l*n_p}E;ONn*}#DzL`z7T*X}S*<=;)0Wta;=L*%T9mzTdE{-c78tE#XW zWA-;^zEg=f+{9MH{q$B)R^WRAxl6D-xCJwFK9cVc3b$~BEvLf=CETNOz}ncXxM4H%MN(Q-r0vmXPl5?rtPRT3Y&D_5Jz%W6!zg z?A^U{=b8CTJTvpWg@lWjmiXo-Vfz`?HDJOKgIoaw`#G~d74)$0fpFex9f~sl;%Ji~ z)Nl(rQKmu!obl(ZVUngnrtsvh?i@6)+DffLZAuIS-#_MDbpBM-UfO?d-NP zeoFN`gPY7xLNnB=CX#s(!dNEy3Q9=e8K9VtCz>YW;m;q+|G}9-BOx4);e4}yc){OX zb9Io@gqG%tXa1qdyM?ESKIj#z*|0Rz21!!<(3&WY7OFBEX^Jq`1r>ZD(|^J%#Kl@r z`=#%Gxtpd^tH5s!OfwX>08L9zo&9&%EL74~ z?4}mqzU0@2R^@#yh=<=m^HmGS4)-t1p}48vO4z1NE3HAUszS)diA5iI#xj7&qxvy$ z9&aFP9FbEq?0?(K0oD^lG-dfFJ2fy{i@u075bFw*q8_NpgDdVJ0kAz}!kel_5vjX| zt2$+jrcz`987)pG3p!%*<&G3bCTvtTEzFq(0Vxz1L{1Vi zaQdeel4VVzP!u$gc9%eZFLC3d*(nZ<0QJMT@6Yyf*UF&(;nU3T?Uk$^)=;EwE*$my zk0Y}BpjopLPV0~86^6s;v*y{HMr6Rop>3y%Vet0~gjRKjh5xLi-cd*JoYI25majwk zR4qPLIep1qC^U|zb_mH7abf05fGN#GrubR)im?~%uGnhpv)w5^u8*}BUn*aX{q2O7 z2w|O{3t}IUV1zHcc3w!QRNMVRF!`2iBC{%V%vyk;odMo!sD=aoU;pRF9h+5)`8p3Y z1J?6lxGhVqwJ}I9ZPzjzDzx+%{;Nq|r z=P;2YJ!k!@0vK-de&gqBW03CcpjG}mJ(gH$SkZwRq`0#%cM4Y!j?0R~_~R&I+T(w` z1XwHVLguOyr#w`AC9m=Y8Wiv7w=SS+w66EOVoQ5+^_7fQ@L&iX!R%n>cvr*IxrWM5 zv{xJl{2p6ld@Jg@T+>aQh30gd7tkR7VDpEL{_Rx;-Bp(Xu8wPZJvp8WCZno&)`tfH zJ6*i=e|hjWmm^dza|Y4fA{aoqRJs?ZmfnTQQ1|dG+6BVh;@7lux|g<>b}69uSefp~ zHgultAOCWO%0%q4mMhGg<%j4K!dl#EC3-pUyX=GYN^@;b=;?8~yoQ3(aSXByJN>$+ zpES`zp3D{(=6=M0k*2qU+wySLI4)i|&Bjqgk7~a9M6ZkmN`b?wY3v0096tQh?d@Px zdUJ-}og$ccM>x^EsPDmK4S22&94r%Ply=zwFIv1dQpu9>W2Sz`E4H`kAbX`TJ&~bW zKQ?{a<(^eZdn>x2E`xMUpT?kWA$2Vkn_jzU>WOBI-MN1b;l>zhy&1#K9P|k*l07(X z6o7liaT2$MkxduekTzx#cUZ{@+CGiTT>Znvg_I~`t1Dt_ zsKe~|p%Yug@Jx-YTy95GkgBx7dHv$g*X({}wK~rNcFaD!t{288*BhA8yZ;Uk@2%8P z$@cFxNrO=9%ouuq6Y&`UiP}ezBW!M-<_YNFJzU&IxuV)k=`O!9=fNBo!m6F2Kn-Ua z9HeI#9&ZYv+e!v&4xa1kn!))v z^sfzdZ_uX$du}Fh6ZssT>;=JpDuJ9p(U3*X0yB)Hw`eP*KR@;PcPuhfyiy1nuipvb z`MDaH+Bv7Q_cFrR^8XbOC}U-`MpCY(P&C6p;l{;e;nTBZKJbD@ znJ^-yTQlWP_}6f+LzE$Km;iY>0OvC*0*NNR4*=M<>yfXF>ZW0tTMQ-4)q9V1+S_y= z5ms#SK(%ETnP~?2W)YKgPk$8w5oiGg z*UAW|DxZpzWCyd$ewRC{_$fQG%MC8VlYu|Dend3vP+A!M4j*O^22L80kMD5Q>1PXS zD~OI#cKjcnuu5RzOO0i~H_A$2#eZO9R#m8(M_`{U41>H(jwLUs70DzHwMq@^qWO?Z ziDoT^hb|kLGPuhJ0v178Z zhzR22NVYQ7OKIxT)Vw|Kv&KvKhb(>(+(l`;&k|BMHU~T2?im$}a%c1BoE%+<$=EZ_ zhF_kziFwHt*NnvMHy%eSs$-l2Yeig@i0WuapH{Oucb3chB!7CFVrmQXlqic8JKdVt zbK3OyqP1y_#AiAPs|E%1^4>h-*w3jxGk(JIiJsrhBsi#QJ1dX4{p_mY>Gn)3T--sS zT*53tXZ7gTx9`nqt$!O5$JM6FcL)lxFb`Jq;cJ*Kg0VXhSH7%4MkY;MK&Z_kPEf)L zVKhP3<1@!xAq7gCr+Awn5AUcL?B5N2k1oXywJt}6yK*($Cx(&Zf#wbi_`dZ=GcULF z;n;PU8+N(bn9FvR2kp!BmYg+bt31b!hT)rUCikPi^iT+@i)rRLwW<_b$`)@VKwCcKls*)7Sn5N%Bc8EO;Z2BG ze^f}FBl@X0C5kWSuNVg9#+2n9NTUBR?!aG{XZi5l5oBS9A@zjX!9zxhw@g}{V1?{iT7;#q=Qz$U7P%dFk*r_uh#KuIF zLpZAirT&!VCc`gvq>xTXK|f&DZmQIX87X{nTBK+@IW^kA?&;V4SOtV0G(^tr($Gp0 z7fG0ZJK&O8-JAedJWl^JNrN-oA(Pix#FLT+mfGZ`u=|%@9_7nxcP#FPEL2mNrxyF( zt)n+v*+m-?T03Sq=@*Z%DRPH2TMyWM+KxEYt3q*S-FtGgASIT{%Y7;if>hi^*V5@M z&CE5oM+9n|b!g_$m1g@_p&P?ux^K3oQd-6~+F%Ww;sKD5dV4sq>E%JY!7%K>Bt5{R z>h@E0b$VLT>NcdaWRD^{84E3a5s%_e&HShUXaC*?UZJpk+A`@fmxU!0(MH~vk!y|E zCGuffw`SSb{abZDLj9c|*__S^99w+oB z+M0_C*}=>>`!7s9U?2P7EjS|^On=w*Bx6q1%-&+5KzWUwo1^l?Y~?tSmVlDyO5@o+c)y6O>BC-0<7BRZ{j=@ zLclf$@X5F*si04mQDQ%3Twa?X8PQ!Rqo4-Mw~?dpa}HlKuqTz@L_+mDNt#bjerW;N37B$Tw6} zLhsDmxMOfUEO9%Y={vk_OIy&$Zkrk9dbZ7;w897Gd3Y{{P_`z#IP;RZ4KJJ@wa>UR zzD}(lUv-nT`LGd>kcTaT=;qre+uQ4({WX-|W(aO}_t6y9$|KQ)v{1=O4T}|{IyXW| zKZO3m$P+{4hucID1|J-F<&R_H$lgSQ_wqruudian7nwpN`+*j-7!M1**zDSS)N*mmH#iG6ZF{65_<_d6^~Od+*J{JWi@SMW2iO>Eb%H&%^Wr zjR~t>AB18UzA5$U@IfTU&2rvj-Bio4rBemi%{_Qi!6*^#^WIs^7+p zpjo5`nP{8L1Wa^)et5GmF4ohG-;HLr_4!Zn4+r751{0dSGjuwgGO5BpN25}cR$l@sfMN%T0tQ{uCPH`~u|Mc~xjmlw+4D zhF$U&tIzz3`_tzgjwbPjTYQ6})%(W5?;xNcxbg}e;y2H+wHh#r;$JP(1+3O@pq z6@#RS*V;S!5>6iq$J1(-83IVo){GPQodbeESSo zrUc{*@OQU#?Rg0xF{#kW4&7g%kIm4notpp3>VAblx^sIBPu-xiH0vu$sKy_DiCWO1Wnn?N&?pb-@RXIBhOp(2p zMjt}6Y;e>tKtjz@Cfd?VVWeTDo4#zY-~w)$FX>S={|C!c9T)fmQ?2MGlD#*3QMb&k zQ5Rx`mdqJ$g=quU2`${?6vgv47EMj1ysR6Eja* zA$D*GKxH{L9dTiSDe;d*;E_&hJY$)!(`mcB_!JbO9Q)5{s&ESNceWD|RB}M(#!$B# z3&Jbew~@&S4UDo_ifih95X7Im>dBnt(IJ2Q3RB!(BG%1`OFm|KCwA7p#KehL{TzYh zlCKw5qWFVx`u9a-(xr^wy`a?50zeZdXzw+0UaDh1dUQWXUBfZYdhrZ{76hHXVp{J1 zrCHmXN#c$8`~TQ6g9_SPL-xztl-WptylQ_yBk{Yu+|u~)iF)8gs41<=eD}68jZx#8 zpvrg|$27uC=cmH(7nscqH-n#eb{9>R$z#PUZg2{gFehiQ{hI;2!j+WP;)uch)@YI# zmFoT$zIPsfEBE#Kv&G+p5a@zD0;S?yDe;e;rW5qWdG=h?87Z+W8eKPDsJGV-^k$3y zvm~Ed;dq-k{0ShOJ?hCIdkuF1Ph3+#Y=FKgRkHCx2J4f6aBUu1Ii>Ca(|#teT=L8u4g7vz?s{ znCQJat*2SwmS1?a31QDTSpSz4h(0z5IF70iq(=Sraev0lXR}Y9=fRP0&hRW;U168! zHC5@mgKGjsMag*O@w~Ur<}ILTbg)=CNcQ>H{W>x$eJ6~2D{y)_$QV`+3|j%xpssvu zXU{gmN-1I3RYz)j)5kx6v#b<)GIQcwXzz61`3WvRDGKo5c^F;?2ULLU-%U5Foa2Qp z_;YaA{xJM3bchirhJgHbC%PO!CL|4I-k`ViCln-B0!JkhWBy)zsmFQ&ou zl^_k+UGS?a5H?&Ue-D_d3dH>4n%U+)OYb%WjW8Q*Rt2(#od!==fr?hSebv56g+C`_-FvENzDYk!Sh3s8c~k96lNpSSR)IhlKaD*is*J>w9%o zym#vu;yTyWWVdF+l3O51FMD&w`;R}gxv+61O@?qaFbA9p>m8{g4y*3`qD$jb#y@9O z-_hMC;m0#9m{}442IB>a^`2+}#MGz5XH4dlr{i z`4h1L3ankx=j+)pislxN z;yZlPlgg^^m60SX@5}E5c}l<}5yM&r&#};91Qe~7%OkDCrFUpyclP(EPp>vFR7_@F z#=c*Wo{Q@ZqJFNVL5+F-N|Eeim6Q`b7RPLmz4%vhxk}|$ zr2(v|VxrLQ79hXT0=ZC;H%;sk`7PU}dkV6+YsBks%>9xq*umNnVI9}49jE>?qEpb{ z{r7$^T|TOuh_O;*nS1IDj8`hG#?Aj)z0eqBlb-2U8Gu!w zchy`icmD!Mu!ui|$~f(Kq(5_MeB0ZF-UYz#Dnr}?+*r+~A%CIm8)y2`@0xpOYBc5H z@vbi))IN74r{KO&V)(+oo493T!;Kt=rJg1y`mb!Yo7=hAjf5*9{5&VR4^!<@Ihnuv z8`GWLK*^{s*Go4r1{2|$ zPq+c)+3`c+eECV%!cl&kkN1M<1J{&?Pt%7>WW5Y7`CR3K zvnBnBfWil)6N>o8LTAtFO65PzN~tpThcyY#gMl4#jVH|z3V66*(&QK!Oaz>$(n0AO zVfZk2`SRqPuHnG{l9~@Dn{E}#PhtyHSi59{f#ELtC*NZqqWM2j&A4G1`OsVKe#Cf= z<;0q8@W$=+^TqFnrN3NygE*EI4dTfBrsyv>ZMmtYmZK=9!?-xC0NNpCZG}5YzT;!& zPOTUjSN(%(=9r+j;sav}$?E#s_{GH%=QLOO^o@XA^a`QUB5@LaT>WCV!bk1HtPP!Z z+1UMX%+D%`CuidBA*<@%{(J4Adj8pKlLMhWnX*05dR+ZHyU#sHI=7$VSZ{I}yq6ae zUzm3IG4+3^mp)XXd_^l8kHW}k^Z3)j4D(+sa+BK~dCOrW2H|8FBHaGA0A_np1q`rb zS@GCS{Gh}F=z1o9l-9G>S-W)!o-WDoMCdxG#N?vRSz&9>9Aj+FcORD&2h!2CzoWn1 z4zaav__ZRlb0+NYs|oy+F#FB~m6>N)$@Z#ExG*bPd4AeXT7DJMoNwtC*<|kUkzNHnYjATcRSyhrXG=}_EsS%zUGfsl zwkM6y*~3V*t%fV@#HENeUa(!@!i%dz>e=VolU|npW<04bYUiK|A%(KHzYJT@fj!MO z?MUEg8lw#EPqUHdRjf6-^Ow*W`ym@9)c@_aNrcE;+KCh>Ip}>6mdLAlNC1|-=(gr; zPJm@2+uNF|K-GMD#H_=yENsmp%FJ2z_%TI1=4oh`iK!=j!cKlREHOk`X8tCDlgek? z^4iL<`HD36tyz4)>jCt#(lJ~q5pLNkDZJ114w`;?LWzG?x3YMftpD@+m)978t;Og7<}gFe+krRk2If>&RlVl*nRSLUkE$%0%pkbw|VRMF7c6Xx(*C ziMOOYzF90H|I^=n$rEjP3m+3U`{UPopBvZ%zI;sp39U(W)Gu~6=4>5+rM6aCr>c5F zQ01+0;moQLFANqxPjy(oHyY4S7H(bAgESF7%|AWJ&cYBitqlg_GZI zIBh0mEkAm5wyNg{{~yQ(au?u`vpB3`*DL?xBbAJxyQS8cK+j;rjG;+s#VN3q6 z#i8rN@Y%K~AU>NU-B%_bpRICF1MksbLS2iVsgJGhZnrUavZTZD z%RkOA-e)(@`NP;Er26sK&4tPrOUr2Iza^#JOn0wZKNSFxvBrtu^A|43vvX!%T85E1AC1_ zG#pwZ_Ad*sFL#UaSN8b#;&Ti$ozI|#pOE`Bq^SiU>X|j_-*H%yj4b{-9Pc&jGt!uH z<*RsbY$a^RZk6)W9m#{`=mIx|fzQr0y|&q)JjvZ##Axm?EXeO?I;<>nTWEPW?$c#$ zq=ULT#aB@TMo@8YVu&S#KDaXKmCJ*83GM3!XkZG8kJEg-2Wwj|rv6sU7XGtMd z!VpA`92KY~l}eb=+yb8l-Y;+d{Md3#hUDF)BUA#lPkjO^_hT1`H8{_&yBJNA=AAWV z(%lE@bjqBsfeb0#g)GVZahgY94Rx44de)pLO(8$SCodCg#7yN6=WWNjndV^nHQ+$T zHj1iA;777Gp!fX-wzKy}ogKO9EJV~% z3fX;5i0-#sda8jNFycqZub{RCu5} zLjy?10#;1SrA_1)!f$ws(kcnT`^On0Y6>{AalfXlLZsGY*m8zSjtw!uHmo;9s)XjG zmm42xZZgD`#;t3xY{qYiEyzt2_O?W)cCbJ;Hm9nHzHgoI=8X-jhBOSgS6uz!f3bS& zbxx|OECK&N+G0Bab?NO2vdwSvQZ7TPU}{b}{O*m{>#4V+THU)ICt-Y(wAtEF3zLpP z{Fu54!>#+(c6;8O(={V|m4BL!C2vYPG2v3LyF8t0jeL&KAMi^Lbve!6JwKix;Etbn znP$cRa#AdfcauQhc*vGs$x=dy7&AYP3Y&(65oEKpW)wCtS_{f&EWXj)A zs22~A1L$5<2Ud@u!oRYFDcY-slPmkrJK=UNn%xkap@w=Vi+-V(ZP(h?GrM&}C1`eo z9~meQ{et$*LL^U=+lF03*D?z}oc8w@OgR#79DXlgq-m;qy@5$JiwPVi1sbr6gtPx1 zf`Nq2Y5w*V<6fSz;gsuU-fc`OXWUZ_o8sBiJ%CIk#49!2#=Nm*vfC3EkU^@!G(YBV z|1QwCe{ULXtoJ{%9-JE%HpFyjp=9la6o=ndT?mVKO5SGEG|72p&R-bUwC|4kc>Pf0 zITL0<187s7H#~pj<@J7R{Q539lFEK1!SZ!Vu-Ww2KfRzFFTd4T`A&a@6>PqJ9J&gm zNdj{|a}qJD?$KQwak-zV!RMEbJA=T=HUA@^V-9}_DvL)@S&S=#Smu8KcrdHvGt~M* zJaoQtu%hph1s9AbXRcW$$tVZ|zGHh%vTwF-U$z{ZTNsG8raHtXSfaJzvAi=8{jIZ& zu6=@Y9o3wt z?(3zLR4g0@NBxzLC-0c^wA|U&+HKe!?ePwCh@-~e$yfvfJ|2$uQr=`8wZE3=rM%i{ zHqw?JmHN;Wh%iy3S5LCVs)~bYdC|;={P$Av&o9qgm?P)4aV%!2y^h*L%UiEq=0DIK z-wF}66kRt{*_K);=vH3Hxz;&pI6^$JY&4ZrjWi$EA6wKVeA+N#o{#b8-8fLBNCn@+ zn4j0dEYo-ctz9r7QV`%JkK}0ZUw6Xxb64ZEudnpea4D|a!p(Q}pK$k6T~Z`HiMkek zk)fd!tfQ5YytSNs5mJAK9mQI4|FX6x z@k)gH7+)+Wfn>lNUDK1l`+NRIIVxyxn8JOoDa}y`mxCVpkCW9Bgb0 z{mer$9% zX!{fBay;7zw4(v`KEnw9LJZs0N(M7euQoA1(;#}GySRfKNWs07xMQ9Skq2>pi};@d z^FaE_6?y%qSRezI`P(Xa(d5v>^&F<__?(Xq^18^|BUDe0N@#F}-#ZoA6~d7FEPuKs z)HvwUmpwX7T3E_@cYLwdtW}ovTy&dgYF+=Fu?zvka%|Det84#|G<{@a5Vfo=xpmcc zam4Fhhn1L#OkO%+J~p&{7Js5e>*s>QFQX=yMQ9MnnfK4Bf~$9XKl@WG7K%e;nO@Xt zEFB-Y7HlSsT2H_gkcHm#XPVTH<1V^eQp=mg5lLN#k%yfqMA3;Vqi9cS8F=U}T&EY( zWJt62Vhr(H&kR*8k_oZ+&mNvaw+O*%eIR|<&HB1NPz5Y31=xH5L;_7%M+|_%FnyH1 zoCX{~kR80g^OW;H6+-J=F~QV>AU0s%qR-=HHIe+E1ac~Y{Qyf3(Ri#ck9KT4tX~h_ zyu8LhdSG&N;}9Ms8&4x^kkB>NeO<&6C{1bn$24luTX)gQ~n)Zl{FT*6y1 zE`_p3Fpmt8`CBXr8;%22_W7R+&*(+07DIT>CXARjnZ&SzYPC_Zo8r?b^lvm4(v;)`hT2nS@srZ>wEJl&Yjm9mlu+E)D zKbmgVX{vbX#0FZxhPOP%HU9a9wZ5=D=1#a{c%R}OHXrEVJ>IBp|KEf60O;hsjN=afZ&3z<)MGDrWYdutG5}s;?2M(* zXV?X6!>JN>>lTIG=HQnFKOIh5w+|N0bSh!lH10>FRqYEr<@ReqYP%A%+^T__U-6l0 zkZRO+N$}vx6Bfx%+C2IrVL6y%3?v2n zrrv)H6a$O?J~4eMhf3duRBgP&>A9ZIXE5;uNEKLk8eeOsZ;T?<>?#K>+nFaY566ab zGa8%PQ0GhKn?kfmOH|KCmzFeOkj)%>NEcg*sF#C7q;wf!RjuKHo~+5YVA*!t+5?@Pzpkfv&zIp=DO3Vy3i zq-6D<1eX+F>dQ<)DH;OLT$W0+y6SYwGt;ErOyHN8OIo(Vw+g|M*%*ewnl8#nh8QO- zB9x~+aAi3a6TpfcsW#lz=l6?^(2;Dz8)E@Ufx^>>??y$7kgI!3b$SLEBkV1dI7N?z zNBfBV^hWfEWx{NC%q*~tlwYfaNE)z!QZW{~qAwdMj~pkj6^+k=Gg!zBWge;$g3fbw z4)UM31^%+_8iBq3F&z?9KbBg5u8pKa!>jC>6HaS~@o7NETusvnb@>v~0+?B$^VI-c z77g=wu-xE+b$M^?G`2|g+q{%uY8P|miFTgR7K%BRB8|`OFpk75YV?u~tTq*s+kVvK z+9Of~k!H+vGkM4n8ozAO1v=IB^S-7=^h8zX>zKK3$h|rf5RHdtC;7|#7@n1{_EQgf zU6NxHECT^7m&(njcIK#K9Xe%zx@kI_$&(+8z_t;JeLF1*5{6&F*N8ZRAJ<{~Jl(XG zLzuLj+7k;+;a9UHG9n{CUi&FcRMDfRmep%&GF>H{N8s9ut#RFgzj@uGlhgGTo3SVT z_>zB@j#1PvsAW+gQi%T(^)Q3yQ1%LJkuT2VEA-?j-13~pUb){r9f zEwyk8mH1WpyTE3mgp|ZA;O*XjO~=4;6Q{~??2jN<1Q)zyPb{*WX3r^RdZ(CfoEti% z^`)-Tnv5DV6@4MC1KYJ!UPX5@@2*uOJ}rCq6;|O1N%h>#DUbY1Czx+kw)V+1W{C{s zOtmX&Of&^bxQpa@UshDCfYP`4pEw*`YCl*AbF_Qk{;Eo;QyG~Q-SzD%Jlu|tMat%v zS+Q#-46H!P?lLKlH;Or>mYK=72#7L66AIdUO)UdfG(bh{e(~k({m!d+cv8s-!pR;-O)c!s{Tb7bR zSIB*jd1x3mJL*S~j*xqp(f{;9xVfaoxgC7=ndO2u48c6o?o01-Rs!ascV&IqH>9p( zGas%WSnW$3F|N}U1thqEoXUj#7~&)!fhRLcY~IU*De-I z2D$FO6Ut428B?YgU*JB$#A!7KX1wk-gJ-9x2*N)&7f_eq^I_m6Gymbv(}8oB=~z2< zCFSEccv5+IsQzO!bPe&sI%M%Ohe6C8i* z{oTcCqPxCK@LT_rY5o)3sz{0EMyHG>L@ujNc0k|V4(VrNZN8)N;+S@z2xjkh___*X z@3nm?k<}A2^c@u57@!`Pif}*_)@oM;hOJoM?FW#r53Uu(#4ik z-9jiVl7?cNtZLxK3>kbOJqahi0E&cCkuF(E=Z4$1@+wRCxC7q!?$+ohsn>vWHGW)ru)j^x%lF}2tb**37@L5AH z^`hq0c>tJT15@L{;yJ7xs)9XYinoOaBw9ABsvNStBS8NybReyq#z}73BQW+kk^T;S zI%&e`nJQF|fPg4+ETOjj*JrBWxN_8@qg3KNp#k-O^zlKQcS?@0KbJcO2Y-HU-1lX0 zDrT3hk@c2uf0oGXl@e~T9^Ect^8vqZ)@*87dMiZG}%U zhlas&z6b7{0l?)kbef;B4Ku8=0~l(-c>oIq?Dm&p%56EYW5FB;)hR`9-|ZBfK%~9t z#OLq_WjQXpRK_S%A}pw1rM4lykDhHQAbfXFOL88PV7Xl##8sLF>!|**S=mz=ZuRT6 z=lT=12mHXp0woBqJXusXg?-^8h?KRO&5TSyjD_15hKcQ2cCu(CuHWc0Ys3Cq_yu5g zq-kB6Wf=FZly7MwW>?IC%f0u?Z=2ZVmsWr|bRf8pxoVgtw3D=&v+9a)#~19@6yBhu z4{Es?UA|CJUQa`9-J?>093V}7u>6^DuH27VbVMkCppJ7i7~peIHhDiBaE{!oczMJG zu$qFlp>9QLvN~^8DwEEem#}7Q!2aHvVe8V-2vYJO-WL<3$Fc}wp`96<)1jNA?34l6 zgSj;;ygZNZpHVj;5MD}YAbJ(u_J%z033-v>4omT#L+>i$4=UY@5BOM(3;~gcZZJ=V z9ymf*5&uBp*Z9GZPwNTU-44pjZT_(lg~vOB?B0j^kP(RRor$qvtthO+o3|{86zlGex1d>X)8LyVWj!!s5*;>7a`4#`xXC z4qcdD)U{7#bo)~^oqbipHcNe|Y-YwGPS%**@40YeCYEv*B0K&npX(1xo7R*3S|}-| zNPRNEBAgivw-=Jz+Dn#z3OJ6cmEB2)jPjHeve~P%uY+FfIbPLQx91Bp6!g1d>GTZI zfgeWCW?UoOcUm+FQ`i~$erUdHtP*J66R0ljd6>=^+VgEl+uWaPsZ@bz;mje40$7x+V(kmEF$4#K+3xoo@~NI|@yh*v}iu;daIJd!!8l z&v+iJdtL616z^;bYrV#aB`!w^WcXzvX*KU_1VSAeONcEDTX5b$u@x}LweWkj`Z(nZVleSeK3*#`Qp@)6qI|u3!-UVd%>azH6!9)viqcj=WB3 zV_=@EWpF6_ZA;gEN_UJaOVQ?9qM4VN;~ZInoHdH_ApUgJ)#Z~TyQRxhtRTm5Q=W%Q z*4zV5BtJ6H%iy+13Ph^k{{>gzRk(hP!o5f2rklWyh{)b9dbs|7R+Uh|vUo|1_Zecv|MJvbLD=p>-!@T-7PoFBaL#SMkyb5%I$7 zo6LPq7F{j5zZ>9BDK@=mSHZ6Z5ReG&cUe05&nb)Tl{~V37|!BhzScjNnq67KdwhR7 z{yg>oBgdoDd3LAJmZGD1~9Wh@Ks8|JYu63U}ug2faZQ}Q5mY>T(M$(c=jRki!*&rSa0h_o(3 z6^Dc$PdK>Y`#A~&Q@6XG(M$W5o-i<^>iNpXdL0)^_H$VHUv&1UE84qn$S&{2X=Nu7 zk~T}B=S3+)hr;YX*7Se9erT|(N@2hs@j3jOvR6x}M|jS!O6M})*W5=XE0kQkuE)8k zTuX4^sh@Fma%o@~t~Jb~juh`~dSxFu`6eWBpI}z8i?IAcUdDE0aH`;Zu8zWhinR%W zS~WFC=QZ}-(O23N1=q8ZeSQ24_M2{>X3dA(l~_cl+DxE4ZGF_;=MKGsoY&%t_b^2Z zOLaA6xjOC$%Tg`~_SUDvr;hsVR|F7!{~Dg&T))vyVT&UlEjPe^jYaKf^Te2f(C{)D z@`Uite3r$^PU><0#Kwtr9ueH4jPQMlFiS}zfHk-2l;WX9dmi|KHXTFqX`xn5{g_A| zLFVmab`Q|UhlSkR=$5>>LV~%gC&7b-LHs8HUH0gn{>J9ytpqd zuwQ7^t-Sl~tSolKmACqw-^@f9je1vv0%dTI*on2$yz8T^90DRwiiO4ApUw0mX*=1z zmoU`r!yq^pqn6TLy1oufi2(U8W<;xwz8o!Ix}McbpQIgl>5HHq@?bHK$>qh!bAnlT zhCI0_a8BawcCk#Vb7MnQ0c|t^ynfwD%IClA?`jmRr6~%Tbr~%V(c*0?5PT@r0Py9% zQ#hBDmkJmEgxsb#3l~0kA!=iF#h)ZpK_O;;^$%`KZC9!yTF+l86?mujfK9)La6;!%Y#2eN4&Y6Nc=EQ2{yY;b8 zpgNcF=``wSd%N)4o9t(z;;w}?G?=arTGYnl1rPy(cMGzV6b>mKBkw;gsx+_JjShF{ zdZ_fiT)-tKN)oR`BV%X3cqZ85mi&H=1pbtODD)afuw`!&=O%jqsD6*>_uQB$H;loH zA+}NKY~`|I50@xZ{GW}^UdQV341hn)70Rp}3F2c(L-U@4d2<`;S8a^^U6?P4!tMbx z*xZ|fR94u$G32&if@`?(M$g%3A>{SDcjbO_dX9 zeE8|Z?*o83OC_Q<&x&_@|Wwn!|CJZx;6K%3Z3L4)O5|6^k z!)s!P)g)~bKksHd^QS!bj$A~>XAd7mww5z^!98cp-d@sug|r8ahu)bd8?xK}Vl>+V zN-IYC)(9gP8~kw4-fz#ECpkVDa2Q;NIQ5L_o6#)&QadUgo=UBL`atMJdI)2bx34`XYpt7%Rg?8PF-rDVfL#lnw`m1Uf z-Rz1j(?crxKmZlOYC+W(9f|4nn<(x=fFEd?z+>aKsi?eAPpzBOk6Qe3f>(VMe#cCC zrUB24DiRCx;GTgQWYv?+91aqJ`;H;x^bdaJ0p09Ieu>gi8`Ej;nmr5EJV_SnKx)F*N~1+qSR%6RY%jsZ>RFUOm1-Sfd!Yk3hBW1PJO2#Eg^+?2ne+1w=0r4 zne88nV1!n24X+%j$2hJ>dhK{|s?FYxKDIf13JkLuEZdk7ej??=MQ(caG2`{$jQsRV11wZ+$2yWfoz$hRc`sRd z08@a0cs}@O6QqJPtv_sg-2MQT*a8{7UK@WiHtJbB+o_tyjxe)R;-dv_*#eOugS%~> z>W(&$z`I)@R#-bQ-ZqF7HUuoV4bp=(1ZQo7Okjn<2s@w;uytVm9Z(P)#zF|Ve+QI? z-3GybfBC#t!KQ@2?m8m|nr@RZAd~{Te+L-@^Suf}hP1pP3W!wq{735ghU;R@p%cUT z$(V4qV`b+z>OtH0j@|siGJFZzBu|yAD$6Xly81(x!@E&jDI-;4=)#$i7zrmI)P3|; z`4^_|9!`zCX0m@L53qzHPcV$UGSRn&S%;=1u!$v|BasHD-ay{m5f8+34&{Mmc=72nAUBS7v-Q_ zT0#G9a@)p-?nZ#&!(7$KgZmeK87X;X{ZiwuGz4sWeKq@wPaGWP@DDt31J%!_m$4AHmwdYF5FalVYV zP*co5H$NOGJ$Xa=q zd%*L#iJWOl30pJ%thxI2#GLt|_Y;XH(|Cih>eFd|A$%6_JKlDl!JvX=GmG*dCwq^Y zsMKUZp6H_$`u^pMI7D~aGg6mnou=U;f#RoMB2qB_uqNi#R?2sr>Lf&**Ld%PB0sHs zXM-zDP{C0@(7*hxJF}fzB98@b-6nDhGR2dSK>KKzaY{aMkc{TwesV`R6>;<;JpOJA z5Iy}9LE|q6QnvM#R*r^ldUJfCz5vBZ^82#+P?{9!d~5Vc!E#8H)j1543*G#;RC?A( zx{6*M7UM|$?B;v8m7~dT-!7-&v)3W5;BP99McESUjBc;IT?ny!t>$H%qP)pj91$6yW*N#6p_a%*cQR*xhqNV%LIWxg@u3N zcveZ^21^9@pUHw@Bt#k z8M7h6WT?C=?tm7SY+Y*Ha9Na&ZF9{#V4Y(v0yunO2_S9tw*BS8V&DSD`<^yflB>%c z&d=1LB43(395P7TBuwMNJI;CZ8+|tAVl6xbLcRa-!N2d>=Q? z8?xZm@!&Vm=CWoJ?U`zJOtID%l9|TgCa0!9X`|}dKM=*IBCZtui|`ug2b_Eu&_U(;E{- zaK=36zw$24brFyt`;Vj_Zuy@(?IGLpQzV za{e^?Pby0E6<3?@#3@2#v^+waGe&ZF%g+lVqERq$1i+%+BbxZBU}*L=bUr#VKH)#r zC=C4?&48n)a-EFXi9;Zb-aSH$=>VySVeyS{YmCDo^tIe|RulD9UTtXN8Z1`2_|lvH z_|!zvl;OzZFH8Bdf+Ymrj5XA^oeV9I8`+T1lNZx15`6WS9=BIhZN9Nr2$3~_JT;a; z7-c2xYklY@QQ;fO?_mQpImBq->;t03Ias12;eYmEWisIkp) zWn)-KKBqBb->-!Jd`tc-K3RT}yw1k9(zi%*v(xIDbC{O&eKXG;vD;hx7VOrtEWXwF z1v3<|hi1bs9@oC-=>VDyQCb`C25)Apy*mmIVqExA#}U+M>J$thW`#y2?Jb2{0TySq zM+$l@KUB?IAV!L6_zY>n?mvv%?qgiSfp=a9cN@&vWn?L6GEH2$@`cNW8 zn=%OH;OLMmmda``M#NHP7$?HTGD^gos)Wj5r?hSgJ;(i(JOJeCG>W41Mpq=G5h;rN zd)LF+1WLrx@bU@%rZF?`G3Z&9wc(B5DpK9*Y(isa^Or=%V6>*<-)UH2jMqt>7mf|~ zYbW!6*+g_Y&|lR5TCafiAUm(u7-H#hVNp(SDbllY>!y%lULP`d)SplwP?S5(VZ?_L z&VM)uc=Q%%!doIF2OF9yj<7%ETpTY)=}42%Dig~Io?JyOo-u`OG=kg={I9?B?>{n< zw`1Vwt{1Jks(z1Ft4%3>E^Jy^SB3eS2a#y+Ugkt|{9+{kJ=OQ!byYhvj*XB|#;s3& z6#El3onkB`L_bTJXjqs*&67l@0|wEMD{D}l zol0fFrpzU_UgZ}`dMuN!ssbmx(_>2$E7)hHF_vZgwa$&6Hm~#Okyy9`pL16j%>K00 zE_K|kh->cdR%2n5*=5hUXx%5YD1L!2yPYao*0`^y$rgA&)*kM3w$(;%srfD%-24ZM zXdh+^Y%bJ|*>Aa_Za%O;>$WALoQAwZ`dX0QI6G|oO?Jsj4W-u)E1Sah*x2U(GE%n( zL%PChXty%A&82fp9A1c`+9oBXySuwVIz&oI>5}g5 zxaschkPzwaM!LH}N|2N|bi7A@&tKn9E?M_lXZGxw*>lZYv-f{>o#6n*sgR%m9%HO} zhDagSb8mDxUM&C2P;pa8)qO`y-d~9t!9zOqR9N+Y5p6D0E8tTkgcZ%_Y67i)^ zVqe+5?uw&Ne|2?*DG>dJrbmP|_G2E_P@k{Yj7Z>fG$*|TFjN}wZkC=66DBF zl{89TppznVD&>)Zu$k!TL0}p@&XtaqB< z$5QPspeQJOA)4ch&4TV$(B6_^O=eZyx~lQ%oka<7+0@uU-Qz+%ETz_6KuH1!FmJHe z$8K$%NyjiZts9ffY(w?ZJ)ewUKF^_ykcuP;)r=gL9G=m-@R5wPhWwDjFo~GeOU6z` zofx-Ftoi^u7G1u%EoatIp=GVKCQ4V>!boj~w8K3EUOrA;Ei}0w3Ie3_5PaT_eL`Ui zFS><*KL@2A6Niv2l?>j%v@-CbACt8e90Wn|cl~t|>JY>z7^1O;aFws<$5D2qH_r?3 zUBBBR45EzPMi7t5zZ|VzAeR*eDa=LJGr0we zu@^LxewmgA8MVk?fTEy1Mz9kU#!n?VMo#&OC5hE!ivfKf$jN~$(V4s|pu;G}R#J5J z7X6fk#{RcL@Pv03k=7?h@q?Xx0?+i5_v67EUoOm@HRi2PS@@gL4zr-V1e4xVM8V0U z<|+vvmlEf9GxVd6eWyJRnRbg4#c<5rhU zj5#_lIJ=#e*KukJinKC))IMlCFLn>g?mX0xdZ~-~f!hCtBjKnxG4Jg%-=WgU+4zEs z&<~nb#yhFCs=X~gDIRj-AMI2CrB}N%9@u|BEez2(_mJl!q2TM*RIuFnS1C>ZkqYTB- zg*5JB{08d-T$#@as#vyJ;bb9=c{#|iSE`XFr4ekG@o6-3wSQxXNO7Cxvc2NT7(4qo zc#k~)+oRbvW{Xev3+XSn0}J)Lv>PLndn$Oye6g$I71_w8-l;xsker0!TLC6`nY9udiJU&lL!8Y$JGk&& z-J>6Vx%>fW*oLR?T|N1Fl@ibeh|6>#6Zd^oOj@mfX$%FmK<^ul^GgT2aOo|Cftw!e z+8PB*gE)1;AbwMXBc{9JA0M*hgGj~3bFI_!xd96Cy0E{-($`w18HGo`a$9YR%xNg} zCuAU4ou(ioS-t03Mm@6eSh4Ba0s&jNOl_lX5Raca#`C37xqkX8@q~rw#1{-ZbJCL$ z_Mvr7`Wiezttpx8fQg-Pkc(4ApHUgW{YwG~D}NCiQm z|8?b1Uv+;x2j#Zu{7LM}LJ8o%t+`)g#>csjN_NYx%mt>pAE%e?7L!*_;(rSB>4)N<{!mBkugpW0K@{0|ZYtBD#PFb^8g zDb}UNScwY$U|EIR5SynX^*Ix_jT~~E{t9K@Vv)pilp^+5yUOQ6tvJ%TR>Av_{^lBk z1JPv0%Qa`X(Ds{X=JJi3r^Eg`a}RAUy^RoXe66l=TwJM7Mudl54Q`)4cq?|gks*!G8|C#EiQlYB?FZ+yMAjnTIJ4Re7b zRosg=R|~JMF5e{MxvNF^;nor&yixvZP zQdcKX-)pYs%niTeJxT3%cl4s^%1f4P@+~49;#K)b5N9-|xkQMX1Dh1$4>;^AyvhBi zlJ_-3b!*r?RLD}wSov{ZNr$OMx4pv^(BV%A|N8uXaOE{~Ysz&r=hy|5x<|rJa8JK9 zx*p#39gf~DUlvZt*WJQP8!EyEoenS5`l(%4b@5x%LSd>|>f@xJgcyfG{ia0o<6!!`JYxOTV>67C^Fj;*pg56>o7bURRn`doTT|NXWJT5o3< z+OA))X+f8B>0x z{;VQ`;?Rk=R!p>obXqxvYkKYf3ySmp2JYa|hGajqmS3?5*lnA4u%a`nV^&EOi#Tge z94_?sYSC?3wR5}ZEQ;Zj%Yfc^;&+4KS?*co)M}ZINgc#yjrRr{Hot5>!ZhF02$ur09TuaR3v>*E2b#X2*oq_^8hinL=o?qW@}%u)5R+ zfHN~SnOSoMT7+VcD0i-t%9n~2DhIc|*W`t48aVGrRPB2Q0xi&5wHWDgmd&46CSFe< zT5|Ptl`4!~ko6_4aup%HA~tV4yRTm-1yOCkb&C1QiOADxR#<$P$bgo-b+>nQ`>B3} zji8D{^0&<;v%)7EMr+;$DB-`YOzmy~iu?lQ6bSfxRH4UD_yf36*da{2Up0vHTSH?U!;U`=&3!@7;uZF})kr`V zhYXU8zs$+=JBRu&UeWuZ(JiDUL*e;$fd{`8m@*-OC%!JR{k6VzLCZ4=lBxnpU9jGweH4$4BA1u; zi5?bq_#m;9<%4ida`dVtJL5*fbNqHWP-idb7AAz*^9%m2;Qn}aUTI))M#(Wm^BTV- zcz1c9LW$Z7;JY>)c!45Bc*|3x3kak*OVKe*jZ3S-$ztPUmcE<7^d>-$RhRnwCu154 zV&I@rjb|^2kVkA7109RGv#8#5;pAr3!pSDQW+Fg}<*#kT%j=lgR zmMSSwD`gL}TBrF$m)GXa5G02)f^&AI_P!R%*`gcn#D(1td0wK7EeAN(r!O;9sC^jcq_N4$Mi}|Mu%PXqTOaDwdtn138gy zvV9Jl!Hp9AT@#uN5q*t(s_plY_95&>0a~iq|4UbZV-1mCZ3%<7S_#qr{a12)CQsPW0!={RpVK$j{}5 z5cs8sq;K5$$^YcH=<-7dM&j@BI30WWKs$V+Nbz^<^>T5F6TF%5)RA<`wi>rmev)kD zw7@@WMPEzC99T@ibPQRBC(($Djs6~q_)yaXm$PQ)+IG{mDIijDeTdqkM@c@eao^#A zXY@gz5;@==x*u^S{|Z^}sb!U9#qwEE!@TNjfN{Sm0^?(71hzrdrgK?fFRUoivdTKE z-69W>yFNpNEn`V1*--AUn_!?W(W?YUuO*Nf2EK^g4K-}J+dZ2cTxS4tGsO>(jl|9H zI0Ynr4pTTe>0{+or9#H*M0`VXA`cX8Q6gZ8gp%=&LC7Zm8~^tcDks=FQzqg##~g>d zDg2mHbyVf!I)o0a{RrXrUy4`uUuku$6NaN<5gcVdSMe+Z*Tx!oyWx#=?un0AulEj` zjJ_gu3yxzzkwc4H4C!Kvz1m3*DUkqUsRYP;t|){e!!f$o$zy79W|efRIAIW112U(q zQm3zEhsR=-Nmnt+l0yC_qPfVevVFH&vJw+)a<2lDLy+-xsJM*nQ019Qas>9oMBCCnh&_L*7Ip&(6gLHj(`*^0QX0kD|Hc zWNEE)7#L?kGjW%ZQ8(vW5@1$Uq~=cc6u|=C54G9ky%bD=2ZPxlQaQJ!M*2YOo&5p}%R9n) zEOFlF;KkRAxm*0Qp-%i}uT8%qBDG<%EKskqba4IrXE9Gv&C5z}jq<8%u~)Fjf~+O+*lbQTI)(J{$>C|vFXwvzIuGtB(*r9ROuk zYk3gkOCadUK$A&DeK&_xbdd4G5Z#p|GV^jirB|Hc2(~!HKRyzPxQsePrj8uMDE`HtM}ouZ z%%JjTZRcZCVey48Yit-K~pW&a)0)Caq+$|}{$zY@HHo!j=vIez3 zKcZ9mM;ezLKlz96XKR%z_?xUa(QG7llx<+?Z`oo^*rDc`%)ULMT~grWv=km@a)`E^ zkJm4}G(EpIIotJGi+2-0&}ca#YcXg~!2S)TKC+M{l_TUEE8tOEW$bIlOMd zKNUsJ3k*LhX6uY^W*F$DmAltXt4=H}ewgTJQJW0AWElKWei}=Y5<2eM(V?GSe_w~% zK&VMP2DzT7w>MJzMvK<+fu8tGOHqayK;K$$=uk6-GjA8X79t4;PM;xDxXp-PEs%P ziTF}@;qz^xH9Z2+R=}AKFJ8V42E(G$ld3T+*V8af<-3%7eT$Nm_zalNi@3LX2;}vD zDObRK`!x0n%_7DMI8oTZW2)bC-=WB7_5#M{jPCKbUYpi`{W&Y?M(db4BMe7Jup-r2 z@6U`dc*Pvj?b8Ei?V!%`}-_do}RxY|EwDQGV%Rj4c~-9xTZ64p=~mAaFv z)w+JpdlNI(-K3p3-&lnMJ(X;yl2%MQ?~?5bTR2Aa{!K~4`B+7eCxW3SR|)8lB&}P+ zyXltj`a5k>>smv+Rmi!l?w>HF>92T56Qs;*nADm-HVbYdZ872krME4Z0P*jBvXvrg*WtwkVD-Fu`G2ikRT z{>V2)`{!>8crDiPR6SIh_Y~Kko}5uHBny>jg2ByWUijH?Ldkarn2wr%y_fV}x5e6# zxrNCr?e$a7&fS!m{CU2JB-eu}yEH{M{(7`C_zlrOfUDspT2fD>XWrDS6|jHyT_G`1 z(?c?S7=LqVd7iiFS=D7UyVPcX`Vr297Q#OAq3A(NUT`w4vzp&kbjF}~GvFE_}eKFK1j2)(gO`at(@nkb9}ID;yO z8?Gv|3{zlV#qMkRvG>oPn4X~v^qakM-RZ)>6O$*sacrP>GTvZ*_A#mb^`4An3iZmy z0Vy${)JlH?Y@*^t3?j!6ejGgE z923Y1tU;(_Ap)+u{c?>jFts^nqaDLp?B%~8l39_282xO--G7xG&anZlE}e7@oOis0 z<8TClF5k3do>2L?xj-GG7O&bZ3ZCtGR-wwid7WPH>vP(tO0Y`^=!N_#G7)m-{XRt4 z`}nUb1{>Ppao}sFB7;<^ELeiuq9Uf;B&JZ8(#fff!~P{2_^lk@uCzELC)h@j0|zh1 zy3;(%C|_>{kyA(--+pLnMu5hIL}M)*PgQPId3%Mk@HFq`%bdE32(1J8HI)wuIu=+g zh7+gPp_*8x*`$$*8-xC~xLZ_yb17X}q9$ANiw|`e?#>+>oSB33vYPiLzm&y;Q#lyg z$%fm97%AfSx0GS>V>}T~nr0=Xq<$AK$!MMF^Lzib{AxDTwu%;&w;V#2HGmMr*ho;M ztZA)V35#oVF@z(I06_2e&`!_iWIhW~h5_-`%gL}D^ON9&0>{GO=(*zWqcz$^JSG*x zu{|k%XTDSmvQ-d$hysU$!5jUdlQ7r=xmJ*B0fC?7uV==BDv4M-Qi#BXfPs6?U3Z;w z{Uxc)4(Wre?D_R{v%7WK4ZB7-a~8NSma&J;i@-~Hq>eDFl?e5&OV*ojSU&CTD1W?8 zk!IJ0p1ev9-$OTniMA6NaceI)=d-jgi*d>xMK}iQYm<~OEZ0lmum0|aNK)HH>y_4p z063o?nT%U>$RA7lB;gU(ibAqxtSLJ&lD$&V^uaXyY4m!-qb~l4mUtZw*dOm$Q7kft z6RAbGBibjr8zN!NllTohxhD`Hb)z+Rve2hsOW)B3s|rk9!n_}bjyF}J+5R@p*`lfx zGiYJx11|-Z!@^%>j@kk} zs0QmR?moq@S?~*HM-kzvqZA3sEi62Vv{--ju*A>YoEY;N<+&M=xjF=2%V4mp;*dvc zaPxd;xJUrdo@m-D*%!7#!Z|q}&;d4dY@4h>t{xUWl{s!^)03X>CA;w7u-rTR-urN0 zqKBnVDFwZy%(07#&hk-2cONoi%rs0|QuJbxJ%Q#Pb|6^;4+^^eS z>C12r5||d`CbzOr12W^n&yCgG5AK+61+8jL@`sU`4&IQXBySr6-+JPuln%}4LPRMD zalh4^#>We3p@p{nhM2}X0nM-K-ttg}jn0}>lJ2GtZ5w~iJ(^Z7l>Km%s+m$sk#%c` zMj0QCv~B;tDGOg?ul1qM1hN?Jv9~;BpNuFT5)i!~ZNzx?mi)U$B{X5m1i3;5-9T!U zABu&m&$9m!MFUCkydP0 zNjt5-CE_oL9K9q9Q`-(70$qL98>k$jkyGF0h>cKXUZ<#^+^`zGrWkw4-faXEZ=F!l>Z2u3THH?O<<!t}86RX-q! zzoULL)n{8@;7)6}w%4`ohcpEd?obU2Cc3Z|N$8v33JTh}_$>~f`r^cm>UVm5>E=uc zn@q`}@T@Q<)b(&g@1Hc+CwD8gLcI^!hdH<+)k&Gf7p7o8=2PvLua}nSF9z z!d8>{de)p133XS~;OBXNgP{V##X;^g?$#ETX|b#}2ee2ER7!Mt3gYz|!h<`{G+f(d zL6UG=9nw&v{~KchKm~7(-`*r&Ih1el)F6i2+IrW46D3~GoaOL+JLE-}n1)|Cmb-nk zkH6w<_Bz206$Vr1+tYX+d^4dPE|oPAqLa46j>)rr?j6GOF_Ma)zTd?*?otP8oj}ck z45ePR*ge%<*s+mWop7cR9dumH?O;Q+7Q|JxzGQo_#RAoTX1PR43v5;OWe|RwYzE<^ z6gOv1^dUJEpFk--lA7w#8>`0NJ*|`2(2MwTT1?N3PS+Sz&+zAJUEIB+i^ANKnG*Bw z&W$&u^E<9DbDgF%aKF?A?{M3=I^Fn%67aOA zC!zo%IgI9@%ARs6f4KvKvHTvz1vjwbtlHaWU%ftnN8VcAN8jd#umL7m%GVQc}wc?do|%w(hRry zDwmA32I9%F!H#wteT&VPi=t=hXSe2E^)dh|Bk}1*Nay{|Cs4kEejRDdy)f~cS7b;J zKl(ROG8i@v^aG!BahoP0-HOph56e8;-ni&>Y7=)pp5#S*klmagN7wVYyU2~v8xkJz zNuSUJCUz{HW*p~rDPlTd-HgidRN;&qysW*wYKCMr($D}) z*0;Z$jo6Up2lM6x`vmSWVS?uKwSp~<1}eblR=Tg+F?igm`kQ=|=~_p2+$b;o@t&=>)g0Wfja9CiJ!+HI{YUN4$$fR~hxOpa9t&Von}1gm zFhp3It*c+8A75f`8Mn;BSl{;2e z$6{UkVi~Zht$bEt!dB}RdGis_Bra)4d`@RtIMcCXG8E|_WM!7Lx=bMWW&lDDd~i?JL?uX|McX{ zlgzq+oKNT+n6ZtEXa*WQylkKaWx};w<`X<`n*c&lMBCY~Jv>fFD3fMXi^e>%cuBR9 zChZTb=SH7T*xQJIeQY7|i51|vQZN3QLVP*k%$%(bg3obr%e^to+3WMX$+NKMIK4Ph zDL2!Rd{gLJv|70q)HoZvDKIB+Ibi$FZ9frY_iP=r{0u*_xzduYo7YLdIi=MpWE1nU z`~)13j>(nnjq_{rFwfhSu{UUsKddgzojsi#cM!W}Hs$tD@={Jz7G9#8b)DJ0oljjx zHV2T$z5E>~yIwn~l=6VgVmt4x3WsjsZq+JKJO^s{D;9Y-Hzo&KP9vKpB)c}3EO z7JZ+^`5RkQSC@Vqoo=Q%THhR1zZQ9M@c}NiPP}gjYxR5Xs-`a(((b>+c=B}xOB*_c zn~^RO&Uk+f7T8@kc-YFMv-&8w-(|YA<3eN7`u3^pq`nWoJawJCVwJB7dw`sP;p?0phI%fzgLR;Bu6iph%orSSx(lXnN#IMSs-1$+|ZT2 zKYBk!IkkwjW@qvNn6hFRm|OLP4bDoMvltp=#ySz~PE>tSS%70qrd7lx`n+U;V|dni z*!FNq&v{h)(Kwi?_18D*=eE2;%mU0*``?*^uIpB~+-p-IV-t+j+IOb4zc9&7&?CAh zo#Kl}u%$4hl#W9kNIuOV0D=zxWUBF7RnT#)N^bs!|3kx%c(NLTH^&I_dZ4;zQuDTY zZc?_P3>K}rLSucuDl%J>w-QBxzXos-Cd#UE>M#yO_;e&Fc%~N^R2t%|COu^0c&NKl z>u9d)UVabt^2sc~DRwg5uZ^IbqXeHX;T8C~U}n<-NB|3*;P4Re4O%~xI>d#RqRFKF z92QNpBnb1-pM-B8OV-QkXXn7T4@ai?3+_HZuOrjkXyMC)anq}`b7Ql_qx0>_QlGtGLoxW30r_Rs2Fw6Ilan&>!*-KTSX=iOaD%pQfz-w!Y z`C)41Y#o~UukXz;!q3D~Q9p!pIqJsK+9oLMVqj3jb<-$kEB?*H4BS+**Q|;Jz` zbfC`PXZY6b@%9qVN3#Vc+<8D5`=?sQj;&Wy86Gq@B>3v_EqrJ!$idWWd}swo)Kp0V zXlk4rAAPTUkxt1L{5L#T;g1ZdLsjB6v8ez7^gH0E;AJQgBHNFZ6qq9HStNTS3lcQ{(++i{zGjJMgeGP$jH1O zYvdzTyL_I{|M=*;aDCR`QsFh{g024@7JY^wx zvh7ybVkCB?8K{6@h``f+__g*`uh3}|7yIW9C&z#2$(e$(V4ysH0v^V&fi$EOYgF(& zzqkhFg6dMztRYtD9>JgNA9lK`6rJiw5sl+~+*xho$JkkWXRZAlL;6PjNNqk06~Xb; zw;B$*uQV+cSbaJ1*Y5y{Ja@;U-8u-zD+%g-|I@s+!oq~=BB*=IPWh`W^-cE~TzJ)nzaN@P2oqJyl%nj`JNx0OP^7~uI-p8O`XcP~ruXiX!)*v^Y z&E*s5(xDCFdd7FHKlb10N8SxCzNip`q#5sS??vXGn|+=%d%E;HJV9M2QTC?~{FL^K zQtSb|dPjd&KuGx?4DbC7!}B9JO7xlX{MhH-AxUQJdpe*}D;9*O0z-K55bi+>sDBHQ zoZ{+7`?_*RgZMOf{`mY!=y;rhl*nH-VmP5VTXp+bzvt`f%V{p+eLUFIDRxr5>oaZJ z*bsqaR1Li^ibhpl;lbU!c{-4~fyEx}I3E%EV@hQ2;Fls`S5wpEb1c&ao#9>p`Q z`%#Q@y{imM@JHwQ`_@t-1RNJ zd&wK`{chiWSO`=sRNkXFf0`@v45rLiFhBq6M!x254elEa_3l}Q6!q!x5)zs0eWBN6 z+$01mW9INSA3~2Dzb^jFq;y7G>BD%ePE^#RRT&gf<+iEPid)NoZM#$E&{LCa=gL#oY&W5zn1TS=;_lJ(8i|m$RjZP6gk(s@pXp z#chR=DI~o^N{{G`1^>qn5iTD>-1Q%Vr_W<-1A9c<4l*WIcNCE8r7VLPmN?zLp!oDYdqk(_5uoqaDGehA0Sl2(gnmoK@LqHy z&>k`W;9ubR(Xq`Jl(AyJPp$ zg%|lq?1ek;9M11guFuao3*oz-OJeR5)$hvGeB^(LJa^F{`@C%G@h@3Gl0)pWBpU+} z=TM@5_CGxU4Z<@BV#)}{uVLte-!Ewx4*EQ&1Psi*evkQEEJH+bh=1Iy^v{eCSC!Nd zyU3XGJ<&vCSW)CT^dVsoGQ|eSYw5+oYH2q!P)8XgiV4jtPH~|Z74J5KEji+M0!U-y zt{plP@`d$Q{=^8tsswXJ82m?%sQRjuv*hu}K;%Yrq;!PYuI9s_h#-OgpZ1==k$mm3 zm~ib760W%a76rv+0FCreg38ypg!5I2qKMo>a^~vCD|KQ7aRs3cf+Yi+qzRFB+(lgY zyY_Q&;XkX~$w0dRTX`iuxqeFjIgA#7+c(?=pQ1@q$RKXmimTr7A-f>D1Krg9emZoTulm%Z8adT`5Fzv}wP7oj$3Ut)0knt5VJ#!0+*iDh7) zBx{ft*e52~e0JX=Ih?HTw?2>lM5;Z8v$?<2M56xHU72dM8&eFOmLf7y=jF@${=}ij zHQJ#6FGhB@^$NXc^$Jb=`gQxm**kFOp|{rOxI%m<6F;oqt;5XhJ}r}pdMUrkM%kY03ET)43nQ zp1t2*sqgJ7T($c`G5GU^j%0s5*xe;xy%Q$C|K}rPQ`k>;ix^K1A)%aL#$iF06+cvd z2omFMO-|liH}d0Go50ctCs(?cDbDA?c~ek{(X%yUr65AkTfnl~U;SD{nj&lJ*5Pyu zU084Xzs(84#1P4iyS>Z$#`>OQy#%GI2o=eOtTCi`?sL74h5hG-Hs*`jI3 zM2k$nQr{I~Mu_}PW=VhQ_U8i3{iJ5@?uAYyD6v;aNEbCZcnDc<1wHjoa-bt8En>$sDZHx%M~YKLg< zVA48~Y~s85#19AMzI3YoLdX9-(vyP_#_{!dO>}|=NggV-HT9g0%26WJ<&SlXu2qt` zqgluu81bz^U4#jQojspF!a72cpIst&tIW-hmaIDadZVH{{Py|bKO8%|eLnVZ!_VUKo54YM=)7jI0mEweU zBZeGt*0!xg3qvBT$=MKvEm-fvT83V~slKz-4BBY)Sf53U&d-+7A7S#0BRdHKtgWlu z?aZ#0#Nljk`GLEY$q9lFJ4JDSTJ#BU&EKaG;pGlu4lD{h?GK+AknoJL9qllmnIR7mB`z%~egX$Lsz{EWI zi5feh$~`40EF22^SxI9KIZ4`m1j7hFG_`-4Dn5u{2($`k04pjz;L;vV#eSn&p8ccJ z@N1Ya3dEQ1KU_BGiD%hp%xM$f!)mye^PKb=Ik?^6Tr-SS!l+8pC96jB)20%#DX~LQ zsY#snJAg{E2+@pykD1h8K*QV$oC|ZR;#LEc%Qn`^Bq^%+bB?(p6~5HrC?( zAfY+^!QR}sPmU9bTOxYV|FPw6F)hdZ6pdbG5jgz}(X12{l2i1D-<3qbrwI?6?M6bJ zjNFFdCr5zirui!q>Psa7XLAZcBB!9>BU~B#*I)bXhJ8Re26$*K8;BPDRTh0sUPby~ zpXVST5PLB>zw@(3FoUnYNLipCC-cDWl&Tii<5Z4yhP9*%FG}6$KQ`gdAaLdYhNC6y zNOlRqN+c0{D*5mUQ`nBR@~P~y@5E*hikC>uboEE?EFMvcAdv6N?+ zVZ{PI)xNJLR^&&js6VVZ(P|X&zZGLeFJ1K1MtCv_HjTWG4pp(msM~5N(y1uxc-6oz z&fEgMT%_lCz~8T6bV*HAd|FQ(%nnQ5yIUD+9C0r2`=+-@&GdjN!&gBloCeNmw()KG z&Q9#%64X%1EK(TF%DWzVK@Nw5N+C%W$nXI1KSh~ERHA?tg_6km=-|@z<<|eQjPpTi zXlsTex*Vw+C0B&vTX(W?(7f03=IxF?!2Kq4W^G57QBwi(N*_*$da9g(*V0R%JU0XS z{Wwmp2uT*9(ApjBhRqKok*+7VeE>EwoH9$fr-jv)*zJ?vt<>q(QZ3Kdn%k}#DX9GJ z-AbgY6@sW#127Gd5Lw~&5&of+QE0U`?KznA*me!q&58XW8P>zGF5{Sni4WL z)teDog1SO_0oFOV7x{QLLC?4QJr$R884bQD?>&!*?I?1>>$u2EE46{tT}J32@YM=@Qu++RQy!SrKBK6ZH!3g`NY1_Q?d-j64Co*Y-GCMXIw_E>Gc;#cXA z`IE+71eP+KdY}JT;ZZ_JocXIDNlpW*49%QYj$cSZ+H_P`o)f|HWKV)QlB0ZXm+}-} zOCZUo|HWdl^<;D4)nbCVV@OM$X-J*eIKAX@9!c52?kn+9`duI!JGP2If{XRgo;M-% z;(9YEad^<$ETZpd`EtudJ8A$c+%7@PfE^|>V{`MsWAL;DS3oU7rY=g1&M(fOR-Z}= zaz`!gKmHL!elIw0 z1V6foB#?=8qUs=vqq(ezj*^JA0!*UjSz3yYSgDUzvm6^>*iSR@M1M6Sm!F;-K*g5+ zK@w*_=Us##sE;nH1L1Q4A_D0D3yaB>_Z;mh_W(F9`l<0Px_@k`C+0T$o~4$Sbeik# zwZ0rW#~2EAJ)}Bq<*sJxo@`_8hnUfR=}9?mFD)S!{R7buUi|IwogBwEcYJCviUrTG z!sOQ@BNUko(KDxxl0^l`%SX)Nijn!m)1=c<==V#ZD~K;j%W8)N&HQ5ya{`j;7GM=x z4C9k@qh(nMO6aW2WN`kn4ly`(!QZA861k;{MeT+G)2p|vW*;an2ZTfS=gQ(qJ zQ&~l+>;D-W<+4J98jnLW4~Y_;jSb++mXtNF{YBoQ6Tx)l6h9d37%3^6PCi^fPCoU| z`pc)W%|jLe46yZsy5`vdzpP&zu@Lzv6CybREGJRpt)h*SdvAH+FhhTYsD@+jt6h$H zd=skx6^VCr`)*FXZz>C%WvDCj#nT5V50=t;ZMsztqD5WaLR#?Y)rJ3_nVEhR9TJcb zU%=<6onUkABjfI<$opa&-yLJBW$ruVEuy0LLl&@J7aJ1zN8Ax{Hp$* z8@%i*I%&|vtrmK3`(4q}4_^QA;uV8|FE=ssi{Fp7SXs65>2XLYKEEj=M?DN8Ht?DB z=ZA?z;dvy)tMNGk#>r3<=pqs0jip!uWYQ4RS&h&clHV=n7Rm%*4I?4+0RMvRzF(yQ zXM2hP_*6=QX2G#_#BoQ#qgW%VF8w}YieemOU8YWGW)YkQJx&Hck06^gw)@0Yr@pDVR4L5 z8wV9y;Nc{a4FU@oL7xBY;Zjmv2y6~QU~?G3#4V%aM-u!X*c3q1iy4)E){Tie<@xaB znK=y78Gg*)Xz5P#kJEJAz!+oGGyQMjW1?6i$OzL$Lt!MBWXv-#87H^Fj8L0M!AX_0 z0Zhtb?BNMho;83C(`vdun$TzP%c8&UJe@?=oi=i3o~AT&r{lDLJ|DBU2(<=BaO@uB zM|`NeybiYr&)M(Ix@8^Hd_;5T#>&-;@bf3~2u~baeOVr*wR`WM$#`$(S&Wxmn@$D5 zjA9#iHZ3yM`0^b-=BP!<-^YhF7c*Mza9o^1NR)N$kQ%`k-(oZPmK-*~_+I~O8OPSw zwbw}r@rdzR)8KFZ(F(b zQyTeja?jESU`l>pMMSJU?%Q{$c*;I!$2wk45}kfh``A{=+c2GoOs9M2YKw)@{f4LU zHvJ~UAm|)J=1QFdY~4|!C3N7+3gM$7luf^WrKQfxOM*w_g(e3{-qy(UX#K!XAx6hw z_!llG;dQZ1hUPyKb;GC4oG|;ZpOcQW0Z?bnhCz@GTYM^KJjAYSA%_Bsc!p#|?8i>O z2VoSdPGoWKTwFAgIq~`Q*hT{yw~fD$Pja^3rQd{vJ)M`nySiZm%Tn_Jp4MuN;33K$ zW5r!ejZO&$lCA_(QPC?ruI9~GuN$)8AN=()y<=(JE#q(D_qR)c2(JUl1D)$2z(xE3 zO~f0`7Df+w1i=(!!0?RkJ82rA_f}0!S4+fb6f2nUsUX!e;@7-H{qP#?)3u@slJn-R zb*tT)`M$nue`3)FI>YFCre&SJYLQln?9fk;wq_uU*S*}yihfjq{l{s(vT=bn&`;l@ zCzeEnE^i-;aXoRSOSug{W zi!$O}90a?OujEWdqi_a2(ofS11WzKDH#qy%=I!#BPr4rnt(ii> zv-CtCjd)Pr3^Eb@fXh$4ZwaG}vv}*vWQ^BJfqE&E7Z46)hP;FFkR0Ors~q7_7n2Nh z%5Q|dhG`|I|80{!-WlJhVYxZSrpQSQjofIEu^O(3h=qWMYO!u}kj<-c8hE$Y7(H46 zT`aoEN4KH$kq*0}aWVxhbYD-CFLx4EN~o(1xdZ#Gp?bL0;oD6z(lSj$rPEl|9)MaC zGm7b!-N3sz0hxwQ`gJ$1mh-pYm9X!=wwDq^XfdCa(M*X?u3aHHu1hUm$egf4wTVg- zL@&mF7C8dn0aVN;E=|C$HQh)#CX#l62Yk;-Kek?YN(*ul;1?rR($Hsr)RC zT7H3S-1(v=eArXmw9fqals^SjL;%-9C#m&Qs6(@2eS0x$N~@mppQ}))*J8@e_NA+v zwKlx1e!}fbDOKJ@f|(M^m8dJ>JI{rBmW=l*&vJW%E5jpgt9C@KHX=igO~BsS0Tm;S zVZ4_(bEG1x&dxh3sqYcJNVJK9sM}1UjkOfwKL04V;az2&(Rcv!9@_SxbG#kGamFK(S z5p&Q+q~tZeeLARAlqH~G=!PtkvS>nC$qwWpEY2>4Ae03%y}A?jOCXT%-GAok-hH_) zfq3a!F?+yL!*G z&&U^^&f>n*D5Ti5bV>%}RL+^({c25^>mk_hhA z8Kr6E6TKUN8ht>>OD_9~D~E?P_KOtk{_nM5pa|NW_KXRXGq!OkS?StjEhInpfX;m8 zpBkkbF`*OgiFrkue&X6~(49}Y=sB|$JRM?Exn{W2*lNEXFDhrWQSM;lQL{4W2(Vx= z9F)ka#|8`pF?s{<<|mz}3BsLB0#BBN+Q~tnY(N0s?Vd9i`-jJ+P6!A6{0X$cVjNcl z-xdOvdVpX^z(rU}7!tc%Ub50kMWE|`-gt<`7lx&`jQb?zhx`n95;=MT=IYO1g&3Cl zDk@l3k)2A6NQpekI;_r0U#AK6yqJ!HUf2Pb>&aq&9g89!vAv%GRyTyy)+@un)Yr?w z_kdC$`+Ua753*@O*BNFWKEIq4y^b2Yen6HN9d?`WR)h=bY{0^mRXSkrbzD~s=cj;I zqh#3n)1qL$7J56&%V6w9aTMTeIQF=d(HtsI2#|Ep6I10Sr!M2{-Kid-XV%Q2(1mb> z^CK!+7ch52S+P!YElsh3@Hj1#_X^P(0Q@>rQC5-x%UG>zRwAWdk^#NZij4W$+GR#f z@aw%?-jhTL#INs6Un8Os->isK&hGP)v_wCf^9tG2-#d{tIiU(X#Hs>c7)BPn*JEKq zRlhtXb=DF&bu``+no~^5#mOiuYrQie{5T@YBnkPIiQmv;>~mN#SKp_x7U<70Gk`5| z{TnzN9{D%(l01?^H`oP25}1bF+j4LxBO(pbn0L6R*W(_yZ%%6Bk4%w*Uvh^UmA4sC zcye0rKa~!1Hn;HPu02XoHkIMFv1m4MAJyZE77PTqomHZku3Hr`f9P6&5X#~H*`n0vdwSEI z%=+^*m-#e!V6v1+78bsrktDuTlQd62>a8n}LHa1EOc6J;2FW4)&+AVu35|0;z@?L- zI@FdC17uE{b2+*`G(+t|H z4&M`e&+H?d)Sq+09k+@XvuGBO(>e@0wv31PRfEBi+#Lq&r~O)XLE^}4-#@#_Z+8jPQO{a@X?W_oc}*&+pGRu9KpnmUC5x62^I?)5S8=)Ov- z1&FEPf(>QTPOv0m#z0Ri-+d0l7cXDg8Au{g9ycM)Za~IqZRXtVL%S~grf7GBDE<1N|DuyMwZ8k_{bPnX@aFjbQg=kM4OZZb za{7)5M44;-)gVsihs3_4)#qHr#FNc+x}T*%0o})P^-Si!f$FnaUVeV+E+5N_ZnbFx zBt1~|%k(*jW6)ERht?k~=9Tp)p+q1KLOZEdf_cA8ju&LNv^Yao8jxd%TKYje0k@gPjltvy%(9HKNl%^SfkBz^rG4`#xEaxt7drYfM_ARkD#;76MG| zzx8XoouL;qp{72U|G__`m2`W?_N)H1#)(0~whBM}60}iap(`2KAi zDRNBXSP}8gbL?}-?}@}x&^okokcAq8pmtbN88Z9%TfK(0<2&J3JC9|K(&wqwEr!Ri z-Yu`l&PS$O6INBZ^B^OF3VuSIXJfpfZb!rONPxWXY1D2x?7amU&4&u9bjOFB&V)jY z)3I^t*m*v=`2=ICZ;(*`5}ieC4*1U0nD?esXL+(QbgSTglh?**`%3q#RDZ6DA>1(?H#n-U!eG^O@8{a9 ziU1?mblt0Zp!6{Cp`3Uq`!p;BvN+O(o-QNL+9sJrO|SLC;Irtd_5e7#hu{Wjjjp@qb@ z-}QSsyXWMOO1f3|+GumEkN>&md6C|8&Z<{v3`}&s>|fXHsS=WHZ5H~e5{6C2j1bQ9 zA^Us#Vuz~7JaxGgZW5m{X-z$>)q_5lPyw~s#gcG`%Z&Lz<2=7jkVNE3?(F-4eZ7C2 z$`_wUf*;gNz{UVyr-5LdgMTH61-5o9nhi5);=-8=?J{ev5n;SQ{#zi$8K z8talhNy@ndR~LPp05eo3Zj7XAe!e@{5>;TrxcJi9j8 z+RFj-1+@HWZ*X>xbPZF99l=QbLxt*TG5!v;j6DpnD$42B)}A98p|LKkHPLbgm?L-< zL4Rt7g2mC5VZ0_@FSMD+e^OOVA|tZ`)O3$SZ4Jm#4<-j8XE+f zK%(4&vK#+#^qJ0>#*(o-Xd};ulh~&%1p^$ki zF{N*zPX~``DRDODUWC*g*Vh(r`gza>cY4^XA0F*iLZw z!kwZM4!20ae0{n6L)cvZShI2%G=X%Oc+0q`D`)eK0M44`#)bdKSZA583r6kB?B+xvN*b^=ca8(CiZK zchP*HP`f+`GhF+};yU=;Wa35+Nk6E&{ zyyYJ|V0BvFpsE_Gp44X^Lhq&J;OJl&46N_Bg) z#Hv(Lw#`RXM^zRMKP4W*;r`DFW+*ztYCYR1OJ)|CQgU19LGYoPjj2 zz+Q&5OVWPu7?-*9b$SBPjmy$1#4V`wW=8D@doknn3dWX?HR*j`@kdQL+GzdBWXi zMHY~gkmh(L3H?X(gzq#Jrdn#sQE5ELI8^@?D%YU3&lAo(hz+j2pOya#)f+S+!oWSV z-%N?NM}Hr;wH*c5$&wu52|}CDBY3jZ*SWt3@*hB`C(rvQ6+voh@qm9|G;x8Xq%~1x z;eIX+pK=9mBdaMX5p;EIH#AIUkWGOr1l_+l%4ZB3ygK0T>aYK3;ip94B8E+z_=zbF zxi!tECU`@+!p5k=b}6JCUFer!txq&m_k{z7679BfLIDt%VtbRtZwI%)&o!*Lua)0? z5<4`T2NVrr(ZVt1()UOD^<&pS-hU0AiVAf3a^}OcVLHd9L_*bkekm{7lDb*dM^fJ8 zo7@#WIte3+U*S!FGv|yK+URO1B?}YUcyB1xkT6TjNS&vK_bu@*Qwdd_V!1S#?MOPX zj0h$a<6l6Bw=JR-H=(FE-}kSlPJp45ugbI9G&c@N_rbHZE;_<8MFrE)zU9p23wm}4 zA|1{=Kg`mSw?&%PpeJ-5|a-0qPKZQ*l2!*?XDDNG1ZnxjrCnZS=8VU73^vw*N zeuB|&&J0bt2qjujMD9Fiwi{_kuT>S=gHkV~U=S7@WF{xeCyjPaKGOWQFc*;WFT5`0 zoh&2)aH2`>3#3*cNS+~Kn8%7jl)2Dlw`=Pxx>a!m4P9K9G{})ow;Sq!Te;^pG~XS3 z>Ep;!zdlx!y=ZlvBE?!193^F3IA*s#JCTHP=bM9q_;R?mx4x6YRxTy^6g|e1m3xOG zT2KaVw-r_=)X?;<^1-~@G$Z@Y?b>L0u>#ryaH`b{EVE2B%6RUM+n8=Qy*9B&!b4CW zEmBBYJSabauD4vZE+K48-t*8I#ay4jk6t@%tjBQi=ObXd8zpyBQCIg@`I?|ztRL?` z)-ls=2jyHSH|_UZ##jb#-G~^`t}?;Bw_x1r`q=(hnDWA3l6W3EvzZ;eDGC7uTNX6} zuB#o$KX%>6=UVtv ze3{O*n-{oWSZHD-G8Nff12)fC6AT0Ldb->Fj}{CZx*_elSrluG z)GwYEE$Y=}%$Fr{6{3v@hqgwrby`1v6ezVDSBDAL3S+F8L?u~YzIX1KOLrUSK68VB zaBonJK-Vw3xo%p1zHId^;*D~Jt?s@loch_QUP0vva3bh;r^q`l1D_(BZy!$Gu91JG zZ6nn@(J6J^t?^Z&#s=URRNO5ZUi^V}a(8<`t!5amsXB8tjOlxnJHJLFNtqe_S?+7- z;w{3CWw|!TU;e1ld*uOp_JD-b^N!;Z6h@rBsDYyLkZhP{%8Gp(EE`#;@2Imso0#hj zQek9A<j!Jr10}5Gt{)aMH{ZpEt3q1r);Xw3Yx@BIS>4+5~b26UeS5C79v??<{(!imKU? zDXL8=Ek{~;+u7+EzXBLDe`Kq4sA8(xt)F0{poWfo&z}|A{ZuD-?tXUB)9F>P z*>C=^cFEetmeZxhYDVA5oRkOG$qHgf@A796I-l$<%t4-JEd}^$U!!Jg+`hzEj={kU(%<@bp{p!Y&MITW>+U7Z=+4(G>IuRuq?>Fvi&mq7%<6 zFT8%M;ax0xTc5cUc_eGwt~r5>Pqx#%y+0QqhhpoaMB4BZDC;R`kYxK!btn+(ac;@9m@kX|6_qeByv>+MN+4<|&d{ve@e0B}58m$<$EVab?BV47jtQb(R2 z{=Qd#?>{%Eg@8FvR|wL3UYXW_=pv%}sHnTq44#~Okv;PCONMQ$MQmAP#gMiy;HH=; z%45`up@EiCIaTDLf{h|EiTP^<1q0|ErU%L=Y&XNse;Fm(z9G-~6C8)rUQgg3oT8_^ zVJ>w&T!IT>*Y|E+{CZphcV7c(>1>iyDN+VnNd#*7t*HINgQnR)a4HZ!U3meoVYXP7%Ci}y6hum;&&){}ZSNW{P1r*U*n3WOC zM!9}^_;bnDN5PH?M+m}LKtTc=Rn1G#5y0@Id83RZX=W`xy@Eney7_OUHrI4g|YUe{ii{xk9SGSy-7vHxHJGK&MRa>MdEY?3EpEP^bl%vlk<+`&-R+OK620K z=OONH&<1`N5}Wy~fzGxJ2oxf)-)^p$7M3ToLj(_Z2Z7G|-y@ZIj$NJ=Z+5W_*jT>T zO=Y-?W!E{j4MvJg55SvC#ZU^<`s_WbRyT{us&C^0Ygx$I)6-s!vyq_2HT)bPU|WBO z-BlYZfLHR|bx!<=>(y=Qx0SXNP%y2WM{(Yp*T@$w8{Y)O_Q<>Jn%sLs~Qe%hwd}P$5R5SJ4 z3wp`#-hHb-qeYT;L;ldB5m*K;3D1b3vSIZX-FtNFC;!wqu5WT+im?rr{pnfkleN@Y zc$*7-OVUScMDnd&UI&0}((U1B{Q%0%2S#rndih#USy$-u`jnqCL2tf2&w|3G5A!o) z+U+lgO8+=y zb2;H>nM_3HkNU;)b47JaE*{eKIJ%M|_t+g@y<$9A7{YowgB{U0hr2%ZOHHp;PV}^b z$UkxitXmL0_B8n(O8Mt!e<&@CvBDk9{4Sjx*OqpqnwQY16V3y<%;K=ll7BVo64Obv6%skQIjHs`nP; zuG!hi&qVTnK&nOor$Pc{MeW(GF^bCxLUMwfkD-D8r(X$L}Y5j)+Ld1!dm+<7WUyldl1u2is4&VOBtRpZztb5s9 zt!mUL$iE(ZwmoVvm`aVBPe?v3l@{}b8-Be6o( zUq=mcAMqcDY3+GtkUW3Teb(5Xx!Y4|nSuI?9eQuZw=d2XL(9exs7#t8WAgO!F1;}G zI2*^B>55OGjP&&Q=i55kcm9ms&RKZ6-{A4QX$SZpCmDPoCFdhuL`cJzZabSk$BL^{ zp@=IaF2S3aT`tj68tF>J@3W0kCM-x0O56R51**(GHO-z#+hL3YZLTwad7yELn~>xS zv*|RB-jh(42xU5@%24IwNA?P06FlEhEApM1AjP{2G=D14aerXCONCJpz(bFSZ`R`f zUgOEKwSN|&zr{Tagr9R7%y|44u(ys;Es1#))GgcjZQGqR{%|?!K7)s4iRWA;%h4T( zFqs?Ks^VX>Z57&mJ)rc-d|R1f<;yDk`{#|g?3SES?Xup?_|J0I3Ad#bW_ob_D$2!U z{T0TQ5gcw5-}3%Z=D^=LH73b~Kzr2mdRXkhljVE7^Y_0Ry@#Nl5awZz+ve#+@(M@e zu1Z1PH_kQ>*^JVepqFhs^4uk;@#$mw9Bv=0FRR}|HiMeOu#sJOPqodPOkLnpx>F|0 z_hlEbX`>zRJAP-jGXEMzH}DQ&8pSp4VO8b<#UiUF_vQ&0AC3KG>}WK6oSOXF+q|s( zy~jV;#<$zrz2e2#sj%du!O0i68rRR~07Ien$mo0z(re1^Z6ga^m@vl`>z;k*y9zIN z_M{lAu7&uD0#rX(6&OkDSI<#wLB8E><|3lggV8?@L8Vn}4zV6zdWBpcU~TvL6g%G& z+(uEFX_gfLg@+Ujp5mSq@MPuMOVZi3e7iwM(ww(5UV-!fpJd}#Bzxvd%M@^D`9A6u zSQ6`1@+jOkt<~|ycN4|@4I%o;3eU;4_=Aknvdp{lW_5HUUMjcM%4V0+fvR^~+me>6 zAEVYbDh;ZqejR&rYhB8gnrtrphPtA3hc^P4eyzQIi9ty^B=kYqX)_?SyB7}j&_A() zyeU9m^PfyT5QkmWVo~AcjULFHp&f^vE|g+L)xey?@5J}=jNPNr=K5c(;mOnX>SmNi z`;%zqxf7rGIB(OI`F+hs&u|yNqN(G{T}OpVffG)EuVusgr)$Ri%BOlWKKnj^>BAQP z#@q_gP(xGa*)YTCY?=Pr)|Sm?IVOg*YQ{`l~SdNr2jTf_^tBFfmgQVl|yfSA>%HOvc{>LmY7*KTKZ@d z25!x_{6pPaBUm@i+uHo^cWZ#-|CW%@j(t~8{C2md5Xz;T=&7IKVXcT3nX(lTM{uh( zBcZmrBV;DP%u%c4h?TQI9LP4BQq*9J4zC<&H#zI6Iy{W&kTc5y zcIwT*!jhLfyoEwKT#q|TOmDss7u93?x+csVN=(W0`R%}*Vc3tb8_t59RYs6?9>#P6mi47l&w9W>5x-N_du}p6K}O;(m4dCrkj|>&YkbsK7W#_T za+L|E;F64;|9W8_-sV^LqbKHnY3|CmF~Qr!D&sTN|ML7N3X#>VHeOG3`wJuj9CO5W zh7k0pgtb3(4WC-n8FJudzNbYPJhCTNeWwX*>#=X%(Kj{OgR=lOkDPI23g#!T|52#x zcn*eh^Ab2Rp4}J~;#XTf1r>a;94Y5{F_n~*v|Fptx)G-`tv2Q6%!$Cm@8O!RcFPPm z=~-V_M2kNG-g!5h9(H=F&mEG%MzWW~P?k2bE+Vi~`%_(ioYcR`mh?Qmr|;NnGelh7 zgDl~C;eU@Z4p5k8Iwcf|OV5>-O5r;BuZqbPg2X_D;g>@$T8{s%n`!55aeLa=P5wrz z;L4djzMHjH(2-!NpMP76(@(r%SA%0lzaMo*+4Qm-|vU$gkPr=8^{1g;Xr`KKZqn0E?Upg5ee$ zp3BFdeIzY5wh{g&fto&LyUov2B?#C%s`xB)0Xu$fSGap; zej#+vqE4bSj6h`Q36EKpVk3Lr1NKqHwv4-8@q++=@IjM>>1zj#d>*)npqjTd{POu2 zF5u|QlX%=oBnk|5WB(0da!@?G6%_IBJ-q8d;G}GRB`unh(0CCWd8K*azSEc|>Jk+8 zKvhade3%D&c2eN{e+ph)HB@{w6sKgkad%BMfITgm%`*Ou-&$HUuN1ad{#D}3diGxA zxdrKE>WJnUrtO7R8c=2e5M2WM_9i}C3*jOsVCa((7Ac&r}9tIWVBq7 zyNTbZ89zvySVks)XO-cD^`qwmybCKB>B16)U({S;84BgbxvlO`mYHEgmxFU)ku5 zHVy)QARSpUmcS8Q`T$NxH@Lh((6>7vZcQD?EPZr(@heGxK@d~#%iCFY9Vlu{9%M=WIiM4VsB~xScds-7# z5vhamkUIZ9yq2Sxub*TH=+5#!*nY5OA5MJb4`ufFx`?1R>**PkMP{Q92y}Gs!UA1g)e4@~QAo`O=9X|8AO6Kq zZOn#T4k2r#h-&_BVsIeHO4?g3h3n6*hor$G)=G0MAFc4b9+E2n(z~^`_~Q8+Qc7WlAG8Y1 zbITx1)uK(kZVTNTA?#2-iHtWnu_*jbtZ|m$RZd});A>SEbEOIedPdqjAM!UAa%D;i z>4JJHHV`L;dNKV3V1>I}qLHsM+SnI|3hl-#$-=B3Ysyo6FH1Fq*dBk9{7qYprcX1x zuaUEW(x*>V1EvD?!oHcM1>V7Lg58Fg4cM&-L?AfW@| z83yXG`ILClz8cmyrHvP9?d1feQERkM^%1))SRlui@OA25*dX65@?D%7$?t?JWX{n} zjY!0HT zcC!fyI&mD40|MLuPkxre)VUgoS?(mniL+0>#a9|z>Poeb2R$$A6+)v?a8_qLm@r@K z#p@iXcx{nV6U-!sU*pU#n)0$w2C)5u9pp^bBZM2=0egz}DzsoYn#W)TJuWm$R};;W z5gHB`oO+qWsDwk=zs1slHu&FhUe`uy438p@59e;t z3zAKn&r=oZ0_a=ZMct$y1YaKG*RSE_?)3`5uc4& zOOi~jQbP)JtrS4ejw-Y+{R3RP;vh;b`XBw4FnN+bGt~s0`bK=5Lu^6gBQlIA;D*?a zO8j3&4j1yvW406t#foy?e@kc9lukTBEK5THf9Z6d+9ub)Q;}zCg(*ofiEwOzVL?%0 zDm}o0U`EhhG=%J&k6h_e2)*~PbmKVbjr!+%xx+I%84b?Sf$03PY~)Fe_ea`uVLcQ1 zZ$ywOKe8W{Rk4v;%YF#r#-4b-*xD5xM%5Pi8`jGzw<6*$;z}YmK9s*-gYe z0U-XGy*1r{z}!J6E*)SCH>wK}c(QTZfu0XeRVH3F-f{=7BsWjLE?}qF-Yu*ZxM%t3 zRk!P9*egNemoTXrcEanFg`#8iTr!V>15%@So92zRicZ_)FPmiCOP?#aI`=u=;Sg9= zoPulTkPPf(tsj~ZO>ONxUNqJZ9Q2?X5o!o~+Fh<Y%*YQTVqG{`|?zaLkb9j{x z>4%cDiLTJP$LQ+&s>OxnBzE+sN}2-T*(9CDeEIdaD>rq7D6w_?UNP#!o-f)P%oWRT z0RYQ@UChbnK$bC~cH}h1^dr8^N2nvzr3Y7;nYF! zt#Nq7IhN{7?%0C*L{Xxx+H7_|ui}F69kqfs8_tuPOXq{SH>(%frHI%Bb*M!pHF9SR zj<;Dh5@5Ox?tYhE>v$L*i&jMU^g5cuo&$wKNzDT|B56}xbW~z1g1qL%iOE_MlwS)9 z{cUC8DSglrz~dy`^kpAneb!fuPCP|4@eUpw@P{i$^!vD~DLik5MEpLh7*aR3GoCu8^*6znBdPHfY;G!4{*`8Fq!#VcOXgqKMaPUyOnNh70PXNT7 z46Jwwix_zQBWbL7F>{os3UUxuCVD(G>a8l3$f5mC1Nq!da5&r8nY(63u^7e294Ulg zHq2dO*I$>!O}EQ1;|UvMlY0d8SVi@Z2=5e39|`km8K&}T*c}X@bL2L>gak&g(mu4+ zsZlO>1W4GWBSH6zImyA|nem8XlmH>QvuX2Od+ds2BBYQkNCSb6V~I+KfwS7?AuM!1 z@-4%1_uxn^6R~OV9~*pl#1QqEk7V@vwq3&p?h0+K&vIc8OZlR{F6YZxj0`k-GVr+I z*3sutk~`tic#ZU@D{*0)r6zZdHRQ`}#09U!EDxdYHc{7z5)sV*x{!+cRR|1q=r?zp zi+(K}jO~VaR^_XDvFAQpFc=6)I~Tde&TVhBWW<8LXo3k+CQPv{cnQ6;GcfKJG%&hu zuUNY`woqr;pXI7IV(#;E55_s*5-tBE7B0wb{u*YnO`IL@Hk{LnBL)2(lYR zfmSl;GKm7og%-Z(Rt2KyKn;-4OjxFfZD^;jCo@SK=4zV7xcR^aHFk!8m><=k*I@K? z+Zc`SOp+_xa>Y`tM3kCkuwW)h_|Ui9R&UrBswq`;vEnOvC1*Wo8%PLkUo6cFT^Ao< zxrg1*qRo|VtLAG_<4%5|p?C5`IC~+!vTMaz)9kRuWZ3SDSoH>{>aA@R(R@ed8%4yER+OVSZG6wDPJrhae)V% zn3|Qz6i5Hp?Ym#&`u5rHT~5=q0}ie4d47t&)T#5p8*cEHl0s2kC`hIsJ<n}m|VvePpZtayC(NfaJPB$GaT3u8GiW35J5`_SyYSYkI;Vu3afE6K;Mpn z5vUe{{?t&nsr?fNH!}9GND@+1{-{d&Tk#j^3l)jVhu!hh&VC=~Gb~jcNUXojtfVz$ z2)aFexxkspcWr|>mU}4RvH8}M>w1Uvw&Wq@yN#mwJ~di_N~I-V(N=~3gA)#RxN5#) z&>oBuR*xLjJh%bR#2&a!zn#31atHDk&bVsr4|+Ziu-7i>`R<~NvThGJ&jLqXeRweCwte0?WcoX zgJv7`(Uv#FcD$(Ixk`X9un-_yg^09fqY-}a9!mh&{z<0ap==}XdZ=Yj> z_;+}zo8<}tYEnD-Y3D~mWs_Lj?qd<_b(!iF^UY4=I6E#Xu1J=wI@A&<3+3+4(gcbU zsIM&5a*t$@aNj@)aVptKMR9IP?NBSoQ&i}I4b(Nf0-^O?IyDxti(aoVwsA&AFRYqa z5=yc6zb^A!sOh?Dfa0qHi)7&qGkbqR=O5QKg~>Pcyw%a$@%kXNX&^vi z^pyFBjM6=(6ATaiw6teoNROP7i)=-+qLj+Ki7V`cg`1?LOt?v0CR2Wl;tft-nf+lZ z!iIhDP@!WHanq53OO}tb9@ZZD){>UN*|0r*m*k(Ju3>A34+sq$GG$1NBcyi8Mb|SU z^>gE}1@-JVnP{_71vqDta?F#}98W}9NMkK>OOFM|vwd@P06{ay&IL=hZCf3?Yg4-K zv!|hWfsObR)pBL{_ty8doPq{jkl)-J3{EPE_23f1Cv{(ZQ1Hd5Y6G0oaEN{7i^UCQ z)3kI$^UGO9fC2a~S7{_;$&pf^3OaTT4=cP5->a{LzVcLJ2Fm(ZRmZEp>ZxJEzhmmy zXhfOLyqDA2Is6RLNR(`|T=HiUq1auGmrdM5{F<7)9x+95WR@1mMZq^sS40V~peaF) zrmUZWroC%+nc4R}W{3hkpP9Pm&C#j2Wj73AXlYR)4e$>BiL{e=!M{5o;Axl5;2#(`So3l?ZFUiL_q+NZL*5}$nqn}ZXH zkz~iRn?*xu3kgHV9Q7+(g0w<@t#wf{3-wEiM4l9SdeQ=Ule-XA8cLk7*9+(@YGk_$ zQCXmB3OHP!)R&A1%6Z%+I$d+)igME-9+yEu2Mv&-n)zI$B4{}6L9&fDLLl+5E(B0} zf#NgGprk9>$=Kvo62QgAU!~^gZ*WB1{lQ!3g17G9MV#sE=oB@DGEsSS@yQ5m?2!B> z3w$i|SHy-vQBIL*i4Plr3ubWtouYZVlq>^udLJw5NWYISI?_-R)tW*nwwi@?JuIZX z4L*dU(M*nK!@@N}^|u`eH`fATvAFClqw(U!%Y{qic5?YmvS+Crv>Kzti4?28L9bn} zk~Uv-dqd>(w(uLukR0UA)_vZ1!4R0~<7Ez0!Ay*AkFona+jls;IP)`HjD>+LU`iKA zsdLXvsE1$ljiSLdb}D|wo^&3K+FPLEE+dSW`Xol7q_69&JC8JuIQEXEp(+)Gy+*j8 z#*6Jt>Tw$#*A-QX0fh?d>ZnShgxn)kh~EDW9EFyUp|Z2>=VQoVCrOKG>cfK~c`(Fv zOT5n2Da$S-6hF1jD(i;{ajBFmW#9uAkWa=}a{(mX0%}q@b?`*?cICZg53l1nBv{Dm zzszg`$pTr1OrpV7gl?X1>3HH)cQmQ%y*wqzTxP#sccBp8#q3EWP53e%bKN9M;aanx z6Isj4od|X8W(VB8q%Y~qmpe?f%XOP@tc+aA>A_7vC(_R^8bG&2?YKV%P(1K~D;XFkv~SEc3T%rwdosHo@zD>aUO8 zN7F48<{ooLf7sFUwVHl{9l;(Tmj0q`AU!J(TMzV}4`|Jw}zF^X*aBSj_XSGhC)h5mp-7X%#;=%PO-P=0$^w z&!BXq(Jvr*UnU==M+ZO|mQ)N-tBfY~$x6kn&Ep?>et~^%^yWyYRxV)Z!RAkopNIQ2 z<6!q%->*fxusu??`5Ug!!P5Mn37fE--FkdH%Ow3m&X==GCO>+HoRc)3niHB8$x#@= z8Q$*FQt4vFoo8C82qmRHeFqz^X=HDAjCTkAJi{bV9RfC6YXsN%ND>bj zXnfbLa7ghI?_-ZCTIB&2fxVXaTfiP+-mgL5vk zO``B8!Ex`$&QOs(_};lR=h+r-UYF%u%n(j^&M|t&j$R`!$KYn3x_(I{%}Q1bn94Nc zo5You#tkiMpBxFi7AX!c5g)oM-w#~2hpXFoI{EO#KXw+6GMos6JLaOl!|OwXWWWM{ zD8Zu^CFvQ%BRoW*lq+W;HNf`9$KxWA^Z=D-sm0q@ZRbdO@y~6iqQyf;?ZK0=)I*6|jZe_V=gI1QVCsXOxvu2gfV(SZ=L(Ivu^F~) zJt8#Y7L_aZ+MET_LU{Os!)4H1u5;AuK*X7}T1H;!%Vr?ZVW@CX^AUg6wikGBfr$OJcgOapm7jkFYm#_(xDF1^OTxuuQT-@O65^>oXp1k^K59tX49J zp6@d=xZMt8b|b6IF{u_iH8CItn~ac<^j>6ylClUTQ_P68o~%Uf@RFRiLGNMpgT~+I zCmT)-2QZ8XIPMe5IzE=-L250h1}Ze~R|lToTHh7!z=pd_tkZO~pl73E8hn6kI`00V}y*AR^c4fNwU~_xN`InM&Ei<46GKN94*=ppwu}AH0c;v8@fUP zx}pGge6FaEUk z%HInY`d?0v95V0M@AIkGXIIE(whdA`M!Jl*UvN!Pam6U>$5!&n`nQ=9UaU2)jryPm zuF@fVX*z>Y{eAd&xuJG_s{~oRg~9L*_)TQ)X>!NiwCCyI%u&^d#dAkY_j@2fhDy5* zs7^JBWLyw7z$~JGDjY559+w_9rVfNPtjT=8GR|<=jKG(%{r)d^UV=H_A!@I{K5^On z;vKXS{ZR!LCM?(d_CePV)aP{R@KUrEi{zE;Sc)(OlcNtV=GNQvgUP&h?WAzm^T`G!*=L;RIuToryPoW0QPT;V z;Z%iHoGY~H;v(BDPF~bPio^%viGv*) zPm3wyapk6~J|mf;KW*}_e4nWyg$1S#JkBxj_K5#-O_tTGldCx@Fs@{pPZ9?bCn<}V zp;nFfMCUmMLdI27SRJ){^AzY4jJa($8)h#O9nQ7wXqR@lob}`jBwJ@v3z z&JJe_!NZ%zi?+-W>ha7RdH&=e66%=+@1b%GtEqRo2~ifnJ&Jpjw_OMl5t`$vf@K(w zqi{o8N*ok%_Bf|%A-wzbVfe3DBb1nQcSY^+Ozor-$Dy_Y!Uf`45hnLUD{50ek$9jO zsrI_=f3Y#~^SC5Mh>S`oEG%|XSyAQw(MpY%Np@2c3yETh%`^2mxr5X922+emfr+1y z7oXFR8~% z5h7|LbGAJ=@Y6~Q%>Y9yr(_YD@d*@6#%8&}K<0HqO7Nhvb_5@ixbQ~3F>mx8oPtT> zvQ9}adqt>%flzeo6Chy}Ted$kF)cEXAkR9kcyK0~-kuZ|&>#gLiB*z*oRv1$!@ z#wr)H2Aicn;bgV#=9{Wbz<%ot#LJADQT>btr~fHGFwxj!*TCK<_6}|nd;$}FcKSWA z@-?_l54Ub6hR|(O7kK$i*=mDt-h&?ar@ejVJ7bhB%z{AA+x4$Eq+E8GR91e=+frpc zUJMn{JhhhD!5t#;!~?{W^ljj;e-o?t(e)5o09>%?5yrXkYF?9zbHfUL)S&k53oz!m z^6bwCMTH;?pXMxOH3~akksy>W0>Bt}Tyd-u=O|te7j$lFdsl14M~6E7G1hX2sZhA$ zbtBZ2(hKMMX-kV+fY~s!lU457`OKel=qG8x$Wqp{2kpMyKg|u9hea;Ot~M*t+BbzYS=~82YSwNI!m@K0CV3(?5($=1vt{Q&C7lZD?US- z&U1~KlNa_e|8O=)6qxR-f9tenR5N}qkvn1)tq_~DL_Ln1&q~U2J<5Ey#kl6?EaL&3 zKGht~VJc<&2ml4Kef>PKEK=+!pw$vBt%^HbKDkEPZ`2XSeH$q${m72sPVNNMHBYy@ z>5E=syznD$j$#haRK_~KRA;%D(7(ShWdFW<_W%Ck+x>$nXwh$Uv21fe$xy9iu6ebb@mxltD z3#DnsydY;pZJ*jpa_)C0GjQvDvZOXy=^4SPzrXm+y$4%|RJlmsTvj?dCRr~zIE$HM zcB80kspLW#8Le50>AQZyXX^76NoLZ=fLrfMK8y1KO|Q}vG_%XWA_iCyfiK+PqJJdS z$96|4@H~WK6z$u(SML92iDDZdh0J3A|OxkC1#=c7l|iBXdsr(5qI&uyHg!3F~^$w zJlZrrFdYfnR%*0o?9HzKz8<`12!m!@sv4`j%LmS=3w%;5Fr{ejomdxiR!U zTQQv)ZC15oMcJ-b=ED5G47eb{KsHbl#6^FvJ6M19)3S?@Fxj81BtzzLBXbhdu_qWN zoi6Cq60x?;8&Z!`TE+dfJ3*56LwT`#ReC#C3WE&fjYL6@AfBi=_tXse{I2owgfb|^ zC>g+}P&*aXVz83XOjjD?JHm2Fs(S%8H?y59z5t=PfwKyahn?!S*B?F?D4{a zYKaQnVQF1@|8ukzmdd=KGz(# zN~%l_lkD~~clUCkp+6=S6P?VQy5@+>8*rZ`P26J(Gr;dsipH(>IK&GN?{C0=pG#mN z)!%py?|N9d?M8sfJ}R!3(5Nb+B*8)@o`xw?q*P@83j=7!-8;oSwJ;NfO4zH*88}FH)2vpC5w$yQ_8EG%~KGHAl<%N!FCse6k8Uy!G6O2l_|}*l&zR zq>vRSsZ61^JH$RJQHVO0CHGwQN;~3FPKbD*yq>+_m=f6r-arQn*2bED_vJ$%+bHox zpFsViUrRf@pgL{q#Y4Bjm^w@-(-|9KT2BOY=0A8N451#^a|qMRjmbvtHYSF_EVdE< zwx7)p;K%b>d+Z}PS%(Xr3=h_oTaeL# zow90r^psu!lz*7Bdcz}mY3TDfkGt_Z->ds31Kpn*CY7utg`b2-_>K=lKCDv*&QFdMu|=ZpaGDf-G-4q%!)7i+A*PH z3ycq}mD2)i=*-YhEsm9KU#TlL_@H7!Lr8wk>ZofO<(3^guvSh8tf9Of*?D%36v|0A6Lwm5eiUpAcblQvZ3_6CD z1p0$@ZKB))VaL+S39&Sk*CP-Zn^GNZg+qe_ySi#HUE+$Y0ULBGHMvn1lIR59j|j<_ z&=|^ehL}uCi$Z6^T1KzUL zy=kxa`cZvq@^?O5y*f6G<#N4ydf71o@xL0V7=}EnZ8Ef{%9}?c1MQz@bQ3go@s()6 zQr@ZWDGSV6^5N-+zWD0GEcWO%wI3b5oWp0&U(LmjZ?YZk^<2Dq73jY4<{KyW%$XA) zcYlh(ufBa7ynsu?3#9!aDzDJkE-i|jlr?njuA)fUNJU1Vvt8HQ%&FF>9m=H>Lb)if zTdldK9M)ne$0?KuUOQVone2P@vVTV`9&|u7Qj2o<6&IZlsr}@b`5%hwAByXLpyER1 zHLuc~(+INP!h)n}sq8V4=Ol^BM8>SFVt-E`BWfcH=mcZ|%Ii^F&xRGC9G9n6hdMm% z653vY(ayvppp-;lB)lasp$Q2tz=!pWTyQ1fQDKeAgi54N%rYk$*h4 zP?`s_3=CvnDT$y`atzJVlte*@Ro(lxQXbmc1Rs73GsQ9*DFl^qKk+q zq4gGZ%GgHU?-y*dc|1(XXssiE zXUZOxuP(r2xo>L+bYjIxA!bjA3gH9lTSr=_8xGs~!?RYoZhbtp)hv4T(` zltCmDWdxOFloaj)u+)wS(timNL6p}kanH^|LplDW>)>}~UO&!P``=A|NGlN#? zLj#H%rlh3ucYkUM3Zp@l5*O7_`8(fPJcBNB1O*+t)VPu zNYS*=8ai_XMQpM%1Qdd@fa07H&O%D6I?4(`>pU&o-Os5VTB8#}YbdW*ik=-@Lpl1p z`@Ooet+n_Fxn49+cEL^^V(TQS%V{&WcJ=+`ezBV?sqxf{MVEjZOXI_EbXph=ojHs` zWe-I;krMiML^3D5EPrDnvsk8i90`%Ti^Wnq3`Zw~;ZR<$@Hh(;;>HrjcH;d3dj>97 z8Zx_jY`#gjU7eyd5fQ=Wz(r(y2#!w6PD5uFMP9^JoRcCCWAF?@nJku)D9z#msn~YAo(a{eM2F)EB%{7I1L2VMw+# zK0YQHIEPmm)bD(=b(@O+Oa~^tif5%5UxpXWqf8S!dfusY#2ox zV3q|bc`gZDsEVZKX_0u;PHYR;c(*dn>lLo&7U#n`;8Inoqo!FJ{n87=hh7+T|3gF~ zp4*KF=Qu+kCS{}HGye^<(bOBgvtx0=KW%qxv)k&Fz+M-hF8}kH`Dge;6bVmamN5d3 zZm0+?3D0;!qB<$7q)x!k?Uw4qmg@2TZJgID)lUC5W^dtaR&9P|sc)nyXk|eu0SgD3 zQ2VI<_1&kB5L%npa*Om-!>4jY)^MgXmwJZ-D1XmQj>0*bL$CnL3pB*`Y1QU&KR}e#q9T&=+#+Z=#~G3`$@`4Y+<6KK+~t*) zkbe=O>NcnB;Aj28{ zdIi?FiKDi|2VHIBzL++A(L!+q+h(yxVrTCi3;Au%f~z^ZUn!BCSHVo~AfsKG{l~@D zTw;n1jf?4MXSZgZBBp5e2+wjR(vqZMS$~sM7BQho3JFv>XK@*ds&=MLC1GKU>3C;1 z&U@Jmvi$6x4w1`q3ao+6vuX?b2ip}}Zyy@esCjOEHJsxNA(-T=#%In`5wSAOiHu7| zQpj7SEJ+|*pC?%rWh{=|LQvX5Fy2><^LlmFbA8n~NAGFeuGKH1FZl+g389M>IDez( zOG&m;eM>i*?$bmN33;wV8s|7eLMAz+@tLcPWjxMe63H}G7bLKGsfbBJDfHRoc`2N+ z)Fh;~gp7AcN><7|(0_4kQ#j-N?;m=OJ-=Nw{vxU(%d$MKNvv)J>S~bb zZYhG4Maqh_r1#87n)Cmy)ouf`8`4dBWn1 zr8ILw=aR^F-$xVN_b9Jdj-KtlM>%G@Mz;(V>i^l|sq6R9o9A$ac$O4>l?!>lVfCAz z7Yr=_nPi*l0h6fb`|MGcGbCz)&;FBR=D)v+ZkAh}_TtgZ-Pa~5Wc0BmW2LB4M&dNd z)rE#9gyys$QO2Vpi@B82ZGW>wcBmqn5UN0Vy&GvX0v>1W6!PVlKj~j*DVNRWDNuLl zMcYlFt5xrC=Ha6|e7Pvo8Czo#upOVd15*$%aFw!^F|-JcNL0jmkyBacxw92y64{Rb zXoBM(<@L&l)A8??k>@nqS+;WX|Fo@hbS+QQAwk`loo#gRiJamx-hcHUO>_ODGe;~f zlZ;h_rg2PCsGPuL84@1F>h2V=ERCF?t|YQu|Iq~3Kg#PB7rdOBJ_UZ-Z!ZEkb(Lnm z2z~}E#r2+V+uV7#IAKF~D(BZ3DE4paawPXUtfbEE`3luD?;S&ac=Kx)hVMq5Zv%En z;pwvYbOVz1YgXKT8-LtGX5sE()9iNY=mGSQ8uP-m9;urBLIexlbGixktMvw2y6iN7 zpUVgKIBzx=aH6*8Ms-HQZrQK9$5G$XO(SKsVBk_xB73Js8&0ityg1kP7#|&prbS24 znbRmMlSDF-Fp-cH>PYY+Nl27uRl+JRLwC+u64}v_XhL)Z<$v{V4>Xd{7PUQYuIt+o zj-EmXcy(Lxw$}A;;e(@^w+GF8)RMO?tgK{f2KBht%?5K(qKj}!*Z7D^G%ccn&a4jS zkcxzoTCh~vb45W|8mB}=QC^f;71zw|s*dc4N;Dy&g7SK$%U$CO^Fg6(Go_i8#^bsr zQm65P2gw#nfPa*LnfxLRt?ipcYUHFN0S%wcDKFzg8_~4T20C-06p)lfPO_YGlCpvl zmKBl+DQX(=FpevaZD)rzq6wi5l-DaS&kk^)9EZeLh;sl+LtFp4z0d*20e0PXEh|iw zJR6#ivz#Fq)50C-%sfkVF-`*2IF(>9bupx|x)_!+mVe6n2jkx@7~IIl@w0k?cH1*$oi#hwMmyM2>S~>sJYa)5RmJ%5Ml>zFfzI4r^#~aFBvmFpVamiO zP#djM20qyLZi%qN8_|UD2FmM|2xoYsJt)@L0KYf}_<5zFv0b0lew^SzNr_xF`}+qY zGjIq&?^X{9EkVrp!4_Vl{n7C`9r|Q^2qc;W#m8svZhi#pUnMngz0Z@)JWP4gF06O#EN4B?@ zvyKBUe{=iL;2fQXzJ?AX@DnbAFY0!9P}ERVZq=ja5V;=X_(z$}5bbG>e{|-Wv54|o z5-KuvdP7|;mQ*RB5v^FnV-a}}acG{J&x?j@jj;g9W7S$xBuesr#nSunt+b=vDr+gv+IAC&c{K3^XmTicm! zVUw-8s#Fiqo=~nIz5RF#|u1$9@ zCP`i-vJUIIj;Ke!*e?Hgg3BM}^-ImD4)QqLNeB6(>M9!ca|NIWZ6jSbTT9P4aAD|V zxUh_m2E@~%0qD$CDw85g5>iKHZc_J{gs$>+#FMzrW#}{Z?Px$eAsT@4`i14W4drnT zxCkDMf9Mu%gZ=)`cj%)mX9&QwoCb8}362bRq4G0}!=KcKAFPw0tHL+iEA?Bn{ds@x zej{BL!CDAR{dT+CsJ;ABFXIJyVV3e5{(NI7s7>cpwIVs~XCp4|&s!mucLO19$u_HI=^3IX!(UBXJvqyS*#2e!W@qTz(pEzQ+ zX4I~yAc*>(7P}2(T!UaYD`ci?$4saNfpVN7GSjLgp?nFg(lW0k)C8&3bvBQcxhXOd zm7Hg_C}<|!mz2bglOz-3Bq*<6WH8QSf03EpendnDZI+eQ$N#a2l;_^YGOlJtyv|I&r zW?C0nT2v7!(n3Jp8KsBvl93`x(v6pk*we;OL=ccUH6L8`{yKvJU_zpd;3Z`~B8FhRGLt-3rMn|Z*53G|rM z1C;3ufu0tTKxZx!nw6}qNSs4aE_F{QjAsR@>MBpOG>?+Z*#$RA?1)4%e<31)^4>{x zr!szjM4;UfiP;?@%oy91sjzHN-&&p*%p|I4DXL6T{QMCD5u3hQm=d*Ka5nNDFk=_N zwt={Y2KDKV>$<$b;wjkf*N}N&IEeYWUDEkz#x`y?-ckyiyEYoE4G<8+t-MU zj!9rZna+^W2|KkOIV9#IhDykBilUVHvlIFA|YNOO72`iSX>pJ|Od#Bi; zmSjSx1?Baj69ft5xmd0RgslQNLHzeK{I@$E6xfRVOeLbe5(EfQ8yM%CF-6>(0|xGD$_MWS{IFOnkT zG!ETP-^7k9B@^OGe<-haTR6i?u5ID!p8iS8=vT8P-t{3ygZp6BgDIeF?~+g5kJ@gh z4_Cogw}?MG#DsF3A>R{1OdtL1F8P-5I^G;9Z(9QpWz=oRp|l-=hV*JD=pK@onn!DT zB_XBCoF`=*F=gS4h;S+>De9_@$}r~Y7U`B}JK~j0h&{#$=WiWgW`O*=;aM z?D$(UA^wK)f8sR>UDF{#i*cySC>R#^b8T3x*=7gjZ2-Gw8t^c&RL7;ZrM2EQKY@uX zoC-T8zR!=>p)6;J?}T{WM?d?s#P^~3PIk?kX2lz}5yVt+AH-OFc06+?%2?*2CV36U zbX>9GQ3-N}WyPcrq3th6wx?$i>JQXBHIJ5 zbJzJm07wx0S>4+MjsARqva(8xH~aP$2w8C5-|*e->%hcFj4KjGJebt&7ZI@@lO=^R zogvs0;%6WI?0&)SE{e+5Sg5%OXWMy2T71Tqf6N8^47(?yUn?fx*z{2>i<*`RsdMPU zl@?053y~9AWjw3mJdQoJkyAU0mrjV{p}ZdXcBVQxE`%s!FXs0~-+~olRPq{dgxjsw zxxqUD1$D?8qAgpfwbOqagt@;JHZYo|1@l^+4(5N_wY{H|b+go!eHI(2p99{>^@3HH ze?5aP+_?e9$NJILxR7t4^Q!?Tf&J1XCFRGg0>J*`1y_Wjm7rkjw}m5b?zq zD^UlHDK~ag7N_O()MM(AdVKE|pTD+4UpF%PF5{_(G~*k0s5|x=vV@gYSW;jZ$TD4_Js-wV{yzk1`^jNf+o~_Hr z*Fm8oGj!P_>-gR+?vDBCmHE~5ed-_zgiTtJE+FFV%a>247bB{Ty_G0Tt2PZ2LaP|a z*pie~X&aI-j7r+%v|^5cc4}rse^ZZ)C@SkvZEHHz=DlEomc{#av-rGNvU}DBH|n=C zkC*4SHy=cE64nC?;G%yBer21rq+}CCTXMk{Fir-Qf=_xt%m7YFYNA3jOu#Rx=@Os6 zoQp^dU&YDrhT73_8GS!&CCA=Cl;&C4CK<`ft_60um{e6=LZ8AYZo9Z(f6TFxn`zC| zBdv+bI@JBtq$VnO)5)Hws%{MW<~0vNw^=`O|3tK|c)QpLTKwnW?fQ{&-&&D?iuGLD zMk~M2N2<$!eWuGDVDS>H_)ZhltRDd;DN|J0mLUZ^2j; z6kJ~iMp+O)D8G`^=vfR#6Qw|RpfT4b6TbO{9-MAA^!cw#wz}UwoEsNh1ixEu{}9AR zS&yjc5yd>gqPB6ql%W}Z3q$TOp|j(yi!R;dC8R+e9M zgqzhCdQEH(dYof@4J;mfquv7Cl{DhOu$*?myV`4tCl(PEe^r3upZg^X6ni6Z_iy;Q zfh*H`x02oR1kJw`6|B?%sprd)81oYHi=t+Db5B>Q1At)C7P%Ox4F0SOIb^eJ#IgSHXvOuN9FE-%oa%m1Li}#{!f3@7mw?u>s$QnEr`TG$#p&f{A5*+MP+^{1(*2zV{*&jrH+T= z!Hl>=%NM7645)xUJO3srSYASFTjdgRGdP zV7Jj`ZN&I_4jS5LBrV&7R9V@PwkYDXs!NEb+AYO|JY*h_2UON!DOSkCFCW>V>E2o7 z069#9Ng0l&4CIQ>x8(Kxvn;?<9}d+_e{#`R>pZuKuZzdsW6&+xR~0YCH2V|`11dB_ zv;8m(F7dgVJ;36JDknbYhWkdFovqFZeQ;LRHEoKF02Ym;73IHRlqEzad?DXk+7kkq ziDbw;kPN6Sjv_`y#x_Kt%a_61k9U{BJFZ|~xL3hHy#2`cgRgLs>3`yf4QAgRf3R6p zubkJ~O8a?)e7&g+BMw;6Y-e+oPBIWvJ1nFnwJm33?smMOVeyjSx{jdTL2q122xr|?O{T3-M5!F^QpV_KiZ_fJQez$1B zzsGd>6i@{I+-`05qq9Y4W-%)%_dZCH2_m$tA^?Ub0&dooRofJH{-4YQBV-<61XR|s zI$~n4f4Wm%hCF&2dq1LHe-?BCoB>yidl-DfTJ`+6SaaQCTYTWNS7pZ@pby@#G*8;P zCUsL%==lj8&UHhon5Icfqn5kcc2zgA2bl-<0F`y9IwmGm-F0lle}o4j8B-0VdeY!k zTtKFvTYMcj{>;mO@R_f&n9?3yER9OcP+Gs_zf1gED(wf$gCEZ8Psl#iHup*$LDWC@ zIX>ktHKFuW9|M}Tce|2{8uhG8^FTlK+>)=f2qg2N`@eS6c<-mjhR=5u0V!ttqi&qr= zxvHqH_<15DRmAvq+BP*QyQm`_E%@q_+7@)FFwkq4Ks?gH1%wWRr zjKGt5oKwhxfyieXzfy54@Y+-*r6x8}bU&iPXSuHV(R=R*e;zzB(WAH@_G(zYU^|Ap z7qMW)E2J<{_Zm0AfGc9nKSX!qQ@{YI(2TXs4-DWEpB?v7p;}qhumKdfg258??)5PT zt8PHwLDQ6FlyVO=4~vGRQPU6_s^D(fwpmto_71q2neNX#(*3Bcivz+osRNdSijHIu z8czeeusXC$e~gRz98{REc(Cb+#Z_=su4O-Y{i6srQy2|XYwR|xYJGZQJo8J8yTp%A z;|&=L9d{bBFPK7OPoEZX+*WZ#nyBU*LDS}>jJk}ZbqrN&EUBnH>Xe(Q?A#-jjmkQY z>9$$-W4HK@fR3V$RU)G{_M=I|Fqq^nWT;84&zCxge>!bF1FJeWhWZ&GB;sE5>aW{I zpJ!osAr4|-5jw@O+CA3Xi{*AAom{3;A&~B?x&PaK1|J3hCZ88{de%FSLOvp5N$4}% zED05ITTe*= zWNu;uat~|(D(hZS=CFGs>j+A>4Hhmpy1|^qk*gQEdGXf(YN5cLg!Kh8+EeoMsL%|f z^~=+{#J`i#V$&aSa23Ch_<>M!Rllccp5mi7e@7UnAs|eXTiUUviL$7-+#I=CLR&d# zuFYyvw_Qh)i0}6~UjypM9$LyxFhcGDMnGlVrg+p&~Pk*AI%|68}!di#`8$-Eqx8llqMzxMM`B zfBt${Rz;wuJFrv8j7)(-{xZ2t(IN0B{du!vNQnvh-kKtB>Wl)TGmA+S0noOi5eefo zh6)qzGCI})6UmW#AURN3_c~yurFg%l?GJPb(IezAi^{`#pb78AIDsB0xcjGnmSG@C zOHMYd-SO-APdbvNUIuqeRBZ6|U>F7jf2TvS)dTzm7;J|Jh4wG&-8~=vGhGZFEk~kf zK{7oS#a;42db#k7)5|!OsOXZ{%c>DUBi->)A(V9${4;-QesuW($bBvWR;XyFdmW^L zYSW+=H!C}6w%lFm1VnKa+`WH|EpEpHLQs(zi<<`^e4#iF7lf7aY) z+2*|ew39udg1_V9f=%gc63On^&8^%+_UhTX&3Xmi!OiU(vje)(zp7*M8x`P)ns=Z#UR&2xH=KtEU;5<0$eac%|JPnwhv;E)y z*TX;iuY13?dP(npn7jb!1-pes)Yy}+7EhB`dpOLe0GFEFB$TqA1!q%xz&s3W39Z_u&EqVDB339}ExE4&7@({!(5ChF{s z>v9v#mV2PtP+7N!VFk3!fABDHUZ7s|ju`h??hw?p`NUL@!gH>+sy8CvaJPy8g`2|w z=jXrp+W|&Md9CvLb~2v8`OK|({ck6`rM#{7WeA#|w7 z3_rjFLifQkGqz0qM{qWjcwBunmi-^hWnV2fHG7&aB`P>V44*W6y{CeEGf1=SP<1eD8-FWcPo(7h_+H zKO?%$p8Pxh@X}kEfBSw74HRyuaR5FbcO|?p^TaJ*kbF7Ywc4>KgIE%0@(dDpgFyf@z+CtEpsH{{Opfl8j*3aX+OC2nxo^Ye{{N?Ar29?m!xH0#$6qe zh(QbNG!rzSImse`_oqctIe5);6Aztx;Gt1jJF3q%k%BR3=)M^qFl4_&!VS;VdTz8 zjf}H=xcl+Pf2-hUeo?!i_go8t{sGuQwhxP5PX#M1zk`k+>M$SZ6zDZ7G{Xz>QCoZ3+O)tTVkP|btSe*v5Wq)zo-WNMpR6lu~%!M zlS}#}e|jU2rD1`fs5uPRl;LiJz(P}b0W*^*)o(F9#%{-Q?mZn#p8H|RUE<%k&KP}g zKv6<@Jc0UnlEz$(%ed``U>sE~1njzOf|GL(a55_E(B-4sY@rg6jGELl3bIkr5<}@R zBnMS-rS^WXJh*R8 zTAgUr&wB@}lsMJ3&-~o7Xw2BNdCkQO(V^DCDLXBFkO7P#H9onKm!A*i5-%eeS}!k$ zbGGOyBx*5+enK};#jt2M5N|nLfHBFNi%TErmK!dlPVd>*;Qu)Lzt5xafBw&_zePpN zfB!g-{xv7nzx^%#*AV_l{xyvL?LvHA!Pik<^8a3(T?Bi_!eJhHL&&0q{p<;}G=YXD zF*Gzut0p5fYhogLny4NS_C?D?hUXs0a8%Y=QDK|a3a!E9)Fv#js{327a!bEJ>tg=) z+co^F*)UkOz?+nu1dHV}KgDhCU!ZULe~B9#yoz#kT|1sd4HcQOs`-J%UE<$*Rl^?q z|F5gsbn*|h|1?y8O)kA0tG^B`Tc-H$?zevkqWs{BxxX;(t((&sUBzGMZ<#zYubPo7j#=g|3H9_LYt!YJme+A^hWuX4xhBF1tUCCS7Ol}1Z*phN>Ax4tNb6|H- zfFr=a^;-!_d)E1Cfpk;3>Pt8tZCL#bcKUfC=w2SUZ3zQa*g1w#uA)DS#X3)i))#)z zdY8DJa+TcIF9Wwjl>McV=0tjDL;`Zi;)y8b-~$|XCoJZ1MB;4^iv)=`HUUTYw7cS) z{zgdsBqBF-X<~yU7|9I|nq-pbuaMQEJv*Nca2cF^)GB>;X&Z}g;|gLUkT=1X@2vwJ ze;z4Owk5F^IOCJ-L+5i9|U#ZOffb5XmKTA(t>X2tlq%G8ncd zxr)Ll3f497F^o|Z;<#l?1|fKb>lF-%e|z(t_q*l+R^Ky`Z@B^t5w|5U_%rNygg&D! z?1Ku;So8cU5?tcn)+50lJ5p`$2+$yMx1>x7O_G}AM%z2PiI{-;!UIr`%GyJgsF>hU za99Z@JJU)gA^82!`(iW~T^1|tX|?7{w(43~Wd zmY-!hS=Qpgw=g&B&9;(jafNw{dP=rIeSYi>S#9ieV0_`nl;{%oA(?4cJyF4F(KLIB zGbEueAXT0CNCG{X(xgd9RirHmjZS=aYcs*6g$KA4m33}NcCtj&)KF?hU_z%xr?4qk zt~jQu)<_R*u?f~+Rzh!w9fKbTe}X@834Y_NyN5-$y#Ua|ZrSP{+>4DUK4%-SM4|G^ zeleZLZWU!!LM3J>ydR08OMI5XH{7G`MLRxHgyA*}5v@iU6Io8nq-7*)SwhmdiJ;MB zO3Ek?3q>Ps*J=|XRCpkSP+6x|V}ieY7&j4HBpDsx$CW%-?)X9iS=xTPe;He7jEgxC zr}Il5=~gubP{ip147BK2^V}>4z7e^;H|tH?53FH2%KS*1hXoY9NUPy04_=sHc-W`V zMbsaA63apIbnH*zhy8Jhe_N*td+c0wpd^qGCTUv~q)e-tltu?iyFr+UpTYz2gUY(Y zJk}nR_&SerJdS;IM($hjf4;#Fk{UfYRvPX$kXF4!If%%QW_cD76p7&hLs|)LDRnub z<)`3wP@x%m?uXlPiGN!?#~wQ>n=)i|NU}1fB#o+))Lqt)wk*T2j@vj-?A)e>iQOqY zusf)%M+Sj8`7l7!nQ0N+3muFCk*T6AqbVxV| za0Rb%v8qLv(LeqC^X;oUy`^e$Q95arfUR7oFfpP+GgdA?e{hXU{K#GjMqdfi@`C`R z{;`b}duHg4Kr3zuX~7*zXpTUjI|70B2&|~usHh98C6p!>qx8UHpt5#LuuXXx80PT$ z>FJMunPCg~fMbKTgC-$AG#jn`aV%JPV9O_M6*(6| zFVF{%lRRly$4FFE+%e0liqtG@2^8Kz-CY|;4*M}v{iR2$AC-03kCPqH)`|+19{sQb z?Wk_2?Wp<}`^|`drWy;Bx!)~FHhOJDX7pK~PB2wJo#|td>1q4YFKzD{fu zG_&=kN46e+m38bXCpI=j<@hcjm<3kre#@;$5zmT!qX(9GvBzxKQh>dd>-&D_a41^9 z$z6qib*SIrxe(?bjSU!#4GIH+p|@($^V75SrC+w*CH}2<6zsw4s3~KbbR;hwk-$e~9g1$H_<$ULzWel!C-7A%n1XLndEkByXb)5o zBBi;7-m|OcL+JD0{X>+8e`p1Wi!bim1@yRE2Z|Io_@L7DS3v--8vEKTcfDBW7u{$k z@}vX(@fd6pK@XrA*vEePfVx`8r}0sd8HVAP#&?OIxB7dozSiUS;D1QOw#PMNtxLU-205DZQ1y+Fy%}{keScOaco2&W<%hL}4i=(Um z^^ba{B@N7j`tE04`uF*1br#6_>Vuc?=}e_L8vqPktrYCS1a7FxxJ&r@XHh7)|232k zUIub-WY&Wq2|eK7@pbxKv7%lYG`ANg6!$x@6zET*qVgeucqU09qFF;kv+3G@gk_-! zXWCaG6H8HgU@1`9H|v8UKia3;_o|Um-dRR5`9~%Ule?AZx5rx2(k;cD5C|hKWcR;~ zXtpXzv-O%JhW+m(HC%p@f+BMksH9+>c{U7`xtu|&wIY~Umu{@-fJ7CAVHDro1zp8kpy+SGWw+; z^!rCGZTglE%xvBfU%jr!6^v{8aQ)=5ui>dL_lel_2;!Z+A6CARDSWv8`jLJ;AO5Af zA0A!|(Vx6aSy9C~C9Fw*GVbQ&jL+UbIZEnlZJ9Yuv^EMR{48khL@I832W|6hlxgNLc1 z;mz6We>pqh00k2`k5TB4q7WZB;SL$)>r2cJR9(~%7Uh~-*-kotTbanG$^-d?$~uEN zwpnMbFE+Z9kz9OISw0?z6vvY2jvj@#l$BIJjBa*2PB;3fL>Ma;68C0yU5rXguo)}*3oO`7N9eK^c|IlR0T8v1_;Kgc{W){1d*9))cLgA;t}}ZamSAvHQ#szZPwH> zpm(RJXn#lh?JZ;)xLE!CMEm|laCF$Y2kvJPw1E5sW+#+C-!#sl?h*}Jm5=zsI1%Z#3Xf;AF&Ti46@F9 zuI40w&vjW>=++x zxs#X1EdM(I`TW{in}8BZ-()ZoY-k>-|m zP6dh9EBS}uQj{OSe#QSp&GnQPNT|>ZbM?bdxx~Mrxqh@fH+RnRyzNTTbR}S@Xhmx1 z+n#5viPEC1qRNgcsZ0!2<$<9>Wi4@FD*?*vI55h8htfHEhV=_*5q97j8L%CaJ*vn^ zMDX`Qyc(7Z;bSyDg597cyn8x^s`A57xx~MVzlA-05tU7yCIzX(JS1^eR-`PmoW!i+ zrxJcbPaJG0m5HIMJTO$KtQ|#bn{w8v#0sF&z@J6GUdrsmik<;c ztSGa8+aoextyjh;CUc`aske)+Z79QO2On2K_9 z0`=x3E$V_)bsQ5Yq=h=#lC^ez-^#=>RUSBhCREl%JZGD9f0y~NUM;q3q-QrekdoSi z=o$peLYKLAFI7)Twdd5k#d1p)D=ipE$s4{g0elcs?^Cc#sL%}c_QNi@#J`JrV^3cv zp(y_*fY&2w6xXCo@`OO0E0nncT+goFCP1e00LY-SPW86JWCX{E($7m>^z#?dBMH-g zavR^sn-Sxxl^(VY6G|RD$}a>gR`QF0^Q2CRmjUY~9qICU;Gi>)69ZcVrv0bTil9O> zwBHXZ;}ZWa+K)YbR(E;XHWf+YjFFTdf=S(#CF#mIN?8}PthMG%)6f8sz&}paeq7dd z?zPT3!=u9GU({R-#{m&)9sQksNJy`LINIgexj||x@QE#oj0-sxS%{vl$WHO^kTu1h z{yzuv(R{sWuO;x~=49XpBKaMFA2$f_{5wc(4cHo}_50bsfZq`&!@{r7`*hAhghbXOuez zWf>8pp>$$j8Y6RQJRMSk%et3FO!5f)K0XMnkI>5s!dUR9j1fwnSV0rJhqn`0Isu!N z&M(#dc@8bI*qV6)(gYWpv1WQ9O`PK2r)@g^0-7%ASe`YcV@*iXDx-v-=NeMwMHYu) z7t_}2{ib1TD*5TS23*#yjc9f09f^?ulj*=g^Wswcd_Tj_Zf=?fm^#M`)#iPWaC4$FXL^hOv{<#*OV(|FMNMCDj`hJh zhy@c93&otgzwv&=xcU%u?F8N1qBztcr^SfvD2HQPT%-sf5u0F z2YW}Cy+|P~`qgf^v|N3GZRj|rB?_~qDG8;Fl9aKClubbiZDYRC7qn}r6)>NMiMiID zj%mSV-D}-!Obgy65Fg}!V7lZ|)tVY7bRDNvEkJ4(sAj9b*J~pC4Cf-g|5LLlR<+;@ z7F#XKzvPS4J<|ymK7-u!Ofl7vK|2P)`!#Kix%&qysC{Ilp$Do{)Vy!$%z634CgS`a?@*>Z113}%B^hq_)S_J@RKn%Lexj^z1e_%1EohP zf#R&}!mK29)#bo{o8OW;E?ZJnVHD zI|oduFUaD!4VPz#?oDeB&6R8t^BTu(gF>LzT(0}A9L|Eo;DTorSIwkk$)CJ?j!LTmk3Bl*6hvwPS#7Yn$M3DF226ST%4FCS# zK?}-FJq(td5>@AGImoQku1%#<+7mo|4Z&34qet)`0coj4~%V29SQBlyrl5DCgQEtyS zvBQh!QLyfg*1|8-Uip50kqBv!xaT1rMtpWl-| zq~cq{$^lAwtd$xu6qxPk9wOW-I`kOJe23=O(K+Bfvxm2})CKiY@|2ulrPqRm6tEX- z|LAtkNS)wiwDQw+j}34WsBw3JS?@A$7Zp9VKK$_)jLEtu{yEHMgTK1kO6ZZFzdPzy z59=0^LI44q@Y0f-;rK6oqM%GQ`6oWmF)M=x^!$B(g^yZD41Kku-C;5b(NFbw8>Mgn z6>sMdiceqHuTg6}3O217zwt@#qDqC3OYM=HfAWV1d2r+zZ1H^+hZq7!pq|Uf8V&79 z2aAN6OEbxyQIQ9enUD5#$2GBV^`UEqxFFspKZ2{>wF&cVq55_vVhrz2iTpjwyjjY9boAyFtECwP!8gH0{DdhSRZWL|VO7X4MsfF8z<= zWFegE470*JM1Z&qNd4*kK5sYER@kdxyKne*d;ZAZ$V3f`em>6M?5|uyQtuESJfMnz z!Ggi-z;XV-S-E#@FgX1LzxteMAz9MQed6O?TK(x*%QiQQL{KBn-Sl(cVzsOEY4uLj zArTeC8=3I2)!n}j)ga0Vkpi`Jk_?I0sXiH}P6H16V!-IFu0;7!wedT`GIbu@%cCZe z6m+%_TwA-35Nb_FRK@mC(TnUflFVgHdap~M>EWZ|6AxG!*V$~!7yTT=CMi7+Quv2J zBLVC>RPaZPug+U-CWlly_}l4GnAip`-*0!BZuTQqG{{QBN39Ba&o8-2GkE$gIc`#Y zC(B4aWFR!(mosQ>8$w+RE6T&K26g05(}M#ybVdnqaICEDrZc209))g4w?S~5O#|1x zlQtnWe|xbP*V7&3H_joH7Coj*$sCAk6(Gdx1A&^L$(uJKk&lFM#T@B~+fphO@m4S_ zZkllzaoQ_ta#~Lno$b&WuEQ5(r)w?T?=|TRNVm62>v1Of7yAV`pahuuv3W)Kw z{D%6tyR&?}D(^o>xv=qZQ4&)ma!?si{ zLeN0@Dr}I67>ap)*7;zuJUp+GXnENG&fr=5c2-9N*^*UN_x$;A4HjPVd|vYt_lw{& z!*-H14OaM$f4!Q-tx0S?Y{+9VEdXF%y>%PRgiUoLFUe*vo1Xo#(J zw}!$M>5G?B%GXz$DQd49SH{5u!v%JgODhrALJ*W%bV3>;koQjYfJn35@){;kb4vO< zIGZP%S@_Y|{O5QgnZnUOl&fbZ+w@*O{SbO zss19flTnwp+Qc$WU(yWT;9$E^i-R>lNOHCAB4XmCp24u7NZxla?ZDe82&zfye6y?4 zGYz(EI7h_utG;WNevBz5Gq%@mk&4b6`WV;Y=h$)WYd%Hjq|P;9IUZLQT4P_7A8AOiP}+Td z8sGPa9eSr>>EjW6FlfWxXDI7VYm+zT6PZ3+*ab^0b5Q)d0j!e`r4z@e&5%>Z9cM@! zUyR?EzQ|rga-izc9C<~2eQn9638o#6SMHRG4o&(h*BO#6KH$@nf)H;aO8Kv{g!8`O zZ~T^Q*K15*58!u$0h2~l4$sm==IgfB?LZ!K<$2{QII#j~evUXcKaQBF!}1XpsKt*% zC#;<;zZv5E;|t+HmE12D8T-#O8x!I3VB{>5gA4%|D;+<9^9Tzw#qe$5(&M|9tyqHz zswEEKO!I?xlQneRG`}`&d(-;kkdW>xWK)xhK(Yz=P49x(W-M;7CuL5;m^O7Udv*&3 zH$AVF__{16Ic*?0Syo?~@-jZW5c@(VixZo!4RN_pXE=V@fEYL9xo8!#Cvd#IX_yTp zl}Qa$WxhABvn6b|@)FfRFD+ozLUA14_VNC>+ZtVb-;n_GcwiU>DaL{&dWB-*+tmYV zVDf=J=`nugEAWEGj(PZ}hp-gC!g4MXM>6OIGD~9tPN7r#G|+);EO|{;+?+H7-GoC>+4Cail%~)3FuaA3casCCqt!Xl{&iz%Z7C z9~jR@g&7FDe>gOfNI1k{HlmXr7jC_j1ezbKr_%9#L~c$7Q16Ze*fiA0Hs>gO{>qDL7xop%IX;m--QG)w^*rv(O_g*i|;4MY-)P zj{VYAomcjZR(7B?bYoJQY8xITlqJI!=HL)IJK;%+l)XZ^EHYcm0K^BFf zCW-GNaSjmM=OWV~ZjsF3w$fik$Egde4HZPgDXrA?U}zvm2$1c(l|u6y#$LOmfD z@}2f+r0c?&;c&JmII0DlXtTVkq=eM82dfYStv3H^@mz4WE9!|SM`|$+h3>5z8SJI} zLeE4_`qUzM67gt(p;dMTMr_(1-x;QmAKRGRHc9}=Qu_jC3%vJ*eK(CpqA$clg}sv8 z;7u7Run&pt2$HGFOg>xMt1Xj%8ZW8x^Ge!M>zc-x(F4xpn%Aj03F3GvF$kf2-Po2q zOK0VLir?Z#2Xbro=z3Y=^Rn#Sncy+4;i6;K%@Vr)Brb*)?@KP^B&#L-1c znrj#cC;OPYO?_X*Db`7jPxgYLyl79KZ8V{@xn(of8<<$`KBTlD=DHaj$ggL@Zc+5a ze;3J6?kE}XjFQ{73?}R|hVa`bgXTXjghM4+7I)EG9Fn5iv`&4dG5|4j%8jv#TM6=G z(n=!F97bj41K)vg+7^+EdW^CI>-q8xjb&wBdStAa?#Ba@ssjld{HqpQ`=KI>=!Cmf zB3c(Ub>U}!omw^#EOKN6*pHu)7LmPpe&*7gBd7OwJiQ;!*3)$F^aDC!#6q`4oIk*? zYs7zs;xyXnm$a zJ!5xa9JiaX#KvY}?pWJ}7OWqcSw61#cT0rDmkG|Pnq*}+1Z-utuA`Xj7Qz=jG~&vQ zbTXP1wE}^UM&>3Ka+om+bRY_=4a-;^-as!|*Po7V@#Jr2nY(BEw@)9KcB>CNkZpt_ z>tEZnIsWJY8+p`nRG&{NguHKO-GT2A!#@D{sc6&Wp;ykb5YWATxpYt1*l{rK zv?NB*f204Jbg2A6JQi%E-x_a|$Qmt4q5s?4k|zk%PII)(Wl*l$MCJd$I-y3SKox+^ zfzla`b|Cc+pVS_GCkV}DCvin9q^2F!*7d0{H-S=M%r4Zt70=f>eYhV+g1cwd#QE6Y zZdCDPWnj+{j%J|;51NP6@9MSF_gh@6Xqd-V;S*T)2<3?r(r*eh#3T4@w3GhFnMsN;CVv zH%9n0c&%GUGeJ~PZS1E6LMH1KI8d3-OFfA`yX!R37+JXhV~(Y)(1(G0@Ays*pX zMbJIrgtk9aGgr-yS`DgSigT}MVxJ1g_fok%1!@ohY^LZ>kY=re|MI(~i?trw!;1HT zzaMrE$(-TQnENjZrgUV(Q_U%(@DH5wgE@3`Y{FSP@=}c=2O%T2d7~O8-b86FEok* zWz;|u9TWyHJDpgLvfNpa)`TUzNp;y=^&D<8Ef(~nse#sHI~ZP4YfGKFx$$snTOmIB zCJk+lAAE_}KNfv^N6v$H`3v5~U;+ZjS5AIo!vcchQ4rrjd~jX8*`4Z2p!aFgG-EM~ zHDxbz77FuXykVXkeWB6^Pw8UcZTLq8Q%M-TYib%9?X*zB?gT^L*%>KR&hIY2Y`%vE zR>2EGv!yPyRsJ9^??asP*WD!iI0E#m8F{5C`+&a_+>_RbZqe*rXhi!@4+`!(nYAGG6lK$dbVbp>Ic!|^w#*+lfLO5p+Q5;`g7gpLXH8Ue6V4b-1*PV${WFH7VhPn2 z1b~WX#c)~gJDx7IJOG^yNA>zUZ!3w+)Cv6`D20)_M=NQMF&**VKsMn#z zod6J&IiEX*PKBdMUo*TJ>Y%P6Y!!TQL$YT4VyECR(h755#iB=&CiTN=fk1%*>acp961}76;pkiFvd@0y!wn*osA6S08;oy`B z0j;|nI643LeboxY@>;)y6?F~sDr9e3kFff;v`d{(fw_8NJ5lYk#?>nc%V=iejiM!UyxSW>%|I^heEN z=__Zs7s;H%{5KfgS5;wu4_HzTJ&@`6%87fS!Y7eWo+tM(>Qlq-YFy!*!!hPvok8I9 z=X1<;g+Z4}z}YSdcP*SAQTE7Xxa{?ssBFd#G=QrsX5vP&;A-_mHIHk_jX^0q8U50A zi8AUoSY1^YO|F7ZD^1|d!UQ7iJ1QwV;0%gw!=fn*S(O)>mvFgy7hQAe0tl%Ot$~Na zQ%j71wriLo+F{!MHwB5Lx`PzqrHKoI*2U*++mWxF`{69-A4basGQ`BKbqx8zQa6o6 zAW)8Y*>KcEelS147JURF5|#LK7B1QYDPH*gVe&W1@;f*i)GtaI1YaC7<8Sw4{e=h% zrIxbEjqk?^&DdoLOjL?G)Ig^cGmWhE8~ZYNBt=2rywb{w(P^%-s(+9GSXknM0!WT- ztdoxH9HnE6y5MZ&cLr3~!3`=A52KA5XcYA{Yi5R}Z;-y4j)QTZh}P{Tu{L=i-T4aY z1W0#&wM>*Nxup3KR9#zu^tfw<)sSBy7w^K0C0zndx8F?Vv1I1D3>@_Mw$aA*9dj_v z)0an8hXxuJKu4aywA9?xT7Ws^y}D%5qdFBKDQ~vwte$UO`8OjF{{?&V%C|THAYm0Q zKT3m5Yb~@|XxzxkX#rV6%Bh-%&$Sz}=o0o;4>`jEdA`=rI9-w6Oest2%gHWfnUE6b zq|7jLM;?aZMd-gc2($w2eMR+Ur~IegE-~}Gf|*{G`+TApRURsoM{=+sV7|PD$7?-q z8&bf{QjRW0d$lRI>C(vpS!NkY-~xzY=2erA>LXAL<%0?JgH@_|%B2=xV5j0O6Wv(q zs?)N8%Y=@?Bk^c9tCLD2IjPVlf?TPhJ(9>Ax(wbxL9jOh1hBsem<=)i;G$5tl-@N| zH)rned$m26ClFNRo*IBqP+R0?>hr*eG^PLa5@F=V>$@kvC^l~XjlhA1oo*cAGb@tv z?7nJP`*Xz$PPPMyeAr46Fx*uQn(MiQCE1U_536Y15AhvUn-p*+z^_f6#CKuDED4L3 z0dJF>Mo9Dqgcis>@fY2e(1#p>?N$N*psLgY6@;E`-MH$9F#R%*X=g1i9pBZ9b5l-{2?kY*_QJ0mAgZ0_C2I0d61~coC00Xq<445Sxj+KN+!r9)`1Re7 zk1`hs(AeI!IlXP1^)LX_^Wy-ynwH~ro~)=PUI}G*1((7;M>Jtbi@8aH8mcV@;H+6i z;g$txM#QQ`sBrQ?)K;Xcnu8y~Vh;BH5*`dM5ip zZEM|focD?Kj1JOahPn<&Nyd+Ts9|M42EDaX%Bc7JIr6^_sr#c>xf+dA0O z6%i`rm6_zBZ$TH90P$nf9i8qwK^)iAdZX1oB?1wjy@?eYDg!bA#7CW|40S8`$O3xK z;Tx+FB^{sA`n;ym(tmL$_<=Y7xVj|CMNypg4mr$8!HD2F2&gXT`#2yEV%m#{V*_5<>GVPoD z=)6cscrijufXws?8*yqcDf7c9m89(!{D(`!5yAt{VrD6JhvCFG)Sh>pcp*#0kVRx+ zh3eLjI$zE%ht>q&@=v;6FpyB^^bH&mbZ#9LN3waNF)!(okbz|d+8oHcC<-`IfjP?c ziByeBzxV;{?BJjkkp8!V9&EH-O?M7tW_3;XG)_(9szcOGE8l*BIjBo3io`!-UBpXD zzJKhJI}9=;ySD9DVs5?cgCgvAnff^1e*4gxJ{A@G4 zZ1R#~iZnKTnILXT+S=_Tg)YdTA`u5WgK6ScqOE3ZIbPSr5}PGx$!*p~->h)ulDpQC z8F)(6D|PS}9in2^#$oQ-^hAnpfh`m8>(&C7=cFSNwp@JtOZp$O^&a8Bsx%_fq8R42 zEzds4ksiCX_$|aoEnfe+s!*xpcOUSk7W4bM9)#^N7++mLe4^>n_0-HB0@DY>Wc$za zAu9>Nb^|IVdkt3S4nQzemxc z#pk<9?kAU~XN?+>Yf{GhyW!;A@3Y7t>9yo2>J~^n8ytc5I4P@@WUgvXIla3|;tU&i zWGC96ex#_eSXs{YMs5ZH!3F{V0cYBQm1b1Z{GqFsSCVn~srS}T+6~CN)6^&hKo1Vj zLdFFlvR~IL^sx-LxH}V^rW9=a3#JR3EWLCp5TISl`78<#+CZ}ev%}UJsmZcw7@;?} zjBRDII+E}AiH98F3lL(Rnl__TNZyxme$wU_%SIW$f?o^vxb;P}X5t4ML!dLA%y)#8 z2inf*ftm6P3`XvFqBiwPV9#Jcqko4TFqJQ;=jf_G?=5UkBN5t`c%S6kK>}|EWM3#W ztK>6%`Q0jt^hhCln8iSbQetK8=%`D#Mne01R+0&Zzb1 zSq6*3s&eX+z0@OpptTki`#`#vnKo$c03G&9dyW1dUPj(6X0GVwvN}|c zEFSjM!p<=VG=Q`66;bG@bWRjp7QdC#8 zG(*ncz=7;$02VLxD|Ywy_!$(kXJ-#^f$^cDEyOOU)}~gI0SWnqCiG|TK*#=MXu$v} zlXvEUEt8*sdt`0S_xnZb%ak9kVI6eh2RE`Gg*Cf0OOtBX?rd&pk_t#(_j;;_35`l( z@%4q2i8a8(LblS|3u+4sZRZ#yP$L)0XWhb8eIPI2K?hQhwT%dF9?YJDf1$ZJ=+{*V z4$N8mv31ob^s<;is*UjQ}Y65 zcbj4V3f1RD6>?R%QbBxkJ{&4fXhtigx!x@@1TQC_Kp5|Nk@tm^x*rf+*ytC*_5WeKIAvWDVEudYlo;UGv=c?xZnY1+m|%xnfH*R zM@V4D{@#sK3-(%&K~(V%A|F2)Vx0&u!Is5j0Wq^fD;a*_d1VEAql$;{Yj?^sn7;Gf zfDzXT>>u8glZFQcVdG?@(Gj+HY566J=aRd!{GiAEpBM9V{XJ)KfH?X)@dN~ZeU>1O zVPCeOsYe2rzC1?q%>~1hT4>GnfLvd?KnyTG9w&OCI?ZWXkZroOa-sJedz%F1Eh6+! z9_OO(W#Z}r^t#tBOI~cDnH>S%JErP)A zk$y&nVH}+4ukOR)F+Tfj?HS2;*R{vCg@k`?hPRtkJ_1xV)%m0`Pcgc<7TA9rlSGtd zF>rY~geqjW0`XZfj-&ObCv*Q1cc`Il#%dJNCpkHTveGRIup~^sA&Qk* za-@g1YM1hXSYD%sI2AZ-)3rmLhLu1!!@Mfc-dH?%Z>(kQ1KIu=CEKF3%iz`*xIyt4(<5D#E*wnqvWt@+s zc@}}KVsAcyZB@^w9mnskjYr330=1^2@9Oj&k{TLK`60BNrFiIWZA* zzA|*P6&auVU?T>1UKp56{PTau0$f{?L7VNm&xZ>7dv{iBBkw&&ts03tp~`+j4Pszs zQ01M^V{Os!L43@R;6^duu`Pgmjn^`n`SnU&O~p!8#sKwuDyxK0NmmR9>a`3BX*!sH zRsxbiN=6#93k_L8hGg~fn}`MZ145y}Ce8o>XT{!+pii~UpI}f{(;qv@9X-1r>zs=U zjX1<%n(E7CdCTe*`r@o}DFkvUwhctPVSR$SWgQSPy-<7;h^$e9RAs<$gsEBW9)F#b z=eVM~s9lV}yLHSjPJBNKCiE*r8G2Vy!Q%c^-PvkJza^aYBe8p^)1jANh#F0`tLqx8 z3fDNq@CKkj{mWQ2`a!C5u+3^prx~zw2(bv%nwF%_7Wkz zJ~GfYucNzuKEatQ@jy-p@m4Q?&h#enZ7_zwod~=iPy#RO_KlYKm?#jJY@mB467nCb zg;+^p7^t+RKF~@(!w?=1^ewX!WO&)1pkRFK^y%M=J|1wdR7__$gPZabE@EI4v)YIc zT;@0_uQm@G_%*5E`Zumj$~?=8W1}*q4^?l(T{-kHH@@Id2G|i>pcigN!0<_st`RW< z{ZpDG^9!8~?(23z|C;~x`95U#L)jgd;!Ugyq|KVjy|mkCs4{}oy$8n~;UMl%ZOjHy zhw?6ccuhfY-f4Bc)`w>s=8x$e>Nw_jk@?!4dgL7i2@DLxr#uJ$rAFI!9%`#)k=B~O zZ_-)Vl=cLgKpIyKj>%{Z=1Htyf8)fY%r9z5Hxk+QE|D4w#3L_fK2T1bU?(AcCzr}8 zo~5L;O`^>!00< zc)a=Y32FcOcMl21@}NjsnEZh8(JPCyl!7;uqja+#Dms;nih=x!$JwMZpT5KzN@Ukk zK^Ax^Kts6$AavB>qQoj)zBVqpcFQ$hCOGk%-D*B2zrf4+&lf%!dx!zjIe0-j&M z*I~orC-dH&1`3y0DX1z4DlA(uOb|;7wN>+g_|3a1Caz&5hk<39L~oX`PHtD=fA(&B zRs0>W!KiBA;;C|i9y1okimg9TNu~?wb>QW={*1EJ zfkPzAX~-q{eho4ohWp@CW+aQ)-8SGXbh8()mQWgi_HXz_%5T>&;L`$hdU#TWC&-fh zJe-8JJvGru41N{@oL)tn3uTMzdtHz;04K@yw3!q8Et;QUqs8X$oS@*x4RdI+scEM@ z_>=6F)|n6D(CNCQKZ08*b6)^Fo<7K$PzjBbQJ8GB$-udk0XOHKnEVppyTL}gV?a1x z-tmULW9h4I-vHIgeL!O_%?rJWS)&dl-)q*bMlXM3`Dy|AGnwHc8fP$m*N>cyg7gCC z5ktXFGuHPRGfa7QdVznXd<=spg6LIwftC1hOV!9jKBy=j)5b!VTS&gbgI8aqW<1f> z*KkT4^003ypI3lPA+`c#YvvlIxwYhn^7zB9usn0v;_VK31zX??XN#c{c&9+_7D|?s zyr*l&7Og&AV|>gvaF&xU+C*Q%4YupL7H`kF0^Lm_h9)r4lm`3}^1=4mk(LXC(%6k| zxgMw{`S(x?xt&-Zq_928l;9yEb9~&(r5fK<+*gQjCgcggzkwr=*KK1NJaR!irPW-b zoobMx%?xz1MRWW8sAfU^BMUIlPOe+|V}UsoyX|iAYcM;&P+}0rt(5V7x?YRUhD*V` z;$`QD4rs0q%(29?y)Ov-(Co1V1#aEkaV$&*yoL!T%v=kx5)D~Q^~=oCV(h9yp|ppq zo9m(P7D4`Kr)0h;Ixb49VG_JuDyL^e^luYnPzJ#oL9B zRyYw=8j`d-*lq6FD`JupnAP*)lpf41M#=WqckQ?>kKQ_NYBMYDAB(akm?|aZ&}A{>0S7PjRM;*+KE5b^|AxDzYyvV&GSHSOLLM;NXgdG zb}ny1oNS)~1?~DI#C{!jwRYDKUKOBBT5J8g3OcB0OIk+7{)_R|JPrN0>ZAxgMgy+? z4O|cSEw9ottQ66&KDN2h{TGv>fW(Pkh=@6nTnt8(cu{BcV!);N1AqSgD&Ezym}=Q6 z(_N#Ew*kYNVB)zmQINSxD+1Wh+>VO@&w|n?D5x}1Ot(+Wu*5nRgird1lyzY2O9f1< zQC8^e6J#2h{_Ri-u;t9}!b89&TpGcCJ6sM3Tx3uxYn2YNNDU(K?5Fy)n}YDNje?|7 zfsve#mnu9hj}JA$Eae=NA2Bczqmn}{1<43m5GN8t(Ty+=$V(hW3cAxhG)@3Dxor=< zx#W*QCHhk-Uty{BiB%9O@r*B6@l$; zogU&R^KINbc%RLJv?Lb;1o*)0g~&OEk(iTWZNJoFk#M(IETY`BAC z=PMBg*qlq0dv8{<>5A+gc)!ta{VvXE)5ldm82`FJiJpXzI)-^^@SreZ;N$m(N<|w5 z`*tB9_mjn{kXzxJZ=xC1$lS_3@zxWFnTx>#P-(#dHr!AfiOB*OKmfH2p5ZWi&MFoM z*cTVZ-QEscSfC{fU!GzB$OaQe%ZJw!)OwEU&5fy|xP&54q>MuJVVI)F&tJ?kJYToA zIHHf46ae+CG_@?Yp-H7+ThSY>`)~nXsf!tTmyRFiMgEbxy%54;`X04=2C<^lPS@`ygFZg5i8n^-p}o z0xRG_4!p))murPnS>)V-(>D~1dstfnls3l0d1DxjC;CLyzn&8gyL6_mTxLZNVfh@x zfHnJEuP`p12_l7|h3}T4mKuu^>ZJ7TupLzC&jI6*Kwl95mEnft9UNd`8n;cpqNJy2Ii z=#9!ze-9{q(jYW9&JD$REMA3e+^gl=_H=xAM!f)q()6A=At%;0p&U3CUD;^ zZGU__4-KDG`PnmAA^*!->o%?r?)wQATPz`kBy4SYz}?+VoJjHFfLTmoal#L6)3f+sLM;#T=>)V83A}fw3qgtx`>yHog#XA0#}4(&2D@B z)Qz8Y%TxSi5~n$jZVS zNr7Zl4J^tD3>6ni#7Su(RRXuQplfoW3j1cniZ4A^u+_)Zb32B!3DW zJuhTdK1&;_gURo{dh+g-YF1K*&Z()$vkNlk4eCZY~{QhWWHr4dCEhbezG)9(G@<i8`Ok8N7zElusQkWk{i!ILkzPdSTH2Y$UM27g z1e%K&DHDjnOH~*vTgnM5uXnNX;4u` zcAzKtXz$Nukn(yON9EOqtiU7is7@_h# ztQ_udU=!2YugrN}{uqvQVDb3}=}_cZjRs8WF+AAn=v}{YD&`2D4*^YphTsuc(#}yhd-nvh@WYSvXMCX(CMo~4AGJ6rr4uk5R z+NqcPu32*%mdtVme&JKDx0@C(&S%%3KQLf$6_-*hA3*ws2DQuC(cLAI=Xc=_3nl?Q z_7EGAsoQ#nvsA3gz-ztK`1ZqSG5ur@oD?0r7R_U09I2yI56@)c6xYh^Wri-hzXC-R z%?y4C*dw!|&PxIlP2cluLjn=M%4mnd{gmyTU_iWG`4p`Y8}FmiU7B)QMwyhK??y|( z*kxzb)cWbb68+5D)HMnNy$*##UctJ^3BJUUbnRxk8M-p_A^}g?BVx0=G6SHXn!C~{ z*}fRN%Sgo#r;szDbYu8_vKcZX7_o#b{z4|Dj@F{nqNM9jNmmPFlhf&wHeJ2tJpR&D z`YALe{(sFF`Ai;?@OZblTkdie>!yE?J^d-34!@1^3w-aiRKnRjqh z9nP-fAb_`g3fdXNRKh%vvuu+uyzRRo5p42z_0{Rc@|A^bI;rXH9-h=VDXz!VfTLwa z>7%AO4wM9Ir!5l`Wko8#qVrbykn(FMIMKSsq+CdgxzmD$`qojTsz;d#P{Z|`Id&1U zaA`8oV?GWG;-C4Z3nfxU>$#=IZ0uSSfW7JTUV)bB%m|`Esr)P(<%xel61%tD`#LKvu?CMwg zNtDGkBx!M+qqV+B=Oeas8kcJH{rfM%_VQRbir%$$34#Ug1Sfr#?{KsV}C)RmY4oYMcq-!WyWS zYW>U81U*GiPO(ExqGQJ1XY$k&!7{zc1<{`G! zm}-WoLnaee40gf~we?m^c@L!jMCSaeZRIjejLz}8dT|dWC(fE4l(eADm*%@GFhAl_ zEHAB;n{V7jPUfU=HIOc}JY`dA-~jHA7c!ca+4ckGG4q)2eS1)l2lGT6m^ATu?TSS1FPb)&@q!U32ZC5zazN6H-M?YO zXz@N8nOqVfDl(+kMYOSLOE?hCy&tp3^URJ|d9jk=$1IPBEXTno-M?oSWG1WN@{jkP*P(wXxeCo-ly7hofMOsF%LX|dW8G_HGTq#}1Mhs{Cy z3H0BEFv8jv#9lycH7M~{F<`gS%R&xxNWq4b3s9c>$+m)GPdLKwi-LzR_fpGY`H9|% zt93#0nNR(f8@dATOE51Q{RlBj&2#$dH=q5Vk8J89j_npUG<{#)Hpws>?rDqcC|3(!(o7T||GExtNH`SY1XdVT*BcWUE zSDu~nO<9>dHBqoTVR=wStE?4ZZT^A`wcfD)vZuzQN5|1`F$vJnM`c~=R!>a5Wy{Nt zCxXp=Bv@c?{S6HDA}`-cMJ24ZdLZa|NInWy{n19RZL zW1sy$RCMZQ;yRbTL>8x+O!&RUsXwJS^(zX3(;-ca{A2Os*)RaIgYG&dZS(z1yNYnrjH7;TD-3LV$3F zq@=Pk5JJ+xPWLA5d$OBqS`j5v1kNj5OQ4jKQaZH)`MSC5fv>)V1q}7=Xm4(POMxe; zr-#crbOPM}jg}zwUIEU`l)7zHGN*J8MvZ67YvO@eJ7 zH5wA+R`l(?14k~|vDL_I>hKL61}K3HelC)kO(SDhTdt(?K-NwxW|B?2eSlV@;A5~~ zL1UK$9UmEx$FRRi8n!B;!XD$cE(iBQWU( za#zXKjHMmmu==&m$aTvSM!R~`h7F43|8l4~n^sUNH_q`7K@%HU_6$nKU_JCqcT>uI zTl9XZ+Q`D5>UOj$x85GQVKST+kJ{<(d62unPt3+JBQh9<4Q7McC+HbW7=sN!4sV0) zj@^l8;Xs9MZ9{zAY~Ua{9l&e?RH-e;)jAGpIVm;5>mUqH*lH(%QY`;w&(Xs-P!)*6ov!3-j#;&1;n22ysh6UqC;enbr4)&|!T-(oxw79ZaPL%&!x z_%gxHXo35-lRT&MdQ)2UQ=39C5<9}2RaZDx<1v>UHT|;3UW7@)J>%_3AX-Tvj;A8p zFTtY>4e3VA@GKCse~A77#*-aS^8E#O0T)R@=PopHl8f&|NuYEfHL}xkV8_Ssq7(;N z|9a|LNOIsOJp0ugp~kq}$yRNkX>1FQQ#Q6O#k`IsUbX}bM`V|&sbv1yQJ`3076UeA zf49dyqgtJW)D?pFl)LO673&rJGACQ3KM5{#np&8f*?0Zw{9!u5;~5L0ij0VebeI`y}9Q zBj-zp^jA~6Tv6N@mND|dm+_@t#^z`oM_*4r>jr+&GDi7tU|QX0ELB;#8Dm+aoa@8+ zc6JmQm;|-1LOgJQl*)W(`{U6W77g8qnh2fJ!q&Y~8bsuWBz*yMeBS@$dB&J*@6$3A z`t$o_SMI7g)p$ES+00WK_S(j2*Ds<^!sWb-yEE6p8%)`mgTVyL9(+1kghf%$^jU9Vhm!zB68J?QdTlg!J%)OHlseZ##?nBPtt_e`ej!h0aV%+5S+RUuGINJWYyiEPC0pnlzGQ0*>abtI{5aWH&-BRbPbfjP5Z(+dy}geit~oYg zqQ5RAx9LR=Q5@`LR6Cdlj9%vTz7;{=EWb_r+)XZYl;|ssQyLc{@&2m$RrzLYJlJ9J zty4aE(dmCQeN|LkP17|_@CSDY?(R--C-~s*?#>Y0-QAsFgF6J*;10pvUB7w%wf>8_ zITt;Bs_T^O+SOIm`QK1x>zhknTZsaO=y*a){y!w14VeC8;EU8E20F|FZ4*xzQUGtw zqx^~$j&x*4w@Yy9CH3qNp)3We?@Sh=6fwwT($g9`tz|bU|1l=JBcvxb8pT?VV%}Jg zcjUI2$zX_vCA7@X7BC)R<0c&b4ihZf$ZFf~-mU)V4&Zpq@m2LTl1DbOgW@@wCodU8 z-U<0jzCY?D4y>hODY=}5@m#L5z)nYrE>=CXPP%Kk9-+ic$B~7yLI=x**V2`&WJtHo z`SR!7UiRZERojY}K>?TZ=;Jj{lGBpe@5wF+zD(GnphX&cwsG?}Yb=70D{<1L+Q)<8^*cdSqT(thWF3;kG5FuE5sRfq z6B~9ZYa!LC;v1%-7$FQQhS9-S=9Ozyx`-5lncraX#Dm47o7lS*;^ugq2UzPq!IA?R zxdZt-=64XErmxg+;l*{H3C@^UIzxT>XcEX)vDgXC~E0heQ2viga`kZ$Z-4dR-izjD9(psiaDAnzw)_OrIh(M zYi2G*qk=2GaD`m4d7+DRoH<)m$q_Y$Zrz$Te~S7iPWfF{*m;W5O>P@$mGh%Kr8cnh zZOWLcIU*m`x0Vav$ONPH$}xhI#$_5LqMS7;sx12a8Em<)U21!%_BQrjZfL81qVx1{ zEqAu@0WDa(N%t_oZ9+u9c5Yw-yK(vWbz3g!V^K=*5^&m8iNwr?O%ohlD@UlwMfaSe zq0K3XZqMG_(CH>YAS#{E@`+`!odEo!TEJ*f=e2CCQMsDs-m67HQIx5@QqHzvA-lph z_A+l=-aRkX{Efa`3QJ%9VU{-XAU8}gV8^gQWL=47?W%d{Fj*_sT+Sy4wea8M;6iam z=33V`lkQyofgd`P00(1EXg(KxY3Fg*G1Wr$wA4(P{N}_O`kzoSJVDBT^i_fB7BbLQ zaC06|d6uroB}41YD?$!WaJld$9yhPIFNa#tDeLR4BHh{^hW)*>b%d%HiUer9-$lNj zw!ajN4*b#rIWr;CSknTD_-v`-&F34{<(yPqGa&(T{Z;&FP^cebho77o3+4!O5NUy+ zT!`paqTsI01Pku9+k=nVo=RXwST`JZw`!ecTyS(#_u(<=I_Bk?GlW!|aWmB+Lu2+J zG2F+_QSTZt8iXgTlV4?P#nY9@PT@TSF4YyYdjKE2H9NGo@gyXli-Bt@*j=7txgIoi zm^4S3;?OiEnhzH9-lV&hFuNwevBH;Jz}$9$`j7G*4KQc#tlbOoNr0|WyRD9d@FKi& zO!(P}TW%{`|0*0SnAOfZ49qtvUow4F!_9l&J}XUK&bxI66fK)n2a#HJkj8M_{$myF zH46s6{vc~w5K+6`sX}w8iAor&0#lK7#w?)an{2 zT*=B2#kEbbd)B9E*nscWh~%6zWy#Ysmv?T{HFvOzv}Q0Nqs06Wv~7<%h1e|4{VKga z=zz4$h}f|}v(ue!IGs{rtbhPk1)Sz_ul`d&VGxF%SX-bi&_@NUG)fI!QmwpoBBcaU z0l``T(qJY*TCt&i*SS^`a{zvS@3YacNV9iSGTeZkJ5oan^st_{5LDmo)${l9>U_$g zm)B08jarSfK;dcz9)RrEeNJ+30yrg~!Z};$yim1D4XCbY;!KK&9rN+Qi6GdjktI*x zX5|GIO$0Up)i7n@_DBA$7P6Fk&9O#>6SYrf0TyX3G7h+cy3Atf`I19v&7#!VpU!+r zn1_<#ehPw5akP8D=vCkgq|G!$cV{Sg=-4UbXw>p#A-zGz7`>cFb&2eOx* zC`IVC3tI`F^&duK5JzdBnyOW3OiLXK7q0mDkn#W))7Y)$c-FhKXl6g;#-*Mr=vX^m z$TLY)KNPuj>Z-R-bVjSJ6)t zjYrAtV^(-%mU0GaliSabG5ceFH&O)T#QlzI<4hgeL1tW(%ZhzLMFpHK+Y-<3)2brx{Q^A%SAYP@5)$(Y4`Tw@p|;d|<6tAc4N zXXdaCjuc%Yh3mYq99v8ov}U_m*El=1`WmI8jxpCZ=|5sg%P1tU~acP+dXqu{8cjNvUymHdOuE_q4~+zB3EbW&t5e?I+NF=fZ&3oQQE zy~5O4$11jL|HlP6$2R#di+?8$D@854XC29`y;W?&?M;powmr^Oy2Ch)@LzxIM1 z3d>GjxC)Ssgfemo?rGUYf5rF|=b_w+5gZkds5@g1RsF0P$AHkx1Jy7mXN>VzO2pih z`azj6qb0*$vw}7C&-9_O43chR3Br}56FIqu=JSKcp#M$;4^dPq=(6SnsAP202BUlx zJ|#XFJ1#hqlK7~-wCuxKNarbZXkm}ioLPvZMPZ2`voQAYJYo85kj-|<3U6kA?|9I- z$Q~(9dB4E`1?2L5ibKDwA5V zy0Ht~Yd?mFx`J$!t^v_Pt`V9dnKFXenJ<5326_L#vuSC1XqN#-&&U-7+-|2vW(vwW zKEv_+ht*7yjCY^t+d+(^DPP2~RJq8r7|Y_*{OrGILA1yf};DnCgm#h4mK+Q2LnRyEuJ*{HOu-n;9C`~odJEX%b!lF;3I{HMN z^ge9l)`qYZUsD1WOmLLM3sPP_O``RBW85KG7B z$b1&>{<+|BTaL!q007%%pOa;eG1#@SvWTb;_6^suI!jiC+j^}cWCYU~D_vs@3V;p% zGV}~I4=|;e9#219K2rNK%BiAK?>Dn719_NRvrCyUJtKhD^I4N~Q~uN?q39&ePCBO( zmpT^>N};0jFZZxu*QN-0KLkHBs{XjA=kGt|keA5f%|3V&xz+pey0zvw^JuqBMmJgU z-uroF`I53O4(%`^edoTJ!E#Hw!<6wm`xf>ue)_w5QX^Bg&LX1&)<&Hx(-wV?@_vT?&fEqK+dj#mAgr*u!o>7KlpYJ zy^-XM0TVNQ1dvI_XC;4&0hLBb3~E=qta!7x6*oaYS4p$`L4%Zg}H~|A^CT(I%H`(@seh<&LERgb_9ISM7;mcO|8Y{9yCMj}iNUgyKv=D;gopT(x z>?pEPMtZ->MIp3|RFthpc(3*wR|lc{is3n6`CWcdCysx12IgE zHhaJ8PgA4q*vYI%!g_OCitF$S@4`7g+PX@K=u4Mt#x7AAGmT7qB`+&8VUL^6PPp%5 z_~x4x6~exN+i`~uV0pX&{V04c%7?7T^&H3z90u}3a~(LfjD#_DZ_XzeLf#O6!JpdB z9LK)IFqQS|hPeAJb*!Otjz5Ag@a6R8%ErqZIQUmK;jCCt?s*K_P)NQ?VnC;rw6R;w zevf0bsuWmt;a%Y_(cbs&;XqJh`duSK)@@>%iJZji@<8XfJ38o&N)XMO^WtApnNa#5 zD;ye$gF$^qBxUtnOu6==(YLL5>GY#9XfG1*CmC-!5s-*e$75TPH^QO{@>dfpUNL4N3s6pp7Xg+W1Vfe&$omLROY8|xM)GAzO#-n*0$KAZnIZ)vtgHlhw z<}3M&{8Ob&$THXl4*&7O`rji;D{ZDGqWBe__fzorf$J@Va5zYa#_%r>B$P?Y(9h>h zU*!>p%e?K)RWa6e$GjP;#MNAkwKG0rEn8mHZl7 z#bVn)zv{bt_Z4Yv#s*0*`sO|=<`ykPa6YqGCfu^ZMH00$7K45Q+f5{sxflmMEEP#g z8E53s%eCo-B=nUo*=4*Tf+g1SLbIEOCS{@_&5; zhn3qxe%6q@y&VG=ZGzcB{ zm`)!rJ)Vv`-q&8{7&LBO8%m?V7QlnJ_z3c$-U%oP~Q^ehMa=N6=jNkvu zM^Wl1%7O1_j{DDh)hxymg&)oNPZndXw!w`YrK|=|va2g{ zo?)NcyrvpZxH1*rF5rz7HW&C{2IpabHX}Cu=TeP9zkwM7S>=M*8i`Axh9?zH?TzGt3>5Ys|2?8qlKByImaJCjwyqzKCLRh0*rj)p z41aUr>)@gY__+Z26p##8;RXvAmVU^Av0r1QkVrib%%C5z;&R!qqPvyA2^#XwhAvCW zT5NX^(CpLBr7TSe7+M-AU5tXzi3R13^}Y^MJ4tGP|LQOd;F_}j34)%OXOjhV#16+C z|N49y&diO}Bx%JIr&5BFJi5~Xs|HqRa|oIAVWWoZDs5R(hnY53@uWpwJzU+H`KE-% zfruUuDIJL(s_i>in3nw6NaRcbY?9h7M(cTT#YT1FCk66d+9J{FkCU@5AFT$uM!iS7 z3~fC+yAl0=t8j8xm|FQ|d>-mrTUqLG;|Ni7b!qH8zCUeTjy>%_ZXbjwqf0#}P*}=h zVnfM$k9SyT$3hWFX0z4QT{OYH@30uskSs)}=_K00WJyjt>iKe?s znxwm#R*M!@CKzeth*?Q0#w@J{VZO2w-z1<;A%MyiDEHG+8n=rS!#|-J9ayI1V z7L`7OH7z}YEdK}ODOC`e6&l}15vyadL#IF!OQc;UM(sS$9%J8B^OMguirUl(QrVoO z6mRWuZ>&@-3W7calp9UscoGY*oU%FN&^mv)2G`iK!^@PN+7aM!H|XIDg$Zh?xHoXN zE)E5td`lmJPG`b~ApjmN?}EcIBi!MV1d1m+guxx&iSahrKSM#4yy@)r6fv=H#z*XQ zk`T#aYtx~*t+eo@?1?tw!aGaHNzP5ci~gHsIsc{nIqxj)r?RGtG1Od~bWT}Q&CxMB z_Vc%ttbA=k=U%q`7CPj=1cG_?S4p4jV59sV>dd}BDs(l#3e1{l?6Lz)HH8gn6OA#} zvSpl&u9(52~l(;r|_ay`D8n?^+^?CwB0_5fx_` zW~hJXd9(FTAX&}4jCnKY0o6tMzf=L^EifjR z9pyQNJv*?I1EQDFNyQQ2h9;bhL-(j_kfoe`&b`4J1Q6(YvMA!1% zE3etU`TM#;b)=k>V;gpE1Wy~yx=aC&Z2-i5p@#p7wwHkEEu7G_#?JoW@RKfzTGmC= zc!hk=x&O2zQ9*8qAy1>!i$KT^DrGMAEFIF>f9{b8Sny1}^B00|0sWPU~QBQV~S56i1t zC&R_D?enweBF@zRy?$HpK6XfJLNijjK~-rEzXxAv)9^vpxq@w%kw%1u^i;OkdLi9- z5)3^7lQkqaB2u`>r538;OqpTTQfs`&Q)NuPv<*5Y#qs+D6IwWCT;>9NEGZSYi|{yh zhk3)jPz-*%iG_6EH4c?$e|?_q>V|K28ZtRN`B`G;KFqks#~QT2zxkp~^-MvhN2o!> zteg>Dm}*xzv~wf=CG3jd(@B)4K>sKp;TBj2_CpH>50Y%v5z& z3f#t1Uu%IG@80EVdYikW00H!lMN<{H`gml zQI&tAwvC~;b(YYFa%TPNWE}`0;+q2Q%5h6hf;)!+n)~S0+0>>~%4aFk8Y$GDqCZbC zsLdga#lSwkvq@f0Cfb;Ae%1w}>7g0U$Q^J&teCG-I{8@nL%$ooIear(be4*Ww&brH z0-|-+g0{An;^b{(P%TZQ?QoMA>*Bt4+M#pSGNx|4ymbm>3Y@hs4$L(34>BOrmLs{M%hKybDnGkHbX$e2n z&IIt3P-6cJ`>i9cr2wUz&PrbLH-?xl2Axb=X`E616lAQJsGfnL#h!P>2EH^;Lc`wR z;B&ui&Rk*~LMj9#gcN6q8=e5fiOUK>O4@T^n}GLni%KrJBelJZMk6);o$(DxPr&mtfGtQQ~tLC9Al$->{(n z5a~3sqMjHBINMG55B#He`m3!u3}wwchL6i+>7IDaTi3+T@P1-f3Y6zaf#ig?_FXb? z;a(Qi&iM`T0wVy=oqcMK#=rigmT~Jc-~IP_NqRl9kTBu|vw?3Wn7`&XtIoI7G9HI4eWoi2$m6b$8sdNs&R91y9RKD%ksvE!u8V#8n^LV#OqOg7R%5PnGZZ(k54AA_&;=_^>VmMoFI=_MW&h|O zf{nhCQHn7P9AD$4Zm#oyL{un3qnI}J^?=()PE>Zs*vFeW@Bjl(1LD_@wY(<7BsA~d zf47!B18-lK1if2m{Ge)C6vqdY7YPYYVQfF&yA{b+ZQ{v*%5GnxKU+9g5cXc)v(0C( z2U%I7w#1GXkoJ5Dg#q&+0++|8**Uq6rc|+I#(+>Z#Qo7`^~6c@u{nSRfHb+0KMuBf zx6#^rJ%aHOD377ZT>KN36|v;PvRNlf!Eqp*f~mY6W^TcvWbc#H%;;1Uw<~V-tx~uF z#n_R6pZV>vxGX=ig}b-kg>g%3fwNlCbllE>Y0K8t-n%=Z*y`q=<%ax&nsGOtw>#s4 z9???nKjM2O{}u8GMKz&Zh61j{78xs}Vfk>)jgsLCAX$U_1poEN;g7RF-`|&69svNG zs?m}Y_f=w&irVz|wyuia9F>XzJXn`~{E8>7YxV!XTh3FVVx>R+vT794meW?bSf+wM zFL3apjLcH(Eqw_|NoaX^tS#Dw`+|S>_`P1wT~^?PUpk8HIXb5>0nNHhS@Am8+n~{b zfUc0Z@39s}Y%y`)rSpDC0u}0AP9o?7E|H#r|KpyndC1)CX9oLxmAK}mB z$J`lGT0Paw&0W)tS>JoCm-e$h0zhZ>El{aLgB_5Xu{t#0EwaLkEeCzNO$Ag1xO_mM zW_gEHGL$~J2BPh+Bc0YULyU9D((M7By7e?A-m)EWS+Eu}4s7P)B!86os6h#&Cm@3z z^?69DegefzUz`Z7UOSN_cApBkE|QSvD5E^YX&v^2;tT=2_;C>?B$F=JiTW>jJSrD^ z0`GOQ=a?w}q75&iZ=Q+k(ru^TI1YgAeq{_3aLxLX){GxGe4)q20QU!8t)_gkp zwGWhq8Y(J&tU%xpdf#bo5u@E}VC0XHkvK39lGYI^e8yfl&Icg`{BgTMx~34(qX zT>3F;=hkaAOuvS=X(2@w ziE!~s4QB)I~zPLb;q$FU(?3Ssg^3FcuwBo zrC6yDqZ&+~X1p`z+-;_1uTIt{U0qTW5c9S46P|>sh?@#6EuO(~oKhxJLp(=>yJebA0ZPZ9YlrRJ> zme(%Rij+0_M;{6T*h+dM-li;Q--YCy4EnLd$VzskOh44`4KCvUqQ5i*PF>sfevq5l z|4VYHXmkZuWt}6r?`~a3Q{45-o~Vcj4sP_LUh=#6l(~4| zh^c6xQXS>%-BS(aoRtsNqVXgiSjwsU@e@nT9GdW~rX?2}sctRfxYjq?#^H=Bz3%Zj zM-A~kCWq)0jb~FP&Dz_>IAx9FV_CX$Tn0MG&h2nV+hvB#JEes0XCK4gR$HUQR;U=U zz$a*I%!mb6nvj=bQ1gV?A|&{s0IsnmFdZ~YLBNAoPo5@@QPw?fA6`PI=xyV;I}$(} z%kB$Ob4How+yM#2q=IK*^He*~wlARxC6%yZhj$QkH7``UpJ>_mxAxMwp^SO%N$wx$ zsS^)NCQ{5;;dvZMmrO`5Lh4~z`zonMIYPlO(jg&h5P5d?si{oV8+7m08D?n$S@EI; zTv&eRhoAf=?ysj&23VcE@9Qla6ww5*>R203Sn4C%RL6$Q^j2eN-`bUHQ#{!_fz?wCk|gMNanMW-UjLQT3}oFCj@&A45KJg7B!A)uMcb`l}e&0 zX;ElbWl>^R#Te(`Pz;xbo)4 z8?YJ4nGD^|mB6iI0S%LB+UK+f77E=Fp1{VXPaW?`JZ{o8@jx+!owp4!jjGl}QIE66 zCe#YiV9A{mz2B)lpFi*ooE5XVd*Gv5-zZr|Wlmc#^cbugc%x-Euk9_)ERaCc)|-5+ zt7h(R<32uZq_%oPDzCDrBoE(9oaICzL8+!EaDm@QCNvSqwLeN;yBoF4$6%CiqOECB zQ&j>%BUF`Llc0yQfku~JQwcpvFz11xYLGUZT`iNf_B+?qw!*==`mv4dL{aWz_GG6+ ze<9&bJpMl0lConslr!^J8Y_DcQD!=ORbvE)3PRglCB3;GeZNcpU8AZZj`^qEMh6Q=W^3mA1^*CvzS&qCxIv4EoLlEkZXU2Xbmdn3Zg z^%wzlEf`=%J}T6lxQ~8zwCV5~Ck*GpXgd_h48^P0y#%1yPm29cD&JpMiS$=WQQ+U& zKC=~bJpOzOW&xkpR%A{+uxEPq6es*{WOrB>_6^4&v#KEPS2IC&O1kThKN;M> zEXcHi2sR-X-O8@X5EEJKeq;6MD6U8wZ565xTmYkvBeN(vHZy=Z9&f%SIpDheRvrZF zz%1f=qfu+VY>RXn&FOMyD}m;b36NLlmmZ23?($$O{)H=4fy;&~9n)<6&15vfSp{2` z-1(es~+fW-kzl2mIqj4p7LZ@Dp~K^e?yrE*U>Ps2+E}6=BSliB8i>A?Li8*ODRlV zT-s{bNtW)X%ky+axj`@sjS4TXBH|M0T3WM3gKnO2hQRSe z6MgZrs9o?GtcomIt_S5-(LB_f2raXzyDJ`cv5|!LHqx9zPBsVyp>5`c|FNG1C6+oi@9%$@o(jy%gY%j7%TFTRrtodLr zuNe$YUM6Rc#cbdo>-GCmzX^ZMThH7lpZr9$W=HwrW!zDY(;JiE4y^*DBH4|Sn7Zam zu&(GJvR$^?ybCekWf zBH6V|1gqb13sy?ub|GxQNni&=VwfY_*KMo#{DX;iaz;@e&}^P$X?#JyhTGH2WP32} zAI?x_N!K*p&^!lV2g?qJ6q4Fz<0<d5x1!=KO@m!tJ1sgy!(Okc zOWhmCR4tW&&f>pEX%%{W4uT%9LzIsEA<&2E?*go`eS z!B^o)(~(00jDSA=^)!F@^!Cy6c9b6g<>}QLa1f;=_`ZNN@P1#P7@m3>utrc7`m21o zVT#~uf+#&+l=WfD)Xt7!2WR^h<2SVmiWa7V)}f+7L>s!w-93kQlu>#?1oSsVaMsa( zWHC99gX)jUjI%X&!B)v~j#QH(7XxgiaZ#moZ9WCxUR374xN8C`EMC|$m4x8=pGsW z@$~q0?(X!oU4#1tOY>ku=Y0ItIQTEGH>pkMFAsx%gDTqk$KK+d@mq_Rhsg~?sVndv z`LQz?$p7?PGQe3en0-KUP<2cgXOW)6d9_KE~&Ja%$Yf6S=)71Gg(Y^1ecmHj>U5b)r6* z#FlxPVn*UsU*+E@)}I_is@rUpXxYyL#RhJgxtW154@AlZ*Dl<2sPtR~($i7g^yXRY zizaw{g9*mES~awi>gnX^sTpl^ZFcfNqP`X|@iCA$+n$W+v$1>K*;<);1!K1Sl+Z(m zj=C1$_)1l`P%YW|g=1RaUH&*h{FtK6GUw&&+9poiMJdM)C1jaSG7BaYU=BAXP^hKH ze_ffR4Yga|=YNqt?tQ_x5$%+J>{3x-$r|NneITE|oxJ=h{h0)T22U-u%&*We zZRA)o$=z@Cir|PX!uY`_Qy@v7^jl>lQ_r(153FFh?DN{(RYhPdNinrZG0SVFBUri{ zfI_3zN+RArwRaooWFfM})|9rsWaN()-pyOJueR;D1+F0Fgc0<8T<_-5bas*x${Zeg z&ns=Bob=)y{$Twol+VBd(>H-p0~z4;+2d_fHFplQR?^hV@T;SXj3reUc2cmbs%U=h zvxAohqwlXA8vf!2ET7L6O149PJ-8E$xCx7eqsK%b@Oz$3+t*3^T*J$ExtyFsXMnQb z_o0lxgMEb<6kZazWcjt1jH6U`<;Ou<`(b9-xte2Hev@z|Im);Uq+2ytk!ECYWlV@8 zm^`SYP+1_S|3G%zZ4{D)SO-^y3v%~uhEXut_^|R{coa{qJy2?xCgBS$vfKP0ZXTD@ zgSU)5t#(2mZK4ykpOf6660CP2i(4;L`|5ym-PlfL3;liwbYNZH@& zl&dmETeC1Gjgb&Yjc71}9S@`Yfxj6kKSl|e0>=FzImXZNCxtK4w);?gd-Z@1;;}wO zp;`W@f?_&}ih;@29c*co4?pK5Vuf4(#Xgk;#mRyst>MHL<_o`XB}(RPXTJ{+?JTgX7&y2MjFLpBq2=S zDX1g7&&_yKG9M+vIFXcG{2AcS2H#(|#VDY!{&_N6W2AV`JQmA*Ksl={G~s&Fp3@`) z#T)%UDSH}yZ4wZoTrWm96)K!cV7m`djlWZBz&`mw8psg!Kh%y*NZf*^U;YSfn;RrS z9D-F4C}(_&A{UrxH`w?`xxwE}VD&WRO*#9@#?!a%=jnQhf(;u^gRVm*9xY#lXMAr? zpzOdmJeU1%9s=5j=+HBu&?zN}3QA4(!juU1$cKqfTB}_QR#^y0@X3*fu;<`n(@c#} zqFuoH>D~@?QV1!YQ%4}?*5TyG7R(SnTs+wWpCsx>INt`cx6T$1zvJ>GogJ=Ma6A-D zdPL0t9Xo~J(I#C-P&`5%v;T7{w7eMFJ^(3TNKGVAM1#h&aqu%cLPf@_j5K1nYUQ{U zsc+e*s8My()4;@RFeZWlG_FCm{zPzU`b#z4@^C;pfw~9P`WCF`fK#VJs7WE6&&?0~ zS>vt`Ss=%t_-mx9Igmg3fmR}i4607g9=c|s=91~3A z%CE?g)nleX*m03rm&M9eJV?MPHYwXon9U9NxGZ0GWTmdGn{T@SRVUMddcE_`Lx&D1 z6){TCB;#`qwF#qXLz$?QjKb+$G!KA8f-ki6O;Y3BvfWekQ46Jfa}ZfzG}-sIhfFzm zKqNth3dG+lHjn$eF`A*)NhkV)XXcx*Q-aj|j?7>Mipzf4=p28w+6FW4#4WeEyGroU zJdXEZs$9|d)k_I;^A9k)nRoPaH^3=p-NV?VfQ`o9N{tjQMScYdtfxN*R)9!z%>N|m z_885bQ=oKUHu9_36#*)e8v20~bFZap(F^7*a}bX~U}o-k`zEFp(%Es(bBxg5zlg*` z8ICE3CwWSF+}^K;!^h-DkymS`9=n!k-T_A7kUN6}gJWfM%(c)UarTw_VwOtXV1_v9 zD^;laiM0>92j5#_*kX7B1#r+hrPMon@PlD6i;EeMOv9EeNi>)%l)e~(nbQ&TgP;!& z%>DT$(25RaUs$QWqR%bB5amNT`!~03AlUL#Ai4)*vA;J7RVAwSC%y*_&WZg|v z=icYrPmfWvITinAoX(Mpt^0<#G3c`8x3&9Z-AhBJ*S@2}`eiY9DG+M$RMpw@CHlP6 zBVj|sN5+tgZ@ifL>&?32GE;v>0sN@-Jf!NJ8Qj*uLiuPSW@X9%bVDVD!YK}dUVBnd zq+A)`tgOgqpw*)oxNj|*k^{=^TbH!&vgY84tWYxvw>wBxiDYwOW%-(S#~f?-PH^`= z7D8db{VwgmuvOML4PeBq;bNfBG?zpIE;x11Br}fDyfg7w<-)<#%B~}rdFv8-iTx-c zbFlKad@hw3@!d{$>NN4XcAS425w+cCb%nrnFR%!oA;w%nX8nK zdqBZ#M@mcGB{oO1#rnoSx$32CWy^~(tyQU23XM`Pk?#vA{pFBkUSO)s)hERJl*ikd zVfkLczS@89+ZwJ5j?Ma)3!djU&amkB9Smf>2)zSb}dy2V@VN zj3r8OIh2XOQ5Y70%J&m392DCmIA&bg=?OV(d$kv;ST&xKJh+er+4Zq~gE@?zjde${ z;>bYs)qLY~iV|Dn>nELZi1?L41p2C#dX@Jpy31#!4VH%A1dq#FNWS~ox>bpln-2e$ z)?1TDQoM8*+Mg+2PU5lD(zZ^@0LR#r9rqIz*h2WgW$qx}gCC!#-tkwy)(yoYko(nROiz$fE15*qan#%6TrG+?PvYXNZ`?}VgT;O}D-IX; zBx$xQXxzmrlkbYXb`t*v;R};^f>(P&tmj;_E1#F*JHw>5zvZv31Z3+75diuIPTz;CYRUgQPaSwqba#zB_KSam8!ReowP1(-b%_XDquFqoj~$pG99u zdFEdVFR2T^X*@BvD@cGS zN^^FAIG#&{XAzK9!AsWLfc8D&FyMaiX0^N*)RTQGujh|9*rGvvS@`6KX97)T>1R?T z-Z}L)qV#lv_hzS4`V;FfF5>(ch})-5)XCng>)!iy-*1zsK2z{K9=PM;%SpI@LwKs> zZ^ci2Gs*M)gTOMKg8RSQ-~xZAIWwTo+vvckq>GtBl>|1F>=E9Q!34)}b&0Vz#zY0W zb@H=rF?OarvjyZnxwSy|<7h|aU-ELi7mJnqF*sBlJz2vstQ#ah)==}Xk#K>aQGQr87IOv)nf^f*VxT) z)y2`x@t@4yD$s=8r^-j_EBHxJYrV(yo z`j=bm*`W~87%iGFfB)N;n6~NdXEf*C`5lioXdA2G_K9PP6{VxLkg~0cUVW&NZhO(k z(5&x0rmgKL_I3Lw1-Qc}o)y{o8aLoKSo-g|Yx(Hf^}_k-TG;NUt$bR)U$H`kERTM|r~3MoH3BsPQe2KSHLcTg~(Z@Nnl*T~!% zK10VK`d)1>x*jbW{GNp#@_(}`?caSX%Xo?J&wLq6^CbQ}2DYJ1HDfXokcL}aJ=-3Q zOV*00s$k}*mekx}`H~GwzN>65uN@uA^4 zg6He@k#PXi>QL2;=#tqB0hhwAt{RPjdSJ%1Po+xQynJjUC~rMFJ2g$}!~X+nb=IH+ z=jq50)wb9TA=oW?)41D!0D%qnb_GtI!l9Gnd|&l+=xD>|Cz)TnupR1VB8wCgkIw)r zmmf#~cyM&b8SGK4iWRf(jnRwehVv4<(hTUT+}d8 zk2$^M5FBFQC;+Xi-Y#_&T}*>JC89Hk_>>%zMSk-5pW~EkY3}0VPd+37`Cd{a)!Z*xkK)%G76r_ z`GTtrIAP{a|b_4 z$_&OUs&UJk=^e0^DX|?@hrTv!9?PSanHLTO3kT#xQSG{siD16kC}t^KL3jfY zVfkEAE%X+gxMY&l8x#tpoPn4$jIrYxNBDC!pGBh^iiM-ls3PN5iH4N@SLI=ft*C9sK5KlbU$7l{Yby*Xd_q zYgM=&TU9+(?EVe33k)7WgP_a)XXV!a#ktl!tV7hDl4C5yfJzc7CdCSiIiuFOX<>zLbj5NJD z87lbQ^%uBr0njvuVGzmJ|6IJ@ zvCaMx2oQWsW+N5-`e$^TAbvKRKe;RWd~@8?-^yJ=Xoz;wYw0h@506AbSx*m@n$z%b z4adRmAx|jM4ix{iizWTue9w|-52j%-e%9Y3xacELzm$1X-9TP?pCEL zW-ljRvjp(?lcUMxf48T>`KsB7WRX%|-k`?9Ox(e>kR|a8k{Y*4Pu~=CTb+gYg9&*+Hdw@|4yu7t_s11b%arl zs;Q+3;&mVwBT0w=xB3S9O5p@Ci{Es{EU4XM|DMt0Rt9wW24^46jM-)nliQ_hOFK*~ z^!8u&09CK^JGtKcyW2XtKRzgP0zTsLNL!vaH)QX*XqBNT{ryHsCOcp)^2c|6cV!o= z1n?(85u^kv;Ms)#qV|&C!?&HWOU||TwK?wb?tGX(iGO9PKG14@_OD*LUaBqNZDwY% z9+d@$uj$6xNc*GidPpQ(2$*d2IY-Sw)p|?yKz>E@?DR|wligY8CY;;A8dxyXSl=M0 zQB-FQ2NKV3))@vqNvAK})O6E95aGVVNvwEbEn6m0bjvXQWC|U0P>JRZIECh8Ckb+b zu|SR!Z9D46ALSkC?We?^K}&Zkm09qcW3u4jqzrENcK9ijh`f1!I$ewm%tmjo$3k@3 z*OSVWkr=m`QXb44q368=AWIt{(~yvOeNr8j{oIG7!vZ5(Nq2|J3d8htwoyOb?b%9DPhTKq0@ig<2Oo&`92FDRa}$@tN1jM^bY?N5xEHUG#nN>MCh z6LLxw^D3!T6givmHq8AO$E5Po)-lda^Gw3^#Cx4gHH5DD?G z5B=rejZ=3sA-j_^0NEoRQfftunv(i`JQp+VJIcDGq@h#=05uhntqL%+zKhYOG^!}B zJ)ezsV?TrZJ6{;+p^kFyoc4DS?z{wInkAHS)GyEQho8P8c2m_;xnXN>Q=7XMQ(Eym zo~w z-I>|hIp++*ICr&h{K=i|zQ$zYKroBb@a2O0J~~s<5B@UNkd3dbz14+CxX-s~`ceFA z_68l^E#G)tdGUE)k^sh>_7aVV#R=ZpWok0CqXnt2X&20s*DqF@W<^Z1K^@=@WqyqE z!e8a8>PYEeg9z~v|ItLTf_AthJQ*zblrl-k7U3`6PsikhsG*b#n&|@8xgy>k2921zkEc z(aW~Bz>yT79C}~x03|X}u#qdU@qzT~t+Vaf29w1rNcALMTpr;vxE*1k#PRGdc;icF z^tmVRXnHT1+ga34SDO#kHdZdfN{63}UQH9X(FXVtH3e02(!0G=J^?maMiprJv`=dW z(MAfZ;XY65nL$5j1|L=v=*dq*W+9al1DJm)5LmbZ#z}KX9r?JhR%|A)A!d28WMmY6 z)9At5=*!pjrA=iEs3NXJcd^*!9(5Nk^Us?g z3&!8{nW6pF#nmXoUGBw?k{2=|{Na9UrbzQG(Dr3n@iZlUn6m5(r>t2j^w_bxu7wdn zX`}#oeF zl{IQv1@cwDCxWbZDPJX1Za6Du6Ac6z6%q*mC;pTPwU-NZlynVy3uEL8Cp<;5+5aU$ z0GU&+06|g(3^Z{I(z2qNa1$&CPMF`BJ9KmS`fcaao(C;fyEc#z`1+3<;;ejTN;6mB z7%~-a-N|KL`?^BLY8U(5#4LYJB*>znm|+xWpq87heSet&*{yq!Q&x&&>=u~QIFta! z8&4mpq4oAdbAiMOY;)m!osh^@EGAOH6pLW6jalyQ4-{zrB{mupzHzSJbVRze|4P#x z8rJvHNx%OK2K$cq+jwi)N5APsar{qCf}8AkK6WyhNc37?SS6dW=FdP<9&WlSRc5;1T}TLO zg}!=aJ>zlIP)?>`8`x(jlQ5qMrEm^O(dAyV zJ0EmE$1=JzOLLRazLvR@k0*259<_05KL_h^wtPi7DS6C3_9&>L&&^wq*u=F3s2 z1Q%fV7%p@|th=O2>oS-a z2&^%|ZZ=KUij{8HGj!hsea384-EUTvN;2{3fvfi@%-+Vrqw>7olZR$indY9Fn#Ebd z^>ed)Nv^YuxSEMz+Wrb^#oJosgvL8-CWZxdiWlb0*KD&>s)1zWM!=aTnZot)t&GK= zFWT}2%;bwACRaZ`l@6+04K0|MoxU`y>rqC}coF{=lQNV5&iocE1ntJbl-r`d)K8O! zQ~|n01NC*{gWb2H*7wdgLL%sIxF;(81!47`e*za{V=BrtjY>BxEp@f0fb&uL?|n_eZN?}Sc$ zDPM8Wa7KnWU=;O_IOR>+r0WnF%cC~ELP?Q_?XNbH4K`JC;Ad5l{hCA5F5cGa<-aFs zJJ!QP6fjeiBh4@KFSw>O?&cKqI-K+2@{`l!uaf7zDzj!s*8-t6y zUTbeW`ET>GY5nqw{{2|tbzLZ{bye{a`k1Nw$XIixzm^B1oZ4wP7VY%b|GhOT<5d-A zk3X&vvlZ0}I1rr=I}c`QpLW#PwF3+)^S5}d5ULhCfsXeSu_iSruec-48hP$PzNatF z-dA7S4U~@M_d*-vQF{A#{WLyZbvL=LYD8RYmrU}5<}M)T-@csk|6v!;kv0B!nVy(t z3kb}i=lw-(f{)USM|eT9>xH*rZeTFgDd%j>#18cWyqgrSEc19e&X5S7&!`1UlQjn4 zCj6h}p(CP+fyK>YK5asT-z&_LB|2G}P8)1>=d)4uODf3@Llr+3Mr`FJ1olU;4Cqjoo?_OE0pYQqj&yap*wp5#}#t780TOIGJj-D?$#YNhtA7~#+(LJuFm@3 z#~0MpC=s`(UjsZ%{NC3o*DT$NH|M)m1j_7X?%OT$#%G!aUd{?ZfxNi!3wZ9cz&9w; z1)K&9+K+fuh8fF&bTpZLQi%&IyW}yBmU<}kfu$b);*A3GBWCPZQa7L*^FkZBLr`m-9aN5g8G#|34 zp`$Sg-tj=0zx5Pj{G@T4{Ws$0!T`=iuqQEaXZkrOm0Ln7WXC1HFJsJmHqQcI8)hQaL=@`&yhv`wewmS3eJojE{CIgdT>WLR z@v&Oe*#>;tU-GZLy*z9JzMs42hrsLZ?kXdr{Ngns(R6k6<7Sd4X{~YH4>uE|X}rU) zX8CasgrGztVBM@UweQqYtyw z1DzzuXE0K?ul62AicUrWgsI>2UlUS?M@CgKY~uOfpR*w^a@pE|k7*8B-u4dwVqHZe zbX-1~hRidq<0$)waFaNXA&8t%?x&AML-kquKaDba-6+?4?boMFLnm54F!|cG;#~{# zYc0Ij<-YWjM62T?bR@H_Vo!=TUCIzj9Qch+MiYd^?PS0=as@ZY(%kzyL0hVDT_Xdu zZ$M`U0^2X5*a{#|hcg-5XZ)A0JaU+`8D46mEUCHLvk%ADT6Ro=AwZjEZdb2G!x`Ua z3WIpTEAw&7nZ0?Lcruq5H>;UaPy&%R%y>fS%pWv9*N+QdT( zP*01|83(Fx`P^Vbv>s$7uW_S7&KE$_Y20LjIaky{Jkq_sUx$3JwU*$NEw=wb=(}8rvQCYA-CW+wDd}W$r zGbDT+KN-p$PkgMx=VUEG8IlDDvsV4sxFvl7_Y8VNc#M3&5N4@myEkap4ou>KV| z|5zi7vg{mO2ifjdicN*x9Q_UpVcDAsvLPdwix`b(zk zp$1RA@TsH~(ktC5W%C+pA-!SICPn@eJ|QZN&OJY%?E6 zr&h~Ul*rtKf$R5WG_qx2t)S5K#6_!#8C4_U=wdCk@c4ZzH42)FnuC?j(zU=$mhU70 zSlB{eEv1Qpd5vFM(C(|TKn$g`zF+|4g@>1i0Q|X#g3>v!~ z>HTMz?R`*oB4ik4{&`iv0&7k2&>K1@)DtVN0h$g0Vy0~A{SVA)lh}7F$>Q_6DMD0~ zGAC)!O#JD{Dr-32uf&&c77p*CRIkHVlWFYlnlAfH4u1$gotG5g=;M7)yZBas4T|>Q zf+*ta+i&CYuFG}GjIUqz{vfq#XYs#)OMkwVU>u_fcJO{_ELo9Qd1{`txXGKf4wCZWCI#hj?Xu zhzZ+k*6^TNXSB~Z+wQl&6G>JET;$q`MDQ{d;Gn*nm&BXQ7<-PZ8tw4z z4Qb`3m;WS7R<#|iZNVy+5`{r7+IQ5^aAofn(6B2N$Br!(TJc;MQ%xTL#t&Cd`)f!c zuj>u?6kcJPn-8_Cp>LhpjOI4gvOz2;VDW^^3XW6WMvYeZ0Ir|=iUFOo_~;Q{AE;?o z4iSOV1XDHqV@{$yh#Cuy%oHPo$6C81A8V7Z>rD21SzS81)_=F|H%#60a35V-u73Y8 zWM}FqXqXroa4p1%3BTk4XwPo-j?)3788YHVZ;RcCx47%*?ziRjU~RD!a;N`S8k99j z;kj!^N_nJqg3Z)Qw$QR!Cb&OT3RuFNx_85Z_CQXmkYR-R6#{*S1UFI!_*GD3&x8b# ztsb`rZX}#&jScO?1?zgQj182mfki37nA#5*A$Eh9Zxl2#K6St$;_vd?SDZKyW;0kF zNN)Ql1m~%Le@(F_js|L(BB{onV}5PoAok-eC@F(L5q1v_oPKtFcZU9Gz89^QWW|N& z0j4n=#LZ#2ktlItohK4k_>6t0oYg@zE!jhLo-|BTPXa^!B;QnyaNl7taMWzN=d-U5Za02j4MIx} ztPpZ!Q=4Azu=}#9=!lLf)uK;1&?UYrvw1P*;eqm}`_ilC08JfIw{AS-zQapMaNAo9 z84SYsk4mLPdBUt*lR6#=dY2uHZZniiOHoRm&s30922>f)bzuLi0YgFln*bS0MHIm( zRAJR?Wn}$@mxu}3r^>a)wDgp>aJ>H*A1_)>>C*rZ(ZTPDPdC&mB$!LEiKb$hDRc>P z{f6%rD3u)!ooZIuMIVVtBW4(75TLmFtf!kva||iuEH)o9Vw-G)a$Ogcm#Vj{H`9)b zjyfhc;6#>LI;_j`(4(|6Q$`mNpbPL|bol+M?`dX3|Q{Z*gv z=8fGY0+tr5E}QFpa1OpjaA3FosL-e_2|i6gsW}US(g!Q71V$p7hmo8ASXWox~_p?xB*N}GUhvZD^d9Z)5^xHJl>_T6e) zrB7b?Z}X92491FWm!L@YU%09^QopKlZ!mE$YMs<=AYz+dvMc6dl0ZYVQ%MkwpZ0ga zma@aKD!cP=wD9b%seDwFH=*B1X7_7@Uw_AjjxkD%*D8|A-~=bnq=TWi>nQF{YmxYa z?<4L&uYjklhf2R|_^>e8H>3q#W~Zq2&E$@&P1nn@#&M{&LZ0({|0B2Z(&;s0Gx3u$ zDhKipZXmzwC~v7gQ&pEir(hVVAQBGn(#dp>u6-}x^lujS%TgDO!Y<}dM@s8>W9DpMhjw0#_D@d&D)#Ia%SMx zb+_Tshf{H^ZV)-VNvOD1I#aEyhxWkf)3Roal2d zIexl`d<$VxOAh3S z(<5^rgPDd3hcg)-zm3qvY@x4X5x4Az1LWiP{l=9)@04Q_MpQHof#;6lFy9$VJi+8_ z!FZM+6(tI-3_pQ6_38rbEjdb$5e$7wzU_keh8*9LbxSLv|L7@fDM^m;UB1S{AW)K) zItv|LnEl0riLD95e-8(){Xkc)Qi91~6cpn~{kSpY7mdE~aycz^F>Y(oxVl76ZY~R@ zOe{>DY=YPdXsFu!bMg*J)YVCS;>b)|P@?s|+W1MD=9&<4?@C}ZyYF#fs2!LEOvS>; z$-r}xbk&M(CZPb;-1dI$;b?(8=BnNk+C`gM^KVcIzi2Q22RyL9@2ES&#yA5?fV!|I zj36j2>}uS~98Q&R)xF9c0=ZFeM(e=$IZCaD$q*1l&$m~a>s^&t_+iG}?~f+&oH!kk zN1~4SFPL!R@~!`Ftt!ushKsCvsb4-fQfPtFHTI7@h+KyVn1>@X?%jL6GCa9iVzSci zsvu^3N3nm0paXs{3eB^ePp{I!2o$a@IS~Cv0J5cI5=+YppgzIJ^kb2G4^H-ym%XN* zv$XN?eC&pZ^BaEFjst7Aq$(DYLIYIvOp%#5bO~l-Cmak~dZN-L#U&YQITSjrko#Z* zlwFbU3LK*$zS`c7lRW)Z(e5f|`y(rfSAb_aGV)JJKS1Qg{m5bq{ezoFQ9XGXZ_W4V zMv4}6jxr#>dsL8l3q*c`ekKQ&T%vFJ!8<9!xdK+A`~xUDV3yj+BhpTd9pS= z{I3RJ0Nj*m@pWkyQ#mvdJE8jFJzUugb>#*qw{OXP7~Th(pz`RI;3TDCwF>tHF@62K zNaIK34n9*b8O6IhC8*r0b&;cYBe0CU+er5-hocIe{ z1T5WHCmDkAE=V()*?hav7JmXvP@QU&Dc@ijkO(0F8lB-w-tg5hOKj$9=JNxOz177^ z{u@GJ>nlY7hbQb~K}Ab^(KVJZ1Ll?|W^=8+jqFU0+@Ksf*uhZ z>AxXa_UO#w&7{UvReH>GRJWoN`OH1&ZVHE07X~&iI?WPW@S6GdWLM=44QYNXh#CWy zDS^KJ$AxxWSs z6bn7nLO~@ag)oiqJ2j?iT2u@EgX#Ucl7B&bzsFz)_peP?+@J^#587sMs)gG6i9V}} z4X2Tz8%MFrfjmnNeHEK*WOET8k`7=Kxu>pvI?_Ish5odjj(}vFL-}CI0JUy6Bb1sU zLb(5*?0fvVSz_zv)&92DirWqW=(P-WbhA|N!3R0?GAr|?I=6(PJkLCJ(^#9WOX;uK z`q=Z|2r5r*&a?KZCUKUjno^-H4ja_ZWxg4r$;uoy60u;~Alisy&Xwh3MM_{|8Fkb$ z0pBlA)}zM^Ga_-AJm|J?i@q#gmnqu}skf~nal<8yg+{ka?^{&?SQ$}5+}bDd-yjMZ zv5(0^hZHYJfj`XauKmuFDT*BrI^-E8WvM>0nD z55Wmm@i#WfA;BTcyQ2&x#*0OwmJ0Nu539tI1Ac}uUtpv6Y6pSAHhqppO`4ppl8H?t zDN{{JizS=QBWpiuFOAb*M?5K_ew3^k%($DOVkLt+rxKhTZTds}Gy#mT{%W7A$(ve} zSl_C$2fRNJotZp^b}pvMU1jVPhW}4wL&FXJDc~*}qTOhr2f>e`2SIoGny{~SE^z*O zuK!lm-^&Si;m5z%R23si@v-Lu=l;_A8AN=v$rLo=ZF;$v^N?W|WBqn=Y;C|j$z0{z zkjVJT&B*H@H`nX-3AoP-Ao)Hvp>C)tJaTiL2-WlZ0uMPv9K1&s&54We0lxi#o7Qy4 zEgV$tWSr|%So|IE79&OaPd6)L_eZR?0@}?v$4_;)7S8W)c?~hWla~eZ8jV%%GpR-g z5QB9*7f6mb_e&#)1T5`b*rXpvLO;{ZD{QuNLGf(8q>F*q0I7mz8l_m4nNk8fCVKnI z`acFrY|GWKEbDO9?+=tY6DS6f<%^5kALo)ZOH>uX*BeiZ8aZ|!FEeZcS}`>E3eoMS z{H4F5IC)=ZvfOHYy?(r9EX^>4o`VT`(Ok-TVuduNwTTpFBwEQvLyY0f7P)de+TGX& z9t2RyH3X|M0JQOIeg!dA{_>Hm$E*JoT6H_B-5#fGN>T)43lThDg+Z1^ZzWLbf$%wk z%h^f&6hx187dEAR^#TJD-Q;(Ayr>4YeBLX|o1d&oaraj=H%W11U%JXQjXq-Y5 z3SA5ZM(Q%=ix1-wFCjwFB%T)=yWT!GeDv76ddgY=YChY2+CQ}COIfQO$YD$|ks-Yw zPf^#9Q+PTLET?ACe$zt0k$vl)tPOXfbxn85-~5AXp2CWrZ|UqZDe1n zVk2I8LvHP!K0HQj8L0;%{bEQ87Bo(k+n+XIwEJB3f-=VpC)z9`Q>C#$ScQ7O5!Pp3|2fT0&1 zo{12Ay>D!zzUKr!0{oJi&<3yec@55DLB+3tQ*-BY>9^Jzztc&ihQ)0!&XtD$qqvO{ zNCXAt0^qv$W#OzwX4~XPnvF{p5zPmB)f2ENXq!jEbH%rLKIi$}(jvM1hQV+QLBX_V zBGZ{O*Ug)yOzuL*ET^x`c#!A%Ij^!+g#sn=nQ}iH+C=J)C_CEUksE&L_QZmdyI4RZ z?Lc=kBKj@ zy^ME4*Km{Huvm3WHe)5QdfPXLgphVlZpT|WMewUTe3cNma;m?}nR|aGT9vNEk1AIS z7gCJQV7W!>CPqexcfXe?iS5Z@GnfD=)nKX|@{HTdD`iPEnQaHPkk$*gg3@(_61OsGs<67YXyeZKU-+%{qJ)AnU~F^qRq5}wHD8b+lLWG$Mv69gs6WGOu(kaH(VV@)mXyMY5Jq%j0-;FGTriL& zNo^feN~5Kvt~rs`T>*kC${P`zzTvSyG48o_c@E_AQvh$uPnEU+jIBR)Ls_zVm;t?v z-krU{y)OrE4-W<@g-P%O>VP5bk{@HsqNCM1$r|4AOMHj*E;LOgqx-6H>^%&wZwpFL zcK%{(GZ#T7$GDkx37;)KoVF&Y42svMmst2Je@r{F?uldv&TiMQi{6SC5xuHw=q^n- zEoV*E9f-WjI$&cryGAdVEwkG;w(r@w)*i)OvBN`?S>S0GipNpdv*(H~w6S zS>OBAY)Iw?`em2la-@VfO3m`$1s{IlqR1`PQbV5DX^i#wdWgq)-2-y$ZI%+mOR1+Y z3$RLHRu?XX0qcct?-AJ$h||6rm47{A<<+|k`0|%om~xdPPekH@O>k)W83J6zhYn;r z4=_i`BX+p!nh)Zv1x)2I`=xX^@ZPSV`=VAskd8Vt3(&F0sTJ_w^RK7Ib_1jDx(ls| zh7)wQX_UJYyCB#hS+>B^@emMZD-w-(;`|U0OBfp1;S@?=)WyPnqX|H)h5p3&Pl>|z z9TIIbwvSUm3#I1E+N&*n2t6O$598(6{g*OC^R%i}HdD^3XTTEbT74;l3xBAl9r^Rd zlG17gz7B7Ie#>1FL%pCHHeZc!U+SyTQqO05>+}Tq_Z6uX`LG#x35t#vM7{rHlg~!0 z2EM93A>&vtx#+=23=+S{^_&mXJ-wP&R3f-adpf){3Z;)d9Z;))6)%IkwUkT}dW(ng z4ogfWpTwze+JUs36}h$lEHM7tA-APee^U*0&Ua%j$`ORBxcGal#~32x1p`w57z`=N zlyY*v+IOq17zB`1zK&t_G>^JXF}B!N{sC;I0goe`H?;*@0e5&?uL?e_Jdy?JSm;eG1;# zU0ye;F$hvfcE;@_UFz!#;(s$^7x4DUZ+5618_Gu+c~W6pFW}t)s(=(DFjM`m@=DDvLMJfsTsGM(QNs&f&NRm3{Z|ytHiFy zr!REnJCI)W?QyB<@<6`A=lQNK<(&d?98AO{S1e46cO~a`e~0oiFeNo{RbeYHH=e#y z$2KMv&uWGoBL5Bn-U-s~Rh!z&5Y8b$E;wW8P)lJtjBPlIYl+V@tK)QUeih{CLx+T^ z$_*Iiz z@oxW+jZls3$Oj0n3sU7h6XY4iilm`0a{l7`@71>{{^P@vN~ggZ5ZAH^t6fUl%KXd3 zF*~xPF0_oCG>0ly2>DlX2HY`tGgf6dKmR;RX;Ijdu4kV1z#;Oq+NL&mReST->8$Q6l5bPuj9uu;#&u&=&dUiKeLR>2mbOf(!QCSTH0$xt;iY|503zp0Dx4@Wn6@LCN#sLL??5|cSxqQvK)*2x zOJCX2;bFu`bEUEwEyJ1*pD46&L&}J2T+m#?jn|F|g=j%bItyZr6*M={-e(nrD$P}M z?04@YTi|+Me3Nw8jk6Nu1Lxa!)adzHa-4YbEM9IrG1nx&Mv;Z@hJG zi{%qJ;{zEjgq?7y7*lr<#uA$?Nr6pb=%9Ob^hemM{EL2DhLWkx!Ptr zWjj}!%t>EXNLBR2RI2y}=g)r@9F4XzvJm|*BymH7j0UM#*8Qz+9?R%95qHvU5`E7d zQp#9}H+iJ=saRSQGfazbPY&FG9196quh5Rf@6!xf&=W{%xh4XE+T9eJk=p)W2>Io= zljJJ79~I~6pcVFhw?mxwm4RCr1bMp*@d!dlNa^~^hN0>p92wfbc)DU_>O(D&b#(n- zw0#kpzYLrDi^L}q1$8yc%%DL^ZwN!^S9c(CwI_vC?#ur&d*dc9xV$ zjTagC18tjcB`BW|P5XndTY1{`r$y_N^()-~_BL^-AN(`nH_@!)xwj+qABB9l8)M@m zFwgbWQP}@l9_~+Vs0}97>biFh@AsKa+M8C-2DlK%bymu*=GW;Ttkv%o)+VU|^$;|jUz4y}Wi~0Er%GSwFPgu<-c<;T_v_9oo zKy!B&MW#OCi&|+F=hY9}Oh_i@otqupGdFMRl`sQcSlrFiwX)?r&$<;J0bkzJjviDk zUuA1@#h#oF&-+bCJXYim4#)@J?0y>$?zdBHmOo=u`@%vbRimmviEJ&1o?OO6tEQH& z`zSJS%oP0I8$*S=*qJ4JWuH)+H)1x{`J+%*+{qbUF4yr?*@y>g%h2lR-F|H1FHOF> z^HXm48QM~x{Vmh12b*^>DxOP%Q3BITh$2x@>yT6&nJPTR3!pamd8rBy8$>fnlcdT` zD-uK=y3``2iZ}|~l*bzBa*j(L8|{e8#3N2)D7&e;y3aPhYnzZKt)`P&Dsbuj{q=#E zfsNUw;vM}A791_yUX8{`QG_chvPvM8pn{g3Tkh&@bXd*mObOxih4@@$w(R=Ur}86; z61UIYyi?`6ec1R3Np^g8;}#aFc+P^P4}T$l3D`CAP~!jrOLmdg9o{DbHcchjk6r|i zzC=@*gf~fXtLJUiTNAf+iFJiPGM96e^Pz>d9|r7&in@r1cZ5S88=@|sn6}a zj`dkk1e)x_886-l*QD3m20-D~BXTDCQqa7{>1ho=`DoucPng%c zK2ym&W8yn0xcuAjGjC$?7|iZc)-Prs-+$Nmb+Y&(QFq{Ep!MaAPeZ-XVBzX{eIszv zclouvZf$$l>-8|GZzF+A__k#isM zYjbLwa!F$Mcg~LDCu-|Ay#T9x1=90~zv|k3YewOmJ&4DT_7H_f1%4`> zzS*R9J*R=yO&oFK4scERfPeJ8Eg$u2PzX zL?bAXsG(PCp`&BWjr@<~@T0eVB4e|H2CL~D(KiS?G$!8nsd~fejZPr&*N2^sb$~B! zHfj02bG(Y=UoyVoM9Zw(^ih}#D_wIsxj;j;0#eW@-(&6omSO7S zz&$KwHx!!uE#LEw2|ofEU$VikKLPrAU;GX^2a$U}mxs{Y9N&*z0gDnK8>s*F-@|9$ z8*Tvr>PUy+R9=Xe4%Q_($M`Nb;3yJ)LsP0YM~>obCDebFIA0UXlh#;i{kx>zcdeP4 z{x~oZN7)UFGg}JLC6ev#LJcwXouD53pw1KZq0W{dG}EM|QW>-JCl(~m9gwr4wKkSq zH(sekbNw<&LQWPG4FR$IwI5Vc%@S5K!l7P1k{60N8~(5R4i67`B>s}{&eskh`n=Zc z6?WxgDjP~JE73)9YLOs2N-pExx#g8BKgEO;dHzUflmwT@4~>7s$PBnIfBKQ<^=Mx; zcxIN^ixy|-w&98%T1>^}GHcLC)de~RmApwQ*RarA7e=&I570)41M=jY0idi{A(4@2 ze@kOHRBGT`Z1yiN&YZO>gk@L7KN=4cbu5h16AHB?Vl@pM>QBtWv|Nqx!Ym9kFgm2j z_+Y7wq)s?C*94mxL@AE^Gb-tUcpC%7RX zv5Z0^(K~xb-eD#T;&X-W*XQ_hUZ4bn;}|6QDM>%K+7h&ju8@=iB>f8uetc6r6dyV_uY>3IO%+) zrf2(=yKeih6DoKamDGn2rl=SaH-6q_%`zf&Aw77sasG`(8Gj^ zS6=4!e7LoF$q%$WQ#SlA!8TZX%h0x8$uPkFcz=0$5kMHrRN<6FBKnOl&8FfJg>4Mh z(yspRyVw^#Ch=-JDzx2rTwgSqgBJ5T#7Zr&g|K#L0YBc-@|Px7ntRs;{?k86XRfEv zcQX3&4#`$m>YA3yyy5Ko3lC-w%KQ8GpaCJla1NsYz5eYEcgT@S;_R=&P>mMhHX6t1X52{vl`Hc|cuz>CS%mN5Ey!)6Cn{whk>sXjB*Wt%m&~ zj$R%03b?Qip&T`){dT1wpuzi(Y2{TuobWf2bp5Ytmb*-&)#dnWX-S+EwF*=Hyxp-F zq{ZiSIfst;+TG%-u@e>4L_A?=gXi|2%=N~~|Kye}t9R-e5Zer|aO<47{)j(p;W^|d z$JDvD=3f@=o$0qbbc`lqov-Jjtm`{)<>Qw%V*ur{U4`{?;=VA=46`==qlt+`5?#YV z0r@Z;Z+QBavwr)2>xTt>13p4cJE@-9W#gP?3J5w<-UV_9_XH9%;R0|VO&?cKwxZmExqP0R+`F4g}e;@4n& zZu@A`Ukg-}Y>d_$N7x4iT?Coxosfjn=y6c9iPW+qSJbOXdunbUy-o^bUtMwSD6nE> zOTrYu*XPriP5WOxYm{y%F4m!!melk{!p|d@nXeUw!`6lPu5^dt#8{On>=|2T6lQ}$ z+ZD1mJ4S)+=ik3QC?h}J{5*7Rz%`K#3c|FMnjcB1^ECK)&Q?{fuZ$oS1rfO=M-;l2^^GODOJFLHx5YKBop|-U z)9X}ZMeu#E&zyh!84fd*x-3BZzqAoaX~N$KGlM^Uj8S|*Lv<8gD-~F?R??{ji31;W z@niQj=9u2#<3>jb0vOA`uq2fyTrixJtC@uz$vnLD%Sq1u%IIJ~-cLPq+A1ePG_(Un41z2zGo}UQKx?gh($u{xz2Q)6dz2S*Hi~SBE`u z`YHp?X`Y%DUTWx~uhS^J@=oZYe2ZL!bOHm5sh%mdW>{oETIg67yYlUC?rjCPNxdd3 z{%%|8k?4+x1gk|!#7S#n6u9*_305GZ(DdnJ8hZh5J(xh9DBT=cB6|3!78dY%$QmRsaUgX z#OU%0JWin43P0#lFSr)``#}$nsn562YyVIiWTS`8*LV&m&(`jKsKtkxd+SpQo@7ue z`1#V%-ZcE0JXpjOz>T>L(RW%b0?$zbp5yzC?1@#1Y0T&GZ*( z_vt{Qpda9`#zUmcJ8sc=YO3rNl|~=%_!b3;VOdTYQUF(>sROc!%|qs~KRWA+ehLDC z8ej~MQl|B|jjH$ElrmsoVXnL@4}^HVEnwuRpYPaSCLWvObA9|tdu=$9jd6aYs>E|o zivnZZzuqgJVE|fc-f;fOe3&aqM3@+}=((k@V?dG5BU0N@&c#QN59Id^0{Dmtm2Joc z)voI&v%&>Bqzj=t0-$B)ZlOJ_exUX7yy!8@t}o;V_qioV%d-NI5DeDlL`}PGug|y4 zSsj{^>vcoC7s0CD`q;SocUmw`>24*pJZ)~Bzjr~{=8Qn`r9Fn&+ggIqY6igyAL&0x zUV!cRl|3NgSXu?w(xh!Z&d}t?FP+s|x_a@CKoxgrrs2@dFLMus>OH^XcU{<&ziK!`Z}*^U9y{DpY+?xr`@!ZLM5Yop>y_ z%qkN$pbJmMo6VI9<&7%^Wla=denZJh08GHwh2JFLc=y2Uf?C5?Dy@FoVk!?a9rL&6 z{u?f4+aP$~g1zg$i6c`x!dp%?;CX8Jj8ygJx3@cK(7?5*QTT(t zXmAH8+4#XNYI#*&aVF=`pgDTq*xw{Ak!WysINMCwc>IuhRD6h*AC1Vn(#4^Aa@4zhH0ym_=4< z-Y<~}K9gWUqlRPkJIN>tPqp6~74#gSPus>NhOvT@RSG_C#1?1ItW~np|~!JUXpD_oc4$c3GCVq<_T{;hji}pSrSF0tvMykCdDFWc|naM-x6r zE;gF>({a21*emqiFuNj$0$Y<``7?Af1|A|HT0Pb)w;-T@xNt{4BN0K+ z;)R{)%Q0+3{JmYD%(o;LOT3n>t{%dYQJb%3iQ>W(9x5-6C#`y?ZVx*3WdJqjfKOFD z?q<0Qxa#|JG3jl0Qou?i`P3`Yl|Y9G>hnafXzV$dQLXj7OV|-119%6PU{k(-^X^ix z4!XSq13+2w?6 z00{5JSCsT=3* z{5V*U|Ne=z3~9YeZHNninx&!Bgl)vJW`d-vAV`x0t{NSFob(&`|u1`rB>DfB5NRErQ4^rub@b)d+Ed6 z?WHghz3P{^SC!*?(|jpa^B4uojAj`4x1*;qOmFPs938-Rc+N>pEgbKPG4O>n`)DOO z)6KIm`4DZM7*1=ae0<(;R#yF$B#${ z^F3kxFdxR8&=45=Rh3(Kd9(DX*mUu=Mb5z7=&45kI2@nLtVN?WkwcH073Sq?ZgBQB zr$%7yCp2XXD)E;?_TNd)@flKJqZbY<<&(ZGPek!T$xFhmqmiajPjSRb!|5eU?{Uq* z#auhcKYP+TOiSt-LHH3kA+%fqBa=4RfGhYo-~CuQjtn%Uy5hlK7&LXDd}lnoVxIML zfBY@8e1fJqnK+Rs9?sT~5zBHtaUGH%Ea4Z7u}>4JS{eI_QkCMEP)idnwAoh>>XK8m zl!K_#{BdRMFOZo?1P|^5w03T<&^2_5%vlOE_TBxl8;!NiY@$35(LSt^+wa~dVa{Dc zgrS1FoejvN9b~F{-x6#;62Evd@9hr&_vm0hYWim`BaDA?#WScNk3?h?qIS4yB;aAb zaNbW-&ZmaQeL!mJN@A=otwgaTLG|U`ZhFSGE(LS#4D6HGq=w%W$0cco(XxN*vJY-^ zC0PEZc`j$0?+cTo|8rn)imB(xIv*ST@ZYz;W26A?t_U7ATQn0^mLHRo`FaqIf^{&~ zGo74=aaa02 z9|aKgeZbdj*TZXvSmWNP%GL6DxMccQrVU?~nvS6~j?1gKl(rvPy~3>#4@RIH;S(|9|oSKUA2sp8|yHh-A zTLFn&IBE#dt!Pa?MeZm{lZV~H)W}?%QNVA%$>TL5u>D*~6?TWDb7NbjE&ek#qlcC0 zEjQL>gB?wz@kk6*(|Wm$k>QkAln=!Ok9c)GfEdjMHyn6R)~(v)z;{6uY}|;mx?H)r zJ7dXMy~Ez}kcp4Bn$C1O9OUuc%~$nL=6~2v!>rCp*hyo~Q;OJIbo9Bw*SZdo0(ROsvP?T05-%1303HiT`QYKej#)i6V)m~~M@DHaVe4-@mQ zkew!`JzUzCQsDzb0LWj(fw$(*&6sposLe|x-cjs{!*|-%dgq1({xW&nDY2i+2C~>m zVLw~QS$2LiURKm}D12qLwiyQn70>D@fgel1)8qtG{WPamRa2Eh^+bG~ox5tH0VBDS zLX`{LD_MXAvE!HZQAFQg;LTE^d|j6c5otYbOXw}5`EKAeI{BU)m{)U%ztoIp#o&`lV!)=gcgdaqb;DN;S6RG^igcA-m z`hn5Xo*0KymUGtaKFlE>IQr!!EK5m-=^0yInXkJMz1j?w#G-iynE5;wHVc*0#~pUz zD){XYN^n!Vz{nPIj|`{P(NvkHQo+F)Krc43nY#j5xaE?f$tC2pwF8#}<+>6c?A=OW zH`f!G*rr!;@hyl_#xHShogn0>(r)d!!}@TA_aZ+qeW!%PUhwd}J6|O1=u!URX#afu zvC4mNk12a7X-YZ-3tvKoeVkf;A`^#iPZNVo#@S7*yhqwpjiN-AhPrkxhfedK{PjQdz>@^!V!fY$V_Es)tDx{GXv0Ff%X%Md^8 zmEGvHHoyrQXZ(&SQ>!aSkIwy5-EhE*W8tcb^$CoP({KOoj7LuUjjv9ijpA2&;K6w2 zvH3?^xH^UhSeCR6k7pB6U(VS-fpyXK>!B8vW+t}7J+AA}2-g9fbS@S3sq((u(O~Q; zOcjW$8*Fgr`)NrK=oHr?Wm@VBt<E>MqetP83g0Y6N4@7NzUQ6hj+#!zXSUga) zvu(?JW85iLX~7gKrJ-8dRa{;Apc$E1g4%Xy#hzzf8RCWw*idLGi&7FW?BShT z?Yu_(J!oIJKDD>+ZK+YVJ%Ig1zT6HN87Ce_&51{4joG%jy)l}}d>ZT}Avp@g8cFqi zv$31ZMgKvM6;(2DqFzu5axVdYYjx&X0f<7s7>O;V0i&DrN}_*^80dzQC$v30DjsYn zS>A+JwAgDs6{I|M9M_CI)TixpTTf$wUuIzB5D}|Y)x`Q*eBYvXN;b{3w4zV!*?gKZ zVnaoMwW4A+%g_66qQ?;|h42GXsrB@~+_EfJAC@}rmB-Sc(SsAAR_Zm<`O_`<(SKL( zj8A=x**7O$wKi*C%YhF2>gaQC{yovj`a$w1-w0pdQIg!w1%lV}%6Y{)L!^y6dW(uZ zoH-tw`E}1T&KT>j$^IJIS-^z6Co3Oe`Ot!$HHYBxFO?b*cH3613Jb#%41&*0I&bBp z&?o`=RKW>CHP<|vG-ee0o&g1zveIH>e+gH*Jg$*u0p?bx00415&=886x8qvj3n&(& z5qnYkaPyQG*@j%tHUtdf4RS3_-4OC_Xjwsrsh7J#ZJdCf+-c&EDD>vPMf@mD}U}u<%UeE2_X|wc6^g~ zn_T{|ZkL<4Eq2cRVlZk6nTY*EG6=ocKbS498@yP6)jMX*nL~_!(H{y!P}eP3)2Ow3 zXEzKsm@x@-cFDHm?)pYQO@NO>Y43AN97v%ffH^G)L(bgPqE18Pg-^?nr5yWliY8?k znu)WR=SAcvVW`|7Of?}0L&}Z=(=#g=6mN)hO;YUr(#ftguQpVmLzu zeC9fM4|>H!6mRct?cHm4;OeW{{ljJ_^tERmF+VaVxQ=1hZTpo_OP+=M@OO65NQ+Lv zA0=00VJhO6Fogsce*(a|_&YynM9Yrj?^LcMTH;Q@onWQUzn;1V&n*K#Q-^A6YzSDK z5z(QAj)29ahz>n-r0TSk8C(mL5)6(eKtx!FOvZI6rAnGmjHso=g~j<19a?rA7N>@E zXo>GFA(4fJ8W=kHppgdKMmVWbCIxR-9f;|AltMX`F`t$=e*!j>f;jZdRgp#!s0>!; zjbv#8Dy0G|hgD^nHM~hxQh76{$}n|dbAAwqmK}%9sX-iC0*xHU%+<-7rZeecq1IxC z?nN8aLB=DaW#H7=SVE1i(>#oQUKN7vI{0TqTdNyqYr9#yS?@t_{d{-V4@Y6_jQ9^N zbOg*M#ee9Te`O=!Rt&h3aiO(S3@|Gt%Tp1_CgBD5S2L7h=ECg!_zx|6r^I$mV~i9V zOLL$_hcrFZOBcp&>g+0Xim(nhYZhWN$;E*Qe)LRmt7(kyw=-#s^q!vKW6#lJ8x8Fy zRZH=(;Onm##^kp4#y%kd&@*CAw9pX%ofLDTXO?k-e^sR^OX?_RU|>bqcae*L7^TY0UZ`#EQYln7i473AAhsX?R)fN0?+XV{A@UYb#S**eUX4Sn4e}+a!BcJ^D@IS8iKG;6a@XUr+2KFGl zU`na5sOk)?aBob#3`=)MogXfwWk+@tDYmzx z-l_&W6H#7En*7YLc@7qFKhBV;4);7mrtu7B#MT)t?K&_OmD@c z7Ay+hm%D2Y=2^Gb{D$;&o?O#KiyQ&m3E{+#o|&gw5paI}C#EiSd%t=w;iR2O`2Byv z85w+?E#>REYBm_Yg@eAI6wb~KhXt*l&km>Fj^VVwH{HO=i>_?Pdcn4Q=2WFu)=y^F zbQRcPuxAncWdCIEfAI>7B>n-He|-J&$zBKlpvz9LouOaYQ|?gfy*dAvUa#?rT^u%2 z8a@ZR*g5T=FJk=cC*#MKgBWgKGDb}mGG2xWD;y4Dzox2OO?7_!n3f&URL8WNA@ma^ zYW35FRv2)6sg1fYNq+OTrgRWB*cVLNgMpYCC|D>gU!Qdgb35vST`r!}f1VoS$@=rs zOiF2;Gs3>K&=GoPQrMTCISX|=5jZQ;LID=@oRx9OSrLWUom54+^usW6!@kjkurDd= zhaoLC3PV!VTKcEqkQy!cZ8862x8g#*{=1cJfc$qm|AJwynmsC$$N=+d8}`M_0+b`@ zXuSgT;ai1$Wr@=`(oG`^e}nb<5AnnW5*@oNAw9YgENk0Qch&{7#R8BE#_VnbTm|a- z{@Qwk;Uw0LR5^O4uZ%-PJO##E+%unoHQeDz9UR^?)=?IPek(I_gW}PIpg1WzvT06j%R@_$e=2*2QDVQ4OW%$3 zY#@6@G9d+5d+$CI@CHqrnen65CPCAp+1)9lIge)0clL{t7kz<3{xQV^h2W8~O*P{vXby9W&%4b(((xSBf z9|bire-s2#=!l&&Ed_y`IZ;WPB|KrG%oCPYdCGX5XDpVvh)i=^e+ok6 zrXWNUQV>Ylk)1<|jqjY1M1-M(^1Kyabw{@2{0Zc^pO8UaJKdh?Y1=OIdQQY_X6E>TYW(`dD-so{sem*3*nv**-wh$ z%V*!&m2I&A<7rChHn_knk@XC}iN;L-d^Dtte!~25q2}|!<8D$3oL5X)Y$sD?(jrIf z*=floohm9QU4Qz38bs&z zk>=RRe^j5e$Pt@jLPE<&&&*TZ=Z6B+jz`+2t#$9P`Ijwu`WZFXYwIIEH6%JIVS^nMaX68f_GIL1Tk==bvW)88t$<<>0w(0GPdrNQf z;BvRw@CVqy2_I-6gb!qEgTiq1!TksB`LbQ;f3xWF%}=)!=V7xjwI>f8qR`hG<$&135EB1C>l9%XA40oC&N<(t=5m zmtuD5UFZ1qK^QFETOtj}|elI?Xhv(%5yvgXV@x@hO{+3+4 zI@z|Pz5*42{g&kw<5AhLG|RDRStglKQ5MyeDrDxbWsBU9e>5TFPs)yLc8!|IegkNfS!ID<-POGG&oU@+cA_D{8-YFm`hT;t9C{ zq^uvWzA1fasHEHn#X*^4*kd+V_nI@{J^yHkYC5U|_K&`WXw#@eh?$GSf4VguJgyzq zSHbGnl zT`Bx~20!K9*Y4W1u-8i)oEJMyZmhJG@y#0|uI&@@5Ps)yL zfg}3>(kh!?^sZ|>81oo8Q4PAZb)*G7(Dx>;2*13rdezLy?77aqswdkV0zO0Bx~b_8 zn`gJdf!TG}H(duKEs2u8FW(xfv$wi^Y73j;(*FGIE9Zt`3UA=gf41)z=WeNPrG&=S z;7h0@(#FC5K-Q~HAU7LM-dLv9tDxTE&0f0%-6}TK zXtLl(TU_UiO4*d;OQjDeQe^yqil-$nkTYX~LZl+jFc!-&8p|qC<}9i5w5;&EhxSH0DjM5j3zLdgPbL(l?6;$XT>U@wQ93h0e}xD5KJ?BVShZHFg+H!v zx)ZvaRgD?MJ|n-XK1qdP763~XGMLFYW`&ed8rLBv0r<72o4^uJ zNMIplN3pwP@8d}B%+FCN-&7uG$giC zTRnVuSXI+!D_rUNwpWyme|iQDDRP9qnU+CA&fI6oFbvBxESzV&Nn<9kuCo*&M&~46?$ida-)b=%>fv)pQf03Q!?f*KycSea*_Cn0&O8ElT#O5G5 zQx1y=ijyU7?r=i4k=F-gC1~;t5$Nr0mGvJB|AmXa0>0hhI_Upcb$_7H6jf2|+ z>#pIPu^sT%s^4OVEL3~O5gXtPE`D0*e~1k*Ep>#Pxla#a7;J~TkW5&eg$dKOkx5!$ ztlhr>+|-eHLh1-9JF)?eW8#1fKwzGdKY02)rwP9R-E0#6u@Mw@k7&D@_NnfgYUt-y zlFgP*eo0{N)5ghq5O@Uc&dKc{g^s}8wA>DI=01OeVXTd%Q3i@PX+kD5RTQyIe=*eN z$DNzo5l_hNAZ15zcN|}Z&u2-Eu&a)Op%8TkU^DcV`ipw{Rnuo(!jC!u#{GKM_HBes z7Z+(S$(xzlQO5LcxkC+ufAlQwy;PVAfAwN3I5A~&-{H@vHx`hSo2y%ky1ZQ1!TV;g zTHIAS_oQBZI||!Li@JRAU0og8e_mH6a?=eBWBLfLkK{dgeaj%`hg&(liQ@3A2*@h8F@E z*wJ6y7To*Ad%OX_=K98A4`BEjZ|c0i#-K-a-GU9JlkGPb_F`j#BG#hP4~R3{#saG~ zveyXRSwQLQlP;A($NzeR?%$dAwPEaGsrxrIpqX|xGtZ63>)gYlWH7MiTeu>v_?j=^Vzll|@EJk-Vl_(lAnXZX*BF2q`rp9$ zGyC087WYZUe78MzDaM{85E^|x(4U_Ml1xhjA>|rb)Nv_6dnZ|D^J?Q7?o{yCv<_vN zq<#*I#7zT9CZvIovLm2BpTmL@9Vt}Q&!OuS^;jZ+J6s2x*{Bh+F`6Cy7(FD=%AjMY>Yrk zj3+9RqDflTe{r5DmP?tlG|VDa@&x`?l}#>dE|bz<`;@rB{A5BfpOhWh1EXvd+J|5- zDRk~GJHP@KI{Vwqg{h*y*mhe!f4|UQOP_(z^#zbR>VhpRhx~ax z^iMzNYtiTL@4ncrQrnhSu3e^sCC=Az9sGjzFPrUBv&3AX;RatJ+*M$|#9^FV1&=C-s7A+@du9~uvqNrJt)QY7sj~I`O zh81sj(o{&+gUTHgKGn8&3wJ9$kxZ(#2H-JRq$1*l@@r@uDj1$oXHYT%=e2} zf2fUeIxhq%a>O>77T6|d7OF|AGKyI(Q!s`SQ8Ug($+(EBO4W50aesPN;s&;p34v`= zc4V8JPp3eNzQudz0)D8iZ)13Ce&&r6ycp<4@Wh8J1Gc_2SxTFSwSvuL>~K7rsY0F~ zeQR)M#lndBH~!S^X0Tw7kw@<7r&5eYT>5Jqf zUW4rXNPaRcl26WDN||Pbsu)HUe;C}xOIAiv$YQ}ouDHUWf*&7lBtMxD$tPt;@Zp(~ zzy~F903YJ8mOKt3XS9r`g^qy8v;At~w5 zq@MZq`7#z9Yp~%FFg<)%V}YbKV4^$erVd4wrKo%HNVrnW>sw$8PCL?dfV{+59ApxJ zpNR~VIek60HtcHMCJu~$!L>IR41_J1bKOiwoS%(B?Z4Bby`;zyyKh3Y_oHX#zXbuw z^D;2>v3=4|om{p>K1ZHae_Ul*$?7UW&epVIJW~;iqFC0lsCgLqd)TIK)H_iZ9>t$6~FULOYZ?vWPA^#)562# z%%Uz;jbx#m=P?F_Gln%63=9-QI~b?_>u~CZhtmn+VN!M+JI62@e-PNALZ|VKjNSLG12>=AK-QCSgXmH@ge5)5_?kQ2*gZ?t$y^({I?+1?7nWVb;l^T1JhqW ze7-YvihIBQgmqQhh5qfSDwKRE6=rp<;*eFSJ<~>VRuu(Y=+ZcqQIr>D=FgHy-GFgA zAz)0(j&B3ctOWW`e+m`r}@LILKSLPb*O2*^weLy$8UvdZ#C zR;(yX019A>Rdv-c5hiI^6|pR%5wpV$L!=YJ5Txule`HRMM3550#qHL`#=o^or8|WT zF>$R_z&N=XtlA!91YD>IJ^JPRm_#})CPB`ercz{0Tr(afaNU<-0vCT(f;l3RCKe%2 z#fW}!V-o3vm;@<14i?X>SHbO@&jey9u^+VFxHtTiYbCdmFU8YU0Jf@WZev=y_titX z#4tv8e}GMmyC2G`?-XB)2MjjPOghr?0@EtmM;(G*Vv=^d(B0t|YV*)aOntMc(}fY8 zkw?~$-!QKmt>!McSMB|puO4QipNv50IYALp=m?BX3yP343mFzk2*+R8G!aW{xQ168 zARF_jDWuF)T={7~Qa31)P6&#Svf~)_%<97^f7!XX4Z5eLcv!bfq`o&98U`K%zubUN zn^=I=aRy3j1JCVB8l2huYK%n!S_Q<5r z5$K#&B1X=f2&9rMW5$)J(Al1{s>$KLUxQv%O zf0(QK`Y=$*5i}i{P86}j1a=&>+(g^1Z?v4wmEig1_V9>vlz;g&M*LX&>)r zrHfwin6%An+WX~9XPnz(^*!pcYptAgf2D3`nwx5V2>@3OV}V{WDld?#nJrCfnD!tq z`Ko&W9Q0H}Sn&_1?>}|e8e%r5v=+H?+Ug@kj)38`awu}Hh2f{_^xfg>SNBuobNCre~0$! zr}JIb*)*3mIddF|B$RQ+nx-yT+T@(omEy=aqC^sxO;HwpV7M;pY=X<0lpP0#XVww5 zL`hn;^sh+d@oC*IR^&N#j)R&MIsymN9Mt5@MJbXruSyo>HTIax;aaE~#iF{Zv#OFR zl>R;>nd_j=COD``*>N0rW(AY`e~vJ@NwM!R4Hz>v-hjGZ$(Oq908V&fJDcX!CTC9Kj5j$PGlIi)DOG8X2}&`Gvvi&w!5^PcIdSWY2)Nfc%#tcyq zfeO<7O_i9F5=TH{nlqZ5Imyd{hoB4!9yQ36ov^BwoTW(;r%jxeQ8eO8ah=iG1ZOlU zI}VAHbL2@0U*uxe3@&P{3^L?$WV11H3Xd&uz8^T7<_9Kc=1m&qe`y)BJV)n=k~yoR zDr0q;iXzNQ6^=01WUe1Lo8Si~Wyj&+nU#QtkL*lG9CQIbprQ{QXsguJj%u`kVJf#v z9mF8gx5+s?_&DDan@#h?k~3FXEy_>{mZueZVxyGtLSnayxXSBDmb~`kBX>Qq`2ir6K}uj4e@jOMn9&r$+s{{l1cZ(? z;l})7i1PFgR@jyfk1dDW@_su*q)|1)nu3t5l9eO>@_cn@@1#lCtAS^UQh`{D3XO-?rEef8`kWKRFmGDLqzzgCTYf zgaOtqHagnaU)UOSF>gCeqc(UX&~&;tmJ~SxP1C%w11y#DS=Md&#IeYIiPq7KF#@4-L_u|1f1h|C54W_ zz%<7zIdhs|f7xGJz!g}+*%g-pG)g4cuI!JGV8C^}<`W#Rr0h5bPR2vdBQ8+nQaq~Ue7|iz&2LN2jP#9Mgo+g+)*VtRR%Lm{ zia3nxrqOJ7ei*ra+kArGmXsZb(aDL$^jzCL!^Wlzf7(7hm@}a-*_Z!#zxh)XXd3HJ z>-Nwqd*_+Nt7*>n$mY{LvgFL6tdf)`DML0mxLT`%)iMuR79~7E%Q?*bA?V!o$mSC~ zvZU-dMErepsB9WiY*05J5iIPpv6ufDvj7PaAaW=(g0;AH9$~lZG5KUV_YEDTHpo24 zB||1OmKIX667G16^E$~2LxkoBvg<_7CpeKw*>NCyX7vG?S(;wAbC5T4`3CWVdw;WRHc zIdd5y(_YmulwS~FB@eh|7|?0kY3o0J^~;mKZXQsT`6(vTURvQ8`2 zx#n47I{ijT6BF$=+OpU5P?UZ>W`;-X;IZxY2A#vKb8Ikd@@~IJo`Wqm?RwLHXrsx) ze`mj41$RofK)MRPYqz?^*WCu2RbY(QG@F5o>pg+r)3d)xkt5JM&EZbYTs5FT%d}*1 zrU1QB8nRj>F^h|=RJl@UOZw64I^6RK4tG*^9KGJ`Z==87en;S#lI<(f?A@Vf^Xltb z3CxoD)^I*+Mv=NtArQM10%`gs4GHJ%e->?l?s~|2(+c?QcRN}^d!u2`SJe;2pAU8& zyd{2f^f3I>|F73i_(7C{0oI3K*?KmgQ&cE43VbKq`O%hqTC|0nnWu$HWu#bL7ZuzSnu^s; zS+KlPQJBPa5jP|E1UK4}Pl&dVvg5kpxPCS!8)H;iP=i@zachb>X2Om~oopmq&@+hh zemw2v*ytASwHbNn%DiJ{G-&O6e^lCzv%?UBpk`Z!p_W6FKMp%d482}l))RE}yOGD| z_vT$e9Vn~$T>sLY$2P6$6m~MuY=cP9IPhioJ3^6PlXn}PAC$@`1f@QVi$82OtL~3C zH*>|;%j+GRkZ2d?XE$ICAqDG=`fW9bxfoJ73f9+9u$~c{A-P6(Lu_WUe@FrD^`a6H zi;_gLG;Rvhql#y>4D+Umc;!Fn3pX@YObCsUvZI^XH>*Dlino!&8Nn8E;)?u z?u6DXo?Uv27)nsP8_chClN#71>Nm|#a_`WJ^{uAxb633(4y89L5^LJ_Sg^vOWo^&3 zs#O4dc&+SytDoG?I(_F4e|&SM$+%y@Y5HIVW=k#bd@@VT)@l;k?V8XNc+a$1n|dp0ig`9$GTj}`ZoXY3#NikxRLS^c z1?=o6XBXk#OTuSAw8!ns%Yr?}J4^A`Z>`~szF*^&cQ69bh~F*@Y2Xv?)HSEvke8o- z=``0dZ8+$57|$$+e?8CTb)Q3x5BkzHfpsdKNZmV<46D?`t}&%nqLc+rez{(iaDH64 zm=G8KFfM+)>0s)TnMopL93jEhE&PVzduD6+rYY?}O)k@x)(LjL?PcrhUi{$X6a z|MK)#^z6&CO`dKH4Vk%rP^hLJkXKn<=3KI}Ohe>fO5n^Z5|-9wk<~mZn|Q<=cBAdZ zglIb{>p}I|fAvkIq+aCilt7X$to$BqM)Z!Z4evXG)3&fcI`{^U5dxFv)IyO$M__VV zOr4xL&8jd;@{D1)36s4V#%obCS>|P&=kRy#XHzZQn0hfGrcTOwz;bdhos=-lT>9i+ ziwDg6+b((6wPMEmZVZ|);8M=IuiaI!oC)~vY~{2ne^eWBsEhVH&#YdsoF82;rbXAu zne()%cvNxL#1&Z6RVG=Likyi8iM@E(tI&uRS-I;cfxejC^;z%ya zi?H*WQ9mmf2LUBhP{gkVQ*5_gD`Kr z+i#H(q69s>KGC|BT1s=P0R^S|s&qlC{U2Mb>&6rcFu=?WCJmj&O7j+l`1}dr1qWff z{;H?wm}WHHeQy7LCZ8FH7OrrUlI|FmKS;t2f9VO6LyT|e8(e^f*dwfM4cp;&Ts#Yc z_og$rY(dSUJ7^HS+G~1)lp2HU2YxAQh!v~jD_y_%9>Nm~H@ah^KL=3F`{kMT>zspWv ze;rNqry1Jn!sq`7t?2!Ey1yS*@a#8C3W}JPM6XwcoS(E%Oh{VzFfKm+rBa#WxUMbzyx(xB}vUx%rS+cF7nJz zMNzm36vc!D3R2di&d5GHr*)_!$N3&Re`%seC0K3O_qeT5F`1@rw(F>g@W9Twgssyz zxqwe~y#sXtr>Qh-J9F6|s+1XaPOBYK=m>;QNNo5pF5V;j+qZAmpyD>$T4{8D;~Vkt z=f~H}cmMle#lQaem+jM`d-YGAN9!9XvQjm03WJTu%37u@Pecv2N|BW#Is1j1e>qW1 z$ebW$J+LL){~XQWL(i%YUVW(O=mg#cv}+H}1&m|%2t}~An?D9p-zu*0goDpN>5ulG zX=Z@%dHW5ILTd}+xu_}0@EEp6AtSJSP9UBXIs(fR0`VWl#iwd(8!^}^3rR*JJMk5qwZ!tYm|5rbLB$8oEU5u+oLR;bE58~ z&=GrPTGV|^eCnPtMYIeITsB)iz>{dl7_o7vZ$U;XO?gzYJVOeUq{voy;PIMT)Rdl$+?Z@R zAtp=8dLZKs#-bbo=Lls>e-5JzHtkQcSG)2G#=BR{Z+0J3?tb&eoV040~TZ zV1nO`6~B3Ss@F5gKvT0C?&HmD!(fSUSq9ksd99k)V0N$7H#kEd)suMGe#Jrm-jMff z7+##?3 zp2u=SW%-lerFH#3S+3zeocj^`GX`&9?E7~86nxO%fC+S&j?viQ2>m176X96%%Vj1Qmex#Zv1=EjewRDBA}$KXD@mqpdVT; zzcVga!s$lIA6Dchf0f8yJGDCr69%-KAh><^%XbK1<7q;&^(RBzKkuP+#-4>$ZGXEt zxV`kR{=DIJ_j--l$NcI35AhrPYyH%A_OB*$)A>Q)E{Y;$Bfn2CsLzkHmeb0O$(f6~ z%2b#u7G)UIiWO&7RmDuiQspWR^K7I8N$Cba%LxHcQq}`%e{TSkv`OfRmL2FHL+!x4qSWd0aTAH-TW1p)wPZs#0YC$tsqXNr9vZoT)K_ zZjJNfzvZ;}FFCU)xTsZHvAR|{SPN1zUNtdOWldWjq%7aIa?ghp9A=`3V$d;U$V?Q_SSdqfM zV`(I7Rwq(3p{AuML|H{69soCFTTTeslCmC9oXm4cO5Ez^ka&O4cX?*-^16%l?03p3 z`OY(xWCgE0*!KDK46n-GM!LD*bu#1%S z0Kqd|e_lCv`m5mXe}5nVLKpYqWfX1+&p2I_4TG6`@Qna_3q#IF28X-1@l=<65#XmJ%~CQ%5*t$f1j8Ovshn(Vo05KzeI`d&nBPl_0av@ zm&QVVciydVeuS=^R(ed%++Up;UPV|6ml0OOWrQiXizILr!JCMGE4Tr)azX%&l=W-{ zZ_P1jv{6!61p^n3|EIqT2VgjD@YpoT?w9;wTf=XYfBpRa75YZGN!~BQKMWrtz;aFq ze~c750xZ*NQOTM6D=Fhe4hLwH;&nAr46X+impsMPCqG!+*i$(n_C(5hz~XKFM1qB$ z$odFP4Ks%k?(R&n_C`DeQZ00q7S}DG^v$%H^WJYxz~r2$4=Hp6Or{Zlk~0fY%c`hi zh6Wc)!Q^5bOfJU3;%dO)LVL>#lgf>>e^e79Eu<_B6W?@ju>R%lFiuD@-FWFQcRE9) z6PV4l1Boui5%Vp!E$9G97>&Gi%k%N5m7OjgoUQe_)>%>GcgNufCkMG8ADBp?aWGZW zVld>)BB~=HvzQ_O9zzB`xXDSy48a=mt4TkbY~{vastGX|Qq}_|&vXQi=@!QRgIy*%s7KI(3+zINe@@-D85ASosv=k7Meg}AfNEL{fSg&#RA;NPT40}G zfeKE+xmiU#O(dL|T#Z1=jR8~>VgRJ92T~_p#Rl=po=wVi5QZeDL}|e>*BAjr`(- zD9b1L$Ka7hX%bQ?)J6s~^M7M!kQoFX0WEim6ZWIF;Ykv%RMpIux zTtrD#mtZkQA@!VW{z+L69FM8}B5+BG?%~oTpY!#m zW2R%L3NDbJS2Ovo;EaYzE`r92a169wn_$&9{&ZyuSS-bgY`-n%U@<6(6n{LxgC9)J z-)Ae`y3>jYzPxe^P_8icfUGRD;x4A|Ae|owrFd=4e|Is-M zxVJWFDlBnDw*3AY9}7&F`>kd-S}8FzboTAMGto7<74~vv9v3g=>e(7MYXv`l;9t?0 zaTekhxKW15IpGpg=!h*nAzbodT>J#ygFaV~E!9SsqUZ#FwWfA3^~`C3^y_iS@bU*H zk<3^L*FSyxt1CmUf9>DFZlI=`5U3$#Jv;d1Kn*G3Zrr~pwK5KaVK2arTpxndJI|0_ z44xmUsiu`kjfo$7tPJ^j!|A~m_lphdl-RC8lTknf183uPl z;q3>a8z`zK1d2#m4-il0lcgoF)X+LQdq0-Z(Yq2%M@4V+e=TpJ6NN2xlw8kr?mf2z zb-Q7DLM|PT?9Y6+M$u;N&xR(^hR4p5<(M3x6)61R((-T{F(j{qKlE>O58+S0P(F}z zVmYMH5u0UNEQg#q$tscLiDHG6fYvCFS;Z6h8?VAb)m$Z|KbBLuv7Bl`EQgf!p!MX2 zZKOo6HixE4e>}LKJt~V5Zt`u6_Y~7&?iJ$oD(G6xx-{#$ZJ%w1pF!+l(uCnz(xUyi z+J=BJDMR3#un#G81g@rqeaM-y!d-|$Vo*Z0?fS;-fe==!ai^QX%w z3`0W?rhg-_i_hlzN42@dfiExcM1=$OzHPx|$8+@JmE|g3c32Aq>wnT}7^nL2JJ7nY zZqTlLe=d;F*FGYWh{>R}WdL}quz3Pfe=9vz>F|g>S>i%1FrD2*JTzahet47Sb{+gP z{(}olGM;04@@l2P+Sz?hkBwiaLTWXb1a!M;hK6aOur5uB13%D2jI(9m%4)ax>!0CF zQojkc>I?RD&a|%ensq~h^tx~TDYt9wP9F}re`{5eQ(jf*1S9bu=PEB+mQ-G}i00FOx2-$txF7n&9aL%bI9g6(OE?yM z*{;#=-t1AQKC}z4x9-(@v&UV6@J?+uhRMUy3f`_(SDF|@!|$I}{ZDP(VOw@U?mIh< z-fHV@?;Q9B8wbfdaB3dJVH#Zi)M{2je|WxEeGj@%?I%2)TTEtrP#mqh9o;I*DtY(_ zrXSpcVp?bv#ai@y6w@>JfdGcSR_qW^urdz|xF8FGzE*U#`cWLYC_X<5O3QjsOo;$s z?jFUF5T*ukA^h2NFl;p~%EnevX0E`Wi>~vdn6#`1U8hDdeUt1Za%f^HzLvq=-P^r%#!u!Ff#=&Vb0n(Xzp4;mIV0Rj z3mpNLN%cka%ujVjDsu$&)bq-8x|IXlKk zi(;4afhf{;RJeNHYDizgAKDIy@MgxzfNBbP^N^NhWk~3_vA@IvmMwLlwKh9fGJF|) zWm70IA1BIicXmili%x+ZHM2-noF;jV{X=pLe{E;1YNCQwd8m{M zYuRKYIx2TzcYa`umi55S-(-I zZn6%ozOKZix)alD@#5(0u$mT~f+Mm3DprliWWn-CrdSCVGq`)!tWFD_R0$8$(3>Jr zg@ucw^W$2ytOrNOf3W=#SQ-%>RM#KPx`T(-=oN&_4dCs^&v&3~u)haiAI|8Z=kQ|W z>}Zk}oq`dvGAN0ww5Uo}M^VYr5-cO0@s#C4)mfUR*+|QQDlA=$oF7f1Wjz=@|hp7VVe8g#6 zx!5~D;zY}Outzqid*-w?wVFP*WzY16Ah_Pjd$qAmA~AhV7ysLi)RsdS34}XifbI9P z(@et1?+sSke?vQ$n$odx*_z?QntB6=!|==St2JVq@;{vsIiQ7(0O6#_0X=h;CS{>A z!IX?*mgYjTGKo2BvN~==UR9-^+M%q+ttZ`I9xo^JZX5G%Max$DI65guNq-ii-uxjDg z^;59oeNWh3HjwN2#{1$7bCHOKmGm0CC_3N!9ZmColQZ`YO@@9cI0B2Bl@biGyoq=e zXEC~^fBYzNz2DIU?>8yyLD9+HZ&Jc`b=A&IP0y!2-nT2AUw^ma>#t6GRYZ^4vFhkB zjO}oYae0iQfW@{oYHE!q+5CyZ(K$|YQs@XAO>>%)Gxx4bhAu0HPAkSmQZo^STor{v zkCh)suG2i4;4~*?JvchqX--dKtf9qrzL~ACe@(E9Agz6*YG%us$*cu4sPAg8UF;M{ z&hdSdLPvmPn(v#Oxp!GIbTDCWrJV67NmwrHENh|y{Y!q3xW4abg72G@^?<}Po!7#l z8=Oolq?p?40XB)W!>|4 zyu0(aA*e*omn zy%(3EyA9rc8Z(}Vg5`0UCk4;Y+vb1!ZWJJz5CtG*J#XJjgGRo6G5~N6~doeXTHz znf;;9xL@kSREOBxAPxUOVE3F9U1NA;O%n|^+}O5l+qP}no;caqdSh#2Yom>AO>A%M zeDnRC=RV!H=T=u&SDka}792E(7j^6T|K~8v^gG^Wo|=OjTPUT$W!`n>b4FZTal4+? zjoa!6k-A(!7qSL_B=H>Q;-ko+*_9_5!)wdL5>#9HKGhq!%S%9m?>WDO8RxT_U{T=u zs);JAuUina%`7svM5^CWTucG1p1y7T6{E=v=MC4zZ;>192!rzh|5*<4QF0qY2EU_5 zGd^l0_5GYNfM5*JMp}S$Lv$i2QgIyd`P~%k-AWL_Xx5;sRsg* zXoUas|K(`pAwV+0KSG<^ArlJ8kpUd#Skol-6I}x_Vi((y}&~%+cw%?z% z_L`R?EcVns^*JerTXmy64D3&!wfh1AO&k)7kqHo5EYWC4~RiSfMPCF=PF{NujNWOV2yP=(P6CR?=yrF{K z(@euefZcx!FGz%z=k4)&<}8Gx{XYE3=8ARwKa20f(Eha){@`^tER(Z5tzo3N;~_0_ zz+E6rJDRpp(@4F6E3q!4g-NB( zkLjXmOzMNZPFo;<7n2%wrEdOruK9p3Mv zKh^Ul@k5C0+>rfdo})(>(ay)SeKojMv(jqq#5$7xX*8)-rXBsNz0gbZ1>hzYjy}qR z`o}JSti`YA+P0pph@#-tQ)uS;O37K<08-FZ*=r9+QaO5f-y!MvlZEfh z)V9z76Za`3NZ$agmeD7xef>B}r#BoVw^|bb+HfNmGAmH=KkMp?I?s0bzenjrkX)IF zmRY07+kX&~xYj7~`FI4bf0*8ndPkmaD@1Waz6P`$Q%Op-4Js1><|#64OLsSLB_XQ( zS(5+b=0vx}nBb^N@|jJvTuoPUYBg_A7*8;HwGif`{r9O>TcCwcF?we8robhjB(MG& z$TAFq*7g+WwU1fMV%onoZO-s6kW9N=(&VW+xvfH<%C_dTE6Y?#6`kdFLCg-0YS^<) zcPdZ(OuD3S6z=B9mBhdpd_fvvq z{{?SzUpl*!$A^~%-2e^#eu5_QsQB-@7eatKM+BY_eBE~bhnp4YK~r_Qg)bqd3%V3p zCC2rzZz)-wMvB$19UsLl8!z?Ad_SK(ZXmgMk~vS0?R zOfEV;h%m&1DSOfvJ=vrcdSviN-Kd{mQ9bfCx^Q7HFTp?tZMCyN!R0!&iTq~iV!a(J ze=#cEXZGPR;|R~N=^hu0h@|N81CG6#*xDUx;{5pA^4i}2a3q=IJLVb-XH%p}?}oYA zhG5I9-O*zmV0dx&VB*b!qk^WHelVrsNVn*P2>ra7h)O|uEU%)g_PiBz+Gdz8sy1Q5 zg7a?}UF#cxM?Rgn5>^LfklzmrEWD3V6i-fuDbR6xv)$10H*fbC20|vo`k|%5URQVAhxg!2a#T=*4~yGb=qz`Ar}Vs@Bw zYY|t$(?cHH_J+Yl8tkH+I$Ho%;u)!F93AJqAY*cexCq1k)H_iAE1Kz%TsU~;0QKOFK=z9Y}&g6 zdmZX~>`8bAOt7)w)8CKmMh_1j!>W)rZ>3h`U$r~3#|!p#Ta)UGfx;eRO&fMnT4f9_ zQ;yX~kjCruZ+<&uE)Q15a*{pTaA18v#*oYIMeDK_1{IS!qJN@+YD>}uh957AGcAC{ z>9|8|7d7PS$gmU|^p(vCb-PY1;C>mNeh^&$#TP+eH}>bW2)iQ~=5`x!e3eR=4A>-x z$K`T$1j*QfH^fGN+S(DSN3Xmav((v%Ifp?AU_jQTC=WFU20#qPl&%U>eoMj|nyeom z{Ta*lRgKU!)VNb&lvn(tY6(RTPXrjTMVItt-6!36t+$c-icKSIbeK8BCj2NF-p)Se z+8({wjCekO!%Bx>9L@1AXno~HfEdi)L}%=;Z&>nOrBgc~^=jHrbbAJW|M{ulOc?7< zxBB3q$HDv`2#Cw+s$n{G|1mj!&Hk$ZTFD zG!}x}`W~V z(`U4#En~YCS>Cz;y_yvc(}7*M9%qw!`h1)QC5V^Endd8~9lVfUo=YG&%r0g;^w_F@ zWlT{vB&eYN)c2aFCHcyB_JIpgrD^DfE?qv0MdNVbYP=(A*yV>(Y2r#GL6Q-Y7*eDE>iMdfX_ zsqUCr2-ZYpaSE3mnrMpCo#mpp<8}u)oQNFY@~VIsIpVyw^8{RZ7#~+DN;9-U=8%dr zM;c?lbmx$f<`se=3zkQb0_F=LjpO)k8}mlutV>yC*HPpB*Z`7vwEyZiF{bV6G`)6GIr`NP3m-E-8fVK zO_!i%0H!I>(t3oHk-w)b#ly0ng~pJ~lGG&vxy7~IjM8jpJ_Wp`U(ET{@n*-;Kx4)1 zPNhLmLKD`JSQ;PvUF!~fzb0QW&FVA2>1x>EKHv8N0%jgjyuw2^u8B_DxkuPHed)m; zAn}a*0&Q4-)=XZ)X=bZ2|9}6w9WTo#v#*+BL`mv2F~GU|Uj1T&rVy!>n~+j%qHwAn zTbr>QVRy?ey^JpBjV&|!`k*hesGBN=fBs+~>NQS8i>uCWKiSyMy8Y^8KaMxgAabJZ z8~=|7Fhw<6H@n|hj|ctbBz9lPdiKsn>lX5>SmI~?yDtqUHMZrzJ|7M4Y!h_X9t9br zEp@31)#|ncsf1Y5MDz?_k#r>-AcJ777{RnFv zA$e_xJ6dl+3CZ4oq1Rsed)^69Kn@T@o>vTTn{0QXV&VoWK~c|pFBmOo$sCEJk%DLc zo)v@N?z!OK@_L6U{KR@pe>PyUyk9?{oI4wggH={V){TK~le$S@@|KV$y5r5`a`(%i z%g-z$vqrkFRjTeX6Q#*(?zkftd8VpG$f27Kfv0hEul(x;dMLS!%u-rohn2GE?ExTx z&MF@sBhc#HrLV^#(;xruy- zh0<#)anNl9d%J?sImfcB30vPgE-YuajBpZ%%!#KS23^0ErE8NQiQ?hq2N)7bI`{2W zUr%5WKKI$d0$mV^!&#XvwXNoFPDj9to(<&0vf{ofCv=qY()MT@u&O;Y4yhFaGB}I` z@xe3T~=FT=f`*j+<`FAV<)|pESJD)ju?>e&sFSfB0F8{4XN$?XAv~X~@uVbP}-GZYl%~ zgJ8_q!z_OdY%%`(^kh`4rPCIrv{rNBt-U?TeATp)PTS>M*UTj;D(WH37on=kBurFF zM`KWMEcSMe8GvZ_m07P0;SnW>TvfQ9Hbp?|F`&!M%q~4+uryd-WUpi6jaZ{YWMQce zi$wXuN#4f#cpo>LSIuh}Ed`M0tHDt$orCI?fFis@c8=n?GJncE=+n92WM=?VXrJ{G z0adVIR{lG(ajg0sNa`U!)CT6XV7PwD8*#CaQ2CYwe?&;y+U%tvVa&Lz_o{b5uzO*1dW!FLQmx1{+ExicYA{k2AocpJ&88rYs6?a@hZKc=V zK%LKNxiqT_4{^;H5=M)tpB|Cq8uQ4y18yjLZ&0|$b?SN1jb8c&TnX!3hbYk}osRgo zz%M9+Yv`$8=iv2Yv@;1uI-kCuRI3*Y&L9-zpH$yYK{u=AOHjWT_z8@T95t;pGSdh< zFN`DC^QS~~{`SnNu`2+`oZhacu0$Q&_C8A&(ZZ|M$$M60Pw+iQxo!(H6LQ-RNYg}@ zx&JBgGixnao9`-2)Ww!Lt<+9+do?W6DC}kI0DYK^4gFEdP{xSjw)fpTZUG&E>^?@v z|BU++mqfPwj{~}_?-V+^Q~zA`F?lZwnjVf;YuUu*CI}|8^!}_sHql z+N@)evD%#@nNoTQv1TVLQ-A~?)^xFCixp{Ei?5E7&xqi?;g};0mPyB)%R~?Jp3mN} za^avF=avWZ8k={yWM=y`y-{rNxlHsiE%cp{2&g*lu-}+N?gW>F#paUtVmx&snlRlW zzgSGFog)bPwgC{t9#QS!>{BWZ)Y$9~<>#B(18EhGk(a0q=y(RMPu-~xRITRa7@jF& z*aZ0ZcmEwu*(PghYW$cpR3*Z<)M*w_#y`F%iGw_K;u1s6UVELkkP1o#k%nDnKB)2* ziVsiqhwJfy`|j(l^x+YeYjI+`IX=-EYVKetIqZ}rvH*~8wWn1L*4Ac4#--retHHjj znGL|YC6OCci|!iVGVaZrSFp0+kX=u%-=02~@f$vL$Wr!8YNvgDT=wxDEJfBsnff7H zQp!M;wirly?!UuR?t(c^NZF)76gyX3v1*t?hJA`cnRCxGS*^DXI55abEUYbE)rDFJ zh~~gF1(5A;5PBzql=rM)btnirdnrBIREiPT0X}7x1uQqeV>wKbCt<+J)a<<`nQ=Zy zr*Jq!e(}>^SmM%mWZ8r|Uf%w?|2I8u*FO>hL$&O2wd~*X@GyyYeo@*M#v3WDdE0Hw zQnsLemt8ss631dLke!(#XR2<9!A&!5;9(5ZlCYhgpg^rgF2(7DS%00fkP-rYBvo5E zz~#~C<~%GjEkexa3DG%lwe9?305zxQdtqi5TEzPxRKY0FdnEi?~N8c?^t4GZ>}glCtr#vxy`=kYC$@ zJQ?agRq=jkrdwEE)|JU!mYTAW+saHN&^#@<3F)Ei!a(1U^g5lndwdSCVuab8!+sPg z>Fz*sJgO9V2l!KC;6NbOX0Sm5#2ZJoUAbI7M;eEf3s)D)oc(=*f&nBDmPVE zsd0yMx2DFQ#aWQkUTizo(Hd63(5{x)M_~<*UNYLWDnjG$B?rHY(4ZLrNaqAaTgt9> z@^(}X*+j_qo_-$(v*F@gO$Dvk6qv?OsL*7h+Zrz2`QfB_j7K7?g!T6gORFeD6%33v z<&R03R2iRl3%`VC%?x)h>}HIsYw)I>cyqkc8Srnser@sd8gol9UE9!_i}B znaTMD5l;w1^=v-6EP5&J>Rr}(#4Y*w5pVmR$M%K?wDZ+t#|xlr)5UhoZA!`Fm@()X zkQR0)7?isfzx416%&e8eH2B=qRSixH+H~ZcFM4P}8GPwrJKigYCoh=_WOH5zsgp{w zzvR7%?cSO1l;?CvmC-tDmhy-oF`^$Hf_$VenXpT)$FG|z*bbgfF7>dlDtnhE^Xp>P zWYp2>L6(JY3y|7>^fUN)wogzHY8LHg1=E)~Nwcnv8;Y^)9J`xP2Djha7Vw(j&P%?d zw3OzWP4x|sg&PY0+8`UI@B-r;=05;1&NUOr;brEP!j0_Z7;m7%3v1$uatOf0WYwC%C(29~> zOtVDTl5o0eO?^I#I}`+^H+p9dd*%HN&)(Sq=OnEIRdC^0i{n>9Uz*~nHKV}Z9$EuY zxNR+U6?Tgu6Z=B`~9~e7nXTE=j)`Ik_T5SJa()E3G5} z=;QL9T2QLFD@hL?&Vu+BNi$%$Ahi(vS=p!8J?w*mFQ)9ZYb5;&kJxUAA{;-TlSR2}M6kg{`M0N|sG>GZ)J?!ZhL(Bn z%L3+RB_25%`~`Q%O{t-M92cbt@t_Ro|2o{piV^hx*7tqu)d~NC^_@L!V*$`QT<*x6>V5-xKQ z#}S{5a0X=-Pdu>tZ1qHTe1zm_F!7`&C&BW+2<6vo`w(uq_*a9v>7QQA1dyMqQRlqR z9*E^B@;ivgAy$8y=+IGWp3{m~S(^0l@3fWbBOY0i?1 zf<+;u)@Qs*}zgLGl^0DBXbkK7Ctoo`{LW*h1H?>>9-s?BcDRI2p1fbL^Eo3g zYsQMA92D#I9@R;Dsa>WteW%iRjZ5-zI{ICK*2F`IJD1YN_O3q!CKm=12E|JJ3#X-QuC>Af3d<%| z^Ys>dG&qC!fBV#2?@QnZiQ|x9xIgNzXTz<>vK0{?9>7gG1e3@Bry+hnof%)G=3Cv4 z{+*X68nr?k^k^!V+8AnTgz76`3r@!d5J}F`)jRyhe;f7U#od3EEc?&qZ$BX{DRBf8 zS8iR$+Or@Gr7$T-^o&}WaJqi2zwj4A*yz2bcVOu{C;gnQhD9-IWzr7`>< zOJ@qoXDvm59BJTlfeB#ekIJ7OD+0OVr{QdI?MvB`<;z17>JiC&No5=9sF>edrQTZP zvx(Ko)TTjWFnpGXn&Jg#s4-Eb*ZLl_LHp?s(~-gd=Iab9?QgP8Gd70%3D<@buex74 zui^peHrDU#k9}q7KM3Q32k{_X;vSyMm#$L9uyY5~D)%tW`^kp(>F9Kr+JDMVHXz-# zfTQ6)*EPC7ug7hHTxpYiZs+^IPqAOf+=L~h)|jHsxMh9U7I3`F{%#OFX$n`-d=aF$ zJGPHQ?ibNQ5QSisfqbOV$(}lEnC0iMakB;W8E14KD){xTlgQrpg>f6HViC@9siCU8biAOhe|Wr zZMvPlCO8X0CwC?y_?VRl7)bkTnsX!PC52EDk?oS^zlt%T8O0d_8?fd&JDTe4Z$!IB|&(mL;hgA`I8=wkNwk1SFif#uqWHCTl;AE1j7zcUX* zICSe`Q#zh>@lW8!w&xw&sjh>DYN9K6pG{*}DTToZ#yy|Q1{fL)KGKup$*zO}^UZZp zpjhk1>Jyj2gU!6S)Pr6jzS7kg?GHGRh4Z@+i4JDH+_aNdNh{T`DM_R>l0A}RNt-eN zSE;NuF{MOjK%VVUEBKx%<8tN~R@&kWu>e6gOh?p73l39}$ z8m~+OqJ^fq&~`XFC%%eCrh!gJ*dyHD)l_2yjpFm16j8qvWrYgt0qP(@vH#c#MqOE` zgi01>E@wQu2dK>c<2M7OC>Ok%=5V-6I?azA`8qR{Vq`4?e0CQg9C^(`?EUa z|NF=FnfKHme;4E(02pRzA;0YVoXFsh#3dH18s}Q(Z5X}J62+FlqIR8%8AjGM2sf?n za_l0f?2O+Svo7S4Sw}4kVlxJ#HKq47&i$rnEteuvy`ZImQagoc&DZV#fxbJFjl^7y zdPfiRGsW=ZzbClU0?Ua6;4qz1{)(zJbfnd(XLG|%rs9yu0wgsPQRWZ1WXKA@Q$PWL zMt1FAVe|)b5C0zgR?@6b%ORq+e%7BMb^K>G0Y{0uc3|1>d&tNK04lGddHXxRkf9cR zNQwQ?5J2&672If!?^~hvR?#3u^;mt?ao>O zQ9UJ5z7-{f0LfY0Vj}+{TAzsL9e?mVnPo({nqhD&MnjQ9W@g{V*UFW!ySZ{OX_=y* zT;H(S12P&(xxBJ96SELA5~|P)2}M7B^066yp(RJG1&<=CPB?DK3PE~{O(b0Qscwx! zsfxOxNNe0qZRNr9*hWVhBD+`NRcMO=H<`1XVtiMsz0+ z)0N>HJKYlRcx?DY3j^ONX*L)iG*Ap%{7C_Z`$LFdbsf)pp0KEP`QZb|iF!n!DVBO0 zymgu^aL??Gzy!n>o1|BUa{RUv#s`l+_HqIU6eQz=w5B}%>TW7sz*8Qtq!WMLXBPCH zP&=ZFn$CD801osD2CS>Xu2icNc#pC{DtBG5&nP1$vwKf^|v4Of1$~fn33n1aSS!p)wVCw2)F^D zT;(`F^Qhv?7KSB_;aVtoR?gprsPs0DNnD>s(Z9_(C)Z{fTQjaF>~342%|_*V+;OJ3 zPc|-m4QAO@PSDCi$`OW_&D2RD$ut-1n?8Ctg$RSxPhu+4HL~B5(Vkmdr!zc6qtMKT zkh=97+iQiRAej?%lX@7;<}7jA9a_eAm?{`fY>KTo3f%IP|Loe3~{w|2AYpMbJO zYg!nbIEqfM*_Ur{i^%h0uqq{#)oqvSE*GeuE)Cy9YFSpm%rLKYSbwbKX5ecA8xJFF zLB6@~Qc`mE01|BY%nHu?U#6DNSVIvtVOiIo^6pw+(k+y{QP*5d|BOJ>xd)sRc}0Bf zR+~OMR`h#Ok2#xZC(RyjV3y9k)X^Mka;3793zSd&kXJX|Wi3NYgk$3tC~rs&{2OOM z3_5)2a}`U@)B@D5IjMR*QH5;Eml~tA=+rw6X!){2vTZv|fS2uSZML0foi7}a#>#pS z-xO)Ka(#&ycz@WFi){_5WC83V>}26q7_igPVLeQXs5}5u>+u*|T{e)E8UEIE=Ch@? zVbv#KfHQ{08G-lwRADu5bwd1amqiaP-OTh)?jb9vj4y{ z2i8GWV>xw*htt_lt}aWPM`0!x#x&<8T6YY=YG5`njuOI(lz4~%1K_1po0W`CZYhni zs>^dZr_p8e5?5~4TA{WG)A%>K{n`&K2AA4Iv=`_i%?Hs)5 za0(ehGY=B!_L-J7KVV#AN`?)T1U^@2)-oPU6_5ENq0~}zbHHka=}IPkL9%Nu{;P-; z`5|C)>25;(29cDdOhLVg9(2l8uuD;?J=VWI0Zb4U6P|;~qeIsl|xu zXL+&%Uuo>BgPE9bZ}msCwPF#%5UEjv!)Mj5FZRS5Kd`Sw0pxM-yTnC`d}WnFUPCpr zD&*p{(`g!TpduGk&Z;UXSe6*Wm4Nlk=^pEpbCTme8zHXNCWQWf!#@D1Q4U zFJp$|0COx)EMsteaX|*sT<(UH8u|m+4qSavnNM;R`>F&oeGe$=)Zf^(k70DVE|>=Cs4?9j08(9TLww!}(m|`&s{86-x+ou zy#h=b$L%-E{3CA69qte{Q*Sn$JS46d<~?SgcyBDy*#0f`<~ysb%J zoRhCeb8LwYx+OTIiH<33&z15sB?=Tss$yh%s*4Oy6`2&>Ag}-U7?pr>AM3)H5r^};@knAFzPBppc)%k$>2-5^{2`2a`@ z7C(hp&R2za7ywP(#|CQ){u|3$5`G$_wF^VjM@FD}HK%nojtd2v*e-S8+Su4`nv3ch z?Xz6U-x~g9#>NOBEubMBE0*YQCH+xNI?P<8NFm{ZeayBlEvNFGIL&sMx(&6~ui5&? zCX1MRGQCI4B&rbZ?c+fr>;jkwxVX=i2s5`r541!{Gj~mMjh>pIXAnUIx6K+RKMAt9 zxIdH#6ZeuR03wuS_J0$G*;Fs6TM826;dZ#{*Ge7WYaW2$4=Qep57_Ha9tP5N!*;FV zh7f;8uv$xdV0TQv2@J7*H$H-)2!Jn(b0RLaR|!P_`T`cn^UWO|I}bug-jPKVLEmS@B3vX2P)j@**CRhAHVt7EAny#swuyVI}el#Hs!$1JgfBk zRYvFB%W~n#W8l8LT}GZdP$fJGf_WK=VOgx~swtO3N)Y)}%js+K;M~v%7pf5CPO9hp zRcb!#)O6{}%W#8b*Oa;d=y!^q&yN0B$0sj$c~1^@<+8tK8m*V6r~v&WyOU@5!6^|kh}x>;(3+pi=028C`AG90ebH83-1@7%dIitbKqtP>Zw~rQMNT&f zLT@l}!us&Q3!VSe`OA+-(oPBflbtrmG)?-&VNT18k5yqiz?0}sg=SQ$h!dI2p1~lk zZskt^`BCVs_D3=BQSXw6DVpVIsk>_|t_}b6dqmE*?8qE! zMejN{e`SBCqo+&|i2+-hIJJ(ndH<)vDE3BTfAm9C)B7VkzH8=kGO$3Dy2qpZ%Q(>w#Y4pxodu)Xl%|H3$^mlFv? zZ~5N7CS2;=XTlw4#zrs z1F0+I2%E?^z2y|M#1UGh&xJEghQ3rRf67s=X0ELDc~0$q#8i|^6BaAttcsEdW(ib@ zVR0`gU~8tZ84Y))(Mf7`&k4F64t~W@S4e|KGHx`N+utmsm}C#akJoG z$C;Ah0zpV}?j-z#qlV)JvQQt4G+!Pk@EsVnAcm+G99@3Y4&Z{H5QhAHle;u*U)DA2 zYEPi-K!5^;w5!S)FC4l@+LYGuG9iCx6bpStrcx9zOtB;+v%AsVLh_P+T2UN=k_LeK zZ(2$rrc}{*_vU^0iSb@H`WNdPr@xJaq+6snL@+mxI8D?*xxRJAndOII`*S6LfQ_a` zSVMjE+oBWeFlAXIX@K9IsMVGVW9`l#+nD*UuHXCD;W^5(_sL=hr1>UBIf=QvupbTk zniD^;=Md#eYo`v9eo;8=Gay`$dAtMqL-LM)T9v+n-ogQ`5oSjX2{ z{d-o5vm!~wo>~|nWB?d}^jtxTe3XG+65XU^hIY_IUc@r!n?RyYjfsE)pEnMp7WNJA ze%1*Q3|ONl_^+g>I3c=c{D7mo-EMuSIsqs>&2;QbhchTo4z*@v4Cwx>*G_ieYS&~J z2}4i)v%JW1p>B-PL^geY%Bxp1ZtSGwQDG@E`gdCz#@#VoPvv-65RC6 z@LkvLR0U4Kk+$g|&uaVpEfN|f>@&Os3CahDEdBhc!rLlw%@B#CxO!l~EzF~B=HQO+ z=5=~f8Tj*oPUy?$9WIJr0~paBy2U+HXJ320X}*NafGnkFGK#W1_HWaz*I0f}iX=vz zbieQX*A)`!-EQg*pv*1+;!pS8wwYASS)ZTgHWfm=}A^7E-w|Rp7YFCGj_U^V%|j!cvBw!Dj#WA?_3%1^>{+` z|80Mz%fE=Uj&`N%U0^w-)MIc>%ROj+y3W?k49@DoheQhFm_+ejo+;!%%tu z=dvpc0EkyjLLPlJf0W_Z*nquY?C7~E2<3V4hHY2&yLL1}folOE(!6TgJIN__%#~%k z-NL`<*UWzkfET0yPuK6AbFPx+*dE{Gc6pf`>fIWGLu}5x!oK47$UB3A917$hrGX09 zZYxn%%Jbpx)#SC?RvU~(so1Gnt6U;@Gq+RfoPyk>_`}W%QZwyIs7JMem3{d=aCYTg zsMZ<;yBte|9*_i3x6);7i6YqlX{$exCfM3E2ReBGCCcTKY{GJqWIB2yl(GNunOW{j zGyH0%i$18WL(~3GgtsY=3A8^aL0KR9Lxs#vGMmGI`t9E5u2DtLKaSkxVwiZJG|%28 z{P3!>cF!HN&X{mC&{(B4+l_j54H}c)bRyq2zWB^>QAim-2^>4iQ#A>=)tWAxm4W}1 zCrU;E30?Z&K|?!@l>JiM+1?uy;7iY<`7b?P-zC@vzJjFH0u`dqn)c0-H^sSLs%peb z{q+8Cw-fK`*0~HEZf-EP1+q@0;3HAanQpKqG*Q@8&M3XYp(Fmt;~oYUe~EdT^r{N2 zv}L&+x*ZhDrglfu#IEOT9wqsz&VkjxMP%J%jJN>bB2pb5A zQDGH?8c;b<^6on!VT&T)5|-QNZ5u<+ylLyJW}}((!;~`ot@VBkw}J1P#{CbEXz5lq z!a*;FLVruhYUk2&nLsxvan7iJi>%GW#{xfdA~{7VbqFXHiem5zmVb>kHzbIo#%Hkt z_$djdWZ*!#b*ngx_r!~cRdVkH|F}45mP%JtvkT1{!48m+H`unwDVIzRSB~*gF)f$* z({q3!`COgdMLP)jGt?^KDnhbt6miuzNVP1qy0XSoLsAUf{ zPh~0VFJ7IUr-@@BtWye15I6WiSkMG;Y~+PqorxoQnRuV`mlWq7zs`4V)U;;dLDE$B+(>79b zb>g0wm~A1;GGkP+J8BluSlPK?fH0E&s({O6lJnn+i^S<>D|`#9!N;wE#%OheKGt{4^7F2ZHpNGBg%}3AgEYYa+I^+ z`IF*ED95JoXul+a$2oD#l>-4V!^J$5Y!^YPzz)VRmg2uO^=*A0l4%Eqf9liILX=(6 zB|NeBy`3>f-{lRqlBW~MD&XZ-F?7@Zj%ZLl^)bPdtCF+Z_P2YoHw4H22|~u<6gfmX zVv2wJRpw5AG`5%-zjW+{lz4`o14PZ4q^S9i&JrZnnzVv|lPEE~Pq7bBO|MW*?!x;$ zmh5;b%>(%k;u2kAQ*U12$VKOSU|qc9kB(tWK$F}c!|d%k-OMJ%Kbufi4ayI}BArCR zCq4~moH^HP^}--!LIQ_1{lUVqdwx*=*{5=d#rA3bFXPy(_447UNRvmu$UCi^dbDzA zBIfya@vOEGym7vg`)mzhvuMgzYGYJxt5bm)*3+;>YdR1^0V=mF=q;K4ur+;FYBXir zL&!n^WqZ`OShBx6sM?}qwV&p27igQwt)pE6#$AoGS?5o932JWEe+yzLkeKjxZ}1qr z=euBeRC{apIvn<*3bhYRBn#0yMhT@quL>u^JYs5Zw+aM2iCh7=f3UEo7GeZZ3sbxm zW3K54!W$MH93d|cLLI~H-ufX0k>=`hC#nV9i~0JuBL}?WqG9K?Z;Pu_KS<4MFB)=d zVt^mN(?xc3Umt$~8xpt=iE=^*Nh6rnBrRHdlswpF+GM|LWpqf{X70LTNY|k|xt^Jt zOgZ)ta1cRDiUm;3-|-!q;OF_!P6%#@S2f$B!!s#GH4>>GxY(S|uOTHY$=Quf_#=78 zV#k7Wmj}fxqcTHNxqX^@>dvL-GeghtxTm4uXa9hyLVM;%Ld`bi0L$aqk4_di8e^v|Y4*srZ3S0`9?9GjKtM`7NsaDGg@v+MjZErS8Vx2_`MnPNZ@ z?w~UcW|gnO2IS(WiYyP86-2h|pLG`_jAM9UfgI5efBi&W?)u?9ZYiQJL%4~rR@z;D zmi%+29Dv0Bv`w6=gFYAh8ib0yM4`3PEJZDkK2-Z!VA6EVFjGGDw)jm?X7qi#$mp5N z&*yT^<@z&CJMRF`7xrS?knVEP*1c`1F&nZSl`A_2N0(c2?fQJ{>gOQIAYi03b_bz@Ka6u!!s6t)YFZ1 z(I*t5PyZ60kOQ#`TD_kHIJ&PvQL8YSm99v*{EJw$ZProLfybB! zat5SIuY;oIuobFOTpq7tyi?UxR!Nh%;yM_lBK}n>4wR-W(W^13r$d+#TMZ>&xGEH% zEP=NrV_B8}C`BE}p?ZrgcTNyH+Y?GH0L0C>V7tGJe1+*8LOs?34Te*GlpF2Mhha13BgbRc_}?+er?M^ci(^z~Fp5QnBoRzJ z!zbWRpv(|ko@jN3$B9P%j(Xz(r6P8y2ZiD_o z)(hPbM=Q!AK?~?vd!i`%8K*jSS(5U2!k$z^p>%ug=jH{QrGzbxPDtnF`oMfT`+ao@ zv2ui;Ac+XLtP0s^0gk;B^B*u81i=CdPqsJOuC7aE2+0lC)_)*XENVWzn%N775t|Wp z0k>LBRCn*nNm#V=Z3C#75f|_Q!buwGzqCl_#>0IYae7jUWH5JX9>tLHRYbG9KA>>Q z(H^V(S$!00C>e&>Stq9ZLd{4!t^Nbo83LaIO4G_g>H0|$Ht%S_`{-UL7mKH69571j z&0P^5w_L{3vmn4mvoLx4-#Z1N`;b=^Dd}?)ZsW{^ai_5V7snrlfE}9(K(M<#NP%+Q zjpf--+I8FH!v{SO%niDDwI!gvKOTooE*B1a!1XseJ65De0x1mN3CTj8f;C-!wnHtT zl2QpMTeD*@<}w@_J=@%@Q(ulpbreNtj>IO$mu@|_!4$eDCGfRO(>bXNRo5dxB1{L9 zLWIZmWY`2rh&;F0zr+F9@V8GC-#rh2t&Wbrr#8(7r*(9$$DLuI?Lt1r$zIIc|e zSW@y?$EFg(HPvE?5;d~zy2VDxj`XO^w&>)j*fnv&%Ctl9Y?8d13i^KgsM{vBh2SFPeM8 zu%wGA?}j2nYqpyV#wiUjf`DIH^S&LDZpQ+(lLl!}HGnWQrwG;YyEN)J>TDWcqg7Yl z6tgDR*gb?TGTL|5+6+8vd7TC7=Jh1B_Ven9cDy)EgLZEc-aeM~nOd zAof0&Goq)8QXrAMpu2SxS|fR~Tf(1a-Sx_s4N!nY`%f}?Ti?^-)Kdpzv2m&A-W z?||3IO=4poW7sAxH%cVO93@5c>5_6%>$=XJ7gdVVAxOl!|7a|sPFQR9IqKz!hSgSn zD{_@n<%Cp`S_00*^TXMAsVLK;Q#v9)Xu};_hZy=k?t*Dox#cVGR2pP`r**;#pU;8b z^+xnGaL&U(qI1|eaJ(LhN+gmcYj~Vc3_zDi$Z-hiSoR{z&(NhzJarjsYNo)MiLNP~ zg(U;Mk`CFttMH>SE*!EP@JJA4eR@81+)3t_Xqdz7(Vu?zkmwAzfChzlWQoREZ@%Cl zow0IwM!OiEFoUomFvTg$?^=nIQ)JF&=8sC*a1&R&69%M`m~_khCWg3RA&oAfbwKpj zTGg$M6kTo_;VSWHZTOc8nlNl4;3x*FikZxEGXB9uLm010b52QeIl-&iOCtb%)2>Q4 zK59XoB>PC8pE(o`i#HTToJ0Xyl!m)q=LMEfPr=OQ;9t4wnZs4>MUUFDlV&IZ`j&UG zB{Bgk;kkKQolxFk1V*Qb_Q_G)I3Sz;4}5cFZT8K*UOTbnwNog!PGq{g>wA$x(Ih7oBT7)!l)@emv>)rMn0KMc*u&>cVwb6T1W5i-Kgqu z)Zla;{`z>EjZ{;78lg6toZFVLH%ib)?B{(2I^X|jy2kK2pI{%`c4OPNZ99$I7)_ew z#I|i)jg!W9(im-QoA>?S``qvE*`2dHJD%SFsS%rnt}YZlS3O)YJQ@(Ty(CtnE*9Ue zUv7PMd{4^upe2QLtc*Y%=G5qEeB(tI3Y~{8zmg3mRrEc@As9J=J($dwQhGOnKfQ!# zde9N#3nOPf-eH*!J_I_O*jLViZIpKv$oA@9nd_&0i_pC@qN`dKiFJg~XD3aJ3L3s# zq8wP{clqrbWb{a6n1mo%T1KrV>XV|%(snFsSdmBbiZ{AvWTVzY{kGq(vWE3zR+8^^ zBSS_=txrvtOW%>tO@9aF^PDnxtn?BOGJ1$?3Y`j=k7(49?RLS7lc~gzry4s$`VQ|_ zTlHcX?1|xP{>tJfYt%rSi^c**vo!9GIs8jI`yu}Hw)CpDoaqWe?Ey0tJ0--*9L9G! z^o3ydV`T0eR*v@_s65Q8b;N$n8l%Jb{xi3wk|JoacQoBC5TU)Xy@x5Svse!TMKBD~1$(h&rZ|Hr z&?k{?Rh(QqGQ`589LW>!>?PHQ#TA4*x`bTDh<-omzC!7YkHe^dXd6MEE59v4P%1d- zr6p;b`SoI2p&@57(weeKRDG-Uazw8_Yo)OiAmYpsAXRtg7Tde>l zAw)PlFne8#`jBK7S?I&-bYVfl76Qjyf*C9>a3+*#`WpAwqgt)H&?ggX`C{c7;>oZ| zp@!X4M_Bg*g*{df$y;vL);z4Dt2Dx_{W_#s=kR+zT~@%E1eizJY(tw%2>&Kg(lK$D zQ?)h`Yk4>b_&=g$)$XjyS~GMH*=Z~$6p`Ou6|Jh?1^)b!NVs4^O_kT9R97*?iNGRg zmA#JU+y_eM+N8YycD`N+e4uj5cnB3gFs{x*haf8j!gEOVgp<<0Q_E@Kqy=zlNFhNn z%k|yRVv;kQG|O)`Gd1LJ#aMq;0{SmFq$21jMTS6J&^g#f+7UiztZ1k;^l1j!N56+k zY}PoxaMg&JKC|83jUJ1ch_1CrscgVue?15_o4v-No4Z|4YmMSaW*Cq$&i*$u`<~a= z`qZzZJ6k7B%1C#uJZ&)lSk~V(vc50!4Xek}Jq-19+JQHilhq@S6#EBp z4;(AVF)QZ8xQ5E_PmJ33?Fk7f_tve+wnW5(3IS&vTGY_>NSA?aLqNr_rf^luQK{AL z_-kMDnD9c*(FW$_nm~X=KJ?j_gLJ-C-h#J$&PBhyg7M?O?bvT#b-I%YdIg&c+V1i! zL_lRw6+cBCNQl|5J4btXy_F8+D$hi^qn3G9Y>r=--@!MH&vF_(q?LoM zM0>;Nx-DWsXo5D=iwgu@50Wtixbr#xLGVEh=4h{s7J`m(s8b29V@`$qxh|rtm~d^) zh>%h7JXbbTSpt5H^vY|&$e1kUuDVOmq&^Mbbb4#B4^}xviDPuOz8d`z#>>SpYoZ0+ zbysL!`?qy;iof=lAWk8-U1@gDbrb1U6uu|@BWDD4RE2*=Mk3pq{Bco%Di&B6 z;=(fVdM?lk83HH<*#ev1Fm~yFpKf3}LB!}s$8)0~`{};2FNUPw!IX9ECuKFCRU`c2RT#)fwXx>{@`?0#GE&|OPBC* zji8mrJVnZ5fze6)g&5OZJ&2AC&Ws?j{3K2S0TmmUz+X)A9{pF#1dwE%sR(Sq_tOs# zL^Sds;j~#F$8KbDD*6}r5*h!`3p=Tfu9a>mt}Q1D2MV~rBl zq)~3EgbmByF}rO*yq6~3Ki}tmejpH()c)nM316}Qlm5@5GpuSJab<9ghJyPVs}#WY z3{(Kdi$FUYvSWUJ2iqEem3i_7lQ^PPRd5v zC=OAF0qdg~MftIiQJ z;(}dNDHO#(nA$ILiWorLkyYr%yG3n3Jq%yq&j@^G|NGMtzx<12Zh^uqaS|(U)kJK; zm}5-Chc^g3^mXY@sqOt)#io%@`;ZM;kH^&X61H4EjBP*q#$gg0PCiYssx2Nu;GDm~ zZkA^q0UKVLoXJ0>w>gToD&9>I7NPwI|0=&(2@+|?4o2fW#qNSj%CCA z;MZiz)yY?$CVH_alHxSie*J7@F_%|fZ5YG$Q<=a8K3{L zlmwd2yP850wN?XeAb;gr;lrmLN9P3;^)&5+9{LEOe+YLZQtg6f|AF5?5a_AkUNd{S zlw1kMtNih$vw*uYE^SPA3!hoa%k~I!_WL%$;JEjfF3*!@FMb(tpkW+7V?<4K+E7QV zKWN+Rkw@1 zgn^~zt+`TdR$KDZIRKr^y6YDhZYb5&Zi4tj_wRyRsvqe$5)4kU#Ub_YA)M}CaUo8H0r#=1z73&We@7xgBThM~dZ?{^gs+30O=4b|kss_a_kquI3 z4tP4!EONK^_a66Luw@IbeRC%*l1QzUrLdAKx+==>omMHONb9a#)^W)nllbWx?Vx%x zR@%zH!Z1fB6K@|T?@>APs6TP#GM_xezIg;?qSLcMTZjWyVHme<6r&lSDEURPar^QI z6}^q8>}ysOJeJ77vK#8Wm@8!(?iPxS0AMWjh*tk<Zwwm9-_S*BIPW$3>89LqeiDL>7>QBui-LYEV+jt|WO9eQXNhawN zc<_ExNiGvsEBD36J;B(D9AUP9Z{UHj#44lQ1S&%pJxGF}`ItV5R8Fyh-oI?n( zsn9W~=k`I(B-df*8=mYGk4ocPyaR+H9oAHfsftb(_jxqu*y()F_Y!ofmjw{#S+Pvs zb;cl4P7C>$WS}{bjh%q&ALp9r_&bi)V{gu`JhfA6pDFgwNshscA)-ms857TpZM zb~w!DPAZAXcY#81NW1N8=lkP)`6Lg8OpGI{pcA`Sk&#|B|3JV6U4pryEJ?fX{~^XQ zMvIhW3aMtMqGFyc^r}YRo0QWO&HEiHRwRP6EWXuR#BOSf4dbqTRY+u;l(7Qe{8btP zkde#eBh{)AqBa;*_emZ0A1@>fKd?rL)^WaEy&pqZJ%i{rEzZPXgZH&Cf4q8{7<@%g z-HzgvJ<)FC?V`_Bhf^Qtrjn5X*v0YI#cgl0;tRz#hy6~ym2)bh_8!{BKRwM*vN*5A z_WP;nIVuhpx8k$59zevo#U%dNbjUpqrS1Jp%#Fjo-zC(bX+7)cb`G#RUej4wE%>>i z`MAE+4AQ3Hv_^>F1+@IZP|O5p9WeUT6whzo&g{PMEya zUIF0ZPkFhJL?-{J(l-|S7Fi*pIfKayo)IgGj=)B>{$If(+HIrK-lU!ywUjX;jL~_q zcrZ4@Zl%?1C;h}b?f1k4w8Wh6@>XB7fTchoPLn6GxT=A(d8I7g^W~HpZA<4*FJb|r z_7YIeXf=kvQW%Crl}{G4kL5zY8Yc#1^D$X`vl{;E0nJktxqtJiIC`o@>Zs$??qa8G zM}t3)F9)OUq3LSal&gcU4k51iveCycNW3Rf2f0VfOiUUw>`t14>rZXXoo0>0C58<8 zMZ?D+j?Q5t1({=$*ySeBQ$g&nYz>tUfR+*eV9#Nrn+po^Q*e+K56Yc(Q;ams7r8C` zvp3m=aKbt6yR@gfX|$whoNBHOBTjj9uyO<#Vk2ij1}*!^e2LH zJLqwvC>&)R{gc3t69xGu73B>fzixKI4uUr`8*ObC^jAN_(1%7dfr^ku7AoQZpPtj) z_(w)|25dllSl42>y7#a%{giZHdzXW?9zm4iAiSr=v${Z6_B0$zQsXYc_1+abopV0= z4=k}4`CMLs#b~yaAN&KXfGUumjKWUh;E^&qaMx%grQMTDe4*Nf5IkzD)yN&+4!v+W zUyQ{r<1ilrNRtQgS`3Za?%GKyM1Bq~yJ*KUGQ{hO4)TVc_Cg-hndQ10)5Yh5n{&ti z;lv(R*vkq@DyOk$_h&Y8DH+4Y>G-PWUZ*xC>pX<0v4U*5lT0q0Gn5X*HqZ~D6UH(Y z_{V=>r7%VW%I9i>k&Hu3%U1-oe;JAS64%D*fyS4EE=dit9KoJrtJ0Qi90WS@%EMA~ zq+-7Ah~$3>%8J2j{`uUL0x@}Sqqk|ILnc>0+NY^#Si27!ft<3<)15^7CmW-TI)qtu z+RNF_<)Ava(ano(Ql6B0Pc`vC2OaU$&|6mvZErO^rFnPpIGUFWFcY$;{nFI=;Jb?l zg^xp{!hJ#C2vfYFOSf6dt7THSv_aOs2?K@M5@2o5Q_31!P!X4M`%ow|b%ssI29WMP zOn*;2TlY~P;}F_wuCvqEs~*>dn|P{cz?K`JA2k-gC^d&@mbm%J)8+!g@bEBXXDlPA zn(j6^OflKH-<-CTxsujOP8Wv^)hm94g5NQ0X90v?05rH79_AGM0HQwAO6HKN7F}Bu z-RW!%?-{jTwEMmbi>zNHs?NvZN8yAes+%j(%h}S+zf(dogu+Gs{Z$#L3rSriY}l*e z)-HmJw3exUK(`9?TtZmprV#^bGKhC-AhJpG3EM3vaeU(my{dS9PBw)3$Da1VIys!ep`pxCMhLLV}Yl@T+ zt?>`Imhf|wHi+V99m?DBBI5EN$yO5kV8P~B6n2_Zf&8pPX;m$Ylyz6jW)qA3KE<1t zq)CNJBwP zI@HQR&qvm&vt}i3itiG@m}TXWYLv@Jtc7!eo|~!Z4jk{dSczRqUOP0D5gj<$9nj67 zUdvBf3j=tKk+Q4b<1>1?gJ*a{BdC?@0|S1DhGPSi9gMZ7ucr^|{_2Be)*#sg#6>6L z2LS56dY_ns4pRF$MsuJ#7SD8FS4~q%A4@7TZbOtq;5BJ#^aGfPXLnSsmH#ImqX`+9 z>GNx7s*>nEhdfFX`&0BcdCgm64M+?XaT}6f*XgfC3Zz+DYSD{&rG9dE^Y>*^^bVMXK7h#x@=un;V9lQCK>#n5Ln z`0OPLKBUUb)E}2_%{xK$zR+}dkCZTseuqzgVm{G<$r{z%Yklt;WzexZh_dHWsCQrE z(YLpgNyj+G*%_sq@cfsd7mKGrgWt+=qKRv+2`N1?uc4m+(#^No$5n@QCe;PPVLypH zWQx=Gt9opc*&~xKb-Tm(O}Vig4x#mwsR<82j|nP8^26y;zr_#z+K}+d)|nqr*~w@2 z%7{HD5&*s#^#BG#3ygr+PN@XKFhn*`{tD>4o@;Bx<4>C~`^NamltYjVpt1hwgYyne zY)TnAk5Gn!(vDuMKx972nd?%1UbO@v>N?m-U3b28=X_=VB1`{xH)zDo;w&>wM5C1+ zUhnUkFZMg#`C??!@rFL8s61Rr7+jA2Sz2&CSyK^h08@`+{Ic=^{=Z zbqr0&Omnyx2FBE$@T?HY=0$EIBLApKEWtmz6lS0w;f0$*?s<#N6?FPsRyqO}>2~@0 zc`8JBguZ_|*!oQT@%!h&J0_yxKgn;)s5j^G9JfNrIDH^+1Y(xj#fJ~tnU=JUsxW?? z-=ACS-ye5Ehze38TQ_7?ob^~jox?Z9YkD3Qc&h{DFH-BjI-?cexb*FB7m7n^k(79` zVpun5RIf&3G0+M4MGCenhb6bAJp59}4LrZO@H;eW^_)P+`Yk?3m&gR!sWB#CY3tmY z99prD>hlh|y4*UyXDMAEQZ>c!XLmu41sl6#wBcq!l%FO_!B?5ruOCG9waFuCWUrLh z#@3^E`K@@0zSK539cabTm=CD155abQU_UijzSKPJ6*w8_baxy~bw)fXiC1`cf9)Pa zsvQ*sX!vuo(-52Uj9it;gMG}gj3WNq_pWL^eUSL^&tnznv}1RI0E4Lj45rC7Gv8%Kqyg@%-Xs`Y?7CJgh^?0% z2bSe3pprH-x&X|KloyweePE}d`rPlH97~y9lLXR38p13MlGE8?V)0S*W`)Xxq-&s2 zvP=S2wHGcH7n0#CW}F0!QM}7Q6B zWf+PxV|%wQ?0b`HxjG4OCD>!W#}7CBU!^uBt0PX5qk2`|=9L`d*ZDGhq?JQ~s6-$Q z?s_~1^SHA+T~D(6Ta5+I2p@;gWBkm7P&~&n`A!!~{)jB)RB$EZN)q2b@Ur9xZFo}{t_ zyHI4_Ow>*i2W(-u1qqFR(WEX>M0AQfK|N=*yiI@}6vbP5JMqwrwdA#&o@ets*FJ<{ zAPRCFVvwB?;xYIO9lLz2^KnL0(+@jB zV1Z7hv`RU72qORLY%HJ0Sp_wbNGngSmgfE!rF7qeRwNI79B2z%T-T#_5AaSBa`(R9 zBC%zXwB|_<=Q}cn$pSMNOFufB{@Jr_O31oG!QY1ZC4k*bNb)go)GguE1;Dpz`0z2V z&dY8OFJeW8oW3ddSN}(8B{(CInyi&uY)PHDk)tUejpT$a2!;ofhfKZ`X<%%My;h%nF?`L`}BbFQ|%_^(FhN- zlB=XX9ANohR+JDxjszsb6XtzzoBIBG$>QnaMy=ypbZK|Ib++aJYsu>&uA|V^>E*8a zc#8}AtkY@X2@W!3I;BXn#(U4(+BR@X$*p(T1lRh!eUhBde0m?FH{H9(rS1{B`naC{ znDhhtF5wu>kEvqTO~DcFa}crx6Y%!FvU1S$4>}J!Y=S%RU8l^C6jq;m>ejN=)-&tf z?%t5aN>^LtFlx8XXv&p|+tWp00$NUL)z%AiJnZ*)He?d`yT^v-VfhCNn3Gk#NVUi3 zM>p=UDaQ2FeRtaMh>brRY{nX*y9SkCk~L$0xi+2-5Y|bI;I|C~6_s{p~z9cCuj_8?-z+Ga<^CK1Ed;gP1Yr=uy^a3)mc5%Poz#C}F zMWbbY?rO{L#qIX(0ov4t8v$);)lz!i9^8QkYx&mz&v-ed~NF1M;J_#nm)XL`I||cbccno43+r`Tvl~W;oRA|HBGcxPI%q zp1dJQDmBY#!Mu?O1Dipk54>B2$L5q}JI}w*t`RGNSPD z|DHNu)6n0V=B8)6PLzmk=%`}I*Z?p`N`G<5ZOFAPrN(xs!}Um(0!u8_L(H%Se_c{z zF`hxWu~C34jmJ{M7&c*?fE4ArPVCVF3>vG7q0_v>5Ah!V?&)1FlbAq?iDV0@9>eK) zGJZ?ghAXMkNSp$+d>x)}=sQm?!1i>%pCs+uxnFi~GMdr*+0ehOx%w z>Wd9=V~-79Ljb-(*wdGbStGwf8O5FuQu%S}18hiTMw~LSfpJC6%1%^u*v~P0P--O#5@f5 zlfOT$w1gP2B;7mr<3I-g-WT48T5@m&-IvwkcFX)y#EY^h88LAVT~4p5S@cLE+K^5K zBg}bdyX)t$hmb&S&~ySjcYG5@pg{lY)0WML))}>aeDB_ZX!x*uQ$r~MXDf?w`=xGO zAv_)Qx~%QZ9ZR);Q2$a$bz*v!ku8k9mcQTQSMZe=v=(B_=7|~)WJ>dASMsp*=GB4(X| z;t-`NK6`TBXZ-PA>~<=&H5eg?#s^`Ta|f17BDSo|lJIErClzhrNP=b)a{I5bZIuU= z(DY_E{Ag8-1l{dIgc;z?YkI-3@Batvq-}Z9SH)j@!b+QwcL*L;RBaX_%TTeXL>w^~ zm$VWCs%Q9Ss>lY32ly)4;K?f!CMKtF#S~kz^1tof?4_D(3CZlLJWxAn9gJdtzj?j%2*molh5GC z72w8}V-640o7oaAE9p^r@v7e$t)Qiv!vu!_AQITha8dRWs)2d>)diJU8p~F{nM)EJ zvI1;SX@&XosZ~WKjbStG8X~y1y zjBA~m7S7TrI#c-#O2O=aHh+%=B+)4#$y-u3p>9lBpFY1OPRwCsp5dMGE?v}ueNXb1 zzoYjDig7G4eQ36^cCVz%DOqr;QI%4Q(`Bl)fMW>h2&k65;F*$~iNE>FMVIyYZ@+A7 zJ4`hDuk3*vSOxf!P|5^B2YsqJ?A%CM=ePYjL0p3R1^2VTP4EwIOCY4v_mKe(=Y5&(Mg8(rMO*WQK&Mxd zJD0dm>}9GLv#U+%475SN7lmxucPYKbWthS>ynV*@;lVllNBeyrQ#QvztG8QF1W#Ak z;nMrw+Hc~|UZ_a2%+?Bi5$4UaCeW2V~7iW}54Zz-nBXT%N3E+?yjwp3STjWL%ms?I22pvbk6aWoWhkti=6YM5%ta% z8l>;y9xuFNzz$S9?fZf>(tZ(In@5jACFhRg9lfncmfdrg z&=m-dSBLzJ8`zb6sp|~uDCb;854?S&k)X?qA} zD;ZF!Y$wF5Gc+pzeJ_2fb0~pLOW-{yYtXJ=WpT+m<++c(CPLPyf@qZg-eg03l=04s zCS2#5ni8=1(HxHdIHCBV5*&eM#(3H5a31&lJTKP_ptLlC_^1W(C`su)~X^E%0=yr|F&tZuBxi z(Law$;ihCa12^|e$)(Dq<@rFAb4kx_;%-vS@QSnoA~jfPa)*{y_n*SAm>cqnC`rvO z{A+Cu1HCfqV%t@8OZNpPf#ej7;3N|*`*YF<9+$1t^54fRq&eERN$(OdoX?e6}V8sa5|5hBppdJXh8C(?s@M(qq6fxXjLP#o-n#ntN|PbDwOo2%2Qu#m@Hp71&M zFYE6YMBv9NvFM=wDod3mQ>j2D7K8i%^)u*9FR{L6@LbySlo;MWz98!vLK&&M234hq z9%nF-N`teob)IAa>Dsl5_yrB=K1M%F?*o1u%iL0Y`J*xNwSLM(UG_*PZPL?PgY`4u1~Vocy8Lte3(G3>SEg;(rh=(fAo* zfc&@SP>(G`yg&5;b*>AgH*Z&Y{8G<)ST*_F`MhVD37wIUMw{K|r@$LQHx*F64R4Zp zFUv6=Jlm0VN$?31R3iLc;fkXzn3|TODr@~KLKlxp41gEWcBX-~LR(qQGL?P+;t;Dw zDwZ{+RMnfmM!rtvNqL#Zg683^?R11P$}@4=O?9RwY~ndUGVWsw#epYlx*gFCi^wEe z+1JUp_3(*;3^_;)Vy4!df%y2y0MrFVZuT50mGF3xi#>ux-(Y{p~N9 zU)MKCz9yF6JEim*2NtNgoHNDL!N^sW)scxnCzSUf`O0djsdNi4xTBk$mzs*xKhfVH zP?#mX;AbUh?SaD(FJDu$V#F*Ek->Kle#5=Pbx%|~q^z;vB@hGK7KmbHCZYnp1*&CU z&tNVGjfzo>Di%1&Y*6N21G8BSZEnHvuY=1uEboc{c5Fc!#w=^ll-v`k?H+bOR5rF!3TrNnp!_NAenQg`CES@Qh?Qam@ZU45 z%N`husf@)6VKGEDmGvpkFfN2-2TG8&Y1|dJM8S&}#aO>RqpC4PLF?V0s~a;;^X%kX zQ-YF?0kgD&ouvbqWVEkG#3?Lk-S-dqM%J6VL^G!x%`a8T(m3`gl6Vug_vSqk&vt6Du8>xj02$lCT6vU|Cl{E~oL` zCk2;zS79}?#s13*%A!iH71H-V16QPoHO;<4jC&pH@0;C^+pm`QtI^2a+y?rvWgw`x z|6rP&jC=F4^)6QE5sEvpU4MfIHb(BtVb=T0=;=N?Z!S6zBc1z$cq#q@2Yr%nzjPZZ zBTsr~KEXo_r7GxkCHE(Q9YqCuC2@;~FJFNen1l_qj!4~(Weh-w?nqG>k(DpU8D$luaftSudLUg-XBSDIEVhH811Hh zhMG4%h(Gk&oQ(>ILs6}R{{i==^o3=(c^VWL0^-2067*jy8#?n$-!a_U{GCgGVgX+si}uBKI}$c(^u@h*E)<-v%Gh> zE$0P$bn$1S*HK%JwCQIzVc2o3>0T#(RNb*Ezp@G05KklOCvlX?rPG+{*Ym=(SsQX! zms5E0?>jT9)P9a^b@K4k5_uJxKsOLJB|bD#c75@<+pO{fk%as?@u*VC6WG0X$MO$^ z`VzT^R@~ukZZ7;$bbz1Ivf#WSupSz=rVB1f_Li z1KFo4IVq?h5xRo~TH5nuC=X#}6RoxIv17wm6-mM<5=Y9b4cKC*Ns2HAp0DrMUi&*d z`1k!zqaHCm8OERAbR_YW`}~T;VQB~2&R9EKW;M+;K+tSv(WR7DZ<2Jk9i*J*?$|KB zjus;dp;jKeLmg^vIdTYNWe*D*9gOO$Baa|5`Hko8 zpt;5#LG%fB0$+r6nXwGLDF5=rG2B<;Eg*kyqyP-@l=&cCUE0Uc}*BQ?`k`1ebc@E zB%4UVJdocHKzh5c`aDhgwCvQ4JW-hAmlbEIfeIkMSr}&G8?~3(qJ8y~orman%Veic zmKKDuP#VsuW~@0|I13t8!H*3^%>%a61$ z3F`SNZFPX(-7Uenx7Z-vwkIHJ{?^RAe)u}>ML?8=&XiXOHXjK zch|124z1%d5X@Ye5=b(av6rWlMN_D-qLhzMqPYX6MUdt#y+6-?H$hn=o2Y&@d+Wak z9d~uhZ!MRyXPdDq(K@OqBtxM-18_?UC>AE52;=f_feyr8!u#?X*7EnHA*7}BKGB_i z0O^}1IiivH;k7vNzm;KEd3Jnkeo>QQs-(G;+sfL&VC~`?j*B+7;djp-wLYhlF4@LF z%Zgnm_N1}7@UQIjr%P!?W>e+C^J(B_7e<#h<6px!dd zD!N`yQK7_UYB56@EyG2rgjLs&gbdbLY079dy;g6c99C(nWN$-Av!U^<7UU}9N;&~W zDrLDZ04J9Zw%xIHuwPY3nTebIfY@fM#0rgi65LYIHCm27Slpk^Jl?gDe8Ed`uNs^? zw$K!>fQnw$xT+0G{)aWl4p0JOkDkCPVzAbl8ZVcJrwsb>O#|8xACHPoA&S2aaTIzr zrEd~ThJt+vI4t~XO6sK*m?TYkGRvU?G74+exaF|&5xQq{;EmqnrLjosEZK@eJdBQNs2QOviMq1>EF;X>R285ErOJyI8K%9@U z+ckER>0nB&JvLNS_$syd|?8kQyGDpHmF zpw&1hNdmi+We&ZWf%|Xyd<+A6G6coeH;#HKqC%XbkneT@2m0V!E>+*8OgNBxBHRg#PLV`+Dv>x$M|sy-h~XOlPPg<4c=S2vE#9=m_FuBSFAr zaPbldN6CvKo7jlLD&bEM%u15eyo7$b@Pp!mlQ-DJG$BIv3+bJ`$vH{V-~g&Jm>|Yb zFv_$PZ4y!>dxgR7(KUX~QF3DzT!%~2{x6SW7L-Gk4^APm65W;rzxlifTPVyTNy5jL zYKT&ys0KP$sJL0?Op?cMk%FAlt%6J6Od#sPf5cF>7L{3W+~dc|`T}H8@$%nC$lr|w z31dheRVM8u)s&ZHoxPN;kh!>NW2Nwl>J3{;&84_!Mv2Y`UE*0vk9Y0VLg#aVRrjS2 zKyoz|UWZrzM^0){Q(^faEVl)OH$wPaEhcYH?an36LVyN)LHR5Q+>VtQGqSdNK_7~p zaHC{WUHq1u3L*tOKYG3ZCL#k~N&2g}nqC>fiuPt5O!?s9ewQs7Bh?n9!7*F6Vm)uf z3S{pPlEhO%+Alh2`aSJPK=A{Q$hr}Zl3msiOVu>Sj@$_!Y@%HKrydvEZT?ue;D0nB zygJF@YH`umLZ}<3+3`cOfjUdmpJ%^H3S*_X+ei9R7HVh^jm`b!{vLi1FQCX#&#;r} z?2W>Sp9TqBfF2`+93sX-ctRrrBwMPW#<`%!6ss$+HW9G)5|TiIzXk^p?QHAW^Fn_G zlFThcKE{7K-;JiDQCS(?g!B7QHH38&IYdRli_Y1&X{kUGI_OwgbEyU?RjZx7Yjqh& zHjG#E zZz%e3xDz-(GW1DlA8S3C$#H_aA9-mztTErx4IIuJ6@q11Kqt zt7|!EsMR2&59PzHmM=7sLsJ$G2GVJclo9H(Iwm$9iV>~tl?-A`G z0ilGvXobBZh9-8z0l{cl>7d|2a8{Z$HVS9VJu#wvd2quR2_ z#gH%DxZDOIj;;vXW8*)yiFP(yTWn9XC*7JUv_aGCMu1y8tP8>8`@xzwo}IiBacU{@ zxEgvw2wk#D;2$ioUhCs{UmxADvjq68p z#c)c4^R4cm2PTHF=v^gl#ve``%A34R{uKT-|&$dhnspc#Rf=*0cSrrwu z%E7Yo%tpm>BQ%MY?cLfVJC$2etA`&nSE_d1574KF?md%kRz@l*T6h#01sb%o|vlXB&*5uMGpc2=g*iu4-Qb~@&mMFWG zb~Sf;uTCQ^w)^MGGOl0KsutA3zAXQ>R%^eyzAxqIUH|Us4#A4QHZY>rP#QeyhMrtW zcW=W4-fYE~AfeJ$Hy+zkowsdKqbV>Ww%imDyF$`>D=~_ww0DD@pSw(je^$7*rlmfh zF_O_{d@WTF3+(7UUm#8%NV^epD$z0BLzY>Z(ifh$tUpZkuv7m%qJa3uwxad@jTgt0 zJ4T*er2N0ss)${`dvfO`2*XzP&pQ|iiBo|eFncKpgy?p^D&xLv&(7S97)VW>U1OT5 zrKLf5Gne{*H$qmlJKZ7;5`b>ePCtgqLvQL`#9~9IVO@PC4-Iv%CyjGS{gw~a&v=&X zhX>eSgoHYX(mGatIUp=O%>@2hyt@HS%9&gLD}U1Ojr6rX%X(%@feYxrOaXCVL5thn z(s0US;w>TZ4XI{dpSMtKHRKD5va-NJ2BnZC?tyNQb2#xJWS&)u z4u>7}3$2?z2q1mrJaj&NBRIz+Z+aS$(TD`QMC8i(vMcTaz+S#mFMNp}@6cLnth~#cJ%Oh8W*TpqxK}Jei0Q?B z&|(9h$Tn?Wb`oB}LHj3`*LgWH(ReIHLOQ=aOU0G51;Tgpph$Au}MZufG`pn{5;oz|`n9)(oc7Gt|-2!_5%7 z&dY?}b(8D^Om}+`YOnY6EjThK%--WlH#;;BDW^Fy1;}#Z6~P&h_djLsXOH{m>yi+n z=Rd7+pzU@AS299DaJt9+(=sLO5Sy=Ykz}bs!pj%fKkAVJ6i~Ckz8_BOfp8DsVSl%% zOulMQZY)!R}?kZc>t+)9EJUji4Ifzr8QB&?j{~Qd9Rc zlm4}QJ3`A8@m0ew_mkRFreQ~iUS9e)P`W!KRO8S`ulIcc+EwyC?qXSj3T5`qdC1&t zAJjNKK94Fs|CP##jw26?QC4=ET)LHn>}jiINba{55PyJVa3DHw2%j3@%a7K zyQi=p67(u{$f2;*duq(aXW6~YGNji4szFWtW&9gSpN>&(S_~{%nDWOW@#tAn7el~3 zCgJ-(92Jx#*vQi3!H;Yk?>zA^m9m4lX@7W$zaPT z@SxQ(y4`HRuvfG+)WSE)C}F%?D5gZ8QumYPWGkTaY}PfFgs!p8F7-GFTCAooqo^DQ z)P`pDZuZ;{{G=DXREKtok5QqYvmu`B-EeS%z5I+B9`7+kl;$KW*Myq# zQJBrDi&Q1F1ir-V)Z6>Wk%2#N@N$v;HRK@{afHX3R-=-u4yU;=yE{NjJoT{-DWkiE z;n{^k#*epJ)2CmeOD&r&LW(fo^9CX5G&Z6bThqTh7++hQ+^u==*S5seW-qDXTf`={Vq%IOj;yBj}|xlWpa#wXW2xC>ii#`(Xarnp&{sm<}k-L}(53ieH!Ly8w9 z75fe{SvW&d6l8pVX&6EHU>oFpWy0Gv;iWvaxC^QzYjgz)r8tE!HNmi4pnKL7h_od}AsAT2R zeN!z?^sFFuqjDL+{*CZP^UL1`>aE9-7VqFLce)m&4~0FoA+s)If2>wPQ>=ZNPh9iq zqlwm>((?HA!Y1cmKiw>ewG%oZq!+2HXM^7PG+iUe>dvEiUJDG$i73j~YF>Eg;s^82@|SC z$XIShUQ`e6M#e^vM;a?1Qk5>Olo-2ayq_o*Y!^Csxj~7c7#c|9{SN^4KncJ6PtSld z5&5;gGf!5}pLC2REWkK{s!!v;!VZpZNJk|Ou!C{+cXVZ)Gavw0=P^y- zlOin(5+o51X_~yKD@ROY*59)c^>+6}tFcq%W95Dc$lmdS}*a|TwJ1{`5de-50s7sy=mnRR9e`fs+$po_$LhoxL zd(FXqRM}K#2p|T3Zl~-)&9+ky4v7+V8(?2X{d4!-sm0uZ$kEiUsKfzgHV#IBt{hf% zoJJMQXRUG)(<&siU?r)Fkj7C>gPJ-55fes`jerrLvTidwr0?8eZ`gk&279}CdRj}2 zv5rRi0{k-ouv8v=6W(r~3j+Nv1N-$%s~t4q&g;zq)A)ek50*QX#3r3^u0ntRp>aOcDWLk1l1awSub0C~k_f7EUJdi*d1)8j@a zy}nEDE5I{lLZPD#gHnHTt+D~~4ahTb&)F(&?}@&^FWA#UkN^OXlz$w^Wkj-M)-Kl5 z9%gDh3uewo)AFJc2bl9XYy-M-SXFr*#2N8ZKLa^DPG!C-X9!;)3q=qRkZE1XA0<}bLTsK{6p$}0$eMifu0-A zlWcR~R;2nfZEr(R&uGkFPc!iPMWJK&(-^>&7V1jN{z^NXPU><7>SNYFc3A28l{moS$6-3qmGvP_!1TGF9K@vH#!oVC`xQ5R zuzb74o0yJl1f~O(bz8g@(}6Obp<+;)GObFSU=I}7+F!hCx)${w!!6z|JPAKg85QXR zKe!IE7uarvtFh~DL|I56HO$?j+h!l*pAzuhl1@b_d$oV04R;;19jS|=4(ln{3{>a< zl^=)AKv&lJ5&|(IiFuSravmj;h6jm^$A}Oj+Ew1fW@IC<8K|sV<vh_zn ztCRy;DbgG7k#_t}_`N-|)k=|UXep7_2O)k#Y8~)WS^vHs=j$mKnRavSR&T+#Kyde6 zc8oqv;dllBh#s4(pBFRM<7oBuf_gg9|cz^xbVyUQ@qIHtwlcKnF{n^tF9rQxHxd-rs0ehN* zchpB^PxM!A%^(DveG39WrRhdzhg2&ME~Ku*)t9X1gaOZ zQ0#|&53my~^hCOvX#uc?TxW+iZE-5z@__D#(DGkeehhu*!4`b#ZT~4xb5C*mdcS|9 zPfWM~((>mEHX{n{J74nm19)ErM4C_KCII#)*PKWqsp(YJ0##*CtjA{0?Q%X7w}qM0 zDML3=p##im1Ulo^Ew0V!pO;dqsaG9rl2U>4A+@#yzB+5hw^7#W9^~HJTYAjw%He zGhHcwJ7icSOEVmfaD@i!K^>foX^6*{ub+O8Ej6$zwlf}`!FeW20YDnJT+Wvof2B!r zSu0w~=Q1_=_Vvemom^e^G>GE8@ay$J62yQ`;a@<74ltl`s1J1IIsl@Ds34aSPX!@= zx%h3x1XS`XL_i`GlG$jpZY|VRBqhXG_R>c%F9tK(PFtb|$4crDVEfVjTGv93j?UP8 z-2uk10e6%389{6ZKZWi96>=!xokg^Y%bW#4#`OlM#p|*Lu&7V6vPv4tm8%Hsh|%1{ zOXMT)5~!?OgV1@Uf4rS|eQ`?fnOdoTESYWeirS4HxG#XHtcHS$MsSvF^&R3~;G`Vd z-6meSUg>P>nPlDB5#>rL>A8D+oZNSf4vI(kykMspeEQ*LbUkMdY_t1sMCv=-2)_jh z+Xi)(8FI0~N=zxlB?`JefT~N~LpY<*jUhMThQ~6%Cgn|A9$OfUJJ(Z4l6jwh1e^j~ zo1d=lt~EK^m*KLPp2*%Qs5jM!+l}^JenZ{MtP+Uxc{#7>q}A0N zqBk|7H`6O*w?V-sX%fU?RFOP?Nnns+T|$~7AxTvxe&zFDW{%y)1e@d|z$U1yd$&Oc z8Q6U?^kyM}XO_nH@Szy}>N`1fS;Ki+cdH?P2lZGe)#xo?+X6aapj}V<1KW)LrQ8z) zSC8zh5G%?nwt`km2XPXjRk2!F|4h*-mZIV&r-}@zf3fQva~q;HQ44kAV+T9;z#8i29t#^kC^I0_^v3@4}JT#%uF1aguvbtrJ{R z3-=>X#0-O`$&JfsQg_*Z$_RiAvzVnw*LCNUnB>tnH_3ftw+P)AjjyNOd?HedJYbvh zbo3ejTc*?gXUAL-ai#9#bY`Lq8W?+`KJ<9RSpkpm2P1XkqMEp9VlX@N|B2}}4A zuDEwby09b9iy5IEk)E9}Uh`u_)%q7qWUlwz*+2ZGlp-Ja|UKY%I^`G9^aC?d+ z?n*hJ>PKAxJ=2mB_$N3`)Zf19Yw;&I^JI4*_7PM4_$Ap7;Dhw;|M2r2?D(%t(eBsv z<&6J!0)PGr0}^)r3}X`}p1e4+YQKh4M>@0G35~^t4llYPHqBL@)3X)RMxG{ zC}YQeb{-4SWla92(ODnmjd7c}UM#%#K$hI6p!x#9R)K6HLN3{9yndSK3idDuY2#|T zNqT!Yr97G8m*3|u-|uLK4OHR)g&YCPxOIyk6}t&657UE%CG0>IkGU1|@RUQbIPN*8fs@*P3orN=R{Pd zWo)mV6(*dd7y&0iWu1m(TXnzbpb~d7TIy328$1)NdYsLt^M@A=TPoFD0LbRP%&N!b zd?9ojHrWgGJ!N4^1DLFT znj}7S>G&xr>Leyb)WrP!@MGUG^}H}46vYS#1uE;-d;9DQzE30CkI4Zr@68Q&hjl(( zJ44&P$~j#8LYV;+IRK$Ig=R6;%RHqEnNnQoODg;k|Ce%Jko)_|a(@ z=fR)&7WC);2>;~6f1*G6!JjYSj|Kl@kmmpU^5X2mGwv7ev|mEr3$h1d-*}p&L6gTB ziRv;Tant0a2z{RR@4PW1S~V?E zeB#^9XHnmM{ZnMC1-z>2)ap;S-Z0jciac-sPKV!udeI!3ja#lw^ zX;>VRIEovR1F3A1Hw7dJbLQJCriF>{DMlcCP+7M%qP#BFNEQ`)W40-5(_%@Kw?Y7H zPQTiJZT3;Uu{{6{Z3@!Ew@kW8J$?v45XQho1>@v?%rA`UHahst{Z%Z|GUjpJiE!S# zehrmT{<-V>H}~HEQ68m{f${ zATi-t#Rzy7D(g0X6rN=_f7?8ndu1;oOQmsAM&Yvm`UPCC9~nH5@T=y;OYdf;;ocMd z4~<{y8<*e6Ps6o(EV;gvxPmxDCp%~9d=r=?jaZ_jZazWBZ_jUYziw4O$Tz+YFjL59Vyz^CmV#ndw+A1zRZf>A=$RW{Mz6Y(>A zuRt_oEa)wOv|>4f28|6DeFM+l!-@nr9qvYW;6tapzLBnH#E_1$#AWI3NBnUBWr-N< z@$+#|kpm2N96ZS-{`YsB5hE50|4V;#{V(Br{(pOx=fC|cC4XJ;|LPmz{}i{v|9jfa zz+%yRc|-pay*+GSK_OEOWogMO5~dl98KV4lsQenqRu+ouSDO##!ZU-1^gE6Dq`Ei@!%&^wb+T>sAHgd>)Sy(U_vLClJTq*Rh)FsO5EIi)21DIg9MFGyDs|ht&yo+Xk6%R=k{^<@mBjb<`~W+#)xec==_y>K zs6g*H>-=Qpjx;~Qr!Rd&_YSUqd)-ZMK^wUCRI2q7PI-Po?X&FO-li8LJ2@pO{V8`K z2U-G#dHeaWeE|DrEc?LeK%-&=(CF4J{*UzQv6m7wS(F7?L2?ERm@I#wghoD0_@gO5 zjU&GZOS{#Z7^q?d1`3sRTfG|tb;~!z*OJd>UrFG-lXhf>T>vKc~6$A=*Rw^6-Ut3)G$1=CR(z^CO#Q3-uw^O zs&FW>Mg6CtXYt*vmcM-^rft9cWy)p`tH*PGrHlSfHb3~Ep1&}+n)#U@q))-CGqtAp z^qKl~_-X|S@N@ry2iNogZel$Hl|3K#+)_dVxP_Ef_rKMbgIfhAFUNHC`&VAD_bY?1 zV&{wNWw*b)ooinVU!(Uo{~lk{uC2~C-twXE*U-S5dgFWfm)KhcK7WmQW^~Bs{<8hK z!xYT%V*8h4S?Dju-y93^Zvs@RTR%NfAlUU5{I?(3QwgrYD>)+S`~q5rH*aM4_Rw$3 zywU|!qPMSL8jL?&lkohEz8yJ{dXCzGm8Wv4l zRgImtr!Yaw#R$+cDu3&CKdloG5AZxO`Hw(X)oHB4d#;kAqQl)f?xaalty)7BZcR@L z@s*AzdqYJI@Ri1)ie2JI`AT5SM7|vUYciY9h>$0W+VUhACH86pn#4gC2PDa(h{R19 z6Uw5Bgmsg}QIIB8WX+?5z5ySGA5K+iT-K%1)>Zc^F)s014u6q_Xh0(BWqxBf)3C{= zE3q?Nf`1L5^h(Xu&^yt(B%tCG{uzGqJV8Q&Z;T2rpqCQq#-8GCGw;F#GE)q%HGT~Z z*85`({1H+6!9|?*BScTPAE)?nsC*5YA}X{bYL@B7H+Yo&;IF2Nv#N@lh%|wpkT?k| zlE(=nMH%^78Gq$TYKI|*eqh?q=`dtm)@?s7DmMd%hu9N#1=Y#&9YB;^(FJV}SjMLL zc=xy0-O$gnGbt7_7iOM90quHP@X0=^g2@I~L3d%2FAP&dML}_w?0Bwb@xk!h$&M** z|4J}0T=Z#+;Z`x*JQ^R3iyUB^qXzcjE9cw+N{cEYet*We>a!{!Wz#@1o`qS-U7?0K zj*ie&{nOE>xU5_C@u_p^I79Cw&^=a3u{(X`DeUZN4hbTGr@C_UszJKqN+K>6+;M0`Qte~XMs=D%nGOly$ z42IB;O(j1a4T;OTmE1bq4*_0Tq%`7RQ%di86}kfPM1Mfty_Z; z4S%3l;&O~1f0Y>eG7R=xJic^dngmehNj^9U=H{82CCc;fa-3qXrhiDYm}M25pG8XIAP-1hgg)_$CXT}*i6c7_ zB=i$=r#T(#iOafo8W&NWJ^Hfp)on5f;Af&I&(@u^!@w*skwk7_?k9z0n-STC(S&U} z!RQ@gW_C0-6Bjwa%tj3z#8;+_2T&!jyJWzJ5#|laOMYI)RZ?awinE+rsf0p5HGj4E zbYvke>(*ivS=ehaMkR#H{;X>Is9K0Rzi8UId3))7kh)yY1@LbH3N5LG_E0tUpg~1% zf#}!K;67aB0R0*@1rJ|2sl$dQX+@HhLeP=NB+na0vM`I{D$di=rC*t;U#H{ca9Ov0 zx$tuKT@sVl8m3Sl&0Nn>?c;60q<^c~A3L$QhS*GY)4z&+6RsrKgs=_lXw(=ka)5%3 zLXA1a|8b}>{H2r?jmp4h#BUlNi%?b(S_Rx!sN%8?Xix=FW7qxM)cw;@W4Nqa_pS5b zTb~8_0881ApFY=U|XvndBPH$dppPglg6tUI{?6+A6q%RIQj4DJLDEnMgTlN$xZa*F>WO%8i0 ztd7&Nh%!u>;Ix(zi zNY(DCF$zsayz;sH%T5(SM1Qw3DQx)Hy{&eD{s1$6q|fHBRa3+!OcJpk6aZkeo|8-S zLiAMY`Dp$A55Ntnulh>8pld~zwg+0(&i>Oo??G~Zx&3l~Hu26>JBs-6!U7dr2ndV! zihmPJ9y6Vv@$3H1<5$qv-w##6pRP%hlx1;3{HiHQoNz15eLp9D!hb^x8U|Gn*$pr- z>-xcnx;`rFG(c3++8=?7ZH<^xbDc!n@obp)s7Fpo0sz(Mf2EJVcVF(Mpco)IpV^9t z8hos&(fOypu-f~HuHdj{%f%8VbIarN{L4@8ZV}ut{zNvDLxtQX7mTasyTt#22NwEL zvL?-AR#v1)Y94im34bGH6c&VKd03aM_7mUkBL-$2KNwNRM`hjig4Xek0}HVkbkX%p zWPOYwQ+k{Z|EKP@lS2t>@BaR+N>1;muH>iI&r|*t10BY%dfdyUcfInsE~r63pYBD! zl5u*?cbO?oMqoW|p@iwB0`?Dsv&1l9-O3>5tlr;VWA=4?J%1h*Il#I`@s&BnNA&Nh zQ|?HU!fwRRiXv#TnxsjQlejK?Qp8cf4PA!N7r=K1w<^n0r2ggK!2m0wl(6Rz`5=Eme$Mo`xTzXvp)ZgK6Fsbl) zK3&5cEdhNg#ebv@xUl}SFt!cHkNYFixlt)xQB;y{<>u!!8;^u{!V&iikeGVhO=43u zA5QKD@HcJ0oi=-T2ZByZ6JD7ENJJ{81x^jg#4LWvZ(Zy=`aQr* zE^P?NLYAmOV0*yv;0ILXfIVOw_`xN9Y~}Zn@89J4NqJQgck+uOUNLqBUFq2%hVH-QOYeSegnE7cq%Rx~jrg#$0CdS{$k(uptw~?<7+&sk zem6#bKU2{cg?z%y?`ZlfT;u@r8wb2_iT~XxbdC1lt*MLC>+`|5 z`aHUF5hiueFUES_}|HE*x!u*p;riCoh$QfO%}p4&3y`&t)xjy2_kZ|#h$*&|QzR|627*dc=xwlFfj`0BTpmiOKA^!KJBUfXeUvGV!35qB zso|4877+^#>5lV0WAc;6jJ|ET56s`^%LUjoe}5tn)5$??%X-`@w_kx37g*Tf2|d1! zog9Ws9AG-5CWqlG7kQR7Q4*0bDFPC+yd-&)2ZV8FKWbPV_<`f>GVu?=2>b&od(SE! z_M$Gm75s2-kotGFP95|z@Ax}iLb_N8dpt5@Q=#$F!7)IRnGHeZ$G85`^6UrAyP&kbQkZTPpBelm zifHs6x=S`#M$A9xi*GQA7$1;K241*T-F>A?ysvbX_mx@deWeS%!yOH$cw(T!TND zgLcnvM1oxKAW(XLq1`_vt%mf@_fsI?w{MM|PDfeT7s}9kAHs?zmd_DjLxp#swngR`r|F)zM+p|vmjK+Z9(A( z;KZF}bepcJ}@z6vkgd@-isH{UHT@(X|Dx$ms z`&6-?<3S)8slD&4L^Sh#J72cFV!?cl4?o|42D&v0{c3F*bvjre90wL~iGTl%_T-%J z$!uBiGmk)@-2&NeYTh#g?J8-)pFNtp02IEulaNeN9@NWvhZ70b#p z2pv1K2`LCiKnhS9;h>BO&4PG1m!fI~D}Op*?;clWc8UL!?%g;eK#^uC zYlzPk9C~kRLd!7V8+elVaphNeXr0LthGuO!98p_FWgTko8jdvauK(~2(S7TLB(BGr z<_OeXj5gtWamgROgQ;X9n3Vd+lwU9N*K4kM+F%AR4Vp5cqk3b$ z9)A?**4=9Uv>BMdXN6U5UE|YR7}BG+Moi(b8@4Lk>6PwqT%{Xb8Th}FI&BCoQtl`f zDdh^6CnU(5I2Y~uxt$*@G%MZVh)Opq>rl9p=Gx$5dxKo4{UUmRUB{{ir$n1*I36cPv>{Ou)n!GqtQCqKdSI4q!x3d$RMw#f?nx)MG&Clc-E0LL z1ur-E@8p;LYz3x&GAnA)h>992Yu6@R?2xStm6r6#XG><}w_bn!JYdOT4}$`m_O+GT z>3K}>`5V3Sf&T^nROM*BYn|U*-(O(!mW2lg2^}^ws&kG@%932a`wmXq>Jb2B5{<50 zH9fUm?Wizz3P2U&#;@>U^=vac{}hHxD|B+-5;C1?^nQ`;sGHm01U4w}6lh(0GxptMPrwGlB+J;o_4_t= zxfbxGPG2;KtmOD!t8|p$CK=lJxRdIA5&fnWbc=YYZ zdm02`QD9X24xPXRM)K&q5qqNTw4d>}_i3@+_>^KJDs+Guj_A(4v#jg~O%RkB58?6} zNFEb#s5xiz_e>$9%?;l1T5IxEDL2ZDS!gZZ}!L(MkMM!`bZlR}AD$XHYaOV9JR?zzf& zjKZ~IrCF$qy+>#S-~0CZL_b;X6z?NIMGn|d#_@~0#NCV)0y0f#El2Z^X35{LnCZy( z9r$~G zy>kA4W77A$O#}^=hnVB>Jmjdz0p>WO+Ij01KauW#!@Q0f;EcZugr`xR>794BSeJbJ zz4<)M{gkPm4!R7V7OR)@jj^ukV;8$t?8zCZ=0n`Fvm_)%Nh5(( z%@YRP8}?}gky$N{MpTPYS*KxJ7L`=PhZr}1c9D0Ifa2fR^A!dDsHMO+$Q&SD3Xs93 zVHz>Dcg`-kU9Pz3)L_W?_K|;o{5$O@1Z`Yl-`4z-V`>w zDy~&70PEG9lLzAGmm*+R1e}*1Gkh@eo z+2257;)&

    {?Le>xLaIs5ZOYWba*ygdX9@-xsLcqTjhrhEsg#nmphmi^3@kjU<* zr4RRV@jnB8lUM5Z!#(gT$X8}8&0qF^S79<=1Sbsthq%NUqS)ObkUd0z-kyI=5lVqR5_$Nx;A(@l|+#067z= zt}pNIzlxtkE>C9$#muL<_uR7YMl>RoM2_NA%ou%n=gnqz6ngy|Z^j^}N0%>HGUVv4 zdQ{?ot#=$e16{ddaYM_nA#oJ(lfF(0LK9k$s1E!nWPZd-J6Bd@!ZV@~@C;PesbbEd z0*9RR*hOv{!`X(ocMo6rWQX&A@!Q9{ufQ9A4o!~muZeeUa5unzZ!R`}_38TzKJ{6; zyLZS8hMz32#8%oth1{kYk7MU|iU0i>UC?JY8C`bEA~K^hTTiFwe>#JT%h{jzkJQ+T zOnMa)6Hyb7K-8eJ zPKs39suS-ut$tm9FA(!bney3mp}SjT6?KyttZx$-@Dp+!eUc)l9=;%Y>Y*YBnAW&% zdzbi$yuj+D6R&F@9q={<$}ySOJInhDA$W$+ITfKZkDUnw&qPGe>P)n&x``T!N1%pK zS+}Y?3H%QkpoU)MW@EbYo{1MdZ=NK({KP#Kn99t5`}TEz*qg^NZCQb6jB`jt*xgD% z)@F3kJz8vKcU=+cmrI;o>M2gac zR0WI`Oe-3HhV~RdY~p$15qKU{*6A0X*2|BIsW@rXJ~2^>^`7X8-+R}ijQ0)3?B}!$ z{Ti6&98VLEiX5OfBS18FmX+hMjY0~iIch^Wz(c22(pM}Jl-yty+{*M8?RzQ8uP$cxO2k#&bFFWWkrqL>Iet=qP1)KSdoKq7>p_xlzr21chkRk< zTQ^2|^_Se4OsThN@v)temj)-cNJjl=0UQcgF<@aGo@wVUBqb}kzj>=Kg^dD3-=1~r zJRSBCkAr=<#Q%Y#z|facMO8-2$|qR>{g*Kh`FWhr|K+nF59%~YB75y1HnAD;2y6x_ zi!%*>+m^Gjz+0A5et@20SF`7<6(m!2W1XzH&gS#qn4(Svu5Or502T-NniC0*FU| z08m+{U*MkQZrkJ0-f`(KYr-CpkC%<$um|&hAW>|eDo$)=11B`fZBiFVRk{Tj-s7Ba z$(K97kuB$4KbTGrw$N=qoo>&Qf{G`*?+!92e;Z9lqBthfx%!sROwiD!ceC;q>y_$2 zlH8O1cvo%=Vun{QJK;W2Mb(M&B950Od!Bx)NME;Bz#gES{;P(Vv+6cU;QF{$dZ4C|ySs>I&J5}P&MctlMX zm33N`Wl@~-9hLgISKyx)HK?ab-GZ8mN07b>H=ngoy`eO*7N3{lDc`&Wfeb`*&=ajE zZNqQ@H5gTzUB|D%tCZLq7aSBI_<*6 z6o428zMgVA3=o58^rIb&HtO$YlUeQ-w&;p3nAvD@eoH^n3)$18Lsa%XJ({cpnB8CxhI>J$7m(v|4Dl}U5%Wlw>}kGYMt{hW z7K6Q$OmX^fV<}4#v(zWF&MEN?P9M9)n5FG_L}?q9by|#@82#gX)^hcnc=vz2MeGN= z$Z)WziwtZULnAtLKFL4s4jb%$$8${f%(cJ&`TkuWcuUjZx2R3xqMw0kBq1SDIdrYN zZmpj%bgzD;4@S(~PN7*qg$}T|am96)_^2|2`c9#h;_pyuz}{J)IM+!6O-C`~VN+gI z6{!r)b*n`tW`#W&QDH}AT^5N7?y*QmxdFYDn8po$+B>L@c6wNWm`4DAk9E2KZ)=!E z0EZXtpf85ieO%N>Jm4LA>dV!Wa=r6!A1@4g2Y&5AJG5(PaMD5bKnx02&ZmTS>2_fl zB5n*7dSa5@org#L_F?AwDi{nTrY*pYuV;K0n7$0gzw?lYX``%Vo1ic=5Gq;Y`0SMLlWsICDndRHz8+NeN9&aa|;&OyY`U24TJ3oXsM6GNMS1 z$~w*2S|fKhHDi~qdj%~4cbD9I1!jNUvdo%%GNLAr$~rB}&E?S_ly__e9>_1Eh=@Sa z(CdL!y^&Fx@Bx*-*z;qki+k$orbnyC#OYH?pQL?(TqfkUYE#^uz4Sf-)@>>$Rr1f& zZMT@hTwk@=aAgXnCZ;+LVd#cuiydjFRL@bN1B_|hta_KYHYRQ-k8tKdC+C05_TiRX zsq%wxO3j9A!nZNL)m^D~4jcSoi24GE`2}2+lq{}-Jc@SO+lx} zbD%;87}Ypv0lIPq5M=-;rvOlno1AN7LTe&0$_l$^*G3askc@y9pt7HbC;(B%zX_L> zeFbR&SC{{N1r`Bimll2nC4YlTZUP*y@4p~sg08%loAVdewLm1#_4kX2IgB`=@7mf- z1Zcvq*$PN1oxA(_8`%In@!s}$NadUHgL~o)Lz1~O&2OTbbM1Y(P|=X;``&XKHEY_L z);YU0^BdN2H)9qN`Lw|hSf$R4q|NB zv&Vr?>xw&Cbs2MG3*&~+w2FzJu&QQRQY9g?8=DD=NJfAnP+2<%Aucu?OCmwdrhNp1 z*qobMfAt6?eHu{@I=g|OAE^5Dl70HSPl&0KRoe}J+LyD}Fdh-Ch(Mlye(?yDYn7lj zl(*99*`@QfH2G3D<9|%&4{fy*4{_(4p@e?u3$R+%>5znE9Q}ez{HVMf4@+jG{|xEW z_eTbo;DkgR_G)s)>qQ{J&Lfl{=I$ViNMZ1L*^SP`Oe7;P6R4~+II&_Ta6}s_r%JW- zLEwx4c2jaUO|`GpU?W1K1#sIAaA^nt8Kb2^wJ83(3ti63P&6h_JZ#)x=7L=u>ia$P^Lm99*| zpH3?kf3&=&f1;K&^d6I}2%$tqDjEWuyrG1`u-Jwbb&}M6Tt)Uagv11ZBqIPIsH{8Y zb5ar5PgG1C&Qw64-(8Y#ABWuAP{nG7WFKtBT`PcqW`YT`#-kw`sKf!LIIhPZUD=Pz zoFyzFK~$9_F2j(}CJjkKb5=D~<42L>crbww$p|0>D(en_jzB`-QIMC9fCXEBY6hu^ zK1fHP4^Ua>28v1!(X$mxhswYEQBBviKvYYG)-AnFJ7pWu1N*__rlaL`h~V2g-aDk>0)ZuG}<18U%ZkdWjiqLRL$ zpvH_zeqsQzr5E_2&%Y**cyIX;DNYuCB$`D!Jx0FscBONO+q5Z824b3n9#f`NX^PT2s2hzj^t`;7NOG-MQBvkZ3zdA zmcWqAsO)>?WcNip-NvYy7-+v~%ff{~BFoB?$PGOLv5DY#Xz9a$3@Up2{S(8oeo>fN zQ7`ErOnBj@^~;wF1={K~d9eqiqrzV@W)RBypj-@YR4<_$$@C5{+vL4p47X(Z<4QEPhjS_CVd$a6vKan}i~w1Ab#QssitUq!c>Jfzyy#3=QYOL!s?!oaQp9}oyL zNX&FCdd!?sR!4<@4%h_7jlFP*+ctr}Qu5b@A}`ynnkXNVw3K#NhW-!+gj=Gxh8R5d zDx#=LYBirRB5~u_q^uL4q<-Kxb;YXCW$wVgQoHV#FI>2z2RGo$o>`#$n$#NJn(7foH{H3=ie zoy0Qs2`xg#1D3ihqBKcdBrT~~k#j7*MBq_<0N{(UB%^7kIJ_`rJYGvFGA8<$hfVdE>A zliVMDEmp%j9j1_ugDJSg|1pM#y$%}YN#0~R3H+qwVP6uGGNT1aO23KYsL0}|v>Tpc zS?W(ml=@LwXTcVg94znp%@?cX;kEaQ%1*h5>AVCEN`4J*!Prt|QUv}+oxJTcAaLX; zMW*@?7&qFb9O<{5Q$bv~(G@qy=_66ioiniA+oncAWx9b^MH6H{;6qCBF9w&qh6PzH z<^6UB8VPVn>M?-L{M8`)m;JJr62D~PozC4t#w`gFu5TM3yOvF@{7JtqmqCXGDt|`t z7~igSn)`a+Jo@(**_)LPO@@)&;BH7>Vu&#K)%!hbJ9#A-IQZ{0{QiIZ_aOCuFH>5` z&T#xN3jDd<`@%RJic4JY3p@(y=t67kFdJQgzg*w#*HrWh;2f(hfnVd!AWt&SOdbi& z*!KxPU6&7%E?XVw{mCV_O{jIu80*h_zKsKhZ|jJc2k^$ZE4e9$q@>pmpS$#ak-jku z9a3(9B!K-cIAz6hlIV3UFv9!{_0|i$G(b=EK;PlnW=1;;tgQKDo4GitDSs5~`B}28 zdk>;7SQ)PcIi}HfZ9Aq>A-6eZ<5(_S;_lfnnuO*%otgh8wB#>-|51!SZhsUXeiHMg z#3{Uu2i`ay<>B|5D@FDAb*}!a95T52iXVSsD4`4q<@xMD0HY7Vx0kZY>X1}X3>0u7 zBY6|l{9I&Fl{4B@mHk}IOn*>LHUgA`$~w0k6kgIFi+DhQ3ilw0VG@~c#Mi#CI0)gm z?!0rpR(H`KlX|NVDYmxhSxezlB4*(3c6}*-+>u#|+ZCUKU85fy1>^A~+h~6o!2<&H zp~Ac8Tfp2fgyMIkYJ#CIYzDMDHddohe{(XPx)3Zhvc0svdf%!L{XQ zzu2NSI_6YbV0+8Lww+T*J@BvDz3q%6^>B$F8yx^COHV4GLM_rjyRRr{!5MHYJr??M z{EF3O(4>SiprkIslH_HOk(_(LP2!h9T08991Uh9SfKI5a)4tuTA7C&OPuRP~vB0il zIu)`Fq}v~{cMIUym4DXR3<-Y11qpb+aJnzFah=cR{fVy*dT#YgqI*mAQU9l(-+uWs zSiRUnR0k0K(LSx8`W;6#&@I+0u`b*JSTz9ycc1v)L;FC>mftsw zEAO~U&G`OvV+`D!^aX<Vf6*^#V7zh4xi66B$@UKhstP4HscZePhax~}*eJu^GDnGAM!f26@ zIE{HU98@)Fs9&%oi)dZiS++70^p%YOeW9}U$~G?MJ%WlHpwQ!hOfK=G6uM^cB1yX-w62!`9Gg7|!nk7*j2|tp z#4;(oZ+5;^Nu;ZV_>ylvU(5S}QQ@#%b-%7JS1{!dr1TW)VTw49^PU!~mvgbdUBG5d zmrMHc7btbE9`&yQ=l{wJ2LGP^=Dp&ZXvfYsFEH`W?tgd$DY!q*Cbnx$czCzu;pO?+ zzX_s{^E3UMzX&P$aelqY8C>-O{#RXLUo)ZX7UXUreG2%k>1*?+|D6X{=5GN$e4#!Q z8lN#KOn^N@2+-eh8Q(*!Qfx=0*Hx_=2)%SM3JP+6y8Sr$cX3X`~gp0~B? zUjSEh%478{!&*`SQ<2?Yx+pHbKw)ny6d!^vYB8?Uac0>#oS94fA9I}FSzbvJSAy)7 z0NX2x{j4TM6ea|?D>WL;uE-|hEE|D1LuH+cjPku~j*i5$Qs`YjwtXGAo^$o>n+zZ< z6My6eL%FzSQ}!T;SoqE|V=FaqNe0UzH3eh#wm&7JKK7#p4hsEoBOh(fsJ!&9S7N8@ zjO8ih-@WJgbo~T_%%@YY;hqCzui!QzoP3%~$meYT`p8;{F`fd}LWK@6$8lgSm$*BF z-2+7Ujz*x7w%hZoA-mM)BaSmp>;=I**MFErlt4X|#9bo2$l9vKaAaYZjx(`s+qN~a z?TKwnl8$Y4Jki8XCeFmRZBJ|`+uv?&ZPotiuKsav-}l_Z=co$Co&SWM0Mun1MFN<$ zrztptS^6gmxIyg$_8R*={PN~INfPjT8xteAXSFo_rXg3kVxezrZ^~&PMS4DUmJq4J#_jmkTq~x*cCjh|O5yvDji~hX-n`J-XIA(+x{keOZE4Y+Qhm@mnxP~DHbsy<@?0@QvE@Nxn{mJn@6 z;Gs3n*T_TrNd)luemcI~-TC7F^su?PTv^ipH)VI~7EmQ6Iv+YH zOsBisKa(Gcsfe9KZRW9h;DHque>WFOWIfa(I0RF+WiRmLA@?scBcaL zO%mG)O6cgaJ&CPj2)M4NN;$Z8cr9Ba9?#eE(Gp+Qi*Zx1sCq= zRJ=t%q(0B1x<&$+g?0nd?TFEDRV-T@qnUr~!gxm6yq$f_is5??pDO_l%p$O}Rx=mh1TxDU1A&@cOJu5rtoiVwG z|ANJT=ZSzRx>~c{F5P#&b>SrhK5v)cv0RTHZR1~?$^wM8$C-ax`H(Tj*bbp+C3B-W zufcBMDD|bX60?SbSN>~nZmc_?hM*w{>JhUbDrKT?<`aUjC*WTTs(NlbN9l5~>RziL zIr-gNOBT?ASLX1BmiZw| z|BF>j{21U>3f7V+B03-Ag^<^7Df!l8xjSUMt)6lBUg*KA zbyUn|$^M3+Ei>y?rFSV_4gzHv0x&ANS@aMF@G^m5JA3o%PrJzsy~4` z(E&f-ND=RkoG~HjT?4sdL!Ln`jKs|IRc+rx=&qSk7J@rk7OWbgfI@@h!g^Z^syY%6 z+u3>Y7GRk8QbgrM%OQ`5kg)?E1fP-T_OMeeLO45h4CDl0kFBDwko#hA6R=b+c%hU| z4bfm{3Cz&zJYX0asR>|MARWarI2LGe1b|9p0<%b4+kiOO{lhj|%^~QaGcwN*HAQr> zJ+AV_lz`2UF#_q|xP>#M>2;Lb-Sy=PUQFn)?QoUb9dd>J`4GTg$^d86p2!+QwNFNO zCWAGy5c0Qn^1WB3uYpDwJU^Tzl&Nr;{!rRbyjP+ zACx1g{b{A*=XY#YPu)G3bBM1B2y@myivOg1K!uRgFApCP2&WeUy%7$g#H?p0+zPO(J&BVWJS3t>H3JexGh~u0}E6NAQ>GAamT0v z$j`!uginD|0|dfLkUd+`gODqOJ|_do?HE23Lf^d+HrduaahMZP=sCBU2LR^Ws6DYk ze_Q;Lpxm1(6N#Xqf6^HtLafTHsFEiSGm^5xX-$LN5L)UL1`_Z`af{7MKzDZ4ctb({ zxRMQ3{@|pM1kR(7vw7gCn=yd&FIOg1Yuz~u-~$T z^}(3B=?KNCc~EvdP#B;_i-aDTf(AzkXR%^bjGlqOcdWlLrDW?It$DsV&AMzb-fKe! z;5N`;z7RbN2*pSAe2Su%DH&V8Af!Pe0~*+6LJ54{&B0pZ+L0le4Ga51<{-1Gq7IJF zB7jf{32A<+O}nqv%ngaWG-r|B|7yKFhKma640>V0Lo+n6l`aMtJ}E+}3q$mVjjxNhBulzLwCgk>=)nSC7|VkIR?rQuO0~3 zO2dv&-6%JN9bC(6HLcu$===AVlr#+xXSLDVeILSmuv$joxuc|! zr9%wV7mRICftqZ0&8Zs1@;I`axq{h-Q9*m+R*8kwZyWfcYX-l6NVQQr)MZwyVB6K2 zmPK3Q6ESZri=1nX#D6Q$%h0JbgIWR!2ysQTCW>5j;Vn-bd+=mcIqTTEXY=Q-P*nl6 zC3DAhj~<}dLHVHnyFQe8;;*F=a=o?H@3&-z%`wN%u9{4re{$H=qyyo13J*3>Q<3*jw10p=&kZum#&J5dDpe>6Vwu1D!ItGz9|B zOjG9XG?9`c-eZo0DMW5GnkbFNQr_UeAhIlPKA_JRcM+KV=B0hLwc&(}v>XvET)pNP zld41JDmFb%#~SG*ni*@1x!5L9!^&X~K5~Ec4Ip7rI7^gO4F(NJa?`lT zF2I|S@ghvPjsHckSj|W{P201zSe0-~*H71(J!=y4>*Hwxz!=%W^1!dbA))p8U zpSAYp!v#t-6>qC4AkKZ)`M;1F+wCss!DQKdN#fJhYCuC_JF_6&3uGWdh_1bHaqR zGZM8thyL|3^5alMPnA`v+t}|HY#gH*(O}XSSvuMV+!x5n4^eLmSKPsQH+v&~1tw65 zYd2hSl;U{Bpbc&cjE`v&OAAi?rews61qTvkLK6T&u(5dRrcWkxHMUl)G@5O2qN^$x z0G*3?hchT@3RX&FUZC{mOeUIUAL#1$h3K)SDLEAx@cSOj&?QC+-KjZtg|mEFq8Ic= zFzr~{o`MFY++HY@b<68aJ^_4+Qn*GvLsV%d;)Az5HEjvdozl=e{($aeLEON3Ly&9< zuuaG(VzsUOq)-NSUNJWhH2qV{COj8|7WMOkgN?^e5{?uI8v-dMd_+`%;%k;``Ixo zbpXU)CTl5c}r8`;$-Cy#=z@$?O7vKup;g^ zl-<&b-DCcw+GQ`|#5Cdz8%tsEu2 zdrI^l#`VQ7*GAmvR)H02&77Ti{bCi$QJslI@KIK2wI*)yAZVr#vpe%WmNTfAS$}|}+4t=iU;bIrvZd+!A@B6pIc(nm7R+UPG#{<2{LVc5EqkUo2v>S!39Kvpc zmF-H|$=CF9nglNRR7j)ig>+fP2Oj_I?NUSAs&Vi3r&_Cw+58?rT|~m()Pz`j@$+0i z9(SRAyU2Q3K0O_9?msRzZ5!2o^`=@%AK-xq%o#&I{XF3yS(&kfSKd&EzT96$YO&Q^ zj7+yLN4!Xko=eGS|2vb!XUHOV1^qZR9tkLI}A&Hh#h%ZQi9FL$lvm>?0Zgd03xZ5B6SEW*VXb}Le>$Jj;de>_tK(D*b z?I6C_WG{X;IPEz5dQ?d-$osc@B3IhmIX2F;T*KvovmNe_sYh8TkgioIh(Gl z4OfFIRP=yunucBDpW4o_KVRyq8pT1(tB!0A1U9^Qcw-CR#q-TP-;*S>_b{^NA0ODn%-2gF1* zEd2q_`S-khB;c-E=pp5BTVNNoNW`JW>S^@rnqPQR1{5JdypjdlQuhus@5Ib|%Y)Xc ze39COaSD{C8iSf)Qq(g%W7bLYDzqN`nXU59TglNSa6$Mr^wS0WbD&v3lAaZGdWp8; z7DD{-(I1BwgCi6?aA`3pkFN9f-9qOIRi6OV%*q^Vkp{KPT@_A0C7zBW-*3FT8AprT z%pnZa?%K^Z27nIM&9D zqoN>JjbuJ!^nXUZ=YZq)OUP1-d>rUNi~O}kM#%o97?W->@3*I{a1JcY~crB z=SGwf^Jjj^B*&1vQX!P%nRMxGz58qPci1S3u7V{Z^pV1gMQ3};0cVnRGY@ZP_M>k)TsD^bgII}#| z>j25Hb0s#cy*wkZ>5mMS^X{1_g|B%FH^oX>&$~(tZ19xM_4D&{(9SQ87l@$L5=KQ&nSL5{exC=DV{)VYF76RCRan6Lf% zYWqvd$A0lFX`xfmdPs5u(EyHWWAa%eP4QcxNUN3+C^sEbwl_@rj5~sewKO6 z8=NR&TiCTl3Qli7de{KhoDd66?v6ad^)%-|Q=?Rqd|kSgX-+9o1_Aw`tZJA%7pmH< zCD$y-+L72d?4fcufX}f9V65F9tDBrIfv}cKzV5T)OKCTQ}Oku~p452I0>SR<#}qrgLZ;`(kqDFKla z;i6OD1ix8#Fd{7lkVH^H0})53bJ5!z^)9@{8B-!(>$zXTW1>fe&9j5Gf0W3?I-`J( zfl*~(&>ImdnHI^27efcL5M97pyvTWBKUHpv?nIBW8Y`IN6%yFXuy`($w^w|E!zKsI zNi1Vq@ZE1{bohM~mb2DlrT9u`8J&-Jl7=ebF_l^Q3i@1AAk3thjJb+v zA`Vr#&IWqcp<=pvdU`octtBLDAv74M!ri?5lY4TgaDh1@gN}P5jyGiUyJRTLiTIJG zvGGCx#k4=*i#b44Ywyfp(=BBI3no0{fh)9{4YD_Hz?AfE7h{(FIaK*wHG*#w`*HlE zSIiMioi=cp!i(14Vk{lUC8@YrZak-$D-I4xSE8>fS|N42`iZ-lTraR%)I!KtBnE(q zGe4_OB)g4>^zWY&yMSNie4leS-}$Y>j#S0Z0%;*YnXo#{Nq}fKC9?0YEn^X&r}N#> zzdz5Vtd+}Ow?}Pt)7s1Q8(*jWZ@}6wMiIz3GZC_qTk9W?^lZIq*eY?bHu(?W=X)9E>ozzWeOAzJE7(g%l@Ai-^ zd(b@q1WG@no?vGOO5J_MO13y zM2;URzW||RUe!Gj{5t)NmHXzqDp@z&z&IF|@Xgmswn#fOHM}AztMpt3hj>AYSuzeE z)DS82Q8O4pIvPu$MScS@f^&oI9`=sCo*zEo%XbHsPUFSt>@WFObyk+yzjyC*2zqw0 zOrR-_-`-cf4XwN3CyKH}!I>GvI@F#Y<)Nq#$s(F6lN|d=1Yuj;hP3AZLLw1}g-1RJ z3tE4hH;8yp3zn|=SCGS#-qf{lwHcRR7SNv}5|DD1BquU-AVLLLfBJ{pdI7SQ{t^P} z^<|h87Ub?u_QePJqaItgpWrLym)X<5{UP`BT4vi^ThQ=u@afH(+iqOwW zIEe(3@%!y@ype$O{P9#9=hnsCQ{~ajD^}PTRx?@I#VXK6M>i_587nfd?~Pmkw2zeO z1ltQ5^F2qwBB;MCZ8I4lR>jvy;YtG}!Rp%gC^Yrr{^P)XYI_$2tQB_vPK56uOBo83 z?&VvODXKF%wKFOSR&W0t_|L7H42Tmakcdf9>x{6!M=JX%jqI_KRPtOqC}zv(!8X%U zTPl$n$jlWg$YnM}mI;fwAk6Z&c&v~{d4tPBq&?`sX8rtn8PkDXiCUZ_U_%06;>~*H zm-kL~eAPVSvo*|oIe4*{W9yGz3O6r7top$v(7y_3ZwzVT;#e~= z3V|mLzdeEJh)=sC7-L@uR`wGg%wObs3Zq0mZU81e?0-Uce7&K*U>HS20=|}ss^6|m zvrAEfq<7XqfG!#47;Q(CySG^aJ>jS8Ys#Ff0QIJqVz8sism7Ni18%ii6cH zY@f;nQ&Mmkxw5`&Y=NMAgYg0sD@sT@qfw;#9R>HI+4%3VYwY9OxG8IF1F0s)pN@6c z=wRHLV`&MWvH_@mop6)uD1!b(Y3Cof5A7ZP1nMP7qCZ7BO{d~j z;QH{ygEopOsdd~ea#=3Y|D*}4Dff`UyySA*s(WFW1`tI5^JMrr`OscRSZQJK;-6uV zJS|Xp{)hUa!*M&=Db22V=Zv8F;gCE0LL^qGETA1$16Gd@xN{l%d+1-H^2eVAk}MkL&RF->`?5z0sZ|%GdMwLJf;e;pO+y zt{)O{)cD=uR@N@Fd2)Zk;SYwYy=%!w^7EN+E3#=lOh%{N0${eEEqrcQuhLI%lK$zf z0!h!_y8sNr_uETgczu?#x9CTbW#RYRaXE@*lGdG}SISNu(8WmMtk4tR=MH5)kVA8ydURV!#3HP(biuD@ifl-C6r$xDVvC-#> zEd*sS{{v-lz$3RM3ZfelA_D{7H(?WL-IxnErXcb4o$4QS4B^Jau774i>~D;H{Aapv z(=yH(yko4)sPYKnSN{|@k$_)Zojh`EkLDF+e3*`hT{Yd2Vcf8ffHbzt4eW}o_61KN zJlP;K0!}%F$~M?DLHbS7QdG63o)l7Cs0X#eM(bQF04;oUEOtR9%UDxWD=cp!1F0|) zCy*9ouRUJj=qU|0Eyf=;uI%BJI26tXXPq%N{~JQc>+>3`os} zumdvdxhl&rk6vYFoRa8E(=1_!c$OJxT-IZ;hZ(~X1vp&i4!L~CFLg2Ac;|gI!gmIh zOt$%eqtt7`mDir?$CZl<7p;hD-9>KAtVJxiM%>__CMpZU;L}6hjaybn0xwq9dNjOI z2uT?Fvu6I~RGfysfW>Q)$K$2LG>KPZR7R;8A>5zpCo8$pFnV}ZkadHZHpct&Fx?xq zUu^(XrH8leD31E3uIj(NEZ{SXdWe)%l_=-04^XF@gkaxqlXk!`D;^d}wrbP#C z`_fo*a>t^t1D0TAWyLv-J2KD}Ez+L^JIFR2^1Y~68@KJq3Ra|L0NCqe6%?R-@;CPT zvyfB+V(uP>mk<0)W3Qs>FD zrlM^YcJYWj@oz;;i?(c8zWQF;lW`@sPahM^-3I?T$3&v7s)no8Hk$9I9Xr2|AREfDH#`01t8syH*+bgjLEHwH zs~z6I`QjKkbL^=}%6{$Y?3v%kNWoeb`NrPT&4|Bcv)hp?HC9pED22g(AJ@tOJkilW zGkEKjN@@LcO^S+3mBS{r0C68|-(c(=+k^8Q%||i0ZdT<%zU(ErcN{H1 z4WbTl2NFuIV0hJ!sHYOh8uS&ilgEvpokPPSR|pnuNt{x${ejAYc7Zt8F_p>*xT)N0# z#9%;@@yz0)qUcY)10%r=OP(HrMKPtj_tD$_{yD#U70w6>7_6+F;B+!TwBKF;PVpGZ zV(v*`>x^hL<%wiYjJFezoIC*T!pwljBRlF&rN7`P@g{kO)kaP;RVwX>YTV5$$kB`< zG8y_CxyI5yFo%+DZdQSpv>+t#L&Uvr;oqM+SBVt3W@MUAio*bE1(!{5!1*pq9!lAR zBgMJ@M9k;ibZd(Q}NZ6%hxe9loaFzXNl*2IbRIMAi!9 zO-D);a*aHL-tv=Llls!Tk+a40uiYn?oUa>{Zk80mFp)X-PYT|HAc60*=Of=UE;+XE zL%tFv)ov3ZzKtePx_Ga#ygh_FY2q-QjKP`WQ4+gZ;uRMqVdN46&XCP|j4!V61-?z% zUb=nLPR!jkPrjP!dxSo}HKgSR7`;mMwT6|BQI1Simm6VLeh5V!dDIp~cH zOUj|qsc&)9vGZo~$MzT8ARsU?M+M8F&Z(ESHq;+_8$jZ>Jm)dp-SO@3&+T5omnP!l zMzB=v${;W0o>Ki2fNm`3&{RLEv)naVje5f-oejN2(SSx%J*`ckIeR6s@dx+;V%kHi zx`DmmQSR^K8@Js8a|uNF$X2i3e8Ybw5NzP_V#3Dz6#U3;w{=w64DnWF2>T2nTCoz2 zWWl2{omuzsN3U=SHCg_x0uQvnUf471W_~Y@v|`a@g68#F5dC9brBBWhyA2&ObRc0? zbwXm)Gm8R^w~S!+zIWlobe<7wAwktRsL=a*`U(ajV`c6%rh}jO?alkAk2XMrs7W;8 zoXWI7*T5iAnO|Q3#HIPj1!}ui&j7aA1xqq_zChI@89q5k5wRknajI;(fV- zB7w#i>VWTh1o7EO4o&CRXg`ah4S=6_!L-ZuYf8RJRo38&0~%ddzVm~#eRE+twx zXw>tfQdg3QVDv*oRq^V^m8OG^|)w+ z@J;!0T|dJzkM8O&vXptP!aD7d6oTrBRt{=1E7m84<(^0yFS#VrxH*rTu~`U03iOUR zNOD8~Gc__4@SDK~iq~W-figSmut@AYC%l@$1)Lufv&4N^uk9tfvLR&jcs^UpJYWX{ zU-*Fba=fY}6>S*jGM@|{(dgdhYtrkoN?~tvF#5gFxs6d7{J@8O0ft+S5Dbpq8_2}^ z3uh$~*+}sT99qX8R>}goRGE!-*6LNmt(eLHi{F3web&`_ZTtiH^!9JWv{kslPQ6AM z7f0*Rh&MCmSKvX4LMwe&*nh8kwCi7&IW+y)U8iln4Q<2_3K&b&eugZ2b9;P#TjKio zO5oHF@O+H42X8#95T;uB-eOoF`84cYIwdxu$gI9DHk{Kri8rJP%6MRJ>OgpOnr|0i z=of5Tspx=s9wz3LodRf;0)d(|_sE=%!OUe##gF`XCz?lJ-LAW%e&GGJ?!~VY*ocd- z*U8D@omDQC=-OSLIf|rg>A(^a?dq|UOtWFfkX@s_wHsaO*EFMbB&K;LjE5*I2i8WHt0U|NdK1P-qHaCdt z&4#NY56#e><)51{^zl`$0$%64t^cCR{h}by%wB?C>Ge>GU;=?vTFgBHf88cJg$UT* zK$TKF_Itp!pIwE2uCZQE#%h*-f~lLhG+KQeci|pSB`>G#=@bQS2gqO;v{Qj6_%mBh6UR5O8cvO;t!1Wy@^Jwk;I0b!mK(Li8< zTKm<%?h zP$pE&d_}BpT!C##Z9wmoH0<*Unqi|kY*w#lr?jw%@;tA{294>O_oR68+Tn*mfAFMu z3X!@mFg(#c}SSszhpylS(d7l1))pnm!As*ivz{i1kS7!m%cC?WD~e+!s0R zp|Z?eOOlTbj+Qhhg)^#qnrDK{t@MaHLMwiJ$z`SPlyI z1N)pr1MArq18~lx&k?-oX&@j@Cwxm3c_I3!VssJyd{A-qWR7zu&26@%q`~8<$+3O& zmKVcO4|Ur|_l@?pdELkh8p>g{B!qNWx9Q1S3Q+%cm0hWhhGl25YMPja@N^bQ!Yo^W`UF!## zdDQxXy{Jw*7;5;Kk(ZT}QG02BtyNiSaL(sD@*YyxrAFTs31(XM^%HxXm+wx>B*$bq zitsu~)8ZMIODZE0ACc0p1>ee#El5rM;eaB3&e%}C4ECuYx&m=x3%_I3Txa2S?BVo} z`0kn27=YK9xgWZW>Sxr|ImR6D?Joch0PPMPkR(8O(%%f}nkMfEr5xbwzAKPn;e8(R z%Sf+rl-3>vdC%xiG;Fidr~LJ1cUGD-w&?>OM~az|XQr3KJY+ARoqJu4z4@|@<+ z!1*-(dH0D<&P9`w)jGNTIow_U^`iWB*dc1n4gf(i{!Vm7E||wuHZc%-s;O87E@)^* zK-2VSbuzonmym@aw%-WO3ZRlc1m2%91x8?pBWe~Fknu^iyGs%lt29tUX@EqSwHes8 z9xT4c66_#RA}$4Q|% zza)w(?U=7eM^Z(J#>|4qsz6+8#FybVX1H5{qOvnx4UWKdOv{nCmGqj&KbjES{h7XZ zo8}_Ed^C-bqNppPLfxF`ens?@PTKFu04+taF@7Ytgy^zz>$&R@x5YobIHwTTpi%ou zF@X?-dJCRjCj=JyyS6-MWZqWalxu&D3x2A^4QWhf%E{RBiX*H*g~**e zJq&TGhk2K6ymEa&e}##+D_C$}(P6gusot+d@R*#mQ@j}ph42FLZ}>FUoA#Q?04UJ^ zta>?oFo10vI}EjNi}5JH{o`nrxbN;EOht2lE5TW)jYeZ*9#kZOGv#A$&pg2Okn!pr}j7AC#D42k+7n(=#2MJXc2Mh`nMNpZTCHwAWJWlJnh9i4W zKsI6Pc1+%bt+@(A`At01I38&L=5zzUx{j_%&lb0-xMD98nJ%+EH7iX+jdJG(6TI9q zw#^m{9AxtFGjm8Re!R-M>eO}pRgt&Ud+>@BID6?qwR1#Us{#GHNKrNBOq!cs|GNgD zopkXFr1Jqr>PJTEQx-K^A0_J!k7s|rJUX`C70-6=+`u-U;%k`?HCF)|rs9Q7HiL@4 zBZJy8SKR;cmJ@ul0y@fA_EXM5v%-OVlo8^%BvGnB%757#QdoJXdL0ohdzm3t+RIMA zP=*B!<((RLywUZ6?M)cr-2nnxz*#iXZ!1=r2T%Y{mC5jz1ipMkkcs@#0UPrMF&Sb} zNzGk)UBeGEc|~%y5`ZWvzI4>Hu_h+*=fFZZcQHaf5(s^P%WZ`bjQa<{jVSsO1S{^T zW3X9^>8_1c9Z$0UluWDlTf~CMeYjPV+Im6dM!n3k945LJrfdHU*3DE^AX|{j*29tr z*oC^&*VP@tK7f3wv^{hdQ!&0eTg@9&kzX4{V*V-sYZe5r2$R!9D&JHW$@51fPt%BL9Ltb&KeCl+2&MW|_9MNive zP)+U6o;z^JL#ZNKwJ$pZTT`FfMYBzFdg{{>p`p7BP$ly~sLtWAsy1@vDAL+`WTfY%%>xQWiqtI~nNpU<%@1>%wy%S>xocYv-x9 zVo^9I4x;ss;!=<3o^B_xi?ZQmSJt5}Z^T`;P9`U)EUA4NTa$AAh2j|Zj^O$OAW3yd z<*`YPyfcw4uv8@k8&jY)HpFtl;*k^QnBH;%SV3|y&K40ajJ|7X1VyHEm68B5YOaS zje=Y1iq-C=`OIebC>&Q&(IjQ^lZWS-%}HTr!i^eyD59s(CB5+E@@(L713oCbb8&bB zuxp6S<_#tVU12pQj%`ufzI4K8hJ_Yqy>2>CWpx0$7@{(ZVUFg;Q}C*=&38uK2sfI<_#F;1Yz^tZxp$>d$vE*>dx z^CXWq;KU@ZkCk83kjt|o4$qu`q5DA#Fxz2cc81a0T_fW*Vh$=4rD7PW64^sLCZkqi zQ$#8osf2ktp=6fwqiOF`?$?Qq6G^JS?=%NP3_HU5Sd^2$B9YO1jo3ccO{WC-`Ch7V zG-UVPFPpJSJq(=U9ZSeGSPafZQI%JupHRO>rO zGuI8*WYZDD(gcSLrvjS{1O_bI#(nDW-#<`HxYE1t1MOzO6UsCbE@t+I*X;~|ZHagR zn4@3ju;LLW$Jbn=jY-$_*b|SA-#C!3v)O{_+LTzrQ+NA4|JZ1u>>cmR;{MBHZtNRiuIW6S+ z=gBP`X^k8uZd?(k9&ndKk@q|m%U0eBwr_lvIj#Nzk?S#*f3Pj)c`2W$B$N~rX+M{L zv#GbrPS5*@$S(pAksOmG$6|jx8VVyWd)A_i1OJ%ZM}28&^SMK_>+x`w(Cx-bQ(B~^ zG}zE5*EiYUwwI9~9pQ~ToLI-JeFzTyp6p395*X-Yb|ALI!n!MVQ*DcSZ`mgohJIsu zRRr-{8-92&IJtaLI`}t~G^z`!dwxa>#l;Sa_%0e& zHfmB9hcy762?s>Scr_FuX})?f;-Z`t+#X&!ORJyKJXRb#JjkZqu4c(gnMBpX5@E1N zLjAdPO2K;#j80p1>WHNdKhDHUc)LByCtAR9qB~xsUEYZ-rw%O$69s$6Nvc0QWXt-6 z8CFNyFO&#>S-6TniFJQ-4E-Zo6C=0AnT@J{X|4f44@PG$qE+ZVwYUzUgFxfhx+BuG zR#+8OHooHe=em67!GJQVU&Bt;K#|Wl8j^%oVS1n4W1dnr0yS?0<0ft8SXAZcO_&s2 znp#X&YeAr(_SJNi(1o&qW7sqol-G_KCvc}4FN{ug zz)K+?&8nI><7cL5`L|ZL`c7xkctV<>YG@z3+iq}zlCObw2{T9 z&n(bsR5p^b#mNjaM3ec|tfCiDHK(#Ka%nU@G;$4nja+sBJVHtK;bew$A&X^vDIXMh z-24k{qU={Hs)I$<>VSo5f~>1z>^U{*c=H4^S4XtV!U>DM&@vD?U_w=?V6Sjz`LqK# zRQfvS4imus7KjQCqka4RNp6(EB3_FrD6l_+uT2GUb!rtwvEO7|{#I(F|3Qr|%J|7J zzOv)POQ3?-0&tmOq_<^p7XtD@NPxya~9 zseoG5D=`vli6y4Gs#H=&Jb6Sb;eP=~%HaM|us*Q_{X-dhL#&{%S|X`deFK*o@!U`( zurV2mBAoMctZ&jl*8TV6kJkjcc*MacJyBL9-mVw#ADCI6FgyR=a(`$9D{Ulh+oDXh zz>oB|*Jkg!BNk9ae(R6w((m_zPukUn&xa4w>XG*=K=>$bbo8`MQz-$EmQXiW zeTUoJ!WkidSUkYfygU+XBbc|>7a)5W4pV7dlx9~#?gD4D$64^J4%9~vDBMy|uhl() zSbchnA-7p-!5n|fIuR0l+kClOO^Cl5_4$#7Vm=9E%P-(K7L5AWX+p_j>#{ao5t*9i zEQH0<9}8Mx?rrke7Dq7o3xWp_jeLu191^$th{MxJWz0|MFXNx%jr6$E<1VzK8y!!3 zNO(^~&nZTSlYg}(U|EAdRhYxxSIACdL!c(U&q>}?L7xR|VuDw$7?AEd#Qi*M?|^QP zWWj#um>b_&Q+@gfF&`MVrsW>$^~ao@U9BEbq71=FCpYUS9^h9DRCff3mC8q29}z|~ zfP8dI=Au?{tN0>nINhA2=4u4miQ?j#)@S9pTk5FsX4=iznKq=%F}CM^zsUhtjbXT`#(tq<7e=-rPB?UOlczoQ>| zD9n*7e>-HNQ8irD)no$@H%yc#g~g@PIgbo0#7WBdg-REiw{oIm-P#sg@elih0|_tT z|4lhvPnDu2T8S8J`}qlD+Gd1&L|)*WHMfDL{)XR;#RRS3I60t0w%qOw*R- zTR#(M|M{^?qhip*-d4zY;?2Aq1FtwUZSj#YlbOO>8-HGTTs&5 zq%U%T=pS^bcYJn?QG7Pb=J*U05g|QA*BGh&HJtqTf@xg9!&2js_m66&j53Fa8gJbTYh5}{5`Z>dp?ijK;^5SN z%OfR8h`#|&rkTTby2!q2UhCY7LaQ<}MAppj+?BkwA1N55*{)@0DUu#;Uj{NrzX#D$ zWep6|x~oLN;kPlm#ZEESC_*EJ;V@b+BsW!|t1Tj0v!?)f9rl}I$-V0JOs(P(ypEnD zZ|w_}3Ztg_FN=@g*ZxSnuho5b%qi;$Q$mff>0{L(7mM z7JCVAzq%FyF7|ydMTN zXwWIAz*TJRa0Jf^9*qCimocZ`aJM4xVtP6RXB=?5b21S_@E6CExYN0@d!mtmvsPfz zQRN6@KFc(CcS0%rmn`u{S-t63bUC$wG<`?Mu3=9Fu3t$R|JRm^&m~oK#T_p!`d% zR}}!qXGObtg)gk1U2Tj%s5f?VCGJJC6{Z~6`98;xnKDSFzI*_1Vk0SXil~=PU;EoD zU+<+~w}$x?Sdn((*+p#lGA>5R&9s4lnyPPcF_G8ph>aRKd%9=R!fD)7#qJyp6RwIU z8S@4h^un85yAt^|a9F*dANd_}fg&msmw=ghLY zDuA2op2bCd{$I0rxjD8wJe%0?(i;69ST48{IIfLAN{FM#P#@}dJ2!7?jgf9I;P?#v z$%LwIn1||Nv0`6hF`D8xCf)CQ6|!U0w(4WzEkP^RX>*fTY}2AM+Ig0ww1Gzk$^fo) zJ=6>^VNyrtVe-c$BI8D`oieevG)-Aot(&^Xc*6S~-NSg{&JafeQj{g&UU+-R$No~z zv0 z$;RC9I}gF2;Dxjc(R>pDG*H3o3vlG$|K ze|Fr^>3=fQtFdTQn_+>Nq>1oHxP-W5dzqkSeOX*uGH>12<8Z%Q#Y9Avl50lfBR(L> zLslj!cM+yNT&$qjUXDS=51I14y0v=@BllJJT0uGkbN4~p=*et1B7fRV6VNL`#gWcb z^!zhWRv&Fg)SO-D(rx1JQDBft0bKSpJ1Z)`8}X1uk|vkjd`|Rasbi>5cn&7C`*;ip zYPytFwFwFO&OR7T=1h(+%w z499src1o%|Bd>Rp*RSL;3D^}|s_YH{$Mf|n(`b%5)GU2*t|kQhp~D^RDh|)z;ba~a^H?w~w*Ne;It@ZVPuJ9J3zH}vmiia_ zzj(~Q!GKVxGY7+f6>D%eGdC0WvKc6v=2%nc-2a1~_Ue)(ixohXMy%ff178(=%L(~S zz1D}dVA2x9Io5FF_0}h-#PXszkRciQ=z)?1xGfO@p2?7Y9^Gp1ofV5S&-MN&5l~1- zN!3;SL)BVKL);q65~~w-JNH^4TQ?6OZTA&I#>BS|z!Cnfek`39DAWY70kVeeyj2`3 zv9Wl^!NuJ&I(Rb;H&zz_=<$m5hMt0^a+boLMX=tY&NmmhQ#EW>6ItnO^(-6=DIFWm z=E5D*x*^;Vh};TQP4^OH?+VSmtN!Vnn*e${_D17dhhrW{nR862{t=@26`Toe1RCoJ z1@KVw|M2hY2*Zt5QJ6j!%>*%&7^y;&sb&r(7Znp{w^9lt85JN#U(GpdPB88^@n>gu z+&&!unh=HmNK#5_-Camr_4p5AzxKYe2*o9dLu$!7Lk_Wjv51J?NIxq1| zTMmKBEpOfh(l-YzQo6eB*vZOpW^6OBG9)5%H|7AwI7p62zGq^Pdm(00X!F02lv3jV zKvIDJ!=#YeWH$Sqmzzpr(@f;ZFKOT?~d`0aUbr>c{*dSwQAR{UAt<|nmSAi zHRGE<;s7pFS`}^VqR>BT2Ak^a(WK;_MLAB?4h)8(C7^;bMU$>wy z6zeNwqkvF0@N^Svg-=DcC7FVFK|sS<0g}Z}*Io9q+0c+BR&GRIwn4#%76xfq_`7^w z2WgC7^7vIrRk8EbNOI?#N_dKDUvN&iZj+J6XTKKsIVremiRL3$`)J_t9#Tos_;lN{ zCXj5h;x!Uk!5q-t{F$0Om`IAlJJWE-*qiuqjrsj!Hf3c`#gaEREDN;s1 zYZi*zG3R(TyX@c}(qf*bg_7dQP=Q4aR4wOZa&}juEn2)D74Ka<pCH5p#V#bO4=RR6t8?c9!aN49#ctcSGxK##QIE=HaS|@5P{W> zS`FZ5Yf4o;KV}tO=gpTm~rQf?e3BrWKNYmuGWQm}^TqV=i>vCcvt5?iSyJD3+{4t#=KY z;$`69vJfopkhHL5D?Xg{dB-BCR@9Ij62H>z&iA9kmcTsbq0ZksiQ=t}DC^g0ms z%WcxXG>J5u80=e!wD8gZl<#^{L>P#HN^!ywLg01X;FL&GkzDVh9j+Ww2;TC#9P3^bh)_n@JnaU-Cn^P274?}U5`_!98xrMHfo z);BX=AC!^4XC9NrO@%FI&5DHgN*rmjzOQq7z}EDb2Xx(&PnDi`_p-qLezEe=yIgVT z<;yNU62Jd@v;X!?pf2C<3^warNAHB74DZ%`{Y>x0@OVonz;zKH7nJ+XCDg0WFu_#B zCe@`VcN&rGw2e}~0KWu(kxFCfYot?& zb6GA3etmzOCF3Be9rDl^0K+IFQ<0sprG>rNh9)&rH2j&ZY2gF~nfJPQ zm4cNBo+qTIxn(FFzk7uXrO;*Ryz_4{f#5ha0#jLJ0rgej2pkQR=)fF5DlYawQ|gjT zfNN4A@D((rpN1e|iD{UIsk4+os>Ce=UjP?<9|4m)xljQIPuM}%M$3nzyBFCnWqXYF zNH08+QJmT6i}k7rx*{)s8+%5|utBjVkj8GUIKw4R<>5|gg(qxWGnFpkNHd7#2Ar#O z!kU|2hdq$PPX+v#ok&08nahl&OeUuR@XT68G>W5Pgi^3D(fn~wqZR7s`{K zxGOBNN!3uY0WxsRqhX!MBYMN;F)fzd{AinnQo>y|bXl?LP|s@V)-fy?ko$ zQfKpS?DA%iQBziF=z)!9nTeRPCOfy%U!drsa*`|fRfXjG_gB|3vBXI>xS(qa;15Ri zM1&b^NW)eOc?zs+*+i3K5^s_BUd+D|W3z1VXD_x%WA7UXzZjWgX0EMM1IWpWMma_$2!`$&9qL|!f+hoU@j7MM;n$I@*-8|qMe{-=;wdL z7yF^-em8z3Re611gYb%-tnTS>Kh+7>c5V{PR46DGoD`N<_^rUbv%3XwI%bCdxa{rz z_qbV{PGa4C_1p^A%@_dA4jsWM)KUx1$Rd)7b#!%`nOz0zJ?{GBkGJIf4~Mu+ZiB|I zh@=X}18Nu6jbdXPIyOV%#)J)uF62V#>$0(qkri_kT)+VE(^`F z-L!kXy*rNRub+X67->ELej_=Me{j}&5lS(Y_m}E9=mx*XS0`C)4{{z-#8Jbif1AtD z<_#4qL~~ovGi6We*rbPLR*!ofpUqWVDvi8p;NY1i(atDLduxGenaexzBO`Ym@OqOX zp>$V?Buz&4<+eeOcjbvkidjK?&DpyHe~qWfB2;Ij@AiN#A|HTC6mmX~?LK{+7nE>& zRI&SzbgFs^I}KA-ml>*SX~qI`>l1EmvtN@TlOuk7Jc~^23FT*3Wx;O(m>8sVLX#Ow zs~4?msAZYM>@fAk3)h#fl{gx5%;_dhEUL8F{Y}Bar7@c#BeI@;C7~FuanL?mo)-!x z$JVX6=3`!rZ%zOS=2&1yun(E=E-GVkE)=#G&WBOOKctr|f>ef6^AE`nmo|p7dOqFH5ucGi=y7~fsuPfd z_<=$4BrWln-z`C$L(xX7Qq>7_Rw2)u`w7&QMZCgfet0pjC1`2QXC6fw6(E=JIKCXq zbPSI!P6$AJllYEF;Sx@!p}tix0ps}NKAV_$v&}?QU0K;sHFfn+nw}+uXa%LqQOm%5 z%K+8H<32!4U>K>Mh0rwI6|HA`h?%c;0;-;b9#4IoZwI2DCKMJ3FS$qDy)_c9L-n-P z1~AJn%Txwu`RLTO{jA0b%1U%?SredcXx`g(dcA<|*Z@tACU;`j^zrEniO8Y!d|U5B z)ges^VnPBTtndx@xtY^43O~ldaRzP>l4(5R0Kg`u-7X`xdlqY&#OX{+-)0Rvn5qCW zW8ar*-=~y@Iuh;^1IaWRanK*IAfdJA1}{O6g+uas6!1Bt%Fz3rdq#Z6w-$R)kT;Gl zBYSL^sx&v(5&n5Cnzaesj4Tpno%>)*>5|WY7H#|ISsm8$#x>h+KCe4Zb6i`){4d!e zfSQ5ZX&<+XDda$kZzZ>|9wOLa&=${hVb#Zkg0M8l-dy zeq>v2MrDZ`w?Gk)Qsj7c#;UVBbBhFIH=K`Ef5_55UdHAI=N&hpBkR|iQK4_IV@Co3 z6wwM#5)jTJY`btkYA{w4Oikbn!dXx#;4XzZFAzRTRbv873|~HW-kZs=q1nKuW5ikq*HMN;!D0sfVYDB0x|DLU7Jv(+Qy&2={LZ;K5i0 zg5hVaayc6Q%0z-$M_UkBnSYK#HdBh0_L-i}M4-UWYQ&(phf4 zDMDsUTag&t=y$mTMoS;$+(HoiY$0J$zuaHQvbvwY<}|pmgx=~5{81I3u52D~RP0ic zdN=GqPOR!p2i}oL#_66RZRj%p0L}o3Co#wy4l5j6yj~tp*Gxot6U^i}FjLe_T=Gv? zztAEB1TVtx-R@^;;=IYbf&`luhGwLg#V1e@PA3zj%jnV)ihsw}AseD(rN;&FN{huiz|g22?PDdpI(Hypg-VWMzoQWJWV=6%Gd3jhOcuE24HgnzEg8H{VxoMPEG+N&d6f*jOIvxb>X4x8V z6llzZJ{EM@PWLO6&LHf0=wDDm`AF@VTxW9Mwg%7i<-~I9x?$7iA>V( zWseDy&^HCBfA;iJ33Yw~o@ZzlZ2i_B?m`#-b;H^svzshG?jJe|t(g}TPS%x<{{FhY zfZ9G3)h+udYg>EfTVm8h8pu2=qYz}dJ=~aZLS6iqJK1D?uKiIYHh;6Zdy@8gum5o% zHRAazSO8dhJnjLxyjx}pXx$Ka{QlS<%38QOz7MdHn00$Ow`95o@U{GW_<~gLOH7r? zLK(l-%El1yfF+k?w`WqZw=g8`fz}IaD6p4}juKB`lTNOnqHGo zjOCBaL-O9o9zXMCuD9;7#FXlIX?ETTfywg(i#otJ`B?z+(*GJ84XSY6eDn=rgswyK zmKJcZQ9m``n7<7M&{pnOW`E(`&r)u91FeH}%|w!4M7dqphi|}`KV}CpHviE4j1+Pb z`uE3{Tg;%8NRor<7|$Y|oJNak=D?(jxC3Fyb$K7c1?OWi@5-MFk9AOuyXZ5dg$ z0Ad4tj|(UfGBICVnj}BRT=YtnQr$;ZtCinwgINGjBzCI(>_<-5!E_(5Npf1(zk*`4 zw)Jd7V3&JZT0%srpF`|l>d|0CbvrEcKoTICwvr8mS8$4e-&J?~+z$wU754P}gn#!u zLmavJ!**ibU;-tqpzey%=4op9LocGi;T#k9jRU{#IVL?cOoq;(%3S4-_t^cWj83j3 zX9pd?hu1CLl)5xs+*#JO>#%AWZd(Jpn|vQ^t_H<}|5h|j8+;Gmi?A(*Aak8<51U-+ z-yG90bMYZPKBLEZVlWq%r4K!E5Be|7+&CV6%YWUshLs`P2>Z^1H1aM;6C+6+$Md#O z=l5ujl^d}&zq~08U)qnqxO1hp{aQbO+=T-`*(=#4jA{6J?*3rNz=ow2pTBSz(~RA0 z`isaWIl11~Yv9l43&foYqdGso+ z24vOoy-}9Q9=O4$VKrn#1$vBj1VL@+<)!x1AczZLp%%UYnJupVh~fjN^zL=$dME_m z**O1QGaBTBtojvcvgJUJ}z+%+aJtQT6rxML`N&sJ6e|5-fS|4(k%`+GwT4rDqT0YdcF zwG{|~)+fk(u2=%!VsoZQ5elFT`?Y=yE@r#NthB%*%;wSorr9z|`ClhdnXgI|it;K0_p35cnZul< ztO2~@#irEhCqOtGU9*(HO3s_%`_AgUz99$_?{YIU4i1OvUN3ZP${qk*6-s$*e0X}Z zo*fUTjbx3r3&$WZDG{r-{{1eeyn8s`!N#PO5M-G(MQUmQhDaP|qd(+tQH_s`XE(-- z^k8{advZK`LCCPDX6%kU6LNA>BG!~^&GlnYDD@#}fir2&5mG~!h(h)Z$D_)uDF|$9 zD(dxNvlfNIW9F4r><9qb093Q{qJ8k=j2E4KI{Z9vqHs_4#@*@;Z1h~O_tnv*&;Ld{ zDC(ZS7FTvYsdQgd+oCw`AcNebm*#>u3JsY}-cHQ&pfqF}=mGCs=<8<>j%>%iX8==n z$QU@JY58UZmfS=97b?0N>WSii(A&ad>J#oxuq2!FQ{Lx6D}dJr;#N@@-LZwaGyuj7 zcZn3J7nqE?dkSCEQ^A%a27zPg4iaq-am~yBVnC41JY{Fc_cdN{T>aztkbD<)S=fr+ zu)M9`7+`qf@j^ZC*eHy?c_e*M8Mp&myagU((R40?f~C~N1>oCDc3c+EgKW1ARG`gh z1)%O;qb0dyq38}FM&dAe;UDQFw>5&-BkIOEx7DnkUWd>*Yk#+d93!I%jG_^z&#_!? zGg1%nFD>WsA-5o4rrB^*47+a2CbS^@zY@H%05l9q}lc|-hT zGUyx>?44yYG6PxcI_P)og(@<+42cV?fMLWDY7>u=C_zv!Yy#8YQPW|_z>ZrP^}0XI zYp{9m!fvsUsYGNIJCE-ap?ZoF6hfMGNN&53jbk^NOYN=`$7Q zsseFfN}s-37alAf&^42r(!;0={_?+R-xLw%;}Kc+)afFF2~Rb(q$~XR@rVzT6|&0 zaqh2^P43Xo?L+PRzu86uNRP0`dxwpg_do5qBPws%FL}S9TEu8?aoU2T`;he^{8sb@ zSKLIhDn$B>58aoGWuVmK4^^RE!+oFHE6lbSv{Y)cA+}FARK!=@jN74MMw9TyA5FFKMN>J*ZQDT0yCT4$X4~Q{dA-@L*Cpo5C za1l-gu%cf*W%fZCbUIHSMsn?Kb(2>;FZ|ply`#+WQiisBhBNu&0R~$GWqBbSN`IAibIn`gR7pj{8o?SZkj^@k zf7Z&|z}YAF|vHD3iNZ%`GoLk57oksN&HxsJ$*hGWFB za&-({7!4UU=X&&t{tV^R)oR+vSWB6@rh9x15$Nm#H6^G<4(QymY91ga($_b71^+=% zd94?JTlvT4Sm5LPM#PmlQ(Q&uBCG+X6!n(hi!9_cpnBg)1J9!;yx(>usx`|(i%7=o zu1>z@{(!U&wTV+RN4hIZ@Md9(%XJo7M2)Eg>6I0hzGvvFT3#(uOO&7Ez4)~q593Y` znRYyzRk4Db1TwaPgnmE?fHg8UP5329XZZks^2AE17Z&L`~LI1e+J`Y0ekIxR82(4~vUt~o9%W>&YtU0p)7 z8a}Vxwh)akKHsQ)RmUb4k<(U9IQg6_E|XvPngWN9+RLNAajsr+vY9@zdAbvdw<{5j z?kr=-=M+2kU;$-bC4oePvhNb6H1s-ROTvx>&^`9&l31BOEZ8Jo7}K|G8G0Z>j100& zVf`in1ob_N_u@B^{*OkRIuD@_^{!xgd2IOa$!LKPE`LTL;%Y4(q{>80NaYmL5%wbg z^{cgt#)zt+e~(e0KG2sd14bx?-COwT8qxXVpD&{H60JbCSHA;gy#lxcVO9!PCG;IF zU>VK7`@$^l1f00&ozFnOZL3;${gfOA8yunZ=bebZY8r4>SGU(&bcXfFQv48>6Ge}r zl@m$a59N~8Y7Qf}#)DSg%c{NC&tII_cNBh@;6foc*Kbblcr^a*&_9PZHehNiWQqR4 zgMWr&UMXvJrNL4#=1b>7HhB-kyEDoV0yHM6(6b1gD_yxSfDKXycbsR4+)Pac{kjTN z=wBVn&etVn(i(HzQyb)WL+xmIzDY(jXF3iTcy?)e5<$fO+1&xdKItUV^}vzS&H4TH zc|pSI^Ep{|zW;n{;j8i4Km5*t+aBhR8luszmXX#x6|=?2!*WuKBzHO?pppncfPAue z`9>XKh64wd+itbcMkA{j)sTol%R)mF4TD%oeZs?_b9Q}@y-FQ1IEMG4Jtdjkj(d4M zjGP}qbb8Mp#jB2RPKd(bk+_hlc9)L0ql4Feh~LmaZ($1+8V9vs<8}nnz-5|DxRA5D zbne4OKsZ1u+i?N1RLePAqZ0%;lw})?FBIgMoarFl>n^8!J-a>(KVY7u%_7yKviER&z)!BeLnwE;>guhBBn=`hPnYJDkE;702s-6)5Vt>eG=_&>a z{+}t4K+#+wPE;}_5?woAWu&abvP!E5pKNG-9jI5rc}dJ7QSO=G@ukm0osu6=>& zDOz|m$ZnQHd7ycyY zs_{QPvq5VBi7Bgr%1A^=>9xTGKYJ=P4SQ(6k0!z-$dzEDg`u zuos%DQ;rUyr*%(`;_&}Pyf;OWQh1Y=w8v#4Q$YlzcV+I9#S~sdgX$! z3HP()ptSvN5ML?Ys1la-ETyLe33dK^VYDv)W@U)OONO{>lTO7t)PH=(bs=#WEPEp6 zW)8{VY5|-TqUafiG`ML36_oMo8aouc*Cox59mbQ_ogyA-_E1iZT=CDxjG*5IkO_jK z3_i~+sYr-vxhW%qB;QZS$i-%|8CGy4?^swTw+v6zl9?8)mF$UO&>XZJio5a)N1<;N^~)8coY{H9+sGO+h4) zzQ4T++5$fb;$tHlniS@Xt)!F5+izDXAOL(O&a2d<+xKNPHprK(%?nd!Y9-loeHP{E zbZ;@!hbm0+mu*kOaz^g2&OhTBc)L7#-7e|)lDH(>kI+FUjWrhNrUkk3I~kEysE{i~ zQP%`ZC>w?(O#~K1dXcs?4zwKCoWI-B2#(k99&`DI;bSXqyMi7wv~=&=1=`YXP|zO8KlS@kpE#-yOjJ$`gKHOg{ZI;=ihO8heQG z3rE=_3_mAjTu2>Vfgt66_sDr||K-lnMV1w~b_wpe;Q;XUjA&fK)>}h*o)6=tL#YwG zt3)nmenI`vJc*>Az54ZW9Dgrg`EYkmL;%0rwDfiecgE@h>1Oe3`9vOn2mlY&s<(>* z>#90poUElG@vyk1&e^;Nd#2Wpwi)s!tFBm#9OFvJ3yRVC-$X?f-krT8?HH4DwZ*$* zU9BdB_gAWjjK5*0!O`6wlP@;S7)8i!YLy6*m!J1G`WsWeRkFC1>4oC;qO&C-7yX&_ z_)75^bNF>2z&H?-76ds9$n;J^H`j1V5^rvEL8qtEm|{~sVu}4tOQVJis$>%aIbR9^ zUl77W<4`*TL#RE=Zv;YH!rlGzY?I7H{zH|W_0E4S6KD*W|aLK z%%blpMi4JX+gHQCB!t7CvEgaMG}w%OoXiA{_|8ge2Is!lLGwa**1G>vXWBTq=0z05 zF@(c2)QR9-h11M@t%we-BoEE{S3f#I`!3-T8FL<7hFc8!o6_v)$5EbUE zTKeZUL}e?&R~QXeX!Idx1V<^8uQ7EECH#_x1Q;>}g}g|;3jRFoB9vudoy6BhieBaf ze@wObVgH;rpE!;HMP*t*ho(fd`;KqhO2q&z7nk$1vNU7aU|uLE&FlG98n(#{F_SfHY<0O53&a6+V$$?xNE+^xXH zNC-d>l?^2t7o_r85MWbKm5M=Vf{3EmPw5Mguyu~%ltJ7oP*Ey0;S#IT{4uBd-8D-T z;I-?b<=IHRyYOsLuO}j z%-+ZG$9&}hA;;IOfa8`ey~wG0q`%q%R(DD$Kd*jv=>`ojgA-qa*k{)7If}>&ju3Vv z5m3=mQ19-6{?!Oy6sEiD^bPn4Pc{O$v_xVB!N@Wann(ZzqL-)oVcD zV_}r;sco{V%G5kr+$_kz8%o8Y+MplSHVVnSJQE>qfW*=NND>_SX+ z{#e{32`%2H^HFPYH)RuSZM#5Lsb0aleWMF7rziv*SvGRl62!lvWyD{;85aN~J&xj@ zjP}BV>MJt$BAMBCba7;v50Dv|K`P z*GQbDjx(ilsnekIqzD7|%FF>bW&tL!I{~mC3F`LBlEpm>1&L>u0ic~i>mI_E-xn9? zU^Z4oZpIBjDVQn2W&u6f9iQbM|yg{H3(XJ(ut&E2z|d}z!jYG zP=yJT*loGXi`s}|B&_wrc|ef2Bpu0wfi4jUbP3#Uc+g;^D;6ItJV>B4U{RXnqvahH zHW=1FVs^X~V|<+Cq}lh~aIT2C4qewA>}r8j98YeF%?m)V+LHldL#fiQ)f0S#|I%YY zEF)^5orv1;^o}qG*^P!cP4K%51A8ELb@m~Y;8jbV#iEk1%+Zbmr(HIRW4A~1esu2< zPTD3j!axI!MQMO2GRvX>D8q}6A!MOX*%-i=Wjb{BEymVR374{YqG`j}%W zTnMlL?DKEa&Y43IcY&rLb{pXb+nQ~bQx{jld_#(c2)Gpp&lIm7;GvL$&ce!MrzABT zvCy1njF_W>9S>T=wa0Rd<^QnVC!Dl|qndA_DG=*a0455+p)X&=QL@h1ucR zL#4<=@#MquuOrbx&-ai@Y9dNGNhVFOoN1fZN*<=L_z z)uY@5aMDo6MBbHOccIo2!dX-XsR7t2RszN6K1AoLvGeHbe{H+J=yM7us;cu}cXM|j zwBt?A9utS+!=G-E3&0faSS1e{{w=tK5&jX{M-`)PpOjc^^_zSOhxo@Plp}cTeJKQP zVaOD#7uGclFay73qgGeWEHy2aDE0DGO~H2}wp|-73?dQv2WB8`zxU1bDy6gb-1;?k-7?7}7$8xvEFzadXSinGu016#d#&=s~~b{hJ|p8i=(s^vYX_}zX@s>?+}d{X+0%k@ z)q+ckooQGhCjpt74_5~OkF=gPo2I(l$dmV}VONfBocFhw55xi8SNt*=w!iAglz#vKTYZr^63u9Y;%~g1 zRpLjUpg0(2YM{P2wauwcvMHat_E(24M~CLY184 z64>O77M$6o4)@8hibEw>U_tf);~@`*&}xN01&)!kZI7%$c@Rq|s(X+$dU4#`STtNN z%os)haKFLP8`57YqJkP8)4h5ZTg9c-%(jA}<49AF+wcZwZiM`E>S~xDbgo<1ZRpP; zZ05*{Eq2#&wio}IRZC$|D4GuFgD*EWj?rHywZ3TyAdtUJ@ZB@QJcS&1bRR_!3t3e{ z6;&4J!SNqi>=Jn(^!rS^53T{2-@*EXI3 zq>$UN72*(AtF2r;De)tw?MOdMnP7^}g3z;<0)u;Cu6ee~hGEpVc(bm*jG3ycbOtyZ zH5`j^smrLbo69<(eE9DKD^P>msvI5mE~Q&L>sjS~co7M(C~JyEs4Tf=T*KZQ{|hO_ zr(;hrK=@9>=Zwb-^2DOUe4O;YzykOITIR^DM?bGV9VU75UbIi6vsn?q>g=7TDqNhW zXyHkDOoLd{B(9qzjZK}SN(c7~LKHT{f!^}5%>Rf;Te8Z~y~$bj5s8M@c~17;DhI9# zJ;Ajv)!NZMF6Eq}zeOhBaN3wdGNdI|TUFRCs|?V~1qQ?y zE2t)_W>Ab>WJs8AgZ<0f;I&^=x=R7_oS1LC`+wbvNIk7mP#(8R%e!>>;}Y;!+N@Kj z2DL53oT}fI94~-g8%b zDYBaN=+M|}zxF6hs9l-)+Kykj_8_YSf#?$@kT($oeBYxk1?!Ab)WR4R=kPxipus%z z%!X9vgi8vlors%~Z|F*q_rSMO+h>Q90I+7qCgm((`f7cy7=y?$cMYh{J!*50O)Rnz z5`<0xTzP@Ca&dp2q2e2j3s(7!3Hv}B9E1n0{EemBK97*Ux!?TTeO=`8uACbOwfGTN zqi2_$3l0Rx%-;y4iG<8%B7QS~x=0fvniNBsb+YbIf;mXHqHfFu)NJ#*aO0(d;x^^i-YAIwa40(q?+ku(KSvl4RZNk#oGdJlG-Y*B0ma% z32P~I!pYLy>~P+iO|s@3P~6~J$+Ji&b8E**fI6|Sq>pB6=Z33;1od*q$HLn@frGWw zl`h|0PsoQh58Sd3W7e?-ewQ9-v)*ls_-+@pKPhU|0u$OY098#DRh8`oZd&g=N^gSW z>-on1;W?nmihu#+9Tv+1ieTx0D$T@V7F1Ho8LA&pvh`Yl0aXc;63Vp}u<)w=xiR7m zP34@NH#E$MB+Yxe)9(oa9avd!(*}Va5cm>ewXupu;PLct>5Aad#&+4)0`Gk&uvf?~ zbg-?f!H5$e6fOd*McF&WWU720`R&6A+}!q}^>Aabx_3qbd!(B4qNChAyK|B_MUnU6 z@H7VJd#RV~BQkHs%CUhok(+w_RFP?qON_NNTBwl@RvbSceB+ z{7|WmpGC;Gl0>A8#XLxAa_H5+O;9K)eUpOz#4Q7?s-7V1E2r+k{#L8Y$cEYco!P4W znhtmR%=-TQw)u=K-x2LV*W=vLuE9}ptj)|?1VRkX_P|p>q7V46=!v-*rRpj8ySe($ zzctZ5pQ|-v$kg#?sB>QP+4sa|=WSao`Ppy4ufO{>6T;@1H&R6GjGHyj;HIAcIySc~ zEt$0eX2&XCU{|)Me08YRmqsYpMM@K_*SBF zWQ-2tc^znLQ6Rq6r-eBZm?^$x?2u6N)r!pm(A(t%nQiVw|B*=I8(#hlLEu2^wC$}Q zN;76mLP0yHFyomF*=LcHQ)%FiG}R;z7~LmDSb#BVI1)dc7&bIlitHxE%0@@SdXCa} z7nRp12p;9IXF1!r_+{zbA((Gf`PWi+y0lTTc<7Xo}RgQ{~n#pmbS+-6QV2 zivjNs&6ZX{cKD4Ge)}(~nu{3~bbGa$y|w2Knz_yB$HHs;!D?M3uk~h?+lEu7hbc&u zpU|OL1eyEdOvzLF8UVJDoY}WhDQLb15Mz2-90@(A@W8IAMfeC33$`AP3bgPiGeDJQ@z>h;~7tV-|J=zF;Zc0@amGF&c9QQLE=ajxQVj$eQ^Rljg< z{yTY2eK2F4N2YRo25eef1&TiI=zHJWu#Q|-9CN=wh0Bel)!F1tZGR96vvH&nFiT{} z7q^#YoOC%@#w>Fa0Y{WLJ2YN7sl6eDcuSDkuEG<45G-^3H4%bTO*_{Z&pf%&Jbjny zh~aaKfEyW-1ZDLl{=AqucjK=&%SP=}H5 z;XK;M>#2;vwI#P8?@K+sjQyQ7xuuMET^bA3VPjs-xZ@BrU zicdSR!@P}*)DIdKy6YiIoq0$dlJqCxQ`&JdioD0$eXAXU6We7P+2umGsbqka3ik6TWu6MpJ3J9l8qLlA zjqvA1nYoP5xZaKEa4O*l0Y9Q(UuVkI6VlW{OzFNfG_MUSJ4FHu@D-}>BZ@gD$W%<< zL8*VGG|i!g{~}5I13|i4o{NfDM$xGEfj1<9j|-ny3K}*fuY+FE_H4w$eTbA$(l{&C zIOEXaxe*odO^pdXsuS3Hi!8N zYMmDN8g2#EoiQ=ud8~NAQTr(a#9%k@wLxUug6ncu+h2^D{$!S0J?%FmP~YU--il!P@PbL@nK2=en+&Or$-C5)hv5h&bg+(6g#ED;5iCPu*ixioKI z<7wdo-PeCeqE9dXLqSi3ynIZ*UVJb619S&M4IEyYqRo4Dx&c!u)0_e;dnlx)n67;R z0(m+EL~Q=?I5cv(w`w-GEA2QAZtWWm8BqOqZu#K3&!2g5rNiqFaz7e>)g8*YEs^&V zq^vZJW^QsIMPx}cLqcAm{aCJoXpBg)A(?+v4qdU58`ykl-9zh;+Ogxro=>isNx>wh&)s)iYu`soSBB);q> zxR5}uXtc9U42knb>L|c|g9BWIXD80uv?I`EcF3{#5)%zz6`x@gd}iFSPGgh)1qC6r zxHgkFK7ouborF({&K)hTktc3{hDcU5t561imsYwk;H84G#sCad{bLyJ;?foc+-*!{ zpHw7lIr!C_|9BkL%_YF$=;J$8a`zq_;G1`ZXMNV(-(;^01;(+EO&wBpDiRsCp(dDI z6_t-{pv;-SF^Xo`SA7nKH3fF?GH9b=C>p8R2^(;IOW^v{qBRJV?a!ewiBj(mN9MH+ zN{M8wTDH7ERqMT5L3tJn*Gejmm&wjIwUzHK{n~W+(PjNCFG(UAah{D{3t>WEHEYPZ zr0olKfCHx7nbJP@2966GRgnzP0_{9ZMKafRtPBXEd-QRvNIDsTBn^atPcr<*L~A%x z`!sA>hbC0xv2@`wH3B4Dhqu8CHV|hoMGbG^qRs$*IPMrADW@r~R-NZ6Nl4h;aiJHN zhN0TV#gGAuICgex=p1&(0kf5RTjQm04$=!GLa3}Oq~CygS*u+G&AgW{ZM2w5tlPN@ zf?k|Qm#!^E2^2B}3>AeShMmRLtT2-mA)1ex@5ArXOj3Zl;_Ii>b5lL0@04%Pd7obR zj6HxN^{G8YixZvi8Sx1z67>Y`o23EA2Zk8zQL>G{as`W8p?L`m_okqR&!~jX_L`z) z82@DxFJpSi!KhmC-*44S$CC2Q50>7#YWDcU?DOmOw7=QOLOp7Z(=&!xC+4-lpy81q zV)AQ9aM6-eVyq5M6miE1O8UpnxZ!|Mo;<*DK03FU3wey8Tc-AEF*}aqC*Sgi`I_cW z`DpKIN0=%}q3zSM@xs=OsWUP0PzjSTHbxhvu!i^{m~SZm$FLsL*1%X~QB zJBN;>^L0MGb6ti(Cen{zVLEYdHW;n}=HhoLMyBJ^uupOwr_(Ih9_B^0U1t1<|qfaMj`n)*S; z%6}k{Vi+}L#CcSO^~7Bg*<$#FIsb{pCdJT^Uss_?wy#q-AV> zCgugmq&Tso)@Twk=Sz- z_8$X0P<*~UuNPjygYvG|!kByNmFVc!a(@YKdEe|4AQEeN39FZ>3Q>-|Og!gS`}2D* zN(IO&^iyGKf(a1x!_#;J_x!b}#C<9MN03~4p&v%x1pt1`mozf&<2#T|n1O`fVSd8= z0Q4k2X1n^vH%Euoy>oSZZp3qg}M zVO$4+H2dSy_mJ1*HfiqeMBA-c-bjJP6A=PNT|Q z(UAD5%_vWZHJDgzl2IH`1A6HRMxn^0%5e?vb`UPV@rTap!4Bq2~3lVS(1q&%z~&W zb7u-Z@pGHoo-hS}xR}*U)bZi9;~0MvOhb~5YlB^Sj#}d5lB?DdW=yhi1>2w|C#wx@|s2t}Tiwx@Rv0za&Hl`_Evj7t_NEAu#HA_nJN9vK^i1Y5`;y{lBmd8EYg~lbr><6$sLwKT7}Lc$t18- zoxxM4I?2Um)EyiyX7d@jlbe6fNHT}wr{BV=v;Yz^N&!c z{N#AS7`*{)5|bp;%uJHjSy2=`jiHDpVsTz@>7z--S!KD%^2$%Sy9G}Y*onyCDHD<8 zVzZdpm6jxTnqX#U#qabyJbHnlMLPIlOZYE&qieflx56JKob(St^t2g)v=7fjB4E z`}8h8yngwdl56U%I^=(Perh*3FSSeV%)^k!MI!B~j6-LxDrP+N1q-t(5@C@AK{;{9 z*{R*&DO0=TVzbnOE7MEvG@%xp<P+5 zyDreaYxi-Ka6DM)631x5SMT}v#r^JH5;p>I{tCbhM)pbP|%NnO_U2t zyQ9KmEyRXW95a9Vh|@$TsE+VF)j{nXC1ELq^un?ND$Md+n#WC*up$eqIK@eV@de5;VlUH?L@ytnnZfVjc-bXVTH?Qq`3JtCl2h=^IW zTcJVc@_G4YYhJ^EB2aG3rG862K>b!OzXG#Inl+8EgN zZVN0`>xby>u$4R@1R#O0?gVwv9zl*Tq-`lZ`snTiG|35$6`60({3sQPU}+hbEN<$E zm5Cp*B+jZJj-YSYt*q?%8e9;{#6d|@44}aKwpAmBhPejiv97& zcIS{o_vf?npf;dPHUdng|H2V=E72^rTDL;I$XXgXyt@0z3$DC=ii9*xK;qPh^UK~U zJDh)gtiGtxulDxgmG?(y>`GLvQf{@GC|9K0IhD9KtLQy68003A2-kr1}blATW>5 zi>?gh7cZsJ(+;d6=|0L!rURRC0E|!3|UmyRc$RMTWnDhR|l_#wb{; zq_5rF^8QLdO`zd|_z1$R4{;`IC#A-FEv{$rsF>GoP>0(shaec*dS%<VkDm1y(B`)IHzT7W(e2#v#cMQAbd$98Ekl4#l)1=2H|QF3R4%VL1QV6hN_uQ${KiY9N7VxzYJ{HGt^&uM)|v|)-5oh^Aj>M|Y(!| zFT;lfoir5&KN4cUD*>OX3?A3XMTMLA4t;X;tWqpV*`T-@c~&^DVepJTpnNq*4x1t9 z10H`$!_F+{5_s`>+J>+sel&) zAyaSZzgn=WhWB%+Z6Xa(Lp%ZoyR7F~Jy=skIP+5X6GHs;XteBu%DrHbh6ykqF2@zW!!MxAH#W77RO=-%XAXbX zvs4GaD%_a#eIN^IJiMPgPrm`Q%D^6Zu*Hj6eHbqL;JYRH+szJpPHXL>-AUe`w&{BX zzm$&Q!+pE!_B!@y-Krt4grLsBf|5ihm?Y<6LCKvB(1}4ppT$|wNFfg@CW54{qsE7P zzFX35ENJ+YSWx$3lalTNf09d2Ncw+dYa)z{|H7*;yR{>2BI~d(h|zqvtsP6t3FCQ}*B;OKpHvWgfa+-L{~(z~faY$SZ%(Or@91 zD_xiorE1(@l^h>zh~C&>V-2lB@V#0ubUdINS{=y`K>wADgE48cIdIxy2m6?d?OCDgjxG#dc@j z&6B|ENe*?Y)S1B0zbVplR4RXoE7kBP1{r@ACmHl{ic1#6fiL2SL&D#!Qf*vm_>{O( zaxvX+Q~pAPHg#c0$yFz`DMj|@$KMFONuy2?G_voD*eUoyUZpFvMF8kW=tRB&?~1gj zhz*bTb{uK~4-Nt*)2QK`z4;JJwyJT^QMBRu+g`f?J{wZ^W9_fPY2|-|;sK2NGy`N5 z0FBa((>>Jz%-P<keX>=od(dV%1x7c&E9gjF%Y|6FFMo0+?*BGkmtBM)}8XLgGHQ5WInz! zJP%(5|Q6zyx@g&!{XG>V@!Oxm57b644)ETNiH_2L|j-(a@7eX zGIx*}O*x3M4!-K^d^D(Rm?yB;Y?#s{)NV)C9`4|SP|BtSR3HjMyD|r}yXs@;14k=d zjThD7q&|*Yd!_uE{L}WE5J&I>1ML04EV&#Cbqx8T>0&7BejtDSmG_JO_Nm((e=Aap zwgA8COCUje4t0yVo~A+53A^W_MIx0i)cZgL9PsB5A2Og#e5u{gNm_#!dsKz>elHcW z%2a8N4%oGWYYgF`-O5xWo3}K6Shwvw;5+5Hptq$kUh3%HdaUW?{Xz1x*0gpDZR>Ex zhu>#+0LUsV8y!tXPk$1>9QFR&gi+8c(e7t{Scpl!7+&Ri~sQ*ux$bFy1 zybf7WHxX;1I^`np6Tft~{tRurV@P&tdki~Li#&!MsWnbwM~Zlw9Z4V~$&M67&yFv@ z^2O5BQT<)s;--EI=0!uMbgA0usn*B@w>}=cN0OYtt7lEXqj#=F#CaVECRrBRG*tyF z(lljR6hwcO?KylSE)rF!>iO9C-Ewc=$qnI5_CxNDn-%rD%}4J zTO%Vs_T_XH7E&sP^{zh+rGNyx&go%C5}m-X=k>57cMe1m$2^8^%2CGRNMx+6(}1O6 zR7PpSiy(935JMY>7?N%0(8SX1(ea&M%OC$Mgg}3tF4ixOHO)Yk&+WQhwzn#X`pOy) zM({Fu#`PN7gW{=rc+-ek0weZ=4V=lF}_)t_|P(b^MkfX?|7dU^9L~Phzm%t9}CSYv|ql?T_PP zL$2-;8~S&c6r1P_XxIB`@*gBN9~{p-jJbdMACv5PSPSpxpS@?p{yKj2!rJgw{W{$< zNw?m#{{^o9qQ1oF2n?>>dOvH-C$ts6>b~r*R#2@XHR{E)8(rD@pI^ggm)^6#UcQF^ z^?bZkztV9aQ`uY?34M<1ncDMb$Hqbb<~U<4qNFLC zg!x>A@)|BfChuOsvLuRc9LOOYA5;LCXAxp|CPtr0IP3{ipMm8cUB4IaY@IQZvd6>!n zh{7iVKslnyN@Qrs{(re@c(&b8@jm2)uP_BW{1`PM*-3=9&v6x zb=F`~_il5|i9a8l0#?5N%Eb3I?;r2z-|Pp_3jU*EXW}WWcVrfk&wQ!HAdsI=t!=&= zp732UKDHt3e>(LCxzM6%E*9OY-L7`a<%K@XaIAjM=legq+ULDk-AaFPmIsoIveop` zLwWJ+`9FexK5tj{&bkLTjZV*kF}{;!|CFb0)yY_FfaG=}5U*xB|p--nWgx~USs z$ukyV{w9noRzz9JM4dE2o{Fpr68G(6gU2FrO5Pc_&jg0-(YFtI#>v}f9`1}L8&A5C zPOX~zt8b)B@3%i+I{SZKkSkx~wc{PWbt^;yg)@A!g=%5BPd8v#rAU3p*-8e^@b>fP zj~6%3O~M|N5*CD1$2%FAcKhS56=n<@JlzQu*X;YnJlhCeFS)uUP%QLsWp!6o%^Lv; zyHRDM-xq2Ix2g$LgCFF}g+IX)FRGoqXc3dPY`dY0pQY>76%2pfJbLE5RCo&krJc(b z-;UK$V>BtKGs|6huLS&h%f-KpXL{_%u+FDJDLo61S5}1!(yaLXZvbyo#S_+;Soi_- zcz~_o_mts02eL*>;j{s924wC1H2IH<9Fxx+>nN|~r27W~ZXF2CdjsW%7I;5N4=_+& z-|6P#A@T_uEm%LrD9b}h+8oRg{nJfL+8LOm_tWH$l(a#2GP&o5ci0G3enN>G_25n5 z7b0jPRzdM{+ypVp!y5W1Csi0mL0tRpnxV*sJVj(fwljakjRfY*6gTpWlj1fT3Uxqf zCql_(E%542+V_>b>!5SGDuIJL8iptEd)51-!FIS1BT|*f->8n=<9F8=V%B{prro93)I?rsg2e zIH@^iqt@s>Uwv{%*U0vU+J8A_EF%`^2&#?HBy(oJ(m%?yCOHGU_I{fD2Wk@PnSZ<{ zK@&=83%=R#hyPq+pu_wfbb=Q=RwYo6qQLn**2i zU|rQe>xk}<4*i{2u8rM~fsGe87?!}XD(Hpxjm4$GKdgC$1E#$i%GQXbH=+_a>P6Re zV3B_U7B^VS5L#*uV3FpNX)SdIVDbGl`HyxKs0WXlu*ic@-tSQwvA7cQx(~8~l}S<5 z!mpEJVsvF><0YdXfR`lKoGaVZdY?5DD)2CsOs1%(ul$L9>1|&-h`~|cJ2(iI)=}Q= zvMnK;*GCb%HOJ<0+qQzjEG$D)p*tnnl(c_Q`_pK4`gfa_wex_JQ{+Ed)~E+JliQe| z=K+hOtYL*nD=BqN9f`z`lh|GO5!>j=_y?dT$u(!n8hysedz2(~-=p-7e_lHi10>-) zGvx>`C+sFY6sjA9vK{AwferlVm{aqdf(Q&rRZMtg|m$R3;(ko zS@W2rA!L?({HTn}NaQ)=aZ<2Y)CsglZCDz|byHSJ9{TR)^sxPo>HC~!rZRKN*5sOHVbyDZn07rEv@=5 zdlA)!^GUKTB^R0o;^eQb>4c|esG{R$b&{CWDa5@@z6O^SOmob%te=6pd_PTo>doAD zbG8M%V|`JGdYQc%poE?}h96WstD1l%SrW524r^BOQaZdPPqQo(Nfo(cV6lIVuZ({H zzLH#XuF#)>uOw+FO=9P+ZippGIuy_U_VRP@YeEnmCY?$}FnS`GoT(cSz!joOkHi-G zjNbq~#9rw~cLb;v}o zw_hD)uk=4&x4XaRo5jDxNL$_W?-#?@o&%<6LG0gZor1a)=Q&-U#X4~oDn z^+MZRp^=fbaJmd8Tsi!zEB7rbO~5jAO41Z7;iC;P@Wm@fVSU^;Tmx%y%@n2w~J z&=(Zhq!~jIe%`H4F=7@gZJ;1}6=uu!#h7Mt$d&g=MK~J11o&>-EihEr(~+hObvB2} zm=CRs&uiyJ?#zGVy3W%&Vo4+I_t?)XR;H=Xq|fhXQSIkR>BhFjHnuJP0oXQj&AHq^ z8{0-wPH;a(_PE=U9Du8^D#+BsJ*P&x9}x>F63;%Ww$1X-&rm8T4uAYaRQku7=I}Ex za335y|6h11!aLWOn)OpWH|Lu}Jnv4V-dV||5gi2?3$d3RFa{9<&u*75Fa{off(mNymXcci@kMl|KJ#onCQI2jwpQTRLnjmn9ScV_%vM2bbrv1x*mQR= zEKyD0#19wuq{^8Cm!o-MTIrnE>W$nvjv6kKB4Ig?LKcTb!FXB-<~LDT#YrsXXu=7# zQC{&6KzWgC&J`dR%F8W4^FUsIB-x|@5roH^oU7uEJ9*bNRh z*Qw$()eu<0R#X{RE7?TeH_LlvI*id6RJ(EVr90(wK2R(^ud^MwvmXZ!!sm6)vNDkJ znHDkQewoRaS}_JMf4 z6LQtkLMK~b6bp4HQD>#`AM?>#@fm2X-yAy^MG<8|Ua+RgauydMXJt`w7UXpv!vB|% z8!naDaH-@6z@^AFXEHo}#wms;DcuZDl1*Jm^nQ{<7tMp32_vymGb=9s{`Z#=G6ocX z6gjfQ2;zERm1ux<6>nm=vevyve5I&QVHNzun@f*8m5++U*}?XM z`3>@|cNJe#ju80}PC=QEMM}=VBK_vrIjw@CZUE?)29*?)w33422l56A%A$;FKMdXR z#l%McBtHQCL#{bjP{=b*3JOIzG~*^jg(93374ocg?bQo@yK1H1Q32Ou{0W$UyMw{A zRzE{ZfaEKqEGlwaCv(q7`XuMIP9t}2@;LBQ992Owa`HRm$-Yy=ERImz6PEg^D_JbnW~sg+m~Y)+$Zpi*m+je+e4l&aZ_V(vNp z(dgf4nz_##>qqWfglQUAsn6n?(LDmZ%^V1>{iV~SQ9f9bV3N!{ge^efo zB>zL#-+mnGZ+n1S4Sj=;^{fPcj%vIny1eL2#`BBK_;q5TI_k8!GNWvW}KH5 ztAeI(1Ps%jXkn4q0D{Ftl&fpO4^g zYO&WCA?lmzSs6OuZWy-=-Hz?4e|`_DN)PHk*4t4@Pd}OT*xjO9MqcXS$vE>~1*3ku zc|&>xa~kf@Km4?`oHve)+_{cLnWt&Sn!GAmT-7xzVv(}2DblRuMc(8S?yj9UPkun+ zoLqCRw9HPNlav$EvQK8`705MVnz?R^tcQ^g^DkRl0&v*8G-fD9ef%UcfBKD2v*{V> z=?{*b&z_+%je60q^X+!KHt3aC?Q*F!$g_X`!~f?$o(i^g%83f5pU}VU5$kVj(n>uG<#bfFGheEnWO~k?|3F15mvx>W?b|iL+KluSEesayZ zqCPvtPf|{Zx+BF;+C=ko0Av^PmP!LzQkH@W5~Y36K9 zOCY$B;J=Uc8GY+m#Az$dPe~`|rKHK7eaUZ4Ri?}@tANF6o=LV0e;Za+SrsKk6^6B2 zfu?p!I{g7DX>!e(%t)VciWy1DDR23J&}K(+Rq%!NUC&H^=c;YLfLja=aTKqPAsJYc zFRiBz<3QS|Qr)T1qB6a`p_u&m8-MFKk&CzKpJ|e})ARDfsdwVx;f7|)t^atdJ$u;Nl_U!yHN$FO!2V^78rn_KZ{p;Y&di91cRuJ#3 zu@gLYVqOX52P`VlXL}__uNB_fre3zH&xH7ncIB;iFM8CS?NzMX_E>V_t>dV)WkLUT z(+q!Jo|oLYX`&CINQT|CJJiAO zJz#~+y?WK+dv(WGw*tD6e1j%o2*|+-2mG!wPzWZUlg_1ovS~g)FP%&7+~kR0$7#cw zq|R7e1{o{kykb1deJKI4ABw=u=XN?b{Q>D*a?QDXe?B{%OH%5w+x)mn{MA9(H=R8m zw;<_;{`OXXS*f?%^>%R&?GtoU%5S3V?QvTSw(Xj2K{lij!ceQPhiACd64iGW0(4rt zyS?-Nd$*{*n6(?eShlo)%t_wTzxA|$oR_>Mcb4j;iUMh}$J}qAS9`_sqzPESqb#ia zxNhnRe*v+Rx9JZ^-jZw16_DA3y1Ta9e?rA%-QEKp24{(bt#ZFxZWovnl`7lr zxCcbs%+I(CFG)n?r7H$-M zYG+H+ACN62*PP4Nv$Lfn}h zR}D*oG?JEjl=~Ce!_>|mravHiNUk}T^=D@fNy-Vq30CbGoDr%D}uU`j$c|yE8NMTnVoga+*!xRF(|p%BN&ui<63tUd7W*L}E>OKIbwD+513MahFov>NeO+wY6+ASdI?0_}%t;bWGiP>Q z+K}8iFGP~$Wx=AXj#*q}F)M>WLHc=hS!X40f>5{t%J_h*FlOnFyfhMtWdw_O!EinLB&;NcNmAc${WWY7OUYP7zJBs4G!N zEqh#P>ZJ1x&W;~{23udhfA8HuPuF|ZT?|})s3(@J{ARJ0Zx;J+w$eQ%xR!c0(nlgG zPGH*eQgP(YaT$mrjyV)n0@G%Kl^L&DTBUVVMrp#6%FVQPDlT)U;vUJg(}j%FOiPz0 zI+&Isnr7O4$`R9&^_9@YM8`jr6?(Jgn=hW^3Q@N0m+sPkyN50g*oj)tk+DoxVAkFu zAfM~4;{Y_n&QFbH=cUHToikpQB9^+f6fnZ2s-;uk0Ny>z(mYD?DoG}c06R67xl?10 zWZ3C4!fA$eb@H|EQ-XCV@@dv}CBw*N!6dkrevKM+1i&(i_vU23NTL(i@4W06xpS5! zRVqZmk}^+!SqvyM9>*0EQ5lv|UglX+y4laper4|L*CW}FTI@0GM|Sq5Y*30|n&DhY zE^=99IKJhO+5-H|7JkQdyIARqee~i8R-BWuB8g65#q%;&(n$VA-+fxupR!m^r zjfhzm*JV}Kd76jZ&5Cx$DsyM79?6Q-Vvk`(S9RNe37T;B2=@cZ5o1!z0%P7_#%KxS z-adjVRQ<^SGPc+p<&L+G1)bbDKZ%r`mqa3WPI+1JkjD&yn&6y630fufWF6;KT4fN^ zbaSJfM9SPrq(^ciwb*00ky^uPNK!=8JV>UQq{5R2Jsxc*sen1(jhd?BKvM4&j3JN? z(0Yj(U0z$ShJ5K-fP!5L9sG2~I_I=tC5cX8-j_5!2224Lmw`S8Pk)q^+)i5MjvNtG zynKWv(@@0)zVVGNgHe)mTwcfpe|d!=o}-5BD+iq|BNVG&JLo5cOwknRS-)ab_Wh}JD-)4>7%)POD#CXx31LA zDSSISt#v>-;#+FjkE#I|^svcc zFHl_j_?#C>ast<$m-8ZbZqmBWiY#N&2$4=+6BSS@k+Y@<;!hyqc^vs}Coi{iUOAa! zn#;A+f>T`U%J`hZwX;)S2b3eOCF|DAm~d$`%geW8pA@@ZfAXYBEsf_}1;45`i!C;R zHzU0$=6rm{izGRLIhPwi20j7Tms&suA%9oFj4-eG*Ws()#mk#tpL<^;f~y}tQI{k+ zfve9;iIF?k(i`-nNLtfD?t{urS;2YCsyNN-k_U06^v&?XJZ3&)bdQ_dw|3xqo#I zw-L8HzNwYPJDA1LLzLj#Ib~xc(FvS;UT%!sISsQQNPWqwg|u$t(&wzK%Zw#W&80e) zzFOrj8_Vt7Snke^{Y^Z0fAZauh+B}PLcLc0C( zE!0ZnF0m(K2OV=)+fBQ?^yCNJ>T`RE1r58kDzKDh_pQ`4L}w}T{0;>^KS!6Jm!l(h zPU|S+QB<-dfK~#H^^Im?dFZgj{;Xc|0L#b`~^uXF;a~jiR0sG*^4cQv_{x z){}l-yn3eEsgvZ_s+*R%OnQ?^kEfPCg_)&1Zl`XzUJsn{yMH-s|xJ9)BZ1{SA1#TfkLC4QV1D-YG%zQ?dDZsaSI7G>~p~SaFzJP=WU? zB?wv~0UouHQdID0LW1m6Z0=6QPDv1*p>!u)Ny1-D{sk_9#cF3Pk$TZd-3@Jnq+W-T zSVFXBXJY9W0it!YD?3C-E002h42-WMMel~P`lw|Q(+cxCz<>Ghc58WM4T92^|0R8s z%ig)+`ewO=?_7dBTIJlAeeXKCN^3$5O4#c5+X{Pcz*p3&xZcW?dkdUrTY{uY>l6Ox zAjP@_9I|7(Ekt+W!b850UvK3dx%GCP!a=|#ru)q6Wz;Z|`<=XS4GIm92|LK^v>iR~ z{`ISvud`k{GGBrEbALBKMoZ||qnlFUai;XeoD?}pbb`J(uZEJ`xe!t-_;tvl&`()h z6)`L0j7!boXCmc6mH6(oUSX%B3wI6WguWoDr}PC$c&5G}*PYZC^ozi&n9>I%nVzNl z4VTbF1|@$*a;PxFv%kv(>o8 z%BaZoUhy6w6JSfJR607Vq~KI7GR@<}OSessrNlHvqmJ`aIF?kw^&De53# zned?`T#9uLokXiNiG#Z2WjZCyHUgn=*W7nIa!c zDEMJ|6!r1}47RV}gmDjg8EH{M&k?-2?P6nxS{7D&y1^%ecLTvnBMB;ggQ8%Bp;JCv z*?W|WRV}yO!L0co>u`}Tg_gJZ*ofjhYy`P;oK#^V!UAr~27N5XxgRsX$*VN3%Bp|z zW4FB7*oeYiE<7b~WY&I4-YCLzF>Tj+%IYBJrMTnrzS^ih*y>gj*ygGB$_II= zHRy*Ot_X8pF@Rc%o}iV|HL_Rbg8F|myfuMFeqB0yD}{Ofy5Qcc_wO#fkL@?Hxw#Wd z^e;b3lYmpxm1wqd1V%`r6GZhqFbKJ`-vmh-`z4D4sA;K1%JPI~tPbVn7&hE5YB!9j zu)!e3Szr*7+R-)dm4ob^s%lWu`BDY*ol<{2?+m{>$gpXp7Ryh+ynIE-C5eARktF-F zD1}X@tAz~2pBSXKh3GoCW%hq`!moV9~?XPZu5AY;Qz753Ch=rZ}SEI zXZOsTnjv_l)XXP&?Z4b@?^^lxmC5n*&)#;k6VK%e_B20lVv-+u`r1$9unH=kAcLl9aPg-E%{3RyuS4Q{BV#Ap|4!BR$g9Bn|t|3lt`FdQb9cD zAbslHynm^}IacT87q$8^I&Zzhnm5o3x)Z)U;*q1gaX(Zq|4OeYX?$@jad&Kf5gM82ZvNTZ$Vl=68&J_IJSEBQkAl*|9Y1L zN(Lwa&zCGp1|5H|TIH>!Dv)-=Jt(s~$;tp)e^^ygpRc6-_M*pnsUcVL%MBv8jBe@L zc`adS_(6C{uyevcT%&-XK9zadkwaOgui+H8=;D4U}D)% zo~tUm>7akU@%xJkT-NorV{i#W{$|5W41t+iTsA}-s4HL&I*ued;Sx9x9Y^k*N{__P zQo)*{3|JfoP>h=wEXfLyrDa}Z6D?&68y#1;(Q%Ku1W2gdnU?^yuKN<04WOf63Fv-W z@6%1~*Bnd2`ntx^kdTqGJxS}6?^!g!Q*!l9iza{CEnzca16m$ku$*3wP$dNX>Dt zZjhDKX7*cB2Bezr-G6=W`r+2=JBTs%FGB^f`C9$*;EWPl;?X_(Ns1Fx#Ch;Pa_7M3 zSdaSIq|2+&&PkR4cs)@4s<3TmrgK_Z5AwArDS8_W*d$HKSjM$8xY7?|6$ zs=77WAOpdT_G{rUohfPo2(oq%rD^i=?^oU*{Q+*2d5L*p-9!O3k2Y-~JYUK8i6d*U zi2_=nE3dn=EkzYnx7szUAenqTP2N^LeB*i*(t!w-Kp zi>_VulP(SQP5*lEmB9XPYfAOF(Y`-3zW)o`lcsc{tMd_|6z5|ci}Ns!qT zmNw9GCrDwSaa~L6nddw%v#J)(rjw~}VI1KfPoxy-rOs1|^tvvkNK;KIMaL@vrD*cq zF5lU)gz}wL5l`-@%zp^j)j1&l~ zZ-f|tWQ&!Fj|@+<&=6DeCF4u&r6#+f;~1KG(3`36E>_|D{`C3x7oR?V{;o>R7frto z`e1`jfyJQHKBh+$wCB$c-tRZy1bz9*y9k~ub4q>+*4`)sppZXnX;;B`VQdhErkx7b zAeKQm!cN#x&;+xvOk;4tV6iLjB7E-s(XXL(s)g*c5I>lnFh@B&rR5t-L+&Da?&(Pc zT)vBM69i@)@&mkG6M&L`e|sSrPjkNJ;BAGhysC-!i z-LLVn>#uZHnwA#lbub%sjHKsW2NYdW^CVBBf>k`?EH2W3<%M5=vam?gs7gfOI~$Cq zerVqYZqV_gZi7i6@yy$R?lh)yZq#( zy9d>bzMIjj++861#Tw*Jcym?-qeq5edoqyKT6+CVy$QDJGyz@q`sRA({{WUSGb=f zJ3c*0`>%WL!&U!SyX9DIJ?OECNpBqIm5NU#P&MX51(-$~Vs5itF?q22g*;I&vKr=g zsoGcUBS=<%dO+~rYNjW@hTOrpV8pN@mZOj2gF)3hzJo`5C3#_pa5j*ryaP)~zlb9T z?{rp{mHdhN>u<^D>vI%#bI{RcZ5RGcfjb4m@4GH zdx+c@oEy3|2mPZtEwI_pbtFAUB~d#!brcnGUa-7>3PNaBS+b%^IZLvtDbqNPlVHLj zk8PFYhOR$KB~8N7XR0J>U3!MVwS#I}8%^wItS?e6k*`!~AeFj9SI6Rc9o|yD1n~Ap z1){(=^?TF61^vn--zk^eh293!1vg!waP_{}9%6$7m>pH-sPtHYOVsZrZK=9mD2V*> z;SwBwWI&y6z|}Wqj#NSl&w(UeQ+TFL53aSfZQI7y-rBZpzTMikZF6hew%u-R?*D$* zfApN>AkR!DnMv;4;r_f)o}7?8{}Om>TfMclo|AexIQf;yj}5W6u^4JD7!NwnG>EUB zht>nGztg>9FA!>4;Wt;?4Lx*#8JMi!vZmVUQ{G(#5&F@5T~XY>tQV^v8QQT&xIw-Z z?%bw%fgeJ;gtYF3RaCZVmuB}NUJEd2-Q7pV*we8V`{pl8UVxA9`LM`Ul(G2zc%HM! ze^`=d7QJdlx-F8xtY0h`RY+}rL0MNhmvJrkHKZbA4pcaluD%LhB)SHkk4i>9up}8TLn0#&=;94 zLj0s_SRsV>IM;$%vx3i<{{s`Q0;{1TN~5*AYMWLM=8F+$(hUl4dDRQi(ydxqf_+L> z+jp|nd^ru4Jw=GUGMa%H@JCa{(&nhB?!+4ZnygDFNyh2h|Kbcgb(oqYRC4*E?ymCB zZ)5W_g{UzuW($v(9d{DxX&Qh(nvSJrRWIV=uWN0+sqijX%vQf&^e@=h=0zt8cH81Tv! z_Hf>NxX_|#`Jp1Xlj$X;^&Q7fPD8q*P;QxbOV*I`|7+U|MmrS{g(6suY$ws4~m+Jg5G=okFSS1 zp_pB0&GA8`0C`zzy++n{$Uzg?) zk3Wa`VIZwKws@owRB2Ykp*Q{HK}+6QyF;4{WbREfSA*gP`0<}a$R;zn`~hW$jOgiI z+8Y(N4>PD=)Kr{2#7lpPPaz$b=^d;C-k^`-{OKUCnFYHw#5u_!_HD_A9}7Je>CK84 zGDM;F4QU(^hF|xTK^d?NhG0wcyc2$$d4AZHKm;%_g9?CrziugZMbAzM%3x zEgVnet^!L13|mbf&`N9No@AQ|<4a0weTWMrd{5eb9F14zot4bAC{R`=z|BE zxU^uD^OSAsPVGT!%kdO(-L@}md9pM zN3g0xDoqs+RB9%?lT3PIhD$&w>rvR7rEE@Ij90n>e??6_j;Ph=DnC z&-GP6RaVbnJSfEPw%q%l#m7qHi&;Zu96kJV?7Ux_2(I*kzZ_w0{qQ?rr5}%cFNcyx7&1o4y%afEEUF_fk7;xb|vI;E6hLrm_WDNofq_J9g?k zdn7OahI?TvcfULCsF=a`^Lu-nvJvJYSZ&ib*Bj(tx@9+Hb;%=I`vCXfscLq&>{MC+ zUEDm5z+PiLVnZT%!8t^*Gt(W*xnhirJ4SuK_s7rRKpc)+FN)TM9Fz1?U!%O0*534i z&BhjF=8C-uAG7y+y@Ma;ouTRB9d^Mr8`G9jRe`=*hAW55nrRbj14|^NaUajwxK{Kj zxf9}NaAj$LQQ}W!eGWJZQlw`LnHB{AEfMcM=MsIP5^~UQWpit_P#vRFG?De0vw~k} zIr;Xpl}v>mh(+A=hKjn_CqO7Fymp8hhKgnl>lpaUQX+f(WmI5U6%%P%p$(iqPr2jo6}8C8h=YE=NTddnX3*uE+-@Z-v_n9%;G z%kvk%ZI;v(u|tHuSzrL!Nt1!P_*k2VoqPe^IF|6HB>8xAAJi!ZRs!Ft)%c)pri5@d zI{kA{I)*esgD!c3fvTDo){F!I&dLxA3sONtSB&u(Q#0}c{db8a737MNkQfZTR{NqI z)=LLLK-H>q#Q>>k)tgHL9nsRDrN@&j68b-^GoMXHE2_ zhEXFxawBXw&x)Goe>Z<$eXZAkH=~`LSE=DZEm~F!9)x_35prc0I{ytPX%oP>JjTKn zj;X;#hC>`<4S<2H5U|wmW>~IpUJ}U?vV_=H^yz4$a{DLHO2sdqCanX-31F8PFQdE> zj6A^oFsi66r#Mh5aWp17Q#nr5e#_@~+PZeMvnG3+xY*|61uOklUsKMFxLIR*b9X$< zmuT1?yF?LGBI{9IWITR9w^2yZ^~Zdjn-5{7Wg_sdG){)_38$54T_qRG;GMTn3yNBN zxDI(S3mMD4YlSncP$=2{nUvl1rQnCSjq-&`AVx1}|5Q}5!sRKT0dRD>lu!!(oc>Lo zBt{j!=M``2e5#H6Mp`R_xm0Mp04=8lO16r322D1>D)Sb6Y%Q7yRE+#T#o~dAL0AmN zo{v(R#Y4Rs+k$1FFva?>U=8uY2Omi_FK*V@#0It9ZV*GnY^>04*%@WdQ&+>03dH&o znriJm8+-rj0S6of1-=_DQds@)xQet~W6g|}6>6%i)^M&2s9!~pjii}7JgB4-edj= zEBq;9IX()-l!TumviMagtc#0T_#5;6iRJ5k?dI}o0H7=K*JYCtR+_?{2hpUzVP2;l z8~pW(0Ghhh*J%Wr0DdZD0$FtGv42SIN><^RRXCcPdt&y{YF|h6@w5?ZcJ9SQ;M^ro z{u%C$>ATDSWoxrp_Re-JaK&!F9Wr;$K`F7-^l-ThmA#~!~X5LZBm zNorlpfDF~{nzYDovW3K&3LLQ+$xUN(jh~YW#aYeh$qN)q)@f5zEjz=EbYGwpg5;63 z#ENu<*^y%}u~9ug@imrZxwk_g zf#B6uQfk8m{!VkL;njghZcW15@u-YHnE<~7`Kz;B`-F8&;}j0Bc|Qrs?iJ*n0s1JE z=t&Rb`ONi5so!=M1VF7c!w$6HSIVOyp1Gl`XfJsC$0m#M=%`m!px9j{SH=MoP-UGD zSoSybv5--Df*)7@`4tR?G60c_5b$F-Wt+D~-H6Xdu37@!U!(*E$97@E%eKlc^8g~m zm2fO}OH0g+{FC3@DZPZg_AoIeg{Z!`I+K}NY>Eok7=m*QxDxUItptgZY8f@~(fd@~ zaA;X3PfZ#bs3?{P*?V(hMS@z*Z3#f<$Rzw2bL_ z_Z-(~(;YB|gp9(ampMRd2h|d^S@<-mZF2#ve4UqQf_behzfLyN=&x@)8?YAEQ z>`nd^)_FAQ^v=jRXiuvoL(`dl9oZpH@c}Hb=;$hLJSmPeV>t@fuoXE(^!M zx}mwWy>1dW+@Ak5K2o;7quQNCnIkEH9Q!q^vdS;b^Q%B~)k=g$@rQ1el}*4nAd09(n9>9pjbjvN6klvw{Of$=)v< z&Jtr3ympc3p7SO4emMeIUxgpK$w)*{bMj+n2FDWkuzK<&y`ss8*f2HBhKhrf8i
    mXc;g%O@&SMf}`R zlNh9$k33}TZJqwvQmiB z<>X|{X6+@2gw#};!ekIq28$bK&iaMx(&Q<+$E>T6ae6Ppw0~fQR`FDt36bd58BjXR z-Y);<0b|XPp}Tjr&@?+v3ExewZq37oz4K+rAsfOvOGfl*JIf@dsFiP{*?+Qy6HZ4J z(uCJN{@U5cVih|f&S90c&ZTSiAbB)nLFc@rwIY`KJ^H&1l8_O@dju)D{Z;g1m0-N* zT1$0j%%%s7MEL5S)G+Lhuc~i2p8zmLY!`ng7Gl0(tQPN|KP*%G5=bHZmt%2oXCp>RoL^4u$f2eBMos$V@o^AP@kdU^PHbSKz_tb; zKu~lf^I4HY&vRA@C}75@zZpHEoT4yJr=lhS2a${EMYyCUVd-WJo>H4YxFU`8`x@BO zb#B;&=wmuP+_SUCSR0OB!>jqxQttNDYP6tD8%F&M_L&^61Fx$X`9Mqk0SJ!1gZ;b9 z?USgd3hwsIk#Y~j=;W1qpd{rZy>{KhQ z$w9YPl%s;l{&52GN|u|_!n9PSHNBn#k|?4pQPEq<-vkv2A*rlBxh zG!t$*RA)4pma=-{n?03boTvR1UQw)*@6cL-))9G2+V+(Y>i52Jf{AZw7zE>2DKFtd+rPH=L-5&wstG;kqJ@=1 z&F6wS$ANIiM6QcKPh9v-PKicpIO({45%L?UlK{;WF+mhWI{AN$D-munJJO7DPJ?${ zNc-Zn@|@|*F@;mvI)KDED#a(#u?ey7R(0>rxUAvI1P85fekddf zl)(>@4@VIHYc^971Tl*pk)+XIe|*;k7X;?^ekWN1?1YbUmd^40l}UX#PgQY@7m`mY zazEB-l+YSc^n9qaH?J?>CFrrsW})#nqlPIUNbsJ0aqU&~bcm6E{B`Gcy%Ok+$jmt2 zk{&rhmCKis_SR1+slc)`Ed1*-*_#H}t-(+fUNrRQoahf;a{5`fC+-ZCuDLR>1v%@Tv zVgGh73_=_GvLd3%FUP2Un*yUK%0j9;{~6g*p`M^*DUw{7Pu}zBr{Zgf1oj^MPDl9Vv8S}Us)TRH$AO5_$)2OjsbrV)MY(C z&(%WSNVOb?(F|q6jX{RZGp{F?M)B(@8SC zflkxRgY|(j&ueFgd>aoT{qM*myES-Z@Jtd7D4P}7=~xS;%$$I52TpT+>UTF;w{hEs2EPHVz$5ONK5p2o#Y(bUxJ(Wjq*t0@6c8F%E7v`0Cu zgS`HEyrP;J{>8{;%#~9$*{5N+?FMM9|C*z>>XPFNMrd_l(EgTC%D0}N56HXf$#j2g zcxdyT`YK;76fyrzbVMu0-DtpI_gVuWRy1ILdn4yn!)qAq!863y#6wHqp_e! zCB1lZNz$m}?Gz;xN<%;3FJvzw6cC&tM`^euZY$CiBWk&12ZG1*rB2eV$AVI0x(^ej z3?!Apw=QSWKNU90M}(>ROq>~l_v3yBmun(0&fK-sWG)Bt7le@Joc5GN z_0C6KI%D-?8}5bvn+U_s!eeu!4flQn6S!u{ni?6XJ`WwUe?%k=QEXFV#g5y2wRM+^ z;a6GcW||V%K9#vZp=mzc#ka$K;RRvC18*pBf<_8DALZgOrF>>R#UY7F`lx>c(2%MS zg!orAQssu}QoBnzNb#3Y;Xz zJ7~cyB4p>dCer-XLi$lk{ADj?IKZs-+|uN*AG5vw^X+v<52Ya>i(XM+ExQ0SN54Po8iO!szGCEx$a)hGbC^iiGd09W&Lh2xho0t zS$uItDu!qdMB&cx=4O?X@qUb60i7|*7Q?5IHcI7dn>LcamWFD3-lx69J%CRh#I%yj zJm>f($1u9{;#gsLSCdJ2FV_St@)5P}%{6~I+L5_FjL)u+>1IE1T2%xQ? zCJCBL~l(av_xNLqndt}pbxBq%g!6Io>N};J3TmLdO$}tzK=c*h- zCDhiLP`Em?$*v8?GJw{dfPLG_X zQ{JXp0A$7xb47|<%?|y1(L0i#$)OZ;Iud1yC*3fYIJfFuw6-jJE%tDpp`**bIeRHw zrtw+|K11K@lry&pWx;-;ywB-p5EQ1G@Vdaw>-bqIpAT^sT~bUv0>eH3Ln3uc3a*gZ9~_%k2GFNybryHqZd!Iz&BJ^sH3@P3%%!XB^(_n7e`XE+A?L zmTw^HMC#I}^@HIXYa}l;UX6ZjDHk=jFY4v%5SOWzH2X)gRj3bND|^X0bAJJ~53>Za z;SB%_gA7=ZxcLVjp-LAFfB6ppC1k)!p2ZnVdz&6(;`~5hE*^7Un>4l6yPc*Ehn31} z@lCiiUsNgtU35)>$k;B1bk+h|!cDJN&%_xWB=?`b?2oExL{3ysBJT4G--z4?30pgK zhAB`J+#xu7YzI2teUtu4WX5vAF4RpY(@kwTquOM06LhLwOI3eGilAEJHYg=m5}s`( z4YhE!`H*BW%0>%~I~h=%aLQI3xg>BON}-PzV*!810}ptljbW&cP$N6rpQZ#(VXyNW;ye5I(2C$91>m9a zc)djzH{jSLkkk$Od&@yCKE5t0C5N-9%V*a3PAg{jNqvhV71?ab&SQLM)^Dr~=0S>V zSfayj9Tz(w0bJ4?8pw7*QuAhS^HZt4Xjf=!7nc6_B&b`?2vZ*b$@FnjozvPI(NKlU zk61Ig$L(K@o{M(h=eTMpZwA5y@g$;KeT)_dfF<5)!KCM0(;M9-oGHXmVv^R+czR#P zkFv9q#os)bMeKDm2}Pu`pgYL(k+p~;T0)6MqagoJ2F#=?Xh%!3%J&jLTsI54;3=LrZG$6s@#L`U+cAkE`$_LiF52b{be>!ln~W+Ko4X`yYV-@AVPl z1}Kl{5eC^$UEYvsPefQRzU4QWW}IFE?&( ziY(0xt0SX0i6&;{O3?|BxJC!nnLJY$j}v%&k1kWRtcTKnWJqp0uS%%n7y3xj^l<|l z<{<`b_1N;vMvn-_z!w$TZ~+zT$M2#cJEu@^`qLT*O?dBRSWe^RwuWzC&prfbYJoL( zm5NK%X>7lkF!Vx@ARnaP@3lRDqHw0N+{MYt{ zsBAR1T)Id}PsWUjn{81f$6g+Zu5?Y6{NfFzZ`Ag5lt^h2=PNS}a*LxS~-*=}m~9Y(00q`{=duVXRqbO@-qy=g9n*d2w$ zfia_b_%ldh0`u^}{wNeL7cbERZZR?3Nt_`5h$@(Rej#xI%fBk(;&9C3^ufJ`NN@uP z93B;iCu|JRhE$+~m)uFTV=PzE{jNE&@kV_cJG+p+^g1-;_+UUe|09@QWwu zCZ*MEt^bFAl#i{y4tnwdqAAh$w2KdDBGmS3B^5Em_`8iUa(NX@IkVPFyS?N6=jWT` zzWeX{azW|06nkPr^M)`QeXe4pez)s_5hIQqYE_dQA$gUJ8gf zw!I5f)1Bpn+~ACU4WITuJ^X2$e1d{IE$lS6?-CVX4LuPQAbeYa^3wuXD;y6day-Uc_1TSD z$00v&7YU7*$FKhUj=;?a(`2tlC|PY4kYaCNKAnE)Kc=2lf4#71Q{)GG4cN$Z{2ovc zll2v6{%iq0ZoPI!4(4q-j6teD6ttTfu?`f}wp}RduP|B)wSx)CrQ3yjkP_7YLVMxr z=Q0$r#{p4PaK4sxESVd8)p!-r1h(e}i~O9Qd7U zAf1>~ZQAn-*5Zx+GNttI6y4s+x%2>-U=;?Um-H{|<|vH_^NINHy0@w7zo$pE8x)YP zW$DC#%l6}Ugqks@w)UDgBQGO|?F&Y(D;(JR@rNI;UtBtFD|a``SiP08=W}z1cRk{D zrMPy~e0-PkOEOAejxSBfztHs^a|{?X9j(>d`j;O%=(ub`CvV3+bhPQ2qxZ1{0A31Lpt_s`gaHb#w-+Dodr|5%p~_7bz2-03=r z4gPu>49tpxn*=zGKO1OBv3n`kVtcNKD$AX&kL)vfu5lGBGg$0(O5-`lJ zhqYU={UM`2Ls#NhzoKmKpLX@ODn@PtG zaAH6??d_M{v^~(eNUyC4D_H+_eM?}mqziHcnkL7=vgZ%s<*be=&zl@kWm%;vPKxkz zMo&6v!X9808=91_5#+(AB_ChrjmXsxeRSL6r}lximC2GK4n#B zkKeN6K=Rpijd}RIkkeLMitEXY-<12>7DY?L5qj*ZdHx{#|!ua>xNtg%wBVn!GAgCY(dDs@9kC+?4G{-NU&8uQ_Dk zX6acMw&80b`0P-W!kD#hU?-@H5VzhkD+e$rH)>}j3Ve*1 zv_ZUc8S!ROU)*yoN4|&Qw<%$0FlvPrp_`@}wz)6N-IDNhCHm zlrxHUVvN2FRvH^&PHijaABfXwzxRpmi6cPZgsZr}M>iSZ|hmX!z;d z)bKS7>UZ*z%%ka-+CO)*zTIS$L7UYd>1k<1MTir3bWwP}(g>Kq|Lh*>RCe7jGS-w+=oM@WQ!lnBwr;@VtF8s#dsv7k`+As-lt;L;Oo}=Z2M~9Nw(sgs( zZoA*71$u%ws85{WqwD&=KiA*O#=r`?OB3qC9i5zK^g0c->kxym)CR5Yc_- z6nI->Arsdq+;VV3);dSnnNaIfU_UEU+YcyszNNs0Ln%~ZCpFe1W@JG3<;!ZHX~Oki zAJqKU>?JN&9fgUb`wXUH`<(R;Y989Hw5!S>!WwzHKWMxvazrU%bGk4mY_qU6Mh#;9 zro>b{^O!U?wAgumPN+Ac+4NZ4_rRz3YtaAll@9sLMTszc%M@axC-Vn@v!pXFr`?^d znbIKjtaM%I4J{1eUKC7qk^Izh)bY{lrowdHR~qI^s6Hj-?&nY@ur5o|R)3JRpFa&x zUNP(-)AufWXYQ~@mY|dvhJy^C^)zvELDKf_wqm@7tITje4Xyt@NTvkM4l*US0~qDJ z;3W%d0<8L;j_(+IRoos`ts1P0jVyP{Hairl%noU%S@t>(Z|1&H(b>k<=^%xoeAN>E z(GW}J!dZVsqds9*e7(bVm~pb@HN&d!dEd@>kGFS7)MO}qTb}N5e@$48Y&RFpg>0>T z^{44hGOD!WT9t?I?u})H3;yiHyznV71o%m%WcT24z#UQ&9W}PWH^`_K+|j*Ehisot zcu~OD`~v}hDwQO^rPLS(-@0F44CY1sX5A0+bHB{|`dNhd=Bsw9)bZf*!G%PvMSS7% zOuB9>GCy?$LVT@&1NxH!*FX?_c3ywRnInR25BbU1@tqAd-OI%iV52Fr1=`+^n#H8{ zB9v8tY<0)(Hb@Ey`f(D^E@pEpep@TY3^#^xNC-ci2`wzEI=5+|JD0*CS{iWWwJhet zJX}`=oJ81vbYF#h4A`Lh)=GyW@0OJP%nU+<;--?kZm z8#+A~W+da=X)~qYOgrWj`(gIn6G!gYfGYP7u6dM~ivjwz53A)9ymk_d7W~}Q{rhXb zo=4>ywjIDTdE2mutE+(ph6kL6?fF0buhZ@RYP$n1#pBSPq+N6e*-HXT{28$bc*x{r z^bf&Y->KYmjVVHNCq;0uNk};_l+?Gp2@}0>UO_fM$PPpNFNH1H1!^%2gFM{UZZkvB88dzFpKO8Xr z0iW#isUwde=EMq@^G^(?qnFV4$F%wi=NBsC#GSjwQKV1|7c^lrgMFFOhL&Uy6o5eP zo3?rMGW^`Ub_AGoSUGRcEtT>g>*D}d@{d19yj^k~z9JuinMkF31YBNj746RtWhbG? zhE+kEGTva|kkVeDJy(L4=o% zu!m%JDsiE3On)?YQ+tj77#`Sik#}{1p_Z6rkV#hg5s)p3R?}5?`;r`}tcHp<>Dq~y z1yX_k=Wab|WlKIXs|A0@i;0%S5l=5#8_Sy5wRqyiaS+)A*JZbgoRc?wX^69ihGWZ~$7NvGrfC1i`K`OUrSTLyX;8kja zF^unT2JLtq{*!)79r#4@W;4!H;y2x;#mZZ|-h!Lv0%9~FpmX#i2{W8oE|^I)5C`i2 zZk3XNPb44>M}CJAoGuG1fQg6`Q{Lx#H^OWXxbOuzirL1=rXai^vpzNDPt5v`r#PY( zKsVZ5@(|@fwrqVx0m_^suIixyVQR=P-Zu|Dhq%l}ax+$Q5Z=z{8$7Spc-wJBzgZ#c zr<9{ETt1YNr1iXSppxrevM2kE+LG5SL^=!Cf40AO^rWUs1oexF&R08)ONh@cRGa+3 zhDd8PeOZuaE9RyLt*5>*%rf*X0K|pU=VL3Yg=I%)kZnj;)6f z|7ep4`(khh{rOU&ToltK6r$8e~TA`bRf9eg7|%C_ObYjKh({l>tg@X4g5bImFRJV+Nj z4hicSKP5%J#J})+g>Y6@9jot_85ZkpI|%b#ciqUi@RIByEnF;0p6@E)?|??UkpO+3 zJB-cdVWR41mi8}dD$3F-OB|8RCB8v!un26 z=eL2E-Cm0jZ=%(;-6_ZWTwsu86}9EOS`4rSg1xAEDWuxI%!tE;z~}fz@r{b6Gb6ZU z`!{)G^9s89(X_sw1E0zZ#-bn#$mUKvjQnW)as6@vn5aW*QI?7%IE$r4Aq9jC(!X0~ zWm-+8*`b*r{#zM6QUOdj@+OF2f6y}!6E0K~r>{z@kYvtZWKlA(rj$5{b|d}OMb|UFc^?__*`8qJv^o+h1-&l ziQu^O(FWkm;-X?H&Z(?_v3VnoI zL{pgGUAT-bwh$BOIpiYKRysG5@2re)EMvm&fD3xY8qV(&v>+3!;xfb->Py80!*Du* z!e4G+T@vU5@vkq+3{y=0yl%9U0uBS%OtEfYC4xO_{v-~gT{M!ud%>M2P@=Z_Ivs*8 zqxlfhuE0@xi_Wuz-C#9w^4IfKlNZ@%!k%cS&V&l+!}_woy}BuXoxrc}BLPQ&R`$70 zftdEl*DB$RqmSK2U>fp{Z&3rq<{vEuZyP0Ul#Ro_?CbVh&aM1LM49zK-JF0xO4>e@ zrA`S>DJE&VeKG<0$znwFdcfv~a&jQdU%=+A3?`lyXG)+6nD`+hF*y#N<#$%pTTu6U zm@5hPBMvGR&`b-pn_CU^G5<(}*jmbZZVQW915;UHzBbC;BImAB(zowc?;lj%$;xA* zKfK8CG|mmoJ66Hp)}DxhjOALM4zk;eAx~tUZ|;z!!%ri_K@daFgN?+SR&XEwcoAGG zl&VJN=bYO*F16l}r?H&UGLdhe=z#69zM%7c;H@TMRhfM7^Gip%r1xVg4G(&)No}JE zI;)oJhg?gzYT8%+e&nK>KAJ2}X!&}YRiv+2Si5=Y|LwZ*;|lhjEl#XY}AUcI4O!6uwB##Ry2UEuJ18qkHFwM~s3 z9=BK|Z8%o$InjZA(fw*kcEWrbsv6K|8fN$HBO3AhsP{2!esr?aH64x&(69{@=6`Hs z>qKtOCb;-|&a>s^R#AOy=?Po?gS2ze2>Qaa{0Ffa?*~#k(IwF3#g45ziFR{yQE^M& z7YlLK!+nXm$0`u=G`aA12@ zQwVM?@e}la>z_<$!1+?lVtr)lqTX0-!2Wu-Co{mS95@d_Jr7Da#r_)AYXuTav}T6# zQ6mINVSTTELPgF)EC6$)19QgS+}okOBSGjXr~CKfqYJ7k&WvUg!26*eZ=ks*%M)i| z9?initdId7_INv?RE}f_(wKQHQ)a-VURQ88cK`n|_0?ffZQtJlk`mJ0-Q6YKAl= zx@&JqyzaSi`yy@O_Ap-l2W}mk@QmFdaX{~t(+%S&au9GfWl7(m%6>J8< z#DY*j_F-YlMm%syOk0lvx`rN4F+&p;rzHLlZ+^KnBZMF-mBfRSUoOq$v}Q~*ul9|? zwtJQpkRM+2`TL?E^h8%yJ|YNM!IDur=#IcPFYz9_My8mHtB!oxSOJFC%p*fXzR!Li zfxGK>xnny%*W&(qu3V{}T9=t+=9sntTHLz>$imhuX0B5)1~9Umc->pl)O0@42fY>#@P3>Zh)>J#Y(L z-7%|mK4c7uY{=ftx9eIhEnTIv?gWW0j8h?pRK)33rAlZUIA*a&uU3+f5!{Yg1x zq2j*y6F|G|Lc19=`F~~E{o@;#5N*&WOWA(OzBvk?h<7Nhb}}=|pi=_K!f_uNgL1M) zb<@hN9>QQKCuKLn?KHvy`+Qh9ITlXa9A;!>lV})wDQ3fYe*eIYWC}SlkzqVft#A9j zP%Kg)u~fBbQn78B9b5e{z!LFe6P1TT%U;gpzvNfhcUZ39Wpe(RVC>K-+b7Cv5;$8nZ6`5lZvtChlsuAmx@@H+R7)G-&W;6 z)=*_J>iU;g+InZU9LG~8*ab7>wqpfkGk7ZRtpKt*EbozanVY12AXC2<$%Ju_llFHq zTK_jK!bJP6Deg)KvhKaNjG`lM36ZR`WEhooY`A7H4b2RKWypDHM0*@`=!5rPhp$e4 z^Vqm_%>j#{kv)#7k8R8dyh?(FmY7@{mkK67eOKlCTX~@d&ieDO7m|3uutNUs=H65c zFPFyHej7eS3yY>)4NC8`_6mFCfus>QV*OXj6xu+V!-`}}{~b=@$dEp5{u>^& zj&mXA;j^JQBrFt*qLMIP>58Q*t#&PU#Twj0W5ZnEHT69$ra9kOjfz$1v#F5pOZl1+ zYQ`;j1Kj(c&sxnvU=RnuV^&?`j9tUZ-4{fguao$cOwsb`hEe+=zS7W(Mi-DwL884E z9(vO;pvM0f`VMM7o?e*i{~SNC-xtyUdVm90t}@bKxgA&MB-I3LZrnXRMhujZUH4 zd>09L(O|m2}L*Ew?1y0g9a{=zV<^~2~Ezd zL3m^v;wOZ8TzH7G&)Pi( znjsrq-#3q3a>J@3i}tIkH1fMsY3G-HiN!q+4E;CZrc?(hfP={q0m7>iy2z3{ssraRH8F{x=?eKf?7{InG^T_t zJt0%Q+rC5pQx5Ly8W!AHXseU8n-(**|A0+jb)mE0?BlB00$o)Z%FXDTANTB%ZQof& zokYv>ZW8IJ{87C!7XP{BFaOrmNrOzVxr!$`0Y2AnE_XFx2CmJ1$-<9!OzgiaCw4<9 zl`I|O%|88d#0)}u!+iE;d3c_dhUZr(-ukOj-i17aF2*|94_oOQ4=MKa=fevlLM{@A zv6ugp-YWI06%0D7Taw64VU-}kt`J>UW`VX!C=I!GY(rJqHbbES{L<&(h;%T6fd4u~ z4y~|g#mB#k4!el3FXLc;$*`-tw%YS;YS|D5rHnaxA-}V2;z{$8)uP@ebir1FM#=P( z;$%yno!9v^BiD$-bTD%S*#SyHb`3O3?>TXg0Ti_TZ2M_Rz3m*9_1#XC*B&(Id z+9xWY??v3Ct5FV3f=n?0Qp{{!hUF$gv{1(z{?@j_q!7l~8ZHvEFTPLOb-amV2-3dz zeskbLUsQ7`*~{9VR~1g@Z-51v(j{tLDmS&C^1askCr~U z7~)kIHtZ6mM~T{aML_9X6^$LlVmuc7I>4+T-jOrd3yijBl=H%_bWpE!E9*U{)YeI1 zP`#4pbv+XJ^xSVz#4jp*9h8Q>aCB5{rIh?HH^RL;V2@xyBZ(DilJZUY+v752$}r!m za#+e%(+3FxF7hoE&MhfKBG?nh%S~sn z?R!-JfCWux`+txL{9EYF*V;UizO`nBT{qILb3qW&>q|8>%HNjXWQo2Za&|8 za2ozwada|AVsq7JI28up@Lh5m^XohU5+7dad zlUKFO0bnr7ME<`Q0aV z+i$-+ioFg#2ua(tt9{Wi=6GzhR4STpgZuq3$_vHTIzo=3K#LnN-PnTl-)J7|n(| ztkL6E)>!KmaV8vNF%E1EvrI#+L?!)R=M^;i1R>|DJ7@j2QL#{_Y6i|CN0Q~3qoGbw zCimgDF8%wY3m{*)Dvvy|ga{#tuVSl<>1tfB5AAD}>R+ta2iVYX?Rnt&~-P>lEuzF!?Le;h?c9BsXj{y7lC z$@-f}dLI1W@D~=--(qKQiXbXz{vgpRhcr0oHfg)g&&51-c8#aG^cx{y#){&kQXjTR zB_O8kOl~$W?)>5G*g9`&wevY*y7Q6O(=JqbS>b*&th)BZUQ}4YO1L(f~Qu> zD#Hab8DkvlzIqjklP?vMmM?Lk-_pB&LRl1VPVPY!F=Z>Be~szJMXc>@Zc}oo4L0Hl zip&W_+*(N;pXXfA1oADA+UlVh=`41by>|G;71{6MJYVT|^FY?P*fT&1Jjn@jKQn`% zcwgSh8BcXs4x82a(p>aNc8(sjFo4;aA(^CAf;!F?W0Y!bW}J~qs{d+k9FWLU6yQNX z6)v6-7g=`U7$PVfHBPn)zU^->|Gpzes`btw8zFG)Sf$2*9cG$Ey5o2vz_P;Rsyz}q z#mzlIra|Z$-puB(Mv}JS?8L|?E6$ejX(900U6Y_kAkPBUiCg=41~&tfd3fd}Vr{Qw z*p(Ml%_fnw9_w#gf!^?C9Vt5=vRlAz-LCyMGBUsVm>q9jF{`mlELcQFW0u;*2Ujm^ z-3?$AdX!h+pNB)k={Q8{e!8x!eleq?4~MF5n-%E3EsAvQ-0c6o@4qLTqL(u*pjdG4 z%i<(caE#YAbI{VI>KEJ5n={Cd36=F!9im6aEoBk3ib{)cpCZl%VTMA$$DPulE*d$& zeJ3N2E6@b$Q2Q&;m9JP|Tii>oM9W~=4(D<7GeyUQ3L)n+M|cN9&MQx~Mn zKYVScaZEHdDuuB){tFUODi|&HJA-qC_{DmKm6dLxACtHGNMQ&tIXZIW4qg*32OHD-EtG6tcn%qcJ8FM@|Nll_M8d%|?THy^{ zh~Vip@oMlgmE-KDc;mq0AEA&LZqnL3`KFk?nviaRzXCr~#r~FM!vD&jVi5s4oAzr! zlzZ^p8$qUo&LaJgo`Ig<%X6kvEucVK%bnfd}2O6$}>c!37Na@OdeOQ{RS+%|!TO1fTsed{iyX4^aTOt@z>K*^? z)KXc|0MKn>1|90TPE0dk7&OyE_t<()D9&(DXWH37D4g`+3Knab(nKM6mH71hHpVoh zzPj|(#!Nr`wx6OIVy*lovH-gha!i@%8z~(esaN8ze`;pyib;AU@*fDALZR2YS%|0< znnN)x)UI<2jVEp)X!YdRlE}Vk@@4=4WO|94PcCJVDLJ;;(n2>LdK?4*12O~KxpV9U z@h=)d4Q~!wYBV5!`ys93av^V#l4!ZX&8wdL%x=D!(}3s7YbHSJdo=7S%rX=|-FQbN z+*yxLmEyV{KKIFc3x8AlJLw)5FA8M;s}|QYoD!Geq=OY!`TbbN?9rRkNh`u2Tt!8S2BnK^vLShphYKW=&hU31*_0BU*~3BvgYcY^LE%g-_+|2% z@>VQ$NnDEUcNjKuZ(?FAe+;ks-|bqziV73#K}<37)(Sp{d6lBk;5A8+D%N=WiFfvd zS?h;%b8C6a1no@T>X|eQ3 z&g+8B7E4Q`!R{@4=@CLEtkQ$)#QUt80J0)L5LRcvHi0~numU^>#_jGYFc$h5Pd3)L zapt9UbfNKDH*I-2PZ4|&m?b1J@w&nLeEd|`p!BEAM;$>zED50g`22I2hoM2vR}!~( z`5g6P+D5M@4aH{J5uwA_^8|Pffs1jxaAFIZY^{`T!z|_ex#CB$#ws3&Ngbx|%Cm%k z)&@A4&qs-z4HH2K#nxM-dG{D3&K%Xv+=`bR4vA}EVNxcNaEp&01ZwHnvsgkSR{sX8 z8>*!4!>ttV%P<~6Qwf9iVM!=r5~e1t-LP@zz|V#=(pbr%0gIg`!<~&C*(c862Lm1& z%3zrJ6({|Y5J$tCK1ZAn*EJ^cpUN>21$4jn4Q$0WgC{f6ACQcch}pYhvilko$~pS# z_P8TnHv`);zNa{QpN3fs`CBfU#kP!lnZz*6qD#|@c?+1uBCqPgWiYVSi86K{P10-s zc0!^UWA?cF%JsC^IdTURj?BCBc+CvCPo}7(pixA}U`l0M=-GcCUVZUg!Wdq3f4$tc zxcd>EnF`-^=}Y*-*4Y_8exipWbynw@z)H>h)d*ETtDzAn+Ew%mNbHa=Xr&l=paE7opzat)kwFOL%H5HxR6WIl5X zcB6uZ$UPECjslY+#B-B)1O@M=XS`&1YqL^+Z7snoRCt$Z$5f`)t0%TjYB4-XeK>`^$KDI9vcM3&M%HXQ14rq?d-C*VVTg4oIEe>t0o86%AgdbU!B2 z;Ng;kg8XDYR9b}V8(GkO^w&e-?lwK3@@{;8@G$n-QEYUfzr2S>^2nV+VC3a-E3b9l zZ`>xu92vYR`KIK#@Z{JZqwwRx5FyIe$Ge8o?x4el@9X+8vKyK19=`>FyVIZ^_7>VL zZ}WZ$Y*uX98YMSRILi0AhX|tnGr9?HvytA|W8bpvANXb)rY7ZXXa9bpQ1p&<`RS6K zlUX847Fe{ z1@$VoXL=fMV$#{`r9-$nP&a%re$oE$mA+9pmfVFATewF5McAitJ){d6!qHQEv`$b8 zA6cmYu`+;^=Lsu$b2DmrJ=XuIrb&lVXrAr4k{qps8`-K1D{M=$oCC3Z?caWr>Vo@!jq38xuIZbp%$?E^#|7k?R@ zMu!U)DG!S3#XG?nAf~Gg4~3hPm_xXLVtD)>6y8GR`Rr>zV0 z>$Xt>})ePX5wkfz;K|5;p{nVsy`LI%kg zS#-Qt-(NxHG|Kr$T=5+;MA|LViu6D*DE+$Uh^Spi_m|yn1bmLq?fMa|O{>Afw?ZRY zDWXS>Tk@${mILiYXd^^fWy9^1$r$c12!Z#D_9Kn~N8jXKG&FTw%cFi*mvCFTGy1N( z>H!ZEDNc?qg9<1%;;eyjy8{tAP9-KU>#bX0jSgXA+@A7yPU3 z5QZpvvpnu@BJ=8)Mk2S(-|e!OMs2_4pMd?_sJ4ge;pzaLoTswt$%N8|Hk}Bk;J`Sh zRi{}iw<`hMrYQj)L-s#H_i2=;g ziX{^}JixE*yyD1+ zK)@^*_n~Q7(Ej!6XjWg>{tRG=Xvs6Y5xpOHO`ICQHfUb9E9C_=*6a*9cWWqa23GZ# zEhk3y4r?e;43`x4Ni4o4uFZVV!nD}&;$rOjOp59t7MWS&Geen1Hz{UHeL3yBt`S!Y zNKbD2tW+J}JP&JTxzp#$ydpRlLiAo4C=o-#pcGd#G(_&3i;0ipqmJsL5>YZxHf=Ff zj;7b5QAqaF+LZy;u~}Gc*6^7GMl3XT<6>jHI5?2r%8vo0;g)x*+OIFa;kE+-tQrB% z4tuw{FY3=~IiC_8JHM_Lk!DSbN5qUf7Obi#WbU6C-L+aqOd2 zJ1G*%L$uUp%{CtrV4%PJRmd~JUVpsVKRe?pFUYMM(l2_n?u%GWt)fm!Ak8P zFk_Kk>143A2XFQw00|$Mhf_^YLfH5YdETAp^QxWpppkWKzsIjfeLUjF>r*dY*L$Fv z*sCL@$gjd``BQ2Z55>__!&s+ATsrCtcXZ|#k>B7r&K+mm96EL)ziA7eP-vhGXbU1* z0yiuumDHt`1<_H7Rfz>uTQZzQ`OR=^+NjuWxYbv9_AmpE8Yq9nz)}LgifE4%f}pDa zN*ekFlTe&GkGlTW%|w;(##;sRXnIcHOt@*a zxwD?;OlH223_{RH^UmV@vKc^dM2k6!5_=+!d*-X!sXV#(YO+X6u1A?*Y!>a&cG$tK zk0$CE3dbKo+7G@A;F66GydQ~ru`Q)APm0*+sllaPZX;!wa!IwQDv>UQ31t`mI77hA z=s1JM!Ta8XMLfN8E?E#J5)>kbP1Fy$U3%D(>H^6k6 zVX^FtB&Vu|-C?q1>uS?tNTUBC3X)w%Egc41n+cRbx$q7S&-ZAHb%y0pO4&A?$EwM1 zgmRKm!HTVL>}>4z9q$0L@f1oW2_hDC91={sexK4`UuCnu-AWL~6VzYj3@))=juZW| zk>J3esVbz)EecX92O`NI`~@mhZN!|3xvX}Pi;ety`K2*G)hc*VTb zcrw=z2mITCj`o}bjhVBjNVRMA6!eZb-@QkqUp<8@%a6f9D-?YZLmG-=~GHha>l<~H-#=l)kVpufOn?0xyA=>vEnOpy^ zL{1WuhdexI5bnxv`PIs1Q*mS=FHr5cvy+K`@!1b_R8Ft8bT$eKb&WHLFAEYsTs!_0 zT!4cDMQhmvj4p*HRqbRfz(vrMNY6wz$*kuTn|Ou(D&0V&_=D(*7^W=o>0#+kju_}4 zeqTtjiZqpVD@W&niX=cLM>Mbp?mhPN53KQyI`1p6{Jl+o8ZLi4V+65Wa;(2|oUu!x z%TXj3>cD7J98?J)fXb^!Euc&MF*A512?I!f=KrwV`V)q3+;ugJ30{pyGc0Ft_R>!m zVwM+*DH3ugYxs;hl%&$*UAer zz8LGRN=Q2}P_%jOC}M8`q(YiC!znHZRz2+&<(0jnohH(ziOiZ>C9$m%X`Z;THk)`e zF2&mq|7W$#3Te2%6RoI5_|rr_etRdXyiU?e=8CR_7pyYnu}OeY7pdNerz-@%FyURy zCFvJw#2TTjF^FAL{z2(gBLFgc=Fl5&qn$U7={R4Ar^pWYN%{#Io(lRjp>-h0M}1XL zZCTUfSX~#WKG$)P5f)mhKCU(C_3hOGPDI^2-`NUVyyI2=2gXR83wnJE<)z3<&zDQd zESFspMrxj<=kD^BCUj0hKUw*8&(Fj4mD*)aHbm&kjP8*ViE#eZ6{g{Y{uLCyJNizh8$TMy=J zlZ_*xExDsg23r`Fj*Lbn94?XrAp2}1@$@T1>7rw}9kJ~HtWma`gClNRX((vJjd;3k zxc5vj$mn?Ob=jRe{ME&8UErx6^OHW~LS;fX-(r44^zC^kmWC$2`cfX_gZ_Nljm4eX z8vHqUxVGwY&!g%6vu0k8MwXjcZVO}i63D%I4HcEY=}vcZ;iUzz))Y>?n<#k}JAv+L zGCWpN>h%bEkrBr-T$+eYzAJiGS{K?Uf4I_){`qVwy)_mvn_n4*l+Y{Vy|DZqL=>%( zm4M|VCm_X_#E!siOmoRp7`?pDNS#dnw!6i=RI1~-BS&Dxa9O`Iqnp;_bU18cev$dP z+rD)VbxwM8OgU=q*$l~u7H%vOrEEn7H$l`*`IL~@>P$UiXw z07VYd9hjG4u!+x%C@BzR#DX@RFYSDwuI%3HhIeZjgeGMOxJn~@q9Jd`%Q%8M_FuR; z#1Kv?=HW=}?1}wRo&Eeywt-&z(ma1D9TEQ>XTau$i)5?|^T&T}z4LH8_7lZf$oVov zGaa9V{Zo=H@mcO85bo$HkNH)bBpcZNDoB6=K6jdaO_ur1ft)?{RqR&Q=!Fy};~jZzoYne1?tnao1`%9_0x_{Yoo z${Mr?^iPf3UdCXDn&yhI5L~~u&=KQ+Jd7oU~_U~mFk?NNt3ov5bCl<0N|nL1snWddjNeAS*rbT<2D zFzO!zFgeNrNB%S(jJob=Oh3a8z_qYF6Uwv1&i#IprfWHHIIxkefAh8Vq52whi#AYM z`e0sJ`opkCxx_RLXH6+!dv<(9bwW?`GLjRQT)!q^nqj|)K~)jYX}OV0rbCUqYw*Ix z;_siKu~%d~WK?GOZHF+{=iBTp?=oM=zAHE5ii|}uRbTKe1?Z#b&9lwBI)46+G>$f6 z8oC8m184_&-N=}QZ?P^DDzC1$4MD#*FBZYNThqngLsr22O6_r)c6+AYZ9S$hjOx|! zE77@AALu&osefM1Pk7oc!7PmI<$(HP%CoJ)=F3|^X)275A9C^2%75{v)$cTi3*wp{nvKvs0>xQKFFwd*cbs;7e+!`-#?70j~t#Ej6R{jVq&pC6jd(Z_Cqp0oHyOr;dq8xUt z`*(M9(nCKDH6#XBS-s&~{l>O7Ad$!~c#ll41)bL6M_g4L3yx-h8R#^=$1(0v*Bup2 zC@4AojL*gPS)aQ_^f{sF(SDu|z+>_|sYK@R&<;uZQr>Q^auMhqK^yEv{Gp8Ykz|IY z(;k}=SfJ!qse7JZundl0&J{c(Nt?6yhKZS$^Geu$Fj+^2KH;qtyO+eN<-d){n2n z+0qxKsQkwsD3+mzyEz}-q?CP`c0{3EPE`Hv5f+A4+JNB-7zJ!ZP(MyrX2q=O?%~V z*v+#&|FYnCkL&ZMbbGmQ^$={Rzx?j@_G-sjMS%sgKmGZfLi?x9t#C-7(!e(?>z}Cd z$6Mxd21UB^-+my0ie_ko9Bt1EcG~KtrbxNOI!x*&x{mKiYmoDE40#%DM#}lW&BjZ2Tl&*58qdQIq z4=IvD>Cia=J1_^Z4sYGfHB8$#^KpFoWN5oM<~|b}<{505XZ=U%ii?Jct)hkrNake* z@UmaEMVq@x(~U%ZLazS#2r^H@b}+K7$eNtX*gR_Eok7cA+4zcGXxqr+vRLBK#o`OE zGUR{fx?U+nO0r$MsRqZ2fdiiZ3-@(;;WW*JffKV!K@g$qBO2#F4m}e~*T)8)@{d37 zPPb7as^Grf3m5t7IlQ*`lmSmJS2e_3!{DE4`+N8sDLfzSCSGAJUhfOrtePuHl|-sXHDBdO)1pB z%&)!t)|)HoJW%l47i6SVyq229J!T}h&^=L2HfcpMludNh1W4=Kg7iDjLow{y(Oz38 zG_ywg;tXM)Pwnjm2{tduw3iCvKbj@-CmMCYe*0E3v4LyGSfc6*s($l&bX5 z#wjbJo@~Uv4^*(Qdnpl);%mek3~TSJ)g2yEF!~Nl2g=+Y(|_8JEVOcr?pWv$>dOK* z1ms!F4n_C44A^nlJO8CFO2e^tu&6P29(ztbBJ+qdOZhhsn?9qoJ9u>0*f6^+*uN(Z zPXl4)Ivb8A7NKvD>5m%PdS*pmv`su_1L_=hX_sMsBnD?ue=zDYK(gJzY0udZj8Q@? z(!^`qP|xTYj~`aJftVOqa(eO-!8qBjyHD>7);&2{{^hnFc;)D%!dZ8|{6*ya@p^l; zE_Qo}4^8+tgTbVG}95w*U1B*GINtv|^|LW5(>8k18(*7#uul9@;H z|Du*12Is^X{93QVRSS}n#up4!=1R`{t%u}!J&Px94F9<=_&N3-h%xXZ14WoHhx7cOASY%?lWtIYr z#tP(b1SZi{lFRQkX?;C(Q|v}Jbxy(e|9$v3ZOWDU+3gz3VB`1M2L>L}@m$P z6od)5zJ%)UIb>~7tq_y!WX}&B^L(c0jM3&K`$LV|8T%Jx{acM9HW?Nap3 z1i$o~e6Qhqdqgr0wlbBUUt|_MKwB~O`D&U9fOMbi&w?r2!#;&AmDI8^EW@Ye@h92r zvCrb*;&NlzZ|XSqsH-DM-HxP+=oZ8(b`Xg|U_X5ZGS}UYj-aHU<&I{w(besU2kh$T zGsYWPi+Lr}wdg*Lz2l?8qc`@qway?Aig2sP?mYIENkLCQCF3otZ%vPG6yyF$@u5Z{ zK$ZqgFTe%moWYV^(xaX5jYn^?W_k7abRP6L4EV$_AH zpHh&(@}j7J>amb!Y3BZ{3eYC&3N16C$84CcJDC?bCik7H7|g9MVGNR4aHn*Q>tNK(cyKs?n! zz4#XUEkj)x)go~rewIGcB_E>e9BP4Hwg0cK(lGC+=`b*6~Lr_*AKKtS(YNKoA`wccZYr{x4KdRdcxcTT4J zSc->=H6FwA~*5_NmTP<}tD$TON!rc@1l9FLP@H8mCu0}&S9R8qM6r43zDG1(}A z0NRXqdd0Qc{97f`i}7$PjJ+?k5jFYwd8LXvqLg}?g$S4|9BTV-g2-hV2mV#Ajc}DQ zup8_s4wRcOy$vV~(KYr6jI?jftflY=- z7mMR>#4V`d_}aUTh3&MH=^SxW_1TogbzTj-;vtYgzBFmQ6Hg~jCm#P8d;UZcfvo!O z0gIw(cH;Mstn4wqT9zSw>p}2Zg#bM-s1o&u_p-@y_vKr?UVq>05AAIU%-_zDGt-$T zs)?PmTz^8q=)3sqSd++X;-7F`syZ9kp`w(^zt!;P<{9s{RYsx&|80k z{w`S?&y?#c$nNbBFU%W^|ljOsNe=be%Iu$*WaCUg}yq}~ek1@Y^WuO~;V@1u%W^f3u zwYRBb55&XKtDqS|{$GMwE(K5SrVE4r9PE1Elug1x^u`cTblR~ie@Xb9kBoty3n47T zb%|&lYxYaR(#gB~1^$^)Fhc^b`+y_NFjKgMtrHNC8-IBxd5>w3>dLV_@1?;-@FjQ< zTt46tg^w6@Wgt){i2c}-X9}rUkklfhl@d?2$NQzS4P5F)Q{hyY+3UifM`HM_0TtvJ z-0*?wS;sU`}>n4(pAE_khR)qHu|04AQE z7`z#ncr{-L37g>iIZ=ixOYF!5)FgrpNBA>cBqP~9s@tEaYMiRd0%N{lp8tO5j&b5+(?Ra zb!)CvjPeTO)aW$$n)`^vZv3Z{Wfgroy1=hc=B58in#{$AMQiXwdFFT1HNiuo7}iD> z>CXb%1JXp?O`l+s;>jZERFpMJBy=P>AUV-~^^thy|6=`Lsqix_ci(o`FIKRiZEWJ2 zIegs7>oXSlVQBUtQK9fH5_2t;Zpkr9>wu)3`oQ55jp>iRcbLU+|NietNTfa@;an7S6rR6^czKi`xGOR2hEtYnAO6!+|A9 zw@j+p<-!l?OgCmv1QwG#O;!w@>&mERykWJwJ*T8XrqUM=EzP}pW}LJ(86soC(4^pio_KcPAQu-zLFX^$ubcCYn1+rm z$O+XP?>~a+iDyWH3C2_)Pi`0J_+x;BE|Ch8zL3OvV(^T5lb2R2BY~l&k*apBL0zaKAmmcq1`gdEuMius zv%ApiD(9zJfGqeK#ObK-+<+E)^aXv{WttNu$%uw6LM-4{7)thb7}h4?&g zq<-HE^^?je>DKkwmCP@y>mh@S7Z_@&aEx|^CJUa^7K;?He?&-Nh^(j)dJ99*rG*8K zyn+9jENRJlTi-nsZ7>Nx@8G`WwZDCBVZxsE8uWZ$f~#XvW?NDpGOZk18C>E4XaCwQ z(;$YGdN8-&!d3Jr5^2>)t74Z*Azz zxP;1U=I&0%AQ%jq@qH@X)tv|r5q!i4hY?gXoaA|G6Zz<^HRqwAz+e9jcpTG zg~@vG2QV)Sz`SJMH@QsIUgpS2qI)IN$A$S)H6gvo#VT{vf%-w;T^;A5U|7!LFGNJG z(PYF->9HN-Gu!?k)?_<=JvCjmYUL#Dlc_4K%X;?Gx{MGg7zv1u-rP4|u%nqY&#$Xq z#F!!)K_lZr(a;0-a$%}oR@@~Eg*^u7c&VUa=Y){H(RB4;fK~D!kPlsQ6T0M52D+rj z!4SFd;!6FWC#!%Y*LQ;ZLc3jLwq@8IEL)nNm{wP(9GzBM@PBr^ft8MRR5OV^trkp` zewuX>ILQY9#FC)o;^PqBD76PWbVp7e=~M(DhgLCwzI82@fc1!>#gf8cdB1IMP5@%Gh^= zytwQ!}X7ak~6EcygIP2(TwI` z(c5Zhi4xb%ti3*!>8v>kjIP?wAV|%u&1cmH9mXl0cHeKmdh0mol!YHvpV#y=FzrvU zl7Ahrugdr!YG2p9k0gyOwj1u(oN#ITO(_3p*gR>=bQ$ZU(t>E#!@0bI@ff?YEot>d z-8lbM9X@?si!x$WaZI;Np)a73#l9b$$;n`PbFzihwR#T8Qds#OAa+v<5UBx)Fdar+ zCZ6pSCEBmI4rFl)uch3Xom}d0<;~xbxnnx239oP;BioGftIWA|u9D^A){?d=%vd)x z=nct?Nvlt%POGn>F+H&#W(r^n)NFMG+`WT05c~hS562~uytZiDg$CJuDqF<_8ZF=F zS+2dh0nzYPt4${^Ca%3APi@unE1g;5?ljWlSmLjbySGF4!-^r`ed--uuWCnD9<2w( zUeT=gj0@&OF71=#r^oVdX=JYm8$CxAK_MH?AZ0uzh3opd*$Ww!k9tvj%5I$&mnc8R zpGMR;-51vBH3ypW#;_g%vh*$V+r|bcO0F?^Ch$UyIqO%_&65E=$sy zwVu4bZI~>+-T(f#_-aBDM4seHLm4*s!N6Ts8gU1A5F6@Yp9LC2i56=b@TbXUqg$eS zs})g+)!Toy9|sTjx~Ky+ zE7h#{({bBfcdSozIrPT9tWIkswDQX!XjgL|)~6qj_IHoM)Gdj<<~u8yO8HBfH5eq>lN z{<^2Dw%!FT+ab;K9&mTkk*H*tg0D6~jR@bBlHFVg_jI)zi=?V`Nw3b@@a6x5^NJKE z7pG__f~WD)gX=bABxsk2TT$Xqww)U-by5U3N7F;%Ct2^GJ)_c137DesdEYH1@1I$g z$9n%Dhd^2rs~z6R|CAmB2W8QlqU7P{y`ru+6Eh23bJV+_WTG?j*D0-3C~b(Fy5-HK z$D}cFMK;|ZM=j5{t``db0({>G&7gj^{7^}{-1@%hrmG6%Y`uNz>_!_nkowY0z+{PY z-D+s~)UtMxJKDKeYyK=FZvjHHPo4J=diLM*^>$yrAu+U-! z?~eoGG9Yb+Ji}@}=6^jpxtV&=BsX(mWiaC3628ZE)1!t#d8VnUpY*RFh?g&&J!a2sIIjsDbKPba$Umy z;Cd&Oo@Q=M%_GOp8&P};a`)7c8%p1CYJ342dOiua#2_&Bjv6)c!-$K@WuxYL;%r)H z>}hAr2B)}5Sjq9yR#K5S*=yCy>P+G|PlvJh|FwT#ioe1s3A{ZL6P07e=BH=^XJy_o zKD(svEHO??qR@N$D!@R5LL7BepS^v*i9?p3hPKBW--JdKq`0cSK^m_O96;W4kHLN% za%#ogU-QC?K9a7RMA`Q}=58WNoy=kNoq)Sq|ySuyL+n)0t{eC@v z*cWT9nKg6I%ssP;aPu-Sf0gDxWx9Je!E}S{%sfsxe>$Hb3M!~YqnriqfM)~hedR3Y z5H7Q1?^7Ydt}4=|FDXB`jsJ4=WxAbLJOs{fq*UX>38GpQdQ_k$-`B`)6%!8ZXVf=! zi-Np{H3y;m*a|8eU#C#I1P1%rw7WXlfa~fcj>4Od2m0qnNuT=;3=GLV<_Hc9ZUgit zsyB3C2V`|%+iXJwW^P1cTsMkj)NN+D_PIF@o0g;7oNuqIe;t_F=?C=WTXjrEPHSt# zX27q?)oR?`ly6Y75RA}$U&LC6rfRHs^B2eWeaCNt4UJtr zcvJF4+0Obc(a)MPes87(>XqkKeMCEKdVA{3!AjKI!{u)3&q^FKEIHBLa;>+iDAYlv zs@lh^-Ir@oTdwsy?Ck<4y{pM(t3zR}>BtHFN)+l`rKsB>%Mms~)Lw0D8%~V*h=L^1 z$J_QjWd5)rZCjnU<8zciG>s&6HA34Zy+v_Qds2wnn`kP+_4akC0?Bx~_2I3`yR6f@ zqRL7qy-?GB4hsQv+`KQ*Ji8#e*&nN-cris-<5d4HsEZ`=x^I zGKL9-F+mY$dL?w^f$<@?5FVw z6O&jBJy<$ES=fQwV_RomzYok*!UF|0r9&VP$a*kktne#*<)J?~xO4tgO>VRHqX(Y( z=fCI~J_~7}poc=$N#<-zT^9j9>(BYnyb?mU7<-6{x1p@W&hKlTB`*5|54GxFHa;qR z(=9n3nz27>ueLLvSk+r^G-mJ^INb_BX%JB=;8{0wpt7~`c{$q{*8jPTfHps3b0Xls zIf|M+bp3qP-92gJ{aRfVI=~%ibVr$=-)XhV*f!?t3j3ULO^rw3wk>nC_uFekW0ac0 ztF{@RaI@Xe3_B-l$5kU4z=o^cH5VvL=;;JIjpcs^7(-z0|G=+y1xJgWVwU0+bE4SRz7tjpU zl=!{rE0FiytWofdH_A|VPVWJkTgaMEX@EXw#Q9U#$;M~c2O=hJq*?qo3IP64&-+Zw z3k!B9K1Hp3uku}n=nGnmyoe_+VbY(ruyQrTca!%A)Av>d11K9cq0@G*wN ztn0e_+4A|^Vlv{OtA7o^pJ6MGVF(31y84#mw~E*9GCd+_VZaGjr$Lz^r(SZlP1)3$UlMqBoeH&LF=Pi`qCk4SBDT zMN+B+idMqiF2VTqr1nKDo_xBt#`K`80`zG*B5AJ48L{igiH9;SdvQ4twqAknfOYlg z=uysF6B$5Y;V6J}d0S%5a&|77p<~-U9W>{`+^wp_w2$~cpN=ghAYu4q%YxRKL#N8e z2!uzOTB?oY-R|Tm@pNOIbHYGxr7|1U7z9A7m*LMlg8$@iRG2Y0r0frt2=q2s zB6EkFlC-O{zyW#MNzVDOX{+w+_VUs7oKI(|k_#4mFq+KEZdEK(5hOqv3JRIdqmAWN{XHO?-S3M`X26~oNT4Hg9loXlk&!rSAm8+ZX>@E zxu1CEDGl7~r7!xzmeT`SA5HK5Y|)n5&iD_|)ZyQ!{I)D*@P1IH%Q={6Lb%aPSwHaI zs+chvW6SbtZYCo?-sI-dSRBk*+H|tWl6x47uMHE4E(&WDuAD0WAC{qi`>VU$NxTlW@C(lHv zUoz6-Hq;0yQ@-O}Sl(T7B~QD{*k{6-0BJc-B6gFW*8YUP(mG@c(dA2W_7*UIgN|q@ zRuHxds^RS-zprB`#~rM_fMZAhX?ED6wFDIdr;JPAsskV?owCsU&`B)ATKX6^lTeF8 z{6V;({3`-B=S`OSJ|;Tz>`!6rD$A+cOe~nPf)GsF)u1JiFYaB<*DC;k zr(cw1oaL48lI}FEM&!QdJ>PK57ynib$JEh!lrm+ zv?TV5+F=eEGD--Jp*>bsT)CdiUFQxC%PllB%lVM)O-N8YyjD&kU`)iw8RZ)U?FWHO_H$8843X z-Q9F^ne8-O@*=A+c-irD{_J(!_f8Z|J`CH=jw4w$co}8#cPMfJnj>w5TPE;@H-y%+ z{vRb?{nA&gFt>CBkH&xO$m&qi8Jc9Er*ZPp9hOsZ%7s&Y;Iribks_JJ{7cR0BXZ5< zPl-=I6juBKcv4AcHwY+cH;__f?M5dYgEEw7&N>Rup6BG_X4MIDCqK-2H5__BUVp%O zOf%um%6v>WSVi44b*hCB{ry@Dxnbm?U6U&$jo7m%Yb?&i>gzZNy_Ny47e%M?;>_aF zl@af5kiX;YTR;;2TEsh#_7|Q6IKs}ydH}^1tM7IpY5jdN5c8CRgT@SvkcrSy2Ut$5 zewqZj!o6i$FX80~)X?+I=k^C`naK;aYQ)?#> ztJR7i(U;1ccne$iS`Mas(xs_hh&V_c^#H7Jd5w9JFsO!>ko|(9Q zB0usZn0{~lI3&p6?ffnAf|_Ruv07jk`&#M!vH{f3HaKB6jYpE#eC<4bVg_w{W1g^x zw?-L-aVTpaLUS0*8!u*K3hdHr7yBG8JztTEDT&QP@uyWyR3Vh}i6NB_N3_vQT)(CZ zM=|DHE+p2{8l4)xn`E~8ad&d&Yw(%&nSHOAS>{<=KXw`DXoWNCqo%_r7Zn4_;A@ez zBbqL2K`pRP9^baYQApi`Dd1-^lH+1i>wNaqutOfXpz%Yt-al1q_1~=5q`_d#GUm`& zyi?Yz_1#E=nabBze&^hkmPgH5LN9jNMAl*oLl@4Tdrz<6{>E&Lu0q@Q@3op2#s&YN zyW;7`A{@&!hw&pC0O~?(^gdJSM<>7wclHd-?zkpPYN~-^Fbjc9x<6LkOJL9c`V}Gcok;p0Iji!aTw=64hK<_cQ|>2 z)8HWYz6M*tvRAjuZ5EM(1+#02n%YFI$2~o{Wt{=H!VXAd`DbV*RmjfyY z_aFFXf(C5XYJT2|EH0CvrmueQcbO=K6d6u@@EFl}gup{u4T@qa?IiW_AkrAUw8#Rw z`nQ^G2`5rMWT`6wZ&%GqI3Sd$E%`x5M}|M5J5y(JZ3A@?zLTgbPFwOFi+0(+@M+at z)i7#@*BbB3{^vtC5??_4?Q42yaznUE{7#fzhV~2w^NC2sC{5)!2sjJ@+uiYYgaw&V@`T8TN^8^`yobdNOOTFqy2VWf#M= zkH5asqEHBIn|p-a67pVU9T|F%JcSBW+pDv#q9*Qg%D+Idxv_9Bs4Rj<$pt;Vyxlpl%N8l(MR z$BuG_%V-a#Yiez@4FtX!#naw+fzM>Q5TTx{#bEV(P)1S4lpP=LVU|pldc`q+cwRc$ zlGvG=EYioB!CxR9JI9!?P!Ft5&5Cniecw_R7vEPCtvN7p(8OuR&?Jrbt_g4Sj>>(v zg%Y;(51-frFC$w?X=7Iv{IT~DzCOE5@UQXLWD5iESR|pBs^6M_O87C@lQ5V^O&`1Y zCL=rM@13=mfECFWrtxXBWjBo8BYg6Dl}AbZxtP59mL=GAzust058mf@022 z)Yqs99$AZ-=C+2_^72DPho|#(8~sXfB=cK9-FLWYg--XDI#hFQSCMn=yrLz<6M$G~ zm}Q3J58;JqE$4;cenQ@+WO1d^`}R5Q_5<71&1 zK{v%@M)_x0Iw{2oeT8Z4A;98c-H+UWc!QZ2G*u*TLah)Mc}SR{8&<5^4xgai`bJ4D z>Dk!6nBSW-QGona5a0%?`7X0)&l>YTRZNFClG>oQU06336;&Vtl0|ykmQ# z%@kPeAjYZ{CK>4Eh|eW_QEbcn$EYi02Ij&k-P7ycr!}ZT7RilySqT4XH55Mp%OdEh z*kT7hxA(h|;IEcQyM9hxz2UU!Oj;f4kbxpALNNTRKHeptA}h#qDzi**S|-3^;ijKR zBKnJSbN6~#L}f&JnaDo(s#-NS@-ex<0I$YHsp^;1UB|F%RdvHuRe2EXV=S7U*RnST z%MP}kOhwbZ#1i3Ls4BLz0l+=kfrczFnC--hkLjf_8hIO~7{kE4iwf7fzkEnNgj!yTpH9R;?4M2*H$Bo%K=~26H5> z+{O}v#$Cajs35b{Q>xTWJpyL%gCA9ubZ3eG-}r(s=8G}_0~QVTl>+tee8QP3JbS9n zXS!#4Z@;BWyZN?x^(sA*qddE=Pj}9z5o|0U=ERGDdjHqPyIX7he0!|aI zl1WY+HtJKw3e4(e6Z>Y%&C+7DsCp!`&3`E&w9e0)CZl0dyXo?{mjDO+UvG~AGkX(QPt9#KfrVf!ig?d-;4k z!N78cNH{{pL7_Te{z?PtbWv2n;b+hc?(EklCL!r#FY`*HqS1vc_a=pk$J?`OQOOeD z4~WcrSJI?pi+e-t_8b{u>6tw}!*hB(N+Jy>>^HN#f%%KFwz5)_j=SWxJS2>W*X_L1J z%y?IM1xi*Of>q-=GU7AbX$J!O9T#JH4HaCcq~R;`GSp<%cD+YU(z=OZiYW8{CL9IB zMP)~_FsbHwQdwghq~shr0$a??A6>HH_NPwaP9z5Wvm`ZMcPs8Lj^|2bxokZaDo#a4 zRs^j9SJdpq;UmXvOYu+XDS}Q+2Mwoh2Vvv!B`cUwC5F5wkFD;7VIvn|xzm!-9EJha8MKGAO{3 zi5s?y{u=CP%t0c}t?(X`-cZlR7;0op7t3IV3_Gd+8`K7#1O4iCXus(?ucF zZ(>v5GU!^=;k>rA_D+PH&ZOVO)F`o((i<7#q&!Y^i0cUt#J|3rqzeZDr@>JZXH;o) zB%qok6?p^f3c{)wfl=(hryaI^!Qbc#SZWz^=>hCtcXQ;;k_+U`cun}b=_ZT!Te(Gj z`o&X;DNBM#4pJrqFTTaqyi3nixyz+wZsNX_(Wg*M{ntToM;5@IDMT|^2X>-9dy$D2 zqgrK4Ih8#aQ?Ks3W|cL zqJMQ}e_$mb9shU}89LnwH^#Cw2=r4aL4(<90> z*Wk$(j*Oj5ck`7Eg^I(vP}#+vFPNHC$m@azamA6C_?ilnbuxu$MehHUHls-N5&&!M z@FG~myY47y4Q6O_Rxd8ACy+nLgMk``bSdNrWt|;0Jbi|y5^h;MmaR{Qv@gVp^q-3& z6DpsTsG;SVKeS2x$0nylB~&KCiy@%iH(3=ZPqLE{!8MDAYmmZ3$msQ2d{eVtEXR$+ z;=RZJd-VgbVDI?>PsJ@Ou=9)Eh}=4?szy4$ z6V;2cVNrybd)Vd4(tY)}&uRSap=YW9`m60sLqQNuo7si*RUMa#xN7hAi?C6`VPJQ< zBj?o!^M^X{EFB7rl`#UY)>-Peae|DNpTe7Ud6-Iig3!@{?^B@S1Farr>#PRZnF-k3 z>@`NqzaWvDd>b}`A5dhpTs8Jb8{m;qKH4BKuGR+7HTfP*ykDDtKC9F_t}N%SG|m&` zJlB)JZYT^5jdu!%NM|cin#R7UY(XpQ{d#mkYP|5I9cHIcFug3dmi&l+nuQoU$oPfmLHu!s`Fd7yyqe(jWl;mJj_q*aLK1 zj*=SX&NkO9l#>-SWs93)Ok_cvY!T;Zpm5-D^_TS`&(Tfh3JwtqD9|r%;lfIJj_Tvv zoF&=AI`^8!c%mRe6)<7%vsRI;x{*&4ZFCy*9!)7FUV(t2#CLLN)RAcvee}85AfuS-pmHQa5`sKQAi-~&*DPf8~Gnfv3ER8sQ zJU#PcB+i`kff<72$ha+Ed%2f*^bpS$&9&}`eNYG?py}2xgn+89Q?IaKY@B3Dj%Da9 z-{UzE%ReM3p1FaQ8O zx!5N6Mx`_Ghi~ZzX%B+}X&OV49b;#|A#`=37an0~5X%tlh`p4(4@N$3AKov%5!w-< z$c;wJymAYS3G@hfYg~$!TsDhI!RSMNBkUkul^x!E+`kKknt;vc1r#H{{6V<30-RwkCKbkl@fxAPAm=Thw5IQMjAChS{2aP2v1tI86D zcLFgY3Nga+0b;}+(#{9t&D`y=QuFfW4NK*x<@)WNmyl5eOu(m@L>LwDyw*Aqwl=U{ ze6W~|e{`AsNHBX#5_UJB@N?NZ>makL1=8oawT-dA&yBaYE*xC&O9V;whPjbhlCQuk zme!37MNXIThj9IN%rN@bvwhA6+Xvn{p%HlNUXf<8tR#-~KeaZ$-pZ!ESwCzu#~u=W z0EX(NTZ`r%U>9^vOS>>RQyKD`XE-wpCF_x>TErnPtUI7mux#?_8slK?zQ()dIdYe5 zBVpHGc$g_vCq!`}?bB(1s@@UNwl|qoUA+ z2}yq$ukhJ_`J8QlKVVNqy{nllaQLRn1ehIaj=jb}Q`Y--l(}hq`b1gNaJqISdyt6lC}5eUszCe=hXVVaFldCkk=uccIcZ+JFvx!Xenj7Q*{;bb%(t1BAAao+@utEJB zla9A^1zk`n(seL)MZ$5*xh0;TsZPBtV0>6og;c%a<6Bq9UDEK~WUBC8-j8}|(aw%p zwjoVFuXp>JZyY__RkNajt7zNS$A<&k#gHO}<(D~t@WzGLO6ay~ruLiE#;+lnqG?HU zjRsISrc@d=cueYcrW(%CvE9tSVTOH+c;(kmeAP2x^L6QxCEC@JX%_p*#O-D>3O$Zt zl(pD+cq(g4E}Z%vbxI_~T(E&}=hfg+c)elN74?P-IOZEEAbc$jCireXtDU7gX-_mr zb}1me+`|_-b8iwh!>3p`qC~Fq*yg5kc|_@{#1&+tAndbHDek_=d^;1~~OC z)3d)Z;RLzj?PH#GvT$5hxLhH!lE4OH7MOvtc%7Vvv*tln5@56noSd+pbaIhf4|95Q z60_35XtTuZDg`O66AXp;l%={Lq z4HpK`^etWkP0Xve5jd(LoJ@FSEB^GnrwGLD(_NvrPmLl8N0DkRI4`CsU{|o^nc+h+ zeEecsMZO$9P(;K^-6}{SRG49npb+gaPpvZY5=%M6*OU!_m1BF+vCf`^W_vfQcW;$C zz<=`98Z%ZjE{_6aRD&@nK<1nFj#BA>|9d)!qNb}qX7crKf^EKk6zM_4Q}GG_k1)9?Mi-T$er+<|%JOXn z{4|sTxj68NHvW{Y2uojkyQ*b(QC{UU3vK#Tf0$zoP40H^H@ru|*^?9dgk0H%*jyg! z2d=g!(PFO2DT51FkPs`}3YD~_Y1rQn1MAAtT-1N_tvllU z)x2>N&-E3e34#QlGQqpdu(J4m#wtIy@&c+TO#8t)%oqMZ_ZaAPuuj#k$d2Q{`;!@kKgB|QvRf_^_>*>-8_mWjAAp{UyrLmv+pxpb9owM_cRu6 zVaOS($wT%sz^a$%=PrSlD1)+38`mXNfJ~=hA*G_xM>m`vjSk;TqnG&4BW`9PeT2Qq zkihdwfOk~N5*528@gYC2vt4-8rtCszec(*uBl-Lj{r<#5e7-0^r-EQS7g20$PgElZGxKVL&!xU&H&5NYtqc zPi#i)-%mQCVS$`6J?3TA<(5K+#*P>8_Hz7*U)@j=J`>={e>49rV1Mi$`~0aRCI7>1 z^$$X>QF!~Sz}_>m2KiUgazf}4Z8nRfm6*XD$jBl=1dm)j6PRZ)3l$*RAYo|xC$wXZ z|LGp3q!pyX>m>m1{jtw&6X~ZGkJy5e-;asDi$=LblHIs7_Wr%b-!8PS?Tk`Lxwzssgc7si|JFxm=%g&ku77FyxUrVvsdBX zAk-l`s?i}rnmzbTW8n-Iby>i=4$<%Y>0F5f8JY!A^BK;-hL7Sk!PQ`*P0{=txVT0Q zxWCDBno!O<{yE2qgFpBu^a=?hP3nw+s2`IwAK^>aFSSe;A_NPA_qUccny@+V@0&mB z=v@?E@$|OAdhQpuw|QCv{834F%N;+5342xJu|&6lX|h(_0ET|372i+tgJ--(?G<_h zx^uTvF8PHqX<6dk4gtNGE~v%ZXdCU~;vbz|e>Z;#c;1p(9PZqsu%32yH-6)WupDEN z0DnybV^DZ@BzZPC@9N^A9fcNb6-bMj2-_zQo-}zuFYFx68Ie{jBa;A19Fuq|!_sB$ zs?CxI2xhhG{aX<#M*RL}e9!5F`Qbbj4+z1TY4;?@V#hl(_Ci9F_D{$N7t2|`kns^m zSbJ+xSc&&s+;(;c4)GVb?-ji}etjlAiRKDWvk^1;?27UjXzMy_@>$BB8HB!lzDg99YeXq-}vF< zcB$y4___zeCw?K`r;L%I@sJ3w>wnAQ#`NjU3LSB$RyZQ&KMHi!6dLvCQQ4FZa5%|` zZ0U3wGlpvG49MiVkQ%5^Q9JL#QvK$u>9JPFO-dd&nQaN^BKrn#dW_$?<2Iy98h~b> z-MaFh!ys*6re3&)ICv5ALjq56gP!#JClMf;huGJ~_gBp^v9LG3Pv9x?n-Nd&S?|;D z;8DSwDM<6%%HYxPl^oJ4461AVVn}fsv76xgt2J-~NE3XXiXg{7p5=%T`I>V?WkjXyhzCq~u&(vIU^4@?= z%@NqtIA(!uVZ)o3pYjJO;sP12W*GSb+5pZOni%U*O`@mM1J44q zZWm%v|A%vsYFs|H1%eSnMnz8u}J6_<(Rmp>F}G zAIHtLRskp)9c8XWxLb^a-%+V;#J4%L;3A z=tEW-oT^((VcKQosIbF|6Mh;VdmQl+eBxpGsyh`Sa;D1_xUE-#7(S zaP9+Jyztm8D0C_#GU?OSm^9_8n}OogdgA{kq!F>(i;Me<&>+KuF@_lRDyg3*|EnGv z$qXDj56Mjk^N!&SYi|0Z{-gb5a?*&f;PUBAwk~d@lbds@V}a~8GVaIwlW2F(BI##1 zfyfuAFfu>TX6pKmwkFLYF6%t-fwVwPql---Cj%?LENxS~cS2Ho7lowH(gE94Mx+4c zG0|(1cmT{nIU6I4qk`MdBpC~_Kfn;@EHEZCf`5`#S(XhvSo5g%{dMBn_f(@pa6`!C zS}yg*g6Ld{frj3;a6BuqEATbw~#JV7luqLE|7!ru_2?3bjM)!YT zdXp|xI#$y1^yYa(eAM4U-SJr0=vyO{uZEVncAFxE>3 zrz#jgT{i8G$-}3Fbs@uGcEg%M+%q3qp18m70mh;Hwb}u;IvM_Q+!h9M9kNl``e3Ub z42B}EFEW&D)SJHy42aur^}o&-^gv}kgGaf06YMz!OzDisrLk)J51VZjZ0KRA9-ku^$V=t7BXUIyOi*MBoYJ03_BFhbuP9Pu61wWfvW(rk%(VE_Tp9VxzrI(?BOSU&f=H- z8x5-x1TSt)BD-kH(@tko+4?9~tVIF(s*y3}9AC(0J17_|8N$nq`v0K=)?h(sK=A_Y z4?0M3>=(a-od=d?LqJYiFKU+Luu{Eb1?A#PR?sJnz1{F)qBPQDw%sS>b<;>~Wky0l zm0w}^kgXCbZm;%<`iUojOYtP6tk`aM{-sZr+{oW*aWixXO$sk(e#y%A{$?6WY>KWH zr8q)$ukl6*%;r^!fe@tglAu4>@|s9DLBU+xIuZi3gA1S)et48gv9;S4Xf6A7x5CsQKwsKkEE>Zr+VyMyaG^vUf>wH>_uGyP!_8Lt2g&= znNS+RRd9e}7cp26e$#w`LXf5yq4E(SA`8PuMFco=%#fNseEv{t2ZRf-Pc;j$gtOdh zG!_JRZA8Rs-%ni$&PSUl!1zOP8DZds_B757Az5jS_#V1iXuqBYK5El{%<`A)FHO94 zyyL0R@TQWuL@4I$e_@;-t+=qC2+ch-7}Agqf`erVnBSlPS_cycvM&jcyy0g#1rlnM2ga_`USq(A7dSMf-@^J-@b35MO*^ES7sO*s zl(WB;{Md)6ytW^1r_H{J9YfhJINf&?0ap5<^(`KAUMql-xb8GPq~hxK#UL;H&4hWO z*g+H**?#|Mr~?`(02 zKm!el9v~~9i194JA4bniB9&C>WE^kcqA6NSFaAgI7xIJ{RvLKBK9N5`|8N9LYX|@S^1;cww=;@-YuSqmN87@VqzHb*XC&51qCBci=eI}#b z^ME`l>XMt+@L5`?*D*Pz&E+_=qr6a}fCvj8x&V)V(UAekL)a4kamWy+Uoq8WCb`@T z=ms`84<~_Ri6yUd5exNg_|fJ_oVOe>Bk6y+6I&gTo#`xDn6@imM4tkm*Yapco#F#v z{GNOKtpDDPIpchF%+{Y{m-GWpGSvqhUTvLJ(u~eO@lF>Wsy1K5W?s14hdcVsgvu0{od%&TAB#6tOFzaic(uWHutMaf5t035>3$Ki0Sj z77MWWwxk@Lw07KJz-FSso{P2{K^Di;I^6&4ZhJIK=|(6bF{LNrqh|aC2eL_cGNfZT z-A-nkIRO-9p`R%_YT;Sd>jV2It8foDS;I00n`l`moj zPeCXK1O}N5MIpG&cUmd?ENI4t+CfQWeN*ex{1Oj01%hjFdc(X^v$YIKbNY@Z&J{7E zMR#p$xl4RSA6s2)vxYQtj5F6_Cj5P}{e+3vW|OhP!1@atjN;0_Sp{xn0WG?MG#3?M z5d5j1L#7x90l?q!essRky?1J;#R#HSye^VBK$AJjNg~Z9Lz(58HaCmec6sdUE}Zuf zS^RNbxNQCFP{`2-)`bPv^-RBm2zie{NAKH1sNyTQFB|4fi=ne$EhZwWfW7)Rca`4M zxxIIg&=-YRx#p?~b@CIGX6o_Ags^WiGDH6_+5~b2-n@|PL`)-tyCbJEnfsUxYYoo#d9zk81@oV6PM%|43?#LhY5R%x#>>5Xp&Gjb{Z zKVr|;=lae|hAhm{QLu8BqvY+~S3j&7Qj;z<+{`CazvuKu9m7N^b6#w=xY{@&+gE;t zN)$<^QY*2sw;Xo*dX84Xo+x+zi$f(`eRCcp}BdtSFs4b#l>suoYq zgXm8Cp$>&S3JHnOXw8?NbFU1uBU8_R|FVkt14Os>WmP7ECfBIw4{>({D2EVAk)y7& zm$?^De1Dl_s+-)&_HpXHMC8*L{WZ>}F7f=KbowEUd`78-p)XjijIdGes@tImK7NyX z|6l)$ozd7{_^w3$CHV5$_**!6uJ>|;7a|vzj<-Zyd?Jh#V;R2agnDnXpfYKgcxK*FJ;+gP1|9l_7zp z1||MBto9B8HA3l#*`ZoYKpnbJ4P64Xgac@~l)fcYm87+MNAfRRCqsT`aGs&%1@^3D z#;g&xEMmm`gJkZ$LRTye)l+We^Nwulbt{msdZ z@N|*gnF!o@StH~5P*y(j3k`bvR0rDKW)I6Ebcwv0ib)=^I`u|ksJCKQ55|7@C&RP8 zFoS;>^Nc6d;Flx0&pnuG`O=A8c9oPPM|Isx75mBg$5v2uJC`O^u$H3xAwa$tEI zBqrGe`b(V#kSzKM;br*qw_5Lnqs&`AT%lhkctZbW&AV?p5t;bs{1Tu2SbsrDFh!R4 zk%)Y|oT-Ul6IaKs3FYs3A?j#xPB=FKA_V5=iqz0LEdkJ?5w3}b1b0mWKWxoJDtV6Q zbb_cgh^_N3T|3yYX6V%E)epWXY3qdpADK~ob1W!>EipZ*60{4+^_+ds5p+h5c|;l3 zsLlg4MEbYiBWC~UA;Dqa_bX~FR8ZA(l!vGoSn!%iQk1Lk>KyW8$llO%2bZv|8vi%H zolq|VSo65;$t zLnJ(AA*s#z69$3zb0V#6iKR$C)i_RpgvBJManFCAc+o(mlEcnOs31)m14YV`%|H)a z6f$b5x?UHv*5xJA0!#lJBZ5*#4O=HnA(!aNZa8*;M~S8rApMbu4rNf%@+A7GEF{-K zq%n-joqwuZ#_(75Ak5evw}02^xL69YJ}e%*zAa^f-}@%#L^)A!ao~beq0EJ+pV8P^ z$1svklV{_bV8;4Ns-b;`%#LCgO0PsD^d<8e5mILl5aHl<_9v|s7)C29olYu$h32I8 zEVPdx0w3jA9Z-=L%xOK)+%;Npg4rvPm=loxzvrYnd!{;i%p}IZ0!P9OXg)mtB{53d zURTiAqgZC{J?ryTA!EpCR_W@fOX%y3q`COi7RodQ8d0yj12#`7Nr9Xgjk4nFcSm5D zTP4G9ZxYo(7W6($cmbLWW^iMi`YoLxBeD9kLKB97*kX7b{itqNdY*jQj}!W%&!G3( zg8u{!%7Il8q<9wtJ~bKiC8Mt_DsED2*T2X5x2lfPC^nMh(n7Cqi3z&Pct@Fi1r7SNh}DgB%l?^T1CldG3*yuBAE!*$4I# z2{2XaPB4hM_{U26cks#KbpCaV9ef;XPk7^!;AI6|I*v&~7GhK-M_qmto~gLF_EMjv zi}_-b>P=~(`Wtrl!Ukxyc%?l(sp!4f-k&c6W}-8GX!UfX`{p(C66e?MQV%M5N{K*+?6dCJEW@`u$Y>+ti-*x`7OB@5QGuZPjQ>jg=6Lx4| zVfm3|n$bj=wab@uJjn|<+FTf(zf+^umpabO0Es^)3#ofl)SS-?Yfld z&OMFNOC~y2Zj2^m+jeApk9Es=w*JHJX;7{(DRGZG@THtHHZHVH+C?+TaFt&$tr{5! zPE7cAFfM0-mCSUl==sXv=D$hORVTz*JD~sLQ~4S!oy~@=o^$mU+HD!?N{PV%S&Rd- zst(~DD5ue4Df$D(r}C}7HfOaW4n`Yzqed4+8ei&cb4c@R8(c? zb7lw?asQPFjQb3}1<_MF31J~ttgAc;;Xdf9MymW^r|tbfDSgKb^^b9%mKr8+6gald zNT@FU4fFF~>3ZvtjUG2DkXn^1ku`^$ zhyXeRdILWmyQKuL!Bp`$X+QbHv_$7+n+6fwJ*HS{lCu8CA=OlT_+8?bCt%)lmU_UN z^21eSkIN#c^fv;=`9}U?o$0hXy>mHnr*g@(=kQE9GG(VqbPc;D2Sq_ewbkPyiwq>C zOc&H!SaE$<7h(Ar0F>~?AJvtYurKCyKMln(XrbFB){0-g>ZU40PmT6JpOvv$dPcgz z(j1tLMmj6%8VR}tY>etH?P;{Uw`<6q3*xv7oysWUo-~{{!E>cTJ=rS9xwh=0D`Pz1 z8uyjb_5@U}9Sa{VQf7VU36Ih9DKgLCeE&R(hB{~Q8(^}(D^&N2;I@ARMoUtp4ceI` zU7CMw%L3M{B7OAK)BWlA>}+V~J7YGnO$-T-0Ym%EdiDLr!D4g1*WA)!JFjqPQyY_d zEU48m2Nk#}UAER<{Hl2hYC*d52b+7`~i_oV%tWx*ots-ER6XaKjH@B{X zyk+;@2r%~u2x*(O&Q%O^)-p+C zL#gCx9E^8oo8<2E%@T)2R#%_*&jV<;lYzUO-Wi z5-C%+w-S|VF)@~RQliTc$y#-*C{T+%1t<|zfP9ba{iBbbd$(m^FED{>YM%AqP*66FXkV-fv-L_K9# zRZG{>l2XzwAl)e?DInb)(jC&ZrMtVkyQI63?mBd*bi;S9_q)Eo_B`jAeP++Bj#Z{R&zG-PO+r@pUm;vN(IjYdkUX#RUFY4 z{!OWybvcO+US)9r%aB{7^}uLW*Bqgw^!GOar^$QKhc%$;h`4uWprXTB@I>K&ABkI9 zuL`}NmHj^3hQQ3+L^wjpWD3~xBqKfA4f8>+Sn*cwa$>W6>DoLd0B6~35DY&23aFY+ zmps_XeV)7eKCpzSc3)7;KBi8mDEf3hU=4p0SmdTo{9H^F%kPWGl86khIenWqs?G^e zjt;6T%KEuF&+4>ge?RT)iMbGTmSQo&3VZ5}$);+B0Q@LqKMhxK!sS4rC)};e<=svt?a`5i8@{toKA>!Ri>bGk~v%@SRei{ z^RxQ$gUL^LPA{T;D|G8qUFlP^v`2(S?T(L)*7s~&&sOi6cpj;S*%;7gez zFyby^NK{JstZz5-^y09E9VeuTi#@abI29cI8RiBt zGZN85NE<@mjBeOOb1JBZXEfxLXmsd72!qCYh5t+>iR+nIg_j;#E#Uw!R$mQX%eX_b zz8auGkAd>;Ywg=T`%;Zv)$u1K0+yo_ti|7Q?vB{aZC^p2(-Ey! zSgrcg^YTH?)5Enk{*XF#JWA*~uyG&UnO@H^M8c*pkd?QWFUaXt4=|KB4ASqCQ!zp- z@gp}%E=Zz`UM}ns9U`go%_a!AkulwzF3T}|qJB>SK5JkX97T}4k?oVFTyPLuiiT;- zj`1;1@(N)m$I5rd!oRR3hGn-7dUX{?8!ZI_6-(Q1R5Z;jX|}r45w%3|e?vn-796Qe z`b@9gMEz>&q^QARi0;ckUu={aE~0}jF)D+k#QIKN5<;3W7*>QVsgie!u8x#A=re&5 zV2`uJlMMuaua-1CFH|Bs0z1dQtLKYw=+VR#I!W}&&E;~+`R?uv3a8l%pzy%8FgC+1 zgKFKX?VNucF&toS^Sb_I#sJP{>!q~I7ey#18*AkRD1W^bn2&W`9fH~Wy|ZyDQv&d> z2)tCsL^hnAPWmc!xHF#7PQI8p54(n=t9XFWRRE;Ks?AVIHD;~ukPUQ|V`_cn0zpan zesKic;x{t=MdG-EF|jEWeoD9yHB+|mv~N%Jr~mcbb`n$5r?9I?3OHeyydk`GA=qg7J!%gHNY`T!I0b@MpL0M*x|SGkWpLVv<;b#S$-7mk$e$CsvfnqBm=9~O2r4F?hbLgxO@s*~@T6E4OB9|gw zODWn2)~T!+*1oLSz|>1xFv!#eL7Y;^inb(%RFEuKTtPvi270Tzt(?SG6zeaFlr^h} zV%^8l)PNntnvQ(Fe&x+C$w@R$l3TU-<^ha0FT*KLfb$fCBr}og;4}tX+zPYot<5N) z*v|D+oBFFm0C!c*VPNIzOHm*(58rZO1naN+U&NW9E34>7-TU{bVx0F+SBlQuCm5Wy zB6cfFOzo!DhgW_c)o--uAZpvcu$l($W5~_L*8D6;`yJu8S`qr}VZECMwf2lsEm1o$ z(5d{`3p~}`ZCg@j+Ogk{5CvU_w1@?fFRkhW4k5{3eO*I09&?M)g* zeIV*WzVgwN^qaI&+$*gWh<&^^*CEHyFYsEtlIxrDfB3^>ex(aruqj=Wh+P*#?_o%e z&lgO)ggA47OeKm)&?JQxFT!65JDIP{E6Ja~DGzou=6oF|(VxukNJ2-V44hkLRc`7> zZ1=2x9s@4OpD!j8{2}f+$1PJxGuxi;T;k3+uQ&8B4>x|_1(o!;+qrivs*E-*oNw*& z*fFjS-5#!GEFF{UX#8^BXCAs3i;bm zZdPPp!RWABQI5@_wYkd!(*&Kiu%3e(|J~*H7;}J9kxTVjz?0$5&56vk(yu+mT=4+!u#+({SdY4jQ$OI)5CW3L*O|?_2o29dCDpsQJl|rkzvZce8kU= zE+%HxN$Ue@3){kk)^yB)_75To0wszpr^c}{;hd7V(nT*6gs<86Ro6}BXhCeGDJoHQ zy;K0!Hc0BzN_fOG1-9$leFZ?s%%K4#jZzp2%w*K4gWXGTe^mtZL5(H2ZN(}6 zf70BduEA;kgAXR(Tz1Uu>XX@h<&xAjr2w2SFOYdfewoaVj!0R@LYX4JK|@Ic(+mvL z{ba&&g%;Vek@pv~4GK4){z+5tdOUztz#o}auZPW#|CP^dD1g^>6mKozG@0;Nz=92q&VffG9 z?b`yMj!3U1Mmacac`=_?Is^!e?6{s-LK>w=@)g~`gO-Ya=w|xJj>`9wS7he%`JNgW zn#i*#=;0hovfc(^~yI6Y? zt9)}S8Qnuc$*x?txs^W6SO2a6x(apth#XtjlF4G23}2-@Yba|CU}AQS)4MowSI=hD zhgS2i*D^4_b|;=}f>Hz7x1$FgccS0YMT+RTlK-JU9;irO^nRnESRc}^kb))RFGYGv zBpD%PN|V|u6T@w+KX#%&|7W8Zn&=IEh?bQg8sbb&%}Vz+iK1Q90$r`Iq4v zpSzw^<521TUH2+c>w1$5B*;oOcu457wwHqQF~Yr!qzTIy+_! zVP$sg=s|k&c4lm*OfZ29v}|xm0iZ@kb`TPk3}B~zQRg2tSoSiv$Gx@RNel;426pTm zl3CXF6X;}*CP35feo{8wtf?HE>r!38g^HrK1|jK=3fx05{tAwi_}ii@6<)E}B{#%b z`>dX;D!+73`E@LsyywR3Wl-%aRm-=@l@1pz@^C5gB0^?YEQ~2})GA*ox1mtfiYiLo z#q>a|kVhHb6P$e88veY^CT0NIKwik#nL(E#egHvJ|vrX$*V* zrSwj#J9XgB_5V1nI zr|Nr!^}fWTRn^oh^w!uS3%$$jC->6R{h?QN_qC_1`ecDLLQdB2tLAZrKDiO36fC(P ze|YMTb_-bfS>H@hONhbEnXeY)l~;~WZgQ(-W*VqEx6BK22f}b17};cKRydhsQ33%U zsW)=>;K(oN>&dCckrRKXzv%6bTPwMk^TE@WoI@{uP>4B6|5ngpJ{71HONrS&zIIt!`_|a z^TjS~3NN?QsR;<8YpMu3c8SJ%_YP9rM%yBQ^^#WF=J(5%G)@>`&0|TdM-+yadT1mda+x+lbz)okPX;$ zJFX;)a^#kj(n8cIKnzzmCkQtA+>JZ6at=#5#MakPqrx~m3;TTqG+><(#S%yNFa4)$ ziea`;`qrbl3HR|GWv5M&UtqNc;8Lx;%!hFIILa{N(${Mfs&8_6C_-H}t%W)DM-$iQ z&}+#iRM#>*HccA%_^SofC#Y~;N(s#It=O_3)Ji>voEj&c@u3=Q#Z*dWeXVt^=FaH* zTU~b6uQ(HgU>pK~0UULI>}F%HnzwJwmJMW1Jg?GS{m?&~BNzSCe+gF` zEB^+DW3&!9ao)jRw++Uob+5~%>scgY{`8e|8?9f;OVjBUK!-q#j83GZ1iHvXrvl>!qtnYs|w4It1y`%jD zb#W}%pvS~|goQ^4eP+caBi1fmF|n*OoX+w&KAq#)lVDKW^c}Z?vVI#gR)f$kyHZUX z37A?4OAp(Q5f2koETv4{gqSMXb@tVbLndM9#9G^J`+JzlsNs$VMcy>84iz^xrrQ8q zWiZ~RY-6;MSRYhlY*$HM{5VQ|kB#|~vp*;HALE~)zx2%cI<-5ca=qtii$0q8LlxCMBx4+ zY5r=ANMU9Sc{3PEzdqx|?7t+BY@>IzK27A3XAx{WJlWFZ1FLQm48Rv=T#j?}v@c~ASi+^0@n8q3i51rb9cizZPYok8Y< z*0O_FoVH})Q>zCq4ZzzN*GFZRY>-Pq;NiX9oVji~VM9baKa;iNke7O}T8~bsqlr?2 z+#`D$*K3-15(;g3hN*bWha`ZX@Vg*oB>930YI?71MBz+f&e)?%>KJsbh($;^M|8^0 z<>IYX+FEe<=n^vZ3;O9*?&8zsGbnS3 z54JqYj&mY7z7UTJ+k+=m(c+h9DB|W-1|PvHkAEL zv;Eahw-5z$EE9bWgjw?h7~*w|J?Fbi07bY1F1xtf^1iH7!#AGU;CV;th_K|cv=khn z0Z)^YGY9es8uHQI`=xxw#qkk`_zQ~uG~$Mi(3t0~T4d(BWXda$OnWQtKwSsQfWwGD zsI)2HYxl!U@>sspMoxr?cOe_wr^D{giYB-uWb6sFzk?2KjthU)xUg)oeb?eu1CRy@ zJMNShpf(eaN~#pq{I!L@ZegnxrFRRR%zT)s$k~+KjLU&UeBXg86E!Fj5Te%BTxX_~ zHg|dlgJu3dgum-UHwPoUTniZC&wt?wo#^|rrO(f{S+}>fz4qBRk%SU#%d~LZ&PABc zi1zBxte1ax;i}n|0m_k2NT4VDO_stngUKz_Gu{i1c`>6URZDJ2Ic{)enR#X238Vk= zeYeDJa_W{o-kIQd zoSg2u3S%29nsgwJTio@R#p9wH7m#8&yjVAnWiN)D3@EE7!*?<>-FCd7Rr{DJK>oPD z4@(dB!kw3S@*czYf0PwHF(|ueR*YWbnun+7-OyHpO3`>S89cUhBVX`7KwSKK7*&FNv=a zu01L%ek{uxJ8RnVSQ`o8hG1?7INF<)EusOIwrq7`tCUy;>9e_kda)C)1X`BBAU)ea66#Uhy?Q4}6H|F~@o( zu*({`ZicW+qXctKA)km|87L;h)#`^tld$M5!OK-DfEkvgfyO>OB0UY*2T%E{c3?Og zniWrxOisu-Z>x&(_7L71?>c_*GMe+YEfO%wQeRcm7+LK}w#qq??0>xZEhkQV=>*)5 z9MJ<5Rzms?Zuhk5O|^?Z&zqKGKbuF}2WKRIE}Rp$~B@<^cr z49SCX3PtbJCu7K>3b;U#!x6n4>fkP*lF_9okRV_hXfmmrwJ0lG`U~5 z^Zl9n_wC89^smR7E!FTC(941i18Gq6WL;;YFeBMrT$8mWpZv=KW+ zQCLXQP+6GdX^h+57}D_-i>)@)+ka!gj0UspRU{hjMTzH%J7d3Dz!=dc)oDq|?NU0K zwz>t!LNefvX@I8ElGpg^%u|>}?=iu*o%V9y((`gMH~>J;BIx^Q6m(K)q4 z60mcAYNExk13jz8wh+4qu;YXuH;0MYK4?PGUn4Q)Mt6mY?dr23XjFyFGfTQ?(2PeZ zQ^l%f(NJ%ZMVqAucc0+uiGBF%a(96ZogADqWP5<+8E4fRHbuf&KmCbmHBr?Dw0hoN zo}X`bwNgGxEoY@q_7vZJDIC*54rMo()04Vs4pPA{_u)tBq|d-4)bNpT;>|LA^{=>J{2bQNFH&~tg;0f6l?)vfb$-}J-$B{ zFrE9or9bs%GvQ9BvU1BheF=N8Rvdfk;Msi59)|97`h083nAWJ~nT_e?%{AwxQTNZ7 z4OtswDXgMj1AbNpCDED`G3UCeC{-0dTgF)UI*bCyXDh#Q8!_#~X^Z@Mbj2y|W~UXz z1uJ-}2cgoS(HfOtK}n&81L)vtVu?uKZ@;}!l=-_ML*^=~LQCo4Vw*D{C^}UHeXZcjm6>M<#QCqi#|K#h5?;$gB96#6}0as|rNKQL~6PEQaHv z=${9!)Qk~PPQ?<|S3yyKaS57U!yKm}uHB-%96Cc_RD={H`U8pb@PE+SstIbgl+LNJ zsbU&%q!yg#?DVNRAFx@|xW8?Wj+ZBCh_e*h^P}9;Cdd~gl~s;X(D~uZoXPO zCm49yCVQyFUD%P;dpN_fuR@#(F?O64e@|`~>)1m@%Pht#;UbZ@-l}H}Ku!a|-#zzc zs$J>+qgQGI zqpl4x%I(>X=U}t`HNciOA?_|w!8L`>bIFl9ErZ=QhqI$E`T6T|ehVScd3z>c-NX>< z!8=gB)e$6N4eP}1l_bF*usa_nIy-n=AU^EJCd7^ef88ukYOA3tI$Apj>WS!*vPb{gHB3;MMH%LH6|s@N}o@ z(_T*ATl0Eicx~9Te#QNbd;k2ggTdL0cOd$88{2Mgv=imkj3n@tK)6DZKxarvEND*M zTTNXFpbAy=*;K>KCt)sSy|qIRY`Xkwp==7!pYrO)@|@w*jQ~2s$?uZ-lq@{=Yqphc zSKC*Sz97-iv1~-4-Tmw#ZRp@}m+YAwVBuz3wu*SqeTDCN62yaifqikf8_8dMEgE^` zfP~n$v9+sy)4pLDT$deKEC0e4^8v_}f%U~EHj7!2Vr83C^tN{4!cHN8gCTb)T1=!^@?$-Ni_Av2Gg;7Z}RhSUC8hN1ZyyCrg3; zQM`>USYZSqPF`b{SHFf1G|2^?@jss#dvyr!U5Y4CdsnwgEbujy=c!h0Vrs53DPwc& zgbf7ygT3$7#Z7?EY<^xfPVJljijG^T$IgM!DS70BkCYWbaE6Pp=@;=T@E8$E&TRuR_abmRfTr zZkn>Djv0}^+<>c!jQK5%E!NgL6kQo!kc)zcM}}#=d-8>5>1*8&-3G~^9%Z4Y92!y- zRd~Bb$sqRJqOeVu6yv;&&%6QHE*4rC!nEMz&0<^ZRf zGg3W{F^O)Ei$+CrW6M0-Z@Fp~5&2kUpS^^U)VwP+!}~YP*}UZ0@d8UHxwOLj`DRU9 zL)0WBLu!6Xiku|NmE1_ZEv3g$;VCfg+1Bx1H)s1xd+Oe0=4|c8>?vSA`hI_khV7M( zfn-SC9lMb>A#nhkrOy^nU+&}lKHQVxni@J^Y*t3t=TH})vQim3Tl)idHB+XrpxQJ= z=Z;ebcpS{#Ufb)M#|1(|pKd3@0E-ogED3^xAnc=0tqXN-v&RLL z`_7M-Sq;ArZ2?RKSGluw(8<>MM(zm>WxF|-Gj6>Q{spEN3d%~?an7~Pi;J2mvqWbp z@^7>Ga=L9>Bhrqdny8+5e}W3S?Tq1W8Vr&0Z}8n_qNt@b?_*2eVHGz-OW+RRVp*e5 z1kxf30{=xzdJEO#{XIs9h1T@+`A??6&o^sCt5!Ozp)HXE%k~orDOK0#o)KTJNe$f% z8<~rJ@ke88eVPiSoQwS2Y0pY0qu$Bh4lLi=e|L7dUAP)2l(1;MwLM+FR4`A;1AZlqq)!ajj%DgN>D=^c;YDYpY3Il4SRq)S!&~= z-XzW^AOboX5^Rw7pg1yW+9H$x)v4$-RglSbYhkB2)fQ?T&5-kKenc5rShir(spjym zzPPzRxs18(03n4Y^N;Ei@vkqXAzR+kq8L4@D=#zC-Oe6ze{Uf3ZuQqRdCJ-MH%?eL;D1%4fPt-Qi=2+0u0q%)h?}Es=M$V=S~(;aeTi(QjXNfx@#LI|3ity?e54{@wc<`RM7YsHcl&lP~#(-Z6glu-#E}5UMWs;rFz&g zKAmNGQymVs9u^;r$Z~4U8$wK0>%g3k)C~IVQ(RucXoTH|7%_^U-kjm5adaJVG|WS* z;fy#xj=@mtB~N_JIT`N&?zeUU3p*u-TZ1F1FZsCTg^tRGjVsr#rPIL!7*CQvn+ynR z*qX)=FUPmlydlkMFR^>h4kFWCLwJS;GMwTx(n=<^kyltPsbm$cEprler^!^yMV`iu z-MN;q&le08r!R@5Zc9d;PId`i7FLYYb_B~MesC;5mmmg>^cYt(Ot6COj}gct#?*n$ zvMz@;OHLY=tu>`}){ZfHOxf-G~*foa*|b9texr_Qvd6!nN$`Y9>$8 z4Tw8`sW$ym?g=hA-M>vaV#w?3=Yhg$k!!~^DRu0FTS2&WYG2B zWd?<`dxVShb!_tqOPm$A-*Q>;<(bJ$_h+w)&;2@%#jXX~L-ln7nu>T((}$NMA{XED zvwhP_d%a1uebe-@y#idCJtDWBwq1O$3+Y&`1!-HYrGMfnMP5jQ=$&~GFF4OHDoZL$ zjPEB}B)!q$7%)&Z2KAS4%d`{5gj);7e8E&vf25Ee$O=1g!z;dd1#!Km3%1+_I{1cx zaMS4JN9kwVMgeP-`e(}(#7N+ir!%x|W@W?03A-*a%DdmIJ7+Zu3&ISbmo2Y*ThZNi z(G4Xs*9F2gBr+H)r$L$Kt6|-JkRGf_n^?WiaSB1P~u+fVB+4Ye}_cp zzL2ph&iL%z%hLE765!v{WlyAf^fPTi^NQb^_sXf*KJY_V?WVj)Ww1XKHgMt zmhFR1qIzsbs&5^Ck9obOx?udag+jU7I#RJ1u&sCUkgs<_QneV!h_O81=rOppCI+^* zHV(4Qb{<}>y&lz{k9P0QeOEm00glYJ4tipg$iRoYdz+fO&GQ>7;tr~Jx7Q~v<1@s+ z03!SnGgp^N4rZYf=k^tFk4)P;65@!4i}TAf>ocI${YiqKw*)jg+On0|p=9&i^q}qd z=+fH87@4|!DEewJ@a%ci790Qt0>m?N#V!e$b(rFUL$U*)t*C6RU*YEC{|1+WUuzGC zx7d${J$?P}JHCRSP;BwoHszlgK1ZC_kd}|Eazzj-tE#~b)NZEy@Hw$8v)SC|%nTXfyF}n|YZ)-H5)E@JX&6=l_qe=` z1f$y*_UDU(jhnmk`|#H{3VYNKsdg%>3r#BrM?O-ca2iYW(cKvn?oiS(>=W8z#=L-N2WhvYmKJ!_q6ft%AH9UiUla8xk2!UaqGF`X-#i zCq>cLU+6+5m3mu+kolI2oSNnt8!L$Z;>a9hX$8MdZN(~BP(C=CX?qUR#drzx8LFlh zan6p3S?oFTZ_l0vHaL|SobqL_h*SmM4+A_$#^{3jp8IVuHS%RrXJuIICvN^%8M9ww zK2@W<39IL?OgA4`D6e{mM^ZnGxS!pdrq_>=0Y%%bw!!C6D2er?tD*0eJc4Fgga^hQ zCEMG$2E^tL@glpFP=qC;%XOZmb*0#+lhWGjNzphrC)1nKHHG&{+AAgmkq`-cu>p9( z-l~7cMA^P#*VWMtU&7lxX&-{7q{L?i`SJ7_Zpok!34i?OiX0*{0KZ~^KnUi4nuZMT zKfO)vtNXTg3{yvbA}2W{tw}BCVpRVNq^2|yYi%A!9WpQ+=qcnjYEq?~0ykCUAkm7|Q`c*@tNvW*z) z8lc`~n{ob{($5*~z3#1XXjNsd+shsS4o7-)3x=+Aqhd94ukAcQHLo}fkCBWtkC7WS zuM3LHz;oKlyNl-yD&1e32cQ z5u+a|0+(SUQY(4$7qVDHUrR`I6iYh6knR3ntR&b;M>T8AA(MQ?<6WV%Szk6=_>tJS z>kL-ffB6e=rjyxiW5J;}sAK5l)%KaUQTFXU>+gE~75s!^TNx}cwZrOb_iA(JF}ST~{y6Ju-%ki1 z!4R|Wl`c?(lWWNxZWFoLj{a^|?D_KCq=`Av@$o5Yp6Q~c@a{N*hsOcFG8p5{uDn8`LYA^DS6{UXISwh1fFJqWeW^*cT=LXyL-YWCgh-N9p}7w|;4&LB4Y@*AVB##5Lm`jFan6YWm3Nd#}n zhKscQp*emWoW$pOEgC;=te03BK$|%b)uVcJ0W6~JI)46t+6}`%LJer|ESUTl}^2AP% z#IJ!5-Vv<3UCq2v4=@|KE{p{SQNBm^Qq84REIg|`Z1dHkx@PY;T-bK$v@toxqdDs{ zmt6%5UcF(tDz=-AD#4#gplUC_SPH&d)QGfgt7R}q`dH*{mqpnYk#ZZ#lBQB5y|AC6 zR=6d(UZeWop#p4nS}KbcHO7mjf81?mixz`)ET9GY>0}*_(>8Pa9Lf~joJQQm>9xQ) z&dm9X`G%SqPs33d<≠Cpq$iKFHW}KB_^<2n|AobB^XcF{r(JlMxi=5?4J`d18Nv(H} zZ|8K6Lo@st_Nv|$ryA!Ju;QD$)so5^!I|#|mOwd*C?njqn zPbYPexq=CsKe#lcUXAXjHdvqSzk+tp8g6Gd8V15?zvl6Yj8`xvw|q_>=^!GCyzddb zKmB5Zci{kTTMSseR#J|4Kk%;lwbFJN>e_>brT;kJ9T9DJjD_?Y)@cvvW-R(0!%QXp zmtKbuiq#}@gy>OWB1(NkPkWUi=Y{|0IMu8=B#o_d6OYtFdDU!a&|j}m?@hTz4S89@h{5B_VL5=-GivqNp8Wae z**(bOd}G5Qj_)X&aJlqu;hp8k!OWVs zyfeo=0~mjgzP*6SSlbC49vcpq#i5%sWnAJe{V=@)>4_~=ij~NvC5}E!zIaqjpQaqjOT>0srF5fc9;w1=Lu8(|1_>LP|nOp z{W!PC`bV=O6SWo_u}Uvn%@zRtQyo##yypuaQLVH4gWu3JW8s`xgv9iH^0OGQ)o(QM^pFi=P?B zxAZBdS%POvbEweLK8VpoK<}bgzcoplW{Ylha3@NN|6lAdW8fRbNBuIx$US%xNiup{ zCXLJ{C|2vf+39E^6rLCtQ;=k_M=bjP2GIpNrPQFBo_qu0H4F3T6x6fo!l1tixgrQQ zJ`{!xCCp!rYE_pL1UOW=!dKRh=CR-$&Z$8}>m&&e`-GIGSazUp2sLnD!a#1-{20 z)bIP}PK?TA34@4tT&YRXL2sxCnAukx7Dtwmd%j#=T{pG7_)uM>fJ*L@2v?%Lm z_vOF>C&pmNGu=cd6p(JrMuU73(Yfm2;K{aoP3s0atwF~BMOLQUpUVpUUMeZL=*TPm zm7Xp&S%{#QQ?Ro0YqnJ7*KFuN$YT*m9Y-ydEyaf^`Mz#|;H!5?4Vpi;Sx#A7i9Bwf z&wJirLkKkc^?Tx6(#C7Xp=6K&}e>B^D`#Wzr&$_tsc#$U69u^x|D zUON9IRut&>gFD_`mwPz4KDq#0s{$a<;;?N_3Cit#Pj-8o#Y_2pFMplx!sX2|)i$F* zVtN{|f}U@=_F+)6OQCo(Iqs{^OpU0r%Lhdz2P^Pz7S61jn8qCcQ<_r-zN-R~ula z#;EHdCx5n;_%qi1<5{FMoh1RtCFthMmR$XR1GOHatFHdEJxW}w| zUbSWqTb5O&4bKg$h3NB1g*6s!Nz`j<=t_ekWK;EUUoqrcLIo9)fP47=TsxHQli$1w zESLm5ef{qH{YPY9`yjBvCbs^lv;N9V!F^rijq8ax-{SkdH{kSb3JaS}+ZXW=pL`?_+x{~Y1Bxwu0L{ITQnU$Y3gk`U=r2_P-ghI- z-2@7+>3+S$^E*-Co0s66lD=+&DYgLmxt@jXR=w&$9LZcNQK>=b_rZomrfyHYMjA?@ zCqLDas{glHEDL6iX?7eSwOz2AZjKYr_UU zVbWJtdU;UiE}i$d&Gx{k?B+qmyuj^vpVdAS{^aWwxGvaH4cfoZozUmV@zx4B)&F2G zQJPYS1a3SYQc?pAuhCnyk13lY_A>U*OKAUz)No|J+J&G+JWG)^62XAeba=ge2<&&? zDAQ>G9S%ZSE`2ma<{J!ui~`q?1eGeo%X0GM`i-BEG1=dLH1A)AbB{IRE}38R^~d;y zv){4~ms3)6YV4dA%&w$;eg2d_dM6Q?7XC^BE%JWRQ6lyabKbWc=|nLxAPKC+6~46i zsa+zXMVg@^Ew7T2T~~sTM>bqCIf=>QWCMI)Nn-mSz{dK?q>U}2D8VGao$8-A^dl55 zhSJ7itpi0OP-d-)7~E#?kl%6CXU4o~n4=#?`4ZZb=>v^#amM`SmfVhwl}y)tF!hnPc|Y|dzBOb%=qH618NIJW)XNt% z+nNOJL}>UwIw9q|SQ6GG=ww&%s2VAX*s!c1mH-?EGNnA`FSwLS1-Oy4hm`0>Oz`Mn z@Bsf_(3V;y69n&@1ibI$Cn0ph&OSbtfK{S6;aO7IuLm>DoZW_@;Ars35y}?&?cO|hD)>}K=f%^yJD5m|PCMyIhgE{$HPcM#ZBF+N% zohwEY{ytB!#4bOMS4Bkiqsp(QP=DlXAtc5U%R37z?ZQn4MbvmFDw9vB<1-lb6jZTF zIpp;CaAe=&5Pan4Xb5}Na~;;5NSHQI{vHECkZ9wtIg*uoSorTGi15xYK}3;Qk7j z0+Y$(8g^4BFguj8AsuB{-;4tsxGj59nWeZ3@X^9Qh2KIi^y`>7ndc7=d@YElv57q` zhcGNyY&~#wM-gRYl7Dk~`Xoz9E^n*7`tMh`y-9L5AxVV$eSWGY%`GkIM;(e*I$Uu3 zMj}ewR{N`#5*i$qZj$r=zJaK76J%uZ`xK0bu0Q-+0iLxpJiASfGgz^Xh@=$s`2&qx zy5?$`dJ6e@cc*FA<3L5HwoNC7&3iKy**l0&BZHS6iBTl$&0)O%%54ay596O1u-Ems zl|{tfSEA3nO~@6iAu!@nV1|%Ipj4aOk8ja_GcpMEpY8JjJ4y`dL*@NmsP+%%C;%0E z9o);TZxZdIzn`wyr@6xCMOh6 z7-7KwUtO0DBh>6~hx{NVkAAh=BAv%KxYDr&;T+J9GBzvwJ^h z9|}A)>bVEB%bwh2Z`XETHc6=gmo+TzwMSc;<>b_XHXE|xog-}n<#{(gei^6u+U zu9;>YGLMX$)@=AWqlAPMaSCVUC=4B@%O2bc@==3syySnwQ7qFf>X{tBw+96;9&w_6 zIQ7T`I=k*>w&7Jr*q+Wd#d$G4-1h-|Bt4B8!1a=0&${pRRpAFyq=Tu8n?buRax%7! zmN3vS%^T0N--(6|_(^q`0qx25ClkdIS$S&u!tmihirh}!OO?d0)cF=#(98Dm%W#ta z&Gw+3V8MD5u)Iq`J=UM*v<$^sbu`^@Hyia<-@}wFW}lb;VNn;`On<79stn+J63va3 zXcW<$mxWm$-nP8Ebw%}kSV|c-!}kuvk##*LpZ^I%9x(yN2t&%|9a5yxoyE^OelTXn z41Jr0-dG>|LZd)B5=Ql0zYsT=ad;&gg1WTlzhZd=T{w$M4V2utV7ST0b(o)sKPM4> zAat(#cKEtw`%WBab^t$CF=E0NHg>|$-aPp>d`l|mP)pwTE6~I5!;iLRwI|lXQ)@mZ zHE#)NkA`ULVjM-u{*71u{p2!!^hB7ssjfs#6*C~1S-w9QocL)%ZI+c-Yw{ZUX7xUR zhmfoWG4uUz;)#2Xj(Zo>=(yl#FZZtKW85EYU^oF7PvF4wuEAZ&cABqs!&QsJe!lES z@PYKwOw1&&DT`b#FDlzlOOf`Ab?KRRP}qlKA8*j)h+8D^%o>+geV;C`?w%IcjIs_g z^0-M>uPc(jCz?sd)8qe;^Rkxs%{n7;)hRKB4m?@xquljs>7L<77*Vn~ve{dA5BlE&u(i3oFPs_oH)@KJ0Y(~mMm zQ^(EXvDC=_#SQ!?v(76_j?^7N3q6r9+#tg`qN(;DKFIaMP@6!|2A{|CRr=`8tLuU< z!*Ee~b@Zz8LeL=6i^Q)v2YNrA!T}&Bmv3Vv!TiJ32V&W(JX$T4+R|wX3zZ3}0;}!l$t(vR>pZXF{zK+)uWvAyPnlhpzWe2(J`)-%on` z!8C4r^W-ekrzR-wdH7QlgGHxc_yOCN@=Dr|&0{u|$vF$M=Mub^+xVJ3layLSK|K8^ zzc_OrGGYd2e>t{avSFt_$}N|-Y*ci&fIiC&vE56IIc{yB!30s z0Am2D3s}vUe%dqZ1nW@RCQIX&v***-Y-B|>JGR0g*Z)7TJdF;sVmlnt40s}zg3jk& z|2N<2$^47xIpI&0b#g1apmwgndkqNq zOY?eIL1K;{MU_JDJz`ho7!I*Ritv4_CfB`q^-WWw$8DhMfOkFuNn0tSWri z$K1x+_#w)BFT{k?y1VWCwEfI&xZn@-4&aPA8Lrr6s$Xg495s)1tqFGkZ5`V4Hf;$XZPBY$;E3123 z`f7^xE9LbYmbv85bXM)Lk2P*T9xPujDV0xuXoCL!N!LzPAtU|Nc6;mxP4SI$jvY-4QLEnl^5rqrq`dJD3#}y z674gxC5;Is^Uhv|xi~->))n`^c+*q^)fa;EE3fwjGM<)ka}Ctp3#PXO(n8AU>bZnA zMs%15nx!C?T+W1)_ueOF?%rxGdLmx9>9HV$RN*n+^H}9X zc`nFOI;O*gj&j!&D+Ybh3-M$Y2Ty1+rDjsq+rZSUUBtqjpoIZ@KfHiZZn5WiO`aI# ziqO@nMVmy_@AjH%gs3*QHc6n}fHswm!|$=#D|=d6MMdkr%nnHWEm5@;@EXj&`T`EM zn4gbJQ1sy-@duzRN-poosbXc#(pQaOmnxNVnlmHHYfzU$1uDWKH7>`SEQ$P0w(#qu zmxpYpu6%=5U<%*iOdrD8%3a3!(Me;oBTD|6!vvAGGKE z6)EWy1-)o37kck8L+v;HKPq zKQ9C3gFE%k%q#gmBv?1z|fPwe5nb+ghzYu7d2A*M1iZCQz1TkjpCg8bUuM_CQ6aC;lx|_W$jcd z1AcVoT{g7i@k7`Q5UM&9bmHXu^kZmzev2N!BJ-wm@f5%fE517ziX;0r&P^qHDWelCr@B2Cw55B?+H;Xf!Jk)IQCrjmPMy|-&;#`O< ziv#JGb|1Qtef}nWwQf-XDqoE^?%-Zde#PTF2l`G57F#_6e1LcHid!#SuowM?VzD3l z+cRfAZ1!`-f=nDte4WKBlA_r2L#+=XRhGK^lMbi9K3l93lO=%w>%)FYeU-v7sg<+Y zC`;%sSUNyQxQ2)5`8!)}O2&)x*x7)tO) z1L4R$x|sE{0M3ua)-6K*Fg{Dp@_H5DE|G$=k3PX70A$X<7#aH2NJ~x=D;>967bal% z=x@bw3z%T$6x0nG0~0j%frYvr-XP0*c!)bTMhi=mm44m*TZWs>g>s@{77Q6EJ8wu} ze8AB)3`xlh9aM1wWKpP2xeXsYQ}fffPT-t5_7X+)QbbhE-@Tk5+&Pt9#Z*<$;m^XG?4y?R!LcQ7ppZ$LfJq0 z^eUkSkZ5`G4e5`Yrval@e^+wjf+HIG`%)j+$ZjgH2~s#qeaI=kQ2utk0>J|~#fInc4B2()CzT~wfUhe45a7K1>(};9u`zE`BXRl!V7ENNr z?6P}8&hLu|U6T}Sz)kBTJRas0V3=0@?C>XE>>gsGF?g(wSIxLU>fyj&eiF@Yss6cw ztWsW}kwZ~d2IWDbQ%^lH+sPSQuU4bMNnQ@m75z`N%XN^=>frhoz%ib-?q_z?W_}vO zH6`IpR;waIq(fBb&?_5T8I`@yj&}C0BzuES1=H9C9zda?l4jAeQ_sEm(>9`$!Tb(g z&>uc*2i^?B?9ySOiN4%PM3=Cb*{OUx!H77LS0s*I?POqcLP|J5aS_sN zQu)RUF1bke(KBFTg|o!4r%M56U-bKCryswNuP1ms)+insA~d~&@1 zHFjSE`SkFyv%#vnV`-VHBkX2t{=|0nNuX7_G2Lm!BF)&#kR&5{RP|x?cyle|hvRjX zsLx|w=FxYK{U`4C{C$8Rz{|F)qK0;TV|RIfv+KAndN{nsat0;lJaSX~#;@h3Vpzl% z*wstzy7X(*RYgpt=8(7TC9Kq}xC%miMUxPC5ja5UqTPWGazp*Egf@tT*r>DTit@F^ zA^u}XzaW+|1!A+O=K#Z~>#=OTKS;#1BefxtD9N6UkG9%K%|;;m@vYPOx-LXomQk7l z>ThQj5*0T241fODhhR351<s!4WARamK>~MenBsv?2zl{)+6Cz z2>801f?mKWtV&d&gv(%VPzXKFi|!tciTD7bX`Y4{iJ`%!`BP$7RM32cbSEd|jHUMz z;CXklXSQ6E;Ob^!s8l34C%4HM>2I~I;x>J#rTQHFp!t{6(+Bwa7o$=rA4r+kNwj~& zugxfuoyy2#9w;C`NJ(wfmk;T6L-^-bpeqDmT4hKAf7_#)8dQoi)H3j?Gc>e%>f%%8 z^M;4JN+O~Z{bPn^;6&{hoB0FLoUXTFb947opu|<{JPRwtpHlN12t2&kFYchwn6jsX zofzpEN1G$yXP?X|cf-+Dw-k$1vml9HfN;?MlMdR>ZqtDo9-VV=fz_u+Ld&Q7lzFGV zs>aJqmnc?$alVJ|d$eZLHDbAI5qsR~(>sZ=GoV$-{ZB;6BMBN(CU_T0ddrJL88Mq$ z^U_z5kV{dO!aBq>F*4&vVDhxmdJ(%X(cfD3*i@dw4A1vv@M2?*6u!&XZEs{|rN*fa zG^fI()$uky7;xt_dVGA`R5{jJndW)x(V}#^71J`BX*5-%DnRDOdNhiD2Ylt$`_N*o zTOUCDYO3TDKc-4M$(Nz@K&;%L;WF?=>m4`vqv=FWwrJZc$79C5El)^Di*F3l9RG-N z;RG^mmO82+7uuxW7B`buYHnF9V}G;kYb{OWl*B~LVum8QZ|;`tlZ1bX&PpGsFS0$W z_}$>C4-v8j)=y8+Qly$r2LxNZZqH7{!DbzU|1Lb2ao54&H0SYUx#7#9T({-4H?w9{ z$|}r0`H)y`4-Sm|3uMm{f3tU$d-CLFc-~HfIR|9*N@Tcp4?JM+luBPKB|8-}eH_SO-VC^a&I|US zoIF;+gO$jUC5LjUdpM=+-!n){dR|ooe%D+bl%yn_^=^e*c-MM1*-N!wmiaYB9&!rL zu3X9-hXQ8PWWdYCe?sZPtjuc|lynUC)qBj}%OfgO!i<_G2EC6{MmhtN`egz$ZFAYy?6Hio4gcQ+p&28JP#Kv2 z7z!TP<3fd0x(SKLhjdfGhp&K@7@TR7^J;GHT5j4+RlQ1bRJQ1YKBx0k&&vd^MJ#_N zf3LmASJ+!GszwE$ku%y57ZWJooMB0w9a8!c8RVi9`6*GJB0nZ0g=RE!mm;M*8?_oj zDxUl;A(&}*Gdr{C2LUVKrxjE))YCxbJ1IO0^WZ}^9ufzw@T$jY>1^X1#d$xg zET!X2O&xtqkGi~TY_Z_JI_87Oc|lX$I7}Y@WwdCr-p^<-LS$WJ#`A>;fBbhY89TJ# zy?+3)pE2^w30ub$1d12Q^j1~(5To(*vob+5jN|4Rn*2_{ObPy2-#<)-sPQ@bBB78X z*lYS3Q=rWN=Mm?RXP5OS<#RSOHYV#nygozQ5E2iUR+B7~Q=TxZh+K1T0D=8pxi)*p zca#zigtqitaV;IW=@#nx3@1c}>c%&Ot4AXO>jY&B!{{SAKc^n`f+qK8xQS0pA%779 zpgMw|s6M*L?uH|@&t)S*P~EWc21lwZydz=k;31%#pz#M+rpsy~$#99N$2-v#cjOsX z=o2<_%VyT&Ka(c_g=738Lr%1&ACX&gVe*g0cm?ksm$y}gh{=F9;m7uyqc-g)e)Xy) z4<#wv*@}YQmFuk-#F^Y5oL&ZP59!UK8AAv`aC*a~GiKG^V>u2I4sY z-au+nAGKDfK1;U+yKQn$h3c+J3}Gt2O$ljuih&(aCLn=>hgexAqe$S0!fuQGmm>y2 z1B4c~H8Nn1w1kFKeDRM`&zAX`w&WEMqe}cihSFX#$Sd~|F}NQYnBNI`4t#Ta+F!$6 zNTi41*?d`YcOMcp}huEg_2Eb*&1C?vTV{86V!YTh3}A9CXR@;2xn zW&*Y8Yu=#us55!>joeLd{25Xo({Q%%suXIUQAJ%4>dXX+wdSOeg(ix*yYJLkx-s(= z<;xy52RW7GT)6kIkk|))HDqNEEqV%5+0!0AVg0zmF&6Alil@hm* z$CQ&omPIMX(!&5DQASg@Ev1z}5%;grz`C|fkX|G-S6wIP>u81sU3&ipcdp%=e-T3| zq)nOozVQz3?&O24O#M3_ow}^eapO-G-ATyoONVtV&!OyFlTS23i>YIMpQ3d`Lh4>n z19FV$wzu)-fzw6F+(qsE2Ixn;dLX-hhy)qiS{5*HLIJ$d9K#Zy3ZJ$*4v?bWt`x%v z22y_ME?KTR#QOTOFNv`AYO0>_XJ;{qTur8BZjp&kgmkLovan(tvL`8|J7D;p`j2`q zfuC^y?wtJmoQPzE4k)9iMpMvcm>X+h6cBq2mlcH1j2NB_7{C8_0CJ&2I?mj7iVD1` ziw_d-3!b(Z)uvLgnCGsP2Q#s7m9}S<01iDLtp%{*(8)1RosMK1raVjeZ$vwTnlior49X-)jZ{+(gC$1l~jVGp#t$E|X~ zF9p|Y^5?+o$NOQ=NGIN}gsr9W$EeYSN>wJ`#q%d+gUzF}GjTWBeP^C}C4ENS_A{UB z4En~mwAYT@z|-5qv&Y)Gq$?QR-AUGnN*_M95ZUrXM5)=pFdenm$pgB9>})lh^%C;? zYY@($kN<4P+6-mM4<3XvaQM*<>`4TcJ#C4REo$Gaw|+yLksr__Ug&4+FdwM zPvYTfzn+Lf)GjB-5+sAet&&NKnim;DDy+ z2Lic{QinF!qyBlOd;fv0Z?-l3zs*rV2($9jfYsp@sIS9&dG4e8%Xz;c6Cfi+&4v*1 z^-QAJd{kD0Ss#aLetGwK+W3=SqKdQnFxpT~rn2>T#7X{gf$+79X=_K@qF-%&))L~r ziy?lJ6E9`kHoe>~>E}(<%S(3$C8M^sp9b#;GT(1CFB1_uq*E91v!5vU%3&TpWGYP@ zKK7bdHdcQ zdADz$ECxZ3N38?2gC9O7#yx^(8!e-rZO+pmxPZvV*eL&em;|z4qX!f0G8C$jGcrc% z%yieu(o6I2(%@K7P<_mS4nyqy=Op`B0@>dLkslEO)MH_6)ChN{8{_L;zaERzP$#F& z2^(R;KiTz_riW^-vCiZ!MboPK=D&2yOk01nFk4Y1qwIWm+=)8|=4_;Wy(6M}#jX<} z)gvCNdHRD4(&V2D2Ba`Wm@XjsF<}kU#)qi7NXwEc7|8=3T3Pnq*C9?>1?|+0jxNXi zfFcdtf5-?dG*i`x8$u0Ju&pCCr%2)7@L0RAJ7;z2jA5W!z1NHs#OZd+X|#kqBow0Z z#O0&*Z&DdByK&V2Jbpga)Vh4X@^Jg;*k0+N@Z~3;_d7vDK*RIS(=B_(Zl~tH?CDFG z&W#&E;~y=u*PQuJU&FzU_`uu@9MlkY)u+59y% z{UaoIC&y;70c^`d?MyI_Q4bBWt;$DTQ+nQrA~-#;mU zxDNpxiehj-XZ+d68}=6Hq9$3kgmLRT(jrkJVSfS2)Z7{9M>rG7v*anuq4-|vHvN9- zZknowtG;Hm zUtMbJw)Obeeo!<4F7+sEB9`DTI_l#eCYsgHNs?+JEEGQtiK(-w<-^g10BNGoBXQZQ@5K)vZg) zwLcyUi)*KIf{19NXp-AfHq@9Ae9yOe1*etjD3oj`hxgNzNHn`P3}IvE)-2%ghx4;O zOLn�MIQ$!D0C}69%u7X4OgaUdH9-Ni`0Sl7-xUYDOg7OcD z3Q%H}k-KgwXY;=OLUb-;ai$;}^L%L!@o;orzm!HasIZ~|z zws#-e6cq8#dWv+L<_+4itNykr{vnF9{_7u*5jHjeBPO%cNyEhlap~7dW6KBbO;G_} z*^qHFZ#1#qr0qQ;^H||_y#{ljCeCxIv(X6M~m(K zbX-qU7W4p|RFenigIy(u|6tQ@aN!f-tD`914qJX)y^R737i&H3dARB{I?iJPt+d7-1>Zj3QNPvw+}ecGCoMdZ0W??STnT zl{u4bxRRQvPfGQ#>YsDqs&X3z(f`h5hM1`%;qL9toJIJcC0Bwad>hXeCVei;+eQ5z z9Q7APET=a{BC+ZA^tJcZ@cNP`{PEC@59bSApBJwLKfy0@9VC^v8dTSlaf>!>R3?|1 z6GgPoY@a^fv*vDZm84vDKYPf04^WgeFg&}_YxQ~#jT(f_~9mC#3?q8&jE(TU1lU{kKlBca)44~@}p-j~4 zfV97@?48b%X3O1S-^_)m@KTs{A!IeVapRjbtryBqAC+vi1r?c;O!TY|a#L^%u!j$ifTwhPm*nS1V8?y6efi?g36SNlyltr31tH}ePT zm!Q=~;jQQh?zG2?nTvc^WVR*im5-VBjO*M_;5!K>vJWO)eja(fkC6b-M`>6K^Y$|p zT%uuOTxMlqb|{Op((DNav1xk(i>TfS^c2<4aQD&#!DQNt2ZB{1RDnsZ<}nIBdmWT6 z-_n{gWO=^gFm@!PN5Ip8V>3}#2^v`0X*R`WyoJM?6@uo7b<|+zLaCL}vvtQp!Lf-U zvgYm>&}@s4JuLzez5d5opunomEWPdlP|1~jgTzd}1} zAwkxoc;?quDbRFQc=t!^;*SlNt%s~JQNB{aqTAgbT14yC_Gl`>Cd0)nYq$nI(OEP#r z@=yY*gjB5Zk?fN$dTEMN(;vXqN)G~V5|bH3-VYy&zL@egkG?}X0rzxj209blj=Fwr zC0{fsZ8)M@G$3+AWkg`hsaQmK;w?H7@cQ0ujRSr@exAuhIog6Z^A~8r8ff zg0YXNp1F_?|C@o{4~o(uL8vzsER6fSCyMSP4F=~r2}uzAdM1jDsH z%O^(PkS$;T-8t@F)FAQkPsXpoHO0Qz6y$>%L6CyI2Vx-KQ|D2ZO`?P;A#`}G24#x= zwAEH=%`^^BPejbs{M|&R(A0H%fcL@7GJ#ueo_7EK-tl@z{Spkm_40lijYG4zEEavx zcfY%T+&q6c-k!Nw4!fhX29TS5Q&?{|CH)h3e@%F-@(!Kc?XtXsf71`T7m?o_7xu`5 zVKkfGZZ{-6WvafrUc7tSBX#Et2ku48b>Tey52t}=&R4?w@6R9?sc@nBX3z!xh{mH& zCDT@)#LZ_eM#gbVNZfs(<#zFg0EwXdH7}o`@qb$5O6B-H?R37?n73T@&yio2SK?Km zKG8CG;e+phr#xCHaKUOWA)I_AjaNz&lb_W$L>AjdVYiM!Fpk4o>#vKS1kkR+@!>FM zyP>(ayo%xhkB!-8NSk>G3NMXGkf+tQPpm{`m5?$Ftgvlk*dw<>dM9BL>e{XTbFXaC zjbQrO63ZBef`wvwtS_F{sn-@05nEfA8hW^0LN|Grej-@*MNfS+>bi4bl^`%TC>>98b|oY z>Qp&`UX2@*@?4yil*&pI(BPES<-Pny=`_O@LXnD{tc7UN0LM$j9!CiL)Abj8p0mv1 zuSgnt9~9SMnS8!9_~VfFo}6qsePI21xf285bWneXGw!sv)QH_lhjO{Qea*J!^Voj3 zzya;CzW(HQ_sj9A)NbwCyN+q4(!{yw|Wp6zXsX0TBvx~gmd0RKe=Wz1)xl`mg_L@&d2CJW7^+4+oaOajo9=VUXq^|;PthOY77%G82rZ-QE2jfM*2pW(ZquHG``0QUa!bzP+m`|-DYsA%4 zKE3)B)RX+~AF1f(uj_QtX#^1h?~|us(Hp>|!rZhhk;@=w@E8iejFBtY?*J|;I!Q;) z=y4A&C-lV@?lMHmW^Fu-LfvekNVeIPuxHC&t)fq15=$kaBz$x9jE0`LGiX|aw{2DR zoQ$~UF`ZV;)Y{wUO|eG^)*XS&G4IYkX=S$fBYQ{z>2I${S7?S7}O!fN1aa2RX zO9*dOhgC7^sp%{*wuu*jnI2|~za+my_y(tt4quxrNj}9l?WbXU65MGq<0ScJ0spjY zJuXME_v66H&FJyPo33x(7ZB@XQ-q_9g35rm=fl&doq5}habQ=X? z4e`$f?GkJ{ZX*rUI(0dbA=r<6c>dV;t=Lw7Xp8``-y6fLy-k8RDOi8IH zVjhwWvb{%8twhcA&X?9scGrJ5{t1|OsHI^*E^UuR=J2pzD8h+8rP#QiayfKZBYETD z=fZdO<4&BY-orDPXZ@+)>3unI&m81;BbH8#rtM&YM@V|y4gTuUGx%a)s;Ds*%kq~C zXme5+86Z&BmdkQVcEq6Sm5SiR+(CHdmXRb-Y1Xs)`=x)z25`=T>&t=XxR)d;&cW~O zc6twYAuuuEVd*m}a~Ut!PyCTR&t_XiaAjKXLy_akd+>^#eVi(Gm{-{-+#QF93XrIQ8X^OtF<4p2KvDS*c zD(6y+13~)NoFB|hbWfV>lA6={M!2K5jr)I-3kG;QFj&O0OVIUj%m`ZEw#g%{fbYfJ z!D6|B8xs|=y0*B|LG8J`zMh=R_n}hxYP~YoXUWIkhXV=8L<5mkt&aimCphmRs6yCq zl!mz0fSKi)DC0JhrH%my5@19!K2-)TO_Z%cVwrmomjMREU;l}a6%z?T3P^RJ!S1m{ zLHPuE^(?YA*zXzDDA$7C@|9v8*H_h_@#&tO%pqZ&Lz7x`A9S!{fbmn{pt8yc6h3J} zDRPZ|e%NY^I4-ZT*J98i6sfA5NN8b^;iwfa(MoZB5EAk0U!s2ug{l%5 zJwoDvme|8_0x|V@vO9P?q5RFt5P$s?Mn8cYlu&p)*$XHA)EB?NEh~eC)2^Wu1js5ghQzL$Ne{aUPNWF%}Mq5l4#M|TXRI0K@fpw^n- zyo!6%L=W+20|Su_u)8<&AWi^=7wFN(%v2D`#cmPd_t^31G&0URQv&63DF_}I6k$WUQm9|X7Q~f%lDv=OfBZTJwpS`LL({1uLKHCT923O5 zuW``%44XbblPN)HVE$2wRrUg#AlWTpuCc#{)6#AQTS0c4MqVypRA5*~t69*%x%u<| z+nxdfX*i+q@h4XA3HQ_bt((pB^4^BkN6`X~B;kYffpo%Ug1-;`Zn40DE}H z)Bd=wtSiDK{A1aFcW&5dxz~6yioNV+tMQn~3=oaTS%K?!7Ok3Uqd+F*|h2lwOgqfdy?DoYSqm_PQhgL~2Rhlq)@Uz{MfdT;r z#AmGc7~##VE%<*VlM+&q6_>q5$Mf?*UYS$67BP*JG)6?Z6eT1p`jF6&ZZaNrTiYrk z$N>2td5Fl)wFr3|RbqiGUV~urWCCwYR%AD1xqbyjI&E^%AAaYz)$Gck*B$!QGIO#= zRtXbQbYZ;-uepQ)e97gWO5t>pL{QvA@r-~(cQzDY`{Noy&_NSS#sbx6Q(jDo<{&F5 z91CVXj=U1p3Fl~?^b63)HQxM5R=NLv`#&2;-v99;l3d{Q1;S$DVw+E*Jpv;6uQDoJ z8Mo;vZD#WM_f6kI^ajm_`SN`{8crY=iy8rlTH+(W&gu$cj(OkBR>x9X3oFw!O@i7} zSP~(17b?6lH+l2jk0h)=m zurUGAb)2z>5<$u~p!byDq|_;9qk7Bt^T=gAa=)AIS13!}s3@J^A4nhz79r+C(1^AU zpM|Y1!vh=>S8@XND``EAW^-LyXY#EO-LL=ne;?XYhfA7g13kDdyoTE)40{{J67jXO zN8&-cTX=U>`0;Z5P+4Qay8w5n3{*iu&|(4*6v4v_75dL!x$XD-PsMwG8bi(mg@lo2 zO@n6mQ;1YCaelz{C^*MvVlM<`O z{k=78FSh6JC@ZdHyJ6P-t4;6Q)cHw~xD_on^s_H4)LdZ=&P!S29YTWDpz zsSEJ&I_P8?ez4b{G)>dgd>Rb`l95B0V_huv&k=&bQ|G>Ag14sR~ zN@4H$PsBsbc)=>};gAYA1W{wYf&oL0pzRQ;>Cg z6A)CQlI8f`-rE;%fXtxJ`5ycyBq9MTP}kby+7Ixozpq+ORJD_-$-PJ9DMT6e1p6!a zs=;`62G+;t_gQugZOQ%;g)&!TDAeo`yc;QS5W{YA4bKUNJBpljTiHZ7*x_*@qZy)gm@m9@Lf}Yd@)hzkcb&uR;cg3-ru|% zMcZEaeZj2a>nl2$*2=tco`f&!-7#qF7}?p)c_ui5c2u{zGJd^Z6d>-$b+N0=>69PQhxt@sviZ70Fcms%V`zw=i8 zfrsuH&6Uiea!>ONqoi-m*umzq_F7&ulbsS?RB7qB*6HRyc&ug@Lp9KjbOvhvmVmW5 zc(rQ7el&aHILKOEqT;p!k$wF|JEvA%8f|C}Q*T6kX8nFmU+%a34C4d#-{)6M?1Wjc?Zz~ws7J&l5_#loSX^o zzmQz_9YlJVXAAykUi0nu@JO(n>%y!B8>g>)*`PR3%)3H`xKF*z1V8hnF@E*~pD$Oy zG4HyfomaaAYTl^JAn9omf61B&eHe-FKZVkii>(LkWvSAIDWV-2l#$=z{BIGKxqh88 z(xT0+!d8mIIYFK8YM1p!R7=)S@ydyMeoNCTU7^V1OAX7rV<_U3ECmbuWtWmVdqj7- z*%=~S=N4o~=6(CDZR>Mracv$=DvL8Nm(AWl^5fIBeCrb{wWqq!`lC_D$)gn=@cN;T z!TY_<<4&bl#uglTd_Un21{jDbO}UD*Kec~TeGxJ=>*0eSRc*$7Wn zjAUAi?7fg^xK(N`;TkOPdrbeUU_+6cLd1vFeZu$WrLO+Xp^yIFM{$fmDi6!r{!J$N zhJ`|~5KWtp3fW_)yV!cTYuDL^MPi`tTEn6wB?%7$p{U(ls3L=&b>nGnZhGPud)U0_ zQ52SV+)lP*^tTdcHPx;TO}wwi?ciHzg9Ck(?evgx$#d%YTF7Vn_6l^3!uhF67`dWl z(}zE3seX>HBCn8j8FbnNzD4f`d_aHkp2K`D#!mUdCj$h~Kn*@bdm1AiwxV1Yt$Ta!+@(Pw{iRU_mh)Q{} zdG&VnqRHz@qhsyq$GhQdy9FO#*ZQlabupDsB;PV@$qF)UW|kV!rj@*tY>&Oa7paos zU??yEWrx8OhzC#+^lYkXJ5FjE$a@L(EE%K=Emz{L4FB6Zy}L1;JMriVSljjLEy9{B zFdg%L-E*%{wG!%e^${{9;>t8jAl?xWhNvEcB7sW8}K^o!v@lyF;xA zZh~PjHTfv_MrkPdu%>R&vmnUULF`T>2F8 z7nIXcZwWq!b{ z!H4eHfsLm4B(ew?9XsImd%kyrsL0B?2%nM$N}yiF!D!pg;*&>ak!v5sXI2zXYKm9f z+7@ZOe-cQ1h{eK=VOVI9bZxDX67G@LJxJ4^S!n5*%Avkc=0|J4j6e|E1Hbdv0xz=r zqqsAmQaXnA`8%|e;{#{PF9IQ-=62K~-}kuM-!A!~nPiYb&P+yCC5;qx+(aUnx<&wiPNpoy4h5z zmavrR-Sljjp#|5K{KZ}=yJH>xCR#Lq1Au(kcQuSo=uS>OP*<2RnUfN*K=lt`6={Kw z!4VSPQQ#Ga`(ezuoyYvs@%9jz``{yfG5@~D(r#&h8<)&yW%e1-DLL>&7txXr87#CO zgp*gOoULkN!TKi4%RwhG1On+r5(-fb(m>4f; zlT1O1k;3L`H?;+-M!+t@%&t&9a|WlT7L~y{)HZWmuw#z3F-Y+r%MfyrIT=v5Y+1!h z(6@^4a($AZFc^>Q*N%f;uKiGBGpNb6(V>rM6KSw}@uQHyU-6p^PL7FjP8o<+Sz}H7 z)qSOFy?0CBtkP2un(oPbp?%<=BESx+Iv@B@_i8`sfhEniQJg>uy<$#sYx%hh)=%N{ zPFi1?<;$UTPT1YB{>JfNocT&J`NK(Cj9bE7o3B|t)(g6KPHqN_>T0cFu0hAB;36bZ zC_TqZMRg|77xPf5F9>vWu#WiVGD0Ubs7@Da@IpuN1wC%1AH8>go; z+^F;e8HchAee(wz>k}GHU>YUM0ey8q0i+@e%wIif=tr@kSOe*OCt`aSQC)}&XV9Tt zM3W$Jr(XDhF>^}WNwLA_(!mDrc>dEI%aIeYE^^2wJ$WuKm+2>y4kAe7*t{p}VDfIa zmyyp=6eM6AOBwnya-mPP!b_Tfff4(n#QsG;|HyWk3`1P{XR6q!rNu5)v?D19P(DJ& za~~VMdxL%}=4E8(dGB_i;jVjs%yTi;3j$)VatOn50n7sD5ZWB^4k!qH_3CkD>_Jp%DS1ZF(n-XHWMm=QB4 znyB>{|02dp=b)HyK1-_GK_vYh+r{w5@=+Gv{r3vxPbqIIV`r=z9NpS}jk-VzWs!25 z?+QA;O*0p*lrx<|fn(2Q-{^ty?{PzXW;-sju>?gZV#tCdeRLu~Jk(G?uOiKQeHkJ4 zvV3PZ`+recvhT)&es4%dTY@K(;A$M9_ zNEDqITL9VR6X+{}y!m&JT@sj*)Qk5z9(;NK$JAFxRn>fd(~=Sr(%mgchjd7nfOLq| zr8^GY4Fb||k?!v9?(UEVC8gi%_eNAp~~ zzrsv)zRO#hDWDuYv45un+xeQf#(c_+`r2c)cNb~c_HO~;E6X1^+mW{ra!o8+bfd3i-Dxbjk3N&aL(LZz0fWO($5I_Ii3?7qK%VbnXA^2<#)dsIG%g6J%{H@sNrFNN`pZWh6JkkjC`b zP$e!`7OaEOb1oW$AOp#zGFqz5x`_{Q4kEgk@f#=0Af-eB{|DAU)JCN-ZDEg};?`5D zo93s-PrK}NDBy=*Sxlo)4q%}Gr0jL@LFE4-OfDzEg*lm9GDt~JwObGG zSu@WM?QWFLNQ$3-esg#CUh+zO237|(n}0%mdW+EV)n{X)sRVNM;P1RC1m5vFuuuJ1G7 zXVMIx*+u8F+}mKPY%a_9HrY+u@$7$HN!hsLNv!(a{mD#D=KL2oX7vPk7sCq zilkX)ty?MT4Sj~S!OV%lv3s>hmBy|Vn6naaB_vQZF~G*;IAfoQlOT{}>w^d$^NDO3rSkGI4EZ4 zg}91dBcq^EGTi^@Zy{8y&n@goGu&%cI>*{?3IJT#K+(_|rREV}7~Cf(H%PBr2-?bdv%6*D_4mL&5W8EKvarBfjN{<&HcwtEXdr;TLTQ)YK4hkc6p29A{X@lqm)KY}IhuL= zPE@FpEMNKi+e0!la+S{9S)Y0wAGLYv(mw~5>nBqT;loJ5T=lezH@o;E=GvUUW+pyx zh$yM3N9t)&*^P`6h8s>X{1uM?W$qj4;-7uF>g%qqD^uPL(0a8!iE|f2;J=}DStBKP5N>xxqXn|`kO;Wo-XBy~P z2+!;WO(kp?Mf>+n;93h?f$d1%jNfu_ww6fonW;_z9pIUQ@zSfsE1gquLcMWcct4T?5&<)62S!j3G>(BN^pYNqlO(I@G@DFSPgsk{j?p-LndndU3a;ZvYA z=!UN5`m3+2vdP&sQwRG>*P=XON00X6~p43(@Prh)S-s@LRrnc)*j#)x*}_a{nId;;O>aBcxV) zUGMa|b?BlZeO?P;EGOG~6^?nWwpi8a$@}54uD}^s5qf4wa;hWL{dAMl`0M=*Ll9EZ z(;j|RSo!+~xc{P##jj~}XxKL2{KQ}hkDJgC3HnAM3dm<53`)dvf6=92P*D~i8QoPd z==vXnUEK9V5c&)JJWq6Ui8P6+zdFL}a= z1CU_#9YI(39$jD>{9IE)TpL*zUM`B%CV*i*aC@?+#eZz2ebc1{vr(q z$bxAIp6)^cS*IdHUqJ9dSjYYG*hN6-$ zHQQe!aPe0?;Z&==;V1Ajeo({G(Hp`)&fZYq*GQxhD>;FYKIyxqxJg6_2}-R@9OY@h z)a;z1u#kkvl-7H?H@;sZ|Lt3&tkX)4>l4>+o4L^vKeA095_67ToW9sj+R|FX9m-IG z)c#yUBUrR$x~-Z+L7gYbA7t`zR^SVQ|7YdhcnV@MfFr;H8X7a%Ti~Yu%yUW zx`IWf&ioY|>Hy zcQqudN+dpLcV8!qww>cHjc_+zE}Utt##fI4taG$VgNF)ulskDF*lXpJw@!2A2xY9FDL9W^# zsC&N+Kv6eAru>gCnMDAzEha1fcDvNeO|cMkywrxtZfZ@)pvHe~C~$v2*}PhIk&Jmq zT_dK_$f9oTSGEcz@<6X;mz!w|ahk-sKVaORX0?hs6H{sm`{oe3Wzf~%P z+*t`(LG0`KQjq4m8TL5iY#mA!4&Uum*75e!Et{NlUx7CPVJw28RBYyK8}#sG-A*$8 ze|$Os-(ZT&SH{0bj39UF0}j<5o$=eG0i`_oP?$tuJ8%P4N|}6R04g5gpLikn7a^b` zj7NY-GxBcjDT9vL<>ETa;$o$#$CIXU%~;@PefJ@oY$Bb8Z`hRE32b8J{ztj5r}gwn zU5dhX-V{{{YmEev(rC62z2!r8 zSStzHTyke&+;+8|*JLz9&bfu#&(5wm;YQTS?fcJsF#Ae7O%D=(to9H#AhzQ{Vr!GN z&s1G~RF4HunG#REN19X66IqWYat4Hh$Pnei9O1xSW`{((2x_aFfwfRKj7_WgGE zOsY-IJ~`Iwwrf9Dr#dt4jK;>)E~cQusCesny>x=w{Az9E^)lk%dOa?8$MQX!+4b(6mQ5$1-7pG>imzsLxbjHH-3sUZ8= z;se|S%}k@QxaVzh6l5{d$&DT%>tA zL=q%EX=|Geuqxz|I!6vXS;y95kF=YN&yp_Ad)a2swYR!G=Zq54Hie186Q{h&nb|fX zFX>`uj-U@dON>1g>U%ZP=5>&e{;Qs$p634PT3O-x6ad|bj&1F-JQu0a5SUx{%fDs7 zkX*ZO_fTxI^rio zsl(Wc0c6HMO7#sDIin(J+CWEdU%?$sx~*aKE)82h1!d}3(5<_@m^z5^0zwqjf0e8x zV|Dl*JHN%gaa(gNc{_>GF7#x(g0>hP_4Jlk`OT|lV|rNv_R`Sh8}u*2i|ZX@0}*n8 zRgUS6A%zN_j?E;zPxYk5%|-j1zesI>+pERbm-E5-dv#X>y3Xyx)%is$GIF=SbFWE& zTb$zdfqDJ7kk=`w!d#dFFf9D}3KZ%MGc6BG;siCMlLYz`s8mMCOT|hC$qG15Q<>q* z4 zs@2aGvGS*I#|X*z*W6DeeJI*AQ8RTxC9KMtxd2@2)xn34cx$KLmz52C_Hp46O5rBc zMstOhU#goeN!8|B+U|aCPAeRk%`Tp#qe^6I>t?J1LM!jHiiTKkOr7;TS50qrS?+b8 zq!ZWIR)qj-0IGvDS(WgI2;2rFb_A(6{9UaA7$`tev_Ja$3z@aBf3}F5>luij2kE8) zrbOxzY1F*mBJ#fyLMAc)+sy+zPi;^46l#Aa^DIxd*=}DZl)OTY(;KOL?(C^2u)oEN z0>}KxW*1Utv5ce&X(#Lb>(&yYM;ZUnOal{01z! zl$lrbGG3@+gubaZqhk8+{QKtDE=T*%^f^;Qqh)o^?(f%aAkl_Y>#pI|GnsdETNph# zO_cUYDhCqnY#DjlS(G@mQ45MAU9mpF2mP4tx)MWFU)t_IBx+OqfG;zV8f#U?U3M6ah{F<>}DI;;l|JKj;slweHqu2#M!dm25my?w{f*HTl zr-U&iP}C#Gus(1)7m_7!iO;3%{#hr-fOwp^T5f0ObV@x*_BiK*TQU=l3eBO~_QUqD zYGKBxGubW^DL0@}Gydm{Y7Wcj{xz%nG{Iu-0aE7pqvKQKSxlu#VmlAu2<38--#mYQ zy*a(dI_|Bfyhj=GRJ&^ZXuElfm+WL?IaYigpO{3nh|EGh(HCp>702y>o)H{s z{>jH%ZhrtQ@6WR|{IHD6c_MLPf6x8Q$;r`l=EX~RlEMkAt1!u%OGw!;Yf9ngz$Z^# z2ldGrwN~_Y<4v@ickS}yZQ~S0wpjX*f|&UpoQ81bC%hjJnAa06<~f=BSmAzCiaC5& z8(n|U7W#Ut+kKHk-OvZB6r|K14ZIp}26_$5AX#7=l^{5*BXO%NZ%|n!R}FJ|K!K+G zkrRd_WYKQzDS;OIaZa}@)0ST!94`3Fj(O3r4gK~IhD&SSbYC?&Tanf1zrip_=!)$! zzCczpR*ep~gg$x1m})Bbo%}7vD_)!y$ISQ2$=Uz#Yy(L6s9pp;6Z+o+fI6}R)|8}W zq+9bt!SfOXEvYw!u@U(8tY<|{O{~S{_1yLOKStd6PK9_LTc6h*kF+SnA*mxOKKr+o z2_F$x7-Uo7$an*acs7*JPrP}?QxT_O6!Sc8SIc~zt0$<7EL^6nMWN&_+NXUw?wY>6 zz-AH5!uvv^)Ntw3_3g!sD&Ve!rv?%yWM9aMAe0MNqFHA)dRsb`w&V1*!Oasg8|t4& zYc6>Jjm99T8D#!Zjg%=RiEvtg($nQ8rrWX{#r3Vft2BvH;O7?A^h$%n`+KJLVrOpV z{e)TFE1lIEK{^LFdTw-<4Xx4f9F+d1*9^F;qBE_9wm{MA$+jPIw8A@Yn}}3W#n{BG zj#2~@3Z)jJ%Ts>6Oi4je6#@}0i_WCz)gStHsiR-!6um(HAgI)E=<8lY@;O1Ni-3X5 zP~BlJlj30Y%?zUUOhbXKHVhBK2SJ~|iS#aZ@S!h4s5WaidwZD^R21{qB*K0HN~>sN z!0XAbKJ!Ry`|HA~u+Zw`!GVK@8t{}f9<4q-S$&rjCAx}d#J6NnNMz-Do7gCL>ad|1 z?mM`w{P8FwZwKQsxdI~(HO%?)Gva6UIf2@Zsnw&`J>x$)uO(CPRbx9?M+c}QYB`(2 z>l9-x0;_m67S;raBl-F#Z0cT#?As2H0{L}EM3ENW1I(vMp7I#;oIgHt3ZoQreiC-b zs{D35U`or!U;koRv?E=wJ}0OP=j~-q7yzoY z|J0rWIq8+}pThwl#f>of;It3~nM+pKb!N3YywPE_wkPw4SDoCBmh8d@&uiKbH*;I< z^|+-j%Q;%`tss$fL8;|tT{Wfr7tU_n4OwGcymh$h6zz3PBJhgwdC+JgS{W+XN#?%h z%=!hkH$geJBE)~ydY#MrNWZ2TRhHVW=G!1t;2aeGefJXdWNu}zP$>Q(J+008z@k!J z7j(8{CoOgLW4E%v*#*7VMlsT}Ki+*yOIg6vH2jGsYC`=sYJ9mp&RPpG?hMfv0Ns0EIX3ynh?9e z01U0eGFiFJBJqE^!@x?7I!`3fbGXAb9G3#JC4}vmF#azA``{cq$<7>?g9^5HP8}|G zzmlm=3u5I}_2!HN@$2eO0B@T-yZgwOTsPVrolCS63xcxI8g@*_3UJc|^c?lmE1irs z5yvZfB~U7;ZZG!(p$#qXO$uY(m!fAznkNLOLdxq52@;pz3D}~Z02HO;IOA$5rS42( zn~z~<3lUerevfT4nW#4I3+994*wyd#Hb)o8*LkifAgw(vLG!YmfVmA%Nn{iqq?W!< zXX=T#2Q@WzYUMPam}j8%Zj-vBRj)paI}pWvIvm+uwc)=NZp4>34I)_Vo{Sne zIoQjDO(0sar{qy#@;S=lYq119INcX?oL3cJPQ13xr@>wey=+^8fTvaE+Tk6=zd92d zQfNG5pdF|fQ|)73!v~4I@8_u-svw`-nC;^io7>LDi1X0sN{a{Ex+V+|D!+bQ*wlGpc^e<9#Y=JHWey zZ>QThT-)&o3k@!-N+9=qtjU&$e3gH$ zMzt7QgUxTTbp6heQMxR>pHSj(VbB1qd{r>Otx(*8f1k3BxP8B(3AB8}s(n<*@?tz8 zrh^XWN?)LEP$LOj#2FUbmV7r~w$5KuZ~04rSDx~Ii6D)79;CCDv&Pd3YPCb2C(Os2 zCCs<|^O)hjo%dA65Rdh?ms#HMy|1h2YX%gC_1ELC%PhHBy07|v?+*9_DX?8E;8v(F z=Z2hJ&@kRS;eCFkVI55t?~zIBdFz8~D)^3u*6BAacKqb*QBP2)mhTq?#mB^?^%lrK zHJRl$tmd+_T59lyNuk7ygl27P(~(F+FpToj+e{ zqp*4R{W9n7JAhqgqaY|Tk`i=YbD!BP>|MH}p3&}I<_tVtoPLjI`T8vBwNyU)Y~eQ) z`H+4noKbvl|3Sd>&eJ7zRru_w#l!C2@pMX$BR`fdYzym|S2mhDA9 z$6e<=83WOt`ZDj!3j)lPzL2CEafv|sF^OJT*;NwQvhN6gZIT`K2#Zt4dkYYRze%>Y zAR}UmFfx34y31=$^0s!sd&D`|CH|eOpO5@FcmJ87@Po#x@YU{W#o$z+a#!d#KEDn1+CyVLDXBAr!?!W4Wl8ytpY5D}E$xAFqWU&{1wGH#7 z7NgjlG|r8Zfu!mjkmz(C4}wGfyt^lR=X{0M1Qrv0McZ1SB~|mh%EFq8ie>#B1Ct92 ztSc*W$qUVqq5eGaQ$J6}AKDioXhbtnD?DW?SzPiO+{|5EVTI_`Y=Oe-ENfN`<%7I` zS$h?l(MJ6tRl*ml`WyAFHkP6bPn)VK|M1Ql2_1!s$)gVnz=5NVA|Rk4IC$4)cJ6y= zBnkU|exdp@cV&V+7>{eN+hM|`UK(tp{M!KW;SWS}#~<9b zXftJgI!KD$YCP>y%+2#%L8=x-1NcaG^*Q;PTePs~THY7U<}=^b;-q^O+cffi56Bgq zSl<%C5Ewx-$mg^wV;#A)2rUw@9B!?Ql&M#bwUz-s>18Pjn1^j9BGy5&NhR8)A5Bu; zM13paUqDYNp0hzO8_=>V@J)U+Yk9Ks%a4DbgD4&H7a)D4GXU~ECUtd?&Imixb?k!X zSg$2B*KMUe8oANEoh%7h=wwLVs#M2Lv1iQE8H{I;A`sRzlV%lfotz+4by6c@VbSl{U-=yk|k*S!?bk_OY6L}gCk5|Fohtx0ndlG z9wkHV>iX+7dpOO)XBng!8KgF60K4Luj_@6p(7lIinUI(F(_Po2CBCb*8|+Ew#^_YM zpuVCB^|VjQxuJMbjkp_rf5;bV8atA=v)!i^sEM|J-I&3b!^z~E9d${zKhW^869MLw zBn~DN!p;8R`;WZR(n{5OLIy#iIqyME!t|pA2TlP&&iw@YzC_hHaylf+ys$++ANXTS z>+P=$xUQR6vu>8a#8t{877|iu{02m#g@7u&bmRqztg4N(*M_%o0KPpq@$#vhc{1a? z&-Z$MTGXIF$df6cp25Nkp6@yRCjhsca?X+v_YC!U>sB}#N@}ExQO$6C(!S@IA{$w- zq8rmPp7NDJYTo>e5q1H6p@ck&Ou{Ucq{MVcIG(bq@{uDiDsIu=-I?#$qh=%5wJHVL z46r3RR4N4m1Rqu$A)$Ffhy47H+LcuHC1)`poo9)Uw?5oNuJHi*&B9rV4mA%bORe18 z_AS+cPBR~MM)6(mopk*fPNDRp8m;@KCvCL5+u3^_!gB4(_|0E4TgXm}-qYrVIXe9s z>5}fMtWCC(Zt}WN0ITSZ0}4o2>kpDxQY!y8-mph9>r{Lg!{*9^LZUDmtn-pKPE78M4Zt5VDYD<5{8)RZHGZ2^!HeT3453VfWBE2P8GkC#wkEnn;kbPx3I|` z7Bc03>V)@E3!&>;XM7+Ooz<*qL1q;I5e~o@1Qy|sNf!cgerM#n{LQj8K2P~ke<|%^ zbJhFW$51a|VF5;!Sqi*S!dk(8Ff}&aeI}-7wJss`D%JO)Bg|RAYYCEnUE6P8vX?(=wbD%uoebh@o(ypv$G~xz3v4XAIJU1kMsJJ?H zdVg21?stVhdzYfmHhlYV@e=cBc?zW+UGp`0|KYrPu0aI_e6w_{UuPJ0L|54ycrq(I zNm*4TXy;>?5(_1RxLaR%-Xoxs(ZH|Hp$Ufmi?WR^e#=R)a7}>LM&7M+(o28_J>9{O zajJr&s}0SsdUuke#%cNG6Gt*)<;hE1q9Kmz+XwjZI;EjeY+rv8V)fKFMOV+!h52#jCZGzSCR66B16US(Xo9)!oI zR55|aQrE~v{9xWIGkr?PL+tlO?td7~Q*1E6y4++7!f2cNC6Lk3GdcY;Lk-P%ifJpq zapr9o-W&_u1DnlEMWCeb9um zvb9Rch6MAMee9w8_1k74`4JSR6~JB$K|>!o;Q z`UP>5#r9K0+>3v9BM(=Cz{0gG34{nXei>1tKXZyYeV;is4Pb{2h!|$;rV?=pj*sm> zhy^PmDBNm(D2UJkuNc})%cY@~2SSUd(^Sp3N?W|s6cjX_A2;<3YP)-E;HsR?Ox|}G zshOCqscA!3a&gZG2-DF^N@cxLLNlq^`C6R^#ma7=!N z5DirFKC! zF+Xb>x;wCJbE&5KkqXtN*^?ZUl$$oH7ej$;tF8}Yh;t9ti$cd9XN)ypqH%?87HPl7 zy=h@nt*XE~=6PiTN8&XZmJL7oNJS~|gUB+u;uGAFK#>sHp@XxwP|kcOhO<7R?ziRg z!NRAVb8grn(x{gb9&1iHoZMJTf~lHMH@zx(6NrH!&Fw=8*|QvQ~4MS^y-tBrj%!{*0XZG?%I)v;cOE!N}-0SIMqnQWd8N!yL!D zx0*wD@p6&pe+QO2+c1UNo)0ebbuY}6g!;#z zR#9!qfLIX<9((h(WTir&+os&eYJJloWqMvunI2B2#);CMp=Jct)^hW4l}x~)fC(;~ z|4vWw*DH-D>xG#h?9-xx0=LJxME+gbxQ4~TTKk)qFHu$;20wa~7?mqnPWL&SpNyV% zyV$JNvCMo6Fl>F28N`|(#6!e-dRnuyzuUZz7H-UxycqT9dA^DQR;#n}coo^z+(klH zCCWf%P;#OP1ga^H41)^-WRYMVb8lwlNo%==+w_~E0bkM_d}XXW?5c_@rGyk`QjyQz z#bGZT74h2L_ch1IrcK&rM+qhywVzk=8h4GS_+g|nUCs74UflYK@p|jpp?E}T?02wY z)lb0k=b%{Ii{sS+gUXCLQ@M1Sz6?5V#H*OZv_$c{0z#OQY#8VpIhr;q8sPu(1bDv- zqkdyK{3GP+hO@BX*8hlP3uEb;Yt`<}-|p{zUVOl1N?0yA;I;wSh*n?Y8(a;-N4UIH zUv5WtMTe#r^46_{`Y$Di0#%_272FHcAjJg1U+E;k4=cy*;855FDdScXRO+a~?BSHX zf`T%rg!&g?gE9z#|8dd_^IJ)F^cq1!PrnwujAG1f!a$#jxyT=}i6#{~b(Cx77SAs^ zMLBgkVlBuRy|`4G8QJVz?hnqVb@Xg`+`ZOo11r$j&F`bGLCUnM)JK3WwNd#GGS|0M zW)~L5ic~gylcj^TLiM1l!UA(Xs9gKA(w8=x6oT|`LUNqj&TF&nyX?aA{qem-}wymfueu7|1hCiK2M_nnKtZz^zlVbchffo;& zXa2rt%P!nrkeu1w`#=P+eBaA3ddew!h19}6^gfOv4x4wV$`4%9A*$xaV*5Q&a2qoF z?-5Y;8(?2toP^&(+*#hB@bKHm>3!-l8u-<<>G%)^5#!NiUjll?!UnJUrq7NK=*l`? zrTN70hkWKiU$%_($B~GjE{%^EvZ#@A83pzX@5{~sc;?9_f5TqkXeSs+asQOUC*Q9h zX3l2tr`5|vtf2Q*ys(U~<518qItkO8hki^rx@iS8yZiDuCBz=oh}|PLLDYP-_(LW5uMtojOdv8xj@bFoec#k*@?Yx|QNSBbH?9O(9+gF?u*m)`aF z>PMpi&4!U&nd!~WL^}e0>~os?S6y$}Z`fWSs%K}P4y?pK8(*DVtxw{#z2xV&8Cm|^ zm5ZNYaZ@s^6TC22)Z~l8Jo|{5w;uHo``Hh!^Bx1^CE|4%DD5nc<^?r;H|g{&jSCa;u^I}|paR;-5BtlECV2jLQT=>LN}0gyh4SA<1)o*uI( zkQhqwv(aq0kGT~d8psFc2e0=;-UJ%DQsMo*PyZ_z^!d`6KaF;NKz%rLXi&-YV7PL! zBe9T`#Gsd0q4Kp42#@P)$dT_2Atc$5_4>y=KMd3kFHRV*AXL-Y-TUP(1G6K@(rdbg zOBcvC$7@(TJNbK|w1>R0vSakT2S0y; zmh<_LN>h~`D~CI&<|uCJ_=UcYSm}}S?Bm#k-{EtU`A5mOnF|N+y23r{mt6XXf6sZRBk)SV`;N z{l22A+NS)>S$wqEptbZ%Om}@{#D$w4M@xcUsxgMpRt3xVjkaNcoz8daVUF9tMq*|i z^8ZQkO%mXod)_0vt;d`UsV*)q@Yp!~{zKETBbRl4w?*T+nK8iQ zEw|SbryHJXC~V0qI9T!B$>ZNPC4csXGAn`1_{+6mc$*o6ixbNVFEN&nKk(*_?(?S| zNYy&H=|2L8_%qskxSDIg?T??cr|ZHzn$v*t^I>TkvgWyx{Na5JEosG0`9~F$KTtja z9hGAFGU_w>!cvNqJ#`}T$p#mdBz&w0cB-3&+#Vj&v?fzL9vzkc=^QXfNL}lBAE&(@ zGo1L)`>i$ubK?`t;p@^_QEP5SK=xgU>27O5^>TCYdU1c!iRj6&?x6Hf(2~szD13^0 z|C~tm40q(S&`rI;GP3$qE4o`h^w*{%T$n$oN?Tt`_}W2umJIFAhOy7u6WFHIo6_D0 z_KeDvuPXzv&&_wf>M(+S&-$BouIiL{UF&CbuPw436ApBkPCleUA1+_>aqW{pMi#acj7Eacito^s1RC7;6sbDT?1o7#C^kB5()_O&Gj0<@X$$n|J+#Z2}!r8g*JhH?wu-lFT1Z%0H2oxkT*F` zJ11i+ivCPTW6+3K=UVYGAu zi~P#CPw~#$nqJbypXGJA~)3Ov|1}^3ap@)3{h8(>^iJQyu`o_y#A+%~^;Ig(tRj7H zlSpO#L3;a)%*~F~QLo%t>$!2IUuNay`7dL=^C}f$H7XF+=HXW84M4uG+wuLd2?q#iov8XJ(zbL<^7e9|HAh*r02 zp6JL=t^kVYlTY8}NgZMP1th+)e1F*3rUnzHO+wG-r*qZ@py5lzomDKw^w%zr`<$Y&DJ z9~}SjpdSY~M+{C~0j_%yx0lFJH3bOd7)J!NSb$Be*1&8i^RHJl7>ZCU}C+-R!q@udi`qgn9G2rqd8dbS|fOF?yU#5 zYIFr@ri;_Hmu0~>kpjZ5hs!6QkmIIHZ|Ld!UWxw(31qS4U`9o702ZLZnQp8_ZO0@Z z>u7~U|1w^LpX z_Bj%Q)43rRa3Yn7e6MX6l+t7&UL?-Ps)HSJp2m4H0qmy39Kbc4!v2+Cu@`R+g~XL~ zB`Pk?=QZJY%ER9a!sOWrvLQu}{zWQGK#&Sei#Nye$4O~w?lgvuRKY9C^NItoxYe$&9;)yn#x~NSBx&?=t$|*>-1-UBWLiw07v`2y3%M# zN55-kWa5-FLSY8+sCT$1>0<}z#Z1+5YuqxOj!%7PH|&Z3*)!7C2}dDW_Q?jhYdN>N z3kjcMmxLn$3YB1xh(;pL;|=akdp+6n^OB#HG6PN7M}|-1lg?InU&0Q2b)(Q&aH{2_ zn5DlAlrz6q0y?MR2H~ZZ67#WpO|=cQhw&IzQfy#YaA5y`j%(1~>ij*4Meow{!dUHX zFv?Hs?D!Nr5c#Xc9qekGo#Q!7i_d5$3*z+!_ST9uRKusI*}qQAZ*0pY7@W0Tdv{T~ zPcc9Hz+0mt#2M<#7B2)pj#k&uCW*#2x=r720=WhlBz@YFMEiMUUZPvcU+l!26S%7O zWBj39OVA<379{u7;_+E7-&buN!8+*4{nebYjrFDe-wpTaxzOwAd7`bOrX$6FFfcQ! z_1S^p)QqUM1Vqg-x8r1VMpoQg9tU2!W>gZJS>@v|FIp3dadMIK6|}Gr<#6wh;P4f? z0U<-vrz7cHs{R) zXnllYlCX|fzB8O6;4Ntx{`nC_kTY!yH*hOP2_3F?nrT16;^x9_3<3Txq(WIUzR3K{ z`Nq7lw&}@6?hSFm^J^~3{KnN7@E-M!$>RXlmPxtxD1XN8z@VPWI6vx%W0ir#*#cLq z)o)-z7zCJrBL2EO=5tTOR0OrWm#=5!7_*Xa)$*X9L@P(#bi~PVU1YkI72hH=!07SV z4bQju-qPbyj5Bh2>Doy{K7N%6M2vbGtmcVsmL9%JJIS@#OY zWR9LOmF68ywB6TT7N|7F5#fN;PqLb_14o6?@*lXQ(Q2Wbrf|KX@SGMFB z7&`%F+LeNk?IP)_R0~43D{3%%z3_d)-#C4WG7QX+s8ArSM1m5;HfATf-BQQ~m4=~N zFKEm^wxGaKSG~;TEE;+cP*<{cjgGe;z*4$?jXr7AQrTe53kPs`Dl99QG%e@%2e!1J zj;1wMr^ntL?9Qi;s{X?z5Lqkpy*Sl^8sB3rZ(Zotf2csEom9*_Ys|hbju?>7yn5F^ zi+$}IU?)qB~R;Oz7aRHiAC<-8>8!wnu*Mm4<1D*AYjA_00??CqAs zVM-asL#o;<%4R`)&3wonM;FFG%M0C$ z+FH`1IY=sDn)AH66xu~Rk}PH|E1;2Zw}=c4m;I)0mJBVC9i59-+5`D(>S0@voGdUi zGtODd0l$T0Sin@^X(wRZPzD_XiN2ay_2Vy__c=Q+_mRoV$E;OlEDGz8N$YD*9+P%W z|LhBESZndfep30}H0T6^yVeM7`87|kq3Cl;syI9LILt4&-<;IE7rb6{pWkLwF=(W& zI1$=@w%Ovg*JtSEZa@-t94Q_t2H<&oc|oX@2V0y@;vj5WOr%^y8HJz(@*nyRN+`}D z(p+9y)&LV}t_m!q(d`{+&SOJORf)?Ge+ik8Qaw0(!oyHo%qSCxgqe6;v^eq z#2cB1(;&>1v+^x)?1}uPRPAhudR>Ghn%&+b8A;5_ShL5l0v~aFQ!GV~c z`+eAT`|`HVdH+;<5)7TvS^VN3_WuC3=FVbooZKb9TJNT-+JK!^i zXnptSF{|5hzXQIPL$7}=Z)zjRa9a1G{KDb21$+NT^!3O#ftMR&RZr zntYI2SE7FdVY^h8QiB`xpFblTh0&GNiG%ZpvF5Dh!hy)I_ufQr zeJdZF%pTtXGtE?r?PV?Aooe?|1XcB4$3rh&S6=e-7%{H4bBDf<=P^-JW*201rWXD* zPOw3^RzH$EHXT-p-Ec?dST4c%0VpV_!7qHhH~X zI@syByRIDV)CUR0Ae$A?bBM@iBVoZSDpTxu?a^Bo$wAS+&}bN6i25sKiMZ2O5}i(; zHeu3NzI{1`7IPeYZ6^04db&NlSM6kBmp4-Yl(tEUx)H25{q~r7B8f z_M^VEr>a}d=etiY)YU*{=Kn9vjvii6N=kkB{v?3>>XE0-8V8pqCnQP>3QI+ST-o;tNp=yMT1HrV%BtG%0aRHD-4Q1||0mdZs4zcCSAEO! z2O2tJc2s17C&;}$8`{5s1Ag7;O?&dI{7{O@C3N`A{6o(jdOO>{-zsC)zIYym<)IwX zd*8~mq!R)q))zS&ko1tSkackmDQPm8)Vwd0d5pU?C>5;(Xkr@OW}i}VLJ9!Ygln1z zdAbbvfDLQCmOf13ujXl$-Rt>~T10i61LC79d36|4ggF;ghf2FBFg&S9!v z{YPZieqU~U`{+lFE(tYf@Nta2B42d*OQk*JpbDXrV-Gv}6w28`48ie1O1-s@s0#m& zs;>--s{7s+5m70Tl9pCLx?@l}hLVN>q`NzYqaYxlq;z+8cPU6WNQ1=CL)Q@hQ6K%i z@24}@o;`8aUh7_U@3YmVg4y_zn6-uCS3ONJzN63A#%(J%6*3O>lv=xTIW*YE$?`^HnkaDGuPyA}0hqlk0duN20 zd88juW$A)yj-QXXzg>WFWD8od4N;wdB4})Tk}s2$Z4c981Wj)vWO7z8Aqz*=oSUkg+QScZEp`0+mjiwH3**fwW{= z!8<%Hs(*E=v=KtN?H0NZE1?EtR8HprX82&MfdtYmf@=(@=NDd zo%uI%eK5sAYr+#$wgtil!7^TuR!V_loOx3SRU>hU*F&|V;|rqp!k-gpqzM`W^eY7J zBEW7@{|wJFEoO zAAQX27Sr?Rtlh6Ps%)T7&E?c9M;@=LnX3Kr5nBJS_*mNu^&%)(GnRgrsSHT>v^>ej zf;$W#yB;@Ya_UtIO&Y#m67FZEfAYwAtdM)O zBB^xG-ed%M>zD6Y@vhrAGbr69k5RqEMgHrUbCdl49dk;FfCao@cFF5lM@ zT<>EMJw<^a4^kmD^nRRT-chxFk|0qgXe2n@fw@#8R>E&h%zZzH1a(YC4Kq#DI0^bZ zohMo18$FJd-EeVN8OP;oT`c^HgDh>84{TVDo_I6*oMtOi`a z>Sn@E$D6bxmb4#rg_U>5=tOhA0Pm_Lw&7yxl1e_uy}^X;k|Uzi>PAPOHqcUVo7*Tx zFggq&!Ewljd1K|DhWUT}a+Gn@72*+$|3Ss4ft(E_-W?JACz5Zzimw>v7^TxUoFvmV_`RB^v`d4^YvaaKYpmfzAiXGWIgl1ER{kWKSk+VZLh7Ko_2Z%jotTleK#svgja4)z1J&?amp+OB8`+i|1U_T z@-oJM(s9Hm&-f+ABv@LU{ihc7ExmhkjE6cs*~Z~JGh_T$vkqOZ3FScYd`-C+j|u*M z4acLF<-6pEYsf3r-<~-Pd}>zWQsjI8A_OxsA)@cN>%%~cUA1Dc8mx<~8)ZgtziB2rCSll=7UdW zo|^7*F>17vzzdC;C54veY3TXh!0cpd!!dW!naGQse?&vQ7v3;i6ikGx(@Ui^0n7_lS|LzqBh)Me1aj#WW5zjV zDO>LZ-RWp|Cx6RvArX7T_WD`U^2e#pd82h4c8DJ1EO&-%Pnt8d0I~K#F=LkyJ-J@F z-!1Np2y2C2;cP$ymTDA7=jy4Jn(=dh%>(+FKaHq}29zao-+S3-T)=lTEMj4jvQuB6 zVf^i-5uil)f*WM%!S_S#O|Dd8UO_>mtYu=BtjRtIx*#_%cf^`k6#^Ye94aB-TKK-|52#q>AWGA*&_lDnn^Km|KVXu^Azd1Tz3=j-i+Pu)%4nw=@5$`#SSRKQJ+Cp)#A-V zMA8qay4hxnLMq+CXq~-$q+Why2k*{*bfK!mCT?Qc+6l3(NCtdE@Dt|? zA{;hazr)p8-9)a=mxvm}UKieVTtbQaIwmn^&6no}-j%;{y|`T4o-#hWJRIwTbqVML ztyh@f7ke-|#Qoz{Ia0Z*w<9Y87;!CI=4qaJs2D>Q$)K8>!d_1l%J4;iy zN|$|8L|E6^pKxr)MqLw=934F}y_y6}nQ^}*liq)jWALu7*x=n;lHV`m%%9rlrJAh2 ziP#D2rIn>Pl~E&yydfWDE<8gp7r(;bZs)>$XWd=qYhaS}S^tqi=beLcEYutp-lJ@L zug-Uyq?@y*pK-pXEWFj)C^0Gy~9r68vsS0k-gJTo}YHlmgQwI`X6|d8!`56}hje__h7~V1s0cy+GXBjgH zw2RbDn%5zJk2ZE~Hj@)2e;eo*uzFiM%Mdbkk$ltz^&2mH%zn7mO6eD95LqMA=sqm~ zP9oziYCgyv`aHeF*tn)YRcDv??D4!}(QW>3%B|R_`{N1RAPqkVa8y)r} zS~ijI$U3U?XIW{ARTR%UI)-pg@dIPQ00K;=73-#9jM?CiVKz)0F7@#k&9k$?;6>?G zsFSj$u;u*^dg)O&w(A|(%-L}8 zcZsQT5e{E*O3)k%M(7Y_xFV4#09)-(4}8o~n0EyLSb?o;nd-dZBiRAyP}EfLTYz0sHm+O4=C zp0-NG(N5)%s!1DyhxTY-8^v-7B9#^<0MsJ{MXM~`evcT?-`3AGoA`0wBc#r0Ok zCD%D=S=)Q~Orn!L%mm%I^VewmLGW_ub+h6JZKCQ@ZeAPFwO@0BfnfPrm-5-d5@DkcdVq2zud#@O$nv4|wu>dzrJ`oTT0^o<`c0wobNURNJ`u zU=7|^oc;0LXbR2r(2NH%k#%fWjl{@_ zgn(5eNt4y8Ct0S=J`bu&Mbkx>0AsZB-yDD{L_s-;`yz6B`0i76wxUm!2MGEiS|U8O z62;r|@++saU=Ph32<6S;=Gr!?`!txS&$I+XIQT6CZj-ZVbX4jdPLrdlYPFk=yKZTL zv>!9&I32~kI!RUk#&~WnCv{)95}E+T@UxwH&ZvAELNIxGTpmr#V0AYD-pFzdk;o{> zl&)B*1gETxsJhGu9WVIC_l)C;{Rg~VoSa28gm?rWGzR)NEx%fst``{^+L|g%ah<)m zn}g8G>>!BTMJ!Fd3yYHY-pLTCSB9~Iz=+#%oV=~S(Sd5)1BlwKHI-`M;`s11Ebtc5 z2QyW6(o1QY6akvOFXouRHwQ}BhjNwA^G{O^x0g@cA4m@V6vL(>aw{SC|NXZIee=l) zz`J>IdE~;A6$POd$y}gJ;e(@ax_EZ_a*pW0Z=$4yr)^qn)tP@KSYG+SO6r^V=BV1B zVFTtCi5Yw0yDv_JV=hHswVXK{53ma<2jzf$;$$$ge3Y~dwLG}b+uT^ppg#&TMP}5~ zlctj&hqTD&>i020uNNxa6y0-p1}Zl`q~^)XZA-q=kY$)o*RAcFp+{uO;L)t=k?5M_ zqg7k@=F9v2MMeg1%|v?B==Zxm`658#5pD*tnuYFY|K`d0(qbCu!Sb0g(0<(d6V!f{ zT9UKjD{gjjvw=s_GSG9%(}M>sSS--jYrQ&&t&JTL@h`lu-$_n3I*az{a`dfWRq#C( zay4~pQ{jOmH$<|P*dIezHM0~G3Q;)8pLv{nHmKU2<#09>nFfhqD9o&LOH^7`x zas*UJ@BZh`08)7u;>m#TS|(39b1ujIZIia9=FGec6c?9!(j{0dGd(bIn$B}m1dir&bjF8E@%kBv5uzKCL35zv#NgOwGf$a{m&)ldT35RGb6z5k6-7sB(aTO*O+67TOXTFOM6dQ z+vweLRD%)*Pg}6V0&sTU3`se1;qBq%#(KLQ;>*kX>_?3T$`8tgE*ZDE2h_8wZ0m5C zZ<5xy8uq~WYqhpk6*>$b%nYquwQc%Z2Qvbm=)$Q&e57T4lj@A-pY{bw)(M47v$5(z1l?;1I?!u`j{sb?ZH`VI<|GL1ROv$Ig}MXfZX)iCb@uRc-@2q`e%c7 z*XaztN!i778|IgOv%4*Ry07(^@Z;}oZBiw# z+3h90!b*JxpKiRyihA`j{+=a&^ebI%9w9PPj~|$?GDfeddQJnY4tT5CtB0jr#@iOz z9*+M*h1Q37d22PC)@8-IMY7W*LoY^JLEiZ&AliZFlp8Pzs7Z>(6z-nt z|31+2Z3^O$+BVhCH{9>+veaonq1(#m=-U?ozTBfj=RR9}MM@%7!jXj|SQwzQ zilaCI+seHxJwduLvs${J6ej9vLaJ(Go7xe=c ztxWKwX3XC*hq6aCGso|k@JBRXHHm-fL$6dWdS@9r?1ne%N^tJHj#w~o z$^8#Cv^$Qi_?dbsQIksQ$(LT|lqjt_)1+-Tx%HmVR`T;nU*mUp9-={Twt2o$ zB}l$*!ij4G%N`#;8%$_(QwaLwV)5c+f?~k3RY}r8>Tg&>2NG(vFu$AHJe!f7F;$M| zdufyH;yLVPFPUTfCIg_FWiNWGNo=FN#3Tqa-prk6tFc;_dS^{hSRbGa`D+Nt1FG=lcfwk_3@1H^Ls zRTG7*72-3G!veX=wa+sF0jJ|0O$Cd_mKO>aS&54JHxvs`tpQ&Tttd~4^CTJi)En-8 z$7nYN`oP~Fw}89G_^5JRjQdmg`TF4D{9q| zBT+*XU5EXP4n(-ZxBl!PZ(zh<^y=YaZl%Icr-TKP zOZm3WWfH4Dn0_LIzSMo|k(uL7Yx+e5CFuyW&P=h{hAKjtJrS}y1vFm2Gby>ms z%@}8>Z0!>!sS9k!;E&Bo#qAg%hYN#t3{t6*sw|*E6@f+-i%hX`&OkUqY{v8iMWn+R z=bv-%q3x#t)G4Ep2UMrW`>d|hE^i{t6^&F4-c4FzHr##IE;UBpWIiNv8{+*%&ph8Y zC_LV2;608`hoAEG3sJw>2b0PB!d3saW@NQaTnzbUNpfjaBXPVk3~^7K?lWTE&_tLU6ef=T_{40~_2PwCeRmdC0Kj*!0ZJt5F}J%qoNcU?r+{Qn6JD5NByLvEt!I?i7jHE2#<^E1s;&%kIyv{;xVuk!0(tU}M$ZVMT5$f^!T}o;(1)sC z-uyC#gT%_?TzIBK4D@)a4*^=X-I&DX`_R(qz^hEN_9atA)Qg*y;2~E2jyGQ#&fQe< zvx~=lWv)kwAy}1Tk-9E$lFaLfd|hy!prNOE(#)BZ{E(Ro4(WPUt<=7?1<|9!p~+h@ z4XMfd76C~ewsq1zKTXo_5~Bf2Lvac3iCgpe`$h$)Fn`Cqwm{c7=JOoWSMuYS<0Z0d zPU}z1DtXp4$)mt=r{^u1T05Lh- za@3g{+nUs1B!rUM`Gu&z3_(Wh3_HC02PvK64(|?SfXp(QfVZvT)8!o9;@d`v!8;XS z)w-dPEIZ0_>4j!~hj-!+@BUrj@34)srdNQfNBg*c$r1n5ocbILyr{T>(a@4I>ZS}Q zDegtXI@0^lg5J6>c5wXEnxo@s&kK$n)U~kXQ)6byCxdw-Um6+jgVEm$gb?3Pq~bkJ z-X>fEe${SDEB9kV`7wqJ2YoBP-(6FBp~e)&ryC;vkSZ}-b~o}GWJBn^r?hD{yrRqL zg7Ghsu6(dfcq}#X60Ey%P@|n?g$(V(f|#s_1TTy;Z>p}dN7FY|p3926rFevk5t7Zf znc9Z;X0uT^_8KEDH>YZ2SySsD16^g?)%IL9%duR!svJ*#oH86=TnSA1m-%|bmY79W zW8P^P$`a=Q#Fb5>$#TTMv)tNWLtHAoX$-Q&GYZEXR^AcCZ|2>zGcB4TOQLEBnukZH zwf%z42flFpQ#!pD$YZuC)q2@n(wSn}cw@Qx>r#nvb%y~C_lgyAzI;|^u08Jo5GCXD zgr9bWik@uN~{XgnWm8*&sPsb0tlrpvwTMd;)QaR^&PGZZ~$girQs1AXeo7 zuKT=_>)8t2RY0>f^Q;x5=OA&QGINvkHP}_Bl z>zWg96sJoWatY8I<)I%6y(*~e+?<~rnz$CY$=;m4YT4`A7$@)>Il(P`OKRh-GO}=* z{+Si=v!8v~DDK{*u)0P+Tb773up6k*D!95HZy7+WViTI!>coxuJDqVo0(1MB77!nc zbNks$h7GYq$t0G~nDX^}%{Oz9)w1!4v`8#_G$*7o@UJr7cu|({8c^l#L~1CKnWDiB zhEOdSz`8{M(m|C82%Y9uME_|eA;l=H`s+fbjztRh0Y88m)91g{an-<7j;?@HhfW^` z4G1z7?>$LA`tc{o@p^msgFC9bgyHZ9XY&x)#ahQDPi(XZ{VZr!E_Nr8_gl-8KrJIoW z;S1$8>z`!nl3$7P|8%_M_G5jcmWk@DfKr~`X>qV^W#!*Jy}1y!%Dj0rt=| z?}~UMa))mfx=K(1 zM#h^dTkGOG`Aopo{(NoU#a*kphbZ^r;#C9u31Ls(N{rTaN=mf%5b+t~*Q+h|tQ@a} z>5jgL9nYR&-M*#556ZMIjg$TaxD88u4QvzGgyEn(rr!2$$WAO@=~9XkBe2kN^ItT6 zvzQAsR$i?qt1SM}A(sO|<8F;Zs@K+A#z4Au>x-=dtvM6w>D<7~{BNR#!qQ?B z;I02DGjHd(+qH5&{Fk(O?G!vxTf&(9CokTy&KD;(-P;lDf>_(R$_IL*K^Co_b5=Rf z$!mxCfAwAob`Zlzep#W{<=XfjreFe!%5utLV5MyAtAX-DDfCU<4}^H|fE$kniADZ! zZmyi8ma_~2dqd7)}aFhRIrz7Zf&XMt`23cZ@t~Sx$nM$kGmHl*x(C(;Ag*C3g4-o44 z7hUqXJr6k5Rwi_IFkLQr5y4+OcdYdel6;!P`KsHDTil~6 zy!qB$atpm*v(=JJ@>2lyUG30?*`d+(Me)V8cf+~IS19N8uJWRgu*f=d@j!A2&u^zx zYIhnNdSN^aLWyou}#(GRNgw0$+h_o3*B9~9`cbAi->JKRzkAHeVIQovM*OyWs~+${bg%5ZI=#3W4lEUE9ZwC_ zM~^)k+m6*Im9W2p0N0oHMT=Wvjb5(H^RK!x47SvBx`D}F_@E2Z?>x+FkJE)IAYX?a z&xJ|N_3>#O`4hTRgm^qp?fTn_E)-SKc(WI}_n%l}s?`21d6N!Zm)U;vR-NxfhW$Xv zm2HVed)IADf<}_i5SCAkTxqXY2*}H?+mZXZ1qns4oSntvHu;`Yw%MJ!I5e z+EY1trgi%Y2hb)Ef!tj4u(n*+Tz}e?Q|}VixT2;{ZX7(J@x1<-U>dF8XlU5`%Jj-` z-F-kX_Whp_qO|AB`=>dWU%_AA1FDl-e)-#3^5?cqrY>N{Tvf-sHNBl|tE1-kQ^vio zp8Z!IGAbpGc^?y68TJf)#Bji+04^KYP*$P7jQqB&znes6%ML0*d*ZJvL_OA=V`> zazFby(7T5YOQ22eRXDs=5V&FE>*rO4pqknc&iuy6)DRrP0q_daN(3m#7KFrwQ0di;2iU=%KgZ{l=NEcLOy(#gJ^8FN@sq!& zNIJ@hevZnfvXINM4E!1EpX+dEsr_5%+RVaJ?>9@wPrCCgBI$B-~+YKIPX|E6N$Ho&?7asC+K zoGTYcg|Y-~6kCe$of?TQ4cKmF%45>xd&0WOi-tOyt*td;kq`wH6Fh6Z1JFuy&AJXc zLizNKaKD&$-Br;bJGO|sTSTm4K1h8vh^C1&jrS6ZxL}uPgMz|-aThghE482^*$ShV zc+n<-S;cD79|S2X);01IfkjGpDYgl`?mZrPF^inwz6$V$vk2KtPgDdIH)A3T(j z6%!j=e=wGK)nh%Zgf&`G4BMUN0^a6UV!n^B`0JO+Sl9u9y4;ZQ$#NJehhuliWrEX7 zER`+p>!|oOJUC{Q>AWZ@(^?=~7JKEI#4x&ilFl8# z(DCN{G*JPaF&$9Cq}4j^6mRKsuk^?jzR4i?R{pl}SA(ZMUcF(U#Z1 z^;{6S{pv97f@xc6Xk`@bHK)W~vIq(}4RNXX-W&_7K}QX@5^G<@Z~)m7p1uP%i850T z<58Zbb!jY|`MA=ov(c5wUD&=gZPIh__Uz4`m2&p;z~Fpq-@o~^Py!ZH;*OLWk37;x zOEn^WG=H04*cEWt~3*x%T(zE+LQ%Qwf$ zvM$3WaNZ{+f@W+Cnivn!dqZm;0S!mZ(7T9fi3r_QmIpt)J7o4)@3YoyG$rjhE-S}u ze)^UmC|Er9x*i8~cMXcG%lbKb@8v?s3-S0Hw1GoCHx}{tis3lSIf!QnpSQ|WT*@YI z$RRG$mCX5PHiO36+)Rkh3f-^MfI{ewSle>HmGG_wHw3;ww0Az%(D zS2{QU-NP853(IL|~?DWY~IojK5rX z6V)qnKcdy$k0v8H6P-;cln0d}kT&fjCnGq5Fpz81>S@wAz-vn6Gr8tG1$e64~WEX3qcR-#ZOSasqSZ9X(9A7vepox>9?C@_pU$`MWb z56O0Lm}HO|8i|Y|*9$h*Wh3*M<|=O7X%RsO&Wk1f))8ZB;t1pdA7`t)5vIK>aoCU%A4Thnc#ZQcaxWm)W1LQ%7zho<@>MZd#4wU7wb= z`gnTDq!f0}#!dwm92nX#6m-^S^42a`-o8#r4$Yvd^ih5R?cjXu84Gf-#bCw9ZG64@ zCe~Z|hfwxvqt)2tc9Q+gV;nDkF%w2W)buKDy+{WR!M*!CUMFW%;WCWRz!g;H`iUVH z$-~KK;p7*^C^#9^U(tCqvN!wn?UEAm{eN1V9w0$;ni(wlONrALAY4c#=Jak;g^N=2 z!Mb-S5MOWmOh0e_oV({R&RIiVmCh?(M|~{My6#q=;JJ4W1W0Za%S3&Z)+}M=wvIW& z;~oaB<_?a0T^77LI@W0)6c2Q~bhxy!hzJq^>Fo*d+C}e>Nr!`KJ+AmxBHi^-M7-~k zKi$rj@#@u#)!KD-{uH1`acwm*oR({+08DuK=0A#Oms)RP*nh^v)-A#34zInCn(v>9OUnz6PU-v@F~xHPwrj3I(dCQw5fgmd;g zIs7SIGxj@)+-PkWokr<78Kxcd>7+Kdc%thEjPKiqy}0_9M$GGJo*Rf1>?5;?FzDg; z#!EUqr_?se!G^nu*iY$M!V1<|W{^5a0$D;>GJa~+3yG;Od5E6FyqXCs0&DNXUH6@XAwly|oKddh$89ltCTT|S* zIZQXLfMV>1C&nWwK{&d6am57_YL4dHnLCyAx5*)Be<&@hX2EDkO3O`oGhyKUvt4LkPTRb zs@@=b3+oc9znaPS&Y8XnmWW_m5FW^vFJd3Hw8wn022y$P03t@5C!e21j2-Zk=PA4u zN?+%TV53|+xa^Xno&HLR1w$~&!wGz@qLPqj!s%g`>bLlK_;_jlqS#Ozs^wK&8nH;8 zY=YmzzA01co?P+Ke6wRp)yFDtif^g5tlc9$Ey=W)3^TyHtLpK3aM!)5q3=6@u6sqU z!iUV`UCf$!_8@#Hzl~p?6l~*fWXUuqZX=OEfjzUQ_9h=%_#+N z<6bFNPR-rF()O|WP))FxX~~2HfTL;$C!23gOy2spE6XB<`XbE(4&K-5TRr)a{5~U2 zp7^RHYLimhA$nx%E45o-H`WT^1daFpe)Z1GgX3zm+@BNO25`dD=U9~ zC?>0G40LbRLd|<1(Zq0Wur#tz;USLC9il}1C{vro@AFiex#Bs6rx;`^%k08Iru_SY z8t#9P7kv=_Jzvg)ukr-%cdCVjD8U(|I@K3J7H@iL#!_OUh4^SVfy{TPX2JhUv(PCB z-`9mP-u;zkq5C)$cQ-LX`WHXek`r1Gf%>}-8z&sXS2$z?)#E=l`rd2|m*^JQ)j3CS zaqw!fnn!U65T_B58YWH4{i&%Uhk}g?l;*?57f?%S(92AwV!BM<%UrPH^m3;~!7^f6{N-qYR+o9i&g`y2 z;x5r36?yL$t$*IhhnBe#XtF>b--8wAo0&gwt+uRmn z(-p!NkMmTKn;!w7>!8=7p9WhtygDv8L6_jlLEdAjd#pf0^cdXGLo?!DZCUrI1@cfm zK86WyzGcgWK^vK?`u!E!)t;ae=H`H?eoGu79{LOyR1TIiQdzaFw5| z7ot9=@LlV%pgWUainu&_6i@`TzTr2yO$8MeJ;jH!wfd?IOD;;`^zRS`qlBVQu0tNq@`Grw=ch0KvVN zSy*2Sednui(rQ-}6@ER;&k@=2p*P&wgvM-1uNq=-xD1Q)YS8SO=clAV7R7-|w?-0r z%7x0j!uaojBE6l;SqNCxz-Rd{`7RZ_UeP<-nL=Cs)+$Et3y~lFOYkt#z+3NZ4C@U{ zZ5S>tSzq@)C+5v-5Vf;0seLi8W^iT}-q7+60nvL7c6*vHXW`uyWE-p_Y<&_4x&s&g zTsYJStsFyPBJ!dC2uyKd5R8$BP5F1Q9%glLstjcdWQ1r$(X>Lf% zzT)W#&GM!B=x9(|wnnTV!u?R^lC4mF+feO_ktK>yh(Jq__MKFCYL!K+OeMXKt+$@1 z^p+}R*rCUW>Gj?2?(w^S4M;MS6~hXpBCG%{4rmzu912fBd=hLS=5;TpXxJfH)roSj z;h|h^g$q7!+y98XV@uDkOkw<>RYuOslFPT>_Sj4UQ6KO$Q)JR#{h} zZAtG0xT#NkoP6Go^|kB_R%8F!=zzFDZgfaBV~0y=(aKItaMIeGT8_qJRaP8*Bm*MDF4>n$Dmm3RJj`amn%oiL+-J!-0ya3xhB{iOqKqr!7`q1NAh0B z8R3$0TA1UIXx%lCuCjOOB+QwLHA5Nq%GSHCSgsZQ%_gd1>2;+mY1U5&Vw&M_yGoE9 z&P9^W`?Nl!-2k!kF$9=7bYrG7gG-o#TW*t5;h0k%FmK>b(NQ4Y`}R}M*-*~m^=E!E zQuZ&ZL(?GT&)s0g*!nC>J$QBWqzU29uTTDuRW8u!eY=x+c%92~?5^|fHUV+3aNgD#(!V zhx9nqPMcr`&hX%gFt;5OGYN~9!yZzL;c7)1@jxPf&li4mtxQQ1GzHS{apF$@fX3-V z(E79#U4o+ShWe0$)BVd;f|-t^t&{zuPGB;3p*H=BGhmhHJk@IvND?&>#iNsy(`r*S zjjTa(3MW-toJRjp3R8N)qpn@FHfDG-vu~bO5{WXD$cw#Evy24qg!LR~YLr-hXkY$F zhyot{*P9WF?#$ZV$wYn=i}SW>3%`Ze)+6Lm3S)b*r9`AKf^ z-vaB@oGPv_63bv}Gs)Mxh>Dh6AzGu+hTLM|zOgy}V$$D@D=!lIVnO6+Wl+@~^k{DL z=2_G=m5s1`v)xe;_)VjcdQSo9Bff-XT$SxV8H|0fn4gx)c0tNuQhH$EVquKeec_WQ zCN|bj)Tvy}57I+`;~^o?BX+QRd#S?uk^;#a!C?!Dzqd|I!*5jkqS5It=Wnl>@(p~~ zsf(7)4DVsT+FAl{IUj8ah)eF)s6mm@iYUl@RyiKpT*^_U_x4HLUw~NABBN(Bql|7t zQj2t^FnG;)6c^vpB64P#MQmJBLx{VoPg>l^wI~k&Az<`ek9)_qeotRd8j@p1kf5-7*ZQ_B%Au!y{C)m{xs-pDL#i{2(hPj*z!TvEA*CDe zF~GA3MTlEmCmDbK9O?h%&2HGx^zu7HOzp`nM8hl%!ZsgF)l zw)(`AuJ>fb+$P}J=his~`D37up2>}d9Lc!=N9Ei^GH3E1SM+O$lYWdp@w;;jqf2+Q zOjM0AtFk03GUw3%f{Kml3;nH_u`BF3=*RvsHeEFga-2?;;|G7)zwUg}rV!Mx#l7$X z7vZrvhSN<-ubv9mya=#SaLpf@&%_Lz{V=di(XFQQnsiu&>$Kc%2^cKEHlnE{H2*X|_|(f0J9m zF1Y^yEXwguaJU^GR(CR=ME(+-R2@H+$K`!ixfj!n||?)NprTS)%tf&=AUjp z*$A||#s8S!=l78Hky7^>>Fx_!Gm(r&dA&vd3PGa}WCD&UWf(x3H#0df+xNA5`T3t)n1bd ze(L7LQTYE6!vMa_!P*OD?7`Y=5z3$546M$HN6lNH%t5z7ET5$99q3#5LsJ*tEp7GC zsLKG?9rh{b!9WmYdAJNg^5pix5neaDk+msb=$P8x2H*ZKGDq&p1}nJ(nQ#bSC~gQJ zwprM8I*8WB6_OE(kyy9IFL# z1tZ3`j?|-gBwi|?YSK+C*UNIy6jW(h)(~61z5JP^-v4)R(PgmxrH_)r_A20S3xzKx zj0w1)xzl$vIZdFxblh{s)LX8DEICVNQer;Y+MIkWhTW`YF$wMwIZf~!@PTR1nNvCOQEBmfuM6WR=Av{+Jy)PVNJ#wY2^b1c0l zD%n4m7O4KT)HS)(dVqr6asp_CA{dh-LbQHuFzjlP4QSc&t1xF^J$6?S?N>W{=sn?_ z0JosLDlb$LkhcIZNjLXEp^`%GZuSc?!8dzTE2K{c=E63dy&HOU%~%u?PLMlnh!_S= znFX8}B2B|CFUA$A`M=kUT#jVR)I4V4Pi|1nMOc@PFrqRH7$S?j!0+GX)bQs#^NTb^ zF8?;;%4F8`CKLX}*tflYKYi{GDEg_*kr#&TN3DK$c2Zkay940`NZPj;RH0yMo;G&$ zD+zN$1OhmgAg@DCUIbF?GzyF~&;>*<$qeYK?S~x*HSjW(Xb3mgjSq&uSHj z`u5a0x>4X|5&&#ZHzpGfw(e?;Tgb02ns$3Sj7uecKhB#OqcV=n-lVe7lS9C^JOHK5 zyL`y`A%EF(f-lJhii3=Yu6`w=9tbH|8AXi9RA8&O=f&lH$dvP*`Fev!Eg!E9`%-L0 zQp?O{9NSVxPNmH?)#K*X4T1aUx$pe3oB#?6DYQ|}t9}oHL#(sh2CW|FKyQzF(Hmzz z{FnL?1t>~G<4mW+U1})hG%U_U_4PH^8{e^M+_+m&d0-`biRPbvC$94Z3S4_yWcflp>C%H3~ZFpzmY6; z(HJAno2o0!-}z~$fwLGyXRpcmB*fyr-Qt!IMUe%tAaK%H|GMh5sevC|(Obo6k+({u zIw#(J-aXV0jB6Du{X<$hnM8LpD z%x}aau9k3;pmo=w!l5x)4j`sV81!hP>Z>#po)R4D2r2l3n%5jkRx1o_Q)x;=aTT zPDX#52!nG0gWlBXr`l$qR^)0jXQn&P(l7(}gm`AdcFC9&*IHf_<*MOI(h{gC0EYq_YSvmG5d5e zAWk}_d6EhYThOa)NbHR;CGY%nWivJrT`O9G=XFgitc!Rpa)b~ohw2o1RG!!7D)QW} z;P@3?tuHI;w_F|P->e&`kZ)bbvI3iL9;2J#k9;`Do`#1fwmlqm`jq7lIUc$*_Z5nl zb?|$WVqzQrxNt~AP!O5r%gX;N?#kn#?!Nz6rWnLzEQzR*EXfj*vSln4p^>8O`;w(5 zsniD*BT|YKktF+4LY7Lhh3v`JN{Zwug{1Ji_cM4x&(imKp4YEGZug%1KIfiu?)lt% z?q?YzL-*ezuSIQ%^k)u4+3vd{GJsdoj^5F}?6Tv#EdGO>ih+E$&<|Xnk+=cNqk5NT zWt0_t@^02$&XcV*Z@VLlk)xwt*p207FDBo9X#wS>f%O-89rgNJ26_&by`SJT4(b$gRE zqP{*xNAGUaEj_c}lNZm zU83^Kz3RlbuGg>fJy{3d9)9qRC~Z{S-f@U4dN_@k&F`{KspzP3zs9CPm4w=SiKDM< zyHo-~mk!H(uAo#`CLFA@LqC(at5N~(t06WUgTL}tTUVWp*syFz#6!&^xI24~e8|yG zP3$w*Auc*#c3hx1yvi8_RJcT;oKQLB-4DbyT*WQM_l^- zm0Yo7eadBlPzk+?$&W90a-B)?dRJFzS05ammnrbbU8Ma`#pg$tUL4%!1=T>_Kl>cL z*=yS++qaYz?d|qQVhU_xHVRUnJaYHc8F}ZSODeS3b^GialjDpJ!Z&-(sPXpT#rHss z%jO%3lgPWWF1_H~Y2!7NFPY3a5*qk8%C#=au|!OvPnStoLWHC5Hy z!mpZtPj*}NLQp~DxBkv<#B(&ZC9>F9>WW|o>3yWe_{ZUlv3@BF!RPlj8dY}Jbk;=H zw4Jx1=YxS>E28gq zs0#MTI30BEFpJXYikj4YcU&gLW3M&QR2-nDAClZeB$)SyH3tc|xtLW^whhQ<+IBf# zmbf(9+`|4!)-rwd*!i(LOks_``B(Eiu2UTjyE*nm>tiedV!e zxv=^^8N))a%_7bbRMV)D_nZSGLWC&5H9goME8G51a`@J-0;LyNcgwie-e4<5@>pvY zayv=;w|`*>o>;+gC{8 zvb);$uKLL1TlspI?#MqxKc~ubx_J9S{GIb3c=K%APFcAG?B&g~+of_NS?|*8$ned_ z{N96i7o%nSB+jDCziTsi|9hoo3d0K-*Qy&_rB7HprCn=ofM>PQvR_%m&KG0a$@N_d zcCs8o=ois#iB=0XofuX}h&xxzT3M2tS=aZNW) z;N)EOFX}A^4;N*kHvwyt^`?(FHqik~Iq5aSexl8$c7J9&4VrH(<)&T9s>MR6`xa`o zH6VjG&%Q0dYB%^2015604-&(PBr?%#jrX7Njku@*rguYtX=yh!A)0<&_7rux*!+hKZkyxQk<`I)n4&3w5l4u*LiB7o?;%4B>_PJrzrE?BAl{S%zi>D{@-vI*+s>{LIE5~qiBn{Hflxe0n{sIA)H_$i=v3*@ zgp0uOvo0Ape;*cd-x9M0*KY@5`i@zi6R-C6c~g!$nE-rDTY5Z&r&p>eFfuDZ{t7)G zyb)f%L@^jVQ@>9Fg9&ZV52jP|g9-U1^uG^Aeu(Nn(3%#g(1+7G01Q2}JwHxqQw|NC znsP0L7AyYEYk}iu_8fG}0n_(_eYHJ8ei(Zgti{u}8Ni+pns8~}ltU*wK_{ad0$9@N_yUuLm$gRAEVne zxX!_@j#RXRZT;_}{}lWQZjPb0aJ`uN!4?=yXnXeh0fTADR4^fMh59|3{sR5)gOO=P z{+4K3oT5JbAx_cu{5YjeIVyi@%G)1rk|ky zeK7KSUj2)D(Bc&OaO$Qix{ks2{9vL@Icn$B(q!AbI)rGa%a8nZiaMR40`wd(ny$$H zbXyGnxgynbU5(s=Gqb(o=MjQVBicEYlEDB;2$>gqF#kqj^HWq*z4@uolBrD;focBl zIT@@=SAutXpPX)PFgSRXYMLsk_z>kcPO3CXwgpEkFOa< zpVH*ecAjL<7PFtNcN^gr$Wm{L*@MV#Crsbu&vWAIAXJ7)Pp`np^nqG26do=;!C@vJ zl+3gnUwg$jMRzGKo+B9wfH_kr$XjlM(rRi2wsR!&Yd@H)b(i9Hkd&1J-Me7 z!Rg7U=F>9XZ2s?(f31_*!&cxBke;7(}M)FE9Y2kJDF z;ZG&_p8P2w!S4cTz9(uD?f$}JBmh-v?j;jSg!u%&_9t-21vX7BPK6Cnr@5!Ja?b>i zuK;Dh;UC&GwW6;6TWTPv9_?~q%Hb+F+j;QFKYrg@;UqXb7)EdU@enf~3=gaca6g=N zT-?w(^u+?n?7zKZ*m%6N*r@p4(e^t&htn(s&HLY0z`fEB>qdvG- zbk#@=y9|$9FUT50CQXly)s_wx$A0cEo=A+Stgp>Q#*M~1-4(!_tH-_$rKn82u{ic& za?s)!g4`Q>efuGHf?MEN&E)8(k&ocp>7K7WF&5!<$mQL!+Ap)hULQI(IZ%`-H8`y4 zJ^oB;_-!xGca^bk7f0JSUQ!LW{~on$cGuCydsM4yR$ zE>VwsYZ~vduqeFZ^HIMAIZ*su-y-VDkp8y{ZPyTFPj%ko*42w@!rIe-ieXPQLDROlPdMy!Jh~38#t3R`MGGbjlVm`_`20E*L{Dp zuCeAConv6?lF`UF#Y;zqUw!Opt#^OBD()eB^_8cB6XA(YOG!?yd56b8)x4{Dp?dou zWi0UfXQ|?Qh_d__^KqjulljMvj(_5tumLZsgWJkqQpUbVj-(X^P7Hk--s_z{^kQOo z==kWEK5)dO$V9{Uz`iRI1FjpNJ}X!C8NZEuEhu=`pA=b-Fi(DIXLvKv*)_~ARjYIF zP36!~TEVDJ(O?sz%dOn~& z*026V{qqU+A&nK^Ie7a<1UC9Gu^#w#eyIv$g%Vq(683mZ!0{OW#%-mI+e$o|ui$w< z$nk$5u;w!@+=wNvd4T7!EYno%q7TVu(%$2X=XphCk?vZ-?@6b%=LB)heQK~r8J5=* zADWMWU<9C7UV09T7nWsqid~CC@>#X__~RpAQMXEW$?|(LYwZajt|_6`c$BT=^;{B~ z&q!QTijTA`+kt{{+I#%)J6};Hq`SoVJ+WGQP7*WkQzg1eN~mcbWn8?TT%q~&#LNfy zohSz`B!3a)XnjR>k?vCBM?BfI_5>0$OQ`)GW%9h90-^Z}h?!MeIZ@p4861E;Jpp0S z9%XF2o}8iibVRoY_;r?LdWu~OLh_llpZen0y`nCa?g~gJ-=765g|NMfUECr0Y}!x# z@wZ=5cT0CE@O!doJw*bDZY9)Ck1|PK&!wUHSfX216UP+pAc|YV@3~Ox=}F>m_o+o5 zWdgjOJfZmv#NQs^4_cO)DRwOi$!F1i>W2s54bokq=@lhZ2efLU*tLXra5euRYlt^@ zsP_V`jV#(58HlkbiLrk8`Um*>`w)mYSeD)LC|fJt1@I<5Wmr4{%5s14xY4s$79aQ5 zFR%O_?!4GXT%|YZ^~smyK|>yrXJYW^4VL)z`r`6qV)4hh2mN@!NB-f?Lu3-OJeij^iUx4b(M75reD#sRlwC z*odoYfw*`LvJeT2j~6qD-()brUJ0VV#XQIpIhtXXQT9SHvba5gu+=w{^l%QiKZSun&wl ztfJ`c#Hq4+esWx-s6;g+8W*oe7TSizCy5y(`6o9M9+K5xJK=^>4CLNnD`J@*6GV;F z3C=j-RH4Q4SiT(`r=#e@#Hl)Zep|Rm*AvweaVyB=I5M^|MT{fWpQ(i)xt0|E;yq!X}RYt6|oPW5PFT(DK5AZX+jU=vDG^`dZOt2#HkcLKQAs)QKH%% z+zNAYoH^DoOYCfx|HD>7?@sk07aU{y4Y{^O6|tgi1f5;#!mc>EbRj+k>#Kqf?g>13-Y%zmuf6;b=j){7LD=sHp$W#GqZOkDPO)oD&jnebG z%tfk8RIA6uJCKDOvG^P@gB*X+4uX!Uy6|3{T!v7T0yf^5!!VkDhXgfM&o4cK^dwQO zbxXVpwjuXiuPGfRL%7fwV!~I81u&=kw2fF|JwWvWR}Z!!AKD`29XkP zlCRb(p1R8~a|h|>mN*wK!}P_yrkaE_#zJF!xi};TLvmw0B~)waQExEa*<4Agh%8qilv z$=vci!X+RjJwj4NZTYTnPs@vu89jWQdp=(V3+Maqmz= zX4A#VfKFCQwR|5`Z3KA)Ay2P1I9%e(#Xk(EMwsl z13M;4#?@+$UQ>;Ti9J`S}YsRH4rHoV3qzC#N*Dlj`~aj%E&?z|UIbderv=#q8UcIu zl|(p5pChzD3H3lIFl^UYh~<09qgv7<7oIEg9*Gx)gE(R#v$z^$#x=mP=^;58Gl#5Q z$r7S$NQb(^7YI8WQ8ZH`KQ_+F7r+j*JlB#3>T7zRRaQQyl}&ZgYOSW(BP}y!VJf!p zNfVb~L+*vlCg03lO2h(6#`S)wI2TDX6ENw0&P=_gTU*xyhQc~J06hSVzL2>eLSuj{ zRyI2;v02UxSVJrOs=?*5b*C}p&ZY<45g>Rjkeb2FU&t&5GK8Zt{iX&5 zlAs`$^*~Ti;!;qW3@-V-&cg>OKa^7#Wj=8IO)*T7f*^FD0R*H#t|Oz3{t-EPGZ&}x zT9DcVsMq)MfkAWhi9iblXArzi+fD-wJ5upLS=l01Ku$l)HdB^;KvY7zPSX<5x%vBZj9EW59zYPK#l`E? zT4$Bzdpknl_RI=QArzT z`8z1w8WnyM6}}4!H%y1ZMU9aeIPp{q9gr>w@x4{vK$#&&I8%oemNn$I_j+uU9vPyb zgpGi(L|Kp>2v~L&^6NhY!(G#UJ;P7sM#l?A$J0cOiHGAk8bWwZGBn=wF@z(M?;1>U zSXO8WD4q6Ff1IrGws8%W|3ELP1KW6QQOxEdA^*o$$xb|^FeS>G0e`Aq;I>3Fj@-V6 z_8gYOgbhkDUg|@M8gHA|P+wAdPjqN*3FI;H)7cidEyawZwy$A*F3Sof0i_f#b)zH= zhn6+e_mtk84yD7~zmSbXH780#XTcTHFKyYi6Cl_=)`)7HSc zY%>nOz6Pf}mUw9arFt)Q;Y5v99c!o+lwMuHbZJqHbCHmE^VR)(c@UDl5+xgO=?2#2 znQ?$WjM)dc2s5l->})6}>2CUy+bA;Bw<3xhYYa0Fz!|U7?vlNzk?; zGlTM=I#5!zZm z%bwr~23Z|nkS1>@?ZuG_`crFLfS zqdzI0=lBl)DSXqmE1P#Ov>!aU*vIwI#Jg7~nZlL1O@+3P>~i!oXt%kFwYEERlAGxQ zB$`5^N4t&How6FWI}w+CmoU{WUSTh!xRvRWpBcZD6I}^nvZ;ZU(Sg};EyuBOW~;Rv ziXvsTYA-KxC^GojY#w-J zKgfQ2Fx=_+lf>bJJr-U@YsWjh_HPp`c;+<`bw2gky3!ZN+1u~ABxSrVKgVTOanJeI zg;T?3ddE&_6iB|l`DK4?Y+-U`oqKM`c=NR@BVX-`ysbwYM+)lJcTV68wlXjhFc=II zh9`B`?Q9u_lRE66X5uF+mbi!!gE42roPWW@8~GuK0gFWJG~C}U!Z9HcqSSm_i)p#A zg=>A;=H{n89eu)j-$LwMn{^&w39H73&F(*0zq88AoHe-ZOwTv3ou9nZhHja#ST(ws z$=ff^$av;+%7&b&SzCLugSsGgbwp+XmYijMtI=QT4%w`n(T2Nqk3u8mee1E-WFwZr zrCH^|hba<_$g-3t#@YCf4LJvDhdXtRoHqoWb1eQSw9}=Zr>oDqbZ3`gTN0b1?~)H^ zle$l)YuY3@pXILEOo{L*ba-C+VU&C-WBo+44ETqLz=iisPVE-bO~#<#|& ziZrrXK2lvq;pXUG^v2^}VDWH>n)iOUvfR{(b1X%%B+U~Dw{=x#wMz0pOxrWD&%W1F zLnbvlZ>%rDN3qzr+vR(=^QFBLSlpKDDuVY5D;{gaa;f<+t$X^ZZ&#XRliLQhqN<2% z1Xo_n4u#MW?X*`n8MQYYB}i@B`b{BJ@_s>X{?mfGZ3U)oyPLbck3JZT+I@3-;fF`j zoSE#_VmXdm{Dcr<&D$+}{bJhs>=s8}9#f$^$XTXt+_7b7^hNB)NsaJ+tsTxQH3jj- zmpvw{qj#_rJbQcOAosVk=82E@buZ3m@2M%^@z&UC!pvBHCp=48?Tdr?%KI0+zN%j2 z-F~Y^zo}={63q9(g;9;^`4k%!>&TbF8?AT}nr~V5x-&5VlGWD_kpI>Capz z&9ao~w+-F)qAIOR*mAULZ}UhvwGP~o-xQg8GyW#e_0;Y(WVfWXq7u(u$_8)mkyBT8iIRqE zv!v((BRnbA+Je`abuAJ8>n9eZEY5q&^?|xf;I~KHy*4pl4#SuM{T*>7*8p2loWxSGXxmsmZ*lTjxv7W;# zmmU|t$w=^_liVGc<*9nxx!XagW>3ktThDj9jJgwZZpD3&jL41|9B|)Uq)yzj)w_TH z7cPaMr@%&fmAY3BRZKPTp`x3IqpNpwaV(!gc$vYfGFo7+nZ`%3lQR)LLynbPuFE9-m~|zp-d$N7YNO z{#k`Ub~N*aFWH6U1f7wlZ)lSf1SQ<%8Lvt7GLP7%&LS~z!A5b?s=zcli^$YN%Hjj=)DyA=JC+jo9$a?`mD=^ z+;PnHmVK&ZR9HfF0Rl8dtOZNuSmgH9AJ2&6qK2S>fFNhDPb=s5A=j)GZ&RxSYpC96 zH>|sVi%5&1Jg|I1Q7Jg!d<6O^4575@63)((rq=!4pr=)vmdJTIYVBQ{@SaBPJSQt+ zbOD(EpPyUU^3ZN8)F-)cH$}r@1DcpH$ta zy#eImwS=uU&dO(#83>_nj~8bfz(cjIkGWmY+n#Qz|Wiq`E>)UdT>T6MN znpr@J?%-oT$GJdSTJn)DrA9V#c@netk0`wgjryled0<*#m@wo=klTRT`h`4yQI?xh zNn@I6J+6{n9Hy#RiY$x7AQb}QLu9XrQlaqHuAtXmsKTtQ>^pgLMy48n29D7uVdzciFoHMT93kMpHbTQtyANy%S989iPjsn1dEC2-aIp5TIhsw3`Fk$M9l z$+UVZS`zP6X*)e;KA*^UU! z_fuqPcjASL`KDX@WctM(CYtns!qXm4!&3M)aNqO1F?=o$w4Idf3fwy1NZx87WIf#N z#xt8fwlc^16<<#!+u7Z$xI~qJeh!^Lg8``Xff+4lBQlPtgf|4Y+w%G~E*CbvztEx& zDKbj48l&v>mXV%%Yb-edFQ7SgwV1yN`68l%|0;y;K-;xa5mZUO=FB{9ye7*WIM9;} zK2?2YS^H@N-_W?Xxbo3{-3Gpu6W2-qd{?N$H&7jX%I!-^g4wZO8V)ZnVIz+}mkG{v z6JB_1cRTA|mHy#=AaJuGK(6Z98T3~=b)ijUnR0l#joe(u=$W&!g9 zH@n_Si}xrtC-Dm_g-7wV1FR@37svVD82f1OF{FgQZV!%kCUQgIeV$Zr90Bxmyx5~P z;lGzh||VZn=iKi*o%? zf3os4xcPjOt!H~BqIZ|yqRDg8-=3bmNQjg-i?;r8vFfT9VAKBK7j(IdpiShLa3`l# zSN7C_Bljk~1#ot2UtzzB!Qb+47FI{N%c)SasTo~znE+M({G(3oUP&p|3 z+`G`AB|X3)lURhb*HvP0o^{YdHZ4`((x`bbLf+BK3U}Q!997;?`DLtA*hq=8S7?SzMysIrRpQG1x z=I%K67!PwB3>NC?p+NCUj6PHKz|enHpLvag8@H@3QEaSVKO=T0`Ivk-O7^7ul!vb+ zMOay;k}{<1Dx+mVP4b%1f~l}P8K;uta7}>hDQh&*x>fP@#=dw>)q`a2!lhc0DzaY& zYt(I~Dqz*Iq-J#+CDS=wq41m(@noFEHJn;o@_haj!ZA<)HjY(4zh3*1Q}YPl;lISv zQ>(yIi+#>OrBetto0`gu`oJmKd=kg*j4Z4y@Va>?m`bvTC0gnhSZZ|V2;xNsIZ6zY z8yaH3XR1b6H(AUSGX2ylTbODP4XC-teZ#?C0XRNOnd8wXKjp~KH|<{&&$gu4I59<$^Y@XuQp#U3e{45)=tZmv zngXcw1Vs$iL*q^>v{UZMtRzZ|M%)avT}~3!etRhm^Ww{uM=y&aoyLuyC>Z-xVj6V0 zTxHvf-P_AdEeO1hc<;BbRIk_Gmge)0D@jD!-)y;K$-wo$eH-4d0{&!!9Z}piRj?k! z%)_b(roAx|j^KS|>F6htdHNY$2p_(|3;-5?SiQx``z}NclNcmRkUB(WO8?AOAY39U z69fmBg7l_<#!=?;?o7=Ju6looR;glk^>o=_dWe2vEYiH)a@afNi_XMz?6;<>1JtQ$ zAwZdXf4Z4F;bv7th--?O=2Hx#27WX4=fpiVWBO30Aophg(?<>Y2DgIxK*k zIe7Rv%uOhcLJlPDm?c*8LrST&-D_MA%!ZJNqJqm|YF=rO(C$Axhg^(XjfabEz??Vt zX2QBfE@Dtlno!hPzy9L5cXd#^;Unkr7e%kJbg7o3f{EO(9jz^RqRYhPiJ>u*@dr~G z>MvT5J;ls<5pC$A&Tz3uzSH8`2@L`DiVQ1Aa-MHc!l^JMrI46MK~VweRQ$-G2qTPI z6>LLNjdmR075@aTB9kvQRdgThCKOk4lFx9J7}psg_oOXR&3rJlCfna~wp_v#NW9ek zyuPo>xw_C`xo(nq_0+puUd616(rIRZPvwubjFDkL@W&5He!u;|@Bxt54hE^ivf_#S zDkeU1*ONOZzXX{@ZaJiSS}18Seh?ZK93oa>Q_!4C$Tsa!Oad_*6Xa?2v1usynpPQ= zJJO`8&NO&LDWv72-x%d55zm;*p&pxxPn86PrhW8OZ+tWv(k$)NzE!S${YqeR1@v^9 z_P|qNlV)!hT#aHKBm%hisI9?j3!QzBG^)nQ(;@0NDn+kW&2+Q)=@^&9n;1`P@dlTM z36#Tzt*E!{ZfRApa(%U64M*pw@J-OvP&v3ETx_1cC9)iBiJ@&M1l79q!I0We+N#};v;|GIQYmJpp$Xs%G1bbu#5t$vx>Ocu z*-$<#cKpcK8tCC4KVnC~z1mu!#YGk?WYh?>MW0N;k}E!(7g>*=zQEf1Q0XKc^Okhp zvjMS={BQhfv5=Z}|6;=xDG_A|g@e;Tr~8;;Zeux<{O$Qo$w{;E^fdku=}R7UubU_N$}1~>otFOaORPI;+R5oN@x z?X_TS8k=ORsDw!kN5dXP8CS?aO=0Aq^;L2GV%)L;pPlG0mQ)*T^j7`NglIts-qys{qTLnvLCi^itNb z4aq7aeMz!%PSspbfp&$;>p>6VP49NY(X<%XD0A(-hVl#DYq@zD43c4}@mKA)e9F@F z2U0Gzm zSecG73Y;jCO4zRqEdcatsxf1|1Rk4DtWddjaEFAGN)s&mP1+D!y5jB8Hrw@wxnnlFXBesZd89yc zyh5@_9SWlC5_pprNwVu)K~6(=ET&Ai8f}u{%U=$hQDlz*2vXrnaclS8-y^G8S09BG z6J{UZjHPKoCGMY=3!B}5IG+PP7SJ6(!zgiXb zEB2A3pnIt#JJ55RRz=)u*JdqQkf>+u866ZJ6Q-H$9jTCmq9MESllc`rM z8UW1@j-AG%A0|etBtz0O)jK(lYHyKI7Tdm{w4}0NRiiyK&^j#+xFU<*&**F|5-F$E zt~zkdf3C2iDNT#ocXSOQtGm5={k_}&WGyrLj#ImIim!_WyxA;t6j#WB#ygFhg<8 z7t_)WgpX+N)le_;K2*@X@cv$;urVq1Ay5AFnw0l_o!e?6Du+$Y{9>WJf=~&9H!JuR z4GSM6sL4z`1h*CtK9iCedc04pog!DFl1InT>LZnuW`1q4iS%lTcjSZZJF3A;-@okr zN}QGN$uxzuOsfyP!^-z7c__Mal@)OJzZWSz4|_KW-1+u}`JItob^yOj>E0}on9^&Q z&CXk0ZQ0Ed-P*m=IWFjtIVs$yJC&WWOy{Zgbhyy0WE1!h>Pw1p@fr%A|{ahP{3rCciL@&V_(0}t&%ow|RQ$JXvr$m%6 z>LQf7Y>qRP!cu0qyR1;q12#+&kA7!b9D%P47uucjQs|4GE3_S~7$o#p5Pye0=Q+j- zEuF|WQ!{BVpb`=B3Mnhk_H+DP)Mp8};bJS%CoeGP-*0_@iCT|(7(Nx#s1NlU-H56( zsx)DqBt}u>Irc)tBT3Jh%vknGStLe3NZnB8yXdXtv=k|SYf*MNu4Ov^{{4#iJK{lN zLwWn0u~b14zq9XNU~XtgWamYD1#;6v3jmB8?60`g#c|@>$Qe|u+I2?7>0Sy~o|YxS z6jLgE4v>PUM^0m_TcX_`>_l-6RE^L$=G{kpbA1Y2A>_)Ksi+++3&t_dbkkZeaLp|- zY1U3|f`!Qm6?a)3sGrO4I126?%-Re29XAVGvfA!XIq$2`sUoXFVbW7P$8K0Cc!-avO_=jeW))#_C@Hd)6 zULOdW9}NeozEdGOR}#861=n0NlTn%PU2r$cn)fi(2hp~y-L-kfIy@JB3V!jODW3ZD zH2CZbqYh$ZGeZG{N^(C#e+$>@6tvCINF!FV9*iK#K1YG8(4TrDv=>NmeX-=GS{~EJ zZ9jYXX<)ei;gH$p4yQz7>cude$>bm-Oj!0ZXDuvCn&jr3WL^+K>r7ZLaOqH_3H+w> zcrxJ=swFUC7S>r$VD`&9Nk`zxw*xv51{<(g$XHS}Ul{R!`9$KIBJXR!@9!YwejF>jnV=xLM$JnL zx+y|uK+9pTlB0$}zxY?X7NdK-{D%$rHR^#-o3UQ6Dx(XM%9h1Q>zQlqfg%224|s7^ zt?SdpSj8KSBf1YmK9|;SU9IXo8cK<$-hY45P(EdAD$Yz4f4vpX7&bIhd)(sv@g!Y{ z5Yf|yCU^zQjhyAT*5^lXC(qUJiar(ep@)9eB;O{oh9LP}V*M+tp$};R`*&oqa$Z2; z#kt_$GPir7$g5yaK#Ew3dv@#2i>@VOriPu7f2=Wa=^l=Qe0t|>gUL!t4l@~e#6e@J ztM(Sz)8smzJGOy;#?xN`4R;%)FWcqO<@OOO^vZY0`GpZ5l>Zeh6k`P272*v{37h|Y zplG)I`gn|z)N=av?8~n&fIbgF)Bp8g>bX^!KiM?UAgZJEqKdRkqZ4~L0k{UWx$35_ zLu>@M^35vqjMbC^k22vwckxGi#4v*#g_xcKtA(s;&+Mktgr}`&z!c0$ZnP`eJFmO7-cqRPNmIP1C~EG=W+rf7=~O`WLxH6_B7Dg6A=SC6*z$ z4@p62@HAB7!3!#9=)h@7uCWLzsW388899+=;xAw8s3P4h^x!RGgRieBf1mqbGn5-m z;p{&Q=7xY%9HVruGHRiG=h#+yQ(1R59i*9K;i@d}ogq6_$ZY88W)OZNGYUJ;QFdU; z$g|tPv$>q{>OdaIBo_Y&T$O2+#@5R96b?*@&aBKFgsdL-Pa-kGlH&!oS7O0ub-_WH z8ybuZ4MDi+4;_e{lQ6&=OSzTsHfCJOWx#^m)9AHu);7ZzxccKXcyc`0zd{$DtRD_8 zdCkAd5+fjM0M4+#C6C5B`C>DSNN7<_OKTM{P+w&)D{~st-F4n{dGq|Gl~^RmqaunB z-mY)I;)CJMNY~qCeSwlZ%jQhv168Ve{Y%5MsEeZm&a8I(%<8p)69JueWgBVAW6PjT z{s+s~Q!btXGMLv59R@Sv_uS{OR3H>HNGsDSMD>jp*OgL22@`4T#y?>*Xy`n>l~fXt zx~*i#Hl@-bL|jc3;(HNG^_S+IZfL3Kno!~(G~aa3O9gr}o3+bdGkiC$zU|?^gKDLA zXjYAj+G%>TtaQF%WSSe(kP?&P^7CXFZ+XV1v{kkANDvp~i8AMcWkAJ}4#~#`7(=RD z4eO9D2?j)Efon_(inUT8PproCDmO($W}H@vFP7@sR2N?&MRNO5`wc z^ADaYI@)RJs^XnYoTA*`F5sFMSfaVk3z%2M8O^_-O9Eqo@xscRqG!z*a+P z`ebr-dQiZ0r%fJl)Z+FF&0BlSwyIS8OPMs?h*Na@iDt|V|5WqJh>+~jl7; z9V{iBh1*563ri1*{3s?w4^pY1lb}`%ltL0AsHNDZqW4c3CkHY( zyvELp`^Os}bBm}v2Bk9{hCSRMvL`@yg!?mB+0qn3N#T)L1D{NGn`J$j1YWisRLv@E3*v7?EfCd2 zCxNFJ$V49(*dj>)o{KSM7Izn(q&4f4*ICUq-1lIwSwPE+_=m_RcbCG0pasICwX5!K z7;1;HkJEJ00S|jG6JGLYbh;leITbt1V9Rp>R~_4E&%2YIrJwUi57;ueA~|!mRCj8l zIUnvDEK5g@p||*}H93DKUYi^hRKMo(eCrkJM=~aZBtj!7_@}))L=+Z;sBjEF-*75M z@7O-7XskrHR9vd7O>0(=yGjlF_o=}ai4Q`Eh=1$$(R(E5oMb=WD$7`)&C^`Pmn7Ec zdPN~0DQ>$6wSwv-1x{_acwx1Kzmc?3-8E{wR%({t)t1a>&z6e-TM=hvCg_kulkT#? z3VH2ZZXA1-*b}=iq-uwU^<}y*8iXlmL(%+(-oc%{3jg`R5QB;WMJlI30K^y<$|4Z= z+{<-gtW~lsUrH(Dg{T7juX`ckLL$pa?hdK4WEIaGKr`$wBgtD2yQWmx%a<*;ji0XT zX*sG)aSGgjcR#FSn(S8k>6o^aU;WWETiw2eL4_}&i}dgHSq7#E^FktT()vx88~zXX?jY5@l06R7CS`rhPHptLC*scIb| zP7436hvox{b?EIVjDf26Qo+5}&Fp&FP*8Fr;V+p?=PJ_MNKIJhXsX!L+k6ZeSrmDz zDWr&{;j7ejO+AO&XNT(^zuA;B3UMHMPGU8rcftR5%pm-4$IO$5R|&zRky|D!0@2#- zzEy3Zl9{cU`d^zDOzIXeO#=P}Qc~_5xd#CUV(E1t7|4!`_1d_ zi|%qS5330(x0OMMy)h2~kIx9o{cX zj$(`*k%o@{^{@@Aewbz;u0uXf@LES`y*Zn#39yVG+kcH7{I8~QM)@1=ni}9k#>99h z*+NjZ!r?D%DHIpo%at2nAKV%SD?cimwk6hn99tOM3@q2(10Hl-1$KYcwR-4&o>`oF z4f74}QZYOKJLo4e{_iPcgx}8yMF!jtUC9(Nyv)~LnE6c9`{_7_478!#N5C5VeicG} z=D`>8Uw_9l@VLn0e#~p8U3d@>B)AY|ZKP5C*o=zYs#H|C6l><;ygB_16@Rxu(;9z1 zyT2-B&4(fVMe%<^+T@RreoaK5BbNhd_Pcd` zloMuX_LmqK6x?1AJ`(;211u}HLNlrm3bhCeBzcy7C;Wf4fdl$!e+F)G(MTrzvKai7 z>2d9Y(x>n*ki~OZ5>DChAr@}uUa(-7%~?A)ns8?Wjfc&1vaS<>bzeCrmDQ~p9wb{N zGwy0#HLQ(7;MS=%=4iOfK)xXSG008k`uT<_GKhV6fkhua&6olf+X!0_$)y^}P45dE za8wHqU39NRhn4yFQS;mv@uzIQAT`F1br&zN%H|BVdb_ksH(uI2uHILabpCV$JZWtD z8ofuS)wXPS2eTLaX>eMgw&Ha`!msDvX4-GT4#Gy7;rfF?MLHqmCYVNG$v9m0NCL^n z6fD9#R!QVB$_i%67<{ZuGcvK?r~cPrw0y!g!PJ9igCtOa!w&0fjp`@!$8Xf&?wS63 z#$yjgftm$f{m3jVpd_mb4E>3E4kp9?Cv3%^kLmpRm^vnfP8hlmp{Jf)IAkWh75NRy zJUwnnI^KUPEE!&{f(o`7^IyLHq^+Q8Ls9ovjd*{`+W`Bh!Z&~O1Rbd58g9( z00}E9@x8sxIWs=wcK-ZmCY_)<&>z~k_p5^h+w})?EXRz-x~!Ico-@oIo$a{v|DNjl zI$A)Jum4qwPQ^M&H-ZJ&QrzlQ_d1Z;Ax0~8y1HFuh8ZE9-Z#JX-|r(i_7(l|-Z{eF zp>5@@8&IFfJp_TgU1TP;`t@dyr%n4%OTNmtDE2?usV=dMM?iD`MSZ2;90Z77FB6c% zdSgTw?;nDZZA;aT>!}jW{Xx%dx!qa~a^zp=xiJz3Wr!qq%R$OJoE&6&J6~nA9F*f) zrX}#8bp_ME_{gMNdj2rvu$$2`093_wB%DZ%-9#s;Wxh`!7IWTZxn%Y0U`Q2A_nr7X z7|{R2XHSImNkMTHtx_Q7X$7_||4qf?*rq`&0Thc((1EZdEGErgSL{|Q_DMPstV3LJ z@xy%(q*iu;ryc%riZP+;zU1g6lciABJ(m*`CD4e!trG~)+k!1~Tz-Yi^Q8P4b%`{& z-Sk?02k4xCAPc)^9?MA7;CraBtU;-Vd1!< zVp^zGtq^Om;x0*09_`-CEU3C}CV_m{zk_Hn0ZR}MG8BOIXMzj`{JuyB`Z8Hy7f?u0 z#x)5qw=>==e4X+QRK&-t$V$%V8?Xg_AN)II9#Z@w?L;sRnKHlKa{mIEGFLrUXe4*o zsZ{JUdC|RjC(0PjBhQ6U#`)S=Bdb_Qci(C15S1ilgTGL`g#6H-pVg!uRPK{-FgfkTU@CU&_+5!QRKzg?H{Q=`V93 z-S@}wG;OO3csrpzJne2<-BH=%*^C35`)R?|RRIMvghVgl>-WypCF!FBo0XY&8V2>; z7_d53Gy&?SIUrwT{4oY-C_IJcXu&RO;TOrgaRCt&;0%&C!oo14lBq~B*pk?y4(MNb zfx3zz5%QmZOK-3qFZ*UDK z-}whljJUs9Bzf&OILb_f7K48Hjj>$zv=~QY7ruE{JMEq2-skkv=H+h`kFv=3dq39- z-|^(O_TQJNEph16dg>^>TP_k+} zMw_;gYJkGoseTZt>ouRTYnWo=h90xk%JT5yd;_P!$(pTbfxyynLZa4k^}@?OL!jzZ zK2n_K1*-us1c}jaBz`G~P(~=1!f{>d&3#@%lY#VQS^y7vHlVF`7vmh%vW%4xQN`DE(chs8GUAzQkXH@wVFJJ{Om*l%=m(Wr}&Mie4%zbghD&Kq!k#UdyBJ+UKg z#rV^TM}6q8k=hLLlX~?5DQRfU0Ua;Ufe@T7-gX-P-n96gt1^l(|6j9rzbb;|y$A*o zN^u=G+`(vS)(zXkHm0)6m#}yx8+ZBU+yxb-+ltXE0cm5?1qHt}iajT=MW_b8T1k_x zlmdo+%Gw#Mp?3yjKuF~i&&%os)UpF|+XyNZ#^Bp9jO~F4(eH5-)J#}R**)qj z*!&X+(KGJGqh$jEM&R3jy@Fk|k)>JO>b!{tZISI~1`M zya^dTp>BskKwaHY4}v0|1^_+?qKFGHWSF4a~r6<7$hy5Ypg#Gj1~{8 zTs>$9&vfVe5*m@bPEyiKD9{4UgRb#vY2OZg&T4Z1m7!iQhpB+5SIjf=bokJScCy;> z5HUCS0#>{IK_I{JAbAyZb%MvN_uyKJC)9x8S%amQ{^ADGBp9I|Lz)EqKu;ssV~}V< zX*!_@^^5`yDNx)}FC&LAGygnzg@vo_`p)?G!T-${nWOzZ*N40KAaAUAV*#F3M&6{w z$DjF&VDL}iDz{cQVvg7{VNYly{Amq-2gAN9Vw+=z(fP6l2SBYSoe({NtZjrlQuJ*N0CbQ`eNe(GAGd)qCu< zcxcAn-K7F&&I(k)f}LeZO!;}qSXy`EK~C;SmeQzu-dUO zpgmU-rAmyyN=dkGJ7obP=bg?SZoH^pv}&%ycWBW&9pld@`FP(xXC~h< zx6!f+?4rJH2)X)fS#}LG58z#r28bCBXrkg+bl ztROeM=MYv$y5ImLzc9hkkofnuu?he2DFp4c2LsZTsm*ga*K;A_Y&c@_5r%O&GPjn>G2?7wAS_V{r`wa#99Q+)P;r;So|$QX7iZ7p@_ZD@TrVmoEH0~9~09?HEdPFFJe zmTvuxql{-MZ}qeH3cN6b#;$=pz<-ql`4-hFKUi>JfRP#Ngas(j{4lcmTEZ*e1q(smDH|0-!;gUO8&l56D7<*$-OaZmbipznz~Rd zXJnM*XX8<77RXbwiPFDF(#}mu*kqIWJ>V$6NP!GEB<;?0KR!Il`bWhxTX8*>ToWD2 zTGhNN(f#B+o?RL0psAIlI1hYOYq(8yTL@|e4OSb(fbKs*fBj={;tv-$O%%nk7PZQJ$45f8jD8cEBQi852x34g+95XNuK?!;-EE{pro`kXn-RcX;Da zVuwz(k0c~K)kVX=ICDBVJY#D9$=^)2G0Arc=^rmyV>ia>1ZzWhNymk>(I1Cst;R>V zFur?mFJ0>OtBg8B)B~pOB<~F^A3?Gcq9xal^|%t{2C+S}sV~YQ9)_%q0JwO!}EARI2qgjbAo7!|7I)V~mXU*$AwO&R>6b zmG04grEW*rfQ%d5aH58eRmsOFEAT2HrBkS^TOg~ zzbhNBS{$Z5Mb1E_%O0}YdMNs5wUrqaN4j&*F*6vB8l+By?64o3{x&%Q11*p3O_$mOp&KSs} zRlX_advN*TTGlE}tCd}%qDs8I-obNNpXg^OC%Z-CQwiV0M`m^;q6{|bUV*V*0-;0v z#{l;VSD{%>D3n^19M`cmRf;qlzKvc}>l@am7Z&1b8~*73+DypfQD2-Myb&a5B0Wig zK1iR*sFM7e&xL08(R3jRM~Ta?%*j9Rk$$hm<>O)E*@30D&1KV%gt+GtleBR=U3@#2 zke~XQL!uL8(E?j*THPyN05W!bb?Gv8ePy%HugXO8{o@K+(WW7@;u||Pfl(y}O{?}P zcDM<`L%yD`S%R~W$WsEBL2?_L$_h{lEMv8x59PL!FB%$tP16C#^`ftQ;O(CS|C2!* zF+*hWdhlhxAp@iu0l1~Dhb+1w?oBV<*>{dAHaaGLxg7l7E;%pf52PKrKGnB!o?m>q z7)mxTe}`n$pd{M1Q)4xYeyhqc^-K13#!wQ%X zbxfgH`fe=OY22uOUw~70G~XsUK-R0x_~81?16yEJWNJBd!l|_VNbL#AbqDv%vjkuV zj}J|Bi8a8K2dm!W8abEnG{L$NMei*oWhIP_zXp> zEQgjT)r1*{`)Mat2(?_K?+vP)*2Y!?;n*cY3p8ooH6cdQ#%$MmJSP zOiq&81+vxM#l>&pyXyNb#|KUYU3bgUlIt3XZ~dtpdlioF>K z(Pwa6+1P7=D2{^DNp#tIso?Z25Z9N1qZL@LSARRw%WYaY+IAEg$dj$x1+NSu<1Fg7 zPd}8#c&j*EzC82(o+YQ|vaHLMW=XH#ambHK{m;Oy1?P^6_S>tU51k6z>d`a3+h6CD z(wZiWSIqVm25s{X^sru*_a>j?6|g;#F<5J2{VF7v3v7?Zddld+f;{OcfoUMG;@F#E zN`W+N>@bS=HGw4zD$PT}&c3DE7hU<}^8X&gpGf+#@{`xXAdlhCnITw){d%7PTg8RJ z<{w1NFSpI>*V*6G(8>0T&PYVS$!16OUmiu3#qu4B6?Io!lxa&%#z|qI>So6JgE6jY zY1%mb*dUEfKDj9@{SP_`f_!{a6%WHv$ga8cE1K-@IDtWu!s`ilb*GQCa))nve;@nb z_UQ_dC_#R5b|eG`aFT&Qu%=(46w5&ZX7Xfe|5C!T$P}-VHEx_MN8D*W-)pxl9J}|} zBD!(JZxgNesexZC4?EsD?^dF_!hB{-25MiV?sE>{A2(ss>-r@>&Jy4W!c=}3t2mrSsR<88S;~M zm)Kj3g|nB4g5t!uP75}!bJ9mXN!IR*JeO)&LI=VM1n;N42@flZPg0K?O3VVdkN7AC zi45(22Aa{l5I5k3EWYw0LyL=5yWv7bxA}X%x_Ixfp@2?58Amm39O$SA>8Se@ZDoOy zc>gYpzZK1G)=?Zo{LUE9o>7bWlP_k>@UeEAj*Xi8%IGSex_V{U$!B9+P18s{lI< zN6MY}!(&^`>UVh0%liYlz%R6yVFHBUO({IyA7FdIx0G<`L}v|ZA#Stztwf+xvZCEl_!nxc{7P0JW;1&{Q3kB~i0=puhn55DHBeDY1LueeKBKhNM<-w<1i z@RqNvF_>>h{Uqh)_2mbRuhef7G7g;c*pIJx8k%kNkL6%V3EQamy*aHKs3J@KCMyVD z$e>}Wh{u`clrd=n@@|q#zSMztK60N3;qqEdG8_bC%MsdT`_-lb&~X?{tLmzx#0$va zl=fnD`z~pxoh*AIL*U#=>28Ep`?Qu_iG(a2)EUuA4?W1PIxMa$$R^b}KaxK$8LpN( z>x<`q)T?%Ob(~$adoJPhaD$Wx92M?xQ}f5#+828{J85J@eSe1?- z?-l+_r1^YYnPs);;P5>)_-TA}849`2YMjouqgmDC(t?!^BOyWsvn)!6lq!iD$ZJ9uI%vi|l8J&bs zuZC=-cbtci)Op`c9_8j+5kWLWXz42UkbIORT(!Ny&$&g^kJS}ig}OTsobF_FH_K}nE_?lk1;0p! z^>+o#OrJyaH)*b%Tvq8(2#~u*musYKmJj)m9L=X{gbA<(+%<*QKiYU zt`{>{;7_DCi4vkqX^yWl5QR3;QgB{ETftK+SI-oXU%>uJI$$zZR@^}z!Z_7?b;#YP zP2_15Tkss^8O)lk-{!U(IP)|GlYDf3xFB2kJ{ujwNzz_+%Qd?~Bg2KTznyG8h6^js zFmYt=k%7aIRp!K`GTUES5MhZ6fuiAM3RI_xtX}f4A5gJ&W|olcR)UvCE_K>mQQS;; zniE}$n2u<<0eC%-7;oGdn-IM2&z$m6VNv3~5$87sGvmgS=^<5g#rPL{lDHh^4E2^C ze==7osmp1|%;7=uGS@lO_4O3PB7gJ#%V&t$jG;ylvu!Z&-$b^93%JYMS{REZrYBXk zBo?=Yz{mnO_$(ao77QAxz5k&wSyYrrf}jAbd5(tIAi>%o(OkIL;KJ|aIFnYPl)UCr zYdU|xmY6SWjW%{ZM*^Zy`DN@Mo$jm94F$R63QD1IOPYD&urF!}Q&dB_{#5SWAm`o$ z7QL@j*c66(KMN#{Mre%b8@Mq8%MIuP@`F?fxhIJRwB7O6%d0$C#d92>qWgw2CV<$A zPkX%1c?FigW{Irn7why7)5PyQ1B^_9UjC}F!Q zp?k82o&NUa2!Q&+eKD1_|n=MxVA?6j|S=AX&yISouwT!dFq%{S@Fu<*yf zOY9I5e9h*?4>?CCF8N6jHAS9G!jSxE!}Of!K|#~;lN85al%g(^oDD}i3S~p#%YSYl za3@CHit5R(0Q%*lJ60xb7c3gHv$y2E@2wsd=cRnOtV*)pnPu~qwNaa8EazWEfd%6D zY+UW^+JV`fWz<8tRi1Xs1Jg$6vKt%DC?_9;S0(Wu#%6*PiK_J@m5jG{woy5zS6?s%f1|xrhi`F1!h?hVoi|Lu6Le@|g}kspMtHd3s^*8Du6QinBoC@EKCyFJ zM$F{N$$S^5p@0cGh5tqD=DNdf0w+?2unsRqe9sUilNjXHbfVOGsa#HAVvB2ewW46` zu>GB2YwlQ=z(WqBJ`Z(i5@qvba@XSxuIpGIN;t?oq1ts;%6_N$fX;3N`eCz8E=?b$3CTh0udES@)y zl*+EIx2I7>c7$qbkDpf)rSS9FhQ6^jv$qf*ouv8+uhv+yrScdhR}z?u-R%&dB7LnR zVfhl&zNu_8fGvoOV(~H0aS;`N{Mg?_J?#<+Q`e^Gi#zEe6Ifk!F0trmIuOU9bD%6(AP(4e5>K*;l5GbcjNbmx zE-WKFqts@)2|;Z=RBJ8%g>3dz6sv^SSu)YD#qq8_b>qjflMfwz22G(Gc451PIggI= zqs%}PS>ewpm`EVV(C$oSg9Q#5=C|LMzCwNN;l)S3KxdF4sgm#-m7vn$lBG3m1t-}G zHl+(B)c8qgzFSGr8{ifMlA|ZqyoUcfS*&e|f}Mg%=|&R>kx^)NGBB=H=xl8~L^j6;(Wv*W?`M`| zfwkQ(Foew-n*+GG(YAMa19PQ=tf!ZHX#7sZ0?!lT(n}6o@`)ls-Fcn->Sa@MVgAP3 z$nyK>QKJ5dS0l?JA5q`Lu)DtJ`Z2E~^tMLwy@uQLK^#3^!-D*DbJcyRNAjHrjdq+= zwA^fP)YQmW!?LV#=1H(T!VREZgfVSk;i&KF>LsH~ksqDSSUQvO>+>FLfRX3Y_>1FU zL!L`KP=%YE-_al1{jtbmZAO*Wh%qkCs!^XW!wI!8p zXwmuMVZWhXyLvqdMNOnuD?KH3mm!bYX?C0@ONS-L#UuWljo@OwLq^{lMYk^)V(vs= zuiGT&GK=T7ZSWU~q;Q+anKcQwm_XjCnDjYudFABLmR@9OK=_ZP z$AQJC_ts-%K}Q+a9BK&LHf0YMcEE+ zA#O1Ut`9tEkL?cCSl_=GW$x$9gIh~D5==QLKXg{xEl>htapTj}H>r+c#qkCO3Xi81 zkK)#n*yU$s1h?=u2Htqh4VDDY#jh1GujPU=X#j*AI7u*prYj_t%}sFPf1lt)rXIeV zr9zklsm{7I3+4yge8$Ld02Ri0NsOJtS!DR&DM9~%jKU-j|4-6jS_*|paV&H&WE6lo zOq)iVvQV7y?EB{Vz42j}7RostHRK=A{5rbIiP7aIBx**!GT#ib&APChJubFZI;-@D zc4y2yeP@@^^{Np2NHW7%+n;~+gi&2q1Z%7p4kC5mc7Lw=LI_FP)mU%=n2yIcP0 zisU$^^1ak+mzaT`VY?f|?2kR_OPb5X-gSDrIMkOEB?Qh{k2K4_DldO_9vj;Emf*e( zNyN1DT#g{lMmV-3Y%!6b?3*;07JTe9C>JQrL%T1)91RhTq!8EwI#{njp7mG{`2+9}4j%SE4rd!Q+E=W0%SL8U@4_t5|HR0@2EpfBG2CHn3p za|c_2og$=?*(tractTv?=hH2oe%AC%oNF;0K_uUR38LQ-OJRy7(dFI?W}Z@I463MY zM>Xm5{t&hBz_sj!~Tkm(o`N5_MET9r_$9Y8g#o&v7Go-y% zD{1G0Ir?`7A8J4rC9$WOPBt3$gm>>>M(@rv%p?{bU1+n$UqUbT1dWbR*Gs&w3JmsN zY=vB(tK?pP*c}r#dtTwmeK)R_;Kvn{)TL1ie7t+#o=W+x;%HmLpr{&^#^<@E-m-C> zLpxA3sGMt+NBzvlAa?7lQzSRvfpXtDc384cv+1)Zx(t2d3&Q)gGpaC*@y^Bd9wY|3 zQKNr_9-oz3KYOWQ%5in4c14iOeu&r1>Ebh9*u}oaDQU`i)naCPxZ1vIVI4QOG&PWJ zp^-c^RPy>&=Oq7Qxlzpw(Vg_<&R*B$;J}?{NAMuA-s0vBDy8}J@^w2r;OEggIF5MHSA4A0 z+`Nsk%83$}5nbut>zwa+brjaa>T{}^Nw^#lw{w36DD{WJ*|%lW;>8Q0+eYYvsQ%S- zUKlh~zG-on=%NV|0ii`TC?BA$d{>d-Oeo09h65*dSOOCdZDwWFh7l$SZ|0e9M;JE>l!x!HiDm_( zQ2ttjn;{Y3E+x=ApMLaBJna-b37#;wiTv1v)+y-K^R5-~~e{<#_0-X6+ z?a?Bq`WRT? z8OxYi?rXzgl{<9eauC~dD2(e+km{`v+h;Hza*>a`;D7%p8uTJ3O8$ON{C#<46K8xN zaQY#L1U)`43dT_z(xwLW0?7McI>FKcWJvUaOZIEplcv|IPyTkQw34Qm;SSPJ^)jr5 z6dv_8sQqQ8M~tUjNqxSD==s!JW%=@Rr`9s_gTNQ^njWt=w;sJ!)f@&D73$ORmbGH; z3!w(nLBczr6!xWI!CO|_jz&HJxNU~oF|mit@_|+T#mDwfEP2^cHn;9gsqG__#Dr+v za{56?Q5w&gclTqw6b3nD!e??!PkN8RL+t}7yz0Mdq>~hO76wlID#LaTSD_EEkmB>B zun0{)xfjDuzM$U7Y`yz_?D;vPrZHKuZvM+C_?{~EEXm_Nu)lS1Gc;L#555N>z{?_W zaf&)EvWN^zX|+4~DI`<0^mhQZW+=-13BKVK`BcFVB~hUSD82GAsL2m;U*Vt~F=d~4 z7%cSXEN5QPO#PJ|YyId}5N_PNs>s~&8a+d?Ttx4qN%r3C^w`C;K?&b{tZzfyuKWU= z1VQ{TMED5vk5_HE4q&f%)n5q-U2j|+#uF_%?~hHMpFgyL*$V?dk%p7Ab0=Y^lz{&& z4g0UX&+?2ge5;1`E$^V&o(GT9fSci zuH-3tidhvm_Uc~MDZs3|S8ymdq%0iiHy&)9o$wYjHkgv%F^Cd~M;+~3jyN5)nS^C; z67>EcU9uuo%U22&{V04!0fRYQ56HCle*+NkRWf=QIGPJnCB@CeFXtu#;l_%LzK*-+ z8g9Of`KKFxDov%b4eRyjM=L2uKfl$F%j+Eg3Fm#~{AkO;Qu~1h!@M=inQT=-ecnTv zsvgw;;ud@Zoe_qu28*oyea?GwQCAHLmZ@#)easXO-ZKw$Y<>KRr6$ZEh!IBr|NI=K zeauEOWKe=<9XD-)tkzxaO0QNCwQl6eRh)|uqABeO*L#@~n`fW4i=9k%;5o>jnrU10 zISZ1>|DW_xwUCh^{U`sTS5PShYS3j_EUgrZa95a;S_I-$2pb?|r>4*7KiomzF#hbo z`3{dE{kJ#u0@JyeD%6#aT7a<;Qh&W~PEz%Y+5qHjoqk33cri=U!SS4N#RuK;cWsP@ zQwU-*TAU?W+yIQ+@5SEf)_VWSLJc^u}Wj~sbB=LqxvJ_L#FZnMSupW6bTGm$~pL0 zj%f@S0aY=<>|eZ=i;xeRSk+k{be6_XK8<00^!f3tTOgJ`2o>)K08Sv>BhvUpnO@+E z-ikX8PCo%uBZ+Z8k_N=DE3?9cm&emLWr!d%quAD<{&<^5u9#DJwDryJ&l!W)hFb&o zh-KS`37+eXOPyWbUq4oi7k3@Lf1X-=7CKS$`{8X!iXrLu1NOB5FU&0j)IZ_166jlO zyiJbyCxCQ&t7zx7Olox6n{t$Lc-exy!HXC{jj)N_U z1TY6*q$npu6z}F2MWm7H$QsVcm`s!M%<@=@p;S(Lf%qe=N5AnrhYF@Q;m;GvZ+^-F zpQ7gdRz6Q0QIXwr-yB_cDnA zkQ!QW8Cis~2$NC==V{AfG#Av#RuFZ#R6sM5M6X^>iQ8ie_?bV@uUq3`2op>P;am2E zyZo5ks9SVEB6iVShNu4eq-P*+A1C`z)>Ce^=;D4UPs~;`jl-b%eeXUg3yFWq%AIZm zJ0BH5j!xObs)R$b0Otvw;7ug3`XlH9u)}{Ki)N#yPNXTv-%=%WNP>)4UH@%2Q%iwh zBJrP#+8fN>_(E}S8fE@jh<05<30$oipPc@u*Pzg@(e_Smsjj1hGppd9{9+aQJeoW2 zXD*L;wmBrZ) zjIWODg3+lCVX~YKu%O}p&7dqJP)cJ-#?b|k!4t5t8qu!>=ax^eC2TtW?-YK|AnOsg zsS2LRUt6>z4ki0ZODROT%!e-F<@Ld>$+#s|*knexWbXP!Lvv!-s8%^M2k7@zulKq& zV9h$YwB;nURODhg<}=Dpe_Fd~J1(GWsJ&R$u_3{qJ2t>m0p)BZ0VQOzzvT@0hXS?& zadh!;c#$4D!_Q0!!bK!W9kvM%ROgY>W^V8ThScexu>Z%CCp_Zeg81+Rd#mB46JW4B z;FfIzfpc5#a#*pvcxwtn67S1*5Y;&W_q#Ek^l` zt5iP5uT}_Inlvy66@sWf?)B>K0y$awnpK^4_13DF+3HVk8ZGlEKexBV^mQgg^Yi$ehAMV9&_!AQlxfBRf*qL=HgvGM8y@3|W$>}V3G_H{TP%=8 z943k5TA9gfOOz-I!w-mmHn~A`!-1I(A@<&>ZF@ORqe=MM&77k2>Z`PkH&@M1zD;Sp zQk#Qv_7>f`h85M$s>OFIUkF`6!YI&<2ZFh+M20THQe!$lS5ZrF=BF&Lt$@j8_9h%| z)UFHJ!X(np^uzG$JM-O%mUULJ>T*S7OGlmxMBPs?g4i&mC=asbyoT zdL(U2)IJA*Q@g-Hb^1h6D*)1z80B1{%Yag@hHrCf(UmaNv5bcAzBV@rbhOVhk4Lj{For7F)^VI~61 z7~gU&T8mwEu^GxbG6+bs?>wKL0iG74REKab?(D>^66ePD(@NNJdaXcAw_l|XaeDW8(&#i9xh#(AkleY^>eTgtJ@7S|gQCt8z44@X$1;bz zk*M}r=9=4uUVW{(>avOYdopE@0rwm`D=DNmqbgxgfd%%j_Q`wbZLt0cl*|_<)of}@ z;+d|AWK+;>Mn3ch9g-*7K_A3(Dhg0ce8Lfhc9cG{QG=^j`Ab?k8*`-&Sb>~FIhd9} zX^8~n9A??ZyQkFhl(?cZ!6z~e_qw5qj)-FzGB}+SS`w+pd z+N|P_%cj^))yoZR^1+>WKN?h(8UEGIuFO&IgV|)UDd>`MAN+HrGgD+3-l=!v$t+J$ zije$hj{@gi^1=U-{cn?iK+w$mI$@yhG3N(xLif9nZH?N`z_bS&@icmmM2| zD10SbL%+&}+O^7s?P7Htd{K3*F{{ULepI|bi*+2*-6Q6L%RJ zi4+h~vD1#iEU0h{u4hf66`d>F*%G>33p2p9SI@`m^J!}-7hJoQ(&genRlo|c_z{v8 zvt$P-;|+rfgv@@>YvJHc{8P=q>aP>U8%989VjM3c4Q8SB!@~`7a*b~~;aG>s!KLz~ zD46iOQ-m|o{=1=h8(%6Nu%0hvUAf;|eipm3OwZlainq_Sx|oz1r%0xBHvu=h^s;ZF zPg#`x`jn=NiPozlw}C zYgi)6d4FgJnX^McG3o1BRK298d4ZF>K=5&Y)nS_0w%|R1(4&-lhN$3=ikn7jzOG&X z_Lrd_0wE5_MvEsL8PVu1Q_%buG^3uw9g3yr590a(I~1a6$iG7;;GgokLO;)2CZayW z>_tr1wTy;&t)`tYr%Z zpo7xz|7WLwI-eCnztP7vx~zkx;#U%7irg?-Hp;4>lC2kI^=`@CfR<&K_WHQp1fweJ z$p=Ai+86rV+m$AJG!p}E_ZT~J_Z&Sv;3l1>d11LAR~u%RUKPf3k49vm`~*&IBdATs z{2-ome+C`vod!3s0`p*w-5Q_?uBz(1JNM=csRIC+gz(|SRP{+UIQ|@x^mqw-cm#ltLN6^V&n+oJ z5A~JKeJ+A;?!MM^rbF~(IoAjym3*@%N2&=<{MCRKGAoLwkBIJ31!u8a0zvDDHE5)W z)e8g#=Sz7E>M@ia6p?@V2;XD<2UexFgs?Tig>kjci*J*t-z_&9)r!~>y7?QcF5B*B zh9rCG6|m2!9f3NH=6@E{-J!{qv0Sa>c6f?)I>sPNOf^K(6fYBpXSqfu7uR|&wG%bs z_%7ax#`qJ=J77oaBN3|tz7Dg%!dj3rsZU2mlheX<6L0&5)lE(D(Mq(4&9p7&ec-M& z=eHWW%B{#Q-Th>30sN%_9rg>V2ZOO3X}(81MuuvCn!K%dLU%em!I(%!ifmcE@F8rp zcob}ThaCsDh3A4VnHL*Xkg9Kmmf?3UUeY8Mz7nIBZkz{l)J)S7; zlTCy8iu2!d-d{}S$q35M;9#w?LZwyR5 zXIJxBr$!OEnVOZv%Z_;gy7e$Bm@DbE(CT5{XlE-WZCsEG^?y!;Z=b#YXYv|d@!1jy zR2k6$`VlG?kU2T{)#d||+;_bI0f9e|-1CE(%bUNoB zb|{lg#s-W7vtp^?h$;();}f0oT57zsoj)q?jX53uQVwz~U8!%(Btg74>}uCix6baC z1N5fneI2FxvD)C;!jJ8Gr%p<6*E=&&PS6N=C4DBjRjd>`pjPe?TiceekBz4Ck)0iT zi=Ra*r%`gP)DDsRThgCF^htZCx}nJZR6|p0Hr8xtNteB^tQ!ao9ZeFqH($xU6xU3# zzPJjF;iKeUuJ##h)!dA>sv2~Q0K7Srts0pSMhd`~dS*3>6@>099 z-IDxLBqO<+e(q zT;zXZ<(-;G1$~}uRxZ(1AndS~<+A=3Quy@=Z+OAf1Onv&G4C$r1(_fA9m$)FrX_pJ z!!uN0)=Gl8Z3tJWdfbNBf zm!K1n<`-JG+TkICXB10#V2PdJG(vAM$inD8eftM@R;dHsi$Cd1@0Z;0%ZRK~Yv=OZ z@Y^bH^5z#uh14%L2eqD0TpQ|8Kjpr!vg~-ce|?nOvGz`A*^D#zClF&O`7Wc^LW-@B zn4IidsDAIAT@H$Fhik{PrMkWDG=64^QlmO7IG>QRpSy}cej*Gll2BY52PH;QQ3<^t zXNHfCb2oDFJ|pB?u`6`X?q5Q}CV(xJDnvVV)+PV!REZ5T4%8t(e7zC4Evlr2YF_X3 zer1`x{52qFWl&i47PX5T`^Ot2a*`UD()tXqm?eeQt=^^2u)eqM97_k22kx*U4~{E8 z*_4nstM$7aaC9{qfYpfQz$Djtoc8yVjt%B@`)Vg)++C&|*jENDWeOQzXFmJxbIxr6Eu%vUIgwk&JPw$H;}4 zP-?ksUmK1bh(GyB{oTFNX{66Q z;Y5qq5bq1KTliI*+(4-5!55*XMMCeDRw#yh)}uI>o#VBxbF)5cP|A&K*L#z_9@2q4 z%Lq|>hNWYY-Q!Qd$a1vp=RM??AL`I7ud{Psb7cgyO0n&eD2Ogo;!A-+XGB zVvPKBTehw{Nkto;OGSn1(F+QT0$S;AXQl1*%T(@WoJ93KR3 zMSyR6Q7ag8gBwL{`6NPJ51f}>&sw;q>&LK6^8xpei5_R23FJNtN>cmVCEPc45OMXk zYd-f1zN%HDz>Rp@W4bf7-g9E57&jY&FDv*CWrJ)};|ganj0FlE%he~4_O$gC_V(b> z;fvYvQ3errO#5mLXe0W<1M4T3SUZ#-$kCXe!*-H`GJrsraAyholPD^4f(53j?gaOo zJy5&QF(G+7RLkwXXmF^ek$>7ROA~5wuosQ2y)UFf_i3cE$>3u-a|Y)A*E_7d+b=>Z zl`38X8EksFh%^33`5B5$V--tBl7f4L$bn+Z*vyGJuW5X-7Ug>Mwx_9NN} zHf$jc9dWP!zyYI3Q&8$6h7M<%>|cLX`W5Ic!b;W9u-x=!F*)b~Xmpjh6z_5v=e_n@ zx%&eavL^C7W^R(S#6Cc2B@qPfC77wv1cJC(@1$?__TyyX%9cSaF*~5M z+|-$1pI6|E*?M#E9ChrvIBK7lX*oG+u;@E>b=A;AKjIz6ak56WEzp~OgJ!-W7U1cg z4RS}|HoWkp*?D&nR?mcfPWt>|EMUo$gt~Tl=hw(P24+Y4zM^Dxg1fBYw42l1@9nD5 zs)9SR+u5ySUcwx2UE5+?^31RgBE5mQ`}PV(2%Yzr>#e1&3`;>bZPeawW6dSP%j77o zp^16NXrZk=29WzRxHGH72FF-a%&dw=^?S`vuI^uuRy8hW=SyyY^?N9TNT{ipsoaBV7IAn-gBsU}sMR4Z&P!|eSt0#}J-IGkyIxvH4_=^IoY=SP zLI1hnyr-1?adT*5{K-hlh%`5@hAN~OyWG4SVc=vl3|d)joip|(yJ{#&UW3v>f7 z{bonVoqeNi=_Wl>_Q=3*=E_B4>X2~!-YLmwu;VJ0;d1mWRh1Kiwg#_rLSN)hv#he5 z7BvHQrd$yo?2w|zrt?x9pTYqWQm>!$h!!R6`rdgocO(p$98)gvZ|kGp;VrkC7+Y#8 zE?s9a=7KU&Pu{s~C3-kdei=>1RK8Q~-;p+0>D~FN-?2l3nj3siFukh6I^TG$8R!8vG*K?tG->kL!C3eJ`$Ylgf2R>nE(@$nT7%Fb`uIr-jsg*4};Gv zg(qMP`hqdo(#5#vz2ExGvaGAJPeE+Fa#4RNjye#Xv?%V$#iUXr zqc7s>H2<-C-`xR?i8Zz5C;=~ml>an(jM94UQ9th86Oq%ht$^THZ;gT*kG=#4gjAvS zqaU@3>*oqRz}tZcbAUuPMNCBBL#5k!kcsgHeLJ8p_ydes5r$CKgI^XI2YnWiR1q~x zQS;Y2SusrvJ;@lU7kMY}f;v!}uA*s*>PZoI$R$Ewh@Mv%%(Yrv%)1Vpw!YPAch}SmR|G<6z z%52l|a-1r*te?KEGl9Rj`k|hPy6A|Q$25HXYE<6u*KsM+qvR2Tx@Ut*U$89CJrM8| z=+%!ZRsFt)4Bn8nrR=MSC0s*9-`qJ@5?26JGtHZx6-w$Oa`WyK?s+R%y`X(Gsq8I@ zk}-8_`rh^$1z}Qjq|lQiB5P>-&DWtJcWvWzCK#&y0C&(;IzR*d?Ma zG5=nbAsdg|%yii!=v0|my>BV4V-XWYt`JoM<@Fu4`h7i_=}z)K7q=HP&;UdtZkhKp zXEU`BFmV0O%d%qDNA4Npv_Xaw=3R`#Ax}mSv8pB@NOXL#+V0hW?$hNxkJ>)B-_^08 z(dS6HugR8aYMqE3ntm!$YmRWmM>iGe*wFMiG?999B)0I#(9J8Al^VlHkwV>hSz$(p zE9R%h)+D_|<@Sb_^$=P#2yhLJerzLeRw8_l4To1bW7@b$#}B$y&Y+!mLd{}0ZBn47&M#xGPeU2u*Ju$ zY>;m_@78==js+`>t%{iV8}1|c9R-2Bs2-h0bm?_7DecE1lp?5T0cWPdU= zP!DxOK$3(szuo+B`>1yq<5gr|kZlB@h{3Lf*kueRhcH?1xuq$Uivz2JoxtY17N2J- z;t0A+Prl7?-$(7`d>#dhxo>qxz6N6}B4i(Cd7@CQ@=C1}<&5I0N-Eg7Y_`ut_M<0o!x0 z8f#WF`pwI+r1IH<9fc`8%m?ZHd4C;HLKM))zd|R0M^lJ^&Z{maJ{1u1sW#XgRKfZy{0KoA<)5G#{NC$sm!Ae+9(bH`Gyq`-{zIxr%UUIt{6-okG3QK^d zaaf8&>jP>*@U_F&a2wI~td2E4Q8*BMQGJ(6QI@O3Lg0@(4T*e$m8_Hnud}^|EVyeS zb`-stfeZr?+!eJg{imzwG0a89p$Zes1&enu4Y7hdtHr*To`7DiQv94a{iP-%0}^6? zY)3iIj0ocsYVO#gg5ZY>{h5xpMcyP^+C(!HNiSDN176qb8yiaJ)WUto_OlOAz23m| zTPF?{d$+|DZg172XQwHH+O!V6;hM6LQjEf`*$AG}pK!R=&rHSoo9 z#duy3crs+3QUg57B!w80JDa@St?G4&4%T!7HQki0N$xn?HUj62P3EuSsedL7Ccwoq zh0{o+C~F#Yrm+>`2WqWdNiKzhkW7R)dkB0e2gyRDYQ@E|A_qFyeu<1xe9!?*I9#$XVG*9-H`D1Wv7C~>=@bpUiklG9?{3Ic! zg7Cc;)b!{UaIg%07!>VgVr5UbuGeOHAHAX+I-2?x&X!en?|^Lc^U$@x$Ooy>OiD<< zj~+gHs40-Q(hEp984L5}we@oJkjq+xK_!U6=(eUyUYf$3*)D_J49x~!O-E0X_ZMxz z)7c92%=AE&jVWsE0;#Fc0SbJ*>HbM@cKLc7C2h!T3J_Kt1QPe4ljo$z3TeG}qNVRl zT@7+c#IKpCmKGf6D(@!^g4UDnj@>6di{}aKkpL`-i9JqB@z%T2 z=Us1oKl9jE1vwttxl1HjG~1H1Z9dLZ_Md0)nbo%gTx-S|M0fMEyMPR#3YN~St79oJ z+7=pzq7R!oHq!$wZ2V}uD(v~!k*4{A?>?=gZr)$-q-FlybDjy^PGT!9Go zOzHib_YcG}3+VF|&`B1s6cB6+sykiWKQ?1tKqU^RT@2)*ALoYeW+3h7Ns9D0C#H_L zZwqdG_Zj0q#?@ze1O{2(v;qBv)_;vs$N)zVQx8keIUUHskrUHXyfa@v=RP`?sxM@4 zaVjGCUafY6(O!|vv^^`%T6!-ZS2Q1{DW}&EY2yrWQo8fy#(c z_GjCS4DFhL3_pvs8A$lLIT86r9y(O{j{0u)NW=m$P0)fGp%1IYZ01g=FNPlX3Q_X6;c{02owoW;K@a*2 zjCRiUlONhj2>J!p&qa--#!K#);FgHvPRCBU;Q{YPSep$Ub7-099(hpf=^PQDk$c4g zm4QE8z;^D%epm%0>|ef@7ZRzeG3Vn5{ROC05kL0Q$! z+;$TXYfyEfZ3Y4p#UDe;d8o=OU7^Jk4sidF_Ma8!fK^qGmE|RO>)=Hu#QRw zBM@XDEgs);pFqA9%urZQEb#_TrN+(gUL7_zPP45tt%%+Y?UQ9x=^k~jYFK$o>7UEA z4sa9d&#p6$2w|-5^S$-w_e>k19_2@97guaiEA758^fIp-DT?iV zHSu8qEuli;&{7!sp$&hp!o?nu+cceVBx)LrE0o|Lf&b46kbz}mAMG?%ACK76KX=JlCqmDn!~RG-XPS><8Uo&`M71^m-(r z|51!U`m~vf|h={eq1nn+QT$vnEKPi z<+BlfL@~^Wa%u@-Cx8j4bcZ=qPZPm#wfIPkZc*qts!kIh+Lc%Jun^g$J>BS6 z$NJx@Q#LIlg^w|LQ$g7DXlyqh1=ua83GBFyygnAb57$e)#~o`^e5V%`Ag!PEWw8s^ zE#EGo?CU8=9!clkUIn10WdYWX&}#0Y8$OiSWOCB=5PsJNY1Bq615w4(hPFtTT&1>O zV>8lhDqvm5X0AFn50D*N>jz%uyT{&n3>Zy2Tr~}uQVs9kvmvV*anvaZyG8m`Q5cb9GCbM~_*HN? zN929teURTWR|n*NoWy_|VNRR>Z*YTo$AdtBA|h$#uihVRg9Gyp=osJ|K-!;FVn8@`liP zLxh;W+0q({dYi*I>nOV+du?)yv8{&ypYZ!L9E zA!kj0X-tQ!dwaQ;zBR5H5~$!N-`82;*oiS@UJi(|wc5DS60ZiH_mnhqnP%vxzM>N|{Ooo7qOl<_ z1zO$(B#J!+6nq}P7rcKSHh(zTOL>$XS8y*0>h1NAmglFZ>IVZn)x$?tzPBU@X7_LUD5LUZ*&AZ!%~23mXD;mqQ5HjRMgSk=CD&iMJmU>wEc zNMFG=2(OD`lV}{@EjPlfwXrMhw0c@_4<7gBmxUqWFaWcTx@H+@($iJ3-WrUsQVoJh zF9O-)}#}kFPfmribmwY=@pthhC3tvBzBg zVc`4@npAS%?-J6hTfnt!gVa3ZJn4vj8DiTItUXg^e@U=-mnPG=K5Rdilx`rMXvH0} zH#?iq`S&l0g{BC%p>7sNpBbaaIc?YlDYc{Q>9k)Dm!=IoXVvqM`EEzfnY5$vB07@1iOWy+f zDVmNf8G!WujLs;bPvy7<6Z|FAgobB42XX7w zsdb`11P;ALDC0L&mO0OIsfymds&f8Oy;%FvAUj zqU)k0$fvs3!h7nLBGZUK;zY3NaP@3SyzY-|G`7mys;>9%a%2DBWuUG z*E!Z6=U%u&pmWh6ulgp~QuN(FRx%UCp#VR|New-@N$tlo9udV0LF9z@hMmxJ^e>*%iJ^$WP*GT>xJnJ5Ak{t&78G)Ty;~X6VS>YtriK#9Uj? zjMEA?8O_}EG6dV^jp&A$pOj1I6^u-Npn%m*)%==`d_X-re0P6XuWJESxR!E=6Iyga zK%WR!U9*d)isXgzW*GP(q(4e0ec8-L-U*%X0_Gz(vp?fJ@zh}$;tNoT3AiLHulU!F z;@B&le<3+A3H%~6Ea&Q>4$;79UF%)?mO-<1N( zSRxvd0@>%$JA8A`H@G9QTSCTnz(`_b57o%9rv?Q$1)u-d|4+6><;&!x<>xOH%Ae>2 zg|wbV%R&O4B^yXQQvsSrQLdV%t_HSK{_8!hb|!Ds$Mo;k);)yl-cs?1i@EM)btw2- z{Hye;I@Zt>0>n7sA$}&+!chp}jzsS`g`{t?4}VapV{@At(5Q`?{uK zvW(4ea)NRJC!uYfF!12xP)iT){J=|0xSkQiw9U-omEvqN9+B*!gyRzSQj*X}#xTJ| zznwpL^sBQh7{&iahgttUI?T@?$KBT#uMnIadDkTb%fV;L_7 zXO$9XqU6>tlEn-wckr7Bsyg6*l|!V|vkv58F`>#t#%LZ{8YbeVgG>pQp~3ah2i27( zRR{`2_5?hH@5~31V-Wp6hmkM5a3W~w!ytmRHN+F9^{G1Dmfh?MO#lVlN z+#)w$vg_>1BQkx{8i~a6{Tm=ZW$ar-eC2YKqba|d44q{YrTMOq@VM#*)pv)tk3NRK zizWCQ3j}my19;y*=0TGt!m|{-8p^~D=2RX>*47vTZdLH5l(Cn<$^Z@{EA|f-prBlL zaL?HHO_TtOJX7x=|A{9Nq@;F-d}O8FH}&W2WVe2dRaPaqpG+2e>TZy1;z`xNNUCHv z4XNzhYsg#^Hp#l~HE4vpgSF^EWu5Kq6oc;G6oXU(^DlaqEVfJS{Nievwff31ffQ(G z{h^neolY*u9!{HD*$@9ogu0=~Z}?ZWv_Qj(4V>%rBVBq*JXdz~Ez&+Zmdd zgjS{c6*RHo?T)=*RFlC15uI_$#bZ6&_l1a!*n^I;I&JswQkCdRh1JN+=lfJD`x6JY z7=6}YCQvBwP+*+5N%&^%qZD+(bf%rOMPzlVmTq>K(@s`LG0EHoKr+ZexmLPB5g3A@ms9!{zv zC_oyzbK}m5PiNr>{FK9=V3&jy(sXJd=b!rTA@{bs9rpku1pd9Kg!PG3cc+7uqXkDT z@))uaxVLnpaSb9nav1^Ll#JsLY9sdIF%3m(z66>LHk1!_|@(Q z%X+%l>m+Q&kKb;eT0c&sJf||e{wbI~I#mWf5ucdclKLe<3jbn9X0Wbz7%%i|v|$iM-a}}9K1jYuJYk|PfR85f6Afop#kLg8^X~zev@Uj9l1<|Q% zD9TKOll`6zKse^IwQ7XYe8^imwx}uaurcy_T(R`To4>O_?j@v0IyFw z958_hit>bEO(*RR;z1ASGXi=|%mv5mAk)zb+fi8lE8A&rNwmk@&n4);#Ci z3_j{SBo+$mIwQ3*i#T*vUq#IBsb0X=3l~c^I%XSULJ0?T84L^YKexq59@kjLU(rWg z#0dzR$6z{;wEs&SF?3^-vTvO~m&e~bIS$oF!NB)EnMVL0qA9n(e|Ny6@xw!8Y_S3_ z1ZBjD5WPbjAO=G|s6FjK}jt)b}6Kd*+I45hvNIdkZCyS~~T)-)>v zg>ojSfY(%WOnVZV^Y^RkU`A|%Up)hkbAVprgQ?%Q+okX{R3fXa2bc@rS!82YR-h$q zu?k+o`7bmw)^oT7m;tdyDV@pWM`X{n**NsVPbLy{%5$b!?B+LoN{1e}I5Ql45*Hru z@K!UTE(*4B4J-D+KB{p8u0B-S#O8#4KZ3o{pd?y|&-cJQ1#S0xHUxA-N8s5A!`lsf zU#Ey_83(b!0`<@Vp|pY*LDD{}xpEf`#t>jj@h@0H`JbggDR{lU|LTA;Phy#;3F6%h zKG}ydP27R)m`Ze(ZRm!2j7IRSYq+?*+e3FCdNza*adM{JdxhKY!2>N3E=S(1^3MVjt^LI%InYlmR9cP1|oms3wN*f6* z3XMw=zQ&hlTpmOAK*XCu#+{RVuO&Hu_f(O09x|l%Txwb3}G-3bGIRTcYCLPhJJK^)V z$d7gMt+*duE~kA$ckQybM^ev4P65177Is+uqLI? z+37dDsz304yCx$Zf{kAmQDS-QD!-^eky{|97!FILobd#<5v|>j@GP_t3Pm);o}YMs z-7*`{WNxH1(xrTqjS6lk6sUveXjI=&I)W5IQJwGL+vYmQNb|D3Skt%0*aopigy{O< z{F*b^MC9N2MlQ2DPQ`IQNlRoJKgPHM2LSh z5PsY&M;>j6dg(PCRBMWQK8p=-v)%Q4`7j^Z*66008X=MDO5dw#sL6nD;X8u&*k|M7 zlKkDja;6L>S%M^QC9*kCAyJbCwol45C9IxtiZY7>M1P8~P!t?r%_T~t@95ysNB%3h zg)l@Bt&QmdA@r{HQR=-o{;*gM4}0#;QhonQMo5)pSPx_A|7w81j}!bgOiTtf?<916 zxl(0ZH-E%rnRw<-p>H`IC{lA36P?j5$p@orz3mHXtfP*u993#kmPJ{P8D(Zh#Kh={ zy(&2S{$uHzSV=Iyg&9@GT~V?Pjf}cPgb(Yw-N@2lGR^npEHesLtufDEJGG1w4~~t2 zVl=-I0D#Xvm?nsfQ{|>n{UglIb--UuQf9$lv}sFL)X@-0ur_;p6Z?_~q56@VFbk60 zJM!3F-bnbj2>tmBDJ+nK45j-MmJ!AUV>rVn05k8ysiT)d^4BV45tkj zK^BC_?}HYmoJQjoIe3?O3x$K`bwWVtv@*VtVU}fqFZc=!*3R%OvR@I# z!>^LEt5=@!&otM$f|1b;oj-T`#R^+Tghl2-q{2)9bj&!e3#+>s0M9kV(S|~f=+9>4$6F_CP8E+{f@(kT&<+0JI zd8A%TC@5p#k?dv6WAwZnjn%w{T+f{OGy#!8v)w~$rGh`({_Qll#KLmhG4#>5Ew%r? z$?7G$^Cv8CY7%1G{EOz%X4S<9;Ui@#`^R1K5E?H5vUPa~@!!fdeEm~cAQS}(MA)W2 zktsEi04-4TD1{Zu6YLV>)lYgv8Gxu zoU6zm)f@Nug*8I`Hk5;OjA|P!iGX_EtUEl}6l$GgNA85c{6ujlEtj4wYP0X!L@5Pu zSrlv6YG`0e99HkVq6uj949JZRBE)k$`VA~Dv zd`RxJRg$WA=Az*Sg#Q!-euOQNyj~Y%e=XV|b?6+o+-th+(F0v)Zq0|ywXnJr)yq` zZwF73sO^lU&tfe={kA$>Mek;wqcx1Lp~F3;4nDEG&Poeff~koegU;G`;~P{-71a~^ zAOA50)~svc|CxfmzybgsVgWqFn;L6N)O`>)?G-I>6+OSO+jF(pfW_r~GO~7SlUj3P z#N5{;>KDgI*9?HF6pPJ=0pBP3r{pYg!LRg@3=$H8&-@!`;?K93oA-fmUmNL)m!%yG zg1ma2CHaEse$%C71SU0$Vp21-3dK%zCvFnNMGNXY5aBUa_svxcoi8TWTm+p`mmK`a zU-ZRahhf}=hhvlr3`y5e%a$S%?*255^z-Fc^VY*|Y#49lr5T*24IO}Xg5y_P4PUmQ zuX*HmHWv8aZ9gQ{W8^>I{H(*MQy3!d8 zYDHu0r7bD;hIo4g`s}jGMZem0FQgY_e+kHoId|aLJC^)nwg~+v&Go^ty|3>KC-s}| zP+F>f{Ot(+2Wft+QSHM}FjK5ksrT;}qn0maICNY9@utGY1#$Bd3@h4)n)VZ0L4oi8JQy}mv^>TM6RQg(iJX~hM$(ndZp&M%9MwT?Ztg?<)< zud7MJSFDUt3PAzBs?KBo{7=AS&eOcPc@!r1gT8`)>^U98faJFr(G_80gTum`eolj9 zkkUK*VFGN6ayE_-{%4EC53A^zM3p=2?Cuy$+x4tYOP?Vx977&hhJ?ePnn#+1o;(tX zP+{-o1UiWOMZN3pk;=x_xj%nnCq3`vYCb&D06sVcS5JoXq$>#@-L-nr`40HRY$aQ} zUNSDsa<{sXB6o-AArC8j>&{h+icS=exYp-Zrl{Emttc}$KkB==I?~|jV}I*Zd;~F% zrzxUidcE{F*}!0{zS?o@kl*A~vE-w|;QU2lMp8pK#aW8`3%QMK&48+1yk zXjN%qjbHabkiPUkr@C$Hu^c7WLDgQ?PR1vGpBDa(;@j}&{JJ`R{M=aXXX~Po}rcdzq%} zQiDKX3keOgomkMJFk8C&5hcJBa*QWaF)s5VsGh95k%3GEQdF zF!?a*`tN@|wg<>c5V1Qn)n)htWC?p9NjB4KoIC8Z-WTp>T_Ec=agVz6GGo#Bt0r=( zS;My6ov{YU zHDCe6PJ6v!;gb`(XE!AM-}S2NiNEaVDhKT+)zn)!;W*#pA`cpW+D4-`Rj7@8 z;euErY>>JoYwq+QKbid!TMlSqLtq22D@q-Qa>?M+k>)+mLUW6V>01azVv&8~GYG{^8C0}T(t1w_LKX49-9yxI@#z-C z@e2J>DEY0WqM>&4IQve|V$-#!lj}6}D?=@<(~?;vPMgK{X{Wv6UWG>2dxMa;%G3Ne zTkV9Mh>)4$IS>~nhrcGhs9rpD)`p^ssPeZKhyZEC=S3be8K(G8OOHl1{N}C#J*AqX z!OR+?Rn`4j^^-i8Bld#y(aok@dBpdUml2k4X0G5a#<&R*AEsWlyqzy>BEnb3!klTR zH|T~PPb7WD(*y2*MmhWNdV0545<|!K96VJAgSa$C}MK)sN4YJB*ZcXX<8i<9|Wv7p-K zzOr1ll9(zuV5{(=g9WQ$ekX@5+pJxx^968tNfzgN-#X`gSvAz`n!e+egm{+^|NC>& z-~!>#6&mVn*zr{17u}bSe$8C{b_iliYOV@YY%9=pDhkh3W5}ASEDEUo9Idj+1t6nT z;wTFb=z_uc<;XCKq?#E9BOx^~l@E=9Y?rPugCMhFj5=$SMehH_;S;_y-2jK6|Lvm* zY?(y_^&fT7l+bQ%xV9DYYD#InKa)*ePMn*hKj(s!;ODJPj|V<`vnWbsq~PX`PXy#W zj49k_owQi4lOKyCjk6M9chdUNC9jHPsET6iq6SH|cswgToN!_`~U>IvE#b z>#_%4a=@r8tPF&i3H*!q_6579ntdalb{M?zi9hJRNG2+_;c_lvI^@EI7C%xw{fIx! z(Jj>|EOr`+kY_R^Tfvl%-^MmmMU9It5EGuJ*qT@P(yZlpInG_+#VMau@)%H(fjE)i z{H>A%FeIP>!S^q$iLmw9rXei_1hC9xrr#n9=K|Ww#Krj68|QoRL66x=%x0(CSLXBS zEd|BusJ1TicoScnJ%^ah5U)Sb@4#*dS_NK21o1g(*Dv%$FM;Q;%l158X4AUXJa~XZ zg-u(*^!97Jms#>V?TrV$--aC^)%K%* z%>x%}^>N2*gTpPU>8U!h2~lrgpX`3~cxP|h@JFu=Vcx1>`@4en?`f(^SFzZWwGdU@ zFr+tjzVqE^>%yCVaJr3<{wTq{O7o09{zy2&Ia*I4?BOKoC{lm*mwP-fpmk3IRy8AM zxdU^uQ%zf!X-F;($QWAMnNi$6*lt5TF1qq~%n0Qd9GO{`Pl)m6$c?96*0!yKqyOv% z6^|OPp;{R9`*u^A=uWEgOp)(x=ar$tZefdqR=FxGZ}%LX^(^_gKUM#~aUEr7KlH&|P@?ybJ)9-%B$P7f-rmJ}FYmcjLSoQG~zZeMocz^+d<L^nC zdY*Nshcfs^Xk8j+&U34I5t{ye1M=6YfRyJwXm;?$K8>k%46Bjb@;x50#;)M`NK4zC zS?{dy^mUv#+D)e%?4&IC3d1-{{l~RhLHu#8zz9D4bP8_1U0&Iju2AwX(L7sv>(vpL z6o^Jb(MJ41+gnBKf1_$GBUI;`EX)IW=iur-YKe^ExuGtd}2m1++;#4B~XQ zd1D&ekDB6*zPkc4uMvN{ znp~?!kJ(w;*1%fXD4!noq8+b^Al5(cI)8l5RoA*K9-qwl;zB@Ip zYlpcd<&mxG4f!ih#h)u!8fPDmkpW|6gnhVRw@wI>)n9|n_^aUF2Zb5Z*$ij8bzLI8 z;euB3YN0Tp&=9kEYdrmaB<(hgJ>vDl*&Qmj>P$uUh>-q+c#|6~iRO_d_G@r*+5uKW?$i*Nmu}WzK=t-Ov0b?J zg~PM+(4%z=wB_^jTU{&YBc?-;o|?YslN2{Q$sR`y0n^0kw{SW#5hn z>|ZOWwmsWaa!o7|btDEo6_lXxU2heR=`hJ;+W}^}-PJI@gRQ&F>esprW#=+<%Z<(U z0opE+BoN%EFgsU@tejO9pOp*40!)ctt(_Vm((oQEIyd%xvv)0~%kpLGonnCPLlS9& zxf)aQz)}V)g>T%e+g@HpdZTT}9qI~AE`_)&HD^pNI*MT@Q5X5Q^=i_UV#f&|2)5D) zf`Cq&UJtdZckgYs`Moa95^v4HDOj$)eI6(XmO3+zjReEL85rI$fORUY()5sd4>wDm#}n!qXN`XQvE;iJo95z8;;DkP zb}1^+x%lQ6EC*LGMijAYP*=@k?E}}VSWGitum2S@#2K3~4*FJO`i9-Uz7F+yJgEeL z0&VZ`cP0k;S#F%%HDFKTmU`r`-(EveH>#tiKK!FO+$wu)Iv zNCVNguFiU+wyA*qcHD>8G+^nw&_O%AJO5OnAetQK_YcdVI@CFM!xbH&)@g+wBc0vV zOr)Lb5bh0g9BcKUgv!W}-!mB2@_a~Qx2aq(w2G&58Lm<^G;;Ns#&znuhfy8a1gET{ z%*hfsX~B#y6EZljJPC@YcvLExo}t|m8zMxa^6Rk#x=3J|DX@Ed)n0M>O|3;YZ z`-!y(1*of&50G|9viupS@Of*(ua6bqty}1FTTFa6dMd_p{qd=STJFJ4!h@?huSd)9 zU}H4pH&)`ik%`tYun{>+m zdT;=&e&mmbRXv@KhM~oy$~U)x46F+psI<%8yVoNObKk@+sXl$FL9Pmb`c-gbCdBY) zQ7>}w7*pR3Wn(|kKyQ? zFz>_~iXkH2?_n%hHl$BoiqJ4Td|>|t{0}!qwIU7**b77fJ23eN+Hr%DST3gZI44+Z z`PY4PB>65_RS&%sr4gYr*R_$4D{(e5ZAzJ<4&*rwc*UN#ioqw3S;s4*iuADWW!j%8>A>59FpGflXWb>nZA^Pa!YE}G9^Pd*@A5Yh zB~7P+C#y_diCvHQCo;To#71C|>H8xxGDS$m#~KTaV>e&5t$r_s>&Zxe>hS7{)BC8E zxmt|*Cqw z?^T54n0%wAq4hpRj$8!8mgQU((Zv}vH^ab?x|Xz$aI1a7vtt%_o4m;=1`3z_5npHs zR%j-4f_IF`0DH5iU91=Wj{DOu9~D<2qvVvKqJNgX@<{Y4xgKKMih6dIFd>E>P_n58|A(&D{7~g&iwP@sQ}L zids|4=S@8svJmcnjqya$TG{&6w02U|ad#}NLYR3%`5!x18xmtV6u%8&z6_@^wBO*D zcgxw@c1JU56Ld5IKm5;3^LSX<8r%i zr={2-Ee^{enuYnVsPz=;7R5|T1eE~9$iv#~b9?p)%Ws%MrKcfN+1E_ZWTAo{AGj;^tfALV^=w8^_e}Jxuh;ZeF1vxf z2X$mm6aV8L$oanOlc+)M6L;@*h><55F;+IF&$vnj;B(`2I94m+x^UI40%bRPZ43%CROD;oe@Q zSO>9cLah3}DjSIBlI#@#ToE&3-)ZIHEi4}97M`)sA@reSj9luQVYK5jZTRgHsUn7N zpht46bzfJ1&okUp*?4^8eyk~YJ!&OSCgda%T|8|^NXE--2^nqY(%rAy0G(Dnd#GVL zATKiRDCX^LbAw*^Z1%I}@$?0PNdIJh;ne6o(=)He`Vr#4#0P=RaBubAc_Zb%qAy!IO;9ONmoC$ z>`vwYZFO@+Mz&k!O|;(w_K-qNf!Nh7t(od51wVd)i>(>DY=aBvpY#uoW(%y6&t2sk z+pjl3pI()8iEbOgc%_Dwy^ZxN@QAEFX?Bt2JC+c1BcB+=MDTERSl9WA6|q=I@}DO- z{@&0-%MVyZ&=`Dr0iXDtz`+F&?nOK^0HR8R-?{pZtJNj!rxMI)h5h5@js(rULXpsE z`sv6OvGlfS`z!Cc-Uy?oH8(?$xyu%RqTzbhk@wFgiVN&5Cfal{H1L45o$LmMe{$0U z;-3Cfn{21@ak5vQZ|LinERPiG>V}*g9GZh9PmnRE^)^Fe} zPBu#Y@309D&IdOfH{-#FZ4)Bq#_S-jw!6iIWe8v-S-R3ngzKjT%_-CiSVxf%nC6a0 z4IK@YUN2e5yj=xpKg^`tlc@gQMJr4bPq(r84&Nr)G_xf&U5TJldFoP@R&UqwA^DCt zO8>yyS%4Hk{E1drB<`Qf6{~|}XSus4WM)sRgJV)*w`GpPQM)3yj>Y-+@Z3X*C5eQn z!&1TGO<9!Qjq47di{6}M-raEI<8SV$we+UzsFqh923nHJX{RL2Cq3bUOaVVLmfla0 z3R|UOA&}|{p3cH@-GKTeJJ7TSH{awGK>YX+qu+t2&jB-pV$Z9OkGLXmd(j2+GIbJZ2SNC^0o0;`3W1u138Cm5d?AGkxlVB_ z%Xz8L%)C+nMX(ojsLdh*I~gom*IdHfuAAmPoatCbi#b80fkH1n559kea+Vp1RIao6 zF9y7A%`4HmY3qFH{uv-17h=QpI}-bSZ~6r<#Lk4Yi$)~6VaOD;YMxs{jRsLI(-c&g z-J>=bvtR#wXZ=<3#ThT_4%m0Di9wFwjyN%q{W@Q4`i{N$jA%bqsZe2gT(sC~say7u zDfw<_fdJ5j_%Is0xQw6ZkvWoA`dO_22+CX{ec9=oPWOKIXE(bIGnYB-E3KpH*E`jn(=lM_Se;W$X9xaPB{3{^+1u*ux(Z;lYf#_U!NUj!ZX7GOxn*%fp~FwC23q*VutR z5KQwSRfo%#MVcOq8Ys<)K6YtWdILxD>McN*{-E8{tBaZeQq8_Z1C4gej=P5d;(KH$ z86apUn_rJ?G>fq78gFS0jQUmtd~>~(YsOB}?0)~dXfIV%KJZ05{kdobCCH2^W(lp0 z7~Eq7NBxbAA_A1wpr_Xp8%dxK#wP!@YBuO9eUC?>VfBmUL8@J&&R3zg?Bqk%icd>t z3rq4p_-J{Jw<>_<&Ahj6r}`g7aPOpCjMgf%-?xngJ&Afl6X!hFTvhC?!UW=&Y;ME5 zOHa|Jf9+=HWe;SK42XjJhSutev)Dt4jL-}6^dq9RACz z+v6f2R1qUMJ@L)q^Ws{L)km2D^+x;o?l9ygd38$Nbe-n(-DRXVe zwbD;3$iby2a0F=%t&Q!f;@B?pqTcSmsWuYeg3+SCu*6xDMHOD7oX`8kgb|s45MwVg z9L$cQ+)`Pu=231bfs$l6UWJJ!`robraQJ;X8BPS3rFsN0gZHahKoa~rP#$VTn7_T2 zB1Yc|jo$j1>1o;j^XWBb?dNR?@z0V}b!9@kxiO#S1(7Dkxal4~D=_p=Otxlbx7K<3 z9uD5yA@B-=tB|nr@AnkCxw!p|j>QKtcIGA6*g`lB(X4wgnBg_kdm0b>SOWq4g%#+i z+JBZe?YF`4hGW;_AIrO$yS#KovF(4fMAh!(Nem)GSrIGOH!kKFET6fvd08|-J9tk6 z9h5MH?_wWg8Fui@tD4yr1fFF18E4JY@2E*IXj%vzW__T*Uc?Dcr%70fWUmpL>9 z@j+qn7)!cJ#RB*rO~<%m9&s3vAT?In0g^%C^bRiao&>qf#lh&iN9z4&#(=)F2eW6( zc*qneyMdDu7mm+qb)OlohlgGgL{bkZp^Msd!&l47%hj4g@vZrH^y3ZKL3KH zQ@o6K3V2c+2Dim3wD9*mh%8?WGmG^n%FFNP+UNkErcZN6AS_07OMQkK>YA9$n zpeb(;+8Jy(2p1(~3kO4CXXMk!FPEaPkETd))`}*h`l(8rUtI&3kn$K)iHOA(rT)0NH zyp-}E+iaEeL33sLr>Sxy=-wWqYS@ttM@sUY$$Oa}z7cTJ<^OE6i)WGZRl4$5aBbjN z2*%QT5OJSw77*yb$f;K!|6Eo#w;J1^HzWT3o@)_He$pmbjd=gFt~Pg+p`d`&r?P7q z?mY!VmyZKqpEU3l(KFxjuk$%x-XOhRsVH<)`&F%A$zpdlq*#o@i_s>SvCONs@y@~) z^-p{!;=v#PAb9?{SuLRKFs{=wO5J?mm(|`c+BJ>-K~Z4y%>B?pbELAF zBMfq=;>7SD>y?T|aj#qBRW7Rd1 z>ALK%Lpo*@-a@@4Yae!vi=osbWL3w*KoG}?BGL@8(;@onECoDJKSgI^R{XJ{zm)=j z(y2;`^7lIoNXs1^`P|ywt?z$N3#q6oXuBeBH@6Dez3kE?d29D$BQEQ(o$st!Gd@~)EIVWhzs+Y=UT7k?c1)ne^1$isolpy>lqQJ& z>f}imQ06!4>D9|B5KQeFlICG1*=P{}=>D`~9m(C?RmI~(bI5o1^tuf9XEc)=gD^pq z)4bLE-04aG{L1kXrJn4~BBxah!B* zWm+T}yJqp?fC-Madnc5dFq_fz0Pp7hScW3KP5vepRW55xe9fSR24NSGn7v4@`$EiE zkC0F6#Kff^M1Juvzq#`W@w!S!a|essmM6YMrlqO>p}6k_*Q+jjMu#`O>MwB$Gemmxxw&!KZ&KUE48;EbG3y+840~Ut zCwqc7RO5-Tn`zn8z?XwyG*bYu&6>ZT`)ubpYu64u^$V6!!e(|Q-y#!=iwUl#`E1Ck z^NA%{K^*QZS(Ph~Y|8VExf;JFnex32m)iI3sfcNV9)FTtCU#H%M!6BWS=q?XlN)YCGM`iGpPRd5(R30_!ax(1mwqjsc~p z`>d4qvf=A40kPY-<=9C^uBhBI%#1OL!Q`;ZR|V(IJiMDDNUj(Nwfpaw(LH_LuhJnL z!EYt)6^3-9M$RShUA&vSP68#oex2z1t;Ho#eSgJ;S*d{U`FH)zhma^Pe$VHnx=u!J z-8B**5wjS8a%*sTW!!SE>4jCgNiuSro;2D}IGfZ+b#3FVxP`iP$s@bGjvgV-^0mUf zRd1bj^S0d$ZD=~Y+>ur_zl19s$&j1L5>GG5f)+F2 zitg9<65WptcM-6E7eq7lwN}r`?`)fd$Ob`*7JAFdAyhDaE4RyG>%6>MdazH|J1dAe(MpeuD5@@!ItXx@L_Fbc7$22%z32*=BnF))FFokGx5l%T|B%ws~VssW}EuiEK z9$Zt34a>0nUY|ex=8fxx-)kT6+YO4So;e8%=UBTpG$WIlYgjBE7dw$$fg+Blv;IgZ z`1jq#Px|N9i#iOB@91jU+Q@=b&F>?vM1bVO#vlTmvroq~s`ui){^PBML4vnWSm%?Z zDIQSPhcT;CQO_f9YK3f2!gPcNMLfWA(O)>OK z$T?ha@_>Mno2tM7nTy>gX=q+(Fru9t#2#yma_N0mI$?N7M5hqWyNenn?Bs}7Sh=o$I3g@q`raulon+VFtq{YYSy0GDn9)2Tp$|MJBD zv~Ytdo4$a$HQ*P>=78&H9?GgnZqL9Fswr-gb}!46d0QVhs!vBbs~fzhT$BZ*eMShI zvaB%R=7MXt-z$&|@#36l9$n)u0J>s{MKss!+8l<@Uf_rjCmKaAYOQjUVxO7M)gg0OxON*}E~;l3vfM8JvvNqo!>dc}D&jiNvM6 zg{?h_8n6a2BsDyJ9Ljfd8Fuibv^=US?Q(`Yq_puVzt)Qm>{pFBdner$XTQ!u3te(H$?@0yt|u z^v0)1v)mOsd|r8N_7e6qsNZn0KL5577)p%vW`FwoXV5$P_+SDQjP`3AScXwwm$zyY zI^^1AJKW@T2gSeov%ZK!zmK{<8tK1PXs~OS`t(WeXDg&y3mw_*4(T3q;Qjsx3Iyj) z+QaANb1v;uS-|4sx2@%6l7+X8#HCS%UuIaN)cfOq9K7omuEO zx@;90NRh%~pMSA)AjTG`qs|PoFT?+*Q5vYFQCXN83Seo|?Ab};V<<_XdclfmUoopi z)(Youd_PCYcCEV_PGY*|V3Fq%9T?kKe+8^mS(Tq-sl7WM2ahV@zt3di>$6x*&UTkW zakk0u6-|-b1;He-gWj7Fy9#nguz`nmn#ndfnE%#9@C>7OBeO6^nll`bm*zRHm}fxE?uJrXycBT8oepxK=mRYfsB&=ZpWepNGtMFnIS|A zvlcb!c7&_Z-p)Wu6O`LFl~5zx>ag~CWL+1zabD^Sg!l-C5GX;~8xi(IQu{T4#h1KO zYa!XtL@tZpV7aAkJ=LIINo zYQ}47fk^`mHjoaL#Ws_xWqz<=QAN=n_OtTF3Pu66eRvvwmCQj?FqqRv5s4nGWCps! zKMMKJgpH`7dNF^XxthU=VTDgYj{lJb-{nB2 zf7QmuldMBj=Bg8Wc+B>@x7cKrrZIkhU<3^=Rm%aRvU zQvkzEzEFe%?>>O3BO{2ok#^|_DcLq?F5N01py8xLtH8kTJ?X#O84$j@o7m<(&jYLH zs~xMb$E+|~In67?Tdy3DIqg7&SdL;50zaJVH!rznE*6Ec%Oz+|Y9cWHE*3?~-8($` zNl*8sj#tpF8#P+kx}>?}c}uP*R_E;4RY_}p8Tfptc@z$P!Oy#;Rj{54AN7?g-fjfC zpA(aCP99EYN<hJpZ>&ZqJ^rE0 zEGK)c+b4s_9n1iL0xGu-McMXv5q&BeMV)aDphX13cePFt=G_A+#%|uNLjwV?Hv6!` zMs2EY6938S$`JmW)y4ZFBPaH}A>w2^&6R55!GP~Tby?~$5dXV!^$4+5vHXc`P=Euy4P^@k_Od2ldN1wm@sHKmYvvVFdK zSo!@8Nf0(D(9lhsEy&})=niOzLSoEx4|%wQ312ZJ(zlKCdnj@k!Um$6XB2b}U)~)l zLKYJLlO5WtqW*1Om1wZ+6pG~7CGiF!u7><#GR4bxw%}5&Z~?YC)KVTT*QkDfG|B7a z^BhFBU8LQ~k&tub2PHwPK`us*;mG%*Fhch+r?LdQ0=^+Y0NKmNmxv zKD&Mv7?J;MF3qT8zYDq$5!0WEV;uvE#_wK{1{X$4<%ihWyKLw$7)Mc%g^2(5#(MR; z3)tqJ2m)`e-_Cw=wkFEYyf+j@Qin}APk@XwMtv_W()-06NpLX$9To|bkVPJ@WBi9O(&$nOb9IOb_{-@! z6w5;rDE-GS+C7l}p9u9517E;0)bU4#!f^``1;2(%&;#SV=U<9#iggMmEyX4@SD$Q~ zCtivbs;J*i3^JQB2YVjYxeHa-Mj1HQUp4d8;ADwC{D%-?v6e^ifs$uGN%^}zR6h$( zqM48KTZcuW(Ud)RAB_a~^j}Mi_|(t;;-g&8@A|++x{NS5f00zZn=`@j?j$HStuHuY z^?_E`4DUE}(2GBMmp1}#Xxa5e6++nk7up$R4>2mk#ZLvnBR~`pRWuLP&!#V_Vda>qQ!i9|v_6XDfxDeQq{y0fpW9g+kHb zS=(*5=Wl*{&KF3MyWHxKA-NPyf%`>)YM;>jz#peDfhN2c&oN6@4pV`TO;ilv77pCOdK>WEV%MJB)(Trq2YJnzyIQy zq1v}b_)}3|fairfqH6ZNXB78)Ngt4viNPc`B7FjE+L``Gjgm!rk5koJ-nzqETj$Iy zmw-xp{Sm4cyNgNCxyz*W&riRvL~0ybd5`WhuAHb8u4jmiuPh&k1AT6bU{#Xz4n@!Y zFk@xFS`Y|bla@Ojh)Tr;{jwM!cnb${*%|`%ZHwg_00sGx6uQkB#t^^G4ejrE`~|7v zSbzZeYV;A(j%cR;ExERZ8B^Y%LHu%*|s;GOTOLfXw%uJk>R9-n}@ zO|O@qP-~{q!nSDwmbZ`nSv%0DmHoA&ggK?S>DJjrR|Frw@|x`=X=H1+tUVzDlvTc*DrobZV!QDi&UcywpdTfI}pUgVLHa`fi}(L?h65z zV@@KUE-S!P07PiNn(HR_W%2(5?03zH`zocSXRO!v23FJQ(>BA6WTzXA|99U@4%~Al zn$xhqd<3h#z@dARSx<8uxX&@9dRBqkg1)civnEDc*zAaWl{;Jd=wm&xYN36Z6Q9~W z%h9-JIT_u=uQLShN0-P|a%&}6aZc7czD=;Qrc6`EH2xafs7TQj5+p#MLJ|zWwH%!S z=Z2A3ap>Wq(aT{~Ynfox`@hk*8K1F|EcAsBfJ<=oK_RJjv4-iIEq8nI>5kJzeS1?9 zROP&Ii2h(EXXuqv%5bhM^@JR8PTh)YlMU~5PT9SOuxh@O`aPtatbQw1qaO?oMfcQK z&3)J}oZ12}SEO7`H*by#O9coACTl~pSYWhunK9IPIn+C$9tqqtnuaW%($=LJaIZsPwqq5qD# zM?YHOxBaE_bCByAPK(X+&ymMDZLfJ(7Ef>HIX{mGb8fXIcJ;f56Ovbzv2>ABw-=ha zl)ki;#={Xkwf;_!0t$@@*ICOMEf?zia;%WHcC?pngm5mBFz!4ic7JE55cObQAg2T#rn&vd( ze^lNoAVKNp2sg88_Jlkigw+%)6Rj+q&&r82LmsAH{p#?`(t_`pZi=J@jDj#_%v$~w z$+gHn@PP+-5Q^1GD)f1xbOw7xPuSWM91AE=#riOXGl8)!d5IuSDey|QVhK)t{}az3 zl`(`Y^nH1-baoYzW(;aPXw2v9)-RIvP(1B-7p7cJx@bPzIF;r!>MGEcf;E9VK@I#q zjXCce=of|~J7QLfBB~`Qh6e-5M@GW&nB}4=tF}yoNIV(^IYAclmNqoO|9vT7a$tEg zvr&*7Ddh;s#74=FOn*GIJe~2^!uKxJ%My$%vq0^yBeHXcR`$X zYU-c092du1V|+HstLj-=xBd{WS=P*ZE5ECP3ls!c+m2Zvb^HDRV$%%rbilhpN?VVs z5!h{vr;s<+>hc0TGSJ5H(gO{4mjY2l%&AMr1Uqr|e+fE%#Ag}^lQaF<)VxwBWqkPn zE?L;M9_8gIw=}2kh0elzTlRAU2~^Ox61G)&qP~h+_tZ<2X4zaF=I0(WsU>(F=GA;~ zKoWrw%RKqx~f|oQ{FhD*%{VyQkS+Xx4G8)GR9*Xeh=Nfb^%VEuk{6&*Ftmc zIGGPH@FT~mc(Ga;c;7CzJjA0qzXncI^!ieIUch{kQ3EnK(i{m4vcl<&X_o@V{^5=3 zL?JOIRi|v|4f!OEHn9yitxT|Hz`vjl{d!)1kGHBF9Mef(Q5-SP{1V&i0YSAIR5>vt zndS+%V&~Jrmu2+N^}|-xdO`ycoGtkz2N4#Eog@=XjGqVDAVu)v%&YO%;=yXRSQJbC4?=R^UU{?YqILIZ)6M>vTKw+APt#+d)Zh-twM$qXAIlpc5v8*_ z+4Z6QXWs1>eBY0dIEsxN)D%a7-F|qpmV~^o#J%ssF5L%?C0XUWHR${C#MSjr@L>Qti?g9}ThZrY1__CfAs(oTOmH^^Y~A= zPkP5Y-QtaGC~46Tbm!0b6?blr9yf2E5!%F-iLQaKVk;|HLXKcM&E~Wov(#W~V)Q+B z(B!^gu!sR2@K=eiQ9iWEbF5JjUZ3%ads2z;=DFHJD zJo9Y{LMAbdZdlCJ%m-!$6Due8xt@20SK`c*b3jSj5em8fWH!%Q%i~ocL1fYa+farX zbfx8W)InqR4uQKIJ0K8JuE-2Y=H;+>H+AcM@Yot0NeA^fPYyRx;^Ug2{Jawqh*Ebr1dRQD!=M)j;dYtsNtQXpT6P zF?MuOJCilTP>B*YdUx&{d@0W&1K>ygrmha1f+#cYiiC7Cc)%|heVvt;bVRC02%Lug zB+t!Z%dwN3L4K68$M~P4>VQp2i$11MxsLwcyEGwR#MUHz^iTPuk8^DepAb#Sc*zTU*}z-#nzf%VkyYPc<+z_2 zu{wK4g#qyyOfL<)6yyn8KYI|)LQzUvIdu(NP&mmh{6esvnX2$D!0at6vd(quU^^MJ zaFI&s!UqUr=VT;vp1OgGPa`5Ordr|D<6Qedk-W$EN(+qnp)%M*~*tqg_56+ z5_>S`4q-!U`lgF@H$Z9y)e*k!rMdyG;>~f8E=GoY4uEe{iXEgA1RRq%b34A&bK0#6 zDwR9jU*ELtd|}iVdP;O}TfMlUXY7G0gI(`0Lg5L=H1$B!s3b&1(OPtv0Nk+=Le%iT@w?P3`n{e>YqE1Tg;!UOP!I2f^G zs{`&9BMAFav&{=)v63JXQ<8fW2gJeGhmw{2qNUMeMk29#zEtCPg#_q8%+@c1*E{`d z226exp%=k9-}aV~2fauoG#wTwGvKp`nGd_8-l)c6-oCx^sBtOmJA}oTqGXs5O4Z4x zB1N6;F9}|}jx!0Z^%;|HbyQx+xy##PJLB6m%JEl%NSaMmu)GeP1Vp2c2Hs>DHNVID zoJVo1*liW4i?&2OW!p<$O9>{`f>E*Ea(=O#?x4YS%*iWkUOJED_+LVOF#udI$TOR~ zFFA{<+8#^PSbBeBx5TbKH>f!8htmmnk)*Aq5$CZr`UiYh1wB_?zfJ}Kv!RD2R?Jtv zDcnmA2fwwSe@tH&u3aUS$sOf&U$fM+!|b})B{#=b=q9eW)CXLyqI7zWtt3k;YE@4T z!dzyEFv+zzjE0Hy#A@GFoB=Up(0i?a-G@2c{`u;t<7O+^kc-3F-VV>c%Z~aJT_^yIbIqjw?~|oE$#513r4tV zH(K(Al$Erl6%RIDg^UwIAJ(2a)~SUf+6Qgt19Cy)<@j6%JY^60@}&z|t}NkrD7z~+Mz37QxYLBRDW6AX z&Wu(LMP`}j`h|H^H%Zc8vl?B$+AI%DO1>hv$X@}P*xJSKPefdK9*S((`f=kZm%L5K zhWBM4;NiJsi{L+2ILHq_-s2wgqGD#k3A^9OwI4)h=(s~d(%{CwpZ4VI+K9Vi#e_#Y z92)+%_8Bo6usgql#d>H7lAnsEeCc$)6o{zt9Vdm7EZ`^8T35xO;usNRmSt~eQ4)50 zfCu<*{0<2l;_WKLAge@PcoG#iNP4DJ~XPStHRipDy7q$lT zX0&e1&}-uoOQ&2`m-sc+{3Z5UKhR#oM(T*Yj%>L(Y<;_ZR{6s57SRB^fuS0E){D9O z=VHRKp#I0m&+um9NKafy8ZqvV+U@1a&8e0Ee>ttZksMwFnkTKV-V=_|hyOGbYzE0|Sy#uJ&c7Jzf4vp827FQ^aEBjHm zU5m=x!YSLFqBLs*Rl8-E9#CYq*HS!!-;)|K`)0RT2Cf%>o_L+%FSG6&DtE`ju5@>~ zUC6Khz$D7yUaAk9TuN3>eNlhB3IvpB>=U7p{*JCsENZD7~ zu-n3oC_*pw_TVV$BHnmEW9S?wmVLfdvcGxLcWCa?Tk$R!4p#9|iTjAZtpPP7~8qxs_rpCl!r8WVS`XnaMfg6=@;QV{t!4-eKEUAbZ%%|{1_W5BXhb>0=3 zxLKdHTix~XDBVvkvPKeiR>GC)qjjsDW@WkJ8;3+;hxnAQ{`160`XOPgs?vc<0#6hf zo#lGs6S{l(%q%Nk?!tpknV1zyFpSz=>7AX`Jmt+eOWg3zOT!Ow?IU>#YEasn%R+#Yu4HbjD@!veYu}MI%ZoQt z-K(@&6@J@hpCV8sAogx9bp{9A$N-D!wYy*H`GQ4?U5Y9l{mzWLb8Wq z6Hp-lS)Ai>*`2qnY#u1)M4*F{)4ekjVte(Pn7eH4SFIp4fx2pXv~wazuzSLN5WqA# zwJEz%t94cpnwnEIR{%$tEONeAvX; zI^=kl-4_jSRE({bLLT7n%M5gDEmE^7PiUV6Z#oME5~?yO@3*#A6shlF*}ahvp^u_? z7XCUnq(@sXO0x#4Mqw#>X_i^e?FM|I%GN3xKVmL~h$)aAB-h;5vrQk*33=SzobXF! z`UG2%5QqI<%QHh?`JgezMFZhdxFglhF&IqeMv3;J!x%!zvOu=IP7dhrlp}l~1Hcg& ze_?D~&u+UDxm9U8b8;x7gBM?!12}*;&WiSr`Fo6$M`H_`FxhokR%QvvHLFZQ$Zp@)xAPSe;jgBN3Eb}?ySy&}G_lYd- zff`d1FTVAXf`<84IrsDdx!#gZ3QKdp)@Rr9LzKt@%PWA{TQrc4RvjZGnp9(%gweVD z;9%u|z`>OYMcZAoteKSDfszoA9&?xA0)6Ljs*6-|an8NhNutx90bO8Rz{WPtf8^$5 zPAN#GKmB8yvR&mOmWYV?VDln2lTu$btO#~+TNso^d1oq zSqWz0ACVpr%e{|@ZbG0kj9_ZDLN^mF1Aq*=LJZAV?aNXnUG+rX+Ghqs4=3Iy6Q6b- z3tMmZk4_bl6NXQy7dE1xNq+uHE)tp6y&@NmtH+)j=E{4xYi->NfDyHvpgiQSPh8!N zo+)M2v0V|zEPEu$G;9Wpa6hbQhivUuHKQTrRYYAlT-I8)&P+&y?nNqLn37wa%m5)I z+gZW#h=^DYBj9ju&cCT3BjemKfaU3UDSRN8@?{D1ycdyN>B^|;Dk6ztpAd2HqJjJC zv;FwM@<4X4>pRG2^Zw!mmn_d1Y@>*n()*^#lA~A5+NdW@(BIq3kwGqZ`(v9W$@OQ^ zN7e|%K>p!wpHyR($nF%N8Gdo49_&{ty|BD!$*TBF9300%hc(A89cV#Ufs=IoJ9cuK z@O`yv{k7RU>(y76#@GXx(*xDMG}rfDZ|CUi?z8(}C0|`%F|Sv!($PhDP(a6(`iw}v z_zh9l)>05swJFJQhTLRWXQ_o+em<41P^)#MSts8N1U%Ki*;2}ZM5vhDh&f5Q4OQoF z-6+iRH)U(upE||l1*ih2e;CnVI@6(V8zvGFnI35OFtqb9C8ym}IMJGYX1<0|u#l~x z38sSGNs^Ui|Gny;LkQtFOauXwTmW(iRNj#+ascYDHEJP0Gnh+m?(9*%%lWuD)ss6tuWNBp|e z3amR0cyIJ^`IP)oLwFB)E*i?9-EHtwu>IsfQoa7U=l#pC{W@WGW|4df7v|{^3T)AE%p@}mj;7BCmMm6C=n2m1);9=38xcKqwDYdGfKWI#ORu` z7+kzaACQ~fuC^$AHo7N^-nV%4&d*9;A8239yf))LQU7vC_X!pY2}k@#`b)U+Pexou zll#xZ-E#G9&d({O7E9p=lXYBF*E2uFgxghevWSQt4>ohMGAXawFG3j%wPoSBA*hpp zSuqs3q&bG8Y^fL$(WE+*0@vsPraT-2IRU76@>Us>N)u?RbI_%oNmtWHKdxd68r?LG zg1MCB6K~1pR|W71QF}^e1Ym^&%FN$WC*I)oQt&bCv_{I%tZ)^&tab4qCTFmKj#huxty=21hO_wfYx`egM0)2?KxtpmcP`Gddas1 z1lY!F#rsWC_JceGNJ*WH(DGGe*fit)sW=AX+6+9tr4MYzIQ-r8EM$U$24Hvv`y6(E#y!P41zKEg>2e8i-Kct@C^zmY@^Ms9c z*dx`9;nB)W1J%8#ss#GPjP zZcP6$56w+C%34E2LVxm4G}+;*4~sK0KVGTct^u9*pR+D z)5j}|4s;G}`Uh4zE;tvnl^TLRgQ86Bt29k{)z@ok5>>4;+UH( z<_ZX6wiq;4OFXB{dNBMo^KD1w_{T9GN~*&T-)Jg5AVrt8n)^N4|7^-^BW)*o#}1%} zInz|FVa>X>wETrMucrPb6@SDFu+rRNX5;QcEp#p)-|!Tf8K&-vpKt{@;Jg)$86Un~ zX)Za!2hIE4MkfLd2sJr<*}N&6;JVbRdo-Ajc`za~m_$|Jbk4mvh(zo!BK5ntA^idL z-z!3)`iK^cP9f5*8~d0dmkk=6S;R3G-DF0L4C+Y6MH+K3H}r?@Ux1Chu&LM2H1$ke zE9*D2cnb=(JM=bBAK^BAs)bro=N9d%_qpWkIqlH!XcLc3%mt6poU^R^0!IBDXZ8%y zTsDGqn&(vXZjO;#D@RR3jrgn;?MVyx`V@7eqi?$CgzvXNk{GJ>qk47Q#{;dtAWt3> znf6>N0OQ_W+9xUq<32Ik*BmYQ3Q-kWU&NQkkV4@SHpJrCELuG?aL;j4h)DI@->sCd zM_1hdXvo=Vs@2yurj!&kyHj!>+rk3+-ZpiIv#u107!shvfD?I3u|wh&8?biJ z7L)9B0>_@?+2Ae4}FXT#^P6NERhIYUPLvps~Bq%Z=t$IecO&kn#8E(hz9- zLPKpFR269+-aEU|!YkG`P0;v%)%PPn%I^dKS)^3Q1){>Lwyse-t$>$7zRxu(_-%w& zrA&R-8mQf^61(Ke;&se_B!Rp%jx)r>mtP#HSWl>1bF>|+w@$VcQ1@t|$^!0VyW-lG zZY-jY5^ND17ebtnbC7Yb>SkRBS{Ww#Ct~zDai(bPkf6B}U#`A3ttXWG`pofT-m$W7 z?4VG`#6>tg{_VLCOJa#{Ak_0o8W880Oan}S(VB98I|dIQ~F3GQ87vxCa=;&hx(V@WNoR0UjTJwB@T8F zyX>`f!Um?AE(HvN7pu1As%^GJ-dLp~nA3-PT z24`C*Bbm|vvX#WNE)l>$T08&_eyJY=#y*4+^qz@C?5{XV&Y(s=NQG2Xka9jnIC;1& z&>XQYhZnGyjx9nOKN%)74it85(Tf_=Oea*fEX(OSCvJcXgtZ(7q9F~b6WX^)Ei;Yt z^Af`YRq!D9n6wFuD@pK-p$`112Az*=9;l_y;60eSC@;yE2csJlEu0SUR*~V=#pzjC zQI21m0HXOe#A`;1SLgKCH|KGe9nwnUI>rSbLsrli04+?v3hl*xr5iStiVWK?4y`YR zL$?fG~_|ivUs*H$BuV3>R+sZNhu+)Gs|tY-g!a67U7UEe~cFzIuqEX z18lTi%sUB*9?vMMUM1Bi=F}PANrPBaH`U9Kj&NCK&VlBKCP-dvxJ&hI!rQ@FtOYrTS;FPz6fO>J8~OVIInVMy)@L-rrM~bO(ST zYLaNy?Y~EX7z+zagTX#A@{J;{_eL~Ivf4`M$F)NM%Kr=-2g_Qd=wPFTW2SK%Ih1I_ zt>$)p-CGGza94RCmdq|!I{%A({gfOA&C%ClXL);N@XIs8tSE_$v zbW%q&tmurAVOQkNU`JiQEoN26@QfaW-kzcg>`@Azupn!tI~194ROJ7hSZr6H7#>@U zzl4B#B9jSfgv_CmE?PVTxy5D+MffGz?Y%1n&|q&7lNcL0=YJUhMC`BNpy#|xHexxn z#PKo;!x2^+a#*V#>k_zJ`w=JpMEcwlom7^IbGYuz5>c zM|?=gf@eqjDwh|;YGYZlny3lKJ^ZJbuoBK?Z&#@+?MU7W+ zx@gdZ$A)7|%mz$H4TvMTdxj11zrqvcn~4sjfZZO<^B_{#nlx_$V-gVkt8#(Ms6e+M=*KQP6>DsbQ!LUTBfbd!Ke0E)0-Ur3>> zdDV_ia*J4hN=AsiqRgdh`@a8AcH1LA)9}#EY*rU?tFjnd*>Sd$t14SQE%A%Z+A3mB ze`_nkkCD_!zfnIoDjl)fd6)m#V3dqv3ob#_)m#^2!mV+7w(45z*8l5x-K7B&iq822 z$;>rk=RFe8z99C*6j>q3C|>qIa7-NvRKL+DfQP9T(>UoQu1Lc(W6cx{*l^KGW9-(AhsJ2aovPrTpX*3;X~~SY-&ej_!kaf} z%ORfumcHsUr;IkMOzQK}&$WvIZ5x+c_Zpc$i8eIc^vMRL>e{Dy%WURdz8O>ExA~VL z95HgA@0o}+#-GzOXd@|wTf53h9)4Apz#Te0G1%~$>CL7G%dq{@^o16uK)lC7xi$ca178b4lE|#bl7;7R!U^=TH zJHg-&XHSap*IZO>MWWDEefP+;?rV5O`gozTG^ZbuZBmO0;JepsUr2iev&4sC)HpXO zpY|=LNNqjlPaVlsV#5wAGgD2bs&DjTy*@$ptAKQF5!~weZV=Bx*A<`w#uN_6(DR){ zp1OiKApaa)5*)ZGK6V+7ArtSe(hDpcyu`$o{0A)gAxs{)6gru>><4Ka~ zOf|>XClTWwtX(+qjQ1+=s{0)YGG9^)H6QFW>K2-RU{^f9y@ZQdr+rEmYXsL__7l|t z=Ua8PKT%|nZAIVsnelGn6q4&iQMqtdftD879?wiZQ$=DCEkzNf#yxhBAMV(j5@O}{ zw+sYw>UI1+689Iz%hfk-U9OR_sD!EC%I<1x>8hYmz)VRNw+rh$?0_{^23}TkV zEhOQE3;nT3KdtS0$kRB%qe-b?JQ=3H_u)mh`!-_zkD3e@V=f;F{tILNS`ankk*d!G zD;0#N-RZ5GOmFI%nfO1gO$u-Oi@U*U0B7`ZtR20jT9~WUYw%PVT}BxmPbxNiErGh# zY`haS9S*_LK>TJyK%r%+@S2e8mjv3c@_O)j(0VLqDg?x##{t>HF%SOEpi|hf&Kg;@ z-pNY%G%d;j(&!20FFwYGrqb@hzY?6r(VoR@nrMtUbZf>mF`|;@yw$^MuvqPn@KdPW zl8dDGeP&mcaV3~ClaH16r-S6LLM5*yeqBQAoL9nN0XH#JIbE5gGHRVK@m2Peu+Q8b zz?5WI%Tb80_M2>-`*PkYCE=7sY`?BWG3iO9o2?9-Ns(|B0vD*5iAeGXxeM#s?cUpY zX4SI(lKoKR#8vSHPO>=Dy8Hw=lbNZ}SYqLv@7zqW#Iqbka*U!%!FC{xqc(tEz}Q`kS*eL%a~xZ)fmB(n$D;b+ZEgh-r(%iw27<(8Q{|{3(do zyXpSpSwm|$?8vK+?bY)7I(F$R@x`B_%pXBn zL@~AuMtWx-_mlE~;TG8lpKfo!Uw5a#bsXFz8V2{Pn9Aw|nOhs62JF2tu$gCC#;e9q zOEJbv+4W^A&~G+M$d!%w$o`U83G2Tux?{Ij%P^~R;HB(wl{~7chFcO0OK1xHeuC^1 zBEzrQwJ;ooW+1NTlW!XLLSxjjS9&q4DGwvL|3YXZ)hZYaq0~NVf$+ejg zYi+Z!5z6)UUE(XsqmFI2Xo*+yq2)ucJxs4)pw*=EZ^1!_s$hkevKX~4A3%e83uJ$d zez=WN_l#;SzTaB=D0}i-N~{g1>M)t$!4C^5;M7p&^GS0|P~#TmrWr1Nu!N7wXo>00 z{L5w+bMq|V8AD5`YXd;^TN_%0G9n{!*EWCgpWmx#s>C}-3C1a~4FSSSpo(dQlvL%# zE~JcMCspT6CVW%m{-j%k6**lT(4@%N>tdNBQKTuq5|T8N-o+pfE`%HxKk*}fV}@nB zmPNkD)TzhC@?Q}kosX}6Qd9n}c+dFg>>ICk>gPRUi+-UhPwJ5@?p%LTaU?q{RI){T zBNVU!J`>R6iSuWrW3Ez3=}T7t?}EKuWA??tjEhR;me- zxtG#CN5U7oFg`#f7WI(Y(-nEzKY#Qp_y}7Y)oiKvW>h7Hl&Sk)4&yu*sS_+6Ju=bZ0VT;W!IQ0nuCB4dGcsSHxWOdU zv>KEonTk4j*2rNcw7OEWOZeh`g@4BRoa|MGf3pp!4n2AH`E+EfO)9t4=od8e>GQ_V z4*T#1PC(k~~p z*(j4e(X03=PJ)?!TPW^-Ww&O*&koU69p#>zZFep%c~0>{6E8jINCrC zhLEKVZhmt1Z7Guqtd8?Z@_z246900w7NN)sAVqNjK6PMVIiR8MsR303?4xg3tM4{vdF9^q15gt>o8`56P=kRX9(Hmfz8c_ zLFMn;4g9Ahiu{g0&Qo>+=U;(Hi^T=BrbP|UpX&us)%J}&V=)p`Z>eX0n)BWttgl-G z2W-xc4l!NR1FWD_ep?EB*a}PpDGMkuU3#1?o$kq8%zTx^{n-(cDI`iCfHB2Yb3wi# zDuqWnb#a(`ghM&W-;jzWHd2$t)3iLh9u&-cwg|-yQTPmWzdN^r=mYKw*0r$oqFQqy z>c;-(3OMX#GQO}AuZ6@CLk8VmN@J~ z{zYyq5s~6_o~9x3pwARK=qi@=VVlBN*PRmPzyvgxanl21G)e%QvvMsf4Y@Z!BbT_b ztVBt(;WN_33pJnfsAoaF)fYt`%^fq5Qn{oeVj4JB5^XkbX67rzJOC@ouBWL#S5=ok z*4SCvm&T!`B9bz_i%tyHHj6!Q-L5~RXTaNoY4ON*fk<}%t7r$2K0~tmnR26+6f8}g z!s&-UOO%SRf}s6Ua`QXjg8tul&x~I(yQ`*}>`qZ*s|J%*m#mjX79b;N;M7&ym+&WBk>tVmSz>CUt`1=4*=vi}- z{i680;PwktaLWS~+^$LeB4r-fU?a#o`WYb3om#?y6d_rct8VWMX(hKq>QDnoXBRHn0kbwA13m^<+ahO_Ehx2|C8rCOm*E}x{h>X6vd+L?N%O(KuQ>^$d1=~y7x^zNRdtb< z)L%?@qd>4Ex~kWdK^P7_A%g&Ru9}F!45Y6?T6d6m?p5j=Wa2P<07PQF&%}{#fTot%@7_Dsa zCUD9c8s$qelqn;M5%doB5yKKAPmh!qj&t~qx_ksyMqQtO{T1@1c^^VDwS7K=?4AW- z0@~rKZH7@rGxxlZyOoAlD9>3+C=sf})#Cd)S1W%jnLnWhK6C|Th@^##b-B`AJ@A&Q zew^8VO=Ik=(dG5PuFWkM{*`$eR_gvebB9&*uPT_N9C0jM*-YvX{N89hf>^c|55-^p z61|AID3)wNuXugf zLK5`%t8&c3qr5N%_iG8CLe+Xh8SSi8uqvq;;vUsrm6q0qg_U2;P|=*$DyrQke<%Xo z<2604TMJfLDv7<@Q5v;t#w71;i>2{;FM~eGs;G(+|2r^cf^sIG57Un|-Bgl|^O zrJGc?q?sRq3QM~Py~(Z1f}ss51{68=KmjUtDfBlYNJyh41@tH-7C=ETr=+agcmFGZ zY&1q1(0noNjs~gSv#HuE!4JDcp_b=cO7&I1y6E98k)E<`6fa8F612k!3Y;G7FK7JT zda)^*lj!oB>aa*IoJu`F^xT-G99}e<)^b!Z>DFbw(6zh4Pavj(s!&E8Nw{FFySB_Q zNw}}IYQDF@_y)%2CB^@GZp;mW2|ZM=M=vR?fbS75Xgp&3P;9({b*3AJKlI4W$I z8nFf$K$(^MH4OOT_PK}YAZqLE=G8y7XLBKynSFr_NWN}j2gg&R`Q$yQvb?T5qGX+3 zX>s+^hu;9qC!SatGQJeeZ(T6xC^N9f9>-kP=OSKsSfZ|~*@a(DYw6Gqr3lPwYqDn| zB&FFzCO*w8*7THkcO}p%cdjMyTsP__=fJO3nNOW(NM@PA*H}Lq3MeP`9wMb|s`a|Z zy_X+kzSDg_AwdXLv3R(t6@&M=F(=oaTYUXsumv7yMnyC&q(p={!EToAqCJ0v{|i!Q z(C)pXmpypG3Y?yb;{yccz({qA5L z;9S?)TFA=S_*HSQ<5$^?D?SRE`dGkK`F(ze=aVMuE6#3{1eY03v}fZ+k)qUSG50g= zH}YEGcW!K*&hadpj`_7@%%bap^M08667{VVMfD8!mSMV-YHc{c(qo7I+DP3o;ybjRrU_cn_Nt5>buG1 zVRtpPj(-|A$#tUhi+}5?0e-LDQ<(c8898x?xgM~}av;BE>ni^cNqP;msx3?pGH^Ih z0N+1OW$(4ho($^5xPfO3OkHq#$g}TRtLDU{7fskAysR+G&Ir;yMSO~^aGoHL)C_Lw zNBJFPwX|>J{cw-(XX)n*WUXKgXT%d@tRS%u9dUCKkw>EmO=#@`d&6t%3oY;7>8%YK6IrD!YbC>c!p6)EFBmU`4QqF^ zq;)Jp<| zL(&;=2)~$!vLKfGCm(m$MaGSq7CVeofQ|~oF$xP-p=X0hM~)*ILyK)X^>>%h6c10d z7qI4X*X{ksBB+M(IXp|d_cw>#fK;O4U8_#SlZ9iGB`lNPcrmEaPvgMEXXNKMPi|$L znWc6@-EuqHCMs5|cNuA4$dPZK{y_J3w>P(PXfywRIt*1dHaEAKV5*Pwvuj>C!1|waC*V z@s&@!13HY~r$dd5I&Gq1j`0$;bU10WZ#B5)Y1KJpO?aIy%#~s*-d%(3t@(`1Scf#h zp#9l#$}O@%_jnl4>1U0&t|1NpBXHIz0Nad+c7=jWGDjKoD1oc@V2mO4=QhQ_D>L>||kUpAlE+W2AJy?=4?M@C?M>v|I&OtF zs1yPGzvKP+#i_Esi85_aDWVIHQK6F5Z|iHKnC_lbt%A-M6fO^sm)Ew&Q8hDZIyGIl zNOX~fv;Eqnv(C(JT)a=N-r40Z3D)FsnIpfHH;pyAbI4YW`t~Jib2e+Z|HQX}fg@{M zDmC1z)kBl^3OdAWIH?1}0t}zgnt>AUmUaYU6{&ECe3KuGm8iRW8N8z$6!88E6iZzs z6(dNXQbFJanp%9Z|5>{h=+OUUW7c1qvHa!8nqJ7LI>~eDBfr*JWh>^;sH7i#>wkeR zV#RT&6m6^X099Uhf}Yo4mF9IjNAQflaYb4*$tFG%-t;%1IPXXg35;k`v+3_O|4Y%8 z*Ue)iYv?^pO_J(`SIn&yP=kUBQh4j%@Od#&_ldy8MxElc4&J5vR0OmV4Es|yu#Wk!KpE3wI!RshF}uXx}P>b?Q|kFd!uGXBT%os=8EJm^#; zU*YSGgTfi!6^Cg%!z^|sH}V^45wphNEi}apZ~WP~TZw%OjX2Yh8~5dGg{DcTR^&KM zmRbQH+Uhss!mUo*4{$(8Qp1&LE@jRPpe8n$`B9Bsez)7}HCUmHvR10nB$_VSf9Dr8 z4k7YvvSe`^Xep3MgA`aH@;LW0qdn zX05U%QiE}MmTIsT>0`D?JRxkw@rOV8szOr@Ic~wRw7rRxFFik6SdCbg3_1_fc32+| zxlA{=qsoEm0=ys(BRc^7_fP)UGBZD`;z}`5c3cIbA=P>~Qf%JX;t4k(Rvs|VifXIS zW6zi42vo-iYDOR8sdz}IP}T5Rf7MrKGuBCkg=6eE+Xm9rk$7o`9I^(WRM@dxsQb!^ z{t@gn941&9Nf}WzU9{MZ*yvs|*r}i~$jCVuf-=<9C)}Y`SQCfQ4fQeW&rKANe>Woe zqZC@KKrKZtXd}>TK^yV8VWbDhbwt$W_t~!(vEb(bXRwTwxo*Itr<9a$GGfL0f8295 zd4srLm$rYA^gZH63-cBu=0N9pBNN$>@^9%-$|ZyUF&(jaKVl792=VW03R0ah0=3>h zKwqn^KHx@5iC}E~-H8U(npY2FXsJHxqJ4oF3*-~*@O~K!Yp_nqV=AkYZ3b~p6c;AwQC7~eKY_{hP)9a$Zpd(wtFgVY0#kn_TT*r zmdnU#3J=qQ5RjRX^ai~U38=Nh(~wi%5lJY<;o|T^!QVArIX-PrwS5NQLLp@(4m0S% zMsxz^G~LN0j*%O!Qoh55>#L(+U}RfqrTc{vBON&_h|(k$ld(O#CwjGllG95`1F#fDGkEb6@7B)`*Yroc)F6EdK-&mJs#;-Tbl z(u<`?Nebflb|ub^zCnlmH&E+>ButRI9HqksB}U0z(-=nJa<$xhu{J&TmWC6E$sJ1@ z_JVMKe1qSQ8=4^+!O+viI`IA*8m~cTQj3{pl zpxAYI%k=_uo6rp5;KKbp1GVG*3@y0%Waro;!Q}PpBKf+S*T+Zzt(SoU7>~(xk=q6u z$Q__2Pz&DXQ8O#mq=e-L;Asf(kq1WLl-DG zj)xr4&`&h^dox$ECGIOR}{La(Q6#cv>#4;a4NZ$nl6Ih-zqahBYB`q zmNtSBD4yEQ)NCJ{KURhIz3Q~Rh4Sr_F{B>zk4_lE=pp+g0j61@ws(Gz_IpfZ<5Z5h zmlKL+V$tAOa&2r67&RDMLGc=<-RN2M^5#EVbK2zA9MsIic95VZ0SCY9ty`PZ8WH>q z1;=;QI=dBpm*%|8#!(CHy4RMQ=8D=y;PAE)J`FxM-(B{sGQX*RE~Fj{hdQ=+Y-}(~ zNP&coyzQA)5va*_GbhPc<~#we<_lx#={x(Nx_rXBuEepAq$l)TrfQPDj2~k4I@?Mi z=-KxrD}L=Q!&cXZ#;9bbqB|NNiN?O9L!5O&FwQY3v{_Se-NglowxJ1# zNy(Zd(6{qfbGT8rR8gX2WrV;h>SaV9FZNE235RA4$@6a(Ic*_T9pmboQ~T>Izp3#b z7SB>?e_<=q;TIS!9*7zkEe={v3$bd64Kl+(5N`smnCub!+?2_IdUy=8+CR1mrhw4S zyMlTd6tLmXsf{>9tOVg z7`_-rLD%K}lqp@iwo}n*G{9InWBlFJFH&wc!>M6ZOgwE#tD~ULPXwX0YS7xOwv|8$?GN;;Z z6mOGt%#v-vJ0(rAjFPM)q-Ri24xzyfH5g$5jYSAdV|Yb*`XoI6!8Xee`axm(SGHmR zzkvK92sZh{#9O;F5v#_y5ffV4^;ws+AM)u2qGaqxC3oj8qj3YG`r?j?Na%eIo}Nr` zZ6R$n3rP!fBX}-rS1~|ZSxvq5X+(OaKAk!QSQ@6j|wm8JsqOTNWo$iB+|&qprr(_ZMjMo4lFgUX4{T z)$RJx;t?C2qK0K93+(ajqhdPPq$Inap)zi1kC~XN)z{lm3NtB{)5Y(pKW5cu-uak_BUKTzv1dhybXQ7d@ZsMakRJh zrBWJCTC_u}XLoTGKMd1(ph6_u6kw*$Q)vMtN3XDhY<7#2I4>uahfA04<4lb5ix}s5 z%0w2Lid5LMKwbC>CKdw^Fxa-siRAI$7=}Z7R6{~P0827ok{og3P-0uhNqW7f!_q8P zPE!0DN#eRwjh)=ME-b&NdyC>x^!R#@_q0jvZD!RmTF$jh2$cWO@W{)V!CdWNThId3 ze`e^M%0Pg~d$MFd!R!t1I^(FkmnVa(49o0GC%abI5Vq*W7YS0mtSj={_rB9Zm7cg^uwyXWyPUHtebjV?YnJWk?LD2RHlY13}O{UB4l5vv0iGV z{RhJ+AaYAwz+5-!3v0t~)r0DD^`Ei)x9O zu#}`i`fSRh%mie+jj`%G?4d57dWc~v^oFFG5*SCb^SM*iP z$qyzf%NN`(ed+9QVWJ0-G<4D@^so|`2_GAA(KV)UoJ7TzZ6;C&AozPw^~$ey6@@Y- zv2;~EAjkPvMeb8{ezI*eok%9lrHlt$ExW%x9V$QFxGJ7~L(uXSF9ednd zkeoHl=LSBPE;Glvl%+Gl6r_IV^%Y889H;OBy?4L2$-t049j&Iytn_K)3VbW7LEuGf zWQJAe6=UJDD6j6hVSeCI>aim_%Kyw6Ig52m^>vnPx2WK#y2*dLFSb(ZMW(BHiT?gg zwS&avitKXKatI^oGVgDjr|qfqgIX90@bzHD`sAF2n^>5Lof{yA{)INV@3sc_l-W>* zZuH|GpO2f2eNDu$_%2g@=h|^nG%_#|!S(Ju34yB<)G^S|)01Esxl+9n=F!fNT^lec z;_BTS-8d~)v+ks{|0P`+y+R?7p4gWmS~7#SSG0UdQ@Qd4_ZA6{&>kY;STZXO=xb^G z;p|pKP4Vq6w%R%PfxGBQQ_+qVpGc^ z8rJz?u;|V<%3MNpK;7;ffA6G`ukho-3H$Z;4P?O4n;H_Nz+^tMAd#W0Hbwz2rAQAr z+9U-9Xck-V{)|JcNyWYriV6%7(EQ&)2}~=xdF;=c2%(g!azY}iV^HKkW&IUeU1E_B z(H;O_UiRW3iNk~I0S;2v^k{0DGTeIWs3cIHm3&(AeKtB8L& z4psh)6SdBcHm-*@^ot*c%@AF^oX(6Z?s&=g9#2b$B;1nsWB{~R3Pk>ZS@xy$mZY-C zZjIlpGO5m@shul!V<;^Z+32LL(hVTgfQ@se-O(-9#!VGn1Y8w5i-6k!1^uojElE8W zm5pmQj*^<(rHmHw*6(xp1yYMZY=2bz;fR*N1dARFYcNaAapSm!$zYm^AJ80?KD#+3 z@ITW5RE|3J9TG}??=5tkfrj-`vc?x`E>B=~va3gl1yN#Vo8wHm(@I!eQMqSMem@~#j^=EtgtARMd)`IKl^6G_JBhv zUdq<9Jaz=K{IscAy|WB8!|UHw^1TCT3l zD{%#!j7*2kbugTi--hjp>0R}-+ihlPsXl!?mP3*r7^@lYqk^<9U;EyU;C}I; z)tZZ*Be$QgOw5#%YzvzB_g$D&%v8~a0C`gr*dRldk5&H7z05P|kRH&@s%XF{anv!# zLkW=-yduWc>Z!6xdz}BfyFEI5l$<~*y&+v&qruaVlEA3mZK|1g%kB&gE|_lLVk?39 zC0GpMBV4ba$HsOo|BfRm@aNOVt|J zWc#aUDDR)xs;#R?1ZU*Zi(=fX%0iel*uHjhT6c1lEtZD`0fWqdkM3ob!COzdnP;^o zzeL(F+>k{i6!sZ%E%|VrjX_wDKCQ&ueZy7B7j2w>D8(`R{+X zGbaR1LH2^~kQ>UuM5LKg%7sPy_fc#J9Pd*otj6!m22_bpAQoTzQgO51G34-v{_mnG z1ko+OfHk}}usNOBHR|KnSFQAyJ05(6FYY$G9^V#4U}IQ}hNLM{n|WU!(}C9jyY zHTmQphgfw|cW;??0iPEM3oi3=j_0Qrf9W4Ln(>*(P5~t;2{#w$wCCpE?I)_Q%YAOO z?^tcs`#wo;MScD{JN>=u6fy3OdR%Ym{e5Zh2cOa~PU9!fQGtL$+XnCbAa_ggQP@AC zzFUmSO8snAIY0Nf7ege*7bgKZ5y){J+4c2(cfi=lx*YdN(Pv^tuIa5aDq*>=GgP^C z{soXRKyKPg3MvLfG{txZQke~j{A=yr99DemTIfS26QKzu}69S9K@P?-1hQ?NT zlyG-OeQ=-2+aq>%C_H}FZwO%45(G6IjM6($P_X7h(uY{IhPLuy0`gQ2d_dOUYkb81 zH!vZY?3g8hQL}p-Bax_VS?396RNm0yPLn}8IrQbw_Ll)FM9_@oOpD);cR3ww{jORz zRkF@oF!^gibWbIy$JBrh%g62U9Nsz*;Dz>4V712>idq{b`Qr6x>5RyRu8$X`cwSt( z#ki2OnHdwVMAioAZrF(sK>`E+#gsU|O%}jp&aSYB%fA|avJ3CRM=9rC2s7s z*)kpF$PXyB;n7pue{Khvio|_uj1IxEmg!n;3YP_SIYb$uQOuGTpCwZ4$Vq3JjNTPj zC#IY(N+W!)BmBQj{2a{JYY-Q^9MV1QmwoLG*E__l_s2Yn)6F}dW@r0pt=x5lQIB2k;rMh@ z%i$dY9oD2j*_CiA#LAa}pfYFwV|?Q2x&Wf3CE<%-Ry9UBrS{p=q{DM3CaYqUKfZakG)8*`}lJ0d1OswmxO+ocjyL2 z%W|E6N`qz$ff&Y+1qiV$Dt_Q5E&@8%HymewKJH~1Phgj5$>rDAO%Tk#u`Ua^(knwV z0JCRWWmL|A(;f0`c5Ht3@wQH1!aF_oYAjVuCv20<((`tK{p?cMGyLFc+`c}09U7L! zpSHKnht2nkuk`Bilzi}c=ln zJ$2ur$*7RM&0bQG%fY2+5-&(W_a*5VBb6D1FS*Z_&Kg>pDX%j%<%)6Nq=$7{GP|c5 z%Pgj(E3an=CcjsByu$@o`OYm9njXsoD@)UYALG0QO)&xL>K7Z&^suCoQ(p-GtLTGl zC(#88Qb22JIXPs_n!2bi`9xQ!T4^V$#R#v-*WE_q4c%5SQ2U--u|Vum=6H%1>&j=W zvejFW=swxv_ayS16&HHnS z+kSxba}lNzW&f49$_g#&%xox6a$UB;D^{=MoyiS_ghVuIjGi{on@? z5rG=7?WwWXHvYPJ=}5)KlpjxxONLe}sQmGi;fWMVY+Sh@NSJT6_T#5e$)_HsDkN+~ zSfFh*tI1rP2~!e!I-is!?8`P;O456qgz3d{c31m$&i~qA%TepA_2RkF49l^aSD;n0 zX-c&=4m%F)D8gLYn9Jz{0#1`L>2B<4;g@~}-W=yY50$@Xd|V#jmLN0rnP?PT5=}_9 zZI5)|eolxYQj03hi(HRxCI_}QHEvV3oW|O?MVX`j+;lAgTNrI^GFh)T+oLczY(X9W zpv$qv-31#iv8Rw^q<}X`n_f-KoY=U4kNeM8^Zv-jB+ z`6JXOCt%B7=$P^;%$ok}G~E>)54&{LGo2A?n$%vrbKZOsFpz`pYYUvzqGiF&?|GT( zq<$bO<-LL24*9X&ZLtzbnA|^bP&)O`z2(x1sN%r$K_Fpcp4F<|$mhLAjYos>wn)b@ zXf_iGN)NudeWaBvFEuGMERvot4!jBHNc@66#dbNe_s;E!N1EsBlqY5fVT%Tp1-&AQ z@OzkqZ9g=?czglR8^hRFBYS5%)%HJPodkcZkz4c1`uOKC357+6^~vW9x{-yOnhu4B z4EJL{vG{t23zz|}(c74I!6N&L`R6sAa1_NGlFnK*YK7RohgzusbUWNb}o&t8mTADZx!+>A06aGHzD~hzk zg7o{QQtZDS6?p-%x!+N$tSj!-ia$e3O|)85q?g{IZ{5?Lr8_U2(BD2GP&t2uf2aG- z&FDSBnsGh);U`>jR9!##nE4mkXpPOZW-v^Gl~cI=AjTR)r#}$@0U(KMLmJ=O9nN00 zzrrXzGZxC1BcJ(%4_h|D})xn)KB<&H6U}~Ojw^8-Jb^V&k z)t?eJ}6S@0;ojd8X z$Cc~hT6eHM@Be*I7Hw^1`2@A|OB@gp`n?1(4ONp`T(^2Q1hd+Z9l`I`~`mV+(K zPY*3^-d-oqa=~u^(dau?+B0K9+Tto&{8KO*#Uk_9czV@lD$2`YL1TyfH2LZa4 zIjeFPf_FASe03RuDC)hschS+Yv?j1vqS?oHbR_}zjc4^|eE>J(H=__;t8etlI#GM@txf`@ov|#5RPwstI+IMD zy8~`e#ABC!DYK3NfmbTH{qPTlx+74lc-ceTYx!n;`90t*KWCh>pvA5!RJA5o?3Vh} z6!CeF51;OK*fMmuuVfHbG-0wjphVFnd^&f3`I#tcqPp9K2{Mo{pI3H$h>mJrb_?u4gAPTmX zrl3B=%5RP64a_C7NgK@**QrNMr_t$#Qaqg5h(^*!pPcOUOoRi1?$GY@V!ca^odEhi zIzVcE5MXlikXQ>xc~ak-IpiS1fJJq1mbIG0qA$w7WpCNmvDKpry#kiA4f(j_hCaw*5^VU z{J&uQBSRhB)rr=(0-9zZ6H7|plHKw#ogyy;vSLl@$d6ix$$Vb3K*AH&U0zI?Zy}+e zM)?LiqN=RMIHRn_%6ffEwtlEyLcM#zXY$56`20P)UW5P9_2jF9xjb;29U)yU-`1lm zC{a7mSeCbcR}h4dGKwf1b(`gpWg&;~nV;^Ivb4`1ZdKvu`-XWEMF)Go+!)A;!{5<2 z8&+xh%w;(xlh84~bC-h%>Ns(fQD0GvJa?1HScuGV9&^qxS%yEV5mvg2{eLXrv3$?@ z`gGl_y|n@ww+z5%1Sct5T6W&v2^5qSnRQhKM5?GyygjHX!FkoHc9$*B^!;yew8B$+ zUQ!Xio|wQ0x7*#uY7)*^^0eE1UID#b(Rzw~1sn&v zQ{ASN|9P&2L~%Q7oN9av!R4*&1i9!$ODuE-m*heWngsy0LVL|EUp5+l&No_R4}peq zCvC8we&B-S@9ZVO_Y?(RBxKdaNjlK3DN0PstIN3Arbz#SlI$Vb0AF^l?k-SJA(x9_ zsIG4f5E9c^sTN&4L?$F)dSNCS!HmY<6mm8!{!r)-ehpg_N{lDQ4c4(4-*Of9`5_U| z^xVsIJ_=rdb|=_lA2NsV9H_N_V_tjem>#gT?=>6^#-Cyb) zP?INlieFday?t<5?=qiy(tR~Eb5%fxcuDi*zudAq7EMs#K6ZZm`Zn8A1qXk}{aT)W z_F&?t_ibpH4l=?v^U)^(TyYkVrpY14e9^V1-(da^^*K8VI2 zb@=ou(?v7)Ta~7z#51cr5>~IA`^ttW^d(SHt+c z|6HM5L`7|VYr@K|7nx6FvCP=U3PNDO3%9*lMDx1O`%`@-xFxo5uW9)Cotw)U9ZPSb8*v)!-&Uf>QTd5v4xXk5&dgPza)psVSIHx-L#Tm=pU zLPi;FT68QXgqYs`{KwPo9$0HV@Npf(ZrG_m3D3183ZYrB?OhRql#^O_BdS8`lMxED zEH169gleK4^>7=l=$&n!7+v(I zRw$j*`DNO>ueJ3UCHU%G+8lb_nMPhx&IyU3U(i^jp|aoB^Wwkfm$Z)cRJm^Z+JKVtNB8_T08(L@$cT|c}H=ScJBE>A{AfKf&nUS{p1FTjN3BPevkrOTdh?@)XT$;=^y^I zii$0YytHa{yPtqkM*1R;pd$g9ir?t1qN`w~ny4>AJen?`qoK0ZV6J>(F;#!CpJ?*| zIZ>1Mxx2YC$lXG#VGF)#Lm^a~?q=MlnssGWIYFs70-*qqKe2BN++Of&cwqjz0m~>> z1Xm;daMc%d4o%!x2v&THcg4Bp5Eg}7b(6;{#ioNR*>8r8&VesiZ?gz=KP-e z-`xT*M9uh@GVZBuojkvTw#zsROV8M{aWPa=)|z}MZ$TwG(Jmt*P7=vEL`O?3Qh&V2 zE%zhe>^cHjn|w>UWNQ+-tIMSyGE!R2m#^t5{Q)xn9x@Y2J6B|akF&w>VpFvGZcrLU zhT?R`WMmRd9Z_(X4B;t+y|AoBVRz?%57B>S`;g&7Wb4Eq16l`FI@U)cOA5GZd`pJy zyW>M#WSC#0I5MBUGENQ(St=Bx@CK{8_;J}-yP=5CnMn2KSyJ`j!6HpGQ0wzE+qgsv#Ba<*_=2m3X^a`ropfD5T?XU9NQ2hvBEJ`>sYedkfaiZEgO>w9g`RVc@j&2N9 zAISewTe}8n;qscC4F6{dW-bl$Z(fYpkBJDX8^HufTq7k}&8VW}#@KN_HR+S9yCYXT zgCBsTmgeIm(XzXXWca@up?{N+3=cR-2US3q&1GT58(6w3KhO7M5u%H?Cm>tc>T+i3 zxQyFP;<e!C;)L*K5^y)gk#hn3x9N~xFR z{K^S&27A=Fy;w06z8iD43qy=Yli{CpMgLV+4qQh{K;7dk2n0FEDrYS(%j}+J*p{nd zTgMldTUr;I_@=7p_N(1I3niQV>ULXUIZ|{OLFAbu7tf&qS~@C3C{t)3*HkxLgdjrSk1Ws=zU)oLxMkpiH@dAwE zlCWU~WdW%nqqrD}12VFkRh}DU(eC=%{~j!sYgq%RbD0M{Sgh>q`10~$_QcQBB29L! z(pm>52(m8FV51J2?x{**+(=%ML+JJGOTB?_z>IdIvcpN++wT+1@g)ycj;yJQD-2of zQ#SOC($E`pl<$YXzG|%Gar6oq?f^A^RByfqzjDpdWg33*hcosHmuLH&N2;$OJ6)Yk zdM+r+v>^o>j#@RS&In5}i17h)_^(_m#O(o$@ynE;h8B|QEr$Z7rRAOKH<88HbOBDT zouU4qPR%d@)$yB~wEkwWL)`s{+<4KD5@vm&HJXmfEr8I3%N>BA5>2;Fd`9oE+q2T3 z8Iz=ok0yG>P>~QKP=!A>PdT<2?!KdGXhSdhgrK#?*sNT7qgU0*Z}I!S>3r^1-d=1R zYm4R&)-cZ5FU~Ujo`Y6@l?&iC$OMJ)uYM! ztnzZLz=dWA!B|sT>~AVY0ohUSPzal=l3LMc(x?<7l%n`mHkSc)j9bejSxIVQvm-nd zb3YID^dG#>P7{gld2Ck1HJMl5&iury2O$0{F@0s0^JFe)y)m5Cus~462{X#m###VI zMd3Q=YQtU2TA3q%PcFk%DgEup!!zAm7E(AgK~774j#j1c^ww_-G*AkN18N|@|N#aai8P!TvB z>)GI=sXBjVbaQRmw_q3Qtg!oo!lYh>n4{fGlg3kmTI`yOQ`TS)9L%VPlOEu-R;xk2 zY8JtWXpxeS3(^-S9ndJ$LLYb0zhvWq$f4Apvhuj(5Q&^({=-TrhdmynS#WeXeWgI& z{Z#`${~XWzIp~(|>%pW9g#b!lKtHOeU!1HsMgrM|#!i7Qh*VT;SsUn^{Lh6ZxW1YJ zby&+F7n+bo6IxkrUkX;j-%O~VuCBLeVU7iAZxu3E9D6=rYg=>ZxhiQk(CNY)sY`gr zwT=+@`Zl(I&adjMn1h$J=u=?IM4@iuy>07h>}Jo9-_a@8zx#0*d}Mp^ez&Kp8h5^A zZ5%!Lol1Ddt!Vx%TJz2|v&Zuwfww9vE_L&E?ZOKaDtRSqgI7I=LDUq^zYo|AL|iC= zY406t8FhRfYxk=~9GamGV)_7@Oi24UF`+$dmM%=SEj?h|@!umwa53otb)yUOJ;(T1 zxhcW2%J<95I)Wt_<4k-mjdHm$XoN$F+P25s=EuwL8|)o;hjF+Q2Lh`bV(}adqhq`O z6&LLJSx}9`gbhTAd`NRQ*h-X;CAT?@_qlxFK|m3u92@#juD9Xt7dqkR8h9)c3Q;kZ zIbgEH3e;#|HTudNp3dPC?#VO+*Ufi$Vf+rpbDD^3oircipuUw**lFeyL)CA;8VoLVP|D;5j0^zOr*iLxAb zp`?8+D*HqhXEuj>LGrv?0!%Q#7CLlh92i8{-mU051zX4CzK2V*ltI{D@in5-;ZJj~ z!wv5eD&hE^m8)?P0`7%A@$q$K+y<|EXA&hrpwN(>Thk9S*CsT|S)23uu)>ylXpYY7 z%id99YVj{Fnt+(c4a4XdD?LV8@t;^ZtbaNnq@-&{qsCf!1El1*HBrst!2vw&<0iym%w1ki-8YT% z7t4AK=8$3k^2_s5Vvhx@m1{>^SFklV`c9X92&T@eUkE!PSr#(eMVg8C=4xs8C9347 z9*?=>eT?(Ae4J-dzq82S9DXRrXf&94$Qui+5d*(G`iSL(P|ySfDSOq5JP$=Ej1z)m zAFlbj0%!m8xhXEeBmKIVMjDqHW6b&V#CQ^vhv!I5mY@TAxN{`afB$g)guHjox=yKdD zM>uSb3Q{C5Jb(I%T;ZLo#NhURGVmVezvA(Q+sg;(OGM|=(#P0Myj$S;&x)4^W|{s| zsURz2TyiK}0#=snb62#El~tzGgRP;60Sk#*jjMBAwn>&P&rKDV{ci2$uAaFlcZhsk zjvc5}$74sUZUxkVg3F#7TcX}JKlS=fpm3O%K7XTYW1T*6e1O8Eu>5iIa0zEr>t~s2 zediv+)NhtL^{0_*e1C8A9upm!O~IZcCq;^x>EaWxq=SP&ig3T0Nl}utm%<$iXJj)V z()V}gyLh;BxAp6a7nl9}c;sf$R+gPdYuRuQ2-Wxa4J38o&~0vL8eaV6%d*bKZt;~@ z6;+|FD?3s$2@R~992VHF|51=_4gXg`_M|Fj&5K8X!qd+rt<8dCuyY{|0a!a~PVMGo z5$9q1dUE}P&|N>X&_2*sU*Y~yS6t&DkTlQxo#k`LWQ<#{qgQGz$A~sk3g`>;e<`?4 z->7bOtcvscTm3Cx)b||?E^jA1K4l8lLVUdthS$X)ctv+@w*Cx_@KPViUlQ=Y8GTKgZ3(H?ZvZJH^`!5XVQ5dXP6(XR2 zVLV4IC~k1cnEqLDEERU&{Da1EudtL36fL)vO4CKpb`ocV$4e1VitskUWmmo-Y20AJ zQv8v4%~;D)>V5#MTm}Nud_|fx+|AL%fO1k)o4pvv0wR_xZQj1%Ez&^>x9tLxU!d>& zXM}t1?lJv3yBUxX?&W5!mzM=THN2Ep%4BfL`&X6Ve@Gqka3KNL_SRo|$Rxh!d7ZP| zFSz1dF^cH?L0`46*WRAWX-bng<2*Nb{ln5lY5)5ryspj_oOFgLa1Hi!-YPSuH(OdP zf+8f(!TYQ+*e8{GHh0z|q&+Wn=)P5V_ip83owKM|iRKz@{LKqlR#CxL=NCXd*g~dp2YNfy})9}*x2xM_=~J` zffHhC<}%G9Y9&PzK!ugTU!X^Vi$sGg)IuR_SQ-x=W3kM!oqlp||LYXQtcsz{Bip)B zmeJbkVM6>Cc{EYp#P6@rSkh|!6s}xUOJa^!6Qgz&1t-TG1J+8ji3f3e_(qrNnKf24 zvf3rFP0|T-=dcSA{PMxGTFkavI1^pD7uTNb_EZQVxX=W!KrV=<)*uh4X$lE{hZEIj zvfj;_NmknX(xt#LZS!+SfnHpC$TRya2gT5jNUv!X#Wlqgu~O^o*afj zz!FAng^KU11m>}6;h7ZAEpT1wE2mCuF%|}TKoKgvfoofidyq<%s->OW&}xG}(Eq5m z+Mt61{DvaFHCvPkb%mpSJ271Cn*aM^Y3s+YnN8njT&ng*9mCvFb*8li498H_Y^ev0 zGBIw*ucu+di%D4`@B2w3DcL7TNo^FNLMdU=l08l!fhKp5Co`(syNa15zM)~niZB4)lYA4zd4^7!;7xU7=64Dq+ns6MsiH~Wcd2B$9S<9}dM z7b9!|WN@JEPlK7`&;$@OiXGw}>qxziFg0X6+2mC(P`PZwNd)U5+a7}MaUlwGU6Q8S?vt#wMFnBvJQKYMaJ$5!Ryv_^f9 z3Nc1x8dk61-n(uWm}Y&k|JypO8{v;JP7vtd<7`{hOy-gsg8lN&!Hi801OrG+kcWU8 zN)io;H3phECQ*yWpr%y#|62oRF|Cjsj-qU+oLT+1b$;ro_tJb+le2Oo6B6ROd{H~b z>ayAfy@BC8lyG)&ynJ$K+t27Z1SP7-D>m`NF4d2(O4O+$`31u%j*Ok&Z`#qrt9+dP zj~mpQB&-&R61YWoY)J#Z{Q!nrL@WHX*Y-hb6rlbpG8$T6Bv%J-Jj_P>cc`AR zkqq>J=bdWV47m5L9Ih(R6}lLKi|FMo?a9i!E^ruXKBZ8T`~@;paVnDwOl8-L7}CM@ zDM`K`u`63^U#Q2Cm(bSm|2ZuED4vP)+OENW9VJA1W-Tz@*%jm`!fcAJrnu~@_b&F7<2oi+U4ae_mKn^^RDzsN z5{~a9S&`aWJwisN1jF$n`)gUEbA9e@M#VR4eDX(;#L+MhMfWDRq=q!GUf z{WMDQ} ziFN#jN@bBz@1_3c$ToYl>lR|em4lG_^*)pRFd1v_>3DFbv9HTL?8fi$WMVyi}dNFx3!Vp=_ZAi4g9I;mDnYB>`o(ks@1k_ z9|nW?&T&)9JZr0>xu@}JgW_Kh&)0(^HB%;uca%6sw)=km@Ny(~ZI-g@n8uvqIlfHV za0-8cnm_V9#5>xn-oNtzYwn+*|1|Qr3+O-bwFnpFkg;(mlbZuIkgH$8V z{Tl-brV>K7jL34Wp=hEb5{NbXISJX10W%jCQ$6n=zdC6rx4kYpb;I9L^nUfI`;=F` zBKv7@vwmEnmx@{zwwfLtA0@jkoccFY1d|dn_R$!17(-p)FX1ig;@b&6&8x_=VkU|( z<{zcb;{c3uS_>L$5gs%2mLUI%P%o!h82m?_Nl*sk9AtV_SWk`fsNpT*DYXu3nGs{F zwER-n@7BO=^6bo}r;FLAn~uYSx-L6s_26Mv%k9}Rsa&W4ArqG9WZXQvJ1dl(m7(cw=|h z4uVzwtaRGDp!gXyWYU&wP~eM;H?CU~h+EPtVp9D|QQygRQoJm8-4JQ53k7JXr5*WH zCy1Ceb6wIuOGl5bYq}0Vv?{XZrIs1?EEKXY{YI8wu|Q>WIAiS!)LE$=@c{06H+}n^q-99jgx0TiXurNgZ`5CfdzB4hy5s8(krG?ocm0~) z`}UBMyt~xtgOz1yo5Nk)Fa>vL@(Mzx;yY{xG~ph#|P%%kCZi={8lI#bki9> zVv{>ELrgDs+%kK%ujnvj>E28sJ?BBpR+-vjePd_v4SK%Epl5 z*!xr)(Mil5=&nMqj~7%oJ+nP=ABD7!!~dTPZuGcf3vVLHExoLn7j?Oi)O{}s3~^mg z_`MMTinf5e2yug)ZMieu&bN*QB>C?}i5_RsD*YSE()4?}J;-8Osx8MtQv^y~oa2W) z2d8S_XN6F4fY&CLV0uV0(x=DcvvxuSnbu0u8xp(*Z2KBNL@Ir*7htKT2^U4Eh0(!`sVG+ zxwTbrWjPG2Uzp8oZ4PXB4{QWmb95B=Ie{3zje(-hCzY$$F80+q6`Ht&braY$O*eY#zu4{5vYXE5*Rr0k;R)limrt8a-bVejZ6HI?x#LBi@Fi0RnAR#4q`ZT`Zu#A z+S67ZgT?eXGRQ1>a3EkxOSkE_2ZPBX#wOsXI^7+~tmys|G+?8Oa)bd(<gERdxl3%P1*7u2=+0HMw$5Q)QU0;_ziIt;Z@~)gBHx5(Pm^ul7a&-ML zY~UBVPuDVJm**=8U;BYh!47<%d{2%o)PhS_%SFv@mmD|g0GjTb#aNkWd`4T0X2y#= zQerSVh`9a|sbSI^q1V*S@jy;mf-QHezlf3_GnIflwS1sqOuryJ*3W8%;|q94&QrQY z;7GkU!)D19!l%|P?y-rYq!z1T$STtqg5rMtdjK-Z^T?YBaOn13WTwENOP&EP5+>kUAmEj zP7k2|c91xEzN~%&6Kl}y@wQ1<@A-;(@-xp<(!Rgnk-XH40~Uq-Y@OgB(Q&z6COKO_ zrxguC@-amvE=sYkAb65uT#G$_8zsVXjdb?6&=gdAbN0UpX;WBc8DA#RWyPf0dC0Tt z!)Ur0w(H9ba@6+n<0nsGt~&1rARtX)F^4PUEpn9=-KxaWBTdqTv)aNn`;e0RUJUae z5RKwCoC}hHHpeHpD3?L74>lenbnU?0qP`i-RlFmLgS8(O?`4G8Lk%%PK_0f!A*n6+ zMeY38GWv(9l3!BG6&uI&>#t*(oR2xsYk2UN7J>>Js1?nP0ADH7pI=T{Arx-Qs(6aO zf7nr|dC}$IPLTVS(YZ05;mEkbHc4`HI-#XHLRq97N&UTHUSn&PQSG{|BKzuF0fKG* zCVz?SE+j?lES#x*%jdfmrh`BVt=Y`4jLPeBjxC?uXkK8fp5&LCm+z;eZClD2Uoi)x z(WfswbnZug2Lok&)*FkQ6c%Bccz>Y!1Cm;}Sd%7CO>y5#idZ`nO(-FBy0Mu$%8}To zp_%Rin*^l^A>#TbO}xMUQXNr<5ls&IA!hYEb&|R52K&ou0`Ni)GjbhUxTQ#$MIE;t z+zO-{T^liFuF|7WxZtch6)HscUE;z(K+US24%L;mP`v3+uAi?aUadYaEshnz#rqaW z=&>qR#2YE`5rb@Kn2ER&_lfp%JCU&ox^#f0zrtS-Yhb>-X;#Cw$mV}@^F5Qe;2^q#?Kv(HyEJY;cfPkBa=6Pc-K}BAvaNaR8KZ!BBMG(52xDylKlS z@8-5iVvSDCRRQPRj@Y7+lSroUeJ$oh8&?-+gj1~woMcM*WRPq@p&$3#P2nTF2u1p% z{LmYuZVd8LZo4{e$rr-#F6Z6`EpC#uWMWcLwSUew0U&Od_30nqp%=OLorIcPqO%n)Y z_1X~B!EyODAnFp%=fa;v||eM6f0jLtiPIt#*R3)V%(KxZab> zSrZ?c)`Wo$OHS#n?j7jyLy!ye}llBpw$2 zbJUiDhZ4G0LJiDVJz&_)+pWY z4UM_wm8fJ#P{pm2M?`Yt?fkVKMx{JQqnp2Aj73)6>#mI^w1ALx_y``*ag%-W+s!E| zR_Fs$D5!N#{5buStf;~C+qgywF_*}nl5*Z{*yd7bP2`Ehw+2D3vOUCp*W5}Wv&Gub z4MmVM$tRFkVw#7dd0u^eRI=$3?f-`ar#h~XCz66j4&*5s=J}ViY^U`wLBm$apVlok z6{t3{t{b=j9l3nW@%pRfYl&|#t24e%iAtXNaQWw*gtsa#ZBH_#0$LBQ&+OUJJax2ygy2C zXMdg=FWpSE$r)ULx-MVVxy$`>Ub2_`BD}=`1AEpFG<}`BMbDw=zCdfI{sYz(*Od-b z&XPi7(xEo`*h~Y*y)I2@&>n6GlF#jhgVjDn(K#q0QIGStr@$YLL5kqS(ZV|rOODqC z;*AOik4XHD%3xFG4%6Ri(r4NHzaNMWOVIrq{ch@%Wd+;pkfj;h{-F;;Cy6Hpn5inE zom(poa=!5k~&;#Wo5*;nwMlKo0Ag>kg{UKfpmfQaJNTqQ`h497b!Oxi9z z{yPr=pZWaht5c~DCDZi>7yV|u&dw)iHHnsXkSdTzGv=Nk8{_AodM}Fo)fy@X^?xx( zF|337MWd>`+}&#ZcJvefJy394$N4+@0qmP(0Ju>k6!Y=s^!y^RH9`&({A?hsh)!}g zjCg85M94IQHF;->vz$?SWZY2EVLj_#*O9tFG-*xzq2{r-iv=Of4NqTL&ysQD-n&hzT8h|%xl+~oL)0HqPh=-aVE~Hb#{VCj0#ZhO(mDQIhn{9Gu{{k z#!U!**kDul--fUPQfX0*S)gTyv%5p<%)%LeO{=fO{}duu3ixs0xAy_Zau^A%e_c5k zX+W9-al2XPA{fTT?;hHXzQz=Hi|pBMQ;%%cvX$#McI)z_g@?1(licb9=|;Ux_uc5d z!kV1G5-A>Y^(Gch`YC6gb#auS3G2UfTOCXu6iE?o0IK<%o20yNXu+ zpEHhMg1k+vn@6Sgzlh(i+h_S`9Te?bN1_3>nD&6P@q04FbbPaK#*WR$eqk(*`<5!* zLdx=710qda3%AJ=oESYn#HnaX4kG`C&gz>~ryLYjv+qiykOAR7PcZ@_ zzsAjCuVmz6->3VuWs|ZDLomT<=vH%#3QZUp+0OQgf_IB_QU2lDaX!Y7gGW(>13neZ z>1VPxKJSws2AC=>*XNBNq{7jEs>xD#5{@LzmYB9UnjZ3{YcjS6_Y~4;xdt;Tijru` zX9U4V&n^8pbagXfa-hzyIhywLenqYpC>1kba0S{+jA9cjN>jGQ*K9ryXRL-dCriA? zoLkOZ<5Wx`F8w#EE2hY2-2v+*ADiOxpWw}x3ExpI+UNi%6g$zpP~G3#y$)Wd;~U~( zef@1wnrylnrAH}B=7)MmIh$%Q{~zLy9A$H!(BJyq=NF5!1CvGusD4MmaPI;iMKi^wm`HzgPtiRPOJx7} zQ$xUBQ?3XK@-vgc)~Q_4CzzAXBZCzj`x`qZkuMRIW+0a>_fK+CiTUYxAaqy730D&k zNK0CoWlB286FtdvDK3thnB>NJ?`uv$;WUq^+S-<_KOHN( z(Cq2{Q0_RpN@12yao%RBgB$nJ9xK1%mU@X(GWyb?!X_!a!R(cQPH}M*W=Z0WvF)bp zPh+ETOOQ#U|A8dpNz&ROqoHzZsFh>q{IBzDr#AzhUilwCY`Unkw^M`X!v3~iBk;ct zOJKBHwc)T2;jRDZ*8Zf@X8K7p8-K7{7tF7s(Y5m=dJN9AV>hYwDYD!$<@UIIsp7!A zzi4FM9e4nLpw;EzbE)4AWa?B%i-;13qCp+`GReAw?Z*<;8W(5OFzZVnJj?|ZW6)LM zC0`j>+G4pDTJdaF?^NMxbv37J?6BcTm`66;f*zcKx)0PHc-2cewi!<&F5Fvv>mJ-xq}A-)tmf-*OfMU}O?q4=ADs|{pcQlwP@ zPzGK)7ry{?>s~H1&NetOUu>=yKC+>eQW$i#J5KCVSXvxMm%=9sSY2E*emlMjF9~S7 z0uP4-$tEt_oUGzHhpGSDHLSSs{W=zmXMutHDmU1GSK86~jR1N_blV;mMmsD;JwMr4 zU}Tg|Xq&nJ9*P(qM&>dBjaEvV-b5oR-GjUd?Qbg)2gD)ufdm2=K~dYxARlFh&8Ebm zKf$>)%xGmiiat;pb^W<$Tt;yXfN*PdAmj(QFmmZ|cRZD^O|;l+RzJ2d+F{7>g%%VL zzQ&JcY&0(AjdM4Y;fC0II()7K-cFl2qT8PuBdh6T<>>ZTr&+UvZlZ-Ss=v%hs<1|G zlz4R)+SJ)Nr>dXS2?y(KP(?8X%6*qK&sK}#P%y7It)p3`KK%x*OkH3OoD)5PV@$E2 z55{k(^xrBL68mL)zS-Z=yiplwhtfz{Z`^TKrsvZB8!{{FB6tVB^C?`;RGuU;&wAD2 z3MwirYo9FYf<(4BNy>K`HGHYZM#G!ZS$_;_c<~{HGtj{9i)BIXmJ?|pkBhT7ni|K} zuJ(LGPOAOa$$)=4j=HlutAz}!= z4ZBweZpIVxSGKIwB2X-w9Pqw??&X0du-+PmI$jzG_l38P=6Z8=>Eh~Wr}K$2C+^p& z;YAMgH^;|JmbA!MIZw#r%!|K@6)Y~8(|d&RfpS^cUSgK ztH#%|HbZupQ6(H5hT8(eU)!wdRw@IWU8j{Ui|XyoPRfr@BF_u%`&>OK?q8caw_xrC zcT3WJrKJ;(KB_c#aIZc7QZNDAXf-u!>dA_xl+Grw%<~%sWbV}8@TnJ>4%8}T!#1BS zE7CczYW7yRd6`Ga?`#{t!+ZAVA-wg64d|8H)wTt`V^feeMEIml@T@4#pn;;O9ielOJZV={qN*RF#nT&>`8z$S8r z>4+&zUYXtuj2KM4NQu9Dh1(z~4$8ZnYOH4Ue*^4?^LSWo88_NZYT$C(I(_& zxkP;b&GHF`xG#hPoJS@I2{Xa)MccY4d^lWPjKX;$gO24q_jX!B>e3k@aSL_=-N!!f0ACoS9kHL+8BVA+!8dcOmoh-c$4o- z%4dg?IX60y8b?kKs&UuzNye@FZ0v#2*r8@&&Y*fPT;ya9HLIEz0nvWHY<5#(>2WNV zdf4NzvT#FHfsBZPfF$6|gO|_uS)>!fTPpZvt%|I*MCD~u@NP@^y%uw$m$l9+CwLn1 z-icnLoPK<7TLUmfLNmMOa7)bHpG~=zC#ZTPN*G6eJ_5}l$LqPwxIY3oXJ%k5DDJDY z&Y8b0@%%DmYfP7X;8wey(Dx9B1E#!xS3EB&R<=w{!x8<+ZpS|8dD%7pO*m?(Hy8l< z#doWlS6mBaV|1bOdGTq{8IfMMY3A%s%#i;4tXwYoF$Xw!l*|Un+nK~lDH1+1OfvZp zV`djJTycM{`HzQtt_&@o86vh^flthvf~M_~K1;Os!{A+gS-ufHVf_6%yS{T0y`YoS zFVHSq$R*I|To1KPc{QzzlsJF4Nn0k`^LU81#PX-Qp5A~kp25A%&Efv(zLLs)52)$> zZmqQZ;O(_iF~8%Z(K{jkj41QoE7cxZCTtc@4I4Q?26cV7a$Y2Uye>RoWP#qyi)_8x8u;yNc#N|(R5U5~ko z7KiZ43>Nf`VeluNXHy! z1IiX9AiC1YPOI(eA%-+flL@EDo-va4A*t4a9#tg!mobSf3mGrgxEn58nhYi`YJqh9 zxjOp~vj_^BSCw?}9q<1!b(K+7c1>H54r!1OkVZ;rl#njzP&%aHz@eL)?(Qxr={z(@ zHypaVlvcXG^Z2}verxfAAFRc__nw(ObIoP)mO8_#U)hjZfr zVz!KeCLd+fCH#wn$_hc*BYxw0j4n-YHOvY8&E$Dbo_~mga+jYiiMhTd1N?znk+5Ygbh#4KbilVU}3RXnQa8qHU zmfq>5S=Z`hPdBz!rECe3-Th-EaL48o*ACSVE3gv%Qo>>vv{~*hSg=RsgRnzG%hi0d zE6>ob5)Q9Od9l zdrDUb8dZBZQ3H}0jbvZ}|lqOv4q&ndQ*P@Fx+J6bHb-)SxJ1>-Ml{H|YFK}8n~Ue_~P7S09hEK|~){TxGRVM5eWMQ{w3dbK4djCI=9q>n5 zD&D5Zi#x?Cv8W4gwtn|hH6vw|kACT%Ma$3b;Yb0Ri0rflQuqCCP}Q!~ z;5;;fLSJ|H2S;cSn8;tIJ#P6EnhV~lBoJlB+U1A6cgV)h>$00 zj9G?-{o45oRrI6ju{dd5`@#!gJ&9dUcS!9`+dx29z|QU_dfS)fFxaToKsXBop?$hi z%50A-hmKXs@OBnqzq-{)1>jT7;mEq*4aZg}@S~wnhvWXhV*mg!o4+f7fAG6&*@Q5N z-5vZ|()L&d&+VRpe;#CsO>cym?y&*bU$*+LJ(9-sXLe5>7l}XgBpLx+v@W97+HIU% zJngptSl{FUf30h5am;1G^gB!0j55a!s?5(&xHAsBQiJQk1&bzBpFMjT?;Cs6sVu)y zOQ;KG=vWFd(U{eL8|se~USiCh7so+r#qp_iJ|+bdVq2)wVkJN$P{DGC_zQoB>ZYF1 zP0WqX*ymZK4^Xk%&Vk38nX9kGDBqx>j1T?I_yE)AF(i{-Gq4qBrRl2^7bg0{`>Pv# z9&T*2&3vi)3awolGD#IMU4H)@Tg86KilO`cm6fC!<=xVNAm*!%6xW{W9f-cMOtuO& z>M!3|nrEg6BpJe4HB^{53eOaL|9)!=kV`9^7Z*nf`&d_FBSL@B(!N%IDDFGH9OSlq zOUBs4hI}|XoO2rIx*}S}OQ&h!KumYd=8wnNkC+OdD_O7$;~1qee&a#1^a?56C-D!Y znWM1b20t)_S#NM~&7`D!HMFCrE=Ay3x>bw)<}-gfApMtcnCXvc0&hj%@?~^z`%Py` z7I4hsm(&L zlk!~`ps-1Qi(yJFiKXEkl3BXx75#FvVsWY&5WcLqXp!^~!?Na4z3@2lOnz$*{sj4^ z%6?uX(C;5C2=*=gNUO}-XxRzm1qmeZ$rcW@`$`p<{2EFFL(p?lO99Em;_HUBBix~ zai+AgA?CHhLazq4;*IO~dv5B=20B0tG-Yfex!V>#1N-TbQKQm_Y$DuRk-^FSPwgsl zR+MkZ{^N4KH!PPhRIx`n;P@nErH$s}xCAeaXewZ`FWhdLLM^lA(5Lk{Do-5K?~&WX zc~@@n^2y>Xg%F>6FJrb+(;F7xIlJO=NzYDqTG3U7AQ8I-dX6xTrt}HFV(`&oxo8G7(Zcu>ZVsjs2yya? z`XpE!P``4*HaJ7zP;^!9nj^5)lwD z1&S!dX@=1Ede$*I>r8Opi=XoTVJRbcL?9G|?i|97KtJ7NSQzwDB$zwx z2g-E(=AY!_EgI+B)MCc^G5wq`wy}2myeHCEk$F=^K^I?lbvZ6K2Zjj{fwB~aye`2| zd)jEsuim5Rrf`PBg)5Hv#E}uDs;@|Jd6(jRs-tS_{fK|;zbgJLUh}w}ls3oi7|!SM{ekniD{plx0m3#F|*OCyGH(5v&C&q4Zd;F-g*czjdO4*L{94j{|Fv!H{*^Ptqv7S z6@MntD+cWfVy#@!j-Z`kb5V^qpz{l>=$U$$H%|NRn$V<*% zi5tiaSqQ3LWN}8yFkaR@IPZHJ|3EP1eoP0OfVF&YZ2!u-qDgxoqu8mSi2nXHOCG4H z>xi{2_j;@^W3=#I{FzCRuYm~mctYHh9Fvbf>$aC_oSn4Bvl#Nw>r_|T^sbVo%!^-Y zV^uJYE}x(_6oHGh%-eQUnS9zb427=l&qDwY2UoW@4*W4+sN4}FXn(Z__3PI0Q{^Hp z`P9@i2#7wbE0)4+_qns34_)SXUDaG>=ShBpb53l_0X3+mp)*fb*$6D{_nkvuUMf0P z$0MD8G41?6U;TDe)qA9JzC1&0b+pgxTJN|Nbq_z$xxlAWkrLdR#ZbrxzB~j}xfb9& z32WCAh-cSImP?GEQVjf%So6sJsMqQm_4-NiHH4J{&pgy;^N?cN1IF~f7ZTUFQNLi( zsim%^hO=F4dKqBmoy>SCr%*sT0JkZ&v9pwR0qpAhTvhRnpmSQQXtx^4b|Jh&z$$fF z>NG_EFQM~ zkK_T@OiR)%r*>@y>+u0;<1B9EI6DIRk-fkEW6!T<0dS5RQXOi4 z#Y($9>&lxWKD!5Z#QYaVxprEe``75ZTvpY{j+ks-vl9#m)VqM}?*92tu>at*F(0p} zET%a|m9ihMr1g0tt<~6wxG`4L;jP8bm!&NMB&382@qtC1)-qM&4=c}@+2X=LeA6wc85 z+t!rDP;4_6QNLSc(9)GMX;7!;j{-~kYyt-$0q1F5i263ig<+6u6Mv^vQOnBBhp{&k z2(AKc|B%+%CsY#0gc5w!EZlNXzCO$9A88XjBLBgo>3?c^*Lz#6q4o@-6QwPmWW@^| zv<{NrvETArGT6%EqLE<|IOYMr=vObjMDABWh=0tJ(}{1ZS*d(ABeQ0N+&@h({Y@L# zfHAq;+R%~Tnb?VQAcFrpZo$ST%>wUtd@A3#{fs5=yb+%dOmmNF_p8;`mf9!GFS$zI zikpq9|@sZs(b3z1FLO%HQT%wFR!Ai~f463`|L@p_}nh1y~ z*7p9*C+xP94F2wbHVgL$M* z(bVp-t&9U*jf2gTl-}gUfxqjIFpOR$CGO}kzWj?O;&9HlzSD5BN$coEp*FsR*lr-? zjT&|JPC`ELy;tk_u1UDP&trfe>(Uwl0Yi;`*)6LAeDTCFRbC81i0ro(la9Xp_Gj~Y zHdzS0C5y|9drrT**7-iDh{v~xYCN2e-;n((M7;-m@E_3qpF&F4D6LZJbMu*!y>5-c zmq7qk(z@dh*W{2VN!^z@w>;T)R=hYgFHx8BXv{Zy#8jnx;28&onT70arTPDtpaImJ zl<;!6$MT8YFqRxnhm>>+Xlb$e@w4qJmsyzHz_XD-7G80mo2GKeQ14nzrw+sWg^t7a zMWwGRl%W{u`*ISbo_f=0T<=vnT?-b5v|l@AE9Y0K*-uG^rFQlhpF)CsZwXYyPXA4j z8SunTA1Ck7w6%{lyU(p-={10@9U4^8IrCwWSn>3=76!D=Xhh@av;+cH)^f=|L@0;c zkp1O>4Yx%MwkT);^aCw*z&XU$2ASZykz@y!W6kG)aF(aE+C>FnV5C(Ek+=7v?eDrz zg}d|X*?jsV_5$aQWERT$&24fKOhk?r-gnTcc#inOeYK6(1NIn-tG|s8!5JoFx8U59 zxie0&OPt|QNl~dOfz#v->Wa62H7>McgQ~?H44y7eG%V5(t*V93K}_RyN`^C`c?Ks! zxv02p0+Yi04Tl@Jz@l>)#|FNS&~LPdePb*2{1NXt&g^9~wVKeF=&#>+{V5B+1*f*HW|SVoD1-Ku5_`90n{)RFIS(=E(b0^r{LIJ+ z78&NhsY`w4v+?){ilSh<9jOX9_;EBw>NJ<-BJBZ%TL)JD6sdgrQ|b#e!rez-uFq_HtjokaU@x zgKuuYUx3gog(Xw@OA!47h24gLZ#x3|%Eeu@fyAYl$ZB7FSJaD5<6L!`b+5MLnra3= zY}bg*&d+~LLSHELWG;i5A2I?S^^ypU1Z}>(wdIEKL((y>6P2pDUcV^fd(!cQLD=>y z4LIA#@|5VR4u`rECO3D?aL1Gz$NSAnEG6z~_~%ChznqT+eJB5}l>_)fyUM+bD81n! zVUnLzAikBvk(fM!^0DD>50qm9zx>E30M?z6U7ijq{bnVbXnQ;dqU|Zuw5j4L(-?T+ zFbb)b#C}XdV<`TJXDHfGJqaPd6Xz744PpJK7fcwxM(7{LcpKdja~jGkizb0ap(_TL z5!0Pz+zlus^K8y+jxWs-smoc_Qfhw)5&2h{glKLk<6NCQ0V|DtC5jnAoANeadNOw` zQ*cmP>$@{Uj!`eqz?VeRn{1YGKcAna#{8rXQwg%f1u?z56im&P{#OBKDPwCXvVZW5 zvg?-N=N-)j<4^X)ILb?gfm|BOsSynkK!bg=JYzl;d`|YKWUZ%DP#JTLo3@7#Tg{w# z6Fe^);65^v+c@Y=tzQgOU#V!rqu;SQcH!V*Pg8ze5KyUR*$-!QRXMZyT{)Y}SQz>- zGWP4sz!(Hvt(+${MN+|9SFG_w(x@z-K5Y1lrw|cXlcZpY@@qQ*f&a1lF+WJhWw^!} zn?i_73pkaXO-P-`;upkD_BV4@prYp*c^2+i5v(o^R>P23`xy>#?!e#Nn3>Iu89&Q9 z{xEeWS$@KRnpiPg)#z^lf%xW%(d?J^>49)VI`%r`ShE&?6@L5UwVEqNWr-l965u=> z-*Ue9hlZ15(j@cwCmwgV#oit*M`!!XB+s67o@{q)&5>M-Uz!Z1+|#z3+IQbm!>ZgH z>;@qs4kcT1O7c1Asm@S=lB){dGngM?^yW(Z^5eY><)>#h1V0f%mtr3h#dU?Y&E<3c z8qQ1$Dv9~4J?k*DpaE>ENd~z6wh!)M&9}uc>nNnEiX9DQ7?#F0ydwjUr+djVxw%uGnSv*YV zIAUBt`B(XOgsjfAR5@CkV`^s4l{V5sBTqfclg7qcdcxd^_JHf?M+{UTDK^kb-T5kN zy3k0Q=#sw{%4)2d2Rv*I5dX7$&ewW!pVs9F)#pqqQ;wx<13=oAZCy16^H(`K(Y!AO z#WCLPdtBqj*}FH?c0#i4k$A#)$qnQMS{K0>qv}5C za!DlQq%$TbqS2?_MEWrj+^5WgvB7+y(*4TzCDNazR?5f)!E%hQ0lP@viL=Ju~_T)@@R*s&RR6BWz=T^SGUI2UuDL?9gHBd`J8hQW@dSQk}1H ziOxTr13W!n9cg3ohR)0HFLwZs>-n$rkj*Ip7Zp$m89BT%OMZJ|n{h;vu8T?@(eIU8 zYBZdQ2-6K!OR>o$6_AgJ#0J*HBWOI2qj@D8J91UOC21Y#n0o^L@#k2l>Y4T8bg$y_ ziDrmL>3jM0;UtEt^&p4qPy!mj?7n4HRHUCRqVxj|t?XiXLjwagl-rS4#1On_t+L&O zGPy)|*3Zkgs2xuznY6B`2CAKOkm3DKwLW{?ieUMYsAw0d;Lncn(Z0mTZ=L=WdWT z1qi;pLvMqZy8!igy=iLRE5I+OkC2jBgCbayoo=me_~~+-TNx(Q?ES<1|#eIg@|h+a{+Bz|U@E z|3Q(ep|!jZMl6wzNaz~j@f&l!EQ|gx!0+S@w5IK3RG%<@n%r{~JCAg8kIpGE?DD+Z zfxdEKqgGGC~-=64e?U{0$GE~o0E!KeHi{3_T!ooogCmTNTAGA z?DwHXJgK%sT(S%@8{w2LmOyIUG~lMUtg4j)gv&)J5|r~-d%n~g-}|EBwxtk5p2PHy z$U$X&kA~tS{WYOuY#MD!7E-t(AtFsSI5X`=@Mjk%Aa|#gnTSeek1S7w)k41rdm(=QH7oiOve8@_u&_X3Qu) zef+M=znsMNg4OGIuIL=B*@^yQTJEseEn&%dF3tYR_xSvM6k2S)CtE}^g`^tD72;5l8TD4+Xqg zH!6u-TSqRl#2ia^3p_(wkOf;T4Uk#h*<9&aUj@|%SseGXOZ2Jqz)d@p8wlAZ?Kqge zCJ+&5=p4QQWlwR4>jnPKvZgq4q{hFqavN7NrP&m)YJ2Z!A(*)m2O!Em zxAjEn-f@+$el4F<{yA}XDoivF5Q&LGhyHaUM{{^ip!x|+4j#}Xfd;kO44evZbZS{u zlN*p&d{t2?9PJ*ta^>N9X*mh5u@G&tW1m*-aHXblbT2GpVS{{3e^<9GDJ+h@rb$ns zWLGpsRn1&yHD$Snbzrq8vR{+AdS6#$Ew*c?qwj2yEJkq!Xk%Y=(mFucwzQ2*Lj9lp zzH6`drAZ$Kov{@0oK+Cj1d7X3qxO$H!j2-FIGHpwqhB+d(4g35K`9-jQ%$XRh{}&& zB5HX2f6@FW*~#VWe?{}9T>psXFGUxnrJ@Jw58_U#1Q#3B#e37=>UO5GJnbH ztCD#O+vN<9aKqReamS$F8_Inf->S21j-Gsw`GVw^tm75b$?-15ldAq?gnu-Ui&>;&|ceA-Q$C z^fCXd`=)*2%CiTDas_Mvp#0?;{J7eT=5bSfxId{oe&WzpBbbq%ud!}QoU)xAdA81< zZcOguq0q|!lZ2*o9d7PP{izGye@=ZnkyRQAn<3q1&p1S@J`E3SbFp&@nZB&GKW$mEEwW>0^{A|s!21iGN^djmqq2dLAt!v zqFNPfyzTJLg%^qnc@}+Db%lioC;M?h=LnwQdN-K(xUwX;cPd*VdAZ_)jXMZT(|r5=P{~KF$dL+>aPdK*nNUc z^+-oDDyt$Psd@O>k1D!gu4T~Fc%WGoI$9=~0L=B1j6#9Nnw5IbF4lz_rnVoC43C?Q zr@-U!BmLtNT(BWJ@=|VJaqnB5*P-@OyW%akdpFytxZ$jr%W7v=SE(27=Q0D0 z@R152!of`qErzD$i${+ROOFb&Ui{hen-&~1!&Uw2x!Jc}t}8Cz;KN%CNS$?@N1up+ zR*F`WPeT*#kl|CGyBxCZt4H77Y{I>o?_W96q;(%JPy{85O}z! zMD|$tJoG;zM5uxz^3fzm7rAJ{7Yr_luBh9ShHzHHqtK@ zGzw-zwk4y7bGAcc7{cyBl}4|i;SB%vI#)az!30sknKj;T$YTR!O`H z1a0b8akW<-c$h`1Kc@wQ+YKvd+@X&SR?qS_+J`NuN84U+xT6!Jqlm8I>MaVaVZ0Gv z`@N7Vj5k1z>s~8nB=5Y*meb_ol7rnUnJ#@4x?j;PH*uTzeOf&8g`p6oYqS_mf05+( z(*6PF4?2#j*4!T2_kRTs7q6z}YVI0x(#N1l6Rc1G!G$l+7M2-#&ZB{JM=ILaA9t{h(OqERY5lWV`L3BnG~p^o^kPa9X29qVcm$3; zmxW>chWUo4e zF63F)%aM@>-#OieZoV6rBt~%C(NM^!Uyz_K)JKMld^2u=H1p%pV-}#e{>#QBrQ<}o zZ|;+Rs{M@Y6R`Dd?|b6695hsZb?m)=wAQ@7q6EAuZ&aSLBL8K8O=S=G_zl?U!-9{+ zb4FxH#BGjGMwh1}8d-AY;9@XP3=QPBZvEQugOWRZ-vBh!!2_>yR{5_^q(fo8_H=+{ zj>_}?v7WomGRV^@*LkSf~5H!2Tb()yL6d=|J;InC^w#V91$wxld6G??{#AFv*U*S7L zm&Be7YSz0RBl+c;QXDvMtlE$C!p}CTI_3KXl+h2}X((?LR^$Uj#CHT#DP>b|dV>!G zhn~d?DU^g>j}Oi$LYtv_i*dczuAwVLzvoe0Uo)P!xoS}dh0N@+Xem&cX+I&GL-?kV zDdD9U&5x1|dwU)g^Pbp18XI9aqTy*`+B_=JlfP6frwN2_9Y%1Kusrr%1pbr7UKWL_ zIZuEzCtxm=7p+av6iOw*Bw7Wwk`pgkW6fOb)t1NQHve&#F;7l&yqBfrYf#UQsX04t zOU^`Tt;m%-TCUGEm$Q5??e9EH}o zjnZ;rrXMp?Y;O!N$ww0$=S?HLj>{7Y#8sZi@D9AeLtriY6Znu2a-=Q&1|~FN$L;%^ zv8*m4jpzN7ij_M&-sd(z3t=CG(kwq0uPHkF@PYu(=ecd=QfnxglFOc{X=8=8c~0Sb zMhcXN8fs!NU+qanbZ>fmGsqnIjZX?5*t6u2+*Uq0*ZN;dvpkTTZ4F`)I6TFg_BobX zqi|ObweiFAyV%_+p7S^w1t16Sui78$pN^!m1>l*LAL6c2&3>b@Qk*Vb zeX^jh$d*FDm;NhR8jh&(FL0*}6)W#BiYbBZIAb_|<3jIGIp?m`1^0sD&W_`KBD9H{ z!yI4%T6c9U618aUzP&1+0+oCyUR}Ds>HCZr!DCZ$FC07_zoEGhF{qS)p_d%mE+r=yGEs!{w9rr!bKSJzY8a$j_$yXdn0v=ZOLnR9w* zkeMF+I-Boj`m<<3|GTCckM@p`&qI7&zz4L3;yNti+`4iiqbV#YB?(ki5%p;1-CNX{ zl&2wlUWBRAa3Aab|DsgOI*io*U6g7aOxTsbMV4z%c?r$?v4pv;T^U2ADo^St8jzN4 z-~YMWDmY+MS#@z@?9&xK%d6j?r+KAfrZiptq&hqArWS~E2{~pZ3aX2~x6{MCXvlys zmp>FmD)crcr&+?`g}n5kD4>yUi4S&o-X9pU(QozG@b(YAc5e|V`l>hc}d*;aNSJ8L@Wj!5U|Gi;KrNBpK|N_mNK@2T-ND4Y6Cg$|CrSmxyb zma%{yzz{hZ5;~5D&)z`Tz@2sBIY0gl{pIe>}=0(9 zIZ#vbzqG8ajA$TnT-#e-4 z{T+)2j3DDtOl~JJw=6o|enKV;D*!x&3x?KLEv`y63U-t!!&En6a%{F?0o(?2>7tLL zQY729^rTj_5Qgq;ro~ogM_aT z)8`YF?d5x(J&)|nFEzZ~>IVJImIr=31VZS?b*vR~@HT0k1N8xpr{PF_T zahMMF*L4RkSZymp3&2^Cq`Q~1dhdwzKDu9^C(s_3D~R2>Ckh;+?-|)Eq*%_4Pm?x1 zro3>nOr;i7fBbq8GVtr0Ed^70?icZo|KRK`U**yARq_Wt zW(xV)a9`D^XDdt%@=qTfC4GKEA+0Oh{}Yhs;50Pxw*L_<;II| zFy(e&$?4DX9=wDrG}D>P?eOJ|qI#j7N2)2-WS&weoSbh&=mtg;lZ|!Z(9dKzli@xc zT=GD}-=O-dse1o5Rf?yUz@C8anw*4e<^4}?MTx~vW~mmJN=)phK#Xyq3Ul(?G2Sbm zL6%I1@SBV$wJ6|Q;y6((&ij1 zhp^J$E1v&&-V|uny&{8&e!tKJwRhkYza!n)SOv#keU!6eXnnCUu?VGVW#JcMO&)3u zABL$N-B||=Wu#NZ0bx#bUz+>^qYfSm!!I416I%HH4hY21jav!i9{7&pmsQZ?ITbpL zWRqe5zN+zi0@CW=innfwGi{5&O-uf{-pGBzp=_qs2K`OgTx3-i1GyQuQC5Id zy7qro*J7NqF8T9IJZ;^W+5*9@D)_`zREv=XAN!aP0Iojs++6vZ5{xQ=4z?`oG~0n`Hig_a*mNMCzQBTEiJ(z`vsdizo8xbL60W zzQqORwiI<#9BLXSSIbX}TO0_w0{oGxBsehVXWAEM>q~uiqQ6g*rv3yT@m1%ih#RSxWcG)$RrOHJRrCQa$G30kYq@1k#pwnZ~32fP%=e@YhA4EP}|sHb%$xiccNQxH4P z8_VWp78hbl9o%|`no(Psw<}e+iBqoS2FnFpAWv7Ql{$m@uKEfDi#lyO{h|+%0Hekr zSz_M-W8MP6i(-Q|@bH1rwcuFQBz}a=W0R*-YTi%ScF&7_^^Hcu| z^c{OAyVG=kX+kKay{L1b6$QAF<KB^dEJ~L356dSKlYjs8y}*W! zVNvEyk|D4Au2K3kUoF5{6yJr{GoJLWe8(N_<+>I}VQEPmHTzmfT$ge`yge0D)4Lr$ zmNI)i>@j1jj0JEgcLOjj$njwUsU$>h*c;szraOMQG5I>jT%MoJN8QLvc!D`x`pwXn z*BDe4XT#h1qT0cK9Pd2k<%EAjjGXkfi%F%Nxj~>LP}bj%0U;(|um3dPVORF(pqDx7 zS>;(~x|C!VdQcB6lS_-o8MRv&K9y$df3NJ>zt;9z2*q4%8}VLQ%>KG`FY9w)H3-Etq8<1$o+Tz))ue>!u|RdEArX{19f-eQbzi&%c8nnIVa1j z?-elk(9&DF*VstDOF9hkXz6)x&Sami-1iI!549yO;I~%IH_BJ&Edn1Iy5w-qV3WIe zQfa=!jP&`lq+tod0V`D`!J;iGVi!Jqc>@|byHPObg>Wox-ph@(wOEb684Nhp2sXI| zfN6VWNW0_`hZjs-?yH*Chbb)-_27w~xN2WGiK!-P+Q$+T zN1@#_njaI?XCH96BSBeKs|26{-B){R?F`cOy`}!#QAAp;802^tjvZU; z0nb=h^AFlQ_V>`C_acTngxVQ@EE%&wTxC~6p<=X7&U`a*U{8A=!*S6;wKB}!mffsT z)<;OF-3n+fE0Ep)>{c@K@#I~y2?pn6jYVZ)2k_a3O9pzC`-Ab|K zwj=EtY7LQ7Qta)VXovK@rea^pxA;6Jba(H3T+yv^BWXJ18fiO*SX<|@h#V1tP;W-t zaV<_s{i5i4yQH2zgtc(jj%`DIE#U>l>8Cb`5Mg{u!FL;KZGcp6VpXEyfxGj(K1Lis z@2sQoDHnB(wlmo%R{(Z)5q~a~hHs`&R6#vn5v@5O39$!uQTdE&V=Z z^rS&V%mzY`g?=oLQ!mlbz?Dj49Raqr^bgab4r?ID1C^ej!&8x9L$_#t`X%GLJ|AiE z@3q!Qb$voq|JS+5q1|QUlVMsQl?505>V|3VF6{<-s@RvlWuzK6TuH}J65XMR9pHqg zdH!fjZ?@&sbzOU?NG^>}C0%be^B!Sv1}2}Y-jPlC7&IAUFZ&X7f~f3-R3i=IhsY8$ zc}5gS=}~LnkjTZhNi>{sRe#sI)cgsw4nHKhrQAzAAXF?o=DX@r)K@PFo^>n}Zpc-a zUvW6MIj|O+xNBFiWot6#W!3Bi0F;NDJGYLf)Q^$HZntFRiW6LUK_~0Gf`c}TjV`?a z&Jjh6X;S1J+vEJ{?%kdudfvhga^Wjh1cJh2_zVEtd(Oa!}(+J4TSA> z0<9CP8&F0Njj6Q1|25d>3V1gX3T$UEgZs21i#r4od6L z5+o3j7Uztt@U+)BG~sc<#&Qn3?tY%~RKpmXyESwr7(goAhfR4@RaG+MXpLa$B$bOn zmTchXO{Kw#1iOO$hy19+_>+AQc$v{Ql4{`hbb4V_EANKkC~cmxE?&{dO0eteKljvY z7eJ1jOrVv2jyr#3jef`v#PPmo-@@}Ui4-L_n73DgBpKRa%Vd5_H2QPMnGgG&n$A@1opIf^g`4HfZAVsTOElkz zVD+7gK09fMyHsi32)g9qb(5kU+o1+13s`_W!S?hWjZV*`{KmYYRG8Wh9R__u{8WBD z*AF7DZX{v5haEL=JA251MYnSQFU`WNCwCw5(0UF2%N64)A1$X3#*Tkpik_Ip^IhY} zbkg-E-9JwBo+-7Q$IVTr0_H?zA7;)qO^b{N0xoBd*Tel2z;A(D3`6`*k9Cyh#V`h3 zmjW(}AO#EhgFk>*kgUdaqSIx;fnLc!|AeMSpAG>GnQdROu(+S}1n zIN3v=jgAmm_s zh9Z`iTX45>TFgN1!2XM=WW`d9=?9X+z*o0?_UsVj?PVL+5{n52=QVH43SSUu-(b=g z#$VeHYPSd6(ru-5+&Gl1dPky2=8Dh7SnV0%LMY*4D5XznsJuuJr3nMFu{rTzfA9ys zyFqwv`D^>?$Mz5emQr685fGz7x&5xwNhY!YdA+){p1gtaqg*pMt)^v!J-2RvM z=lGj#KYYziLMnUgIY636!ynRSFG%fK+suS=kB7`od+c|?mo}uP_Wst3%{R$ddm|13 z6uP_>JQ|p!P?9C#IRXgc=7ONYT@I*xf!Eb(Ys)DhUhX`wp9*5UdQ2i#z%fyA`Ef9axfs57`Hqn#g6%A8WsM1 zo;*1=2M@a>)>|BL0BwxgR;j@!Y28dq?VRo&Jee|GhD~TcnHzBQAiUg z&>a(u(W8#oH8>kL_~F)BEh}1~UOltk%KXi3H<76Lh+ALDvW-5A%=L?UYW+-S$c6F*aWze(p#1xjDQ5u;BKR_IUafh`9O0NB zU*K58%ib<))R(ocXU3Rcfh&U}FOJZ-r$A0`zJJ*B)Y=+%Sxw5VgfGN7%KEAC9W+h3 zp}I(98`)KWvin(^mqGz|w66gy2=oS=R*CagbpJ$fC|-(_xk@bG5~Gu;y>^9TSK|m; z?{xhW$-Wt+f(5~kaEJ%)UbkT&@c8+CrpJMh`dOp_*`DzhVXo_KNr^qeI2JnXxX( z)IKOx_cg={Wab$~+0wd)GtGZai)~da!Hcer^(GJ;=uA-%ljao)79OxDK+_(G{6lLf z5>ct{Q>ZYimoxtoIw0e;h#}#OtXrK;EwFU&$ToR*+T2b!EhjhFq!zs=E~QEvM|NRw zcR8|93-Epg2jx!A2xRcn1xQL4v)CPYGq$utR<`)!GN|7Es|t?m5#N2o`ZkIs*PfP{ zo^piBhxAu{v)-r_PBrgE=#zL2lYjo=4^;Kdh-=*S?kv}SF`hdvgZXX!NVXcBnOwh> zqt0rn&3qxn4_i+#>wCryNT(!VLpFU=EB1Ac^fTHu_PkDqaP+aiMb^G~ z=jqjtfL#b9sFX*;#X4=>u`7a)NKWSEZs0NIkyptg0)*8tn&J|9x=8ZC1?^W3_g4d5 ztqSB_`CR!>MnIdYysQ4jnf>gUK?7S%lJnJeNA)dE+((hJSFdVy-jX75m8nJG5eHvO zi%B@$x^;Q;vj#Aq`H=?bPR(Ke}v%`vvRr1WAolxD#j+S>C& zAv@n`eIU&$p=@LBx+C%zI89(J=So%`^d=)A9?NC*;q z(>iw^$NV#Rf0Q40i<6%5OZc!hVHJ(HX0wzx3eoxB$i_Y`b`OheH?YXo?@(Q|`W6sf zw8m}^byP_z*OST27NpgWy)$z-BOO#NaHB_nn6~;$_R-blyqNb)?%ro>f%13 zM(3NBxkRi}k*Bp&sMhC_L5R>wu#iDewFk z9fHjK>W=baiRv6Tws}o;TU-h^DFC3!)|Hv`y*9TX%;{}Fqxf^DoOl;>!s1qd4J>Xw zjZ?dV5If*lXn+Ews%ZUlZM<4{{0i^%m-8sn-(N03%1;N~$B!!)24fuxABsGhUo9cN z27|Gud`YV|nzY_r_BM6V{K!ogoZowQEe~tB2N=pXj{C9_Jk|mcgPPl|DKgAhk7NlS z#%nGs77Jsg-JD?Xmke0I9j0;}sSf5~V{D*a4>Cx5eqc;%a3|zvrB36e&)WB5)6MC> z@KmHg8&Y7Zkf}Qci?kxNQJOI^GRz!vp;cd34<2ZCEIsWSgZ9w`;Il2T-m3;%-;}@K z9q95o2FR&scKp(3XWZ32sOtG0bNFLf;#E6%s5LzkoLC;ex8(X21T-fqhOYBJ4RHEB zWF=THBx5LFJ9x>Bi^@T@esQsN@+>RT4Oevr+r%00qqSzJR9mh^?7t3#J@TD5>5 z)t=zl3l|^|z4>cB7vo~X1CwFNFzcB!tqz`V@~&vtd+@_RsC0+i22A90K8qJ9No8{* zK+`XsG>NH%bbF-VNldKpixn%2TG(W)>h}T5d(7-kwx%`v z!g`-YO~Cd?tq#Kbz~$h!qK%cF7ek-C=zqc)8?=k~*=s579?l+j2)kY0++P;9O@Pjm zt?OqJQOnPfuR2p~WFh5(^}=2_H9>(0h-S`Wk(8x#X|8Rbc21aL`Y?1_b#X}TYel_} zuFa4Ua^>mlx9>?IQz!F4-b`6DZo0m zh_;{P>*r00t1PPuA>JK{vqDJw!R*cF(YW`%PhMdupk|wpT|_Jc=F%R~Aqf4aTLZ(p z>D1|Dq2l(V4MbwYKkxkut6sP?Huigl?-wim^TGm|CTR{1&xOPE&uzzP)g*kL(HXV4 zr;1Cw)uDk{XN1zG;xi?)dct&zWphiM*LRI|nr(V_6)4jNxXaF4MWdx&8+^qE4pQit za&>RCxyUw)*OL_iOnUM3Esc2gF7}20=WWH7kfo&AZTYqpy5e!)%J+@6t_!jg%ZsDl7_lQjn;cv4x`ULS)+6(T32+`i z!p&xYu=h38)A26b$iuJeCGSG)X%$&W^s}HdcWXD)MuW;|`6qVSOYfaL_Z{mh+6An| zK7w@)Ua7f=(Ps;*zfn;!?6Z$=eN%oAVan+KS$m#zb8sbD@xmncBzDeLBlXtKanqP_ zlRu1jEFCs~**ukZiHw?Ha}ZWCZ9vh2W+cqIIRuPtJY0?0rfGXPY7$yiv1}H64F<2v zcpB6#xf~Ke^>XXZFk?`zHTB zZ|?`B@wvkz718;cQ>CwJ$o~;_m0?vqUspv0L`muH?nXkoySr1m`zRgKCEXoTm+q48 z?(T+5$BX#>{e3^ry>n*vS+myKd(U_}@tP+;pPM zhu`u`%f1tUod&i!z_=5xeK=}C2t}p{8wske~+E*AqW~*%=S^iX3`w4s{Vy-Aj_2z7D z^iJH1swkO#Z(ayBSB*O~8O}&AiE$T(J;ni%L^LH7P&G252+`41&p6~Slr zA>hV!4QPK)Vk8|0RZ8?`B>v~e4`}4z*zL#5AdJ?IBT`;|KA!MnM|84n5cP)m4=2tgltZS%}a#vVLL5*F*uOq>N%;E;E zSh}nG%Wk*3RVRfuyEStwq=MW*3Xur_FD*Y=TBirClC%A*SrjMt4YGsl44#lin<&n! zfl<)Aa7*GKNc6_D>G$@ zKD1zd)j_wRTltGIFr^sy0Yh^RCW?$YUshTPnCJW|mtPzX++L*IO zklxv#^TjKCfB*Jt2RIv(Q4K4D48q-wv4e?7{dPpM4hNc{YFr@+;;k6%e_@EuvOWjlj~ z6K|-Bn2O%`et}|{W~9AECLNU{ZLS?oQo9BBCkNP`0Yb!7laaBH=MrDN+^be{Q2M+d zI`ie-O!ySr+DW|mlR;erE7mC2E)GZ8yvDu+;DrFJ;tiq-Ry{rHsa=rjI2Rq{7hkp9 zaStdRN+}+lD4ZpH9*3KrAJqzAW#x`GWE8RXhcnB_C}0(?YUaSU+Fx#TDM$2Zarc_r z9w@XtpAFIQsx8o&z$f|iBhAZz+8QvR`@r_7btPEoq~SdH>q_XjdU}wp#7T2A_yLLm zSfT-GU&3Zi@#3a+a5fkC+~OjMop?TOe^&YcPSa`fY2n6ka`ak`bt}a`@n&BcqmuR; z#1`53fff~NG41TSRao; zjCy1UsGFKnx~?StdOPhw;=4t4%FX70Go()!^b_wL&${hF1^(a~z9f-cXOH>oX^)Km zfh<7u_0X(2N`#`ARBfMY7mb779Q0*LTe{H_3ha~fMTS#{KY8dVo#YVAU=%S?9waHZ zDbCA$sin;ZBN8T6?Kb*zA9k9!-19T$@(5-gY-be58-~AuE1U`5)=)vfWU9*PC>J$q;Z3akkQsFssYkvUusmFb z59=&w27``>N>MuW_Wc)CrakaKQ-)*~l+=8-VpTcRmG0O(x^cJ%v0dGWACv;{Z1ngy z0vuI`oAsw%(RqNw@3lWcE*TTW_~0;8e8!ZDCmyrFr#|xH-1T%w2=XI#Cc=x$Kz_ znF)0(Gvke$lYXl`0E~>Z#_98b?{m%i^GV$tyxFZLeB zN$scjlv<;gCFAKu-IVr7h?F06aWQb@+?+ZPtiDGvJY5OgNwETwdv zTh>K8jef@S7m2tZIVxg1=a|Tw?O}L0FLFMSi7m`5h#oCo1Y-5qoq(tP0K0yX-J|&f zG}rTiVK+qCJ-KgTop9#r3r`wYulo1v7fw6MOXlW}59`3{O`XCGL7qk<@BHhrE+)OG z5=wnt#=2;Myqt=NR}BEW3QGdUJT+E??k#E%D02zS0T_lIF||3S^-?dAP2Qg05V_P( z`bL=Y^Bs=>g934%`P%MVZ7~8M1I48kp{GNBh^Xl7hlO_jkYJYkOEL(zQU#e@V{q+| z7?8OYIwkw4Vf0Do1o+L$xVvJkmlVaR-)Sxy5-2WAN5*NYkw0?hf0~AOLa7qgj>M3) zT-=^}twSIgEWuf@&2DmSFPO3ufr^=Eel55!12ErfT~QgH#ktdxB^i*ysNqkA?+XWv zbbLn%OZoB!Ax=oF@4o$1?O;pRmaIo}+Wvllb^D!|%_8|fT(5XcwPJRS5w(v3566T@ z5oHaeNrMVezthKWZz>;{-#Bo7Tsf7sREoPSED2;2)yqAzWZo_7OSzDl;L!sNPDSiT zhibA`KYa9X(;hPn3;TpK#xJ1oG1>It#@LBJI2cFlUS;j=d4GWWNBEGo8rZ4vTb0Ma zy&u+{x(yi=A7r#im-~)bS~k^OuT3A;LF(VU)-a=8(8AEN{f3#8iR*|fM<`S={V44H zM14*2!jcHozi7sV{6AU(&>wrKt7IxPukW@Am?})X2X-P;$e1cT8+y2E3}@AW5wBh> zbudr8LE5jLwiS<@MCnZ`k3Sk_ovH%7y;gJ-^yuY5;;AIZmfU&e{&+f!1uDqlh1x1l zmLbGF%QzSrYA3!>TPaM;jq-Fs%%i^aO{;gsc4=nFR&}<(#|8e}NBYA01-YcdU2t=* zQv|sxk(#0gm)i<*z`2D#L`p8~K`3if`xB9V#||uF+5kKMkzpxY{G|^L`OJXZX>$W*2zrnfUu1S@tc~Qu}lnB;qdPBp`!%PbnW1);T1pP(eP%_1DSYV8K!Ga> z9SIb@$Bp!$J!G3@5+W8nXAqW8DqI6F4e!zyMu}K`I*>sL z3${>#OlPGI-1k9?ljn~j8iO0XEl-8rc@J3(eW$6wG{YQO+2(H>d!A=N>(lv`n1cD9c@V>Ytw>mauiig4}LQe7;M1Y~zP{-1H)BVSx^+lvkNruJ_3 zYaVg{vmM9#ZKwxqznVYyx;w~8!o>ki)~W?tS1lXjql~q#yxb9U)QC2MBit!q?MsWT zSBl!w0Nu`qw_N}SL4Ibc7YF(4!IANGh(CPgbp`;V@_C0z zXzWoay9pj-;9k_1`MyiuGsp3_um*@~IzsLV?-)zYRfnWG;A>|FhSINa-mAOo^ZfAb zyDhq9zM=q4sHn3dzTaoIpMjfU9mN2r`LaW6?2Y;3U7Z}C=EXD5n`rci-8i6@Q|od< zoVPE|c#620uqIIG0D3nlh#oL*KJ*_Wvwx2|D-`v7t#u0PM$G$I-IpVrUTl}CA8y4r zb;L7SgVnv+b^^_GajYpN>a$@UuD13KA7g03`K0O{h9v4 zlI~idBy(;S@!}+P;n`su;70vq_j+yKwtI}eN-YlN^O@aeIQc9mWoL^jCB@Gne?ua& zgp^z3L32*+IV6;~#Y}oHwM3DB&ZW0vqyJ*$ue>oY@~rS)NlRgzBMWTGa8tWIm32?b zi2FMW?gEviP7%FJ(5@zZIS~6C0HVE83|F?cRMUcu~l&);&NlCal*J+HsJz-G$- z!`WQYc(gNTn$(gQSaJr7gT8&K=aNG)Vwq3rlak!sCkf{jJoZnC9tV3%Gdz|tiXO59 z+J0}2j>O@*U=%}5n$2PqCgoBD4s=CtE2|4VWr%gyDy^yJ5z;eifb4nCZ@w{icRF)* zSik1D-6$a5q%Tb;jDIi*dxi36Cq}0D;%t%r>LUiZE;NSsWTSToK8)%Bcl?c26g@7f z_pINxvDb<-GNYq|J<|}jEPmsyh*3!)jf@LhMG+)|A z+*)NjwLF!b0oKQBoYu{B+j(aZ7A*F%PtGI<(8`G%iswVmf(;Yf+Ymwz4l@;7|C3@$kbk+3-8TC}jamiDgPtN^vmMndgu|;mp%OPKzRjh)L@L^=} z`7BE7ItO-2;5m%z+s6~KP6S`Jy)ZuHKX>#RKm#{9ho9TGTn92IBC(N4dDfjUd!L}$ z5Zb{+4fOUOXj}dh%h==5I?rq1^}GhQA6V#v4SMEl%u1XNOVPMu?vX1Rj&D)nEM(g_ zjO}C8C=D7>Cs{OKxg83(XvHK!%$&iDs(rv*k`>8$khZ>gpaUHgHa(R@nF0j+woqth z^20$A#mO9$QVxQD>`_hTT`Q;r>Uc_rG-B`9W++>O5Kt;Y{|(t{r+_d87|soT9&_z?O!Tggf_KYB=7p4gP4_8$kOl8 zqy_Qw&zHYsINMMV{v)=Gx2c~-Z!F{m3%89lki;sr<&0B#tfDIa=E|} zqYAM%ACg-)U@ywKc_U3;!N2jHBX_h7#r@9_KQB9e50ZN@_jV=4WqzudL^8!})?CZt zV(i-ZLE&Q8J|uEuz_)KHty?^r_9CH2$z6kTi!U0uuxqvOGg&81n5;Wr5GgOL<(5dh zfmZ~3`lYy9G8EsZcNx$Il~J8-liDwT1pMI^J!@{}bla5$P0#-nl0~-nQfePZ)44yVJ|0{>4GEbuPSD7&}7_NiDC$d_>r@KDz@hjP=9h7@`&uB zhV#e=uNhU-#Dn;P58PIx82)qWcDQ?gp3f2+C=O?53{U)!JDeP=u2#iM<&Q2a@@%8B;bC~s}??7^>O(1Q7Bi_S;OzO8oEpr3K8NHQP?XHLuNLq z3$S9%o>W5+5v4(o8`Rr(s_uMy)_bP<^#(pcW<9$40zK&fTt_?Y+0Qxv<0|2}o}ZQ$ zHoQ)I<+^-b7=sNJV*)2h^20wrEkRZ0$EFu61L`D`kv>zGs^VR0P(d=n?-KAZAr9AW z11mW^1F7b7#tVlfm!pu#;mb3Gv5;yyZmbm&#mnNjy7qP8`y@v;Yj)j?71zewb_)zG zw!^HEv*fN$12|ZrFe*41e>ISyB==JlwnCceB|5uj23oDKrOTpI6{z8BCPYWO&Zl%5HHGNc{`wbS+c} zJYZ3q=yPEL%HL-t{X#}QmWL4Pt#TKvg+bU8GM@chAWT8qo{_qf96N-#n*PUyDvVtt z#709~t@VW_lj zk0>hD4fY#MJAr?!2hUoM?ygNHS^^-gcdf_yJ=V~vUQt&NcOAWC4ue}zSyqq4`loUp zO&*_ru4eHsvNT)XBoF_+ghY0eLX-SU>+`dW2+b0tO^4qK1iwLbX5Jk!(v3Vj$w@Zo zI;<#iD;`ZH2X95rp>`XqyOM&v(*G~`z$qNK_(#&uWWZ)+ffU}*IMLq zkKp)3MAm%0M{)RHE@##2kP zs?3@!5gg1*hlJ42BF29Q?H}52p{Z%Sj>L%7c0ORgF*mvG^t!8y5f#d>1N%tG%J|MT zlIYJvvj0otM(SM|vL2a4&jPaC3jW**M$ZvvKUb|LD^oqcrRr@cp^>_8A<=*-ZO^?Pj5vXn*;>}Rf*MR_64iBVa-@X*Sh$-eY0of5aIg!?yNx}Cd`HvV*Fg| z!g|S_3D0-?KyUp>fW@iUz! zEx7y@TVV-dW>j>MWZuqpbg_7r7&4 z{|n6CiwRELoL4t*qY3H>rMBeSGnhyP`rNB}Pv&mLRCI>}P-Yx?utC8MPZ+EW1izHy zb;d2!YTNy>KRJmW4~|Z!zbHGc)mu#X>1h|=W>PfV?K+~L%)ik2UvJjad=PlP3$OFd zJH3rOz_D5_q1D1w!cow5qxdV=5m!<8!p* zDyW0_cX@L4a1*ZxxixRS|6wonFEY#szwp`P77DTa}?~?_w>bAb8{*s z<3wm4_8l7KA<1oz;oV!h5O#l(H&cn<t)E zjVqIA>;#t^p>lP!9Yt#e!#4@UT-EWQ^9xJEZH2Mgip1h<`r(a$aE5E>2GoVSVo7iXfZCe>77JxNdW1%bMhas&nGJxHsftjJ8`E$>LH%V3R+8G$h?6&*>2pSL zDxhEb8OnJ0osb&BkVB|-3E^S4O!NkjcM35Mt6m$@`G^!{Sx_+Y4ef^M09*FLV3PplLV7-7MFl7$b;?ud)zX? znewV8(Xt6?{w>j(u@KnRx7BLmyQ^nN|4_u#-AhJ$4VlqT2%G}R+i#pTX6mSjHj#W4 zNPs>VYMwVJHHT3B==M&@v^>QN*e@*J@2h|M+OkB=i(5#;yHk866B@^gJ=;3g!)IWh z%q#NgWp;v`azC@qB=~=DVtq!`XcKALZGmQj0PRFFOL>K7#I7V>sVwTU=9w9NF*F z5R)p{9h`kH*LRK-^X}M2rcY|a^ zWg63=0SJ-K0VmD0o6JDfWJp9$2KpE-o9YbpP(6n7BUSun%K~e2HwS_wl*cwai^)*%Zw^+^b}){Y*2lt6>*X5A^zc zRt?%wzxh^@kUei}nIZrFIPjb=Pf(OeTtglU`u%f4QmpUKuTvC?qR=TU5!Y;45~AmP zu_CLYSeJTx`qr~q(b~Ty{)=0*wck2_LlW~4;8R3#g`N`{g++_1&{QdOLk9XkaKXEh%S}^{ zT-m;c`A@#br+(`M6dz-LUDMJzPfy`}`EEO8XIveQ@`pYM9zY zlTM((jSWha;QgeLzB-1omy@EAK8X11uQHfKF0qCS zn7?JC)3$iKe4J|C06^AePoRyl#KT@Jf+LgTL?=j3|wr8Y+N!SmFc*PK;hA9Ynejr&PvC{sOa040N`(ONf z?e-epix>sEGPev+7Yc#^SUXgvHUt{S!EQ1i4e8$Y8 zngC(6&&;CD4hXpzgz_H#s-+#Lkcb_kOs|toxq8(-MenedBPK5re|OhYQ(b`jfJ6T$ zQR!dE(8pH?kQg@BoD@6_-Q`q%dy<+fn@pD66VWi)-nAQvkmG1{m@$5(g*>ySV+5Gq zl^&nMc*+=>NJn(S^b@L-IxJG_7o@mHeHrTs@n*J-R6xg@zWVQdx_5TnpWmm@mDyl` z`n?c{w*y_UKlc@-OpzyosBA!;%?mW#XwKjM zsjJ-ys&5?7+CMta$wm z4Pm~UL}CL=#L_)X7v=?jER#$h#Hu|N9{g|$(I#n2u6axn?(13;do6y~Vw*#AV=F}b zE`>h#_JgEeTx^dWuL5imwq2}_NVO@s?0rMR`!oK{Vg?QrH;3YvUVEP2u!5yP4;)4N zg}C0|wTm%jTXC0EDlYm8YRg`ydmwdxp8#6AmPkOc&uJc((uO$EJD<|~z=f=OxTL16 z)2BG%7u+2qcU&mmGBz|&$GgNTeH-tytF5g$y%`2bOh*yf-`dr^@Q<($W74V7iybO(Da@7tT%B)8dN*%)PpS>t1GV zeiiTHVgc8AiypiTT0XS8hx$3381%jBxeiwDfY2IEA$V+i$NcoI8)-+##holai1d$Pl(PKBqpb1S?iIO=ThOv4p`o-LT^KFCuL))l@2}X(=Jv>Q;CuIH!@8DVMRW z^-&Y%mc{Jq;N(Qk6huXY7`U1HA3p6GbiRGw@NXhJM=- z-sUyhKTv&6_J5;tQEX2Y(RgYU*HJuYnv$tHPgX9A8h$lI%nzs}IRST&iO zr^9+uT%Q_!O#Ob_>ZZdI;4w(6SqWaoem^0*V^{=-f=3NpCROt;JS{*HwJ{jDY7vNB zzoz||m3oQIFn}2Fx2T5!p#*Oqo*DKA`D5!4*RXDozs>7XE?DwSHB3^9VeWSvnz|f# zOt{_N9Il`I39@a(1`)-cANc2=32Tlhq(X-G30|1erg!STMMD@Iwt1bSJ-?)Evj8~F z7tPT&of{L-X?^RyZCl;m3U#7^T*0bym`NLJ?U=%uU{|;ybwN{e;k*_2fD>OGxeUE` zIUHI2_w!6ZF2Un{^6B$wAzhvZoq3` zH;Y%n9DK+w^&ZhMaCcpu^OHL8zjDM|ZW^tVd_%Et)(2P6NdA_IWZKv|D0ldGY76H+ z#Wmk_Ncs<~$1BzI?i`m54Us|juut$WpWI-QsZ?6aZqS|Iy_;3yu?S8XX#TQHF0CW} zA`+ydO8V61kCs$|6aVI&@28RS2jVNs@Y7B({(93e5^qfcVELJ0m_HSIV}-jl=i7f` zXwF@}btO~&OCej|T+o(DaZ219%C7+X_kJ@^5Z!TKXf0|T$P{p#nqK6Ha0ID)JXFyX zD&x7lS1ZsxZ&^Hw?}uzw2>F)Q*(@*DH-gg{AZjjqb6WEgo2=E*Z2~#P{$P9O;*VYe zm}8NQcP{*yn&*zjYQ}%45tGBgNw+Us~ER7p;$LX>zErE)V)!*Bjq{EP5IbW2cjmyKrT6oi+O5X zDLY}U={1ym-_4c`O$JF;O8_aNzQ|V{zE3wFk*D$+XE{bHBfms5G*!Nc)i%*Cmf-10 z?;CnMVy$7g+krhcgGfcdi%*2jAW*@!5jgI>vSm)p_s^PGlOq+MEi88_HS2h>&-`slZ`L;uAlKs<`P4T*-bE!QNs`bP1NiQ2X~ z2dvj{Bjri84UT`ZX+Yb%I)#5)FDjhv0(Lk=qgFOc3Bo?KzX>b6y*Ub4FCAp8Yk4Y) zx|tp>F$(=Mr7SwWeBKm1>fauDw(3|iwI@iEXScVa--^4Lp=c>RwkrSo^OuEMIO3H< zTww|*KyM386GgOX&;FiK1U2yG-R>C$P_MrrEkxf};|3*CtCo_5pb;SBT`MnTHQ}qY z{5<;6F3IhSU#5Vs@nrt6`A$D-^;?JA&6t}VCf)W;$d>V~w#>%nnvdqr7N@|eyKR0+ ze1yU_s(5eUtt;M0%K1YoaDOg*Pzukc(geV!sz23o+(&Qr!5YEy_CQrTc~EJ$1F338 zj}-%HYEWKUExu381WX#+MxHbMIkS_|3NkuMgX)KDGO1vZ%Rkj~Y&3>_3}+}enFm}~ zLOc9xI(U29Py`YXc+4?;F=qp|SqN&yt9@esc0a*R?oC4*xlQ6ptWBUq3RPO31}&-s ze>IWQx~^Mk$ec)+s-U^liR56`P->ERraacdWu>sNbYpqc=%Wwo>xV){jGAEaoMVJm z={^kwl9;)-OJ`|z)KP9VQc#C_L!}`b`R~nW&$jG-UOg#m#5x=~ZOU+(i8#(b3dMSu zE%4;vj|Rx-=e;$WWS0YMl`T78Gv*)pHRi%Td0%Ywl`8MB%RjezyR8i~N6L~!n3&b;@+bb^9HT57r=glD5Es*#%9HWvRKn<>y!wlVPj zbEy3g;b+K5G1?}vG&Jg=Xkw}g_Ek~2wO1;^|4YLG{6t9m6hb~BltKkdnpm?*V*9(Frqg7))KIuJhhR$+Jh@SydB=WdX-_)kZi3t zerMwgtU1`xpHaA!K$YB%*T-Xd<)MQ-$BLXo*d(sZ?gHyqHhgegdgkFeVgz=S>b|ed!)hqWHc`>%p`&fX;fGIS3G&2+66?iE)7{bRP(OIN8dY zM88<+!dI^{lIa$paSS-Fx1PfC_QNvK`POox{Zo&p{4y!e15J4z=xMv5Bkc|PqW`?P zjwiaxs30)yEv4RR-m;H3#P_~)C~G#vax|c0=Hk+V zHmn5W!2HlX)t?7PkQ_4p9xfwbeZXe{u^AczNQPkK9pa9AYuk24Zuda!*SN6-QVo>w z`ma$S=YqIpRfwcT(fU&k!r&;^7sU=zDX3z*Y&3O{8P?UCU@`D`6MAq}L5Mor>vnKP zEY-53)-!BKUhQ9c$W7K&{<>)0yBPQ};ZbbrN7FQiOQ(;3OuR zxkIo; zf=d_rWmthE1=O-VQ_u4UD#swWE5DM3tz73#+-m+6^IkGHh}$|aZr?y#%tZHt({FpI zW~t++`oqwtLAGN=)HcYr4YW{8b6@+nZ7-ie9|6bE~aF-QPouTW?jYUaZ3v9Ri#xZZRyLX=em0M0Ayn+5n8k5|MKXga8Y-`-wK2E z?WKcYx#D=E_tzY_!g#aV+@J1*#EBfRo+MKDq4phnHgjupJg43kp94J9XPJz91i<%I zH%z$Y@}NOwGg&7~>wgSn$Q^U#BokA&kWGA902Gg0K08#9mtP;H<6dVm>@=vpvcdI% z^vbClFrM6GfvUsJ=Y+dE%M;#Mwqo8u3504e4wPFb)G;5}R(@kI_%|ZWr(8&85zvr$P0iVJuUfjutb=a_#6unl=Qi+3fD`@(WuxB9{d0aQ)8(BAbAL0 zgIRmQlE0dGHvSXHtKLXvtf<*zR-veR=q|*GDCZ$Bs@UApEP*$=q+EMXB9%>ja!ZE_Jihjl26Y%X(S6f|X!r@B0Y3=I$u9>5rz*hzFG$kibqgsMM8y$743q{sm z300G7_yrbbbCUu(8rw1A@Uw3uVG(dDsX5fN$=)bjQ5M*~UO$bDhq^$O|0X8T-hFQN zBy&!!u!b!YbzY;qfg$1GYXwJh0w1#`#ni%6e>oQb9jjg3!ZN3Xu>;4yHwq)lYqJuQ zjXhIGg_y^FHBqv3-?*e$aG!O$Vc2r=7PN$938$<$2sz>o?#IsG-$x>_)$A8<3bd!n z<4{+ADf~A&#ZaGW!w`4BFF2R+W&{oTjd`iKRle=@Pfr`!C`2@$qz*BFGG_>IieXsp z1sJ;zFI$<1&hZ07Iwi4c)lvSz_NcH-38uDUi8xr8gerG#y^)XkV4L!Y_)HhHEKX!? zq^f=cH}(PAcPQylK8JhrFs+W!%CzEh%Sn4z;)Lw5+9h@!>5Jp2e)*v;S50^lhTx*N zTdXN;hMBeun;%|eTck7zAhT*`B#SNm5*I-26#VU`09GvAH{NDL69P^3e;k2dASul4 zP5(~j8;L?T^Ok7y@VVy>pm_%~R6UIm1#us+WdqBo)zEQl&>@aOA0&q4Qlo@-w(6J1 zS6FcQB~ma1%q7xI$GG{k%k}Rq?kFtQRU7V}X85gqh3Q9u)QbEZZK9F4B(a=upzEXB zaj+c;q@|FCLQV^V!{$td0n@J!%e~)J@~0jBRWdowBwr?Z1EmnWywR!1yI5?~#RS`W zsMS!qU-EmdzuAmd1Lk!n6kC4yJWT+%+kW+ptl8M+nAn3W_)qy`7h**{CbL{ysF!Z| zw9_~0%%651GUdOY}D=FUA=R!PETA_bg0L?k%9APw+ z9Qme5P4TMVbup&bv6=O_v2C|`@~5;>xr*}WUbjCWdI{h9!SWU`BopOxw9CAVm?R&g zeYpSG)!DoEeV_ngkhbiHekl+Gv>3Aq!K3>!_?g-eLIT>?1f;$>4-(iHj^f|=KT1Uar%<~xVwRqp5C{{hJ)(nhygGXXBHU9qt z-4xkj#lc(z??H8}VbeS3s8X-G1HQB0j|KEye!idc&er*&e{T}!!JLwvS)?#PFr&^r zPQg*vCoy%n?JO0hvHzg*E28(c3Pp5_goEABEP3HSHLVl9Z318^L;{3I;=ZMxG>yB# z0~Ea)8p_@PeL(5SMRDPF;#Q`juF&Je(B{2*U{_(nwg`t;Ft;Jc>}JU1*TZ-D^gv-W zoqFIqGkA$#Zdxo?9=S-yXFjIVRA_aLd$Kszn>6pxc-iwkwYT!RLr@|Rev~e6kzGq_ zSE|N_?_6F&yUlm)DcOISzj$g<+_XB)omTalYig}nQi9qAWAkW-;_BNB+E&(KhMgCX z(6~o@F#CaZPQZ=TIAjt!4lMMt(E<UU%c1O}w^>~g;nZs?3#RYhtL{Anp z)E8^XOvv1`O|dDhbM!c$LCqj~jcKnsxi&3<1m1Go>qbN@?FWGkP2mHtgb~c5Ok8)~ zu@YZ;J7||*tbg&x$u3Xx^NQr~>!rF;cec1#IuV8a^tTtdvF171?Jz0|TgW!%PBh2c z?w;k%GI6n}tfAokFewahFg+J^8J^tr%A|@FU7Oz{*;pPu%`2A*uqq|35%7BFO?2r@ zuk?J>;(;cxUeX0Nq`prw;k02Gv*E|OKsDmW(iF>YrxcoO28oGKv^>?F7actfA~}*C zXDu_Wv8}E?8~1O(Nn5_|e-qQo8|z-kh&JCxZvjxM1IH^M6&Ozbkugq$h{bKqwY+qbdw=n@Tnf-b#Y(390A+W3IbvP39BqgCoBJX( z-`RHA%Vz)ZD(opHcRpeEJF)R6UO0mqQJk$n_UA-xzMB>SEH?Bc_&H74cPZ=wjrR{> z?C{+QJVu2CuJe}y1K$*KU`Pu(mhlw2cndF{;rHm`qna^Z@$SQM>rS8StNi*3M1l$@ zJYC)MORpMb>#L968bOIPwJgBIin6Y2^oaaa$x$xm=OhUH646Wnt?RdYf z=zD@2%5zDaI^kxf2wPnTujHF32$RrC4}9M#_sI+NwzeY@08u8>KOYd#Szm3wOT zT^zJ-bAF#eZK0gir+j`HKAPsiNb<1x8Y%{{I59190Oi7}Cjw@h08W9kU6}AzCugR> zpU#BP0a_x)A@*Dut6>%7@DuXifq{0P>P$YnlB;6ZdEb1$mqFr$>#x9$vJKP&8l&JX~%i-eBqsZX{wddjzfuZ1(N2M5x_R#Sg(Hyn~po;dx1pFeZ(TU zRzK)k_hDG(v4-mRBi+;HO$%ov)l;qABYMS#%+ucEs6THb@7z#YDkb~t85o0`(!A?~CF{W8>`-d%=v-kJUn0 zRFmkn!Rdub#bF*gtU+rfUpYRvv2^&Yz>;;c(#-QEpWKjT5wy=uyhdB2jJ6^^<(&S08o)U!tVZqENB#)v5_dU#`{*7JN%pr zfuX-$wKOw@E2?ORUO#m`#|!aGjFN7yC70@dM0w0<0aiJb4zu`~DT@i@Uy@rZd~7hs z7kF~p0n(-hOMJBUuN7`8`@`LiamKD{zF&mu(Dq`~^5c_?`vV48Ck!{23_M}mzCSYm zWZVex6iV>Y4Bzz4d#P)~JjnW!Tp+ly7q_1q$ko0!d_=Azk@;9ab|gg1OIF%jrGiaMB$JWh51J>%o3VwV(Sg@a%ELxWXDNqEIowg|D=5 zbr9%&de~<_kQD7#`l&Yflgm`!UF@R{_onb|>7BApZiBhG63;k{=p@Kd%Zi{;$1Uxl z^-Z?4`VT+%<}4tFe10&9SLmfBr#cA{04SXfI6Yl*XK;vkiJKyf++X_25F{$^0F&xN z4W0+mc1a=Z`JxMnn@_9&b~XK3>Zho56r%XA|&Hys#_iq3yQ<#M;*eDibsX zQ28*=JNpM9pC`ZS<@E2Dw!cBerjfbp%nXpCwcF%>%{f_?ghu6jI`$l$0odKk)t ze&8aX<)i96mvZrpV!XwRLN)3wdMbC~_f~T9?0bBB^rD4phkT@Q1?@F+&*H`$HH<>_ zfI4;eAUeZIB299DBCsz^k?D>Aek2U@4?>3CXvCYUpt|CvR=r5|7;}`$ggr2d@5xDs zrmxz%)e3GP?VNQRwX9Fe#b0;pvw@keO8Aa4xtd4z-IT=6Ez<6mQlnG|T zJ|{`M<)?-;C|ioEqX27`##QGrJr*ZWP9&WBuWf&rhSRSnCdl#FC)IQCM@8>E0P_z{ zTFB9VC*9t(P=`b_(S;OxkRzp=MdN)OKdu`AVHLQd#tgt%8=q}vFRZ+H$&-E=aeA_g zvz1yAWHhPQx<|Jjv2=GBqOs8SE4qp7)J^oBn$6;c%+=j!5sHq^XugMhH-pTPG?xj zld-N_qoho;_>BEXT@*7kBm=X~iF8MR^1xVAIuAVBtAD)m+D(FXG}`|I+d|;P<;#&l zXniBXm~f&VHPFoafM}4+x+-Cige}l}&RKgjHM0DZRc-Z)z4^z#;g-xdgN?Vfh%Nmf zav_=IaC|B&o!Jp$yf$;TTey^i`r zsPTXsewa6c&5#CZQ4>C8@MLhgKnHkc`XrHq_wo5QH9vt|1um< z(5QUuST*od;??8;$e31;{3&7`UR5~rXNH2Gy()Jkedx}``5TT^3 zUQx~(4VK$}heut6HU8^?y$v>~6g->>G%BhRPwlon9XCyf-$W`Z#D(!y9i?v_oUg(u zY%1Cv_>G}m5xnR84dkF-1$D1k57_!FVk=d+FyP?#L;3}7A5gP2Cl7)GVk&U~(F|yz(I^#^pC? z_WLHGX_NphTu(FS1p-GH;cRnp+*+K;zlUYum2h-WkYEKrEQ7FP!sk#I>jTpH=GRnQ zAV;(TRANc2J{o|Y{a4W7>R~O@>k^5+b!E43mEO&G*;iiYv|DgKoPt!Sa~-i|_t5#s z9voR>#VC4d@4`FQ)}e1}{o9sbG;zT5_ut_dv8mc@emPO4kYoR@>y^<{NU<}BK?TG^ z-4uaaQ&)ma7(sfn3H>lqF%%3~E~6w!Xhx)i+OYcQS`Pofn6G)%Tr!MwT=^ckUyUr@ z6dJcAahTs{nY+#WmO_NV4BG0=TzMwm#9>IX~N@C)(Jfu7>S^74yD<_{D0)g_6+1?5>_P0p$wg#QM;s&&Yr zXf2);#l+Q@QZs4C(8vz+xV5zpiQf)xx+#z&w^L@hw z{LDV~JHoxE`!3gk^52wFy0Z&+PMIS~dG;KI!HIhVPKYYtp>|xgS+E@ufP2*G%~1&5iDCB;4~e4zu!bYyGgz*lO2E5Ish%;4n)=h$KJu)ca&iH%ub|b^r~)^p5aWi! zc{<1vy~p6SlkDW4BdJ{|SnSY;<1WDe;h!E$ozTk0httUxuk_1AG|a~g^qG(8o-ELE z(%;NiDmTTEzmCahX)PLYTY4NPDEklv^W$M-NTr09KVk8l+PSvGUqyw{se7Y1Z3N^C zZDb0J7xvUi>QlJy@-KO3r;-oL*y-D_NPU&6dDdhmU>ui$3$yX; zJY?Z)*5@Nw?Y8s6pa^3m)sMQ8vkPMcD=hG5=g^=&LzttXNEnQZo*Remuyw?uuSc4> zh<+0sSFcGfc}wW1cDR6i<@-zLQwpq|l_IjlhKg0X*7}sOr&jg4=jR#rs9{Dm6_}=7 zVH#xcuz9rI=+-Wc_wPRP^p+`&H-5oQC&0DI^HsyQ z?^0Vw_xw%N=>@9Kikg&mx>8G2VjizgUFp=O-Uh!>94jqw+$tAcEeq@iKt8Ztz7U|D~AZ^NhEZd=g`x3q{iZ%sa?34tx zyjgnnizw$QSewN>@F|aA?z#H3CWk}^VO1eg zg#5Ck9LG!3hL6vhQ-@%S_dJcbeq;C9`BV0Y%Ahd-upn!am_@q%>~{&6y3tk*B#S-V zA~P!9#AJ~2@0Uya>C)LLZCNji`#10UsbQ4qG$iqFKcO}^krs`I@WP5-3*<} zmubFqzZY}n!2e=Xj*{UO79zXpRo}|}eF~_ktO<29PXBw9HB%z6dV`>v`l@Bom=cKC zr{DW2?vdMf7*F)H1-D-utR#W*AF;)xc(m0M2WiXk8RI7p^%^DoqUmxqtNPv5bh~Op zt}pCO&r&IEYzeL2D~*lTQ|ORL{`1Xqi?QwbPb1G2u!QrjtSl>yns(0rO(yqPWV zTsOd~0P``4@432cR?XGcG;xOX9J?<*sweE0+T@_A(2m>traK|qKo_cDVJ2LUn zsZZ2LB=P!xGzn)Vi<`4jbVma#qqYliBjz67(s8>=_NzLK-LON?cyytkM7?deYOjnv zG)n>t<3v>~dH{m{5{at4IVOUp24QMVcI79LdK|2&_%VklPgC)Ov;PJ$5(6-T*^9{v3fZFOzC`O zWSek=F=D<*{m~5SrvAstIn=KU!f$lAByaKa0No^$(K4u)pLB>LLtZ=+^Ium~79`Wk1OEGnX$-kYL)V85$Puq|8c6#fc5-5zhd zLl8eK-?8}{zWeWAx?d#Z-#x;4a5fG*$5UK5V&_9*vR1JsK?}4C*4Zh^-3sibv;qv|iSpym*o{cJQ`*4iH*O?Vt%Z>8(fpfeX% z`Ixvh0n)lQ(Cm{!buv=N2!A6Z_lPZ;K)xC?ay zoWT*!m(N_JhM8&W#hRcL;KOn+V&#c`naeXt=XY$+1x=Q-Od{Cy5# z%vXc2jaKK-5aH}^W&#mvFP-uy;F`@G;(ev^z;|hDdXMQMk^%WU9|IvW5 zEPXevPsSXNZ%OB-Nu$l8=5}NHbOHfy{$rz~eimY@wL~hk*4(L#T3gt1xwpFK`TA_X zaYZ5vh*?&RyjD%;Gmt`4HkAWZ_T1OrB=Yk8wc-mEvapZoJX%LaJah9?smYs>(Y1kqaw;L-^V|(cBhr%LWFbxPh_!|9k3@gCOC19?Dq2|)$+qY6$J^VB54tYKbz?;pOs0HZ2^^IOhreNY z$HFg3o&+upNbK>pWWq&kN(+j)Kd@ke;{N|vWp5A(X)997U5hFgkSxYYE9}r(hR^}2g(z^)8b7P>6M^tiZP3p$D*bU*?Gl^G(CSp4 z;lfXitO7P*%2GnSr!A{N(7scy7|a}a3Hq|Snid%2@L;Pr|IbQE-gR=0q3<;K>G=@2 zGrZgQidA`dn`0*uL$1iKToEDkKXzNB$d#PslkL~ttqBn09$zf^{8BfftKb_<_G z|8zpd6GQI$&BWWsp!RV6^J^Cwq>Bh`Zb!D>-_^a@tny)-pZ1~Y1CZR#`S2a+*Zn}Z z*<+OWe&XCVi$#Zo&hY2!t_%FWd{Bw8K~2T69=9z!L1pvjI-dm`8m9ASeU#>MSXX?B z*yyIN#g^WK4m`e^I`(x1Ewkrt}jz^@=x3v(Y$enQ2n{qZ!Y5wq4Y+Z|i}v8Tst*W(G*xS~KdoRYw@vgb|CZV2@YXXrSU3N%)2E_~ zgYR_bRA;SY1`L-t&Bp~cjE=A{zn9ro03Ic>B2}?35E?!{TuKsK~R#Jr&cl5C5VcxO6HvcJnwY7 zp4z0KKt52cBE6|zo6ND8;GNJ1^ZE<{=lJrFzL{ zuj-NU{t5F*4i+p7?0>>QfQ5m~37GA@D!dXU5T4m)1)3~#zH9Vthod_rl^nbVbJK;p z+Gf1MZGT(|_Mj!+P-caEuJQha$Sb!ej2TQTU+-+2jvVhX(e(Og>$-Zwe&5~MN7ZFJsP(B>w)MmKjnUP zey##jQL%Yx8AJ;HS({$Jp_myJp_~EF{MUwA$l>#icUWpK<`i47F?vE97-c&M{yLbM?Ww;4hWPGNU@%wp> zo3=bp70K^qxeBWvz&nbX@<*4lkI+NsjUKP_mSen;#4F4S0HVZ~?)cRlB05Oh2KMgPi}NkrkJ9cFo`P zfYPU92&G?8FKPw%_W)xtRY!D_J>fYR+IxG(uod<_g&%1Nh30kOkp4@pLfe+O<>vv50d&plmDrhGP0ryCM1b+{ADT5@e6zn$`3c&6h4w z$66G|QT8ep7RS*t+doVggL|3anjLEr#o|FWi2M1v=|q)jMJlt6hU46@AAc65?h)Y{ zLYHB^Z6*=DQ{}<3^>8DVWLm31%z^q%rnBC_7S5Nly=AUfroUB=%?Na5`VP=o;7#(Q z4~`MYSdf&*oeGnOnZ|YX&MZ!gi9uJq*4skBNiO_{K9uhbC@qH%DuJQqa+2w?-Fkns zM-SZ(g8oY86NfU1A0#Fu5d2K8vXOGjoBGTQlRxcbk>@uB0gFxLS3S7j-#~w)74dTt zMwaOg&~W8>+wKTh=6}iH@DbtIS!hgh_ZE3jlx*oiHJqFLxDO6a8gmz8T=v*dSE|tHUu$O2bf-VNydYGY$YGUlXkiJX` zH#b_1T|G_-isu%q4gU?YQ*d&loiU(yZ#RN>1WY!300b^3T#A-Jp0DR2=?#oZv_~Yl z+BW!yyL(ZQ6rn@T|4%^Mk)bu)QltgOC&&a8k36HG!+Hxxq`j+d+v`^ypLHlb*B+!3 z9zZq;3b6fRYM?8rJ{8@I^h>|%q>gDw77JlL&jA7U5CiU1L(Pw^XZ6aj;7C+ejUyF{id9hj7qf5w{p1DWlx< zA!1GBK%VGra5pnS&>HP38f%a*lt){|C zV_7kI3Megg`L0=|;xU8|?6Vb`FZAl2s;FAyS?pV2u(4;z-6+c{ZwlK{rg+r( zTtph5PiNuG?}tRsq}s0V8~Em85npN(qI_~L%qIO2FvL2L`MOa&m3&P2cVBfTCEdUk z`w(?uNG??O=V%#7LKopjo|>+7TghrTlyYE6W;mhQlG?%S)j5#=$WGWpjde^$+;et8 z5oVa$fcktaMrN{f=7rtJGq_12lqQnFzkV5#j7B)s!6 z+QHK*{fBzj7f`D@GtsGnQSbWTsm6>=Jjud^vSm6;L{HfUdB)*_W}9$~BAK@~Eei+@ z2twD1-?9?bB&*5Ni*37|n*f7Dt?C`OQgX_?oy>4cxq%Ak?L4kQr9Xg99t5we1N{8% zE@ed5h|X!iJ-nCpw#=_}{K|*h;yeMKKymP)M}z&?NB&D?TyYiX)oC;+pEGUAm0F5h|Uo%qu!-Em%1&uhVIOZ?9RbFlS z20(P8$U#FMjrNR|JLhl6xqcMS*wk%vltoVQAmcZ-&w!COQdi6q%+p$kXK~|f`XWiM zrLj5DOBb0Y8m)b0Vyp&s421$Y70GF@Bg>G}d(V&VyI}etp4U#TbbY&uwx}cT{b`xO zz-)eO`4tR?-V}g4Lk(?pzu1WX_PAKpa5@%^c~7lL%%)KHO@bYFcUPW7Yd>PqXvS{Z z8AG%>!B84Z9-5!;WY&&86g`Dm4p4TdK6-U(EkQ^}ajUz|M>Yn;z3o8MkR>{gp z;PzG`qyw>M<3Zl)hL9uKGW6{aAr$ZD`_t zp2{nq%oI9q{l)vTXS{R5^Z@n##XtB+uAJk;1A=hd@s;IU<9N^R=GME#+|2X4<N{bZM()1WvGycs-z|_5nAP-lR4fyd6*V@2w5C;@1PbP|^$*KYd$m4K6Z-v>S#_pM|!EOvtc z(Sy&Z+mBFO6rOETY%)We0|%yXY##BWX?$KD6Np6B`X9adkt%q1K{~^}9G1fn)A;*1 zq1VYzuM)SLnt37AbW_83tR7AswK*u#tScZ0PWle=hPUz?ICNYg^rH!c8Swfp22cRP zWg6-1i*d+zkxpg2a-*Vr0~u!!zS&0HD{pW_unQu>rwn=IgbJSHnE5ySN=)waXiztH%X7m?*pz1BO=&@}yadyMX)HP*|^OK^r_VUY@{Nf*km?WAsi<+%2&8I1p z`o$;17w0ieVMgYA0@{{@=!Dx=>r_FZ{@u~!+yfh%>u5zkI`i2XtxG5RnG`|nPrtZYcbZ*e&;^qNadS-*Isw)k zI?I`mb5K=d6oT|59@#D3!A{ZaijxC>dtrt zS@7cHsrlf;!)g%2xgyIuOc{{& zsvbNCfCubr1f;RPoa((eGH$N?k{;Fth|Q{{C5fCwR$FE07VxCZS4X z!#(I6Qhj4_jL|EN@Skb!tQz(`sn6SkCk-D9zi%pUy58iEQqvqR9+*w|9t4tzt$WE| zFHFl=ofl;u#QJQ8dO|L;*OwI$uQ~zB$W8_mSdvQm4aLLujD1j3dtFQqN>_t-KaH5@ ziDfLHo=j?xPXi!Q9jKk|GOQcuNmCxWbh8T^mpBxrkTTx8Wq{n{n&@n+N=t%0L*qmr zQIH#zGIuCnSYe$1y!rDkhtP87A#l3Y$JY@r=CievQkX>SNB=fDumT%+WHimzsyB~A zB!cN@A>JKO_eAhzkyn6hr3?b)gQ(&A6^papT6fyurSXIj3_K0!?D@g_G^&@ zMOV*)4FUL{CA53|s^O>i1lPH^bC}oPEJ_jcK=U`M@4EG+7}9_^^C8v4C8F=Hd|aN9 zT543*yRq$Wlm(4o)I5`5E%vLR+=c_iWjIK ze3CzE14x=_sn0Kn84^VePQPYEGBsmBU}I1p&_7Ia;Ng$>~Z z8hPg~KEYi?+otC7h-J9`lz%>*86^k8yJWpo+j!hs=EAMj>zu0YPnNrMqeJX>__}k~ zFG=s7vYJk4FG>GoOr{unU8WDLY3u}&(IM+Q^Zu}qrVSb)EIOF97(B5I{hf2kgQJ@S z>UL|Tq;zF==8;nPC2VX?D~3pSrKP0P_{Mw658=VG>^k43E(hO|irnl2<;UZ}yWuCV zfOywj4%|74tLIz3bUD&D<7nVF%vVq>%d|{5_RkeHC+ajv5E`gLTvJSW5M<%k422w%tGm+87uV$?BXoY&mZN4@g{M}5~BC*_J#lcj8w!HXj@H;~+?S?;bA2AMZp zy?IX=&&GNee3`EXz>F1m`x-c`uoO4SI6};}V+c{xKnTI|4D@_Yk#2OL_0aV#N(Et^ zntKbDbZ(W60VA>4^z(Ycf#S_>!L8-!o}&QinZo`olEXB9u>S48SWO(*cUVXHjXV$qR_u7vz84C$`(+) z;iqhyHq-`1@q%n|@k#!E^$L9i&eVI9V6q_3-neD`xXfc1 z$-hP4cf4S46!!>|Q|^tx9ESX#YtiOLmUi&};x!W%x7Vj|$#bS9dqrTVxWX>F(R@se z%M7USqjCN!C%)6a$W`Bo8OnAXya9N`3ikHUCdW&}vKcF~rg3zA>^Hk(fH&FZB~6EM zbZHZf1LB`9tK={IHD0_x2nUI}GgRa~QVi*V7o|*eV4T=L!f}4x&^XvKLmfjVQPzIZMcBn%fa!{mo5RI7C+Eq0_3A}Ql`b*db;ek0W2 zhNr>!%}eIL2K6o2^O89;kqC@`9rO2hEG?&KiaiKFV*0+N%ItzvyyOS*6*!UH@{61Hq?)*C;#BLEz%mMrfXph!4h3G2zLZi<5 zb#+gP*{|~@%lU=c6tpGRDAzPV8U^nF>#_}a4F3s_>2MIB; zLRlRJFLM+sRLGF=-^QApFY~o2d8#}GC*>h;sx7}Ejl1SqgGahL>sb47BN3_7=7Rmb ztQ5InL7JX4jtVbF(i=6;G5p9wnD!F59`%7>3{XWb+M9!>GS5 zpxG9Pe!pAIvI7QiZ_+!zPDa)>cCu;g?43K5Bi;E9N_sRE4(SWU6x};ZEE_ctC3qd~ z{6zO6;VCvv zS^C=24U<>i*fGZjMQZ&u68dRP4NFgYpd}x0DAcuYt9|%-uGydUa_Yv;yoVDe=TG9q zIut0qb1}leSw04@#UB?NYCNibz?7%K+KVfNz@%S!n4dv>pTc0Zm}M)|r&?eokIqfvn z+QJPN`jn_OHs*aC)-7T)bjA$x4-z==&`0o^VTJ*xrPF95FSqNKO(D4pHEN9_wCPVN zsBHKvjw}E&A?RiO&~axyozuwRyW_KuUHo*tC}B_qj+Tr_(0MEAw_oLG(KaM)Z>HE~ z!>m93maqJMulA-&Hk|6LnU_J+Ttg5c<+sh1<^x`WN_7w#!PM&N9(_v&>(j14iQmJJ z9%YGUaiSwkg}Y)?({)ed_Tv3*o~X>Rr8mbDP;lbnOiheDAOF#uZ>H~Po$(?}$QGgc zgHQ+=vE1_yhl_(9!ji7)O#FproCi%V@u3%i`4!CuwF>WamBOb=2A#{+zF8R=0$3mT zolT#o9)Rx!lCQCY_|o+KBVq*Bvw`B1t25N=%uZZr{6}>;;~{TQZ&I|$u??Tc)5aqv zfJ&Gp+^_AL^c6`HF{@KryePjeJS`L@|#@P&YqX#j{rB1Y3wrMRc>g% zFqI4rWDZ$6*O6uC6OjWk*91UU^%U@vX-PNWZUVkpXz9cJXupo;@#M zKR3EmWUnSKA)~F@z43)ygCSjm;XyQ@dexCa^@id`1eLrl$PE?iZy0b|6<`Xb`^p~r z;ejlNodqfLBzJz|wv$q#XF^fHt> zlx2A5f*XxRAPHusZxXg}E@L6Bpg^<9keF|wy;4ceyQ30TDW~>#CYx_qsPUp2wagQ< z&EQ7EOB4rT15pHtJOzQ$l1ABp&y0i|2r0MG=@WpphNkr|VJ5#MtM^wYuP*{S=}&B8 zysyT~rPi~oPVqx+UN;g+E8-Xh4ygm%=(QiU!;KEu2ZvXG5&Ntp)$}5?vX*Bx>`D63 zGTu15KPZg+bWQ}J>{a@4G;g)~#qqJf2uBb_=YUTS#*NE`A;Ql3HkyWs$6d&?^j`^ewq|ow#l_D%MtU0(dUkPi+@5 zQ!k#c9)3QbL~nd8PM*=lKJX?1wauU1sLIMrge@uW;tw5U-cTxUs1O${v=OJ?l*p;S zR;QRUY2!%qX|c1fPwcxn%1U;R-&azPxadjV6EmB;V_MW1>6?psB1o`94Z7cMoew{f z>tiWdO%dCRhQM>KcpJ$36&Tyg{5H08bBnk*R&dkfU6^?|KI^(Zpxar!_o8%^{sOmp zP$I@3FgptH_|m%@1DQkgXH-<}3+EG6_&x?*_DgB}W|yo5*i#9{+d-F)G|9u;K7;l6 zCJgo$q42SJ`cfftg>pRLfq?%9jASxf%$oIP%y>W?ba>H#Mf7NL5Vw#&bF7&a@%Q_%xz>Do4% z#8?XHj2;Jkq@{RQJLRyKA|0@A8y0pic=U^P?UH&bPq2Jq@|K9?QP;*L{wdYFtDJa$ z_1yTPl_DcrW$>{M%Nr?Sp}GBVAAMJG5}gigtw}XPXe#~=pEj$wpu?vojjx3CpLa{x zpU15Zrah``5Icq(GcI**LT5XLLW*F4`mLG*Xq4YSMx%nA%WY4Pl4J8HxJhlaA0>ta zBRqxb%8QF7G5kmtIAzLXP?@~TAYDa*#KLsR<2mvjA{tNdU&XN!j)!0piI?L+URAC* zVvkRaSDT2#pP|S+(puJ~Ayh^+_~BJ0j{mA2!iJv2ph48}r85w2vz)|imU?3lxh7ok z;OxY#y22w4V7va@-NzL*+MS}g#II7@@eWcjvGj=9m@X|841mr`PV!$(^e)D zI+_@1BmLpLg``0Jw|C{X6)i+-kOKc+jsEhLzrQ+^Kls(4c!&Ld%n z5@w2g`u**{=osLk|GuLX(0{LNyHyM~PUI@6EMy%W3e`mvr=K+YRaef~>J9dp)Yq)xE0nEwR-+ z<3u-*a$)8D#@@1pD@TlqHCF?Cbg4EkmBhF;W}72=VGvw$2dva~OfHSG`uHB8_~bXT zv}lffx%5T5^+v}^8}xqwiUy1_0Pu7KEHL{fC($0~sNy|^Gf@r%i>yVjHcu{X51K$v zt2>gatBs$fgiupaHx$U26cN$(tJwSkP}jwz8F)sumYM{`W$8(_uz9=>|NTA{#j4C@4#^EUw(R`$^dv^Y$t#s~9WdGyeJ3#0xv^d`!fR8R zm`UW*kSyad=~Mr%dj)8FCf^9Nd!3GVPASJ0B=9FK%rJ`rp~UlyCo66r)Pci3Y73l`=ZgQ0GsFLb-Q@>!}@fv zgJoYKDN-TJ+*30b#aJd-{4)>l(&#Hx~ntwxwTb0@|~^gl8S^}v~e8|6+8!R-UYCaGzj->=ObN>Q>bHZ1u=X^y~Ewi zPJNF?^&WAPMBxQM?Jnp2%FsQp_Rq#wJ$_ko(m#Orf|uBoMw|)7Jg+U!xgY|PN5^>8l}q#}u%u>4UvnD0Znxp` zy}o4`hH7EJ)+kxNyiw<^B~$7JC4KByw+r2@-eS$kutVSp{|yoFu0y*emBM)ywrO`m zdE6p|v`Ystgmp1oecrfd+!Ubs{Oc? z`Ua07X#h?Ids1YDGv+nwbm2o7J6&A|wUwf8HB`~Df*M1Y$AR}Wvj zaDrKAZUL#^x1GvU;f%)N$nzNcRm2n;!DyJ2HLchB=$O|f8K`11|Ip#=8~I5))hX~Y z3k$g2M=4b3usACgJ6LAb+0FFzxYfd7sKdl|u}WqHx8%OZ+s1(3m4ykvN~r0TH~f#F zp=D6{;$mj+vmYQgsjgt0u7X-oo-`^$rPOq`X-9kIl^g*eX#Ej25|FLGRL9^&P7H=t zK5%bcQ18Z-(w0-3SCx9wTdyjzgJSfKz0c+ye%GC?`1jKrz3>*XrD4&5yVAch4TPBH z_{V>gwVR}TZ3^Q2>f=ZNDY6V|f|{}fENv76HG~hpv7al|@=iC>5`^p}(`!EsQW}W{ z@CelW+JzT=Lue{Jzyz&5CPym$r+!Y6BatplaraH->af1AOcw7?+7AYgtllx3gnhQd z7U|TafJafx>vairO#Np}!=6hfob+`PU~HLd{4p*CL+0VL8o-^MT8}nYhsc>=b@Fy$ zX~nKcJ@Z@I%13L?G`rf4vx9BZObBIDZ6QAXD=XcFS-8-eO*ZN)9=DETJA~n|-$?g} zx9ryo^_?i8G*U==ht(VRb$gl*FeM(xEbICHFgloS`ki+M`f@us8>rNOvv-yoqHf$# z1i&85Cb1*S)@F1pm&NG`Yc6Ae-GB4W)%5^UUmw}>yw`WpN&dk>&1VL+Q1&z~tgFm! zjiHe%pzD~-4ln-k`#7#ALiit4OvX(X`$C;6g7qtDhh728Ao+lP)iqgf7mo?q7&Zgk zL@C^|aBn9vR}g1F*xz~ykgo633$AAQ3RZS_j1i_3<|~3D%3RLOm>QEe)rV>pqq5nJ z4oaMNUP&2UnQeRto}oaAZZSvTt=l$y z-E<_fyS2{Lc4fe$npDe{{lO$5L+Ao~G~dA9M`AD8YvZv<@*4|n7^r~FC>MrYD=)i% zGS;G~`&rwHaF>)G6>Cssf(+xubKUD%*Bzt$eTL+k@-FQf_i=q&Rocu}H60z#%L$K# zbI)_`7NpO*Z3j&=k8C)O zCQ$-?j+Y~<@E^=Rw%n!ErGBOiuJ0YePv>rvv(F)OPi%+McD$7h?}(pK9#Lx$r0nzA zGhs$Omnfgh>S#6)&$Hc!2RKpQ**7iY+?E7*Zz=njgB-xC-{AIKl)miXm3kCu2O*R| zMB{*epU*JvQaOlHJE@A(-h1bDwjD1~$2MsB{aQE8Urlm)qY(Wz(u7j9cm=NS6MNg* z+dWqoK2>V*vB@UoAoEtqX-3P{_QM4>TfKMRkIP^py881ikg1?tX|1LCfi<*uLXbmW zLNe#ES&!G@V0&edp8f5`l;-4r$1d|FLT!UTNrIzVzyH*+QiRs^X-0e*AS^{BNBf*f`AUT{A<9KS6uu9;b>$ijLE0w!)}&R ziBBjTn5c8=kjz<=8iT}6;?v&lCG?9z8uxvsfNm+(=M$XJyNxZ5h>VWmCB(K|8%lS;Q+Jmqp-;QaBUgQxQUNFkGwsQK!wwLA9iZmRm;7^&!>@KU_imH0IJNIkGb-1m#>jN|CY{E|bAJx=K%o>Q3 z1ihJ!D?exYzfZg*7cCoM zl8*tN&;KL^dJ?%2`r%E_des}HgEjU2wV9M0ZYJxgluUlA{XHFUloX{>eljtNYnN!) zkDM=&Qo{3T>@;v;$Xy$(huY_&_C@ zbNq}UcwTiRvAT*2k*mB?DVaL0zMMafUvOB{L`;xG(H4t%Y>L1b_WL_6k3nlWVBZ8N z#iI$xh%QA=15D70dIB<2!{O?`dMvIsU$d;YGHrI&H4&$M6aJf#92bhoh*m4cgG;4@ zkikc{fhSb!Rqw_UWbJMOY)I4IG+qn>Gjb^;5Y)!3V-j-VX4G5zY5+wnL^i zI?eZ_-|y8erAMLgbM*OeN7BBLMX*KLXq5ptvw2C=-r5)!Uzi<(KQ)n5%_B?s3B={A z2=NN1YdpkyjJluR@Qji##%kMo3rEE3cna?7k!efe)+0GASuIq1$l;Cf$~YN)r+Z_#&wX!=;T z-KRLRe~Pk2qmDf7q|I697m<&uk2#aH&PuY7S23eyjTP=%29)8@5_6-qoBQmldIBu7k4ifxUl{DueivWIXJhv~!_ZfSx8?66_=Z3!FVb0kMqJN0?_*p)6FO{EBrNl^8?bqhCI~L z|BtC}4y(g&AI>e~v}|wH(pq*c+pgu7?UU_VwryL>w!Lh7@A+=eZ@vF@bi+!$(Gk85xp;plr#PcP4dw@qkm?(jAYRtFD58>FGts^i9Md5r8^ zoBjN0Y&Ale)e0GivjwW^$GDD2c+jvUMUXQecC|r8O9&M1G%RSIqW@W3oTQss;5XPlsZr z7a1v-*OgUS=;WnPRjXdeRNFRXIScs1B4S%&blH-_A z!nP=s-GN?%Dt;)wczozAB@CBgWtS2DmLwpE8EF=oQw7g_L1&o`v!C=W82EWx33@p# z=;gJl@F=YYRYDqCV$L)uBHn7HM(ksu=2u%+I9c3Y=d1f=fdOvZ=h!mfgnu{yShhKq zlz=8q{OhD^L94EU;;D+u)8H{SaLb$0itgJWn=TH(D{qmGInfU%@H`u;JCxXsjNHnP zeZdm+*_$6p+XSoHR|63b5>pC=+zkqe{PbM2%y)*pkEFW4FChbnF8R z61@E?xfOGKe)wD&(bw}53?qJxcOXOELnA(ghGiOzeDHBgf-nFrPXm?M@0g4~ic&Wy zI+Q?6YBy6C#0)K@3pgV-S4!4SNG-`&i9A>90gPMQ+6-~MrAEbjj zosQqu+s`^@yliKwR%<|K)5hRk2Manv#`eM)c6cwN`;wd`viL~IgliFRim;G^^Z5NB z;D1@6^F2w(MIUL0I&M=p`eMlM?MU$nb%nF|S@HNd`12$UR*VrkeNdhs6wr+Q_ZSHc zte@hGl)mB$jSMp-J({8$PNfeL_gzT*3%+)sUGELKXh4^;zd~8bjz$Z*7ALI{g>{)4 z)->};{f;LLTNWZE!e=h2g#&Kg2z!iAEU(0zE4;`dp57ZOtYvn14*$5K`~_%-rrJkWKVurhA# zrFZDJfj&AZ-5PytRyZbO$;(ce-V!r<1Ju(A++xV}X(W!Pll8y|mVNARHc zi+hM-TtDTuS$mUsmvKTXobe$I(9{|%-TXzoVhvBoHFz~=n^nTF1+G?;m9MCJ(0Mt~ z7CtZTC}(VK%YE4=(Ln>TvQ$Lk15l8HUE+M4a($KGY}~$5F0w}!t(R&$mGovm;kgGx z8gxDzRCsy}WCu8`@iQ*=i`Mfbl+CgVo}^ftF;W%^+wBeNcKu|dZIV~DEqbp~jH&6` zX6W>ut?tbo(iDzV4>Qig1ZgA{{@M2!$>Db1q*BP=jKL0y(f1wwhTYkUyD&D!-oY7)knuS0;wktCFTb^m>XMc z6!^%W>Gaq$vtHG>p=^R91cCn_xts2ELF7&Zk^8e#_6u*@L)+?HQNe)30*~l2kUfwo zAJn+GeyEQ{s1th9mfY7sN1e4+yJ(YC`$Tztr5yGR+Y%Rj$~j`4sQ6{lMWZVo#u0ss z8i>Jrz%4Ytt0^x5EMKDHhprIpmrm(t zcA5wg(MEucRm?L}^daRr)=R~{0KSS5rf$B^7COZ z>)P4RCdSa)UW*cHd{(?CFfPV(3_gi6cn?M!o3tEukLn*^XB~;TJ{vI6@Pg#7iLjV^ z*R{~`?AB}`(qpjbwTxgWe6hs+yXV*#?9C@L=Vg^KjdLt(;PtW#Y7lAL?2oBP^xI_- z0*bjXRYhO3tYr2@^q*jX8N;1TvP6si@1>cbfBo^2f1LW8y@X9iaOkgn>zd($&fCT7 zuq|CW+Gu`xJzo3CmHx8@F|Qvo48A=mR<_M*-#_e%*6`bA-^iXE=3cQ&{PKq?s6CGV z0~(kY?Q~$1Hdv}j1zLQjE6MU(=X7MAAr@6BH-rP$UDsK0(zp z(<3y}vlYWR8?>E-blmxP7G6J)+e8_8mc%Zx4hM4pG$sl8PmgX>0ZX&Z?>yiV-djM> zPc}jKqHPpX-$W%CU4AH}{$tb~pgZK?&OFv&G`S~fP-*v{ZYhPBf!^YrGh-cWyq=03 z@AvMf)7)PkL$4-A%7WE3Ql~gL?}FPj{8lb@WQ@IOTG}7Z3-u@hlu_yV|qO=vW)tQcWXn-tfn9TP3QxdaRqq zt9f)zmJ#`_!##J~29&t*oOl>D!Jtnw<9$^4{gO5aSt!$z#uk^+wVjCaJ6CzTVisNN zK#gNxiMSdO1yy6 zYqm$q?^^EH9$+)~tM7Ju?ekhY3DD|Wmjk#M%zJVi8M`j@b>JNdG)Lf&9gowA;VybA z_t$?hhk{fjx3rOABq)k13NVqDWKr}~Q2^)8l6!3-=_J24Ts{+k{gMeT^n#4iu@Q@mjH(dnW;&Gwf%;$D@4=Fov9#BH z(-BYxpFsMZ{ep!5CuWcl3*wJM127FGjctRQa$U03aYEx0yn!U06^Kk#lidS~-4%$F z0n*;CSC`8Bi7y`mh4j3N@rRylpU&qs8p+nVpR4Jeny-_X%qKCJA+66RGU@x$>j-FC zU}1@GD-|t}%WERH+KZ??)_^u&;BuKq*Avz4T#-t+5G%Q(G(>BE?hKvs&JM&|ZB`z* zN8BKz&yspV_D2@U?8K}mb`$-1fqDlc74TWJ!@H*s4jeC~QV_<)13S`xIEFMhX$$~i zD$tFsCb?0`_%Ba$iO0Rbmh}EhzH81i%w+00-b_v+7f{!C=Pc4JvumWI;?%8Dcm44u zTaXhFlu`)mdZbC{Db?W0p1mqbQeBRkKaho5zSOS`&nIpjl<3<1pT{f|_9v`->GbO@ zu^pGbDb-NH*N}c^&OSn>#SzV4NVYA8Udg6rov(n**XK=JN5vs&ZT`3O>QCcU0Fbag zbtHriRQHJRHj!q7`H1x01EXj~oG(VErRF>8ORx7*;w((o9@e#hUM&}&Ij)R~IMQj1 zlnl7ZUwa_+`|HpBjPIjtUsF)A%Ywy>zy|quz5VjQX9~tI5x3C2qH8pmBPRd3>15we z^=b!8u|fA73`d3RfZfT#a~AM&i94Z}#6XPYvUa=n67@G5?Bj(mxTHA+Tk zcVtuOC!}*Yw;(WTM2%(TMAR2Zvn!u5E#g;jSd*guwjH8;u-d-~8Qu}NiF(;p7lh1? z2-oO~}Kosou0R=Z~TOZ%rw`{T6 zHQ$nfa#Z{ws4gvJ*R93{o>%ti7qW9)Yi`N*CszuS06js}6?bitmFs!fh|hcQvJRBK zOUS?4d3c`jj(ImmoBR3kp{3X5BV7mOB(tpkVk;*xw*CEixM#fblxI}Gs4opLD53LV z8DwNiE#r=e@nMKRZ6|Gj&K?fLWS(=4V|8vWwLy)ozhRGla@#6a?Lh;SbCf_Gg`?-M z^(^@U+dxG;(y0o)P}~%Mn*X?qD8CkOp}6^wF7SmNiPk2-1dM415cp1jEz(_J<-+<| zu)^8{chUeJH53{6U-qc2+e%HTZCN4F-7gBOC|+bB(vKZFHH-k%U+FlaCNPN z2O6=UX^~@hF&QnsgD-^5*_$(}YyRK3l|ilLxXB)r^dQJkq(P+eY>qBN>C1|U5qdE` zmA)46blJRYZdy4tW27`e(BAZF|FS^JY5su35cGpnxf#(QBX~a6=~K#7#29eunJEu4 zwabFDhiE2dOIyWao(4Qav?Do-eP`+83 zXNHr5vIXy9T97%Uzs7|03c*L`a`%CCtuTs!i%zYd<ch?V9Q=j69YsCi^>ngayo1o;Q=A^JV`23a{$G%7Iw(`*1yg} ztlb;Uh17exMZ90#`5O%eM{=V_4b{pe)5R*M&5IV#n>`JyKaF_D2h9^-Ofm&?I+Dw0 zr7Bomc0N&fYMs#&KTW?LyZZgmF%HbXhFzQrV$24SE}}*Nnk|>G2!HyTDHwF z5NL!GLX+71?cHW_?J&N!^N9kj(3u2`vOMUsI%nrm=+u*2gx+*JR}%0To`l#t?x zJo-j97x6882U4^87EYCn=TE=DEqm2hyK?8KsAf#tI7c|IL_fc#TVMav1M_<6^Kks^ zXA)o^Q3NK=xWS0fp{r!Zm)b5?M-7pOuWy7tYBfHxy9@^bPzD%X9}+mVb1OoxwmEyf zl!K{oP&&dbJYr}=^mv%qKscL+>7aEAUHg;LE{-Rc*OlBznzePUQSNp^ zbRPFE^;nOpruAh*t-ef}8vyK>)=A33=`$s(TNtI*Z(uFPj1nF|N~*PG8zz;z3xkx#!}EWz>s2WLQI+fsf2aVcTURyjoRen6_>%Ts#K+I`m6kO+_-iAQuG~nQVy7`bD zzzL4q`^QlXc*5iJr3C1#ewqW`DE;2lUZ!7}XIk`RS%4w%hY^YS1xg)>B|aixHp`E$ zt)L`X*M$AbqQ$gHhDH-X-j+2%P58fNrX-6M=4JLQ{%Y1C^WfdYMfrCG$-67+Osb=O z@mw2Hbl%!icBPeB?p%{c4@4Kx)HtHNbN*LNa0bMG81x1PXcyzX$PdBLT4tHVut0Sb zBpYyYj+Ws?>O(f@^A4u!Oag~7IuK`D?^G}!qAm-iTGXIuN0XQbTo}sc-=vO=s4I`2 zv{2M>_$3?$Tp*Sh*|Mk7NlLE$oGbb2U|W$uZco_QgiR<0tIbz(@32JP5U?o}&#q@G zVlUwRpT3aiJs~h-Fy9ucIyLStu%S$^&koR68%z-*pzGt2#_HD*vp>i*?>E6I?{!IK31-4vXX#Kb;*5_XCsO~ zYj@D*D!#}%%P6J{&PO)be=m3V^_xWNmF4vXB0lm1Walm6DTXW>!NioPN;BT{#kROe znxER;CLCPK_0)M`LO{OfO~UF5*h9+FF$n#Jr>z0|Gn_$G(KjW>ia?^0G%h|{%2>nV z@22v!bXk*COUk@MJ)ulM(->KPCyVqVtZ`hURWO8eyvOQg0S`TOfxR)2o9W+Mf^Lx2 z=0wGJ(>6~0am>%e=;*ZDTc0OnM%)aKaAI`SUSEGZz?Ay4Kw>`NVen)3+ZssKuC2oszk()H_*!xZJYA63POY_gys;VSS(NkLF`jPcdQuf8uryM=Ymf zHZArz^DONw8ZE*qQbh9Y2U0!LWS7zn5_&EjS0H**l8sICTQ*@)BeLAyIFAMt0=bbT z>r^%rME#JdV%-yTE4|vE+qI~PQjqAj09@MmLvN{4+<+y}TEi><&70Cq^w6P-5NJU- zjBu-vrzg}91JL|T-eJ0t8hFYI742bKs;m0afm)>zdgVkE|ISSVX)6OcnrpHnKt46J z{OGKuS{dre7tz`i%dbMr3Gb&y3`YZYQq8i;_SP#4J0-H zUKklJc+5>`rMC)r0F+GU35n(y<0c>131xHoi~fy~DLH|MJ;pHnEo>h9=+{{-z@RJL zXmZI$%Q3b+a0yTiVCqJQIM%C$a0|!!5%phS>=HoevCk9CqlnoCtZCf`6dL$uFf~~u z)Rr*6*S$j-$BtbUmPIAcm7mKRAEm6P`~F(SB`|S*ihQa4c?}{aj&_|5_M*x4UQO!I z@#rVNz@?n*Q5pn#HYD&r5*{I4z+n|UX!`5|Y@+(I2GsEFST_5njDxWr!U}9Ka=XJ3 zob*^}Qg`2`tBhuI9#*I(-DMbPvNMd6W|{j8SZT6-E0z$!s+%sXtY$2ivz@Fz+#9t$ zWA1j>f3afTEXGmxc(+?Fld>vp$*XMPk;<%Xj{(f+4UY{eTQI(KPbnyITIXAmFRYKh z5#L)8n9^IOe^}jD3;5zjC%7-I_wH}+$LQC_(Jkr>iA;C)I{>TnxA@JpZzx1~uGq;~wZkcTg!5k1p|}Jo=K3DHI$gPE{NpIzS2c>xNto z!2xz9os(8Iwe|hg{qO)7VQwfhSp^2Jzdcj3jFz%&u&i;kv6&+tg!ev!w3mt1pCXIW z@`oYlQLKM5-B9*F0%cNDp2~`gn9uHx=XS5F z^gEWo)iD8Qb}yu*+#G%oa-im|8h3wF8252;^LHsh35odSk>bGXYyYL2aq((I@=naC zK!3Rqv?+sd7K8fkQAiBWHl-PlD~GKHa}7WjbRJ$-hm1QiOo)S znK6w*qktRMiX9aAsKUwbY zNo@K%n_Ym&T|=h+?{vNv#&xcflh=wCw( z=bmTosqX#9eNAs$F3N1lHGhbd#I?H2Kq7bHTVRIyD5 z;?^8X?>;7HT+h`sX?fghXs;=2ncbHyu=dNX4mG^ch8?WgS8!CsEN3TPrY6>h@*IhT zEQDjg<_(NPYthSq=K&}FIK$zOjp19Uu_Anu?bOfyBObdHT;I5Y6);=mM*I?>eFBpt zA>FiY_j77G_C-$Nv4@Ea0YYOrWnAAvmQCuj)={uR={m1*M?Oiv%D0 z9@{w?8k8kwuA}-yPZ#+cT}`+d2HnsTub~9V9$n@P?!y=t%OVapw9SXVr1-29dGaXh ztQ9>Jmueg_9{@TJaWT#V6vPSrJlfX_{OUp1yd%Y*@E3YH*haZ+ zNf1v8YhHGTLyonw4dI|vr^3x6sKwK{t6=aSlFqaTG7G;Evd~R3niZfRbaPeDOw>Xk z^Ai{pgq-@{*yoY%;5@KkM1|Kbbla5De&U*fq=NDk~SRc#@JG+{%pjkVuv%q3u97=hbax7^)FuTIh5mDlf*!s zMPYG~f(Gv2(Z_x0g0E5whc|b{EfaCTrB5?f&;bUg%7~<_X#aY(_p`$uI6Ox?9On?I zV8}X`b?KGXwRQ}8#+PMI?MD6!0(0*o3EAREly0CV>xDkyM`p?Fu#1^MQmm$u(y8H9 zHd-%?$`q0@^@GoJXy+o&;u=?o&GoAl1$d zUg18qcq3`g_CrU&!o}{Ctxi~D1mf@e(+qrIK>m}#W?{kaV~iP{d57H(#)?P{-bYra zC80oAGa<#yJF4jgb(|m2!}gEZ6En|*VcX+S+p;gH`M0Ths#4*H8(JQ;PLD$5D*1Jw zJ2zZS?}66Pi^`2y%|pFtpKflA3|*ocjA003R16KBZe)3%tH+UNwKM8O2Q(bw_DpS2 zQd+7x_Q!PCrQk|Vs(#PsTmE>oQzx(;ptnDrlFKHP{Wv7k^F^tj=JQ?JZkn)#x{51? zaMSxS(87c`LdpFOT{POBNXreZLYW&Mo$~@d!F}L=;m;I(Vg#LMmndcjLmaKf2qvNr z#!OV=+OR4q_t-Oo*1cyUc((2h0uM6M8(upmd;^}7GD(VwhUg`K`4u9!`}oxd-jdIh zDlB^#cr2xXXSVCzrM@$eTs+vGYo+sbSz=)?)nV5`YJ%RRW;SmmZJUw)#RGh51T=44 z-Y3^^179}dc%Mh=qqqT>hfSx@YQ^*UBUFfDi&(86N(l(p6JAZ%*;*-MB|MqJ7@t*~ zu>Y&G{S@+4SWqXZ+o58IPu07mVwB_=V|ZZe*#RH|Fe*0N<6-?>hD8EiP9i1t%bcBtpoxK$JNgi}Q&k1XV_1B=BJ>-=8!x0dxe< z1KZ;cU>~43hsiXgMy^-T^F{XKt_5tIGNer#lp%s(C*kh`9s0#aTF9|qcD zD40?eLn_2Iw>*1mqW-A*Vt87O`e?PK+1c!37|W@WQCrkd;V)KOqFrp|@B>!9Vra?2 z3&=ES!5ZnbXI(v5@PXGszK3?{1S2qGAQCQZte{iozZEgfbK*AlgZ-OS8D1F%w3;2F z-!Mhs7;v~i?&()rDOJ%M}9;J{L&BTMeVWwp= z1yL%<8JOC5S8y)6AM_sze5?rv`(4O0HliU8sDwMU23!&u)2Yw^o*31ihZT6?F-e70 z;fVI4-}Ef>jWaork`P3h+RP$8^x3W{KC~#WJ8c{!-8NL-^2mbGv+GuUpr6U~@~)&> z1!qaQV(4Sf{0kVK=*qVSR(vT^A}lRlY5xCN%BD?|n8+M49&gG#1l~d6#2VrO@5~?o zW+<28Dd`a8I)V_|QiY`lzSP@1)b5;M>~qotc`?z{O8%CpBCJk{;l`^fq3gMYGPrTc z*W7xe6CgAoHBWS}?XiOry6}UItGPt#5)y()Y@v;oI)b!!?B7Wh(@pD`$R05saH{{> z;V+|pdSB1Xja<#9QtHR&m+#SUNkaK^3rB;#^2V99uGTTUfK-sF!#_M@*RM{&nFQw& zu?Pt}@Ks>;Klq+_NgOGA3KZHt0)C3rRol~uUji)`!F9+JNNdO~ci8F(%!uS5Z%u*l?_}@kxP0 zOj%~V-4d;xkz_avNlrw2Ki)`Vc~5sSYyYJV z|KRHC1$}|9F%Opepr&E`U})Rvpd9gkIGGr7Mp4>g&JtJTjr+lEjIT^X280FkzfM&& z0P?Jw_SL7g$91LFZ%rIuB&${)pPwV_$eLJPS&n8a(lHJ{mM;5cg@ zq(2kC987c7Q`k}&lyc};A+P>4ldRN(93YSHADbp|egK#~MT4<|w$c&Y6k~@Vw3lAf z@Thh*3)Jt>!}s)qgyr{W24dkuWpva2d677*9!EXfJ2Ex=UfF84cPuZMHe1ZP=oMu-oFyOxz=3^@!A5cg~EdGLQRJA0aTd&jvZj-T8PUP-fHXuUmDoiI3XP zPAqNBCl*DSH9(>pU@SR0{UKCA=R|s&TGBt^Js}gPT`J@or}xcod)-UogN%GM%O-nI zwi|updo5hU;YIpb+ z-#_CA;dsVQY-6X^KC5D&iN{c4V^2!o`39zi!e?o zfOUK(`O65T8!B>t7T%j?)aC~62aH3l%D%|%vb=B3;0d`T-Gr*bIYF*kzp2 zYlNCV*|l+v<|xu?j;9XT5 z0Gpf(4K-T%!0T)cXCmj>qau~HUoa_MD3+_H{O0lfNBY%+=i9o|E=Bq8f+I?yFDP5j zlrOUOY0K?Ewv!f$ny-3y4h_N$IRf}1{sWO{bz2{DQUAjFEfr&n?L#k|JZLTLr%>5y zXjq!tTv>qiR@KbtrL1eHSAnCw_jWGo8>Cx=A9{^R{Xvk@q{G9@5nS_SZTINZv^Bw> zRG3+%rWG>lRqLuy87jM+-QTtXDa)&;Zx_nqVc%moR23+w6Af=4Y+}L83p1Rph0^u* zvn$yYGc)&xY83;1A4Z$l-y(OLBs(d-ytBADB#8WVtAFR{3MIT~u%{fpiP%iTFpH?< z5L?{;J_xT9j`C2y)jopDU+=G`i~uuEWE*3!@zE2{W{B4GqqU)!0s36(*Wt^!V+QDv zYw>E(R{jEg_rTK>2z_&wvkY2Zv>}J3OqvLP*egI1k+= zM&sZ^)N{_rHD&4oN3?b+787}%@4Eii7h8AW@&tDy<&pa3SA{gq66OH=d~=b^O&Tru z22gg_T}OEt^ATI~OI^+@829n7de%cbw8k$Vzpfm~9sUx&gK`Y?idEUU^Dalow^sSf z>;xMt@B5o*q^(uZWVDj_EEEaJH;_r=heRv6M!HvEgH#uejIC2!-ZaE%X1~@&QX>sW zF)Wj63SFa3O>;DZ2AV(|Y^JNH zw7}&BejK(S4O_c}46)mfTWvc2A!pSp{u>c20`5AQ?}$@X{g}cWx>>3l8F@-dD01nO zc}f(a%~013pE?1f{M6g4<4F#muJ0rk$SN9Ugn8Q{L&pyvTR3xn(`?G?zbK7|YuELdeGwAF^a z91i`GE?$3?>nFM1HP%`it4#h8T!1wOOP-OlN^T<`_KZ65;0jL_@F#dgLf`8R0~#=k z`Tzi8yTUFpMRe}T0!nGAKh+YcOE3sg5Y{6BJJs-ez5ld*7C#KPG;LxqAm@=}_h=8X z$IKVBn;Xi?crxCE?2hDcE$tdzYuN;+j|fb=@UP=cBG%t`T!X7&GI}fQ<3Z z>%nnC<`-Rf@IR2#NUej4(H>-Kl0a%TN!}12+PE0-@N7w)9m!tMNvFr6gh$3sYUODZ zYY4=D8NnpaNH7E=(oT?EPG`V-$q}>;%T!X%0pkp8mU_f9>x%MgOOwq~WbN7Eov?Ss zEi1=|w68S-_vGovqmey0hXkMb(_X(m1&e=UD8?;o>8 z$y*zC8@vw995)&VJ1rV2w(v)q9vrrCL0E=qbK=v47|W9*I`D^fW$>3246HrQ6)}40 z0B%q5I>wA{!5xoe8X}^;@AJs2Kk%ev$%!#EMfM9>-Lg4;dxM%g3MYb5_Za96p&21* zas=+*zcdoq&5gwGg2H5v=sO+oMXKAo+1vKd1y+x7tzrO*8EYX6?j~N*wn5C7hN!V3 zZU%GpLYZyg>97{_;QX&wV4>p`t}qeNp1yBo3PVIjG!YX=iA>fw$P#l78g;U%V{VwJ z@nssy5BSpv4t_iRP=nO!LlM1K&2_Og;@{E$#;A)=_m-B1SrHueNt$2+iJ4bHw&C?t z!^3v+vCWg?VJlYP6!ww+w<|7@jOjjpf_vYq^I;x(AoC(hi&?~`{Rii?f4aoq z^P~C!*Samw*p34JFP|EI+}7U=&0J*(a?#pk3_(lC+N1AmQw7u)htnqF!XAHp6a=qX zQ%+jcI^xjTo4qsIAqDeuBUPU5;EqdSh#A6ekc%tb$kqkRH+kV(WzFUczGmy#}q* zn!`*=j>#;eyUW6cg?#MR_FA9w;rw=YhlQkhWGOWr{XvTwAp1P#yQ};5RcS%>0rhmO zi#v`JB}$U*)U}0q&KF*n#Xi@Yh+EuDN7%hXGc@pT4zew~X{)w2FcHt@lX4Y_V%3jVBlaiXVW{WI>G5LALOo5Ae{f^r>=UyE5Kk|At25#vq{AP zNerw%K5avvr&ph=p|@x!Urmh58))}})Bkh9fCir2oivGX=h=^0BUT?bgdHkZKBP>C zDLN$_nS3`pJ_q?-O;HWuQeT8~31WF#k#t`@T%veGPHs~L`8a^CPlQH8`Oib^_cua)m4Dh z--lzNhyAXrX(P0F1*E;LP2k^{OA{p--pD5(#9Xl{Lt-FbMz>#m%`7fkpFuaotnq+Z zc~aUW!Kj&1^ip;02vyiFm<)zd!NQX8W)H9tnXya`eQ0NH>$Hl;rH{ZVTt`udM=_=x zO@wb2r?BwRo^M#X8V5*$EDf3S&~}|VMUiIYaA#$WAkKdYMJ2$Bi-FKg5-UO&*z>_1{ZCdw(=<7P4%3J{)E|jL zf||dpjW&cLbPI7pXp`U3Ab}#Z7s-%%i>n?MK9DWL@1MG$E$yfBXTA_q*P{!fDWGarCSVD?#z*hM(%hqw5=TA}!Ynmbhtpc*X znl(eV4)~o9TfR>JUKNOt8jNnVU z&vmH@Ms&;rM)kiC4hUKy4BBpiCb22miw^SgAoI~B3}8<_n2!sD9!`+*lL?NNSU$jS zwtibqKHN8KnO1IkpCx%3{MA&AJ|+2j@jzC^p#hn*UD82{t5|ZHOKRxcF3PK%z(?Bb-o( z?3%JLDer>4^xfPPpNBS%KcSB2`XqyqJP+ctiGW6g(c9hiv z1m`a16#oEl67i^}J!|1icMQ}DLR{M4YNBjv`DD;!B_EV%-jJsbw?j~;s`EIr9uDNG z%@S!$*Mu*Kk^uQ+X$FggIe#qj3Y_iWgc#yIY#leUKzwd!>Q5dlo=AmGqT}6&Scx}x zY{hLyo(<3>bR(Gbq-Yy_xY34@e0kzyOw|AQ-LpXtWk;J378>J`w-#owt_h5Fq%*3_Gs9vTOiG5Hnan7oZCY!QOtR_xf3)MuTPD zFl}9ba&Xks@x_UHEOfGq4ywsq=ZhFHJ?lD>k&S@WaqY0pHnrih{G-&2$y4*%!>7!K z31n%DjWkObrT1&#bvv}{0)vcocB_Iz3xPU!8(2$<3dVg9>fIX-jv@Lf{Ni@Ofwmdk z&$cScl;grp9`{EUa30SP7vSFt?ySEYjLX_Egf2h%sZT!;r@WK zSN<5y;%1nH0vrYoFCSiHO*A1d_Kcg;5QdWiuV0OH2g0jXH*8Eoo;ziIGa#h?+E(BG zrjKNci0NC!Q^Z3dvWM}Ui+aXjAPdXS{2O;py_4$4B>Nom^IhQ7_FdRC!}%qHzNIYG(7QH23h!hGeVkpU zyH@J)li3u^CCunY5-b(;$O=&P)0f#1%(-QSb`$v1$9Eg3FM}4r zEev%_ektH8_c7@@Cg{Q+!NDCeGSAuopW=Wt;-mz$lpy_I02lpoQ(0g_c??R|B|{Z_ zli2}2B{Y0Xv>PqemdehzbKH*a2ipHGLO@GO4cnrg;i(HRc;Ls4k+X35uH19jIOmTy z^ip=U_51#OlcF@bMe~>v@~FM-$OV28b+Z)kaFEr<>2LoRxW3R>X*6jLVW@-NHhVOq zs2?B1(fa^};i#CY{2!HiJ}-x3QKiWO|26Sl+=_xAn*u?`v{sZ0nDvH}{lTFm5gS^| z~#?mgTEXwZI8a~5_ z=FIZKmh`2Xb@Z0|U~AnVd@i$K1#6POEiA!oau}OJazd!WmCg>UGlpgd@J?m&)v7=` zZM970is}JpbQi~L>h56Df3BfHFn2a}axiuFqs!PQ+mEuK!qnI?j=vZmOhKOY6uhq) z!-l3ndB^qUUh^Q>(u>%0ruIxg#w}~A8J#Ot^J?Devvpq(?j^J~eKG{j-;_0EFGrlA+wyOmm9J|H&(;gDCJ-jLcyJ6;q_9zGOD(3k$dCJHa^0qSHpCJ+!2;L?U+ zg~&XLogG9i&qAEW8vK`?>Zhm3qwh<_`r6uXGBQIbDV!;h8>AMOk8_xMH0|#)lmsW! zd02xRQ(!Fs-tD%8!k2aZg1Ea@$2hxM*ioxNKpWlQ=amU|d-#gKBm+f7KS)zmLf&Z) zGKe8k!}pOj$j%)ZNjCGRKmCLthHrt}Zbkp+3^HvJR$z?w(#XAV_4^fUi7UeTh8wm# zP2V>cM#8#8WSEx8^pCPsv4G)qsP70NjjknyONpF*GUd6K$ZQQs|m7!_}C3s7(|?j_^a2;NS7-}KK@-g zQ$kB<>JwZiq9a)!9Q7ORdbuG!CI@@{hc+~syev?@Njyjj8o@G_;Dpfg6^c*R&T0#^ zZgCYjC^%bYmSWqWg*G&Ht<65FFt~=lG&4Q--ebsj8sqMs-=z5+rB(sY2RrKVT%MVx zBiHu8#Cm*o>27fHLl=6rGYlxWKfR9X^by1$Pr41m2O~hOJ&21EzRu;>kV#U|Z=&0^ zvUwY_;j5RAe%?tVP>#7jITyp-7k*$R2r!-<&?qd3owf@Gh-eAR)2Xm-?rouE_t9ww}%-u+?86ZLVx z^-~0K))Y(vspgVdUbLIryBHuDRIu4z4Q5>YrKr7eBR*z{!_r!Iw7UqQP`3QRTpiGE zCSRf=kxsF=f_R+jtbjz3cfw+EKP@npPf?{HwZRWsprzI_uW76YBqmerk-FaQ%%GdI zknsli9~IS7p)L0-Cobd(his}wZ`kAAQ=tX&kUj}F*3OCx?m=^7Qa7R@2-RJ&k3FUG zn5K!apq||Gw~r1Xz^O8~z2vs)mIJ?>eWKkd55MzC7=$gW3t+`p4Luz8tMj4oLs`mm zpc$=IUass@FUzf(lXZ2KS-xytsMf^noXhQziu6}bt^WL;YeRa2YN_y6YPoVuy|A_` z?_EN@x~V}K;U-`u=saubf%ZF{u=@Z^GA)g}?7q}Rd5S(K8COOKH!n-c7hhmc+Ifyx z`mx#5pp)7tY-$N1rv{D=$*LRY;o3yd6+$_*ge+05#F29HcOm>6IO`cIV%dxZI4)*s zb4)5qY`NY_tpi51T#|++QCbCFRzy$&7ZR@H#Z;W(2ozi)nAR54|r0V|v^q}QW7Ix!`EDXx*0vOoy9 z0Z6Yyv3UScuaWk;KGv4`L6b)7_sxXi+`YW7*_bK73QY_g2t_Kek~Q^}K>K7-H#H!` z{Ycq}<{?;jrAA+$M~%D)hAl4D@oIniLy$B6=c}`P9*!$Lwdhry?=^6Wp^qz799ukI z388XMd!_{`(4r7ox~(IAh5OMxzwp#+Pn8b9(KEk=v<6_HqOYIKjv= z^JT}a&j_(XydntJD=_~a{yf)X;e)sN1@!P=4S9`7i(anYt6KF0x+)C5H|Q_cm7{X2 z_;t!9l#35Q*@6S}D~n=?Z3mKSPE)Pu9i`Yng}58vb)3c1m1ns#S^VxSLerrv2?qQ> zWH^$=?}4*Mq#|a(UuN|Ed@E`6kpB~ZT&s#9f?(HSDYn0%Ip5zT(n`yq|Y z7aZ`HSu9wEv|ZU$eZ}!KL#$0peteBT^k(S_@5C)m8?T;`uMRNNt$CU_E)bKs&NmNH z2Lhr(>P^*yxh$HR&X;jG!^{kOYcI69(Wz|k?m{NZn~x3VQ4Adive zD)Fr%U4nWbXYM}z>X+wvbsbT<_;GgHVHWD}P8=!;uklf#A3S0)^Plp_a!Zu5CL0L= zDG$W9xSA|nSt>%J->LXZJu0{wH%zPH?uaQ~C;6@|A;qlt5xuh9sZ1;A_w@3FkA>~<{XsADb1q|E^(TJQo(a-I=gON zw^Vk|AsiW|F@f=|d_0ay&hiH2v7EQZIJk0&Tayv`gC4V{B;kUQ4enuE=H!*r`2d7x zyR-jr0KK86jq~%umX>IWI^!ugf!?Y-f6V)%f&KkNb@nQBH8{D(Y~`?^-I$2755)ld zAI-!<6;WCnGnNWfO**yk*<+J&eS0c3X-~|~HW0e|S5}Hzy#Ee2inRgs|H%c?D9&xv zkMpks@Uvsa=6fE}3AJm$TwG@@{9>;6znt~8!WzcCu{cSJG6Ps~8iU=z%xUN~y9+Z3 zKo6FruS5FYIwOutk3=zgLBXmZ5~uo2@MGa;uO%H@*ZgWRcxGgMmEYM2Hedh!UU=(_ zzG62X<42GjUS)$c@WH6PFm7`3LK^*9dE(hUiMM0~Fs~XFU)pSrpYUGnxfgh9?AjVR zxBhuAc?n_o5!WG8rCs3Yq|0^hEapP#SLV=Wx~tpPG5n1XfWE~VuEodEbXD9ADWrym zWUSl|ss%m&+mGg=adTz|VwIFpfoVxq-A9|g8a5kA54|N+W0f}*mC5Z$(F%{z1mq<= zGFT5zwEr-<&?4q@&$5~%!D_E_!D;|`p3Heh?Bw4i!CuB0Twnf`-eHSKs1%cAGirmR z%;{=F#4{QVx_&hU0>boDUo3 z$TH4^pEmU-2+K4~%SCJmDSKTKqktQF-qQD zQ1|rSV9wztq-+i0Zko#x`hP@SRajn2uZH68?(Xgmr4%SG#obycTBP{G-QA_QySuwX zad-FPaK63w`P-{?GtaY?-;6Szok97B5HBYay$5$6 zYM@EsxI!CkqA2@+j@OTu5@Rb$R!WRr-ZC|KAerh!Ho}BMMIP2S$v=3kX@p6nG75(Z zdFZd2!?{JtI%7qBFM|v2m%>m^CzF%nR>YpxaZI3bzT}FB*@#bU(EWDzHrsN2sqT!{ z4TcE~tlctPxzMRXF|IW>aa>Ev%ym`kAG`!ou$pvCx$K~WL7z^7Tu3ttjKOB_Oql|yTHrNkmPU4hxGC%3tERij>QSR#QqomDei8;k}l{McC_x$!lTb} z_{Ezezh*Ir!VRIPR_vLwC(C>jin|B+T2a4f77{45wI@_E{>Qi|?-}}5qm0xBbN+5i z_a@o3@dL8`Nw1lptnwbbA+$Ma0J9{vk?qP~MMs?N(d{mojQNK2f%7AN&=I0J=}+$w zL6lVYISwvd^j{JL3eSRtN4$*IjzBU|{d4k~D{s`64*p8)C7?p=)XS1T!uPVppnj`9cEA=mpp)f;@&Lole;+DxF&kNCrccoK5Zo{Z9FJpjCeffpN2xamJGT zUIqiwE)6E4t9Sm7Z`P)-^_x42s&u7hRgSH`U>(39s$PmWx3aQ-bE%( z7N+^ONrdA3SGxQ5)T_JfhSH&$!HJsLfUvYvkTLxq+_q6;>)55bF~M_(+oU42kgIPYCU&HV8F>=nA` z{KvE6%}4=q1EgaD;ccUh^p)X-DYoOGj>^_Q(L+$h2}y*@ltzea7m#vwo#>6!HJ6Po z(_t}@PtalyS+M_*REn-X5&?3%vcWR{3+DNpZuzYtOijPyKoX}L(gB^7&@tu; z3oz`vK8U$0p2msLA+EXgaqU8hxJld3MrY5PGhjpx`*{pmrFTJ52XeMNlx1hCHI{$+%S1EJXOGr~#)ojz>5I`UA(E0mV z58iC21%75(s>XK8O~P!ZzC}gTIDC$bon@7;Kkf`fT`kL*kozAMcTq^>wJc3%pR&b@ zU{YBR-dRJP{{sl{F?ZGYrN1cpXiEdnv)I9GPq?^PXGn9JCYNWCZvjm`3 zwtp~XmeWKQ&yLz)zmzXC=mYJkKPSD_rJ%L#048Hke%>GO>j_;#b8ue_=j&|zwN-Eo zBM3Vt&<;&Y^J}A1%ACLo)F`XV;}}MB-a;W5F&GD@26XR>)dT3w3%4NX{tL9!=l|hr zg8W1R52fZ{e?H3jln0rvH0NaFm1A`Luw=z?ajRoSCpF0zIIMRv-f7$&TiEaI1DO^2 z4%7ht>sDn|SvM7mvTs_5VY(#KyDUh?*SUxM{uNs3yHAbsF=ZBn@AmsA%x%!0Z_u(0 zs!~`6fbU1zku94AeC>idas7HbxA0e~>s>%Ukx#eE_YKg{qa{wB__Kk@U~l9eH%Wje z%Ad(`^ZDMdTDXjpM>xAwf#z@vqw5i}z9&{uK4mit%N`wV@ZLmgRPTZM2hohZ>}k_h zy`h!+drgx6M>>~7r+ozk)xsvms_t4rz+)6r;eBtoBfYLp$4Q3;vQ8b%-Q3UWo0d=A zm%XZwK@w}Kg?^7U=S%X$`Q+VH*3U40&`0w=0Rd2$GY928la+o(NBF<|q2rA3rJE-W z5Uj7`G=t;WCGWp~G<0Q_vCQZtw|8c&rF37eIQ|PMq~KJJai1vT2HEad_C{KlcfE}EarTq_ zYRFH8^jv!eZ(&n0i$G0yIAnK}y*FwE3=DSb2Wum^v*s#p3I&j4LCgLAU$SMM6J9cfDQYOzZN?xvlW#r9?%y zR;iE(=xQ-w&U_2_n*3q(Px(EaInnq6J zw2p_*w0_;rAe(~EX4RuP{D}&_?QfQJ@!7Jfw^nwqG26iVu$Qs+l+)frk`j&`SrWu^O6{2ddCwQ~r@fMRqaFT&p^EB&R_$KsDW$-=GR4MbJadx!WXf zWevE%y9fH?Ih4yo$YAu@18HQvov+j+3Bt}QcP6L}1|_^|np~+#xwI^}U9GRs!^{Jb zK!Q?5A=wx4i2h*}NfYY4Mn-hqGapF2Bb+ekWUAJ@;Om4v^0nz+7a5FwCOMx5hne_T z4LC|zh%_1G9~z{A0;6#`L@LNm2BkSD?7TKW@Sj9kEPp^drD2DusK1c32D2d-|9;eC zv79wZ_#z6WB!Z*Rf8}Sfs(h8J+AW@2?OYyjw6NJA*ri?}*P2t1@^71YCPv5H!I>AL zoVFaV8u|Nn*5;c}?Lp4f(TEYiCONdrWjH#cadNGN6xlLtvz0k)^s|;pLNb`$VWK={gZ-?)W-^ zJ`PI%i}$%_!VIzru9y&XZQ5?24i(YoP+}BEwN&7nf-`Ut*t5NEVj@M&?=X+)pllDN zB(hi(<%`Trf>`aAmem|qK7ZP64c`UxNm?wxsQuf_El>8xlTBat50afFa%*NvyR^d| zp2Y+29eJAHg;zsVyAh$iX_9=eIm_`B>v(y6Iw*hAy;ZAcd7~}(OjG`Q>O3rwCAyQl z1wW_R!SgH71OC|_Ez4rdt2h{RtB-8lL}eh>PL1Gu#vUIXNp&YD_+>Bq?ch~hsO z5p&7atJp zuJmfYug4e}+#Y`0j544K=YTGiX(1>_5#fal{UeIa0+_Cp20sIk(q7bH`sCp+)G`!C zz9GUb&ZTy2MFMh7TT-)Hd#0HZB&G)@-gOKJ&w6c5k%)M9o{f;%W(`2ot6SUqZJqqvD8_h&8)l)l|21FV8&3jXtO8=&$0_xSp5-hJ@7 z)2gam{be)t4^vT}xn$Lw2weKKeK97OI(2eGQ>PbMkXxWG?GYL2xqeC}B{YNL0I^)klcV`GtOxlG&J-d=|Q6flUK_d}|bF6^B}4Y}Dx z9|*~EIqB8O>=Jv1cFGYO2vh(4MDTT~c5Mtn#ZI+@ys`L6w@AOb3TJ4$V>VBDu19h;VtIKjBK5grO|;Y$ zYj+^?I~462aBe`uRAy-Y{f_xfV>{ga;@td2sow>O_fE;@?m~O}LSDu3^21vr&GXSn zq4|aKv$lsWy3`A9ZjVN4wdGYC3^7d&E=5D9UUG<-Fq2&4Q%L+h zv}>BMbTrSrRD{iR%Zu}`Yq=#RwOT`u0`l>5em*LTrdWvbXsB{DPv9}3-z5<;)$^p{ zGJC?X8hg6bt;~nZmg-C?ed>33L6MNVcQJ20j8H7JoPQzaj0CU9=AYH==Bm(gh4-wg z{4zQEvt{v^7N;*rK(s$;_6}?nUBkx$<(xlEB2@9T-cXmZTj@0W<|cz-UAg295lDDT zHhzx=v%HCj?AD`s{sD5Z7fZ5E>3_JN7W-Dw>N=s28>9rG2|t%qA()C^0-t_dTulr& zf5kPk_h9@vX_-X!8a?kKNp^EX6RpdNpW~Z&FiY@+gnf}4+Y-E|KBjRsbXkGT=&U}h zO<)u9v(*)zUIc@ZeRR|m!2ikJOwYb?U)uzmX-)7;0-7+B_>;mpUTVVdStn^5#15j9 zsYxZ2Z_S$RtoA*qk^Tn=$b!~$(*JwP&@*UodtrW@aL+l1i-tGYt{ClYv2i-!q?VVa zs1SV>D6V8=j9%PFQ{KW^ZYE81JHOT!^uzx-nL1E>gm%~^7I5#mUdjxZG7E0BhO{5! zl~C-#v{EDm$TSoy6GX>)T9AEw>R>HEltKEdO+)(svvc|T#jVJQ=mM-X*wmrEvu3ur zt*bsW&`=10DS!8k_9n~hI6;vEv~QRR@5fXjY?i{^%zv$J>w^oaE#mx+1cY|#;1GZw z_acN7n~HB~u~t32rmaK2T~d`*C8^aS%cyKC{d>B8k@GHeZyJP>dOcif%&o)nZPJhD zJ)7aa&D1J)giAMYIsWLfe>`!&TKRWCfBVd^T*Ok5q`<#}^^C{kDS6I)~8OME!|vi)GQ4!phkXJhk?uLd*m#U5rh zypu)-&Qv8+b@1WKg)btvz~LK1i-Go^uFuP+=F&*Ht{kP!%a2lgI4<=Gq!ZW?g4&@` zUl1fSn0&sKQ*7A-u)!62hwrvH#66SxuSx75Ix6%)KR%~=Nvy3%apD;Mllpwq&3<(Dj3RMk!>9$@E$9}9OBp>k7{H~)do-PbGv$Iec$D!&9urY zk)9~iX--%pDu*g(+cEd=rNfO~Zk%c9!B7K~N~xAY_1|X^eyvTEjdgyI4YuejS|5D0 zc>y@Q6^5a*l1W?eCl?lsK&4J&dII#(Z|QNa6#hMFf-78d`A7qlUh2lGR~9PbCy^* zqBR`VfWuCCdF21Ri9wh&Mci%Hdm zAoQ30CC0dDOCp3R)(b-1Xs@^}J0C4%M!=C<1{dr6+DlG_@4Pw!7_#1Ri8 zHpCAWx@wE)%5(9L;X4bxe^vS6l4&!~ZXgolbq|0iq+LA{8n&de;PV#*>*cw|_k5M# z^tI)|0vXRz*qLe_%}N;l+%vLp3(3*MSvfJ9zoFCOGn!zq)33f z`?$3RU$F!%{|#oa{q>anH#k@8&4Z>oSfK{no0aY<`%uvd?fXD*n9j6#8+O{8&a7$i z)GJ+*ecKztKUTJ-gCf*m9h?EOGCONJS9z|iF$l1SuFi~?$$XS=s&^r-Xs^)wFOD8Q znUqUkaXJjCbj7A%F?4Z&CfDkVISBa7m(5d~wTcelNnz@|D@#WDZ2<(ZJnP3NI;8PANaL-4=p!yYb2t^nP_^w2n-^|F#09-SPS8%%zn

    am z(K`QLn?iX0qn?ar8$U+oYppQz_v(z@R|_)5+Kc?nUgC&d?&WW&yF@zMuRRD4J4j6?&o2f4#)XSRL5d3I^6SSKcAXX?Fw{9qtFY$OqAW7cpu^^bfnz&kP@UTV9J!po>hu ztIlVLMKU}*$cN-a8Ib#340q`G{`7%d(dxJ7>f{*S)-6bfg`8;e2y+HLn_{F{WP|fJ zml{-4-tUV~;`b6^ zA>N_QY?q%7>(8Lb9na?3+6SlmJA+mOh9lB*j7`bOO4wEJd)rxzFCAll+VBAnNVm_} zJLLVdhlN;Ec6By)#&gA*n|XW+BOe@G9yhM$%c}H$JhSx}h5Ah(qHJ0ry4?e)fvVY* z)iI67u+~3vJciulLg%dPgBKfL=s|KH0Sb1+$}KBI_5WSP)a(x`;)cC#T)2bBxAP|r zKt-yfaDH2DcC;K{7%W%VTj{247<19g*w4W$ypgtaN{(aIM>)b}{yjdjC8~Ryu1DZX z)FN+R={*r={4W7z1OrayVrdrWR1r5EQzGozR1i2OZ7Vd=-SpyN-;wI2))TKB)+(NN zTYVybeX>BQ%;?cF)fkCDso=e8ScqUmc{rPixo?klI>V)^&l7%ktqwf2?tWK-W^X9s zpVRc@EqB{wn_`tB9xF^^iw+-&mScZ2wT4cO!a$mZ1LeXAh4#%I9dgD2Gye3AQRF#) z?6@+m=0}DpRO!oYaB9B8A10XR1i!G)gJjvf;IY}T^lq*>6cx!C#ohSijp{xGGo9h+ z?NiaQOqj0Q?od2EZ&lBuK8$XThmD~-lDmrl&uv6V*7;uiVio&Exa>3}6R(G=e)kecmmK;!>5{&8UG8u(A9Flp|8gDi-({DD;*fRXWhq^f zg($yk~xoBP!TS`7b+ zG<*o!U<_oNnpgoSNw84u9+rclCr1kc5$|LpHObr>i?|`6_2TDPJ=KV7!KB388fv!h z->YMICCNi_FAe+5U`lwx35OFnN-*amkBt_Vl%xBTD^MZJc#HG*9&7VJ?DZo)+R_ew z_jQY?1&#Y@5`=@CSQ%W9ty@79hW-jQXyy_q@OY;$*|%EG)_0B&d8IlN;zy7D^H&kVy=1luVRd`3%`_ z>U(5aL)IdcJ5TRaX_}D6CI42=qEr+~lWSQ0O9NFhsZ}iG(^VR;o?ox2`&tWD2xa{! zV;AYC=X^{TNb+O}4qln;fG(%Y2@12)RmDwl*$(RwNE5Y~+@E|;!oltA!KhNkvregLMJ4zxv)>7BWq^93({CTqZ~a`j?i- zW;WreH#xPztE3urv{kz_6m1*l^9AF*3$+3J>`&?kP@7U$IK1S%nAm1G#++by62S*Y z4X%TQAIBzyRhqo5HEXtZ8h?8p;fNxJFE1xGLn`i<1jb|sL&TOs|EIR|ZO*8*i~ zK&vCy`Q`5Uyh|^S1=5gQu`7|;qS_d`;|jYfZ_nXE*5bytfs4P-%byl5kMs_e8h&oW zhD_Ar)7A+qVge=-vXM(AL?!{xriP2c>f-`&5aCrR2w?-)W&Gd(Ra#C7EW$3t`;>RE zqdIn-#|?fISlj5mNU(owPTN^8Qi8)HLL%>kIWA|2Y%W0}?*mR14QEr}hJj5|_iQfT zDa(KoGlv7t$T_~#nUwpYAs`X(7xSVs zLBkH9L&MJa9g)spQsjLYX%wICZ^YtdTIc8FC-#2E=V#EGnH@fX|GFsj4%Ua_0jE>) zes^^JORqEYoIWN!W~rk=llo^=DT&|%0IXw#3WOvmaS>o+J|QQ5R{llz#;Dx!@<%!m zha4|Yu}|D#Sq@%kT=qL|Cq(GKvBF3%2s4H(2ov-{E!C7E62`jD`Cj@T#qXTMB`d$Z z#yH9jg+bB&=00u%&yx46H)ofHRBwnjqYlw5zls?;*Rdg^>_`4vTVUDD-;7xK(l>Zw zY$?iy>Xe^UPvQ@mur z-D}-IrJsNTZ|5~?7s(bO&&>{wgDzu)PQuAG&RX{6gF}!{_Gnv;qKD*vU)j4e*hEEM z%KA2~IP_8#DC|Jvi{Z(FM*m$+T0s3Z^`H;3m1waHP687}Whs7*pBu5*F-)p*saNV{ zFUKi5J+s5kfrCK$Pfa1TUEM2`U4gBRV@ni7*bwf`R`ar#Zh0(6X#;C$`poJsNG9)T zqi!plYI{W6AD4e36tEXo&mw^_3&?*~*hSy5`3SdXae2$y8$FSa{YdT0WWw6MrR30b;b@8GJ32(R>8*%IGQCJ197(EZzzH?3LE z3Z+?4tK-{C;wLyW?!({8G@95V+YB7`>U0+MLn;lzR=-cz^ND zW&yVPixW(B$37|);{xz9#f-z_qV8!K#u3ui0``wEN<>Q6)W&cp z?4Ei5r&7k*7obXcmf7(0*~!1=(^4_rd8wxL(xh{2Eg+D9Fm8b=;Wa^t$UmvH(SGV( zq5KpKO2v~z^XWFVE>O}WwJ)oJ%Sjge=HQ$W`duO10~o1oRw&VG(CUa9f8(eOQ760J zz8bWoF1{(MiTl_AZQ7ai4Lq(NNHb})Yp^|6hILT~-%qJ7oeOP>*zw|)>}xnLDj z)Up@rtrZC+QZ&2nczWO`YhpClr-Am@bDpas&2o4m&gPvM?&XJ-!n+%Peo6R+v1*t9 z)HKe@AzDifP)Ap*A7RDEpsmY`ZJ5?4NC$@kyb^fw{dSYvZ9JHpM7wW4;sa6Lf9H_m z1nKR|Kua>?LtRGooz>98WuTiDrL}0ZeD?nI8=mob5JyA;62`b)-XB^kDn)TLtVMbh z-hEAonb(4^^r)6wbA`nz?~J`rgSaaM5Eof$|H)?}Kp&Nk_Vf#x>WAUCfrYr*Q0}K0 z5C*v4aACJgBg!Z-BUplwMXruT95JIxe-iq0aDj|}maNIEO!Z+SlpW*eDx^h!9T%Q! zvO2PBxH|G-hx_iU2+jNaDot-d`wMBoleP6jM|BR%4WkN}!lvNQz-Jwit0O08{HQY| z9AmF!SB>e(F7@mwyw|;8Ie4_O?P36C^88`mlz&e3d@zo?U7bRQ5Ic&d=(+vQc%KI9 z;d0^Wdk85!u>y!|8v6uej1m_U*EvLHQT%8p^-67gudRIiAQjKLM2zEcr#Ww5Fo=to zZ<50QQ5Jx>sp$D8$9u9(4p37U5>b(AXm5sQTZj?Q?zmqzbkmTR>G2=GLwYVISByv7 z-51TV+`Gxv=JxtBjoVz-1cO@p9OeK8d5aJ| z^2vrr(1``G;yiuyGHygM))FN|-P342%$!VP^lbAcJhF@4g5k^) zeA~)fs8K=mHt;vZ#&Z_x?Kwb=&g0gmpDJKb&oJ-ps714PT2Ad3ndK*4Jp-iG(x!>< zRjvMM44#r(ScA0NZ;j!5$6b2#OsnCdCTT)kSuGQ>`Rt)*eetE30GT}=a50?kS7~9% zsBgMm_-X8JVkfSf6P2l4Xpo1R^S8~oqNp`^$YOb-L%8la)ajYiIfWz%b4p4%b0`a>#8h`9o+iC$j109za<&Nv?o?O;1BR_ z`F|s?&Q^UB>g$qPIeZD+U3NU$?ewSR#ZLo|&DV}ColXWp_vpM2HqVs)^OWq_si3Fq zL^O~>X(+WnBGzK%wrE9vt#1#&m0ow03%ogDe8c{OKvn6V7&;Z}LmH&(VL`(Ic;C^M z9@)H*w2L)v&$qZ>-^gN5;T zOEtDg=irvk!7W+MheaT`8|&m>Vtjq-q>H>otE5kzGiIf>X~-Xyb6!AH{7M+%h*NER zP)i)cKa+H&J;xoe+AUOnMR}X1CWbfIA3(YI11p#4p*mZ6EDGcN$JN5SZ|oaR~o zuGfX92BuzXqyory+b*Z;F^FVTn{Od8h`(LUmu?~~6e}5)AgptqUJcfM$Qz1BN&D)F|-+)c?4oFN~a2bLgB@zf62O0W1H*7W`s1AdsUhTDt1h3m?DO zl6u+MAJ0~7SwZ11;8WY2Y2=kY`Ur3J_A}>BmFH$?#$3tW!^f1B`xjd~+~3}Y;xNq2 zSCA<3QLF!Vd{0&Lwi8EvU<1v)0t+k3Kh?_zCc-FY8LHWG8=jLI*SPg}y${D>_$v(a zkJy0#D2+g=)wE8kF!2?6I{(zRD#{QkV_h*a_`2$7r>8|JamVZRmz$ct7gJ|*mS-bL z(JM;1z|76N25&3>voly5d{X560!jYzEJ@1W5K<5>T*^gZ7xxMB=Yo!%P@S$(^}6&A z*7vlQu=tlx#HZZX;zt|XZ3052DZ!lpzo#5ouP}NbA=h{!BIlnNp5k&b^)b%4>%+x; z!v%bgG+fT7)*m+4H|kj?lZ_40%WmmYETiU2HLCFWx<1bF%Hu~xWl0|*~i+xgnBNyiJ7 zJD!^SWXxzM>TGHAw!&^eLpN8?&u_GT_To2kg^*?H3G2oPk zk7`_707HCF>P`j2PSYc<@dl7ksx$4D$V0*UW@Wx@0+3iQfCu$Af#J;)=lZ9##|J9PsQtYA^ zrd;I$vyjR{o*O5s@^u>6=`Dx?Wp-g6?4nNT;nhC7ntxEExe1)om z&sUb-c9&&kF{kx2v*;UR>cr`_}@qa((?uk z;2Dt;To=b?gp=pi>Sn^D9#7&K{kVB}`U6B6S~8qy{$b2fZ7Hs=WKvwEcXZrf-(r;u zH?Is==~3xNdav1RAHp?%R&$)Jp5bW)f$&7NB!l<;ruym%5IeaRx4;z*0bfuwdq64V z>_3zf*Rz2_63%Y-q+`g_j>wMk96Gmva{_~P_s(AS*ih^%1t^wYg8wfTUr;Q*|A}QI z`q(dJBNpxz#^c%eK-S`WiF^Tw?`GQd=w`ac_6KR|$9nAUW@mXWnGP!p{+ATLvtL)V zaS32S0Okb_s!T`8C$r0lwgJs_f($IJ zxv8XkjHH907=1>pB-sfD-@Myt@$x8J@Ww+ydHI0Ve&V!Q(yirPrAe}fGgNJ3!ZU^m z_nUxW38qHoi(^=TEl6-I;#vT{ZEW#Bw`?3R70j%xM|*DDn-jmnB~b7$-A-ksME;IW zi9F+HYjB@H`66{u2L}5y4zs^7uTf4ww}HW=hu8hp+1@v}`gUygGldBm5zee-TG_8& z?dK~pzCVTF=@taiCE&t7^z*{t{P*Cf=)eAEhGQlL>}N%pGcs|%Z5&@0LAVrQwU8)k z;tiN`7X%!(%%1#xc7bA8x&>iaI`G+F5A(p{lpY=4Tqa*_DB3dneJQ6N+xZT@1cd2R ztEVb=$AA1P!iKLT+c2rj8C>geMKLir10qIj8tsG@BQsRM!y-(-#JeTfsRMxeo3W5; zZ=!r9+e86zpkOJbk%Vy?+Vu6P={40>69z){JJHS2$T|&|iebNyLIjKVyka)b$o~Tu z)Y)PnxQIu*rLb})G(%MWArm*mUzK(JPu=5mfeu3o+X?0(BeJWC@S(sK>?qC`WnZSk1&p& zj{xdxu{cN;7B)VoDDdFTo86xbW|$;kAGQ0Ep+@JA-w?As-XjRWa@`VJ@or)Mhgb2( zDZvn`4;zjtTmF(UYC;O^Kzi!+lzdko{St2wU35){RArn}Kp_0zdgDyah~wzah+tUH zo=uPj>8L2YO4aD#EwlI))bp#W?n~z3%QUB{xcKXbGlT5lV0djk_f%_m;@`>xK!`|r zoSY`RC?$fs4iN5-x4748m+vhtzGvW^Zy2xrc+0@El$menGP0fr{nr}wieZTbgkgz6 z9ja57o(%A%A$?-1G_L0OCF7k9YsAe|>1NQvokD6H(i(WRzxmt-Prmirx8?=m#Mekx z7^PmHX~Q62p??7xz~WiYA`F5R25FEeVqUnGMFr|DkraVO=*@9Q&l7eI>Ce4LM6(-T z|E*0}*7sCExbG>rHn*nq_kdQ_`=T|YR>Uh+&BNOty4*yb3H(Uc9CxQy+*$Fa7mxU{ zufSUhii8aMS&FGT{Bvv)uNy9P^Y9on%@(^~0I*D|GZJI+u>X;yAxVhns#F57kqJL; zx8Z}t@*2&#tBxBo$O#pNr+C$B-tY=#%lu0-VN&E_t-|GD!88-zMxH7mUPO$y`I;ps ztl&f8i{-_m^I4Jt>AWt_L@n2wma~I+@nw`*g{Lba{?-Q`Sg1EsRLH=J_TmvL`tpl# z64Gq7yq-#u8D44J|L_!c9D{&B!8&Hd6Y@H^s3JoaRMeyc`y|6*O*gT2?jUunSi5bV z9xS*&wyj;GiKOA=fv5pu;U>sDrUs}B2A(YDe*=fvhb#+(c7 z+#>)3@B;;%Mx8VN^eu$v$!}x{>9!65V_;|=R;_MyZxANDgDNKH+BZB%Xh$V+m;)15 z?W=%k#J_RKJQX{3{VQgy1Q?!K(5zt(g=~xsCA{xNFKg~jD<8K;3Li^WANBxc zc2a*Gu;MPzA>l7L>OQsr_a8kLUWd{`<4V@emfle*_XexB!y!~zS2}#Lacoan5tBF{ zo2WIs8QqHD51^S!KYIT?!Z-j}Lz;i{qu*FAoW_&P+Zbr9q%qOf^(RrCaE3v3sJ!&V z15jwK0DM_&vvMA1YXMPqh&%}UdlJUE9*9)iOg=(4?9in)r#@<~k4hV?$q_0;N)%sN z3ct~y_E4<4+w$lEbAu@z;SDeeU$QBQs^`@lT~Liz@ME zkn5wPsH`FKsBya^I3s=HTK~n-0Key)D$OJ+d4yR~oEq*WLRetD$#@Lp2EBuH1B8k& zJ~&aMrJA7KFjNHu%d|ZGoF$qu98chPYwvcp4?GSyMt;<-xu^eugUp@qVoM1PyvoiJ z+Jg!XLBd7m29qRB*wOW@oYPQZVATt}B+81Iz9oZ$jrA67>K%ybgX_pg?N|+F=38oquj^pp=hzI3BtWy&2m;KsKk2;@)7p|Ea6VVf% z?7_4)=})9PipRIZ+&#+89Qu=yeP1VVfo(PNMKocq7nhTJ^xr>QGk6<(uX{CLDCZB* zg2Y^;&x#$*TYyq@B@?_fZq2ZwF3(kx?<7q*oc*i|EzbHN5G!<)&-dYii}Zv?Y5JN( z`3g_1!FNQ;#Drlb;O|rf)oCTwWuoT5cE`8VncZmH?&c9qEpEJm7;*;8?%S}>5zr*r z#YaEcmso~GXVRKCCa-kT`cn}H4p>#4X_)x}%B?Dfk*`){WvcfvtFcZ4u!=rUyhAwm^AYV#Y|1b8;AJYdoBcEv%=K@5 z^QUzdId5N(g6n6L5N(0$vn~}8dNxc&>=RNd&R4CG%vQ61EaWp89caRTx8d3O$s?`oS2&a>Xg2!p3qJG>G^Ma`fX0^ z$BFEoVHLm3X#`>f=l!-X?d2fybYu4BUM`tX^CJU)k^~d6zUB!_GSEd)SmmlijR=GB z>sF6dKISt}0c9l!<7{53KLm#6^vb1X;&HK0^6nx)Fq!gqyyEIh75!h9)u|)G{BKHe zU3Oxf2Yk=3<=#Uu;l0WDhs++(oT{wjQ{UUKUoM}|Tz)oxtsg8jXjPoJXu4L|pgtOe z+Bt3zD~|$*{Hlt+4^6}eEf!zWptN;y?uIbY+k@ODTskFUs8%1e-r}45!{OK3+x)2p zD736jzXx{{H>GM)u_lvIv4Z$YFB;@6@!eM!jy{RHnE_|U6*Ci}?$hFQbae!?KdfMH z4fQL-wY0RFoD1LV634rY8f_DFjTP~1u>rqB9VfxBOKtzh)K!N?^?ZFKMN+!EyIC5f zTSB@!7FfEuf^;JS(%sV1(j}de(%m3PqwlKUpT2*c=h?lxcjnB=&p9&_(cE8Hk-(&7 z;q9?k-GE=8N>*x8DQCIQDFq54@KU!C>8Keo_~&>ku{?8+Fg+!f@xx~K<2hU%s#2vB zJu!Kj)_!hP-sM|AXI6_zFLf@BfSwv+)qReNFu?tL2g-=l8X-q37wV|_W9KZeW+Hr@ za9sX@r}b?|DGu~t&;J#_aJiGtP%XpGP!HPcM@{!iIK&*P7NuIcpJrwZq&z3C8esmF z!D(8*|6c+Z+O>{?5XO!JP2lL1Dc|IID>c4|^KRLxn<|iRC(B(sL--p%5fs52GYG*O zzq|%$QK#df7eNiju0#g)AJR)x&ef>M7iuTi7SKK0_{%=kpiK0-5~^>*ocbAc8z zIlo)=v*TX$=TQ$375mLvW<{I)huGwLewgS3RS@uV?G45cvF0VnUC^DNyQ4j#$)6m7 zkE9ctBP>0I=?PaNkL}|I;bT~ry4jEcJ;j=kqd9PSgY}?i2M$T+zxg*N!9eE^1D${H z5)l`{jQa#q-B!icW$#Yh?zAT+*xb^*Gj{jb9=E=Kpvd_Ciah3~5gpy1nDmFr328=i zPEh%U3ilE0?`D(JwfT@BbNpw4hL=nJ2rAv&^DnGgu!u$)0p6q#$Ob<8!(t@sHF~V! zzr4Xy0eXL=Bot#b?iNBDMEO<ozD9Dc&UAHJ9YwRxlK|mKG z=d=ij>J*+*!(kxq#dO%CX*2YRe_c5Snj7rzNH^F^?y=bH!cAVzS=J|}Xd{gS3T&U0 z$vSXe>1@2x(b>Al8`Z|&nD!iYD($*1KOfz6NnCq?CzKmqDk2p71BRp+ViUHmed^Ox9e_cA6zHoz1UT>(jNM7*sI@hd7s3kH#Am_cu z4{9}SGq;pWP8Z*G0(e}pJ9N8#@n1~<_=1uk+>bW4E17kgRLD$aPk^Oj zk$jKnXnv?Igd6j()@?w$GN4)qC$XGzrX`6Q)bgwD`@cf_dR;0Y0{MK6e#X9z0EBEe zeI;eLA5wY{Mvn5(CYO9Zf9YNyGyaUc=gD0}_S-t~j~H=4Cd|D5#t`J&(b~f1=q?5V z3C7WVP2o*fs)beHPY7iFxrdU)Lsaa2oq$qc)t4E4oG?Zgc`N9NOi*!_Mt)Cad~aU; zeb~(~Y+BbtZ27*PdN?%GxLMly{l67t(FJ7g>f7!1jC9P{tRZl4UTV^66ewi$JB_1|; zEj})-7c=&={yGa!MY0QN)9Z-p)v-%Kvj0#+IwohF19WE`C~An!E5-P^xTy8hN|%Je$=5c*%4 zorEOyrL)D0!uSYqesWhV&c~-u-(w3tR~+ZW=LPqL7mV< zH8k6HU{El3XVdkg^@!_DhY!zd)aW7BeL}$b3TrzdM^F8Zuvr8$5*P_vFU#Hk1X?Zw z0y=W}E@|6NX8-**H^?qLK-(1h>G z<|zm&O2=w$O8A)>wI>tS_@>|2wvYd8U9G3(kwpoZ%kC-d!@lr~4hv{iWmbz7iVC9O zu;!)y4}Zf`5eG^@Pja!~r4S<=(1;c* z{BjbC2Zsv(hX<2*zjWS`D2zuM2IO1$Ic-*Z-DEXVcP~vRif$%qLsf&eUd3sWc>kOC z(z|%*yyJh(yTSIe(95|b2aPM#%L?6$7+`D!u8>w`G(!F*R~_inlQ!!c3dftxjIT_f z8*%Aiy+Xq8(9R!dQ2PpUAkkNfl$1lpCCqC!(Gam8>evMk>SY#smAxJFxpOIBn}Pf5 zB6SL-L`sCDM1DaG3X)raE$DTTAPveZ`KashJxzxI8V=Sz;ieY8Pah2k*Bw52Gp~qD zXdRoiIG)|mYVE4`r6L`mZqvAvWmU|YG0ok zCAoSsjS2sMUXQ$KksN{h&1-nFlEby8$>N{iy_p4s5+8hgK>m(ij!EMoh!;+LvvXl$ zMp3)uE<$I7s*BDL$Len-9Ai7>Q9Z`0jw>A`<6rSIZB2qbzd!l88}4YuX6vqjrrgcpomf=7Pf4g}Qb{}W>bDt2Fh21erU#l5HDD7W*4o6F zBmXnQd05FgCz#2Hn{&-BCCGgS| zF|C1~o|S}!tXp5Rb>i*_3P^=iaAbc4z))<|pMC~BTJi@1841-uZl>WTe)XO5&;V{= z(v;(=bktqor~>?lj}E@jz;gk@^d#x`^%%}|k3Wyvd|h#5(|+D-9b}8l@9utVIe8_t z4niX4o<3CcBt9MKcM5Q&JDANOrQDb6=3befkB6Z|rlc{)M1<$kL39SNyXPrr*iJ1g z4u*{{@Ki*TUKJjwi)O0xW-No8sYqm|8kxCU3r`apRYgm!O5ne5&y$HJylOfd=DsxJ4A zugVWA=*1d4vcC!xL@fcgGc>IwZ%9`i3>IxvyEX={`j2fA;GW4iIt;g6qjyA#;*C_< zal*hl$O|Na0;CI7)gw0NRBSyJ6EBY8$1btZ)F~&MGgP@WS;?VS4#U7EF*RxS6%uI= z-SWbTmpCE6#!OlotwPvGnsl`tCx{(aFup>fmP%fXTCJyVx3mX#rgmk2g!nOrOj{G# zcf8)5=V4zg+Q{Ywv&ZrmWh)?+TbA+$#9D^ND%_3`y2T<==bRmfaAR+H2F{lga0E6K zWGD#xu6G7U!eN)eyq8ny!Jc2E655Yfr)rfdUJ+i*Xc=SG?h19a{$w^Gy_vvr`lYD2bo}hjtNCgA z^`UE_&seA5z%pBp?~l3#4-2?PJu%??MnH(Q!4g`My3C@9Iv`H0p+cJ#0wJMJ@WR7dBN*)G z2z21c8*Gp^7^s&Ejg)2y-h|#J+*QcL_N7UE>;)l-q`x94wB)NJ9#gpa({hVtjjc%F zYz%ynlDJ>MM#e-Y;8xxZIhqcwWqpAy}-48b<|8hlXrgRy3OP- zale?lQ=W9ZJN%kpMO5A)qR?B*Sw-@4tfjem{L)`9x(fU*xWmkdI29 zqp7zy#ebuPoBKA+R0=Blj}HKp5e6v|yfcl#cE9-05>yhp*L*WS)9-LKH`@->+**|1 z4!_tOV|lEz)Czp{fP~S&Z?(6_#?KLKbh1%CV**ai=M}+a`zjL?oJgG4@4>Ck=>_MY zB#`7K)4h&{8^*8s{F7RW`y2|+qA`No?Djj@jlE=PC4G(GSE>UW>@UhdpZ={%^t(X* znMQag=wPf0g3dzs1V9h(z@VPh{XymAsGthw7nKY6<1of?)!j$IAF9kf8hFSmzuFq> z=CE(KB83S^u^#PYnF%8;zIS0d|N7>FglWvR1U9QjTcOg?OOSI}y!e9NkWQu4@%a~Z zchyD!bzFMNv8$0m?u zY+2fw`%ntEqF(8Fe{FJ0J(dnjNjB{epaj_rywgj(QdqAij$tft>JCJo6x!RVG*kL- zOd;H)Ok-{(utkzrBD#R5Mcg|j5ehw%xro9+^mF0yIc0rbw3O_D7k#Pdnq_P1xG8o9 zjJuVn)4A=mMUtA1*VLNbTBeBDZ?Ps_ZmpBXJ^2!eRkfa|8iQnkZs^Ip&5TXDS?&@u z0v-2z#%uR`@>i1kaeAdR&r5533Tu#EIht|&RfQ_g`dNnM&glWS%dj4@yvEms5o%Fg zWHyRJ5y6#P0H4%PnmeRJ$&8?%@;8??H8ty#z|kS`(~N|!>o|Jkn$_#j*t+cRq~zaJ zQQ`CbS0+r_elk3A(~NaU|GbXi78ag3mGnljYUoz?4<> zd|cZ?Fq=8Gw+I^$Ru7v_Ow+%9l|7DG4)O~6tDYaSo~S|vAuD_cSEr4_m&(U6*PYMalp z@Q6L<35EC;=Kw!13J@7;tmU$xLQqEx0`;3Q0LEFEoq$wXBnCuKtSd-6CWTcAuKy&+ zSQ;zMBkdefPRL}c-5{7{w)CKp&ZJV8qmGbL)}*eeL~Ig_CzC3Fw^iL0f^bI2lAx$eyr<1~^r_ty zeCUB88cX~;7=Zx`FRWwMa~h~?5-6fjrSgd-MKs|KNknN<65p^?9#5UT% zM4{P@^z#h{ATfM4zeKqQ#=KB!syr=E?pK^re}+=j{rowatQ5}^sttHr0S?$EMciai zQi}{&IyW=f%)6G^x4rUg8qEeo^-q?Rk|d-)HU@`7W$Aqx1ud0Nsd`h#jnqN;7~5_`(jZk7@+UR8BUSo(FHjDyiVVdz_Jl^#;h zkHrs<)>wjCy^PrFOGg{sX77-p28Rka2h#$p%QPDA3QWqEpm~ zK1e*WdUiz63~2i9cHbv+@kIgZ)4+Mb$J%oy$mdh3H-3vFUcP2<)ofepBJINv8tEAs zu(ddIfBqk}j#~d58A{EZ2BSNvtUGta;KXi#zOG*_YIZ+kR$0~(xG{vzrPP~%``3b6 z*Pzzswb5EgYgTreA(Y~pR`^!ym{DGbEqaBiCzk zK1G0rUC`M++tuXB(3phJh}^MFUMCW*F<7P6lW&aJ{GyzP6uAA_Zm@wRU=|*2SMwjA z3%N2PuaZHyP(CZ-ZfOSBpLD6OZ!Py%9A--P?9`Q4SjR0E8v#X2Fh?jLwzE5&md}CH z40)k>qRcY?O)^`zX&fR~ps{FJT#?@3MDX#jwse6RwvGo^yzry*i7l*j5`GBOV`|GQxxFmjd1PK+bQK)8s}KdZ8<@*+)A&S>ed4Xm z0B3!*=#laec-|wnwvuNr#t*QG4n)r`WT59q=tUALvxj>AUSElPS_IeVWI2+2cZG~i zI3ttvhJz`xk$loL#g5wTPFjVvK|M^6OwL6d#vbU&KShsDrWAL368Q4!O;^p2nksV* zd2&*ePaUY2ak1yeU#6v*@`}aCNQl=fzLH^y4z^TZ0fp8vg_et<{UJ$L3)V~e%%iEU zki>6wt?NCf^Nlkm$V90*zMUM6d4^naC;tAWZQl*e&%JNV+6AsPKpmg6Hi^;b#e!M; zQ}Di0hwXt#@=(?==U!$&d2YH=(yS=D`xhGD=p0XdTHN5{8SgVpxk_EIWIq-NC*6h z%Iao86rm0F;(hDtHr}Q7fG8*R41nf&+oU5MtIU7)BypoUBDROF1%_{O;aJXXqBQl% zq;L;Kve_hI7OH2LS0MQ2A)y%h#J|9{fN)+4AA)kvV|&g*lPB9MsCfpqKQOZYZgF!A zf84C6T9k(G#9L&gSDun?&%b~6EnhO*$thzy9RW#H3UK$}R^(j!6)+}5ra?b(Be|JC z=nNw&fwq_vowHz9dh_vYG|g~EI(cy^z8Vl~so3m9`fF3T6%nD2vviA&PGRp*`m~fA z2iwZ7AwEk+3ywith!i<~I~7eiVJhuflbNttwTaz9N+c+VIl+!DWVD8k_9*=f;LqYI z%C3z?%O`dx`H9JkI}9quHy4{oeurIJG61=f99Y0G>i?E2Difx+^c$d2Z&;IVG zkZ)}Bd>i+rA)ZFJE^ICD{n^^B_!zk}I}XbRsuc0YU)wN7PYJ`|xjlL=zW+iVJF z>y+L|pI}j+!qm52fDAXV{ zDn|szJTvj9zcqmOIePFO2s01mb^P8Gx3O!uUJ%b#Q8AWwjWX46Wgbx^KDH`_eZ!^=r5E7U}cwa&J*Ji$qy4b@BGL6Vyu(MQk@IatbyJ}lfft7o0N`I<2{NY3sX14qwPCG zV*kC@o1w>f4>rdno9rNB1yf|XPcqMEuDBaWm5nJxitpmlQx&^JSS1DdP?qJV3q?-i z|5-~?kbi=lu;^Il_{00?U3_5u=t))prvFe{lvP7GOBmDLhZW`(w1IiJ-&KkwNrmov9o1X(!4eE@7 z+WYB~cLk+fd0GpQS`PL6tR_02{~ZwHZV{@P>C=Wgl$KKZ8M6+DjaGRjLpeKb{_i1i zC#QodAUS{%48I~q*eCuBn!igi9Wam-a6sa_F<;{pIUUL@H%8d%Lac*}u$Sr&dznl1 z2KjJT-`?i)!yz&LQ@VUEiV({A6!yK6tk;o`4H2gd5|l?{dNN;X$HJkw9?^8vjO_YW z+=%s3)mZQ}M4s>hCzJGCB*Yb?+X^r-)a2ZI^4rZ5Jqsg4CGp{apLkPrn`NYJu<=ea z#3n$VHWn_w{cZ6qZq=5FPHUhf#y{Kll5npJ^Jp2LM^p8d_iBl*Jy%LOy!J&O%2R8$ zM(uV*Ck^e|bQz(0d3t_g6vfeOCtfQnN?nMXJdb|59DCZ+IY32%4y{4*0nBTl=fsv_ zN?R@Mss;PV?&r+d)`E(zD!R@NLj-cC^m((~(qT4(@LRv!nN-`D)p ztp#&NJImwr-bBt!lV`%IEXf>Z8-iPzPV^UXeRU{jta^3P;H-I3pOl-n1RAI-MeRKY zXif>ZYSzAa4bNtFRv=}aoN1^Lg3AA)5hL$Sd80*WPeEKzKS+XhwI}tQyM_;2rSh9Y zQ}*nc2m=G?Ko3=fo~lu`Xn5Ya;jU>V@oOvK`O^IB>p zcvKT2>;=)E2!c#;ZX0@YG5=?D7_Em)H$w;Iz{p@qUuXNyujY1m zaEBe`xPlm*E_7~f!Pw4`^GM{$0tqgVW;0pD6^g^ER_t!0u(Y|cw?xxE%PUU!C%(H8cok*D&k}mKf;|(2&tJ>eJzjz5Nq_ODZT*gbvx+zs@O7Fav%|tBx zbN5F5V!v^H3sLcGRi}+`<-K&PJ0KBKy@6AKwrhWX^1S?b4L{rRP~Lb%D`8*U=x(Fu z4f&&>=yTDQrJH~^9`o_4+Y74Ti!j8*8`g>}FuQ1xh|gv*ike(d=f``8PNs{?1+e6e za}Map9OsR{p#2dlf=HJrbXqT8_lQEL6;Xy$QdEp6RiiAJlVTV$kCR?dln3*>$o89pHSWW*lj$pTX3vhx9-r?8(c_X5oIy@W#O#P?*{OxeSCDwpxOBW z23-e>AewLXj=S}L)e}MC{#KF!v8$`Ofz9j8=Z-lSa(lVle%It}4cl27vOjz54f^gI zkQ&=MN$^q_J6abtlFON4=m_~Y>CI)(fRTRkP>GZ*|4zJE1d=mFK;cXF`7bubT;QEjKjZEnxp9 z5gKYmuOp{4WgAJBs3Xl5J`RWKvl=eb1OS8FZid|NTDn)?b2&3T`x~Y$@JdRj`nLGl z03NuMYKBKGP_uH()DpmOpsW#gJXlH9e(+Pn(8Kxb5KE|jD#+3DD)=|qXi8%2u7G_t z{YsWL%kpR|f2!}cM2V#F#c#CbSD?vB@kSr|&-Atcr+BX(;2!bh-WE*^F`TJb#KsDj zx$QFin4o@~J=9+NHbMMdL>MWL*Ln0<`t(uM`j*?#(%#RHUUFGJceXbN23}Td$y}qk zcK5B>L>Nw%txoGiAFFM31`JV8xtu=@A0huHz2|HiuRZ&aD`7X7pV2gZvovFNWR!x;{uA;=)D_E<{rmM1cQ36`$@LObcNDc#LoShnCy3B z#|37^ihXqwhM z-&No`Xcg=f&Cj-aq7xy;PssLl_4|HxH}R@tgUV_#M#IUEcm7ZL7NB>TbmvLp#H;!T z)SSBsF3W@|bGhZb#5CoOq6E{$R;P;mA)s!nXPA8Xm8J4yZ0w13z%WD!*Q1M9UseVg z)E)X4{e@LQH053u?xtg^)$iOVG{sKpoX6VtG!D=ef!%Z!d??yPM69LR4E5rxd1$jZ zS9ue_@_{Bs%31!G0h;H-wj`c$`T-+FM={Bja;q!|nzOxvHpb+q?-r zvG`butTmAL(ybDT%E}#*BsEB`d>D7=2v;#T)U}NJNMU=gxFa+36M=o0E2_qYZfq!3 z|h-EFi^*pkUp?srv;NUzy)(;{(ax)bs)fO@hvVnVzXO{imY(}OwUwzlNIbwJ^mfF|ZJa!;xE~^Tx8K`rxd#tS) z6!&(mI%qfQeB))6Z!fCdvUi_mDV2FmW6bRgLI10leX*z@>vnI5il#;5{3JJs{)3-C zQ-%h%8k^(gg8MDUhk5w!m1H6!lpBB^U1}Dsq`aGCW1bt@{36Yky z>$vA+k!3c=1!}aaQ_)*rilDHZENcR?=L$=XBNI9;cr_3&C?=%=^ zIc402#`=uD$z#d!+lgY|xMG&b`w&36no^yF7D4Tevxhjll9bB(2*~0B|-)Y`Rz;k65?1d_mERB$idUn|canYMWCkU59$>1PN1^iIgnYryYWSJz= zC*)p5vwVcqP8>x1Cf$QC6vgon#W4=l97omP=}*%%Y}iYwxY(!3IVz*jqp1DGv^}{k za=-5kzJLzq(-OBX15@siA6*w?| z6vT!A)ZOv!(%`+(%=94l&q@a2r+Tq`6jKkxne|iWQWul^5Lm*CXocAK$$YtLCoQFU=&EAGIfrk;OOdb2-LQq-$*RrV~X_3Zt&u%PZK! zeldX4HzA86OJ0%nn*gjN{vYA@sMlg#D1_i|=wab;YD9)9m}s(H&`8hd17^A=W&a7C zJJ(+R_nk>u=sM@AjPK=_1V0#UR$|uHrOVwvM8y$Zh+QBa4~}iRxw-eU{q$HE!we8i z#j7uFkI>^myOHK$G!eTUKR^5!dUjiWyt}*E(+W(=8{;vW%sV?gUn{$ny{zD=dYk|O z#qLgRPWRiiO*ff_BFdW*SX{a%+IX^NWmIp8cE@>l*0shV+Xq)WR_0d8=u8wPAH-DT zqaprGW8^r?_RC&PPh{iqjVCCHVti6_XXWp_9Xnc9e7?EvXpDesYWw*rAHVuImp-nc z(g4glaoFkA7(!^-JTra60;=>jq&5uLeiJqf%rX!?P?zm@sow;dW0e16{3a?Y>f`s% zoYpjFV#w{Hdy}xTg%|}jxsx>sKf3Z4q)As4SNl?eL;Hg^d(4eHdVmp$!y+dNJqE$* zRRr=bq~z*ycpZT}giuujW3}-8`&yu=iB^33<_X!Z-d}Yxcs&lOm`&f+la}^CITLZM z$itd~S>=S>gKes_@tFFYYq9-8yti+KI8=Rq1jp9QGd>SEThTap;UU=Sd^<4P<_gAY zd^}LPn59G0irFSlS9Eq<>+jnoT~@s;iVGS5tTeb65`wr!wSIAn2+TgqE+^|i4)pe7LRTdxB5UJ~~mlQF=8h zJDN25ks*MBAt1NtRWzg?(*5Ni;y39=2DBB$o9J+upUlMAv=>9~%0`e1lwyzHmG($D zhgE6%HwT?~N`nf1)uvx_K=Gk7fX<^IK2as0n)(yowI1hmg%4MEoY*-a3k%J#-_? zPnu$4NmvA1OQ5^@x3kqm$mjV2K6ZNR{L@=jF5wT~cf56e>85uSk5XL=#Q6x~ZXStPJcC;A*8+lP7rM|8__m8eC{byJQ2m!t?J{RCJsAUyBNma&8ijO_l9mrmW2}PK^7+%j@xLML? zH}iB_v9|AliE$E!;V}OuyCz1h$Lr_i?Yl`oU$KxsE;?4vc`+=+0uJCu!ONGK?Eh6e zKybF>f%XOAyv#=?RDijlNc%8dsacT{UWHUtdPDS*%nxN_hJoo7@TXcnV=Eyf8MEk= zMTCpH&=+)Xhc*|KhviYUpg731Oy4!v;i-ZeEq{5Mp2}v=rn97{XSu7mX?l9Fy|bv? zG=IPDnYo608uwssnwW-SO;nt@ICa#vHMH=5IWxl*I=d()V}YKE7XzCw6*dPvcUe*@kI* zD;&!PA1TTXrkr5w@AlA|d;aDqOJ}~oLY+m?6Lm7>p9?G`e9qJ6)~>2+q6Q5w&M=FJ6U7`m?n2f{m&Q|i zZhd14H86=&$ZLyx28E8$w%&|KDeiY$2Ly3)OEZHjD<@$Pstk;6v%VH!htD1(gMiYG z@<1rux7nu@+EkNiQm5``vLp>e+`sh0pFfOQq7pH4+ciZKis}O=5Z~8(=(MDe2Z5C{orMsE6+ekk!D^Q~c^qP<+$t^N@r<9A@~>yfO@R zR$irt8U8Y_fV4I7>B;;`I)qwpN>d z%ztwjZnsdU`c>goCTI?m>${^bOT1LG|#6&oIWUYz#a^*$`%XZZ$r7%48ZmV41cOaN7Z! zBPGk&+;&hB!=2yony})&s9Z<%IR2Gk+;}{rVYONcDJ9Y z<%Xv^FxnB3kD5s$mG6580W8k96w8CslGXKx786sMGoH#B8Zjm_`@ z_O+Du$wVH3BTgKJk+S4xkjQE;_g>`6+?C?Wch`=XEM_b$$kkN;-XPHZt3PwsQ_W6k z)CE@(EqwhRaZ;g0iAA>1ctLCV%y2-PHDKczvFy|TNdr)rvC924_i^X>ui*7zh5H2q z)B0yqIk0Pzw@T1y!KDZ9XPU-K3Io0IoKe@AkQo|ivkf(B>9yXfflA^w?^qSzDcJI2 zqyWG5e6u?X)U)g$&viIjQ|jGt?EGxSCgH6z3JjR2gUAsqjwL2&6sDL@gZN^KQgjm| z&oaEE1Q^GVEyq8~a%~tw#_(@)g(QcB_2)+|*qH{27n3a5_CwFY8)3eA+3t(8oD)#R z`&~+1A(AO%96&Fw>cJ3N#q+0SPLyG6Dmh)$191$}9TM+SH^`*jI@_SLx= z%sYJAH!nkMO?;g7n>b`Rd_(}}ZyuKIrUGQh7UY%Xt|S{JE%Fx1b)<7l`(@)D%TxUe zGXMO?CoXXQ<6vmq2lBE!g1vA*NOHwKI(x5KLBjYm3TGMTcCy$8zWdYx zuRdofzJmZa9NG&hCv6z45y+>4un5aEQK{c>n#!j3ik~8F<8!at2q4I5C{%69AAiWS zL6z}L>Mu;hHuN&^D!mvMs-&)Jj(HP^~tkf5x2e9O%7ER4|im&EwXq+N9wpc3tmo zhIkX|T>)X8NwvO7N6FFsecF(BcIzY~TlrQ!0WhsqY(DHlNMGlQ3*tg$WI8~cn9&L> zjqG1N8hKR04i?~!A5`k0CnvTNTv>0Y>@?F$3r{0o>bt`VDF zc+SEL4RCYymSKQNXMc^@Kh6T^T=UtFJ2hfZ)^%9<~P%&&fyvfv|-V0`q8-tOF5)IV4VA9JH^RkD1Vq9U#|}E2Bo-GD;jN z5%Z@+B@3E)FDFcnoFg-Q&AW^WhF!Xqssjw7bZQN#B6q!H*5Iqt$FHBG^ZpI`NJVQE zgkDnnJ%;+zuwY$J{?O~WNT?1LxwY|}8>v&Tto)D^Jla`-Bhmseum5TX<76&GIBig8 zI&M%`Sv0hUZ4=+INwsOO=!7iM*6toglI&H-jn%0`OSuY7e;ShkXlJs5OTU6s#wa%4 z!l*)9t#>!p#_`9IG;h!?MTQ><2HAKUI{wZS3dQ_Qd>d%xhf%h<=eWB?fu+20yvs}K zNKrZu>wA3X2DJS~>ajCU#uagElqqd3%2%3Ix1f1$p?$s|UK9#(PwdaWV4sM0416;u zxxvN};B%o0cTr~re$K!5?sKfRI^|10#+n@$V&7gzdmTdlgbOAXYF8azKCmT3$`Ipp zC>H+YuiMz+F5UtXL%1`auEyjpspK5uIXmF8!A*lV_5zhGbk7Y}-7?>PID?~6K;8Ho z{=<}7z-|%KBZf#%y_|0UA(9FDW^Pe6k<%1_=M8LhG*sa*juE?G$atCKVL@v~sKgL4 z8C%n?;G^|lU8R#0uc>@Xdx>41#*2*C!{S#qx{ydd zd8tYtPyBi!L8ui`cCu;MPrl1QHup2xe+>??>fEtDo1e3)GCNl?$%a8UrU|aOY+}qWu~}fd^USCps!8v3EAoW zK7D?@5!GKfc=e@lb~qK-$*h2^3rF+izad9uw)Ry$*KBrm5V)sUH6plh*O~w5Shx8C zhG^wiW0O04>{hc z_59cPZtBx->Xe~|jmHSlsd}GQ9lR40Rv{#2QJYxnS_%kUd^{1g{qbq6Qf`+RS@In^ zivGl?T!(3aB*^I|Mv*2>|I%adDtz~@#g;jA-A7J4 zybr6D{0S zXq7K5%nn6N%m@w0F#^t~Ta9z`eXwX|CqyYD2%j zPYvxon;t$T{Q5DG^$9w&6k%$a`o*BuMalrg?0k#PuZAZe9;8n?qiHXS`2in^MI|&K>0Bgf9#DXjQ zd>fY-R~Tf+LZVx6MYH%14qmTkWk_yjBJfdT5vVO@2e_JB6aLfRSx=-*<-5K< z4WlypZ)1xzh#7kw{_`*yRYp#*<8u`Q0kQ7m2zYZCx)}28D~zlg;`$nB*OdgYSCx-> zu(r6ipm-iLa7MROtd-6VL~`+H6-qvNOuSF~K^Y?tAgM;9k;eVVDCnUcJ724kqy`ou zOpg0>=O4Wr7C}H@Xb$Atf(lk+Q)dLkq3AoD1;kO*f8OUNx-S~#aJ@pqCcd*Xr>DDd zg;fqG@7>w2+|MQ+Q#cboBLC5RK&43y93D{PzvfT>SbwG*Yo;P#>sdcD;A65R%84^d zp9V+{a5Wq)(ZnkcT)Q2x6Q}a#zsF|#+e6))$=M7uxbS9BT2te?rmZQUeO$Vpt%9$? zs4+`4q5Y;7_VN5`7O(XY_HDia2%mh!jQ>b!1$k~a4S%0x4X+g+^z{?DG4BvpCV1IK z>FYD&%vcxAZvNHL{SXk-AKh_#mk(7PH3X6*_H_6B%EewaWo$Mijqr*g_dKN7 zDn!SeGW6>QX?2dd5(e3jKh4J~`9p-U3V1MLX8Dl{dyX?AGr%}+*o;Yo$|_BRym=moN*&%B^b zv1vcVrk_yk1>8j1PF`j&aPb2Y>Kx-r|F8ii!nX=|oh-f_iQ!KV9O;}N{kV~{mQoAZ zDjMi_ZL09bV#0=pm&UCrQ96e-55rPozA(p(N{2qs@QaQXhQZV_tzELH=}a-gTDWiP zZ7v~=remZvCMSBIi+HTP4j|o(af^(b83Urx{X~~YBf&%}qRT6K7XGFlvT}mz_nLxO z(SEqma!5!&4*W!zULoc`>f9hao~-R6Z4&Y^6Mv&&6S4Vf7~A^QreT!s?g&AxUSlfZ z2d7TsWvETF@wD2_=e@Z%Mw&;TDZ(+Ceh77=Ow=3?FUA-dGaG`NPT$@w(}1XvXQZ zRAMTh8*c2Sskn`QQ8bG9F(G9}4xr2bEw?w%rvw&QJn5+mo1eqRt`EDrtxO`D z@yx3FY47_Omg=rCk1lO0owqWbmtia=UEQm*(^tK!wo*}bWs_xj z**z$Ebm9%T{ng#ls@eHIb8_gVa~9_wo0L&LHVoa! z?CZr}ElV^|zrFa~$TTT;cG<2)6Mrz|S`5@F?qSff}gBaG3YTSahFlbDr>TULB=Ic%+24 z1H$eHO0pR0L}te0)Pi<5qB4z^P4<<$_rD*(j)uH1HbuWU zUk#PDF}~@WKo$%zMb0*b$0L1+mT^(sU*5^ALZDb%JUp%-HzD30ECkn|6eAM6UD zt%nh11Y-N^?3EM~z=c7#?8!-QMz8HVI)@?vk*^GxnE=?NJzNft@NIT7(q(n7$j5RsaNf#@b->UZZ)hMLmZP~@TA0a)( z|I+P31Eq1y_*#zXOpc;!c;S;=ARs^qf0_OfoP;37H(-G@O9}KZD(lF^e%tBlLugd( z7Pzn{jt|Pt?^QZA!UUapxQ zOTAxSj*ys0R9``@Oi*YkW}geLb|Tsm=PgW1bYgr7@OOWpEg_aV zo@FDpPzC*&GsgFeOu906|7VEw;3o(Bs?f~>Cc8Y`9Q*OJyL(cWz8A2h+2RLL+I2I5 zlV7$u6qnk(qzc{C_9w#B8%jXNtCyM$Y)rhT#`5AAE9T93XAV*MDS4{-OG+OId?J45 z#F@}fxMGcfA=t~>f;r1(DdqA#TESCB1UhHR>16x&X`2Uyou18&PBaLvzn(4mv#V5q z|Bca5-i)K!?v<3@Np3*9t8{&>z1>{##zOCI*L>HyDRe{4R+`y>9T!R&YMcqb`p2TI z;KS8U*nzEOh#%iEwrRxe4^Qy~5u+!Uk_0S{Dl~!EM} zuMDg5d%BiJI;BGzq$CgBAzcE}-3kcOaMN8<(w)-XU7~b%cgLaYJwJW_`h4Z$y3dZ8 zwb#sEGkaH6x}6Lq@^Yq~#%uL5YMcyAeDR zMI4-WUJ*W8?MGq9R+BM%w*m6Ha_b&I{ebZ3P*!VTL$4+cXRwwXO*8vX$)EWSiUIvK zie{(`#%v?GF})izw=}}1hwB<{_)q*lvpxud17PVb3(R&C??&ww2lF=gUknFQw)GASqE|;+!h_{3ZjXYD4%@Pu zdDtO(Zi@sLkz?pCQ~-$ZLH*;Ldp~iuy+C(fHld zL^JukS{&*D(E5Dr3gFaorWv$4f6id2RX^?SnlIG$M8$Ja#;?OY9+K> zkN#@!O^Ji#Qg?L1m9(g7`&DsFKITb}+VM6g$-75$6)p8~`i@q=>&&-7Z3aYF5wXQ* z%)BMhRd^q5Q%z@5t5Z@bbM?Qg@R2${VTF%oTf)^K%V>BL&ggM(mp``Y%d@gpZyyvUouk z3-tC0emF}=9<}28KKU5(Q~Nz^x((sApSqbtapN%55X`;);@$9z9Fs)-Jo9Z0HPP!A z)j@ZSP?BIB_=b=q-Ubs!8VBG--0g8eU$^$!I-&Q~*gGdD0xOhx^KK;$^uabPCl!hU zson{wEi!0?8xhbZj1bRwfkaqs1d$?`@Pj5@7)P0G}7DMV6YI? z-SeTkJK^a1ATB0tBI)_SB>IOr^vftTDS>muS8}{U<&g#ycXX8o**L&Pzn@mrYodxy++>bjiE^ROKSMR*xPBcxZg2JPeMo&x;JVm8kvc5*hS_3!#Q1zX=pa zUF*xkB5I8+%DBh)+?>&Rn}`UnHITCvkk?${_p8N9Tx zVB6SW1t;+Z3%nf9Q#f8?8TxJTD8*sdN1K{YBhX^_s7b4$VR#o~?-&8lr`~OwInDZ3 zdw2H@Babf&V4QNEy~H;PMc0o>+mKg@(&UeWEHpbY&Bpoz0^^My*nT4k>Kj{M{bS3} zK>y^zbwCOI$?tRGQ-4wV6Ih?*yu2H{lKUF`tB@YNVie)?bF#ZcN{?O7`h1z>9seFJQk_z<|kRj@ObZHZ|ql(y*+<(tWRhnw)bs*by` zn@U(3&ZltSIX@}%J5T4Lvynnsg~0|IS7RE|zyR`WV{(B(c*B>KOp!M36RC?9H{F$1 zV>m4FEVa2 zrnKQ9H~@R%pD7xd23zKt8~x{8Mz~b@*W;hcT61)~IB=k1zt-}i@T(vDztJ!huKl%h zq{=dPyzuFzMM>~&^w0OattrUmQK~EbZ{H5LIs=~Hzg(EPnBsOs?M}BvPCOUT5Gm3? zS`19Y{G6&GPEZbmZC15?jL-}>)&>|cs_Ej3vDHrs+F$m!zpUrd zMxU8bgJWC~aWHGD1i!F4_CONMr!+?UG9Jw0Dboz>iJ5m0fPFDROp~VWN}Y|L#!gTo zJ_5a&pMH}K!Ub5x=XzefVnoezW;K~)-P^|zV+J_FuMZ?9NjTj2$Ncv2=GTRGtnl1{ zf$);fdXKMhg-F43ibBz;Uom$MgwSFAr1~RU#bn*MKfc>Reimb}w~YDDzE1p22!t_1 z(0V8QV7%p5nf26J=`3^7MjOE+m4!(Qz#EQTr!6mYyHoJQ;0eSxY{`2vmaH`k5(lnE zC)V2EUu$v;zI^^@aL7$2&33H;-yW*l-TwBL0U{B%0ZUQ1g62A+e^u!V8 z?s&K$;nBfo`{~VNNpAaSB~Pgfd0|xN*YU59Uczr})dL-~zXS>Tdtp3wlcAzc-$$k6 z8+IbNE@fPlFD#HHuKLLfr846_^5nc^$Zmgm6H6#y|Iolb{%q^RAqU)juv^RnsB7wW zNsFDA;}^>vQ0H!svf4{+-krz*U=}WY(P{A{Jo87tW^QfXrvkM_bDd@R$sADr*7r6B z?Dt%<;uHHw_Fq=00-52vatuuF zP;qd-iJe8X_z3phPq)^UH*6i<=t%Uwexg-5)>TCV;`M6r7GE?d6*Aq#&kpkQe+C{G z{Xio2QbPRe<~*DZO456`nbC!?KB~y1I9St7H9yf1%x01`Bc1A|YaTtgQj=hQT-@(O z*aGFy%)FIjH%<&Gf%I)z*UeH7;mWKd0I-?K5-Wl9jt(+VfIDEGL zzvDNU&J=#z&0gbp@19&Co@1AOix3j_jz>7?hv2UiAfrvo{2j|L@snFI3LLs;!FhX7 zmAbViP2cl~eqd6<2^snS4`G2VXp!yUuj3b(ln_=VtaKXuwPJc#_-%=JCDq6nvvy4t zT<&#Wx1DK3=T`Jbu{imold&?LE7QFp^wO!Ih~97GUlq}-HhwS~>RfD^RXM`F?|Z#H z58sW)JKagkHNT?R1ywjgzT{5Rm%B2)JO1(YOQBV&yYSIql|yfA2)Y6kxDj;rovDW} zLVDP%S6f0Pf))dhigHchCkK6KvFr7MNa}>&>hj){AxM`;W^n(jbT%7K<|2;j0xR)1d+1{+61pD_!3e+c|I1bii2R)E-t{3@ zx}axoN7t#7PFbc-v0&RNL_v}xHgS6xF6Uv?I|JwM=y=8al6mN}uRK)5A-rp}0>Znp zM8G=tKV|OkP|cpMAiA0ZTS7d2PC&nm6W~E5Iq&*7Ps^>iV#D8919QFEcNC4vNm%0m zf2Uc#Fjs;GglR2OGev0~%EAAx0IO-(wX|RFQZ{d3SxVR=A|<%fezu>jA|QP+PF&|8 z*=jIKut&C@0&=w`#&(uzCeqM|i_u|-57r;Ic-H%jvYuEc<}q>68gmF(wVB$S_WhSfPl!%{{b#Xjdl)}7&@_OGy>C-WDOlwowmZC7JoZ3a=; z0ppm3u_eDw<9|H_(vwf5w{hiRynlTNt@m_j<#rJKg$&zYn|-ijF@tX2P*!4NoBqzJ zP@|x`x}a+S;5($C(Ug=%bIU6o98L?sQ(=*ulpW8Mn=2QO^riEG>6?m!TCd zF{eT@Z80t`k;m-|Giun7xklD&yo{VNG@O+sm$^gx+)ve7|u=nH=aFQtE_op4=)BB-@HeuUXr zus#*5BB+L?vc)97!jcyej&p+?PkE>&db8b84W&+zTk_ z7|{)079e~Rn%4ZMN~}^;WQJ1hLEMLdR~f^?XGb($8M_LXK|M{AnWWqz{W#g@ds0I8 z$ZqjEEz-YDlV_(znoL*3fo$4r&1wkrm;(xuB3)e%XH`5h1<=sG)2~{Vq=Xq+-v#Hrc|Ex&1}|zv~^$B|8HoTg#rReWv;si%(H*Lp!&^n4Z zZR+c_xHzhhJa`I%IWU`cUT>RV?%?yK>f9}LuJ|9Q9{Tp%-N_ld0k3s*tcNA) ze^4W6LL}yv9@oLt-l5xT8XK{o16AI^yS?j;>bWdd_n0Y3S%0(AkxrTySR8hG+F(OR z?bA1bHaY*@yN)%SB}5-_V{o5xtbTt{gX}S6_i>7hIpDnr5= zxArgyM}K!sXA$_}?PN8QnN|oZvPg$G|I%7FWB-M741b&b^6?7rs^DpOD0WZD?K)ZT z7h-LzD=KMNRB6dbH<)`qNbv%r;(m5~$knMNfdo&)4=VB^WZAIZKq-7z?05dMv!erH z8`|hNthHlOsxMG7HAiHH?*2Lx52}ZMxdk{C%5@$GVqt(Ma2O@Rax9vfl<&qPZKTvn z+d@DFS!9FW9*m`mMf)2^g}6)(N(mv0ul5lreuCSPL| z3XUTw-0MR9asRJ~!jM`F?z@1h55zGH^T=`O+?d_-$?Blm5k2;thZDhXPw#$8FiIrMjwIWG}=VC&!$LgWVQwrm=>ChpdFNeU~1D;;JKn#s8c`@z)4 zNm1>Y&w@>@k4OUN-`71dcjcYJ7<(~9e%BEbepptJIp=;m*s&)3{sltvm+o=s8Opk2 zK5U71W0qJwP;{7DOEU*QnP;;L+6F17RR`v@Rk7QqnvaXZY1Srq#Nr z(@amo^Vy>REOVd@8aPtnghIUH-8i$jE(yEd1sHn=uXqY zLudcKVs3ct(i9X%rmJec4HrwpR zBIupTlvk`(FG#WeM&$ghx*RZUgff7x4a9~8q0`?zjIFAL2Z{g2qs}4((ij9;5(jva z^C^3_!F(PQ$4OfKf%{NJ5EP_l5T5<}4xi5s<^(rq_J=l!)EIS&guDSsVJV)v-gdB3 z?@Q_bsa%TK1uY4nRSuH8apFe>1dp=3K6zjX^pE%D_a^~tGr3z;p>Lh5gL{pnoFrpu zp!Np`Gs>3pvyKdny$tWCI1$kpqbtD{W7!NgKXmTf&g}9wf?>i`FQRsZ^D7-g(aLr) z!hGg68+JWLNY+Hb_6BRBZ~D}KZ(^t2Yqz^n{awX9hm&KvEFWD9!clH-qJ z%m`@gfk74FnkH3>GWBw7PF5W4N{((RX0<6hR_woYvNr)GvFH-T3=%c=B={QS?>2I5 zFf=J3wba=t5H5h|F zy37}-gd|V{X0MR&hMjf%J-7sYU4e_ft1!HpDe%YYRP%6Z`FvLr<335=^d8;IFrsC5& z-ZFJ>mnT|*g8$iLcm@<^ZMulK^2>-lI4i-n17wxp>>bT>;P!Npf-wC ztO`rfJc}XJrfO&G_V(%6ISB2G<8FthI4xpVZ>>u`r&e!p0`Wx3$93?@R$J(#TjdyO zhK1r#y&~N=6Z@OE%z~UJ_z*NxhrifO14Q%QJ z4};1G!lA$OG^~GX-J2=>Cr*8DN2k)AB`yC#BDv}$UM5|UV@llu0R_XqbWWV!m0Ezc zB_`D7gB1uTX&^i zY_vy*WT}gCrG27`GFJr+0IZ6*kI$te>n37-} zBg>{?^qB{K2*U(1{LOLdNdFLy*BVjEEA+SfNRz6w73A+Lo>%enl80+M5)D_bMqRNE zkF5VC3K!lBV-qPCF1#+hk*>XhNxA56z-Aaax))Vv03)~AZChuhq;lA3qs`lV%->w( zZd;x;;xHjD&9sh6n~KK^e1lJb+Ja4KmmSrvrp{k`s9;Upe{vBNIk8RkjoBQlFcP*K z<}uxY3ZLjm&LJ5$ri)J{$xN?9gT?Q;NlRV?AGFcq z6|<2SOtb%>XUNhnVUV^*DjpQigxns2GVIUaZFF_xI9WuEOel-q&nq6CkrD0y{xHD@ zs!Y7Xb8ZA}O_=gPa$%xC5#oWThF%ACmvY~E9>Uru~75A+fIOtXEtwb7NGu1;gF#T4pj~anjs*~gotCp z49RXf`;$E!sul@&;hMqORIaVQrYG1Nsf3f@++h8z}hS!1na)obU)6ckvr%|J44@xc78PMYoZ3G2`5MFR1_1=+o6gRCQ@_XltCGtp8I`OaX`;p~l z;&F3r`-=YQXw4r{rV20RI3d~#vqxX)oZZG}KED0)v>D+s`-Um&-pJ9rhY%-_hiQ-I!{i~ei z6(}{A7H&1ifLi^}@$~^H<-;dPqE$@aTMQY1gt$Z~tl*XMr^$Q$c2ODq5qHHnR9f z4ff1s%yvA#?3(^w*@g+}UsJkp3mlwqr@0WPcD!&CVN}$lUhq?FL26|McML(qU`OB9 z;-{wfTTjP502{+uvnal;5uup7Tt#0@?o6Q2Q|fyL@Sx40$US2l7-n7JDFnFQUtUg& zNz>3hULi7Nyb^SN+v1pS@640xMQA&(f8XZ%nO%o(>gHG*G~9E#jJ%_1)&mZ_0iiwq zx_28$@PQ#NN1pt9Fc{qw82s;F{#}Iw|Yxf z+uZodjW9ME$3c{>TA&8nyPjsaQlmpsh;=g9OOoED$f*WPQKb-lb*Z$7dj-P4(ER*b z%#o)rDYd4OnJgoq zCMuI)!Q`wM0x9wdwN^)B$NWnVbC@8$Yc&^DQ4_5nRf>+r5$K-uJrdhL`+8!? zrI%dvH@UasC#IOR4_3kx_P4wBIVSqD4(Vh;H5(`vVZJ9`x1Wq_s!?U(^?CXrZ?oBlKu(#J&JJS%zv@SZaT3AeY_P zrnCfzVyi9+=EI^aaZ6^PPK8R}$SBr%JBfn;S~sbs5)G8jKhfRvg#E#q>!TwS+ICVI z_U@;&8-*pBWXm5tSB`#@AA74ze=(1RP_DRv(Ee4`mwfB&1gG1xLdIF5fq{UnP5=zG zu^HDc>blXlqJ@0o8s+27X5G+J%2#!Kr@kZ}W3mrY5BSSL2ID%vgVQS+ zAU{2*hEa^APCx<*Q*8po=d?Aok`dEQfXK5)Cy0JtR}fJ%Hx6t==Jg?BMc#{qr0Rm5alzK3 z!N!A4Q1bJdPMPqHW6XBWSGb){@%D;OU-R(M1AogVD3OQ#_CVHa-LN*X#!hO3F0!CqsaIUO|@q2{fady)j2B$~f zz=U?TR?}P-erv$*?;jbgIdu>eDTHtvGR~zNT8PIFd0TwW#N<=rG)ipKjX~{a+y7CB zYo7ZzhmcCb79O|EPD#y>l|q8Vrqad0PQrwu85{qEjk)AC>%&x`JnYpuOvU~)JK9O; z=mZZ^>a2XurHPRzpuaH=jI2R}n`(;vpjgucnahG!mQgYuXI<)W(;o#Z4b9V3Jl0gZ z+z%J6UoM^Wb%Wf+IJD4cGpZsY?KWOM3YC&zl-)`lg`k4Ulb9%melZpWG9T$Eh#{N4 z%*^IktWnfkM70r9B+^~`Rvb>oZ}%h%=G%M4A9|+$TN2OVVgP_=X^VQ0NulwJsb);) zI1j{YJsK!wg6PXFF^16j=bUu(QKP45i2MFF@Zj|e`sz~|o^Hsf{PIu%|I_KL*w*6e zYd7ZCMYC_^r>n=I-fqUrquFzjF>|pz{`eAH2tJybA=;rCkLl`v6M?{;($2_nJUH$x z3g8O@0G3`mNkrU^mLl!iVE|3QhV=Aa_d1gO3PEpl=`bOmhdJ2aCM12CjQs010&Pw@ zJ4STY*PLO4=XQze48aIuXZW<7L*d=AuUXjLCSZTQ{Rl9+-}0FeGyYc(#B9GTyO_{A zMtp*!&%zu667%0a_U!tAqj$|MjREA3@q*EPK%iv5TqKO^{;poTlo$;ooTCb!cYrNWWge4>cwFF6RNG1857C%NPED>+Y4+SW4Xd}s-CGVb@ zqO;vamqkSVGkZ3J>3oc>#2rk7K-7d39@^JmhS=BQ2!+H~#sBH+kTD6e2X~X`upv}Z z9Ea+s_(;HnGo=C51ua#jY3p{M*2emqAIhArR_?%t)5bzZcmFrSi535i6=AyI&juYW zjLC5#glW4~3JG6Amq;g-8DQgf>+CcmANFJ%P^+wR2^?34k9Lv0=sIti#_q+$-o14} z{v9v`Vs%cyo%9|fqTb6i*&;TuZtiEfpl~vf;0vyyf!(+EMOF&NtZ=X_J6v)BM>`A1 z{ktIl)g@n2r{c5SLzT0$6!~77^ID7jRcV~3mlBrgeOOd47D!mCMpz^Gh}X)|cX%8I zZg}L(4{NyUpKvlW&TuX~{R0;STzyqU66C=;$-)V!QnN8=X}V+f$c#RVO_=GAZ6p!0 ztIJ1p--W4U`j{(xu}o_N04lAB6Yj2=f@C5VqHkOki@5NSMIp(decz1234h;yM6mc4 z^orp+DVfo}R^-qn*jq@d>nYz&OzF+#BiI#M77BzVghJ5Zd&{xy*tlDgQ`$}2=i5eg zKV-2IqC8)BC~r>kma6Rp#Y}cCT_&(-%;(zaQ76O;4Ql^JBRT_s$)0PEMBB=@*XMzu zg{F6Fk5OkhqCyXyKcAAC0sC{endpWV1=PF)Lyj@bzUVdCLo&V8xv%~i> zle!{`QI+$tqCFQ_L6O#nmD<}8X%7wsk)uX90&@jo0JWo=5Nu;gjQNwmJFm%GK35i| z-PSb8w)%;(>#CET)=lomWis@R0{c}(uqS%NO(&uwKENOC$uzb5BKh0tgX&tw>T~yU z^OfY+-1|2DyxhlZ^ITl9ErAQ-h{)XqxuZ5UT=3v-NhwgOy!`!)&{(@}Pj4`cnuwLz zn5Y?w2<4ay52kMsg~PxGh0KiS;QV`gS0pWEb!vPhZTIl`{EqaFw5)Z<^Uoi2+|RV1 z+FjCb6gZ0r$|UewYbkV3WC%$_a2C`#WcwiER8VM$jHwQ!&usjgyuJw7(4y;bqfo6M zgxsIA6SIMx*+eDp1>^{#ksPE3+BVQF$wP3Sh^Z+N;hXD}UlVBoHmR?;_?d&O>J9nq zveuv~EIRu`rv1(y%`rNwFJ`x!BXiQTS$wwMO<+XQnNFmYYp+FVX9KBZ2IgdLa(vvHhoZ{~52ME^C+WHj-LU7{FM( zwaG6rBGDV889#dm@1V}gm+<{XM=H*gR*D;*oF2+H%fyIyo>2}3tRba63G@reI`z2^ z_#5(F=NGmH+uZD!gF>I=B5J?&8=w->n)^?8Z5Dz@99!r{i}c(-N6t4-FijSK@EGn; zGueT54<)+!SQW;tOM0|`eGty~uuP=_GxwOa=;V@DAq;$+MzZPetgPg}czpmswnxb?%e(d;MmV1U6sb9NwiL zBbUFBdPCn&Mv!-5)_{((BVRBAj=Dm<>?TCno}vtzALx=4V!(m&gx)r0ZL=j4QV+7qW2C zY7ky$bfH2jUJ|`uDcnL@eD(v22)Z znL2sK0i}=8*ezD!v}etv9kw}&aK8qLt)J$!8Mr9O%3$QFa1F5#{cn%5#Cdg?fQ9ykWu=SU!UX?S>}HU#t228Tw$# zz0Xa82{9E&jXlI|<6NZhRw>%4%f1`jFy&1-x)wXUyinW{K#)S{+lvXb;m&GyQpH2( zn@)a+_bOlA*r3s^YH1~tYY9N+>3?=z6yPyH?<`I21KVuOj}Sx!;C`6fK|XT8%VsN4 zR*Zd{4>>KDTzn?-mWE{0mL=r<&DVutxjyj+X^jAB6pCph*=tC&P7>`0C6@AnMtHxs zL6R|bHiBAD2Lq#7M!9Y)S(P$0YrMh0n$ze_lcdhCSetjwA3sQ5q1qea{cmOWBatP2 zXF1(yoFM*CqJnn%`I8cc0N#<5KZ_Z6$Hrp*q3xj_(V-e+nqO;hl5_a>4q-lUZ>k%J zc?mH{cvQkc~d8%HdKsRpgs{oMG$H`X)<+w zOYZLjllsrPnO=HN>=LZv)J6-0lCC~_bO+1Ah>0vm473t<4g|2L5YC7R3efQExlFWu zsk}9ek3>?kW(44=c;!94)+a`aj%Hc=k`2)PU1jwz2%F*8#ON(615+zg!$2p`pU!l+h87)o&!5(J}2QMq4YENqw*-PDIf#!3n{{4r77> zlOsK2B-&o;Wul~ZEmisU_a5JU-|vj{j!cXMJ=fL}vb9zT-!D|12|*LVf6o%)cmu+S z^dw1T@sdA8P(oOooM<*6e!dDqf0f&jo%ZN?WHhRsn{e$YBG4za4Ah-L=gSHdJ zh;%}J_Vpm^*<&(XK(h=X!I54@3UkM3ciE)5WxS;h%hcN7A|zr?VT2-+k6%nW-}eRY z_MB^jocpbz5-{QN+0xk>*9>jVFQUlODa3yZWobzdrO(UAA@FL5legYh=fg*Rw_h<+ zqk1YYwPrmq_<_lW)}(#r)XSBmtfNfGi|QbWXWc3@*js!BpoTq9^Cyw;DZgK!F9HVC z;x@j7{5Qwg-59vNG@PW_?db18uw%09#&9Ro(p9k4cZuq4qG=CZM^PP!ufNw^(bDRn1l zFu#13+Y6{G?%x#yfw7{EjC?b_P%|SlCa0rIv7|j%xHMkD* z7;*@J#Q9Vqhrruyx-hhYksHP871l*Ip>qc>m;y9Zs4sL9mq8)$A=GO6st_?Hvpx1@ z(Cu5q0yO2K@c&9kKj*2T$S4I#j!b4129)5(#qt7>%-GeHLDCr~4GpXkM= z6EDnA#$4dnY#4#1M;CSO#I$6k<2mk91I?b&?uAV~0jp_m#5Lc6SWjzU>%UbW@I@Yf z(1P43K$;LaC8C)7HHv^6L1~c1DpC~D2iqoW%TAG>lbXh^q40Inw`qNYRGt#|4`?k$ zpFIKnD8Km9Z7UtEq%S0>GN3fNhmS@DF}I`QfA;EYB((e@pq&;#46McptlsIdaonB> zF^fLii)8ZZ5O-Bu5kh}fiu}oljZmdgn4X6zrK)R0^^@^p1498VTZP~oLxb9uOc5xK z93dioKm>vn_H?vdbZ%wV&be%}D?30slXyykVTVC;T!l+gc|GYM)Puvl#OXxdaGxa@ zWx-)_sR_RYKt`{KGb(4{Skbi>Y{y`numi`z69pr#p@!}*QlhYjzwv#HXWh|sfB14* zf>!=;(;!d>t-;ubx4Ogu`nZnp8dOaO(Q(RIo*RZ)m_s-!w>Q|EDNrb^12A(>RFIYQ zbdDRFCie`fUfG}4QI}voP4cLiR!oHOCJL0wzCR89>y)yEA>)D3I(ndJ5ToIspKYX#h z|LQ;)e6x++PyxCkjX(ks(mimRhzEFBkk2PUcxwa_LdmrpDu5*U$PUJH=MrcgjYQ2L zzz?2bzZz8n;v_x&NB6pS=`$2SclVY*yrX7eNYCyh1MiNiPiK69wyaa&L0J>wt5?b} z?_%|4jcwHEb4-O5A z7*gj??L;8BMXP|uTsD@jRd2VlHNoJ${}`UD@;2u)b&R$v-U8Zb&)EI?`$=muAu?%AcDg zCq-NbI~hd$FAS1P^rjq2Uz1iw25fMLxD6H9RKUc=&fVj~y)&fU;V-;N7|W?+kq_Ha z(DKc4C{)t;m(wETuax)M>r%!DVzr}4dt6z$i8N@PotfF`?>yLOLHxwjt$cbSx*>jH z*(_m4D2ca)62D!@dH_ZxY~?y4op-~Z(&+}7UlRDpDi{R3rtQA>rUcebAHI#XJqb#e zI@&nSUPq{KxSp`#CM5oGllAgeE#i+<|mMUJuMVp6tL(7&v-m~#F52;O@XqhG2`@zbm#h& zeQWAbEVPIop+}sce#9T#_mVge=aIQe^2CFm>bE(f;!1rzXPbvd%;}5r0)+Ms5pVP; zDxrmVS10r6GnwBPS-3OnBDqA$I`K1p2;i(KpT3zFfCXuafqQ#2K!1t8uIzmN_ zX2Ewm81=`TkQe6NBX#4MUYmbvnCLgcFi}a=v&u-ZZUxfk6%h4Gpx5vLvk9{kaTu6k z9wY#pz~?pDPOwuxj;t$;7HPxNs8d0n4Tx`IjY5xPhhOdzSN;i~+03Y&0YDL~|W1*fRTOLxX zaM@C37+M0r8$iM=?qzmeUN%^>TvoFz(id9@8Xct2#_32a+N!*wT5LCxh+L&zQ-&!q z%I`~_IfnKl(fex9Vs_BUkv5#^^P+%NLZ9gk#%2!d*nfP%mK-F5G(lQ%Kk_s|d%TLM z`=Oy*P?sNLC;Ylqh_D-td~2&z4$AHJIo*UlI~}kJq=qpN(a{e4mBpDd8*>z$Z0nl5 zjr(3>O+SyzUiu#e?Jb0*vbsVEftc3(^N*Jyq3M3wgf<06hGq7K)HkM02jSU7CEi9^ zYe921a1n1nmGt{)k~Yb=!Sa7j617v0V47jMWN5RhLf-uHTf(n6Gq1k`l)rk)_SnX3 zCY-H5l@`+d=!j&G{m1D!UYd;`CMDt2lFu^#2$2s>Kj2M0(3+Hz#w3Prb49WYys{Sy z@oV3{QAlyKeE4*_Hm0||YWD{ESfhndN+3`ytgFmCeCak*;x|-SSLgV@YVNe43zG=i z?M58|g<1eeN3yiz~dlk9VT zLrjDs}wZgY(Bo5W5a+Qb3rH`3DOx*gH0x zHTJNXek=SWPm!P)YeMtp%L#3{e$Dj$y}*E-@O;knyp#LqCUV@Z>=Ha= zDh0d*4-B?c8=&;~(~7WeaE@0tOOQg{g}v9G9EdN?Cy~^SgM_R038tU$xnwk)wS}U* zieaG8bRA}Jz*{;3K`g=OCYQTHywaBnwCKeGm;gDS(&AGUhv-5{}&!9<< zkZke~@yS2)vhAZ6G|mrmy~3S!e6X9aOO1dG&bfVij#KKprTCd=hC(-I{A|88=7_W0 zJ1&p@-pEBeF0}sv^FCK=yun6E`W#3ZnIK=N<5y!oM50=ex(nzj@iRI_E?>(L=ab=E zx3ys`Q`*S4_<}dr>fEg#-);15Eu}4#)|U3IFHGk0VTwGx(pAqvzRBvu^tKrZe7$K) z+m$l*8mYtVf-$w?iZ?AZaxc9q-|*GxgZ#l(d75DcZnFutowRFROJ58_#X=0@g{v_^ z-E_9CtiI0f3q+t9(w1PS&NqY`h154JuAGZdc4xOg_8YwKU2h-D#cOGg^0R&QgU;UR zDNCoR7s%#I&u~p$NxMP{lA!AIPS4+Liaj+XeHh97*(??y3Jqn-E%LT#6u+}^-<*vW z(jg)iM7@p()-S$n^n8J1FQ)Mz!IM?2J-_l^!k$wRaIo?ZWDO{+&6Xloe1p|WhijdF z(9DL_#F$Da{x{UhdLx3PC4e1}{fbTD5t3K%+Ql+OcmQ0?N4pAJSORqWZ-n2Fkp*An zLXcb6GwuUwP#{8gvydN*iN&nY5;vBDY}57|p{t1W(0bH8K#7g`5kX+Gg!<{@DNw@F zfhaKX-8Eqk^TXMmO0RNQPn}5yUDb|eXqly^o)L0Cq*vSjC+~5W*!Wpf?2-_k2ZO^4 zIgzIE_z~XytYfaitA6jkHnQTW!Q)i*Yiqz`b0DK0&$gz&{FPTUGV6Y|y{93Z(ZEV1 z@WFr+nOs8Fg$3h_kiuh#8<4?SvXk@l+um$nfPRY3c*5j#gQGraO40|uNZZUKQ#l~I z0&4E>ZxJ&CD7_P2K>05KN}y!nEsF#f%uml>D^x7h^1M%Mh@t+i*RTS)xB3WTCM3uZ z5uk;pbBm)y5fA&cHhfu*NgX6@I9pY+18XqXj6`YswT z`_6B-e|i$iYsO41m6opVlO(WX4xbu(CvswKt0T6**L+{ucuI5kN=YB;4$mo!YoeuY z+)Z)@5Dlv#xOsJfmux)}Lol-zZ2Y;H=i0~9r*BX(;tt+}P3LhGaau>yNPhZcLVZo4 zC*oT~f%8TXys^nV`;(pv`>lPg=LHDtu zRd}F5U}V3!GmiQJ=GO@hBvYq4IdHjp6n5IQUjJl48$rC_^O2<#9w-ibrWIeP%$siI z!-yjl{a7z9HJfCmM!vNH`$jGV9+}t?=ZS&MS3+A#htU{{krtHkhhYX?xO6*=xOKl5^O&bo4 zpzit9LJG$zls#m5-^O;E^x@V zyYuNIV%xlruHCb9XN2xx8&G_9`B|X<5qub}f3pGL2+keo;2cIud^pH%kMt1D;CX~W z^}6y#kh_c)Lcx=H#_&AUzN$nzxRmy7hF|BsV^fL(N4bwYr9B^#;TNS*H3PI>bYs*_ zDgepDS-CD5-|@Ju0Q3sDd5!()q*1PZx8D4Xmgegy;Sm1pS6@Ojkv1RdtQmA1f+ifj z#QV7(99$ZA9)~e@GcuizA-(5GC#{_M=l=Iy*@fx zN(<fpR97$k@xPNIPLV=Q)!QmJH-9u^>_V?cmP2VaQ*$#tC~ID=ix3bY@-<6kdNvC z62qbkjXeFdGNvlGzS2h>F&XC&i zV#@9Kz54^+UF>!(o_mUX32gt(!D{!NS4m)NRb}1etd=;Q35b{B?$K;0@;oc&PZaJC z2BKGENcj3g9Do{x7=WgZ-6b%iqzlWtAdO(OlU5iUu(nC-xmIGW-nC7ffwlm1Tyz4T z^Gs5=#=&pn88^%;=(Au!diiOIKrA+{KaxLaXHo+^$`H26atdLiLqI@0(hwz7R)Un#SbD(*#?(S$M^b%PRa(w z#eI`DK{fJaXW3h1VebrsbH37p>S4XnJbCApjodF3ZH4nHw^*U<3Ol*@(vT`G2DJj1 zj_iD9iZGDK0#Hv+B?guyUSE%E9t^)vWIy_nzzj#kt~vyHSVWD?=n5D#VRcWFNK*H# zdXpR&ALR9^EXthraQ8{T2|)sLAO#cWqO;}CV$mU`3m(SUJGxY~$6DLQNf4{#R0gNb zqfZFC{_x*8)7X(8hn2G*yA+W6zSnb=#g;|Q*W*a#m*`lkHW3<`>n<(bm1OkSRB&Uk zhubJGK ziH%LRLr-76LcsIcw-LpMkqRRoWbL&xg3PeP_zrY0f7LdN`=Ykar;fU$OqO59N{?}H zqKOQFLPGUZE`l>2E_s=_$iU}pr3QXnkJL;6Gpdb(Us%p2mHMFccx5;AXZ<8MgpD*W zgz55qNku+BG)6mP^QhHn|4!|hxuNE+UQ-Gl$F!iIj2}9AP|&M zy4Xcv`M-rJdK3JiS3r{RX;B*kyUu$;62X;+CHQ5A-vy6Txveo3*CFoTEFcB zgm9c(dD`Nt3UFqyrRs@nvidBpi7Ktf@o8l5e|JS5k+_1Mbp38m(ks_6xwgTx=~6TA zDWfm(7?6qYB*k`+jS~QVpA&887^TP8^LqkZj(vM44*!p-s|<^R>$Y@vN`tf@-Q67` z-QC^IAV^Dh!_X)lN=t(@3|-RQ-FMXQ)%$lCo;k5|?X~xjPu}>VDWu=pnQ}ECJo@;d z5)|59qIA1DH9Gf{>qdA;bf%0Ro%6IT3=jVpzlskRhJ1Zm?SFmp^!)v%pk$q_`)XVm zudr=8?`f=y47pNp{iU+y1AyM|{OBjdo#kx;V9@5k5D5%*RSMp>0F<9`h4gNhY0s3O zNrifalolUSmGh=oyI*2;er|CY56Xug8b8!awBUVJ?09-n2~62@gcN#w*kyNFXTL`G zFzh%IDITbcBV_aY{!Hsxr+1sn_~Y0LOJ+twO=i|iteK`%8hXo$Toao)vJcf2NXPVF z?KBej{&nOvAkr3D_j^eY_>_esBhxHB4m}??Bigp~E#K~d zI0IHG9(1pXfc(a2!+L0w3KVtA|4P1*ST3*SF6BIsb;0=a-GIZI>(N>aeUVd!{Ztud*&NiS4b=po3=9kWyN$F9RV~8-nz`?^m>(lfti6lo|l< zwD_r=jqImU8MrX%<|RPDHB9+3#0RXgbHoNL#4a#x4UgC8V)+Ay!Vez?T$=9NKc1n z`T0j?lT#7a8r#ss3rQO{A(=Q|&K zvYX{<7n|dir0E(Tq53--om+-(PyH_G3mCklh?t_*4@K}a86i<%d9VMH7y8*JFJ#pUJbwC*h2{eK%}dWNB)A5^v0aL9*tLv zzB#ZRGX5U`$6j$nzG!44*y!&LdBN4^;DYZt^UY>Go-Nip!4>jo@%8SG`se*G-<6k? zCqiIPdfFIzZO;!$p3VIUmQ^0ab8jAS{L{QgnGQQF7mOzypwwF^6a}-dWtv6vs$oG5 zPH(d_o0%Nah+^M?=aT8>>UU0KAf7yYPf&^}Om{_^eqV!%isDF1S}C zWJP4q1m(qtj;{p?%Yf{+Ph$q@vO+ycJfk(*==^X&1jx~H4}^g}_!CjO2V}t&@FXy- zd?r5UW}dD{;f1F`zB_gmXOB7uPu>GoZOtJ{9^+JXU508JPD8L-8`-}k@TZ5!_xmKk zsxW8`qfOLvb8fIh?adbU>eEx*`PWtdvm?)bsrwlENG9EkBHSzCEJDHMF?0*7>xHDA z`Jp&F{fp_>&VHX|)J9ao)!A|0tNM+B$+DjZ23lczga6%S);P8^P*Xr_PD~?fAPgQk z_aNh|AFqH+fASbSd>C>*U^y0?6X6d}-M%i&FLR_q521+ssG8yhg}r=lMzGhNNq#uV zXJef78V?YLg1iG2arV0=783h9%zpNf%A0-p;^Co74abkWpw(G!-OfY85(lP{F5jX7 z+(g@~L_Ax!;WP8=kF0+Uk4s&=lWSFLO*OdZV+XJi9WrMA&HE*A_;Em9Zi4q=_l;(} zRjj^f{|Q$RhNm>3)qS`-BHM<7pBN^$Lrwo z2;h%I%$d-b$X9Jvf+b=uA$AE@2)`H454E}#Pyb`!<#_&tM)8cv&`_3+SXNVz<7j@qs! zWVli$`2b)^aiB{$Z83yF+t z62~z>yHNDQQc_QP@0@{_bE?RoJ}@Ief>Apj0n{JksCGt)inRG_FMqZoV@my6u}Y+} z8uszWx~RcuEJx7J^NX(Px~^)Op^2x=55?)w*lk2vI&~uOX#plx-ZxkgBA3ZDHxLes zMMzubKfd~SUQcfg2=f;|^W&?b@KOB0mW!n?YhA14H#lQH=qWh1L38|xXuFR*sigN0 zwZ#)90ZX6)#IDR>Lt)zJ8kp*88n?@v(iUr8Xu~)@I5^T*6}wwclm0{zqe$c)DAae% zX*gDwGl>A0*3m`B+Ya)q(n-|qJY;ArAsAD!(7J!wy;FXG&lW48aY~Z4d(zpb&0Q?; zShIZ~3!ojk%YB6OKKW1`+qwAAd2MgwK**VpZQCv+%|E;HT;zW&rWSs>yzz6gzzXpd zsqu-vnp_(%&)52vHgO_F$Kk%Hx?AUzJd6ZVj}8t%YwdUMdO?pm!2n(rUQU7xZIQ5% zP4tfXJ`3QI5w_#pAy#E*NYcd$ablk`qlU*z|8Zn85CBh5^ZrLad%>?u8r7or;lnp` z^(hrrC{zv&eFzA=5A{gn5Bh}G$NTPSjqHA@d%1l75se43UU%W;EsmzDo9~CT*Y&<=`jYaGLgaYj!k@WOt~eL3q^}*`P@%OyK`!pyP=MnO zVFmHz8+*%8{6^gZL(q%as^AB=r>WqE0YL$Lf9rvRH}a8+daHp6F$oI88EaTFhlIgG zk8>f=?f;NV4{8X*GRyCpAhDTEX4;<&K1`ANL}wrA01f!KIqrgmQ5=m*rVN5h9L(s3HPm=*Hnzi`7_;1u5o>&wXu>r zm*5$b2Wzl~--R`AXP?bq$Qx*$#LKY2-9l-0b}L9+0VY>E6XcPu13*Kq8Af`t$WOn^ z3>yF|bUHQ$s2ayg7+CRe)0;(TCL=NEU}!44B3J0AQ={6C!Gj493ZY3NT>2(h-Kwa- z@<<8BWlqFRnD?ChXIH>pbT*!}Pk%`nK?+a`DL!zC;Gzj^dX`b`E-!g3wq|vUg^aOd zUYw#<`@V911jSL$pfIiu`Zjqopf@b)P{aHB@Qs0^r2Lyko}$k!O}%|vVWLl{pGgp- zBp29lfG0SfXrAA-aPQF=Nb)~nJ8Fr0vEG3^Ptd6E)=cTi{Qm4kd{BkPY(?JdRbAg2 zBw%${`&>}XM0oR3J`mSZq2oF@+F|vR z`b`B~nDkmGZYiwqN6n>m+co?cRV*wXn84Cf4Am=YU|K@qU?hws#A9i=E9l?VzMp`gQ-Nbvfci{l>WtZt3D@9ChaLj*SU-~0k3Wusjn>UZ1S+IZdTFF1<`By;#=9BnWe9!`D z8JXW?0b^nTw>p|cS&_y}3?&qwP(%26P z$#H`;&n)}5)wyB5MWDM0a1sa!7}sf05++`$iD8)RnevsIWeH+=^?-<0AK&WX^u_Oh zYsn;>TXtb1H9t$ERlN(XR9l~*G}rye;bK9q`X1x7@6;3F^!0!c|WK~We?MpI7p+ zKPKY2I0-3jT`5Rj&fe;KDsi4T5sc)KLv9WDTH_+@L!&b>obAYHhqv3&CVYwdl=o~5 zBDsICTD1lM%s@hd9Pc3>y`M#Qc*@>M6hOvMMzxa?qMp|b{5IX(gv9hwOZi$#^B+S4 z$Di62Ei*vZmV!G@x}SLhm)<&i&_~wVrbQ=b$n(yKBgY+<;VYPOP*X>GzjWNs|L7E4&<9*Ko57P40=+r{{Gyyn zWtAFJFQ00XL|A%5p4bv*lo6zeawsN-?^`1|691@;3bMPRbU~ zU4m|seYgF=)|OEfT$iZa3aQd-TGfkT7<;L*3_u5C0 zi*e}gmFjOv#RHN}X!y4VD8gBtUF;fpaYNEngtc5uv_(Gbt`{fS_zI!eO#)yuCxzL6&0Y3(IgD>( zkWtY%5s{9=DyK_5WYN!n#>DIR>48=IRkAFGx+S{)TD;ir)8%;+D<$>!ej zC{yiAr0AZXN&NYhw}i)d#Ov{}7_p{5+ADEwCAi&UOR+W;zN*E7^dz0_6|eLoas$Qt zC`kX4Q~IqGm>$X-l(TT10T+3taOq1uwLYUm^M~!NZ9v=E_HuIHBri|=J)8!M=#!7H zGoO|gVvaBx&2imBdgmmeo&1Y>*E#wSk2B>yT65l@^irN6y?dem%i#+@lmB$QR}98G z#z>oQwL8r{v;I7UOyxa{&4d%?bhz~MjZBo-%vmO)e>WT>^N!JF3?~XKLaJ-ftyzE* zgb4=jToI_}QzX(&;9#o^?M8LzuAsKKgpdLB?}`T+CY%ETablcg+Q%Z>gu|I#@Vx!! z6f=x|mprGGLf;s(A+Cf1**;dpzxy>0hoPak`6LV8FPnstg4iW-5>Yl`ubwwV+HkzB^|g22~|zYT*cF(!FxETaPOX$71|3nQIg9^rQ?ry}($wV8FWZB!OO&P^b@39Xq)Q|UG&|M$Ma+Thdz?9{EaoCL*zc_K zaEJ;1-;v0WL(7eU=O6t#lT8V@k5wr6N)es3UNuNWP9(b|X#OkiCG-gW*%&Si>T;{k z5!8xc(@u*hK{8Y;EtCN9OEz54#DFCeqB04QlFdHC*RY-_@12lDG2bCXTHw4L@ zYl(>i8TBsFPQH;OT1#i*b$J0n56G5t9mjr5(`~S`ww{3}D)4V^z?fu&nUtdq1EwIP zQh~iydx%680EJmj^2)V4c>0By=tQs6f^&J{s{z|w^z-K!2fvpJ$L~as&Qw_teRIlc zn_Tgz4DHH;qgIx91o)tDR}54h=qHh4z00vX{IFc}^aL9RbNzV}=@EUG*w-!A%epJe z#L}oy>=?jR@f70=R*XLutXh!vL(SMHv>Y_(EkF&sIO!&|kUjd`YFO&$7)Z!R@!S_m zKx2eBUL-_qoI;g`t1VKz`V_T|N=?JNyijR!McM9ac8jp*K6&EteZbktv zX1w0~$kqk^-Am$u8yQ-7dkq%_U%Ka< zBz~!0r;v-j_2)W@g^g^|;@QQ;gS!i|sSAaj4llK_o-XHv;oty=H*F_-Vq>IdvF!4QF9vL3bH#aKID@EsgKilX+ zJ$O1UdL5>!SIlq6hwIJq`7X6DS}hx6RZS{Ps%B8w)DmFZb5#*uweB#(Bk6$q%iH98 zC)*>~BlnHLB9=AgVN2j_v|_bmccg&ZsKPi;Z~-%L_278aJRoi`tR3tIz&Ij#@DwYO zQa>FOpOlM&bd4IB+{)B+Jt}RS+rA>sh!cnQ*%2_>j(yDy<^O42P>hOCu_;*T08PTQ zB$VK1N3S~2pOyuWqO;B)9@aE2a$L3J8$S-aJkpMgV42Xezkv}xI&`SQTi;$Vm5(F) zP*m;zT-u-!I|IZ2HO~OF+;BbO4hrOnqrA6yo^VYtE*JqpmA6E(8gs7E@}?F1nq|mD%9_E`y`@-> z%tQLN_g=3~yo9yimkDx7ry{DbQqH8VuFQ5kJR-|@h~NVrCQx$sz+m<4$=4Z6!h>0@ z{Sqri^!VdtPlnFL)Gw$UOg}H=>BBeB`idyW+oE%IraH zoaqmXeP0Q5hzKZHgO<*d=*ar=6b$e~!1+UCCYRO;a{f*t#Lt1$Y3%02g93i5y&VT2 zZ?J^nq}pi4&$)UYUhFLiEUy%^n@$Md;!7y-!b-~6?nlka{2Nd;Z-i$2EC%H?(Swbg z^9BU-P9N%ot3KD`4`JQg&;G>#4mK(UPAl?!%9q~U(&eT`z+r%B>RZW^J}GxjGM12E z3?g1ZdY}7uIcEH~MuWxxw~vo=+&*vKKwqQ3Fy281JcONFJyxK<_g!Cwdw@fF*(ExC zo;#V9f**tExNo_I&P7H0G}(UNy{!J``Ian#5ZAc|fe%p@bVewfa>wW0cb77%{XD>M zbM?^mQ)FKnppDDA%lz?4sOx3*3h(x^Ljso($n6rqZ-@-wuXN#)|VtOM9f@|3q;qiHDY%0`Lp&vY|Xl%={kgVNG%Dza^v+YweePhKbQoAYqBPWL z?~&Va6`0&Eq;{=J_Ss2|^iSshilbHrym8ENHU_*csF>1Th2`(^xZOHIV#A*`1B#xO zIn9Ss{R!#J2H%C36Y-fPfg&7aV{GV+dws#r2#X5*GxBe-$a5Ch!)d`rUS|{LOk!-p zUDnscW3>=&Qa#KzbLLv^ouMPMDBEt|Hq4Xwp*sReXAe)7q}^~=jMOb_pm_=Dkwb^^ zAd#o=^Aea+lu23I0dW4J40>P$>~!D%3934L=}vA8h1t70#nd72e$;-st#rgfEDtS@ zG{c&jQF~2LUYH*F-c{{+U$VDT?C;vlFJZJwuTk*8%nLRjrE2iJJy6FtpTwd-d%;(Z ztvv8*pwFQGvN=27l~(Rvhprh-!$w{bB4kC%L+;d2!0SL7o>~> zH!%(8V1K}AXZumMWK3M(I-&%7(6ti~{mhUbwXpEhX)OxUF}%`K8u^O{v#uxylVSb_ zZwqpr=Kxktyi+W%jw$;){T(<)oH>pCmFy8$-4Wd}LR6tuVr)#sW~=$@!&YYgFgOHn0Xq5K!6Z)48`)$^t?ilH&| zDO5vz%ws#?&IJtSLj)dqT~3s4wY|%(VBOVbW2~V>+nyOW%_)0;GN-zbL;iXe^*?Rm zM;v{BlwJp>`Qm!GxTJJx3boGMCMSVM2K$ylyl2Wb z6;Oru6)S)oRg7$okqY)3r}|^7;RHcbi(fw>D2w@@ckfkFOTg#5`Ijd9ertjS5AlKm z0w%xQh1$`*aaLEQEjJzNVe(<3w@JYvt2kGT!A|}Qa{kyv1cKL83SN`>d6q=cF0V#E z1sGZu@~&;+g_YgYdJ41k4F0@Pac}1PsFD=%a4~r%3`qmIdZ7%U54kb#SN6Np_Ud0Z z+gfCPRzq8U-Z^Ri{PF8}0U)JovGL2X`0ef2TuAc?aA%}Sn4tWeBhN2h5Ia=G93%q+ z3TaN%c`!5@e`Grw9Dn(pk@O!Ri`b{~3%>7*))C4T?-#bi=g~E~cX(&&kuNEa+HVDz zsr}t(Snbe1U7kI^1x(*9w9b*QzfA^iHCIY=bOY-k^gY9mCIJwTGLn9NKVngN9RE@O zO~iw~s`+le1>-8cp;@iq?Mm@Vz!&+7`>IKtY=>NLDj(%?9s6i)?03w++qk2ltrwrIWug?8pz_NH2#N`!oi? zLL{cZP`?&58A=evSsq_QfKtc*PkrGs(tRGB%pe!w{b_T)|O3z ztf4WNJMRGfX<*H;#f8s#9uf4N=b3IFmoIiKOc?kpIx@Jq4itW#ZP66rdj=3EVLW=Q zZzw`ZQ%YRrQ#EbMNN514RBOTMgw!o0%8tlCFcU)FDbHq%xD?Dyf=Ee(#ubFWh&ru@ z9v^kGn0UU!?~9>54(c9T@1Sw~@Lkk0?E_CnyFiDGB~>*wVUUrmTNd`!HQ84w^FjVw zpD;{RA*Fi9S=GBsq<8X2j0V{JQr|I863IG`;BnHKO3epbC&tNFFQ(k9T|Y|iybH4 zYMs8yz&)9Rb8R3@CaF_6QVXf?V)5e5;s#l8#C%^!laV_nX_<0uMZ$K)2$&6z*3iod z@a%6HX1-TSyKC?}rT?vM938uR0=@;yIO-f<2|es?-u1X0fBeb{ceu4p;x-CIUyQMXba2G?7A@ddc{*Zk{z zM`kZ3JP=xRn~AB@KFGo$V?RKlcJtjm_tVQwXo^4O0?_j%e#73+Cy@D{Y6nnSO75lh zOdy`w4rg~?n?MwwM3BW2UnsrQxw^3ZjK#XYd9ej~NIfIm(b)wQN8IvXKm`UCenRI# zB#y&S=fW{*dP9}-)x2)E$w{aS9fC*ppHe}I1QmjOXy|{Hh61ywz^y1V;Q9A`J$04x zpC7oyf}7_1?)cpx9PO*>$qWych|G&xjQ3briH7wpbFCSbjvYGg#%j)t9t=*WsIL*K zb&UJMjO<(8jiGFy{k=#8d_zX=IEgE9{3#AW;zQCJf8>9WEba@++nn0ADdF2E)-keu zG67_#kAf@6QQPn@y=&dB4ZgP__fCMd)L8ESYpDWwN~-D~ElmUWb5VI`_!IbjQ=(mR zsxrPZu3Zt-zpFE<9(&Q-M`~b-k&V0$)8Ph?(M0^FjaT^Mq?rkrp74VoWBWdU_Kkx> z0HK?U_TNx&@a;T3}8ky~SFI4`je<&cBF`4o>`M zuICV)z@rSaewpjTte=Iuyl~vrI5BqbV%`ICeWyuZLX4xMXE%-pn*ed*X-k@|P!8-z z@`{kQAF!%9+?o+|J;4vXf8=#zhSiBRpjjQdpPEjLp5LA-1G978LPTDwobQB^2E95+ z>?E{*P)w_>vsWv}c?qDrSItW9?)Htw*R2M4l_<3kDF`6a7#zB1Twz74@r2MnhM3w$ z`Qgy~@l9%iW~G27!2ILt-p7KvCJ{hKTqBf_Q>oR*i=>Re5)RbG1Ta~ycKe4!@)yFI zEuDC+X4`KzBbuB9=@vf){yEG@Da0J`bls9)4l~;2JP90r4jwEBucB@P7A{^NUQoYA zTblNAV&XVU^$+g$2NMqDXyQz7gc8uJ7Xf6|$gHf3;PzbH0HL&8$hn|^01E+NbwC>d z=%mg{%y+`?ywC_I2>-K!{UMkCKz|4b<1o*|~+K%4@$FK7e0Cbz~3 zFc0+#k7M1AQ{0}rNtkffKqWMJLhAA^_7S14dsU+(lJyBg1XL-}HmB+sdqzZX^~6JcIL!9vqkAY!wPgjx`jYbT?FOH3&Ad3);`MpgoWL6j|LRr|SE}lv9ny z4#W;pe8s-70dCa=B&t|%ES~5%g*VAsO8ZU~pVB&67Cx)8Tx087agNOv4AJk*yhjI~ zLG=qsuJS^|O`XT*{^5g~U5W%)Fct!ee$QUXr-TImgFyWJXMs(0VrE>W zTN$Mb<&YzoI!#?iriT8K%tVGq7MJjt(~XF59P`<>_A_aFKB{a|!lIXEq&U%&L0AL~ z3R0a{*GJDnC9BL%hUb#|)XOWQ=|ZYQ(%yeef$2uC9cNYz2dLUG-&bkeEsUx2Dj+o@#(#d7+61~WcI?0^_Z>34uYD0BRlv?{3` z5-&V}_FDzJ-3|V3Try$uVifnnh9;4%r&fZ`z#_&yG8gm7$#?iZjf_;2mF%ZLDoWSpp>Hrt{25Ge0T|NtQ z_y$K^)o#57u8^e0%!Hs(f@6M4U-M!bXm{2Ybm8>Z)O^*vgh4MsX898ABMFKbX9(Lv zm}Te!Kl8~+rd($NsKy{}nb&I~V_dabZ3SuN*cckFEN84N2Vlo2kay-u0!A(&*vjFE z>OQ%EJNlMezrSI8x^5p8ngX}>>nO}>kiX3L5J@d}hU81$rR-dkKCh)~!yJInx8j+xyiAPDwGHkg3W^A;;Kn{W8-guE@O3^)->JBo z?(3ql&ptRiUX@Dim+YV$25k5UoueJeg0Wm50f)4WGp%*6RxnFNX&FdKMuHV_BI`t{ z6?#{0Kq=Wm_c`InJ7-LoW6Jpw^=}H}E%2dz4+^yZofLnPNeVl3B`Mnt0A?_vhMW zv5u*-D5hXh(h*Nf4<_!+yueeX^-OpxC9*dUnwf2L_RrA$+_EVC^`0rov6wXn8t_#o zN>HVb%ZBYDtjfNwK3vl}CANX9Pr;kJn(f=-q~mzy6U8(>r-g5jo0|_X5)K3KQ>^hw zp-Q*S`BbOrZJiy3)R_Q#Im{n-F603j3eco5;cV_%+Q@3Vd zVv3MOGND`4VaySieZZz?`Axa)5Sth{UesjfHXP$76>Ct`5DKPlIc}uQR2QoqYT)l= zo>CDyWMD_xHqk6$J67D~S)|&h_Y`p{f12$v_E$<_6g z)5Aow%ES}%+K1gH)sF}1cc9XM98<8%69Ytc!dd1}lvm|gXAp5oPZ1@SbP0FxYF@j| zC>nYsgyM@S$opH$ZJ~0)c?x&JQQ=>Qtk5Ku1c?O4m<~-B`{YGY3Lstj$KO8&u&&7Cx;QoK?yt6v9(r^TFLF2|Re>-AF=%fS;HNvzj7gCES% zfca~Fv}rmcccptG!xsh#jeUwFz^(I+rqv`qe9^(Oix<4#B3S{@78YyUWQF}^1SXZk zh1hJPYgYOm8ORj5C zQcGh@FsE*)_POR0724pW$Nj)xLi`W10NFEBen@>K{V^51it1V8=I;%urH~%_2_(*} ziLjs1gQI!po_qz-JafA!>#uJu96iYJKx* z@v$4fs~TArkwn{R^eH?R`zbu1^TVgfolq3jf-6Ib;n~t;Vm|X!!jz2bu@mt0fB1_l z4=4TP`9!(SBXMMwUZxo&4uT-@(y_fVDpBH}Fd!{3MF|d@e}$)~g-)}7w1^)JsNmHg zK&r$5_lQyy2ku!3=EPJIgyM%4w0w$nq#`q$CN~nM@=GaVHX~Ts3j>c^C=pr;sFrCP zBAs7ON70+6X3s!NzZgN%p%5oCS*IzL?;#fT_d~hUBiS9lSY9Qz=D1aGx}{$ zP1Pe}YY042zND0{8CiPC?*XuWityhtCe=DZk+Q}hkYY9@ny(tvV6L^y_pWkZ%?usQ zXr7ZPRn4nFO<5SXuTCS`3_S0z8u) zyO0?2l>}Gy^03!zMg0pz78$GWI6i|?dh~*#WoMWQ$=j}>gp`ODY(pH4v$QdvxN4== z{pOH{n02*SaNiiUJzl#;9U;W;jNi{q@&P8Q@|n{^=$@ zZ8h#jcr~sHzcv%#7*`9E6N1T1+SLtZWd*G`b#D4*6n!2O+8yPAcd3?47qO94)k0yj3eFroo8_h{>qJLUVrxu)TsNGN zu=+m=^|B@t^?~wjD1`NyqV9W}6j_DtpkU8w%9JlefF6)w+b%e^+@+X?Tu*>y+6cU@zF(A0XDh zX!I;<>X7q1w7T3ppcfL5&ivkg?>dD}P_gecCD!(Ta@o~{2fd?%0y(=5&`qJymP}5I zEbA(3lC*1XrK+VKOekJVC?o`{xE}I9+0+cOWsM29#caSH7Ib{^%LM$mp3nE`^h~4U zA713tK%fIMXga?CihF(Bd0r7TMGd?$zO0RpW%?skLY;e9&?WLHkov&8NcAbTh`GuG ztm!%wfC)pW60r=1t(D}WXv`357Slhe5|SOK?!%m*2715nTi_TIhfI<$}L zhjb_j^(I(Itg9AuF)tPrLeT1GP2^+uD6FP?Z72KT@BJL=m zWbw1YEJdiQF^W- z=r8oTLMX7mNhEv-{qIa7cE}+^flZC&_vK0oBdL3lG8%y0yv@uWXDV&_jLM4XTY7mE zV)1_`fF@@|*N16L2lV*3Ib+P%#T}0zg*aHzm1~@VciaoljvbvoXmst9gt0cQv(dG5 zJmdCoEuj`+W?C!QSl{Aq>uKxmd4NPxsgrrZ7*A^kLu^cNamUoHf}3-*rQ&P^|#6*BztbVEG$!AYOPFYp|-r~>H%RnwRbCZWqWgOX51xaqymH}ZH zc4su$zaDR%t}{PPx+foeD|4lqIFh&bmfS=`48Nx*lFY#xX4@?&8Uv&G zQ_lDv2amVGbV;C!p_!YesWH&swW-Dpt*_w}8gR+bSi^|;KKhnJc#@5Nmu+>V zk7PB>%nfK8YQ=8VvVZo$o>U3FnM0!O5E|u1SMm?{2|RKH5A{L+lc*7A-Lp9FcjLSx zOWD?HKI)u?n5K5ybq(L6b91*Kd?z?sF*p|(rb_njcX<)_y9HkFi-VN^9@tJ z<^#KO-g-@-I7mb<=4lhZzd7=I7`rUrX6Nxn$&2URXQ&5WmY6j%pnn2(|BKr0u=rhQ z7bdF8>No{68SukzbPY9xl8`3GDh*0Pyu!P2la~|dMXJAHog)W8HUHLAPc>F_A+tPn z>xrsBJn@er6e>qfxQ$6c2zF~I(+ofgn?O|QxW%g@!a7(pFTr0G3RlO@zT?z@n=4rv zYka=4nt;?%n&6fW5&Jl&EF}37vKQ>}Pt{j1SF@`)TJ!NN?5+YYo4#n$+!D*uf~m2K zBEEoMBRzAvn^3WLxD+72=4&@rSr>~l!q$?MrpPiHCWKS@##r)rs3hFo$tYwk{##p) zyc5wjrZdqmmpjW)Phmq&*rVj<^H@j6PjW@Z?1`r*p#Q70BoIaDYj2J%m_>nQ@(#ml zP4PAzzdH7O6D!kLYW5=yV5Oeaz*FVA_iCMSwT@F~V+j$IO*zLyl8WxPI}0>u;r~3CI1L2mMK}Z| z*n@>0CZl1t^ArCBb~0r#Kkv+W`95m9?qD7QOxyLr^N?1)am+Nka+a^xw9bI*3w+0% zRm=7U^9aW|VM~Kol7S!g=3W`pesJ5iJGeMczMizXm|@o%RBR1AON_3Q-&x=`tgjra zxiY*IUl{14x^mc<>F-;53z4?kZr|GW>QmbeKQ8S%2}3?xUv{#Oe>8U_Qk;$k4UnG( zh0x39Hl%5vt(AbTE{u~ns`WNxx7pz~VI41O?h|gmx z)ocOEUC>o1|JH$L*_9FfE8xSI*vG&CGS2Lw(inbDWX;aIv@BC$e6$x z8p8g~nv=;{NvRYVxc~^ZkNdE|GtML%QW~?VTMkE`^Y*ktlz6o|qNJs{1R~t}!nHh;=RW9f zOzf8_VmM4GW(ZcKyGG4j$=l<5A|6FE%a3FLfCCfb2l!OH?+MEInaDTub4XWvIn&*T zZ(O5m!lE^eL_EOnvxymI*)zvBkbWw`D~X>!IB+XH(z6I#p5a#Jm;P9m$`;$5_xPw{ zTe0HPGU@a6hvyrm@$h!H8S>27ygvblMK5B8)_S_S$oRL=BffUIFpd7%U99P=aC5-4 z*?MMZerCBtGogt_R^DIV*F0iFjX-!1jzFlwFQ#=RT2dr)W#G^ z9TU}D^mJ1HR+CF$s0bi0*Z<))JSnUGGEk$|T)m1u()vu9fsy#%O5QWcL2%4qLUI5- z*g{)><=#2v2=u zkuJ%z`wZt{&|RU!B~*L3mo3Wj+PJHxR<-UxITxU*G`{nqS57P(v&M=S(~r1eVpFGwQlSpQl1ctox~ zzSmq*Af*&aUs%(RCo5^Fl`DuVE3s(X-9XO?iG-~oJ<`Qx@7`ORZ?L4#02Vf@TUHqo zL0)8Q-9FMTjq#--4S%+U*1Ibe-@C0GPEUtUsfl0ormOKX`3l##?EI%^8 zn^vxXS~AFKLQpFqAkU?bI4Z)?TjMEB|tA?dLwxD@s3U2>H%d$kh+Fk%s{ zZbHlyJUjhC3IlRD7CkqWRizciyMcUO5bBs}y?%XoyTaxJm%P^r8EEGb zwG3z6RW%&IVe`X8kooYy#5nI+F=rELYluSoNSP+c6MJ8T5+=M~2B|+%3)|u5SOBs%j0;^hj`y!hYXyaQ~eXoUu696IX zf%rx`(|ug|prqdLW-;yvQY7 zlNJKa|4-`-5smu!UK>e+wXVYl*5jAfnTadxAPHo)6x%g;%E*j(t(jxRn%e1EMh;A# zO6}F}h3(*Fjxoakh8|mS@z9pT`C@eF$()0KM=RWl&g*?$5k&GLOLQ3&WpA>T_$*Wk z916rU^x5C8H-#3^#V{{oxqSM7&HZl;_K53X&0qhe`HMc(4ic#2?gshYg^jcp#%N6{ zVNWTuI~i3wi;Eo+(l-=F3w{^1SJ&PwfHRCGe4#GJzOPtlo#8$q;6=dvSwzK0ah95% zx&(-z_~?u^t#(PO{?u?CXs?kf`W`mw`7J5(lux)w1&dwfzhMZpeZSCZ9+FLr=s;U%yZ*UmpE8j?nbWvxMX;dh zyAbfXsNrdO+BQ_zjU*G~7mcP{UO9P{QUbslIej}H_j4($C3nI)-Lw&3ok>&An4TgSo!Qj+G9uH=y0lb|o5mhVl+w%Jf3^WEzGF21)FH|2=QCe`aviObJxLi?hZk2`Zb^^-Y|WlvLZ-)j8;kHfq41Aauu^tCM??XX#OhHKUwyxZ=!-`EOz z6JfGmysRHBXKrv!3M^N39o1Pj^P5aCnb9~1PGK9*7Dc$bB3a#B=hP7qVVAy1s<77v z$*CFAa4E^un#(qt4cg1w&)087*$rt9dTJ*eoz!-}NdR1F@`&Ukg?zktqDFlWXsS6- zzc8jwP{r*ErezDu&?YGSUDx=07B?SJoi9u zGIl<71OE5>K*_*f8x8b|($H(8O?-cGmih;f;kDD{55djr&yG7c(NR(JfF*T$!>u6) zX2T9WKV6lN^mqr$&7O`2iwqYxaAW%5Vw=UW{g~PDl4^^KV8{FCMSgxVvzsF369X?k z$BXskqo`b5Mf+uchl3T(qQXZ1qvvb+*(gJq55==ej{Yy8rN#efxas z`+t0YkH`D*ketUkuk(Dq);Z^O-tPtcVB=1M?+4_%G1SrEM8-o{mnH8-14d0@k9y|V z361KS=`&575(CZgym}kg%IaVE*uVxJo~Az5xJ)_Qmx(Zvb;E-?o@~}&fetXqSUIcaGylS z$I_du<{G;w_@@jV@K?;V*#YiSgvA9}PnR7zoC5a4Ckg{>?@+NnNNb^;&ts3~b)xb& z(#x1yI519ctfANZV){;Y z!r5S$M6r_OnKr(5sY~jAOzuv=jeHki-sC-Brxna=5&;?jrct7D4uy%`z zmB}31bMHCZgS59{a?dmxSyeIe5@O-L$PBx&Qg)x9JzXRLn$dyb@rSZsfCR5)1dCDv zvZEbz48@8;M!6j9j1IG?`LbL;C(n{>eQ*cgt3_@rVe6P%{22b^5jktlvZK{Vy!L+iXKKdI z+h;I7?X0^y~)&~s6@bd)7c``5z`sJ_%;iNzBDU1)Rm68yhy6S+4RxZ?sjkPm^ve4G*KY zH#aNNZ3ho}`6{@EIQ{&9YJd|UFLTl4)J!MF2srK#$GgO^Q-N(ia}a(xN;&qnBv6UO4o?c~9nz%g44#SgECAiu8JHYEPV8a}cHQ5jWRd`f(@S z!-Img-KlTm0pTua1C-;q!mQ1Wh#T>;E+s}gTcLau%&|f$wynKY$a?U_dY$g5l*L?# z@j=^YRy+cMQafYPdeNvIjT_S3)!gKidypifVPKRv11AO6x`C-F!XN5zsbU)QVaThu z#lsz6uZmrW$TG{Kc$leQrJJD+mw!}nS$M=++@7Q1ycLF}vxF?68h38x6{&k9L5?kf ze}R!v*1cW=_LJ5+(J^s{}c$!FZ};h9>G#4tM6?@Id$d8-kVQyP$;u+Y zHuP;hD+>QpctK6!ZFrjyt9_I}qkpD0w<%iE2K^j&+S|~*hM`7ZAk!x^W2m1Xb!d+2 za*2TxlgRp5=UEd<#fu0+*c8Rl*@DG zU8Gu~CE#p1+cJxI77Q_2JrLhihsDc!OpBVsoHxw2zGlahh7rE*71MlRQ21KUk5uqJ zqqP}wzl>kd+RS3Cv!5zbE>9XxJM*C4Sz6ck3ZN4=NK443Gise&MrL-3lep<;*iba+ zNzEs1PW>)$s_Qc(Qm*e-{x`?`=kRs7GNQ)-hS!CBY`^n^qARns@WJ=&WhsPn`N9aaqN6D~y<~}%!uKP6Wkil~EZ-%1i!jcylKx#pq8XxySL-H_4+!k| z&ys3dP1vyMv5&U%S!Z2wxB#aomi_t^;bPtBYmc-4`WU+O%#3Ofy6QQqPO15AkVf9L zP+eoT7rmSQO>K_~FShE3>xhs;Oe;4A)>D=X3N`aDKH!939BgSP=VX8Wv5W-O*@}$2 z`-3W$*mlJ z50Cw(&G13luYS9w^9{>LZFI~ViWS`=_me-OhLv7l-MtV2WZ8Uuan=C$Qho17ZbnHO z9yjiiHD+{#wQ>X1XIwqv&hzvl90^j5%w+gaC_|1@jJ%Aq2J~TPQ_M|C&kUA=KlKWt zb4fmB_nds2{ydHk~-njTKa@-Q!;M9yY7*0DxR}od18R%dBJsy z#jG=n%5Ww9WUYg>0M6u zmGA4*vrdYz0{8v+3FW%p4Rqb})t5YHnK~TorOt@E3-UWQVnB)F9_S+3qj)2!3{3Q< z)zP8Q2f`yYXUTZ-Ec8m{UJ{_apbU{U{Z}=9rV?dYRAQUbm&Jf`Fo40`-Neeto9mos z)zS+C8k+B%?qYMA`4S&5=FeoX))#8*&Pf)rd`~Ctd^@xl)iWDP4KdVd&owY1^i&XP zSImurC!P<{jOh{6@Hd#u4)JRj^kZBBjSkK4pB8R&N;073V*0&4+Q6rDg&{VMkt_ul zpZd~ot4^#SPXSF5QY#W3H4KU?zF@@5;Y#1spqF`IA^x8LCZ0d2Yyj!IoP-%N3+-us|-^XvGh zsi2>7tH2D?gohEe->8{j0yNC%dJgt{C^K+Q^~%sAGDEeG;#XCZ^ln=GLI|DV$AL`x zMhbm2RPN~!q<)yA8jyLj znf+nzDa(h}yHpj57qKD{kWuW$| z!Oe%?H;87klH+e}GP7$;#^H#)1|KtInCFU?8~0SNuIa4E0|N8~vA+BJkKV0ZqvehL zEM!olfSoCDm{*Eq4zMDVkQcRNcH9c-yDl-9#E?6VR2MiLIKrBcCR@$vcs&D+e#K-G zdj}X-quC)u_?*+h>&6T39@tAT6XZB-M;L298jT|zPn4Zou~ zDqiZgQP)&f*!3V+Avd1$y&xA2X5*H7YdeMFA{2vjo=Z1!Zs(Mu8Zq95g2S}|Gtuem z;3Ll%^&w|$DQQ|`h?barTo{e7>uFvrJgd)5MNoUy0fKkx!cSiUWF_Qf=zb-+&;4DX z$mi9fCinMZB}0}{IlrEF7*UFl^mLQV^BG)c+W|faw01sb7D_)i2x*ULq+o$7Z7$Cb zXQH25t)ijg%*gZJJMo!$rpho7G3L>&xS&&KMATMr>GcbvZpxantn#OlR z#WbX*ubn(#FA47(<$@?!NtNzTPtPyJ-p+afeZO$}t%?l#6;koDVTObM-OafWR=yOT z2kKWUYv}tUCeaA=TZCu$X(!WE+&ia%rT(EaA5oXN9~|4Ct8s?$88Mc^+n{IXErb-_ z9`t!YKjnsNITBa7R~o-H+NuLdEDJ$b%*WDmjBrRrCYJdv)aQ;iwVMM~D}z3O*67cBj@h}UF zg>i#Vfbv)ItLilby){N27^@5ura%KtN6du6k09F7t0Rw%YFK{(gp)1GgiMMf0|7cc z2a6}uBJ8wXD_nV)C{c!*@z)%cP`;hvtf9Mlw}OZ=m~HHpsoP82o{lqzfhWr*=f#Br zU7-1yS=_l9w-ntdlI%URA|^QmM||R2TytGQF@P#w>g{z~yts3}0#9bfg|8&dXTA%( z8mUF|#9tvxEtG}{7w$F}P7za|r_qJXk(~DG>KM6#9l`oVRlaWXm?<*gb+X=cP&CJQ z02$lmzzb~F8v0_MjfuP$z5qCz_{YA0kR*42dM^n{4BFv^&Y*ceQOR=hHFFV{#m%o% z@7iS$#C=mkd==?SNSKZBLR-aaVhsyKOl~K1nxyR7ODI&ttQ?m7Vbzn<5zrAF%b@tQXL5{S z+U79FpgK$yL()*f3X%d6sHP?GrJoS(I4*8}H}}{^VkIH_I}G%m!2qJX;{?QOxqWb~ z2K!J!45r?iC4T~3!5LSAGjP^|MixV=FUd?_(ZiRc%>c%xTqrhUk2u?i^NlB@#u@LF%`mtGX-}(`lhb@E_Ms7J3B_ooyC0RbE$A`Lr31U*Y|zxnYPhhLI0%EDY*YhCl?l2XB8+ zr~dHqGI{Q^3pgil_$<|M-z2sq!TKtK)BQ9wKtIhh1G~4CHx0kvV~30da*S^qz_%>) z^7ExOeK?r!%H5t1!j1JhP5}u%KDS$uV7(}H{bmfl-V6KqWZVyE!_}Oo^}VL~88kvs z`IPb2CkQh|n>;6=&d#t#>LY})c}Js2zvI&Y{>yge(<0YM(sIU&FUbqU@+vZbmlxLf zKAprTAiyW+qom1}Ht%11)<6|hW^!f;AAvWaYq)A(v(3GMl=eSIBEl{F%TZ)x;1i67 z3a%PFPBlB1cE9hksEX)dazDQ4&ttqyO^aQRp9SW(~I5#Ps55QjStY2R>roE|k!oMrh>LHi=Dxd(1i0@8Q zYoA%ZUyZTxs4a1^T^MZFtHWiXD$n`aDDZ?In{v^J=-OC=Pe2{d6l{^%)1VA-ua)fU zg^1-KZ`B{AFQqZPeT@&_G~)RG;_pt*bDNc_MNSkWL%JsODOm*oM9o$dFeu5rlke03 z^(=E+p3=l?*<6hp^6;?TT$&pC3Vo_6Wov4%PkEks?ActoG{rgUvlNCVUqb}i$j)&J zpX2;2_xWz+BREC&H>w>OJ>TwGRo?qP5q$DA?TQ5NnNBi1xcT{)#c5=mrGP3%)CPe? zPSR0KT7bzM`@DS+noi_S5S=8yydX(7y~dd!8maZ|3)Bs2Yj`I(X9nLY=&o#3vG|>#F6&!b(}7N*kmOo|!?KhYnH{ z!pnxMEtjVw z-5b2jD_X8d?ohKAKdCXTH=W<$Q5drCsi0F83Q<{Ig@3cUH0_uY`k-_T4t|k?8%3K2 zeu)w`!rjj(w-ikyp_SV-=j(kI|8S-LFs0P=>7^<>Wm!dIKehWO$4l^2JdMO$&Uo+} zs!q5Wz!mnBEt$Ol)pO_SZsA-cIu0>(RT(d@Zca(;Ma?Z5fx_aNcPcH8yhJs`{MOg@Zl#1U!+2-NTlqK z&PI}PQ|#W_)$zG)e&lWao-K7 zBOGR)m3AE;Y?}5D4c!92psigVuC;ziUv|?+GLlc*MO0@|bay6n%U2wy{nj99Sh{z@ z5$dQ@;)FQjAnNQ-p}Kq~VGz7vu9St<8Y<^Wr1pIxs1p$O=7n;u&*?FZ?luf#W&U!&XX|e@Obi6#guhIrEW_j~$v|O; zz(@aQ20gdj##-q={OHWyd*ZNa$Vt@pxY%wJ)wD=qE3wtN2yS^RD(Jv%Bk;_PFgYIQ z1sRM%)!ZPi&q{s?N&tYXmM9!NnG<+2rWfBL>C6o)a`NN~+3Iw!WqoO!RUIn|vDpM< z9be0RBVzeaurXG_lc6bknQX2^QCLszy%cJ<<&J`0Eo-M3l5n?N7%2sF&rhbJoEaboITvZkbTvCCQTTLa3YYw>!H+69YHO+3M(0#roo8y?h2 z1z7@9@?W7%RHgM6O_A~8Xz}%Fua`nqzPRsfR5cYsf=Y`u$vAvP9(EE^T&i@tF?xT$HnQ;Z>@KQR+nGH<<c%$LRJCU1Tep$`c%o~(#(rlFF`2JE>42A)hh!!82Wb$6x zwP{^=<=>#*r5RZ=x@+!{6EjZ^ZgIRJ!T~04IXTi*v!(B6!GQ4- z#s6`;#Tkym1lf*rRIl_bvmECnMM_;voXiKEB%@*LT2^#coT?Mf3mbdS*9Ye3cj*;4 ztCcP?Fqe+BE`htWCqrfWsH29xuVb_SfI>of5`rk2!1^glqBU8|A+h3;tMCBpLY|=v#(CerKJR})rj(oYiURXUtJzWLny%m?2I*^#V>+sAudHJ@`ia(#w1DC-xq zv& zM@3Z^I-~E8notRQu3}pvE3-PpzMzk}wm70zkuC{eQyXepgvKW;GS6C3EM7Db6?M6Z z|J{M&dTuh&(GJWM&gE}7yx@0Aq>-Ldw)?l$(Id?oBeopZ&b+GY;y-t*sNflyVjArg zFA#U&==f|(#pv8@lF>OWuktB@2x6Nv!LqH=V_WfVYovet`s{B6S3Wr= zxV(~IP{ckFVAsja8ezD!^)QrAXLdIkx`mlSKiiHM-@W0!h6D4?A+QgjYNo=bn+jy_ z1Zb|93sY&-S_ROKTJo3=QO&w3xF%e3X3sy_KwDvE-ZDh)&`MxP{0rX?8Cf8_S;^+- z$eF2Psmc|NDWGT{=2@;K*k;5!%n(@acip_;(AyW3eX;#(Ghr=*(e0!cUy~OID`U(} zZH|;kxn@G0+bE5n+-J65x*2qA&FxOpR5p5eIbwOwX7CY439&mk;jFqgzZ6+sg#%P% z4p5QjdN{xwN`5}D+{JEoAhU}?Y5?=2aM3N64LluN+5!$jtoHUX==7TAKHMSA zJuotw^tGRMc0~sHc+WQ{l30q{%r)KzPoQKP1Qo9Ns1+z;%=Y`~Z)Bfq!oBa4)4=UQ z9DcNC<`8lZK=(5=DzIK7u5+@|L1DvL{vs!3?KiMu%?KA)yLgH(oXv8pLHXs$!~K z7dk&*mN}RUs{*%Hkn%zzZcZK)g8OUTONa+k#VJFVMXbvM-`A88Z(t>h!MFNebi2CifQ2QY4Oa7J#VhN}FY?(RMFDC>!h`xJA(#FMaAsj8JQt&-`x zLiEg_N@lCcCCw@kp6R8NFoIcITdL~w_o+wdn3FeD&ht96q0d+txh}46W^Xwu4zrRE zcBB&Z)0dBY2@@!iI@+b?&71NjtRzyKH2Rz{ru`KP_`9$_(D>@zdxbVIOD{xNf3A>- zO!1x8n9(mT!&It>wvwvAG>qFQpo(aixpY(_ygJ49dUXc9r}4S>pi=Qs zzN_@&`S{76uRR~h8HH9tAHitEQSJ}k=sC`tl#;Pg3e!G>*Q+5@JVk6nx7lfB*-UiLdFSAA8V;6s|*q9aje?EoG;b+rbSK&qqnEBfE~ zH=cXPTI6$QHrAW>XPSG;@GM2+#T>abQzPcM;Mt-qWP({-Jj6R2x=p ze%oajj~5TzbOEq63PF!l(m)+Z>kv3?(B1!`!@WR#-Q9M7X)|CpJr@vgUoLB^YcE}@ zs@m_}zjeMPwk@aMPi0JPz^6~~ttuTI(;btA#mzt_#k9f@*#sZ81nv0`;KgbQ7_SZy zrnf@OiF39(r8s=ie9JL+I9iIyV>4hlw2!&(33DG{RRu3rU#e}lrrx=H6akr5_@0fK ze5R5zXmmH>Zlga(Fo~2(SbhqN&pj6&h>y!-FV6W9esj#^7enf*`yfO6hYUpofS-eB zE`BTFPELmr%0AM&I7lJ+(^mzCZt^TUO+sC)m}yg$mRk!VUoI%|Z(E!s)9O zyPW5Flk`o+d~WqB)gAfs#ut9$Cok3Ze571@$J_#Mb9Njvnw6X($<`HDU>~JTXKbLu zJ5zl31>uwbET0N8{Kn~u{6L4}ot5vCylZH6v-Q=N`N;IOtqSAakxM3dO*&jzMYTQy zvo@c23NM7V7NEiw)M24-v-C2jeZQFU z8xLLY#QpYbz=VX1C~&|ia6r`?RGOE|7271fAf6`<(vRHeEz9BD)?oh=x9dN6jiOLP_BKz|yM@N4J0?hm4wh~$EkU6b<*~!P z@lO7ZYa7lcxe@Y;vkNp4xsZ4l$Xb)o?bDu-$qV8{dNN!;XMak&{w1r-$5nv0z+dW1 ze7=G2?Wu)S9+PBF+edQ zJxEcGua`wNNHLHixm!Qg%NN>}xI9#?+&$nVDOF*ILd+L;)#(eMhAfTK^P#yF;iLOA z`QeMG*|b>t{oST6&}m0=T}d>u*>rZ<0=iL%+3P^7f+Gd-ew(A zcn~to%t1`5PF0@x61s*w+;_qrKFTJUI^P8EZ293+r<%p+=#jis#b8$7X-LCL<~rzC zq5H8#m(IN=C1s&H4l`f{fGh}}EC}9PeFIt0kE8v3mUY@+0&82lv&{|#2ObA|&`(H$ zlGaFqEK;q~d89y*BzCko30-&Rnw=H?-iCg~dg#T|aJqabf-2Vt{goDs9mpEHC|wd8 z|5==cUm2W9?sIo%0!w!=k42bUxX(#yBsBVU4Y##c8&L#y#r8QCjA?o3+0JBUy8&vm z2zXmiS4HGjIcYG#vvXSMV*;pbB-RF_h) z=)^1moeP@JuV&Xy61AVQVQ?xJ;89w#2Zlvm?Wg;iNtbc5b|x{Ovp>p+RAPcsdM=pgxXqastbSYd2~4j=1~uJ}0OWg3 zF%7q~V&=@U-WklVZd_>ao?i_=s9H;B?nI{dZ^OUaPpefwMb8&d-|?&N@&Rr%xL0m> ziD0^rcHmm(pxyp+zOCtcqG|!1$!Mq{bC}Mwj#LcYpl}%7LEWlU+;&~?RMVbQ(OO}m zWJxg1Wu^wXgPl8@T?a*LT^1v)2OD-}p9+}jNH?kXNoRzIR^u(c-orP87cAO`#Um~Z zJ~vWpZR#-2R`oxBfuuw0ZZB|DH?#9fxkszAYMwLTI!*k`m)B`pO@P7#Ft*(zVZP%% z&!gY`o&S-%Na!FMv(#0ghWccb>O7bK`3+};7jzNX77GdannqwjsYNOZa z#I>MQG^pJB7(H$+_}L5H-)Z+X*P|rgLs)1GD2XEVkThT32B4DL^XgW|5JRsW>@}QJ=JwU8HsaEM4V^ zpHFnLx(UTD==aa2WJ9gk8@okrCZzFK$#{c_q^#4CCEGcFhH zZg;#u2lSVc(PYL1l?t_{Kcd;Xx@TIETGiXfp9Cvthlv87jwoZw>F+x~{E^F2PUqGn zvPR(Ta8e$gu5-p*B_`-Aw*UhBD_Wzvb5uWWVxvDv{LCcjit0_qi=Py?t9N=vAg4N| zARq3?u{9_X6+npYAUJC3cUA)o5TkqTH?~fq6kk1Z+i%?Nm}CxY9T35cY935d^oV(D zFjfomXAG0GYaWcU9oR`!$8VqC#~9?>HthkuTu=NWf)0KVR5faX-*yR7-I-0fhn{4u zR^7)5`OdO{Se;WBm0X|Im<^MXopvfRy|x>DpuE|No<+W07|@1t4c2a@*_Kk!v-{+1 z-|Fp1UfnkF38dE;6}FvN8Bc5#D+Ir&(vsNcQzhI6>0}IohzC2d?8+db0Lh9Tx4Cqw zgXPVGZ5KfvRc{*rgZ_~{*?uu#zjizT*z373n3zScOt+xMmeW|lCu$F!>!NhKS%w5sfFY|*dZ3!zaXgF@F$V9lH%YJO{uj+M8xo9Ra- zfrB=1UH=3i6l1n)V%S}pXlRag+X$F%5b{%4juX?|pJ_^`pRNvpQ>@VqiC4L8bRkVx zHaU03A%cJ`(}J{PHO4G|W5f_OJ*<|%u@gc+yN5v5OD_Ca%50y4lv<3idq8As(Q3w| zooku<2-F;MR_UPL)eRls`M}$I?L7c(8DOf#Ovw&6(2p_UDlr#?re=8@EV1w zw>oUl&VOBPzFrJ<>Efe**aj{CERiVXykOr;ugQ8n+`^-E%wlb@3~;g9ZT6XJVRpI; zSGuF=>m1k0SLCt0p`)?&2ag6PI7 z0X3)5EHF1e)6}&1V7mVPVES?nw`k?f%5GX(@6u$qd)PCTl_dkaqW$BMggTKFD6Df1FTUZLncH=VX;{p6HGm@eMGV8>w5bWG;{=3Go#mhMtc5goF zb$I(EY~S0D7n^-}Wuv#fNCfjhJ;0No@g0AIz|EZAEn)gBRPwT$*7!Vqkn@kCSB$3# z2MEadj}P-n9eZAG(#PRtn^S31m`V;x6xhh8dOK`d_anRl(f$(5?eYMpJGWDSq=$>` z{Ew*?H^lH=@NJuYirO%Nvc09Yrt~xu$><@;ih`2u!DrDM229AiK_C1~gh2;3^E#qz zOxSIP-yQXJ$s97B%PzjRtAKgKDz#d@6;WiPy*NkPPMSD}7P zZ4yqWOt81tk>J)bw#}m{P?xxMT*{%;X14nQ^WlJ49kC3LRttn|li$FwbveP+V7FFt zdWyfw-esX8i;w~k=9pHaC>(|N#z&S^yV`7Zqk2k7?a;QHFfR8V9E<0}5d4ux{6(Ld z4tLVUGfgF7eS|?WigXg!;WVXdy!H8vO?qsXNxCK*;Aebdv}>Mw!{nl@4r|eX zKuh>4O)$huyZ|3fH;K7oBN3F^_D(rm>56>larxkU>J9l_QiZ5qf$WMe{ndQg=C=lz zmUZYb!}lNYv!n)=-*Mku+Vtsj9I4_L0UQ@9ObYHXR1mAXupj6ysSj0$N^K`Qx^8$f zXD=|jmws0YxsE*-ob$Z42$4{_~+k zNqwhqc}L_CS$IsdLs@T7w(E~d2$$YuuytW(m^An?h{cOW4;7}tVxblsSQ;vO0TIjG^Vw2i9 zSO)FiMLH5Qf;L@iD@89hpPXjfuH1LsU|Ubc&->;ebw*;E|H-$e!-bIe^tNuZ*)^MG zw0oOWs#h~bgHNE5jyQCC&UG`~A^~mokdAXUk=aBxUw`KlCaB@8V)+e8dU!SSFpH~- z*`!XUc#7whsBk?=Bg=hcCCTPdEzUv!h?Y;UTT{_PqJtt+IzhB9X>5#=${?on4XWY}RL2~jNUEdTn z8THT%trJ3HL-#ukb$wq1Y0>rL@-PVATJem!e@w~*#gn@3u`j-#%7L^;dqu;Yb&75) zt+92*b?Y;+E|;d->_XF}8Yx!eEF+bMHd=bW;h|f&)QnYP;z_OKN4AShgIbb?7)89w zM?x+WQ9b{J-5zcodvB(KPaz*J9lgJj=Svv?b^6A^Jo@r>(O$BE^>Bm$O&Ui~&{G)S zmALOGgj0^fBLG&Xd#RZ4J6pGX%rT4lvVS&ZzzZ_6w-rj^sDojzAlL@~1;6%KK{esd zJ(nvl@!211Mb0G&Jh_Y202=;0sEMvul384XbcmLP?O#d*O^g9*(g8_mb~qX$r|rIyb&>b4+gc`L5DNMp)0~7xeWD2%AI%)N(ytQ+xN*c z-;ryYEDh~ByKVr3P?1F;$$kkpo{C#-gx1SYjaN{QJECsJ>K8ZWYH$;kw%j~DA#)e7 zIg#*+E^X(DMh{Q9P4hEimQ0MJYxw9keXA>39|Tqk4nDNpQ@&o=8+BUz-TtrT$yjEA z&dQjflvWq_O1YI8ZmyW~>e==ASeKfmXHixFOw@fov#D(Gb)Fb-&lcrqb!;^uHkxMaLKR`IEW0;*>WO(Cg%7)F6}cE9u>qQXUUbO!QxhItKf#;rv4@#^#S%`S+s$>MYKP{L7ULRnO? z>a&+>ic59(q7?+VckQL5#DVidVY^3rb{2WkRwv>rZq5$*UdfM7wiK~oXaBNTbM~pm zw=#O+l$v`!O;P14_-(Yu(t_c=43yRmlonsJkHZpt)0~E7=w-^~wJ#23#1GNo`sw~i zm<##xLfrv7xjiega*++Z>y}uxW}mM-I5k*$y}b&MHMzuMH$Z>Js5qJT4mRV=dWm-z z_evffm1isMz!%dv&HNmRmVy|F@$hp5V!og56t3iR9=V<%&lAB`2s~7P}ke_QX?MiO8!@P|eF_gO`@~^4A;XdI$7Gt!p|vHwf`_l0V8~ zXIX>u$oxx~C(w2J7LJ`3kG*EZ%44fD%z1Xwrn+dxhSg^c5494xFP^+|I`}vY*Qnqn zk9|3Ft2|9_Y?JNuJXHrir`WU+MI?GKVYI5+ea8yJ&|sllI~#sxH|5&WEU)Tt^F;m|vVxD=#)j0NG;8RyunYYr~_Cqm}BF8X0U0C+qHR zrFHinInp~mI`kAuBcPD<{A8!OK!#e6m#?+2)Bp@}AFo z`x6vCky^)0{mat_lQ>4|gZzzoFwGbubL#CcqQvm68*LJ?c-hVocE;L^kMMy^MPm8k7lD8h;w2aUq?!{I1DSGI|8vxTB&^4oCdH%63aIo%HNZpO{X_?@?vgznt zzt@V_BQb(N;96~u8er_-GQ0dJf^ErTYiMe?OV;{eI$tO9O&fDIwHZJZ)oxsWe)zC{ z2z8J84wLeXvH?xNZP692zQTHpwXW~DsUaSN1BW2VGswGBn0~cLV{(qn!>0U4cTp8p zTW4|k0*fBjLYKOPI|biqSsCjMx*QZfyC&@9M%TRyIHku@F!xzSDAM>7T&`;ywXZRi zxjRVOJR9qt_o&=d!t@JOx___N{WSSVInw*joQ9}^p#H=c^v=|GB6F-;IO=INw*^t& zzOI^uvhW}F-(AnOV(&Sn`>S8 zH$kJxdgLXzaqkTBw{%Mq)9inNB*t^36&JW|>T9c(?cLJ;)>6GjdH(8CzwdNJ+FJrB zeJrza38FV}~PUx(XD0Okgpf~(MmxKLowW25z!ViPBwotK4UgWx`YX=N!F_~trs zDG4VRU~M8clsXZ-&!`6Vd&7{OVd^HY^HdP^WbQD*jFTBq2J!NtQZy2uA!(ns8oW%( z9{d4z>8(#-__o5=;qy)xa-~1!dhWyna${ zfps89NpKVC6>w6nf|amWShpzlF|Sb#zg2U`)+-6CX~ia#>zhRsvc&S;bO3=F9JO6T zuY?1>f5sXho>G?lLrQY<^zx}mrKvP%SIe}cd{Oviok>Tn~~BK7AN znm#a*1IKbEv?Rr}5M0kUjZH{^LS{cfd<~bB^}h=$i4R6Na(&)vgQf-`PEN}%+B&MK z8(VG#bb%$-yu;#U`_uE&t{)2N8A;dTod|1<*7kiWm~-3vM5=9#x58WFA?=WACy4FB zFw*Z5M|OX~RA$LQt3 zhbK!`qv; zzXKbWz4Mdb92Kr`pFCfO&)}DR{!!HIj;B;nwjuIE#0qK){aC8_DFdZ(Uy>v5>F#9| z$5U0G^KV$LVSOxJea0JoDdF?7ef&g|9!L!iMv4%a_SIk_)a#qS$z{Q&GL+C3h=B57nThkfY~SXah|JQ~rl^!^&fd;t$X zK83OcqG#|`RNbX2@C<>_#{izMl`wqHwptd=D!8KjD-W2<@bKFo+q($n0rtBa%J#%9 zI`6>}TaBUUVOUfm0lg+Y=IU^xP#v3KzCPRZhzfX&U%)pGtfy*rJtYIO2FtM$$I!fht}JShX%mx!X7o_;M1N#-kh#YaV2k4X}s`WX2Z41sMl zD{4P)+S;iAb!q%>?wl~k?ZwF=R42_-srkyZ`{m<-Ne!JA@3hXTy59R~bjrHQ@30q! zft@H-%d@erF__c3mNlX;9B>wJO3tc(Hf-j>3tG2axtnNc&ZHc~>dc~8fc5+aPu*D{ z%8JJHI9bH%1bLjg5;dwggpu+hX=AH-#B`*g7TJbBc<@M_?_uw0y31#hI$QqG8)JM? zjI(f}7cYyT|AsF3@_~kn;=x5k*Hd|dy0kUr zFE&nS;;}#DosN2GqCuEOqwIIo-t6M9_GV!ZB`lo(Y|l*hTl;9dqxJ!;nUaONPv&>e z*9^RHH~}o2?8UXXlxN-a#Nd9xok)3sv}>Ad(YErxHUXnl+2-D6BuSoBr_LkM)v9rQ zk$sY!6Ko-UIntAtvk42Q(iN8^x1x zV*O9>RX*Y=2eKZKrF4hkxcA;*%8!h}|Asy(@Y_vV-y^2LKVz8%iCwr$)E#`c7e5PE zog$A;H}l2o2Oxk-cl472Zxf5z69(04tj_4O1bYdVDc7usQmy@B)q$Kw2~ zF=!}ydL-Vz$rtT>3F^$z06#-f5(DyTLg$AOzCyEj<) z-{1kD;)3W&{}nx&zoIwsAM}0)kL0i5aYTWNLhI`V&i`kYipAsbcPt*jvHD>FIUEoa zdL!y3`1haYP<$lazm3!3+Tnnps=6Nbe{@gi5In4Oe}IQY32Qiq!v8enY(^U;0937i z>-CYiM|%Cc=KTR47P}%{&{Z5s^Rt!-t4seQ9Dpjd@}q3VGlwev4>>^kz?*}IT!Q{5 zko9-;?!7oh?;qfu{403Z4h`c^@Nj;D2mBK~vO{?OK<}sOojO#WpYIzvR3_~2|8jy! zf!G1DKJy=zcqrYUmPiKtU6~HW`_mE+QTo#oLr(nL0!xE<1T7Ie z{ogF{e}$u%$05Vv8o?h^q*4x%C^yXDVFINN1O4l7UE3b<0{k=N9Ch-i2~7Q+a+1H! zu?gp|fRJO=72DH)Oc9{{FRf|*jy3LIi4plbi+=)g=zXy>KUNUnKfd~KGJiUDth|5P z;-Pr|G?+s_WA+70Cbp;F6!rhp82EAbx7Hw!U>KnIKk<0zeg3qs!#@5()ek@$aq0|IQ=9F^~VC(dF+n{s{<;GKfER=EwH66G8sbpS02%S=kZTK4$X1x@8)DDEMRhxzAk z$@QUp|CL8Fb&ZyvEUK0fhR8u9*0;}IahABz+0%>OjU!^!-~BUao$&GAsY z|4Jjar(+rcFpv9RTdzeGsHO&n9gsekH~VKQN2weG<~e>msbHQ1t|JSN^PKLSKvu0g z@Bb~zyy)Y@bf^!+9FRz}r}Z_)Uh{7VQ)vjxVf_B@Y1-3%0+-{d3*dT*PPshr_R%(< zL38F|7pDJ|ga&Nz1YGrWI()zbm+gmxAFWF-^&IxV|L>#{(7JO2T+7ab%d1b=!GAhH z(Z4tUFRjb}Ppw^lYyErt{V$#G{MP(8H~(K+tx_vO+Y=oCU0cB+w_nCtb`5;nqG2(WH; zT}|q8nh&W@15jYQ-k-c-;3J3$p_SUz%A$W5#6-QIQQdjqz#y_08vZ@8VSG+astFR* zpfSiy!hEn7I^tV9DdR($o|3rNCF9S9>5`FM7)V(mcLy$}yM_T8qv~h_S7gVwQY|jR z?Z9Reh2q}fezxO6=lc24Zk$!3%HT3M3JdAVyR~H*lu6+XhSzZc;7dW0t_Dx37rQY? zdA3x;Z1;ROr1m96pbWdc2p6Nhh7B}xqB#FSXfBi$joQoIT5;WE-rv3w%jn7pLG7ue zh~oe#)veu7apVE7D&CcS)OWCEcoLERA+doIsBoMv-7P#=C>2iD*TFU)-4A7IRr#kWh1KQw#W4<0f?nyGK&&kXB0(n$JefyCchv}7bG2l*t^n8GfWUKjzoyp(#zLl7osEr^y}j<_>@Zfj zrQXsk=|tF_NFgJ<4V;W$czL-p--1nd_5h1*LYzmO5Qs68t;4~K+4Q&wLAZPp`An2%CoA~Xn^|NC01Ar9KZ}{1P=E9TmU5q zPzZG%V01V8>ZRXZ)_9gZq4I(=YX4sg^81$hC^V_z=1%oMo~`sb733OE0hn z-X19A6)ZSQHa!Xkd2y5c27C;KAn; zcOsn)CXQR_zZGriP)?J6!IdRwYKi)U-*~PP{Z>@`?p@gjrTWJlt|b67At-=<_)x z5I+IIn)8BeKjLc{wj(M#>l8#i(r>gQ7Q zoKXpSi;9>sBdQ5lUZqqVLBm6M*>CMBUiSi3gszkiJ1Y;9c1EJAah40 z%7ILc5i#SP9_ec^N~MUW=E}xbqdZM5G1i9|p+jVZhyvzuRH7X)H5gGNWP&M;QsIk+ z8`Pin-w#F0!rT~TL1eoEd#3sPp&WKt?A=IT&DlUSvtVbOTz*#z5d0eB2N9D;{)}uT- zT4OYv8KF{?=~2JU;4M~MLBpQ`B9Wng%-L!*og!Y6Co9;1@;J7}PytbiLVOAQ6Hr9L z4K&!vh*AR+&?yy(K-YjekQn-7Ku4#DGv~_+HljSituaC_j8Huakw2fJm*y0uPa%xl zi0?6F=)Gl7cD!v6AeO49u3EgRQpb~b? zs)3u|VjWn~3L^A)rG$fw2L!QAKDPOrffuGk{^Xc{>1_Uk2>IJh&$JdsN`%ihb?m^o0I4ictyfmbFI$yj#R-d2qKpE2bPlKDo`s z@QExe3s1G;*Wg`C^u>ZpdcSAJ1Nu;HT%pgW7vTL{dz`wz;Ij$y>4gq|PlWvcwfb%+ zBmk2+KdE{x9T1#n^Z8PGO>3&UQa z_!e9kQQxQFmdRdIz6?u<0Vd18bkYTrk*Y9R1}4)|#$_w6Vmt1EwBN+D5%2$BB==`wPe-$BrN%iwY$UidGkLN>v@BqKee|+!i(f#Wk zDK^r!4qU2Vy(Y4yXZNqpzAPL%L_O-IGyCV0k>7(X zSTn(ptFTCa`QxfEI+xFYiH6rB^N_9#JWU;QOz{~ApmUX(FVXOlqN#Ue=#DfpkyeEv ze}el@P?2xaqG}**b`?m=`f$Aw_oDU{=^;TM!|HVvis1ysoL~YOGMvB+P9VNAj2_V= zXy(UyKoJNlJTu2kMqjVfWHA>2rw~^HPl4|&IECv9psWxKJ)}8+hp`>-uw~OlMjGoh z3XHgwYi`%;Rw-T^TSndu-LL5Y_gp?`k`7H|f`N&XG&CVX6HB%-^YY;X2XJ+^2H-J}Y^OTNuyz#)hD39LISfMp z@!C0{9(A=GX{^}12b4cruOKBB&RYOb&J2R;5PShF3gyiK_|O=D(;ETktqmfSZ9Z0J z{>#VO6{P*`RI9X*fdtPZVL5wyP&7Q_m2pcaI<8-mmqh|t0sFcx)3fgS>}(B~fXc`5;XnyZWe z%R3iZaAv|9cRHw@k^;4=ohE*)PSTK-4OvtR7}X9&ZH95|O4otfur2I{*^pu0vx&*@ zRj)%pUueq-XLH2_2T4Hira2mzZQ|GmxOTOWa5@GM1oD960^z6|aD0lI143sTAcRxs zu*LvM-ZXndv9TQ#vzd=H`seUo77qGI1fX{eG&7G2qkrJ;XDLH|L&6i&q52S}wuI^h zB6|YpIwS+8C2S^whG(aCfLf&+aL&oS3~H*~Uv=44kiY{87Y@VL_dx3fl*{KMy*ZkZ4wyt)z_fOe24k8L zLG;*tpzFOxv!6o+=l^GI!{=*Yy6kM2E*PehA%k>wb}${g6-c+Y8Kx_NgYcu@q2`3| z1*}O1U?HXLkTwTt!v)Z>7&vmzP^4*o9d5u8j{rwu$Q^$KsY@VL6Qc%xLp}Yb0umvGDHH?4z$s{0=>`mKPeH>^&@iqYP;Iy8A%J%DDWoaN0UFgE_PqdUhpYijwflRH zuy4)whe<}<{yozfW6S7LbDOyIuYS6925ebvCQ4CVpc;M+H#oT1u{kUoB09GqA~48_0Om8u47&^Q z5`gz6s}6E*Q3J^%X{b=CqN0_=O*=hYtBnTn1@OB_}RNcRDEVoa5}yqskU56oMGz0d@O}_=qM5B2 zB3&4Q8-hgU6L6--5Vp^T2CFfc4TDQDc6Jtl=^AqmEE-@%K3EJZYpb1iyJo5|adxpz zqCWF!q2PmVheaEmku_VMnQoal%LUP3p4#MEW7;KHfuO7;A+>KyHAw3ks9Uvaj@=)QqI(TMd&qws~4UAtV z$5frBnUjRe$u=Dg-Er^PPx=Yv`UjFO9z^Al;dkzp6N|Joixb{|My{Wl{g9P)F)3+o zZgOI3O53J=c5`wimf|9Nzxux5(U?eFK~@B5%wQ>$I1tw`&G`N{d27Y+0f|2y*2 z3RcC1Ls_$v1+V%@+xR&GMdd~@qx7Dl&_qtY!Ntas$qA+qTh;%lmh z;`c|#kJz5LyOhLIN8~eG7MOQ)H?zC6bKT8!?v&cIHo33X&M}wMs+5>(Tn{|eLW^tq zHfw2hdz?Qn+rnbvu$Dv2(*3GY*`ED-{C2QrP&+s1sdjtvm<3-yd~YNF7H|iU#jZIf zQujq2Bh6(Ka=2MWd{(v5MJ=danr2U=X*a2FHA->gly*}${)vr5Jp3E`7Z25wrq-%-8B zrL}`O|Ebk0+gr|$m-%U2dQ05*uB#I_Ye7FfEg|CmuJ>Of)jQ z!2ZIb&c$+=pT|$lY_K|&OS-jr_4@P2nqOUc`Z?bEPG=p8$G=);**d7Jh z#0M2GJ)qddZFo^*&(+yqumnM=GS^-CJWOUMqU*Y+ORFEs7L20x+jiPt z;muQSu)P^imRx?OTzpaF)e)b5xl>nJk1is2UqQrQXgIG+JnfJ#+)K;8u!kN`X@fuGe&AM<)@LF;&%m~H>`f6&3)Ho%r(*5MwrB5(6-y^ zq|O%pYP^|M+>Pw%uA_}}Wv29&cr6>s_Dw zm_)MQUv)6NiA6Krm{ig4dnAZfRDRlxMD{ak*fQI_=b+%)#LkNS37>t1=4aEdwLSPn zco*B39pl0)IQb2i2V9g17A$lX^G}O=*p>6nE>uM=CUy9=OV@esGw872BsH_rXLc{q zzGP7;v(b2QMpysJwNmEq9!Q)xynBApH$U&Oc-BRD@bey%4(H{7$BF;W25SJ5typYrDt-fI z`>!u0+&8wClvvR;yd)OJC=E}rG;zn{e8}>i$9&0-o^n1E^0yrewhx9q0v-67aX9ur zbhPru<7_+}$)56Z@cE4}_93um);k`{NW-tf`b`4>FW`%h4NSrl{%x}KPQqRhCLGR| Z1&8DPLmw8uSlerOiNzKt!1pZfe*l)cn0^2N delta 216313 zcmY(qb9h}%xIP@)P8!>G8ly29G-+&`jaF>iw%IsoY^%X;%!Umc{?hk+r#;_4>)zMi zv)48A_{j`gRE)b|NoNQ-sAa z=iBBBCGDRN3(fB#&mI7LH!+T_Y1g|7fx4>+ev#hcrnr^enWCS*Y zy|7}{;1hIN)X7&6Fn|$HINMMhBx&)*S@J#PF}+^Rfe>e+gS!rn??H>8)wuEU#{W-D zjqnh|FsOKMf(j3XkjfW^1hd+~PTYVa0#3S+6L+~2sO~>)d)mrzm?2|d$`~vxniW4N zA2bz(DO8m8KY2kl~SNUjdV*@<;LwzF^;q{-`JULy>j#en8e-8mAy4}0w zG5w6%L#zaNJuSE%Ol}BofP`P>j~35`vZqmBuYc_sUzI=V2>SYXAD%UzI=uI(0j3^u zOJiALL;G##y9BxQh1~BBQj2H@##P-vW!uNz#pc?P5Ci6)$1Q(eZY`*v&IC`pmy}O0 zo<5(y+=p&8f-L6=*UpBIo$rp_NgkByxQTkQ&h5?xY`vd;{dRVJI9)qCyZ>3av9-~L z>f8Q&fArq_;#Vx-Q6}U@(tg$R9yla91iG7;UN2EktGoR_fPPMv3v@n!te=#;EX79}Vw|sQ&v&++sQZ^CmB^L?vJmEQU=qu>S zsyoK@-DK+U)n((ekMQ?{jfY3do;C08E)t>NI?tf!huxMSZw1O>9W)f~09%RyZZWgy zvR(V~XC`Ez^80cpBds3L+T8(fwq{`XF3BfatKJ2%2Hq}n(-70sg(DN~D?FREn6K`( z*ep9p%5sgipIbKmsk*5rIsPX{pIkae(inGvS@f^cl0YdSU@|k zmrTF=$NNcMFCs1be6N)DGatTEZ#=19Os2L!Uy`>Q3;JRRdhWDF=N2$sjm*f|*$6{S@IyT0{AAL>p3~BXQ^tn#sLx`~aiFYiZY5!v~{Bj@4!TH;PJ@lU^0I}KzF7(>#{iCqS{vJSQ zw;}6CVLzdOv3HS09DVw^jvq1%PV{8=tPL+;FR7;Z^ffmJwZ+|ik?z+HPdEv1sMvEj zxoo^!YL6-WTy7ncdlOPh#BCK1^Mi`OV@;5|bPaZM`8-kZwO9a@14KSucPuDPFaDN0 zNqJ53lJAA6soa5fVyn@Z7tZ^ed_bn{8keB*ZQ@)aih4Pw6OSer(jB{{(UZJ*574d!}hGloeZgY~1p@{893J-1s8S0{A%ykSD1; zM89ZDYj|TqhF6_^&l!j#Ux6Ou8*E2RN-}*-WgQHAiG*j0c-c_v0Ey$u(LJ1FtGO?> zS8Wj;_5@+FbAG5>0E%DUb=12b)o%q`YSD2uNry8Q5*c~lGn5;oqP#e)WyQn}_kWqs z9B@!lHV-fIxOZ1E;OCxo2mF5-%G2VKyWyVCyKiMIJXRfwc(+_=_lDT13|?M@wQibL zMGJocrPZtsiCj9@O>^^W|9Z7SrswoN$KU^C4bQZO!XaVJh-M8Z<*KDFy%-Q4z*bI= z56LypNN2_jWAa@rgvjLk2P9&*GQtyO2BQxJ)r2P_$5Rk)lpSbBAwUj|&dTqP@}T{u~W$3E!)B+Dr$4id|Ta@2RINsX35+AY&R}<7gs7CP4vN)@>xdM{<%tvSU z_VXzp;c|R*#&Uw0RG@5|j-ve4lC_q}hY1uVM=U71wCOK*`=$2!J@}hCtHJR|KrkNIv`6r> zBpY!^4EB0ogOvZ%YeXYLqYtzC{=URivov&z^>eRO7AxMePU^k@fo zVqJ_KCa(qYQ&r2$5p}SvS{Fa|O!OZV;n~3>?g*q9IZQVHw9{$FsGKvJhej;KOFZE@ z*)gg%~jgc`h+|EH1Z3`)2^@ zI8M`v$heT%Wqq)TA)*$hHb%6mAt0v_no>sv3J2Hbb_GeJbV7NlQ_GsU1rEs=&GFKB3eb|Du5?+w&fv_F3MyO123GkaKuJJ5 zA=9IwVZ((XnBZf#-iB(eSeOSUXNSO$#r+ulR5l>#_)Q^H^4$k$hynry@((g`zqtM4#P=`+%U5`rn=Fj)~lxc=Bg zOk8+xzKg&|AEGO~I?$yhC&%+<8s7ONZ{Dr@Y9s>^FQ&i@=}XChBmqFSJ)U@x8gMUH z+pCYT%>sRy%DlrOxS8VKAW^il%J8#nNPnF(Y&=7~YH7MC?EIcK4Csk7Mf~iRXG+p| ze?Q)Eky;(z6F$^%!BZ(Ncb|C{v~~#{)|>&Pa3HBvK|OQh5;8E7&-X#4hYj?Ra#7cB zOrFJ|e(2>8X1OPZv%F0r-NVITo{UgYo)^YNLagZk(;8*d`7YAHl^5Z!JXqsT4q>S*R zc-0#)Z9_i;VzL9PI24k{5aA)48Z1i{7>o#ihW?q`|4faQzVTa`4rbJwxA?2PImANWnEXz6EfX*I&6mCyPN1TW&(Xbql$FZDcE4~&DZtCFk z7@I%h&rvv=G|P`2(wMOb7779s#bkk4K$c>?jCA87Q+*pI@<_jax%`0+jbIePnS(3= z{O$bInk*AS45v}3s=mA;_?+upTUXi7EKX{wv$Gsjab;QUiI&&McahQ{nb`nQQ<4{a3SW56|FrJ-$+9yMAASFgS z=!V+EV@XoFI_skwj`!BJgnw$bQ?zL*RBHCGjQ;>b$8BuS^aCN@>Cw*NH|ao4I)NgS z!qn`FBEi6TI^sKjIfoU0M(vpfNT$cML4CJ|0Xh!_SJ{gCD$|3{KCZpm~2~fP_~G@$dKz8$HDOUhg_pEJHIfy-DI zMFisk%hpuy@w4GtE|+R=wKuN{d*SrrI_Rvw+}$# z33>igl8DtnV|yil)x~Q``#j~tLuO=bWI@R1>b6R%8XLHzglX#_Z;bN`{LzwOaQvKr#REPTBEwS`kGIX$sk+FlW$oXlwl&c_ zm#GHHvxtfVH8u)GO~qgnG_J&q$+$0}!Z8|h{-Kw`7%i$l{~5>fHeF3CAokZ?erwoS z5pbIREPXvYm6c3qgepxchS@}dJg*XE&MZm{-?6c1U|1MBG`!$v_Dd1#y96|%*==*X zu~pF4i*vxFP%2hR+CbNHjdPQqIVW+t)`lAf7P=H4$psztsRB5r6P&pYv^$CipBRVV zM3jWplg=IRkkvjhI0CnC#I3=Z`V6@(y7G&)ihfza< zPXuDPnu4~?Y}P;5o8^()mRL&SEhZQj+pwlm#LvFydf$b*E zaOCkGX)ZPCvRIaCVCHb|(8FeazZM_0M7MRa9%1O&U^{P(xIkG;9!QS4%}{RrRSwzc zV$Y#B=}!AXo%=5m1|YYU830-KLaH;J(U}9RmA2vmuR>0u#Saz<;_VdPj&Q6 zmMW8GgpGDPvH?wg(+&FN7XG`->&MxJm1Yb#bIx`OeIsXTK^Wlffg=i0vEpe-sIOqHe*<%TErB#dWjlCV4<6 zwSKJnvmJ$1>Ta+?fsfxU5z7R^Qf-8Z_b}#D)P?0yslA((SX%0b*mCT52}YjITOG$Q zwj{)d!iU8l73@)P8GRCGv2PISNwvforA6vV+ob*j@WB8|G8`9ntcCf0^q&%u$0=xP zU#mk>+7DN@X0frc5Cc+}ELQx16rYLh+A=L8(S{OD)meUyW#o)Ku8&+{E959QtdRfS>6))CzRETZP3t3?))CfhT zPL}H7cBb^Ff}iKwdb@K-L^*~`zP_s?>=4PtcUn2+KQZ#&Ikx>oq=V56Trj=cY{+sM zE@>ei_mBjN)2p6_dg`+#Y528_)tubkZ#AClY77=BT?_5pgs^!dr;~x3hU^mj2T)1) z2|*JxZ@O|C^JCFBsFwv{cQ~tQZmdYm@QK zT*#r?X%yuF+7n@IOg|mmUMWL0JcJ6Pt9Mu_rRSVjY(h74sS}IE(MZsl$jAziP+A2W zHi+0_%O?*3YkLa!$#AWFBebJ&uU^+(<`GvOytXCg1h2;mqcci{lOInLkX@jb8~BR?XP7*7Q7@*w{s<@ zqbn+uus2cv~P~P&y?Z01sCv2I1S z@JJTY;Nv-iAz%z!+NLNl} z5-}pgq(3QHaF8G2?N_v>zf@qV;X2Sn;n|>~o{_ghLpbdW%A*5YA1}JMGgsgsFRNAh?ZlRQGOhYho)W#d$@TMO&8BD3b3gJg&bPe*K*>@(=JSIBK3739qmRZcyj_oss1R*RR;|=;V zTR-%lbgMlfhCF?-e5W_Dletw$>%n)Em@T{F$fn~nU}8exNp+F}BBE1p+r!Mg{dHVK zaU{g!w6I8{wromvRcV&pjMXCoM#IS$7-QdaH)xliwU!8} zS^3Sr$9QEr)*_LHrm-35Nz8BbfTA*4CZ?m&aFnY|RNEmg8c+6j@h|MjRP0685lC-# z!=$<#fyBX|50_5;QV_JtWNV2LeMEFjwV9568(9Otg3)&folBffc-0v!7ZBG<*ujrF z6%s$p29zL}CDb+fZSkkZxyjIgov*u{PT=NrD5Z}kseFf|ov4BsqpEJP=4)K+1Brw8 z6;aHRc`&aaViww1l1V$_nZa67HLekKZ0dTW?^J5ubVUa8?md{yIEnS@EOnf5$eXyrC!PIi?uTzq~p5ziD>|h$$e3F6_LYe zm9DsAdI=C+X-A#c%Se#D4OQk;le%7_*zx5s4CQwS6x%T~!;I^eGj5FNs86_oTky}z zk5RC3Q8=?)lsQ;Q9&^?RAQfe3Sy60Sg)$K>8HdVGE(@DKknKOmP@eG`VXGut33Sm) zQ3+wG`TtMydCNV(cA$0&LQ+jRgaTIzwB2%r$b7aR7$vbF!Tu5+B#MKBi`=1F+r3dq z93D}Eg>OM7$PX^qRopTwCaaw-G9zDyTsoTYym#NM1^$uM@gZ>9ywcy$rJ^hsG zDr+3SYRq#%PM0$&T=CVn3)fd7o~7b( zlsDk655iiyO$iMaD%1${xT1e4k0Fy>oAk08bIBX!X|_&|eDk&s%=zggQyM$6L0-*s zV=21%UrD`8?tLs?p-Ehe?WO~?>q2u*5&X3$PIFgChK6RKar+e7LCPOT2a_1M0J{X+ zLCEO7;ue&sF}}j$!@xbM%i#;oZ8pq)(P>usG=d`7bV23efjUAqcanTh<9*|fpS%Mt zrybWtsbX5B7Ns=vac9&BOV(lAw6qb0aW$v8qT{)AWgdm_gPFuzpHYoNCDsrI5Mtu1 z%3fHgPz$OnQ^qVb6cFft{HZ2^|7nTE^U7UHEvt3@DJQqBvF*!YggSZXVlBzc(3+2; z(GA@-4W{VAKBzFz3N`1XL$mY5Qpn5;vVqDZnA_lU0(vKlo4#E=YJ%O}ev<6Iq6 zfAtQ<&5IHSzk<+n@EQ0`3d4rOne;UwX_Qa+P{H@%_9m0;!ty<*>NhXID4F@HS2u%JXUn4hoA3{p&9h7V2g%X8WPN?|7LNRN~Zg z$aHW->|F+Tw~0sXDbMnul~Fz|mDvJ~L~YA8B5A4OhV8`{hz%1{DWLcp549;9!PS=$ zf%XVpGQ=Y55ePb30I_KK4T5|{1x;sY6xdSObf{%j z>ZJ~#Ey!pkC1nhlzbRi>u#wWxML|aMt+{aYrJ9lv6#f#n|Tmu z_RzKR!U=Vf5aFL?2=`suH>L1JRy6{XYXU}l$H)!L*g2`4@+QU|YYu=MGS#zhFCOg` zf|7bZ5lQ?wTocyCXZbamhk4YwmC4NB%M|9Q7PQGy!aGjUCSsJ@DysP52iI9ZUN70J zH1&nc>>0fOs9Lna?&Rh5{d{W2nWKZvb3>4E9{&hiN7fzZF@mm2P)rTkYC)bwq#nh8 z5KzFBfo97E@;?SzBJ$czJxi4`3DngoR2C0gsw=I7D=k8x5F)<*qdWE7a!r!UShjEW z*|%yfsePmvmAs;BGELU6DGJ)hKpe|g(faJuMQ^mX$jsMNmz_88OC)fnSRkLAdUhvF zLe#{uw_0|?xS+O>JP@m|WVb;w&hMiwvnM_fH3~NwGq;PtrBtT<1BC~BDob8 zt*vA)WS@c!aQnS(socYi=&JQRq1hIRf}3jkj0%b}%OVM+c?=mxS`}4JSJy)*v&)J- ztOc6CL3g`$UF$)jy+nv@5zt&3^QjhM1Hn7&q0ADcUN=;G{5JAEgn4Gw#MvHKagl+6 z_QN;MjB%+V1A}_2QEJh_+RZ4O@vy)iQhr05uCeR6A>0h85125;FUUcWD=dc99DDw- zazP1%5SjVkCSoVwL<5wcjRN>v>6FEnwVWT!mvuG(JQ4Z=3D)?T<1Y&G2TntHGzaY3 z;#AOXmm#`^2~Lw!2MvuA2MzY=`ZJf~k4{N=^&0WMn7S0}O{*Oz9!m33lcq2gMgNTC zz$ryGqPjfcjTLgG)~d@C3$X3{pq$EkoYJ#O8f2(uIzbQvgZrIWvs;(LIrKb4NyBvn zFzS12u;6Y|JYQUJ;*@U$4)3I@&f9kX*?%l4W*pWub~v_l?@4tyxqi$9Hl7~J=cjL< z*2G)B+*n;L9<1%Vc)ur}(ihGcex7@&&e*@-dwIHFyw41szswiNw(l5z{iW{e?*7ya z7`y8qcdYHZ&b!3M>OZ%1k6sYe>?#&b)yTAw^`B@FSC zp#1;ic7Lc{zf%fjSn+Wu5%A;bNUker5I+O&oee?4UdOXHR^ogY5KitWg$t1!+dp)< zv9QQjcZ3EpO5t{cxb7dLuY;aF45AYEw3O%AQa8phGh?H z9QpKgcYvV|dDS+HRqP6$;K>uRGFbTTx*G#OguPaO3Mv$7%G;kA$0o($O8i+MOO z|4J4ObHLJ2Q%ot2t#Uph=t(R4OuDw0QX*0#Szdujvn?k4eW!KQk zh+b=Duc26q=S}CKRVh=ns7Ah&`{PIK#QsU7At;Pu^HK zMtKtf{_Kb;aaz~qlmaCP3*5oCy7cS$pM?c&3)!~GI0!x5YF+VpdMG0~?1rYSqCz%k{9|3s30`f%4J_UWH0)pQ zog1yCh%O2mp+PPreoqT1A}41Gw}>svvY%3?E9L6xl}Ra5dn;TKXa z!heSK)l8*dix~59%f;)}@#j3Ek}PD{ghqow>rpC!b%ol13+XsK93@j(%O} zxwyOc4DGgGuZm2}U{Zr+aHOCvTaM-ylAOI9Gm|EdB0ppojE`bAahUb*B4|rxx~TK$ zfa`pc933Y>P&3asnn@eY5ryZ5!`1;(E`{Wu=z~|7u+}L>T`8GpuXMLPjj7Z_tGGw$ z;}_VWg1?jxLG%t#cYWd(CV{MoXWx&g|0#I_}l zPltBw4~ub+RACK;`*F@;rp;ef4+Bf|$0S1nr$kWrA^8p&dqr`pPiV_2k5@{%RhC*LyocJ$wPs5LOd3S0juH8IU_(sE*tUu= zJO?BC5CQ2V=)Z;%n#x$fIKET7-z%3fo{q{A{`KQU!r7Rq(gA~K{ycguw+|LoUpnE# zdz3gcCOHmT1h1!u%dnCCl3B$FN8anha{K)<&LtK^qGT02>7-IKc%@#ZSs|x`C@Jqw zl|>9VjMsyEHx(!-%OU)8aRTt=Jp4dFx6^QWCQ7#v{m<9kQ~`dlI<5uu@deOQCo_xE z&3F{d8DA-3*Bh8Ka8ms_jsN=6d#GJ4PUD>6<4Lh^YT8PoZx48=iNlCB%uqguEXpKX&_O426799rAaV6Qi!%bC5ktUn#- zKY`J>0e0xx)5#2#w~X)At3ZOmpiIee-7^;Z!doNXzS9N@{}=F3xUzF+VlfQ2rOlB5 z-OjCL2NS-L_&w4ODKxwdR4kg}7XCrL!sz`8$_;9&fvll5bzvlTk{a%)Q9O+7 zWYQL{!q_9NHke`TH;eBH*%=d!VSweUdEe_es5@ygPF0}0d~L%bNEZ2$m$4wZ=60>j z>1YnN+xoBCnI2<|VVIVy&EaAAWYSTxDmyvm@<|7)S0lW27hptnTiJq-8;=suxZ5?# z5D=X<*0$|K`zU%Kv|Gb6bvL+(XY$1?3L;HAwYK*R>MbDE8oE2hfks8$Xq4&%)JIvD zqvH8+SluSPN{2IQ{pFiaaYlTIXSV6y7@B?!c1ew zciZn;AZFOUZm%aOJZ__`p;DLHoD`@8fv1=9?c`iDE*a$grzTcqz7dfUtOcqWXh-cx@K(?tm&(bqA~AK@>(h~?BmQp?E`?Otr1bIAl9-H)H{ zoL+Y4Qj@gLUu;3_SB=OjH1BDCv3IX$*RbbkH~M00EX2qIB67oP9|%2f2~=JjOC9#4 z{fdOmg1lJLl!TkPx|y(EPCMaWx>?U^q8Yjj+kWT*TV8#n9Wv_V4Io=Fd~bf|i`<+X zxS)aZQTt24>gs~TLQ#!!@hSmZ4NWJdm_4Z)MLUc&rClLDJg>CvKdZ{!*ILlX*;Ep8 z&Zw1kS7=Vo*vID!>MtT6hfUmBB75ANF}L`S@S#*5HP`7HW3!h{=$mZXtFIIYxvZwI)I{Dg1|AsFlvEb-8LXf z@YXW_-vb-$CbJe_0;2BZO*G?`Gp!hck&fhBUf04Wct@%yTD3hwYJ1E7GnXwjr#RJ7 zQAH{x2YS=R<`ZQS<@~!Z($lsPMIV^}@*uUe#^Y~ew517wS+ak_%M*UiVEHb*&^m|t zeZWNoFZ$08v>3Lajr$;_DS7w z2DMC_=}apQmfkb_oj5XPLp8(1^;HZ6#7MxuPC9H5BMzm~On(kMoaJ14DO(tXXhAd< znu#)dmyI@cOvSmoHE(o@?>ucpUTYIy#?fQ1s1T8&k z!+EO5tj)PfR$*b54M5kt+1$e(H838X|Kobp-bTUL9c~NP7}0t-8mX9c*4Gbr=MF)% zG^r=Ov_NL4TAn}R873<=uJ4(_)You4k4*e0== z7-X%Bvb$jFWeq9iszfEqG>*-`&}wofM}eh>{A(cG#}9I1X#w*6rcavj25DB-_`*(r z&G7}2;zGQuezR1D`{bjL_5kRCStoa|6B3ximtcE-8*~X*#SH zSpNf0svf2YHvss{6pR&cx|B_35mW2UBsC1*>Z~dmcatg{6NunK$j!K5^yBinKK>uf z$Un*qBX;2TBrRVvIDMGiLCT9a!3rBKy`6Yrlj})JOyx3nmgCn^*$&%)`y9T`^|m0o zv-6pkF^z&_6C1oA1I|y8`Z{P|rrja@kZm~$$RExgn?B%Bvke5~BpGWGk z7ZHr1(KM4|m)Ds%{`u2CX_KZ8-ePIlOq<5(#P6oR37c}BXjFlR5-7vg#5=GUKr9bZ zh@#iQz+y@ENIU5tv?ylcCzGRKT}63u$a>uVGVOq@Nol57!T@WP zSbM0uM=R3YhyLJ_rQHop)7Cp*QrHUHpv$2b#(7rV>j~ZA@n#`i2yr*`B1@Ihb$XBd z>It0K7`n69j+W70KxjaL)VVS$!K0ew&fEX={$&hDmdG3W2F=>>))w*=uEizxGgD>e z=Q1U36k1#^c4(X-&NER?hU>_oLv;_L(9jz4?7Z!SoaezRom0lo*d{0h&LRSx+Y?z8 zu+MIMg~Rh#Y=$DrR`Y6Sr-+jB-x$GsDu3Wt0_S|WOW9Y@gRs$Q!WOE=8Iw|$M4wZ& z9)9h0TYi{ZbY{=^M0$bEQlxKJfcP;!{QJye589Xs!?&sn6eK}&&(5A4B8w$f{%|}+ zJK;Si?I37+rGVO;XOL*VZ+n{cDKe3M%(#&`lS3?=_h^hv9G`=n!#Q?Hj3a`--IRC+ zTzy6}WPFfg}U^7|{973RaY1_TX#a!l-}O zz)Dw5dF14Us8)$q!Tbp?WEzNZnoJ@_&C+O>(@I^Ejw9^zryI*#Z8T`O(pk<1u6B?BjQFq5w)w@)9=bkLq6@-9oI}O4b z3Z~{d;k>AZGzdMRZ0=y&M9>1~3Up!e2I!js2sZqn43j z>bdY94VLW&xT1WPZJ-83hPvO{PjQza7cpf&zPv{gWl&Rx79SMl4&ZW~$6`bZG2c;7rW%#?NIVAQ)LXRyjf(!q#TpdQYnlVeelJPM0l)y%Mo zbQh?-oWNO%UqDPP?NcWsL&yBII`YdA$IK4f{yx2 z&(6-sufG#19gMxKQ6{DgV3FrD#{2#NA_akaJ<)QqC1oqWKXH|oOQ#VX4>p^K51;#P#K)&t=ex-7usFc;f+GeNT`H#fCj_bq?@fa!670 zU5;~6;uzrCk6BaVyfLEzcN`1P-1h(4ae^<8`^!q%-2=Z{LhY`O0h{iJ6U}S=*Xqa9 z)R+7&!k4?t%E=!4_MY61N4I%GVc~U<#@)eW<)rZYtQb_#k@uRQF9`JMM)yutm#elX zOPENhA-i<%0*H> z82m+=#jlYSC_Eo)1$aFbKL>n9`xgL$#^wT&%1@>=U>;6!Q=ROt_EndkP8CsIuxjQ$ z`f=*)-O(XvjxsCLwVH-w&9mzlHX3CUo#Jsc0!r#`jkt#$V!|%#?65D?rZ^9*9CXFc zeSBz4#@DYf`LbA94Mp!+%o1=a&SwZaF~l9du3J{zb(FAXL{CEZ2A0N*P*ER~D97So zicN16ubBjoMnFeR+!r|*@+x!e5iuVq8F4ILyx$^Yv=b8ZeA46@$f=)R6mR>~O;{>; z4!9!pQ*CSN&+*mbPdHaA z@rG-zij~h@`fY{Q+l#{)lU_K zTuN5OW9OsMftw6j|#K{$8%^>=z86n-*XYlW*8bSK5Oxb)ysS zE*R3MniC>v*k48TEZTAW%mwugM4J^XUYx(tZxaA{kz#Iv<62TF%m`4Iw8c~&*@W&0k19TCo5pRkkN;L_gbebykNUu!VtV)(*T0NX`X zmI3)!p6+lBYR;w=IK8Sw0Zqzur)ax(bjN6v9W%MYpMh&`ZG{eX*V3+;C2o<+L>X^I zJnm62n6U7gb^P|eJiFQEpC4QCLyv`Ge#J|88NQy}O`P)xAI0D2x7WVip%YRst??0T zJ@k=wl$b)T6;6|w;dTsIaSCxIH*e^#3kY_%%c+-7i_Gk{rT*EZog%B@LBnl`wPafl zYS??gUk5_z61lWO`YO7awZGog=;Tb_?*}(rs2LjZYO?c1tVq~R0Ll72+;r`X*1baN zn9ez@qTwHUf8iwJUa@|dSq@&bhjuk?3u&*1T8!S~Iv!exov+*wcYV3OZ+K`iJZfCq zR&^E1nK{^6lxnH|!M1UWu6KQTFX!G~dzQ)EO$h`9jIooICAq4SwEn>7$;O+?q^v;j z6sbrmK2CgwN1r^^4hZ-^w2X>PPFbsD%=Nvij67o1oSczwZh@RpJEEZt+orf)Odh7+ z?nypCR07*j9Coe4X#0ZblYPQu(K;??h>0i0Bq!&~`ctfIG@Xhshn~8tNg9Z0;R9Q! zQ%+|bGOYQCR##pgrkpg#_#s8rUCywts{H5~bmMyR?trpw345-R>Q0d;2VaeV zgVBShCB5JPbycQH=r;VLvtXNV6r%XZnK;V>3qufJ;a4l&XL_d6-(I75N!&R^9BtFlmaPCV8%alHX--*E zjpo(K%}z-ls@aSRDH)XyAS7iS#J_!sb2F20>+v9oU!!(XpEonyIDS21xpK_urX|y% zh@V_OubfyU7`i7_s2F`Om%#msbW`6`4=sRZQ#RZP^@)^7Oh$ZS^w!#7U!ksrozgx! zfN==c(4>r&Y}O&E?Nx9kVb(b`tO`L|^cq9!FE?M&Z`OW8 zBr$g_2RoL=F-}NW=@3`w(hdAVYeWY=n9gnW0?caba{QqHqLzg3`7hMq0E$zPry6j1 z>DGK@XSbXa-tJSBDsA4_IzEoEX!Pjx%)t8Qul5i&-Rx# zTuc68=#$xUt#7e<-70&)6%J8u_Wt{<6{5rXw_AIe&9u(X3tp*xiKL94O!ewNNa$!~ z7EhjLZGZP&eb8!!bha#fH%AeK-a-sG+Z<#yDUC#BK2|PI4*WI^Nf2%;{VYDK9}w~K zi$D@M9&SU|5&r!6uHtM>QV27RIZwU_u?!{6WiP*!{YFOeT7FTE%JSxwwkxtvfkB${ zw=R4MBG}*9r%&HF2b~0e^eZuStO<+1OKty-u3fF95k{nUR7;+X7T7=uQuM|f`%xJb zurQinn$qAHYwoBMm_)Lk81)5obt%NG6INq0N;cnO6)|TS#Ix4bS}?w@`qE9uo9*IW z^jcw9j8OP7FU%dQQXyHB=kDOlWg|PkegqgGQ=)5L5=usgDc)q6tei=7s=hMgniP!j zk~eBGpSLd3iVP%<2CN^_6e8Q=ISoI=(mfdwAGv?-`m*B4EeMYHVa9IrM)o9nH;dEu zuCsToI=2WEnUV3c+zoeWDe4+&wAnS96PYTlB)^kdLHv05HE}!HKsJm$9z#q$8?B-o zEs^MFB$|U7rWo33hT>AQ?~`N}KT=81{}GN=Bk)ly3EuxXF?F@cK)7q+k8~EOJHS|) z`^dVdUtLy|u(>Q)CAy6mdiTD~pfTLMqd2JiA)B>+SdgB`Y6y|sKZH2);xikS>U(n# zck^4K&b4Eso<0D^r*SIn+qPzVFEq}nF@E#r1LW_?eX~2nHIZ0@w{4D7rNpijg(Li3Y~8r>Y}oSSJW z4VAq`7A9oL+`rYszE-Ib0HzxB(aWf)_*5*awhEnFCW_G}J_Jio>QS=Zl(|T8xN?{@G>-HR-`PjGIl3+sBdh({1%->@cygmslOB zUh)mseC!yyyfb9}u=TM<6GJKdC<%*m=L>9l>!xM|Fg+ih%RxYgDp3<(4*o{NJE>Iz zt=&)nuqk#}uni0u+!3pYcPeCavyevBZdgS>ux_E#Dk46u%1}xofl;P`f&Zg9U=0|g zBaF~K)L>Pb*c>ahSYRgCR0d)&%je8_cprhuvbEu?nCLNIrGp$Zlm&)|*2Q`Jc z6QxuyJZ4rzEAlF*{ySwWyp_eA2!+1kOACLi0gYG}k<_e=yocVyWB-3dU1NBiThngRpt0GQjnUY)ZJSMF zK51+lPPcr%!~RQM0QG0rWYU2s^}2D!{lgI9iI^9Ou^9*5R-sHfvST+Y9Q$o9 z^<|-PB8_Bcu3h(Lw#nLk17$-rQTuofyw~vLw?lMxj*G5lBdi<{h>AVzRhOBiby{@=sv@CF2OitqJv^s(V5_;73djPI_zVhA27T0zVq~5W-f#G+Hty% zl5SGwBc7Qge50Y*)2I~Pq_O|?@opipTS$z^`yFULNCLqe#$N~n=_c}?#wx~@qkwC( zL2#u}hr$(8jzl7(5^BmgVAS$K+`xp>z~+H=5r;C|Uy#t%Ju5d3N$o)ZbLTdXBPMD) zWx=^arGwk1{;sD3BoK$1KkkBWI=YgXE#jTQ?lR+uzALrv+bWo}iOXU*H8VfsLo!BOc`peEJX7XEiQ?jQk#M)2*^U3orLQi*<`!--KS*JlZX^ zSg&Sc7GLBXcr%hnr&o5Biu~8C7a^PE9Y6(FEAH5xf2MX?PR?}Ft`Axsn7^X{45G=f zo%FktkmdZPFCS@wG@Yq+^wBr}|l73LEMitz`qUh8J+5@3{6DN)N}Jc z$k3jIu-;XwFKnpYf%K;=Wg-)k zh_(VKe|%e+1t+WSA<ehoj$DuC zTwEL%s&=emIo~wqzj+ow%>!W+-9H(&~7{Ob>@8TG;4HAYr2myW@Ip~Y&Jp|h~F7d0z*0{^FSovST$u@+!b-zs*L&^`` zCPPdE@XBE_X3BV&@!SnWwxHtq%?paCfr9d_KY|Z0L*o3N#8^4!3%^?;XK%8M#b_Vc zRCX_#she;wS4a~s{=5Y?60gJQq@*-n5Fr9!`1l2e6{@I!t0F*!)^SyO9lRKS>Nd>3+y# zZj6B5iJ|m>F@29+h`5;;@@%hWU{0e=LjdJJV(4A)?Mv7jcQN_=)Cq<$`T7!sZ2dQ_GGT&Tc@!I=MU ztOC8M-+v!Xnq)x*16pn*n*TIOeqGazmxF)%9q_uFQB2~-_(?VqMwM)0-xSWiDk4tT ze<7F>)?WJkL_G6LV}m3ba>MVMA$JplLwfc|Nz@XytKvxRi(XFKmG~-7DWlczP-{=r zI6B!61Q*974}rQ44uh&yL1|PZbgGv0YG{Lc$_xJp0$*iP%+hR&r1S%1M{RMYC_o{A zQsujnsv6#Md#*SV&0ZcK1l7Obq~-}QVNjb3ft^>f9yNtfR*(tn`lMX0+nG3enJ7G9 zyO~0t&sTU%GtFd;{=`!sZ2aSOQRrwOd_Pr8rQz(8-h>at)=tVdObdkZeJFoHMJJi zR}-8|z}t%83q%H^tx_2Up70aO_0lNUo|yZ`X9JUo3=#DKK3~ETFnTW)`_imJ%377! z#1m!$=5W~`V}=>OsG-5*FklJq)IlF_g%(wt8a?iiZ^W=FVz5hn*&NrhDz_X2Pfwfs zq)(-JvE`2$iL13f+Utu?MYFs*nc&zLhXFl6vlTIk&N(I*akNBDx1I-DC!YbW`?(7+hiH@>8EL+@hUolSEYpkRDa z(!X4X^sJttce+qao#KC!1)A9!A4 zhdJ@|vfuJy%-rrH&XKn7LX|&>H$r(iS;Y6k3U54)mC||&9NPncL zU2CkC3kON_T!9B^3-)fmE4gSXME$O0uMZLW1~MVd;s;O*f1*A=^u7;5=fOWp`qmq}_CToqeA? z6O5Q=P_E)qmQ^t?_%qM$MQSdf%14(^v?H}&UvtU4G}jr;E6|Y9IpF1YS7R)L3Ozj> zZ##C953N+z5RjA}C~eqd{|#H(-T_+b%Cf$A+KZI}DV~PE)VdB*Ef(xTp|HGS&$r}D z!7wvU7x`kXzclA!ZDcZN*s#J9tga?Pj>_axu6t~6VVKVDUN$I|9|Rh|DH;+I3t@&RLAA;bG^67)hmgj}(4xgI z8UcQxSFo)td5kg*(#8-t5U+>(8O|vWU&8iAeu}zxo@u$NOAM>2YuP{6wI&(`4J(M6 z3ldXNQv#VTgGuQvh2EE0Q>dCs$e`Kj8B`P|gxp`kf4ovBwch;Ye(%I-NgYB&zOdOi9NU}X1wEP&0eO}egY=-{0|5fyK9Ihj4F34e1r zIp$;o`m`ve8`RC1Y7Jthg*U|;ahjD!Z#Vc#;-Nl$>{+F*d>X6eu6)l~)J})^N{e@G z=-Yg1Dc5pHqzc@(ep$0^K$BWmiQ6Z4sM&Hvbjm6@wS9`2vw6KVT!3UE#JtQ>nO3R$miu5cVwGdU{1)3YN75?HH=Jtt6WGQ{z(bXY8_(s?1lbw*$Kya7! z(cD>4?qfpd*r+N5Kl9F3KEETJr^X~2zEXvJVL03XAKGjoc)r*)kyOCU*IE1w!k6Lt z!e69fgAO=EtD7T2&^WBla zTxG^rdjfiipl(iTsg~uT1gq9oyg4zXeHi9tcD&cB-Bu^oPSL81qzk`U+C_Ww@SSfc z>MppLD4Ysy0=zTufBRi+w07vRofwlJE^q zRMlDz6YBqgTH+MX_Wd0iCAZL*gYQ5sacV#KRu3Lkn_AvIu?W4V1Wdam3y_d}lA!w3 z)S0Q?%edvBRBV*JI&&v4i`6UXF|0e4xf)LRGJSl%-P?I?HBc315}F)Z32rI{Q++dw z0@^{w-w8GfCmfuoOg-yC3xI6qXux{^g0nZm6 z_#s)PP!meB1QyB!PiYy>Def58=`-1Zr>kEl7cR+zmdF00bl=ESFF@GBWXJ9>4K0Kt z3XlNbD3_Qz8PX34EYN4Q>h53&yXhuQr-nfhQ{XGF|=<-=o zE(I9>@!{UL+BcTbU)8Zj)m2PhD)c3S2__C{r6e-Mfp&JF^H;5RiXK(zyR(L{i{8K8 z>S_6%^G#d80BzMz*YAh?K|51uA}Jk4J5$V-sV|d?aHhux;Q>QF!yBopxu-CmM%Xi+ zMHDnx5TkI$S6Xwi)>rzekixs1x@!Hr?k3X`yh*27RQzE0z&}q=OJW?|NGdp}DGMH> zk1q;_9WCIrvP*XWz0#Rob%N$M8Y4I^uR+>6U605kK+8BjJTI3Hu6?n!gMG5J_zji^ z8N23aYip|2r{MJBelJ(I@BMDo>m~QCiT&+%(pu*wa!fVDHf84G!i5cZu~hBwXytZ} zq)XX(*}C0PeH>Zam{{{{F^|Z=KeeGc`P{Mm-19!aZ!&GXVQpuDcXj>ENEOb;O7la|H}I|6yGSP!_!2M5U_NC z9eGW}p0sw5+1-;*p?}xzFFix(M_-;X0n1RQ+5a`0*Yp0N$C#L#{rM8YdN&})7FvDoCXF?*;$AEr|%eT;1Tm&xyhuj?hGtPXIl+LPb_Zj*=}D+`V$Ac`!&QDg8d z*kRP_hNem1zO3XHeIMAdcJ$`?{=y_q$EAH4M>gdUvSXpl>)}Z?1$Z8~uD(3<@N!vQ z-*~w_ntQm;bKmxfX-rA~zEH3#^7qNPDJ=G{qGWS#4-k zKaVpdW!ZUYO|3-v*x*#>6O7iL+;8V67!*d*7Bv$lPK(1II&H#7c>~J49tUHgMppaO zkRf>0CssU#DbZJ}EEAl%zSejP;oKvEVyovr^#RIao*8JsyFQKxYxyi#lKzXUnIISc zzT3xJRi61#`y3t2Bd&Og8Aly4l>#~8T>8rLR^9i}D!ov4pPd9wKtUPzXa=Gw6+_;k zud*14>93(`UnzyVNGlr_S8+MCsmvvwg2y?0dwry4=m!)HhR>$-EHCrnltFj+l3ND> z*zUBioKYU5x*ylP6zY)_e2+Fq(nh^i_O~L%lXrrDzMyhIT!-z4QGmjZs>S>fWiIITr#R@&;YJFOwZ(?Y{P&DbOCTC7ZSeRTvHU})Lt2EZv z*hEGQTfiz+Q6WEjwSsnbL-TsXbtCiu(7dTp7cT>%HeN?O_!Da@<*%0)J0~v#&Ueb5 z3vlC)S>7Xkq|68}7{GcM~HnVbYQU4{n zzol|8R@?cx(^Wm^K|=+nHN4yB`#-JL1aCb<%sZ03$_c5pcu>Fs+grSZ4%@`+M{|o$ zgKefoVWx+eISEJD)!mfXF2APs=UzCg-VmZj8 zA&d3I%?ig5gv^hWGj22Hb}TwtMidhP9PAhC!Ct_-MmzMU5t~I)ZE)Udm52)-lH4=x z?vA$*PS9x9?7{@eMmT8RK{Tu}3ZAwHw}#-?VAUxp1GTTg71Mu&{uqgj85w|^hjF9C z)*FJH(>_jr1OwO7oN;mUXdP zZ@`%sLH7clUr{y~phtOTAs>*%Yg`Qj+;SCCywNN^z=xN9Xs+Ca(=q11;vPX$#r(?7dWCek$CPFL{21}A{~evTP5Lfe1%>PT(LpvZNUTq{CAwBj$D(}S zn-HzABNR!`D#;;xzxOV!^oCoHhY{6+Z;l6Oc^Z2cf5{`qH?zvcUpZjOHqRIfsb}S` zPYyx{ftJ*tD;LwimekXiE_XxC#Y>uoJ(^J(Xd&lTT1_EZR>qXGWp@_SO#US$LPLty zTg=Lu?>2zAr!l9}j8Q|$rtjKp#@>tp@z^VSwSU)R0 znmFL7nl4TcqasV<9%L-S>VN&HoOD_8w#&5*tEDbX;IID!wO!(m2mn`LBaHg~-a805 zL_YSo=c1~ZeOWfSI_b3oM;H5VKQ<-O`JgK(qTb&l22w3R=Q6q>+4$q=>Y~n$xMSuz z;{NovBLirD2e_E)RgDcZ#HgRN-cbtlUmP6C1d%;uXx zXF1WE;jw`3q?ASWuOX4&P`x{OcQIpcj;(;MNJ(u>zp-Of9y=9g;kwUf~VdX!kKZrPy&FoAb#9 z=4s=~rGD*kgUn9Jk`w1Ln(#nk3f$ZOXs`D$oS$1F&6 z5Za;o)^TS3OHd!ah+Nikl1R4v3^gd4ua={p`xIt?m4LwN_#xfT!RV!dI)6N@=VvB- z127Z0$g#rPxUjyxGq&@TBC{uk0~Yk4C3y*BQ?<*KUin0 zZ6K#v2KYpb<@>xC!REp2Au*gPx<5nUM6( zY*G)K4x;aGklmDCd|h2xc@lMwGqt0xc1B(`BjJU}?x$W}vN+eA?&L!rGJt`WupgoV zQ*y)bckH=HiW0t%XBs3eg2BbbJFT&S*_PW)zo1IZKKxC&KSXi~e;iU^GV&Eo=00Ui zN7!0nb0NW2{}6e-XKMUY8!v#NDxQKuC|6pD&q|&nMXrQ?4Pi?U0^_HZ-X4>iQZn(i z@%%JwVf+Qe_E5(JfEh*Fs_x&1aC_RHlpe|&tjh~!%YzFD@9&K4czTw~&@j&AarRY# z&wq;Y6Y*|{ameN-usaZB-sP(eokkL3Af=J7J>7N;)$WnE`oRpEX%6{6M&(W8iVYIe zXFSm#&nyI5^uC#-JC`hb-s`0KdqWy z-{$hflGq!P3FB0^22!1qbmV(f9EK3gqdw1>4C3!hEcf9pH>94Ddiw;;oP8B>gvwOO za`bI$c?UJ9()NPn2WF4k%PbDS&BOKSVQZX?n^w-32YB`niPXN@b8vr!Tjc2)wTsb< zu+(h?I1kVem~*X=408pQwN(o#T!YzFmCLrXFhRc#@c;E(a+HzmGS!JYOJC|B9J%HO zK_!goovoqaF_z&_g3U0u6lF!!<-__CTm?{4c-t$j_M=L7U%ajsb`EVlUo!`O&0M%N z6#aRf&E-$STV%P3sZGSGFS|1ce5?xGFb!8?RFhKKV)OlDnM88i3+7l));wCd(KJAb{BF(@fC`*?wFT9_ z^u_!Ji;jC=!Z++rl`N%yRsgEDz0gD(3x%V-S!p#Fb;$FQrI3CtvK)5=od7tFgsn(vHrwf(anj zJb3m;(VT3kY-#_46Cc^_g@^T-9&Nxel6IxB_{GB=cyc+FDP%uNn#%a0>^$NPhSDbP zb1-I3u1rWZi?l>QrtXVc23{ zDHnih36qPfq|ThJfXjDENDqAekBsMt< zoPd*G{q1Eb`296&3FT9?YqMcas;Ao|#j=#28iRMET+moR981#Cchm2oQFW|Qck6J?9M#;BG;wt)tlhVH_oHw0~# znem$5LT~0SQHfWXF;QZwgzkUr%~ZhPXh9Y^M#_(9KJPQS>TGl0O&;IcM#;n@_ASiG zMU9Oimv~rqUW@Z5dEcC=%A+&pJA27Xwxg*R=U#b^~ zk;dkS^HUL1(B>6vpM;ox0;J$6)QlLUB(%fki(P4-1AS~%r#sUiQC89u2%QBcY9!;S zB>DXrgFoeU=Q-mNBNq51(u=tOT3D6NzO2XxR^w~kCM5V2Jxdy5Z+qtnm9V(NZcv)S zb{}pp-verkpLQ18Cxg6NP$ZF=!U@r+N23gFHr=jUJ~W*J8B!_wHF>?~{9!Yo?$dup)0tKv zoLORlq)@g8a#vILi9G?~zS|Gg=4^{{-wi~HDjo0l{$d!bVbz&;6NX9k6R~GIMqx4VL zxYpmQ7`l)cew?XK_MTX2ooPAZr9^wKE*&tBRF);-i#U-ogV(wGTYb-^_q3pgPIxBh zf)8ahjt}-a#5G(xvt73tVoE-VJe&O9JC1WpyDHDE^Ic1ogx%w@sBcY3g~e8KRaf$%nY2iKa6?p@Hzsv zr|q?F^6bQ({sUh*Za)+E_zS;}L9zG4^u~*D6a5Br5~n8*Eghs#tEp(dk<0Ja>=YCS zSZC-fAPSWzoJ(+W;zq!%f1#FmPYeG)D^xSO6rylYmX|25YZd;rlpTA$H^7HTHtIGc zf152olH5lK?d*j+c5fr-n<9Uqi1stcTU`YDXuHOmLZ8d3KHEh+9jC9EIL zU3?Gp4I=&^%^|4Z$9v&lxiL=5f%t4Kg#fN~uhtHsHqkJ5t~;AcQNC~ieP(FsBKgMk zL`MOlwiCr5=ENM04*9}61$xfPeC`kDU?uYZ@v2P<*>C|><(yoN5#IvS5_v}24xDoq zseYk;rUY6iDG1P6S}<{G{tuhkVd5qhpPAe7YLE#~y&2pfhX6zBl_QX}fzM!;-MiBI z(7sUz@N*p`q^z$U(zUFTr>N-04R{S1KEp7rL0~^)yWLV#ok`((N)GJ);Z6GY7Thw0 zpGxrp=iT5kgxMd1q zBk5_znXCo=z0DIFpV^yKc4RM_za(Iv`ji;(b^j{v&ii_p_*@Xkn)@Rm?Q~QMVi{Spt zo?!RHtq+P7Qj{#|zBAV4V*k+p@=iJ0_32*}Nz1dBe!wNljGT|@Q;e@ozp?nMv5~rM zJe{5)khj&oIy`^Js}=P1fTO4hgAO$Z7?H`_YNejU|117*BFuqPFHoMsm zYKuCEIqXr?ThLzym%G=zc>?WvmW*xuQ>TDIjtkvk& zgQoH^6F_>OtlH@#rzGEnSfcbpX+f#bu)0LE+~jsHJa(U?^5DZ7Ny=iOB_ z*#?W~tpcMMVA?4rT-1cPcr6DlhQ#IlN4k)j?wWXxr};PEOufz)GI3!TP{C!l5KGY{ zA{UY2%d*ix|FE*YEUH=o#R2P}t?R{8uXZF#Pl56rjAv_rE|HJd$iC<&I^CBjIEqv#2FgiLum<1KBf$b5eM#}QC@?KSOpX&!#LWJy=)f$v`192^)N>SN~IJe6Y#fcOMYp@;h>x( z^PVV)l9J9OSp{zMT{zUqVA}ey`0(MFIk_BovDTv4Y#!&sE>@xWQ#2RxvR3LV&vYYd zSI4;M5QN`i!};>WNHwI^SDqm^cV4E2AqAks%qSai{zD22t4*qW33u2y@U7LJXFEVb z4RDX0AjjkgsO5R);?L?geK*B#fo%=?-&gyq!QVp242Wtjt-JaVyuntYFX~t4 zPUj=6x^dib9`* z0MD}>a+{KIote4AnxU%8nX}@^wIdzRJ(#TTNI=|E`Nj()2zf!#ay&xoB~=cnsoN&2 zZ*2hn>vJV%d$K@tfip$6Rv?kp(_>YfITj(A5QNhE3FCwK~M;C+1UdHT% z31_PnG0zdW)2HwQYdNi(7knj0{Wm#ifSq=&tE3!~Gqsy_3icGwsl4uWgUHei*2;Zq;IhTkHMY@HqF4aOs?2knj|?IX)g z!q53F&-ZF1m4(w`l!X1%YlRMHzwV4F2J+j? ziK_epMTM?s6i1ESzPvaSkdXU^#C{pZKwWU&1Y?s9MO5nRTlL&yjGt4|lbm%t|+ zrB7QHC#BXU00<(_gy=5l-Krdr)(%l=w|Mzg*-{5@o!Gfq@7Q%Foq z6(~n?$&~0yEc`-qx+8^UrVe*0J?#B7bG*Kt+kQr~BnioPW6sl1=^)~C`A%uC9v3ug z(LPd&wT?aHTL9cZRnZbMZ5U!~AIt_CFZ=J|;zjyFo?T}k^@e9+G&yRn$zzOdX3=gaokuj7`^RMbo*%tWOF{a|3hZHbA z!z#fM#x6>0M_k%;-UxwU1DoCS&$+C+`2QlpVdVfrGc7%X4;>mP_B!BG!D-K~**u>* zo7e<8hd@4l%wKAPJ!ssmH7*@kL~s;Nt2y*g&1pVy?+>^kHkH5 z6~8#NCL53Yqmkk{!^w#C^2d_s0cZ2j&9Rmhaxs288i5wO_}GCm4HHIcLk*>5PqsiE zKGogab>pn-q(jHa*4E)ZeqBWyuF;QY31G3q!HJ4}Va@Wgv`9QIv-lJlbzt=-yTSmK zlx<7qJGBXj+2{FH?@5RN3Cv{;Lf`rqCf4`1lK#16*V+@a z{FOW#U0<`eJJ{7!nY`5vmc}-f2OlGM?{w!lyWbdj$376jBF0FGnt_VWbH$gw$xJy< znRG0LRkkieF8X0OfM=;3aHzaJW~C4!M4)6L8ek0Xi5yO^=qXp1rYZ6Z9V|?b8OO1x zqbBqV0jD(_n0$7P-PL~K8pc!kc~r3uTsgU72Hc3B1_I`o@Y%AU?hWq_qURd~*^WUV z(?Mz1#SeKY8Y~k`>^&q|tKGxf3V6UBOQfo0j<>2Oa5%a_BVHWXC>!~8She9vzpDE5 zGDDmZQ#!JNa6Y2*WmVQbt{o*vO2n1fTq5=AM$Rak!-?p#(OR`FZiY_!5=AZD1hRhn zVqJmn0_ncPddne0$K}ML^Zed;&eDFuqy9qaNCOdwNbMWIeS)`eMh00UJMg)YlZywp zC30e5q9QDGvi%CUJU^E>+sCaaEnb>UZk#K+t#jhk4He%SA#T~R!n=RVg51WxaKEts zw!5(eQqpmPxAL^MW7uHoeD&sfs8XR~x+Xgnw^lQnc0_ik^!nPd4BYC5>uRp&+O|*I zd~n}H5XEDYAsV4`npmcJ^${&cawo%EIZY^7zZqL$os1 z10%GXpQBGz-&*&l7BMcpTb77Rq~b(*_g1!$-qwy<$dQ7o+%GFuc}`Tkh_P@JI^wmp z%0}Ym#cf(WTAJrJAPHog5Y4AptmC7CG->T~jE9L#%I%4m`=kS&$WE=Xt~QDT%Ip|R ztH8351L^^l!JwZnOz~`m{nPKrw5!fxh-6!$A!N#7*f2veT+8~BU~@+urpVkZJo`oX zfT2smgF;2<7@muK03T}%Yd=XebRkVvvWJa#F#uK~Zsu!5HCHuQPC?;h5bb~y3T5@q zv>CP#op4xX%S`eo17xAw3GBgMC-ozfH96?|N3eN1Usu_2!wf)`(nZSb?4so|r z$$8?@TUT{#1CwB2^YZXepK%`O>*VFC-=1;z+%=?0gD`msy(<~y2#Njv9JPt{u)%Q)s}Hbzdg5@o25dlPSvkSR?DZ;>#sf_OMM+Xs#lHkcds((o%-F3 z>gP2$cYTNjvZ|PUaLBCt_aug#Wm7FP+9^D=4KqP;X^DXb9v{tsQ@EJu-^qQdPwf`7 zcyW6om{U6-_v^Z2XAj(Z5uZ8NQ~gn19DM+GnQQ-`2Xb-9;~CqQNM?75>lc+?>W7ECZxDIeu;OP|ss0_lF8R{m9GYu8;FAW=n)-*c$XnQIW zK~)H5csNY)yd5fbf7mBaNu?pIi0|eEC$JA$M+c`9@1wbx)47jfZ|Vbf@#UX*z+b*| zP~${y`Y@tLNBK0$5pr^E1A#@^ zt{w7Ay>5bbXg#`x_uv3kK^tiCh*)wBYYd6-4ga_>QxKghktKYaZowjVl4DYE1a!qVhzR<3k`iH!hba!86BAR zwkb_F99Fq%oz!BKp27;9G~!ZAy|jBE>ngG~wn^xx==xcY(J0bk6K=_61J#-<=7UM; z-KI%(AP`}P`?AsuT{2Ql9}Yjp+3%mbI*4OOZtthw8g4dyYxV^ipImz#!^xflbmW%* zZ=%EG_5N21O7&+JW0B^xK-`IY>YB&ij+&KASS$f?xZf{@gxtg9eY^xW|IclH%Y}xI zufI1cwu$l;x#RMwY935!<)KSW?wTOS&;7yVYkdD?DHc$9CLLiKI2<>YSCV@cX{%Sj zn-=q0rNNSySE<^^8Ql9r=Tnow2pj5gLq~h`DmLEyCJWpofCs>C9#uV5p4wj6!M?;_ z>b-aU7Rt`_wDuKpVb#=l;q*br=e<#Q$PlZ z?zglVU2EMh5(NZghA=@HAc@OLm_9YfpbUvKvL2IPq?UQo1DxO=x_ zcP~$DrwuAW?T`QYc9lU)iRaZXVsfm|s+O$#Mo~@JzJaKwbSAwODuD5r>#Hq`HgKso zgFN+HYIknO>I+oCE;#YjfSMBLg~oOzg0UOJLEgm&7Ts?fKk_aJf(}9dP%K=8^75i0 zt~xoKtt+eAAQQSwI$O3>$Vb$fa@kMLd1FX6cJCdm3qcqP+m5jz#q}#@NQ{oPW1p%Ln=x?z2pPFu!&LR&UGah#-knpBtbAz`EtC&Y_}+<0Eeg&6v_(DCW!^XVe~PETO7a*Eb6)2--X5&_?%9~=7R8cvIoPW zx`-g^x#778M-&l!F8swBSRKZoc_@2~Bi~jIJdIoL{5^N#EE{>CT7;@@7ApLvz{@x& zp;BQpM-JddxRDy`H&ocVmN-8H#xS%e&>7W(^-FVa5ma&_Ww8nsQtgVK#ZCyyZH7Nn zCp-qR;S0U$Ojnw`stdbZBh3RCW9mMc3jZ+sDN<XXYw);&!ditpH(k|eXCIW#4$N=-i2%Bv=ay7!TZW|PrOR|tNp6-}ly zqYXfkr|qec3P=Yh3Pl>X(EPm51$V0eZ4kf_T+D`ZlKF~vu65;+i8ge#UP{Hfl{7%cy+SBNGiX;u0YrY{S)G> zK3Dsc$)DtUa%Gz8b9&!D-hWiP@iU@7W4$Xh5m6mD3DG-#?Z zKb5HYh0J+$md2!tts>7B*Q`{5;)s$l`@8$s0&U)*Ks-y)@lb=HwoRh&zV(tyis_c3 zFJCA6BqHQnZGwR=y}arH1lR?0BL3K6y+3TIsl3pYlTr2Rx|-KPurg6}ilJJ*uOnE56VR1v1}>{e3iRsEKyk3UGQ{vs)poEPdd6s5j>-7itu z2oXNF?-^Q+rxrits7sy-`NSAdU<7wL%CvyC{0AjZhH|--4b!Y#HPH!wuu)}M(LQ1_ zLCT_JJC7K0bFPBy*dQ7Kbq+Hlxh6C$)8R#(L^dPyt>o!$x371eIvTxj*bFm0BEe#y#iWd z{yF1!CqKT7>A(c>Jt4AD>b|~`-q*vth?RfVNi)@qhtUKJ&o}e>y9tc)q?LlkSJdIy zwVY}oHlMy9Y<@M>04X(5_N&0~0MzccXTJDx0es)Z#c{(*jnSQScPVt=!oE(Oax@2u z3~+@|?OxML1F1l2225)+V0I3Ph^YuM0w&}rovAR7DdZ^E7$LUJh3yBL;lG>tiSdb5J7UHXB7*5h-VM5(ydB}_)Kl@4 z?}RbiAt4OWHR%6pB>vZ%9FNI$xf;*uPBwC?Mq3cL)rEj~OQXf7V0m9npKtTmg(edy z7CDsGVzbjYVlxwZ;TZp4rbA#WYpr*OpaZzpCkj|F!a?TSYZv zel(Tx`RBrwslkj5FYAJnuO*!l0l1@Xs%Pl|-R0BC!D#}=z%L@B(4aw8_3|!m>eVzN z9-S09RCSVI8eaRDjN}kFO(0#d<8cOoH`Z3jA_Pf1Sv@LX;KdAH@^VmrHnt0zDx>89 zkHP0l*`L!p3_=n!XHJZED0DM%AdW38Ji&9yXy)FOjUoLebSU?`*LwUV?W>&uk$BV zrbGu89bNlCTgrun$55gbmvcQ8CfTYg7K|(Dq5ei}*dubOVISz9@A)=EVGdFh|C&$O zm*EMhylYfMaalv3G^tWO#5fBKW0efC1~w$yqA{o-Qe``;_gA{z2CVao!nh}bKU}7q zo#&;L@qQa%?X&LmDq4Jva}9!u1L6jVX$QAeMj{3E`=ar2M@#DkrlnB*lj8_=Hx<f&)77ecK+^BIyJSSOF;+DFWocwfZuBY@9@Cy)@B`u$Y>R-K4{;~L7 z%}qpO7)wC*bc*^7H`l-TdH|WUs~hT$TPr)4zz6D2^p_C-0fxfZ`_rR$9fnuJhZH4A zkP%6q0~4M2R4uI0l!1~1nc;i4YfoOD_Rl2>sCcRW4nF3Y1VvqL$giX>#r{%CE4&Ms z-7QaJi%*G-&5qrca4lsqGe|NiF<_|sT=L7uf>q^FB}_!r;w&KShEUiKMO5L!ilmUu z$@!<)y;WE{RzIwwb1H9N_AP}yGN}>sIr&bdGT|(S>+K$8c)(l4L2WGg6KCB#ud-)e zUnYd=Ucp#_HxDps4cUctgbS2TiW5FSgfB@0oH!W5+z8=Z!pGoPGnZEtI5aHL?1%q_EFcfn#b3^lPzR+*e4i6c;v9 zhZxoRE@9;QXlpD}Tmru&1#!Sbgs?hfhBp(LcGyTf z7EZ-EQcCjiqT^y+t9;^g;};H_nHjw2!37F$U$S7Jpwv+?_cE}dG2oyh^&6)5jnl{Y z6Ul(B))-e2gtfc5S7)i#gDzDdDu%1s^Q=mMm~?ghWCx17+x!lmve)xm6!K`pT$gn* z-ZuZStBGvXb?%Hr4uO&cRm24*i+~>EYEM^&sIc=u<)fQq_5WY^#1-ELTfYYP( zDIcsE1p8D&$XuwBZ;AqO(omnLg-iq{t1Pv$*2j{2rio~W+Nptga1Er%?8gu?&kE~H z@W```r9bg$cLe2Y?QkTiRlEH7*6YX`thQ-d$#1B$W!xzGhA*D?4bH1Zz@KUqg&gf4 z7@p$k_m-B_On_3<%+~qr{2H3+aI%RNYRRcHPY~++Hv9ql-(6$Pmyg$uyod9C3P^JU zTHYlFCsOFPeR}%~0w1^>@ff~Pq&M4)wfBvlA1MkxLuDl|WY!)PJV1Zrc&G?7HnqNU zw_vhzR_yh0Mq7>P_0@i|T?c=Q$Gzr(OS^Oa(F#!F<;wNwR9_@gEqP#+SS*cwcuGD% zKg~sFFy#%Dyu)^nL$}bz3Cq`7G7a*4?Nh7&U)|Y{*L7c`@2bRXGZBz9?qp1>VA1nRCt%yhPuh5uWB)jj;4lQ-p-N^0zga)JL+t zxUXx!J0QBq)k51u*~RKMqgHL(bF=qaC~GH$LAJEqnV za~m$?kdbDoL@!x6ZB(=2M$B6O+fC$JV`Y(|=$8-XHA#=MKPR>~uVt>&B%;}XN@_^wd$n9XJe6u!zWo|TKyrV#sfF}JP_yx#i8qr3s(!s zZCA)3Kh>O^d-*CuK1I_yrKwWY;k|E@oLt11bVfOnMr8DHnus9xVw!gJf;a=G*ey8Y zZ_a!Ma^~(02Z@Vza6Jn!XFOeX+TfjDP5@v3qLaI?3xD$`^BW*1qG&bvjWb%g2PdW3 zBWtQ zB;tH8FKtRQWOsH&^!W11MkL>(Y-$ou0eQU^;k&dUN@C_;X{qpKn#fC~V=DW)4#g9? z2HDUSI+PIJX*1-+;9RJNPh`|^o3!r7wec_KNGSPg6l&kF7^S!^{e=NjE)g{VWxl6kQ+FE4M91k+K^5J^}MfeRn zT|7xzJFc}`x_%Px*HM~y(|XB;N5uX5D1$H>foz(%&B_Y>pKX~ixQG$L&L0w_(jR}B zhaQ|*H^ayii2J}@+LvY^ef!~bF7l-jQmd7y4Naoi=)^kv==GISyyXtyX^?k=7RQxk zo^D9#u)F~>&VSVcdm`{d(MQ6^vI2_NTw_%`ajlu!pmI%GkJ9gFPFtq+>NAKM?DfI4 zdm19)%0gIxp^gm&Bd1SbFM2->YrI8VN|%kry@Wgt*;mLo$XT8LEOYoYy}VOp*3<|m z;5J_&yK{-i?i-Dv9S}zQrWDPEam&9)XVbzANAm$nt^oeAD_)zPsQw<$*d@`h@*1`; zz3t1!4F}~LqTnzDPdm_&Z9C-!(88*^>d?oXHHj?J4OZ4O;8|3SB@f0rn^26=79`5M zVbi2ix6drpo=q_;V>6M!@k4@3@<$`(aD7iyQ5XR&9JLcy z%I4=^GYt=|pP;(?5gi7gegH8I3w?SvSI8Zqv*dxdYqqRapRPL=cPc5WqaR_5QQe<3 ziD$R&dDuL5adEkdh%^4b+Nt3bb9_AG1%ZauHnPSnfM_o0#_@w*<>iqnfl?IWVqg1E zZ7*N%>L9yb;Z^Nesk8Ub(`R%TjgfTm5xHz~gZ{iyGUR?ee8fECMmb32qyJbb6ie7^ zDYo_s!K=p$nWz@GHAn1|8EsbNzDO!$3$@7f?3ex$%IRRH3XEra@19<7r-m1Bi$(w@ z`NJb0iJjRH(+MCp})zrNYQwV%GfA;SQZ`m4OQz3P=# z;)3G_H+cV$OHbBTN7{li!>6(g!Cn_oM^M&i>(Luc+oNx z!LFv{6?A|Cg6qu2SQIc9=W2Jb)W!c67rDGNl=MsT|*bP?|_6dXI<`cTy0^FBBmZ5o%^AG5A|%=JR+DtSlv5aju}3Y=mDl zsU_XtR4t>fq0!ouR`_#LW15V<2vh7XPzj9d>2EtzQ=niT5=?IRT!w_p0zhTOW~6_5 z`!7{*f`ZMJl%t>pSK{DAVsc?h>o+Ftg7F|Y`pG3MD{6e@B-|+_hP=W!hG7%T7y)A{ zdR-SUhru|m!7q7W|IchuaR%(0qxAO94$5B`GWTUZx8g^&+(BlKS}0|1!zOR&eZ_-b zM$!IDjBQPTSQb`rxqfCe%82`{3kZ9bQbJ3w{uPf_xTP3_I4HUL#;Kcn<}w99M2h?W z{YH$609>%~&uuC;CX>mp192%Y=KyV1BE2r_M&J)~fs*S}#rA)^}ALk1yU1V1)~#rw3ad8X z@V@!vgxUd`$}r4Wz+jFON^RP6KJBnc_BD+b+I!7Y`G=l$GOdrO0;cM2fQwVztIQNS zZ(6f|0I~M{HiOx8?fl&L%oH-vAT9ZUa%vRbYQsnLuq3?7h;_m8kcOT88+N#ol>aqo z+Shbu!5M@2(ClTsYQE9T^XY(cRq!U1vb)<7D=YE6W#ed8D10A2c34o7C{-PPbY?mJ ztOdJD${O&R?0~|M1wCeGc|B1tW}uJ&$EnXET3k=TnBx|)e&SBKnGiIq9tC4etY89J zjR|MPuu?F@{lu+p6c)vzXiZCm+OEcOVp%m2V1({mc+Ax4%1!fQ{-U5jenuc|@TuV5U!UZmNq<|ChgmPr4&&{ZpmqLk@@mfM9^SygIh7?;3M4TAoFS<)kyMJi(># z$;Um$sxvaivHv|J$?bqcaKYV0b`Q;K{8-oxCQ)$qQ<_AW0+;J_4;gepEXUBP~om8?n1R#YgRw={{5A z#z1NEXa&P8eC#4q{1dGB3x=sXQ=9<{9;lQ6_Tdyem9_eNkMo$gCacX6jmk((CKi) zdgG?J;wxiJOS*jdGB`8Yg)gc&I5sEAz482+S!;&1p9y?oc6$Na!+JA`1k=|C{UyXv|JDS}uO2;`e(8WWA%; zITJ$&)R6hvgGmqO0(rmWv9qCGmb_GHg=3s}y8hmVb(#q}Zy85uIUXhuE*amKT5ZB- zYW}T)uYRr~@(oE|3u~XDZU&m~7_BId#+ZY)0S%FhBUd=@i60knk^?xG?tVvpLbxvtMOT# zH_2}RnvbUW;+i}!o?1tl^QkZ_Q74K&u*1Xz(9cfgHcih)8~*FjIMlqN06T^rm14(? zdWLF5%VV%WUfeTycZ1wGEyuFdS<@tv?{hw5{H7X$!vlv&{#ZVibpfG5H?_mLu_I5} z%_y@DQnH5Lrxj10Qcoir&o}i3I`B&@BdaEImbEA{Hph#8{+= z0I46kIlt+UuXCaEz7avFA$M%rv35kuJocb_wPB};u;%qEJ|65%EBeoIBlL9fw&{so z`UOWL(=MaA)6$8ZN6KJA+7+E5BLc3LPWt)Xue01YPP^@YpAVTa>lrT{jxwAaHpSxA zTc65N#M&a!r?_CL*##@dgI#4os(}96a?Orl?Eg9)<4^&w;5hOE!yZV|O2fLjvFjpV z^_K|u0Vyi7sxO=|=}24bDh={BoD?&f*7!v^JyiZaCX|Om+J+6Jr|AERFx$?MgBlhe zlbB(ArEVBjod!z*T-FqN2?6PmAnvs9`QO21j`S*#XTaNydXtiM#k(^8)A7gEANlH^jgRwx>de^dh-+}x(8T)bG1b2u znIf2|BP*~>$|^4|>P=m;D*d9y{Dj!(Gl|5>qJuZrpzNMn!Z60_`0^@~Z?)=sE}N{W z7wdT(1HT9{yrFMQR+l`JlpO>3H_;H&=$C#WZi@1)|I?5|OEU}n%&g0jGVd3!6T4m) z%snEgTHI{Uw8WcQPerArI=t1q+`!2)3Exxf`vQes*tu8UTrB?`L3+KJ@^rH0wH{Kh z%jk^9_2_&*#)|93Tl0er!}LK84Q}gQlK?>!PTk?%u}}E`gCB@K8g@E(l`$cf{v<^D zg{^DLH-z-)BAQ~?>TdeW^0rJS%!<&eWhHZdbp)PxL3ysodJ3NtA31~{>-F9U?!4EQ z-~Io*L=#^jZovowsb2sOW+MoO`&~n4(cA$&&ExH3fO|sJ;^&J9#Xd-J&^JOCUGBw= z59KxiQrduW*Uq}=$J4eS!0u(QOM4ND2V+$F@>1%{tn{L;E0GFOa~J)5V#axJzL}b1 zKzY#+vEWaIGG`$Hm8OMxK&1mRdYbKZPYK|ScQs)#j|EJr?W2gWJ2#P7!II1+eohH3 z25Na&@8$N1A1*ErSti<-kUbY&NYcZXXlAn4rvOEkTE|%8-lZuHBhQ??uBu<-dvUy- z_o7LTBR6tdZ4AN0ic3W|R89w|id~-9nh&Qk=WmLE-3BDXr}u<7f9qT83)*5jl?2T6hNbD;%Uh2;6WkMn(-aAS1?qo{LaQJWP z$(%vZ6_p2rY#)9iolLtoC@62?GkWDk6DB*c3F?b+d-{fMM-uGHw5liMt~I6#tGow2 zXOFzTeTkU@e;g7b-q7f^*gEg{)YOOCmwvt4b^0C4t+mP1!Tl=XdL<+HSsm3IeReB> z%?J7c(`wDWMaW4q6=*1JFYBFCulL(U6lN~hkU3yFx7=POhqK-^t*zLanBSxePa6X?19#Df`dL8<mMeoPL1WiNbSnC-NZ{j+ zCse)Y6hI*Hi{0VXK3mUbFyhhWdp`Dpd;3b}W|51|Y0F4cY%$_+^PmX%$L z)mgP{5>2C5CQiY@V_<};+*mSPBsoqV^SC90(4=YTBG<2SR+}l!E z71Yi;`@?O@3!~=2clk&1{k0Yq|A!G{g>805O@_WNjPCJ_h~~+@a6Xh}Xrslk@|T98 zRm{PAS*5lLU+9PnsJx$ILf0fhmp|5PKJ7E3IR@Bw!a|yiGrS|Bfu6n+K%|nrDOnZ* zjfRK^1^eB{mxa!^&-~sJ&$iSop^3eM{Tl-;V6a|GbXQMV#eO1wBZ-+~i{Yk9zqzDr6vpQ03ja^~jM#o7lVcDHuA#}Z{vBsJzOhe=NANmd{}poz*HZDrQ>T{lerp3OTVK-DlX(-`ceGz zj-5~TgsICLyaoK-kfhnk?mthV703At7R)0|ypGO>TLoJVP0Z?8sj` z)%a58ABD3C5OC2I5mwQ?I5`!r$ME*@;S@V=bQ%37N+@3Y{4eMm)ai7t#o_aJf#YZO zb2gfSv~&{Z5v6`2Pqb6GyPCJUX?{M?Cc3j^@2+Ktp!=7D2e|g zQ0ci!O3UjdSzJ*q3N0l4WY)S+&}v}?3TX1xU!h7C895) zm*CC9!bZ3&Z(^puv=x`o(_&~Z@GpgZxozn47o9go(_|;B$UvC=Lled*(+y+9Ol*et zlBBg56js)|yWFvJ@mMIQ9-yZT&-?H>8&bD=w?WU<=OpEgQ4N3{Ox0X}C^M%X=R~B3 zu4y)4S%vhNa?>bH+AN+&zlfvS^*d`=a&a}FqC$!8L;j18&|L)!9#+%gjxK}~Y5lPK zA)bg9x=^-*c6dji*6<6>f<4JOG}s&oR@HWf`w5`Vgx#l@|JZ{s2ki| z(twyLVw(Np7Wr+va+Pyvxy3TsG{zJl1}V zgT+QV6#L30lq3r!S3Z_Z4isQ{sh*u@bw-T2I2{LRm*%qe3|US2fc9^7u^vxxc`YNT zxon17J7QF2akMvn#neo3GPLJ4&;no7;pE#xUAVv6aL0%nZ3;)k8JEu?hW@Tzb;iIL zn}I?`RmJjsUb0$8F3<7Zr)3nOc%g(`rVa)*je-&Zk0T|)BFH`!_wa$~yld@%F+feN z99b7zPY4GUc_&uv7Q@1#?7{onuAQ0%Vj1Z@IvT%DH&J3^Gz)V8=>rQl3`Ru4V;;O- zuI<5oFr7bh$(}onACh{YZjIsqZiS7{yEl}s1!yKh#_NuQepTMuer|OuyM**zKVGg6 zb=h6rkK1tz-j|gVqb!wr`tLTVeUvHY4j};ZFyeGGF)O8F!_l9H*ED>*6|6dH>9e)x zdb*KbOm=)g(c4t1`Mtm=!A9zsg=`u(Q3d@Vc{lN}wu^;@h25p*{HqwFxS-TB^sjAP zTPOpiP$$EQQIBfu-h1DeKPjWMMh|6VrsloINis{a8b}+==`1;n%GXr4+7y#=W%Ga$ zOJkZm#WtQVfX#0#5Kii!R*uTsu zw0U@Q)s;57>$U5gBkVbk>Mjs4ub<;T=rkms+Z(krv= z-c}f1ZsU5^uDz7zwIXnn>+89rE;4iks2@4Qw-qeEs0>^e+A$BEDl11T_Zl&bVia|f zVzn%Sep*VZs-!lbu)Bg1_Ng7Ll;#eS@ZJ@Mwu2w98k^4VTcW)jFIl_igS3>-C&E;i zEw;fBAuIx2 zKV?BihPUlgimNKsb<$#6`I`*sP{vr!ny&zz5!}=Gm&Td~YmcSzFE>aBG5)q~{G{;o z`qg*+TgoKOec3XfBz-am53g@V0Nk$5hhwKZIV|&?P|CBoWms_kB2yT{P04#4jiG%d%k1zSpy4L z8r7yT(nM0|trD;5ka%tI=;_7~c5N5uS zyyB1hh`E72!JI*^LM$akq;E#sRMZnpwYHMd@ zrhW`Mj{Vc1$!D5cES$F>@(-F;$VafsAn45Qkd_)1qbWniJ2lwYFSF_aF$V~EMhshx zbvn|o)s}~cv!-{a7#}*(kw({qCCVxpd(q4Y2AI*28SiaZ@^c&L0*_(-h7yd>^LIs<8XJ^jsISZgC1^CP$O1)+TKV=55#>Fap})M?GQEM;B4y9jyJO>Veo#&O2|{b zZ09o}FXMBIA2=W2msWss@;1)nnorF_E-}KXZTxf8iz~cg^vPj@eFnckO%WMpw*QNuTZZCSH6pFXY<`=o z+rpb}O4o~}h)?;otv#VGy212ymd`-AmhHDpFL;YOM`eIx%NM)JLFZaFUyBEYUB3<_ zAYoXla@mZ+8V{G5zQ}WQTZE*Y%jzkQ%VpfKuz&Q`FJ~O!`8c~UKtiWDS zYK3j_4&e49^jaHI5tnW775CrPF~1ZI=2s02@Xt-?%2c*)81F2}VypBNrGTs6Qc8(+ z4rHVu*%Gl_=dtw04E>=aGocV7PS0om zO)6{KT2>;!qQ(fvPCH9q6L!0ePZo<%{Qe&cfR5Ln?wY(bDGu<)z8a)GfJwjhaVnjz zZ`+owibphdzr6WjaOEMk06@Yg&Fc(w1z$_W-7R7M4xhCfJ00qZIzo{u_gM(X+=_g8 z>MV2gj^gMlOoL*rZZrZaZ=9wJ@C$P(qGs(`%j^O5?=L>u_2xg!&yGagw7K1nTjVw@ zlN3KRA4YjzwE?bfu7ZcR8Zj#;AEr-qPH04z4)1>acE0_x!hhhi`r%jlaoedP*tNV; zJ<%CgAt-;LuPd_At3+$%J%t!vU+bMle(}%K0Rx0zn^7dlSf2%sOf+X~EUz99AD8o% zT1Y0}e?458@B7%NP2BfUBVQs!lU9dxaWy6Er!I6+j~W|DKI^W@y0m*UW90o`TVk}B z_KPhh!%Yras;t*#quVYzr|Xa;s1?BmDfm0^RNoF|`*$QBg%(SMLozAj`C^NRzV&r# zSk*YQGx`K;hE5f|-)Zr5N-4>f@ij=xJe1CQm2ba{!*Z3-wDw%{+m6Fjsw@`>&5s&N z0Rp_4!;oI6Eof;LRhErXqJXw8{5UW0iE1+0QdN*Snjj(v#J|@=o3a=BR#1eG?ztJU zsavZRCwp%rW8}kj<``IxT3etC)4{YU0~a^t8eNI{@%?qfI-A`WQ#%eP&+|i11P;&m zX@bM`5>GdX(-vY*rimBPg6UNZIE}9yd4bYbwMPLo6~Azvk_*hJxMMOb_EOXPvp2Sc zVP9avBhs9Nf2QP|3@J#tjeSz6yQI(U<9qgMh$HaYY*gCXs}S_)5N)-9yeVLnb241V z1a70|X%Ie`@7F49WHEBIw7~L?>k)4Eb;m-?Vtx5f#$g;AalKfQ4AA_T!aLoIt+>7l z5=^8y`N?RZJkbk_>?(-g33qUC*MLyM{qm`i@|2(M1u4~57ITT*{-LcW1Waq4eTW`p zxfmQ}6p5t@I@c$TYxnzE%b7i26CQE1o2*W;8`g~G-q!h%Wt1sxxhExhM`r#5vzj!}?+9`78StmiaP zKe;)l1>~c`SGI5<@cY536%Uptv)+vgLeEXUQ zB947WCi%01k6wc6&3#?Fm&l)y;;47Rtksqz=dWVstn@A(%3SX>g*=20le$QzspQ-{ zPzl;I2L`5vZmS!3^t$w7uS`$79$0l|_qVkhP6fP}x_%1^l|6p@U8FZm>~jYZIdW|T z;#u~$wbHs@mBwB4=i(y)-RE8{!b|4I!~)yo%!Mv1R2Iw5w7nK#wkcc%fjC9vI}Rfmnge7$fc7+g_Eb%Rqj<)ag_k2yuOk1 zHQE>wO_-gnY5j+(XB*-uy}-S@<(APL0+VcfsC*r#EQS_{pjtm?ys47Yw9DHlLT}h; z7=>K$pV1iAt^dkpbML@#etAdCM_1a?aRE(#roJmKTrXn60NEBy1H4PN?3}emr4)oO0DGaN4fi_!l6;d;$Wj<` zuGW1vR&K9N(tscCH-m*6I2?bsMN(8R1adUEzk%Z(Lz`aU_EUD zIXz)vV3XYBmrB{aBFn{dX?zhAaybXa`~ehyl58o-FWJ9cWfvN{hz1Q)$mGmJ5XESB ze+ZhrGnNN1J1!}{=0^SRtQ|p|>jKgl1FsZ@}=pqLg{=3F#}e|O#PI~5?)i4VVN9A{^vcbpr_t8nh$PHQM+ z4Rn6>FO3)k?%HT5ulkW^Q85$7ck6)r+q%=qW&q|NCdeY(S@ZQrz>SY5GcrGOc8>%^ zT-kq)kXx+51`&*vn8kgNMPG`zXmq#8S{Nw70yqktJ2a6co$nHkASLD+a({<8<=7+JjJws{B45tkz*YZqI z-C%7o7=fp`_)8l34HgTfn-C~th<9KDZy0p=p`hxU!h1B1iKsMAt5QfZrEW!cQX^v0 z8`w!io)L^ynSPFL$wRG#dnQFc;HP9&wAQ9gkcqxQ$lWC)Z(EKiEYrVL8eK7PYICqI zb3*mCji!uM>D3r^M0*}TQir1z!5C5Fz+O(;XicT+0pWw{VNdO?i26w??dN(K6{cwc zNRETJN4T~sC!fV#nG~hso9@q^s8b2L^N6u_hEuZ$S`^xlx;dv z72~l`@MubGHkggwD2spj*{g$vjc$(8wE+*`p-5;>99x=ex4EL-gvx2ZUtiV$$@$G`KG_bfi{kA$tGZQ)w-aJ`wMI86!O=}?n!n=u z#?+Q87WVrcZVda@?n+v%Q(jw^)K!i90<>rBTiH>*C^WLFBPF7KDY7Nc^H1FuVI#g7 zM}ocnvA&5la-hmKPz}<2o8Ov3+^JncWPYmGs#1u6Y;lg|9$t@YGTAWkEAWMux3sFk zVkJHtROUjF*N^0>rkrL2tt$HD9XG!}%SMr+keyx?ZkG{O`xF5reH$R(F;$zLSd*Ah zHu;^5K_fBz8iSk>LFUSbBw;2ROe;WTkQ&X!zB=$dFJ2Yq+kDN;A{y6ib+@SPVQb&g z`Ogf}#;bq!>m#;Wh2 z_Ts-?XW)-Cl0P-ymBo09JG9>C+%Pu|@?YHM@eMILc!{5x;{1|I*Q8MTiZBl`Uyz-f zYcSs;C$tO$f8dox9muRVc90TdN^4M1gk?ACa|#U^yQ?BBo@82 zz3^WMlPZHD`mCIS6cIC$Vlx#riO5AZq8do7;-$?lC?F3#ZCOLbqIN=JJnx`8dUAKt z4A7uE0q5ot6h(Lr<>ZiOI9NUZb`si%VOaKyvMP`eYb=rzyWBIWTd(bFR}p>$EyIP5 zR_zvD>PzlNi1oR9##zwVfx$z~87R`xolL^psDm^9~h>Gkw>ZPgJj z|IStv-6Tdi0E))OlZsmE;q#kXd@{08n$OW&;XZkd&^uhi)Sy7}SQ8c*6HRCLjx-

    n*?>i$vkEqgLwVFyKKP@)B`>?kERcJsz}&aj;tQxv4gZn?rhKYSQ@Ut$_uSt+FM zOuZ6GLV)<{If}S#WR2tBvq=+{Wdj^*(CuI{6r!Z7!oySUBi0DfXu{Q!+ycwwSLiA{ zo;bKfrTc~PcnVVRPbtVwZgRqI+|dzwgWapp8{}Qw*5C*w59@c_`R=e|BuOjAnJu^u zmOH!4?_2lMXtzZe@fdMFL@NhyE1mFRidjv;YyGxnK_-hP+FK_5t_HnlW!7~nv9GKY zW)Fyu0vF#UOSsu1c-2XnDZoM*t21fy8~0luNCe8!+*PB~&O^Jd$xdrFd|lZ^Q#A?7 zfy8>&;?@GM@!$}Z!>>Qu$T2aI#{-KiL@@K1OuB+Uyr`e3Nx;LFz*({!gJF& zU%jA*^WXcmV)Hp{brq6nEPdxa*+NQ7=Fv`JaCT2`<$wiIo56Bj!iK9vEw6}v{^XEd zd*TCMeCY9kKe$afl+NU@v3+Bf7PaoZeCh?yd7s3Gmn3;nxRuxHRdXSHp8LuvqkmU=l0(z=y#pEB+IVBS0!l;|=M>NbDt)@oflXHDP(N zR!CwUKRz8O1W#uuBG&VAC&kQb&f>K?`Im9vKY6lVY8hBUa1d0cCZZS08<|K9c-hJ7 zCZ~F{R(!BXiBs(Z&bdj3YtNRZFRHN5n`IX@^=md^g?B|8sZ&<@W*5ITs3elyD>L|E zb}pZ*xw2cJVz*=c()CyY4f6c&s?BEV+gk3NfC)2hKe3UnDcO*PUCrmQ01Ogx#XIx2 zpF8K657FNk@cZ8RW@Lfvr`K|_opibQDraMQD#rh(9umuePVh5B3-LSr(qUJ&bC81zM=BfRu#rjtmP{@vD^X^}btDcsd-{92%Del#a;3=<0U_ir z4A_Vt+oF7;Il!xbq08R5D}JpSuWR_Hbo7|Th}RCMDAyJoblp=D+eUTzvSw_Ge&|PU z+B^SMO4p|fhP8_lL<}zzPI&M!x1a8^Y1p+m*7^VYKAADdJa zEArzE?S|wg;El>%HK;@+@Jjph|HB_VgAnd9y7)HcqTVfobu}b(zZ%-?e_5}S!UpkA z<4D9@f>ca|>e{<)QTYBVPT4=Kfl&BRlHMI!jvP_72?i`~-zOj+am2h`-E#@P?z?dO z_&E=Rp_TQVW8ym{tlkU#5p9OSL9Sm^USAx>g>16mMPLU+;i0uLFrIrK*?IqrCfG$CED=))Jrf<1%X1I3r%aAwO2EE(&(2LKwbR^g5?-Muz*& z?%*JOKr_5Rf){1b(xk~rn!@XWYDi$!`y;IEaLv@%pJOCXR}>N8luw5|3WgW*IU zR|*c&NYaGQ_`NUVuz7EY1fo}}TZR}GYG2I)7QVI#D&WdUBy3KFUCNQkyy}FB4%<_K zr$;Stg6ekqP`5)Lm9Ou6CuEMir%51s+dIT~ygQ44ZaA(IKPYHecBMSQ~F zu1JI#L4ivX-cJk%iHh!RlGL88ll<%V@K*`GNJ{%Sa zCyke+3VQHn$z^1ZSod(dBR4n*&Xz-YJ~_xm*0r*GHf8vk+*>|6Si*(-)Lg4AyHA0> zrEhqU)St&WX~53#x^chdb;vV8Vj9#BDC95yt?;&Z_~DVhV(ChHMpRW|wVJ4YppQ6| zrMpOpHQ`$o$wRH%nFqKL9jFTY`N@-2AD@b2e(|w<0gX(4E#ZzQztb%Kwil`<8k_e+P%1^b4A%+78Fo2hLBTq>V?nh)y%=P)nJ8tCPW`5j zF5PRhc+7BKTwNks;)l4!9@|UxMV9uy1?)xK^z)7YGwkZp3xIud+4`I3t$Q7hr59Z99YVhdB|5nu% z+QlN-mKsYgM--clW(mWfpVMrHN2ZEL?ckx&`eES}GeYF*n^GN(o; zGw0Rse5Z)lv!^UOBUXykydfiti0mqb-$C{Zb~ThP->g#JW7O?G{76`z>f5cnB`x9c zjY4a#He@pT6_*RYkI^$14FWLYv(Ttil#Tt3wBCr8wWTFbTFE`r>|ltuoNFeZ9A#%C zu40p%nZr2fW*>0nPM^4Id|P(gl@V1u=CJlU1%!5j_}A_!wPq*UD4XxD@5fJ$@#xZd z&QH4fvb$8ob>saEoXnTm==3`SkvH(aGnFbYiNngnGG11E>p;W-p01sBU%XSyn_d%o z?QA8*kuN$bh+TJZ{9EyL8?{)I7fxm8yLsuT#mN{NBLYy5)_2F6`!093GbckT2yacV zu1|+{`##ZZ>VWU#*o*kl&qf+DYsB$wL9ppaE~=7|z8?R!BJedRH$oaOha9wt@I_yD zO#qL`E20|_CxD3h#p;Izd9NCc4;mUKMz5t*+J*-d(JZQAD?u0%63J5L(J`N9ThMvw z{#Vt8vVjI^L}N~Mp-1*FE_v30XNHT7$9w?1R-D|`KB3fNc&!=k*8FLhUb(9qyb*-# zYTnKV&7sG__1{OxM5|UiKLCG3SpsyTkO8594*ZkuDD;&Ivz#DS36T0W^+-Xf3oG^*!-M~QqeG#{It*rplBGgkLt|Mso=`8x*pe%lbqylI@ zh(Lg*Z>AsajvY9JDRn|q;$>n5Ig{RKbUUN5vPC+rxVh}HA@t<~Z1?hD32ETCCxD~J zv+2m|#K$=JubA5;u1JnWD_yXvyXz$niGnyyxVYm^u_{Fy>{nKo3EGAb$(hNfk6E2! zU5{H`LBF2P@cE1;=oh6qc@uO;muF?7e=YeaD!ui73$t>Rw{1XzELav3XCAP)1Rfu9 zd59Glu6F9~!T{80^?y&kavj;b-P~t7JIK|yo!|E^z-yTZ5QD&!Bc5D8FI>ZZ2G?P+ z-yPLk7LSA$@d9lNW8PcVxKW7TMQU60OX`cCoX$_CtkgjnmI^Cx1kKA*&!G{Fu4DeW zC+=pBl02pujk3_4#>V|m-uObbxw>>fuuNz0VUZ0lqf&Yxnoix?namUuKc4Qr;mm3> zOSudgdmdeln@*8&Nr{6IM=&J;8+Xh!}|>I#6ifA!R$GfMNxmOnsmYgRG3`B*Bf0uRC@}$wyYRlX3U6X=Bh@k60g}q)0&+U8;Yq(-={Njd0YatWNx}S- zt3qV&#dP-3+HNJ=<%Y2XCwMi{)84<>8lCEZKNGzq+`ML2)MROqL1tM$61UK>LpShP zf_~?>UZhaO{}LPutFZIGVTYBRN)u>2)&^Q?maLk?8X~(4mV7jQW%3)re%x&@dB6-H zD|gHgkx+Ws_f3~w^(Gc`ig8nM)JUzZDtOMEIwAsY1^;<;;JA%GiHZXP6LajP#O6EM zkqvwL)oY<_$xOs&y0zxO`~x~&Bxl%$ue$#{`7`4)H#WP}haCG4%-cWK#p4rDs*aln zVO-33NA3+dvWPim@eDR7h8LYZmu}lG-Ci$kkWhB&90e;pYEUIMhhHM9mdgOXn8VPB zUtc%KFSbBGyGG73L#d~U?1VhX_dYFf?PuBIp zmOOITCHN3MP*<}@b89VQuwAL>GXqdPkN;9(^Rkh_#vdVi5czKq#;4Ayzr8?m+U5U9 zxh`{vLxw8ZlEnBuM-fea67j@7qGiEI{LL5RpBpw$At!Q}vQYpjY4HFWfQ<>m?r#pD z{6)L;lwPrF9HebT?$jL1B(P>)Ld=0I+XcSKfc-*o{I-q^Cvb^4blH6(nOb8{7hmVo(2+q^<}0@yC-v^n(Nsnoj=1SG?TM1iq=ZS_8WAicEX+<=Nk!h zr$R|MzW&{JfB@i4U$wdu_|zTT-WtpXAue{N`FM8ZCEv?6L-#ukti@dqN1w@t<`L`Q zXBUC!;a3%HATsI-PAsqds_WT@UYPnTt^B1ZI!j{XuIbDNo54JosS_InOL5?tTTAzFD3M_KbpyCc?Na>SZl(LY2A64vSkpOs-<3!H<^1tS5 zn6{`4XoIq3n={DNJ6yV^9ihyFb9@Hli3yYj?Jv!r|o&?mDnTg1uY$(Sr^alXm_Movm>%BI&@S7T_ z#wCUctPlnIoMll!M&&;K8itYY|TO*E0^a{1u-k%5J#HMKT&Gza!tAF6Ss~(XY7G>-KfzKiao>a#+w{AvuR_4M6SO)~wh&fV97kls0Lexj zEDSc3fHg*+`A@lxD+!s8oL!^(+z5Y<=W0O`IN&pA06yMn4ET7Ajm<=%^;9P&HddAY~lWJl$?m3ctwh-Eqm240)Y;WlyyHl z20LhzEdDbc$w0R@Z5B&P_)cRG3|f{92*DqmnKGxy{3*Gz@fl=fOgEb|xHlj%Kk#$n z>2dx|oPw33wl51sJTQK#S5cp}>KH!H=Y`B!y)6)j{HG0iURz8r=Br0?;JXu-j0P8L z@Ny9WDMVbBy%*Q$PL){6Q<-iq@q;hzju=69ns!tBNOmu=XFsWY{OH0zU;qXA_rlC= zvcB~D(hz|!Y~t5@j-*lhG$hU7s+8;a351M|Q5yzyKNG!nCCkY^SC==9jzq&pf!*wfS( ze)H!(=BhzCUo^jCR!>2t79#(z9~JONXi79b*cD*C1V_;mJt|3e1UfG)k0}y+dw$fW zmvC;v$nAr)``%-oMi?)VdUA?olf`SK3^{#l{m#QkN1G>9#j~j{|6RRQQKVOFQ&-UB z<+A^qfb)Lw!d<0gQ%wrSP>{bvu5uqb$;nqPBo+u&+#%C$c2kz>LyY%C{_?;1S z3u0`qmw2DvEpM8Ks3WP-RlWLkWR|v6BU9kZ+B*)@IBpMFZRma)Pm;_5+jeEi*RqQH z%5))vQ;9_gY%0ULx`D-mLP+p@eCZC61|&h_e`-mQ(AyQ_16i-B?bXktdD#eQK0}_mZ}2Z9-ZZ=4%jIn#LL{r!cF1r@N1CGRX%X3-L!yt{YW3jUWe1 z{>VTWD$7?L`udaR-TcSsSx%fILWS#K8S6}cMy|qlE@ZVv$IjiY5jP>cAV5Y;L8TA& zjcQkp{LCn}t>Qo8^Tse{I{mebDKZ3S)HM{X7nt z40%eO$EWrET=sG!7`!-rM;N?O@#f+6AD^yg==LVgi8NOKbM9_sl-_`|EV%ds+on4+H?Vz>A zst3>2Pc>CZS5C}oJK@E$T7$vl9#v4DAsb{$!I*U>tiT`L_!lvjOIJ0Vf74h3OOI>M zL_bS;!)K;954WcwYnic1#RduGQ-hL`5_I!2#1>GakIt(B0`!@V3s^2fL43>L@c}lt3e>qQ+hzSxg}}m1ptdb0@y+%fE>?p3-p%I4;Cw2yo~Y zs;V9SLiCDYmjK43wyfxymg}Ly>`VF6&$;*DBF4yKdyh7(Rkv2&1>Te6eGsplud$GC zD>(k!1G%g?U9dBZyyhmxopiX$2v7t1IM;b^7hi;89T?JoYC+QAP_orBc6yUZcdSn2 zJ%ylRH}#F<@Gj^(;y|TmbS!9o{2vRnNjX2xX3kObiv?PlfVt@99s5`s!A6~y)=&I? zY)k(AjaNjbz_TM9@`a)#CtyU+`ZP%%TR}Vk7oBN64a0J{T)-mb5xQ#dP^OnJOHRxZ zZ4o7H{D(cHCT5LJ@$B2iK$atv&sAIuoLm2?eJaS+p$PMV&Q`JtNkcIPR%WVfNMXkG znep?d#UFLyCgD$*GRri)WpIWY{*bmxPixLUYSLT8L#CFmR|YpR3yEpyh`($Zl z`8)M`Q7@>_Kv=e}iC#Nh9*Gk7bg)ZgwVWJZYG=z(Xe}2ckPVc#Fx6D%nex7LKq$rh z5>73g1t?<1iZH4HLj_5D>zbMlG~6v!wPTD|*72!h=(52eE<~Dp9G14u_fbP;_qeShq_kQYEz2C5H4zaXT z?X8==YkpwHI&Hjn#W*3lT4Ce;-0pSXC7!x`qUg3?D$o;E^sd=Foacz`WUt?%5;;YJ zYit-5eciC-u3B2mlW~~oFzDmk{nm&9R=7a5MDw@L+)J9b^nw-8rCQ+6Q?GsXdSNOA zX5coF2+(o6S;D_(K$8Tt7~%O3W>%u=og@=fDbMPs+H_kFFvu^lNAGtoR4#3K2;Z~! z$>vS&e?(e!G>knwmfG!FUa#M|>1p#?-{NXsFWK0^j$}DEHs^XP@vvR-#q+pr9?~kKoVO zIyFJP0+`L07X%zO;RAQw6A|c0jP+Bca%tvC6vnYCBg{y}XR_#ugUsW%Xy6~o0NYou zJqamZ`Ho`+I1BWjKceEQ(@8={gkRC+x|vx=E&7Lo7gL9ZP|&=4X~)o<`|gNvyXsl{ z%>+C}$Z2Ep;;Xg=xG_KOz{A0BVgvW&;O%}yYC!mj3T;!Xnck3H#Ud1qe)QT^vOsi| zz~ZUoGy(z>6EXJ_jSWb!u8jM6gWML3=+F~R4uP#kbTD#G-p-Sc9*c}>LnC!JquQq{;q z&OlXaTq}CXcHMaZ(9oBg$qJvYb0e1BiosA)<7X=qzMPjoPz8PVs#-@TG4`SVD39tV zli#7cAvvqG+U|blhGctrRGC%@`zg>IN9j&V#~@gcp3H<8Do3K+>@DPmJ#3jS=p7rW zXec4!Z>%NJZK+L?yZSDxWh5obx>yn76wZ|W@3&34l8cp?CUsk;ZJ$}vgl6+LSJOZ<~C>wxc6+Q zuVv{{CqMHfkv+QbJ-ow_MYBOdqO?aXyPEcs;EI;pux$2zwcah@ZOh^hp;g!D#T%wp zU>ZjH9ma=@0)jfCx}+z*D1-;R_ES3PufDX{vSdjQkqurf*;YaN@>mjM$P$#2mA(?> zCwB=Y;|6p~bdFYBLs_lA<}FZ;Jbdy$r$nl-FRma&Hp?YkEAOT+24zz2_k_)UGrgEy zeVhqzcIQA1c~`U;gvhCjd=P_CCT#r^UknL%dOY4 zoGesjMm%TX{R!H`;rEM57)Cu%i^naQZW|sKn`cM2D=u;GY@CHl7Ul-j%)Ge(x1w8w zLOh^`YnAA=<(4=>V_?V!4jRqjg_?=BWC%$OTck;P$I{*>tPP0K`{hMKHZ@RooV=~M z_mC0apS;~i`Rr>z$|phg?n%seP*wS?iF$gvyV$}QWi}NXScXe8*;%U2#!fm%TKW2R zZ{N4keJ`}&*49NW4TUdwEcj{hk_@|9>k%kPjHYAPWLTSmPcMV~4g;Q|88D*9snQ^u z{R($}S5Ha`hvWQ2WMK+u7I|;uWmkB}f*z=cu>m}Pqf4baYk5dw+eoJok_*sP6j zp%%K~m^TztBVV_xj=hGhE)Ot2@Yx^Az9j_vFb{Sn2^FV@%IuA{Do4G?lXR2ja)2?z z;<$M8#54Q;+RVv|OJ=?Y`=U73TTLMSz-!gZ?%ibZ%(*+DxUHka|7<@~)EvvP;o)Jf zTf)$yW0g~TJVfi;)}l=%?iv1WyriVMr3}V$fk&)l2MUe7tAN5SK?QS@Ja(NLn}Ot4 z#poZPK<%O|OcEO+z9ZWx1x&{YgKu}KPc7~yI&Blw)VhCNLW!jH-9RL^a=EjWCVY=v z+^JX6_t0BHL(7#$cga;R-Uz18rs-_-2bC$Gi1{kJu>1Mc)%x-A_SO1@-Q`q z!J?+?IFM5(fBhOGbokyiORyI|Cp3L$Z=@zn&$qpvN2TIo=#etQq%}8jj*A%D#RGR* z>lJdHojmdKM|3B@df49g44FtcPBWg#DUUBR#`_B@$URN7yZIMlr|~D|F&1<_!3;B) zx-G7#i2*K+-J5gH(KLJW)BJ>97RPF1bZ-rUEI(}aWg2O=b7Mw0pJsH0o7ao``}omf zY{k-GkZETUk($78o=r0wbv8Ypnx?zE6ihE4-c3C{;iWLhR?E)_0Nm_-_1DmzxAvD! zPxoE>Ej++d#*!GIS2%UhW^s@gP(3|f>zKYk3FME-I9n>sU@x1jcvu(dsosB|YdE0S z*q3T*agOUpQnR0N`kXeBJ`;EhyC0cxeSIgiyh?Iwz18_u=DWNCd%*-ja1DBbjthAR zO|J5QNpS89S)#Q&WH2B2$4jM1iCz-26h0XpYgY+#i%$!hGe{JKM|nb3M=QAMyak%W zhCilUJl8a80N*I3pD`8~s{+&9sCq^|K8Fn#sePUrQW-q_#B(#1u=v$E1))_FaMcW1 zadAX~%1g=&)*0(=FfN@EWA!XrCI#W*x?-1EzH!N7XS`1(Sj1mdJnt3mn(%n%roTQ< z;*jxx(Pd``ukA`45fTBOCYPp*i$77^wL^)^|} zJ9YPTzL{k0%*O$oUN1 zb_Oc1K@$nbD9~S#?V`=bYVlw-gf zfFxGHke7W^2C+PsDC#TFcHBJSdV4c&#za~cnWdtfLU6X+wrO`4;!r#n;HIBiEHuF9 z68OcV>f`nz`e)FIqV9cojcc?!Gwf{W0Od@mM1!t0=+clykx_Ne#6tvA;G>MAGOdKK z-x@9m?$E7v+RX}{%*M7A=dW!Qsa0rAlrF+f!JFBr1+-ul=uL?+W;U?Rh9y~pdy%JiC_wmun3;1PzVy(re-&^kA72G2s`zSK$6TeVewX$Hpoo=m#844psE{C)D^F8f9H&nWR9xJIRLk@c+q0 zvM~K)EN+(Sb^9}TqT5?Oa?2ii1hLY%(0dwtZp=EdCSKb#xVD{XrfGn?BKL`7JT-%fMVGLPpm4gu^9GF=S?$OMbUAnoh_Z$;HcX1H@$W^-IuuAy;$H`-)4t+?Y_eEX6Nke^Pph1(x+4lAxjHk(yPMU=RkObyv@Zu@cN7X zGYD-eg0P>TzqxO{2IT@0SoF16c>#G3Em;aRgj)j&)2t@=B5&CkLy%tSiA}t0ipV0s zAi@Dx{-|&k7-oG4i;E}5S+81eAs30|?3~HM<3bTJ_!|R z#%|9F{0vVeCF%%YKucI-vWJlZmE6u0YSYp#!#rsw54eBUQ5bC=o0xS=(lJ51y|iqd z@!q>{6aSi$S{?;LNwRLG9lh&dfk}ak>{R1#d%hBU{RR$5^ZK$Tx}_YmL{JD{TwvZU z&6fgInM(C3Qt?@Q?&h&!x0KY{?y}|HK$?W+ZGKHf)e`7ow%;Dvag0)j0pAkaymS(| z>O%pP6wrXr#yRanuKfxFt~MHt!N)4VDkhtbmKT+?Or9F=@mW1@O8s5E9W^Kui*Ehb zNSQxAR9;Fn^9q@6Jp?Ho%W^l~mRuYEg8p%}F_YD+Pc~bkFXa#n^<9A;ctE;^ki3P% zkK%RWbl^{hZDKOWMDjroKBc^uJJcrcfv%3s7w6?v=gfM1k7qws${SWa-9B5tKO%hp zuDwE`i9_$Iy!d+caoc|7{x-8^QLUWzW48s@)LV3m;n!Z)qiINOw@cfLPE*bzyXE(~ z-bUL`6ECiJiuvCyv7e-ztHqXIcqG+7a}laIT|xWG<-EdrUM!w*xNpxWzbJKgwg4_t zcAi`^iXFIf+ES%oi$2@)Xm924+)Wm1nqj}i&8Omh9BaZ5FHgXw5tmY)s^H5P*tg-d zwLN$t75yJpd+W&N^x&N=(ez^ZhwR?ojrG4zt z`7MdsODmpU-s37yv0p|IFD`>Opf7NvEDF+@N+60bfZWNi8r8ftl%ER)Lw> zRl*F{wHqn(oN(XntKf>WIb+h)DB%ACdMP77Pl4)e0X2J_{p{O+*zsIdbm{Yq z{m`d3fLp(q$eo^vy5keJIEOK833afFfg-obxn7j~FgPZdY*|9C+F-1$ zT?T^?@8wuIBi^^COm?byg6*4OraUD?Ht#GY@tMpmwa0GG3^~%bimgq^oCX&^2*`9O znAdrFwYx>|$Hpi8D=Y{;#^-)YgP|YS$|E%P2Ie3VW)Q~NXI=-i;eC@|3sQDsO4x*^ z_2GF(owhF?g26}?!((-Fk;B7XXuI~JnCI7!vp;;7Ek<_7>1$Od;n#BT_~%7DiVR+! zEQX`yp<%M_Jq_6^k_{^Jm5M*4=R5%tQGjv|U(n@1aDL7%RB+*_k54*Sw_}fC7vS*j zOUKj8^5#aq!j2gqxn00K{`o#X&+=4)6X3n$%M6u$-iFFTQg>wekXi6bH4Z_Z>OdHd zKJ~-fgOEX#A*Uuq!`8_nOX*^uO^^>h2occInim4zO`t3Q?$$JqRs|P*c`%F1n7SeM8Yd1mN&^~oW@!( zD4axEoEBGg+pTr)^bTz@#;s_3VFmN|_Qni)`VC?&VE{vVDyztOzf`ncmXCqg`W-yHY3c|A*t>CE8p zJ5ust7Lf(;MUdeQ@ewUaRgNjELw8cdw8pN<4mLMeVe@&?RO7b55;>2Fp}nv(6E^a8QbgD?`VMk=ji07>vkhqG4=gthG^~sEnbYvc@+pG@(hv;o z+NG+I9IME=b}D|cI8H24M(;lmQ-<0OOArey#3ICtQ2IojqZMi!`kBm!h}O8pzlwVs zWrXyfNXw)lL~`wL1sf6ARm~AaN&?#1ST9Et^t-3$SAb_8TcmxC!OOST85jv4N~+gJ7K_0(TU>mtMuek5^K%zCNRwg4VNerYQRAsQDH$V?MG$d z4;SyyT~sF+!wdx6J$_vH_~}&~6+*Se-@s>#Ud&oEwL34o(IoZ#ElhptK)MXmMy0Uo z+K*+u5Zw!AX@6BpdgH;3ByOHT)@qGZGk;!1mJzF#Cy!&UMQl{Nbw8M)bIy3fCnsrF zn824oDt8R)jmv}BSnDl5-%H=JaUyi2s!6Xg0VoEdlSNiRit^KM^_-^D@TpS|q3qh% zt%Zj{1}{uSe+^~$!yw_{Fq7J$v9e%6Z%jAfM-HBYjtQ$Flj8};zBqm)|6%>(Fp75} z3l^_fk6VgR+~ zmjZbqprbMSKXQq7qUX?vD3K_bz%l2((~Q=BW=z5kSIjEIVM^=5;QNaS&o@z_kSP^@ z8hWLEzzDs!8%FDoR0`5aZ!cdnM& z?aw<<+M2vdM(R%pvtKT*oBFQSYH6hDX*T{khkvj( z4u$_{n(t2KITyRuZ7!cmB6h!?j0FN? z288}|f+vbL2fg@BFkfMRKSvwvR2q}C3kbCdotj%AiAo{w1f{Zw0bJxJ5{?v0Q?3cZ z)9=H{bNPEPI$N(k%L84M1Ab8v9XbM6smcai;CJ0{QzEUi> zNtAtZY#N7APDoq8C|6$DuqE=b(EiKaV+V<{0SqmW;j|p$nncMGn_$v#MnTD3?!aVs zcGB7s-TJX5aWKn%ami^8Kh*I$ySrq;Xi%Hs^rSl8cFCtvml~OfpdM@8!&|istWh?d zsf@25U)l{}_8)YtTLSIx2ngN-^J>Fh-`&>sXSgUl&5y@)ocA^+9fO{vrtF%Ci@Lz^ z=WRR>!OY3C+w2m+1w3RC-a?^p1)h|odvXD-AVyFo-I;O-)^1iNqN1|I+d&$i!2r&n zHIniI-KPSMf~!4fqyU!0V`#xYJ~=LY&j$PqTGmlD@*J_p3AT1=`-$&!gQF$aJSIi8 zp5GAyqh_JaJ8Q9|(`RUy&N`^%J&wSKGp-ej;XlId<_d{&fzR>ajRBIthdw0ohx>bS_0m2Ee z-O61G19$L;T@`Y2m4rUl3bafxm6i34k z_m7zg^iMK?G!2M`VJ-O{Y_4PE4T#S(OVUgZ@Jbxj>g*1x$`fNE^U@6?{QKg-x6EDr zXu}oYFGd1)-zV6f?!Ww=a(!4v=ZkLH6S$T0GSI|C7n8*uPpb=B-5B46Z-u|_BzaX0 zIAX(Bvr$FhrI&ss)wp<;dg#%6n?4`M*1}=Dvvs_GTt--B_uP0sWTlzDl!BS zuTuJ)VkRTuLm#}a! zB=7H~z+1N2R)YjwZw*s25DP7<=4?@c0>eR>tB^R^L6b1orqd{VVKRhx9{6wmG8m25 zK_;RJ`bj;|5)LOxbk%;L_dhT{EE?G=ed7FTFFDK|GlSmYKXDnu*KG5n!g5rl_018~ zb*%Fow?T*oNQZp5GgN-~w-g=%IZQoa9T===nThNz%BeIVRV|C^mLdVdsx?%UEesZ_ z?BS597O?oi5tEEIzjGNzmlJ2<)AoL2&GYRKl|^>Sq6vzsdzhb01gAI^1*ck8AT1M z4ynT%Q+Jd^`(Mk({-n9uc(PKX$*IgL1tvY5D7NXmP8Zu=Q)34%!%~Eh^ZEHv+oERS zm~VsASj%t}A*e{rDt;eS21Iv0E`G}@V>X0yAmcHx4P&J-o*6iTuz^A^_~*n*0Z~Yr zDoAe{4)J8I5i)sl?WGKm{rL&;YRyNaOXPShL6vVW)vf2>I143SW7OY&XR$+VL;syJ zTSngD<=)flp29y(`N3J=_vl&sT!KHcUwmM*x|A{NS~x z6qU(TX#;l^A9C1;T9{V2--8jg=#aNpF?LyNMQ`THo(T#8?;+ z&-O!|srBFQ0QgqII?DVsM8MK9R4!`0ftQU=XhRphzj10-ri!v98l3ZM#GI z^;G^pfg={Xpl*Wn{3UNfqd9W9fc6se!@W}SQKoL`y~o+Z{h;&4W2WAz$0QIo_uPach5kWI^ZyRwNz@X*jUaa8n3ZwZ4A$L);Ll}V0f)K=*oiSEi6>98^o9cH? zn0)m!wmSv0lLUc0D`A?<(o*GBtTx??&6xYk>%LmHqnEmgRPnaWuq(|l27hjS1s*+* zN;)wM6{K8DxmFj23nCx6Xo{T`ccRe|p^e)hDK3PVG)iRpwZQt1O0V#eNKcT%C{+Ri zlPxY31~guFA$A-G!dC1%X>8<~-5h3Jd1x@KRMq~sGO%()o%vYnoWD`VY`(r1dU#ag zQ^QoQJ8iJr0U}?&0S3Q}=wlLFiC-vxLI68zneHRwBY51*XU7%55<=0F`o5j1 zou<=0QBMSWT@7rp!AM87adWqjbmulXVDp@&Pmhf6)3C(a_AG+ z8i_RB@7RflXt+Cz2|ctoQN3hm;SjFdWS%5p7FUr5T;vl}w~@%n^*W)P3H>kkdWLV? z-3<HZT?A6uXmSi2Z|gV>u8%2Is_Ed&g4^fBIuMz;=UA3~c)L&>r%@ zt~r7$b~VoS)GOeyJ`4d?U`LcIn7Qi%L%}IKUHAvyfw^4Xg=$)f1~E0%n^Y>&)cLpg z%j`P-M{$5F=9N(*Lj2DcXsVr|QJH_d(iju&pa3xt5fyGb#H^Z1tZAF|^{Ym(qyk({ z)2sR>eT@;5xeS9U)c;+vi0phq7Mabpz-F6|HL78Z#;eQ>yZUKH}?;Ki5IKWfQVl>addNK`S3|U2KzhfR*O(XO>Ur)~{WU|Ent*LUjwH7a#~lJZr!( zr3j|$gjp@6s}F??a_ocjc&hUCZ;n zZrlCGcgY^Bo*`(7B=qhJIBaSfoIxvUHxj7xjxxSQ_=9{u3pg+Y4ARYAKy~nM-%jpV)!N$W%|#>*z5be z@rAVn=mh0SbLjCVoSJAf0&qTQlCg$ehUq1!Z@ZO+u>7cE68NMKSHq*jQX1?xon$y4BHNrx`OUJpIvXM{Eogk$S* zqG5{=?oMY(og{9+vg@=h$`@QGYB_+O020e!`cDK0(-Fp#&?P`5s8Vb$VnPl@Ggx&3 zB@pE$2WK!WnZJjN1i_^8?>IgkK}Ed@-->#m-Lx0@W2>+@LEOv(jWuVK&c0(bUmBgA zl8DRhH0Q6R<;H#%f5~4&Iw3QATze|pB+Bb3AfLmi3L-}Z)+`}*+Q93%@rr{*8b1AY zs+X3D_q`;L_52Z(hovM-{3it9gwJK|ovLf34!^LCs7a}FhU`;`jeWQM#KEPIOA|G1 zt4~kjG?R>o|_iGhKjF7v76$uWeND%o%aGVvY26zpIXgW!jy!^a7}1V7Gh83Q+sNVrQIOrs9-B&ytwImbaIAWVc)!3ZdrBA9cUVd()fIO&_T1 zX9@G0rU?uv3_yb8cJ#9p7f-2<5mzp15(uO5mt2BTR+vzZ!4m20QWk<%Li|UhWr`^a z)j`fMafmOZgQSZLKs}#$YTElMR?6B4Kho&|pJ0W@9$M((0iHHb`SpT+Z$<%z^el2t zo)xz4V6TBLR&EKZk{)a?G1Ko_-64FKf(sA=hMNiV4+nYg%!&vkh=kOBGxIo zwB6B0Hjo@m&aK(qxskDVFSS?O*KIB+V2V8~-aK%lKM*r&s&z&kmP6;?b8L$GBx#TX zO_#R(qyn?mnY?r%n0t3oEL|7%hc>I(<&i)^@#S}GsTA@G&l!uw$**dxOPqCMYOD1s zpk37?vYTvzX?d1Gp|rHX=PUNy<jk24fdd*X^sqdNce@x#)FxAcKY)O8fc`B$S zw7ZuN=ZR~d#~CK|Di4o1(-62wOBil#S@h%X7J-*$!p z_cPui-o#zNKXDZ5A|!oVyi)rh=gU+8r;|7Qnl;J}?Z2|E93sNgc;KA;X7HEOGL2-m zM2*7l4*!WgqZYbv0Uz~^-z64-RX}3Ps6CagL5#IMr5j&w65SH=k#A#`GsbVgjyiU$;B_5BeFCIDHhW}_v zymauGlQA%~0X;6;PKm%Y{z2VJiBTzCeoK6U{U+q}QVVH8mDS?KxobW(?%6|Hr=(i>3mL z9&Hz`6}^0$!Wtd;h)yx*1N_Htrvni%b+>4ci{Pxp`B;)L_$(ApjVlo@NvW>I zY+6T2Y|Zi<%>?*WQKnMw(cK}MQ#BLcu^jnP?2a~J0&{N-2CYIKPc0l!2WkI=;%Ip- zJ51Z`k@C7CQ{pO)__I|~CC%?FG%#_Pb=h#t;IMI-K7!%^wSP}Egu2bH=X3T3kL=?o zONtrx^$oS~gT7wKg3^`t?56z_aCd)Sd)qNSy2F(CaI}@#a5hs4yH|caM=Z8M^>0>x z*1&+n>S@(~ghw|0BA4KzW0kG6P59%`D&c^2_%hBB)~TdncS@0Pi2+2sNuOP*r7lpP zgGye5iNvb)pGFWfE`=qQ-l7eE2gBNRQ;KTvIhZAf9mRfJerMYINFVmD`MQ3pEM)KD z$*AizUWSZ{9Tle9CrowWXQc<%o6gi3zt_=GqI4h~sNcox%07+7ZhqgIY?a}HT|HLX zXMNekrVhG9s7X63-yH*h%I;1$?v>;a>0_~PT;L>yKQC#(YbE5}$iU5~44KxIr<`Mc zwtVbJgh++>@fKd;7#^wvoB_B6qFiiIarW8*oZ>f{0Ru0&rC@s zj(=Yg#u}I)%14zOY-`%{ffxJ1Oxs@BrU4#*-o4xaJl5Nnhy*qN)~j$+Cc9Yy-~$`0 zo~QH{j97(v-BrOite9gxkqw0{Ty_h3Hv9kigke5dGEYVR=1boHIp^^I_P7Q7an;0WaJ zE&&wp!Xzl^5jv7->1a+rlm*9kii5}IAw)?|;dp0Q*z}_!LMateplRuU3N(PqUajtv zjEhG$LT;wWs>HCOLS6E7b+>$wq}F5%s|8C_=)UtLB^P<@l-Pv0y%@_m4Ah3&7pQ34gzG*M+pq zq!MzL1G)&4uj3>ojvIx!596_SGf}m z8_`RdtgZneDa#j#V1b_Mq%Fr;_gckbI%{hYd#C42nJ#exI9tq^(n z3Zwzp01bpm9*y_ouk}1E!qWIC?(+w_8Xt~Mzk9enk{#LV9UWpbss`S#Ykam!>V|)T z$J`0t%Tw#Va#X_ypz0Eec-2;wU~aa2$RaO^?d@{+>~>I&7TtCmfFtjMe1OQC1^Yzc ze>HtMOj)y7QsY)&jg^68wWx)~1}qU%c<1`0vGkgI375Sp=JVGLA`Z32YW5#~VjNpn z!nph~_2&@7Y4jwJ^Uq1xPiDF|pST!>y=p~zLKHV-N!d4pm@~2AofL>dpgsnnVN!## zOrWF>{}~E5z(DwrA>o@-AGAaYw&`T!CU#^kZ_9V~Iz=k~Xohe8NorK+_EmwRER!c` z%f=~OXx4SfP`e#E$9UAe>d(Nhe1rW!6#nn2%E2lW4P&>AvneK zrIi&37g0$G(@5JgsN}oiJ8LCg{mU`~HoRG$*iz$dM!pxc2XurSpiDB4J}gq%&I4A{4PTEccCfCndkR5OjS{1jA*4dtBHxQq_fEsY;;&qU%DZI+ z=6RqiPoDB- zo4hBeR+&gdD;$+S&#+TY^ReIE}*S_zs07?5-mSA#NQD9#7|-h zDzKFmbd?)doeI!|6cz1J7(71b(AWzH6;)UZ=jjQ}@fy@I{{3yY-Jl~ay3VU`@NcKF z&bNUBhAQPB0nO;Ql`~O0YL=$PpX=fm-)}*E2u{&;JJ7Prwz>IEf}#7HKDxt_UU!o3 zuO}H+DZ&^#BRNE>blug0h(|0{5b(3K0CZ!DU|H4R6C2_Fvz=~j?1p7nQcP-KS-kx& zy<-XLX-)bR^6Oro#FhN#l^z(UM^EV?Vpd^yx(Hju2EyCXVtYBs_Zt)lzlBI*>n61BjlFvKg5ig3-h(b zF46U`k8wldBhfu05BdtuOW?awoU*KMI8a(@8)JLlS(&wIrraHC=xbSM2T6hRr2>F(~7ZkCd+ zr9nWtrMu%Q-Q6kO-Q8W%DN1)qNq?(;Ki|Li?%uO=&z+g`%rnnG7Jq~B50qGS>wDai zwG)DDmgaNtiP^)3K8eMG`F088iBsa7dE>DYn#Ruqx-^LRc`s2-?9F3Pk04yFC`RTM zQkJ$q76AX}rO5Kv%ueqS#LHfrYx|K$4!t2R0SXmgNO;fcuPN`gP!F0cty1Wj<@*=w zE{4&rBAJET!yxZO9DA`V9L`M(?bND^V|TK4%kZU*iSvb&A|W}OxU0a9dL_w3&>Xj9 zeJ4sQ1$aQVDT?5v2^J6Kccu(9pTNeQ^Z0#Z?QzR#+L0+nKTmf>cuyTe@4S&V^I=G0 z2>*h`*|#^G=HIOy2hlb|n7iG6USTO(AV@psD52O1|K7pF5X2u6bGYi|=ifj_7^C+FDA0r9iBcbypD*VKbgEfF6Z2 z9v7(kef}G(mMjVKq z9MErojU828bx>B0WgC-;F(O~^i9!h*>42+(*IIUfj-|Gj;Xh6>0u==|ww`YQ768f7 z;>U~)Ace0aONZ>flaT$R584Q8{i5A>9Rej^I#(3-jdfoH$q*LEQGG+@>1P&6`wOz^ z_0-W3uS-0B#!mxL-J6fi>OQXQLs%6vw)Yop!gXxyO zurbs1Fk)d@n@irn527XSKm-50j=izi#fI$HHVC@aACtmS`KzCqLDta!SPpvk`Tj2G zwAG}s%k=RRRfd!3Rq--IE#J8>c>b3Jwj*W8nMW(~Aae3-!Wq;iqGbncGs2%@5Gxe5 zt9|lnKgAZ4WTn_QI8H;giX=Gav}}-i`n+@DHta7-FmUo8oSj7&)A|d2s{-;q3G&9R zCfM0eq-fUfYU}3BJPh+6NwR!?yWYdS^Ftg~`!7yKlH9fZCHh$mRy(robIWVP_OS{! z)f#HaWGwKkzw>Ud!SiRh|L7LGLKLrX^nAOpAn6%kir$3Iv^FUZP;{QlzPSW7v#e;P zSOK71*`ola#o#PpqfPYw(2HedLri#c**y0P;*Ra>v&&zF~f^x=rA9^w^m%MCQPx zi6Pk4ff#u>av49(l<0pG`g%RGUQx&V2T$AK#SHbKQ$kpD?NKHJg&=e%o~AL%7%J_D z>I2M$vaj;(Uy?9Kt>prdV?TxUI#oi++VZTDJ2C$)st|&2&{@98iUE7N(52PrW$%#C z;H%|{wCQD9r}KSxuqLp&4TAjkb^jN7qIc~mT9Pz;Pasdvnk!5CCRFd?fMIF;q=set zjtgJAnyES4Okw+Bz-;xsE*N!YlQC%rH6p~&LD5;|miefGrTy)?!FRhA@jact5QbLr z8kN3B5)k~gwM2WHY8b8u$tbwkMnz^GN{R06`->V>=cW%LU6)M%`JENCc3B4D)8Brl zfqh@+JWQ{-{4~(z`p`ku@r|5LiV%@C^y}$Q=MjuAXPVJ7SCL4x{U@OR_*WADeQold zr4PUC=opst7J@trS1%Jvu5FQln;W_O1$l4lFmv1ZC->4I)gb6wTN1^7V#)q1lsZyI zaw-)R-;NhaDe#}GYI zm1Ty}rXD`9b*dLklL7a?VKfG;aravmqPG zAqH&n{(tbiE}vmb2vxETBrvzRP|q-~Z$w=$XQj37^eWXee_x{``dNAt0eVkj=5_{r z&0*bakhU@?tp_W7Z2x+CyQiKhur!6>$pz*Q6N=T!Y==EZ{DY}vB4JF5`RiO)P6{Ju z$+zbjQ(oDTcq$K|<<8Sl9fZ<};WDCbQi*#+jG|4*jyWoG$-ORf(zhV`m&f&2pw-JW z2$w@*7Iv$t^5F(frws72EdsVR*1h&|^Z;F_XaXVJPSljX&BP$(dd85G+!2}M1eL{` zX+5N$j>QlSpXd*^l8Xq=#ehy15`(lL>mxd^AcKI9u=K4bpk!AAJuYjdp(>P~y5EDm z{=cBojm9X)AT0YkR{F7GoTDB7jz{dad+Z3^=qyhqJJ=oR+N=e`H%c z(XL)#wjk}oF0kOyEmq=;+~^ZUuXck!pMu?%c$3wagx}m(tR7j7B9SG8ed%8M^4Os($(q)tHzIlenBxNqZVErcS-DbL=-HwuK;91HIVVAQxtn@1t5Monz7{ZNE2 zP-K>*Oh`m@7v|FcN)N)nbza>Kpxg<;bg;TqY@rZiDp-g!A_^CVOEi9TemK;jdJj%L zJor35&&K5x_yj5?LD|j1S9>Pjc}p2hu=&{;Ep~G@-dx`seRv9q5Wb9M*d895jWQiU zh9ID*gw9ZBCO=js)GkI{Rm~*sCEM65YTkc9sIERy3?a~uPB{p%$7g5iVb=8x-8{VX zMj_-myy@1?_J{MzN_C%;Su++FqdXOdV?y5>gKnj?4ZOJ~_L+mL8{mV^bdIobuh`TL z1T%CuA@_?p8Ip@3F(5^Nr{<^TkB1`B^Z)e+MA0S*3W-97zjgEfRg@%sn{q<#+P3FKIawM-@#`Ym(6^9 z(D8AP@nWs)8JNp57T3JZ`feOrX-fioVJZkT9m!`~8y&Pb>u|omiGedX5KvmrNwEv3 zQ1OeRyh62HFG4&{jTqQIM0ElnP~~=hYoCIq9N();Gd`dfCO9`5^}?<-55k1>jrEnA@y|gi z6#^MP3W|R9oYq7Y-6|N%ilf1DXDtHDNw3n(L1hz1 zKVOyBjoFBKzfrqMuFCyaL4g459ETHX^ z`m$`A-1=CXIxNFYNU7hT-4o}Fckh7KK=>yz_`M!WjC&?pbhzUSno-FS-J*u-$3laM z#zuoc@v7uhP?9o|_sVmj!{|f!`tt<;{IGZs+Myg%x5w|h0Ys)XYa2K>hq^kv8G~)N z7wb*WW;dQ~hmAd;DfJ5@_@Ecb(}`z1=s*3%X|4bGJtSzBe7T-@F1+lzdKm-F2BcW$ zOp1BuuWEIMQihsz+Ohbroh#7`>i(rFnSK$p)(&to5LPM&Oq#TLnBFS$m)rmbaKAJc zkdyGn)Q}vu9;VgHiT@DU3npkT>+L|6D`Vg4_xsbJZyZls>GY*UgdFo&7i{4=mn?an z7mwMJH;UnWJ`_nvKg|(pt2d78>SdE=FmpdTixcBV?9$RF>KO^@;pS(K{_4XdQ!&kx zV57E15HHoWOv73^ufq$32w+sdR&kV=0FvosCThmY+Ho7j2VKgyZS8pu5Z_sNB>hBa ztp=)LO%!|Lg>NZGzWCGmp%);Iz?!hAN9c|u!YjRR4BjS}G=WSZjxmuNWh*^EU$lW- z^j~5?D;Y1`3}phTJbw6+E{z9nYMOkkcj7osBPTdj=b>mH3pl_E0oM1NKf5GY;%E!J zzU_>PYXNo=$e<^;dRegz1KMTXDY@T^hS|;kVLKcyv6zhulTAk2%@?6+&SSzCQ}+g& zgpw{LCOnx{)Z`3n3itGQq3@LaXL++I9!m$fi4PFVPi78lhUq=fL#O`KT6+%sa(T zdNNp4C0c9F=COE8y<3WK7=!;SI%kLERv(EF9zNZ~5ix?KLUa2W;rJkhdS~Ud;o;>k zG?o5v#;?zHDlztWl3WV+1Y>})&9XtWujY;^pOGh05bvv8gN#Vz-G6>TxzY2fLFxTn z)td|o`dsPl_Nl^q(XXOXa~qGzLMgkXh|;iWC?>i@7`jj{t=>A!#IDBaHH;T-;Q#0X zUbsFpoc!gKerMY!iqBwnNa{ctZO-)$ z=(1k|b~o2gBY2NNk*#@N?v;X^dOm`LC-Rj8L8ck1Vl)@~mlT(%Sw7ZJ=gkYrdxA*L z#`{&3$c47og?c_*fgO(z)wi>Rb2{HYnHWpC?yDDGR4eZ?d$4Eb?heFPwg4T!95^|h zoiEav?k+(}@VW;YDnk`P+Pa36j>7$YR90l&YUK{%FswDSz_ z2EveIu`PFE&Xt)?8l5m#(|06YdV+{-RwA$HOS7B=PLOYO-!$AD|4`3qYCykiS)D@& z_fGy$&b@L&aU6cO-b1gE@7avhQ!|zDE%0&9^oxL96X@fRoEgE*>90*(67*!bN8ki% zfY`>)GpQ%D4OhS@3uphp-1F9YVQC%*of&>chGsIts@SgO_3hzuuHyf>7R z)DI^%<1Dh#6n}c3_ z+Q}YHiI?j>a}2ff5vr3oSJ-LqKU<{$4O;{P{TBYMe&h)L_`HJFHdSOG53-qCzpBw$_mSB}4nwm=wx&x^^tLwWKJpU26Y zffY{!G_qDe=%~Z>+0Bv18x&qI7xB|z@kSWgbc7%bz3NUFJNP9j4rIYbFNXRFzbGOG zvk;n$Iu5)IhtRSY-YY0P1}Fv_4Sdv{*O>1Lq#v^L{~t8hhN~EE*!2o=aF5iSRiC(* zb$f$VuG;l+3lub#O@X zJ)oT+PrZOY66#dfR~Js}cZ1C7oBf2>m_JWo+hbWIj8ze0u6d32NEz5Wb>$ zF1R*pPjzb)%ABx8zM*+6?kG&DP0^BxFFz%0z^*vymw;~s3@n8n@=RG~SQWOYYqMpe!!th$zXDIpWF$HD|u&uw?2*M4p%!y zDvu70LIExt&zM9vOH%exyEqm`Jida?#WWk?~9Fv zA8yF?pKUs_sAKt~)H70|{K`y-6hQyylGD{A)44;0czfM9)4L^kPIDswL_S+z(3cEO z$CMO`kkxuAqypaR;^$Ck?~IdVvoC-;SDZnl9}yGi+{W-=(VlugVkVf%E%k5n;m7Dg z-gjg{k!Kuf+MT2WZ&ld`&@7>ZLEq4&>>uA~X&0BgXrO$TNsajbRSXX2kNg|v8}`sm-j_3jm3=w}i54?WffT*W5)q%X(tDhOyW1$&%Htc@3)Hx0e~B2QE$ z_G_HGnzjvaHU>sq?Y{8Ww!);)kvi9-$;VgO8hadHsbdCZj#b|sq8R7}xo5ytl65cO zth@d>bSx|w_|OF2X7Kc!TH&f`(1w(x?zL&XXQX!zL93J%27C6Lt&u}M|1)H70=;Mw2r5b6ulk9y9NVZ8H>44hM}D*-mBKdI*%FdY>c`(7hjV;X$FWL z-z}vt<}%w>NV3kbZg%iSdE`3LM&u#0v~sS?(fG%SYgGKr8EIHXu`qbj#c0z@%r$fs z1D0DVCt^X)r~s8Pba7bA$O>WH88KlXUHX6dle`3`e7e|rI-2}O--x7toFoArGL3zj z4T*)T%A_}V@&}=RZl_06DyM6=MHVxZttNx znwOX7^!OYl%@BFm`GQ1Jxn>e?q%U75L-d#My5Cz)L$Or4$-#hDWcxcFr9TnrEQ(F9 zqvWo!Fu8zaaO)WjzX`c3xLLl(MAG#`EFmGpGTn$11~e{hkUANc>k2 z8FnI5hjnq-bX;n?4H`5aR`8ELmd_ZHu<4X$%5~xqBORx3l~~H*i8=||ewG#S44(mQ zL~6VLj>Kn#Xgv1lpKF;RG;Bz_zwb686{ zcBaU08OBG2`s^H-;)km<@8=q5Ok9csmfX^2c=yEj6Y+fuhuA3I37AF%_L@$&db+5| z@gq1PIq=Pl9RA9Q8Pu3`@7sZzemoef~f+Wa_^L42=(AAx* z-hL+F;d$MyZHW4pTF?G9ST;Pasn48UF+D4l<+b>mknwkLT*rhymszAcxb!wak4lJX(pRpqGg%I%{%jQ1HFL6tCh;HgIOgh zAuY9tOawV5=Df>8{QC_&Fn7pfkgI$6c0}&98sM6x@4%X85xsO^9C9#slUUnY-|2h{ z7qN&y6uMZ&0dNn}<$e|Pu6DQCRlj%~<=>yJARHb6qAu1PZQOnA*8d_EYa_`nK2A5_TsHQ14niIAQuGsu&t8bK^Se(vwHk|mU*Q2vVA zr|HuRKoTC-VtS{H65Sa|2{pIm9sP{^CkO$yru48Vq=wHxygBk!8Ehgt~s zZJf0c0UB}T_t2(xK!i1SWd-H(s_A>civPRdJ@07xleAC>iO0*J8imhpZ;3AhovJmfr2a^n0ht>26&F7oZ;_zk@ zB5t_}eFeur#nYp!6SKWO54zSY?Z#1oFthw9G{ro#KA*|)?Go=g^Nn>NxuO0I-j^BrKzMur@rEPkvXCi`Q?68m{RoC@D zm|E*%1}A7J#Kf}ZX)winX)|vE$`FFT2CmZ+{zEI%$R*Wyc#7d^tV6?-7%9OqF~Wu_ zTbr^DZGx9c9x+mj_Dxyl_b`kNtj;t}Hf)z|g^g5@0`z!;2JI^xnsiyNRJm!H;Ifps z*VL|iwufF`t_=sd>Myru2GZ@@!yISakByBpIYxS&|7VQ)gO6IUwQeRXG z{=QUYzTqK*0|+DaG*^BoOuSQz(la09HgB9X7J1RZ)EwZd^)BPZGY!=2g^JQ5`gfWR z()&lP{W0`>OShP5PQ;{&b((~V{*H`}CRaG5JFnH}mQG7Sj`~q!pT-n9*H zBjbma@_`ciN>p{V5RG23g}027WhKp4(iA)}*T2@;cz@5o`il~e8cCQq@D#sdWQ+TKLN-8Fs4leS368rO8P5eZ$95e+~zj5p#T`@JP(j83; z0)C{{tUS3TAt9P$Em}3#35985(RgzklPm3Bm5`A;ek%&8AAAp(1$;ZgmgalB-s;{q z9{wJ7Y`DmAF`tg{7_de=)^gSA)2IDf{lf;0+J}LT48aAC=U-lh%mFga%j!cV(V0v$ za)lc38PvU;87j1@(HR#qW^aprc(fR}=K_VTZJ0%h^{C-$NCCgVc5*cTV4`u3+*J8= zRi+fKnLb%+4Aayh(&`lI?D$z5vB>vLk3h4IkIwWg9djR__U!puIvrMXI)j?1WgZFg z&HY6-PT){V2r3)*C`wvVtJeehBJW%oRI8(V%=GhG6&U_~L9&#YP47oQ;MaHV>#`1& zW9AZDD}7D&#~FBqYU$3RLFP{tj1;D3yoII;U4yU=5poK@)=N`i8-IWh@UM3Ef%qkYuo@i05XXxrd!HmSL(owxnU$OqTXx)#yQPKMaOD_;}*v1>Md zcvU)+5+C*cy7ME#%r`xK`V5f;?46P_OeI9l`kvsq65*T@$`MQIlAJB{h3>!;h$5ou zf3zBveW@>>DCeFEnIA06vv`r6ugUZK!6c{k~n1kZq z3yKXE9%?cQbgixC!7GH)SrmC^tD=Yg-!9pL{uM(H zEsgFag>WVduhjP@4EhcV(4sDhkPnQBENRHfA7Vn+fF$w3PIZ-t# zKZ{-B(^lZweEiH(0cDt+BvsTPme8^Op_76k50($VY~lCZfWP@qB-gYhskAbzd1OPL zn5b1%axT>(n~B{jYBU$dB^KVq4Cl2Ah7C(8diX`lY7^ijZ}!s5>%`MJlOHqQSzMsB z5zy^tt2z8&`Hc7)-7YYny1hcPp=*?=7I`qkM^vQ|=Lq>N)bVs4M3l`ATZe&FO0gEHA;vN} z3OTOG!+?(>s2Ui){L&b{U8$&0^Zul0a>3ZUCUdCa#=V$^nkwYO(2^e2eHJ3{8JMqA zP|M(cPi^@7PhWcE!3ihM_y;3hHNAM`unvaO@@Z3pHM>c8ZJvJ#*Pv~!u@d3HC#^!= zzx7>L{32gw#74?2g|3`NLM{ZB$vRB2^`)L&8sX=Z_dTyK*g(I9Rx(`#G>1L>nG8+^tSJ7g#GhZSUHKC@n zBb7fM(OKPbD5_7_EN1tIx<*nuI0{8dpKG+NlJnUoglqIFjo zH()Nk)|aBI>p3%rQaN-4wDj*}$=hbrYWIQ%y|{&}Zr-*1bkYI|9X*R^J|~dy1iUbx zF%cdpREZpO&wt)A#&rl8EL2CG^0~W5DV#b#@#UW06EE3?(-u(3R24XVgFHTB=gk)~ z*Qm~;-ZX-Gsu2us0A)|829%VX$i%xTy?=*~w9xpk3j|mz<1ewL8J%k!4D?tnd#D55 zKxsXc`}ZUYE-6#e7m*R#O&oppTX&HpWF}X-a-z6z% zc^Th_K>Jt#-f*<)OL^E(>UZynYM5hmF&Jmw#A_DTTE4aO!d+G(!{q@t58Trk!3qmh zghJ&mV?a@TkyYsY(ppC?QZEj%?Q#(PBs2Mq&UEY$2Up1~0*h{I=L`c6$=#CaP4}18 z&y^QnkQhZeL$a&2!KlL(N5ND5xxAAM<3`Icj4AnB-Zs$@)z|&FjB$D*ZX((_(U}a& zQVKsrJbvbhcyQZ&H1scBmd-0_|47S(pquNPBm*$3Q%Q&%xGQs!k6IEj(!cu^(4}_# z?-0z*8dy6Dc6nObY9!l1_8G)eJI+vZHV_D=&N?6vL_*>M$B9qEJ; z!A&$s-4gt%%V)@SO}xR$hX^HxG@@czOGREnC6N_a_!@sxo}F${M4I?nwq;=E7dHLx zOfd;8Nr;nrYQE>RVM6)l%VZlDK~t?CD6q42&G;m51eq4qtJ#BruJ6Mevur zLb8haRhVoyY_@9_Nv&jnNGA!tFI9$I6BByF14-FLvm!}*9Uu4ALf5DNb$6)j=H}w# z;v0ku_1qeY3XI$u`t_$XcjGn!k*&)rw1n()E=OnYe=25K1MT=)F^8vVS9XQ_*iLKv za^Q6C^`{MXS{?s=l;5@m)405bNnaFxNs}q^lB`aGtw1BvSe)0eE)Jm*Ask+0RQ`jQ zq5iOx!L`6Y+wz_Vdn?2(-c$+!9V_Z3ar%1RGpomdbtGgEBSggScW36&sgS=nNS-}Y zH8s$imu;wZQ@E0_lb0~kKs|Ehhe~(4C5-keKl*ydXkp+t$+hD6!s1N^&_zRSsRG-+{d2<2@eoFIs25%z)-e^139@ z5r<4~Um-x=spE4w@2N85Ru82|6iyKprp}_5AsAA5@&>uT6xOJ%32b{ zJCTgC{)0K7JX5de*!JK)DJv?-#r7&8YW((68_2#LY;LYpx4vON_Q^l=xUz8epjFt- zbvb6fzDg=RlC^gK_OSW&`q@j+>#;vUs{tEqb ze=}QVO6155Qx8%AbWYZ)dC~1{l`+GE@+6x3=0|@t<}c1uk>J zdJGqxo=gfow|U=oB#}0ITe$&m(|f59;1qbt(wUWOUi@kJup_>8vAB&%=d$n8$J70cu*ykEvR`Zd<9BO5Due46 z>nCSgj>L2ffnIE1Ex#&(F?oM}6jtBkw15w!RtwT6$FkXLDzak3p3! zoldnA-%;-G6MQJIO4aV|TwUG1&h#CG%|$GoVL5p+>u@gY`bBEpoANV06)ZnhcHT4^ z9yfuNo}V7rBn6(M0H8vs<5+0z(MV6|ISMB!TOLH8dBySw9E;s~`NNQ;b>u|mJr_qx zUftt7K0i;!5qAQ&J(2SY6B_||hy8nMd!EyQHxWmi4aL-O2%jPR{%mFx~Of;zPm7$t&hjOx=aS3bEE^b%8IES_(kOF;aqhpKyFqiI~eg~IjuJ6KfYJUw<4!->V(K~nIm-gyp0eY<7f@Tr0HnqF}Kt_7o0mI{|?$< zO{&(8X6{-}p7B@Eq7huTvkm$;ww-FuJptkR1lvuzQ;^mt zWHEu#e4#ST@@cH?ln}~1QgIfx7ukm%0b?!i!vV_?e`k71mg#;*Q555T4Kc9ZENl>> zGycr=C#DV^xOznRV6hMDs4+rp^W6dF=Z%h=V+l;k(SL-OR&il)@}{KbmPqRJ?Dlhp z3xGDtgB_GZL4d4r_=y>%a&`K0G=b|ZX{K~4v}?P})Zmvli~{?uy7?$fy9Cc{qu^@y z@=t|ME=a!(RbM+*?$vHzq`JVJS|=FRN53?3H%_Na9t~Kxh;x6G`Z0HK_4RQCYYM0L zV-nQk9Lol+8gSK*6Bl%SaI1Bp@VI?q)47*5QM$Wg1k6mqU0Kc{7y`qy-qh(Al0K#- zWMHXmGv-t*$i!N{i4Wgcgz=Y6t=|wncK1j8ml&i(gc6u5+i#W)TZOoER|^})X|^fT zF6tRyT`1KbcYH{ZaFqyMnimK_w;LEkOHrF?$6Cqm$#$h1SPMQ5i|72Se zU(EyAN4>_)riT-l{@f6n&SE~x^0G{1M+zq0($k4l!PHuXIzL=Vs~HpMQL-1^y*u5P z8m4!%iYqUU`S{gkf|CIW4_d_)ePBe>m7b0vH#9*~LUi?;h(r7-d*&}X*Va&tH|gKz zg_ByeG#ErNLX#)^zV&2YpEN^+Mz?dbY`FDqYh7A_lfw$&?onbzoMZh|`{FdHHN;z= zRTVXU0vCFxmpFwqMO7Z)_gW*VbHwJPhxfn*S<~ksTLk-A0(^~Gw_Ff@MPN)J3 zC5jn^j2lYo3TRkxRmK(#}*}Be*(D7LNp=^X% zS|@=5ix~yO9()?G^olj>rx2qJYfIOD+MSNwVMGpK7uejt8iNEF=?wV(f@X7CG7@qJ)7*Q<5 z<6OlbdHk#tz&JXR?pEHkLr=IJFRRoDuL;K^!3Ct(dBP<@aAxXLDne4)km+~&GOMhY zN=ztpyK<9OA+=Vn4g*T044q?ci8QZH)wYs;95o=f%<6Rgl!fuG>GF*DbdQzX{wo9d z!!Fw4^Bp;Q4f5F3O|Q_y?DI;{)9tqH-J3VW#ZQmzdjP^-r7oz)jvAz~a8!3Zw&l2i zHJeOK$*Y)$EV`*eg-h=~8M8J1c|>&P66uTkCzFc*+4|#2VhW9;iKfG}?5cysRvKY| zwnenR)5TQLA|BQ1(nw=GPGFt64H0Snu%nNjsRu09C z!SD{6bgl~BN6uqJjPuuLpJv_kuNP>&jla-e)SKjfQi{s(fWFG!vX%zTN{gWJRpBSd z1kK7IU#)8Zdm3$mlzyD!|N9pJ?b%{xL5eqTz%A?7H1e0!RWL-`aao!kKnV75-LdrX_c&?QjfTD9A&j0E;{8M!p#kY%N` z3?EXT%o4a(pOG(i%v4Hu_08UX+&iO#MXg4^nN2Lq*w=V%FiXE8XJ04!KZHl@#;a*kwcuwjYZ6S&MN62<`!R}Jf({y1hiIB zp+_0{gAvo<>?A!^dQ?*YkDB+C_9GEpIZKzd0$4&7UU&6A2bVZk6A#J@~ny2R^ zS-N)5KV?rOPE#6may zsAm(EoZ(XnN2{YzCCaB+mvu#HEyCIaTVMOi#o@VMuOlrG9rCTZGIU6E$w0(lyA`2D z?`bj1&@$1ZyxFL9EwE)t72iNwF3_-%e{407P)vY1iw(o%X_4@G+X>H>hC)L} zTpnh^;qZ&BIzf{ro-FM0lVg3eL;Yu*5X<@CKCNDH9d=z3RP2pUxR!YID5_s1oZ2XL z%3aZ&y&^uD1pjZh(P~ie~sO&g@}NiOj39H(18t_-PT!O5`s&3W&q31a=I%sF}e=OHoSyuYbVIkLzkk*ZHq zkz2Y6{SsJ*ZjMl?G?NG)Qh@`bJ1;)`xsR%B=)W+c;~C0uJ&dVY9CLAW2Li<3dmx9+ z<{ZYY5Aj`>ktE{W7t5ucri&CWRd=}Bsp4K$zO6XOgZ8(hqref`VYepH^Zb%WA+VE& zm@A|YT@Rxv;XoGJ<08tg94sP3U?8E{lZg?=hoK>#c%G-g6Q{Oi{MR?7bUCmM7?{PP z%Iz0|L30hT+^^4L5(t60pcYZzs+O33VXll|$oDv)Mfh+_^gogWyfWJeDOjYzkjs~t zaHL)cDPY@q5nQkV{U#Fe!5w9|e*pY}TCj0rDq0=)Seb}hU*k)BN2|)4w$OKQe_}H} z3xlHJE3O~@UT;PV=09us)o~xAQbfF?qJmP&2dzaHn4{PW0;GQ1?EfAQi@t(juV9K7 zHK#-7OFf#b;bc+J$oEyS&X*|0PaA`uZTPz24ekc*O_SZeo*UpgHtiILro5V(cCw^E z#BfCnnOsHgnohl(;oW}mK4$*YZx^Nv^Fr1#*`Mg0NPX8xiz>|Ymky$^nuv@IR>_wvR;~WkPpUiR~tjZyMR8`=OREvlDYjgW9nO89VgpwlCpHj+Lk8#O4 zc}WXkML8FqU4PsyEZ9xQBLc9G22?NqrBZ}Jg_QbPVCiUl-bs7yLdv0JQ7LKoWva0| zeP)VKu*j5?6O{K_eP@HZz&xl*QrH*Y^xavrVic-Op0<08^R+Um-7DB4eJ3U?d)@~IkXjna}QI}h7MU_UDzfARuC^m{HLJs9)Pdwc> z3qU$@P&puKm-EO9;RHT_ay5+j1$N}fxm6yUc;)LL zR%q@DwN_^h&|=JNr@UJ#I(DSPja-wpjoz~USl(yt^7&##EY_bygM%sZM%rh2r?L`+ zYvj+Pyp8Ly9OAf;&q0u%B#XE|^Qqa78@QyuD2`frFu8s4jo#YLNPL=<9J2u&K;|#5 zKZ&lRZcYPo1)j^?7J4QJiO4Whm2GhPIGCA?pj{SdfzAHz9LElLXre!F^Br}v?*!aY z8v2oOiK<*{j->cFt)Z%vDmIdE-J#UC8|%q?w{d;s+PMFgoW}3M_H2B#1zB>(KFGyk zfRK>FWX<;VGHS~YDwcQ0XkdE+Kx@SpJ3v1ZM$;qGy_wrEAEG!A%SqM_{YB4a0EPZ) z`}rYjM`1fD@QqREoYvC!m|ujd!o;U`T11`M&jG121o=q&;EzcyVO3mvmw6d zf%=83IAhimZjE?k^Yp8xc8OXrItK&#HtdB}1hS|f!*Xo+)RLs)V-E#r06x-wnQ*BY z1R|HxST6dL0sU8u|J(KOtI3jIwzI%@eKnr+e%SOVZmcS zf&jttIvq32Ofb8T51y_K7KoK+6mn{~a$w0w?sYQE{DM*2P^sCCKq*U&S_(s_xr8vg z_pv>uE20aXTq&LPfvB$J!PxmaAu1;^her%Y-o|j!k5&0q@Ah1d+_4C3q^D^0WvwjpAck@ z5$U#a=nOv3p%Gu@GH_w~XF{tPqurkh0~2x)N88FXSkfwf`Bog`Mo0&dfxd%^7Ddl{@pTJ+F_h9mLPv(3`?$5*s-V+~ z7!jq!ru{o^#C^PR<-1#9}JDiEl$;bDMy5+H5X8E8C-IJ(%T6| zy_wI$k#H8EISLQjWr>m4yxe)ww^dSV}emq_mVrL)0(HWxTWSeZHsgE9$)S#Jwn!;b$%q4KH=rwX=)=BX0bb8g_ zZa|R#At$_hsc#HHX7~47y%|E2QpJe29cgLY%z8FwSX6AWLf#)_m97!%j};|~i-Ncc zb0mUl%n#oHN!|$C9s0+J|8}ehvI1YPP>KsR=TCRCL1+BbOYI(xi|W*i2gQhG?}`;J zIpa`$IM7LD$ngG(XuEj`;>~DCz6-v>=`=XS)X>wy(aM!7R;&VNZNWZdXKdm-0$ol9 z#%Fo|6aO2HL1z6v^pc0e03dmpZ5UON&#Y_R19A# zBICF6sl;gDZNM1 z3qjaSU-f=7!EW1OzwlZ%mCXkOufhyV8sm?5au%q{8y03=h>PYhSR#bl#+}MU`RVss zLWT?J!0j6r(xEx9FjyZ;n8@*OVarO!;O8NWV?!O^>OWv~|{%qLz?PT8dn zuO+n;{KzXTki~xy`f~>b8mb~=k!UJO&BoWee8?#s6`jmqJCx8#_>`dhFMYLB%T$)} zV#`;BEd9%|{HmHxVf;w4Uzi}aS>NgblN?o}`DW}CfkQzCesV?b+iZGa4gjkvk!Dkn z4eWx&i1No~oSGV=6#9%&QXkzhD|i{zB4B%$jot0vZC6$ABNU{*|DJDXZ=d_Ap8wx% zSu_ZiC;1d zMml1GmP=5(0lcaBAE_3q`jQw`^fVZ!U^v#p*+>&>x%7<^;k=9t0rr~Bd-uvXvjBwS zm)Mb}KWx_v?&AVwz@f&S952Hn*nBjr7NyF_xnBJ_5KUlU6NLEZ>_d0|o1gc0&PE4yr2l?|jevVzqy!4zgpvn*Z@{ zFOU|Taky>7nV%_BeBb)o0znoHL&JF&7rTxxdyUCe(LZAbGKvJmovmP#T;v__zjbtE zfQq=aqDlvaEJNlSvD%lFs8YH__eJaKR2V2@;Tw#w4$$hT=ANsM7B}@Qgq1*%0h(+N zYa!xziC<0HQo}RG>Cr)dLR||_FFNR@?4Fp22sg(frZU{D3z0;4HFAP=`Eyhaeo`K_ za-Xd5{}FYSVO4ESSfsl61nit=jvY(h_PRFK)M~s!?!5zM} z=YNHo#+K#zi>Ae2L|?=$AKp0i4U%JsN*s63 zOTWnOntKT%N%Ij@FaPt-S}s57Y{Z7NgJnY$1tF>t4BB?gsRX;TOSH>|M9C@P5Zfc4 zVU?PE&nl3um1;?)aoofuN^9|QP`Y!z1zwL23AtIcMS|02!z0_fy2xyD0I zP7&~%x@5xTFh@BZz0NeV?ja(5FF?Eg^_;S6qQ8l{4icwbXE$2=L;aaeyri&KapPka zFWyH9r#|0;&zYU}mZRQ*8iawm!j-vc^}8{EgU<<<7DP7 zR4Ji7JuA=#SDs@H^%ob1p_N% z#)Bv&e1Vu%aIOcR&j)8Bz*q(+`%ozY-~Q_uMH#1Vdgn})=>hZy9i&L*^Vhrk?2&gj z`cjz%DM)atx$(B7_*5;SpAo@s1t6H1LSHtCQT17p;)A-?eb~hIZ)}D9C{!lNeE#~iiI5iGJ_!X! zJ1U*)jvUV>QJ!8Ny0dFFN132LA0l#0946l7KW{vP9ujT+Ib`o_R&YPko!vb(Wg2b7 zHr>RP<;i>Is<#1!6_g@nRIg`+P1q(m>JQW(QN#P%DCp@RUfkitOGCaeWLi8j(D%cJ-O-zO>7byz745bL+5Hido~gOHUH=7>c8NbS?Xw2M*5 z3ocnU@LS6e%B*yc;;&6E?)P`ZKnaC5gHQMW#y}iOMm9nip2SX|bmJKnT433zpaqz! zEkFL?hJS%gjij>FZ}^jC-m?9Y#!Kjm$o)>g!Tucv#|-hbWSWpC zV@M?7yJ-*(jhrH;RrrCCAaOrRcJ@P9H? z^w{5v)D7+%rK$BRlu~0WG$NT9EQwBsW?-wxsp2#;e$LYDdcGQog?C`?~A5DS(lkvLa z8D$@h2N7bf)2P%k^~OUw!T&i*nv^w*%B1rlJI*1fGGpemK7FoXuJgBBhP-N|O z{|F+BNp2>GuC-GwDm~rLjMf3RdT}twU#&QH|DBh!f#ei{9vE2TH-Q1+KDbg5K+wnFeO8@X_)t>&UfCN!D$|#L}4Ln%u3JlBcEsHyJ7PToqpcT&0oZTMfdv|m-jrN z;vdO}MJDc+2a_YpaaK5xt?6gh>40;-xC7RD?E~%#G7&Y;gR+!z!s|KD-&}z!Zv79A z$1}|kh@mXubOx!_p;>T$*t5h6(yA=6F5kDwXjp6v2@;j)!SewVpm0F_ZJV83k8RX& zMXnn*&E_F2{ks>gy7O)wKGe{60XVsfo`X-T_Sza@X!kN4z!vHO7ZM?U@KCQNF z@e>mb@v&1h(6U}#vaLvrs7diu->St6?Y=mnLu+Qak7*dByyD4 z@-#onQHWc`ma35t!}|0!X=CTU+0)hI4o_#)ZpX0bfn30esG6DMako;(^L~2g(ets| z)#HK7+Puo}o#(b9FgT)2A^Z@${K$2F)aO zA*CdBMz@J7A^Z2)jbVF8+tY6}_xv?zzcFOGT{pRMk*3fZsDA994Uxcsm?;)>1LR(UMOWi>7voo@p_z&qCy4Ax(<7rtnYKaTbz*1^=vPhLE65f z9~)?@cOYsG6@&b%{YxzLQ(xsq5-{IJbo$prB#IF-iAZTMnb!gExt)PVTBJ-6>gr;u zc@Y1i`JIL`-snIHx##iv?HL!7MLY8)L~$|Xk9o^zrhs+Wpl?8 zCei&2S93wMu}`-`aK0)#6WhaSKEp~kH&CEsF?oHLHz;qtRN0W^ue&~Rw(m_c`A3r4LTSP>&`b%XKnXFI26P@A6LvwuP?#BLM>TvKzUo zRbk3Y5@9+;^#d!LNz@go5THa}OTp*z(Gl7z6cY0sTdUIz+`In&8i&_Vcq0eDdb$|c zR`BcZZ0yE8WRi-|TFNRwq7>9@orSm;kH~7;g8bhG|6*0qO^QutJ*~^G=o*Cii|7Lp z>}#+`236o?*e$+(VNoF;lC&yPx&~M52>L|Ft*+Q<4y^VdWA7OL$4<)e$uvkXy&q?v zVH000?zBT@33SFf^%>?RyHjuf@EMrR)h&TRkuU7#&8)!;Lw-P)Ij%X$);)*r|N zDcsk~$m8LbQP}P^`;Cqlc3$A_%FNd-kNg%(W?!li7{7G3YC2;79iT7llzkHcy2FB# zWbMJ!NYq~uGC9rEd{PS(hN!*DRb?&;Tpud+RCoM#M&N zeEBE0Y-@R0LO>I9c8^p}lcijjfc(YGjg00pmq1M)S=wvF_9qe0&o7Tru~9*1^yf@= z!s62BehYAzv*xm%VzOcKEG(3A!)_=0n?u58mc&@3+nyzH25qrS^i>d>7PVI{JlavL zo=@1!clQvCCtFLinzF!vQS{qRae(QB<3?&%n~O`goAvw5 zV(l=9_#SaKMYwVwjoz?JZ4@eAhHjlsqzhhySbIT)*)WyC38Q=Nd3I9AXBONeDm}Kf zA%YA4(dAPI%(G;9*RulCv!qt<-=Xt?G5#lT-fSkRz&hhBd>Ee%xHXt-5Zl&CHRMDi ze7Cg=^}W@3AvVrLNuDJs@gx9G5Bqs=QL0SLk?om}yIeU(YQ4mAZtwM;5vV<#dg(ud zmRp|=tv4r)@_Q0+%(rc)aNMdKzG!f6EI{SHldAuu2c@hBLbqc!J1Qgfj^WmnEj3s5j#9 zpzTNhvx;LR^HP*9^0zy!RD<+@img3=tftciYH=uJzpq3S29OKnXySb6uAzSO&e*rF z50MT++LubPGNA-R6nFL1H;5Uyc{RA}Fa%j96#7p{ndB8!FW0*r2#h?=rG4Du6qJyH zSwy#7XZ(^1>;nyj=|KBpZ;~Jcs@@ltS>6*Q|* z1X(gjrf=LTEYTs{(*MB{+RBq$Pq7|5cTW|3p4?N8ZULVhf!&Ny=P+GHVqsE2pQO}ke zr1fQjo zDOKFo{a-}}FFiAAHkFes{#goe@QJYpdS3E<7v22mah zHXF#aYI1>XM}oxW=cy3fp)uhQXm`y{S@ej~0i=H6yBh3>jsp%+T@Vib>-atGqo z=sFD}A z7M)ydSP&Dm#NSlA$u#J^$&#|uyZIHXM72yc(t`g^zr-D*yFDF?CiLBbrzUb;V5Hz7r?lW7(4D-CDfCACBvV%V{iAWHMs zJX5W787}nvW=(Vz29=;K(AMhNX)OtL@vZTg34*p|YQ%c)$kNw6P;D=<^gZ&I);{bg zQjIr#k0>Jz!+;ATe(E=6Rp-CRWajxtSqp~oN<91=F`fCNuqk|u)g-yf^=q0*ni&jn z!nt}VjvrJ|#w-6BpJ$h{78b!)?(XNjVrzVAClhJdGameh4p|q=L?mXG$Yb3c&Aw41 zyi;0#u784vtxS4gbF(Rpwv!UL5AbPDzU?yNxTIwGh5|D8r|DB-E5QwVYYn~%M_)J1HlYBN}Osm*SBd3ZFsyLyBYo^g@? z#x`huFMFZQLfNoVCZSlnV784Q*s+}Tossc0^ZCB?%Z=ybdh29kn9# zwH7sn4hsme-B#{tocX?jNs?)B=D#MeQtymvqs@0E+_7|Sa`!-M7f)KS-ybf}SzRi* z`cB?itax4Z;}w7v?>70_a$=61O$GKfp1?@;ixFYnoR{A)eCW=c2iIV8;p)pI>T!~& z02dEvjau{?qt_JH*5jsYS`(O58GRTbA#ccyW{|{mgD!RDaUwzaU|lZNBFw8uP>n`yU5w!C zX}r84=OyOS`wIZKg`8$jQ0PcKu0fHOo1SH3)RQ9kMa1?jGo-&`fXB`sgv?KQ0{8J3 z(H}7)M83-Fn!C4q37M2;zyE&;W_JXrU9%GYGNKp%T5;Nq0Z`Kt zpS_rNo57U1xnP7Hk}e^Z{ne!8T0yv0c^bd3VZl+l6;lyKma^cqNm+Q!Cu9I&{;iYO zaF>YXg=qe156_89GCnER3qvmQGQ#+{Tt9-ettDRjb=2K zk$G}bg3b<~<J-WqS zG4}r;7DvTzy%=L;j8yOoHGn)$gYY^Dr+4t0^{=J@I`3ma1R{{+xd{tJ~ysQX_> z$^xT1BdS-mrghX`9xp%O#m}*_95PprC%i!bUCp_9w6K`U>TAf}<$bZCao#8++aU1{hJoUwyQD|5xisVDtVY zZbilZZn)s=c)B|z<>&Wuxt+Mo{eD~TWw!Qoo>)op)cQPstz!fHK4W$=KJWf;ok>lHW|mCrwkX7 zIAZXihVJt#iSt0+yy+H-r3Q?kvk$>SZ&Fb`y0J<@=TLDBp&NgIdK^u%Qaz>Sk_D|-VO=g0i# zh4#m@3#L7Rz4+V2r+w&I)S_qS$KO{$lZ>ap<-2ZDslZv3BN#qj{x|N@ALQ2W3SClk z;&;wsF3!&vpUzvD zdv2Ztbq*gNiP3feT;2uO5oo&xusY&G*foHsKI~OkvW(n_2u1K*4UMZ#Fo_=j8Lzlb zuHJLF`qWhpb-+()srS#hgq#O&KjyIgbC$&(*M~2MO*`2%9Ux#F7RiHw(EQX_-(43J zQy>>g9}xoL-mI8dlsg4A`(}N_U>-ilgR#WhAerqczj7NTflZAZ?e~lVk+0AP6EwW} zjrV)BKX~c*!P>+LQRq9lL)(fk?gIGmK#Q~|&!z`3ROAMH8jrdm?GxC0ca=mGvctFB zCi2it6#5%>71(GuBw`Cs45p!#xBtd=ussn_rx!DSo<q`ySI zdNNzO49_{2zPjpIO))O)v4jn<)o|-K*dYgY(xWu}6>$uV0~I87P}M9tt^0^1d)v@P zxL~tE=<1z_ooV(S*tk9*++iaNh|CdzCZzM$LTla<@k{iZq*+v*}>8tGLM1Ag+r;8fc0uCQsC3~ z76AzA61*K7zlmeGa$O}RfKaD*tq(kOKUk&xw3*K_1EqWjCU*ER_H{lh(0rKIwO@%& zgZM{p6amx78qAC1DewAV)ye|!uxV$=Q^NR!(`s$nJJDA0vQ1c|QZ5tR&7$%3(;-6P zrlulGHTIOE0q;8zEx}r}=pFxw`kgU5{A)wdPrswaPr`GE`=)}~%>@XKWlF8ohGK5L zqcBt-eP1x4CGTqr?c`U<1dQXBHE`c5Z-595SvLg4wyz&m5$JB4n@QlOws_T^%%u{N zzu6gTnp~7+J|FX^4Bc(Y3H>ZZpCoN6UTXuM?W8P{$J+r9x8hSqfkP7U?!ETs{0?B2 z|LSU(6WzUPGWYKG_GGmCEMixHU%<=7{Jt{7jj!Y>u_92S(gU|OqRHK7G2R8+iPGio zI%d=roQ4l=N`zvb+8&<##w=XM2xZRnrHI;7`ijw3EU9+|Q7Zg}00Vs7&x4~~jPwo7 zTX}En@R?aWt+>Cjf42WpK(StAu=MbKG=%(}#+C#3-A0cx4N*hM`w*3m$B8}Ly^g24 z^w99gU7a0mQU1=)IM0peV&b*Y8x8RGXo7#Xx+>`;zu?LZvSuHH26#+J+fY1H%-Ny@ zA<+?7c8Y4-sJI-X6=2p9jla(dlM3cP$+Gk5lW8a8C4nW&j_LQY!IhHw>&3W0yO-4g zES_(VS>(tDH-&H%P5sMHW%gfQd0`=7Jy(P%|_}N4^)Scn? zZ5LJE@lBf>IX_V8cBH@JVYxnOPwgn=?XUMl0`~``;hAzj=6VD0UOf6@*k zTy{z$Tec5Wm6lLS)QY-%yNuIj8FG*#(y{VGJ}l_go$Q~JH#n!~H)lf+Z8I*eIGK19 zYCaSOIFWD|N_ct!c#0~LMwz38ASYFSbj2ruB6cWRWIyRP9^H&Gz?i-e8E3=P6IJ;8 z!%Qt_x2~QSUVA7hkZ^ZR3w;mv%q#^2*$m3|&HOArZ3(`ai|ZCzyEL7^a0>FB3+-uY z!7E7l&*{D9E5X-JHctT0&^4x?heih&3#S{xgXKx||*r-1a*{d(_4tBQLC;n;X} zD5X68vwSi@@GY+iH`}5iEAMF`p@tKEscAignokD{i{l4w)(ePi4H*^Sjit|D zV|^j+dH;*z$rAed$@k#Kc^vR?wd}YP{q@M{|HQ}?{P`00`K%)o!n53+9vv}LxSF^{ zA!+b+h|mEskF|ypZrjHs_=@I8+u8p5XQ&;w|3uZrSAnaRd>9WFRTrk8p_$f2T9&-2JMjtMvLxCx4 zlE~DsQJn*wgWcclJQ;1ly}jMB zi{9}@2}hj6O4nxEoF#ylQhBk}KD};+A~h^(%;3$fS9|S}*W_&&fx*QBd6@;$wveJp zX@$hG(8I>^57ih~C#~#)AH$%vCKXyr)*8Jp2sC@`&A)jk@~ZQNGpGmawJfmiZoPCacNxLU53Xo?oa!lH2sm zg3mC+;&0P+L`yS@oXoJ}I9*@tFK=n$lJ@ZY)JP2_-rOQPw2@IH2@ucBZ2qob^@j(9 zp5DaR+dcKpPTGlcL?kX;2>aWgxar)lh3$s2UsYbM4DZ-nU5o?28#*clng`$yY25Ri zO4ryktxr!c69${W)%&&&ccW0t?{{#!cZT5yb=ur6e*fO_qBnT#jb3FnB4Fl_;Ch3! zzRGVZArTvH7Z&EqWNLq3Se*mqv=8Rrtu>Rr#(%9eM}C028W&j<)t$1ekOEh0PYQl) zEimU=U~nDji|O2@NHjL95}l<&ArverGjj`{#}D>*}O0)E?SgddbGSB5WZ8A z=GJy3p#SBT=adR1zRptev2PArL1Ei81T$bczbrif@!k`}Y~jLR(CR%Jqkr*^*pYW6 z<9$xLTCK^r-=e9{!9FNGaZrKul<@(6j926LG+b_?L4jIIW~dUDED?ZrdVxGv{$`M`^rWdzh%u|ef#F> z<@gm5!8~(qPWE*2zVK;fCCGUX-1h0-B?{xU;^kkQ6P%$N%HI^4BMTmUXznNkCmB&o zj?@>keAfhPxI+fkvHF}$o$C|=4nrawnE^l>78zoIv zJ?Gmz{aWA!+;4cX9PTeRTb?{03)VitFy}NS7NUA?@lI`r*Nyk+s6@@eCBs=65+BU= z4nF{@xPT^dGIukX3#2%LUaaoZ1jnXewr7RrUBwFf8=m@Vzj`P#2Oc51Mk-awj}=oG zXy8GY0Ycmqo+uX$Igg@;DOM~*C)PI23LC=2+PUFK&BF9U>{n&da|l4qlY z5pOC;t0dKm{rV`3SS!HelvfL|?Y&k+v}f~yC$;Ck05XaCy4VJh13w`j^0FC8lK@9l z@9rgk7Y0jD@h)~dZ17q3&8wQTc8)76qZ!B1T3U2M>7eaTE1!Ge=?Wu&hzMgYHu;h| zs2I!&Och7(zt)3WPZ_pJVs;%SvPniYlsPD2-a$$F15+0o9brJ+QybY7Tl(H%_eZ#} z7Vy_EITNqv_r;k9h7`iV*sOw;d7zk`W*?p&rDS>R!!kq*g4Wzln^VQbYLVXBO?8|2 z@|>rJry&X`_f#di(0{*avNL^d;8tc1|lUUKUcTy3w0$X2^Ati45JEQr& z;av<>td}S5G<@chhtg8RiUzx}a|(X1;$c}Th*by?csx`^sx9c8c!xN!I*Q%J>X=sT zTFt)r2KCGb8i0dt9K7sp$g~{ipmkgA=C|?@Va!DSjU6gM!8C~k^(D-;2K=1d+#kC94SvV=H_QWvEs0(iifjB&Qv#mh?!lKI zj7jt_t`0M^x;I8;XHRBj0T41`InTmw0Q$RgA=T^{F52o_)0$kPp5bPbuP)-36xEGE=l!evl`GY0%}b+#D0pppECB0#UEfU>-vG_sVK zMk)*T#gCSDhjMFX@!<#Wg3{D5TurNm)ZaAMv~WXp6Sei}s_YLBbbnSBe7n0Ytkx#m z3>@O3uk`Nitg}LECeFsDM=7wHE;R*V6<8@IHArLD9b1zb3@T*97z89uX{@HqBZV~B za893t57h$88@k}aRR5Mzp&!e&nvORE6`%j2KdE`$xNiZ=N7x71lvOsD=Sv2Sejae> zQc}yAZm$gOzxF^=!~LH2L5(~J>xTpZc6oj&@-ud|l7`Ejl5V%)#Y>;r|CIltQYu?v&xRhdby{J#D~Co`EFz)mnM+p zlqSC9Q#U@Re)+c|^b!$Rc|-*RULv1x5o5HzqNHp`#+eY2|KfYeKsD1#TAUOxyD-Rv zXobR1x$i<{$_Xvn&Ba-wv6O{_>&R#%K;+xcfNz}rB9|sg)~J9!72|C1JJoE>0Az*q zTn4W@agxxC6ckkGnu^|HD$Is+vR8fmo*;vv{+2h=W9HY6V!GPj*|e43pEyL_hk_%W1k`I#XoiIF8i!u%j zOMFQ{!);GHr|9)d%pE&dT&VBQuY^6H&$lZ)SJSYCS(BV#{+h$b?mAW{>|^??<7EX~ z1MxiwM<1UQKhz=lnHxzB+P@cu-o+k=QV4qBkDUVzQrG z-oOqkTfwDH#r0)%Je6IK?yx*YBUn7M_E9GVIC3+1HJTToxP!8Bc zTKfgoI#@}BXQeb?gmgv?rJ#!L+ba5kZ}`_fF;PZ6^r=vF{L%UR9h5wmhC` zK9aK0DH7H%(9gEVa9n=H84rEZ>F#*0yUAtwhh7Eoi=jbU-dw7VZ*l@F7}5hvh1T8D zMLo0eUO`2R#f1EVetzKW*rUq1--pqe#WxfZ?2JvvzI>I&fOGhwq&?b?q$G~is{7FM zOV935Ap9N*+{pH?D#>~$TOH9FYaDGhB9E_HlY;8H(P%8?V!9WsIFEvwfqVFr??RWMZ0GKWEHaZ3CSv% z=V0O8?e@O#Jxkr|aB$`dO+SVdSAUsc_kLR>QXmcn+x}#cASuNjEK(knUcrAkJgwgS zaR%`Ei))$pqr+f}(+ga$-1iqIj(R>$S#(Tre>v+dxIO!olioeNxg-6|;x*^>nP+3S z(~6gb{c5N9dAs8I>UUcs;-GGmTCq#E>WAG+X*)DBNzxm-L3sIIsU~&NV)&MafI`B^ z*E|yYtru`#6c$LpmD50vROI;_gnTE0V;unjhPqyoenPAijo>LLM=AK`s;S0%DH;6|LcFbJu~>T&#z zy9*Ui<_pH**d8k0ybfA5?*fR|DxHY!W@MUDfJ@BG_=(7tH08ati{cTjF=YoCFbt>b zbQt5p3PG~v$Uw}^`Knz^bMJO05fnL9^X=Og-+geGnEx02I+GwtkEL9Q>L~vrp~%eI zs-XX^_HFm2f7d`%YKLqN{g)vz-C_^r6g=?!xIe63Zd!T#L`n`i0?yvH(w= zvT8Z_$;3;_Wh&q&XLpv(abeM%PoOKadj@^-qtri^>yNVyggUWZxls!G`9lTQxc-H$ zXcFEeDUGKV%jzf=mXxL%&d!G!M5vu&)e9(}=}Jzz`jLU>9)mB;5T+`B?V5yhC3hh{ z@=Ft6me#7<1KW$9a~L>=61f&6yX=M%L2^J5kttR`4oYno$ss|mOIZ4dFWf!pu;M6; zT-xYkm-K+}f?FZ41}b?wu^+9FKS*niGEMZ5?S3M{$E;D1Y{O*cc_sP|5rbDz4O&Cb zY{*tph70^a@L3to)aL!s#DHoU}<&7lD6?}s@;-bHoHke=v#PWGLCimHFbzV`52 zcsbTklbkrZTe0mDUSDk*Df9cg@)`E+^3kt$}~lOOD>PONP+tY+L} z!EvC|Elu1!!!+=aErdjJ*#T5jedFU(SYLSFFMrMys~*U}SiUbK+`KWLT) zUzVkNzbwZ9;%`o`3~a^0h+aMbFZ)h<%O_f;ghYH6MW&ESY?k=5qrCoPn7SjawrF~{ z1m;Ufmy=l5tPArXd~I$&&xjUZhMIXmO@^8;JGRVclo9nVIc*^)Ao;24ho&C>-d%@V z-Ep_%v*Bl66U?~w5H;p>qkUxE>##ZvJeiiyESd?m@2%L61b~EON48>7+tKI|T`HDO zDs^@K9<`Vh4U{ETquk6gTF+c(w&RSPd_6tC3$6|~n*2ebW;{mtdV_k^X59SfAB6hg z9SD=7Adi>`S;jF=ozF>D9tF)tPiv8=+xp6K!Zxbjhw9{q*+KTt;i)$DU=C4EdlqH| zhssnkr`?D>s{+t=E6%EjmpdC(cJMD7kVSZ*<_3KIxJ^snmRMAbg_QocR{O|HsV7KP z?dY6x9k9ijw}bN{VUfx5ET*SQHOS2u71Sp{ZzDJi2@TCL+e;45CX zO;udpLEPsw3LT($aH|~ALad#|_}6U_?O6H|;L+F=*cw*(_B2J-=){N2XHG|VFX&H1 z+uup@S{O&gNe`!iH(YH2W2~!diQz>%8*yb@dIhMDRm@pjPmDy4Rr>se)NNIF*8+JI z3y^YtFqubs#m7_!Tav6=H_RH3tP`Xc#!vxaY8Z6xER=%|aES3}JkNbNBceY)Z=PE} zMWiSlHw?A4iERl$4+`}yLGiFH&M0-hN2<8IdyolCMq00% zU{>Caj-Yg~X1H({V3Zb3gAa;Rzr#@UnLx$FV!q_U65n-es|i=cGsh+wZUjAT?qtHgnHK8*&`2P3tetgAPf`j?y$4vJ>bj%xYM5rE~nYb%lx<2V)ZvTv2Xl ze64wAi5iAkE{=_$>PFzI;7-+w<9*7RK9#%Fcgs5|sWQX0%GDUf$`-Aw^X>8{N@9WC z$g7cQ5Rr|2vM6oRF&bmIig3yWzwtPP$(X(U2Bk;l#l;9*jtV*#oaz=?1;*b&H`-4u zm?$`g*ro+X@2z^zk}pa@m3VsA6|H zYd@hBlhOLcKBwX!hO{WEDt&ABQG7E_s}C-51cDC@;H^^l_(K9BS`NYCC=1}K5n;#| z3gR{A%y{dDN?{A^*($PstVe*LgMQi8bel31K6=PV_{n zuS>Dcc@glu`%y=!T~K3-Xl8%}m}T#5VbSLQJ?=v2elN_j|9~`KN{*c2SzAOjfhhqE z+9x-jmCIs0MepAH1eJN{DUA*u9v=jPpcgVq3d>|MsHWgE#}>TvIL0`&;i=-?#yCz%{~6v#Scyu@ij=Ar{y`at!uI|RtIEzN zQHb5XqBH;%D-}4v`ZuCECS|9J`^p=qgAuL^{-yM5SwXiSDi=YCWs!{ReosbUFfw)N zO(q!GkSV>)&8R*gzASD$y8)2{g-c)B6UAf0Q=N&tkpyV$DbJBrUt<=VjlB0^NUIeJ z_lkrAuefN0^8;k=I*PI9_#IBZiIF0z_mjg*O9*mkG5Oq|jK<;pI60>GpjOorktS7- zL!BsQzU!(<{22I8?(HHc877;>d7}G448^!CrNrJ1Puu1|dT=2R0x&G@ynbQ%+hBb3kHuoX_+3ThcK(pxVXw8YS0r=BG6hCK_Xwgn}bA& z@@7C(gD=lG2o3$z%Eb?=`~I)gr3v63A@pwLVy=dcB1*HB8Pp%0ecY4aqaPAcKd8<< zh6H9*9eaNvdoPpquREIdrHaj-lk%5WE(YdI>yiWJzGykQ56bR?AO6s^n|&+g0)tq; zmB~eHkZ6?Q7D})xM77F}8(T6}%ue!qcbwa5$r)n{m2(W7I}>vvKNnfxssCXWGn*28 z_4x&Jrod(908V~EWE!WsyktKTO)~TvTrc~^kY66*YM(@5UiO!I!R5LhygrsAZO5#z z+911xz;kY)(_y`XzyfLE`1~^$0uOP=y6|(@{~S_k&qG=f6<@ z!7OEO`e^Ax`CZYGf;H~@ktohSCd?n>#vv_Q#TL+63~homw$IyjM@E~2It&0-SDK-7}mTLqfGky&JzCs`o^V$#8C2jv$^B_UMbUgXAmg}zW%U~hKoWhyP z0D_Q&6hFzf3k^Hfrygiuk5fG%HIpfC3x7y>`x`>Az|_&ngX?H}S>uB3Sn(%Yqijb@ zI+w8$=zjTxCq63>3fc&3jzzT(Vy&vEqd_~6&(9+qBn8-A88Vrij3H)`gcV(0MH02L z{?MCQf>JG`l6OAM!0%J{3d6#~@2Tm9lUDF0*4!$RH-sSAJx06Z;a{7G%Qj&r$ugu? zuD?fBlkw$z2TxwX_qSiECjexHw0BUzCo4zp&?EaPzS*$I!dUotO$0D_yelYk{ZW52%06zWcetQXh=4RsxKKvmk zq}kHk2rK^4Vq)jprf?tEDIMae-)= z3HFVu;cAmEJMFrU7eCr9< zv8$i_<7aCBwL82$FY0adm_Nde*-c71fmMzQru6Mu#J^^*oZly?q_k)^C48|6(i3mv zl2h!5{^U?>Cwx@&r=Tyx<%23c*3a7s|D2mKDW65P0uI#V_2KdY4xrSb%g@W}?RmrC zXWQ9vafm>N3(Q@}?M2qZ|2O?rXFuKcsl*UGrWoA#Kb&qM%%u31!__J`N`erOtSxD*=~qN(wj19_D^C9g_-~MRb9|RB%6I=z zy>0;Q`!3gc10Hz=p_9Ef%<}e>=I+?AgEX6FQ;Sg;(#~(^-BPa>V*KTZ7Rld{EUJQ` zJezn?5p-onR|N3FUuvkOY@61MZtg_y+Y@79#E8F!@Kk08)@Y%?6^A1kSf@6RbWA!C zg?91Yb-7>=Udwjqq8Th}VE&gm zz^51Y#OEZy(6FU-K+`cvt_LJ97zR00Bp5xUJeC4a_dS<)66`I7p)2SB6v`@{E(K2m zzRv_MC>}8#gMZ$JfA@jHdrE;jV4V5cB5`fXGfHRyG?Oudw2@f(`PL^vA(GSAr(RS* zRHb>iiO-0iW#eb5VN!nYNa(|89Eq3Qm}iQzrSd?3Sl#LvE&k1uZKtp_>pJ% z-nipL>3f){UdU%FIHoz;P#!>&kaIxd$76Xe$(0uU@sgcV!It{!+*-Os%5_agSu5} zfTi9)SRyiyBin%EG-wf7ZbVH~1uRkjJXgyH-;SxspT~D+;5|Z*Vj0{=k54>yw}jtn zaFb0Z@={61R0D**%VO2mC6^c#h$-JFHwIy=wmD6~%hdhr@~2m?s1@Q1`6;BpsXCyQ z&A}#_d@zwJrOCf%N|#cSGu9Fswuklb&BSAe(&-nzH2upPaSxieRmN|prP2XCy70m2 zd!Kv$gVPy#*~)yR3Gx zDXEZTa1L56{VD#Se1-+K;_JF)A@`* zYnApD&%5T{0#-9+y?7A`m(x^q^#+NuqQP=>Jp6i^-A_pt19Pfnz>HFLL^8YwpSQD2 z_C*29^C9&N7qrX)I&GFpn7v`wh`&w`F<%lgh-;o6r+_K6RH$mP4i$E$so`WeH!{pe zS+n4OJ?jcbVb^m9q%;2jA;CQCIzBu#vK6oOBRT9ryiM|9?QbLsIF%fwYJR>}7Y2WO zwLd``fNY~AwCBdMoU=~t*Qbj=bHWz_xo0nl>2i)sSEo#;qt#Y@Me0f<)S6KxU--8E zE5&dv1cHwjY=gAX33wD4gVE0tEGxuz3nWC8>ob)bYcUBb4E`G^9V@cu6#e9t`@n$` z&jzfcA+w3t-sqCWG}>hwQvkMx$aCta2sFc3= zOHS2XV(er$-rD^jsW_qGtFMPG zMuI2h=~tQ~48WmxJA6wzUZ1@PHkeFMS4LR_L@N6M#8cajiBhP)?;$+=Kvnp1OKr>t z9dR?K_MZWrc0mQUmZ0*cI`@o{m@ENOqwRD09HnYP@}g{mALO-^MvW%YUkoEIq8)=V zT#*9CaG#z?MG8}bm+ZrFfqmDpD=Cn>_&QPSRvQLOP+uJ@&3Ww`?ZRhf5q7z^^M&qr zSzJiWlynD--4kXu$FEChTNxHMM_l#bi5S9|nAasNn~bAXiCP}XY<2%8y$@@_*L+ej z0r)ZjcnI6}xcm7|C40EnFPm7*l@=|uLr-&%pXaAQMPW-_!HN;E))Q%5h1dWM^sw1x!{4D73P!XK;HzDeXBd2l8(3*3NG%H>}(lJXJUmO*}fRKu=|4 z44PzL)1jehqVQo{Z3usc<05C8m?nM?O8*VBGIajQ9QgIzN4AA&AuDu`oXr$;Ra*$x zJy|wnu0;NuxZnQ!z>+?Dr69l4dR;iSMvt-Xhk-hG#{?eeF+(+J7#Xi$7-T|O>_+|9 zJK~MIP*nV7!H#1Yo@mP8_y0n6lbi2z#bc&v%|HBllFhV+i^Ykp6cWbhH^8~60zmRH z_Yq*LJEY2rap@pM^vRpa(Q0^OE)U>aJSK}Mm8`Uq6ZBk=n)5%fltG%x(vz&}h{={3 zG8KYrA0U|M2U<-~397V&h5LgH&Px9EU;?PBQ5baxxA-U0G04l z6qH@k9U$Wm>*wwe{c@^Vy8MfAidGHa!v(ivnvzo~CU z%Fn>^1_kViTW0jJ3LHjOP4n%51H4J(@Zg3dzJou9)ztj$+kXMDNPvG1NH z`~9Z}AW%;6olHubD~i8aM7u<3?sB23qur=C%zeJHkN_jA)aHP%jirwq!?UP469O^$ zG74Y1U+peFVY)Z}4+vHm&o-%UaPh<=PN!uaC$z>7sdy?;#)ta3IS3C-mzRbmM{6 zD=rjij)H>*3OAMoIRU9CwHND-c*LM+&bjSr*uZ!}6tx-fr{D;pyys=9ZR_4 zE&38|Yf9Hav?+0GWBh_WB+-cyR=HjMO@kAb%ps&zf;*5Rh2WJsLOtJKxPgn%IzD^l zFchg#KFkk@V#(i&#AGa|+Csnn)m$;e7a8ZQZ5`pLN2aO0;m2*hTXt+hAlK_i8hFx&R-3Cyf(gnS`n?<+hPOG-2MV~K zh{)&{EPFYL>F)&YzNPW3p)oniCBohmoGwYK`DNp-^`Q_lyou(K0Ems8t`K>o+Y);@ zk7P-}ek4`Iy-y;rPq&2EUfBPwx2nPMmJh1$284?@ebtn_94toK+>HotCW?ns*{NGb z>#$z*rOh`F$x(Z`E3Wb?qmJ~|xN>cEl5={37v3X{A$#5Tlt2C9w)EwEYmHaN%l^hY z+o1~x&sI5!meybaAn=^-C|Bm%6YZ=!Y*hdym$6lYGsPv?>Wd3w`7EmaimCka@gF2> zoYA7PS;Q`ouFR1t4oyQ1gq}zez8$G(e}NiGh~aVsUPWnOpl+Y3jHfl5ou%e1v9wh7 z#3`wbS z;=O3E7HbNA1l~S!e?j0X*q|Q0M`#A@vbrRGm97^as_uvtKSqShv+28*UF54|QE_85 zaIo~MqRmf;6;Ck6`(v)usq_k#BU*7+gWpHz-d2ndp+J@<4=y=W?JCHh&15n|>mvZf zioImm1G8ieyFYUDT==EsmgI{DMo56TsFhp&K|{yXvsur%h2KQEY$|obekM>vKGre3 ztvLqc|3=4ZFPhagS`C3b$-HWhY{y>~0ZbIi@pXw%wPj}8x2@(}fy z6_iC!weC6YEHg^eiAsUYpGFDM#^e5`$m}Az_Z18mNHAP7xNZ+8v<#)ZIb)g`~zClZTdZ2D9v#x?(&~fWxw|EbNywpirZUn>~Z7yO< znb1P$5~Gjtb5fE8nj`{`>9@!OC*oRk5{iK?wRyAKgZK=rXj!vSEQ+ecUSD>aHBl}E zNEgUw;`je!92WjDXCJQnf?-HY)zE^vc5zp(El6bxyJ+4YlOM>7=ERN!8aglgx zrsCjOVBP=u+2?NZLwfaW5beXmPRIs8(&c-P>-CgI+XkpPzUv*+UPMOzs%p_0CLi0D z<4s(EEIJmBk~a~ZIOR>i=jJYgMR2x&DjxPr$SMG8I(gA!R zc|W+xEj30QI9?|?#_M2oMzBLj7>9#E5h^9m=g2tF&mvP&9>2Nv#*W+H#$kvA`^^8k zOtsX~av7uD=Q9TKanmR&Se7Lr>0a4yWEp*&3_i)n)(O(&=?FDug3W{@}63Dp+P zLw1A22+!=J^J}{EQi*%f{Wa-;PvV`@<&1N4WM*<}D1OtKK2MdhI$>_Ux;2%TxXw?# znxXfJi8X7EC+NS@r|zG(cB*4v({rcSIscU6n;}u4+fOd&)`t`riPNn;R5~7QoT6Rz zI|Gxrb&pb4+$P8cw2{5J8gY<0M8y6}clYX75eYnNr$Z>=kyXJTty|FZz2;F=;N9Qf z6PfPeY+EzRz74q0>%v!Q-Sti(rhYn0en^`BR3&=#Txk~`w3+C%AI;DoXA?l#&H3@^ zQ`n`|=^b$fF^v!MP`cU~z&vRyLNH~aH84q0&9v^mhFeX@uP`e$04h{H5D)&bpOm3x z`pfl1;N4^fc3098#1u3SdJz5hKa5zpVtE8@9`xPmE}e+TtXQVh>~`PT*HNyLEx3LK zPuSYasVbQLcqCJMKLu?$K#urdzV(sJ<$c6{0G4WP8e5Sq{coVqxV}3%iuRpj%etd^ z%3UWb8P^GHlwDP$atvyj41+#r_rb}H?)PaBuN8Uok@>rjX#AtcWFhyD_?CJGUz^kC6;f-EH?))ZH`3^8QTfQ#bZ2jvvQL#MHvGf)73>H%B zT4FyJumbeE<$Imrj)jG)4qE=*lXW8gKZ-$3pXx+>1fj;g&Rh7go@(b4=_8B+R(xOkKg+_l}{*B?y1`?T_y z!M4Lm-SzOZ_^jv-$no3BFiPe3OMkJ*>>6=Ivv_jSSNL$M*xU%dwoLKkCSKPwOyo*n z1r8Z~l*LWQVvR+JN6tKmm$)T!oVr@cR336B&t_2moA8*wA!FhXH=X|{q>A)E6v11> zo9YG=gD%Iv6z1_d$jFNN^1Zx(icjx6oV@16XMYdGr(soXiz@VSPS9@F;G}9m2XE^c zBnzzfME!!pM_M}`v{a~kCuE-qP~~%Z=uL1_Pw>m(a#RgXRtyh*JCB~QcHv_Y!gn`m z2!#pxe=3a1QANVxFC@mQWiq;c4oetE>y3nb?=A>776{>!= zNXl-F<|X>t{J=q1LQSVPy{8>FU=(BJ(mB#7Fc(b9&yZ=Aw@B&+bdfJ4%kOv}6*Tl* zH|pvf{!y%}16wFiR7RcG)ge$+#{&9ecx-D~eEng`1B4_YRZ59it0}TZqRex*VW4Qa zwBtW%#78oex-jBh_%iAd92HC=mhXw;!w}^BzSy3#?+evHFt60K(YjxyIrOPOW*GOI zhu%P8Bo>Jjjsy_ci=aX2gwi+PBsya&b>c-?frEWl(|n|u*t#Ex(6aKWB6WAmG#zPQ z^+|ZUTLV=YbT4J2rD%BJB;g610z-)+2^h6C z^z?I3m#8Rb~4C#+v6%wQ}+;n@Fe!x_X z@&gdcBOkx@7=Fc++x#y<3-}ft&;w7MJ`6VGr|<~!Dwyx6Dqjs9f047)x9fp->ULXc zd`Q#WvhZrbm)YHXz&2u!iEj;3dMWlD{|Ns@^;g4gZQvk+@Q_)PqXyhv%f5Qed9PW> zcC=Y6J_L&P>Q4n2%k%) z*i&Vr8g?@bND!79_WieS*oQ=4V5*2ph8sP^s`?6tlbng!SgPe~(!^i}1;aJ4bN@Ot z$RBW!kMY!>oCgyJy0`6hG)xS?QB}cEBJfrfPZz%Xrv7z%!37xycHLfhEr0tcgTPDr zQ4Y&H+WHDQb?$By&{-759K7{cyEKH$AEM86of{ST`n3}8KN$=TbD)a?0oe>@k$Ot6 zDvOw`H+gJN-g}D7AAkQIhq#x^Pb%;V%%<~*SR{=sTWUpOR}y?#eEpw>uCLctVrJtv z3=j$RiVco%+=%0aahZOpUQJqrzIc%oHEJvaUM)p=&sWOv09l|OJQ?=WliIKE<00{S zoJS=|ACT7Ck$bHEpcmK9;zg|~DUHZFI~PW4yEVybKc$Lo>9dS-G!xeOy!Ks@5ljt|JiavqvdWl#0wE+2=RX&Nb zelnwad*AUz@y~U?`7C%rkTON_r0}TBoO*%joaChMKhjU)w5rD)W>Ige;~UroIzzo? zJs!lTt$KQY(4X8V^yApHwcmo%-{{Y|2DHP4_VaR3d$hI(@DUlk%h8y7APmGRB70Y% z#*Ee+n%lTUcDo}vSgOL}WV3JAa{*6L^uJr)MQqINC)IxqzU3F?EqTN9_iDzY+zF>@ zCO>g#o5XB%1z^cnFLHPWW#&w0ljfg~)u+1W-|jcno)*gFpvzEvb5_Tf`?>-bR-fL8(7|!Es zGN%PF1@-cD+6gHq&==H^=bHaal))!*IfQ35-oR-Gk9waq;XiH^Wgu?+%QHX;5SBgA!izD7n2&_3Pp zUu(T?vDzUCT`-8u-m;1^qs51A%5kWmQ)#JInk&&z#qyEJ&x-$>8n`{1pvYzXBu#gp zOwGSf!7ZSD#YnBA{j`Nv$cmI%g)fuh+KH{9lu>v&0Mx3omY-T*DWTQiU9Al%26?#P zE9R}|j6VevG`pwY5^)|Hw$i3Iu--Uslvg_U{D2bC>nV4hJG(qMZSV4e6?dQcnKm!Pi%3#4uQVR`nhVZ+*Oj&XQn{FR1H_(1dUe9?FI(hizsAmkUkxK|6a*wcWs zO)(B`q$*E>c*-}15n!xQK1Z%m))WyGN--fz0McY7McHIbbKDd#e>G^aM9JL8hHnjg zqICWL#JmC>{H@#g@Xz1?Q;F_QWlqUhnA`htNp4)ASr=_fc(~D&g_qC#PdksV?3u*n zL*H`@z}bF%U;OZaaDwLL-u+(IpXJxyiC~*pp3^*A_vMrCTZ$TIh6YVX+1qtDP|_q3 z2fb1_9Iz#Z`H7)U5G;@e2&>D_cY#7`5BTC-tGbM51rt-nXXX>;c6{3=V`GD`wEh?V z>hg)l4jZf?TO&Kr|2qSVX&#}p{Z&>}&t}F= zI8MsFjep9o4S5E?kA__FU-c0dAKVJ(BZYwm7A}N`=rPcsi|%@#wJa1;STO*3IZ=n?x>$;mXpTFH2_<((vt}0#Fai+`v`2)N)x4_vWy(!R97+rNmTYnFzG`1I|z$5_!HKBEzH&C5OOxs z8#OG|o{`oZx_&-A6}mWG+8iJeBHW(J`ahh5>eC(sUSD6YRtzXEhpH7Nb~KaRmm zVx-P8WGHn7lOiqj)k4?&ZglV-!0f~JXQh0r)PkrNSd9`b4xxdHaDUIM20lKS8yJ~# zrI&pg+ujcCU>SrA=oC6*z-0i@W3D}gmzGj`a!mAuJE}-&-UAN0(D#f>dL{IQxIVR2 zk75v%Z841`87`tc8}HH1U)bU7?r24N=sc6bjcd&U-Ki(M?8r!GA)bA+H<+e^g=v$P zSP=fJ;?Ie8ds+Uj>3x5KepLxxvCj_=AiIhyW>LHI)l0uZo}eoYxM}sf-KSPa*Xrav0BlL@RmceM*t@s>q?3dH9kO-|UHCfJX#H1Fy+^Q%u4rIw<$Ha`T#e@uxU zv_*nTeqei9S@{GxD_$Mm!QO?tT-X`9btCqvnnCy&wB zGnrQ=U5d%FOosu~$1OblQ2rVqW z4tGz|ytz2LIqocEr#=w0&$u?b$HT+eaZd5}wYqT6o$6kwk_YM|9Gxc{QeU~3W>I=E zp(;nJLa3}?by#lJ7wZ}Zo7Q_iivCx1&g3nV zHDV}bCbN)DOE^`Kl?LQKL#yFu}tN%J%IB=4zGPOp2Zf)-eSb23oP+5Qlm|3yEiF8JLAJD^>ghilF3 zrec=Nts>`5hMh*r6A@gi#6rpywpjeH0jIg)E=%}>x(Xf>GnvGc7&#=h(8n|Cj1I4~ z`QIy@w1aG)ogVL9U(YW-)mWjSXng_GB$Y*&$B+r0n_; zpa<%U<9L)th02<9fal|E&DhzsNB>9Fxi%dJ)=W$Y>@*^@FyqkjTqWA-wLX7}O2=VS zbqjG7-{ow@{mXWy(c;=4WQaZfVLN@FYXzcaE*~FU@cfGTVb9-iwbbCb(+x!A`i>FFedy({5f4?@O; z5Q;y_w?Z<0edf+oPerv7P#k_bLaF;98XLNlE{o=I9V~ijV(wJXo1Rqf-tv{-MW;YG zcA$T?kbciS$emZX6u`c=3Iuo{7nsb8YOSX=8mT$`>?Xp>-dSrCEe*9n8wdFQJwvf#&LKqdJi&6$z`!91`>q{61_VT^h~ zE8P)wsCr6P!94P&z(s9&jpij#s#fImU>xVM-6h>MiJz+Glh97m!mC!{LMfMa>rf$}5?V%N}Wr z{rP0;$|^b~>fhz0$ZR5RM)FLS6txS03ph+*xo9F4I{8_FRC%+M!@*XYSV=1lT?4je zz1onYL3vrq-M$mPBF#YEC+yn%qEjqaQ1`b@3y7$MGVRb(C)jZ#s0qRbOV^V_XiW`r z8g3Pu{5B*#RJMNou?7@4#KtAbb(4bEL{jS-1Q+ zE4?j-H(kWTQSC5H(n+~4Ku4X7b@Y?n*7^JTbXyrDUHC{vpD!Iv6W75$8S`e}<=sxg z2Y)>@bhC*SSBDjTsXxbUtgk>FVtOL_1BdB)t_%bvO_2fYB8rl>PkgnR|M#lHA%8i3 zPfk=Mr34L5^To|)$i+_+777!L?$Et!(#Gn#`37`N{ZNB6 zcL)2S@D$n=z_GSp?7%+q6Ys)RxrUacZB6q;XWN3ytOB%Er{}=kCj-5cLQ-8!?vZ)j z#IpF^cpc`zlo;Cz71(V#2q8EgrJz8eI$jSCl)5#Eg!^ z01Us7-%px;-xX3E!f5QrOrNd0w&w@j&uxv}I(Ks(fI`MKx`6Sa(mwzXm-*Ib<#3Amnn_(L>jo<)~c#$`5#53-Z4 zsiC>fq!7Nc0thiu-62wEra7zGVX@hVE1z(r*f4y1wN-hwsL zbf+~CjN2$Oz0D3=EloA7#=xA#HBj{Y98gF)^GCg{#tAMH3&A)=Uhoeb1a-K|+s5hE zQ?&Cj(l5Yp_{G6Zs9;LHQepaKbXZ{On&f;0qWS9zFGI7`hH2%vPaV3e4y%XKZ^he! z5v9#7xd)d{8SgTpY}eIx%Xe)Ddw-g2mN+P$qTt#?v248tx4w>27>>v1T>^xz*wZ<1 zYU--qlli}~YzO9M;qB#r_{zJh^;^{AIxREf7hgZtq+ic=bpcNgX9^qIVsmOTIoIdX zE3R5c4j`@~g$EdH3)Ts{zF!4-sb%AFFH6m#zNNl?6?u6IMW~aTc7^ENFuL{(|Pi z==!xTp^Vmd88lD1q^_51)iTGmdNSfR6^Qo6=U*Vnx1o?2;N@C}Lv|ywtJAN`xXZ{R z1zc8SE@$wRo)Yq-mWEjB(h(&&`0&fp19_tY^@YAiU<&xfyK33+87oQi0zn0%a+iB0 z*`A(ocM%?|j+_B&@2bL#<*fQJVK|%wMCU~#fNFra+uD4%+hhK+{OLq!- z^Oaus3YY%sWLHTB+0gL@m;T!%%gvb^L&gQ~oT#+Yl$cSXtM9g`EC#ozIEZ%?6jD72Z*tNQQt8W0x9D@=H+ z?7sd(l%UTeo4y?#r$^lg?mr5lb*GVQJIl?f#>@`i>+*m6;HbOu?k`7qM_`3}o>E{J z3+}=AY5_w9zsbR|rmNBXZau_IPTFH_1M71VE!G)pFBDCR%ibqh6f%H{vY}Fs1YhAd zAz<#woS_=57yTHEp=@}{jpY{NHoaF?OEuMS%iK38lX8)QUa084>}0XTpM=%#u*N=E zJjcH3(Y2-}@aCFPW3TpzM>tV(QJmDdq!A`9jsAS7e7e_A zsPd?P9(RwHN$u5>^Z>Ar*-1b~pnZGBh1;UiypyjUQnpK_kISMBA*j$BVqwPMwl3k` z2GUoI5HO0>KB_E_}$2bxec(7s1*JlEm?8$P7~E z;Oz8QU?OgTr7(33X;v(=&Xe3|?;@jR<&kF^NEr`Mnq{0?4ovw`VH~|Pd|h}ykTX;n zZoqzl^}3P<;51ev>Ex&qqQBZ?#CYJ3ZX3-IRAxNpo7O?NE&Sk%tbWysf}GqX+engO zEp#CBI_hY$9=Iwkk#kfU$~zD7Kb@xO*XBSwun^v24w_NxxbN$@5os?W`+bs_(bMw8 zMQ#q{Owu`GVSCCnkEmmk)qdUh(Hkx{yK9Izk=}NO$hW6U|gUVAzbZf-=S>;68+9=F-*yIm{CU3Mi%Op0B`2Mo<3UA^Yf{XY$pMNAG?_0&Q z5glg2e4P+g*66JaFEksUI(yBlHG!YrXcMd&>^okwqGo0jeN9p=R{2UmuY>uIBO(v8 z6#Lb=7tgxFl!)JT1qp&c4k=wz@4U#H2ZgqNi>!f z#9*rSwKsRyBNeKcE1{?WYc(FG{E`~mb{k^3t5l#8dvbP?&yTya+TKCp4iWRCbSg)w z!-SLaS=%2cO7`ILJ|1eVX=;=NRds3p zSjGCWog{7OQz&~K;r>l;HGJ8x-R4$Tl{kfQ!(?XmMtg|WArLti2q+bLdFdi^@1jmq zKQ}?BjUY|yCL4jGmkR!8@mCf*$D39)WsR$uiq0jF`mMpw)-NNBGb-Q#2V&nu3Oesu4#)vRtfEvasP=2tH`87T1c z^TqK=*ufsFSesPD4W@eRz)KN)=>KM>8KP=<2^-#ae4B^;k754H! zc>?N&VFFCDPf&Kub@pK~AfkfzYD!d#@5?FQRr$R1)T>^|5sfJ+zGvYwI&UK_1L71R zS?bS5#lM>weSS zvLap?gGOIgCAA>L&OSBQa*~jt2h0X1H?tRXuA@RecUETy+I8K@ap>FbXwLH{e`@g+ z93kM=>mYxv+q#{A7v$;G1|dE0#y{*D3tT%>r2OPWEuyw+_3QNd=#8`GOrbx)o+)kV z^QNlF)lTYy-R9U%nj?_86RFlI7zR1@)}<0$^~E2PHq$*W53S`>);;lOZs6P4G^}p0 zys7D-FB^N>SXgN6#OiO&>%er}Y^bw+Yhur>z_IDPf9rj9j^U<<{W9@+U~4xyE{g|eEv1tIX+E;x`v?h*nu;9WY|o~Mo?(B7`2V3 zv|Pbs~!PlHIDyXAS_LbJ7qwL07Z?Ltqr1|R#%Bzh#V00ed zlPmj1=4zCQUrT;~y7}AK6K5JWm1rhum#SNPu*GX(WunVwDHowTT+zNB>l{>7-hQr6 zvAM3f+$OUPF-g7o`Uq#5r>%wj(KWVvhcmjvaZ)O!mVQQH#3_%%h`Gm>Jlaly!C5~6g$s-Qr_Lba%(Z+v9%;8#n>?S!hk<*xw=B^Lm;!INkY&E zG$nGufd#WY{KG zXT0|;H0=rRtEEg7+_$x~?N(8=D=OM60+URIfu2mFhheRqlA&ng+PKV-8|`6U^9KJ9 zIxb7m!FPq6i-bm!Zr-p~PY}Iv(FU)nAIx(CaRIl)D_6^$stVFOIgeHR?KN&xX@III zVp!7yH3RA^JbQS(W$IXKD){llSq{B6eSA>2{qzt%5Lmy_3`lDz9KZ2>gZ~p2*_~}{ zQeC8<5O;g!g>@EI#v{eOB92CYYzeH=n}*9PlcK(kI(qo>$)tK3)^^#{3R3=2+sS*MPopn-vshVys?7w6Ul`sk_T@;AR{Dsfo7P6qcz&S2)wai=^ zLvMw0CTcXhne2k%=IXW{nVcb-K2si;yL2Hzk!S@ac>s#l)V}b@R3WrfqM zf^vE-H8fP1Qf{hjGqTK96Hm=?>g|M*kF#U>wa3+6KgpLI`Z!2$?yDjV()$1i1o|5i z$5O($xJSUswD7u{I^T^Awf@;wQh`Ql{EjT+(e@QEbjr)LzmW>L~5Q-MRl1ez^b+ddMB3;Z_!A#-09l`vNp87R$wU)dc>{40?s(+5c`rNSxI#e$(zOYAqk_wFv1h5p1<*qDP? z%Q3OlQJ@Ky17Z;9?RJgh1XrM|k3Y;x4m^Q6XtXo>aO{$#kat2rXBdsK=f}&5Na8`p z^bjstl2V^#WTU3teoN^k?yelt4pFTMvgX_DaBpkSG7t&yMs~0b~W#G%yt1T^in+J`E0y&$fgP11W@Tv z?au0r#Iy1(x3X$wPVsL_IU8+o1GRTzaqr#bDw69%*aIGUm(* zl-trD?f!C9E|m^g_?R9DO^KKCLc*NLfI<#Q`&n3I?#k3v9N1C3h^l90@J9EBEJ&OA z2MZ5Iy~?R(SnMeOfj3|%(s4f=8>8CXBaJTjsbsJroepKCo)90GZZf8tj5(vHIJndy zp5yAAYK4kM?y}TA^wY5Zj+_(j<$Zwfg5CM@ng`$&EAvu4YAh@DbIE+jde#ZzG1tK$p9>B#h?KwA5f>b^zJcs z(KpI`+Pi^Xt}cdiQOaaXZBsF$_?TXzwATk_aUv(9@Je}+?Pg&j6cNo?6J#CmPa8r8 z#T@CbNg7qH7dEBETLN%loA%Nii+#iLwbbQ1zg0WiXWOrfnN>wgXH7q}mZxyAtcS8J zz=(6zkaiBQaRB9SW2!PH)$p9nK^gG?_cX{I+Z)S#u|wEpjGjVnC5AIV+Jsu$oqJr9 z+kZ%#fw`(-NJSPpt6-e z2h`Y0K#V9HBcS;*zPz_YN=q`zO7H>>nj{c ziN9+)I}Ulw1NOHbnFg%aG*OlX^)5q~(bh+x?}8GZQFKNFxI^n?(@ zV73j^0snCap$jO>lNrtrHsTj!wKGhLqRC^?v`;D{z(m63?E0?>>>KKby&dQedtey~ z2T!^vpy!R1T;Oma-88~y}!p#q9bY+JWTZ-hrg zesWFvmF@6!BgT(*5D;xpVrMm`Sgs?dMSyTbiW?dHtX=bzyrStA|EA9qoQTLT3MC)$ z#r53pi)(}3An&;xo^D4^IW2U;P{y>&+j+6#DfnF76qY7Ge-44W+?u=Z@mJ@RA<=67 zbCM6YV0gc?e9)m9#LVvQvJQg*YDOwHRXWMaIz}wkLgsBuT+OsVI2$w2!XBX)U^!9A zQXFMbj09@eI8yvOPI%4$DfTSmNrC7%e30NbDB~(pU}e+DN)D1|D<(jWn?FnV1FgT! z5#@G%K%`>&uRUR$48ri91j5jIp)$#t%IC-5)v(r{$)6l5QmmLf@Up6D^eRfYiB@4J zUIs^Vm~DXnCyhg)_aaY)WqU!;CyljneC0DTI6F@Er36P-7L6P*k7#tg1hH5JRN>>MbVLAOOoMp8jsf!Li#?&uZCwZ8|i z7Ja9g&r0h|I|_Rib9O(szX15vatRWEWoP=LDly;ayh^4)d{|cS* zNc7E5j$|iz)l-e)iX$()jpTXhuW&MxCQ&LcC1Elvn@le`#z}DZ zw_?X~D%VSEMvTM0P<6Z+EC;4a?un|5!yI%hZO^J5r+`)O8;sWY%6L^F=Z2=+z8z3Us1Y0%*uYJD9aaJ#jh;bq)$L;BpzP%AD50VgPp+iI6cv` zbZ7+T5-(q8)dN=;pm?`FS2U~sW}*}GLBY$+{G>U0Zo{O=8DawNcdEvG<3%eUr~5er z0pIiaFm`jf6ZtkXb^W$rwMp^DksQT0WA9lk>6%kF+Uadf$M-)`Y}XBTID0WF$DP61 z>H@*piQt{#5C3j0Ix2I>1d7HIlR(&Lb4~#qE)l^JUuj{TaQn!Bmb%T(U&sC*v++&y`{IQG@ zzyftjJW~VJ$$%g@(FndFe)+RN@<9gVAqZC(F3ybm#75gykrp(uD9Rw^pc`b>By0k9 z{?a}cAkr6+-u*Qpg3z%ch|sZ6FPceXL4cMb#lY{<+?4#|Fbyuook2j9F5EUT&T9c6 zkNkqqw&}2U&4X*O$y9WJoZ~3~w;FL#B>iVnGs; zzMUdBmelS2?jIuinvFO@O7CiQt)pB8pNR5=MgXXHmbE+IZlbZ{GLVj=XXN>y7MTRb zm~&?p<&hHZ=3-S6^SpL|#Ro~ha7c0@q~3qnuihVQ6thOsv^#ynx*Eb{X-=Z_nmX62 z)4!hfn$IaM8IGz6br@wGw%#7~7Cy|PBUuXobv7%Nh2P!;yv;|(S}^vBJrDxki9ETU z_DUeJnPt{aO5t~ZwLyJVc}7fnGYbZR(IfuKV@WV20R`^AyEg9;<=(yYKXpsK!_z+{ z!PB>1V5Vw`71OXimO*bhYxWxd#huo>&$_RCv(NE}IymR8DC#pT?tdzNn*n&AX2@e} z>NYXD-Xz*|A?pVLeO%5I^7MyCO}2Z_u^|D`=8PMR{S`uAWRxd!1{GCFp*UIh5KO_A zwz{i{ihNeKGBOYE$d8uy>bA!`N%wm0opotd`(iiOV@_#J zmZUBgHW~ZM^ybXxUGpnzLGr{S8N(Kw@`r%<+9?>P_Fj+a0GrldhpPYD@i>)ZNtaK} z(l$Y_W1Jr5ZBxblGiAQ7M=mUEYxQFFZ@2Zg#8oW}S|cNa^_is4#6XhMii;TyL^b|Z zL5L$4FSL>4h*-952wJv*?Q_SnT&-S5565}W1*E<({Kp+1^&NvH;O=TaFNC=$sFS?P zN2p%bvq&o;CgcG+7#6jS*puNhmw!q=Y|uotcWV%RF`%sHJ!nefWcAd}0{hduXU}M% z(<}l}&cc$pT8uQ%M8RY_D<~4pj-3wIis;og<$%bN-3PcNtl!JkV*fc|Y9bbvL?RYL z5n5P4-9Zl924ni!hU*b*sZB(x7;1TCMMT!nrB!}$oatOsI`^y^!&y;m9^?MW_FQ93 zS?{cF+gO?6w@UFJ1Dw{_XB%fW^1$`MtqKt-3fGdSVHHD!&U;uLwqKtkX@17j-7({T zjKql&r3F=J9;K-gOhw;su1C29D{v}Sb%dk<)KBeG{y$OJ;z88e+Oggst@txciXF=b z*}-jX`S@jYzb0rlPR0NFd|@zA*;1iV*&NmqL<@LAQlPNqPicc0Z59w!t?fA0kSVZG z=QpL%mmCQ$<;yJT4MAGmqLT&OI`S>)4-aR`m$yx$K1y$IKghMyyOR_E#D_xd&$sW1 zA?WMuGUO1YaQj~UL`i0-%z3xTta#PNXD8tuYcvzItXQRf(zkN$|7k$fI|!3g5(pEp z zMIFERxs|^cCS!|!PmB&-%~cd*zxsQ`cQkl9&TNc-ep5^Z+6Spr=nqm3Yho;g<~fWA zZ{?5MhVerJ66Yt0qx})eizub)uWFj60S#vT&d_!`59yRZ)_`2q!ketji!}~4J3(f; zpu-da?Nb$yhNf+pI;V0I3f+?-_2tE&Qgeqn`GxQ!Mt(C7KhbF#C|Gc7KbHb`3B`U~dY8$;R1Hx5eWJD<(2D_OSnIC|v0T;s2YFl(A z!}AeZvsv(i<@)PR@U%Bn-^o6~?nd&vk>HWC6A>pIT5}x+h|}AlIsQ3+Uk0jMKCs(V zZ9*Y>w(TJ7rxLU6A2!H1KDw$;N~UsnQ%T#Z2%%ezhcL>g2EFvj1qFhes+=pR|5${! z837ZuBMA8SE!5X>9j0~nHKS^^jQ@=GnesHGH|)a~M^tei_#U9c#ctgw{kevM(VdTE zR7))azpl1XILjI|Q&s6Ms3yLZqO~^E>APv)Q|h9R@f<)mu#HfwaAqqQ;{;@nnX(rK zvPPt&76wOuF=tZiyT-0^hxQ7;U99@6vV!JZFrK!Jdl_4kskR)^WBxf&;+ zORu{D_`?`*^d|A$RE6H-<2G4WZngQx{hR|oksVVmFSVPdt!w=!Y;-N8D6;l;6#M$^ zCrzSGvT2AQ2+%yBaYP0$)WNXuKX+TmX?f!Q`&g)D`h8x;A=fiGp6 z+|>OQ0i3P%yMI9*MJCBAdl9r9zQfvx9&OFO1Xe3D0o=h~_6^1d!I7~YL`Em9 zC#~@EDFzO6Mmc_>74>$WJ6TCgwZ0Pzad{U*82Z(VQ)f3D+@4P)vOE}Zt8HJB&W7YL zi>9V76m{%jQ&jdNknb^xnTO5LGMN=QXsAl^M{GIuhC>Xoof>FR&3^jY%^6z`|Jkt~ zUj;zy0S=u^2!K)^{Y&MlKCLV0Wx?OT%4s-wQI~P2jN7QXL7_nQm zH9GB{WE#;0y13Bo9kUy0Hfj4dVO+CrE|^veVP0_0w-4ueA5Ms76~kQ{KKY>Y>8nmN z`%3?5nAl)e+G=`>aTPH0E<6G*G-~L zmk9=K`4*}k6)vmY6~6QINro<@fzRM&HySyFQxxEDF0Mh60$=g0My&ofQ-e;XcZ&;1 z8pVY~9(*SzB9ZmB1}`}U3SB(Zt_iiKi>n-{_A6qiQy zA8ggdC8AfKGkR%^D3B=*$D0%ep1lW8y!;q9n3HXU_#t%efgzfAS@`&4lkWg3L=I#f zq+uBvKQHi#e+8OfbNNmp6ywNQG3&iv3|yH%@q(@#J9^p*oSl@p85>Ttty4!&OqChz zU0;LdYmTStD(%PabaXYbc6AC23Y>yoy&eg9s^4;gQLb<`6Ai0rII#F)RrF=o9~)bV zgNrc7D|ew~S76nFHI)x9jsb`zD|8!LvF9mOw3&wS!#9i(O6BolWi#LAkIUi1!}b2r zK>BDulko_@@@z?&rtxe{(2ml;{SsfiIp|u|w&}W1<*@UW@N+U#4fHzC?rqWtQ+qe- zj`<$tTB%=3lpEAgx1Uko;*XiM^$3A9MVi*y>C{VVwCo9r>Uah z`E<1jO&!2q>p4QIMaocC#8`Ux#t*a)j%k|794Tii#Xoj2Ckad(%s|8cZFEg9}f z0Csh-_n_VuJFIGZ99OZDgQWB!Z#f}2)vd+cn$n<{MtnbTPMUJ2=Wf`{JVLn)&bq9f z!zEMuS%j}CB~*QHFU)&2O9P5$glE*1Qg={ir|0z)6c$>My)lwS;ZGaPn5F<(q( zE3RVMnIE+}ScW}M<$eOH9X*UO618GN?Cz@dXU0Ni1I`{4ptl5P?u2>dpOZ#I8Yx^I zP(!`{Y%!INX6ozpaecZDa(d5F3oj1;oYv{Hi%jU{`o!J!8*js8FV-L@Z)mTkDKMs$ zTbbEWm~YNxuU`p&^UFWUR#;s_6_*AFr19W@wC@o3`vp^**9pC2GV~HOApmt<8J7cf zk$#7FC93My8oaN!o~lyj&Z~De#10QBYLyx`cbBKr=i#T;V)DiZ(uN|}E=B#JL+A8T zXG`Zv?gbwr$D3H?4##la6IU(KELVG%wwWwqsK-=wL~jJg%+Z>&;RgKI&KUk*=m8X| zJH9NJZRp=kV5z^pO*<>|4O4eoyGdiU+l>GCt#@i#MPvQrnp5qXZ#HmU^HFHbXsnTj zq|j*L8r%^tp6L%ipZ7`Wb-b>KyEt7<6$6-WAUo01*eiq<3z`@0jjMyfwhd zq=}ofy9(bhWph*gjXTHdVj(71wa+w7ZZRF|82HNSy?&_0yEdt78;VsO?Ea-hyMQ(V_hfMk1-BqoBn(U`Lj0j0O0;`eVU^R9Tp9DY^=M|24X!8)6pojw{TB+&3bH zI(Nt<9Vwe&n_M)g8v*3~!n5L}-zwNQvv-G4!ML+_(gtFGI5|x)v^^b6(&f&=8%t7; z$NM8VOF_3>sN@`?sQ_-5XTMD9qha(|T!NVjNpff`6lc2r|SXfkzy3E$0R1zP6}2HQVEewLVOe z`Lp@F79Z)bDlsm??DJ|u9Qv9uwUTax3XxaXj2pb#zpFtDgL6D>ABQZj*9e=@b1R`> zPUPZ#Vv+Rou&C62I-4wLAW3tR6=5x*yr1~OJk>(r+P5i-x0gm8kN7gp;Ls@Ag+CDZ znLt=K#B-Qk8L#ar>9W`?FZbn3CSi~|*NO6%o(4LzTCU@yA2-dvQPWs}T z+a3+wAFuVi4>M{f63&xf?afnbmHs6)b}$F`{$FwaRD(zPyGE_`{^PeO(;0KG#q-7f z;pX{>7#My8k=>9O#Yv|{+gSv(p~7n)K#*8`*8KmSVB*c_D1pGzCyM$G4U6No7hFz0 z&@F0|apd%3o@aH+wFzLco{g?Om+`zn8|TdBI|A!|A_`0kWgX~~0l5w*!~$}QO?8i^ z?%WUTUV9rKtBEV+^uxKcX0i{ zNgt0ZpOiM3_;YGIF!9r-!4{3y;74<#sb^D@bYq+hrf`|vfgwIOl7}reyxK(w2l+ijnz9X^Jq4k+f^4Tz6`zZ) zQ9E$RqB&b7K}=t;`)WVoJYgA$hwo=NotwLQ!l?(-s_j$21tK!;hJvxbL3md-UY)U( z9NX}HNaj3^1pG2KU{BO&`;0CHNk{_X@A~4YOgNKk#!L z^yCN<;M3yH9!wZY^WFo)y|;;_cuv1N9LDq+kv??GUkR>FNWpYT(N`R1$<)Pg zC{$=K`5gypJ@sLAQLlmdf^3RolRhbiVOkYTof=$5L*bWIRNi zu*r)8WQYY`htxDk^iXb6P;-YnlU)<<#U32)OvUAml5(f77#nt#d1}5R?`(4W`K_9BFCBsG5Ee%EjT3D_JYloQH&D2LFjtoLEqdo$ju8$X0$4l?=4*{~GcBDxA z2Ps{7AHTzn`>y9)oo(DLHc5X6%YuN_lv5P~0WOb~GgULLBnOP#O(u~TH+$pw_pjN+ zIF8_jLI0bsVP{Lob!Au&fH^>L$A6$V(9^ULz@ zc0vBs*8RqEoMiyQ;55bEg3lx)2}I@mwD z%m-vmNX{)s&liU-bQKx4$#gyUw%~UYm51jge{zU_J$Lvd`ZY#8DdLqQb`0@T%<>WP zsZkVytQ~I-PY#R(m?)5(l*L3vPkqGWp5+C}Dmr1Wrf2pTzAxaaV#Jl#nc!V3I8o8Cm&V%$@lI(yS@w~%oHy1{X5jL58@H9sP58~y`~`36 z;+ZZFj}>jlrBtaEaH;?Y1}Sfr37|hdOs5h9S2ue3qZ`RGi{*Ncz_VtPbV=RnF4; zYh<0vUb(%`rmReW{?W$%<^b>LN*D2XUt8BfD9a5Tk+Vb-yqkmt4(j_e=U)JGv$+ijS~U)nWo$#+(I zYf`hUX*q0Bhh4L#*spDI+6R2DH(df|q+Lj%{+H$vkb}$Nr1@qd;gfzPZeoIrx=0_E z8x+lyduvv5n>_QT3B2IHWa0fgB@!SA`iIA`C8wR2mVNQ-(vp;QdcB}}nvpiThS59A7WhY`r<`EFj@<)c&$SC{ zSKBE85A&)1(CR0NtR^#(P={e{7q*$FpI^@90Ppy4%kRpi!Oq5En#au*O3dFRE4A#q z8t_Z(10sF!tWYzid;AxNdkJCY1-I7g{L+qG?a(j%gJla&L@ugdYdxdX^xi*SvXwGI z5`fE9)oQ;-V-Nloyf2>j%YH2vIw;U<5qrU4#Q9wIq5c}XLM<1Vjmr#@Pl`=u74}y{ z|81B*FeYG!;<+)@uK0?o>;K~cz()ZMij0}S3k8<}%o)XHIVJ6b!`8?0C4RXK{`;#H zm#Vh=O&8*ugS3Wx>nn;8PpU|h)i+J|zfzQ`6!A~CYJ#K2rep7{v#EaU#niZjK+q&Q z>dxRM5q>13K=HK~FV&fgX;l6=lG)j#V7?_!KEybK_Szhu=eDi5=;vD@pqjz;erHP1 z44G_c(#Xoqwll;N3^YKO`+JIl0b&;62UtIvTp*#Eut_w^rD5Mhf_pP#U6z;q(XU@z zWmq}XXt0IrPsG2hU3R3(EN>6?kVmwpmv$%3hm;raJe9X;eYofgau7Ldtk z0#Bev(rY=-2cYEjI(|SKVK>!5L;R zpOd1&Qjf%CThb2e{m=STM`F^GUHyPY1)H}&7<83lWIwXnVG=!?8^}NGYj5Mb&`S=q zV39SWRgN6UHM982wR%I+Q8Bu5yHS}o*#cKj@hb#~;5mVM!UmaxLnuFbQHOR9G9YM5 zr+;6jT}=3E0C!~NKLs0jheYgw67-~Ca^6&lUuQIA{(q%Ry&g?>1XE!92ZD6@;c!>lt{)&5(~5rs?+o%ZZP|YB8#G6kl*In9J;XEwQ=kpGAsF*KsPUe(4gvFYD@P z(wq--MLuXWnQ1xcDNZ}6P0lFAL!LQaWi}i&_2oUeVLD}ZMznzlU7oI6MW8yuX?m6?` zE>OGUUdL`wC&}(9E&~LuLs-^$AsdVXaW{)*xwA%mQ9rPoTQhMbJswY55>}%0Cfofx z>bQF2?r=k7gI+Lv#$k{L*A5E1ZT$T`Iec~8CpJ^P@!8E|JWOR%--#Ccyj!yt57w}(yAl#3r4uuD?<4twy}=$8J?DaC6J34%d*(+ldI{vEJeOi$m0U}+7sx{Q z*@lh0lX7wQlj_8nS&f$It@A!V)IsfHqOeI~EXyf$%g%UB3sB~KzdvNZwDFgA1F}I~ zHm8ffU8G>}dVT?=OY!X{yOV_C-3@AKTI<(8fjsvN)$C6Oo+Q7|%!YpZ z3oa}0+Nk7r+?lX?v;$ufzJhxU8W(PtnbpgAae9eZ7$RrYJe}7K&$i`tnBGkaQ$jve z+67BMVQZk((bS4Y;Y?cnoHrJQ1^wC}rIz}Ov8$c9qnT^|hhxaMW>YY_fHyxd8&dAe zi|#tbEu&^e2n7F10DGi>6xb!r5_wqFhf1sMY?QA186(-+JIlagytqEKt@g_VAEomL zpTj^)HE(;0+g7XBiF$?$;gC2(xEWnF{IP?EYuw2QIt6W~ zVOchydAaRy8Gp5U&_&E`Xi{gEAM*28EdZ(bmHJWg>g&iup$%c+Daiq2`&0$}_*F|- ztE)u?JGsXvI0?$*RyT^gh}Rb$g-dSZg?RFIQ6v5b5@tPcO6ZjfRY>{r>dc90A+6`l z;QaQxOnK?nF)`Yz-5;p5{Ft6Mr>T$RfTltCRIO~Hr7M9j`*ni9nQhpsegoMxbHwhu zwF?0J_DnuQwEm*I<%j*C1Fy@|GrI@TnNz#a&%fV^@B!H7B+qEv&9#Y-k;-q}0`aym z+xle;Nw78lC`^qz5?pwK@Lr$^A)De8A0J4}KU*)DibHuir(joXE=j`D*VpI3-?l>% z^0ZJze~ulqOyY_DHbh7+2JH{1YtPsu5#VlTk)wpU{25Y%ndIGAc|QnYecfSlv-x|{ z%}OX*OVR4fz`FWiMv*NjQR9f=gx;_fUI6v^ri@#@6Nx-UcMHte8jv%h2ul>UdvMo2Oa7*1as zc3Fzgp{qdZ5UeOc9eQY0py$o9I)Z6CbX2i-F>VSPUgK`TAl_pSm1YlG>syyHpZ-u| z*HNfj!*{tjt;5tb#u>im`O~*f4aL!UMfI6LC_<3>fSoSI=n*a7K z1YF8zRKv(q+J9v}fEtz?wLC^3SUnkRO|}*Wiotb0I-cbduVQ3-E)FMq@lW$?LF4Z% zX{DP_Rw#6eA^CIvGVs>7ibj4`ZTxU-K`>2?i}+45on?!$QL5BJ|J9}*R&%#6Qw2OS z`tt!HEc41lo-(;b2D#-`5>uLB;m49>6;qBS_sQX%z6V00llx1S{cyoc{?SAY`vw&` zRv;xW18_Fv?S+*4#i4yIue;O0z!Q)s3 zOn+PA_r5A`0}yA9xEBa8;+QAK1$P1wvq`%8sZqTqQK}qD2HddBQ19LTzS9=&wcDY2 ziE0FCveHkW73H6z&A5Y{?^rmBXmPx$D>1E(_{8WQCA2#rXg6jb(lKATTt&uegu%Dx zcU9-+Mzybya5zs{fW&DCpqF7texlJY=l~HXxoreGe5rA?&GY7Fzr3v_)jRDE5SiUg z#e6>vZZNq$Alwerzd57nMkBXhcAQ{?G~%Ol-!SKl4Rr~H>2)6qONq@qycKlvbGxlT zLFn5q_$Nx$kpyH}*`d(C6~X-)#^4zzq^Q};s}JGrBG7<%Px!lj`Tfc)iL*GL9VX+% zvs%pV+Nt4zcMMvgo6@^5X2^0T8|wu04=0Dm+}-indYS5FHa3`|a0k3?$f!-f=$~W< z;)3+)3i-NLM%r!%Ez8p(&hk5IapBUHBrOHLKedRT;|<{rQkeiI=P=p}0-`VCO9HSe z$T|o{Cq;Tt4OcF&n%$eNW}ogXjmO-X2&zpY-`iv)q_Ar34Vzo@RaKh8^TXP%@Xu%1 zi0i?pZuozR`IO)`eL`IO+G4Wa$q&6;W1stTd0$~XR8(pEu1luIvn_Jtlly_e*`s7c zouDi$`hHSEj5L+&wmmpcJ63lXaO$$$>cvYhgOdC4BG%oz??Q83QF@p;4rJl)OQMr5 zm;SudgxM9-#b6t%sI|Ek1%}^`^4Y+pHVAH{>oT$XUvQ0c$g zdxHl(APEEF*F1`W@9btclYFuR-Isi5RCFmP{-I8+^r0II6*o2R(YJn&h#EEZ6C zZ|BDKSr1uk@Fe-)#^*2?I-&QO*dWJ`L8KZ^|{~Aj8!0W}{)SItvvn119Cz>xgGsVb3^bs<%Akp!@wolBp2;FTd*-tv1o71B=cfn z%IXzlbQz#cQlhXWqIywZ~d$<+K(e%ujr$ z>^w@Iu?^~MYQO#l71i3_=CT3^gU^W9u^d>7lk`!h6paKw4Fj(kmadY$Arc&kUg|Dp z&d;`{p&nze5vsHtC;8$9-|=M0ghDG)f;Ze)a#5l>6|=mXKP_h=+LbPCar~QSne}Bd zIt>3Pxw~rj^6aeW_N-x_{}BTE6$n=I$Qll!ok2!o;-?<~R=ii7no7$?lF_8nC!fBY zcF5!$it%H+x#T2zk_fZNIjZPPpW7DZw-3bp)2BGdufg;*L?Q`85guBv>SI|oKX*^A z`E80ujaVZm+5eR&{;@2DZC~VS(%icN4kuo#E|{^E)DVCU?m)yEW_v~{l1o*r?G3Tl zn}E~$meO8lG8h5|9zPlUb(|JTt{4ONQ?6wJhP&Aus|$#55)?O)9RkC*dEf0mM=I?N zQVaQ4ppz5{{t~|`Sp5^6niKWs*^Y-2i7(JfDZLV9Y zR8gPSZWi_O@%1hu9vH}3d|)iqaLZv19~RE>5v*PVY`vmmQ>STo86GRggp{6dP)7Tx zFjRrIoOQYJm93QF1C37Dn)?QVPKR%~t7RRn18b{Yk zy6?~%Hcp!=(4P01-n1K#LKfuDSb;$jiuyFXZ*nCOvMdu*mK`44n%=E32}sFRWTm!q z`TqO7>I*kqJIHlEPG7LLom`hh2ajUoMAv#+5^&61GfcJd*#;G&lqrp+4_ps7tlhbu zwCCx0Y}rN^@YS>QDnuujTyWgajR&$OwjM^N7bH%0#KZjXmMDga2E5hD{1*buzzA-z zhM{&MBZ$BtzXnhZ5MQ&!cje#@dsHFd3>AInc+A_LKxao(kx^EcM=L9gc45c2Bt7dgYxUPhAGn%S9R zd2VE661doJcSXO|g>s>i0%YhThG8mgP+Y{0FcPyqxLb2RWh>$LXSI zQXl4J^Jo5-iilh_snE3Pn0)rEK!F^BIZnP{dweX~Cc{5Oo&p*<*+JIOuTj7n0nLLM z%fZj(OC-G}_`J2SephC*u|IF6o1Q+wb~%MRNOxS4?owLAcK%iV(O%Vk z=4N%dXO@b#6hfJ$Sj^gxk_Y2oYI97(q57TBdlpT}o)u=UQW$4<(L_Yl&iA(3Y+H8I?b@AI5O0vL4 z%Fx0{R!8dsKACEwmG{xzunGT!C9b#De9Uu{B{1)oi?Q(hS^9EC!wkV=Wm>_KbAX|@lNcqPe`Bo&@Q?8rARcLmf9OQ&l| zxh-iHbT!@a5|;XU46KG2`La64GYG=bq&oTjXjnnKR~03{@c7jVw|nnv;;lP za+xVWnf$*%Kp9n3$wb4BBe0M!B)Xx)UZ2)N`qNUsv2h~d*iPT*0n|P3g5Ri0(mG;< z3+CLU;LRTpKl(~QE?y>|-dF8e6*f6p z0Nl6j=&$b3)@rhxW7cM(2qnUq)PyNI*N_TNeOqLwR~%-C==9;aLOE_~+VV6eH^ zcfn58Xzy%>GRm;hlbUIp`}7P~u5q2SN5?WW8}vQH%q^59o;h*YcJJhT?_1w}d97rxt=L17e*sZqEorq4TXDE*)ZxoRceJP@;rG9< zZQ?ZhCH(EsM8Z$k@7s{sDVH%nit$6DjIfS!ULzM^fpp6thxecBIP+*_HJl1icH3i%ND)DuT?unAg*r7EAXqw>WYmbQRy*`&{V@Yb{_3iZeIMvd1NEHnfM8*CZx> zxrjIlsoTeRm4D{<0^`p%U-D{p^TAx|rZ`G2jr-{cjast)i?!cmE+4Bd4@M)`#2S~| zvh+4orvHe6XB+#1A|sn7Rds6fh+}rD_wm<`xvxrMymaZdt92qnuII5yh#)`ayiz=? zad9CdI5>z!OUemG4iWLzD;u-O-`}q|$~%rf#bPiA;2SUxD^nSjCf>R?B;+-mVl$Wz zu4L6NC{KvZF%RC>isVphWGjI(D;Yc{Du^q{CAGQ_ez6CI&3zny%WkDVK4Mn6QLZ+T z;8EmjGO|PwHqYSnn-92GwRY<$uC`ZvYs0Zsfjz08;Z~e>-mi&|*&N$%bdjIs7evxi zEVnxaln}93A7~;bxBPp@PMpQqf7#Zy&GAz2Wk zDWb)a6qlW&l2sAht0iFAg^2~M4P!5bXl#r~nd9tVn86eE>j>pP7Yc9boCU}53l$f_V zIN6n>@Nn9!7`r!())p?PHsCcrd5D&Coq1{FMji2Lqlq3xc_y8cF-~5Ijaz}mUw4>- ztdApBA9KhFg|Jkm8HLe880=EuR94MbixBatZ)3Z9EJ+V;Hn+%nEWvx5rSOOYD+b_G zG#TXUu@s$hqDU(!Fr@|RzvE{&4jN3X6P6Xlo$)zmv~Jpd!2dGWp7-8zj!SlmU@~;p zUS4uyh^x^^aXy!!ar4W^?L^U5^uBd7-2}2eoM^j)JX|a*Ne5I(&=QeE*?bO4h8S7% z=|_fwjzaTsbKAY{y68eaLL2|)fp#=iqc1z zH`BA%#1{>5gJkDU-(A2ohtb=5=^#x{uczN|E4kQ-xCB$cmw;t3(EHF(2@{4r*{(eA$r#2$BnNq zus?7kA?OQ^u!Us_W*~@j{odzYEG7--pI=m1J(rb==vScbP@4Mc;H^=lKQvJ!J)b5= zS<{;Zz~7r*pSydo*nizp*G}8CN`8IXZhqgN5)3%!XMT+lKo=xaAl2Ne%6X)L`w)=N zg}PYo#zG}MI?$RPa1w5pcG@46N-^H}eP-8RHM#-|nfm<}Rc3~Yhg4-x{1!5DR`2Pa0h6 ztkGlpo!|?8Yr8W~Xh&p(!lHJr+Wfk6eqI#s=6I1v-Ccj#j5-hDp4uib#jfn<*Py|S z5S)8?wT4UX1Y*@Q8p2>4 z6Fst=mL%a#(=rYN3A=10tLH>+jwDZ9oWFJV8n>WvI(snc0{L|>VxR5n55UV;QWBt- zeob=ysc72%!=|5vv$da*iU7JkGZYb0U2H^=*aSD}`@Z{K z&3V0XdL-@z;*ncsGigB7OJ=ReR=sO`1$7{fAT_^ zad_B|4u@uv+Z6TfjsEF;=`$Xc_`Fe&(i0zJMFI2gu-b2A%Zhv`Z4p_0EWU^2zs1Aq z3L6PqL9Ks__n$_fR^xp^n~1w(7CFNH2u;!n-W|0=4@0Jo=o2K#H^JVGQ`8PXpJ$D# z4mArCM;Qj)*JA;?OY!15Jdst@E++CD<)DX%q)#)d8`(Q;|+8{Bkcn-hAmcrcUjnBzc^;5n&1B z0>E4^!h0#agtEPe;FOod8awFtdl zDXl$zr(3yjL?c~O9VN~YHv;Hvj5DxaU=9AwOQ$`aL1}+D1*2Vv^dHw7KIL-5?i_jJ zZoI_^xczX6*0zwe>taa1!rpG);7b2jlG6??eB4M$dWS~JCp#zjTo*a^P}cgxTAJa0 z{m2agj49dRVb~k0A+AZmpA^G;fpl$od&$GAWVu_A45CzkdVCgoJw{r4?pC*QXyiC8 zT~Vc=<@?M`{kg2l5g7Aq%28$zmDg(70f{XQ_lvM%$(ZGCkr$xe88fYy6C!;r1gm6M zT-((`Wc{n5BxGf8><1o+yGN~W^&-Z6nmLu}?eXV-i+;L8s86BSSEgUl?lxhVn#E`3 z0sZ1`dqa#-vdcf+e^vX)YRyzTq|l#D((Z=j`+FeW+!S}d`StYCTe~j8Vk+qvt>ld| zTR+v3p`b>DzPr9PMt7)yoAs@;1eY;dse7zJVxT!T$JfnL$Aw~%@G--@6AK}oXy$m{rq^ms9oT{5Zr z|A_j^s5qXdYk~!LcU|1w-Q67m1b25PxVyUrcT4aP2oT&QXmAZK!QcJm|31k%d(M8? z*)ucU)m67|-KzE?EMc#tq`NRm$0oZ_de`yh-vBtFJ89NWbeLZw4>6JPQ_OEsY1B~UgA>Zj>N92i(Cqc9}tXHk70DCnw{zgfVBj?|t~AoxV4u?c4H4Zy-0b`rI5B0PE{Ecnmz#>=DrY*O z0NgF=23w_Brs8*eSk~|9s9};dO@i4m;#yKSD_3#QBXCL_2@PXEQhK^1QPU?%@|B+8`bemb1vafuvSbe0P@QHAA}&&-abs+_2KU! z?-0A%|n?w4Auv>WcJs|k=(5T~Dw={0wXrZHM_!CT3NA!MHeZchs zyP#Geq$7J9*399p)c<&|?^tPn4ra9Qlwzo+`Vnl%JI<#)Z=dHUf8Ngcq z_V1J-Zg3f+>g6wP6S5<1)bHJdwvh{T;p)2kX3)rjhFEa+kD;1q8@l}5Xw)nRpyaxr z1@h{0izrI>-V=WlW!;Gxil)iBuf)Lo;ws?)Ax6g@RfK_MrdSrO6S9Hn73Zg2>cU>1 zFOx*50P_L4nCmudPN@nYyP+1fC zFi`T+UU%n#lk+69oF!VT8#-*>@$Q|v3wDYO%1JMkP4I{PDdGZS6eTai=lvs=0)F4L z+5LS-;AWhsS_d^b9+Z|Lksl+vaBcDCYU% zV)x}GX1{;d&5QR}=e7>&eX#eEh(1vHk_RHY~SEsni8fmAN)R(~1lIu@8CSAp6 zMo&XK^BD{;PKVWt^@sBY(O8c|do9bKP2$1&_xx$p^|#Xla%&boQB`dR=o6RF*bWQD zWhHMEj66S%v(rH0vO2;4Gm#*!b@fI;r(vG=c#tOJ1_;jmNX62^n^Wu7t%3W|+;J@h z2ph456Ud(fy);{^TcgrMy|l@9ENc*B;6%v5Gs5AhF_0&ICr<21$KMgT1Ej@1x67_0 ze+u+n#BVSPrPAu9s@$Sa)_jxl5h0UG%Uf2Rm{QzA0w}XSn3Pn_YQY<562W})z=6#w zhw$&I0y&d48wJ6V;rDn?hDynoaSe5WSiNE`dD)t_)MOJA4l1iH`mpdONe5%f0odF0pT|JR;b3FN)neB z$`i}9RUnj6Y8EyruXIhw&hng6K0=m>|J(bKS4)S{rKt^tE|HA4@lC1MM0@j;CnI#lBU$SO2IJdi`B zBm1MAjc};=cQ!pS3t zI3olcx-Rk|1s=;&y1i!v_nj~T3WGH#Hh8IF?QOhPDj8{C5=UDDUPLn%)H|=-7-~p^ zCu$mErqB^H<8=+CWEkJ^n{93qF}ts;u5E}s@1AOS94w!8PC60r|8%(l#*ePu1&MDH zNN<|oF3Onn)8MLSW|Ac#~vOnNdjlinom#XnvLpmR*_g zYKq6(A13zdrBeC}-D=t-C~a^?Q#b=8!Uu?TQaGO-KOj*p2A&L+4+(WIk2LPVxC#zU zKnOZGpxI zv-O5c`JWoI+f6Vmw$mAd#-}hgqsB6;3Z)tQ*yKhy3fObLV_PB;dq}x$&O=g=+`*Id zg*8@;TqvVBD=KHrz1|E)pGg>>b5t)=7|uiPRpIEkXaR_s)%v}L^L_nVY5tnuDkLI3 zvP88KFy~kuu8O1Z+`h+cuTDYYb>_j2CeUPD3)#7Uunlpa%3YXU4;8|K z#_sr|^^K2yM;SL`>DCvmoDSfybx0Uda%ZvT88@u-O`v4$!+RZ@{)L?fAJD?5)f1q& zf7XIdF5D5@me3407m*3egH$xxwQou5_2XkpJ+e0X2D7}r7KxlE=Ef~ra2&@o?^c8I zU90~rW)!6IkGmfpq>j2M-cHXlA~9(Eh?!G*hEfNN@5HU%VDclP7HK4Nqn8kquX5vQ z$;}mo+T?LmUbVsY*=0__|8I){fLSk?NrIwg-TbLTaM;hU2f072Wq!Ou5{@1FTmZw& zqwiZs#D0!t>P;b+2U+0?kwv$YmlJT#(JP(_HJ5*!#rqr1yfo|wEc5YOEgth}!PMlB zOW)4~x#Oo4yB^ z^lmJ@@sc_nDAHYu4|34!i**JGqQl$Y`CQ!3x^T}ybrpL6@-Fw zc+p{jSjH)m%dX3u^2AnBM>z@R&IH+H6LHFkg-ON|ggP&lRZJ9PA*(;ofnxD@!ok1( z|8f3rm>md|nsoC){|)nUU76g&8pLD{z|{At{>4?$JQXsFT4W{1U)g;qA8jaw^Kscl znJH>jst<}wZ-*GWYd;u!<&3O~tCfcqkvgVvi$q;_qrz^akj-`b^seH>Y^s zqjeeXWMCRUIexJDR^%>9L=&(P@Zxae3h2kp_JzOQxYm}zXrlU>p4WUAWHyweu8UTT z(w-^%jqKs;QwAj28uSx4HM-(H#qHSzV;K458-Mf>93uvNj1WbtUV5zFH+Li zqIw8+-!CzLbT8&ahpz+VjYb(mGRyIXF?y|Daf5B_8;6cuR@$lbN_dk3d{yG(d?YD{ zv1SC08;W{xD7Zp2mT%l}h1nQzH}kTY@f0+Cu+KD6PIR+B4mWaUfn)|k3I)iu+Y?y3 zl{B|oB=yv=kspg}3quUyIoQPhGUn-^xF|j5$#2)l0RAUVqw#M@&LxT%Ms@5;Z7-4p z=*$UO@~1osEie|3tH)xj@UuPxqa4ZdwR6TOmlU9pMH}^n3EnD0dRl*~_}7TzSU&q? z+n>za?gZU3(*7)V-zi;|u*~UvhQy48F)!?vCMqFek0aoWL!F~1^D@F|l-ph}$<^uy z`f+1&fiC0h3ka$6jrVmD(KXhnkHw@>%Rb9X!dR{M=IprU7E41J)VPp(Nt(%A#$Jzy zG0}Jj^saa5^6A8Wh@cXE5AKsJ@Art$DTk|7t#Cn~L*cu2wV>BAKv$H3BYi>mBkTUncFRO}%?%eD^rZmsML9xYg zV2&EqWYPUB*GT^Z+|p%+&cXO0SIIG1DnM7148~KB2}84kSiIbi^m6n!hs-WO@%{$} zXf$1?6^GGO*a7~^Mgg?|Cxyz<2JJ(3X4t+`P7%c^dua8?nvqW>$K^S2T7CZdf9;pC zaQ1i0?xnx}Mxv>x7gxc;8Eh!sX>*&YekJ(WfRCEz$wydIIq)VsT^+N&0w2Vvif6HC zWp3B9MAZdUn?hgKn1Pywm9$@>pYR)Agf~-0RP_#pc=1L*xnh6h5q0{oUnq&>g)#$) z*B2;j5W1q*w>oi2?`Q?@CZLeHqUYO|7oc$T(c0#lG=Nj|oH{3Tbns=1-!=xTa|JD( z^)u$burb5wXw@$Gc@`WtJ{pbxLUNV>mG`F!(yRa+6uj%jj}<&JwufXZ+hPWd97D!E zk2{T(t!w#`-o2D?HwjMIMm&sHD7S&eCrq;xqj~do#VH6dW@a@oRaEh_bh;>cZlo?X zG!mdO(F2}Op%o5!X~U?@e0l0pTB{LCKQlwub)E014`MD#r*8SWP^=9zJFq_la{2qb z$qfhagQ>q=Jn}4EceA&PE-l8P;c^8;6OXKL%kYkvX=>6ve{MRs`c${v;(RQg!8#2t zC-^^(I+Ux}pj~i!9Q;mjCQ9yCan5)7h z=2|;}B_e)!wWdz2r7Q+aA^AhYTflBrsJrOH2&gL{DwFrNCLm!pw4ouBO?H)w+ z9KgIT^=r*_N0zGQU(LjY$&w(lc}PTyZ@6YY4}tclFEb5@>&>T&@`zJ9Gdk?7Lv|@z zzG9Rir|V3^Dr9o&_O*PSksz#DW^^E!DP(qp@6*yMiXK#sbbLEn#aztjfOuyMHw*jE z18GadaqBXx5CYf8_@4-jl?bon3hTprcQkF(xac(Mye%S?Yd__5-n^>I2vqYp0lZ&& zMBmrkktZ;d88pCIApP<7wuCG_M%6dpg)T-F8x z5EPX%*@5cv#O&UqEmr_=-NZjFiRkq(JMJAyaqF^Qe>nX6jHQm6E$ zt~&53o${#d)rSwMJ%;dA2Dy~E++0;vWujUVCLMKkqiwDXG^woZi2uyhipy1}U9f!= zY_1c=N~f2dY-%1!g#Z~t(>nD(qlS2cz-I+a?Cy7)@b z?<1V~h~-Z_hc4RFT*PD|X1b-jXK~^hKzCtNu63cx za%HEV^={Zgc8$El0-FnK&{+Lh_CxVI{qswXO5!3;D6O|{x!Azqb6A|yKHA*#Tj6@T z`bm1sQCWflLY5LQPLSaQZmfzt2+7K^m5!`@>e@!0<@YlA)!U}}IxN}CE-pH|@LHj@ zVGZ=J!M1?r-rfpz7|eh{4K@=&UmZy&4SV zYr0PHm;PL+s=dG&-Svq9vtio5s(oStd3v>0U~e-&ZaZ$>TKYn~4VczPUu8)0;|q@p zdNavG*4YTh_CJiW&!UKw3R--+L4%6<1PtIG%6~)9M`u2Q#CA^;mDAwz(ebFspBDm5 z&B*@VZ}6!UF)#be$p&uzmvwT9y)%oz_C2Q$guv^)pPJ-h_RxaS!4>ZgpWprk>-YI9 zyjw6By4q_b@a9iQv*Ax*n!V0$+ROFOjYoGJ4Ry%1!{T8=X6}qlvjaNz8i|(J5={SM zgFTm;@$CUU&2{qry^B`HDhM9X4Nty=^&T_M>zuOdHfQ<|ejPQgHnxVZ@4&6eeGbhB zKX+;n$ojxIP`Hzq8H@L=iBXr`y#JuzSf< z>v_1Vhi$h3JTtokD$nka7jpt{-g568p3fXI=}BJbiPN-sM^}*rSuxz~ADlW>5JNpu zg?}~D_d~%dCQbTfPVI|vy=l(w*ZWjc|wZK@q^rd)xM_0(g@+xk^I1Ss=-_l4F zfF+4uJkNN)E9&IK&BR__r2?DIm09c^4jC52sP1I|g4cp7>!rEK^B}eSe$YMO_Oltf zz zlKh{1V7QVy1=s4@JEF@TWHNdJ?>dw@{NqsAwl$hXIfk| zZ77I_;Txp@JXSutMkcB;y$X5{cwSuRIKKW05&vv3 zEu9Pfr!v8ArFFGYy02evPSl9*QfwDKzx@?ABKm^dlY3VSge9XU!?W;C6ztd%HGPLE z%i;{D*I+RA+Q?3JV~;eeQfivoY>A+qKqz8|R@q81ESE=468rE~#~U2S2Jpdb}TqOnnhq_p5t?0xFZh`h4XZA~F1*?Ncjo-ADbE0ld#)y`dG{mA4dsx3krBKR>Y$p45!zw&u%iNsyBC!Xx?zT z4(SzY5#5Fgv#axiz|}96^4Y5k6DOy$&ZG0+^WG%0f@j;S(2}nkYY(4{iT?-LVqdAmZomlek;b?%yEp38;5mZe8_> z-f_v7bkIPXOS30ka)%j(-mOsS>>AZq|17myq&EZbhwMvR8?3)y%v#v|JPk)s|VB zTz+h^*w}4d3CpR~1Ao4@ld-Z2YQI9eFHk|!@kNmM#ouw44x_Gvaq=rZzK=60xMG!d za@(|F8yKGBDOw*pW}H!srPO(&oyGZ-H#J0^@w4gY$TGan8Sh&^)%%mj#6>EI+jQE? zu>Xe5aOuk5pl^NX`EXW2sBrB(c%7ZIdX8Z$oT)*6iCu|BA&KsIq)Eyr*dUaFpen<~ zpqLq?wK6p1-dKNnKGW3MUqjC`M zb+fr2SI4KYjb2wxsVnrUsTL{Oej3?8QR(n3@~Q1ai%Q&ED_> z(c@dBPii72LXN9n*ZoMzLmyl^OU@z+LC>tlkL>rKFsuSDU6~;TaZa#w)zg-Gh`xF{6Q_d>)|^{9aS0W~635eDfHMJ%oI3{~eTkmnlq#4kN_Q%_qEI9Y~W`a2KKOkn3c! zFFoi0bc9t9$J0zwst_@We^{nJQfI&DyPsZZVOMvqp;mXEo-26icDKJO+}yV<3&w}( z*mFNUjH@^q9tw{F^Ja1gLCA{Q*i`y*q5>|q31w@~iSug(OPhvQlFv_!JUbEF`$Lx3 zH|LrnTq=_VI?J6T3Iobl_-ZB*X;HiJQQn_`Rfa%Tkkk=AjB%YVY*J*olttazY_h_) zp?z&o1;$fAucU}Z01k_KIg0P+^s+4Sy0aCr`-%Od>qGAqArigp=0Ls~ws@I2L81KH z1eV8Hs}{h!=S-I$zV*@EgLxyl0raSshfa@daGhh~v3l(lK>zE-ape88k}i>8l1{p~~P0^fS0?vFL09f`&s zk$i^XAXS2bW;-GYh{i;bMx)V?u%IjY8{}`lDwd1G@*Bz`;Qj`qP4{ z+wTb*%=|Vnrs5?y!A%x)g+HePO%yUwT!~>)5XoP;KynYL2)qZfgd4+FCOoi3ke7#Qw;eBlw%LcPX(&`AIS z?~jsRZWJtEd^U*7EFV}RSakfIe^x24*Apc=3>;wi8g~0$oy`&Q_Z4*PwQT8F5N&KL z1lXfIT79CbI|N4ee=|Ic3SKchM)vj;l+{tpNTQ3mm`KBw8%0$`Gbi!I**hEKVx_MF zl0We*ss5$5m|_Vi>A)RDFPLK$FcKkGU07m`X;L$5kgGi*N7NHFW^9{Cl)|ZL>-&Cx-4e>AP)#ADDgrXbxD(_kq*6&;>vS2>&;I2mFwu44+- z*^Qp6<_f#x1!NCaOr(F?-Xl)%AC5n4Ms!d|nY=k|E1Eb9T|3J!D7yG{tg?0pj9*<&_Q(1schNvSXVqofXf$BB@M`wr&|HtAT>#M`VD2KMrewN2FiMutHweCW) zscy#`MX&Xf2(f~ELdnRZ2@xUSY*5S^3`K~~1h3k>>nX)*i4|6TPQ+cdMXR;s0 zk>tflVKKMu6n-S7Se(~M&w|B9ZH0%kLE*S-@N{GyZ*SwD^#tV%eu=5y+qjo*Lt3@G zJcrEvz$qNp1ofNMQr$C&`so{7Ojj-=N0O8+bjIQ0m%tJ!z>M4WjShbVC+poz82f1H=U>q-KGRXj6EfQ zSr*B=$#2p*vB_rSO1S0zb{}{1Bq_FJ$l%WHI)gkNl!V8d8DNx|_Urrg893{b68uO*!mK<2 zcS0FzxzUt@j;N+#_LB!JVKCp4vF>)Q>JOK8O0R znoe7>8e6}w@PG+PkcDd(lAk(ynX($lTwxlq(U_hITCHKc8X8vp%2okf-|*n(mB_=s zp2-gi#%OJ_CLgVM{(M|(Sb5eHz(Ycj#btm6qV)#??GI+Img)zu%LOI)KSz8xba`34 zT3zmeV?w!htW{*jiHTslOQ44fzxON~PLe6TFkdV~2aW`C$#SOQHt6(oNP55J;v-VGATF5Hbd80i6?S^Q1Es7SnEmyK{ z^rv;yN#$G_xKdKwUW=byGxZQQZd#(5kk`X=%5su7Jh06pzneF1PI`UT&6TG10Rg8> zTaqH}+PszQP}GtX6od!kpMxm`k)HQXf2|z>H3zScqoajV_Q^y|eC&y6->&!cyq3Hk zx3AF1NG2$n?xpb~iO!q8M&>g1F+l&f{KwYP&sKoDtz~Gr+MGkLvi73w(W|T3O)5{P z6gHM0ZNoB0y10t7*F{+Fi|cdlfDxIGF(nZ;-aO||akUj3p+|5lWRdwJXP^9*(ts@-;ip03B!Z=8s=Ejc$OhpKPSigwkxDTR@91Ji2f* zFiEvd`FtX7kJ`#o@K06oQ7E3D+o#!(}P-Vd1Y1NCYReMaX z1}X!gua|IYuxkEKBqt!hvytQgnlg= zLCD%u$8x0cDTeC;H`?Oqti#gIsNa7e-5&iiNJ}aJ^S-M;U>`3Y5{VZyc4oUPn_>p z8>5a3XS}aX4~=K13pPA&!WwJup+c{XW4yuCxLz{ulU`fTwL4ul*~h?_4$JjqL-!e_ zhBKtS5f}e;EZ*xA-2Na%JRfj$w6KUYQMhXC1D)MEmu&aS^+fcUC#BhKV-kWZTkx}g zZ;j9^VSwYkZYa?D_CH+RK01V5Bb4CD2D4UG7r&-9dj0*&{S2Su$8ZA!Y7z>)`5m@X z-EF>P%uu@y#EKXMN`l!&OKOL-#Z&)4NX+4XD#1j3%4BLC%wc~@!|*wdsP}J_bG5#? zzLz1BLNh1r6)nc9^sJ-hA`isZBWC(KJ`@dv9;J{o7NpWm{)P)e?35(X#%7bck@1xq z=HPNkO~rIZ)?{@Ruyaxao!FVM5A$1NE5WAj2=2*~Hll^|f8l->a+IwUky8W22z4Ha zn!286YVcKGP@X@T3dr6SL(f7yU+t|Hx4dDWqK~c1sVVT~#kuECg07eQ1 zHt`|)=@x>P&0HaKwQGk*p>^uqDK(rW`MwJ zk{6$N<$D{O?yt89>pQ}9W*VON>=nf9(gS}9AIUug>^acw>u^qxuE%=oYYBXA+!<6h+i&>z%s^n7`E*K4gSx; z!lkaRRG3)MJ^4$BC3+3-BWPxCXs@Fx@yKJsBGadyu{jwAkG9r=RuM8Wca%|xfnHU#p(M-msGNx=0S0S22})k?nlQv})Zi5nZ-9`2c4{Yde%gaIFmK1~ zlkfDZA!kHQf^(ELVm0r1SzREx%i$*8L+!ifwkDL*N394MPOu)i^|QSEar^h7Q{_eH zQ2Oglj+O_nX2GlXhESkjz(a8SwZ4y8;Q1Hrq-HZ81LCTP-#I#4+5P1vQ6e-Ox!{dj zIZN@PNuBb%46yfYlu}^sX{+OLZzFMpx&QNyq5e^$^AHVcM1~Kg+N9ALOLw33Nf|2m zH2XB}^uWbiogvbwN50mL)qOUkoU&uaVRJD+4l)wC+0PNLwhLTYQ%e_ zXi~=yYO(gB^J)5`yZ*LTYkGnd4d5*=-;Nrl3NS@_0DS#zACCK0pD_cpt3_s!xx3E; z77H@jr#ENbQt=|&Eeu!HA7u2tZ3F@zub0k5dWd*`LliugJhwOCj$OT*@8@$X60zl; z3_D=?YFxQJ+Ara;^jd2m1a=rpLUY$lMLKr*#s>z!eYJp3MEHQv`QnU>Z+Ed%jZm;~ zR14}caP>C7`{CfcniI(9slX7NpEswk<8Sg||9!0HZ+eu>hU45h^PNbGWt&wA( zRl7}i+KT`$rZzJL2E?CbZwl-tQ@laCP!$p-dFJr-_m%9wLw|n1ahAiEL{$Tu=sgFq zMc>c%m93bt6Kk_)u;OS2mfAt(0EKok8%y@E-xlJZLr*NMd_$#E{pL3q_F-67y@BQ} z%GS$7pkC)}pI4bzE|p)i%km(R6K?-59OGs@EIp#&vLgqK_0%Tjw}!G;nlNcVWY{ED zBL&rj=*$b5X7676`A4vHvhwDzcesG_$>*>3`_9hj@KApW^aj3CQzH?eV|vOqcuq^q z`xjFZ2>cp#M$=}J6|90m1}TL+V%@l;lIKz*(>pH|H7Qf7&+0I})kMV5ZH4%^JpkTv z%?Iz;&O>g%Wo-UboDYVeVH~DOE8u!0jfQUVIO1X_9B8CDE*Rk`g&oj(`Z@_8iz=7YcZv3*b4nD>LII$@`7;rC%&?xcdvYm=!b0}X!H%G-COI`peuM%e z%#w~Xy*Sy7#B4`~M-(_p(@(;Gu_2DXt^M3rMy@gyr_H*#_KH{_Q7r{`_CFY|t>C=%nvYJS7|){=AK82g&N2u{ zZp`4A8cJ8xv5JLa@qPto8NRK>at94x{I!m(#4OvL-`BRTU0@VP#sNlg?;r9K<8py4 z%p|BSb&M+s=MK}oCOiv9lxCj>kp6L8P?j|_15``#*iAmE=Norx9cDdqixc}0o&~F5 znk#gCXRLF~2aAYVDcy}fwS4djJx-6E?nKr51|Hu2kN(~d$1g#|j3OHxGc*G3!rW`- z9!nzaK{D&vP~M8ObM3;Wd>gdl02A^CdVCd;*2fxEh3rpJTLhn_PNDO$EKNfG(xh(^ z278q2ElnQ5hV5b1dIJH_O=1eYj@Ax_MwkW17<`I8dcXX>EqRz3 zI`B#^=PM*`(==9j%loADkgUMv3N?-HD5=tV39P}?)k&qs3`y9#YSs!Q}YZg%S4mJ`#teK;gKZU^u ztvssjj=ew_ZZR7~nl=UaV*gmb`vqLTh_1KUW!Te&tmi%P#g*PfJq;=#n+L|C}GvkQ?wEtWnY-K z$W`?E$`s|I7FKIhc;%jU^2x5WI+!&5>#KVRgJSgE7sUNu4|H|GKVd7_4zes-Bl9%x z;b5KkG&}nyiK3=mUj4eF;_w!VM^C8(E2Y@gt3<)HgXiDcsk3oEyS4>7K7$vJvjb>N zpclSGwg7Rnc7qR#5j6ihC`Aqab@(;C-DVz^h4sp`sa~nsFTQ`w;?<3hX9(AnIpn`> z@+pzZCLaoBmLH0JQ8s1-*V;65Hxp{3{ z+yK7s-fuv$*!cq{=KXgU21EV@pgl?JxQ^~pKrrJp33lZ!JRm|o|AsnG^_3NL}eil1rzOAJ#fTWe=v^Kg9sBbXV_t3Wdw>okCy(B zT10WrBwAeutd^4EX9eWCmA2>{-d}5?P_trUz~8*@2kDZKGM!nm07^qxPL9LEo--pw zmk8xjA6hdyP@UtuzV_J1h;18YSu!v38l&y{4b~Dt17#NqFZrheaXGRWA7wc>#OCL= zK+j)gH>f#e>%uy7^vivx`kpM@%CRzBFc01KNHueBwYDyw938}~Ir9g-&5wW!lwkX< z4@8ohnGSg8%&@tzOnv;&f3h6!p9LCGa7DG--dY}QM!Pdj9J5nbfREnXq-9q9u>(&( z!(MwtOKp_ik%YY${jb1*ym}B@u6{52zc8d{7ra{ygH1-)kp8t^6cwf$bF5b8k)gDbr=Q0O}tRaH75CGs|o)g1KG3+clk z`25*Fjs`J~udDl-RYN$mf%1R#v|fHYul}=0v7)#^?ytX1s#&nGei^Gn1js+hZ zt$XxeA{9U{8tHn7FahpDJol<5vf{>@!$mz^S9DAr?1~g_P3R~1If`g$fs`}Y;<#U< zt=~B;-{+AV_Hc>soe4Yt!Y03>M!B36qfpF;|9uEW=7Nra{67+IYoi?X0Ard$u|Q7f z8h>UV=JW_QP0xTl_dRjd>__Y;^ZojL7{Cxv)gNAda? zp^n`%gw-04dlMH*Kkd(MN*H}@&iYxh=Me`Jr>@KMVs}L_k}=wGi~8mtX@BLI(OQJ9XrgbOA-|~^MF?xSR0-% z^IQ7pw$l<7!Vdo~V100YI2>PBN^?AF{9tU<5I2wOFu*hUoo~0?E3X8!`AsL(aft*^ z!die=#lh-A6&X$Gb4qD%_mcIFcRo+!Hz;x;R0FitPL2lm@4v#dZ;KN>D&4vEEx4)V zHg)8>1=KYREu|%ucG~A*E$Q#AfYJ7OOY|~~KYp~1TZc8xF!h7Vym?rlkLaYJL{R(? z&NGHd%g^3bDsZ9f{%l!oN1511YP`*2CROZBIBb~stN6iti|IC8qRbrVzgdL#pYP&w zLhJWHU=GmwE4=ei`_JEbnJrpSngWBtuH8uns^vj+@;?w$0p#8u|1f4h2Oc}m0yx{? zovm*SqoJ<$wz3(@3+$Z&p&sJg>ZllR8rqQB!w$14jbZUSXY-PtXjHU^Tv1J@OeaOF z@3#r32+oarr=oF94gQc6pq7UoAr5o)U-5@$jfV#nhYoFI1u;+&N+~7r^vsloJJ4EG zM`)+jaPvUhncDJhtWeNZdYcPgzb4babw;#Mq5s>qD*eCs;0@9mJ%e7#Re*!Kf=~=$ zt41HgN^hC+o(T`vF@<7sbl+Bzefw6zK;liN>^$vEb*%2MxrEwgD#XuBKZzdSWs3^9 z&NB)@CaiM%O_?LStVLAP=-1fMiwpzv3^RlqQw1-UGn1w>-{$ZKn`0QV)ngmUHCXk^ zC9P{wSl0YRW!8k+lzZQkz54k%=IMqaLI1&w$C5}S+*^2q?@&=`>astUzKh9j0@d7D z#2?W!t0phF%xhf_(XCmz=M?zIw{qpJ>K3cyf`rnbQsVrBMI-l1>-+(g( zG@L+ERN!Nq%~$Mm_7w^)+|vRfnC`R^bEhO%$As`BSfePJG|I9lpt293Kz~z`l85%!qf9w90!GDoq~`W8rQUs64-;oIn=$ zzB$^iwq*1pBb=A;@Dk%tKj#UC=t)sn<} z5Yg+C+cbWlMyD921n4$jh3;$L56Dt18~g|+ly)1*X-v$lm$^Wr+3~-LGA}84e(&d4 zE52Vy1S*74fa3p6k(!p0gg=kPrMY@gewCocMllBB$X`jH!!`Pi>A!6n|c?B>xeuDc7 z|3Cb5iUC~?P7uq91SYK|O!W^%VDfv8j|Np9wNeuB^KK6yRHUN(6%n=-I(} z9)K$hl{^;n;w@L0*T~-T=)2jF{;Unsj*_DKE!_m)lN1{4d-gXrY- zxSGXdGLZCnv)a$p6%)lDwaTfwt@aVCRVj;nbqi8U(Y)g08yD;wABhcc2}xfK^Iz*{ zY?;$F`faP7;S|c+k_!y)A+-J0yEapn5)@BLy^lQ8uxXPWQ#WYlO@nQFf}q$BgS1I9 zNB@1v$}#F4NgL)%RUL~$8yft(9c@t3V>Ug+d-r&E6Ztvw`}%kFR<@5S$?k1U2&{4J zb@LrnnjE@3hW$I$ABIR0Q;kCXVgB^kY3P2xLg541<3#7p0hFr47cU?3vc%^_mUrh0 z7gZIJ3Kj1iUbuUAc!dbA4#4?&Yi14xx=SP#F*6AamP9YX5YDB4{OF{=*79K;F5E}+ zUqoyuyQnyy7o-QT>jv%=5o~7{4i>+=y&+O!W;Hb9uc` zd!2~yxhsbvRE8}ve1-nfO6Xs6ddj`e6UC}Pzw_gv(GEQw>km{h!wuqzVO4^Ew3gS? zoOjWp>=3a=XKuzx%M2G$QUh6N458ZqLFaGF=>Ac&o1xMgeLAzL{*!tFUn7^JA)v3NTi?Ys`oehAD?GUos=!P7wQ9>7hLuC9A^X?O}Ul7_n)hr zNa^zZuft5^D@jeRjjH-o;YR_^M@lZ?{Emc(BdYC`D!yNUX({0UwnNMhgW5lu=MY8d z-D$i{_PR>;d#wy={HkiKW@4TAsu~4VjB>5nq>i%sXhPR_rzrpSFgw<(#Qt1fLpwcmLH7k(rhr0pK>^#yDzA|psD!YGITUTmsx-dh3h)2 zIaaj+CbJ=2I4_qF`DE=1m1F+snI5_zP#9jB#lMhYCRaAi-c)Ua--909K-G&(lMZc2 z#LwKqCM|=`UvwiL*LWFL@BtJ?`&}urFg351p0C-hxS|PRJvo!du2;6#?Yv+16CCm% z=>i8O?#Aa=I!fGoP9kgbY$BlD?4c*I>sU?FC5(>#Q$bgXT-h_#06KmM8{Z*OHxZQ^A^d~DKs{ld7LXVTb-Oa1@D_KRmFMxflL7Rcv#uDm?64ttNyfNf7Kz2 z1jjWzxRu^*GX)A5rcRWiQ2)Y~pdm43D!zb06QP}fQ@dDrYe;kO{H154*p(~X2dmwO zUTE(DrKvDzzF4w1L@O3D=L?S!?dg)K-sgwS!|fLrwE15s52zmZphXEU`yT<^IF|KxoatPSh zTo=gs!L|PeN?ySq5tL_B6vf_7Lg2$ojPpD2UBTK(0K)AZdnQzh4=<~a#+=fcIp=ls zfRAQzM+HTyCpCJl+1eTbM>Nn7!LtkAz27tPs0w$D zduM42+l&VpI13S}8#)g0$6cYlX~t*I98dIFLaNblU)U3>8p(B>8|^AaQ+rR#>}!Zb ztb^c1bBJWg@y}$%LI*9s*I9D>mWB(7%(4$pj5$v6*E}FFhq`+TQW%1&!)FC>=*Zu8 z1OLeo@1Zght(@U~_UOp#;Xq2+QWe%N{rrtQ6^hj)r54KzN>Z{RLH}L!j}savtqm3I z>-x?s?Pya4KMgFp0)NypPYK-@-MU`ia0wmR%bT z^@QmVR*XUI5xSDnB37PNGpC2AMf||NRCi~w(Xx^tublRmdo>4< zOQ}O=WWQc>)DMYLwm-!Fn=D*$c0BQ)j`&&Sbsgj$^A;Wn%T+AsAfMO~(5Tv^FVPSu zK@I&$I9eOH9qRw7oe{-bI*v|`I&8uI8I8TUj(=xs52#y5KekoJ%9gxPLCri~iYh&!m%w%Bdsi*#vXx0vk-pEvxU=7sf@+C>EQdz0zcxcKU zGdQoEsnSqCf-D$YhOr9RdH#?@#w$}cryH>vZ5bP{(q2ZVqWJSS44Hb}m%2}Pl2#$K z8uqLublQHADf@VDa$+>#p&g_(1P(`7S+qF0_m{__`@#lDniy4*IYx|S)$UoHvr*eHm)972>93h;LF z>GQZM!`t9)Rqc1!{@Y}jNt&YCQre<_HaR;bVG0uWE=Wr{-jp}f3%}U!j8=WYzU^LA zRl$G01OR?b4z}PT9pE`2mARlZ#n|Lqsi|KUs81WwpqlP~xbvdX!wf_7{itgq7HWmd zeD(3>kSRr&PFDFt<(l^Wr@erzwt7FL}c$^H8PFLa?-Igg)h}) zY)-3csVevAj;c1+jvZB|>QK7TG$So{B>tNyY7-!R_!NI!v`OcYqTKpYwd9h=t1C{z z#0sV86U*W;J_H`cC+1!Z{|auV%xNnsoHYpw1oS( zwvqbvFUgXPAFEHjeLhV6x(0vjLjSRE;v@)j2YT5)*XvhrKh$MfnB;-!aNM zYp@>F>3?(C;G=R4BU%Uwx|28y=uZ#e{z&E2V^$>VD6s;IqeFufYCLkzUrL@(_=xz` zW1c#Y@uPGiiA(wq$&!*D+}u3e0rCE%$9clrv0+=Uc`XKN5`P7=;2(I3V=dhmk;{>j z`OPyKTo9R^J9$#VuQM(K@N`$4i|sc=`GcEktln$t{P zs!{S;YgaGr9=zr44_#PgO5KjlsdoEI+7pbvSr2ZH9@worW?ratm8JQi0LJW($S|kg z{s7Enr(|J>zc>$jN)YtEBUN}EjPuLp%J5JO448&e7-8XE-*F`z zPt@N=Am)}ScM(-Xa-*M!eh(RjLhkBp^LR8`IcSR%>~hI zF4U4L^z}uYiUIHy4tD~}tOSM+r1dBNRv5N4;ybPwXpm(j@=ClnEtW}2LZV&doB5p8 zo*r&9{n2{)uN#Z{PZMRVv%^zu6BO}!?V!h3PShP0j9OPUp6@Tu6^U+vBXyCrb4G~x zt4JzrGqkuQ!KP?hRWYocMHXw;Wwb(u4RP)!Rbt>jblj;^et14qb_b&)6=$s~|N3Ti zw6^mrU%Ps#AhaaQggD#W4my3&wTLO7qRj>j)x4xs@ z2)BP#a7LlU{Q(2_r-iKS8r(vbob)E`1++EpqTb&g;W4(GNqU89`yz_IN32nqX>j=D zUAx+Dse{ljL6I?F+y@?waxl%uo5c_0z!pE5UsTVjgz9-;q)Jg9G}hRz6dzfme7N>N zQ<)cR8p2SWRr@6Q1xqW53GhSaJnRbkuTY~^T#DVdr-9q|Bn~gKk`iSf=ZC!+0()JSGb1u z7f=F7%PQ|3fksguNn2(1bf_?&rF38|zpyE;xpSvXDa{C#JQNKQx9lmzU!7HZm(5Ya zhrPKQ%u84}{FVs?VG+1_fP;(hChA>5t zhiK6?hxAT5H&q_yOK{0q@-CZ^m(-MqTFNxGNZ}Ufot$E)b<^SeMP|C}aZS3189E%W zn+Y<<0lgUZ4yC$X%l${q%7_@ECR0_m`BU6k@%RGD{pmTGpL3zuFx-(Rq!VH)>u(4c z`M$c=>%D1dEBVyRh5ZBTs&1{Mh_Dvt^4cJC4-xsCtJ~w9joL3-qtOK(|F!U$^x(98 z;|_v6w*_a}1U;yZU);_CVH_aNE#0~f_|7-iwg9;2X9AgGew(S2;tu`GVY`)yavpyt zdY9Bn9*r&H^cFFvUecb!76ayhkw5a^7>mUFLGG z^j^+!WKg0+Sr<@czAvbKHW7(^tA-^#Imw(fMk%@WeC&sv(E*9c#f)* zYgb=;Mu#88k~#h$AkR_dKKnX1vBx|rsibj)fonhJ$~d#w$FB{bb4OrNV6Ao=V(FZS zaWK3KD|=Z2aD4&-bVx|K;?D=M!&19i(gLq1 zAP{Je@?>1hSThzak0)muik_Q-qB(SXT1u71)zVRelJuwL)#Rr2y&`471P){5;KzEc zXFh6CGd4NhIdoVxFRu@5TrJaE ziuDzQ;wkMw80bF)2;%hNcI{`s#_7h?K3{twyZkfN;h!l`YaPZrDwUw~MXT=KPxjuH zMbGMv^Erv(u6vJ;g!36SS8n00$#2*kf|G-ZyBySVSSau&xFe?88IuDuJso^g1pW~& zfPZJ_LWJ$%n){o$k`aa1g3R%4YFfKG?FwOdtIGo6^w;7E zwQc@%=nVXqXDG$$u56t9$T!R-{dV=6gXFBeeJc5R4v5WiZ4~fQ&rv*Wk36sTnxzxC*k-R9fbN1KAFjbhpn3UOUIe`r&9Fe z&|0c|A74>RP>0zlJ5gG>;|@3Z{xu&cl3Z<$c!igx`>$4&noUq0s4GVYu2m_uVXa4d z=6Yl(rgJN4zJE(;m4nsuP0|1NXGRK4#}eAM2zyf8)pufwIYw|v`xp_qpPFI9;a2W0 zPP-e=`aZ6Up7b&dR#oyfJa%3nt(ihFKW4&Tn$k@Hdk5QJ(L=6UfKrQ z3x@)hG~@0ToVU!PImej&&0lHP$IjdXO%UsizbR>VIB^veUBpWEvXrT$i(GYNgOihy@yN#Fnfux`zToQl|2ee;iT>e>58$Xc|ybD!g9HWnkFk zDAJ*Dy&&{U;m!vB8y^+eH~c|^)d^e}(3BuN-7%tI?FSs}ITKAUuaiOyuQ_*~s0rWI zFS-8~Q}1<;a(8qXy4{ibIIZO#6pH;M*A&dmcrQ>{M zaB6EPV(0_^7jtKq=k7mjTls{76DPi9Ss%$?y+xNoVKOP^7&`e}m__+++Z43e60sn3 zi3}P+eAW0OgN7ygQH+m|Mz0rB2UAl+)$cIXch`b~b0&H_F@9vyh_%!MpzL^qNHV3p zt}zdr13^zW>d+&vR8E!I92b_;I9bA_gHU32Wk%|)tT-EQ41cmbRmC@*x2R&!Vj0LV z4UhzZ0k&9(Qz#ymRRaM!&CO%*NoN%PZ|yk6F$9tbBpymXer!IC`-}h!iY$qisvzuo zb)tPUOofna11WSwI!rna{FCA6aj*Ljd<@b+LEXuvK=*#{?&nB=|6XfYU z*j7@9e;ZdgGJ;5G=0?F5qm0R{(oWg8Ogeyo# z_y!=HXoWKiN$_ztG{GVw_&NZKTf6tf*V{3@yGZ^iqN8muyq`#wnw|^6I27(^sK22b zFUC*c>ZJ@mq)+JCq-fB0!A6I-la(#Syh}Cw4)^yEao8+BqB^qw2J;g%IUVKpDej8jpV;E%j%k`fZy7rdEyv*;y-h+Fo7DfRvrr6vDCVU^NAXZ!L4CM%@ui)#NiMn!e&gb%~;Fe(*<| zK#TP^&?8&kK`&X%6^@-nn~3sdLWlV;Yk*`Yg>O!U-vp;dkmeXdPz=PuJjzgX`AR<^ zevo7l-xX1=ilRqE2bCemcQMVpN{zusveRu^a1~w5pO5k407eA88`acl{^c83v*;k? zev8u9H6;3??UVoveoVNLRuaN&Q({>dN_;4inQeISua8lparhG=Mh9zKym;M6Dc>}H zlcX?o#Y6t-nNV!^r{1Es@me3tIw+>sUzId$LAn?>H7$w;>f>6L}4#auvec2=z-f&G+t7mU@~L>)oG9z8Hv{ibF+<3*}^G ztLU)$K->H6{&t|4b5{-Q21{Fr=NcL+G=-6LvMgM!*{9?tdRA5QCZPbVLNvhEX^U^z z_doFO@{EEMsWAHmRt~$LQihX!BU)LCmx`XeufWq)j;g`eCCs_3_88<(YDKY}B64kK z=f5r0`;#B#-U>-!^a@AuVIy#D8YgbIeUDe@@smz>>f(ypGS#?J?LK8Lx5gNyOn^`i z`=M7|fntwD{j>pWTtL5XNj|U+E&Bo<2rT>RqklLvV!NR?5l)ot zV|n+P&LKic>oXBSJY5h{@;f#o6tw@m(E_j{eDBB(Hvo1=i_vWmjPA1crM&AM@6r36 zero@EMu&$zsNYl-Vp4i}h+BnJBmw+qoKwM*SYTY0jAs$*k!xf}cF6I|EVKk{OaUiie+ zZ(|Ru#ZEx?UIyM~uMbTCF=!$~a}#PsgU!o^KQE->)1+%)0e5txOHihr<#=q1j)Yew zaSWm#UtLxtdIP@RJJuEs`AZBS!E!CnuUbx9cAs`v+%Wm}KXp6oSCIG;j_$}BTFgIDGyf5`@CdV6KgV|#lp47D33{A(l-^F@1CT_EjXiHcxdW^ zU?rGFMKjXizl2ad>MHAe0`~^W3+&93n2K7oStlRE2wW)v@78h8Y41BLH3N%a{^7eR z>y&U`<1wV-pp|6fw(7zUpqX8=(|xL9i0QZn`qCAFislYJD_DgR>**MscHdthpaz$u}S$#jF zv?jM4PB~;3HJ>JKT3O_bMliGdV8NG4y0`+GF6Vb1nPOboxN-w@1<usW_g(;dO)K(3#O!cO|ezdO1cOv^JtMVV! z6$T`u3RQLGR4$|JF(-F;e<5?Syg{R6_+h?z&T-q(enhO`Jn-bZNZ?ZS!E?WGd34iQ zo&H^Q}EnHUi+!YI?_L39e;P3bW2iCGzX zY-e{q6Ro|y{n?>y8gYUxNY)1BX~n0)cD1y2kr-2>l=LxHN`M=~5|J+#d|WV; zPXh#@ZXnwq&uQjr`e<3~QFbcuS}rm&6?@v5CL+sYf>PH7PrQ9d4MayP|2;Wr+`;c?yv9^POiC#5y+~##iy7&nDmDWjQn~)< zu&VSTJ9QN*vLTD~0Oqv>Z^SpHe^C}Y@nc>xQs>sefgp6+kUv0>Y^>}?MS-5fHEl*M zt@CyATLUbOq{at=p1Hs}HT4HP z70z>HdKSA`?iBe7`T>T)^;rQGdW7yZT-BwVq*-f$VSQAQ-lY+(+7MgXN`ySZlBO_g zc(4%gf+-#AKI-~Cc(VR69V?Z3uxtA}ykoW^1Js$yDIqy=zwW14?`p!4Fd8}bIr^Rv zg_@%V0|OLINt)ix9b#SEl_b^~+b9)|fN`*@So{*VjRY@kud&wy;QEb5iP7LAsO@WT zpJIe(8&qzFzNvGs6V@(;921iW&i%#_vDwwV&y>~imi0qEv3*Aid>r&2{M{(<-GJTI zOfEcNPow%!CP8xO5U6Ech%sZim|OSd>SO8tV{Ge<6GF1df7knA843Dxn^H}{Sp$;3 znIj$Wj0;DO{^miD`);)@J(GBUHdkxqA}T~idv7E|9ygOs(>0De9RtI5xBLyvtkJLL zwTqc95_t*0K>OS7*m*PZ- z-z`&HQVZo~&0J#kyW&ZgCFo0*=!D&|B)pfL<)G*!$z`SfD$Dox z)f-3ff=yQ{Z)S$^w-wSLg^;RlC`TT2ALw-CX~rTRb~f+6;>WooN`s-T_^$xu&~%)Q zf4W=1iK!R(9-*RRNK6s*%Um!d>UY&BZ4G?E7tr`iK}&}#CcAWUv64q9fouY7BbS8O zEO}cNl8UL2Y@%3$-PbJ)Kz91Sl)8&Ns#r;1Zu&e54Tp2&qZOD9pHf0+$RZJm_YE3b zPf_m0et#H~=BM?eVQ1CU{`qtue?-glpq$>@HlnJGm-drua}VQk`eR>NX*Hhg<~MVu z1>;_<_*mxbnK9E`VX~+6P`)c?)UmYH+N*b4+oJF3j)47scI>itdgTH|c9mY1+3hW{ zhu7}arB}&l9UcEyX@~&1CEo*#j^FH&V$H29jD-TExuqwKtPw#umHVSE>SiBUOJ5cR zhS%Cvzo|-MG5%JyFsqu!N6I|;gpW}W>ggtx=~P)rX1xYW)W&ePbK9i<33s>+7`m^A z>}#=KjssE?IxGFRnyah7PuPvKUwvI0etw4scQUrtUs*r@mxasU>FlY1W^ct4L2HNiTE{4l z8C?v7#0{2GFw860hCol}$+!GArD?gE^RTLy zM*}Ly6b$d}<2_N!3+Czd1a*|?mRTgtkJ$lsX6vh3Rd|gyq2uAVR-en!?Mhf#QzAdt zg{jbesf5gdMj|rW#|nZ9&zQHq9=T0j#-?ycNZQ9mqLiT zK1IG6klEL(VIa)+ziJN<3U_0t(>{cEl`PKQUbI|ty2%$-QarcVZ4H#1sANa7YaImy zPNllt$s|3!7sFQy?{bX`TPq6Z6GUnx^j0r?s6%mzI*#X9DuWh4$QPzShb(NA8dE(*s#W1scrT^ER1dp!SlI zW-bOU7x>=z_P1~*pQslj+b|5Qf~j=AzOQ$OYVAVs*@0cSrl?^0WB5Cd?>q>#!qU%_ z?#3P+9@mssc)g>6Im#J)g@t71B+B94;H1yoW$7$K#^7{tZ||}C<)NSQE^F*2d%0Ej zW#;pb4*bCq=V0eE5*vbyiiGc;SgdmF<;U<=)bAbz;)s8+p2|KhPO0DAG~4)HV>k5s zjY9@UGdYI~cTTfc_aCI4I5gA7%jwacIKXmN2CjVi+8=@l=)2H=Z-a49COdA2h~4}y zdzzRA2i?4A(%E#!&g4|VUU*J+_vqXQO`zkvK^h^S9x_1jWhr2vN*rsr^{E`lL0&PAo=^47-m;O+=Q z-^oJ{(PCaXFz_N?_4KKW0ty$7i#O?Ug^_h;!H0GF?uC|~n&(w-Y_Hls%gcv&smBLC z+VL!>{z`Lq%5DYQ!`sIL?_FBkq7+od$hFZ;;+UDOrwNbx>wYz?Vjrwlz4zRDt)L5| z_UD?GH$UFU&AYZZZJ{@q4+uWN{ZiP6|3Xyx^0juE); zkWibkUw@f;Mk}{RRa))$U-j&M* zbj@jfbKK)T{UT*VX;M?lYVc$JbFBO?Gu-L$1)B4U9TTfv|Cc&gW_>0no6RCviRQcU z#T08qf%2?oAJDSyqC}gQ$78>nmp8!9^m9hyh~yK8`Hoke%aVEtc5x-U#BiHMzQaTR~Z{cinqu-yAZejNI`rqmwf;5u$NjOhM zqHn|DN1G)nHrJx((4iT3X5rYl;C-fN)t#U);|<}Ryqf~&J&+^ zx;f)ucw2sk%*Kk|PT7%$RRGPe2k0w+u*)3Z9V4R%W=GD}bz0Qz7PJW6IkeY3H_rTP z01t!L-GS4U{n}~F*-7zZ(%Nyb(^wMV1?oQXe)W2oMtxB*W4h_K>qA`axF!+!33^-t z`1o!aJC^wP&JMx;HP<0<4a9(dIDU1f!nr9TYPUt7d0l+5oSS8QvD?GFe>vq`6X44Q z^lUGmrt5t=Jl(x*kLK1uyB#P%+tZ2NbI0?`CH2$Zu1Ck~i2ckO^6Q))c=-HW;_i#8 zz#K_6eriX9`{S!Or|v>q&_)cf2MU%26@m)df#S3rlkrNCh-_d8?hp`D(5*E{Il9an zR}3Sn&cSIVu&PdL6TZyUN2u-(T{7SjUS|6Ld#@?XY2_$XJaL8bL29*InT*&RGG zVEq!*jT-hd>Kq)fK}}Q{V9z9wwyHqXL%Xe_EJAIPYnHP{!7g?OuD(_*{J5eFY;iX zIN4d*Uhc}t!a^b$4)N6Rb$FhrSJ4Vze$GpVJv0j+YdV{q!MBhbVJ_Ha@oJQ;0dxIr0PJ zYly5R`wW}gK@H<(a%mYGEhgK-m9toQRb1GD%W-b#w-0!Y{gw~GlM53QYPo`JR{?B| zZm$PZrq&Z`IU!W?FKk%9uMff7rY1@-lwi{Y6Mu_5ei-JQU@l_pqi6kE`6Qf)B2CBqbZEZPg0ryishuOx&>YP z0aH}7+nCCitF7s;oZ%1|i0-n`0kvtRoa3`Z#HF#SgNZ_}Svr|6k;cNFY`xW)1k5<* zqM9B7!HyueBArZ?N;_WhFrGsMHq={PT6w2zwaWdcfvII2bw0O0tgo5A%;RhM^JJq_ zi2j211F~LIh4qfW3&5%Aep{<`+!t?No2jRQym+4X8bRxE8S-@M>Ss;%gL5dlL&ZhR zlRh>+9C^i3PC7D3R7Bw{r@*yTtgbW|Y+hzUSMUG7d8O`Prv9AaO$M9SNChi0&a&5Z z%FiEMlcrS(Iz%!>fiHLMVOq2m$Zx#q6^oL)ZokZ70yo07w|$UWrr1oOy&-;D9|w}U z1GXLPGvn8|BdLqo6ckiL^8&4wHov8Id_hF%|g=`Nbcp5&`%JmY`9apQeH z-&*V70=!1^yNl?&P5JtE2vq`+Ue-9mMPbeu@g%Gp(RheT~qIU{dcy ztPIOFcJrC~cnC{I3xj~a^q3z9lfQkYJrTTglFHi3gk|2uThPwK@8JUjelXlsh`Lg9 z<0d8!aqG5y8+hyB*p*f~Xq|ej55%pTu4HGwI~n%yX)OMhw240sQoqKz;;jurMj_r= z6|r_Vi_o{O{p_NBS8+sg%4qs&D;~OK2a2kO_Hfi-X>+llW9B?P|h- zSGmMZw@~01B=gX+ybwWCKDRZPN#HrwZyE+rlVEucTN5|Vmq9#W)um#;h+cZN1kE7* zdB=zAH>C@531Vw?y>AOR z!a!T2$IluKDza4<{mSoYV_|oF1*LZ~L9m8_TZ-hgYdMi49HRY$si1-9MK|M3h;|)k z$u^FLx(sZIoi;{se6|X_h{y+Mf;kAM$!y2M-yge^oSHl6vp>yhG%aSD&&&pYoLS5& zw}kLg!87PPL;YP*2&u6rG(pn>{iL3H#}4TF^*+uEsz_@rPcd$mpSw5@KHSm3N7oA| z#PaVC(LB2EN&$!lIJ|@4==dF!*k1N(n~$np3q|$aW=_w>$4i7>Ru)|akIcpbf?9X3 z-Bv99TF4p)>3=-_TYKg=Q2FeiFnu`nPrP`1NPDeZ#Ck2|=zWE=0#slGb{>|i{a6pd z@Ux3Dj=z&r@6?|-N>x=wSusw?gF3`Jonor*RRh7N1X)LD&uBT9)(e4QP7|C6gE5m1 zKfSg15yyMUMXxR)uEXB>pU3{?>ZuAiZku6UoSwO0vabCB3yJKL7S=MaMM4c#&SBjo!Qv*msfW!Nx1^5_2 z8&o;X)1Rz|>{eN7Du0elP=g!CIY9G4Zw`Ve4i5#e8*Ts4KX#SDYQXHFKk(s7nxU67 z`1Rx0lr6cIUh}}}p9Kq&r~dq0b0k(5PfeflG?129n4D)|TBpGz zZ5W%Kb)fqiyKJg+ZB*Ja(-%kR|Dk|?ikq=xH)q=NKRe!ljYP(ex%XmZ1YL!_BiiwN z<(f2wO0)do2c}Jk4Dp#*rlNSdIY3z|R?HnBl4xP+J)Zo(Nh6N)~ROOr=-#>_gw5_ zlB3-ml0hng>#<;t*0X-op`8}yJ5gL{3dx(vTr~?Spm@Y>>NX@0T=`J!3ipU( zR4Z-YxVv+)>9X-gxQTYR(S!-pmZ4L=-WfgS9YfvTk*0#^>=|PWySg%TY9PbtruP9r zw)e)rtOSuKeyt6@|I{o9i=><4w?BzIB#E8zcbIsK6wQ{AOmeg2h<_@oLD*9XJm_=2-Qt|Nnk zS$aQ20kPaFSk~8Y2azRw6kH5Gxj_uqa-cT925NY6kyKBF;}XxHin=NIh#^r<9d&t_fuS3+ND|$ zfo|K-H}VSkix-8;t6|J_C8{%rycH3$}8$D^4jj+9~g@ zt3HRc7rpy1vW^r(uY?9g3|kF*&d+523JwtdA4^nayLjG6;{(8%u+oI|m_g@AkiA}V zO66png^_FHG{oYUJ&$veG6VA+d&c2g5RLYV_kI>|kX3ZFwqN45JmdUQ6q1mqLNi~( ze|m-_F`^^+q)%wpOI;}Ab2120l@EmDOD|vGcW?R<4a);}wI)W>zu3bJ!2iLS>8}AM z=YS^o7et3Xtx&a60zYt18_BFQwnP+@s|bjC+LgbSg>h{U=MtTh29->u#v&b}ZTmh`f5v(3IpON} ztH!&Stk*4!r{T%B{fS~L=p*wO@)kNw49R1T9PL5sIv7h@Quch!Fa9q~CKbaw;}GMb zKo7~Oz)Kgni`eJ!>FA{&v{MhdKj>ZLZKf6MPlS8&nVna&R1ZK7dSE2&wMxT#`>z+x zaIj-U`%hhO$&Iy8UnW_Ojaj^vymWedGrrYwGMp+) zU2DY)UG%Za6YZ~eH+=y%iF-I(;hZ#@Xg~QH91znrH(y!kAdjE(3LFb~-JF&(@{2C( zlNAIO4W__Msq_|KqEgun*D-h&xQ_aH>*ZOK+xS>w-{w%FUlOL`V~s^_t!DKX(#&q8 z^jBCjq+~_eImoIz0>+G|}$aE{|k`$V^o8)t+~hzd8vw~ zX$<5W474LIF*!0ht5U5s)?sqf3l0oCj^)4lo0AVYW;apuf_+k}@I4r_D1DjC_q;#y*w)lnZ8n#K1!u+{K>BfR%=MtzK0|wIpyEKym$JKOo`d0lmoV zrySPH`u;7k_B$7t=uevB3M?!hVxJa@DUP zy0HOBx8D3w$KL1Lqje#hNs8Mq(+DTzvy;lLk9aq-D=QqsicYX=?g%^Aq@Dt zv1sxz{o7`p4&aRyYErh>wZGCt(+`ijzkI(n`x-LUs81n6Lua-m=yyR5{s0uJs3w9g z)4jjovM2`9pAGdJSQiWg5}H2d^^m7dh&v-}L~rKMWs1AZ$$V5}Bq04%Cid(V{YzT+ zFByXG3ByQQF6$Z5%b`Qlpm9L7&0KJ5b_)7-RslP2Hnnz&Tcae}wK(rzL=`$9S6BUq zY`%*njF!~=Ce7kMEgq|Xei#{uMP%%@ANNBmWR$)Duo=->+jNVPhC)>S3#{)+Dg9L) zYu~ejD@dWb)ROc~?)%Yqln8@FL>h}bMba%-q@{J$5(8^;i4iaw^Vt3Mi|-8v0w2Ra zH`I!1cJ>gr$AmBe-M>f8U=qD{vpDK=mqjnZuqPlKk^D5qbUgy!+r>F$_D>MtiRkWcnW&LW{=4CvVmg2a};#-vUFt3;W?UUG$}L%VS@H zc<1waqp>@-7(B^qPd?j+;#MTofk@vi8RF5WN`eElQGX zn$E}-QpoWp6jfYEz+WsfwkAa(%HW3;B1> zq|Z5=hyZxka-;l>L@o2ycXQB;m z76iWo8J1SNKQIo4(zoT@b%agt_jYwNus54nhcs49RMXJJ<+@vI%cuoP-41jSti1&P z7xv%RQ4o-L)b{;T-yGNeaY5bm@Z|wPwro~uCt83~pB5n2R*$vju-3Az zszJ+Xnv~e2Kl{>uiz_3;@Y2!zpJT}i4c{Nh&Hd+CdmA{{Sj^Of={KtxWjgb z!kL41b9(3Je%JF?MC2Py@-S*|?w)F=*LMxp!`Go~DOw$ond{H*t(}py76I+Lm=={( z=}l8!Gs~Y}R;_n}6kYwoN-c;1Rb90B*43H@%k|vDvLoltdkb&%>W(xb4+*yZPVb5s zv8EeA6^v3_nGxe|?rl+9NQlxJ1fMss@eN@#h=l(LRMaQC!cjMSb44*pZx2@X6jsJ< z_e@?iU!9qGJKmMO>sY>fjjY5lT)-U}XsPj5zo9s4qR^~kAl zg;q}}svC* zJh&`__DR;fpRt<(@4J}(B7pyTMS+hX@bRoKcQr{4<9hz}3YNbpzp5|VjO}Xzi=F%? zf|MR+kL+XUVTGj<`6sPf1gE|%o`1X;_|r0w-4WIoy;@cc&axvx>Q=|nw)~ab zOnl0k4VM`>c%hAk+4C1MJa_5(c1qgx!>v_XS9%pu)z+)SW)EtDWe3%LZv7fEh(ST= z3rL(z7n&c2IfpX&mUlL2b!sG*!aviJjN8$nx?j|NU(`(EJXTlbh8z$hSN2)UnFU7c z{0U;qQn4rDSzdcRNtOF9Z^fY1*EP9&pQ@Z|)+KZ&Xb$l~kCz+B_r!_vlW8TU%9?so zMlR$d#k3B21SMKAhx$xCheEW*vx5V&lgN~Hm8Asp<-s!vf3s=99!wYVpIUnVWYg%C zsv5g?#Athf*Q4iCwI}e<47lOZjt)nAA_wUD)FsLNS}+((V|!E7BZOI{ThCM**cfR_ zs`u=``3|fYz*klt)LV#k^PM&2ws!jKIrL{m8@TLvtT?7@A!>4KpH~?DU|$hsM)>XIdM{q5C(8hn`m2ni{*Hc#(6pw7asrN2IKYC&XCfV~Wii1jn@DP0Z5jT}J zZ4mxa8eLYUw8^xYLa^IAj7Zm8c8*X!`PH6Q$a_hrobi1tXNKM%O+4i6I631a@^0>0 z;0uWlo#*2;lTnPKPCkN`3@zD>I58YzZ3mCD2_d80O`S539Bq~PVjf(@`t)4>Fa;v% z0G_S1&s^z11awKbxK0H!=-aQ(w@FUUwI4~*U zvdm}5xV2Pq(%$;TS3p7LAtfl?`KW!t``NqO#cCYH^EuDR+XmTfaTb#;sX8tE%H=Ab zy`27+&w`g`%?Gtqs>b&G*gb(~}n!{YE#ut;P=cA%IKMjMdOh(?P!qf&3wMl$h zto~e+?dZ=_v^~8bJZtKbls?HuWLt|6YDlYJN}3+X|2xnT>Lj`Rxnr{fms13>c%A=8 z)Ky1y)ihzHQ>44Qq(MQtySqWUK~nKbH%K=~cXxM4cXxMpen0Vh_1}B;oIATS^UO1| zv%8GJRGS#U!bgmO<%^c1Cl%nEONdXEtUfpH{X&RYL%)-LnQ7dxC=2}g10QM~`n-@C z;!75=ntXqe*gl`K{buxWp{4mJu+;Ko$t9WrT(qR?`Z63!uO6k=XS(k`pMQR?z3+K6 zyw34^dbqoAWxRZtdTzs%4J$D&d^~R)-A#R(2QmlqjycQ~+J*-u@4o`S&~?ADm`UBO zI-EEC!h8ON8zu8>x%_B-eS!6$n4g#LN_^$6^>lpju0!{EiH+aUIk+*|rotxY&~bb; zn_roWYHgPYZx7egw;s-2cRFg{r3)2`cI_{*{C-Li=;BmC!sG12+^w1C&rl1v&fIif zH=kv_e zs*cloc`c{{T=at42uOBH;EccUNB##vHRb{I ztZm;eRiG8&%IR;i_*z=J5&yv0MidnHSgXe7QAD*lpoj53C`(ALubrIq%qYc3#&HljXCL@NtTCKuY!YvCpI z5mUwcaQleaz!(<#=pJt*0`|NW!|^P+fD6hB+2P+N<~#G z_B*q;Cb}9bEg|`OIq?1OwcX|-j_9z{jhTfDv)J+zn*|!p+!S_)3KiBim9Y*!|7#b^ zPk66AGbj@aB51khS>stNTNOh>-L94g*zHeJ}c#xq)wZFgIg+CC%(Q0KaV5&gJ&g;?3)cx)Z)8 zc*Kjc{qTV39g}CXN1fvY9CtU-s@o@_!j^81b@)K}&)sT@EYw*B6yXQHaB2cHnOycF zY?$T%XJV}7_d-Se+DtTe%a$TQ z?^hIN6}r?#=nFOrHwIGnvFIn51l@MgMBARCA7~}*CMcTGUuLqIE3hmv%6vuQy*tW4 zXd*c?+BKHIdRlaERhs8xBt^fsAW1?kNUsQ1mQ9gcT#uowWmr-eponB?{yGi#ufK0E zK2Bq1FgxbA!c4OA$N^9pt-rydz-WMhqLG*-lKtG^2*SBo^D23xtdtU?_;p@g3fuhP zyq9|&@O+tjkE^pZ4J;1#J;XgftTO0o;g1rAE(4dBs{-QBSLGh{FFqfg5K)6Bdcr}OU7wnaHUdXe7PeM*?~?kxP0NznSdqHST&R}Q7p4|p#{ ziGHtm+3iWMl&z&?UR(*>n9j?NTqEoY@1@3v)a+-c=3dQ_Ch^Ub{hru+wV7`$JWjz- z4lyViyVX`)omuQ=ac>dxH9LH~Tt*7C*H~dRC4Of#z@JJc6lDyGQ$-dT2p4g*%&31Y zejKW8yYoCxDI2Gn+IUZQo;UDu+e8 ztm5iU?{IHBOY$I`GqyL%j|@KE(D1*GI{bindLVV!*e7;Td^H;M27LDfWn_Y`o}pOV zFbPwOr2))q(Hcv+;ug3jsx!oYmvL}5S{9Gw!Prj>6!s4^Kw-ZDw4XDT?D4UySQQ9!(zJ;& z7no%DJi-q{IZfZS+14Xgq@Nd!Jsx)N;T2<4PYgql@m{=oWDY;47A~MqqO9rF_T1}n zYj59%2=t16C*3AGn%Pj4`G=}ufBNSTGXD@81D_YkB@FuA-3C2=X~i9&>}+RSFAJGJ zg_CBo`;nyc=EU%KxY8Q{3QU=5e#jUKr=dxH>vL3jb~6xvC5OypXYx2nlqLchK=_;l zs@ShVzl!k1*yYFR{oBrK;0y0ArxlWQQ(gyth&OpgZa2F!E_}Zl0iK)V+;inpc-iZm zc`-c2kGpaHFw9kB2{VP+v`+f{0&)hlU36E-9g%pdz`T>|(E;<&2X~4*_alpdNNmfh zUI3MvdA`%&^$WrL{19v=(q)6bK>$LmBv)&<` zymZJ|vfF8#Bqn2k=2nLx|`#y{k*%nJI!yQ%G64rQCSEbz8`D<&LJm>5~e(64>()AkM_#ZLbst~5Iv!O@-tlt+l^(B9TffZPE{bn3FK|yDNdNHm8=^DlQUNbVzTo_M z*(;ou?z6_7H*qu&HP3}WKc{=5~A%b`n{3Bh5)&!cyA4!_i>z-Xf4rNF7s z=T@JonM!4Ctl}-wPB?-l&Q*sEzCU&j%BBcP&L6wXrG-uYBE4!c)T~0;h8qS!bAVT6 zt-t@|klRqQ*gm173$s15S+*Za5xQ{sD5C>h?O#{?YAuNODRVWMf~GoL%H*ATJ2kfI zjOh2?HgE5zcGA}`t2Ge`7J8^+{BmS5Gl_A0FD=bZ#dT?tSJ+vNC%%vQ=|SN?sW(;NqsKpzkSxg03|9Hbj$2e zc!R*~*YdF;dHZv-j8|XYA4oMr412jMA?N%8Dj#(uYISNi7_Mc9uT^(HSHJmYsy4L1 z#L5_!81?O3zV=*$_{37CVY32_e2rBtON4$+pup6nv^QL^sG}Yh0!dO-K{=xOKGC?t+X5@YpB*5tCb41hxlb z!QaGWqh(AkvZXHIR6-VZqQ7e0H?FNk$A*bhlI%k_&8nVh3gN)0eT?+IlmJCT{ z6}`i5=TDC)Eti7Tx7V>%zHv2z5K}~L%eqz*hS2Z&2fnq4dD~#SePkXIJvd9seX?-tx<-|Kd??zucK!%HU`6^~2qQc{gqd zjf^kp^<8k(Ed^p$g3J4B^ba+y;ams(|HvnM@{PSqx0OEZ`bi$}wPpEn1Uv-qIjL!g z4}C)U9nnN|mA&7BmnQj8nGJxYm1KEdo$QM5b9^^FH?Rt7R83f3I;wAxB)b&0d+6@( zjHvi>wC{Jnm9{M0bE?c3`ayMJjL*l$z~KesH9~DMLs_-fN`HBqNKsU+g`hb4MH!fM zD#?Zu3- zsSB=U_R7l1WDBVbeik~+8|od;#)i?#*Um{&TtNd~H*X4!1wU-6tgs}h_T<4_4WWIN zg{7J61h`(dwyKme^=K3r(Tyx|@iTB}i{$2!jX(E(4QxHc0J>lODal^Ci5#3;ZoR z=7wl2T&wf|KMx)PPxDKax7WW%+KikUNz((F|<-8dF$yV*%Bh+y(xj&_sm? z(EktW|r(IoV?{jh9q>*o=TeFf?4 z(6CmGlf{s^`{_&&)mF6(aaic7&5=Sm%+kLh+r;o057@y}0(3amJ7VkRCl70n254)9 z^&hpS!IIi8$;qu-=GYmg=Lll%z)p1@a1-!Ern!rfBvd~T#&IoWRczxAMbJBj2a4MJ z3%jEbYj-)Rrdb~>uiLY#mJKbW&e_?kkf%79rXS_w%m_}|r7ll;pm^6-*ha!1*|L4u zWONN#6y6?U2DZ#|W=ulI4j-U7GUgv_nD}c9Q2W7u=VU5lMJ=}8*4$`m^B*c3b4DmC zn5dEVxIRvpkaUnpCCMwRdau^+*YgxhBbRQ!`m328r?n4nvGZJ*7Pq>dX?Ly=y@JNA zbYOV<)##e$$dQmGF}FUMq0_~;i=YNM83MkT+}gM1J2E9ic-r$JSb~xj_34-iA%5(Z zuc%y(giLJ=UcGu@VI$qPrX65k!;x1C+C(Otj9)uYH~A)F>}GdSRDL0LYv-EkG6Dm` zSoya>XDSPELz0pB?#*H2lbf(O$Hx{7eK&T1pp3rY08Ff;ayS;GgEGRHV za5_s&Z2d3N`_1I^f=$HkokEJl(!v&Tp4T&H|7 zf&1taCjiLt@`!o!e@0fQD^W2GRZk0t#y|FGAoP(h6^o@^NsAqRC~6-+N0x);t%9kW z{sL=CYjeq*QyQRDYK5z-QCrZ=dqm1M)vY{wLo}W|)*$b}RVYv>*t_SHYcXc;_;l0a zpiDc6Dm^LZkUV(_={KmSK#QTaqI=TSUXE850JIXmz<6Cy`vPRauCRzSU|r8*q3LD;7mYj@NaMxzy8 zYyPHkYz`JoTe6`qo4Wbr^N7F8l9^4Lc$?eC9MFZ2jrf>=sT%)Qm}pfOP_pX9O@b_J z9%{*&xHCq*WP2$GpuF}9cooAR6pWBCWukG3FWfmm+&f@^sGvrp6d5xuRq5WbUbFx~ z=LPkjbApk?_5KtV$yAqu(DYARW{z`NiOo%iuIZorcs*(Rrm>$eHZ)pkq1{mG&BGKq z<`^YxpD}$n1wh180h6C}H_*PH;7*$TLAnbZ4`XF(S%jvQ19`>scbB=BTzG?x|I{7t@;xkK7vNj{*CGoH$rhF$KyCVjy%X?6YO5Ap>D^l=p^mYsBFLS@!-)KQM&`AybZ4dkDU;a|r@nXh?XJqH={GcZp7^SiCf^U} zeFWI|6=AlBOe*MN$yJ?#C@L`+!Mw;3iBys=og(aH`bK%*qq9gd=+Gsot?Y#+#`%|v zDuocc5K+oe%Xfh~46-Fr<<>rhzjZR0UjgMxmYH;e+9uj?b_L~?dP<%aH4iZrPI>20 zC)WEX7RhC>ro17oWta!t2zmUJlfijj+Ba&A(MWpuaCxs^n0i=xIY*!uBJP3Zd=yJ|}bMqYo+ZQJR?la9VHvOdibWPf-D>1ZBH% z1V=u*@i8E~%L|VhXAMOK>#xT7{bkX7?MZ#~k2sBpzZImH>Y;tB-i)fpakIW23K^=x zKlkCs$Sx3`B5LBBNtuuTQT+x{;ny$Y_+hYaFp>y${Tmk&6WOze10MEz82G4xJ(5Lw z_y8^A&4*fyLx;zF9z5NVID=8XF~iPGJh zhcAipmPsi3!p6UjDP#i@saRg76oaB~l3AA{btd2=Ry&&B#_ zgW34c6@wI4X=aK?H}%<1R;8qg&~w57#_*5?v{6dX8FaJqmzz(9ImFwmWgKjzP@*^{ zylTHRP86xdpgH6#Um9KM;oAdMU}-gsL`M7aB_^8=ejNCrGqZfn70!_xuQC}*tj2s_ zY#Lpfj{cVpsM)5QM&nXzI80L;wrQdlLS~#Gp!RVW@20XHyg%Fp((`dH>Q=N|$-+<0 z4TV3Llp(y^av! z$FSRFC)BXr+w6sd+qEcg3*+-;Nt)F;Ar|VXpI3wdFDH1?oniMiCU1~K_1QJx__ zvqPMa#OHMLO2D)#ST!uF)EMKh#JR@l@zJd3Ee^4UVnN7;MdHr&DqhcHFj zNqkqX{#O)(MU5_65Hm__7+O@LcRZ=ncJ5rCuq~)(=f#QKL~Y3YSsVmjA*#Px?@Ohc z==d{KyYQ{T$0xli)3yRncT0QJDyo;*+Kpd`5nZaGWIU1Hm;>AmV2e1;SNl6^q$fyt zB&3x@Z746k8e@em5dOPuLv%!8E?*a}!Rnk`)3sQXKk7NUp|aVZ?ma&CSdFu`V}eM7 zc1I(yPOu%9ugSLb-p0Z_i$kHVgVG>+53@<@V~T#B*;ATg-X(>C;)?@>n5dc4=;!4P zhyl`xfqTUm_-l>06IK$W%Fe$JYt-Jt?N|6qs*};NLH-xtJzY}7q&Gzr#upryFotU+ zq|P(cS^KbPVeZx;HE%5BA6P6AiT#h+{3yxi4~r8mFdn?-Jso~kjr|Dt%5&gay0vV> zf7TE{hW^qs;Dr&B=|+W7i4BO;*jRMCQT$lrX4=;m82r3IJHZ+^B2mT0+tcqZp%(FP zJC>g-JhLx^EU#{Vp=i{v#mM$_h5kpb%;jnWQ1Q#kh0#C2N^u{4T5q|Awp2sh=z85f zQC-!3BxocCv2yXLL9X~cq!W*d)FR0o;q}~;nP;HdKK?WSyViB}G35Mpp&-4BIONyT z0D?af-oBd3aHHym#^&CW`y6H70ao6hv#L^U+a83hWeN{CkB9iJ}+>mf^XgissSj;Ilp7rsg&rPBwv#$sx1-Nq^T79 zWng`_iQ)X?85#&f1bk-XR3@SaE80-Sh6lI(_Y?YZa&D*3zMk)gHpPkr+UHp59Pimt zWbRuXCM?XifDddm-|t*9GC$4vM_411h+VJ;d8Wu{qgM{;G`>@l{i)|_);65>{ggdC z_77yOx1A|K_Dd>@=+H=?*{dX^^Xstfz)~q3NWHtGIR^&U`L)qaKC0>bQ*bUa3|@yC+Xl}mgUm5IO#h_Vnpv0BmSy6VXCzXE@Ppig-HiTRA z{ure5S}9N69h@uDhy>h%2lWXw67IJm0Za&^FmgMGlW`=EEK>AW~roE_Eu z!Xj<(medc5w-)9UxENihgX~9vZ&tX`Q?Mctg?K4Q#&~Y}!^M#12jj_GM5;_S3RWIs z8$>wfS|`4tP7|Zw%P#Wp5{K+Z{tFS`vncF^s>1P@oRgVj>Xk#)7z01xe!V%FY>@oe z&?HT+&4s+oqB#t=c8Ac5Ykip4mHOPjny9@2D1JkJ`*i=6^4#xQ_xPue?8i*~S>2~w z#eg1)a^4rPKr~ak%F&xm?dyG-sVlIXPC`E948b~%gEgBa$+DYH=F~(~8p3XAV2D%N$Nou6ADae`w!f9=|?`VHE`MKT#NrWwrjK5%v z%f50*z<0Aj+aV@@E!mot;<+P5fR=hdK6*Hxw_(^$<>xS8&akR$4~T@ML!fi1fGwX9 zdi$q&{nKlBFmyT?C2W48X~*F@^B>uQ*j(A@W8B>^k;S{86jkFo`>koz-opIN0zWY! zL*$1*c+~9!QQ=)h0->JJ4bMe?5cUN#sBpcTKq z*lW`=?ArGTvhOS~k$%&2y*BIYd)_^+$*`x*s`d{wv*D8?}dHYnq0Fb2+y?!`XV0S9;6i=VhU z3rg^Pf)i==+d4`ysH?KPpfD$r))un!YWh+64e+OmMOXO4w8e8dzH!C+?I(P~C65DY ze5M|^WR=w=5Wn=hfqMVnO(2k;^UAPC<4=->rSo2dm23fnJVNYQO_G)$i{X|;XTO9f z;?VsZ1dj78tx#9#UgEU^HeJ%CTyP(AyZSGj1&eOK7(2J0%mE2HQ@N-`J3D%MdFzAZ z=yXYcLnRnZB83I6OEGF!oaKHLS*1h1bXIEwdR4U&1j=iP zz%TUGTe%tAS7vYfmsJaDq{8kE0>iRY6iWTCe-HXEmW(8=T?oM!a*Tm(7dzB+pBxF*S@1`h)q4d_d7CjM%?6=Jm|BYDaWcPB*RHR zZyOX~ zq26E}YTjIeu6{?hoKd;fh?;xSFhw_oWN~(Z^V5xwY$^9wD@ShLRQQS%;Tkb2P1vqV zeieW<4}yI+>i#mehwuUG*$Q+Xm?y7(vUIO{B}meCl)_x|1p_xp)T|2htBQtltt_Zr zY3~RS_jo#l9sSI^u*|>A{qW7_U%=c3je-9QFUZ0(6ZHCF#x3*8`UvD%)^8H7kWb#vj6G)o@zTeeeq$Zo8w4 zgM9a6>aa>CLM^fsA70}bsfbiOI$GVIzQN<>ZfBXUnI=t;mLw>bK)%V6&&HxZj_>wu+E(Zf-5aF${OL<8@Cj)}#_T+tU!|d@RTE;|4N3R1wrDtaxD4VDDk<(SdKIZ~W&W~*z^zBuVzKKxp(U9^cT!%}0= zu{kF3BnCjz31q!ed@aG}%PH+^MX>2Sm-dkvYkCrHIFqJM*4MA%TD^IBc3D24j4P^f zqb_LqHIY30d0XA9cS8-O2aPMvT0bzYNqC_}>j=}Zp4;c_5iR;1MKnW!FGJ?(7MTqx zB-xHZQ1MhG`4)r2o(}x^?|%>a8v<6A1FE%bGUBCo6Vm`D}fU z9zv!+}QL!H! zm(04IV%H|8=-5}N5x+{Ejlcyv7gUTI{cB|X03vAiA00`iFmP%LkK+cRxl_IJKnkIc zdWd@4jdK15{6Vjplc?~f&w>hy(gr}ATnNTQ$-Zw}bvnqfT>jQMgw|)#>fEQeG_2Ojbv$$3DD$~sww3F3$eRj67+DMeNb~+wD2awCM232(d zKk)Guzj+&c1uK|fD^!@qj&_rlhRYiQbCh1h=8@;l=aP}1@2l=fF5KtT;nM{=XdM5o za%6ynwoRtO?^TwyR?dqJHt4l}IKV4utkL=sQw~`ukbZQoFo^K{y@z>9eAUAiB+5KJV_0-pY?xioqy6i?e=nQf%Z@Yr620gS`tDo8n_}icZ=evgA z>L$HqsPeq$^A)bBq3T^AWt-PyMS#qC(0$lcw;e z56;QurOnFET8x2e1*4K=a{-FtniPVl-yCrcp6)i0V%^$@c6rQm!9$qr@WFiKD%kw` z38<=huEnkJ=56|)8$MI0w?M&8$ihq8&v5*px<77K+pSeJoaO^!eAifCTLhdRvkIdo zn)<(ZdNsy($aaE2J3bL2t(tu6vZ-7fs7<6|=^N*I0jtHxYGt^@8p7>YYD5VC!R_Gt zSBa@3Vqme)WsvY23`zpvHn=ju(0$#=Vn~<{CEP<45&dTOw_SGNXqirJ`n1~K`-p)7 z^c!8kS3j8+F652FckS-d;{}IH$$1VvuZGx>=1w11yfm_qMOKg8tdS-|#!H+ZiZ_Kt zu?-_mCS~(7H!M8rI=|f+Gm9hG0$nkmBU+p53?v0$%Qknq)T@=}Cw3MbB9$52}D-UPKhXjk5occL**pExX4Nk!MM80eyD)nA5^Ih=h$ZWoV@+BDIhK9nJqPo~4MR&3LZ==IoAdVS=`?5f(nkrZ?blI`>~P8O zHKB(dgm8mw2&u z0SUv=APq+v4Q7)@`;XTA=(b>76s3xI@ar*B>rS}Twod{+yR9JxD-m`B(GNc3PK}GV zBXbrU$qt8aT9zTyzV@av*0wL4o5mMnwAb-4I)^=Wfoa1!F3O1DcdEUfNGVj~F2_GF zJu9smw+bT_W%9dD)df;mY2k{8NE{ z*6z_t0YiP_XC9o;z`5%4$!G)PSML2~K^jI)(a zzTZ-f@*$t12Qh1ih#X|Kn~qeZ@sIkNFJAhaFQ#zKBG|KkALYZh`={*DnW)ifdDLwN zrCw8xy@3Ai@TJjHK-r-iAJ;T*(??Hk61#f_K!9YxmQcQi75Mz%j{N+dDSBN8^}Q= zw!VQqh-;OxqYF0p5VB^~S$Yd!6ugGJS(c^xDjkapm)LkHhJ|*R@c@4Ikyuwiv~~e# zolD;xsqB;K#9JtYtjZBCVMQ;}%#}q2UkIDoGlhiARi(oz!iLTN)tS5F8Ya|%(|H$~ z-o5e3pJmpd@6&X5|C=z?P*GYc0qH-A(XY%mtF+D#8q_s4s$9yIrpJjLE;f;T)+Pz= zNbX|{V~;E=@w9%nt`2zRO`l5-(7XC>VE1F}jlFmprzO9~E_#r!m56}`va;k?o(uvc zBNfJDIl*D{Jr@S@U92N&wCbPTtRDC%GfW=IYid~4ZaCHRRMO{|G+MFCxoq?}Jyg^7 zS=SvAvh9=`Zu7V|r*N`4L$@p#jc(QRBDd&;nF0rQK}S^<3KCOHTW`n2uI`w)?S(?4-)HdJHD zrsywf1707ATC$aS<^v#`C!Y$o#$2!7EZ5I99xQchLpR5o^e@n;@`6ZD!{;mfY0L3< zwtR&yG)rBY0nQGXG^A5Cpi3|dA=mx$Zd!JM#mAzjhm-ms%lq4eCJ*9coFe_$!VhKI zR!tgQSEa&f?@Wknly6mL@@;9g^VHvEYYlTvzwQCn4SQl+L$FlLVW67cm%@e}vGft` zSA{ld>!QHB_3Ib#^(~0c$lWmvxt=q)54qkF3I(2@u$SxGe!oZ7?00<{V;VYF3qIdc z`?OrOTFzYqW*6Co>Vwx$=P3N-45_8*OPeh*I$~{`GGPNc5sMi9UksSHZxVy2=}(GV}x||D3{l7(=}%o-$}L;I1XlUGntIj z<)hT_zKzFaC&n?eW~Q19Dn5n@*Yk(j&-%CDKaob+-Ia0Yr zTVnqBT^lZceuz1L`W|THdCUM7v@uK8iA#?8EiqJPj1b)-HsgE}K1a(I;wqq8gr;!s ze#A|9OwK@UI00+tN;?|lwP0?nk-zqQai$ZQ+%I+li$N@VOZ8mWLhRgo(kQ`znvX>! zovmlW>VW88wgQ|Q(W-YnX6Ju?jBuP+k7<*2G^m}+s9vkSm`K=@?(bB4j`og;hAZdY zJmG8eIq`7uc`bXIRI%JISqh4h7ji;FNAImZ_{LC`BHt@~9XycX{^^nlDgk_Ubk#dV`-g_7(N;Sc( z(WZXpO$rvB7bCceN!U0zwJwV2t*o$<^#1?3VK1xVB>j?vV`76G@%Tbv{a_gBfpi@e z?*3%yH^-GPMo|6n@`uFvuC7OY1p_*PXL}a>^gJch`WrX;JoS` zRk^~JN#c$ROZ~p}(Z4A4!n+TRQYrg=26J?Nkq|v~K5Slinr-N32J_7Nn8{4$TM;>wDpUhwz1R5zF7PqG%PWd3=F@W z2n;73J)<=vv+FvM#O{~OfiW<3j($3 zFdB@-wi!e}?89&&y?{(hoX&wm7W+`gjpO1jbgymWVsi~;SPaA`J;OHiAK8Je{HY@$ zF^wLLowzm`gpknnAmy~Bj)bjwe?v35$iTPa@=RpG$u#p1NXZakMPPFm<%(QH>|-Um zLA{fI`ybU~yvezfZ;bxN>YNtc22^~j)YEFdYv8B=Mgs>tW9uY@6qu$5`G+(X9dtED zm6aS9KYaBWuku3@(x;uqs$`AbuggD)sC#D~`q`Kq@2GguGc!6%E9*n`Qzdp*AilNS zIl;U2=^;zZue$5}_9Gvd7w{36MMsNG1w;~`p(3&S*_kz7)=ydk7MotC*VIl#WIwCi z^ewPOOmRAUf^IDz<~lvtY%DZ604{%45#!iP#OIPASZyPbs|aq>t{7Gv={gy2sxM~{Jpp_$TNc9&%l2l zB{CKa?uXhNRR)JtvlYNYF!+z@MT{!p1=pZJZ@;UI2)4$6#|(zw;i@J= ziky?;68pZLTa5AOxzRpAolElNP!{78S;b0=u|dC7_hmnFCuS7TW^m`4+6L+VwL9Tn zD>84y`Kj^ME*V4xq)oH;=W663&lj1-#9>T8G9@S3s`ytIknvxtbNFKy^H+_*O(rEQ z_(^1uf7Xb6JM`D)ATtHC+ttgXZP}gE8kE1(+FeTM5MuZ1_Dxc$`45$}yaGd!H2 zHw=h(sfX4Qu}o5;?R*Q!&1{Ob&~snhjHIr`%bw?V%K2Q8HV;t9vTD5t z-EX*LSoS^DFq{s&rs}}lXU>89qMDLTL5n3be#hKOMX(ZTZ#2T&9PJ;9-Q<}^S!Ur3 zYMUChE*FvvhFKiI1#0W&=e`06V0KDHr=-;3Aj}2))j>~3f;r;yQ@kGmdH$OTZ=y&t zhliyPNMdTj_p%>4K*T>`0#qHztJuRP>+rkKa$a z@}D9`$eCb#bP*r0$ryupaW|$^IkO0FiO5e%35bed9Q4A{L4I+^iTv`!awVMF1SLO;=#86FAHQtl>pg+Z>L<)o|< zBvZ%??7(Il$hfT>WN0*OF{uCqhY|+95T!HU2|2dlO&nP0%wUBC>O~_)xG@?%B4*ui zA4&fxoiOFam-0#iDq=+EuaEd>u}uJ_d~*~AY>T?N=%%Z$K3R$V6~fG!T8hs1*#f0$7w zw+cjDN&~L<1_l{0R&u;)Q2x5|Mou10gk@IXfVL?)?_yyf9hPdbkx?&U(hQy#HKkU1 z_|K~$X|X1>5Er6yRFsa09$NncD>C1e-w7)x=!;;OFew))6Pbil{h=mn?>FG>K23m< z`&4cl0#bP@|0TGPlYjxtUq2GLQZf*$j=r>s#CkTa zH+%>bXwHxfxnxi^@(Uin!Ez5vit6YiMo3%m+EBsX$j?rGDJQo4d54fnBDSprL;*Y^ zDAYi%|3^lktBeS0SIJJaMqyzSWo>WuGF&oHi(lW5PFD|Q@jtu;+t^;>@J zm01X@d^l}gm?4U?XG`q8IOlnmjn+uyJxhXx(-D1*I%1XS@-o#J*oQ1bsg*J;)PXV> z)X#|B<(OiDbBt~3FdYzVg8AE3TidH9ukZ-Q0B7yn!KxDd&hdx>{-(n znvq{8ki!L+VZ4xj=6wt$v)Pn_xdY~eDVQe{aSbh&{2BxyLI?+xzJRf)P2}vT_dqDc zCnr|Yiv640HE9ug{QO)ebJJ7nn5J0HM{euS9Ui-JpaK7I;w>O!lkWo>6)_B zcko&x_|m&Rc#vG-`bjk`xj00>?ojDG?rwHr2k9z-(>*32xm9J;JC8yp9Rh#a}__)DZ9SSBw< zNk)?bd>5TB4IdSs%Yd)asL~$Qva^PE9lrANcbJeJ%&V|(C7zymOnVY`23&n<_dVN+ zosDOTTvUQ>>(F@_JRl&<1X@%X&mxExMS1|}H=lV83cOg;)-z!72?uv>IP>CRhjD(1 zBq6Ww1xIxvgjaADRIk+^eW$lc7&-kX3_s`O=_pCsf~F^H2@Wmn*h1+F(V*%+Ja+-! z`F{Aqrh12e!^XDt99c08w#oPq>rmE~X|6eZaaL(_{5LT$E@wU-1RYqy9({EeVB)Wi$xGMellcJhFWy1++kV__GQS;~> z#-(|%9_Ewb$N0h-0OLG&Lx}@Z!UFVI1*8l$cIF4ZPRa{w@{%;7wVKg}KOW^TyR&F2 za4f>&R+CT@%n|)7%giw5aAP3@DhMjiVV*rbW{z&nO74$OC z*%d?Y{l3Fq-I%LB_EFp%!1|X_qZ|1FQ{6IkEzZ@!kmxTb9RWVolQD@KecadhFHvgC z&$~O6g4KyNqs$_&J%0)hHWG!%_?w(qUa@df{%01oMJ{>phaV#||LGA3^?6{NoEa^* z9=2KW^DOs+k;FN~aIVFlN0>HOu^*_kFsJGIvQJyVU%(Vv4T zCPbf5%PSrn$edSd!V^7S5N`ZcS;tUX-g zGj<{+RC^W>1_6I6v5ZPN_ADBi+isG%TbHurX$iO(c=?d!HLk;;8=wh}=I<__cI|3_ zub^wux2Izl$@qH2XR2SHSb_PXxL9is8e8f6RL|CsT#eXd>p=>zr%}?nq(rDY;c{dD z3Eqp|DFcS1BZE7?qDF4C#`($SoGIX^aV9AMSHbP(!^%CX<2xuA&?tnzV1%%kmlBKt zTf2l(51F+OC&0l$_x|&_8?*Q!ajeB_c5}6_%2d>|h2~Ku8ymPmzKAZhw)C)d5J)K~ z0u`RfIa}ja5XLLNtEZe)s9-E%!d}dzjOz~z$g`|og_**IQ&?>D(Y;bYMw3G0t}wV- zo2h^v)L-0(AWwuFPz(3mN92!hSkVrjVd0`j8=(|(vtXr4Xv>Tg00jF&E!R_ z7#t8pPXHi{W*aE;msDbrXVdnQVs{WJw1CZz{z$q|fU#bW?d@S_t_RzN{g>5Qo3ytwJCpyM>ut*3q*^%90X=b&>bq!fTWd92m=@5@($3e1=i~k3w~p77 z>-!E(^SYk1_=X|ev@{Znc!yI%V^j8u&G`t%#WaY`P|u5ACWaH~)8=bX>#vo$l7(tl#k`G+aaMMXY0K?}}`ZqGGqss9WB?2VSAU zc8#DbEjAN9t3i}{rhf_NNKQRdb(J-pb6Y!~ZV@hREpK`|3z(*{PFuwouW6iSUoNTY;gt6pu6?~=@73msN&X< zoo=kD%1A3Kn%p9Lm09*^LsW|8LAPwQCQXgfTKgCp%BP6vDyR55O{pW6M8Dr2of-n;N*_8n@Rg{J8 z*=SD7Datcpf5v`D#nCwCf5p88TvSi@KTe2BqqGPpNJ>aZr;?Hak^<7b^e%l3LPSB3 zUP3`Z1f)S)1VmaomSv@TN$L3Cg^zyndA`r*iQnJX%i-K}-!u1|Gjq?TQs1@2e~5vdGwznd^gwQmg(A!_WNP{6&Z8d@>@>xJeTj(e>ms zrS*4G@FSqJ?I})!{|&=mZT9&<$MAD$Y%D0q=MSdbe60}{X3K6dRJfV_g*H#Zv}@~} zqP$(5c!*Eg+>p?{*4>NWFO<~WgIwP8@!W)md<+%DQB(;W zhP{ibuQN0?S>-H#O~3$6b$JU%hc12eLuaCvzVU*Gu9K=p1nvU~Pb-Jh8z^~;o@nTe z51vZD6WmtX3)0e_cQN9RHK+3ck0mCte;RV(GF~(=>+J^rpg}0GV>d&~TQ)If=lh_TK;& zSHK92-&UYxc(2Cg)py#g@Y@YuD$m6%4vuuU-b;ov4Zo9Aew5g#+cTuFx^xDaEm z6sX}OBtrPwqX(}XVBtkq9SRFaN()>A_B6-k3z#O1Ewgmah%owP`9)JuUS)2uX?*gy z?L)mCN*pQifwAY&eKY%>OGW}Y=K9Hi_39If3$-}fAHv&V2PRf&n)(lu38 zM=J|u&Wxn+8CdOZR^H9sKJ;8>8E+>%1V*|X;I-G&b2u?ER*%@~)Zh(4s+4*IM=O_o zePFw&#mq6@EvIpkno7S9lV7iCt+T!!WPrW<5>8jv?qM?M=sTS1S9Bf9R$A%ji{)EP zn=wsXc)gx8xX+G?l-R5tUhdhB7{p^EA=VqHdRBXsZN(IsaW!kV2Y>ie@8PSORJdmJy)LDj*^x76yO{TMS2);v<-NS_*F-ry| zNybP5MQ1OJuvP&dK27d_zdL(Le!zx9hj|abbs1`X!G3sl5wWs<_ys6}Xn&R)t?`Yu zCB3gD^!WleLSgbE4{u{a08if4ur%_!^V1;fPs^qFlS#>~RdI*rz&XQK@0?TM`}r;_^_ z-|FkbJolVY_&4^J03^M5w>7s3&{~un!w~^@nb8(oaB7)2wn0S^|CDPmM}z?LlZO@*n!_d=0d)UaukLWib=8YP#kaZ_cjlF3; zAQA03>W3&pjrvza7zCTg`;@I#e#_`@$BYAFa2!v?bjsxXrflww)qdw$xg`F<-2Gyn~J^JHd!L z`#t@sG&*6SqRuNX)qzTp*>|e= zh`>(1DeNtwH;yX`tq+WmRtZ|ADJ+$XN*r*3G!b^xV1abIAoQR_9V-ywVJ4sf#H`hxy_o2m32)6ZMsq?MPFG6jLb( z!*b%n;r_;c*(BWqo{ruOwe1n@ift$Ro|BOpCQxE0sRCV%94Q!-II4o~vDmhsJ&_d$7<8?EW zeE~5i5;0Cy+jscs53AJ*E?~y&Ksdp{8}0NPom%NQR-r)|g^@fHR;71*BkfT8fL;L% z;bguoPp+??+X0+lgB zJZdYNpIs?gw3BEB5OggnT~72gEPu9<;5Z&L_iV%pQ4dL75~53onFx{fzSGYj`x$9r zd--JTqZMRMix0^w5Bh>^CzkUP^Gpl*4AGT+EXJ8v;0X^qK2rp%eZXZUwRYAfJMEl* zaj-A>DaY9&RoQrYj!bjJ31!*XFH(*YO!dJPa?MwjrTH06 zEzM-(t37202k}sRqQx=j&Jr1z{Y5Tgu_0tHRwl( zUh6SS0Dn`Or1I{v1|88O1J+gwm!G{ra)HWa$cWkn<5y>@D_k7*59SgKorBYJ?wAxC zT`;gPTyH}>soWfbFdyq%vwk!@pI)C8hjFPzM3E-hdRff?I`nfNsRR*IOR$h1OZ@|R1iI_I@6!jIfWtxb}kVv>tx zM%4o9b{jP96fr-Q!M?)92@WYv%#gyKoHqvw@t0E_Tn#e4x8g!bGp}rJ@iK0aYQTyz z4_+-N=Rq|tK&dkOEc0~Tw+O|H`K;N`M?h~fR20V&KthFdfx0@;$jny{a~mINqY=Cd!bl!sSkc;&BZ(N3_U`pDbcRO*BKrQx zm!#ojgkI`L<1+911pK)5Q<2k5Jw_B$!t&Pkr1ptobgkVjapW#Z}Tp!2U z*%$`^<5eifyKI$OaH_6KwW|sNYC~N-R!D2(0L@!asY{c+)-TiftxUAh0XGz@)yk=l zXCatQ#z-swlnM0ph=W53r^hRG(^$AFJiR5ctE6By9sFXhv9J5>m&2@Eekf|~sz}@l z>e+g%XS#_o8r1Vh8kl?QY~n1d{!T@P&6?n2hF>9m^0pA(y^}B;nt+p^!Xmz^gdIPk zUq)?cm6>cSP~8e=Gs(2H_D2&U;+Oc&IM8xyWBsa_t3DQ}7#2paXs1Rn}ByY~!u5@&G{bf`4Y&9aWIt2e(##^EvsT(ms$HT?xelj47%`7%b zzvc6d9ZW0-^z?a)A|aON>B-M)*zmzGjpPDHt5Z$lJK0s@f|bZScZaij?ros$*izP- zKZ_Sssu9y1$6Dz4VRx4LNRbX(#^QIxg%_2{qq~k1;Wcv&zP_A?RP9IWm7l~TXT)6~ z)fV<2F99cMu(c~2iNnW{T!)XCQAloTj4K3=!Yf7H^7;?n15Y6lkXwQaB(*@2YqGaed^Ip1PYbx3x%md#8;7>smYvji1IRs{P4A?uLQAXBzY*D zECg?fcZMyuY+2LG4I{qO;<@a!5>JSlfKBMLuFh3gE1Pf*aXROK_vb$&Ge(F;?|~6o zktSoLjc>{t@_IxSO&U_K%vCBMFw9}aRy6M6Sl6-KXP4b@)8zi$6pNPjpSjLi@>qDe zQ5+nMR^w;gJV5b62fSqRWaC-)+CWM3@{}EwL0nyVmC5>v))Li{tP*_VnbXi`u+DQ%%Lt ze3K4jg$V?l78FCX7p6X=82$Tdhus>Bj~K3e#77)Bm1SaWRWeN17`b!$NQ-SA)-f4oSM<*7W$&L+l<03^xexsh-#E|M{>$3l3Pi! zLDWOjULt5x_4y_29AQ`0X8NBK#)MgOa;0Z85=_50SF=^npidVcR$h%b=Ml4=9mBjD z+mePr>A>Jj@(5`nBhDV!9uQH#32ABcF#0}|?BGsRSe|7jI|A$nH0LRKs(v5w!Yx3p zmt`fMn1=6uR-(IVA84Ay7yPI>n5k|`&X+G+-{|vZ% zmvR!_d)`ft)&hQmP94|N*Xt+hQKX$mi_|L8ReJ#T)6)~4#@Y&x3h4Zf4$-9WxcW{w z@KDxlL&#(fTg1NDbq{Jc$VPky2E@Toz!pl@#%g|?wHOu6i$?S|o){~We#aB?Xk)!| zv<6kRzdg1TQvZI(s9h+owh#RF(%gs7x{yj%$n~-Mo~9Y(SUnOLJ=mXkwL`&s1o#0T z_NL*LrgtF|#t7ok)607|_qMjjsN0vTfq-392(lGfe~3aSibG6_>}up|MGy85#&)L0 zR>t%g4>wo!mW8B~hiB0XrhZ3--eo9><)dBLP8d+RCoeFXdWhnkdlP(>MQV_-Njlz+ z!K~Wub5Z-|bDJ9%H`^!L6fC^~3odxFh?#jD)I}50DupHCOu6mit;;H z+wd~P+4Phi*z28-42<56-HW`=&pW)n6zkZCzs2eCv(l zwihKYeTzQ;kKj1veQ}|vv<1FNa>2K?Ui_&>?TwJHQR0=BzC#?;8Dj1?Tr!DV%Cb66 zhMtY%%IEa;8G8fQz>Y!;=G%Y+m$IE zV(2-2hq*;LmYBIOcOFI4*)*0q>q@(X4yST67u^^^1iOCjKZ@Cic6$#!>V4(^=cfEZ)s4T0@d zk}{UH6Sn#@JMwBUnxw!Fw>flgg@H}#z&MO9UV^~3Naz4n#WC}~3JkJh!$=*64g z{Y0epC;Z%-HO>{^1|p{gj*QmFdzM3kBaAD7+@zIZ-0G!6>X5G`(zZMsE)oF;D`QCT z2aX~lB1~bz?&Y~-k^n#(Qth8A%`kcZE;r_a6Q!f$&|7qTz+RZ?p~h-$zz|WlEKMbf zRQ_n8p>b5AW*_tw>lJSw^_l@;m~JY>=4fSXY78kj#W;6u=wOp+>+{kTdVL?l0Fn;pFlT%jGtQp?Zq95X?e;iiAUVy8} zDi4^~bC_8GGTq6kWx@Pq9b@D7NmAcLR=k%f^D_S6W=}YmS(WGLQ6&9X6$a#N3d_PT zyfI|cS#u+5hU>9i0oK|~DnFLm^{l&F_)@jx1CW5-LL)js~=r zLwCF2<7@l08yT~mVu#P`7bb9mWpnKMZXY#a9X*YEq41HTv#`tnBIC^J6MIlKb=so# z5HHm#p^+$>CCWL#A$J7f$lJ!((|$kMNxkOob~=)gRI6NaFt3#_jP}Q5*%em-kWve5 z+lA4--_c^M+$iS#4)(>KR;nAFnrS@0(zB&%a!O57Q}+Wq3MAS$^N71UOVseowN&Y3 z`wUZmht$-I!>EWF88zSJ9*#Q}S=YgjIOebw4+VC8L0KbDoh<$oK+!_eyDDEPTDJR2 zIbTrT``~MLmL_UfBlbcRz^)Q4_oPbXae52%{h;+OyT|m@;q#%~q2!t`8w}j78*SZ0 zKmGVhkcz;5@f%t_Vr6nFWmV~OHX90xAsP64n*qbh-Sx~GwWlX^xP}g$$FIyz1J%y& zVQh-Q1lD8qfvm~=IwRKD#}et0Ql`3A?axSl*p6fYC~VKKAJJ!}Y}YRcUTn?`EKgFg zpPgv!2|-S;%J93^RykeNuWoe96X+U9fqr|ew83(EV&->>KqhfQ2nk+RaiSlQKO<_h@5 z1Ul_s7tFPNx4KTCQg`V~&O-dx``V}L5IM{Dj{~->%j7`qw@V_0Hzr$2A0GMmz_!1V zc)(|7+NFC3>r|Ajg!w zM8zQ0Ws-J_moD<9*X0YOC-)Qp8K*ECD)OHR#RGx6s*{=AtQGd(E}HhQb3{B~*4tZO zpZ4+_^mIu1%Dx+V^_dB5O;6yOfAZa)o0a99DEg{V39Zx2lP+t|I-TNs7lh8wo+-Rn z`wF7$3d9lZ2a0laaM=Jv*^n|4 z-n4nzQ61mcff=9)FaKZ@?*;-05UM_#38HZ6djnBVu^{%CsX*w(pG=(&zrff1Yk}{40=!!+7^x-41 zqpcK?t-YB{KxWJudTWchHKkYAxvy@|F#jw8ZgLU3;aYU7vAa_^pHtmLmf z!gqIbvUa2}vp_}TB8}qvPsC3rT9bFNI|xzjoP#=)E%zSJ)J?Vn&pLO*2)SO{Q{amqUF&@cYRSTCme8omWKHRxzk?44D=geHBY3lCC?n=*I z(|S1R*q8mw;!{kiC?|%Zb_i^H#f+x5%eLJyb6FA4jh!+tbFEDOqPm`(V#mET1O+#j z11bwTnjZ~u2wHv0;rh9=o9_9cunj1Wv9gFel+!!hr?e)Aun)hO*dIIE*po(8ca+w- z)n|o$?U)g(otszeGzC8hc-NT4q}EkYn7x$1cgx>bIBr*Th=+fUt^772&v*nQF`zsV zwk#4<(~iS;GVGqjcX7gx&XTvD3X`x4~D6csP9wGj=&$QOxXO4dl`F%Y1&Znyf zGsut#>4ReLfbD??ewX))cbW#`;ttjzd!5t5bzh{;Gqx^Jv;c-rF8615IOVrF;WdbNUQa*e+kSQ*uQ)U?i4^a z0+yFdtfoB{vpWuW5QcD@O5|mjeX4H}o(d0vbu-?NMJ5CLCl>0)I3qVcFv8(B&hV6g zQXyq7ziz2-4l&tKm!@v}xLOV$g5u)qDV(VgD-yHVwNsw56Ry-h&*%F@GL#hu}JJ&FOY>vSzdW!XT#v5LhYBpKHdQ0xhF)188d!SUx) ziY&0o^h zhuzZE>RCcrP7mohairXk+gl-`8b%w;T8O-fbMH~>pLd`MHw3%yLeaKmbhPSwEsdJq zGs6RAlve(Hcw$;|iO?NK6AJ%=o3)b0TSPOJ1Lakfq~tB5nq9gZ@^zN4{bJTa!z9y` zaiLeNbQx5)0f$8Xs8Q=F?Bi{{h}Uhj%y>myFKG;@o;$dH5%x_j&$U(P&LFgc`z<6M zi7B~@C@rlq(dIM=9JbLpW*riqc(krmjZR zye%;j?|o{WH$YbHT@5J03E(33Q>K

    FWtRldK4;N;TH~(bgWIlmI+T1Y$r9fRpw12Lfsu zP=yC|pb8{povzEy!BIs1W&nMay30 z+`U%xACI;f>-g^nxTgm!M~#i~`-l)hsl&@|uE}qC4N9?w`#-VXw};8kLDgs(=$J1v z_+EU*I5X%PVes}EFy?%(Wn$Qgit8ihMd$ZzoA}iT14YfJxy)Z172=b>Je8PNy?WbH ze)MTzJ9Xj^^>jYs;%%yM1I3@is;Sn69(0XqCBGjq|iK?=kg-D z?&I%A<``E|`7{KXerKb?OR?9>>W08WQ8#;_UK5Gpi4hBRgm?F(!DA>anslgDJrASb zs?tP4w3A7X-yATXcV}0v>usTCE?I-JJvmq{PHBE(EWk7b{+~+o79vNOXK#A1Q{pOI z$ZfQ2KYVr}&-jEstKjAo6#t{&5oD8RQP}EX~&&@H%j4Pu2Bq}2l zBq%}_J?ccSiS##)oIn zxeYbn`D|dW*xisr-)Z|`45{MI7QvjH$nhymx>OWDHqMU)d2DgJX<2|@t(@z4c!w1wZdm_#ASzXg)ax)Fz}_q zzN7D4A05Ic%5j5rP0;why2a2AD#$J_#unMfN>OuGo2?!yoO&(2k%C*}@qF~TC85UF zldb49zQ$Hbm2g|;##V${0DEb-_2%%zn-@(RBs*w3FB73z zU2+T*ys3w)K?=oPDjFBMK0CWu%E8^}v`Yscg?Zl5)Ad8oAMh&D-4Zwus*vt>W<&1T z)=HXAt?zNyVBSq{BF4Hy1H|*?YM<%f;0+XC)ESikYzHL51?jIN97`)5*~0fGWGfFy z7PUuAMf;rjj06D8Aq;ERT1vCp1M`xG^thDh;fu9(T>;`II&>PDw)9Tt&nHvJb{P3c z`nxMLLnmZ`4b3XLjIWmd2Ue_ms_@23Zbf345MCL=G zcMIxMH1;ejWydz=wXP)A7{SZ~mNPFS31+IL9IH!s#DQI;P*3H7)YXkT>otA-G9<;} zY)?YlVapu$Sv?VpljwjIHHNj($eE&4O+-HdbXeSxLL_hV{J;H}Nr#J7`Pn zRW5VwP);e0sqq!)jUgRsJbc>)efMqS-LhjM_w zZ%PSPqaKA55QieaO7eu#(d+)V8H$h{OVJ!qEp%5LD^F3wFRlVKN`4KLTnURYz&w#; zNuZT0b3~zPlf?vvh!NVPYlK-T7G-AEN?t_oGVJemZAD++%B%51-4)t@DonD1EWO)0QLQL>dx2Hu`zZG3Xl`A@!?H$GrdjEppIT~?J?$>;=quiPtEQCaH#L_1@!h%B z-rot59f8+nb1$O%3u(F_kC>7cr?+&<3W4_}xNg$-1nYu=$ql1R9>6JR#_71giGckf zA<>!Gi}DHtL=jEXyo<#*)Z!`1HZ z2?ndx%9b`8HK0cC_xPp57Ho{;mX`q^AhK*h zgN|)M=*?oR&IbHODV*Ba2hgMcy3DTW!J;ywe#%FfhbL)GdG+D@b!Su>Y$EMbiZQa% z_4e4usA}KWZ(U}Rshak6d^~P-;^$pxM+qexQ-)M|JC5vf&m%v)CHrB_EePW#npamx z1RTVjXHyMyM8<@Afh_i!eWV?Hd9!Y3qGYT-I9DsOTy%h82xd5PV`e{?X`(dBCWq;* zsV>#l&SCRQ0Qg4Pt{qUB3EO(T)*|2tkjbWm3~0wO+4bE~D$$VotRM85=I(+B%c8d5 zBx_0dN!Ry(Gi-Xm(v%o!*px23V}h`N3i`&)<+=>%0(-`#u2Rklmy=r`VObEr_xv$1 z8!gn%g37}ecCJvHMR^#h-Y=LIaG+-!Ih{KZN;xrQcTW)V&tUpe9?N&p;8uX|g`2R)FXD=IA(@ z0p+dg6;;V#vvb0}f)|l#nyY>>MnsAqGz)C>NWnj@_nOCSUu&-B4=t;6lzz4YH)-!} z8c(<1wlq&q8kzC|M$*U5QgfRBGS#JxDFp^S8E>WJ3ecqs}Uvw^hB1CrcqCaSeYGKkJ$R?ZH-R=}K2-lD-fJ*~}MCo9+C zulXX@bii=8N2coZ8|nluw}~XX)9p;vEm^g0g?cxBOtB`kv6r9l>II8H=j?9q`#ego zcH0-)Z6rv$WcSdEV6r&KPJfyWF8#pI>!8=?;oHIwDEEcpCfz+?+Pf_K9_(7swWZT7 zH%bq?mbGY{Lf$`h$m^lsq&gaXlYh<61^Xtxwx-A{(M%$iG7k2W*8r~qIoK&wWna;7 zut&f5HeVNybPAt-ZU+qKjC~_DSQjpKh`#AqD(_Pi490Q{IPkkM(fg0!2bBEnPsJ{I^^m6iaa9d!0MPr8Y%9mF2bDaWT3WE&nb?d|L!FrmT5`JukX zyJnDHfH@IM*pyjH@y_FiSvLZYBOm~t7`rK}AH-gBmvS7FeBz}V1%Zw+ZgZeva+i$O zrxM$KJ$m(^2kjiP-tlE7+`r>xP0S2Xrji}f7hfNcR3SYg>#3MCi8RX|O%Lzvy{5jq z;$m`hBqR9T@hV(gLc5+l{(=IZR=wAVes$lTe@2_Swb%d;_`_yAJ=Op)!f+sja_$kQ z*wRynd4bgmk0%0psT?zkw@FJz!R<6cHiHk%RDyG9bWH}c-yTU5?V&$K0p}hgNxA5? zGdM|3YVZ+fkDub?*^M<52yUk>y*C(Tb~QMLI`%1t_Sltp0=6&cGqK?u+UchZj*n}_ z2VcL169f48wdT{-PZJqkb8OD1tZyMy`5c`kd``6*-*O9Ar71d#=D|sdpj!Xr+ymC_ zTC2gQX70hZuFm&)SiZAF#LdZv)DR<=-C-5g- zf#_yO71knR5Z=va<<|53_#9=pT|7LNU3{Cn-kJz5;8>T>Qm;#Nl@}C)Rh}b(g5|_C z%KSHe=o)o9?bO#YA~>I8M?PMCERhjkPF238Y66!|XB40OV!*w*cz*9IUyhH9HVL*d zE3-zN8p7BS_^lx)Bd@$reE3h$|9vp#|Ogy5)5Ewgf*pq5q$!d1gEHGW?D?-`sJ+oUpDDG_J|o&3icxc?vI0RHzX{!I_)j$i{?svlZ4Y@q?oSe0b$=sCef{vSo5rwzofrYkN2M^+ z7Xijc|G2W6JYoOIbvZHq_UDY{B)`eJ2YUH02N}U-7{l@P?n4uYonv7-8iVjs^N$5Q^-`v5cXe}7vue0QS1P> zk)jCW>cFq--Uf;yFsz=_ZUe*W6AtSi;VkQ{#glcV_&*v@Btj6JLtVkJJr_SNao+kQ z#o??!zW8I;bTAWxaWYA9-asrvBqH#awaL3{86rSL;2(P(d>XFGXNs9fA8@(e!EE-6 zMZ}(BE`A?Gn!%@agX`Qz(1YI`i+K{=v+(~_nE`P0+5a7(D?p+DWtpY^PniLXZGV}P z&S8|k_WMO3#>95u@^2hmpLBzIUTHgCLpSOKdSCfF-uM^b<0T_->;=Ddg5mg@gO!P~ z6@FBeW55=oy(unps(zw%YzMvL;`neOz_@Z#Ok;VIl$TUvStz14b0$@YmlynS>4&`) zpo7%o>&8B_wjRlf3WJhUYQrm$QVHy5fO5rSL=^BS}AizWJlD5wX9ag zuNWV0Y`AT0)vwpDjB+PUDJ$6 z)8z^6b+&{0Qd;I%-S%F)tgfsx9(o5O8f(5s3u1lPBu8FH;LnV_+TmXFZunZkWQ)u@ zTBzlXJ(_BtXmuV1KST##mktoUpt?fh<`r_Wre4pKg*W2Dw_Y8!dTGHU1dvY(tIUj8 zHW}8Cxs756R%#C)k&Q>o*_jIg0Y1{e?hbM;yhEBDReiMWh8o$M4yj+MZ(LvRao?_Q zpP1Z}vRzoH9u|vK`l>sJm*pMw!XmJI2C!aQ1OXZR$PP|Nn}k2`o!EPpa+K&W5U01@OF7Dl8f8T!2+cPLgOFoJy^zivw0{is z?iPk`fZ;FYfWUgFF32|%&-M^s$WQjHNLCx{5JPqZKYcp~K!wc27d*t_zu~hw+9X44 z$V-dV%Zl(32APPVz@?m?CC5)tp*d)&nK;}-9Fd=_R*}rTGY>wA7%}u3F%-Py*uCUf z|3`?^UTAUmWSZQ>v{8VsMimlo^)AtV(t!{lf~$^fs2Zq7k@KK-c# zzGypFB!}fE`~RsVT-i?wAvV5$W>&&+4hQ^k!Ct)Q(GrdeIJUPKgrL}RETl%2Sns09 zTd@kGLY9oNjGOCE^WM*&Y!Gz&Iw?2Z;RN@iEO>TNQ0#Vv`vR+}e9o0K?dlEak(y?` za{|q>_2kv!WiG(lo!%9h9_^-9S%h}$%?c$+Qhes?k}sd$h$=nP&HnZrjuS;M{sR#L z`yd&5yze(IMLbNr{8jOCmg%F?xZZqO1i3VY3=2CtZIq| zUOX~YSt4z$Mv4YLyyvR2T-sRe6b%A+WNNai+E{%Q4cGCWtC`tC@rxx_)vyD#$tEad zMDbkJv0rPGEl|ja#J-}V zpNM_RNkc*h3phvFAcv=UTlTIF7A<9i0^Zl#vVJ;Pmnj>R@HDk#lXS2+C>w6!ebth! z(!t`RY*5A1)E=`vq%4*!(8k`-A(N(*(Zu7^!KS!FrbsEHg;$`1EqI4agHlEZkM9n) z&K)v6N*P_ef;-qAcgRdBW%PqGhn&A|HW=VN*Okq=gXIKJHW=ZN>B+X;!SbYRFvfeX zC%bqD%b&8r6pu__mPi*Xh_b;9@43D#moC;b$_5KOG6PvvU91?&1}nVh2C|O2SjjPR zHh3!r%6__7uVUnE@va#vKh?#06C-Db=VGXwq>GgmBWI77Z>XH3icPM*u`T>6-R>ccZzWM)xxgutt8-i&piDE$n0wj;;JtFK<9pz( z(1Bb3TN3zx@Qi=<2moV*|DmFU!|z_QKc&e&Ws?240JPXz6zK2 zt2I-@7hweV?e6e!Vu#PW$s!bE%3m(oIq|F*%4fTSavP=+R_S&T7=s%1&w|Pn-=g-) zWs1$ZKfr08K=2nN@Yn4BXI$W)$o9Vyg5UQYXpiwU&>pM+4@lde(0?S4arP(WcnJn= zl8pgl$P5*U2fvUY_n5qJ4EUQQFkbR+)%$mtRSY7QiHXj9;&N z)ArTXRl{eo72V%6Z40g%KX?*b*?s-3ZQWJlATS~+E@;XkdSc#wbhvID2445{9g`6l zk}?bAt{M_o>5}L5{cRHXH|zbkssaD1#QkI#?T9go{u?B+`m9&(D>@qNyz31P#4Cn3 ztNO8yN#Hm1{~sjqM}htiA@niAKkWmB4=z1r>wD7(r?~nRH}-Ifeuk`(=s7^pR)DR- z=-hBeC|W*H$m0q00*;f$*0~#Sv99F6Z>8!R0uM{eFa=w`<=1KT1|X3LY%r%8V~u}I zPR!Yya$26Vkwe&bRi1Iuc=`#0r^Hm{`iLQM{voOTbrZ+P=^Wv;j}F`gSh!XFQEaf^ zl)!H;Y}_z6j?3;$r*9>(QhPXgB^yIv2z}F81J?K7#4~Z2E8<--R7tgeFkrabaHgui zJ5vw?eS-}`cL+hKhAswr0SAP-lVG6k_d#e9*mn2KMG!jq9JHZgD#L>TvE2>eY*oK} z>N!U-YJY|NrMnxnb)VfQ4LWf0JT1dNf#qaq=g;zl^9z5j3&a0&x!j83)AoSnFG%Iy zUuo~YU+JuVkOqDM4Gn-7lfNlX_#V7!-%7&K8Tg=-dv*^?GsW#eoQK9S_Z`UX^1lx1 zQBlMSsOY5hfFvIQVO2l*F`1x;VVsl&I=VMxXc=O%+@(6lzfnwWw3?FRj zq%=>!JR#QZ7X~okGoFUwxMO3=&)~4~F?Yw1LN*w(_Sbvijv!+^0>e18{Xu3Pf&)k! z%pw=Eq;c}T_Yz@l_>q8^j+y)a0tx&b@PC5MwBf|c`@W%r_pL-qOb@%*-=h%6*4GCp z#aS`b(9pv&S(w`)!1RL|wpVVZ4HpI+4T4kRU*Vc8gwl%r1=;*G8gow?b8kESFG##q z#WPiOzeQV;v|-p*7?_%W^OXMn9fFBiq&c;+z=lgF?>yv00>+7t7zH1J`vcYFWXD1d48 zShO2mn>bE+w!RNa*$!vF-j)KHVr?PY={K8pKzUbW7`xxiDlvjW)6d`B?|Nn756bM3 zPr9lY625sEtTBeE@fRANDEMXnSn*bj;`~P#d-Tdb01E(9HpojJOM3<*?e}A88IGmJ z1x*m<18VGgoAg+<|2i1>?=|f+%?N6dvI};?%b7#a(6byqpe{b)3}Q2EYy{I?veKfi z*CNz+n?nP=J$g0N+nUphfB?5Nbq4y)7v!+D+2YisFE13E4kjB?B*d24sEd)^vbH7) z2x9pMXQLGr4<{R5N{FqqWrjqj-vr#oH5rn3Uyz5c%?_p}=|?Nh98SumONec=u`x__ zHA{=0dBrK(U`@$YNr;_d*DLnEP4U>r+k;3`eWW$r{k|KMDFgkfX!5I-2%w$CQKqYZoLLYj2T+~#**p|KyRxx9sKO0R>xIQcQGRZbx zQ4wdVp0en(lf9*5Qj#$7>0F;_bnuseZRD-Ti?ZlLZ4kQ8YQ-`mE*4qN zx!7GAiG^4KT8X9D3$zl;v7EFLtFdCV66>+IXr;c#%3-JYs+16=_^DJArTD8f9VQk3%Q*$sCz8-=-Tn2t05gfci#`j3Ri|N#JoBqJAn@CIr0r zO5i~NQK!h2X#y|02s}t2>Q{1Q&WuerbQ5@-ho}qY$|!;tJp>+95Oq1Q4tUW^;Bf(> zt^?KqFZu{P7$EAFV4d;lhJFGMCWyKRSO>fqAn;&?s0V^|z>7fwz=IQ_9t~CkuZ9Rb zcp&PmWP~2qAnMlOAAX2>2KYx1qCO4&5d!a>BlHk~s836lW$B zGC!o_x~031bm5n;Dx)tEbQz$(B&YX`M2aiUlrzJ^)jbr^7nA40M?}T?=*tBp2dZVz zs-#d};JJ9u3nbxW$A;||4#-DT&yMUYtyGZK?k(-LlZNcIualB4ON~e}g!7{OVvgo} zB}k?B2ak^8GPh=q2K)+_dRkk1G!AM5Bpf$GW_oH9%S5FltBH=h5GLDu^{q`?FpW;q z5Ew5!E+i9%@&ms|d1uOdePyi=xu@n%jS`dIUs!3^Yxh4GteQ8~Xm4ehS!S%+xz#!i z$z33Q>9x1svyPJ5_Y$evM<3y6s^FfYz{0{hi$(KJzs!jVck>nrNEy^O-skAT#lkuw zjB|CuWdLGyo!lo_$quhxK(_fi1j^)5BLrN#1!3h-NL0qb)2R|QW_)VRq>TZXZ1{Nj zO(;6--UI(Ze=mK$A?5FHg|S$@AoIE!_0RYa8n<6(6ARu=ZRRc(DT;bGc3Q0@d_x!8 zR4g+ioc*#vuS-{OQ7GMB#=~1YW2B=W1*^)KDKY^|8~ZLC_4)U9AAAySa>IJAk(i!A zH~3hL$Oyt6cP^moBpkc2+ifEx;9T;!xm1P36ge4V^80f_?hKGdQyl2-OUA(sDlI9) ziFLON=jm8_HE9X!3cMexyj`#pQKUJ@!%g0L+=b;n2n5wapWgE#d_Shu4}`rLQmtnq zip>Ycjh)bw=+m2`Z%Fc^N}#BF1H9qNG+Z)phb}e~&*3lD5rI(VVLPRQsm}K$vfnT9 z1YU(~JEl$YXhKDAAUcBHP&he~-6@XU^i6j$e3_nrtS4tTGhvOC6%nVp<2$g!p;xb# zDH$Hec9FOIL5WU{WS;tm(K-T(V#-r*zswf^RKp@Ik3uT*7(SS4d^G+ZLQZ35zp`zb zx^hJRPVK5gIn_7j@iKC>sdpt>6Cs6y!wMqSx?|28UA@QH61T;=az00n7~5nz#%mJ` zStAg`pa9EeyvGzh{Zd10_C+{W!2ZV;uFEr0X5CU${PVYpuCUHfF+HRd;`}Dd*auJ5Fr8@7j-77Y zp$ijKX&ot4ijpXSrbPFa6mtc8r`mqryuS%N78-m>EX2TcnXl+_qaBs+^-oC(Yp#KU z9m#?OhSwNBwMQapubzjCSQW55tg>QaG-sY5=Ezh=vBBT;%|rEVKx5F2vk{JfH7;3ULYwa{%45xKZBN{?95cQkSjeC>FN z!~IH3rt+u#TXFgZKG*$T99#*$b6$DhGC#@cJ9lf9a>Ua215~w!n3z}5(9F{E-CX(X zM;CM--{{D9$vP~b-Bo}XlO`A|?c)mO^`B-$z03(>F=u&0`?L(^UPk=-{5EQQGvONX zQl7l4*)H4U%5>@h>F@pD*cJCI9xmwrakfz0X$(0elAvg-Jq;awACn&LKz-aU1 z-~9)Tagu(xY?m>hMzW~R54W(eJS}mtn13L^zxT0|lyKwxnQ*VfW%=O}UBY004Nq8q zXfWnQT%R8<>#@X#ez{&j?n#cM1!O{CCwf YU*g7H_Q9oy;|RbdJN@z%*e=%p2VGEUZvX%Q diff --git a/workbooks/alz_checklist.en_counters_workbook.json b/workbooks/alz_checklist.en_counters_workbook.json index 736313b9..845dce97 100644 --- a/workbooks/alz_checklist.en_counters_workbook.json +++ b/workbooks/alz_checklist.en_counters_workbook.json @@ -1659,7 +1659,7 @@ "style": "tabs", "links": [ { - "id": "d4fc83ee-ece5-4248-bd4d-eadd478e9ce0", + "id": "6fdc3bad-8969-42f1-9f60-36190625a3ca", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "Identity and Access Management ({Tab0Success:value}/{Tab0Total:value})", @@ -1668,7 +1668,7 @@ "style": "primary" }, { - "id": "b6950d7f-6529-4e5b-ba5b-a92a3f8407f6", + "id": "0ea18942-264d-418a-b93c-0943787f2803", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "Network Topology and Connectivity ({Tab1Success:value}/{Tab1Total:value})", @@ -1677,7 +1677,7 @@ "style": "primary" }, { - "id": "63f7c98e-a2ab-47fd-8579-9bb96245fb7d", + "id": "3e7ccb23-0b39-47f5-b3d2-0b678ad85042", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "Security ({Tab2Success:value}/{Tab2Total:value})", @@ -1686,7 +1686,7 @@ "style": "primary" }, { - "id": "45ed3bff-0fb3-49f3-9fdd-858e699ae86b", + "id": "f09a1daa-c5bc-4296-b159-6938e227e934", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "Management ({Tab3Success:value}/{Tab3Total:value})", @@ -1695,7 +1695,7 @@ "style": "primary" }, { - "id": "297eb8f0-e52a-42dc-916f-94aa49065754", + "id": "71808002-cf64-406c-afea-fb1254eadc7a", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "Resource Organization ({Tab4Success:value}/{Tab4Total:value})", diff --git a/workbooks/alz_checklist.en_counters_workbook_template.json b/workbooks/alz_checklist.en_counters_workbook_template.json index 5e6d7b15..bce95954 100644 --- a/workbooks/alz_checklist.en_counters_workbook_template.json +++ b/workbooks/alz_checklist.en_counters_workbook_template.json @@ -41,7 +41,7 @@ "dependsOn": [], "properties": { "displayName": "[parameters('workbookDisplayName')]", - "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"value::all\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.aad/domainservices' | extend replicaSets = properties.replicaSets | where array_length(replicaSets) < 2 | project name=name, id=id, tags=tags, param1=strcat('replicaSetLocation:', replicaSets[0].location)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query0Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1Stats\",\n \"type\": 1,\n \"query\": \"resourcecontainers| where type == 'microsoft.resources/subscriptions'| extend ManagementGroup = tostring(tags),mgmtChain = properties.managementGroupAncestorsChain| extend compliant =( array_length(mgmtChain) <= 4 and array_length(mgmtChain) > 1)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query1Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2Stats\",\n \"type\": 1,\n \"query\": \"resourcecontainers| where type == 'microsoft.resources/subscriptions'| extend ManagementGroup = tostring(tags),mgmtChain = properties.managementGroupAncestorsChain| extend compliant = (array_length(mgmtChain) > 1)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query2Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3Stats\",\n \"type\": 1,\n \"query\": \"resources | extend compliant = isnotnull(['tags']) | project name, id, subscriptionId, resourceGroup, tags, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query3Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query4Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query5Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query6Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query7Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query8Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses))| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query9Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query10Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\\\.|172\\\\.(1[6-9]|2[0-9]|3[01])\\\\.|192\\\\.168\\\\.)') | project id, compliant, cidr| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query10FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query10Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query11Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query11FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query11Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query12Stats\",\n \"type\": 1,\n \"query\": \"Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query12FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query12Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query13Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query13FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query13Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query14Stats\",\n \"type\": 1,\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query14FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query14Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query15Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query15FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query15Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query16Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query16FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query16Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query17Stats\",\n \"type\": 1,\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query17FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query17Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query18Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query18FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query18Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query19Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query19FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query19Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query20Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation))| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query20FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query20Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query21Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.dnsSettings.enableProxy == true) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query21FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query21Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query22Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.sku.tier == 'Premium') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query22FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query22Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query23Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.threatIntelMode == 'Deny') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query23FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query23Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query24Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.intrusionDetection.mode == 'Deny') | project id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query24FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query24Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query25Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,name,subnetId=tostring(subnets.id), subnetName=tostring(subnets.name),subnetRT=subnets.properties.routeTable.id | where not (subnetName in ('GatewaySubnet', 'AzureFirewallSubnet', 'RouteServerSubnet', 'AzureBastionSubnet')) | extend hasRT = isnotnull(subnetRT) | distinct id, hasRT, subnetId | join kind=fullouter (resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | extend isVWAN=(tolower(split(properties_virtualNetworkPeerings.name, '_')[0]) == 'remotevnettohubpeering') | mv-expand properties.subnets | project id, isVWAN, name, subnetId=tostring(properties_subnets.id), subnetName=tostring(properties_subnets.name) | summarize PeeredToVWAN=max(isVWAN) by id, subnetId | project id, subnetId, isVWANpeer = (PeeredToVWAN == true)) on subnetId | project id=iff(isnotempty(id), id, id1), subnetId=iff(isnotempty(subnetId), subnetId, subnetId1), hasRT, isVWANpeer | extend compliant = (hasRT==true or isVWANpeer==true) | distinct id, subnetId, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query25FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query25Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query26Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query26FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query26Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query27Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/firewallPolicies' | where array_length(properties.firewalls) > 0 | extend compliant = (properties.dnsSettings.enableProxy =~ 'true') | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query27FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query27Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query28Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/azurefirewalls' | where array_length(zones) <= 1 or isnull(zones) | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | project name, id, tags, param1='multipleZones:false'| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query28FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query28Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query29Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query29FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query29Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query30Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query30FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query30Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query31Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query31FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query31Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query32Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query32FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query32Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query33Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query33FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query33Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query34Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query34FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query34Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query35Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query35FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query35Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query36Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query36FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query36Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query37Stats\",\n \"type\": 1,\n \"query\": \"resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query37FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query37Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query38Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query38FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query38Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query39Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query39FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query39Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query40Stats\",\n \"type\": 1,\n \"query\": \"Resources | where type =~ 'Microsoft.Storage/storageAccounts' | where sku.name in~ ('Standard_LRS', 'Premium_LRS') | project name, id, tags, param1 = strcat('sku: ', sku.name)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query40FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query40Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query41Stats\",\n \"type\": 1,\n \"query\": \"ResourceContainers | where type=='microsoft.resources/subscriptions'| parse id with '/subscriptions/' SubscriptionID| project subscriptionId, SubscriptionName = name| join kind=leftouter (Resources| where type == 'microsoft.keyvault/vaults'| project id, name, subscriptionId) on subscriptionId| join kind= leftouter (Resources| where type == 'microsoft.keyvault/vaults'| summarize ResourceCount = count() by subscriptionId) on subscriptionId| extend RCount = iff(isnull(ResourceCount), 0, ResourceCount)| project-away ResourceCount| extend compliant = (RCount <> 1)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query41FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query41Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query42Stats\",\n \"type\": 1,\n \"query\": \"resources| where type == 'microsoft.operationalinsights/workspaces'| extend wsid = properties.customerId| project workspaceResourceId = tolower(id), name, wsid| join (resources| where type == 'microsoft.operationsmanagement/solutions'| where name has 'SecurityInsights'| extend workspaceResourceId = tostring(tolower(properties.workspaceResourceId))| project workspaceResourceId | summarize ResourceCount = count() by workspaceResourceId) on workspaceResourceId| extend RCount = iff(isnull(ResourceCount), 0, ResourceCount)| project-away ResourceCount| extend compliant = (RCount <> 0)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query42FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query42Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab0Success}/{Tab0Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query4Stats:$.Success}+{Query5Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query9Stats:$.Success}+{Query10Stats:$.Success}+{Query11Stats:$.Success}+{Query12Stats:$.Success}+{Query13Stats:$.Success}+{Query14Stats:$.Success}+{Query15Stats:$.Success}+{Query16Stats:$.Success}+{Query17Stats:$.Success}+{Query18Stats:$.Success}+{Query19Stats:$.Success}+{Query20Stats:$.Success}+{Query21Stats:$.Success}+{Query22Stats:$.Success}+{Query23Stats:$.Success}+{Query24Stats:$.Success}+{Query25Stats:$.Success}+{Query26Stats:$.Success}+{Query27Stats:$.Success}+{Query28Stats:$.Success}+{Query29Stats:$.Success}+{Query30Stats:$.Success}+{Query31Stats:$.Success}+{Query32Stats:$.Success}+{Query33Stats:$.Success}+{Query34Stats:$.Success}+{Query35Stats:$.Success}+{Query36Stats:$.Success}+{Query37Stats:$.Success}+{Query38Stats:$.Success}+{Query39Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query4Stats:$.Total}+{Query5Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query9Stats:$.Total}+{Query10Stats:$.Total}+{Query11Stats:$.Total}+{Query12Stats:$.Total}+{Query13Stats:$.Total}+{Query14Stats:$.Total}+{Query15Stats:$.Total}+{Query16Stats:$.Total}+{Query17Stats:$.Total}+{Query18Stats:$.Total}+{Query19Stats:$.Total}+{Query20Stats:$.Total}+{Query21Stats:$.Total}+{Query22Stats:$.Total}+{Query23Stats:$.Total}+{Query24Stats:$.Total}+{Query25Stats:$.Total}+{Query26Stats:$.Total}+{Query27Stats:$.Total}+{Query28Stats:$.Total}+{Query29Stats:$.Total}+{Query30Stats:$.Total}+{Query31Stats:$.Total}+{Query32Stats:$.Total}+{Query33Stats:$.Total}+{Query34Stats:$.Total}+{Query35Stats:$.Total}+{Query36Stats:$.Total}+{Query37Stats:$.Total}+{Query38Stats:$.Total}+{Query39Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab1Success}/{Tab1Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query41Stats:$.Success}+{Query42Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query41Stats:$.Total}+{Query42Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab2Success}/{Tab2Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query40Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query40Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab3Success}/{Tab3Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab4Success}/{Tab4Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookTotal\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query9Stats:$.Total}+{Query10Stats:$.Total}+{Query11Stats:$.Total}+{Query12Stats:$.Total}+{Query13Stats:$.Total}+{Query14Stats:$.Total}+{Query15Stats:$.Total}+{Query16Stats:$.Total}+{Query17Stats:$.Total}+{Query18Stats:$.Total}+{Query19Stats:$.Total}+{Query20Stats:$.Total}+{Query21Stats:$.Total}+{Query22Stats:$.Total}+{Query23Stats:$.Total}+{Query24Stats:$.Total}+{Query25Stats:$.Total}+{Query26Stats:$.Total}+{Query27Stats:$.Total}+{Query28Stats:$.Total}+{Query29Stats:$.Total}+{Query30Stats:$.Total}+{Query31Stats:$.Total}+{Query32Stats:$.Total}+{Query33Stats:$.Total}+{Query34Stats:$.Total}+{Query35Stats:$.Total}+{Query36Stats:$.Total}+{Query37Stats:$.Total}+{Query38Stats:$.Total}+{Query39Stats:$.Total}+{Query41Stats:$.Total}+{Query42Stats:$.Total}+{Query40Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookSuccess\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query9Stats:$.Success}+{Query10Stats:$.Success}+{Query11Stats:$.Success}+{Query12Stats:$.Success}+{Query13Stats:$.Success}+{Query14Stats:$.Success}+{Query15Stats:$.Success}+{Query16Stats:$.Success}+{Query17Stats:$.Success}+{Query18Stats:$.Success}+{Query19Stats:$.Success}+{Query20Stats:$.Success}+{Query21Stats:$.Success}+{Query22Stats:$.Success}+{Query23Stats:$.Success}+{Query24Stats:$.Success}+{Query25Stats:$.Success}+{Query26Stats:$.Success}+{Query27Stats:$.Success}+{Query28Stats:$.Success}+{Query29Stats:$.Success}+{Query30Stats:$.Success}+{Query31Stats:$.Success}+{Query32Stats:$.Success}+{Query33Stats:$.Success}+{Query34Stats:$.Success}+{Query35Stats:$.Success}+{Query36Stats:$.Success}+{Query37Stats:$.Success}+{Query38Stats:$.Success}+{Query39Stats:$.Success}+{Query41Stats:$.Success}+{Query42Stats:$.Success}+{Query40Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookPercent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{WorkbookSuccess}/{WorkbookTotal})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"InvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Landing Zone Review\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"50\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"WorkbookPercent\\\\\\\": \\\\\\\"{WorkbookPercent}\\\\\\\", \\\\\\\"SubTitle\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 4,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"WorkbookPercent\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"SubTitle\",\n \"formatter\": 1\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"ProgressTile\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"d4fc83ee-ece5-4248-bd4d-eadd478e9ce0\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Identity and Access Management ({Tab0Success:value}/{Tab0Total:value})\",\n \"subTarget\": \"tab0\",\n \"preText\": \"Identity and Access Management\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"b6950d7f-6529-4e5b-ba5b-a92a3f8407f6\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Network Topology and Connectivity ({Tab1Success:value}/{Tab1Total:value})\",\n \"subTarget\": \"tab1\",\n \"preText\": \"Network Topology and Connectivity\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"63f7c98e-a2ab-47fd-8579-9bb96245fb7d\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Security ({Tab2Success:value}/{Tab2Total:value})\",\n \"subTarget\": \"tab2\",\n \"preText\": \"Security\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"45ed3bff-0fb3-49f3-9fdd-858e699ae86b\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Management ({Tab3Success:value}/{Tab3Total:value})\",\n \"subTarget\": \"tab3\",\n \"preText\": \"Management\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"297eb8f0-e52a-42dc-916f-94aa49065754\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Resource Organization ({Tab4Success:value}/{Tab4Total:value})\",\n \"subTarget\": \"tab4\",\n \"preText\": \"Resource Organization\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Identity and Access Management\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"When using Microsoft Entra Domain Services use replica sets. Replica sets will improve the resiliency of your managed domain and allow you to deploy to additional regions. Check [this link](https://learn.microsoft.com/entra/identity/domain-services/overview) for further information.. [This training](https://learn.microsoft.com/training/modules/understand-azure-active-directory/6-examine-azure-domain-services) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.aad/domainservices' | extend replicaSets = properties.replicaSets | where array_length(replicaSets) < 2 | project name=name, id=id, tags=tags, param1=strcat('replicaSetLocation:', replicaSets[0].location) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Network Topology and Connectivity\"\n },\n \"name\": \"tab1title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If using Route Server, use a /27 prefix for the Route Server subnet. Check [this link](https://learn.microsoft.com/azure/route-server/quickstart-configure-route-server-portal#create-a-route-server-1) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-route-server/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you have more than 400 spoke networks in a region, deploy an additional hub to bypass VNet peering limits (500) and the maximum number of prefixes that can be advertised via ExpressRoute (1000). Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Limit the number of routes per route table to 400. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use the setting 'Allow traffic to remote virtual network' when configuring VNet peerings. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-manage-peering) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard Load Balancer SKU with a zone-redundant deployment, Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure load balancer backend pool(s) contains at least two instances, Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use IP addresses from the address allocation ranges for private internets (RFC 1918). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext10\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\\\.|172\\\\.(1[6-9]|2[0-9]|3[01])\\\\.|192\\\\.168\\\\.)') | project id, compliant, cidr | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query10\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that IP address space isn't wasted, don't create unnecessarily large virtual networks (for example /16). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext11\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query11\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard SKU and Zone-Redundant IPs when applicable, Public IP addresses in Azure can be of standard SKU, available as non-zonal, zonal, or zone-redundant. Zone-redundant IPs are accessible across all zones, resisting any single zone failure, thereby providing higher resilience. Check [this link](https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone) for further information.. [This training](https://learn.microsoft.com/en-gb/training/modules/configure-virtual-networks/6-create-public-ip-addressing) can help to educate yourself on this.\"\n },\n \"name\": \"querytext12\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query12\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Bastion in a subnet /26 or larger. Check [this link](https://learn.microsoft.com/azure/bastion/bastion-faq#subnet) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-bastion/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext13\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query13\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Select the right SKU for the ExpressRoute/VPN gateways based on bandwidth and performance requirements. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways?source=recommendations#gwsku) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext14\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query14\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that you're using unlimited-data ExpressRoute circuits only if you reach the bandwidth that justifies their cost. Check [this link](https://learn.microsoft.com/azure/expressroute/plan-manage-cost) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext15\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query15\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Leverage the Local SKU of ExpressRoute to reduce the cost of your circuits, if your circuit peering location supports your Azure regions for the Local SKU. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-faqs#expressroute-local) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext16\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query16\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy a zone-redundant ExpressRoute gateway in the supported Azure regions. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext17\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query17\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use zone-redundant VPN gateways to connect branches or remote locations to Azure (where available). Check [this link](https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-vpn-gateway/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext18\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query18\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use ExpressRoute circuits from different peering locations for redundancy. Check [this link](https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext19\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query19\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you are using a route table in the GatewaySubnet, make sure that gateway routes are propagated. Check [this link](https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub) for further information.\"\n },\n \"name\": \"querytext20\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query20\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use application rules to filter outbound traffic on destination host name for supported protocols. Use FQDN-based network rules and Azure Firewall with DNS proxy to filter egress traffic to the Internet over other protocols. Check [this link](https://learn.microsoft.com/azure/firewall/fqdn-filtering-network-rules) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext21\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.dnsSettings.enableProxy == true) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query21\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Firewall Premium to enable additional security features. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext22\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.sku.tier == 'Premium') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query22\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall Threat Intelligence mode to Alert and Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps-signature-rules) for further information.\"\n },\n \"name\": \"querytext23\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.threatIntelMode == 'Deny') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query23\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall IDPS mode to Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext24\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.intrusionDetection.mode == 'Deny') | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query24\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For subnets in VNets not connected to Virtual WAN, attach a route table so that Internet traffic is redirected to Azure Firewall or a Network Virtual Appliance. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-networks-udr-overview) for further information.\"\n },\n \"name\": \"querytext25\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,name,subnetId=tostring(subnets.id), subnetName=tostring(subnets.name),subnetRT=subnets.properties.routeTable.id | where not (subnetName in ('GatewaySubnet', 'AzureFirewallSubnet', 'RouteServerSubnet', 'AzureBastionSubnet')) | extend hasRT = isnotnull(subnetRT) | distinct id, hasRT, subnetId | join kind=fullouter (resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | extend isVWAN=(tolower(split(properties_virtualNetworkPeerings.name, '_')[0]) == 'remotevnettohubpeering') | mv-expand properties.subnets | project id, isVWAN, name, subnetId=tostring(properties_subnets.id), subnetName=tostring(properties_subnets.name) | summarize PeeredToVWAN=max(isVWAN) by id, subnetId | project id, subnetId, isVWANpeer = (PeeredToVWAN == true)) on subnetId | project id=iff(isnotempty(id), id, id1), subnetId=iff(isnotempty(subnetId), subnetId, subnetId1), hasRT, isVWANpeer | extend compliant = (hasRT==true or isVWANpeer==true) | distinct id, subnetId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query25\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use a /26 prefix for your Azure Firewall subnets. Check [this link](https://learn.microsoft.com/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext26\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query26\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable Azure Firewall DNS proxy configuration. Check [this link](https://learn.microsoft.com/azure/firewall/dns-details) for further information.. [This training](https://learn.microsoft.com/training/courses/az-700t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext27\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/firewallPolicies' | where array_length(properties.firewalls) > 0 | extend compliant = (properties.dnsSettings.enableProxy =~ 'true') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query27\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Azure Firewall across multiple availability zones. Azure Firewall offers different SLAs depending on its deployment; in a single availability zone or across multiple, potentially improving reliability and performance. Check [this link](https://learn.microsoft.com/azure/firewall/deploy-availability-zone-powershell) for further information.. [This training](https://learn.microsoft.com/training/courses/az-104t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext28\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/azurefirewalls' | where array_length(zones) <= 1 or isnull(zones) | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | project name, id, tags, param1='multipleZones:false' | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query28\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure DDoS Protection on the Azure Firewall VNet, Associate a DDoS protection plan with the virtual network hosting Azure Firewall to provide enhanced mitigation against DDoS attacks. Azure Firewall Manager integrates the creation of firewall infrastructure and DDoS protection plans. Check [this link](https://learn.microsoft.com/en-gb/azure/ddos-protection/ddos-protection-overview) for further information.\"\n },\n \"name\": \"querytext29\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query29\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't enable virtual network service endpoints by default on all subnets. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-service-endpoints-overview) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn) can help to educate yourself on this.\"\n },\n \"name\": \"querytext30\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query30\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use at least a /27 prefix for your Gateway subnets. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway) for further information.\"\n },\n \"name\": \"querytext31\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query31\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't rely on the NSG inbound default rules using the VirtualNetwork service tag to limit connectivity. Check [this link](https://learn.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) for further information.\"\n },\n \"name\": \"querytext32\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query32\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use NSGs to help protect traffic across subnets, as well as east/west traffic across the platform (traffic between landing zones). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-landing-zone-network-segmentation) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext33\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query33\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable VNet Flow Logs and feed them into Traffic Analytics to gain insights into internal and external traffic flows. Check [this link](https://learn.microsoft.com/azure/network-watcher/vnet-flow-logs-overview) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext34\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query34\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not implement more than 900 NSG rules per NSG, due to the limit of 1000 rules. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits) for further information.. [This training](https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works) can help to educate yourself on this.\"\n },\n \"name\": \"querytext35\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query35\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For outbound Internet traffic protection and filtering, deploy Azure Firewall in secured hubs. Check [this link](https://learn.microsoft.com/azure/virtual-wan/howto-firewall) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext36\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query36\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not disable branch-to-branch traffic in Virtual WAN, unless these flows should be explicitly blocked. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#is-branch-to-branch-connectivity-allowed-in-virtual-wan) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext37\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query37\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use AS-Path as hub routing preference, since it is more flexible than ExpressRoute or VPN. Check [this link](https://learn.microsoft.com/azure/virtual-wan/about-virtual-hub-routing-preference) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext38\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query38\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Assign at least a /23 prefix to virtual hubs to ensure enough IP space is available. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#what-is-the-recommended-hub-address-space-during-hub-creation) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext39\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query39\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab1\"\n },\n \"name\": \"tab1\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Security\"\n },\n \"name\": \"tab2title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use different Azure Key Vaults for different applications, environments and regions to avoid transaction scale limits and restrict access to secrets. Check [this link](https://learn.microsoft.com/azure/key-vault/general/overview-throttling) for further information.. [This training](https://learn.microsoft.com/training/modules/configure-and-manage-azure-key-vault/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext41\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"ResourceContainers | where type=='microsoft.resources/subscriptions'| parse id with '/subscriptions/' SubscriptionID| project subscriptionId, SubscriptionName = name| join kind=leftouter (Resources| where type == 'microsoft.keyvault/vaults'| project id, name, subscriptionId) on subscriptionId| join kind= leftouter (Resources| where type == 'microsoft.keyvault/vaults'| summarize ResourceCount = count() by subscriptionId) on subscriptionId| extend RCount = iff(isnull(ResourceCount), 0, ResourceCount)| project-away ResourceCount| extend compliant = (RCount <> 1) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query41\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Centralized threat detection with correlated logs - consolidate security data in a central location where it can be correlated across various services via SIEM (security information and event management). Check [this link](https://learn.microsoft.com/en-us/azure/well-architected/security/monitor-threats#centralized-threat-detection-with-correlated-logs) for further information.\"\n },\n \"name\": \"querytext42\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.operationalinsights/workspaces'| extend wsid = properties.customerId| project workspaceResourceId = tolower(id), name, wsid| join (resources| where type == 'microsoft.operationsmanagement/solutions'| where name has 'SecurityInsights'| extend workspaceResourceId = tostring(tolower(properties.workspaceResourceId))| project workspaceResourceId | summarize ResourceCount = count() by workspaceResourceId) on workspaceResourceId| extend RCount = iff(isnull(ResourceCount), 0, ResourceCount)| project-away ResourceCount| extend compliant = (RCount <> 0) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query42\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab2\"\n },\n \"name\": \"tab2\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Management\"\n },\n \"name\": \"tab3title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that storage accounts are zone or region redundant, Redundancy ensures storage accounts meet availability and durability targets amidst failures, weighing lower costs against higher availability. Locally redundant storage offers the least durability at the lowest cost. Check [this link](https://learn.microsoft.com/en-gb/azure/storage/common/redundancy-migration?tabs=portal) for further information.. [This training](https://learn.microsoft.com/azure/storage/common/storage-redundancy) can help to educate yourself on this.\"\n },\n \"name\": \"querytext40\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"Resources | where type =~ 'Microsoft.Storage/storageAccounts' | where sku.name in~ ('Standard_LRS', 'Premium_LRS') | project name, id, tags, param1 = strcat('sku: ', sku.name) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query40\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab3\"\n },\n \"name\": \"tab3\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Resource Organization\"\n },\n \"name\": \"tab4title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enforce reasonably flat management group hierarchy with no more than four levels. Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups) for further information.. [This training](https://learn.microsoft.com/learn/modules/azure-architecture-fundamentals/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resourcecontainers| where type == 'microsoft.resources/subscriptions'| extend ManagementGroup = tostring(tags),mgmtChain = properties.managementGroupAncestorsChain| extend compliant =( array_length(mgmtChain) <= 4 and array_length(mgmtChain) > 1) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enforce no subscriptions are placed under the root management group. Check [this link](https://learn.microsoft.com/azure/governance/management-groups/how-to/protect-resource-hierarchy#setting---default-management-group) for further information.. [This training](https://learn.microsoft.com/azure/governance/management-groups/overview) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resourcecontainers| where type == 'microsoft.resources/subscriptions'| extend ManagementGroup = tostring(tags),mgmtChain = properties.managementGroupAncestorsChain| extend compliant = (array_length(mgmtChain) > 1) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure tags are used for billing and cost management. Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/track-costs) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-resource-mgmt-security/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | extend compliant = isnotnull(['tags']) | project name, id, subscriptionId, resourceGroup, tags, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab4\"\n },\n \"name\": \"tab4\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}", + "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"value::all\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.aad/domainservices' | extend replicaSets = properties.replicaSets | where array_length(replicaSets) < 2 | project name=name, id=id, tags=tags, param1=strcat('replicaSetLocation:', replicaSets[0].location)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query0Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1Stats\",\n \"type\": 1,\n \"query\": \"resourcecontainers| where type == 'microsoft.resources/subscriptions'| extend ManagementGroup = tostring(tags),mgmtChain = properties.managementGroupAncestorsChain| extend compliant =( array_length(mgmtChain) <= 4 and array_length(mgmtChain) > 1)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query1Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2Stats\",\n \"type\": 1,\n \"query\": \"resourcecontainers| where type == 'microsoft.resources/subscriptions'| extend ManagementGroup = tostring(tags),mgmtChain = properties.managementGroupAncestorsChain| extend compliant = (array_length(mgmtChain) > 1)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query2Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3Stats\",\n \"type\": 1,\n \"query\": \"resources | extend compliant = isnotnull(['tags']) | project name, id, subscriptionId, resourceGroup, tags, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query3Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query4Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query5Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query6Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query7Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query8Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses))| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query9Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query10Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\\\.|172\\\\.(1[6-9]|2[0-9]|3[01])\\\\.|192\\\\.168\\\\.)') | project id, compliant, cidr| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query10FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query10Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query11Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query11FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query11Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query12Stats\",\n \"type\": 1,\n \"query\": \"Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query12FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query12Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query13Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query13FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query13Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query14Stats\",\n \"type\": 1,\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query14FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query14Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query15Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query15FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query15Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query16Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query16FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query16Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query17Stats\",\n \"type\": 1,\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query17FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query17Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query18Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query18FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query18Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query19Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query19FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query19Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query20Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation))| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query20FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query20Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query21Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.dnsSettings.enableProxy == true) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query21FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query21Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query22Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.sku.tier == 'Premium') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query22FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query22Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query23Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.threatIntelMode == 'Deny') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query23FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query23Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query24Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.intrusionDetection.mode == 'Deny') | project id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query24FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query24Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query25Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,name,subnetId=tostring(subnets.id), subnetName=tostring(subnets.name),subnetRT=subnets.properties.routeTable.id | where not (subnetName in ('GatewaySubnet', 'AzureFirewallSubnet', 'RouteServerSubnet', 'AzureBastionSubnet')) | extend hasRT = isnotnull(subnetRT) | distinct id, hasRT, subnetId | join kind=fullouter (resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | extend isVWAN=(tolower(split(properties_virtualNetworkPeerings.name, '_')[0]) == 'remotevnettohubpeering') | mv-expand properties.subnets | project id, isVWAN, name, subnetId=tostring(properties_subnets.id), subnetName=tostring(properties_subnets.name) | summarize PeeredToVWAN=max(isVWAN) by id, subnetId | project id, subnetId, isVWANpeer = (PeeredToVWAN == true)) on subnetId | project id=iff(isnotempty(id), id, id1), subnetId=iff(isnotempty(subnetId), subnetId, subnetId1), hasRT, isVWANpeer | extend compliant = (hasRT==true or isVWANpeer==true) | distinct id, subnetId, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query25FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query25Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query26Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query26FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query26Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query27Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/firewallPolicies' | where array_length(properties.firewalls) > 0 | extend compliant = (properties.dnsSettings.enableProxy =~ 'true') | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query27FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query27Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query28Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/azurefirewalls' | where array_length(zones) <= 1 or isnull(zones) | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | project name, id, tags, param1='multipleZones:false'| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query28FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query28Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query29Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query29FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query29Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query30Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query30FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query30Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query31Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query31FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query31Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query32Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query32FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query32Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query33Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query33FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query33Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query34Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query34FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query34Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query35Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query35FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query35Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query36Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query36FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query36Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query37Stats\",\n \"type\": 1,\n \"query\": \"resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query37FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query37Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query38Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query38FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query38Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query39Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query39FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query39Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query40Stats\",\n \"type\": 1,\n \"query\": \"Resources | where type =~ 'Microsoft.Storage/storageAccounts' | where sku.name in~ ('Standard_LRS', 'Premium_LRS') | project name, id, tags, param1 = strcat('sku: ', sku.name)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query40FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query40Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query41Stats\",\n \"type\": 1,\n \"query\": \"ResourceContainers | where type=='microsoft.resources/subscriptions'| parse id with '/subscriptions/' SubscriptionID| project subscriptionId, SubscriptionName = name| join kind=leftouter (Resources| where type == 'microsoft.keyvault/vaults'| project id, name, subscriptionId) on subscriptionId| join kind= leftouter (Resources| where type == 'microsoft.keyvault/vaults'| summarize ResourceCount = count() by subscriptionId) on subscriptionId| extend RCount = iff(isnull(ResourceCount), 0, ResourceCount)| project-away ResourceCount| extend compliant = (RCount <> 1)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query41FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query41Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query42Stats\",\n \"type\": 1,\n \"query\": \"resources| where type == 'microsoft.operationalinsights/workspaces'| extend wsid = properties.customerId| project workspaceResourceId = tolower(id), name, wsid| join (resources| where type == 'microsoft.operationsmanagement/solutions'| where name has 'SecurityInsights'| extend workspaceResourceId = tostring(tolower(properties.workspaceResourceId))| project workspaceResourceId | summarize ResourceCount = count() by workspaceResourceId) on workspaceResourceId| extend RCount = iff(isnull(ResourceCount), 0, ResourceCount)| project-away ResourceCount| extend compliant = (RCount <> 0)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query42FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query42Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab0Success}/{Tab0Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query4Stats:$.Success}+{Query5Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query9Stats:$.Success}+{Query10Stats:$.Success}+{Query11Stats:$.Success}+{Query12Stats:$.Success}+{Query13Stats:$.Success}+{Query14Stats:$.Success}+{Query15Stats:$.Success}+{Query16Stats:$.Success}+{Query17Stats:$.Success}+{Query18Stats:$.Success}+{Query19Stats:$.Success}+{Query20Stats:$.Success}+{Query21Stats:$.Success}+{Query22Stats:$.Success}+{Query23Stats:$.Success}+{Query24Stats:$.Success}+{Query25Stats:$.Success}+{Query26Stats:$.Success}+{Query27Stats:$.Success}+{Query28Stats:$.Success}+{Query29Stats:$.Success}+{Query30Stats:$.Success}+{Query31Stats:$.Success}+{Query32Stats:$.Success}+{Query33Stats:$.Success}+{Query34Stats:$.Success}+{Query35Stats:$.Success}+{Query36Stats:$.Success}+{Query37Stats:$.Success}+{Query38Stats:$.Success}+{Query39Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query4Stats:$.Total}+{Query5Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query9Stats:$.Total}+{Query10Stats:$.Total}+{Query11Stats:$.Total}+{Query12Stats:$.Total}+{Query13Stats:$.Total}+{Query14Stats:$.Total}+{Query15Stats:$.Total}+{Query16Stats:$.Total}+{Query17Stats:$.Total}+{Query18Stats:$.Total}+{Query19Stats:$.Total}+{Query20Stats:$.Total}+{Query21Stats:$.Total}+{Query22Stats:$.Total}+{Query23Stats:$.Total}+{Query24Stats:$.Total}+{Query25Stats:$.Total}+{Query26Stats:$.Total}+{Query27Stats:$.Total}+{Query28Stats:$.Total}+{Query29Stats:$.Total}+{Query30Stats:$.Total}+{Query31Stats:$.Total}+{Query32Stats:$.Total}+{Query33Stats:$.Total}+{Query34Stats:$.Total}+{Query35Stats:$.Total}+{Query36Stats:$.Total}+{Query37Stats:$.Total}+{Query38Stats:$.Total}+{Query39Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab1Success}/{Tab1Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query41Stats:$.Success}+{Query42Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query41Stats:$.Total}+{Query42Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab2Success}/{Tab2Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query40Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query40Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab3Success}/{Tab3Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab4Success}/{Tab4Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookTotal\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query9Stats:$.Total}+{Query10Stats:$.Total}+{Query11Stats:$.Total}+{Query12Stats:$.Total}+{Query13Stats:$.Total}+{Query14Stats:$.Total}+{Query15Stats:$.Total}+{Query16Stats:$.Total}+{Query17Stats:$.Total}+{Query18Stats:$.Total}+{Query19Stats:$.Total}+{Query20Stats:$.Total}+{Query21Stats:$.Total}+{Query22Stats:$.Total}+{Query23Stats:$.Total}+{Query24Stats:$.Total}+{Query25Stats:$.Total}+{Query26Stats:$.Total}+{Query27Stats:$.Total}+{Query28Stats:$.Total}+{Query29Stats:$.Total}+{Query30Stats:$.Total}+{Query31Stats:$.Total}+{Query32Stats:$.Total}+{Query33Stats:$.Total}+{Query34Stats:$.Total}+{Query35Stats:$.Total}+{Query36Stats:$.Total}+{Query37Stats:$.Total}+{Query38Stats:$.Total}+{Query39Stats:$.Total}+{Query41Stats:$.Total}+{Query42Stats:$.Total}+{Query40Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookSuccess\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query9Stats:$.Success}+{Query10Stats:$.Success}+{Query11Stats:$.Success}+{Query12Stats:$.Success}+{Query13Stats:$.Success}+{Query14Stats:$.Success}+{Query15Stats:$.Success}+{Query16Stats:$.Success}+{Query17Stats:$.Success}+{Query18Stats:$.Success}+{Query19Stats:$.Success}+{Query20Stats:$.Success}+{Query21Stats:$.Success}+{Query22Stats:$.Success}+{Query23Stats:$.Success}+{Query24Stats:$.Success}+{Query25Stats:$.Success}+{Query26Stats:$.Success}+{Query27Stats:$.Success}+{Query28Stats:$.Success}+{Query29Stats:$.Success}+{Query30Stats:$.Success}+{Query31Stats:$.Success}+{Query32Stats:$.Success}+{Query33Stats:$.Success}+{Query34Stats:$.Success}+{Query35Stats:$.Success}+{Query36Stats:$.Success}+{Query37Stats:$.Success}+{Query38Stats:$.Success}+{Query39Stats:$.Success}+{Query41Stats:$.Success}+{Query42Stats:$.Success}+{Query40Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookPercent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{WorkbookSuccess}/{WorkbookTotal})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"InvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Landing Zone Review\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"50\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"WorkbookPercent\\\\\\\": \\\\\\\"{WorkbookPercent}\\\\\\\", \\\\\\\"SubTitle\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 4,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"WorkbookPercent\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"SubTitle\",\n \"formatter\": 1\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"ProgressTile\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"6fdc3bad-8969-42f1-9f60-36190625a3ca\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Identity and Access Management ({Tab0Success:value}/{Tab0Total:value})\",\n \"subTarget\": \"tab0\",\n \"preText\": \"Identity and Access Management\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"0ea18942-264d-418a-b93c-0943787f2803\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Network Topology and Connectivity ({Tab1Success:value}/{Tab1Total:value})\",\n \"subTarget\": \"tab1\",\n \"preText\": \"Network Topology and Connectivity\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"3e7ccb23-0b39-47f5-b3d2-0b678ad85042\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Security ({Tab2Success:value}/{Tab2Total:value})\",\n \"subTarget\": \"tab2\",\n \"preText\": \"Security\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"f09a1daa-c5bc-4296-b159-6938e227e934\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Management ({Tab3Success:value}/{Tab3Total:value})\",\n \"subTarget\": \"tab3\",\n \"preText\": \"Management\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"71808002-cf64-406c-afea-fb1254eadc7a\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Resource Organization ({Tab4Success:value}/{Tab4Total:value})\",\n \"subTarget\": \"tab4\",\n \"preText\": \"Resource Organization\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Identity and Access Management\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"When using Microsoft Entra Domain Services use replica sets. Replica sets will improve the resiliency of your managed domain and allow you to deploy to additional regions. Check [this link](https://learn.microsoft.com/entra/identity/domain-services/overview) for further information.. [This training](https://learn.microsoft.com/training/modules/understand-azure-active-directory/6-examine-azure-domain-services) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.aad/domainservices' | extend replicaSets = properties.replicaSets | where array_length(replicaSets) < 2 | project name=name, id=id, tags=tags, param1=strcat('replicaSetLocation:', replicaSets[0].location) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Network Topology and Connectivity\"\n },\n \"name\": \"tab1title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If using Route Server, use a /27 prefix for the Route Server subnet. Check [this link](https://learn.microsoft.com/azure/route-server/quickstart-configure-route-server-portal#create-a-route-server-1) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-route-server/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you have more than 400 spoke networks in a region, deploy an additional hub to bypass VNet peering limits (500) and the maximum number of prefixes that can be advertised via ExpressRoute (1000). Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Limit the number of routes per route table to 400. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use the setting 'Allow traffic to remote virtual network' when configuring VNet peerings. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-manage-peering) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard Load Balancer SKU with a zone-redundant deployment, Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure load balancer backend pool(s) contains at least two instances, Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use IP addresses from the address allocation ranges for private internets (RFC 1918). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext10\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\\\.|172\\\\.(1[6-9]|2[0-9]|3[01])\\\\.|192\\\\.168\\\\.)') | project id, compliant, cidr | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query10\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that IP address space isn't wasted, don't create unnecessarily large virtual networks (for example /16). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext11\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query11\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard SKU and Zone-Redundant IPs when applicable, Public IP addresses in Azure can be of standard SKU, available as non-zonal, zonal, or zone-redundant. Zone-redundant IPs are accessible across all zones, resisting any single zone failure, thereby providing higher resilience. Check [this link](https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone) for further information.. [This training](https://learn.microsoft.com/en-gb/training/modules/configure-virtual-networks/6-create-public-ip-addressing) can help to educate yourself on this.\"\n },\n \"name\": \"querytext12\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query12\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Bastion in a subnet /26 or larger. Check [this link](https://learn.microsoft.com/azure/bastion/bastion-faq#subnet) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-bastion/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext13\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query13\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Select the right SKU for the ExpressRoute/VPN gateways based on bandwidth and performance requirements. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways?source=recommendations#gwsku) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext14\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query14\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that you're using unlimited-data ExpressRoute circuits only if you reach the bandwidth that justifies their cost. Check [this link](https://learn.microsoft.com/azure/expressroute/plan-manage-cost) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext15\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query15\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Leverage the Local SKU of ExpressRoute to reduce the cost of your circuits, if your circuit peering location supports your Azure regions for the Local SKU. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-faqs#expressroute-local) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext16\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query16\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy a zone-redundant ExpressRoute gateway in the supported Azure regions. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext17\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query17\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use zone-redundant VPN gateways to connect branches or remote locations to Azure (where available). Check [this link](https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-vpn-gateway/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext18\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query18\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use ExpressRoute circuits from different peering locations for redundancy. Check [this link](https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext19\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query19\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you are using a route table in the GatewaySubnet, make sure that gateway routes are propagated. Check [this link](https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub) for further information.\"\n },\n \"name\": \"querytext20\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query20\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use application rules to filter outbound traffic on destination host name for supported protocols. Use FQDN-based network rules and Azure Firewall with DNS proxy to filter egress traffic to the Internet over other protocols. Check [this link](https://learn.microsoft.com/azure/firewall/fqdn-filtering-network-rules) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext21\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.dnsSettings.enableProxy == true) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query21\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Firewall Premium to enable additional security features. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext22\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.sku.tier == 'Premium') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query22\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall Threat Intelligence mode to Alert and Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps-signature-rules) for further information.\"\n },\n \"name\": \"querytext23\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.threatIntelMode == 'Deny') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query23\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall IDPS mode to Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext24\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.intrusionDetection.mode == 'Deny') | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query24\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For subnets in VNets not connected to Virtual WAN, attach a route table so that Internet traffic is redirected to Azure Firewall or a Network Virtual Appliance. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-networks-udr-overview) for further information.\"\n },\n \"name\": \"querytext25\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,name,subnetId=tostring(subnets.id), subnetName=tostring(subnets.name),subnetRT=subnets.properties.routeTable.id | where not (subnetName in ('GatewaySubnet', 'AzureFirewallSubnet', 'RouteServerSubnet', 'AzureBastionSubnet')) | extend hasRT = isnotnull(subnetRT) | distinct id, hasRT, subnetId | join kind=fullouter (resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | extend isVWAN=(tolower(split(properties_virtualNetworkPeerings.name, '_')[0]) == 'remotevnettohubpeering') | mv-expand properties.subnets | project id, isVWAN, name, subnetId=tostring(properties_subnets.id), subnetName=tostring(properties_subnets.name) | summarize PeeredToVWAN=max(isVWAN) by id, subnetId | project id, subnetId, isVWANpeer = (PeeredToVWAN == true)) on subnetId | project id=iff(isnotempty(id), id, id1), subnetId=iff(isnotempty(subnetId), subnetId, subnetId1), hasRT, isVWANpeer | extend compliant = (hasRT==true or isVWANpeer==true) | distinct id, subnetId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query25\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use a /26 prefix for your Azure Firewall subnets. Check [this link](https://learn.microsoft.com/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext26\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query26\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable Azure Firewall DNS proxy configuration. Check [this link](https://learn.microsoft.com/azure/firewall/dns-details) for further information.. [This training](https://learn.microsoft.com/training/courses/az-700t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext27\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/firewallPolicies' | where array_length(properties.firewalls) > 0 | extend compliant = (properties.dnsSettings.enableProxy =~ 'true') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query27\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Azure Firewall across multiple availability zones. Azure Firewall offers different SLAs depending on its deployment; in a single availability zone or across multiple, potentially improving reliability and performance. Check [this link](https://learn.microsoft.com/azure/firewall/deploy-availability-zone-powershell) for further information.. [This training](https://learn.microsoft.com/training/courses/az-104t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext28\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/azurefirewalls' | where array_length(zones) <= 1 or isnull(zones) | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | project name, id, tags, param1='multipleZones:false' | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query28\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure DDoS Protection on the Azure Firewall VNet, Associate a DDoS protection plan with the virtual network hosting Azure Firewall to provide enhanced mitigation against DDoS attacks. Azure Firewall Manager integrates the creation of firewall infrastructure and DDoS protection plans. Check [this link](https://learn.microsoft.com/en-gb/azure/ddos-protection/ddos-protection-overview) for further information.\"\n },\n \"name\": \"querytext29\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query29\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't enable virtual network service endpoints by default on all subnets. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-service-endpoints-overview) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn) can help to educate yourself on this.\"\n },\n \"name\": \"querytext30\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query30\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use at least a /27 prefix for your Gateway subnets. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway) for further information.\"\n },\n \"name\": \"querytext31\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query31\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't rely on the NSG inbound default rules using the VirtualNetwork service tag to limit connectivity. Check [this link](https://learn.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) for further information.\"\n },\n \"name\": \"querytext32\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query32\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use NSGs to help protect traffic across subnets, as well as east/west traffic across the platform (traffic between landing zones). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-landing-zone-network-segmentation) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext33\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query33\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable VNet Flow Logs and feed them into Traffic Analytics to gain insights into internal and external traffic flows. Check [this link](https://learn.microsoft.com/azure/network-watcher/vnet-flow-logs-overview) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext34\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query34\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not implement more than 900 NSG rules per NSG, due to the limit of 1000 rules. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits) for further information.. [This training](https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works) can help to educate yourself on this.\"\n },\n \"name\": \"querytext35\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query35\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For outbound Internet traffic protection and filtering, deploy Azure Firewall in secured hubs. Check [this link](https://learn.microsoft.com/azure/virtual-wan/howto-firewall) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext36\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query36\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not disable branch-to-branch traffic in Virtual WAN, unless these flows should be explicitly blocked. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#is-branch-to-branch-connectivity-allowed-in-virtual-wan) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext37\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query37\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use AS-Path as hub routing preference, since it is more flexible than ExpressRoute or VPN. Check [this link](https://learn.microsoft.com/azure/virtual-wan/about-virtual-hub-routing-preference) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext38\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query38\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Assign at least a /23 prefix to virtual hubs to ensure enough IP space is available. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#what-is-the-recommended-hub-address-space-during-hub-creation) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext39\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query39\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab1\"\n },\n \"name\": \"tab1\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Security\"\n },\n \"name\": \"tab2title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use different Azure Key Vaults for different applications, environments and regions to avoid transaction scale limits and restrict access to secrets. Check [this link](https://learn.microsoft.com/azure/key-vault/general/overview-throttling) for further information.. [This training](https://learn.microsoft.com/training/modules/configure-and-manage-azure-key-vault/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext41\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"ResourceContainers | where type=='microsoft.resources/subscriptions'| parse id with '/subscriptions/' SubscriptionID| project subscriptionId, SubscriptionName = name| join kind=leftouter (Resources| where type == 'microsoft.keyvault/vaults'| project id, name, subscriptionId) on subscriptionId| join kind= leftouter (Resources| where type == 'microsoft.keyvault/vaults'| summarize ResourceCount = count() by subscriptionId) on subscriptionId| extend RCount = iff(isnull(ResourceCount), 0, ResourceCount)| project-away ResourceCount| extend compliant = (RCount <> 1) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query41\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Centralized threat detection with correlated logs - consolidate security data in a central location where it can be correlated across various services via SIEM (security information and event management). Check [this link](https://learn.microsoft.com/en-us/azure/well-architected/security/monitor-threats#centralized-threat-detection-with-correlated-logs) for further information.\"\n },\n \"name\": \"querytext42\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.operationalinsights/workspaces'| extend wsid = properties.customerId| project workspaceResourceId = tolower(id), name, wsid| join (resources| where type == 'microsoft.operationsmanagement/solutions'| where name has 'SecurityInsights'| extend workspaceResourceId = tostring(tolower(properties.workspaceResourceId))| project workspaceResourceId | summarize ResourceCount = count() by workspaceResourceId) on workspaceResourceId| extend RCount = iff(isnull(ResourceCount), 0, ResourceCount)| project-away ResourceCount| extend compliant = (RCount <> 0) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query42\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab2\"\n },\n \"name\": \"tab2\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Management\"\n },\n \"name\": \"tab3title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that storage accounts are zone or region redundant, Redundancy ensures storage accounts meet availability and durability targets amidst failures, weighing lower costs against higher availability. Locally redundant storage offers the least durability at the lowest cost. Check [this link](https://learn.microsoft.com/en-gb/azure/storage/common/redundancy-migration?tabs=portal) for further information.. [This training](https://learn.microsoft.com/azure/storage/common/storage-redundancy) can help to educate yourself on this.\"\n },\n \"name\": \"querytext40\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"Resources | where type =~ 'Microsoft.Storage/storageAccounts' | where sku.name in~ ('Standard_LRS', 'Premium_LRS') | project name, id, tags, param1 = strcat('sku: ', sku.name) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query40\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab3\"\n },\n \"name\": \"tab3\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Resource Organization\"\n },\n \"name\": \"tab4title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enforce reasonably flat management group hierarchy with no more than four levels. Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups) for further information.. [This training](https://learn.microsoft.com/learn/modules/azure-architecture-fundamentals/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resourcecontainers| where type == 'microsoft.resources/subscriptions'| extend ManagementGroup = tostring(tags),mgmtChain = properties.managementGroupAncestorsChain| extend compliant =( array_length(mgmtChain) <= 4 and array_length(mgmtChain) > 1) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enforce no subscriptions are placed under the root management group. Check [this link](https://learn.microsoft.com/azure/governance/management-groups/how-to/protect-resource-hierarchy#setting---default-management-group) for further information.. [This training](https://learn.microsoft.com/azure/governance/management-groups/overview) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resourcecontainers| where type == 'microsoft.resources/subscriptions'| extend ManagementGroup = tostring(tags),mgmtChain = properties.managementGroupAncestorsChain| extend compliant = (array_length(mgmtChain) > 1) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure tags are used for billing and cost management. Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/track-costs) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-resource-mgmt-security/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | extend compliant = isnotnull(['tags']) | project name, id, subscriptionId, resourceGroup, tags, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab4\"\n },\n \"name\": \"tab4\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}", "version": "1.0", "sourceId": "[parameters('workbookSourceId')]", "category": "[parameters('workbookType')]" diff --git a/workbooks/alz_checklist.en_network_counters.json b/workbooks/alz_checklist.en_network_counters.json index ee76d278..01b72e2b 100644 --- a/workbooks/alz_checklist.en_network_counters.json +++ b/workbooks/alz_checklist.en_network_counters.json @@ -1142,7 +1142,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query26Stats:$.Success}" + "resultVal": "{Query32Stats:$.Success}+{Query33Stats:$.Success}+{Query34Stats:$.Success}+{Query35Stats:$.Success}" } } ] @@ -1161,7 +1161,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query26Stats:$.Total}" + "resultVal": "{Query32Stats:$.Total}+{Query33Stats:$.Total}+{Query34Stats:$.Total}+{Query35Stats:$.Total}" } } ] @@ -1256,7 +1256,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query22Stats:$.Success}+{Query27Stats:$.Success}+{Query28Stats:$.Success}+{Query29Stats:$.Success}+{Query30Stats:$.Success}+{Query31Stats:$.Success}" + "resultVal": "{Query10Stats:$.Success}+{Query11Stats:$.Success}+{Query12Stats:$.Success}+{Query13Stats:$.Success}+{Query14Stats:$.Success}+{Query15Stats:$.Success}+{Query16Stats:$.Success}" } } ] @@ -1275,7 +1275,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query22Stats:$.Total}+{Query27Stats:$.Total}+{Query28Stats:$.Total}+{Query29Stats:$.Total}+{Query30Stats:$.Total}+{Query31Stats:$.Total}" + "resultVal": "{Query10Stats:$.Total}+{Query11Stats:$.Total}+{Query12Stats:$.Total}+{Query13Stats:$.Total}+{Query14Stats:$.Total}+{Query15Stats:$.Total}+{Query16Stats:$.Total}" } } ] @@ -1313,7 +1313,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query10Stats:$.Success}+{Query11Stats:$.Success}+{Query12Stats:$.Success}+{Query13Stats:$.Success}+{Query14Stats:$.Success}+{Query15Stats:$.Success}+{Query16Stats:$.Success}" + "resultVal": "{Query22Stats:$.Success}+{Query27Stats:$.Success}+{Query28Stats:$.Success}+{Query29Stats:$.Success}+{Query30Stats:$.Success}+{Query31Stats:$.Success}" } } ] @@ -1332,7 +1332,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query10Stats:$.Total}+{Query11Stats:$.Total}+{Query12Stats:$.Total}+{Query13Stats:$.Total}+{Query14Stats:$.Total}+{Query15Stats:$.Total}+{Query16Stats:$.Total}" + "resultVal": "{Query22Stats:$.Total}+{Query27Stats:$.Total}+{Query28Stats:$.Total}+{Query29Stats:$.Total}+{Query30Stats:$.Total}+{Query31Stats:$.Total}" } } ] @@ -1370,7 +1370,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}" + "resultVal": "{Query26Stats:$.Success}" } } ] @@ -1389,7 +1389,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}" + "resultVal": "{Query26Stats:$.Total}" } } ] @@ -1484,7 +1484,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query32Stats:$.Success}+{Query33Stats:$.Success}+{Query34Stats:$.Success}+{Query35Stats:$.Success}" + "resultVal": "{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}" } } ] @@ -1503,7 +1503,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query32Stats:$.Total}+{Query33Stats:$.Total}+{Query34Stats:$.Total}+{Query35Stats:$.Total}" + "resultVal": "{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}" } } ] @@ -1541,7 +1541,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query26Stats:$.Total}+{Query17Stats:$.Total}+{Query18Stats:$.Total}+{Query19Stats:$.Total}+{Query20Stats:$.Total}+{Query21Stats:$.Total}+{Query23Stats:$.Total}+{Query24Stats:$.Total}+{Query25Stats:$.Total}+{Query22Stats:$.Total}+{Query27Stats:$.Total}+{Query28Stats:$.Total}+{Query29Stats:$.Total}+{Query30Stats:$.Total}+{Query31Stats:$.Total}+{Query10Stats:$.Total}+{Query11Stats:$.Total}+{Query12Stats:$.Total}+{Query13Stats:$.Total}+{Query14Stats:$.Total}+{Query15Stats:$.Total}+{Query16Stats:$.Total}+{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}+{Query9Stats:$.Total}+{Query32Stats:$.Total}+{Query33Stats:$.Total}+{Query34Stats:$.Total}+{Query35Stats:$.Total}" + "resultVal": "{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query32Stats:$.Total}+{Query33Stats:$.Total}+{Query34Stats:$.Total}+{Query35Stats:$.Total}+{Query17Stats:$.Total}+{Query18Stats:$.Total}+{Query19Stats:$.Total}+{Query20Stats:$.Total}+{Query21Stats:$.Total}+{Query23Stats:$.Total}+{Query24Stats:$.Total}+{Query25Stats:$.Total}+{Query10Stats:$.Total}+{Query11Stats:$.Total}+{Query12Stats:$.Total}+{Query13Stats:$.Total}+{Query14Stats:$.Total}+{Query15Stats:$.Total}+{Query16Stats:$.Total}+{Query22Stats:$.Total}+{Query27Stats:$.Total}+{Query28Stats:$.Total}+{Query29Stats:$.Total}+{Query30Stats:$.Total}+{Query31Stats:$.Total}+{Query26Stats:$.Total}+{Query9Stats:$.Total}+{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}" } } ] @@ -1560,7 +1560,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query26Stats:$.Success}+{Query17Stats:$.Success}+{Query18Stats:$.Success}+{Query19Stats:$.Success}+{Query20Stats:$.Success}+{Query21Stats:$.Success}+{Query23Stats:$.Success}+{Query24Stats:$.Success}+{Query25Stats:$.Success}+{Query22Stats:$.Success}+{Query27Stats:$.Success}+{Query28Stats:$.Success}+{Query29Stats:$.Success}+{Query30Stats:$.Success}+{Query31Stats:$.Success}+{Query10Stats:$.Success}+{Query11Stats:$.Success}+{Query12Stats:$.Success}+{Query13Stats:$.Success}+{Query14Stats:$.Success}+{Query15Stats:$.Success}+{Query16Stats:$.Success}+{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}+{Query9Stats:$.Success}+{Query32Stats:$.Success}+{Query33Stats:$.Success}+{Query34Stats:$.Success}+{Query35Stats:$.Success}" + "resultVal": "{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query32Stats:$.Success}+{Query33Stats:$.Success}+{Query34Stats:$.Success}+{Query35Stats:$.Success}+{Query17Stats:$.Success}+{Query18Stats:$.Success}+{Query19Stats:$.Success}+{Query20Stats:$.Success}+{Query21Stats:$.Success}+{Query23Stats:$.Success}+{Query24Stats:$.Success}+{Query25Stats:$.Success}+{Query10Stats:$.Success}+{Query11Stats:$.Success}+{Query12Stats:$.Success}+{Query13Stats:$.Success}+{Query14Stats:$.Success}+{Query15Stats:$.Success}+{Query16Stats:$.Success}+{Query22Stats:$.Success}+{Query27Stats:$.Success}+{Query28Stats:$.Success}+{Query29Stats:$.Success}+{Query30Stats:$.Success}+{Query31Stats:$.Success}+{Query26Stats:$.Success}+{Query9Stats:$.Success}+{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}" } } ] @@ -1634,7 +1634,7 @@ "style": "tabs", "links": [ { - "id": "d40d64d8-f295-4c5e-bdfe-23931f24020b", + "id": "cc6df7c1-6bb0-44b9-9596-37b22f0dbdb2", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "IP plan ({Tab0Success:value}/{Tab0Total:value})", @@ -1643,16 +1643,16 @@ "style": "primary" }, { - "id": "452ec5a7-a588-4ab2-b12f-ee6cd71cc218", + "id": "7bd04a78-910b-43c6-8a4b-3fa91b14d56c", "cellValue": "VisibleTab", "linkTarget": "parameter", - "linkLabel": "PaaS ({Tab1Success:value}/{Tab1Total:value})", + "linkLabel": "Virtual WAN ({Tab1Success:value}/{Tab1Total:value})", "subTarget": "tab1", - "preText": "PaaS", + "preText": "Virtual WAN", "style": "primary" }, { - "id": "0f899080-3803-42d0-b8c0-17cf472650a9", + "id": "2fd08728-7f1e-480d-83f5-65e52e44f72f", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "Firewall ({Tab2Success:value}/{Tab2Total:value})", @@ -1661,34 +1661,34 @@ "style": "primary" }, { - "id": "70cb1f29-0b21-48b0-96c4-05b32b522604", + "id": "d0d900ae-1cb1-4317-80dc-27afbf27ee97", "cellValue": "VisibleTab", "linkTarget": "parameter", - "linkLabel": "Segmentation ({Tab3Success:value}/{Tab3Total:value})", + "linkLabel": "Hybrid ({Tab3Success:value}/{Tab3Total:value})", "subTarget": "tab3", - "preText": "Segmentation", - "style": "primary" - }, - { - "id": "9d1150f7-4da0-4fa3-a844-cc869d1e8bb6", - "cellValue": "VisibleTab", - "linkTarget": "parameter", - "linkLabel": "Hybrid ({Tab4Success:value}/{Tab4Total:value})", - "subTarget": "tab4", "preText": "Hybrid", "style": "primary" }, { - "id": "c19f3b2e-ddbd-4092-ba5d-8d2723eaec59", + "id": "de56b6a2-6058-4bf6-9cb2-ee345d866639", "cellValue": "VisibleTab", "linkTarget": "parameter", - "linkLabel": "Hub and spoke ({Tab5Success:value}/{Tab5Total:value})", - "subTarget": "tab5", - "preText": "Hub and spoke", + "linkLabel": "Segmentation ({Tab4Success:value}/{Tab4Total:value})", + "subTarget": "tab4", + "preText": "Segmentation", "style": "primary" }, { - "id": "31b8861d-f5bd-4f39-8030-7cf555f3bca4", + "id": "daf6577d-1b8f-41d7-91a3-c183cb37d1cd", + "cellValue": "VisibleTab", + "linkTarget": "parameter", + "linkLabel": "PaaS ({Tab5Success:value}/{Tab5Total:value})", + "subTarget": "tab5", + "preText": "PaaS", + "style": "primary" + }, + { + "id": "542c4d48-fd21-4ae0-a676-9b6d576d5599", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "Internet ({Tab6Success:value}/{Tab6Total:value})", @@ -1697,12 +1697,12 @@ "style": "primary" }, { - "id": "e14b2364-00da-4719-a2a2-bcfdc4f73a05", + "id": "ddabcbf7-2ac6-44b5-9390-31f6112a6591", "cellValue": "VisibleTab", "linkTarget": "parameter", - "linkLabel": "Virtual WAN ({Tab7Success:value}/{Tab7Total:value})", + "linkLabel": "Hub and spoke ({Tab7Success:value}/{Tab7Total:value})", "subTarget": "tab7", - "preText": "Virtual WAN", + "preText": "Hub and spoke", "style": "primary" } ] @@ -1926,22 +1926,22 @@ { "type": 1, "content": { - "json": "## PaaS" + "json": "## Virtual WAN" }, "name": "tab1title" }, { "type": 1, "content": { - "json": "Don't enable virtual network service endpoints by default on all subnets. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-service-endpoints-overview) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn) can help to educate yourself on this." + "json": "For outbound Internet traffic protection and filtering, deploy Azure Firewall in secured hubs. Check [this link](https://learn.microsoft.com/azure/virtual-wan/howto-firewall) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this." }, - "name": "querytext26" + "name": "querytext32" }, { "type": 3, "content": { "version": "KqlItem/1.0", - "query": "resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "query": "resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", "size": 4, "queryType": 1, "resourceType": "microsoft.resourcegraph/resources", @@ -1990,7 +1990,193 @@ ] } }, - "name": "query26" + "name": "query32" + }, + { + "type": 1, + "content": { + "json": "Do not disable branch-to-branch traffic in Virtual WAN, unless these flows should be explicitly blocked. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#is-branch-to-branch-connectivity-allowed-in-virtual-wan) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this." + }, + "name": "querytext33" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query33" + }, + { + "type": 1, + "content": { + "json": "Use AS-Path as hub routing preference, since it is more flexible than ExpressRoute or VPN. Check [this link](https://learn.microsoft.com/azure/virtual-wan/about-virtual-hub-routing-preference) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this." + }, + "name": "querytext34" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query34" + }, + { + "type": 1, + "content": { + "json": "Assign at least a /23 prefix to virtual hubs to ensure enough IP space is available. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#what-is-the-recommended-hub-address-space-during-hub-creation) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this." + }, + "name": "querytext35" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query35" } ] }, @@ -2519,400 +2705,6 @@ }, "name": "tab2" }, - { - "type": 12, - "content": { - "version": "NotebookGroup/1.0", - "groupType": "editable", - "items": [ - { - "type": 1, - "content": { - "json": "## Segmentation" - }, - "name": "tab3title" - }, - { - "type": 1, - "content": { - "json": "Use a /26 prefix for your Azure Firewall subnets. Check [this link](https://learn.microsoft.com/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this." - }, - "name": "querytext22" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query22" - }, - { - "type": 1, - "content": { - "json": "Use at least a /27 prefix for your Gateway subnets. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway) for further information." - }, - "name": "querytext27" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query27" - }, - { - "type": 1, - "content": { - "json": "Don't rely on the NSG inbound default rules using the VirtualNetwork service tag to limit connectivity. Check [this link](https://learn.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) for further information." - }, - "name": "querytext28" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query28" - }, - { - "type": 1, - "content": { - "json": "Use NSGs to help protect traffic across subnets, as well as east/west traffic across the platform (traffic between landing zones). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-landing-zone-network-segmentation) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/) can help to educate yourself on this." - }, - "name": "querytext29" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query29" - }, - { - "type": 1, - "content": { - "json": "Enable VNet Flow Logs and feed them into Traffic Analytics to gain insights into internal and external traffic flows. Check [this link](https://learn.microsoft.com/azure/network-watcher/vnet-flow-logs-overview) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/) can help to educate yourself on this." - }, - "name": "querytext30" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query30" - }, - { - "type": 1, - "content": { - "json": "Do not implement more than 900 NSG rules per NSG, due to the limit of 1000 rules. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits) for further information.. [This training](https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works) can help to educate yourself on this." - }, - "name": "querytext31" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query31" - } - ] - }, - "conditionalVisibility": { - "parameterName": "VisibleTab", - "comparison": "isEqualTo", - "value": "tab3" - }, - "name": "tab3" - }, { "type": 12, "content": { @@ -2924,7 +2716,7 @@ "content": { "json": "## Hybrid" }, - "name": "tab4title" + "name": "tab3title" }, { "type": 1, @@ -3362,6 +3154,400 @@ } ] }, + "conditionalVisibility": { + "parameterName": "VisibleTab", + "comparison": "isEqualTo", + "value": "tab3" + }, + "name": "tab3" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## Segmentation" + }, + "name": "tab4title" + }, + { + "type": 1, + "content": { + "json": "Use a /26 prefix for your Azure Firewall subnets. Check [this link](https://learn.microsoft.com/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this." + }, + "name": "querytext22" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query22" + }, + { + "type": 1, + "content": { + "json": "Use at least a /27 prefix for your Gateway subnets. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway) for further information." + }, + "name": "querytext27" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query27" + }, + { + "type": 1, + "content": { + "json": "Don't rely on the NSG inbound default rules using the VirtualNetwork service tag to limit connectivity. Check [this link](https://learn.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) for further information." + }, + "name": "querytext28" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query28" + }, + { + "type": 1, + "content": { + "json": "Use NSGs to help protect traffic across subnets, as well as east/west traffic across the platform (traffic between landing zones). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-landing-zone-network-segmentation) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/) can help to educate yourself on this." + }, + "name": "querytext29" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query29" + }, + { + "type": 1, + "content": { + "json": "Enable VNet Flow Logs and feed them into Traffic Analytics to gain insights into internal and external traffic flows. Check [this link](https://learn.microsoft.com/azure/network-watcher/vnet-flow-logs-overview) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/) can help to educate yourself on this." + }, + "name": "querytext30" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query30" + }, + { + "type": 1, + "content": { + "json": "Do not implement more than 900 NSG rules per NSG, due to the limit of 1000 rules. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits) for further information.. [This training](https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works) can help to educate yourself on this." + }, + "name": "querytext31" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query31" + } + ] + }, "conditionalVisibility": { "parameterName": "VisibleTab", "comparison": "isEqualTo", @@ -3378,10 +3564,178 @@ { "type": 1, "content": { - "json": "## Hub and spoke" + "json": "## PaaS" }, "name": "tab5title" }, + { + "type": 1, + "content": { + "json": "Don't enable virtual network service endpoints by default on all subnets. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-service-endpoints-overview) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn) can help to educate yourself on this." + }, + "name": "querytext26" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query26" + } + ] + }, + "conditionalVisibility": { + "parameterName": "VisibleTab", + "comparison": "isEqualTo", + "value": "tab5" + }, + "name": "tab5" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## Internet" + }, + "name": "tab6title" + }, + { + "type": 1, + "content": { + "json": "Use Azure Bastion in a subnet /26 or larger. Check [this link](https://learn.microsoft.com/azure/bastion/bastion-faq#subnet) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-bastion/) can help to educate yourself on this." + }, + "name": "querytext9" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query9" + } + ] + }, + "conditionalVisibility": { + "parameterName": "VisibleTab", + "comparison": "isEqualTo", + "value": "tab6" + }, + "name": "tab6" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## Hub and spoke" + }, + "name": "tab7title" + }, { "type": 1, "content": { @@ -3756,360 +4110,6 @@ } ] }, - "conditionalVisibility": { - "parameterName": "VisibleTab", - "comparison": "isEqualTo", - "value": "tab5" - }, - "name": "tab5" - }, - { - "type": 12, - "content": { - "version": "NotebookGroup/1.0", - "groupType": "editable", - "items": [ - { - "type": 1, - "content": { - "json": "## Internet" - }, - "name": "tab6title" - }, - { - "type": 1, - "content": { - "json": "Use Azure Bastion in a subnet /26 or larger. Check [this link](https://learn.microsoft.com/azure/bastion/bastion-faq#subnet) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-bastion/) can help to educate yourself on this." - }, - "name": "querytext9" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query9" - } - ] - }, - "conditionalVisibility": { - "parameterName": "VisibleTab", - "comparison": "isEqualTo", - "value": "tab6" - }, - "name": "tab6" - }, - { - "type": 12, - "content": { - "version": "NotebookGroup/1.0", - "groupType": "editable", - "items": [ - { - "type": 1, - "content": { - "json": "## Virtual WAN" - }, - "name": "tab7title" - }, - { - "type": 1, - "content": { - "json": "For outbound Internet traffic protection and filtering, deploy Azure Firewall in secured hubs. Check [this link](https://learn.microsoft.com/azure/virtual-wan/howto-firewall) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this." - }, - "name": "querytext32" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query32" - }, - { - "type": 1, - "content": { - "json": "Do not disable branch-to-branch traffic in Virtual WAN, unless these flows should be explicitly blocked. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#is-branch-to-branch-connectivity-allowed-in-virtual-wan) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this." - }, - "name": "querytext33" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query33" - }, - { - "type": 1, - "content": { - "json": "Use AS-Path as hub routing preference, since it is more flexible than ExpressRoute or VPN. Check [this link](https://learn.microsoft.com/azure/virtual-wan/about-virtual-hub-routing-preference) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this." - }, - "name": "querytext34" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query34" - }, - { - "type": 1, - "content": { - "json": "Assign at least a /23 prefix to virtual hubs to ensure enough IP space is available. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#what-is-the-recommended-hub-address-space-during-hub-creation) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this." - }, - "name": "querytext35" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query35" - } - ] - }, "conditionalVisibility": { "parameterName": "VisibleTab", "comparison": "isEqualTo", diff --git a/workbooks/alz_checklist.en_network_counters_template.json b/workbooks/alz_checklist.en_network_counters_template.json index 253b21c3..c08b61fe 100644 --- a/workbooks/alz_checklist.en_network_counters_template.json +++ b/workbooks/alz_checklist.en_network_counters_template.json @@ -41,7 +41,7 @@ "dependsOn": [], "properties": { "displayName": "[parameters('workbookDisplayName')]", - "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"value::all\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query0Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query1Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query2Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query3Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query4Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses))| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query5Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\\\.|172\\\\.(1[6-9]|2[0-9]|3[01])\\\\.|192\\\\.168\\\\.)') | project id, compliant, cidr| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query6Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query7Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8Stats\",\n \"type\": 1,\n \"query\": \"Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query8Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query9Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query10Stats\",\n \"type\": 1,\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query10FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query10Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query11Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query11FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query11Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query12Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query12FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query12Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query13Stats\",\n \"type\": 1,\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query13FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query13Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query14Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query14FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query14Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query15Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query15FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query15Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query16Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation))| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query16FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query16Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query17Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.dnsSettings.enableProxy == true) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query17FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query17Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query18Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.sku.tier == 'Premium') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query18FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query18Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query19Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.threatIntelMode == 'Deny') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query19FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query19Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query20Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.intrusionDetection.mode == 'Deny') | project id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query20FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query20Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query21Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,name,subnetId=tostring(subnets.id), subnetName=tostring(subnets.name),subnetRT=subnets.properties.routeTable.id | where not (subnetName in ('GatewaySubnet', 'AzureFirewallSubnet', 'RouteServerSubnet', 'AzureBastionSubnet')) | extend hasRT = isnotnull(subnetRT) | distinct id, hasRT, subnetId | join kind=fullouter (resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | extend isVWAN=(tolower(split(properties_virtualNetworkPeerings.name, '_')[0]) == 'remotevnettohubpeering') | mv-expand properties.subnets | project id, isVWAN, name, subnetId=tostring(properties_subnets.id), subnetName=tostring(properties_subnets.name) | summarize PeeredToVWAN=max(isVWAN) by id, subnetId | project id, subnetId, isVWANpeer = (PeeredToVWAN == true)) on subnetId | project id=iff(isnotempty(id), id, id1), subnetId=iff(isnotempty(subnetId), subnetId, subnetId1), hasRT, isVWANpeer | extend compliant = (hasRT==true or isVWANpeer==true) | distinct id, subnetId, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query21FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query21Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query22Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query22FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query22Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query23Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/firewallPolicies' | where array_length(properties.firewalls) > 0 | extend compliant = (properties.dnsSettings.enableProxy =~ 'true') | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query23FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query23Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query24Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/azurefirewalls' | where array_length(zones) <= 1 or isnull(zones) | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | project name, id, tags, param1='multipleZones:false'| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query24FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query24Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query25Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query25FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query25Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query26Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query26FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query26Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query27Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query27FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query27Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query28Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query28FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query28Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query29Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query29FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query29Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query30Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query30FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query30Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query31Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query31FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query31Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query32Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query32FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query32Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query33Stats\",\n \"type\": 1,\n \"query\": \"resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query33FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query33Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query34Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query34FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query34Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query35Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query35FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query35Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab0Success}/{Tab0Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query26Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query26Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab1Success}/{Tab1Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query17Stats:$.Success}+{Query18Stats:$.Success}+{Query19Stats:$.Success}+{Query20Stats:$.Success}+{Query21Stats:$.Success}+{Query23Stats:$.Success}+{Query24Stats:$.Success}+{Query25Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query17Stats:$.Total}+{Query18Stats:$.Total}+{Query19Stats:$.Total}+{Query20Stats:$.Total}+{Query21Stats:$.Total}+{Query23Stats:$.Total}+{Query24Stats:$.Total}+{Query25Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab2Success}/{Tab2Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query22Stats:$.Success}+{Query27Stats:$.Success}+{Query28Stats:$.Success}+{Query29Stats:$.Success}+{Query30Stats:$.Success}+{Query31Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query22Stats:$.Total}+{Query27Stats:$.Total}+{Query28Stats:$.Total}+{Query29Stats:$.Total}+{Query30Stats:$.Total}+{Query31Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab3Success}/{Tab3Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query10Stats:$.Success}+{Query11Stats:$.Success}+{Query12Stats:$.Success}+{Query13Stats:$.Success}+{Query14Stats:$.Success}+{Query15Stats:$.Success}+{Query16Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query10Stats:$.Total}+{Query11Stats:$.Total}+{Query12Stats:$.Total}+{Query13Stats:$.Total}+{Query14Stats:$.Total}+{Query15Stats:$.Total}+{Query16Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab4Success}/{Tab4Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab5Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab5Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab5Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab5Success}/{Tab5Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab6Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query9Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab6Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query9Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab6Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab6Success}/{Tab6Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab7Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query32Stats:$.Success}+{Query33Stats:$.Success}+{Query34Stats:$.Success}+{Query35Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab7Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query32Stats:$.Total}+{Query33Stats:$.Total}+{Query34Stats:$.Total}+{Query35Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab7Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab7Success}/{Tab7Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookTotal\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query26Stats:$.Total}+{Query17Stats:$.Total}+{Query18Stats:$.Total}+{Query19Stats:$.Total}+{Query20Stats:$.Total}+{Query21Stats:$.Total}+{Query23Stats:$.Total}+{Query24Stats:$.Total}+{Query25Stats:$.Total}+{Query22Stats:$.Total}+{Query27Stats:$.Total}+{Query28Stats:$.Total}+{Query29Stats:$.Total}+{Query30Stats:$.Total}+{Query31Stats:$.Total}+{Query10Stats:$.Total}+{Query11Stats:$.Total}+{Query12Stats:$.Total}+{Query13Stats:$.Total}+{Query14Stats:$.Total}+{Query15Stats:$.Total}+{Query16Stats:$.Total}+{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}+{Query9Stats:$.Total}+{Query32Stats:$.Total}+{Query33Stats:$.Total}+{Query34Stats:$.Total}+{Query35Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookSuccess\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query26Stats:$.Success}+{Query17Stats:$.Success}+{Query18Stats:$.Success}+{Query19Stats:$.Success}+{Query20Stats:$.Success}+{Query21Stats:$.Success}+{Query23Stats:$.Success}+{Query24Stats:$.Success}+{Query25Stats:$.Success}+{Query22Stats:$.Success}+{Query27Stats:$.Success}+{Query28Stats:$.Success}+{Query29Stats:$.Success}+{Query30Stats:$.Success}+{Query31Stats:$.Success}+{Query10Stats:$.Success}+{Query11Stats:$.Success}+{Query12Stats:$.Success}+{Query13Stats:$.Success}+{Query14Stats:$.Success}+{Query15Stats:$.Success}+{Query16Stats:$.Success}+{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}+{Query9Stats:$.Success}+{Query32Stats:$.Success}+{Query33Stats:$.Success}+{Query34Stats:$.Success}+{Query35Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookPercent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{WorkbookSuccess}/{WorkbookTotal})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"InvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Landing Zone Review - Network\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"50\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"WorkbookPercent\\\\\\\": \\\\\\\"{WorkbookPercent}\\\\\\\", \\\\\\\"SubTitle\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 4,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"WorkbookPercent\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"SubTitle\",\n \"formatter\": 1\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"ProgressTile\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"d40d64d8-f295-4c5e-bdfe-23931f24020b\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"IP plan ({Tab0Success:value}/{Tab0Total:value})\",\n \"subTarget\": \"tab0\",\n \"preText\": \"IP plan\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"452ec5a7-a588-4ab2-b12f-ee6cd71cc218\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"PaaS ({Tab1Success:value}/{Tab1Total:value})\",\n \"subTarget\": \"tab1\",\n \"preText\": \"PaaS\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"0f899080-3803-42d0-b8c0-17cf472650a9\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Firewall ({Tab2Success:value}/{Tab2Total:value})\",\n \"subTarget\": \"tab2\",\n \"preText\": \"Firewall\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"70cb1f29-0b21-48b0-96c4-05b32b522604\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Segmentation ({Tab3Success:value}/{Tab3Total:value})\",\n \"subTarget\": \"tab3\",\n \"preText\": \"Segmentation\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"9d1150f7-4da0-4fa3-a844-cc869d1e8bb6\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Hybrid ({Tab4Success:value}/{Tab4Total:value})\",\n \"subTarget\": \"tab4\",\n \"preText\": \"Hybrid\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"c19f3b2e-ddbd-4092-ba5d-8d2723eaec59\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Hub and spoke ({Tab5Success:value}/{Tab5Total:value})\",\n \"subTarget\": \"tab5\",\n \"preText\": \"Hub and spoke\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"31b8861d-f5bd-4f39-8030-7cf555f3bca4\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Internet ({Tab6Success:value}/{Tab6Total:value})\",\n \"subTarget\": \"tab6\",\n \"preText\": \"Internet\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"e14b2364-00da-4719-a2a2-bcfdc4f73a05\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Virtual WAN ({Tab7Success:value}/{Tab7Total:value})\",\n \"subTarget\": \"tab7\",\n \"preText\": \"Virtual WAN\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## IP plan\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use IP addresses from the address allocation ranges for private internets (RFC 1918). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\\\.|172\\\\.(1[6-9]|2[0-9]|3[01])\\\\.|192\\\\.168\\\\.)') | project id, compliant, cidr | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that IP address space isn't wasted, don't create unnecessarily large virtual networks (for example /16). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard SKU and Zone-Redundant IPs when applicable, Public IP addresses in Azure can be of standard SKU, available as non-zonal, zonal, or zone-redundant. Zone-redundant IPs are accessible across all zones, resisting any single zone failure, thereby providing higher resilience. Check [this link](https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone) for further information.. [This training](https://learn.microsoft.com/en-gb/training/modules/configure-virtual-networks/6-create-public-ip-addressing) can help to educate yourself on this.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## PaaS\"\n },\n \"name\": \"tab1title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't enable virtual network service endpoints by default on all subnets. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-service-endpoints-overview) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn) can help to educate yourself on this.\"\n },\n \"name\": \"querytext26\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query26\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab1\"\n },\n \"name\": \"tab1\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Firewall\"\n },\n \"name\": \"tab2title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use application rules to filter outbound traffic on destination host name for supported protocols. Use FQDN-based network rules and Azure Firewall with DNS proxy to filter egress traffic to the Internet over other protocols. Check [this link](https://learn.microsoft.com/azure/firewall/fqdn-filtering-network-rules) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext17\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.dnsSettings.enableProxy == true) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query17\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Firewall Premium to enable additional security features. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext18\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.sku.tier == 'Premium') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query18\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall Threat Intelligence mode to Alert and Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps-signature-rules) for further information.\"\n },\n \"name\": \"querytext19\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.threatIntelMode == 'Deny') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query19\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall IDPS mode to Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext20\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.intrusionDetection.mode == 'Deny') | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query20\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For subnets in VNets not connected to Virtual WAN, attach a route table so that Internet traffic is redirected to Azure Firewall or a Network Virtual Appliance. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-networks-udr-overview) for further information.\"\n },\n \"name\": \"querytext21\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,name,subnetId=tostring(subnets.id), subnetName=tostring(subnets.name),subnetRT=subnets.properties.routeTable.id | where not (subnetName in ('GatewaySubnet', 'AzureFirewallSubnet', 'RouteServerSubnet', 'AzureBastionSubnet')) | extend hasRT = isnotnull(subnetRT) | distinct id, hasRT, subnetId | join kind=fullouter (resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | extend isVWAN=(tolower(split(properties_virtualNetworkPeerings.name, '_')[0]) == 'remotevnettohubpeering') | mv-expand properties.subnets | project id, isVWAN, name, subnetId=tostring(properties_subnets.id), subnetName=tostring(properties_subnets.name) | summarize PeeredToVWAN=max(isVWAN) by id, subnetId | project id, subnetId, isVWANpeer = (PeeredToVWAN == true)) on subnetId | project id=iff(isnotempty(id), id, id1), subnetId=iff(isnotempty(subnetId), subnetId, subnetId1), hasRT, isVWANpeer | extend compliant = (hasRT==true or isVWANpeer==true) | distinct id, subnetId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query21\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable Azure Firewall DNS proxy configuration. Check [this link](https://learn.microsoft.com/azure/firewall/dns-details) for further information.. [This training](https://learn.microsoft.com/training/courses/az-700t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext23\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/firewallPolicies' | where array_length(properties.firewalls) > 0 | extend compliant = (properties.dnsSettings.enableProxy =~ 'true') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query23\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Azure Firewall across multiple availability zones. Azure Firewall offers different SLAs depending on its deployment; in a single availability zone or across multiple, potentially improving reliability and performance. Check [this link](https://learn.microsoft.com/azure/firewall/deploy-availability-zone-powershell) for further information.. [This training](https://learn.microsoft.com/training/courses/az-104t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext24\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/azurefirewalls' | where array_length(zones) <= 1 or isnull(zones) | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | project name, id, tags, param1='multipleZones:false' | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query24\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure DDoS Protection on the Azure Firewall VNet, Associate a DDoS protection plan with the virtual network hosting Azure Firewall to provide enhanced mitigation against DDoS attacks. Azure Firewall Manager integrates the creation of firewall infrastructure and DDoS protection plans. Check [this link](https://learn.microsoft.com/en-gb/azure/ddos-protection/ddos-protection-overview) for further information.\"\n },\n \"name\": \"querytext25\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query25\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab2\"\n },\n \"name\": \"tab2\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Segmentation\"\n },\n \"name\": \"tab3title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use a /26 prefix for your Azure Firewall subnets. Check [this link](https://learn.microsoft.com/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext22\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query22\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use at least a /27 prefix for your Gateway subnets. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway) for further information.\"\n },\n \"name\": \"querytext27\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query27\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't rely on the NSG inbound default rules using the VirtualNetwork service tag to limit connectivity. Check [this link](https://learn.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) for further information.\"\n },\n \"name\": \"querytext28\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query28\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use NSGs to help protect traffic across subnets, as well as east/west traffic across the platform (traffic between landing zones). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-landing-zone-network-segmentation) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext29\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query29\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable VNet Flow Logs and feed them into Traffic Analytics to gain insights into internal and external traffic flows. Check [this link](https://learn.microsoft.com/azure/network-watcher/vnet-flow-logs-overview) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext30\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query30\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not implement more than 900 NSG rules per NSG, due to the limit of 1000 rules. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits) for further information.. [This training](https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works) can help to educate yourself on this.\"\n },\n \"name\": \"querytext31\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query31\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab3\"\n },\n \"name\": \"tab3\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Hybrid\"\n },\n \"name\": \"tab4title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Select the right SKU for the ExpressRoute/VPN gateways based on bandwidth and performance requirements. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways?source=recommendations#gwsku) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext10\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query10\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that you're using unlimited-data ExpressRoute circuits only if you reach the bandwidth that justifies their cost. Check [this link](https://learn.microsoft.com/azure/expressroute/plan-manage-cost) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext11\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query11\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Leverage the Local SKU of ExpressRoute to reduce the cost of your circuits, if your circuit peering location supports your Azure regions for the Local SKU. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-faqs#expressroute-local) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext12\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query12\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy a zone-redundant ExpressRoute gateway in the supported Azure regions. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext13\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query13\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use zone-redundant VPN gateways to connect branches or remote locations to Azure (where available). Check [this link](https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-vpn-gateway/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext14\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query14\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use ExpressRoute circuits from different peering locations for redundancy. Check [this link](https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext15\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query15\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you are using a route table in the GatewaySubnet, make sure that gateway routes are propagated. Check [this link](https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub) for further information.\"\n },\n \"name\": \"querytext16\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query16\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab4\"\n },\n \"name\": \"tab4\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Hub and spoke\"\n },\n \"name\": \"tab5title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If using Route Server, use a /27 prefix for the Route Server subnet. Check [this link](https://learn.microsoft.com/azure/route-server/quickstart-configure-route-server-portal#create-a-route-server-1) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-route-server/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you have more than 400 spoke networks in a region, deploy an additional hub to bypass VNet peering limits (500) and the maximum number of prefixes that can be advertised via ExpressRoute (1000). Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Limit the number of routes per route table to 400. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use the setting 'Allow traffic to remote virtual network' when configuring VNet peerings. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-manage-peering) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard Load Balancer SKU with a zone-redundant deployment, Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure load balancer backend pool(s) contains at least two instances, Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab5\"\n },\n \"name\": \"tab5\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Internet\"\n },\n \"name\": \"tab6title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Bastion in a subnet /26 or larger. Check [this link](https://learn.microsoft.com/azure/bastion/bastion-faq#subnet) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-bastion/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab6\"\n },\n \"name\": \"tab6\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Virtual WAN\"\n },\n \"name\": \"tab7title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For outbound Internet traffic protection and filtering, deploy Azure Firewall in secured hubs. Check [this link](https://learn.microsoft.com/azure/virtual-wan/howto-firewall) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext32\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query32\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not disable branch-to-branch traffic in Virtual WAN, unless these flows should be explicitly blocked. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#is-branch-to-branch-connectivity-allowed-in-virtual-wan) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext33\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query33\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use AS-Path as hub routing preference, since it is more flexible than ExpressRoute or VPN. Check [this link](https://learn.microsoft.com/azure/virtual-wan/about-virtual-hub-routing-preference) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext34\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query34\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Assign at least a /23 prefix to virtual hubs to ensure enough IP space is available. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#what-is-the-recommended-hub-address-space-during-hub-creation) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext35\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query35\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab7\"\n },\n \"name\": \"tab7\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}", + "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"value::all\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query0Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query1Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query2Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query3Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query4Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses))| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query5Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\\\.|172\\\\.(1[6-9]|2[0-9]|3[01])\\\\.|192\\\\.168\\\\.)') | project id, compliant, cidr| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query6Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query7Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8Stats\",\n \"type\": 1,\n \"query\": \"Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query8Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query9Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query10Stats\",\n \"type\": 1,\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query10FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query10Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query11Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query11FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query11Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query12Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query12FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query12Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query13Stats\",\n \"type\": 1,\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query13FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query13Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query14Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query14FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query14Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query15Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query15FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query15Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query16Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation))| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query16FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query16Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query17Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.dnsSettings.enableProxy == true) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query17FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query17Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query18Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.sku.tier == 'Premium') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query18FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query18Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query19Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.threatIntelMode == 'Deny') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query19FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query19Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query20Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.intrusionDetection.mode == 'Deny') | project id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query20FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query20Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query21Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,name,subnetId=tostring(subnets.id), subnetName=tostring(subnets.name),subnetRT=subnets.properties.routeTable.id | where not (subnetName in ('GatewaySubnet', 'AzureFirewallSubnet', 'RouteServerSubnet', 'AzureBastionSubnet')) | extend hasRT = isnotnull(subnetRT) | distinct id, hasRT, subnetId | join kind=fullouter (resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | extend isVWAN=(tolower(split(properties_virtualNetworkPeerings.name, '_')[0]) == 'remotevnettohubpeering') | mv-expand properties.subnets | project id, isVWAN, name, subnetId=tostring(properties_subnets.id), subnetName=tostring(properties_subnets.name) | summarize PeeredToVWAN=max(isVWAN) by id, subnetId | project id, subnetId, isVWANpeer = (PeeredToVWAN == true)) on subnetId | project id=iff(isnotempty(id), id, id1), subnetId=iff(isnotempty(subnetId), subnetId, subnetId1), hasRT, isVWANpeer | extend compliant = (hasRT==true or isVWANpeer==true) | distinct id, subnetId, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query21FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query21Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query22Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query22FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query22Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query23Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/firewallPolicies' | where array_length(properties.firewalls) > 0 | extend compliant = (properties.dnsSettings.enableProxy =~ 'true') | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query23FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query23Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query24Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/azurefirewalls' | where array_length(zones) <= 1 or isnull(zones) | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | project name, id, tags, param1='multipleZones:false'| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query24FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query24Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query25Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query25FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query25Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query26Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query26FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query26Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query27Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query27FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query27Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query28Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query28FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query28Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query29Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query29FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query29Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query30Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query30FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query30Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query31Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query31FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query31Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query32Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query32FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query32Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query33Stats\",\n \"type\": 1,\n \"query\": \"resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query33FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query33Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query34Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query34FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query34Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query35Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query35FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query35Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab0Success}/{Tab0Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query32Stats:$.Success}+{Query33Stats:$.Success}+{Query34Stats:$.Success}+{Query35Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query32Stats:$.Total}+{Query33Stats:$.Total}+{Query34Stats:$.Total}+{Query35Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab1Success}/{Tab1Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query17Stats:$.Success}+{Query18Stats:$.Success}+{Query19Stats:$.Success}+{Query20Stats:$.Success}+{Query21Stats:$.Success}+{Query23Stats:$.Success}+{Query24Stats:$.Success}+{Query25Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query17Stats:$.Total}+{Query18Stats:$.Total}+{Query19Stats:$.Total}+{Query20Stats:$.Total}+{Query21Stats:$.Total}+{Query23Stats:$.Total}+{Query24Stats:$.Total}+{Query25Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab2Success}/{Tab2Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query10Stats:$.Success}+{Query11Stats:$.Success}+{Query12Stats:$.Success}+{Query13Stats:$.Success}+{Query14Stats:$.Success}+{Query15Stats:$.Success}+{Query16Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query10Stats:$.Total}+{Query11Stats:$.Total}+{Query12Stats:$.Total}+{Query13Stats:$.Total}+{Query14Stats:$.Total}+{Query15Stats:$.Total}+{Query16Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab3Success}/{Tab3Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query22Stats:$.Success}+{Query27Stats:$.Success}+{Query28Stats:$.Success}+{Query29Stats:$.Success}+{Query30Stats:$.Success}+{Query31Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query22Stats:$.Total}+{Query27Stats:$.Total}+{Query28Stats:$.Total}+{Query29Stats:$.Total}+{Query30Stats:$.Total}+{Query31Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab4Success}/{Tab4Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab5Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query26Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab5Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query26Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab5Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab5Success}/{Tab5Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab6Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query9Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab6Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query9Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab6Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab6Success}/{Tab6Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab7Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab7Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab7Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab7Success}/{Tab7Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookTotal\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query32Stats:$.Total}+{Query33Stats:$.Total}+{Query34Stats:$.Total}+{Query35Stats:$.Total}+{Query17Stats:$.Total}+{Query18Stats:$.Total}+{Query19Stats:$.Total}+{Query20Stats:$.Total}+{Query21Stats:$.Total}+{Query23Stats:$.Total}+{Query24Stats:$.Total}+{Query25Stats:$.Total}+{Query10Stats:$.Total}+{Query11Stats:$.Total}+{Query12Stats:$.Total}+{Query13Stats:$.Total}+{Query14Stats:$.Total}+{Query15Stats:$.Total}+{Query16Stats:$.Total}+{Query22Stats:$.Total}+{Query27Stats:$.Total}+{Query28Stats:$.Total}+{Query29Stats:$.Total}+{Query30Stats:$.Total}+{Query31Stats:$.Total}+{Query26Stats:$.Total}+{Query9Stats:$.Total}+{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookSuccess\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query32Stats:$.Success}+{Query33Stats:$.Success}+{Query34Stats:$.Success}+{Query35Stats:$.Success}+{Query17Stats:$.Success}+{Query18Stats:$.Success}+{Query19Stats:$.Success}+{Query20Stats:$.Success}+{Query21Stats:$.Success}+{Query23Stats:$.Success}+{Query24Stats:$.Success}+{Query25Stats:$.Success}+{Query10Stats:$.Success}+{Query11Stats:$.Success}+{Query12Stats:$.Success}+{Query13Stats:$.Success}+{Query14Stats:$.Success}+{Query15Stats:$.Success}+{Query16Stats:$.Success}+{Query22Stats:$.Success}+{Query27Stats:$.Success}+{Query28Stats:$.Success}+{Query29Stats:$.Success}+{Query30Stats:$.Success}+{Query31Stats:$.Success}+{Query26Stats:$.Success}+{Query9Stats:$.Success}+{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookPercent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{WorkbookSuccess}/{WorkbookTotal})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"InvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Landing Zone Review - Network\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"50\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"WorkbookPercent\\\\\\\": \\\\\\\"{WorkbookPercent}\\\\\\\", \\\\\\\"SubTitle\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 4,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"WorkbookPercent\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"SubTitle\",\n \"formatter\": 1\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"ProgressTile\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"cc6df7c1-6bb0-44b9-9596-37b22f0dbdb2\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"IP plan ({Tab0Success:value}/{Tab0Total:value})\",\n \"subTarget\": \"tab0\",\n \"preText\": \"IP plan\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"7bd04a78-910b-43c6-8a4b-3fa91b14d56c\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Virtual WAN ({Tab1Success:value}/{Tab1Total:value})\",\n \"subTarget\": \"tab1\",\n \"preText\": \"Virtual WAN\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"2fd08728-7f1e-480d-83f5-65e52e44f72f\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Firewall ({Tab2Success:value}/{Tab2Total:value})\",\n \"subTarget\": \"tab2\",\n \"preText\": \"Firewall\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"d0d900ae-1cb1-4317-80dc-27afbf27ee97\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Hybrid ({Tab3Success:value}/{Tab3Total:value})\",\n \"subTarget\": \"tab3\",\n \"preText\": \"Hybrid\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"de56b6a2-6058-4bf6-9cb2-ee345d866639\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Segmentation ({Tab4Success:value}/{Tab4Total:value})\",\n \"subTarget\": \"tab4\",\n \"preText\": \"Segmentation\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"daf6577d-1b8f-41d7-91a3-c183cb37d1cd\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"PaaS ({Tab5Success:value}/{Tab5Total:value})\",\n \"subTarget\": \"tab5\",\n \"preText\": \"PaaS\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"542c4d48-fd21-4ae0-a676-9b6d576d5599\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Internet ({Tab6Success:value}/{Tab6Total:value})\",\n \"subTarget\": \"tab6\",\n \"preText\": \"Internet\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"ddabcbf7-2ac6-44b5-9390-31f6112a6591\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Hub and spoke ({Tab7Success:value}/{Tab7Total:value})\",\n \"subTarget\": \"tab7\",\n \"preText\": \"Hub and spoke\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## IP plan\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use IP addresses from the address allocation ranges for private internets (RFC 1918). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\\\.|172\\\\.(1[6-9]|2[0-9]|3[01])\\\\.|192\\\\.168\\\\.)') | project id, compliant, cidr | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that IP address space isn't wasted, don't create unnecessarily large virtual networks (for example /16). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard SKU and Zone-Redundant IPs when applicable, Public IP addresses in Azure can be of standard SKU, available as non-zonal, zonal, or zone-redundant. Zone-redundant IPs are accessible across all zones, resisting any single zone failure, thereby providing higher resilience. Check [this link](https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone) for further information.. [This training](https://learn.microsoft.com/en-gb/training/modules/configure-virtual-networks/6-create-public-ip-addressing) can help to educate yourself on this.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Virtual WAN\"\n },\n \"name\": \"tab1title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For outbound Internet traffic protection and filtering, deploy Azure Firewall in secured hubs. Check [this link](https://learn.microsoft.com/azure/virtual-wan/howto-firewall) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext32\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query32\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not disable branch-to-branch traffic in Virtual WAN, unless these flows should be explicitly blocked. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#is-branch-to-branch-connectivity-allowed-in-virtual-wan) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext33\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query33\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use AS-Path as hub routing preference, since it is more flexible than ExpressRoute or VPN. Check [this link](https://learn.microsoft.com/azure/virtual-wan/about-virtual-hub-routing-preference) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext34\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query34\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Assign at least a /23 prefix to virtual hubs to ensure enough IP space is available. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#what-is-the-recommended-hub-address-space-during-hub-creation) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext35\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query35\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab1\"\n },\n \"name\": \"tab1\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Firewall\"\n },\n \"name\": \"tab2title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use application rules to filter outbound traffic on destination host name for supported protocols. Use FQDN-based network rules and Azure Firewall with DNS proxy to filter egress traffic to the Internet over other protocols. Check [this link](https://learn.microsoft.com/azure/firewall/fqdn-filtering-network-rules) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext17\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.dnsSettings.enableProxy == true) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query17\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Firewall Premium to enable additional security features. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext18\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.sku.tier == 'Premium') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query18\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall Threat Intelligence mode to Alert and Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps-signature-rules) for further information.\"\n },\n \"name\": \"querytext19\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.threatIntelMode == 'Deny') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query19\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall IDPS mode to Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext20\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.intrusionDetection.mode == 'Deny') | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query20\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For subnets in VNets not connected to Virtual WAN, attach a route table so that Internet traffic is redirected to Azure Firewall or a Network Virtual Appliance. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-networks-udr-overview) for further information.\"\n },\n \"name\": \"querytext21\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,name,subnetId=tostring(subnets.id), subnetName=tostring(subnets.name),subnetRT=subnets.properties.routeTable.id | where not (subnetName in ('GatewaySubnet', 'AzureFirewallSubnet', 'RouteServerSubnet', 'AzureBastionSubnet')) | extend hasRT = isnotnull(subnetRT) | distinct id, hasRT, subnetId | join kind=fullouter (resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | extend isVWAN=(tolower(split(properties_virtualNetworkPeerings.name, '_')[0]) == 'remotevnettohubpeering') | mv-expand properties.subnets | project id, isVWAN, name, subnetId=tostring(properties_subnets.id), subnetName=tostring(properties_subnets.name) | summarize PeeredToVWAN=max(isVWAN) by id, subnetId | project id, subnetId, isVWANpeer = (PeeredToVWAN == true)) on subnetId | project id=iff(isnotempty(id), id, id1), subnetId=iff(isnotempty(subnetId), subnetId, subnetId1), hasRT, isVWANpeer | extend compliant = (hasRT==true or isVWANpeer==true) | distinct id, subnetId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query21\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable Azure Firewall DNS proxy configuration. Check [this link](https://learn.microsoft.com/azure/firewall/dns-details) for further information.. [This training](https://learn.microsoft.com/training/courses/az-700t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext23\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/firewallPolicies' | where array_length(properties.firewalls) > 0 | extend compliant = (properties.dnsSettings.enableProxy =~ 'true') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query23\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Azure Firewall across multiple availability zones. Azure Firewall offers different SLAs depending on its deployment; in a single availability zone or across multiple, potentially improving reliability and performance. Check [this link](https://learn.microsoft.com/azure/firewall/deploy-availability-zone-powershell) for further information.. [This training](https://learn.microsoft.com/training/courses/az-104t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext24\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/azurefirewalls' | where array_length(zones) <= 1 or isnull(zones) | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | project name, id, tags, param1='multipleZones:false' | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query24\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure DDoS Protection on the Azure Firewall VNet, Associate a DDoS protection plan with the virtual network hosting Azure Firewall to provide enhanced mitigation against DDoS attacks. Azure Firewall Manager integrates the creation of firewall infrastructure and DDoS protection plans. Check [this link](https://learn.microsoft.com/en-gb/azure/ddos-protection/ddos-protection-overview) for further information.\"\n },\n \"name\": \"querytext25\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query25\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab2\"\n },\n \"name\": \"tab2\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Hybrid\"\n },\n \"name\": \"tab3title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Select the right SKU for the ExpressRoute/VPN gateways based on bandwidth and performance requirements. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways?source=recommendations#gwsku) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext10\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query10\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that you're using unlimited-data ExpressRoute circuits only if you reach the bandwidth that justifies their cost. Check [this link](https://learn.microsoft.com/azure/expressroute/plan-manage-cost) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext11\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query11\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Leverage the Local SKU of ExpressRoute to reduce the cost of your circuits, if your circuit peering location supports your Azure regions for the Local SKU. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-faqs#expressroute-local) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext12\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query12\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy a zone-redundant ExpressRoute gateway in the supported Azure regions. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext13\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query13\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use zone-redundant VPN gateways to connect branches or remote locations to Azure (where available). Check [this link](https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-vpn-gateway/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext14\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query14\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use ExpressRoute circuits from different peering locations for redundancy. Check [this link](https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext15\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query15\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you are using a route table in the GatewaySubnet, make sure that gateway routes are propagated. Check [this link](https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub) for further information.\"\n },\n \"name\": \"querytext16\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query16\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab3\"\n },\n \"name\": \"tab3\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Segmentation\"\n },\n \"name\": \"tab4title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use a /26 prefix for your Azure Firewall subnets. Check [this link](https://learn.microsoft.com/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext22\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query22\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use at least a /27 prefix for your Gateway subnets. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway) for further information.\"\n },\n \"name\": \"querytext27\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query27\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't rely on the NSG inbound default rules using the VirtualNetwork service tag to limit connectivity. Check [this link](https://learn.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) for further information.\"\n },\n \"name\": \"querytext28\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query28\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use NSGs to help protect traffic across subnets, as well as east/west traffic across the platform (traffic between landing zones). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-landing-zone-network-segmentation) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext29\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query29\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable VNet Flow Logs and feed them into Traffic Analytics to gain insights into internal and external traffic flows. Check [this link](https://learn.microsoft.com/azure/network-watcher/vnet-flow-logs-overview) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext30\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query30\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not implement more than 900 NSG rules per NSG, due to the limit of 1000 rules. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits) for further information.. [This training](https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works) can help to educate yourself on this.\"\n },\n \"name\": \"querytext31\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query31\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab4\"\n },\n \"name\": \"tab4\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## PaaS\"\n },\n \"name\": \"tab5title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't enable virtual network service endpoints by default on all subnets. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-service-endpoints-overview) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn) can help to educate yourself on this.\"\n },\n \"name\": \"querytext26\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query26\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab5\"\n },\n \"name\": \"tab5\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Internet\"\n },\n \"name\": \"tab6title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Bastion in a subnet /26 or larger. Check [this link](https://learn.microsoft.com/azure/bastion/bastion-faq#subnet) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-bastion/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab6\"\n },\n \"name\": \"tab6\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Hub and spoke\"\n },\n \"name\": \"tab7title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If using Route Server, use a /27 prefix for the Route Server subnet. Check [this link](https://learn.microsoft.com/azure/route-server/quickstart-configure-route-server-portal#create-a-route-server-1) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-route-server/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you have more than 400 spoke networks in a region, deploy an additional hub to bypass VNet peering limits (500) and the maximum number of prefixes that can be advertised via ExpressRoute (1000). Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Limit the number of routes per route table to 400. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use the setting 'Allow traffic to remote virtual network' when configuring VNet peerings. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-manage-peering) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard Load Balancer SKU with a zone-redundant deployment, Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure load balancer backend pool(s) contains at least two instances, Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab7\"\n },\n \"name\": \"tab7\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}", "version": "1.0", "sourceId": "[parameters('workbookSourceId')]", "category": "[parameters('workbookType')]" diff --git a/workbooks/alz_checklist.en_network_tabcounters.json b/workbooks/alz_checklist.en_network_tabcounters.json index c6fe5d51..a5ac3f07 100644 --- a/workbooks/alz_checklist.en_network_tabcounters.json +++ b/workbooks/alz_checklist.en_network_tabcounters.json @@ -70,75 +70,75 @@ "style": "tabs", "links": [ { - "id": "ffc15262-806d-4382-9b27-f59418758348", + "id": "380fffbd-7fa8-48a6-aaa0-481729d418ad", "cellValue": "VisibleTab", "linkTarget": "parameter", - "linkLabel": "Hub and spoke", + "linkLabel": "Segmentation", "subTarget": "tab0", - "preText": "Hub and spoke", + "preText": "Segmentation", "style": "primary" }, { - "id": "2b1c89f0-e116-4141-8274-dcfe612ff858", - "cellValue": "VisibleTab", - "linkTarget": "parameter", - "linkLabel": "Firewall", - "subTarget": "tab1", - "preText": "Firewall", - "style": "primary" - }, - { - "id": "1ec51538-172a-4b16-8c38-6b743ee3433b", - "cellValue": "VisibleTab", - "linkTarget": "parameter", - "linkLabel": "Internet", - "subTarget": "tab2", - "preText": "Internet", - "style": "primary" - }, - { - "id": "f7dbc4f7-55df-4c6e-b937-8990911d5c18", - "cellValue": "VisibleTab", - "linkTarget": "parameter", - "linkLabel": "Hybrid", - "subTarget": "tab3", - "preText": "Hybrid", - "style": "primary" - }, - { - "id": "7f24e682-2135-4494-8a7a-1a5a852813ce", + "id": "6106fd0c-0859-4b59-9e90-6a144bf66aa7", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "Virtual WAN", - "subTarget": "tab4", + "subTarget": "tab1", "preText": "Virtual WAN", "style": "primary" }, { - "id": "0ef2e578-74fb-43aa-ad3f-348dd330f8eb", + "id": "983ceb56-8b92-4497-89cd-014831b104f8", + "cellValue": "VisibleTab", + "linkTarget": "parameter", + "linkLabel": "Hybrid", + "subTarget": "tab2", + "preText": "Hybrid", + "style": "primary" + }, + { + "id": "2c028894-e282-444f-a68e-46406128cbd6", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "PaaS", - "subTarget": "tab5", + "subTarget": "tab3", "preText": "PaaS", "style": "primary" }, { - "id": "00911c16-eaa6-40c1-b872-18d7e17eff56", + "id": "5fbbdc80-c4c6-4f58-8781-72ef45b1d123", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "IP plan", - "subTarget": "tab6", + "subTarget": "tab4", "preText": "IP plan", "style": "primary" }, { - "id": "ac245721-6a05-4854-9d86-5899c8d07868", + "id": "5c5e43dd-7736-4509-8aea-595c98e2a82c", "cellValue": "VisibleTab", "linkTarget": "parameter", - "linkLabel": "Segmentation", + "linkLabel": "Firewall", + "subTarget": "tab5", + "preText": "Firewall", + "style": "primary" + }, + { + "id": "3439b9ae-525d-4691-a36e-0cb9e5736e08", + "cellValue": "VisibleTab", + "linkTarget": "parameter", + "linkLabel": "Internet", + "subTarget": "tab6", + "preText": "Internet", + "style": "primary" + }, + { + "id": "71d6d98f-1b1d-4136-81d4-84705f004722", + "cellValue": "VisibleTab", + "linkTarget": "parameter", + "linkLabel": "Hub and spoke", "subTarget": "tab7", - "preText": "Segmentation", + "preText": "Hub and spoke", "style": "primary" } ] @@ -162,9 +162,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query0Stats", + "name": "Query22Stats", "type": 1, - "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", "crossComponentResources": [ "{Subscription}" ], @@ -178,9 +178,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query0FullyCompliant", + "name": "Query22FullyCompliant", "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query0Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query22Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", "isHiddenWhenLocked": true, "timeContext": { "durationMs": 86400000 @@ -190,9 +190,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query1Stats", + "name": "Query27Stats", "type": 1, - "query": "resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", "crossComponentResources": [ "{Subscription}" ], @@ -206,9 +206,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query1FullyCompliant", + "name": "Query27FullyCompliant", "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query1Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query27Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", "isHiddenWhenLocked": true, "timeContext": { "durationMs": 86400000 @@ -218,9 +218,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query2Stats", + "name": "Query28Stats", "type": 1, - "query": "resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "query": "resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", "crossComponentResources": [ "{Subscription}" ], @@ -234,9 +234,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query2FullyCompliant", + "name": "Query28FullyCompliant", "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query2Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query28Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", "isHiddenWhenLocked": true, "timeContext": { "durationMs": 86400000 @@ -246,9 +246,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query3Stats", + "name": "Query29Stats", "type": 1, - "query": "resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "query": "resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", "crossComponentResources": [ "{Subscription}" ], @@ -262,9 +262,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query3FullyCompliant", + "name": "Query29FullyCompliant", "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query3Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query29Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", "isHiddenWhenLocked": true, "timeContext": { "durationMs": 86400000 @@ -274,9 +274,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query4Stats", + "name": "Query30Stats", "type": 1, - "query": "resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "query": "resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", "crossComponentResources": [ "{Subscription}" ], @@ -290,9 +290,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query4FullyCompliant", + "name": "Query30FullyCompliant", "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query4Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query30Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", "isHiddenWhenLocked": true, "timeContext": { "durationMs": 86400000 @@ -302,9 +302,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query5Stats", + "name": "Query31Stats", "type": 1, - "query": "resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses))| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "query": "resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", "crossComponentResources": [ "{Subscription}" ], @@ -318,9 +318,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query5FullyCompliant", + "name": "Query31FullyCompliant", "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query5Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query31Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", "isHiddenWhenLocked": true, "timeContext": { "durationMs": 86400000 @@ -341,7 +341,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}" + "resultVal": "{Query22Stats:$.Success}+{Query27Stats:$.Success}+{Query28Stats:$.Success}+{Query29Stats:$.Success}+{Query30Stats:$.Success}+{Query31Stats:$.Success}" } } ] @@ -360,7 +360,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}" + "resultVal": "{Query22Stats:$.Total}+{Query27Stats:$.Total}+{Query28Stats:$.Total}+{Query29Stats:$.Total}+{Query30Stats:$.Total}+{Query31Stats:$.Total}" } } ] @@ -394,7 +394,7 @@ { "type": 1, "content": { - "json": "## Hub and spoke" + "json": "## Segmentation" }, "customWidth": "50", "name": "tab0title" @@ -435,15 +435,15 @@ { "type": 1, "content": { - "json": "If using Route Server, use a /27 prefix for the Route Server subnet. Check [this link](https://learn.microsoft.com/azure/route-server/quickstart-configure-route-server-portal#create-a-route-server-1) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-route-server/) can help to educate yourself on this." + "json": "Use a /26 prefix for your Azure Firewall subnets. Check [this link](https://learn.microsoft.com/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this." }, - "name": "querytext0" + "name": "querytext22" }, { "type": 3, "content": { "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", "size": 4, "queryType": 1, "resourceType": "microsoft.resourcegraph/resources", @@ -492,20 +492,20 @@ ] } }, - "name": "query0" + "name": "query22" }, { "type": 1, "content": { - "json": "If you have more than 400 spoke networks in a region, deploy an additional hub to bypass VNet peering limits (500) and the maximum number of prefixes that can be advertised via ExpressRoute (1000). Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this." + "json": "Use at least a /27 prefix for your Gateway subnets. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway) for further information." }, - "name": "querytext1" + "name": "querytext27" }, { "type": 3, "content": { "version": "KqlItem/1.0", - "query": "resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", "size": 4, "queryType": 1, "resourceType": "microsoft.resourcegraph/resources", @@ -554,20 +554,20 @@ ] } }, - "name": "query1" + "name": "query27" }, { "type": 1, "content": { - "json": "Limit the number of routes per route table to 400. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this." + "json": "Don't rely on the NSG inbound default rules using the VirtualNetwork service tag to limit connectivity. Check [this link](https://learn.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) for further information." }, - "name": "querytext2" + "name": "querytext28" }, { "type": 3, "content": { "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "query": "resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", "size": 4, "queryType": 1, "resourceType": "microsoft.resourcegraph/resources", @@ -616,20 +616,20 @@ ] } }, - "name": "query2" + "name": "query28" }, { "type": 1, "content": { - "json": "Use the setting 'Allow traffic to remote virtual network' when configuring VNet peerings. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-manage-peering) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this." + "json": "Use NSGs to help protect traffic across subnets, as well as east/west traffic across the platform (traffic between landing zones). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-landing-zone-network-segmentation) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/) can help to educate yourself on this." }, - "name": "querytext3" + "name": "querytext29" }, { "type": 3, "content": { "version": "KqlItem/1.0", - "query": "resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "query": "resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", "size": 4, "queryType": 1, "resourceType": "microsoft.resourcegraph/resources", @@ -678,20 +678,20 @@ ] } }, - "name": "query3" + "name": "query29" }, { "type": 1, "content": { - "json": "Use Standard Load Balancer SKU with a zone-redundant deployment, Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information." + "json": "Enable VNet Flow Logs and feed them into Traffic Analytics to gain insights into internal and external traffic flows. Check [this link](https://learn.microsoft.com/azure/network-watcher/vnet-flow-logs-overview) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/) can help to educate yourself on this." }, - "name": "querytext4" + "name": "querytext30" }, { "type": 3, "content": { "version": "KqlItem/1.0", - "query": "resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "query": "resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", "size": 4, "queryType": 1, "resourceType": "microsoft.resourcegraph/resources", @@ -740,20 +740,20 @@ ] } }, - "name": "query4" + "name": "query30" }, { "type": 1, "content": { - "json": "Ensure load balancer backend pool(s) contains at least two instances, Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information." + "json": "Do not implement more than 900 NSG rules per NSG, due to the limit of 1000 rules. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits) for further information.. [This training](https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works) can help to educate yourself on this." }, - "name": "querytext5" + "name": "querytext31" }, { "type": 3, "content": { "version": "KqlItem/1.0", - "query": "resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "query": "resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", "size": 4, "queryType": 1, "resourceType": "microsoft.resourcegraph/resources", @@ -802,7 +802,7 @@ ] } }, - "name": "query5" + "name": "query31" } ] }, @@ -813,6 +813,1868 @@ }, "name": "tab0" }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Subscription}" + ], + "parameters": [ + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query32Stats", + "type": 1, + "query": "resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "crossComponentResources": [ + "{Subscription}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query32FullyCompliant", + "type": 1, + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query32Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 8 + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query33Stats", + "type": 1, + "query": "resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "crossComponentResources": [ + "{Subscription}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query33FullyCompliant", + "type": 1, + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query33Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 8 + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query34Stats", + "type": 1, + "query": "resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "crossComponentResources": [ + "{Subscription}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query34FullyCompliant", + "type": 1, + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query34Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 8 + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query35Stats", + "type": 1, + "query": "resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "crossComponentResources": [ + "{Subscription}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query35FullyCompliant", + "type": 1, + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query35Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 8 + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Tab1Success", + "type": 1, + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "criteriaData": [ + { + "criteriaContext": { + "operator": "Default", + "resultValType": "expression", + "resultVal": "{Query32Stats:$.Success}+{Query33Stats:$.Success}+{Query34Stats:$.Success}+{Query35Stats:$.Success}" + } + } + ] + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Tab1Total", + "type": 1, + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "criteriaData": [ + { + "criteriaContext": { + "operator": "Default", + "resultValType": "expression", + "resultVal": "{Query32Stats:$.Total}+{Query33Stats:$.Total}+{Query34Stats:$.Total}+{Query35Stats:$.Total}" + } + } + ] + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Tab1Percent", + "type": 1, + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "criteriaData": [ + { + "criteriaContext": { + "operator": "Default", + "resultValType": "expression", + "resultVal": "round(100*{Tab1Success}/{Tab1Total})" + } + } + ] + } + ], + "style": "pills", + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + "name": "TabInvisibleParameters" + }, + { + "type": 1, + "content": { + "json": "## Virtual WAN" + }, + "customWidth": "50", + "name": "tab1title" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"Column1\\\": \\\"{Tab1Percent}\\\", \\\"Column2\\\": \\\"Percent of successful checks\\\"}\",\"transformers\":null}", + "size": 3, + "queryType": 8, + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "Column1", + "formatter": 4, + "formatOptions": { + "min": 0, + "max": 100, + "palette": "redGreen" + }, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + "subtitleContent": { + "columnMatch": "Column2" + }, + "showBorder": true + } + }, + "customWidth": "50", + "name": "TabPercentTile" + }, + { + "type": 1, + "content": { + "json": "For outbound Internet traffic protection and filtering, deploy Azure Firewall in secured hubs. Check [this link](https://learn.microsoft.com/azure/virtual-wan/howto-firewall) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this." + }, + "name": "querytext32" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query32" + }, + { + "type": 1, + "content": { + "json": "Do not disable branch-to-branch traffic in Virtual WAN, unless these flows should be explicitly blocked. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#is-branch-to-branch-connectivity-allowed-in-virtual-wan) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this." + }, + "name": "querytext33" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query33" + }, + { + "type": 1, + "content": { + "json": "Use AS-Path as hub routing preference, since it is more flexible than ExpressRoute or VPN. Check [this link](https://learn.microsoft.com/azure/virtual-wan/about-virtual-hub-routing-preference) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this." + }, + "name": "querytext34" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query34" + }, + { + "type": 1, + "content": { + "json": "Assign at least a /23 prefix to virtual hubs to ensure enough IP space is available. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#what-is-the-recommended-hub-address-space-during-hub-creation) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this." + }, + "name": "querytext35" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query35" + } + ] + }, + "conditionalVisibility": { + "parameterName": "VisibleTab", + "comparison": "isEqualTo", + "value": "tab1" + }, + "name": "tab1" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Subscription}" + ], + "parameters": [ + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query10Stats", + "type": 1, + "query": "resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "crossComponentResources": [ + "{Subscription}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query10FullyCompliant", + "type": 1, + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query10Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 8 + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query11Stats", + "type": 1, + "query": "resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "crossComponentResources": [ + "{Subscription}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query11FullyCompliant", + "type": 1, + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query11Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 8 + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query12Stats", + "type": 1, + "query": "resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "crossComponentResources": [ + "{Subscription}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query12FullyCompliant", + "type": 1, + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query12Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 8 + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query13Stats", + "type": 1, + "query": "resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "crossComponentResources": [ + "{Subscription}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query13FullyCompliant", + "type": 1, + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query13Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 8 + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query14Stats", + "type": 1, + "query": "resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "crossComponentResources": [ + "{Subscription}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query14FullyCompliant", + "type": 1, + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query14Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 8 + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query15Stats", + "type": 1, + "query": "resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "crossComponentResources": [ + "{Subscription}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query15FullyCompliant", + "type": 1, + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query15Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 8 + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query16Stats", + "type": 1, + "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation))| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "crossComponentResources": [ + "{Subscription}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query16FullyCompliant", + "type": 1, + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query16Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 8 + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Tab2Success", + "type": 1, + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "criteriaData": [ + { + "criteriaContext": { + "operator": "Default", + "resultValType": "expression", + "resultVal": "{Query10Stats:$.Success}+{Query11Stats:$.Success}+{Query12Stats:$.Success}+{Query13Stats:$.Success}+{Query14Stats:$.Success}+{Query15Stats:$.Success}+{Query16Stats:$.Success}" + } + } + ] + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Tab2Total", + "type": 1, + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "criteriaData": [ + { + "criteriaContext": { + "operator": "Default", + "resultValType": "expression", + "resultVal": "{Query10Stats:$.Total}+{Query11Stats:$.Total}+{Query12Stats:$.Total}+{Query13Stats:$.Total}+{Query14Stats:$.Total}+{Query15Stats:$.Total}+{Query16Stats:$.Total}" + } + } + ] + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Tab2Percent", + "type": 1, + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "criteriaData": [ + { + "criteriaContext": { + "operator": "Default", + "resultValType": "expression", + "resultVal": "round(100*{Tab2Success}/{Tab2Total})" + } + } + ] + } + ], + "style": "pills", + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + "name": "TabInvisibleParameters" + }, + { + "type": 1, + "content": { + "json": "## Hybrid" + }, + "customWidth": "50", + "name": "tab2title" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"Column1\\\": \\\"{Tab2Percent}\\\", \\\"Column2\\\": \\\"Percent of successful checks\\\"}\",\"transformers\":null}", + "size": 3, + "queryType": 8, + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "Column1", + "formatter": 4, + "formatOptions": { + "min": 0, + "max": 100, + "palette": "redGreen" + }, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + "subtitleContent": { + "columnMatch": "Column2" + }, + "showBorder": true + } + }, + "customWidth": "50", + "name": "TabPercentTile" + }, + { + "type": 1, + "content": { + "json": "Select the right SKU for the ExpressRoute/VPN gateways based on bandwidth and performance requirements. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways?source=recommendations#gwsku) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this." + }, + "name": "querytext10" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query10" + }, + { + "type": 1, + "content": { + "json": "Ensure that you're using unlimited-data ExpressRoute circuits only if you reach the bandwidth that justifies their cost. Check [this link](https://learn.microsoft.com/azure/expressroute/plan-manage-cost) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this." + }, + "name": "querytext11" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query11" + }, + { + "type": 1, + "content": { + "json": "Leverage the Local SKU of ExpressRoute to reduce the cost of your circuits, if your circuit peering location supports your Azure regions for the Local SKU. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-faqs#expressroute-local) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this." + }, + "name": "querytext12" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query12" + }, + { + "type": 1, + "content": { + "json": "Deploy a zone-redundant ExpressRoute gateway in the supported Azure regions. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this." + }, + "name": "querytext13" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query13" + }, + { + "type": 1, + "content": { + "json": "Use zone-redundant VPN gateways to connect branches or remote locations to Azure (where available). Check [this link](https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-vpn-gateway/) can help to educate yourself on this." + }, + "name": "querytext14" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query14" + }, + { + "type": 1, + "content": { + "json": "Use ExpressRoute circuits from different peering locations for redundancy. Check [this link](https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this." + }, + "name": "querytext15" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query15" + }, + { + "type": 1, + "content": { + "json": "If you are using a route table in the GatewaySubnet, make sure that gateway routes are propagated. Check [this link](https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub) for further information." + }, + "name": "querytext16" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query16" + } + ] + }, + "conditionalVisibility": { + "parameterName": "VisibleTab", + "comparison": "isEqualTo", + "value": "tab2" + }, + "name": "tab2" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Subscription}" + ], + "parameters": [ + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query26Stats", + "type": 1, + "query": "resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "crossComponentResources": [ + "{Subscription}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query26FullyCompliant", + "type": 1, + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query26Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 8 + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Tab3Success", + "type": 1, + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "criteriaData": [ + { + "criteriaContext": { + "operator": "Default", + "resultValType": "expression", + "resultVal": "{Query26Stats:$.Success}" + } + } + ] + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Tab3Total", + "type": 1, + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "criteriaData": [ + { + "criteriaContext": { + "operator": "Default", + "resultValType": "expression", + "resultVal": "{Query26Stats:$.Total}" + } + } + ] + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Tab3Percent", + "type": 1, + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "criteriaData": [ + { + "criteriaContext": { + "operator": "Default", + "resultValType": "expression", + "resultVal": "round(100*{Tab3Success}/{Tab3Total})" + } + } + ] + } + ], + "style": "pills", + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + "name": "TabInvisibleParameters" + }, + { + "type": 1, + "content": { + "json": "## PaaS" + }, + "customWidth": "50", + "name": "tab3title" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"Column1\\\": \\\"{Tab3Percent}\\\", \\\"Column2\\\": \\\"Percent of successful checks\\\"}\",\"transformers\":null}", + "size": 3, + "queryType": 8, + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "Column1", + "formatter": 4, + "formatOptions": { + "min": 0, + "max": 100, + "palette": "redGreen" + }, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + "subtitleContent": { + "columnMatch": "Column2" + }, + "showBorder": true + } + }, + "customWidth": "50", + "name": "TabPercentTile" + }, + { + "type": 1, + "content": { + "json": "Don't enable virtual network service endpoints by default on all subnets. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-service-endpoints-overview) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn) can help to educate yourself on this." + }, + "name": "querytext26" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query26" + } + ] + }, + "conditionalVisibility": { + "parameterName": "VisibleTab", + "comparison": "isEqualTo", + "value": "tab3" + }, + "name": "tab3" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "crossComponentResources": [ + "{Subscription}" + ], + "parameters": [ + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query6Stats", + "type": 1, + "query": "resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\.|172\\.(1[6-9]|2[0-9]|3[01])\\.|192\\.168\\.)') | project id, compliant, cidr| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "crossComponentResources": [ + "{Subscription}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query6FullyCompliant", + "type": 1, + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query6Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 8 + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query7Stats", + "type": 1, + "query": "resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "crossComponentResources": [ + "{Subscription}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query7FullyCompliant", + "type": 1, + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query7Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 8 + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query8Stats", + "type": 1, + "query": "Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "crossComponentResources": [ + "{Subscription}" + ], + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Query8FullyCompliant", + "type": 1, + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query8Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "queryType": 8 + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Tab4Success", + "type": 1, + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "criteriaData": [ + { + "criteriaContext": { + "operator": "Default", + "resultValType": "expression", + "resultVal": "{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}" + } + } + ] + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Tab4Total", + "type": 1, + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "criteriaData": [ + { + "criteriaContext": { + "operator": "Default", + "resultValType": "expression", + "resultVal": "{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}" + } + } + ] + }, + { + "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", + "version": "KqlParameterItem/1.0", + "name": "Tab4Percent", + "type": 1, + "isHiddenWhenLocked": true, + "timeContext": { + "durationMs": 86400000 + }, + "criteriaData": [ + { + "criteriaContext": { + "operator": "Default", + "resultValType": "expression", + "resultVal": "round(100*{Tab4Success}/{Tab4Total})" + } + } + ] + } + ], + "style": "pills", + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources" + }, + "name": "TabInvisibleParameters" + }, + { + "type": 1, + "content": { + "json": "## IP plan" + }, + "customWidth": "50", + "name": "tab4title" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"Column1\\\": \\\"{Tab4Percent}\\\", \\\"Column2\\\": \\\"Percent of successful checks\\\"}\",\"transformers\":null}", + "size": 3, + "queryType": 8, + "visualization": "tiles", + "tileSettings": { + "titleContent": { + "columnMatch": "Column1", + "formatter": 4, + "formatOptions": { + "min": 0, + "max": 100, + "palette": "redGreen" + }, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + "subtitleContent": { + "columnMatch": "Column2" + }, + "showBorder": true + } + }, + "customWidth": "50", + "name": "TabPercentTile" + }, + { + "type": 1, + "content": { + "json": "Use IP addresses from the address allocation ranges for private internets (RFC 1918). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this." + }, + "name": "querytext6" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\.|172\\.(1[6-9]|2[0-9]|3[01])\\.|192\\.168\\.)') | project id, compliant, cidr | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query6" + }, + { + "type": 1, + "content": { + "json": "Ensure that IP address space isn't wasted, don't create unnecessarily large virtual networks (for example /16). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this." + }, + "name": "querytext7" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query7" + }, + { + "type": 1, + "content": { + "json": "Use Standard SKU and Zone-Redundant IPs when applicable, Public IP addresses in Azure can be of standard SKU, available as non-zonal, zonal, or zone-redundant. Zone-redundant IPs are accessible across all zones, resisting any single zone failure, thereby providing higher resilience. Check [this link](https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone) for further information.. [This training](https://learn.microsoft.com/en-gb/training/modules/configure-virtual-networks/6-create-public-ip-addressing) can help to educate yourself on this." + }, + "name": "querytext8" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query8" + } + ] + }, + "conditionalVisibility": { + "parameterName": "VisibleTab", + "comparison": "isEqualTo", + "value": "tab4" + }, + "name": "tab4" + }, { "type": 12, "content": { @@ -1054,7 +2916,7 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Tab1Success", + "name": "Tab5Success", "type": 1, "isHiddenWhenLocked": true, "timeContext": { @@ -1073,7 +2935,7 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Tab1Total", + "name": "Tab5Total", "type": 1, "isHiddenWhenLocked": true, "timeContext": { @@ -1092,7 +2954,7 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Tab1Percent", + "name": "Tab5Percent", "type": 1, "isHiddenWhenLocked": true, "timeContext": { @@ -1103,7 +2965,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "round(100*{Tab1Success}/{Tab1Total})" + "resultVal": "round(100*{Tab5Success}/{Tab5Total})" } } ] @@ -1121,13 +2983,13 @@ "json": "## Firewall" }, "customWidth": "50", - "name": "tab1title" + "name": "tab5title" }, { "type": 3, "content": { "version": "KqlItem/1.0", - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"Column1\\\": \\\"{Tab1Percent}\\\", \\\"Column2\\\": \\\"Percent of successful checks\\\"}\",\"transformers\":null}", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"Column1\\\": \\\"{Tab5Percent}\\\", \\\"Column2\\\": \\\"Percent of successful checks\\\"}\",\"transformers\":null}", "size": 3, "queryType": 8, "visualization": "tiles", @@ -1657,9 +3519,9 @@ "conditionalVisibility": { "parameterName": "VisibleTab", "comparison": "isEqualTo", - "value": "tab1" + "value": "tab5" }, - "name": "tab1" + "name": "tab5" }, { "type": 12, @@ -1706,7 +3568,7 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Tab2Success", + "name": "Tab6Success", "type": 1, "isHiddenWhenLocked": true, "timeContext": { @@ -1725,7 +3587,7 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Tab2Total", + "name": "Tab6Total", "type": 1, "isHiddenWhenLocked": true, "timeContext": { @@ -1744,7 +3606,7 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Tab2Percent", + "name": "Tab6Percent", "type": 1, "isHiddenWhenLocked": true, "timeContext": { @@ -1755,7 +3617,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "round(100*{Tab2Success}/{Tab2Total})" + "resultVal": "round(100*{Tab6Success}/{Tab6Total})" } } ] @@ -1773,13 +3635,13 @@ "json": "## Internet" }, "customWidth": "50", - "name": "tab2title" + "name": "tab6title" }, { "type": 3, "content": { "version": "KqlItem/1.0", - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"Column1\\\": \\\"{Tab2Percent}\\\", \\\"Column2\\\": \\\"Percent of successful checks\\\"}\",\"transformers\":null}", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"Column1\\\": \\\"{Tab6Percent}\\\", \\\"Column2\\\": \\\"Percent of successful checks\\\"}\",\"transformers\":null}", "size": 3, "queryType": 8, "visualization": "tiles", @@ -1872,1868 +3734,6 @@ } ] }, - "conditionalVisibility": { - "parameterName": "VisibleTab", - "comparison": "isEqualTo", - "value": "tab2" - }, - "name": "tab2" - }, - { - "type": 12, - "content": { - "version": "NotebookGroup/1.0", - "groupType": "editable", - "items": [ - { - "type": 9, - "content": { - "version": "KqlParameterItem/1.0", - "crossComponentResources": [ - "{Subscription}" - ], - "parameters": [ - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query10Stats", - "type": 1, - "query": "resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", - "crossComponentResources": [ - "{Subscription}" - ], - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query10FullyCompliant", - "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query10Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 8 - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query11Stats", - "type": 1, - "query": "resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", - "crossComponentResources": [ - "{Subscription}" - ], - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query11FullyCompliant", - "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query11Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 8 - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query12Stats", - "type": 1, - "query": "resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", - "crossComponentResources": [ - "{Subscription}" - ], - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query12FullyCompliant", - "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query12Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 8 - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query13Stats", - "type": 1, - "query": "resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", - "crossComponentResources": [ - "{Subscription}" - ], - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query13FullyCompliant", - "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query13Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 8 - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query14Stats", - "type": 1, - "query": "resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", - "crossComponentResources": [ - "{Subscription}" - ], - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query14FullyCompliant", - "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query14Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 8 - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query15Stats", - "type": 1, - "query": "resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", - "crossComponentResources": [ - "{Subscription}" - ], - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query15FullyCompliant", - "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query15Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 8 - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query16Stats", - "type": 1, - "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation))| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", - "crossComponentResources": [ - "{Subscription}" - ], - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query16FullyCompliant", - "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query16Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 8 - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Tab3Success", - "type": 1, - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "criteriaData": [ - { - "criteriaContext": { - "operator": "Default", - "resultValType": "expression", - "resultVal": "{Query10Stats:$.Success}+{Query11Stats:$.Success}+{Query12Stats:$.Success}+{Query13Stats:$.Success}+{Query14Stats:$.Success}+{Query15Stats:$.Success}+{Query16Stats:$.Success}" - } - } - ] - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Tab3Total", - "type": 1, - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "criteriaData": [ - { - "criteriaContext": { - "operator": "Default", - "resultValType": "expression", - "resultVal": "{Query10Stats:$.Total}+{Query11Stats:$.Total}+{Query12Stats:$.Total}+{Query13Stats:$.Total}+{Query14Stats:$.Total}+{Query15Stats:$.Total}+{Query16Stats:$.Total}" - } - } - ] - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Tab3Percent", - "type": 1, - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "criteriaData": [ - { - "criteriaContext": { - "operator": "Default", - "resultValType": "expression", - "resultVal": "round(100*{Tab3Success}/{Tab3Total})" - } - } - ] - } - ], - "style": "pills", - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - "name": "TabInvisibleParameters" - }, - { - "type": 1, - "content": { - "json": "## Hybrid" - }, - "customWidth": "50", - "name": "tab3title" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"Column1\\\": \\\"{Tab3Percent}\\\", \\\"Column2\\\": \\\"Percent of successful checks\\\"}\",\"transformers\":null}", - "size": 3, - "queryType": 8, - "visualization": "tiles", - "tileSettings": { - "titleContent": { - "columnMatch": "Column1", - "formatter": 4, - "formatOptions": { - "min": 0, - "max": 100, - "palette": "redGreen" - }, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - "subtitleContent": { - "columnMatch": "Column2" - }, - "showBorder": true - } - }, - "customWidth": "50", - "name": "TabPercentTile" - }, - { - "type": 1, - "content": { - "json": "Select the right SKU for the ExpressRoute/VPN gateways based on bandwidth and performance requirements. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways?source=recommendations#gwsku) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this." - }, - "name": "querytext10" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query10" - }, - { - "type": 1, - "content": { - "json": "Ensure that you're using unlimited-data ExpressRoute circuits only if you reach the bandwidth that justifies their cost. Check [this link](https://learn.microsoft.com/azure/expressroute/plan-manage-cost) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this." - }, - "name": "querytext11" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query11" - }, - { - "type": 1, - "content": { - "json": "Leverage the Local SKU of ExpressRoute to reduce the cost of your circuits, if your circuit peering location supports your Azure regions for the Local SKU. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-faqs#expressroute-local) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this." - }, - "name": "querytext12" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query12" - }, - { - "type": 1, - "content": { - "json": "Deploy a zone-redundant ExpressRoute gateway in the supported Azure regions. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this." - }, - "name": "querytext13" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query13" - }, - { - "type": 1, - "content": { - "json": "Use zone-redundant VPN gateways to connect branches or remote locations to Azure (where available). Check [this link](https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-vpn-gateway/) can help to educate yourself on this." - }, - "name": "querytext14" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query14" - }, - { - "type": 1, - "content": { - "json": "Use ExpressRoute circuits from different peering locations for redundancy. Check [this link](https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this." - }, - "name": "querytext15" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query15" - }, - { - "type": 1, - "content": { - "json": "If you are using a route table in the GatewaySubnet, make sure that gateway routes are propagated. Check [this link](https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub) for further information." - }, - "name": "querytext16" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query16" - } - ] - }, - "conditionalVisibility": { - "parameterName": "VisibleTab", - "comparison": "isEqualTo", - "value": "tab3" - }, - "name": "tab3" - }, - { - "type": 12, - "content": { - "version": "NotebookGroup/1.0", - "groupType": "editable", - "items": [ - { - "type": 9, - "content": { - "version": "KqlParameterItem/1.0", - "crossComponentResources": [ - "{Subscription}" - ], - "parameters": [ - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query32Stats", - "type": 1, - "query": "resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", - "crossComponentResources": [ - "{Subscription}" - ], - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query32FullyCompliant", - "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query32Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 8 - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query33Stats", - "type": 1, - "query": "resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", - "crossComponentResources": [ - "{Subscription}" - ], - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query33FullyCompliant", - "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query33Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 8 - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query34Stats", - "type": 1, - "query": "resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", - "crossComponentResources": [ - "{Subscription}" - ], - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query34FullyCompliant", - "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query34Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 8 - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query35Stats", - "type": 1, - "query": "resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", - "crossComponentResources": [ - "{Subscription}" - ], - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query35FullyCompliant", - "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query35Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 8 - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Tab4Success", - "type": 1, - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "criteriaData": [ - { - "criteriaContext": { - "operator": "Default", - "resultValType": "expression", - "resultVal": "{Query32Stats:$.Success}+{Query33Stats:$.Success}+{Query34Stats:$.Success}+{Query35Stats:$.Success}" - } - } - ] - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Tab4Total", - "type": 1, - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "criteriaData": [ - { - "criteriaContext": { - "operator": "Default", - "resultValType": "expression", - "resultVal": "{Query32Stats:$.Total}+{Query33Stats:$.Total}+{Query34Stats:$.Total}+{Query35Stats:$.Total}" - } - } - ] - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Tab4Percent", - "type": 1, - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "criteriaData": [ - { - "criteriaContext": { - "operator": "Default", - "resultValType": "expression", - "resultVal": "round(100*{Tab4Success}/{Tab4Total})" - } - } - ] - } - ], - "style": "pills", - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - "name": "TabInvisibleParameters" - }, - { - "type": 1, - "content": { - "json": "## Virtual WAN" - }, - "customWidth": "50", - "name": "tab4title" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"Column1\\\": \\\"{Tab4Percent}\\\", \\\"Column2\\\": \\\"Percent of successful checks\\\"}\",\"transformers\":null}", - "size": 3, - "queryType": 8, - "visualization": "tiles", - "tileSettings": { - "titleContent": { - "columnMatch": "Column1", - "formatter": 4, - "formatOptions": { - "min": 0, - "max": 100, - "palette": "redGreen" - }, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - "subtitleContent": { - "columnMatch": "Column2" - }, - "showBorder": true - } - }, - "customWidth": "50", - "name": "TabPercentTile" - }, - { - "type": 1, - "content": { - "json": "For outbound Internet traffic protection and filtering, deploy Azure Firewall in secured hubs. Check [this link](https://learn.microsoft.com/azure/virtual-wan/howto-firewall) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this." - }, - "name": "querytext32" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query32" - }, - { - "type": 1, - "content": { - "json": "Do not disable branch-to-branch traffic in Virtual WAN, unless these flows should be explicitly blocked. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#is-branch-to-branch-connectivity-allowed-in-virtual-wan) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this." - }, - "name": "querytext33" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query33" - }, - { - "type": 1, - "content": { - "json": "Use AS-Path as hub routing preference, since it is more flexible than ExpressRoute or VPN. Check [this link](https://learn.microsoft.com/azure/virtual-wan/about-virtual-hub-routing-preference) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this." - }, - "name": "querytext34" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query34" - }, - { - "type": 1, - "content": { - "json": "Assign at least a /23 prefix to virtual hubs to ensure enough IP space is available. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#what-is-the-recommended-hub-address-space-during-hub-creation) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this." - }, - "name": "querytext35" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query35" - } - ] - }, - "conditionalVisibility": { - "parameterName": "VisibleTab", - "comparison": "isEqualTo", - "value": "tab4" - }, - "name": "tab4" - }, - { - "type": 12, - "content": { - "version": "NotebookGroup/1.0", - "groupType": "editable", - "items": [ - { - "type": 9, - "content": { - "version": "KqlParameterItem/1.0", - "crossComponentResources": [ - "{Subscription}" - ], - "parameters": [ - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query26Stats", - "type": 1, - "query": "resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", - "crossComponentResources": [ - "{Subscription}" - ], - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query26FullyCompliant", - "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query26Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 8 - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Tab5Success", - "type": 1, - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "criteriaData": [ - { - "criteriaContext": { - "operator": "Default", - "resultValType": "expression", - "resultVal": "{Query26Stats:$.Success}" - } - } - ] - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Tab5Total", - "type": 1, - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "criteriaData": [ - { - "criteriaContext": { - "operator": "Default", - "resultValType": "expression", - "resultVal": "{Query26Stats:$.Total}" - } - } - ] - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Tab5Percent", - "type": 1, - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "criteriaData": [ - { - "criteriaContext": { - "operator": "Default", - "resultValType": "expression", - "resultVal": "round(100*{Tab5Success}/{Tab5Total})" - } - } - ] - } - ], - "style": "pills", - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - "name": "TabInvisibleParameters" - }, - { - "type": 1, - "content": { - "json": "## PaaS" - }, - "customWidth": "50", - "name": "tab5title" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"Column1\\\": \\\"{Tab5Percent}\\\", \\\"Column2\\\": \\\"Percent of successful checks\\\"}\",\"transformers\":null}", - "size": 3, - "queryType": 8, - "visualization": "tiles", - "tileSettings": { - "titleContent": { - "columnMatch": "Column1", - "formatter": 4, - "formatOptions": { - "min": 0, - "max": 100, - "palette": "redGreen" - }, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - "subtitleContent": { - "columnMatch": "Column2" - }, - "showBorder": true - } - }, - "customWidth": "50", - "name": "TabPercentTile" - }, - { - "type": 1, - "content": { - "json": "Don't enable virtual network service endpoints by default on all subnets. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-service-endpoints-overview) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn) can help to educate yourself on this." - }, - "name": "querytext26" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query26" - } - ] - }, - "conditionalVisibility": { - "parameterName": "VisibleTab", - "comparison": "isEqualTo", - "value": "tab5" - }, - "name": "tab5" - }, - { - "type": 12, - "content": { - "version": "NotebookGroup/1.0", - "groupType": "editable", - "items": [ - { - "type": 9, - "content": { - "version": "KqlParameterItem/1.0", - "crossComponentResources": [ - "{Subscription}" - ], - "parameters": [ - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query6Stats", - "type": 1, - "query": "resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\.|172\\.(1[6-9]|2[0-9]|3[01])\\.|192\\.168\\.)') | project id, compliant, cidr| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", - "crossComponentResources": [ - "{Subscription}" - ], - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query6FullyCompliant", - "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query6Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 8 - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query7Stats", - "type": 1, - "query": "resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", - "crossComponentResources": [ - "{Subscription}" - ], - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query7FullyCompliant", - "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query7Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 8 - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query8Stats", - "type": 1, - "query": "Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", - "crossComponentResources": [ - "{Subscription}" - ], - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Query8FullyCompliant", - "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query8Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "queryType": 8 - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Tab6Success", - "type": 1, - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "criteriaData": [ - { - "criteriaContext": { - "operator": "Default", - "resultValType": "expression", - "resultVal": "{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}" - } - } - ] - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Tab6Total", - "type": 1, - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "criteriaData": [ - { - "criteriaContext": { - "operator": "Default", - "resultValType": "expression", - "resultVal": "{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}" - } - } - ] - }, - { - "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", - "version": "KqlParameterItem/1.0", - "name": "Tab6Percent", - "type": 1, - "isHiddenWhenLocked": true, - "timeContext": { - "durationMs": 86400000 - }, - "criteriaData": [ - { - "criteriaContext": { - "operator": "Default", - "resultValType": "expression", - "resultVal": "round(100*{Tab6Success}/{Tab6Total})" - } - } - ] - } - ], - "style": "pills", - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources" - }, - "name": "TabInvisibleParameters" - }, - { - "type": 1, - "content": { - "json": "## IP plan" - }, - "customWidth": "50", - "name": "tab6title" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"Column1\\\": \\\"{Tab6Percent}\\\", \\\"Column2\\\": \\\"Percent of successful checks\\\"}\",\"transformers\":null}", - "size": 3, - "queryType": 8, - "visualization": "tiles", - "tileSettings": { - "titleContent": { - "columnMatch": "Column1", - "formatter": 4, - "formatOptions": { - "min": 0, - "max": 100, - "palette": "redGreen" - }, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - "subtitleContent": { - "columnMatch": "Column2" - }, - "showBorder": true - } - }, - "customWidth": "50", - "name": "TabPercentTile" - }, - { - "type": 1, - "content": { - "json": "Use IP addresses from the address allocation ranges for private internets (RFC 1918). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this." - }, - "name": "querytext6" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\.|172\\.(1[6-9]|2[0-9]|3[01])\\.|192\\.168\\.)') | project id, compliant, cidr | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query6" - }, - { - "type": 1, - "content": { - "json": "Ensure that IP address space isn't wasted, don't create unnecessarily large virtual networks (for example /16). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this." - }, - "name": "querytext7" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query7" - }, - { - "type": 1, - "content": { - "json": "Use Standard SKU and Zone-Redundant IPs when applicable, Public IP addresses in Azure can be of standard SKU, available as non-zonal, zonal, or zone-redundant. Zone-redundant IPs are accessible across all zones, resisting any single zone failure, thereby providing higher resilience. Check [this link](https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone) for further information.. [This training](https://learn.microsoft.com/en-gb/training/modules/configure-virtual-networks/6-create-public-ip-addressing) can help to educate yourself on this." - }, - "name": "querytext8" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query8" - } - ] - }, "conditionalVisibility": { "parameterName": "VisibleTab", "comparison": "isEqualTo", @@ -3758,9 +3758,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query22Stats", + "name": "Query0Stats", "type": 1, - "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", "crossComponentResources": [ "{Subscription}" ], @@ -3774,9 +3774,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query22FullyCompliant", + "name": "Query0FullyCompliant", "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query22Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query0Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", "isHiddenWhenLocked": true, "timeContext": { "durationMs": 86400000 @@ -3786,9 +3786,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query27Stats", + "name": "Query1Stats", "type": 1, - "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "query": "resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", "crossComponentResources": [ "{Subscription}" ], @@ -3802,9 +3802,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query27FullyCompliant", + "name": "Query1FullyCompliant", "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query27Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query1Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", "isHiddenWhenLocked": true, "timeContext": { "durationMs": 86400000 @@ -3814,9 +3814,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query28Stats", + "name": "Query2Stats", "type": 1, - "query": "resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "query": "resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", "crossComponentResources": [ "{Subscription}" ], @@ -3830,9 +3830,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query28FullyCompliant", + "name": "Query2FullyCompliant", "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query28Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query2Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", "isHiddenWhenLocked": true, "timeContext": { "durationMs": 86400000 @@ -3842,9 +3842,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query29Stats", + "name": "Query3Stats", "type": 1, - "query": "resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "query": "resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", "crossComponentResources": [ "{Subscription}" ], @@ -3858,9 +3858,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query29FullyCompliant", + "name": "Query3FullyCompliant", "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query29Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query3Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", "isHiddenWhenLocked": true, "timeContext": { "durationMs": 86400000 @@ -3870,9 +3870,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query30Stats", + "name": "Query4Stats", "type": 1, - "query": "resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "query": "resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", "crossComponentResources": [ "{Subscription}" ], @@ -3886,9 +3886,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query30FullyCompliant", + "name": "Query4FullyCompliant", "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query30Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query4Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", "isHiddenWhenLocked": true, "timeContext": { "durationMs": 86400000 @@ -3898,9 +3898,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query31Stats", + "name": "Query5Stats", "type": 1, - "query": "resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", + "query": "resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses))| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())", "crossComponentResources": [ "{Subscription}" ], @@ -3914,9 +3914,9 @@ { "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb", "version": "KqlParameterItem/1.0", - "name": "Query31FullyCompliant", + "name": "Query5FullyCompliant", "type": 1, - "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query31Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", + "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query5Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}", "isHiddenWhenLocked": true, "timeContext": { "durationMs": 86400000 @@ -3937,7 +3937,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query22Stats:$.Success}+{Query27Stats:$.Success}+{Query28Stats:$.Success}+{Query29Stats:$.Success}+{Query30Stats:$.Success}+{Query31Stats:$.Success}" + "resultVal": "{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}" } } ] @@ -3956,7 +3956,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query22Stats:$.Total}+{Query27Stats:$.Total}+{Query28Stats:$.Total}+{Query29Stats:$.Total}+{Query30Stats:$.Total}+{Query31Stats:$.Total}" + "resultVal": "{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}" } } ] @@ -3990,7 +3990,7 @@ { "type": 1, "content": { - "json": "## Segmentation" + "json": "## Hub and spoke" }, "customWidth": "50", "name": "tab7title" @@ -4031,15 +4031,15 @@ { "type": 1, "content": { - "json": "Use a /26 prefix for your Azure Firewall subnets. Check [this link](https://learn.microsoft.com/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this." + "json": "If using Route Server, use a /27 prefix for the Route Server subnet. Check [this link](https://learn.microsoft.com/azure/route-server/quickstart-configure-route-server-portal#create-a-route-server-1) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-route-server/) can help to educate yourself on this." }, - "name": "querytext22" + "name": "querytext0" }, { "type": 3, "content": { "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", "size": 4, "queryType": 1, "resourceType": "microsoft.resourcegraph/resources", @@ -4088,20 +4088,20 @@ ] } }, - "name": "query22" + "name": "query0" }, { "type": 1, "content": { - "json": "Use at least a /27 prefix for your Gateway subnets. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway) for further information." + "json": "If you have more than 400 spoke networks in a region, deploy an additional hub to bypass VNet peering limits (500) and the maximum number of prefixes that can be advertised via ExpressRoute (1000). Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this." }, - "name": "querytext27" + "name": "querytext1" }, { "type": 3, "content": { "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "query": "resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", "size": 4, "queryType": 1, "resourceType": "microsoft.resourcegraph/resources", @@ -4150,20 +4150,20 @@ ] } }, - "name": "query27" + "name": "query1" }, { "type": 1, "content": { - "json": "Don't rely on the NSG inbound default rules using the VirtualNetwork service tag to limit connectivity. Check [this link](https://learn.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) for further information." + "json": "Limit the number of routes per route table to 400. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this." }, - "name": "querytext28" + "name": "querytext2" }, { "type": 3, "content": { "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "query": "resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", "size": 4, "queryType": 1, "resourceType": "microsoft.resourcegraph/resources", @@ -4212,20 +4212,20 @@ ] } }, - "name": "query28" + "name": "query2" }, { "type": 1, "content": { - "json": "Use NSGs to help protect traffic across subnets, as well as east/west traffic across the platform (traffic between landing zones). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-landing-zone-network-segmentation) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/) can help to educate yourself on this." + "json": "Use the setting 'Allow traffic to remote virtual network' when configuring VNet peerings. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-manage-peering) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this." }, - "name": "querytext29" + "name": "querytext3" }, { "type": 3, "content": { "version": "KqlItem/1.0", - "query": "resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "query": "resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", "size": 4, "queryType": 1, "resourceType": "microsoft.resourcegraph/resources", @@ -4274,20 +4274,20 @@ ] } }, - "name": "query29" + "name": "query3" }, { "type": 1, "content": { - "json": "Enable VNet Flow Logs and feed them into Traffic Analytics to gain insights into internal and external traffic flows. Check [this link](https://learn.microsoft.com/azure/network-watcher/vnet-flow-logs-overview) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/) can help to educate yourself on this." + "json": "Use Standard Load Balancer SKU with a zone-redundant deployment, Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information." }, - "name": "querytext30" + "name": "querytext4" }, { "type": 3, "content": { "version": "KqlItem/1.0", - "query": "resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "query": "resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", "size": 4, "queryType": 1, "resourceType": "microsoft.resourcegraph/resources", @@ -4336,20 +4336,20 @@ ] } }, - "name": "query30" + "name": "query4" }, { "type": 1, "content": { - "json": "Do not implement more than 900 NSG rules per NSG, due to the limit of 1000 rules. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits) for further information.. [This training](https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works) can help to educate yourself on this." + "json": "Ensure load balancer backend pool(s) contains at least two instances, Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information." }, - "name": "querytext31" + "name": "querytext5" }, { "type": 3, "content": { "version": "KqlItem/1.0", - "query": "resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "query": "resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", "size": 4, "queryType": 1, "resourceType": "microsoft.resourcegraph/resources", @@ -4398,7 +4398,7 @@ ] } }, - "name": "query31" + "name": "query5" } ] }, diff --git a/workbooks/alz_checklist.en_network_tabcounters_template.json b/workbooks/alz_checklist.en_network_tabcounters_template.json index 32326795..4e6a4f82 100644 --- a/workbooks/alz_checklist.en_network_tabcounters_template.json +++ b/workbooks/alz_checklist.en_network_tabcounters_template.json @@ -41,7 +41,7 @@ "dependsOn": [], "properties": { "displayName": "[parameters('workbookDisplayName')]", - "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Landing Zone Review - Network\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"100\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"ffc15262-806d-4382-9b27-f59418758348\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Hub and spoke\",\n \"subTarget\": \"tab0\",\n \"preText\": \"Hub and spoke\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"2b1c89f0-e116-4141-8274-dcfe612ff858\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Firewall\",\n \"subTarget\": \"tab1\",\n \"preText\": \"Firewall\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"1ec51538-172a-4b16-8c38-6b743ee3433b\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Internet\",\n \"subTarget\": \"tab2\",\n \"preText\": \"Internet\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"f7dbc4f7-55df-4c6e-b937-8990911d5c18\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Hybrid\",\n \"subTarget\": \"tab3\",\n \"preText\": \"Hybrid\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"7f24e682-2135-4494-8a7a-1a5a852813ce\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Virtual WAN\",\n \"subTarget\": \"tab4\",\n \"preText\": \"Virtual WAN\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"0ef2e578-74fb-43aa-ad3f-348dd330f8eb\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"PaaS\",\n \"subTarget\": \"tab5\",\n \"preText\": \"PaaS\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"00911c16-eaa6-40c1-b872-18d7e17eff56\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"IP plan\",\n \"subTarget\": \"tab6\",\n \"preText\": \"IP plan\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"ac245721-6a05-4854-9d86-5899c8d07868\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Segmentation\",\n \"subTarget\": \"tab7\",\n \"preText\": \"Segmentation\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query0Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query1Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query2Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query3Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query4Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses))| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query5Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab0Success}/{Tab0Total})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"TabInvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Hub and spoke\"\n },\n \"customWidth\": \"50\",\n \"name\": \"tab0title\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"Column1\\\\\\\": \\\\\\\"{Tab0Percent}\\\\\\\", \\\\\\\"Column2\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 3,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"Column1\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n },\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"Column2\"\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"TabPercentTile\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If using Route Server, use a /27 prefix for the Route Server subnet. Check [this link](https://learn.microsoft.com/azure/route-server/quickstart-configure-route-server-portal#create-a-route-server-1) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-route-server/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you have more than 400 spoke networks in a region, deploy an additional hub to bypass VNet peering limits (500) and the maximum number of prefixes that can be advertised via ExpressRoute (1000). Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Limit the number of routes per route table to 400. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use the setting 'Allow traffic to remote virtual network' when configuring VNet peerings. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-manage-peering) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard Load Balancer SKU with a zone-redundant deployment, Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure load balancer backend pool(s) contains at least two instances, Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query17Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.dnsSettings.enableProxy == true) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query17FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query17Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query18Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.sku.tier == 'Premium') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query18FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query18Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query19Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.threatIntelMode == 'Deny') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query19FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query19Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query20Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.intrusionDetection.mode == 'Deny') | project id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query20FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query20Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query21Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,name,subnetId=tostring(subnets.id), subnetName=tostring(subnets.name),subnetRT=subnets.properties.routeTable.id | where not (subnetName in ('GatewaySubnet', 'AzureFirewallSubnet', 'RouteServerSubnet', 'AzureBastionSubnet')) | extend hasRT = isnotnull(subnetRT) | distinct id, hasRT, subnetId | join kind=fullouter (resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | extend isVWAN=(tolower(split(properties_virtualNetworkPeerings.name, '_')[0]) == 'remotevnettohubpeering') | mv-expand properties.subnets | project id, isVWAN, name, subnetId=tostring(properties_subnets.id), subnetName=tostring(properties_subnets.name) | summarize PeeredToVWAN=max(isVWAN) by id, subnetId | project id, subnetId, isVWANpeer = (PeeredToVWAN == true)) on subnetId | project id=iff(isnotempty(id), id, id1), subnetId=iff(isnotempty(subnetId), subnetId, subnetId1), hasRT, isVWANpeer | extend compliant = (hasRT==true or isVWANpeer==true) | distinct id, subnetId, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query21FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query21Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query23Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/firewallPolicies' | where array_length(properties.firewalls) > 0 | extend compliant = (properties.dnsSettings.enableProxy =~ 'true') | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query23FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query23Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query24Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/azurefirewalls' | where array_length(zones) <= 1 or isnull(zones) | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | project name, id, tags, param1='multipleZones:false'| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query24FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query24Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query25Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query25FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query25Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query17Stats:$.Success}+{Query18Stats:$.Success}+{Query19Stats:$.Success}+{Query20Stats:$.Success}+{Query21Stats:$.Success}+{Query23Stats:$.Success}+{Query24Stats:$.Success}+{Query25Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query17Stats:$.Total}+{Query18Stats:$.Total}+{Query19Stats:$.Total}+{Query20Stats:$.Total}+{Query21Stats:$.Total}+{Query23Stats:$.Total}+{Query24Stats:$.Total}+{Query25Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab1Success}/{Tab1Total})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"TabInvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Firewall\"\n },\n \"customWidth\": \"50\",\n \"name\": \"tab1title\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"Column1\\\\\\\": \\\\\\\"{Tab1Percent}\\\\\\\", \\\\\\\"Column2\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 3,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"Column1\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n },\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"Column2\"\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"TabPercentTile\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use application rules to filter outbound traffic on destination host name for supported protocols. Use FQDN-based network rules and Azure Firewall with DNS proxy to filter egress traffic to the Internet over other protocols. Check [this link](https://learn.microsoft.com/azure/firewall/fqdn-filtering-network-rules) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext17\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.dnsSettings.enableProxy == true) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query17\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Firewall Premium to enable additional security features. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext18\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.sku.tier == 'Premium') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query18\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall Threat Intelligence mode to Alert and Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps-signature-rules) for further information.\"\n },\n \"name\": \"querytext19\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.threatIntelMode == 'Deny') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query19\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall IDPS mode to Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext20\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.intrusionDetection.mode == 'Deny') | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query20\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For subnets in VNets not connected to Virtual WAN, attach a route table so that Internet traffic is redirected to Azure Firewall or a Network Virtual Appliance. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-networks-udr-overview) for further information.\"\n },\n \"name\": \"querytext21\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,name,subnetId=tostring(subnets.id), subnetName=tostring(subnets.name),subnetRT=subnets.properties.routeTable.id | where not (subnetName in ('GatewaySubnet', 'AzureFirewallSubnet', 'RouteServerSubnet', 'AzureBastionSubnet')) | extend hasRT = isnotnull(subnetRT) | distinct id, hasRT, subnetId | join kind=fullouter (resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | extend isVWAN=(tolower(split(properties_virtualNetworkPeerings.name, '_')[0]) == 'remotevnettohubpeering') | mv-expand properties.subnets | project id, isVWAN, name, subnetId=tostring(properties_subnets.id), subnetName=tostring(properties_subnets.name) | summarize PeeredToVWAN=max(isVWAN) by id, subnetId | project id, subnetId, isVWANpeer = (PeeredToVWAN == true)) on subnetId | project id=iff(isnotempty(id), id, id1), subnetId=iff(isnotempty(subnetId), subnetId, subnetId1), hasRT, isVWANpeer | extend compliant = (hasRT==true or isVWANpeer==true) | distinct id, subnetId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query21\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable Azure Firewall DNS proxy configuration. Check [this link](https://learn.microsoft.com/azure/firewall/dns-details) for further information.. [This training](https://learn.microsoft.com/training/courses/az-700t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext23\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/firewallPolicies' | where array_length(properties.firewalls) > 0 | extend compliant = (properties.dnsSettings.enableProxy =~ 'true') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query23\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Azure Firewall across multiple availability zones. Azure Firewall offers different SLAs depending on its deployment; in a single availability zone or across multiple, potentially improving reliability and performance. Check [this link](https://learn.microsoft.com/azure/firewall/deploy-availability-zone-powershell) for further information.. [This training](https://learn.microsoft.com/training/courses/az-104t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext24\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/azurefirewalls' | where array_length(zones) <= 1 or isnull(zones) | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | project name, id, tags, param1='multipleZones:false' | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query24\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure DDoS Protection on the Azure Firewall VNet, Associate a DDoS protection plan with the virtual network hosting Azure Firewall to provide enhanced mitigation against DDoS attacks. Azure Firewall Manager integrates the creation of firewall infrastructure and DDoS protection plans. Check [this link](https://learn.microsoft.com/en-gb/azure/ddos-protection/ddos-protection-overview) for further information.\"\n },\n \"name\": \"querytext25\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query25\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab1\"\n },\n \"name\": \"tab1\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query9Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query9Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query9Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab2Success}/{Tab2Total})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"TabInvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Internet\"\n },\n \"customWidth\": \"50\",\n \"name\": \"tab2title\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"Column1\\\\\\\": \\\\\\\"{Tab2Percent}\\\\\\\", \\\\\\\"Column2\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 3,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"Column1\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n },\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"Column2\"\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"TabPercentTile\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Bastion in a subnet /26 or larger. Check [this link](https://learn.microsoft.com/azure/bastion/bastion-faq#subnet) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-bastion/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab2\"\n },\n \"name\": \"tab2\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query10Stats\",\n \"type\": 1,\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query10FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query10Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query11Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query11FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query11Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query12Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query12FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query12Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query13Stats\",\n \"type\": 1,\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query13FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query13Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query14Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query14FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query14Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query15Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query15FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query15Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query16Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation))| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query16FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query16Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query10Stats:$.Success}+{Query11Stats:$.Success}+{Query12Stats:$.Success}+{Query13Stats:$.Success}+{Query14Stats:$.Success}+{Query15Stats:$.Success}+{Query16Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query10Stats:$.Total}+{Query11Stats:$.Total}+{Query12Stats:$.Total}+{Query13Stats:$.Total}+{Query14Stats:$.Total}+{Query15Stats:$.Total}+{Query16Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab3Success}/{Tab3Total})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"TabInvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Hybrid\"\n },\n \"customWidth\": \"50\",\n \"name\": \"tab3title\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"Column1\\\\\\\": \\\\\\\"{Tab3Percent}\\\\\\\", \\\\\\\"Column2\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 3,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"Column1\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n },\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"Column2\"\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"TabPercentTile\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Select the right SKU for the ExpressRoute/VPN gateways based on bandwidth and performance requirements. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways?source=recommendations#gwsku) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext10\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query10\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that you're using unlimited-data ExpressRoute circuits only if you reach the bandwidth that justifies their cost. Check [this link](https://learn.microsoft.com/azure/expressroute/plan-manage-cost) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext11\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query11\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Leverage the Local SKU of ExpressRoute to reduce the cost of your circuits, if your circuit peering location supports your Azure regions for the Local SKU. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-faqs#expressroute-local) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext12\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query12\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy a zone-redundant ExpressRoute gateway in the supported Azure regions. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext13\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query13\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use zone-redundant VPN gateways to connect branches or remote locations to Azure (where available). Check [this link](https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-vpn-gateway/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext14\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query14\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use ExpressRoute circuits from different peering locations for redundancy. Check [this link](https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext15\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query15\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you are using a route table in the GatewaySubnet, make sure that gateway routes are propagated. Check [this link](https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub) for further information.\"\n },\n \"name\": \"querytext16\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query16\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab3\"\n },\n \"name\": \"tab3\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query32Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query32FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query32Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query33Stats\",\n \"type\": 1,\n \"query\": \"resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query33FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query33Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query34Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query34FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query34Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query35Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query35FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query35Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query32Stats:$.Success}+{Query33Stats:$.Success}+{Query34Stats:$.Success}+{Query35Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query32Stats:$.Total}+{Query33Stats:$.Total}+{Query34Stats:$.Total}+{Query35Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab4Success}/{Tab4Total})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"TabInvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Virtual WAN\"\n },\n \"customWidth\": \"50\",\n \"name\": \"tab4title\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"Column1\\\\\\\": \\\\\\\"{Tab4Percent}\\\\\\\", \\\\\\\"Column2\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 3,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"Column1\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n },\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"Column2\"\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"TabPercentTile\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For outbound Internet traffic protection and filtering, deploy Azure Firewall in secured hubs. Check [this link](https://learn.microsoft.com/azure/virtual-wan/howto-firewall) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext32\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query32\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not disable branch-to-branch traffic in Virtual WAN, unless these flows should be explicitly blocked. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#is-branch-to-branch-connectivity-allowed-in-virtual-wan) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext33\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query33\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use AS-Path as hub routing preference, since it is more flexible than ExpressRoute or VPN. Check [this link](https://learn.microsoft.com/azure/virtual-wan/about-virtual-hub-routing-preference) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext34\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query34\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Assign at least a /23 prefix to virtual hubs to ensure enough IP space is available. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#what-is-the-recommended-hub-address-space-during-hub-creation) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext35\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query35\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab4\"\n },\n \"name\": \"tab4\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query26Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query26FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query26Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab5Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query26Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab5Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query26Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab5Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab5Success}/{Tab5Total})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"TabInvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## PaaS\"\n },\n \"customWidth\": \"50\",\n \"name\": \"tab5title\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"Column1\\\\\\\": \\\\\\\"{Tab5Percent}\\\\\\\", \\\\\\\"Column2\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 3,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"Column1\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n },\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"Column2\"\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"TabPercentTile\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't enable virtual network service endpoints by default on all subnets. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-service-endpoints-overview) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn) can help to educate yourself on this.\"\n },\n \"name\": \"querytext26\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query26\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab5\"\n },\n \"name\": \"tab5\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\\\.|172\\\\.(1[6-9]|2[0-9]|3[01])\\\\.|192\\\\.168\\\\.)') | project id, compliant, cidr| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query6Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query7Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8Stats\",\n \"type\": 1,\n \"query\": \"Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query8Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab6Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab6Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab6Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab6Success}/{Tab6Total})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"TabInvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## IP plan\"\n },\n \"customWidth\": \"50\",\n \"name\": \"tab6title\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"Column1\\\\\\\": \\\\\\\"{Tab6Percent}\\\\\\\", \\\\\\\"Column2\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 3,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"Column1\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n },\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"Column2\"\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"TabPercentTile\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use IP addresses from the address allocation ranges for private internets (RFC 1918). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\\\.|172\\\\.(1[6-9]|2[0-9]|3[01])\\\\.|192\\\\.168\\\\.)') | project id, compliant, cidr | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that IP address space isn't wasted, don't create unnecessarily large virtual networks (for example /16). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard SKU and Zone-Redundant IPs when applicable, Public IP addresses in Azure can be of standard SKU, available as non-zonal, zonal, or zone-redundant. Zone-redundant IPs are accessible across all zones, resisting any single zone failure, thereby providing higher resilience. Check [this link](https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone) for further information.. [This training](https://learn.microsoft.com/en-gb/training/modules/configure-virtual-networks/6-create-public-ip-addressing) can help to educate yourself on this.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab6\"\n },\n \"name\": \"tab6\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query22Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query22FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query22Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query27Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query27FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query27Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query28Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query28FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query28Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query29Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query29FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query29Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query30Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query30FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query30Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query31Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query31FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query31Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab7Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query22Stats:$.Success}+{Query27Stats:$.Success}+{Query28Stats:$.Success}+{Query29Stats:$.Success}+{Query30Stats:$.Success}+{Query31Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab7Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query22Stats:$.Total}+{Query27Stats:$.Total}+{Query28Stats:$.Total}+{Query29Stats:$.Total}+{Query30Stats:$.Total}+{Query31Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab7Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab7Success}/{Tab7Total})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"TabInvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Segmentation\"\n },\n \"customWidth\": \"50\",\n \"name\": \"tab7title\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"Column1\\\\\\\": \\\\\\\"{Tab7Percent}\\\\\\\", \\\\\\\"Column2\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 3,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"Column1\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n },\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"Column2\"\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"TabPercentTile\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use a /26 prefix for your Azure Firewall subnets. Check [this link](https://learn.microsoft.com/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext22\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query22\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use at least a /27 prefix for your Gateway subnets. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway) for further information.\"\n },\n \"name\": \"querytext27\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query27\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't rely on the NSG inbound default rules using the VirtualNetwork service tag to limit connectivity. Check [this link](https://learn.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) for further information.\"\n },\n \"name\": \"querytext28\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query28\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use NSGs to help protect traffic across subnets, as well as east/west traffic across the platform (traffic between landing zones). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-landing-zone-network-segmentation) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext29\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query29\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable VNet Flow Logs and feed them into Traffic Analytics to gain insights into internal and external traffic flows. Check [this link](https://learn.microsoft.com/azure/network-watcher/vnet-flow-logs-overview) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext30\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query30\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not implement more than 900 NSG rules per NSG, due to the limit of 1000 rules. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits) for further information.. [This training](https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works) can help to educate yourself on this.\"\n },\n \"name\": \"querytext31\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query31\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab7\"\n },\n \"name\": \"tab7\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}", + "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Landing Zone Review - Network\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"100\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"380fffbd-7fa8-48a6-aaa0-481729d418ad\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Segmentation\",\n \"subTarget\": \"tab0\",\n \"preText\": \"Segmentation\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"6106fd0c-0859-4b59-9e90-6a144bf66aa7\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Virtual WAN\",\n \"subTarget\": \"tab1\",\n \"preText\": \"Virtual WAN\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"983ceb56-8b92-4497-89cd-014831b104f8\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Hybrid\",\n \"subTarget\": \"tab2\",\n \"preText\": \"Hybrid\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"2c028894-e282-444f-a68e-46406128cbd6\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"PaaS\",\n \"subTarget\": \"tab3\",\n \"preText\": \"PaaS\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"5fbbdc80-c4c6-4f58-8781-72ef45b1d123\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"IP plan\",\n \"subTarget\": \"tab4\",\n \"preText\": \"IP plan\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"5c5e43dd-7736-4509-8aea-595c98e2a82c\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Firewall\",\n \"subTarget\": \"tab5\",\n \"preText\": \"Firewall\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"3439b9ae-525d-4691-a36e-0cb9e5736e08\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Internet\",\n \"subTarget\": \"tab6\",\n \"preText\": \"Internet\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"71d6d98f-1b1d-4136-81d4-84705f004722\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Hub and spoke\",\n \"subTarget\": \"tab7\",\n \"preText\": \"Hub and spoke\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query22Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query22FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query22Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query27Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query27FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query27Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query28Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query28FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query28Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query29Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query29FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query29Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query30Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query30FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query30Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query31Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query31FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query31Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query22Stats:$.Success}+{Query27Stats:$.Success}+{Query28Stats:$.Success}+{Query29Stats:$.Success}+{Query30Stats:$.Success}+{Query31Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query22Stats:$.Total}+{Query27Stats:$.Total}+{Query28Stats:$.Total}+{Query29Stats:$.Total}+{Query30Stats:$.Total}+{Query31Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab0Success}/{Tab0Total})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"TabInvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Segmentation\"\n },\n \"customWidth\": \"50\",\n \"name\": \"tab0title\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"Column1\\\\\\\": \\\\\\\"{Tab0Percent}\\\\\\\", \\\\\\\"Column2\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 3,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"Column1\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n },\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"Column2\"\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"TabPercentTile\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use a /26 prefix for your Azure Firewall subnets. Check [this link](https://learn.microsoft.com/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext22\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query22\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use at least a /27 prefix for your Gateway subnets. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway) for further information.\"\n },\n \"name\": \"querytext27\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query27\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't rely on the NSG inbound default rules using the VirtualNetwork service tag to limit connectivity. Check [this link](https://learn.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) for further information.\"\n },\n \"name\": \"querytext28\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query28\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use NSGs to help protect traffic across subnets, as well as east/west traffic across the platform (traffic between landing zones). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-landing-zone-network-segmentation) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext29\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query29\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable VNet Flow Logs and feed them into Traffic Analytics to gain insights into internal and external traffic flows. Check [this link](https://learn.microsoft.com/azure/network-watcher/vnet-flow-logs-overview) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext30\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query30\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not implement more than 900 NSG rules per NSG, due to the limit of 1000 rules. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits) for further information.. [This training](https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works) can help to educate yourself on this.\"\n },\n \"name\": \"querytext31\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query31\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query32Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query32FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query32Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query33Stats\",\n \"type\": 1,\n \"query\": \"resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query33FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query33Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query34Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query34FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query34Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query35Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query35FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query35Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query32Stats:$.Success}+{Query33Stats:$.Success}+{Query34Stats:$.Success}+{Query35Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query32Stats:$.Total}+{Query33Stats:$.Total}+{Query34Stats:$.Total}+{Query35Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab1Success}/{Tab1Total})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"TabInvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Virtual WAN\"\n },\n \"customWidth\": \"50\",\n \"name\": \"tab1title\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"Column1\\\\\\\": \\\\\\\"{Tab1Percent}\\\\\\\", \\\\\\\"Column2\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 3,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"Column1\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n },\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"Column2\"\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"TabPercentTile\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For outbound Internet traffic protection and filtering, deploy Azure Firewall in secured hubs. Check [this link](https://learn.microsoft.com/azure/virtual-wan/howto-firewall) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext32\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query32\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not disable branch-to-branch traffic in Virtual WAN, unless these flows should be explicitly blocked. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#is-branch-to-branch-connectivity-allowed-in-virtual-wan) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext33\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query33\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use AS-Path as hub routing preference, since it is more flexible than ExpressRoute or VPN. Check [this link](https://learn.microsoft.com/azure/virtual-wan/about-virtual-hub-routing-preference) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext34\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query34\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Assign at least a /23 prefix to virtual hubs to ensure enough IP space is available. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#what-is-the-recommended-hub-address-space-during-hub-creation) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext35\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query35\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab1\"\n },\n \"name\": \"tab1\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query10Stats\",\n \"type\": 1,\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query10FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query10Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query11Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query11FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query11Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query12Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query12FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query12Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query13Stats\",\n \"type\": 1,\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query13FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query13Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query14Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query14FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query14Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query15Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query15FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query15Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query16Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation))| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query16FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query16Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query10Stats:$.Success}+{Query11Stats:$.Success}+{Query12Stats:$.Success}+{Query13Stats:$.Success}+{Query14Stats:$.Success}+{Query15Stats:$.Success}+{Query16Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query10Stats:$.Total}+{Query11Stats:$.Total}+{Query12Stats:$.Total}+{Query13Stats:$.Total}+{Query14Stats:$.Total}+{Query15Stats:$.Total}+{Query16Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab2Success}/{Tab2Total})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"TabInvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Hybrid\"\n },\n \"customWidth\": \"50\",\n \"name\": \"tab2title\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"Column1\\\\\\\": \\\\\\\"{Tab2Percent}\\\\\\\", \\\\\\\"Column2\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 3,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"Column1\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n },\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"Column2\"\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"TabPercentTile\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Select the right SKU for the ExpressRoute/VPN gateways based on bandwidth and performance requirements. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways?source=recommendations#gwsku) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext10\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query10\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that you're using unlimited-data ExpressRoute circuits only if you reach the bandwidth that justifies their cost. Check [this link](https://learn.microsoft.com/azure/expressroute/plan-manage-cost) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext11\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query11\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Leverage the Local SKU of ExpressRoute to reduce the cost of your circuits, if your circuit peering location supports your Azure regions for the Local SKU. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-faqs#expressroute-local) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext12\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query12\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy a zone-redundant ExpressRoute gateway in the supported Azure regions. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext13\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query13\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use zone-redundant VPN gateways to connect branches or remote locations to Azure (where available). Check [this link](https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-vpn-gateway/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext14\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query14\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use ExpressRoute circuits from different peering locations for redundancy. Check [this link](https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext15\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query15\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you are using a route table in the GatewaySubnet, make sure that gateway routes are propagated. Check [this link](https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub) for further information.\"\n },\n \"name\": \"querytext16\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query16\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab2\"\n },\n \"name\": \"tab2\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query26Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query26FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query26Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query26Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query26Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab3Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab3Success}/{Tab3Total})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"TabInvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## PaaS\"\n },\n \"customWidth\": \"50\",\n \"name\": \"tab3title\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"Column1\\\\\\\": \\\\\\\"{Tab3Percent}\\\\\\\", \\\\\\\"Column2\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 3,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"Column1\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n },\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"Column2\"\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"TabPercentTile\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't enable virtual network service endpoints by default on all subnets. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-service-endpoints-overview) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn) can help to educate yourself on this.\"\n },\n \"name\": \"querytext26\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query26\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab3\"\n },\n \"name\": \"tab3\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\\\.|172\\\\.(1[6-9]|2[0-9]|3[01])\\\\.|192\\\\.168\\\\.)') | project id, compliant, cidr| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query6Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query7Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8Stats\",\n \"type\": 1,\n \"query\": \"Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query8Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab4Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab4Success}/{Tab4Total})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"TabInvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## IP plan\"\n },\n \"customWidth\": \"50\",\n \"name\": \"tab4title\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"Column1\\\\\\\": \\\\\\\"{Tab4Percent}\\\\\\\", \\\\\\\"Column2\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 3,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"Column1\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n },\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"Column2\"\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"TabPercentTile\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use IP addresses from the address allocation ranges for private internets (RFC 1918). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\\\.|172\\\\.(1[6-9]|2[0-9]|3[01])\\\\.|192\\\\.168\\\\.)') | project id, compliant, cidr | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that IP address space isn't wasted, don't create unnecessarily large virtual networks (for example /16). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard SKU and Zone-Redundant IPs when applicable, Public IP addresses in Azure can be of standard SKU, available as non-zonal, zonal, or zone-redundant. Zone-redundant IPs are accessible across all zones, resisting any single zone failure, thereby providing higher resilience. Check [this link](https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone) for further information.. [This training](https://learn.microsoft.com/en-gb/training/modules/configure-virtual-networks/6-create-public-ip-addressing) can help to educate yourself on this.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab4\"\n },\n \"name\": \"tab4\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query17Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.dnsSettings.enableProxy == true) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query17FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query17Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query18Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.sku.tier == 'Premium') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query18FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query18Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query19Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.threatIntelMode == 'Deny') | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query19FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query19Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query20Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.intrusionDetection.mode == 'Deny') | project id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query20FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query20Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query21Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,name,subnetId=tostring(subnets.id), subnetName=tostring(subnets.name),subnetRT=subnets.properties.routeTable.id | where not (subnetName in ('GatewaySubnet', 'AzureFirewallSubnet', 'RouteServerSubnet', 'AzureBastionSubnet')) | extend hasRT = isnotnull(subnetRT) | distinct id, hasRT, subnetId | join kind=fullouter (resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | extend isVWAN=(tolower(split(properties_virtualNetworkPeerings.name, '_')[0]) == 'remotevnettohubpeering') | mv-expand properties.subnets | project id, isVWAN, name, subnetId=tostring(properties_subnets.id), subnetName=tostring(properties_subnets.name) | summarize PeeredToVWAN=max(isVWAN) by id, subnetId | project id, subnetId, isVWANpeer = (PeeredToVWAN == true)) on subnetId | project id=iff(isnotempty(id), id, id1), subnetId=iff(isnotempty(subnetId), subnetId, subnetId1), hasRT, isVWANpeer | extend compliant = (hasRT==true or isVWANpeer==true) | distinct id, subnetId, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query21FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query21Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query23Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/firewallPolicies' | where array_length(properties.firewalls) > 0 | extend compliant = (properties.dnsSettings.enableProxy =~ 'true') | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query23FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query23Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query24Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/azurefirewalls' | where array_length(zones) <= 1 or isnull(zones) | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | project name, id, tags, param1='multipleZones:false'| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query24FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query24Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query25Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query25FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query25Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab5Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query17Stats:$.Success}+{Query18Stats:$.Success}+{Query19Stats:$.Success}+{Query20Stats:$.Success}+{Query21Stats:$.Success}+{Query23Stats:$.Success}+{Query24Stats:$.Success}+{Query25Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab5Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query17Stats:$.Total}+{Query18Stats:$.Total}+{Query19Stats:$.Total}+{Query20Stats:$.Total}+{Query21Stats:$.Total}+{Query23Stats:$.Total}+{Query24Stats:$.Total}+{Query25Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab5Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab5Success}/{Tab5Total})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"TabInvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Firewall\"\n },\n \"customWidth\": \"50\",\n \"name\": \"tab5title\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"Column1\\\\\\\": \\\\\\\"{Tab5Percent}\\\\\\\", \\\\\\\"Column2\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 3,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"Column1\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n },\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"Column2\"\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"TabPercentTile\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use application rules to filter outbound traffic on destination host name for supported protocols. Use FQDN-based network rules and Azure Firewall with DNS proxy to filter egress traffic to the Internet over other protocols. Check [this link](https://learn.microsoft.com/azure/firewall/fqdn-filtering-network-rules) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext17\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.dnsSettings.enableProxy == true) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query17\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Firewall Premium to enable additional security features. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext18\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.sku.tier == 'Premium') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query18\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall Threat Intelligence mode to Alert and Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps-signature-rules) for further information.\"\n },\n \"name\": \"querytext19\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.threatIntelMode == 'Deny') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query19\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall IDPS mode to Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext20\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.intrusionDetection.mode == 'Deny') | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query20\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For subnets in VNets not connected to Virtual WAN, attach a route table so that Internet traffic is redirected to Azure Firewall or a Network Virtual Appliance. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-networks-udr-overview) for further information.\"\n },\n \"name\": \"querytext21\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,name,subnetId=tostring(subnets.id), subnetName=tostring(subnets.name),subnetRT=subnets.properties.routeTable.id | where not (subnetName in ('GatewaySubnet', 'AzureFirewallSubnet', 'RouteServerSubnet', 'AzureBastionSubnet')) | extend hasRT = isnotnull(subnetRT) | distinct id, hasRT, subnetId | join kind=fullouter (resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | extend isVWAN=(tolower(split(properties_virtualNetworkPeerings.name, '_')[0]) == 'remotevnettohubpeering') | mv-expand properties.subnets | project id, isVWAN, name, subnetId=tostring(properties_subnets.id), subnetName=tostring(properties_subnets.name) | summarize PeeredToVWAN=max(isVWAN) by id, subnetId | project id, subnetId, isVWANpeer = (PeeredToVWAN == true)) on subnetId | project id=iff(isnotempty(id), id, id1), subnetId=iff(isnotempty(subnetId), subnetId, subnetId1), hasRT, isVWANpeer | extend compliant = (hasRT==true or isVWANpeer==true) | distinct id, subnetId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query21\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable Azure Firewall DNS proxy configuration. Check [this link](https://learn.microsoft.com/azure/firewall/dns-details) for further information.. [This training](https://learn.microsoft.com/training/courses/az-700t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext23\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/firewallPolicies' | where array_length(properties.firewalls) > 0 | extend compliant = (properties.dnsSettings.enableProxy =~ 'true') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query23\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Azure Firewall across multiple availability zones. Azure Firewall offers different SLAs depending on its deployment; in a single availability zone or across multiple, potentially improving reliability and performance. Check [this link](https://learn.microsoft.com/azure/firewall/deploy-availability-zone-powershell) for further information.. [This training](https://learn.microsoft.com/training/courses/az-104t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext24\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/azurefirewalls' | where array_length(zones) <= 1 or isnull(zones) | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | project name, id, tags, param1='multipleZones:false' | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query24\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure DDoS Protection on the Azure Firewall VNet, Associate a DDoS protection plan with the virtual network hosting Azure Firewall to provide enhanced mitigation against DDoS attacks. Azure Firewall Manager integrates the creation of firewall infrastructure and DDoS protection plans. Check [this link](https://learn.microsoft.com/en-gb/azure/ddos-protection/ddos-protection-overview) for further information.\"\n },\n \"name\": \"querytext25\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query25\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab5\"\n },\n \"name\": \"tab5\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query9Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab6Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query9Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab6Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query9Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab6Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab6Success}/{Tab6Total})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"TabInvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Internet\"\n },\n \"customWidth\": \"50\",\n \"name\": \"tab6title\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"Column1\\\\\\\": \\\\\\\"{Tab6Percent}\\\\\\\", \\\\\\\"Column2\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 3,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"Column1\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n },\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"Column2\"\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"TabPercentTile\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Bastion in a subnet /26 or larger. Check [this link](https://learn.microsoft.com/azure/bastion/bastion-faq#subnet) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-bastion/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab6\"\n },\n \"name\": \"tab6\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query0Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query1Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query2Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query3Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName)| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query4Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses))| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query5Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab7Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab7Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab7Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab7Success}/{Tab7Total})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"TabInvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Hub and spoke\"\n },\n \"customWidth\": \"50\",\n \"name\": \"tab7title\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"Column1\\\\\\\": \\\\\\\"{Tab7Percent}\\\\\\\", \\\\\\\"Column2\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 3,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"Column1\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n },\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"Column2\"\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"TabPercentTile\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If using Route Server, use a /27 prefix for the Route Server subnet. Check [this link](https://learn.microsoft.com/azure/route-server/quickstart-configure-route-server-portal#create-a-route-server-1) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-route-server/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you have more than 400 spoke networks in a region, deploy an additional hub to bypass VNet peering limits (500) and the maximum number of prefixes that can be advertised via ExpressRoute (1000). Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Limit the number of routes per route table to 400. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use the setting 'Allow traffic to remote virtual network' when configuring VNet peerings. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-manage-peering) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard Load Balancer SKU with a zone-redundant deployment, Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure load balancer backend pool(s) contains at least two instances, Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab7\"\n },\n \"name\": \"tab7\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}", "version": "1.0", "sourceId": "[parameters('workbookSourceId')]", "category": "[parameters('workbookType')]" diff --git a/workbooks/alz_checklist.en_network_workbook.json b/workbooks/alz_checklist.en_network_workbook.json index d6648a23..237f8d36 100644 --- a/workbooks/alz_checklist.en_network_workbook.json +++ b/workbooks/alz_checklist.en_network_workbook.json @@ -70,75 +70,75 @@ "style": "tabs", "links": [ { - "id": "2d66ebbf-d76c-41e2-924d-37aa2017f16f", + "id": "77c3e7f8-6b1c-4f16-b69d-554d1ed51a95", + "cellValue": "VisibleTab", + "linkTarget": "parameter", + "linkLabel": "PaaS", + "subTarget": "tab0", + "preText": "PaaS", + "style": "primary" + }, + { + "id": "b1116a41-4662-4acf-8351-9509bd896a91", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "IP plan", - "subTarget": "tab0", + "subTarget": "tab1", "preText": "IP plan", "style": "primary" }, { - "id": "5b0cd601-0ff5-4d8c-ae83-ad747af66e2c", - "cellValue": "VisibleTab", - "linkTarget": "parameter", - "linkLabel": "Hybrid", - "subTarget": "tab1", - "preText": "Hybrid", - "style": "primary" - }, - { - "id": "7e8c4ad2-2666-4869-8d53-1a424dd681dd", - "cellValue": "VisibleTab", - "linkTarget": "parameter", - "linkLabel": "Internet", - "subTarget": "tab2", - "preText": "Internet", - "style": "primary" - }, - { - "id": "3f3ff143-ee44-4e5d-8b72-2174c1e5a9d8", - "cellValue": "VisibleTab", - "linkTarget": "parameter", - "linkLabel": "Virtual WAN", - "subTarget": "tab3", - "preText": "Virtual WAN", - "style": "primary" - }, - { - "id": "8b6f8c37-fcbf-4d26-9eac-81e8b7fba339", - "cellValue": "VisibleTab", - "linkTarget": "parameter", - "linkLabel": "Firewall", - "subTarget": "tab4", - "preText": "Firewall", - "style": "primary" - }, - { - "id": "158dd687-b0c2-4a40-9755-51ad5903e000", + "id": "568ccb8d-ed0d-4227-9545-8f58637f239d", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "Segmentation", - "subTarget": "tab5", + "subTarget": "tab2", "preText": "Segmentation", "style": "primary" }, { - "id": "8bba8420-0782-4eb8-8529-9cc622edf242", + "id": "ddb5ab79-4279-445a-8072-e350a40e7d06", + "cellValue": "VisibleTab", + "linkTarget": "parameter", + "linkLabel": "Hybrid", + "subTarget": "tab3", + "preText": "Hybrid", + "style": "primary" + }, + { + "id": "fb2d9103-4276-4a8a-9f49-e6f2582e24d6", + "cellValue": "VisibleTab", + "linkTarget": "parameter", + "linkLabel": "Internet", + "subTarget": "tab4", + "preText": "Internet", + "style": "primary" + }, + { + "id": "51617834-5f72-481c-b6be-d6982752a54a", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "Hub and spoke", - "subTarget": "tab6", + "subTarget": "tab5", "preText": "Hub and spoke", "style": "primary" }, { - "id": "5f9ec973-3534-46b1-bd41-30503e976c2d", + "id": "c6064a80-c1e2-4219-b275-c7b4d50010c1", "cellValue": "VisibleTab", "linkTarget": "parameter", - "linkLabel": "PaaS", + "linkLabel": "Virtual WAN", + "subTarget": "tab6", + "preText": "Virtual WAN", + "style": "primary" + }, + { + "id": "8c886ba8-108d-41fd-8113-3ce4d04fa1b5", + "cellValue": "VisibleTab", + "linkTarget": "parameter", + "linkLabel": "Firewall", "subTarget": "tab7", - "preText": "PaaS", + "preText": "Firewall", "style": "primary" } ] @@ -154,10 +154,94 @@ { "type": 1, "content": { - "json": "## IP plan" + "json": "## PaaS" }, "name": "tab0title" }, + { + "type": 1, + "content": { + "json": "Don't enable virtual network service endpoints by default on all subnets. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-service-endpoints-overview) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn) can help to educate yourself on this." + }, + "name": "querytext26" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 0, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query26" + } + ] + }, + "conditionalVisibility": { + "parameterName": "VisibleTab", + "comparison": "isEqualTo", + "value": "tab0" + }, + "name": "tab0" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## IP plan" + }, + "name": "tab1title" + }, { "type": 1, "content": { @@ -349,9 +433,403 @@ "conditionalVisibility": { "parameterName": "VisibleTab", "comparison": "isEqualTo", - "value": "tab0" + "value": "tab1" }, - "name": "tab0" + "name": "tab1" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## Segmentation" + }, + "name": "tab2title" + }, + { + "type": 1, + "content": { + "json": "Use a /26 prefix for your Azure Firewall subnets. Check [this link](https://learn.microsoft.com/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this." + }, + "name": "querytext22" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 0, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query22" + }, + { + "type": 1, + "content": { + "json": "Use at least a /27 prefix for your Gateway subnets. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway) for further information." + }, + "name": "querytext27" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 0, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query27" + }, + { + "type": 1, + "content": { + "json": "Don't rely on the NSG inbound default rules using the VirtualNetwork service tag to limit connectivity. Check [this link](https://learn.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) for further information." + }, + "name": "querytext28" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 0, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query28" + }, + { + "type": 1, + "content": { + "json": "Use NSGs to help protect traffic across subnets, as well as east/west traffic across the platform (traffic between landing zones). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-landing-zone-network-segmentation) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/) can help to educate yourself on this." + }, + "name": "querytext29" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 0, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query29" + }, + { + "type": 1, + "content": { + "json": "Enable VNet Flow Logs and feed them into Traffic Analytics to gain insights into internal and external traffic flows. Check [this link](https://learn.microsoft.com/azure/network-watcher/vnet-flow-logs-overview) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/) can help to educate yourself on this." + }, + "name": "querytext30" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 0, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query30" + }, + { + "type": 1, + "content": { + "json": "Do not implement more than 900 NSG rules per NSG, due to the limit of 1000 rules. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits) for further information.. [This training](https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works) can help to educate yourself on this." + }, + "name": "querytext31" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 0, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query31" + } + ] + }, + "conditionalVisibility": { + "parameterName": "VisibleTab", + "comparison": "isEqualTo", + "value": "tab2" + }, + "name": "tab2" }, { "type": 12, @@ -364,7 +842,7 @@ "content": { "json": "## Hybrid" }, - "name": "tab1title" + "name": "tab3title" }, { "type": 1, @@ -805,9 +1283,9 @@ "conditionalVisibility": { "parameterName": "VisibleTab", "comparison": "isEqualTo", - "value": "tab1" + "value": "tab3" }, - "name": "tab1" + "name": "tab3" }, { "type": 12, @@ -820,7 +1298,7 @@ "content": { "json": "## Internet" }, - "name": "tab2title" + "name": "tab4title" }, { "type": 1, @@ -889,9 +1367,403 @@ "conditionalVisibility": { "parameterName": "VisibleTab", "comparison": "isEqualTo", - "value": "tab2" + "value": "tab4" }, - "name": "tab2" + "name": "tab4" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## Hub and spoke" + }, + "name": "tab5title" + }, + { + "type": 1, + "content": { + "json": "If using Route Server, use a /27 prefix for the Route Server subnet. Check [this link](https://learn.microsoft.com/azure/route-server/quickstart-configure-route-server-portal#create-a-route-server-1) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-route-server/) can help to educate yourself on this." + }, + "name": "querytext0" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 0, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query0" + }, + { + "type": 1, + "content": { + "json": "If you have more than 400 spoke networks in a region, deploy an additional hub to bypass VNet peering limits (500) and the maximum number of prefixes that can be advertised via ExpressRoute (1000). Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this." + }, + "name": "querytext1" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 0, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query1" + }, + { + "type": 1, + "content": { + "json": "Limit the number of routes per route table to 400. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this." + }, + "name": "querytext2" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 0, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query2" + }, + { + "type": 1, + "content": { + "json": "Use the setting 'Allow traffic to remote virtual network' when configuring VNet peerings. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-manage-peering) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this." + }, + "name": "querytext3" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 0, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query3" + }, + { + "type": 1, + "content": { + "json": "Use Standard Load Balancer SKU with a zone-redundant deployment, Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information." + }, + "name": "querytext4" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 0, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query4" + }, + { + "type": 1, + "content": { + "json": "Ensure load balancer backend pool(s) contains at least two instances, Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information." + }, + "name": "querytext5" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 0, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query5" + } + ] + }, + "conditionalVisibility": { + "parameterName": "VisibleTab", + "comparison": "isEqualTo", + "value": "tab5" + }, + "name": "tab5" }, { "type": 12, @@ -904,7 +1776,7 @@ "content": { "json": "## Virtual WAN" }, - "name": "tab3title" + "name": "tab6title" }, { "type": 1, @@ -1159,9 +2031,9 @@ "conditionalVisibility": { "parameterName": "VisibleTab", "comparison": "isEqualTo", - "value": "tab3" + "value": "tab6" }, - "name": "tab3" + "name": "tab6" }, { "type": 12, @@ -1174,7 +2046,7 @@ "content": { "json": "## Firewall" }, - "name": "tab4title" + "name": "tab7title" }, { "type": 1, @@ -1674,878 +2546,6 @@ } ] }, - "conditionalVisibility": { - "parameterName": "VisibleTab", - "comparison": "isEqualTo", - "value": "tab4" - }, - "name": "tab4" - }, - { - "type": 12, - "content": { - "version": "NotebookGroup/1.0", - "groupType": "editable", - "items": [ - { - "type": 1, - "content": { - "json": "## Segmentation" - }, - "name": "tab5title" - }, - { - "type": 1, - "content": { - "json": "Use a /26 prefix for your Azure Firewall subnets. Check [this link](https://learn.microsoft.com/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this." - }, - "name": "querytext22" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 0, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query22" - }, - { - "type": 1, - "content": { - "json": "Use at least a /27 prefix for your Gateway subnets. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway) for further information." - }, - "name": "querytext27" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 0, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query27" - }, - { - "type": 1, - "content": { - "json": "Don't rely on the NSG inbound default rules using the VirtualNetwork service tag to limit connectivity. Check [this link](https://learn.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) for further information." - }, - "name": "querytext28" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 0, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query28" - }, - { - "type": 1, - "content": { - "json": "Use NSGs to help protect traffic across subnets, as well as east/west traffic across the platform (traffic between landing zones). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-landing-zone-network-segmentation) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/) can help to educate yourself on this." - }, - "name": "querytext29" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 0, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query29" - }, - { - "type": 1, - "content": { - "json": "Enable VNet Flow Logs and feed them into Traffic Analytics to gain insights into internal and external traffic flows. Check [this link](https://learn.microsoft.com/azure/network-watcher/vnet-flow-logs-overview) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/) can help to educate yourself on this." - }, - "name": "querytext30" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 0, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query30" - }, - { - "type": 1, - "content": { - "json": "Do not implement more than 900 NSG rules per NSG, due to the limit of 1000 rules. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits) for further information.. [This training](https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works) can help to educate yourself on this." - }, - "name": "querytext31" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 0, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query31" - } - ] - }, - "conditionalVisibility": { - "parameterName": "VisibleTab", - "comparison": "isEqualTo", - "value": "tab5" - }, - "name": "tab5" - }, - { - "type": 12, - "content": { - "version": "NotebookGroup/1.0", - "groupType": "editable", - "items": [ - { - "type": 1, - "content": { - "json": "## Hub and spoke" - }, - "name": "tab6title" - }, - { - "type": 1, - "content": { - "json": "If using Route Server, use a /27 prefix for the Route Server subnet. Check [this link](https://learn.microsoft.com/azure/route-server/quickstart-configure-route-server-portal#create-a-route-server-1) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-route-server/) can help to educate yourself on this." - }, - "name": "querytext0" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 0, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query0" - }, - { - "type": 1, - "content": { - "json": "If you have more than 400 spoke networks in a region, deploy an additional hub to bypass VNet peering limits (500) and the maximum number of prefixes that can be advertised via ExpressRoute (1000). Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this." - }, - "name": "querytext1" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 0, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query1" - }, - { - "type": 1, - "content": { - "json": "Limit the number of routes per route table to 400. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this." - }, - "name": "querytext2" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 0, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query2" - }, - { - "type": 1, - "content": { - "json": "Use the setting 'Allow traffic to remote virtual network' when configuring VNet peerings. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-manage-peering) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this." - }, - "name": "querytext3" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 0, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query3" - }, - { - "type": 1, - "content": { - "json": "Use Standard Load Balancer SKU with a zone-redundant deployment, Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information." - }, - "name": "querytext4" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 0, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query4" - }, - { - "type": 1, - "content": { - "json": "Ensure load balancer backend pool(s) contains at least two instances, Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information." - }, - "name": "querytext5" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 0, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query5" - } - ] - }, - "conditionalVisibility": { - "parameterName": "VisibleTab", - "comparison": "isEqualTo", - "value": "tab6" - }, - "name": "tab6" - }, - { - "type": 12, - "content": { - "version": "NotebookGroup/1.0", - "groupType": "editable", - "items": [ - { - "type": 1, - "content": { - "json": "## PaaS" - }, - "name": "tab7title" - }, - { - "type": 1, - "content": { - "json": "Don't enable virtual network service endpoints by default on all subnets. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-service-endpoints-overview) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn) can help to educate yourself on this." - }, - "name": "querytext26" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 0, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query26" - } - ] - }, "conditionalVisibility": { "parameterName": "VisibleTab", "comparison": "isEqualTo", diff --git a/workbooks/alz_checklist.en_network_workbook_template.json b/workbooks/alz_checklist.en_network_workbook_template.json index 30184362..21600619 100644 --- a/workbooks/alz_checklist.en_network_workbook_template.json +++ b/workbooks/alz_checklist.en_network_workbook_template.json @@ -41,7 +41,7 @@ "dependsOn": [], "properties": { "displayName": "[parameters('workbookDisplayName')]", - "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Landing Zone Review - Network\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"100\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"2d66ebbf-d76c-41e2-924d-37aa2017f16f\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"IP plan\",\n \"subTarget\": \"tab0\",\n \"preText\": \"IP plan\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"5b0cd601-0ff5-4d8c-ae83-ad747af66e2c\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Hybrid\",\n \"subTarget\": \"tab1\",\n \"preText\": \"Hybrid\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"7e8c4ad2-2666-4869-8d53-1a424dd681dd\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Internet\",\n \"subTarget\": \"tab2\",\n \"preText\": \"Internet\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"3f3ff143-ee44-4e5d-8b72-2174c1e5a9d8\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Virtual WAN\",\n \"subTarget\": \"tab3\",\n \"preText\": \"Virtual WAN\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"8b6f8c37-fcbf-4d26-9eac-81e8b7fba339\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Firewall\",\n \"subTarget\": \"tab4\",\n \"preText\": \"Firewall\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"158dd687-b0c2-4a40-9755-51ad5903e000\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Segmentation\",\n \"subTarget\": \"tab5\",\n \"preText\": \"Segmentation\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"8bba8420-0782-4eb8-8529-9cc622edf242\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Hub and spoke\",\n \"subTarget\": \"tab6\",\n \"preText\": \"Hub and spoke\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"5f9ec973-3534-46b1-bd41-30503e976c2d\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"PaaS\",\n \"subTarget\": \"tab7\",\n \"preText\": \"PaaS\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## IP plan\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use IP addresses from the address allocation ranges for private internets (RFC 1918). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\\\.|172\\\\.(1[6-9]|2[0-9]|3[01])\\\\.|192\\\\.168\\\\.)') | project id, compliant, cidr | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that IP address space isn't wasted, don't create unnecessarily large virtual networks (for example /16). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard SKU and Zone-Redundant IPs when applicable, Public IP addresses in Azure can be of standard SKU, available as non-zonal, zonal, or zone-redundant. Zone-redundant IPs are accessible across all zones, resisting any single zone failure, thereby providing higher resilience. Check [this link](https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone) for further information.. [This training](https://learn.microsoft.com/en-gb/training/modules/configure-virtual-networks/6-create-public-ip-addressing) can help to educate yourself on this.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Hybrid\"\n },\n \"name\": \"tab1title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Select the right SKU for the ExpressRoute/VPN gateways based on bandwidth and performance requirements. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways?source=recommendations#gwsku) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext10\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query10\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that you're using unlimited-data ExpressRoute circuits only if you reach the bandwidth that justifies their cost. Check [this link](https://learn.microsoft.com/azure/expressroute/plan-manage-cost) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext11\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query11\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Leverage the Local SKU of ExpressRoute to reduce the cost of your circuits, if your circuit peering location supports your Azure regions for the Local SKU. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-faqs#expressroute-local) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext12\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query12\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy a zone-redundant ExpressRoute gateway in the supported Azure regions. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext13\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query13\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use zone-redundant VPN gateways to connect branches or remote locations to Azure (where available). Check [this link](https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-vpn-gateway/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext14\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query14\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use ExpressRoute circuits from different peering locations for redundancy. Check [this link](https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext15\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query15\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you are using a route table in the GatewaySubnet, make sure that gateway routes are propagated. Check [this link](https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub) for further information.\"\n },\n \"name\": \"querytext16\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query16\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab1\"\n },\n \"name\": \"tab1\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Internet\"\n },\n \"name\": \"tab2title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Bastion in a subnet /26 or larger. Check [this link](https://learn.microsoft.com/azure/bastion/bastion-faq#subnet) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-bastion/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab2\"\n },\n \"name\": \"tab2\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Virtual WAN\"\n },\n \"name\": \"tab3title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For outbound Internet traffic protection and filtering, deploy Azure Firewall in secured hubs. Check [this link](https://learn.microsoft.com/azure/virtual-wan/howto-firewall) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext32\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query32\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not disable branch-to-branch traffic in Virtual WAN, unless these flows should be explicitly blocked. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#is-branch-to-branch-connectivity-allowed-in-virtual-wan) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext33\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query33\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use AS-Path as hub routing preference, since it is more flexible than ExpressRoute or VPN. Check [this link](https://learn.microsoft.com/azure/virtual-wan/about-virtual-hub-routing-preference) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext34\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query34\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Assign at least a /23 prefix to virtual hubs to ensure enough IP space is available. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#what-is-the-recommended-hub-address-space-during-hub-creation) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext35\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query35\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab3\"\n },\n \"name\": \"tab3\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Firewall\"\n },\n \"name\": \"tab4title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use application rules to filter outbound traffic on destination host name for supported protocols. Use FQDN-based network rules and Azure Firewall with DNS proxy to filter egress traffic to the Internet over other protocols. Check [this link](https://learn.microsoft.com/azure/firewall/fqdn-filtering-network-rules) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext17\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.dnsSettings.enableProxy == true) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query17\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Firewall Premium to enable additional security features. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext18\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.sku.tier == 'Premium') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query18\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall Threat Intelligence mode to Alert and Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps-signature-rules) for further information.\"\n },\n \"name\": \"querytext19\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.threatIntelMode == 'Deny') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query19\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall IDPS mode to Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext20\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.intrusionDetection.mode == 'Deny') | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query20\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For subnets in VNets not connected to Virtual WAN, attach a route table so that Internet traffic is redirected to Azure Firewall or a Network Virtual Appliance. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-networks-udr-overview) for further information.\"\n },\n \"name\": \"querytext21\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,name,subnetId=tostring(subnets.id), subnetName=tostring(subnets.name),subnetRT=subnets.properties.routeTable.id | where not (subnetName in ('GatewaySubnet', 'AzureFirewallSubnet', 'RouteServerSubnet', 'AzureBastionSubnet')) | extend hasRT = isnotnull(subnetRT) | distinct id, hasRT, subnetId | join kind=fullouter (resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | extend isVWAN=(tolower(split(properties_virtualNetworkPeerings.name, '_')[0]) == 'remotevnettohubpeering') | mv-expand properties.subnets | project id, isVWAN, name, subnetId=tostring(properties_subnets.id), subnetName=tostring(properties_subnets.name) | summarize PeeredToVWAN=max(isVWAN) by id, subnetId | project id, subnetId, isVWANpeer = (PeeredToVWAN == true)) on subnetId | project id=iff(isnotempty(id), id, id1), subnetId=iff(isnotempty(subnetId), subnetId, subnetId1), hasRT, isVWANpeer | extend compliant = (hasRT==true or isVWANpeer==true) | distinct id, subnetId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query21\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable Azure Firewall DNS proxy configuration. Check [this link](https://learn.microsoft.com/azure/firewall/dns-details) for further information.. [This training](https://learn.microsoft.com/training/courses/az-700t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext23\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/firewallPolicies' | where array_length(properties.firewalls) > 0 | extend compliant = (properties.dnsSettings.enableProxy =~ 'true') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query23\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Azure Firewall across multiple availability zones. Azure Firewall offers different SLAs depending on its deployment; in a single availability zone or across multiple, potentially improving reliability and performance. Check [this link](https://learn.microsoft.com/azure/firewall/deploy-availability-zone-powershell) for further information.. [This training](https://learn.microsoft.com/training/courses/az-104t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext24\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/azurefirewalls' | where array_length(zones) <= 1 or isnull(zones) | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | project name, id, tags, param1='multipleZones:false' | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query24\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure DDoS Protection on the Azure Firewall VNet, Associate a DDoS protection plan with the virtual network hosting Azure Firewall to provide enhanced mitigation against DDoS attacks. Azure Firewall Manager integrates the creation of firewall infrastructure and DDoS protection plans. Check [this link](https://learn.microsoft.com/en-gb/azure/ddos-protection/ddos-protection-overview) for further information.\"\n },\n \"name\": \"querytext25\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query25\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab4\"\n },\n \"name\": \"tab4\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Segmentation\"\n },\n \"name\": \"tab5title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use a /26 prefix for your Azure Firewall subnets. Check [this link](https://learn.microsoft.com/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext22\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query22\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use at least a /27 prefix for your Gateway subnets. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway) for further information.\"\n },\n \"name\": \"querytext27\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query27\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't rely on the NSG inbound default rules using the VirtualNetwork service tag to limit connectivity. Check [this link](https://learn.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) for further information.\"\n },\n \"name\": \"querytext28\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query28\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use NSGs to help protect traffic across subnets, as well as east/west traffic across the platform (traffic between landing zones). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-landing-zone-network-segmentation) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext29\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query29\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable VNet Flow Logs and feed them into Traffic Analytics to gain insights into internal and external traffic flows. Check [this link](https://learn.microsoft.com/azure/network-watcher/vnet-flow-logs-overview) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext30\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query30\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not implement more than 900 NSG rules per NSG, due to the limit of 1000 rules. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits) for further information.. [This training](https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works) can help to educate yourself on this.\"\n },\n \"name\": \"querytext31\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query31\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab5\"\n },\n \"name\": \"tab5\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Hub and spoke\"\n },\n \"name\": \"tab6title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If using Route Server, use a /27 prefix for the Route Server subnet. Check [this link](https://learn.microsoft.com/azure/route-server/quickstart-configure-route-server-portal#create-a-route-server-1) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-route-server/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you have more than 400 spoke networks in a region, deploy an additional hub to bypass VNet peering limits (500) and the maximum number of prefixes that can be advertised via ExpressRoute (1000). Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Limit the number of routes per route table to 400. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use the setting 'Allow traffic to remote virtual network' when configuring VNet peerings. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-manage-peering) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard Load Balancer SKU with a zone-redundant deployment, Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure load balancer backend pool(s) contains at least two instances, Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab6\"\n },\n \"name\": \"tab6\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## PaaS\"\n },\n \"name\": \"tab7title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't enable virtual network service endpoints by default on all subnets. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-service-endpoints-overview) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn) can help to educate yourself on this.\"\n },\n \"name\": \"querytext26\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query26\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab7\"\n },\n \"name\": \"tab7\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}", + "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Landing Zone Review - Network\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"100\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"77c3e7f8-6b1c-4f16-b69d-554d1ed51a95\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"PaaS\",\n \"subTarget\": \"tab0\",\n \"preText\": \"PaaS\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"b1116a41-4662-4acf-8351-9509bd896a91\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"IP plan\",\n \"subTarget\": \"tab1\",\n \"preText\": \"IP plan\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"568ccb8d-ed0d-4227-9545-8f58637f239d\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Segmentation\",\n \"subTarget\": \"tab2\",\n \"preText\": \"Segmentation\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"ddb5ab79-4279-445a-8072-e350a40e7d06\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Hybrid\",\n \"subTarget\": \"tab3\",\n \"preText\": \"Hybrid\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"fb2d9103-4276-4a8a-9f49-e6f2582e24d6\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Internet\",\n \"subTarget\": \"tab4\",\n \"preText\": \"Internet\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"51617834-5f72-481c-b6be-d6982752a54a\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Hub and spoke\",\n \"subTarget\": \"tab5\",\n \"preText\": \"Hub and spoke\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"c6064a80-c1e2-4219-b275-c7b4d50010c1\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Virtual WAN\",\n \"subTarget\": \"tab6\",\n \"preText\": \"Virtual WAN\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"8c886ba8-108d-41fd-8113-3ce4d04fa1b5\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Firewall\",\n \"subTarget\": \"tab7\",\n \"preText\": \"Firewall\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## PaaS\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't enable virtual network service endpoints by default on all subnets. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-service-endpoints-overview) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn) can help to educate yourself on this.\"\n },\n \"name\": \"querytext26\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query26\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## IP plan\"\n },\n \"name\": \"tab1title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use IP addresses from the address allocation ranges for private internets (RFC 1918). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\\\.|172\\\\.(1[6-9]|2[0-9]|3[01])\\\\.|192\\\\.168\\\\.)') | project id, compliant, cidr | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that IP address space isn't wasted, don't create unnecessarily large virtual networks (for example /16). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard SKU and Zone-Redundant IPs when applicable, Public IP addresses in Azure can be of standard SKU, available as non-zonal, zonal, or zone-redundant. Zone-redundant IPs are accessible across all zones, resisting any single zone failure, thereby providing higher resilience. Check [this link](https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone) for further information.. [This training](https://learn.microsoft.com/en-gb/training/modules/configure-virtual-networks/6-create-public-ip-addressing) can help to educate yourself on this.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab1\"\n },\n \"name\": \"tab1\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Segmentation\"\n },\n \"name\": \"tab2title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use a /26 prefix for your Azure Firewall subnets. Check [this link](https://learn.microsoft.com/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext22\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query22\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use at least a /27 prefix for your Gateway subnets. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway) for further information.\"\n },\n \"name\": \"querytext27\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query27\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't rely on the NSG inbound default rules using the VirtualNetwork service tag to limit connectivity. Check [this link](https://learn.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) for further information.\"\n },\n \"name\": \"querytext28\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query28\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use NSGs to help protect traffic across subnets, as well as east/west traffic across the platform (traffic between landing zones). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-landing-zone-network-segmentation) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext29\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query29\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable VNet Flow Logs and feed them into Traffic Analytics to gain insights into internal and external traffic flows. Check [this link](https://learn.microsoft.com/azure/network-watcher/vnet-flow-logs-overview) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext30\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query30\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not implement more than 900 NSG rules per NSG, due to the limit of 1000 rules. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits) for further information.. [This training](https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works) can help to educate yourself on this.\"\n },\n \"name\": \"querytext31\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query31\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab2\"\n },\n \"name\": \"tab2\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Hybrid\"\n },\n \"name\": \"tab3title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Select the right SKU for the ExpressRoute/VPN gateways based on bandwidth and performance requirements. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways?source=recommendations#gwsku) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext10\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query10\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that you're using unlimited-data ExpressRoute circuits only if you reach the bandwidth that justifies their cost. Check [this link](https://learn.microsoft.com/azure/expressroute/plan-manage-cost) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext11\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query11\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Leverage the Local SKU of ExpressRoute to reduce the cost of your circuits, if your circuit peering location supports your Azure regions for the Local SKU. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-faqs#expressroute-local) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext12\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query12\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy a zone-redundant ExpressRoute gateway in the supported Azure regions. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext13\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query13\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use zone-redundant VPN gateways to connect branches or remote locations to Azure (where available). Check [this link](https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-vpn-gateway/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext14\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query14\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use ExpressRoute circuits from different peering locations for redundancy. Check [this link](https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext15\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query15\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you are using a route table in the GatewaySubnet, make sure that gateway routes are propagated. Check [this link](https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub) for further information.\"\n },\n \"name\": \"querytext16\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query16\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab3\"\n },\n \"name\": \"tab3\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Internet\"\n },\n \"name\": \"tab4title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Bastion in a subnet /26 or larger. Check [this link](https://learn.microsoft.com/azure/bastion/bastion-faq#subnet) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-bastion/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab4\"\n },\n \"name\": \"tab4\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Hub and spoke\"\n },\n \"name\": \"tab5title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If using Route Server, use a /27 prefix for the Route Server subnet. Check [this link](https://learn.microsoft.com/azure/route-server/quickstart-configure-route-server-portal#create-a-route-server-1) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-route-server/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you have more than 400 spoke networks in a region, deploy an additional hub to bypass VNet peering limits (500) and the maximum number of prefixes that can be advertised via ExpressRoute (1000). Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Limit the number of routes per route table to 400. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use the setting 'Allow traffic to remote virtual network' when configuring VNet peerings. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-manage-peering) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard Load Balancer SKU with a zone-redundant deployment, Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure load balancer backend pool(s) contains at least two instances, Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab5\"\n },\n \"name\": \"tab5\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Virtual WAN\"\n },\n \"name\": \"tab6title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For outbound Internet traffic protection and filtering, deploy Azure Firewall in secured hubs. Check [this link](https://learn.microsoft.com/azure/virtual-wan/howto-firewall) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext32\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query32\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not disable branch-to-branch traffic in Virtual WAN, unless these flows should be explicitly blocked. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#is-branch-to-branch-connectivity-allowed-in-virtual-wan) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext33\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query33\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use AS-Path as hub routing preference, since it is more flexible than ExpressRoute or VPN. Check [this link](https://learn.microsoft.com/azure/virtual-wan/about-virtual-hub-routing-preference) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext34\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query34\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Assign at least a /23 prefix to virtual hubs to ensure enough IP space is available. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#what-is-the-recommended-hub-address-space-during-hub-creation) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext35\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query35\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab6\"\n },\n \"name\": \"tab6\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Firewall\"\n },\n \"name\": \"tab7title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use application rules to filter outbound traffic on destination host name for supported protocols. Use FQDN-based network rules and Azure Firewall with DNS proxy to filter egress traffic to the Internet over other protocols. Check [this link](https://learn.microsoft.com/azure/firewall/fqdn-filtering-network-rules) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext17\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.dnsSettings.enableProxy == true) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query17\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Firewall Premium to enable additional security features. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext18\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.sku.tier == 'Premium') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query18\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall Threat Intelligence mode to Alert and Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps-signature-rules) for further information.\"\n },\n \"name\": \"querytext19\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.threatIntelMode == 'Deny') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query19\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall IDPS mode to Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext20\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.intrusionDetection.mode == 'Deny') | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query20\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For subnets in VNets not connected to Virtual WAN, attach a route table so that Internet traffic is redirected to Azure Firewall or a Network Virtual Appliance. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-networks-udr-overview) for further information.\"\n },\n \"name\": \"querytext21\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,name,subnetId=tostring(subnets.id), subnetName=tostring(subnets.name),subnetRT=subnets.properties.routeTable.id | where not (subnetName in ('GatewaySubnet', 'AzureFirewallSubnet', 'RouteServerSubnet', 'AzureBastionSubnet')) | extend hasRT = isnotnull(subnetRT) | distinct id, hasRT, subnetId | join kind=fullouter (resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | extend isVWAN=(tolower(split(properties_virtualNetworkPeerings.name, '_')[0]) == 'remotevnettohubpeering') | mv-expand properties.subnets | project id, isVWAN, name, subnetId=tostring(properties_subnets.id), subnetName=tostring(properties_subnets.name) | summarize PeeredToVWAN=max(isVWAN) by id, subnetId | project id, subnetId, isVWANpeer = (PeeredToVWAN == true)) on subnetId | project id=iff(isnotempty(id), id, id1), subnetId=iff(isnotempty(subnetId), subnetId, subnetId1), hasRT, isVWANpeer | extend compliant = (hasRT==true or isVWANpeer==true) | distinct id, subnetId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query21\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable Azure Firewall DNS proxy configuration. Check [this link](https://learn.microsoft.com/azure/firewall/dns-details) for further information.. [This training](https://learn.microsoft.com/training/courses/az-700t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext23\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/firewallPolicies' | where array_length(properties.firewalls) > 0 | extend compliant = (properties.dnsSettings.enableProxy =~ 'true') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query23\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Azure Firewall across multiple availability zones. Azure Firewall offers different SLAs depending on its deployment; in a single availability zone or across multiple, potentially improving reliability and performance. Check [this link](https://learn.microsoft.com/azure/firewall/deploy-availability-zone-powershell) for further information.. [This training](https://learn.microsoft.com/training/courses/az-104t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext24\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/azurefirewalls' | where array_length(zones) <= 1 or isnull(zones) | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | project name, id, tags, param1='multipleZones:false' | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query24\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure DDoS Protection on the Azure Firewall VNet, Associate a DDoS protection plan with the virtual network hosting Azure Firewall to provide enhanced mitigation against DDoS attacks. Azure Firewall Manager integrates the creation of firewall infrastructure and DDoS protection plans. Check [this link](https://learn.microsoft.com/en-gb/azure/ddos-protection/ddos-protection-overview) for further information.\"\n },\n \"name\": \"querytext25\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query25\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab7\"\n },\n \"name\": \"tab7\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}", "version": "1.0", "sourceId": "[parameters('workbookSourceId')]", "category": "[parameters('workbookType')]" diff --git a/workbooks/alz_checklist.en_workbook.json b/workbooks/alz_checklist.en_workbook.json index 9c87910b..13167bc9 100644 --- a/workbooks/alz_checklist.en_workbook.json +++ b/workbooks/alz_checklist.en_workbook.json @@ -70,7 +70,7 @@ "style": "tabs", "links": [ { - "id": "97d44c5e-e35f-43b5-a299-1126fa2b1761", + "id": "def61a9f-9322-47fd-89a9-67509be68c87", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "Identity and Access Management", @@ -79,7 +79,7 @@ "style": "primary" }, { - "id": "409ba52a-01d1-4ca7-837d-8eb8e0d8c305", + "id": "d2064f8e-f3c3-4edb-9210-23ee751c0243", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "Network Topology and Connectivity", @@ -88,7 +88,7 @@ "style": "primary" }, { - "id": "a752d576-eedb-4b62-8542-82c61c0339b8", + "id": "fe9a4d8a-c915-4a4c-bf08-16e9c46f2c07", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "Security", @@ -97,7 +97,7 @@ "style": "primary" }, { - "id": "66ef8438-7865-4a89-8386-0984c4f5f87c", + "id": "a7d508c5-d548-4ae8-ac59-a38bd0e20f62", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "Management", @@ -106,7 +106,7 @@ "style": "primary" }, { - "id": "01b6790a-dcb3-4d8f-9981-607b3ed143bc", + "id": "d5405473-b4d6-4dfc-aa37-3b5f7d89a921", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "Resource Organization", diff --git a/workbooks/alz_checklist.en_workbook_template.json b/workbooks/alz_checklist.en_workbook_template.json index 2ddcffcd..e5f36944 100644 --- a/workbooks/alz_checklist.en_workbook_template.json +++ b/workbooks/alz_checklist.en_workbook_template.json @@ -41,7 +41,7 @@ "dependsOn": [], "properties": { "displayName": "[parameters('workbookDisplayName')]", - "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Landing Zone Review\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"100\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"97d44c5e-e35f-43b5-a299-1126fa2b1761\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Identity and Access Management\",\n \"subTarget\": \"tab0\",\n \"preText\": \"Identity and Access Management\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"409ba52a-01d1-4ca7-837d-8eb8e0d8c305\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Network Topology and Connectivity\",\n \"subTarget\": \"tab1\",\n \"preText\": \"Network Topology and Connectivity\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"a752d576-eedb-4b62-8542-82c61c0339b8\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Security\",\n \"subTarget\": \"tab2\",\n \"preText\": \"Security\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"66ef8438-7865-4a89-8386-0984c4f5f87c\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Management\",\n \"subTarget\": \"tab3\",\n \"preText\": \"Management\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"01b6790a-dcb3-4d8f-9981-607b3ed143bc\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Resource Organization\",\n \"subTarget\": \"tab4\",\n \"preText\": \"Resource Organization\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Identity and Access Management\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"When using Microsoft Entra Domain Services use replica sets. Replica sets will improve the resiliency of your managed domain and allow you to deploy to additional regions. Check [this link](https://learn.microsoft.com/entra/identity/domain-services/overview) for further information.. [This training](https://learn.microsoft.com/training/modules/understand-azure-active-directory/6-examine-azure-domain-services) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.aad/domainservices' | extend replicaSets = properties.replicaSets | where array_length(replicaSets) < 2 | project name=name, id=id, tags=tags, param1=strcat('replicaSetLocation:', replicaSets[0].location) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Network Topology and Connectivity\"\n },\n \"name\": \"tab1title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If using Route Server, use a /27 prefix for the Route Server subnet. Check [this link](https://learn.microsoft.com/azure/route-server/quickstart-configure-route-server-portal#create-a-route-server-1) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-route-server/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you have more than 400 spoke networks in a region, deploy an additional hub to bypass VNet peering limits (500) and the maximum number of prefixes that can be advertised via ExpressRoute (1000). Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Limit the number of routes per route table to 400. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use the setting 'Allow traffic to remote virtual network' when configuring VNet peerings. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-manage-peering) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard Load Balancer SKU with a zone-redundant deployment, Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure load balancer backend pool(s) contains at least two instances, Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use IP addresses from the address allocation ranges for private internets (RFC 1918). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext10\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\\\.|172\\\\.(1[6-9]|2[0-9]|3[01])\\\\.|192\\\\.168\\\\.)') | project id, compliant, cidr | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query10\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that IP address space isn't wasted, don't create unnecessarily large virtual networks (for example /16). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext11\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query11\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard SKU and Zone-Redundant IPs when applicable, Public IP addresses in Azure can be of standard SKU, available as non-zonal, zonal, or zone-redundant. Zone-redundant IPs are accessible across all zones, resisting any single zone failure, thereby providing higher resilience. Check [this link](https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone) for further information.. [This training](https://learn.microsoft.com/en-gb/training/modules/configure-virtual-networks/6-create-public-ip-addressing) can help to educate yourself on this.\"\n },\n \"name\": \"querytext12\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query12\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Bastion in a subnet /26 or larger. Check [this link](https://learn.microsoft.com/azure/bastion/bastion-faq#subnet) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-bastion/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext13\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query13\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Select the right SKU for the ExpressRoute/VPN gateways based on bandwidth and performance requirements. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways?source=recommendations#gwsku) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext14\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query14\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that you're using unlimited-data ExpressRoute circuits only if you reach the bandwidth that justifies their cost. Check [this link](https://learn.microsoft.com/azure/expressroute/plan-manage-cost) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext15\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query15\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Leverage the Local SKU of ExpressRoute to reduce the cost of your circuits, if your circuit peering location supports your Azure regions for the Local SKU. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-faqs#expressroute-local) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext16\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query16\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy a zone-redundant ExpressRoute gateway in the supported Azure regions. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext17\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query17\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use zone-redundant VPN gateways to connect branches or remote locations to Azure (where available). Check [this link](https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-vpn-gateway/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext18\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query18\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use ExpressRoute circuits from different peering locations for redundancy. Check [this link](https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext19\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query19\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you are using a route table in the GatewaySubnet, make sure that gateway routes are propagated. Check [this link](https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub) for further information.\"\n },\n \"name\": \"querytext20\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query20\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use application rules to filter outbound traffic on destination host name for supported protocols. Use FQDN-based network rules and Azure Firewall with DNS proxy to filter egress traffic to the Internet over other protocols. Check [this link](https://learn.microsoft.com/azure/firewall/fqdn-filtering-network-rules) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext21\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.dnsSettings.enableProxy == true) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query21\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Firewall Premium to enable additional security features. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext22\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.sku.tier == 'Premium') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query22\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall Threat Intelligence mode to Alert and Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps-signature-rules) for further information.\"\n },\n \"name\": \"querytext23\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.threatIntelMode == 'Deny') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query23\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall IDPS mode to Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext24\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.intrusionDetection.mode == 'Deny') | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query24\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For subnets in VNets not connected to Virtual WAN, attach a route table so that Internet traffic is redirected to Azure Firewall or a Network Virtual Appliance. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-networks-udr-overview) for further information.\"\n },\n \"name\": \"querytext25\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,name,subnetId=tostring(subnets.id), subnetName=tostring(subnets.name),subnetRT=subnets.properties.routeTable.id | where not (subnetName in ('GatewaySubnet', 'AzureFirewallSubnet', 'RouteServerSubnet', 'AzureBastionSubnet')) | extend hasRT = isnotnull(subnetRT) | distinct id, hasRT, subnetId | join kind=fullouter (resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | extend isVWAN=(tolower(split(properties_virtualNetworkPeerings.name, '_')[0]) == 'remotevnettohubpeering') | mv-expand properties.subnets | project id, isVWAN, name, subnetId=tostring(properties_subnets.id), subnetName=tostring(properties_subnets.name) | summarize PeeredToVWAN=max(isVWAN) by id, subnetId | project id, subnetId, isVWANpeer = (PeeredToVWAN == true)) on subnetId | project id=iff(isnotempty(id), id, id1), subnetId=iff(isnotempty(subnetId), subnetId, subnetId1), hasRT, isVWANpeer | extend compliant = (hasRT==true or isVWANpeer==true) | distinct id, subnetId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query25\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use a /26 prefix for your Azure Firewall subnets. Check [this link](https://learn.microsoft.com/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext26\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query26\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable Azure Firewall DNS proxy configuration. Check [this link](https://learn.microsoft.com/azure/firewall/dns-details) for further information.. [This training](https://learn.microsoft.com/training/courses/az-700t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext27\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/firewallPolicies' | where array_length(properties.firewalls) > 0 | extend compliant = (properties.dnsSettings.enableProxy =~ 'true') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query27\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Azure Firewall across multiple availability zones. Azure Firewall offers different SLAs depending on its deployment; in a single availability zone or across multiple, potentially improving reliability and performance. Check [this link](https://learn.microsoft.com/azure/firewall/deploy-availability-zone-powershell) for further information.. [This training](https://learn.microsoft.com/training/courses/az-104t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext28\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/azurefirewalls' | where array_length(zones) <= 1 or isnull(zones) | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | project name, id, tags, param1='multipleZones:false' | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query28\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure DDoS Protection on the Azure Firewall VNet, Associate a DDoS protection plan with the virtual network hosting Azure Firewall to provide enhanced mitigation against DDoS attacks. Azure Firewall Manager integrates the creation of firewall infrastructure and DDoS protection plans. Check [this link](https://learn.microsoft.com/en-gb/azure/ddos-protection/ddos-protection-overview) for further information.\"\n },\n \"name\": \"querytext29\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query29\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't enable virtual network service endpoints by default on all subnets. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-service-endpoints-overview) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn) can help to educate yourself on this.\"\n },\n \"name\": \"querytext30\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query30\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use at least a /27 prefix for your Gateway subnets. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway) for further information.\"\n },\n \"name\": \"querytext31\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query31\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't rely on the NSG inbound default rules using the VirtualNetwork service tag to limit connectivity. Check [this link](https://learn.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) for further information.\"\n },\n \"name\": \"querytext32\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query32\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use NSGs to help protect traffic across subnets, as well as east/west traffic across the platform (traffic between landing zones). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-landing-zone-network-segmentation) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext33\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query33\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable VNet Flow Logs and feed them into Traffic Analytics to gain insights into internal and external traffic flows. Check [this link](https://learn.microsoft.com/azure/network-watcher/vnet-flow-logs-overview) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext34\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query34\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not implement more than 900 NSG rules per NSG, due to the limit of 1000 rules. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits) for further information.. [This training](https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works) can help to educate yourself on this.\"\n },\n \"name\": \"querytext35\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query35\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For outbound Internet traffic protection and filtering, deploy Azure Firewall in secured hubs. Check [this link](https://learn.microsoft.com/azure/virtual-wan/howto-firewall) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext36\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query36\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not disable branch-to-branch traffic in Virtual WAN, unless these flows should be explicitly blocked. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#is-branch-to-branch-connectivity-allowed-in-virtual-wan) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext37\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query37\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use AS-Path as hub routing preference, since it is more flexible than ExpressRoute or VPN. Check [this link](https://learn.microsoft.com/azure/virtual-wan/about-virtual-hub-routing-preference) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext38\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query38\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Assign at least a /23 prefix to virtual hubs to ensure enough IP space is available. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#what-is-the-recommended-hub-address-space-during-hub-creation) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext39\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query39\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab1\"\n },\n \"name\": \"tab1\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Security\"\n },\n \"name\": \"tab2title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use different Azure Key Vaults for different applications, environments and regions to avoid transaction scale limits and restrict access to secrets. Check [this link](https://learn.microsoft.com/azure/key-vault/general/overview-throttling) for further information.. [This training](https://learn.microsoft.com/training/modules/configure-and-manage-azure-key-vault/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext41\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"ResourceContainers | where type=='microsoft.resources/subscriptions'| parse id with '/subscriptions/' SubscriptionID| project subscriptionId, SubscriptionName = name| join kind=leftouter (Resources| where type == 'microsoft.keyvault/vaults'| project id, name, subscriptionId) on subscriptionId| join kind= leftouter (Resources| where type == 'microsoft.keyvault/vaults'| summarize ResourceCount = count() by subscriptionId) on subscriptionId| extend RCount = iff(isnull(ResourceCount), 0, ResourceCount)| project-away ResourceCount| extend compliant = (RCount <> 1) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query41\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Centralized threat detection with correlated logs - consolidate security data in a central location where it can be correlated across various services via SIEM (security information and event management). Check [this link](https://learn.microsoft.com/en-us/azure/well-architected/security/monitor-threats#centralized-threat-detection-with-correlated-logs) for further information.\"\n },\n \"name\": \"querytext42\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.operationalinsights/workspaces'| extend wsid = properties.customerId| project workspaceResourceId = tolower(id), name, wsid| join (resources| where type == 'microsoft.operationsmanagement/solutions'| where name has 'SecurityInsights'| extend workspaceResourceId = tostring(tolower(properties.workspaceResourceId))| project workspaceResourceId | summarize ResourceCount = count() by workspaceResourceId) on workspaceResourceId| extend RCount = iff(isnull(ResourceCount), 0, ResourceCount)| project-away ResourceCount| extend compliant = (RCount <> 0) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query42\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab2\"\n },\n \"name\": \"tab2\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Management\"\n },\n \"name\": \"tab3title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that storage accounts are zone or region redundant, Redundancy ensures storage accounts meet availability and durability targets amidst failures, weighing lower costs against higher availability. Locally redundant storage offers the least durability at the lowest cost. Check [this link](https://learn.microsoft.com/en-gb/azure/storage/common/redundancy-migration?tabs=portal) for further information.. [This training](https://learn.microsoft.com/azure/storage/common/storage-redundancy) can help to educate yourself on this.\"\n },\n \"name\": \"querytext40\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"Resources | where type =~ 'Microsoft.Storage/storageAccounts' | where sku.name in~ ('Standard_LRS', 'Premium_LRS') | project name, id, tags, param1 = strcat('sku: ', sku.name) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query40\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab3\"\n },\n \"name\": \"tab3\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Resource Organization\"\n },\n \"name\": \"tab4title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enforce reasonably flat management group hierarchy with no more than four levels. Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups) for further information.. [This training](https://learn.microsoft.com/learn/modules/azure-architecture-fundamentals/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resourcecontainers| where type == 'microsoft.resources/subscriptions'| extend ManagementGroup = tostring(tags),mgmtChain = properties.managementGroupAncestorsChain| extend compliant =( array_length(mgmtChain) <= 4 and array_length(mgmtChain) > 1) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enforce no subscriptions are placed under the root management group. Check [this link](https://learn.microsoft.com/azure/governance/management-groups/how-to/protect-resource-hierarchy#setting---default-management-group) for further information.. [This training](https://learn.microsoft.com/azure/governance/management-groups/overview) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resourcecontainers| where type == 'microsoft.resources/subscriptions'| extend ManagementGroup = tostring(tags),mgmtChain = properties.managementGroupAncestorsChain| extend compliant = (array_length(mgmtChain) > 1) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure tags are used for billing and cost management. Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/track-costs) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-resource-mgmt-security/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | extend compliant = isnotnull(['tags']) | project name, id, subscriptionId, resourceGroup, tags, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab4\"\n },\n \"name\": \"tab4\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}", + "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Landing Zone Review\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"100\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"def61a9f-9322-47fd-89a9-67509be68c87\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Identity and Access Management\",\n \"subTarget\": \"tab0\",\n \"preText\": \"Identity and Access Management\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"d2064f8e-f3c3-4edb-9210-23ee751c0243\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Network Topology and Connectivity\",\n \"subTarget\": \"tab1\",\n \"preText\": \"Network Topology and Connectivity\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"fe9a4d8a-c915-4a4c-bf08-16e9c46f2c07\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Security\",\n \"subTarget\": \"tab2\",\n \"preText\": \"Security\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"a7d508c5-d548-4ae8-ac59-a38bd0e20f62\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Management\",\n \"subTarget\": \"tab3\",\n \"preText\": \"Management\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"d5405473-b4d6-4dfc-aa37-3b5f7d89a921\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Resource Organization\",\n \"subTarget\": \"tab4\",\n \"preText\": \"Resource Organization\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Identity and Access Management\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"When using Microsoft Entra Domain Services use replica sets. Replica sets will improve the resiliency of your managed domain and allow you to deploy to additional regions. Check [this link](https://learn.microsoft.com/entra/identity/domain-services/overview) for further information.. [This training](https://learn.microsoft.com/training/modules/understand-azure-active-directory/6-examine-azure-domain-services) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.aad/domainservices' | extend replicaSets = properties.replicaSets | where array_length(replicaSets) < 2 | project name=name, id=id, tags=tags, param1=strcat('replicaSetLocation:', replicaSets[0].location) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Network Topology and Connectivity\"\n },\n \"name\": \"tab1title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If using Route Server, use a /27 prefix for the Route Server subnet. Check [this link](https://learn.microsoft.com/azure/route-server/quickstart-configure-route-server-portal#create-a-route-server-1) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-route-server/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'RouteServerSubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you have more than 400 spoke networks in a region, deploy an additional hub to bypass VNet peering limits (500) and the maximum number of prefixes that can be advertised via ExpressRoute (1000). Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | summarize peeringcount = count() by id | extend compliant = (peeringcount < 450) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Limit the number of routes per route table to 400. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits?toc=/azure/virtual-network/toc.json#azure-resource-manager-virtual-networking-limits) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/routetables' | mvexpand properties.routes | summarize routeCount = count() by id | extend compliant = (routeCount < 360) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use the setting 'Allow traffic to remote virtual network' when configuring VNet peerings. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-manage-peering) for further information.. [This training](https://learn.microsoft.com/training/modules/hub-and-spoke-network-architecture/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | project id, peeringName=properties_virtualNetworkPeerings.name, compliant = (properties_virtualNetworkPeerings.properties.allowVirtualNetworkAccess == True) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard Load Balancer SKU with a zone-redundant deployment, Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PrivateSubnetId = toupper(feIPconfigs.properties.subnet.id), PrivateIPZones = feIPconfigs.zones, PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PrivateSubnetId) | where isnull(PrivateIPZones) or array_length(PrivateIPZones) < 2 | project name, feConfigName, id | union (resources | where type == 'microsoft.network/loadbalancers' | where tolower(sku.name) != 'basic' | mv-expand feIPconfigs = properties.frontendIPConfigurations | extend feConfigName = (feIPconfigs.name), PIPid = toupper(feIPconfigs.properties.publicIPAddress.id), JoinID = toupper(id) | where isnotempty(PIPid) | join kind=innerunique ( resources | where type == 'microsoft.network/publicipaddresses' | where isnull(zones) or array_length(zones) < 2 | extend LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))), InnerID = toupper(id) ) on $left.PIPid == $right.InnerID) | project name, id, tags, param1='Zones: No Zone or Zonal', param2=strcat('Frontend IP Configuration:', ' ', feConfigName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure load balancer backend pool(s) contains at least two instances, Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Check [this link](https://learn.microsoft.com/en-us/azure/reliability/reliability-load-balancer?tabs=graph#zone-redundant) for further information.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/loadBalancers' | extend bep = properties.backendAddressPools | extend BackEndPools = array_length(bep) | where BackEndPools == 0 | project name, id, Param1='backendPools', Param2=toint(0), tags | union (resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Standard' | extend bep = properties.backendAddressPools | extend BackEndPools = toint(array_length(bep)) | mv-expand bip = properties.backendAddressPools | extend BackendAddresses = array_length(bip.properties.loadBalancerBackendAddresses) | where toint(BackendAddresses) <= 1 | project name, id, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | union ( resources | where type =~ 'Microsoft.Network/loadBalancers' | where sku.name == 'Basic' | mv-expand properties.backendAddressPools | extend backendPoolId = properties_backendAddressPools.id | project id, name, tags, tostring(backendPoolId), Param1='BackEndPools' | join kind = leftouter ( resources | where type =~ 'Microsoft.Network/networkInterfaces' | mv-expand properties.ipConfigurations | mv-expand properties_ipConfigurations.properties.loadBalancerBackendAddressPools | extend backendPoolId = tostring(properties_ipConfigurations_properties_loadBalancerBackendAddressPools.id) | summarize poolMembers = count() by backendPoolId | project tostring(backendPoolId), poolMembers ) on backendPoolId | where toint(poolMembers) <= 1 | extend BackendAddresses = poolMembers | project id, name, tags, Param1='backendAddresses', Param2=toint(BackendAddresses)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use IP addresses from the address allocation ranges for private internets (RFC 1918). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext10\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | project name, id, location, resourceGroup, subscriptionId, cidr = addressPrefix | extend compliant = (cidr matches regex @'^(10\\\\.|172\\\\.(1[6-9]|2[0-9]|3[01])\\\\.|192\\\\.168\\\\.)') | project id, compliant, cidr | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query10\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that IP address space isn't wasted, don't create unnecessarily large virtual networks (for example /16). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing) for further information.. [This training](https://learn.microsoft.com/learn/paths/architect-network-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext11\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | extend addressSpace = todynamic(properties.addressSpace) | extend addressPrefix = todynamic(properties.addressSpace.addressPrefixes) | mvexpand addressSpace | mvexpand addressPrefix | extend addressMask = split(addressPrefix,'/')[1] | extend compliant = addressMask > 16 | project name, id, subscriptionId, resourceGroup, addressPrefix, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query11\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Standard SKU and Zone-Redundant IPs when applicable, Public IP addresses in Azure can be of standard SKU, available as non-zonal, zonal, or zone-redundant. Zone-redundant IPs are accessible across all zones, resisting any single zone failure, thereby providing higher resilience. Check [this link](https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone) for further information.. [This training](https://learn.microsoft.com/en-gb/training/modules/configure-virtual-networks/6-create-public-ip-addressing) can help to educate yourself on this.\"\n },\n \"name\": \"querytext12\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"Resources | where type =~ 'Microsoft.Network/publicIPAddresses' and sku.tier =~ 'Regional' | where isempty(zones) or array_length(zones) <= 1 | extend az = case(isempty(zones), 'Non-zonal', array_length(zones) <= 1, strcat('Zonal (', strcat_array(zones, ','), ')'), zones) | project name, id, tags, param1 = strcat('sku: ', sku.name), param2 = strcat('availabilityZone: ', az) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query12\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Bastion in a subnet /26 or larger. Check [this link](https://learn.microsoft.com/azure/bastion/bastion-faq#subnet) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-bastion/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext13\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureBastionSubnet' | extend compliant = (subnetPrefixLength <= 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query13\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Select the right SKU for the ExpressRoute/VPN gateways based on bandwidth and performance requirements. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways?source=recommendations#gwsku) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext14\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier !in ('Basic', 'Standard')| project name, id, subscriptionId, resourceGroup, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query14\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that you're using unlimited-data ExpressRoute circuits only if you reach the bandwidth that justifies their cost. Check [this link](https://learn.microsoft.com/azure/expressroute/plan-manage-cost) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext15\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/expressroutecircuits' | extend compliant = (tolower(sku.family) == 'metereddata' or tolower(sku.tier) == 'local') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query15\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Leverage the Local SKU of ExpressRoute to reduce the cost of your circuits, if your circuit peering location supports your Azure regions for the Local SKU. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-faqs#expressroute-local) for further information.. [This training](https://learn.microsoft.com/training/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext16\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project id, gwid=tostring(properties.virtualNetworkGateway1.id), circuitid=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitid=tostring(id), circuitsku=sku.tier) on circuitid | project id=gwid, compliant = (circuitsku == 'Local') | summarize compliant=max(compliant) by id | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query16\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy a zone-redundant ExpressRoute gateway in the supported Azure regions. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext17\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.network/virtualnetworkgateways'| where properties.gatewayType =~ 'vpn' or properties.gatewayType == 'ExpressRoute'| extend SKUName = properties.sku.name, SKUTier = properties.sku.tier, Type = properties.gatewayType| extend compliant = SKUTier contains 'AZ'| project name, id, subscriptionId, resourceGroup, Type, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query17\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use zone-redundant VPN gateways to connect branches or remote locations to Azure (where available). Check [this link](https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway) for further information.. [This training](https://learn.microsoft.com/training/modules/intro-to-azure-vpn-gateway/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext18\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworkgateways' | where properties.gatewayType == 'Vpn' | extend compliant = (tolower(properties.sku.name) contains 'az') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query18\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use ExpressRoute circuits from different peering locations for redundancy. Check [this link](https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-azure-expressroute/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext19\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/connections' | where properties.connectionType == 'ExpressRoute' | project cxId=id, gwId=tostring(properties.virtualNetworkGateway1.id), circuitId=tostring(properties.peer.id) | join (resources | where type=='microsoft.network/expressroutecircuits' | project circuitId=tostring(id), circuitLocation=tostring(properties.serviceProviderProperties.peeringLocation)) on circuitId | distinct gwId, circuitLocation | summarize countErLocations=count() by id=gwId | extend compliant = (countErLocations >= 2) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query19\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you are using a route table in the GatewaySubnet, make sure that gateway routes are propagated. Check [this link](https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub) for further information.\"\n },\n \"name\": \"querytext20\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,resourceGroup,name,subnetName=tostring(subnets.name),routeTableId=tostring(subnets.properties.routeTable.id) | where subnetName == 'GatewaySubnet' | join kind=leftouter (Resources | where type == 'microsoft.network/routetables' | project routeTableName=name,routeTableId=id, disableBgpRoutePropagation=properties.disableBgpRoutePropagation) on routeTableId | project id,compliant = (disableBgpRoutePropagation == False or isnull(disableBgpRoutePropagation)) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query20\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use application rules to filter outbound traffic on destination host name for supported protocols. Use FQDN-based network rules and Azure Firewall with DNS proxy to filter egress traffic to the Internet over other protocols. Check [this link](https://learn.microsoft.com/azure/firewall/fqdn-filtering-network-rules) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext21\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.dnsSettings.enableProxy == true) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query21\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure Firewall Premium to enable additional security features. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext22\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.sku.tier == 'Premium') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query22\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall Threat Intelligence mode to Alert and Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps-signature-rules) for further information.\"\n },\n \"name\": \"querytext23\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.threatIntelMode == 'Deny') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query23\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure Azure Firewall IDPS mode to Deny for additional protection. Check [this link](https://learn.microsoft.com/azure/firewall/premium-features#idps) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext24\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/firewallpolicies' | extend compliant = (properties.intrusionDetection.mode == 'Deny') | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query24\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For subnets in VNets not connected to Virtual WAN, attach a route table so that Internet traffic is redirected to Azure Firewall or a Network Virtual Appliance. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-networks-udr-overview) for further information.\"\n },\n \"name\": \"querytext25\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets=properties.subnets | mv-expand subnets | project id,name,subnetId=tostring(subnets.id), subnetName=tostring(subnets.name),subnetRT=subnets.properties.routeTable.id | where not (subnetName in ('GatewaySubnet', 'AzureFirewallSubnet', 'RouteServerSubnet', 'AzureBastionSubnet')) | extend hasRT = isnotnull(subnetRT) | distinct id, hasRT, subnetId | join kind=fullouter (resources | where type == 'microsoft.network/virtualnetworks' | mvexpand properties.virtualNetworkPeerings | extend isVWAN=(tolower(split(properties_virtualNetworkPeerings.name, '_')[0]) == 'remotevnettohubpeering') | mv-expand properties.subnets | project id, isVWAN, name, subnetId=tostring(properties_subnets.id), subnetName=tostring(properties_subnets.name) | summarize PeeredToVWAN=max(isVWAN) by id, subnetId | project id, subnetId, isVWANpeer = (PeeredToVWAN == true)) on subnetId | project id=iff(isnotempty(id), id, id1), subnetId=iff(isnotempty(subnetId), subnetId, subnetId1), hasRT, isVWANpeer | extend compliant = (hasRT==true or isVWANpeer==true) | distinct id, subnetId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query25\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use a /26 prefix for your Azure Firewall subnets. Check [this link](https://learn.microsoft.com/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-firewall/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext26\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'AzureFirewallSubnet' | extend compliant = (subnetPrefixLength == 26) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query26\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable Azure Firewall DNS proxy configuration. Check [this link](https://learn.microsoft.com/azure/firewall/dns-details) for further information.. [This training](https://learn.microsoft.com/training/courses/az-700t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext27\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/firewallPolicies' | where array_length(properties.firewalls) > 0 | extend compliant = (properties.dnsSettings.enableProxy =~ 'true') | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query27\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Azure Firewall across multiple availability zones. Azure Firewall offers different SLAs depending on its deployment; in a single availability zone or across multiple, potentially improving reliability and performance. Check [this link](https://learn.microsoft.com/azure/firewall/deploy-availability-zone-powershell) for further information.. [This training](https://learn.microsoft.com/training/courses/az-104t00/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext28\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/azurefirewalls' | where array_length(zones) <= 1 or isnull(zones) | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | project name, id, tags, param1='multipleZones:false' | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query28\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure DDoS Protection on the Azure Firewall VNet, Associate a DDoS protection plan with the virtual network hosting Azure Firewall to provide enhanced mitigation against DDoS attacks. Azure Firewall Manager integrates the creation of firewall infrastructure and DDoS protection plans. Check [this link](https://learn.microsoft.com/en-gb/azure/ddos-protection/ddos-protection-overview) for further information.\"\n },\n \"name\": \"querytext29\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/azureFirewalls' | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id) | mv-expand ipConfig = properties.ipConfigurations | project name, firewallId = id, tags, vNetName = split(ipConfig.properties.subnet.id, '/', 8)[0], vNetId = tolower(substring(ipConfig.properties.subnet.id, 0, indexof(ipConfig.properties.subnet.id, '/subnet'))) | join kind=fullouter ( resources | where type =~ 'Microsoft.Network/ddosProtectionPlans' | mv-expand vNet = properties.virtualNetworks | project ddosProtectionPlanId = id, vNetId = tolower(vNet.id) ) on vNetId | extend compliant = iif(isempty(ddosProtectionPlanId), false, true) | project name, compliant, id = firewallId, tags, network = strcat('vNet: ', vNetName) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query29\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't enable virtual network service endpoints by default on all subnets. Check [this link](https://learn.microsoft.com/azure/virtual-network/virtual-network-service-endpoints-overview) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/?source=learn) can help to educate yourself on this.\"\n },\n \"name\": \"querytext30\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualnetworks' | project id,resourceGroup,name,subnets = properties.subnets | mv-expand subnets | project id = subnets.id, resourceGroup, VNet = name, serviceEndpoints = subnets.properties.serviceEndpoints, compliant = (isnull(subnets.properties.serviceEndpoints) or array_length(subnets.properties.serviceEndpoints) == 0) | order by compliant asc | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query30\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use at least a /27 prefix for your Gateway subnets. Check [this link](https://learn.microsoft.com/azure/expressroute/expressroute-howto-add-gateway-resource-manager#add-a-gateway) for further information.\"\n },\n \"name\": \"querytext31\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | project id, subnetName = subnets.name, subnetPrefix = subnets.properties.addressPrefix | extend subnetPrefixLength = split(subnetPrefix, '/')[1] | where subnetName == 'GatewaySubnet' | extend compliant = (subnetPrefixLength <= 27) | distinct id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query31\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Don't rely on the NSG inbound default rules using the VirtualNetwork service tag to limit connectivity. Check [this link](https://learn.microsoft.com/azure/virtual-network/service-tags-overview#available-service-tags) for further information.\"\n },\n \"name\": \"querytext32\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/networksecuritygroups' | mvexpand properties.securityRules | project id,name,ruleAction=properties_securityRules.properties.access,rulePriority=properties_securityRules.properties.priority,ruleDst=properties_securityRules.properties.destinationAddressPrefix,ruleSrc=properties_securityRules.properties.sourceAddressPrefix,ruleProt=properties_securityRules.properties.protocol,ruleDirection=properties_securityRules.properties.direction,rulePort=properties_securityRules.properties.destinationPortRange | summarize StarDenies=countif(ruleAction=='Deny' and ruleDst=='*' and ruleSrc=='*' and ruleProt=='*' and rulePort=='*') by id,tostring(ruleDirection) | where ruleDirection == 'Inbound' | project id,compliant=(StarDenies>0) | union (resources | where type=='microsoft.network/networksecuritygroups' | where array_length(properties.securityRules)==0 | extend compliant=false | project id,compliant) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query32\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use NSGs to help protect traffic across subnets, as well as east/west traffic across the platform (traffic between landing zones). Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-landing-zone-network-segmentation) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-network-security/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext33\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/virtualnetworks' | mv-expand subnet = properties.subnets | where subnet.name !in~ ('GatewaySubnet', 'AzureFirewallSubnet', 'AzureFirewallManagementSubnet', 'RouteServerSubnet') | extend compliant = iff(isnotnull(subnet.properties.networkSecurityGroup.id), true, false) | project id, subnetName = subnet.name, vnetName = name, NSG = subnet.properties.networkSecurityGroup.id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query33\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable VNet Flow Logs and feed them into Traffic Analytics to gain insights into internal and external traffic flows. Check [this link](https://learn.microsoft.com/azure/network-watcher/vnet-flow-logs-overview) for further information.. [This training](https://learn.microsoft.com/learn/modules/design-implement-network-monitoring/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext34\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'Microsoft.Network/virtualnetworks' | project subscriptionId, lowerCaseVNetId = tolower(id) | join kind = leftouter ( resources | where type =~ 'microsoft.network/networkwatchers/flowlogs' and properties.enabled == true and properties.provisioningState =~ 'succeeded' | where properties.targetResourceId contains '/Microsoft.Network/virtualNetworks/' | project flowlogId = id, trafficAnalyticsEnabled = properties.flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled, lowerCaseTargetVNetId = tolower(properties.targetResourceId) ) on $left.lowerCaseVNetId == $right.lowerCaseTargetVNetId | extend compliant = iff(isnotempty(lowerCaseTargetVNetId), true, false) | project id = lowerCaseVNetId, flowlogId, trafficAnalyticsEnabled, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query34\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not implement more than 900 NSG rules per NSG, due to the limit of 1000 rules. Check [this link](https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits) for further information.. [This training](https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works) can help to educate yourself on this.\"\n },\n \"name\": \"querytext35\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/networksecuritygroups' | project id, rules = array_length(properties.securityRules) | project id, compliant = (rules < 900) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query35\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"For outbound Internet traffic protection and filtering, deploy Azure Firewall in secured hubs. Check [this link](https://learn.microsoft.com/azure/virtual-wan/howto-firewall) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-networking-infrastructure/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext36\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/virtualhubs' | extend compliant = isnotnull(properties.azureFirewall.id) | project id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query36\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Do not disable branch-to-branch traffic in Virtual WAN, unless these flows should be explicitly blocked. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#is-branch-to-branch-connectivity-allowed-in-virtual-wan) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext37\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type =~ 'microsoft.network/virtualwans' | extend compliant= (properties.allowBranchToBranchTraffic == 'true') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query37\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use AS-Path as hub routing preference, since it is more flexible than ExpressRoute or VPN. Check [this link](https://learn.microsoft.com/azure/virtual-wan/about-virtual-hub-routing-preference) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext38\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs'| extend compliant= (properties.hubRoutingPreference =~ 'ASPath') | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query38\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Assign at least a /23 prefix to virtual hubs to ensure enough IP space is available. Check [this link](https://learn.microsoft.com/azure/virtual-wan/virtual-wan-faq#what-is-the-recommended-hub-address-space-during-hub-creation) for further information.. [This training](https://learn.microsoft.com/training/modules/introduction-azure-virtual-wan/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext39\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/virtualhubs' | extend addressSpace = properties.addressPrefix | extend compliant= (toint(substring(addressSpace, indexof(addressSpace, '/') + 1)) < 23) | distinct name, id, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query39\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab1\"\n },\n \"name\": \"tab1\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Security\"\n },\n \"name\": \"tab2title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use different Azure Key Vaults for different applications, environments and regions to avoid transaction scale limits and restrict access to secrets. Check [this link](https://learn.microsoft.com/azure/key-vault/general/overview-throttling) for further information.. [This training](https://learn.microsoft.com/training/modules/configure-and-manage-azure-key-vault/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext41\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"ResourceContainers | where type=='microsoft.resources/subscriptions'| parse id with '/subscriptions/' SubscriptionID| project subscriptionId, SubscriptionName = name| join kind=leftouter (Resources| where type == 'microsoft.keyvault/vaults'| project id, name, subscriptionId) on subscriptionId| join kind= leftouter (Resources| where type == 'microsoft.keyvault/vaults'| summarize ResourceCount = count() by subscriptionId) on subscriptionId| extend RCount = iff(isnull(ResourceCount), 0, ResourceCount)| project-away ResourceCount| extend compliant = (RCount <> 1) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query41\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Centralized threat detection with correlated logs - consolidate security data in a central location where it can be correlated across various services via SIEM (security information and event management). Check [this link](https://learn.microsoft.com/en-us/azure/well-architected/security/monitor-threats#centralized-threat-detection-with-correlated-logs) for further information.\"\n },\n \"name\": \"querytext42\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources| where type == 'microsoft.operationalinsights/workspaces'| extend wsid = properties.customerId| project workspaceResourceId = tolower(id), name, wsid| join (resources| where type == 'microsoft.operationsmanagement/solutions'| where name has 'SecurityInsights'| extend workspaceResourceId = tostring(tolower(properties.workspaceResourceId))| project workspaceResourceId | summarize ResourceCount = count() by workspaceResourceId) on workspaceResourceId| extend RCount = iff(isnull(ResourceCount), 0, ResourceCount)| project-away ResourceCount| extend compliant = (RCount <> 0) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query42\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab2\"\n },\n \"name\": \"tab2\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Management\"\n },\n \"name\": \"tab3title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure that storage accounts are zone or region redundant, Redundancy ensures storage accounts meet availability and durability targets amidst failures, weighing lower costs against higher availability. Locally redundant storage offers the least durability at the lowest cost. Check [this link](https://learn.microsoft.com/en-gb/azure/storage/common/redundancy-migration?tabs=portal) for further information.. [This training](https://learn.microsoft.com/azure/storage/common/storage-redundancy) can help to educate yourself on this.\"\n },\n \"name\": \"querytext40\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"Resources | where type =~ 'Microsoft.Storage/storageAccounts' | where sku.name in~ ('Standard_LRS', 'Premium_LRS') | project name, id, tags, param1 = strcat('sku: ', sku.name) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query40\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab3\"\n },\n \"name\": \"tab3\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Resource Organization\"\n },\n \"name\": \"tab4title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enforce reasonably flat management group hierarchy with no more than four levels. Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups) for further information.. [This training](https://learn.microsoft.com/learn/modules/azure-architecture-fundamentals/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resourcecontainers| where type == 'microsoft.resources/subscriptions'| extend ManagementGroup = tostring(tags),mgmtChain = properties.managementGroupAncestorsChain| extend compliant =( array_length(mgmtChain) <= 4 and array_length(mgmtChain) > 1) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enforce no subscriptions are placed under the root management group. Check [this link](https://learn.microsoft.com/azure/governance/management-groups/how-to/protect-resource-hierarchy#setting---default-management-group) for further information.. [This training](https://learn.microsoft.com/azure/governance/management-groups/overview) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resourcecontainers| where type == 'microsoft.resources/subscriptions'| extend ManagementGroup = tostring(tags),mgmtChain = properties.managementGroupAncestorsChain| extend compliant = (array_length(mgmtChain) > 1) | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure tags are used for billing and cost management. Check [this link](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/track-costs) for further information.. [This training](https://learn.microsoft.com/learn/paths/implement-resource-mgmt-security/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | extend compliant = isnotnull(['tags']) | project name, id, subscriptionId, resourceGroup, tags, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab4\"\n },\n \"name\": \"tab4\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}", "version": "1.0", "sourceId": "[parameters('workbookSourceId')]", "category": "[parameters('workbookType')]" diff --git a/workbooks/appdelivery_checklist.en_network_counters_workbook.json b/workbooks/appdelivery_checklist.en_network_counters_workbook.json index c75bf0b7..06fc79f6 100644 --- a/workbooks/appdelivery_checklist.en_network_counters_workbook.json +++ b/workbooks/appdelivery_checklist.en_network_counters_workbook.json @@ -357,7 +357,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query1Stats:$.Success}+{Query5Stats:$.Success}" + "resultVal": "{Query0Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query9Stats:$.Success}" } } ] @@ -376,7 +376,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query1Stats:$.Total}+{Query5Stats:$.Total}" + "resultVal": "{Query0Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query9Stats:$.Total}" } } ] @@ -414,7 +414,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query0Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query9Stats:$.Success}" + "resultVal": "{Query1Stats:$.Success}+{Query5Stats:$.Success}" } } ] @@ -433,7 +433,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query0Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query9Stats:$.Total}" + "resultVal": "{Query1Stats:$.Total}+{Query5Stats:$.Total}" } } ] @@ -471,7 +471,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query1Stats:$.Total}+{Query5Stats:$.Total}+{Query0Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query9Stats:$.Total}" + "resultVal": "{Query0Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query9Stats:$.Total}+{Query1Stats:$.Total}+{Query5Stats:$.Total}" } } ] @@ -490,7 +490,7 @@ "criteriaContext": { "operator": "Default", "resultValType": "expression", - "resultVal": "{Query1Stats:$.Success}+{Query5Stats:$.Success}+{Query0Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query9Stats:$.Success}" + "resultVal": "{Query0Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query9Stats:$.Success}+{Query1Stats:$.Success}+{Query5Stats:$.Success}" } } ] @@ -564,173 +564,27 @@ "style": "tabs", "links": [ { - "id": "d9e7b38a-7839-46ff-a0f0-4585fd65ae5c", + "id": "f51b19b2-2524-40d5-8745-5e4a4b3a3327", "cellValue": "VisibleTab", "linkTarget": "parameter", - "linkLabel": "Load Balancer ({Tab0Success:value}/{Tab0Total:value})", + "linkLabel": "App Gateway ({Tab0Success:value}/{Tab0Total:value})", "subTarget": "tab0", - "preText": "Load Balancer", + "preText": "App Gateway", "style": "primary" }, { - "id": "cf99ec64-0ced-4876-b393-a8d10b93da58", + "id": "e51f88d2-57c9-48b1-b84d-3323672a177e", "cellValue": "VisibleTab", "linkTarget": "parameter", - "linkLabel": "App Gateway ({Tab1Success:value}/{Tab1Total:value})", + "linkLabel": "Load Balancer ({Tab1Success:value}/{Tab1Total:value})", "subTarget": "tab1", - "preText": "App Gateway", + "preText": "Load Balancer", "style": "primary" } ] }, "name": "Tabs" }, - { - "type": 12, - "content": { - "version": "NotebookGroup/1.0", - "groupType": "editable", - "items": [ - { - "type": 1, - "content": { - "json": "## Load Balancer" - }, - "name": "tab0title" - }, - { - "type": 1, - "content": { - "json": "Ensure you are using the Standard SKU for your Azure Load Balancers. Check [this link](https://learn.microsoft.com/azure/load-balancer/load-balancer-overview) for further information." - }, - "name": "querytext1" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard') | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query1" - }, - { - "type": 1, - "content": { - "json": "Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information." - }, - "name": "querytext5" - }, - { - "type": 3, - "content": { - "version": "KqlItem/1.0", - "query": "resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", - "size": 4, - "queryType": 1, - "resourceType": "microsoft.resourcegraph/resources", - "crossComponentResources": [ - "{Subscription}" - ], - "gridSettings": { - "formatters": [ - { - "columnMatch": "id", - "formatter": 0, - "numberFormat": { - "unit": 0, - "options": { - "style": "decimal" - } - } - }, - { - "columnMatch": "compliant", - "formatter": 18, - "formatOptions": { - "thresholdsOptions": "icons", - "thresholdsGrid": [ - { - "operator": "==", - "thresholdValue": "1", - "representation": "success", - "text": "Success" - }, - { - "operator": "==", - "thresholdValue": "0", - "representation": "failed", - "text": "Failed" - }, - { - "operator": "Default", - "thresholdValue": null, - "representation": "unknown", - "text": "Unknown" - } - ] - } - } - ] - } - }, - "name": "query5" - } - ] - }, - "conditionalVisibility": { - "parameterName": "VisibleTab", - "comparison": "isEqualTo", - "value": "tab0" - }, - "name": "tab0" - }, { "type": 12, "content": { @@ -742,7 +596,7 @@ "content": { "json": "## App Gateway" }, - "name": "tab1title" + "name": "tab0title" }, { "type": 1, @@ -1242,6 +1096,152 @@ } ] }, + "conditionalVisibility": { + "parameterName": "VisibleTab", + "comparison": "isEqualTo", + "value": "tab0" + }, + "name": "tab0" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "items": [ + { + "type": 1, + "content": { + "json": "## Load Balancer" + }, + "name": "tab1title" + }, + { + "type": 1, + "content": { + "json": "Ensure you are using the Standard SKU for your Azure Load Balancers. Check [this link](https://learn.microsoft.com/azure/load-balancer/load-balancer-overview) for further information." + }, + "name": "querytext1" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard') | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query1" + }, + { + "type": 1, + "content": { + "json": "Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information." + }, + "name": "querytext5" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed", + "size": 4, + "queryType": 1, + "resourceType": "microsoft.resourcegraph/resources", + "crossComponentResources": [ + "{Subscription}" + ], + "gridSettings": { + "formatters": [ + { + "columnMatch": "id", + "formatter": 0, + "numberFormat": { + "unit": 0, + "options": { + "style": "decimal" + } + } + }, + { + "columnMatch": "compliant", + "formatter": 18, + "formatOptions": { + "thresholdsOptions": "icons", + "thresholdsGrid": [ + { + "operator": "==", + "thresholdValue": "1", + "representation": "success", + "text": "Success" + }, + { + "operator": "==", + "thresholdValue": "0", + "representation": "failed", + "text": "Failed" + }, + { + "operator": "Default", + "thresholdValue": null, + "representation": "unknown", + "text": "Unknown" + } + ] + } + } + ] + } + }, + "name": "query5" + } + ] + }, "conditionalVisibility": { "parameterName": "VisibleTab", "comparison": "isEqualTo", diff --git a/workbooks/appdelivery_checklist.en_network_counters_workbook_template.json b/workbooks/appdelivery_checklist.en_network_counters_workbook_template.json index 8a7d4707..ab729e37 100644 --- a/workbooks/appdelivery_checklist.en_network_counters_workbook_template.json +++ b/workbooks/appdelivery_checklist.en_network_counters_workbook_template.json @@ -41,7 +41,7 @@ "dependsOn": [], "properties": { "displayName": "[parameters('workbookDisplayName')]", - "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"value::all\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query0Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard')| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query1Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query2Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query3Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query4Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query5Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | mv-expand properties.managedRules.managedRuleSets | project id, rulesettype = properties_managedRules_managedRuleSets.ruleSetType | extend compliant1 = (rulesettype == 'Microsoft_BotManagerRuleSet') | project id, compliant1 | summarize compliant = max(compliant1) by id| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query6Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | extend compliant = (properties['policySettings']['requestBodyCheck'] == 'true' and properties['policySettings']['state'] =~ 'Enabled') | distinct id, name, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query7Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | extend compliant = (properties['policySettings']['mode'] =~ 'Prevention')| where properties['policySettings']['mode'] =~ 'Prevention' | distinct id, name, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query8Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways'| extend compliant = (properties['backendHttpSettingsCollection'][0]['properties']['port'] =~ '443') |where properties['backendHttpSettingsCollection'][0]['properties']['port'] =~ '443'|distinct id,name,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query9Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query1Stats:$.Success}+{Query5Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query1Stats:$.Total}+{Query5Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab0Success}/{Tab0Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query9Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query9Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab1Success}/{Tab1Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookTotal\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query1Stats:$.Total}+{Query5Stats:$.Total}+{Query0Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query9Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookSuccess\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query1Stats:$.Success}+{Query5Stats:$.Success}+{Query0Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query9Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookPercent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{WorkbookSuccess}/{WorkbookTotal})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"InvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Application Delivery Networking - Network\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"50\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"WorkbookPercent\\\\\\\": \\\\\\\"{WorkbookPercent}\\\\\\\", \\\\\\\"SubTitle\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 4,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"WorkbookPercent\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"SubTitle\",\n \"formatter\": 1\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"ProgressTile\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"d9e7b38a-7839-46ff-a0f0-4585fd65ae5c\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Load Balancer ({Tab0Success:value}/{Tab0Total:value})\",\n \"subTarget\": \"tab0\",\n \"preText\": \"Load Balancer\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"cf99ec64-0ced-4876-b393-a8d10b93da58\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"App Gateway ({Tab1Success:value}/{Tab1Total:value})\",\n \"subTarget\": \"tab1\",\n \"preText\": \"App Gateway\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Load Balancer\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using the Standard SKU for your Azure Load Balancers. Check [this link](https://learn.microsoft.com/azure/load-balancer/load-balancer-overview) for further information.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard') | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## App Gateway\"\n },\n \"name\": \"tab1title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using Application Gateway v2 SKU. Check [this link](https://learn.microsoft.com/azure/application-gateway/overview-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Your Application Gateways v2 should be deployed in subnets with IP prefixes equal or larger than /24. Check [this link](https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure autoscaling with a minimum amount of instances of two. Check [this link](https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Application Gateway across Availability Zones. Check [this link](https://learn.microsoft.com/azure/reliability/migrate-app-gateway-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable the Azure Application Gateway WAF bot protection rule set. The bot rules detect good and bad bots. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/ag/bot-protection) for further information.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | mv-expand properties.managedRules.managedRuleSets | project id, rulesettype = properties_managedRules_managedRuleSets.ruleSetType | extend compliant1 = (rulesettype == 'Microsoft_BotManagerRuleSet') | project id, compliant1 | summarize compliant = max(compliant1) by id | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure if request body inspection feature is enabled in Azure Application Gateway WAF policy. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits#request-body-inspection) for further information.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | extend compliant = (properties['policySettings']['requestBodyCheck'] == 'true' and properties['policySettings']['state'] =~ 'Enabled') | distinct id, name, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy your WAF policy for Application Gateway in 'Prevention' mode. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/ag/policy-overview?source=recommendations) for further information.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | extend compliant = (properties['policySettings']['mode'] =~ 'Prevention')| where properties['policySettings']['mode'] =~ 'Prevention' | distinct id, name, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"You should encrypt traffic to the backend servers. Check [this link](https://learn.microsoft.com/azure/application-gateway/ssl-overview) for further information.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways'| extend compliant = (properties['backendHttpSettingsCollection'][0]['properties']['port'] =~ '443') |where properties['backendHttpSettingsCollection'][0]['properties']['port'] =~ '443'|distinct id,name,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab1\"\n },\n \"name\": \"tab1\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}", + "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"value::all\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query0Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard')| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query1Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query2Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query3Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query4Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query5Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | mv-expand properties.managedRules.managedRuleSets | project id, rulesettype = properties_managedRules_managedRuleSets.ruleSetType | extend compliant1 = (rulesettype == 'Microsoft_BotManagerRuleSet') | project id, compliant1 | summarize compliant = max(compliant1) by id| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query6Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | extend compliant = (properties['policySettings']['requestBodyCheck'] == 'true' and properties['policySettings']['state'] =~ 'Enabled') | distinct id, name, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query7Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | extend compliant = (properties['policySettings']['mode'] =~ 'Prevention')| where properties['policySettings']['mode'] =~ 'Prevention' | distinct id, name, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query8Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways'| extend compliant = (properties['backendHttpSettingsCollection'][0]['properties']['port'] =~ '443') |where properties['backendHttpSettingsCollection'][0]['properties']['port'] =~ '443'|distinct id,name,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query9Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query9Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query9Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab0Success}/{Tab0Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query1Stats:$.Success}+{Query5Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query1Stats:$.Total}+{Query5Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab1Success}/{Tab1Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookTotal\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query9Stats:$.Total}+{Query1Stats:$.Total}+{Query5Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookSuccess\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query9Stats:$.Success}+{Query1Stats:$.Success}+{Query5Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookPercent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{WorkbookSuccess}/{WorkbookTotal})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"InvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Application Delivery Networking - Network\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"50\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"WorkbookPercent\\\\\\\": \\\\\\\"{WorkbookPercent}\\\\\\\", \\\\\\\"SubTitle\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 4,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"WorkbookPercent\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"SubTitle\",\n \"formatter\": 1\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"ProgressTile\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"f51b19b2-2524-40d5-8745-5e4a4b3a3327\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"App Gateway ({Tab0Success:value}/{Tab0Total:value})\",\n \"subTarget\": \"tab0\",\n \"preText\": \"App Gateway\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"e51f88d2-57c9-48b1-b84d-3323672a177e\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Load Balancer ({Tab1Success:value}/{Tab1Total:value})\",\n \"subTarget\": \"tab1\",\n \"preText\": \"Load Balancer\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## App Gateway\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using Application Gateway v2 SKU. Check [this link](https://learn.microsoft.com/azure/application-gateway/overview-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Your Application Gateways v2 should be deployed in subnets with IP prefixes equal or larger than /24. Check [this link](https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure autoscaling with a minimum amount of instances of two. Check [this link](https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Application Gateway across Availability Zones. Check [this link](https://learn.microsoft.com/azure/reliability/migrate-app-gateway-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable the Azure Application Gateway WAF bot protection rule set. The bot rules detect good and bad bots. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/ag/bot-protection) for further information.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | mv-expand properties.managedRules.managedRuleSets | project id, rulesettype = properties_managedRules_managedRuleSets.ruleSetType | extend compliant1 = (rulesettype == 'Microsoft_BotManagerRuleSet') | project id, compliant1 | summarize compliant = max(compliant1) by id | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure if request body inspection feature is enabled in Azure Application Gateway WAF policy. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits#request-body-inspection) for further information.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | extend compliant = (properties['policySettings']['requestBodyCheck'] == 'true' and properties['policySettings']['state'] =~ 'Enabled') | distinct id, name, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy your WAF policy for Application Gateway in 'Prevention' mode. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/ag/policy-overview?source=recommendations) for further information.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | extend compliant = (properties['policySettings']['mode'] =~ 'Prevention')| where properties['policySettings']['mode'] =~ 'Prevention' | distinct id, name, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"You should encrypt traffic to the backend servers. Check [this link](https://learn.microsoft.com/azure/application-gateway/ssl-overview) for further information.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways'| extend compliant = (properties['backendHttpSettingsCollection'][0]['properties']['port'] =~ '443') |where properties['backendHttpSettingsCollection'][0]['properties']['port'] =~ '443'|distinct id,name,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Load Balancer\"\n },\n \"name\": \"tab1title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using the Standard SKU for your Azure Load Balancers. Check [this link](https://learn.microsoft.com/azure/load-balancer/load-balancer-overview) for further information.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard') | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab1\"\n },\n \"name\": \"tab1\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}", "version": "1.0", "sourceId": "[parameters('workbookSourceId')]", "category": "[parameters('workbookType')]" diff --git a/workbooks/appdelivery_checklist.en_network_workbook.json b/workbooks/appdelivery_checklist.en_network_workbook.json index a2b0a2cd..e6ec5591 100644 --- a/workbooks/appdelivery_checklist.en_network_workbook.json +++ b/workbooks/appdelivery_checklist.en_network_workbook.json @@ -70,7 +70,7 @@ "style": "tabs", "links": [ { - "id": "fd9a7a0c-2882-4143-84d7-01db9a685790", + "id": "3dec8596-fd2c-49a1-aa15-90f76aebf56b", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "Load Balancer", @@ -79,7 +79,7 @@ "style": "primary" }, { - "id": "a1c80675-c51c-4ae2-8123-57d9e6432e11", + "id": "f5aec263-a6d7-4611-ba53-be934ec8328b", "cellValue": "VisibleTab", "linkTarget": "parameter", "linkLabel": "App Gateway", diff --git a/workbooks/appdelivery_checklist.en_network_workbook_template.json b/workbooks/appdelivery_checklist.en_network_workbook_template.json index d39e8f9d..9d4880c1 100644 --- a/workbooks/appdelivery_checklist.en_network_workbook_template.json +++ b/workbooks/appdelivery_checklist.en_network_workbook_template.json @@ -41,7 +41,7 @@ "dependsOn": [], "properties": { "displayName": "[parameters('workbookDisplayName')]", - "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Application Delivery Networking - Network\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"100\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"fd9a7a0c-2882-4143-84d7-01db9a685790\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Load Balancer\",\n \"subTarget\": \"tab0\",\n \"preText\": \"Load Balancer\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"a1c80675-c51c-4ae2-8123-57d9e6432e11\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"App Gateway\",\n \"subTarget\": \"tab1\",\n \"preText\": \"App Gateway\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Load Balancer\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using the Standard SKU for your Azure Load Balancers. Check [this link](https://learn.microsoft.com/azure/load-balancer/load-balancer-overview) for further information.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard') | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## App Gateway\"\n },\n \"name\": \"tab1title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using Application Gateway v2 SKU. Check [this link](https://learn.microsoft.com/azure/application-gateway/overview-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Your Application Gateways v2 should be deployed in subnets with IP prefixes equal or larger than /24. Check [this link](https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure autoscaling with a minimum amount of instances of two. Check [this link](https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Application Gateway across Availability Zones. Check [this link](https://learn.microsoft.com/azure/reliability/migrate-app-gateway-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable the Azure Application Gateway WAF bot protection rule set. The bot rules detect good and bad bots. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/ag/bot-protection) for further information.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | mv-expand properties.managedRules.managedRuleSets | project id, rulesettype = properties_managedRules_managedRuleSets.ruleSetType | extend compliant1 = (rulesettype == 'Microsoft_BotManagerRuleSet') | project id, compliant1 | summarize compliant = max(compliant1) by id | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure if request body inspection feature is enabled in Azure Application Gateway WAF policy. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits#request-body-inspection) for further information.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | extend compliant = (properties['policySettings']['requestBodyCheck'] == 'true' and properties['policySettings']['state'] =~ 'Enabled') | distinct id, name, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy your WAF policy for Application Gateway in 'Prevention' mode. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/ag/policy-overview?source=recommendations) for further information.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | extend compliant = (properties['policySettings']['mode'] =~ 'Prevention')| where properties['policySettings']['mode'] =~ 'Prevention' | distinct id, name, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"You should encrypt traffic to the backend servers. Check [this link](https://learn.microsoft.com/azure/application-gateway/ssl-overview) for further information.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways'| extend compliant = (properties['backendHttpSettingsCollection'][0]['properties']['port'] =~ '443') |where properties['backendHttpSettingsCollection'][0]['properties']['port'] =~ '443'|distinct id,name,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab1\"\n },\n \"name\": \"tab1\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}", + "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Application Delivery Networking - Network\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"100\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"3dec8596-fd2c-49a1-aa15-90f76aebf56b\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Load Balancer\",\n \"subTarget\": \"tab0\",\n \"preText\": \"Load Balancer\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"f5aec263-a6d7-4611-ba53-be934ec8328b\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"App Gateway\",\n \"subTarget\": \"tab1\",\n \"preText\": \"App Gateway\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Load Balancer\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using the Standard SKU for your Azure Load Balancers. Check [this link](https://learn.microsoft.com/azure/load-balancer/load-balancer-overview) for further information.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard') | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## App Gateway\"\n },\n \"name\": \"tab1title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using Application Gateway v2 SKU. Check [this link](https://learn.microsoft.com/azure/application-gateway/overview-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Your Application Gateways v2 should be deployed in subnets with IP prefixes equal or larger than /24. Check [this link](https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure autoscaling with a minimum amount of instances of two. Check [this link](https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Application Gateway across Availability Zones. Check [this link](https://learn.microsoft.com/azure/reliability/migrate-app-gateway-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Enable the Azure Application Gateway WAF bot protection rule set. The bot rules detect good and bad bots. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/ag/bot-protection) for further information.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | mv-expand properties.managedRules.managedRuleSets | project id, rulesettype = properties_managedRules_managedRuleSets.ruleSetType | extend compliant1 = (rulesettype == 'Microsoft_BotManagerRuleSet') | project id, compliant1 | summarize compliant = max(compliant1) by id | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure if request body inspection feature is enabled in Azure Application Gateway WAF policy. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits#request-body-inspection) for further information.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | extend compliant = (properties['policySettings']['requestBodyCheck'] == 'true' and properties['policySettings']['state'] =~ 'Enabled') | distinct id, name, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy your WAF policy for Application Gateway in 'Prevention' mode. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/ag/policy-overview?source=recommendations) for further information.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationgatewaywebapplicationfirewallpolicies' | extend compliant = (properties['policySettings']['mode'] =~ 'Prevention')| where properties['policySettings']['mode'] =~ 'Prevention' | distinct id, name, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"You should encrypt traffic to the backend servers. Check [this link](https://learn.microsoft.com/azure/application-gateway/ssl-overview) for further information.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways'| extend compliant = (properties['backendHttpSettingsCollection'][0]['properties']['port'] =~ '443') |where properties['backendHttpSettingsCollection'][0]['properties']['port'] =~ '443'|distinct id,name,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab1\"\n },\n \"name\": \"tab1\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}", "version": "1.0", "sourceId": "[parameters('workbookSourceId')]", "category": "[parameters('workbookType')]"

    x9^?-%I8&d%%EzBrd%Rz3VM z+wK>N(}b2*%CD>%oQ4qu8sGCVa%IQ7@trl!4bo8l&_MxncW-c<;LbXSyStGG`g8(R z!4@qTFVQ7OkwK0X-_By#Z)2`i$GAyJ%-wtqp_Tc{f+jxyM9%XRJl`p4WyoD5M4|m8 zg+}{@hm|%;B_@_%>~n#%2TRNtns#GSCi0?I_cijlfWsAeMuU~czDe3X(WeyuQ0jeJ z-xnfi0YOH@v8W=#p)oO)wphCioOo{Fzq4|rbjv$uy{800mO0!_lWLZ@*dl1J*fz>A zZ$|cq&CSw)^&b|R*-|0t!}rNz(7~A@SCV|pfm5~a^F|Uh6-`B)*~4^*CD0Z_U=f)0 z2*^^ADO6YwDQnkGiG}NZ%yX_#Pa>6qQAXOFJ20VEQwuVUE1SA7d-XVWK$BGuzI{VX z|BAS@@fr0zjqi;IBKkdBMgW_N8|j#fcv+KG+K9ye1W93k*QoPE&wR(zLe9O`GZh(V z{(}X=zT#MR2Bobn7@K(%k0(R=($`g`*mpc97kMe9!Xo!c_S_DgJ|Nm@krel*{LS(S zYwuQ+`@;3rfD#R`1NLGI{grCBpXW3`3lUL3@7#FS>n+RP)qaA;Md?k~)Fy4G4kx;m zTmEW^+SZbdJ`cy8bY`fT`SLxME;<^1id;Hlo2f*-HAPp~qdUWF0L1tg;8g-AF-MGI$ zzeJwazrCZ>LcFE5S~o3pHn*g|nz9&{UE9W3!Rvo+TksLO-rZ4TfvM6WTp^h#7@5|4 z>2Yl0|Ger7@OdH%pgstT+<0-7yDIJ8-bTKy2uVLpHdl-aJTmwq%OphAam)W&3LVrU z0BF8hAw+7cvKtP3dJ(;6l$FcmTWP>+U>w&udr@vzqd-&T3#){^kWp3ZpgD$Z5M z0x%=+_jUSXRIaX&iB+GKpp#X=t4_shI!f=uy9(w_W4fA`J>5}JhEPTnl~V33w2yi) zFAwFADiba$xyO5!LY*}T_6@Dl0_)(2f9b(3D_C}wPVyuh_hTan2^a$JgW^g0t#NZ7 z`_Mqk{^Cc)TW5_Ydg9+lqIHNtZRH%X-XUMJCmeOmD8*AsD3-9${1+5S{G_rPm?#3* z+kA{@9kWU`!}NYl9_bM6?)H439pgkS46Vkbaqu=_?y+Do)UZl3tixd|)%@}ycurbP`UNS1{cbFF>Vpod(hp^|x9{SUg%Hfiirm&J$5Mi&BT8)I#5ALDz zJXY>Y=daoP!+6gnEIV;}=?D)$8-B(({V4BjzET(iN8JupQfMy(+}^nx!C z@(c!8#Bs!1QN0P(o+rrvajX1EnWY5t%Pq!L`_VZIk_TZ*q|lN~r6j=s@u|c@PPlO- zcZARqYH;hyt z$TnTsc1%wW6IVru6)QY<0wrH5JRgxntkh#`I`BReo)k-?m|-5B5Iz$|P0@fa3uDF2 zoqfd1nY6_V&vjhN{jDSEE9B^L+)q7N>E|lzFkJ~i>et%2PwDxwEb+E~-M;@Rw-FjK zw(1oKS5rzF=Zh|2YIyRFPe!e<|_jUJX37ko#0SynZV`F5@;%#qp>K zE2$PK43&dmQhN^&A!p6TojhT*B%?99=@Gd36)hB0N=K074dsjDG{!I#C?B&*03b8Q z(k3CImh6+`U4swJ%FX>Vgb6npssC8Ke-3e|xqhFK9#KR>SJFQgPl(2(gH3ll8suX2 z)0#)+M8xKEOyjC{{CWEEN2t>avDLGo)w7M(l;@-)q8NKeHR;>WFN+@FmrxNo!L5*W z9x+`P+sND;q-M9){L)V-QGUfQ=DduSTH1QRjr(@b}wB1 zT0I$}J}Se=aofYXL;U{7=D}YA@z)QtQ^!9a?A7%bXi2@B)25!e3i?BZr-v5lt2^1G1SO|t`e|opp`2qk?S%~t{As)Jm7olrQqq^zRd}SOC zvkyjhx`%s9gD#rd!T}$M+mgeEZSqm5S;D0v@Yr9gXwSpMr$$5D54e~}xB*_;o_Ctm zVf?s}(YSVs= z|D?crdkdmfRijntd-vW3hEap410DoXXfzJD#sn}h8h^c5?=6_xem)q(96r_-Hbki^ zf{n;73Oj$HiQf-Y6jHC1TYy@$RT#z^vVfwQo&Yc2g_Y!KWTL*g3sR|s}eb{_#;U4o?@O*Q#vXJx< zI$@rKW}vR8u-NW5Rvva!av<}oqNdLnKQH$&W49R*VXC98v5FRc*dy=_W;>Lv8zh+ud34vS^jFGktdSYOmeKM0`!%(J1wVwCp!r}MZS^o>Q!!9y zSswApKoAhYbcUpd z>VTgp&9NaEVe}S0Z`0n^S<_Za&^kuwvO91c@#;J|S?d?(Xv_Xf^Fu#BFW&KnNvU{L z6<9o!ciOaRFvjpCC5%v2dhRIu_UN5@J&n$ba4g^(TlF`aNO3hOwO3(Jun32j3mwuZ z_OG~Z!&goVAxVX>dBGD?KZjR75MA0|g)x1&yF1r+C@P7s=%uM64*fEg&p%D#JVf?M z+ks|r_lO!5YBNj7VJ51kYvTmU)uE>nL_T{(%wsEPB+tlf z3QO*hmzY8Xs<~<;%`f|Os>vc>@q%&kgW0ZZ6_`MIqIdjIXR^6Y!(g7^7gUDcr}vC< zIyR3>xd!qNU}v^^U{cNVO71$KRs3FrD75zjb8hLKU#EvkXMc0n5mV z+E5nP*oi**bgG3SUtIAU7%A3rGPb}lv2mEtb)s9$I7BbAKgO3Lu zfjBhB@6Rb-@~!^%8ooBD z3PYA>mpriFI_?vnp6ai4J8k_#FXi#fBHl3y@;nOmwp$G$vC?D`yXPpqpv6Sv{LV$u zqegobRiKWGG3L5R{v+)+B8vnxRq!(SL|%;g8>yavgCbYJ$X=YWXH+(vn%b;8a1yhR z2`?p5grkwzS9nAQ$6lF)GQ%%ppam0XPJ|fvV$*ojB0ueq=@SP9KgLFuvXD*41u5vo z;RudkEO2WyuTTxCN!JIeJ^k;-0z93NGRRWsK$hYk*Ov>jlvu$EuT9=k#1O^`d!&)6 zrfQaxRR`I5)2F)EV89hYk_b#j7|ct}7B?)U@^v+Y8w#I$L5>Et6vk`Y@Uja z>M|qg*+U|vBkpII!iqXLf+!(w<19Z;dG>#6W*}aI%o~H!)pMyMQ9DZ&ANk&I?^iQ! z#n~P^Rm=`wXq5&l6+)`o{rFhmmhHs3gTD@?J(AbXav)^^2P7SD7?jt*jyl@1&Uba` z1cKRnH*ok5;VH5r^5SAsdk>sU+WRcngZoSc3K5R}Nd$5#=OOIVQ+=9Lzo{;0Bkn0P z9sDraASM1#1&?Cfwwma)o67^O#F4fCe$H>Qxr6;k0!QP?G8V}&+wKwVCi^nO^WFAC z&7LIiSi__za2?D2T6V_8> z@YRbt;wz;7GRIlZ=MqG5_WL%pfk$4Ga7agh(PU})qS?eQs$(vU=17~I;3bJ9=DIww zqweW8a$NDwCbDn2>7=H{&%?>~_o8O6umJDV$;L^Ic;y6>;vkr?QN)EZc0oelGba}j zgC4kBZe#=RQ`jHua#=qhEWl%$S@f&Wxh2UXU#qcq*{oKR=RuB$D}@Zx4@jiGo5>S} z#6^rj#qRC1FC)D=Bg;uET%Lp%fmLIN3i;~^4HqXm`ZCdN<28ZbxhZo6 zk=d@$HImilW5MOM%uY;_1Oio&GLA;A8FBB0diSn?u8n%#-!?vIm{SML@jZNafxQKS z+XeXTH@ZZ@4XUo_bKbIFBy zs*t$&b0cmW!zC1(XkL(aHq!bWgD&f3Oe`C(+3j>=#Yf|Cv4vur8LZvK`I(=WDTzj) z!@so;c~+9B4mFK1h26zX%|N!+C4nH)C=rkGGxjlul=FU9FJoNuU-(3R1I+)&@)6Neh}&^H&P z;Y*{rO`3RB!vE+WS;>HE3y*0rNLW#INkt(2^D8xb$ywz5id_ZcU7`!1nKN7-6qxoB zO<^&w_U8YnaIzvKm$N&8R>-^85FC`h!?~KHm2QAU$;%`7S*1!=z=|xO!q|c zfp6b4X3rVA+ESmU`42RP)2-6l(3)xHu1^hP$m#*k=wvO@A@&al+9;Fdf^xDV1bFn0w`G5>S9Rol*eq3_Z#u`^Ix zFbdqDmvAP&!bw28Y8I>ACJ*^S!nI-Rp7lR~4Sbi++Kw<@5&@VY@!O z67(D({h$q-m&oTH3!4vLUdmh9_W}zNuNnD#4$c*tcY9Ri9$JiaUn@6Ug6!Sk#^ZAP z-bUf)@v$l=-T9g7Lz^C$Qk{@Q9=27n8F81J?$K?bu9r2p=Z0w{<*TQ8D~_Xw%Ppef z3DCIgdBlR7PD=OS&%a<^zj>t4_y)eNgxaSoXMU4Pl%sYFw&(Bq?l$xx{r&;Qb1mH< zM)iwIhZi)!Kccybtbi-!d0UBP_ydmrbnBqD1vcHu&S9x<$~;lDK-(z>9I20RK&NV< zN_-DmP>NJrAuRXW!Oj8yPX-BW>7%4O*@Vcelqp@>u<^^)UDU@2C!8}ET0nAvjqer- z=ic7W|Ky9AEF&(I%FY*}dr~}LjcnL?G3by^cLtiZ$d6h^hG5?EhDu&czALYL_J_LKR6d@a^_b?ZRZ45v9 zEwjzElE)MVJwHDpB}ZF6F_f-qSHH>DxUCrhsuUG3aop!6^jY z--Xn2R`;h#+tfUEUAg&fV9Y!e*@quGZ{_A$K-MWSYLQvqtR-~N5{ITnH*M4j zj$J_JWdUB9)uPef>wb*e@TyIDVa$%*EeMO2SkNX3b8M@(Iv~(eUyml zGvS_k7cW}y(wu-}P=V(?BC>WHi|ec0qKc(K|KNG?dftCp*{0q7KFD)skLdyQl9G1W zK99r_@_S@kRN_pR8~HvS-3Q5SB$ChG%G!#HP!hyEJX_%i#_EK`fNJUIn)sGxkz0on z<>L=lW2e)F0VGOKE*Jc#InK{_nEgDcpqUDb_c8XAcxzGF$d`040sEOzn&ap(i+$2& zIL6U$1k5kxu?}56FHk(N$h`;dZ_8l8skJl%f<9CsZybBhES~yZDC%`n+i+j^9PrwkQ zFLG}~JYX)tSQnTlIn60I&DPu9P{e}wR!y+U8BN%e20i^aa%>tb!8lT<3I2>KswtU8`VU5{Un(%>*DDsobuZyg*vmOm8~ zfBo7v>`;UUzdAe6-n3EM0+~j<=7{@b*`}O$g+vgn5IV+vjm-a*@5Af* z_V}$%#d&!51M5<&{@V}A9YfqRfodC->r5&W*8dt*@Z_NzV#ZA%@d(YtlBhjLEd{Vg zs~U$IcfX8Aile1ev2qXqY@kK|B7uK^K=x28G2Y2)9Adr}g{%{(kRkiA4$Ng5rYKI| z2DE7fn7b`k%2nV;l}9sNDyKFdjr|L(Kl8Z1HZvB7SPegui43CD{&PHCbVtHFYN>Y< zQ~diE8|kTfo7RlLPus=liZGF&Mos0@Y1Di^2T>taHEdvC0e+dl60(aq!JTF#1D5YB zswV@b4YPPslNSvrJe~u~QdC<{|8aY%mLwZ2p8dVIAz9^S2ImSVw5_|13ibS=-1lIM z$;Wv)fNLr*o^#6d9~4KHS#ZI`0hBU2LNt}j-|OrY{b zt@mxE37^f7rxhnr(a6-SOlMDd=Z-|( zLYB%&h;;8kb%m-Wk~kt>SY993CM$aAF(5g_!dBp*HARA3g}i(>dqc_OW-M}_A4jMY zN?=OuY_o@E(qjvWmJ~1ybfwWxA5lL&wkd3$nZ-D|uQgmHq3oTIQ#oZ411f|F+kRtb z&l5-Jx$(N5q8-$w2bB0Bgi=YPvJTXGU^^#I#C%4-mUYhejk~+Bz4;qD-@Bu<{k9I# z14T|UPc~P%I$O9)Tb<*PqhJI>-3RnIOe)PeZ^m7zn|?g=VjhfZb{jZ~@P8YIto%8q ziN~efASsA|+@kGAaucs6R+=CP?4-RAO*jR?E+|E2SMANPzt*r=JRs%9W10(sDB4VB zxkcDtwS_!{^mmyMojfF+%!jpQ?zR7G4`fQ~xV3%#MRC8Jfb2WEOKm?r=>sP{I!fut zq|zuFebDBA-SDU2u~P;R1IMdz9eG+gt#wHqR9acT-Jjg(PJi`ZUaoHwO={Mfbw&w@E6`DWyW?nI#uDlJ zLB`)B`8~6<;PT|nn_6L4lQTGDjym#FPK2NX0PV}!(Sk)Jr0Pp(KQj+?wn8X#?N zZ9C_*AsbzJH;y*FN+iL`GYGzKHiL(X6Tt8Dk!_c=CYx)Sr#-UiCnpHYZhA5Nal!sY z#2ZIwfb%v1UTiKDxp`>oaHzPaGwWK9Ab)a%`iGkH@4Mznhldc@b}!BMYxk#o+-qM$ z30ui302Zfr=uo~BEwid5AxE^z=D*s$|Juc!KD)F*K`q>Yd{I>xBQr0~{zW-n$@W-K z^K2{6CG3QX5(%gb37UR*am_&y$6a}dIN`JI1*mH2{%v#RB9~8f<+VCOt2Ia0*0bzO zyJQVd-p;2+V6^F*Rz&W@n6Z1t#ADg0rTfDHUX^63DPxcDtxv=BV(?N6Pl!}TaGZkCOhhYwN0uc7?zg53S;vcx*Ep6ojQ-GU$}(Q=59b^>||6#Zn7a$sP=o4iK-Xi-X-|w8#fEup2TO& z-Po#O{DG403&vbR?|f2^#eZr}2ln3PqEw9MBaDoQK3-s))X{xwdq9>iObCB#E+v3t zA+e|!%8ba91~x&%U-pX{2tGcxQ9K1MTfw;o{o6cq8ZZ+~EKlPKnT~54&99kO_1U0; z6e4oWhgCM&RC6URc4zeR_N!OmOzki(2T#)}hhozQ9fHSnKy;4ogq`A_^D=&U-!>WjnmP%>i%Q0Kyt{%Hb?cCDo0 zO@|r`CNxBWn}55c!h~?gDPYT*%qUYuS%S$>-PdA~qZy!hIZ4js8iWJ>no5lh;II}Mug>vTz&?NT?GZdIeSj6@w|4ntU z>`cnz9n>hJ_$IF8X0)Zx{l8Nm^fHWZasEzD&C_YeP9K%I8R8ToOcwtifE8zW6fzm_ z2vKf%TYUoPK-b0Z{6q=I zm?~KOBQo+zC6$AL%pOmqw2zK>B2QZ^*#rM}73NPZ1#o@*Mio945CaVssk_X@5xM9+ zmi?+T+}(@C$W0``-Nxw@^^g%cWBmV813<0nwZuYu`cRfiA1RWVys~;Xea{kaQ_djv zIJTPC=V@d-?|zR7Sr*k&j5m{Nk39-H>MC^yDW8^!K5#9li>~+?vYih`$Tgb775e`E zr|oLh&zD~q`RE?9u&2x*o;rD?8_PuZn)FzURMzZ^VGLL%o|fy+&H*u^f6ylIUxTy? z%Isx@kufa~TDao2L^VcIdeE_IINUap2=^TGk}La0l`8-9Mb(1GXv_AeTRnr+E0{~v zh+W0DSP$8CR8%hzg6(l*c06Xj;QhN;b z4$7@;e=@?%u0=v&IDmeH_dtnS&b@?{(}@pG8X3;I+F&eAaNtI(@1*zh&+M zC#cR`Q1QBz-d!D{f3p#Lhb{I%?BUnqxQ$z@9bGW~?c24ikl6gu!H+2^&wCA;| z>T_C`w-F-zNCuD)d$cfnD@`K*Q#iP`#qAp~#LVPn#?o zope0y#3>iPO^)oL{j(oCt;Atl`tep_--+XGPY{FCZ}W4`BHQ|djty?$2rLu*U2q@c zU`%U044<7NB$QPP@;@-bY@x>tsnI8w8YuwFHRWxB*skiEU*YCPf^nA6>mmQurX~0< zGVW_SMhh#3RDhg#csqYXMDMDpj3+&EKJm$g>Enc(njgkPnA<-p zmEQ%2Mndz!-3Qf9SzyeF`HM>SE-Ou?Tz?y>sb)%<^7=60#QQY~UNWCQ^`-nnG;(1m z3LR7YpV4$PigyFD;yUw~ACIm4=F(tz+Cw~TX3d8c#;DyYterdy<+*MOKRTasu1)^f zJ}o2=mq7!B(iU`oCwdY8*ZQi$docBhUjZ#Ekg(I`J9eKY=;5j>3C#Ox74!Zq#Zrux z*H67c1-6qAf1-}y9E8ww2|AKe204E66{aIFs$$|vwMsqTR1>`A6UcC@Kb%cS$pCTe zp`A-kACi8l=k$ED`=nww>jqE5T?i1%x8^5+5qypO$GI!>R)T&ngVq^<^@Obt#ilJ* zghV4PgkAnVH8>u}mS>1jpL7J^t@QpM{{ac`uALuk5e$4S{CM{ye}h+HIi};U+fg*< z-r$*hzfVsCwH@18G;L7V_!eiV5N?FI#(GtK^(b_ltHgm&S0Vz^oK>J?E)f3(Z{{WS zhT&yehv&89nd*UC4!q}16D%<3`d6Gx$V!?f56G|39Y+))~GD`K{tHdQ%L! z!hmz`W1u0%(N9BxNk4w7mykrNw}(t8VC%y6@j|EW`5m18DpxwEHH-W-4<4|P}k~jG8hzamK$t}nRQacbUUhEjXWEC>k zj~C_73DhLKxyAu)1LELK+q)M;-#zBCe-cNfg>8Ib+pi^Sah@;=LcOmDO!`Ute4y=)NfgSaB?WgcHArIgiB!M|4-oo z0p1*pg~lJSK6CU2$T-5G9-Ea5m#YghKD^<#eKYUUg8nv^pWg%}ZD4;u zoP*sZDn=RnE#$K5eSY-`QRm%p)n!w$%Gy7d)ohE65pJG{z~$Q%iIS?v&`gthuPkM!U_tgoBN5=nD6jmW|AWd% zMqiu0)BEqwzpJ5qg|h~)1^s+H1+H$gfe0eS>NeX#akxc#V6rvt?5O&~1Irbc8s4<3 zqw=xN9Qg!-hDYJGg@`&wu}bp!=j!<8D733jJw>=zn^Wpb=(PWh62M0Z1PuoXfrF)` z)>||OhTGzrz~h)c`9wjP<8#>W7L=d+>o^bMq6HfLjd{*OwA77InBrXT@ocDZ#n+u+ z`!1a7Y@$lk(_$RbZg)!T`YIpi3V5)_`xJ@NTr-(AjsD}i%$7Mn-l3kn5qEQ7rJ-p| zjk#3Aq$>o9fyKCdx1g%+6W|AnroE|y_y>`IGR;27h7F^_kF?rjCdLQL$X4+VcpX`; zb~Q*1A{nVF{Jt@Ww=&4$qX9pNwamGZF&Ml4f2KsNEg|S<^5nL-(U9F}5q)a)+pGg& z>Ws*OiT?Sfp`;FNvmbxg*b)92l!KIx3H-KAy1?cI>GCFJHA+xy;jvz1x(cq%hy39H z@px>$YYQHgIww4CkxB%|{a_x2Mn8M8e+Duodzuscx(5|JJn=x?63Kq#4mGl$54nQZ z$LC24~Y11yXH5ICCgUao!{SJQY#OstN4@I20D){9?X&(|q|XmZs5$ z?HW@vG;ARIg1BXuMwRW#v3p6y2={M&?Ur{u#*bG99i0)bf!*-o3W=_?GtmAZ4XPeN zHb;s>#1HedXic0~=5Np;KB}VJWYRz{MjICAh%Hf^zXjIgC6eFRT|ax?r9REO=4{-+ zI*!ogFlI~sr@%_Ku9Urp(NS5Feo|?ZHRuTocJz`7W}`;y6G^*p>dsY66iLE?_CYfg ze}PaOu@L&24{1#t<^BxjaF9C6GWu{M{MuHpGu%z4PP!u5%0kf-|h| zg<<%Ub>96SQ(qkw_4B>2h)Spk2&gnDNVt@ANh;Fa-7Vd`q!ADVq)WP4x)-FoOF&p* zrFMa(mRRby>i6UO_Ya)2=XK89nH$e@@66nZ`r8PDVCCD}@LTk>x1;z{b{70Q<;a;M z3UPnc)cW@NaSa7ODP$q@n*aF?=by`X72S;rZnzi_}N+E)C6c`xECKLVP z0=6RQOt?-3&z>d6O%s()%lqBIMLo`&HqCB|Lvqc%>PkUq6CP264j?bFDxNxgOG@V;OCZJB;;3d?BI)PN=;wC_vW(ft3MC&5SWohLph z#3s12vy`F$uxPrRX{KqySGQKL;jX4iBUUhlo|0xLbg$KkF8Uql`4eVgC_)BN~^w=Dini zw#b)~4V*jKEZ*6?gnldPpg6Hs3#KLk`umZQsz!6C6@Dxe!r~A$LxDLt;tU;+1tCHG zRDXD3eGxq~wk<9RAu+w6F3cX2~(^Q;`Ano=r z-p;e(TCQfG!W^=pWM(EF$xvHvK<+aN_u0Mk17`_utI6vZj$gLUvw(CzdzG)k!`syt z>>m=x+ztXeN}iP+A-jv;#L|#TFcCF-oa$A!xd-$qea@S*@VO@?14^AW#V#|pXtQ>P z8rN^=I+xT%U>^0k2}|64qqAQ zonrU5>d(QmU?f~!CK-@8m|wb^0J^;LynqwP-`;a?i+PMM#k)x*|J3$oE5}5sTj2-~ z>7b+DtMV$GK>CkU9~en3^}2Cg8ZT5g^U_nS)90PWIa?A@z2Z-zabKp6*L&OB z0j!0NW#k_yTv=+X)~hIvLg3`MvZs4Ezi;mLpH}c?(R@7gORXNsHh?-7Z|J>rc;P5U zSmxNS1Dr#Bz~J?=dL07dB@N0iS z5qh=lh7KbG-Ko?Hg}L`CP)IP}E5k2jfVA=|6Ax-muiD-Mb6;mUkomIe^*cJy#h0_r zkF?;Vp~fU^B{P0o;!2tcoHa9s+L2&Vc`IEAPqegy=+mVSiP^d-plfd_ws9j#y~nYt zQ|^w}g34Ss1eI62EWUin_TfBpH+(%LcVx3~$+XEEco#YHk>F?ATLHlSVM z+Y-hEbFkqUl85j)Q3}dc8FLK|%UPxU-x6&zf{}&fpSfIFju!o>gd_~Ll0HDL(Y(E} zh0lG3vxYRioLEa*LwUT6yJOllymFw$)KFtHx{}4yMbDduoD+o@)zm+XfM6D2YVlNU zJ0eSR9-yS|-YU$ws1gRg)v|b^$=hIIl3$R3Q2XbG@~^=+*hFito?qH=oT%>h1%_m^ zSdM0Iu{+#-;4;O26#xB!{Gzz{jd#2M$w+~9;g8dJvt6P=yh34w-m{`<-*Z*(F}Pjd zV{b8@y97?b#fMfx*@hK!!|H!v^Q1^;Q#B{WgBNcDT4R!6jJF7Cd^H=Bnrd^vt?#R@ z*1}dYrE}L9-k0j_Ot2oDv!_V=;ikXa6F#TZXequZXEhOAKVxeOzU>EIy0M?FOAFy4 zILKyGYxPj8y=@8g7f8q{eoi=3Y{Nn$CpjyZ?BNV|l?Hvjo>L^r?QIeL_57KwO~hqK z^n+8N?&bH2P0dj#u^UTo3BjyLwk%g14>UiS$6Ru-9=+^KJ{Lh<=KSUYcoNh97felgq|z^zKv6#ce#PS{J(0^)xE%7@$h z&$jJ40g)cF9a?$5B$FJ_GdV3l{n|A&zdRP)_9Zi}qg@+Ot=aE0pKg@cU)XuS z9!FdJ{P()tNqe0*jB7UV?DKPeWw(s)c-pLQ-VaytTUIe)C4LWhE53LrL@oCF6Wkdd zVjav{pccLx`I!y0;#N!6iOZ`E7<|1$?+6I-d^aaOb8}QCw5y9=5MV(q!63RAwAs2bT!!0d@V+o$ix;Sk_5sWBmS_+StO(&MwfL zrHVW}-pJHctwQw3@)w8M&c+IybDfr@4VhW4UEdd7bEn-MEs8)JXXBJzK*FDaJA zE;5qX1BFS$`r7>;wN&`HC6)?gdpjbRzNag`f0}WP)!x`AO3s;uXTI9i{V(2h<3 zS#Gk)7vOPpVuc0bCJS&}$3C?H-GUC|?v141fXdYqI}o;Z@jdmjUH-*g>tH# z*Y8QeQ>dza9Th$}7S*SW=iu6x&h^GN6SSr9-h>uu^e5m|lUo%rfP7t2oPbw-j-t-$ zj~&b^4elXFq%&EJEHxR0C!2OwIazfSX`Fvaz$EgeK2R+Dj$=GOv1u$7Za6dC?B}mf z_b;Q!($>HuA@2&l?Tpo_0;ZJgS#bTJKjeK2^G(s;IL%{3{h7-Vt6#bNvqXNAFNL4! zvlcu4c^Uch(?!YJdN_l5&_d(hqpk1h6Zd zIq@k<3GoMfR957wE3^Y)^^6<*7Kw@RHOEvM`}5m6^Bv6LT~SV41HWE7t+8iT$XOhY zR}-(CDnxvvUdOij|0Eg|vBF4Hi;+m4KdCkcq*lNh1^(07kq6Um!C$GXf<5Ap2{amZ zbecl^9ezgiD>h2i&SHm4zP_4n4{9hUCSFVRiv&@{2?i+Ga>& zRjhs^)1nP=o?5AOx%6k1fQPgvH$Fue7vV;JHeO8`-WN7bWpVIk*)Hc1dzby2PW@q1 zy5)-RQg~_eF{Zv2)AaR`+e(YChe~{HAzPuq${`!_YHzJU^heid$KwPQz+8F3e~824 z>T{Aw44-}A7dq+(h8B8~@3Q@VPd!Wivr75#H9yk~HMn0l!@R46s{U=7s&AI8yt1N2 zm)(~zhC?YLt~Y#`I^)m6xM@W$S!|Bxw*q4F|A`}oTdF9p&6{0Nq*3%j>=-MO=;%{l zTBftJH*0DGQ2y9tspHKTN z=mg7ULoj0fIGx}rkEAX?_K2WvR_*Ge`0l2>%(xe63zP9%*Noj`+;5(DdrD2!b~U-X zU3t+-%WZh{Y5#ER*7VDVTLS24YAQ+8D%Y(iC_+XcnmoCJd~ol1ZVGHZ(1}0INH0%p zmG5JvsaeZRD$SUZJy*6A@qz~U(=F{Rp&AGAOpGH3*nzyH^>H?yFS7YYLe!e8Mvkm{ zQ-2Qix8>$Ou_ZJNJ+{WMt=tK0Lkq%t^MO`shG_oLxi>VgJS_Mt8^Kjz9Q^8GM;XVuA>Uuaq-*PZZY!-Md53zP`%T z>_Kl3=F2s|#wQ;hh$iO0Z{X$Zf4z#i@`8Pw%1dru+_^9vj*q8G7i&f5_82uCPoFD= zO|tNtCPzyVV<$){sa!vaY%352@+41FZhPUCD_zCF7^&iK`HVIunFmnjRc+9g7R+M5 z3;pNr6p`o`DQ?7HqHIE@{O8lHwpje0QOsr{c|V&k5qoFMng7P%u2FHR76abiE-An<%JkEb~PqW|fjBMJHIL%i}zj%v&dwQ4MLoo-2(7A;)vM!mX@6?K-qK<6X`!ToGN+mMuMA;ps#|-_; z+Ra7`@5a0cn@BAz+xX=;iDj|Hc;@2ewCQ$saMVog>!j)7zQ@6R{p$2R==%5!(&U4d z;Q>Yl!$o$5CfGR@KIc$?olrsg z$5W6jYll9syATx}Uk$gILe9U)clTI?-+C!HJx_=B*16vMxHb;w?mKXLvMm3KDV3ps zxK~vd%d~2F++tEH!pUFh%B9qRXMf-}dXHEwPwI2b^^=uruFmUgj!t4jT{fpyzE`vz z3xk%?#QoVmaIayWTe@08Z&?XsHcjMjwERad2-^s@b$D;O7i;w6h$hYDgM63rABX7N zvYB`?`}Ksvxspk)lE10UVt^n>2YQhUcPgofgH|2VV){=txa+4i3RVTSK4oAxC_%*M zUQ0b@`=d{PUOA)I@`4OO;>Tc|TXXW7nDabgpNCn^engsDJTEYBrVZ;33%|+8Zt$Po z+&bnkKrlRJn;Dc2J-eg*hJr5%mJe#3)_rxV&}Pe*j#V0U3CmiOy;U+E(b)l0}I4@~PKdJ}AW8FDv>g!$u?#G6f_=vlgo+PrhA@4*;8!i3tb7tuXV9fkI(A_bmV6QjED~Vl zrSxR{`N;QLwW=7lZ(Cn)oiVQ?Z&{yRaC6cg>SXUw^KAd8ALBLSugoFVNJfhnfeB=E zw-kH=VUl(KOPG0dvtYH3olYv{;}&W7&MIUEMt2{efWp+9^rBf2moP9lLg_KCTr(WZ z+U9DfSedTIhPl^(vo0xEhoSohsUP_5T{>m4yR2Mx!FrCj&p{%dOh#3es_WV}$Lx6P zi2~T8j0}7EMyu!ZfBGol+w#qvMAGqT$05Wxf zz%E|R=i%{*=&C-#ex%FIVl0HmvJ3y_kFJgwSx(`zb>cs55e~~}b{+2=D5vbS@~E_`c}io3~*W_G9w+3HEnY zl-I)!86^}hf1NbErMgzp)ChSM5B%E628nQHw+cWH?^Zc3h_Uho+=+|%r2C%mY4{%q ze2MvC;W+p|=(Y~N=n#3->x6sWr_lLmU{uDYNtXheGda5^~uB~yz zT2L+@Cry`KP$o0Dy!xfSQy4VZI`z0FWmDKIL<7s+%oVBF9ZJkjb+*}fpRB{vD(g2@ z!u*gad=oa09c3xrL&mFh^9WQJoY<#5tVt`&Ifa^HKcs-ZvE#c5`-dd}`C=sjY@Rn@ zzevN1d^CT*2%jzOA;DQOAJ2PR(915{=DH+i*$1x|@3|#;=p!Wi)AH*}SaMn$g~hg& zAsMLxAo1hB40?m%v#<}=d=0Ldqj|-z?eU}JhsP281$$Z)*rdc2&nd<@r=}%JA{UAK zss7`M8vwdL(~sCJ#wO(Whn_`D^WH#j7W0FOJMnu;XDg=rxh0^hU*j)Vi*Tc3;6q<> zNsWE2{uK9=i63X}$n!-Q<*Pss%exPfk>#x4Wx@u{e;60QbVSssU6-((rmF%?I0Mpy}FY=XCh5ARBX-1g$3_jPXt9{;jY~c;{Grwrxfh<)o z_9qmbF}unumNJWf#-RZ|z!T|9PEA+8co5cZi*W32Zr;FE%7O4U$vc9|_H}9e43-XFbVXl6Q|hOs$UAUveUB$v2;kM%3sI?$@*a;tB73 zUv9}WM57(aJbqi@iQ}AHZ$%oNNdwQtyH zXWejH)v$M|ULYgw_Skid4x^`d12=-2~eact!dh(ZM z)I5vcHUa+Sk1OwM(*JT6eDKbozmXM%wu;UKdLEYd4kY3X5!P4N7>{w*Jw2AGeG1jS z5Ju>f_j>%)uY$JDurM2Hu)#G!&aO`+GxzI4ehALXA4DDI{9ba?hhCwy2lo#9xpoAP zU$@^@8~c*xRB1s%AkLtrA}!aB?RxZBGV|XgznjW=h58YB^a=dM4JmWVmS!03D!xQF**c-&0xu%K|8BN}y87chb&}F{jhuIJZ`%Xky9!DA z{wK)3+_`;>f(rKMC$)XPOTGc`t-hlqa`dtsLWMcOH+rICPNY&BAi zOo%!f?Pmmmp08XL`%vN(G9@I{PoFyL#;{RdPP)uA*=%Po%xt7RcBEme9(C1ho#0(= zPHy3K30%CJb*|gveIcKDUqXo7JNO1b)(5zLId@}0EUQ!dD4 zh8CGJCx}vSOf^raB|jU7({u?1Mj4rFJ(I&$ z{{lR^IfXx4AVq=TC#G9Z`%I?1xhWb>12dBiUc=FypRc@54!n2%EHDbmdL_7Chxz~Q z%G{5OvOQK{M(b$*y?cdWo#V38wjx@gR`63q*IUIN57z0ihxEN3URsPT1K~~vYO__P zf=^7k*}KDyspu`b@Y|w29|e<`-ehsT{Tz6iOQSG#pJh$wS$}~iR%~SFM|7V#Q z4=F>vz9cDL*mSl{yJ%A#?_e>qMT{s&>3))(CYCIp83yGJyDHxO6%aFkJ3@}~3uTs2u-?sm8z(d~YW6=QCO+&rN4 z^mPfh%*5Lg ziAqoaw8#y&)H~Y@QvF`?7`Gke4X5jVC>8GYh&EgEog)4dyZE=l+7xa~l>i7A%pM6@qpqXovXKA>-P;R_HG$~KH z*D&LUTGz5O9Nop&U-i-_=^N421T-b{sF8*5J$lmes5iKOI}!`sq~g%k;SV$cL7{gC z*BE8{W!0j?kw|&*i#X@52pW?roMgQ|F=mw~!M>F5sLD%AoP}9vbmHS*5+>5ynOk<5 zncB#2$6Lv_)tttU)ak?{zYTqAGwA-g)ylz2_pUt&MgmDh{s zMehb%i7C`eYDHHjWZZ8i=B=Z-lBuPEYPT*8_&llD{Ux~9rO&)LClrsY*~krZ*V2!= zI&ml4s$LGLc1L7U!O5fn@0@&>60TOP?*qP?VQ!rM@wC5MOUg{=+^dhL>lJ1>bs2-U zyDYi_pL4MBhz;hvF!DYO%6Zq@ArQ6dL`0e%60My`!4dq=Mcp~49nKphh_e5mPE zog@oZsZ!p3O6aqGQrJ(qm z)PK7`5bZ9}n;*}2os#mJbJY_b-6Y!*Fba_i3LIj7QRlPcc?N;gs~B;@PM4 zF^bp!t@w@#l4RezPZ3;MM?9ZeTo$`ZELyd>@p&{0`)qCr7zrP^9!y_$u`s}Y;Kx` zcl^54+SQ$w$BO?;(|R5Te8kU-^fJq=2N<4iVuis?nhlgO zO|vDL>2Obx?(lRpNAt?lv+UT>-YLzuTb<7*dE=Y6>X5~!%qeN)u(IOCx7p*3@IaXD zeaOqDXDfVv!ie9U*!PWZYH7U=!6qlo(MxNPD^1bE+iggRJed4*z*GCS3`y_J#e%f2 zT1l)At)EF&EkBBVZ)ev}sQX`p-QcmOy^^uRMA+7ha~82K1Q4Cm9D0}?Vv@3&giQsB{5oXj=f%p?ygX>8x`aSoM{K~K6)Nwm z$$mr05agOp3}0!)Oq_&yvyi-$6WTsjY(Xv!JjfF^r5r-2OC~lvX#dT#GYD1i16#cr1VeeZGR;K? zCcNIJ2N-qfSl@gf91ZpAtc~ertcvlq++Y7_yG9QU0GC=&%g!*KdJ64+$$)pX4jI7P z6WTcD7K69^&9q-PjPmpj4Y`{hbaDjgHTotuT@S`iG&Rah{-r!E)O1@ol9Pl~GK>mw z`;A0WN@_56BN!dtJop8X;S;C2N zk3V>}9MwSg5GE-s(F<3UqMa3MO7J!faiyrBoJ@ONOa6D_0A}Ww1Je%Oj1vx+nI9M0 zmXkvRP&&x4s~yFf{_!h$4(1l-xaPW!mPf6z>gV!;LuD0w+$?>9X!4wuQxFNlkyo2< zG;&bD-3^dnr3ldC>oi@lJLP+1UX9CR5`TyFkt zS$R6y@TxNHJ}guzf%2q*Nz=GKt6a-F+EjX+OVi}cN=)){Bkor?L$F6(B& z%l(FtkWnhA27$MU93-yAiMDx5v+&SKHNCxz4W_+U*7OA+LxT;4sXJsTy$qU9{r$Xi zYV}H=(W^j$@D0Pn26NrMTD}8MaVy46R=tXN9sK;CxytlDO6+DNOvEUSA;s43IYwz8 z&f?5c=jrSVtP`<^6VGfR{IdEHkPAKCSvNTn+r(Rt;Vb3`-ti+N@ynn}5DS9o`Pvqc zALxxgx+LRAczu-DyV88W=9MpDE-0+N!(5zZ;JY;?Qbh+mKtSZhWPrcU*YxdGX*VNB>2K!?v>jo_B)*_=za|8aRE@iA zyAg6R1HS3UX7AjMJPNLkZF@Q6!`1ZWC_HSfg~v`3h!0)+lizr-OLh?vZ5g%gOitdH z?Jk&X5w*L;LmKO?1M+&vfZ&EEa<1i<3WR+B4?+RKWNY4!iYB}m4BauBTfktbC31R1 z#xXMoUlG+koRiY^V<&#`m{0gj7gJ~_D6#ZA8&L$Ku=jaqTu`SM-YCRI?!d~?SI3DN zFPPRgj=|8^8m|gsRhn-3_4vP$c=6$3vH9%s`u@ks@?UZeov%5y;pLjsJ95vYXaI>` zlQvLSt?Nv|!>s@C#*xd9ZePZi4udz49i6OxkFS3FabB1GD0JCXHeX`p(cT4d7B(>$onBgp@m!(>dl=I>fXTiE8Cmo>-2G5(J@ zNb_fO?kImL>KoL;bgJ&-P5Us!&GKD9PJI3Q@mm^n?Ef$*sEtwn@~uD7B__==gdQ4% zlp@a_TvQ_E*+R-Dc-xVPZx$z0C+!aKNVv)Q;XY;>P@=Kj8c)KOVmcdoS?xMeOT7g>5p5C)@Gzx)1IxGtHI-tY6QvrRxkTbNVx6nFza0V$R;*1adY`14)}WPZ_`3E_k378sTA8NJXYe!C zPP{c&FISfG%kp~ny`MOL|Azkt@3kZ&6nR(vCU1(uXz6cp%ky#5sx zkg_Y^@3Vm4ETzGiw3W^)n`41X(M^4JMYd+dcuPIS^pg4H9YepY?F66mkJEEUbMWM; zv#e>TYm7h2CU1_D8}DpMW_l(O95r^>dOes?ikx|(&VqK}NtWTbU~)`>lBMi;>V?;q zVeuz=8&4=HnuSVZ zD~@9ueN&ibV9T04PS>5jmS^J^i$i^@7xkl2@P?<`Enw@)sdJA~yVF{JmV?R33y(`i zm$kr{cN66FQlh1r?jo1_)<+s4m)evFue7OQvf^_F^@Q`GSmu)qf|D@nlH7N*n3$hI zkR<01fR@umd=rYfF4r4^0i-QW-Qi0VTaU(*_JZkJ+v-VGevKNmlDfog zq7Yf`J$s(r*xrDRIEc7D%?n(p;A~rTXs^ZI?OC$~a)H^4AzSXmQ=21vH>v9jfNd;u z?gX`wYwrY1f|uDC{rof<%uy3|8}|O>a8|g%)%sDVQ0G0xs+Tk1QJk2yg$~D)gsYJ> zOY-9ahA0cYMW_?yqsxy+;CI5BqL2EP6zdv%m2wYV)E~58gL%RVAy55%=ifB*UzMWc z;P#s%h#mjs16tSjU0`VhHJc&u93}I!LB_Ckf2Qh;c$bCp@-ppEG^*FlzgmAjgn$Ac zX*3xBnk6MMTW^TQ072q|Z-8A~W~TH^y*SgpPd%NFq2!$;r~Cg3Lww1c&rQ#qFprf6 zF^v^NFn{)!JH8-uDO3Bt2l0QIgq0c=vn>Z`PtprS2$-lKehj~aSyt_$IhQV6rqULr~#;lPmywuFN3PzEoV2?_p5aDv#! zRqO6yQfxbu^2=DWUhp^tB8{!y>PNGA26 z7$Cj`JjiCSG9Pa!gz>P*jZ?WL=c99&w|y~)a?^iVI3r*>SEaj4Yz}geo7u0VS&_*t zTA0;4J!Wu6JVRmJhjEd6B(=+}7;TZ9dwz#Mx6W#=pUR^)ky=^=r(@Y~jVudh#!O8oS^MO4U6 z-+ZmEhZU_GugyK}npi81A)kalFO=O5N56}*qZwn67mHR}L0Y|$H2Yd7)Y zR=TFmKNR~v-(@T!P}CQdzrC-yG>;a8mF`CM?(NSc83r0Ilv>uTgU3=wfX{7ZfFKy8 zuN9^)oOeHLA8kniQyM!dE22xx``FCUZA!?V87fv%i1&p=HivmRy1_K8g(Vgj>)$#e ziPy1jo;eX?S2QbnD(pZMJ)=*S8HM_IOD5L8CfUwepJ^`Xe({FXLhFOt#WxV~%Qkd# zED(g~aEv$KCNK!?|AK`CFJ`nmrmFn>LpnDc&E5qZ@$FNeKfU!R_CengIVyiDq3oDV zvwezvZ03vGcoH$jw-x6mPl7D3Ing2LCN#h2(RR<7mfZ}p-HT2Ht~**2<0Z4wFP#Zp z(2{(vhLqF5PGZ`8r}uCr37u&Rgx-x-iKV+i;k;CI=XjXwKK%^Ux-#O@b= z9WS|8^oa%i*!~DhXc+wHt6N`~1#V(j*Es-1+Fb7kB@v9AY5)PHVPv^T0)kId;P$U@ z*@|}Op0jGd=4Gk%Y%h5qit?=G^y%!4rGbR@hka0T8jq{yfqf4HRZM;7kZko7kd5iP z&Uywksm>`3$!}1PG+Vp$i~Grwsw->sfu}vJ%*ub%H|?@qTHA^4brj#B=id{kKQo5O zm$eIQp6wjklvZcF2;ApezO&$lAGcF*Z?;S>`DvbgPMw5bd_ODRKUDD=PnV(FIvi+Pzk z;Ie5EA)M6SdS)t8WAIo_4Rm4eq>_TVy5JF|npMvjdx;N(w(S6UFYo%Qx96f;&fn?x z|D0-ndby;Ge7YobdE!`ntVn=>H`)3rdb8yG%?05Wuy|H{qHaLc*@Ju`mw zV^~4SP)r!e)`yR`4qc3O?J?AdJhGoT4QlD_*UGTTLrVg8@;DB!)b*<&=&7KmrZe1T zeqWjs5|G#ON%ZhV_3Qc}w_Ndc&NF|BOgtQJz%vz&((y9;%T%1V*|0>@^>>Hc|F=<1t>O_rBf$>OB#|Nk3Zt=nr z13lYm#a&4bhImPeqC3MUygLY5Sc>npgXWRX^qJ2~PW-`>l**MgKtBHK-`zZgNV!0p zc}sEw{|MtX*^T&mgCWZ3p{uhLbE5*cx;K{u?Gv^F>7(8WL@&X`Y-8HoUmrk@@1gUP zu84x>m_!>6Hb06H_Ub;dH$|n7%&;>NvcC1|xiv7isO2z+u-S=Aiyg4|7c}BbO%!-! zMI5SudG3J;4;$n*5fs;Ve!`=5GWD@#ix-bCg42->XZtSj-s^ zw$50N70ZApQ{)nsPMl5FsmXt8YH93?s*6MxLn79lW%OrCR8$ePp<=(bJ(%#l&Ccy5;@uHpyny38a3+H6Zb|u|gV(tn#vqwFI zrS;EUhNBceZ+ZR`o4A0VlI_fQYTvi;m~oiA5Ox-wrLnlwR_V}|OF}Q}Ri)hw99}uD z?T%nd)*d@%=R@s6?Q+N|HXCW?v1wVctt}ee1VtqIiIQT4-(AKXN(}yaHkS#wsNK?r z#3MEWEx}95G=; z20>aE#GYt6k^tB)-C#sbd-7$LR$np#o7DcVv*twVpEe_-ZTd~GSZ^G2EQXOO#gxM7 z3C_={({Sw!{lD9AWtU$yS$f~QyEwT~B#?~^C2B|FKUCju)FMNC;7Y+}{gOt5JGYR9 z8yTl=u9Xn2Pe5!Y{_$U6r?6LeAtM3}CW012_|d(%&)Z;W!9I3va==okl)w`FBdt8? zEa1H(H$PPV4jYbEzb*65=yGwS!CwwealyiDT5mN zkl8WnhsNw;7Ez}nf&y4A*1h3>a^8&2SndPju`i#l->vW#y!Tj#FztJHl14`cZq+@O zpsl}Y>K)W-&l*?3c1wWc|XvBezAe2rnvyz-x%{({UiPHu*q zs-$-mOES0aDOW3$GJgzotBnnSCrVW==K(S_gYWFTbfQ#uOWx5=J^5D(b(eM#kT^Ii z;5t><*@@y+u-x;n72Uk8vZTL%praxz?+^h?^A<^m2Ow6jcCx{y-0HY=zw{3!&JV| zWH$dZs4Hu4_`t^Dv|r)z@ff+V8+70ATF8yfM4>k=d5Gt!Rw4OI;V^g_yvb9Ecfqa3 zAq0JB{-G?ZFY|bmoF%8+$8>$Skyjfr3jC=V^+}bXB!3rj9#w;j4?G1j z)Xu#Df{Ny7lv44X2wB?-gP6_sHYlFXY5Tyn+n+74bK%wN`r!qnuz?NJkbIMNVMn8! zDhj*osumRCreyal306{O1}_2883(W!Z+O3)R}fMt?nGGeK(Vf|*>Ssg9lE?p zr0w^`pS~z^wy@x{dkW$EdA{?lqPPK5H{WYy6464Fx2LN-)`#}H$+vym=~?mfcxB4} z)FtdmtrYEtuwK@f-|QE$bI*vdqF@xl;Wa0zWS_rdT}0Iqi8%uh3ouN~qS7>=Mx8l6{*25(Q zf_Vb_%%ZHNmP|iG$b@-qSeHwNSE`!;+@SotRe>&vq@9{|jNts_dSYAdhum#ekod;s zS{1Zt`4VVPikdF_?j%q)^R|$W3K0Tx-D)!+tP;qGQM4o>(G(YpQhwS;S|>!mk|o=drZ4U8 zjx{@;RwrYqz>lVde zgZ`QH{+P#woLiKs@Fuc>!;qYsNgVBY(zv zKgdcS^PC!kb*lme2E3>K#p;5)s*19rS()pCbsm|CNbKc{pZxwRLhz6-)a-HdjqAND z@P;Xbv(Rt;!l~?Q!M4W!wbj%&Nn}esn}tDePf&UnmSphZrN($P5Rdnlnt1q1VqWMb0ilZC z+o_V+4fh4erQm2~Gh*i@;LO5a=nZ)iANFT==7;0`-^yba9+t)o=%LTl_@Kp?l-JT^ zqaGJ_*A92R6LrG{qjq&HeUEh5C?R0IHT0v28DGs{_vW-KR#IH^x!kZR)jWdoCbadz&B80ttapVGma0$U z{g3eWPr@vG-}Bubxi*OMKVkRQ{81W}tq7FYH8&472tF?LbYrYYs`IQV4Lj*ul7Iw3 zjWkmvUd|sQ@1>p)^tyA6B=RnK9ih+8tNB%hV|?}Pu1=3OTdsaq@nsw>NZ6?DS88-% z%411}7Q(s3lhiAm_fZB?Ukx0}pr<*yQmQU)yEb6|TbE-q)P;NY7O`}A*+~45bznH{ znfRY26|kfuGLCo~T>OSEY7XHP`<_%ys_c0uJKn6h%I$skR&Ci7X`AlV{*-XZ&Hp7$ z?3SrS#^|$W;ur<;A4*4#dtB63AUw8|(oiLZ*D(e3@O%ZeHY<;t_L^Y(We%#$rzAN` z_-zV!Vs&hWMaIKjrT|3u;;P)=^t}KtqmaIW;WScssO$YZg@&tW_(ezYXo{N!%ezC? zT=*C>A+L3t0qlKacXo57yYc}5C#$n+&{i6g7KP>VIpdk|dbi6dXfs0w99;h}A1=&K z1yn)%qCGj*MyX~sIogm9DQ^CG_8hvVCOJ+9riy(IK7hoSbfE>pXlcPc+tAf;Dn_rz z^Q?opHz?BG&Wc})>7;t>*PfQkz;fseKB}#mb#8IT%hXo|cGrE8?f(0D+iJtr2HW)m zmP_rH{s;b9iN%GzD4uhv&;~hvl>Z4#Jfha5!yNL*f_bXL-3t^RX zfY&q<8JjfkObuF5>o}af4e6?~qk1`AF53>%?1ER^&;oBxj^JpT?yS0cAq`tTjFlrk zmI&r_=GxbJ=^}0B%LsEnb&blv=PJRrPXO;$KX0|mDl5m*jaB2zD=@*x&Wu+2qbrSO z860Z8?g39oF;y2j&G}Niwuvh!e&%FT$KH7h`uj;sHi{K7u{d04?A*a^K{E@zQ zZbRwI$S{fccd0O0Q`7rCy3q!o-VV0KL>F81$w41X9x)gK~UqW zj^d9{F}gX#SKyZvzd;Q%h^6mW@T1r-|3j=GhyVq7T=mtEC46RC)#nj5az9gHN4U*v z>g(=lj}9A69^=#;`DFSibu@n><7L71Qic1Cs6IUiO-0*8)=_m#T4a)5{o;odOWWz! zD4a_rN1pfFmiOR+D+LP~+4j>ry5-)UHQdP%Af7;kVe{9r;myebgeiFU*Y58<4Rc1M zg8kMn${N>$n>DS9QK#N5(Oon%vOg;KweBElm6r6sNHv!?su9r7DlBKt&kij84{6;G z#S2`kZTrTkL?J0t*oab@wGEY-457i0gbYa` zW2T2F^R#u4F^9}#NXnc;u%uY29YwXSuq zX?s?s^N?qD-P9Hq7cuop)xsIyjaTQRE5mgSuNY!KIvd!E^$hCa?EYAs6Oz$CXY*iJ zG1K^pd}&Yr(p#nizpfqEJ6d&XCbl?@S8n@=J4=bfnX+H7uC`pYD<)1DG#O@N>?=5z zTU=jbb?CiTW+`uT^GMAd3i(5iz5Es-(eMjjZ*?V}?-J^=&b@Bh+lU{KcEOFY@XS3_ zo;IIh+e_y>m6tHshcoP98CfyxJ-d+XqCIRZoMC+>`9i40TvpGLzm|J(uK_FHT$c$y zv^?>ov_Wqyq0HfY7Eg_34%fpFzTH6=6I-2%#UtC^&zfdlaMfmwYmZaSg5KbwuszDA z470wYE0^bUj|q7jKI^Y=F5hj)=K4JN-L)6R(?k4$c$$SH*%=*y(mzy%wZm zG%*d!q+v`EI9M&r$H6<^JPJ2K$g?ZJsSvy@Yer;d=GkQS!c}9UiKtk2rgt!>OX^y} zx0M`=FImGJ5xtVVN!8R)C!>A-*vjluJ5xz?*KzBPR)dC#M5l(%7jCP^n5-Xb^%xG? zCY3OL8N9EPg|m8}lOCX!p0{#V!_~}nj~({Qb^I%jhie-T&vz`_O=U=RskwwM%pXm} z!C#&a8)aOyEXv-Oc)2Qt_d4M?Zb_ZgLHNVmWWFDA~F2idRKmq-AOIL-7B?Lg5^0eGZy=ADWWsx=^5IyWAWRIX-u& z$7Lu^UC=$GnKx5%Ij{0KJvEd4+v)pV2G-FZ>U!T!blu>n*t7X(l?OG851L38x$gF`35@Tq#MO_a)Uq^kIL%%9 z^wh<^J-$EJ%wX&N}6-T~|c2ov=XeOR? zkA2gaEATkDIsmIpo*A*~lG60WfTtDRkxr2!Q%ii1V;8+kj;m%)U`ls7bSa9pvH4%c@u2<-(O;mwF<@!%=W$wV-#Zbo9pJ=fpQIf&D!* zZ~dQNy3(}t^jg}7(e|Rs(sx5TM+zWkfg36O#Y|%>yOWde>UZlbAn#M6ZJ+kEhv+Ku zvWlI1sm2_5W(&KaFL8wAwt!41^VSU7U>3!jHBnpPZ3vGl2Ak6SwNZ5_EJnA#@M%80 z0`Zr0wdnNC%%i3olO|TYSv0X%GAItT%(VtY==$d6Ja4tSGbsLKcIX>@nQy&{C)?$S z`l{jdFGr?a5Dzi_aWq2Q6kF zcP`I(I28nER?H#zOnP}^~iw=sV-&28HbUP^DYfbWv*%`tr(wB?@Zh3CmWiY|lBq8G=w8nX8Dn~3BpGX|y{ z=qRyI4`Sz_mRP@A(_oP*&g>G@mKguet@fcyhF~OLoGm{^t-qY;knPWd(Z#oQl z7*t-H5Tz0wYKgMI#12zuQ}E8s^lT3^3%oTSU;D8oC6Ho5iN0x!A%@i>J5Ax@UD-Lt zvnwY9Sx1G79GstgN=2JqYke9c5b2Ti{t*3p5jQOg>6WpB40U$pm#@sKWL^~e-tN|4 zz&q1>{>v)eaon_%?UNLXSr+xHSKG>`?4iT+OHtY^qimh!IDOrRS)D5k!A+UkIS2ZSlo?6z&%J5}=TH!P|dl$H0^TyaOjDTFlD{iO*(4?@bS(N=J-dQ<%4yq+=Zo=Bj)2N^ceJ8y1m`($lrIx0Q>WUy*)$ z*du~}0&G8>Y-=K^Ia2~%AHB8YPd?y3aDpM}BH!7oNmtL2TQPC72h!=Uxs z?9dmhY7e#x&vlfLcXx5VtM6iUY>W*oWaZ1KlWtu$aUFFOfQr-Vv&wNdJ5b-x#J$ne z*F0{YU9!b6D7D0WnzwUT94r6HiFx}D5t%90G`1615_;Oy0!szgrNLNz&7jGw_+D@S zKK{hl%CQPv^II%Vs;lJ3sG&qh(0-gN3JDMEFO_SC`d!iT5qLPD!=3w%exMJ%p4F;F zsSs0%YNPco(Ua};MnXP~yB?p=X)C1pbG2{hyg^fTALX9Xv1qAOzv+?7;Eq{P2Cv(l z!_DLRK59Ef<=d%@?0oolM$R?t)0T7E4(;k`d^L$S3+3g=KBf!qF_>6xyP9;$WQoCu z&PQ#RsBAm4(RLqGslr-%+YFhS2R8~zLpn?X+E1(Fw;s_kqGyH+&Q{2`lNo9IH0~5t zY$q|&ZORsqzkBaAhk!#qP-jH_P~W0F>=KUSujZzV<*3+6SZdjx}8 zLr>Gcj(&vHC-*}^ABWYgJl<+E%2-Y-ue@yYwrGy2JNjn98G$_x4XoOqCUPUdg`xea z;olv_Zj?t8;D6Ebs$%ROf2z9U2Z5`qYl#R+Fx9rWRqlTJ`rBp^wsCwi@QMHtQaY#B z5$R5ZUU2C6r3Zwrs)i5P_|W^tkLQ}qM{|5O;K6S@R2#ou|HMb+9+8gPIxib& z3EG?%MEqOi#v70W&VT0{Y5yji|He7v=9~jDA?E^Gife-v4uU@?3W$s;0r7e&LhHHM z5)Lpsu@u(99ra@>Xv2$toe45Hi{POOCnQ4g`u>){`M-SY!NXe%-+gPhw7jDQ3qxwc zpuf|hHJgtLAjXf;jbq3dNj5OaY?x!T6oDAbcnCf4zkdN=Y^-g`<`h7>?04-1A=dAg zMaMXx?rhroKup-3w6dFK79xf=8KC~iC@0KYASN9A|2I+~F!O3DT7nq^gxJ`fR7k=R zW)^-l1IB&~&+cqaTS5vqopkYp18sOh94|K>9V5O2ab;VguVg&IUmn1%zJry&qeq9J(YMH==a4L9KsnK}O+DfraEo{$+)^lWY&v5BG2!?@Z5Th$kIiUG$Qp7a#5!^l%eHXT z=8OX|A>*_JNej{thzZlsfAjqZ${$Y8P12B%!@o}od=(=arVEJxe`)-$^+$R0G{mp7 zfU+MeCpWx_JGp6h{-!szZmkWsUlNNf1KM;GN47bMTalh1q#TF|XJ-5)q=IDWhLtnr zXW!7;Sz%P^?>VPM*diRAKuox#a3M3ouR}kZ6Ba|8Z4m%w!kHY1f8Ko}^FBUp@f5H9 zLkY-!0>mWTe&82c(0xdfL&(i>NB8E2G z@#EJ+K=Fq8_BYP);~C$5_(f=o$-dxVG-fsMVCwas&l9Iqd&Wx>bd5*N;M9H5(ilkz zt(~)Eg;FQcnAl%i>co;^(iUAZ2A`kmS_~9#;D5DHD=cU-n#=k0=X8NjKOe%;@OiQn zPDxkQ9tYIg_ui@|zjqF8;{EPD#8daLhZ`6LvPu}hdqpV#cI`yj9Rx@GWcEvX!Fr?7 zBCwuT{Wx&9b^zIJ29T|H5`6y&e_VwXk@MS!a6Pk7;BW1_3*o=jQo7%_bd!b(i(HmMs1v4)mDw{=?8EPCj%$G2`&Cyr*cB=fk`?ghi3*T=03 zzqamKnsJ7*-mKUgE`JUD-n`=I1R4HexI9=t&xV^ZwR5ySIMd#P7q+zVY%$y2UrO<;V4iA0i z#(I;bEjPX|yc?PL=nL^pCbopOE&MT2`uy`t-=5D0A?s!BnJ@Ll3#<1l-dnfvDK^MU z`p=!=>>)jDUOpG$7U5Q2;NUsh6k0cGucheKMCVx9^LBB<<9p?bnJDf>Utc2b<5XW9 zE@`#?eD5W+o?i(=?Hh)Q#cCIq4@XYmGFy&#q^&+|zw+pqzrlI=(^9&T*_B?PCWsaqL~krQ@esiuPD%PO_QT4Suv(HL-=D#gAQBW1M17%V*iX zDfKU_Cbuiy&O+?!m5Zg;xWh|&D~k4s2g_=nRF=@Je*9Jsxn;d^DeIfSS*+gt_Qe;w zGIF(*y*HsL)UeX+W@lLrYe4h%R_*zKYh!)EOJg%oWBqf-(ylYj&xb~mIui{Q2J@Y7 zW>3b>R`y6`_MXG32)a)l^C;K0J!WRA15q5e^Im#z`h&6Ddt-}7j1iAs1~cqc4y?8a zk9c$-n1Nh55dLi&=27%Mer|gHJ7!Z#%6h`CzSk4(zj|qfL5&UP-{?arcfJ#gsZhq0 z(Z$^4K|#urN%x#(Fb#Au_jpjsQq!W!7*`pg1s~Ka9>E9=C5$_V5LOP=!6R6xA@_F+ zTWGexmRmHCpQ42tsu*`;A#BZ01?Z>JF9qLw9X#Bxq#GKfgHYI`LfE62@#hWW&y@;j zgbHamUrAG)ar^Ok6D2XA)ZHK*hr-$jVQpaR#_{LM1vGF4&nszA0by-U+rTjhwL*^q zt?CBpTPQ505S9`%&e?EgzfwWyQEjjNucWJ0$&rfbul`8&?tfL2#rvSJO0x|7u&OZj z0qT|X`|&6YEGjfqfqgW3@G2LCl3Cw|e+pwEq~8B#U?kjh0qb|L8p>=w94QorA~pBi zX))sw(H%VOn-_?9Z=wUbP*JDP)7zUt+UI{Li_NYt;3 zrz)M?m3QOnho#x#t!3SvkGU=AVxFRODKnp%V1&tfx&@S3Z{0ZTKhJzpBC5tU9w8j!@}4Lf;!|R%nMBU}BX>|F z_GFT9jc15wIuqu=+g(Q;WN9hTB)wKj948e|#O+W%G)yV}fZcx!%Zt2+VV{y1=XYZy z>7Q4~V0=A4?Zu?O-F5n~EbSgN3CU$84p~Jibu!LZvL_&FDrNg&%62bye;O8n#d5A! zvdkXV%3pU*x69CSp$Dd2Phot;p(@WoS*& zTWA%O22|@#_){vUj4)Q{bLXd;EJAPokc$oZC~=FN=q;&@s%Oi}3uF+vATLjz`6^&2VO|!80%dmL2UX!8q zMQ^F^@osf14ai+JWkV7gFVQa3_TLv?1r9O+;_WJ%N~2 z?e?PMS%a#;KE&+M30A~M-het#T)``{0Y!Nypje>{LU+Ui|AVx!`+TyS zpm3fJ;JSiR8# zR=S`{{1gC1?hC3C&VZ^2ywx$hRUxQ?vZ&<|LLyo4l@g$Gx))UT>H|C1KqWWJElyde znT)-lCdR83aU4VZ;V_J9uMUJX>BnO`zVy>$T7(nU_bT#4%+?;nM?^SgpbT9~kmDCE z;aEa>pzT8a)e0zS5z;Y)r1gilt2vwoRM!)fVZHvnig1m07Z6P*BBCc=-2NJk{nRl? zg}w!>YnA8A4bMEW$Y(0&T9}bWPje)RHWZ+rN`JR--&_@rJiLqqSS%Jm0zga=f2RQb zCr1CE4fG%4{-+>7|CTLgJgHuQ)PGYL$L)pvFpF0ru)JoGF8GTDh*6JdHBaLAi)Jx zBnWWMWE`6g+KUik-T)6^YDp6X1kPR|cnFdCk9==9d!LKCJ@r~f79l-CQ>Faq!Ufi0Lu{GFAu_O&@qHr^9E%%OBjnf(y+aD z06r8Ak2e^9+~2U-U~)+c?@bhVE53&~d(sG;T>}8F3n2h(VgZ0I0HE6p0Kl6-8*SFT zX#;PGF^IRt7T_%nc#{?Z&B*}XG#ZiSxLE>k|EUQ?v>{An6$nEH!f;K4FkT?cRuJY? zKL|qtOlSeJ|Eme~-wE^ED3IPi*_vO&oE*@GIol3r8cCvF*kTLJ*{zy1m@@`AImx7p z_QU%R*oGX=PA?69czS_({@-o>NfYSz(EiCVzl{RT{1j%C3^1hbiLmkCC_w+MK);Ct zrTxEb>;3Jg2DEvqZvO#qu}PRU;cY5U)vk?&c<3%t)vb(Ffs^A-8y+ryjd&s_EqGJu z?}KbAh{5Nr8!P^?0u-tV$Jsi~2!aw8l(&K1IcqY!`KRj_P=U`$#DA?o4%D>qHoq-E z=-*cTS85=nMgJcmK-&HE0D^iF%}4pGe*x`GPXhpj3#m5a4!#nLUItGFpon}Oa}oJ3AO-*kUE0h zxfWpmYev2%`}gsnWQr{5FLTf)>xpdB+U2j6vyc3#Urolj;9Hj=IgYbg3MWN5@-xpS z?`H|OXwB3N3sow!Y(1c)gfd3#P_%_;X422%?3!7y3TOBeL?vA56Rh%53FU}aDTiGP z()t_1uJ`)O<-x9lHnK?p*Dhd?JCuhWg!`HFXq#k=;vN3R5~IW7U$0(s8`-X_t}lIw%Ed*h>5TbjgqV*4C3GoVw4||E%vBK-1@j7h!B9>+;cjaE53%>F8 zfSLk{ilfS(m$MYOEbel167x!Mg%_Mn<^=_Q39ff=fgKbCB)E1Jo=p}21rZ4@O}Kz` zT?fAF@G%_W7!cgOQh5A{Fpm527|KqdLv;;c4Z!12#H*y>S$L1{yDRvvdjwqj;muSh zY^csm+?8v^_kkt84~l?FJ6^>e@3{hahG>oOuJiHibpX3TE8nUP^(%1`JH@+rg9}+m z%q1S!K9=pbN)vwLNEtVAx3+`Yt1$k(co)0PW9@zB5@c^2RsN#U#kh$mgRC^e)j^Y) z)Dq}mh_xfOdAOo8!O&g6BdPLhshD-w@kE-?xx^MRV|VdH8k&i|-gEN0EOUKlgu0%8 z>|Xh7YB%tq_4|mez4&B{LtE6sXkgv*8Mi}@Uydk*-YyCFP@0%|-Y|X4B@6!VkG+@j zu_J?%t$Pk>oj-Wl{^lRwzWP3&2~8_L>#+J6N3rAdDN-_eA|fJ6B4e7%#YRU+om6Px zPr7}=#qCL?L_|Z|h$4C^8KZDFNhzW0UE(`ecFQ!Ch7Y2y7w1v6KNaq|cp4Que=kyj zmMP%OE6up^J~C|Hu+w54I>n01LRsPngYN+ISLVdMwk7X}+S-U-PBLX!MYi}�nSP z+_9sWqJ&)DTIJfl5c(Ltq8#Fjizy1JgYPUbq8HLHi_Y04?x=SlPIM;Ky)j`{3w={@ zI&hoBC^{g+nRTLwbJw3a(B0$0I6wY z15IC9;v!Y$K%nOz?xJQPy;@`Xd&&+LT>hlKmG*}H&Nx;ln{8TVuWnr$ccLj7-qlPz z^xb(o^l^96Apg_b+WeIPBx8qe#^;f!^g_yI@3T&|+n{GWpGLOf3eHw8+T6|K(ka_1 zHB(lY9=n6~Meu1|!Bn2g1r4Wk)*7~tL7a(d!50MvBk3M7HN>aTH+!GHeWSoIIqAbK zT3g2*PM64}Rkcy#Vo^h}EiWq0d}{AFF))%)qaAYk3SH-{mB#4qyO&OUu6h~%J%^s5 z9QrgqG%8Cp=|dwKQ2gIqEnALmk@71Hx(6?>^aU#w7aFNkUk zwutwVJpfhSts*^mn@r)wg#awkTkIaK5hJVft6L&4A{0;v{Fl?y&L4gGwJj8)iJE9$ zI^G!f;8gf5hmQ?I*Sk6Nsm3?cttYwiCZWi9@`$Uq?@#alpoYd33x(}_lKdKHcl7?; zjw9|2zHy9Qb9Wj7Me;rwG+TPBYT1TmPzaB1W#K5|Y03VxcD(I++fKDUtocdrh|J0Fy<@F*jFrFUJt`5W=u zK2N=1PIg&lW9Leb8W-x3!Yu#N7w(@@X)iNwoPQRlD9sFw2lEW5$`jnc%!wv-z z!5)EUPy7P1TlV?(kGQlKsWP1`k12g<6#2x_@=4Wds_=zt=EsSD9?_-lq?F{O@Q9A8 zy+t~Nd?|rWW1v+l`rysSpu4 zTqY&rT-S!5p2TL&b@ zL;w~mjs;Y~{uxM!h_?R}Z`zZT$nb`#mEDoU$j@JZM!iKmb$CTh_>-~#*E<4WL5_D6 pUjXR=(Dnx(nRM8QiHI(d5fRb-jlu?m&;+ zflubE{#A?w@Sl#nl$Bo6LT}-mJsDxJWbzXP>!e<-3Kw(1CJ@5UA6>%i?&Y}nx zb;`fP2u3E*2nwFh^BqSJFun+-aQhK9xqil^ z80r|O0b4(zsYzXbd=fT}l!>!kRPLv4tb83oC!#ty{9+~C9sdMl9)JDTMsew??jyzj z7p4Yem_Y=L-+{98^k~z11q-#GjFY^ML;=_&Z@>LeeXrr!X|l8vA%VxbQMGy!=c;Gx z*3Mi$b$r0Xe~pL<$7v;BkeM=NHu&Y~7!e9tHl@~?eE|m;SFCpyTH9ysn8Nj` zzjmX2u5c9PuIxK1=ft9p?VF58PuHW&9+$ZdJPpz*e9OtnTka4Yp6=3K_+Z``-^a%? zQ$F97)ZEqp42-u>RWVCe61SrSEx=kXLC&dL=w-Nn^%sZZ$=vMgx~Jog5=Q?71J>N} z$Nt6o2YqJv^(Zl5ox-iFeb1I*`~6B`&(kMz@5M)@uB*;!KwW(dMLqTbT`w{!^!xJ- z?OIgv!=)WF#espI>raC4ef96#!XGJx_cfSuIW4L@by%M}7@OnI<$D}al!5wHXP;kM z?azy)cP*!q&;14S`A@|9tU8Yddo3s1IhDbuOLkp{!xd>=k9vZo&!G+Fb9Z!1*NdH3 zh4tOfONwHwF%OuPU%*U1@8upERh43}KG5q1RLjNE(-&+{X@Y>W%&zW#K- zLX*ze-yL<<8eYsot4fM*L9@IIv$WyC!g~E~lvP@f2qQmoDVAFCg z@mIjjl;B|Hsm>+@xVTn6Ge}eKcpUy%^`LOo=a;_jepP1hPHVm0CsxiA75UUVFbCz- zhe`lXNTlE6@pDLU3(>+_iG$C_K28VDg`T>+`=kcMTYT&_vHlJyZ&#UL)isR70#r?c zMut9OcOy7cCpQDp@%{$wV>-|6xlb@ihO*sM4=X8^5%j+zXJ)fiO7u_vPHEX@O5A}fb(9r8nZ4EG@{A5SBB?|6iwb4gF+M*68_E_*SAoXeRD7$!Juv&8? z=$S(|j*A%{kU;6KszOLNSufrF{K1(BRIP1S2~Qx?cj^!xiZCiMb@OEsY=K}eJ1->i zytS%yycgfYe*1g^-ceBeQEX5i-gF@=@SUi=DqqC9ivXh|tm^r)=b`sLbCDR8xia_E z?idbGIkd2vuD_dC;Hh#voZGzeUY?N$$;dYr|W71XFjD=lO>XQnP ztmjJ*^I+v<&u;atUWJM&-Y&gyPL5B3YsywZhm}d+PD?}oDJ{&vquQ*aii1K}rXAoY z<0^l2Fw?W1tmUj`->a}5P3y2`DKxwb#X!Az#+H2kS(9Zpsx^x^`#iCGgzNnFd`PIg z2BZ5m<8sfGM}m#i9SMr{2eGHHkPh5)kGsyE?TPm)Cmpo!SA!;I;$=_TsAQAaVhUBB z;_u%Ar3pP$M(D^yw9L%?z3bM2=-fc--3%USoO-kl>5GvQr^dIx))7a)n zcwhHoG7b8&mYfTQ#7dN{AVYcVJrbjb6mQF>5-&yzCbUT?oy>^e;y6l95?2&Joiu24 zq>{<;q4h1r^_6xE5~GXKcM&rq)iCo*sf@{vIHE*r>2xeqG&UL)TSKXmsvEC$4Dyk( zm^Vjm#fly*s$CoQJGPnLIv3tr!`eTBXT~Zh)>h4L476Bw1M$U;{kkhIIwPfmw=#(a zjJagmIHLwE*Dj>CLs|I+loRNI8)LC(0V->pV2PZw3`|i%gyy~Hg?SrJ;-V4Jm$0d! z?}>;uBuyEK(pGhjIjgelDn=w8$+6*N84|W zM`v_hiUq#D^O|jo+!ggp@$cHjbJ5?4HS9?WFV50hV%ZD+AYLHFyr0n!cv-gUEM&{dfUEj>QFyd>6c;H(MsKKoy9E(ytY*uBZ(sb=HO2=NIw*ozjz+nqgC z>+DHe%TcKi19Q8({FX---K#PkGxq%2*9B1S&j-(Z5P+|u)FSQle3L>-x}1fYN3aYY zQgsXALJkzKbg{nZVs4f?tL=O7eh;3Y%VPg9XmwI7Yt)1Re++aMXSXCRl2<`&{DVSFi4x(W%!b;S!SmA<}f)KdJ($GT6sHv(eAK0H-gvZf}c5c z8+e0$JLyj2*+N4FwAd_5ZQdK%!VXg@(|kas(?*Z7F~^PGq1+jRWGFOZ=lqL2Y;JPn zkFu-?+2J}KCt1wY{D^aoaaA4F>$;kG^Z%P2t|8~i|C60sa^V=GYRGuJ}89F1; zCuZBBiJYJGK40hS=v0o8e2fF3uO*_i=2Kfb&p6n5yZmyvIw zXNXJ+!pZ!K^XONmxuKFUpvs*g4Oxc$cAJoOx_%u zt)PL9_zx^<(ir&$8=Iqp4VJ$|Yz-A~zpQb_cF3@t0p za(l_Iuv&Ia;^&;O{5;e6!n|UlI}M$hWnVsEgb&LCng#+#Q#L^oK(sQmfozpB@WxUIPKceMf;;VCB8_ z35-dK1<=D+|1`f#x{JbUBhTXb51}si2Tv9ApuHeW%)9o0%~oNoXGrdDDW6~&J%l2j ze<3~LNQo+-lH&{+^Rg?PM-++n%51W8Us2;r&aA-)|HAm2I&XK}r)>ko=f3g*jikw5 zs1E9Z-7ycK04pj%6_Nbv%)L3>OPkKdG`xdboW*P=0}Dv9pJ$+TgPA zhIsb2+J>&;W7T2B4Wit2>}P+@152kn*BZIU?5bJkjO;6t?$p3hR@#JK@hcNMbZi+2 zn3B>a#2DA{icw1Dev&_UK#+{``{@0dN1bc%Cbkg4F?UKAx|0)ut#iQ+=WRnDMF#~+l zxyVi&!pRXtFFK{R3(>Xj(w=k*JC!^UxI4HKA^3IDQ&Z8h#BE|o+=>?oI-@A(fI=Pz zVk(*%{#!H4Ipxk|fNTx9!aYQbbvyfv^#hrC5BLH`BMP(w*c7o|1twb{EFmgAm3^dS zH4D8jG=T@l2>6u3c=oIf30G`-a9^2w_h>4%QIxwc&x}0|=GGTR-BIi?rw~UU7By$-;wpUQHtVipp8I6jx zU63vilJO24%En027ZURxh%}bb6nmh**@2@(L1NP5<=BV`w`y@Px3d+QLj4;?l8?$o zX#m+2YK6Omi3`y|DBiv3G$_`}Dg6pgA>Nw(KxL228wo$%W8v``it12ePr7iSzT zX0~d`o%aD&l&MgYIXn;~xv6?sD)FO^RN*c%tK;hkP5$6#fzqH4`o>M9NZNrzq-q>W zS_>)pJ5qt5CpQtM$|bB19WizNQICbk?W`NF^cr32^YG<@x=kTPbmc%c8Ltg_yD9Ct zIIoV-+*n1faI*o!uCg!wgDG}vx2q_!Y4t=J%nNxs4h=|p3N_y$b7)A_rDGda_tS2* z<$6mvvQnpb!OL#RByg|@9z1qT4%YoQpEnJb&0hRIj7sbAu%+^a9`hW z4z*?f0b_S!#t$!(xgxf+2xu|3l*Z1}CL~Q?c^f4ET4oY<} z%kPe!Hv59DUDUbehCm>+u=`)1zweklXv{W3|D zOH-vT`}rYT1+Pe+dEELHW=PCW_l6XGqJSjs)o`J24$rYH@o%-k*$s)S?miFn_r*Fy z=mhE}!l48KGdOo*f%bR;_-xH&P+p}_KOoM({{6#dcKUeK$~H8^gGe0UMgvOvg28K) zg2F2Ixt_kV^b97!116RClWAUkEyHJbL)=qb-Efcoa&W=clAKFdxZ3(B2o~=L&%2+wi znIJ$@Ex=GY$Vt@eBvI@KkfJ2X{z`xz`Q{TQGe!Ydt%3hEefM-O{py`=Te(wu zV1`cV>i522+n6P8re<2k@#%IFIW`|@j49Ox8_BRo93p`6PkGzHd{crDf>)Gisku=i zNGCX~%9>KxoJp-t@6vO_8D3ljDKm-V1)%*at7hav!txD1G(6C8#M@1dFcg*&PS2?P z(YKYBBe`zFgl1SOgu6!1YZ!#m_2TAk>`ufJe|&S_toq1ax*1srA#RiN}2t@qoM>D3&` za8V#=z4ux?zt;HCnM2i|Pf?`j6a{a1;rP@RT}JJ=bIAVro{0hfaK5E96D?&WM)n=x zBGXm%WI0ssc1!`8Kb0Xq4hr8t9Sc{j!GEVd`iXU_KpPDKU1%Bnz#%=TBuQv7e0WL9 zl@Nq4@r6N3m;( zl@hc3-R6xL z_qr=#4}p3|+59T=lPq&ptu)lR`a*{UaZsc$9^pJQ)Geb@8>&b*qsT8tIj<2MUOq+M z3nUgZ?p%cWa0}{7t1%dDKndLK4EeLad0oJa*{TQvpQ%GCo;Yau7h|Pnno{`j#er@s zL$i$;PM$+VB?U1E3L?DjMQ4WT@o#88X<(y_-vp)n2pzJ{=^&StyDjCyHKWxfMq2lF5rHbu|Lgqz zlkz7GN3t2nts8RBD&7StO4((assK6}!+$^{Bz7SgA0Iqf??FAB^Gfp~_D z`1H412CHdy)?G;JZUZ2aAX|cKp4u05{d$Hn5X84d>eqwND9pePP0SMiqn8pA{Tj$k zrXEMq?2+kt$|>H|vPZ*Hlq>Lm^X!ouAJnn$w(+`BdnL@$(4EA1U~LZEoHT7BNDSIO zcW){CSf%iqVQ*AD4Uowwo8cZr)*mI-=8w2X!LgX_+oCwsi2};#hYNSwZ*HDz-CI7l zI3Kwj`3VYdmEcTr{ziAmK zODVk({(5Cj5t=gz&a=>LqG0T5E_PR}Qs{{R_&-NMYg|>f8|>TZUAENYcev&I>lB{s zRy-PN$J=V9sbn8K@b=V__xKl|iV>18%=R4T+FP6+A;4L&ULHWxhA0$uK@=BmQJ2V0 zTu>u{q-Bjr3OkdrLIHII@(Y;7@i2i`F?&H%0tAURqbcH|OaC}h6?fD%0GYRU)mpQI z^}@W31}f*0_0+nKqzYFf-8NI|8)oi1m%SM>X>hJREWg`dmU(}=rvYr2S!_L8OEZr- zTr|7rIMv2iV>5j)CA}7`r4uH^){#sHBSY{BCu4#_@IS36CrlI|<*U;oyCri_)=>=S zB%Fs7DUU_uwsuQ@p1HCFOq*zAEdQ|vGHERB%ik=9#e8u1jJa|lgKU;TJ6P>7Hjjm0 zo4?(OynSZe8l^1jUhU%Khqnh_P-fjBJJ)mu*po(E-_0M~ItCnimh&2WKeK`hO3nW-rP*>_t!%E)tOFXcZA#8yU&n)LC_o*pUQI;)K`&=7Ghz=UI zS{JSm+M}t__$alX!EED@HR!KXGW^3+_nmro8S3Idy~@7b9zOrq4Y>D4qp-4o=n9ID zxv4iVRtp5xlrdXiQu$G~K)8KX{nRoNgeeksKe4rGv5fp_pFi_nm}r-i=~vi5{^l>y z)#FELDVXo8f=I9SYmQwMCi7!myx=#a$8x!LHg3}uCERm%z+(lCTFrgw=YipRc|SF; ztdwF0H9%*7w#Xik)`ZqMinr%1RaX=gAe-a?-^nhiu_#V%*!aw&OsOvfQ-iW)GyF*!^IKzUFPAf%-qffV#H>UBtysxtu>)Vt88UO3k;L(ERhTKjA6spJX-Gu{ks z!lMpN4BzC86k`@#shJ?GxR8w3xnMjtDL2)2a$D`ZY}dIrS^A6K{W_J?n-U zYt@9*f860?oN@8Knp1W$h?QSs3Ki{ z%D-{Gv{^BLai=Pg5#>YnL2*<}QGiSCO)$rWOa9$khS-w5w80dZO}vbH1U?~=GMMWx zx)$P%o4Bpr$dF$Bt6{KIpzI}|AvS~=2u=?7(pD}QDZ1v$H2FxRvZva?-{xySm+xk* zemJnN*ad>343FrF&mDvhFV2rIzQSZsFpCr^enff-a2kyiX;it%vK} z4(Cj7ghv}I@XWrXHkj8e)%+-`(K`?Z9+W+V_ZK?fcU6xto?nE)9*|!;<(th!I$}U% zBt3pbpkur;Ge~?RhdN$>_1YJ^`1Q-fP7)(#`UpO)ZG=O^7fm_&`IIYvX8{NxROvp! zO}7p5O6^V>aoC3C7fkLv;wDDUC|5;3OA0lO0v^@~Ve57v5-E4vHvseQ-hHzpwIS>u ze!cmJUx$$}ez?_6x=%Ea2)U@G~U~<Ok-1^adu0}_EhEfvy8z+VLi zEe*}N=@vj#xm1VHiI(0M^#Y_3N7a;S2dn>l)ae6erCqlx8vRv0zP(&dnlJ6;r*l>$ z&8^wB&_&4;EXcpL7P)~2p+RtcL=YMz>iFtQZw4)kB_U_h9XlPDj7buHj&9SDi5`S1~og6yr!mNA&FT1iYDX3vRENP`C06|pJG*$e5_Pz1%6KT z4t)!ur1?{_z@Jq|HR-^&ka;6h2r+Cu=Kvu*8eizpzj)a+IHtkqu$ys_E|<7^tRoO9 z7v~>6RMe|>A2Lp~Y|WG4-e)X@#+~R6y`33Kc?`qoK_$}>f^^(JoiyyvO6Qf;T2B%q zmxRI_!EzyhC%KP66r*~8$bRS;$P&6?5iwR)=}OZKe}8SQIgpAlf{MwaQX-# zG7Bk)9U`-W4BtfruDG!T2^!!OS=3b79niXz%&AyZO2!m5Miy9NerCTSrLz!mL}$Z4WgN z$6{HF<7Z7TJ?*WVUVWR(8%NS|p;m|ebGv3zs+-_OzriYhh3qTphb3dQ$tZ#LaN5km$BbDc4jeNox$HvL}rKgYa^mBFc`j{c@L z*OVxG3J+^^tuu&s%kBJfRESMH10*HjrR4&FQUm7|pidt5@HN?rj_G)v4bW@3guXp1@ZX8SMB>y9_0pWut}{enyIi z2y>2!JxLrZl0VxwKg8cm@n%)2j(Ng$Ra?$8Kdg{}fHvMa{)=P|@XJVsMp2W%k~*RJ zPeT6WV?DOOt^hpoRm%j<|);B1}+fvwc(b za_7tJvcU?C3m0`m3G@h*K1)XwW4Ywb26QLDDi2fL;RK9Z$F%i&8<|iZzrj_@!Xv9q zSQb)|+XO&>+~!4H3dvcthytS833bABB&Gu05Due+WR!Q{?^q_mL6ky+SsDmzucYLvl_w^jq5Y&rtmqXd00Ot=OwOB|G z5O9Wr5ypafC{j+3qKuWM9( za`y&o){6nM?Ioe#Ej?BBDZNS~PEF0kCMYGV$#R%mHX3U61HxXoO)iQz2v0cqHXhz$ zu^~O@IY8BKN*p1^SVA<=3(=!NdVCV<1w{#$78zJMO_3cWo@<(LrUinV!mn9YykswRP}R#+@8#@FqhATbxyGz!;Bb7#e>!LrVI^xkPI+* z^=%|~U0C+`UT2W>K`B znwD!LtElWuCQ(8e7tv@$9DJw**Dv@_h)pUxD!P)jB38IpO0&}V)*9c4o&L&wT{o0y z-h*Crq_oXPsCWT9B7TZl(`G8k5lMKKN0&_ z{kmEip_<&1<_;n)$tx}9(kSYfD=k-V70(6LuYL*<1c8J0G4H1GsLmuTkzy?I11B&) ztw>UG;ZjXt%6I8{nu*L1;VyP@$T{Z{++oV)?CFw;*6|U9g#EkC+X{ia{C&O&Owh6B zp1u^i(LmUkU3TYCntB&rrw%qKSljKwe&1hjzs`2Of&BFmA11<8{qAblLiT`<%eB97 zCFYeZYF52Ug#w5v$P@FL=bNVoH7#UR7%d`$1ZgHr>?ll`Zvi5-$iArtV+6FZ0`X_R z7hkDSGPT6mAt54W!2dRc35AppPZEB6BCaomVl;3BZmsIZuc&G^cPO&QC`xck+i@f= zmfy3!n}|cUb)5^ku)l4(Fj>{x;m&G13}&OtT?d3~H13mG8DHvkt*k$qNydcL7#ceK z*rB}6K_Z4wc*q)p8;KaQhj)PE;$Xv)_1eS%GK+Y>N7K`-O;%UTu2EY48D+THAu+v`p}BSFNo#1hd$K;NHkKr3&+gGek8^3_u{}9mS)W)u>(eV(7!`dS z?C1|)rOMu}Z(8v%T`z%8q&p&`uIiQefgA(b=gKodQ7cN-HNqgB|A6ejV2BYyklog} zkW`W;XzBRwBjxEEqnyyFyi@ZFGlR+&$0jzT?~c(XjvtahN?$XY>L9d9!2BcE25S9JR5kv_WK0~YoZ`mjjLEx`FlNCM~G8Y8Dq@; zN=&P)&7Ke;CPe^Q%^UyVJMGQ)N!|IiwxE=MBU54*Tr)g_@cRC8$=9e7g)q8a-&p`t zw`Eqm7HJ(B3)Gopj|Ag{^!@^=hqsC85IH@x2Lkl1I(L8t{ByV%48F>J&? zepohJ>*+>`8vje# ziF-xv8+v0;t4xOa7!NQY-hweup-q=g4_7lI7znsL-8`1YJ3PH^=3wgsIXoFGBFs4W z;~$RK81y^|gKC0CaIe2aXwU_z{*EqO>F?>@z`=Y^4Q`H$7gcXz1%Bl9z}T^5*n9oPkr$lYeaXEA+?p@6@|51 z<|?naqe~UlL^;DGmP8k*h>{8|_A)@G^NTfKg4aK3JRNHcX(%>DO`s|L;I&D1t?_fh zXQkAEPbPFn1ae^2swpAh=sUu}VDZt5jtU;sTAw%bO6xr5RWicEvc>@4wM$cZc9m~n zF>|Len5?2wQvyvzasM6)>We4!DIA1Mh_3zd$s-DD?K|6hiA1arj#RIgJMce~xdMDZ$#f)U9zjhsuq6N|$wm$$ZzxbNd;4+* zz3{W9=cEqO39`k! zQ^>1!q{f4U0WxJupu{u9ji$n4{8kx;4Nr=h`6{RgUOuw>CSqFTCjtl%4^qSYyQ?DP zAd-ZCIiDX?YmFsdpuG4Z67M7bsc;1@a9rw5$KP`L!ENlrIRhb}w)f7bU4cRp+%PzA z)3<|L({r~Z7&K4;yH5hoP zyX!SyutUi)<;wUrGE*`IWhAob&wF>T;7p_bl{dIBz2FDmJ1j_fUkz(gR}$9CESp?D zM}}(eZ6CMXIIPW8%#Pc(taRVfH`}%WmA}A4%nN)qWZ)n>m?W`d+)`f*7QL99U^W zAd_dj_ly;j7o~P{l^u5TF-|wH)Zypr!}ZHv-&hU3e~&D4Yp59b3vi&`fs7vHMTQ_W z20P(g7ISDYL10x6n@eL@5`H+cTcKb)z~PEQ=JuaZc}Cm8>5j|g+;C%~sMH<_NMje$ zteZsO3SZ7SS-g{S67JNu`w^g}C@@cBpGG0YQ9DlyqRaSp_-CS1NAT^CaKM-~WcK?7 zkNYezie+t*G{G^Bj3X&?xr62RC1)Y%%z?rz;b@>-uznV3Z%_@>)j1WSpRtQpE_h#mT&LI0M zi7r>^&FR|E8z71tTSU4L_8}a1n9JDTdr*#><){VCA*(8b|HK70CkHjKoIZruqdd!O z;R*v8X&Yko-hnzCLKWpj(Er5vvn(chsqk~3jEYL`1VF7Y!y>2qG??{lcy09Z+vfiX zvy>ChcQ+nV$nE#k5i{5q6?;yxzK-kEI@#cKZpKpTF$>LTshwP>nh14h_+2(MW?0)) zE49ti>?1+c@au5}krG57--QkwCvvtTEtoBVJm<6k9>t&yfyXusjW{*Erg$QkRKSDz zrSzWAk$f5D*xwme*cw^r1?_yF7liwG-*8kSGF@kR#5{4s`@0+vk!e zxXzH}<==!{IlB?%XDMj|)6b9-|16`E4xG`>8+k%3^PO>gfLMk>yvC8sR+CYnQ}4$* zsAX}{^f>4`(wRSpz2hml8WXKJ7KuWPCT(7o2!I%cNS0%f0ElE+rh-x&k3%hZeM8Gt zR5v6q5@|jtD45G!)eH+w{x_|Sz$$$JB(J@Yyw16&1qx`gcN{CQgWRW|%gLukm%}S# zHKR($!orLE-}eMGtnXX+t$sdDwtt-?EL`Qif+*QqgCU)vMfKE_jHNC3f?8z3CQwi? z5gJAu^1f=zDgl}!YG4`(cBb$EUfBw2M}iAC1iqVej(ozE3H@UL8s;b9e=n;%`N#&K zisy|2ATtyFsY%tzO*`ye>-Bo=2K$$HvE78qRRRaB4YzK;3D>Q z|5GqMaa*2KU`GLnf_d~N8ixpU_Ujh6Mc1@t5BsC^`6r2ncF;jSRyhUUC%yY^gN*jm z+J?K5(@%(LZH;1nq2=dX8jri4YI!3-9A^Nd#SPsXq*GoAoA9il8I0>V!(c^-{!K7v z_@jSOV1yZ99@0Nzs&iny`391`m&-|@krApVCWZ6=2fG`E0lAla5V?D-8Ek;?WH_*f zJo`fK*)HU(G3;H_(rjbp_0V_Q;$-{mnqSp67GKwh9ctWXK|p-Vd#l@0xn`P2{MeuN zX-J!+>7+0H3PRZRYw$wGFJfMsL1n}6ps-K{JI zU#j_0XDf){tx#>%uh_@xnpYM~>LVSAt6gDF4h+n*|Q1HKs6tebJ8Fi1O}^ zk(JCXmtT&sO}M*9Ue3u^bP0l zl?-_{cAlb-=mlA0wDhnoSkDee&^2mS-L2ZCb=b`BJmchY+paG8dT*ai+e)pz;C$cW zy?XM4)ydC@=<`ex$dXB&+s?_T{p4b@}ry6ZwHzc+Z@!KpzD zc-Oxo9O&vb{$s!9xBbNmT%#JaLeZJG9Qpd030XVHywrEc-SCS{|H~D}9Ucy&S*;(}%a2Q!GAYD9 zeHG)?!5APh(X+djiqAJFgB83_Z39XLp{MwK8J?+TV~OaZ9p_M4RWQf<_3^fTM#kVn zrpNF^EWc|>ib;}?MLZC*$>RN|A7apM%2OpeG8-Aj=;fak$EL});j$vrjm=4K%M58fGhMZ=`?p^Js@>Gqmz#?Jyv1wB`?n? z`IMW}7V!!`pXKN$rhx)&3q<5F$k;<3LZBq+Fi6>_>ZiMG4v&GpeP?xnH!?~};3*bj z@fD83xj%gS``G^;Ke0+D>KwRzW2w~sl9mRo^DC`j&f$@((nQ&fggX+{yS^HhB_)gO`U|3h!dknAC#$_KZ? z=*x{kL!QJ#ke^i+Ms8%EkwA$oM*a$G{Ftat6?5fZK;~m%TBg7OIuMvji)4jusWomW z+=h)EVyqc$CSJMETQvjxx!R{mCqBgSRQFnWto8{tE$h_pn4E4%`>oZYN}4$;dra28 zS9QodL1@zm<~tUo|7LCE0Q2))!VvYhnvYHsHH178V5RB(py9}BN=|1_iXtYdofP67 z<2V-0rVz|CR3-aS1#{uAQ?RT)C-lbhz!8eQ6j%~KAKh|V^ovQW7>$}9yp88RWR!rs zmLCzTJraLEsEy<|f9o$Tvxij$;&-EUUo8er8Avb z!p8<;X~b28e+9n5aIPMD`_XJ*PWOSLf>m)#`0cAFOA+cfdX7;Hn|bC^D3q^%m{g$~ zRLScA1Aw%=Fyz1VuE!nLnBi^aYBY9H;^#Z{-GqG_%A;3R8XZP@l1UGq@}G4uAIo`F zduk<`<8lGOBy!XK*>NxSOQh){A^P;f9{kJBGeO>GH8K3o)6rx^IF>DSS;6P#O)= z@FRb7dqVcpYndwV9xGs|+Wbc7o6Tlj&{{5%ZJ+39jBD9V;#BJmx9$Bx_hRmmz*}GW z86Sr^TUkPl;7@)HP+TySvhLJcua^6nfy=&-r*lhQFOhvS)WGn$s2Rr)c6!dN7PM%H~XoclzINnrBRt^rc*XY`JHd3Leu@nw*4v})Ecq*$8?8F?fN6q z!|RG^TPQMHJqioa*&jbZ=zEG-4!0N2-H*z#r^oj2yv&zW>@5mk>NX|-bD!_KpoDKr z@^4$H-+hP>AP$ukMIrubt#X_^gQ}85*G;EKol6DdEr&T2RLsk4R@+!BM`uqaX?_r| zH&8V_rM&4R>fZI^oW~9L>ebTPlc$_bGS{pw_=#^{4ehbDl2?bXKe6XnpV(hecy>p# zV;K3&`Z>~`vvrt&?ZMg(NRyKJ+=!O$8_bMK%l+0bQr!H#5l{PJTw7Hu^0 zJWgUl@Tv%l>;21@Wv9am3yQ62KAlK@HriyWb+dz%De&?{%q*2tk@3=jT9DfM`LmJf z;H;IBf@TMwjLV2`iedmXR*{77=0&9ekupS%it5xe!IztFaQ^}NcknS`_;%94*P4K#*D<* z*&e~Q^ZNBo$VewI#fBc#^lT_+h>*YPB@M37$@WcC#`G_ERMAJ2EiAnX=q31X{OtPa z_aO+tXx9%kR-B%-=DmexxVdoRgE<)9JVv~4Ko5O#1C5GVNZncqnh7-$x(mV8dbNb8 z>Tnk-ijix3U}qIaD>l52upl~60SBQ$>}wGewhkqQVU0%W6hY^wz(2kp3yg@Sb{1!? zHDBVu)2Tvr)~!wHo9buG*7U#~E*5sj11ofhU;y!`^{-Xz4Of?Ldzb9KHpff9dV{(! zRR~_PxAU9W6yCB;X8NbO$Ls|@2 z1y5b18W}>9wkxQVvV}wI1eoArv=8{8gD7iAticQe$>Btq#6H3s-E$I_ zXz11uKaSA~%zVC^Tfn_WHDN6(>&6ycr3TSjFEX$IkYkENY=3 z(YpbG%=VcKO8VwB+c60x_8}|m9c9s^&JD=_O2`qinqZ?Ovavc&)7I^xKq8%u+;9A! zNWaKFh}|COWcq2W*_F;Y*$QQ0yz_eBQlrf^m(N=5jju%<6*`b~m0s64Hb3v6KkI#Q z=#<8PPgdm*40pS}LGv}#yVMhzyDAAXHdNxI(X-T3ts7{Us@L?O&ju`rzgl5Q)~miR z2CR-!LnN~p0{Gv5u61N+iBA+vUx)eIt8-+74qh5tEw$dtVEu0nMmyCet9FQiRi+p# zdiRUK>YZ1*1gv}L;_J&>(GCT(j^00?w%Ty0y34eINle=*6W^);yALr`+Hxa2gngWj zD;|zzg&sNd4Mu#~g0)6^Bg}u(T)i#BbShVb2V%9JM^$FJ^ttDypFVKC8#UQq!*%;q ztM9(ODpPvnyfB%f?%k!%P*FTe0nGl~ma`a8S+#0ma&=au)3Lu7_88XUUlgx^9bxHE z9_^PU_UheWs|)RBpV&~?tl8hw()rJ}F-4PW1H>pn4DNhtXC z2{OV(OIQkunlUyLlYVUz`OnS6{);DTm?YF?HFBNIZ?$4|WZM2od>9bEIX*peuwc5~ zsVsY%co%Wrbgn5Zua3;?s?epKS-*eMQ;jk1GkpwmdUb)HXAL%MX|KFVY>BnS;;U83 z&TLmED6|{6?f*b*v!33882W0&v?AXq$?OrTmE=|D1RyoBs=E04kJE14F@P7_(+<@y z4K=vCwU^ikIa%~T!wik=5qpxfRbp$(hu2Np2IMh7;1uZx4oz*%VjPe7&pn;WzX-NY zB0mv;$ep-Vy!|8ADp5~e%j3nzmOsY^-Jxwu!~W#ws}bqZEY1vFV$f<*`@Tz-x~ko# zOksu(3w7CKVx!DQZL61|k>68}HK1Ve%=I~Vy9EA>=N(`K)W9tIoR>@)7+OLq?9i1E z^TJSML>#J)$D$DlTjP4WOljU~FQiR?(mxR?(|KIp_};h)5!N`5EBwD%KiGz1cfh3# zR&2x9_- zJQtW7BhkYGk?D#O3V0zy^s-(evio~w5x+%c8~YDT>#~3jG;p6;p>OtO{%fi;*0)78%>Mj|#|OcObILuU{4OKzhV8nK1e4I`^BUV65b$nb zt#<+fFpbcGb=(+V*972vRKu0Ab2+h*H58=f7Tt@ANibjUF%;WMsNh4rK#J-5TOP>> zrli-qvHfca2&U9qkl+(z7P*dBQN&rL9bs?|vvM_Q@AX7f*6em@&55pzKu zkKz37`uumky4e-^@3|iq>~@x)3vCK7?ZoTDy6?8P!H3odj{|2>tMlvYW~KsmR|?Xg z@T0*&k3>xb{cyHHt^nz1_Urq@Npq}Sgt~Q-O0BG+7eV=>K#Z$Z1CmQH`N#`zB<^&S z#b0fqiZJW3NIMKKdDS!0PY--uKk>p(dONlZEoL2I? z7qWvnfTOdI?IvEpA*-CK^wWn~YnmrRzOtf)?6>bkn4p5g_Jz4x<@oWq;DR$DckT1% zy!=GlCutG!9(q0EUGhzPhDQnlXk`M11g;&kloG2Hk%~q(%YTkO2%~ddN(F{RJkyDV zYI=Qn)?Di>w25xqyX#CiuhGd@0c3}A+Sc&|Pt3DvZ0wm_@;{MM*w z7tEG?)i(^cfk{di$^EG~d6an4+|LyLG@GEC+sYKR>XkQXnI4EDCjYPC4M@KQ`iR0_ zDE-de#tfWv)B6Vb&)iC`JZ5CD9-3lK6)P^uP?X@Ul|{*W8U2{O z=e}wwl^gB*KXJNVDmRRWGeR7E6yDUo9F9A*xL zD=j7Gy(}vv9{HAv&b*W9T4)MLe!IMPnF;qgpedrKwZKV>hQ9{qQQ=se2x?+A)V67Q zoGW(9ytBH5c+GS|ChYxES^xZnn<<_dGW!iKlg<#kU%Zl-uTe(h0+x~dGm6gT3bFWL z4Cu+MfBX)*NOeeD1eQ>em?8fL>yv(t(P_e-AH*m9B6;XEku@aqXgt;HdI>l;k8>Wl zGWdPt_xzCzL436R$sVsR1mtJ>;1y~k6$J|SPt(XHL z7h>w>r`h{nw_JKZc>~ZrFh(;=s}mw;@95UN#5a4P1EP?0ZoBVYVByJo=LVz zD{A1JHgIbp955_YWMow2;x<=d0Z1XpiTT1(EM;T`0*6>L<7zh- zC}S13nYBF+a_{g0ez?wx0Yyul8pi)Qo1{1_gP|AbJ*qt5waB!hB3pVnScTrs2Q7!Jv4r+F4q zv-AYNW-zCzc?Q(6S`DmT?Y~YI?9`|C)}BS%bS3!Hv2=Eo1{R6?&fSS*fpE!W5iotk z`^@*d;DMMzVE+$*i$Az&gJrUG#>O`#$2gS-fnM>e5ph!qA?d3{x$T^ZY{)!zP zox*HpdH}Q5-6cB#enxwL@%TN0Y~O)K#q)>KB4BYt2HNZW&X*dv1^wrd`GjyJFR%i~ zXO#_X@!OZ{ftBNYZ|O5izo!}KrVhMNq#oa@b~pTZ>{T~lLxpqX_6PZ*p2xY#9%1Q&KW(?k{etn@ zmjWwAt)Aa;s}9PAD&oq{DI;I^rXC+N9!A2hm2%mbA8^O|p10aNR%L&EBfn{@aMq{J zgAHJNo7fYGFf-hNS=moX#=n56Ao5_jr1e5P19>NRGAYAQB5{JO;Y;Fr?Q<*Yx;iw* zJXooJch{2KpFd1pp~RhaI_ncR+)ox9pFk)M@Hf%Gv@d1ks6q>;W_(GcB{=Mo4D;@3 zw}z`s$X)z;^I~$9xRS&u77Q7L<3KI_$ADfxbt#gCu;7X~Nq|y>dPPzy-s%Ur{qKy> zaS~$GxXMrT(%&*}^b%12M;eIXIAI1<;1IIS!%1qTNuPCa<7bl8$kvEUA_&q5!)u_y ztyaZtJ>{jY`>2`Ix|-?kv)uRPq=IIQ7tZz&7szMP=EuT+;~RlF;a769G2F~6Evc)@ zC_1(|12{{u$9=D>vlbRKpFPQZRo;7OtZxc1VkrI_@jGuiK$d2NVTNXe0Wn5k3|Q$$ zeXy_w^w4*-7ZSuG0x>Lx#0-!~Kc4IS-vyxm^#I97#t(`J$ot3mOI0>0A+L)OmN?|^ zL)Grf2$dB$39;8^N6v2QzzTPp0j=EF7BHn&?zH*GJ`Ro;g5g2a_d zxT5N>^CQsNUi(VlcT=QpzWdqaKL5(9Pv5*k z#=j1xPo`4APAllVA;;cKF6#-0S;f7rf`Js0u@v$z1AB5s%)%jy?Dz1c^_%JK^gW>W zw5mM#tn6eTJ-X-FnRV)T(H?epf@kj9%fC7&ukRnrx3I8eYqj#8z zo;-Xg;pH(%{{Q=f_x%cnU=E30fRRfqu>+dIuoEiCVChE$rys6OQ~{-L6sW@p;vTT90@tFRr4u&@S@KrsEV<^ z8Ck6Izi#3CGS$F37hC52(THeEp471P^?1&N7IwUv$kx1?<{XAMa%-M_(L0h$%dBjIv zZ<0mt$P3^5<%Fn@Ld36FYx~8?Yj^v>>O_%-WRt=e5WG(ehG3NZ4*(_n5jk+kp1VD> z8U6BaGx3!Werx!_DUtrv6khqd^Q?Qy6WkG~V~q9VgJ>vciWhtTuf{L$V2O#g)D||) zq5RO;bQa_1hKibek<_o9h=x+&VHV31EUc@9mKXis*ynmDB*28aTjnj$I7#2eUQRTF zCnGPujJt9hxb9vt3jI4zdJlB=&~6R#UZBu@MH7n~$9nhRNSz7+1^nY@eEu7xBnzG) zza)o;q{k3r=%-kXK=@B+aUz1zdz^Av-O!$JU6TKUl-a%#*9X}wnAi)&4E<|8zMjFz zD=HP4`qu@nTvJ@$f@4|m(jw@gbc8C55HHnU*H#RH>y%Shzcy{@fSd@*{UuhU0X=AG zm4_{I@ECxr3PM@^3?zH_Y|r|DO*q~s5HRXUoz3#}BFHRA@mVTQUz%BuRGRs7+-N(q zA*b9-IBu3MK_+Buw(+RZ*{IoYHjgZibss6^Fy(*yQe%C*Y!RJdh;U1K@+v8Y$e~qD z-I-$~+}TlaFOcNIeXOaGB{Zqz^Klm-SKkVjrm*(>vfT{r#fFJ#JW#le`mebBib|eH z`GsD=PgCFRF!%eI(O9V)z(7GO$%EQ$L`i&l!BcC{gHE3K-$Ib}MN41x(nDfdaqJ%$}?#rE{(86qjn2p#ms3gdWf-plga>NoM?WqXrrgh&#OIRKCh2}XZAS?NCOlOJa&K+^ z>tC)-7!UP}Uhu6br!hhmPz-eob{)UO%}-|SS(eUb|S zTn@|Pl@27vdYjgim-@6`@*-=C$4@n|13I-KW`|_`GyhEvOt&&3i0Wa75Ho__9+C+X z5qht)(|0NQY30Z+##Qq4Gy7hq3BQ-L9yZ+nLS|Zn3m$@~4gz7gs6A&`>nW5w{0{^3uk^RZ6MC6#pU=%_dT~a6fb+7l>X> z4+6FF&^Omdo1gaZC0=>M4{-6E+K(OL6|i4qo8KS41TJk6rlew0vls0z`YKH6@(9T! z;*syek+|Ion!u}$_+HND%y})XeY9=(equY4om!-N@*=fRwlZ;BbUn12C(2zaqcvrJ zk)6%6*~iI|8t66oPMi+PlZDD~2Vl_29s9uWmVY$I6u4U38K~n7rc3-fONH$?l z#mY3q>|h)V7}cQuYJ?{)-~(-Twm_MJcUn+fD=q4;a#QybCk>3l7;x5=x>Ps!+ku3r zDrx(k6I4JI*eVuG(d&sK@dgm)q@@G*Nga@YDBcciP!@AI~A5^u{HEr_3Av;Nu4$Ho$zFS z702W5J1^umYcMTPmpf9Z*Ip~WFx@hrMa-ajaBaV|ULMYRg36N!N2GGiY_7Leyd|IG zFAazMpI%6ZzpGEwzq?M~07bwfycJ5|t<0(G=BFhvQ$COlnX((x8wlN`OR_IsOW@`c zpqK#y@I*cwInEI@ew_63$z6(2((uKO`crmzsvIGSxJFaK+p|N&V3r}%=hZJV%F?rw z-*i?(XT((8mb9vFa!!#Q+EYH@=E@VXMIy=o0yScdI141A=R8f8L5@TZ|R9=+>-*6KEafiK6d0a0|Cu2PcRUBDw5HmplgADnR8|Z<(V5m%?N?E`>J& zk#y;LRJS5=UOJ3oZ2BmMghb?wwxS1ahuamN3Ogh>hwnk2U~gJh1*pDss>rId(oD$Y z;gqwR|I{Un4rH_oXr(h0A&}h}{gay2`_@>EygMr7$DK_N{}lB|x?A>%MVXyjOjM|W z5So*&;cVvy#SO;6JLlD53`~f8(snqnv&VP3k+yu~%jnB)y~J96UHXv9iGUUvoZ$41|AH+o$pz0D zGorJ3wWv&zI^40GPw=W4&*lQqQnCVo*)fS7l2Z%OEsw_mYaQD9B-6*rhSBp&^|f11 zXP>ICPR)|FZr0CA*KAGrU!SGYM>H78Kcqe3!s@T2FWb`bCC=Dea9=O1xblv%isbi! z$2SqEXnocK8Hc76wr}aoO|ViMIc1b5yFf&Ep48D8^RK^ZuW##7lVAazVVWGl(eQd= z^nN&v$a>qyCKAgp2$I@9CK5tP(f_f=$S{W(Jzh_i*5dG|_((J3io2i2P*k_iZP5dV zI}1LsL4&azls#C&?Q1$V-6 zpnTfp+BrKPoS}bqvwAVg%n01u^-0*fuf3B0Mdj>8WhmoWX0}zIt1s0P%?3yU1G;jh z%g+(=J3WaIF8yP5+mHk9g|K(wQIg7GO!xD_DD2StHx$vk{roeQTH^pbE~Y1fi4Enfj|H~o97qLDgpQ?~P8Dl)$3|>i^6zs~l zL&Y1>;&+$PkukC;$fd8xJ7fK+|OK8HW7ZPCE=EBn<2p<(rO@t`}Cdr-4} zpPchuAh-P2K0+hW9@b;Xnuw{GV}B*LLF8SkE=e9En9De#_kheGieRe+Nc;Dzowo<* z*XYe{xNX~g`)Hy^&eL_95hG$(%BobnX?q-`a_?`a4aU_cN}xH_2CsI`Hv5H-W_zt@ z^Eb}@(fCuF!coqx#==Ui;wsA_@k43J(Y2u0it|Ng&I^9wynC^E$)M^UtJjvNI*4v4 zG3)N4mujIZ9uTxlNjv`bD(*GJ;A0~b<>kn30=9zJ)_+k32|N1rQBK>UKf0NX`GENHOgc7w-7#}g`Czm$syZew zS7H+s7^aQ{bDqMLe23#LabL#Wgl{23HvEB!n^j|b^hc}jiwXm;M!qixOH1|U+sP*h zL+lG>Uems3*(U-GkB{HlWoptXOo_&!z#IhrnNX1N* zn1Uu9fzM!!ysr#WCsx#*AvD(bFDF977-5Adj*^>L_g-Sh;49c0PB4A}F@hgdo_AoR zInS?TZ;VEMbPRFBS7i&6_g1>wtggc7b`VyA^%Q+Q3bQ<xGs#`@+rmd*A*cf@z;X7C+!KR+QzDPS4j9-6FBR)t{QlE1y%P zc0RPb&Hwz8WiQiH2L&l;17zTYmEQP%wziz+;l`eNeW*Xg+SKAF$Nf-ybvDSq&42mm zl;7sIwT#&=5z4*PSHw#AthFPi2CoqGo*-nQP5MLc70mIFHOy>eUz?&%_E;5{^1^Gt zp#Oy^ z(#Vj0%)J*JBdsi83F3OYIR9H+#FQgbyi2@r;&2AbvdTemmN`>T0f+E}Sb_l;W#(UL zO}@}81wriQAkrnFX9`XhE`;TrqXv13aG8&7Hs-9V9RVcGT}i`>IR@W9JYxKGO9aHz z1JgdRN3MCc1K0KuzxJEMX4Y-9p#$9=W*42a%RiboXBQUS{7!+ka$$j;VZ+c^v?h6e zwYmiwPI|RHqq>RXR!P$d?P@Raqx|BD2D}o*&5|pE78$mJb&(1FXLef6%9g;LDZ00} z*;4o$C{KDfeHX2dnGUka?f4UwN8+-#GOvImr`jr{pE`=QW-F10cr}4H0k&V8rc9~# z2s%&&k1d&*2RT9LwUz+cEa zpmYxfePQ@akp;yeUp`2?ydC(lK1LUef+s+aivv?0$Zrsz6xhjv>za&IKZe!o^B}oH z2m2c=?QR>CASPJlP;}!X?QZ?^VJhr@$?K~k&|5^|pXWzXbeDU5(XHpdd2)gd05lvc_S)E_)K2xNlL-NCo*UVo;b#klc1$AtTCa5hPG_!pQRIA#}$ zLlWN=2(TO!2tW{G1g&SkN3jQe(xty1B>v=Gq_)m7Ah}5aI{;2l$+$_3RM<-QJreHQ z|LO#>b%x6d-}jTnAu9&^fEqF^0*qgSUO!ULyDictS>f`$g%{ zF}UVClY6Gvip#08(7sF2vqVFLf75k;?)Y9|QUG=S-BVfp>fE~g296zXnh01Pv zHjy%tA5S`-&ghv1UaZc=n0_(XBZ!Jc3CRnh#Dd4IbEifG;7265BNC|5-i&}*>nY}{ znh*6CcAxOUnjuzXtd)K*G587tM2yHf>DOOWeVjTw93Uk>j8}YOVOJ&Ub->tEZ-o1t zUW~l;_7hzkb-^eD3`tcmeKEj%5G|}l(It@xtY4Dn68X|oG~NaS zd0w*YgFQwUbiVA9)KB-jmHLXBUw_DmXsg($Q#~5?KEswOo1R~TT>WsDfv5hR|13w` z)_5;$_?-pt)mrdrZJ6#SR7R%``!1&Z94Ar^qr0uctRHuQrggH{*JLpZWKSyA{W^1c z{1aH?XMwMhoUfV_o?)T8Tk2W&*jOWd?f$0PI`c1%-d^%qZf*~vWjo*NTOQN{`Hv{Qd37QHM3JBL!!QQ5a*iSqZ=nn%7`fgX>h zCqEgUH(Jm#dJeAFQOO`(U#p*t;`1kT?+VkpHeZj%LirtEU%G_&4*SdaySAO~jA(@$ z@V2#N&+xL>5Cci%E`u0aOP*N3(*!kLV`htqjm*&f5t_yd=rI-6%R14vI=#`qZplXo zf23dmvaZcKU+&tej`N{1gpSzZ9t)4+a@ri~%$&HU747llFNmt?wL4tXNSe_s2V5qT zT1rP*<~^CG*BhQiExsu6*ja>Z?wLOZ-V!Q4(OR|R%!{7;eS77+%p&b`aZ})3(ztSa zAf8q&dWonq;qT30nCeD5q{X&fx@kwkGH@mVVrnE>3Yxz7eu5WDz~n2LEygZ#ouj>Y z8m<|(ogz*@_$Fk5H)v`ew0`;2eO;4Mv~a39i0-g7l1#7Dwfd>Bwsm+#EC684}GdwChLbCjv6~5lE4h|R9SM^{F%nP z_eJmccUCWrCZ~~G@lUz>rgzMN9yi--!yfGYOK!?*ed^f7TJt6-U1%^3LieT~(5&B& z)0Yj4>xbggX48_Q(68Wh5@CvqxQsNEFoJ(f%h?%9VY(<*arDl3 z-`0Q7;JZOO05)}mq|K<(bF!cb4p%^F>S5l<3o?EC|ffpWo1pJD{~fk^l-q4MP0pFi*`~eyTeoQOTA!iFsz+;JhAUv2;Wq)_7Ny%P z)t;_&DFC%cV!E?Dw)A*%ZV}f0z*pK(_xOIs({Xj_7E87M?DT1ROgPdR8Zih&_jU+6 zv^>*)4{de;6xj$D9ls^#!(vQgqO*x zS4%ma`L^ADzwh}Jq$2J@J97$ZcR13UUu3btB5`yE?@6wew2cMv#Dlqci8`jxhl^>M1TiU#%>YwokA( zBb&l1Aq#4_XeB7*_kJ|Q5ojrblX&@*vBT{hHFQ4~V=Iz-4KClMRvp-+6ElFm`JHRoYPiwUmS#TF;94m{^fkSFsfoo4p6t^BGR+oAhh1Pguq4RQXl%j)uN{30xUE+i+bE zRQyyDK@mbKk`;u7J_K-u7+_)&T&2MY_jXYlm_@-v8!Crkgv>@fvbVcf3G;fH>+l>_3KUnFWnqY&-OWwh)EZ9g^_S>#Yfn; zp+39IxmEi4zfRSU59*K7dsb`Y5)Y4=B#$vdrAmDp_X@Zkv_yDs0?X&%^Ng$A_%$rP zNN!}iXPj#PyeQ}Qo}<_H%5NvW7y2+cPFUZEw*3lBA-S?!lW|xxI75qLymB37d{b*# z8Z55>{8!+gl?VA3>i178n&aB*+LP)SK0n9XD6Z%b_GIp$(cA2sm(Ds#nv3xZE5ChS zC}L)}jpOY>O!)GfoLR$*gAaS+m3_NiZt6k<%e0vgW2jQbMz9L1aysKlIMIUi_s$fj zqDFb0I!%QrZ8(O+-OMql#3WSff_UczhOi9q0A>iIQOmc(QKNXnT82qd!JDq%VWfX& zJ{cz8h?FdrDJDLSNXcYA{y14XiISpOX7RpPv<6~ay*MRkE2X^4V^m
    @Ibk34L;Im z6oXswS8Nt4F%>mpR!-RVCJ`V@8W|8B#Y2EW73vnBr>7S3^Y;pR2!&|oU-{`TD;*+5 zP9`doJ$_FmKaGs;kD7SPyOCUsXDN!l)J3vwv8J;Zgv35V)X-eh{w$ks=+Y$fVymdJ zled4RFi-%ooHGQc`r0&(Ov&2Ru8BJ#7)&cEre&6Vl%%QyTtv_DH!{~1uvc1_55Lpz zDRB0nbTN6(`>GYJtlT{RwXT@9tdEbJ4NxI((^k7pd5T&oUZyGHJjL(PDQCL9Z++5c z*l=neh(wQc0&&h=9?)Ei!d~L~akZH0BIbQysG}|lxL%xzfy%shD>NHep00tAlaV&g z&3nVhiXbjr>^(|0YK76dCK=+3;<7}|U$ z>^!3a^^}5iB3T%^w&m2NTWk7vx;y#phw$u3OydVY@(j0d`n_IVxXS&{FO!{z`UN^r zexpB2)bT%w>!hOlDxKNeTCOC1E$;Ekw)gNyMGoH$rs(vrqfH_4JLcM2G`l^aI9u);1r~kAjB2&Jg&71f$+8>MuhL5=`YnhRLpnSbqm@_fj)m zZm4)T$1<9cvHv!3J3hO6|4Y_aOEQ06nECg0%+gj1aDyC&mhYhC!7_Rh>5%gfUg~}Y zL}~`-E>8w`sNdI#-WKIxdYRKd-SqC&aZpRp(6AbFbEIehiZf zwn^WdYP>go(`omPDs4DU*V8}miJMqBe^~w%>64*ezWLqyIBa`eeZWv~K`QvaGb3G(~QWOqPOq0n!p5$QU8>@cB7F?$@t4iEp+R(R}w0DDDS1k!dZEQ9P`USMWkDS~4*R?2sL zSTZR4hIwRrymbLdfE=ZJ_;L_bCL8iYeC>3g_>nH_q1}R5>a_ zEwEsb1Q2V5HKf~rK9qFFimg5?ANlU`QLQw!roNYPoHYzH+&mi<{mSDiETf^8dvKhU zoZ$df$_`RmCD9uJ!g9ob8C2Q&nlhWpseyvv!-?9UUVJ);DJ~}mWZJ0vK zB9tvPSK5zCO%7<6QML(`s^1r21t+8wR#@gC<#2+M7}+P_SgnkHYP5bh%Z%Q1lcS2h z-DU`-q|Z(|r;gDR+BTvsRmva}1c{kxqI&~}jjbQXJcRx#yz-QU+c-X*RWw%g1E{E@gttb^>vZx(9)E`!9cP{^-xhA9fMiKsrej|eJkRiIqOohRve?P zRUw70MZ;(DARV*Av;~s0J&$oM30Y1@vht1N4?vW89KzM1l+vr}xNVIVP?@gXU5Oll zGUK++&V>DdbtVi^YOyd_JKjc9$=s3|#&Xk2euYYQ%~8@3j!VEdVd7Ny&18+Ih`IYH zzv$i>n(M%SwT|yzYSkKfX7ht;OyQQJLrYy@_1t;)Q?!izAosIAi6nabT3 zTrM1eY^iCbUvtj;Z9aO(!0cI$;9b6Ac24-uUsyXTMoPjxI(O}KH*~bag~6y~O(fMC zOC>oDXoZSA(bQ@25=KzYBPgy#N>aI8@!H+3_5-Nn6@Kb;1~p_1>gp;AF_4m)aT10B z`CNYk$OPVJx*003HV}n5rF}$F;+}|B*(8_MjXO>@l|K zh4gazxLcvtPu1p2O=(T$wv^qJ&;@x(N4>Zmmo^ZDRfI75RD-#r4>_FT%# zW9^Wt@gCT{e$V#8Dp~w0gaY9f=u0}$m%dd_b|qiyrQutF7h~D%lD$@60Sb0;&$QIe zR?glqSD<}8?|EK&5_rKYVDz%428HAc%ELoBxaz({I1$9*|V7w6}m-v zsg^7$HY(B-RzxW+MY_b&a~bnj4hQ)F`8#B}V~L3(h@y(WTXIMbFEqtv`)F)H9=lu{ zD>C_Nhn>(D>2Ve#BSiu-8aVqZbDbXLIj(uaQifat-z^w+F^YNiTNN2Nx4id1ryJo! zDrr*$KT7cTFysI2rN1`Mh$|Y zP719h76AVyBD)O@(@J?8qhBBHuV;)b#0HAWKN1gqto=$i8h`xzws|T8ZZ*UP0DuQH ziNl({rrap1JjEA*MM<|EO)ysT#X*63ce2$bk{;Gks!Tg=%pv<9-6+LJpY-&QP3#YJ zK(xsIgmJ{@A!PO;VHTH%~F9WN!-2i-%|Q51KN@c{_bRUnNpA?kx$-h6qE>i z;#z?Rm21Nu$oUFbPQP^<*_LVQ{S6zBY9IQWceWSHg?C;dZcnnOr`}VY!(5^f3@bt zrdiR9V~qJVO-oWyGyhB|RkJ(;d2Mw<1=_`^?$WCu;k%B3{x(jD`e$XV)#(rUp>nA% zQiYJop^wJrfeID^4hz55WD+NZ;!Cix?%8@g#&LJL#Bm<3c;bz@RC9xq>zKw%`NCZw z8KZ{sVPTDMa~i@I5U1eZb;_vS~#BrYun(}`cK1Nq&ugH?@L z($fX;->n^`m@B%d5VvgyiMEqWW6ggANRJNIAgBYBli$vz;%KSe;&QTJ67_Z+2NAHe zvi>JNqm^XQw2Wg#5_LA>x?N+_VyfVsq&9_UP98^uU94yEFpGuZ&w97vihB-VFJhFr zM9E}rziBl__Aq_Px&2-fkc3>__#il4^Jc*{uO@%e#zRNgI8vV7?hMa6l-PowMt~U9 zV*_llsJf9EhDf|^{+4lrH}c>7q^C`?H)Bc;;S<~%NpH%rN1Rr{846ZgD>~9Hw;fMm zNV7aaKz%kU?BG#Jwk0Y0h%F+~J@URMyDD!GZtXv_9as#_tjU{%a@avxM8i)7m(V?) z5n@6>Gx$l*J{ipn7Xu)sN39>*I28O3290Ki9hNcfziB+Jy$>8GNvBtW;L{#!KcP$j zbA3-4{J?vEQFt@RCX(>Uwv)#!J1v@^O9BS*g559JcyP=Y&!3#|;-FQUQ_7a{&J|Z9 z)2;Rw>do7#8j~6RU5RT;&CB?W-X;InlMqZ67 z-UI(e+3@0@3|2HBB1dFr$XvLI%FwcCb7m7AoP_?kWJrT7WtWo>P9|E2-&IG&ddYBt zkAETXBuD*92*16_6guRtKHdL-ItTkVaz)d~PQe#Wj<=d42-oIf zb+mNz(_ts@Vf#0*u_N~dk9rEyyne+7sR=9e^3yhD(Pidlo|D;x)@otUa(XblAEgG> zSSk&&(7!=rtQ%4YhaP#5^1FO$uXjz@PX&U+YJJoy+F^j_pg>TOHjxJ=w*TZug8{%cd|a`#rC>FHK|klWC%j~}3(^N9 z_Y|51gmI#l80-d+jHq@J9mx3q%za|RcAo%!J1Hsu(9hpb1tDrECjOcnP&hO(z}GT@ zF5+++0%O5-S?mGZ0i?g0_kM?EK<;KZhR~dc+QP2}`dWNbDE`~cX&^U7Ub2*Q0_ZuD zrsCZav;0gbVcD(AgEMJ7=9cm&IP=jw^{n_?qpE0rz#Y8WEMdiH;q}B>Q*%z37j>t> z!HM^eQ4I}ceF6Y|ADJVs|2lE-&s<$)$v(uVB#hc8xuj_`MMyn#%+ubFIAuqI|5JzH zebo_H^E&+Is~ps~NH)1{Vb!n;Lo4`6?hTRe(Jowl@v+CUe5K}#G5=?cap0X#!O>rxH`^kf`O=% zICd!qx-s~v@r)M#d=>R}{~LBe4m-$I-H=E+Bu4nmf{@F4?#px!Q_1GHz(R+qK7`|| zw?Fv)e*&GKV!-!0>-*}WEi+WxV$y=NegAqD>wsMlr4(GZLAAj+*FOeJ& z8)HY+FoBb|N*9sDL zK{9oz>&AA?h0*ODj*6T9lipI*?z`7SbInQqAE9ssy}NCy(?(I1$rO|{uWVb6i#xf-_F++{Wd3bGQu?0y%u6ah9 z8QjSYp}lR#&3O8{kJ`+E%_DHC#B|6f^n*{6f9nx#A^65Yu%ZcxJEo_RglNscqDjW|dK)sYge9dn|_A|EDNu|EkT5R@L z0co)3`#~8KsTkWSl{dV~C`c+IH7>^;o_-vJWMqKDG?G`!lpkDX(ff{2vc&%Tr zG}g^e$%-NU|5}xGvRd0+OB0Dbk3GquSSyO#2EP-mQmxfA;SXmmmmQHgXQK|dw#O_F zfZu1(23dt<)qgNVB9`(jnTn?KU&=faG7{z8zMvOU*`6UT4Pn&xJRqZmNVEDHfB`Rz zGnyl)?ojFIfkjQz`9E?XIg_G0bJspW<|H`KVmA-yhi?xIA;G|N5b~8Ro{TJ|8+Y>4 zYVN3@pUiEo%%$=y+86cF0(4SJS6}^c_2idaJS`VfvADe-yw?2S>~ukZ2p{XtFXn6U zf7jyhSHa8MT73AjAK5}&x)~Qp8zF70Ay0fxYxo^m9Xmk!U{w~!7ia$9tsTst!f`aX zNdh>3d4CXIq~rQWQL%0Rvn4b~#&wF;u(-;?MYZ=QQBnZ3L->O?%i*{SrSydF*pE%Z z<$vVbH7@9BN|?T!sGDC;lOdKGCaFMB8@Ut3G%c4_cF-sxP9eUD<|O5NnznBUVEZQ{ z<{n<(;u?NC4EILZgBB7VjOCg1j>cbx)DdDguBAIBq$;E{`Ly8#n)iw_dBFja43tZD z8=x!|n$_Is=f~%fH=bh$=X|n);WREZ!p}XQG`X%CRZ}B_9YW2hrVTk#qqX4IZtD7i zlz91{L}*w4NWIEz;aqSYgorVT_m5U;ev*9VAdCq23~`Zh@S88^JCx-PPcCt6aozE6 zBI_bRlwaWs4E3P&2)-Ln0cg$z|AfdcGCl(O^K+PBIaIeFFp7=8q^E@3wUMi6Bj7O~ z?a0CV)N*h(-5R=~|BH}g^*m=koOq^P9S2FRP!GMj{a2jx>;+9B7L~oM=)*bmPU?Au z&Let?3EQ#qZI(ayTi8>gQ3fU#5B%vfu#*+wBq$p=hmnz0_m3X@BD-lh&`IiJUOx1` zduyR8tlIuZ1FOSZi@yRhUf*tB%VAFoa}UozKqRr@CBPkh z@bg}Xt^B|4_Sp_4A~4jJN64@GYHL1JF#|(zr;;)Lb)YCm*JzlTVP_}?dUV-{xnk    8 zeyC--NO(EJ1lY3@neU{EqOkWEaZLLvSaYcc`2H)ItV2{54~P;|6!Gg~7$q7qnE20g zQ|#Lf{V8cw>?=?QyTG%)Bg52i>hC&9l;uV z(V0}OuYTszLz?a_m-*4CNfb{!$2Bfu0RL)YCt}U!&5cEj$ni3eUBU(2gYTW$U}r_# zd4ByiElpN;xoec@@((9VC}%E|GA+SBY`ZN|xg#=0E1%h$QuIQ8BE%b9)D3hUl} zgnLtIF3rlJLRzMzsY2p@ks57k_=hAc9=wSZ_b$B}Ds1ttt*+okDjMgGONcXA0z74e zpzxV`pm|r5ZWZ(-s7(E88yE4Ev3nQWwm^XsI@q(h`D*du;>L*T=NR22q3+cu;rcWR z>+{_ZjXyZCva<^f4AtNfT2_QI15Mk~rq5jPOX5~f`*zxAQHNB7#e5PGlF?lD`73Cx zErK;#Ofc);7RY%?LzI5n{~oAZD2@{`-9^x<&{d}VP~ zvIOE~aN2tLW`tscSj%77x*sH+LW4eHd_i@_A)+dOdmK?YyJ{a7vP-H#DV`e>%fIUZ}2&4 zs1OE68ri>Al^&e4)U7RbXEP`lrChC1lUz?hx%R2FAq_6E@-Jh(y&IPh)&m&hz_YIU zwW0%)q{A8Hn)A-kNOaRSN}K|D1m~u;6vq+o4gvFtkg2W!b^=#yBeV^@7tIa0e|lwi zPr{ks(1WsfeM=#e!uIGz`K!NU#x&6bLDPmZH(nHP6|4*04NbRRT-t5G{Z-R$No1Pm z8R`u};p{zK))?jEw{3VokV1h3>UxXxg%jHuI3vm(X9s1PKjPTA!MvwWnT9X(>$zJh zNE@5c21jCzCXq@0%lo%uF-#-+jWNY5Cs8B6Wb3<>X(<03=UEj`@u4#6>Rp&Iop)&~Nb zD$u?q7j4*#=I@%i(9}IOoJ6olIraRO5SGoz-=(lqE7^h3!F)L~atS{d@^E+dAf=Db zO#gn-->8W5C$S)*NxikDh?5aDC^ErB)kSQ?Q>b(ht&ET*FZV)2SIu&sFf_TqH}j@s z-&*<#{W%IkLRa`^ha&KgAp~y4p#LN4Dg&z8nzl-JgCH&4DcvC596F>+x^vTA($d`= zS{jsYkQM}_ySu;Rz3<2U&F1X2XU&>^f?#*pe4(yA^%lL&keKXEb@^^zr8WF8ZkZNG#*ro*# zPii!Z4xV$ZkxoWsEuOeN!MXd(bnB(;;S+@BM38kGnwvg5bSV1dw99 zM_b8c040K42Kfmo2`gaShU-F!DZ~(@!*aA6_9OxwyN~hPeA1Pi--0g)Z3sPXD*G{ zz<&}!sG<7~-ny~tSe}F{2FZql#<=}C+VX1wIDjt(E6?aD1&)JW!5GsP#5i@YdJ_K6 zIH8*FI(Uo1yix7hjnsTFYyd1`s7s@#-Q}!a*=|qv{m;o|5|V*AaVl zN8pO3Dl@6rYwruk%tajp<0AKc3ZI|b2B;4rg81;8zF*GMt>G?-cxKVmQIl}5fiPvX zSv}RRF7>g@7*FNHPPd7IhPvLv`YDDRyw11Pb50wjr3CNWU5JqVO@ixP5Cm`bckVn?t?7rTF{aU!#AxQxasZY)#0#1NG>VKh3Gp z!2ziTwXnRNTyfYjMr(EtpP+*A1#mpc!@h1ORTCv+%fW8J(2Ln=1&eGI9uXgyeWGSw zU7+}%EZR&g6TC&G&KJ)x4M(u`(+V0?g2zC=oVds^0^1rIhs$hPy-Ub?Qj{OBJnKf} zd3*Fa@Ism6oL!g9RBxj#C#%_uHM$QueW~Z*ClhT_+@P{=CQUbV0nCNpptlTb!aJX` z9)_~%I|-HnDa5)B4YN;pc7M*w$u`2w`3K)6k<@HXo_zd*fZC?4Ari-k6~$$Li}PY! z&pv({ta>9#e35vlP4%d1hd`Yk?*L8tZ{*&A#v{|a?hqJ&~YM>N;)C$h1>z_0_GnpC0 zy7UbgeX3Yi`8kSrJiY2`?&kD?()Ou$6YaGENBu3e&!B0d%(Cur$O)VS3pI(bsu6R{ zHQgJ>tS2C+Q|t3JS!#I>l0A%`pXHyYe>&YHM1uGggnvekplNmq%p+AA^$kl^+wYqD zVi!PiWSHl#Qu=czfd6l@h0!`|@=Hv7OvdIg(2+!8WrR-6tAomJPtNJKeEP)mTB4JW zk~hO34nwSX0RKx+x_i;!YoQ1O;#&_lHtNhw+*Nqbj^4#%!4@LlEIH;>`Y9y)ulg*q zMR*I^Oqx}TSd``hmK~A?c0{9JIyqLT&dh%8(!vUYn% zlR(4^Lyfg8Uw5<0Y_}W}BoH%mm%FQ{GHiD!8_lDr`};cc_YWAQ!5p7BnjUz^&bA@VpN&6zwNNVF9vYZ zWUnSIhnGBBOU6T$DGK!a%a3kBEVEjO?IwbAYx4{UT3|EDsSx8IVC3GbC6hG{Ce?P5>B*E$j_dK6s9ipRKmoMQN` z{?p?6z?ULj4Q@jG=i@r>1-OCqabP_7$ZH^$TKOD|`))%qNO<%*8ZlM}^lI;S=|I-a zNg%O;@3Gr4fV+tgeuoU(XydAldY;pQ3M7Afq&Rlum%YDU@N}oX&Tl_!nA=aA>Pa&vbbC{0Ggq(ZV{g@ zf|eW)=_jFt*KK2{lfvxge!C?d9IT$8xbL|s$j3PqR=sBOK{1myfYQAq_%k`@7uRuC zaghKa2%FZ$W(Y!kYx&iLVYrE;&jq~zzt*$Au<8Y&bBJg|o}W;7`i8aPy~ObM%*6F* zs`~_x2>NvB0FcX{wOUrQ8skUZ4Ic8*Vu;cL#?uu;;u1S@Fq6g}2rm_nwYBxe_P{qY z0@15!T6@1}#oLr`;+QkgELUzH$SU{`hG14ptMBD8uv*)8#4C(>QNKs5#geX zYQM?wVlO;83NuisO5_2)@oeVS!jKz)Zk&20I)Wn@S*4Zb)1TQ`xLd)yOD8A2u3zH5 zj)o|vKS&?qHR1{x1|`*Kx#@&?3<7p!FO~%!GM8Y9MXR?~3+@!eK7L+I)FIlaA*v4x zUVkLXnb?Zeo4Nk6noXe5m)ae>ql|6L`Cf+?;fK4E;ir}TUN3wzl+Xh(eWwK#kT@_w zW4N?_wq?MqzQ@TG!Mxgj5M(qVL&RcxZ*{%>xasLuz@fNLI5NWv*EGwMTIhmmU+Ls$ zoe3qn&tTFVSh&-4rppCc|IT)HSp4ve)AH$=ZDG(pEM@skDiwQC2oq6|#@h zv@my@heKPWGKCgzBQwf|P{^o_#MGVD+g^_W3+p=VcrIw-asV(1!@{Zy)@XCKnqhoz`f}?k2RJUzCXQQ{= zux6Y=;jfCG@h(=NRb0%Ec=r86jkx>mvHpbc|P^4J!o{f`XE|GBt zn5MOW^vIZa{_8P5uBX^um5t9(?UOqlGf&J=HNNyg10KMTNruI}Q1IqXbwgF#=w_5u zM+#$o&(2umbOcG+hh`OZL$_SK2#qxi*lnG8te;#o>G=;biMYQHr`_?@_6BK+v*_18 z{xuu3TKIDwp-p3a6wb>)(!UEiF<$sUd#^zxqcBqKN9N$$=$q?jD!__Hg4m zd5q6nn%54Z6u!@dyvMZ6y@b`i*qsc%&ch}0w_LkFkX zw$S^AH-E2fKZ1G;sm}jm4|e72X;>sH>UiQq^*I2@Qs}X|4x);Or&GWg5#+{(n>bO_ z(xVTW;^a)?KUCfBd(rXC@?Y}r^g3M!CzJ?vw8lkEXY7b|r8P{0>Br04ks3T1e8@|( z;Ze71kK-*4r%A`{s%)S}YgL~FGU3h)1m~^@ZK>L~GIX$PNA0@M7luFZ+DB590XXl5 zOmOr3(9Ab)bWNs>&Ww%$W_z!=^2fYhinDdta_2g{ug~#S`ok&YsFgz? z<*zR5X?QXmdY4{wACJ5Asy3i*WlFvqgJnMSfNED6l0Ju(n~3RBzQd%`5|S?~sgT(c znX6Q~L|Sv{L9Ak0=aBWlZrZO31)5}VU(D3}kjh{PvoxhFK6`K_RjEno_rQ86!h4Ha z9T8I(SSDT(yZi!X=qdtPq-4}#MHs|FuwziY zo1vxnm656j5GjV)dtl06&f-Q;@+VGj=>QO99~HO(>1r7sGR}cbZu>ZVQ&6zY%nl1t znU|izrBLT>n|tq~tJk06bBFrqM!-*&$C_q0(&zIVX z*hu+*lyoCf;?qq1JONVvSy8ak*2-%u8R`I+bPnCSsw?6Uh7{4Q6|jbmhaK9K!%YF* zt3{a%QlmtU$Pq!p$Tl4|9aLea-IKE~@!!fCw-;f3al@nL$vNDRJun&qQfbeBIl)JS zi{J_!y8&v>XWJ{%=1?w?H<`0N!k&jsFh5+>tG&q63XD28Bjj6VORTPEzD z!PNOCKJjNFt7_9Re$vlrO}o-PdcB)vn`*Qc@%dm~Y%+nQ%Zn^u2F(`Pynt8riX#MS zp}Sp{^CTO*c*~YJol;0uwNp%%)#xjt3;VgE$6SZMmVgQl#W=z-9165!A(KL_02B7= z$RvA_GjvDz_&`$WI`Qi7^hUT;6VsLG7{f-{Ui!ENhEWGBe*#Qif)XQ2**L-u3K2Hb z5o~o&R1r2#skzQ*5_#csFTKwaMAr$lmD4->hB?a7F{mwGdX6+7C5cc>)mGweYmIY& zak(SP+@a^wtwU;bX#J!Te9g-;15E&uQLm=sd=$R3-+y;w?MDBJRdR;0BXH;Nx@Dnp zqoS8&S?epA9c*l_qk+>t>ysa}_Br;=I zs3%BVbz>%{UGL}2ch^Wk_%N6Q6zP+cQB)rOblxm)L805}GphBhd}jGJV?Ei=n0Ol`(FiM9nAT_Ps#EIob0Qb@ zL4{>dK7JZcGR}lU<4~aO*^eS$%gTqv@EC~EkMDq>k_aKe{El?O;dp1_j*}}}<-M3r zQw^lLMFO7hWVUl1jfCHhUA*4kW)A4AfjoPgiLB)ABf^e&Zf8}Ne(EN<1(mnGmn(jB zBmBFBIVy_Zv}g$h70~ouY6=bd%C!|V0z5Mj+_=6JT|<=x5%vf#ivS3kzfrD277_G! z5!OPXLFohq5c8`J?R_esMeb)D{kXOgA{7_A6(e$K_LFUA+=HacgyQV{(k8ac+LiwnayVi8VOBAi;A3e-nka(mF$0neal1o8C_-w_ zzG_TMt5|C_rN0I2MYvxCf)PjwAFCfvn!#p<$SQ{!)Va=f_xOES)#;&E9%aM2CV{K0 zTpUfay!+~4^Uswby~d6sc4H)FrRu-9p`RX;N5`p=`R?X}*9pi%5mgp^3m>E6(f~l7o!Y)<5tVtdUrw||K$-s{fp5z))3R7%gy?`N;bN%|10 zGpO8pSk-cJuLU|)Hg@J*KQ37EdVOqCa*;T$fvA*c1+!krM}Bry#gP%81o|+coQ4>! zi?)aVam8#AI|rc!x6){(#uI?@%DFt=katCF(~X(CAp>fl;l^inB%3}8rGeadyG$Q2 znAT(A@c|6%JjAlF84(H|?k|y@42gugA5SM0J=SJ8yM8o9k-T6C?)msrNoMIjMF@rn zq$NA1K=t)R|6JFQLP?y~dq?W}K)q_Vl3&uOH?w}_Sau1ZX)c~#Epqh(*&u2j_K@^1 z;c$B0o7sOHP2&riswSBB9`oRq5H?!Q!xn@VB7Gcs_D)L!X{L`BpRaVnoXd!IFZUJ3@vdy<)CY}lS~t_b6Xdzg7!=Q+cHfC0hf#Ti|Isw zRW&SFWl(_}S0-_3M^hXuwpqU{ifx302i*{XGmU&lD8kgcW&-D~hqEOE(h{&i(+2Wk zU9k`i7pa?|IL4G{8GXFDKJ5Kzs#%z|jnOGw^XLjgyU?L>HwNSKbTth8WME`-xlEbb z&3#;NTseXkBGx}1joo$m^>;$h=MV6AQj76m7r_;sdLqIW?OJa6Y+!NfR5y#_taAN` zyf6^Z#G88i^UAfuI9NGbcsVJe~2$1gL~615a8ORjqq^%5yen+#^=r%<>R zMST^OPgHZoqWPOu?Cxi5UF|sRhWQs<3zi5{>rX5-)-Mf#Zk+g@>gY2edaSh zvFxVC$01UJc27ew@R3|QArJD3$Ma>G;RdfqQ$gEUUg8Sx9n!tBf!W(3RK7~Qk0CjpNQxNeclz`AP{foPe;5ynDVz|i!Jc!Di8q_tst_j`Ub@5$<8 zsCeoqx#-$nsdy7-`x~*W3#ID%RLWh*F(%f`rx5sC3>HO|2#eR6 zJu#T@?f%wEr#~S*r5K@#swWZLYoM;6o_=#+sL?eoUMArykLu2x-<%~&6A{VIoY=&mZlQY=eXp@D?Xn1alc>tk z-#J+NpSH(n2be4Naer7&*$Lk_^ly2K0=OQmV5wLHiI%}4V^Vo@Lwv{N*)DVGRU{$# zUhbl>lm*+McM zte;Udel=SO^g9=3d{l$F*D8zfo3(V_HJ^A?j}%5-BVJf`z1Jr|1v+XOuy1?Oy*V|W zh}X}q-==i-i$9*PnBe2Ci{7WAFQoJ1!**%o7LhhHcSrU5YQdUr27+ftHJc`gUu@pn zVax@{mRkI^c{NlBhtdL!oFizDf*uBrW1#VgD=T#EdYfkqu0o$j8@QySEU?{NgGw`D z4{B>M(6l!%;3nC~B-@0wj)GfjZ2h~<%{uqm9eg3wSNP0Iwfy`yOeMoZ!)WoHB1ji$ zlvFb9VPJ%c1^KGYNnnW9NphjBw){8HzeXlIN76~5Cj>#G#ChTy3FO7JWxj28R~lZ$ z=?U=fJ>l3c7dU@jdhNCRsL(9|PUj*UTYjcR)q}07x$n+htBQ`H%nz!Z4}$EcGIuXw zy$tmp{mHnl-IVjbJi1fwIT|;}y6A_ge{@fYI8%2b7>sY*eYZ?_>FYHN3RZay*PZ4X zYqXMqUPyl{Mn>M;{0o*f%Ld)}_6@)_@w_U9s;C_nUI3Hu*dxqCkIzv8XsW|uAjMB2 zbv3X$*AV5QZ4F&2(rcU(G{O=a z@w}9P9Cg?vxpbc_|bULb*#MARIQMtngEVc>YEX;|! z8Z*4JKUxiTLr)p*IWk7q;<0t>4eh?305sTUCGK+xe7r14`4t4KnJd3zcO+~P9@sYT-IlsR(HaFed8+tUs;R{{5;2<;Ab`NIun05!-+7^q&PFQ6+w>U( z^{zSY^1VS;Xev1EzJwSJ+P<+AzgTcGvY&$G4L+CHS!jA7y*crvDYA383m)9>1a@Bk z*>RkZmI1;isW?rKqN&=)Wtumb8mDc$+DziyZP}!vr~`ZI;zf-3@hSQeM2yJsdrab4 z2M`Sn)j$k5!x0jocz4i_h)S4O*N+5|ms)~FS53UgT1q0aC_cMs*H<;&Y}7PqS<+uK z^`8ljeH0Gn>v!IjhdTi8cVzFkZORikI_^*U1Qfp{>$80}mEvCxK9q^)4=YFbG>;?E zm~2hKdDbe6uk{+~G16oK%xKXPeUbkvbbrZD;i}>YIlam8(W^~EmDF`!%%^mxX#00X z!rO6P);MdYSIl-K>$k+LNyk4M!ptXXl10X~`w|AsEekk)5OY)jE_G;G$Nn$w^T2r1 ztB09(B@hBZ@A)M=;5Y~166zxA!Q81^AJtbe%2O}_tD357y4EKtIw@s+l`sM8@xqb~ zkS#9xXW#PLa}fIeP*x*@Xr&u_ciTv?yX{sNBqZ}qO=|x1w{n)H&JslUt3t1jF7P)i z>@Q=00jV~uP)qyHH%)XeHC^_X2=b_VAlKM(p!a($&#zckDlh^O7QuOk)-0?VR zc6_idZiH)o-2%3~hJ)Yjz7lU9(}T}k4vM7%7l)hDS(GQ{Q1782@1Zb1GT@wu*Re{V|h)NHnF)D zrG}vL_dvFAsDWVTc)ftgz5ig|0fVy7S-kiqM1TXfDz9DGG;>3C_gkKB^jdEo8fVbT zD1rUv@|dS4fvhoaxNVmd$4}Lf^aj$*@=Bv%3RAUAQBaGsL8x;06jSS1*(L2t0Jg@; zA96Q)W?xLX)+c{&wxP}Kp}l`(46m>Bx2*i|mG1lUWxe?XMr5#May9u0A}%#31DkxP zn&K;TO6!Y=zX<6#UT;tWgG&$}dvoqIuvFZZxId;4TfI^J?LF*rh0m{e=p8*Mi?j)I z)WGtVrG&CC%VpM!F;d^e@I|UzNPPM-a>IK;=WVAtdmPy(YV)~ESg;qoA^ZKDPzIFT z2BP#c@LRUI!Jp#R^5(k+x`vjT1w;(ez->Jq3^M!KzU8#@1z0=4>?)l?c|GaqvRU%# zy8bqw=nur7Sfz$mt@OMQ5`#{x$J<$H)>d4QZkFwXeM`H%!Sox1#;rnl3MW-)OnwPc zva?rV_WQr;;5P_FEl1~{e1R64iHy8DXhjmKu#4BK%>g33TuAK9;Ov7ypWo*Vf#*QEdC8gIzysIRy>#v;DC%nwD!koNr!SuG2{anUzU@q@? z=5$pKomCWagiSetZG$9)whZ%aN1mfoG-;4l599OCbU>DX|2I+74$?&^r^9<^{wfy{ zHZFkd$2lG*KkzzO@G346KKub@>N-gzfdw~Nq)%ngkAdl7NOqmTGpIQnecV9!rT><^ z{tPcZC9zW&0t4W)-vj;xJqxw(GtNb05AD~Fcp-_gBk@F$GJ!P{v5NV5%>KQDz({~! zRvBJRm|agP=Kx&rA(Ef;fg)eC)#y6MqAA(jMF71qlo1{Qn`HBt(P^oGgZUOhi{Tyj zXAo|%LLF{;W;`zYPYmj5Vo;Ejbl83z^ZJBwTNxcLViw!Ze$S8$wg`cj1U|N{N{=e$ zi)9YOu1pNtpe&?N>XRb_dbg#eb3(p~M21;(Ru#{~gbDG>BOgm+*-^->5j2#(y5y${ zjf!w!UMf}_!f`I{;#Ihuf^tqILN+-fleC7pb(RV8OqM+nz&#orHkI1iVxw?p5@VxJ zA^YKkkIA1xM&^hwC#ebBevsoY(u+7yGgq(SIWaUQ@9WM41LIUyvYQ!cRHcN62eJ2f->K4^ zscRSdg(GgSf$eT}U&oahT-N)lYWhg+iBS~3%MO$uWCb4-nX^Y`hN+wM1-}-i6oa3t zf+L&W3X%2P6yiDl$n{iFD`co(8)IXV+43q4>n3GNu4(mD35Y!X&-}15vihFI_uTx& zFXueG>`H-6Cd_!Z4`ZM<<4e?e(b~xzV9OOSVE{TJFpw90Q5Z4%T=^o_b*=|R-BQeV zKHSkcyn#KqzC~PiU5q$MeCBoQ7s-EkoxuGqg~{M(Y;hguamkYP>1yuhQ=Z=*HJW_u z3@xHMcBIl;TL=1}Zm@3v{Y8S74_Qh1vvp#aIXs1Uh_EiMAw^!0=_%VM!#|;p0Ha=U z1;eJspF*5i0XJWj0CV`4RzVC(ZTvTbvP0-OkXSN&{0o^d3ftc2;&1&|51RVrPR!Ie zbR7?q)&ZeB5lJ$1(~=CvNJ|1yv{;?T>nhwN%6)pjW~s-Sj$*e%i^@;Rr|99FXGOW; z66f>`Gby9b70gUFWt znew8EiKnLwK4I)%B}0Z}YbUiJYBIxK=1d^7#1(p2>VGa8q;{GSPPS2!SbMQvf{LUb z#F|o&1`{n-}N~NX-m=mC{!kgNEQ`6`vS&h~}*)kLme& z=sui>D(WFkOr3hie@n9>t>y@Z@O%_yM^OJRkWQW8-$|X7CpkZ(h;R15gv|Qy8mk|_ z+1o4L5d)n*ep}RF`FwiFjc$D1zxD9FgX7t75lfYTkt_1g*LRSJmz?&xJt~v|QeXnQ zXppsV8GUfgI!NH+Mzlyn-??wWzGTE|rL0VC3z%u0Ab8|Wq>`AN5r!3dfJ8;#>&AF^ z(;o>Gq8)+7(iEBLc`T6hr}(56Eh2;~$2g8L@u*^~aE~UZJm{V8Et*hMH`=)->e^e; zxe$qtv17B`ZBqt@4M(sPupd^a3@`mjON%TsM};5hKgoo34+TgWsNnt;%$j@5?3-!Q z*$*1b?oBCZk0ejS5|X+5^aF+AQ1{A~Ti|giKE{t4Rd~sq>U}9q@m0+{p)9^WHZkp0 zLOW}yrnEE3I>k8&RMMfXD$S`5O=5P8f2z`?oNl`TzmG?=3ElW2yUC4~WSO4tABl2C zzC>ZQNH};cXD065Q!rcS4pC+Fm2|p_Cij1Q(wU2GeS4sP`bCH^z-HSlw7}g}O2%28 zbRJicR9YYdF&sLchH2Pz&4H@6%h-_Sxp#`gSQ$NBoXNjdya}sIh2J0gW%ElWWB^iW z1C=)jkZ+_baAYh(5HB%gU~?u);6*t4&I!{cc&Bi@i3B=9iYiq$URJz`;k7|XHDahi z)h7uhTbXE*bb=?9?%mLga!uUeLwW zCDR~q``Q`}RY1taGGo&?3#sUd0$6}BQq&>jkh^iw?-8lWadToCT!{L{+{7K%gs@pdvX8 z=SZR3i0k}St@TyGe9l7`iR6sKp)Zr|?0ee>;^YDWK6^OS>H#G32KJs>mc(a-2=Xh{nY+2enZFPHKNE>ZLlRD0M?u9a zi0#&wM`oQVFKv4@QZ8we@w)>;BL#mVMc+wT zqoJs=kAwPoL^zq-pzZMpFiu&pxo&U0I6bs`L$q#HQpj5(gtD9B*$vYJKCAR$KI-31 zS!)rnH^^W42KOuZE47~Dw#=NWZcEl!Jh-^YS)jLYpO#Fos;&!7Ad8je_(vBhCYzD8 z3hW}Q{$N5x@ll=$EtB4Vp`%el6^4xOYHCwWoi>P(B$ky!Y1L{+7nF+ zZo?fDNiTCGN%MsPm$f0{HrmBf4c+%$-Cvwm(~x0vUJCsp{@$dYw7F4Wo{RJ=a@a#t zt+yJw9|=H%Z;s%6GqB^IR2s$BhAdt}2}dbe{LBstQx1rthk9qRZC+R_cg#0`asf62 zTD-nrovNtzJEPk3Q9HDruDUA1sgDzL8+vZ=?c&-Oy!THirE#*!h@!hN8Fl?6*rql^ zCrUJ+3({pN+W)iWPk;Dr8BLI$DBDB9WHy`HL}458tE%om#uz4By1yPppmnsWjJ0m) z@5uMrIO^YQ%W7SQPf9;8Vb2jjz%cMXj>$ny?ez;v%V-D~jzebcQHv)F!LP6SCZKn# z?*{%&sbx4Lrl#E4onu99JLxr9fPsO6OYoMN*7^_>BJ(?V_CxB=rTlh+EIA=tv`vq> zIq}zxiF2`I&ag1>oxA5eYA{R|iLW$Nl0FG9jC61~&Zvug#p5a+ox%o+oj7|T=3Ck( zxo95wfSglzpD!pbqm~?lAtrc`mi{1vjoD#4v9M_t@5O9LjZWSbF-!0NEt5}ES^J!y zW5_u=5oi$;si5dG;tKy*5#)f=6V&UMkKkn@LbQ>PF^9Hagi7K1wX5P)_UPpHO5pST z!4_W|KkqFd2#=Oce-CM=x{R}q#9@xLB~7` zIDBDzIS?&&X5pXfQYdN*qrU#>m`0!aokFlldo6I9Uy^&fl!FmZ3vJ8swm+DZpTH`K zY67xvM=zT#u@}Z{_5#V$Owv1G*a=MC+(%~Rq|Gf#WPseh&2@Zt#_&U8sYl9o_j{^)y57h1C6e4Dc;bR!ne{gV2ZUF) z_?~i@fVoVowoPiAL2$F3=O0c{4lG}sIYs^EohoY5>#o3u4tUr!dYe&uOY0A^3u&v9 zv&bpm%!2A?!oIz=5SH_d!>guAP<$66C?)(GIY?ILKPcwUU}=37Ur_lMidi_?Tu|eO zVGd-)ECOpIMEV0RLyr4&7GzgvnGa=S0yCFm6QQvY+n>>J4#Gr#IJlv@g@ls}O)v-A zA2)l-|5NQ#C;F$t+94ap8qE!X)F=KD6|6M$r2dk{G**GM z)9A^Va*w)EwQ3AL>P&_#}w}bSrOZ!y72%I>C&$opBkZKg~c>kH?HW| z!{&J$qZOA3hK_wtX#)e;e&{)@_8I52M!nty5fZbXoDcKi{?Tq=MU;fqKNsKlbyya3 zpB{ITP_#nge;TR8dwmpG|oI8CPU8b?w+#!Peuz8Sf5HB*nK8}+r ztz;y;zoLa1I9{!;lUMOAyphHAy}t36#3pX%{x$IqgLP8zktDFMDH z_(8Y>lp(%_$f2AMNr;eR==ywJ-5ZVqlne+&@SsFsk=iwx_#?`UlK#-bvkAwpQbC>w ze_0!aQ7JQIZ5;)WwUH+v!3jx|_t0#Oh=mZy!>AlGMLM-kk=+YGBYS0rdCVWpY~>;| znDCSPhIqzmVD5oa_DIw0?`gol3ZnXaoWW*Tf8_%)@i1TU0j7Zwc#)!?VyqK*)k@e1 z^lO^c^^mEBFw6}Y+rLk|ls`7|lS$dVqyyw2ZdQ=DS?w@EP$ue(OV0q~8v^0dgBreu zMb}8{^CAhVH*w-;>_EBmxk!y}_SbXTZ+K9@Q-qT2T#Fn)jex}R{?e!H3%&w}jM#Gm zCLc@5_#Duo5Z)l=^Ty|Tx0#5b2T6d;bA;`^xWOU+=`mX4blfjl6|uj1Y%hbzHQN1; z9{;Gv>W>{WY5I+))6UU!@3S&#n`~fQ)(WYCkv@2WNzwn|LV6^?gC-c*oC_kIC<%Eh z1zljkEY=svVps;;y}>p(!D`H->4x$D?_1}RNm(G@Dh&Bn-$#Z3VXMRr7)VRa@pbld zi~HpqnC*1!98|bMvXSu=EiF9JtE5&WHa8exQJt^z9J5fMm*z1s*P1HnSN}S#L~P*a zU}PxU+U&10H&ndUNr|)c_e~aHXN!*F-%%lJf@ayvnp6M6+ZNh!PJLJ9y*xy zZ8NU1Qp`va7lGpP=-!y+mhND~@5V^jXz}V`@U&?z?xm|6@0r(NSP{T*H_E{7Y5HM! zVr4LaA)hI`o9&-@+dj6(?{f@OVsi}a0faII3N}5$v){W&S98SAQp@yS7t-fVG{-}l z2{mCu|DVlRv#(Bb3&xU6+PJ8C#L0qeQ28#*TxM~{whGZUu`p)cdG9GqFU>RX%XIxxDrER`)T?$N^mR!BVj{_E7xTHYb%u^J8z+1&FP zt!gbDdI{jL#ic03ul}Ep3w7Lt;^!b82#;4~#Otq}d7^(+dKtA9TgeFRP~U&sI4k75 zmeX^_lzWQzH98CRW^&DYoaA7_ycK4D#acY7HWzawlrgncVtwzg=R{BjCK5sQ0gAhf zN#_iKRm>sES*;&xzc5R*F~!Fo-Po(06vSp4{>Ko##j%n$r61Rl%waZ^aYeYN?U>kk zK+t^G=lYxJ{_s-u-t7qAzv+BbmlPEz0m=Cmck zH{tb8g93ajn*QavYqH^oob*~H9F|9Yc&@C{H+}!~VBWj|y}pL_h=GZ6jsj!W~T%55FafqL?b_4$)z8+IK zFX&CBkk;dlol!b;Kx+=bQuF#P#xz7;-%rknq}YNa3&_$eG+kh-yMHOD$YFXj7C2cI z_Xm20c>Vu7J~2!sa827u4_P7KJmiUbcv{f7R>qh!hZlNZnfZkR`?X8DsgdSe%hNLR zD#M?UssE#ME~F>Y98NkC*)MqUG>Y*h-!zF|-$Glb7u=x;N*HM$mS7b|*DQr#_)OZv z0hPQ=BTGV=yI8h|pUCWbe9`oXT80(YDTj^Ww!03)N$xMT$zqCS*%RKY?W*b|ZMA(Y zZ8@x*JlvF$0=~9kJ`1|ht}SWYGW*_Aty)hgF8eThrk|D`n?WYT!0gQD(w)1D*;w6k zNc+1iH>#~C>`8x`EXyIWA!Ql#FC>q5gLM_m>GnU!EqQsnbQreSrX1ILFLtM{s zPSJ)~TRq5w|6@*f{4wqL1CL^cD*EeMz&P1V)~5mek11?#K#n7|rSkgqS+7Eeb7e<0 z@x8=y7EvSmzrE2T`E>h*4c!)UXG+8VF2B5oo6i+sOQ}QL(WF0l|8pH>DbwB2JJPtQ z?H$)&fFLQ^un6gGcNT@P`q47CGZ^R5u;F_0n`k95YV`&iBwOym3{D>Il(@coaRGz^ zb%c*FmW>b>zX@Fx2$2ev-e7Yim{%BBw$k7< zXR*B&cNxD>#i~1%TVl6`bdKvPL`0-P*t!eU24{I`Q%rwoF&gdczLSj701f1coA|E5 zXno<87=_FWCgkOr{mXh0qOhlxXLd{(op z_emvIa6PKvvn!v{8fWMgVB%NPF2v$;1|=z^`}nI_`J->4B6}Q{2G-vmK>s$aGz&-% zU;*+5X(`zT&GZ`MV|)rLmM()S1(}h0LGHNt#+>2WJ!q@-dXgW|#ftt9<(XRMwWkz> z|LvVo8P5wZ`lz)lh;09->CXoTXovc@kGq*ApyAK*R4dsez00GhsmW(hk4i!5V@Vzm zP~|y*L6h@0uW?J7yLyqwd-lL!rW{wufbGy5F@&b60@B~X)7QNlql<({4Q-7;;qPQ2 z03o&)w6Nrcyml1=F4qFpY^FMzkvI$<201y~-^1Mssc)Hdy^GHR*Wt8Gh$17Em1c|~ zeV{pV_oHGx60IQF!HcZiZg2LKL7P+cY|6s?r)2ROUI4-;tkt)UPDcd8AjdxD&S<{M zCM^-4Je=B^UYF{hiR`yes|?A#1Ca6yt6yR9g?@ZiJS1@hC1>mTj18s4c-*Q#EgHOX zeTLrTDg$rb^q=*K^UNDz)j79~wvaph!k$eKu?N0y0OaNqp0YxL z-Zu86O;c)!c9jhT`wOwTy;jMe3f_HFK`PX*RsSG)%a(&e5<05rlXT;Oq~U$NI=Y5) zd+8lG@&2-0Y}Wy-;NrebCNMTxn&z*E9I>w!I&mq`e0l&ExaK7CI$#DWxYMpP;Y^Asjw-JCg;kf3%~cK# zf94w(+#iuqIvl8}Dl>Y9vMm}KbmgB-`{>rM?KlFu+*d};YnuS)}F-;X~xO{wTC#dr_oeeY6aEA`ZGS_CpVx_e5fYvwjZNI@#Wg^q36 zrkZ6{JRGsY6ASLGt8uqe;}eoZ`g{Aqk0H#w21x?t*fwmw9KivxqwBc7ExMbcYafJ( z%kBuk(LZDB4IYYlo(ix>tMKSb8y3&?g#*fz6q|f@jO+~&6F1`!J(k~_$RpH*a~|qq zfFUFse87(SP@hW+F?i|{KGPQcHW=M#Fdi8(vanS5YSy%;wuiaAy2884p2WzbN#VZ~ z2+iW;t|zl}@!u3kZ7FYk0!?~76#rQmGb2n*t#ci($6Wbza5?5`G|@F(a=pr;R|H|a zr8$<;ap1#Vlhqfi*z-LR#(7GoLm;iSH-#xJ*_#6OdhJBwbF8{S0h4%e`-i6I-mczH zH@T*q&mdE+(}3fS9d8d#4k26S!>=99I>^N1CZO*Fg%5vb%(^6yf0r?j&;auLC6PAh zun?-*Ii_|Ye+qSLkIf!k;bnM@@yQvDFJc+fQS&w)em!oQ$a|jP_@W5Wc|a93HzLij z{DDuO*Nllhk7SMhSfM`l0GUY>>N%QP%7Rm>bE`IL zezszx#g~KiHo>$O3zuk3K8Zmn~RG>7WG>+2id_}Bx?un&GIivlFxn@R3L zm+%i^Gyb-l)A?vJ6eXeJR6y;!Va0N!ZF$3{k@;@ZzJIa`=U9~N3dtf2T`M^Rq(I=kgX0pYS-B`)RE*${)~CmoEE7j7wkG#QRu#6GM{I zk@#S+a?wg_W4D9Binx@#id)953JMh2?zI<$GCz6CL;AE=;^ z(JM2RDChx)m<<-(T_z=PK8bbYZI`RO(6jvU8^P^t6PJEHKYZ(2cF5p*Gd9c~JDF4q z%Z~CeKdB*I1KKXKn>?lo7%l`GO{yYgmLZQ<~|_x=fknZ5?lT=eL=>U@!*%JEIK%Gfs;m;-12 zW*_4xYvW470(qkK!MMDoS>^n~RAut8WRLM-#x$Hbo1|x)rSWK!?wBH?=+-h97cE}IP*dvr z!OFQ&B`%+6mCHgog5oHg<7r*eG{8rAX0Vi4epG}BPib|K5?c%BF$+~Cr$EWDL6<6u z`c3;YKbk8i7gM{pZ04Az&2hS|-eh`5fK8wN1xf&VLy2FK;kE5Eu(cdK=8GDn{d7^ zOZJQ8pOlwfKGHAz&dbzD5>YUG% z`Md;T#xHZR&+E;0y?ps;FZt(J52h=3HY08+-q>%{66YeTIu z!B3C)lhu87dslc%T4yUO)|q>tPv|S|r6+JU4&O9-f`y2jcb8wy!O{+Fa5FCCaL2~i z(ive&7$QgM$4>YGFceX52(T>)O&ly-GnziY2XArLf6pz%AmCAuf4A|-ZW;JFkf+~4 zyM=q)VS#to)JN0;4xD3(<}F`fp7faIEMUn-YR0vH=77E0O_pXj6Q&i?F>AKAN!z- zm%7mSSOX`{pOuOn>)f3v4yCFrsw<~OM9tG*=ka#En137?%&Niv&5wZ zrS;bs^ufF?iEi%PowcCj+z*Fy`WRPfUFR--jPG05v$j@V z^XK|RF}j?vSo35PK&V?I%fO8IZ7d4K+cgDA?_o(SC?c{?l~_B`M&2{s)P)$*J<{^+)1bLdV@1;n&%FK;3;w1 zNST#(@~#Uj#^I&=3E$I9hQ?skr=&%Uw$u&5C=}-su5iI&lr#Gnewo6#Q|uYYL;bP5 z?$zw0n$6sgTj-=xQa@SooKyGyHI<;~b*I|A1dR6z=MT=p6hM-?i3VJ!sKk#`??;xh$6mAdEtV&>01d>sJ{k{ zBt47$IWz-Um&_`gjos~*H#C=!oc)I-t{D9`1+oeO$GE&jj~&$>FW7alCeP@s?+AQ- zsK27)Pd-i1=I8|k>#z$r8VLE<5BAfIUHq7B#moG1o?`p5sQFx5aGGwQc1Fa(XU6VH z(jx&Zw)Ga=*4gZLN3tXscfNJt#Cn-U)x|hO_V7G$jTyW{M z-i4SH7`3UFbh+NK3PHNtZ%Vk}eAI(|y2MPNc(HQOJ@f831I-TqvTz|vLv2H;p`z&py76ik* z7%Q^H3^o}pKp@4WXm*YotOK$j&iy)&hWe|&t-~QFV2ubRazC5Bf=UGm^V&H{|MK(> z|9RbXnc|eZ0cHfvJFY_NQvUE0qB3x^5$q4Mtxo-OsAh&T-;>Uy%}v#|FF$Xk;2e;z z$KW0pKnZ!YSBix+HN(dMOt2&pJ9<`%L|Z)$1>pqbO33*OjKbJV`H4ER>92d>9f@#8 zgV3-9%rX;g!kqM;pbNyCYMI%=jJs-3&=*ulAk@(`2kfb(T3U2j1f zPmd47zjSmz#U55#tG0(XVyEX)ETH>IdVPX<&`lcq5WkL-*;UVTk|?g9nVP|~uSc6( z=JIvvRIOw6{G&uIhoJyVvVv?jaI}(&*Fg@rPeR-j%%PX7KM^1>G6@1K!} zvHp$xlx(o~GxEoA#=fU`h09!~EfQerA$4rE6CDms;sX`lLohwGA=}T@B!u|8Xa$y>WFGSG8n#bIgv1(* z(&gl6y!pI@1(vq)hfOYZ6s9&4G2-PtsZV807@ruSy_VcbO2H8)+Y61HYK!Qrxh$C4 z_>qNxmb7qb1o6J#W$V1grK)qgVCCH<^}d&<-mk;WCd1X-J9RM+sCX%KDubSf0?ju& z;-+|NOf2Lh3K+8wx&Je46h$TbUJn4(@)sMHU7nGo?+-eB`(ag~#W%EY-)-0L9xkga zf6nRd`yU@h<{$*PSz4n7N|E^_w%<8QbT)eTvCbh4T8}dy0 z`>K`WzA=?Vw*s8#+Zg8u4&gc>^*6_xzUDwI=|UguxFA#T6{D|t&l2@FPmodkJN+;g zYJa&fLOZ!ZC#^`06PIW*pLy&YsljPr9%WGQ2;DFN$Xl zOHn%cy^&GWS8ztrt`@dNo<{)NalSz`m3$JuKuixKPKi)wNotfO&gXC8zE5EWKQwtP^4H2o9nG?t_Oa^&&iDss^8Bu5 z(jK&c=Z}MSCNJNzpRn`+FOdD4Ek$g)jXZ_|2e&(D*3J2GE`*LEZ(sX6{IcqbsQ5*> zeC4py@!qK1qYEa!Cdy9A*$Xtr@5MfV^;YTs%4!HklVS2Uo)d}}63;66H|MuvKT{_6- znFYkP`#a6e40I^F^x&qG9E_~4DPiRoZ@xulJ4ZpeD28F$XsNLLaIuYYDE8Pw&}cGC zv5|3?ci5s)qid5slKF+f=s|F=MaX>b`3pE`>Z@#<^F6>g8v${o5u?Dc_4uXP<9ld4 zR<0nwAObQQF2fbK^~1Afm9e95`o-RMRG+2KIiQ12Mg-9r$0!Nz8fw zQ_;MAA^aatGT_yjzYnq-IQn-=;&a3aR&_zz`u}# zVItQ=JUCr`!&2_A1vRNo#h+||A8h;nfw5JaafZsa*>kt$Y&F$pX5xx*@gyIT5iF3U zvZYq`P_*;u;9XkD35_$!yXX&7vTQCl$>IC2i>udqO$RloMCZc-T*nxP zhaR0wJIBpg!;pX^q}td0U|m(tkN-Ue#11drR}Nwt(*es6oa-H!FBSI!ydM2Mod8#A zQwfh#l>;d9kmJN%vL@z$Cr0 z;03oEql)Cm=JY3`hV6Hy;~HJFqxzHl@4jz9XThwO&oWrxqS(I=fsD83TvD^cF(;RX zib!&*eh-i+e#?cMFJGBq+}i` zibSY`pA&;-*;(>UgW$RL{e2>B8h~d!e$u%ZSv#$8yc@L+;#yaKAPu(FrE#USKAmN1 z$dF=Dn|Wth=B}_9GZzfph62TJs2D_4W)%>S%|1eW;g;lsTArF#pU&GK#;v!udo}l* z(-=S0f5Kv1Y}MIOoT?n<($|ARmy7j=`3eL2MoH=;4u#&F!{bh-zLx}&15_kx>g=RN z;z)y_&^g$Wic#$l;Qt0!Z2Iz0=vu{-hUQI)E9He&7PjpAvKNn5ji!q9bC!=nqZRj` z35ODI8Dmf)$7*jv2f7E}2VpEtcYlBcE z49D~OZPoYe9Dj+##BlHEn8jGbXnqD6D7RP;;OzG`RBknfM7>W!x6|S~&40nye5`~Y z3d2?ha~-9ut%hz*U7wW+`WEYmR zj4H$w--=^M%Ap}CD{3=TfApVIAiW-Mt$gHL=Ys#ii|p^@Z*KgH&4g7RfzD8X=gK4# zY=YmVokqjamjjE!81cRTC&vuTTS3^%| z&E#$SojDh2c+6FYn|9hudCH+2(KOmU73j_ZhnEV8NDL;t&UEj52RECa2V6iG+EU(# zj5Xg1dC`?R1|0t03+VUesL`{-ZagBEq2}jlP*k)rlLp^aJAvy-2((XFkZZB#wZI;* zw8#>~L{7^@G`w`1E(qhY>e6Onp|KW5YyB}-`ubM9in7YLa66pZ_h$X!A~oaT`J^>4 zB8F@z6Q-gonD8C<9S{{a_&U=V3JK73>{)6anJi=qfA~!>Fa{iHW~XxjM?dgl%)(9? z*71qPWF>r2#tS0)U23p-T&tzLHu zCq8}Q9FL_dBZjNf&8Jt5^Ycdcxu`R?K_m0>1%m&jDY*NQMDd+UzkbFXZnv+0Yz;2-*ZMVol1;0kxQO`g~bk3OThWOH{okybPyZe zOF0lm2P#Q(^V*u^IU6>seK{H}@>eecD_HZP2&nhNklo3J2WM6+=Mt}kUMpBPZED1* zs)0xZ8$0npeeupv&GGN;_MoS31+s?3PhJlAS{}k_cj}wU-~xB?g4AXR^OFZ2%s2?S z<*UUn;`42ci)1N$FJ;Sxha+LAmF6>BMq=bBmHq=#(ifu`)5HOU4W+LBIlhO3Onc1@ zRIa5^GjSn>iDSBP!Kl(dypZ#PTIp}xPa&C$R_t4Qo{@DZ#gL&*6v7BJkHl!jjZanr z*JuqAwkGo;wDZmA7cI6B=5#Srg6NU9!r0>faPeFR(ZQx14T%`Ipb+VNl ziW;Saet(v)e0U^o2`bBUu>cWALY=km6Y#H(>8GUBav~rQ-Q$6>W#)@B1qbU#-EcDm1UrM5j$}*mYSB9C=0ThO$U4j8HX=So-g_T?jK@d zQu3qxzGgRdPOLKi`TpGu$L(=gNb`8Fs7#l;*5Vl8m+4EzAB!%tPe5B2;DYNmib*1c zgqqjHMFc^r+A4d+zZn9ueWF@$ZN3PSES;>#*ybeOz-B4P=vz^9_$i!pVxh8lSu|{l zEthCI<==CP7*;Zt1_I1X$N6WGsbll4k1N2RBtlh9C4)$18ZHh)XWnHlS3GYW9xbrE zJ`2v88}yMXtN|C3PRGEinygvgsT<}t4B5A@+Mo&(2@HA0ovMKY+Pos!+a=HSgLrg@ zuHIOy9;!jG|07`*=@nQT))n77XXwg&HL$ohCKS7;4gkkA1zGf<08NdT@-!;$l-=_> ze{ExbAtyw`oa}XLfScGwk$&rr;SrIEJFh%`^;JXAfiO5skbc#qA%bJEt{^C?)hXLt zLvBZrc0YSdZ?;vG*tNOnYV3=lD7bxOL`T}?gYOQ!qwy8h0wVHeqcBSlS z(-@E!zyNXS&!Vt;nNTQw@?g#&y4an~_fo!AJ{=ibf!r^E2aln9;C)U2GPXp@A*{XF zAgL(`(`UY=Upl3?grx7@ER@03o(=aOt)PiO#@31R_skIn=5P6oloAWuAI-TaWNUwA ziE+6ogGHxU(Jpl_?+1fSWNa3lJ}2^FE!TJ9wA?@SrR2_4er1*25J`{n7x|5lEYB=W zdN(JceWh}+V}uC7EKNDvfoZ&&S8q~^wpuI$!v_^mN)pyo#Re2Y?1mo2Uw&vJi$6;P z)J3bb%_UktLs3v`u2@7xeb{QffNu>2AI%$$(P&Yzb;5+BEz&d4PABG(4~8cDc5qwl zEyi6zbWDMIfm{BrF@k*1=S>lE&i4%O!g*o^I7I4kACYtv%nhgP?;>!awdsk%A_$BW zZG;S={z^LuppZ=-gxq|1QAeiTH$~9EKO?y~x%Vz7pzo{)Vs?1yf1J@H_qMTzZ`qIc zv|5kJWj>DByg6sXY5pFzK zg?C~u3UjVQoGVvD%7+PN`8oP9DbthfHo#=kpjUm2vZt&cP*!O=4L`EJBfO(WyqiAZ z7*JYStacklP0y!(Ns`SbvgXmC?F!GZ7si_wHj4!x_804 zr|@plLvVBnk(#x^y5bl$i&@XrM4tNx*7{h+)}-j0 zH9yEZ(;Wd!roo=v?PJM^UC86EBW)AlE? zi^loWD}Wbc=87h=yI`qZWso%-g!OEV}5>UBl$WI&gfq^Jd~mdODnAntKHh^ zoBtUvmWRfnO-nI%N;EN)hwSy=R6(kJKH3C1Qrf=k$lLXzM5GI$OM>4zOP`%p~aG?g93P$No}yP%}5Xs6)F!-LZp z{JvxE_%e9BJE(z&#U8T><2wjL@-CBhPXwc(KJ#sftT)Z0XD#bnC};Oqk}Uqn7rX_- zms)b>_=zABW$ANLrVvfASE}38kgQ`1Rj0JgKg)_{o)76CguW92B;P*^J4Kc9!ZpX} z>X&(f^p9a01N$4?Ry=ilrQ7qT?N`k@JF{xj?wq`@o*<5nmXKU)*@n1rM~8`82x3J` z!|YAzz~U@@n<#@I4t*goo0YB8VW#pEi+-5T2Yz?9cQJqV=o2L+UAx-lS^B*pLydV}J{{WVNQ(1k|MIf8R(xTu#S z>?(=>ny_<1d`;#WmhQGW$GKa+bzTPfYRc|?Fyu|#+Uw=SF=wRlK!Yy@Nt*jhJv^9` z>TUH&=B+h&exdw5?84G zjp=lQlj_I$Q;(ACVL_azyLRECr?52Uh8Ut8f=O_AzF9;)w} ztkBm%kRb0oIR&zv45k@c72KJzT=>zmb{~$icA;G~?q{zyT3Rc8*!SGk?PKv4){^qOC z^y(nf4&TUs5}pDnf@P2h&2q(33}38LKP%!}EU3 z*GI=ttG#f|Pd^v-0%3k85sfU`HbhxpiU|qb4**C)J6UOvyR%lUV@qId)=g)+Klazd zp3&e>sC4xD*Zm}`un2%c-aM9H?a(Lev(n5%!%tG-N4c&b%miBFsa z6|}HI-}Y`V&foBI9Ez4P=`%BerD@@Z7jyL{Od87 zDaE8XhdZ_1-mBb4McwR#U{GaMCU$@bRzwKbl4)$ z%1-Y=o~{w{`z3a$?Q~2zLNxH!>jvSA)FrTWOk=*2n;A)*r}ucw>nHky6BM;lLDKlW z7Ie+5LhQ0? zr+eS%02)w5*g^a z>ZC$BE~1M$Mt%OJz5;XYN%L@a-aU()5lv!Ya?V_FoFbdJ7E(|7wkP4)T(o!Xyqets z?jM&>vIb05o1;6+Ia{+~r4MrYBRk5Rs7vEf!hCoO3g3uV!q3k~uI2d9hDt_MTe7Cc z^pCvI;V00$8PO%xw__AK7(7;Qqk_Y#>xc>G;Uyk4J>^Yq;Iy4R-<`Y3Yc^9%JT|6} zU7gY!NAEC`B0p%5-cuNkUrut9zo!6%kO)nin(p7JM&k~Ip53|WTjMQ<_&5pMN|+;s zshE#H7T8=Z`g$VeuX8@h(uNd)pS&?flzzM8duRoYFep&|F<**q?KO2dN@bh0ByZ?q9IY2OHq}F{WA*&Ve6#%L@#S2w*Yk5~E>c1_a zOI9l`Q^}q4)k`t@`#m-|ij(}}ed4~JjjGkuncwuap`_%ne*#H8>L*DU<42mmm!ol_ z&X(@=zY=)P#`WeuXXE00k$XA(k@?G*z%u6O7tR(~BK*_FAbG#=(=E~HJ=_S|-p?BU z91)Prk*R*)$xm+uP=^mpV6s!W_g0Gf;{4_lMrJ%D&^E(C ze}veo3s3qCB%u<{9{V9Z22&STIw0wJ9l=evv9grNftf#;lEMSnpwmml^wPlw|GxSk zE(;tID)*h?pl4XhkITDFs6opR6faD%wW301Zquocu61o@O@_zt%h*wu?9C@wp95I}}y#c7^tYmv|CW$hsf$`jXlwRvsv%{621Jj-t>v6u<1HQJE2 zPR2Fs>gFM!f>arWvS9*)Jh3>mtF2fpuxxEVhxzeeQ5w3a1SaE-1`7X8vrrXQ8*Si# zyR@Fq=7U+m(rwi$rk2!cMm_3EQ`QfY2Z{|3lMF-&OcRr=wzulsJiRvzf9@FQd!fA{ z?SZX(IAjd*8&J3l_+HfXFjPs~_7L|Z?9}lj{uWq=e_9){Wz78)W=|()ozsaap6X@< zWwAttR;Y>T-^4&=fGep)z%P@ceT%=ThWihoA$%+s3eYr5^)d$aQW54BFVQvqRwKi(L4#6?`Jm{L9c^FqUEE~(Jb7rWmS77vw z+~0(F(;DaBBjw^RQhFId!k!T_ z6>Vie1#g`$bWlWK_NvZxZ4KGsKo1%(=+yJZwDC}@cG{Rih6+W>HkNznsU-5_sUb~J zz|Y+#!@Sd+qSj!QisrKuO$Us&nD*6RNu}yzjqbn_Kx(2JvGMB{v3*>7yV}olVJ+|U zb@Cma;7kNz&IOnGxq{$0nnsv&HLZV%ac?z%$Z=UytDFRP6Iq8{Kes(%>PpE!w>)R}QNIb@T#RBPFXI8sBk5KJZF#ZwCAp8XAmF1_bR;YBhk5Kx#=RwdAqrTrgBc8kGSokE~{H+bfCvYPGodqN&={mV&a_$Ht@n^rs}!ZC`JU*~N4l)T{?xQ_Mq zSKf%58lzVUP$t~@m;(E3e<(DI=6Ck68 z7<2`o$5~|h;>^l`wZi5}nruI(On(;Id4kMv zVO>JzKe$y*+~pQiZ^G^}Z+GU#236AbgGJk>suu+i zIen0L7s$A0;~=O{E4~ur8m;qEhjlLbr-4zlNF#yY=S#tsU7zFJXZ@j?XIl6rCycXD zc`*0B8If)7s~d^r@Qv5UD}E}u znCoZgbxtBK_s0C8pxJ@sk)54Fd?)=Wa@l?-)wu&T#@D#LAlI9}7|WS*BZ3_V^)k9E zI`o$k%i4K)>Ik&cs|sK%E#RJR2|-rqb*0j)D4FWW=O&KB6Z4*Trj(pv`U_j@-rQZg z_M7)mgMEsy1g)Bq{y8Qx9G7~ROYr3h+Gtm7Bq2r>UsvhK#g|uj+OHVv7e9)hZ_GVx zNyKZTBulo*Oq;Hi8+l05Yz<$_SrIsKtft3skv}PU&(~HN?-`ftnZHQg`K7kh%bS-q7Nuey4y?O!{cu&2ptp_UwcBD9?J;b|$xKkZ@QU>#8aOcgL~%lv z|A%^E>1gq+@Pl+YZgaV{G3s}7B(duXQ}<)$SvFq5gwC_}ntQ|47EjHFXz}f4@Q7;! zs@$t_*F}NDjcwBU#gFE@&F|5UnsXeT$6EVz?SM(PIRmaQm@(Gl3|mp;bNAg`&&BU% zhnLX}LYfOO#Yo?4R`+!D0{|H9kqr;|KfD6)zTk|L_85WLwW8uNWUv0giA5IhO`3Z( zBoIM5C)sKp3pU-UOSoa4WbOGMzq{Q2G`XR2w1Lk%J>;J$#l26(Rap;7`eX}m0Y^fh z&f{B2Y;vC9mGC_U(J(I|cdK+T8xd&&HE(;azIKi)OVDpVf~*?CV8sK(*)-V6lPRw9 zEpaai3OEn3eI?w~IDM;macX#mMQr$DN{%Tp;gXL)OZJ?p`G_UWZTXwZ&lDGDMwuAL zQr-1;?Li3`M@|Xu>-1Lr4AcAo$6dxowup5223o1-dtLo>*U&#<2cg}H1zU(~>02&d zxO9e8t^VB5b&<9341ev+*r^M>jik?b>^dE2&GWo#Cd&Wbk&vUt{Jhgd`S~5w{R;L= zJjSjTl~|t}@{V%v^>J9BT*=I|AK@N>HVoPbi`T1Bl>kp2Zu(t{+_qP)=h$-FJL>O6+`;t064%!;Ua;W|WLtT|AJU&*I8Y)G5YZ5}c8#-oHCD)2g_I~{JliU^n zJF5Q>xVY@s_SOK#BlD+M;z?oR|A z#p7u&Fg~v1@VPR>$2_sr0$GK(oHz%l%+~Nwr@XaItDm#3mKSb7^*rvC=c|O8 zDMCC!eDP8^In54fX6Xze6T)`%RANvTmUaV+Fv=qKo8i`~q#Gs6eZVb^l-CG#e1U-k zSM|K9In`dF<%JfkDRE5sIeKgllkxD#5S<7WUpjQ~|4LL54Z-nDkJ z3GILYGo{fWw>3vDSqM_1q!F$J@x}1(OO(uk|7(lLIm^dqXYw=xr`HQDeX^F1c@bKW z(rD7n$19Jvi`V^j=SKE;&g3QGfTr#-3C-!&m}qC14uGzVq*qSkx>%@0-+yM(&!~FZ zZgZYl|Gtu&v!%z!`H$1qrvBr!b&8&yb_ODw*6tg&D!6+#cu^q=;g}zQb3s-wNY-48 z{7bL{w~5hq$~-jfsHf;(?mtsvzdC`l)AlJBy%>VCs`;yZ*G5Usrc$(Tz4V8al4Ber?0QeF#Y&zB~Q!8Lu?vF(#1{ezV=L~ zE}^ne8F&eFz^Od}<=x#Rb+VvOj-_CQti2`bpVWZ;##E*gdOdYdi2$v_u{7gUCJpk0 zzc{Q>!EPK2lT7R@K}z-bJ9RWO?a+7|so($lUq?KfLc~H`8%urP!YaaM9fyELdLrah z=;d;ng+ES}Si#I*E?3`Wyy=mNT8i8iFitc%iC;^TPU!b1XQa%-OO+uODQ)i{7aC`* zLcmM);pHl=DNN+0lvX#wz-Aq(x}0&A8*%zU3L_$QU-tjnt0=-I`dRmp;*6iAri$iS zYMzI7BVHR4S9XUOa90d?q$|qT`id>w&#HJRHexy7FBX0Yo~V|Z143VKWcrpPl}2J4 zCFJvz!Th0vrFI(9Z$s2$H_Br%%@XplHA3FPQQLv~aAKqtCSq-`HU{%DNp9@O%^-B? z>c0Q9O2#-LpLv+B`dO(;t;=IoHB2q;hyol8`3h4I8|aMQQCN^;^#o>$sU)}yDu%?H z*u4UNFwj}DiPOXG;I5LK3nhe>x0i}@=Bh;BHsJcu_w3XBQK!PdN#zM?r+CbwynG%a z%KGohQypAB#(Yq4uKw7<3W#F`4AQvi3n}uii}Lv~LN@Bxsg(PQv)+)!w;8I{gPsf%5G{@ldu zqC!A+XUVthu6{8xwU>YUc+C9emhH2GtFk&$6!0;>&~SDv%<+))T4Jkl!3E~15}r68 zamoB}%)X(4py_saS7w;OUJ&umvuSU5#5B#_RG3weorRi?}+zN^w`X|!i^>uD5ExMt)E2q16SV0oV8k;FD6Pj9D z#w$>}J%6I%&q(Pwae%@`&z#QFW((|SlQd&Ff%8|zwKs9hXtCknmoB7Icf8QX-;A=1 ztU#G9|2tUQoa&DgIN;^ye84*6b6VNf$l_{Lk4_2q1BG=fY{Pr5x9O<=sgn~A2~|dS zkTOx4#wZU77(Qi`a;sXvXHxVdc8;RC5(orbP4Y;Y!vqC^YroyF{PSQ89D;JUogTQq zJy@s4Jt`}bY;D%|`t28?gBy$DEJ(RFiOVJOG2Mc?vO zX<7c{%q^J{XP&-FBT~;H=WMc;7`s9B1%TwV#AxURHu}W(UkL_G0wT4X8!!Za#mGD& zMWSlJAo;!VF=~T^u4*^_@raJ9JqxF%a9abXiBQbvoSBirSJ>(IO0*%|m?|qWSQA-< zE{vwlsP1i)Z5s3n{SgxbHln{2C6I_woZff*)*or?@IMJUY-_6r)Y|vXlCO}6Mf!|Y z%x++SNNQP7o4@(`y}U*F!drZ6t*lqk)a zUpSde!REUh-#F)Xo|Gy}&yyOZ_E)X&TU$_a;(2n0G6L?FS8(K=ygwa=SVjn!8!rMs z-UUE8cGoHiGm2*(L(l5#4ZS@gScyt37cJ&md=TEcgc(@w?rIdwzsaeWqlE~-v`(qR zti*5>pOvWWN}A5jdXP*Q@HtUxvgzZ;Sh?Xz{l0K!_W;0RD` z;O2wO>kuy}v&0Iv0R0?dl7i|#)B&%@^_9k3yeWrweNJB4S@Vg_Y$=FsvKlj7=VI@j z-q^YfKrAz=3>R%9)jlm@LN+OLQaQU4NWF@JFZOW_fxnQz zF7M((ovN6|{9Kpf3Xw3k@_h8jfy~!|+&}I=e}-vAAl6wtX5b|?Ef_oYgW9KX31t*s zk2MDB3aLyLskzK57SuSJs1X410GXQhZmlUD7fcyanqp|8(ALWVLIzH#URm5DZ+VF)cd-wQmX8q48AR?9Zg!no@Kg zED`-HH3DXcY}edYy(g`%cV!Z~K0WUlflJs(&IC1<^-j0b>O8HRt8X8eNkuNVvnO{X z%Lsi+rn4oyzt!K4TwHYZ-2PHzb1^I<{camIbaiIj1KHqVGi|Y94t@2UsP5*tBz+2b zHy<3wQv#U*n3agDnAUwxEoWlkq>`#~(xAfX);Q*dMf~J1$iI-cwJ~cE##EWm=6qC& zVR#<)37=$(jFCc8@Du+_(MI+1I>1~f`#5}#RzWUiUXRJcqe~NQ7kPea3bPc4yWsmJ zUJpCa`5mQ5(QTW4`4*=;TUyeIwkdIpOM|0KMpUZXF!g8roA zi)7YbAI-(q&sk5{u2>|?=iz{f2TQmKu(r0?Q+}72P9K&|)6}{32*xaPFJu3{I(vC& z4%H?P{wufiO)2hEtLy9(N4|I4%Vq9`3e>D?uFdO1M{doF7n1NOIs#o9?&B2~GyoRT zhS|-`FBMBk)alsUvY+fo0F?NM86^!{BUWqJjkMi2(pOWV7RjgwN@)f27k5@Sde_{L z7(CE>ChP=6TAuOv4Cjk3#H zSLSmdaJ9f9h%4cB=DPI{YjlF88Q}JQBq+7Fe-h$Vsd?m+VEK4ku3jJkW={W{`8)?F zjh|GlYYJjwqd`+YpQjI%*$52Cg42#Es7}#HTpxD)>o+*uEru_KC4N0_%nvQ(cwW5) zf1K;TDeL=DdG~ zL8Yw9AWj{~BU~C>bFk9os7}*o3pz=nE6Jlyq%|I=pk`eh?^XKops)4#^lNa^dAW@|+p2)QaKtDL7^wUfk@+z;pV--DAm2qD_w! z;mk`~S6K6SHG>U4Jo)^J7(@0{ISPy24Y_?bjrTwiyJ8AW&A>A6r zprQjhHa*Q4`3dzooh*V$yk1*Dj5c;5Pld1{I<~NKUyaPMSj0$k`nJc{OVM|(?ORVn z*HClxgLB;M8ti%+K7SeeJ5*3XdZ&;0B3+1@=qJiE?^W_3C?sZB;m!|^8oN%p_=yl^;=r@ZOf@0Phn%XBLEu#j( z+C^j1uAVzKM9k`N!*ydsi(+3SekmUrQp7q({v!1AJkFmVGV|2nOZ?T`9G)nOC66Jp z);E^LlnlWFKW6EdCxHHAUtq*>3{}rR-7hTgUmkvPR!lU7(eW6E&-2-+6#>siO<^@t zxxw+4uHMOTRZ(}slQm1cdzkZS&ev}%Oep6hz=N%V#$Bgh+zl3`^JrEPb@ga=6){F! z-FE)eseVIKFgMLQC)=|1vhA`w7~nmPZb} zQ{b@2!ucD#+C}BKE7^C96;W7qp09H76*J?`2lu`fS z`S4CyrTi;GU`6HIT$Pr3uWwZ`L|KU)pW<~n8o!QvJ2eJ5mluubaAbX$x&A%IGF*Na z8Ra}I;AHJcv3H%y%Gkx>1gLguZN#x4h=_E7sCX|YOBqUO93$dcrmH)4?Ebc8jC@WV znOBqDolh^oDI3vV(6t$z@PY&;k1HHqor7mxsGB^D&Zo0Mfygu!sUp@+->y<^8q9oy zL3ZOKRDpD*<)XDIb7Iq2g1^UsI9WLY>`_zXhRH)d*aK=c@t;A(HNO7hC^s%DS>3E7 zNC$mJ33x@E)79hMO46ABH&R2jV?_l<^G>(;02y54!l)fkvZexC2nq4B(hBCn6Q7c5 zRKHAMgE92R7JfUOXR=M$WRVf19@jO|$o(zVcAF1hiDGKZ7ZZx{hRNdV#+W4Hg2s@XAnwWFni}Pxyu3=2ojSw{v&RmM)CW7w;*q!H9XDP%k!kXIX_!nlNym z8=AVVD{|+NNA`$c=v1&+S{J|1kL)SS+|4mm+u~oQo`4?KYX_yXLP00%1}v>hl4oL583A0KpvbNA1R>_z^80@P&YrD9&os z^d*^Um|)fHhP01V1yRQQR7K*tG!cBH7y^s@nVXdL{EPC`I@98#rV3B23)oV<44&&4}7#o$pF=M z|LqYtzw_DoWm8kM*t7p5vOehMOgd%$*P`Tys~gB6UxV%GX+~LtK*OoQm=je7^y&Td zIR6W#ijwS>?w7u}b>%9n?{^1EuLp7rY1oh+F`;LIByl&scH(LI?`R9 zLgQ`Oa95O#-5N$8{PO2QbjNXl14+?E+kD{(Xp4(A&KzllMJ8#Kc8#6`BK2w1L-`AS zr)cicFI~~-Sp3ddFhc3b1b8=oWEX8cH(Ylx0M-E|Ziv?5)!4|<>UXD|nbW|LcKIo~ z^*@6kPh7%f-R+2%g)97oXGSJ(^l839@(UDU+Tut*+892G2Zps_odGY<-n;?0d%|wh zxOla~(rLpz8yF`1s~F@O{Y+`4MTMx;zkR??kTxjnCDbc5&hr!Bmiym=f;lC}Dz5$L zlEE$rKixe+8sw0b%wFo69)X{gT*fc25YS%S`Hf#BW0MNhvh&I zRHQ(8&FV5{Wf6NaOs%4^KzU${8rt@qE6aWdEh+qG!AE}J z>D4k}SS`DXZE*J1z>%NB7sg~;=Z2J^xfdL-lu7h_JY(y4cz;66pDw471O$tQ4jmRc z#;ipm+IKHse!LPipYS+Ds`{K2qJsF}8+(55z7;TWAcl0`8mRQBN2B3`5D-)k;uwC= zp`TG&esjQvnbJ~Ka<+CNE^c`l1pMiFrPxKY8ttN@tl~qJMb+3fBJr93thMkkZ1y<@ zK^WJr%v|7(It8)Aq|SG3-qW~2KwdIgARYs=Ii>yd5OPv1qtvDo>wHsR+&}+)_SG>r zmrd)+7Z;~4HLT8}NCU*tSGc0zF2rYEn;Uo@E-x~;lJ}61ER+XDTAvyMc6)ckY$*i+ z>W2QG2l8Xs#>mFD1k(*Nahbj>!CV~N#G3{!BfOjzGe`9B9MXB5kXVb?kOA~(6X^WEYuXYk$8sw9z3!NVoYh!4?tb{<9 zHx)q99!eVN?(XjH_&wMAz25IH#t_Ev zoPE}wYtFUTn%kfO>M^P!ZVS?9u)*wDYXt>)`}YpU50q|AquLXs8FhPYLphW5%|B3= z%=OjL51m86qo?;_J#Nfgt1=&Ijind|TPWnqR!NR2ZQh|iri8fXK4~A3SZ-_DH%M|x z95n?K9tt4kFesmjnUR*{L^ERO2z;XyH{$;a=}!46I})~d4$Y)>R|c;6Hz?oni!*!~ zCSG7Gd-?Z&p511xrME$D)HwWzzb2m*BlQywv$d6;v1b!hshQFENHk1+Lvx)-x8@Ps z9)rOc?^*SBJ33!PA*BXjmE#+a{5J03VGn=@&a0P3v4#0|qX#F=LoAAs4z;_mBGEjz z?y~Fw8Ik8Szd&=G^*hzkAq4)Ev22$@4+u_V8UBvyDTm8vVV_NZY5_fx{nNet??q z`QzQf*GAme&=FzDOQXV!BNj$8 zNFEJ-Z~m%4?AjlMXLMILEC^n?ZflV!-#;u&ocLl%nmFCR_uN(qyzqc<{btAo&-bW+ z6;$&Zl9-|hm}s+NKH9{$5kLJhdP`<*P;Z5z*og5OA5FBY+`@DEGUO^LKI*y0^}~|% zSMdVOpHZ^|eh1sY5NlH22=>k>no;M*-8B~YRnI0m;zoJC_+Ckg%RW<6z0_ssim1yqiG=tBiPp6}ufBEh@hxVAHq#YmS0Y$i{{{$4`XaxHyX*W9B>Yq_t522`p zJP)<=Io7IzgtxfWMx!>Ipks~=db*X=)xU_XG!UHB9V6bb!r`y_;B@fRFNCkIoL!ZZsoTG_pkX(iohkLldg`Xp!PFMWppY75#M>C^TG;(Ru$%hmH<#A zFYm$|yV>Th&J^Uoo)4M1sfg@>N6K)3Dm1-G@WF78_I#WTJf9*{Hat(c`}+Lw+I+DD zwB0i@p1(ft3_Nn2guHIHJps<^S!=60rviEq-yO#yCV@83>uXwZT*k=Swm`fHCK_As zQ%7`fRU8U3s>@LD<*e~T?z*Vs%m9@?FM?6{k&t7Fz+VxVipW~h#*uPhf7ro|uOo3? zU-yndlf@*G+RC=KSlN_J1p+UMil^;3{D{>q{V*vdx3GwSA}#VPl9*)y<`Q+; z{_1z+)Do1>+~tBoj#an1EsL{by_L+w^UrDSv(VI*;|{%dp2|z@+n?^)>Sob$aVQBD6tY&tQ{4JCfD5w#~+RuVo zpbBN~M(sSD&W(fxF#LC{q+SGz^{c-VQX5H4-6O}LW9B3_^emKwQmtC*2i2WXY^@R7 zh(=Cz@jzaS>~dTxZIf3%$4D7Q9aJE~em8WE{cu0c%-M39dwI?3ImGk$@uW82Zb<&m zbJ1IUY)Gr0cstLB3Is^)jQ%@r-mf<+_p6AnZNOKPw`B$^lY$M!6%6lQ0MkYy>~PUu zOh@qsm(H6fM|W0L)~|^F>~8fVv;&e~Fa^VuQlI^nb~xq6PO?4|EFHgzet63LEx>?# zPFEer>aa|*E5{VJnI33|6Tft6yz$Lct3w`Jv=g$y=KWuwvc4{`t20J$A6sO-zGS=M4?u@XD!5{_h(;Z%P-DA-u%F^+I;MWm-gOy4Ts!$NbeE zgqkTzh4MS+P(4#ToWz{$D&mVmTeu`jfCO8CXX5w!76OLE|8Vw28coV0AqW*jQ1)^t zloMFK?4#3g+UJR&u85lh7qCqB3gMRNMnl&vv-hoX2q4&hkhtq{R$mwqS1PgK+%A2aD@*BV4FBI93tN7bv9 z;N5TdPPLoF@bD^Zs#<85I%KC=v;W1jTh!EGNo}?6{V@1f>IQJ*@z+=L2Hw|0u&3lr z_bZ_KZe1We=L}%PMbM$UBZ9svTwB)k`#7tKKpZfVn@cyMDfq;BF7aKFe}!Zu6syT| zAiNgAXNwhQR`b8e6)4-M`_<144~|>`pPZ4-8M_t4=WG=nSdLq|<&P@o@%8uz)m3&rvHPztO26t};v>#5OYVyHT!fTgo3 zr_49qM2r*?`lYsLU)na$K5bSR^5dFN5UNtWTd%J=v|BPg_S0_ZC~pBk++R%<>YttO z7#)c2IPxC`U3s* z=>*&9Z|Wi^XRDgSP1=J@J-65>m$oUhu*nB(6WiQjQtMkQ6N_EOx2 z{jIbv75=C?qok#?;nP^&4T6K$Zr0|!OS}d|al4iA@B5T@07%5E>7Q74Dgs0p*NHGf z87^r$L7PQHT}VEi?ki&$tEmyAyuxyWO6dm`rnZG>Eiuj`=(Rx~_Zf5dZhu@J%hz#t zR1mWJRu8KYOzvI`)bbQ3M~HF)CovT<(VfkYjVRC;od+|+j#_vg22XO27n9{M4v(E_f& z7(WJ9f6TZ}swvE2z(OCvYd9`al&!Hs%JS>#xJ^@fxz>gr=<Rbcngt$LPl$TAk{%Bh=EtEwcKf}9hE$(C(FQ4WnvNe3 z9E^|I-Ydn3B0lY{OT^>u&)Il_eZV-s9Nn$Y%5!MxKj_A!5$MI^?J~VgTip)VN1OYY zp3y|>>8!dvT|__lxq3v6M6~sCC>*{Vb|~}T-dnAJqFV>Gz z)e`Z3;kY~;oK0O-!Xw;ryp*N4oe#sborSCNAg|cBT|u};$|*`$`Fln01r%jX&4_Rl zZaKely)1d^e;N!pCL9Tae=ZExWawUf?^Cew>?K=&O&B}gr1{)8!&Ro=x{Y>`3Bc=f z-S3WnMzlxr)%KFF#CwSX@Nctm<8BO>{TvRby?fiFk{46r6s^(}E#h|su|3GnP?G}< zw-b25tz+T@*EKYB;RETZE4{8!e~FmIc*Q=>bAOYVHWK(Ix^?LRgbrJj z`|SIy{vY$m#QYmVY8-7WqQpLwT z#+gOS{kPH7WHvQ(EUS#N_S&HC5dJz4aX2PtACp`|Q1Z z6#x;8P`v$VAI3Vu?7C0Doj$z6cJ^r?`V61mBdqJ%0GF@iiw%+0%`S^~Qq1X{bKeiN zWJ;|p!~=~V18C#_?8#zdPf5>QIHpe%kZgUam@&V4J6bdYzh6cJV^{P|1CJHi#;ZjCbC#k1u$3E?4Lb^RaO>mjAgDCD_qUJ=Inme3TW>Euv zXi6-a1)JlC)3wwX9RlYAF}-6BV-~*Hb@p%(ccU6(VTTqP6hXneGd?9|NDO&t=`^pbMRm7Jbz%Ltd35uJ-WvWz1BbRVw9= zy&U?#9goo8&ps7*(*LWyxG7-ji)fN>n*>C?m-)7q%{%oy!Trb!Z)wsU1nk@p8@>$G z!xYi1y7SGtO6~{yaBWO{A0x}lmkFku20r4_Y$MRJB@e)%<)av{%LB^N~ zW72%_X06goWpKg*5uI-g;U62+{u^_b#Yj~H$DArS<}zp)rb^})=x=lV=7?zb=B=Ca zOt%!>#xgHm2NG_-7Ob!Uo~$3j3h;$2N#cJD++2CvITm6u8ad9V9RJ)Tur4`50RB9S zR~b5z^SXZtu?eS{IWetMAAjcO2Lpj}iPTG1QwLT3Z~YS5pOcBSvPJU=Xr=Rop#EdXrKLal0q(W*Jyk&%W0ro-$NJJbJrV# zq;$TTGz%=z6w<^3fAV^<@* zr)84xW=BVHRd+OKL+hF4BfC(LWX9ZBieRCX0XEvbf9gzQ?`_LpcUfrdnwQOm@-&Xz5-+i+?N@G zEE4W>i7lCk(W}ic!irs;&zfjBnd?8Hirax_6t3@xpO}6_AF_Y~GZYU67Wvk>V+`U) zy1>)JV|?qX;=yC**_zlrU_nN9`BqG5R$5Z6n_n`3F1rzzj1F$-1lD}_Z-Wi#ZT?T^ zfc_&LFjc*EA?5*QXY45Q-ueWzj#y@GnN3nTvnAY?)$+8`t`T-h&~l7Cf{q!;>tEK| z9s=21WI1A@Vz>KAni}+MW0fJ!X*qf3ZX9gJ*+4DUn;z_S_H{NZt znKa?tq1ubLHVj07aYFOs4iAr{cJ!L7gAj0w_ZvrZ}3FPklf zaX?VBh%)wB&;8xM7BO$jiZSAjv)*QkxCGurLnRDE6bgdYC9ddZcyTdYyh6p3i)0Il=FJ znZX%(8HPrj>)A)b*i=~vIU*3B0q+;qq|cFmx9#%lv*2bdI@JBqhDOW zrwW{CSM|}*F1_+RToC(V`qutuX>-@QVKrBaQ|;yZ5z)-YE##kZ;W7oasDz$&YL9Hn zX)J&ux>|I0>5sg~JSx#Uja*X#$;C%O?}8RYBjAi$H<9Q9{eo{!$2fWp4qOK>Fe zR`w_OT;|(KUmW?ymHwVz_!?B6@m^F?Q!zGQMhNwXsZ|)_?0QI)IrPGC30T^CE!7cb? zN9fUaZr4?-kufkIG*d&KhP%+m2&s;?Op#LL9%B#&=mcj%ZLuz)$4|oEr0p|>c0qi{ z@G3^w=yafHJT6~ju%QXT`vc`oRe;QS%;liBRlh`xw6BJ9EEFdMUlsBgDWh{2s~n81 zj#y`S6B$xz_M!d;2b8{;%HFe{vv&# zpTo@Lr}V}?!rtkAL@nLbCios|r1(QGR;5xHG>;RIba2{q$+mX!+YX?es0e@Zf2iT} zt6g?1DZ^44oZh;3Js29n+_hM2MQy0b7#J7(LyAV&JLEYXyj%=&#Jy|Jq)&cI#BIYS zUW7`@wItpNo+yeXu#UtAK%^5y{V!oe;iZVhAW}@`+4B8b4meNsoeLVW0Bb;i3ctH$ zlJJ3D7M*jGbUyA;_mb?{A8yz-!#}3FqX?Q)bB-NVyTO;n^k0C(L6*Z-i|zkHm$*I@ zBULE{zu~3&S!iJPz2XU>M7?*zFC zu#seyDc?XOXamaaCJG&&;rVq5MKw-NSGf)nZ^uejsm>x2qol@v8j*l+&N%{U9>=)j zckOu)V?q+I&N>KVGk?RO51igz_!#@VR%p^llzO_ zRqc&DoY1Ydxwt^_20|LhDC5i9C6uS@=R@zDz@qyQH5b7BP4k4YONM(cNNI5mpHNtb zhc7{Bs(X!eai;SusH9ZevN-uO6ILiojqPdy#}j7kc9)73J9i1Vk>lErlTBNY;?z9H zj8adt!A=qNMKX(#@XJ+V5cc_UXOxCc14IvPd-42V2poG1!eQe{ml+0KJ9Iu~I6CG5 zw>5gGM~B^Rf-vO2PeKL)@t@!su#iWlz1kM0A3>h3-QSLuk#5sS=IgAA@vHEK1idO^ z88Z2#5J+;L)@BiN5r#zxc>HsWkK8_9H$_}kji@SNFaKcPn99O>ddPF)X+rY^Y#Z** z4gEjvPd9rFx;Z7(CRz5kDKBV68J|l5Q%mEn#nvGL`@_QYy8&Nmc{Aa?>c#L!HAzQo z?p~lrhHj?YGc-Aqw*J)k;WJVW=GKPLO&rXG`>GP96Y}A5zuYPA#KjhHNd`=j(m8_- zR0?*zb_#StYli--jI&H??5vx7YpjEYTFF=TOar~QAH@!wFV+MWhTA7PZp#{F9rK>< zc5ZCzVGqdjta!+5U@;MGhnMlDR2ygbAt6F-X#-Oa#A{O4BW)KA#zTcUlS=nuOfr4-Lg=*)fjhMQmMUdHMH-l#oB*X7tGk}Prb?#t749e*|8 z{JLp2Eok;ocr2(&em#(WDnCdPA)ygWos%6ldUp}kq^cwGGX)l9r!?xJf?@Vik@mwh(QFwelWl9{mcDaiD4Os0WpX)@dOis0 zMCx=Yk$;U=`-04+oboF`co8TH1 z1_aeictX7OT5^S#~U+9jMs5y$~yLZ*a9bD@m@4CjA;&g}qcj)!j z$2=gRS{Rp_$I0?!JiP&eOnE3b-h?>oHG=iBhU9iBUt|YJPy7$_WK>B_LlPwCX9z|< zO~ZT6gWOV!+0BffX$SGCT1%|nbRE9{-EIIzYU0&XsxDfqVF;K*_y7F?J) z0hTD&j&v5sZ21jo#If-IX_MHQ1Qf>v7S=WyS?}OhqUYxv{p>8(cg^TxgjylN);Gcy zle7}w-Y2REW;WX?U|=gDl62oU{so=BIW|8#&Xg=`@PA_57Mp8r%|Vm495R|u~3jw@&z@y|D3T;V6;n5XuejKzi~jd zwjlng=7&kiR2n)sOz5@R_q|BZIjG7l%l+9BTZWO83cVDcK+o=tP69iSdat%G!njI@mrH zHAGF!qMbXHlk+6!bS6Jh&%9m12#ecf<@U*aVfY!#~ z)Ks?gGPAm91CCjE3PV=)MMr0Px?D)n&n}j=i7y^}(myi>jHuUDipjX^8vVtz!g1yd zsKFzjQiR+Blu-ekw_uB#aH5bC8!ky-EmVQ)2)aVYbZ9eaSjS>AIIwehm@q9VYZbaI z4Yu4jDJ}7ab|o<>a@*dPah<+N0E%}Cq8Qv|-817N^!$X_a3SwnV;r=gdB@oX%sy1v z8j=@z!H=%_u@qU6EYEJHwkhp8K~U)zwb&?nr6%3uV{LRwFBX8ipGuxk|9lqu+28b7 zm8!T}`CmNK6*0}osV!3CiK2DlcML@arlgfPB+Y%|Y(P3XaG^r*c!1W%*Z|B2I`xFN z!3hOlW>6Tamg1B?FFFpcGh{h1fwi@*AC86eY|N2$WeDpnW3h~juu5RFZ{2VyzHWVZ z$IfS#K4s%$#CJv^4Y}Y%#LkmmvL{@~u0E#0(=9z1+~CDfTePdu-XOm(N@i}@zM8Em zQcX7?p{B$!6rLX$2c(V@S7ZwR<52BrVHybKR#d#(*?+)w2!l1ZE^(dyJeBI}XkAQT z>PP%*_`#Z^VTjOAx6`N+%Og&-HLz1|%g(QY;JXx4M*UZ1=x-@!g(}_=dvZxEyHFkHQ}0soXqF(>Fil9~3haxw~r zgA)RrkIcoq9-WJGvsrDNWyHD1TNaq8F7` z+tVMUTidKJ%zgP}etCsV(p?t@qU;w7RIUr#o7#cHkq&HNX9E9Yj%eD)AH};PMD)b6 zW@J>(b6>V>fRA1fA1pr(U(Ef2$KF^F`MX&@2d1(!rI*Rpf;S6F^c2NHG%iC^^Y@Rt zykN&JBca7cn;*=oGNE#|71=+3psxM!m%b5-Fp24@VT}P(C%YkuwdybVLr7rn9*J6wK7Kdt+QGmM>@&~h0wYdP>2}`Z_C-J!4bJ8H+F)^T{UX*4n zLxrud!cArRE6VSJVEdm!+Ty~*G#)W&`m-EXl-6BvFR8dwXL&(K`Muy+-J*)ozAJPi zvC4d@N{hC5Ec=nJjIEjM3SlirG<*gp_xo|}EhdlVMdLBK2_7C{;o{j7I5fVz<-y^U-^xh1kHSXvN zJ(Tl@?WiW(zqF|uW|?Zweu+YiyBFtpMw zugls-_Z%>vzkeyoDqs0P>pb1&{x-y$_|BaGah0orYj(-4D;w9E`7(QmUuE1O;A8q! zV%6C0igl*2S5Zo^qbl`ZaLYE7RmG80OIi?X_#P}SC2iZ=U!KzHmJ{eS5WjAr=Nylg zCQu?gUmV{LP2|k*3qsi%_zG zF=Qq^yAOQ9r8CSU3cq8&?{?;@Hq}?3X7k!Rr$K#XNOPQvx|M3}loDyG5WD77ymWf+ zE6a*BJgwSqUcz-d4fA7siRI`YCM%HTenu8e^uv->#}heI=dg@Wi{fA!#`eYny;eKu zIxS&;BZ5;@**-V{+@XfTu#*^vDmUmjvOD~cm4-h&f4h2ghX%#{+x}&g2gM|a(=kTK zB+z5Am>T=n0ap&E=N|DoR!&S+ z7}1~fYL+9oUuldva)Fue#yey>c$Up^oRqRjqPYpFv=(%fn$dpWC=1D|%SM?-t)TNO zu2P2av`@<&^^T*lf#1W)?xH`jn(-q{5v^qct$nRgFxqzLws znHh(U%u;Fw+9_k>rQc$Dkqs9yIyoi8dd9|Cn{nunhyU}=z#sUZlT{82PEgGSzqDC> zoRZ?Aqd@Tp7jlAiv+A1|d@bexoU`1ukx%~WS5ya5#s#>oA2}t&VfU!geUmFwXw)p| zFn}X2qaW^v%^g8ku!BxfoQAR(!T-LCp=LCQN0AxrRON?E*{_@WLJW<^s1@d#VRzy~ zD`fy5d8ay5US0fUQ(!y-#4)>k-fpKVTeWjDchE@8Ab2fdeDN*}rH-VXTa^>bTTk8}im1fR+*kW-Z!-Ver9G}L>h z4qm^mUr4Tiva)vC#bfJbc-Y$J+u($s`UtirL=nyhif`qCkn=HvK(W>mhl{gp38f)&Ut?OX@EDR`{s1p|i<Zcbdrn85$lV(AxZZT}JqW<}1VOQC4YW+wboyoY}$jNgx-` zN`0wj^0(g7g}yY6heB)5)1QqnYyeLe9;O}Hm>0I|6-m(G@4;y?WwyD!GH}|uS5kV1 zd&7fnGIzQsOaZ=SG}V(F)+ehuO7uG_&P3u}5YHta`=zGYi6Htqj?Lf1Wl)|9#gkgr z0g7_?Sr?6Nq#a|tELNpe+iB-;IOrS1r#>&LWG}$J*CgC53@r*iD0zeaBubIy7qa?+ zSNx38-E|sHvY=P1QwSSRRcmZ^r1{wRx5|2GE21<;jKc7YL6(ZUp#8&iZP4z*=hMKM zoaL$(PQ3hU1XWzKa$mM0gofV4`aI9xG71frz&nwzDQ4(=I)3 z0^W@5tU6wy9(>t4cB0^j26|(o=OSw-S~sGFcWMberb$f!Di&A;*sq%RsPEzE+8OdKmaDY8oG`yp z4Lg(AqEy(%*eu+Hde-zsg%OgYz*=C(vdZZyQ4|wis3W**46Q%F%!2-g$UCX=+T(E( z+h*Iq2x`;(_GPzpf|S)UU%9%@J1u}z1LN#BmG@fdQsr*+R~v4qO1D_KA|N(dOho)`7xM-g_;OMiN^-D(1mmi4uAV}6~CGGOqumALhdw3kLp znz0>91!Da(0_M0lt15o99Pkf+!87N25NOfZUI}c%p!S73EV%rN6^X>4E8KvH}(V2a}bKnvMJ;DuPGe#z01#zfwn+5NDV=MmhH&G#%2l@2#Hbx zz+D2pUp6<>E2G?>Us?zIfX%GWh&8d}S+3cvEF=}__0Rt7l-4Cq1b?)ICyM%r zc!LvvHP!BOig*h%Z5SbRy03)>>VY_M|72%@U83@+FiC%d6Tv?w=iNC;C^%IyKhk3; zXm@Q%b$;pL7N^(aQ$oTZw=WB$-FRvHEV`nggER>4JCBuH1n7-b!hxy-!VhVUwW{Wb z4^pHQA?lDISuA&<9|LpalK&{WIg+Khvy$dGQ9^u=AVTk@%0m7qNn}j&{sCr^3fxCJ zh87}IvpV^}!@R$e?(0v>hdqmG{sngbYgGXyEL)xmZzxgDcOdGuZOWD8fO17$o)7!x z+3^(_KEA*fMICTV=b9p)Ox?NKh%J!!ptbqy`L0Vl#MM@*d3{^E+6sa6kX}Ky`B%WZ zb`Fh+^tAh|60c>;U96ig{OZW)aZRVc-WEcpgu5|TG<7su=R>BP?%G$PP;?Y5gI2q5 zE;4D(#Qq2(e$W2+=0ee7$^}L=xxE|dI6nJrz#nTSif-a)Y1BA%n+3I5frU|mBtD=2 z)w*Y?n?Co`)o^MYOtRU3dz^bRe}3G=5@Z`l$^BX1!HFedUT*$=BR%+nluo1Rtv<=t zLPW|6fdL@Vv|rLvBC})BRj0($iG_Uq;{gs*IQ>DPU*IdL33`KtJbNgr0D!;SemxD6 z_7TEiRyBwku>x<$^w>3iF@M|wQAL@6Df$6kBI;TeMBZ7-;@zIWpHAPPEK{5!KH-vA zP>KDOZDPgL;d%YxMvE|5JXfR`zh^eDs)RIslPY)91-`4Og?&@aNjveSmqHR`ewMS- z_~Jg*7jAH`+0q8+mxRcN$Y1|7bTV9hEz@r)+?QIf+F8Ob)BgU2p^#X}=D)q|mhd z`>ANUtS@N#L`*SdtuRMB`=U@$8>y#gulR(7Ify*tO!ZK9ED2JrGey86@_&(kpsZPD zskGUjssc{XO7oB`OiC%ooSF>6I8XLGC!W>pmyNoPMdIj3@!B)%eaCP%NJgg*6@Zhq zzi?Ri$9EecN-CgjQbDSp{F#`9KCCb#%u%rS`;BM_ESy_e-;o>fW)l}{=K~*S=U5CE zx3y(BGig*r|A{LJG!XuC8OA_X|>n9_=4!Hpr zsLI_3AGH#h7o(+h#eS~xlZLyr(Z5G24A|aNd=65voB6^2sr;<> z(&K&dz)j92SFf!Ak{q$7*jvnD7#lkpRL?u7NB3vpnew1e&K)Xtg= z#zwAk8knNf$|7%Qxso3XzawYY)6quVv|5_W?QzXPMoL_V%|VcF7s?{D%tTWRD=aTF zG^5vviujw1G^CX`dlIG_{$bldd7PEbqT{JZteV+6%ul1dFq?a=!urUAUUkuo9iCl$ zH}oaE6LLYEaca3qNY}gF5Z@&HZ71mxW9{OeX|alm7soQt)7FJ!>j_pgg9;MM?`)cG z|0{8{OaJ}U%56a#r@^YJ987Bw?8o(^uELZo|JgMBML*Oqm2A-X&BhwwM3~dC2<6fi z&^!?#)xnWwd;=Xs&p^hDzd4|{C?9_ErB|7)&zDM>;upNQR;MmS% zV8%P(tJ=GiK&=$Q*CwkcP{H(X62hLsfD30O)BLz4l89*q@A6#|HF@bz8{I!l_FeoG zS^c?5e>s?@NCHmzS2IrOjh(S4r}V_YxpZ1>c4x2XtSIUP>dci2L91dE-r=*@jNhry z_OS%sR~eeVwEU-T-6nrJW6u%C37*aT_glYXl(u0W=_uXTRRvLA_~a}o!`dZxZ_DZC z7fZiUS5v{e8F&IiYBx2dWI+OI*Iu8>XLsI;GcmA&o`GogdWVvwe=C}vcK%BmJ~I>y zV|?z%ck+%zPb%IEcsIRIZ*(X-F{{-=QW_oh9cglgSE+iOgq% zas&SP?We!#-he@t8&Ccl;v!fRH;PGx+V)DuE0uEF<@!AL^3$@c4R(q`xrhOacIbqf z9Z(|!mO)-Sh>}v)1z#=}g@YKDI^0N07iT7{1e{iQI(u;6efUC!BDg5D9*h=x#8Av0 zA6LH;kKvf-a9nXbGcRFQ;)eAnWlQ!r)skS35N5T{a$P*$n(nCt)jw{!m45r~GW%kd zt^wnoikS7$y=KOGi6|3rT;9ld8+UOvXUxiv~toB?*3xtrQF- z#oP<41;qde2M;fwB)Zlk;^(H4$s&H2Ft@U3-@hb(2P-_5u%xTdm?9m~@zm}<>OGe5 zQ@~OL!k(DN$2R;sc?32HdjQG1$Bv_RVP%Eyh1T7opRqjRoR&qab9C7>_4{uU-slCp z<@|h05&!g8Li+f?K&^T^mYTIr zv&8BnB^+?lNn9d>fyr-2N{i)*t!^)}KV(RoPpD$IqYY@_Er)K;L^;>5j#ZY?FM4e* z1@K;w-cmMf`!(7f?tX7U_5qnfk~5^^?-iRS^fdd2E4>|wDans0>bXYOUx%|?95ry3 z`!SIJrvm@2j!s-4uOSeD|MmBb^+b@hMvm$f6B-6X&xtV9bsSHg=m?gYD5gX1g@61Q z6;dA^VB*=a@d=49fvHvf9c~yLmT}&{hXtQiQa|!!()EC%4Ne!_I>?4}Ot~to9p+SB z_q2b)kU0;mAMUt$WgJ*kaa8)mD$`bb&p9ksyVkFhnM&l!F5c$|Q@`b5f37%^5%UXj z(ab^=z*Y-ELcy0H!~umU37G>R!ipUk}~_sUPcd`^q0Kz5O!+Q zOWb|?A#d)-n*3q0$ZV6J!Z40~ZE!+4=7CMY^ogTjlKl9+%u$e_5Y21RGUFo8TBNIV z$B&U4nL)Gwy2pUe8o@XhRyy7#7nuNy|n3j4zf>vlH*eliA(p2P1jcv(oKzvFA)8RSwnO? zob(A*hdTQ2?&efb4yQ~=+5n-@t(U-482sQLbaX;0uVmqdm+X(nB8jE5kUzAaksywh zqOs(d^$sC*38Zbbb?!-8>Q^D>_>=jWQS{t21flGKJfw^)XG{}Vcuff%fl-NAPl6oN zt+-eUI>t+Wsyjne{vQOMm+-H6XYw z;Fp-E{vD$mapK}m>kXsI8#FXMv?Kq zJ%ToL5l}*FhRqs*kuTY2c|NwMF~ip8t;4hB8YyMgDL2Pu^Lcxaee!YT*Qi(*FTdRU zP9La4%fiIyRk-7^htzaBzg7_2qvr=NeMov=TY&gvpfc0+g)a6RBosMNRB}CgEHPNA z?!61b?4!Rjv?_Vq#JGH6D!@Vi5Q%GOCa6rUU)+v|v?X{glR z4@KngK~M*1z9Fwyj=%R4e5wuo7270;lcL;>rX%_v**elz9;Zl9tpzLp8$KmoYo3!| zWk=86y9Zz=ng(ZRz;I9wmLjsbKFiy;x&$OvF~A_Skycn4FxxI)7EhmrnM~F&Htm)I z;y6>uq5XpkT6;m@W>9wPh!3xnCNqc_*Sa!s@0{W;e*K1JFqWlbo~h0@-T6j*j&1DY zhzb=*;VA|8jl2S@hEDv(8BM3>PucZP)wM_{;U_?mU|I%#HWenN7AqdR;){pGq>=;o z#gR<=z*-F6pc<;cNcIRF+s2A)058H`wOP2Yxp=P&WM_g+>+*A*F7;9*?_2I2X(|t3 z%@ULmW24T2Y<$0=v;2I#SvP0>ZM`q5ibKxuot{^|HGk&8Y^aQdcgb<7l{27n7%RJs z0C0;~3AMe{;`37$atw2$tK$+=L@VG*`c)`8L7daPFHEV_}A{HCV}Q z>`lFiBB(76198Xsbl&BGseZJOiGn*Sr+V}+H6GQ9_6s+E&EAU9UDUQJ3bMq?&(E!G zT>jbOaRlNbE!#@g{F*yDRNNrL`4i|1^c6sg_(Ti4tCsbCyNpN^WkiD2+1xa)W~qx4 zBN_HT<)z9|q#0eSAzGwY!FiInyF z<9Q2-^fML0Pj)ES3Yfnz4n>wr?Vr#eZg2?Wma`0*@aZySn{z$=C;P>Cs3!vby}sYG ztEV?3Pu|psJh&d1tN-v}FDwd|A z6?}LN43B>=Y5k+)G)O#QuWi-YpeN4Y<**gD1;ZR!_>$rhr!!wi4(l|-OBp7+kuj+m z@+F`}k>kirGRq`gd>NJV+b8-)L9~uCRoM!>MulK+)iF zmliE7rcin7SUuv!b75gvm-^O@qjbyNWpivnb9NDWJ@35#=x*TZ1$VsfGSqtO#$GaWPX8H%We)G4GFLOKQvaYpg`E zxExrAhfqWg)D|t11Jv?a(6}o!PlSUt@MPhEZ`<9&sB(LBeG+Pz;j~)wSM$@79XMJIKDdU7s~3kdDa+(#b8Y z@D|%-^J9TD^(XLbP@&F?9u}X?9Kit0FT1uIK|fn+^JNQa;#hv|hbP*Y?8z%mbsjm#G>iyc5F6j>GPNf^^Zjest?uJcw zcXvqlp(G>}q`Nz%mG1ZG@A>OH!_4Lb!#Qi;tJig{+u%mh%~p=9epTQwtgw$Q0B4*s zU7T6k_rO(T_!VNQKl#8TagX@<{}g0mLm)q5V|s|(V;MfRdIy{#`5|k@9(~$OqO7TT zag2+(DZ3US@#{X~tw8|}Cs}70fDw3d7GS62_)wV`<9S_ zSw`}2W9Mr{#MJaqp$oXNQ_CS)F%5Q})Y%E$tAMYA_O;)X=b;;m`2Jf5NzfIAtz9!BDO`_LW* zUPY~z;&!V7D19EQ5n^m|S_2JR#S|YQ12(1w$*WO4Gn`aPW1MucsmS}%9*PpGKJ>12KAQ&7uc$`fHgHKvJa)CpE-i2lh{x7+FBIbyRs5fjR?7s!dGY*hT+K&1NkM=ET82{cK+oKQ0SVC)5b zJ9AOHAEmquR)`$T*D_2gKSK~y%E$+t6>Z{@V{*#&a`XR00={ms(+Fep=Y?S}c&gN_*Hpnao#Whf`=NrZleZ;^~F(0Q7^e2qxk;XQJUpS$*_*fQTR!6_@It4@P_{$_4}KXH&9qmY)45igk%M*_4G*SmoB zhzUz{0w$43K#YxI8=v8y0wy#^r?@zMjRY&8z-|IQ187@e5@wNE&dWyUR%|zKM7-FE z>9X)LPz{TB0i(O)#e&+H|EizUIy=0qG&ldxm=0Z0O5h#WjLMpZ(0+dvnj%vKIs9s` zadtNp!9KP~eW6l;i7-=x*2z*Wgb~2;Z8TJbC^XJ3*lc@V;o4NGZDNEgm8S(pQx)=! zj&wY3GNmIo#Y7XD7Y>ePxQD-o6Vl%n-v%L58&yvBiZOUd+=ZX9X$&s^C``UYq!dh8 z3QaX*(cEyCK}?}@D7!a*3ZtKoniUS^j>-JmLV^yUDk|247Y=3srMbywL~GSYt~ zJ`?8_PKCXuqZelOip8+tl?l|+ji0#@fn<7CyN_HP`-z49xAkMVuN^7F%OgI(**oAS z$SOYIw$dU0A#X}jEaR20d3x>MHTJ&0{`bds6i!iXhSt~ly>^AO4e^tcZ-N%keDb@N zebqkz6oz?5wKlaR)a9aMfiD+!EzW*bbH?5Uj`yZ%y4++@+ zz2%whS_il9gZ|xRKhu1nt&0y6rPDtRd#%{B+B|*Ca^g7{oIh2JsC^xD5@V>lNYUkv z=DN3WY!fh`#;et0gw%o7gI(rjMLv+$!T$I~;JAE5@+j{Z*8=3+fhPa01_;jowj!B< zxh2}nRlUECd>W*{Ij3{Uz8KzD7LP3WyAPBQb9G>jWo(ttC)PFhT&U7v zmmL#l)TkL*K^C&8<62B&&JXt&xaQ;BRO~YLWwU(#jS<-!pmIECP9JI7hO`zn{wf!| zXcdf)+l%%~#u55$#GrRR@PoXy3B&l_cvTosNG!;=SQ}xtM`68B}N2eh4XnRSMm#`frXt(c0_o#{5FKSEW?kX5%`F=zhRccuUV8Gy7vu!s4Lwzv}5chjZg+qv%V%3 z4KH8KB}Y@G7XI>tdnk!M^efQIkvk~9A%k*441gv2A3XUzMwbMJDklChh3!b^UCAVBn`4CjWi%WnH=WGeh2EXTt);SP*m8s7sRCNRpX_?|1kJB-J z4ANC98RLj2?d7*P^uHQgN;fw?eDz0CC6_ z>vD^HQTv5@`|HTmIXNs_HIz6GrJ5GLn!tuI8kf@+jbz8I7>vMSG-@%<%gB?*~7kWwbM|A$(F zx<}-=&!jJEi9L7GzoEi>tD3gk`Z9#}v`#MSa?W?{2{VcJyMwz1nT)XecRxD07 zNS;Pt)?@J7sW`+f%SC^R^?jA2m_Fe5r4>oCa4IhU6^(&csJ>XbEXBB~r!rpD!{^_v zWAxej?f+{XM<+-`tGXUvqcfi$ef_ae{f(*lK62&t!Mtjox^jhx`rcE?((?~Samz+8 zpp_6lf}Q-rVH)R7T?2A}Nbwmbgdhu!K5|r6NETJ0rADJR3~3~gg}o7zZta}qQ>=4Y zT)*y`2w$_oLEcDPTIcJWyoI@=0--70CVj)g(6VE*(Kia_S}io*H+Qc}YGF+C^o|4U zScllMR2$)ELlkO~;k-Y2iQo_hZ^>&c1A3FF>@OFs(|0XGMtxfO?{m91qOi63S}rdDCbMtx~S{^m`LVbycY|u-}DtD-{!*)qr)Cx-G+*$qZAhIdYk#%OzS)cvgXxBB7upC)=R^e^ccRiv)*29D|x z(-gE2-*|UVv>QSw{IsUNeyxx^)AYpO9C?Uxu$YhCGExHvoK-Pn_)wJ*23&kudp>_A zHiA-9wC{wLJD^9&{tEReS051m=($0q&C`_V^<(Qz!4)bz9#W$yEuT3N)J@&U5mab%PD`x$v%uM5pp~jy>H3hd}TRv#*R3j_5b%c?xO#edx$BhS}_lT_u=5>;L}Pm0_FM$2OoG(GP4`w_V%)4|Ci1 za$%gX$zOzh=dW=scCUh7^PgVrVXSI*C_S|=75{9xA<3zXi}udT##|SnL(R}#OAYVv zJNXPRT&}q~R2-Y_du~li z+<3n4nt1csdNII!ocKDCQRrOMbiiGi+=PX&ypkG=ln*CB8C~dY?AixNVQU)#U1^Jf z!Lk)@tUWod&TBI5pGNp?N=P2+DyA$S8lNmlqeDtLHP0Gj>ZwaPH~u8xA3IH~BUFDF zrvO8wSgf;~NSEA-&Q*rP-9f|U9QU_750Cw zbcV)2V|dDe#@up2qOPiyCEY&(@UZc1aL}Q*g61p{`ooE8F=f=JD0?2%JBeo3t;e=tN8Ju3Zo(SkZ@utEwQc z)G&*B|47NA(`9*LmC1U}AgoQ#KrDt_A^jwF>&rq;bB9Mzg4)P9#@?1-1 zid#XfS9C|>T`?ctV(-8-(Og zjxx4NT@=&BY&}4mU$XgG^~6+=m`|x(WU=DiVUhTot*sw$psb(=LRC!EiQibUR9$LH z;>WZ*LXW^eYiT8iB>o|CF7P!#y@w_^iHut&`{K%Ip^UUaD^(bdKcQj%OQQiWFX=s# zc3>bMkMI}H-YkkHc#i4sgZhcjFsOX8-Y=?{X$`0eTIo#0om7Wd1bLV1Suf{?ml~au zOp?AfnEOFWEa(2y1!4IthHZC74B=0$X!?Cf0OuJg9b-Jn!PXN)Ii1Fl9E1tg8#`G~jnADSVg~jv2Zyo&Pr?m(Kj6Tp9Aj01q7$76t(#gd@je{vQ?H>a>(jk#nT1 zQUi&yoEbPOMq_Wf)t0ySv;6wJ$yO8ZH<9^{6(1?Pj^A&IHG99-C;7FyjyemQDQ)i- zLp^m+;excf_}U1CU-gUI3AeM{sPg+i2>v~fNum%1=c@<|1>8V7yxsY)bX#EL8$;&F zRs=!~74VKM-IHBDFdVCZ@O!8;R=d`2h)~u~Q^I{D=au;ZOw4~)U|R&%4co3Lf$ zyj38bc}zJG52=7a;kTX?zm)j17JEMq6E~ld*UU+oFbU%?I8?yOn_mT3^OF z&CD$K{{u^~SwuNTg?nxbl5;VY#+BN7i?Gd3ZG_iONh^|PqBYW4&u+*FIP@)`MvE)X z_DHn%PQxhuU&_b8q}P*^&1^`xSst=6$PNKU2nkLjzraI3WlWTE!B$$`9U7bpt~3kq zu5p2S-Z9^Sq*1x|6jhOm>jxrxW_+TOxxMeX(b7s5 z4*&ei(UAj@3HTp9jZ9wmL;*)*S;FIcs03oA?KfA>9h*a27#{jxF-660hJs2^kdO#U zI6D$UH}8Gt_w3G{DMEuQOKdM1IulE+O8+C^WgD;j{$ZqF%T9&4P!+3P zueBC4YK<+PWxwUC#;v?h?@PQ)$=pI1RBfGm4U|+l%KyV!C?nV@x1u$n;%D>MhBp=) z7N2jzU{BynKWa%l279vE$rF#p_@;nga#U|fKJ9-?;Ry_pCF75uUdD?;~qzZdANBfHE&lGutWhAbm+zW>d#!2jmi4H<0_B8Zy;?^FYl= z9X#zM&sX?sS`qs+^@T*|zXXes)R@HSQ z5aUoDqW2cFC}c5~Pb+;mf_p>S5kg(xp8@76_X*Ey6{{&2m z(!s2uyI{<0VEn0xH70{GpeziDo0(TEEc|`t#+d+?(S6i4iC`(;{ zd)Z*tbq1G4dQX&t+KNA`lsZOaepvSTFoLvqAAFrBo5kf13GqFZIP!r9 zu(UycrL~cqp7BWH-~jtn5SxnXN4`^(OLp71Aa|GU=U-e04jU^!H710cTf#bNw3H)s z5|UvH!H9{p)`e2QxUsNY1osbEqqz_%g!%dz7A_U2aF4NYLK`=$e-TT9LdC83z(JSQ z#&OibfuQ>|Jg;kskAC>=5n1CsTPi849mLre|u+lcZaX@4TJG< zt3scf7U##jis|=%s=trjb%i^juB9jf_F2n|HhWZ#1Z`c5*^UWe=IEa1X_bT{w-22D zTin81xWQAs6w<60zx?m+Mq)c-G{;hO-*f75hW&{3~T0I-# zUvORNoDp_mr5hL-zo*|DWuy=9c(x`&{Y^mdB1?D9sTp`|C>CCu7H9Uk5jA`|N?}A# z7@%R}U0NuT19I-(8jJ}&y2PZTF`w7T&zgy-!Vv#ytUoY!)X}ajc8s{1H_k-at!EgR zwsQA3hKoMF%`Jh6kgdI`RX>9q#2xj7Rj;H=^shb4sD>Hlku*RC)(RY6 z6-;A3h0gB;VZBxf*D#ScVIP&rs%!26iW}QeCzY&f`4qoDz3Hmz%_&rvjN<|FCn>E= zQ{h~+)O(1QG*XJ0D`$)pN8)|I-iDqXyWeQ36PPr={QpW`Lzc|TzAVNkaH7?imJo^h z8&R6deU#gCaqpL}=Cj}qL&mFPCGh_C;mlsm^SzY)-NS>G&aML+5Kqtg#B;@Dn+e^Y zMGqnT=cr}-s7Mi6wKByaRodCFEN~Lpvr8xkd($bEwGwT<0!%_qY*iEyVY2W49&1<0 z9rz#QF+$YG8Y(`v8DdCSH|A*{txjTFSUi2{77iRXh^gA4EKyso;r>jUKEe5uTg2F9 z`A{9$J%?9aB_=5l2wwvgF&*5%`b;mS=gE_8i`%y|F#)p6F&DxJ75b1D<-x?Pk<@Mc zrh+y0tvNeKMN$U|qt?iGLT0B2>zl;x3wB*0e2?V>|Jl+G%JSs3jro!c>EX$VqsDv3 zTjW&{7W`+lmB7=-dSd{8)y!2H*69!s-JfC;=kl6eSN!$#vQW#Ff%OOe zbJw@F3*Z}0Rjc}jQlDlw_{0QjD1I^V7HTDi+8vKcWvj$NuUwEd4LY$#MW(~Db>X10 zu@!9alK+tl_)W}zPn#J#m{ʾZtuIvH&-RtGdByYV$!B(i~||Bmi4b`DX5AF1}F!ur-j8NYf5zleIpHDzs^Mw8H>6H+lcexEU=L)9&A zTvS<`m<-RfyGVDIwA zIzOb~Q4B`}P5Jc&Z%JCoV$3}OJ=nUOD;rt0FqqUSh9jcX+&`qw8Gv!5f( z6w4OD%NS%LP2aV$zy9N-fZv=MG=FO33mVzJDsboV6~(R*X#13Ca=FZJVOqtmyZnZc zO`Z0DJe58ZQvVfjN37Wu;-&8tz80@TidPZFXTaxvWWOxvFFwnDg{)>V70A;^pwxad zDef36!hUhI>^?SIJK>8R8E=Eypt#v#+x0?Tk)W3~$M#G6c2f^v5VOF3=n?YVFjyn5 z=%g5yc%wK=aJd(P{161@l2!(9qVe|5I?WltmK2rq^8BegN{SF*3UbwDP!2__yH!-0 z=u-5KpxAOYMR?cAi-(7488v&uk3^NY$DI>H91&eP8~MxhiO6U3eRQS5{)Ws0In1fM zq!7Sm4xKr_F~OL3*-@0Yk2g589bf6N;l zeT7fk{#8By_DV&yHX^;Y$~-Tf>u%2dG5K&rUZ%LvY|GN(Ovqc{i<<&-2_Sx@B>Gkg z7bBOzW)kU)u-BI0`snH$=ro1Q zlxPi21qK_vqY#dN2!<_}o#J<9>vr%(rSsd~UK0817J3{qLEy!(Ouw1>eK9k*OR*2t zC-hYC`{vgJcR9rK)rkf_lM$C2!UU3X6;KN4wW{WAzO;5taFVSkW&jn8|1q7HeTQxsRhD-&OMZSak$H4|T;$-n!ko}{f#gj$uZ4dt`i9}t3RF|iTN z{5U4o5%Nr+bUB8pV`gsog~l8a(9GpEPoxMAi6PKbsO7w7@Gde4jKq9;FRoh2$@jtwK3j9w@8g zRuApRTYs|uV(1AS(Q+;{GAIY>+RoeC3L9wlA%qfIMEeJ$*bEXiz|4`n=G^Sh*eyTj z#$i5aUPU2{k;A?O{)5cLXvRLDU12y%JCg9`wd{Ke4r__%TGSEW+KFHg!1l*Lamo2~ zk3gCXgvmz!!|UW(BpL$^#S36J=fkS<0gOIH25+I|stMiedEs_)N^o2LKwxjz?$%T2 zeXcxyV`K7UcYvdFwyf`>aiXv5JS;dY1k~i%ztH{E#l0sY@>c@Y1+d&dqNGb=G;S>1X;~ zo~Imr2x<^re7|Gg5sA6*6dYj9{7$h=iO|+#L@;&)sn|cVL7u$p)Y69jF_H~~ml{J0_DS5AhJALzz?#KzUc0bhh9zz^Kkn{wXhqWI#pO z48r(G8wuMWULX7hRgVrKyMR0~Lfm$1E+X#bcrRI$yaikLS9D9?qR(H}XCIrzIAJIr zTiA#n($ucj&61Dpo@TB-52{Ju@1Mfr<5i*JZ*2+_eUk=y-V{N~n2R}zO!YD#AQ$mR zTcA@0Xnn!jkg@*XTe0Xd%$(v)uWI_eI43AZO?x@kdwA|~r(t<-8XcpE60JtBYN$uF zJVz*YG(hc0F|O2HU3TDTUh20kRH+)o~ro7A5n(!Ff(s+nG*Y%1u5dP)*ylM zB(eST3Qzq7alMuZct*q@#U}N*4-i8^l;pw^0wU((3T8%!^jiKI@D3sDf9onzNO`h1 zav!90z!OV&3HoB&Zkk#M_|MMk|&|=;&H;OESODcy7?PL=utXf2O0O7H`adhS_=`4lRaS}(=Ghe%(yFW31b zm2!%YU=l?ZUO#o{wYg>PJ`BQk@&l%FGJ2*n0mNkdk{cHrJaZ`U59Il}Frpx6$k+nB zdgkq*)VrpW)?H}>3VHSyF_N~7$`LtqCsXSRPna$1$MPhCea?DsQva0`hS)Q)JbN^z zOi2M(59_SC%OL87U(jiM%QbTtX~?CKx&Hx~Sg6^no)qJTVOw2z>!iwNuh|2TNiaOB zNP!vWk6V(C(1e0@>mN&zba`X`MM#k(1-PV=>E8}0Dq+fU*|D3W?vPt!tB3lmTrT0Z z3^8f2dMm7ggRH;QakS1><`&Yp!VK?^RaW0oWes+(B^m5X+<@qD9d*fY!w;+!7% zL;ywBq8+NhtjibTj2S`uVhT#AQ4y@Bl=}n1Mc}BT(@mWVTWsd$<|WX9t0ow<>YLqB zW|jY^la<2&Yfa#}U3kz#9Xa-k{Z~-nj_@lzPE8q$1MqIxKvF}y z{x{7lBf71$1b^$lw`tUoV0ThjO`+SPOCdf9+DuA~o1@LD3|Z2ip8eji?gSuuNK%ce*TUU14wVNAo1fJ>D(#kc)qKScL{9OQF#~ zNC);(*y}XB1f2QoRH;j|-{8b+rco$69oL*a{d+-$rfg@0L!4 zZ5IR1ffoa~OpbLVxGCKrnx2r(0P%%NP!fU-M?z1OZ{i+AlX8JRD}&R5B`YR0^YK3# zDRcpXchFF;KG>Ad`lXC&Pq@3n?QfTT#?`3adwhK^jE}7oP$O)|0dN5?ACF~*pYGp9 zgq&~1aByq($Iz=lBD%?r9{8Otz#?*;ZCZmg&L|LoV$O6HFH}{0Eok& z)`5J{3FTc9bPX6TC>r{y?g$3|3Q8qeStKwXn{xQhOU#5vI58eo;o^wCN@0 zO@yetiZXHY-}`K$00e<*ZQ=J48EO-54eUSpfIZ`FJl4Q5Y@2Z%^$o;jK@$f8%{^gO zihvVxj9Vj_#D3WbDfGbC1+=jvKK=|ge}lguNpNN_XLeN`cyHN$5V#$_1GVhvq^_Lj zUUML=ja=f!Ejbb*m-mKrXYhrtiMr6^9Ziq~HLA!=Vw|6aHCEbjL8|x6)-Z6gjPL;~ zFIG$Exv|pc3s0EPRDSeyAv%4X^4S|uKql{zV%h!I`~2FR4hf(9JLXk%w5|ANmj#LJ z6yEb+$Cw3OgXkQt*^z)W?NyU?nB2I-wH|ECxSZ=#UcRI&$N)|cDMXc{{l75k0xHVW z@YrIzac(z6=w4N_f$IX!i8xi$tPC3kP0$tx*slWlN%hmcDIKO0m1?sS*uQV{(`uo4 znVnJh&w~D)#3*~SEw`5K?~~vpEC)5eq4`YM89ef_Q*aQHqrtMCb=mDqjNmR#y|ea~ zrVpb4hSsrC4*pk8_9=-)hv?caH#V>1nnM`^jtJ1>;dCTrBKe_o%Re^#M_bKVj13i5 zp1K0I-8}emfs<3o{ljlolLo zwE$VFX-Sy|&}_c?P(c=mN!gA9-F7yVf>7 zR?~jeV7XE|d;07Gd#h7+fj9(gS~f{!!)#LOdf0S?;cysntNZ>(3F>DT_I>Q{t*0Wn z3;(1`>rgYt!9>95amg6i8!}WNo}QiRNf4|hV^#pir`kjr!3C8XDN<{~Ry#7vr%J{w z_b;wOmmnmG>Npx0HQY?ZUqB#U1rV%!)tpZGKAxG90dz1@WE)S-cn*9~RAZ(p336T2 z6N!?zsUYZL#SFB4?&S(BqlN&HM*KhiA$;Z~cayZKBwDWv)2~J|Q)=j8_#pX;H_*|` zkZff$Cpjx+cFF!@y2sOU2&oq=VIeY;7*%KlTe-2}xgfG%OBpOz{)#7cs+($yh=ms0 zI#vaDOIqx6l~`0xw?7ul9XjQf&lV_wAF*FfiB3+&*=U#B`A}qIUEuv|HPsTR&~98X50YPjs~Cz|CiPhUDzO*j*VpMW*q12&^qLChs(1W~%gn7wk4sQ_ z4A<63IPuI>J6->^w$H@qET?*YVceNLW%uw0W75FSo6*x(GY$)60J6J?TI1Pa`yy~I#G2)CKkV=1SzA7*I8Of!sB;%k|Jqe|ZzFbsS`i+8$N@ak&OW1I_XjJrK z-aDZ&Uy0A`ZqgfO#L^T(G|}~1*=9zWc(Y|^zh`HCrX&A1)|tqm{)l3`HIMGXr8oar zrIqnxjJ3BLjLIsj)MeQb4^PRo9Oisk?ea6hW|tEO#@8mIU+4}%Tl{e~i= zu_VkDy9|>%N_2X*7hdD@@n#6qao0SB3S(-E&f&wkebNnJy&5`nTy?aVe3Ryx{#9T9 z+*KFC+iEd-!elS0^|e+qjF#5zUeg8I{F{FarpkGjZw2yGyuF8INC|ly42`oofCRVJ zQzgw&P*);#diBwWuI{*7VMwD9&+3QKQV=eMZJMgFF!T>SZ_h1ZvPtGEVUV^&w3jyW zmP3UxPe1nXCgnf_!Gg(Bt1)*IU8uPqUOx|z2KR3J`i(f{PYfAjcTR@Y>^9|qbj}*Q zedvhH7)J&ljX?j1kayLrQANgoq3 zsT6Zf*(_uV_tk(t)?bV!u{}tP$zda7PvSW6@2p``^0zEe3tkb@(ch2UI=u%y9+np_ z`44ri2Z8UB{Cb^L(2<{n+{$l^&UUMG#f~%2$}RBtQI$ju9eBT)GKhoU5dAIYHOVe( zvKomuwweK-8E50;9w%p3McHXy_qbWo<&2dfX4dA^o}h_lZn7PE10^*vQd?24&zPBA zZqnN!NCFePgR%Hs1ZLZRQreVCXNl^RETP+Q>K*;ogvAloUbZ(WWa8=4qny@RS;oAo z!2ah;t|1)_39QQllHMUBjSG&Lc!in_)j9R`N&NHgLv-{e$|4C60O({k&ugEaOn++O z{@bQnr`yYjuS7=i{0FEkJQ!Tb8?vBZU(1X{rn5ctAy4if1B!e5XQo^w^v(Z+;E!GH^TrRLa!P|Xw&Q)%*W$5f-j zuAaLp1jH>AO8>Iqs0&!YG9d+lvxJm%l3>9r>0B{Egeh85_9&4pY~|BX(*v(^o+FB0 z*QtNOa)CX^#e^Z0FL0q0sSK=j;L)B0cbm-0RNLwYS3pOqX;sfG%RI!+wk*ruExt+k zU7Tne-Bz}F+2;V>!;_~(KE-c)x78KW2k$e7V6j?yUJ=HNUD$sb=5=s)prMhN|I=WwhF!P{hQ+j>aMmzl-dpDo-1gO7^xxFSC@P zaQ6NLuK^JLGY_kYnXd`rHoTz(rNeQ*zbJ<$_>1DR=4;!=!ciTG6S(UO7S|umFo-&T z;_%L2DcL%6#H5$qQ&QH+cz|mr&T0=J9{RncZUr!vjFl2Pj_3Ob zu8+j~nJY9IXUhRG?QPYl?Crz+T&arQ&LF9u_)Lhqxn%J#Zt7-o@_KpNHrWo! zrdu~~f_eQcvl6XjVfTul6h}&1r5FK1_$Ue~^+-J^WHI-DJ!$t@ z>nxEzUvpjbOz(5n=IZmgvx=|}`qLjfuQUq1S6-PDNW2QE_{=LCY#3>^>pwSGArHQwRS{zX)lNOnR#!l#?+P{H`E43Em1t*|PU|i;eRCB1EbAma4^(B*8zaasZ_A;o~shv3A`F?E# z3bg1%pnNqReG)Y=CAIF*?MQt6O^=ClsHwqXMSeI#lOST0I()Z6AvlQNz4^2CSWOX0 zRKY0SYvjf2W47Tq0FIh%xOIL&X6dur3~wWn`_0tOtW&jZ97Mv~gP!l@$blPrKF4ay z1O${Qm3qV0+?-By;fx2RLp4R^4M)#+4>lnPWiS5$Gw2&EDulV-wDySjeb=x?kSFaE zAhX=VRmS=1nL**L*IN2F0um@Cl$OWp>#N!VgugK8Gpou$u}Z@j#5e9Yb$NX<3wnMq z?=Xy(>f`~?+~m*}_5^mnws=RRx9`4wQt$PM9s^Ke-eXMe{k!=mpU z)+7&1$eGia?}(?4W7j6vU6k{z-}80m^dK03-Rz0FD>8N$%fWZ5j!;>ucO@e@JwFDt z(nXbp08KR{pC~lOPe_exPnJPl5%KcJT(g#(IOKDH1dXlEw1$Y$b>> z(WLNOODsw)tU&r{Iq)A4{nw)cQqT{RY^sJvw$suwz;@|x0uFo>LrW5G&(=lnKOf&~ zZ0H!~1YJfv3wNXjSBK5we6V^doWmNm?quKu-#(zZza%%ATFIe$ne$|vQ)$0cdvGMZ z(~k|{YB?bmcH7zU zNLH32wSDP$^rm0tVzg==*W(;yZvSuM2Xn&x@dv+euixK z)d+SP3)-FUm<@Os+oQn1&;JWy!Kyv-i@jD$H$OlulNn{Ma8nRwsvcSQ-e?dE_lm$DRGa2)_T!Y@P0GQat@tH2gR?w0xWE_2xW;N2R}%qYZnuS0a%X^q;S z9_GluhWgSNE{w1QxVm4V!}wl}Sd^ZGma{`b1{!13eInJ`^rU1);Wm4$<8fYk2}3kn>XKF?5>;VnpTTdSGUYBFj9T3v_t_>s1nP*xtljOMLUND1Zz z6qU@gsM(cj37dy>__}9M3peh|?V{7mrPRxRFmi=JHE#|Few<-IN4-T zK||-d5>O6(HZ*Of8`&|U=qLC!%4Yhx&x}~=f{&GW1Z}^__-m1ep^}w2+1E1_` z68e_(5d6E`XteDi_Q|5!KD_fS>R*T$MBpo!N}HUh8sFshC1x@uZ~=_SHWVhC zqeJNJEayk#Png>MayqyavxzPVjBBkf#5C1Rd@T)Sohubs7IeIX9O7ORnsJARlit)2 zKtkB=@mc_ffUgeetcQV}*kqh!sf&aU<-I0H_`Nt&bv!^k@O@Tc#qNYn>|A3-o8(K7C z!Aqq|_aNq(Y>vVN`|&667JuzS7giPT+b!Z;{^Ijt!_n9K`!~fx+YJgpb!R7#n>Ze0L(m?Llt$CM z`3pw|pj77)QMS?)dFzlpBj^+rcV}4A4i_1Zy{fL&#qV`PT@aNkDfL&3MAfwsn;=|hM=4zKRD=B|0Q?caz zgs9`@&_f&NqlXU-3lbjl4iw|! zA58`)mxhc{9}{dbNjt*D{Z>fSwwddD=?BY}iaEW^1!#`DBM1Z)Lmc|=ZW}`VPBNR) z=LDVTQSuNqeT5<~K72|PH|-@f@5}%C84Tor5(C0%N9_#k@#2SL;)(LUfnA45h;E;GRm)*BF6k=lpxArkNP7Ttt|k3KF5=C&{9D~0zadT z(OCM`RZT(iF6K6zGwK1OiYa_?M(^a%sB=|XOZvFdoX{fKrIpLU zFR=Rwb@W*aA?wV>*@ssY5WUo@1~u@1>;~8jRFE{FqDiumo*)SvVO-r|RvwNxr;0nK zUqGefyOo<>>o~%^yJtuh>OQla{5EWCBgr4{jBJwGINS?>XTe>$?|Mp5S+sEDdIw-s zFk=+=MPeWyr5_$h`bhr+#@CnE4O$7e0c~P_(fiE*GeAJZ_q%k{O32QxGp>!O{(By9 zQ#QegkzxT6qhj9;z|aB-cIm3Ri7P=Uaj=p`igWpD6zbsj?A;I-a_u2ky3bjE&~?_< zpAGqC15%=fH`uY@2wJ-H+5cP;WcG(~IDXNmc9c9i7%%1nDNb&d^>vQa!^+vOoJ*jryLeDMW;3>sS?dEeC;Q-mS^O z?wdZ)c?&FheF!>-n#NEREMx)lrgv zwg@>`*oIK>@k|etG%pUQe$wwPsCT{GB|?i)sNCsCH?u5mraHLII445A0ch9=9OK}w zY10eRy+VqFrJ6kPbF&z6Bu%P27l`U&9qMHCEv!*j?<+vFyK59_Ym;%q2I>LVP!R0+ zsnn89iS6(8R)F;HJFs)Y&^ua$h+5OK)wTwt^LBKkXB=OlWMowB7khc!e-IdIb-S3j z8bVZR67f@1Z0u~h$F);@1&C*vabGe{+O*D?`#hO#Hqh&y{c883w6Bjgb0xx4Q%K5& zkKaU0mL(c1*Qdn+%gqdisk%NVS^V{VM{e2_zCcM+<1}N3l01rUbt$ll_i-Yb6lGRA zPGD|GxYrwtt+2{}jh`?tGUU2=xml2alg9$D*wSdRR7AKBOm=wu5U}EMeWVBO8cAC^ zrwwzArm0lY639c2HXl+NNO$X#oRXKx3@$#&#i%j}%Qz;MZBEcU)LYaNh!XIwZeuA!vL|NRsOl*YW3yK1>~jo}`ijF`(595311Vg)l+@xwN{ zL=DV6^eoRH;&^Wugu^u&f>+H~8IwV{v9zh5G1W&K2F<*DzDLJu- zss-^KW@`;AE^!v`Qs7zPf}7y+^~(F)M@s!3$4WCXQV zV?Uk9#24=+KiNu|!Xbrq2JV#tD}c}EQLdJ6CoQPY3?l#~F%8x$H>GV>NgZdvVQ?sq zD0&&4f?2eFijJ4wJhCs@+uQeOm|Z2o5ByZD%|Cn1#p80rw9pLEs-umIo10(=(=Zw8=BuEZ<%^yG!tFRs>*X8V3OmdZGT)VuE_XPi<11?}IXW;*^^&00mK zHr^R+viHyX!t*qdod&g!Zd2!iJm&)I_Bg4Ld|4T(a?RX(_|L1TNt7qJo(UR~E&M#n zO9@?~DPg~rU6Kao%@WJggY<43wk)iDG1lGCw#y7?5flz0gH-kKGAB_WOIoQGG)u*S-#8Vm)P`wAKhh{?r$e0ri4~*hN=boqB=erYz z!DAlA>fb#PS;V*%HIc`}1b@#5ay2xGpc>L8)sBOQFvo{fbJlkHh)vU zS|m)$-qC$fWn9_gNmR8y;moB}cI3I;!3Y~s+?)dyqqnQ3z`&me3XBe3bp(6t#5R`bcCv^>80(u01A%w4vOUC z__`KGocM+9aDo%(FG+P(*QF^chYqcmH81)l2^K{&8s9ghU^fI)5`38-?kx#(u}?vl zDB*X6W8f0oNc*jXI5fc{5o`@}X(#4gY?xI+0ovm(aN7CDGz0_UXsr67)UcwOPX#2G z+9<)|se|12s@}GzaF~(#f7%S*nZSw$0Nrnieg<{ncPDO_4t#jCW)>Wg6mg(tLn*?02aMEhU zr6|WgI%Z4VjTSeFKn-`ym@7z>KydGFoSZY%B z9aLP|Z+~OM_cPc`GV#xQJH?_2Pb69W{kXv1B4CU8&=U#F^6+X-Mte;BP(?|Y+1v}w zog%zrY5Jk!%2}B}EqT*(G@d0@VCiTDAiR}`FzB;fGI_{nX*4ipqS5a+C&*ja)p(-+ z%vvFnQnV?iWkWSd$Rh|#c@(Tvz@ecS%v~^iZ`s|%S@-7zWVI$^5H5As)u^i$T2}_B zq#K#0m$j3Y>qJ^%0B@ON-Zf#=47AQdzFl0tD|WSf0Yf55a_b74iv<7{^ph-I3kQ8) zqa}8p{8(>yjBiXm+b{~opz^Rs`V-w~6kFuAm>M<9PIsf_KaK2)D zeKXh|)=hi>#$%b3CS&_B%hP%Ea4uD*C{nZeV&%lMI+H4Hg%F6k(bZo{CM;4|psU z8@?UhAl4PMmAk-?tUK0wuE6iJRla6U6~}zaIpD2r=k*ExID)x1-I(G$nWC8ed*b<- zbtFG%$RdG6o9B6b{~}B?nviE=!>d|T0Z+kHy5A=GTX-D}NwW+pMq%}sh+uG`g!H5s zwz@tJAgb_!aM6>AXCck zWtZ|Ktn0gmfjD;>y;z5)CG9+=(u7^nSKlYw)N38h3xA~L62k1GaT7@OWo57Wi$)io zr+{(c(E)W!*`KBh+a>fZvwfd+9$WyC6D|ASs`U_Ol)~#}*G0opR=p@~`|AwgQ^>dr zbcYrur(Q`-1) zX=;OXsJrG|%Uy|>>{q>p5QnN^?!FCSPU5;cH*TPLXHG+ecHrJF@YnXLedGsNdZqwa zuJonC1=h%HTrehtHBh8j{9^hOm8bl#KJ6c?v+C8PPs~=RRCQ&a2bPRZKv`O*?mM2O zFw=IF8X4|Be(CEMCkK=V6O#R~Z8(=7(m)w1Dx&)98^%5e=>R#o^F6XZBAb!eQH4Y% zmTQI}J~D`&M#A^GNtpz|`O`HEUgdHJyLKckV*4aW#@+5yE!OcH`sGLQX3=N@N1Wcy z7QUo5hDfyiNVS603A8#0U-SU9f{!x@jHXhm zE;A$vvu>U-uT53$;c5U%b}?I*ywCO9KOG9jhTvHOoRG{MsgE1{7zGID{R_wp z>vkP*_WJ)UrkF#mcRYUIW*0(F96u_UWXy?UAnB@m!s1XdukJz3pt+|k?K7o0-W3LS z>X4@_drqJ3!ygi(n}>fGL^VIrJ}m++lW)w$D_SGY?_Zh$HuJq{kN8-_m!0AM!%gn}tNQP%AmT190F0AHiL;T-cxBuLe&>uZPLE5A`e9%8mD0IuZ zT@tv-Wi`tiuiq8bRLzJV;vCG!1=SQE^|uQW5_hq4!fHOxz+loPcf8~Rb_glbF6VnE zF60<9?Kvg@c;fPz$aU*`SA1dBT&m<}I3>0&F!@gN1z8x%t(=}gR63c|_k-_udV^HM zYq@jFYu)651L~pAXW>0jFP@`0Fvsp*5h=_eS(aqku6#5*Y|{u=$rTqHQ!F**=)V^` zbl(GLXscAGFFK%a95p%N6tHqF)7de3?=y6MGK*3dBUm9-YX97*35D$Dhm&5%;*>N{ znfh&Hy?De^)7k$Zp7va==VX5x?JEt2QJoSErnEC+@5fT9EI&S}=>jXRsV8O6wt(tJ zzx-RxCO@^0f&p}K*RG|8 zGIK!p;qE>_KN_dJFs`k}Wz4lxBx@kfK3CFWVxoBdSJ!vf?ANm{FYSx4j-Tnt9+RAe zxCa16FXMCVu7C%?k~VnK&xCtO`h`55$pUmWU;A8ZOVg$&ztzOp&HJLV83szdoCUzx z%((1nKgn)jac7ng#v%#gwNN4Tj$vZ0QX=vW&}rv_8>3;&pLefxBAmF7d=^y=8bs5cieUA>CL2L|OH5qGj)BU$ z&a;|0y3eCi5v?=obrs#bLf_L$y&xvxrfF(q?nUfoR7%Zp!Pd9PRf0&()h1afbqM|s z22n#rEZw(0`aP1(=oqjM{Js0M)+qzIdEzJF=Gp*ISTj%{r)0J`&MtAw|!H)VTb^OgDtd4mKbX`2=+5b2MCXdh$O7uO>0Jy zy{hj95q<^rsgc=(8PE}J^q5l6ZR{->v3!U@)WH%|Ydhb;5`cMal(SaHb@JPv%q)$ zlnY_}`%YmtR6E3Fo7mXGeLbGOfD|SJQzU7vTe>ZqCa4J#Gg<-W1_a5FD%l;>JyI@p(himoNlhzS3O50Y)S zkWxr(i~X~{Zw z`d~b14|-%m?`s4Y1S?Z5_X?QaIc!n=Lrj2ipu_yLRj+dSfviO!4xTt_Omj2k_hq@lf1$3=HVQQRdlbVT+_F^*7qwd=Uw_WfCo6ipM(pBclY z>>5r%c|YvAtTwJnV#os^c_--Uj7|rBB=)M22CQcurTb@Nm8x*J8CfQrhh%D<4B&6l zYDz|wgO!#OWiRW?SX_w>>ai&f98aj%=D&w@3?c~__px82pd!j}y?XadN8{HL^w7+S zckHr<-=G9hdJ$2Z>zt7pn8p8vGK;HqLq8nYA=f;pXbb6ZH;m|A`po1a6V*=#{&y?A^}QHCxlg zpxSj>PnnZ(j1yYwu0Am`<@@rN@TE1?vy^Adm)NTsl ze$17-<%Z(h)1vu>sb=x${fZj*_v!UDLz@g5{;?v3;daOi9xv9MahX`f*Xg65UVbVZ zcY5IbtZRfHk4Mu*shz@~Xn)NDl%|fnkdC|2%jV&WzX!M0skvDEQFX$PlY}ig^9A$y zhJziY7h1cT#IT@@#%Z)^WK#8|<0MBt>USaVh?-IV!Uoh=tWxognqrJ1ug+k>(jMg( z;fA;R@*k^7tV-tD|Jn~p%MzfXq)((-7 zQsWJ$R%avC^Rs4}ooKt)x-(g^?xaHDA2GvK+@ncCTS1iH36zDiVA&_ALk1;Y`~u5J zON$gUq)!|{%s|H6lI_C$oo_5?_SW~gIw)+6{U4kG%?!7jzM+|5t-{YJY1)+7v$Pxl zz#$$$Q1h-ou_QsAtkhBwn>cslA=jyxjXty$>HLTq!XCYU28-2aSJYyY&;~Lpa}de- z?u1t*ZEwpn_Ese-@n~2cwld$RF|zdJYJJ=xCxeF-VZ;z89~~x;Jl>L#{O7J36@eBN z+%F_Xt4(3*9?7+mF1)S-&hjt}%*@wec8P>`K*6+5!0xj8T_fiYsbDiJH2z{Y7~vJ@ z9azmmBIJ;JUA-i3+Nt6GAvc(jbEzL|AYk4Mj`bSZ2xA zv!u*WcUFh9lk~7!cYF7CaZR?xy8fv~Sbv`Bmc!^aOEl*3q>aCrgHd;pI{`z-HPq3k z$xm^6e&a@4$#iJqqq9`O=_0~gZB9D)d&8r63?2Ug3jIv68=eO8UXr&y0A}X#`Ay~1 zg_|~4jh#$JeEb_jMJ!t%wCDH~GhHNRAw6bE_-K~y);8|tM8+VAT8zc38zrx53XFZ((kP?=-DgOM z8*vHxJYcM@^pd;JtE))xX?leHLGrA>VqtDz51aJ|UsS`1XAe5|mNyJ*YbBD8i6FCf zjc$_xsVf?0L1Xy-j{$=cCy2rBubQYE%E0+!pZj-zLXj4)ycM~-KndQA(Z`0rDu?jTyrixP_3s1Nk#PY)mQZl2_DeM8 zq-Ks@JFfA(Fi7|*FTHFyf8~v8 z6vxSzo!3%1HW{D@sQYP8cp?!@n_cRRY?mjfc^CZ7R(a?Y{>PS+5lR!q>W1XCn!iK5z63PW`)Y2itP1!5Gf_}q&M zt#AHF;c|I|Cgyz&z0GI0gL+}9pvA~LK!XU4gml@sLWG6{?q(h1S8(oFmq+k+@SR@L z<6|n=Y+62%_h1X-3v7&!p2sd~ZvkISJ=s^${XODCSdW2uK1Sy#l1Z*GBUd-r!4S!R z;dOr?WH0Gk1$0blHsd4KBpQM8X*(W0jjt-TZHg$$s&EpwZ4{FXU};#0O-uyWqy$@S zFRp(|hPCiSRa~gFaP3>H*AMR$ajT49-$L5>U8J4!P;~0CCkajmzea@(w}(BoIGc(d z=KhJeD;<|(W5z;#L^#ych0%oO12EOOVOyoNHPDfFEc=66;EV{CR2d&zY@q%VfLkGs zT>$$s0BPZRfN(#pj=21HhA+KZ9`hq~M@9RWCZjG*|By2Pi#- zs?2kWWu6|4`E2YtW%Ovp;BjM6E)GV6r zbL3(M1YjGkUDY+HrKU>b*3Rk3I4Fmb^y*+V{4W~Wv%^9{n1cKm{6*@b4vLRk5usIA znE88Pk@6mM3}l2si=lQ>_@9UVQ-KRm>^Ptbh^b8__DrcE0);MfsR)KMsb>@+-!+fzrL5S6L$9+&7w%UP zyiLt%RgM=EPB(D_?}(`gejk+go+I#uR}*>FRE1UsM(a3JYS7B3&pJg3ij+`pP8;Q! z9<%rYLh)JnyK^h$e7L4_DYK^-@dQs(CcNcJ9|-lb02Y$wBTK?x#_@T!-4l>wY+bXl zhI42k{?gMF85IDeM_mMNm(nr4C}hY39U7w;sgg#eXN`%r@a@+nUp-{SQw!EVfx=m} zVnPB1H;{)DyY&gEiVq^SNwRvApuXpb?QJ=7_faqqmujgr*!b~yvBj%Op$u3Q-SP#F zQfRv>Br9(vRU3b~z-(kDTVML!WMC?gfTmsL?gLNytB4`y+s5bWYN$Uc4o#h!qa~vb zh&ruvEFM8~wFsiaJGt0TM=p-AWFrPhy&AKimGlqv-(sq4p zLGO1HJwnPauogW^qFtWs;ojIVd&i8|JVaC&)$L-G&(2WBhA6QsjJ*!?KtvU7xwFxFQ>oKKQaKOg#Xz)4KCp0 z!Ie8sv}8OaRTtX^%MEo3EJCO0??%Xbg zPVOYw-iV&ot{WLFihju7Omc1R>tO3NPe^oD@U;6lyENUdQ){pPLOjnbshP;Dy9_hD z7_t!DO1u87YWO_^&eg%3p_-lV=!mkO zuCx0%2dhsPL&h8APT}&dIyocJg{QxmouYG0dYY z!Lm9RF&qNkA$tnPvZw$X4r!@R@zaX=k&<+%b~Lsu$aL=Ysh+d&@Ut==an>om5H0iI z|0m8kt0r8rZNb5MMl&zF-PYxpqE$bnT!np68Lb;E1x$eOZmHv}m4o;-f;9$0Glnl}~BHL(! z!1eubw{xAw3l*&M+S4F3oyYBY3U~jd3ssF>%t>A;h{Xd4q@4avK-BQQTKd9BifI(kHhLH z(yCbCjKL_|3#(|}gq>6>(w=c0F`7&BMV$e|q zYG9TpW*}*ip)CM5i2q}0I@X&I4l2rVwCoo^G1-0~@zU2Ei+e?bQ)owIcy^7KXC6&~ zpg&BqmWNB33U2YCAlqflqXI=XW1xlAIt5n2TlR4oDjz)wYZNP^t)SM0w)p(_=c!9V z0;njn(Xw(j#WsKbT>cA9=-@9v<}a}Q@3Kt=X!Glk_G9iA=-Eh%y-MZ-UrnnqAl@q` zaA2!LpdIPuq$~_u4k7{%X0@)E3=QeJB(V>muj9!O#7TO?S1J98t3&=fjzN~`-r!)4 z9TelVvVhjlP;SO~C>NPu_I9yE^a3)kj@T32EcnBhf7Ssoj$c}q$I%;d-_g|i9&mbM z1`B9tVcDc4PaO^J>+f=HjZ zuEBXB{r5GFJ>|)JgHdSig#8}CuE`T-j~mZb=%w#vt-vs+Y$rD(eb9p{z?Fl5gp6NW z-$OihU>wm{N-3>~E+#$_+>ThA>T2ulgfCdu>z@|}jR;T1za@_C&aj_{i@uZpx{I?=RE&z+(2`T9F(fsGKP&|q0)QUucSdTD!Sgy7cmJe5 z9(0HCQ*Hto4@N6@8@FWXqGQCteGTvUvNViJQEOtwV%5R+wse7-(CSZ4CXyB5Ya| zgURgQB!+-iU5NP4S7cK8eAjXKc}R;C|9J}%*cJ)BQ7mtI<5Zk93=+53Pz6Zzu8#WI zoX`6C&pNheU+@FZr{LE{IZzS&&oJx*ycB*dSye)D|9m1p=DF}6b*T1-en;T0KxUqp z^_2{d86{r>Nen40_1Y>=mLmCAod8MKXi&MyL$VOmMBA8`bPf}0QWnMA-4k_GBihH_ znIXbQwS2U!$!g+zMb$Z!dHhiH{p_m$T#8^wi1e~pm17@lM5K;SEE=z4*-{%lZkHtyj%AOpOJ`hG`zIO^d59+3TjFUE3>+>r=+nw=W=+9~_QS<7OB`t+ zmVlr870r@u;n7#OMZTE%8+~4FAIicuKpC264}#(8=sR&TJSa2yc3}D^9Usv>50rUx zXutnO1KboEUP*Z0mR?2?CdSNCIDHK2L^^qx?(0_B7=Gc19vDZC&SN@i*R}+je(bv1 zGuL~dy8!9BsVBk=;Gd=JH~sX7i-5lcR>cJYm9+W0;sz#jYWA4B{CRENwi(|OpXK4N zJuJtZLa8{uUhi<$Y?hYsd)!@J#9YNlEIYajflh`pv{d9DMWvS%9b$Co5WRH`D} z`FOiJ=I!^e)Cp!-`C6RuD6qO=yXQiH;R;MnyD4tyC5ONb#)>Qx0tk9n1E5mv>U$j3 zfFPT^-)x%-AT4ZP+SrUP8PjRuMc>g0HKB&$vhK1IDt#Q~>{AKJylngXslxgwkCqbxM`f!E2G5KgJ`Y903RtO~>m$>n(=Rn#b5_)o2*c8YKM~O{;Z&XDhnK1iF z(s)C$6qL=9R^lyz|3O<9eL}*RpAv76jQn!NY%woDX9h@Lgs3l@?%{2o*Eur+*3?cx z4#7VjQCLX$j{rcL8TWCqK{tmjhx{@p36nwdII>5#dY-Aq=iJDQURv~Ge0UCB41pCY z?<$(kKl9{7`0N;mWZ$fM2`>)`Kg-<$#TCq6Izg7D>W2+ERfI4 zGrr9-Tb+akiKhED;6J+o1M$>-m=C57z*OydN%vI4j8Xbn#ClTdZ_EnO*rj$ER0io3 z(bMbqHQN0;mZWC4YaP-`8*E|9}fZ&R4mqb^jCQ z5s^b+Y4StMJTpmQbT+P;=^?}ybH5Ksup-GJMPqu4vYyD-azugtP$@h>>>fCO_TBM? zz>>l*$dJJ=+h8#KkRK(9<)6$;1HtvyJvQ}fWgs|@>qseMKGWejdH*{*;o7C~;Z5CXQ`pk!Q(hHVZk5j5BraWC=lg+hsEWh<;}8GTUI^9zE^%t8|t0vX%?Kb1;K~7>JWyp#Nw0_ zct7Yp;b|-%aTA9^W0X@YityDJY^O%EN|6QK9{`}6^KBMO8k07P)Q+w;6`5tjZ-R)~ zq7R@c1S-t|+cB-PqVJd87$Iw6nDHx@JdMC>^7*fio-aCM?%RtRRZ@}sB1A32OeA8V zX8YaUt)KH;7_}(YVKJo6N#Z8KA28fNdc;HjBU=c91V}cCXgMd1PoNdx4a%EuWA?FO z{iU-bMWDL^(7p+K>-Vw>0IVN=3UX!?MS-kwPgjD0iusTi;9?FCIBSCgPFM`1SQjPYHU zv25?dDPM2}UYVru<+L84jPxBK+sngN8DfRL5!zn!WIrbDlev!b#AdyWu;1fu1C_Zo zyY;4UizE???$};=R6JOWK{|lPWtgncoJ^SW;AS*9PDpd+j|+=ZbOJ7}hnpwt&vVrm z_ABtFq9j|v6zz7Iy!U=x7345-cYkwl}?(Y=IuyvLp7S)z}u@Sy|xkQmX za<|IpnCf0b8`$YpjuT&ea&udPowMblWFuP=8!orM3OU_XpJ0OmDSqFl-=67oMXfn6 zxuYK}F;&V8$0^d5sPpt#<;6a+;X3-;w0Hv?k=pC0xm)bRVIwQ_%ML`8-}Fvt-;bo| z6?SrjJ{SPj!ACu?h{iKjajesBw}F#3-pTkvYNGXQz@S|Cf1HWrSx z@{87`Kcy~5udJMD)C%F(qd&I?fR=%5yFpIit18um^1IxgT+5U4OMPnB`DIErjKH8iL_FMm}wc4ReiHvLInA|J%od07j_lEPl1GTV{QuBo3#GL%_|~=g>6UieWZU zW|Xvxg&Ic3?^ZF~5~o8%iFx$H@iauoFf~1h!O~>>uVfyWlTF#lC{F>J^{tqSg|XeD z8`z)<-)l>q4)mC8Jgm~3V? zmS2L5@}f4|V)|{niO_@2>>f1_Pmh2q1>nDp3ua{VzsOeH7Zm+f>_=ySu{Ob}P;`ZYQ z&5%d$odhXZBp=Cxep?hMFM93P&^h7)E0Vm1+Ee`^)<)s8T@pP6sr5~T7Fa{oi zlwju@rX*G|dX&Q~W-=O9`eUI%e)nDVNu^sa&!U*gXykj)xBs$-t6t~GS&ry8%Iujw zPQ>OPRXze4Jln0O%>Ir*76oAEALn`JY0!Ahg`E~ht-m6))B0Umg~gMKv$v!l zzMB_;qZ5mSg3tjrpZm&FbdU=&8f}>GZ*53PmnbY#(B9EbY@?+XtaKb!cJEZ$(7%Vj z|5cMG+A+XM4k|H(QH3GP8$&E&2+&J4ietinjQeu zbn;DonOr`Hx>Gl)Ux|>^iTC-XhUCi9f$iYjNz-a2%-FoQ(X(xt+;^)Z!Gzykxf4F* zOq&R)h=`k3UA?kHDu8hfw7jOa@$t1A@@aZ~iT;D*RNW>6v=!B#MBFUeLca6!wMc>w zF*9&QL-#lm_i|BPXYPs92o8o!VPkssu;hdZk94R^-k%2h!$$uzM$p7?U_+Pk;6s0m zI0$<#q2Q9IKc6dMjf0JPWp7# z3rRYk>Qc?~GalF#NL3k6El znH!al4_{;|i;^*i?>XcC{uKfa5^z20nJ)k!oTq=yjSbMi#u(ygysywGVytB}sg8cCO%IhN-t2!g_92*D-Cp^R&zg~%68H} z9TzLHR<)*o`s*d0u(Gum_@>*fF6^R$gWIKK6nop5#et7V7*uNw}M8NwT+YmMT`|gqf=0p?#V2zK0*Q zu3}~{c(KzWAU-TZfn}$7L2DdYd)}Lu!4agN5ai@;^{QHxCKgR4<@~LVlFcC&Y#i(G z5)NJF<}SNK#vKALFh2BgG2DJO-8TnRUN{{wpqY-V)I@5fKF21?fMHAC$vgD?SN_#> zX+nf0Z%2bw)`dqsnp&Fl!;9eo+%*V5AZz6b6|la@R&5bWHU&#RzRmx$vH={c8N5t_>lG zHIB%OH>%l_4WXPmMw8?Cm6Y0x*fQB$sb$6#(j}FK<@oIgbwX)xk*HhYp=nQ`m;F72 zx^!Zd4t#B7n0ZF61C=PNt2BEs8P(%hW&nLz&W6uNYIqzf8JKOxBC_rHAeGtJLQ;x4 zzBpChxccvvG#DPUmr>-P``NxB0zKl*|Ai9q5c#XS#reABobmD1>T4?SuC28KZVr|4 zo^{78b}sF1GlVpbiy^SlKfDrCa|8n_`-7PJk6@7DP_|g~ykrF+<IaO~y(wK#=?dOA6&da^9w zN{5R*pX2BQcs3olDd{WGy*A?c4+p9d0Z;WSF2TDTJ_bAmehVsXk*vpLlEzP9YO}kJ zng~X*ZL{-8w9AnbYRRRF;hA3v1EgBFe!W7#Q?wfq$yAb)pD0`+_Qu{uE?&3Z6%DMY9J$B*9XqbBUGRrzD~Qtm$2BM-KVQUe zI^${#?_KU9*V-|@?kdy*R$iUd_+G{z8S7fhLoZDlP<0~)WS+qj_+%FdSjJCA2adlw z;;I2!mPTT#f+gDES4)DbZ@6; zKk~?&!n3?A2v$>FOHVj{JaiLSL=D|h*l+}JOFq0!!(L8#=sO??`6a_=8j!hmmb>%T zrnsYG-IQI6->V`Pb)MgV8#ySpAG|HUE(t1TySXQHKAX9K?!s;obl+k>NH88h&(QmQ z>`Z|b<}7-cSDTMh)HjMb9;r9K5@7ggmbotF`H}aa%QpD?%^7ir)9We$%}K{04j(VT z+f@FkLBM$h^)~Wt<1ueWKlD2#AS7v@avj+(NB7j1Q!Ms81_GM;M>dz@;GMsR7g(H` zsq&!Tu80%6R9Ui24&v^%a(1XVo<@k~GGFSS1{_7i7_|S(CC=fBMUruTMa%Od<>$}; z4W3PaZjmpr`6)!8(S6z`(HM|$y^RTRuIPECz_XWjC*M6V^E$6Fsmmds@|w>V2+1DF zZ{M?3-yVUaQFDHHA>*>8pRc+kcnVpDf*asIZ|-0{?^nSSboHYURoxBx%a_d})_U%I z`d!ZnXCWV2K9>+5W2H?iyF-|FujsZ)WUZMbP?G8R&0sP?K(jXrKnRgDYag038{O;d zDEP|O>zpif->6gO-XQpd3*EVz^t7nCV;_8SbOVh`_%P~N<K@rL>8eC1!;09pU^@dU*v>sA(J8GDIKo!Qf`j9c%EvU6t+u)tY zx3Xmw-zogGkC#3Pi{tuq;<6Z8GnSBNPpJr}083YJ-gN`vDnL+pxu*G@iS~CgF7su* z&Tb1pE~fnioYc++;7q_hBM5=zn2))_OK?&&YS4wbiq~laDEJh0DWsr?=&RG0ohZtE zYG@%A6clzBqU{0O6dILKj_37Vyl%q1|4 z^uHQZN@t|#)HOD|xZ~46D5!E+7P83W&%SDxh?Gea+MoNSO7m&i_|7@iKC@pvFWT!U zy8w=teSHBIXLsLKblPVSCKT+MAx8)af@NNHFX(rD=`vPIt%<==#T2Cg82wx?e4I7a ztnlW)FV66H;TWtL6q~`n5?V;ACy(|pSs@%$aSSO+u}K7mNvYgNuheGal0>}M3#<=g z-x^Kcc}=4E>P*t!SQof?#!V3L;jj_|@|k6~l9iLeDyjMcLyFFs&x)z90}CU?^n%4h zln@ENM*PE*OU;qKrmeBzBmf=t<22l_(yrflrc%h7tjf9$60>U2Y%Q&Hjbl@Eg%u48 zgndx1ep_ef=7>M+#PvmH{a931EtFdU#N} zc2TvZ;qLq;_{hx7GtCl%v%cWPBjgz@=1ea9P(c}@T5~Y4D1uQ7Yvj$O_MkRDe3oz9 z@J#$J*cO^#{Xa^f%#hZBl(zk$G%$~5G!{(Mg-J(bHDX=T@*=ic;CL=VjoXTi6FsJ9ywgV)RXXWj9-uD6mmPRv)R*L^Plp!g@;XGVoR zKn}m>zMMwm)AixU<&=`}FhVuQpP}*7zw5q`S70LVC~ws--B(bJ8$Yh3F92MT@@KT|Kku8S~@Ut%Cb;}H>DZ}$HmQ(qNOW!JP# zN|#8(rn`}pF6nLwX{5X3CZ)T(q(izxx+El|yQI78-;chZ{wMorAI!bhnwe|rn$LlM zpv6u$(d&2NccC%kFP&^Jw_B?h*U18V1HUGAfub+O*cQZKLg?jnv?v_yPP(b+fvrV0 z0rJ?30FON3Z|-=Z3E*)Pvn{>UK|J@2s&7c=RbeE<3^h|cpx*HRQ;x_zJ|dX2LN1gI zFi53fRP{_4FZrAw#%u&UE}03AcJfNJao9JXU(rWTc|*|jut*E(dwEDLeIo^+XsfwE z7a?UsMgI2A@3=C4vjk{3aLnAFixDa6-HkXnri9nX4h>A)Rh5#+if>EA=ra1HjR}lQ z@tMUK60wz=@ip%5NS>uA|Aje*=K(2`mxZhasb{>Sb?*SsqxfGk02tz zCa$-1bFpDXWC3QcPdQ+I5 z)I%v)o{-{_^=)Z0H{}=c;5E^&C^vL~$JguQVjoevi4&8KlQ)s}Vvp6zi2E{!<5;IX zE&X^HZ$Y$Lw`Phnr|Nt}uBS`x=c2Vn*}Q(2&xIeDfaG$?fGQQ`3eAQNte>(26hkP}-L?&Cx z5~)SlM~Sq_U}TQbBs(TmMx)@4{pMPPlopisFY@cK3YgfsEX*AO$Hbm zh0s~!<7OK#(-OIF2<(f(x($PGdOS-zoD~whHeo{sDIFn(_=SJ+D)R}XwRrb>xW40( z#{b>_;X`kumi7x@0iRhm;dN|hmbA)oA#xbHl<&#P``kDF^FoZufviD=>Qw5W7xPu{h& ziP(MAdokTHS(e0FS?Hyu1fg=ZFQZjBx76uyYE?PZthx8;c6c-|*Yah zsQA(zkvStk2ZL%!zKtb_l#vfR*#rHJ`Doi{;ZcH}VfFadm&If)Nk-@o^)q1~XDp%p&W zZKe^6?>)v66S^C;q7fhLpUS#`H_k)k=81Z4MI{nq1ssY~qEw3^G8MWB;W;O|xm-Kh zh~d2}1rIuHf5z*J@vx!UdQ_38>?)JexmjC?I8%7yn1lB%^`bD$dR3sWL<@y|9|R0g zUN(`YStsH6#sJQ^QNXK zRh-Y_EO^ea;R;Vof#(Z45cW;<)nHK=Q}iebw$SgsHDp$DP5tWxI5Z5&P;@^{vr|-D z_yDx2D8$iH6PV;4r*0ifyjLS&-%&H7@?EJtgwsu?nf^1ku2n^3fF1lCUUK2 zBT~t`L!>|X4p}ZASEWD{t{*jEQm9276sSMGRkhf;Dg^u#Y2;)FdVCV}=HyYD+Ok`0 zEIe2>R-%977KDxW=g(#EP|3GNfxW9T;nP^nBYD%i43{+t+iI#+Y;w9>H!^~#hgi$X zIvde{#ep{@Ia9EuJ1g>NHI@r3H=Fi%=^euqTQpdCsU)t&x1-yDw9GyFltI-D1ANC= zQ;GK4u>T>z!89DTD}D3F(-HxFB67_>LLnHNrB4ZpM@Z{uWMO>jfhN7(O~snWuQ2F! zL2qKU3lYf9W$kAK{ysR?4L=LP_7aP1F!Ug&YH^zmVMaezh-|v(c{sOVe!^A1pGM_0 ztY|vV!iO-aa7+Yl{`9hbFrzuy)jCkidw9`RI#N}VYd>CI^s$zzzeSQMRZ?KY<{K9S z)lytLVi(5hm#ooVkd5WD?b_&($&@#J0R2tdpzjGWX0NC+DqOiB#J<*jd^osqdEK4^ z6(>E@`J+i zpzb0a$GSKcu>46S2}J6kBciYj6E?Vuxc8@w8oMefxtf^2dqWbX(j`#-hG1~pFHj<# zzNT3>5SIXP;zG7YJY^7%U^?4O(KkyN)+5%qAbBe^lhKZq^Y3w)0^wF9{bM$C{e>Q_ zzKq38EDa>gUw))hsC#_MuvNgr&~vq&>``^@1_Y8Uu-;<~5QX48h@v3;T3$t|>XYQr;T=oWL%H@Z*YWAq>(j%+ z*LL7)Z^-9gP?Y$2y2&4;Ic@#4qAV2Nv-KB!=nEgdDF~`pzZTbLy+ucxIi{$uu zl&**Gea^cj=_4TW6I&B6uHtiV0cRdpPW6vF*)Bkn_j3S}pYHy{tLLALq^Y>}fx31W z9CwKNtzz>!7=M!4l*xEx`*-WUJ2h6wqLTJcB&di=2s@Oi8Mk6u{SNC%$dfX{E+vyU z=%2d^n*NDw@Je~dm>D}zFu_CmZdVA) ze{F2BaTM-*iIP^b9G*E3f3jFXnYt$VEY%s6H-}d3Y(y0dQywKT`S5GU?b_dSA4!xp z6xl~QF;Qe&+Fp1vYfuXj=o2mGr4A#kl1u|6?Svy@Thbly@!e=WVsEN5DeWK`|6aU7 zsGl!qYl$zAv>&-3SGchGMtI1Kk}D)T2)hK;H754lkfb7U^@U&X7io7=I zkJI_*>hYkZYycM(DJF1rAw$@y+Fvns^{`x+ooKtC-CnTDryK3zo#0P1Y~Bw;M;WO0 zaIk6!dNc>^+)f_L!5$ifTtowNl+Db95+)Z9s#Z})--48KFE_Jd3&`&lKX%wU`}%>{ za5;B!);{Q+I}6R5Rwm*6ZeghzWyA!s3Ex!UH)+@cr?+L;WZxN_nltTt+n3LT?FV9P$r`xnC+ljzzmlViSkiw@7JYBK&PuC8d#)d@ND!><_*mW5iaVUAkv0OX9 zF!O}kFAc{Hd7NHoDiTMRhtg`owVm>T&)~(8&Ik#6<7$$B7#*jwb7MLZ_db>;K5qaF z^*ep;h96M3Mu@KChoG+QIz6FyTB}62_C9}Ijn@ljSe=s>=AYJgm8!{tevBW+;|wB= zpL3LOjmnrQb>$>_PWIU4J3?d^AXZ)SauEmbuQT~E4ZRNo!4&W$h~15Z{?Albj^?99nf0B0IocaR`c6wL)~y0tE73AAaC_>R4N7W)~*y-immI> zerK4mNWA>gcqRNaW0g*uth$ni&xtusgEw|x+vd{eMVBm2`Vv(AmdTSU8@mObL*q2! zcbl}k`{y60J4&!FnhXipN_0nZ62SnRnp8xkuG(!BsYS zxDig22uL?yC=})r!}MX`q&4{@1m}*IY8pHE==L$(w1r`5B?PA8wCd^1)1uBg{H;@y zhsi9(ClNgR@P?6l_RvOINh=Y0Q=WU?k~kTnoHAc|*-9H_nzr!yR2sw;r$`>4L;?Bx56Ujo#?8 z14(F5e~BmVNZbO@x*0icjBR@->F2Ya>ClN7-f2A+ckkU{BWERg1yji>0SH*^7v!o@ z!z)7uf*q4NY2)Nhs*g4~mI&Srx84Hjm~1yM?UVYt<`7s-k2wuv@w0%pL*G7BhOed( z39%eCaa1bK7oGEplbX77M5?yAgxq@dEOsL8JM2iIZ-3@V0&SllS6A4e{0@)K#Pw=; zlemAQN5p<_KE?*x`5w-v z5C|EqY{Tek^seC?0^i8@f80B0FwmeTlL*Lpf<7=wv|}1v2x^P31k+L5GmNEw@ak2f zx=^`Gl81I0zbopa3XZ`ySL=c=SA~(z&^Vk0;U5Z`u^uWbktQO|LN+#OXLmeTK(FGH)4N)M<{UiUG*oq77re3YbXTKr(!$5h-8KxIZ( zo<0E#^xbik?l66IOa3NGZ>s0MKJuX(yn$f+~g4X#dSlTLUlH<~6Za+76SwEpQQ<{G@%I?>5y1>uVVojE z`^)qM3C#c4Y9tx)V-^?#&<9r}mGisdS(M2aAWLW)%q=rLAvNXRrU9t=hsFCP(xa!! zyS|XFQco8kiv@mmT*2Hp9|z4hf}?M)H-F!@PfJ17OZXiE){O#5IHZI*VY1qA7#*y= z;J9WMQg&Y~O&g2UTjttfFK__@`hDNi|CmN_?f6*Mw8I{TRzQnh8MKGgytgDmGLWG_ zL|k`^03-#_X=xeqda`99ekHHg;lO9x3E|%9P~S{xu#%txQoS{8&IxwrWhxqJ`C~@O zKaqez6urJ!6VfL4OOw z>gj-wA|6T^#!505uf$d9zR-)BMhxi&$r$$@80V3<5VB@^9DbpJhV5+I4EA77x4wEb z*RZTUrezUcMN(UvT~EIkroE;dnz7DB^DY+bnUtYF>3wdxgSTc85S@yTSNQB;517*3 zo#p;VYF73%lKA*kKd%|7cwS^v9B0Hf7&X*Qp`e-cAP}(S60^vJRZzcC27Z(l#c}`l zDAi@)%3WkA1?Lxoup$P1K3U{no{q{p^nuQMe_h2be9uumPT3TGKDeM*ADQk-ZIOw3 zb|+o_(i$DCjt^;^R9gm!Q$rIHyf83!S_q8aDlvBYRdPH7%}Je|oatwnbmx3_YTeSW z&iEKEA2SMs30Vet;mmhQG6rlOi^B+mlm73P0Zx`@?b5-a6(-K-)HsJ4XrhrNC5SB# z4@c}*O*3mk96VvF*xHy^a8mhM>F+`a80lv38WbS?qXC$s_H<+yS(w@yld_$Q5D2Vj zf?prVQZgAm1u$~lYpEyhe&w}=P1Ou)u1WX@nZK@TlU7kL=)egZ#!(8DJW#CQ_-k;f zployMuWd@}3&DkY`jTr3NJXMYcfOBRz2O;!=%#%eveL^3)xi&3E(FBUX2zS-iU@2GoC@MpNL$yQ2REG5?U(;N;_4 zgjmN{Yx7CzBoSfX6y0r5WHmm^5J>Ytc8C_)R|?^+^C98W@r?YNMG!!TKB{+BIpUZh zxbsUXYcG7K*rz$|qK<@5Sot#1Y$+=|G-M_UyCSPTdDjksaczI_D?x*IaKSaKGnGMp zUXZBib$Sc@{uHZ5Xyor~h9J?~gtzNSC2?HlLG?#Z-?x9E9K26VyD!v1XV!RFfv#j1>qW%4~Jld5k&@b z^@>u#iIL?l*B>ndQOC66oK|>cVDb32CK+04;WpJak-6)HJ1M}GZH*O8C)H4gBVz!f z=@l@SUI58S1UD7+GA;VC-C>zqQV16FJFRK33mhpXb&DYrwLi-V+Vd15;%{Zz=|5VFIr|D+k4+I*xS}JxRiYO77AkRb!VYqF-*=F}fkv%z zI$HaDnI)fxm=P`*vfv;OSI#D+1Tr7xJ=|7#icJ0$GPaMlSY<25$`LNENdlG+bS$_6e z-m#eYT}(QfJxapc`Fdk(kJkc73{H&DT)AOWF^n~hcT=EfV&D6lm|*qVpg`DG2tm1r8;6I9W!<0-39|8KDp)D{K zTflVm>p$--2* zkke`ZJ2U5%umJgPfnmxQo1*;h?}B&J@f~{0_Av=|_qa}01)%+XZ2_F&!p8^|Z=~DV zYaoK^6=*t?oubn!floGQPNXv9b;+xD&E2e)-{T`a9Zfd>v~zNp4))vj;WxQ0k@s#U zo;D{-K!%sK85>|wGej$oO%}^;ArB?0khdyN_w;T4(;JRg8}=uK8}?wm;n<-YEJ0l< zj(#cLKj~HZJ)PGK*gNf=O*Ocx5M?3uMI$d$eO2{Rys^da`DC+&q%Wd)JQlyWoAlFH;eigXl*dqH|0&t7sJ0K08#AMEK z=1Njlovx^{(jWH2e83ZCT zp9L?~aL5`_O{POpp_kh!g|cMgEuFkluGjvLUQ<=mC;CTc+pnJw_|yzLOo0JcGgd%1 zX65S&IS)<$je+se7W9BR#$&U;_3yln`Jw8;*AKl7oeW6X5v1Wu4e`@##oJvuX>gl9 zxNM2hn3MLypmMK`O$Y6NNgZnF<_bWinGu}R@e-kPA>PEyJ4^SjfJNUtuX9bOnw2_~ zD)lQo%0&{kl}MiI11$V>dc;z1!cms-WJfv2d_zg9WJ*ZBs5o+qyA<<`%?s&q)9)2e z!yP3@^sl~ib$BDe!zX1#$iC}!a9aCLG5->G%AxVxH?m2^B3^2hvg#uj?w-<7Vm{hR z>d+P%b@MFDyJpf%0#}D1d`Ie;%ysmN)#4hpxPY~5wSi?V3gD0&!&;ya$w#3Bp?7OE zn_lZrv+NcRulps#d2hk6(IA`crU7cR6dnb2kXOMZJmRVu-6)AM9)qr>H3j(E`0PvA z{#+Z?7EcV_16LxQO1rK|)|Z7l)^iH{Y;4`pvErFuf_Bfsl(TCOBGV6rGl*3ILztRn z&C0;I?dnD5W!d!@IhY+G1-s{n(zc#3jLup-QdR=qVEBqP z#83O6bw_5P5(fWw(<?*rN4Yvr}xkX zj-E%mK=_G<=xsd~%>KOYECRZ)3Oj+Es5c{`F7>06&Gr{_i9q_HxreJoV#0Jm`1V10 z!Ka-|Kp+Nh0i#OB!KjUbbxf|3z0Nm_I& zGLt1F5$p#(+Nt6}5emg`0|oW}%r8IOcB7hg4?8A;E9Q!sw6bg#goV=ImI6U_xPDy9 zLXg?Wrok36{W-<_HgP~}P=x9A7-r*Y*SfCihxJMPWKMbWEmx0I8y5ODnR=J-RnoiF z-AB~EW0!+(3yVEI8njn+rj6deu<|De_`5wjlaDM==V#gc1Wq{0@~L!yM6~>wj{sLB z0qDV59;pNaZ_SJ8&N)}Wk}fse#lpP6(_1|-D;pLD`(fZ+!c=np8|tTv+Y%-@t6ezv z+oJ;cpeBS=EOV>^i)&?(!Y>rxwLV~DV2a18HKX$+AB*8aj$P+XA}0TAs=L7_y^ZyFKHBBB7poL%r7GMeeNAHDANR#I5j^!A@6M#b6jsf#a-;or` z>M^%!_v1=u`%Br4YtQS>vtD7J#IZIaB4zd!%KamRJqXjQAh2VBiMu5=aliM zOgjRW8JFF6Um3i(G;xi6$;Y;AA)Lch)=leFWayU<-e7uli^cT4l6!O;QrO)PLPCPi3W0z;Dq3*tX^<)WCVZXi6MI5mBr&ETMYWS z#rx{&AiVa4EKNa>UZT@_TH=5KzhO$_%KuXP$oim;C|Qgmv86^%Y~xwlw$!z(bNWf; zp)aTT>L=BMj$?DU^@Z#9yA|h|7<`W73=gB(&Q^j?GD|)ez{zUcb0^NrX8mz~k0(+u<`km6eigaWosLB*EEx9wB~* zsQ}LKl{M{yo2d>fPvl0V9-q!;n-Ntr8+*=68*R0(mkN@{#0s6MZvyUl5}prMo}yPw zKLX1qAx{K4z})kehqvRn^5w%ydw^b=7t8h2PJLPS`Sw%@58`@Y`w=2jiz=+j8mGz8A(X@W4$11cK@Hhpb3DSy6OPDOCiYOW~Np zhWM|(1+WzF3fc3i1h7n0GFCX9z!*EA_kVF@;(Iov(RF1w%V$IBi90inWdp$u$1{j^ zJudAE$1=Djw9*H>a(jfOtFSYVlp!c$KPPU#4cGs9i&R>l{si}9?BY3K_*aKFw+Nw# z5n5L`kg1ix9+~^BV~M(!-Z^b%!uIvZ{n`UU`5Iojck-<2)wzri4xUOr{)9YOim#Ch zV*-Lh{b%1obGH`cBXQI)b|b?1^xM8073vLXrkoCH)CQK9q7w{2Q!APW$yn+va2Mo8 z2Dg6;wfp%Ep|qahnzfiJi^F!`kelE$`C5KC(D2dnWRb)M?&a--|YwE7y&jR z_Dc@zF25Kf36_byHZe$RGEYZGBN8saVydt=-%NN9s>gZvdJO-aNd0@U3gu+M6S>fE z@M^fE6_XZKk@A$4c5lLQ-sk*SS zMD0D`(Up0Ut4Qnzb}Iq%;pNsMhc?wlcv}CusPXJ8>u7CtVou@q3CZB z>42r;Pf;9huyHkk_vB#xdT388#k+uh_u>IN#UO>^efY`sxn`r%2gZ1>`8YtU5@V_# z8mrhxxsadZ1LV=dr1VW1XI2$|uPA~DS%SV&82fj}Y*@7v)~wL5ZKc?1RYn&?kT@H| za!IZTUjoEm1(?@iP9VwPNbt3YtZAk-fSK;=k!3aG_MI>g^eoPSz}DzSeZbCZtUvO; zJ$T3#Z0z%UDXXLhyl#)=z9I(5>sliobum8{r+w0~zBKB`fbRR@yT#(o5j#=?rU*^0)w zo-gFR^KSoq6{?4o7dJhDLjC*Z09qYB=d*#L3SbO_Ha+;>Sfy=0kb!#LTis=GW{JJ| zYJ5}@*bJqHl;P*bGe5;lS_tU3qLVf+^GF|NOg@(r>Q2MzUf1co5=bv+3yzng&J}F> z0U3j?S+|U&dv4yiY)d-dc?LaUSj(S6;~Wr+eEgNu^;$ET>Y$_L76Ri}$j5F!pZz^$ zAHbaMXS9no*xNl#5`VtxoMv7R{VM98snFfa94;iMLiUj*D@2j;wbz(o^XWzT8@|w( z0?4tke~zVd+Gw{&Yu>$-W0+ZPeWxTmyX^8(mT;VapoiS~c8&Wf@#Z2r8-siR!RruAuJ@ zEB&7;$97#co!hBbW>`eBHPOoQI9D@ul)c}D9q3vw%M= zu%{C|D@9;1?Xd~TNdeAXA1Yz9t-5UEzAqsq;2ru&e|(e72ie0Q7qt{)bI~hhw%<_< z%%7;P;QfB}3%>%5$24j`wvxpiwQ2A*d<;!PZZvO*En&_Y=b@9_B9b7WSlylhk5!$x zrDx|iJ@vMe~aF%qKA2y^>oYbyJ8*=|sHUqxtT zhS+k|x4gi+zmTR^&-pNw2pMann^cs8xnGC=wHjV309q)rnK)U=PaE)$OO~r*Zy);S zD?6v%Y4mGm!PE*-1wHj`MgI%P-HJYYW*?1Ck*4>Ay*7(=m-Y8IE4SHG_8I0FXHMMw zQa&Glh569&hyH34S{#hz30Hn&Hi(?PD3wS9h9adsfx;1z#6om2ZFv{-(Q{#Zmil z6z=}Xr_|?qeMe{ktW#0mdho-jG(-J%qCP8n>cNZ%`bj{w9QR7=srX}T;P%+@)IdnPlgySY%S)bBc=F+OLwylm_CLB>3@VH-XKl(=ADsx2xHBP&uEO^=nXhDtQr(G70Qk9b9=I-yb5)hss(hwKm_>zf!G3lqfzwTja~Y*-3@0)%3wI z%{4W@eD;B`<-bw%HOk%kibaH22$lOAKDg3+^HY>p%w}F_e*KgZm$jQUg79&}x*@v1 zxD9Z9`hs$;cID_7dA&1iyGT4y6S#z%i3!{vP)bWkOwN5?(F=NN3o7flyH4lQLmZ;~ zUfi&$~L0>-~aqBlnaMO#$ zNd!e~G&vFXIb=lrGnPFr(NR0KlRs1~xiZ>gh&;UNigJ#-9@HiAUlncw7}9JxGe=G< zw9f6HQChHwTXt--Poaa96915MdfwSXnOCed7pZ>&io@F?0tn zaCzy_opVz6$nSeN*d@N?&N{KU8c^pBgVno1)52bd;k@hpQEf-(8Ts2L40NZ)6@5hX zXgI(w6rE@+TJ3nU?FTSBr)*unCfgmSVJ{ZPDRS8GacBVQ|avX|}F5^^tg8QD}OLwxr6M6W*dm0F+V z3KWu-Ac!}RrxWfV?r>9JlC8a68q;`#(P9v-Nm2w9dsG&MzYXo=6|!bH!N@CbA@qti z<)VhmfwZUP=9A;c-)Ku!2rByV9|-?ylnS9RuF96OImb?2WnPSi*{A4SDvR0QgB7H6wSZVHmbfYU6L*x{KNsCN*;9B|KF2<@z-SZn2}=Fh##KaT?&-P}TB8vNVDUrC z?A$ADnTv$9V~x(^TiB7U7l`jF9SQN%7pZNg{g0!hCp8>Pi_8LDO z+Q~AQQFiTO-7GC4^!kxBsZi6oc=b=L;>2&eu+KMhy;KkMp8TSW@itxC@%)*OR=QDe z_A5fVp zUE{!55BSue@U|0yhJB@f2P?6S2SIG7TB3Nx;4gC#!@R6X`m|Pp6njg9enV+9tU_^M0zB%$OkVqV8G6)@eHz*|ts{H@(ydJYoz&L)TFgUR? zLY{UD)~}_ksFq6CX&vhV*CzCsC)i8MyHNR{)4O09&b@Z-G@VZYSa+*%MOOW~`wVa% zHKufyR@una+b+p&U*PVxbB-M>BH$KE3KEZc!9r=yK&BX|Jwz zv-Ro6mAp5K^?}OB2(knf!R?ELWPGs1$3~q7En(dxE zRBCda-)SyQhq#x|&h}^>MCx+&`N+-YPK=Byl+~SZW@{3E^jftWrM7pA31CCcPJHqP z6E>~5ihB!WG|ZF%D>t`e(^BVa$@;`Mt+vkx+pum<0XUbnxE)a5K^j)(!Ikp8YqUDw z8oEY2+_XUsGmQ@HX|6`ots2R#zBHumAMFLc%}CluC*$>8kV*%bz1%PJYJ^PkMvjs$ z14keu1p1pN3^(1Zz?gssm=RiNRU_$o5J`QS?f&k1zF| zHOdR@%CSAQd|qj^=X$#XyBlPo+>hYd!KUy5BBdLtBOcjE0g=}K;9mZTZ1ZCFyrZ4% zTQL9D`zaYLlv(aMkSh?IJIlTD(!l>Xj-%>=-}V?kmWUX=-aM)Bb$KMI5=y}~yH&8e zzVW8nyV4_nIf2Swf1E4px@}Vgh^p6VP4H}Kv(fV{vAzM_I}R0Ko}m;$2twSWL*IW3 zr!gUWond}2e6A=)>+m5IE+O}SnJGY8v=MX#HJqmfJq-S8y8~6s6z!tQgC!3^q{HF` z4}{PaE5vXY2$sUKmATJ3x<_S;R#UpZQrZO)`^z@%p+1K$T}bUri}mHTD^P+SGsjCi zIY(SaF1J04gxp^H2rkCoM2@#3Y8Nj)0b!cLzhNt_Ty8>Rq>Rb212*JquhA`FQt4pmEC=VW|URC z95`rIZw^2_1Aqi+ybYeHtZe9{k%msTgKr;}Gq`A-)b_H@(Q>9+J& zJTZ7(hlH1=AE-hl%*)gp!^D_pC2(G&gfUW*MD#72uZGN*k?s{6?g&m=CLnGNC>KUPFK;p~)dqJ-Uo zz2Co>W{qZ_aW#w=-t;|{pB(HTc}mh?G7Wdq`K|H(df)7H?15Rrj^1`T`{MEY za<2e4@YTyE4OOt(KyXC|#C{)9g1~K}WkMOiLQ8q!p7Qp10Cwb&%|OK1eJPIq*Z?b9 z`7c<1-($fn&6>s`9cvL8ru?N+VnB7jg{i;GLwoP2Pd(au-tdRaCWOp82&kEC^pmH$ zAS0x7N4%9a=9U}sd@_)+gmXMTRuS-d;rFqxD8)A2H!CR_b*x6QQ2@MIWN+KIhdZV_ zYmP$AB@RG@ClQB^$8kBW9ZygG`2y!|uA89KUmIPd<>m-uy6X~qEB6J*wiu>J$KX}e z-8K3d$#^3@VYOs(JvoT^47OWW)`Bn`FNc!wN6E9S9CD_?ZC~Z_4{C%lCHx>#EDQ|gB{XAY6I!G)T;t!$D$d?O%`f%$eANBX0E+AtWr06X;`KoT=g=)oDOnvu6#y0%kk`$ zTQg9YZdb7}w3x$OsQ=FkU;>(>A%HeNEa>tLhOh$0_$C7mC6Xv)tU|1DUWf|Sj51Z! zCdFmX(h==x4)s6$Me8A~@S|K<0UY02p(+b26gQGE=^Rj8%?=3~w`Q&;MY+G~U}k2G zw6%JsV-HO_myYBq6ykzBL#NpXw@+u|!w3D&cT@m{Ld6fju&actxDbDEZ+BxvOm6b# zj6l|mU>A6)Y+f`^$uqTy>V2FHxV&P@CoPjCt~6ZACIywXZSLFaA>js({x8d^(2kz- z=_fi#DThOHP!q^iemZCYL@FGh*Aub{WHeHnU*PWLjJPZt7%|T<6rf~clvXo~;QUks zYID0R;Ksx~<*e5yYU@3Fsn>H^rWq9l%q?h;f1lHp6sCy5PHOC$0SgAkDWk!=G$^3H3I7O;s_IV7@tAM}35<>^hE6h>+SEBVU7lp7tP;Ks1kt0^}aZS7R z7N*{}>)@3MSJoo%U8jB4Bod6z%N|*Dpd2{zTs%y$@SJR=O>kAV_0JC6fBEn-y_L%{+VO(i z*`4e`wZSQ!6>3-=lKSBjBkp*3gbAL47T$0Wym&u-6hoDr1L0rQ^(btTh#IJk+f=no zFw3iy;Ky_}5De#h^y=lNb!NgxSfq+kpGv@em+ATn2_TX!%D|I+-&KEP9=ie_li)GP zo3Z&pBXK>_48!F|@r_{RJ9x0*MyjdGjgBblw;$ET1^dzC?!!!;pBkb=)g57z+zRAl z)4r5=3Ut{8I=AIpN<-nwPv5a^8qqgXxc@4N0}{V1UltZ-(FgKnD0}{6?BYdkfT;0K zD~Cry#AHGA?N3i8w0%LiVw>{#_3)1{(~Q`h$UyUTnj`GY4ZCa}eWFu5UhjrIOhy|l z!>K?PBJjVUBs;%pkV3nY_^IRSv}pAGIo>c2a;h^?Ef$pf1Q|Eu9*-ByIK8_1;dOse2PZpg;>1g1T`z% z-Ua9H+1|B)S_#I7kCiKy?e^t3axFbuY7^pbplCYT7bSN(WR2|nodT7Qhlzew5a+m* z9SJ+_by_!bx?lGStft-6AxI^`Z6A>=jS0OimD)U!R|IN?VDv@nvbakV^%VTesd<%X zdel@%jlc5rv+AGgDUEYuLA?K+i^;Nwf{;~@^_gB}-@t(Ox)#l;QHm|FkA-8n5Y0ZL z!Dc{l>oy#!rQ7JBiP?ZQtpN(!J~i` zvb6hPp3b2M3ibCYN+0Sh|10%jQsvZX2&@aczibKLo2AMdmFB3nVObK{_q7ADJhdVI|d0;aQrf zOrsxsE!?20EnnnWgJ5(XPjE~@oXGnPvUXXhg&y({pizObei&{7nA{K5UtmX`gftvA zWI{fz*M2!CXA+GKuI7DY?(fq2=X;1f)~vu=+x{yz139;|W{=SJ=Gv(zslwhYLvXWp z^UuB;z||(k{(WjZD3@xl#WeQu!{M0REV5OfQ*y}-EmBNOBC5k%4u^~pJbQR<6&b+C z;Malyo!p;_vu+nmnoAmeh@FNIOQ`|A@#~tD`|9k{5|NA=Sq5&I*BA^n5fVJgi~Rj~ zYX5{n^oX$FqtBNH3q?k9;0lUuig#Wr`3I2f{sUnJS?3(s%8t zoOk8t->V+KIhy{jB6OLtv==Umzbj|t&oyeIOcmGT3!;b^Fc}upV$giEEsph&DjP(w z7G}Tl=I?V#b&BSSG~1Q~Cka^1^FnuJ(^`_R6;*Xk#_9`E@=tCoyvB2ZutwSm{-q1% z_3QA9YStj>aTf%%-7hsPwyHm;kD=;<2I{D*2vl8e4A?P?JxiX@Z|tU)t)nX!Tko>O z8Yx*@atkZoLoXKa-sQYSLA?>}KOkS813Ua^W#ZsL>JW0Pl~T0eHkjdn<9)7o<#TN% zBmD4pLrEU{TO7L*Df;z*BXxT^+pTYz*{>{-_OmVF(b=5%s-wwk^8`5z`8{V-oq^q7 zmB0LLU21;L?el5JH~Kstb)OjnjRWjD!~H(wdB+YL>COff{UHJP9GCFb&c`rMsgEd% zi~K6ATkE@M5&=@UY+!rMh5zODlh9h5L1KY>J}3#08un)SJZj}H$8tc?UHAu<3vZF&S!DE8{n_K(2VEv~@(kuGVv&Psko zUWlBP0joDR2jP+YW`g70pBjH%^BZQM7J^{5*$XGTKF$8u(qR5w3a)d|+_-6qL{eK& z`;;A!ps zftH&B0a1&Bm0UJiw0)h5V^k`1q4Yh16p3<)3-|*u={t&62W~sg=^ZTyoiE$c`WA)_ zadW6|?+t9>-YYD_8(a>lW?>&K0RN@#`JJzj9O)m`v!l!BW_IHeHz<~_ZEX7uPDF)Y&rS1Md<2CPzmMdo}{t0|s)vn;zc9_|s zx=6MZ*l>tu{qxIs|B^VfFru+4uh)+gs4dX73-Q26d3Z8VH5GC8uBtd%!rjA^(~ld9 zu(seh#sNmfK>LqTg`m0yQ)Yo*wD9HQ>)I&Z~r6P21ZkC(Ib88OS}SFC0kV_!fJCSxjlvcJ#5 za*Whwj9VlX9o{7AVlLX7<7G5H0aH$7a^F7Wj~8{mkRD{CrF z1HP5fEz$ZZs&#vUD{DL{=Y30}S6>c40ki64=C#*urV2+BL_wO`{MU3N94_OXDBoi~ zBBeZZt9$=Hrmixq%C1?{B`MwAU9yob0qF*5>FyRb-QA6JD%~yJ-QC?K>DlW0$@vTW zx}I6Hrstkn@HYqi&j-(UtMvGV*>}6)0xYcGI060_3Vlb`G0(>SUOZ|CsCH+|XKK~9 z+*A!GoR>$p`X2GE)L`O2Y}58{wS39bx4Fbzql@9F{|59V=%})B*DJ@}wF1RJn+qny8M~~t06ESF7D2_;aQGOuzOQE&7Oxo z?5d}EE<_}q_i^eO{Rd^(ibj^eEouC>%MvHAlnYL6^PVH+F>AGeuKex#4-F;7!L)yq zJQZ}*DGe=5*;Fbhvs7CFm3BM{AWZF-FcKrP=n~unV&Fh{P_}gG_(_TFR>u^y4aUGRGf~KHUp-EoVfoM^KPFJmHH^m1*DlK(u}jza@%x5J z_u9H9J{{Sz zVI_vy;nTd~;smmCfUOXQ&3P1{QVdCRB|s$XUv`wP83nQ3QvYkdMSDxLZK#TnVt!&=C{g3bEw)+ZWjnD(Bvtg@ykwbJ##)lI zePKwLpl+nC&DDoK>KYE3e`NabOn`H>z4PO_S~CB017CW(Z}k_dwT_A?5x=b7WGW?G zrN2hx934lgx}WFBChTOS{szd%(tb|tX9sgg+)G?U>)pU1kV@GqfEAq8QK@)XM=QXJNe>kJn@N9$P<_85w{ChM4@%?; z!y44j85?Ud@n z?c&>I*+QXO{q$bCAUJ~~c7DmUjD1D?tqb*|C&QIbU!{Bn`U}qLPW7o_W@T=ofEA~X zbOND&^15$nO%Jyanb@C~vB<5DCYnv2ZX*d2`Qix*cLQ;wa11F72<&6w`z2=$dRO`s zXpv+75kfw6DwKCnhDtlLIFcyS89R1-p*Z(4a=gs%Ft5BvE!b(LK~P)`cWa+O`XRhJ zYx@NC18>5!DCp?G$<`0NCOI>9+d+KYcABh_iO7_F*;OI;W4H|KxIutT#LZxXT3_ZF z2%_0DYx>>^#eZ?HVGmyoM+PP%D9l_4rR~1trlH0Pq(_(hVJ=U7J=~$)7 zk5?eFiG^d|?A-J{CedGh!|<7S$nY zo_cma?X$(!&ScdHmA9@h&+}F%GTtLYy!R32^my7$*4xH;uYOXj3&g)Fp3S~{;<<^+ zfU;4@3Oa^6KIJlTFfUsfjeD5MB4tOTU_0Gl7hS-k2W?^nQL?&sYgA0n^6u|JEp0h+RqONk6z!kVAxk;uZ z#w626@HT5aIi#MJTe2hYELzkAzC1kjKDP6F-txN(cs)EVR#EJFTJh2O5VqCb(=g0{ zih`3ZNG09AdCkP+5pDZQa$27CsVDGSDET1i2+*OlH)Q^-QS#6NznHcT4GVA;^nL@VU;$iUj;|nFRe0iD+V2-tr7ge#$>D<`#brYQOWv{3%K&XseBS=i=%C75gVFPjc zsL6ub-iv=ZlF-(exh@u-B0O(W@{4IF`#~(bqXtw;*Oj5ZD4m|+l4&jY`iXY5ya1~G zQ>gj}g%lPV!p;VHWUiaI*dBdUkps9Qf{oiIKzryvU)5qAr7L5yqXs(9Dr!@dZa&jd z?x!qL&G|y-Ppbufv(v3eVCEY`;&Z3W@!U4D@2{dj+eEFc79rA?j5(aDuM_KmP`Wk_ z%tZOOhT_=V?u4s;Kb_KV@`zw}L<*|@3q6B|Q!H=M5cqTr&fTLL71rL?I(H3>#ghn} zXfXQ?5Nxqz4C%iwGhDrv4X&+EepgvS%bbfdD-V8K@_`_00~D&kI@X zwVHq+tgF)&L7?Ys7~MQY!zI-Tr{1$7(&wezl#J^+CHJ~Z28j2^`{O9mB7#%Ja5R5I zH%N5Uae>eHutCB>u?Bo5R4C~}E4012bb4l}2rxG$U!R7_7*W-{MY3PL8RqrZaYt1e zkcl={6Rf$iIs0{d3pu?Kuc@BdfF%Q5feB-)2=dzyNL5Pun2pv<%?UkUOA>PEt#NT9 zr7&;12Fn^s?q<-hcx3eQr3{7oOaw`aM!hmP?n&jTV2*BuGilQ4!Oh|qw90iPp@TEL zW=$YcpZqE|`@}`JWD#@>ydHl_-em4)x6gC?_PFLh{bk9J-Dqo{4S<#CYr0%vX9rdjpeSb};760He9c`A0+r8VaJ5cPXeX%GC*|iWz~FrG}YC zpe>?y;SDtD;{SYNAQRouMbSbTFWt=IH>OZ?SOA9PFFkWx@{1 zzG(QQH zu`US#CbYW&vG+3QCwgEn4_^YM<`kR7mv`v_pRn_WwM`5z5hQFNGz)MPxSpo7S(V1H z)3^NsffDOb1|Roxbn?(<48CKk0JGBM z0%29Ie*m0JK91V*zM5cM8NtuG z@u?Q_Amy=RHVpfSDMBUsN!?yH?n$*Uegxi66k9LlB}2O$2h3oH4m-`mz~UG$I_v-3 zM0a|FRaBNhyw&&;Fk;nr-AtgikRvr)d9m{1W$N)J?BUt9aE)lE*=0?u$ym;DdU-3I ztHK+s z#Qy_beMsciI8A!MB3K@Uvt0@dX6wJ`cBT80sG>3GXpJL*gkIRc4Fy~OisQ98@L5_Y zTYonLTx4tuF!eoWoIaW7we#DAQ3K5?&e|6BnY|l|F&U4;J+USEkdM1h4tqWJ9^0gC zYKrhAl1{-fz)TDtx^$-LK2fj&5w@zhx$vn+ndCoe!r%vdc6>6@G?In^5SeIju3A)0 z9JGEcD!tVVpUvvlr3(|ihu?~w$`+&mH{kwXgMx$)iZ=}tybx5l^g)$DMfU%QzML+~ zGcoK`an0sn8(qnQQyF0*scZW}-z zZGdkw3Wnv+fQ~yvekxKU4qi#zfzb4gKs@r55x|7I=q*dt?PSnJ(o?6Bl%+Q`$*8=E z^Eda1Zx3CO%}NrOwG#Axa(_SAN_5w^EthoME|dBOht!_3%%Ve$fFw1iYS~WHO6;0z z`~?5~ozKrV1Ple%DVLyk#XkS7ATjSkg=v00ugV+Ooshf_hiD6V0dJymj;^>sgbfF> zL$K7Lvib$H^ghcACQ1&F1cD3Wh^91m^|BMNyz0PcE-a2oHAF9{=?XvrStPe*Z|u3T z9bm)9PgApclV&B&lhR!k3~&lAEG&GB2wAIW}m40xc^$4VW-u)g%H{hs_S4EHyVU_V!+bTOijbDlSGim)84-m$pM zP$ntipA*GYP@%HHs1{B*ZLx6wm3Z7Dh{DoG2Fa8_T?5WwD!6hXt!E)dI-*g*F`o;B zilvJQcP>Jf$Lve}r4J4|qiT5ravQ;C6n@>L^?ag0>mQl>5tSQV9(e8%X2oXJ#qunF zT|Hj4aA$6d%SvkZZneLbMg*_WD8sPXy5qTg(`gBkqF%={i_U$FJs!&%+!lkhA7TY@ z{Zz++-oIFMonx{m06DOIY>%UV*0fOQ-9_0HNxAiqpiZaz;3TtQ)O{hP%?6N|anJ9R zHIl#HX5KIC34jTZ`ZHHt zyKS6E&H6_4E0YJXwh2$EZIce>LivcTbSoL0Z#`);Uiv2S7Mq@LotEfBwO?*(rr-t$ z#0gPFUo>ioa#GfLO+>}mTJkwc{66ecThZOAj84!8J~B`H&n3c#W6$##H>Y7bC;jid zn_)>q`wWoov~{jRxO&`01U4*<+Ml(Zgk7mpY?f5I@3QlNZ1*yXZ8l`(;V!?25Ion2 z*eNb*x0}+n>^oE? zWegAAZd89(%ktQLDQbW3V(xcJrF|<~k^BY@)#n`bdzVN<)f2;&X91VUC%9#+Gn%jv zssGIY9rGP7Jf<^HEi5wL%5q$^w4!6X+;dEE1{)Om4 zV1$$g548XFmfHJs!u6f+d!GjqK`F0Zf*{pui>}=$A`C2_?@H>nw8Gk>b>74U*GvP1%w>`N5~rx zORgHBF?t9j=Llur5{V|*zp3iiFCoE_mQY|p3nhc^%Ar|?j|P3M-a9Axe_sp8+r!!w zW&QoNH!hT3l*~upVEKs#``kSMxGrCTw0b=wMn$>^8{cDrtPjcA;7W3DIoCs2DE^$D zb6o%|ux0@>%~`QL#(yiW&H$ifT=nc;A;yOw5=qhbou9cHfP&3%n~yi+hQq#r4NY&L z!8q9x{5I0^Fq?&f>3^elY-=?pZ4N)84K3=EnJ1u(+c2<#3xf#-D8HJ2u;W0F;G&P^of+n}x2kRxn5R6N{Y-))cJ#@IZ=ctxq=lmyVSm z>FQgEERHUPOg4hH5o{$SGkQG`0I+Sz^eTpR=&&b%WDZ#(nMfUs!uQt?yF<43aXwVr zgGL6pTp>%~pJ<|+F1tvCDuv>hKUiI+of;hx`2$0K%)%==!MA0kuy!E&nEfbTwUTNr zmap5MXkdx@B$1vSAS}afN%Fzd8yT*B zV~NX6`Q=Y@&9*v8(1hzdoB2{~r)pL~=%<3VlSJdSdHQU-voN+W8~%D~mZ94McNgF5 z%88IiorTfc(`mb&qq(uQ>j<}DEk+SGc3|JpFI^K3O#pjpOuG`Y>%y!VY+oiEBDtpPiQVA?HC!Qu$AG0z5kQTwd66+?Tfx z=<8{_cKcBRhz(B)3*T`=s|f9DK@i53*mmsiJCOhPX+uB0_tRMk$iLgmFdP^kIUAC+0^31!xZu|v@TQxyRt*wXbOkMG(+j3!GGKSLx{FR-IX#~9q)!Zur*NQ z8R&qb5F7Nq`98rKI4Y7vKNGUlMmtoNDyG=%EYTBY|IBU=9qXsPl+9Ct;PZ)+oY|_I z<{u8~WHuL1<3A+ZmB&8YjWHNAnK4S+^9~sw8KHgF1Ncbt>o^9mC$x(GX$=%`QhOAm zm@(L_B$s1Ns&yF7w$5yBP3OzWC*1?d;we!Sdkx@7wY%ZbB~vRnHtkYP#1sNX?NRFV z3qh~eQ_}sN1KnN9WqQ^qmIC$khLg-UxvyF=n=nLSbhOX!#$n`&KP+}7%$AjxHOT;H zdQF6u?|)tjEox`{*eqKklPPI=>wpL-mGrVJGDsdY&-sJp@9Vf=#RiH~dqQMf=Sl~Y zm8#hmO$n0DRH`m$!^LrV{gXzfgnJE`Jo>9fF{#SVXMtv#vk=>}-J zZ)~J7jlbQCeK-cFk(DK-&e_zL&Ale2{h(AV^*4ncy(+ByqW`rq3O$iuNc|zKCLBwn z*Z(Xj+<~YP)H$Gf78GR*Yak}kfuv@5ji%@J(Gp)|{PU}ByB>F{Uwl8}-PcApuhzIa zk>W3VZ9zZVHzOn5`eQ7;uW4zQupT2Z2cA*8`F0#VlW!BUu0p--V_5SLzwofK)RsY5 z#)^Q9+qTNa;=@e-dy!a#TaX;Gj1N$?G?O%P1`1UiJLcZ9M*USJ@VH}B6oUa-sxLpR z%mKBpV@uNC#2FvB6vDWY@g_#YWKKXNq~T3;+*u_;n-vF~<^j*L8Qb7slh5Xcvh>Ob zrc>)6Yw%)bL@G_<776Y^^CH$qY}&cX)E6o(7xtCtLBcw+#7;dAT+szsCBGuj7~*uY zxe2w~ucLAw2^Mc!3GxLJa{m(RoU!g4u@%nm!=A`H{KO%pq3|P?dxUamYuQ9HrtolS zH->v4Ye^=dpxHT|m1eKZ};I5MgGa5&7^#StEH z=e6@x5tWOAkB99_bRSM$EL6%zBqSBN0@p#I5bb|0L3x}GgMwS)&^Nk)=;c+&OI z0c#Nu#(e|ky@LHo#v!o3OOGBAA)YvDPaNBktA7nyL5%2W_uj>P@~OxgQ7dQ)Ip`U0 zp44qDnGi-vf%lK1m<53{0K!iL`avQG59~^vad|W|hRKD4$j>c$8ah7*k&Ot3Na)-S zcAX&8qhImI&hzAXzG-m9_`u_6h%_DZpx=B)4uMf^j6}jm{BnY)il6t6>*f)U0KFbl zS+DEoh$$OV>B4DK4*&I75s~z%u)$UmE4FI8wPueS-C-S^IeGG+(q903SdUu?*j_P& zZ{geQXfb(PDo7$WqP;hX0e0DlfLO2Co;S2B9-ZK$O220SfPZal*vW-*rws255|)&{ zJag?l_VtieCB-5%sk`QdElWyu>Qr43vm|dR-fr_@;Zgw#jONi~Lfb)X@DJK(?!6N$ zi<$3Q{2(2YA{Z5NO<)r9ax3=iJ^`;d5D1`s~*Q5$GLJ0|LrYC;kwbEvmu z@iI7bTynnHel=Tg3Eh|*gYaDmPscsuKZ)LkcYji~MQ?ZVqyAd8(>jgb@>SPbPLOJ2 zY6i|}I?=y^u{DpA`bRHU{8CU8JvFcb9k%+JGnub`tS9v;>3clOn3u{X}2>6zLU)Ou}#RRlO!dJL6@Xrq4LaO!Xqvr$C>$rQLyiSveN zx9!ms{PlCJe^v0R6`~f*Whk2!z2>RPZ%K|lR^LS-zcrHeaYq8BQ*6hfiuwkWiI1xG z4{;i(?>*FXiUDEuqTm1mZhJ7cXLt)~& zp!GeI%Ja^*I~|$mEJOSd$K#!rPe&nFSuTe>?A=t?cY*J_a`B1r9$HORSujWbBc5m@ zFp^yfyi?k4fLm%({ro5ri=- z3jl}MDvh~?Qa0^hj|Tb!=K8p@pr8_}QJR>3w;@i^f@La@k^$v8y+;z4x-q;8VB7Z- z8o=>Ng5@_@8EAGP5DCmg%7wy8jzQgCZ+h_a=D@$ZS1oB70g1X1wVY#6$H_WqsV)oT zMbbX9X8&>SB3-lvV1>yLzMmmnX-A9(HVHm^h4LEFsu>WBOJV)6#mAFn{eSu=a-<;L zDUE?XgUneZ6Ogz+Rvxd>$uK$msmGyf)^xQ*sp4R{_yMq6^=N)sWrebbe!L@y6~Qb| zynyabg#i7nj@l9%b}zHv#3yx2`4s*yW{-T7Ph-F+66$XIQ6u?MJ;fjqBYck(gP+#Z zC`0I=&<>izZwW|XcMAWnl#^l*<$++lnOWpaQjIh=pOVENa+F#`}%BIcl2cXeHmR!wy)>?;Su{V7SN5+kF5zU~DjYA8es zg8{h}@@aF2TTbJ6Pb?XmUl7sys*99N`4jNJMM9=t`Y2=wCceQ%&Tv;Al3eM#phs6K zxvlQp#q*U5oM}e5bC%%&5S$))?n8O;)Bp+IdE9-4$Wn6OR-tb@Co`<#_`)7EkvBqT zYZCpO&ap|PH(+nNtvsiRf6lTSjXM{h-Evkg!DRu=l}pW(tn6i_MROK<`K zzab5G;&;YvD6@fVS0VWdX_)i?yEeG42C%Xp2O`1*-mm7KKMz(gfE`?3nI|44WspY! z=?h9oMAXUm(hT5H-O=Q3OFNjfr{5VjLBDbJoMy9;X6#K17x&1T`x?pu!Uk;|hgN)M z)!wE2mxVXl6kom^FP`4K*fYu05G@H6C?{VhHRYQWJj=8bfZoztz;guKCHbjwx`y1V zpE}I5vv4_kUT%Fgbn?NLF6`;Hf)mVqg^LF@y$^xa)#&sX%L`oqL;tO!d+71Lny=nx3L{uMw$z~-;LSWf2+jH=KK81r8uDxh(wVKP6 zx~$1k{t{W*WaAiTL%zB{=alm>r7JCfm6N)K^r-zEP2{jx9FD z{)=s*11w^0nyN{B)s`31>CZC^@lQZfJEaU8ir+C(5L3|UpLfaCCXICd->lp3HBchW zKT^h-N(cvwr70VWU@UchR_V&}W5AmAO3FGAFi#Xt z3|bVsV4tvwq#S?8|JCd%WOi9RSf1gi&#_V$CZfGfE>Z}gl+EN3Z4xYV zTy!dAvBF)qL}Rxe)8}l7T zc>>a4wT+?In{Ccx|8rMtBSg2DqyC->Cr@srT_-UtEoZvZDD_rvkryA`?%JLfr$FzB((ho1Z1NRBfT=K{Z9i-k38TlfHz}{`Zo&D0;)F zh2`}FCui60H}DEAD8@j|F_j}BZjzf#lxHvsiL$La0fI&{8^R0=S+VbbR~6lF^s5Au ztC9L>?S!$=i)mHS(D^_~vL}YJnY@tE=CTBfVm3!*0!0WKU-fi%PUQQKlxX@A!pWxs zGF4?rfg;+ijT*jN!L1ya0`(gS#=XTZmiefdRq7kvw9}cyRleGMmzCZC16AerBJM5a zd4#{l4+mK@0APvvwn7DjwWo~Iz#9-`-1C)>aAGrZJB8gKV-!_xRQdq=3Gh|5q|0D6 z1K2xNLCz*0Pj`~JegF-rqm`qsKV!9s5XI)f)YK!MnkFsx;u&Zur)QNEm(~0DW|+kZ zQznDGz|4_MoSmNU!1mEOo;T9j<`eqt&ph`tS*KpBRzQN-3Yk%>(gMR@1Xe2`&4@DT z=B*`GUJej}-KaX`oZP6@sH_Z|E}FrYA@~PJOibD@6uWnC{y7E>o2U^4lh4&f&i&x_ zbm?N8wi*`;849hXIbBY8@O610zud{TCgOjqTPVgS}3 zg{=h;^i{`XUn{jB^Ys^=pM#o%!0b7Ta4?0rvo$bIOu%EHwu*7*cum^Gl>Azh8^^d|!^*^ZGsgU_VLfP(* z$kc4{1hS$?b1JC;hz$sUdqj=FQb9jVJDdk^6+i}DpBuw#d@AbBig zxI#t@R@c~F$R_i5Q5~FJLCBUgI(2dZ!(g>~JgQbVs3(7&p6^zq+Gh54kBp`S40nKg zl;hP9k{`3me4#1`F$eAi9%C>cg#J!G+SY_VO@BmLO(LDaK&*lmcV^`O`T@Y%Ks?yA zGTut@T|F!69Ai4QcE_8@5kl4B`g29k>ZQiwBKe^RDa3%KQpWikM;LDXl%Q72+sGH8 z>XVW1Sjz@0V%X>+lR)C*^WtN)Ke!`KuXMgmfJZm{EzJ-R%Znx_HXvX-oVrE%&0dS4 z86pU;qyx9D7qoSZ_G*$|h&;MYK1UTfTeH3tKcUTZ-1VJo6?*|fKQ3glK07!J%=|of zMp@hrJ++c&d%o(k5wM&QEX@~q&MF1o9Ev+OpKcYQi10LHV{Izwlm4~T#sG$Hpq+X! zdIf6v$BiVno*z}pr8`C2gTt}D`6;?s=Ewv|F+8pzTNST^hHTYD4BaNa0lx{UF77}D z5wbNQi&D2bCg7!7J*(@#N*ohcjHyxP5;B zdp3ij_GbRhq?Hf2VyyaW`_p#YJJI!f+k~>iKH`<28UmB3{-ChMpUQ`De?qxMfGnY1 z`uj~NCk!Lu4+^Q(4E_Whyiyueo>})oDM^w{SYGS0?|SSG;r?mtf@{?KO?CxwWuE%^ zpUUUK=Ib`@Joi&stH3pDyIPGU68H%3{bE2k>QqSgIR>|#6m*-&(U-SeBy}t*@XP~Gl*+qa8r&{xLLmDanr|r4 z(){J?1^~Lp4j~jBLpjz&OSRJQ4KfyyL^jMhgI=R9=WVHAT>8&z&2=M_D}6^qDw=Tv+CWaI$L(BSlUpq1>PB}82s>OrqZpsLdDib7^be?y5O&nY zE`4nisy%_yj;b+OV^^w39IL?mAuE6(a!d3O~@R`)n>!elnJ1XcF`( z`-g#8KiF2+-gVu&gC! z5h?PLv2OiA>SF+|rDwrA!WvonB`njX=}+dPBe}~EH96AHW}0UoI)>KA%UZ+6#wUeN z-CbB6QCs22FQ#v_)zk%w25kv6Ai?FM{Ex8yeV={S*f* z13`70F5tzD9D^z+XgySCtv;4rf4JUkQ7a9~mGlNPxnAU($AFW!Ymu>>OxvB`WO;w$ zQGAqnGuVU^HN95tZ53fXIst68L77VS^QRop>#Pdug20!|Ph{dj|42DX*}yDO4)uL= zGtatBzh0zMpZhTEt1-EfKKI|Yx~i@E=trh{;SPH-vQRC1PS^pXZUFPgL?e|B!&HjO zRG2(5{{~Eg#Meav*7>kQ7b$w&pz=@7cjkknr9R#@p!Xw&*Mii}K?!f$ij>hCYQkR| zICoCC;zOOY@5Fu2`O&$BR*b{YUADV~_P~`ic>aob1;E0DGO6=zSw?>-32n9S1<6=8 zg7Uy5*=YPssCSf|;3%_ftJn|NA$|slzYcxT0fi(v3!(ylL?elW5NN8ClJIveVqaLj&ed zc%pHUh`f<2Im@~>68lz?Y31jVC6d3;SbSh&ac1S)VP1fTi`otI&Goz(>(ZGNQ#OHP zEEZU{7ETIhhkH$D2}>)t;E7D`&%O;P>G!!rJe8=y1+hSo^UZMFfqCI!dbXf$Vm`9*93^0A?0Tzsf zS8W-1OZiJL0I3ZLxp`-r3%{+1O;dwYB_zwQyp6c3*`&GotlPl<(S6UEd|InG3ssFi z`(#y`AoV1hPn|UzVrvVrOv#$P?}GnwBe&YW*pYa#*oe9jkwE;8j9?`U&QT7b@!W_( zV-V74Rzbd!0sf1svCyZVwp6&JFu=%Mk5?KyJoa@s(3`|-9m0I%#P0U_uP@P3E&YR5 z#~&#oH7$nc@{WyK+VjX5BEjgBsgQT-qMy&Xs{`PssRq0cH2JInis8IyI-jv z#fe0$-Yp)TVL*&G2R!>dl+EIJ8m-H%CXex^@iKx*6w5KxCjfcz3R%)IaSl6AkZj>% z+{dTC3Sf$Xkm1J^NpccS;<^>H=<(e#QiT=U4UKs99-5mf=smUfPTA0j zk&b}o6sH<1D(~|3%@*oc@APWATyP7)Sl^%2LA3NRkdGR>{pdO)A%Do<&$J{Onf-jJ z4W0j8AA+410(^1M>J$(q!6!1fT&NiGTPC*ITnMuQ$&3py%b9+;pSHh z98)qnwWHap3dfF#k_NZkM*W|k1mdN5pm2v93nPPQX1y!!C!Oh_E*_F!RAD)WvqTZ| zRQB6;4L}M>m35~V44T~UsRdmb6+E;hePlUqllLh=?({fN*rJj}4sf0L99>cqlho54 zCtIy5(eGZwMVZ?AlDk}I=M~8)1u1d1K_DdaXz!e8=JsZv-GhbzRP%D0LRB1pIH=v9rR`|h)%-?noFT(cxAN6<(ZYaFr z#t8SUrR;8bgi`a zh@U^acSZ~VycGvk$s&||1pXMdX1*v$AR6+M7}PoThmf(x)S$fsGDVou4<-uvxb$HZ zC|z1GKU}ir#Q^6)uZ6lg*e5Y|a3Cnuz&Tc4k1}6>e3J?*HG3-|<;6#6Y0SujR1?A&1;i{@HIZ{Ba*-#ftvgsKtw7Dy)W_E(OLMq zJKV%>C8wEKIi%zPP#u6ZC@ctWo|E%igK7EY_6Of}3XJs-b_YJ5!+%g#g6tyjU0_|v z6C`BpPQZ`ugA^`CvN1CKHf;dfg+`YJ@}Uco--{WLvp{vNP^d3dp~@IuiL5DIowdyI zn28I%n8Gk(F$G@9Bs|K1FMp-11+r?A3vgDU+eF)a z#Q%vs9-jHK-{@w_S0H;y#*AbHWxFo^2RrL!=+t(g!d!Zw6erkT+w*n-jGzZb&%8IY zZ4uRQJnc)7rOJr>QT5%qt8(JeYB#R4o}Rq&S}^01E8WtcXo<(96x0vd(HPKo6B$6e zRk-*np*Rp*1GcOL6@9W~vOsoafE!jLz2dXYI{K$B^I!jA=%`ZrLfR60W)w+eTdHZZ zj-x~|pI*bCt?=&1$bg34jfU8Qv%ZDG!e>$;_X4FqSht(#R(B?L3bBz&Y-83M1F5Tb z+7@nq2C(CI+&j>D#3*RKIe^$}M!qTqzE`K)9S0gnYwx^OI~yxxwt8MVc~RgFSv_BY z21aQ08gk8`ZJlG?_vm$5^I|UjEm*&RQ#XH3KMsYj8oI+4A`MLj2hS-OXESyigrv&- zx+%F13ATBQ0$BK$szyACL>-5kkTru+g9{X;0j4S+XRZd5RuxZ6G}`XqA$Jy}z;o+L z3mKe7L*Obc7ezdGTZbu-@XEIMu9P(8u(CMK+6$;Jyy6@=r8#|-Z49Y|%k(#4KLPAw zZY8Tp>*-+aeC}{&`O1^r|8d|41APhG0QiZmCQqc>Yieh4rmu4$oeW|n<19bsRSw=h zW3u?vnSOG8ZK<6^qkLeS6(~$|%^E7JzSBVl9*|2MgJa9{s}|1ppS~wjJ+aoc5HTOqyW1HT3sFDC@@`3bZ9z zu9I7?bo754T7}a9S_X#Hi06HB{9YjXgBK6YlK_H z`^leSQ*tASm-Y<>=cn*E#n+$&%Og*j7oAqD_Uf}{dZ>&7Qc;YpngC9!9X$~;468K> zPDRgK<}?W=<3R<~?J$k+n~%}}La|k*rYzos$iK=&6+ETDDl6UtMOX``81qx5ClBSK z(@VLEw+x6?7H${|MR{iwoJ=As{>pIl;|YZeX-5o@I7kf@J7P?D^FX8eV--!5Vc5bL z&2Kr+VS9Bw@i???wFF)M61zal7 zLO%(P|7PUtWxx2>+Lj$yn!Q5RURa<6@M-LQ{y6y42j+l<0CFF!^#aF&Sf#WO>FU(J zlWZhz_vP7lX9LbAcy9A`CzS7vagn!}1Q-08D2u+_&SvzP{$xZX9BI{4Bw5QPq8mIOt$oE2D<);a!Uj^@cm-$^5c>E_0_Hkol7IYaKV{-QT;b z3)#|vkMy8~I;9-^2qVdqf>`B$5rD#3pX(4_*^N^Ja z7-Qg41e0wQAFpfqOVn7FZdZD9sQ^orE1?(So>Ki=0{Bt)7&&at%i?(KKh0;*;*!gc zwuAJfG|WWXVGZ8L+LDQ^nL^*98#WOYA3qT-TWte&UR_dni?|ylyMoT|$n0KuFwDFI z22m=bpl|!fH>=EL_OHZvz*(@aMd9Ts*U@yFtCc!_$#Z05vC=DZGYeoD3ZtCL(mZuN z?j{MQ+pi*AS+SzO;Ti5`yo#@qD!h;erCDXL*jqL&Bq8A^9ZwW z%X86bK@I2GB55V;b}X5>PtCBcJ;+6G34+ONz-kAJX)ylw;y$jl_4^D2pfso%S7V`| zA2+!`_-XziAQG3iDLxvTjf;J+*D(G>2dlk^t1i3!8TwmlJ%6b6%;7u9^z57_S(eZN z<>L}4n_gX-iMFkZdF;#OmOZ5oU2DZX+eL``(T3Uwt5neR zGe^1xW2Mo`s%Z1-jEcLZ@!(zYvE~__Z`Dfbq!4QFtbTf+Y$Fl@Y<0g$aAc!WBg5Z% z#UdanVO>jA*j6L4^|N3QOXkmnD)V-|$td6;TNxHuP=gHqUe&8io82{(8B#HUWSVFy zGt^iC2@$L4gibN{Ift8YhZ3f^R+KQybTbYt*4xcmquzjd+b1YFs{jot)@_pE3y?c$ z5xeGWVt|}fbLBKFo3nX0b@q&)IcC{v7H}lC!p~_fN7?qLms)NI-0D{IMc0KF`l3-1 z1|HMt8vi74+-ecE^`WldQ4J2Vx)hdtulWvzMxlK@9|or8gU$5D8zB zh{OsMnUCHpn3J2zOMi-N5QDtey=TG9fAI0bA2=3Hx6En!*l5eR=I?B^BstfFx|jBT zU|ZPN2H_+;h#MHCu4-E}x@(JdU)lGWx!;YUZ-$9$Zxq3<4L-rSA%1;wl_o+P2kB?Q z{)aExyETh@adhV+SbPEf~%j1p~|bHKBPt10IG0j zuzwg&d@_eWS*(luUZXKr(P^AvSh1k)?j<(|@2iZ=pbiDp%qOac#NsgebSNU9vrTjSU%25EaqpkKVwzzW+BqQMYEL+JfZlH8DN&taZxpKuNp1k)Vo`;7f$2B-A6?F*s;_JT z!G{z#)|z2(+1g9aleI5hXxVV${$vnnZ+-S)4yX*RqYHi`?WlN0rcQQ(qYt*V1$g!GpUy z1cC=0f_n(=5;QN!QI{6-GaNj`<-*n_mcaAXMRi%ySn$Ps@2t1)gDh~ zL)qdpbwoMr)irxr@;}lBT5{Cnhnc$W$O{U8AkLnPfEBUXu+KK|GXNY=$9BVm`a+sn zA{3ME^r>`zL=dwb!{B4)pSYG-H+qFN(b|IG|ECHv44mG6nS|{^$~?N@9{z^l^Pl6> z@}=3>XFTZ_tNj7D_lLT{75pQC|AZ!si z_$LZR?w}4;03AWWWnutbBHzRR^So-~w@c-M4grBBU=};q@<2T?CCpEFibj~*m67Q` z{cVx6)uQdN%?NG_NFKXLo|Dla0HG&upy1zlCe7RM%ZLV$-fd$pp+_M8MejUZoxB63 zRxntDhFjvWGYRB#C9Y<9c%0y70JK8n3S5FFl%yZT&|}4$iQ&One9G4EDNDrM$4V@D z_B1KiP2~Ku_|Sc>K?(`Izxwc^Ach9FL^;;Qh7=bneV`%G+AKtgj)by_nW*ckxISZ2 zqKu{PikqNLkNEl->P}!+-UP#fZx`Q*)trY^@;pO<9T}JB%CV@5%K|r!1i<=e3BIB& z#jpasecYi4$*Ny&GVn6wdnN((4rZ5`fHl(<4<;X`~l2x+}uYao;u zE`bgOqF3L+X~!#QyH1z^Qsz;!5c86p4b#aXa8V*oV#TdSz(P|Zf|#qrjOj7=$cpal z3u>#O*rqrF#LqVHGxv46F=+zBfL}pq1q~zmd%7nqfY8tzD=+Gc*@{IozYf5FrR8Sy(5@eNOps>Pli$7!k}+-PqGXJ*gj5SVlel( zFlPDv>mL$vjUB!wkB1o!c>j99Z6aiy?ZbgyX8BDe`xRjWTf9|5%f59#?5c_jzu+@k=&aoz7Yyy@I3c$o zAXu5vzXQ-8H1L`a_a}W&5+@XV`$rhd^?guj@3VaFPkX6l#ZjT@k`SF28S=^F%6RLg zEyA9OZ#|%U5kA^f1_7PH=k(@3V9S=;J)eeW41D!{lGK)%OI{cXwE$T++p1$>`*Q2| z5Szwz*bkZBe@%Y+3(`@PxilAagGykkQqVBCbSE8FS-CWJ$+BcB*+nZOPa@2CY+Ji$b-w!m`7LnIn~g zn*y(cc0>%=LKeN*($V;8`RQ4ggX87JG$IwhVNauLiipc7Pl=rjbA6I3rGKCv02;#F zV3Ct<ja=AS&HiT`Ue6@s8MSBkD`I0$9EL5;#sa4sfp~7Kua9d0i}cNKphmJUTG*qX@xw zlT}u(6 zB`OXpm2X7p9A^~%M)~;Q z8M1+AIQ)s7#iMaJ$=2i3it@Nk`I$|6poh+si@5^9f9vQ1`i!|jD(s)y1Wnh)9tRXRz*FnV0#6Ny+=l=de2{`V zJE9~}aD=B@x(#6R@{^O!qEo&N<*fL%{dRK4a^u4C&WQb70FynMi1|%|Xefi^>$fX= z##q1Wf2MnnZfpnUbP~S(lJ-FoK56ALoA>hk;8N>-iLyhC1+5lprCOE;@F029ASnc< zqwtBYNT_!-I$bRcz!l{<-kwAO+i%i*6ud|EtHQ+56`&XUM1UxroD|a&?DUPtWdHF4 zt!ul|G`}9j)7b)&cmf!C-}NS>db|WAOUBFUd|mv`dl-ev*P zUM1l(laNsg9)X81w4OGry=I!r&P~*&6$hJ=flkzq_HkrOXHL)Di!g=w|6*^+G6v2ITC7AIS_omC)GtS{>; zrSylxpc4Ho@JQJI+q!Tx`*2u)nu!V@55nJjjyk3yFj>0Gp)=dc`u zw;Va7DJh>4qS|jRonbWCl>pq5&@Z&1Q){*K2y!;2` z>x=Z!432BS$DPbisx;aMT3G%2)UoymRE5EITugSKkkDbvtn?~DmE@BeyT%c#EolUm z#E!^>DWMb^|M%2nLX>285vouNix7J?MGZr!g`AIVV_LJqlhmVs29_St^UZUvbM3EW znWAfXRR~KoY$f(qcDwxo2* z3;b#OkX5s2Hj~zV!sdIC^FEReyN=)+@6=B2fCELVTthH)x=MZO)Yd@<+S@$GiE4d# zm?^h@tU!1{#?^XU*Q8(s^pC7K^&}fQyOlo{6rytjNUg)R)EWcB{~7szTM2(4!vrnR z3O+A7oDo5U9-pJa=ee-Iv9|HE8t4PRMM1m_EQcJML7=zuX1G(hRi=XFF6T}Ul4ncL zF{*|(e@a16BCaJ-9)Z0sbG~qc$ux4nYEa}lgsF8=d`NO=@aX#4p8Qke)%D8D?8`k# zs!Ywpiq|vwoposxybv!nHn}Q5VITVtN!dkUSOR|Ut(x|vw9$Vx#Ksoew)vk8rxNb+gSQnii~wWLUtMw-jJ;`iJ@eJyUz7Z^niw$J z%EOi2=;$9Dd)cTIh*=>{hdJSp*O$#KJ`C}}xs!T6OpLfy0p#xSNN!x}9o}Li`lt(C zbZsfc-f$Q8YbLd5 zck^t}Tvb0F6nLfH?S9XWQmJnMzm`nww?trWHvSd{#l0V^7=D$dW+Tj6G03RKfNeAq zCe(u2sQh3X2q1N%7>qhYdP}taKl5Z;RRPzQ;VHEmWo98%Me!gaMqdC4I_zld8f^;v zT7KtJD;kb-uQb(DR(1NWf-!;C$A^UOD=*t*l2Y-u;!KsfWs&dL7k-3YzqidtQ2bJ% z*Qy@AbVg`r4H}VV$|oqzH8pm2-}-frLuz>d+0K#9l}o7HOuC>aU$KRnsZeo7xSEr7 zouwOk;JS#kaNCgY9LjIbMOiY(j!G|D7u5o$PbX9(;)M6D$~E0kh4~y>!N-2If}WT) z`BWmg{_!8Zn~|c z0-xGU({W>X)oq1ImV+j4WyU%L!x~)&xTEbG0UF)G7a&SJzO%SiST^eU_P#TTbhGVK zcU02}m&KRPbA{;$r$l3fX+vd`*%+o!j;J8z(vjd%noo)u;%0W~R1&gVbq+mWmM9H| z{J@1?MoN|&zbKaUeq3(D0knjv`|aUjsXt*m7`fjT$?@eUPOn##Io4BRB;+we5hTo1 zOy;XbxSks2(%CkQ8bXfZ+$?K{@Bc>t z5}|V--OW~F__7JUU?j|}=PE<#*1as^{$_=vJ@=U|N2|sIv^iwbUSviOTl54P>aluQ zdol1?_~EO?`H1$XCKs*|_4zn1JYEL&j~P~p@LO;rtnw%owg)JF>~}aSz`_|HsjL=- z`&DwHjQoKHEe!XlljL$=EdHouALO=ITEWbxoIu7gvH^FF`@dM0Oy&?oa#o4WBnxM>I|xNhM%Z?-@=I_(-|E34#ik{Q*0 z>nhD~*JN{3V%~MCoZZd4}qw2|4L-xcEMkOa;L z-5Z#@_LD}qWs8bOhV8B{rKcw(I>SG0=6*)etn;wx>$3Bu6VIX9!^s8rcL(GrkSdff zMAViukfqkq`9Dcr<|0gOJ2kdlQ0@1g|L#?aFS&#fH=;4*dccHLd!hJK{r(E^>0nfV z#`)>QsZ0~Nlj8Q|vF*lP)F{=ZgtS$GQEA9G)I-JXFf&~9=Fnhp)4tZ!b z?M!_Kq`|dYncit2Df5|#Bz=FAb zFN_@6sB%xKz63K1$$$Qd67pe#iq7r#&nxX6`F~!v-R7xwzE>-l7sY#0+KXmlN|^Pk zUh=_RFyU)XoZs@=R5zY&w4R*5>qLD#&jKwWyR?71v^@|>*tghTS$V$9RG_JlwS3zQ z2=gk(?*wA!dI=mpnmpYOdX5q_F`J+92oT-xWm)WmzsoZMXOjQcLW&5a6WteL)OJ*( z$S_d}R|l`MyuZ@qHJ#a?o_tfn+#E~a#6WFN^?+|>NW;9d!y5ZRBz^%@>JoNJRzoY( z92Q7oAdc|Q|I&XdEaW`Xhqx*BX<#l!zA7#;hu}6sq@z(0QgUI_E)o4agZ@BrFeS3* zkpws4U-<6AdtxEy%!Ql@ z;g*h6(i_A5jyX{p7NB=ix3rEJSmreKmSLBPJ~-nsNOcq#rsi(P+JV2%`kxc)PcndL zSg3_w%I}G5;-2w6R)(4*Qyms=HH4O03?gcG;?iRActQYHC(rK+4|TYti^dp3ti`5&K23Z{n?fjVdcmC=CHDg9y&|oj;goce^0QdZR!Sg zNn9gzJ@SM%LcdV{u|!`9sZ-&x{PHn1X-t9V9a4>Sg0V<6#_R@C42)ojx3p-VD3Qe3 z|7jf%K0y_TEbs9UN6QaZJG>g4?p%Uh`A1-}HONO);h@9SUcZf~llGA0TV<1MM*AO#5+Z~fL#gC0?c))CgK^igQVS4yYbyM?IO~HP*(zm;Lvgq}Jrp6Cu z`Q6cPdRLEB@H}SA-Yc$x_nB^9qf<`GHE00ro-o;HH8W)ZJ>KS9Z)Hddhj7;&FiHF8 z2MYhjdkG}o8hf|%)OM}r_uz=Wtq@TDolf9#lb!FO^~TaUQhlz+Hjr;hyW+ zjJIA^NTF06N~vZ6YW+GFN9Yn3+V!o1$ZGB;m9knn?CjK1%bQ}DdR#C#voox-hG*9@+p?jb^h^XI^N&;6QGc^EEZ11h=TQY883uIJN#@ z0&X>)VF_r(DNf>34$d!wuFgwIy`E186hrBD#zXkHr3g|hp)^o(kClTKw3yz07dV$& z7wVxTGl$zTBv_g$&<0v`LeBDQh$mc0!afIugBK8%VjXtOLAFyua zfEmDzdlW2=Z~b|mw&G>p90hq3pfWvk3NRlV7VeBP7pax*+T5QxxS2Wic9O1mxfhJC zBSO7DWA`={yvKpP`;vfb%^C;mHR3(Fi$a_T^?Pc${NJa%Vr6wmM6_{QdIrluXz8B!ZU@p2LIwHsfwW z2=5F;9Nq)LtEaQ?&LBhFzN&8EOf*15WLrb}S6?^0kDRUgum9242=jTb0-x4vpq`lS zpqQ3D5xO^gg{Z*Zs{BkB#mYD$e(?BRAQz>1uCx78d|48WgR2HU4yhPnfy>2b9UEV$ z8T;EA=-&(PMx9`$AqykvAaTc(Y^c&Llx=TY-ds7jwh9Z7HnZp1a-{f6MXc-9aaz4W zNIKZ{G-hl*S-otj{J!jL@<-`Fgki8Z4Rc=0;n)%y(9GUuEsEQs2A<(R*X#jNYc^Tu;CH(fLw+-2^( zLTKPawMY9x?KIp0bJP1uD*^=KI`c_khr2JS`{(6~i;!I@{J;{Fe*!kT{c&e@_t zDJrhV81NlE$9>XR-W$)gSR28B`_M6>`LRG?m7@nYXp6rqls7~6y=%C z68anCBlI_L0>Z#*(MRFcRS9^aM|d9*BJy3q_po8m7n~Wx>3MJc3h1=CVeEOkBGFzC z8zgy&h{$cMT>ZVlmWWr&9sCI~%me9q+*Z;#W{l#lj7#5KZj<$hk>k}a$7GWGWhiI~ z5+;XItAU9>h-neIZ3y?p}q zE0QWaF3KJzPUdu09p6TgP2vGr9-~#c_Nsr-qf6L153^NpLE0~O_(?h>1e-hjm&NuW znb_~dRdIveDOqJ4XD-35WZ(Odw8WXIY4Uc9bz0dg->N$CRn{XB#G z`0=$*RMJn%;=%RXSa)}AfF-JN(vqx0s@;Pole@=D`GT75JosR|c0=o0os}rcYEtEc z`ka0$DYu;y_LlT;qo&Eip;Pjp_-k~t7PZb|Cr*oVdJdzubgLpCmPs-wi03k`uHf*y zx`#&W23F_BBhY5{4XWO)kuaR?Vjy42&5G4A_-^u!EC|N4eDS(ZTt$RHnmg84NSx=2 zJAcylW6CL9^bxqx+YiV5?v!fjtJ`OT_|mThje#;uz2F>HL-kLl_UEi~3t!6`yVvI; zehqLflSp$m5*Zh~F3{Z8v3I_cb-yxL4{ZSMdD4L`WvI6Ix)}IEPFd%-HmV|z;C>eh zM$sbtmu&Ew^wH9am?!9M1(sbl6)%tLrrpL1`xIO z(kvZG5wVwz!VF?^*Bps@_0849HpT^!thgGwIAf!NV|OebH26pYaY%vI_DigvRQdrj z4eAZoWY+4^$y6E+g5_>klUG~#;n6$D3HNLa;8xDRf{fVW9pdrgLu)P)vD6)kqtUD@ zb6<2L?~dHJEI?@|j0wOiVa3a~kRLV1of zh5+oWp2jS_2HI>_-E_qP(hfYwDT{l@Dfa!r?wQ_vQ)g_BqxGpO^NkrA_02`wPOUi- zdnJ&-Pi{^rkr9n#Se>%7Cfe=oAq%DvidPpDas|gw(HJbIWASvwa$bQlteMsmoT~yG zGKF$f@bok$=PAzu2a$=&^ZP?}2+QJ7y`OYM8Nn&T8340N1V;VPssWtt^j<`s2;c-Um7bYuZz@++v_)^o)!7>mz zJa4CmN3&2=ASx-y$T44>yOSVhpBcDsQPggJ*$d(XqI({^?gyWecvPgQgR*w0<860; zG`IMn3O~|8P38OI-IXudt2GVoVtU1O!@GwaX9eEgi;?DKFGG9CW6lz72g@Z8Ociha z)J|4&Qac-98li6ll^$X=RWzboCDi+J+nTVA$`a$iS@rm%C9%jpfd+;VK>&Ez>syp8 zBRm~ArqFSJBCL-Jxu{ zXn?HH%HAqt>(15ksCo=hi-Li2(Yz%k06H% zE!oxdL+=zTyhwnP2@z2jIzJwVTk&gGH@?>YkN$Q?+z)l3$gLzD+A|p%ol1lu0kq z-{4W6N~>_0P7+dBX$KWHnA@u0_NpwY)By#d8wE@eg$>Xp`_@`3h-`OW*TUrCgwPCj z6eGg!mG2Lw=Y%3$aC%iDfQ0TOy` zRUT_NtOl~oWvZ4*DgIwN&-o+!G=>6GKx@s=nHjO{eo42aHW7`Z+S+fXh}Z^@>^=r4 z|I1uGb7mBGN4x>j+JFmSWQ>22HMOB*_HYgROL-OaH+a@n2r0YI)FFx6TX@C02iEBx z`T`hMbs0)uZYzb_awIO6+Q_Lv6F4e5cNo-sbw%4vbK83&ws-sM3ABINNF?MtuwbINaFJKZyI{d!Q8NR?{8Eh044!3Q zIF9c|iEfGvbe5`z4sM?}#;U)&9uaT`FeSSZO9k3S+VHJxF%4$68R-x~ERq1XL;Ze3 z*N7`l>up30Hrv>*Y)yF9+ZBwz(om6Ex7~kUvk2~ZhtUTW<2#1xjQbSrvs&R!$KcPkCP*ad-C1~9hp5qRG#0@HR=_vg{JQ81^&^9>$U|iiz0a0+0~8GBb^CUC@g4Rm9|#a)AaT5!EQLLgbpBZAQc~Hvo7^9n zb$qwF0za>sg9Qd!aHEl5f83!`TH-frXbnC;T=(ncEp=hp_Kf4{tLfb3${oWXeOkNR-L~h3b zK46u1VH)!*I!z99)u&P?GGY}yAA`B<3H7|F>+j6?`f5NBqM`EU8s95RSJzO9mIQv! z$65AdA~l3oK;S$f(-BOsCzNih14hvG#F984%G+(XKYavtsFm6VpIwrQi5u>!4@0n2 z?gQb}vCJ|)S`e?Vl1hYG+E>vD!7xhdz z85a6+m-n!*jue;~G`Px($@C~noGe7~?##qIpJFsX!hL*v3M!r6xeib45>64(`Eg~C zWFC93NxV;3jr@OVRw~(aA0!{l$_4Gi<=u_f{RGHNM zA)B&yLG0SLg@^J5ghKxQR7hhgQcfA+{+2y@d`+hD?TpU{+(EQps<4ImoDZwvIBy8t zTOdeZOu4cDcJ+Z&3_;J69`K5~5CkZj*~a&EQef1*D}r^-$5FNnW+HQ7o_;{Ojwq^? z2ZU;#g03o_9%@Tr`HO&$P>D}+i!QScwau*nPhVDvs;z^#6dq+;#^=fUtZ!(I1Pm_i zsdF1j&Qqp!eFi8HvlLCsn*Ot$=sMQe9S3Xhr9qTUBtEBa1)m>zjjhW2f9-TCP}AHb zFfO*$R1TpkU3{+qk9ZBFe0_rKI9S43%hvqz^=TR&0N<>HWkSDTw}5Kr@0pJQvlp&8 zlU;8p5w)g22(Toj>@)m6EE&Ai+7C1DcCBzJ(z)(T$>KT4;1}34W61Ik>y^%nZ`NcF z$POu?UD_<#%*JTH_QgawcRxskS zlxo2UM6wpO7sv{nG;SUT_+E^fdFI?;P8BiI4)PN-E(| zY@bE;Fp6OFUYPsi~6Eez9fJC3ndozbTE_@|AA7+m>JzKiwv24 z^>!9gRT?pc{l`CcQ>8`753<1MT*QB;LSzcC0!4PV1n{HH@|; zm&3i7x+97$3zr7xTTE6KzMQ3POd<||WJgr@cXlaaiQE03hLXYkP>Pp*c|HdOmj!Y0 zYW%5Z-KRMchxp1e8W5>K_^mVRJ%=g`IIRG(pHoy9T3DAGVTVmbNC{vrt2Wzj430RR zc{4?VBJW-ZVTKBq$48WY4ew0=lK3*045`rN{r;;h4$M$E6!T{&Qf~@-lWs_}SHvL{ zLwWycd@m>iMqE`1Y+gRj5RbggEk>q+Ur=wmtWxbc8{SPG{(@A-ereQrR{7-{jG{d! z$+EIjo)-|Xed;bJ5Po$o_CVP=Pj0Q#RH4}>7&x~7I2vc+pNtzTO7N6_IXlzXTcwCy zr1yw`Ia8wE;C0d$d3bi<#Eqy3ulhbr{;J}xHQ(P)F8fgbg{O|N9X4Kfc=b^L$$)g> zMZWotov5+n1lsB94;f!K-MxM-Nen-s@jFFp z#g)1G>prkQ$%8I(-j$&EVolA&?j8852nH|R!7_Jqd?!@nxn>ol#vrysl94iZ=+5Q# zRHRkr?GQ3!(_;|Bko|)F1ag_~_H8)Z;VbenTH%lyos|Mp%q%4zb%x877`4`&0UqHQ zndfv$S)Sj1V^iC#?m9&<(r_V+1xz1jriDD-KMG!Au)bH7seLCPo5l|^EOjePP~58g zbN@N0zw~%jZXNx(__nNc)8>pmujv$f3N8uUS94+Wz&Gb5yb0;eX>NsStf*aeluZLla`hmN>f>(;e6K);P~QdxKpp&@Q!Z>*h5kiOL zLWoh~Dyu9RLEuJy#sx)lAL{oE&aBB#p<`FGDEHMD zf51_24p4{QI#MB4YC7`SBVX3?71CWsUHAWN3@t+AHAe5TWLTC$+i})7JL749H;C7n z*5asZaiAbKDsArhy}#AOQhDKqz1Jk?4g&a@7OfhHoQFL=KG~5Bz7PT)KbcM?NMa|P z&5Nqx&0H>j=0Hy!5h4W^-c=(-M`~-_Ptp|t>-tfp2z-`6e&`rOei%;OiQkE%VgwP; zPyU4}H!dK|lP*6tX{*g2zcV$m^8D}Hx`r)k0+du!!EbBs%kTggfk1~&qw1tpTNUEN zsIP9V-K5GQs~mPnVf5t!3{Q!--0{I&$m~}g3(I~&w z_SXPt%Z(huXxrP@{tWmloII=+SU9GCgcH;l?p9*N>s2^a4ICP$X};7xU~Bao;3>*W z{kha+C^$APwDqNxZ+fCU*V0F6ZVP+fx`z!A9oeO*h)X4d6StVF_@RM%Ki*p}cta0Y{v^B_vCU0Py~P&$G71$_ z_XYtz@Il?^V!%Ro-L|IQWKwWBUopjxENdSMoLV8sapVzz+Q7A|T|2gH<<$<5K}vSL z{JAG1MTcd2x)6-M8joAFK|h3sfnvJsZ7*}o7kJtW0wf@roD*~KIr+M`n4mJ$_Cuza zkFD1ub#L!%d?kOCc(4TWJiErR%|NB9$3A}lO26`~>9O2<<_ci*pKRPVMQ&X1`;0m# zGeCV0cTH{9&)?}8igfuQw4D!NN%|dZ-15E>y{{*x7~v|KRJV^-U^P)0l<*t5QC z@q7DCzH&n=?NXoL@}__oqkmSWvfrX~4 z9)zgl5NdZ;ZGT7<2za=kwEH7&SW#hWJ0d1(L0&3|9N>c*fYwmibXF^skynK{xGD6!VD&cEJnhCV?d_MpE9h4ZU#-C#E7_%yOH>w#XE5V$)Qt+Ko z_woa3NRwY?fPTr_q~!R#LN3WGTmL4$vr~C{Z3yv8Q>x=XunywH(}?uUNxAzj5p@O0$zcIvcYEHpNK>tf@#E6E=C3s9qH3RR0FrwAc%*ei&m^TUyze7%&kq<1l zcuyI@JU?lSmp&l5B;LkD{AS^v5%c>1#*#KL?coG^bho5tTw4^Ma0=Luq0QMJWBb&5 z%6pOrdRWQpg_8}Dg^|7j#hG|eAmT3{h$yUzqwFvRLy zZeQ!ogrYdg?^y&Ec@P|jo@{$9L=RUFCT>-1&wG$zbjIx}OYibmRh9bn7KDjBr_6FE zk2Ij{H#Oo%7ImdI9za0&NonSpXL8StEx`(n$s+}-63xJtOV^cA(-~Bdn5-rX`O9v0 z60aSfz4%ws-2WZhf=_MFkxV>Za@hH&|HSlFCic*1rpJgn>dxQ4QL4#uzw2$(r?8c; zvR7%ZP85jf!FWoBsA)D=FZ*Dv+)SBvchWFD*i4VBK zL@NqRxn4Gtr2_>G=R`fsfVC}SL-Fc3;TzkxOTD1;|6`Bx6lnIdp^7v%Fo@^8ddoev z8eM?)T`q{umv^h4@RxnZE$HiCJ0xW4o$$aVHk3aT2c10~%sn3h&V+g?LFEcH_VW6` z-v@<|FtFWC3j?iXT@7a_n&hiRe>5@79y!VOKtX6f6|3gSny{xI!^Ak08*^}sJaeOa zS-3^Xj*xnIx;|nSTMR|Dk{1K~m2O9)%6yN~5lIato%moC7l4oHgu(%E8!ujod~??snl#yHtgo-BkMukJt9LSRWMH3x z_K(kC*GBG$O_3jW2uj+-5NpU9{iBEGezM|G>Lf3ho$T?h5q06k$6p*N)=Ta>GEuFV zx^5g?-vjJvPOd>a)BKW_KwGp$?{>w>8FEx==M7p2dE01%4j#kxKNCri z#Ds^o*e-)$RZtC+^JON3ds2Z>@X6Qs{m{yx*F6M{`c~tWqAiRWZ<12B(#@Pq58mif zq1ElVj5Y`I!t|Di>km?Jvq1AZB~pGnAmKwZ0Tne#QM}+=-eyI1kd+-dHo*ZYg=M_E zME=JMjE@;4MR|o6#sT8|3v<3HJa@}+d>D336hShiaQVR*lTjgSc?XJ+V+vdXDX8~( z?9ww`<%-pWfxmo*CMnKw!<+a0sv)kxag037qBnWqIEF%QERurpKXHtAZ@D4>i=ga! znp`QXIM$KM;Ip9!gXo;{;bG(DH$>@w_cD2G5P5z{Z>GSeB6GydJJD>-@=FH7^&n~C zU}E@Z<#XkfB(ta~s{~&{y4hB!&Ml8B0=s*4#MIhT$~cI9;`!2)49a*6B{vPXMdAcQ zBIWyhp>u2Qo7EsIfQyHD+Gkc_;Fs3}fpw9#W3+#j@utMu??+o7vUI%64D(`FN->RP@iLdsKDM1P8%{l3Cc(4fM+C-*0}A7k)m!_c1QH z;K_4Our6qrnn60KZ?$D)-o&=Cq`TE)JSSQ0b1!@AifXgT*A{)_Ex5eIyKJZhVi?Q} zcC8_-prsX#v#j`mOHs!6n@Y}`^5hkx=Wp@IPTFOnoxyyf)O)&*XS!nx8+@fri&ZK& z#tcx$?DH8tHyp)^TOyNZBulB8eA}sAlZ5!+^1y05@V#fCND?$&w;wyHq~InjGo4Me z;p&D9gxiL^h|su#R|$-P7rUAh z+p9T5Y}0=*(u%heLU8h$_tsiuYn#u1bKy-up_%u6i_|=>JM_`27~7hz8ez09%Z%&W z=D5q?ot~yqD4245`aI;!0oXh;QcF3p{cT5v?(2>KK^JP5i>z#aE z{HnvTec7g@KRcOvTT$+j_MxDex!VPRy?j0@w3?}g9(+#o7uPt_F-b~WiL-QO1q3sr zswXdF6e+x^`&5rNi$BaIzx-Es^8;i`xcb{tFseplA38tQu4jYSC^cnFs)^|SE$2Is zN)|!3LE%UTO_7aug8X9wB9fJGt%ektzpJA!q#j-L*>inE;b`MleqGSBEpHKI_=FQp zT>xV^riH46#8%4X@oHcEzi#N^Gj1I0m56J06Dc|!aU$Z;btv?%Z! z_~vAFDJy?Bb~K_q^AzMfGx%^Uu~sy2s#nUs=M$b1jJpb`Zxf z&|*%-??b*hk4~y34NF#uB*u0?z#&Sw8OiXU9_K?Ms?IoXArPoBS+q4RWgs66UmtK; zGmghODHx-VbZSW$C~21Hc zM*ym3hfa;eT=I+1e=V9Mym8a5pqZF zfAqSh(UPjq_@`>|XU+iuX97?XiUwbs<$OwH z`#ZU8{oh*NJ=h;#>fq_Jq$TW(AWTCxBqo^;keA?w?7JL+SsK&l>*FIni+P7EC2b^y zN{P`WwP}`nWp^(5d$emtGzoo|5%&rMwg^o`z1|m8#GSGqoh2IdY%U1PQb{L<* zvL3=j=`&+++J}M$y{W^A*~Zb<$Nm;3g3KV0148kL2NXmprFwrF8nc+A&*tCL&U|^E zQnlFIr}9~`+q>S#-3K@PjWpcz?A1?v*QEra6TLF&Q8Ir|UZwU=5uy@^8f*QBJn%_g zSQbr8=-5J?0Q#4QRKWWUFAFvv+0aj-0cm&J)IZU3{r^_2DM5Xv)q>uVPo*Fr4+>PK zVPQs}ebPo3w7FmJnr1uAEeP@z@Bplx-l9B2J$1!#cT^{!{;Q+rSVR{H2yr{Yf*ub? z-hh1Y8}O?0^}pN$(WG~NeHpxqlFy9ZXzOffM+EXrcV~v4=FJvfJgxjcGvmUkn}&3o zVg%yj?F?;){!N?{uyBbu=^qKKk)<0vl$p`w+SVCRmek9GC+ZG%v_1V>E?&d~5!oS@ zjB2Evi9XQ)7Wg2>6mczFtu{HFOQt&@97;;mJu=PRyr2d%KGE z@NIcNZVX$Eb>hr5@c&&iPT18V>EKFM^7aA48cebLq;l^E@{0-zgYq5Mp`g#@R>#7> z)GIe^RR0zn5^?Dnb%@>V()Jcp8T83E-Sr=WVuJT}Y@b{Ss?%l#9RYsORIU?lgU8Y7 zx8eZJbdR_lyE^*PNrB6~j6sPzCQ!kJcxT7&PEV0aYFqihN5Qe$b4_{Jqp5$2_o+|@ z{6Vys80le20X~FqOo-f6fp&IjwhQsGo#Dg}ErbCbT)DpyZRP(zfw&>S0^zUHN+?RM zjzrx83l`%0&vOTnbtvK`W%bVU5Z>fUp31NuMMWzk`F#c3Q*k=mg2BSVYvR;csznyg z%g!+morg?B&KYhWFFL*qHvU%veBI$1kG7*N{M|VunIT+sAk(7rS8w)s-Nv9mw-*^G z@*JtZ5of&#@zv7InYT6ihfV;=3fGytG5GEZH@$~q*>sZ!@sXCors+LB%pZ)%RVEsW z*4V$9mt`#nh)Da3&?^Jqq^sgIh1{#bb?Y+zO7!Hi#s1LM>swYjzqLk2zV;gEZ2k#@ zQyBT)G`E?d8M%Eh-hqGXB1Zw3cU^g4Chq4g`#XAhy!d z>QneXh2Y4NIXw}{9#w2Hyi1p)NRV~r56g7X(D*ILP_FX9u6Mz8Y1p!~QAXlKB(IM* z_#y`7Le&7nE6h=`s!lnN3UujAIhrx_6&ohMHT|))Zf#eiLfV~gkhoxhTR@=X=zno< zi7`}g@q1ii}FX zQe$%Ye%nN>2ipOr-_ev^qUH60xK~nF7C1U8^N}rr_F!N@+}sxbU$HqeSL>ujSw7HH zd=CSlTi;sl9b?@(J34wb_+idD@7LZQv1s!4>EnepGz5RJ64qw7f=iUA>2BR}9Dcct z^aJrH^S3B7wh9Yt0^wKIsJYe*3(D80?&nGfZxG7Oh8Ni2`Wy=1(+)k^;CCT7U zD9JkD&LiZ1=fVo5NZSDOUX%lS_ZhMg0xIO zTI@m&<`*pNCrW2W4t`i^Nm_IxQY?WD$gECB`xga-GB)zG9YPtw5CJZIM-(v|&!FM0 z!#{{3I1(^F5Gs$zke-Inx3gE_;R60zaz!Y4umH5807pfaqFRM87z6}*b7vN#R>}I^ zpHH-FzOdK@>Mfdja@9}I2_HmbhSbs zR8yesbrt#n2Z@?R#$~?>9`c%`7!m-BC+mQS6l7)?5|HPmS4zRUg#ux5MU^cLg*muW zG;9-hhp~-K_hA;8U6MaNaKbPs2_{)nM!vJbQ^73GHv6yS+HXx6Y-2dk{~uFd9Tw&D zy=@?q?ElEmSr6fxpI{Te^6ML3H#!dW_u)kQdui*nwZsSD)0scAOLD*tRQ+;=p~JCwh0 z2P_!O*pg%#Ey=qLG}^ZPhRkl220P@OE^;GBH$SWN6ky~y^k6>lnke#f_$L(XWm~y# zP@b0$H!_L1hTS6Ag?!4DHE=3uhm}D#?emzv@xc!Wq?c_m?n8aN?Sl=mnlBEyA7bNw zOGySapE$e^a6xn_pYK@)qSvwqSQcdqTDR0QW{kK~M4h7D7mL;${xv@-_~j`_11|jV zn}i;5a&@XNjdEiDrk;~D~O#mCv1j~btv;c!*)TIk@7^P_Cpx9OR>V=}EJIEPlC^=&It8DIa)%df2ITBSOZ{XcgF7}&ayEK_u`l$NomI0cD zHfo^6$tubUK+plEkIZca1`Pew|OhIj+dM#s4#|yT{s; z%}=V9x$HcAv}$BNvheee*fyQY>;9iCg8_iKUu$_N9-%P z6D?-4j=-&x$*9CYPCUbHlNT*3iKr7qeQ*mN{J&}dCgI#0SSyLrGPX?fZ@*#papl>j zzZhC^z^fCqji+F4e>J+k0TTL^_#bmQH*2lys9DlRnDhBoAJV&VC#Z|LY8*gOGM;j4 zf7fM6nrNG5Eekeb{N?knr3(s;_UA;~z-R41fbl6lVtea#k+x~Y%Gjf%YG(4P6Qu#_q-0XAA7z7j=*ilU zZ`NpIXH>aILQDqHTD&X=I7_82hXQmpdm9%Dv87FJ+HUFg#O=)?+-$Z`cJ;`_N^@l`Re@%7l%@}e)UX0 zv-rsR3^U};@@%sD^jvvxXy+!WzkQ6qoMGm8C0C^Y%RsA+wfct^=>8RqtV7iuNOMX( z_&P5;h(I|COlH{YA)=%Sso%LVGi3Mejc@`h82|Y&fM~Myx%A;2)}oJ98llGLQu-OZ z?fRPZhcr5U%Oa84Oz5_oED2YWWC)@LTG^+NSFI7Y&mj%<+f^gP>eMK5%)!=mh8GBSC@%{lfl z+lBJ$VC_TsG1=sD8QuUlzqm5)AkG2CdD)i^H28T0Qo(kX_vAlxz{rLZ-}=K%w>jU> zq7iS+5$p;eZ4(urPYT(2(BIz4pBRs2L%(t>DWE#t!|zf`ufFROJIUPXtkYyY$IZMJ z{$5>OcEZELgF^*PI(>sgJcVv|DEHzy1GeH1KWAFYMefcWEzW6+4|9X2y&=_H7Rtdh zqQS5)C23k3MrAusi4H|}j#hpxPJCXk(G!?>)Fr+Q6fiT$PR3G=IkZbB?De^y|AIF8 zon!jhZki+=ElOdSWE;-uHp~LFK@LAdZZlf(a+L?6A$C(vU>c=xySX0@!msDs17QqI zA?&Tq#uax8mBt^WL6uD!kjr6$OE|J8Dy)yD>3 zjoT}r$hAGJT{sch5%u%CXzMf&E+Loksgh%&=e5VP6W*dPAJAzO__2i}5JPZe_# z^u=g%Wb{5Qr<6YWZh~Q=ok?(1d#${?mN?_4S?h+ZQ62j1<5lb+wdhPF0VDY5Dagv4 z&BnBx=mE7OePwU)iu5Mxl?|08W~<@#$wmtHPR_QckJ0Rz+mN$Flgr4<`7BKwML}PH z!bHfs=H>uE)3w+maIQ+GzGM`k74n*4X*7y*4Sj{vsfOo?(}U5_Y@hW`5tKDmTum)i zq+JQ4IRM)i?*ubHn32@etj>8;Rk4pXSe59IC@I)(q!TQjBGqGO^Y=qJKr>wjYjc7_ z1ZNHbJl>?4V0fKf7W^p3LyRS~sd zMNGX33A@Xtd|(H|jD#-v&W{XnoAV@Kaj0a~iimcvb%(joOG-$q51JT|r*F604|cZn z2x<7yea#;RWdNKE=bR!+zl@5q&szV_a{c{mU*TD|zW7+s=F1vdaBco(cD z)q7bwoV*>4w7eV{d!S0A4|9;JJhzoJH=73tDU29y?VP{9YN>%R7u9C9+=!-aC_eA?rwR^zTWVrT{=yRX!@an3q_}qeu z^wSu|?_HewXB+9E!l|q)Z9cB~li=Mac*MD=ve2!C6PH7J3faZnUDrYInW0$~XR@l3 z?n%bpsphMsbBGP8I3qMPIT~Oho1nkV>sxDW*zO0q5}-Y`&=nRD@8_nk%G9w{Ok1j( zoULAMC2;!vkYjHu?@lndC|L5_`yOHSdDvL@Wi7*D=G&x1KD+fyXV8$-LX9N{RsOxu z-UcAWcwzelnfr09RUP9vy*7}#QN7t9i0wfmy{bQn^L&doIW&)cxKM2p|Mu{i9RMx* zkUipU<*{cD9VAyiMPoC@?ukxZy42n7V2H`!U$0B77{`0rKQC!iMua5%{qGPz^M?Nm zIkm6Zj2Dr>>6#jBZB!mU31N*F?R$-GDbqB9id!HM53 zw0~dZCrnMMS*7MYueS``wC+pAR^f_c^P;(p-!?nSpxQSg=G{_#;5658yD{-f|Ga`3 zQupa>yXr(37jvF^n|N%~Wki>nkLix<_PD{XnXe%4*jMx+pnq|Nr7`ncvs>nzPZvsi zp2xfWIVYtf4W2(lm>so%$^F2>MX+tl^VZ}ncq06BuWO;Ly<46Xl=jjl>^hs6CdGMd z3{BzlTfV8o3S8N)HIqVomf>*YBH;Bfk;R5NlsU)p{Muwj;FY=+$>p<+CB`-sdK&8N zUjjEIi4TqUfQhAKfyetZJFNm9$nzB@tpbooXY-a72fh(*Y}5S&;T!Dx7iA%rY4jpL zP@KP5(oC~2k>0D@Y@E!;<5ad)ARpJ>_}eZr;b9=^qArMQPjOXV8yATq-uh7R)xZ~B zx{=LPY$*eb##)TvYxZ2Si-$|l(uoMN*%AN|O09YbdWMs~URypoJksWwm~nmWkVs7D z+C>n&Y80?0%=KP6^eq7bYWx$wUMu_$YIk3r@HX z9AplK=c+Qkq9ZR(_;r+e?>vxIMXL~S^cRiZO}$X9u<^-PEE@6cu~2-s-CnF@?J+Lp z{dR}bqqco$!bsK=Sss03@2$m4B2R)>&c34CMf6;L~B z6Y;}Oy9Bmq6VB|KY#Dolv*Vefwgb)2xIa{hK#n!dL+Ta4mF3MVGzWZl(946{4Mj$1 zU;a=|B`?`g%AKpZdd+1Kv(s8$(hTmh@Zb$$v3dwg>|FBK?%biFCL(nQ!+*-y1J$wu z9{xlX&#W2xl@?FLdieQXD13fn^5eVCdP6bJF86|%;O7Pc>;G>d&Z5?cg>WGjGPkd3 zide`@m?&v}Z=|DczSF@HMB+l#>e$|0+PDv8BCt;UNFj;Ir0ke*;KhkpBA2MQ;tkcJ zdqFRAFykNzAa3W=3`aC$%4sUt@^|8Smku?g@ZV}?I((aLQ z)<)8MhU;}pt{NU=jy5Wwh~LbNN%O83s;AG(bCv?XJ2(k%nTKL@;XGDeLww7MygPSI zR3liT<10JmtBcfgrFC;Gw7n?=zdBt&dp2oymjXoTLs`QbCp0(<%?pAX1=h~9R9>AJ zF%6iySym_*y*>JdU&ir7kf9&iXe$<-j#|d9^6K9GKCasOtHe8C(}kEDe_SQ^@Dazj zTptV7;OX_spRFl-wK9L!>s;yYIF-eG7X#rE`>N}fZ_l&078moDXXTwlw4Giz@Y2s6 zV>@ZT@B{R(dCb<1zOxFVPda4|qR$?il&7-2PH!Gwikt2v@KV!Edd?llwO2fKJaTd< zeZ@X?DE)o>gq5pnI44{oSY&l>mB!oi#b5z5n(eqmqMNtTl{W)4A;eyH>3P?hr*rd4EJ=k)W`jKNfH6jn14(Uw$6r!PsBU zk72l;E&LoxHMBgw$nt|Xy?{5oBZeU2#l2N?6r%|PA{*4?uP6G_YwZ~&CACe5yy9iP z^0;;g$BIf|2s6IETjPGd=0X1$gYwAw5^87T+Q1V>uOc7Xm#Y63D+V-Lp(rmG7O$qP zYYIoi7bnYvv_@i|)ytCUV}YC3#uN<1J*Zn9hh)0(Ph{jCajys~idjeJ2!AQ;;$^QT zLMRgWM>fnX374&hWNo?fW5mn0G?zo`f0vk3osVaG6()BDa;Oj_`s(8Ql;?Ww_6Edc z7sm18cohj^BAGaVY&j3Nek=YoPelJ~S7H3@+z?T6i#wm?oSw2)sav|c^HH;x2OQqf z0U9`b48zJ=_?UrE^4PI-^6%{X;y}CTq*o%r1I+)VB8K*me}nn~DMBbO>=?gD=;WSS z9{&2B;Z6GJ_}LA+5C7rJ?+0as1EN=d$m!z_wD^sIFK!qQ z*TtJ{iMw$l2nGDm2?IKbB8TT&;30L+_}TY+SB9d;4syJjo$ye_YDtJ0}`v`7iTNBj8`Vx+Sr2=Lg;C!iPx zzdj`P=~;Pyg6NeeMoau2)06s+?(=JAep35}@1Iv$QrJaT|MTK{bIDa6uGfbMFRlZ& zHEF}^73#M4=C*xL(qt)+Q(?5dXhBuH?9;?fdiL9mgb-1W8pOtuID7|rkOnyh39QlzCM>X);3`T8~jNkj(ixg>~>Ww-#e_!H*kKb1YzI5c?=d?e)pJMTGJq*lK z!xO)<(D=OF&gG@4p8GHjufPEP>W8Q`pC2uToJj%r7@B*_cQ<~0_U#gmEz$v=WpReuRd1hX#h&O zwsRX9#6pbK44k5rQDje=8LAT`Km7G2MqW`$mxQ0`NMl6b#Cr^XunRd^t>apE)N0i- zgjv!!HMR~uU&X0qhaRWjL)52n61Jv&*?8Ujm`*&Z249Wn`rmPaUfPU{8z{OvXdhvA zwO7~5Gb+*ppm#BH7{C)V0uYx+mk!}o`1bz5b)Qb?e)^x1OBM2N0w+P~m<%$p1#<2J z`rlWZlO?c~T&zqlPu`o;X8J_I;dnPHIMaVqrv0?v%zKI)uTaC@uZ z+NNwv)C>U}KvSA+Nbx^KgT_WezvfejMHtXAeBMdWxdO6o|eC zQS!tKmk-#UAh8@uR$WVH${{m)W?>^6%7r zq}`<*y5Cx_%Fg^a=eeF7XVU|$Vs6r-*F_-H z21UZx8wK9xG zB@i-gkIYR;Mpmv?(Dm?26=X`M6|27xfHug|X6tVm2##r7=rbf$b{%9a)JMW3Rv>91(;DT^I8&B?D`4d5a z#(DqSwebz7r)YGQiwUiG{)U6{#6&#BY}ucP-$@|zGpP+n=aKUKG!YL`)nn>!4F<`K zk77UkfPRBNWwzbr$BYO%-ABv*ejmEFJ6~sSE+8pqYHI9vT4;!Gx0?__@@bm@!jN`o zOt<`mO@97O1+?#b1L#~lpV?twGnDDCA582g2;;-_yL6DqVgrOXjpSO}^;aISK2U|% zc3Td+h~$E{t_YTk2?YN?lBy#rIMDQr>;powI#VK_$Nd6_-cqZONVzuk*6CuLu$6CA zduXBdxbSHv0E#wsWF{LP?7v@4H1M<(`FD?m{bA`XgRO?v+$&r@BX)cItBE-b$D;AS z-R^8W;B&jRR%<)nxScNhl{yoUJ>&<*7{_80ft?c6MVyb=pxVCTdHJ@}RZt zE(+ipfG$~hj1j<&g<^MfZc+u%bhj4kZdb|fmImk{$1M&eepk=23RVUQ1b;WLGd9$J zWhW3sci^y?c4eM&wy>I71Lz*M1zqLe>@+WRxY3Kv`V z&{EDTjLy%C4-b*Ot^C8`9YX5N+@}Enqu-1Gxd1QNqXLxN8AaIK?0WNL7v;{mb(lx; zLSoTl8_R|A0tiu5(OBu-;~f+Py8o10A-V3d1Um`dRPq7DjrBw~8znldBWF61uDB9@ z43DBfINvGgePgscg=<5{oEk%AV_$BP#_v+};Gy*sR6ADao{{hFQXFWM2Yaf!*_{DP zO(f$2=W>=>QEo5ILHVa9VPq$FVSE+#vK4EIw+8#wYg^jP)^~T_9%m9R-S34GoY9)+ z4zuQhAj*MDut6;xajzzIwC?nO7}h5J`GM#Aq^COtwQ%kLYFVs0 zS{gHYg0$ZB-8(bJAR@-N@J=(IP4>-^CK3l?$bUvazK2AHSc>PLrT8{-wspHK8O*~fE(OnJ8qDLdej|Q*27r#1e=iD|dx%)#L0+FJm zDXsgduwEywF8f^+iL9`^+lUk+LX^27OS}Y7E z)1!lz0=`Mo2t_gdfYW8rtlXxu*K&Fx#Ap%J^0FVMyC`#_5;hJ$HMR<));0ir_f_j( zy*sz|wUFkbdC*1#soCAG?x1||jQXLZE7q6j>2Kn6DheOWUOugmv{UOS1N)`}pX)G; zU;3povOaqs!T2hc-Es?bQ*A`^AaFSH!D>Tae@gij^@9t!-AIh>EbRJBHGym|{={FJ zMpm=CdGjd=ITQOFv>1;ozCD_56=oq2YSvmKTpT12`rY-%TMt+XgnW9>UnYm7R57g5 zMJm3C6+ud8QG{4xKe3A~>ZH~H@*E%APd|w|cs%1{zypo7p0x3F?g~F=K>VwM#>N93 z$iWKV&!Ka(1x4@eSgHof74Xd_nKS+ohwpgXn$z|hQZQSdP%~sXVP-Jzf3t#F^Mu-? z7LLGrNwslz3zisHpq~j`o$fgndf{f3V3jefZ7W$_?`z|?@u7f+oz3tLzMfkl_S>wW zYT-&OWAbk*!qr$1a#^t--yO4XDovgp7)!hC#F;YmA8)=yJ8;-hb$*0@Lj zlKKt-l+%{H5MJzb2h9|DMvW`ws+1P3AuB{5sSo)utE6s5fV1WP3djAsj#&8%Fw#-u zlc?uU?nM>sOc#C5kf-oRRE)Zi=W7B7=L*+K`~AW^EbOYzgOeh%J=@t`=Q)SX*R~AR zHZ*5`&&ZmXgI6x!n8(UIiaOH*mOyR}kFXm{{`fcISIW@aD>PIL%pCKte8Z-xJiFDx zUzo)UXh#P%alVqq<-eya;O+)}Uz7SE{_XR+8|fbSgpVpjbpyfx8yV z{ya=_B|uU^mEliv3F|HF)Q`T?IFr7_#9R|CBJb8wY}yCRmmj3k8XhTBd4-%n(`b#=4<%73F2o^IDv_2 zgA6ZF9p~rbp5A6!_C71+gJ?&283p{*I;_{As>H2C*>KQHiI`Zb#3o?u0sO)K0}y{lm#sa<5;?YqTj$GDk-$(cCq$OqKk6i|lwD)c&O7pkwlV05Mf&$Ip? zta;xVZiFGW&bN-(`c;aBL$@bQGjlH;+v(HyE<&?&%>A8-LG@c(*1fg2H7zoCH+z`C z#Uv>qpz`>^n=?3Yek$*4b9W9)traRPKo=wn9y~aFn;QQ4u-j9wZH~=Gj>7kkVkQ`) zK2k)-|cvCL^<54LAeKQ?qaR zjyW444wZkA)(L88Ur8C2fk@^w1HGTe8mB+XD_12CqC|ZTj&93FRLyPQg`~f;HRxS6 zy+>N2Nq2|x=flV3o7xdJWqY+m?_5M@4gJdk>oP{x$}i0*nW=~ z!+KYJEZa&G4WzktYPk8Lq`hNhm=;xa7nX|$R}Yi8x$<+mV>Un)YFDhFYMs2(bP4zV zRlxW{aQX_Vfrsax%+e8Qm!Odc3EJo5N@9znlu#$B6I9_P26z%qGbyZsDF)Q$*m^jXklQUgK6O~UG%~1WYFDj%_Onv3H6|KUboojc3-7QN`8ft%(%#&^T4`H&oWXK)WS0XJlr(U~V#+rh8T|g0 zOQdZ^-8%&U3{{u=!of$dZp=aKD^QR|PGS&F*>1JnDg3-&I3j+BN@DpnWcOQ*l*7Tv!5R0)ayBk^uDl>Yy5Ta?AE>*;>PrR+ z8TweT3MjsJf{31i`}C_83VqqMtd=LtYZnUNlgqHqsNTo;=8mCar4*`$J{MdYJ$oyq z7#6jIKhi5 zmTMFN5+}%|WU7JgITL|4FS?A-?+tG*HR)ZZp!8$}oNj^B)v7!KE;h9-r{n9+R`Puy zKQLR?IzPoS22Tap;%#apdaWjt9|1qDb#`_r{$B!PB2ygk+1@XjM%|RLkNepQ_cY+2 zmp`S(&?lRX67`ENtU8}K{r8_C_mpODUsZ z#XVf$#R!{Eq(b@|yR@*Ps51G%@3|T+-1tdvbtg-t!cGsbN@TxmJDqs%Cf#&($~@yj zU3_=caY98ZIPn&E8&_kdp9eq}h~-vbTVz1KjpN~YnI}t>Z+^^85fLld&Ay{xaq!X9 zgjM5n-HDpRuIm%X)MNL8$HUU3dI#X%jb14iPC9nJhrOz=jMy}vfKD&yw0b#UU$RVb zq9pIRBHVIUjP67OD-WSMXU?g0`3t#1ugzc*c8z6?PO-WQV50*ci8&bIg=8rzY<4Ky_(D)UCnoR1|3mWVjshM7pD>f9rHV zW}VR2+-`cgd{wOpBvB_sOx9=qFpM*BCR3Yq=tg~ZLZm#ds*%6K1t$u9y@+zYXdw|m zNB%3g232Yzgq!L2MWI)d6!&vS&yl0Osld-x5++1fjR>@=TfSWA{g)kd$bsu}%e>;ge(<%!8)Ztm2`7M|&C?HGy3RM1ZI>M*Dr*2>?N@6}R@ z&cb8V?6GROw0_L$3K$;6>cFPsk6B|_LI-P9^{VmmG~+-u5mw~>bfc3^KZN6p)$AKS zvegOyV5X)=y-x(DcMBO#G|I~n;^eHhs3`ZOkrUiPiJNikMk>n>ED#qsYk>9FnK^+d znttr>3D*>twA`#Ufi3USJd1FzZw|vtP%@xfZ2ohg?PT2|3S`baCrpblY~OZ|i&b@d+@Iyvu0 zT{6_kHy5~S!Kx5Hv0=d-GW0qgz~r3*F&9VT{K)ku!QEt1}>xER*ZPLl?QmC2I_BzK~SC>D+K?ZZ=`SZ-B(#Xl{PjJXN5=HMg zkw?YQcF@U)KCB*8l1aFS!xD6A=LD5QjnPbmc&dcqI;otSd$_iaDc5rVv-8H* zFK!r#{DxxHdejU_jg+$>so-Azc!r@(VMB{&E69bxWux85R6zA2>LlRiq`RN@Ck%#L zU|4piz&JlTYiXBX{0Kzx^HGM5ZwZT+j;OuEB!J!6fJlAz2oZ2l@9$q%kKCu7*9(>j zb|ew&+s&;B%1HgxOZmxWN=h=V{ZoC=PH|Itg~gZu<5@1~&XdZA<%K!j-5xp_CO5vM zA^jd>pHc=qja_t~Dm$V8;|S`&fF)ELr^xbBY9_I}3XR6BoFbY-`mBxpFdeR zfYogrha223J9q6J3)K_z@yoeMQ%KETqEGrYcbY#0A1>@hHwk%e`{h+Wj;Gq#LTP@e z^CT)_jh@Q}QPEMu`@8LZIv~EVup`Q?YGD_WTN~KsQi6mGznyAzf6FqvyC|sZb7mvI zcKIoJ?<2m}kq4_#+y&^jwXM5m(vSo!p?P8J<;w4><}=xgVQBT`PQmH1`K0(w;AF$2 zqaIflzS87{$}q5wnTg8Pb)aHa4i~zqrPU8qP?1~;M2A}q8i5QVS z$-9wqtj2zs_(bk|V3e@h=%8Zm4{XTKI4uq^2D$9*$aPIjO59qwUYQPG#PLu!c~@_H zlVP6irF#J4O~ETQW9~1i1c+s+MR2dqug0=96n|@bvoK>Yi5q)boaP9v**I|lz$dWv zj0|=QS_5fM>dq(c=@|>K3fH%KHEOcqGp8nOz38uez>*<>`W2k!;3CQnMP}`7@-Fcl2Dv%wd7kgMa!AkNc z8szU>2|dS!zN)Jx$wQilyvrI&8cGLm?X&l>hXbyl@@tAN%ZrVqiI{Pux7wcE0zj2{ z@`Ig~{hyV(Fu!fg!iAw~lPw@uuWvj2`pTe&Y?E!Kk;pP-AC4*CW!g;2BA@NDxihf_ zG>%EA(qBcNzS++CtcCcl%Y=H}yu?}U`CP%i+rhTb?Wq)5vU&idWtX$$b_KGpL<5^2 zx@4QUW5%pf$8*8cx&d7Z1+SEyU+iqR+_{ZTF}E~p7r85BFOE-@>sjrxT}2mVhkRCH|>$9bLV(S3%Q3&hqVo zqDEY_?@CnhIEd;3=6qF^vAm!icJq_i;%=>p)Xgl5m?Na5#L z+4fKyrbNWa$>uh_yO@ zmx#41_W(@*^Ylf3NW*O^;3t+FZ_11P*82 z1b=cLNdZF_ksW1>Ld3{9qD{L8{@O3m2I48L^j^B5fVfP|0q9?-`3l}RW)@&EjBLY} zXLD@~E$0YP6UL#h$hWUUS2KuwLJu~B5m_6>esK$U7KMiKf4LXjVb|#Qs&Vg<`U%g1 z*d9Kj^B}^>h=(s6ZfM!yg$3{GB=HSqy)EoBrAJ|1(6)||!whhUaJpW}_DX2mmIIS7 zkfqCY2wyYT7kLAEJrgj>zyxfsE8)l0sfSN+hBlaI9C%%%ZR71Rp*S(gfa+`V4Hnex z9X|8^O^o-|;yaEzqC9W2{5uA1b4bx|N6N-?TnoCs0$5-JjCq)mX3zF^}KjCua`Z7!$9i-3p#EX2}mm znwvb5R$s^MSgcgvL5_#d(rbziy66G2&-Y*jA8)4APu4%_sb?MSk7mkNnWybwUJSD8 z4{To~;TltpGE88GxaK~3UBS{b;20qLb~HBx!D?TulF$rLqWmvh0Ts7L(B##KM$1U3 z>M-VTmLB5c2HMc8>)(lbIRZtPAPuiE@w+rHW#uA)Ga8SGPaHRAy_QswkeG`>vTO-< zN3k0oc7b-S<65B>H+Q6eVi^W+y$qyjxyvf~Ao*b1cHV15NCf+d#jX8`2iBFQljL`= zUk5enAi4xML7?$6yv^p=E=Cknw~2==xQOX)HamR%f5TcAWpW>iuaZS z3!YHPaO)bsr~ZnB{%dr>s?YEw<>NJ8-e*P&y~(&g8ZFg2RGXqUMwz#h_@{oK$|WD| zOyOa!ZM9{7798&%B_`b#-uG5tGZFO2Qw;Y51~KbAUD?ln{Z<&3U=dQeG2{|zTAsJO ztSHES7k^?AECo}SCzHE8KHC3w$qv%>sVTPwoR1ojT=o8NlN8n?EUe*q-#h9Xg8e>c z>aFeT3KHKUdGJ=tL)-g=mlr-<7AzDuF*Foo;$upHBGmY89BhQ zaot2y3Z2g{mIY*L6lTeq9obSWh{~q$Jg?^0=*Dm0i--5tj=u*c>+J`5YfmsQaFcYn zG}p)<1Kw4cBXx&x*lpCug{!5R-nH^COWn}19J-EA2|Cm=)w(cQ-AUVXTTk~wdy{+s zrghYJBP1=h^OOC(LJA%|8}u0Iu`6 zj2WlKFdRplmQ#7mg2UR}mWJEhZQRMJiC{W=KNFiQl+6Adpyv8=M%_`c{5bBi{_Fyd zY=HYDbt(gs=!h-G=#^VCV=~!qTdH7glHwCX;|8`XgA!lW+K)bi?poG{xcGEP*hyHR zbnO2tgWS!0mUooW<@~voZxXyQI;PX0N$gsC&a~uF>pBGJEyRH|%iLgKQK~N={R9?dq z#X)XeX@Wwdx|jCYMN^{32@r79-_!{BbL0Rg-{sNh?O!+2nGl}mR_sS87I1CToM0xl zAEI6i6ZUpFqHsSt?k~R6&2>95y12d_E8aXMJFYPTf#Tp-cA`HaG*17HTRsfPY@1Kx z69svPz24L^-2@4E@%mrQ(RY&%Wex}=0OvmoE$nz9FO6r&hxk|aWw@x$(%uUTQnPn{dQh8bRe9C$xICC<^6{gshkv+R1ltJXuC$BhU z(`m!R>R?Yx3E%h0aDBU{&Dp1p(Bpntu46#waxG~qbPU~VBfNjlTCbFd23$!av01(# zXP{H!Q#Iqo-AHg@-~nHl>v(M zvI6Y$?Hu&MGUCFCc>`#b`LESq_I!@Q7;~yzc>bbV3QS;qAL5$Zl7Gc|*AZAZOSi15 zmca=Ztbd8K&kwY2V+pb8h}{4j_1kiJt4cNVhbgC689&YjD7ET&TiuV) z2szjb2DN-$5nXdVIbHRDKT#|iEWWNhtQ}ZDZG<})N_xsqdYpTnsWmWG*XXWbtQQoL zR~@h--}#flIF01c^Ap*=4tC=LztApZipDA z+wimG#rN;13x@c2;XpCXhS$xt@=mY&gk8zNdAN6M-G>=!@&({`LfhHn?|rVH3WHS1 z#Uqg^WG00Pi)Fm!KUs>^J?lrGUSl(+?tlM({4jk^Dw=_dX5va6S^`Dkb8 z?9*N9tZcSSjRkenxIp>En8&mib9Fs?ttSdBtYEQ(0FRTz`JL{V5Whes-watMil=ae zXt>)G?|k4e`6@VOGDQbY{&{qZES|DE8vJsF9tBRjw@$$NKR#`8$|NbEtaO`W(Nbp7 zEpRAHQl2y0ZlL(IqS`ojobyGy<+s{U)lwy*yrhN^QPa{``Mv?l`&zh5rMasMFY zq0Xf^$zdpapy$SLLLtTGunqD$5TJG2bVu41k~kbUbgXPQA2T>NyR02A$-DgyoF}+Y z-zxeGl5^R5m4HadZzI9mQIT(72^5^j41XV0Rf{#lDNJ|5+FaK_DsYNLHdoFs8VE9= zR_q7{C*Q+{P4ww;2*TKhedSSUGjsW@k_j*OcE(r0<6IuAtOZOGSjsM_5f zjC6KyKb*oo*!i~OK*I@CUIklZ_)i!m-DV@aXX2$-=xh7#vmKXbQl|cl9k_C zkTUqRE8Ka+89alrKnJxtTc5%BcR6E^t%5|Uvr*M~l6fIl}xBKA5qj{B(u|E$2@ z({R56?z!`N*EO)=tq$CVdA)%*ai;oaueV;t$#yLAL{IKg$m1yX{Jav19{*APbdt!r zm5YWN`qxB|2Pmnz24=np1ooy$2C*!BC#OrdA|I7R@*BUK=~L;82~h*T&oHHC{Wm=$ zfSCTvUdJk8dg?#ZBYPU!m&31xgtRy=+cYT&DNS4xtn9q$_FY=|`;#1W3vTAu3uT+u zx5m8e3LQSsbv82#;YzTt70;fGIC4!;@Sg};sLt=EHG1mX)jb}kXUQ9C9zAS!t>sxH z_R(5QZ`TqPt4EAXSAzY%p5CEZB&)esJ}d$p5+h zrT@SXbg)^Qv=~0hyhY?W_4@>Up+ucV6O55QoALW1F~i|txZN`8yT{|x0nmG0v-d~O zM+b~^vza#yF5OK|duf?^4FhuM%v|(LfQh@)wr|_{6$4t**npVO#6tlK=MLkFlbnow zSJHk%#_BAz#u)Q-f@>L{1Y6m^|;F+u8i+F zAb@7f-D4aSplabVmOtp>xWIdDUsVms<8r;JWPfgJdKpG1_+Il0k%T;36d=}xEad5; zW|?ngGqaEk7{{EVbjiyE_Wd$;*>RULw)^ELPWescO?s~4SXydk5e%IPH3h%vbLRmg*Bg2I_NM6&ZIv<-(66yAE2VhuM4q%&(d z#Lz^2X@Q@;$d)jp7L0=73PuND4t@o-ExEt^wYPt3dHFyJVhQBdlet%`nBZQ~Zij8E z%wDOhpMBfFFqSDVDB*|)$IlGT6#u)+F~dGntkJ>YAx~kHm@VE&5ZhMz!cM>XD`xpG zy64M-)O1p?yMC;~)_B&yho?JkWf*yp)b%2OhXB&KKGR3|>+R?={@XRn@2uS6`5 z7g8H_VO_~WzUAHV4mS+_I_M=Au%-=HrTe8lR=nC?$;Fp1FTtWo~%E z=fr$vpXY(Vd{^B>xX6Nchr?~ID@Snm4(Y0|8~C?E&6lIHS;p4YEmbSEJGW!Y1#QSE z`vNZ6>4^-t!0soq1+?|6lP1z_b^Ic>OXrmOo(?K?;c!OHW+p&BNA&D0juFqHZc8&~ zp_0pVH#0}P+8(*J+?#KIPrgZzqCUj4ntcP)genyFi=eHsNV26pQjG7# z)5!CgV0o_ou`$dTY4j;Ob?A$G`w*Ts`!*9N{pJ`!vq(BZ>%KJ~(Ok*%jgH!i{4%he zT3rM%7a(gLXH@P_ez0zNHS-;EwnL(>{~Zp#F^arqqwZxsqP)lwv0j^GC~XdFf1lg2 z+xDvWeQ`erQMUc3527Pa!IVPxe)gs^>bjgcZgr!f(#7B%{E27iu*0nw<|bSyf%xLI z*E4Vyk_t0Ej8gp4-)_A3jT$(TF1gi=S7?al1?a@=HWbv{rG`&&`98UL!M)+> z%L(7KaQO-ep$X!i{lD6-I}pqM>zid|+;(PGDSMY$C^Lm@$`(qLmAEp(ZDu7Isf_Hb zWEVnaw#*`BOIDfh_qw!sp7(j)-|y{@%lAIlIiGXR=X<{Ec3mm4Iyclfm|iMUn*zR>c2t`t+VLYo2aow^`+xne(=5>RgPM&K}ageYva2>9HG@ z9})o z3;KqH?E2)&SyOszx1Z`eTo?IRC>@`P9^hhWhGt)`RZ-?qw`$eT4hr@96c!OInA>%3 z7B4%z7S5pZ^l;WCC>eBnwVKk6Svu20^=vw{kDF=GqbXSd>T0Pg|9nk_;puGA(5O(E zdBc;HA|`5dgA!S0kHtPeW8he#TwWdrcEyniyQr-=^_`OayJ33qLwp19@LIrc} zo2e7Q6YUiXyi->uPMwMmzM^RV_~f%O4?~IRMcGOJp+g2$M1%PY0v%+$Q|H=S)4YQH zMpL?}HpB#vl3uqO+H)|Y%dL-g^Lm+49M4zMOW9*KANvYc6-J>l+Q${5s*E%cn6 zZV@TU=$C#Fkad@TZQ^WESCz+NLZBaXPO{$PF;jJSRZ+qFdbu!5QKvkkC2NLh#2 z#UV(SU2|Mwz$Z4V@6IZem};utc;Lt5gz@ou3GT(64#UYCl7qpnV^GCH-3Q4`-Ni&{ zE9rZ;yc|~&#jBidtwzlH^obEEPCQ-^YdTumF&plfd!$gHhKfhgopX^}s zwVqy`*vhx9xLNUvR4bI8MTNt0T*Sx$OJ6*KYlzR%W`!-#@0E3i3GE(xPE~?&5u$dp zLIRPzULx&>L89z;A%$@MS0mroi-JNw*(16G>tlq4PIJlUZ->7t_f37_)|xXMIo@_6 z*P80C0O4Uxx z(pC9G28qs)KR1XjU07(!bQ*RVT%F>c9SE*miBcS0p@RHU=e0i$cYc|NIW-@((tv7aL1kw2J3f3Z-3O(Zg`9bpILW!iTWW_5-gJH8|4wYMbOGHK zb>r5u(e*{Md-zt1MPu$DZt5g`>Zwp_w7uPljDbAv{NY>E@SJl+<~MixEo4Pe^UoOMIv4cc7$buic)7j)^m>`zYt<_BeXa z`hMw(#n2vdj*@y+9>B-b?jw4p$9o~CJj!b!Cqu(-+VRS!V|Df{{G)O6pu(2)@zt&K zdnTGs)+|dG(Mfyd7!%VBnyHEn1qa{Kli4(}HVLql9i{hqN$ zN||b1^sp?D2S6d3y5;IGfvU=%j8>C5y@v>0?>8kZETxiE&t5zy?JpIz;%%M3Xu_Ay z=;=KW6w*93-k`Z;H`5`n)vP~vEKOc|Eu^$jMb_j?3ceP3g6c6fBS!Fd#9W~6%88L@ z_P#H8I~Zd9ibt_m$x{Lwp-F<3(ui62)q|RD2WQ&oQ;f)#5*`#apLpC-Ie$FB@_^9v z5(_(3-m}i0 zz6=bQw*85UUlc9nz0*HeUSKJ%HTQL>`$Me$l_ANy53+POoi(~SU)XGr8cm(*Gxw{k z-dr>@5(tyL%?qhbj>^s}znLz(VB3pRIYjii@v>N#36|bt)rc;&>0|8%-NjbznTM{w z#vUedTW}MRG8lY;F1|G>%M<|JbIU&QMlJQae8;NkaO{^@$IvdCYPYVQuKSaNNzN8| z>Vx?>D;(^Je0Mg}GF!8ylJ2z@h*wPe-jBDtV~}Q))e|8M4Vp$YK2K@J6)VKO^bl8- zU;E;9wU4I4KE?E3N|aylOqKf#ydr(vTBE^VR>@{}-*rlp=mzp@Y0Hr`8t$vhF$rlj z>gfVXBVuQ!SP12c`DLRVQF0cBj)iSc$%{W4h-y2n#JC*Zvt3(rf>DE(9=T~WL&|Pz zP5l-okV|WhHd?SRBX)g(?a|1W^J*3&UNQED%@#uOq%(x7qEC;m7gS19FpEERCNEEM z(Ld?oxEZWUX8B%pdNRdd@U#90+kk|i^`$FOk?MC|I2mSM)6hJub16W5%aX>tI_q!& z$_rNeF;S@U=f;juH`cEht&VkH(T6N5R@Tq1;X%Fbd^Yq3M!A(+o2`a?GSYmpGT8Vr zqDPV>gxy@F+_*w#rw%kuB-L>(c?EP`_)w@7Hi({`?D3@^S4US*OaTIGw|8~kIxQmtM}vS#A?dPsRK4|{|9(~{x(S8qsaU~4(4 z4mDPqbFJsX=bKPNP9||y9!&(-we!Z6dT~GVZL*+rv0nUa zE^*}K=&4aA9vcnlFmLp;^^P~T#pU9ReP&aZjZIoc&jhFPrtb;RXY$%8bvH`iyiD|Q zpIczRcuBFa9nCQEOtFQS-81u+w%~(yI_y(oTDmA72TEuUOW4^nk><2S+HaInCQ=5n z2TKh^K+O<|+0lF($V4%Nf;V!@jKM&TRCLjwd@^^#`QxXV2NRUnOZPf!c#*V{6O`81 zzY1|p6z-o4esDLipxE1@VYJ$O>6K-9v-ufEp{uRVtr`N8OGX!@Jq1HHq=_U3iiLY< zhI=6Ju=5J3SPuw{u`0qQj=k+VYj-Sjc!n{v)+@ex%@|zsTvWykM>oo+eV=_czs0v# zb8`IfW(-DON4Q%%J(Jky!KEgipZ_nXJKQhj(7Qp+m(@@;=*_eSQXi6PXd zBlu4m2<^hRnIKr?M-GYlJT|Nw~TycN8jxq>VdxixCws& zZ~=S)z-%7EA0DJm%b9<8>x%iE54_&C9ee7Gx+gaRW}*&cgGgZ zFt;WdUq^G!%wV2(kWJjX2${P$+mzCxkItN44nLSuu5B0G-(2iw!(`hVVsEy;fOcH7 z$Lf6FwSEVoIb-6~5^-0n&oTi$U8!AJn>wn-h3fo;B~g$lnrAiqlE{Y_la1+@FK6T! zhK@G%Ke*0+ciH0fDi%psNy5u{1MV38N{ftc4C(G$xoOqyD`Uk+&^^$s!!d&rw>9_3 z_!+&z*B!;ZqPMge)4iRS80^x8q5k&Ss9O`uli`P(PfiSGJYKD+w~_6f<5!%kxbNRe zS{)lPglq;K=jzzX{Z!iB#ucxh&#GqYk~Clrd_YiBqJT9x_tKN7k+0v@WN@!V;)-eb z(2w0<`Tclkk?}ez404?N*r>I#?7>@n;Psm8=}SYB#d_gx%w77mrLKNPBxZdHArq9% zSL$5N1*J;umPxM!om#tZo1@@CYt}9MP$X*aHCz=`Nlsar;fv;&@$D}(j$9CEtM;ED zkl-vDJB)rP6yTkN*DO%MG3LbHAY)rCL}7m~5(Vw^xf`kfeOvCKeIa$gH{nLZ`9aDr z?WX01FO)CiUBgY#nDKm_n^`5$sh3c6BmdJt^4@V?o~5$A%two(=i7>S*OD6bx$`xR zi+PsC^G6jNW7JAF`liiAdNmu>477qi4=X#9 z9BAj}*4t%g(_-;BMflusi|NAI<`GY|_feJ$?ZYY=(($URp;BLT!s%QEX=2^nmbqiw zl4%RugvOo9E^6)5y?+Ef>t)NEIjgE0s-SBBroW76wlV(A<(HZB>+f`KOxkQz#8+E! zC+K7ay9l_68k~I8oN9F0+_aqSv0oEpc1upI!PMcAdnIJo<8k$}(Ds8leK7;$w_gPl zOBT1umxOd4)5oJSR=|b^pV~)o#v+`&0s7FWv@! z^wls`#h2C$*~;Z;h*xvTy^$Q|x2<`?U(G=jD_~pu#I-KYu_1}(7QRNRKeTO7yYGj= zD2JRP@h%2tdO{#9|84zjoFDqyEOI%?m8QM^#-_fiG$Q7`LBl>Ah=A?yE{GV%l3~+H%Z%$XKpPoTz?Q??bl62ksvct#Qlwj6B~Z1Dr>! z95nmhAYI@Su^kZP5#RUjJs$4Oik%stPYD0am>xe5*;e+XF`NpxD~2*d!v7I{rUpj{ z1;0Jpb~GFzINQgAsm>5qc@<#$TSb8GBHspahPbcxfDc~VZ<{$<*M+eF<2QejiQYyj zy;D3DiDo_iy?RC!$bjvRzOC5?K@zPAV@8+u}+vN-T6?vESe5w;Yr^SfE?O+-a zi(VgN4c}%Ok-5A1r(?E3KS`Ch;eJUoMoJep`u@wH zzu|kkFA=Ek?>omUiHET5EURxr6WTf7)`hX{P9ZGbg+jC48HB|<84Uk}LFfYmGWTrP zY&dN6{VmvIg`*1LyHf~@e^B_7K~N35j5S4AymRmS)W}+ER zDM35a{F_A+wL9VLa7FB#fADuF1p)b9;Ly*_fzR%hvK_e+9Ow5%6J9f`cI!?1Bp77p z$mBHs$@njX0}yDp;S;%Y=|Pq#7-eVwAffHtjUgaAYZl?^=b8zD4f-z=5R%sSu?Y{& zzhL~^nh6K=W6e|rtTgOk1+13K?sW!^1YqA82d>}VvIjf!kVr7}pj}2AC%i=MlIQM| z3XHPL^p?DHmiSqcZfDrw7x2>1lg<{OzwOdoG&waE7oN|Bl^q?4^CuougC0WUy?Ou%_1m`(dXX%a82?lWqOKnQSTGY4XoBRp=qk9sAUbsl}NIQ{9BR zm&IQ;Dk;@IR$p_5ctX8Ri@Ty?*PUWIdyY6#Yn@-4sQ9v>-I2Nmo)4-RxUpns7YnTy6)k}$CHI zE-n4+T@?+*>sP4xNON!uf1D}OHk7XI37wweWo#^8z#cjVF(uq@j$fToUxEbbHe}bc z#rld4HetX2Jm=j}SFHwd&fZ^q0Cin8Uz@mcbivs9>nr^&&Gm)PQ{~d*_ZR)5W?54X zGrqJ)54(sNoiVhkTA>P+UK76g`F?2K=WFejVRPh9lj-!5*Os=HM$J}Zp>pZ1+4ItI zkoLwHot?Rtntz`fO_kc0$s-@f&SKtu*p6G-vDGszq{Ec3{Bf1;OeaMHQ~NNqd4Nck zT&~SgM2eBI&hP&6hmdsW?i|zo7U$KWKoaw{(1_9bD+OD*&nl(Y7YE&QxBR|7Zj7!N zj&B+4A%M2BSC7YeEbtC*C@<=7Fm-w4d{VC)9F$!1>zLb`c~mhu?@_enxAC!LZ(MBZ z%lRU4!|=MV9GM=%t;GDiMt!C%&=nOc26AuHB*!3(x9IqMy@6zr<$~ zt$2~nR?*IQ1QL0K5;*LPZ`c_iVJ(#86%eWDM>t4mH^Fuc1CYh=nN|KIJ(XWU6)v6T3TazW+c~e zg#XZdFV8$pq>F8|3z3pRFRV!IgeE*QQpIDB2@7~+(1fKmxQFbIU%&E)6oSRZ(a$j0 zd1g@5i8aZFBdEw{16nkos18k8EN2A!BvttAdjIWkqccTh;)HW zqBXFSKB(j_>NF4kM)s52vJh9mfg<~w=jVM(+L zfs#a_vIH)BLLYmA7fNjgrFI;h>V!^BtkDnvtR=jG#jVq@*b)&7mey#T8Hq6*p*=L; z#4}F>MY>o-y8u`D$`aU!z9+2TI>63IM%M^m8Nk(uee&AgV&$@i^>Jc{XqPCZ3$(XO z>sd#jDE?!iEb0Q+sISY>^U;?mOR`YW5D&g&BqPb>>T;yuf6<^3f9fnX4!fH96}*6i zzPF^2l3m9W?~^SZe|w*d@&q%KNG5#ZLL%9@6N!mrjwjwGl0}_hen6I6MXF;(ah7ba zxmp4h-H%;i#Hg;*$7FTW`{562p<_$R>exz zLvD(Xl)>jaKF?3Hj<6qi-Qn-Ah_^1pVu8Xs9_)Y5=lK~{d01`xGRGL{eqxR=Qqta& z)XG|}_UnO9o&H3NvdrmcPgMIPPQN-Mjg!7VEY}0iK$yjQgS6gS?&R8mCtdzTE3%1D z##tq0%1BAt6h9dqR)Nzbp1CJEgEPGH4zezhirL7We0Sh>w?9#}?1d~cS`$AR{YODV zl84sdi<`joKF{J>vjI9R$KY4bMR8{LM;yO|_g*-KRq8?xKSMI6d+@}eeP3);>dwnt z7&Uq_Xt>PJun+TA@Pyc2Fw)-V6gzt zxi?`kgtZIWjti#U z>>=20K3stXDhIKQjwq}Ho9|aMr2Wg)KUMy@4KBLr)N^S2hYhZM1)fV5-o-Rfc`ekK zIh1T4Kq8biL?A)08aT~wR|^v$7NR6{$x1BN0U)Ziz>k#(6>!{<3nIA}id&}j+K20H z;lt=K+=he{GZ;o526zVgMvIgh^clej=u5rh20~bn(GmYZ(3iOOppUbdc|ceGjkeK| z$AMTml$`>e03wthK&s)HNRBPkM?7S7?|kcEl@u56X#R+d2X`M4Q9%+$O*w+Z|e9QzHO44A-#$ z9HJTlhe{?ffN(`FL7=R-sSS&%gMoPDAuKi!f-wSN4Er`1gJ=J47)YnlwtdDjXM!(k z>k!<36LE~d)#*u0(9A@dQ*g5kX->nI!WZtZBtlZ2yh@^&ebvV-1D7dSY zKJ&m4Zl~iK4QJ9R55$uXL1^(Gu;H*N;V92y!cFLx_J60Ds{(*I3N(+uA#bFBDTP0y z{;CQ6reTh(1@ot13kWv;e`-=9xMaWuWb?EAt=YE3db8*7NGO&|7R%og`~&|x&1@mSV_Px@NTH+~2l%6o1?c0}Vj|ah{HgR2VtO3Fpzcv4AhPQ zxxqkzYH(8W?BJe(Cf46KhXR!VCQSwo$TS!FrTx#F^=@bJ%e2UHqCh6|djCli`X>-uyR!Wdq9}@uv3u(Mn^n*IBIOzKlS-!2jTrLaLK|kiY0|3{99{i+x#DD z|M!)l|5MaE;wZVp0!VPl!h&-?hvZCvFop>;b{Js{7j~6#6K0I^yYeEWbq>dTSYL}Q zQgU7oXgtW^1tgDu4g?q_n=mNPbHMC_BYdzJ74$pw`1KH2FOl^--oJ7VD?@Pi{G(9+ zHMETef~-`g1xP@{Byb`rvcn{#AS8hE4@_CR@RsKf2`oUt9R3sY|5zFN%gFv?=zoB0 z?F;6A4HIAdPkoWS23Tbx>>|+^fUIVASbPB%)93*4xkYiXFWYkmzUK+xr2s^B21%JnGT{_D&cHi{Wpakdlp9>!bw z)hK8bP|w^xbTPo`5d-R=YMV!aEK4$HUzn4E^Xf^rc4G9M6f13D)J`#@EY4;Ej4t}s zsAv?3&fIn290q*(O;qfUw$eQ~yjz{tk0MpL7}8Mp#Q zISeRm;0hRJaQ3|bNdco?Vsti0s{g<|)I~94D$Z5~tZe;ibTkU0fh(H;r+fyKC2;jr zmL-d`ugysz6Ik^Tqo0DTfK@lejEy+k2r#|Su&oR!?7ebB1q8)5+7nJ8+b3Htv8k zF@Ix6G{AD@o$12Ig?G8&FYQ=l zRDZqUVzs%P3;qk4wslpgY59s+5#*|W{)@Y-$8~!8kWvSTr=_%db5J|fZ}h9qbj$gD zjD+sgbIz5Ka~16?OJ|vu8jmwMNqY>GuPMo`UOv}udt!b$wR)Z@HPqa7b7O1I8D(r7 z3Ji=r7|ZM8Q^IM^=|uhNsO(u3FO zP>u?bqf((~Yi1fVq-#fuQtutrjb`~Mk2fYk)zvJnjNSUF`7HaB*={HvH^Syt;-^DB zswL}1g17fSOPz%T{a>#>h?dHiwGNUmXU8<%$MyAfK_7EOCo|hLX7Gm-ehRDv!WmX# zrRDvSnko0860^7^UCFPv%qSb*Rk1KBu%ZsurHUU;%kvT}6jbJ>(T>CV$xUY_+xl+g08g}d_vyI5mc^qg}Zp0uvM<%FN zl2#O{o~m;yJ#S5?Fhq;CQ=2P8yxgyHBBZkG8ZSdN#za>w#rws%Okg9F(!2pkawYthZEXtQQ^2xOlM{&eWc;%G1&{Qk81?UuFT-7&& z!oqoEZ?zKJ*XwhBu84EHojK+!sOlHAi7C`zz%QVwOtiA%otMMz?zCYq`m%LE)2oL4 z0b67nSu;+@aM`-}WOt=FnX!$kM&TP>;X%_EVuAY$I`{7#ognBdRG~X=iRpas@||b) zm!3V}6cI7FPrZftZESxV+MnI9@o=%h(2m}?iTwd?6n*f-Zo@=GCEnN*h$zJeTWwqP zXALqQiW#SrDa5F3!ce z9M~A+5#$&&KXou}dcKTq_r*SlI9>O}ro-0c#g5M9#%7C_^1~)#h8_Ge^Za4k;u>x3 zhs}X#nN#npd5eRA!Oe+*vF}$8nAz^pPy7Hfz>01G4Xk3X=qW#JT0DDDkcWT zVKB9k{ATvh8ymyLme<+N!N$bS&W6Y3lILhhNdX@3Lf{xix)^Qj4+I2&^nP}M$<&Zh7l!Zjtp3l z>tV(1drp|X;gk^y3aY?h5DY=+^4rjsKCL&p5OK&~0&LY=Y{a?-(j8AuGwm2HnmEw) z(yQ025Xp~cvjvh|NKY}})Af#!zJts}Pj)R67QzP=E@3ln6)wOHz0<`)c*pDON8%f* z8*=vjXv^=XzD@Fr3~JVIa1ohR@iBlSei!}oZs!)$P}^zJFYd_wWQC^5keHjDTW5x> z%ip<^*c;6U)Jf>@#2P|G7)m(5EmdMr+fwJBktQV!kq7((oxL1Z&+mh;*(yGyRtMBj zGiujwxDSP=MNu7EKD|*bIOKW+dMOQGYW<8qJ5QWB_j7~$rPjC%;^(Zjb8RGe8n^YF zu87hFUj6_4REq>R@EYSEPrXCoAu%R;^}>e_CvFvq6j*M%b$lyTe|lT_>$2DLByx{K z$#b^tI5N6!q4g`#x9ueXw$rvorMJ}bD)7MpM{^MbEYh;LGBLO&+Bx{sIW9`55|-8C z_A}4Z5ezSct~yv#64XE_qbi!rc00kLHx+5!BFt)AH(S?3j!#f;=dH?IGyY22hvTF5 z$vv|U9zdlO?O9HLt;n&T&nm)4i}X6EDqoqD$7&WTBqe_nfga_S_!gg+Z-EXEMQcsd z%3zNRco6%eX(4V`QgKt~Ja>P@RX9jT$*DFm`x-Hb- zK*u`wKh#0}+l8JC7kG~|&Mlt>zoV`L*AgF}fisMgPEA{Lr)*y8?`{bbK91rKNj2|6 ze=7dT7s7B`i*k8j`kquv9vV9uu0U5CZ#<=W9rX8h3u z4{)*-3Z329{aLPbYVHhWd1Z6_#^#dC?@+DG(ZB9-V)WWPHy_Myy=f zydvyDJn zP`(XZ0%8!Ks1rszP}rWraWNib!U7f0)YLerdThnMKXdoJ0x}wjEBJrU_5xWOzJQS8 zg@zOD6Am86Q^Zs1crQ?};oDLDrX&52EqM4WE#Y^E<|od*w7pzrMkoJ)vec^qq3^04 z1d`GgIy|=!RAmh2(sc|5;Gy=T+xXkZHNm8(NsZf0^7dRc@wJCo9~>d|0j`dtJ5%zC zjuoU6!m})FAJ5~PIhPW9#7OC%uYf-+F93d4@z>QVby(J9odT7QX8|9z?p=Bvo*33C zl)2Bdb|v{CdqfkrhwGi@#~9upmuYW}TGFy+?gq(eD{MpBC5^aIh$1Ck=P%juvlp!d z;Y35i_Y8maF2!rwsu;C>;@SQ>e9T2VBZr}KfB^tnrrde!kh-@776KOTdh1A5DL*W|MP!*`-1J4-H<8K|fx zlQ$6{IZS&*yiauFE`PKm2B3DGy8|5SkZ%(m@CW;dfIjL>Bzvn6TwUMsz-PqXE_ttjd=5G{6m;e7o%3KC9wNB>Vf8T9#@d{ zFzMF>y?agAz^d;L*#xEQHExqLOhHx-R;N^@O9dq*oOgG9As@XY-(_7$em>o2)Y}J6 zh5FyQ#Nx-HuG{u^eL$1!s^me4Qcr<LBADmDM znYW)zf3V<`JEQyl0)@Mi$f)l7o?R%!bRBVeC9slMk0ltdT!|wL)fZ9p#fTdpCI*7F zRet*A5EhtJ@xzy^GmsEgQix%($AiRD45g8#Mk&QFFarmRQSprmLT5dDq@r3pTP6wGvg@jz2k?F_%C$tdw`R z?hS~9Zcu@9HK4ei@AR2Js6%NxtH(FP!3bHpzB%C- z*zt3nDc8n$jBx+WMRDRM?A3eRP;N5U!rkRbFkxFm0-sl*ifAZ`-hI?1k{s>NN`Yut zz!wrm+0+c#A9Ru+rB7t0l8a@^(@H(rPlPmujX7Y_Zh=7mxrH0424V09b4xpThtds5 z=n|yV=2A|Fuk`DGEWaDbO5-C)ok^;GU8M6c#?^Jn_u#6v_85Y2dsDsL-;(t(G&UDF z+kbLsaFq#|;S+YaA0vdneHvwXx>k4n!ZmO4MXH@=aS?n!BHk_M>R%V!&6P#Ya~D-@ z4?J4fx#D1qm!q~k-OoQ=;pq_b#q0s0>U3J+mC!xX)+aV6iCzj)FBBa%ALw{w)#Zfe zJGWSnXxxx0U9@%O461mdmkp@mI-5M?JtC>dv_q9h)A~>|m8UejGZuZ$dkU2}(k*vA z5w5SZ96EDr+e1ZqL5wfnOH3-my*Eju*+=gMp9u4VT|0}J`bdorBvbj;RVRVu1r*c% z5CdLnk^EVzg9H52pV^TEoA=qkhM!^(N-#cwT?cT~USGc9b<7kQn5R+sh83bP=$EF3P5mexra znH%J*Q~U0$K5J{9#5y`qa%N@5l+3t!#G$Ae*XA7+EztzCyST zR2p`&Zm&8ez$ErbEXeq?Gy!U0*q&R?P7U5WUz7l*|M{_4m?sWyyGIpNSc8jT3UebI z4;}|uRNN0nTnc;%d;|weYugG4R`bVpq6dz^`Iet42HTe2R`kjbBN$KRYRg+f{X4%u zJ$@y!1ES~#RqxKk?aWe63O=fvJ!T+0ZyFz-aAfdvWlr2(*qXDk*F~B{5d0pS z9WkaLpW9UUiV)7%OH`(h(x17`<9>Ku+8=jj;4#&~yW-XQP3W?+Y~6xy3xzu>Z387+ zWyDDXs`rV?Dqzv-pSIN$6?UBrgqPU zP>mjp)4P$<7%z)bjmk;;)F(&%E>Blpsgw1>+q)BXO^#swAk~q5A`U>^K}P*0P3a}2 zCPI7}04J+1lT=2jU1FGm9!uTRo7-?i+4^EGM%#|VPgMqQ$Ve9UFsf!)c0Rn;Fq52e zjV0|+Nie;pya|2m*slnVAqR%+9!qUgP3n>2vuE2}u3dW-N!yP}jEW)}+1DE=s*`v{ z*^G)jxeauTCDucOY#c=N1qGmyIaTVWRH_mHPc0rCvH#Cw!ikjT^uCGgBe6~hTC^J3 zqy>!Ys)-vY?9NnUc+k}TT#Esp&)yg8r2YF{Du=_AGjHt}^34pM#ywl(3$)k9s)w!{ zb)Q)eCr0n%W?~|Ho;MP!ytKLW5v^|c2ELv=eXL~c3@P7^Eq*<$dMHsq{7wZez8FYk zR#D?bQ*ad6l8ueToyUuzUqr~`iQPLWu+U2Fj)y&r`!@){S77#843z>{5E!Szf`ENn zRTy#pZl|@QYSl|7vbOtW0=>MR+L_|9?dXhBlQ(V<;=uZtGyAw+M<5-XTO&1jh4pMh z1$+aoR=5zvWofP-_-(X#M@9L&TD$Au6|kwcxgnsFe!y9lLShm~B}nAP7w}z5cR750 zj6t2Z;)TNN9J-dOaJpAdcbjv^G)JK!i?PVMSog`C3^S!G4YG8iM4M&}V+e>FNdIxdWuWju-_)I>X-smpB6El;7t>WK+?#R zNK)?2hJ(}O_FneL)QoPVx{|TqM0OY@kMtB8MoN&sZe;$*7LqQT+V!X~qAt2Iy zIejgYOj2B^6AlKB^QKzjhJ#1oiW{CHlf<9%C0n_|!CsPymNO)IqGY!U%=gslCn%D> z`{6a%&Poz*feT&AzTZ#+n`p7qx|`npnAJ-n1m9_P864K?At&>g=++q2QEImr}KovQX)Jf?{+bP^qF%N}}btNDHbBri_K zUZR5t)RU~4ATK;#9&T6?p}!D6j7{`M!{+aI#zmDu02I2>J7Z$rr|@D+XveD!(IW1G z5npsWXXhhn$!6z|)=-lQ({{`AgL@-2G{au);ni$%l8&#PnUgS`^xGKl{{BPv{IEOz zCKJzqG^YAt@zG!#i%7CkkT$hX^yCuP361q?6mV~;zWJrEiDjoI)gkC`&Rr2uUbDG; zLJF0<1k77&iI!!(9n-AgbuxmR-`+OacJR&;2yS&qYGZQE@An4%X}8-E>DaRc_Yq7) zdcTLCziw7nG&W`Xuy%JVxW#{t<(j=Woq;&G9NH%AYG3ze_ob1m%t+U3WTh{JZe7au zxHxtIT0Rycb=3lgjY#X@E&(Q_WZck`G<3(}vxyt-}VpG39UR z$NiTs`{RXfOWLpaH?+81s^LQq6iB;lj3tX~g{((M>uhwt3NFylAra6Phhu4d!SG{@ z`i$;7Z@hWOSF;jA^M@bq#7_Gs>2Ks_P7vSQ@CHf^s2jiAN0APaI)xWMMil(}NFU(4 z^2q_HbxwQJhLBgF^Gb8a@8$>su8Xl^uCDXX-Zv=O_Ie7CV=;OH)g|Z`MI#>P}m{CF;>{H z#7T(Kl>l3xf623c+|>8lQIN-Zuh3436OFFX8~;_%Lw;CdLIxy2cP09-@x4s%{jtm6 zy<1cfz9riw5hlCtHl!B4H(h3ZeGD+07O*^)t z+?B_{HF?!kk+n9GtWcmz)%K4fJ|L?^v=%NVTMFJ*^IZJSY8N+!bnx5Q-ft$jZYG6y zT^jAC=y_7g+jd5eH9@`Chdd5%>(+;zysets+xDU!*DG5GR&(0hjwe>T<-GV2=?1** zPtX2@7h)O%2{mjA3QVGmG47rug=Q$mw&xpu&zm}Sz7LpQUh+FA5Sy1AA-h4hc{;3F z@ZDb6y_=73&2Qu2V?D5ge^DVtQeyuYp(Xo)HUc6rcw_v#rgX97M3rQRGZXg2-yoXJ z4E+^{9`_5D9dfSqWCZjOrjQ~EyW!LT-NQ2@E3Y`~;s%ACOdZtKlbFhfFV>lR?8`QE zrJHyTk(mo$^*esu8Tudf2CkVhFV|kZo2r18?qE&*^tzAfuuIAAgw&3GictfCZL=@l zG%p5w4qM_WP!b;!JZ`%m5j>1Ax^ZH`(w^MSTpQn22B{yW!OYQn3Z2^Z8)tgpb4UGi z45ltZUeX0r^$Wh%#l1gB=v9LfyroV z%P>PL21AtOir3UHMgBX}=2S3swo@`S2nIHd8Ajy6(rizz=WlBZYn1~ZuB{Hcy0v{r z=Qqb5ESSWCzyRdE=t;}oo`}^!a24Xrmh=Z5^ht#$!Rrq;ozGPo&vrD;iUh0exliA~ ztcmz<3Dyj={90B&dtmCgPkYr*X{@zHu2_6|s_UqdCLhnz#7NXv6cRzlx8*O$Le$vt z3-mN@JBQW_acZyqMlm%#+wwhPv}v`>vf7}>^>#V(8wB21e2rU1)>-a~V?SEpEl|Pv zvpsv`WAo^h)ZQ9-f%1FEVE?P*uE${?jf0^Z6$+j3Q%lu?OJs!WW}`abky~q2a5yX_ zF546$jZ96MulKK^i4KY97B~LRO97_^>YLFqZix+Wn#aQ%V#XZz+iw=8#Qym|UJ2wK z4vUM+2Fr+_!x)Zk8+J@9%I^wBHY^@ZQsPc$lo%;#2W8_$r)^|SPcJwB-8ZP$Nqw%N~g{Tw=TMu3nPeK$ul+Az}0Zxkb5k5rD?>`Q6iIZX{ zv(IWTqh~_zlcS*%tMPL7K&1F57YF4}hISN@UBdD+#;$V!MGfo4=L_Nj>FurqyV9;+ z2GT!irB)FuNk6q!8!zw2GR(TVvClM6HMEm_s8x_WdWkAiik3jn&(|NHAFXr%?+Y!f zCjwxTbI#E2OMMfcSOMb)m9F!^xwfnRo^ls8uvw>PICM^inOOy{30zF@uR-2or$J95 z@>dK2IFr;JEl2&^N7@*&Z@oJ>eTL>|HBHwE_I z z{q^ox9(RO}aXx%(f-=j$23uNPmZXL~s1Vba8cN;W86JUhO=1XswP=q_)#XGC(nQw! zA77oeFs5Y8@1bUNPsrzv&>ND~LpX+-{QB};!2H1huapYV$`3}p!bR-%tccw9*%HOC zn7c_l&`$CrC$DGjIGwzCa_Kw{FFzZbTajtLUutx#tmB_cO~t_HD$?JhF5l>Tsoj@; zl3&D4K$c?7@?%2}I@qWc6ehyYZefTikJT4|^vV}^A|a+6-x#-FA{s9PgbBv;ccV7{ z|A-U7B!g$xO_kr%O9gwwqDBq=SPc=+8U?B6@y$={lKPrwS)-EAtsOY~W`{g0a5N8) z9aK?Dups4c)D$}4Skn9ABTtw?S?}U~7Urs}-~25u(GDD1SLUT$+qWPX86fh@HiT8G zUCHdC@K(ZMMH^kJ6}Zu*9?i^6C_jjk*#USFv44rczdWG&`GarJxuIVWj0X^z9!iG2 zamRDgF-w)*3t_O~Ssl5LbA6hiPKv^`X;X;H74p!vc(ngwSlQ%}dv;E?Vk3twQ6_Y= z*((3BLJx(xb$=@s`?BX3nB(}we756GjAZ`95zhrDoNj{@DLLK!O?kEU6);vkcb(CD z-P2Xruj0=1$L?G{2zbEeZD8LEW$<~QVH>@iVsMNcWEFhYn2EU%5+;`B-#U+AjqV32 zQPEYZsg~EEzJU|#pCxmWsNT+Il+_{(M#AC`L~``Sm0$vC$9&2oPJ~1&qH^*vrM&5m z{)=l}C0asdK>$n`3j;Re0bbCS+GMgGRoux~Qba=C&MyW%IP%Y2A2N{1osWvpbTa3; zSfuo}H!+L@$xaX^X?S@0tk+DE0sjvCW3{pvlYy<=yH%Fn^K;S1p0Ez+_jF0-$~(`Q zKRmxjJb-g#?=Ty#pN?(ElDrD2Igj0S!3zp8m0$U-0kAcMMgk_xG(EXzN0o<$Pm$3f zG~>?=>0X9%H3lEEs$8aBwaFcy{yChmf4=F!BuoEUfDe+2kAlJrNH$Z!AuBWybgR5Z zRv@D0H$jKc@8?)A1O{`?1N^*ZSdOhA^|F|vE)m>gEDtkQDU=%79u7g$IK&)6h@weB7tFA+;e; z_uoiX9#6rPzh%Xehb2^p6Fdm)xDvHJfB38U_K6_K_je~XoUO~sP@KDap)!msbp8@3 zoWitw6NP6H5a^OG3dm&7Zrmb1Qk-+Rc|bQD5N&0dwc1n70msFsZUlZoG0SmM7Nv0s znPCtO{f+3q#y>u9^anL#g^gTLc(Ac%AF=vJWTIGI5wa(xYSan}#?f^vc4?WvDPPr* zR#sUMEc*|jQa$sjVX;#&O>~3TBV!9aA`Z18TvaZ}`bpQ&sSc`~wWGk6U)Wy;+&i|7 zuiQ=^DwS@a)1dU(%_yw~js4}8+w&Ts2I=01^LhaCYK%iT`&`ldST;9&9ioQ%TiE+B z_8E#?5hg1AD=UWRg$pqO0kNk-Pqv-)e5d=*J7&iFDFO#(c%|1^;zT(}&uBj%WM1Ej zrt}aDhZ)MH9#M=rf6T*G#Ue@sz60zLVLQJQ8Q+c`PO=XY{M`<&H*LG3AhbY77Sn&pDuID;JlF5TqV1?IPb9m_)-<6k}+Rf~(riatcM_OSqq`rlpQSL_iOSf0OD!LxzD$_r-jxEFbZT0=Ee0`eCUXyEnXzt*$cIVey5eDg+ zb-?XV;TbFl7JTzWTaLy@7yItujt?-+q})4JRCKDWJ3H6gJfHz?+B5P;k$8tmCZ`2tXc*^g*~KLmK7l zvJx_B&qBq5_nc>U27>&-;!xGU$C_jsO+Tve4&|5y6*N3-73S}gD@8eIm1={ZM zCiAeCI#rBmero!#;?;3bStg!lGm~@x&zT(R^1wAfT*}ge1kk~?E#R)I+>bS=rNHQc-mML-8G~^YnI<2Devf9qm;X?n%^S)Myr5AZt^U7(;sj5lb8K&tVzUH zHG7Iu<{%#$Wg@h7m6nc|C-k?g;QR=;MJ4hL{k#2FJ1rm?Py`J zhUArIqTM~4bC(B_>sMz?DnQkA@=D}Vu6Mk#xU9G zjR$I~-H=zfAM&Q$2b)w`<(VVdI~lt4LqnXHzbmupuiZD@?tG=hVr0hDw zIEtQSAC&qVtxgUpf240&Z>3@BQNBV$5Jn@Gh9t-!g=TIj(*(zF>V?oA#g~d%SBQ~# z&OM@Qf(8+I`~>!aBu`(GO-mvzIEsP1Z3F+HLxz%*l#uizs=g{T;}D~lGLhTnncFe` z-UW%mgMaZKkQfh+&UHwRrmAHBEVtMklS8A2kn+>X?z`y_{i14Nx?9G#?Yu3xtIo_z z#0bS@DPbDS7l?FOXTa z)z@uXr(lBl08Tq$bN>dD($MBL!$9YjA{lr~`nUx|GgwjW^0S-h zyW@@?P5ml*T9(3|sN1w?iOqcFsK43+`=BBCR`~5j<}~WR1`f^*1+jBRb>>`kR=A!% z&gp$vDAO!X%sbf%;P{|k4U?w8|K&^mzdQ_`7Ux?bR1`jJwffQz5HCDj^Nv2T(iZ=pV%X+}Nzy+`K3 zf$2*H{}f8NYOcR;ML8VMMo*&3;2+{vrd<;9XY7MS@5Hkl4jeMw=1Z{o@^6c$b3tPj zTJ46Uw3ZJMbW3i=i_bwFt;GCyeQSSwt*!dzzxr*Xa#+7>BB`wt-&gTCiv-}W&~XCS z^)_zHp3nR`TnF?UA*bz@mHGZu8Iva@e%C3zRuI%M{rURp8WJuge&k>^N^*4io}GlTa`-mhMJQxcS$72EYw(x zF*&o}SPvJ|=|7YKG{tM+?6hu33j1D?R73tj(i*=?2Y*?FhIG~XTVW@K?(Uz zPh$Li`P~g}?KhpmZ^1%xm(k_syvi$n)M*tzN>DyLM#3Hg{wDYBIAkIf?icc}Z=u}P zs<+TIv*F;R*qd=;o;;)p|5OFevq6H<(b#WxLordsxJcN%T~@ftvdrqpN0J@WsHJ(| z%3|SaWKp8juq7s{t;=w=yGq|X3>s)9MvCjs<0{ z2PNg%HRgrw{|?fwj(L~r=23uWZR}3X7_iZtnr~RzyPEr=iTW>qN``uA=oi0bLt=b? z%yh>c)Y4v!MLDxsV_hslj92X`%78<*{z~G#AQFRmgfGw=6ad@ zt%HGtNB!vDC|fd}R2NNBo7E|SkhAj=3zNdh@5Vtz-M;BFO%>gvEX)7v@<9fA5_K8J zGs{mkZ>ZnW4#8P84=PtxVxr=WsWWIvurIc-f=c24)})_|jS}LmqZK*1x&W~R4Ps!bmq{urjz zSt^EIwOsse@Eu`Jo@`=4I2fQ5ez{Nl_lRmn#pmBGRwY{3Y;}DsuGzxf8H&w%jGz8< zEFhPv{Eb3bc6{p0#VFiovBN3%3ThhPDj;7gpHIxBA0j!hFL$+Kk!l`Mh44ioCrEH~ z`Ygr3j{=--Z)a*rl;`PY3z8UV+9Uhdb5066@5M$yz)IXt)}K09?-hDb)m4~7q>J4+ z*>#n~OLiKYRk3vYz62dA3O6JE2ibtcS+G-7Dq87Ko{64rvDOaWj(N(`wIpu7|G2h9 zERFHKQoIp}L(!z>GOnyeMW|KX@Uf`L?w>U+S-2Ho^6_JDqW_(Y*5^BWC(Sw?K($)N z>rE~wrcoQuIA&99MJe5{p9ED6bNA(cl~QpQm^&&pB6p~OoUAUkgk0V*(}$ggBER^9 zv~hD2JwGl)r0CWs{}y8SWnbjtY@;iMUh{pd&T3&K5^NBmHz8@Dc8m@~OD@T8ztm|% z)+(n(c1zTTdof>%Bm#(t>YOYP{WFAo@~Ufk6ruZ@z`lm(OG8!603{Jj$?b2f&02~i zGR&a&qZmxY?CffC5jVh)DF#REQ896yR)NdBzeCi0WB@tu@ z@u&?|(UGY<>Wvype2pg@2W5Ei6@AlPrCqw51)7u%cA=^w*suRPle{qY7*@;rLAgcM zU#K`ejH4=8EH7~N>I0i-_p!qxU8xg?qa2_5od~5}es_2o0?mXuCKM6 zQghCZkt!^!l(w-lFbozIfpT*k2=P=j#IZ0$2j>{5C78+bz^&J!1%^d-C+oL&h3DR@`IBGt*i12>+5CiJ~a0P4>tBBqof(860QEx=nyO;@X;9ytFaiFJ? z$cY3(6G1{xTO-~;iE7nrT^S5SK4iIRyO;v*9POC*D-Ov?xoXj#e_=yE1YQmw_Jwh` zm%N#Z#Kk^bth|b(lt3|TR0rCFYk%F{4MhP4zI9b&GhXho>7A{g1g{q^8I#*5GVKPa z=;Hke7L!ts*fr-O)u2|Iq>|A0}&?~GJG*7y|tUo3(@@-{L z!}EuUYILHKh?eB`Bzxq0i+W@2L3Z7@^bG2$6c%pm7QCsuAz?W!qaz9o(j(vg(JFy| z8?L`JXklM5Am_Q7MHPV^;EYDSaS$mYoU!O)-6Hvp!YOXD5RbyQeRTQMH-QvFW53=G zE<&3T_umtky@FkN$APsJZ}>Q7R@V4)0*X(p9iIj2Wh)Yd0wf3m9W%C6u00$ ztQMj;aQ?mUt`b9Q0VN(J3Hi1w(Pb#g#bqMB<~oF8njxeR>H#OiNRS5i@2`JS65*6U zSj0`}DIiSTWx#9kLkZFWgmAj#1HS zQ)FoE=C?Tejn1+xQM7O=`NgO1%&Y!vGY9~l;n3vpGO)lb_5EuzaspGs%-}+i4*Ca2 zv%A6K&FAG5toASEgpqWfF_w-bP^;t0g7NyY;w z93&xadpC~n`@|H95fPqG%SHkE*hhz*BsJ|38a903P+xweN)>uOP?H}Mb?TCy#L zRd%UoLsp75q~RJuwXcqKWBq9ONo^}ut;b&4&qdLBF3=0;t@%!U z8tIFHVRPOCBE4aWall+p@=JHRTQtLDCD!C^F;KGy>SLEM-lN3NGHsR=QDQ&{bT?Fc z#e@CdE5|mE^v0N{aK}2WT=_*oQ3?;4tqds|WpchXoXAUB5cQ-`BdNo&CXkK+iFA81xUv3nz@j!#xU17c!bYQ(=787v7gv&=~gkO`OH2psrY7Y#sh9@GM$`ClQyg{wBYtD9mPsef)yPOp+ zWY{+qFP`BpHiSPmHXm`e8<8T%QOirgBc}QtGfh}Pwd!lI2%;snoi{}DVw(^-t+n>W zaD8q&Y_RU>HMJgQB1FJD%+2wP{a3 zB+)bZG^)ORk~0k_*fROs9S!5cVaYYwFq!UKLZ$6tOlQ{98-Y;P$QebX6kZ*>!eXJ7&)Vn6Nl+*Y@@HC z$7u*|U%{@A!@!3r;d7~1L*x-+Psw_LFUqlFX|T`w+3<`Rf#$#!u*eOEoYOD3IPj$K z`CqD&=Qt$(WS&wJm(Q1^$4U-E+itfN4}VkFd0(zil}nb6q*r6e3gRcSJq01F6%XkQ zxp;keg|)a+|GOO%UL|vz%E{BX(EAv{s4!W`yrcO%BLN0HEUz90B2Ehf zWYVwPK@mN#WNh-Yi|RwtMG;EnT}_O&3L?NW#pVSTmanT05zdAG<}kISP{e8W`~_JJ zT^1+?3^NBc__Uj<+FVK}*%9=q^-`>;aG|dpHkGQJke`#@SjZWI9Qcpho$&~-e%Iwk zxq|R}4|#<%t(vMpRc{{wEtb#GuZ={ALl7)Tm3z|p+wUjX&}!Ob9`#i(3>|#(hQuvlALa5=M5;eue^u&k3v9T2 zJLVck4HRf0NyyOs*y;>6O$*&!dg}MOm=$1`BkkA#^cQVL!H6R)gWb0~5j!&j86R%_ z9i4gKMorts(%&WQ{92k@_PAK=d2Dif_qFPEYkK<`ZcDIB3;5W78T<563?`Rcfw=rMpz~QTQIz@V5|9zE1%fX(Gg? zjHi59qOoDVyspK^CzfM*OmU~QP0dA_FelKD_2twdi3=feD))MP|5RmFYkBqx-;gg= z{%4M^*J84MgnAlex$&4_a8NZ|8BVuGLU$(i5GGhxNs+sx_>tPq7xiAAjsY?EW*;u7c@@kLtm{eNu?!D+ zUzYkDvB}P!w#BHJwRUx3?l7oHS>iw0?-b5$ls%urZQ%(Ugx{M&B1&~S@nNL3oWOt) zrkD{58!-MOF8!b^Aw~|P3(pK2a8wWrvfLj`fQB%umHF+nS4*S8*Z<8g+^+?2fU5i( zbnCN{Z?#BgvIQOpHnpV91l<8Qu$~KUclQTq1%iD#T1b=DNoRwy)S7V=uXFz)W7!7* zf@}m>WS=5ThLs8w)h@slTTsg;aHNg~UUu+0QasM`J(IfcdP9I766w`7%hhN`?%CQN z|5tO0pZ6rVjjjvq|esZ#I{R((_ zb8~;iN_N7yO4W$)DTZXK3tglJtH~&m;0FImhErgQ&3Ftmg>R8pI@b5U*0U2*iZpu$ z0n$6893deB{dWYBnP=%8=oc+Q#mXCW{^8rpvX~zVH{Nfr`7dkRYt@qSbWh)s{S2CXaV@o~Xe1UUA#RerI@Ty0RAXqy8@x10FSv>Ga(!)&C^uEBK`bwk+^JJ-kj9IGb~5xaV#y@h7~$?uPa2$X;sQ4X*T zoj@aRv9~Jx$SFTg)ibzvd~||UJ$Wmew0hUD_S)5T@IKGG_52MWpKcrP>40*8E%4ME z-nYjUd!+5SD_Yfvb%j{TDx>kkhfUYYhC^v0koEwST6E(_dyZmuQ<0nL|12DB(zLf+ z#Kj)gPF|EDV#bKSl;F3XJN}YfO$xYVQtPV~9_y}9Wn&oRWWw05IH9l4DXs5czM2(* z{uO-l7{}lR4_enXJLVG3KZ`FUn4TifBshdM^b5tVBaf6`jon_uvz?PuQ5Rr-${2P^ zXf;EjQWkyk9T!{j%|N!8-Jdk)kb9U2eGhrN92GYg?fje1xt|y~(@8~4WYP>h6Ppz`+7`KUU}<=#ig+8 z-L-;o`6=Lj`67Ptgya=3?S!$mtaMp_6bTP)bYuFK;b3<niI-9P{`Lz^=G>Xt zQ`m65)!^BJ9wxQ4GrEZ7LZq(J8OQY5PrJ%dVRexTkP4SmoDS6-hbi|PQfleH13?~L zVEE#3RHtjJHW0=^K%2pJCTkn0(lGTc7rzNWt5+;Gf2?{vg;q8T8=gpenk6U15#%*F z#JzrEzrKoEAXU=(9<;oGD9vZ%`H95{3vs^CqWqqj25dyCb4Ot;Sy(+l6>Kr(TCY7( z*+*+St#{JX;5kj?1B#LUa*lkW{>Fsg#{cxYu<_Kk$f zN|-6nQok-bfyHW5dtU=pWMg$5OvrYh*;lpSn;Wrv_4qaKL8wY9yUiTX`&aM+^qbcuGf9SU@CNf{JC z(O+yuo*Q;~Ff)BdtTt#PU`p2DZeclp;^Ys}7OnrtyPmCdN5|8A8ab%+rm7DKZjcvI zxWYWAq&O&?Uk&&et;}X(j7>YuX{>}xGv9ysrGO6ZrSaeDC-WW7w=zfJ1^wetHxBlr z(3+co{ZKbF6&H%{pRh!cAvQV-X*;!1UBkI9b}NG>>1F6>>uMpB4~8eqeo?2V=C z5q6<6S**3Wa=3Hvyu9|L{N<4z*_?QhZtt@E@x|qZ!IQ_AC+DQoi%LD~vi76P#h9D# z?5k3)wR@)IO)4T>_p6@}HxK`~haQr29P4M;RM;SdpV|+kl_pVC4&>HAWIi*qY9n?5 z)@=l=X&T&zsjvwMfv7SHt}AYYymn{wtFLO}Lo+!|=jVl%Jum13Ps6>6g4KUk~$lLLPr+Ya? z|4Jvm8D06ngC(A~68bDvsuUeE&m-Py;ht*Bi?94ffkH`7)mSbzz9%@RIMQ>UQm z>rl79NbzCA!K!o|JkUQTaChTBBB+HSg@C8;=H>tjAF=aewPhyx_M3)nbtwg(%fG{s zlX5PA4GUWaC`pB`J*VRry6{v=k8f`#&$m#YtzMv*WyBtDGP7ZXjAsgJi$MU3_tz5Ei10O!GN_xpnfdA{S`y+VkRj?2n@Hg zttVyRXx$Xz4y#E#SbDv5-urJMgx>zs60K))&oPOy&Y(<8Q;&`|ROP4MkE9_g_^d>2 z8lplf?B5@zL$m0>S1yz!cjrnN%oX>iShoWF&LGj^*2%gin zm)$e{v+Q|r*p;t?-SB91uW(1infk>%)oY5 z;!{#+L8DSO@m*`5W{<9cioe`$xPd_N%|R%Z&$o*9ep^J_iVq(VB-gjDUJ-jboTb84 zya+uvU<@YXWedAauXo1PSf=FUHV4d4LCeN}o|RQ7ibUqL)bCqV?6Eb-pkZeIot>gD z0z>m+=pRfa1+K7z0CP*m{4R;Aw~%WXtF+MF%;Excs{es0Fr4kT7&? z{hMv3DYs3RW3-xmRgg7YJ0RnMupgver8C3O$m#j?+RygyA%2WU_WHmskuqBJL$CXj z17G(HW+8uD5V@Z|^-t?~E0*unpKPc}wj8po<4A+|(Etb=@>?NJISmD{v+oqOdm9|* z^>>{G!i5N*TmoyRio_qxm^Pr1KTFdMs?4&D`6$AOb|Gcf*z^Q7VveG8Hicb7{S$Nu-2uVYrql z+e=YU-z+-^yr}4FMC_8m3RNrt1PF45pVYe*(a$^#=hRH(LsJZ~LvQH5e2a!v^T7Z9 zKZ0iB7w{eYgW`i_Q4(RyawL?a7Zt}H2p2cVSg>64%*D>p9Fu9?{1X%`R3`@&N=@eJ zefKO_?_~`2JbWlpB)Pj^m;n3wo)Nf{$}Of2A~e7nDO?`D+OYq85Wn)p@qd-h-CS;z z5n7aONvq6I5ilCYL{Vs91%#RLB1oBt4!lN6|5p(IfA#RswCla=!U!F*U-%cO)xN-r zSB}KctB?Q=KKxdqLQnUIe8jPV@X-9(yUjbY3qr0%Nm1#h#Wz$0X)mwy*7gF&LP|}L zkm2cK@%vpGtr;t{rlKo|si{KtDQ9rrZyiLM9%d@Bz26a_1YW_@{jEq*=yA9WNhrCy zN*Q&f1^jSY&)HIh`1!flCowf2#d5ctzoQ&q6c}7cTaXab>O@jE6Ni z1uw5PRUPW<8KGco(KWUO1}35Yc=1nA`60-~$#BPy0j4vgwF%?FMm%T;w9#dmVRI`s?=p2_bnsXP2Iqd1dJb0Qqd2I}UpkEx z;quc`oBJsu{10QW`PU&6KZa4U00uYbt^oE10{%98vB5x(B@BvneXmbdd90J1DlCf( zN0DGmwIw0~L({T4{-9ae)6IdVdRktw(2YJLDc79A4MEjF9Ys@icw$LNDrE_n?&Uef zU$VWC43ga|wGK3;C##Y8c6)gLP%j=lTKTq)*Y7|3~A6g6)@K?$v^wB2ueVPM`)^GD3h7 z-cm7Va?Z8@pnQH*ohwQl8xnwi07n0RnEJ}NDwpnUk?!u2?(P<8*))hC-6h?1OLt3m zcXvy7gLH#5NH@Iuc>a&){WQP*X|H?D%(bqSQwLMbN{V3k>w`WBEr88K^v@!S)xVR) ziro`G7HUZ*G0#==gpED~6Q!!HPE3bXHwfz2_oYSp--d$gnN2?EgO80q_z#P!q)-CY zJDeUhEf0hvw6V2x;g~CCMb;4e=ZAI@wA$SI0B|4Y^!LLmcJnx+pAmaYT}xu_LbNS9 zL?#<#F7c>oKON=r1q#>Fal4LEFJI=GS(A`Mgv1i|Ibm*CaLLm5P{NFVkvoH;7uY<= z{w$&f13PE}DZBK6%B<0Q2N*wF%ihUOsTqCAQL>Za?0U;#TLO1x3nb0V)~L(@>^tVpS?xdIYsbnR&!r8~tS-mW&f2uR)NJy>i{Bb>u;@~1eL0eswxktDcZ*NORXbkZ$ew;c}5@RE7k z0wiwEx{q~2zmk|%OaCg3A74q=s z%bf|qmZIjYcE`H$$u>8igxz) zZvnvp68on1FS0G|wie|y(I_k2N>41puf~XBfdYWtplYJ+*0M6`OQ*`_F|h((q+5^Q z+@)7xWCqgAK8aZ<(#z+ug{Tb#-+EeB3T-OIW+}4OZY=E)lML%Tv zD9I*L)yh0$i5$1cuW?tMCV6)`y$aE8I0P?)p5E?pz4s==El&ViC zYy#kiT*4e;b22!Hl#MT_`yM8PaPso{M=6aZT%Xz-Akx z*VsxD06b4X;{oJ@;`qpEy&)Y~gJU&SjrhU$k^W&h@a^bu5EH8)T z7JTG70=Mqu_FHG5`>Kgj4gZ7_*(XXJ4{MRi((RZ@SjUX9y_ebN6m@c==z6skmZc>6 zd*Vss?*uK)we|d`e|m902taumkg~r_zWy%Y!@ka|24INgY;|$la`AA+wr$=guyF5Q z^Sm3I=dON24%(ye^dSpFARn@Z|C&WEd%-CF#_!H3_Qd9W7AiNkz6v~dd~yLZ5EpWY z*y-&0Ld`Qja0WZSZi~4|Z3yZA_VIc=a0cO;YSkN>XY4C;5DWY#QvdwZ2g1stGyZ+m z97h~S7r-wga{B8a>pIj4&OW`pR0~4bFFWja*m$WIEeO$wR;iyWe8pfeghdmv31f^Z zq^qTWL(W&cdrR93n{K5Jk>gWU443+`s(6&ssW}wnsdrc3OhanfEWcm*kk%P^f?&U=iVT(*`d!LD z62C>0|3~6)el)RS(lv#_g9YT^<~50i5{6(azG!0D#fBt1#jVifiZ@VL|EdotU{;TY zS4INsui_m~!5~+Q*{z_BQ`okJkk~IlBEW6p(*a?V>Q&#E3~+9Iiw_gPfs*IbHIn>$H(DjKdimv- ziGaDe*V*2$)W#;H)8I*Yaj_NargQxGs3-;LjQK(a&Y*YMHNN#hO0h}1YD<^>mrf?a zB=(&gf`NT175(+tn^@jXQz#6-HT`G5Bd@H#vsGeeOdNpq9W}8UJ^~;`Eo#3S+`mU@ zJZSpVlo~qdOs|a43!9SQKX{6~*k-4l>ZU|qk#qnlYLCesucwl1et6-NygvrMPkWFK zm#I(QwqEZ@tHOW1i;H5H3#u_@mdpCNd2m=>nmstsdZlndN8>b>L_)l;nbaJ5mp`65 zv&kL|s<}Z`J?K!l>;{;fe9_I^SGmRMS=Jz6qIV2-(Hu z9W@nA>>kq;ceacnkA+*RF(9+IjMYkU6omXt?K4SZMc-Y3VMWg&r|nIKd5`aX^84w7 z^-bJ5YK87beR{a{?!;&#I2I|V`eMHWwajBg{t=bhXfbm(x)_k}p3Q)t!u2r7<5$Iu zR4b)`n(f~G$)Y?O+5*>N5Ng7jH&04)pc(9_u~F%F5m1FVvWw0iY}jAW_5s#sv>}Ab z5hYgUvLOVAd_F^lRT>*n`v$F9NQPO#y=4@soOj>Q4H#qz%=>WZZ7vay2lR48=jRX!i8v zUL_J2iW6bK6#jn3e^SVH_Fljge$?%zdBn%=yglxi@=4)Y+EWdphb$E7(!F{41Y8Dc zbrok2lMq$??%n6uZ2VjO?d@)_x4+yqCE`Jm3ptnl>fUlwnYpPud}hn{|7GV+y2JM# zLm$z0u;R6*BzGdYl~uop7VOdo6Xo{r(O5~nB~SVfq4;7!L?-_r6lJpv2#ipX{`0_1 zz>rym{G`8%Rby9aE+Pc{s^oXS`rK2qQufas8#Y?z^6heg%q?Pz!9QmOlhw4IebRjD z!tMpm2yqLZPs)ES!8j{lSwL$rL>I$4lM|1@y___5tr7!Uat@|(9gBL$@QXH27qg9p zzctBM`YGGZB37--1TDguI7!bQ8b1Ng0j6V!t?9%#`&d-i3%@#uY#(9}XOAtI57ym9 zxt6hOp9o=x@-mJad*i)s@JC|2$UiT*J>OJ9-gW*{KkrMtMf1T)eE(_Vw&|w>@F;$_ zdUkipJSy>ph(Pdl(X>9sVXe~9F|Cly^v8}bKRM5Ai~$ajk!4BPAepVFPyleU|GpdR zuQAEX#jI5-*wR-n_@^n2xRF#)YM}JnG34p$kBU%RqXn^cS5Vr-R-|p+9rE&taZ!vF zCv#<>8r;dEGS)P&bs%GK!l{8v69B?AFz@=QcBs4MK|3?ma&Y?PwToDjX7Qc2d&sNo zS zVzAmdYlxbTv3W+8xVG{e>zILzUYxk_{*LI*GMeeBzOHkne%ipJ@bu{NG~(iCx!k3Y_(denmM0yy zeyp&P;(@75P7$eV{WF}k+?|J#!P>7=B=gE#%q+w~T$F!c7y1WU@dBneeK%V1AeqGL zI-r~BwVhu6v&}HW>-6dXT$eo%#ON`JSSXBbX?vwEujd+tX-FTOwoTsm3EOBnHfV4x z39s9PoTZVlqZ`(IN`c2hpe<*15PyOLuXbY3v>VJ%Fo$dZHi|5Q-;DnI( zs$bsLk|D|SL#Jfxdy3u3<*TlG)H_)I!t6{bsHgP$UvaQqOOOCZ_<|V3;+)6J_}i|I z4>U7P9X{ohcB4Qqjx#JV(*>nZIa$63&gsUk#>pk+-2bKMQ*QR|ynrLPLsRB0h@ztgztT zB}vK!XQIl)lW@Hi9L~R_&Gb8RBQ`2#Be1KM@GIQC@2eZO;;u_*lt+HzBd?IoL0?8` zD*dxvWN0dh@w1oJJE4ZBHkM5CEhyS1ljrB)AhjESg8_`kRXw6Ga4f!lmKGavVgvF8SSL51+9?vvN^$6 zkV7czINgo^pQW3(aIlMS`-fXFktXoY-pU80!l{Jk%+d0@|0iv@gYRDxnLlO4Tj-j^ zO9R$G#7(Hf1%2?TE@KpU;F&m+{z@J5jYF-f;BaLx64=3y6gx%j{jCecGi4oYD z*PZ9qv;1}14qG8FwRA@DG0WTGZJL4bHx+*f`D&U!3pxxhAVKm2U!qZr@;5elc4hQ# z3O7RIU2dwT)p_?D8neH&W@`+_HZ=Locx4%xi{5_SZ{SnV^xVic@yvy!y=+`McZ2PH zQvT~dgC=AvW4F&kP@<-kYwRproh;*)%-Wh@vcM_Q!!kSB;Q&IP!1ZGH6FNWh)`2E9Q z@+)m7Yb67PS4CbNN=zRuD1QDxdqF%F_~JBy?4IjoI=%?^s+2Red8jMIxii;M8To{* zK{1}}ld?DayRtrNDnz6{GjbP?_kDr2Kn_5WN)U@BCmw1-umdjt8G;^|2C0$1MxEg4 zy~F(Px(q}k4`OjZBqtL?7IM2Y_uU|*X=!- zx>U!XybH~QNq69!3q-hg=L8F{DyQ2B`$;6fn!JhNpVNO5;m(*szLnW0;_D$QM{j)J z>Hd?jL_*g<0Fsr~Br#+Y2>~UekI+@VGR|xp_yCUgmoeHK1XL%}aqnSJVE=wqG-zV|>QEX*DUp^4uKcU(w zRd1o|G+3cY!JGr+tigSmU{#{A3+A8WqEv8TkS>jmZ&Hofi^${FrLPy*={1W)?cN_W5WT?rZ`bc zt}$zA?y@i^Ho_wIs#%$s(yz}J0=i|d+eC8YVd~qI{2F-C;r?7n9kVG=+T54y7$cB?ZQ*#}W-tJr@6&gabjsGHPSrIrbw# zk@9|qlpF`0TwH1ytLoqU8J+hqs8i)0E>*F)Z>Wgf^7i+-bxSA!DqMA`bdI^hEImH? z>lL)2jSpg_;yw2-zGED7nB>c|OqUo`mJ?y#yMT zO8r;tfC;*Er|3e&3$Nt3RmWrJb|vW})?sQpMee?zpk;ew$}b7B3A->goIPSWrIslL z+ly^u!sdy9-go5xV6NO$Y%vc+`^BVu&vemMLZxn8ft#4LI4IHKpy11wW3s6R?e%sN zz~7CPQ!d$~>$ ze0Z#N8xax!kCWBBl#EvC1H6rNR|!CXx)9QU3=ywfuNRGk>Z7gCV#($y;9mvjB*IP{2W(^&AU zb$Xy?7n#k7rfC&&H$BSaUjP_RRY?JSaiSKzel{=RU*sAB0a8X&;{uD8F6Ej|JAw#N z^YjURuRgK5CZ)s$2b3go>WUzBy1_yAAukT8PtnCq(5ke-fxBi22M~KZ7@!%S|BUsG z6=%9*5hrnF17|(>>KCQY)0z%4NBm!{lUBCKg9ny;1FDecr&cA3GShEn! z{L0jBsXc%hfPE+e*Fn%Pe5^%TmHsw->^y_~t3f7eD&!yY_Ygo*)x1+hYCXR_MS|Q2 zNIhOYJ^S(M^#*k{=Y?!SV##r7X-JfS(;No8@W};V-^pM}43$f_>_JcnBaQzj=q_Z9 zkHd7fuS46?v?uW1+BS08tjWlxLjEz4#h-^ged&iwhOL!eFNN5!o6omu&e4r4)v7A- z4~WXJQ{0nIUY7^g595+`q<1e$UM|h|57rK*)JQ$`2c1u7;X)8|sF03rFNMV-r0-$> z*fBK#^^Laj^W)_+$KFYd56S@`!n*URlN9;(t_}S?@WM);$Vq%`AXqGA#QY6QknlZq z2J$<61sF#`+;=Jv4Nu@!w7;95_q1zOl;&AfL{!<}n3bVUaPy`u7M6Rhb%%H*MS2DL z&j75t1US&lOS07=lUCo1L&_6=A{CGJO~!+IcM(=%qFH~obFa|waa@E50VK^1a7=a< z?fK2$WkZNxrFNY>eW@X`DlcwCW`!=`BrE(fO)+2ik{w`_nv_p;1z@ z?DCauA341u{r>9!t~broeAiMZ0)X*CUa|Swjmn6mVcI@12zav~HDw|dq5Jed0T z_ZNzv8t1iBOK>_o&o^<;DIF!#0kfT+7mwo^&yC%$caE&=&ynXj9a|kmzDMBM0L6oj z(pwW!J0%L-q?FiSn^6PdeO{o~<=kOCy66R1;abtLgEV*ZZhQ`u?ZEoJm!US_inN8$e zqsjTlNJ>A1N*+$?hC#m3AWP0^Mau)Oo4yE3hJS}AUDTgMjk(yErFYf4^oD@P#nc$+ zpw{{Vg*vX%9g%rb6)bIqAYc?f9Hr&G_d!U2Ge8{NhPHPe#2kpNuBuRhZxtDdj9Z>k=ga47u{#{8pj2y z_#K_^>t^{o9DhB&a5$Wb=fMb5t%0pFAboV-_ki@Nn$&Ee3p`k@stFK0QRFpLxOu>suN5>sWOag$<<_psCc(X3Kq9M%gw zzX5Ep+Eq~}O%oFdictc?gK#y9wIA1evE znZkc6#)IhSmi_1{=78F82U zu!uYL$J;Z&hKip8UTALo3_JW_l>$yQQ)IiXe>xG|LY zB}J-O1LbergR+$;RsH3t7F11ATCQGRt8OdC>;7Cy_IDQQFqR1t>XF65qD zWdil9s|oX%)sLsiKgx|y6)90=7Pmtpkd-kc4&_HM$`Q*`jYDFYLRwUEm|u+p_eTov z5epHZIU%Yr7C-dV?$y*1*36>P$GmqjF;){w=EEyirHfY$l^LnM?aouSqO8L0+ouTG zLMqFfnx68GxOs8o)IF@?I5wgRYHHSbMFL7Xvn8GpmI3$n?uQe92F?uPafbokpmJTH z<9P$b>fs9uYFkA{c6RM{YdYnJXhBaZ3+;#`;!zGSL!eg)%g(VjGOMvjNU~N46kukw zPolO0%;?cYd-rs|$@<8YB7D%i=2W;))1^7i3oFuZ6^Y=gV?)xYCyFC>4ADja0h-X+ z{777SMRfk`%*L$KCCc>X*l`Ja%F)?+?RZxi`mdJ4^Ns2zeyNQf>nshKR&}N}x1~6j zMemx2##}5~D!F~@DHtuO=zAW%J|0s{j_O;`7Z_$Fbj zv#TcXzO5q6x^Ay3k>3nI0TZ)8?^pF4Dw&0MWcIXSBUnhwT#o9v0(-z)IUQm2643lvW{Or!F>#G0y3kTY#yv zn%WJBEl$E`sO+6;P&Nz_SAb%F11v=?eSWM4n>kz@G`<{-dbJZkv7M7F!loeg%iXiV zL&#cC`GDoc!$HB1$0aV&rlT3ODrWmadkIB@>svpQrQc(v1{!Jm+==%ETeSeJm9GLA zj738PV&pwyczGSisocnYAvyRMN?c>)jJK)&&6G?t7g}N~h+lm0^Zt|LH;iF4eLlN1 zo4FehN8kTWPQ1_Hk}z1B;A=^xk@}=($e6H}hMd#}>iJ^~%woPH66m>k*n2Ed6Gp;(hX z04pxR@U@7%TXNjv{0p@vqH!6=nvqESyc!!TDtq#E@uKISg=mbWzSwUlkQQSvqV4Q6AtP?Q}1 z6qQ%Mx&4L|S^Rh8Od`Vc#bkeHb?4*7>LcBJ;HdLk9y>)m@upD&i)Y{C2dG0Uh9td91^L`vTBG#`-1jXdD(sR+q6R}KNA5oBDv=nFxW~YM> z2g_`uDnGxk{fu28`5z+8kc1NyCwz?P&D%W#TnuvckNT}g5_Qsizw`FN;Y2k|2n7?c zi=>{7rB@WqSp?`{pLhlm=6h47FjrLltpjuQe9Yd*P&;N( zz}SLKbv7QUtC{gcPgP^|x9 zFy$*NW%SIo^4)rREB*MqqXZOVv9ehAiildN39ibZCW0Hj+PbarjOlfRV|o!msc{jn z+O)EhwiD%qvYH)*HnvI1|Fi*oz`y0gn^9$oHxHE&TcKemaL!!#I*-F!7-ys4R9S1^ z_jER^Zs#(9p;&YV)s781={?QZD-Tr?5d98;SfXetHJ+>Xb@g0U{7ycRlxs5T z`X%&#LEv1*Pf2Y~xws^WvzG?jxYPjBEob>=gF(e_bE1|eR~bQJ&mGZpKeKC^Ck-ic zrTYHzxcKx?h#u`qm(>(|4(nY}Q6F6CA5c1M3w&3Wu-ArWf2hkf`|-3$Dh6}8Pu^Emdo5AkYD#49RC{ zunJK%Rx|0t+7E^N?Z;Y=>wm~P`z^ZwZTPOMtEkwuQ|&EUYffR7=8==&RxH@*4a4HJp3T0jCvUt z9xu?i_QD<81)C3jomh3nVwGrhsN0PU^VD8iVK2nuW{uOd(g z0IXL&t@MCcP*C5MOI{??7w_^-`S3=`ThrnBx&rEc4gb%UPxSt%^5<;@<&)LB4wU?> zE6HemXUzhP17;I8=UUsNDbad)Wn<&lSx&_RiJWx)m^wHQ!GHa+GdeH8fg02DYhz(yye^~l zb5F2pdL|+2-yR^_=@wFm3Y`oXv1GpT|0n5lEX4hZcS zdp*k1UDR+Zyd6@*PY*}ge(n{B=y(+g?Yt2&={VV^^12c|gq|dQxz%=Fby7a+aV1e{ND&Z_%$`WtX%NcGw-8V!ZLuJ&aKil0ufQb*Rq zV2+n=;v!0wuMw3`-~e#*^F3hXtFV2Q{)AYXQ$^A8;WV-AfmOL$*-};cW6iLd0KLHU z%^PuzV2XOd`5EK#VT(`IAJwQM8u2VO9YAw)a|sOf;=Nr_hF#sXi1LAN{^c3e!vu`@ zADFoC-^K-sYYgr~fAjWVc-nM#dw6k7ClEpPqJ`}vWYmyeVYc*YuCKcEq;T`;C< zVGRBDjiE7;s8LGyS(CHt;(4tfn}n|VN6>)ym9P3y`t>8A=%kyuiK!E=OU9j`$by3uQKgwT zs%foPSz3 zDg(b-fBiF7B$0UNP54@p1df%5+o86uB3AI6SrhAA&8jP`)^Bq5u1QYY)w7y;l2^#Ps+-8*Tz(o5wv!8)82YV zavy_$kA1)ihzOpXBh=!sV8x!2{Jub5RSnTY=s-N~vu2qEEzV?(T7b&l`~Oh^5GC*D z!!%8cLn3OXsIDj^2@Y3Q2y_Y&iQNsS4NMJ(r*B)^w*c2kYg_CFxL}AAX{S%}{+tf+ zcs!%bv+ZoYGmmb!r!?dDY$KQ$KY$7FiY}$cY!=ZFa(_sPv4fOwvbksh8Yalpi`LYYT~p1M zvEV`FPMRU#)eIj*A4N2)kKZfCX(C~Bnp<750AHLLycvD;3$sr`tG}av;*Y9Yaubg) zmP@UfC)dv{DiW=mtm5K@MgFTdyc<0}GtFW?v!pt~9_AFkK;-ZTk@XD2Uk?{nE|KS> z_+El_Dmo5{iI}EFX9^-uY7#Y+9LMOm_A}ch{8>yr%?3plzmdwZN3bEmbP7;Za$sgq zFH7R1(9r9tiOD$$-w(H0&pUb8Oo+U_ZjythR9K0fKVIUl%N!4jlrz1(SRE0jqt73_ znRvwST5e?9W@c%9OttFF4$B*2U3FbbCrCHai=aA;bXT#eRZBBWGXMo7l2nAT5(T;kV2u(@?3CvGy9ZrbH0RjM;{8IJOtEVcN)c` z3hRCOEY^FFru;N3HRjS* zYO%M1{Bz#&)amR3^`x1wD^-B8?B&3~L}JBdTi+kKMHk#_JOl68*@r>G@0mw;>2M(0jmnG&zfu7ri6p!r+%t?^<9^a)QpJ~tlfW8gYsV-A0u+?1;n)2v*S z$|bW>Qq4xpzj0V^w1NY5X&}?tdUa`KVZqZ&_;bhl1p6Kqlk-?A!|Gz3mhA4sW&|q%wM4|I>OW`0dkq=u9=9M3>paU1JwzK2G@STRYDAZ24j~ubzrkphL z@P`T%UT?!4mkWai{8xLqZW3?ylTN~?7p^RSJ#+&QH>7>xNXHDNEhSURa_Rdir|4>p zj0PHo=mM{I9YI?2 za%Dlw98|(BH9~^C( zt*&|N@0ZY5g<1wOjSZon7|{=JepS41K6yZU5F*zG85npT!P#@efZ%EP|CO zF#?ve&7{ZkuoAvhr1;khXKxl2V|-B}$`J_E;36*FwcJ|zMv%q<|G^2*;)kLNoUvfP z9$y?7w&IfN+8pqWX!qGBIfu%b0jZF;KIckD&aG=&A_Egz3}-><9>h5#m<&$?EDlcme3s1nCjef4HY5ucj9H@VEzOp)as zd)E{)#OM-^;QqwtQ1V9$=#oEFt=(}Z@4!3ypL~k&f!60Dc4m^!iT(&YC+!xi7;(>v4|=c30z`JP!Eni75BEIxC2nWGNh~y-Z~k&(b`fd+CNZ;LVq|+cH+L zK9spwHuE%+0EmW>+ncgFbR<_0wiT#1?-Z%b%0E}27RmhMet#p=EV&~7CYxyM$kpGC zkgJ(q9Lji_`7rUW#=Z;)tz0hHx);Cn3@EB$K({!hXQOJj5SPR1`-Bqr)7lS*^E#M@S6V&UH<#> zCcV_FR;PVZz|G$+)Ir_PM(5Uqv_Tyl_Cbzosg`*cu(dME$=YV} zy$G)ZgGOeZ7kZU@QeuRVxQ>x-cp~zjoe$K-U}=rs>{&VHq)a-Hn=gBik2fo@!c?mP zZPjrmx)x}Z^8+GOOdE{qTd#&8O2o89bzqQ(jz2T%Ffny>iOx0|b z@}<{Gv~B#Rc3JpyS-5V=hUAUh!oin(5boStZtZrwSAu^6bI@|QghHb^E1PG!R*mPF z@WhcL(W`s|Mk*l*bAr&M{ZTs#l9 z@vRbpzm}Msm*b1vl#Qdxf|gAaGog4iC@zZ%ryqo3%>5d`HN$Lj7gmjUi+}!G;;Rc> z&9!aAmtfQ9b-DP46#9V9t$iu2y3*K}NbUG48@b!B0~f^UcrC|hbHJ>p!9#-#LeDX*ds(tvLNtqnL|2b81oSu|~u&k_{ z96#Q^JAO}EE0@S0q*K#R8v-*;X0taiu7Jz%dbemAA#~gpFQJr1)WaZfkua6T5hydW z&#}Y1Z2+{HD<*@AUUH1Tg?JUOBA#YmGSpaCpGz@aO-wcCfqgLiO9)N^JMH;3dgk#@7zMCGDnG zZARJJC|R@MXZX>#{p-F8vE6cnx3EQRoO*AwW%4CsjG1Ui=7OKGrnj*RoQdY%#xD{ zbt!V2px~IXR^l(wZiYql5a_S6sFisl>@{xl#vL&!F|7UV{)z-k{|NLS=iY`5ipAyb zJCk;RHUQIo`W;)_?m0n$vL}ZDWvnK6TV1HT#&!@2llAJ|mW1DBB*vkd@t2 z1_IekPKGJ5{|gzDvN=YQ`l3d_?$tbZQg%-sh?vaylN?7`sKjRt#%=^d^pW|J*&Vf> zc(u9T+S*q8taO-vRfzYXmj`NBRi>t9dJV=VL|*1+uktuT;@aN$NtPg1TSJiMK5FvR z$7QiF>+XSA=$qQOoS0cR(Z1km=gajG2~{T!mZhs(mO$tCXCPC3-7wkr{Nsm;VNEL6 z^E?B!C5ABUd`)xUmI4`jX~fb?Qu1s`+2xufvFFkw3B`e-O%z7k{I|}B_9IlYsvj&H zJa4_=K)tWJ^$=m|FKgE#tD|-7B-idxEtbh7C?wy#9d8oZ#`@o^L5-Sss~iV`2GZ zcX@K#)sCpNw3dA4YW2ep;z1^j@+nb0Oy5??a`FdxD1JA?>&4+`=?yrFsF9=gvrk16 z`)fk*DFUO-y|b`m?Ra|_f3hlLfEV1jF+3S0sAm?Ppn#&ez>0y1oPiw~t1UqeG!h-6 z|5!rDP+?B@!yF3K^B=dq5ynFXpM*fLjI}OCW`+hD3TY>TLhIS+JqM(Zf)SLv?BLok8FkkhyS)X(hTS{hexR(&Rc#hBmP8xu2wC>VD?10=aW-qJOU7%Qg(HMnd=5dVeqjntbNj+tmZ-KjaNS_}8y zIi^p#@0CN!8JO*mm)Wf3N*+p@d<#%!IR1iqI0YW~9rMJG6JR<$`?WhT2b+@(A}0q} zNv%}>2eUreKk@b4oDk0DG)w78W)|g-RHC40udKL^vFJVeu_V5S3>r!*s^No;=^IS? z!-Ooh#p2k4m`jL7QU{mN0Vj>{*Eb*de`no#Q-tP8(&PWrB%%mcA1 z;$8|Dzqk>>dkl7WQ0Yx}k-AEoTXSXi4fUGmOlw1LBPDr9&%}TSBBLU_j>xgL7hzj7 z#w9h*d{g(c--r0K%hV{ zi4BVeoA6ovx88Xzyx?bor3!7wSvpMTCQ()AHvO7yO9;_fab$lgU8 zQ8lp@E2b+Sd8P;LnDE(w1$=8OI>Ss0Hh1H zvZA36z`?Jxh|h(;oW4)cSo$7*$g_YRxPg|C>QU>Cj1L}0Ng#5r+G!B%n=jccj$P>M z2K|=<-8O(VEFs8eS7S3j>7yd>2-ap~$8xELjK4D8<7OyrZ+5VPG_&(zm~C!b)9}K} zxMzh0^>p7<7hQhb8@yiY%fE3uG-C2?!N%)hbYG%9sb`Z?gL znph)LXsaZ>eGBxQZDrFo!*jJw+O7lTgd%dh|4gmr>&8_Vy* zjeU8$_W+X-?P()xg-sKB`~3rfz%q)Ld`*N(T{Lp*i=>**=jYM#pIvFDq*K3e&a9TP z4J|v%?HuD5TBWtu&An-00;5n`_>!2zgmCwNg-#j&3w~qBqKQmXV`NZ^F18M*y?4Ce zmj+Fau|*l11HugZK-9A@m6Gk~qI*-fIr{)tiQ7FP3EaoBVp_{Ov=()}oxC#zi7~03 zoAUSSTQ2rn)x*95G+a5}?nWc(3gI@|neNBvH?ys^O!Nlun*xtTXWNYgMK_hCe0s0? zrmwpCsB=n6ng>$*xa-PZJ+V%ycNIBPwraN_=7@Z$kISBr-C%~WB zebaMS(v)QJs2PZ$rZ6PDUr5CHF<$L-p?0lJmzP?Nf^YZdJq*NtgZ>(Of$Ey|d$vRN zKY=j!)9m7rp4PAac~9%D5Z$Y9J~73Qr_IC@pS_Mmz7=?L46`r%rk`|gR4H9L)LdnN zUOi+nR%=VveZ@s-#c%A}{WkC)Bd$j2C*}FL8wKX+4Vp38P3pu&Al5zmNxbhb?c{0< zop#iP3||D^gpDX6>lL?1l}Os!#`kTsP3s)4NKa;9U$wEu5UB`GT;goU`u$1$?-8fS z3b*YA!0*C*pye^rjq?i7?AU1$p92MbZa74fiKEn21FXjC`ktwgk`z(?x@wF7>xX6~ z`fQ@O1k?LL#gz+mi1f>eoSL*s1z5rfcZVpvT@Slv0Ra|atdkDSv#}b7sf`oQvn6th zbegulPu!ZHZ!0gdg@k6ROgoCI#8v58RycMB+S75>8|sZD$vKl4BZW*dGHLs9VdMXt ze-Sn)-8M!Mh}wQ+f3DNv8sp{?DI_UFFY^-SYEC(dmX%oIK6Nhb>OSwcCJ}yrGy5WJ zc$O=)@m!HIVhK8Uc5UY&3u0M))?zp^_G##q0g5#Xl+kVAfAeRHA^|J~i^|1iQbg`(+f zcg^<&*v+JX`>EcFG4k#)YFQq!Y8Uxpr^J*X)VQeEai2gcUdUN1t3H@|sG*`bVR5?8 zX&fo(E$Uyrrp@bNx#p@O2vQ^4=?t1py6L-U0~!%SU$b$SFTi~TCzBGN^gO*Nc&4Qh-c_0RIn+k{@vL^`nVr2;~5Cl)rDj}be07b9!zmfOmQ&_ zU&DAKSunLPwPmNqDdI_m2kPmuAwRkYx=9pn3rsV3Gt<*UQlq zwQ=uEiizcsOZq-Wr{wNuK7~0MdNrruey(i7xZmRVFp>QVY}`t95Jc2tDBH@vR~`Oo zo?~U(6tnrQ|E9Hc!BJ7DXj+L5RgH;eFDF;}U`PH!O6d`TqSL}R{L{ZDeF;0sk8Nd4 z8UHk?4oK_ewxT^mV1;-t52MX}o^D>-C4AN%7XDhiF6KW^VR~@muS%8|KvjBH4#~l}Kn0EKn>eI6 zmQ^<|5&aiz>(}~o^Bd~|hV&86hNkui!Cn`>ea#@XV}yH&^clpg29RETk?^X7LZGWbjPI| zX{5Wm8|jAcs_##~KV7<(bI)_moS8j)@1vl7w4{Z?P%3^Xn_hM*g=1Y4$@r~%Xm6o- z5os$O%rJNVF`n&C(Dfjualk8 z{Zq$>>6%89x^~zeGar6zqj9oTSYEQypKzGZQm9QN)E;etnQ?>opWoo_bh|9N0w}uC z0acJWpLr670R@g`mlz0#Dve0rkNNK}N+g0I!%fb?2#25)2TXKrxXt{6c>;VS^ic7~ zFD5Z#?nK#?4(^?!FC5^WV%~x(_`&3(Qz$8d`ZO%LK1=tC;h{*sp@_2{G?k6h7)crI zNOW|L;&~;lmeTs{%|=xqQ!7bUX4xquhagF(q{evug<2pJ!K=Tm&PU(2nR3$tYYoU$ z89IofGqV=8`5CQhMTJ(#me~?V{@8JNSFKy)w0b?&XGaTEe%tiso*&FNE=n>97oirg zsRW5#Z_EC0b5^7EDQK_LZ$}uHMrj89P-jm&*y@4jUEq{YCB1KFA1tSjMjpIOd5wHn zYB1Q^<{FqnPXd~Ym0Ej<9LTTlMjh;o2kZu!@RZ|H(-D?mf0006`WUpxb@5np4o|}9 zwJ_09{x-hb?m&;^ARXy2BGBj3hnSj@7`cT82`*M?+>Q^syG?1v-`hM&_KvQ=$l2q5 zWkv%Snr!@3hiW1utvcu;YdGH`tFj#bc^97p%%9lpAGGLb;~)Trul)9}dg&nvhqeLr z`E_T%AqF%^**rWyYkcRpkEH)uB5*W1kJ!`TMqJIvryr1UgUObE*Iy*<^vx@xZurhN0Lufsi$KSJ`n3fO@qmW+E#3Nkm`G;z%0f7 z8@n44F#)YG5L>htTVfihdL~iNf-KP%D@-!+bA{#$PEpO&l-!KsRN^F;GDPTNC8!d=-GY`dS&8R3Ga-FcZKlr z$jQ(d30E6>l}CbEghfhiCtY_X%(P zejxYmOoD8GGpv6kh;usX%$cTJ9bw+$oIwu>)MAh)P*Xrkldjz zSM;^!dd|n2^t@9J=AKkmX6FtYu@}Q>f++hm1Kdb40%p^ zD1Qt(D5222z1ZacqdZ{Hpps@kgdDOKOu>*!Kd?~vGsh_DsO<3&PsI6nZ7dx2v_@1OLGD@l7@W=0Q5 zzmCvwR+`iF5+JtZx|TvTRc3O-n)6rt-C6kby48jB4%j}Jru2Uo%R*frxm&A7%7or% z%<-)RWH^Yb|GXv@o`Uy8OyEt*x_ch+l6Ejt=L(Dy$hQ{e$7p z5X;tm|MDCTu!$;#frY3V-sl&o^kwAPi95*kG&0FNZA9)^Fl%K>b z@zi;+@8f-3m#G=Fx^?anefv9|yB`Fu zBxxY5Ld;^F9bKNG{O5M1&Svtbj|-_1c0BS^w^5TzALqR<6KXFGro~nwT;E;21XxwT zoT;_%sJj)Qe`hRIc4zQH1|QadOf{Nmp=l9H(SW3eg}7SDC}j<8KRMlCH%+Cxszd85 zMAO{=hd{97vQE;(B|;F0Glkv}FI09kinw6Zw%Z?-NW%lQKL{0y2#zyRAMf{S9r}Q-e5<7HJ!TBG zFVW>O;hk#yu>sY?8oR8s<6TQorp$jM2k?%WaKlDv;<_Nrf-@9I=*OS1xi(w$S8@Br zHTlt-c*dJuD7k9BtCOVmU(FZca87g1xs}35=W$F&vChlUnP)n6(q1Kyz}Nd9_$hCj ziA~I^#yp;oDfXCRL{-hCG8y zB)xbx%~9yJ4&NQHAa)>Zl*;!kxGmLVSD8fP#Y-6d zH?>R|&<~d@QW2-3q#yqATI4Jh$#wZLdUOgjw5M~`>vi|j%l^>7^MVJt`?@dGL2!vA zORyH92(NOQ&|cZ<{%|L2tFYv}rvRJqtY=%LKq zfAS+4QriYV_l8C&A*r=^++dG5CAZ<|!tCQiBIHR1CxIVJv7gU`h`Yf}h0}%)&HVBd zh5Lz}Y~E4kx#YV_lhH(YGu%NId4I2jzMI}jU-P_GlN@dm75oFQkqq}C*jBrl#jvv> zj_G4&vPjMC6fdot!@Jc;IeWW;vjas@W1#*cIhPN;=K7~fqLQET{L*lMMwr#&gk4 zbIR<+fw|j3I6&zKd>CyN@1Ak}L-1DxdSwiiA>4@&JAq|=A>o7q;XK!dppdnfAF%0-zcS%V%P4JbE3l>L|0ug+_zch76v3J`7*x-w zU;fN-L$TTbL5iyikZgkd!6@IniHS|Z=kr=T60I5!Dwq_}K+OR)a6%Ct)@hjbD^3_MMD=LsXNI z*O&q?LTV^3Ec+*kGUp;?RE9_4A38}xGb}Mu+e*|Bnasbyql)~G+JNNon$qi|W(bUK z0(=z8AgB33i&b7ts&0Viv(X>B#F}LyLH% zvck@q4Z#f3IeK-wgIXr1Sa#d2|IUb)UFhP~9OBes%GnVEQAkpl z&iqcw2e`%{I%8IZ_9`eJ@4NF^{S)3AGJ?lSw;S{Fsu_2W0Fy^5feev%oJdNiid|<@ zB7tvj%74>ELi*|OQ+FlsJq;W`DQ802A&s4~etDg!z@fVw=WSREILGI!s#BWwgLac7 zIVqN>v6s=u1P$ASvtTW5{$p0-KD?{C|5Ncxhgk%@7DB9?f));eTTmEnin`^P6{@(IZav|t%`)F!MZrv#3 z%0WXvTobHsmgVnGDLEnRM8e)LWq+adwWs2q^kY}WL8IG{U5i!`6Tq}rfR@H$UAnx6 z&BiNH>NW*PU8)#RQ{oU;A205N9Sr$Q*ALJbi6+OM$4-jzAlJ%2&3NC*9U6w}>N6ubEIKc`_#A;_tePd|tDO+2G5Py~u&jSw z)PNdd4Zli5TWDLT+C#3Ss%|k*a>uq%%tV`Ls%k5Jrm$d8tOki$1GCDX zbNka)cT4whh39POG|VMlAHMn{U9;egDb#i)kLxRe-0Cyv9Bk8(`{F+x-gGa#o-$1yN-U@YDCh{< zy2B4wuH|PfZ^Q-8Pdcx620B%8Aeqh6ftrQ}hbPb2<@#tZaOnqG@!ohdVq3IC@vHu| z(aX4;67rO~&t7*M!k*YNtQz<8 zRn~4wf-*tHZp&Nrz?Mc!U69y2zmOHL65l2EPbj?75 zy10jZQS*J0i^Cimy}VBm8tft^3@RhnYq#CA3VfR8JaAJfKDgU? z0Q48F&RLP4K920L$sf$8HQYqO zrj|ckO(|R_(W5Zr%~iy8hBpHqZYE=C6{wPAyeNc($#|)RXNeB-Pu^kGy-ROC7``s+ zQ&CW132`E z7p0WzZY!M5oVRzC?k+>h6O`1Z%lkQsc9D6s5-fw8Wk*I|tCjvZO4@wj0o>HTbyDrXlP`tt_Ba&jfb1%sO^lb17T4s2g9P| zU-++&9v8$ZY`x=lLn6I{S(QuqE1h65pRVGFw3m-dcL37F4^?E|@vUVCM5(6pPQ*;q zq^@hpF@@Lk$trP$qEuqKl#%i{N2NAgN&8j}M&-d*c%osxKox*~wS8_ivAw2p_kL-z`OKjO248HUFTx^HE;)gkDjBj#UJkz04~# zlu`NJ@uwC_6*@IdK4(Cfd!O)@m*?yv?db>6rsT)^kKkvO3KRi>dx~dQ&dcOM2UenS z-mYI6>pLf9sE)c{U%p^M#QrybzV>~Is7ezT_zS*x(W_AGPe${)@O?{7@6cvCai*e) z-8w=Tjq)NPciO?A%=AsuG=f=|wHwaFxA`mEic+Mg;mRH0$c71^DgE^5#Pnoe^i|D% z$Kh&{X9r5(mHN`&T_Ut==0E=K%OL%D&^TJflQk*Mr=Nh7CMUG4*@GJ2`0GMLuo7pa zoCYtn{Fqh}`HSRBrZTL*lZd)cFUwSD;?yBAIzja+)PS&)1;m#Z>PDJ93%x(KJS2!e zr)npwDM#Pvqk))|Z+4WCL=7!spbKMRCd_ZqLzqJ^7c`N#XPg^Lb>#R8`x=u7n@M1H6|H)$^Ia|8@XOQ35 z+XL0cah*W(S^n?e?c>ts)(FioiFNaN^r&p@&x zGz+85k~*2`q9lWi-bT{RC(&E$U?KvqJTww)kc9sTZG&aYBXX2xyCLjBR9>WcTmnM+ z@b)3*Ma?Zk=nd}%nL@AAn>)qf1*sCnSubyhkk7S9Fx;FQbb#4WOW=NsD*f~3Qpw(_ z{$WE-@QP~B2ouJU%_qy3SpGf(tjWcslYNqDETay?uxNO_dh?mY+qwp*W$B-gmT)&L zL#@mh#Q|YfVUvme8S<`^WO6yVL(8AHt8MnUA(HP z6Dx@7z$@f9Qdn#n2v|rr6$e~x`Jts9;M9*`Ay0RIlYD5z6Y=p8+gm)w$3x##4-Xii zc=w>YW`O~Ae1GaC0p>I8D<()T!*^~!FUp>CWJ?x*jIl_D{QXekv%eMDxG|}jFax{U z^H>n4EU8GF1qL3DY{Y8f?qd2pj@;RnWOxvs_`|^`4loXYmcl*s4JXQ<)e7nM(cr45 z7NV#llq4Gtn6UZ@CU~4IWdnfNTra=%!E;A zpkLCp^QSKB7%j4S2M69>FvKo$IXv=do0kpmz4yRfapm-v=|JQ7k0&E`FwrwrvT{nJ z>xW@WRzRKAK%;TFaphv%h`TAT7`&RwsNY_H$?y&Az|!sX%9R)nQ!l4=g|f42P-!Kr z^W>zAp;e7kyOFb=s`VfiNzM=ZN5sG5+LM8hdz|`-dmIS2)=WIeFAYyteAm-d+)+2*xom#Am;k8*14zKp|x`NT?IHb`kP_N z@md^cI;KDXY5d<~8kaGVjVYwf>{UJjydRa|StxE^V)faRy25^9FyDK!RrvZ}yblbL z^(mCbzDG#G^0uRiOBl8vgG~B7i7f<%LCW}_NdleaC!(Wm2FkG2pF!XR# znMTb5Y}J|?F0no=gQU)Z7lbj#2uHJ|$VF%~O9AQYGA{owuvLwF3o;bs8tNyL?5_g%R)d7n5B=x}e z{li7=;{L3pERpDq@p@vDcf)08vTkaKQiWIfG;rrQxZ7`%qYtu*>!SVaY;8mg)+e3{h5 zx}S^E#0Yb8Fs9kC>vPOOS)mq(EGbLR{}w`C%B0O=4D8L&kU8Mz=LCJXj-mXRASF!4 zR4y_Ye2V*N>l_m<4nA%2;5&-9}9`n&X( zW_kKaTQ}K;@HD^A`Ce?0oWhUYC#=SzvIB?LJdiTZn4DEC&Uo2elTuNOrwAzrzw;}9 z)DEbKJBfC`g6@coyd#nNFEZR6fSE|`Sdd5!(Nm1Y%qYwRfU}W5z@);W+yf5RX_|uL zJXOXu)R&h`wC)0)LE@;*v(im$Ec3S7JcP(Hnva%J_}b0Ele97Oj*3p#ag&1=vq$6G z-)1|gsdvUV6THD+vHnm)L7G+GPK6(i_EI0p`knE8F)Np6 zj2$2$Hl(grpSFPa3EHkx9EmDdKXePv0le^E0BbRh%AprJ5hO)?9-BC@sTQA1>Rcof zHsC3S->{k(!EhCeoOALG#(GUsHDvEWn0P>xMv`d^$PBl_k~D)bQ!U<^jdf^zfG8u#I_nE{fUAvxA@2+vb1t_mHeOdVAV(GZedKe4FrJma{H=Ufwt zMS&TXeWIaRsg9saEfkaYe+(%TNT}#pWE4pL{MaAG(&3L_zop0jgzaz0ro-ip@FaTIWx=iOUqvhjx;kplx0%PA0 zmk{i1JFc*=GlY((9PMnI-E7iGY%978uTX1AQl!=U3=$X8IRy%;7zKB|TW5SKpgf2Z zBq9ov*4;x-^8dJUoPAYv_IW$3{6!&k+oPQyZs2SrY=+TqZ`jd0f5jm_%o}1B?b}>5 zEkq1-DAUiEsJRH^u&ZYBl#07X5hQP&%rMAr3kCSEc&!w)8|9bVdxH(nvDv)iMx6_voTLTpPs)^I+* zH8|eW9=Z8`uP?LCx2+sb0^vph5L|XBFMRG!gqtMcZSiYS15H+!o(UCFTIbnJeEN`t zLV9%hNxsR89i$J?NcfZp|H?~$IkdnyrI2*u!~97UTT?^q5*lo&77Z)vF$Z`ba{d%U4%4G+G2BEMd#|q z6xhMm*kcmy=o^z7r5Wz@tzv8<4k3lo3}Baj@`eJ<^C$MfubuB@5C-=D4Lg@;+xAre zsZAF{2ymtc&M>g!bWqi|hQLlGPLC2(g+?ay8cmgxa9{e38N%GYwbaU#t#@r{8Y*j? zr2)7Utn|bXWrc9raeUrxiY}rpp{W_Q-O*32?}y`V^ZojaXwasfhVoE6b%rYPzYAv< zdl3cxQOfk#RZbW#4rCN*G^Okta><@KfQgy;}cJGP6_X zV?08wiW(f3q0%CRG;sMjnDyIWyS1cDTa&67GY9$al#~P3l&MdO%!L&79n>p)-1; ze4ZY;q`FWv9F$$qV#piHAeX45Z%XzrsI8Zkiqvtlkg0y9DI_R%BR6DBOb^;h=P45c zciN)EI8FQl7Mc#=#%w?`T?gS65RSx;lv7_Vo@&>z L#_hCxF8 z@5MrY6S+}4{M0uk8Y?sit-HN4=gn1L-frq2CNC|747E=#orWwqFk!y+-u{|u zC?&*NtQ8Ig_e=5Z=NcOE*mc0>L+YEFn{mj)-Li_;(nqO2`?~NbvGa0)W|XbRW;bRt zxh5eXt9?N5&$lLuKC-mW7loRXdo<#84sUHEthIb?BlU&Q&I z9xV;MOf4t4d#_u(!f0rGaHkI5tF2|S+HaqtIt#;V8yU%eS*nFeNK!?bg4}TI)awlk+b|BPh`Sl86z>Pukeh?X)buD0Ibavss)MNpf!#tch_z3shv5hA3 z#Vrry9YBx-fA!(SEVv@tlM-(Mq$-1iyI_lCvyQGh;2R6@%eAh9ViG3eG_5rkio~IZ z62+sl(#-n1mq9~%=*R=xRD5T=mZ+j^dOp1-8Av*wA&urPcYUTbBV-b=8r*naBu<&kGVCHX_a440Wks1HgB|)g%tZsbxDn+VVIVpSm5NDf{3l2sqm| z8KZwR&11?P-5{(jVuD2*=NSOHHHAEkogPxeB=pZCWJcTXTP{dS0TRlrwu2wOhkEDI%$^q_()1>#QQXkx zU6YH#F*#X-JuR@&gfmj3e~Sk(jkLiw`sVvvIbvf`Zqr7{jJ^7~zUFvdb(s{S-&2{Q zOw3yLGQ>=?bS%b1+pfTH-jCbxUqMrYLC9RK5{V1xa%)1JI!7AUobb$wV24S-pUxgB z1k4^RTmy$~@9Dw`w7Ul&<^ueTZp)g`z`kc8lP8ig|L{gAxaZG&Xv2ACLq9Y=RH2DZ zVv<5P^CZ)VtN5uwOlE%4;(CWSD4RMr=d=7*)r2+ZzwM658GQ6-$R^dT6e}#m!4E-rp#>b5GtGN2)(Z_?}l!|(3^P!@@-R<4Ro6| zNJe}N`fzXY9S>@8O^|*QTMymf`f$sJ`)hqOlg>Rg&@by8`R{m7?tg$o$}}H5PVg~J zBMac1WTNIC0E|h+LeUHC*coR5O0~?zvYGea2blln>~(UC0m!OuK~_~T2Zydvqg2qg(uXxhVdek?vZ6ds*Pb>F&bB zHC$qG`ph>L3 znHn)ze6Bl7o@+h!Q+UivS`};An%Zy}3UlgTxxOulHZ`FHZjRG*t-5#f+H7015dVp%`kPCiy9GohEZy|b;p1&XUP_F7_m>g}KSn&IPz=3LJWLWT(2ZnXR=es@}y13gGgj7GgX3El> z*%qg`5?+C)gi=l#MWL{I*3|jpS8~osgPiT|M)VBl5B{u}uPe*sI+XPi0zf^T6yVC0_7<&)SugmP)Zaen90+EwUE$+#m zgC*+*w}z+3N0@ScfM=PX5tcgF;p#p+ybBD?44q4=ps#y?iw_tE<5`x_d zAGUgz^oNtjugUq%{o2|nW+O~JNUHoj-@+UQ{v@hz!7B;Kb|Xx~G9n*MOEo7K3oS7; z-H>>&J?Yo-8F(e^RCOmu=ru8?bH?=3@c!0@%sVfKWoYBfg5LMD0_Mg1>}3=xAv~&~ zC7$2ZCPzUFhqEhflT7=Y16#M^_G^5|yYqQ=+gG3|{YPAnGr~K%ZjxWlO$v&4gh_%m zsn77;*1{UfpBu2qkdC8aXo^Bj!qJWitElC6nVM)}U@4ryw8F&p{yTd%l#<3;1>`J{ zO5TPP5IL*aEe99eur0M7^Ccdp@{Ms{yydD~Xm;_th!XH*sk>yl-r_P(WO{?7`lg2^ z488r&Z)fQ*MvONx>q*`>91plL#c$^fa}*(J2UUog6j;2HmL1>Kn#z*atck%+rX1k> zw?T3fSCTDqP6r{TU%4Sjg8;j1_y7gV;8C;o1RC#lX$?+%-G_V35e5SmJdY>BMmllI zKR>pSt}l@&O?HV`KBu3{s<;7Dt_8>s1D1Q;5#G z?RMQ&C(YMJIMq{#N^$9``tIKHs%!AFO9anS8`6?L(9>oPBuS^F7)h+IQeUch=Tryw zNnqa5K781Tdt~OpPOEqMWv_Y}$o_Rg|A^pn#ho}4_v*itDVi8JelI8!DSN(c1Mu?k z!xc4pJjP?je$R-5Q9fV`Fq}T+@0zT71$I&UGRwwhIG-kgH4lyhO`du|+aob`q5Q9y z?&Au2*#$`?hLA*JHmsi|SiZPSl7iJ3Z1-`#=V(vme5FGFX#*-#%)d6%8t`arH19)v2#gg3#0{&o3b zYT?ANe;klMn2J?@USQ#8c4ewMnCirGXkUgp5zjl^#REdSVHxIc{DxBWYf^&BH@$i| z7D05Fs!p?svC<;XC0IWnG_+)KfmUzVsw|LA`~Tpuz%PqtPxyo`R|CRD+5o)uO@_jG#U* zk%X!)(Vx;n1i|&z`M2Dx?#v7Xe_Bj;a*gkXQE#GuykV=X`^0oY-;oKfH9)(S4}Kd& z3Cu=X^J08AoYqhJe+RVw%@SMTUdE4&fCUI!*A%?~)W6Zs2)cy7gcnvcEV+w(# zSY2-W-Z(wzXg%<-U8OR+9hXZGn_mf&fBYofmcxx z@+EhC(*nK`ImW}yN4k$0{BC3)oq{=iP;RVn@H{U@Xvne_o2IDh-Ru~gfsd&h--JpT zN*ri}zY|mT3|tuMu>OYf*qp4-dFfwL=241bP1;M_C;620(!BPO^zDLJ-C1_`m<9w= zikh?mAsv30_{m&sZ17~58D0BKXGni{w}zLWdv1ImAEb)aFIYv=azM~B12QRIx$01Aq zQ`*wUYhGAii+SItkUDkmm;+vsYVcN`@6<2p6B8;7G1U}OCzZ>R81#pji2l{n2~K{I zx$#mGze;;nmh;+U;BAe`0q8$hjtQ*vv$tu79jy-nb#A_aPl#@@(RW+@$;kvbA8kzV z55^@0D^5}KD7(#QJgF#iX|!c!W5_)FaXg%s$AC}i(X;ubiqDCp-RmJ{xOay|g05lre!7SY;!jok{I82)~H6wJpu?t z1-T!yH+ex6(n-bppK3qV+y1NRwaM#jJqmOkst%$V)oZ^SnA< zlgX(@h(S^7de$Z+x_(OR-5P1u<`)atrMl9&|*jmQtkh*AZPkH$lMBNM#y z$PRe3a@1s{^R6aMQu7P<(IBRPqKe4V=SW3+9)_V&D3!;5_j!1&Wcl&A(ySX~-moZb zy(4&|r!G*78X3ZpewCS}Tol-nFJ-@ho;r)C2|TnZiW6|%%0k>KzD2h$@E%;Q1bhhp z_$S@H(y|npdR!vn>|egqi)Ea(f<3^h4k`})}wECX8 zlUrAniK6`fBGIMHck?Ki;DxN9E~yB5V`owG#lB+pDgSVq45)QS4~VT^F}_(JjHlYk z9>ymr{ji-Aw|h=FsqulgE22q{7naR2p*NUcdPznnychPjmelnT@q&WrD$_U)N|xAQ zuS@k>GfvP$8K7AVb~h#;4Xj@-bVs#{Kah)%3ralXeavF9ke3~ITUDJgH8hdHU#`rm zU_3dVTYA!`PkI7UVX)&iT-fd0_8R05UKA&@TIJr8!~yBJL}m9r&I<&1XWEb|)9k*W zZ%E^6*Liy<+IZXi*5i5}{t3w?;%M-e^-ONig5Fh?vYVBJ;#dz)%Xilw7G*{`3pl6M zW_)^$oFYNPaCbbUi@m)sqm8>{JCjP@(bp9{IITb6&UbvvO1 zsDj5@$vs~{pFxc9f}LaF_K7R{XFi;Od6Nl-xk$pNRSbGMuHO0Op;8oreO zGvMRyBmdZ96#%Eq>k=?W&FebzJ*=D#x&4&w^C1B-ycJ4$%!{<$&-4Vju7AZoc>Qt; zybxQjR0zMMUp$Bu6cG*_U2RyDmDsf;L=|7RjV^Iog^!^#F6O_fVk`?DWOy|%NV099 zw>{FYZv(F7>u+xfY-}R2HB{f8UO%VOEI3@;qwVxqYpU;f5N64k<}Lu zrcV32h}}n+Sn|y(p})j0N6{Id7s;|3!w}oqKk3{a|m%w7)5 zdkD1z6oDj0N6_dnv(i%g6FIg0j@9jIa`7^;f0U2NRDClZLw=durnoEds|PbB#qVr` zzt1@F?n-wMYfCv7cq3F{@>StI?qH~in0Du=hP>{y6CP{|xVY04;f(q({#})b4=<3T zNRtkcCK=_)4fts(%U>Siq9l@dL(PqRb9w$MU$iO#llGz(B;@7@b+q)S< z<2g&+ahGc>$W61hw)gKR0yv8`hF;AXJX?;BvIY8c<75+gFA2G~Y_W_~{QB;f51O^z zuq2YM?o{`hXKl+inc}twn&TPGt=*>gMNATp(weUZKSWa%TVxo%5Az2E$v|Plsrn2$USdwM3LhTn+bdoiCuV*PpeqC6Q9i}zM3gL^ z{19NEp%*bY9H@?xiS!m5hc{S8%?pZ@R<3zoC!YvtL|z5wEG`c2z87V5eXTpnB#ZEh zv=8Dvgbz#nB#;9g8~1G@fC2}krBkr+@Lba(;%hP1q}rypkfQI^)l2n?Jh+|4s#d~f zZqFae?H#|tDJPZ+k7>txNB0RlU|`{P<+{8}_6QrYI>5!vD_f|h~N)jxiXrl^#r=Ws{D2fa$ z*N1n|pe{0PJ+>&vpnS9UlG#e(t1bQk4*)I#(ynENL zX+wp*ulPMR@;SZv61^oOQcLG{jRbLsDWv6NVL4&BA+nFf=8DlL*Er%J!B%NT>C}hl zd;2ex7M@1Y5nCImKlV^n88H3$@h59i>1M=7D@1W- zG2If!D#B2B*W767ipa+@UqdaJ19K?$Jfr1vnSQERuZqIytX?5kbM4+D?U_@N{SoTUrimIaGWjkJZ-2;!%N{R?&UV_5v0QwX%zKd+( zA((X3`eqT;Cg8^{Q4ZquffV#|EfXfJl&prMK|xoXR0}WU}HTng|~-1 zll;j@v%p`ID7!Hoc@a-i8C&1fJ?DFJISPDop-e$jenFhJ#3yLDQuMEqq z-{X$e6HH$G-F&UDG&roX>5?IvuN5Iw?M_vpZe#i|Vw|mPwqLg4{(~j~P-FMh7i$>w zCMe}KUmC6xca(O zO7t~A{xhcP{I_3t6=v4RR=_Qe@sC ziYKWIC7=3Bo%VpC@NjH;8VX;j_vXhWShZ?GlrFj{tLMy>r#_sQ4Bsd!UbV8aI0%0M ziJ^|huPkEey`*^hWetz3f(zy#t|v_RTmWaD_ol}cUb_HsGESq097K5@vn&nXp`&cJ zqSJT?OK-e=M3Nuklb7l*TmB|KxN1dj=1fw*$M2i*6c+Fyr2^Wn{vO80=o<~~#8#Q- z{3vN;V|sbg8eK7aQn!;I=|VF!QgM5X+c&FsaP4{5uMnQo{OSi;D8?nJY`^qP>0vck z9p!$*HdD~6^J2J6gnZ=GYyA)`D;;kmBcEURtlsQLubL|*Nw}46h(pNC%AVIOL<8l1 z!@%yJN_ghR4lz5G{|Gx;rRDYr6g-?HO+R~~em6I{I7pjV9G$P;Yum^>F7$LjeRJ}8 zB)`~PWpiz8T8mQruk=*LjHSiosKUp@{>?YcKnrcK>WuBO(a+pr%aoR{5OlI8o|Ft{ zFK1(~ZIZdO+mp2?oPE*5=^LL#OdAJI-vhn4phZvV>}?qk(mT&fBiL)!yU9LF&I{G%8k*?1 zxVZc6BI4>>PchmeVVhiI=fzwlnMx5h;R;1I&GqB(%wXj4kQa3SM1CG za^fN>cr=T0q;QaPeNO6LdtM^*a2YI=Z@N@^@pr0N8-Pz;2 z)ie)xgOKZ(W8S6}1V%-@k2vNe^r%S`NYKG8(3N5?-_&Lh{*104I=`NH>swbgESE{y zdIg8lNo7pqftnb*je=c)W=gAT??qmvR{wvfCyp8uDNRHjK?MdgsF7t@u%DnThrbv^ zt$2LUuaX1w?9iY$yi}Lp?)7Ce5F{TKeQ&WBbBFW^GyY8uPQX+G?a$T>82Xy3ed9n=)u_oeQP-t3;P-Gqr z(uCRipeUrs@`MOiZ4(P)sjfLT-_*k=E`J6na2|ZG*!Ql~wls2g!?k>APt=fhT-Lho zcvIP}{O5Gik&wf#z7E+SJCKk2%S@NjGAEf87s*JH*q+dbcqGWlk!&U&hQ(6$*_L^! zXy?cbD2K#Ihqn=8l#A#5)!e~BMD*hIpUHYLZE=Ic!y`wYy2v0m;so0M&mRC7ay>!l zHQz%wC4XafuG zw3E&tISn7EbaUXb_yJzcuHaZ%FPd@{^9i`M6H@y(kip_ui1H4omB&JLIVJC%OoDc@ z&J0IuXO5E)$eI_|U@lxW1heV5ui)3t zqE5;&{l{i0hx{c2Dq#7C)(lDO=O{2Y-~4=xe)_k7^}}!hw;}o{{ZRVvqH$`|SPO@0 zS=*+wq(7LQKvm&giR$HY;n6-^%ReUlXaCE%RW|bY>&~d`x2bHQIm&Ao$M4!S zpm&p(ER3t;(;KvlsoFX>c|Q;{d94rl%4@#aOL8HNYNLgK1#*V{---VE6xQ7M+Mw4z zR#47w0y)LLC~BQ{V4@eRZGtrjTS}sNW%}fKIZITVg(H}__#r;z$7qOe0cj%Cu2s}> z85Jz3Mf@5xKaM@fm;4o$p2IxduSde7(`r?ETyp0-({fS1NOzW~3PCLl5E<*@k z!zb=w-LW%tSJK2KFSvi(YEaj3s$3-&5v;K{fpUy?%81Ef-z0Y@L~qj_kiLY@c->b% zepZO%=J;!40;2Xcw^^(UN}8lhLiXPGTSEb^_1;L*K+^%l<5$y5AgHHMo>4GfuEX6% zs7z(5ugraKcWcB;2>Z>O$D@y5o(0t7pEG0Rwo;XH4@kRZu`oT4^jtV|9T+F~#R?IS zf53F%ZOAxdvxKNm$O6|Y<&9gih#MK1;$$jJ?efo-)g3OehB92A3}iJmRZh0JQ`6FG z9DbyXSgHlc-G0S16@2G4X*i=G(zwh=_r>*Ip&+MR`bCj`S#{dAcSc!MIY@cU#E32- z=!BPtC>8TvPa*~fOG1!T*qETg$}O+d-z>D(34s#d!MgVVfyfxS^o6Cdkjs|$mv&oH zCLZIy;QUA0%pa>;3k1AgkDCrLN0*>qA%E0*9%ZKom`C?Fo)_OOV6TU8zgfKTaBceb z*1>C==-lCy))=#)P^fIRZ0Klu_QKp@jYc=uY(Y1f;Y%9#G}}i*b5RPq8P!C?m=m(4k+^7LA*bhQh*EE0ul)uGt4jdk@YCz>>cZ}Q zx526}fbY89bD|VWlwgX~b4aQn*04Mz;Z~SP#h1Hn!sp8RDiDAnielGhaB4qrvQ3&% zq8wz5hq50LJpJh7mpsA*_ZcPn)S5=cRDpf7jk{{zN0p*eV;K|j@fYAiNHNLR595=^ zW@9*_(k;}7+v%0>cB<9e=4JQ0yo^OAY{jI3Y}hT;+MwtHtf`pjr>Cqv8ep=Sv4B{q zhlRyRLWYja5;`%Fv9F;^!xq-@iM7+MDd6^|MNFX(&(tdE_DQN7*5dTs$KPq`ON(h1 z_#c!#bw*6otoM&8#L6%{IYG5YRL?RI^fL#{d92)ZLL0=ERH9?zf;A4tfWv0!&P%{E zguHc}mCb7Ud_{c(6Y{FRG74utz?c?P}CvFp`iX8R$PKAns=PL1;*6Pnn*R zYf8~CzyDr8<>TT5R$q06`M8ardN7KvoeRj-b5VrJp>o?p&m5O zZ|xBDS~WK72p6Vc*?A0lA#KTu2^SHy&^YY_xX>8rgUfDVLCsAyeMRoks9u-V=xSV& z3UsXTAo$(HEv}7izjR{WoSxoXIeV4Q$?GGRm(_K%Vz(u=YZe-rTMo!Sy)tTVvZO>sa1SmOt8g2$$Un5^eNnT;Lpdg0mS`-?wgGAY32t;VKQ)G=%Xbs+L!o9kxJ-gK_RTkcsvZ4@|6Xnwwe)~;3K zjxbS_L|(W7eP3JkNYW6~1pryq%gQPlN<^8X^m0YWS6Ac*QD>$(8(kAUR3uyV^`xt~6AyPg1W z$d40lFZj4BDx79oSA7q#S?xJpWgYCebbY_aAskP!pA4rh3ux)+I_yfEO-h9%eqo*k zR5$dVZ9Ctki7FBvtB#t=83G>)*6x0Bujz#CTV0LJbS_&gBqW(mDtAw3A8Wd39Lz9m zQ~2C&^uy{gp-o1O*>d2Nx*^eJWo zOWj!O5ZT^zo?k@HIdH81BB=~~J|42KRL%>Xw_2bWTI=97&Q_N6hSNeIt33KCFu1t2 zsAn9n=Sa9iYkYz=Y_z>Vqn0S*eS7RA43thezEc(ZMplr;)-5$_@7M3;Nr5Ow*?teMkWQE<}_IrwX`wUP49uE)GD{5a3VBR=r ze>2Ps@{OlN%KP%7K*lTpuD5nQ&K3`jWZJ(I69J)HOAA3CT@!I~o1zKZ-WV!CeL>lz z!hlwy@eTZ2G3;&EJQV=P`T2hZaDd-SG=vuFpUh>A%xJw&Kesy}N_BpT?n-=oBIaZG z#{HEs)8y~k_6$ANw^b#Wl$Z_A*A$+pf1OyZU|b3Tk!ubfL0bYqX2^xNp2s)bYGiCX zDj}ggQ53!wzp$bUP`>-V6guzAba&f{2A_2IT;GUpc1{=p+RYxCR7Jfkr3M`>LTp|Tk60ytZ?{ud^`TfgW$SToyJ*d_0Rbnj~ zw3O8o967$kD&G2{EAs;8GXi?c6Ss?wt^r?ARt)PYi)y5zAFs;|_ZR(K{mSd2< z@k;6qdUu2BE+%trJbv@RMNRYT(eKZiT?U(lh2uG#m5-%$oE3Oa1JJg`FSVav(w&=s zxTV5+y!!Ij0OUsT8GsW~EkRDX)47L169~NE=jAzL{fBM|c#^>Dn9K6HBW_EJR55qRY4-6)ZtZJ8mW8Q+ z{A*RGH=+$h`6q8Uf%V{~^oa8h5nPD2TQx(s_0$?d#J^Ki4hMb>$zY zW4XtyC!xP1la>w2ToMPr7DYUjaB`vA73B!dS4ANhcFp;g<0^$tR7T^Oog9%96;fel z-TRd1y#Z6f*}IF+h;1@D|HxUVbX~^<2Q+pJmU5?bFi^|HnzZMo!Z@&fymb9O)6+SX zJ9|2M>1?W?k8-sO^Ppp3f_z$)VM**~>b^3mfJ{i+RdG}Ekoo!B)SWF-pQomF6xNj7 zIj=5_axq`X z}7 z3vf3yGHq=lf4T*R;?M1=4z6k7)+(&05yd!TG#GOu?MdMecb-eUgq}A8k2eZ(5g2!< zm{1k}5y-x8FnnhTnHUe>XA$rdmDT$6a?mhDL{d?%(#BW+zC1Y}bh;Mw5-e_M9MON< z=Z5{0(cEF$CpUtBYN2CLH7CSly7N*_5@lim8 z;>G9&hOef-yHffNd}BW+uBdop>8JrsX1-_DtJw!NpFlM7(UO@B)d0J>ac|St9g_8w z7rmpdNB>Y^JJ|(91+~TJ(b{?)*c=q<-i4^6~pmQ8V$4 z2dggLC)RuGul7Q<=k&f+LFapts`NrT?f5u)#xZxM!@iv-A}p;Cxeu$a2uSOqr+JBa8~MXx@;hZAw14LOkOfi^QOM&QrgK~KZiefC^| zQ+4!hbEfpJ6yk6O+{g2EP7+t0&pekec6UvxTPRK>TSO+aqsIx(@)lYUz#rT(`5#^XYc7Y@n*6PdMV09 zyh$>3x7+e|Ycf(i_`g@lLg>rhc?ZQKk?-WtB$l5LHKn4?i7Dt?^hmaSr7-omha+i5 zNaboZe+@e8ZT?Yi{N~f%1qHkz{DRcDpB!`p?cM?>Xi9QS0E9dnZ39hYB%rs$RQG3* z;Fz7V#LQPj5VD#`#e_VcmQjrVCfY+WawzW~_54&?E=-uFD6gM3=af1+%p>^tno(Dv z=BV4Ep7P+*{Bq)Q(;KgTkV1hvWAoNK=M?p9*t^GX&kI9HU4os-35sw}D5jubj%E{t!R?Iwls*Fe7V*h%9tITr)zQBJ42OMDh_B)=_Cl#}l)_kC{;Oh3hMc5N*b4PJmp zB@>u}+fjh^ntTv{qG3b;v`h$Ki4#_$X*=9W*Ze3KF-WY2J2z-bnT*Ug?Y=0d$`g^wu_bZjzXf(N0}Gw6lZLc}(w$Es)D>!%z`Po-cC zPt@?x(HWO0bG6_OSS^$pgapOX5!Mt`^q@q z=f=&ea`*mLnL^=?X6ci$r<65r%Y|?6XAGZxi43wk?3#IGL;s&93pjnX)@0e?E?Sel z5V9Y=MhFaM7!p;*33mo$cGNz~s%v zQ@sNE=<-qWXvx)!#p_p3l~C5GdATMncgvWq#PH4|~EV+l=22J!5~^sbclVt&Fa4!1fd{h0qV zEOnK>Jef?u=osn4-!?XsDT}e6X@pRXUMp6LKm?!n?eA3e3i%9&uEKJdBJp>oF0?-1 zghW!8d(eob@Of}l+SeeUd!NU~gM`E>HY(I^U_ZxXiQUZuhBaflO6_%fD``2$F2i5H zOk63Yu3*71Vfwe|Rx|Y0@KS1W{@F0|Ilim#X{B#xn11|)#i&(*+$)%@clu1N_!hPg zQa%&QX$d?+{JDv-&f;enY-Rvmg1y14dZ%wW5 zfm&WQ<3q%UrLtA05}Qzqq0D(!VoUQ8UtTjxf1p3D%9W+glSSa9e)YBhLy97&pv0EC z=dIs;Kb+0zyHv0Mu2$r2Twh@Z?JvXtG(R6w0Qe28DZ2! z|6XcrMqjgjZX6>uL4*cUFfo#ndMlt^>DXak}FrnrLhA9aM)1o_t^_wxmqvG&d_brqLCMkXKqTA#}fqj=# ze)H+8%}Fz~V0Gg-shP@fe>t3WxIZm%UBWgApVrVkLW_DD-F)UoI5i5*I z%|O|Ejtin0zu*oq&OYICy+BF@I!>n6vrDO%mEMNcBiKPooj#!6HxxWk3WPP251%7{ zklUEcrr2UGv8j)8=_;ii=Ea6Gl|1@!Z1p4(@GEWq@c$Gn5Qq6y)*rumD;sx+m%t*3 z^em~H4;9NP>_-`?1{CHpf7+%eupf#Z?cl;MF9Sl^CemtQgH+FBqKGhOx!baGCV1u! ztPD6?DIv>n4R>H@ z@fz$iv=8gm$b2~~Pg7bSzPUUET_G+lL;R_>q$Y`(P^tg!)gEIs>ZDs9ieFzM_AGX(5kv0jn?wk&7$2nx|@RPoKDlDoc#pE-Sn%uza!I5CI zzmgb=#lEE(+{Po|jc^~NursuQ!KWVVZy4%22tqm4bDvlDLWoOveN1H9dZ(~3purNR z0vYym*Q`HCBUJq!I%@tH=Rv#}-jbRM3I23n%+XR`Wh#FE&UmJ30UM=yzqBXzyp;Hy zJ2?}tT5Anc!1rF5sSo@SA?cv1C4w&vme0adEy|0O$1$@&&MNhA6-{Rbg-LnD;h$&z zGxmD~vFylz%s5N3wxDr{1!el&3@0{JY-eMp=@9{us(|nn>0SWmZR9LTGUVs5GN4~OPCU3mVV&j2!L9p}gTpPYK`n91 ztF6zrqrc3C*>H5j*?qe=39G$0@gmg21hvel1XBLm8XIXGM5?4=iI74=W1?m%=$hy8 zGF_CGgi49aDmgZ?(rg+L8&N|bxd0A$z}SdHmKb&*?%<+0W<-TCP>$2Z_+H*mZus#n z&&C4{&S9WZJn#*=8kbgLOb31IpNX_70tkCHdUDv3{kAA^YR+`HnBA2}+926RaO;zg zEZsS(%ae8;8Z<;!;j2^&RUp$V9NCP=oAo&}&qScV_C}0KU>O1UAMuf+3CwL)&3l9W56j$cd+sfH!Vi7{WhHL3$cvAPzcKqr!kG%k>$v0d7Wq#+v%4 zr`;VTDQcC_bIg|GjPgpaZwEU+HHDp^xOd&I1CC@;fIU8s;mRZZD7kyd3g4ha&hv4K z;BQ!pY3M1BXJ)jYwp05c6UU1Qc>2W>c*H(B=e}YSJITU1`hT!I5g|G&IsgXCX&m3v z#ZfVTYpRrIFs{?T&ww?gy*u$ni($811v;{9Hg~_ehLe z^sdE5Ix5LGYqL9iwkHJB!9nTF*Z2F&WijxjT5(c`FQGTwM(>NHK=9x7v4udhFy%u= z3z^FXHO|cnor8k951vxGcf*<$U!&c+8E~5PY*gDxFfYv9;vUO-cyD2UdnB`jG4v=< zibecIkr#JEoPWjUTv!3{zR%fW|0mX<`@>qQr#;yxzhpXx;S{1_8H~BmfQYa?qeAP( z!WZvRt&hjnjwgSAVWbOy0dys|u=?jbtOIT2Mi!)XbYxGAYNbL~aP;Babtp~|2b^OJ zwXr!_h2Yy|vuGyKl!p0ShS1OBb;v`6{>2;E)$8oYwNjMG^VB8M5LU%Q@*JmGlLZ@= zzI7+NyTX>cleOz*Q6+CzF5RYK-+nQhDPtX}2?&2$e=MnyDomygLGr{1GJkhi=(vhk z7)$(V$_M&p7ZRDtkc^3&ve>(4zZCy@d};4{1UHMj!as>MPf z%Vmg}eBlkkrW5lDA2M4?lA26FV*GO53e6YBBhnLvB@*g5-0=5!@vbB59Zn!aJsh{% zWG|*&3QWkh{I_;A0l-y;Ixz3olNkt>t*7^0YZm%Hk7m9ogiG1Tg;Rzl+zUAZZu|rm zhOM1j@3O0-y4$HUP-lJ9eC8|_tqEt#yk1>gTFWrQhn+{8%X~klmmWt~*|2wi(1ABh znKXVOGc%5%-B-zczed~4$y%e>Gg=5}ozvb!2LL(Q$BZQN7Ohx2e&Q$Lzt{Q-&OZlG z<2|VEqy>*KDhKZ$#*D8dLN9=)Ca{_Ty?#|CxR6;#mYKTb>l#VVm4}LL8dUOBsEaQt z{)_fZ2(B_ib@i-QMY9(-;(8&3mS%^XTP(pu`mgsYKxlI?#bcJDE}4e_#iKj0n5U&} zz}Ey(p@RZ0^|sKqlU_}%lz2L{zN+yGT29*hLZ&DOoA8_>f7G3^R!z(Y3%zX-uinVb zdI_`8?wGtfTaJ?!*BJE2d+4=U3WvR?zuD7#)cDfzgCU_!`XK14>{-7or#rKO{@%^G zqSL{X)a76gG}%yUVtu$a9sDQ|&)4S*qda+X z1tGTSwa>6Cw$4im&&BPH$U}_&d9r$+7BZSFB{C8%EOTnb;YAd^$}jb8l+du$u48U^ zS#jzoY5tNNtY$1KJ0UTm;N*?<2Py!4g6QiePVauv!Ba}T@DBN1jC1ISN2A|C{Pvk8 zt>G7`rBS8vujk$oI7d(aLne6$l)2FX(fC^G)vNJPlOW~ap3jdD^e+M96Sl(AESO%5xFD9>XKSaUAp8O6M* z7~`%(OLH9gg@KOZdM4nyCqfF|?^gWwjjv$SX(82$XR6J z-hOnd*rVG8$=)pXP$6tSJ}|)&hI>EDdayLHJ82?+ZT$N5b_ifaoh~iOsWy!reJ0F|gu zC+ofunPT6+wT7n}dVgybjxQn{nK9`-P`Y>F?MKNLoS+%D961M84s{|HN%Q47`ET#k zZ0R*)&Bz{+_<%V%4}hfrPNO2!f2t7MyM?hqB2a~TPicuD#*3gRof0Ed$(?Zzk8eCGwZ|LY zFin2bE-n$`AQxgS}A7AIY0@t#C-PMnCB?nSUK>xBx@cp;+CIr zJ_nD-Q_G4`X_rXzX}jTfcrUKQl-9Nc+a>fRNZmAta9tH~&jA-d_;H?x zon`tJLEj`I;4{7!4J3umh?be}>)pY{t=Qz{K++}GuWyE*#y(A)jz&$33gTaHZqpju zU7aY@U)JplX3XW)T)!<4Lsi-_s+FCmG>VC%wfP(Ggdn;mt)`LGR5spAT-+jGV?HNS zD|b;)3Au2a0+yuspq}D6lqJ|x4_0}$_#}o0W)xC2dW1dscAgxkK_ToUl^>7T8NOg1 zYjw=Ztj6EMCK+~CzkjA#u-#Aw=9-++_Z}0c;-6-}u8r+5|7!tG2(L-&OayhS`3}UT zLP3Be`up~VdD_oZj4?JY%@2Yv1_43HeCrI>gRkip_ze-~wwnJ5sbG0du6Bl5AzQ1C zh{QfhIP(71vxAo1t80!cn*}-dD=xCtN|XXq=^OZO^H3&|dp3p#N2!naPK)W|s**pq z>j%wiW8zqbfStr~G6Jp~+=9_+up7uUxHx3_ZU#xxN=Qum7r)Xesr} z@EQ&7=xNSpt;h_gFs#4xsqnz`QueI5X{`K!k>w4V5ULU_fXE z{>AQRvN$ge!CI~V@&|45NuZUps^B_Bo2JwknRQHfw){E&g3ya4Gin}ApoisDLisQc8>Q^C!# zpQeZkAKm@Lx(F<(au+(9#Z3JQEwBE0@U$geAASQ6)%k7E*cDChSVOHgT*AQabdG&* zxe!9)mcINu97duQ>3#BxY@%Xr*Nwb_=iQQ&* z$>kS>V6%VR0s1}!=KkHL%Mh?xyW@u^ez~@^npz2Etv4g58~%RbX@bhTR?^`lPeRD8 zsh8LxVB~+n>zUh=R<(7eWhNLaIYsc=Fcnu7^jqtWdtkaVqyhjL*97nsb2z z300CfjDQFCQW_@=;hw+CY!&~2jtHm~z=gGgdiN*cf?pJkAzC2DQqK0a$40T0N!N6= zjGMHJ|Cb0Z^5CRD=ECK`Hs^(OTnGX0N9w>XCG5aoOV*UWGom^s3Nhz6{>BVy9Yh04 z8aU<%_t-PO6%zl1DzO=@@P`~@-ut)uIU)g-}#<;Q! zLw%EOyRQsmGbv1egzn*Rcy@Hi2^!w9bI5lA4$;aJzNp?)tE>X4{lBlQZL6F?(H3_C z$M}6|iAPUnft0h3EM@IB@-rN z{=TVPUU0YBeb?r$pVGcp32)TmcU4O1{oE_m9Sx&VOjT}4wt>pC%LCrBAVn_TF)Y7cTUTpxOYQibem5%U@jBWSsUL1aZD2Z@Lrmyn7t67ywikl&5CojvTAFVs6$e zn=koW(I{6|Kkuq3Pr054F(`RH3<;?pv&UqtGs&yM9A;FH;0TleurxEouE}|w($$?- ziQVM6-(cxVyJZ?g8H$;z1DA)V9MhZc37lJd zD~vJPAz7XG+|Zfut>XIP3;eswBJ?jn{KJBn<{}7LMFpgTwA9UL72MP{*-u6$pG|ZsDI|ewk5844B~bZfQ-+D;+q2VHaFI1k64T0J(k`jJ&`I!|WV!E}2EI+&VMt z6TjaObG)LvLyBi1Yf2JhP}DyE?B_44W|GAM^%K3%bFRo($7=+`LLR5mt9?_^9Q&!45GOM>>ddTP23oJBTNAa@fSkbvM=~+K3P7x8+}12 zTlY`-v5MR>gnqy*5@C%%OMQjO_{uL=dTl1k-YKG)Cq}?Dhdjt~2O=7XFRif)Ek2w&M@< zS%siW6o2FCC(=q&f+g=_L$`4bX}c;A7&%=BR`pN|3jgV^-Y1Cc*$^3QcDPs81D47F$+rmdjT=z z5&)*Q)}I#;i_=Ufn*UCyUV4Eku&MK<=}mpb#=Dlc)lIHn&S-DomzW_2^jq+jL;^J! z_e=f>;fq!xik=Ky1yZ6_akDkeKw0TA+6PgOK-avD5bM#$1y~)w^pH_>{*%Xy?AJw# z+)4uz#~cUuz6jia22AUvMyrlvUd*Lp&gl(@msgmDWaCy&o>K09wV_m5twe7&G)j?~ zz#idn;>Ns3DwoIwx~$}<@8L*BKD4$Id-Za%)|ZTu2Z?ZMaD8oclbk~by$3F>+Ir#s z!2;%sd_OFmTyc~?iA#on1TSHmgTqDJ0B39kU{I~8|E1C$ZGXmV`Q6R4`K^ibRnp!} zNx^9srKR9y{>AzHDxd1 zsuJOncH#IwMx*+T+sH5A4dMg&!TAcFuR_+J495F#rqS6`G52&+TGxgqHI(l;MNTG% zF&wn2K`j=ld%QbZjr?mVThZuIANk!6{umoov=WRUwirKq!s&IMBfm9y+oOr9>Q->e zJ9SZY`rQKcwuMiL2B5!WN?f;M=7r=)Bl+wKNoTBB$-m>Co2H3G!1oU9ph9{uB1t2h zq)sjzHOz=4uLy$h5^}Rf+BuGC2JgPyeNnaP>$YvYc63B#@V%wGSV7Wn(-&21^r>62 z+b74##mkA(6!%C3W5eGc)ME&>Lc=VeW`)NFVhJU~D72{;_ zCzus}1l4RR8;P0Cpl08yN%k@5q1t9Xk#b zR0JkrMtNaWyLrli>m^oJ^~tH9dvIxMXxPrdmfpSmcVe$6n*bMKrck`_a^VpP?3?mZ zajI6jPVS%dcrKwrYz-BY;`(Zr@H_oT1j!lqU)BMv zW~AKwy(;9|L|}`&9|LQzOXWBncy2{IIGp$jbLr?+x@4#pURkKb1Z%mknE{>*8HU3i zlfypHA34e6$T)fEu97K!zK)`Fe)qEnc8)$Z#3Gr0#4c}o7i}{;pGI!n z%IV2?M~Ob}by%i)f5^c@H%=3Fus*Xw&R;c*Sz&#czVz(E_d_S6^qSieE8B?tamZ`7 z+cg9C#LU;-A=Kz<4OtRUD)hhQ85)+t41~@YlL}n}7i7E50AOg5(WbAzaj7U!qne+< zGJIN5vX6}*Mexr+#ilU`bjHyLaj-TRkCB2T0gRtT-@AO}zR7c7(Ty+C+^zn7#Q9T# z$<5kPUspb~Q|s9yqQl{RWyE;=oMyj*SX$b@0h${^V%%XG#70HyjYyVZT_lh0O1_y4 z{3he~59jVVIB7jp5?UVr#H%Fxz(mJcVVDMqU~vBFDp=9=p{WU&rwr1x%x|k2?%wiC zt-HFoe~Jl3SyZVoW{{lVwImQ=`0Iko2weCzaNfiRID%q*Rov`B zpR{mrv@Xs`)19x|CLp$42>G-a{Md)Q*^D@(SXTbz7;m%Qn5JhO(Ns^c#$}F6+33Qe z1B~{t50OIT&f zYg?3`XjpV^@g)PTweVFMJ68Ef;We>KuRX$%2`Vrc8di@=u07}Ejdt(8-8jj(mByl- zkM^k{`}yQjssA10f!O!XBgXi>VYBsT0H4nJdVnsT zTBd|^UnSK&#8fvZu^=7LShJ{quTy(VFqb@nH^vMV`hV+5q4oVa{FT=Q97%~Y684*I0g})$sO;MmgqM==|58u z-CkV zw>UcXS9#6wjeG>PrW?F)R)ktn{Rh#>&s>2Si9=Ag?!$3_&5uZLU=&eyvz`~Qzl{p7_#S$GnJQKOV&zO zAP$}vp1CnD@cOxRT3Y9EI|se^>2bunL>*9)ifW^)OjZbtTil-V*!1Pgv1)7X71o&^ z&5IRAKc##u)Y=^UTUBo%lTw2wB9T_BQ*o*LXnO}=;`Pz(@w3L`BKK<|`uyqP)AbB{ z2iCFBfb#Th17%h8^2|+&IVIr8sj)J)OvN1#?e>kYo@#hg&UZvt=aMKIeDk*9NG2?> z{NmR;8rcG%ecvg0(D8jo2*9GmP@ZhzK^#w#$p5q8^-Rj6*Lf@AQi94tzjaeWK;!#7 zJ6^`*z4PWB$^Y?1B+Y((Gr6s%f0B{`K|FrKK)3R0!bw;9vX@xPsXp zn=7#!pU5VE!RlN2-RvQj||P}f)64sBYjw6TtfhnFC&`JjO^<(WM5YLpD9+dlCaHjDwlb0(;dO>q}tY8AwGOXMG5d(0GKQ)rbId zn5VB1Dx}D0MyafC9G1F!6<=*2T_g>RJsR=ejE?TQ1r5m7Oe%#`%vLpw%2pZO7-=$By0(`61}GsPd@&4p-GyZd_N^SC}{vy71w@&lj3s!pYyrWV5j z<5O5^6h4RbS9(p_Hp60?>I>DAj2qBWqbzItVCBuFsneN(_wQ8b_4xTg7d&n^A9h4# zm>>cUvlH=O=qQNNtpmn(i-6ngJ=@3AKO^h`Ms7r^4&_L7&qGZYRFiJJds^lH8|V=z z@N?nM6&I9Fpc{8T*X6+tn+pYhVay9;Q`89<{@vXHZMShd33k9t9>J@5@iehlg7j~b z3yXNn5s9w51q!~fEc6-a`MF~1_U!t1Dmm(V(Ljwesc|$()6npc<6htZ{}h4zW0ZBu z%u%KFVP=w(Q3}$3n!n0YNK+f3`=dFlLVQ?1_80|dF|RP}XpL}Z*p{g48|PpkYz|sn zSuP3{{=NpK><|t+GW18KHv6IBU}D-9TEWw$ZKo*HyopEal@eHCr-w#Xu(|@b9fcav z1(^omA0mh>yCeB`rrJN_VX}!(L0By&l3}{0<7R!+a|)eV+7zofaM255n0kGuer^y_ zhojb^)lmhW{)_0`U_YR)3xeUN@r}#)4L~%E5Ujj$zL1Lb?Oru7B})b=Q)?sz?1}$C z9Ub!L4iW%)`Va1+i+dFcD+kg>GVA7=&TS!`U3`0;+sA4jb|Yn8XP>V}Lm6Q-)=h^X z|;V!b_jl+X}jmve|z1BNlG)_5(f>p^>or%xZr^13~``k(lavw8| z$$4$=H42i52~(&7QqlPi-l`M7uls&iMtU5$0N0nPyODD@L{-+Jscfp5*MUIoZDqyP zGJ+-!nh`^BJw9_bH;Q95&DUe;HaIeC+;>@;2%(=#V0@yzJ0XP05 z-8l|^H24co^DOnNRTJa8*0-O*wea^dT(SXek*`)s6yWSFYxK)Q8D#m(V7DEa5DCP} zO$B88Z<||g6!Z@}thO$rJU|4JVmN#LTsXczQBi?l9xuV$ft{wUTO0MhEmqZYjl%w zDGAfjh-DT1gLA)l#Bt((VaTeN(bFfiI}7l&$wXuE_o1=R+#@uuTWn_&lzFAkf<-z< zR(SO|^Gm~WM4wUUW2v9YDJQj8N0m^Z4LjrQGwjDhv^#`G8DHm9Q&E4zrjwzATtyz= z-lB}zAAQJMu)CDie~LIK*SsktudReQi-QwuWo4`xog@FIHc-jnX^${$ROWv-4p8J9 zW#Chhwm&Nwqz$!18`xFh=j^SBkvL^d5FN2m;eI<;j1Z^ZVb0S7g=8srVIS zFiGCDJ@#k=Yv|#dQ{p%yM?-J{r0u+Z^uSA%ZY-*N*dY*exF?bR$7DOblpk&Hyn1;j z7~d;|ETy)Fb^vElU*~>mP=e0ZHhmORB%ZVcDU|SEYr)9QvG*y*-?D?cHN9FyPF7|n z4DUJxFGpiJIyzS9C{&LgKNgfsy)`P~+Wh%_Z_K_iaM4)*ZRYK-hP}yLB0XHTLd)hads)`IG4TLX|G(;hIKE0Y62te>l;ttQ zji7EmnziKEtF!3ZgR<5k9)W?*PoEp`q4rQ5t zReD)ySXl@JE=%6wj?L#bJ#EjPa}E>H%y@Uq zP<(axoS-@X7F3I#I7l+##Vx>!Ke#rQHNR(^23S51>*NQ1DD3+&8G@$KL(|i z&`)sJRwyL*nqQ<;$$cUIa((uah2s7; zUWduzNV&^mC8wo5yOA~sP7t-Vrmw!-1P+*HJ=s0cfucvVF2}DQxy#+3oD}6@ z^&@VcdUw0NIb8ssghaqQSy}sLTv7HxDTf7lUp*w=cxiL*USTbaswBE`jhPSNnFvgbv4%^Zp~fjT(MP;H?64KR;2I zG5FEeAs@SEh&p>}qc!7O$2V>0e`cDJiTqMp9s`u5I9ONL-#kP98^1!SLqu7{eEvmt zvbNBhyulUT}V}*8ZDIt)CbulErDMW^)=hP3cWX~&{AWH;eQa}AKyz0zUN0^GNq_N!@ z2Ioubz}RMmp{zi1+G4UFwev@+Oup^YK9#)lvuWwYwwjaij3l)opByR*=)1jBOY!l` zM%CM!aroy&I?@CJ;`d4AB4=Oo`eM0EtN`#n*p!2FARX_+%*#!~s-iHYyRWefZhR%yF(DBYXZ}kLbRbwnRnk;S|1=^0mA7Exw8YTb0X;po*>V{! zV7SY)yt0x^!dTeXcC|9xu!8!-+f{_Rz<<9*uv;;4-JYS>7PyN%WdZQo(A^6LjNe0} z{E0g65viTAlH1k5BVdJgx)l|HkD^rZ;=R!^R$d5|kfYl3Rj(hvW5G~6|A(WDVIXDZ zF+WkPv#5E*+X5{vKW?8fgm5)4XEP?xk8!D7sV)ZRNkQYi!SgjFsd>MW=AUcsmdhel zo`{?rfSG4@bPsF!`P(T9=j6Z+Qneo?_O!jvfBSclO|NCtObHR%aemM1+Tuxx$r}q; zBv%Pxr`VdjZbiorA6PwAH7WlOtJ~|o(*Gj#i3x)n>l4j1x9_IWxdZKiq|4$({Mq4; zv+;9fZW|)+9mlVE@H8UJ#*2WzU**G7;7SJRTruc{Pk6x`_8Pcl)4!^ikp<6^jm_+3 z_Y^gpgdILYU{3PJ;_^>Wu48yZ>ko)mC_3SxS z!hejWg)Jh8Jz932`|<1E*C)Ex2dUB9t=Tn>mE)#q3lFlzD?vXdf4BEmz|MM<#WTK- zd}6+5>O=kuFwAdmb6dMQIor$Z9V5MA45Crktu;2DUk(y8J0LoGV)K9Y9D~7mQ(K2q z#ad&2q;5=y`ekMz%U_(XsoK#)f!E8KqqRX03)=%bbJHLB8^S#omMvw=b}y=2mrSgL zFBaap+6uxsdct$%Bp>?~aI(llve6%Q6R~t=dR^rQge-Q9pF7*G#<~c8>OmpJM@5YX zI^keLdZ~M8B_bcMC0V7<=>uC+iF$>#}M<%l|2^(3xN-lY^%h$5$W|zZMsNq@txq(9KB%j}Q^% zbpuFIf4HwgNmnhN$T?ycez5GmT<&)m8)xQBCRn(q&PBX#>;=1koes;6%+_|ZKKlIN zNGmIEyXbw%(5?`l=t^fvel?AiAF~^IlX~2N)lWy;CqTN~$cj9(p!uh;&!D592J2O7 zpxa-QTW<%hDx*JK%lvXBxJe{&a9Yj*vf=kI2Bjt6@yyGRp6H)$pIdkd9ipa8j+co) z4M4I^p%6+)tKi1_Q?&0hADdKr7>upOUgp6YAoW{( z>0^1AbB3gEt43}jV&eIp` z?Dw9RjOwz)V2FPxu%TRBI1b|KPzZiF85Lf<6d$1f(fC zCzz=)`3Q+6^rgG^wxrKK1gn+v>y#(eH0VvP!99>>k!;=}NW``Pwz9ISIBBR4Yi9u* zp0L!#L9A)2>i*gBzvLYnR`jJjI`H?T}OSxfoO~Oi`!g+&}ZBv1#y@Sr>xe5Ol!8_P60V+z? zlALlVt~N!+G=p?2AC+%2TY@PJmZxFVG;L%YjO_YC^)G881y;XS=MPq!VibHg{G5Ow zMm;`c$!^rt5yB8z8H@&9*Ym^ED$)udsW-k!XW!tSB`elH=DFMT$6h+?6Ma8`;ve#P z+~W8*-ywoRzD>aEEN-6Ly<{jMZ*-UC$f5uHj)Zw>y?UAI0zJpx*0biY`-%z*5u*;uV3(st}N*>74)=>2Uc| zKlapKTQ`gMM==j52s=|^B{tvT?{PQ~a$Rv8VLi|&dy47v%( z5{l=s4wFhA>Mo0v!`^iD893i$Dbgo9pOEYdlH1O>Tv zav1|Vrj$c-=25=3NaI-%Cwhj~o8G-nVN1n6L~mC z7_d``jNO)F(rcbG^o>hTp_s&KOiDEBT9td78vN>7!t4lw6HBBq&0x_)geK26Yi;jG z{fr;KQtB?aV)R6HlxbwCl%Ar5b5i9xC1y4E8I+A9;MccpzSLT&qK^>XU$pP0)QUM= zRi3(ipK7%Vv*<*rVNtu{#s|rwst!f+4 zuV~Ae@G;~>Wr=B%_9QP9miyGP0j?7z34&|rgJ1;oYOD!%%98u}9T9w>6Ji z$iVLZ?T8I;V-ZZb?lR`jrh+}{;$rf~uyBN&v_en52D?-Ra3eWeCE$^R`YYdYTQQ~* zafy=$p@migGk+;lF1~Z6V0*H!1L5NMKDONa>AOM;DK0GGmv3St9SV)xG7FJbq&!Q< zIuYRB+(3J}FC}tG(NST_ynN^$ub=4rWIZf2Kwjx`D-kfY8Oe`=lUe!)qm0z3nYhZS z{oX?U=Vq@8uXG%#Q31y|@gr5fMMm8xw$U5~0iiu80rKpKkxRQHl^^y_M)-xQeVBeB z*kmdRxfLP$LSuR{8+{b2DwIX>iD z@yWOQU6cJt#)bIDe@O?4)92)_5_z>k{uS=JEc9alkdp&POWj=M(6m{_h}HF@jb>1_ z(rC~eVY%7oH#HOVrl|{459)`X&EcH%oJ-GnG|MSI%NjHhG);LXV)1xXvKr@J^$s3!#QDI8!clxwARU9 zXwNkjR@2Uf5?I}YPZDR1-lUm6tIxxPC`Ou9R zw$$oatJH(&gA&{z!L9fNxvzF0GXd^Za@H)Af2m6xy0iU*Oxd#*y{+#tZfZ8MQj$>x zICNVJ$)ljNi9=%h76{@H_(SEYj@a{-HpSO{R`!9(BYR1+b^z&9g*H()KEfb3@EV@; z^#_egq{tg)_bj7)ShM}`07sM3@04kSHGx@=DT&5egK;kfHL9(ge)YkT->WO;H|Kl$ zL`KSspdUspuKb-Yj9zX_z>_tpKPepII*z}=K8oqF>*vzTO9fM9|nT z{wN=f)p;SIB?c%Lntz*>K;=txAd}I#64g=~e64(#7%lnwkhGKS#QbVa*ECqg9s%D&&KSByA^al zac=REmF&p#GWz+CxLE>&iB^_q}(tku69|+$U%QQXJo&lu-)b44(uX4TY37oEobzk6g3- zxHif-SeehE5!tV6iuP+cnxtMWQ`0^hm|Pi*czU4e=MhgeRpfxlsgfc5l_Gg9^t7q? ze%<|7C%m_~kYDh!8-*4nE?|TuhjnH;9~}g!tPzQV!n94P-}*67^Mm!a+r(B6TWzq_ z%%uC}W!`6YhZe-OdQ)=Qb%cM!J0dmPa-fLD(Ci!QW3Tcdt>&HCbypXtk;__NHj?tl z)F?d$Ov_KHP%HKZZ3hLCk?cf#sdbQ1%l)S03R_t?LF@YgdDcKa@V4|U!pofENua8- z>1yyqlIE-F8cz!Rk3gvYyEHGIm~4oogPEdPiY<7; z{Dh?IHW8Jf4=1+}Fs;0} z#wjm0%*%@%Uv~H3+8yIZkR%IThxvb2k}I^>HTc{D??01Z&aqE{@RJ2G& zp2*ot*8Nesnk_++{s0a00~`q7Lm@rGY0?ebcm|GG02q+05lYcDk|0Cwo^&v#x3dh% zN|Wqilh7>QP)ANWFreFv!ForF*jM(!Mb`KeyHs8f3c65+gI@u6qv zH$fvgqjYCBQxT=QTGm=DD`wa(CPewpUATh}hA2U}oaSmxXx`Q%VO(v`6eqUQEAAlQTh{1(&rVNA&(kjn$n)m}nnb$f|&= zC{MlqQm~o7^Gf9=xABp}R%%2w7b~}9?DxKY4T=lr!;z;11vOHQB*?C+Yw1siZqvV3 z!w$_|-^UoY?EaL-oA{YgA1mEc{QqAdkid>3kFFx`q-TLjN?g#i#^S%|B)nU)dba@OYbVVYBwp0|op?XV3i&f?@^ zBSRTjnR$LM#&ii?7nn|-r|Z1))RHlHSG~Di87^_duYIS_lysUWS|{)f$)ckt+D=ek zw?xZtM_UgHy@<#Vj7R(McZ)oh0~cMIj-#E|V1B2NuCHx})tm7Y=9?5DkK-z9T*&3| zZ6R6f@y6q^Y%dIN-`PKA?W?SH`8~*Q=E^*3{v1`Ns;*gSoqD({+&U4w%Ce5Sq>Fip zPrTZT;pH8w40>lwB@at~Z$_|P`CUI#C9+aX=SOf32H|t=Lven8*|DDR3&5z<(ZTdj z*d|T$+nMs}E<2?7718B`FmrQqz~3{v+(K4%f-~G|^L_LRgURhP5DJc%(dVf(P7nD$ zvwIUT`Jr}oto2-vMoM9}2u<<6Kszm>SHbx4Ji4akL1BN{v0A6ghHdpLKq%+g%k|Dzc6AVBV}w-FrFr ztft9x6{)SDg};2MkdZmgC6#=65;3p#e+jIwwT|Qvv2f3;lAXMfBqZ_kcLEql^Hz2C zC1e5U)I`^|@o06e57Y6!#``PG4c7i{Z{15fZ9u!onEQcLw6)YniiB#rM(;3rqbWo85Z=GKtmABp`_J{Aeru>OoUQJUjJiov(LQBbY4XmL zz?B>2L6E%#^ZbUFp-o>AcEut^@TN*7>00t~>)d9*fUf>|ij)!Zpey3MSE_m~1X2d64y48ot=`E1oBhDedGWzj+C`zjHxtaR*4NL~R(Z@W2&2z4YPX?=CMZ#jmqP*4~k z`EUJ(1>*T&(%wH!j@W~qaxjJ$Ht^T$WUi?WlcMFTKdpj}6_g0$!;tlbd|}?-xH%a+ zxhnDlu|(&;jF8wJ?y^rGUj&h=@(Zboq~vu3uB8r6a~ddbV7PqTd>M_#-5BPll>|3) zN#R?+c{Lqadr5pj6{tBL+PHSNRUF>E1`{*QhSWNZS{=!}#alUs9WSVIQgN7q{Tl55 z-EI0yhEAv5Ev7_AR?6{Uu}w;~tIhyF)HlXgfT*A`m!+}I7edReZxA74YDM7+Tn5Fi zd5Xqa0b>c7Z!X3C{Lagl!FH(CsOt?)#f>~bR6`ggR@ar&3`+dT@q@#)W$nt~VS=k# zr{`>Qv^%QZd)w>{=R%x3Ireda3))-sv5^*%S8m7Ck&!4QUjg-U(=U&zx14VbaTkU9 zf#n&nQp4_t6MEkXy%^mS-Zxq|=q+3{xm;WQ#L3KMjXB!4^vPQ7g%hr>WcEod63y2O zx@NOX8KEJpl^>|2lWR4nYjiq)z#~GJ`3Fk;6cNyMyv4f^uh_ab4I;wB@A1at1v+#% z4oAOt9}iF3-_14G<1>nXQ2}~X>t@K--kgn=pyn_TUvw=mi-IKbL711WTNQq~ITj4RsVm$Py+HY~PQcZN}q1w=M7f#>Oe)<%4 zu)U0}pXcry%4%;RE*Sc)FJ_9|n}$7mx!j1wGapNM@-*W%YiYeBm;v04`i;{0i?L2> z;DvpMoyL@v>f{J{E25G%w^}TVyN<~)dr3wK4>B$l3>jI z*3}&n$Iiz22wf5D=y4Jk>qip@x32SCe@{;f-`l=1Rh^f{i#QA9XHz%zi?(3jg_xnH zRh@g|OI+CA`8c25(s#FgWWA){D{quZv5D(_(TGdjfa$XteA}WDpA*MlGEOa0CuicT zQ?Mz!rwnrA?;D$1Pd-6_o*PvYA6-PxZuC7k_1OlQi6IG4)R23rKwJ1-u7v&)|H52FGKZ%d{o=D!x$!nhAsa6$VNapdFv$ zo&GX?X^_l$32~ujcOC)rbc1>iP+U|(EU&^tkD#Ze>bmkpNmX-8W1J~EYJUPZ%kR-< z-+|*jpME38aJj|$PPfTsZ&?+3Vuiyyio=1&D&)ssp?gYSIhxFpWX2MIBWuj_L5i@; zm3JOZY`KdO%*rBPt8z~0#@mk9hr&K4@gud}_Pj(>JkQ;d?i0T94u2j8A}3+Ta-{4& zN|4+NobU^K_6qTJ=$I(Tcg7GR7^aF3`D*Bd<=qjmaTa9bA@`mWLnn8$?0@|qEMFGN zOl|y@d+o-PFB?r$%(ol-sj%>CFD7<~sI}TplJSH9H=WrAX3?hpoy%?KcWefC*thc$ zIukmuZ!ulZ6N!$1nGTqM$3>`RhvS0_NhheqIE{$qYq8(b7~p55&Q>t0@Xhe}Vkva% zMjB<_kI}q|!7EAG$=8~3St~F3sjL-bnsus;wo*;Fsv+C&89m#=y?O1G^P}BSH`T76 zIeW>>${ ztGS#|LA2}Ws^ay%zPv{tiyv`jjQnCFd% z^p}Q8zjMka^O_c~622E!Prouhcj5X9Xg{;A+3XfF|0Ma#*RF}?wiQj9e-W5O*Qt6D zV5sBKm}p+S#vN_(w$)*uU5#-$pkIztsUqy1&%1dy%eqfXZ?w-B1^*M7!lFgN1D~d0 z3h;Kft7>XmXr4Qe^g(e~iM$2l8Yt^T&$hD;@-`6@H`a6wga5tydAajWK3Cg8X^Bg6zD4 z!qN`T7E3IGrgA#dT*fw$k^WB6-qmjmrK6(jDI}T^ncI9GEJ^)2rEx7NayMI(9*YSr zeH5N(b6nfbTRPPEvE|xo71l=cRvbma%rWvHBvfL{q6hbG21zU)WAPv_BGdsw-^5lcbY#AgOS(hjh_6>Omn#9}4i)kH zg4zsNp!#Gu7!}l^e4X;J{&SOeQCa=fG3fl^RSr)Ij}E;D=_?0Cs@U-BK2Ib^EzzwP zmFOj_=*SP>o-T6(oRsJnYm4WR$@jej3yVuIO0xI5#)YDoB^>x;Ywn(C{i7lO;ik*n zA|EX9TazIx=KDc6i88#cI3HH-pPb2(D@_7NK@B<5`6vUKL?=L?MYS0nEXZ~SokX?%8jc-e~ zp2z$|%o9<%;eQ_SS-#@%z{h-6ifi`{{DoUXO+jU;wn~HoU^T7nWJx2u)-@-CI9XMa z#x-VqbJ+XrUit7OYHa{Y8*<~M^*N7=Z8ozN%YF!U)X}l+t&LFggtr$xuM1DI{?F#Y zItr9_#8vory=Jcj|G51c@IncJqYT6jlfLCVhhdT|iYQBQ9(t3hk7Sb8BHI9R=lQMN zh8EF@pPA0LAFZCeAZniVersuoc`?E8@ zAk4)a>g-l}Y5Uwi5x4PrS8efTE5=z@-1=NxDZgYKa&%#3E~Ww)&?e^>@KtWsBMYbJ zYzVUb^PuNi;WXN-gn$ZTG2f`p(|OlVn$5{R^@joS&rQn8L?-9NRQtz|!N_iImv&hI zdYK_2H;;bZJD5p%B4!*e>??h?dOQa?uxQ*PheT*W-K2e7)MQ#@C#;n4c(Q z%vn^Qr%MttoaAg>b#}!3CkwYs-44a4QHxm9>AOJP^H-(yc-P0*Jkg0db#=8HCZ=?o z?v&SqbDroM^RXWj>Yo+vc?#iOXf>w%r#^RwDppg0a~Zbc>3xcnneZ@@`QHd?zj@Nf zIy8uBYG{XjAAjNG)R-hv@?gYHQQVNE{`bUerr~{>tAw$1;0ONvgr1VKVb75Qz%VV# zjel`5-}y%DygyR^;hc>LJ_%};^jNg zSXY4iOK<;#`a^^IrQ>^pB5VoRKl!Jx4DsQ7Wr~y_hNe8AE^A-6(Lh@k9L-Cdt)CEnL7vVZpvBuI3{(Xjsh5bP{TYyjV(8NsixC$_nZ}p2fYm<3ZkCmCTaPEQvUG`kMur=6%Uu ze@vrZTXh@Na?^>I)63B?su@2E+g?N_XJ}>U&p)~&$pR*wpOOCwTs?nxo6TtyfC(13 zgXdeG_4wSgm-Px-s+*-*b1(Pgd9U~``;Xx>jqpp z_2v%Nm|D2aLb%Sg+`Kk+4t=9oX(a___l3pcjiK?y9eNcfkPiA^Dk_0}M{!(j!6!FY zl501mN`znjb}M0;vVzWOEvPvs7SIje;FY6wHN`rFhztLjdg*xaYk0!gXyozqvU%2sx46A|lBfJm)=a?)*-^h! zbvM99{g?c;6Kqz#?aE{Cd^r;Te+4cYikz=!XL4=ewtwNV-&f8)dYM($c=PZ!joqCe zr*&s6%(3(Pud`h*%`AKe8|0}z-aCr>SHB_+kexMs$JzcC}(Jw9kK zB%85#llKF&FTvY4*?Wmp+%O1AFlT0~p%||-kUJk7yFWg;o%`^9(;@ zV8b8i)%(JnZY|WbDtPe&;Ruv@oE6sQa0 zpfR0DWz@)iZs)1P?1gyZl2K2nI9&ZB9jW$>r!*^s4r|d( zHk`u10Evfv1QoVPg!y&y@vweOV%*ciG=d+X|NEdVr}=1-}Ag$=&sz$C7vqr09wSV4HZllV2djZ#m{EKG-#}~856&U zIC$t2?xOq`-ko;v(ID@pb3*KX<5iyL=1RDA^Hb8)iwoOK5mqCxoMl5&$d?cR+J2w+ z@5M~seB-4#ZgEl0NrmxK0Se;_Jwx`QHYr9JD-7&A4jXn_9@YaH(3CfJ<>sEl{ZY{^ z;u$15`dyC+cRPyftkP6KFdCy@DfU1uoko~TZQ$W@9Hb_%5-(&`(AhJjAl1F!!)=Ml zfli~KiGwWcLI4L){9VdZ(hVa08vZB~!}D>-u3kKI@%_{TuQSzSJKBr{!)t@T8ojyM zo9Sw&K}t|jTyke8=#cH% z^6L9-Qi?PMdf};s#l10J*(A>uyMPj%Y9wgVLsR%u~CU2adQD=amQS%+5JiU z-wtw==Y14EZh;5_?;w;upqO3AyEye}uzdWr!{Ia?KYSjCDz{+!xBGp~dL+U+djKJW z#2ws9$3EW3HQ)F^E%=b!5~l?xF~0GAZHkk4Xa!Wh5*FQBiBN$&S9-I-;-XfB#!;*0TEf}hjF$c{b9@I|KEgCg5xH&v%cgc5bPBVAbD=ya30vB@4&dBGb@~DPN zLnM{;ZY8n~Z!7eVGQkQHy;lS%S0Z&@@x4v7w5{C4)C=G|jWHjzuSZZD$lT((3|4vR zJ;ihGL;q*W-H_<|)O?&`atq&y^^TG5($XvMW;qjF&M=LgJ^CHk@A%lR&t$+(egEG7 zARsJMJAj8Yn(#ByZZU->;@a%g7wjqLsgHuGhA z8>-@F8XdoJ-cHa!w2Bz>Ty+G`?4Dgt-r)$h(~xpTsuhR+TdR6+q2%U|3q%E2QlzNT zbO+tEQhxyAflIpj6b$Xg%TdwuXy$>Fw+c3UeIBsf|1+=|*;A|`Yb=<&m(~{0s}l?a zxzjHtjT=VIg|ED6Eag&^;NaBX{Bh<+v?BEno=X@btW2*GHZv6Sg%Dt1VAsI09U71;4 z>({N3$a5N;OeLl(Sb*3!R8fkG=O}cEf=$f%R~RzV5O7XAmd^@*UO!?64_Wwk8YPw? z^G9A~@!3u8QF2M+&C3!acb9U1{ghLsD(aq}>DZ=gCX%y^hyokYn%I1jhes6o$MiJe z5~0kv@ap2W10AXP50%-pk{=u*3R__VtL)J5Asr7$GL!}%)13HGU~~V6ep61UU|QWnM>wYtU3GFgcf2@FA+P=aN931aU-9rkq`6rKKGfhB*&tU7iVIV&@wC z-QwR1y>vQ;q799fy=Pp*G|00ag<*hO25;u^z`8Dh+owP~+m<3x=3^bk#}ti7$D<*A7boHQ~75YIu?5jfPw`Ngfog zeskhAa7Qy|+v1t$Wsg`?08RNgF&Jl%7^Qyp=psiK#K5tBg~W~ z-Bcg{lSb2WVb;QJ_Y!h|MX3^*Y#CSnBGVSamiUt*NL zy)YYiUQv}$8@`i_EvzmKM9&WHuTFK~ZtGX~oKZs>r!D3%-|DpR&y zB(fdmaQyUjLrIJXoLxUDhg9DBzWLsy2zH{AiZHyg$U z>@efR${p~MnTkwj8=(!}|Fbn>50u!hNAa>m4{i$J+lw-)Z>>qiygVcXTi-YQVxa62YJ%tK zaAM&eWtNya+yl9n^G-I_h!Um%ppU~hXv+Ix3vs*IW?xADq>`_|3;4WwR&caJ#x3dQR^MbDUCkgAJTubE=Gvc28< zY4OH;$mrU%e9XbwK``fOQx;QA>U%--+tD(!czY--EGdA|E5m?I5&e(L_IS^mZ{6of zL$g*vIcRg6Sb#pvP*NSQVPK{gCuN}j-a;jg3K-rw4JPD`4wBb0C|+03V6fzGz>2nn z!z1kz=hMFLAtfXtxC~j&rMmfg>My{_+p~E75LnJH<}|Bde*2XEm6A(FaP+w=|MV66 zr^GpZ^Dv$bf9i9pmpprn71O#mO^bv5XFCMW2KJ4a#X$~6pL#XgEDG8)L{U1XCV6`# zFn~TX-E^oJKKOEkxnCOwOTR`OapN}w53V-XCsVF}MIC>Sx4(z#opu6sLbzUf-l z_8N9g@C&jW&G7DPFgbAGRQ>25OUo{PsF{5M;OPDIGzY(Io% zV%|udmRc%d6i^A(5ASQ{6|ORnUpxSS8D~Kur995|NdHr-0XGUd@DJLRPZy#>4&jK4ajwU4I06RbQ^J@>ipIMJ$_WFOhaBP zX1$t?ru2(y@B#~1h}L~1ftK0*7v3wP#)pPyj{4P$@+@>!kVOR=NfrXB(nO6OQIZfB{CX2Q&G2U@ zy56X6S&qN>S~{JR!+Bx|E#_UTd0!8-Xp&cDyXbW$A=4Eo4}iTlQ3r%Fp(tP(oZKHcl&dM85LEjmsZz(OeR?%XQ5 z?miSqBUNL{$Wv%WF+FAG?^Mv~`)G)hV?|Tj-XrLziqtL5V*OnO8d0HK#_h$3)xC;? z!g|>YZ&Wg8fuD@!;)g6DxF72t=Ys$1|IFC&M`!ubb~+&m(f#>+hQqRLG^y9}Dz1VX z^=^KqDYf6MTXXOLYIb7qDgWTxBt#yqkVLz;pKbIafJf}s7G$*7B=+(!L31ahYK%@R zm6sxrt&}(F@WI#OlD16%gL}i%Zo^YEx^ra_m-O`MGHqg=?4gi@{TI_JFE1;NH%TKB z%j==PA?)m0d%Edb8Ty#jzGeM`@}P6NF!0|-m&uJ=1;4WLwwk@{P7jm6IUqpK?Z(Lc zW>EFA$9kIfz^I{Br}J55-FS>A+|=Z6wS(rVrlZ5MV!N)-$4*)t#AXb^ zGFXGELUM5yqwA~F?9NF4X_qHe&?kJzZ+jUn6FOZyfZD!M3%RW%R)nDEYglQwoW6Ip z<;PfgSa-K+Khkbg+V$>LTv;(&fVgM8(xHo%&y#O+w6~Pz!Xfnk<^z>^%M)Y;1>iq2 zIip|2NEL=)<)~w#hct$Mj6zy;lx4?g9B%*gufeEjQTZLh96QXH@umeiP2<)KKr+v# zI=+yA`_h-~HUpKe0yNpZa6Zz*EYJke&d$Z|o?iFl%PlYY@QT|iA5;Z{Icv4-u=gva z+^c?c$jk!wkH5OqQ)lb73hO%8tLvJlsnJ}WeSEEktU_IE)!)TU1^a9CAaiO=6Ly}4 z%cTXzMyxQ1gPKY+yHvhm-= zJQ<{XQy^dMWVB4*9x9mg^JwiFsYcZ?BF(%#o0I)dQ}T6l*GCN` zYVkh_w&xC0a?Fr0MF_=j{Bc&`;aIHUoM$zpEZ*R4^yO)xZf&>enOmE9B_itoQklbxxX;r>~*N9*NqFJQ5j_T>8z3dtxn^SERF zHdAYcPcww~&R*lGzhWo8oAx8wQWOiH1VwXO>S*`qz_~daeQ#G0Q5DOd17^W{MTi9R zInZ&58e zsphtlH3orW9Ya*D8?v?b{Q24EUH~SI>OVUgsjm(lPPaz1GSB2kMw>Iy(wIj>k{6+a zYL&Q=H6Q!I_wi|_F&uEBO{YNTg5lC+3x)nuPa!}EkyRujXM;ftW8y>;HNKZ0Pd(oCn(43jCVdo@OyTL7i16BChIteiNnju zTPh?Gn0W8lAUnI@k*Zk!9588E6(K%l&x7pxYvp}W&G5xTDJR|c_x6f|O9X=H8Xl`G zz^DB8{5~4c!E_&CTM77B_r#Mwvq3yk70a3|W~O!2mC#aSM$CS2MP>%PpEz|EUbJeu zCJ4Ie!e;lDTo429i1n>onnySAtF=eLp+K#+)m~`d2hI_TP=e2(fbL|ZzY#t~dOxcR zbte`pez^Hu>dBoX!=Po(L9rrHw|l4^exp+&@$%%|?hy5e#lLzzK51SulEy2X%ahzz zlgO2{4&X*j1x=cO<25U*tNH$L-poQ(b?n-^pFbOJG2XdVK%Ag9dylm~2A?vducC3G zU1_oTL;Wp#A?)&CgzYjwv}JorH`w!&j1wn;R8TU^QfnPBRude$$2mJC$+gmW+dln+ zR=x=vJcGzw5c{ z_sO#nCVnK{n-|Xs|HU-r!%>feAuNdCk1vCmGH*TdgZmU1<^~qv%80EX$~G{|r!a~b z?6ocjewP(|n_sHhngzA)LAdc}Rf-&qkyN&1?-)z)zWu4g!bBx#4zX#IyF^YixtP%E z#VM{%?=8qVp-oRKnH2>~`W76`e=HY35a~(}k|6j`1$F6UJ2Bd!S_l=sV4ZHU>|rB(FFPaAV7a7jFg@Yh&Y95dB&7ptUTtQ5{@6WE6*j`wZwXYbY0ivL z|7>qPU67@&&?mGkfE3>&*E-6cCDy5+^<(4*J6JOYwSZR5=Z_>FQ~{Go`n|^RHx!KN zlW1IU#A)GT1b_XW67M(D^_XC)08Wbo{2F`o`MN<#EuySB%Vn}k2fc6wSenH(2?87x zoBt$_C+`h%2@PWo4bN4ORkOYT8c*2U_V<9D)M4)RRt7If9RoK=dB2utcm9-&b80eW zrmJDC1DU^nvk4B>liU{WAjixa=1+Oq9UY{t%lp<8ehh&>f+0=4K~c~!kJ%RQb%kLR zNUl|XW^g;$(VBf#iudh5S+F$tBF<2nX%d`iFommm?szO}Kv`%$djq^-Om9T1p>p!q zL24HLWA2T9b|50cvM@q;X6rR>CtzpY)+*>ISk93pSp?#Rm)NxCbZkYRQV})(*N0#v z{|Q%HrBFh}=m4?7v(Dp<5k}40k81o+=6E?cITBiINPmTR0kM~rk*KpA8ZX#(&T{d3 zUlp*dgwK*>?2HR_qAT8g2+t;)?_nb9{O_-? zrK+Iu>z#ex@!O!}bhvzq+KdcIDbrUkK4w()LW{odOItVJxn*Tj9Cn5K%7NAGHOzd+a6d zc9lXxsLBe{F?294PKi#{EKfhrq#F?sY3U9D>F!5@+A?(UFoknZm8u6OnSd-VNs?^(EE z&(55gb4?zbvG#UxB*}N`d0#Xl*i|U~G_C?oZ+YH2jF6X@Q-|%rI3pM<8n$nO|ZzC3n1}M zjVp|HUwxLM!q6EFx>ZU_ttK$*W27EWPAO-pd$Ph6NwNFGl)BtZ*@k(VRdyan7U~6H+8}}w z7EVlb4_qG+o*j;^E(3?;OLk%?ht=sQS30%qzo8B2gWwjOQ;H_(SM<#~rVA*isC+}V)OCvT9|X@I zXjFHBJN5#ObDVrHSC_D`L+wmvj%vkF&Wq?gul^*&U4--UUB1S>F0O3z!7q2J#r~Yq zr+P!Z@n*y*fhx_QrN z{su>ZCO6n8l9A#n%HxhS>|ERg6YW%U?Z$`gz`m_<|F#FEyKsr(sz+0SIyRwP+g>5n zt-eL&wyduoY4xz8TR&!HC=1;NhXI|HL0+u^EQI2*(yv*_-&e4Os}>YuPM47nR1dsd z+_ba-{XxavXE^_>{81H^Q4{roZ>m%hK^6&9avkW4W(|X<4Zxf&DUugvJ7%cNEOHKC z%dNl4)?raIUiS!@oL$*`ZxkKq!^=PqQ#w-pJMXXsYWFr1^y|3`0_o1Mj4wsx(FN0? zKagTwVoK=Rlc%IYL;G2B*W}`Il=FuUcWdI5Y)TTnwb$ZYQEw@*E#0KTvU~i7f&0HX z-H40dibEhZRi;8;ZrB2y76vz{j=N7&Q03AvJ@L` z%J2eePAv)V1@IWS)oCUh$lb10H)j z5w+5#>uk1#u5=&j>ZdzgOFLh^jSdRiPn@pV zq0=Zd8&cW-ZbYSoFkg|?nx*x@?F{*cYsIqvK+g=O24Gg}4aN%aB@dj#2|rbZ|M*yF zu2pYm!J1Fo)C6zxE_OF0R^S5pgtpYkBuYa0_IPJTDphEi$V1C*?LC+PASg>9`Fe27 z=O?C`6Sjx)5U<9?`pXeMD_PBSD+?T)^7YKC6IFeK3p9%y^*C-Zv3;GVvZqOs@u2VB!^I-lmANHDb;R$q}p#)EEr->F+%BqKJ1b zpy2pASpO;WiQcuIRP?9wl31$mz?z7gUcCZ3_ct8tNVRu1S<`GYngUk0UeQAiFPbm@ z(C3q(V$x$4bIVG=6;n+xUQGPPTqbVF;@H;YaxZFjCue>oQ6Eo8Q{eKl{lv4_n*gqMM z&Gm#lTqv<$Ez0^U+&!NCpr;<7933=ab}rE|ZfWV*IzW4{+5{|?ms!lE|PN zLYVJh;_Wg__Wfm}pgHeF2VpJh_qJ7^ryY_XDt1xEz^qF+-#C&NmF$@k7_!PR!)9;R zGwHN+hJ9-=ZVO0>jbm{IA$;9G_+!sW;JyqnY}>WY{i@XnBOjr;y@N z$(rlMm6=}Sz%IdHd6OjsY$J*12M3yF$)DFG5|pdISMn)|1QCV29BRgfoY%BpYy(NgxX! zq?dyBMvSh|rmh^oBe?p|Li_^X{`=h21le2)QFq-jtXNO@jBu5PBkCAc$l+tkWX<)8 zoRR%6GO=#=wVMu4ee2|3>BGcCnfzDBVvpSdZZr6ot+@)7#}AoDZDh;uvjIuCcHsD7 z)J6{#^I34$UtCA3g;&JvD^PY=Shton*4;}Tm@4i?c_PN!=zd7YlsG~)+oHLrRYBw2 z6yf*`=G7p!&XPXhs#WmcFlSn!U0r&rnG3j%x}QN**fW)|5$l*04_D>l%&7nfhL$zT z#6Pu{=4fJV!;5LSWS{uXH;yc`0W^2tX;n~e77-D39LTk6Nxe$h2CmroC8P|-(v_>F z^lmGp$YCN2xMb8K@gFQ~7A<5A}F}i!!pO2U{Zr+IUyQ+3Gm$Sb?WCS%7+M{#OrJ4>i)f5cVe0Q_zxE|NaB& zov{C5Cft+E6ZF$A0U=)S^Q{`2iPWRF!2ZcE5*E7$`tz&CTuAChEOF6?pb8BzU$@kl z??+hYc_Bm{3xVYMK!Ys#%Xp00+Q2VrEH+<8rakJ5%utRk$EQIVY0dbF^?x$b@JO5O zMQ0NCl@5^e;P%AA5`Cbh?N)C1zZ%Nb&cmw>!~6bMjbe+gJfi+JkrHfNyP5jx%yuX! z`NIM^QHGARaDCr*s=k_NcGwHH4lw6|Xaok?X9}dGw;y`U(dtfd<;$2mDm;8V9*jqy zVH-#6ngw>Vvn8(XgIKQa3C+G*#ZaySLv&zL5qXUbIq3%0Ajeu!xbhZX2?NFLU&@_+ zjxLi)+-D{^50`FwShv6+2Q36+9kp+)Cjkx*0|Q8)qZyluJU;PTxr6>|&0cNANQt)d z9&49(UxA+nPKFJN_cuCl5^bm3t1)py!AYZ|tjRB{OP8!3of!q9!{-00p zhE6m9avvESYOx(Vv}>0bm{My(}@fjp!Mp zs_TOZt53U`Ha0vM$Fe$Jb9F%21T)_dNtu(7qBLiq1s&z7;=qKvnqM)}Q>sAN++Xu8 zLGbaFDcK>5DOmy2v1}{Vgdy-q*YZLH)euJ}!^Z>ry{X%|a$@u6#&2#N!QmaOBW^i| z-B0=fje@6cb;LDH@;j1GO9J*c#2L+qS92X;n)ubHQ?l{^fSgSD$?55rw$nsyPo`fd zZ<#=OPd6+ovT$Jea(E~Kp2MR@ra*DbQ+H*#SyAd2fp*LNbW_i!=iI7FR=^#r=2R98WoY^TL9&?}|T@%A)*}^SiLe7?B zyv)P2yPc52cGG@qTpMuk(c?3Zco$#o%0URZp3&OlJ3V}!A7mVgGj!4JdWk__+-eY= zAa5+&X7T=m*);31uXxE00Ty16q9Y968SxrRkV!O;=hOGsaWy)r$U03X{2mk93Gl=O z!8aG&us?n6a@+5XYIH`n2nr;*X1pbSZ<%knW=Jn#YRIw93A}wMBO%yqw0bI$d#z;R z6hyL-X!XWnu*!E`3xwhn$`aRjq2Z+e`KN^C(*mo2fwaK97C!#~?|t_^$&iX4^9J7}EINZbplS_smKlRi=P*!m z|B&Jo9VPdpM;i@z|B)-16k+9+iY@u{xB=RMQtyJ#>>LCDSk&J*X?29 zD#J|d^w!TnOP&@p%9@?#>t83~RLhK9_HQm>v;riKB_P6N&RvEvPw)%&MEdjt&Do?f zc(9SR!(><1e5R@CYG}^OnGv=*fq(Qkmw)i98hG#n$+3+Pbd=@2aW4~{L;WTz5vR0b z!2h)C+fZ&>m(Cm}<^cra)gX@cxZ&9CN-9-YmuLn$3QJ<;o0GnB>%-TsW#2Hd^4QYS z0edLcH4)zl9JvU^LHtJRj0}yn5UrHgi}0jjW@Ac`NcwTIfRRtEL1B=Xk#|iv7d#d1 z-|1Mw_0eR!U;2{qUQs8^M?};O{(!Q`r#?$Wf?iS2ZO!%O1u@$}N&WyF_@utBcL-J8 zU=7m6*F5`E!l9CM+RGQ^sHkC&p6;EC*G^~Ka#$D7A1M^mnI0CO356M7P!J>a6f9y` z)dPl!k*3js+8jH!(zaT9aUMTD7L+8U9(7N)_`Z!!=Bd ze%bODu}Aagf}qkjS!E$FaQ}JJ+-V?$m%cyDzN z?Zop@l9{v1lJeoYlY%2}4B?BL9=B#Qk?*Y6Nv?fy9nj1@@9I+EVos;3?*DD)nccZg z1SjyKn*JB8$aTD`Aq0z0YQ_m3D(FQ<6MX1Cyt;S~)`n@B`xUAr$;v>i+=O2_UB&bA zI6F6WCL&aqBYEeh!0qFZc-$}Qs25^d>o7|oqRwX|;jEH-SOyX13*$$@ehZdd-8;9h z-i;TY0r=Fq12Gj}2V{{hzLZJs^*{$p|JRPTeg!xg1YEuOK^J8(LmZxAByxTAD3|5b z=7O#Evog<*z9U8(N<-Wp`^cm-+MQue(w2V2{|C9}vG+OsU+UyIiJ#J+F`mw5yk$=6l7Q*RC3dK!nda?9vAq9?n0+V ziNn3;3c!j&ZSCcH@c!$hCP?zu+0gRS5xLytu6brtZs$pqwG>*a|B zV2GrwoG+>&oAT9)NgH9>vNJatN5;I>xg0!%)Y>uK!y&9CrJl$6GR@;wxlV*Yp(Zm%P=F7>YPo-KW zt!-idI&D=MM2CADrG^9c1}fE`X^LH)AHwOeUuoq$x#*SDJJLGyi~6@;jg0^)@ynhz zEte;v)<^!WO-;y>lYz4{@|ZZ@L()GLRFw6JE)PD`IYxb9OeX_g7v|m?ps#7P2VB*j z+F~`;yCjx`fR#3NQ7vV-Qo;qR!--V}fE8+3+>>#*$9<#h(^o zUbc_hUK15Bo^E>d#r(DI3iz4*enCwoQfx+aoq~4Ex0tU$pcKLd}Lj0n|FmChG==?Kk&tH31B% zHvZ75z1x$G@vCN5lMpCUi{hg8l%IE)S725|z=*@Dp4}}4G+wi{H_G{{emvnX0Z7;E z{G_6{RrH4gs_Wt;qN{E|gbI`{d3Q@d~%Nd7$QwaCkYZcIg}FuOO3H^vw(@23dG zs+6oRd#*ZTPA)|D_eQL@n%R)7ScmzX6Fianpr3!P+_aI&u$6{CdG>kY=UnK!;rA`S zwdp~b%LM%UR^^_5twabL3|9NQdm6~%8P$CHZCG9maaB@WcbWHrm-WF|dfl2LKNFXd zRWzSM z$GSE);VR~>9nh2NMzV<^)H3r>A7E#@@x4sPxJf@NHWsgl004iJsf zpNi0N33O>=mN3?q7L^r=~8!Z9McvS5M$?#DyBC3F`t<1_`7^AYH zPrU0aNy$cowIQ6CqkG(%2<~6hW@8crALWz)k2x8)EiWV&A?Zd#)L3rocL<56v`O9Gf4Jl9@qBhQ^q* zmC}=tPv}iq-)&j+@_E;iZ8P!DasX6$d=vW`LlQyLp|UE?Sesf#ZdQi&j_dXI!1{#9 z4|)saQ)Hrr6<#Q@ogt z8~=4feVlb#If&Wl;oYILlUn(cit8c!0tNtC;O;%H8syb|=B~o-(D$YUigP-vLYkoC zB(UhdAa^!sz0uuNt<8iU#NxpJn*2n)3e7%X38etBIF)xsy#TtLD*kyH#r%(-%~9*r zeC(qs3kE*&;7(O{g``DpVKoF>IZ*Z$!O6;yN33){sj@8aZl!y8_o%DqJEDmP46m+| zbvr@~ENOl~u64WkZm_ik?UoCo(f3!7J{tusMYIjVx@6pF@Hd3XJB*?t&9VtJy# zt@T#F8XC{tQmVG3)wFrRTviGUz^JO$+9$6ae8(EOxe;jJrTDW0{T^g9xzgmvZ<7H8 z4D!&%5p?%2RnCz!BvTN}^9}T322gAiJCy0W7z@7$&=jp0qyH7fQ#nKic}F}33{Vuw zghm(2#iL;g%@iBZsMfh}A^hS~x31dlEx??H?3E!!>r0|#9Il@}e*^>^WM06WP=l8h zh;UK}XFkyy#SVZakW8FXPP(DLoLz&WVV^g#pdfKW(p_f-;-A%aDvG!w=ZLogT5a3G zdZT6{U2Dd^S)ETPUk%*c->~yQ6m@WPs&KSZ%tRlB@mPQM50s6x?uN-M-aRbFUu_rd zRj+3~_>=@1P;+#cyr}DLFR7gW2$S@R$=533rnSsl`e_ ztsRu4X2P13=vXkO7+8E&waJGrV|EJ0Rf_Gy^1jvPTWqRBK$xe>Q3ZGwwq`?h?Jx}i z*;UR%v%*6pr}A-Pm>$MI6U0UAVT^7mLjvz#5j1{+p7G70%~>^LJmnXsEI4xQR5VCp zV-vHiYxt7z(cSF#U;T}rq|49vRt(Jeg3=@mO4DnJPuPw{nN&SJ{C0AQI|-o|2B?;% zqCma8H_hE~_Dzgj3f2TY*Q3`TW`TpW3sFI8@Un8@Lz+R%rXz4 zWT%F4J`x&E#JzIm;>F+P@m4a(^OIwO=WincTWD0X629M2{-uT0a8GXbXfb^6YtL0} z=K6NeZv*~<3x0Xo_y8+fuqoKlOa5jBF*$$hgY&Vcd##Ce%R8EGoHTZ2(6b8OkVH7= zpr63>1=4(FCE@wPN}%UzpPt1@t`W(O7v^=7({>B>*R0l0e5I3iz@kF}N-`U13&{vu zhP#Ln(~ClV(Tvgs@e=5?lX?4ciE5rhrp=SI<>{1;6WIM?r2giiDdf)O@p=G z4w}?xY&Z-ilic+RJrwQl01Y_s9>WR#t~h9iI!tOWX(h!_1{&pcqFGl@7*v!@155|a2*h|RWGI(%V6S-kK^TMbbUh#I6@ddG2)Lx z`h6MgdKi7oVg&wJ(kF1geKm-8Wcl&y;Ua4{nHp>6EnWT@&@wIo1++Zn6ryh$wvE+= zSysOL@1tVDA^l^#puFzah5_BLAmf36pWb``e1G?BWeI%^QL{nZ!U{2JDtq{7+ZGFf zmjFNjxcG|Z7|GK5A_dQDaFV?5ny~q4e+8UT!Mb*&ypIm1Qds$4+=y4XKeaudE9U!_*NYzbj8qxRv^e|EV4JJR~#pH&0=?tT_sZXM+E$tl6*_p({lqwx~y@($gVIcb-#VtT@G zY~h@4&o-JbRR-Y+;Np_bU*6R0@U|a)$gxXj!Qkz(&-zHxb&6l%K$#CteF_h5q=e2L zOiB2lAVSJwR&^DTwn;M|Of2Amj-l65ztG|&z{mR{;O20D)u-4R*mZGsfURaj5&c8< za&VC6A%vbWc04l1Wt)!pJ$QpF{^u+%Va&_mnJ{wnaeD)mN+qt>>l&}c{y$;MR_OI@ z80h^iY?3&V`sB2*r`0&JEQ9PaRxg)YtV#V{lx(!2{_F=`*4pn6gX2EgXut1rK>(C~ zN|GD3LZcMtAt)xy1eu{}aX569v2#_fB|&Uc{NpNueABmvfu?WZ6EH#7JSAE>20gKX zKbh5{y77`ABu%rbYia6MdrY9UiO*win9J?(&p?Df>i+kjnn~}y;@#s*0j}_LMCXtV z0`Q%%4So=3cqUwq;8OYeN27p) z^s6qV0Et#Xv9$?5+BA+x9|I^jz*s~HIcf&>QN?}$kx^}z<2fijNCE$!4H-dW3QofG z_aw-IztCe~Ax)*i4HVjMNb1ZQ?Q=DdW+IjM7G2ANwKKXSshdJiw>Bp$^m9`qEU1T9 zBw>1aU7wKu_(m?%(k^&inNixg!FG1P#KPwE!6t4CfDQc45GSdOTOQOL8FvP)!Wnj^5* zqw4_ao-2HqMUlc!F-6c+r(sIH89&)~MFezmx3%+S-mUY=fzdKr4-P&7(>U7HSYzSO zm^6s|XO5RYIy{arxsLbjP8%DXfD{GrSW}g(j&>VdtQYD}=y5FvADc?vcQ*8<(B1~g zkoWn1B(^rU;v`rrke^k+l4M~JFv(vlLi$UQU0V5~U|KJcrv@$Gw6`wc2lYO!z&#lF zVe+u)6uN^SJ(tz_+V(h;IW;iEb+d(!#EkjRsmB+u5(4oHEq(r0_UFz8u5tatGf zJPhO|EIRZE(R=!e-mb&-!XXvZ-E+KPuRFyXg8;nlTGO}ix%YvK%7;kp;dO4 zufv~AE~7SxG;x@mys=h3N%$!ls$X8%v7)U0Rl|6kxg-Qi?@AvW7U|!c*e=jh-^sja zO)GH*%5?arHCtbUw#w9S$7Vy!t*&Fj%a&casN>U=l#^+^WKrq9w;pdD^T4O(90wDE zI4*(6$RB*FFTX4YL(g@<(MMQ0t$>3}Q`%7qoeB>fId+(Y!}SBS|0pzJ;mXj3Vgj|Z zRch)gr*A98L_0T*##oT`xaPhO9P#0E&&MgZ=g-b)j{X|1c5;f*+P51Ww>`+g5{>|~ zVR$f%ctRv}9LdAtz=!5k&?V)pH;UAfG0nnWMuJT+SIYUrUB$QD#5=gj{_cY7*{_VU z5FmcEmc)tR<=8e&D0mkx!G8M8YA92~q>bd6sK2k)@MKmj0Kj8|K7y2`ff6={sqqls zFGqA9kGDP6D*R23Cih+ATXXW~^ny`8PHsmpuTK_+bnRGM-edJJhviP${0h{FDjQBw z3yNDDmHtq3V3_TlTI%Sn2oZmJr*}TPYrRHk#?P@9r0&n)U#%A%?WZ6g*m*8U6ffHG zhC&*eraq@g6{vWRtT7fq>&8>AHAH2qR%0OjR$6CW;ovn2&A%|mb1n&mwAamp!z0sL zsO`hDLKwrSDsA4kdODeg@^(C#-4h(6Bh}Uq9$n_J<@LFM`Ewlz*v)kk)-<$FHk>~^ zW&;9ViG1WY{AWkCl%-MV!orB{^u^hXUf zTXsF(h!~2GkZ4-|8ya~2QU8>2i~{(zcWzG&%Gfp^xRsA+(v`x6>(feRREqkoo=#4w zvN!go`5NEjb@lthP=`buboE7zGZ}3UpJNX7;CLq_?Y?iDs095OZ9u!c2yF|p@-WzR zENrGLRXvxed+@AddZ-8gXWTDeu6^*RM17k}UZvBR@PasL?8X}QS2FH;||fhfGwHm3Y;6+kGvK1J0L9Tt4JXc-HwJdMn^%Q+ zvCYg){F2*B%!`TKI8s)lJhS%*Df|XZ!L~&QO&Dvqr9~|sFMWph8QZh%V;Li^uI7_+ z)!N~e6Jvwvw7GCn9wIz7=B*g3r&5Fj1#Oyd4I(^k4>Yn;34wW)uTCzfJde7op<{x+ zxva?HUnb?T-j^2*R_N4dTeedyrEbMbY`YXU+U=N2UBIP`kK(*IVI%lCeh2mEVhtgS z3E^C`+3#mmZ{M)Rb-L&{T^8_VwxWO&JT3A&J3h+F--VPACIGWy0_A>KIzJk$+K?R9 z0_2LA@;hE+7#0;d>TG}M!5fv;%1xTszqay~ER|SxuTFh^9#wiJW>(WXvWn`I_pBz? znQ>iRIt<4d3lSc=M2T&z*1`QwuHzh8GXzuQPXZxqHyND?S6?o|M}f@r{*upkoy=Oy zWek|(SLAwe4C2=g^A}Q{oo`=K-G0gk{?~3V%r6|{p=$4!BGXl$I9iCYP9K!Shet!%Od z&13&0oV|LNK#I(dgdPVB%CZ-e7x%hDxejMId8xszDal~3JHGtYldLHmz68a={T%Bi zIn0$%`X*zwH$g|EmJ*p};^SrZk>7BXw8)K1{nkVO?%_E}604z!5GW7(jtcMP(T{Un z`^Bl|@G%tSF9reDz*sc6nJ`WZJc5{Uo95i9v;pL{^Iy`-dcSh~gp&e0=P$Z^^i8-J z^AW7YRp0IKBEb)Rh5433Px6oq105#$x9=mKey+9nVeL1`px04G2U?vJq7H9A1s1@huU7PT?wQJ2Ob;U7T%8ucbEpKPO&H#J9_)`1Hn{r9yUt+0Ab(l!L z1acYJAuV<}H78l^1M3hM+~cZYZ3x6De)RUY^vH5&u2xa}w~s{cn#fmWUuk48h=%s< zn>hN^yaGGQ$4|~q=rJ4N?1^;}?T5;X=@++{Q1*Is z_?z#s)C%9fe|TyZ1msS5O7dmry>;N+u3roz6@o$C7HSA3QX(PDzB0TH3Ol!|FWZpGHSlFfAmdaZV_a~{~& zb9KSK%=4>~a=t}tA}XWww} zv;hXvrVpx(7b60BJg0+;fT6HKGUMGzkn&YOb_J#vX58OZyuJSm)qEd?TDkyk6e;GvO zCF-FC0K%F>CS|&WuLXnh!^WfjQlYzy##R2AVKgeEdjrprb4Of`LaS&p?g?z({GuN> zDg=ycTaTaQa^Ecnl&^}}Ve*p+Acj~=s;ij{Iz5i=yaK*oL01W`46FLakS5K$zLl5n z5f>-aCw%?`1o>nUnLiG24CF}ho7{zoD$3dhSm3_=$ew@Ou+Cf47oJ?Oj!XV`eV!U1 z`hc{-%>rqYvLK2quZR;8ZNwyebDzC=a{A+{U$|x+8Eqvub+YVRRJ$ov>^zP(@Y6zj zDZ#Ex0B4x~gXR}D!_<0WMm`knXZZrcVkHUtA_KQc8`|Jvw~IywtwXXxuuWhpYfWjoSez8^ml5rbbl)sUdinEuh8!+|lQ7=Kp_hp~e zO{6||FCi&m&+I?+P$Umgy z^qQ}1-O$zdbPGm5G;2#*r{|P5Dm8XH$L91xT@K{`Y`L2YBltck(Wz!mQjm3!0qj&N z?*U=xxc&JK#wPN`-FkWP7$+Ioy3TyZ6(sO1*N0l0Y2-u zBIKm_(&e^ShWiB0+7DIrrstK&jJ&|rsLCZI((v6-G2>LVDAtg?*gYNkCO79dHayuq zNzCs`!7`{} z7GGX#+!+{v33L$JQmw<}H3*L%fXpNvFjx1+el{0N%c<9$=&+BoZNlBtoxD!ydlRd( z@Zt(uqj`i2#dp7JL*CK@b^qT@F%K(6&CPUfYJaePp@oIq(ri@l?D|Gm#@d|pJ~`|2Jj#r1CdpcUv9xX@ z%)#{tI43#VIp z-6 zlMBMxz;IkH)0qXfOF9wv&83QQ>-kP>9bB>q?q}il`B@gTmJo%I^#0LU!2~{_&kB}P zTTo#^H3cUz)7y|$@mHsu(D{!~LYQJO(gav+G>Xg?LZ+fp3htPu;PIoUWIo&(F!_f2 zlq^6n_)W#Vwa8#e{(QwgBnrh}3(|QcSW;Tr&ct~n4pH8Wet`xJjcS}NB$kxg3wn=A zA-HEW@DG{e9ulbq=s95#7+x_vAFqxYr7zNEAU6xy8b0lEQp~cdSDqIhr z?eyvc@G131h)}f|gX^BRJ5f&u?O6baI)IC}sS0@=b0cc!QwDdCF^4dEPbyami}fq? zm@Di^dSW!{46dHRb4av6sampN7f52NcanPS#aHH}_gq{-0TNo8wl?`xF|@a7-$)Z1 z5k#}R!JLd^bW!pS+`82bx*74p`%J*xG?Y_N2jm+10NpQ0M^kKU&aobwa3E*9 zV7vpPFB6}%I%}Gixaw9>=phM;s<1M(ptvnR!QghfNWsN5smc|WzAE|yks5Is9hIL` zuI^h}twHn|TMp^|Be=_q0co>J{pFKR1}tLb?FxOA@qL)3x=qWoqVcAOtXX6~0$|N~ z%7qG-rL~;??JDy|UDahmjy}xSEr6OH5li6H>E!p>npqJ-PB05A3e$au?V{fvBwOWyiZ~MOZZQ8(LtkrD9I% z^wrR(M{30T*a;PE8Nm#BoH$L*J@M?IQi+Sq>ZBbp+ISwFX0f{nWPJx7xExB>DRE{+ z=C?R2ooC7$K^nqGH5Ly0i}JoDy0s$g^aes-m_1vuyRdb&vH=E z?`sq`EaB0c^-{M84l)vu3iT7#$Y!hGvwVdkv0=n**XKUJ0?OYxNyUG*djXf;|EkqW z&Eu;?|H}~J$h?Uz3Y<7s`Fy<<404l0%8!wVIm18ay~zbn!(5B`wXH9HtsZY+=a8yu ze^ol@JMXh%x-F{of~#p#>ni+o^sZpqs>K~eRrron+7P=^Wxum_ke=ko>*M`u!Lw zytwRn#=DpHuw6jB<(R=IqlDzI z$N(jO$u5Xk{Y%$lXeDrHtrAOYJCK2Su*TFacI=oe@TI@vf6^mQQ6590WX35}pvdeH z7+PoV78vR(Kx|}>`T?$~H5;%XspO+V)ZRuYzQh?3L?gVl9`Sq{8OuG!NsuX%Wyg7-><#MmMi!;D??qze@UO97BKQ0kl4!IY0U0}%Rr!4wS=HoWgP&{ z@v9D*he)$K;Bp<$hDHhv9D$U#3!TOoq)?*cw&jt0-EnggYNLK{OAHCSg8$G|! zsfM%K_dE={4dC5tiL8nJlBho;<#gaRTVTPegCsRl=IyE5KN6t9b^K4m*5`Kef&%IE zTf_2qX3r1s&+nlzB)kjdoS}X#Z!VK8&M5c|<3qOOTD}Yzb}ZS+=>@6bzZHkvj==sx%XA=Ij~UbaHW3VtEYqu(JAbr?R}tv2|j{sdVs9 zP6vJqyu7zNc)j+a&q+oJukECU&X9#)hQ5o)uw3Q&>R6oZoSLY7y-NCj z&~Pjz7b(UUlro6=CXC#d<)Tm#BWo}FM%|etu7&%T;FhN38l7*|Tuk8#ne3JltLO9c z_{oeXo+m4_rr13MuAB6G=CT2zn$3%B)z5{cs3JO|aN%1CLD_+3&!fiz4_0C*9(G&- zPo)>@XXd^g+3RCdHzDv1840jHsa;)(+#Yr&7CSF^PISo3#rVYuJSpKL?7$;&_R#sV2*ic?r=JH!KG z^ZRru{-YQ-Gc#nt2IT5&%6bHY{9((Q7?Pc8Jt-F*XUG%Dhak~^tjiLNygTl6lvjCf z`x<$DISqFOw3ZEJT z<3_&yl@03uQ&&KW;_DF}$3TK=CroZ|wowjwlC?1oz1z9S&bMqyY)0Q}SAB{`7Z57m zmq(>AF&Q{5$Qyc9~i#cyTR;<6k!zqRU-wSk$Ezi zeuA%hjG9Sy-^$nf!3Q1H3mW@zdfGpeObmtiZi|{lryt0S+VHk9F|)r#$A+Du8-KB= z?F1E{uG|L*z z60g)B>cCrGO+F^8HYE*O?%Gk=KMZc2<=n_p8qok9 zK7``7PWIOvkLfKUTG}RlgL7OgX6wC0(yv}W>af(7+i*=&t}GSvan};J-j@H|^WqTqD9|ws*cH z9H=Jnjm=AmABY_j_;}G!@sn?C>i8mRv1Q%dex$CChy(YwU$nZ;>XDEIiH3VHEBUa< z!^2(%vuHQyLkR8k67YO37;G7n*xESJeTG1g|z&QN14yVR?Z(wM{<)UwWoIWEw zqAVG!QW%jgp2f{)>WCK|oaV_ThTjb{9B@fHnGV;Vm?bO2Vvr<=j2?e(QqW$3!{J zxB(BUf(jT>ji1Yt~p{4M&;UzH}*qPPZe4ucyv8|}|Pua4>i*5q9Wo{zIUhbbPR^v6)7 zyy1tAp@dy!C1M9bS+hYy?kvSm)P(uHmPBssaMwe8(&f4rHfIG^0`{%R{a9U8KTU^0aBp4;gcY!xC`KP%2k zbGwqwF8W@{u7w*1imx4)mY8$PjP*S`cdjUa=UUjO0nSV*4b3r)Ay)hnjN0DI3v;Yo z`sxqus!!X)O;*5-j`LHg9xL331hp0!-lo{MCufI{C9mdPc3mphxCj#ClgOqWSvTgo zBh2o9d^f`vE3qJ`uR+-05madNYBp>@_ZtkGd&ByEK>ocJqj%;bfLPfzL&H#@?bz8jX?~rm(FS{7ZH<8s zj=P%n`W7-F2c5KvQzO!*=dHCL_f~Fq4c0g!NM6^()h5|Y za|~;3N1EpZs5n>Ktj*>GY!{J{`&_9azczR~!lG!1PlK5E&WXPM(q;|s?+k$=9nzG; zMG-!Qwh6Uo544eubCujm!rciD?lG2vx@09jH`iRga__I7)Sn=Sd49AoYR}oOV~*e$ zvn0<`i$WGk@7nFjN`1O6aVzB%4zwVks98p!7`CEka(!Gwf#qA!Sl~R<7tc0rsc|V%{^atZ%|sZVey*BCaH8V$zdZpi9LUEkal`o~7he`ipT}xykO>;+7+9@8w!yY$R;mUqYf>@M(SYOkrRki*_B|h*#fC z)<0D$JC-w_H5XXn)chtzij63e+jJS#b?t*LMzfqPJKv*_a{XoEZh9wej`ps%*B^37 zNUaf%8sL5EJncM_Ni+A)K5;=JKb^tl>O;OvpHwy!Gq~GrRTw6~NROnrEvm;1|b04MevHM7t%bO2`cMY^Ru~ zG*;EKusU0tIA3n83>6n)Z=Ojghq2Jj(@P8wby1~X3r`J}Jv`7+aZFL(RG%Vym3{I& zx>2lwWYLL24v5aZ(!rstSe;+8S>`Q)vxwY zfjM4~l&%Yf*-mGJdm=0>`^~=w2BFm~9vD?Ba(i5m`Oh70oMA8OS#JV2rH( zTORTh_0cmLMx5ofpxM#4=}}fYA>D}>YOR%h<4{f>b*oD6(?1S-8V&3{+U=j&AS0`t zMbg2%#c!?mL(LAd8~RkOLGXl*=Y={ow(-g9%6$;QBOtuhuO#t4%+=oo#k}4hh0qw1 ziF7Rgo`x7p+FZbcaV(fml�~hoNe*kAC$q@8m{yi6`ntvHOEhM-2+(e4@vqSyDrL z6EkuGkqd{<+7mrInGR4X-G#~q9yV`1gZ)=2$txn%I5=XOOM+@MV+qw;XwwH0vbKMGss?SLAM^7O1wM?p|GP4SrtIu@%B%|J6sZYeIK!b1q|_zo(nuuX zF+??|XSqYfDjeF&XqXD4ZcS&%_IcyUlMadH4JgCF9?x;-9uHUH{z_4aa9M+k9X;%! za2m8#uRB);b);0dUU|(iCYFWIk%csXfvK2ueY` z(?}uAenGp#_o*S{=Ul%X?Wu29k=z4$>lXx~t+Q^8szIhp(LD?))~$)Q1cmJ%@d|r; zg!t5}?+S$>ioa&KMZm$}hx{^h-Ekf~&G5<(B1~v7yt7cyE^BN1s{D7}ecBXhle5zA zeq+ZgS7P>WecQQ6hd}1IUmTOgQgam6fD~_d2#Cth80AwAL^6MB>|+N9IK$$kh9bIH za<7q0eXTfQ6qK@T@`6P$!}Q6ef|lp4t4G-^E=fkC+jNg7^Gv~V;9`v#eBzOCjhc<< zJ03CUD37^6EvI0UV`t($VC&E!Bmf+i@(-9DF2g8j30fWCfrlw%_r(C@U~WSV{f3-9 zcgyKoHMG3MoSAeZTHCXwwo{G2Zy>Hn@c>HV4FmWF8Lq@P3=UBl$Gxh;xkY4m{bO7G zU-C>7Fj$!{W-2VG5PM#28$qt^41XfCr4h7~Xc%4RV2Hs4K{9QHMB` zd(*1v3@O~NG2T%)(APO)jADiY#XIy)7Y^?04=1Rv`Gw2rpOjMuTX^iPpGSrLuZbTp z#ErPD572&=Pby1imfjCeONZyOis@@Fn*yxTC?tH*niM$Xtw{bkhLJfC@c5;bepRFDaw>~Fm2GtbPPlPN;LGZ^z0l70?mBd&ozRa*j@TiFQSJwF$__jueWT=PP3IRf;^CaT#n z$bs8k+wb$zfYn`m?YDqp5!&_j%Vrt{q{b4axDxK^c;8}@)^XCpO0HFn=UTxqa$>cR z*x-qOyTn#pudB=IvI2LRd?waqbx8M;F`wZrib7!LPQJ;HQJY4NI=+7HAQ3XmiBctm zu?@2lB2p1B=DD4zI)Q2cd=H1eyXi}Pv`x^N#Jl3YR6h4SrQl-fy4eD=BC{|iRU9s3 z4btK}U;nLTzu?6%^b*Q!3YjG|0RiAIY#z`ISbTaucy`)G2ba*j&KS_{CJcT=>gfeO zr7lu*(=S@?ADNu@^wLq^?DgIIa#cy{jB9 zp;AbU2Z&(pmCp6HuaT$S9~^V+g-0i2hBU$JKU4=B;r9cH+rdhI80KL)M%rBCKBJ`W z8Cr6XFgVUgYI@^fiKi1szM>4tiTtL8i$BblE?Z{G(ybn^(iA^1=l+SaYf9lD{ki3u zPqKBCCDFnc0|8DwZ_G}wTEUM`Cq%J;jQp#+3ZnVT?>`?7wUySVppYCE%gD2Ru*93W zQl-43+B&-)jT=4b)c9hF_PFX!^LHCj6Hx?P1lu37eq1%2$fADNA9W`jR3GPVX@suH?j!wiVL!j2J}Y_JbBcSi zO3M&=V6hkqrF$1wb)nGFyI#sWeZ!L5`IR-RTf`Iz z5MlmiXPuvNKQQ$*D5&BOeG{$miLDLMh&H%vgbmE0$Jn%C;YO?ZZ$Dgx{um2PRvC*b z5fKq=zCotD^{gs%^p1JAA}vNzhMR6O-}jnfIzvh2WB42vD9Im)Uu#b#bw&EkCfTA7 zAp7V1uL(KEw0LLheV_B%wfq3ozhbBTVU60YQrnxNtChIYg-$=F2^F}(jxZN6I9@D| zczrk5$n=b+Jo+jpQrKRYo-KlKbif_G>3`l=p#g|0pby!k?MgyyPeX!gaZ>L_`kxG0;&!p=U1xHH=y={l(qvur#j*n!nJ10H^wtKpZv#< zM^v)WKh%BfoY}dss4?!swuyK*JHb~1D5!o6l>%RL9!&s=3jV>t*nI2adWg=0gHL^T zIuW7w32+Y^K{$9(?gC*lX{J}Cvlq+wVkF3Fro7Onl(q*D#12k72JFTU+?)GYC*22L zM7PZF0C}OxC<>|Kh#xpaCpHYRxW^d8CpOY1Tp3coiOBiCw0@9ik@{1X>Sf!BH}1m& zm2)TF-Zk`uKb#WR`<4O*>N}xoR`D3HEkn}s*~9oYcRkU~XKm?Xw0=&`V4P4@R#|M# z_r5|T%Zy>|DOZnBJl`hr`L9BbVI4S07c@W$$@7eSN5Y?<1>smlOV;1*;kxys`)Qew zQg_zO1Tgf6|1KVB_6MjA2ed_OQU{lDuQxJw7{DY#TfmQEys9E4VG|1i#_4ILrIwT0 zrOY%qls5;qXZoDH3%)9pQZrSRN6897-aKGI~A3ZdG)n74mP$MLZ~GDU-qBQ3MT z;d4-aD2=Ny^w-5G8{%W!ttOY4PWz^5H2bb=d)TcBM;3Qs=CDjz_gQ_JKT!0% zB`3cGNCm!G+SVf_K(MzdaEO{|i0sfzL&DGo%H(D&5Q>O2_#gUezUH;#Xr!&_C6c)) zB$5r#5`8|kk^wlVZt-G?;>rzLKlFTQ8O&ex6n^?VMf&8(MHkujYl@t7R&?1y|H11jQHx}EF?;yJ z{9oxW7lqt!-$*H$xpRih4Xd^Gl=CXnUKZW1ctj;43Gz2=oA+Q_7k{Ojia`d7$3s8^ z=hx?zX{VGmcq~yk0+9~eZB;dzPIQ<@OJ%iCm_L*mN<>CcVhBah3lJr6pjtDYAGXbekv9_D&GfgvDF&U?h;#G-_{@; zn}1u_#?A+~07%7xg{`4wHer2R3#Ncs!C^vo?Y8Y%*K||y_9T{$I7ee5)rsfA6;)rN zN^*+W7X=xLQ`uZFR6hpffC`7)<&W}w3>nzvGk9}Ar)Rk|hlfl#Pbmz9w24uM>e*T}A%U#7n?7suStHbBWWkKk0Ug7JGSAjXX$)q!aDFsV_HnZt20~FY|h`~*%!d% zbox^h2|w@iVr*`AZdkO~cUtmXT3fyuL6?@u-Dx|dD8Zuk#msc%u6HkndWPy=sF5_* z?-UQ*aQ(%_obHkAS{^v2&%o-x)uauIjG$l(Waz{lWyIiE(_*=fe&6YsbTXlw zT{-Blcb`rez9WEhe}IA45efJ&*$k!^!PW<3VmNVFUZ4@?gi731h-A8R@_D&;SHi0L$|mK${| zbUf4eun5U4KJZ`gG>g_dd7gbN^`~}%SCzWJX31Y;45qdws~$*g22~Ci$4iIpqIVc_ zzz=lNSCMS>1&@lK6Z2a1IX$c~$ZTTuvjVkWalAFMvC$!Yr|FcSNGVaCJ!@7C^pA`! z&1LKz;VY@J_U2p8Cc2U$qig;kSY}wRFFSzHM7V0zL#_y%gP)kPr{1MvfMi6Eifp_CkNydVU#=G!Dsc7}&G4f(ne!9Nl< z7<<0xE8T}^kc1^~C-@NEs-*K>tf7Pfo$8Y;0Rn9k&v7~y%20v3+?@7BTGsH@vV?Es z_h^h$bo%*ctI$!;CRV!7dxe8<_ze+IPLrVkj#e9tpI5fn65KN=XvIljScHo6*-2!9 z#w^uEx8qn)hqOYxpe0xEK5mu%-43xDlnv6ArYFv!ELb{$0!t@pP^E1W zRXW4AV#ckXq`H$wXE$pn_}_fxOY!Gx(W(Q2@yHq+(^#n%_8ZqPumh|jR{ zh3~wHex;x6q1(He(3*2=KK#>gcF5Ey{17!7=ROq=343)$`Qnvv^6lQ@t7efJZ!1mg z#BaCTxIDVdRR$K+PZbVMs2Ym8vYU-tf||CQ)S0lJcD5oGxiQC!zZS`0Z=D`vi7I3& zXpy`L5q;cR$LLy;lfo1QO3e8e3*;Q^l@8Fe`%k~@Y)QW{^atE65$cp& z>D289V9Nz?N;j1$m_P)pf0$Q3q3@4*n>m3B*JZ?uoL(tMc{w`dB()%{@n$BFJMe#Y z3}}`m3Mne*wPvMDfH~aExkD*tXH7b(6 z#9`y=BSzrc`uU&3{~34b&oq8l275|yTW&5}+^;-w%Du`%w(H$GM%C*&+EHFk+=Edn zaQZjsG10M}`yV=N{wy^E4wY|Byu`Tz>iP9`bf`r6b0j_J{grc!NKHNp8fD{c{g@*F z@a+%72URiHa-iowx=uD1wti%03LYTtKsQQ=am-e7{p9^bDc<%Fg0K z5Y$)8EA>WoQFBD=JF2{M@JlH#q6Xhc{q@hoPifz&ud2vX{$gId*ySnR(^%<^49^eU zbT|QOW9C4(rG^%-2hF28zsh^4t}*B5+zeQlhsBx`GBo(@m~g5Eic z?cQn@PZ=7uX12;qSMX-NqqfsU9>ny;;P%2~_N<)=ptXybCsJssn!nGu4QPL;!T^ij z(R7O$;UZku3$rAkS!Mlzz-ftQw+lBT9s%r|O^k|X@ln2`?25q4UJ{hyi>nJq)D!9_ zTFd2gQKt8Enln1JBGZ~NIxYv_2cq@&^(j1hKV&mJR3~Qi-%rdO*Ta`UyiU{{yO-c? znMG8dEfP;2Y#%y`G(^VRwY*{RJkEah*W$HqE}WVo#{ic|JWLq z_|i^baD~rzU{B&Wx#zpIS`&+sNxX8uzREudrqb$Yt*X4I10~q#%l@9uJ%xEr8P;PZ!*lT_Gy3>f5F3#PRSNf1=hgLk`do~7V^~$eOwsx8fM0*g`jhMQyMk4 zC>MhBiMrsD!338q^-3W!sc0-06-iON66P}Yfbq7h{FL87CIe@W?s;~WHj={>h8?>) zX}E01DTnd7+ir+zR;bB4_&|H+%-Pf|@K=AS;r?t|2hCNL6&gI{w}9Xp3ctdtY<8Yn zv05Pabm+y#qU=fe#?IjI&#d9do9j7qk;@UMgE{hdgic;>kjqZo7f?-Pf)8*LN1X*S z(v`Rdu`CJ}n}R&nU%w~Mm~0y3Nhb&s;(kA*!7A(OYp6WUwFc+0LzfI1Z=wU)BBGJ*fn+nC@7s3YL#C z44%`+Sw(pkkY19EBqFH_#wjHxT`L-*wRc&(Apja~j)b`~9FLfyQ5&iZ%ZY`UYB58! z;{L!KYmtmsw4XGVRg$UklvTL$!J0c){t1`rx^?kq;tAqh89#@beWwaw-|1)zCcFd5 zu(yIfiOBnC@Vq4UV||%~&HGZ`t!2CGfgNz8`y^3^>7$dRK-R$#*C4kLkRA!DOptheqU|F^_bwKl|3k?sZPooo`R; zltdfwE*|+qg!Fy71`mVS@x?*%!xMphxUdSY*kDt2?heN}M?;UH21)ua2 zkTh32-mNzaXmOOQ(JHEyh_f`B%WhY)PAF6WW<_g1UJDco7>P`DO5I?YJ0x6LsA|l9 z_2jB!G9!a>*qetXMKIoi;OC2^Em(GNXNU+jUNyn)k%}*0em<>ASet)(JAtSqK4vC} z7QR#O8MMPgnmX;Ir%G)msPB zo9q(v6|1uwv&;m+5Qy4v{JqkhD9R>;NvH17W#930H!4ID2jk{>p32J`nz4Zq!(c7% zH$DOE&4q@KTtt%@m4+79oRsxhHo@KC+8P36yjY{<(QLz9%rb$qH z_!_f&Phw^=g#i=pa_Z9VPhSY+`w;rti%~_*&n50`NmPmKtpS2LS@J(HYD-WZS-PaB z5iBQIMbWu-ej1)19AyofTJ06A^nTX8>%1w4d&?W&89}}(g=2JS(qzDG0yu)5K!U2T zOGv}1{aR>7oMER*h|0-jHL~>4XVhx!#jFky;9XgG5w9q;@k~1!@;2nj|AEnF?5UDt zx_9v)7#*~4BXcm0E6jP6gK%EV$cakYv2=7mCmVXpCyVQl#;_=zN7H9bgF=~-P`r|^ z+gjs*+SIoK?5RxBNxtaE%%2dbe1vDNJ74INjI zqz_HzN5J)r)`RP3`LuXl1Xt#M1J()Q>YHKlOAjXR+QjUD8mdlC7VD*(!|9B^3spa_=qkS+ zu_hBj-whrfYm1L=I}c<~`;;}^*;hx9lo7gVSc0b?kEF?YtncM>d3?BjNL){++PO7w z`}J%9_r66Xm-tQiqVwH18AeIh6UxWAJn9LEQC^s9An`cd?*d+tQ4~u3QYH}*7PsH3 zl@B03lkQm03)$Dn+i%5#4`Wno5g_>IFBzNq;B49=QNW%zrIzIrETc3RMxLrO+EGun zcRvxtPkiT|yk6~$jpK-H>tXfsU-9k0Htl447Pg4UYEO>d&)%1D{gQd-$ychd>oH#M zw|WtXpK5eFn+cPUplHVWO3c0iE#I-v5|*p@)7Ty!4x=t4mA)zvVBnxlcq3z1rBdB= zZ7Cg~FVTW;(k>|_kBQQ_3`tT+m_BwoH&ptt68t^#0E(zKmGG4~fJ*8vW`m2QD4*3i z+RdTeKD$fqk^%_a9G^JdZ~__;=R3RXj!8#NhD!+dy4=WIKP~H_f?Mi=(KShuD)zWq zUq+vr50pW{zJ5Q3*PCX?O#Kzua>vv&Znk>+<%T!iE=EF+W9)Zs>I5Ilc(=rPvma-^ zl#$ejQ5O)$McBYnE$P@#Xx{qG=>|m{M0F!H8g!0HQP;Ba&dkb7*RsS#{4M$`rm|8N zEICNYfHA1{E6~^`Id7@INoU?F-0tIYwwp@Wh4+%0r{AH1rL?(7uPXR?v#u{{YNN3V z@a1-YOWZjteqg5Hr)?`Y^zcJJoCdM5*yG5+?W_i5+x5PLo`Pt#m9hY@DVWjSc}?d{ zcM|t>!qb6MjryXeE8;CJE<|zGEN`LkJs@}nUqqTUSAazNeDi9iu)Re+;1G+Y>7wS9 z|BKq%VajDkPON|Ux&BbNmLeQv8BH*#YSF1zga7e5 z?>f|K?PP4&<(}$dQKa2g#)GaO$inmU_&MzEh6g3d`8J#mky)- z?os9->ay#T=M7}0C_5QMaK~K3&Uh;O^b6=Ph!3q?^l=2BF-Le9lNH zz)s(EO23!ygSCBJ(Md~SayHmScz#pp*63Sut*4XZat=3niPT8Gag3^0#U(^$ zhTl)zzs_J@1ym{poUZ^lCl;JR66mrPgT*B|kq9NjR&2sAG+>P~@Jf2+YhJK?kL=S! zUSc=?2(2%hY^IQQ7&SwQ?kpi1X6k_M-=^Q$&Y=3r0`B4(D6Yx34)2+(sh>v0BnMW! zmb#&xwSRTaWlKSAHace7yn;u~`(Ec&h-5}x;9H+2vf#S-YmO!IOPS~mKRPPE0f9e z3BHF{iH7NFUF$DxU8z`6fo3|6<_q+A!iui#vozZ*W*m+*VX^)}DGpJb?&Hr{Wg+Ri2j!8UC;O%tWVnXRzC86c9{CNYwx?%nQ=+yxG~xUZJ`?G> zW{X`?a+pXsLFc2-12yRfA5^-1ZI8t=12PNu47k7f{t9S_!Gn)zX}>OTAZX0Gax2C` zm-f(W#&u^8U8Ix23k5KBl?}OKj;9m?e+a&F(syaiE`I#ZJK7w)f)TB5hTw-nYOvxZ z%!|$L(4$}!{(fB8RB(JHC(!%oL7UTpW+dOL3TGtG7t92^P#rRL%|U}rUxA{)^2VYc zYkDGLsqKkAR>ezi$)p%*1zKw=8lbIWdNVp=ou7Pd!Pnj9%nlpB1AyqrBJ7>RdT{3C zF6)VBz`+ro;p7zY&ErS4GE;5g;=O0;W#+VhKiX6~E^bvdSW-O5H_|E2ZSYZ8906-w zIZYbRaF+@pYFg~&;f10#8B)1JhNhG!j`cuLe!?_Y# ziTww$X%iR6UwGu&TbOhnn#RwV$eN?`mloh{k%@N6lKL`5MGm`DHZ#meJheB3SLJqc z$%_T$loekLw!n&ctk^xtLO%gBRG0n>7L1RA8TM-t0#m0M+=)fmWTXqZ{RrBlo0=L{ z0E83^7pSPaetd^vI?2hFs2;5 zI{Nh3kXgsU(dcQo!K->+GnZ{f67i6rzxbT7%?(j@O(k3%1n8RI?*u}m#Kc+gXx=~B zs^>Yv6_m*-E;B5SoecD3$y`YOgiuUfLsIR1cCDL32+u#y|K%Y8bQIla%$N$!>A{aq zmk*a0p(5Gcy*L5l$ggOPQLcYJPpy!7N+^21F}%?-yV3Vj>^qL>8;oytYQ;ZDpSu#Y zkySX!ytSf0RB-!DR5YcaCm_GKb)M05-b1Q!>xXeeQcl9aC#+Yng`o7!Q|R}%+r3$& zDk;k_qd0s5@-)C&G=UR`T`kYqqkhyBsPV>%?A{FNFT%8VJJpTt$4|zR4^~HnPPfdE z+;JAzaj#PPwlD6u`!T62l4uN8VzLa9QIhv)ZUYN9y5^*vHfffl>3hi?q9{k4T+p6* zFDB5QwxqlypF|d0CP-&lg`ay&{I6vH9FQnWILqdHOkcC~g1@!4L{NYg%Z}4Dqw(I7 z6+Be{@TfY^lbcgIaG-JtUwrAL6=S&Fif~KM&LDlCi^c7sN2(xKJp7|6tR(l6g~5N& z@MtzQ+C!dCUD1|obDlx5A}-8&FqO}wBg`@T!ADjRzte=XHcpqke{iqP`97AH0muMe zBEv`buSE}AKI~7~Jy_gBjZf1w<)WX6;wA-I_y@*c^UtZF=j5u=IS>fT#HvlG1C@u^ z-gVR5LjFF_fRg{d2h}F_`wlWlX)L1iY79~G_ zGeAFikj+zxp4uqMf)naHVB{tg%(@vW>}&ouh$$Xn-cgzd9AD97O0ZF68R50N+0t

    ;>_^+phiWvd#Jls5qXAt|mNK}&7 z_#?mBqiI2l9!ae(EGS%)qcl??y5PMq*tcT(VePVYUtPI*oN3w|69gm`uo!V$POx9D ziTSXLWGqa?Fa_UuPBKJ^tHY%!Pfmcv-79FFbAGG%@&_oAs5 zMPSh1MY_7qxE2LKw2_EJPQ4e=1gr>HrHoYcPq~Lapr!?rsCO_#WeL)a*)ckp2^#AyLKY2T| zJJW)_KtRSd`NgLT{Kpt4LhHCK9(nQjC8ueSp3#F2cpN~S*jOPm10FW#Fcq(B7^gLp zFYnTSZrmguL0DlG`*B3F=G{OqPJU-_#s&8fXP9bZ34Xv2iOh*?3AE*Jy%bW@2kn(k zJ3poiJgAEg0L^t1FTfTQhU1St-LYji#~Tcq8y>$041Yj|1AA_)jG?S1apMPk%dWby zDC~BTFu;p^7#7uokUDOwy}F3Kn%kml$`Ha^af~lh_JyCiu%0%vvYd*12I@FO0eXTg z%~=*7c8OQ-;KcahER5%t(D!sjo)kq|-kw3&$QziFIaOaJv zWzfk$8TfPpFw6$q8n}0aPmRpXD=19BbYs1T*CfgW*cL%9bIFkm4bIy%ZCmT* z11PC0=BYXVuef*3KZe)NhHh}o|3mYT3p9#OUwFCDP+pOWG)@F1?3&)uQgmmaEU4>0 zrDAO%ES?rg#Oyc^V*IT&^f08|@Nb?aszs+Ka+sALXR~B8jf^&{G=1%NX%eEwC zVUkjuc93+#RK0a^{+Y92-^CKZhT+<)0 zM-GsiE5%dMKYR5}5I<^ZQCSTI(P9mY^^Hgbg(!qU0rw+{0Cp-9lP}U$`|ns8r33f- zzC?)xk)ZEAj7sttfbUVWQ{QP?~kQeplUKk2+Ct^Iz;!uE!8^&qfby? zX`kj$Qeby+X%ZGtk8>F39$KJOAanRaq~zDUW~C8TkxTMYYXk{ zhO$+nQ5;PKJtCHDxcP0?m{}i2WB2(i-qDKz=dCBhI-88mVpn|_=dE^C^zh3+6vN0u z`-!$PpUom?<*B@oyZ=E^gqF}TefVKbcvXrImK?BM{7#g=(2^zs{D)p(pB+?Ba5YO# z^GZ#QhE^Lqn2W<<`V0`~PZ*#*ps$r}v)ov#JUg#fJ5o+6ln!kCg+9H$M*Ds)y;ryvMHf0orAv%Q?WY_~1_QC! zdn~;pHYa{4lYRcwAK8`5oE z%ndT;bE~~d>^$1_?SLV%QP@*%$Pm&a}5Qs~HG;<=} z?E6q{FC}V%d4!Z6inb4aRwyS(YPLZA9|y|YKhyttQ?~hQX{vc-xtqaJ!>4P=qjHHY z6#T;o^{KKyI77!PXI-1Ek4+X%k62>ZL+e4ks@0Jx`Un26kR>Kym>CQ~q7zs(WKtAJ zEa@ezQ3NBYb77YIkDkegFf?MTJ#EAa2#WoaQ!bfl+gO`PE}*_t3Kny;u^5^oFyFP9MS9zWrNF;Ek z-f4S-;5xA!)`GW#n80^2rm^Ez#hXXN)Oa9M{RDQVBCEY*j(jsHWZ7^XdlPbq%LO24 zcD+cT>6pgq4R+%i@|iSZ-ij#sH+Dz{Hw$WO@VXm#0r z5cWw#32nX;9JJ*m^1L4%gtJw|HWP4OgN~Iw;^T2;SCS=tygcqwF=LHwY5+vIP(Mc8 z5b>q!rJC|ioFzixU%@Grkd1bLY|5rv7pJYxJ_)O>7jLN6S;NO~be;vTRV|1564)09 zJz&^a{*??>ZKPqWYfN*9gnWVsYjGkMqzDv^SFF@Db*95~g z=U;kn-Zh-|rQ$zHo-Js@ew=@!{k<0g^QlY4yYL{6fA+w%Q^Z-+!Sy@Z1|#K25&v?N z^YyY&m>5`V!NtBB#gej5% z?f4feFn8rTlba-?oVx;-O)i9}#dbXLPsr_N_mDHTIm#ac^oK2Pz`EU6s(So{*k4TtWxMv!k;v_u5H{^8FX3F&RZ{J=Ll3 z%~-}@^{tCOxoz&x8q?g#MZqaD%+WXg$$>3}p)o55(VKxupiqIt6)da`-$Jfj=-#}- z4Lh0X<b8;jf6#lyh_KHI5Y8^~hOpOBS8#&{$iz*ilw#_!w)#u#O9@*oey zXOp0}J1U&+s@4nUGSE58MWcLHUi%ZK+(Ye-`}BpwT;IfD>ozbQEpVxy$GG$PcA3^1 znL72?#_)*$K*4UU%|zD>(5!vDRTPzvV7dj6EG1{?eRq*63yrP%PwDT$`|m|AYRb`A z;udI;eTR_h0l(e%j|1F~6pOrlDCc66iC(~C&;LnNGf}+bbz#g#u4v{qmhO{56$`lh z(F7RSW^%-6mW_Bcq=8gI{d&&Dl|vyp*AvSnYl-&r9s=(=+QEx5mXfacVa;=H(p0TI zeGjM5jHy$v!3JODp)>!Goll|cT8X&{Eq*U-UnweD1|ZuTctCbMn!2ZE_-vHX#8_I; zi_0(NmUpHU$vx_c53@Nj$B(py&~@d3z~@;?4^0e|w5FyJ@@`yEP@titVIjucvZ0T8 zv$&E0U%IUSl_;un&6yYtsyP*1>d+O+9ymt{!K%!uF&YqbJH`om6e*>UoQ%DicE&G; z!Q+w<29QoH4txtQ&m4uFEE=#NjWZ@3_QEW^-l!UrP!&%TRZS3$xtPodr&adXHNcOj z-9V!#@xS8bp_x_2_4}!?h7sj3q1<6siF7b~fzSP^dqeQ>$*3n$+@DmIei7J(E~cl( z)u4r9y|u5FURs6AX{}v_Y{6V?`IBZ_ z0LNKe2EU;5RJe95BZ~Uih|rmH_GIpfHpN0O`9uyX%_$S(H$2O>hFAhZdn6-tJ82m1 zvL32Nvo3Lt_GsXQo=L9+BSyhh~fNc?s6D-kxtMtqW6#d{syY}5LEiGM8P?siUB zYcJf@#?$Fu`#XP}KPS(sOW8m4IXxA3chG0SFwTM{mGow*03EscA5KzcFc=>D{ZM42D)yUyIZNs(mo1U%>BFUF~Uytb?FFn%8RzcJ(&XAgZdR+qq2o>hdr|5kOzvtMh|G&f=Z8$(|? z1~PrIo$1si{hiyKvIoz%8tbX-^@ zv{SitE}lbaz2fh}=V2q(@#-T}*8prm&(viet7WhSw5D2RocJHl_)2o>Gj`zX$KqQr zwI+DB7un%)4E(X<%lM2+o`azCTuA-n>^RVQO`JZZ+*=yOsXNI6-@f%Rb4m_q>_;oRiIp83(#+5zt`t)ma5C)C-?{mD}Pm6hP?_KQ$f? zo9Rvw>6ljLQJ^@9LVy{cNxV1LxkMXHLxJu5alS3kN0tTyNi*zZ%2BrRJ>U1G`9x&O zUm+gAGBu4f+jVW~aCY^@T$Q|FP}41tpqY_#gf#`}a?=VOaG>-y`SK?%NYXwptGb9}Tt$gV# zFgeBK)jAC=GawsbzxbjRYGzbDQ3*!GdOhkC`v>-^)m&YXcl`=VzSlux!@y(coZ?Y>fi zVg!|(Yvqu^5>AWT z3eE3__3Ra?Hl7H@W53&*VTil3L81IBA-({+YaobFGEZ(hvU` z>cua0nG853^;jGmq9>jIL)b8I&88ccY8eqK`Y- ztHqO(ej7NB zO#F;c-p~Q>5yeb*MA-SuMcHzzap<&vek?;)=pe8xkfLEsQ}sCeSeK(3OB$VWm>*#~ zbr=v@G@KSx1l$izOlQbZt<;LY`j1_P3c9JmVzXAV3q%EZ0P*GRHp0#?BVt<-8UV|p zj8q2F|6ka=9d5diVw6xCQ)xTzi4$--dU`0ftA4WZqJ> zd)xxWLy}K(VxmBfW*NXtJxn}q-b&>V4 zs~YJWf|SrI!BY&k<2&PJDuxvRV@&?-$_Wxv#vfRr-uLR zO5>8Wbtdixe$zMp>ZZ148RECArdnL_2o=$EMd2dJuRAYfD(4esnJU&_C-9l_4P$jS zP$hv=aaFYCr)u=dTwboWqS*(N!r8#hQ%weL9<5A7TzPqt>|{wUIboHGf?MJfNU&gP z^UXsT;mu%ZU7H`BJ~e<48zK+FfRNmyx5o=muKgv@y)w9Sopm!^sQjaU;YSNnR7XcAEkz4wxB`~ z_PlWrI(v^f+mo}O)sd`^zHDLPL^)EZ zrh?(7?K2-H9@#V2H@l_5hUevLIM1u<{e66m8IC@bx6;lK0#&S+ny~%yP>f760=9Nb zj+J+H&$@wvH7b-V-C`TN@I zzL^JQCOjOz9nuKAp>P2!KTh?B^N#<#ED&hjBP>a3YU~eEtTWG>n9o}-ae16f#oPR| z?N(J*0_aU5pItoE)h#EHR9L^r_iY~l3u;hYfXFsb9Sr0oo!6FO?d~aOl;>#}O5Rj_ zl%kH_Ys0?M75Vd*p3jh0gp-m+{cMq?nA%Xb5bteAXPC=nW(L5~ZHdwnlTC%IGrhIP z6jrDoYJMkE;^Z9ddbL3h`BB!&feV-1lSr@*T zDDIX~&mW6=@*^*dH2NSuZcAsazT?%op4YiNp(z|_Ko;|+?%du7EH8=Zf4y&Zf;wAy zJWWV8u3|VTP5?k>H&*t}|pLS~H-mloKed8Mk@3_^rRl=SI2d;!wF)TVHhU z(x7EHuiI|xzP#saR|3kv$8Z5fVMws@vtnyEfRG!SFD_AWe-Xt8cpIVhB{Yu9=6U|= zDrf6&ck*rf-62zipDQIP0&7`$?m!4pH(CjiHfJxg}o$l#Tv-MP8p zCB));6wW{r&u%?iap*sG$J*MSFOqD3G?=ht1+z-`u-_}r4DXMXdwK%Y#XbwAf7n!x zkO(ycB5hL8Y8eniFE(8Ic`X7!vTDr#t@v1oGIcDafL#YYUCJaMm1(IoVfr))_s2B4 znZ?N#z|W!614}Exu)Ii@`)I^{k;1XKG+0;iuJ%-~fHo3>Z<5e`#wYtRrcI ztcjvA>BP86YaYjB(X*!9WM6BB?$;jTI`)`=Qt$*s8_->`HPQ||I_cG&c4WUvGFMVw zZZua3>za_Wp5b685)DH~m7s#DEydZ$2$oLpAz0OGwwjNNYm7_xrynMd82=bC#~|nY zs)cb$5G*b%h+O)gw=)MveE+G$YaX%_!L+*|_L}mpu?iyDO3!2`7ls#61Do%Gr0qd~ zfMX?y;0Eyo2rc~5EkD@oHN(jxXG2+M>NX|f;gJ|Hnu}+tGYdi|F?`u!)0O;m#G-e` zNDn@ED*qoH$$j=Um3#B@c6mK1dNoxO5uuVj6HY(h&o({^rCR6@_ynSkubK(@Gm`%@ z`Cj?xxx}%rLAgo+j3EY|g#59bZN4o6k)$U*08v zO)WRiLakkv|9+QDPWHO0Fh9`N+cOTxB`|^8l}aTzv87~(ZIN3rl3L!UztP744wJ>V z>a;l1)al^C89({!3deF{6l{;ooq3KZd6vR63Ws8uRg%xbGcqIBiy_sfnU*NPr48~v zw#sJ7ei|J0RnDUo=69+Rb%5g={RoC+C85fSI{JG*l$W;`04Qsz1l1j)^!kyuOnId zApn1eSTY>YPKVR29_)2n>Uz5WdmR1G&iBZ1k&y<3)V&=hj9ajMco`83Aowj8?42Sc zmU-{=xBqy?W!EiPo(28vpGP)PoX`^^T7aDRMH+vN=LKW2tnHkGGtV3oa9KdhSelEV zvM~u@13HTc^h z?BrcRUP%jmsNkV9Q>s$|P>Q2kr6%Daut-bwC3T?T5dIm>{ zJ@k*vOJ#GNK33TXKDqGzEU{@jY+KF@)>h%1ff}>9?Q*Z7o=Ya3n)N_6SHam}t?x|biG!NaY zZbzz8d{be$idAlgrzK^F5wn0h#p zIDFgcdT2z3Ds4~(sLL7KbOm?iZ1Y)q*?zE0=TZjhr*yxZE4G9_cW;8W8x@k1AO3VW zC)`Sw!rW5)kM?ET=o-xxIS$4O%P#;*4SvxDoP^y7p&vj~1W$p|pPV9AapXa9{%A^? zz)2{=PhEA+LURlxKvHXBLIzza^;H}v_Rkk5EpIzMZ6^LjQZ(8zmxJbvkXw!&%oX{l z6YLHT#OOrKnS6bG@;eO-L5V~_E;19HnfCGp}H9Xl)!;{KP{)F|jd6Uu^HslZ$>H3iLiWG9PghhHn*$_LE zWwO%uKmAEL)G#{S!j2(^vIJ}qB-yw>o$c-V(gAqvevj>+>(sq9TwkV4k0|zlJPFLN zSn!7O@gNP#&)|L z?(<=pou}+65^3P$y7~0C-gw3!bF}py`0XTd^4*`jhH5EeOjD=$BPDjGLX@ z@XkchoXX}SZW9?<*jU;cwC4-;wfWGocW%J-y(IXTUOVA=x5?|S-Q(x?bYP}46fZxF zm%+f6x0{;fdyv6<{82`9n?dN>nk*EXN34APG~9a9{O55U;I8QLW_uq|$Q*FP*l+`7 z36jK6T-zm7JzazIi$!XGBgW;KHDgW{RaA6QTZ|*loM3LoDX$x~Dl4SXjAL%j2od14 zzVoTLkFnW#u5OgLz5A3{)U-c#?^7^ESrK0=cj6lD?aL zLdK*?0A-}_!sxrJM;X6{eR$-IZQ@+6!a&6{lYX2%g(h{s5t=M5Ny54@HqvKv1;hNd$TbRmKZKQ4>yU()3R!LU61 zn!|q|65=?u_}+Vx&W z+#Rt;6=-Fb+(k$WIk);UHhef^W#2N&W5)@XHkmtQ&kO0Wcq45?{ZZmggu1Yr?3EcP zLy*59Y+dIySctS(pBc1fdr) zrV#ev0GcKCXiJ5BUJyOTF8q}*Y4n^$`=*tYtdEhgpHUni+LwCL1b#K#JoS)q$zChz z8Ilbbc9^Z58sMuOwC*o=8o0fn%0chzh)$wcD@p4NuWeg&JT?{=b^w2(CqlYCBHw4( z2T|K=qJoIk{)W4W9wB!Bv71@b8tOr3Rvmg^_CbvYsZS1g9Ni9}TMXUyM(Hb0F%G@5 zrO3z@DkqW(>9@xEmY|r+(!iOML~|_F&YUEw;b^3EFy8NcstVKUrY0?i1$m6Iga$eV zA@Bog5-Nx2p4XCh05ZvOzTK7@X9WD$dmAsK9bCLjfir`xVY*{g;3KCgSNJV-uY5n} z@@p!#O@8vxDIjZdbYcSL`30n72qpR<8MUdSLkYDI<@j+nuwRRf>G}l&^mx10sl&6Q z2}>*j#}7eg;yf6@)#N!KoS1p@eUfV+przG*zql)pwsywS0opvk)vhF~_Q>IBJK~kZ za0hLc6GyDUVWUPenOZ8p6P8SaTna<}G@|3Ot=rnQ>iCc@7HKCyj=k#p6RJWVZ`2r3 zs$zk{jOuWCs+YSAf*O+S!Yq6ypdOwu2_Rw1&t#wQkE8Z$rIZQk)=!tb9pXH+e_G(C zc&TSAf?_`e9P-Ws^_r9*6 zJ`739k{*#pe3zW+_s}udvgit~rXA=)WyDQ5!$^#HMYkTgwJ!-GK&>`?ow`)!P2WrB z`==8xAmN72j;4$(e(?c$>}aaNAh|0vb=8XWU(#~+vG{cpe}r)^kGxEAnF2T-LY=2<#E}f{7-3ihHX})!}H?#YbUEKu<9Yx$PjP-GTOG?Tq5BZM*W4a_{R3NuuMmXunVfLvR@`=~E#A_+%09Q9Y zU?2_nL(^2FIE$YZ*`tq?(L2wD0}LGYbC|N6XZ9s+xk9QI&|M&0)XtXzuQ^hHFCk)(zE zBK24k1Na|)0J0PnHpIiKb+8tzGP?f&)UK$?GaI{)5VB`5J$oyeY5`n#m!DtXt3IF4 zFOhFTyH#S_YP+1iid=3}p^y82W4!HGcE@)t+1mXLubLj4HKuwZykc&D-250|YMtQv z>e_6@?yIZOSWMskCa}YDrbEBI%qMHL&X2FIvP~-L)~?1Wl+y?H=C72WaQOjgkwbWG z8xGbIC33g77G}Y{lGtX8*kNc1nXP(Dq@fG9`C+U>YkvRGkBIL) zPgce|%F#zWk_S$Dkp?aw+j$bp?jvLLrYo-PHd-R=jsEV_xaBjb>zjrhs!cyAy>z;x z^AU{@`SI{6M>}kkdJ|(NF-`@On^HB6 z@X4HkSxkoKPA8Z>Hmodb< z?C-+3p@;GTOpz<$T26L*_9Qjy)DKEy7`7yS6LChezxCzLLQx_Kq4ufYOHiFaN81T> zwARU`f!oskNtPZjDkN!-%ttD=xdw49sie?f7J19R(FNARkCoe) z?5*idxw2m?>2*88n3w=mBw^caBQCmtU}@n1xyQWHrPvaR>0bsDr%xN28A6!uEy?j)l+FR?$BO6wMaPJWa#v-? zCAsV{8LDBQKb|+3nnT274OH#rPxXt*(pFg`mr{sT;L12eW0tCZX$HtYhzHB-^4>cz z(bTs6KLbD~{LExr9eBgEk`x@e#aWZh);xe~%Mw>TJvf`B{n2ekD<8c~EPI*t1 zW~Plp93de8DFgb$7^n3ju1r+6o84_Ldg3};%r-~mn|wT*9kBOPI=&oTe9EZEn)7@s zbT@gnl4Qiu3oRFp7Dozu!nIlBb9@w;+>$NDM{ z&VdS2vSk<6foRoV<`WBn2G_I*1ae7(xX2Bbw>k#O}sAId9P7Jq^Maa5~>B$&aERO=BLd zY}+~~57Yf_zQ_?yq>U0kAW9&VgqQlACpNx+0P6&OPxh8QE>uptBT(v#0G@JE-;Xfx zJCG-z5#X_B4c~@Ov-Yaqv|4qNX(<1sV!V#WSl!|h`qi^nQ|vmTc{jyeK_-xVpM~*P zX~h!GG#j0F05=C3hspvoB)q6mMoSGkP+UuiSwECz@{@ZeiuC1B@lQ`HH*gMoxHI|9;lPgbTCru-ore0U2~oR;=Y<>bk0?HPPfkumVL6L+J^N3GIC7Y zAKmM|beShv=4MH`BPy4EuaI6jDHTTnroo8qXSX)5vzB6uB2Nf)<)}DT7|g>qiGLYR zNS;?DjLH7qifQB?cH=~stm1(9nRdNYX zQd6QBD1MYwOyqp#?Z$rwzOGaSh={`G9>!JY9vSgZ-4zeCSF0canvy3O%jt@O$Emxqh) z!ZMGDv~@s_*S)#6F3EykYoJKt2%P`f9a8Jq+N|+V!V+jXcLBvpQyC~Z5`C`)smlhe z8BF<5MNyk>%>uzZYVpIY(K5=rR$Z)k2RV9(2S6`dc*kp;Jvb7Dj?bZAe1v>) z)@*o$P1#x5tl74>phv`uobP;p$3}asZbVj`$cVUsaJr)4oI^k*hzMq|TcJWIaa1X_2l%BVyzCma8xj9CMgzvL&%Wqjb;)zFFxvQqQ=khkFel@Iz{ppd0PEtFq$FX6qr& z$^pYdZCsq_87~4Z;i4PWQZ9oS= zU@#sQ8V5=`H@+xENAF)?lm<+UHN?MXwM6%Bg*A^(m0|LzP%o2R&)I%mg+~5Zuw)VlU z3n&iXJ~%kQEdGpP-&>nUKkG1ya*jix{Ebbg(q)Q0p2d;mQiqAmsoB6|L=z5)-zraZ zfkqV~QLX3Z-@cijij*s=F(yh-_M1^V<8&1~eJJ5~#IDyR@sDLeWW%$$>)s}r9*4G6nPqxvuR z(EF%QR4{43qgQQL;G>YR(EW|rrXUpV0cp~s?yKopw)&(*v}KJdbE(;sGQ;gkVg08M zIw}zf78lSAiJbDhZt&%z;R#5AzS-^mC_BmWTz*Nm&c(&aViJ?>YhgEf){pbx;kt=< z&~LF;TnovlUG;zZL#IzbykGk3h=yA39TIQ#;6X9{Xv!=#*bCJxn#u`;;8-SgnAH4% zSmA(qQcSnq0f`kaBts7|L>gG=9{&HjQZ)k5+-Z=&Mf{{$+^j1k$e!0%uwrgw++-?h zBf+o8RMXP$ZoT-*Zy1ZwK1`HIZu6lvWZOJrwtDVK9CrL$1kE;*qBx3gI%dy7bVtT? z(Cn9;>xp#zy_<9{sMvJ<*c|BgV%_x`><0JjQ9#fx?=$#yrKf6S8Ojckn;sm)kEQ@> z$i-^MlJwNYZTKm_k@yvPCcRK8+|bQ=6t=CcfKrqD$m0bP%g%{=IihpZmI^{_XT`1y z<{O{Ai*-Z=MURbqOz5<74ss9J<^9N69FO_Cc2VZgM*E?wPlbO2EvgaTh=M~G6!@qe zlq`irW!aA`SqaQqwEO27In-&{vH_3al5Q(r5aw*l-9a8t4__av`8ixabsDX{Jx2oY zd8@te6;86*m%rhheTxbvK*+wIE=Mye-xa@ps=6eYZzjV?EQq={gY&6Hz^8CBq#n>u z46o>BT4IL8XpF7ueE)0lRY{=0x=-Z9^LiOG=rg=l@32ETqMOsT=KZ-CaR@-ByYb&d z8XU5if2&IUvk_mB+ZMT@t7DR`AlTzO;V})>nAH2%6uCh)S_|C8zpIS}l1sX`MM7zfu!_P8dB(gH&WWvYKZ5bY@J}6k}Kxc^EE-&HuN1Cls7U z8kaP_}@p%73#w(?3*d zMUG4#G0npB_BGI+`ahDcF}kv*Stk?Q$;7seiEZ1q?GsHhu|2VE+qP|EV&k6oyZ`rE zU0vSQRZp!1U2(`j(i7BlaTbHd5kp=7*($UKHghAHd{sk?7&@IW95N1T?m9S1!Kb)N zB?|dbvYiI{r;Z>Ddnw8|ACobt=wk+nIVsgjlDQ050O%~-i0awo8mRt=!-pa?O)@|= z{YUZ7|4~fpABU#pMQQCBURnVr{N&im)JNKnMmQOC%&x8Th2qvG$Twru|LbuoW8`7m zy5pFb`da$DJF8tp(8z`_*!h?LpMIVDf00mrfSq%=(P;~7x8IU>)*|qc0(luKabXWW ztbl4@e+bf8`T~;_8UslR880oPlikz3t}SKAp81Z(5;CCr2vL2W%^e&JIA+3|J8)8?@Laq56R@GWg^&??9Sv2QL? z`>jroBR;A9Y8@H(`)KG>ddXnieb>x05SJ*CwLVbFi*#TrhboC z9d`)uBo}G4%w96WDKt`TuTXWt4NW&d4E-+vJpIqUu1^6`n7AO7Y9Ym?s6DorJ4e(n zPIX`6n&8%x*Y#>e3=e{S{rO=$-C%-sykgv9Eh5vmc?9rI-)EHUvL0HI@v!bUiqZN* z!-m~DmX7x8DAS?bDOfgLZ+A~k%N&oXUn$`9fuXTTS5uFH+bXRLq_$G!GKAaF-+PhV z8#>*nZ@7Ru5JH+mUuI&=oS)gmmUW{m9L{*uMs@u55Ddto#&0qS_0Ehvo%o6d1IJTu z{l;hr?j7|O`Ze%lZZin)88;%MjEl)k`AuehWcSH*P(!8jt|xzypKd+S0I_(Z$LuOK{jCY=SLzFZ_;Y^Ui{l8JNKtCDse<> z%~iE{uIi5J~uT=a2Y>8V`f&=eIiJtBN@b z$uDW(%r0#flqFXX`~Bvitush5FFJPps39CQBW#=h>F0RWwNvQSO@$`A&K#peJht&` zn;U@B6(LTm!9Y?L1}Tz0G*@sXBx#_7VRQ0R?x8y1PTP-`vBpo|=1cm%wf5JrMG)`Y zu%MYL9W)b81!NKX^QCW{I_G`~WirPSn$6VqH&R>QmB7P$@1)I5s>6Od#(Z!EmZ=-V zt1?&ghAXeFKLJ6?-!|xDE3)sA@;1hSN*=(i)}G7sU4Vuafx4Go2X~+|E>fleB9aW^ z(T%^o9_{LZHYNOKh}KTKc@aa46in6!|DvHbMo4mPqM?v1974Z!G@sNCMBx<>Qr3M!BpZ*tZ`78X+SDodY<^&+Q z(Oo#ZcS5H^ZI58k#F^w)@5^ZgWv`#e7p4<`i(x;OVyec6?z2N^BR{Jf7Uq>2mkB~n z23Q~gn-*C}V096Q68l+9H=)v(Kg+0M|DnsRYP-6t67MFz5?TX{z>|>z8uUQtT(hxcS&Ilm{sJeS_L+ z{4hyk$gV?asHL$o;VG-&^l;!i{%lBwfC9~wdsU)W8E>jt=pyaYhW|^!3^qJB!Qk`p>&tG&s&MDWksQEJKe7Yi#phG~ zXRo}%(?2#RN4rK{!8q3e9WP_}@1ZxRbYFT+hb!R38-5Lp(Q;{O@HDN$$j$MIk>^babHZR5|;TltcU%G^W@ zWfUx03>?dmz5}FLUz3Z^M@IjouP)2x02*aJM2tMb590TZk`IJPOv^}Hzz%b>O;K|2 zqomIQ+lB)i2sXx@LH1h-&A?9OPy)S~Bv{DQ=~G|y=kB@;E1-1XBvsS>Hn-2e|6K}^ z^Fn{ZpxgJZx_jcA<`<0M2$b(^HcSu;gi5O-u%=Ym=LMn%Y~I>qR+!Jg09M7aX&5vK zBv?Rb3aF-71*n7KbtrIif%cm#gUD`-Kvh>z)yI~`@Oe1>ZYFI#1MRyQQQl5ZYxdin zbR0=ZPDQ^Rz^g~LkMp67jqtaoyQ4V@(sjb$f_z;KjP8 zYo~7N)V{7#HGYp@#Sp-{C6f*w)fm|;IGmb7uK3wCsZEtkVSvwLnT~iqH3RmT!1`{a z`&%o!p%mH=Q%r3%f~8`OceH--#OSXEDXd+v_x(g5z#Euqpl6T)c-8YtgnZ5@Dbdo& zhL?#pI-1XT&@}H#su;?*G6oHTyP}xWDGPrd^Y5{*T9(^)T2ldsl|-CqMug}k#K9C~ zzA9IlnYs+CW5f6wkaK8jm3j~I%LBALt2DOxIeNXG83Q`T45~4ab4x9P;LfVKnP@uk zR^fjGyu>hme2~1r>NwEo3!N_XMv9|h2aCkO;HwEogS7SCB*ErH1(E|hw|DQEY7ZxQ z$1CQMR8q`AKA=g<`T|{-itgUTt~B;Kf3}%5G1tBx0Y6eC#gWawiCNnHpTcpM^|2i` zs}(WPj4TJ@BAhn$$GHvVWJ|{II$t6+0T_mc4vPd0JAUv^y?GV(@8Sg{Z0?E`JcR+e zzQ@SE(5F!a32U@lO?!Rw_II^S!dN=LE*VH&KV}WEU85ru_uN#_9ygI6J$wvfHd_F^ z^hdPabu=JFSph}mV;JKya@PN1_qiY^dZ!+P1AVmk5N09!4a*y$r+^EY1C;w~04oA7 z+G=3W!%Eu7g7MTyCbJxiFY>r|4>|pdQa~@uH!TvGz*K*vCWxun%wPlQGn zen5wSrW8K7mO`JUW2yAAC%ha?FmAP@m^PEVxi~M)E;Od*>XmCmzyK)LeU`f zIh8DD^!qv}tt`J7GI$tf5pPjfp;Wt-aYI9rUIc<_K%yV>DCBtzurbF0Xl=CJ(4w|r z-=Kck3ggw#*a=(aDWL`BFUUdjxsV05N}mM%_9Bv#RF$ZdOvq4^(o(yl%r42>2zhCS zY5RGXL|{D_5{JuXE=;i}kFUV%{Vp|;u+;XV>_Oh{mt|vs$=XYUe@vfu@~MZe_c!;P zud>!3BsD<6|BMtHJL{ANKz<`2&Y*5_oX|_8xy9ZIy`x&hodGSF#|rFaQnf*DP_N3n z`gA8Ig;7qrG|~E%1L^wxiD>V}zk|DCoWo$MX&7P(1L^!$dw}bxS}F_}**L4mN$ks` z@{U;|>dW)jS2IGdBf^3RKCX>|Vu{%Ezf5&f5+!jqrkwXO)QOG+1d5#HiC02~+u%0f zp#4v7^S4CAd3^MLc-E`bi$N?^ue}rsYvQ*fi#(C_Fa-SS1Qk9yw#1=*W6HI9*1eH( zLCcTA+}RE7C-zpK*%W(({1Mb^CLjgPvNqq`YYb3)9fx{gmQH8$!RI{SMJf!{F0Pvm zb1+rKAPj#jowJsutSQLDWyk^KPa`VsnA574UY zy+wt`8~~^y{%&I8G8?7XWwpv9m0i<%k@YqgxG!LmfrymZg{BG)x$T73>II_lpRgw4ydNNs$y>Wk3#&p$I-b z5>+kY>9$Qpl@ArmKjoH|oSHmo%ei4QQp%pv8m!=^4PrA92KUl@6T==3)PXV4fnkJ< zEDXa@>JO)1qMUkOejH3e_5VDZqR$H?m6VM9)^B>ZyZMrJf$nR~hF24djnHi)xbO1m z9|8pPP^*oZVu?P?)d>ra3xcV-&$infv+Jp79U+YtXiVn{yEP5Ui@ci|`1G)q+mvAl z81|6ZxT7!2X)gu(-IyiJ@oZ~+tW`o#AT6?A{V)<#uQ1dvqawz1|K>D!T`p}G!Ry!)In5^2RO$OLn<`{MhoAks}?!w$g&yqihWi~|bwoj0T zs`-4}-1N3%$~#1iN$U1ZcP;<=k;w}kO69Sq`j?d6DI}c-?nH7%*Ks}EVhcn!ecuO(2upAg^ffAOm4OBVR|qXGrxJgi)NcJz>aOH=0qRpJ|fgdifLMPr9B)S;E&a_#YB_*AS8% z2&F;`2Isy8uk<>vAJNi@^xwl4N|r^mA`+}};f+Vd#v zr>5^qSD7nW8bJ}#mR)G!izT?{r}XQodMsl4~l6uPT|Q^ z7?XKmly-`u2#W|#L{j0oVbfDDx2q2=32!+Rl zP0z)Y9ko(Tp)fNgaw-whea%<2xDn!?>prg}K@<6_G5(%5xu>URvigfB`e!>kD6T&d zAsn%b$ACLf`9_$OSOF7ErP6ne#_78lk)jy2ouxEqj$}269 z#%WY_-CLvT9`uL5AVXaFa<*za7nIB)3^Ncm7{ zpt0ddPT_%f3m}zqPn>kBR|}z_Q%{uFVj5*fSb~?vZNPdm7n1QMbrTRh%yfa!6_cXJ zCE%G9VCzxqn<9@(hL?|<=h7J|;EuK@2dn2Sx^#NLQ#UDW-5l`c^uea!!x7%>2L(}O zC)v+~iMlwB05t6}#elnc$!ZE3&3}l-Ve$yuOb0>Fvrf3sqIxkjg+>O5VY`0O4#Z(d z#hc$(?lw98h*H@Jg?>v7hE5RSUNScYMQkD_msm2lEh;X2eX1}{`Bf=&NX3(m2<|Y7 z1M)y-Q`dNVFPL4NaafwNJqiX@#ss34nW4LIgBv7o2!Q2@^7s4aP0$vi@PxX^XNcvS z@j$|W_NN!&Rmn<47&I)g?`!PdmXt}&Oaoqu(W4BAm8^|4wp1w3DPXu48%enfDL@7n z=JeW%yaOC?d3`=i`PefeWg~-SJZ>-g`q)!XhaLn4$swOv)mh97}c0N9TyR4d1b7xDk6kGTJZ%bQ8aw$c}H z_;_9M+_(Yq*32&F_kecE2t7LqjrT>IA|pLi3~~vaa%sHe4FI;`g9l{M$)+J&Rcrel ztBq=pSi}x%=T7o){n+N+2FBvpoNZnXNCwZ~;M~R_ z1N_0dz@P2vsoOqTDb8ds&Rr6MdKQJ_vYHTyz1yxM;8t2-4!;3)DO*ZGlCO&CEl9H2 zq{9)M28kH@`=I+c$V|INv#o`|!4eW#o)aV16Kls(iIA7%^23J+=y9C0q3TI3j)f9l zw6g2yq_`r-D-*`gCR}POC+JYLIFL4_0Mm%n!>?jRr+X=r!r5ylD1+I2pSIl{?F^k^qE11eBIKb1z0;z9kW%!zrg)O>BH(j08?uW03=&@ zgF(XlO*e9GL6%jEQiIwI#QppDo4=cqI8`zcct(=b!L9MElu}6%ymDGNvC>Y z9kZ4(CzPFcES36_`|Ly}oEhBmfEAHx?-!Q$NYH`v(0;)Eb&ImhYw_Kemj~wspuMMO zfQNTMMdQo&s>{zCo%V7u>LATL@F(F+O?3o_J|f>T56I>JnU4o z%&eKAs%x~*fDQ3Mk^@TvXmSM}jYYHjte6vbs5`+S8NZP42$Bem!~KH<^{$*)vkPlE z?|mP6gy5)8sLVFSoBzQbXb-_&2a4X+g_vr{lQ1QKG$uYxS6+CtP;RJ&JVF$3fYLkH*{&U(Mp% z2$=W^vFMn~=6^*%G>imX#qNL^cUt+QV38l&*D3kZ>(3K5_T9nd0TnxsTvp4%c}|Y6 zRp$^ZeFw-mBUNsh7a@qX)>S}<*d7ywn5&o+Iah?(XYmu>&_pX`hIOGH&r<=>78kk7 zeapCZ7E;l@JTV)vYMUXq;Z_v{RRLM$*tr7~{Jp_VB~I<)jG#TXJ0!=MZ<7{&Myv^nCO9j6|xBSBqG(w9Wwfyg3F8OxEcb%q` zL>cSj)jmMMRk{6LV{2NM{Zr?k`tJ`h72Jn=I9BhfYwfwwODu_XuKnsm)Juc!D|+uJ z7Bgr0W3EE67$)u$P#~ZL8a7#x7D(-HUQ?xnLAsjbdD`*|D*1e4{UcINVvd{X9=w|v zym32c$^BkZIYe@SYvkxkjW9Vxa4>d|mj^w8YkvTCgAi^jgSYaTn9u=crES3$mApm| z*FWMhhi9LL-f4}@;`QWm{xXq;^{!Ou%987j&NCL{)_se&A1*cFZPWGc_`hNF$kOSp z^!_6D-OmK?#x+Ao^?o1Hqeb^K9V>#7HfoLXPuze7)Yfvf*N6a_>vP`xOwjLa;8b z@^8V%dw*a}dWmcqa{n>v_}$<<9}MGcQ>w>Vl`r>Y13-2!dX>0o?a(4_%^b2BOkjNx zK4Oj)^a0LA^ODvb!_GVG5vd+3F1Z+L8Vs1(UQ%fBFfj0VE?D)sf{3^&(yXWvfUUFj z*X_{8T)aZvuEMo@(zJNe44$$2%-2m-(4nFAcJ8pzK7UrNovP!2Gis z$vy8e!FrJFiz@Y(Z6C*|pFaKa-E)Ag1gnZQd(!Rm5@8MB5le-Paw`q5CIc`g)hmF} z-5933fi<~A@cNp@Ge$?X3HXIvpow(A^6Vu2f`-?f-AhzSdRXADW|7QuYC@PE07+oA zFv<$Kr!o^F0*{>UH1gde74j?;GaT)F9{M+*lV`H`S*bBF{ z@ViElsnzp54=SP)Bz>|K65rtnhW7g(u3{YNKMh)u=pwbD8pC-#0b;P|Wk9w_+TbwA zRWp$z)mN@+$~xTJUvjY+#nt=Wki$tA12W!78n0S)_Q?ENW36lvz5vFqPicZS5_j54 z1WI@YC`z(0XIeV)BlXp>pZ#@e>vB`uo2c6zCfHhJcN!!}yS^AX5`4t{ZG$EKGXOCmeLBhD z>-9z<)jvOrG+{|VX>|yR3eNGt)Qa~Jhc{j|nUtiHPHBQTqJG8`G6v}C|4`PzV4NX8 zYdfG%^h-5O9z)iai3a@QF$_DeTZ)10sNu8e{S>;%wh2J`VVpy}w`*R~>61H|FYH4* zXNP#4J`5%Gy9Q_OhhAw}BlZr9->AoH?=(!h*RR8)-3yBvUE4x#%a%BRs$sB*$kba+ zIqtNlB<%15D!Y(o(gMKg4{%-(^N1IZgxduOPR&rCc4U@OPlZlR8#HJkg^X#1bHAyu z<<-?YObk>IVxWT1!;&90Qzg!YnN;9`lEv>6zJ+FTSWcVws$c&rf8EBI-;*du6s`Q_ z{rxny5s|#e#sCO2V!#N<0het|Z3>1Z=mpJ(o0ii-Z6d;@1Jv!$YzKpUP1CD_lK6v$ zib4tQG><(7k?2pffZH$coxSyJeqU%nm<9-n*bVJjusvJqhQ8{h3c{r?lD0F2#ZE(2 zYFAJAv-pNo2hTS>Cz7D|U6Why?AoDiWQ>pg@bTy(6kJBcHQgtc#Fy zz!M5GvuVQc0~EF-BTxD=wm$MHR-lK~ct_(?AJ&$A zTAy6&c*umgiU<3NW5ttM%?$Gp-Xbj*we$~?tC7R<@7ren)+(qg+NBENdKcYKA#IWv z*p{m}fV?9%+=Vjt+(mUVR%NerbC6wX&Oy=U#a6p2XXSk5ls8<tpA1; zVDsRkQ4!DYMh&0n&zo4~tI_OimC0!$WV;JI;GyjRmAn#b%Rc>(kJQZHu8$hUdrC*Q zHV9f6AKErSjEAP{=c@>e2lR4R;dH$5@Q?Xl9pn-_vWUuQky4pMO<+VU?D*-^X~J(3 zu=sf-7P+tjF_9g-*lo{}4c-mb7^A0b?zPf_%l&6M!m` z7GexYGmQ*30+~=^I7RkL4Sj$>+z*e=^R^LgnMcX`W)-zqAR&)bLaFCUEVwmuF`YFvSmuiOeaqi=9GhwzJQ0o4b)4g69aFr8`eQpn(%rUZN{Q zGw_aMe>elegMBiU2JzB~o?ee*tTVODBDnn0ZV(^lmS`Bw1HSotqboN^qJ){pvuHQC zzPS5*4_U6rKDH^AZR|lbw#@{2%3E6F1r~Af3Ao5)SszMEVkIQ~)MxM6=V34g~Gw~Z4SxWbMqHRU;El2UTlDwPK&eHrTZ zA6BsIKzob^`!knC8O|1j+8d`rCd3OH67Jqp+$u@)OZF@oc_PBc1?@Z2;QCjj_sr=^P-?;7Wso~nov z2kabBPC3adJr?^Z`ZY>x7n~`~*?RV(vCcQGRl~N0{&1?15sDCB(`ce@DfJXdW3Td* zW%(fz1F8go0Ef^~(~d-NkhP+vSkF#sShOX0@xG<(zOM<$vTGO!QC>+BspOn;4&Pon z5Vj>cd#DtO12|$J%GEEX7rr9z%1|w)3Z20;S*{Od#H_%~^j`SlVG+ifK22j4KOc*K zo)1eWz)jaW{LHI1O`OiHJOov3;O&d(9krPMhSNfRW2ds2^y9>2Zj1+}?cA=N?d?D_ z(L2jdlc>08^v^C_ZEfM4A8D{Ggxu;9BAn^)18?jGD6ezog!S04(cWxuI`b5ypT`BE z{;dXWo8C*Ff@D~&J5aZA>}m;RTJ(kU@SUJG%M$(+13H=-i(W;bSQS<@T!|gHo(xTC znn=GLhG^P607{!x$15A+zy3zDCmIB~v-KsP$OyNUA<({dV$N+^_=E5{B($4iD?m&n z5Fr5q-`Q%my1;~S`OwaZy$tYtAOp{yI*N3 zI8k=*eEfI~@2iCc)wq(*gWDrk>#<+HEbHj&TW%5bRXApnzowJ|4ky-H1aJUpjHR_D z?*{vOTnwsCoJGF~JE>mY!m^MpX#h zzM~q-H!r}j;aMc*MLK7u@NYh8r{T6C));#5M_m`Y66~*Ng{P(ZlbG$Gy23x<%K&Ji zok(b(E*u{s^{|oA|M$~s(R0RI+FI{x^!6}rK&(Q z9H8;Z`1bEI++5;wt&a3nSJLk<6dfQPs;OOJw@7uJj6TsT;i$==jhQGf8We^x1QZ)c zh#LM#0A5u&*#>%5IRi>dXu<{Lb!gU|P?fj*Ce^NuP*$S;JVL7!LAx^6t!UZftTs13 z32HVJ3O1U+5*qvX2*}ekW|fmL_E)-}0Z25XO-qNhkeOv!7xG=M?11-lJ)krx#tQYd z^3O5MeL*>NWa-_7=k>A#E(NMSGzAOGwAPzs^ABDwdE?1Cr~DI0AtMeB#*Re7sFQQ3}4$zn{{ydZ_!a_8IC zRKknS7y46`AHA>o_xWp-xD?u+U&d_y5!C*(#!}LdI}wKSdnI7N0VLn^YEtL@Jyf>R z{7KDHoiT^)nH+nt&#*MOv&DORW#Y4-Cgj!xW&2pWK5nVnMLLMj|GI0G6wVU>86l)y zM+FOhAl9cv-Lx2c@E5BMmjP|fG5u875!?B%)VZX;8KZ)6A(cM^2OM@!TXJ$}Emv|f zstZ?hA$&-7G5(}*6~G@JH}A@Jo-CWYhq`y8P|P1pC@ zCHf3EM`?fVL#$Zjo3G*IKe%m&Jp;mK!1J}x0G7=^ll$58oy$lsML1d7=d(cxU`{>m zM__Lu>-({J^z&aswWB^^E5=2ShF|i0GM<|}N8YWegGAY#7$ECa*4lG4e-%knT>@s} zB-|jyKYOWvDjRdHH0xBj6d!mG9087>c?)DS2|6YCr9{dl)af%eRGoHij0t>vzcCei zz+M^SB2!{}2kh?JN|z_TEM6)XO$OjiXxw}fB`6ub&or|q{sAEdW_wt7c?m~`MvyeX zGJ<0qof*_`0PadGCP>kk{H&Ym=TSx3J7LSRdeEw(F|1Mt!;qwGF=QgnHhwD&2Z$O3u^fSi&GLfgpC0 z7dku`>*o4MZ(ibs>{8B^tt@aJj{*E!u8#wYA;QEykfKO4D3VG5vD4bS#z9>p$~zS% zBK}X_oIpPLFXRdqriF7EQFgOU4E4$P|N9G8N^~D!;lEM&YuvYsR)J|qxMdRbjsCJd z@FfR;usGY;WnnWX8%IFdL=`r|jemib74`_U-><=7c&>|r@ortXwBD(hSWAK?1ShI` z-)tv}ph{CE%w#&G$Pf%Gj+ux~OegMqFODF}cH|)7AbP@aG=jJ#!Iy^?G+cvqUy@VYtUnSP@ih0ZU=VGKOh_`hT8fyYwe zu0_sN*~-htT$~ROm#J0{wwSiPsBrd{4l45+4q#z#3xL)TBw)~sZZL~zUNQi(^U;M+ zi((YK%X;DkjyPE^d?d;?Pz;0TXLu}siBVsiZS4ceOnT(4ok@GCLoAW5NxOFdTOSLR zry?^VAiAgzO~5^8D&+VQV<(&Lv47oOmsgMJ{#DV%djl@tWz-zy55 z>{HU-eHB6GwJd@GGT$X2oya0h$;Miv$h4@z#uSI+k;U5|mqXux#J>GU>;{n7uB=V) zm?YOS+UP@}=-Qvqc8rUgQv5pE6{^`WD0=K{N#&63#nn_aMLR`RJ9?a=OTDTsLaLwG z%ZzfO9RbaY(LodsXai;xAC0P?T7~6|92q2UM}oxy34QL!d0?E zByR1Q{Nk4|?^V4GH>m5(TtBp#H-~^jmA|9}AYZFsOscNiKuDzIvzM10z{PE=j^XiR z2B9Rt)ucV^X?mwJ)-*FlM*eHwTaXkU!CICC4&Zjx1zMTFf7+pD4`GlV!{#%`nU?;W z;TOAUS%@3a^Nblju()-BoC76^gC?-eV`+`@==?M3$0dF6mPuw%YDgJTPIpWq8I5t@ z9UX8i!5Evi#A;Mj8zMXhoLFJ2&e^sgVIK~VmoVx?ksbkLu?jPShiC+MjGy;!x1AI8 z2<^iaI;3N7QaP}rI-3Wi@=Vyu$1KARU6K6cbVhtE$I=*pQ|UlIS4#rZ=)>a>@_ z@3v-H;qD<(o6>;6Dk| zRApBJ2)YvCOYmVS`$4wO0B5Yw3fO`{12~?JlnCUycZ1R5YaURJTt5)cf7{?NflOW! ze&6Un(jIlTD=nmH>5s)m3gij}dj($aMZZF|`p%Lm@F=W25l-&Sk>vVs_V1k)3Wy{2(!2c}n z3Xu5zJ>E!|&9IFRf_1=V0c@45YV9V>q00UsaEK)=lv1cjqr2evPIRbyvJ#CCxhrEn zt43~N=UN+2&G}h-^G78kZ}cT+@u|R^Mbz88)T7K2MOYf&D~wEYPo2AxY55W)*vfu{ z=)8Pg7{&%Mw#4=(*VzT&>36Y=j|Yu_Ge*GbCb_Y*;oSK2+s9q10?har>mwRm^#$$3 z$hS)Vtk6~5bpl@pPmBlcS9=>?gnLf+7u$$I{+#N$&vQObC+T~Y zH@Bf65p$MV46ha5!<4qP%gcmNk8z5YPs?^F^Ul~K$tLKiy6$74A={p8pk`f z-)U-v1B+Rt24b4R;(K6~-){Y8FaEh2x-*0ov=e_ITQ6XmS&hX2VibPr?_?6V3GJ|) z>64GfN!{x4-u4aMQXX8{cALc9A6z~X^ktu$AFI4I`J0^KqgcBUuk5+cbu^YwCA%-l z-U4U}JiY_~eh1kPaC~)`MBJ?`jXa}AB-;(iAsYhAp#qNF$`3Mhqv^sQ!*n!5PX{)^ZjIRmyA9Zr}tQ3+lz z>yABnO(iCq?U`GRKW2e+;FSj3Y70*suJy)D+rMZb6gT9rDq*G;`!|T=nxPx{ItJ)B zSmXz`;*Ckixj;Q6#<>!bm8Z5fIXw+HrU=s{2Gv=W4Kk}{W9paeim~E&$^siA=^uiR zx3K^&ZI;gZHy0LqXHma(O533IG%F~s6~T)Ayrq>&0v>@c?dZVRzn%7S#tZ(G!YT=4 zPdBqf^hQ-w^wbApjBWU=nWRQMaZqWlmI0}xZwj*ILR*Ef7Rd;{MmmyS*hnUj^gEAu zy&}GzG(#rn$sg0+nO?d6B;)d_cXO>}9~6+SzrrA3pRqMiaNQFX&T1K1t*!oDNv>+6 zf2uw?;ZQty=%k^0aZLWF7(cWa2h_pf5s67s1Ei8M$3SJ>hlf8Fom<#rX5a+KJ0VuX z7P$}|@Up?l7i#r6X*FuK(5IrbC(6at^@z^OgV7n-jHo?a_rJHh07IyAAkC4kn? zi1_UMl9sx9= z7E!n2=q4YCUVes(C3C9e|LGXLd9J^6I~U;pMV{TYL$tF*kHvwnVs--&fNrYRZX+%2 zQPO++U*p0vFBg!Vtxxl>6r30U=+{X#)z{7l(&PJlQ>E*ZO6Y{7-)=u4)HFq3p_%yW zP`t)|BYPcksVpYpT|%>yn{8Q3M{qaBC-q(TL0K#F`?5%vwqEO_p7@@oewm7}Njd&GhvbC>@I>t9j?(q{r#WL6{B<>)f1|XMr@w^B9UvPGtJ<8VkqtOl zp+(qICk&lI)dujaVSYBnTzp{Hw&mcnrs{fU)$xv+?m|!2{x zI6Q6S1O3_}cM+@OsTBHFif&7*m9d zRnz*U%&!N=O$ihtJahBPWy4P|x7|qeW`V^-RlsY}%>uk6D}dUO*q?uKGnjkwFpG{t zZFpCPz>XDcjEpHJHW|Si`BNANWG+rUP^ZZDLDiY~0iAoAnno-?Cq}W%YP9U2m`$os z=?9~8tNuj0bTyWBD6|Cxr9%c-m_Sm}DaUbuhxPKOCUnT$t$@FS&vR`OkG$34f3^CU z6QQJGz~Fbmxg=i`b%${Pp0N^*uX>2ma2y}bXhDHs>(U$~8adVvwD^O+`7vZzD=6n& z(Ib)Q9q+IH$6cRbAmLXl<}Dbk|5|o-K73U{DY-3cl9Ef2kDbRkKGuH9emre%wp*Uta7jcpn+7 zTw`uvmwS?~)G@C}-SD{bQxu)37|H@;hPOXKl$Gp5j{iiKET;71nd`;SP^_y#&e z2oVy2-P?)$c-f?AJ!yszJ(3Y_u^Fk$ITUYxgcdfhaSueTg6RwM+*U79_;ia6h;~uxxa-_s3S#n z>o;>G;JIM~^K0QHu2XDR)tre}F@QpG4+)XOH(@IfTJTCuQ>i0g(`73~37;{U8VUq-V+H$cWxnC*7BPZ!(5^L^u=@fN%xYIE_lD z!StfTb5x1em+Y9{_|s<9tifdIIl;0OF^`0;tKzfwq8!p8otWvy}4rBn^2_FZ$7}{UAva;@_U0Cm6cMupd zm<0a^q?^LLMyyA{TX6h*08|D7^H1eq_a(69i*iD@_HqqEz6g1mV4cEI03lr^QGxQU0&kN+QnBC@;a1Cn*;2CU*A|c*zp+i5la`|M~@_Wjn zJ*62#Jb?-z1Q=tEnKjT}F6&7w@jZ$2>#+C0HR6F|KtlF8ds+wdNOlDw!FKnLwk)g% z4t}q(>r|8Nt|mI5v9+guU-o`Q6vDT6YPtrNFB8%rEC=60imA>y>_0t-14iDt>4F#F|4!aIBv;yD-UuE*1Rzo&;{5%&bW3uTF zZzASaE36y?J7=ixeWh=@HR_x-pe+ThmoB)YST9 z-}Awf*rUUai@mKD`IH$(h8;E!_;#gR^tzD?(=Iv@su~_t;CY$!hl5N;f&X!qZ`B>| z4fHzzP*$c^V>6{um6Q=)i_w|f_xtw8*>3xTrnNRICzWOFZ1 z^HthEbThOXbe)Asorg_kee&kJkO7}%cgN2k%+V0XeveWMCuM!R3sL63jv17 zw6be~)TI&ibY(OY0A#Ip1s6>4^}d7B=9D20IvARTXbyRWzWl zN!f*0MWerH22WbOwO~XrQuZDqOyY1;2f6H_CSCt!L*11A1NA=?@XUKbVUzt5G!EBC zYsZnD+Y00%(8J)3&N`@Ba3KE1mhDQ%(cL+qE6Cw$>D#|c;tIC1T4ehRX{nMm<6l#m zSpAB

    #m z81$e72D+FOEYJQbFC2}qikjw!laKNRt9}QHISK^Jfh;#1>IO09Us^v*yerNzg(@z( zm3WhZEG~k7BOUPIU!TrPgAyiVNMZlL&b-riL3Jp$PiVr5>m}s=-zw}~8->)}UxZME z1(nA(f88Y)>0j~ttc=pgsAFK)veI`me~6}_NW&4zhom=ds;m1%mWtCWe?8iZGDBz{ zSKN!@w6WH}!L57fo8gi8<2%wTFttL+NTqV_5?-^CMq#^rUI>WnY_-y?$ryiL2&zXi+l=(XbthGvP(PR4UFl1SckSDN z5)9&rbnE+QvQRQLO^xh{Du1{3Hze^<=THUNhV&BTSwS>$#Fq#Psc zQXUGmudj7{U!>W!g%NxF#;vE;`r=!eE@yyj88hCe_F$8!`h;M^QiVL@kAC}&N|@iw zdpDhRl24}x>&fxgn?qB}4bI5jZDWDAxy_hx1HXG(pj%E3f>8V$apW&t_)U}=_z8R9 zRP1;t^+%Ixf~p8RRoK70u5DBG>4K&9ld^lE4nL-H4*hh+nwcR-3%U+vK$zT|cl&Wz z8hfy|mwaVI;bJ`g)=iwt0mnmPCeJ?@^lXkz$py-d+LK`uvZ3hL8zygbl9RpaN|8$5sIJ(j}U|(#_=hI@cnUnYm4d&;GUnZYr2z<&^(I3b zWP0M%1ai_SOieADFF-(L0C#8n?Jo3+@ zJRoVX0|Xxt)seqBLkQaVpREV~Kx$}96izuAnz@h=Jo#COXKVsxW zfdt8IUgEuQ8}#)z7|9{!CKB zI~=d1L2}qF-BPTIYeBN5sKcqJhDb-FcZR%E;=C$^YP&nYzVhe`V$hxHVmsR7&^H6}AiK4kosLW-MAZ*d1|+IT}(^!l)tNrl2*c1rCnX zTzbr%0{%l2{->|^a6~{1DDocz#(yscj^~~(Cg3?O4&Mcmei^MHHt}*guxjwzs+K>Wln>Uf888aM~~01m0>W-Qr_ ztiSv6Mu4O8GJy-WIIHt6AO%LX99;xt>Y}>mB-*|UJ{fdmFg`e& zURk=>Lwtr?hrwNbFsr(3d@jD$hZb;_@A&!Sn!m+@(837MgLNY=Qnx%WuW{`V2ps&+ zG}MD0kON`jP>7{*#y3d^(fhY(V%TZPd}MSUY$RhStGQD#Zw-FHB6a_x`xpXfn4}3x z5Qy$$1%8avfh)x>K((dgbcRlyyMb(sGg9`xQ!n@j)#=P>SsNEYza4@#*3uWL!X=1G zWOo(2>hcblssJ;*j@Dpsj;EHQxf274>cv$dW4f8=2J4jgwt1v+av)Hc7rR9xL%QGO z=jwm_L1AY_d0{JsCjU(hjzoVuxsYX0RN*UKVDGM|;$!rf?5N_CqJ*C?MN!?4e1yaV zRdXXra2m-BT$=1f?k_{d@~}?XuFS=#eMkZmVGZXJTA#Nsmv6OfB3V031P$&0wn^J#4V<@NcEF2cEA`VV#FO6o zY0oR1Lli3iRrrIqQ2DVuEcrqpi*&1mi+Lzi^@1GZ62@%tRjb^26B;xLENpGfqsj5| zl$sI2e+?(|sg#eJhwsSDg%2rB-m`bDB+d@KjsxWH9=ZcKByE?;No>(4QZWU)$go5O z6#Es%?HQ1hJyI`$s0#5^)hoI{YrnrL?v~j$ZriSD$oWY7$k3;-?WVVv)yOn*rRrl= z8yP;(I@}?C1=cZs1prm>C6C zY5#lLxZ2r_8qv7KSgKpON%0zQ{AT$_NY)k`hk5HG0{b+7w_j^5nkN2Ypi3ZqYENp0 z5BVg%6F^HmzKa@=IrL@(lACNJ5sDAmu_MetgP)Ufrcb4IUu0{23-nH zS63{^*2*ml%e)6&cG7K!!HpCH=kg7F$_~!>e(E8_O7JC*-jD<5;&{FtN!nIWbv0)M zth?E-q0{f#DvsW0yjwtu1>FrA27gLXtOZHPOfk?*_*Zwp89;%47s#TAD9iG1dPj~=nLsM~LT=6L^BLHXjIyW4yuA{dc(tDoIa713n(R}hqzm%zB%vcE$KT&Qe!bVC_$bkx*0g0br zC=V5q6Sh-T$Fh4XHd|YvQpE*ZEN{X9d96YG?n?V!L&%X+C`xpjf+EpR)~I&7u$=~i z8qIX5_Wki#e0wB!o4vKBbrQBs@PAcPcj0>%iYWh9LR`LY{e$O{PC*EnBH*47ZiYyn zufmu{R&UI$(pikuJl3++KTXVTCQ9YfB5v&>Fw&o@h@tjS>M;2LEOBn86?0u>+s&qryex%07!b2Zf7>fDbI}m#zZP=^Sqzef3DWn_s#khsfyr`qrpbkj=E}0UvEDJ{kTnYK# zmV-zb+4lRd?HsqZgotNwFu{h#GX1t@|Qer>x!!36~w37wnr^Lc43Va>0DU3IS6 zbW}Ru6r^+Lwl#Zsn~$UKnC*XlcR&>}doRx070j+ynO_^o=K_~oVm)rblNsti2(Hr^ zth)xdm*o=HCzz9)krNk(HGFK~V|OfMTlls%!`P0tjcPS%$OsRn!U5cqn|G)~>R&^Ep^IS6;t6Pc7(5qZ z6$`>{u_i^;4S|XzD+``54#yNbZTG8_I`Zf0Llg#$L+#KRib2cz_=FefIFda&V>|DV zuMLY%u-CL6DT0}^byiLB_^i7VusGz3qb2}Y<=_oc&dE2dNzZs<-x$jh41FOMly&A;|2Fkl_A->ff%sg+i0&dZcre!&HP&V9@H(q*B$$Ju z;;1Cs=X2>lIodO010$;A5m*tGF>HQY6L)E9F=flpiTI$xv$loE{1w<{&H|-9IM89$ zC;-u^6;{A`Yg+fiI7+&g!|#N!AkKFc1KMqh>V5kMr0W9U&r~!48(lY^Z{2=lX#61b zf|72c2Lh{GDRJaN@pNfKz7Y5`?0+mK<~#JxZEE0sdlZ7Sh@p{w4wo<#WsWbj?+^gm z>1ehg`5SJ23v<(r>eBUNBZu3)1FIDg^{I&62uJBIlE%a9gPwqnN>xP~k?Ikz7UHaD z3piIqerJLp8h?h;OdfdW0&MnP)VX?MKed@RE#BnXXU5eS-%<^>DsQ;dLLIp00m$@X zpaU1KsjOWZrzhHY+9uE;bZhiOAj?y}S~ID>{W#{}hWu!9I2#Fi1_DqQRYlig4^IhT zD)vA7pIcbLHmpw6FE1b$b|4;AjW2)WJ%L;wzjS(37eV}g$xj)|9l9N+h> zHZ)pCI%zi@vwZJX!F98-*r${pbS#tKOS+Bt0!lp!;lxBikzp_3tY89$9w{iO3)&S9|&npTrooGk}$J*UyMUpCjUtb zHv%P>Cjk9raQ>p#BE!gZa9)t2Wy<~YtPDfC)@EYnycbvdRsaNCXawPMr<||%5<}X% zxGzUZs!8bq7h9XM!o1ymT)ROqW8WWN^5k+vzNoy*#Fb5p?BobCzY zs-lMVyf4eXv^xZ&-+Wd( z)bJningxXrGa8~j?$MDl!Z~t(qi)b!UqQz`_Q96}+wLH&>JzSu(!qM~od%dV`*O{o zX+usNn|nCG7v%AtfXZbOI&Do`1QXL14Jd_b#L52rZmE$4Y2*%(D?OjiO;)C_cSiQZqngGL5GpAPR zIK0k&D?Jr(XcSPd(07#wNFsWg2%e}ob6D`xi8pORHK3+=3F<}85m^-p$l6?WMzt&W ze4BTa4w_%?UTQj)(jqxq7k}A|ayh_y*TMkHF5~zM?dvh$gJ3GXpf|D(X@Fa;YU&4V zDm*ms0vWHytCyHIm9>o83LEQ3&z0K(o&N8y1EJ@bCk$4N79D~(-|v*gqaGGfy{#}@f^SYR?rQB`&raJv!)Ui(xd_*P_eIy@`n*cg3>x=TBGF5Vbu6}#GFqO(~ zmZQ!_Y1?8UNrUR96$arlv73v) zGT@)=CNRW}{wj51KwvEyDg4{3)kcWbu`)2nT_}L8=Dn3VJB~cHc>SwF^HexOD_$zE za}S=;K7(M?7-3z9ThhHGcO$1N^4Qr;mb~%%1f(@PAHhf8n1h!KtV<|G{UQm28u|st`YgeY1^+E zE5gY~608&-%~kBNdhH;N=;)>3=ZrrCf&;0(;_S}ib?WpaH2F#W5A3$u0PslXMY5X75T+9cNOI=&zDF|v*BP4EZrLn*~QfRQjHpd#2}^ipfwGRxD2w*Arr zTwolkLyY`bW}LZ{J{{*?p0zQq0E!P|?1VyVo$TjwNTMLxC>o{6@zDMrbU3u#p#3SO zO0wE#F4|*XWKjpZzZUr1Rczf|j5X2f*m2#RG*OEEyh2r4jN2No1xG*532~rEiZiJS z8XFDygx;oqAC3;TEB(osq}`ciU(i8|Xg2>*dzETV`NM}pu{OuFFk}>%w{@SD*9F(R zy|)McC2k=l@5f7~rzwifqanA}L^+kABUd^7p9cNFN+d`7qwPoLOh zrqHB?I|t5^1aZSt_CV{&(lk;k$o0gR>e>3P)1SimL1KU@fv~pT)Dd0=VQt3#T_di` zTavze`y*vqpQ_b%?vdY)ggR-*xYB2Hnn$jd14cStNY4}ehCm7oPXbBgv*Z@@F4N`# zIPBq?;9~u6_}g?hFEwym0vM3Y%L0>X+JCKqlrL&R2C63oJ~u%^#$bCaVw)0`EkNB_ zg|?`lrP#h^dEpFc%#Jn7&%c@_C?I=avf*7+33qC9omhKx_PSU(mdnd~FK4yNxq+SJ zF4gqsjqIktEB56Fl3B}H3fkFtsK(Or;gX_6vlf)8vGNP%cz9;dzxF7A8Lizu*7xY_(SP z@m==wu|y5PFQJEo69+B{fFMd2olDZs`J4(sZvKF6tf_ui+Y(g%9%jeX?oSE}GV3Rd zz{KDL==6{T?&HfPZW$J6AKohC4M8(!@T+xoI$uJ1Gp<&uKzDeQ z^7!{{EHwknzzSx7(k%Gt6TEu|MF zSDO>fen$YNU-0(7?>7ApaKZ2*C41%}i;-e?=6dEq9iYJf(J&REbB&&Hs)SCG9n$o0 z7Ckyx7HFG~r9#x&{#IppEI2S7P{eoa?luI2VIQeFghK2;QNjyDPNmg?zjCQ01+T$A z8R;XR3MBmp(G4Z}*xPNv!cqge&$qaT(n>cZf>{Xu~*BM(c>0ScXuFAGHvnoz!=W-3<;34B;-{-EQt zmVn^GLCp1ehVgJaC%wwu@7TVvx0C7*}Qf0bv+q~fI=StJ<1N@?cF9Y`C(@y@fc24|I8PbQQi7x zXaqXy_Lr+AParKq6bG4M|Fio3u9gWQL( z=wQrnekRN#+v8FRJs=}#WDK_%{Ah4|+P>BI73%p*avVBsa6IQsbi4vQZqNvw4EZiU zi}iALY0r7u*O7&gmngTpa{TS6Xno#@`$x&+rz_P%isysJ%CY#XMwiT+&t(9J!ku zD&HQq!?S)`bufrMkHQQ#TgajJ2$tmOcRrpakw*F$cThs(8T^3(v#* zWJAMgU@HT&ER1OCy1t#uZ+K-q#mcHx%To=S`jP0?Ql`qQ!ohin0ZAlpW4s^`FL=rlCtDmlUc1voOSAn%oK?j?QkOB! zGk@EvHS6+9cW^kKC~e5lvHba3D1qXk*?9RR=<5I8=Kgz!^N#XZiYIq2MWDinWU-s@ zc73=J3SsLpq4tFQ=ZTliCJygn_H`2ZuF3hAXtrO-(+NK1qv2;$qY4LaYkhGVR(Qf!)epKXB7RgM}{wC5~&wv8jsxI+xVMxa9Ru zY2<7(^9MfH%CRXH?+VNTKhgxTGLU-=w*57?rVkVkBkh0W$KLQ}kwu~CV+XYiO=sb7 zEoc#lw60D14<8Kp=DHQQIJF;<#aLyfPYP~NI`E3VTL#PmcI^j@{0F9mjVCaQR)F*H((w%7-2mPnlCFsIbafkCAsag|~h$D^Z?7c%EtcE(wILnw{+ z&o9DL3V}@*iG~UKPFGVTLVc;)MVc}#hHAEW$Em}!re||@%=hz5$RaQ!S$ibeMVGIH z*pbdvwko%@s*fXW%#kxLLkW)Rx>rvP9v2M}<@x;C|F-{$2-Ydq zR;p1oB4wH9I9*rUf*W?hZyExoLOH$OcS@%!nxuGjIYh_h($QA+$apR&rlFip?a4W& z!$vAIf?w6Ja#52p+9bDmXH6tEZ<(4FG#-5Q#~iFA?##heL2+2TQ29*lw50@CmYlu5 zaPAOn7|6rSMUND3mFv#c0Yo{&LM^J6UAbC1d1-&?C`+w8soc`DzI}Vte0~3_TrPV_ z;=}E;OpFlgUqw6$o^Z*m|Ble{DdHB?j{WBhV5Og5V23i z%?2z>ym)38fNx#9lqCAfcz`2k9-E+LuH(xI@8r*0!E$W{?tmEe z(%Ei!i9-IAJw#Uk!}DbkOIWX{^CrxO_F-bKG98;4tJ6oX>cO9O;cz1gdwhq2z})8U z=}T>N=gwT^U91275RMcN;yPY*P=FvI8dhGd-;RPh^Ez9LgU2mSnE$~);us<_u6W8a zrh|wR?n#p*%bwLRxrnHpzB5t~(V8FdUavk4n-S5#1-j1)Db+e1bhY*>;fK}bqYT{-N`sl@ zcr0Fm^x&K++xFd_9~zOT;#5*S)wNR`%{B8Qu?NXQQQ02osCGs|CE#VIFdCnNJnWi^mxE*aQe7^*DVsUK zfn&mU80v*+L)$ZCaW>evZNdnyB3U^Tvq%8Qm@>6k@{J%v)V&ZI%wGC`OnqfooK4Sm zDems>TA=9SUW&VwV#VFvin|pri$k#@#ogVD+v4t0+`et^=Y{VtTzgC=$z(FgnS=mk zElT+i1=i2=_9p7_)*V`9p3L5ekgtAT_gw@0D$QnEGxGaZvTi|Q-W#JsY`b&sv}N&ze)}HyAIjv6H%SQ z4nEX0@f4w%QOS|*56Ynh)&drFF|MCtX!#Jr0a4JLtWd6dfvQ)#T0)3p}7fL6ybQl+XD;uIYa2tg%^?yex4%DEPKk&WLO*; z{Uq}g?LjE^8|^&7nU$Y8sUfz+-cwCC^HwL}VsgDYwUFrYHih z8XI{5l|bl6WR1 zOFDsO(?0w6S?rpu5jrqEa(JrTd(tSHxk(|E*RKb!25A$_fK4z1oTfY&927Y975uW2 zQb`HUjZC2KvEmw^tD)d>B&Ck05zwf_zb0naF0MG&HJ!$iR&hmUU)tQ~>}WK79|76- z;kLCs4_!VC-M5+g-XGPqjS02h9^ALFw6;D!T$g7q`??#9WwGJ~4UE@3lXufWSM;j5 z_9dY78Q%-yHXwzcW*?F3K|cKQgJX=Hr@R!%3|Eamb3^UhXrWy@BZ=q(ZK9h;P&B-PT$F>t0V>FPqdWA@xT zS_U|pLM9KF*(oO!Hl@0aJyn|K7Z-}@LMaz$w=M#&59CtRgj12zmU zjI@+INbteld&ekMX>r%tZ^L?*7A4FKYZ{81a;#6fU2m~VmYR6yZ6p(1oaKYf)6^@7 zf6$i-Rz&7TKPWzCP0==_$ayOibPgDO2X&ddoJjp6pG3aO6KZ5Rf7rOfxL1ENGQTK| zEpbzu)TlND6KEp&66Lr1GJd%1IB}?I2!_h5n7b51v}d7c*Ouc0>c@hqN*lM+(jaAx z%OYiO5E7Tp_#oIZJk@dbqYW*v7%(`!Ycx3X#(NBmBU$e#`RplAykNQNE{`mxcsM@; z`rmiUq}X@N47jG=BO`yYq9 z#}_%F7EH9zD(#WT=X(MYkCjv#<-Lcw-Tq$G7ld;u^g5ZSN7)py`UjgAPJebRm!=}O&LNK z>>}=AnTl1tYSc?GoXMktkxWC&E_;Sy9uJaDNYulK+mozAV$uWE7D4+ka88d-pEI|P zE^w?|{S$dhB7ELxW|-5zNsn5UUz%>ZV$yNcE|5|w0~{5R0%}46 zllSx+xbc~;?JAZ$F*J|Y^c!&3A%fd$aD6mIDAqN-r= zh-P0iF>ef47nU8@7gP<6zPdB~lH(lDcML%K#yghhb>=Sz>q&7TN2&MY95eQfFZm9qh@H35X0crbI{ zeUraG>AYdeJBAu!2Kh`Eo1=*4n<~$5b$i5$-^-sO2Q;-;pk56bS6z?x^s(p(Qf|!@ zvaG3krOIk}0(6c9!pg4f8W$o?Z$z^ODgKC~HA1Ah^Cv;3bQ|-_LCJg*t#3#RWv!-U zBZ+2svENEw?-h+tc$AEbf3;oZ^B=8k6;+&562x+ulhPlcPCFO8k6bEk^uYH>K|!SI zevC={MY{Z`*?Bn^Q=$Yhr9?|o$z80KGTu&6!fImRjd#Sp=YozoI^m32#fU!?Zp-!t z+(q7{Yp#>z2iI=}#VgL08O!@QRCs_v@3eU@6#MLt}qA=|RMhU#>DRzx*KZ)aK?2-FgQ?WLrf; zcA^Y2ATz%jA!~vCqp;I;axehN*K8~Fvk(7cKe>k;5Le3bGe{sV8gPX8h5m zZqjz{uDipo4lN%#+tpoLp*9{G^?(%W9j-KG>LGQ?w4>HieUJ~tV_}ix7ZgvPh2NYc z*L?2uIIM+|AHJ2i$M0>d5r>?uOZ~A2=lyl5+?vTgF1KU4$Evb#Q>*p(b1-WjW3%IP zFdVC!f1`m*-&vz#dD%t}V!-BQM*L0iIo!g}`qXE3oqX5IJulj8i1wrM(MV z#We4iE`64-NnofPK2$4hp>W?{g)$DS_NFJ1@1tO3bOcyW{ZfTv>1@FDn%#9;5(<>w z*Q}PzKd$vExc+`4uz?)^Xv)or!T)2jW!b3F)os$?!3_hn$Y~Wp3IOpXFiirejf+hO#X%$@KR7V+YJe5xuKVWjJ^n&jJ+uje`NB`@0uzur@{HR3U} z!6vSvUCtp%_u`m z~W&SX5BST8ZKO2XDJ9F$ZA8%5uv<8Osq&CtV$?5voE<9F2-A7@yr@RD~8j zbqi45!ThMB00R`sEF9D9Th!OI8wG35t?!(Nh?mdsCCOED0`0{Ytg)czM_54{f@C)Sr|$^t<}| z8gg4MbA*Pm_8vga_o>i)9|nT!AFjWRhyxV2H-u9a-Wa=oy0afx3zTJkM#rX>83Y*f zkF=0|v(2HBkPU=1eo`#jiZPoLSIFWM%H5tsMV z$&fB>XNT#`t=|nRBBdY)$ld9!@MPgko;Xgvw*4*Ec^KoY1g?{HNoet z5$&Ba=AK4@lHWGOwFT@84`%n;w>A@~kB=UR_!fui9d^^@g-7#wex1~buZ#{3~?C+uW;T5V{qzb<&raAkp$!F;<9O=n-qH&mlp zd3RH`4Sz7cSBC3k^-V+!B$FUS#VNnN3aLD@ngjza-vl4OyvcA(v7)#;czoY2IVr5> z>-u~!?dw7a`l+kLIiShqY~CREkosdk*GAsnnGg;~V0Gr3TWG8wu`~gyZ7d5+48@g+ zbZU1ujShL^#+bEyNV%+nv8Z2BH)+_(&1}Icc!7)J<@9Yt59(AYm|X~I-5*;dt6mjw zd_X;6WW!mqw+n0+CiZ8~Mp13zC5D!Ejeis!7SrLj z{X=kNQ-DyZMLNbbU%Vq7rCH}GsS{l`4e~<#MV*8&W|@;DZ3R><^NE zkX8zVDNd_jI<#6=+zBMh?AVFg!4w9XtL zensy{ZHFrcNo0;r95;rUftywP7`HqdB5HkJptzin)T>hHwfPoIvX2~}`7NOD%4^qN z){RMS&W5Fhl`E&(WaT@u-HhKpz@~K|5Av`5(b6?5{A0;750r>Sp@;$DUmL1#1`YXZ z;Z^1_iS?=otxIL}Nf`TPgWD^8eX)R}Y#&2bW%D4XnYVt1{e*PZ(fjn2jgNIPUV2>P zj8L7%kvFT*qVH29vK*u{(ZHv>H0W7Ewc6)qBv~(R^tm3o&&OjEa_iD@4}3W>R-Y zkEEIDgy~+CDIdFl-EJDFuU4^++y}@&4tMvl|kY%_Q*XBNaH6(=avkr{Q zgf&L5`YJ|}MHQpDe-BJ#&dj&z&ZQI9^#;`Xy$GU~y&`H=b`ECxcwkGqQYB?C^k6%R z0j>qyr4z6*{Tr|M*F-Buwyv&uGW*FYq|W{qkCWA#qMyr0TM?(C9{8j2^oq+%(c{K7 zhYylpFG!~X)&+sXzW*JO5Wq9~>Vu^4DQVmRb%jK`evI(jj_L5{VuVM6l#HTO)wy8Dr^B5xO zPH3a5hiAuSA4_VneYGXX{Q1j@6a67jkE|e|`u01nbph9(~ zA1Xc@>#ws^IS&=0%sXI$`Bqv=S_%7nq>sPukJf4u2^d^Hx~?@W!Qe(Rd^oQ0RgC^c z21b~W((t2D`Cu8;4v5nQH6E9a3QxVIM}V*_uwf~^c(|1cwIbVEGb1a_r%p1b{2_A13xfKgvu*_J{ zQ4(6B@jHlXDBnN!a!gR?`JOrwZ<;ls{79wJz!pY6hu5Q1YR!oCAGew0MgKaC>tKg* z-hoku1+F;;bC1Li@spO{xH1_%ZQxFfA?<;@g3Z zC=;d*1!%0KBeR+-?J7HHZj2Nt}x1%;KU4y~U2iNWv{-_*{obe?)ijn{Q`5K0VU&>bE= zaPr}cE4;j?A_#D~pDOE__0KV)1stKTS4(~zC$Zn}v)4^vy53Nf4+a?d51PuJvV{i{ zCi$4Nc!NKIeesrWyR!s3*?*I$HWhfY#a(8V-M9G0=(C{IWFqzT3}V~$J7^XZ8`c^M zB~Sa+(mck5tN$jk#r?Pl|4abmNxA1OSacLfkv^bIm=@n(40Dx5g zS$#acJnmqM!bl^mmWN|e?N>4CNC{u7&9mIJjp%JZTAx@U%j#62GaK1|ZdAzn*N>r) z6yy-0Zbhd-bo|>i6%py(K6~kPZ;Rfgo=e9s-3eXJE;Zj2 zI9{g@X!#S|+peHklr_U}s2yhUZVmmqQn(R#q9t;%@>RJwzihR+Li1zk&Ga^}p7gof zDsDc!Yqr>olvuL9zQ)y2QNAA|NJ@*@GasS#dc5n=dG<)T6W5t#_DNQZ6(JW}q)f@f zhu&)OZc?|4Yq@A@Ewuf~WY02N`Z z8&(Nyj26TNLmQ91(}eHjZiyZ66GoG@$;dY+o#JkCe7lB7)xSXA%d<`^F~xPY+3$>8 zE)M;EnyikZ1v2MktS5}nTuA))Zo?nN1y}T%Kt)0^oN!L^G@`9WGDZ#`#yQA?a!?#%hg7RN`8FFJ^P^n6~!*%Af0GHXUo@c)>C z)AKuDzEUeeIN3idG(tR@XVSlksc`dv^>QmMHewvn;TYEV>mkaU2EhXU?e7ME@ zcNSeX`bWe+6jp{~y5RnJ+@@V@f$oQrM|-XhxHDnSb+O5z zaIb~^tsKIIyRu|hVE*aJLuD5pOcm`c3k0*@b&VnCO}|gHU2o-~F?vv2;#=teR8&^k z*E&!B+$0=5rXcdkxeIGFW4jM@`Rn1~t{tibRw<;ga*PExomolMts4s zM;BK@;PgBy*+3r^e0_39AYIY(V&03_crHj_&eQHU*44b7boJ3ik8)b=h_HOvrh0zX3aM}{^o(d}rlt3i^1r+vZt#f6p#w^&D+IE2HSfZxTEeW^~ zzeI;-%^4WR{1^B59LTPa4sIIN!GD_*?v9Vk#PFB`-O8e;Z-CCOyGa3e{#l&elO!6> zG~<;H378A4^f33F1!^4*aII$El~<%_}ifAFWjLz zB}FQxD2LHzqwNNfl+h)!%6mB2)K?-TVfwMs;f=sVcyq)V=ajK~PbCY@nq_&-hsuG` z#?DU%iYE<%Td0O@Pw_z{(t|O}{pBjtj11|nCBfWwvgcKF`uG>Ed`_rt2_Qp2q__aY z@vi|ojDJkw56=CF9!((u6|PESz7;(8d_=k0s7YB|2IFh5DW&HXK0A*An1deBehX8u>trWVQuy<-o?#JLU}# zYwQVDR7tZ7VydC^EpNayikl&Pi@)BIUeTBB@IBDSWGUp}WXq1NwswTp!Tp(5(ls%{ zv#$9m>Tk3Ro#yEK2J*MoZ14WNaNE|ZKL$=xpo>H}X-~7-B*a%xNNIh;0XC?q2DcJ+ z>ZXEh|Np0g54&01?!Tvk_U(?9>pz;x#@={Q>ZzSu(}0{@hmoh#Z@Fo8Z=%^Jg+fAD z*=4c4CezJoJrO0v3y(9;XN<(5{`37i(c|PR-6Mp>8wE^Y2z4FCckd#1jEB#?wmsB< zT|UVmZ2-lqtFg?623|N6ZkqYHG|Uao9aPpO<|0bHskTFT{ncm>TliytQzA?5w2=5g zOYQ1b+>;xU0q0@wxS%-dZ&2yLA*PrP&D0)h7VRuHci zEiOty&(?A(U8*v^+bW3i5OFmOu}Yu{SjYp#biT9gFj`EUe|L>ND#PP~49+zYb%f`i zCzgP82A=8*{-m38;!WCPrauq(R;pSc%#A?k7t7wzN5-_yj*g?+q^k42QZL1iL}Lw3 ze$KUlEoQH1t4&y*JslI0Y38))I4D0%q$YgtA$K`6qPLY3d&3NRn$M|$C1Y6qzh|Kk zKpTC-N+HXo%UIC!vQ0rNdnQgIgF>7i^F^?*xK zRG0KnnXg{K5q(rrF`a)aXCM#?TxiWQ|2Ys7@9{Nvzp2Yd(~EzuW$J2>&wQEBEp&u}Q0fVWB8N~7!D?;Lc)3We!% zz#qKYPXU-Uw9GKOtcCm~_Bgw&vPnjm-V94ET-bC(De7BR2TBo<>8{$9#2_bZ5bjrn zNV9-7BgpA{6__+xuK(Ue`ha<~4I?qxIAp0$Fb2a~`#sQz4;&`udyQ7x*v*ju+_DIy zZM#Z{m$(^{Ni6bNYCjBEW-2*hpCO%zWyAWRgP3Ea$%mVboG+*1Z{A0AW9_g-@2hX$pVvm%hIYQPz7+XfJ63rz{(}L_-{L5X?HGxF))QJ%^a|@1n2|d}L4F(Q^ctu@&sz*&BnU}1ZaVT9405?%jeR@a0B!<=ME~EO z1OR#9faEn=tZ1BikQeF}Q%roS*E81PTl3d{x1qw?sVMC{zeGDCw5l0qSYK8*eFDCVmSD+e^-~IlMFi`9 zMbr@77fFt*gh8-Snfl{`H|!C9h_z0C&U=eAsPaAgzyjS#0y#b62Q_ANkdQ79DCR3e za#fj*w$J_q{fvK|)=2c^`;yGy7J{3web)T~Bev0h6ySh|<&?J=olPoM{yf~XXrE9} zqzBkz_L_S2p8qdBG^cTeL1g+`f-i&*5Obgb`dM68XVO$6O*!Z09@`2%?SF1o3j%G9 zeVVHd%tN!DU~?uzV<6!zktT-2Lfuy9>qzr({QY?WRg(%ZC+vLL?Z%QC`9JNF0W8F> znu&>KAv*vx>h000D&Z(`hAH;)=a4u1S(v2jN|lVSF`~I%Pf#*aH8~IFf^dz@&x<%v z=aM*ev>791Qgg$IWviu1Y@K%X1SQ|kq}o(korSY)7hAn98M~i;`}j`;-;p@~vvs_H zsn}ITF;QXUJGuDEoInGePjE?+4MXc}3eBuY6dH551Q`v=bQ|JRmtZ$D-z%L*9?v7A- z59x5n+mKU>#kV~cx3HDpOCHu%)YHx{KdIi|Rp2&7^i^}tDxIk{39LNXBUR>cOSE8j zHLvW`Zkw*6O8G=BJ*Zw+C405#sy`H2JuTv?jXAr1YVZp8 zitrW|eM^c=T(goPR0hY*c<>uloTFtOUDpJ*L3`Xy#0KljVZ-u8CZgd1&;PEG=~)Q_ zAUUTm=NtxDHd;?GWD5pEpG*S*D{HiVFl|Lo!g_XwJPsU zK{GDqZ9JY%Jt74A?@xDm@$>$+-=Wq9|KWRJmhsc`?%i|EuJnUQo>B^eP?RPcrsA$P zioJW>9aCgyJ<#1qolM@MI2Mz{le7Q z4Z191*um|Xjb-@Y`}yh8X5Tw=1Syqh9SVDzkKaswy8xVt0Au1g?0p!>$>=G^FV}K; zHlvVO_n|pijvyxDo_93IKRji^`kiY||40M2?e7Pd9uN}0TV#wf)3nVx)Nip*pN+;x zZ_2DAM{gO9PbOY;8{obMg*XFLuD#3mPG(VbDGHjc%K1JNemH#gvAVw`ex`Y1_H{8> zQh1p4D<@w@5j@ZmJaEpm-dIe`-Ct-=cBQ_jhg|Xcd}DH>-9R81c82&>d*yulB!@be zIT)0bt=R+~(H=3>F$1i$xZKS7G z($CWZCcYhKG1<>dflF()V&3$PQ1h$Prc*&;0VkF>CCWi7Tp^ct>ucBZuA>iYiR|%0 zCvBqIguUh7Hvv}*PfFIaS8c~?Hu7Es+^Ql%lX*QMQHcac@H&@FVw(|A@rp>gz=qUR7=`+&a-@8b z7}n0~tfRqzvG{9$RPxC3qsUbIkn|JdNzzKW^QfjST`m#hRqHeJv!E}}rp2hEIN%VI z0H|5e=xb5p#`Y`vZ#J`*9$Ee;E#OxMTDJ$u88F$W6Tl*db0g6)p<4e_His_!k(F80 zs05F8<^@XEZvgWv0~n@Ru#iv06{l5DmZrhB9bsL!hG?mHH{Ysf>kL05*wUSu?!Mvm z%v3RA%El{&`^~wLx`m5WIXP6+*Zdh|!wobn$bcSlO#s)`{vQ3CW8x(G zqF@&)Ku&hW5gtH+MJ?0$xpkyd)#Kfj_pS7WL$aqmNnigWQpnsZL6$Jx89?|iV1k;t z&PVGT0U42Y^60-v6}o&Kc>NDhpk?$!rZa(l!UOoE4`oB)-E!yn zIevM>G7ybKc7s*grUf{Z6=mnU;|938K-{u#_5aQHxh;n zQ5XyC0_!OZ5UyKgR-n*II>|BMxxQu0wM4lAmcazf|mWyKW4C#jgA)p#4<6ETENhXfN|5$!evM+3R)OcJSy~KWE)z$3$Wkl zN5@~lUvUt~!GZ#qVhS}f_;wUx3Od{)UkT(0-EC8fVQ?B2GkvXutX*+Y=2dirw#o)l z1pc|LOF@QL^wIMLP$rok*{JSswFXppTK{Z(JEJ(&(iNB3OR^tS@jM^F>N|Yld%q5h zNoEFo6qpTF&?B4^$Et4$3``oaAT;gCX;uDp@I}OM|O$ong&ZnlF`#93In$+PW;JNly@z$$ysV_ZRd^9eZ8~2yB_rFGZ zr8-yl{whucnE~YG1bXOmBW#y0c)B73bi!qjz0Dz!@aiV~{`OFeux3L`PF+&n;X(b z^ts*_>bB8qyJJ{g(QEa(1Wj+}>;GcQo_3kbD3*&Ujy4Cq_e$Ks%oHAOgA(y)$p21g16&_B@4z<2+m%9- zL`3{4JS*X<_IF}Qw5@&8ACaL`voW}THG#i*<&OkRE0{kkfBC}^w~|$+!fe5AQRtw) zK)=YDT>ie$WGmDKx1lWf$G)D62FkN;U79{@|4c`kEiw}32};kqhZAu7F}2nYA3^}r zB9}xGxf27ju>WFm%|YzM-~bFxhm+G1OhAhx>@3S==j|^?%2#WxCYJwPKY6{f!{=b#ziUj3{3gX{X32;h&G|g zWg6%-*YAr84h-g*{z6I6UaDKQ`Z<}LNEiaFlB>r#m;#znm^P)fRTF`d)>pCi9T+S!X7Bs}VHcZ^mhCEt{`q2iW`1|_-ML(S z2>FlB6E%?SL0r=Bcob`1{4K>~c@BnfhdqpWZgV$%r zsFw_JVx5ala%|2EWLglFziqA`mry-45w}NuDRgHu)K59%uZNvyHt#iWhILP8j-BN- z@7_%dYQL;j7`>6lGMi2X0pBhLkT{#}{uq!AX>`g-Q~Z&eY-J;w8m(K|5T?(|Ym-~b ziM3hrMfn_9#Dknv z*|^_eqc=ms)9EDJnP!7yHC~ zgkr{Eu}JTk@Yh9da1iiqX0&%1PP(UF^qypYNN*Oj?B9&eckHC?1u#@&c+CDC^mB?MsSK%2x_!p z81Zxcn<<*j=8yzO4kgEl2*NT4vR9C5ht}UZfbxcg*W>a<61HFUbv8fvU{uU8_DH!b z4aPBc)*Fx{iM}=NcI4YHvI?@OYK(Uw_{mv~coqAWM4fH{LC@tPs~KjVXNq6N9=Vwv zj5SGx?coHAl>}inR7DMxBI0g{lh@kk_NgOfY$Q9n1o&C2N&?K=k$`oA|9Fc$vO!QE z>`C)Ez#^Fyb^cv9|CBTB@Z?yw1sQwR&pbPD3Z%p#fpJcxEZt;m@sqeUPLYc7CrJVP zl+b-D6AD+h3ctVUFdWQ(;hy)u6+Py(khc(E)S|V}VBQ1SQBwRJbU4$Cf6_SE>qEYT z@nntO5FV#~MFvB?#4+8G_j!lKHKKRF{j%3*npx-5sOZsOEl8qlY-IPi(3mElrEb&5 zwwq-PFihh8Rp@201Jh5RxIJ?$NVJ}nf#SSk6byMZ432CZcj2SpngTxiuZ^?X4v?iK z0G)&U?N{O{J1B=OsZpAOOaFeM`d^FhV|F~0Ygr^%F!HT63=Y;A)SRZuQwPg)?|@=g ztkjyymCqmn@4mDcseJN$gY=`Z)V0L7y7i9cc)B~HJUb;`w9pMQkyt-`MvZJw9c4PC zE(BC-(_JDKaD!C9TDT+Z&4u3~%=gzd7_)=w>On_J7G@39z%ti_VWQXnB_OYpgzME? zTnLxTDkXupfV-$e)bSb=%EX5Q3k3=+l=FGb49JKRm&G2>?{J<&o~3QffY0IALY z5d>?0o)d3Hl80fvyIx_pPx|3|EKe~5hDmHk92j8d{&EF=AmQjoyq4XB2J@&RY!%uW z#HTcnNhBFN!D1Jx=ONX$K~Tt2r~4>oJTh(>QWC|!W2;R&h`ZUM^cDd}z)AOh#)HA{ zijhB4H~_9#zLD7n&eP#w8iW8-oz|tZoRRAXSD_nGqjIg6USn~$%ZIm+eB+^bFaJSc z{O_~NM33mw&VH(kS}}$>|4jhq6w}u!RflCwwg9f$_($ewk5^~S8+ocr0COMgtj)Vp z?12N{e42{Mrs^n1v{7B9oaV_2v(KZgANf|Q(=7KD30%oQX+)DgT4BVF>4ffks6M{X zCu2Te>I19;xaWzyRt}+Anr0T3c=__@qe7}ErUJ5i(~!cm{^p!V+yHdz>sg^PUnz9d z-@<4+9i|i)7lardFGhs~P`o}h_#v_E$DqO$k4*X&HeGh)puo7cgbP*bEahYeh%uta zf?9|aB4yno0v3zkKh%f4n+7L{7-f0v4UV&$tUTOxXk(4W9dcvRg46+S{`YsmDR)o$RP3;090rXQB z!1E;|uK$p78C~;OxTY$f{pI#tI`I#0eznVCCSC9wz!*ikp_rh8Ojaok>JS*> z7<0ki4h{Bn=y6{jfZJZP3%_g75)wpOph>zqer*rY|NYtXkEWOghJx2%V*EVzfBq$g zsRr1;l=j!ztDVEQBCmYIcE1@r-?y4vnpzF+$WqolkNv+BU&b+qeJy*4FwML-7i6gXSU{<;#=(8=zFZ-ZjqRFgcK1jS@c_I=j|eCNrjOoGDU5 zNS&1V@GZA`upJJzOR2Ib00z<`>;Em^BlQme0pv(v>XNig3Q z)iKuWAG@9V!W=MjB z2v?fHAd6(){SQ}&j%0~NP$ml2Ey*zv3KqtJC8m>Z;XXkF&la1E)+5(ml>1_ow3eV{ z|LU#Tm?%eb7FVADg_3I!i|sS$mbAlao3$Xw#APdSV{{7DXM=C<{jN&P1Is3g+b z#!PP1y6;OF`7HKWWwg&{<3~x8yFz+h&g6Yl;|tJ6B7*}`$QqW@L8>QYFq%eGrQ|!@ z^)mpT2sYLBl3g?xyWn4&Qinsp_-&+zwS$j|VY@g~NTUrA_`v`AymQf%{jhG{x?kK@^GzB0W7D-Nvuu6y z-JY|1k2v}Uzra2Co3RH1XJCBJ7xqkArqgENmdIvRZ7?fKGe=Ek&86LU*q6Kb!D^g; zIn|7$SjWMG7kwui96VbXS-So1z0V#wVCv6(0owl%lU`1w3&xd|tHn>o=snS_oIRsi zlpDhG(H(g5NpGytAy3z+h^-HBApd)42X_PHHr6+K?di!nNG0J(q{0QA*+GlCOY4&-TO^UN>+vNJKT>5ZLdY^p**<)JSfD4z>v zF{BO7v?}IS-FP{k^4Ipc8?T1(>cOoFo^sdt%{BLVP$Ot)t@6jG`;H2bJwQxMV1&L; zuGj28oH&3e_slM`my(qLy+H(vhMF;eHCSr*d1QH!t0BtJy;U!$s!G7T4~#&@@Y;_K zM@c3v=1{Xyl6SqnTB`pAfuT>+C#^&&?PA>5>vI(WiH6bBO`f1S)4G5QGQMZ|n#K0) z_OJ&0YUGm=M}h3+i<1!9*Z(!hkmK*2K=ikf^=duI2h0a~yr>f09VjP?4;u{E*{+#; z0DfophE!hb!rGAlhnP?Op&^aX{fj9dj&2@|&$e!Ux!y4xuR)f(om3cpK_VcAo@_v~dJ=`(5l!}WtjHJLv24H@x1XM!^okDpva zzE*f69Ps(*8;v(F&W3!&^0;bfDpxyyYa-Y`AHBCoED)S<OBInC%Hc_u+!QC~jA;*W`n z(jzuSMrVHn#F)mBF64GV0hIpfpFMcw3(SuLbk2?w@u~WK=kGQYN*fHb+#pGw@GUD> z)a?nvJca^FS-w&d{@(D`rBHz8hDX4AN_iN|@vGq|j_FWdp^!X3{lMl{){S&3GfeVdh=_{Lob@QKy-4|klb8m^ z+Y?oDI#SC0$pnv076Ok=c4ZLoHc7ZaA5kST|7hK*GWTPk{*NAda1b0q=DcYpx%}Y^ zC4SEy-SRhl=zL%;cuEUBtRGB25UTinRBlTiJItL3y~ejG?v9pIW%3*y1P<4^ZCFs+ zR1eG{FMJ1!mH?U7Q4}}~Pi%zp&YS@EJ*|0%jHs#72Td(%Dhvu^AHdMW6bUY6_rO2n z7yY**KkKKMVR&C!wm!A;Ni)m=B8>*eD0L188V|M;rUUB+SPRLJJat$c4@OCzlg-Z? zK6-Q4TB5*K`x>IU6{9;C>k+VMk3vH7;qB>YoP^(NB^dEXZvm2}P$#;};UZ*UvMiD$ z&@+Ee2#z7y)BS6-zX6`JgM2s}@TGGFKHPr#pn64|u2=0C`p^}1AjoN*CH=ZYn~5U0 ziw9pr+rCR~+h}~|uT1USkiMf8sEfkZC{IM1(u>a{Hz=6li3h$HBC8IC-l_sb{XDrH zP_^PDk}u6t{%>!eV?KfRX3+!Qn;m8mwgyjPcuCNojgaBeCKKw~{hKmuK7iv1hUMOB z;CGRuogIdg`Ma`39iEXsH4Pmq-EL37?{zD#{gwfK#DDztK$X-LC31%+?nh*iNHQ`Y zm#kApaS3`**^cms%K1}-#)K31Nbn()lI7LRw2+)*WCS&PEtPYsb8gonRzV7sQ`aU= zd72W}StN_o`XsiEG;KtHxJyNK$buR)D%5SAGCm!w%yn%mI26?Z45dO0naa4B#(DAjFZVS@($&d&&i_L2a#FP6r?~5RaOiu_hQ@|-=gh&{_6?y z{GF=PZXz&B%^%^&Gh~AM?cJCq{1*a*~uiLvGxvca8T`b!MAByk_# z>2j0xWbI~^JmKvVJJa5r{L&tt>{jivR6!|!{cwc^o@6gGkk7uxXmj%&a5x=oX2HBj zw>zflZipZ6NEg=vo@vpAeumQs95oY05c>ELBT0#>lP-+m9^Ea}@m~?cKf|wIK;nv# z(UT4|EHH66`vdJKHZl>*sy%QZC$0jDRrXT6iwh(Z<2Mq(h9OdA@>maQ`X+* z;d#GSb3Iavd1Wx3q0+|lJsedx-VgI17n})EfOrGjT(EYcm|TWvEs+HtWxMf6UkoFd z@;-;Mh7~@3u?dBIC1SOf#110^8VKB~MMVEgg#Ds>{lK&~v5fhz*8MITRx6S1=B`EQ z5aJDp{Wj8oFGDqHAOnERx&_H`#Q+ujKXv3qqLl(q>P!isI*TVmQZ_GQ7}<2A!K1{d zDnN>e#Zmi~|F+?ZV4Vv7{|q^=Gu}}g)gPvBn?xZE77jdz?(cr_4Xa6xTBHzMy@N7L zY&?AO_HO^x*zU`{oP0#t%{QT?50B&!5VH$lDM(r>U*keM{K;S3RZnbHUg$maXcCkM z&1ZcR_D<)7gY9=-JUV8z0NC(x`~Z*Xlm(CJbZ5{CZpB9oC`9_GEV|ty+f5baE^~;)RWC@#608UL1-$oL%~Vea}^Hb~`+oOlD28lAO=I zsGj?+WAcdhs#il%9kge5dfw?CDMKf=N72-u2W=iR+G?==V^+ztZ0Q#&7LdmOKk( z3c+DQQ_jxXrxTIlUNwT8jr)egT*LBX9Q4XE~VO{ zNlN^8G-UZrLvli+xY}KaiMDCZuM-NMpL!~#rqYsN0mW>(Z|Xl8c3XT@3zC+$QbnhG z7DF8(dx$D;qtdNd5P}*l>G^<+4njaN@Yk#fO5@ z)UjD$dYzE|kgNWBNfkt>Jc}(N1y((1{~yD=W7n%q0eTjm>oZM(VCpg>qkmyi$Luixh#r`zS|HClOtB1Qrw-RI#m&x@LKz`yjJtWC+8Rxn1qj06`I zi2r=~8Joth`2qNge=0n{@-9c<{~Fi4_Fan3TEpBn(1*Bkhi1bjtli(|c4Y8XLfjG} z^$x}E7&ok}z$kOy9c>UDWj*oTeywixY zK)_Td`SX!K$MH^vRwKhEUINMr-HrLQ9m+)YzbD%xt3IF0N*upXP3=LhmyTGA>k6hqOqk{D zi7Zk!2O@c*v|938A(z#ArNcX(jX953zozRr)EzK@)@dH*#XqM)gqiXVOfhog*Ss+u z6sKt5;@tDPO!KBlRQbCIK~@$^!Wch-b6MFiSritfnzGbgVO;h>rYV!{?n*tkjR+wSLnDaj=zQ<%t_C(!Wa$Dj1Wm2}x?Tl6<*b%JT&lf4lLkx9 zqP%9+TriGZih1>tn^zBM&Yer@+7>;ZqBCqVR0WtMXB&>GYS%T~qQx0qC2km1pRBBVzt9z1Lq<><*7ghX7|Nko)e$jo_5yp}DR zMqL@%{1(mx8A0^l$p~!q0{&ABc-P8S2Ge}qz3emRq;OXahhPysPxZSVknrUc_N+#? zC^XZaX~jg9cD+=!0z0)9s-CpNFBt5FfNJ|MYf&+^;Uk$$ZF+~CHm&{Ng&-nd zA$MHSUX$0vDy!reeiO8}`i|Y4MGg`C9xAlBlwqgl7tk&rd4g(ufjuER&bQuTe4JVe zVy;psZXn5;k7USy7mnJr&Xd}F(8RAao5*v?k%G)W0Bw{vt-)I?VT~JZh zqpwuCt+x*|S1(}#TCRUJ4{&W{&{ewvZe1H~YDje=x*%B(a2frlC5i(qf9Qf36vVX$ z-P_I7Z`W@<28jAuyZg_svm@e0JdqPFpENn<)B8m)5sTV^JWafYU{YQ{M^|(CeylG%^n%wujJd)2a??mr-FV5mPDttdOZEEE{`&+zij156$I?;S?SF4G;OaqlM^Cz4!+3DRSg@AQmXdv5c>VD zyuL&_dN!c22+xahUq?Km9y06EyI9tW8|{+ z25^P>Js(u@Q~b|nO%Wo_oZ$-d52 zAQ2tSS=nu}6J22I&e@{Xm3Fm@LXlD?#X=xDuN%vtc#T}HT^wko7_RgH}6* z4~$}Fo?B2g=EAB|E2DO^s@jw2ZH+k(2&VjpO%l9-uMA-C!V!eQ8N_i*E<_p|7RB_7 z;&+2Vc5}QGF=%GlT9Slgd0si(EfBo_p8UZ69|cV`gqa?4xZ!*Ms2R9Djds8I;( zFy^Z~d-)iLk1I=!F#ed3tP?*ifablNjNEAN?d70ODnkURBrX@=~J z;2z!JlXleuBCYZ%h+~op_mvVi?=th!x6|K;&ibF_UTtsD*9V)?vqbKGmDt=)j%EH% zNe_3mYq@Q)?wGBm7KHz0FX8bKROFSH?cvv9=F8@bJ3829vBpgz_UF#B(;?P3@dgb- zVcn&YJanC*WEBSiPTP>rZu=wztx?w@DSQF?o)VfoaMIHwQV!?IPTR{(`%35 z0xMgRPXM6d=Jd6oy%z9Wv+9Iu3y#`g|v3Q}3Ixc5Hc@OhPCpmz$h38yY z=o_#P#U$W$o>zY)h=HKe=8O%pRAAz!Ail$mCmu_l0);e7DvE*RT{x03J0pFWqKmTp zG)#>mA5w3Im&hiCE&aSyekr>(fagS}K$ibMun|b=EoSUO5Pwf6+47@XS+WH-mU~*c zQ724rB4NkXtCPR{b0iJOoC?6qk}B41%e)gLuOEJabnrkQeraqoZvN^1^* z>*7pe^_Za@$2(vJ*41o$5Rq;HoUHvE>Vi`O%EXp1Z3s?HkWcDqcyG0a@yBiN*qXdM z6IF@vq{b{f0)5rZxW&W4p{Qu0r)DLTPFk7g?W+k-BDTCaiz1=dvcGPxX-1^o3)Hx2 zj!cTH`regPAqVAwRNW{(_Fckp2ImRa! zyo3YQ{k9cl7VbhQIk5bMq>&kO^ReuhL*d%W+uu>puipfHbiu~gN9lk!GP~!gJ)F8M z=EGd56ssUpti9YQnQ0Icdy+mI_7R`&ZfQGX5RZHxhxd-se(CjfI-9BTaBTvFa7I_Q zsX{G@40LX?6WSElcQEhjFz9feKg_lFctL6V4#6yTE|jalzG0c8#nbja&1Ms>&|mg*Se?TSgPod#&Z4__Tp}1bURfXp ztv4s|87=YFx;CkDrO}^gw2T#Qwe!{Rk1)Y2j>c!QLo+XpXeQ!=MiJq5tQTe`b;7>q z8>)@!o3*#VD;EDBZ~^DNGhDvsOS{!_b0e-PaC1W^sH-bDF-l4)*zqeVk3L7w(p#F7 zS(V;j=cM(61V2EBASLFZpHfF?vte3IZnD}XLNE$L&_NrRQOBw_8eM0z(-EzUQftWE znprqf3{UTFSP;HdBmvu}<+cX&{IU;obS=MwMXNEY-My2T#H#sn-43#-Q;j}?xBO=otpO_Ewp@cQfUo*?$ytkilUvm@>lj-Tk zeC5QYTirPR_pL#m&nRK_mE-$f0$UdMIRQvcyij9n`($>~Jv zTJb5#KAj=beIBorF9r6#7yh>m4{2-|b1)H}WMb+dI^qt4dm}V7p~l50wyfSi4GrJn zXs|$qr11cwqH${(-uVmzQH`FNTA^$W2OQ>HgJ)GtHr#WM%>yr(L&+07K13b(uibJB zM(a zEgFzj-!zXIJJ&mutDY$rC#-Psx37fF>QzhA%%ED9&fyzgUKs)~1V46H{l%v1a(e6v%eyvtMmnC+` zvKRkBV+756VKb@{=5wvd!i}Ez+0C$8MGv3I_m7GK`ht39#4{BtnXT4mpBdG0=gPyq z=nZyq^JQ&T{2&ukFQc!`%bOAa%)J{kQwts}k2pIAHa^JjBC4RO2HY1iPUd%9q7>wI z94ll(7#ne0)V5Y!ZEw|yaIrC-?|%m^{BCmLes4-cBY6j*6U5gw`Q_U$=w)2T=$f^z z1DMXdBb2&rg9)A6D8a#w6VROY&Sq2Mz!}xR+j4MajG?Q+;5f$pi zC^Z+RBpm%;7Vk;kg$D_;_i&*bAo;9wv_{+0%U$}W?J1lQaO?0Ge)(9fi@pBrd8wS1 z(B6{J3G?~}Us=ijQu6!g=JNt~45P@sGd*e_wvnGUGEN^bMbaxx{XEFX690RUK$5B- zTlqg%*5MUp`Ft7m9WZ=xb_^yltA-)Mjz|57c)XV4d39&5VBF~2IuzKx;cS#?d3xIZ z#Y(5f;p1o=8e!0A%Ce0e+kM2+Tf?1F%!e)hS<^_ie(LFal6QesB4q+4P7{C@%|&U% zzB66t=+C&BbWalH+eueYC=?Uo7>V}pKH*y_klINtk-`>M?dlwh0bg>5(ikl;XLK}ryWG0M@f6L|dpL#vdxFXD@G~mv zDyT?H(v1WI!Zo{t>p<(mPy0-C1`FtF?iGQIig>7o=5H$gKR0Y1s>)xM*FCJ6i!$66 z`}h%hyc%k!24-@G&1wyL7%F&%k3MDaRjavUOL2&qX`H#y8g>QK85OG(U6__#U+0y) z!1RZ{@-nf#YQy{6KD#70UC&aB$_wzPnLpFu_^UYCC#;c{yHJ2tiOKep~tJR1pa| zb?m$xO_jWdkXij(fM6M(!aMpG0uS6Al$*3?eao#I7z^sqD>zG7J$d0Nq9o_iVC5!{}>B3bs_9v|Gl)vF>_UKJ%z zt$n3*F|lpklYHes%C}*>N*!FJl~o#=zy;b|6T4#XsKm3N(TTQ(_S`6xEcGl?@?%BB z8Sf{qs0ToX;oRfyi@qOiStrjf!BT|8>pl*_9mK9tD}zPgGl|+d#~k<(LcOZNS+qNC zN%$ocD6-$C1%-~svov08J37c{$1rw=PfXU2`Ha`Z^OZMh_ZjYaHM>)2y-rC>$uv0% zcSSxj_DaT4rV$7!DG^BEOe|p`lyP4iG*%GeiXPFRtI>b4XC}UDk6*ic zp5{Og)YAjWR|hyDqR8-LN6jR7gkOv0s6Dq*r`yWnEa=K5|WDuHT<3ezi3R-O+^ zO}wn8Jq{vY?~cR89{nd%|L*y-C1Nua^m8)YfS%tUky6e{$zi!#%m$ zjU8VgTtb(nP#J?!UX}wiMIXC!Qr(S|_R3%fojLaJ-wvmD_%Q)%q}d^r zEB#<^vPHi*=XuohXoRj3E9e%-37aL*PjXelfb#jlM8BlKgbzDeD%y?w?3JY8%lo7 zEgZR~eIp@wD`uf-OL&`2ah~g}$ZTAx@>hCT_H45I0qA3%ZR8I2wB!6%@Z~eZX3q6Z zVorYe@}WF3hi!;H_O(52_lBaM59fLt&*-lwyHmU3w5fK^oVzoaHelaXy%n!qn~yYU zOFhWsJnA>gm-5H#FuLAxv@nJNEwFKOJ*rXM=~2v-T>V+PA@8Es!+j6L`y;dz2nb2i zBdgR#W;~Ud70g8uEZMzHQ1E+u-}fBiq~6WX_1(QLeW1Tsn}am0YCXXyKBlRf;n(dJ zpc~s0Yq$5{l-}R%pzdlLfW9o9XuM*?D>KZn(OXgbo ztNX)o^>L-H)sGgBS#tRW7#Z#mk7wtxeSh(_V<)4+F-u_>~3ba3?%P$I<=j zT8Ub_GvPVQeC>n3xGHVQGRN?Lu*ieuS_sR?5Ej#u$4VW2jZnfcrQ0DHW#NTS+x)@u zFBr7g7EVja7)uL0vP}<=KWYIdPRZmS{aW^{_?Fg;1d2;|&y6Rc7V4N~u(d%`@7E|~m@B`W-hrvk&tx!k(8pEGGb$)VQ(;&`kI=|d2W}i>%4w?=y?0Dd#S_J8B zY->s~rNavN9#}~_BBR^VG`d1?q5J%yh4dwoNHyc_^-vu#P<#*<4|yh~H|P6U%8y|m zq|)`jGkjQ2D&?)}_;{&W4H%w^`KjemNa~p6D(3lVC4*)#F#}tcwTthm1y0I}6v{<=cNtzJ;l#co7^bD9X!};!@9BH8ROE4p z5+VF^v`41PHuRts)cNDLNnLywNNDY5FYPAl@q!eAYDp8YCOrK`AKdV-3eMw&3i{|o zP`Nb|bh_u!MTLr#1q~&Ne24N;rp?Oa#TZM6}cj5&t4Q!WvVgVl%0fVn8_Kj*f|xKVD1Nx$8gM1P=A}9H0gcvm0n? z=?ZUie?pvGZXAy;U>!9}e{U47LcYkCG37_LZJi-Oty)Agz)yD$OpuF@@J{Rfe1CNIGmweavs3%rs?- zH)0T9@!a}+y+zS~!Gpopvy0s5uAW_562wlwq;p+po+WB8%_F&j+)%x*rwG4=ED^I}e=d{#a%?!fKNg&NOy^a`XiZ#g2zXl@m=5fl$8Z(!5}xxK!{q4l2Nn7KZO1UAYGs!IR4v+z*H{~i^ofl62Pz%qaKJO&&HmP$}y;J z42QM%n0M2?kN0N!NeXwBaDRA3<>lNT#)fH4#rdxFW}Vh>4>~1xedn3+_HaB#P>pBu z4W|Boi7aLW&?GiJ(cZM zBDSi5?qiKFZQ+!zT@D&0%4Bh_U9*ezho-$OeaIu%B<})El1>H6SSyld^phZPqMdUe zQVOI|xf~4b3mvL>{KKf9GFcz8?0=dh^NKKgyo@LUYEoevtan=Nmfv=lf6!mm#-rUw zW698+-+UYC4%>V{cih|k*IDnGAFXL;zQz?(Y#-PcAIGM`H(O}I>c??{m7TiQ@6!+* zLf6xf)3KkW+z>Qu$Kc=YJ=>|j2_V+ppBp!{T-e7Zr^OO{-55bQaC8Xk(rdvVJ^W%M zz9}<8%RsY9uiCARZ>K)L@YEZ9S9xc6g56g@Y2C1U#7w%@2y`?AOzmM`9TU zYtb67I8XV#ykdp4X1bzU^*c_)3gUufs0=Mc(>JyAMH>xw(ds+bwL$;I;|KL~x2wY{ zUrh4Vg!IAI6;|jkq!5iuEbK>iJn8!KPG0Qo5$~e!aBfz(DvU2PSq`F*ZYD`dP)-U* z1BTkdtcwQu32jI#Vf&iqpM!KMex;khRF-MPtQ zqazZHWG$&wkD@oCU@du1+gX!kamzdXVsm9Gq26bc5t9h;BVwcfl<@c(1wl@0(gpDo z(T#L#^t~DVdxi?DbReskaU!dw43Bdfa&QPMixqG`wG_w9DF1Yd#u z%Y~G_Eo6EGLh_LeLV3|w#1rEuStpU-P{B`3WTX#nj9Wrv|NeT9QYf)vMno~-|9dwL zDO6Zcz9Te+2V#5ce530othg}tcmWC)@G%y0c61tzJM8!{Vf}ZaZF*0=_u^2&u_UwY zD0nc_*GutD{d?vzh+d1%i`Vs5!zEe8De^tfOXErXACosf)x$IF`J^Oa0r5RQb*2UMi{U08lNlp5vPHbN*&O|1KGzyj^GvEebz7e z21`{7{slGme>aoWW(C1TS_j|7LD}?S1>84DjiulwzaaXjxBGI0GykBsjGAarpf6@)&z2CkzKGb=Z)Azwp!Ln>KK84 zo@|DI_&6_iX`~>wl17g|2=J^KyGdnZQ0@~V9-ftPx4q)}(}dg`oa>*yg>)WCrowob zMZRsrj+P()#e3*xgXe2g!{>F?c<5a~n|{$e2`kgB)A#Q9RVDmf@eKmEs-%p1FlC7g zd*=rUbOqMKLrt?l#q|e;sKYbW=O+jZd5~Fnu*wWq7pCVXhZ-zucwr+H{+H2K^b*qk z71izDREb{dL%Z16COAVg4jeZQ;Hy(}o8Y23ed>dUdSrSAi1> z&A=1IUBM5VQX$Mf6<+XNGEISdCyc&?*6Cu8JDVY-e0|(x=#q|CWtHk1lGetEQj)0C zBHPWU5q}2$C9Q8Y3;;Ic6o)(-K*jZhQ!!rfiHPDu$^1v z;=n!^Uio8HxmzBJVLSZk;OEjF7=7pyQVGS=deq4~n(=CdS)nc|WcWJkw^fpy44qy@lCj)HBGSsf)H8MvrpAz&8 z5o&z>9dFBW7u;wLBwr!)H0Q$a`>{aXiBdBb&`?2VhJxn#V4(Di(WI)GX+rKrO`%{9 zIi9_<{olbd-u#Xqi-k|4G{WcEBbP;19W(c|f`nLW$CepS_@}ltbwHd1 zP2>=9dRn9?=1*)9_qFpgq@;!?>$Ks1@YKk84M(VN55+`V>|&Ib1VksTcSLS?AH$D* zvSrnhlGIbf)2=#&g}@i-t=f5~R_&I4buf(eoW%4$kS=gCaab$-iv3G0nBnqI+Im+0 zwHYfTAlsdul{Q{BOj$35lE7?r5%8ea?MW6iN}wpv^FaE~%744W3J&9y4~Qx9TDy8Z zrdQN@FDnnF_S+CH?7cKKe%Yz8jujY!{)+OaH zG9QZ?T{>;GAeAGp9|DJ!)Hudc798`|d!K~yLRFY5_hY%OS)hX7PfJWUHx}s<-rlC+ zv{Z!La-^!V=CE2())fZH<(CLZGdj7l$mIeLQ!c3gi0d&&PE6^n+VfVEp=@=l!Wb1P!8t5#fHXsEHN0x(gt0ON zA#&;vLAZn@F=^_OTDn_l8ZoJ9I^+EBV%W^yww3Tus{a^MU(^zpkd*=jbL}GS_1$8$ zvTt}sdGho)T6qB6wqU-`m-A0rk4FQ=4`mb?7W|t%o1nge+_}++eq{$_l3Ra*02u`c z=z^}Z!d^$;15NXko>{Ukh)C4b$U@YaNyRC!OtFy6unN@@C^#h3Bk5zh|CfCMmwe!t z+bh}Hm z6t!chm{1R2nw5eq$N(mi$dyD}D}&TI7)dqqBkf|)9xsW%>)#?f5d1q_N|8hT&G16$ zlMJm+cyrIt7jT;#BdzA`fCX=^=zuQ-x)#=fDbIAn5@yE!H#@C&xdw#O8ZOwuYBaq3 zQ@XajkEg3_1NMSwR!$sfnNVdxsAJ(^^gwM3pjmQDaa?f+q>yFQkQhRyhhm3&5>aaP zqJApY`suMXfimhtH5v4$BK$o(_Y2PZm-h#rOS&t)uzESm)HR&JrmR`13q>Nl|0 zgwA?;zZ`+@H?v}iGkj(FsCFUFw7_LZlXQT~;5JY5eLw~nb3f2x7lpv$^qjT?KnM@Y z#AAdKYAQa-^{M0Lt-}7zY=PrWtE}J#Q12P^m-Oq2>jUlf@uRj~D zNk1?FTkP^B8lkDV2+JFw5wLd6K@$1M*XD9;K)9#p6r z2G1Xio+8FUO`A}Mv$+VP#D>)OD7;|$6r$MXWU1VMk$!z=LrSA83R{Zs+>i(KJS&WZ z^3AA8CU{Hq$=SP#aP4AaK&sLS#Q&AYq;BV=u3CW-j|S_iw}l==FH5@J>4s(S)segH zbCqFTJQnxTLuX9=Y> z8cz-6=6e8D{s8{@%f3ylEG2tvr1tb2AZ^GMQJdulsYiu1(P;F5YGp9zqae>k;bZtm z8=d62id5=5dxK!&(+7eNb^`2$JFbqR3Xp8S-wP??sJ;Oe5#|DdV>X0UF&v=U7Po`* z5j+7SRM&%?q}Yjqs!4PRsCr^$A@KiGJ#k$Q@!H|&IQy=dQa`JXF=t@`EY^a6y&3=d z(+99HJG<(c#wF3q1BC<=S>WD6>giDIUg4-kV zTN##x6+EY)e22RGLs;w)=u*zR4UY%cz-lpPP%{e$#IDl4|{|K8M(nOQ_f^q*Kvp;db63-cD25#T8xE5B2UfGx* zoFJH9F7%FTtF}x-V-wLkg3AMRTg$Ux5|V^z77WZJYN=wRP)39D%T#d`S{EE^-y5L5 zV}Z7LQd%F%uHST3dV?xiD>$tSx`-RO<)tmSv(avdtLn;`M^&$<_IH#U-XCeJeO4Cz z90cJBT#xdHlm%6%z6f*^!@QA5bq^535QdZaK#?);Xh~^F!H|`bIYY=wb?sn(d5#OM zZespgq1#%zctnbqAoPE=a0LWpTf9agKz54=+n-PN-KFxusuKuIAGByszHtBXW@|yL zi+<$QLXYeki<3|9Flycod$LmII8l8c)K(MaZ{mCbRcZ!cfU&!(us8FR67gl!uyw!7 zd{MyX6a@QWbW*{ojNnZl{*ljNIMf>!i;DXy{w@R*Z0`|_Mfa1; zvV2q3n3jlNnuT!>un z0G0J}K;wh>1=;miuX=P7ZSol~0jwWn)7`XIdWxP5_=xS5dy(Z}3->UmSf)Q@QKenA zc8ml^NW|EkQ&HLO{!5gXTQ)fJzz| z0rlyeyZF)qO*=+FF>*S#)mVy?vghtC^|*XW5O1_1r)I0U6n#gaT$#&PWRpHV`)G)x zKQd66c4SehD3Ypo*GiO)Rm)k@`Epa?6VDhuyg*{}1Y2q&f2PIm8Q2!OGQ&FAq89ke z2(x0vvW~58h1=vectSRC#-~T-MBbhqJtdXn{@SJ4^ZnwM$5CS?onr+CU7SRT>B=do z50cCfY~wBAQloyw35@A#CmiWj_E1E8EUCn+_`48@!Fpimji3l}Hi*lYViD<~Ar()i zAR7mQqhJyk8dF73$*6x&=v(*+u|x;ziKjZEC$YH;(3bcM3mg|jJLbAFj;3dt7~-VI zw75HBI?RjJ8=?_#p(|R17>~nWf_H+#@#$%vsFp};(OuZ@wl(|mh=Lg;)f?1hF&#M* z*Cd-+(+!?rOadkjcEWr32TW`wmPD)6WljVoA>jgCnsF%vp|lK$mCuNiB^KOCeFt_2 z*~<=kJHYqLp1=N}(Kvisv!8jr7|TpHT)7!zu25a#JMi}g-VbrC&(ZgGbqTQ~ah6SF z6bwjHS`O~95T7jS9q6L(_kO!I>JOunhMQ{vYqu_X;!tr^VT|g3!+eDm_zD=dz-Ec< zfnoTE-VchrAX3kFi*x2=^`xA#S8%);_o%XL6umDyU3>J}lL~4XnUn*HaOD(K-M`H! zxsNZP*cys_GQY?iE^=NNY34LIZvNnNwu}~3rdk3ql$D1#eahCJZc*z4I8*TRpl#_W zIuJQa$Iga5DsVTO-OA6Q^y2Lz2#Zy}!jr=Cg<50aWh;6ctq3S08SO>Tsa?xFc)baH zp`g@2Y@ax6bmz9x#vk4lR!BW-1-sEk#}X(X(OLX{z5hf%P08cOX5zbTT7L>85cqD3 zTV?|4TNPKU*L~SoH&zZYLQhjZ&-WlUNOgk+r-RpBkGEm2p zFTvv&kI=qTDMpg=RRV7fz7^(P2W&_gJXugVSqf`uaIe4f6)7`nvqjb}IeB+^1{Pk3 zQ2_)L)#8Oav;@c36e{6By4~qDLq39D(L^rvkyM@7h738ppV44rJZ#_wSZ%T(RN-6C zVZX`{Si&UJl}buN0=QHHx-$XJh?U_d3@ag0oF}luH^-KLgwO0-f8khr_*K5GaUCIv z^~YQp?D7Qe+Pg3X;5#p?yaNz<)L$rPOKyQIGc%}CQV*b8f(HO9) z>`GTt$I^V!N#e%A>}RhUyQT)Kj=uSl1T*bKad8}0h3TYmqGJ`R5_V}R%XkXquIGB# z6F@771@phi*Ux!=3|7aP*onFu?3*P!Uv)?7Rsg=ZtmTCh3y9~;CfI|~1$c?p${Z>D z;if{i>5LBN&s3=~dzq{{7j}!$q(o`i_qYo?xq|iwE-P#3GzFeMn>@=|Ep z;h^7a3c*|{{^s*1%Ro?+=s1m%{I^^?(W}sG(;PQzI^LfT} z9p&#EH{>b>bX?~H!a7T_TK{uYJk8*)Gw)ZfAxrE;mOwlkTlKyoek!$qtCat4q+$XG z>>n@#`^|?@k0pn9lr*M^UVL2b`aAKmeom zbiwV7>>-_1=;>R@E85vX*Rc|(nW>;32>o0dy+$1qjiml62M8&R);Q20j@yu{Q`aHQSarOcvw$&RCzWqmv zo{IPA_;M$YOshXl(FrsU-J$TSkd$(jdUZm$zr)4}VtOUaGn$kR2QDr9^T-yy-Aglg zaWty7SWpR>u@xDmQmx=bcQp}-VZaQAG#;>xZDwS}3pc_{{@-H0g9&dYyUl)$+=bj+ z<=l2b_kID~!wGyd!9fFAO#rJy-Nw4G#)s^S;`l^DeBlL0{L35tp)+H8h}1P~pE7pI zFNn@weXi4q=$v(Qrs+XY+Mhf2A^?=4mG6J|k+r1N&e8cs=f>cLVH0DB^R;^;?fKjD zY52{=h=0=C{bA}$ft~DCs%Vd$x@&x`AMrDdoHPv$_f5hv9&nCC0v8<|H@!kW8VnxN zW+B}_bfVcHIsCz%4Ii>58+_qv7D85@04)>b3H)eLHs(#p7F#1oICG7V zztRoI-jIS+@a?;RwSdYT@ICa4SI)Bq5_!~Lb(ks5-j$Zr_>PfaXY2;SkuF!(kK84;Dm4-wilId6PzE)hZz!e#F}S0(&2`l3__op2{$yeG*Jnzs_fwGE2CcK1hk;+nKYxkY#8&i5=myjq_^(~pXeH_YYH-BH;MfTTF&}y zgRNd>`H4s(kU7su9^JJ2h`U}JpVK)Wus8~(u3{#!2$DKMFhBIrk(6)4NC&aePBTU3 zFW$EMv7qbl!r`@u{l)W>TG!u3enxW(RMl}62zXm;QANnZ^nYD?`l1-#N)Y7_(BaNs zIF0AqwGQ8O$ZfOpb?;=wC2)H)rdpTWe~Nl=XTgbh4}ZPNU#!Vzt@9?+`DHxReKREw zR8CXkMo5&4=?NJz(i~LA`e4+W>*$5}FB<(kTW|-)$#};nn5~?Dx3MaSv66wxZJ8)iF0OVS zfhW<2b0+%YNn1v^E8|VuF_ON?d7-%uY`k3bR`%KQ1X>4Glrzx*QEV;$h^f5NSf%uu z^Dw70z_;e~6l}hl8Co=oBCVCZLzm^+07V_vOXt%q2CTFGdEC=!r9*x22ZC0J?XbHi zG9tnW-iMG@^QVKCvJR**=)iKn*jaPOC(F*2Gp{pEC^qaFUSRGX$_2UD0+_oO;u84V z(t#Pd&q`P`Z5TA$oO(zM2}y7lQZdr_7gTaPc=yFWOyRN&8p`j(;A7--mi1VU9|s_s z2IY=if^zZw`fbHR#o~j|bQ!RM`gFqo1^EOJi&|*$P~bk%0pnms$DTKkP_g`W+rQjQ zbvVJRUN307Wlrtg_9Xfn;Z>85!|qPfSH9v7@lq>OEm}@n5WXWh@k`jTH^GG`7xtLw zAFC3}&5WcM;7sV-FPWaPpb*FSqD2=$2nvY?Em2DcCxz{Z{M8UcGL*l~KH|#dKbyZI zP{izDQgm1Fb<5?2H5PCea9A78OFf?59Nx#H*hBXYu>6LvrctpQ=RkBHz3ykg*^YFT zBoI&LV&^cCC#^hp;uVoA2zFYMBIflz}n?45oir93G}Hn z_Ft1;c~NnZd$KUuZU!}ZJ17NwP0o@4G~7#jG>%_cH&!S?e2%Xwmh)CoU$cmhXNqfI@kw*L@=1H6~2W`Qz z2JO#UaF!JinX5|H^m*MJR4ig_&mN1`+0*!9dH4qy7Eiky91+HoRv|&X=*AL$9y6Up zd|y#7IM|OE;V~3pGPX}#tM(g_s#|!-V;hn9pxU@bMv8R0d55nJcdxMEKLt6;BVGd) zbp1y`Hh7TC3tW-y6^7v-I80_Gm=8H3GuLsKvV%xd)>2_Y3PXtn!p=sE72rR;4gkJjfo zdvpsIp~anYfYE{Hl#!ZO;*C7DhHZdd4vc2wTSKjV*E6;~*XuX5hj@Pz#7x1`Q>+&) z5W6Mo$G`$G@Gp@TmX*)LB`&ygK|_0FCeBb!Oxfi-9zDA7kiJ+13aNa zy_oO31~*s_%^sxi1`()oGY%V=lWQaz^EgZ@~aCLM6(FEQl0X^FPjCqp!+OXnx zs8Pk|qdIrk8AEyvX6TN~CdKtPlUpPHW|5VyYZXZ%kG`|JP}LrPpPbIHE3INu8nQY; zJONX8lyUv$47Oi|Lnr9(i}S!B`eSYjsUCpkx11_TIa2VH&yoqWvGy$c)&+guLV zEknR?bwk|BLi%^BdVC*%31u9G$yUi-6O9RS@NaI&98^YNxgV;9-F1-tVd>%$7g?cF zd3%Zgvgr%Qv<2|{shQSwsV>e7XtHiubQ5Q%1)U=;A>Ldwhbk(p$v>@)$?w zvQ%>CQYwRxw9DcIcdKsY8qfA~?yr&HV z{w*$XeAI$%*SUKrWX%eV^8f35V#Qw@+QGEs40Nd_+^~MDRkF5{=PwUM{M)`5jz#6R z^EQF=_eM%PrE0~AG%hTqe;YceH>as~aX2VSw67aLugsq2y30TG5C+AT!9ExiqLdCI zu0LCRU6m-{+7-c%lhrCNRZPVGVgX}nK`q;DPC_9NU6Aw{r>NU+KWRG-?w@h|XohN@ z#0=9NFP%6umlO`qoS>&)dqxP7Klp(QC>BG_RnB5{;CMf;rfOvda{NCP>mLqM7dQmx{dKF zIu9!@dun>f9}Ewp`)51q25j(ai{Tn3GS83IdWeLvgG~jQ3{t+%`p@H5l^K0{E()Hm zdLp){1T70Zc)ocI(Etzzm>l26%$h!JEOE~3)iIx1Rqc(oGMuyjL|7X^FkiH>RK^Uu z|DbQvH}CG9JY_;E;}N8*%L!2b?CN9S=B@tdYDB6Dzx-nb_Tl{Qgti>i>*L|TlgO_t zE~wo{;piLdL~f#YD?OdVE6PRYT3+QNv#C+(vQYJas}bj6&SJ?&7>=M22Ekl`ImsNF z1N*~Al(Nf02aa{JKks!MhW-bicxnjD#0=6{fX>33@)y;?LGL&{J#URc$l?M2p=c+O zcS*$Kg;=Y`S(E+iAGN#z|xB*bN$6jcpr^ZM(72pt0@7cGB4P+3oYa?fEr7GCMP~ za4pQb*Q6Qh0Wk2$!6f{1Nq_g>+Q-~;{{6?l0+CV!!#ar#odyyJYe|qmP!klqAq(y` z3#&R<<`0}2Ft)G#Y*S1(Mmbb*OV$Xov3OtN=QPwDHJcK^8^*v|yX0NhOy4isHcf3M zB~wK|8_a^>yzS3|l4AN@r-G$;%`bILd>nScE!e9JsU(7p6X4?vhw>5S>v z_&7SnxM=0%*V^)!zQ59YE&blB7y(=I6!QLY$pSxdxxjk4ttk^a8!Q@Jx~jIRIJZ!n z4JO%%6vHgTz`m_3<&DBY>OWfYXBgxH2Sf+}7?7hMM*<+gQzYk^KB?i5_ePuche?sM zH9Vp0{eR6Te0ZZm+ZhKOL0bLB3D5PsH{ATNF~+-KaYFiC>-!nvr=~|itrvBMQe}lE zdV;f4yJ_+r!xL5Yd=@Oj-uE3PyG&PWFGqTSxy?;i2tDTl+T{T!H>vcJZ-%aE?GAI1 zZT9uvC!y&r__7T<;hsOoJihBkS3NIU7RIwt7ii7ek9Isr9IpxWRaNRvQSW8ANINtr z#3EE_ySNF=e-z1$JMmHK;o>*U;Zd&@q>m$*!C_gW-8P}8ru!RnSskat<0t` zAB?v(S7Q8*n2^{x09r)}T>s|sk#sfk&gC9~cGLI?{0S*MQSzlmZteoU&)Sm-lulC5oo9Hu`8v#@wa1}X88%S3)X|i zw1kHIQmk(VXFGO3$Bp8@%Xl-J2LJJQGI@}fNszP7{o-D1OUr%ku|E0-}(V2$60T8@k(2QL5 zyzb+ZZPM2Xt7f&r9mGGDA0`R6AA;rY8ByA5crd2BRbh3s&ZS~0-L5-9yf4n^h}l+c zX-kj2u#qZ4lAESZ$=cV2EG_!lDAZRPPU5~NC?lI_FCgpxBu9_@k zs^ouBaMnANNh2~%*$n|Wq+5ZFcUa6?g=9A`xNxpr23<5jpZYsUpyXdKTgJn$I2ipC zLj-!3Vs<^H?Rx;i&m-?*67ct9W#v^{COyYqP}HJImfASd6+bvD-g?<9#iAD|(ng{F z%SBpA^pgkI8*rFF1iJFe;$1$%{;*RB}45)*$IK5@Cd*J`_j_kbj zjP82$=OFm`k&1OO{J`TRfwyH-jPdXzISKc*@{Udy*RxeUm-(`_)Mh9DwgUSh=T7k@ zuTl_61OJu^W|$|T=i6Jst2|0TaQxQ_oF*`=&GMWh-u`2bRJK24PUW-zBw-1^_b!aV$ScRIa!V;J1^V$MLjx&=8}1oasx zygBR2e8fL?*G^8J;t>*>)|PySc63x@MqeBuhODVG?i|=GMit`S`2QHNdQ3u9nr^Vx zL9h)w`6k`BRKClMfAK|xMKLf%Gk zf!6&OhtY4{l1?@qZMTmNlr4@QcfF>CR2ntT!h6JFBzB0Sdp?;M8n~0ItqB*Gsvvu| zY@4~eF)S3e)WJ23G$UoOWq=7J-U^?>7R_p%vHcnvs>AzZCfw1ZHQsOXsPAkHNz#Dh z^+R0<1DAe@iqs6tiepU#pw{}SqA`zd^5Fh8YOXZ{@uCc)@xNW*_$a@In7SJWm*A;W zDQrcG%!k|Cs~bDXh1G|{Xm>6`t%^Hi{=IOH><+pa9(&p-{F;_0tJ;p1;BO-|VR@>{ z2B6oGB7T`4r>s)+nEo*p<{UiN$^r5EvHqB}5b}v=vf{@M@Pb?5peLlEs7<@O=?q!8 zYFYNtWWxT1POI+uYS-QQ3m_#t`33LA#txaKddv9yGC3{yc81T(?wh?P&hmQwpn|Mc zV5(_ce;wQvFN4HNFdRl9tp4As#DL*2TPj+60d*ck<}^cUYEOQ0P>mof7L(+b0w!7k z>t&z~2P(4BzeRoBo+(BC&pyO2|v$U3>Fjqe45=#6}S?+Oa6@sW}GP!r>6i zZXHJ#aRBDV(ux6tQ*pMGJKW2i85f4f@!7#EEopfB^Hvkkn47&xM{A%NgADg*~WL_Pq{R>_nCkXT7Wt`Uw8++ zBvoy-tJ@`-)*kLjCKIXXz2$JFToUGgykGIY#@cj@JSyl%ynuM|*t%TYRDnl0A9 zGSoDMf|Mq7!&|^q%RVj$?1Qorq%y9FdRV|pv~Bah?v#j&c^0|Yg%-bkA#t%Td10<$ z?|UTuj6>M_FqKJcNEynUM?bK=`u4qI{$dQt*_2G%!oJyjCT?kCjsNQCWPsE9Wa*h& zQlH7X86{Z2O&kJ}?1aLAA0^(`0(IL_#2lQtH>Li$;|nDNbs`L-b)Z0HRVKFAdpKIUY?UDYXW}yP=uUG; zFA(xbK}yV)Qnr!OrDf#A%CqK1ivXXoTo;AG=!^~wCUrM#OIz@eY2#-a$9QMVgx zG_I_>jd1S=qp%k5(yH@PIYvX12G7Z#BE39_5zx-)mE0#*QndDpN|F9Mq`1#{ya_K z5x^n+?6UY)Q+C=7z{IHoK<{@??mvwSAhPdJlkNl2l0Zp}Cr=G?R#m2uLdOtac=}3E zF(Ikq< zltN!{gT)6a`U=g#GPDwwHLNn-QR!j*HmW?o(#uOyD4(#82Vp~S)DoG>Y$Ne5k>-f1@VI6 z!Z)OTS|epR{v(9NwRrMiIpUj!eT#%z08`BtnWekNN{FlQSkbk_xud)3~;rx#E7a*&1kvJzb1Quh3Qc&ws z9fuK!SNDVtWBN}llX<^_j`Q{RaoRJWe>R3?l2HaeP#*||P=)ic+9xhqzBj7q4!{Jz zAKOQv2pQCnW_s_p>gsq4(_&(G**DwDG$BI)YEtmKm2GX*R7bXnT_uIHE!(f+tWGep z9KAU7q(T0YCtq7$M&n!jI;Qd2e?_b&9$M1R-CAQH_~zyQn3w+Kc0>^W_Tz*i?I`{n zyZXm*H&oBpk-p}@uRMozkUygHi~2s$aZ5il1@uSR@$}DjGR@2M8~nF+ebm&1qZM|6 zs&}mjpZy3(X?42oF!jG=bcPZ@Msad?$;e%Hh5o zE(%m?fjxCZ%kmZOh* zzGW%q0SPZGu2xUuhXxUsQb5fGA0fqzBMh%XAyR$SB*`N`#2NFDvPvR!cL&5Xex|zf zBFZga@bde>^1t&Q%uq_8q)Gse`yITtN+)*X9hO)QF;tZN90YJL4EBE zKh>lhE4e>PohLb}e9EsS4v-hxe2uLV!Xb}P_Wl~cC~2$k&nijHeK10YnZ2-#=R9;s zJC3-GNFNnlS?Rf0^Iu?6e(z5%w2W}IhF^?KXxZ{q$KQjNb#F!aQf2Ab-05aluTtmT)i*Xd7a(JSv|(ZER9!vSJ(s|2X~0=|PN=-gialON{0Fp&TtX z3rmfV9`efI=u}f?t^Z(`qT9cS4EP!gJV(*E=gCWmWgJ#mNXE_=XO`Jw{zZadFigt* z8oP1-=dHCr-y)?H2m6pA*KICR*l*&{WBfiR1}BZHe(o28;<3}_)xCzDqKO9Qw?>V5 zavY^R&F|)6Yq~`kP>h`PVQlNHHyW#SkIz^_;)vFd>RB(7564XYGC^|a03iu_zdwU5 zEV-Qk6&!8KH+xH3R}m6TZJ`ucNQrGSnI0sa`Pay=Iq^R+*%?hKhd{r-H25Y@F^Mg}B|1D?kKLx;sf z5=2Dt(9#m&Vn1j}h^XDuiHEa>9`7l`MFs!ku7SI&_|^t?)(H-Xy8{`ZQx5=X2BnP~ zd(bT{l62kg-O5sSKy{|59}1p=GwMG+kF>mw=dBt5>9@=YPQMRT!~WMK8xbWwZUZQ` z)ybKnqx4EAC807VB!s(5_7RHQZZJHTY8r@y8odepM{n2iUtv~mSUwCH8k2RU#_o_B_bOSkFd#dUA%FXzFPaJ!f!>uWOJ!ouuAXGyN@u3f zFBobcW$BiE^ft z{>~CRpn|m0AM4}WDQZ#mQnfYyGHU=8QGV158tQ9G=`))ToQtKSA@IgPl)3vQ9#ucB1mW_3Rd z>c4se`t(0GE<^Y$&-6njkUnqR1@rYBN#+pLMmc2nOW*wNtzE6Zl#o@$uXe8Y3mPy* zpNK!JR`{4b%BRT4oM<`~*wVgQ=m`6X8p&iPi5G|9KALZKRcKkNjD5(b6+r~@21qfd z26KAtmq0OW=}GmmCvWkLmKcK3dsWhJ$1RRF)(t{JB&+Zs)~fq8VeaYu1@Ds2(}XDT zSv}c269u6DVqXsFJm>C@OQDPxxDZM1%#r<5JULTl34`l|BV1v*6q5%@1~^e3`FRtX zmsq!U9GM**9)Ds`7GVo=6zYe^M;h8){_bu@jxtq_n$a7WjjAEE#)vm$RKws&AtIjl zvt3HYZvX#)^lf6Lg`Fdc>>$l2klTPg)2vVq&E?yG`+Uvi)Yy1Ag_`=TRqZ;sfZP_Q z=wXbKammTT!wEhiHu1Z_9_kpcaqp6F?N7u4L%i0}Emf^kopA*Fph7--w*qp-g^^-% zjL6W3B+JTap@ZH4RG=%*P^j!!m#)xkEgOBu>J~B5%?8s|D&o|)ZS}f1laFDN*_uNp z_?YC1!EV~2X$4w~&=dJqy-fZgnoT&dKYRfsyFhY($)QmhH0(* zhXE|+_HpFftJ`>n%V}R?#-oJwYyy&xROi zomwhE7tfoMVJ$T7W{LYbBRepy{aV4&Qu>0V|4fLq8aWPVzQ$wRM;Eiq)A@7hwJI3nVhZN6*gTD) z5BSKLg?=WduK;n6j^LS+AEv>rKwUvO=F?c5x#t?0)b*uB`nyw5Ysxm4J4bhvqH+I^ zaUb^7pOl`bzhDlicw)rFOj5L{)+hB!ji-rm$`U!1m^a0~e+FyT=)v@G*}#AKUMUv8 zicj$nJWv$>21s+C^ycDf=RK9y3I+b)Ph=ofE11?gC|aKPfH-?n@#_4D{*&bT`JU=9 z-koxJd45{4c5!{YT>uxwsi=V2N?A7jBy=d*lH0#*uZ6&q0R{gd+t!)Fr!MJ0ZN4xI?768_a_8|q z(G8_2%l+}#!1`{yjL@6fE1vew(#)!$43me4OUy|6m_Kl>b=qr0r`x7xo8uhcbD2;% z1rJ`%{<4~Xs7l&f#5%I$lELSZAqGG%B$G3=A51p|9yjX2pT!;Xok=az5 zHK;P7C%8u5US#6JX@dttce;Ut@6V)v20+n(y&vJWD1ouG{K$J%<y$6@vWGGBTKZBda37z(} z(KVlk(qoaP85r;9vHRWEL?XJOCBOx7$!IgB)500yz0E_dqqy85q|aouKglf$OW~f# zFr|UnzAKhWnt2#7DQR0xLq^wZkqh~V4x4Vof>D&PCW8ZP`-)Utboh$mZhmaUjt(g? zsZnWbYM2&DYO-tU(t)vBHH~y~w~<;Qa)L!P7yC}>ZCNHGBQcJ(!rw#IdYiK^yKA{1-vw0`t44JVx3CuQuPL^mzKgsa3pv>(_S9 zjI8|6_vtbW_6TO8!TiU~Ow@DG@*U|0PcMVJ0yeHcvlD^|hKU5>DAcOPyqTq2UU>`@ zkd*AF^A-*hgO>~skHj+D9RZlR?T1XsY^j$ccEb!EA%BJe>W++W&yHVK-FkEDV(DpP z@q2h^6^xG#``HvuxCW>}a)1GFvYt1}tstLujZ%3w#|XRueXE`D{AQ zpU^iAPxkY+V>QB>mFqI0lg~8`PaaMfQ(2Nt!?7TN{HEmD!6f&B-z&E%K0~O8$uSX2&6Ssyrqm~Ph+;hO zB95cv{*~2WyZf%^$7kZ%-NxXi2%`Kn9TW+!Z9&zn)uKHA2Sdl|x1a64`seHahnCSB z;4EO2u<9&4f>d*dkU5>QsJ8T||C6(uiYnX2&aFo+(7!9biH)2{TQAYZvWVpEWS!3@ zMFKLV$Q(KIR#TZ+aLRiJFP@**iCSJo?A;NyVC2eQIgr!MSx`8e3+Rq8KoRO-Mtq0O)0Oa%#FN%@#PVu9Vc>(fl)Xb_MdhXUa8)jkV~_;)=dW{ zQj8D&Fo>3|jvJu7CP$&w>Q#?b1w*LG7{SG*x81HY&XwE(O8y#aJ-3-e$Y2yHAg51k zthbrpxE*-JUw#C&GXFJ1sqJJ`ExIqLD%%VGF6~UXoc>)Ir=6_;m&cTXD z6LI7TSGklbF1~I`^z0WV4rx^nXN+GqMBBk-M9H|If>ZBvlP}=R-fPPCrm}@Z`yZ8% zA_fFe!;e0MC?#+AJG_UC^`vz==6-ri?wcrW?(CnbR2;ZUujhgb_ArlU(#+OC5i*@I zy1npztFv-;K5|X7f+Az#NX18v_JHC_TUqw@=!tiiw_!52i6;?o;X6B>{QCnuZ_VDq-y-H6j{p|HCwiqZGDtA zCfCJ{DG|_EKs+^F+y9f7(TI&#_^gR5xioe9QolZFIi@Tl3#>v?G&6FVtf%lcEZ|-6 zUx&f?m#t6VO%p$e{wyu%7-5`?yd1Zbh$8wd>gB zxKvJ7p*bqrSXR^3ZyeLchWDm9Ea9pSs4YX?_ZHn3K#~?*SfwLkp`*H(EYvm)Am!{Y~g5un`FEaOnTf$?Cm_8!O>^!HFv zU10rTM-T=eUPt+wN{w~w)KUg*-}6Eud&xs|75y9<#O6v9rF|%r%h;o_%_<{yt)$Qv zvrCvQkIGe&$>9X_2H7{ILFs?=D=m%*Ndn(%`sWWQ0J6#&`6fg`OrsVt7*+`Rb+*DC zeHvABG&`i2UmHb00_K5`2yrqdd+2;QHt(XdP7`h+YnEY1=RM+1enf7fXJW|xN<11c zazi~?%jKag#Pa0U!EY8Lxf@}_I)H>=&zW;oH2vyZHZ`_vGTnw8;~!dovS_PPc;#VT zQc1XBt$Bc;)o`(8=rZYlq_<$w{o&rvL%aYfFUU2Bd?{AH7t$Iv$Ut55lZP?2d z!vaO@yk{MB)+T4|CmfMO2@vZziL_#h&oss7{Q=nf@v!yhQ^^NopN|X23iH~bU!Glv zw6*q1oWFc{TQcQBR+Z}Cga-uE(s%zEYyp+TwvD-HR}^N<&~RKh`TM$kp4zoMgQZR+ zz@0tNGnjy2;lG#=eYRoScVhE~r)$HS0d z#)s8=+=TQ~FEW}Ek7rFv=s{K%2RUxxRiay2m%Eqy4;UVhVBiCq9H>$-l&K#xUSrz3 z@dLQ#dBCZIGAizo603IR0X-*(?N&)xcN9(X|8eY1PdcUIo;xX{P39AnZZ?rGzf zuetny2oqQR4d=rYf1K<~9p|7)-FGe-&w4GvlIhgLMM3Kf)Dr`2gm0j_$1P_YoeyUl z9M1;}T1>dZ@E_EH`6Lv)@)G(E(m7pZms`OXjtm??3J~Oj%P!U)1*Y-Y%i3&PWo=XG;|sfcH=9X@Sna4w%(u+Q zACp(@3&quX+%M@!C8vQ0s3)SF9(S)Jh%&x`rG=HZ$~GHRH#RzND<|@NxEgyOpT%8z zO?+^?2KWcrdR8-)qSrZ!9tqVUr6{k%h61$Ta=diDVz~bS=pY$XcdlBdF- zT|b(*(j)OIi6$uSXh2b3|4*wFCVpPIiS2j!=q&ymq8~uawDufFl)c$nr$Q`xp+6{e zu@FG6Cu(e9JAjI+)oJ$(eBVs5F6}*$mzk&cu|1vl_y%oYeioauR~6<8KRUM=&U%mI z7e9F0xA`{=KWQgQ;EUEr7?SLt^kg_QuIrsc(hds(v`!1UEeGh|hPpcE9T)s+{p?C~ z4P1A^10dQ6Hy#9#PqSqh)C8;2Njg+l#)=E$S4KBL4=sM5sv{R$zW6LVBgw!!Dd7Gv zS~qyeMFUQeCP2?wTCL}nRk@e}qX$rup1vRPT8iS$f=&LPKgc7$;hJ0K;A@z?owZL& zA7dVst^Djo$twSy^Rxkep8xztV|;;TbRmoXvqwDwY=?tTlfY$P|FH!Pc1X0zq$ER; zoz~-uB;PhkqX2Awl>s4hCq$QP0Be@zI5?q*gc{srIZMaIH!WiNk9H-!1&OM7II{aV z6SGYMH6wQ0P0-llceyEfV%|KG!lpA!$wGcJb@@ON&gla)9OhK79(1=j6uc2xc7ZIq zi=FHx3S&4WBuYF&c-S9t6X$Y|Rf(QKVn2O2qif5pA zQ0MENI)YP|d){2n0LJ`Kwd=A^_>l04pohu4^JySFOx4fq2Z|y@C22}L;$bKav%_I@ zQ5aB2oQKIpWyN9>pzEZSUp<+~uE9ZqQ0kOa!6vZZAdgAV`xi~{BMI=^xVXffIj!@s zRS?O!&l#IfSjkO#2gdTgQcShVq}v?M4cJKZ8XQBlW+7%ap^Rr`1MH?aI{_$fbC?3$mWB|VxR9XDrE$W8YnYX$<`L`CK8$7z z1F-GngPlf+;Sj^8&Bw#2tke?8NC(3(?K|(s08n6df1Q9)jDgWAWbn8zQR$qCY!z)I z5BXu)57L?YkWw#1R%-$5ss)@gxcSDWpT$a0tsb22$Ff}W2`k!G`O;dm9|a%ln%ZC$ zp>i_b+L(yEJu#nu=5pHW`+T*anZEc%MmTy?M_7H$SOSNjy@KP+Pj`s<^|?!Al(dD(clOC4LPp~WC=NNr_&6?$uN}wvXqvqk(lQxE zX)@O$RH9}DC0VdgA2o;eLScW_gwafjNO#Z4lk&<_+(C%a@yciBUoq~fS8IRxJ?q~= zF$$t6o4HISoHp9$y~Tx4>-yKpcaL@){n!D9%DDwaJ`4Hxs@c`IV+pMy`mzGaT5W7*Sj61;dcXgLKL?R6ZWlHsZehJ%97RK!)*ZlzIon zfW}EH?F24z^fY~NaX&!hy)YcOa(dhKYP34{1oKi$MEG#Ua9^w)_aNZEz&A=!e5+axm>#vDpf}__*fb8@9<7wY0_h4j z3%oh^NGe*Ur@UR-3kzI*-=yc5F--sB#PeJ0_9e=NDAZRU@u#Gbl053Gnn%(%t4g_+ zWt@&^?hkp{7q}E^Egaua+QFzJ4hU&{fc2u$s|>P<0aNK^dN<&Plx(<6AeDY3z+|eM zQtA+{J|@!QP(~#U*`PK~n7nQEwZ{&4T$2;!6&qyX=uX>H_Oqz;>5bKB8M^Vx`lj8w zN53<{{1=CK03-Bmy*|Yr+OK%XQLU@5`IpC*@9Sj-^!Exqe0euH*=@~fJ!4$@dE^J@ zA-7>4-?IM_Ax0$sEyfFZgxaHF7E`BN|GPchNJn4X&(SdQC;Y77;}z-+%p0~1l9+=%)zf+_w|*@KF2n%;suq5MRMmJ5kskX%G05Q5HL&-fL_E9 zvZy!BAE;nap3sn&W^U%tTDaj3U-^$3b@iDM11J z1ki-X0Ejy)=z)nafNWKX;e}PY6`C+~0%^(6c!x_g;Sj9QsrU53r9od;9zwuRrqKL5`79zk-MTLdu`e*jl)r5-t= z(v?mrpI3e_jEmM$vAs`4^FJfM(Ci-tJufC!LO)=YDTF_vL6qSe?JgyzFiR~c6y3suSakVM{20OuPR!TvG6?^W~dxT8~OPYHtkmyndD`!LjG!Nw(cAP80FC{JPpE7zKx!6*qilBj+ zc)FekIu+MGt{1+-m0(~^8rqp)1{4GeGu8S8__!ATfs?C#+X`D(-N2#wOU!$C7-6K!=p2PFQBPqOy2VPA9nGR~4A(eH ze)27*=R7D_lr4fZGDrQ|WCqh%YesfQ$~wOovh0sg-=cb$POQ3RA?95SxWh2+v7kBx z3&e_6w$AEZ6DoI`#7;YU*2?Y_zDzZ(^~~IwDGo&wBAT{XD8)^lVhtY<*uE|=9)C{1 zeu}R38RY+PV_~k>`Kc1J3%@7KVT@xr?>5ap#^1WwxM+_-5avN(IZpY|!`egl2MoLE z;asjK*N>vvFo{z&aVL+e+i;3FxMez-;2{5@pSE9xd%8sb3}DDeFp#X44?fV>jN$Qx zdQB-DbY?Ylrd#he^g0y#bM*f4Wf++iphbjN2;$4|Z@z$u@p3L-#nWXA8_{bF}{ zj z4%C{GuOEl}%CscURz?F9RzwVZ^F*;tLE08fscFsev`2%5z1Fo^&-Z=?^u-Qd8>5GX=MJXb?A4f18W*t^L528_*o2qlP-S~ z#fnQWst~!v$X`e)4=ydL4coef!*xUVIo_%8hmYp{ZzkUnS^{e%+?SJH1lnQBdYYFM z^iSHCJIX11DjJVqDHXrH1m9|jxuQXtbKkmR)4H{O)^UH3!hb(NycEz!x>0VrL&Fp5 zs$^mY*+rp!hQ5_S@mIB6v4f`(t0v4qs^yXF(9gnd5>N2_Rw#6;Tih0!;U3Opks)QC z`{&k+RIFg4Vuyu|<|?21`v9>KPxuw7fik8N-B=oHnTUd}xMK)L!oS?GIkF(GcJ?=r zUFE2^Kuu7hJT1s){@x~mTk%mkkYVAvoGX&H*w%Mn=Q+;*$HWpqM%L5fiH|1T`$E`g z@cHK#sK!KXcTqCB>vx>FZeC|iW&+ukRUA6)6xYUFQ=B==DOKr<{u|t1loF1l-P(Ly zJ>v)q*19u%e%j=RM;}5spOST2EB+d}n-mo>S$;W1zNLJ&J(xcKqvY)xKTa)TCjQ3r2x_cRd;GNNvHGf$l=*= z3L-8n$74+W)udLnL88^vsX_h`-o9U5ngPLp*dm%d@6LX=PCikbs)^^xpC z*m_A+lzzvg9YO--KXg(2F`wuv^Za(Fa;od#(}`v0WAxU~RBc1v|IJK1he3P~nh#b3 zsm#kT8?j1h{Ha>sQtZ4|gvaD3K1u(WyiY_BpWmlP3RjJN730NIR4z*u>^AtOmso%Y zE_G4x%BGw?iCW15=FXqBqahyHdEBs+y1?-5d7tCqKmfEYaU?rpwpOYyG_#NJqoqF7 z{syHaz9of6DHGE`-BvR^EQBl;@r3ciPfGGx(8>hL-pQaDe`RUI9w5cm%2z1q#Cd8@ z-=|c9JnqObp3g(aXSHnC_U&QuEMPo9?L}sPR~DvvffE7uq z4WD~nCsqPM)v|F%3!Do33v}Lnf*L(XA1XkZ9PeE`aoSmlJ;@RJD|pL~3aU>g9I03`5RHO>3Aoyj zMhX>gMiwL)_lR&?waEJPz#Sa%w2VIKF7+?KQ_X)vJ){$Txx^v9FNP?{76XWwDQ0GxePyOByvoUT3#>Tte3(Yc~k8&Xg-b z6N^%}cLVrI)iHSH{N2wU+}d548=-wY2N#Byqslctw#tbnvz~WPiF5clKT<-TQnQ5F zGe&)bfG~L43BpO{FANU+z+gOdfVqaM9cf&|`vV?*JIsE2#UJD9UxMW^caUTu_-zTd z0RP~;ktkRgscPc4@o&ktumu_aAHzM0ns5Wqs~PvJ@_QeZV$u~Ol^*cFn(5{+0|Gnd zFxesk)dNVwY>1B?Do8oVaS`#-09wn8!V!b;;N%sl6 zm9e7r<}ho_CdA)ey@h$u+->2`Wa^_YZZ?b*_(h^^#&wS;1FiFfa^g`C-l6ef)f4>2LEGP4*WD38y z64utCzYmWGy&%nuqOKL7hbIV>3e0%7{gvT=7T{3RY3E)04Ij^j^4b|Tb{FYJBjuDq~Tos+fPt=9QOB0rK78&10*tg^Q;-tiF}DVinq+OXO=pz zkI^6R3X&l{3lY@yZxK_eX$`FkCstu3Q8H~jiLMfJE`I z;e>it!o^Q-M2X(z_~Kn6&8E}YPVOVOPmmFtlI7W3wa>J{gt2tWs5gh=>M;t|`d-fm z`3?tS=;!dULrbymf$rJx#!LqCgyJ^AN)m8vfcV-~$o;|1_D+b++ET}=OViz?Y^A<- zK1*g`f|a7wQE~^GXF508WksgxIgA{#oX-)^B;;#{Tc%Q7*CzmKfYD_jJyWr)fy zAg>oKb}`Y`8E6H7YNRAJ-6pFza>KHv2&2)pqk9YAbL)zuLQ_uxWq_Y`eFCQY|G`!$ zUHlthxMIm7lH9nkZiJD1hxYm;}>(*Q!btX+ls+j3+n8dK#*l_Iq> z7}y2P@b%u>?6AD7%aNB~3xqCdLOV1_vFo>m(?yepkF4DX)38Od^1lm95W~O8I%Rza z>Pw)Kn?Fr}?(E+}N@XVK)%fg(sLdbmt@@`9XXV50Om7bkVh zG<*HE%`~T(CQO-s;cliBC3^k{Om2;~9c3nE91%GkD08DvS&7`U9fa-LV)gSp-XBp;UqHQ^nY=XyDHyo;(z%Bn*2|ofPg6GWC=cD=P;R9(>4QjD}SSA6t>ry`u$i?aw%|Jt__98rz|c0lsc-dOv^Nj%^27DGe> zZ+UX<4k%5_MRh)pEJGyJ(=8|yvw_&`(d4`^$itaA8cq@Kh9>h%6g$=pbfuEIeXb?a z<#3b&V}@Qc9BMGE3{WJ9?qd=K^8A1IqomlPE1`D1UN89fDt?glg$CW6#(iVqGTAA7Y=bT9*?MD(@^6$~WB zK8bKih26QYiQ$hhsYEx?wh8~rOjZK@YeeV87K`ZzR{IvIG#?zlcHMhH->ASFvK?r5 zsT9oeo))+%r&q{GuPcwaUWhoE7@1q8!fRTAJKgJaKy<~6##Qm?yTu={|G8TyaM&Co z1$p1Je&nCiX(Z+dx(TTR+T>t806Wr&q;QC&8RUQOzPxI~2$Ja9`96Pg;xt!L+P)eM z^DN6z&%D2AFi5TejJrB6HPE;BTIh%=2K9eEm!192XL#|7^6I}(}tBeXQRw(SDuxp>b@7_ zO#R&baLj)r)@t2g;_xcj82K+zn&*pbSgEoaz9#B&eq9Asf$jbw)rTU*(2K_7>wSt7)Fa z;pW$`wK&@We3NHf`u6cnquAvwCt_O1?S%4G_D!gtlyM&Mtj+;;22EP@oYm85eaS+ax)9A{$O9B?0p8~-g^rF&womxxYjo<6(ee;nflmq`~AAS zO1omiGb{j{cwMmu8CF7nW0NPxg~IzsOAL_R^~%arx0&G!)#mH=EzwHm-yN2hw&Y;RF@+B?X_qHrP2Ab6uBU}FHtye6^g?;IZCkf?%J@-P16AMHd=7q9 zn_2cCVj6%6q^f*9OdB~IVVIWiqnoITERVJG?N-_s%Z*- zJWsw>KTtMscXjWkxXPJ$wNQM6+UBX0>UC@^cZ}z}#PU#;TtIVda!vR% z(jtC644E&p&8;b-exQ6XhX(q@Gk4v`Fd2wTDl|}AJvH-%6dA1#D1xbo8r$?>VjDfQ zWtcfgZpvjMkJ+bOOTU3PZ4(3(`M0?7zJLg5anj#Fo4=88H5#)oN-tR9)yA453#!v_ zFf{l~o7_C;&)1l$?}Gz%73zI~_LMHQ3#yX^S(}$lrKm*DTQNCKEHqtP1nLtTLKf{l zT*Zql)KgqzZ%^X>62L#K;13=St&-i9`x3Rhu3QYbtiZ(AMLM=IKDE%fnxHvaN$>D_ zxzfyh8mp)*?#YX;J-f3HHle@sfP&K|J88cF+_}cZKn(7kJN|%#Pbhal;Fo6d0Kk!U zoT1fbM?mKM+0o+mOiZGuv8(U&GhFNQumr zpp}gWl0!C+(hE0Z*_)c`MOa?wMZ)j56;sqm1159w&#Q*gu6Os1tM7tr4JP!LHF0;b zf><~kqn&fw{NvYdJ%?UhK}9=|Umq|=Ti+geStvVnRz~B8OwqWqK=oN^O&~n|rE;0# zrgO;%69n3m`tTOjb|(N*3aVd7%M$%bbsjDX>+hy~Q@Ks$?Y-(kK-PG)$`32nreLTe zx&OGs?LhM5nX)}s`}9!uk7rzFg^J~?FJ`+QUp{`-+8TWT0T}9LrtWd z&)4+5pT%}lAs)lbZ<(%+Zwqa^V-hv?^p2;z(zep37gy4HR%u5d3q=b{2zU{ejb-rU!1N7PfDQvNp zS4z+7+@3Thb`r_zsW6P(G}6g8;zc~a_+-+$CQcG-e%kokCxw+ zE!=od&eWdDB_||}gsRG{^m}DGxUURIqGOk8tPw?|)Od|^uxP-^7O^ z2HFNH=%WPrwoaq=x93k4d)LmTw6TW6JWaER&^HV2In#UjgwnQ`kvf6jKoets1pJX@q{a43^k)(l5b!I3(Cta5C-xq=lSoN7LTx zG7=;$=v6}PXlnpotlDgb`;Ru;=gxA&i(7u%s@&|H5nwG1cK3syke3pK24zmdAa5_rM$@BgmD;9{k#IH861EkgVWy z&eTL}Fy6$-ve$jQ?9U$-fyWd^Ll)1}203tz4wx4HopQXQge;`IY=-Zq(se_E3;iY7 zUrHSNN~WQTwkJ=(J~$d>;Qo)svH&TDCceVoG?uOOJCJWf6sB}iSE~X@(m532KGKzn>WMb-czp2xnEK}MI-lq5s0|x5PEM@Gwr$&NY@3a( z#kJ#LVugvz2f*9) z7xO9Lz+JshEVauVHJjf!o*G#D!O`jG-f;IYsv|e{fHkLuCq#`)@rcK7&j`D(&*T9P zRr?wfO8o_WLnEsC)o-HOt!EF^)$=y>dDX?+6p@#en^Thk(@e@XpT0X*kx`U{Z7Sri^~xOQ$BI8Diu`?*JEIWWR<|Kp z4V0jVI}<8$ooqYrt@yEy!z!&w~qxxT#H`*(t!JqCX(dwFX zSDfdbZD*f%_(=^Q#1B0XaAX4EesB;bu*m7uQcw+aqjT!YA^sl{q4NEN*td_Jeui;D zm66KiVTCry*f#vd)_#KfsSg`}To(v@$wzzChL|H@%!bp4hhvtTAo`58Qeu#g9WId) zZZ6QegRU9Ns~N`0UtwqXlQrYLY!QoW@$f82>;7}QOW>Uy-Bd?260M(&0$E+qA76!$ z1wah+4Hlqcs!JVoAcebylu@bRT}Q(Tlk0-Qt1GX$LTa1W7i?qx%_d?D6gvJm;M?z? z?2H-{b5xK(n_C+<^P?86Bat(`LT;Yj9-A2qyK4__+)F7J+~I-ixwfkP0}3zv$En7G zLtsh#5^wH>IS!IU#1AiPU19Ve0wKNlz6Vh<7XJ#z3z60p#?xHEx#y{N9VP z_=U^W!~Uc`*m1W0lq^xh-WKFLZDHTkYt$y|@9~-MAtCM=u;W1)2NOQ51qsXB)}PW` zCxixdkR=scQ&a3qqOZjd%w>nb*2BKd^?p?k9vG~!!eUYyx*b^q6J$w*B68< z?^d6yR}vopR}Je>TosdndOSJhABmKz{exdK7Q|QLua)ty7E}L>${sGfR9y;9^qpB6 zF<3cfE{8WjE{sU&?@RSq-~|$O@N#~8lWC0o;KHKql0Oj~uYI(4m|mBnwbV<8g{Q_k zV7eCggAT3I;>5_`M%`u%e`y6bs! zn~$i_)paHmqlg1#>`edp`BK09zE2$sN&-cK)V1HWUn<6QO_?e%;5+q;WaY^y#jRP< z8{BT{wRK%<#-W^5hFFLjBQ!yof&rX1uKO#Yee(;H(d}dsiZG3AT4ZIJwKb%T@%lL{ z;xX9GlRWl~NX4&vNKJR;uVb^9b{7WgISL6fMi8or(OVbQ>={fya%#b?XJ&V8^&0E$ zX)}2|R%}?A)5Sn%SJxoRs^sq(_;{!uNjkY!1qcod*N;xdWV6=Vg#n0{t6T7<4CAvt zM(d#3-y9aBym(*+nxCddOs?p5>|zIJo%#vvyl@zC$3MW0Mt?^@-V z5a3WSKhO-k^?J=_y5Ajt~e7=@3S88Qc&72XWd`h;ojTv4_Z6EJOV-~W z?PO=+u_ChEl*dbxU-&gfPpxxa@i{Pnok`g_BSzQ7@}j=vL#ymAIikozgHqQDHv5*% zR%&`u9^sfB?X0{dai*cMXtrPL)&E;}{dkibPqj!=FOdH<4uR%v4SMnAM1!#`l|C zvMRbL>2!+BG)dn+VRSxZfDbx>XB{zg3B)c_6U(Zwr7jH3=J`@2UtnAt?YiODR#k8y zke_Zmj;*Oc)PCyL_KkM)*oM#N_TuVkC*VCqY%_fR!I7PM-2(DlIt9-N z1#I|9TfP7aFKd#lz$g6UX$Nn5Js$|tU=CRX{)Ruy&VD2WGz4Bb<8PF z+pX>)iIx-X&AEDxT&X)T7*Uy?pP;?7w0ZVK(jSb=imeW(vyNCYpS|B#0p`g8*teqK z(w?0o^Hc+`xE>ruDKdLZis{o*w57>uTVG7V^3uuu?8kf4O}gF3=J=`A0L1ppxE1^5 z;zF5$(tt21yJNQDze(_q)~o#N)5m$~K)q-E8gUuX?3CLa=9W3TOs1BSdP}SnnJ|L% zKKU+MJEFS^cG0kZSN)5)VZjDl)a(8Y)^f|q*)fq=KsUw{vdRc;2l99(Lksu07srN- zXxB@M_?tVD{&VoPK*m35Sck>1} z%%h|q6z@gzmFx|^^KD(nCU;3}G3~T-8G`-`-uZ(_AJy=q(>p}gu{ZbWHwX_BHjpPL z$h)sFf=&*(?BP=;cT%4^JgU5&RZd}@CN4N156kU1QkZ4z=Ggkw4gXjk1exl7ez|#I zzqE(}R1nSXbY;7r>T%b(@V#xtgzJ(oMx1x%gx^d>%+IcK~XC1mHfVu{f zEcM;eMkn2>);`~RUz%XV_;vqb%es3v-L+@3oWsr6Dbvx^8Rfki&$WotR`5eGxMkkb zkw-@WV(X&MdD-IIbEP&e51{WZjaq_imGB_A2nQg$ux}yzM3~okWp{+KvDVL+rZr@{ zZp{O6Y^B^~xYybJEaa{I(BQ=YSOr=W&K-1WP&@A>2_8s+i)ph&qp=nl^|+tpbXuU> zu|QiY#8rCDL@~8+&S&e5^*2}s2qL zdJSn7=iLxXbk=I@%I0=}Vv+w`jpYgS&plJ;MGu@x$_R(afJxC5&3(j_PS13Q&xiNy zKkq}I(}$qk-ebM80*H40_#p6se1q2%(!Hb=n0nSzIp01|#ue)|i(yZGLz1)h4)zBQ z`@dS*l5;r*NP>yV=om%qD2@am#$rpZc+b{qb=?x9@@w_tg$-@V+WKCz zcVzW5h*L?$Rkt~7?-)D+8j`4*@P&GvdQ~4NPov_aw8rpwd%%=O`CWx^%=@Q5<^QZG_MW4?DcCwJ5D9y7H>n>kLAC$%bO86&P8QLn39hbs3cCF(+tgN5bx2hZ;Cnr(nZK0J~pMQ%}GZ z#oVbWR4wI`<;O3b__F}q!UG~#@?Im3XVF17>nm_7iDlRqyJF2aewwoefl1xF^#Vrj zl`b~DXiD9;zVVy0Y(9Hm^6rJ(#+!8ywQ}e6iAZ&GEN?|W`lFaJx2)B=q3c!B4S$#B zLtm1Nl@}wL4@z#UI6|sNvfvm6om@?l@+259APG;OC`a44*-dA<{n^P~`_`AquFgNL zx|+lrYA|pWlJpvC$oxfGoIMfbsqRJl=*FZgUrX%bd;d;P$3pj9sC{lG|!lBw-Up; z>~!rtx-R7rcjgIQ#e1SMSWo7vGVN}y$4;lHH@@`A2vE#!x^Zf1MRS?9*t+U{|5EM4 z0Y8aEMjjc3Qg?n}}Ou2vfkrpCba=aGTXx6j`Xjt&{kq+8=DH`|y{ER|Ga z!jIvSlbFl*!#{NyhujsX&FdQo4E7Lcqjd=|`#>^lwS6xtd|??VT%$is40h-%{xp7G zL*sEJ&nFYShSk?Cp;I1yve~u${k#Q6k$Qb{HRXoSif!~6Pj(7Fa8ci*em_M^b{Lea z458jh7ykM6Q20pR=@KMMPBJ+u&yt;WAgSAYw&TXzr4iBwW&jtOSnLmk-5bF-jM?YTMf>5N6+?scOSY7m?D=u*5wZ zQzsa;SnNU8i4*7gI^NJ7C?aI7Ukb^3|9d1daHk?41QF4 zaib6U|K>$_&wt(+%|{>Rv;gj}llpGt#-x33Y*~+b@G?wd(>CLCTO^AwoqS)J8>n!6 z%6TWe&=+0}*s9M?NGhF!e`(LM5riLgbw%QF{8+;P69K_FoKSy)YjU6KlyZ`4J~Oq| zOWbu{o1p@i@puQxnv8P1Teg1pVr^YM$2Kvl3-C8QN$)lBp?&{|bDHBBq-cM5^PqK*VmH&+o@sc%VvPWvJ)p5e>NRVSH;KN8 zm3@Vzw^tk3Iq`54i5?RdDIN)lUjI8Y;UJO92Q7|vI%rHi(%^D18-dwztBC|L#Go2V;?laAI ze29`(v`o>R*y*k|fnU1v|(sm(Qe zt(ZRD1)|V3s^=w=(-YO3s-;mV>rGM<+q*8~2T_E!He;SyUyqEVX@d7}4BTjBX@Kzf z%^J2v;Tkp|)zR-qOr-GmVCls0Qax$8ZZmPE8m?XFZE;eHOjcjbHQ>l zi@h)y*=s>?qy{DyVgYbDVmEV;F_AdrRrNIjr{-KImF$<7AgB)ax!h*9LeC1i?8V%9Ek6tp2; zkiRR~3q$lxZlH))Sa%FXFZgOcfEZX~EWL*U2(7K-!9V?)q$+2cUAf=`2Nw85LNTco zNynqA_xs~VWK;OBQ1-cv&j}+!LQia)j=$~&L1O*W%+2h6A2C1N$uhC#YEG?u$xz^J)7q z1&3K_=HzOKiT(Eukfvq;b2!ex9FDf`RW*xeN2X|OOxh1m_;~eUm~lgu0kbtFu8`hl zpSthcUF?6atH~MQ>H8=f+><9E)=8&d3)hdnRHoK)!1 zy_H9o_%9$$**rQQHeVq>XRJF<=)a1SEkGO_SzQF> z_S0<*C@-(Ep^)g#43N>eYic|>V|^!NjU(Q{Mf;uhq-Dch(q>8Nj$ln$)XRavlb@G2 zR)%cS)d9{25Rq?Vuc$uh$v_zvWem((d<@>sXOD{CgOK4szc$T)>fT}+R|kkNmz8pT zRmb4Z5pA{_K@8}%Q}|yKKdQTpxmW*Wg?q>6@V z87mnjvn1)!C!Hl+G@UEqdE+^x-sr*ZhUR!KV-M~XlX4CWhHM4yKEJ9<{DsedW^&sL#~nu#^hb8bWDU|nu$~Q>lKywP zSfh;h*iuuFO^vy$dZ|jWShB8z`uMxmYvAWCwM{l#V6OOxL)V+^nEs(FBbNCY9bf{v zmYYJO#J0U>`NXyh83J_g=|~5D)yeMsmR`6XUn|-1QPUW>8jxo}2<*JD01o+gdX?d!k`y-<7gdBEg*0Z%J_=}{W_UmOoa@7V zyc0#gBPu_2lNd?qm-G4;YY-$RtTfis-duNUvufJ6Wj-0J84yX zs8#5br~0?{oREFP6I&rX6y?}aD}!wijuJMkJXFxt3iWIvpNOYtybU zUy%3{v5vdCq@wy8U+gzp^CTK?0(rv)MOQi=cSlsUGX@BwcsSqKtSkf0U)h!~A#-?~ zn7;PI-Bq%@h>FqW_9|L{7LYH6Q0{SRp3HETK`I$ z5p+{rPj)o*r{Ob>+dry_go_Xa#eX!qFMGRER?OvmS8NF>zhj-VsnB|n=^JV6jE7uH z<|vIB5ZV=Qh)l=}>is+lE-P!2Cfna&4_F?i?P(~U+vn8Reh#%;D^BPZ{isXpq2};& zdrMADhEHF*NoI?JO6@z^)V2s$qJ{XOFR&ie38}y=?y=IvyB5cTn+85G=fAScizaxK z@5rW87F;xwvrPjeScr3e|Ze|ZY6HK*gfH1^k}JIgNH=|^tfB?EKo zOWb7`fjs#3e(RtK7WQBYVf|Y0u1^Qzka?xC$M_Sg)jaa&7OG}HT4H2T-%7nd1-URM zadLFWkF&p@twN#_{=lA#Wh%P}a4sv2nk-~h8qNCb!)W;C$dEMeW4fND^K)0e!p!Gs zQ1*TR?}0aw(Fxf-WfhdsO@Vc5@N9$22Xg;DB)(6+tK-H#n_p>cUOct72_`?D+CWS< z6NM_8fuJ^5{CFm-o@+p!@9!zGt%Zk4M$TWdNIxNI4l3zSh$l&oU3+k-M?yy!7o!sm0i*exbWahzqflBXS%HDax2DP1cOzt}r&tzyk2-dYu1bB`k^ z`)tyRNp;zASuxC1>Tw|px4jC9 z(raw~s648kcE9O-w_S%h-|J@MxwH;F8)$!UIsz9Sxr76HPD0?I+dP6W?O}sM@sfW` zQ1-LxnanW`|7~x8G;}E0>^Xh3N~(Ev;Iqle zIKbdYIxKUKOx>Mqe<+mlF-w(A!IN^GOq%<+`t;gD;wIeZpLMO^>wKB6*cv6F5DqLC zkgQe1;h05^Xu}nCC*B0Z(4cqo<2D2C@21GYu&j(_PWGgUzD@0|%GV3i0dyoW*2Wxo zBkd<@Y4OkTXDh;QH%iabadPVz?&L~Rq>j(gCvN3igaS$CUL6CUJ9({l^VIsH(^3}~ zOB^(c_C@^wQ%jB44`m%Y{1e@f0THHdkCx7D&oD^SY>Pun~U) zA#cO_ez0I-UXh(G#D`3?$ycgM4jFewt(~okDfD;aHAbogla_MSgfG+HjeaPDh=OBy zvJ_2kpc3LU91EIv&X(6Uj^li9Hy>4qOR?B}%vs1@#Z9kLs(iMOd|uBk6FVc<1eX(@ ztmeKP=G~ZfqzLPznbor_Me}@Z^__@FkyQ)22{_rBt1;4OxeD4+I4C_ zl`djGbC(!uI#pN5S|xIFl`4DObBbtfI=Z$b!^xtvacOHo$SPJ$tZv`mUr$KAS&Pz^ zgn``qK%{63yCs^4_qobdsRKrLtviw@)PHW1mI|l$MP|8^+cIGPy;!_t2^ym-DeR~| zbV}NDDn^pOi!#|P(zmrH0qRv=0a^fl)nT7xSTwH*V zA1a9EyKN{yQ?Owq#gi}T^0KlAGuwC}n8cvTi!+mxUU3W+h^cIqEBr`(7CrYGipfDW zw?@nJ!sT)8JrX@Y{bhKw7NG_1W#XA^p{w(Q$=C0*-X_f4jrR1I8??5*olQ_1MH*SH zxyKm9tsN!^E(m1CE>t1WJ%$i4gd)BZ!Wsi+Jy!z6_PS{!s5%MER1`a5KpyGpl9xuN z54c3We?^yPI27qiad~gmg*>_lwA?8?+&=G23XGg( zU9^wg94a-M0g!VLt3uO@)%Xf*ZInk0HV}4x@8jNiRfF^E{6uGIN?KW)=qSX@(qQXi zbPUVqrvzC~M6$|mllW;lJPnJkM@N+9A4_3?Zyh0usQCEA&|}3np)VC1`wQ^_*f3m8 zIZa=ha=QL|#P`RZ<5!p^gi|9h7~g6xR*T)mq}-yj?x7pA|CadWV&mgKQ$ZnPD`?lg z@v)S0szeKIosao_c80KFh@IfRlUdNpt;NXK5h4=W(FX<6DWpY^?Hicj9&c^8rhKnJZG)FX$OtK5WoVO#);MKe>%b?U5BypeE1 zfpR33n5_WrU%kauEI5chPqb4~DTd&VNi548EMUvKB-DFuCE@D=&ru|p8i~yO&e0pJ z;0FqiZXS;R%2h3@hyvwroGDX{9FMoubH~pi=2Das+F|_eHBa)n~vJAJpepcomq(QCEtPkvVhg*Hdo}OQ(MEdK zVEg^1)7qH#a!f{9*3ES(Gy7*PteZfSh32?UXUg3p4Kl=gRn@@qYwq^LD$48qTW6f? zj*W$74jX3pIgl7{kEUnKYJi6|nDNN#aF4S1AGu0SAj)wvS6>a`Jr4Wy7YW|=( zF=BBSrqe$;c7V^*(TbKYY9U-*`I^iz`x2m`ao`}UTxwF^86EKUlvaA^XiJ|0FY+5_ zs-)Q+|4U=Ygc71gb0!yBVU3SvG@cdhP4L>fwfD=BuA&NzCf&S(KGBNYX>Y`~YIntBrvR z(SGC8+PBTptb;_?3UHg*=z_o@8v_d$U7W*T-h#R;v!Kw8*l-ifT=qLnnez1U*7H>EIn`Qv+3Nc^PpTZgI2x$2CW*G=QcA~QAf7nTFKy}f@= zRxd1|H}7*t$M{9anpkh%uMrnKW8NU1(pT`sJFL9%I!7TjA7=k>cXTmu+nwEEL`Q0}J8B60!tGP;G$VSF4R}9rDYz+< zBq#4Yg|?F?tl)jOPsa9CR@REmc{#~I>V=D}vmuUgev-WUWmOOxHH7vIR)2hvv|hGY?f;2yZ)%`S_>Ccr9CkNTthFUq4uW#CKeZJ7^l=R zH=nZe^$XTwCWAOd;;Hw2u%b)xyU$RP{Tbckcp>HzAX?U0an5q*?6jVjYa(i*_35p8 z-Rdn=XC6-E7i;yXHAb>Q;oeTkoy-~lH}riv|bFHaYCAW%(G$El&9%C6N$ z6){tTCD`)@7fhl0%ils*Jws3DkKC26%fib`y>kF#7O`|>R^Z7${w zhE=QC7pVWoD%m;&Xw5N)?i{zK*{&MABf5t`5t?JtPQ^u@Fhr)ok$u^ehYV+7A+kPy za&N7Y-`U&VnDoj^O-E2<&M;N_5^Y#eA`*DT2CRai@E;H_Ytmqq@7?%`Cav^`~Vn2yx51-=)7uT>?`9^4*6EcNgd`w&wV+ez?-}P4=P?7^E z+3QAWqwHd|V+#2Zx@|CoT3ImmQ<=A3j05BFcJS#@l$g_j)4vCvB9TCQyg$=_-f;Sr zFVACgtVMENj@2JdVXTZVG-Y&k-hB13Z856-_rU)MYi}bdY@4Eew|GqRa$B+^jv@$L zBg4$^eRAOdp4z?yZ+dkpWH{uu&AGD!M88iMD?X|aMA?jL;@YQ29m=q$U*()#Ew_n@#(^F12rZU^p zS7LID`}sz#>RX5TFLcEYpN1r7*^l|%K^=9=0r>5J+BG`f6XSc3w~?W}>gHBOm76Y? zn4zI@_d%2ZLyQ?iJH`|^{p>%nvXl)(5nn+JP*D8~d_?=NG-LT;jA%vn{^V>EYB68U zs2GsQRzreLk%(d3X)7Ct&0Mf#>lAS$j+NhL1O<-0$5Lt@H%z zgbMqd(s0fTFiDhyuG!3m#?VN+a?Cpl?fG0;VQ4^fA;mx+-~ZIVBgcIrn>*)r+08%@ zT|dMMyJ&&b`coX{=!0Er`l$SWi=n**5cYLI0qv7#lJCzeHV{Xdu}^^{&{OYHCy{2z z8n|@FCBi07&*S?msI87{VH@S1Jm0i+#AM}8p3<0z`sN9kXezmpZH8`XysSt}T!-}{J@_o?Z1e4bCqV$qIrBH5z0bC+l zpzx{xQWcc8eDNFQRJ`9Pn-FPpmXIrbONB?td znJoZL(6%!q*>XwvGS}66RHzQk__~teG;`M>v-SlY-wU-bpy+{v{^c#}oaK^y^;pLl zj$uL3OS$#ugpM27N;zcw1q`%uZilF_t zKP?S04G40ivt7>N$@O3^5bCSs;o>b_`LgWwm7<`>$2l_>>5k~R2zjNpORB2FO}X_+ zhK~m$5Tkf;*{F+Q^`LDDL3SWsqP(3q`6vAaM03=_{hCYD*{{yEZAGVYgtUQp?a2eY z#_+g#SHkPtWHx`!D zU$zw?h!!E0&s7}nws{X6^sg?7X9zUhzwYWMBF~{fZHT$-196z70_@|WO9vt&F9c12~G^sEDMd_WkzQqAi+2V*2`gNHD;;7Z`9pC3tn2`cvgj7&& zIjF-3$7+bU(&hdZ*?Aqq;Ruiu|N8Dw9)A>2D^vQ~+jP3w%#~)I_cpO$K5o|MjJmy2YYr+ri{r+Py)%ofwS`Ak!cHs~ae^lT20v zxYPA<15D3AOzzxlD!LhSQrcCMUX9p%If!d}N_crpyfMqfYqNy_fcNigz^5HA@-E5+ zyuO*~4C2Y3LQfNGytf2Ey~LNIJlIb*uX0&BenmI4S>^YvOG1McM~#+^j!D(QOy^dN zhc%jh;-}5njpI(4Fp0Kxgk;KH+7yh^YA30F4tSgEqI$G3IhP^3yl`b;*E=i@&9o)nZ%|nSz1zH<-ppnkT1*|+qWPr>nG>(H2)DEvrSTQpcg8`p=x2$B zTQ7P04*@Tc;?ZANTk_|NWp_gQbrz1$`=_1Gy*OJ^n70)<4Lq3Sf{=giG6S)-h@!&+ zVC3QP98yART@?BicMB2MZlin0Z8F;}rN_;@5oAAO|G%A9oNKT~cUyttY0=U&X0?elMNVWwkZH>_5G;Fv^>NP(fujRaWS=GWWC=b6 z*9D>j!fd+4Wd>I5Lpk7z?te1ZZL!P=$M5Zkr@ufJ2SIyGN>Tbv@r z)H5$4m~*s{zFF|lrVgGH*{1*Fto8gBFdeAcby&>PA7&mG2@S~~>&e^U!RrVk*Uf)z zBV#qz?Y3y4myW9-I`)f=S+spP8B}I(?>{9AVrNZ5ywP+=wda%C_6m%g(mzkXr@rP; z>XZ8@9--d`Jndg1)V-I)1@}l;zF&Otv70J*hqf2*?m4YT8qhqI@cC|0>LOe8{Mt=i zlk$2fTQ|Ka-j>MCl$N)$HuPz^u=()mvTY6h3MbVKE7(a+QWi;t3f?~fl|Jbm6_v2~ z`pX#j`=VC}`2SafKo01l%^zMlJ!fG?@r-Gp!(x_o5~3j=#|>Hkia6Feyx2HL1|2-M z`f4_JS2Sf&YQHB(UA!gAjX*gszc_{d-i?R*?r?WIqVNPr9L0hudm<_jNFUDo7@FA` z9G}AF$OL2^cly8_PBSz;YpLj`Z1tGb&ncg?GqJ}z)S{6=)`q(Cc?Q_ckyrlKm zk|HGj*D4{99r%F@)qTx{K)tm`@JmgM$+j6-{Y2xsAUY4^pB5J!_&PJp-&3s#QnGp* z&28_58+bdtHjA;Dg;qL91FV7ND?s;Om+b&;D_c{{*IGV)Y~O9Ry53)Da+b@0eV-lK zX)upMyq4>>fb?<5`Q!&Jz)|r3NMUv1570j2&ph5a5u7@|@x9y$Gj-bY*@WbM1t!}W zQ{le3397VTCX>x1*i5LoN3e; z4hFg>3R<|XwASFjSssv@p~D-9=iTEZeqh6pT^|q0*>YyV{0=Oo{q3#w>XTDGo<#T- zT+u<<%achl9b$!H?bz;P)5(uv>+En96Ye~q1sD9A(l|hkB3}VB!^%WRRMMk)vo8L= z3L|)ZbbM?uKRT5s#76Q_L@vz9!Qa=UnBJZP>J8+R$vHZ2+k1A6We1vztemNqRac8P zRs#7YHpV!od;oycGewH)zw*-1&7bj!o}?m(vg!cip;WSR#A~foHBvQZS_QPhUA=@V zpa=8He@`I8^*0sS5h@ISiGuWHOm;$7Rd;;kgP4=Bw6T(h6^=Qd4rAU@qw$>?rMGH1 zsFd8+#*YMV6K+X@PKFhQ+#!(9e@aL-!hrAta$rfmgznWz##LLC&=;~iPaYF`8vzxj z_x-_7r zE>z>>LBH-kOF)QiS-`u5NO8)j?E?-lP@`xCJ)lVlunC1~BS91fT(kL^&PMdT<9XQh z?6AeHczB~OFvgb-vk<}F6R4*&jN^73TE}H@uTn-D4}kIE$D5P#Ultz$u%}JdFQ6cx z2zz_$x`q?yEXOj}9Cx#jpnM%g0lY5JLjA)WpVY8Kz9x{iL7fN(OAn}M_FSR?yGuNg%cZQdVGldv(G`th>Zo7#b_%9hDLqofIehTxTb53z zj$l~n@${qp?Amc>``T6S>f0@Dhh6u>Aw76Op0`vLHTs*OkLV6Tql@?OtFh~F`y}u5 ze89-s5v^*5tBp&=R`^6zSv%|6#*D}N@+Fo;8~EtMRo|zLS^K`1`H9VN%JaS|8{Tf8 zc8>F5uM6o_)i@#X%!`Ceg$F7qp)uE9@V#KW!7}_CuXS88?9C83iZMGgKS{|lrYlBp zAyW6xgp5NIT43XHk)6TGvo4;W=)$ZL@BM&e0cIOoD=$%9oyDrnOMa6Rn+_-5enN@VTJhuw;lZu8gz(k!&s37RUqXen=lou?>3ZbRl~T8-z>>bJm>FGy&yct) z(3FXz$@Y-Zgp+lnPi=+b%Aj>(V=|=wvO&>f*5srAo#TjEySUi|wXa|7*ZR_9MEKuqU%_O43b7#}BMC_%iRxp0Oy89U6_<}s zzT`qsS5R?_`<`NI&zXU>DfDlV7=D5xA#;;U&Jqg}yE|hOGEKM~k&tovK)|$@y^)|Ps((G-$TLc4@k=w4ERXqInUx>k{8l!0E6Q6Nk z7vD#2Z6C8anssLLn0rd@J3ZbfdzQ8+`(NFDa1O2;-A`P47CaMlx-r2VJiaj^ciOo5 zc+7QvvdQ*Pq>f<5ccFI`DMWUgP|ZO7piuP0lJzO;LfwwXa=QBc=myV7w5-srdC6v} zcdtpO^W>ugmWt1q>UNd3?!HG&bK)8wyx5x@ytYU4naAtaY*s*L8xY4{H5nwU$?-gJ zyP37_stF@U!oIH^{v3+f=PHAm z2}J&}FHd*KFVJTm$~e0oScEF2POZW7P8R(OywtZJlYG{1ct0Et%?#jYTCSFwI7&b` zWrCU8w6xx>!G57_)Oj7FI=0ds((`Odjq+Z|+7vq}-}mSn9#J29iIx+!C@@%-j#~MA ze_cKv|X#vJ2|j8 z4?LcF);*T4=F$RwykHnVDh>)XdtI8S0#As2SWhT_Jg$`SGV=pmyJ)t4u}_O%*W&qs z#lnn4(#$rwx2mc4Lm7;2LpVvaF@_%=+Yqq_)Q21nFS}B^XoY?Wl@Eu-^+_Yvag~3N z9Lb02{SsoauA@cUqb~mML~nzuFt{riG>fx%>$kAm8zrP5pRV6OZf3LWcEr&-nq`^W z_i`tPtl*tZrsDjpi`L=v$?#K+CJYO!#oBnS;KGEOOBlWOp;Q>OY- z*Sx;J6OKc6dbA?kg_?Q80ECtTp!%wAnks`~z{ zgUZdfG|-{{V$!?CWU7`@Kmr^1MQA69Uu`iwSD4K;Ou|9yk8#L&E^`IR?3c~uE_$FW zH5t~8B_eu3on4~>v$FW4jj&DcY;r5VkIr!|KZ60_p~xI9&i$?VbE9)Lc+;X8TyEC) z^JbV7p9wmaFM~TPXIbJOIbE@7A2>_|R}-?Hlr{1x@_c%>wA=w}J0v4SNJ;t`Wb&5L zE75k&=!ttx^<4!8%2@1apsm=v(8(D)mLZuLu=u5yWNb7yJoOc?RPp9-$K>}DC1e@k z%Ud4s6)t3Rnssant&&wXGix#M7yifvytCxTJ<2oh$uz@ zQaB}n2^qgiH3NB=#)FfB(VgKuMp1&iS(M~|;@68IH+&iYYeO7-edI3G!_uetQ>5}3;o%}74Al@P@~*nM6$bTt4Z zixjZaP}`cBC5jkxgA{I?fESizu3m$DcKu!@-AbbP!2;XW>HO}=s}(61*XTvV3f`b` z^1G$ATF3GEgSTA2toCx67n=tKEL+%>1i?PKa*{cyyNWv4qsFbfoXv9s=kZekr}q>7 zT_?^`#r@SOEuPM6_$u{=5sOo!8q9<%!}mydCpN;x$9)dL|sbkps+ zbmVQe{d*-42uaPAxg(aJ*7U)p2KnCpbkdFLwPTucJrA(C_Y0MR7=XdB*cEDV#NMoe z6d!8w=g2!z2^|;7u&UfI{}^6jxgquV*ot~FnDU0^o)zGV(Z**h#W(9McUf)@_T5N) zbc?NAeP|?ZmqfOX3Pl`sv60IVQ2K8taE(Ef2PQr$D{{w&hlMwrmqMy396Uc?o=&{> zgQWLCRfdJ7YlE2wn)QE$JZIbWmavQACxIyh^C(%qqflbwx$em(zbhSI3>x}1{l;H7G1D!=O@ zB3K%y$lhDwiK-ZTd|1joA$Rz?J|w(;`~*TfB4D$aX#m*Lo4R6ZFa@sb;$gANw$$X_ zaaVvY-TYmiq-M4nO=7ZJ=Idf+A|5y|*w+ZhJ_W=dCMAJOCv8^C8q&-Xhk^NFV}!OG z=~!%Ms-$(B2d2irYGTz3&#+5k_vaz`3|%4ihrE=~RPB9qBJ(B}2Ar=&D+3pJtXMI) zpC^tilBzy4m-6HJ;M`r#%j3;+zT)u;mJQIrT^uBt;EXJvnsoSh&EvLc*H?Dhbsbh0 zb$UE+zqZS?a^J+>zuYGkMYn@x+kSmk_muS(){hV8LbRtKnM&{TP97Fl{#89{6E-D_ z#eOU>?qZvc@mI9idqHJ@q9p?qE$1Ngt)EKIG-_6}#dM6IsH#gEW2FuIACMpuQS|!u z?$TRGnYKVKrIKg#>>$}vG=)Wf>tM(blb#4@PsgL!i+G%D&XMOV-Gi$0LdwP0Em|M% z$yc_uq4gk%;;Sv%VSfIpdvv0nzBx~y7{LIRE3}*AM(@in>Rb@h3gp`*qDiosu$@ur zxUh%G!(R-v_=X<{&8Lc?hMQzgqoB!b{;3y3teD2jy4Xgg3F`qz0yoJY?~hGx!vN_P zLhg5k2d;$BbHPJtfi;VBvUbtg3+A5)_0Ne*>SxRPjLhlX1s|h1ONSt6{>TwWDZoXE z4cCK)yMr|Pm_znBgd|dnyw6*whC$j(MY(4pcWEMiDr%sg4LAIM1|bs8&Uc`HB4|K? zyYhe3^6Suf{BS2_GK~a*p|jcsu1-LKo1-2NVo@PAwR4!lQocguB3f zB<892U{bIPCuiEL?#7ql2pfrQ@oSK+q5sF!S3pJKd~JiIG$Oq;(k&p}4bmx%ba(gC z9ny_-H%NC&H!j`X9pC=+|LS)R=fHtk=FW}h#?0JF(5jHnCH|U&uvxk3pP)d%)KO7F zTz*M6avVr+knSw{f2cMFl4Hr%jyL(PU7VS50)9Jw-FxuH>9{yzt;F3bNi;njd(h=Y zBh4P9+9AlZhJY}HL^D`P#N))^G{G-+9o#l?&PlV-(euJ~unI}vT(nIvGt8S%$5(cO zF7DzTZW0yM>@m=#z=B&N`k#{(Q8VFcXyPK%D0sIU_aT+Ryh$P~V4DX)1AqmyX-1N~ zDx!}`SGf^c zp}jx&(lvIX4+A$>(o|j|=d^Uc-3W+ES#x@uUz8Uv-!r=l@*qern;Re)E$DI8y!RSv z+<4F#&lpoEwHQC4u~kfXu-B?EU?~p!?c*xm$T_F2;g|{O<#_|(v*tNRh6S3#>OydD zM`T`nNM!=xH%D!bD&7o8{L{Zu9KF1uTKzn*{;3HfhudR{JZelAjw-?E`=~9)p52_T zbRj&!_HL=xHFCGNDT%r|lKzTfPeQOz?Tn+I5x)1myh(HJah%WPj`&qx74r+)HvbhJ0=N44;5^Q!@se!5jyz6ffdDz6%S(A8sW^ zsyWEohJDPT8f#h;RD_{>o0iia4W1F{^(Stvw1JKBJm8}E1a6&3}&3iuRC~2OA zdr5=XWS_jE`7mbJ2wc)(vP;4+9gL~2yu;Fz-z2ASN@7UMkTLijah3es_+f*Q9xemV zz*6p?Ywg=83zS;2{34ll4Rx=BGMpP>&X08Lart&k^dH;O2yA1)Y>QPM7XdNa>wTM5 zJU(11ReN%VQc0j?5~yD;LGV5wH%L~-tKD|;2>fQ4ww}3 zrVR8!z4!sYtc#eyTr?!b#*duBk{Sfyj&mhqGoidi;GRB$|AJr>C_^SUcEgy1l$u(^ z96|6?y6N!~&d|;-VQNi&pSL5`$>sv%eP>Ly=GanT{zSTm-5Q(fwd5IYa~crQ^#%^UQzOG+22xGV@8ZVw2C-(``kb`ymk+n13PIG;fx5yPHR;=uNFQXgX;QRU zDI}aapyBG}{|1KFC<5hMivslEINF_2q`v6J=YYk7PBw-2AsJAg`@XTYCYjMdox@oa zxz|WNz6;zI=D*y74$#UH_p=KAtmG|=f~Y-P(g5zapO)tRZW`4zrUzoZ8rmdo?e74s zLjMPmVnJ*Wm2oCel|`8#d=_kfHRVS+^Vd4LSsq{1&LSzDXILWv$GHuL)0(Ks;3ld2 z68!#!l4%q=-fCGv?|c;PzEeOh`?czE^ruyQTH$n1uJwpfUi?1&A957aSHR>*yyYp5 z5=|*I>rZW^(a@S@qcw=FsiK}L+Y(*b8bm>gqWqiK?uwZf-Kpn+&bzf@4 zm1X^l=~DG$!HX@2C35{;yLM$gs@HiE|D(_SW%%?iq-nqvEWrfM0D1r`Pd_o^$@Qr) zmtt3}HG7mM1Ka%7Y~j zCK$T!wFZ?Gj^W03i>OL;Mctf}vbc7z?YKBBMYM5UxZ)Maev{|K#bN$!qeww2TTDUw zg0+~q(1;GZs=AJnP$m8R+hx_;I3C(#&KD&B+dm1ZvI;~_nFvRMC8X*|VlGnuDk&@B zLZSVkwSL{l<_HV;QD8;|Fumf)0vqrfsM&#E1*oGS^Pyq4q-#w}Sd6?iVCZBoWxmKQ zRFw>uP*ImKmBoHSje`8kcCs{FJ%RmNeF5e1-U3ukreX7to2vckpXJHL@=Eo`HdU`s zp@j948Po1G^zrHNr?V9npZMploo2QcW~lt@1a1Z{>{u%tFw(~k^WxnI{s><%eO}T| zhw_7KMvY83o!nQfZ_Me>mqEpWrt4}dUu;oex{fG9F1h|WLTI>F*$2y3l-b(HdMA=f z;ri35`k4e zZJ;Oau;9shk=^wtg~Lx|*?TPs3(5@%Jp+?YEV+LAl)ie}>rIQSw>Qs~|`LzvgE@!EfDVkvQX#Lwz{6_^d>zEHi z)At&aR@mvoITd>>IYY`QT$y0`q@u}g;|v)KK__5f#kl5~Zn>jOk*FwiUofGntKUf` zeo)B7bbim%2X5B+xAZCmMMLSuP7{2v$ot$HGn})OrQ^JVscKJE$#8mF0j@}_SoT*EtW-h zT6NR?3~xoiv3b|E0q_Sm!Ad5=PDrK6Tuyk{NbA78?t?#MmZ?*a}Mt-`RoDV04`qPm3QyYVYaL3RArvve3Q zSEW=oU(5{LO++!B5anQ2j|ze=sb|)zp2sX%GX4LAcR`!fxKV|M(3w+btPGpY#tMpo zbT^w3=QPFY=`)`fxAJw9Zt^t1L;kXYj2nNA8dp%AZtLpMnbJCO)q_8Doc6p=sW@!D zv@J5;L;OZug~#o|_2@?QLnQjeE!C>&N@4w-7mT>qr#olEARzUOlNPv}s2;*^o%n)? zQeeoD9EYwal^Wpot^g+dYe-1+ND!tIIc10&U}WekL6VbEBNjmBpZd+QKq#@i3A!`4 zAbB7w-yYhm)^zB+X?+QHBFgbsVUoZU} zx);rwPZ>R6EhTcf^3Ato^`q6NDNhc|9@?JCV2e}miPj-&ehzpc?d5Bh)Cm7SJ1;Qn zR1!hoiE;h>MFdlfRZ^=J1@uSBsnkz)(MPs_(GS&@L?Apmdw_@h14n;YDhV+o#C;_S zx+rcVLAj54h!%4S$1Pn8hwZr-aWz-d-t&2j-<<+A^AO_(UnWOrc z;ULuSy%2i1U>+90#UT73nQ00525R!#E+s5P&K%myW<8#FPMEOrWrKvund>odf45+2 z(jm8E6_~n2Mo5}J&rgZF_Ryg{m%Bes?Y!B9~c_lWq{xSPQF71UDA1e-@5 zqLBmQlUp6=MTk%G`cAdC8(k)BXm9P(>P=Z2W}hQZZ{3nFlL6@HRV8rnZ6<*R5ddBMsC{xg#-=4>IB zFvH}%k0I8QS%M@V7_tQG1Cz@6p1G{so*`w9ZUnz-#1z(!tSx#$EEWzdg177LN?llR z{eS1@#sTppVl^q~fV%XdiJ zI0cDrk&mR!AHe(Hr>tbT^nf7V=5lP0)9+z5_dV4!xSZRssx2ziSEX_tS|s9YIpL|B zX{zlOE<2(YjqK?#IbxxiVV_|IC%XQtbS~JU^-8dRB@>9LLwRPAq)p5NG^k$qZi_Bf zwT_7@esKF@Jh(%S;{SKiyZwo%0x{|SC8mbIC^R}NfhNX@)Syz6XTvZ2NN*aBr|}u$r9Js zG?qUwKU&(1@J^?CczlagF~t9z_yTwQvQ?r+$gtQ;D0$QLp9-^7KrY29vAIy-VNcSV zX^D6g+M!!fOR<&&3dpv@~_Vmm1q-azdG20r~uALx^YZ-7t)TR_K!al`CC)_4pD$7K)L8+@A$73L+T-;IkZe9ura6@=L>r;!=b zTmduAS;HB-De!M4HCd1ou}X{d6iefQTK`SM51z*R?tH=-Jx#6}kiJ4pl+$BRaf$!O zk8^T##BM%`$)4eBsD!hWD8dGt(OH)We2H44!!%Rab%Hc8a~|osNB-wTIHA1B3bTQs zi4G+Fg7q$6P$nB{(_P#(QFkoe9|4woAPh@*N{+$c{i>WHXt>{ay@V!fyT#EJivb&S#URV05?l-#*b|a5YhCg-z5xxs0TgINjxqsBa-ZLj0r~KE^m)fP6PJz z{>zd1IDW=%vWm-20Cuhtx)$Gs$Fn4jWM{{m66=Jq46T_CS%XLT{f!PsO#~da#)Tc^ zL2)|{kUs_M3EI46%I4#B_+8r(!IbOp#}C2&Q6Zvq%R##u63RhXhoj-OrjS0Pxb7W% z6VW(0K?Qc(FNTfa0spvi^N|=I%oThvR~~=(T7tQ9B;FOUIx^llvP;b#AdI}#H@&IwU6KQpME;Igo%qvG(TwFvrnawhuy!DicmCyE%U} z)cll%vZS0-lNU;5V6J}2brrI;#qYhsN-l_?iFftnes)YI%(J0M5;NWo<~P?^slnM~ zUW6fYvBOY}+y>2iqic&eQY;EOkZf zH3UP=3|VBU;}f;uSrc^qcj zoX*fde`2iBVj3V6`47`D8dd1eeaZq@y3)EBH5qC$#<+iAw8l0u zr&A-yUk`V*m=^f;Lx}mPMwfI}aR@#90u7=^&fyyq+<($DLRJsja8v(JdNmAsxJ3JW(O)E{o|oA?0eyJp7&5-9)84@M^e@dDUsi)37#=%!83rw96i%{ zu>-9fq@LI#8#NLE46+#_mc|YJAqhso=PQokC~*+d^{C+eyV7e|IHV2izVt<4YYZtD zy%VA7`!zO>$$t<=wB6N ztx1NgmFGdN6>yUNG72;LX0{4<%AeAe{P+UFXqhbbfL98jF(qcs$pNPmz( zgJVp7jYC*)4QXdEp(`cM6FUKy_EL%=n0Nu+ATmI}8Ot^u@^1vFF$ZA+R&$eVa7=Xg zCf(2cF=GKfp#yS?;pmoz!bW!}3&Vhkqg#NFXTbWGVZi^)7FHYw0iaI>AJ7G;X5rv4 zs2)`8za%xHDS|f$lNvR)4fr>~;wXeZcmjR!1Xeq50{kpnEYdJ74L_c$N;q(?tX>iX zgf&L4gaREY-h^WCpFaKaFMvYoGxYs46Foc}4j3Sa-{>(FmLQFVs?+(DMIESZA>H{Wq7!1cV-VF1`O2v-if=&wM$fiLd=*eR;O3Fd9FDuEa`%c4Z0X4OjO$ zj5++?lNC#g@9%6OF`yPvtVZKq7ejK7GOV}=-I&{`E5)u2&1jMIqDdopy7pg$8>6E> zd&X$ZemO^K5V@7c!2tR7r0(@+aDqaddSq1ADU-*WHgldQutkw1KBXH9MxBqkTcsjr zG<#c$P##xfMzW>h?h7l!?h4ZF#OfJg!pex^IlX3Pb9N;#ZCshPi#b!H@-sWpH(3rd)k~5)Xa~h% z&x8dQEX*TPWf>SeryoaXmx7Qm|NiOa+u$AH3+QX}N+q;PWrU3|rnHf}07?{iX1rW8 zwW}AKW3i%la%rhO1YHyv6j&<`ZY~F_2Q>3H{At6ikC&M!yZdyvy!>_G{Y}9<=Lvox zuBBsZ7^C-U25@SwGoj7ueV;OeC{!=F(i(!csA=+>)hbiPj`ZO2N|CRcj0Ih`d1qp# zaThAv7Q5o3U%czr;qKqILCh@Lt>3(sk3=1wKNlDMYS11k9o#0J5f7B!e>WK8Ziz}g zu=T;0ZR@apAQ%`!Pq?%xyE@Fa@lCz}_(E9S>eIZfTp3_b(8j(v4e&@i-3ZIidzDU zxqOG7bQFZX30;i#^8964CvGadX^VIe3c^4-Yw0q{S#k|RjaD;OqOF9y{CR|AFh(^w znxMjbtRvst@p`*S%d#LOZg7LGsdNjwGxzz#aSX?ZT64z8Su$AucHDBEU)wS0xqtGA zu|qe^;?iyS)$tDdyp+>MIvz-?eQqYWV$7ODFlK@Ks8%&EhllEEm=}K;yw{)<`F`8R z-Kr)w7kW&x7LU4XErbQJhbKb49~jUln82jd@89=12F~uA32E03ELFhf#14wp`b46$ zm1W-0goLE=4sGNW3+ygf6cOJ{-Ba-`Aqnm*We$`%Fv=#&n0{SC|5&)Qo^geVfA&xS zo&PlVsazUF7Z6oAJg`>vl4NN;Uzk8K0d!WnFMMI z?$}dtx;JgcOcp)2`ro4{mrS|QbR4O|WvFZXWZEh@CVbaaRJyMbVs2*qrNE}iurx{6 zesJnCg?%9%y02g_D|j08*{Bd8oO-=v=n}l4MEUdJ1l~7nS0!0hbSO6_DW*Qx*yw|r znCKXg3SHsbHuz&7iU3Q${->oNZ7xR_^0OIkuD0q>*B>KI)XhL$@1`Gu>43?a5r4?amwTRQiljU!*ne?HnlY9&B%! zE+bg5F;Q{*F6P`shV_GP2$s2xsGuZlYC=!sMVm}@A1(ii= z1fmDtFR;4F39K{zPu*_bE>2L!6wOV0b{q9#gSr^`i3$BoDGPZ$%;b$V8>B_3bW3lA zmZEE7<3S^@Pve_XvhckHWDHKFy55~*!Xc$TfQ9Eph%L<**BG^De4KmL)b?}?+l5sQ zqAx8i375qk#b*8C&lqA4;L~}4`!CI5QV$UONIJvS9o-RGIBj1Y9BDe(+xG?^7)cgn zwKdC$j28M+w|i^HYLiWvM@CqU?9>a(kltl|5FDIlWw_|qk!mRcq@evC|G(#;=5<@%mp;>x5O(K$SJlcCGy@FQwAMZ z9Tu~$-Q|+Cv|4XP6mWGOrJCR7sK7zkro!VJ@`pc`*VLS3UqaFytIDkuYfWr%JQnW|V5O~7>WO3Pv$@h)9MKP3 zSYc0?y@P!4(L&T4pyE;go!Bvm@?4|*!xoIsJ!F*bL!3%TbPi#hg*bDvtW2iv&94#Y zB=q)Sn~i7Ku>rJ7mM?O4JF|-mvhf(2ZaEifY8OYhbGJv3tM+ddW+E5-fG+ z&>t@?j39*$`I6&j?HDn@kQbxKGYT_@d*P)H7`|Wl@g=V(LbrXcr6=^HRgo(nZX27c zd*s34MIw65Yh;dIhJuUyd)q1@>c((W0<8@hitZ8tpl&Z7+Gx|>INO03ZwfK26vYNo zqPo=EL*b|DR?Iq@3FSO)qq#1mbqOsLr*+s*?xGgEhk$(?)3r_k;0V)1r=K4z3KABbE64U__wrifxBfQ-?a9u1U# zv5adXrPC6VLLO##_&4dpv9DNapOu61wOkgIP;YscKmY1d{y+M9gJp~aNF(Gvo=Yo8 zl|aq(hC16|`ZjS}H-B&F;v;Fbm@iM4ZA`-eS+ui7TgZ*98h|F4b3) z;V4EyzQyGGiLQn4Ns%Bs%9l>p7-eql8GgiNVLCVj#x=72sRyX#TdS+XctWUZJN5FA zMASaW`AVA+`!2V{`@zlII;TosznZDn2d$^paqDfMz!fX&LaSEq70_+b=WKVj?QCb; zr|2UT=Z-h8L-Tq|uzh0*_>3EBM%J5X`1P04pVhpX>L1P`C!pCWa(pT`G@ld7&t~7) zd7!*96Lca0AdGEseQ`M;Mmr((V4;0+FY3x@2y0l(pu^pWacpu^XGIkU+!9pW^pUkr zJQ^NR;e12Q{{+3S%+O3waW0;zuT9@t^0)+^2Qc1cwIv0~cO70+s(6HD=^W2m=Z_&h zNQyRQ?*aPHCMplO1fQUpBV15Hv3X8(YQt)sd^s`k2;0bWsGvzvAAQ44wFhXZ2X+sX z-4+;o&YIOQsZE)nRgqs^bu-q@>&iB3YZ$~&=X5zcvnz3O;*+q@`1ekD) z^;#k5wXdviqkkmRv z1#AV$KrRE>E>ZGGHVafUJ6Qongdb23iGd6U3a$%>1HRvv7)O*wi2t(`);V2*LkNX2 zPeLhrEVe?I1z}+^o14pOEy#icUQGFa>xm@k0ZQSP*#CMH6cw7gp zW>?4tBA5)IRj=}O-W<|ZX%Wl6 zP7BY@I2;$sT5;HVCLF6da&W`D>=g?v6siAXHjH=|-?|#tsrRj^bVUTiAFj~sBt$lE zU96V%v2TxGn6{FB?tksjEp}mn^Q|e~QYa}FYhi}JF$;%2*ODXV)$edX3ovK6zF75c zb~AdXk-Si9ZTwv?QmQ!+R63QM*cAOduZp_6COXcB$h>kq zT-EG9Jn&hymQ)(CUo>v#L-YmLPDrrBS#Htayb|@(mMGAsCwvMdPZ+h=dAv?lqBKU7 z_rrq-nmprd&gxq8)3QGf7zZ(b;VIV1}M4p_5mo06E~{T*J&A z{ue~rqphRyAa@|UO1TJgz?VQ30<-a4?7&B@^vaJFF~1*=o?DqjooZrMQtR$IUluY< zH}bbAnyfs=(|i1^XuFll0f?Ta=OIqhn{%|`!bX?;;?BqejF&%h`=dKYK2vh4QtwZ7C7#;a5lxY9IRT9!{{f=tp4_i z*>bScI|6hj42SrSTJ|RrL_BYNtZyelES|Ygjq4bZ=sk?{R-ua=lbhU&GuA5r7U`MN z@lrf?$+dUx!9r45evhi+pS-+jKRc|X@#1Zx!(w29ess6!%hiuaoWBO?CZ}StrjG%G zPzYIDBjAt;cue=!1cm+K*gUF`gnnvh!SK;e)#wSnn{}Jq64fU0Ak6{7iT(wv$3PNP zFhPW1f-Vq6;J8@u?GWXp;oPw{Kqe_T+=y*`rZSdI_}R9W*l0qLKth2I?d7cPr3SJ) zwN-cMVS)L-!npkwM1=W9Udl|Q; ze7#X$6O2EN!j5Z>+#<{I%PF8$A}8Cj#oj%)iE%XIDS}T~!Fi~=Z)ps)PooJx^&b%v z=xSyiyw5BnxD=El)geM{$eM!yD$bVz`D8UN;RdBvOi|xzW^dz!>_7RT^dBn$dP>AW zp8%}Fj&jt^++Wb&>jG&XdZ0>fB$InO#PVTzk*Bu~bbU{`n2XHxsQi;?_ zcq_a!jK zXpJPIzf@H+;q3aKX2$i{RGG)Tx~7O_<6A2>$p>0ffldF!=}}K&hwqKQkqFj4a}hWq zZxKZZMPxaK&(7;!EJdk1y7i9``XrR^wCpY)ou6@6b3RnuIC#(mt`#}!#Wd?fLq_D5 zYCE#0EEbD5&h-RvPCgU?q{K(B#hD2LY)}e_@;~urSm+A6J0z$nH%EJ9Boh;}$&SX+{XkrM^k9jT=e-D0r z{=}H_)YGL5<>DZDHEkFxczSVTq6;fHsk$!*NRL8bX(v(DXWZZ42{|lkh*m4qERZOP zsxAo!|AKn%fzp68`+xO~quU@$yF04|gJ%5UQ*?r&R^3&}>HBV?7@2WpY~OAqg2>dR zUk40r=3dI4LweVDIF1U3d1K>M-rwOL1Y5T-#K@7;@xJ9MycgiP`u=FQh;vVk>8Ei~ zPl|xby)uYfaL%M%xYvC0#*iaD3Mm-HkfRj|7lmNZc26Kk_zf=m@)%M>qB>n}+&0gs zdVEqKmH#{EL^P8%fglB|lmDf)V|pP-!K<*i1uZ%0kds}}9j&5T5R+#>S&p;sW5`qD z5K!|qQ4#BZ=?gw*(CwY(exoQa=m5wusc*xVg zuJ!ID=tD10&Ck-FMSP;isAn8ea0sT#<|!UYa_>RwRiM}D!+DD?m$X9 zDoc63f;&U|SG?mK*<>>MOs*I^qoJ|;b_1S(nB`x-ijE?<74yb7YYje>K|)*t71Az1 zZkT3y9+qw2hy+J!WtRHm_f#VAjX;2pTEWYql&nPiQRQqQ-&NLyj6TA?A>Z*`o4kY2 z@yk;ALKOo~El9=1cFdR*YN`GvU@hQ^tk`aEoaGB>3l4PjCe_HdhY%Z z%i%Tb==i_2zt8<~PTg4A1FBZ85b-*#>{2;)MyLKr&{S#!Gifk7rdI~X=y=u_akZr?usXP#G+BgH}* z?b6TneBGmBL`A|*8K4SKiXOaDr&5_R>5ytxnV0KrPb6pB^0iU@Ry-t}LwC}#&ejuW zh6nlqZgZ;yYlg5`FzaD`u}-g}l_m-9&mHJ7aP6lYN`em`GeTUWeeYK4wk7`Clk~N zQFoFr17*Lw78SEp^A7wNpU{ z{wG&&rw{>g=!l2+9q!aG|H;)m!L$e^Fvv6N1Mr48e*62T`RABlMBAf9{1|U2P@+yF zhyX2qZ5N7NAUV zGGx=`G9J{yPO(a7{;6@?ujrF|hqc@%d*XR?KP?Bs2RCiI#BDpMU`=Y;Ct_n26==}} zi4HZA{QxpJ`^dlg;p`y1#YMU|Q`q!F8eEu+fV6W^7KX&FZjJ7+$*)~_ogqZ^va-u4 zL||GYA)TImVK>w26i;WVHPvMfUZXhRI)rYH6qOS|yT1Sf0Up7gs{mP99u zyT?K2ywit}+Z91XUkOrwU>ocsOyh4sr_A<_Ehd*cO1a03E&vR8MQ zi*effcu(??*9C32W{0hkXExtnxa1vTesiue$M&GM+l}Lnp~*o);+BTO%I1>F*5~S9 zYAp%f+Qt{FJDlE>9jWE*7qi7CBQBS`&!BI=#%Wf^)hFKbg_9{TjctdMUIVFQM}9@W z3-Ag79C7_c@w;m#!+Ekd8(zbQ>x$OTU~|+#-Aec=^z!Lk&p_^rgof*$>OAHX9=^85 z1p?q$cGe;WmQ?e~w_fAmbeXWMA~39p7jgeIzQw>B2bjb^+34RrGwGO&M=%c7{T6*V z83IndgAm{1!>WjJb1120WGx`< zYf@)Fe=tE&NJ(UVvn7J^1@~XXDiTy@@5os$<0Qx(TinDldnVqNGj+P0xjl)~AODQI4<$A@oMwsD#U3faG$sb(zcS9Er5D?&LRMavZ0PeT5O0E~Bu z$`zYb2l!U|TudN`OINd|ZXU`47ld_hv-(ao`3MI$J6zPNk0VQ1cFo;*mM{ryQdLXw zZmb7*zuXw7H&6le)6)WqYEuJML6H>b{pH$pgYF!Y6t)jf;_VLR0+fEom+&w#>4V_1CPxwe>@{Y_ldQt zS9)+jrYA;;%sR*s@Ycl4Axt{7v_Cq3JX-QtMEcaI=No1nlXYj*ARjW{f|`n7`enav z3;GtXV!AI>BIyMoWjvGr^wI_UT6^uZ!j)?z62;Vc%CgE-#&+dZTOa|q*6NFUg@$uu zH#xS`R;^esN%;3Bea`m;G8YBD)A?F=@bZ}4#CHD_CmK&^<9s`Y1FSgT3xqb5dv1FM z@9ZGq36z!<;wWPA6K%dr>(0TsWxH{9+LW{J1~%Rd9H2lzLx|o|EXRa#`!NqL9##6M z0r=07(&np|x(UacZ`7pRA5l7~?|(FYI<;wi?TLTwAOUc})>+LL(h9}vitc-i7NRH1xA&bl#jDdi;%@JDT50GR)m#9Eqepj6fZ^Nm8k(~h340O z&}CWT?Yaq5aK>g|Y8J-7s>13IKQ)ix-&OjPNnb8N9)AD38|Jl!HW$qpd|k|7O2mOV zSBU3*Q01_x<(}>B%XQ6ffO$V9s-+5ix1(K=XJOO8+*Pl(!;iGLVv_7p$&c)H9otes zI}1!T*XB*NtKWrgxiQ2m%=$?}shO4exYKl?i1tKU2^FYmGPMM*#hw5I<kWryU#2MX z?XMpQkU^70q6gIA_V0u3a+;;{QFy;TQ74@(`>B)nYI4FmAGmS1&N_M%{DuOLQk$+y z-8yd(p5*2;ei55jk|*-ltnG`7%Ga(%AIt66RKLMjW#QOYZYw6+>b-cv34Rfx%pGL{ z87~>;Yh-LQY8tEpjm{1K5p*@PF8>8a2Ze2?_oU)g)xhHaZ=tg!N<_M2GvI~FI?*V} zu{|wva0RlLY{kS#q?O)J9cC1fsBD$bo1%SpNOebcPy7lK*IL{i)}M4;j}=5U;B@=x zr_&V?vq136rTN|}Ny4v{lVbh4N|mGQMdAdTz|-C`N2d9`wXNd99oxuhPB%w^TAj2b zJjS)H&?A}WH0vrZHlOc_*&*2Wc?8jK9n;jz(85Xe%@U327`A6BM%_lkNJHbOO5DB} zJX)bR{)3F8z@R;6PtNAgPJ$je#e3|t6TJpmwk&MIhX(asi^*)?OV+1s^oxPyoYG4G zM`*pQgp0|SLF%O2`uRR|YNq2!MHSidEf&SG^*K~8*f#O?@y)|bIqb-!k4m!#O+d5E zqY0TWM5w2pc%`*s`(ZOmVi35@n#p{8&HSUd;Cna+BMuxr`*mDg+2CVN&OsuVuVX6Z zP>IoR)%i?os1R%Xx8Dq_h5CLZyvM|NE4S@PcM)DCqLl@e_>cE3?Id(Wx+o)H-dEVr z(1CdmZuLW_vnN@x`@ywajs5ZT-HZTu<1jCUe$>rJ&3-%9>o# zvTmW{_O^R{^^!1CD%Y%g<8HT%HlqV$r)N9SK0@QF1R?y_eO$jb96O1A>tTy%?)_`o z*=aI7t*yKu|CR7*jYmh2LULA5%v+ki8=eSsQlb2_1}KvmF^5+(Dza-krNfT)Seq*X zpS!~^me!~)j7D;m53%V!XB|ANQkQgFbX$C`m$@wk4_DzQ!IEBbW+~H zz545)#zTJBw7|-ZNo;U4V;{HZ2XChbyf&K`-uBH$mFtZoYX0kc6mP%Uha->s(tOZ$ z3E`y91LS_NLrf(%$GV%_+Eys`tt~4rKp21$2Mr5FFWcsO^|dw zXhduesBX22y2|6R<={i$b7IENw9$2gI$)R6fx@~WbdlzpHS^-?GoJG;y)nV(S@2g9 zQjhdWHsbW?B+Ix-(m9nmlM;I>Wv{C#KRUF2dlgz*cO zlJCBvf;+Vw)FbgOt9YGO$zXj|eX^&<7dXz0Z@x)YlA* zN@o7&)HqSU_HT@Q?Jr_5b;!i~D8}YVnaVKm6!;I7|5kFG(ITV&1=~@JVyHVvO4@vZ-| zbN#g10m^!_IDV&9EBWbH++jEJLwBB9gJYnY$vwhtWzbuk1bi-LvSz7U5+xihJ?B@50vFuB60K279|LFVK`5&NxFROe&rdw+VaBp)XSOo-rYUwVajv@^Jc00Hs z2JT1=56UJN{1j60hggp80QtXFT9mIi6yLN6DMY|wc|@_kkaCaDF~*e3A=G2D-YVR! zx*7@%{<+=vlEoCI^5cqUFDKNJFbrkUB5RUlY!9m}RHrQj1}eN*ndn}@|LR6VV{85r z0PsbxwiDEBo!jWNYw%YmyunFSNHRD;KTBo0f?B=RI3BR~Uc3BuUba>?R?>U{WT|k- zlW^S#2@(A3!qXm^NGX2sfS)?`XTL2*XIAdv<5>7sW)PC0e^9O(9-u0wd@EMyuX zV5v+}JUNlA!;u_(AUn8^mIpFzwL<*CmXmyTbE02KlP>Istj#MF%r-1;z~WjbUesPZ zZDqa8h^P3j1*E`eqD;!DGhbTatg}m<&uh(|Tl$R>*QBi%@?%pPQmpmYH3R0<|dLtN{2s>M1%b z4VcSfQX{(`C^QF_D0qScNY3=pD|muG?%a^n zv*UwZZzj3&QD}&$icsbnl6^>!ThE2!Sm6c@^+)tRjj`AOP$=0A^xv4@a&MtND;Hg z+&2$f&LZ1}{P$?jzR-x>%TRdmqi>7EwG|K}Pn-*^W~vrWurb|jZ|O*~Zc11pd6y?y zQ!eLr(C4Ze(60+FUA|TGNpwT7xr7|ZB6AAR}z5HNq==WnA#&;(%76M#jZB*3=$-9mEU^Fa-nsx%U5 zh5p3T7UAwJ;e^8=H79q-`K0$XhS#-j2uWpu?|pk2iP2^P@-FfTb}nePs6RN&CC=7+ zsmQOrTY*;{3Q?bW_4W}`yYLB0{dN@j_iIVOZgEzMqpuV9Xf%>Jn6L9qu+%80|O28#Mx>uu(o`P<~FF{s?p}kyJJn{2{CUO}RKz>_=O2`hu zC8_EY@=|I(bt0Tem3NZ-9|+`T9_02Dr1ABDi}%eZdO13!bz8x7tqG*BV1L`|IDW72 z`uHNx!C2LftyA~zW>P(h=|^R6UkAq}a9#EJ{4(hHE}M5L;DD&7yENTunj905!PI5( z6^n8jeXlc{Md0IAaEOqqXbQT6UH(7OQ?l-g$B(uuf{*^A?4EdOu;~&_H_QpLSBIMW zsLI5*6PV2nZwlgghKt5j81Lr;agNn)+xE2|`8RTlGvwz@??A`s6Prek ztCD1am#v*U4TSB7$jDV>`x&`A7D5cMKgR5IU&}vl!ws}8C_33V*f){J8Z8E>B`xKO z=o77BhJ*iH$6Fz-_!JghnMe>y_1CX2nj@h8+I0|3IP`bHQ$|(192tz{W{o*Zc`Q+e zJ=8%oe)()Y&bKjy4LDg__4+O6a-tf$ivg0id>{*|DC=@x^E_Yn^gQ3KcCVIK-{+v& zAJC_n;b-t*rIR%a_eh3hj_rvupE*745xKG7DvZh8@Or~?WJ21G_YjP#OgZSM{14PJ zZsgtj@uA9bWIue(-p-K$Z{gcbeI9IDg^9V+E?pITHl{ts5OtU~dZCY!1VNaDG(iIO z-%Sh^7l@3oc4ROYwh?=efb$Y})G8w1e{vtOKb2cF{lep{SgRoVG1vDDP%JU&$#Woj zr~hk?IjCI=d1|=~Zt&UZFB?5WF%TP)&_e|#aD zd$#Op<#{;#mVM?dbhX2`a%OqUbx(tBb~+D&oManqpeeIpC<`}s#;WJ6cKrFWXzKn6 zrZncNl2ih&zX-_&>#y}Wh74J?^5Ei-b`}D5m#)&y)yP*1XuI&~3iEMmDFHveH#J*~ zsb`LViN0C}n!{-Ey@2eImowvV{6(OyePhO^y4y_~#jDy<7bcoE@wp`r96q%TL5v-7 ze%CpC;A)?6(#HM|C}r+TWxQQ8I|a-JM$hcd;C>v>uWh69zmfItjlN?2#(M=7fqz=h zY=egt#!A=AD`!~|?0l&2{V!>G;+DG*-XEJbdXZGITvzqicuW+9^~0+awuClBqO0ygBo9z{q~EEIy1q%wy&!?Yk6*?vO?y>hV(_@C}e_q=9qnWR!bm0^DWvy|+a zB)?O2kvx=iIAu&}wxrlH4mdE#0|VWG>xi6_4{O!|S<^0kCX#Qxtho5LHvAbARu7;G ztOkv~3nFz8%<#qCTp3@ML-5(kjUr|2acVsMadR1N*AkOoj;Hf2OFOaXUAphvR$s_3 zjLp%noh7YE!G7uO53iNE2hjcSDAYQc^csaJYu}ukEis{3Jo#X#2)AvT1_PGaV*TM{ zmQ-rCe}8ol>dolkZ&>uwJy}MS3A|I+QNN7roc{H*FC@^N9On6}clAcI9*Qe#rZ>0; z7#NhD4)t^vA>Fc3EH2QM&~8*)U`dEkZR~!}!>|W~#7p#8HJ?C2sA8mB%zs)Q6?|;z z!S(djdCN{hIaj@GORM#Mp{TbTFjUHpVf*Xq>1yvudOVBJb;X5I7m zRM7l~pU80Y8V>fT=$C>@qIkSQ^l2od*`BFvO*hzh!M^1%G_wrVXk=cqfA6wjFCx_2JG-o6s^6~B%X zQ}`-Fih3)JyH6Y~=&(98Yq1XHt|r0({f<#gQ=>xs51#4LFE-zErp&k##Zl({a@4IMrxYqDTmp33yV*)h1wN!s(Jw(WHO);w#_7a;zA)F-el7h;Hh<6ujyG$KC*jY_$_|s zqcdy%JP+G01ShW>xR`ALRpjVaBYR+K1Q!w3!h~GiC+7Fvo(v&rxm88RMmzIpPE}(@ zto5uB)I}%~U2>bqe$rL0S++ISZq|{W-umSh-+XQ#7u{J^w?v|I>nNnJY}xayXVE#<;U;@sxJp1@$9b>g z=Ha@eSd~aU z^VbeFiO0Rx<;taMWw~=|z8E2TY=pi~-W$e7st z_`Zhcec6_8ItwS!Vk=7y^a=RyPUmQZ)5isT9)7Q9x}G-D@?F!@`1dx)YBr}oP4>Wi zvR)}cO8Y9!*c~oCQD`8XZo49EWcn_@h^EGAKlOdvzp7=e2b8ukh7g8fhE+BG#FhfQ zG{|z=^u}m97yZ{msvK3!(qB*2){_Dpzl*w)bN~ zEG8eu7X!u83iAv)8ytqN6|pxw%= zN3tlx!m;ldGFSpL9n8vdHTMZ%3gc+cmO4=bf&nF9uL)Nblq*eIS~sE8Uav z?hsv99T5=@YxJPUm7{JWwHdYf#9;1X5>m;!>h`X>{Sh{(yM4~!EDY%bmw;8!#Kfg% z8frP_%bRoNeUN&kI#b!HowA(B=4w4NLF+c7ejh{@Q-Xb)j`gm9(|jkRYxyBkl==hp zUN#Av3Yj~_NF`T|#Nh?c+OpF*>i^^p*r(ZG{zZ9O4_7`}=T7T(Q~?#RMmTSSlDyYV z&jQ(ukWY-v84ZXTAc>eEH4&TH{Si?yafoBVXB;}}u$lA^8z-~%)7OvMOV`0SkEVrd zD(QkggEKS`WQ6+e4?0EbU{^2fkciHup2Vn zq6SRs5#AT-Q5<~9?GV_w{XR+4%yRhc)sM)H2*V#x@V=$sbl5z0CRO?mgRqK40x>%> zCFAyJ3sWZ)$l?D4&kGa`PmqonL&w^c%_z^v=Tf4f0Dt4(QX&YLlb80!D3*d&NQ)hk zRYZ=!qj1AQb2+~YA1cX-q)uSu{Ykcp*fRyC22hW|7R8v_tBHk8UUFCE6e$dZhjP%- zTfp+YJ``KL%!B1KHV3~I0<;g6^k#aJxDh~Et^)|i_9#^dsQsQ?dYW%>2N z_2e}t0_Tkt_)tQbe+N=;2C6ew(>{2htygG8;5zIVML_WK@C>f&A$^E#`%(;$3qkp> zTmevo1ilbaGX_gsHS(1quFinX77okQygQsm3ZNY5j=CGfm|PYL;Qr3}&qV={{92A3 zh@-$ZB}v(jvy24XT#i@4*xB0$ z{V%@8-b^B$q%#p0tJ5-WO(QMNHXG!wcig`zdAK$ip*+Rc{`!udMTLS^gthBAi_b- zi;ds!7q4ce;qseN4VOCTbuGl_lSnJK@9&7JXuk1ke12zF7}b+V#6yI{3w5A(Ta2g4 z6uEdLIK~kBhRQxgyeeTE!PoW<6h|;ba8t;wGwo!A^v4eY$zhmHS<9tKV_FNSdb?rp zI)}WmI4}varMeOVzsS4AJ*oz0=5obw{S&n`9;xHf-Vgy;uP9{2KqbNRm=)Jjp_!bV z9EV@!cv2@?bN}cSkG;w-_Ov-U*t8#}K8l6rV|m2rbV#COaHs=x*z9ofkauonw|EIx zI?M0yDj!DH_3S#N^WC?dpml5RxlUhbY(~}NwMSk81y$*P1Nvlhsp`QWs#Oum$ja*k zJS`G3m5%Kevl=*x?<6FP9B;`2|{BBS@7u* z_mI-M-=uSWM7#5941QWKH4i?qiN$_+Sa3VdDXCuE%eg!_Cj4VDoE5-#%L16w#)UG$ zHR?w&vM33FzE`5#^`O>B0%`OY+SWPrZ|1@^DMPMzZZ`KM>h_}yaZTkkE}uQmIU%}nHL+eWsm~W;8S8kY)lJMjo6{unZ}6LQF0s_D=K;oqFhLZ;#F08FIC7%5$3frXyQPE?xz+zYef<7atD$%r|#?d9o+6)NA!;1Ust4I5+_M!+Z8$Q`ykWxqlRje-2fm=PTX68l}hqYL;%%P1CO?` zskxwdKrtMm4kEA*>J=DVslZfrk8IsXv$lxJ27DaBHPjP*D2#}VX9POWVZWc``1IEE zsZEIx&M%yZcHcff)syYh`OsKuMkP}w!!kJAa8^6~!`;71{<9RO;sSZKOWfTdpD%9= z&P`lba@o_UEQ7-ZT1lG|b^e!+9Du7){(4B$uaVrbR%N9kHN|SE7E#U351%YJKbAit z?4U~|>&!Cw*@>ZH`N&=3?#I(alu^;4hpLI*_vb-~)&@aoY1Sm-;$MZ8LCDB2ylZQ- zyBt=*%*oHaJ8`+%2Qe@%MG&3dM3lTaTXV)t>Z$n#eR(t=PICf7J@G z?!F}P=3Hp85E2XFG99k8u&ir(_5d{=Mx?#Q*{z^CLeAzK|bvT=E z<>GF7%w?MO-nLC~TIB6E>#gbjO!hY$v3kRNz`>py+o%1|n9u55^2Oyy;A}d0CnQ{H zz)E6VbvC02w0Y30Lk;(etr@?eXN?5A!p~3NK8MuULv^7`Ly1|}xDLJt9xJhco3jQZ z%hBhS#L8(&qPDZ&6dnXb+#YZD?5lVo{cw4Ln(le`@*+`>-x{xXIUei29o%8Zj?b(W zR_o>7@r;S4B?R2Jj@;VF83>|0y~;GByzuq>?BRZUhV4-K3~A%HJvVYDC|7REOgI

    )bb;Vv zSE=U-BSmtD;_TUSw)|Ypz>@qb!|)iz5G zHpSPo$S3*RDkn!GhTHxtqKnXDf!xRso{gIyPisE?dR#(TFpA>8&O2vGtHl0lUzeGR zy|qVM%lur>l^Bbv?vcfP*wgfO@{W*XL@3^a-OWY(y>teh(>_Ly)b{C3GTT#G%k(A3 z8my{8`gY3#b^H9J1+lF8i8XEp(=NDGms3yPhVvSH8VYMB!#bFlgWsq#{0KLW#!y$~ z5VvL{gG}s(&ju)V5!K<$aT4z0{v+8?3FDAz#Hu1n5pLLj6{a0U^}@!Z&23>W$dN=Y z@vIGR!g8Q8(3?)A=P&}Mal*&*tpZhHMdLoxvQh3A5;H=ddLg}gAGRgLa=|l_mAD!o zj46(8iM#9f#nSJ=BW8z3`;Z934DRQ*Zd&J16P1b=6Ih;YJ3_A0G<3;s7O~L4&*O%M za@f$|f|I+&T?$)N=wd7byF)Z+Y-imEDIp8I2}#L_v|XRXIPQwRxLVFz>0{PkqzK}F zCCTWnij$GWfZ*c1rG2Sf*i#i;8NX18TsVRwd9C5Y=?{dKcbmzdT+g{rgLw7 zKva8ieVN?69&}e-^KL1(e?Ci$@))nf_(WFyAqDi3BuuhmTwpYaa zp`uSQV+^_rqDz4{v)Eb+usd2R-ATa09q|(Q!5%N3sahnCB31s76+W+hq}BbqwYJvo zC{>7TaWV=MITrU_j! zTGa#JXZSv$tHkmLIO&{M!=Dv`dyevREeL3Ot@So1O(#NCW3E`%Q3dMMo2XLDsKbKG z2JaS)xE)yEo+xR~Y)-#~jSyv>kLsM9*w=GCHJcKDa=Sg-&)43L5q~ypcm4II5ELg^ zgwut?Eq?onKm;+BsGySwRdP{CSYT2LL`jlsj|J_VDcp$^ct}@ghM}cVQwXJ%TKi?L zwC?w{6QH3S-ZZyg;s?YQw>p$tQ|r;Cg=A2??rA}E7m-s|_2uQ&MHNdTQ~l4pT$iYi z9F|42CI4BOXs=0`-1qSfML$xkl>xK%E@#D`8UYP!+_&dZR8~yAw}y00*dkaci~8h- zA+>BCF#|TgT=Ext{psl!M}9t`C*su(gNUQoX=F}kRWP@mbXVT$C=|}Tp6;sIsr+}M3oaw_C-!~5^9)uFV5PY@!2S>haU4iVAUuV zaaS7g_*jzltF|E4@#akShZFm3R8Wa>*mu&KDCCN|s0xEN*ePjlqR z+o1`7y?q~TPy(q|UaFXNq#-V z>*>hV>!ECm9ruq}%k#48p4w-1jHV@ooGyA=APV4K^@;a_Aay349CK$S$u)c)Q4aBr zojkHQNjXbg^c9DW`aX_;21a+)$EHq?V$1Jf1_X9SB3_fLSph`$@ki!CQk@;u;l*6= zxQ!?YA{|=L#&OttKgjtDp5bOv3IN@2Y~Oqi)$K8$LTO0qOI#JL40@8Vtc-vD{7_it zT0b)ftYSE4E{|^E?3J02Zfd%IZNW5b3iod1?KU?`u95t@&;(o~s-Vw+4a#`1m99ZL z9^defs$1jdv#BhcV~N>s2KBr(?AUad`@ww9^P2+YU_VP<=zo-n9996YbRKCheTsYLbW8*?wXrrGob2bYAy!PY{1 z{H2m_%g|!|G3BC?vHiGa9J{7vm#?iH0&cE@BIzxn^JzzPxToIgkwYUZjUAgvVyVry zKRcNCZ;wZj*gqO!VZqj{uft1-S`b9dJ)WPdWeHtkx+UQ(Y4kT#?HjXE6^)wzcMuyI zac(BLLAC_keWa;kwM50_w=9zWSPF3xK9b;0+-8`G09=w%Lgt7Gl)p}AjH7IViATp2 zj8cXjhVGGo<}t-J ze3~IIEC-HG{j=x%t<-SOjiw8OvYq=XuHQ2cEv@V|14F9P>lr2vmPMQ-|EKVrgyY#p zCt%bb)je?%AOb;3qr2723)6TMycEm82g4%Xows`<% zwa^1J@PIAwn#Tw>^1B~fpe3<69f3Sd6otL$=6$3&V+4>R1+w##xcO9)L)*B+<*bw} z6aWEXd@Klxf0&(J1;W^+?fWzsv$Ge$QRyJU$LNS3cxAVK8*85ATD zkZ~r)QeO+da|w%L{rdcGrJ*XnOkCQ`X22^AEedDXK@=b`P>$oFP|t}E;9T`-h2ICY z;_|S|*eLEI7WC_@cF9iLe*aFp+bAGW{lev8+SMVT9@l@_8M5KH4?_(VB3Sm${2SoN ze3&?n!Ex2(eHgrGl`AY}t8pFoqX*A7b`A*WzI><*K2*VL(pDK2I zkY+u)b>vhE&UU&-%bL`kk=%Ht90)35uB>-EmaBaIwkAUSO!BUWFSbhw-j^#OrGfrX z4sIwGO${I#PDLk`hv6)7KbqJ7f9OVXS^t=vy5axm#)1k-QGPC$)`-3iJxS?W$Esg! z!puo2D4eS0LnF6YfoQL6r7=)!IZg+BHI(6rJv%FnGSX{r;~LN9yAR$2eeQcj6;0Q= zm3IGg%a)qZlwthNp#`Aqs0V^kp~5bLR8yY(NT|QuP(!-xLKrw?1$Ojk+(MKz{FVct z7#ll87U}!OTd$G3K{Uw3q0K@vkE>JAkB03jFL7&kH?*)-3IohIx=5VdukLPvYIJGx z|Gzi?lBxEbn)eVWAXk8CijAb{K86DRH!E0#OHCUf>{-!G;A2KhSIv8k_4PC1g+_I6 zw$9Lp-p;e}*a@RU)*0kM}^rB#Ajk4j+lR03=d;ix$@ewDW!ga zHT8N`Yq282^$HSTo91V`2Ul^Uzma7VnP(FzW^WkB#sj4V5Fs5M2Eo+^%r%p+EH(04 zFiC+ZDrnQ3WB`Q)a@E6byrtr!rG9?SzliPjLiLslz<+q$JIs&1mp>6KeK2SDc3`{e z4jCcRCP0`Nsu8aiF~2WwsDq32a`IV8uN$sCSvUUCo6`%8ed?tqf98h%$v;$~IvRFB z11dS6+jee*CLXHv{?B`&YA0k7jhkF10;X{_w1I6uQ4aCusrAYfbx~1ImV?7cq%pAz zw*NZaWE$1v!(o3FQ|wU#qIZCDbg0saU}1%{WF0~-zO8=U<0_{!YZB zt>(KB$?^ix!H9Se;q1)Pai>dlY!jlL|K*$xy_$VjUqpq5Ht}J*ffKSwLq?mfy}Mb6 ztZsF5LWr&-G%wb6A!E^L+$351_5jgtzFSG8Ti=_<_mC!&@jZjdMGBSvPOk?jG^`lc z6WUjFme)AnPp7kzs7O*~t4V$o&RGNGbPv9lG_q0!34UT!kja7nHbPCRK)r1wRZcR8Rnws~2EByBVLvI#{faiAJruxsEra0`9hM#Q5=Nvkpzz zmKEL(fp*PdhERDT6QDjE84SJR0sEf2q1JcwA0WJq(-9AvnKTN?F9buO)qh4Y1z-(i z@2L*!#FxQx{hF%z?5-VbgjHK-D5WAkd!6OIacA`zPa8Ml+kePD@1trS7XbI@v{x}Lrw&1)GGrvL5q#M z8(ly@G_t}HQ}PfP`=HQ7J?crvyd0wr0o7- zAA^RhTn&IF^pcmuh0v=1_l z8j}$vtp}?1pN6M}sibiMP>zm!TY0`Hq8wQ*!cARTlGMSByY~>rvp>i~@sg-DmN0&P ze-OvfeL%s1S=Ul@RYsU|9_EGla^NK~AYaXoKs4 zo+z*Fk=VX6!x>^LfiSkik1}?BbYs$tRWVfSYY@gDo^&Qn18of~q8cgv^lZik$<1;pJWpoD}B}%Fu1|uk=_Ss!j+DkQvjl#WEHEQgsPQ$1E;Q&pAhD+0^`SLryKo{VA>0P zNK*}-g(umKvt#0m5ywlXni35PzC+;N!8U6y;;^+a7Qm)SM!$`Vbx#V z>%Dx%NgDzg&5DGw>c3|LF1>qyeGh8v8h>J$yftK+Iz`i&&paJxM0fD$qP=}pFqMJr zxTk-6&Fv^sCmcYMAe#^)j?kM4odTe`k`8FQ(!J3sT}kd3d$%ZjAQ|{{DtYYr&axL< z6c+BdpTlzO`TWb;j@Dg%ecYxK^=Iw^F#7r|B;knv@l`_Zb*G9xnt5KWp%Wjl@9tRo z{0v)uEaUgqLqk`YGtQ{V)0L4e*c7S35o%t{%Gq9Ifc)c5YT>5GpTH-We zvk=MT&Z-656w^kp@LC{s*OFz13Yg9A6nOy@0(6Yc#mu@}^i%>_;!G1_zpII1^(zJz zLY{fBqX&w;gc<(lEc_MbvR@AltIx|iKc=4wV~Gu?yUAM;`_9-mUX0cPn*yoW)w6}UI;oy%BvI9 z|C3heS#I}ny`A8cotAdElmD17A`ID$$0X5;Nx;w-?+Ah!*P$;YP8enD=v1DJ=!wF= zsZdoTR?Mx_-*Xq?1t)$Ou+0N1B6-e-%@ZBRu ziC5cRd13o-GjX0pM~Ke~+7DO*6YWrLVdC;_OCoMaBn3~4HYbCa*qu&Vdg1~^=c)p+ zkkmCN^Pz%mi=jL??Yb2kH^hvDydiO>lD zbt|KxYgol@SxbpfEau5?l$&TANyot$$07W9&RMxKB(xbY+%w~lZ4|K7cL zz_sV0{7w9>HBpKkZXA+-2;FUF!6D9;QUqw$)lBY)x7;6~h}I>^m0VXtET%I@&S2sb z2W1}nWtVEG*-Y-A^t8(?I_7^a}860qOA5FoNi@*09mosOHB*b@pg#e2=8>!laT_kwsFM%(rUs-UW`+m>XqA?Mk@_3LP~iK!?TC6)Ti!HDV~(ksKY zq1^hoMg=o@%-xGnJjoh4%`Fus5CMlak4hmHXG%_E;*0|gK!b)7=E9Pq`bWteRHRCL z+sJ3%L%$Gb?5OA^wT_`Xbu3{j9Q~*^JBzCI2FlX)|E_Foe1&vyLLI6zwbtj~ zae~ToQUp<8-()vr2#NqF5Fi5(xQT>42g&36sylEmC0rX_s!^3X9X9sQ^evq)eC(WW z_!IM-V~~i9p7lwj`rzWSkbV|xYsn_R8}2u@UCXb%oO4<#w~g(1EFRX?8K?X#_0&t5 z&>+7RmM(+DS6No{2FFNc@aDnzI^)UyqsluY`DEuL>y%|3bPHcRaho}e2x&mutY;Y@ zo9wU{nb!;R;_bAY0}z1wkpH1}mybM)EI z>f{X-?U94TiM8CrX{3>7#*?_l)Lh@)QC{vId)W#`fA=j51+;6U!^z+B}6c9x^$x3o%b3)laIxf;nm&FM7 z<}(behq4%1%3skqxxkg@^=d{&91Q@4FmL$HjM z6qTS!RH$=*6g2AD?}R`Zk6gCVec2hzEBKc@xGF0vxRqB|0)kojp$bW3xk2@Kf)~W~ z3`OGcDu==Gcfh=x=_-oFgr{-|nV3CsP1VzgAm7u9 zJtF^?v*OB>c~`Q_JK>M4TQLr3Ui0V~b}cKTNLB|z+dof`^2S#x(xw)~2Gh6C#RA>I z#`I{X4Gpf2gb>_#akUfOsG<;P-hBCU_Xlc)*u{wlgPMOP!y~wB3OJwh!Bd!7H@+Ue zHRb6;>In$4lw>>=MZ0_SGE5BN5y+7iiFEQ%VWhgX@MRbmLucGfXu4Nka-^f3I}OuE z+u+*dSJuC<`0vQFWk-*;+ts8B|DkG7KC zl-RPpX>tHCduq*0P+2Yq&*DH+;OWwl@3@K3F#m(_Y#ht?XD&)>*%%19yb9 zvBd?Ect~BA+vwREb)5%CI0hlx=gmMm)zw#qCv(uISKyDLmO8QZN=Fh-AfM_r0wG=2B zv-Aq^Gmm_zyjL43_h@M-@L!VVv&zlgwbM&SJ$(7{G3t9kw<(Gz0j$-W3(#m2opdtq zb@N>Z0+CJC!f5l8LAXAo)(jS))l%VJ7b}y2M&eH*oA&X8;zIzY&KEZ%BX5bzvSks3 z?pw_S_EZ$vnKhOsLxIheNAHp5{S)!~z0CX4v1G=*8k~f8po$GIe*XQcJ>7;!;ve^3 zR~2V=Yc+rJzizS_eLRdCXID>M{zdzCGu{X!lZ?E+c6wI=?by#cvo$Oo0q|!_j6izS z2b*l2#mBbuw7$+UWYfu4Rq{bT&w1}l^)6o1XlBhY`ys# zs%(Akd~b71`Qgv^u5Ni$9-`8ku$4N)p&y8b0RBg*jZ#|5kf~FWu&q-{LqX6%4LMO* z)=J~4kt!E}-ntoUJbKFz%A8+L#;=T7zs4bN! zXB6-e#F-~ub448Nt(hr&`u+WXK|=%inA3FlHm9PvswIhpmf75T3Actw63cc|Sl4hm zqqy}1zP1~kCpP^&keg@vS+2HKD~~_#0fCa^q4_WhsXap5cv1>#NrOah-H240C<`QJ zWloN2qF73+$wwr?zsp1q!y^!sM@F)9-Xf1H-GZnJX6!niSH)*SL|XXV1;no%=Ersb zq!t&%mxOJk6Q{l}Q!d16?6TCx5>KtV`R{;#T=F%(Zp@j~m%Nrr-w-9`-4gh1JCbKm zU=Bm#p_Y7}6Z=3cy`1-dgu`gAdLu8d{sOi#36>1vg|Gf2qcI=nuKz9jc9y$4p^I;!8LB0@wg0&svBbQIy(m?8|9 zQQX}6#k255;&vm&sefj~9XvgJW(Mrn6BAd` zq0}?|%iQXpckHAw=(A@|ZI6V6)9r(w(TDC7x}@JEp|fc6?j#;1NogcjlYv8-QFW`MYbEcwd7N166z_@LbtY zPJG7ww=*G?%}!Kzlg_m}hw|!YQf9Su-_lmU-&wacNIqdG!?0}Z%Piu36uZ9&5N^iX zTH`51D0D_B`Ud9ESOi7Sd`OMnO>F_vWG z)Sem&L?82d@myRP07nK+DR!!qElx9Csx~pFPn*YSFbOCodfLWz*1e9vdh?9*`5=8O>}j=w@k>%HCEb+@^fD0Ei6)XGsw$bDFNX*3& z#_^bY5uhmAU4fVN>VB<$4WLf`_lU;(mSOZ{s2#kY-v4C8a&EDNtbAtHA&mNi?jQC( zINwWA8)P+c#A}8QkxZUOdB9qIim#Dj0cRwHo&ic?5Rv+4I3%PIy!d~UQ!=7uyy;mC zlP)d>lzFAwR_Y>5LYEVRzt!CjsT)!x9~5>>UY0U` zT5w$2E;D(~_S6oQ>ads_7aTZP{K4>Jk{il$FL&R_Bl0u{5sDOb!{9(4zNW-8-FV0S z>ZUBs-q(rw)GLW4#`ag8Lt`OT6$vw{O2B#IA4%T*IAaC77WclS7oDEuS^Rt4^{t;m zBA5IRdd>bkVZ^Emv_TmWAwb5h7BC=9V{?&KS^@lqo_Mg>M^aB-g43KYsSTrmxwNmV zEBdYXnYW0aw!BQ3`5GEaiuLb9Q$|#zob1}jmzRR(T0HvSp?q>=eP%82KreK?pFF8A z`R;Sf;ge+TP~>`aVv2hNp#_6aOddee^IzqA%#$Ujf0f<*``NwbuqC?Y-i{%}=H}c4Tt_fS0J=V$q~-zIyJw z9xnECVl9JhTQT&$e`PGKjjU#?k{<^S5Ozyb<)~^SGSRO1X#T%E=hiEq(~*ul!L$hz znS-q0u~IsG>x&rQc+PQA&roj_?}0H!zk7G6-uLO)!jHpw%#=R;Wu!7@yUC$O+%=L# z|EMBe#n+;M8H$-IhE?c2mGOr1El=VOlK5J3{ChTQ!IFVi;jp8<&pLy|*0@a@>l~zG z8soa$a+8;!xu@vc=?gzGqZ2#HIzCJ4QvpMO_QXlklSbQbx+-_wSusyXl{7pIh&b9BB2W(6MX%ti`3Pl7o1Iet#!p?Jo)KE%#U(Ofhvi5 zl^*AXnDf*}A-S(ff(KgJaSd``A#t;L2(g4+umBwYj{H~!;A+=av9c7jwwpn7=)y+u zC6iUD#V?A0#V zC(rdI%;)<}JzEaoGqLgRzS2gk>0E5OfsT%4tLGwkK0PFXvGDIpo>0^cJ0x<8ceD2^ z^jgR=KTvDM(oZvV(~a46GXHzkOYc88x6vtIb@K<9itn<#*TJT`5@qy;3;L*e)19Y^ zOrYsJRF~+ukwUJT62pYx6*pk~m3UkY2NNp76t`CytCIWQ=89D+J?z@l)|P@Yi;HOH zbP(SpfUQt;`3otreHX-|&x9BUPZ!!I>JRt%%^}&@W9gKa?XDk@9>psIriyM+R2@Sa zn4-U|@%nTWb=*?9cDB^mxfmyfu&+3{TK}-3gLGOT01TV7z5CC_#gE^~Eb<$Xom_*~ zw9zlVXIboUCG270pXD|+tQgwBkPpsCY)4`guG9*-MS0am_POD(ub$jJQ~9L4jaudm zY1uQDbL>WzUQY1b5xPDIe&ziCO0TdZ;ypSnp)fv z3(#))jAiQ5M)iqs3hbccmp|sYnSV@7U#lf`r;zWH>ewGuo03#^D7NleXH&?0iDOF_ z_*u(#M@kvtp%PS+P9f&C8B^fOjs{`P{qcQLES;1RiCpvxCxkh7?|Uq%|8op5DpKHM zAYYpcN{1;bo7O?h1%ux_n~;~Io?-u;VN@1Y6ktxGRFcX&2gjJQjXnbr>Ikw?Y`ms> zdS<(YoJ#g_CtS`yY(e*x(nw>W-oquByxB_9HQ||(f8WbmT~x(<*Xms&zrpaGe9*Og zA)6-(WR2P2`w*A*2%fDEG2-OcGigTDvY|srki$aLxTLFabj$XCJ=qtClI4p{r;`?N zv=u@oF&c% z6Fy}ye06oc@G!M{cvQreXzBl@U>7D6SB_Z&Tw;R((6m(YO`ZC{(&kp4xk6)*dN0F7 zg;H6;C{JT9%y`8L5lm4AwQmu^9f?Wf18SHSCgS~Q0J857 z%lL2hB>CS(uGsgS#>-gr0!~EqRCP4Pb;Lj5NO>MoMiwge;8J^i=hcA$o&Q{Yn#SU4 zKe_LRUUOrT3uQX-ppDtH`KjTBpyD3?I5YcTrEqDX&4cb`2 zjhMjte%0riSac_xm!4s#gyPlh;NzG9ds@C7_B4dW*A|8AqG`f9InDH0byuR!Lm7#} zaD*mhyrp~q0I_1<`1{viCm>#dQs!}e?!?zt4}T;zM+U85^g+E3+#>I>?|El#Z|*4i zQ1MaB7TGCyqz!j&!!lq`KNTCF3cYN20;<-jFj`D7l8$Ow6aOpQulcJ(D+H>kqB&Wt z?2MjY{;SgvLI~QQ7|u5{WNgUYOuM|EFP?=*GL1<5S5|hKSae*hNoagx*YDpm)*qmS zkCMWy^vJMWCGq!g+qQn*Xwt!uOV0XJET{rHY(x5~^Tw-PO*M>$CKfB- zO9LmVNWKa=BK%WW;Hy8%a4nAJ^~OI|eW-A=v32lhtB&0wauXUs*05!E@8=DuuQr5w z0T*H>_o2}Q{sgFQJ>Py>F`r{(*5r;?)(e@T=>NkF-M8+Og1*HbAEp>M)<-=PGtej{ zve6M}hLQ&drf&&#AC@7J?PlU@k^}!faVIGMt4rSu1-O)p4&Jm(ZDFoPi_`K{F+d9m zfF685xw7Wsy*RvGbD7YI9eP1)I66ey;fy%=2%W~z3BH{V4z|FDX=0%@(vgP{G>jdE z|N7D8VB$XhvRp@Mt~4=JQ3OyM5aRnrT^B>=pzzlMTnH=e&@byX03;i5zq<@rH4t8oe+OMnxruxi~iYa1a$-5 zXKAIyDH0=EWxN8Z7ar2Vu4+k&bHCh4u)C z;QTN#Q0Q0v`b=|9Vk<6w8BRei1<;;qxvaTXcRhW!c&s^-9eEkY&tI`#%0kCy-MrrYQ_tQ%)DPDqG_0oCSsITXC)BHj9(ua zYrwZzUjRA9zK8Q#SSTf-fkwL55IO`@A5&1zO!_4Vt;Hv65QAll&V%INKK&JMgtrbn zNWlBNx&&9s0=`5AXKylT!;b`d)ny{!dJbp=GE~89>V26hWcU*>{r}i|%cwenrEQcz zkl-!}5-hj}2%bO)?(PnOjfS8>gS%@21QHxJ?(QzZHtw)-cfCV$PIBJ&J@>Bj-SyqI zz908bt*P#(s=KOtre|7eF7aYCRYOG$GK~Dyr18ZBnLu}jK?Zz-a^g{V^8G^*`K?3d z;cHwdOvpHYiwRc1d$F{MjH5=dhsU8}uxxRG9q#dl3Bk!OZlC+SNkrChpW1V@dztIo z0z9U2g&W%vPs52+*u>8#Q^;+b(U`v*GMtp|iCwmlQ1Owe6D08KPLE~$`;YYjN8@M)Lm{fqj(2r@n0Mvu!U z8ogJMCz(4>!B%u)qny~k{Ng}Ym+T~U8GnjGl&8g&P&O5sC4qnK?NZ`s#Koja!qFgy zBJ}m}+#HEcuJvV(c&b|LkIm3{a+Kbrv_t}sF_!wbKf7)S^685MWeL=)Yi(I3a(PkI z+N?{^wS1l0)MHnc9qk%DZto~75ts~7AhZP_+uB)Jk`cFNY2By6xBU8@oXf+C?d8l{ z8Y$7;Mb!!MY-y`*oY5J9dAvP7IkHhFW>KP2-hb~Y%Di|AULC2Wt=5KjS(5bHXnqM? z=vceL6#ZBzk;erQnqESK9!V_FrW@yQCeo1hR!;uy$G20A z-w)UDj_yjkIVb}7DFdT5RM(#5_WhtB&nME0|M-r!?}k=7n5w(D!aU0Cuc?qM`k_GC z1T(_*5QXuw?~F$;;a-Qk10Qh zv$DtIiK=J$n!M>IkXDbJ#gN2?NF>F+=?xw>Hf`Mh#Kl4w@))k;_dZ*ccX9e}v!z(I zb*c&amC-sWi}(u?f!LO>MKQR?%1udOJlzY|1FpBPPaT<>dEr#xP!uG4K|asRmP{obc~}ppt39mN8mE zILKT;&KyAqQ~HA#4O)7^WsG{^-cabMm$?hcP4XX6BCz1`4dKetQ+35UOtfg0wEwBb z>P2b(D*5gdjE&bFfV3R_MzP?{>+w`g9}@aLn!qjf@A`cEv{y?6>Nb4?3b7^IB3j0N zQXj*#UQ&QHO2LPlPqBXAGM#dR+Og+DD~htbM5Oc7;$@vL;{TSf}pKQ}L1P!2`x#z(B+G8Dcb>9}vzPdzZNdUvfs+XMgPx$$|Z{@zFaBut!8X4pRNJk)#(NZKlE}PQLJ&xIVLs z(d3}j!ljEtADT0Hjz7mp=`2ZAK&rSa*t{(CeZm2~LTv7}?#x+@Qw0gO3Dl~E_b!ub zcENd00Gi{|Pcnl49&1y4)dX3!Eji}=r>Mq`a}1|(ZRH$dr#Sw2B&c*@S9*Vq%%m;% zqcIkmXg2lRV8+^v?hJ-t;#!I(@sQ^zL_He)DL2HjdS%a_zlp`gLQ@y)E74&K0VDl+ zhV|p*foXYl)K+&|2XT}{MZx|yniLm~=a8dH3+qW!xXpD=)f^4b=NBT5=6e>4pFZF##BBT9`RTpX83BeB zV0oG#|2t3ZElK}Ps3}qHtyPo=Ffjvq=YkF8Xe^adHK8&tc%eax@c2WRi5+S#YLu^0 zlqkC2-{;Fl9x*+y4*J?oYvXXXMY=XxQRUj*-QIA}i<4I_mx@;Y6aiwk*jM{j_6qN! zDs;R$hI+pgcJH6ee$qJ1>=p7|4k4J=+_PDAkFxY5bG)5Em_$tb_IgE!IXWij^LsUs zd$Y88?G&K{hPMXX->^Ik_L7k9rdr>1>uUw>I~d%vA}MeelJF!OYNXX;rAy16P)(rA*-pW(_uN`AR?)$dw>A)>bpZA6yK+x=T*_oA7jTw}An%d)T|($-i8$9>7l;5ziQ z(zV3k)WFHtr=)BTrO0Upj*OA8-NGfA;64{Odov$aFHZ&bSw-Mtm(d|gRj6)a@RL*@ zrUFl62ER75x3Ym3MUHqEXQEoQSq&KmuJbk7*~S_Q@S<-_sW;HzUa6YGQ)3GDr~?P! z{2x_vg0`hew zjUO3*hC(AQ`OJ*NO+^JW0!OaIJRAp3w>a)n-%n{uHRHkM%jE)9j9j)zpBC`HRX5BO zhz`qZ36>uY*0z0@I+M9unWdb67PwuvrnXXPrzh<(r68_H-*tVkwFWYv2o%tpEMx=s zzHhbrg70ZnyNCOGUa0+?7K>i0En=$~qxa9+WSdD)V9`Oj{HFjpB=%wgP@)+hFjE^5UiLZ`i z3wbWwPF`RawKznX>wzoBNt^~Sbc8>OuDG&Y@W{Jmjb}U!_jOjnk{Bnk@MdW{k{m1R zsd++i@x(E1hK2upe$V$2#Vqd66O^WI^bhS39zE>O25cRs((0K_f;*gIMH5Nu^a5Hon` zmC;O*qK&)8>gpbQx0|Gq682nL01x|z7!kQI0TR(a$hmds#ouDm(Dl%3#_$LC(GKRb zqG91lTmBsVYj=&r_-JSLwmD#Tjd@<`#P|W)IV;%jTSeH<$4lyUbmRlbOXD|)_g)2; z5w`AqyfRPC@O=Ap+t}zjk@0WyLB;s0iC_;=#D_220$X8)Aw+QSD-qMxzQXma6HRrZ zm4mk;?G#~QBqNjMrcY!(N5&dFjVbP?>oHT2FjZK03K;1&tP(f+Ghfjeq7&EInJr}m zREXeO*}Nd%;FIBG>aBIU^<1S!$kY8rAML7M&dJtSvjyjPHGSs+pF}BGkf$o1ksO^* zBD#T8bgGq(4-+8JeLdUxITt1)LQMaRb|`)xCjBj2l)qlA1if@MA-_p9=ozym+g zl&xAl<&>v#YT3U|RTMg>2{8>pJ3!B_e6;LiyKEEJhe6vQEp zqmMbCGM1`Atkj)e0e$rMG64p^;>FedPxNe2!F(fs0{KtLl8cKzzOgD)*&f25Uj;2K z!VL;wJ}vGx`|I47-+IkfM%T)KRn?cQDuTe#;QXBa+r{FQaPupc!>Up<^1JymP{>hV z2ERjC&oYvdf6pREX=X^;#*9)|124xv&H^7LN&q9yD45R^YeM1+EX)Wf-!!yX?(KnW zeh8e8S)Yt4*0XOf*t{_6n$T1}MPS4^4Fx=h)4*;(bKK1{4{scVw8-Xsu!#smW$))+ zE=FP}DQ+78ThtF+acmz8e-=Dn=}K!Cc#c{i7d;4^;%g^*l?1N;)i-ldcP#Fx5SV9T zS)^kxtS>L9koWdxjg>bO4Q486%U&TdDEgBtKhh`a`L6#?{i#3sv61zMIMX``Mn&zv zEqR}#IJ^3h4h*#9y>#3%(2{$~dWI1yz7=Y7jTU0kX13*@m>Y*bW+Dc>%3QbZQmZ>d z$NL=3QdhBIuJdHSX(o;QQze!IuO{cSRwR6hqV0IbP*$B0Alw}A3P!Z_Nz!#@Kto4v zV%qeYf+ejRA$~Q9*Az3VJfQiptdV%)4`B0JFOA379}1$NSD|kvn}M)8fA$}gdDEN9 z$P$$C))kkvD6;_@h3ltUmQUvE@72s@Z;oc98drhiNF@Yy0qx1Q{xex*Ui1ry))i+( z>9QoH2|No6g;i-RymfwXU#=Ra z<;wioSg+v|i*bi(GF_w7^F;Wvx~9PTej~!+l^o99`MpDT$T~dXXP)RGs*(*EoPhaq zK0j((R}tal$5ad=IqQ+5A64UQoqZyGL~Vlq3~etERcw;Kg1H@lHPL`vS0y!(J!S4~ zNh-9TYm}E~#p|8Wbq1uSMV!M351t5-z@~!p07`BoYx_H#+0uAD=WBfIhTnbS_nUqgi06P6G~wJ?<&|Q(AWEQ;wlJ4ur!5<^vZ>H(KW+NKPvnM`sVv~ zWMp!y$Fc_Egl~x?l#;QqykQ^F+F?^N%u|s3?F>cED!j>GnMnXI>K!U&eh2%fm<LwgaERYnL@b?XrYzzcc zPWhdmn(EBI#w5-D%5)#p=Y@}TM^X7A_D;;Ifv@wMy1#VQW6y)i@B1%F->x1)s6eA% z_-)l{Aumu3n6h)9?w#zZ9|UcgJ)-0dc{_gko>6e%V-WrCvv0LHBjtkq0taDQ?6>}6 z*Zqqqaz-2>lP~Q8Wk#un-mCljzN4m2PaCJoJ`FXtONuoZXbm(x3lX*a+g(gKR4f5Q zxd21W%5n{X)2vl>?oAXDDG8tL$A~FzpLEWgS~oQ=&Ie7d#Li2@U!p=fqDGfY6Vxzd zzl}FP)6Yg*_0kQ&kzjH<_WvUPEZu$K)Banc=pTrumLoMUe6CaQ=B3tLZ7w?+VNFtR z?~Zm|)Y3k*`Idq)ggw&sh05CIUa%0o6UG-U0KKyVfoh-QlMDf~_x8h1c~unmOyUFwT^n6278;_>u|QU0y4Xs8Q=M zm*Nb3-MYuNh!2NyC>m)lsO{B#DkSpJvFe*;;06uzM>s)Ur^>HlU)#}J%MUfuJ?Zg4 z8M2z=T*O=eW9;htKFu*O#Kj|wM8zgT0pnc>&!<6!(t7OhXZ2k7+@F?edS~l=uB0|;>rJ7hD_Yz!Sm=$i-X=EEmm)PJ;UH#?73}+-^W5O8Jp%e@a$OA%r9@nD zF;Yy=vd032IxJJ>7V4}W9_c{nG|L~}}FM?ty^`iVp@F1#pr<=^?!=0fs zoh90^-0_kle5Yjh*!&rjJ);l&q!S7v_V&9MTeaubM_B_^j7b&d?W86UWOm2hiq4Em zpZMrv`w0wN(Mf5`)yNJ(8e?qY-f|d3i!!Egr>kgokiiymhRQtqkifp$;aA;8x0SW9 zjiYYFDuELNo)LbV{DDB@H?H$<`^Ow^B`w>NWfQ!%6UKu$1!Q3NEcRZgCSi)ZUTONJ z$igwdt(u)S2}>sK?ysCnNuE^gLOruqz;|dboQ-~i|1CI^Dh-~qC;DYi>#M?L!XDgs zO{#xc+^STeUdUA{x;3s8ka%J zEo6E#oHE;>p=To+MV8A)bv#d#w+f=B1`;998OmP1 zL;tQQr493E(d!~Ey%YY2tipYa9ubY-6Mh5!Zicp>k9IIbI7fXTEHImbZOmW$k%DaN z8jM0Dn59iwU*bt!WKen(t=~q1Uhx`;xOsoOvIad4POXSTb;8&@tf^8)-Kj8#yj`8c zHyLy6l7atJBh!yYG@*vifYoqsH<~$f@p0qi)-;n z4&6dL8~Rj>(u5o#YC?Nk#J_#Wtf&waw*-?!*6NBM}muK zB_-6&9`(FWjG{nuTgX;XpcWs@9m8()`tzE#&dTXV?$AlfpVTHBZ0g+VjEQdl(Uuxx zio0$b^es-4^C@J8rGTfPNQ=OUR%?W$wk>&~ZEv}F%n72iep}eDfT)7I)@4?&MO)Fi zyZq)mW&f&bjy;6bERc*GgbKYexU_6^SOTVDQI_4I6ri6^IavDp!s$th3;mY zePqNqI%?c{`wP%~m^u2TSiV3g;=6k5dY5ecwKFpp%6Ah1HRx5$`LrK>h8# z(W<*ZFIXWkSR3AK;mW0+d?COz**SjGWQo#@EgHj{@xJtHhn?y=l{8W86@mawW^7tOvU7HSC&)Y% z_s&~p@5>{p91M-yA0$GPu0>EAL1(j~^ob1w%$Dxe0rVfI^8s^Mj_`xteIN2!cAarm znZJfSj_1x8&xhX1cOF3{Xb6;D>eFJ;6evqgrY5R zipedqdh**!AxciW-&{htzu7F3a@RbeO#4ozI=>)M1r4{w)69ZVh)oA0^5g{!yrxH!g`Yr9#x$I6C{ z%Xvu^0k5468~*G-DcQd)I68Ek?umJ1bUE0NJwG~;Th>P-yxUPxDiHZ^{gKBo4%*0>55zyRef@QS3 z_A9n=s+o@VoF=xhvCjc*HB9eUdKPovMyyoGlQbOoUcJ{zJ1tDb5c=k{d=7^gU&@(H znL{E^{?cE2*^m1ZeOS#%pIkPZ)B(z08#>1p6UMOYY>~rwY8^)>0UKVfZK@dxCG$1CsS%qjAW6!~K%$9fT+t(&ZvNfWN>16Ii~fnn-h4 zwnyizH?Is_k(2Hp1-vD@T8PB_MtmlAW{fjz$M7=H=cNP#wy24CYiW+SYV23Zwm<}v zr!82ptts)7M1SWBobpOIaw)kMarZuc++81hVkA;MN>r9%pS^Lh_F>-QOC1I9I~>es zqqaM05Q>)1-}n_tF@!JEAtx}6Ybh`12f#et$T^>jR`;(jFJOxm#^VSrq=LiN8#MQM ztgQCfEJ~G8YzMsJlC!$JzWqA;`7r^C8=11KTY($(99zC-8!;GV&jC44j<$ywj>Esn@=NdP7&QEtXa*>NzI?TIx5+XEJoj z7#g%SqOi;x16RXjBZXhqk)li~bWow_lj+tArQFgrM`(3cgy$xr#3UE^@;=5*3%i-_ z%6rG_?^c_ZA(5B5S3R4&HShNk1Owo@th*YvY_e1WUq&|J^_N;l)^h`4h$?c6=U(0> zZT7FZrgE+KW+7_)^1{PTA}%(yfTTpJE>hk2aSugYa~a`xQrKDMZ$_f=sM4rS-o5Tkq{%tP%Tr7+vkxh4G`{ZJ-7xo5b-8sOBolvyZ<6eZ<#-<2pbRyW*`=sTq16eI@jvD&E}~ah%}l!^}&y z137uvm1}KRvA$dM4+KJHI&Fw#p=WL7`6q1?g6?2#nXkEA%_mit>GcNRcI!+R>do%$ zt3^vlKPK#73JHv!%^cmH>e(FIn0;Hj&$dTX1XiVXtJaSXc`WaRs^2>i9zZ;=)5e?b zM}_#0rv+Y>okLyS4C0j1I_Yv_9&hzz6ZM!cm3VpvXAB&1nNG*PhuBj-hz+g?L}6LP`K zMBKJ3@6IZXds*;dcs{VLL<1SVdT+Y6IJ>Xop#l5fvlvVc!I^4Tpw~FQ71>*T9NR7t z9nH#s6OF$V$|`i&$A}@hPN`LrBnti;S53DfPn*yFy@s4d102ovs$op2Yw!@2cJlZ6k% z@e-MfR_ITd8oL$2SMxireG7xdHFgNus-<1_-Ng#~PFe=>eM9veC1Q+J(erAmFSp^g ztE`4hIwG}mGRL_TWoq_}tS^`xZc~k<4d{dxlT8?uqzOcS2k*mqULF}Fn)8*%xA!nK z>&a>$Qrj!&i`NPt*pt|zsa~3t=&kplPHhh`3Y+}Bg_3fF*ZRp{2>40MDl*Cu5emNu zPn{1GvB)GYONPgvNW3I;(|+6yYJP$!!wLV=@mapr5NAvxR@ zKR+qvL4~O0g%+NRY*~|IkxnDcMRnU~k<5_jD14K@dp0;fv;D{&PdXP={fJHJj;N3@ z&7gOoYOeE!nT5qFh{=zT2d&R&Xul8o2RepZGIM^;zO$3NeDPAtWQ+5Z76UGS&4IFzN4OF8v^d2(yw7S9_!~Gma+4;OZAD$*QxyC~ndI z@`YCGh&T78R4u`rCin(ie>=ELe(TQ8K25))!>;=1f=t}*))VC^cMmT?YNq-ruI-tM z(6zYB75^fVX9~?Ky_ljCtvVgCv#N8S<8wcV?sW>ndGDO~TkX}R5CfCbo<$957F}{%33-JAk82yxU;mcVqS>@6SNfA4oTg$)tpmtvG& z9OeoTZM_$Q79F>mQ5E!kH8#+U)`-M)!5ud8bz=)H$ zSoh?Mj(|?j&Ctr1`o6xQ;@M1t4fh^yvB~ioMa3PPx(2PaXM+UJ1j>O->LGU!2bu|Z zKArmzbaO%dPA1Ke>Z-QT{GaLZO!=V*Z=zy&BSmrHqE*XZJn3uWN56IMEIuz4WeWN8 z-J=_pr^$7FoofP=t-9hA(_8DBT&3Yk`g9~L`7Eo!NyX)U_L}Z~ge>QMvRgO4`PPAf z@SwrvUi;yu9m9zHR!`IgsBV(PTDhXoneAMR%do@TtDptPTvOuEHxWWM_9NwW>FhW{=PPS$ zR?nu}=##u0W78d_QJ)u0o^IB;o-%yh-wQ`9ifV^5R8M-EsE2^=*MJ-dbN1~q_e=IS zBKf&i0zQrj6aDz#r^Y5*c}DRoF|D#o-~}HdW0WskgVB6Pj1Yv04E!&WV>|40XsG&e z?$SQTQyrV(RW11BoQcf8u^6lzKDDI4CH@nXGyQ@-9r)FI{vepd_o!hke=v1^ubrK2 z&ZyhDNNKX(zQl+WV6cW6+!$XHi6I`Gs5Ox?2nAp?>BBjXRq zyrlj2GJdT8B9lqo&N~S!x1)a7M#M>SgK#dH2Dn0(WGTw zvp9`$(ycjk2v_K6hYhG=@wtGhN7h9;b@=ZS#s_W?u?9wNsF#lF*p7W;Pnc9A&ufoFQA0R?Kz`PvtWb$PyIL2hwh+%w2*+3 z-dxpLi9nMY{!Rt_C!-cH2GsGYkd;8h|c%QyPkGkm7OTsPd&-P(*~|DhVq?nzIX?76&*G3 z)??~E--XJ@Ep6L8k90ZoaV{FubF}K4ak!3A6YOoOXqrb`wQFL2B~~Bi19|jgGyre- z%ylcJUi!YCoeAa)EqcJqSEr7wDNRQ&X|7Djz1sD9;m*$fqEASd?2h8@m6M?KDsp*K zD{4b4h7e(0*9(}eV7Z%G3po{0Yd9A~-Z7cph|M%lOK!ePj!$I^a}87ObFG2xh{wBg zhX=Z<6k9^|pM8b40+v@#$6qXX_)ArAqlwA1SzX>A3Ewn&W{{sqvoU0UYV^ zspA0->G93u0VV12%i{ri>2a;|ff#9=Q@(YLtm&J?>?Dh0qg3eY6f%o{OK-guj`yQd}%pb7D zkGSrFKJJ3ve@vWrOq}>nfggkR?^B`TMpDQ8Vq5$H>n`DAF6aZt#JR`BKv{}Vo|i-R z|G=a`hxv!1c!$zmQYjr$MUMHqw)n*WfpM2`Kq;t*`oE>*9}_1*c~qf1>_heigZ9R$ zQ1ujOH~&xx?@*LWDvm>{(J?>G7Jt{ei|m+7_`vbk_xqmzEhXoe7%)u%%EL8epD}1} znF@WI0-fX^%HY+6PY#aX4gfw0ouIa-<}gO{e85 zr5FeX^FoN0GyBJS1~G+9vIZUfo#{CSd|tc7CGjp0Ef@BWJsHCE1Tvic`>WTpgD$x} zr0ls&yT5|wlbvBZZOqZTP><0>cD1_8LDpZKk${xFKGY;y0##qcG_K2E z1&VEgm@^|TVjI_$uL9Ko8GwoN$g#0~ZeLUrFSx9Am2AIBIiFcnlOVXPca`k3NlBVj zRFf#UY;=_zvq`B7FiC>TW>?AIHz`vACRuP9bd_8N$Yhai&Pa97g3z-goWC}%f4B-9 z+62i0OiJUr<5l3oCMX`&tLti= zl>I#U*%qZoP7zOr;BwGaGQ$>SBfxwYTn@WR=G&sY1DGFz%TZU!Qd^XQxkWsgg3EDN z$y$I6z+?$7CtW3j02zSE7F#=3uFy2xsB^N zSAp4EATYq>HLe$21y*f=_5dcoalQB|unUmMkGLrC$g_#21pHJexLkFWys|}^nqO1{ z7F@2oNlW-mdcu4q$*n0jb|A|No5t4_(4F z{Hu?6|8h9m%ZF}b_3c+1!2Rkl&)z>Y%k=ACeF))KgZx*Kk2*}t5Fq2(^Iw9G{@*co zO%8Jd!8%=dub0%=T)nCf<|{m(pV5wn-aJM&*P;m5>L!8pxayX$R7aeUMq{$G(Lp;? zJ6A6B0*Popv$YBY!GY22tePvx!D!W7?G=w8{?%NI)0hwh?Ptr=UZA$r3qOEdK9DOv zkVx8f$Mj50ldaWc*#jAUAjb~`rx_p|00{*7L_7)s`Cz~TBmy8Shpfc{4q+7p5Ck$L ze1JT8Ajl5{<$<6ATPLQ&r+F8A}2b}kwxxM1afL}Eic`+vB#bf;C zX@0ke4|fQ#D0WuD`sCn&w$sv4S^hjDXiBl}^7N19_6iB_AW#e}4&(*=3$P5bwDuR= z#A+@&Ry!+2{pD%jW<~8UnCihG99Stkt5#Jyu*@WVN5vDZ%xW%!d|b#2%Qyg32!IxB zRZMpOYf`ZaAXh2*|19?(f~GfBN$bjw3;CVRX|!EVMh2?|(e-+#k1sM)?SZ}^p+?$L zUIym(HP6;@K^+~eJ9?h=-)s0Emh```&i~M~%-04us*yw5&gy?$8YcqoLsioLaxuu- zQ4zHNa4ByJ2=+?b?fS7RX@5FQF$e~+JV@{QsRKOu1TI83kh7zLz)YxYmw($U6r@!>q0|>JomI;N;#bnWXAlU*v1xhw^ITDNrT#esm}&Ah_89FrY4XOHR~H}?^hGj7ho?Sgcz(kLf) zr*Wk%uJ}u43HI`|ce125pS)5K2+@MxZud0}HJD`UEfBCMpxTiZ*=~0jd3ib=w!K0G zJ`fauj0r){acU17o)<|L8ZMtw%?j@9S(wg-=hzKS@$OaP^Cr*L76H zxSf`s^{BCcBBrW3D(o*wO?Fupz845&P2)q*Uo_%FWDggjE4pGQmZw{8#sOmdKwge5 zPn$QoYFw}9CscHO9R-s9l0ml+5aOtO2q+*3&Tg0W!*g(o*!t^<)bt0=0jOywdV59N ztar5|AwN*}7{ujigA<_gi6ffYe3MN!cDwrVAb{LA0u>D^0?6$(P?`1C|3c38wY2LJ zNdfXp#P9(fB2oUIkq3p$zcl<3E;XV7>qvJq{e$c*R8>2&i2I*HgS@USFi;bS_#Gw zH83FqBr4pCf0h1FaDqP;gc*$ztn>7pcHPU+YDaTIyWL+VOKk@JqelNIMChTex4#kr z{LVr|wPSh>Abqwk_TVZqyIo;_Afwy1y&~lH8pybL^-qaj;s>Q3|IBFT{bvT4#BR5> z0+6b9Y_C9pgjYK*O#_nJe9O~*AV96{E>PZo3}S}@-bT1>uju=cR_#cpAf)lh^noh| zxTG^22=j`^^0djkoOT`RjRq77Q)!f*1~(NR=Yjs7FaC3V8|3RkH%&GR#u6425N zTn9ML27|CJzEQw-NAvm&rWABI1J?r{x51#Ti*FJr-qE~2gDC?&nuQwx1Va>w%fmLiV2y5e81Z+1n5zk>VK;*MnyBZm zzk@hu;ljadwix`i6Kw)8o0^#CuYZ62;o49nVyPJ!l4P2%&{*&v5mxK!|(9fn)&M3+0&22^Fx5+6}nR;a$ zZ6_c{()hz%d z{Q$}ZKq3#I+y~G&04jU{sXl0W0BJvf@&S;~1E}NyGy#AH9zdE8nzjLu##&34r(kP&^a>ojib2^~#PZ1wB!R zB5rQj1cYEux-M?ShslnQDTO^zha*sL+1>~VpL8MJivJ|zIH7#!iTX2w_?Asn=<`Vz z;jQ=xnf(c+q$lb~1mi86giz~A7wxV1C|TJFrK~6FXaxT)n~V_bY1gY;@iDUF6G}x- z)UgQZTQ&tD;nObhTk&x+j#EliPt@@U?OQe#q0gsX>bK$(WcH_&nx3c=5zlYgG=vO~ zyWZb+50I6eQoiy;g+#30u;~a1A9gw4ig%>lUtettc^oF}-`#B9MzDCg-(Pk`2;Coz z%drU6yI=3!Y*wiq9(G|g-CypWj(Xmotl8Y}p6>3RrZwH4EUn!x=n3ARjV2IWwQX?Y|PG9mdp?QT7$Vg zWlsh5g<9`pB~ObX@jYWFwS+Zs*W=W%mxUggdlw&f~x}iuB$Pq9xm)lTXJ;RpP z?dM5BecYys)Fqhhho`f}S%cPAC}pzC8YE*;2C0%O_bJCzX+_OQIA zxHxl$sg^d!6i#-}SWujf$DP}kiqWBqHqU#T(V?47vY{}^%eQ5ko7%TitL~Xwd(DVu z&n|vcj-9TMd0YipLh_EuKuh*g)H7E~na30AWm|%4S-q=OjVc<}Te4f46&WfZtGY8D z24fmg^8!4X{K|u_MV9u6n=f>WGk0sC>}kz-&x_54;I#YUJ1x7zfHd~A>a#TLy@m|7 z%)zuLfeB=|h7hN$@lssXB2dYWgGOLh)ic<=aWOAG{k~5#NytEWbhH^TX2jMMHd2ug zY^w;Ua-XZ3&i)*V&|ce2!)HOXaC47+x{D|}m#jFY$6He_bp4&4h4azr9_8z}irh4Y z(Kfu%gv>}6aDh(qGd0&RR*Xhjn5KKA=AJnBX=5Qb`To54K5Ure+TjaCldmh~br;LW zV$C{9nr%R=bc?D38aipRI1$dm`Ci$e&1|x^3k3;f^{=XN^!tm`xhm(z(_(eBWJ^!1kb3rJa+Qr8B_?o;O_8=3$s`pQ-fa@4m&`SGlrBH)9kVG zD)zW;N0zRa4+@(tKyl-lst$Lvu}3cE{oe=TGc`={p2K}t*7TZ&_}$|eI>%fbK|L>_ zXUj?kM@6{$9@>(Xm+zd4IS#$A=<^XAe+(=|n^!ynllPfb>sn20ylXLIV6dH;9xU9P zwN#PPeRZQAS2m)?9`J0Pr!33H-YKoMm5Gk^CUFEK@r{S_=Cx1bYFA7%D}mNjf=;EX z?L;s83>@`D1GBLVdzO?(XpfcTX$76kL!jUW>?CfLxwIgbFO~M^dEigwb}!_VA}_IW zcvj=+q>g`R+H|fuQqK6dwnrcgurYlKsT&GrHL3lC?~)&Rtf_Q%QH8%`2alq)!Zq=l z;pr;A1ETi#u2UI>EGhrk%~iYiDoPpD`R&y^-e^v)D2}NV0bXfNTdU;Xo*#Xed-;|> zzDiSoX;zw^?VhIA${5)#>+Kfjfn4iAgndf*CnH`1J`I9C=xFotiY|>8cLnX@%(!1u zHe&pTUL@^9O2cC;+Odh3V~1`XDYlvEi-YMS@&`sT`S^}<2B;p;NI>EzLN^l_}Q;A{AB;_W*W!6=ZM85x!>gq~qN9>drt4PNqWa}j>DBIe!c z!da-ht*IV&&h#~kT$Qb*-aq$K^w9ki%c=Y6jl#{Hp}i{jyV@o`V=aB%H<{NKSYh)q z;ffxQw=VjNkiQ7@#3iDB#;|QBbhI5U=y4c~U?G`X{{VVvX{f~HfHwRVB6)*g@Tm&6 zXxQ#K?cxp6Xb4oR>JiRsRpjFIB9*ZV4zQoyI@W#Jrq)sw7AMS&_~_3^feMjf(I!>i z1gQ0I_^p(~Rz_NfvY5RU$LaMEuL=Dr1=Xvvvg;p1ZV1PIE*%(9lyGGwq6Nu2{3O(I zGPXb#$~awKMvS!oLG{{$ct_MLD*a=ofM2HeF{L@poJ!q{c44#hkr`p5y`vRM(7Mta z9;>2DtSSOC(#nF3(EDsE=obzbzH*x-2v*89VX-BOIx5|pArPR7b}-W7^EpR>1~Q>g z?P)yP%xTQ7$F%2fqGX}74*sULrEvAtp`jB~k z>eKJez$_dx@PUJ~R71Y=WYi4+y$KG}wb7UGs;Fc$S>pe=k{F5dnXK?rUtmF;_jy8M z9A-Tsu7^keKGVfv@L0Z?lkmx@kyWb2;qDh&nbhTsx+O7;1y^2NO)$u4DX7Ihpna-$ zSG<@p6k~I^?lPi-mFej_q-SDA7q*0yq2KA~ad!R5pv1d@6DO~RG8E@JaaZe)j6x`5 z7e1v3P0Lp5^s9=Wwap)`cv6DV*O4}ewbh%URn@L!9#D)o3<#eo7`dw*(h5__$m~-T zsZvRoOp%8Nz;iH->i9gj8XE{wiM6VHh`Z%SJS?XajktY>`Vvx0GAhM=ZUZ~UG}}+P zVKv?X0;D}+U(%JdU#5U#i>Y}UZ#ED-JTE}D{rfJ&k3GI*ut=PFc176yP=RFZv&93! z+dkX`2Id#ym9mC8(NvTwI(M0rR1VZWQLVf|P)q7~o5b|_^Y^E+{KW(ZZp{R=8#m&} z%cZuWMo%Y|nCN-QmQ%^49${{0op(s*R&5A~M0>|9ebuex2+LUt;qHu-AU?mjXs&+4 zo+cO!eFsh+^zUNU74|nKXC=M1b?-3nm?hK4#VBpg9I(G51VeBfYjBGjDJP`obVe;D8dI*^IN_&pxnbvG>N@ z7+Do&XDlNH(Ia;0amBMV9MLzceMGWjux^Vz&nS@TP>^ASdc9yiUq~0vvvTmuAZ&Y+ zxe!7ro$+QefAHI4kcF`Pu*Ub;gMaI{=R4AEHx!}p$Y7~PTX8QPG1blB12Ut9kDbEB zeEQA&lZ!3alc-pKX3DyY{up^_?@n8`tOOo%@zGIEMS`@;s1P0f@833Ung{LnzRGcZ zIK}L=J>DE5Qvaz=jg%&m0TttM{JApc_Il~q!S-?lBcYHrGLo=IQn!PDs+(LF@5uLy zsvl!%Ynt%?1(85*zp6Wxf?a$*7lm;MKLr~URn`uakxarab+9BkCCZ!+f!ElZ)k zYU`{95++Y-F$sO?YUOt;7 z1pMg2i}#Op2DXe^?z$217yLWWW9rI$#`lxxc~XfOI8HvMd6I})c9E}B2pEbWA2|{h z#d9qyOl2%%rJXP$>0lyGRcn9Vp*wB&b~@4vb zf&-!}%*g1Qbt}od`U{52xi2^TS*oHn`D6SSO$k%EKt`dO(mdl=q1Pcl3gM02$|>mU zdTSo(spCl&+#1AL!SWob+r{ui(bDzL7Yr3_5!FimPJVNSoB0e=JWjX|vef0P~9Bx0bpbRPtjfZ}1ace*V|XKVJSRK6~-mJwuKU zPnHoI-6rJmFjS5mj&>JywzX{R#*lUtL#0?pVjI(qK?)KCSGEvh6t0w#1i_FkBwMtp z{u72Wtlt47L!L1MIXUVNz;qouzme;ep?2ykL(~jqP@})HawVLjsQqILSmZe#Las{+qYw$4q1e*&!UOFvis`LeU4$R~S4eSZFqG&2jvFU_A@L&~+y;oB+f6u0z`3h}7G&!EL5{LxW z>mkalP(C3aUdsH^?Nlw{%fP{jMgHMda~;_$_?AW5Eyqx=^Ib+IQXOP>S$n9gfQz#kNFI+U(S#L$9e=&ml;t#VF{MfkN-_X|H3)f(*KCM^mLcu|2M zK9i+}8aQf)dX*2~gVVIn4y7H1>>5}C*jIbui|kj=lgW;11FnxkQRy0G`=t9k_bH;= z$WGKsxn`zIxIvzDhYmb^=<><2;|7|n>G~TSl}mSraMi;q$3G!UyZ5SBZm_W>j^9Xl zuSzm-%2Dlf7yG{SM)K}pD1o{M4=ZhOANV?{=uHyUN`i3+s~cA}y@na`!CjzOhoeh1 zmDiZ`uFM);4VEN%@3GQMg->Z^7BOYMi%4{{pRiat@wxZH#E+rvUr)Z7O$?3)6-BoR z-FtDJy3TO37&?iZA2XvaX4r@DQFZ>DrgwL7HtE%qA39)%(npf08PI z7%H<8HiJ_>hU)_rsWHY9o6P{}YYc47XXm$vOcXn8u3s0*bIl(h#dQt6oD|t!Cc^?=3!Tnk@?q(BQQ`~MM)#y(=gdCMiSW6Vv2952 z5kvV|kHV)`&zhYMsSVS21RHM=?Y{Yo7bJdu+-$c>cjvJcEBX5(moUg)G4Ri!VeCpwxZJ zj~c$lV8Td?lYG++{AS@=<|csW#|wWTcz)dP2ZHCv3f&IIKri+O9#d_duS-?hD&IYK z#~ZL{6()sG(34)jONJ`LyW~SRqX&KzcN`Ed_7ZF;%nW6Qi+WUSgP&1aCMe6Kg)}c2 zsthA0#1e5KV=mD~Pc+vq8EOoZrg{y>ltvlzpATO)Q!#LyUK|nBI*y%eWas_%3-Xv zmM$3zHXq02BxiR67tx()fAIm1pLY_@7waec*puVHkMzvO!MTb;7$Y~9BykMIosZ8e za8tXOJ>z;ak{J0Bp4YBj3MxZA=pT0MGSrZsO|zfb71&vgB=ux28R|q&V=^IOV;(^B zSsG~#P%artM^6Dxeij?O-jvV5A4`ftTryOWK7QV))~BH+>9k*R6qKIk+l{BoV0(;l zg!w2;0>mWhk3@dP#P=XfZ_||NFBwWx&roj6lW^IEF?(*3BbJuNf5}jXdIr&#LgLh+ ze;pf8J4uEZG4stQXR{rAuptt@aJ6*!yW^QWyGx`0o*bx;M44XBI;Eg86u>@q4+U;G zdB&;^tv6@9^i&(dONNTsFD!q&b>}Jrd&_?jDk;K0H@ zic*feWF^Y|9gcDmKR+gRls>!j*~!WWDss%e#mYPqICC<#3vG7)u6tc1h`e4h)bWnE zo@71!In8chDCs@Km{Oxl3>Cd2h9N23_1}9=4wy02@7{wH`WbXB%99mh6rPZ6SJU*4 zp?deQ@>ahW80#!MU-J@AjJ7Z7h!I1*?g3X+w_Yik6#ZhT*nJesLKlq{c(=R9iIc^T zth@}61jLYiP$_JEk)EQ*P|bThHR1_r;Y@UHufi!BkeK*!ioL_W(wIBuvi<#4MuK8Y zECzI#Q}wiY7KKq!cVc+Wd2FN*m$yR$ZB2G-xICMV_X%@}CnH#{sznbiIgt!Cx`&C> zO%P=wK`X zR0H$=P&s)GE0bnX3`M$M?wuK(A=A{x=;>H0_TN_rysGLi8b zE3{nK#&$ZV@$e%dPYNImt5X#*9_l<$D%1z0uRFeUBl-vS<%k>eq*}XCG(1+a-wMu% zWn#8zsyV|@5q!^F^8z1Z@d&!jgRnse<&!A+ag}L_%V^ z^umiDE)RZSrUKnUnIil|&o56qG8yW5QxSAo6azik({92SWh%dBDCNDoVB-SqWuE}$lplS zap=XvEd@wt7en3c=>qV#bSeR1C91s-CVKi;t*Km@z2>Owr z_|m4`tPc!nXe*Yjtn-cQ-r#?lWxK#C1sl9T9e~O2lB2+nP0gluR-l6`H;R}xL-8jG zkuN`b5#j>4v7-HZ3?;W;TE|b=g+yaF5;a~K*v${ME4&;JoK6yWMA5rM4Sc~Bz$8#% zhWgxVq=7Z2p@n>*)Pjag+gJo$En*!^v!%h>=qpz0&BN4BXE)3u>IkmjN0U0ASFCiKPlL9YF5~!Q zT+bS;O)aq!in?a5*h)Ch4Cf4;mYMU#diw3$I)hMoO1G3NhN8^}Fb0Q}bJF^NHvUBt z8z-K092*|Lt?J;<;92F861K|AaC;F@aq-8?KZPGJ7wCeYydBk|+^^utg=>Kv71k6g zv?ZUnSx>!?uRfld^YI?J17{ZSW&Jq7{KE$~rN*IJ^i6>t!pR%w4U@>h;zz~KH&{QB zqs58q9gb%0Jf2D&ByXS($K_%U3|3FNL6f1k6mW%ygX{!pCtop?f!?>1 zqe6YQ?lB@cyR%7v{K(n&yL~1{5+;z$21*pIUXfgup~~~TTfyv6`f%Et*j;@n z&1iaXtg3xwAr8mz;V?*GnbnF)K)7P4GySNZ#TJ!_v$d+>AWJU(zhWpYeH@JFHm&Kp zl9myM_=|K#Wbto6%rLc67%MX z;zvE+42cteI2fiugrjXl;bExF9CY)%0<3YNRrDv>iDzvj72!1!CO<||s1;^(wca*G zBRE?2A_R>GQ6aDcoDV8}R{61w18`kw$Lx9ESKPwCC007&8%U`9Sjgd-t(~6nUO51X zj}s-SRF!!*O0{mYQ1cm!U3;stp^9*<2PFaWBPhep^L~hogusuGyjwVzl>qZJD1V@s zJmkbh>IDX;g0Hf`S%jNje^W(x4mANnwX&Rjyn3ONM)cn=ZYn8(B6jNYo!G%l*)8hxtuvzR_v z>Xpi$^HMEB01u9=Wv|PE+~EwhmZcuMvEg5pdJJyaXWOYtRLWXdK?~qin4ltyLWe+) zl`DniJT(k}+Q_YjrB;e{FWaI`(0jQ$n^yB~cQf&;Q|PhTmwyxgcTy?))!B5GVIOXA zul8`mKJUzFcavcs8CbRX<0zC7n24X=q3CRyB>_)|OBje{ft5rjZ zv0zBP_SbcYv5&A9n4&*uPm>@yv9NTIBrHxu>K$R7i%b#QQ#Ot3Yai;Fffr`(?tnv7 zsIkSOyP3pn-wrLdC!!;=(SD;|J$$~qK~27wN9Am~&PNa20B!$Gp`LYEp#Gne4i-+)wx)OE zAOEGkJ1bpkY73#}iA$IFatkh?R+7`hP?>tZ)P@9w)Xl?Ch5GoUwWd@~N1zZg&*K3I z&ypzlv6jO@Y_}SLlD5x2DtKBB;tv<2epSj7%&)1JMz%$Qd3!ctYRY5o^R+@?-g(TO zOBGGS(!hTJNQDU&6LA1EBkN}|+}=3Z-Y~qpez?9vxiVrfc$1VJm)l?<{w8&~Y?XW* zvujAC{K&~zKS+{EhJw=H<4|SlxCue1i3#ZU=gi#O?QUQPEl~9B;3rz)2Y3Ijy|Z#Gu(V_Pg@`7YPq4VVzo!>FKUPKSu6J@hyl%Z$64~DYP@byh&T|Ju}G5VQ<6MlPT&8o^*RU4Sg08Hjsoy*EfuZ}c(aq2ql-Oy z`)n7)nOfhZE}@^%6+Z?c3rz2slUxdLBpGpf~l;8s?(DxQD7(hQ6>+4BOyg?@n@Jl&;UFZ%uh2 zbjTAka|x6m~!d2BjgEV39JjgusDuQ{q?zW{U~?qOl5dJWJOE`whhy)_+N9<5oo zvZ|anR-%7)?UR$dT%k%EmJh-5hGA*(AXKuVDc<$j#Ig6?=^OdAGp2mhlYFBL_^Rn$ z1Q2Gi?n~K$8btbIp6bKAQseeu}7ZesW#80%bVqb)EhDU%veLZ-4nz z6(kIP?Cv9EGf@%EqwWNof2y+Hq(xSz)D1z(L-z3`MOEU<;W; ze(M2=NLrA*N!9x$m0UB_xPG^-_aD?3c6~NQY6oIBAr=fYH1uG_p^(IJe|3CJl0b$6 z)$cTKABhB=1neVmlT&~()Qq0p11Qg>Fh$Mua2+h+$%cf)kdRC(lR|@(zU<(sTEd@+ z=SJG8&rmxW9afWUoB2bb+7=6Rz&b2l3u^3Jp~=|!HA6w^9h|7yq6*y&ki0>FUu1!$ z1}?0pNV z)xCBX^_U17-tkLk@}K{B`7iGG@ZZ_{;R)yHTE6@qG&zgB?W-j`fDinH$)k&0wVhsJ zzTT{--O!9VRqOqlmFhO{F%NOaLd>%zqey1q+}BHFrlcJp0tkk{JXRB%9`@mTk39#R!K1GIv%$^1wgd9Z9 zofQ|_Jd;S-Q^O4~AtAR?muZFT*R0gQd0$+?#uv5E0*RgNWRp77?D=P_y7oEPw1d!#<>F~m} zQkJeGrhiG6A~4Xwvrdi+Ls~{wc?NlgNjsg0HzX=8b_O#kNBx?Wr1-Sw$*#XruU+Q7 z?Y0-r-P~=-EK*iV;xAx3aDJtheqD2v6`!M<^tYYALPF!jqj(eWt!}#>PQqGsSTF5# z;?_O|nHuG@NtJ)RQI4ZK{7vV=NsXSc5>w|r(80$N1Wl%>jt(v-4$FIRQC1NRpr&7f zH9H&`Y0hMhn(;f7()S8-^(Q`80c( zO(2c}@(HG4)jOIq2~OG|!>3cyGR~$f|L&+sq@1|(5reMNXzU2{ByHnXa%f^nVdE$! zzjp_1;Gpr@H8$CnJDZ^V8<(fQX0dgl$xUfRuA5Cl0Rk)edET5&SK{84KD0XTTn)DR z+8FEV)>ar$cG7QfMmXP~f+rHT5hp6gd-!)0_7d_tS;^`19$YveZ==umNiC;heqyCt z^(0G@u$@iIKQS%3RV#%Jis$l%p0-CXZor;>Gc|gG3lveVyI;IV_~#SpIY;sT5$n*q z%6UCq-gGGwK=C83?I?slxTq&UNkkk8={QZXVoTSk|A9gn8zoEZU%F8_>62ll{C@zP zr!78Nfx^PE6TtL zEQFd(bLx^!U5>i{FC%jbSh6i#?^TkjFjV`WF3TzJ95VUEz*1>=ym`x;;qhiJu6z92 zrGwa+TadzaHZA|}X%%qP>YsvYoE8|M2|aD&ohR{FS*&!KTF7xW-To72Z>M@?<_sk< zGGr0=i($4_iK(C`-j%+ZvTv_2tlSt}XwXT$VcK|TIuIbBC=nAc?iQv`ndoKCXc4SY+Ylc$((~;>~ z)5H3<8)G^#@47(mYlb9f#$n-33Hvz1qiTy&3&2QRyxGsNZ(TE^6EfWxivLe>g+v@w zX~d`FG&)`BXp;;rx=5_N>Ck)4 zC~tx^H@BAB31QoXs^NRUWOk($a3t9zq`WB+fz*8%36VDy+KsrylrXnoF$;yn$D7bh zsGg}R6ml4z2wi?qsR!**dM5etn*+U9XHQLMciI%5gvyWd6os)ar^YKm?mkZSwBDRe zXa8MH6IsuUkRe++3%fCVv{0w5IIcVg<`mf)Ub! zX;or-JGBMun7|tKWJsjEiO^t^G}!4!z)o#@u)Hc77jNn_;2KS1>e{$Do5KA`p`B8- zB>lcQo1p!1C~KUO+VyPqY6MyGMZk}^po-@-?QE$_EXb!cW^Wkk(I10?J&W6||8yD` zgN}+{931!GKYjU!`0~Gh&AL`8-!Wh`_$VkGMd5R&PEzRBHMV;8MKi7W>V6t>4&5^g zl$+gqRv>ut)Zi!@|D&MuBP7RCN;A1CZ1yBqVp5ML2d>PS91nh6>F9V^ zRl+$a*2WaGF-dmJ-Y`_Te{uZ-$~jaTAwP~a35&R&BlBIDzFV5!^_Hz`6+&GkKz=@- z7pE{rY0=+&LMh-4D;4~i3d&9j=2Z;_X*pZmBRj9{Acv9sCuhm&%3|k{M95XPQ2@-CH~5M z?i*Ih`7Z&)wr{=@$+X|+bb05cUf7L9;pX_}(CdTV-<-&lABETiFRM(^dnc~T8`~Wh z5*jDwlyY<}4W$`!!%9DYiV42^aMs|@%U+ilD~r8+ql8{scIFK${rtqaqplaQZ>CCv zVy&Oa~2k(FF~ zg1ALw-+QVSBv4L#C(M_}lKJee0b0~bOm<*0)NhX>rj>-d8|TdnDj+G#OKGtHWmh11 zbODa=}hya@P8)rGd|sfQ6mC3gau zsxcTt;$p~Pj^Y~Yf|93=A)QHpmpFF}$;GpQ-u z4MV~0-O+%(e>yBqyy@uX1-lv8yIbV2X+wo-BEWO;rV(05&ekS#BKGe5QS}-SsWzzO zJTHxT%tCU6>Fu;?9II{cZWab(Bu*Q6-q|qMjT<8jmqhVk>^4A#aybfd9}`6kPQuXa zAnttJ@gz!4MC^qnUMeT29#;4CmI_ZHa#y5HBIZQHehgwx4DBf5cmsv&DuG+ElA%6m z^?57SsbED@c2JU!os|}L)inbCR;8_L_*em4N)!5qp(gYx*dJ^2R0{yyWAgrvq*h&= zB&&79N)Gyk^^KVtA?bW@_2ZVtYYxoH){3|$T)8)9^?QyshIrDVsSKs0kC|kHW=P&X zH%XJtiIW|~=6yV{+G9?$W8SA5o(Dwd_uqU_b)FnU?(VX2If!92T}Rv^3@3$Jr~X!e`I(4hMi= zu|YYpxF}(Q7I*kZOcD|o8@=9$se(3%jv*y`M|2EH*->;e;d9rICauTq4MXAV<0xGw za8r&(1LlHT)kxRHCFX%U5`oFWB%@-eu6-Q5eXjFOYwAfT%UNH0gF>QaNRW=Ac9K%x zLfm{-{_b*DO_sJ-U_+0dBvi>D(V)m!-FLPvi<%zjx+O3=x1;z#w~GEUz| zcYvWhIm1EvP*l<$qmq9zwlen5|5qxNWGHl=I|!m!W_vD;g)Qj_Gebr5mmsyuDZvTT zcNlpj(ed-Ry@YNs-k)0Stk@*K1w%#iH?K;51a5@n6hq(`#Y?$VTUF9<_z|_q40$#l zTd_*GK%^bQQJA`5;LGSd)uDgOP_cYOYicYU4Tjg$l|rK8N1jGh@XOj1Fh>DbbPt`N zp?}LzjC{7|q8a!Wi2S07vxG;Crm4)`0&u)Y_%m~LqRc%D$Bs*&qK=(ghT`O2LqHbB zr#_4so*3wV&PwT8mN?rd=6Xta$&ZN$gA$LVgb8QJZr)=AO1M?K4eSQ`*kZ_lUO58Z zs0qT{VhlJB`7;t#a`3Az!mpv3Q^6BOk{9jv11YTgr!p@HEtG`e#9A$<3Iu;~5pMI^ z1ewX`N|QMm6uIT7&i*b-W+G{_w^Zf_EjdIC2_3T`VkjWbZix6%%2&6ixMe6Ee{{aX z>6ybHYf(H;3HVZ}lg5xk?sf-2H5py1Sx?wW$xx%KWaW`thDz~!cxU~Wc3<`K=T^k( zi}Zx8TZS6(uRX(tb>Nd}7fq|25`hIvBc|3)e_06eIugZDM}BWb1aX2f*qnOC@gs;c z`>|Ckm{mBu#aurzPJSkf0*ge!iYUS$kdXP2!Bd){kns2sxjlHTLAlM|4wj#5k6n|cWVft@<@aNHvlv~7aJV6IZzaL;BVPWFjs4ni-ZGb? z*s2a^43Xjaw4D`!h>Jg7{we%;>6#c#-i`%x?pN@B!uyUK6@E0$xz<~qKU%oOdyK;l zKLk3qyX;5bdxyo7b&}7EmBjopt0Lretuae;;G)4z;dmN}k{>l2-I7_~6v#CvoI90b zuu_iqxMI)NC+v->+TF)f&5>l342hIGvvvh4v&j@X&9(T3kZ6%mi+IaQUH+|RJ}U|N zm@(}uY<+vA&>D1*xk1`66yZ+&p*GP7WT+EAzh6CI#~V#(_C@kTj-v1fNQ1XP9q~)f z{=8+V`c7Ewp$6WGQHL1dc%}j&gmsGP-|ob5X-|LiFOws|j|9!^)j8dnfF^=M&t(1F_ zi&n4bV~ih1vOX)#=Z?-FB~w3E;`1+xPK{}$*(_ZssoLb0q4vB-5y9jxkd-`d3 zK9s%Ufn=rDTZZcKds6x*lq%mc)QT^SEW}clcr>>2N9ohVkId{$lkWzJJT5(?z)&Xs z#V)2Lwk++UAh5sNcGZAR=x%z;P)Gi?q+swJz;~PG?0Ac8vG)vC^o$Bvv)~&B=}P1k zG{es-@=&1E2Z?|m zIhusK2KnBgP8?;7Z4O_DqzGpdmc#iw!+JJ$)J>xWRx!Y7L)qd69j-hJQ2JbvP{H`Ycol z%LBM3nyPXQXBp7y0|mNMyVlEle8q9!bQKx7IGbiYu|z@&9!k8pF)GYc?Kl;Vi&Iz& z%_m?G>O#UO#I|_2Tw1wqtr#TQaB*B-f4;iI`ZAn|x5~Cw-QnRQM}VKV>s2GL*TMLe z!@-ZEoirS}8N4neRG!>TtfbF74+S$;l`F9^K-r3!GF#ijwONG}-svw=xH&4q?iANP@8^23?@BG)GPb)+%lA;-$Cem0tQ^(Fx@S{ zAVKoucQ35xiPI^$CCM#EiTXW=QHy@S3LFkoR2m5%?>FkWHy7?PM&Qs2(j-w~s8T;! z$?@{VkBEj1iHINdnq5EP;2kBOv2WuRt&pL~U85W2JtW@e(&ZjW$%@bQ> z-Lev;4`56UAM&UsE&JrqXxB+lfK8Q%juSsR8QsFd-O}Yft+&BScRt`;V|1pIEs#DJ z(*R=IsfvceiO~coZib!!g44?xGkz)Rb6&A=!va0cIqy7mWA}ZyT>aD~!*LI<4E+?b#&W({^Z} zrCr-QYkC~1q(1bwtW@5QqMN$JtnhD3PCa3z+)hH=^LeG?roH)t>XkHgNZzA24orq9b{u!7X>8rG5=?J;XLn?IDZzryeYj(+-=5mm z3nwV{pMU!42M!e{u60CaZBp#+{1K(E)tZ)irx|y5taR6hg#il!rBG&}B9v8wV-Efy zF>zvHiI^5K6T`{IVZ#6*q+M(+pJeykvC>Z;aC;So9l5Z<)$0m1qs2bhMoGdjcMLVq zhbpGz{l|%*5px!%iG;+DFHJX{OX@~Gz3T=V9Y;<-YQj325B!|*`1z>*KFp2vD>G9%@Vq1^ax;X}4Fjh%T^q<-=pLw)f* zV6X#Q8@3#LA6;c6Do&K>2&yq0V^xQOTQ(aw!z5IL@15p>bkF$Dx72 zZnHz~9eVEgQJ{AQ$cY~v2N>>nuSbH6BGXO08qs@9!sN%9UV<4c_v{2O>m4hZZ&i!l z4uTnLG_e}IAN;-UJ68=hw5w&6WCrmaE9vfI2oE=G-j}5Ex$>^QNVdhIR$np8O3}QP zmB#mxQ8>^>_&_~#Ow#?OGx@Zds2#Pu;1Rs|38i&i?a}guH!e|=CvW>|Ir%MeG&xbM z>1bjjgAho{CVjm#*W-{x#ff5hRAAre+O;b)MUPDkyohUXsjvFlrD9u>a`2^8qj$CPZ316QU$iF+A zc=)R%{G^lciya218h(HI*F+7!JBGUAho`Y=Ri)uBjh>KwI_)dV_uU8N5HP1u&fz0E z4J3ks!ccAe@NBM?0h4Ij$Bcx=njB4_tyJt}oSgZ>PN zQxY#H+B1(Q<0;zV-^(iNviyJVHJUFHzL7`^MKaVT-)rT%yv(Cl$y;UvGlwbM8rrqW zN`Tx?;Z9H2xFj*L2_vsUeT5Ij>r}a12*+^yLim`?FB1eh^uu(zU}y>YYS6UIK}Lu)P-vh*Ln$0~!jfvbCzg z?mV@`grT_iKBVITMG_uA-_9xU7NP(9(3^z9dp6PUcfuQwme>HoAE@LiW~dl`U}L%l zg5KxlBO`gK7oimv*rHZP#}SQ}AFbKP>uwFOtyQOzJz)$*zuyTMKO&R5LQ7rgE^%G* zqcz_HB|l!1wn!IE4|5n9!taP~Fv!U-DD_QR2^Et-Kyj>>_yh#*=A=fV} zq3+{&55bc#1~!-F&{P~e3C1;Er0JZZ0y*d^Mu<)d~Rt9r_0+U zjtD=}^x|~SqUDROuU+TT7Kep|%8xI-1l4Pa4ZHal3ovu_GrAiq_!320@Pn29Hx0V= zbxp9Mks796#jF&;Ukh?Ef4Wc|7_{{Kek^{qvwyL!WT^HMr=`L$6cv97IY5O!pKoFU ze~TVu5+gsNb;9go+CDlaN>^O#5vwkiSJUA6QLPie%c1}_D%Z8K@Wddth8nF_ZpT~8 ziqep69PSt@iJveQ7K=I%CZZox6fI^G*JO*ldxnDICx9>1N>5mdnEUf21{Dh`K77wm zVEhE`LZaix%wkKRCt1T^SG8=l@tP5;aH*&h4-W~C9|t?+sI#_ApRo_bxRNpPqf&>a z2^OGpa-`1{KcaL9*RE4$FnG}|v#3m=SK%dhjUcfIHZM5<{8$tn=)unzSObZWA5}Vt z&{JR4wuY)kxM!#Zet0)Nwb*{!P1i=r0yTsCmgF?7G`fQVJt~kE#;Hl9n^o$@qNz$IUXDGv+8W;r`@hVkzi zN^dt{>8@M#hD5S^hN{~Ms1{Qx1D8Q|s&?c(LpAOR@YuA#!w#J*tT>PsJ1?xn4Az(= zMsk?5>2;&Aisy@x;`779&GPd4^Xk*(CpQWfYYcKs0{&F1E`vGV)bO|*MJS?-lOMIQ zBw7NvXZT$^bo?L(fD_}1UwSXinL@!zto!vSIMJEcqu|6|A__0SC?4hNQ3A*8=$y5C zR#Mi(Y`ElaCtz_>;NqT@gf-EQC^u#41IaWjPK< zKocGMzh|Xa{rWSGlk0<+n{^4~NG4$7$OIxL^vA7ALvndma?pug*GNnpX~7Xp@IeYM zTF*<^VZj0 z`3%?Zqbh{+-KQ`MR%*<l2NeILLR50YD(=|i+i(`3|q0%Jw6Tt?oE@Ruzt@<>Uej9j2gIj2Aii^ zO$E@xyF*W25xtfqV$MXts&W-wj2?Ap_25C0*f>&!{n<=WG`?r0XdHq(UdhC1PowTB zW@^~XKgR5a&g@EPkRUlxhFKG&m!R$jKNbyUe1cU^E5O~KO~v?q5nHgcobi?Crms8q z8>fr{Cti}gxG|eMT@v8_Y(mC#)?Wp%FliHOR9&NF`@&0u%PmK;)46LFhCynw0mMBk zU1L84UT!P=6PyRz$_gjfQuHZBMfa?vix1AMMMvYK6&-vQJxiQO&=EMXt(AwB8gFMP zN}Pyn(W$C|Gq!a~Oq3MtJwsvQc2YLJFJ6&8h5UHX-W1N@VdNzl94G#h0FK1NiQRZS zE@LbPTjr0_r->h3*_)x^_uh2UX7HPEJq!0J=0lSg8bjIP zz4?05bzz>Y`zolmR`^DKG&X+RBNzkdhN(;)AD&J1uVg_y#WOVg9dMhxYG z13)j%=bB^9+w=w(8i|Y_`#3apx~lpPm!cOAj_8gEAUGXWCp$aPmY9R-f1ex`e&nU7 zCoOdf>=hb1zT(MRqTYUDPmg<6y23#=vQukctlTmze@uSQN}XBsuDRflpBD~+P@ z`%euK{ZefeDfx8IP{DV8;_R^FwOyze+y+$j$#zN6Bv({IS# z<`V0~Eq}JJClb zq|L2B5xPRVnz)#fOyGZDD6)IR4v(DQB{Pt)_)(&rX~jv~Rs#Nh@Fyfg<41@nzrxU7 z&&}Z?73jIBk^^B@%pFJ{VHv3w43B})A1;cSAsC~1YJVqe3N zvV*m|$=W_RzhpC2X9a_^MhVso&*%!)Zhwv^5Gz)+p{U10HJPjpl}Q3m9JqulOp|Em?| zmg1j~r5zQ_L#txlV)r1}l5h$GZR(zWxu0zU`U%cJ0K;pDZ= zohr53s_CJ-n06@iOB*K^-$r6R7k^sAx9pcA#6oSITH;z|zkd0UR!aIp-*UuT=(6O!c)Vj!G zRg{457G!vwV}9M5p3D+{U?oUQ=IcFeOsPh)LW1Mx$$Cd{{0LX59rgdD2K63T=@z3j zdnOy5`Ep)Wpo=2KxO};Dc3bfrD-Z z_TMGXP*xJjA@vcZLpP?kDz%pIft4JxN6|M07Vie>&55E#gAJi!s(hApd|vqX+vp4o z=~#cf{L}tBoCsO+(C{NS^UYYwN_rAkmPuD2D@o-MQ8*tnck6|yLwIgpAxq-pM{DLY z2BcfTx2~lX*=*Drs^_=tNTe$88r{m77-{I3pgaSc4JYn93>sq5^2_7ZRQKW$V_)j&M3 z(rb(VV=%2} zY6-yHl*lt(x=-fSgG47WhAL90u>;LF=EJtUQjEIY!WAY0c=RgB^Q15FkHxA;IGos2*Mj+s6u&a)cC^_v7Gd#QYaZpP7{edetFMZGrG;}{G1x-Sy7<4Sc0j*N|SnTQ^zD@mv5{pZI#`L$oq^; zKOl1k_R1a4P|*4Zt_FUjEKQ~iRg_VpRoH$>cWr-QsDPbxtPfQp>PeR6FP+JM{^RAp zxM$(t_&odwuYCH=n%YSaFOR)zi3=!i`)WD)6>{wO5w|(3QC}Nlefm9|AFc`z{z|zo z%9cSjs#OYHv1=3tL}%$W^OjCh(`n3B5>VD!C2@O38JJmX^f{+7s!iv7dVG$^fB3o= zouAQ6u8otT>@N^*P?iU%5i}+*u2o|&fZF_Y5aa<9h*=-^E`BQ@AP^1qJ6+yd*h3t2 zeL}2AtHoxlBT;Kk2aaQgC_%1T2NrExENAnrEi z#~vBhs~tdwC(nU}DF&oep*>r{q`~p&8p_)duLKa!$n3og~Ywjx8uv9QWy77g$#m+ zA(=&VFk4|RJtI4lSI52+cJlr{*`9JX*NC{}Q)X2L4Kh(V(|s&?PaBmgOc|k%2K7?m zknuSNk@h#E-2PStU{b=)X%yu2OBIh@Mgmrc;GtI`z7N}R$M*CJ2ZFy-x8`a49kcR+ zth|l75{Kt(3Vdb^$I?x2Q3DT+=PCN2*}TcYBE#C zsj#c|`H*8ECIJPOU5?ZP3{(V41MT_t9qoke~j<{%*em6j}kYThtbJfGm51Zakf zayQYZwNg@=%R)Bo32Z1mh&HASG8&fe&0?C6$0n1@J;mkBM%8;OldV3Jgo9}%fdoZm#Khh1t~!=aLh|Z(P-!+? z(m}vSV{81{;=!hH&4R_Anjf{`me2}q_RfIvSh!qR5r{yXs^nTW*f#)J4UsJo&ZS9A-75ky-tcoAd@s7zoRyx?tBs)<6D9VZ^9}yLqM8H$x~hX@Xyc z&4tZ~u6RZrH=RiLkW*YV^3rsi{Uw7HneX%@bGjN$HbbLuf~;TrAedfug73*1k6JML zZYcx3@zed|B)F}bOXRosp)y3s3e*y_pcGV=hON|*tFo0Xq10aXjr9kA%Z~z&KHHYZ zwiV9($gbs1J?`bHW^3Sp5t?#XxOSCk>hj_eh`sTsxEScWuKfMH_43hbDiotjky=TEz?KR&WGWEL>S^# zlk2`Kve%Y9J9_=_y}&%38xweICQCSIltD8ODm(qwvB_juVa+g&o)bykm|y<6UEN_U z&Bz_+c!Uhvyc+H=#;=Ukk5`!yA_5+Ym*eBO{ar1Py87MSC(BFx^}${_!zyW4-}xyh z#>It>E#eBu_w!|v$DX4!R%C3YMm8E6_l;&rO=pwLnnrdbxT=Sed~tc-Eakw>TARaT zi|^=UI6I!pnH@ZjSHm?6Meu&cAHEyYJSC*pPRaxB-d`HNSfv_IK4v$EEY+5M=6y8d zp6?Uu>A-!ks!*XQiA0Z#I4HD> zh71UwTLI@hN8BG=T$R@`CE&ZLdd#mC6l6elPwreSd^MM9((mxTF%X6=dd^1ToYPPFIw&- z(E8=qT{=X{uEQ*v$B4rox_rfnHm?X_f1UM!&MryhIm=V)g3u9W{U?f_c*^@-Hy#m0 z?T6{4zpM>5eCCno7hUi#p-4a#0=a zipvO8^mkolPTi!j(@2kp^ghq#cj_O$Ay$JVk_7><}`uINX`CVpwn;E&2 z+xXfz_}aF8g+|QhC6<>hw|kNI8p9Hme7Z#^8z->^-XH4cDhnKnsYrV#VgDq$uiyB4XG?E;PQU2Cv?@i>>lXlErNs}FCF z)W{NYWjZL=6R{}zmd~bvVqS1$c1th}9@raRXo0Gu^XE+`qt&zR-hI^-YJ_H%jEI$| zB>Sm&v>%K69#U43Rh%E3IMv0N~7exiQHKy3BlyIm~M!SuFQ>-}`KW zU<46FC#rBJn-3+ep*XV%re%6@79uXx+BxF0>AYxLL-a1Y${N($X6}C{Wr{XIBb!sS zH-1BEGuW$%HE6=eV&aaB!;d*Z-P?3eVwuw!B^%Ya_>YJSVbOhDgupHn>BXBxY|ioa zh&`kL$`8gjX>zEGe%sme`~{{LC>35i9#}EF zM8^V!BhCvz%bi%zHS(@y@~%C;o!!7C>FCfSE~cLlrjyQ+ap^wA>{RlBuSbT-qzEv_ z{+)NG12}1gWSkHAqTu({Lk-DroR&AoY1ekGCBIIY-X@?vXbPx7m+(Fx~YD6Hv34pw*F6jHA6yQw1rLSQ>V@&Ofxq#Ja z-l-1=2i`hU^7`jAuc@~Z`+zy`WoT>8k{`bN-WFqjGN<)%dxAi)??GDQz}^Rj$-snS zuOm8kn8e3jq_Qu(k85(>ah;8IPU6+1r!rt|`tA_WBvK@v(&DEe{;2o|`=Z*0fs*B) zI}~mn^VK*$hxcoL&PE*3=S|~%->+8uGDv(1LLWNMu6KSwqSrQ#WKEF8U7_L~QzrnI zDdDO|j^BJopE5ST-C&q9#zUOwEo3rC&qTzyEj^3dn?Fg1z)cSfDU|u)6g~A~Pe)$FJta+hPB$(|{zxx%5*6E}C*2gvTKvGmE9mOL!ofJ|r`rdwR zTKN`X;J|J~+#>5(BLCmZ->9pt?*o(S?tB=9sA7ASQHgc+oKTcvy_IB2ZhTvD`nDCMcgl6%z7BFlug0 z7v;L)Ler`x$?4{~8p8=EQE4PMTV@vgnK1*oyht!H0dO*@`8QBfc6ER;%NGED59uO- z$c+;Jm|M)cY@rm9mJ?z0sAzE^%Xu~k{R==M38pAL4n-6$k_FT87R#Gny>?t7qQg73 z?ZY(V#B7|GSpQCijcV)B9akxk3KIapzZ(BhCjPBQoRb80#S|uxuOhRzx>p9r6t0-8 zR*J-LidreigeTg<_YY$yJD47mf-iG(`KyRU-}umbB8yzQh2Z8>4?vYyI^x{cxgPn( zJRq<iR;atb@sk^6bBf`Z@XTxYATsdc|h-g zFF(x;<9&IRQ&q8XRsz~C9^5-%O2}7Jap&7lEW8)vlX9iB@U5+IugKP>&TsC=<=#js zh0IBNj!;q5=!6O`hgL%Pt<&#zF+;agta zVFG=}2CDy-`N3lIkYm)-fX|&j?95;(ydA zhwZ1-%0B2Ii^T@XKJT5%X1AQ)>Xr&@2ybeJWgGH1#N<`qR5LzLZ;Mex`>*~S^oUTM z6mUROn=l1RMOei9aH%iznSGMWg@{7~G(r}}L@e1XFQS%F8%i%gQaa~vEIF!fF)|O* z>w*t?c`$uH;kHR4#U3BFzM5B+swp_~k|rNR`m*OqaqUwy;;xzryQqdZFC?4Uay6L= zS8LNWnAgv9Zcg!TPBA$du)I;lVrg5FeEL0Df~P=`QG0zS>8E^&OJIbD<+gl2iFN+& z!b06=M9WnA6h!8yjG5~wuCGV<#~Jwt2sz5Q;PY{t+{)1PN_`{dqp`q7^K1eJIl~?5 zf7=vh2@$BfvSsX*^V0rf(|`Q;KP~&)mk~)?c+Z7MRIA7!0JSHp`K2(|87e^%ud`10 zi@}t&P2OhRycpL)*tS;h&)fHsIGqqV45gd&QJ;T==ue5X+y$ia)2f7cOALzFAE@ro z2VrTawmOk42z>~dyJMHOk(r-Cf1z0C{Vnyl8Z|KAVb!tS&{jf~Sj3g$mT(`pV7B|l z0O`#;Cea@>i-uw9c*l);fkM&4qAanNC`PE#_l-yjs>|MRA4E){gJuQCuFv4I!yGw}VEVXxn$7eMJ%js#J zc^*!12U}KmwAHRF`1Hty%oNwaw4BK!iW0ps=-0Emdq9FwJ7f|c_Be9kxxTU3yl6j3 zr)Lq-)&JDz>J0VLD`!JZ2Um{D335B`Ys*9!^H1om=M-&}Ej|(Lq-F_GNtB7}u!NCF zsXA+FnHvRI1>NtHqh#|X0=nFT(_kqV4`~tCI#THM7wH_mU`;dN`AUJNv_U62lQ%{0RTHUTV05oyQknoclTe5 zdmTMoccOUf*PU0sNBRePH9|4E{u6EM2C@I&;590Q8=2TwXy$*+`G*0Dae761r55k? z*#3$AKiA(9@zrDQ87y5^wAq0Nwy4?IzU{;*e~rj`2WaD*Lki-`ClHpbgcg^=5@h0ue|72?ZyX;U%6sk J##Ma-{1+-<`3?X8 diff --git a/spreadsheet/macrofree/waf_checklist.es.xlsx b/spreadsheet/macrofree/waf_checklist.es.xlsx index 807a5fe9107ef47efb27086e0afbb54354259ba5..fe8ca7f1a198cca9e6441557217ca11481d3c086 100644 GIT binary patch delta 209344 zcmY&;V|1R~7H!bjcGB3k8XJvmHMaG{w#_DuZ99z`tFi6Iy7|t%=j*v+?039>_K#=n zJ=a`w&9&pA5r^Xt5fo&=KcRzwfIx#7AeqD?^uT=lX~ymxWx>WT5CUs5{Y>bC@5wXw z9C897Ayr5;U&0`I1Gcp#&zp>HgdB@j06VpITan)3ET{8}9D6InbS6Z-tlG^QD5A6Z zJbpA+f(vAN(t$_aE4lKd0hzbAzF^Bk$l)4+b>o z+opjiA!7^ri+?qj9s#%`H;H-*Y9O4@rRx1ignCIN4%b2c#^+*p2b^%Iw;HZ z27$*6v40&BnG0$9J+~`deQ+xP_LGXv(7mQ6=IbwQhxaM|A-SAAwh{9LbpqYm0;9c& z;dmEz0Fs9ES?-;vR@U4vMOR$YWsJpBhz~S_N5^)Pa7D9)R|g9?Xy&(A9JcKO{r}FX z9vW;I66v3lTEU56JR}1L`K67Xy5$0n4KOpf+gP7=>N@TGtmSx6uOV<~Dsodry+T;B zy(sH8J3Jyxs7$}Y8y-HP0)c>GB@+VwUOexx{gT@HXHdub;aBsMv9>0JABg5i0LbHQ zt2-$^Av@ZwKiIX9+CpM__cJ%6FUw06HsBjB)_;oKm$^j>UNyIU@FG+djS! z1vj>4DHa*JXr2E4avc0v@V2Gw>eY-Pp!53XhUYnEyL9)AVAu2Rp?drByg|MkQ8`AZ zj|U;6-`TR~y}oUscM@URo`08Db41?Rb7k- zTu?1neyeIf*Vr8Dw7m^*e2voI2vWY?!oM@*O)X~Sc7b!jvYik1T7uAD%h7dL#adUy z>MgR97hYMs-%|H^2=#f$0h(+S8WGTUcvDWGd{S5{cwl0Aj^4S(rCycfVhGE+9B#x3 zI}_wDBn%hqzI*(U&PW{VaUozlykZ-F+GC4dmtT)oH1lHTUt29ueaG*26%5Ld0(c=1K2O{-yUF}wrmLA zM4q0B4jqR_-**~s+spslcekhNs;K+YSMN5@w_TqE(pI~_Pki<^^2^24?=)M(Rj8!2 zw;6%C*#LO0mP9zdOz9G`a4m%tHZ2{^m@r&s=Bb+eq*+#CbbRn~UR<91kbKBcyn@3f6b@Yt2+d*TyMWOvm@)Fn98zCst_ z^u+$ObL&O=<@Wc_JBj;e$j4Xu>u28G`}_Hqn1xxz${*!gUjd26oHE)U!%l}4PW9&1 zx(@k1&a*!+?Dj6!r{zey0dk<3N7?tR)b^L^TGsLC(bXys=K(wC0WoLj%iDs8E#l*= z)%RTL>t~5a-aKdZOL~el!vJmy4XRJs^H;Qzu8hx?Y0GpaHSHcNAd0n#B^4HM$E_nN zGFnu)-P3GchQOc?X1&t%pUUDRO3VY=t}Q7lYgTlEj#=l+lw^l^o4AFGM%M0cVog2@ zY_HOb&N9us^YlQam+W?kDw0K+#Ut~<#=3R(enb;6)v%X)X`NkZhauNpnh_#7TMgUR z%8JRWR8#f|k!xFb^1W1NunvI5fHWX`btpv?*3>lu?VP~lnD*Q< zN^pJGaB5x~lfhQ-12k2CNaP;d(FnOyJxrnC1F&1R=!hw5=RXa18=*DAJ4rf`zB1A8TTNg-({-WOT_Ndslm8O?k*Yb3V3>qpC?x zjE>QbrZoCqNNZtd5~#!Hd+L}jeap|v44~ER12EdEGy8Za(AQZ+9)diY=?t~iF8RMK z0@IPU!$T?MRJpSmR$gi~8hr!Kw$_C2D4@33NRXk>xK1}zktuo4FzM50>uA_733Uv(+cb})#nlY8r z>yAC{VRfV<*O)@O!9^k!rlfb!Uy1PF0{e)nm*2hkQ>0a%VU?}ud4jQdf=Q>S2mZ78 zqUB4C$$fjgQ7MYQ;vcUBXlvk59@QQ)Y*8CY}q|OjQwsY^xM+zX^`1* zzj_E*oeo7qvrVb0i~my&Nr44`IJKf_ixR8&C)*M$8jlWGd(rE;gj$2Ek>iADxHJ#P zsmjDKm(y|+PUSGI#M+2gOmT)Ai(|s@^HN0Bh7*a~Vw2IlK5E>S3(~8wh>$y})G0`{ z{WQH3X1L*wmziC**ga-XRQ_3Xw0R~iM_|qOhT}bNr-VSOT zwOapxNW>M}(%b(Idcoc7yem4!mvEQI6^XgE1WE$8oG{vr83P#k05F# zV{$}wCY4cfTAJhW?YijgI)33jMcF^Act|6BZK`=Y=%N4>?vJmqIa6(TZrgZd7L}a! z{K<3ev3k*cnn{TCK2TzkpWuAEeq40F;B?$sTtDl%VMX!dkKSx={CXf|5zFnKop#gj z%kxym@3`VGRjP!)+}h&TuO?X|k9cU+x8W-BzppQc`M|zsUK|hj-OkrMZat%RA?!}o z2VL+gTh*GeJRGdxRt#a54J}}^H!1vQ$(Psi*6I$&KBfXIS2&BNlcfF_3fq~9QkFyG ze^487wM%e~6L4tK3loB+XH<>bQ*l=&ONTOk$(K7+r)Mb{%R$*`dfb1K+gH+w{fYz; z)w+>{_tpyB8i5aaI!x+i{h1(pZgs)O2oQJu+89>v*09?*1;zTgwEJ+IgW(}AxYu|0 zEafp+(X0<3IczZ}wf!!+AvwLCptx;mwrj?SGaJZu9A!tPbYG zfDr?yK-z@ESd{TLWV}fBPv?nn&lSVMmS8Ef62K%z8k0r}t2s-rWsi^2)`EvOTD#NC z5w@9)fN%LlgV4YawU;f>H!tjpnB6^=ad_yb?OGdHoK3ygi?-$tj6^i=li>Z(D5w_O zt0Xj-fGFa-?Rgh#WoLFFhlBGZ>9AI%32>>zBoMd+TFJwy1DZ2;yeI z{xm2k{v^=^)vJfUK}lw>@a+T3!mzUcVp($QP8jx{J6`w$%ij+_uq>H>v>A>W0|G~{ zkVSX{Wb(YLC`;V*I4BPjz#A~Y8k}Q;I4S;Tu@@uO6D$^Ugo95~$RBbCiRZ{v3`ELt zy2#P~Ndnm~011%-%u4>>3G{U6f$Z~B`hA=Lg26v0(8ET6pU$I`+iE6lV;N(LCoQAj zU1m1tcAx%z_;azCO{fZAMj$s|t$*Ib8C0I9Ojsh09ztbhhkl$Y4EIZV1>6M0p&vnX8fR zk#_p%lrRX^0>FYDJ)sb6KYVH$3!+(Q0hJ=<6jL^_A}WD#$_bLdKs-t9AJ z2eGZ@l zRuVj^^CDSOaGc{6Skn$S{4Rh^>VpoDzA|GU75-=C4oNb)SR4F_pQ|<6egGvkM0Se$ z-i0uLOX)lxk{D}5Mv^ziQ}lGq^Dxj-jHzkp{krCM zlL;rXgzBKCE4Won*mi^oQuoY&~`>)~C0syxH)~mTgu#fOYd`ZzY3J z@~d16T*))(gN@Ll>F98%O`6|D5SSJ6A$!lx$P8E*AC}|y75Lx1Ul?}my=bX_A~A8c zWW!IXv#}k<6ke(2f!4Xr@;kx%Ln=qNle!|C!!Ng-tN9C3t+jkmH?oG8)Tx4zT-qQC zRg;uS@E7KZpAEXSU>BqZjiOw;erJ>~ zCzhCNQrO>4ydnPJd^yzBvz@fE#g7qw)~2fup|>DNoN9?NXeq};~NF|%*n#Lt4 zXkqjmnoYBhJUF3bVsqhZ2NXxR!$15;BOZ_ZDlAMOi%jL?*i2QKY*sBpVi=ugYrKyx6aI7(j*c z3)YZL?aHqB`WNdEgx(Bbaw`+zm%Kf$%6hC%R6P?vj}tl`)L}!!=qJ^U(>%Pbw%`lj z)*V0LM}aY!LJp7LlJhX86%&xI`ufc~Sf*AnLI$8frPJ1h#+cvnsymaKchVhW%~?q$ zN+UCKlDsuSF`712_EH~qFCa+1p+Tj-G-Ds^uYQmQLhSmJKG+WuITt&QsSb_N@s%q& z`Ar3G54P~%%NUH;(=j~ZZteTHjGdnvRW(h4MewQn9Nb)xni;*1gK$jK!7HfpfKP^U znDpxy7MO)=bHXCn;`yZiHhE|DwpGsd;MBPCnZv8ET=Xn!a&53z?2j-6Ydfqb90??R zKrJ3VbR0=AMJPzIsNHm@Z)>)V&2wTh?_^j%<&ho(d4&yGPa{U^+C4G?L?R|=Xou08 zL>r{axw*>E4LtPR19k`l3bpGH5Ri^6i*8pnpA)*UjIDYr60$Ds?J$PhBhWT>AI2Qz zZBkgTE!rXgH=Z(~AnzF^?inLC#CIP+*cu|kxl7E!ce}ois4c5g+a;<+P z*DN+yid)4=-hFTMWg6SV!gH87Hoy0*2wIIUPchtS%r8Q%i11BdpcR+x>qZ(bo4}t= zn4MEG7u|aD!o5hR^eH2o3RfiWTBD`Dv+q}Am~yV|u~%Jewk)LEat07RHG#pJfpJ$D zuOHQpM&T0?0NSibXybO@`iJizGim|GWmlGg=is(-STQ)Rzu{0ztLxr-%Y4U@F&NHs zk}q$CB+^yW_;V95p$&5s+wIu04e|(?b>Llg9i$&eT#h!lZ(1O*x6%l_#eF8&zzP`w7n!#X~%)canzEV2ioeCKZa%u2;>q13$^K@!704OOb}BkYb?urDJ+ z6c#GVo_;Lg)qB=~b+xmh{s`AQfw@2j8lIa6wSdbt@KGFHWq2C?97QEtl@%9%)-jUB+MqSFxxQ5 ziAh`^8x%+2lgAZDgvpP#RTwFnZ?j}=b-(>^u%t`WUJ+{aKQENNf{|U(PB+-@FmI5z zhZ3->Q!_}zmrlQy;9R*lVKbp@=Kxy#RYKbxeu5?#kAJ6(8}tBufHYI;T-?h%vAyem z)jIWYX8){W#gwnSSLGCtB>Tj=ov5Lj`-@x}C#t^Ggp8)f40-eDIQJ zbb{6XJiMg6(P7MvM$ze$vrJI?1!VmweUhqev|+L~Rr#v0=3YvOs$M+_3^I@!mN7MDRDscRzyYoie&t}zUeyAijtnPb{WaU}LS21?EWdy7e>CeOZo4yPPOG~cN z7=s$7axVI$=S>~YUI~Ds|M07!AgCV%t`ieMM2tB)ce9viA%a zM!n*;NFfYO=v_TOk0YSM=|8J#R~3XAJv*014;qbNlkyW3!%tZvbEM=zIZCn~hI&gv zl~%9?{wFP{jt0*@(qiQ!E!dKx_FPYR4lQV5CK1E-AR&WdfvsPdiAQm&XDurUfryBF7Zszw7_rw>hv7qD%e*D8gR6>Xi>9r+C8oXC2T zNMep0%X{Q0$sE!zw8Ozgsfz%b!d3IXC93g+guZ@Ci9twtHX7$Ce=*)j`kN zN;q+epL~}=omqSRD5P?7(8Sk|bP_&Uq!(r_wF8ltclF>W4z@Ss&=z}R7m0zg_tgPk*+n ztf4+YL%}*Y6gFV%I^yUvDu`hEJ`GLtBBn~p%VDDi0<8_T`G>wwJdan(5mj4097q~) ztJqY~`>C4L3g468M7c1U|426`*M(^flP(yE+1#K})_MHf4NGLE_m3A|(Z-7LA#l$j z-QBGC)LEIoq1|NxrD%XMo24Pujpp{gKut;7^H8Ef;t`Z;AYW?c#;V;Rm zqnl-n^^`rV4$)}ffhI);{;{5vgJ^AP%9X73wq%1HEN&>y-pc?)nhveA?e;b^7!x-U z14AnHb;9xFX2q%weu~?s=$Rv%BzZfl!#^>0=~CtpWE{PH5ooEOD4fDYD&s<6>iZR> z$Qu=T`2SWNokOu7&AEy4)gS4_5LGmL!owv;4#+)r$$A@F)s!IhEJQpRY_sV>PMzOo ze<7zh&o*oNA$2v!CsE z1-J)Va>T%BrD1jeo@p`|Yl(D-#gFZOB}H#Bmff1K{CeAmq%dGjX|6ijJkku?9il9Y zN!i^O)VS5T5d|xf2eXRT)wXn`R?-Zt52x^0{2td1W{8b`MbIpi)b=RfjLm+`rcG%v zUtw1dwlNo0tDO$%Yt>N%B(OA8zc%{wn0Yw8%pV_w`6J|qcMR(&aPCn+v#e1F8dvk_ z71@jIIVQsAhikf}?^^D<7+uN^p{-+jpFQYBe|ZBQ4LkCGThCN1SUnZu{)BYuv`IR# zF?K!^$V;%ZPWowM6}H-hCYth%b(=g~A}ib~!SDA=HIrl~SwT1fK$V!ZL=}(s7hBS| zB#s~0+Fkg-R?!e@Yhz*eyX_kuPP5nd0LBb1E=jNklfB4(zE4vbcFLdXwI9^(NEToT z)vT(o!(_es$JF!^exV_c4?M#X4-Vkgi`sMCznx}~lARw9iiycqgiE+A2atq{EsvrVL9dwF3>#w;?40%&xzx- z5+7z;#lt2qTyR!(qg}zAR{peawuO97UhtE^s<_8K$0%zvJD*cVi!1&!v!NMSun9H! zoU4x!kGy1|!S?U)y79*7>kp;zU%Am|&Y08sn#JezAvX-2=_Yk}+x({8N+LjpR7Ra& z_rWDbRfo2a<;kKSPtBeL<~71l5;snY122jo>%UKr$euCNS>TyUtx(DQUI1#o_p?DK zF2#n~NJMdAvcojKBt0np6lOItvn-#7GnM+Q=vAxr=q#SOHD^8)efgqBN<$U6WHjR% zPNw(c18vrInB8XPG9{OZ)-(&6yso{AlBpKi8MFj*u8YZ;T2?KHkVcg2UGdMcgz<<| z4(%HV`Ws!8n@pg+u!e}o?w|vrzEB?g^Gvl=s0~INv2w?}3Fwx?W4c&!ciS(pbdzm+ zX><;)86t>p_T7+uX+t@Q8V1po<&?&8nbQ3Y9U@aN%Ji8VXY3>NzzL0^x~jltRa2r~Je}}Pf7y5nN4DlpR+7M1 z3Pv$}o)#Z5nBADb!d050#Z;JN8FTF! z`eeM6dIYAZV-lG^9T6*nzmLt-c{}$89!RBJ@e9THwCKQH%Lz1{44tYLa#*olRTq&q z6UyH~mE*qM>OQ5!FM3I#FAa^Z9d(#WUHZQtm(^R{`~ntc33Tpg8y5|BzZ2){j+RdHGi0A664cQLZ{MK)OSo z+USesKv&fV!I7q;k~!0#6O2*nbYbngw+$>^|Ijpd*kx`Xnx^g9#e;ksID-~+T7 zO3iJgO)fH=SSrm~y-9}7EXv>DO2L#>$+p~7rr7@ySC#E;0X*-d6wU{6X*CZig|HJG{z}^mEu(%@AmI3Cq(kqYrADMb zr_W}A=jK>Oki--0E(TQW=0BNewtrgv)%EQvyC!7AXPwST5Xxb7`a!LW=5YTP7i}4k zIt1VfZ1ld`5OIvV-;TPsj&29o1<#zBQe)keJu!Cgc{i`8FlKTXEY=%k)?R;QJaSBb zhiB~bhN5*uI8p9;VRde$cdd|aCpeQ1yBD?V*qhHkaeZsK-2pa&y^6HH6}49C5)G`n zLb5s$B&DB38Se8?u`UXwx5k8|pR^L2R^i1_HROjCprIbKB&HQ7i-r?Thg(pC!kO;> zkN;AkH?AWgQQVn>XLqjgGMjMWp8UD!$e?MmsVIp0^+DSHSZv1!oahb=kr<%`sn%wX zl^TeyKjGx$JlJHw7@SwGN^(BHfK>Uw{VMTSlm%V`C z$Q>PH#?L|-aLCeOzuF>JHO%>fu^16GB~PNfD94T!*eA(Wh>bezEW0(Q+e==}Rt1Ws zc%B z8yhTdMqdQMciN5tdVRbLxHcn!gTb%t6pooCajsE44IK}(WY3mG_~pU}tzuNL919R2 zztLzuXGC&p!9FAn%WXm(G%11}={-8n83ax{ZJaE?L1q5WfwVwou2_3DM}8U#OWlHH z3gSSLhry&;UYd@J<|b^RgGbxelo!U&U_s3Qq$JahX31Ow!-;6d2zjWM|0WcJ#vc+q zULM~XOgc7#j!E;u4OOFHUw3jf^9-K=kz@@*X%J9=h=lBC6Ro5)1QhtT23Qn4)fDKy zMERk))2EpMOrhUZ-RCTMWvT>xD#T$f52Z{VCa3vKzg%_RO}8r?zj;5|0(aUwfxg0f zG4%I_aQI%=1*0Ie!r2KF(sdN+uiJDXB83te)Rc~zIz3>9Qg2iC zeTIu_3+rFfU;vc3e1MiqzP%lx!ZMhz1{t8@c;>9`7*-Xv)RSg zmC9NXp<6*>8++=M-1p@SZDaC=kO*LiD)812*^eZNb?hQULT*Ly*z2{qWKA~Bd?Yhg zYp_IyaiTEHb{3jRQ`{kvhFs|URs!e2goT|wHiy#>vA}-5m$p20rt2}dK>lD{pgZzR zB?Cr=-zD>_3F-TCGwNH$%>@Fjq$2+a?H&i*9x*R2q2q3AvGFo9jLsrSOfn!E)D|PN z%H>FT74&{sK8>?S{8x5}9q93yNJtPY6x0`kBk-Jrsu$F!%>8CCaq#(CU&M#u#q_58 zS!-~=y>gaymb^uwtb)$54eOe%-8FQMx-sQaAf2QoM4Bm)=3HlQ&*mn;5P}FD%f=tw&uxL;vO))B{+x+!KuzYWv`IA2L$Zl#O%{(Zx%sjn}d^**u z#&CX2PFqP1ajmcJ*`42l?BL55)Pvw0uM|6SYR9AJCh`;EC z-LV5JXMO@fX~E#Lv`MA2&qiJ3^(>WRouqJP4n3cwl?Z$er@jKGB#*)JBFjoc4Bwf8 zH%{$0uP~#|3$py{OOz}}Dx4j1O=-=|Ip+zQaxg5h5Y4U&oYHxW(>mIQ ze%OBn!%B>8@ssdwq{X4GOjxyB2udL7cUF?V@gxP`MtyBE6am(X7NHi`U<6V29d1dnDFh^FD(w7fNe;APM zhjFmRM3sJA9Lh{<+7as=aGf7OO&X5=uSp_xk2f1Re0Er}_}eb37<__LT%h9`uh4?R z^~j|`oHkx!?~k8(N)S6aHN@rcWrUiTAF-yk4%5+5Np%7R#qcqr9-Nn3qKLv*f)hn& z%b!xi17}@qAc*Idm*RltcAHp_V-#1Q)b^py2XqqL*DCwY!V?DCQ3p$dFqY9+ouy1N z?0s>*2YGghReY`^8U7=DOv_r&O(pf$*Nb^->y+HCidn2w*4KslG2c9VNpm~T?nTM( z-v}UU$VEri8b2JOkEVgoo=6OJgU7*?Ft`ozyfpx(J};l~eX!1GLOg9Zre%T;E+r6gt#0QZ3e$3oLeU+$ z@Kdw7XH>lap=~me_W@kIy9m>ao?RLIUxpYa&Uq2JB zFsiYWy+uShz1<*@f>v#e`rcK6-038B%u?9fFUUVz6|RY3Hn=Z!eT%OvfSnAgEc24X zaGQ3sq^E&;Fll^7(9xvaII`$g1S1K(T`Fp225B(~@_z^8l$|Aq=NdF^Rp1C&@WusJ znT`FUDRJ~ndIw`Km@H7|lPsB}E$2TvuCb(OFq-8fyy>$xWB^ZlL$TBZ>I{q@pq3?q zFpF)OeXE@323_ntsinLjc9m9qQ#L-%p7;2+R#@Z)?YLk~b{YMV{fNW zwx~c>^Bp+}k_Z{idYF-M0BW-1iyta~I=s-9^yKGe(PT5Iqqh4l!Eih(H!ZhnDqHws z`9i1kHsg}nwxO?i;F8)T5CUyAh^gdKCPmRajw0WOgP-g!V@Hualnz76w{(oBBl$ae zNjz&EOJ>MG)z1+=`QTRfSlogPIe0HP4m1JP+ya&~mPp>`vv+l~0m)N~$2mUhQ~lxi z?|RV%ju(B?&~!WT#`jYfc;8@Ja*@1LT2dwlifG%SFVbozmcQ-1dpy49q$j?&ynLN) ze%rYoe?f!V6?p$~`vc}>_-%IJ<%Sztgn_MdQ-EPoKL@Y!u}?OWcvnXy$862`US|@J z1s|q#1%t4eW&51Zo{pSK;c6`rb4L9!y@*sg`)fJ)VtOi`t<|b{=|W{p_A!-pR^cRx zA1icPCRh#nlt-qkf{qbv2R1-HKl&g-9#NRG9QGrIc~v^7$9BKCq=MEPUvQ%_Tnqz# zVkQmJtXKS14@zhE_542oXN1P8a_MG?j<;Wp3436-)tO+;YnEAO9wQn>+)&XNuTphJ zPrpXERvHL=y^)ZTb{QR`h>D#=b}_p>Uhj;E`fv{LHHj9k$j8IpyP_E<=UusQKj(Q# zOiLstu8?g`4hDaIr#pFRvXYMa?b}3(hTV6g^eNY?9t| z+ww^4E3rgi$z{q|O+HkJ4urPH&j#0^fxdgn?T}AL4>ANe^fPvt_>x7->cR3(PVcc% zU{U;G0I;FMeZ33v=J2XDwOnPlzKZ>x+WY=K^H2qL0+;u4{Y48jd46i@GM0{I{W=&K zGlIuBDH4+FFa=L6ulEY!gEG(4bbhxDy*qho6z;7n!}Ji56ixnN(b#K0vJ6j`6YOZ>i;4qV4M^z}w0{5ey9M zC*gCRX!F*Q3g(X)s6eE$|E-ysrM;q5@$0bV_x$wlKAwOuX`C-_4{)NQ&`S0g*uILY zB1hBUsVdROEigD)4B*VkHUpA<9qn9o*VhbmO?|}2AkjysLun%6w;BVb8vqE+&HR&p zKYBx&qiC!DHY655MS-X~o44>ivZ6Bq{ulpWrpGZbxl`;d8mEg8_Ti%t}3mKkI*VifmF6m!!2s9wm)xKlrGlXVQRqVxXeE`2*ms8(xH&_C|- zkdrPzc(G!X512*&a`;;-8B{H`RN2O2o=zh@nPBvhkPy-BhIWzIKs8L0*Y8Cboi%@@ zfalU;629#qrHJ@Na^CkDq~0Rixf3=NK#p0LYf>?TvQlbE#URiK>P~j9?6y;LJ;&#^ z7AGZYK!O%&>h(wZ&t3IE>Fxk;`G0=fS)3hY$D~pFqU<(tRuXkZVNq z(%nx19=Lq57xXsay8`7mZ2+&16&0_vFGfd^a*#OyL!E1L8a&`kq1dzixt9L6mJ>J1 z|KDnj<>v)q++rNa>`Y(|;;z9IQnef^LRCRhTc+fv%GXD~i#k>wWOkCEwkJ>xaFC!N z`{{xm?CudREhI0VGYx4Z(WZv4@VKzX z9s)e*ybnm)^@D*rPwYQOL8%S}jIxaRiV0Wd;fZqe2`i&QTTsE%d7e&&|Fj9z1 zPdLRY*}jcPzBzU35``qrcAsFY0t-o|{;8>oC?A>D*2#mLG@Xq9by?PDh4VG;)A-l$ zepxC@u5cKq(qRM%FI25~RO#tF_PZ9lacaG(F_uLMY-7Q5Pz$T86T$I1~Z& zRHA;qx!z#16F>V$D*A6h*>Yi5A0<>7JNOJ_ zl<@`g6$nG|jLL$q>)1BJq>Ny!EKlQuX^oM4QYWRHxfme=lI-^WmI>t|8PQ5N- zoufCVt=&)TSY6tb*Nf__JyeJN`YF~v?VY?k{MnqWM|uzXL!u*4;PG%kGEYq(9 zhKwe|k-0Vu+CGgJPc=tx#3LSrWABrDcg@xC%8x%c74i97iqE$Cd5@pH-?5{=0WsAU z>4S{C<*RN!+IE|4M|`Q>RKRatvk_2z1%^1CEE_#rVuv2hAG0^FWsUk+Y3H%tl~K75 z;=xEACP$b7w~;>>6b7-gg>kQwuEh_9O)@>7Not{5&ly7(Z@qfi;8y5uq2DSDNB#WmK>UwAQ~c|!NUmD@4<{h7yEc@+A-TlG zK^w3?v$>DymhQim9n_fjQ79o2bv4Qy;CO{`$eJUG&wLnglCumhMH?<h6z zHSTyp$a@-tQ@RkCpFSA+C$^a_lDGT3KqY~J)qf?d@|VkGxT!Qy4w!#vE*7n+(DYA_ zl|Dg6u$cqo5$X}4LODKK8&6|lJeTNP69O>Dcu7I5_w>phCH3}$ZWnYHQon+!G!0&7}tZ-MJn0xRRUJ!yiH3#9rQM1n&Fiy zHKx=1b*Cy~_{+8%#{vKKHcj}(bn@{8B`#vAE)l#QWT?o0zPpe3Orfih5l-JpAQIiE5HYJNX4JTUmKPe^s4Dhpoq5idF zI{rlX{TUJ$Jm#6|8LNSow5iux5i7WtE#@w`iouxIjF1hSil9T$a0dAz*BOoo`g}N7 zbp4)99iYM>PmacK@-;^tMr}C(Je@9ud?rMAX2u5$dfsC=J;2Rrx<|_+N)1buW}dY7 zF+aD)rO+}=gcRU(nS>5*>5b3)C=cstKPTE&cDxyKq6;D^;uto0Q5d6aSgvp+urM>p zq?NhqO;d=j_@zeYhTw1|L;pQ%EL~5C84qLdqYuKLGS&E;U4;XnsGrJom_Yqr+aAJr z{30q>cVbVvGxIMOeLN^Vcpll^Y*15l#s2KTC$Wg}xP$Mir3X z4#(k^+NAzxkMKV#5BR^2dJ#IonmcO!wLhf66ce4j%;Kr1rYiWCR??+p5~#DMDUlF!y>V_s?mjIniEDVlKUCa;^K#Z}5U6tX*69>0?& zKOer~lOVh5T-95iglq)w2Kaf7#CfOGY5Wo%s1JwXfOrR@c(uq#Ah~>A8ppRkbcQJd z7u&g;Z5%zN`U~PM+h-4~Pl2kp0X>%J9ENJF0jbUt=5=3j+$}m*HXa~RV;5A<;-9hH z;9NI7-}9M_pzo7CfRvAygebcrTQ?egmzLkfjVJ$H5F2eF#PI*;ItOx&aNo=6`PjfF zW<~RYft(8_0mwv#KVim@6fnY8!W4$bTxy3rO&On0^HI$I8qS6t>Yp+=Il$x={UL`! z#qy3aI+v$i5@gyV@9Nr77g*Y3qB>nYr!!hyz^ui#1_KDR!(Ky2EEApvS-FNyQf;sKl#-z(15whDv;i}-YF(492!g|r-rln}Lrqyxe- zz2#5Eztj^5!LKO@^2-?!SDoKOj z!y3w_#BkwGZ&EUe!%NH{Ai9tbm_JcBmiI$9C|Z)?+I??lQ~^k#hVk>iuYc>S@6|JjiD?<2?gpL$#T>r0n}9}Q+S zKIVF%Rny|nj{Wbct8^6{B+nN=mfTKReO=5?%Gk_ZMx)O?9=a3+l`rLAZA1f=o$muJ zw}H(~^p7URPS!r6>Z+TLtEfvK0@*x3xghO#Jh!1qLNS8_RU}NbobA-Gd{Ww6lpL=r z7$|O5z`q9p1^uGeOZ~RAiT>ex_~(829-pV!d2!a8_^N(+(f2>DcX4!eo##+(g+l{y zh90rq=+@MUfvWm9*4ZYjB-OwP(YKCzRnbUoDlU>&P{-50mO^AD{BI{*7yd%oI$N;n zF{qwxCvzc$Yp?}``hdMTBu{#&00o=K;)8w&|LrTG@z;-0oM{S|9{TSuFmjnF-;5y1 zqWB{}xth%;O)?kte5U#9RZtx9$2+6Yga_oiy zV_Gx*t~FdC8{=npoAhU`$cu3z)vjW(bDn`W^KNdk|TNBeuh zS9PO-#BUyeFA4fLQsGZg>f){RMs56FBhRnVyLFlIWv5zq_6b`s3!+Vz) zvJ{}{EoyN}V^Jd7(K=Ly|1+y_yd{BuHiqf{AdsKzQA`z9YS{vuYD!J}RCN^~n?nB3 zF1>YdhJw2OD1#=nnw(ks*XOecmI{V|1w_WoI?2K&noLyn(SkcvC{HE{t(DB_>Fnag zml9GXpCt4OZE*Zh$ohbf(fuoPg~3Myk-Zjp?eBv?wDh&J$52sLm@|K%R!5v<1s3K8 zoHks8#es5^KQ;E+|8M_ZAi?;hMj!>L;zL3c_CNHrnOy{p)?royjgGNN$+T?Csz2a# zO6_ddVe>RaLdaoFRZd>ykhTXj6}9O(yY#QEh^eo?ir*%qOC6BwLY550&4`_)G5-$6 ziH&TKibXa+I-UM3&}&01a;<(k+`$C<*0(r3fCM%^Fu9m;27iBVBj?&xdS`2?Bb?sR zHb1B%^kzW8_)q=|gp8Db^awC2rl|ZdkqUP;)rLr4UzpgG1&DL-AP1!SU| z!adM9YfD*5rX`m9|I$)z36|Fq(HP-^OI~k*;i;i+eY5b26_lN_dZQGj`o2spfO=55 zT>NWkP6~Ok3WPq^ZgX{?x0g61%dr6YyKEqkbS3jBcK?X_ljOuKRdq5C{h)W7C4RfJ zw(wXP-(Lr-RBLU~)FeBj^WBKPdxltD4`+en2^gaG(-1U09VHi^f z*_Q#gFf=mIe6(-E0X@w8LpEJZ3YeRBitDU@2R2-1gI;&T*Et{hYttF~LUZwSB3$LB zvX5UTqP33ahZ#rs`S07G$)<<*OGkb?8Y*3IDl%xAAmbQD3xG4|DdHK$se zOQlIE#&wiN7kWv5-$kWkl-$+3eP)btTZP4?iHB&<@PzPFgifHv(uah3!^Ul@x)SIN z_(m&t=#Y%4>#9JsXa9_g*lZPoMtSKi{0c)VFHK42IFqzAUN1}w*mn%5_v4RliT~@l zz&Uktt-fg>Hh<`bafBWFlZ;MUtM%GB_nsu5mSyTZ&Be@dSn*$?LtAPY+i-(1O>bxW zF<>@0cZ~;r@+4bBPskk)O&KX*Xqm#>0S}#@F8Fi%#V}N9@Sg?wRoYLayP|c~tap95 zfP&J(A>jS@DdGD9*|9RkWIOVZ5oanic4Xz@h6q|avonMkID8Ku{ZeX66VbD3j661l16tnZkz)_+*Sd=h7Sz2%Xe%YV~uBBDyjN93#B{XXrH!VR#7+@>q=QXbF*f z{%;^QA@y%6ZmTn1*9oL_RGe(eAp%ttgX@ljXF$r5F$(N+h3@ED!Tq+7P{)NWtk=WtwFskRr(@tP2*U&^yx88P(K0dBd zTRrcZE3&iiZS`bn7&Pb1wP61Dj!Gzac$Mh_+(Qe%HXvs*~YvC*Ia; z{$4D76}i31gE+GW)s~V6iS~)}#c>|aF5mJFI9O0EblB#ZJ*kUkHuO38AO?|Rts!I8 zeHkYckTLj}*DBzG01>^~R@Aybwnk{T8TVU588oCiy34M0|&Vod>!k7t0O@%>BlPoSm|(RWn=43EFGPJM$o zH7qLx$#<+9wQX4?9j+eSY=;jH*g@+?JHg}B$uluyvYT=^-*T11d1&rkDaWOr9u+~j z1f{30Fp?1e4^vkeROhlSg9mpA1oz+$!QI`R;O?#;uEB!4ySux)yL)g8E_vkKcXMtP zRr?1Nvu9?l?p{5H{5dQPb-r6#!!0>Q5R?QKNjI4^zDcjGwaCS;vrMz_qf!P@2y{m1 z%Qg;BL88DKQ%)n(|5a3PLpo5!5o`7~@mNrPH)DrWUJ&CqYtjHrH%(krg$J128upl| z=({E#yqtdDbkh`w((}IQ#tiep+q{*vdTojX0hS15$yZ#B-R?Aw^q@~E)tQ3u-!&2h zYl!xb+udpcO$}h|ay?v}+#;&{K;nB{)(8rnc5=7|GZG(4~2F7U_(ba$k&Ve*lgxzi3eH^P037j3-Y!~3C@iwtL5>|4U9P;-NnAFkv95k z2Kb!#&RYZ(4nP5L<%T2%9sg^lk8|N zk|1dBkjU^+^wk8fndZjMg=@>k3I?x_qd(*WKO41Vq?#~{Jh9*^k<%!1b z)ezPDA>tHAWYE}7%p7^*o+I3$BtV@a+(PyB{SeY;K&oK3HDH+#OyL1MC|n%nDf`S# zKCQ^W94rp)f7XkX++%wDtMhEFpvd`+K9OrJmZ6W^J1~LepBW}2br@IdD@!}SRi3bD z^H|n4F>g@c;QmevT@B)m_`2DY=T_Z9ucLZvk=-TGGji%oQ>l4*Z?DO>3$;Aq2F!A# zb$XAoC5e-W+-BdC@o0<4nfXa3(~` zQcUVo%R4o{?ML}f!R!vDJ%m1uM%h>X3v-laBRLYq%p0w_`4I9KL1TGmdG~WW&C~fd*}8 z(ODO57xA1CMzvJxz*rQ~tO8IafBrudN&T}Q@In}{&wLM#06)Ds6YW}n1}!U1YrW2n z;*->fFga5>sp#e;FZg7#%cn($i%|EBo?W?Pc8MW)=76;@#edrWWIx?@pW`44Y~Lc-%~f_Te5%=FrZAMxF*KA;;b4<&}YyN|7H^jZs9yyon?>f?bI8b1PT>@ z-xIuy_7$+HCBa<&@(92eK^Ww{T<<>kalp05*4+a$rq&=Y;OR*;rfqS3Gr!%AWCY~P zAtDTrvY~WKOshY$Tli2;H7;w|YIL!qcrGXu>=)HKsJu;cKZGu@F|pibrzx#F^i ze?d#nnb09vW}_@AMXOvRB!2e+3*ECIt;kkd;u8$4w`8LK;uLbkiDB0^ zMW_d)Kn5`KUZFxAZ$3(B2^LrVD=qEHG0|B+Ne0e4+oCK6RqHv8zp+)k()F{%QI~nh zuvfs7!RE%k!{1O3hy(_LT#aoOA*_cTQosB$l04GD6&YbDC}v_$_nIw1pC5t$ z<_3`zU5zb$0(IFLutm}Xw+nlcQolxB$SOG=Y3|&Q^poKcN_|!+g@Fkc1+x6Q< z%vhFBqlWKYR{(-z)Sbo)216gIT+F1ql+0ly(&r+AEk?eblW-)P(Fbv=yOd6$#c?jj z;~A7dW*@6d38WVEA)Jwf6<-WSYADK`ll+BcTxnb+i>%@nyG3CO=qobYnK;FL=OAjDI0C2Qfpj4 z+AQSJpf-l}m2YUf%hqWg2OTI~e9QY*osz^;ak5?-oGvQLt6QE$SXgnSI)vVlc`%yp z#5#(lApyt2^3V3sQ_;9)KwbhRC8+O;J2s&DB!;=pZwl_+*1{@fW)%wc`FB8A8ZeRR zaU{X#-Uq}W7#YNAyrtR_No1OVJkSeTg*XjfCG@N{=0a|X?C5dqTF8{cu&{uPYb&5yI3{lgS3kPy(NZVyYSg-u`#V+K$kd5CDgSXPsz@+JFT!7UvZCQme<{!a%XtMs#{7gnD7`@)vO1(Zef8wx;I@ONl8gR_ z1r!&j+@#;DQzE|xjNN$MbtZOIZvZdpYb#8@;lT2*r-PTes3NZ)6y@KF_-e_|&48c} z4LSy&KYon91Wnac!8`bgyzD_xnjBNldt(1QO3BEOSxb$fCT0Lu&s;*uiAV(QUw(lP z#QPd}u0MpVYCFNNTkW@%R@H-PiU`RMr z3cwFuBfg__UzOgApmyzSs~Li+gfPFGf6KP5FxJ@Tf2Q{m@?8~$`PJMAz;i}D#nRt# z1uqp$h8Qpg2aGv~9FlMM{W9IkH=o5ZI?VpBg#*ke$LXB5*-~@LzC)le*1*IpYb?Hp zT}llqA?C#w9Fv3;!88SXPYTb_8WejGC6La#k>~4tN{Lm^_8+g_uQRT(qa#u2vgd&m zEE#-dkxM9R7@qt|)f)^$htT^0$xD@`g_`KK$ShI)BzS=DMX6(GVrxxU4(%#4@xn^k zXMhP=ZdvKb?7q-?WloIVa+1YaWTJBdN;8!MjX!1?F{tdsKXgp>xvuECOfrqSvBVJr zVpMqMyHz((8lp5vmE8a$hnIH_(VcBYkBIV)fH<*f%za{Un*kJG80Ml;$c@cYVlq)U z#j@}UV0EB2iDi29neycInesE~g~UVO@1OYZ(bep7%r6W$k`i-H^s&t|eB^Oktltxg zEXb6rk?tDz%na`p!c(7;psME~pW$Q#VstBOR#&SR=AHSA^*9=`*rhws^+I^B`zhX9 z{L4Yu5vPaI(2kFUZkzGuzzT^H1+|5_H>Rz!e`&QXPC(6{bf5Mk8PNq9088QT;*t1~ zS(sA{YnGJQ%}#Rh#RB4akSe(B0cCT<^kS80(@Ly4ybt!n^+Z3Vy=+l7*@FBg()rMwSj<_O}~7Ag5OjF_8-14k8if;E{BlR<$c1 zKV9x4C9<~ns#-vs^beHQ0@g3Cv*q9M03&wDefTL0>&8wNDWhMF*6mqMX7tqr!`yjI z^tkxcqtWz>2V^EVf?WkD-tv^>f00c4;Y@fRZcyQ?6YkF~mru!xi&7asaBQI-N(X!& zDr!be(;Spa^?6eibm0#gt^*`w&%GMr-*m5>Yw!cPC1L?74Qo*8<(4HYGsVwfe*LXg zB|v6-=_4h^7aZ91mY zzQmWaxs%cU@LF#hZ6AlMHtidGT-3BN#8?F?Lsg77!rvrGY{?iAE|+{vXYs9kNJUWIT^$O@4yt8FrbUaf?Xpj+De{Wt$j z0OWGaC?=fI-8rW$!8$!D8SUE2ru^ECFn{aIsxuX*0(p85=f?yUa=ALBI@5SmT0N-e zg<1@PP?BoRjVQ6`7Vj6)Hp6u-KPSp=nGqLuBg#BUoAp4RdDVOEds`uhgTnpSM4N~kzerzoidscV%Rlm%0Q$Xk3Ge+peKPAIXp z(zKR1xW=ot{*W!#ey#UcQHEDr!q}(-Cp!hv)xmkS4&4NSQN52w`)GS3I`m_CxpHHc z)DSLcl_hQ1FcVaIZ2xWi#bd|^@{IP8{BsHM%Lf`-IJ-=IAx_}S?^(&|(NSK(XplrN zSR)I~Rbw}J5?+rlHwiRf*~xPnZ~XNRyIg|C8En$+W*vAFZ+`1ti|Z(NUL1CLL`yDU zr_kNG2%z$YV#B;3PWMX^)5+-G5&llLB&a4!^Ha5YtCiVa@FK&M7R7uP*Ev0On(oL9 ze-hVyIU+3^807_So+n`0IS(@nc-t*?M~&9TRO1mJvpm2~^598sccU-PXQ4NjQfYsy zEXS=_n-Vgl5RNGQ>lHl*9``FD3^Kl-QvKN>*V{DGVvJt|vMt;L0=-F$TsHf1ceFn4 zB7HRC>}?l9>uP#7kZ+*kNC@kO!^qUfAIeS*l$_f9v`GGJ1Swd71x3dmE}!X|HDvMdGD2ron7?&RGgNJr96FcooTf#_PqE=Xd zg^|~1{tFDa{d-HRqD=ipxk`$w{vvG8V|@8(PtI6|@tZcv-Sv>i&?eBzR=}W&8@+N2 z&d`LdR94Yy<1qniP!0w193y7G&;6;Sw#Zc^kDOkih%L3&=bFR;P6DxN4qbl|v0+d6 zXo%EQk|-d&U!FWI74Ni(?hdP>nrlf;1(WidL~A^7pC>5Sjsl-0cZ+r0-P1@Y{47PE zs=|x|N%`PdP;dIFj2Rby7my(4fJ^|30aee5BP+mzx1EFa$4GKSKGR;QA?UJO!Zfvq7X)|@7>KUb{ZERS-Wzcf$SVgR9%2{$|&HSmL zEM(c4YpIHSa?M++s6I56Id$Dt?fiQ747a3L`bl0RuDiTb5l}LNQf#_9lCqeV z%g2prRo>muH6q&Oug8pdh~3jf6azk(#MTt`pg31wzKoE&Zlv_fWrs$7J7=)iN#?0; z?;=K!#(l4v#b*fWv{U4)J1ElcoCYPB`M*T`@TiD{6OUpdL)qarz>1yD38aJwlM ztMeJ|$*}IJc3d&?Ku`R$m+a?K3ENMe9wXL|9rv(ScDY%{a!yN7mSOEh!y&-k=Ut}; zE$>9#Pc~Q&6GgvD)9Yoy3{fD8;D~-ALn>up9LAZX=Wt&%4}-7Uno?cwqf{h91WzpN z@Dlm=w$Sp=jVO=PrC~mj?cS@+v4pPJZ^(9p!5l5@3i9xo1IYOvXW#T%n^@x(XfzNY zSmTzo!-GIm3vPKiV*v*fFNH^Z2lBnIUG9xq8LvmAQ;a%qk1qtPJR~cf?2ap+oErUd z31csHPdQb-YS%G2C7D4L9HEGj3gW~nprmvNQqwt}GQ$(Ze#d5(m*AvL+0OY&t3e?Q zm9-qcNK5+}8c0dOlfeu;V*+6@Heb=^J^i3kQbsFGU=|nu(nf7 zO0N%-u6oN`_A67s&ysnB@r}|z zPknZ=aYAOt$g{t!4hj=c8A)Y}&ee*YD7vvR$L*#CzHm&n=#W_0EsK@U{sOXUp@OE% z>dziLzO>=lX2mS%u1)ZpC;HOV*p&(G47tAh5*7OW`3yFw0SmTUJ-j0p#%-^^o@i7D zo_bW8XPeMtBb`^j*sO3M@wA||q|YW9FD&+E$>!u zz415-?nv(77Oeu`_p!+A3I${zzG1WTWSY@n!;noTv$%AgHRrCEZ3I-{|M+R<@tOJS zxv!XAo8cfb8^pMvfI3Bb>>Tec3<8NdcCo2*n;_KBYqjGp`v?;qefeMa3M(s^& zJ2f$C1xFy22Wuv_ERklxebVj-(pLzki_$2SLU|A+TvbHm1Chdv(T0GojIyf_n`Npp zjui;i8WM<@8~s+E0Vxv=Z^P0VZ*S-~hS)rFW+(AmIpgU`G6BfZ0#ik${DFFp3ur9r=GS@*TM&qIw6T zl2i5;`%J8&TR>$|21$luZYj&Y5OIZsNg&Y!f6tCYrC$+4Yw|nGqk|A+mEtl~Uic0e z^_6x9)$;x{UHK_DeKMKuMD}A%CK3q-Qo=AYtd*{Z(pH$Uu+Lh^;(E2CeW8X{2*0;(xDOZpul4d_SG+sR}7#)0?Q*TOt$0U|u9 zt9})Ro*JzZjJiB;n|UR*eOE%@-?Pr8;1mZL^3A`h;Q-KVl;qp&EZMR{r8?-VQAwj14sAS37^-JC2$hm={{QBb{t@Fx@epQ7&GW*@5RM>ENtQlpf16i55MEYX63L5+ig1D>3&9J80F(g&`2+;{%I0AA&qhBQB z|1>C+hgQPqS2PWGh?tv$_1~m6etqaYFnz14c&BjqJ;alhc2sXYEPj%qM58k`jumAV z@E!BX1sOU=vzN;BggDJK2T=*fA>sl6VfNt z+?-|sNUX*TZ#l&uIH5m2G5ZL`>f(o>Y4HyMLEz2NL_>jlB-xTgi=m-n!Ahi`wPR0k< zALd{$li+~H`PD*g*q92s!z#?kid6y<^C^C~L3Y6Hqemz>L-ZUphUTCX{0cO_rpF~W z&|P)cT>rx}>|1nz)d^Zl|1Mpsls-#ma?V|ZF6AseZkajeWY7U9+xRw`sUy#yj!lWk zW%b)An?leuy$)b{NcJ6H)9ul2fEFo#rxnA^38F}wur&WUMw`dxw<^?E_#AM}8!#k3G7Q-yjxb|wNyxE;H$d(x4k3ZY1L z6;di*?DB8J8;Fa`VMGI{6SxaB>(EtL6SyLW?pYKAlh;e?n2u!2PJIOS;*f6D2kf;9?Fo7iP>D#s#eG}U z&=HQatQhNRm~S@fG)oW-RKrfG)ttX1LkQ6Rnt=IZN=6Z-&fK*W8Mg52|HQM}tLemn zX-aJc07at@pZE1-#Y__OSkV zjtVZMGj_rZ2dFWha8I;m+lUs*7aE6Z1F@75(eYn0RcTUbhUJG%q5P{2B{rjstRjuoPuw5s z?k$Vry$QxO7G;#6BKY|cZxmtIn~T`PP|!&}R~uk`ge&qVjI5nJ?dF>*KrzD3pd)(J ztk*PXRIk3E&EcJS{Z?Nq88Zl#;UltbM^EOT^5P{?7L$7u=y!K;!bAH74|p zVA%?~t^hr2AMa2^$O>&>IU!67-%JmcHGWMg`uKwC;{ERlUb#I%BTLW0xQkb|ajOyn z5kc>}l95f4{A|&*q~G|`em+g*Bb(+S-NTbbe~T49DcG* z>B~71#kNgDX92+X4$HZeu%`k)>n7Qyz-J|Q4P28RHHw>X>m>?HPZR=@upa?sG7KJi zYaiOLQ5z|m?s(E9XZ;s^Gem2}nZ#-cXYPkkA{U|2ixIxxJ7pweoP6*lO|vT3Tt;;s zvTb4E_#=o2|I6@~pPAqwb(s36w#UHrThC%KJ68>rZ_d*=Jik!52G&UF1Ly(@Ja?*B2s zhPgb`u>?Z7M9cyHOX;C3N`v|Vq94}fo&j}Q&^kJ~9 z#oHeX_5RI)52CN8O9z1I`+gCq@fsT(KQN=8{Iu&3yJ5gi zOBWC-(M=M{3Dw;azFlFiqaWo=euH5xA?KcgD*Tq3OR?0lAS(dikK7L;>VEPSriE6z zSYt#v`=QxT{za4kdn|MAvf}si9_Z}&+^rz2sSHU0M&DauoLsC3iILt;%Wz+)mD2z` zs!7P-KFvXhl;R7nVUHs%-e%oM+$Q;=d~!O|AT>lB7NnVsWiMBFh$2;Kh-#O}N(~`E zHxpI%0*V+)IGYhfjt(NOo6EO7t^Xkpq@3eO^vG?EyejFIoLvTT88rID=Dxb!5cU`& z

    )dJF~7GW*PE^@&;+@H2H|Xcw3eS$t;Yhz2D*&Cl-=K#(MKSr}QXYGtoQ{mf3A@p}1AP#{a%;`e{B!~D$Q zI;B*VR`Uk_zcl@RwF+l;|##IM)WOM{fab?BeASj0u(h zp{_4a)$!%imPXo$D^a(64K)?(t&>;w_aBz8x4>0?+EM}Ofwoi1SNo!t@f=mPWr})A zU*?4A9A6(`b-%;Ctr)-DbWqVn9Hk&8pzq+Y%fb|~!l#lTiz0}Qj=Ha5D65HRpC)K7 z@CaIqM&L_H`N-pm^GQCOTYeb}^HaW~T9Zi@Wefq!NWA1_QVUin068VWE2%++aT?)E z-^*9m)7l3F93e>aMyP#zUV?)n6jJ5h{3)|Onr=J8%D^`; z&waxd#*^+%3h+foC6|##Suzu{q>?gAN&4QLfgSOFf#AO=YC0E%Z5dGjdE!2mGtFmS zRk2?Dp)~9aGEb9U9uGj5S*U?&TTuYeF?<9K;l-N`rF_37*wz~Tx!2h%gGK_n52k;T z1L4q#wjO(7Ax#Z+H1$)TE7WR|CNx31_}Q#q$viIk&2hrV&3w4S>zse8!4>P>mB?C4 z8u(Gx3^g7lWrAWRI|4ITF``wO5L~j1eT7+QZYPT7z*J#_Lyu-)UiD72`zAYaGvB#pMuTp*TSY?9VG0>@#Mm4utHJjR zRjuGD0tE4%9H6Vt6Qh5KuqyCI>o;(>VLcdOAdcyUuFpEr0PZMJ_PeCMnm(FzxuTjB zW4>YWba_c_s6?W{v{qf~#jMqf;bLdhX}h#plMPI&b7^>}j9Nw6guW=x9UmvnAInwz zDQURq_>G8|sWXHx8w&xQow-qfIMXg;V!l)DP-2|#34jw#r(!uTFEJ)fT%sLpo!u>6 zMQlek8}^~g~_?kaX zmf?xCHJ#Vll1O_@ho4buVg6MorBt**^oxsUy`^(`B;=#FcF$-W9_#HuC#vYcuNH*=Y&P?-LgcIXg zK`hPJ&GxmB@+WBxRlm?c&oR=UkEa!=s<6)i8UXvplA_2Fh*(Hn?6V^*#Q0cJ)hft<|&Q?>afSM9Aj=<|Y}SRyaMM zOC`wZsy*0H4~Y!#wh2JTnep&2Sn_g`|j zL8oE1M8SU_JYR$-F1D0QcKVMldeV7s-^X&|Q#vm{z21>}-|uRfKUR0PJ&n{|z7$z6 z-(@ukYC%`b=4SvmLQC5fv;P@7NuFStMyfQhl~~l{eLCffeYLFlP;8?Md8%8Px~gU(QH`nS>HTWwIf@wm|tCr zsumOilA=(g(yJ0Vt*xa9I68r^=tYOVi3OXN?v5lKOcz+*>RZV!{wH*d-b7E28BoB&g)OvmZE}2; zVJm-rZ8Dd!##cdm>@bqan;70hC5uQH&fX=P>ll+amMTIDiy1RH5@142Sr|?aS3?3P z(Hh?4)K9_On++O#pkn$n$M43mzq`K$&^Lz^m~#yRQ9%@r@b`Q#z0vw)U(|%E2HmkD zl_>L%jpyS$S&Clr{dr82iceY_1c(T+2yp!spu`)Yk`bdQJqoKk#z)IfFy^s{yHi!F434RIDYzWtI-Mz}E=*#Sdkv9t7F-S&l9LqrX7WLv_|)eSAm+2tFzKLiMH z^SqMoXB>V%vfowSRns|Qi}RiVdsy5>CMb#7eRRACJa;hWAm>}+ott=l4i-Jow|A~c z#XPfc*wVGO*dEldS-dd10diOn%w!9JgkAIJe}}V?)$ z#k?Iz5yIU93h4|KD8u%|^=nim2jW}N%c<95T*rd&X3%=c8F0{!o6Hsh`(SDy2Slh4It{bjZyY5By+Nk^qDK5%;3L36;2+ZJ_YH=|=u-*Z8`+g5|8r}(b8XXyE+cl5D0C0eFG z@6lCmoO~L=;02CSCFVWgh~jSf*RIy*_e2KF>p2!?VlvNPVEB`M06i7f#q+y^6f*TN zt`A=DFz~4K=AD-m)Unq5_1I=-a`I$KW?t)Mw}h&ng-h`2qjkR=DsQfZk6J%!@T6nJ zmKgM(>Ddr5W3l;QP3g6Si{w zwfVt|)H|RN2aU-5t{pD9!-q@Pt032)Wp=oAE>~<&Q$_r&mhxkEdn}z=%cVJ%WN4NI zgsu{Rjv~1Yc9lzdiVKM&2v>dFzUHHZgaUu%PGv^&RI z659ika(1G9f{yN1>ThTWEGB+@ddPrx_mj z8^e2|lcQE2X(z0*j0s+g46MOeD)6W9H0uZoLk-9wBZDL*QtE=F5B>Hc=jP)5lA{DO z&JxNOIa%|tabWKRCmJ5KbHg^pFRM7aUa$6m*UN+6-w86xZZ`Fw&+jdpy&hf{_pMy= zOtG0A$%Auum%8JnJTkpofwf`iEQ`^GuL8%uxkq~wyfV=bjlKDh1VE!xH_ZNIf_&}_9 z(Pkkk?Fx4?c>Nzm5dMZUOfn!0aK)AUII^C7Sz9N-Wtq-Q5klDl#7RKng?dWOQ&bpG zxx&>x1>=pjl^DbFj0?qqx6z*Anu2nLf(IJ2D{W1!!9=9pxQUZ=_luM4!I8&@n|OAv zv!L$&veT2Du3?O*qMHOfmSX4g(jK-xff{=u{I)WwQihl{>imY>ew$}zZ2kBPNa-58rs)dKY|Om! z$lP}EY@TUZ_b3u6hrHa3PQ}>~UBHNw!J1PsBvewB%5EY0r5NBGCZ{odo^*wV{%^L8 z0f+fT;FyI)a!k?kwFY4@Ea#4IoiVufyP4gZhr*vVD_Ugk3uhG`wgz72Z=qUa2V!N5 zg1ge|Jg%YtGl*XN*P-pJ3D8qP>g3M8u6%i61QnlH&+NUHq&xW5Dof0ZxD79q9GlH} zAtx+dn%d)^LpQ%QfbGTbX2#v;G6KQQx(epwpnDLW*PO~>({2>jGiGeJfn z**T*5H$lQDByFH+Wo)vI3A|zq{9swm&(;+-7jPUas!{AW?P#{}L_^F?ntaK$q=QBO`IZo{mnIU5Xt@J zL-l2j9C(`Vx5z;6Ytvti>#Hl%RgcJv^2`l>yPbn zTJ@rwTDP3;-3y<@Lvw+DaG|u=rQ?txjzAdw!qUdbmN?^9{P82gFQ-^~MZ0qK#^TN= zJpMOG!QiKXk2Z5IKJEubxy;Oyd8qDlmTnM>tpF#r(V7h>hAXH0UUoQOH!<{ajfqk2 zk6LU=nv99bW;5qBrJR!OW4Fn@gH}F>`drWZo0Hb?@%;uKR>ILNGB4d3&`$pYw)_4X zZyp5_)NAyfH;(;TK0|29A80FCL5yNII|2N#Oh3P=7*)5YS@|4>WKF>Z!{DT7W@m@P zPL3i&(@h`~ny?@3OgsSIrQx{)%P??jvTsBq{71eMul4&$W5O8;x=$R6b~|rA>M`ITQn-Hq3UZBRVu*s`@`ShO`C9ggxcY*HY_U?C*q3P08D9wmM~3K(ivNQk-}O5bV3^r^32U_jV42ZLf05JU&t z!Mj9*Jid}`g1X0n{6{C8Z#$rE;e#u@np4>4wkgHOoo0Z_I(-sIV9L8g2=Crzgtd52 z1%gO*_4zf~oG)oKtK1M7$3Fj2_Q1Qe&)8{G3clP?g0c^q&FEp6_Qk$0Is0gQgIN$g zkqateMRGNiS?4>VXL8HZ@X-H|(cXlt;bC4p_e=kJAEpNDbUtMcZRXTySr$vVP`!Rh zeN1Q#KEsi(y%+U-fcxmfKNQs3OmMW7V=t9y&xrQaq)Vjq`+z6Bn~)8FEoC+^Q;8o- zC38Z1Ku)t;eMPBw68&5Cb~(0w(3E4C}R8`Se!fj_dEXtC01;>6+R zJNd5km9;r{5mT=nEEh8t>(n#FzzH$hM4}P|)CI}x?TkR0Vmm;LR7b_rgP6DC+bo1U zF3nm0Q;;MRB4B~e^Tp2R6Neo8dB<|kv`6c0&DWZOvukrAD*gKa$&+Fij~?A-$&-J| zsi)G(FXaFu5LkL5D4>l$tQ$`MF-tB6vx@$fE8)?1P$9}8R>u5ZwW$T~@7%x4yB$AW z>N|0>fW=>V1wlAR34ee7ttj#vUkVG}4nXI;b>Q5FUspc;2Tj_y50$EOoub>meAb5z z$xx@sHEDhBy*(k!*2NT;gT+d&c17-!Q&O}hCgwHn*{!|^Evc~ZAiY3ZtjzsylEpl8 z%68)ElnL9h=TI)%DQWydoi&vFivZZ9S>$cJ(o`1j z%*vrwet);{eBVD|wmjOtcE_WFcOgUn1l0spz4#*f^T3Rwar1G-CshLC1;7mqce-Pj zH@pHEUDQ8AoT_w%C`YLv)7NePwEX6*ZG(*^C3PoPfpYwM_slBg?y>R)QNUe$+~H!n z;SmsXt9yNH^3%NRyBqLqIx{c#!;bnhsPbitMxS&dAp|^nir&18wkLvp)`RTjd46jX z=UtxP@+!K>n;<#Ig}bL@XFK?&w~t!uGL5wOoO6-5s!z8zxV6i^D<$ZyrfW}p>mgCr z-5#X9)4ps>_%{{VhUw1Y@1;3HmYYe}$H$2~sIj8GAMY=e3WESj7=65t2k`{l=w>}N zMLT2RLfS#0_-^sqkoY@{u78>O`r>eSt2f-}at_YW^@PH|aGs;D<*=oJ(P-kok zam~>HaPrmSg*2&hs+1<=<%d2$VMRn%^h(RvOj?@%X1h36#h*=duYs!$YN(WpfcK`l z&+*1dQJMazvtsKW^kQWf zKrbkEyka|+Ft(>@Cg*+T7bB}6pWM&_Txomxh91w+Pd>0co~ADBI)~=EF{qcNaIbaq zKn1Ul*k#YY6PJ$a6rE&d{JFc;$3Yf8J`784hjur-nZ-@mw4{FU({`!UsWECDz|pE))4bK zSCs~TP8htwhow~yH$un}-B(xA6*3zP@bAV!$t}{%pMdOB+;)SQljPnm zUb}($hg{uDV6S0h(1=;hz$H3s);4QXtsIs-0sSm-L%6h$%=oZ=()>FMcvdorgI|Au zR1V4?Iqdl}_QYk@@0EWpzFxfKj{dk}c^~}*{WIXgvV5?E7=I}a*4VZeT!!tN83h+c zUIyl)FBGPfb76R)*k8ttndPPvCTe3B_Dk_ybK@ivm)jl44=9DCwQ0GW=#vL>&+I*{ za$LsRCF69M;3Y!~4Hj3N3_ukX%RinOvU>Vt-xFuRZ@RUbaAh6*$tZ73L$05;r5Y^3 zDdN3sPbF?tkL54pGC^x4+B2iLn{8;V^ESJ4B_7H)Vl88LPc}9e#pZY$7( z(XL%Re1_DLKa`B{`gGFxHUQss-K|H+zasM|UCzxld`|ccd=VA}U>5|T0`NyDx-du= zKj-=FG^`%fU(NOcL%O_9UNv|F7FOmTbS?z?y(uqOkA})N`&-&|R8*lOP>_F9;&Lo9T zxZM6_d#)k3VX*1`VX$|p3S}pSpEb~)c}s*~3aVDZBNlO74#UzPnWl@M8|9to2UKf< z+=^f1a*%-_kJcO*^DZ`wOlRm{A2*zy?Msj*#&|<>c=4;GFWsmFGn$4Kk(+(2AG&-D z#v82X6xhp9_euFv2ybget6u_?-xv^W9N2^){SsBousqNub3d}O&xXWTJNkIz1k023 z2&*mU6C-E%{y+D>Q~x<|&;}Rqa|aIGJZN#;deRCsbMer#d3_dX7jK^XW$BbPXW{)( z>kBg)_d$mA6JHUERs-@llP$%Js3;#1&K%`V{4ec@5r8tn=! zC2tclZ))4rDqbJ%R5j@IM+|&ES!>l{Xds^R$+}oxMlwQ}CNl3e)^@7FIrvxWW#tL14d#;b zyaC{~yO_lBlj&B_wM=oZbJj5DO9?EdB_iYTjFF+Ta%AwPjqr)OBM9E>HuT5lgw)o{ z{*ILw<#VcRq}wxN6BN3=O^Ien@L-DcGc-E_S4ObgswObINh7}TKWhPeJQlQqg||=d zOp86D_mMVJ+CA*Kyasw}k|$HpT6yvCZi?d@pc=f>6Y^GRi>DMQzUK!E@qAPzjcozgs@5bs~a+U20TC1_#4^-0;Ddz)ss@WH<4U!z&oz(lXp z0;JZaS*x9pHrw2POV|WhDty>!!^SL9JlN?DYvsZHQ(aOW5v4gc;c*fD+6oumgRoPt zZPEB}^rE1QYh)jc46ZLv*YhzH!8Z-;e*7H$+?l*IT-kQ^-LoWj8tRbp!f#y@?n zMM+a{3Sl7nd~!&ZP4bPxFHM|Em4jT#YJ2Z(0)zQ@mY&G5&nYKvo_vAT zC7t4*o6<`hgx8`PkEBUS~L{-W$nmQP)_Pxei=}<|4UkZO*cyR zSN)V<%^`o-MZSNmu}|C2?{{0kr;X%o2;#;zG$B*$CFoyUr&&LKhC&~y@H_DuI zCI=?Hf1RE|=xeozEQecf>$@Cbo6BtQM-AQ3vH!AyT6Ps4>h_~AerYL53V|^FR6rlngpm2RRp)6j@7=p zCrN%UlW!skeR@N+h-)Q-{!^Eo0NDGxT0QxE45SbvJ3}|6fm+G>?83iLRE$Y~G2ZU9 z{A!wv$q8Vfg%J2VleFpN5Mgu)pz=)7TJ~|E^1C|SXDuDq?xT&R&z*d&LBmwd5@)w1 zbvAr=xq)GgKa@2-7TXLX8E{#w z=~lvlKz0VgzF`cf8nrpX(q{5T`(+|yF0nmIH9`F3sxU4@^$&K02!DGWbH_y}<5`Uq zoZ?GTo{JXzrsMEyQ}csr;SJRT68^gTro_%wgE{$2hmFlX%R+#A5_+Z8Li!)6HuE+HliHX=%*}ka-kv5?=$&F%jky#W0jsPpP(+ld zLzgx(&mNG%uZKPN{bt3)jN`Uc4t#!2^0aRtkn(R-2%X*pP+s*5pub1OQlvThlSet` zA>aAgG)e#9?y$+=`eG%+E8z8=N`WF)#&%Zwhu=!9OSF}0$cePRmJJH3d+d^KT=)@@ zQH<)SwjLSR0I8_Dy2vfjHh-Pi*)5cTmW|)v)w#8=vNkBXWo+-(T=OmkNA|$7OW>MiINyQgAyqvk4Glv<8x&u@m}vO%rrLfK$;K?QOF0te7-50Yb$5khn8}!d;>qAxJyu#L|I;{+?8$rMPJbFd zD{{*2Y;27=tYX<0Oh34NBXIMpLQJfa+x$PKzB;O^?|EC1lbK9az*aeHK)*T?9LAKrFr5Wd#hD!29K+!Hk+lVEJd|jH5%b z#En@<9%#hs_$gwc1IzADoVHbPVW`LmwH;*9+hq~WLQIWaCYBKTrJD)gUIvT={|_dK zlpQjW0GcKZSkW=NNtTS$d$oSi2&-3nps1nCDt%$imrGib$9>@K%fp+Sm=RU%$L1Zn zM)XX;aU7YKQ{k0Q&*|XNnvaqV$-_@(dh=r_-O~o`Vwl3km+?{CJi}*Fqm2QR6AC6G zsxQ}VMys~8#K=4aEMGPAB9%G)%d+m2rls3-%KB<) zTf1C;dAasdU;m-i)<-ks=A&)QwOs2VT}3G)k9L^8%b$#RclI!SeBr2wv_j2I%H?=U z{3}fwKa#$K8pA2DoEvw-!tdg`n*?ZF-kg8A5&ie_hw(ZLE@WohN9u$HfZR0Lz`;$M zd&ljgjc>fxp-cyA#E?-LNq-2pekjtWY;IJCuGBrhV~q%0~oy zljBmRrxXAP3D<`bd;-vu`s?eZBnsiY?h_-diSABt#errBj%7W2)d{(w2`PECi}{(! zvg{yq#D)dvL(+)e;dzH)1XqPd3CVZO*H+HjzXU>O_Io#Zx!aRk(%Yh6_S>SeNPfrt zEiljV#@ABoMqfqgJ7Y0pjI8WJyP?w_Yz4=s*drz2(3W5?;dey$5IfC!kOys}B`R>@ zcqxDY63f$jT{>E^F2mt6 z((Dzbe|x1?k0PT|XX^`;sIpQ+lXzo=Uv=el$JFRb=JcHx-p}7TIyQAhiFLgg#>0{EGFlW7e7+ z>KM9Zb#eU*^|*0dC*G##1^01#GKHf{MBfuQ6*4SQVXA&iPU!5JqBn~-&D$<<)~~nn z)PRT|^7MviEZe55mGzt54jrjZW_|y#=tN80!^@>Vf)O#E5|}(S-{;Rfb!~oed7dbq zZP8@`7n06Um^!`5XmlTsPaQ~WQpFVcO$;<(!h=%!Yf66)WnV&(l-$Lw(tZ4=h7S5W zC3taRs^JhdTuRCdj3KxZ5j48hwimpPAyKno{d&sF(-+fWs67$*ezoPBSsixtk$<0R zc)X(9r*$Sn(Z8Y5(9ZX{D@}c5faMxokYo5_ zb7!mh;arO0a`a{0=JydeJuZiWSii<@A8p{_O0SV|>Qbstv2D4m#mDN$fylL9pf1o* zZ|*Jd)uX`=;F(#FZb!QpmIPo!LqNwySN44 z-xjFDkNMHmQcqEXe`5U)BqMYd-3_NU4XbG(StHyX8jgaFdVRe%9S&AHOYeCc;alCQ zuy4j__3w9CGpmLVab*K|nY@`f+t=soD^S*qrH_{gz-h{J*V+T4pIsD|>XxSV6lCFK zwRgW(uP}}BFL(o$W$UiBvn!?Tye)p~eh)Wt`^sgUH4a4!Y~JL^7C-ivNuWl|#@$cr zZwwGc4^mgP)b|TAgPRuXLH|{se(#vq*m(UmFq^k{6EwTL`&n?5V?%h(A8n}6hsujo zH>f;B(4k2{c8q$g*71s0G~lcD(MJM z$|Z67CU-2L6DH{l`c-Dw3`T?bJnms{#c$No{;};B8EGxvg%-=@(ge&i1&I!-{o8u1 z&0kh!Ij)pukn+D<4rQr$&H5nzVQiWG#?d@Yo^?WSOrZPZ{q;6{1;*q_=GN%e{1pI% z+jf$HHt!+6T@?~oy&)yy0GZ>&RvKhqF?=#!E*;9}4y5A^z63jmYN_P(wYpooX?W$0 zWe{~(x5qf5_@0A{w3wl?iMOlC{JZWL6vC@rD)fEh5}tuSeVZlxR=>txV0P>a3Or8r zq$73aTy(Ec+X$K+RfT>8`dFl~o9o~-^xHl7V-yEYPvGYW*PD&@n@&e_S`P9423ci@ zq#v`kggLz)?XPOoV9cd3JqgA94`EgOONCa8+|hKd_#keV(RZj4S8@P~IZ{IdCjC@N z2EUH*qDYg-RN2$g!}lQbUjR1XmtN#4$Ml0Al7qbj-bOZ?SuU1sVBfl&jolr~E(ZtP z^}f7_d`*U8gF?^l`e(*T6pzzIL95$fgZY%+JghOwwr4~(r3qhoziXK&duZIx>be_w zWq<$O+xoAJY8}nJ_B~;P7iWQuuT8HnPL9OeejmSx`JRDhL)Ml`%=Dmr4qG@l`qLqT zf(m(M3m7+O;uMoxycm1JK%yTh9%jW~Uovf1=^aB(jiL8w;xF%XE)n4L%5!NMLa#O* zy(H-!wtZ2yu)<08*kZAX(PL}Xi8K0x=MuM~7tnNQaK|^!{MFxZHoM}&Jg~h8f5eU& zM6pN(0JGo;4sKyCDa3cq9JDVgtt*`Q>>t^vW}+AjQE&NRp$> zF|V%;o&LH_c+kgqU{a6}e@nX#B*c}fNnf!FO1TU3GGNfJ{gu?X-?zL@vcsKqTwM3#K9l*!zi_h)Ikz&aPF5-D$aiT8r9mR2waGX7a%xNy7;)6*>qM(b zuVoNjrxqG0eHWpr;gEG|p<8Vc@4kJxypN!ybM&l)nX7#Djvm$XDG(*3wo~C%-dH8} zutNrUI)V)HjGJ{n+<&C$s=RSMP7|NQI!gj!EPT9*=eZ1GHGrLF9KXq2+MK(%ovrw| zEBml-b?tf$EVn<90zMqqCo@*~H#)e#R($xUvLNGLzrw6quD)^fOuxz_SfADv34coT zdFm`q|Ktuza^Te|&+Br6;}c`FG=z(Ly>Lr4dS@ zrm8AOSgcGRhP@7}o+K(%4Y8xEtt&A&9RDxK0spmi^t-ce|2D*DgP`2b8jVq5Ut1?T zYc_7V+MOKF7d@Jn;+3)hn~7y_X&wRgmpbC!VhFb>5arw_yxL4}Q*+hr)b!yq6EZ~8 zDU;!U@1vI19G39pZ<=EeJ+1|=HElwrGnIwUtU)RGi`P}-xEvepNmXy<48g$pS9+2b z+)m2x&n{GKERL@TS2}YL;zH5I2iZ7|;fj&lw$El8ZQj_GcU(N{QTW@GINpbkArHu^knkG zeAO%T=6|f;X~cEkA>@x`2dbsy(4C6(o0Bu&t|u$zs*Wibipyz%oT5@E`s-J0w4rAe zs^v=3K9f9vzUN-QJ|5J{Q%N&SCbp~wgfZHD#tsfXqeVqXXO_5zds@5pvOTqSMBTr~ z{;sOMBGDY^ytM4AyIo_C;3OrPJxmwoS7oY-Cwzb!!$J(BOf~rqDFAnPyrSloUI*%* zHGO>8=RUqFub`kYT;?i{DB8XpCzYHD=+r@BP z`~)M~<7(zT)donjl#Q1%Sx`B=Y)%>(-7hSTUsalNau&O0re*9Bf@v2R^ zXmEVRxkGoE^I+?=uT^^}Jk_+Nb;I+eNuSSgkgV`Suen>Kr1nkgbxe5EFZ)BLSGf1F zQK8L9uA|IPf=#mjy4_f@2($jBZ4p@grr%)r5uA@^%zK*Q3Qrg_Hep$7}9UI6X76#qo{qQ-FiA>bUDV+MXv(#cR3r zJ4$g$LPTrANOQ61NX$;`7g|jZcJ6P|3LvI4029%V#>isdOlAvTC{;1N$K~n^y~ne= zCPL$qny&oKo#r}josXL>%}Du?-G8wGwFy^i>8dC;~$SZZ}F^XZhx32Cp3M)k8< zS5gZ$p0ii-Xt$u#(eyH+@FE!qg9>okT^`b<{BMgG^%StL?UBRuO~R)$`UhMQ#oSk4 zWo_QrwLxT1d`8fE%% z3lW2pH>C4!=0b5JkVBS4wa}trRWM$9l_;b#Qk_$uaf=$Hk^nMVnjnzVPuvnJQcxqT zVVHsYvEf92#Bg&I9N*!a5ud(~qZ6%x$PZYzwPKdpCtOHQa3mZLqRfa>4`y558SrZ| zG_K=<4oFcl&u|sxGVix$)W5@}icNh|2O(utdiFO8hTWU?(&rO@Kk-J@!N17+K;Al{ z+xGO)6A6lWf=9;q!mV5DnR{ABtj&IYIf}7rN#ADfp#=t~Qn(CGokRv)I*wI=#kfqS z;%-{RdnukKo(K(u3)NbNu$mHGnfNsi(|;kynbXc*N^RK12qfg-&&bP6At>VOtunNy zmVo^}MU2!~FY63uJ0v-k^YHVYvb~;Gth;0$g{AU;^LfJ}|J7V$U3}+UH%Z6fH@n~8 z+Xy0A2{HQ_%C!sX69GMC73qrM8D~_~+X7o#$8_T&YH>bvkbj{bHppOPv0(g(X6sJC zDD7gVjs95L&1#Yy^2M{7Iq?X}5cH0f?oyo;**#@538O>IV>Ox@2;zO${;5O|rUOg- zL0INq%%tPhuw4TCzkFp={<+E|egWsU=fjqZCUD=H_Td-YDdJXk@O8V^+2v;caZa&A z?~wKv#kfjttmN96Z(bsD=Q(XWnrDJS1|n_D{!2d+fAz|0KgL&PZ+pBcsVh>w+BZd1 z5j+w~qVpzqA!O=x5)r4FEYV9|a$Y?%JDaP%*VqR6JQ1P&_wyl)0YBMvJk!zVjRwB~ z>}MO{0c&-!kF){#CU1YTBZ~-z98{GT75INR-=ocv5@N-;HTl zWJ!}g*joqD%}#7&D(XXLLe5mVFk7c(O3FVJ>{NDbqj)OTWcG2(+qW5h+{KRL#uTEu zidK%vXZWo==7!V507S-m5X4W3;gQqRg4CbOHJO=3>Lc){3)JWF$x-XHs$YN0WMWKt zbpy(&`9lN`$EbxTfu$MMlM!SM$SPI}O8!LA8V`LN1)FR-wi0tLzJA9Z|J82@W$aMa zCp*HU9|8*0%?t)K(M)3fgvc~fj5)%}z$kzlS`eYde9GFS;Ip=^x39UPTo?R*k=w>EzxF@s7N%`65tkcis&u~z&SP-lLssT)h0vO8o{q5Hf z6Z<67VHK6c&@pf~cm$r`=Ej|;JseHdn{^iQHXvn!O136B8Ka$>qaGFi@ z7M6NRjQp47P;l9_f+M7rl9izwKXAA=FnUXkBBWFzI9|+zp!!`I1{LmXXh`;Na8{y) z?{EGgJD};ge)Dc5E0YpendCMciF}85^qs>WcO>#6_tta1rrE>9j(+hr9o1hz$)nk1 za>wUCat~1v8RQE$hxu8=21NwBeR7MC)*{=(Ln@zoc$mXK}IvXb`C^`qs|8Ja&Bb|~%i6pP-&jxS8h5Hf}#Za+*W2|}bANWMjyDn+8%+rN?Pjl1Xx(wedk(~JQ zfwdZJF28sbVpfMF7$B$~P#8-E*Z(Bgt08ONhw=DtqbGZ;-dFGP3}@PTo}tv(6U?wXM@LNg7t)3lTBuzsCkkPw zy*tNL^Oy=Qu)v}`6@CCrj-o868XO=i|8KBk{kLW+)kQV++HXqLJM*%4a>^UT_BY2s zJze`sp=9cz?7*W+`ZAxCG#Pe027OybEz|DAkSPc)^V3 zxPKa?QWX(ctX1M?%}y~bRS(Zy$=?|}B%fn#+E>FJshJ`=$d1G|rfk)X!B(9BS%~mo z|1Uc7cP09gD1HQFW?DIM?SKg&n&8UKVyi7J;YMOOF_5ZdyGo6NEVWdV!((_(Ce!1Aj!-Q($hK-x!uGRD>hPv!6ZV}M>}a|x{E~tuy2U9%^ZVh@r@fd!o6EXU~DksHr z<%v{uaf?NG)|t0;Jg8sFaShsT^f#Q!ReYwuuylspK|<8>?Xp~TFGHtIApp&Wfq;ky z(cjJyq6F0ls*g_55wiX_)NvKXZvep%Z4)Pe3DH8sSvCAp!SyK4@8eZLmW(8otN0WgW-{V;?LE; z(l$aY&DwkWMjQSf30E1NBH>flcjMw6cS?G{0W<8KR+*Z~VL-_$H4##-!%-3R`_E{D z88xFA%}SIAe>zAaFhIF~Lha zM-_KCq3{zuvy_Rbos){+>sLdDRjg$L5+`lwTcaiv0g;*#n3y~uaHp?U|EPWaBUwQ zRXxhh-@{nZEX<+}UNij%c0P1}`G{Me=t!J(OizivW*IaDypXzQ$Z7tY=)v2*!n+j3 zK(|~*HPmIUUtJkv5s!iA7_-iIF@!0IQ{8e*Kr3!kwi$wgXOAeHe}FADrJwEcZb`o= zMIm-+p7qk@-#Pwiww#LcBxt55bN z@{xKd#|hb@%QDrgr=^E!vl6ozs~s_Beur`tMO~NMfg|^9p}8(F-d4wV;YX@LBf<&TaG|R7I-gcsPWzp&_F+_D~J2 z*_ffDEelPm87NI;`z^SC{FH_HkmXm%Ced^&#W^7i@g`V&#P4`2n@^2893W5J9X5TN zAv!9jKu;QlSYRvr$s-DKn;ki#g{R9LhV$*NrRRscSam^>H7_R~-XQxq_zT~YZi4T+ zTu*iXh#s(QPq#BUan73)w0EJ6@Q1k{9b+zVuK}6@<&e}iD9oUU_4f79!atb=G!u)p#zRd@63V$64 zI@WB48~C_~+=)7DylnHqVQAeBz3N@Y$MW*^V3^kMO+BamYnGa!^=8a}G>FW6k$e|3 zM7r2r(wApQy4b!FwbbIH{ClX1wt0`iQXqKL;JfQa*Lh(|wE)%@7u*ErpO|E>47rP9 zBdj}f;Uy&_N3;dCw3$&~4sD%PKXOD}uo2GiS^Igp#73V|3V%TO@ z?4)uxurW+P`_bDs%7YDFLij&ayM!|bGR(F57!aYxETiPvn78c-$)stSH2)Uqf&Y#c zD7>VgU&fSFD|Qb#R~H|A%`ujaOvL6(VUqnW0HiC;f%L!b&n%G_@xws@4I?&64hIfhbT``0q%>4|J{=}yP zwSkV2{PSEHj9_4gO-8HLIR{i|ymNM&rlOjggRJ;B(G#4(j}U$(ih*aT=bI4;`5|1C z>Y7`>{E-hegEl8{mxIIQTX^&EC}AD_BD`38^Ou0Vc8Ik3fa{moQC%Uw)W2@l8tmKm zfwKnvbt+wa+R$6rB^k8ZDmlJH##VomQx$j?##+{zB4Ew~>p&hx_B( zT%wue!|M#BAm`d>Bj&gYwAiV;#*e!0Lnm&iOS=>&)pJLRJRQk=3kXZi2%)X>>KeSj zj{Oqqg_QiE%968SF+W675>W>}NXF#+Ik%EZXv8P+*Y^1Tw5J8GpPg>#H@dzB-F4ZUFw^BV5*1u;p)8c!ag_JbYt zlKOJopv(M4sfR*b?eXkofxBwGWjYvQm8#u>>p9xMVZf!B`kOk{if*Id-!7gABd~3M zzca5u&O*s6L2U}np`q6fSCciSe7@u}QpfP!?}A(BYaNkhkDg(#-=mr6F~o^?x)r*g zP?dKY+}Og&TdeyTXV@7R&-TqsmD~fT@K$%J4Qmk=^f;DVh1KgaA|uy#Q^avY7l4g7 zP4A|rbotIWmitML*{{mS8DfMRuw{@(DyElX(h;QRipY554QTMxUN%zR!eM_NRb-b? zk4gaRE^(p5-;?32w3tBzovC$tj7ul(Svp<^77lmRlbaCfcsZ(UDs0T}TNbgNIq`n3 z5an19*u}d(xwY>o1n8hqdCd53PnR6eEl%T#QEX-k&gFFj3sK#7=mt)gVBSBOk9iQH z1Cntb5$Qn4B$)1g#3=X75XYg?)B*#sVE{*O_p}t`@BM0f!sM{fwmybVfC z%Ff6m3?e9EdK=kEdf0-{B)UY|x=jzQ^o z2zNTO)z8|xGl5wE12vyGgu1NjkJoN$d(gWe_h*N{l#SdU{ZvlADWPJ3_ zKSR}+4j`z6p5`U108?cV`yHV6Evt6ij+5ImoSPvhi_afrlVy!ucx~+Yk*--MIL35Q z{B`p{M{ull;i{FZ#fE&4^uF0dF6c;7PJk)sxh3hx<>tEw z%t3=1X+S@fmK&o!|P<3IQ3V%xT6kIY-bXzu<1)Q((*_ z47gfkx{x9pxvF{9zLNxUfez##phL(GllGH`ylWLbJ7w2!^5nl6-&Wd;*fMFA0N`97& z@D()M115qgL^i^_uT6{XA1|^#lfrcXdng{`Hnlir6VS=os#eE+>ey`6jbSLLFC&V!tCcVsQa! zGQqJfz)mZW(qSiP*ytJiwfNn`A4SjpV!u`-v z3(H?2bt0;TZMi&!L{TA(ClPU5s5^agpJF*tVSN`_xpu4@qxiAnjtd`4z_YQuVHBi! zxMjrL)11hz#jagp-IRKGZPVoSr=?V8O69G(GK_$}Zif%3*T(waX>eA#+i$9htk1* zhMc>@5<_2VrCtc++&QWADr|fTu$C7WY*k}uNz|6Ew(;ak1~F(WOXLAIzhr7RI?J7) z4*=7dMZUY2HHs37KiC>{Ndpt-cGgiJ6@vQcBr>OmmkKqRhZCxXUqb2lh_sbr8oMN| zJiQ?~8&d~@-L>q8fzMr4Ql%<^Et)X0NjMI@qfkvh9nh~02K}l~j;>-~GIcyF7wgp~ zS10D+XNYpK@(z6-u)l-?h;~-m2wh@pT3)gLQDd)6M06}E(Z-w&swf$&)(>5Xz)65w zx$t<9VeC~`2g)#w_1B1pc{M(f!OmYB#b7R1Rh#OL52#C@G_YomZBgE5Gib)A=GB9(EM4&87ALO;=h0nPFJJsMcgJEc-xI3;2?zt+ zk&HKRNw?R8;;%!JSkVzlN)HCMrlK%$9MSviw?o+LNjhM`$#DM|%AXm`b7*;rZ3sj8 zvqiHF8RxeB(NeHzSXxm+_VqZmG^{7Z0l)DLemVj4SeP4(7*}Nd8@N&79HfV4wE#l- zU`XvYDT@?gumxcy*)y{dm=%0$MGj)j)f){7p4HX%fAYeu;0Bs+^0@{Do zesEK$>rRt8gH=xS;6rSq_)QiLS@W+aGGbt13I|3$pD}lvavnL()ZoyWwseYq#s2oh zm1eBe5$&M6dAoFPm?hgLPfkx7qf6>qW(Mo?6fP-{e}6&;_`O3+dW<$TqVxNv`|uyG zYk=>lzikP=Bz;8aAzO1+ss^KA;J|*>!Oo*IXr&XwODqU3x+Hk>lIihTzYH%n1tIzc z6uZ+JzTXE1>>Er?wIUi@r??^(DiYIvr6v5d)T_TYj0|``KVw0y{(VUp_*ksHJI|{b zCe@D12=^sUpQv?zdv!@}eC)l>oQMGW(0f-C)V~~wb8KxW^M(2)w0}*J+>~7^6I9}# z5S@`OI!NKkVY^6q1u@ThKcG6p5nS`US=_VAm(cS0hdJ8?+&eT!r2YKsgeo6?O1FDsrkGVWNjdqZZzO&d@vH&TS3`{7Pq(V@b5AmbM^1BF4Ti(Y$^NKUTKynx zH5h5)ya?S83-vSl{@~2g;rq;o(*p-Mj@o7)x_ zP80)0ozzaDkLie?7=%oZDj#eOON_#)sB?5EjmA50xv@b;U-)hHoxG~OAb@~tr*2_J z23mjKMyg8{zD~>%H%Q1t#k21=VE>A0A9P-YXGN(MMJg$M;?SQ`sk}eT_?M{>9O`0V)e%o?Mmg#_=qnu;M=UO@S32pN3~c_dExC}U zV2FEsV=or<6|lCZz~cXi{o-ZmBEFhM-(>mvh<1-NmK(Yb=lonSy~jVd6deIMtpiga zCKr+nslOB3=9Ha-G(`FbL!w#fT)nxsFirkLMg5D9nT8VQnztE7JB-fz(iDTael0^rg7Z@zj**cdIKD3AR`N!+>rD-?(NYQzu)i&{4kG~ z8zvc5HR&D?WVCBc<3mko>U+;Sx8p&VaT21!Gu>JQQLKraz7p$=SM2>7psl2Cp2Bsx z>b4DMeWpC~8S6_2zpJ!O6zi)mpZjgOT*l^{*GQS-bC5n(-U+*AAU*MaPM$TM6tvkv ze}B0?oisM^ZJd)7U!NF5vS37OPZTEjrgjQpcJTS>86G?-Cm~L(kf&GPNtC_&h`!Mt zt?qt&+)o^l$$@`GHAMXkV6GFu99AJwp=A{d}ZF@-$|V zzdVH;#HtADV_Xb$ZZ-=Q+DwC+^IbfbE443e*H-n*sgJG)j~ra-A9or}E7V!@R``}X zvp(T~q)03JlgT98iS{#pJ!W zD?s>{t(mASVn@i5fLv86opBuJVgOCi7ctwcSAdU=ewKF84IE}0-q|`-V(DsMw_Jx% z8VKuf3k%>9Ff=2IKOvDKJZ_{v*p7n2pWLE38J4d+MSq4>Bit|aw5D8xpvVUYa)mXY zF-&*B--HbC-??IEAjs_L)f#Ccmp3*q$nkP=&sMB|BI5yEaiDI1Y%qO|J0bK?Ae+U`m4DCaS1X1liHqhDK)s5 z?_Hse_(@dw^lc0k?kOIcpOQlT!7BgGA3`3)y~rnQe zpyDgx2xS=zS1)I`KLDym>AZHG5Z#-g<;k*!%Zmn8>J=v_!+T*^qPNYHZEfbYh>C(j z^cZVe=w|_+%;;lU)S&;Sj^CWyRY>?-iIEA@D+yKd$J`*@%nSEhL?uiG^wa6})*siK zp}r;8p?@B?89A^J%cY(Sh0x;>$LUao4T|&p3t&bH14fPnu7y1t?_JT#zQc^vThBr3 z)XeX&j9QUou}N+1hN`v8M7BvA-{0!ylj~>-wh3b>AJpnmfTCQbp=p9+jC216@>?x!C!mk71u=I03yqWPHvVO zI@n?aR0O5qgg4$3Fb+!IaS z1Mxtna(D;&cyyd0Q#l94eIE^!+$EE%nnMk771@M7l5{n&62`h8D`=zuOc$K{rnNC^(K?A0V`c^u{piTO6JMb(Gh2pMZtX(Wb9N&p$XNcfi$dT(DWOVMv}UPK3D#khVM&ditT|{hLD?wtv;ve4y|;zEf3LV64?${G`p5H&^3;l zD~u!?y>d<<*Rl;5+c@6La&zx6s|+Kddb~G%6r9}Kd~8l#3|%m7v0k9Kc+jm#Jed`J zn9;kT=)$JmL=XOa*a{VO3=ooI|T-}qp({2mj6*XT3W=u{kt_dG@xslbp;mimn1 zQ3%Z@yt=*6>wg++Ur#Lo(b#B+#yZR>Mhi#QQu#5hmYg)rTmc3hU?Ac%4(SZ@CD6RKO{OS&(lis|MtFx45vbPvV?ODzY|9 zYd?uE20aOA5Czv!lI1gM5}J?=7$(ZWIK?NHQCHS{5wnkmSQXR>(~A?sy6 zBgB%mAtGeuk5Z$}wG`_{AoyV6g~=d3ZGFnEJqUCGj@_agbgaIS$M9$CH_d zybN7%WB@ynNm5HVVQk;iX^T z?2}0kyG$7V>2D7xGn~?c3?Gq$d5}pQ@^kDgO~`^j$Ry8x$%?yt06C{Jo3@BaI-hkf zvS*%4+lQP=_V%jL72|PRA$7*VP0Es*7$lvOx!)rh*2466j_%2lbwj^ekB~djnv6*6 z!8vejIQMjAmue&;M9o+b_DiBss`{tbtu|x*Lr+6J`6LYf7$!&x#W*vMHGsgi4H~25 zM%!-0UE!=k*E4&PAzNjOTlUcPm?+;aG{`f5J*7j&4i zk?S?$Q=WD{_ivsy=LnLgW&GZ%g)tZ+~t6PD9Z3**W%g`P@ zPnp3iqi?KR*ejK(R}taf5#B7@I)1W_;BCYbH^OUBX{<5}D}n#+=d$HD#}L8;a2 z>YNoC<@O|%$MRe8@-&3szx=i|tw%XEzTlXRHeN~(tXbjJ{L~D^Y>~Eq;sn)rN$Yq6 zeTKrJ8;+#D?_T5KMjPNk<4bqf8JDWSsFVitQEc`C1>DcZwVsJZ?L$V30x>Q_aaxr3 z#|RpWy2_ybc%p5%mBz;#&{u_@%Z)sJ7d+E>8QEDapZ*JE?(I6|!Vz5zg{$Hqm$}1y z(immKM}(6cb;E{*6sAfq_bE0~+8&f3OP*bT4}YiJov1I-U;g70=}Tm((+*M#BGU8O zv!1U{7~3>;D%;Q{zjIe1c3o61uOL9hziY$s5wtemr7!jXvw+5PGVh=v)g7Lvngyh~ z<7B9li;0OrBp6hMs~X`MP2*o73~ z4xQq66*heErVsol53hK@I-oLB`bOXJnwz`6Mn>@Sw7 zhVogMf-wS+NDgqygtfr#6QOn(3I&AYO? z>OAeIw&F>Ms?Xf|=UXp#{2;Z)7E_-P@Z`bibi$3^zA1xek!zVP!&kXAHc)cx>&`ZA zYa@2};TvZEyl<-fERcOOB(&5ERgKglv`ojC@!FIUFP%hL6EIjwCR{Pla4VJ041Jw* zt;bku(q{dcQqAteP264gX+zJz>W}rp80E+FO+XiLyE@bF(F0N`{~QeimlMC88&5%I_)Qfvt&&joud}W6EiT@w>r^{)#93$lSExXMN|k zU&JS5OKxBCJX{{jx+m!zOC7rpAzS$rqrwuB5pS$dK}oTuB%(6|`kkIraRxB5Ol8hM zt)(sT!zu;Wnkmc9oz@E7*;GqIj`J&9#lVe4sl^NSzZ;+l4iJW%hY_GHvRhpbX$kOy z!a)MvY3|OT(@%XfGR$%P_v~3XFiwmz%x@*6!Q5+kSGznMN^d1cmD!vQc8xC z-d2C+?Vv)&-C%=_>n=<>|_t7&9qy@K5F{UtK{ zgf$kCs_ElvgSVi1Qhh`!bLqtb&ZiU}e6X|)hK^+%n$jEcA_F_k@4_fsj5VdEKB)=0 zk<#F@MohG%`Df*L>8X^q8IsQlaSJbr5;&*90EtVpNK*JKj@x-*S+3l@RIOun`46PE zsx3{gMb{MSy9(4DeXaCpjN}>2k5m6E%6N5gFe8B6CE-WIChFgTIg>gK@v6haLJNeV zuWkI`c(d$ApRxC}q{v+|Q{o(gy{ChUXTlL|h^eUj+U_RtmTyZrd4a|)Ve1Q%)Vp75 zNU!sC_nKJ*Ll#C$ucvy_+7%wJCd0NO$A<54_0m&;UH{cK{82ua?KK|kGv{o?lopx) zc*Ln)3dDc+kQ>u&Pea<$-y_zlRF!YzE9)wkzWZ|Pzzg~RXI_O~Nv#ZdpF+s{pnq2^ z03a{4MB9kkA>XdYL8(6&v^pc6y|SRs<-jrTZI0qOkw6gNnJ?v}5EL&?1wy4%N&PzJ zStK=j6*{^|qAuzKgS$!pe(AD`D_1E&w*WLnO?XUtO#A?U7lohiKqXJI{ zcnDJeko%widcC2P1fA4O;Xe)Z656wZRm}|Wgp~}N6=wHKB$U7^jmi-3_PlEWo=QoO zU1NgmS^!Z3(==F~=f2Lob?G}F^)Eed_xm$vN6%Yw!SYMyl@NY?Ntbqw)Y|WZVIlX2 zY@HX3)90Dl`7P}bvIF5dl=j}zz6aVE!YhXC3`n3^VC(W-Mb1r5bc>i^$$aU&i`4oJ z&Oe@$Yb?JK%NNrQao)N4d948ivlou<=?8_2E=tu>=`aH18&V>w%2QP@riQ91!PWsa z573>9CiG9B1s^!9hN06Ci&le8E<16t+l?`%Z>h(s8r#m;U_*_^r2RxGfv1}Vd@qdY z2QddB<$qe=_xoza_6>oO>=QCjQ=7-Bm6a;E1=~2O?ZvXInn&4~I+?RB`b4Y}%&a0j9kXTH zd!7iF*e~6Hoa4oxK6D^L(R;$1X^!k z1=-s(R^L}z?HNcd_y?uVL}LMLOFgNVvhx9o5qMWF6+=j8y0fXpD?LIsvm+G?GopjN zQcZf!7YB`PM0)D{qnkv0sY7GTIzGbqQRl){Y+K%ILpnZR(hgq#5kdA->zcN4SQ$pna{i{W&yg)7yHwBc7k@O9L!Xeb$5-n?`QHCw?XCa+*!y&5BBeJO<6ri!BF=)y0a5_m1&tgoDHwEE zo!t2pzrs6xD_95;{4uO;K27VAK(QzqQa&q{Gg%*6g^4&@tf02h<1kzNUkwEZq$p`0 zAthy@5-Y>8Z!}&K6`;AwmdW^b?6;J;2-TJQrIrOPNb%pNlS6_(x;;z_m8ak@RHfM7 zjNvP!|EGR|ulN?>{p$tZ2{kyIOPvsv=^<(^rNq5Ikb?Y|xDj3Of6_Jv z+fnug(9@FYScr}J3SkQ3d^CV^-zHTiGn2PD#c_#U>v}#Zm`qb194ioG2eBZElstz3 z0xqh#JUuV(P+eJWwKN|a0F|lHkn))Q9JX=wEG!c9fY~xI%Pn0SQKj8Ns#^D)W3hDh zOgdlDWpX_icRyk^-x;^8}50_acDu2%Ed_UU#pS1fd1hIUK8tgT7Rh$`8X?n1g1Zz|Rc2^ebW{CHJzgQ)^4 z6qz=SNkg&H4`sl(-^FL0;2HAP&E&fw8x{!Ju+5^pU`TQNBSWGUcM0@yF^XBDqr7BI z0fxopm_V;b?D?#?!=;=7Y-|K%rnZ69umjU#+(5^9U4Zkya?=#pnyS}?jg~Zxg^~)-c%&9>KW}i< zYShET33J zs9n9u|B=h_*W@NRX7knuTPuo)m$Eh-;}mw@`nY~yN!8UwH3Z0(;&-fEa>RZ4Hd!o0 z()e7lV!Cmn23IS56x4X#E9b`dTipGaUq8aZRL5+({xj5_aSe z6E%+Q{YIY8IFJL*G^yoQHo3jyFn>qLs&=lP#9mxa@I>-%#H{ex-@qo|fK}EfC+Q=~ zr*b}@F^jG!9Qn+uZ~WHY5xom+KHl(fiFTb?kkD3DoqoY7j`_J5h5M7jEp+WF&KNFS zXZr?nA!%dYmHn0Yb(or?L9Rl4ZhzFRM`JsiQ4yW1f#V0@{{J!c)nQd`&D(->BOoFj z0s_)VcO#wBDJ9+gP_hYW=}mVd-QC^YDcxP)KIi;i{Qi2b3pVU|X3gAlPpq{9&cA>+ z({&KhhPEaYh${JKk~dj23ATPmjaVT5>RE?Dk!9XWL%I|rO-Kynn#P}#X;&ap)>u^x z`tqfem01&htFHy4U%2W^;-SbdQ2kL=${#8BrnSIbt5=EN!>XPNS6t+rK;LK$a;a6c zlVzyRpYLr^8zh`?Z?xJHk2--I{PQHo$DqOlE;kK7CBaE|4#UEU-z5LaQK3SBTpl%| zib&TB4U2*%u1S?ChO0*^0lfz#tFZ|3vm1O2C_@ljP|cx0MpjJG0HU*>4$7&=w+ z_m>BlhO|-J2dBdF@2k9d_59{9X*IuvYAStIC}EshtV#BK*iM@91W@(9`uC&vBmVww z&A3W$E(W2vRyhLsb84D@JYa$>SUEM0YGnYbBu)vV+f=2+N2MLB0T zvS@kmoc{ePCkL=#=)SS9$xu}lmLc)@VWcHN6P_QIw>33s1~6$iWW>Y}`$t#Bbp zzBy*UphE9A>Qvj*QMrykHeb=( z7$E>J27WLg7!b_hkD_p>m{exe!gxKz?4=GQ7n;Q9FwCC7`)`FR6v3Df zYm!0~qc+_mSrZ)ERww%k&;{cRYi$S|^qV~RPg|v&wrQR}!Gc`Ss1MuRCSLbhZ<0;c% zUGXjB0N2Oo!KW4%zEmb{MbtN&T0_2dcV8-&3pK*zl@)+xYyO70z7Lr<&zP^fPD$@} zBRf^P96S&XhpS@9ERY`3m!O;)&)6Q+&i3R$9ZOH)x=f}AK3l$PQMwIS?HN3BI+VNCb-z0)apy=aC6UkJ`dD6OWuVHgPlB6w z{u2kXTTd0h5F=D8q%?oX^7P4+&Z}(AeiIj~W41|4@GJjDh#G5(ev6heN_x|=q%^`_ zy9x0^@^UNf8Esfty$CytX{1vQ-W&BkYxBwc9jxrTvE+7X7cPB&r=58zC7Jlz#LxP5 z7SEN>^&MZd8kSgG78*XSFzU=0v>X@V|NchcPJ?g&NKSnm*~du|=P|K;r&<&|5xC2> z)rc0-P8_ejI*Uc~$tJ%uJ6rAjT)7`FjxK_G#{37h7OdY?d-dVp8zi$vq_cybvM9Hn z6%tABoIDLp*40>^Ixyc*_U>N#tekbKNB7r&n z8iu`HVCFh9rZ~i9IAtip^7du@M(d6G&RS@nI;gX=P=gczr4Lyb_^y$?3g^O(@b~58 zZ8i6$^ymw*gf=F_NC-T=ai{hGKzE*6+Wh00%4EfhysM6U4;IWczPpM!|BqaFAJK?# zI9!x5RwE_+IAqQO*leTPG}w(qF>s3dJ4oU|XLyQ6gB@+;fALrmo(BSiE)XCb(xtK! z-*j9qP#$K?9jO0kjxhd<-M~UIN!9ul&~UOZ3+In}#schlR8F^LZ-3SU?SH~X-|01f z3krmcY#I7akdplu3oA)2^??q19D{Ak1kI;7X`0xI~f8uPf;z zEb?MKM!skw${wVFf#z|{Z9yoQj!WO!qq9vI*?Q!7{%Jx&gsj#O7P~z znBv`8k2xuBuHzV;f%2vEZCU35>!S@P|ElV66f}WK5hKYEl%P#JbQ2Lr|2E3>v3naE6q>N^6t7=0e$wfI>6k|Ajpt zu`nMmyyhTCPixf71dr|?J|zm0oZ7JSN-6wUHJPDxS4BphQs!8M$a9iJ zT-T$a-v;a{i8xmJWaN~97Lq(8n!HY@+$0Z|qHNxM)z2y1Gxf$QH7TY~NFg z=v-$_19=gh#SQdRTldPBe4S77@qu1OlTVZ#A}-D)#jI0Lqd&!xH!Jv|5A!!NKHBv% z5VApqWHRc5;YmXZl{<%chOihqF55mIRPkdUw*80QMnJwHpbK|Mx{!Tf{eDhZ=Ni|m zR3Kh2OzFs^s&bU=!E6WY_p^VqkJdz9tJhdS zNE+*h_n#V{#BC!ugkwlJ%1NXQMs$oCVMUbA%NLErQTWi)u7MUB^Pq+q82lpx&4AQ} z=8d)VPs`cwiPV(-|8cWkR+b)CNpPwk$yjP zg))ftIirU`pM}B#-_m!S1hA?x-dDa)pRv=!g4E)Y@)w#ep686A@o`0cit$%a_1M+I zifPOuAHLRM)$DJ4GJ1~gZfsa6zFyxtuzm&If6w!PWhu_m;)qPqDO)U4W0@J9$oV5@ zEiqPSc=0WIA&vaD=UnPZ4i=}1ylvZ+0Hi+OY4`ES`5U$Lk1xntG`42DK#W)kowF96;Ld}p z+7)%cUitEkHlFR)cYL0VFi@uzddy@|_-OT9_L`3MHE0+hIXc9TpDf%(Dti~(%V=e~ zLQHH~Jb_VDT#)?<_uYKjv4+`ZVe)!7I-|bNtUu}sQuNy~qqxzqez;GQcIpPhCH`mJ z<(GbUA~WG}732A?z-zhtlaXYtE}PpnKc_c)_G-=S=`Ba0jF^Fpr}Z(#f7mlRGOyAk z;o)-^-FLJszNcbp#SCFJjHN%=b$|1%kd>Xr;Qw)Ew8`$dO=8I`7w|7Y5#j`cA%>!W z*{iMspD>RreZ%wPjRRgZJ&l1RiEoA(*=|V$CvGr!Z5;R?C(fiH5EtE!yR!`2Q^=b8 z)^y5Ev)ZStEbfjATCR3Af;^9S!g~%@YkuXGNRV4E0rx zG~rO7&Jt&pRwzY=vLm1Wu>}S2;7}^5$+8(?Q&x;C3ybNOLxL(ZY_y8{yKVhWW+DnY z0Bz6zl;$m+4y-GNxGUuwqi&yeqZf}g?e%#b4GU9ofsdMC9>%yC;X=A)Kp$e=aED!U!5{M%MclQQEo!Ep({nv?@RwM0 z^3fgnTp12zYC4cfC{UpXBI7H^(5+V$^H(U26#aI2Naj<&)5G#k$>s$u`$b&yof(DSIk(5O85Q#M}rd@0oF z)3}-P1N>!M_`r2qLdngi%W|}b*5vyYz6T|SKMuU8c`AlWQHPNwX7vgAE@pwK^84Lh zal2awp&EAid9RXp@BL8w1Cm)>FE82MO8XXv>?^oA&#~aY0R9joB~lc{-k9#8 z_dd{0*xg64`O^@&^4CfXMkuhbhuF0e{(W|sZ%%(_NMq=$vgo(yw<^uM(_iEZWy%z? z8-4gshNYLIl6hDjpRHtGEp&s@vLypT{R{6)BY{G+Db<59yLQv<7$^!s(c)-DE-rV1z1<&#v zbJMr0g;6_A>~Uq^taNgwIkp1l@v`-WLq98?0O^CFD-*fN5-T&BaWh6`C}>)@uSAR7R1@(%OrX zXb;(dG&Rv=kiuBqcnp|qLdB5`muC=A~P6q>b z+mbz6ercFz9jgkkS+w--fao*+u|>BVXZUZk!^8F!DET89qt6Il@E1wT2T-$K5}>RC zmZgvqr7O~yit(kqn`Mjdd+1Hx>}N4tZA`^x=+n1z$pbLwkICS)-Hmtmx8a~n2W1A6 zQsq2OaBPQcfhWr=sFed{gcPfH(9A}e!Fhfgy2~>7rN-<)!v^6Xxyhj*F+rgviM~`; zQtG-H{8k7kcSd=2>9?=a=F-n&G=nZn>+b>=R?3b(ho`DjJ7!bdW+cnFw`FEuoSybV z=|9x%v);nVIIopG%j!cDf1B}Au95#C;&A%9w(PzyekT3teow{u-U@lZ4)LT}Cy#hQ z?L;^dw|I&c_(iUR`sHhdlGo+$(lnAD_U7UrccT05PB=dHL* zUo-Vya~<(At0gBYC~9*$Vsvost}1{XyzR%Kh9%))sD?tg1`{)4mF5ZzY&F>FN-KPE zV9_@ma70~w=n`#Z-@mvW91|!S4Po!%nh@v=9LDf_XM1V=zB8~IY)-S%^z6ds{`i!6 z_O`}@fp^->F8SQ#P<+GZAXU2H6AR2KzFBW|JblZ?W5P^p(jABx%$`GZ`m;@LCv@yd zOVg~NZKLsbj0c?DN%tHL+CCjFij?{nza7#6*VkR)!6Y~zN0Jtkkmf%hu(^QQ#j=5a z%MC^+Xx0Q;t-DWNaB>a-j5i_Wjyk3%o8Qf*7Eg>Q^Y^J|2cuK`N|wC4cef)9rR9bL zh@P@3Kc3`%53HR>TG4bD=D&u^d7FbBo!jDfZTHPs^N?^bNKd2vx)>aNkS3je#(A`X z8a9FQj?-i45xHz+s_Ffd)$5SGXuzro+%!iVKs*C0uZiRLd9S@sxXxOeZR?llp%U%k z>abO?6?Gw(c|SjUqO?P1$`-U*5Y|##W}wwV*@()z$hG_#-AMNIAp!rs5RHdVZREd+Vu3^?J=A#nolRNBDQtj?t?aNJ#3@MEUS6 zMRTa8_=96yWP&DvTr5Z~e-=-!t*i{iXh1=cGQ{*t) zIbo?kKNLxs^LmSf&&tkt)`kn8aNWY;CU3BeG)xY}0q_yNxvBg*WgDFhRhXF;In1d3 zyP&`z_B1c>h9@PYJ5`sq^VIC6zH#P<#z)9U<&n6DvId_Dotm@K6W8{E;g-m&bZ*$l ziwisq`JeoR1~3=8w!7L?w}W8sOctnn33ZlbaT--~;(USYNFjo-zbXP)oLB#xaJG#p zn;@_NLL87l@E*>X`{Rl9>ux0k&Z<=#xVd;~T}OUhX2&7vPsdYkR8MW}=6;*?7Y#7= z_OEOA7U}ka?l=pOOLpGw)grI!*KrjpPvB{D_{^x@!)yDJzOqgEm z{`PaqppilB9Q(O{3&iY7t#t<&JLST@1KUGVfWP__BjzUFr~>$u8d1H=RUw-*b*C;h z8p)O({{=68j<1z>>~wxpN+$hzhFE7&@M$M-Zkl~zK^TLx*YjcE(wVZQeRa~vGWN*4 zqLcVnK9;Toelf`poRuQy;g683NjGcKTFqKc*Ka-YskjUqCtOYbE!}Ya0oElP0?Efn zeMH#xu|c9=f72n_zok;>c8Th}1Qd%6pmwdJX02B^-h{ryyQ@Qzu{C?449JULJz`5- zd^i?nzmQ!VdGaG>2Vu>-Fzh9ddh0j2- zPH5hBrS0HMAObrWRAAws3Qx53P5Tt7b8l|!+Rj~xq$-9)Rmy4+X}T*cy4sZ~$cja} z?5*qcAq5Q!TMxXL|LXX2TsL+%;FE6!EdFzRq|MS*Q}8ragFXUF3DGxZRm%j6bCvJC zbUn^ufHY%m3v^sGN|$1;0{;yc2#sfO`{bEf; z!|4JYJ0d=c$)rUP{)P0boU0)6=;n|D10jm*=<3e2vE>V3)2wl9CEj3Wx4B3-ZTH}H zdOFopn)QkM-ps>vjFLTZ#fV``fRz3E2`wX2<*fIrdK^a#{8Vu0al;Beu7V7-w07(* z!4G*aTioaYWqvI9eD@`m=)^a%D}mvuS@z~61ja3(sZc;>*U8OY*kidW38cHGQ{e{| z3gk;P#qhHXd!Nqah!RwJV{1bOb%fT;fEv4OF{qH!{>Sm{Iw5d#xuZ~7EBm#?eA1pJ zb=PD}o{ihuHtZb)=Q|J%bKL_80;sdahCkV)6i1(jS9#hkBx3|tW#T%ShI zS{N52Nq7RlAqBPP`P?hJji2s^BxOrU?#KQ9Zo9msxSEmt$o{|2vo zW8IK@mN?|wWf*Oo2P#IYTtJpn4Z!qgNG;bVbq7vmsk0SxZ+3!@-tJv`|Cap8a?l^b zCgg@+%TA<4xsiox8xbl>SgIEh!z3dTe#xv#$8WBU#vI0-T_${}SjI)~7$!|s5CO9tL$`L?5e+@L6lhNh^tfvPtP%3w! zck$-?Y$<1%NpeZN`#y)ESb?*_l>5}>>5odI-fM$1-g`uCqYro}z_4&ef7CLKR<$^yX z9H5`zwIay+Xgo1OC>`25L_(LwkPlj_aegh!3^+SWmW&Wo&UjqjHLdN{(_kK5Z2i!h z_qsnFQDm}DuYv2nH{Y&J%9N_`aOe3-5pPXWErdI8+rj?yCpg;c87cuo#u#z~H=T`t zMJwhobmn-2>=`G4FYL4#Syl%WMSNFX@4M113(yx37M!RSMgB82Q@gs}OF#weIM9#@ zc&XmTLn5k8N(3zB{29ZFhf*5-53X{Zdl}Dd$_DgQ&*!Jil#h;M!VL<$ElmkO^Q7o& z4tJ{ZEpublw8sgOiwvwQ)J*wvsYJH-qoZ+a)lclazCB?M9u2j$TU8rx^QwJrZoBHD zbctF9++%x?bS{M`o$_Efjn7R+P4z}(QMG85c@$$QEDCP`@L zQPC1Hv(FavAxCAR^mPwU*gMhrRQ!ew6SqeHc0-byRz2+e&-*ajsDy`;xVA}OOXHy^ zNpuWu(|MCA>3$?F115 ziU`=5%k2^5_XwUBnk2U|dHDTeeD|k)8(x9(S3y?~!e^5rLt_p$ob7E}2*Tmd!C#Ic zRp%*~81OmAz@Atc&G42DzA_ta0arvvv4j#PC7IQOmV&?1|0lr|S`0)2ntvpik`w%( z6w0v%=Rg#|7umWi2%rwmPrdO@S`X*e8K}GND0O!n)D;pwqdcBjARZb7fYm9nSJN(w zdr90TQrq2>V-5D={Ah&wqbHhYs9?N?T;V|ot0-o5Tn@D##vJAp$KIhM6j(-R+pCq( z2MKZc)+4IR7nfUPo0+tbw{n`i7@i#r+73i2U>G9S8Up<~xMdBV&mH-rjq|manm}`; z>hb$Ts7lTtHE&xj%Y-ZOEVh*bKa8sMU3QuE>cpa5cw6Vm6iML?{Hmwp`ftefbMNb# zy_Ua6!4s|LWdx~Ubdp4to+-$#45@Rn&)Bjh*bu!{pOnjq%iO)N^PduCmi~W>pwfa2BlK?^~AGf?Z4Dgo_mq;8E;#rK}i}nIr z#bNecET^`c8jZ+o6-sd20D0mKcJr&=Rx?6}IeW>H2=B)x=(a zs8>(6^F9)}rw=ipnTTpO*wRd<7+JCi>;^lcS7QnTOX}7bY(U zJDy07sO2;)U4L=95vJwOKQdtueW1GB?|9sC==E@!NPiwA-r~1K1D2%to+WMms3-?f zn!l+IezVKZQYS!bu*<(skqqJ-@ts0CP2~WEy|AyRiM7$poz8R!6?~xTD$?2HA7S^k z2!5Yiz{qZ9A5uJfLJWH(h;O@!&mo8B!r{7gZAaRDt=lp`m8x9Fun@IU`Uc%1pL?#? z-Bg6@6AZ98(ZKFpKkug`2W_lV^W9eSP`-u<4?8T!uN@NPmbxKh}LFC%}GT$HFz3+-WusU;%wdlv{#xycD(a zGvAyNlf$cgTsZUau0tCiW(#Iihz7!%u~GeDAU9vC9)Lv{&dLp^U@=?Ot2~_dE%&47 zwkdU11RZbOe>W+t;ZiDgm^qG$&(d>CjEChG(1M^Ga`-iB} zHH)W@`p!k@insIj*Un3Zu8TABT!&w^U~L(#4c_8N4zH7ysuOK<7G`j5Nvf9aO{OxD zcklkiaXVc!LIQp&u76;>nY#0W>{^udOj|8mN#p3rlzO&0RiL(P!OYfs;*v~+ZuilW zFgRCubFf|%fL|1*E_P2|3B@FgyIQu6xgOw@D9gR-fw!8%UvP>7sqvn~wCjBCeyxMr zAMa#Ow}Ett4;_qP{kY6m;YP^CJk*Tpf*Ce)$VGO%87sf9`^`DKJ}F`NcKy~Ub(9!V zO^y4}u(Eq%_p@W*G;{Ua-X6n&mn|O`<;@=s)eq_9032JoIzbKidsnW8o zXYKRd^Kwm(_NOOp&&A_6w!Yky2uC6UQ}e9)7`5H&S#OJw+JCaiV1TB0e$=wHeCb5A z`ip%*Xl;c2RK7`jD8SmAkBwJkaT2U{(;v*)sYwJUocsOgHlJy{-(R(_!JJ>M;UfH; z@e&Zd9C>m$yf(n~V9JBvx3)aiKS59PEVAiOM;oDWaEi`Q&Sxhc~u@m0IMmyK-+?PE(tddq3B^;3qRmap7l3Fcoso4j;YVByr> zw;GcE>G((`c|@v_yvK9@L7z2v{4Q{Mxd9a5=`f$IBBNpn&qTAzM$Kzj0ee{jQ=NX( z{R)i|Za>?VyrQ_)XFg+3SR=#>&}=6?<8IX+bAaaQMm%{()oMsqczImm)~(tQpmu zc&m~7_i71a=!%Im8dU&b2h z-hm9lQ?a^a9RqBbuxUKUJU|}A^EN5fjmayg7}~dQk<6Bol=v$Uiz;09O)q95gzQ&< ze#!AW8w;KvvO^Rm#}2YX4ziCZtvUVLd%hY59#^}p3$Q(fOGL{nV!2RpM8z@IsKKS& zID#b>>$XaUMupeEuRV;B9iSqQ)8290E)Yduw&Hr8=fMgz@TnE!Wla}e= zWK|5|q3^?(V+olFwWPKqI=={Yri8Xe#81_p3=t|f#n&cx1w>!WoTd0UCWz&M<9K~| zGMvjE`^<{HsxV{I(f!~`?*dalM|U+OC8Qm3%vCRdGIZr|PB9YKoOVSe{Zq$hKq z|M$8-#q-GtW$qn69ZGK6#tQMp9NmTn<_)>7>W3Fvg5jBMWWs(2=JtF=vF0MECBiY($G<|=a{1XMe+Dj#KcR(d zdrK#q7_eoqT$a^Wo)+{vu<8UI@_X19`$W?U!ZM8H$$f_m3Ci&Fdwa-Kvw#ED@ULyW zsnvukiQh!7b&{p|nMTRJjk0(;F-q{pDb~8KJ)Gr*-w|jCvF|@e8_rd5|E`cV_=<1H zzaVK{6GIGw;rD#2M4H+y8gcFCi}m<5FMjKN!7twlMRr#F-{a25R+A_z$9}!m7z<<4 zIUoa+V@?}E)iVp6w0|g`5UMZJ7l5|t;M4WNx(!+8X5f*AQ{gey8$K8KgoCk(R#SRCYx44|scN^+2%zEp2S< zU3EWI5$2$j!U*r(ohofKmB)0LKU7P4$@W4jW}MIIrgdK~r{VO(t<%5R4E_pmnzf1; z_KONe(drApl6QhA;o9MXkyBK%qtL5{h<$UhKo|DwZvr*MCEz_|a)UG8|E%4L3mO7Ts%M zXyJe0x^Ud{Q;xO)=(VBZPB=?I5_qIuqHMve;198!#UWBPd3|C~-{a7fj-`9lD6x`s zq;sU_o;_mkL#IcXdD`c|%GWk_v#DU(XgRwBW9!08y6T8OG(@r;(M7geWV&fb73899 zVg^GB@}dgt*#Ar5VF+D#U1d+WAOs#!=hsCNkWz~=#NjGoP3(1hZ`-tGm2(^p)IAN; z5qQ(HwOh1QOZc9#xEU(V*`^9%R4+{#)BmdVhk4|NS8^nQZ@KQU_f?W}=&sB)JovA; z>e^=SOU0p+g5gqE%rl%8`zGX^%uoeenQkbNwNOM+Pml^REbgy9mjEsoh(b^PQRosM ztd3XTeMIc!@}(I(!9IZnmv?@_M$%EGF0okN#iOT7S>v*GAa-I&ELF$ZD`5e>6)QPD zsN8R9OR0rR#wN^(qrN8T!~4U|MglZoKCc#X_xB$cle0xNL@9chs-Q^KvkS^ODhfSj29lr-`1v~-4oc0RAK*qOwTev&D&cK155G4S>dxKOj z@_wtWgMF~Q8s)Kag?M$!a2H%Yr9*D1qoA(i@Z*v~$$RU^e4<{pGA0ff@Z}fyh6$KQ zM)b;jqQ%FWBWOBRXW1d%&AOyD{ANWw2m1Qx;@+wN;?R^Ps}uYt@Z-=boI})8MOmqo zWie0#t@T#G_55|GBxySAWFg;1RBq2(3Kt7O-=4SsLIkHUS#|3)%s2Ur;4VkyGA%d3 zSXF(j&0QoK<=bRZB2Dj?)M$7#=#xZ>k_8mRxbXNyAo18UQ~Vr^tgkk@0a&iZ6Q5;I+8!t>m}(->ksB>T1EwMPPX_1yz+4S)tr3gH z^^a?1GE!8@U)FHi*Z0|dZ7_WodcH8|loCWSKx+LR;yUU>v99|NJ~H zEUqteZ=SQQbm`^{OBJEbrnE(?oRwRxYvL2c*N%UNIS586KksmmPc}8b_SAkK-X?eb zsEoN)qMEc}@ZghsBsg$r`(5a>o*iIf#lK8+;+)CQUcS_uz2AIp8iBzfVZ$uluQlZM}SXI%&hrdHtY7 zYzoCeA=|hK1S7`fq{qm1*}!+!AgZm)l^jpJ?67+GlXdJ;K@IpgV?x}!aTgF}!mFib zOBVGLXP3vo78~fc`_|a6t_@Pa-b9sq4T#7GW8MFS%R2%Ceoxs>K8QtM^1}X>V^ief z)&y0tK6XST9LnKMI*j?6b2kCg@X%iC7zJL|%oaZzwoCoKTpkWh53{MD6z(pkIny*( zEkyYJs+Kt(miCAMC(TJmJVHAVEVyQq69blpYLwd54>yN*CWME`J81ZMp1HpTT%hdq z-5oY?G(Ewn-^>n}-4V#RIjgrsuxvx3H{i#2PhWo|;*a2?@$#;}!&LuR3^ZESeCO;g zsbLQUb#7oQlF5=Lfy~N-X;r&E#u1eVzSI3?{}vX{{~1>u=O!d9*9H841_wZ9%Uva? zWJx_`ZU3=2^jqv0*gUacpkFy&r z4nv^_N(6Za((UNWpTuX!0C``*olLY*uD$DIC=&?KB(%@ALc#DNY5(gPN7~y!la23S zV+cZ6J(?UQh9H~4o)7-Y>M+;O)IU-4wEYJLa)OIjjk)nZPje@jp0ImvCdBn0Ca2;? zh^GbmSbH?S)y&`(7h~PRuaGIh^C*&hAcKvPhv%!{KtOs6sM%?&Y!&)%Nuoe0i!PCf z1}X9=zItiZH2PtEjNr?afPz4?vr91RwKDnR@O_h1eLWO~)IlZk=t2i?bXo;kwM8gaqkLsKx;NOZn4&9;KI(}Wo z2;ApAc0a`9vaqez-zC%^(hgM#vTwp)^$ZDOPTC>XF8RS%XGi?X2vcU)MvvT@+msJ> zaHAFt1}SEV%meLB>tk;}5?MyR8G9?KF>_A0Dvhnuy8iVkWXH8FiW*ZreoK_{K|vAn z5uX>BZXOA$mPl2qgoPOOHGrw6i=ZJt1onL!i$A-8owwg6%LE(fQ^fuq$JMd4fV<#{ z_o1KL@4A7tzOegCop_d7!2NrN%J;E#U#lk`l*np^Kjj^^FK)_ zXm7$bkMXj-1Q|>KZmNX`t63lFZrGK=mVu3(~}#&UxECihz;b!+qVQ!D@LSg-(Uv{N&3#Dim@Jv(8Ku!UV8lDJDtQ? zBOjlR$!mGIWCLmp38x*hGU z1#a{|V{}f4dEAJ;8Hqc-TZI%L?XLj!6CILj2$#e}eS(REk#n%{(hK?+HK0u<^HJqN z$|U*?a<3hghDNLJbDy10t*+X?w~<^Uhm<~uNjs(uR2Ak-a5bx|vo6|VdvnyTOkqU9 zb)UBCx3~Pp?I1X-16wUING9yHcL{PfCd@|8t5eYd8WtMCyB>-6e1#`Y zO--DMt1UxtS5lLZv$d|u^(D7T3EWF-$}JfpWTN^^owx{xh?X7x#1Q>3UI_3ELl&<9 zjqmcRiQ;raF}yR%(X;)9z`4?E2bV-HI8+g^^W>rNG0gZc+uN`kJ-FaZpM&5`k0?ZC z8ySfJUT*z3Th)yYWcG7De=)?3>Zka`wFlLa$#YvczEQPLdXqK7ALOXC&&jgyGneYB z$CZ;h?Ts}1Orl{>8rS7LIV9d;lYg_Fx8Y1MHGg}`h%`}z)Io8*K!Nu9<%`p0jL}fQ zyj1Vv_Xb^)vPzmqDRHwft$JpG88RF^G`$_lt$8|sO+uoJrzHwgEf?x1=zt(?z z&39>Y^pewbU-Owu9w51pBBldcqCD}_u^}wpOmh0$2{{Xqi$5!(t zyRoB3vr6KnT8xDlvsPdsgCo82_^wwrGoy`W$3y_~pN&-5gVxU98^e+ij%g1UjD?mrWqW3b z(}rnca$(Yz<%+ccfX&8X{aPt{ZQg=QD{0Nf@`}24`t!lL630a%=4fGXU;%U6xbkdZ zUVmsH5;Gv893Wi!VxgP41b^7vWk+ctP$H*|(iGc6c+q{F)4RC%YGQ%n=~_Tyv1*~I z{rM6s4hrXjJ(0Dtpuu*W@|LO6n@fB*g8-Soq2s}0zkOrFk|NuY@mP06F;YTB^Uowg z=$iwxd1cA+Jz-}uoO-3a(PWO^BpOl02O|#mzq5az_sVkT><#1~PWai4$=z*QEJ(F7 z^lFYSG@qze%4SJrh$&|t3%NlMNiuZ}tq-d1Ri5*HgTnN0T*HPdYp~84P+ahyv_pVg z0%MK1m1?4R&Y_;IV|V&M!J!a>LH2Q2V z{b-x0zAc>$5o- z&7dXK58z{C;AUxkGpmQegrUFfX8Dt~)ot>GZzAI4!^z1&PSY;`V+_B}Nz{tKb7N?( zZj-g3Dtz?Zum#sb!kUH26?HXB$J{WA2{()HVI?cpYtweICK${w!Hk3J95BZ1$67Yk ze@9KhAstS}BSD8*5E0`-Sj9I+XfXH~K?l#BXgWmP!SqjFaOr+4?Dk{!PD%$HY zm(@N)qA_0Ye|w<7d3@n#v?`xi6Zto9)m5IGSrbFV$HD1j53xHJlT8bxwpXHg9n(CPU`f>$eAhBccNv&rz)BIr!!+ z_PbQKODj4%d3EEjn97e-Rx3-`t6{=6&3#d&^FnlZnNQ2(rARfKyVzv^4sa8C*vd0? z2zLF1#z7tJd_~0QgCjcZs3+<`Sw_|&DEi`7%uevigDF^f5{?0kS0OC-DQr$i&W#I2 zDqAoBU%@bM1Fsd@cfvRNNcca`l9C-(`&XqrG6&|sIM6~_fNrHEqiPl zeyeu9QjdBn($e`&ke~09l9T`#A%M6!TbHPt!)U@x;@_!|B-B+_qkxGBJV9X%n?R^O z65IzKJyA?tI!SyTBN9(2t!#t!}+{tTI!6UHhhpaVqFnUZ(uz>-p}S;zcMxW zv0%pJWH;o{b=158b+;DV^f>DJ!uTR3z{QGuO_P)?))GB?b}?o$C$13e(3u2!&Ac)wKpymjT=ho=t$SIWQ`9J8U1g!4!S^XVGY)ptNgY2SI&AR zo5+G{d$$g==!YX!F_a~fmK{XV)lofJ04T~N+e!crj_Q(5Ry7D5m}~!5R6&ca5E^Z- zi86VkjQAy`NvM2%zcqq*mB}R>f6-OPHj;P&%g|Y@9!f0PS7)87QLz$Mp>j-Y*!|A^ zD%K0J7EjJ(ZS>!fP`nK~t*{Ck&bD^-*nqZ#de#lsK^GhoY1n&Vpa_V+=$56IFHKtT0ps{fBn4cmU+>pHClGWm_Hk_y}vuZMHB`69;v)Uj+|HdoW7@*I=z zX*cWxckfXqyK}Na;5ZYlJKh=CVBq04r@xOw|(m0y0KBK&w ztAJPNl-tYaRkQo~9*o2=Zj!L%>6v#kEv;8lZ`Zf~i2#3ATZpY^j=)0ewNbT~e_`v_ zhMJ3zZtX6ItAAG^rydFX2n^U>F;LC&hpaNLLVqRrMsNc5&L=>OAR`Tmbc7#%`nzeo z&}O#ff%7*2ArES&6bHmp!5cL6)NS9ZPfogmWULp6lx1$Y`Qop%+JL3%(2qxGTT}W4 z6>}$=NyJ?_7AzCQ5@WRiZfEshTd8~SH?{mU&OP;M765T;+($lt7eVW*tErob0zwkM z=MMgwoaR{3+zb~%B)Os@gY`$E-ye!bx7FTh-zu*{W zAP0&jU;}dOs)Ot$eU2|CJhbg^gXi&`a%%?SA3`5`(HgE0eq{4k6^}fujKlpz7o0#G zBcKvF7st%tlnvbGAWg*b&&wWuH%dd7B23??qQDe$2py#@5(Kbw_aG{~tl@iK0wGpF z)}ML`&j7*gjnFUiEx9CBH}_-XX}uZX?qE57r3TA6#p2#zp-dS0`FO>m^y&nZ{1EH3 zf7f~xHVWhrnXKGXdNQM}fE~twhp1)~=DkEYacz47$06HEoPTCqpcH){2zWQhXrwIzjbmGR>@3MNu zGB|Jv5-hQ2=3VQopWf}*4vVyhIN${6`>#@ShE=^xeMRbXfBpUhE>ne|mp(t@v{WVY z{jSq_&m%xs+ST$bSW>>qs`;??d{-L~x?8NRTPsQCzbqRUf~-_zH^RQ3tRZ7b(KsArCtc<1U^`lmrTl`2CWC>u7oQg(UFbmjlc22r)<{STGSm;Dm zH5BY=zO`Pf&t2E7v4V7UJDrLR-eU?r*qjhtAb_{DC#V$7c23^3SBEjBJ*!7*r`B^t zox9%_>@FaQq^H$T!Q4?G{M@Sr18?~kz`t>(Sw4XUAaig218#3ducC0*gS3GeQAsyy z@~_pMmZy!yQ%8Ay%5pP@bCbROJ31KbL{*BrN#>(-#Eu0&XT0%q zfIm5#yza!`eVjxa<9+(%m>>&`wA{_nI=YalS(u00typGVIZrR7-Zx~@UzR1n2Dv5d zyM3}MOn#r%?)q*>r!uopk67+W>(|_D5%N~m9b*!e1yLEdp=d;q>}S+{vzF8xI;d1H zS@C2D_vSJua1{GjOOr5r;NlDtnZ3YMf+*6#=-@ubb*&$w%BbNLkp1Vm4uiIncrPhG zL6slZ&IqC-q}|T3M0x0|MMW7}xl#%^rec4PC78aB2Y+je8ywrwZx=Xt*Gug@Pj z$)0oX$?neV?99$J*Uk?8d3ee_A$Wd%d+k@hm~!EMHE~SzjgOA>)lmP6FDmj+xeo!2 z;6HP!s?OR8*&9?*R}S`rh=eXBmb)21u$OFYJ?>2s8MGtbqAeNb^-z!zKHMpv zF1`G!O6k_L9%_e^?Ec+RFe?dx6cmb`k!2!p=i2$k_CfIDs5*@u|E5YREcWXKi&URP zbC|P5o^#58l4rfg{R)cQ{$A%GbLHAyrimGXv=EsO#vG8UyV|SC8z6L9S5vBZcA@oAgMG6q-JUkZ}C7_{v90yZ`op1U^cGs|?vcAVrDHfSx=Jz<0)3 z09COvh>Y-7#B?3A!N4Uaa5@4>)8^ecTEj7s zUNgK_#xneS1o3T8B)fOv@~B8*%JDN0I~{U6noyLJsLAdw58PR6MuSQY&GK{FL0}&I z(HuEl5SRyZv+!K*YUc@hFY5+4|AMMDviplaw{&PbDuhg{R~?I0_+WjJ+I9x>uTFYK zgBTCTVQxX;#X~kFzgLk;`RdDkrR546ZeGX@=_>$`s!Z+mAPnV?>)0&iRIJ;GxZp*+ z#cuW+aJ~fJ?Kj7I=J3g|Vz4i&AsHD)mBtX!DkKOAj~PS*tfdxR!N$_4J^JXmP6y+4 zsvAb6|LIMdAS=dr$PZA=ptjQMG@50<8rklDKeR#MuHd@;?q<>F{6_~Zk!O-jt^Uvz`BpCY;rk>Z)+@ph0$~6L z7~%dUllVJvU4>^bWCB2Yd%20J_{qt&EcQ_KPC&;%cjC8u^x4bsqKB8zk(b(yGkR3)QtG$hyf;ww3Gkljd>K6-s?cZ z1v(t*Z?=Yx_O+;Pc@d_rXS-B2euEY7i&hDLrzkdNS7)yJ>0vnqyA}t^-pJOAld|R5n7co% zrUH@cx}&Vrg+^?SsYAG2k(A3yX=r~$>*OMr9a*;j$qJf#Ei0QW6ZG!42X%Kb$jtZ3 z%IV?gd#U1%-k=noCO3D?b=bNY=#?l!w|?*Sb=INu z{YW4wYcojK!{@Gqrh!l9lRz74UkDD7Go9&-i-HE1deid}k5}dl8uknMMGn#pJYk}@ z76R&AKab>1W83*w6^d!mkm(DH!O0YjXQHP!!H*m2k54BbftNt)K3U~7 z|H)vSCr73T*}ygAG~Rvv>Wj@S@2F0BvNJ1^cEtOwH9W?Lb6g-p^*-yF|ATKU%YH@6 z>)^LSk2wWO=nF*6xXGNbu)~$Ji;Ql0xP52&f69ph$wHS$_vEQjI;W`1)mkk`RLHM` z$?a62?9y1AVxEG?(w6@^dO5^{o6ceTJ*S{Dhd?rF!*gLllv#+wV3*VSVZOJ^+gm8p z3ExAYGy+^W0a59CVkIo{-hRuY1X0-e)O$STE}^2K#RK{a_ zQ9fB4$Z__Nb>Vs=>CXapEg9d~_ud$L$mwUQQeCrx=x+hiAV9T`dU^_B0fua!bPh+b z+-cX~UVRlQ7eAllA2oU3e@K6?Ms_mTFLweyJaB$bXiTTW%nEEB=WOQp;>zjmrYu*X zwS|OddYZK>X|S2$?3yu96kF1m&T{?}y`A;K@Q}zvk#a-o;j{toKVjlk@~op&BeQJ_AP@K%6(~(n@h`^m*@H zAfhVGcanQUTw3j$uH9VqhZCN8Vt)!`jL)pwEr&NooRyWETr6s=jB-C7`B$?DAC^og zQx(3*ZSv;|+RU+)=`h`#3vt+}-E{rQE_gJFSnrT(b5~lLi=AF=Z{Zud)UsPd(rxzy zjGdR~Y(I52WDg(h0?eO>piApDi zq^Gvt%=Qg4+i7`An+EXUJUBm2nI2rr))atlDT6)Q?pfEZo))WeGIxqOnqOtPBCI_% zxtCSkym+6-c4nT&o$qrbo-Sdn8~H*q`w8!IZ|P;UI5KeX;v@8fU{x)%@Y|fF?@$hz z2)zO2RBnuU4!6&2xb>W4jEP4}E-7Gl%5@6+V;0>gfo!vp+AVf2Qdy_dG{~6jUs*-8 z*=NDCtG=qFu(q7z+;NCAdzz5B{du7tOi@m+CJRyY(FgA%MXq88;ZOF>m2#`r#j`h= z{t`;;kO}sS^X6P&S2G2~l9jiQ0OAVapHXE#cTfKLb1yLF3JD^=!Q$vB$nA1EuyXNU zDb`3oTRCdvYkOxGvH@0HR@*pviq58#m0mgZ7+$!;Q;N@|H9lLj-4Kr;J_s#ro^8KE z%8amYzrome2z`X}83V2bo$>?)@O zN^3Cv`IQF;2d6?N-)SGsnhitx``0V|=Wx2Nzo9E81_%8Kb}vSBI>Lay9+Y0~_6lz1uz4iUO9L#xDAM7kDNvQ&f$L?4KDl@DAWk znHq@D2kJFCgBd{5HTPp})Gw*gmZx~O8#hu)Wzjc(+xpVYU-o6|F(+9kV|^TL%nmAS zlu;)Ey#30Ev|MijpvNh(y|6ZrJxgh9e5>lA9Cy(RuP!FQC=2iP!F|Z>R>_% z96vbM*jSk^m5G@DFv;0e4Q1~u>XbVgD#}2H4+Iglm70Z6*hSfpko6`$s6*(s z(Uk&5X}i++;4;w6S?f&M(K7!@58JSxi8n`#5+ps-f27BxbHV$R`-yTo&boihm~m&Q zg5!vqoWXRi&W~wQ@rx;mF{=OV?p%poeoD#>(u@!JIu`xVUsvY}P&Z)fOWq&ZjCFZ*1Gllwi0&2s=C@Tj@7e?XkFP6uu?SxiJ!?ISX z&Ls^HkX&aBn*oz<#WW5nhpjPZLCZEqj)Dg&ky&pI&V2sVpNnD81ZP>dTJW&#@QTP>11LD3ga1Dl zPP~Y}!q#VraVo5+lh0qNc=#EK7NK{Jk;aPKBx4VorOeybUk*=2jRIu?aZ}8X@Y7}& z44J(1QkZwm?|iH+w^GlKWGz3G!nc_r?n%{4ooBB$*qsne7G39cN-YhxAEr^5$F=d{ zI2_F_^b9dB+LXXM&H;<;zUdR0j$L=w@>y#;=y+#Nk&{)IURtQ<@4GvvH#ZXDUoQGK zMx5@RUT>l4PN(z#c&<5R&F8h|w}h1MnOW=%R2}AMbp$UJ7i|Vq##}Zs4%eoFEu#UvxEJ(18)(W5A%~M8wxW3U~d-A$4oHP!7U}SQi+lzWe~+*jN2!%Tp*W!Th8vU z(aiFDf~GoPHY3JfUiFT-nr|2P(Su7~)p+K&`r+@@ zF5&L}#uP8EVBcG%?^~K~1-E76*RA9o1xya-gZgp<#PHUd2VQ9;%SDT7afh7n^+W2jMeL1Dz|#6euV>ITmp|-1WyWbA z+a~kZ@0H`^&YDTu_fWs;_A;9cCPW+zZ&i5tr#v{K*OOB9G81a_^r(N-P8PcFAFQ4| zbXV}vd|x4xQdImiooo*!?BcBsZ02%F`(Jc7YI-DRE77E_lmjA9%z3IwnggI&FC0=goNn>@@%2OpK6P zEr47vrYS%$F}o;>&;RF_73Cu&6UoC|*Z$}4d>EA2N>sr#7(Ja@J;+dF<9tb3oeh8O zB6HI2nBLtlKbt`im&79Kr}da{_Cx)Zs zzy@neeDGQnKzL{5h_-AjAV*mgQ8Ig0%k^baYOQ_McK^F@xEN&tL#0iX zFw#?kJw+Tb2TummtcAPbc;8Cz*CL*1b!SiI|IqSN0;&^UepUR==4~wLTd%*Zzny>o zQ4F~`dK|0m33?ReF5yK!<8m}sP)d{y|7q_Yej|HdC8a1#;vdnJ=dDf7n%0`oO;khsx6lm^-t~%SW&1_9GIRQKPr}IT@Xo| zmLj8>M12FwBQc@3VJ?(ij22~apip-wvAUEy?OlR+Q5mt$=@dR*#u1MnXjk6z9xMYvw1!BYU>^`TEGfW z0~-gx_g{i;$J?t>Y{Y3enPQ|70Q^-)_81EH}?#1pmqz)$!xw$8Sj|3aDf_*-{r<-Vf4IjjaKs zMT9rJIqP$J9##!Co%URI)5b=L*VWtgn-CLEU@_+_ypJ(8`1h;$k-Sx*l{>N)HG(n!a$58_G1ndM^U26F-G=SH=3ZY z0{^0ORQ81eA%t>Ac2z`~h16GjUoSNA?H(;-T_j!g;-`;jSQQ3+irp(rf$@9lmWT{7 ze|74bS%(?aKQ(K~-0;M7&wTjk=mqwhdz1s#}MtCnr_ze`($1EYwxBs7;o{6yixF<3P;&Zks?Q ztr?s<=%)>A{O74M8^GyvA+s&;%(-9i!+?+xK8WS!(Pdv zsZIR2ylNnYNUv@d1uG9EBvMcUxrM^QVXNPYOLpvPOn87b3TL=MV;-Lg3bSeC_@#A=$imPPFls0`Exii)MW4 z6D$GmyVv2c4WnGhYvl_O1K%|nv?44l}{}O%=AmRJ5H9~u|%^-#JQ3>Wg z3E+?{`lMHOWl&Y8nm3^dm-tNB)<79DL3h|9;;`Hrjy^h26?9~h0%DFn#NIZC898vh zhdsng=>UiakA*jl{j=>BBT=wmMu=Rl(|`fTR+Ve7Vc&J7fjAcPb#X+o?OBJcJ;LP#@rJAbq=DFW@_Zw!HdZPFyo2M zV!Vlg8-WVy@)PCPuh-9f+>l$4yZT`~vP8{zU&ylq3y6lm|LzQ5KN}{6);6vqDJj?m1x$=&Z!Ch#}*A z){~JxGXqe)Qgmq%#lQbGo{BXf<2foppolAxv8$dkKdLqJOHgLE(ZZf$-iRh)_b`nO zB9kp12*lbdgrx@lj}bRH#lJWJliZ?xW`-cBB+83eI=q>$Bfeput57b7#x!}0tigUZ zUy(I(>Y)j-oLzrSo>p#ga_78~^2j^3n*+VL<6zE+JzbH%#lb4Ch$6^=ns}@z;8TGD z3-S1LuE{mG1ktF+STVJ4c2fz-hW$Ya2~fx%>;O>zht;u1C_vGPySrD2^}s6;xckY> zar9O|QQ&sQ<$b^=bfUZZwM=qZGQynQSAds*Ghdog?tg3RyZK2X7?p~c|95FNg%$*f ziG4oS@K?HRsTAcdAu21H(rIP22bcpSO1b|q4u9}IlDATQIR)|{@7Q5~p1_&wDS=bt z4#?ab3cX#}m2K=|tM+cC-XZ2=NaSOUn{CcY` z>wo`oWLRIZtH4OHu#f86ofb$HU}0pf7=Y!NYa0c6{pXb$z%2r6hnSmql>*t5b$j>3>+0&aD8DFsO<7 z3un|(LyVLe3DBnWuBi;%MinubomddNv_56=;fjGi`B(73KWyhll?YiVyyRH|EF#z^ zhA`;Gz8#A%ZhdJ_&HhQ~*p1Uz%_dx#3w^JFp{TSof?LZh(_k3?I~5Dq|DbGrkQDns zt4y1%yzu=4-ANQ{vYs1yxmr52Tq=?7=uf^@%J zZ^X%CobL)o5sN!&!-2VTL<-A&$nBU<5I+=cS*#ZM>v4C)$}nkZSVZq&1~RJPae+N- zZ92$z2h75&)MA@|Dm9f}dC&H}LDsl38T6{b>V@)QR~=WDMcqQOHv?k9>szbd&V87* zs&tT}0NxY~A;e(-doJo$l#JMSPQVTAx;ctwlkwN5Fw1C3DAWMj6jLzSEuwJ$o^w50 zF{rP!p1#8?EPt#yIn><1J?^J&VSWlR|@ECC#CsJg! z7j$0srQ#j8oDs2dp!32Obc=R-AXr_=Uqo9in8vbuGRJWjh`OPomq04)8+|Dq23MKk z{}V$i2^`5?kQKdj#uFnD{>9p4NsAzOqVbS>3b8n^Q4E&Lv5K=^TpWAnxREL{2+Ovh zdw%+P29-xY^Y|l2q%nM+6GTt^etMtWvFacN~DM{F4ksnO$CgIcTPa}t2F`2+yko8brPXX z9T%bjifVrsaK`};md0HIHq7GJ1xMu1%0kHY)8Vy+(#?oAxYUz+b>Q5xDc9O^WIn1X z{H{5?%~~iet<_4i25zx{uEWJ48PTJz?q^<$`0(0{;VMzbu^ZxKA_{i5TaFXsC%5=wz4;E(oiPjzMBgQ7QS^%jYvae4Fv$+uc9<2s?yw;T} zJk1ohk@-+bN|1RgHSppQiX7qdcj=?sxS-W;;-Il+vGmU)$^R5WzCn`a(%avuLl<(x z>~A`AAl$8y17{_qj>(m?m4_}Ll<=SAcQazUea;BvIL;a|O}UEhAk#Baq{{cgo=o;$ zu4OkZ4-uc_zAuJpwwK6K;vn(ar5$nyY7Yb~0<}P8T5F!I`)qN9wTxn{z_Py!Bo~@! zq0A-Ix#WYM13?c5vdzOUhm?qMVRl|j9@xw zgK1QRw_t- zV0!p)tPGm8mFZlDIc17f1a^))%l2K|{`zz&rPWNSX1v{I$d-)zC)-cd7_g`MzqMZD zyIy~>h)3pD2~lPi%I<2j;6;&^?g| znOQoOnbXmK*{U$QqtRe(mg)rnHGasQuwAucGNA?(l)_)ac1wfp5Z+_1vwv@7f3bLv z77M8H`%jzv@IYN9RH7_?+44sULli-_BYVK@oyipN)*Njn@+4#(UFAcpRf}6zP!QU5 zFmxom-%ox~zRk>j5*c6_eVr%N1){ETl+%k2pSh`;N$!FGe)6j44NqKx+ywj>u|<&S=wEuLqqUHjYj%+E1U-q@kR@XYb7u?kKLRSW=}e%u zAEzTc`N9S|>+i3i*zwOWd~o8Qb{m4;|B@qm8HYTkC<3A)LFP7|8rkM7B~_u~mXrxr zqo)+2jk?YPzRLvZvF^C=v&)A34W8%+HoxQ)?0hNegT}m3ON+74>nbYM%>Q$qS}4lO z59^+-cc;uIP|?FXus9lSW-?#Q737f(9t;(ov9+!7NT%r4(jwXb#_~aC1(mq%^!Y-z zsjn;I=QtjX;Oy-74~N!GuATxZx-~p$QC@%)@9`JGPfro{E9}hyQz4>E=i8o?Yzs9! zQ1?S0l#wfCV>ukcs>|=b%X6S z{tgQ^R%F1aJ2{Lp3lPkn%psbD4iX~8LkWi#tNr4dw4>kW*9xP)!fap9I4+Q2WKJxU zf&q3Txh+Gl&7#tp0 z@o-x*magcT;O`1xUV}MACQe9XAG*kX1^F@Q>7J<9t*38_QB%L#+^tm%+U*RWzEEqe zE*b5ri(p(5PN=15JE_L^C_BZTSeTE9l*B^#=wWC|kpvOd&@A`Oo$yNV9c2;D?MYWW z_R@2I1i&Ew*mA<esfa3?1%pJ{egj-#QTi5HwznKG+i!oj8@#jR$QEV7MtI6 zUqYb>LCaAEc9=297Rzqb>$Yb#<@~UefN@PS{vd%rFuQ}$WA?Z zc2WFF^~e{0GkNoA{!F-q+acj?*70NuTkC!4CxExVL2?;OG(z4hbj63KkQMjn=eyRM z7Tw|oIp2{zffi)K&g>$5B`TH6Nv5BGp+e@Lt56 zRSu)8#}lwp`w<52)J`eLPgZ zrBHRn#eb!lqoD^nZPq>4-%W%Wkp#XEef_2ry`}g_)==D);<}>d#PW^22Df~RAglJP{nF3ZVCqXfym=1zx^jzly|LLFM!LymC@r7WD&SUzIEAF9bT?31JFH zdUCrA-(utzexo8PKlk8P36Qcx*#Ig{&qW(Kkr%0a_uT@UtBc&1@y$uc(t>CyGnV0y zUP0Xui>sE-`JorI{Pl+mUzM>2zA8Hs_bbWU*L@k+Q_c8km_+^UjA>!ppRT=nWYt%l zn0`Pc>kGoDt=UDD^72_<3V5p4KvVJdGC{A8deL0#fL5L#<-8vt+ zi3$7qP1|tSV9TEF8s;tHa%4oia91(2p8k*u8AL2R!paH%C3yY;?0`_gTvuX+`z7`s zmMtpg|Jzo6wBfF<;y^e%XkYQ~Tl5qm;DGt1<-hNadZ=}?>yFWfHBvU5^_Ll{gjc?jJC9HT;)fI@mdi6TWq~ zjw!E8))gR>##T^2LXZYR9BMG?L)_%x7or&T2wELiPc5 zVJHd)i4uB4OPG1KldFv=sIGM}!bhl&I;6XMnBjQWe+l8zTATLm%x{&Aiz8^?VaE-F z1=2H!1CJgD!EVylHNlL%N4T3f>+@b@WXkD|0#H=$jQc3_>&@$Cn=&|motH0ka`hcc zn}-(e@LnnGwCtuxXBZ;7Q1>{CW`;>Xs@a{|>F0Mlk<`8x_qG;XZSnS29OcyL*Us=0r~5|>M=$A`&4Sars*G~gaTma4c~r)e7!kz< zybD~cx|3)a60XLs^NO7sn+j11EhQDoPMr0>#o?EX!PilUkp?Z!MpMj>Vt>TZFVam~ z%P@2sMEx^*@9t0dU6DfTQ`|1n=oY9c^eH9ciLg$&8}4j5`xF7gy!!r#cPOJ4*H@CH z`;eSlmcoFj3HGf;9=Ob-d&8E9@68qA)E{bx=;P%{u6T8^UiTHVP^S4K9ezY%13VHD zv|DvFGnuNDS~jH@d<0A&sPTb|Tk-{eYwH{d)CzdO^;06YgYqB2rxuCN!^Zratt5?= zoGNI0$@bqIkU$-D6kb4cupMXuwrq<18?xt&jU5H7FBdeJ@J6jy?QoR}2(@^y{k}DI zIDW;gV^$PxdkSurB;a0$E(0t4-TJCYA0 z2VLTNiOpox^y{JGwbn|c@a~qY>mzoy4I$2;>T9EAbx`2pfg<@KByoHepzhnfiE@IJ zs25}^UMZ;MhmXQ}-0`k(#r06uqZxgEcAj|r>|(hGPlpnnOm4q6yf1h?F zCu+Be0jsAj85)}nd8^tEEoE!sbI_hlp=dzD5AN37A8ALwh`Jn%x0RqethUz6e&E8D zWk=JLOwN~BsJ=BnW4k3d0ZZs*G>16Db2>^jXPyvHnga19am-YYf$u%XmK+0gJ>z#Q zf~}<2DI+uHSY|Mrfx64R^Lg8ODMt4;k5?P4rPrX)*0ah}_4F0CAUVD0(Q-zbD3v z{$OXfDUytOU8C6&VM7qScHRg1e0(l}FRsEZ4)C)wz2eN4pK# z!CX#j^l@wWB~18EQS@U{d=+e}Ik?8}DssgGlf)Jd3OM$19^nJqN*x}&a@BL4TFD^O z!&&Kmdd{BPBkhBW6p`KTjhoD$+dYPIh<^P1(6Io=nsiX34*p*=JEd=QIGZDRG+Q(l zF-^>Y7K%`W5RnIWprmn-Tps&Y7^clA`=_dk<@roa_Bq^fuv7wSBMyw&xE!H=%pIE! zxMetRe`0@pTg^1>c)!>jkF{9?T?u6tfZm&5&3wN&Z8-;a_t1|xHd|5PG1*)|{PUaf z2efuIhYOuFkoFf6n4lk0ECV8HJ^ep$eZ3?`a#meN9WGZA0b!}~W}$*icqv?21Qlvq zdj~OFCdEvCs$=MEiuj(CN-0A4mQynsieIrU^<%1AzU;(#!`bC7_Zc2rdRvEOt=Mj zYgX9|-cW<5;2%M9IeZ2S-NGHn^iSbqD6b-o2W(xS7V#5HvJ5sJ$yas}1NA*)DPvP> zKlRnX@G$TH2Bxo>y?zjrtqU4ha=WD~9Q|BFrYVMxldG5`w?S<;t9U>! z1jTwKuL%$Ck7O$0C0geM#g+{a216tFHy847c=Tw(K}=sK(PY0cv|WW!ej_s;vBbUbxa1Yn*ad;6cIV%d7?g`Q^+3Gn_pv{i}+KYbHXbNtN8m zC>kggWL1bD4nM<_6;)y`p3lh+OV zzq0}ZEuXSKu`z!uqb78q->FTs=$|%Jk8zVS;#Y%3CX+uXFGb&cV*h*Cn3^T<(sPOv zy2NB5^T-F@34`;04nNu^x_eU1-xJK)E%VM}W&rS$HNNG4*r@jtRC8)wDoJe6C1d5P zrj`e;5-OyRCQXdR%}<;C&r>LzbPLT95;L;?)gSY%DJJkHso0nda_^0TDGW?=iv91M z9K(HZk)Zdw_QJ>{g%8Ww(Kn}<{u@q8!VN8__*bVGa}*x={72Amq+%t6pNK}KG{$_f ziVXE_mB5BRrMDDLwsp&k0Hkpfp(UE}=twI{93H&NC6vLjlY^T|-kh_gygwRb^@Elh zhtyP)gVX4g96p+=mz&@s^Dt1GUy|<~8o=h?@1SyS9U`bIW&JC}`0Y??@TSr)8flt<6ZE#&M4!4mU5LTaW* zI)0E@Gf_U9HF!JPNb?L>+@$W_HMD4H>fJVK^A^TpHgUeXUp*Z+aJpn`MTLfILtn|+ z8!Z=4e`ogdy4eGW%Nn7q2d*Hzd3`MQ@IEwsQFV9AgXli3>|!kJPNGu z3NY^PrE3>t>R?tY|aH^uo~#%>6$Z+SfV>0 zY0ujJjGmSuCaV5&w6VB+W$P)|0LU3i%iPzOd~k6$j92m9fgXOw7aHg1J63`6<%zSA zLYs&0IZ&}B$we@hH3P#`RQ2_%>942;ZW>7UJ85rea+-9vH{FY|<`sKQ4~q)ts2%=P z=yvG9w5zY5Z6Aal@dI~HS=25x@*RP~7?v(_Np9r^-81MHLBwO+{25wz4+Hrxycv^$bDMm0b)jiXqL=R!?7I9=u+pNFWAqushv@XRzmQRaa z(mrC$rjYb*k0Q^>BmA5*t%t~y#>uC+v?!XxCp@(P*PDHbW?Nq4L=44hdwT2cKYks` zE+>kzY5|8&NTmdVeql{fK|j=rSG1KAT!m|kIlm`K1^PP0n&mNmnM<{&AD1wRVPJ!o z|ESB4Lw)W{Th&G)j8ev2L0-6NBg)jsv&PLj5tZ1g8qRN*HzwY&TUX>^oL8wnEIigmbfKNz!K zI$7^U5hHwB{ZUMT=y6ZCV8&rPh!6g=2E(;)!H7{U022{&v$qkNfmbp>w2s${wUC%v zf^kf;J{CivhA?qi_C&uE`KX`V`z!G!&8sllo_C*8{yO8v*KI=%)Ld`a$q3MMCe|Uk zza(GeK<)(aKY!v@6Q$#UEM(n$21xi5X(28DF3!P|s!d#zSi8y4@nV#=bSv(CdO1wQ zGy)6jUGgQ646m2`;eo)hNPE4z zK;l>Oj?Y(@B%y{Fdjvlq0*SZvrAn(Hpqf8vhz*`0G>Wf5;TYsBiw!y_4K+-Yo4CGS4Tr}B>OWyZU(G0X zL3TBVB9?N;0zI!56|=5I{rbg1Z8d$>?E{u7ylqxz$9JU@^59$pe9t8gExWYj zql)(|7`4|x%*=#~QB~k!?+KDGS)T6*(dx)T9@BI72jU=yBCnntHY*@sNo~=g5OTU) zEYy%=GxBiXL4NaDem@8{4NU$TKDJ18gS`hb_)GKa1$A@JqPZDv5sFJ?5!iM^ z)aaV}`kYR!(Uwok-`s;fgus#zCaW`IF}(CG!Kt$FFS$3|=1_r-cn%3i*jSJ!8CMZ7Da-ra4IE%V0njHy zdgb<_u{eb~!(;bOAy1>RDt|Vf9`{G&CgkG1J>aC-*qwgR9|`?qYcu8?E77yxRJ^@t zuD~Jtffm3V4CSaugs}X!I_sekfabE`%t=ol31jDmBP5P2uF4zuvZqf*MknevWT2C8 zj)eh`46JTlVPPib{IzW&wLQC+;wfj-SeK;%?MjxR$RT@HyzDL64MptrT73MM=g)04 zGuDXf#hesRUpy7d66M6JeNLM&Nl?UkP zddq7mL3d-dcn7Z*G6mN-aFYwYGN(`O=B z7iyZ_*zTnK>A1mW9`~@Su4)9bw433@8`4Rce zg&G{Ex}pIMP@+&h-8tX}+?+(bG@L#bUPo(EE`)o@mriak2dIcV!66g=0G<$`+;h4I zlKV!uU|-E;5(GD`zd(SvTC?D#0r$;^zj2ve9lASGX6^%Dc*(d#np9nWV~UwKGbA*t zc0@wQ>@xi`*^a0hd~4UzL6Jub3@69z_VBuWJmfj!-njAod7+1cO>iqZskZ(WvdXNc zt(AV{OMZvu%n9H^sN!cG^vG>d-Cp8VV%0cDxt1J#oodM09|9T%om zJAyeZTpQ+WsI0Z9w6S3u4aw?{y0W=P@k*4zQTT4w!RjxH6zjiO>TABY+KLXix_%P> zB^uRZDjX$O_Abu_=UOWvB~&8B&Cob5NFi}nRk`DrCman_6@H#38H*jES)HW*N>Jwa z_x7=IF;pc)78ZpgJT;^o+L}T`aYc%muWwZP^e*2ssy9E_XN!vM7=KZxde=fXxwZZt zHL5IZ`+jTBz|EiWratP+OxpZ%R%)j6%Gwo}L55jun&rap&8T~_ z2Fxl#pONdXtJa~$F}IdWArw?l+H~NyJ!w4E*41uk#BzFQ@?7k?-)Pq@4}s|zGK;;` zi<;TG*2>&xYvXX!Xare!70Wiy?ewV|v4=9Wj)*3M8lw<;f zm{K^*ffOI~lX}X{*nc#RNJHEL;|Fe#m7{n_f6?4JIn)5C)7WEK$jc zHa?iGl99g2JZVJ^;xd7e^`bB_f!KOjHj5t#Z%{Npv>h4e3C4H$C^rAcqZ zXHohkx#>g?8EePX#4*^b44~^^LnbGh6fL`6u;czUHJ02V=zwW#8rrIT%%z+*a-Sdz z<*%UD=-BEKu^{h`p>L14DI?S}VI=g&8GBBrK}!MierQ+UdvaA`?2mNLdlYx=_19ii z(!JvH&4}2+qjbFTBGh=_&OpXogqzj{ku9fT%DEGASLwZ6TAN``geq_EjqA~7qgR8W2N!MTGt|H;`MW~U-Jot>=P zFuZyGBudU+r8N3*fnNa9K1vRgvvsd4>`LH)VE9v<6hT;;v3N=)?M?U8{Wh5}8ZQii zWx!v35*r9*k)X%46mk-do^b0FQMz8A*Ej>L)eC9|`?$kBvxn;DOrUVrj_u8}ZS_6! zebUj{ko702&Ijc;6+OOjb3)>e_k0&DgB@r6L6oSB+)4e$9%(Qz+cPXCa~hpkM@c$l=wFv5O z-Wxj7!GzkOL9Zn7045fZ@%ZL(A1+JgnOxCFwi5|*Tpu&bGHatq&FjOS&sS@f0*5vW zG*wM}`qnM(Q~qcwHhhTGYqAbVINH1l@-(kzIsra8L@dPrY+n5m`Vo+Gv2Z1l@`LIk zGll3%iqP(f3@Rp5DwNn1UZLru1rrudqRTa8*@K`7{U%XO6mtF1uHZrr{jUy-zNi#R z*f+_c7t@43jE5-`ryeu@&|%|1bSIf$ZP6*IGgFv2O4AP#DjLyd1{%L)Vohr1jaq** zO7&AhSSGgzpo%@fU?&PB-Qip{%X<0>+x7RAQR=N3(z_EotcNI`uJrItU}Ma;)XQ(< z@`q>z>E<+e_@N8c*DUWHn-ahm(eG^OUfob_rbL`EOyJ&j)Lr=C+NTWN$|#qQHL2PS z)l}c@nB09be&-*fM!Bp~Ej+oX(PJ9qfDZ>Z?-ymZ=%L<{thE-?H->r}t{8hvG&CPi z{HS?|q;{utCkAhCW1|36oDpYFzU0-yDEwe@h>j23AIlAFHU>0hv?8kw{~uFd9Tj!k zb*)GvjUe4UgmfcFcXtR#cQ-#NY3XhdgrO0nK|;Daq#3%q`R3N=)$cE0E!LVdSDe^q z?{oP=+^m}x?1e>(W?Ir1$@|T|l}e%iEEAGpgMv3)&qL9H#(nw-3KuC{mXjWv}8^^_m}1d#Y3 z2;H|GP_^&q!%gYt3)lpna2?V$rz;dn9B7pIZWd~UlrN(|-#|3kof?N<+K5U8@EwKV3(y5MFWI8a4Z-)V-o8euVx!aGaof=hHW29~+2TmiD3b(WA z*Fw9Ry0e9pg;O{|qtCK*G8>UNEOpuRUPt_fX+RF2SaCJ9?p@7?HHFdRVVMM363cqx zx~i#5d;2qGc)~pp>V>$-&#N3+hpQ34FtySqABgN!2{5uJfx?56KR*Z{Vb@Kq1Gid# z@3Q$tk`NcKG^uy>6n0CjhGN(U#}Znd!~CB@pd(>hVRim*a1Cn+eU@pQZ)XP8Sp`D{ zlc3FJcX^VFyEm~A@7wnLE%Z*#>}>}ccmk_ca|@xw*@p}8gSx>00u$}I?E^upI^nxI z8$F+-3e2KgJ?{@~)^hYo7 zj!FwLx?!%)`n2qlcz&{y)hCrwhD?%tY1Pivy^aJ&i`LOkJnnHb&G*pZ2BpA6HuZDR z(TweLZ=RZYMxI;ehj06J%v=MK2TAp)ZQkg_owWAo?DsD9AZ+5{uD35xv#lPkq83@} zAeE2I8!_1-PFa`v7`uE4pqIYw9$C%}0?}A3;cQvvhZi2``G6feH+Zs-a6Cf6qA z3BJ=^2~PMiUZ&eZ)&9&Pg~GGKC2z&06-<)X6WZbX9(yQx&iE6#^Q@w$R0!_>jCUKk7?mBFoWk<~T>^+H=wM2t^%qT9;HcM%T=Rr8n|(-nZpS zUxE5A)c-c}-O$56>_{?DQXIFI)|fClDef=z&9OiAcp@O!Qj4`=H(ERE%R0vhE(HSy z@()hezldQp3`kzzE3WYH12PX|Cp&bl;FR3Qlztc;>bj19Tlp!}Kxnxj)9RJyyRIVO z)LZ0>uDSLHP4&%=J<%X-OU1vhz4sN`A(hIk-~{+DD!I}7cZb-&`MsHbs9yNxNc~=h z?s&%8Bu!8mw_1wjrYDC=}gfuZ6%qRh{* z8ZJkw1x#CIepMf1lgG@F;vN1&=lCjvym!Qdz18etiC-oi#Lno0^|Ax%-uM<+fU~%r z7O-R{wmo`jkax;-08sCZS=XYWdS?TE7;UT9jV|`^IT>C-CK%OrI5@!m@S^eE_x>C7 z*Muuz!Cji@%65k-627c3|4-HJbK2slg!?lv*;&pvZU@CHJ&?vyztX9toLMrLk9%h- zqS@v|e(-iMC3?{))ST}CdP zfD)`O5Wd`fq;&Rzap?Y-&uoo7xh>72RSAq&C>ZN7ftCwn1J|1mkUm@^sX*H|-P?zD zF14gATM%pCH_l~@H?Akztr`VL;Cs677uyQdNLYkLey-Lp3Y}Z$j<x^DgMb`mdw z_r`?FzCQ_^Lhww{g?kA}%5DPd1D}3L3E$cQ+Dnn&?^|1;f6|fOv^T|9ROrRDG|pe0 z=Z-Vh7#c3lQr@j!E7q03H@XQFp>G5dB%9J13ma==Zh|(H2Tu{P&R~_}&N|NGUu);B zI!XTxW|AFAdTcF4dU3l^$9?b-)Wu2IuYznSYD;~NH_$*fJudO5C9kDh001RbTGMAh zT>-M-clyXx3}=rPC>fz2&-Y>$xtS}G-ufGtdcnNK;dh5;p}ZvROS=+xMxy*0@-`{z zsCqrln&TI`jF39xU2v?wlY6P|`VeY*@R~ zd2Xd(iQ9PKES@2+$1C#ycuCR(t&S`IPNFg~hGRZox_u=%FQHU!j3LJcN>Y-x1}L0k z9VS;qPc8g!{bezVl~{=PDp92clY>V~Q>MnHDNln8V3d+yV3R)mHq>&7Uor--k?v(% zEJicrc-iWp+ZwPEZ^fceoX+u4T{6Rq|90~s-HxkkJTtzv!q@V$N4-wHY7xTVde%#N zw_0}3gxtHY>V#1}Q0@-Ss$s5}Cv;*=(mtV`>ZJUF<9XqC>b7eb&Co=0wfg8gZ2g*G z0|y2Hkera6sA_&Qh}W(DeZxECZ~$F%?st5qJIlzqO0oa)eeK-d%HmZzSzRN#N*HDA5=i5Bc6f*9WZ|9f z7!%54s{PE{GZ?Q*KuTcq&T=C-qLL2J&aT(N_8)g~9bR@JU0-cM_Cms;^Sv#LC*Dwb zCZA)8knlnSSDHG8Tar1`B-fBt#f1geTJF3?tv+^9`r^LC(WFRW2Wk)sN5R^HQ(Qsi zbS^g;x*E_9pF?Cb9>ytc)*y5B6Z+=T4$hTdYP!5bF6%|n=gL0l&p+<2Z%%a8FXb7a z)<()h$Qh_#9R+boVHXe5c4&9N<0CT1Ps~CTA6z+)3AV(q1j*o)%3%o)p5maPFAfHv zeEJ(oNxo?XtnTLp7=gJ1v_q!>3pR3a?ifm7upPB>uR4DMosAU{a$=LBPODx_5l?^u z34Z>oZJKlXS8%V7L~NG@n(yyD>1VVf60dEBQ8Al(g4-uEiK^~aJKq1PL+((J0v8;h z7dg6l10IX+;PaP@J_k<+iQYi*w5?_-3i$T7ph2Dl(ny%XSAk@&0lCH9k1vxE{=uK` z>NeWv#3Ai!_L6H}#f9~W*r;WhN%KM*2-fO7H|Yn}K^qxh#9bBYu;s9!ByKoS&1NNj z+#{jRLwQv3l&+{dMj*v^L1WO{oz_* zm~+uqbO0O%cO}+ zK`CZKn#>&EhH7=!SupS?v%fQ!O12GoXRA_kiH0CX%S%+x$D2RdXB6Y@i23#z7DE1r zHZBcDLW-FHafn}Pj`wK|M;6gjqHP7Ik+jmVx1y#G`?F!UCe@}Zqmg%cTpw>m^IL6}2 zZt=O*rhXIecOrLi5|_%SjwSTHEG@GMRREGNv;0!?)+}he4#S8j!E^YOB9Yy8)wx^T zpmGrU>W5QB!hm;O-@1(9f3XVqP1rI&O&aHJDjHATjbin*0xkQx=<>Nv6%@n4^t`ZY zSjf1ybsI0W=K%k*SKC9tmxzohf$=YL-Wd1QcO?;k?D{%iegCsZeaULG zeht*jTWv}g{Uq*FxELv4^J4S#Xkg=tB#TTsha+a}k-fzB zY^UyCB=T@j)2`M*kDra)GVox1i0NZ$kH`%2h{WjeI=4t-bh&fw<1`xR}%L~ietBdB}HX32A)NRqu!{wI|z~uqyc({Z?+176wwv z#_rS;&k~DizsN8pv=C3b9Ze>L#ZlVrw$#o5lLvdrh8P_^)HRbP{MAVW%(;JxnQq~C zq6@r9mc!ce2`Grh=|s#!iY9JKG5e^SX!>?Ul92cSu77;zt?V=TQuSvOSzgcQa zC^z>0!U>G{@Xz1<)S{T%&!f-=b2HSkO_6+kowq9V&502L9ga^^_6S&U+~^>~P)t;_ zC2|YfiwwV6%SVoEso7caxcqcj**Gm9c^&GCo*edvCE}V*j_oR2r!y7I`!tKPh1t{{ zoTsyg3Uupuc8#$5 z9M%c61l=6c`1rYr0mHpV%j4}t?j&M#DEMd7{VIR{$F{<8bGf5M2V)g z(8SNUecIc9vRbT-p@Y(}X}!E#F%+U=1@MLS|i>;D9_`_5Gva9{YOIjQ>M<@;!bIwo;`$U?=&^?y-=9_uJc|lCurz7FD9}S4Sxhkqo zFC}{|D<^SC|3jnuc3u|mKzhSQWBu9-ljcQKJ;RlBR19~LSSy;qD1{- zos`eeJAVy%MWJnZKZv~n?&dt4iupA3E^@2GJPRQ=8Rf95iu5*SL6jMU0V78Jljkpw z{@II&XDsyeG~W4$F&2-xYmjZm*0sG3ZMjXRxz3}D!t0*p2ZM*_mLIMQiCp27CdO>QskXR4UZJE6{j9NY$?~yBKij1opcfcA0*zY51#LZ4kHGt4_^NV zUGY)ErYsc)Gj~id-UL8~?h3RTEtRFQaMCp|4Bf(&DkPu8xilg8<$PNOC~s1Cq+65I zEUJp9SIia63<*i!id!ELj|PuQIhWq{@5&gSnQ<(DvadC^ork39+iJ_)qEE3hSxAX? zmY4^8*ZY8d!>K)Q^XQ99TH6RI|_IL`$p)@I=eHA*CTX&i8%;27%ST2KLCl5b7g&2eaT}N;; z&o&U|-k&E!8k=>?XN)PcX&lx|#_$9c1rs19`7i*+G`p?eQ}!?6JH-~mCQm8S)?I;T zHyty&$3`I9Ew`Il&#t-^u_*Gx0-Wp;xQn5ZnOQ|wS6`;=by$+__P_-0N|J|}#F)CJ zdnxz)r$+y3yE^&6y+Fre5{%?1vhh+-|7>)3O!Uj@n1XT77p86rUyU$BB06;IKSV62e9mMhBnb2W z1F&Ze;Oa0hP*c9?U7|~lvhWKSkXTe;Iy8KQZ}9lBFv?46RZ_1z9MQ(=5g{|c`G%gl z##yE4YTuwya9n(hp1L2rgy1!heASr?G--aPra15(EpCnROYkzTC5@ALe9;=yZwH^d zIV2L|)RtqF=?2zd;8QnP)f%)sl6HM4^v5IvuPU`6MLmO}UTySU4>T0;FY+&*-ZWZG zp#Ac*mX9}_oA~f#6$Qfp2Ep7W#K=?yP*uc$3}G6`GDD;-~B3tgtv3Q)C5k1&;$moEJ~{Pa(+$ zM(E+4A#FZ24@h_Ack&fXq)6SKq1K6+?jLUV9vo~J9;4kyuPz?V#TMh*+txKhmKKXg zX1rb`F4!IX;F(`!u%B8w9YdD_gfncXJa{q{Dy|fV{PfFh+T;yh6JgCREcxubu)61# zvTe{lhQ5QzPa-xF0**a;Xn1OwFkoG4|Bk-Z8~kWv)D>)3yJbym(XZHsiOwr$keMHJ z`1Z1m-?7)boIkhfOe; zo*4avG$NbjZ*2J7_+l*7NdKoGLi_N6Hzql9m(rV`!20d?!j6buwAQ7*yHTV8J~j+} z#g#(AMT~s=B_I8WJj`rnJo&NX%TTc?O_mgUH4Y_tpRN85NV&C=DEbsTqA4r}9P zX;VAz+itE87Z0{Gf&KS=N06p|Npyat1+XZMs9`NfvQDX+ly<<9yt`m~E_omrqNIs| ziqA2sqDuf>yXAzNz$&a5j*Z)-B2UI)|x2 z42S{~C{_KPTmuD`6!b4=ZH$G&Z`YVH7`;YdK?3;(tlF4xcQ_n7mQKN|z~NgQ2)!oU6jE<>27z{utlZ0crzXP^cS@DeGmwRwc&? z911{rlMT8Q(7;hnlN17GEUR+??6ke!%otY#ShkZGFop3V(yBy)CP&_~6v8Ci1OtrD0)ZY?Pnq z{{#)@$Hk_{$uCx& zUhk@JlN9|-flSF$+wT3@G_lE|vVU=f(6Q}_beQ(x&#kd1*9)NSwEO9yZTYb&`T8_k zbBWX>>0xL2LHP435WNy@a-=weJpAl(P3`gOcGqii!NjT}A7Nt&MB#V;9ur|*iLK5s zsp`uSg|PsG5ANL~h1KpvjQyV<5S{H6W-IO8NgCi&!yGto1)_?nO)P3@S^>b=f=-r-h5%sbF$5J+a~K_3%m9uirKLhUC(ooNV?%J+?2d=mHTR7A zwp9+Q4f!Imc}PkhDGa5Vy+Ap78DUb*TYsyyNVc>t>K1fNx0{B8Zia1zCsZW zfHgvzd~vCrwaFX!WhDk%V7&ogZwcC&HC_H&ZH%;*g-RdgVaBW3C-`Cynagk@eVWZ` zZyb8?5I&5v!5D{K^RoQKA{?k<`X%m!0_#CJSMhm-6{WXFDV2}2fUbR0!!&Htz(Cp$ z|I0Y;G6B+i0d+?)K7Zkzyf*Glmd5vK)@pU9$$YP2+z?!+)PSrB&56YIw2V#$y_G`D zE7>jlL$$Od2Aff-AsJt&%VAtXC8!)Q>EI^0{&wH^%50^4cKU9raYJ%Cw7u8fgO%YA zG_Z`{USvFUc-HCMd)a#v^TLE?21BVTt@RiuQ@|nJ+iS%fiPc(4{5FiOtNxDZLf4_(agvTV}I_m|AvpOxrrSJ9NN4 zT5k0NaFSIh%C^x9>Z6b|!IgCE>);vC(t$Oh2?H!JA@m~w9oh{YF8dkv$2__?f5eY8 z%#6d+O%@qUQ-ra2VKz^fy5<40)%q-FX+q!q*M4Tko9NrN>Kx23F1udD*mD%`A&^_? zayh<*Un#({{@UMXu5~I@ zSR^E~vVwFzopXdFa}mEg!KyzBWL93D0Anybg4+&SS^Xac74UJIVig<+*hpY`BhILZ zzj}Vhh-DAV-k#9;YDc_c=7v1iq%R;2U)ligiYE)!10KXhOq=r z{hb%aH}t)lLV;hoVbCEEdtmQ7a?~0wFO&WGG(_gE&OV2x3bRrz-8?-Z$Df?$m``Ke zfDkSMt9wW8b1ifj>|#3_UCoNTb+5?#>RYbSF;yFMbc%wkW6Vo@67lfg*6%y_>F~7t zYK1hKMc>kzq;Jx`^FUPqNeFyMmJaT|Ebl2Z0 z-L$B80=YyVCB;0=#l@7%6xTkAmcM|+q5X>aAOM}kDRI?wNuu{j;nfe!H;REOl|?wu zQ64%>#@F5@d7bcB?%Fk?5-0cn|H$2!(AG%EC_kZ5}ctP(pN z>&l=)=%s+mmYOXO&VnO$c>7X&E`T;;r41C3Xhlowvea*w)_QTiMCF&rL>>6H6=iR* zhB_`zm!39E?j1>aI4vOQB5PGoNAer?nOk|Od_T8`sfT=osdBBg<%;%tdqGQ!21&LP zWDedaH)MXhv{{IthaCMEh}&+D>+r@)>`-k{zB>_fP9P3-1L8aDEmSd%J|d$fQ&{2W zc9qCidnWtU&Sf2Gw1dDGooISU1@THvvkay#=|0o)F!gbnjboI10jn}@zacPFe-!#T zgsNxdW><)uP06@BS{o*~1w!Vz$ps)oF*wEv7lGl2@#q)k4a^f&@o)~D{Qo8xzC!N_#oopfQ-B#>Gn6mgGG(dTfcUj>w1B?%?f7rOzq5 z4%B?V0pYaWn>SFWxRd z;>(_?SoTZUGbUC_8@%-vOtLeZC`MkwZLEgn3$f1H1Zk8xb(y0+Ufvy_Fs5D^{)ZA_fOOcAWZ zoswwW+H|zT-sW@PC7YiUTILF$ZkcIrcxrz{y`9#(i0d*>bb+y{gyHXSnkJ6W@>}LwTci zdd7#n?bQ0cnDsGtLecf-Z^SwZqRC~FAUWtL;}lxg+PgQ0OgN-?T>q{ib5+pLqj>NT zwELQjQKrmHKF^sNdfAWKs`2Tuba!Ry`>lvm_m=t1c>l~-JHQ0*Ge1fp*35t*q|HU3 ztC7B9hF`#v`X_O=DB3zgVkTCN34+=bU9f*InT9Ac{zlK-$koXXx9c@zMq*2ins@U0Pj%`&fEHp6qkkYLjW@*h zc@VY*G3-L*X7~~oFZYGs8<|HdI^vgjk$)Oj#ClS!^E|Im@p@-2IQV{0=L?bJ6Mrq1 zk?SU7#}EAV0farKh4n54$L}>w9uT_d@=;deuRSEhT5-xxd2z~M?zPY)tIuc8#~f%p z-?r|u%Hy#-J^$(26jE)AN{f9^#HR4B#oVzXAhJ{}gwv2I7!BZ1&pmg8_1SYgJ0%6f zo41pmn!+ha*3Q9{pAx{ESg1$z9H@MRef0>5e%O|15?m-C8W{ja$S{1tbMaC6a*S%QU&(JQ70d5`n6l`o4?yn+SGGs#tA{64M;X_fV}2k4Ocm( z7M-)K&%ycQ5_jSP#wn}h?3_AWzX;`04)us=MGEeec$n;zbUios#6W4-N9xcL>+85$ zJee0Nrxecx{%=ym#)loLhlpJ%XkWlE*dodq+ZFqY(9>v@O#ytEC}QnDdEaEWPI*9m`9+ z)Ia;el0nYa@^L0$Pr+BzJ1{j<6W&ur*9_p8C7se>!6RL34Wkn|c(iO_ zc4MR_pBf_cWax4ET9=OrD(%`bt}Ss5xxf;5`6{RmmWjaYO_dviHjt?E2*Il~A3XS> zUb3ecVX+=0XuXI$BZ2w4JZM`RtK`VUjIR3##qCoUODrJ?M-l&is!JtFPl zL0d@C%~gnt#hSi))&Go6`59Mwi|+e0A1Z@;2cCt!G^#uIn_m zLXHd|aQK+mgIUd5LKBgxjcwVoa4N0-K`rYY(?YTo*o|~1U&W+H(ez=}OYKj`<>=c* zk@=S8m7_LTu~#LKjxm4=1EidK*F0;EkG`?&!KEPfJS#{y<8ZxN?Qb*Qd?yJs)m8*b z+>M&Q;o%-&oAOuRT9u}?W&x7Yjq8F0htQs@NrWCsrId~s-?)7nbRRt~SstuuQx>$N zj(YeaE4uBVF=Q1wh8>tGqJr;R-MnVy4yghs-&LEC8il}Leh^<=j#KZ9m8hR*;+9vk zZ*rcnJ3BS_aul_6(hw4kEwfDZedr|G_iN0inI^Z9_o5SSPsMyRBNw2y>%n!@XYL$y z@k!R(S8skVoBE(Y=ZR7a9q;BgsJD(6bcs*&q6z~oK!pb}ym}C)+~F(Yv19DNhOCL8 z?8cs<+6J^Cd&@26opvdecmmdr{^|n@$nb{KgLfQ^*W@}N z;`KtJ+bq00K{QN4Tsi&9RXzb#BhKRaGVZ7V=x$=ht=9@pQ*B|&4YqC{8ik;S2 z6b!v862&hPEiLJN2=~3?Rd#nAec_ODDl2*i=2({08D|ph?I_v4oA%3h7Z84I(?lw| zW&Kjnh`%!&Tf#@(UfB6mtru;;seWo#S{*X;0;rBB(L_@fR&t&fGIN0M5#2tgE3jP7E`Iboks;5RezNiG&g# zPdlATxN0x7r&YY{;0&L-rjWFg?QO@vN7!2vDpl2O3y5oIYIml-&?1D2vk@zA3MteIywzcuYE- zthgORhYiN$PK$h?Lw}deWE|U9a7JO)u*IYmD=wYlc`_S;XNTM=KKwWECwIWeZV>6I zZOC1?1$7h^QU%8X?i5>1w8}nK#L_KEdkx_dhI)tL1v)PoaoNyJWIeclm{w<-MJ-+@ zv>=;SmfPZ2mj(G!=@<)xxDQbX?}_FmxmF5fsI!FD9l4*ViKW1wIn4W8u)c2&1D{<3z7 z7u$$mz21KrN@c%%(9ooF)VADkz+bM+9uhsrzH3UiQ^Imu0HW;He?#3p1B@zYFUru{5qA8PM>lfRn!6oc3+5U7+(7& z0k4eu;sgTNq}KyXm2s+O4X-`PI_S{q(`6jA1^=#8K9;No)I1HSd1cdd`VafM-2NB` zZ|61z=BDB}ufj{?E9F(hs}?5ZV<~jezG0%jI=AkHsB4$45?owDDy*A!F)32f9r^@Z zbtUD1dNY#WQVRJetS}%oc3;^^zAFuaXnY>T?B@Vq>;~DKkJzgiczh;Xw@!=mxnQog zHegMdIOClXBjws~C!2f#2uV9_0HVB|?0|vEq_uG)@VNt|-*vd*`kVyw_-|h8NBu=+w8hFcz z^l&6;Fd)pD)=_XZDHT0B>2M(U+YydWQrBJ?%Bj{r3Xz>(IT>O1KqyRqQoub3j%a0} zWdDq%Yi5;ZXK^lZdZ7pWE4%h*$CnZCrj}J(i20QSG`$pEj~$D}Fg}+d{J0T?=HUPD$mhez=0Gw?;m|Nj_H2!l`V`RjBUtx-gv_9diK_Q33%3zT+OI9)L~7Enq!Z|Wt46D zqE$zTNgnjg#qY>9kX9LFl#{-w;)iWYEx^llQ51bm(+Rvf|5K^RKHVVSKGPgU2nrA) z4q*tU3?%vtk~;R&x1o#Wf z9no>S5jvsJ(tn&!t6xty9Ujj1%@96Gx~hm0{~0GziH^XD3xB1humWoahr($8!+P>w!bbERga z>q&9jK5s6ZP6XSo19W9!pMJFLMKxMK2C{P^bY9H;G2_wP+)4;K9v1eL%>&5D0Xi=S3>eKrkH z!JD)_s~izRbM3z^QgzXsGP&E9>PKT#q$DL|hPHIRxuYH%yKqEbPWDC4J#cV6zuGw9LzpN$jP2j;!w!h0v@nEci9vt2%^*UriU=5PR#{RyKA8clJI(%@tAeU9``GuR4Q= zf3Gf|W(K)St6o=l10Wc}G8;_9kSbn@;iy&_OxFz>q!?CF#sx*h_mW2A39&57wqwl9 z|C%~)H&_i=)bNB>cJZ~wc1A-(oXnDC@K3k9kIHi!axHiB!ZmiNPf1QM4h)(A z#pd>ksWi5_sIP~j!4!FpxRW(vP>jf+=KZ010 z57DgA9IH70hKF@OSsP*lH5+-TqkU@7u?D{g!CEcM?kz!exBD=8+HL5UM5FpZKob(M z_wHE=!tN&P$yZTN-!l8zLjbh2ZLrZs4Y$1ap8Q)$Q5^|{Rc+X%V2kTnIZE2B5NaW|tOcZKx<{8TuU#=bc|N-UpYqW{fxR7%R!p;G(k>UKDyc>(>eMtnQjd=rI;-#LQb*Dv#et=~ z`n=W@Plh;VnKr03$Wjp_%__~96_}EOgkVx@ykYD5IXMY^1SoXX*y?wsRS?SFHJO}; zsHZ}V6}KCF+>k8!JOa=$1@MzY#J_$9oOYHC%SdP>b6 zM?8bEq>%4gNB(H-OOd?blcrMY4-MX3(Mm(NN2GK!^!tVY0DDxY5p}H>iH^C524HYm zWz|!P`i-ZE9cQx?p*f1UN+E*Rc?Nu0)=DvqesqwXXf=l7De2S8;X0;7;T_JylQS3n zqxXruM*??7AcKpS=p3=9vdmy)RBXfFYbD0riYI1Cj*n@+$&)zTpolVXoyA5gcW?#R zICm-I9~@lSen`}X$9MiF6&7(|s(H_MhoQAjQKMqKim$S~`F=3%Rw%xZ!~ZiI)4BVick)?u z%9(@UpAQ7m&VW{uxnJo68AyUo8wlf{0^tVMdrfjRlR(6HB=Mx)(sAYn zDq?CHdIi4s?U2N4D0`~x;oXgNtsPd6-^6@$x~l^|$Hm*WHDR(Z?0Rs2w(Lv%D#BVl zUjuXyYP1Jbs}Y$>YdqY+K?f0S#Q`0oungR@UKqPibz*4J{@-~4MD^K1L9R|N%C2lv z3nw3?z!!HAiThqnMp{y(C=tIx`)-#BGqc#uZ{wz)Y$)xlsB|OW#G+h9senuQ%mez} zT=QUA4_rCHB^TRu%Yd-=gK`f$Q&I_25RI!bbFki6Tlq>`z9yfmb8W-c9z+q9vJ}k4 zNgOAa>penjO#=X$HdCai$%4P@ryNezvZq#4l_6VR#C#N9v63j(L=jFT_3=zc;g_lX z zwhh=O6wr{3%iYJFH?1WzbGZrv_4!{7Q*^Z;lh@tGFB_yRBt4Eu;Dv_7%a`+g@*{Pv zxLe>#rLfsDH6=+&Tx8zjto-sUH7-*dCRbRmU-qH?8jFE|8S;l=_{h(1egbIUhsb(B zXX9OTbrPMLut~)r@v`%-2OqH~KA^=dCz`nXXCfva{|kSQ->90$#HpL1=;~7}%!_Bl*msD%jIX^#cogyony=!?ui?k@qW>L z5<%7QSp&Y`sB!WOy{|MyYIx`e<UfWFZFK2{uKb7aefkbiGEPv zEJFlYGTIS-Y?gT)G>uR#ms3dK2;N zK+TzNzHBb}ZW=9C?IqR)VG4 z2XczkXa{MAe?eGYHjY4FEl%b_;+TfsLa;lXmJ0W9Y)r1aG^q(eUQ9y&`|~P37OK7G zdzg@+=B-G_9S(Y1fMEAwB~RtlD8H0lPc{6v=Ph+Up=yUHi05&eD|~v1G2Nh-wDP>v z#Hy?a@yjOXZ3j4T5*25uK2o6SeFSLWOEhjGXyhhEItf2QG%}u5?w4L*gu&m8lw?LL zZ)Q6$PZNr7TTAurzbPjtIGS-CFY_!qFXZq5*h(NR<$+3?4dFhqs?&<)4>Yb>1ys!A z5nhbbYX(@Vv?d`s>72K7N%0sG9h{{biUDln4oHl@SCma9C`(E_$nX3}7H>h3u)S^< z?z)h{^;h1#a&}t+TWC6lb}VzA+ASsZhfC>zi~>{4HwHL!6k7u5!Ti9xposU%7Qp{0 zrcJddX1DVww4i3PNg*A)>Cd^S5bRHB&h&M`?ws@a$f(`76?NL~K>g>VPuuZjrcpfT zf>bV!WO-SC=`;1*;&y=EkJh0hOqyuoQ5S{OrwTCkKw!d~l1+O%^5nGB!sEn?w|*}1 zTsf1@1$Ud){f7(vPk-nInzMCLo`W`(H%b2T<&~nBO0DWezK{T?@XNG4+rn?T zQ@~x5)-(`<<1m9eP+U-8SBA7Za)_1&^HmdQZG40(uV$0Zkp7QeV z@7%j@WaiG&Nk-*W2hNYht3OG!s(wD&-4%Az;I5}u_A@NrdZu1Jz9(eToi-VjAk-WQm9;m+cyI#&bfLJ#blt`L z7_1#8FaGNAvnY*!!i(WWq2_qyuK`7uJ^Glt8i(BD=xlxAt{?3gPj&#YXY^02em&d{ zDvR*Qi~Fi66`~4MXZ2_X;l6{w-i1Bdd9qnLAayEHxXxv@+2t(eL&MWn5j!#Lg zXjP_q9g0GZE~%_~9nrs?MWK%y#o0GG{AjFg(elh;k7l~Hj9`H)ZLQ5W@!20hQXReV zXFlJx$OpW!`K+V3Vj<9H25;fK8B|;VdsDJ3s(-5ok`Dpnc zhVJXD3DR}mWuJ57MzGl@J?i;L|0|bXpe8~!$cud(brZB^qj6&q=#6fx zOafh`-}vE&7|>{u+$oXj{#2r+CiI>QpjF2G5~kaawQhv{7sHJfDXR>-&NISRvsW9X zo_gd7!HW7SGqs@koPfSEJW2~%6YM4`u=;C7A96R*xa1UR@D0VWo*<15e7id%v}l?w zyE?&b8iUEB3#RXCDFI@^N^fZ90L3MmR@U&45R9Dv2x4^7hHQi$6+~q>NOOT2?v!Ft zA($@YlD`VFar2Jh)+6fQuht)HH?Fkm5&bNt6(b7$#l#(U!V2>jlITIucrD^H#tH-G zjzb?tqRJs4R6bs6q-9TBkh{^^d;u{NDM&UhhOGnklG_ABbo zqMn5cq9}_8tWH$$-M5;n6Y<)s|F{sD`K@0G-mS%TPm{4%HIpmv5&ax*eVYP(MLqdDP*b@4|PN$uVI zL1KNF!ou)EpG9#{K_W`-n}^DJic$=okyckk)q4Y?ThK;TPkr)+O~%cmsLI<|xWlN3 z*P1c^Ox&x(**F2jUu{5byvWWc|4Pv29YD42w7GFL?ahXkuK_0<5Zlw$2pjpFN~*c~xZo?6XGSm*`o`K16m3wqK~|!G z9K{FekBt9V4kVh|$miF2$WWF;T*>fQj%rl;F2-R@G9mV1UQxG97p%m?Lr8QeaIwbc zblRTRRMzRb@khJUT>n|%vx76mRlY9`-0n6EW{X|gU)<&%n+>t9GF5{fZ{jZ`M*ZBiIr zJEFKYlA^z};sXo2F9r*G;N~ZJ#-81J)W0SC4TzvJb)%vxJ}1J~*&rLJescwrjJ%9WHNoZSUWkIWh`ja`I7TVw)ngwAd<&E$%k#bi!wV+HeUw{BrwDUlc_a@cIUma)fh48=ni_?ns#DMEVWSCve#{bL=Jt2L4|R#) zyMP%TTjc|;+8UilY}xMh1CPjAnp|*a*Z(8xDxGtOrMtVkySp1cF86-A7W{eN1!td$XJ($6z4z9OfkTyS%>7q}2s2~Ik9#8Sm1`q_ zb^*9GS6JWg{8Htw2V=LPG01jeKY4fq>$AhggD4~XLihs}%0dUo?bu}$^L|6?3O;V3*Bc?=sYj9-0MOgW41KKBbl z&6M$FqYiV?FP0A+PH@q8``@w7mwZ&*ha9Vad2smbjJ+PcR)ZIplX>(*=;-A*r)5UtlY>d4pnEABWHkC2Rs04jGB=_V_wfCxg_;v1l1XJLE$P zpTw+*s@PK!6FbVG&OTQGV=f_63O(E=sg3THE4H>=pfD6)++h%K)3K%tdgd52-%$2oas8*;`!w;?8znync+Ji~GUi{SOyx>xTs`M7;tP z#YZkTm)|M^9TFx3Cl>F|uUD6}cn(z-a@$H~H8pM(uB(3P%Yc#J_i$dNH;!s$hD|~=< z1TFkAYw=M@ESix?T1)S$ayhajd~xxpSNgCvDasvOUZ0RY_ss<4^n1EuU@{UOGv8BK ziGESzcBhtD63w6^tojjpe7Fg|t$63(+6*{*w6<@jCdNc;WaMn-S>Ke?(lmEEIJhCh z+r#}T(bicCRS=8%xlnjKZwS}WIGqR^sNHR+q87hyU-h&3uAViKrlgz&EsNnkLt-y< zD5jv*K1uw-%uYIC2hMrQqk1U@g4k2nKcd@|55XcM$Q<~B5BBmdY^t_^@S+0p@t0Qk88aIkr2IIv!srr z)K5=qDhMB|nj5kvT=50;Dx=J>)Z^*+0hVMfIBa4%_j*VvYn!84Lu|)byIJ7E??Uit zMbbpxnW1HD2K3qeNd}?&t~w3~-C*Uh!m9{t(=$515DsYAEB-j2k`tMW=*;Z5$xE(( zh>0t;RJD9~qVufnTwOXja0G{+q8J7vQx~Hph7;u5l?JW83iFeC(HlcADmj$&x*1|8 zM&8U%5{LfRukn0_J=^}X;uPScGTvCc+)t)h-B|a8Ok^6*=el75N~x1AaRm-v|H$hT z#D=Ci2IxCJbfZN}-h6uDBdyShLW?u`_N^|B-u8Dp1T-8IP`x>mSHxUmQI}K)>rAMN zOC8o6HV|Ur-lScV0ltLy-4l`ezj-7{rH>TSywFEtHa~UittWT|5l;YO*aH5UAA{6a z^N=&B!?Ck*sh7%NwMINGQ8yTwXnxsHcjQzl<2q9DB(SGpP~@7Ea-wHmBH7)Wornc` zpThxye#ATeIefb(*}O6h+EYUxiYJ7ruUo~Bbp=YIe>)P#OHD#`uChByJ--{J?r_-0 z{yID^ruZZs^Sr`rlzg>^w8*9&~l-~ zs@O;Pz(m|#T91oLxn$f12|2agu1k8GDOjrg0bk92TADh3=Fa2f$i+gV&*Ss+z4t7P zH`x}Q?drXHA{kxyL{yzE!9(57S;PVwUl+Sim;|k6zm3_~Sdk{cCR`xg#Avi&K2ZCX z8iG^nTZ1)0*8mTN1Si`V*Sju7vqaq)%yG*DwBl{-L%qcJm8LhON9{DHBYch17Sf-r z74y_MZ6~PN3FAAw>rLL($b3wI=)ZX|u6)>oElG+sUZaBRfGATw^4r!d*wbG68q10o z*lS{QU%fnC4doLGtbAz1#QSLDnRXvDG6<6gerf6!Cz8Zz%uU>W=Wg&WY`+JhkT4{H zG810ym`iXNHrhKUHol_s%5Eh5QBbM+YNRGt-vaQ>y3dbU8=t57ai2v{NH`L_uULih zgo1IGtZ9sjk)Xk3mrL2gC{j`3pQOn_n-)5wKfy* zTZ+B@NOVc-q(YGUzzDLCHM4wJAQUzhF-M>QsCe?SzzoU30R!UUH!b&14o; z6&U;G@1L8N}>5ewo^RyrG@^A@$yZeq$F1_oNa#ZCus1MmjijDCWT_$FBwa2_xm$>yR>{SLwG+5RCxvUbr?GV;N! z4;AU0DwrrPtJEezaf>)!5}s`>$YZd}dgtdKkW5%;NJSfQ!8Pp*9lNgVN{1%1-!^ot@IsKul^O+FA1- zERd@pzC7wAFTLD`x(oOaS`eY|`rE_!r7fs_>S?5JlHPyzn&DXn9B=9hwd_()-<61I ze^3(T9!4=y-*=>KLdr`&AOxYeb4Pe;-s}&)MWAe@2FXDN%|S-jYyZ{@p34u3a?33h zu_64Zg82uhuFu6!R8&45{Gxk}4Nct2xCdJWcB2F7duu05W1Aj|57XxOqr8}G`~4!! z^W-OxA^@u@n@lRJ96U`)vS!4mo~2{K51X9r5+{yq=KO`#0rZ)LF5qr?eD0S5d9off z-}2I>TJZd9?ho+S>@J~68aGjjOo?1#3IS%nYl!-v%8^J?tQ5fwKyvXbp-xl%T3wJ@o)k`h zQ4qb1pGqVdp1Jna+&oB+Ax7`E$7>E>T^7U*kA1yq6#3+w^!;A_1!E8DG+ATvB5e;U zS7%9Zp^{~M(sLC?wFa8E&jGsTo`!evtil-v&Dud7^om(yyLAR@Xd4l883X`m%N}W$ zg9*FK>Y7<>I=6BvFs7D4F3y2GioO@ERwW0(bMry4`L~C9-_6`K+plHOUFqKrn<3-b zu=oS#rG%^zgle7%Gj8lfem53K!k`&+{S5a*dnO-uhJMTfGoM`53k@`y=c+;&v@;1a zK(BS2s*=LXEgtqLd|7wKk^$=>(n}2xzpzs5#VW@1F`X-ui%-w($CZ0e>(7~K2V-zax!xi;wvci_>B`2n$if?3<92@jCa_?~{&5m!vDPp{2a^uEKW5AG_0&^w_tNtY z7NoY#o{aE3uWHN4M z^1xhnN|8XlU;2q5pOWRZ=8e<+^|?w3i4-H$8E{JI=o}0epCMyA>}LJl;md6k#Xicg z!&ePUR%VmS7?Y4dlvBT1m_t z;e-G`ESEH%HFfV5Q^EfWm^A#xiiNy#*)-EUE3;i;%QhShvcWg9%NDOxmM?S>D99x% z`!uRoa8D{{;jR_T7OvlSSq;{3kr^O6%EAAs1Af$Jf_RoX1}>dP6=&3{+HsiJa`C9c zy2&}03-R$D^{Osqk3CmM=U~p!s$499%FvwS-Jors+k^kNyf;GnFd+)m` z=Ztyf?^$3?e`9;Uk@Fd?>Z!1W*A+ir!dc>%_Tx_tuUiC)eVE~I?)MlJZ%NkGt(0m) z?pCx6#gZ0hz(6zK<_EzaX~QZH`6@5BPUt>Cyc^l`gzX`>KlYJRMUY6J`AYg^)cT`_C*#p_~<5Ai7 zUP3K8;#t}6FrgexUX4<6k-O{6mzbXzP4?oKTVYI0zGXwTGjz)R;F|!KZbA0>2f+$> zM$rKJ&OzpZR)!9;P9tpQXk7t}_5#C*N~K;%$<}Db59_m7in`VpW2Kji2c0zV(-^RRPXLuD3^ zROim^64E~L@U8p(7Sg{8<&eK8Jh_l8P0%Fxux5Y-eS(6^*K12WgLT!z$KtNq_#(OV zG?($ghQ>hJUZ9vaP&BAXZCJo};2iy$zm|~s_#3Ew({BebhSNqcb&pkip1-;UBzeMk z6JxXT%(L#vUv|S?C{}2EyLD`%Wrw1P{ASldiG8U&*|FxK%$d3Xi2MVcoz1~CPe><4gVE}k z;-C8}#9*VTWZS)5nl%X_ZMQ1OR_SSd%HV^?FSL4&U(lgy|CCX^FFamcsTixd=2?%j z=si!eJdhDhYK_P(a0ZvN4floVoQ7*dW_VXTEdfn2uy%danc(fS*5-kRh6?tUk)OuP zfQ-+{veNmHGI{`Pw1-^oFuDa+PlqHd zmmZ?O_qbIIDRk@vpko|tEP=f`Z} z2irhd?@M2HYe`;;c{G`xuWv6`Md=P^C7H|Ftk|NP4Rv|yf(Q!a`U@us2_KhFUTI6>b<&{NryZ=?T}i0 zD5U~Xj>_Uh#QaR)A4e}7N(ag3t+@Mf*p>W#1;e{GG-+MeT*9lssGUc9o8EroqyG03 z;ZW7co_24j@6cH+#fMP5)QGv6|4()!d)#!*IcXClre2#&R35_{N-@t)Nbz}|)VD4( z?P($mxY!KVTNVojmy`Z{?)SnvuluQ*C5hn=k^vP+NxHj|N_TK&o=4Z@qG1S%0rJi@ zQT*`eoJpTl+ee2A^fz~U&qt|#uMW;76O#)ezyE5P;$)BmTC!X4@rnJ)8wSf)n9+69qDFRixu%iqeh=2SFZ(qW3nu`w9{b zgIA+E<1Zx5?xvK=(U8v!5OC5A*Bp?qh={^p+Usq!k%7diiRLFM6fEl=uU@ax?sHry|Hc$ZZ<+?!6`7@mNEKq za4gb|Gd}38G~`W-9(bf9+~78rI8CSv98iN`G<9Qw%lxR2)391wEr0Hg+j~N{Rc+yKy^J>q+k#cJA+mZB6Iz4X?gX z4zdg!by1Hx*YKZ+$sS!LbE@JAx8(PSWi&hWt~oF ze>Xi5Iy;3iopb_i0%9e~!JrB>Y_kaU8b2@2;B>MCR+) zw$;#~cGYTv?td|I3C_y1YlW}9sb1+gp9t_D`d)%*p7nbzDdwog1Ru2wvRK-&iA#C} zX<1UXK}L~*3as2qscJhK=Sd+0C;72#tgmxT^3!a?hlcCl4?uv9Gr6@d43WlXyv;x_ zPpD>!7H|_MgIwmi4z~B#XR`Ws1>-NZyu57>-@LzG6|sn~vlwbaYm}vFrk>@8CPrW6 zi*0CTo0*<$*j8i2s?`3+LfjH8Bn|ghzuLXWt3EXeWznCE?HAgv8v<6W{F>>Qm!om$ zR&d*DfbsAxTc7R8wrIECS?FpTSP1Rlp-xWp%T-id=K6S7jGMq}5n$Xu14fEN2y z>`Bt~00YM5s7NXHNTzE;PrKtSJRCK7m53*@c;$^9W_0uf5tjM~83g!HI4BR%pLuoo z1g4#;(}^TEo*0dif8Wr1lf zEE=8TS=Cn`q*?K*e$#Lajeq-xoiR46xHQpzX(>fQpsl{jFg(9$|7FF?J7~ZbP6nq5 zx)1@cvJn@QfN4vqT>X$_+y9q>y+c+bz>vLQw&7Rb4L zMJWu(1+9*`#t71hBG)adbHtm$wgWxMzjuHC%*WeB zKZN?2)q{--nD6Q++ZCS4_fCo_{#a3dWQUoMueghDCEOsp;hwosBjA^M>FvWol1PtL zR_NjlU#}?hM#Bl()r_;xx8`{tnmnQp?qOzSJK#G38nd*CGVxP{km zzJ7YRs1(!aL;U!Bshw2G1)(2BwyxlFEUyVibA7V6HCD}|%wz|+YNs#NvKVhS4w}q1 z-q}B@oAM>F5{%);7Y|>lTotqt%^vg{Nc*m#5*m;O=o%$qdTzOJ7lJjw$b+H8|KEb7 zc5kHEDZh(NizL{5{4R$11dn!3>sY6coh339U)P)=kCpjLnsufNflTtC8oI5b<-lzk z|3^~BRk0Be@D0-sqc4wlW3I1^WI64Xv~`{C;R!+YBki-ZCPE@%v)htl4Y$Xijq4ZO;ANnd1l&tY9UHfLCu00W+vMG8&^N^jr|w z3=Gi0Yja$ONwbgM$c(?slnfgEB@{j}VFf%TG!^qK@$5QnP7%yvSSkiJcr;NVo>wZG zjfDbw^%_(wMMa7G+}RIx&%e`wJ-+6Lj)T%Pogd;R596-#7Tqom+T{TQyH7&rqj!(J z&i7{v&leqjDO`alOHdNL<1HMG4+&Dd>u*`|%^AeGyeRVPWgJWKyX0h1jB{+O zCsLl%3-<&RCf8kTu>4`!J<=idlP7e&9s!W;ve@w#FmcxkEej7+=zv$}|MR;nUYf%z zd3&%3!>>EmHc?$8PVz!?Y?)s6WlrFr)`m9@QYkr{A7q@rbf~Ep9?Z{_k*;j1OgC&- zD4KUtYoBa1^GB-%G|u7cIMBJ1?&H1p6s3p9)Y&WA!Vnr$KQvkab#8NZdnTR1V)}By zPG)13{leWPT->FInctz~v$*th9Y zktK}6$OaHUuTq>RgX&civ01K>)19Gm$lHC6eAmnn)nDT*NEI6-`G0yhRc`XYcRTxI z-+XTnDu(8{CWBCn$HRrz(%}OS+zDr#g*rgqf-)+=lNJkaf|u70E4_-_M!)51(ngHa z8Ui`kvsoNyZOzfSayb0J*0A7H|2QVRga4JbFb154)ntZznW0*%YOb%e?EPv`|84%j`yiI${-GN%VBK76k-4s zn*;zLFH2#h%zw&Q%#X}luNU1RHNYBrPcj4A$cn4E9=b7j7P99H89 znR3daSFd05HvY0I!rb^(aU`1eOO!A@xUzfV;)#QOhG{@mJG zRTaZ#3X#%tfdG+}|2Mkm6oD06grhu9Oy7Vvi^lXY+}swAyZNVX0FviK>({xnD%9Ac zx1$r4rsOmIh*T%VMAaM8&M)wMFR7x`|5VN~do*oky{$J4VM`^3FQR+)hi#Rz7xfB3R<^Ei1g{2cuhxcM`7% zJ0RcuN_uKNLo_Qe)FAH1cR4t(H2NAi+-^T<51TBgYAK~_SY+02D9%aAFvh*t-zzT* z<;D~eZy*2Yq=r=f+wSrebo=DHQUAkSpl>3rZ^w|XZ(b}~5mX2zS_hT)5=idTBRY|m z6p2oqk^Wvwm_yOG!?p3;H%ayeX7w*HlbaJu;Zf1Acov$%F24o=bCJm%_t{;&oSO>d zC_jZHFl!R-7wCgjmnCfUC^*5{iB9=q|>*pzJZtVP+_6FWwR`c0sBy2PunLo*a_ z>WV6-?JR$OD)Q=Fz}SKoODUf=Pmg8DMdT*wT6OBMXy#i{@^vTlrFIU3 z<^b0+a%rkTr7S%8$t{=Hp;y&(eS?Iz+eIpVm1#&Jv5kKatTr^J-H0p@6-IzW55M{W zdxz<7rrpCsFp(PD^O|UTNP+tAxJ&W$sZ^rs7oqxJ(<1>`kF2U=dYd<@<2GV8c_lS&y+ zz(~I9r8OiS(fPXB&o!*XdTb<%wmyn)ocXy4CR&dFl*6&YwDxj?JlE;$aLIW_HRR=a z>1uribH&~H>5;wWo92E3wpiZkE+O!B`O`W&9k{+0gJG3esaJH;rKk~-ZVs%>5xR}s zga>NAc$9K(`a?Ph^^*S>bT0U2f57fFQNE}7>wpJ75wbGFn+4R2;>oO zwugU{z{Cz*?$OIU1rZ z!uP!9gYCH`@)=BITa4|RkPc_(#VBQLpToHC1jhk6A4luO9cI_!k3zZ@oOEssu0CZR zU=!HK>6_H?`&>@4BZ~7pBrfZ5A_l!Nn@t@lZ6YU0^W8v^^oq)}T|OihqG&w?z8Ru2 zj#R%I$V3Hxu92Ne+yEe+m=rz71&bf{2Qsq4GNDB4E88QLz8Z=O#PHQn+JnAcY?MfN z(sp=DRiX4NPNb}xFYGZ+e-sj$L#<8z*i1ejStJP2il~Q(>9>j!viLyLO zY42refu5a*BZf}$BM&JwHW`GzfSL>4nfowN0CYAoU>gOt2WjJq`lobq{Z7EMH!LBm zP!-t(BL7@k+EVQdI;ptWyLPLqu^EHsS?P8ws|Mw$s&0+gNZsHL3NG}yxh|;6wx0#$ zfzAfu%0K)>MbnH`5%AJstI||&EU-{xbfgq@-tXGi?%}F~xa&R9$seg!jz*YkJqK!c zm@OsaA68Wm1L`bI8@{6#!!_^NF=bniA74dAAMesMe{GQbO~Va6{(kM0;%-mBW=xJ$ zYZPzoF!zDXDVpZVWf8hXkr~&_CqHMoS{w}_$;N7@mQi|*)xaD3e(2Xo(6u)tVXIIj--N78aNw73XYEW#zzd_1 zH~wt!5KCLvd^hbLjWtuDKUeW;19-bshBx~4h+|z^stv4epcZFMbs6svV&PJ>d6jp-<$X41LF&GbXOPDX=3v#;#^?VuRbCoVLN=ZqGP0{2D0_T}Bp6ATp|1kerKLM+67#e(v&Mv$qta2cbep(HuaTBO=9 zhGXe&CG)9GXO1Wnm5l) z?iVLEmAj%G0_vAKHFTx#N*^jU+v&AGIGu+BI*)4BP9f>64d+uTN)PvCSVQZHW^N1C zXRrTXxOC`zV=O)FzSP{}W*P6!Q|@jmA7cdT%IY%f`GFyA(d*jAZ6JAwVH7eE>4k`L zqjd98^ZD-Zj-;g}TN-wP3cy-P98WHEtu}KGIJ%zuxxS+cw_|>*JrYg`zG0WdhaUc^ zL#7Rr-lo4l-O>7jVd1Ied0^;S2kY2=;N}SL{GmIQpM1zL;!`xFOW*5_;=G;KNJLX< zgtgO+uDSXLvp(RX{|#nzrxAc04Z-ri4rUl2$tPjEC*`QCYsL+wz^vgpp-Yn2t#W$oZ1az^hN zS#vgpzJZ?4aLVQRj*OVC)f{Q95yK8mDTR-P3_Lw26a9KrK^Y0Ma<-J6Tb`Hwz#o2c z5}>}UHL_N*N_=H?(F4bY^7xx>wnh9B<8<)Kr$954hXRH$DdJnJ-RHkr5#y6)yDA8n zgNAY(9&|6VGos|i2H;IW*~F%lbYMmUc^7u2{m7am_aco*g?Q#!Zg z&+IW;^Z@K)9C#^Up`_UW|fU{IU%D*;sl7MFSyx0s*nZ)C5%34E+jwmAuy%j56tOK60{)GPGPQ#QfTha7NAvYW8uBI+l9rOqV!a=E<=7!YgAdXIKB7(dCjS=G>goF^ij^{Qr0B!WI zFexvgO|4bHl3rzr_A1MCen|hX%7)WA!2;*O6Cb+HWBLS3kY%9Gm$qkYoV>7ck$y@5 zRmY(jd8E~EQ$Oar9LNhe#i2gc1fcUtl4J1voY3wO72NQewXYXkJ-u7qJyhuy(D(;8 z-(a)C4(a!mG33{Rd1zX+9GKVNm;9NVeTmOiW}TwVOHMv_ZHp;!;Wrmd9Mv4%tl#H{ z9Q|>r!D)Zc*Z9GlKc3#Ct^t}#B=Eem8OKe#vqnT75Qy^%;U2l+35fG=Nw7H~6Q${b zyi?v@%RR!85g%xaSDW5%ea#52Q3Aw8R|p%6pI_dwrK+voepO8Bgu>^Q*!mgIJCZN%cg`_xVPr0;#q^{IOk*1XXm%(mTa&NE4|hyy4+szn^ceC|G`m|!k@2%S?Z?{^z>vf55(8@`gbYu?)qeklNkLpH>^`{$xl_2%h2bS0-CV1@pts2ugbwTHwm_{Z)NI z?W51q`lBALYZ{2$QdRG6%J@>ng#Y15gpd?-ULr+7w=?KG-%C_Cfej%s zvdbEN#|oeeQtmV*qYkJ|)`jyY059rKusa( z-n+=9e2bpOn8HGWFOZ^GHTO+=TuN;4d-XOX@%LRRd-b`b|LNTE$tSbHb2}{0g;#?? zWVCL3G^&mI9h@BjQ(8BNqAh8|?a;M0e4hPZkia?^t9veXpnnC45T2mn90|Vu`6tQv zs^s(vr<$H(U8$6#+6^l5sg{~5Y6a@6w3sOBz>V#7oNEblYOBLF=D+>a?=RM6 zHO&FeU=S2IrzHJZwGkEw^puRsu@ypOOarM2J$``~jlT)qZrLgRX7Q=~NYR%jU1YEG zg)&}LzrGQ8M7bI$Mx@W8)S-uS$t*??OS*xu71oC`U4=&7dPn~f3D(3rI5YQPyFvln2h-z8I86$J3Ebz=D(kIwt!x~z!O4TOgW zP$0B{7jo5n0-RL641R1{zdM4>Rs3OU|Jn?g#~2j_*On#G* zcolKO8!PmoG0>xh3YLs9Jp6OmU+lrSBoYNwdLw~X?19bgLd^-j%6lZ;p;a0a51I`P}1|GL)gNa7<9<4D51@nlw8y2;n#-3Iw8)6fXl6y^uV2`0g}Z2Aav zyA%5R%RHPe1P)t5K5pXz7vfrLq#y4%(kl0wT*ayH>%A<3ouTpaZQl8p#I4^oX99!= zLo^{kMejjVDE~1{;B5*k%kyUs+I{7@?`w$Q<8QMwId70RYAJN4DNOxv2{?Z&rP%F& z7qr07V7) zszje4Wfsylrfd=p7PDR+KR}r5TkzrG+APr<-U9zjH(!GYAmPCqcfETB+#3)jv&X|Q znmZBvol}Dg!PlczLXNRqvl{z#E4H-ay00Z6ai$ie+1^vR)WBj}-hhj`_lD0zhqGbr zr@H1ykY+|jr0iQcNR4zsrKYYzd_piLni;5Bp-;QAmM`)tq-QW5aMD=`eh0>r7^vJ6MWH!?3VU?$^+}#(gmudvZ4|cfKwpLDq1d>( zrpJ<%A>5*XK}tN|{Y*P)HRRyf!Eg@XQ92QiV6CRnTx6b@U5@@D!3}smXE20j7!~1w znW=j|1Dr{52I0BF9#AgWbp|#uenW@d1 z-9{YvbQijk3m*UWn0+>+8$3jTcMuTjuJp1zrG|QK2DKw?>g#8LcX}8*X&QAdMlDG= ztH@-3V)fmx*Hhvu1tXNc`mW@U+xgK^`Z)EV7(JMfnvW_l1?r8Ci(_xK=cIc#ZzNf_ znLu}8ucDLQWn|Ju?IDxC?k4~ubHA9$1j?s+V}GfeYLSKR0*RJ=XcqO_2m$@hupP$G z-zuqw+~z1w8H^Jioj|UKOz!dpJ=R(l9C`JYweeCO~U=Q5MW z&>{dYBvmd0Ll!HGlaQ~vysj^ssz7_rpiBk2#%4E0I%tjn$iwZ^K{S8ZQ~GB$uRJSn ztEe3QM|kMoQ3S=|kl*^^o2qmmokVBB!5lJc;yQ^xEB!k~A9pC= z-&Pz!tc(|X7C-|$v!W>D(xc&9-^GNNfIFf*gw!kP%!zCrDhS9X1<11DVKime9OQ+u z)YA$ATJ%4kQ!~1lB?;DPJ^H+A*4Owh)jUj*%3$u?(K&N?@ua9*iG|N^g6h9JsuOf!Qpiuv20+qX< zL2bhP>j#!|vKt;H4Mh8-4RAmq&)oPhlN@CDOkx8&x%1Wa8d|m~;Sw6Ebk-?p^XymN z-mb%;>fyWTWAzk@>@W7lXPoaT-_S;BLgaQdgxLeM?K0LDx7MgtJw?=R7Xgg}y2q-u zk)|N3JrdmBtfd=oRf_PBqUs8IE+Mg)Jkr;4DYv017XY97AQ~#H0;Cr4bSg~f?K(=t zn_W5&e+ELQO4{lGH$*5m^Us8%KjY0+bxdXT6*cfLvv9w4>rROCy+QCNwNN~GsADj& zT6?=Zn{_Hf<*gnqOj=5YL_oBl_O3ZDEUs^3;w3`Jhin+=~?j*QFss7f`>wquK+U51|5 z6m4gxLsqnAY@XDA_~ZtDk$yhLHmr#|;OF_siqwKR?-wDaGS`2 zl+S4XJe_on&`b@BzDgc3Fn!m$6xpy&ZohmQ*5b3{vG{z@Tqa1tZX<}RIKR%Oe4pqQ z?X1>r-y_5N$BQU%hm3*Y}jd|NOVEvSdo3;WXL+$QCwCb3Z_hn z5rNr16Z?^4u3pmLP;@VFL`e5Ze~45;eZrMLjU2m&8AhnfZBpK`;T(fkh+pA-gpD5H zS+Uw;G`_(co{;;|AzE(3Df{n8=XSeG67r6jpm&~l=H##1^fDs!oD_-n=`5&kKdAay zsGrKvuZvKLhbR7fETEASS?9|A`drxyoNbbQ(jnp3=VHm9(lYCRf@{V=z~8KKT;3f( zt3d)**vv`trIc8f_6My<@S}(|!V%>raB$wzk}KrlUSD=nG}KTjY?U0W9gYxE?J}=C z`T;mTV>?Y$anx;+{-e6a&nc0A2T75xuoHn(5|M3Y?n^QWe@ldYqQccIX^~bQr~vbs znU&B=?CLxNC&!#wTuNjbW-J&bQ^s0HXxfHf!I-^p?2A5KD=H_AyPrQxZ_n}scd%_5 zWD=wzuKau(iW2o$%woqzL)8sUe-{}Y&td*fEn<1WXTE|^iKaIAcr;Xuy~?Dgfe_Ldx(@1JOysKpq-lc^(t;-9p|tt ze@WW$VW+O1Y0?AV`f$4)1?#*`&R$wnbM$SLP?LQfbv;m0jEJ7(YLQ*q08_gDa8>8L(dqg!_XIiA4dmzF5Tc>3SuU!s8?wK1m_j8V(|9dehpHLWA^v zBLv#-5<(Djm%dYd4KOk(4-!xTr-)rnn*}3@=+!Qu3v_ zRVK|2uuAICT0)}Y>rbrNf(!Hl<)XUB^+j}?n%v5W=tx>pU}qBiv>%$2i$?k{k3pS+ z4P&cMMiv-JgQACz?(GspnipgiS+czQaCn@357`h zeeY33K_|5G>BE!pf>C)1A{UR|BRGR6YD2~Qt(qF)cvB&l*;rQ^>R)jKQOJe)T<=?D zDn8>AWz4&ETTg(ZzPU_O9xtFOfpkHQB!@+s%Nt(76j88hmIeh$Nh?M1{SBc1;U_AzzP zM%VgPpXnxr(WI5Vr<_FpJZGhY|0yHwCDbD?i{f8R0k5AhMGZA8p$fGL57&Hg7G`t7Dbd+@OGIOxLS2R)oE7>_9o-oS zZ=@qBs?4-KB6<0uzUb?c<@c(dJ{PuoT?f|M47UPvwb?^#mg}wVO0S2s3s0P({RaNo zmB^A_Fssi?sy@gTL(r0^2_9#K4q2?EIQiT6mOf}?d~_}L@ud~!Fdmu&pYN}wUR<3< zn;Jj9TI$CYrF&nx+ud&`JS{u@z>r?coFkk4F>96=+GAO%^_{jbL8S(4fJ`r|UJvA$ z!#2d*9>n*4%#*_Mb-e8rq zJL0qjV9ji`s-3RCPV!3YKA+1uU?Ep)corEKGXfb$^b>Q|H$v>wf;_v4k=C3u-fv_s zZ&zI$^v)L&ZwnZA6b={MGIjd8)Ye_I<%O`5ueUx4zxARzu5P{Xt0pTPTQ`(m~;WkytTKe=Qm9C)KSiG-IK#^aH$#Qc6vX7- zs+uXP-Qb4-G}tP{d&;f9jY4UBLTXtG7WrCwxrd2Orl(zB=~=fD_J!pVcWjoKbkV^E z@{NZXVm0ZmqyGWF;hY>d#dRBfm09uy_cU)KdX7$7*z1f)A}PHhxQ7ESg+y^ zhlp}mLT(%@?}TwRWK0|z+rL+_arN3|E6iX)H7jB)B{8Yw6jn6g?-=G^r`z5+$h>=7 zo>rLsN0i|{AqdLo9lfmp`QgVXRk}buf@IjXD5~wC19lf}k_)wz=>O~(sFomoxnfT= zHJ0%&48L4aQt+plUEpit+T}t-7Bs4f4H4dIzj1V(J@`DkGd9vv)KFJEe}=-Q zReX~hkuHveb@WRi(vb{tO74hnqh(JH;SGcCkpj#~@C$>W^C@69NuqW*;1p|1(rCF^ zf)W{aD&=F|$&(y@GX;D>$+@L5wCA-`1;0x-Gq|9KTZC~`4)|kWvp^N74>%Uleuk~WofXM{jBrg z7r-nZ#**14@rx3=00%Mw3_AisC?dMW?Ofc6@}fXz4!iAVo^70X8A_|sw^_s24-CkX zC1KXPhoV19d~40j2eAfo>zMGm6U-JsW*_gkCVhaWwEE9JfnVdjIXvqWNr|4#`()*z~r5i^zeQUwfzbCrw9(62LH02_#Ly5*PP4O5^0|$Qy1&E zEZ@kC^asKX>0efdUjZ&uB?MXHAl6e|=S#LEhj|45iw{b0XMH-{?`;JBAyt$D*1RM` z!ReVmYdbTNVfi8@f0Om)bUb?H$j4OnhA42*h6+WIAa;Oa{R!oEYDhLgChs)!?}v2; zNi}@#L#S%;?}W+Ic;$y}bo0Q>hJ56=CAJ%{oee02R>sRU+~q~V`$JAVpe zZQhZ0!0b<-`KN_R+0cQ+^@ zNH@~m^{zg@FTQ{6eZkpl=S+NN&YYRKspRt%73}*0CS(5#qb?|-@_N8=*f>(*>*BE_ zbY#O16Q&|mPw`3iW8tBNHeKodcbBqN98r1yf_X$wDH#E-IEa^Yvtx>Riw8=}NF^K( zO1pgc%8_7pw(4}!GG~1?3Je&~HHGt*tH%%Py&$-LUD(tdIMj-TbwVj$s;J=57cyyq z_g_FmNoGdd#~YWjBDH~fpW=ypW~6W%;|V`3u2k)R#?FAP5Ps>nPq;1h4|qcaqi8Zx zsk3*fy}*f7*(hyTACuRV?@-tL1`|OuS2shwi`{@NZ3{m_5ZZ15lY71w= z?8^fz=Tc8T@Xh%B^?yIR8lwoe`HcMc>`crJ`m(z>-hPc+S6Y4Jk)DG07FS;JZG+%l zly{^f=|2j}$Y!v{N1P!6+|SP_E{gCkW@ZlvO3zS=5jB#&k~<6C2Ks90k7IJ zjLkLY!6VhY-xVZ2%tAj$6^#m0e<&2zVAsGw5DM$n>{$D@^K!y;!K7^({8F_=OMsBfQEQYMcZk5NeIfHfY z3=R&(6h7*eU%pT}OcH)Doa~a=ym+K&KaQx_RR&S>gQzd2`+WIedb%rINjBy>E44)X z-vx`V?b!VnhVr3@h(?+?f}lghg2r1l(UWb6hy5laP?FT~%%xSsIGu(Q0O}Kv5eWSs zH1}Vu#JHJ(AyJjnf+}Ai#2G2?AT-?dY78eEwEF4ATvisDuprx(-d<2W9Zqp0@%I@}hy9FDal6KP8y$*TR z06Tu#Nk7cLrtvKv5EV7W5R=}-um3W*J^q4?^RBvGu}ucnmZNGU*HRk4l@ zLi)E+{tMq26ElF~&q-%e6%^>Byl_?9zPN2rqp*kw*u{c#e}L5cWD6BBI&eQLXT11UDiW`Qh6gm`;70;ZH74b}v=HvoQAqYk2#ANyw?;E_gkN0f% z%Y8q=`9p^6@AlLElE@wI2YZ=;#6%j^{#U3+L5@v3ubb#BuPEeG|3gSdod3`X@&_8Q zX&h#PG$Efo)&}yreWDab64sme@_QZSJn4Ntc|(P>l$8YJ=d-SRrDQ4%7ob9?>K%w! zs7$BYnSr>ep?t*eB4UEdT?n^#zxl-~)K|;8L_!C%O@H(tOcr6wWX9(5BBFPv;XdW` zy#Yb(SX#cNq6pVn-4cqg_DXX}4(W~w4Qc5FN?Swe{JSpb^PmeiVqH*WfddlJW6UJtXtlfE#m(*1DP4Z&*=AD&k>ipz|b zlRE3oVP&YmnC7tY%BV44xjIKmt&9}<$?6w%5;*{LATc1G|9jsZgnJOx9ZOj9!a zGM4bKOlm<{~^ajBQ+zPHKGd4);E#F$Xq`RM3W7 zT4>P_fa8h11y`u~j|=XC;k4O`;dgr%Jn7T;2CW3W3Oc-RX5UGwiZ6f)!}o;V)b`s5 zm3RqTg*DkCCTP~;39rNAMM37)k_aijlT`cmtw}5L*MYtmNyq zCMJ$=1aho(Ilo05)XG>v0#Kee|0_Qviw2kXgviBR`vZ0f*n*(s{s(I%PnhY8ojQ^5 zrq~Ex#)Nx9>fiXnJKcl0)oQ;fUXjZEcP`RceIFicT~5`JpnRQ{T>gGS*8vk-9K|yQ zE5dt*4MZQg){zm*-Pwuz93wfY&B3ZDqX1bA3u>xrfu%)j38e$4f*R6=XvVyy5q7k~ zTe!j!-a#POMdW@&`Y8^#TJs_R3M>9BMgju98UZaqeaP+-4Lxe_U7Bf z*W{(Q#}edwdNqsyMG~JiIS=_%a(S(!oPzy(I$B?%j9_={lQ>#w3iHCSW3Am@A=C{j z){(|9su_a5GU2dX|2+OC8GAf7VV}9qjsGn>vq8_{o867>^u@sq&*h=2S4SUG^uIfL zHoXL!D{fzHeN~)q72LS8TdCCWOY4>2lU2tL;<5MqSNl<2$p2ros|uNej9j!9_k41eeERjOb-q6a2LAE?&sz=PBeUE2qgw+cVM979}tgDIXT3sp)H1QoN8&LJ;o> z2Rl#t^Q)=O4p!n8D*v+|9zn?Z+2HZZQTPkPwnn5FULNe&qgE@P{0|f+GgQg2BX92y zC}vU`b!(hutAYN;ZL*h}s<@S(?iui}n3Ve0DdjTzFQQRbDqq0l4@6gdAQLKPu699O z!$o0gRhdvlTuYO_r5U5?<&DSPmQ(iU3WJPT@EIXu6ZI{ONU>i{Vu{LOxa@8~g5f7f zT1)!}_`H?pj^?00W*+984{ocK8_Wuh*0&{A_o>^zM-^FUe*~e^ikk7QLTk zYmV97TAr9?`rTOlTd?lCs*TURP~QY*u1m`A71Hy#z0Vp$s$1jU(n{W);~)4b&S-#wK*S$?7n^6T0P+jwZ?T zcaK>y@ix<~&UgcHu*Z@FNo4~(7yu7enoXT9J-q7lMRCSUf%~?IzLRV3YjyRqYLBi2 zQkyej+4NpvgB^iP;qdw9j}P~~{x1P}z0*2TtfmLc2k9eiad_vQq{9aE7PouSB8+}a zwCXw{S15Vga{SsSxD$ja0@u9C>JRvr<)HpV#hvuH0+&s2Oo9-yRF2Ffd2?Fip{Mk8 z%Kb}Q!(}L+r8a^64IZeZAliWF)WOERbZ3oog?{sIFG%5_;O7sr8F27VX%c{V9$u%s zwoI;7`(#ghGRf?Z+&5*#vwTh~P`FJ0-OXp`BEHFo3q1QJ+7FSNXumki&tKUAB_i@g zS@nM9JLOA|jyZJdr3E`dg=T0vnf0LDYvFMx1ADlD3RNCYrXR844)R5!40bx$YcgYt zmL@xaxynW7^3p1cQ8kLdPP`^V$v6AE{%CT8g_)2CN`j#s@|!ldr#p-a7eMz(=fw8t z(W#;SAnkEy*6vFXau$=b*qDRb-{!l@e6} zx~N;s6(B)QxHOnb^XBETHtUSS`AqY)!ZqjePxm_qW{r?u?<%|p+j~-zxu)b{SRA?+ zsVD2W#D6S!N*=aBM&w-!7zr2|o((yxH)*_5O-q4&` zr&TWw&%%@IIBX~EvJZy**^9#WP3%j7WL^6;DS~+Lt$3a|nC}32v`3eivvA`sgyvNH z%NL1%97U>q(@SscMKh+lgPt{~dBy6KVSCbw75IRYRCtF#vtm%T79-*Z%6@agjDxMN zo!8G!m0e>$?f2{JyR@yQBBAESfgBgd*xsJ#9I%sNp>w6K^RK#K9WizfVyka`BpzlD zGo$6eSK&GWv;sYjUuOhIo1XP-!n-+a%gfsiO`{tEX`4p$C8HUg+=jdavy1m_SkugH z%p@mD@|41%cWV!;^hM{Hd8PSQmyt&)*IGU!r@i~#WnbYRbFNOC!r$eqEmj^1LOMM^ zvt`@9DFhWVlX&c%r`X}(QxbU5lr8a1pM)?2U`Az&S0D9IZsr;Jlwn@0n981oEWZ!S zf(djr}-{jX)D^DC<3D_ENAN5{FEid2KT;bhww^z&`R@hDpG+e>{ zhN&Yl;ky}C1Mp9EB+J(8 zHX*59*7@CVd(G<>Wo;BcKkbjZEFxs#!r+rx)!8gXYlFYx4WTjt7A0kh`roBgK8h!_ ztpuJo#LnC?$G2xea#m^H>FO7C@OLM_tS@OBdcZ8c^B7uWfsClw!e;Jxj&y5OOb-H~ zqMq_3Dpk{M49TJYO?Dh;^BHeDa|k1t4*BJZoh*eKkI}nnRLpDehS1j_W^y{1 zz>{*jw2ZHQ9zdBbQDG3>-t7~b7W$o_5<=Pnx$M>}adjlP=rZWoZ3~JQsHLUY9)kjP zq`!7+O#3x6s*iU#5NpHwl?|gqYWQwY)XAFC5az?u$rtTal#seQ2{dAF_HKRHeA>iU zwKH!lq#LPWK?yk(nIG8y*qkoe{6p$#e@1Kvh~kWpz+sJ>9;k5*MKH_v$$d! zR`MVFg*^O_QhDjW7AZMsh6Q83p`?!sT02p7D1nqopj+U{CIy?u;M&LLl{*6=bC9e& zQaIPz|7GQ+W@`po!0X}=z@`j0!p}adUnG_PWxso<;9JfuLX zXJ9{RI44;Dq_8WaaxHB@Ge(%_VnNCcv_GW(iZ(%mn}OKO1^G?`KI{KxS!z-5Y8mV6 z?&aLFTj>IUR+PzwY;MK@Uf;gx4?sifs!Q5`^u(MQhH|suX zmF*2yM=Ne6dDFrn_9SqL@siO9l|$G7i0pG+NKj1(V<-l&m;PR`B$ z&SJN7EDG|KShj!ttO#rRJnU?z&Pv{zJnYCfR1vK~zFIFqK_CphO>J3&?F4{Fr#ynZ zP49lDm+SE{W?1+ExU;$OGE`)hdMJzU{zy=DHjdKIqc-;`5L@T3`9U549f#B416*A=}U;unsgj`Bh`HxN?U2&8SJ=0r6(W$*k(TArIuDUBcrED;CQh+8QJqISs zfnQ1vwLG)3MM#vr^%(87p3r_?8TMA!zy<k*>Qtfi~Kd#Ts&OWMpV; z@Jk{>)jk6EkJLels-8ob19e}4yX{~Id-lr$!qZn zDF`qVd|;}B+$sOBl2zbWuEj#C#b?>wZUJdr@9rys*g1>tZv&}XQTN1IXFx$ z?I7~bKBy_clFYz+u+nXvZA||mQTSK)&dS(1Y`>rOq)k8ctPkh*S_<0Vu)lddCGw6& zuCJGah@js@7bc!@=#5^gv3u-5?R)6;f*71%Q=5JUL((h+p_2A;2>+;=>o!?P_6eQX8x*Rqv&Tgo84G%`dDLDEh}Vf1cAbq zZso_N&Xw6aM96jD<<(u2+r{|OObN;jy>gi92CBjR?3`^ksWAQ*XJoMghPa*=Mj_(z zEE*X$O6-TBp^YNAbf!dsVU_xR+;}==5!9Uj*NgLYUKBzU7KA9E`>Ur?hCo-77^&o* zk9*73&om=#{1&&TV^>~A)-gCUvey3Z17MFec}a!8La{W-Ip?J=&1`L1zq|VAO6D{a zQC;z6ECo#}vs<6t!pxa9VAS1yqL)^RK%tFl6sHm0nKT;SRKHsFSmsehObz>*N({+? zfL`yv6B_`T1w4=-IMJJ)>eQGgG?GBj3r{U4J@tcJ!GPz*^5Bl8C)&+%{*v{9X_Bgj zoMH8Cua0AW0q)1*%jClbmKFkoH@kc<+6UQkbSL!vGzIR>8yl5EU!bPJ2 zRJnNS%g-x+)Gg+1%vmwT3t4Mj^L(rka6)c$an`D5!>7w$_M{XhaHiByXG~tqal3{) znl9n`TsFH1qWB&?_r^-ho#FK;d*zRlcp||;3gx+CcaPqV2+`uBZvyvo8yEPg$LncW z5XAx}rXDf3BNyoHB~&e%gj>osZ53S{`satN=`Weeqr$&a66f7@GtwnzrTEXDt#Aqj zJb)Y17(|mAs8mTD+_h0=qiS3MaBtvqNWEwfZRB8HkiuGwvG>S|G9=*yh><=V9_h5r zchk*3em~;fa1t{;62r#_j|9p9e~$hDcw|Ee*(^uKfRCJaiCI9N|Ie_2jM|u(k2UR* za-nC+tevu{4>n1+NaLJo(4FnV=Qh6G$U@%PUie9>m|e6wBE zG+p$f;zRQpbNcJ!`$a9ha${y@Wv54V#J7Pkh`gD<_GRqpUGm3n?)KX>;@zE5`5#Dl z@qTk!v9%4gNnRe=%b@&$56dTi73ITt21bIyJl(W72V|KcjLEKOug$1x&6SfuB`Z`ZE zgT+((#WjK)gPm=LYwu7<&VFUSo%D5%-xrQ*+lI|`dU^f-vDQ4g#lf7e;ty--mCmUgv7PTLp4?wb@;78^?_<1}8J;;Zin9w^;92HoEGqke^2>z^ilx`%TS|7wv z7<4`oYgyb6mw0>;)pgi>H7yb}?ej(}T4RR%#;pAs)fVtLk+8mb;F_^d+l~=?gBnfI>ERBOPe3JH*+(po4_yXZy1?vQ#(YP0bNS> z-4*j|m1-F0hZx5T0Iw~#YahYUo&@RqN0*q=H+4;OzmfF%&6h5P{O`yU^Q(t#u!+2O^*V~^THE}=uaUnrf3$6n zlExp|HS;cT0)#GsqkXoL_#kvDuze`srN0OqJ^CU&R!D)-JcU0_i0ICVXMtK=l6V@| z3bW?QHtV{+ZWWC}5ORbixtQG==Ch+gh$XZCJthazS0;ZQs>mor^2?BIY3lNOZ!#X6 z=?+_Bys8&v@AeX8${TF#z#%ad?9nxTa1=0!7TvzMgNvhQUE>1`hA<+B2sd(ytOK#R zft=e0;*ZO_E#5VdgevgWwwJVB>0zObH`FGx5tn?o?EHn3L37YH9Oi5HLdnv_g0Gpd zF^SV!Y`9*oda6kY>kEkG6-s-PEGgXKdYz8Y_9U^5)bik*iDp9QLHN3UWXUV(Kp?kx z*32`_4l>XpNKew39ekCD+Du_4z0vd4E&^uEdv$ik2J-LcE*{Z&PrY|$O!pu&i3qEe~(h6mbZbD2RUsH}6DnEJ)e1}aZpfG(#0>gN6d!dA*{ zZ;6B8^zIc(OfK2dup6L4Jf|hF$C~fJZR~+wQ??iqqOfLi+I!GlxVTl9WLvGmMaFw| zmsJh66Pygv{LPm?s;BqXK&fLeW_Mis$F3Vnet%sx>W4B& zS=V`6@$8y6wN{JppR%q_UP2IC4aF!jWFDkm9pJItEiLnWfIsz#&O0}w zV`MAFI1^Gjms?p!UBX{}CAek76+3*fwQWC@(3bEd7|dUnS?>m33H_V7j-MOGdxpH0U`HQPC7gU!2hgKoV2T}cgRC%0pBOH*BIV(#EwCKJ8v zJ+`Hfk5DJxZahCmy?9wm*y-5GGWbsv38vjMtt#hnwpo<^Wa#D~53Tg}Nd-n<1nonA zP*X@8hD}5`Mkm@}S7kZy0Bm=MB@8VKI) z4@k5fm=Y*gR4o7YuGA~$5saQu;A$nHF;8B$y?W6EYkGwjC7AO!eGGZ$ z@$IEmgjU;LutH{~royzie$QLX?RmXE;=Slrgeb_H+v3L!+BYS)QJZZgalZTZW9QuM zM}GGNJy7;RE(7$&Y%>c93MK@ukO$G*p<=f-bI23y9P(FaQDEn7!LTNP3vYfu)X|=- zvlq|r7zR>dy4S7cl^ViQwvdt^OC4x;T8$EGh`zn{&qYNEvW|U8jcA6rs3@@?R-rF% z(ixzX8|%Ns6;TEx{@U9+Djyp|#;chO>L)?>w8Q_V=apQh?{k%$C^Tc~8@gkTe|Rus zZH0q9>0-43927N*Hm}B{^N?1HTIoTiDJ~vEsYe zSTKwZ3x!-^`sG(W!O$VkA&1Kzmfg|_+yd=|p$m0*2I)gleQ#eAn_7x`D}z9kec@e! zUK{+*na9at^PY+ixEZhuMf;oR0_=d$5l?KftyRp_5K$8{=-9-zWCZ)ql?%=|_%sgQ zeWGNQMVRh{a3a4^W)8_gRL=$K)KBLWoVI46`*FAIPjaZW;2B5t`7xoiaF4Jf5P zYm6S<30fhfXYEBudez^3$v8+@^-gaMbF5mQo{+mzo$jc-Ucvkf0P1&79j#6~K08~S zH;6{Bv83{()BeW@N&BRcZY|E}_k+q6=K&qEsRlg`GCQzkX_G0Fn{iD(0)}p6NIxeoY@*wGVKKblGK&H?*70w@J47D)Z>(O{--x0?XE7p1D_= z7ty}fmOSJ!leeo}=!;>Zd`nJJh-J<9u?&szqoxa{evZ#0M6g*{?4P4bnQ zZ1Th9^QUUKg5Gv6EDFRiA_&e&n=uCV-2()AyKf01+DgB`zkZyZ<8Y)N72H2&Ps566 z{LO0G;*=YUbyQW+KgKbk>be#a6{~wlLy-J{&WGJ>w3W7F&r;G3|al<`$ ziVew53NaDCL3L$fg7MRWg$Q3Kjws*uw~)qoxAQ#yF!SXnv>n4VVN-~)&ao@CM_s^!~4Spa3 zBPX`0O^DHFmyLaT^+USAFeE;5!)`*+<2qw&|4S!wTAEM+?XYFztSoWnod~D{I&D&# zGAbc!0wx(nSDP*&gBkhu%UP)?@ksfROF|0dj-6nLXl#_dcWBne`wB7VS zj{lYf`t0)=x)XV?3(usbrKVHSg0u0hs&tb1dMR3y*qE6WiZ+!`H!rU0?Q8Lu_QA_` z=(H`NqR95>v^~5DF)NBAhOYzSc@fMVBQ*>MnU>e7-ob-L8XtlkAthoR`7p^z@)jFB z5u(VMDWbfEf+My)x%3YbtuI-C_O@erja;kq>BPtCUc-Ij>#sj6>c8XlaDhSoGRsUB zCFXWunieEn@@i5rt9#?*RA)|8@Q&oFK*-uus z@YQJ~d`O@IT1eU?*%lEBI`1aY=|{Z5s^yL!DZi5yznD!gp402HK}P=pC(~7$x=;Ep zpX%Fe#?0Jubzd|0H+%vusn@q`J&YmaI`6HtKO~Q<+tRQ97^7_&%!^A6ZuEcQTgnTZo6kGE+i-O;NE!Fn4t@C75ARxYs6K z>dnyT`jI}r2d?!0qbuwP$69Zjn8XTXrs8;e-iS-*EwJ(3( zzvQX+b^G|FwphR4u%vEZTWC{rb(h(1Id(VRqLM||6I8AsoXx~@8CJN9&xkU(+BKn% zNG+8M&1JYK4jIVj?b}v^!gAo`N5$f@a*xX7U7A;11-os~1w>pE?Cxwwkb?Dau$?~f zPMF)-Fm5ATjJfUHu?!Dog}cM`CmqiEO+uGX%8?ej($&9Amn3>MNX=ceXAv-(=Yp#BrZFdI-{&V z3o@WW)(vS41c6bXjYnduQZwZ^Oe+P#jS&%n@YDb|YxLapZf1ms3w`4k>ye^A*1F$? zy<;|?d#I)46=JHy2^JTy)d{8MC^|2Lczh&DqppY;LddpAI_*~IXnaW=-;b{>#E2J% z5)ssn`{$Lkvai@#|9;Jgz5x6)7U`EOkZr9%w#6PV4{KA@zd%jM>B8vq?zRHkn^Qgg zY=79&lK~&qWUOp1;NT?Xf+gc&=GWr1+@kqh*=tY7LW6NR%JwfqUDX-lOZ)9j-k*$L z{Uzv@xc@^}1UoT=pfhgtoj|xeoK8m>l$RA9s21>e^vd0Avv^#38NwTK|4+IxkAELNM| ztpl&iR^RF&8-jS%ceFp7ruNyPd^keJ2^mR4x6l_O(mb z+{P6h77)hPIAz^Nt63~H69!{BF_d}jlC+4E7siQ~9ZAsoJryndWZ_v~rcZo-9~*Qf z21npn-dW^AW?0$pG-$zI;-{h!kgd;`ceCicg{Bsj0i-Wo;eFvg+U~cFxN)tiTh5)f z=+A!Te;>6p$Zc(27hlHV`jQ^hY>fYv&1ms0ov-$^wl7uMp4zW6ZEx51<}D2-=`sDN zwdU@QC4-SB1e6&;6b#|pj^&M+@EiWm=%m?;sU#LT?eDtL0g}PhqwEdv_fK65pRDdF+zs$C&Z`Lnv$GgEyJqD=A(c z&CyG(memAF`K9d1Td>QjSNBye52z{pmc6L7AXof@>z2glT_(`WaJz2|RNtvsciF>5 z$HWp59AZ-u?QnX`?G@?O@FE6K7lJyd0MN^~`S7fG4d0w(s5P`cC^@OGws7f+e>)@8 z5X_Oa(MazmO0^;z61mNg%twE1=t&?^rStAJ(m?l5n+myJimdaEO3g1UwPu(kW(`4| z^*^N}ra#wlZfAN_TwhnNeZ1?NVJa+}MPlCDaKWgpxFHbq9|lCyGkk1i@Yv^;699Ip z((Z+2m-Kr~Z!0_3v&T%Hx32G;(zQiORrJ&jG;B@oGW3$0%~pcx?A87K6YH~lGJsi;|J5TTL>q@ z*Tzd%t2&BI5&3qOl5!FXur?Ya^nSR=E%&Z*oOz^q?F|>3iS1J4IlJ~#W~~CeA~PBy zD}|F&VxxMWR4QFFZx5yr_fed(pFCmw#t#V%oIx3}^j*+}p-^d@Wce0q!$h`lspVb_ z)jH~JPH9ruSUt|F&EtmDAiIBj?$`2FaZ=}P;{r(n`91D|>tsJ@>(@gO@bjCrya|8a z23gqhCC=$jZ~Bcbxx6%?EHX?JYI~n@s*mw?mzL+itk%j9A4=`~5D2*^56J&Ip9uC4 z^G-SvJCKVxF7t4JOrPguYzmd*e9>$jRwIhliGC6j!Bj+rfb5}}kU*9&T9PMgoQ-U} zY8FWiq>=ukOGkTO(MdhEfy-JNB7Yqri2QZp7=6xzM)BI07M`~8nY2E>EAc{uO8u(Xue2vum?zJn&hywSkWRmHH|d{6xpDHgQz9d|Ch zF}6Sg9`rff?gJB5R&l}CFGVFVbWI&P{-w#J1dGTVmk{l%ZLMs0>6n7kt z9CRWR79*vMM3yt?8gNW|)t$axV7$sd99NA<3m;?RbPZMsa}oMXtx(TP{sXn1Hw?k& z6%oMNU&w9;WrhA=eq?B^D*4u-D2dJg}Zq#j!VE?H5bqc+h<4tXGrlRvnHi~) zZ`##5FWR#%XE`cZ#Qs$#x2a@Zg}Ln}%1wlCL=Dq;*)Q*jT+3{zNZX&M^=2hqD8J4! z{G67%iG0qp+lwpkF0Pyc|1;T#^wr0{n}Y0(<9ef*^-y>%K)Z&a+_LY1!cc89NQiyF zXMIeWWYr6Y>7`w9M}EEv@y-0&mmK=FFGVhG!o-6gcV)Bba-dx=+pi?sK}g2e27-pu z7Ut1fAE4d+adf#goar}7E{%Ry6uYUsBDHzg$HT|88257E)!?n+Vv+-f?I{C+~a}Dd&cPBWj?^OAt35CfgAulZ}LRc~WZLf@$ z6o8Lr*coV5n(=d0hObKmZQ1=j+o_7-Wq9G_f7tthZL+dkU&3M5ib2pz!8g2Gd5VS6 z+oA%c#6;ZT6>P}>q{7v+7p(UO>w&-L1&K?@UD|cnZ>kbf%WDrg;e`w;;%j2;(jv~j zvB9195=TyF#9Y{NH=cmzsC4|{ih266% z(#zAw{ims6;8@&sF=aVS>9))etpq9hEsNe9&JitynO|{a@rXkmz=2qr)IS8E*A`R0 z7ZbytM&Id?<)A6?JAx`!%bopvbRKH;MZvhv+eqkcZoV_fBlDYJ7edq0z$Y@UMVoFd zvZm%)A~ONfEs?uF9B*D_SBUHu;DA0Od>;aB+>xVNK0m}cq`8)?_=w0E*=U$S7~=ld zQv-io^?(ij2#zq;h-j_o+<~%xh~)}th~=pVY@R}BIkfN%?0^GYyj1OjeG&X(vPMuz z1%Av-`DTRcoi<*^vTFK$V-C)t(^i5@;TTZ}Y+=dk#geeyJ*^){RUjW4$q~}_iP{z> zZVJ>J^D?Q{Zjz1;kGqx5I3NkbMlEg+FoQ?@YV`3vQasbucSf6fgj~nz^2Hv5$TP{Q zdM_#&ImDRnj}V*ZmRW&Pj)axsfTkcC2!%eSDC`&Mb-)s1k&|IVi$@7XbWP}hrg^ru zaBO^ETwyFb%#{NcC%|s-6{WUt;fTuRop=_RDkVoRUba`AQy9+ykaHT?Oda@=x}5qCRQu5Aj6IvI^ULj zMLr%h?<9EIXm8#UdZ6*ni@WcJ;UDG1_~dxPSmfdm%0J0wGnDv6&naxXn_pI6ul8#c z7Bi5PEh?bukNeKr8EFukFTL@*I}{PM zd|dq<>19<4)tY8;@@|?wZ2v~ad*Zx1`fxpu5C|zMI(qDhH0Bczy8J_P6>MRVQCdzo zayZjzOJu}1vtnOoX_{QAj42}Ky^^r?YV5G1fqI6@4G6bGrFj(4GFcXqA``e?pKDUYRQJgo-JY>5rl|e{%u_ze-@(pvk=w)wWC}f zX1Vg7J_Xbz`173sE|#)SeSWPt+@!=Pb;*HQ+nyX?2)e?{FgldMxbm6G&7Lmcls|Fm zL;f4zl?8LjOE_qKdY>l4He!`A#S(lwuavmSvhFw``?u3k{C+wBW^OA|(2%e-~_o{iZ8Pm+T0L-iezxp|QxH;AU8AUACz0W8cZ& zdw4h^ZoIar4an325LtJ*fjEP{^dU(U^C~0MUq(%L2Fz+1Z;!OK;H@^b-lVjMWj{=G&N4wKgrVH@vE1`4P;`ozo zDx+Z&;y8I`R8UFrwErt9WS}=4XCY7^S0i3~4ERWrHWldux5!T-xNyjket^uZa|N zt6RO9-Vpq0&U;zp$`3I0r&gXiS`{NqjgrcKfSlDV2|KZh;Ux30VPa)Ak(Nx{2Yfwz zVTWT(m2epLDUn6Vvk+Y&OBkQ|ib9P~l_-Ek1+n#@SXpGo9O$cudW;x2vkUQa_?@q5 z<~65}nL0!o-%3aGK~lj5$`nH*C^eeq;TOew(l)qp?APGDznP(Zd3(+zV@AOmrbvai*pW8ZBC%69kGrLy=6`pCdg- zzY8C-B?ob`B~|$gRrm!82yD2Nr#Ck8G#@Fu8oWVD7sse-@2zU_4X%DQx&p_1-uY0M zHqpi8;ogV_9dd;d{+7c`8rn1F_~m>I?UNPhoBnPMp76Ca=@t7pc3JeD zei?yK9ytYDK6F_md1-8s|JH%OBd9*YCa?hM3!#Ns6kQh|Do7fT*;RrP+ZUb+a3T+bh&ZNY)$$`c zy<8tJS2TUVJyj}RXRTC(=cOTgQ^^za6(jF`YL;g$z6g2Qkr&f}Ux@k87G)N8zxe?C zJ*=C95M=BK87SXpfw!rmYT`C2^Gw4|BO#sVspM0p=}8M`uYa3OyGP<9+2EkOVa z4T7@QH_G^-mQWuqkDjhC^#JItm^!&dubtuCvyf)-%e%IW*2VI29*;^jMq$e0EI*6- zhxNOI3|D6E!9z&@=c;Ay>f)oIgogin9O;MVOg{2(?Hzale~K5v``>$}2*N(Q@%jJf z3h4Tg?N?IQq9S zMJ`A<1~QOFc1?4!=DX#RPrPOa+jS1`&5f(Te7NhDjTQ3?wJ&Eg-5FIV&>w3Jx|_Z& zx70x@fl4z1a;YCtkI+P)f-2PfBI|zHGMl>1X2u;&eAL!^4I2kSEf*;)FS~lU8|tV& zWZOJY|49O~I6t$f%yWedGAn-81861i15o{);q3ph9vZfejQG zI8frSMrbHK%N6`oI|>&s*SKgBjWpAJ<*9(RSyZ>uGlCJqDWgWoWFkf7%<+=KkxinS zV`dTi#_IB%)_&+Iz+XI3_koXkoy)**TR@V`A*y}T8JpzLdSB@ETS8TL49RA$Eiy{& z?Or(>{M0tRdZWUf_8Xue4I_=GeqKk(+Y%ba!Z~AI24nBiKH>0M@`Dle&k*GH-DXBF z*B1BgXu)lR>n(zFql0695;)k?E5CP06FUL~e?Wq+4`#BG8lP|w3pF^-_$_8)+dwWM z(~AvERAu$>gc`o$I6gR*)aE_EJn(qXbB3v^W33UGpkHe&atYP6W9)(;vVN0TRBXGd zov=&USf)GBs7^b=kw~KvQ`XImT6F1J!(VlSZ!VT*M=v@+TV4{3d?O>aCW4=1K6XB!I&nO0paed&6(mL7tim`)^4>p$Y zUIwm5DAUJM{zKkx9Yi&_<|E4f9Hq+oiBxfCLCQTW;U%9p-Er7s^BsPY(Q4sQ|9~+c zc{T$EZOurnTd_!@=`rfxn#CXExUbtqIXV?T%X480>Cewgjx{4i7H@A>Y{Xf45g zT(;Hi#K-KJ!X2{%C%e&hCZJ>f zapLG>Va099=^HO=&lj(4Ttfs!+CFXq(+8K8n%C8q z2etmM&-M?t9I4V~=gd}sB zHzFP@drvsYk6tmlN%Vx=-Ps)PwKQ=Z8Z$7Mv)?C`Fj>9PT1e_A;(m6<)h)e6`3gNn zkc}j@Cn)6-Uyrf)BG!GY|6UJ+Fy+G}5OJ>a{8@Ppwn3~f?%xfPgXR?qT6^lbAi|;lrPj>}LHVaXDd+j<&wlLyNT`&&w}mTFK3-_ zd9@FIG@chSY9#6p#At`N8_T3fc1=;YO$w3QknwTAH{r8@jc_}u$ zPJ^Rf`^51J^(Pk$vQ|CPWjDH&>%+$@1P6oe{dKoAsM(nLRbR*KWTyJ9ha~a z>(yGGZg{){qsS1vDRmAwOmk;CHSLq+M86W<;+H_G;=P^-Zxc|zH1D%+I8=xa;a5f>UDyDU`Ar!EDy3wxI!lcTp9Y>HY>uy+Zvpz&uIb*&x`5vL z`A)Euq|f+oF)u!;5EpZw7+r)uMqcVhG&w~F0l6FjD{OTjxg`l<3~t>SR9zy&ygI|U zy^tQk*~|EkYR*dWK?v1@5ULT{65^;yejiydFQ_S)+-Pen&EBatNidAe@L)W6A77>q zPDSE;#W-8JstB;xifXV~UOgth*->16XFl^68JrzS%x5Aus_8n*gY0)DW7CL$z+3fx1-hD=#u{FziEZ0x&6_^6nVHM<-FMM31MW8Tx|tUbMWwK)aR#tvoz{Gu z!GBJbVfe3J@UwiN34sSf;*34MytYVbr<4`P~#q{L`Nxv)8YU7+}aBc2k zCr_#Ty=b{n{_XnAvO#Aa;ZW5@2!BXE3k_8B>#N!xVBA5uNu=m2T4D7-bl|N$Ujig` z;u8Z>QBu7<6LCoWL{aXRcrrBZNGAgxxoAAsO85M_Mpab8a@IZ7ij%O~^Y5gcI!aYu zO;1%0iFRuAP_&d@%nBsVp?fH1YM?7T_&anMp67lhM!Y*Y^x$qP?Y(PGX==nE2igMm za1OeyG`-a+cu|*zwLSto#6w@oU2bn@-re<9(kp(b5-opg4lWk=i7gT>jMs)l*ocFh zilFWxJ2Yl$_OE%;%oR+$R$?q6-3(zHMpaRoY2lFZW-BijngxlX4F92y=u0$aPb#zs zOLKcvmLF`dqiLRW^#J3ZX32}e1C1PLM;ktQr($IRRBzI^QPK4={<0_P6VBv$-2acM zuZ)Yj`Q8RWLP`Wdx?Q>iS-MN&>s;qLXD)2rwy$fV`I_xK5OWjq_*OKtXB?A}_eP*OnA{}run}c^Yo4W=G`5o2 zTeU>xFPz6P3Y<6e7xw&^$Rm(J&jWCW-9KveINtA_v8?Yqs6SIIX9HlYnV&v9&&mR> zYQA4&>hLT3ew$-HotfdD9cJ(DYdgHJ9ZH{#Al7nHXo&q9?H`}8UWWKH!)$$@8NC3w zSk7vh%Hr%=+uKU)aNA4-w#S$ItPe~>YHt>D3;9y^^k44vY)D(6Ra#$@b&$P1o)hUA z-A2WF46OX05jyk(wu3Yj%%G)xzfrhvg`qqZRr;@BEBmqHs?DF1uJES z9&t1aikppIi>P>F4OVkYOa&1WnRET%UJ*|M5a55dO^G#|22FFg;{~L!5<2%I{qBR2 zMpZ*ZsDfK_V^I6PsjQew^#k3SX|3!ZE$%ksol*hvPJucblkN*{D6~eIJJPz!S@>Da zJBp7IW&?8AHi^ZZUbKSf(!H;IHHNaq&g|THiEw;cvP@EH3MkYIISZ*i2X<^Q&h;kt zWEQM&bbV(c#s;kL7?u)pl~ zjN!!`goZBQJ3!%kkhuU=7eXy@=^9@zg&wU9TnOoV1Jn1PNhnbx|ERJ%rzfK5KHPXw z!Nf5)W!{D?mcr(g!SuEbec==O*^JQ31ao6>^Mc1(q&fFJ{@j8|*9;YefKz{Jd-v6U z0Kz`uwP`$SvUWd`bKjw4WV;UffZJ4A6C-C~hZGDPEP&)YR|IbS$KIG!|IXeG`b`C8 zZ{`m@rQ+v@sqinCW&S+xx?jh?o*p7wD%N?AF*UBImA8@4NT7~l!1J(M#vv?>NhEqQ zVlpmI{+Jd_L0+qhiqeXs_(UO$&7w!Je)*;^!8XB-9({-2rh@PnLhXj_EHq>X{!gkz zZ#pVAgEcA!%{P?KXK!In{zUBEXyTXh!|)%kpV|0S)36v4MpJ((Y8hU;`M$VHr}~cx z*k_=2p<0Xj!M@)SEH2{onq$E+9O;odlMZkY5wlMSUk)6bK*7R9iHni%BbN^-3T=+; zlGnJ>kC}S?4UVpZlN{Rr@&6<;B2W{U7YrNL*@z~81~_}DU77u~=_=*8 zc&J}63teez3HOlOMPanmSHF~Gq8;^2(~n1Jq2On%@k^2o2zb0^MqQv%rGwD*!-fB( zN;;886E^s7Ki8!}df4eYx(%J^$Jp{HbbYOtHoySSzo~DjTu#3YS|%$<84qdeIc>M9 z9!IN-?*6RgmZ16jnSy#^Z8xv5PCCDs8|Q3`9|7}@Dx_+&Y|4W-$rDX-`I>%ABHF$S zd9J=pGc&Q}*>MNk`Qnc;tyo&&Y!>NR8zUD$0^d}YmGFc#~^{aT7APnJ_TLu ziUH_aN?FKhwZ^A8T~oXLd0p4*81t_xUIB#_v=o!DMGgCx24Ea zxNiOi#VhbVnf8Pc{m4B17lpJk1A#|*zV(#{<*Y9pa7=j$y-5cKei_FfNOcU`daudn z{e|1@L4M*JvcBT-d%(+;bp@Va%O5?*`ntXJEPhUlT)k3uMi>wD`z8g@SVc+|yj(z8k%~S%6FxiuDt4^nCkWsv zs-PUia>>pi1eHH+S?V`xlq&ZklsJ>n>lfZMn+-<|g<$gNg}3HGsYM z@BV&DbV!zg*L>$#fZ*`48hU?%gt#^5ZA{K-zZDF*_Hp;?XH1Ps*dP}jYj~z|^u3vHJJ4Mc6sSWsdub*efD@9_`4msd#$hDK1ks~DN zpuOFzVI7wGH)pX7CbR&#NidWWKh7S+p8VNpSnb!`U+dho+EKUwwDi#LFM}pQ5;tu0 zY>ZawCH-eF?0G+hK#a`_Ynt_ytU3IZxMH5U5WGZ;?PY>xUv`xF%g&<(W=e5}vu?om z$C$*%AF>(oApKxUDKf%?ic}6QlrQcHN^()`fGV}UVrRRa@_CO(C06dd<9s2={ zRJvL7k^;gx9v-C~U(l_&T!c(d^xq}S1h>Vk!7IwVlwuw_yBjmL|Aqo;6e^RFaZsn< ztk1~L;6a;*R}9DcXA`h4AEMWv7N`d`Y65bi;0w)HXtz#Hh59x`0cyh2Z(0r8r6;!#&v;c{#+3Fw}=x7==sUE(ci0F0~3@4h1ukS z?724?7kq4c21$tD$LqTeO(YDz@W)}m>xjtnK;NoBToL<-+kn|z)#u$9HVFS{lY%E30v!2<#SvPTa^)p&IJYgXD!!xln+sOO#9x;EX z);A)l%_NjKY>=*3DRe~@$i(!9eYV7RzI+q^Kl=Fdt|p%s{(Z3JraWIuWH&iMS;2!O zMd<-B9XWPa$`AJ?YqK}$23QO%sUFtW+l7ixc+?KhqyXT3%FeIQoY^k-hf5I19fRM5UYayeX~b=7R>oeDeQ3+v~}#&*QzJRi(c2h1FL zQ}BLBb;v*mV*a1h3)epmCC#6k9GG(pMPc%d>_rG>U+QiBpj{8 zyEEyF&5eEtN0Dp&4_s8J8L97@MUq#f^r-C$WdvIPkcE5ai_iBNxU{yLQ$!W`Be*@_ zwX~%%OnO6R&0DB4sgY!p-Hc#-j9OCIJzx`++Dvk0xz(CKxi%54co!ff0+qP&W0P}9 zFh0mX|C2#~G(c-)yy5d8f{d7kjHRA(0#!U6Mj2DQz+8EvT^i_>fFD7TNE({`yK& z(mKk$-_V}B+5S%l+3T2Z+>i_F*6U1c*nlEP+`u&Js5(W~MYPNw_KO>!?nND4M~Y5a z3W8#b;?&?oN}nMw#S_DteY%uF4~CY!26ISStz4{`hg{*gVgx7;c)xR3fYYi~pAs_0 zyWYdQGT-NlvG`vA!-d=B0iBh4_(d!+FO~S95$_2MwU|!gfdN(n8jO=j4|_};Fb27F zhsyvZ=jF~m8KS`*k%XbMRSpoU2w%a4nsF>b+3i+6NsB+BIF0qe=<R`F>P!x? z$MKrH@Fl%3j!NE>FgLWVx% z(RTi7B21o?f4Hz|-5ZEJH%4FJ6V)d=K1n;=Hqt;m_%CKgl#H3;lwhR8s*;HW#N;Cb zsOX|eeQri**6eoQk(77@6$MrPcEg%w+pS{#u=9WLysE-xl2hj3XHuB~0%Y*NaXmNQO67)E3RSNdhdM@L#Vpj@BAK zrj~HE!?D*?ru&LBzTf!mjhEBhaKpKS$D5R49`!>zUqAP0tki_?vLBC!gsH7>R}Usm znt&Q=PWv);im2HTUMc?YG3ByXGPELU{~Q%M5_sC3ru4pD0J*Op6x#_;W+S1De&Oa; zv-_#qS;v+@b8T?)Lk`2lh9YbD>qq0Y6?3h5o9_7nuXHmceCON+e9zQ$3lIge>8p%_)hwlY>N{Y_%}IMA5ZIQL3I*uf+PAPM=YJ9Ip^HWA8sK>=G9Eg9UZ5z;KMb=_N_xR*UYk9eE?GlRI7wbw1jhV zAf-<+E|DAYW`%Y#e@63FD7w zv~mVL{RY;DVB`DNZSiuX>0jk_hCr*$!w3H9^Y`ery7@z-6ZE(tHtH3%#)TSeBBxjzrT2}tIj@rs_V&DHp-4vC<RdvvX4_ty7*RblO z81Y+WM7rArI_Y18S56e2)~l+N9}ISxL*4dukMaM!cCy|0w(@rjvNhFg_Wbphb^U^S z1759WKs^grx(wr~-%Zku?nXZ*LJw0RI_uCj`?l7N9Y}m^=E7rphCmtctG$EodT$Y} zUB5uHq)Rv5uonc!K7niBo;v;&|F6^oG&~P2ev%*(|1Y~SmBD2&TKngWe3^dcYb z%wPa?c|kDm=48j#QVbj?T<3I;{lq;eBG4e`AoMXgk_}(}TpzYiz<-K%S;8!qZv$!Y z5*>bltCZ_S`IV8P`iuc1MW|}8CM31Hq<0Y+e;smHS6q_=qz`L` z&=$D-r=+6S&cLwwX((~wF=EFV%V0_Cy-Cf|@lg47+v|zIBC@=# z3&dwd<2DG5B4jb4=FCff)4%(coz9Ku99{%FuIK};Ha;8Eg2NY>T>qyNnYvqTLe3Va z^aK;~Nqb~*vA=pL2#&OXg|>WgvK_r17EpE0=M>qMGJ`)8hGbr4ZGyX6>{sqmp1n8WH8j&d#)h zgl=KnX4wl8E5kWnpTiztrnF7H+Lia_r)+P7OF{S{Sxd1WO-~dFP41m*)ZD9LH3Z2kS)}8b7Z$lS&qLO>}FmHl^HouhoRd zWe_U7w*~&%nTUf}@rK+_<`>K9P{K~W)e%l=K>5puHSVCMu8uUlM58H1vxd08i-iQ#*Y5aHGVc+sjSR71humaW_ z<|fa??y?Jk;(!(XLYYD5g@XB|KI$Lc8#lTx0sR(diP@!*p-E0*blcjoH^*u=V?uiCLPMpFIOQ)+%t#v9?sS3OEl zNmtnXw0Djr<0+rQxstm*f%~|O*T}go&yufSAVCVv3fMy3h7w=BKsVKac^*K}y+b)T zMhg@)!Q+|QLH@1ct&zNLo4V^{y;lS3Sq3raPJ|ce#X34vG+STC7wd5L$o}B%671Jf zX@l3aA2Do%Lb60GTU)$4eW$SKygC^~hr-O5_|4pfnIxWHBlgb9x!!>3%G4!xY&3vK z!;MuEM+(&UDCwQ-2TS4r%arN@kw#{_qRKDb>5qh{6%+mFBisfnz|zljl!M|MY<8Z5 zCH{X=Pq z=x^88tl-s8Z=OPL&VHc|@5(nt4n$6P7-GCKT*0pQvXBKA$gcr2s*BXfSxx_7sieL8 z9Nn8Ug4W|60bfZ6$T##}us?;4QvA_c=C<#nP$VZ29n|zJ`S1mGJ6+gk-Ed`~NGdT= zG@Wq3zP{7YEv^gAh8&aJOcOffNncAbuI{U9i}S&$WSg<0A+JYr9CPF$52cVgiSRd@hrkbvrep0(aB8|qzYUkX|x`Z%+>I_5r2PGfq0HbTCjib^81$?Z?v#UT5a}H zV7+(kmy^}K69@-KULP!IEe5&* zekn_=G&_67T327Zz>B_)@!`dGHY%HRwNNPw46-8(y|pq>CGp;7d-Iq_a(|QC7P@}S zEa*e!^!=EbUY+oItb^x5J?>g7yvZ%aO@6{P>Ska5%edYX1l(HrmC@E-Syng>5a-O2 z@<{P|&32gb^TOIfmS1*YYt_#XaKYMwstqYb4|idQCUQAk?$U$4SiCGXEg@|e51_t& zd$83q9yMmK;da@EsFKry^_d4fS5ftG{iYn&6Yx(Cq*Ieucu21hba-rB_WBIGVodunnwYA~M0tnRw}5fr z&W4MlD-pni2vlwo+PR#6ioI`BQCe=0Nt97#^f{5UYEQaZ;-E_*9*yATOh*vcgyl!Vv59Fq{ z99HL_XCc^drY#k>9IhF8=D;aX!~%zB*Jr!U@3;iLXum7>ax|H-E0%l-s+Ke6Q2GL% zv7lrPMd`_}66%fdL&X6HiF$5>yt^D@g-A-#lxzOy>NeA$M^Kf$TL4a?EkUq zchVd#P==#>Vy-}Qftau4KC|9ICM~>~hkur{Mp!Cf?}iryjT95*0YMP? zlH(NW7Y4;FX{;5o%Gq6+$0SJao^1cu?yTLZ9-vmK$$ixgnv%{Em5+)TCRG zwJFR!`H=PK6w&id`N5AdAsZ@iG_%;4NG&hwaMhf?EVj({ zO;-Tnm`z(jnE+eREj0$bEkYrr9mg?8;b!CBZ3R{?N} zy>R1y^)nP}F`9vj)?|Y9P-JqFb*e@v!WkkmR;Fcab1afL0Lyt+(QjpxZ2!+R3e6a( zX&Yj1u2}1!rZGcJn>GL|BXECpbDla%zd?c)LJw>v)r`cvAAD1wpp-leF@CZNs{;w;v-R^iksft47WIWxV3Mq7Ej* zY+%ep%I^vKCF=R*g~E7VLiZ%|{XB6n?3Q61LCZD=)wIse#9O^0+W z_m1y|c^TjKh$cOp%_MP;*d)R7PNEB!Pee&X_3VUgl#W-$L#qp=Ex`8eT6!7QhzmdH z(M(u)aSCC=FjQnV*5E=?96|Kx6frAd=Hcc*H)$0rd1aN@O-7&BtDh+U?c0|qVW=ZQ z6hScdc$kvVefu&v7aKoL1D0U}S{Om>f-fcSSY>yEWf1vCp@mHV8#~gCb9V$*ZyM%x>RPT(%1>2GGa|=PH6TGq8r58 zC{?!9d$)V@P1WY2QPv8CNE|D8Hbj7@bFmt03A+U?CYc>lIh!me>gl-=@baJinDOJ7 z4v*9OTN?vLoOqKjn{Rt5u-;E`5_N)2$RYYa$Lr|DRIf90#Ie3USJ9V&6y9ls+a4br zSfAsT--yrMRn2N~uOUw!Z@UVe@0_1^cD0pmZz7rr>Ju*6OkUm{jqn$Y%j{rX9K5?( zZHHfsSTtYuD!{F~$=sd?Ju+|&Y3|qK)-H{A)1@sM0Lr434v7_mbS`i{$*|-(>-GGL zF6a%vS69*gLtcx0(@`2mT3{$crM|73A!2;ky~AC<`<%sHi1Jr4gxC=SLMo%Ga_^z@ z+`ApL)~`07&X4^h6OJ#K+CmCvLLTnV2`)=jJ91=t2p|q!c5epqCEHzTc>dgEm^7{M zop@6(1FG5X1tEPHlKZLriU9*~Wc=XK z1J{)l&t0z+vr`-YR-#E^&*}ysJz9wCh~^E80%d`$QRMbEwC(I+ZY&iO>V+? zud$Ly9K0F)gur2cu4-jgf~O^6zx1!UaKXr_-)_MOcvc|73Mg;DI9BU=4MN-Tzy@8t z8Fb&^N3cPe%l>SbjXg))f7s+}zm}vjy*z_-)q`gGu_tF)6tF1w^b{qM-izx~#6K0!*VgYP3(}hXj&(+7!Jx zIQsZ0qTgjIXkzORs-*M1agF2hxbSCn8!|+kZLCnWnbx)kdcZ{Pf@?sMwaQDkb zskasBs@;u26}{29(I*t<+)MPKvk6Q&@YT5nIJ-Ze)%lbsrc(+THDCRG4Gi+tmc4Kj zX}uwTeaGLUh_`TjKIEe#FusZP8UW_ouC+ROUh8eU*7)eBoZsg4OxX*+9#?9&4h-lgZ2JlBG?b z-&zNJf&uF!{Uv}-$;(#vBS`7}l1??j&Ggpnl0Dlw)6N3m@eUQ2(` zoQsxwEvyH}RJ5exq=#vK+CU&8Vo0fM(ceA~K z@bc!!-(_^OtzOmR)u65&EY5%Pnbf`CE1tbvteN~k)OLZWRZ!rkk?_Ic?(_6PbV%A+ z)tM~+tz6UX<%fj|;C=`upMgiOXjr2ynW*euC+FmG-_t{a2$g=nx6i{^X|ALYgA3jyRZnG(w7Q z60(5!rwRpj%=Dm5=>&IAw3bxQJEt3Yf5TouDq^jn$N`ks!7dEg&mDKk<`*9-wF*BH z8N3_Bwtfzce_40};8l}PbNI%PA7sUw|GQ1tCLcP-BTgUw9QO3CYeEwcEC*TM@UY2m zBajlCj+(VDrF#q5nA9gOF$cUg%CbTWNdct0yz}{LLGt9c;{Q8lz!h_#BkL~f3`}k!i|a=IQ~-eJd5OM?JtjjxV#)F^ zMasxc{66Y_+Wpy2-EVI!!A*(VubGcnuZk^!#r#I(#>Sae ztwO3T3e^N9?^$NXq(If8J`22-S0w$#Z>dmxdquZmz2w~X5B;z=wqg!M#Zn&mLiG+O1W@L*I`471Iq+Bsck~RK{?J`JTri5jO;`Q9 z|2*%NWk&>GsAsg`!6&Y*u=B_I+z8j}gm_)>N4^+hXL{e+5Evf>{Z|!vuk7zvb2;hO zcuM_Ld)$JPZ&&F#pD>aiW(ZZput6WlFKR#mMKL1c17U*?@~BwaEpSsD8(cMRtm}RO znWKx8ImK@eB;qKUw#rBM)Ca}KH$^`*%G>1>YmhdaZcT!aCgc&0c!#5-TZ!lu#n^~I z;*WTF4!Y=-dq+(j!hLoDt>Fb+hadkKCyZn;Td6UA`+)Ez2VHbm)GnsMD#B;^X#qdo z{C?I3teL{K<;Tg65a;DCbsPnb@2uaHV4K!2?Yq^Q-{6n%a&>V8>`)3vcW7T(!%2!i zEIo)X+$wBysZ`6k%!PA?DA$^tlp-#vrK68rTk6xo(Ntw0;~d|A+F!c%sVMC_&(-$e z_P9DG+5e|a?d zqB7F`%NbJZ0%LL&x$WR1H9;Qrt^ChWVF;vT<`1;L3fDF>VV?8dck6Fq{i6Vo4Y*SO zG9-#8iRcqe6IP4rmf?Rif!>)C&gY@x%K_0n<=GZto}{hO@V@n*DyKs-&Tb&j5<21j5<;p=v?0vVoh~lWE7(|rAxa2JnQET zdF<9P80HrAH>>!*l01W$1mxV;6CIin+?Cpw?$^!><|yvka(4^5AMXgRjW~uAKc*em zFj5)8sUi(&o~q|08C71N-Zs@1-v*&_F^Tz}k-b^SDF?KeUcTEjY*`mZ{{s_>0VJ_z;bSm?4U|}Xj+2cp&L^+>V+oeo&v_& zr(PpR1ue<&v9}I4?&rQ9!i=6Cf$E$M?= z^0xV9barZO$-6M%BmY;6*ypmG=NO`(7J+nlv)}xrIvr%{$K&ZbNyE@LM*h>=Odqnf z*?D_}ec}4Z2r5fYs}Rr*D9ucc)!%zpT0+a8U&%J41#m(&p(#2Y=`u=xdy42({usWT z`5{wa+-`x(nzDW}Z7+>pImI{Q2CN>67HOuGC65aO*$v(P@8xK}1Yc}oP2yL$pQHNy z{#^f%5&=mj3`suSz$)RcpYo-<rC(bY{pB1WSaFu>ZhpnL{YZRQe5nypotZcO%TGX%Jd)79Xm7XeV zM(0j*p)J(a&~AWOa~oDSwL#YF*MNrjn=@o5eTimt4&3Ou21Qu&xj6e*8Ibm&nwtdg z2;cOG%bf)7-ep_RnIeM(=@;K10RBGb^ zOORgVWwy>5IxE;M=n1z9c9S!$nNl$2#|4oJpM|_&oq*OKJJwj|VcDLtgpLLfl*kci z2*=4q%QZiHQ{)NQ)TkG`Xj>HeH{1FnfeV)}T5XIy0yxB&2GKnDPic z@4Fms@cWDvy<-MXc%<&=O{Jqv==Pt>%feJ zWWmPxd#W4J-!bm@yq59<{6k*29=aN+V=Cww=Dw-Tw`mV2uZv#9P-P#`cR)rb-jmOp z@)}m|o$cPm$1-{r41LzZ+_r#8@{s>aTzUCa@#lvf-kJ#af ztIX?e=7?No`)7C;T!_C^YM6hP#@kicNhVt2mm?jl0z;*Z#lg>LxzV*;Acgo`EMHFq zU`m2<@{>94-qu%^7lT_AVkKhk@-V)Nf%@boW73mviC6vF0qU!qy-T!%G-ZM8&)yH- z`eDf7>)rbzs9mBzW!X@|oJ z)MD->8*xQL&T8+K6`2g=a$ZuAvc<=E%7rF>8g=cf9CcM1$iiY;Kg!!&>e#PyO)fN< zZ=gTK6nF>|2$rG(e-H=Gc6}#vDjokOUf7efKMKv8!*|3YO1@GK>d8>@r4M!>c~kPu z*oiP#GC7daL6{7A*!C$i7&S@nPv`dDKg2wtYSs@M_w05$L*1&*V~~O&x8z2dnWfoU zcjPBQlPQkSjIP%{@8j~(LL>rI@zCCPku7vPkH5QO+ec^Z&Y8?#~~ zT+g_6YX3AY$@qv@*zslTsla`)FDX^max-3RT(dx**>3t^$}&6Dr4Wv9If=1Xq{_TDDRY}7-P0{s5iP1gH6o@V z54~?2BC9e|Rh=Ogxx!zM3|WKZbM|NWMS@(BLBYL?nL3H+*y+II{T6TgqgR5F2~$8` zEuJTcP68IM@3|JGc2`I6yHs0ZHm~IDZ0-~@V-ukLj55XjXFc)ZIdIJoCxm& zw7ZZ~;f``{MNuCn^8IG!+&l1saPvUW)x2X9;^WOE?X$)UEsF8~>A|xdl0%F22l^N( zkU{w|+tb@$Sy{u+PUpE`7^(nx@u?q#e~u(W6Ug&@Q-FEG>=~(t*l&OL#a(wLs~arr z9!?csSX7KS8QSTn1~ZEH7WD|@g{+1(me&;;+4Eb#h80m8hK?KL*Udg0$Tg+siX=ube^G6}lG9 z=@|;Hr`#OSuAvfWS3~-Wla5^Sf7Mca-9d@iAae!pJhMb*^sk;5YdJ=kxOf9ew9wje zx9=1B?ZPf9DbNxBoUaE*KAMj}UbtE+yaD$W`^3os7g^8fjc%!`r#$?q6Ei?9q}>q4 zy4RM(A;+LtjGiqEAS|MlwA*<&67l@0As+rEr!DGs?#Lzd*MzAK%tUPQPYTb{^DEen z2{6J>^?SNTgz5$8v#~m~T+Q&~)PvM8#6SJBz#T^jYJm{c0@QTeXKYXlc9i*fW-seB zSQhii0GY&)_*GnGB*heD%Z*zXy3N-9&@fbd3w9Nu>Ky6XrL%XcS5>z`{W0oCN%oTv zcqZw&h0`8iTA;2!GrP1A0vi1MdryO~C!KFIDB-}7@UN>`g{*;T!q>9k!^e%vRmCMc z66<8tm9A;%GK&m&hIq`jdQp52Y8b-T{=fdSRt$ttS0fBCzw+QL)J!j|a&a7?UVAk{ zvXiCG&L0Dsn@idK&4eyHb-sE^lCfKPX0hqigOR242|@9P*A!Rf0z}NQGVJzxO7&e! z^Mke_uRjc!vd8zv;ue~_)vSbxvvEUl_;gi~)Lai!Dnm9&UFxyo4DbxE$?5(=?vdTJ z`>TpL0!Kuz^2mHR1lvn0`n727h|OF4s8H*ws5?p+>0rxi%Ck1_gbw=Wh2gcX$)_`} zgwP}Q2=^E~al(I&SC&qC(uyJx27zpdohc05Pe z1O5}lO8ZrE&N48Vhtbf3&pjOr&tROv6kMyuh?ADL_WBrAvYlh(Im|>0W zTFe^hUX)|Ns$4>uA%I-zm&<$P(O=nenQVQ+V>2P0=JnNc>K)j!df60!laJyFI8_=U{g@n2uj7|C7_Vi2^88z3$< zbOjMXd{Pd#9gY5alV>mmH%<6%7JLO32f5TLtG*q=jF6)IKwFi$+Ab(vE6YD2fb_o+ z|HP8A3`S6AGJ>94hueO==x0p@wO=MZ**KU{``Fu;&i_cymj(4JFkS0k2oZR;MW?R9+fyJcV6 zlPa^;Q^QNNrPBn&-NnZImX&E{wp$}1niLu8zZhZ7PN+}9mA89HUAbUsGO5(4*GfeW z&6=)2W_P!p7VTE@r*3CcYV+4Z_~QtPL|~0d3FffGXvE^kVJ;770rT8LCRd1xy%Cua z=8>)t%RN1}dK&MXrxyeFQ?61D;1vkw79wxy?nu*S_V3Z|Wj08TlQ=51YjIVIy@e?% zYR?FEPPB*~#++A~Dnzds2`hgZ9Bz^E0GD-tcKZWD z_FAH|8j`q?;>+$`M#8bygru5%InG;DA2~@+9v&r=@uR<}0X24Fd_)sG{kfs<1_LN{;ekmId$b6NYGSU{HhI6sZyyo^lh0~r@yjIQ>OvlU6X z%dI=zgO&TS)%3nisgg)(!z4qUg1^X>|F7kw4#i`{(iPClQU2P(At^7avn2IO-O{;c z)V9j_N-T;Yg59<4Qa37HhQ&1O$Ph@e0D>lsrX>DuS zie#j$TG;?JCTvusPsWZyxYdugCU;wViSN#Am`WxtJ+o;AkgljM!o24DR#d&%R2#47 zB8z)jZrpEXz1r{34s+skQ_gnmPCXCzTE5yWT3hYDy|btSO8;=Hv|?Y1Fd=kBT{_RH z(9J0D-roS3{lmqH@jXjbUiYz(v2&8b1yEyaz%;fZH1rV(r9GQ_VXd{6_=a_R*6L^haYHQ|A$brdaUG7cT`l zFeJYkM*0A@^yWG7`S$#g1V*E~V>2~Q9(bJqC4nJ)MMJh9-aN%5?SZ1mrXym=iVRr# zzO-mkzL={=fCKHK8d~63@L5Ie!)B(&klh)M9K%p2<(dFp!wc>eGVVF za(N3LloFwg=jcSyt%{)+BRRr7kNw8*>20^b6uqmPiH(VFL8;J}7Qhq}{ND=`bomQ! z%^tdozLuC&`0!gTsVU07;~b-l#304U4Ye6g%GCkd(l+yPeTry<&izD`WsCfVe~{S3 zTx$%8r!Y~w*3O+5W~8&~keyYEUBxaBWCTbTQoTaaCDPy?hF>DosQTk;qtin8*~~_# zY5E}sqa)Wdza@o(smfzznpRb3t)8=~o420wey|QHgMQ=(Wpw;jr(=B@RS}LnPGH#) z{)i_q#MuGs{B*71zo!4f>+$|eih07D*MYhD@?Te{m1P{kJVlO3UKT{39ev0ps=qw2 zaoW2RZr1n=Zq};t)uDoh`aJ$-w&s8zc{qLJY2N_Dj&#obEhgRaZ5MSq$pZFnk)A7V%+S8)4jQ2Fm)5- z;hmEGI71-JUm@N08ncIiZi3M4@nDBYU4-5{!mj_1;WSFWoT*H|R2mS0Ay3VD_VNf! zh>YZrbVEi=O`KXatn|8j&kF&lGsv{y+XgAyDpalHu#4gWr^O1fI1ZU3iXPTF_l_v_ z3h?$Oi7UH2SB*l3(~gdRxlTje@L^MUl808w-S&cVP{>*!_+wH&pj6aP+%*LKrhZZh#7E-LJXde)9d2Be^D-mz|$4wt@I*K)pU3sWK zZ#V<#7%+*kMxyUv0zF-w@~BmeAfpjy&adVP4aow$vZ8{kM^GX^x<0g&HLd!1L~H4d z?|`>G(PDhMe3C`lWeP2OE}Wij%CW6!%Y)h7VczQ?hf61ff;no`IO*1*FOSTn9eV3f zB&I6PJx7p3IA_a^hEMD6Eh*&3{yknz*x&n_=-WUFhtg zXK{|5(>l{5RaZ3E&{_L+6!ppT&q-mySd+@ewc&*f{l;mFDPdvAk?`ZR9}Q}#mAO4x zmb&6w4!cB_&aAx3p9^@CC%7IO2^Kh*kaJ~pq{ITSzA@MQt~bz1e$IVaU~Z2RK20|R zbUrePGX~7qk4DZk0`-?ntGN8cjc&JYSZ2WN>)SHOVxw!!EV6sfxyM^}p4oYADe}vz zK8}dRjB>ra_RcuFAq?AMI5`0qt(Diw0sJ;(e|{xJ~m5j(_eR zos}hLfuxadHCbJBftmIu+-`c5aNVG^W#~}8w9Iv3SCd7K&k^e;he*Is{Y-E%7J;V# z_@ebPPWM+w5N^gM=Te>85%&sWtgcWg!B(t+Jlrp$HgVUok?sl*uS8^bfb44dM0HO` zU(lT;^iL&@%9AM&pKvK?4Tq6Lz<0?4?l+LID4|s1RXh^ac;XbxgIK*)%=;#z4)s&8Iinng(xXp$4?o%x-%5p+RE7Ng(>`c+KH zj12VX25Q&;$JAFw#i4WUw#B_r+})kx?(XgkGB~t2MW(pBdvUko?(S9`in~*sa_4Zq zmveux0*hI*lkA-*&z2;Bet*?FCG@vmi?>f@7hTs7gmzo?M}o|ZcB%(&{Z*9*QxH|} zc!^3DN;GR7CP_OgFFVy{ZbEo|^k8BzaU=}$S6FPE<^@m&Ua(=#+~ey)Jm&Ys<&iTcH~DHO%-SpA}i%XJ_h|xRV{~%YMOa2 zo9d!DFI&Kz%{poD>=ty=n{&SHY!p|9=^9=mF&jX?mh`vs!>^Skr>8oGJ2P9UN zf4OuO@RokE&@5Oy<g%GX`$rt!ViLY@rA`{BPXzf9bDS;>P?uzDG zbqA&oyaxy5i3ky|Q5D}ay+l2>dA^S=akCf+ zFk&bBdiT==TkC>QjoWFRnB58IC%-}k?0etK(w5!KTP$6qDb0wIURT-h)!CihRR&m; zjuX0salee-mERllxp%}Z!dNr+Rn2NOs}MfF5wprW*J$~^53fvUe1BC9PtU;=+qP4W zASm}LUhfd@6XZH)<oW7}`6U7&28(V|}0H+}EEBpC$c1 zA3yPzge9h`q`At^2^UJJQk;|CLY^l zTudFNaDs!*4^XdXU|>p53ne>u>Fc&}kwF_XWQ&kTS)){J{&y(Tq+5JQQmFAEqq-AP z%0QYBI>LG7{#JTcCOk9d3lteTtzm$rZ9Fg&5A|iyoa}FPD(Zy3#8a;QQBQFlk6ojT z<>0d`UogpW&~EE6xpZy&2QLLV))r5#l@uG%HCM>)lif+t_XC+mN;S&vHv0KmRv=ER z7{V`1p3(2TdVYAUqM(5>0SpOk=fb}9{;OfXFNJrZ)O8YjnaClCh?_ zLTNc#u=;m|Eumz&>B}RgN88Bs1RiY~`83!z*G9g$m)%X8lsL`7Xb|3SY}{&$e{3cw zzftf|D(}y{%gz;P*s>IzNc|aF45IrvFd&?5w{R?j9V7W7@Plp@)xC;amZ7N`O=6o3 zz6I@l<8z*ow-CZ6jI_9gQZG4z-*HphFQmiHEZEqH}bjpCebxGN^S{E0`GgY?56*k;wnxUG(U(a(aB7?nJ z)EvE#o<~3)g(V;is&-BK;Yi!A4MxPS91#6v&M6}OLVA9p9s@jE70zfU5EkNS#{V85 zF5T&yI{EpBzxbx0bG(EyDwMc{&j#aY=YP`0B@u0I7O}O!(sPnftF$hNfZWbh+)gBG z?;Q8G!sH_6f+bNZS4R9P@T4X76F_e4Jtsxb?iFfo4@D~XYt>$kM!dh0)JIfuARhyS zHG(#Dj%TXNW?E+Ij6A?F@`p!m9td~r?Eg>}TT(VmN@kE?W^6_0O^ZzjOBY9d(Hl%N z^u5n0`2q4xE0s}26UQ~mSzxWqGnoiXH8|6SyQ+Av+qtA|xq~up$<{f{T-j62GVU_+ z^#p}7?K_I)BtreMME8F3(le&OhzFkX@)g&#v~K38z%|`UYMV5;uuuM3MIHUgjX!r% zjM8x{YdnCozWV+kydY~}_HIzpjHR8I8NMF8FKBM{bQUGb^-Bu%lZHVs$&qa)VI(CL z{UX2WGfmBpcL#kuxVNFK`@CJkD!m(di!%^uNdEGZMXDYa0uc}X~ zJ1}H)oFC6ys+>Ah=z0Fme9^9U{<|_ax22$uaV11bHGi0S*%paB1Hq>2{doTPwZ_`6 zS(TOOo{83A5NUe%hjGu^XW@@$rZ4AF1cIOWL1lfkZSEZ>{a9OR#_AFB&PpWvo?GD8 z6*@|1y<1NlA6bY)JJZQ;nsjr5d8y$38PYuU2gg_)R&iASxbRZe@DXa_OeRX$+6wL= zu2Sibm(wWIKQ9(7GuAteG}^?QJ*&OQm(=0FVThw zsmgH)BnenM*DrVLJ)o@ZFAe3 z?DuqRHujSRyuk)2|L*qx=tU6V7xp2Y&I9=lr=ib)86!qI)wj++ky-Lkr0WTv6Ojc4+(V^0%@b){D`H}Zq=7ZZcPtbAp0vRlLi7QS_0o#>*q_i-ziAY#(=6?-+zSxnR!?j_PV<# zQ%@|j&o_fRqBrdu(on2Uq+N2JH?OuuT%1XCD3S(trepQgjU@s7k+?G;O^9o0BTV}S zQGVB-g7Kf0@zeua_s*(l6mDl&xYn5tXS{ne*jv{STb!C>0U2dSd}bLX(t2j3nlJ{Y z4Xe?oF9!79(Mb)q;!<3OR3O)d&q3Z$?IXPTEt|HSkVO~|9`Ji&-^288R zLA!E#KJqH52x-#SYkwW1#xRBXaY+t>{4(Mvq?EY`irqg%{yiG`HS`cV zF{%g?J$zI?Dn)ug?Bo@MiW&_S;3Ppj*3<_(G#P?iYX2Xz0{!cKd=Hm+f9Z(&&0kt@yNn3vxg3b16H9xC&!YUlcdp_tR? zK0dnFOs%yN$DhZ;5}A5aoYHU%f@r8B`K! zUzxaYtLN{_ra6 zbG!iUeus+fdRu0gRk6yQ4|=A|I&7F#j3R#E!8R_@qGP5NRAE#+A6b$~qL-~5|G^X* zS+=tj^+z-7I5j&d5HulsI1&IJ+&a}Plw|k;sYvmb*;gGvqU`NOJ~%{x8wRQS9Q)Z# zUGrhA*RHig(X0!z-eYEaKIau}F<(j#lEFRB2}sA~5UcmnR{r2CYmC{S$H4PKP-*`^ z{_dF;>G{}1ZCDG0eAgI!DIRu<_dZ8<$Ad*;yTgg59DG@zd|a15cO9D7;8!Roh!Ap@cURac56y&VqxO1PT_ET(NwJq?Hj98=dRlul!F zbC-WR=mNdCD$Kfw18}wch~bR-Kpr=wTeL@!H<--qqE}tEt4zB43CQbr%t-$~e|eD` zZ}Hx-y2WCwvacaNW%Lf00Tk+f5BHlfsrM9|YnBSiuh6CgdETAKU8Gh-DM2dDoJk9{ zQNlLl*w!qJ;@Abe!tj_-qjR(zhv@HLv*yal`QebWSR7%ksiqFKBmAkDX805|?4*~? z#<}3nVf-6iC?0!4T{#4CG-8x48ncyAgMaR}9heiw96?k`i4sFY9%=z+NJq`!b(Bb6 ziu+KqR*v_Qd4_^#J2*t^pPTh1X(8fUQSzeQqJsX>YUqT{8W{!UrNf9E-$R%v*gI?E;GyXJ1W43M;qbBU#>ycUH|OU*c48Efz;XgAV!rJ z$Cw8YXhht~9d7S#zK6lGb2*ynoN;g^l!r3UAYDCVpP`t~5HkrC0MLu$3O@WC5*sYO zOH+u#w)f+IkpIg)GTHH^hGkD{4BIO(Vc?q*x;xRW;3`I^aXa=;Rmi*T3+C@H~Q=htT(%P-u0MH_dz!R+xD%o5CPxsVDwe*fj zbl?e*_p05JeCc@hO=S#>iao=gtS2_ZfB?Q*-f>Ir&MPH7fdJI51Wh>*36JbVV1JG6 z&nu(NQj(#I4Y`&08OLT=L%O~)ZQebDtS0#9r{)K#YW!CLHD*qTMfmUze4u; zM5EwT#bYG3NdBqL7 z2+DeYfXcFx>ZqC=FZb;xDtPPYkwXr$Q@0Yz=2ZDuwMVHY7V>!y( zC8^IPg$;27r9meP6FDIrPF^0Mln9I2$TQr4FE>$MFBUyg;V^P_YeiWd%SI%xUY`3rAkL^!}$79_ts?4bPgWv$UJNU`ZKbw=}RY?41U zqoSHn( zk&_~xp&Cd?)`Q%=DiuIn@_XY={nuc?16sUx=@4E zG!bu15ZvqKQez@Mr15Rg#_@J;AtnFn*D?E=!ds5?%H)%}YU@#EmIOqslMG_csW-tF zPm$%c;VpUfILG*(Qww{-#FOE8?{$l@%qk7UuYYm`|!Q8F?)2m zo1;S}7B{fiM`2ru-_s*q&FrsZZWemEdgI!RgZKT&zG+xW0U zWU9#oz50amt1}M^lR~?G6+K9vv*w^ud4bU&f{|GuJn0!x>Zpz9Y>I(CRI}at$`+Ir zeM7eAb@10!(%HRCL7j|feYp6$=QsE01Nvq?_Rue-94GoU^WaD>^8kG^OP|2k5$4_u z7N~!gg7u^?jw%sQ&dZ-AB90Yti=M<=?arT4SqOVC-A!CW%u?r~`Ln@&0Ud|LyJQxq z|BIWvmk2L@S;ST?1M-#zCV=`sd~a*ye%HF>B9OIG%)2DJ&Q4|_|8UwmZDgp-Oqp_c zhhq|8b!B)$JE;2Oc&o?0{OcB=@a&F%P_-j%YK~6-10pqiXD{u8^E*k#(@xq~x7qI< zV%Y<8)gf7@RU)LB_(&+E@&>97IpL6TCh9o6&a65$B{{HrEXYS4^yc;}KLlkDuD zA3HHH*yzDJYf49EYTqK_e6kOl7reYIEZ@HwegCdUK8B=|ienfbCR*k}>|!sMzH9UR zJnbjIqhBuS5^~=_UxwoZsJ@izx}nF z8L%~=0v%RvR1^8PNM#?rZr<-Ouz zogGM_!$=jLdL>dag4HeuLpJsta^#RnvN0DDnA1Yr5JspMGvr^DRLTJ0P?x3DCAG0q zF;mvl#F3s>OJ>PO9SSX@%*RpzDPCu)AEr4@+%c!Y|8M0K)FVpRSbay!W32DB61TZ8 zj$mCvE8SL)8guf{>-hYPJU{CB@QbBMz}w|y&;iM~$&!sSQB)V!+24nE5AL6EtmME! zC{pB1Y}Z%Sp;`jNgqYUGV0VC!#ZG`fOJ?jST@Md6zl5x#BsQp12=5Ikx$PippTTzTXu`fS)gCLUF) z9k7wzwr%FP-AR^WwgvTFJjWa0<)^AN#D`hFF!c!ULul>_&=Y#EYo`4?(h8#8iHj&s z9xDg}4RIWc`aUjpX4pWy!ut{6C&Txl`gdf@v`ldPESG-{my$kB`J2i?`h354R#8Vq zVO>A|mTUv@7T=hU8mxae!f?3zEnG%a?*-iJ7Q$k3P0lO$Tq3asTIr2 z6lFx{4()WEwW&LYwiJ{g!be_E1afYq|mxn@UX&U=;aLh#uK>;JEW25I+2ZU4vjW$|%I#QZ;IvTHuh-G%D7iKr?j6g<*iz z#$OqhLp%E8+dC7Nx4nAz92JN~EEkj8!y<<%%`1PMs zP8J!?n06V{c9m>zX6WgGhFz1GzYxPJSF#zZ{&5Q*-~;PFU@yUcw4jUNn(%LuA_&M& z&JMkB=pxHHPgd>k&Z{WKp@K8AKzK7+Pj=t>5B{VM*K=km%7S&uK*Q`wY*nR3y-%#$ zpo><`G%~qV1w@-i<)g*mE6P@_qTC7AIb|9qsMZq|XwTm*Eho&7r@Y#~LspC0Hd%cJ zx$R55FWb;t(7(spZj{OXrgEet;PCvA{=ED+*8qI%`HXX8*#*9NI2rL3mrsKLKi>ro zeSoBtg+KKWj*X?J>1#~s6OiUckxm7PhhwobkpTrz(K?xN-Yl^R1Q`dV=sWaxVX$o3 zp%oZv2NJXHT8TtYin8w-=nx+1SYP@1_h*)X^Mt#_((pm)`SHa@gTuNBYFxVDw3*^P z`r3FZ3p>`di0t|yvde2eU{0TT0Yj{+<)aKO5JSE=32i*?`y_}w&wq-X5(;6unf8eK zYBUAzLvrj}K7h?Ng1Y#(bUgZD#Yix98P_3W-jhQrjc4PA4%)}qz>2`5`{tD5QSlax zHf{G2qiHTn-sfwKKcFnStNxS z)&ze4t|rG+SkC&&xe?5es*Ubo|BoS6OPnj8li$Iz|1ujouG%cB7WgASn2uvCq@CFe zA;McX$uk}a8n19P_}R3|5zu^d>CK!Xmvyg`W@W-^3XS)@5;(D4_zQ8Lf6!9PsS^N!TYf-l1_dG z?wS*;Uo<<5oJxZ_kI(04b{Fh%A`+wKpt5NH3|2Ms@tV5WU7TMaqL$%By`10lpBwZa ztz9x7RJoNa0ld{(v>vyFk*L=)drP&6P$dgTn|UMJkN;LaZmovC97kCtGLM18ksDg9 z?OuY~SypWqt{?5U0{#G~6udc?7|C$gj~q=2YFt#RENOsP`a8f({_n-i$8>gZ6Q^3( z3z^{fY!6#_02DJOCb3p>R!Fg^hB$c%A8ogzRxJG$n+j_OEUn;q-*z{CCV(FCZ8>yb z!6G1hgtT1r?6{i&74IjZjaJ{YLLb91Fb|j_W`3KlaA}FT|F(lF>pnE(9ZauZ>(Q@{ zMlN9EEeIbxF(%-b!c@EXdwVtG{zKY7QK2!TU0GSmG?Gy)x@THs)u>rZ{7*W;${$DI zW#F@}iey-spzPogjduTAkTx8~?H~MUzJ-o4f*@KmCqLATMLVpH;q1v}>W9{N`%l`+ zpol`&X%#4NkE|oj`?q1QVpB?r8UJ>o-hqLb#xrfq=_haeKd6Dr9uiu@*?1EzqtGe9=`=9%nt=iB^XXT2x$CfU+0){jvl;}X0||>|6xV(oII2u?#gMHMkCuE6 zEyCGH1hoFA!gS8=5fOi;Z=qL=CPV+s-&K{TO@MLU`30AStr4U9H|85K-CIK11;CD7p$qCuSn_8>0R;gx6U>70(5W+-WwDFy4?P}L zGw;H>_R)WtE*PI~qyL*mfR0loky8kO8i*b10`5JkDynJ;$#`L_O_yhF7U$NC8TiL*CKcE+Cu1N*1O!D7@N=(3oG06eo2G(#(|Uzgj`0U)eV)!- zl}y9@@HV*`>mY};j&4Ey$kT_!a7m0x^S z?``W6lQvFTO=2MP9n}9=70`vq$8aOAlS#A1L@06fRBMK~B^QLAiXAw@VD`K-TS(x> zuGiLXUt68&Mdyuvc57m^7U8}GbBEMn_{7U=8x>|=*?xb!=P)n1OMIlDe+|d;I8;0S zM|%WVf^2X$>@pakZqWjV4_AJpXyNOxK2@xVWE+J0gRQI6uDZX(*X1NZ2U7b_ z#liERt=iHEB3nVgeB7|_h7snQOjmjaF`U~pK9$XshUF}X9t1)YZw1_7i0fos5!el2*Pa$cl>bBA?o z{vC?)#z{J}bE)o}Q;@`2YCZP=`k$uSIFy39tkD$thbwBxKbF~9*V${=@9**LS_DB+ zR!w{dJZDST$^$`6Y?lxkV$gd1tY^l}y}FUz_0Qu*A>NdtPfB%OxFU zhBrV|(L3c(Ne#mGlhgTw(<;;#4Oa|XiQB1jFZV`G&0m9_F@+j~xx8-Uhhg<`V{qi0 zX%CBAsRoSgMI7bL4ZC4!jNtQ6W1DVV7Z(BSUSyBIR{5+xCWfFr3bo~2=9D19R+dVQ z>c%DKVf>NC5X;m|{7hp3JjFCZ|IZ(24nT#+6$r_3I>BU=5f9=(I>d~2c=i#J)*yOB zm^Qzt*uzFITcq6wcr>3dW^*SMk5j#jW%Q}1lC&>LGAhyzgL+?Ro6_~%hZUDklJ1M2 zzh0~o8MY-JtzOZ)eBr#o_}k?RA>>-Z>|fk{PWsw>EPxmFrx=C7vANU8yXh3&Ao35xN*g0GYvJdolxBG5&Q$=mxZv64{) z!nT{=m!kyLm_6FjSXSlJ8oBUJ$Ggf^@+;ED$Mv4x9|9w%%=R6w)ly(Qjq{3dHJs+v z2r>6a;T`Q1^;-|8F|N7AB@Sq?pseRG1TLrdcBwAbCHhbutG<|#iMnz)Jd9daH3mn_ zVx;*(eGn2j*%dj-^mAs;|GP=+e39l2l4B#FEj}AS$#HdGUY%{YyBz5&J?tswXN(lI z(|MkLgo+zL=+%U1L{~!2mzzNIqha@b$iWl&vsJuz$#ST7X{>s?E;AR~C$Vv=zj0+@ z?KVAT{7pU2EyC^oYYj-{!T#8fsd1pEcH19DTcqd=D-U)nIzGIbbO>Hh)@Kg<{v03F z|2&BrB|cKc9;#KF6Wq|4;TWZGb|m;dttJ=8mc1}hGGS$Q3wL$GZDt8bwm)&$BjE$u z-O~AY#zcW`eExFIDupIGRDRU}VzbBzsYf7hq*7U8B3>J6O1F4BmZ;M}-Di5j z3A#cOX@k^<+h?G8<_eF1$UIz-pvg*4CUoV#va6OG=wVX&cP>^}ceAnR@0n?k*zYu$ z!mp#toR5$Cj#g$cC_SG?&=>=K^RZDV)kUqFUWZ-N1%s}D6)9S)6LU2`S>lah8-Fp?`Ql`W&AU{rsLEFpSs;UzNcn7j@5cl z*-}}w5=_-*Apg~BZgGcqQM%&DX&v5EF-fKX`V>LhzJyEEB~shBKf8UK8OhSO@7j~!TY$B(hTh*s6Yil3c^lc+TZO0%5;~;)=#vA>B|XziCUE6PP2H)Bzz5Z&4G+i(u-) ztT^fcT1mZQsd$r}=+nRC6K7Uc%`NwbErKX1HH8`Vi@z3H5|emrCkW~!5DFAAH3SMT zm1dKh;Fx+rh9W)|Ibi~djwNG0rE26gB;f@Z-x|@imb=z`%p$kOBUF>|3bDR!q3`z7 zj7F&X1tML#^ zmzTb~)W{UTsm|0n8Luvimw;Fjun`;X8pvK8jtP3IOSUO$mE8=R1iS|l!augs$AJ0> zlna@26qrP2X~K(Cv6Ty9b23>|3(WeYrDu{Se^7%jwUm^I1*?LNJ%{Gs}) zTlkM#{8b}~E6NKsc@Y~4Xj;5z!R7J!@JVMbpC0tAU?ww!5!Ze{*kH16aUlm801ibk z)C~UNR11ASxDNiLCkrW$qKDU0UB_0UZPZiM*?9Hyd!51z&Ks27!Oirfgy!6Bbcvw@ zacb@WWe0fhAHqWr9XZ|@V!c=JEWisiiO}${7p2OMT2?kHg&YvG4DuU6iZSz#otX%U zHAx_g=|iO$80Md&+BI^>A2u`otZRDoF((o`zUuZPMD&+ij3tq=;E9{YsN8Wc*355ad&o})Q>hdCfo0yuihb8Y2GB$l6Q%fU|CMeXyKA~S z^cg;m&Jz<8mf^J^s9K3&B2Qn$tLOIiO8)E$IPDHIr1Use%i|;ocb}W29u0KR){a!LOK)?vgJ3#Jj+CIb z3Yyb^)pk*YyvWvO3jIRbw5JWK*O665v9*t$!Zh;PK=9Un1dQ38Dv8!)o{>}wHO4> zrSO~?ZlJc5v<{>Lrf#2qg0eiR;Gl0X&=ScuqGy)pjZZ`UM6FX0q^gTlkA!5Ev?8Fp zrLOG8GYG5PxUVmn%099yJ}|FWo!9gsf?j6|Rb8gK7O)K{aO8Q9rO$t2((t(~=F4elW&$H(X`Zn0JPC?t2goPPQWV?HEGpz75NpzPW z{QLC$+}eHCRl8$@sL#;cdH%!5@;J9=F)s$c*Z%Cm$N4Aws_QZ06q|6Nrg#Z~TWulJ zUmvE9%t-*!__6fJpHk|CC>fZSu>&36Hl^AADcIo%0jl^gb-MC z0y!5eMBf~U>HGkwV92-dR|!bwHsw3$jYJ;SBi4jXMPYR7k-B!fK8%Kh)R{7~P(zEtc3j=+T6oo+O0;7 zLE;IPZ4c+!m|fqG#j$Ivtc~!AEyTsmfexD+^{WO(`AyC<``zdv)89{p1^l}~5*02f z3`m9V`f-tv-N{@j(fMT)M$0!7G@;UYd##$zaB-#gQTY%o~?Yz8r9;d%4D*b7mm zzTb99>>=5*-@=x_8q`m?{2_3CHi2rF8OeKphW?BS^x(d~N2Dp_EwW#0ch9dEe0Xd@ z4B2mKTX*cnm9`ODB~9PLvi^8X;<|$N8UrNs4H<={WF_+-G!;G^LZFb|4KWDqR~Cl{ zc?lY5t9>5-z($AKB}VyX=C%*LvbpPa>qQ|s9kJ}L5Av={(RJpI9O1zdZrou>IlVJnGKl-x-&wQ@<5QSdN zCyYY@1yJ7oE8xQkO*j=--Q^~+T+I0^pBZ)~q2>X#v zsAHv?zhy_giN8+rLiaau?n;{b*Oha>B6{<*!?3*?P*2be5@uO-h`+lV_NR3^k6U0k zW^ZA;<`i?7%DdeVBe{=n5rGxnZpd6JfN!z~Q%e`VEyT7#p5ECS@5ZmVQlb6iMC(R_`^!TnLobOgw50M=&s+p{z01g5 z;SG5b?R&|tBqbADe_m!+c({L)g}yX-)IJ0Ops$>kN|-cEQaazll_*>Le5Ibq+xye2 zYiVgFeY#eV-t2(A#n3hpq*%7P)*RF)P+YN`0ZUq- z0N|@mOmj&aEu0lDj8GJ$ANAV;+|5D_M&pMQ>w5B2GrmH(@f;LfAXB`I3=tn$biXYf zVWWliG~5eq!T5_RF`e7)EySspnJ?kKbF)F@KsfQIAbC;!d~8gM7jQ`CP$=+kM4Ap8 zaVmC50~Q-ZD&cUs3zUGLdI`3pk@qhzNsTucwLqmHWO}FDWd!>+{v}#MACil>&X2ts zS`?VN*%L4}0STWRX;Um(*H?KmkaCdevy%4D`qYkk5kiclCcKu_`0P_pHrp)DFGg+$ zcE>I94z{Qyx^xZNCMNbU6QIpRX{`X_gB-tZnL+r45i7Y2AF84 zeKcXiJW`GBb4-DYh;Pj6YASdvxUvgql&~O7TMHMR0Cu@^*0-!z+fh~XdoqdseCTC} z8`$OOxOR;mJ&oeMRRT(OVMG5CYP1erqv*izG8;qIH-avw{}!xr4m?}7WaQD7 zl>oDdQooT+u{x{HXFQ|{8Zx^lpTbpocD1OQF&Q2{ieM-L$KH&FRm#9_!y(9;U{HfsTqsP<@vew3RhKxo#4` z&TdEWEy@8hwvVIUrfIlNHW&zKYeM*14Ic5 zsIm*foIJcf73&uW`XQ6LpUhi;L?5H}U*yx(wCK17mc)Dm}P9Ogoy zfE(yH=-C_!ZVRdGS~E%@zUYl<6&_h7>~-vG(DF2iLP+^g6o$R^y;}b|CI>IxDTtcf zTuIp5i`V1yvv(sYS2eFM#6QZOKYvfg#S;Fz7uL52ZFk_!`m|BhRa$2(A4I91%0W~bTPT6gbq zQ&s#my~ecfR0#PsDUbmH!Oaqo;rE+KS#2`eEIuzY32oR-B-CG3Ws;nBla-+)hl3ZU z-|(MM80g>Xd2X^NigxI~zUsbQ11xx$8mG3pKil?YB2D}}AC!M%19ht~wfMG>8(vQ@ z%&{@Ap!Ix_4ew-7rlj#!7=>RnJR;-G*no<&++>3b7~VRya%-UL&D$6` za66N2D={5sMC;K*cnBn^pm5pKc@3T)eonRy0aQ>(G$zV~uayidN-GWO-?2u!GqVCX z-Ra~r0xkQ|YG#ZopxzXj&atVpY5j#kiz0Xie+sh}q!$H#0!lA`QOAJruDT_)%ENK} z{IRcNL{HJGE5Bn@hu~USJHMVl^5%TG-O=1o@9F8`dD?~*+qrAW=3rt)8|!sBH6sG` zjgy^2P=8Tu0@NjGC|cuTof0Vg1H|P*f17IA2|@ zj~R;M;9VO&9*}`*=ERN_UKd(+N#iEUz_C&gi29U|6U2kJ^y#ij5BF4cm5* z$oNM7XERkySOp_n(;@SHr0+fU8-_Wnv2L2gTAzbhv?yF8v*q962M9QyQnP%t;lwx_ z#~ti_e&&&AKo~InHYc&(rELF@S=QkX@ov1pHW?e}h*1IV+Y5Lk?H%#rh$QiwQ=^S%sxM!w8h8Kx*PqsW@K6SxrL zzHxEefeCT&ByN_)#qz20N{=bit&4YEP36q}guVan&AOJOzDI833c-MT;UW10g02DG z>-UL8$<02Ht4`|va4xN{=Hi4g?JKDIYdUjf969rv5BubFT=Nydt3Ht+nAc;7KMpwe ze8*uhQz!Z$Fm)+4^NB@_F)luioFRWlTTTV@PE22aY_7Zx7)a-H|LIM&HBZ5U(iL4< zV604Z-Bzq}IOAxMy!}aya4TuQ<9^#$qw7t+>TsYe$GQwf0y<>>-T{DzvX1CmKShUs z#jj^1Rcbi7Y;xFuZr@axkbP?R=wZABPl;*fSYqZ=U;K9A)Yu zc53u8v|hnTZmlYZUB()28*iLH$?MM-b4Py#oNG*sprJh4`&dp9|CK@j!A1=?3i?3~ z>(}irUBg8!jf0thZTSF26Pri5+7`HqGy)vxM1+6CVs2pX5At~x9{gluBRBNkMr&W?fc!o8hR_~-evnp&J z`VQKI+0K`JZQ8kMi}F>!b$H=vn0{teHa**YmL=57SGFz?=|t5jGizHLKx2q(}cX zgEcYF0E5-&3#=o>o7~+hRLxjDKRU2n{N2F>uw1@&<8R8DrY^%8cjanDi4?iRwGYLb z=^-(_8Q8Ccp;XhzSWNcif){bFAc1OZeW+umR3!u2R$n2*yO#V^z2wn(OPb(kyNmWtb^XxQgMxhdi6LN!4=AS6%?XTTnU7NY~k9< zZtB7^8yF(iI&XstLix1u#jEN*8q3Adl%uh38 z+{KP7)MU)-Pm*v>@U`G;=(QZd%sQ9;|Cn|7&phVgSYv90ax_3{GP$<$CtP(xz-XA% z&`h)3lmBCk`*>nEHNu-g-<$jY1m(>OX@f2Lg)4_%s_C_qFF`iq30%pSY5<>~KS_c2qlW7itxF_Y`~>-Z}E`f?|I{{9@mLe@^?Pfr7f&=aj>pw#^& zG`h-#azunQ!g(O9RhE(knXfoYg zaJ^!~bW$;xGyosP8QKDa1XEyPR}u8vc)4x;t-!-&uab#QgPY_K(&&MW0Y%)5ZqCh* z%yT*vE3fi>+mE$sZ*F;fU_u+<`*HuQl04O^17L~d&3*s68*FukOTe??(sWzIizobK zHS+)JUdQ!G(5%+Dw=$HcOeSS-F`bny00-#}4cW$nr=%*oEQ}J2`oH>ru5#FXq|#iU zJFxOvm2ZG+0|}-_K7`+7wZ8~tmHoPEle3)rI1ix^E?6Eka3Ec8`cko^euk54-xCuLL2@G$^dE1R>(u<&WXu#750QW{mcX!E$b zLPEbDCI>)D7^z_UNTWg~J(PaH1LYe3e_zYS6!9_n8W$GKHhwknvNCINX9z3a9n7@| zGP-$q-Z>kFFg`BsM^C#b2fH5>*o=A{)5ul-7=wP)cMbm6>H>X8646Q2D^|`3(`>Ie zy|Gun#CkT zn+s6T%h80C(8~^!jy^Fn;}Hga`H!xilfhE8LHqlu`_gl9i*W6$wxlzy^13~rT*6W9 zNY4A$73Lg?&c#-?8-3W91YAN}=j9VQQ`x^dm$;ZlmlCoC-smLuzCRe7u+gcDg2LrQSU%*U*#YejJmsOxo(d2DREQq z)-6>=Vp(R|4*}1%cf$C=#PfvfQN{IsVRLJj*pczi?QH@@64j}87GilvkXH=bje!A# z>c!V~${H#_H;f1PP@7`&CxKVs|3fZ!2PSILkQp>RtfSyF^_Q1wnlE4`ttOE3>KR9zmC<$-(mFEY22*EHv#w^kCM?N^ZSQMAQek?;G72B(G&M z){WnBau9*Rto|f2RvM4*6@!z&2Mc+SrDX!{eM6zNanQZt^2WxE0%70Wj8RVG;Gfpa zVp6*VZ>ws*bu0=tP=29g?Wgo20#G*Ku8MVu+g{wgr>9S z1pTz06xE`*(WY909MoJ;V)h0GTY?J{n)tV?cOJ#bDv3oa@H#kPS8vox3{joqo%I#6tx}>hDT|5|ZzL zYC3HS;@Rfq&EC#votYh4!4n1?tuJosrAha>fdjpf+ZM|j4xeiell zb#Exc&tGGIl&{|5*P%(B-bpzeKN}<~eU_y83qI*yn#*@L<{bkvxqx?;MW1b!%raR% zZaH!sp2<$IjR94s2_${{7@BQfxT9%r2o(t3I-tvU?VYUgI!1!~#ql747X z%cb2JW*gFdyck{SszHRF_!-vuPs57MH^O{QPtVU3`bk9G29pgL7gZux4)TC}8?Mq= zkfXBEoY@WfjfDz-gUmFWe>YJjQ)LD#d5%bT3na^trHdc~={p-eE(6h%C)V(HyfY{G zGHqMLL@BK!7@)+gur)>3*|^9Z3g`ZHYB`cMMvQbAL@n5HL+=A5KcPV;w5qevNz($c z^Fsd^6*E(9fd7y5W@{@PIdfpOTWL`YMh~KDh-Sg(YuGEob1!|4a~7IPN@IY?1(|9g z{6-!opn!N~pk_w#^kGILM)Nup;skfn@|z`caPk4VDp@e((z#+z$|?Kpqncf2%!>cj z4khATs4cR)(Uze(d7lod0(RsUXC6&>a#~Wxhzb8H4_5D0wddPyy^kC=W0no5gR76> zm3h4wLlduyS{($PtA^vNGDS)ss#L);Bef75dP=pGpqRs2o=ZH|%FJQUX~rz`pEM5K zY_K#Xur!vO$8EQa0mHz`v(k-?c`Hr?!4l}xMmYD%=$_b>X{2K`c7NX9^>qA&|({>$i zOR)oXzVTLrD>CNW)aw=npPE0d5B{nOo=Q2~ivDz8kCXM=y%m?6z9_W~dPYWTguyF` zw;ZzG90UfGny%W|L^+_SMSlEMcpsV~?e@8H1qRUU_)}`{$}Ruy0O6!-S1sBbTS^|g zZDp&-`}?(e^<1aS8cWf_f6?BptCC~cq`~&0k@wIJE?oM!bcNPoo@a@a{zx=+ct(vK=slC$YobKD(_fAop z=j~BjTMWvBqq4X6v;FE}z>@ln+n2%Xw?@N@@119GR!GX<%mHyuRq;8JgQ8#9XB!}W z$9z`L`$H41)>LF*Y`mg_T(@a*pL-7PSAbb&s#fI??JHIkFU9}Sv zID?YW);oTdFlpP4&zRbfQ9U>W*TeSt&-w)*aYyXG8WkirB8Zjm!4mEaHrW2yqAV*SdFXO6~2G7au!Fbi7pm$et`IaOEWxIA*S zHYZ#sCPL|5j167O5Rr+r*x_xV=jgWMLNBMat9{9!^IAEMU!FK24Q$SQPjoo9=axx8 z-&I|+*HZx&>hK%99B*6`D%)@Gq@ebA`xevxl!2L^*$n^@)`{)vDT@PG6G~XhSWru*Y2JCKGJL>?FoM-4*dhgIe11$Tm%y0 z9dbJ?ibRUzrJ~DbBBf_YiSRL9J>DdahUisjeUvz*R3+6}aC4o$K?RyWZWK^u&Ip9Y z>r~fhr38JqCs8RC=~%BZr0fa*DvpvoIklav1hFqmcX@4+jUphdvlRM_;+G=HANKW5 zJo0m*6YgrgvnOcdvDLJ=c`Bt)dtVk}i0>jPI>4G>7BLnkJb9YYJI zIKM$iy1|eiNGuOw@7!oq=&EMem;>t7_@=DUB`J1H#vMazxvb8WB>FP=UL={dwHXY}L&OtH3X+GkM z=-)W90Bi_GwU1XxJz$*(gIm8gr_hzeunohis0XYr_e9Y+yxrky1?zi^4j0RC_*NzplyvGgJvR269 z1rKxL8|(CfD%zSvmTJA2*jQPk<$kbg{vd*AEp0R99B70tp!hYlWKeH19j6}o-$RJ{U6jLVdQZ&{% z;)CIooyQHY3<=p!mew)Z@U2?rPr*rmE^l>dewD8Xw#`^78hoX>85-L!mu4G4#NIki@bXCBE=zX; zt+Am`knJqs^`a^zBGVvbyF&S1wr+HaQQs4{&1==dE?qGX;_2ej4CJE7o{Cf3Il!$P zxE8Nqqn%Wy6toq*=5-Msh}Ntk=e&J5mS^?!p5$~sdwg8@_O9sSvfmykx&v#K?d0v$z%D+j!d0`mWbu$4ZKA;h{qb^CQjvO35MP9(a9kE+(U1GBJOhOLQ{HpC?%tb)WsYjc;Q!vx6l>EPcaB z(d^0$@^>+EJ@qTAcu05jb?>Xy;TjQ{gXpA@Ek_IsRX(zwNre84aL#+YeG_^kziXxU zYE0Efm-WfkIu^#Pa&{tn`vo&iF%wp00e`Zs^;$Ac`rD8!-FbwGe~+Z7-vq`3 zoe>*7<(hQVNsT$<{{iN9oSeP&NuAK3IDR^<*+kpRVK_n}1%?-!F`tzNcg09&{IcA6 zoU14EV@##Tjr;{}&fWg3voaZ(w{RgKqR+1#gGmV<|S%sEq6YpEd7;QDW zYG)_k8!gC7Ns-O+;&9rupycqk@HKIggUkyH#l!MEx#o{WO4T6d`d50q+Qn;DM{mbr z$IE_QNHe@r0^V+`UpfGjvX&E{i&tv)O2h0jO)E@0*{Ppl&GD_r9mi7BOnptgRyR2O zuTZ=Er6^Hkw0bL>aGrmGNTMkWb23h+LfH*(_I1n^m2|ZJkH;293zKcgN8hIX_=n@J zyOD*csJ0p%vYv+(`lK$LDkD{?WqI)qS{rMdAiIibNdv%X@>pqhRRPml9zX>Bt#(D> z@evseIoWHUBsVBbz=U|BzhG9z>wZW4sI4?_kkm=3X(;Gz&I0gO zu!<14;}}na@gCAo?3!>Wf~08bV~d>6=)Pny=(FVHABYCbcN5f2uMoq%tco~EB6K<4 z(u$@eO$X#oJB0uIZ6I^dWc7V3w=h2=)Yqa&k6&PP&tk3%-x&LGYmIUbq5I9;Pbg+Q z=EUUgGJCp^==vWy7_*qD)sNKurI;wS)W2C!V)UrJlYe~oUO!(DDsSZoxbQXqs#}+l z(pVcZUGTJ@#~dDBH!|carf}L87sNgkxaya4S2v+ZT(!B%%TRZ(7b?pYXsgkre?#s) z`LfG61j3w>qSEYI6^qi*DApc}Uyu3t#!ylJ1%V&4HhOXuEwg>5B6GTgQcJypthOxw z*#|ik3#Q3H`0o;I{6-r=7SXWMv7RV}FD?H=u!mz91WKn3>r)!;bRa z)Bo^%`-oW?A`_!OMENx_+Ru%M-bz@uusFgZ=0$CFl-K`k#oT9{0pL|)6d}~*FfIn+ zRoi^F2Aue$xjq(8qq-eR>Fw`LL0zBlfcy!5!->aAbJ9Ht&ODeVZP~2j`C;(4@T%YQ zE&ju(^l#zO>u%49$XC0W()puCD%lnyuDJHEUwW(e^jft+qlx3HHQ>j;j=jk)?DjqdKkf;-i@`HQT^W68{Ow;*8V2j6z$C);$ICAtJ*0!qM52VU$+vI}>uTxFJ zVOFOF5*4nfM}w&>e52sU7A%A9;k#6t;1c&<*7G&Ow`T2kA+qf@_!KBp|M^dsMZ*5G zGFanJHEXtCBrD7PszP!6gKnftOHrB^D+Lo;MQx7`bA1^QG{I{gSH6)zym9g;u~+q@ zoerPm>*`NnBT)WOZ`o|UzS`7@9Cpy(JMLXCa*V{c)E5(B>|q>85cRFH+81 z5#nL~(tVjb(Bz@0oefI&dtC>j;x*z|Vr0oBsYk!ma2YIkVxOP?DVuUTu_bN@V-QXB zmd!`EssO|XFMozzl)w)flYwMF1H9P+3k5T_&H*G~M-!(w@!O^{g3-W1Y5%$uM^#R} znE}@BI!%G~rn2z0nZ;ZFWFq|g#I=HT1P-)6^dO!Qn=~Ib2ZiMpG&g>hk%wJn-Euha z&z2nerYkDn+4w^S37mkRjQDrH0CwwlxfXs!V;msn{7>ViB7r@~Ph-x4%dPXjmR-jq zYUhi#lVri*vv|v*w)o(-T(rbH6f2S?N<;!5Hp9^PuR9P{y_#PJ+V_ed;%T1(SHq*{ zdfNI^Vj_-Kx%$Wn3?6PTf#<0U*EtWFPAXJTckmleBoiW9Nj3lOvaV`W;6MphXvY;3 z)K2zS#01E~I?~q|3^6oN$S`y}$coqMmZfrre7ToTtV3$&&x{f*^qfaGJm{=@7lk}_ zp3fnpCq77qFs|i0AfM?qSihIn6HxUO_X${g#RRYDgDH?4MD5rYGscE(v{88V0k7gs zF+);0TIKhEHQ;~tW9EG8>Q{s*0JUF^?yG-Vb-!0OQ@|GXW)*9suWe1!9K^-P@1w+vbDI`dR&Fe1JSGF?S8 zFc~n*k3ZVz%MBnghp{T((IIh#0m0RpL!CK#wGXE+Lh&oiaw)qhoCXKVJI3SKuydt{ z*ggSyxCT2Io-x>&|MdW!;88T}aPu3qPjB}-hsRH)6|qmx z5B{t%{vA+aEqS#qBT^YPQ0(c@;Wt$@@VdW;0A&CF!2vtW0SX5m42{79sgW69iZ$6Y zLj>|PYvIfKWm8t|s)TE{FS+}CEEv*o=rvK?AYvx;MxSPwKML|vt3Rb(Yy}?44QFz| zj6VDohKf}FP-#lVyYG428}Ar^$6y4ZH3}3rxW59;Z!Wh2uSscFuKl}pDz3Q$dEx45 z5Y8;9=V;w&R_^`u(*)R!-**TVerscaJ9KhgL(d8wH0rl(cvK5Ifjvb0qaP(^9k#G2 z&Nviv@SjUdE86q z&@{$Emcy=YrqMSzP&CbW-6{=MsJm^apI2cL7KU}$*pt~EaCAkM{>9=rQ@6a25~t?M z#yi@|(n8ZRoSJ4#1Hn^4%r3(BFv=Hz3tr!(!D^mx!H`8^g$?%BIbAGW$i@%gt*9t( zCP#=2w6*M4Ca>f}c@TH|@duFpDg*|L(EwdNvWfq+-%A3`0VKwoCnwsrq9cKWcJrD1 z_zcuvi0Ntg;d@<+0q?ppn^q$)znGtLE}d>hKERuhCURNfTa;fTcOrKnIAQ(KDCyTI zdfA*t2@zwG6+^&_j0*oL3kuUr$$?iNKSsWLpJ*!DZH^CPmI;TV2mjY7O}26b2%4Fp zP&YE$Fd=E)aTF2fIZAMi;`Sh}Aie$hx9h%z$G7L!T^(-^!^;G_fTGBhvlhZ13BqFf z)jr}k#4s(cFg);oSo6;p+V=)|vv$rUz`%T<)770x!sRL9>mHDH-1lgo!1tLlSTRf^ z*c;LT84{u$yg_d<@i~zH&PXWNI$=0+nV;0BnjhncHi)=3<$jHkC%Lck$mmQ%XKyj6 zUVI~W_M9c*vUao|CSlBtOzuT4Cc=lOYWDGiO@TVLS;NdCE(Da4BtGD{;OeI0E)gX< z)^Xh7+z0oJ?WORmjW;8%q7XOWU5RG{K?3#f{JG&@(B?4lIe z;UB&8i7!w|5vOlj$5`?lztmHuH-4_h`SM#M?b<)mFbIDM$trKyieOF3FcvD=hny(3 zxZ3tvm>uDOr_|)T&osZxF)ZA!{Kp{UCXzHK+*?_9-K4s(}zg9M-H8W#_f3Z zXIUDmv^muJ@CKOq`=>kYQZ}K5>DN2MpATaz5zQJ*C=mIAs%s^ za#t5+E04-F=C|rAsQ^qjB}#cf&B9JIN-%S|40N^OoE|WT%-pRJjH&Zk;K)QhF}m@y z+K^hT|GU>pD!1OL*~&yysB0WzC>02Q>A`O&XC0tPSqr7dZUeRssN*_M<0=UO#}-ma zag@S>vBvx5Yq^qLpY1O>aE%va@w70Bc@u=xAq^O;+f?5k!jd8X@tIzx>zQIG7)9LXX}19c@H8CZHNTbqhl|l(0X0`VGGr(&k{EFV@JMpf zZMR9|QZ@^)j~flF$-N2S##rb>s>$t6x?LSVi|`I|QtsOAMyAaV@bW7It}xUHe^^;s z`A#J>AQ~Aj}!-OSuBPoVvWa@xv zzovn>Xfc#4tstl4Sk*66b)E`*^lp;3Qdufz)eIbrHTH@i9qX1Ugf*PGe-@tizhH#| z@PE@ww9^7DKV-LLF*84PBMq91Y%QnLC<-=U!rwrj@crw#yGTciwk6V< z5DL-%CxUizh)^qkE!S?{ytkYzIe|I;Li4rUZyB7ixFW6oC6N}RvvOOW{M|XmnZ3?6 z7-kEO%K{oEAXbV9K?5`dly349FM8JG{R-dRjQ*E~c2wtpEcD<5TKa2ov4i3_#rbsK zswg6$2gy+&mU^Qyb71HHm(@JJcpr|dA0X9f*^zcEOZ^Gq{7dQg({0qq(M0efZlMe3 z*wb&zP=t4#3y4NN>j*yoN_`&;ieYxm^AZmQj-D4QU{;+v zqwDbIE$f?n{Oj{UefJ?yH0F`tEJoW&eRuo`0e~$M<)Zn!WXP?5fjH@#d~=s-LXwV< z7(5}R&D7$q@anhQ`qu_agAnJGM~f`|8k0gdw&m7dK_?Jf?5n*D^wgM1lwdkb%Ab2C z61X*(%2Q$z%KpJ2gx7G|@31Ed-*U)Ot9)0Nan(@!r0i;<{sQGQ^ojo=TNE&slNc|; zR0c7-Vmi?LEcZL%#-8R4#w^E*HeO8v5mKKC*a`5gLZ-`}vMFL{>zf{3TE8&-jA?Gx z976E{8OfaZw_v%dDYE+bxBruYoDaqS5Ufo>86qO~DcPMYlIYXY`KwEiNM$1?yBXPg z)*Y;HIEogW8WFL76$JPvi9pa7h1r7q1{z^_jN@TzrK3qDllXtH* z+|Mp&&U4-CxG@T@5;s1`Yw@klPS*exq*E@a`w*Q~VVW{Ip6yhLe0J>I;rYv5|5|G`Cs`Tiy zt8YF&>@VucNY*e=jw~ZmMUnOAoZhHKQKI^jigHdtp!tdaJ(!A4S;j5#=Fb(gQ=Xx5Oi2RS5pR(S@vzcQ;-Gzq*7-&7O%ElHzm`@;%~Pv zDr}T{j;Wt-6-bZb%L1|2J|0Osc0mu$FW6e5Z#Uv7WVhNTc0u(Fh=z;}M^^GOJ=i)`(1Zb}@ z{1pX(&aia`cf5M2uZetDYLBP!`}9)9tA0MxZ!mlyvrTvVgut5dQ?G}WQZf^R3;WWi zj)qkRm8?r@gF}VwNQkZ+4Xe2tYlGGjyQJGb0t>GnK_p=F)@qz|F~<^%va+pSS^Y~} z)NC2q78Nu+MochUtCy{A<~c%MPdX;-$mC5{sev?WIg&OBzkdn)c?vc-6X53Q*MAZG z2M1rGYF_;Fr7}EbQAru>P@vhMM8>25JkNUv>idCldDzGOy5l!@<;~!-wAt$|xl-;~ z+HoS5^p?Br#|qxy@m*+@RGUFtlUB3sLfWD2ZG|VymVYvr^$vgbIG64wtSQQ$NFvO&qL)k}T`Do$);Z#FR5$?LOM7sO`0%q2B5nr1~KCo=MC2!CjB>_ad8G*a8KIL(*v#6 zZuRG;-I6q2ECFFXlooShfe$uX&Mf3tiWrvo_ebPA(_$wNVqW20c1-qcWdYtPwpr2RNb4nR%MpoP*9tXoJ>WEzgs!bFFbPkPoO5>|`h2n%#NEacaXC=Xcdpt{nt*sss}U5l zIoZg!-o%Ahl8Xs_Szk^q{bE}C8t26bq14#;ZStKP!Tvp1uR=ZE6x#r} zgEmB!6#7AT@3n9dt+a4O8}a4Bh(1nGIdsEGbUIezb+Y+yJ9CA-%=PaP{@CemD)3uf z@vQsnZfXoQ+0qYFb;aDvz&Drbpzyr2gkIA5Hdel`6E67d&suVW;|d7|UmLbII0c-m z{Iy0w$&S%?#_{uer<*_-SWbB|Q#K!1`A(oWE1z~DnRb2VT5?t8#eSE`z!%U$zI>)m zi|XwrKx##hD^%fLb=PsLs}N)fuvgV85U|tc1xcs1lvxg1;2Dle*(sBd50 zm1y8YSnoE=R#h**UNtw>?FQ?$vVLRt7_lp#=lNW9x@gT6F=tIuF<;+jx>y02GsdbQ z?rW4)uo#m-ce2AbV^)5bRI$~Q+<`vKJCFQ{sMC?3IFM!1bTh-GN|4>@c0kchZ1#)7 zFRVt-pz`km^&IEPp)_6kf)0!kvyYFe>P#P3-PPFrH8CKqJ4(Y`R~V5&mD=9Q7~R97 zEg#U}X4U$>gb4qj&HgOaQm_Fu6u)JHmcrz3?up8CJCUhoq~0$%W#672*F4>emW7RH zv`4Ob@fXCzkw1G+6Ui^{O=_HU-<;0=WQZyt_SF1!%*X5Q#(sBUq((m6v?1=B>UK@f z^@Zu=rE4LLI4GtQYgAufHEfjv$x#AxtL~K_2^Ksr6_R5l1!3eM$aVu@3uefq(3KWt z*pR2e?ROeh%~NW}5*_ntFk%O zV=(FBp4f0sez^@F%^^H-jZt6+S9Og3%k^q!6A?kcW_T)~X$iOQaXVAr(9$Zmg|_h6 zzPiP!G{qXwS>-B7Np2aT<2K3CHM-k2nY%$_qmee2^-hudg_RV8VyxsLCn^+iV3ry7 zOC|hp;JhF`Afm6yUNx}ulIc5j?vL0K%y>$sx~labT=Jq%TDfcNFKc!aTSXsJRUJ_+ zM=5iG?d@gZFS?t<;ofdMo>>QPq7+^ILnE41zjHgj)_*6~?u;XDoM4 zF33}ql4Ipn`!yF4BeBRLI7BtYYn&uG-+Nz@^dmAgnAs3!mKjou?;w6h9zF;&Jf@f2wmUKFTb4 zk9rECtQztdNIb0%{whzk;gjQs(4+mEVj)Dn-$fuyMOwx^!nIhTRtywazBGdPUM`WW z=!Pls((V0_i<}~=#|-_vQQ`?^#*oL(ysZpB2G5;#lD6f+DqAyLeO)2oMT@n(aErytxc%pIZQ-4Q&G|Ks!}pzw zL?adv^&Ra2C7qa*w(Rzc;)`MugVvO=Y#-fe6=GGa2MviO*$fwL2(!oCNrL5ZZB3GM z1B&j-L{N4AB@F;&4d$oU^&3^FOJ;#c8F&Y;uts@lq=Rn`-2*Zdpy${WG-?a$T{=%j zBn>k&PqBx5De2z3{mA**AZ_|#3-mHv+^sB+nf7-V*ulcGP50W}^t_P3E@eLSR#!`t zd0AMEnY@wC!Pc+u4qVfo+qTN5P7_V)yFYBcM*%_fo&-oAxsy`|-3!?!nmW}tS0BQG z5~|hvv$E-r6?C99bt5$OyaksYE3X*x=llG~M;P{-KcD*li^SebskJH8PK3>E6> zTt*b$pIf;K=W>r0as`vnY)ajL(IljmdPX;U7bR`*HCYTUxmMmb=4Y3(I53}FFRI%7 zZrC+7wLZ$&F&OPRt(@Fu;J)Vzn=Jxxh;7WOR%^hYQ=Bc~cD2ixSBh>t4DQFt3rU^8 zyy(#5VG|A@ZiPn-9QDU%&1om-GTfjs*oq%LHu%*dOy<6zu}&jVD?R(BPm-A7gC7F2 zk;)d%~bBxX2lNXk7NYA_F$Y zfgh{N4(?dpImOI=?N5UiW0R4OtX%4siNx~!TazEw7n|m1^-g7Xo%*qwAIzHfx!DK|?E^LnL6f;fRsdJhlPD`B|9h`#TbP;W>+{iDj#S@$#6B&Gh^qQw2mIhoCd@u9 zR}!=NDJ*1X;`qY$?6-0Uu2pD1?OS3UNkU`z(;HuPJ2?Nxb5yz9O{P|#%|rfN)_2Rt zJoo6Q;x&Db4bazdra$SD6=`+YmLrfpPxkzLl0W<|qZXkJfz+IzGqS7eFfPv*v z>Ff3g`^^$#%aQp7SV{HiF?V)eQe<$Aw^zj7(3Ay7sMs{UrAPU@LS~NZo~(_o*hU2P zIs*nr!F(U};lh#oGe-l~$Ge;Ba}7JHRw!HEe${JC6YW!mx9Bpd;h?XJoQV zEa)B>?{$?6+Nv)Vu%>^$Y#IAu&C&{y)yI&te!Yf-ePc0am%kDg_ABmWNPm{|p8F)E z4S#q9pP>A}QPsQT8{cK}@4TX9AlC-M-+jF2Uh1%tF*2f)Mu5`0f!G0}@T;hoe}^Az z$RvR6ptGx_seTwL5aE5l7_Gc>ssf0wasfs4-tK(*6=*exO&03PPy6eUL4&}aJ|Ah@ z4D(^g*V2d513s#@!j+r7qSbu64>y2xo10+aGv4z~>`}cZ=WA$*6Hy_M!p$=A0|}>P zHHhW8dVA4OHBdk|FK5Z|I5;d=;eWs-l23yIH|-zb8aM0ZU6KA=Nt{gNQ&${Ke(xS= z#bl~Zm7@dES1eJ&nw-7EFr3-3(Y}8n%}KFR6s>RaBP9Tj4@pC{H55FOH|?jgTpg#E z+uA_;MFMCgNT|l+2F<}%ltU?1E5c;$3!3XR`joIxy|ZY8dD5$chjKA6Za(N&9wtd> z%hhNYL5)v=U;CeD|HSl;+4>ZL$$Is@SH+q$%A!l~VKdMs{QcUa1@}S|>|5}0qI$43 zrDt()W90o@i@L0IfVZ}Kp3w;HrNLt)u+wpW(3m>BXZ%`3eVYvIk$vKO@%1e!`GSpd zqc*{G3klC)X}M?B3j>V%K3cCtNJUa>WTQYqziR%o{z}+_#|QR&Uz&p>8_;d*V+-x& z$NQ`h>AUzd*Fu%SzQ*#vmGwi>n$J(hR^KPSET^{Urs8u4Pr_p51q^yVx%hjn0_;|D zr=al#Pt#0vT8F~p<`}ARtFc%Ly*{0a9hHP>hi=^NkpDrDJ{OO<)d%kg3c=hZTS*TL zhx{Vrhl?Y{y8^j}#e?1cGN-F7cf)M*7ME)idAj=M!i|whF9%z8n#Zo2;Y?S9Wi&x< zgRqSJ$CX1x2tKATFb$a>U%lIvpZ2q3CzzaVy3rVX*~pSKgQ>8K(U@#{dA>i(V5}P& z1a6so(na5Yt)axWx=e8cSV{U6O z=9TT2wncFrYU&Mdanoq%UaJZ=CRk=AMD0w}33)0%9y}&3l+s5TX=8~cyT5^Fzj@>8 z21@;EtI-|R=FxE-)Z0H&w8*L)V`xa(PG3IA4T-om|gtdzd zW-|iP;USTG`JW1e7N6Yt^z?0f+w?zz`ZS-g+jnV@bjrAUc1^{>Rw(VM9m7P$ob?z zSD%*2DJ_Rj^jijPKsMP%v74yME31pN%FcfIQ_o!(l&!YQXw!5Pb%kT2-22NLoa2C8T0V|jI z(`*7$U13iXKx^Gvr^T1y`XhfIccX3RhjK(DSFeesv_x+lu(^2r*cM{TUVv` z)p}j|=kTo2i=MQPd3Qi2lIx!P-j!{^d9Zv#{9V}n;g;J)VS{e7yP&(effxkvdbnrg zwDYdHy@?E(EVATO0lWNYY-p^_FZ!OW!qvoZV3 zLW!WKj4{~nue#i@Y0~zymh*K$h3}@(3+#7|DIc=&r59i0Lvu#Ofy_pcEulvI18by* zk(<-<_bk)&6VFTe=gs}!r<#J7MG+d-8C*wN94BJ(?-wOk-4if4x0k+yS8A40NBGwE zznKClaxd;RJMP0xbIk+uxwGbB$aa5Tuc;j6XX#x*zUE6V4^Q3}pJy?YLag_0y&QOa ztph{i;-+r*jj&XC#raU z=)J%+r{OkSL_-NN*F}tG3Cla!2(an{j6Xu(zLxsm`XMW>fk(vKw+9AFq@UAAp>Uo- z?QeBNT$!an@G9K*5qp~!&x%iQ#74T(sosYNiJ7*Bb<@;X;ADA((c#!e3>&sUhP~$J z8}7%5l`yCH7Ye2#*^_PF76~q-q`!u79^8oA-=<~Eu6&tYeB_Nd{e=ZUNM8(JYb>7@ zowGdixzh=yj>unrzHb6bsKb*9A)EL*mnRS{<#l9dR@PP)JCHL)w8_h}T9cR9T7PaQ zst$kXX=9oXYswE}gUuRLvC0Zx5Zcu)oPpu_jpu#;8nT={ffQ=U!*-}4%bUFBeNQk! z_H4VpCH^QF9wkQG# zj}`OjQZHk#^SbT_aBQ95K0b7pGe+*--&C|ac2&ZBVT8qybcT}n1T{b6)lqKS38pz^uqlW)FlU9Yp3nDW5aU@{fV4EL?BeQW0)*ziF>p9@ z-n3*P)?#tbT)Se;xFk z5Eq6}2vPbvl6x$aY~1q(F-!F>Cuyi2`2R1n1P~*BP`ybo5V^S~og|>JBY5%(O4M^! zB!4c=&`eM#5&&bIoz9vL4zhf$;7uzlvC>%9xB2Qqo1({Y&TTGaUc|VMs=_O|3}wUh ztS#~P^%5m7d}=U$*7`{`Z<<9K#MW}Uc_xL9q*~iy-lffJ{7$>Y@BTsw(tg%>Wqel+ zs3s&9GGuG)PJ4=}KNPLBr;N*SU${Qq)XB&Bv+8^-qyMe{jcnHnOwuCzFqKHFzD~lK zWBn1taa}@@^872!xP>|4bUcZO`(_=Cy`HI(e9)IGNiKTuGEF{U7V^CiWl1aG=F4LN z*MS1YFjgVG{c^R&3o^yN0sVplW&GWHV8b(?HH`fEnBf@msL(`xgf>Y3rZQD*r8ZTJ z>fc-UcvT6uuvjoQ!Y7^x*xb@{QEhyacjzCL-^wL?bEYYa+Q$9Q83abp=qgaQwL2n1 zaU6YhwT-(X-Y%JEXfP5-6d}AaxX}Psf+rUAnAWDXwQA7fq>cR=8#9@4cj;O7}epXtGL~qk;dk9MFOKV(=Q`&hX{&|`rXrltVM$! zL~VM4N=1S?U;__6Zm@rd^P|W39h&+Wq!vK3o|WZ+jm+~XZ~xMD2RC;}@q4NE>4#u7 z=WmJw42t{e`DKmLEaRfLH1BtZ2TsgeP-HI^Ysu_l6L~F1KN>&&PvO?y&yqtG?&%+e zTWj!o^xefAEj!j+XYp(Nv73ae?QR^P3 zV#~hrZ4^|>91zp$*?JcxP;tyxeTNjLYgjr#CDU5h%QY(wDVOmy&|h;<#6p%EFP z3|0}4^Gm^cwueiBgtP6WT}y$c3%==&^3ix~ouzj?M9yUA~0SQO*6~W{Lq|FB8%&taJUCR&H|z5t^48zJA<`bxh#Hq7O^KO zgxYDQ+}{eqCWP!(WIs-OcwRPEyw$;hj9J$^2<>0yx%X|3GcxDtXB1*&PjG*_M4!7L z-w`hOH5XZx@if=140bRt!n)*+4qr9)EaXFQp?A(Zzm(Z6Ne<^Ol*XEUY(USpbgT!g zKU)AC5gW79^XU8~?w%8x8Ko|XtMR=!5y!O)p2%5>1#^3K^Gvap@!@(!+3HnzUuxO} zJ(cL$eSG8ey~JDliM&)~A3J~dNmb0YCx$rHc9))+|7xQnkZ1YTh7&DW9{)1U zzBBc#C`s9%kEA3aZuAm@V_LjLJxiC~;cM&Q$-hfVo;kTZ{#yW6q3$HHwZpk-@`&Gm zWgvGX!b#Du5M|5wGRwR3Qc3qpy|!K(yiZrNZL=Bc)|aQ*SJ+bac6V|cyLjaO{!!Vh z`w}t}txr~Ho72iQIDVidqx0q`gQvEcUkaEO>^7~Tm9N4B(9g;zY33->$1m(#~mPb?Gk)N9E&-0JJEe`bfbkZ!q5!2KKDy$UqGcK0P zwdmwi!$BeGklt+|deJMC1AQcv6p3 zb8(VOc!w#R$gFhhy0Aeuv}#J+a^p038N!IKABKx0wZ3a(I)-s|E4%!c_9C&#%}V!# zf&P%(s(I70@-^vCa+}7_!Crpj`Uy>m9=QBs~8n0Z72PH>sX5r}NOJ z@|*NLuShzto10c@3V;VATp51v2kAITbF!&0GU2D|yB{TuS8Q6Nm7?RV9r%0hIk{H% zMzfo?CuTo)4o?P$n*d8b!TW9HWr^y5$)@7rlhK~drg6=>8M-2a$pngfVL&ww^SpZK(O z1%EDNUN;{PmESY*aUcFB4(YyKiCD8xc1(vq;F$3csp0_WT!|1r5!%e^G_dr3+Cpjz zM*FJ}gx>PRe7CS%)hCJPUgL=Z5jP%9=tqJQ1f>^Tp!>eq3f$sbzSc-c`Ki*ACnSEA ztnU6T$TOepN^|?&vYjcHKy1fDUy&NWcrRLd#d#Riunzqq0-NxsVK|Xy&04hE+9y@(oB(M`zaj{siC+%Ndcq35%H;+d+#rT-(g;T7ZGiXl13+#L;Ia;Y!4of zgxkWv)I#6Mr2$1;F5+@mU)y8lEV5J;JQArFOAYvmXm^jyi@U#egk9VDuqO*6+D6Be z)QfDsmgM}hF|1d#kk!+=4q*0ElO@Xcz^+9Tr^Goff54Hb1^)$=SFUx6Ck&L=awmID z%e9vzo!-~coZHu7+njvAN(i>}G79g5Rtid3y)YDQGFu_^?YGcvF`rnGdecekZ3T3n zc9x!%Kiz&M{;u+`PE&?~@|dg8KShFHA0e}F>B0j&@iZ_-Mx1fXCb<2HHXy1Q$?rV1 z?FyI&Q~$+9hDdq2;AC%@gDEKBFuiAZ=Yz^mFefbyui{c6Gz^+xBef0ci%H5kytO(E z5!bi&FYZRLiG23aWPko))BX$S-$lee%vES2{X#a*O+@ET&GQI;c7r}NkR9MXXWQ5G4A z(X039UTB|<_7OM7+++tMT3neZdq0H`1{L)2Fj4(-4!A;{<>!o_VAf=xe2>C)8kqB` zQ7g!*Z`ly~478#DTYnk-;()%N=ay4F%S<(b4SZfbOI&gsd7YI}ScnUKky;q-s6)%< zuk*X@{m87INq3H#W024#`C8uD7*h!eC+Bq$)lA-?Q3JDg=@Q1;F{#kgW-B&Ms7-^L zs^wC+-nvgw5}!$|C&THuDUBQtTn*!>EYts6-mVjJPB%|6 zRsgle-LdSV7{S^83w)3(TAnKif+v4C%=@#dCeAvHxECc+`aT%+~cFKm*S ziSggbaR>ov(0|s-5gII{tAqL}gv~c(2Mg;CQQ7-k!9Vkncp07L`0%H*gH8Td_M#v^ z$Z&c0ft4gLebc?KVE6LL0ixQ%z;9GG3~UBLc#ZTn9_LRVpFH^>nvtz{S9$ZZS=Y7qsq?>e5siNL^t_!UPW`{Gy$|Nmq~FlZ zA=|ao33J)xVfkv47 zkZX-EsA8iq4_|**apv$LWUuT)PJd=_9GBg-Pt%nwkyJ6zY@Ijq}q2T%#9>5qWX{Oz~Nv8tN5bIWrXAWdWXxm9$UC5TT4dJ z;ocMvvuc9^wgHU!D;y4~zEg2U{OwaahfV5~j&wPh|Ei##5O=J*j!CCkYLtFrM)N$vCJ&=lin;DnHJt`$FStZp z8F#c>b|Ee41Yjn$%#0 z_bxh57UhORUBIXlcnJ|-g-)B*7bJ$Gi?bO=w$VtgBKKP&$&I_Z_4{3$EQFp9E~dmZe$^zeY=*e(C?BBEYxSbSu- zb#3<}p7Mdou4Eh<>!`Z&{zT)Z)hURh?zS(Kg-{QgVcx_L_F6t3bhY?MEVK{diZF+` zEeh}DO<*YY+19F=krbx&g#o;3#Jj?3+#l|2X71BS6fq9oHr!Ys*%}ej)!sDNRkBzu zbAV54r`7OyB9KAMC2B6_kn>ptTW)otgWPv%$OVOQ$~UIPplNon-*)!PXMI|^)i8$V zTyuA&wji4{=lxYN)em(H?%CJ&W%5A1c-Z44>~87ec%jFoYqs?hJK#x74yd1$x{=>~ zlDif{TrDX?pEO-P7S3A95s$p~;w;}kLTe5j#94zD!y1=YFe)xOrLJP1Fv4DKy57|ZY%3y4;dsK111K3S#}p9Kph`u1P!uW-8{NsRmM?$)WX7H4g9ci7k9C(7&X)<@A@ zFkaepnP!ip`qbF%ru$_}1nutGlT!7xf8F+}8msE-$NZH6JqM=ak9xmzmSzqFT3Lmi zOrQtdH!P!P7A-iccND-kK{KFr>MxtpAz~@D)K7rg%)JTZGlIH9qwM|I@RV7pk}5^! zzTd`X8Niub;0*Kd!$bUfI@A0rikrpFPU@=^qy*BIHq%#HiEmPsUbrZ2HYun-X>yr* zewy$xW*;r)jkPnTt6l6HFV^dqD}5Vx$7i)SR(RlhTfVffL68Idsep$I?W{F@uZvwH zhb7>9sd<=dQj}Ki*1@oQ-?W6MDl%EQO%i+$&;Kj#OW>jU`u{OPn{1Um#t3Z^*>|!e z22%>z63JeZlY$ zeAf3lpU*k>&bc%1HzXfB`*6xvHaEJQUH|@Sdh*lXD$VRR8CqGy$4{JNroQ>APK4b; zV20K3Ef-7PND5iy3+v1;DneC5b(yc(8zW4%gAaa}ahG2^RQjEazg(3vf8mBz^WNbT z<+B&^ZstSnqjY5W4pZFS$#aJ@ANt%LYU3S2X|%A{i1Ec_U2>d%usOtGr$b4;)Ua%{ z9Vc(Oq{YZZ-KDY1dlzyNv>Rx%H)@1<2wCqt&ZV_;(77NOerJx?uTH0Yvku>8e!hfzHsLfyWOy3Rs-> zKRU@i)^)+)`oqw|@jU`&J5FEMnJGyLnC**^TCz!(lhI{J>&V%8Z(Gd<<+_m1p)sTT zbq+|OW9p#u#<-i))kH2j~KiSJ%cwbzIbmaKL z^gX|mOda8Nn?w)mkCnaQ%}%f4%VAH+(3^Ilw>)8`T-$i$ouoi^Z+JoJCFLRaO;KZ2 za>FkMqeN!PAI%@n*^^t8Hq|Z_3XY@&7e=!BH0wYE2QHahPjbn=&R_C165ouU9tz>5 zw6%85Hvuovp^%H~-V_HalZ*og7F5--)Q#17H!tJ~x^i@P7RXp!neyrpqrUhe*h>9T z=ec|V%C}yLFGRgdO+OVDG`TpQb-aSV*<+2IfHJyrvwFOLIyr{rz4e}B3z4)JJ%s9r z!=dRNCIyr$`q+H6PH_w9I4)s$xiIFPopyszyp&!W_XT^=p_;7W(BxAmPST{9KAOcY z6q*|D_iwg3?Q0gBWE_+6@bXG>_@^|QvEcj|3#+#LTR@1^JmpVxr-fj zCOGk-#KiJF6j8h8-?xw6T<9%_9vtY5RCrk+YHe@)MPFqx^m2%Kh=R~;GPC|%;loKT zRsH40zP^Z!pA+*!`O@~}?F z$IvT$UEH-ZI~5W;KAj5{(;Ks|J}&N`Gvt4~=45G&mi)}2eItP*6CDK)ifaf5F$Xdk z>I$;2#<0}cJe+}XEW_6kt6OPfO;VWNzDOH%*rXd$@d%F@Ik5Xq*9@^%@u7zzpJt9* zT5LYI-73uqFPic!)#tUYBC+xZ-N#tyW|B#kF$H&W%KbYr(fFw3L8 zQN4R5HyN)OWiV;_#fl^T`1TEI>BI8$gR$`(-+O63yNNILZbKTku?DosZnAe^ zW@opUW8IgsC&KTcyehK|C!R}2w~0~)_kAgUb23=&!ZYSeHTiqy$r~EvVrR>Rlk2ZM zUuk2YH#psw>+tC&D&BEPwMw6vUV?X}a5BocsGrKpBWaSLG zKsd|y&WnyKueZgYY0o{?S(gKiJfDb5d+U%=vss|M$$V3;lwOs&0b|BQq{!68GKJYm zwlUpTXUeLY$)91*w`T4vrvTUVe%j<2=bY;uSYA4DloRvHF=QP7e9i7z=Y}Ji8LE$4 z?=YDPC4(^{&v0}OAdHc)>va)VXYl;9h^vI>6s6&ZxM-WC_^~)|$e3b5--%~TYWZn2 z@t|A7!+`wKhPvs#+|EwTZI62k?-rbX-3B#^xvuE>I~@)dwoGwM-KInIz$Kx^`VsD7 zehjwlfuPiRTtE$LS%f(|(Lu?luQWN94i%W*%bR|rcEqN+J-UM0TJLLYI%#LxoJ3JF z*XDfL(7tyA%_9@K63mc!&g(ZJ_H~K_sjmxMD;JcF1AF^6hjk#IUU7Ij664BK152}9 zz5R`AKknW_A8b-AC`$@{ch_x;eXm|Fk6dQ<*6aDB6*Cpx`rxyD=chEjrdGsls)gUFTa5vvHV>Tf}V`g&t@F=pGj<41e$Te=#=+_>l3FRBe)X#{hIAsu{t)BW$ z{btS?+DVpe@r{KzWyiA%+<0F53t7mKOhxT8euw;3Rys8LMIvYCKVOxQtPtm2Hcm_{ zNawYHqR4fzct^L<6qj8U-H93ood>XnRVd@+jxlVK)gzwGt)zSmksr{;EQ4LzR&_;)uXYd73~im#-&@Zy&6796~W!{`iWAr z->p1&G9);Da$B7YY&g8M1M~0zWkox5l)}+qrD(Q%hw|r>c3x2I7 zvvwIeqmqLixLIm<>JgLpbW?L}w?&a=QBksj)3p5Jw32}kR<(AdC5`cc&7v%JEo@#Xf)?EGU|6>~+T~yU zx^qA6$rTH$9@9#rk*`tMVfXjj^7Ib5wC;LmH~ql0@J2CV#jk2R z7@+R0wHbsv6LS_2xHSQOM(dUoxHXY;`}+IPbc&wLTFxru6yM3Kx{8@zf+pH+RgO;; zbNr;fzbo`Sw)~;f=v@AzjEvdo_Y(tGoh8~I+3azj=e;M9o!!dpUa6-VF;Y!o)E0xs2RoFN$Ne% z&n+bDp`kgr_`vuhyGzX4C1C~sQepi`a88F~EJx?X`(|T~x~aEPdOACM25S37p+(2T zp3k53XXle88((>5vEqQGVA2--y_XZSq@G@uEMqcIT(GN+3fv)M%2WWH&_w+VVz*NXZTg-I>q9`YZ6MDgI%h zl9!{RrenA=^o7Srnk_UwQIZX%9{)+Ax-H4;4i#GGT5zXb_4_2RQ(b3~8Znd1v%@3p zTsHK9-SS!nPl+i-1c#+thDlwjvyb>e%0Tj0YL}b&9AnV_PEmxj?UILgeZ7&!<-VRk z^p?Q#;8lTb^nVE)ypiUqvYtS<`Q2=+-sd!9Xh!l#w1x;_WpOr_jNhc^zr9edh13Y= zQ9~uD*g|4d6|KEMcQxnDA&Z#27QOP%z`-b6LeTR9hho&^(~eKuQ$(;?`eZPa^i$}v zS+?@)#)!7gN@PtZ!(q22t>NlyZu*?#H(PoeRj;13x3_CshMj5XB;jjX1;O%I_ zlQ%6%rbl@%a=NY)L8WXq@ZG3fz@|RKg7>LIBe>`i?k~PZ{ zql>>z>{y!Mo1o>Qlf?f z*;sO)B7)u0FJnW=9SJCF21EzXhQL)ER!{QJ3kXgr@%_RN4=I@c@c8PLr#cUPJ6Q~X zXXQ}<2nfow&>8W2)KKS0w>&=ABza_#pe5h0b%CyuV{NAO2cCi9g?<@Ue>x7}HDOrA zgVu)ix7zn35%>fG-qnXKjAFvCCeQ<0tv}D=N{*NC;31g{TW2VNz{5Q=$#)eI`PDi3 z*OV03^aWFcFeO23-=^fhto`qmL;pZKJb%GFgHc|6*5HP-`6`aT!q^D%6}{@|>QhW# zc=)H3w)_AL1m}0_d}C$d*xg51IQyC;*Y5v+#_{`?1pr`w1%^g$-Pw*buQLS@qe$%l zcz&yAurJWMqeO_*`{(KVqwA}csgi?l{X9jQf5im}2r0(!RDh6+s{cWtzljrqhxA_! z^jBEiCHqWSz2SuUSL<(opz!xe4IxzkNui#fQe$=UBF(>+JH+U(S-Ord$TYkI){sh$ z3-Cy-J`4(13~vtT7uR8SjNiIxhcvHKsF8?%EigX>`kOeRZ_Dvr#s6-g>&BUI2l@q< z`lOO-j*T!-KhE7@9M?kOxg3z4`F`39YoCr~fHfvadi}yn0;l?~S%);QmPTl8g|8$S z{dK)t#}{~UA=DR)8@zU|t{DrB>v|4zW8gBfmUU}Mhk@2FFGxf`E!F>7pudR|`fg$W zBZ001%lz^1s~B$>ryq8DmSFY#0L@l6CBfSU3$UWDmT7oB3R-`Yp$u|kowX5Z{;>ie zX#^Ynb@lq*7wE5T=f^<8t^xDYQu;mn_uLq`j{KT+Nb?VS45Yds0e!ddu2vW5e--HW zo_`l7^xdA}cY%J#zRE2Vvm0!8WPZsyI6KE2O+l)H%9xE^d!P(X49;~&6e6hkb*gJ# z`(?s_OM{PrH0v*R>uYCCHbHh^8{wf^eUckq>u$4sD@V}UmK`b6r0Z70NN=gP0U zBSg!uiI)IxfPdVS66$~A`b+Qcv{xZBLG!1@lm~3J*V}%B{r!4*iip!fKVMb(-(J7O z{9D@pUO6;kiCjAT#&^Qz9>L+eL|q3*WEoxEAj7&=H^_!D3dS7%2`jxrIH4cwqe@I3 ze1!^qNsa)^Qd5%k+LoFz+omUg?w8F$i!tJ#MfkOo9r}Rh` z^KS%2J#R{Bf7UD@R__hYoVT1osMWwm@$8T~W<^Z$swq3kmf%Fo-!QE^T9;<1(^8v-{)M#X~&HwIghl3Nk#=ZpfN!+V}6 zaG_cNMgSv(T)f}I%JKWt!PE7}q5b{MhyFm>pEgzy;a&nk%@5nz)X|2gq4p+Mqjog+ z*so}b>tUysx^ZpG$p{(UwERH*nsOR6cq7G+4`sSSyTRqE z5gUU~?Y&W=GYzqGohe@%jGjs{zaB|}9NU-2KfG^JoXw%}?|fvN6(SXx7C+l}wWz%) zBX)f1L+$=Cu8Tsn?z2-f?K@edF7J{$XnfF|537jDFDGi=~H3mnx)G}u z_dqft8tdQCU;uu1>*20_{{GlzF}u;1&aF$fmnCCr`?uXJ?fw!vM)`80E-$%Xb=OR& z#Y#@ehozi(+0)B?kjt!8yiMb-I7b7chVrFW=SlafvE`8{(V?#yQp>H2vxA|Yr4y64 z7^%k6n#;kjgBMu757`F2?7PLtqxkajyL0i&j)jn8+sI7BMTa(ViQDDF?PlUTZ0h=A zC71J;;u)>pDLy_P8a*ZC_-_9|pI~a?HG`ajMl)Wt85YZuM`r9pCKoTG@W$}0Km`w@ z?=7+oN8GE;)HMYvZjsUYkX?Ucc=XLZf%2uWxFb~Oxn)(&UWEssTOfJUjEy{Ts%I4< z0?-}u{e#nUZ>O zpHZ_^aP50jX*C5Eu8f%sO?0HX+mzIhj?dFQ61Da|g4$K1jM=)D znEvM`1tJA%d@cjrK@B_4Y@|S>MvW&`64U(l-a~{O>Z0RQ4CC_zCX8M&gMJSNyfBb3 zt?pjyIFEEBFyO&S@<7vSYS3}*91Hjx&Zh|Uf^HdV{14sVchK~Ai*PDsN%lmTE!8hu4J0_mEt;8nsql3&nWO*U@8x8^}`0EMVA|7Q%w zr?$mcjK@2kUl4^oivHwVQxW`@+pRbU4F!^vn|@YSeo~yt;G{{zXKSeta~m^HRK(Be zEm=H%OgV0wtvD`d5VfyvPX+ChjmOgYloyH9&Ta4C*hZSu9HyXh;}w@O#kJajFbtW@ zF#Z^g$GusR-QKeGi_F0uvD_q9L1pZN5pN&7t`|-W42i`bjoa&4FUm=MM{Y1Gh`S0h zBJIQn36pj-1jy@Bx;Zljc~!BGW94YyWk~nNa^;KF^IdG z-PS;k##@AR#zHBM&$AfXsx04s@J5QES(AmEusoXIv-sLpzPSt1u+`o za$O}iFq-%ZX=e1Ba5=-S8<;bA3g!+dK;DYd?K)FXMGgD7tsG5($VXcV)|$5(RGvz7 z15_=!?A{-lNp=Zg-bBh#_E32bGLvi;#%M&zbrE}F9^)yFbp^=VQ@U+t4x*@I&v28Y z=@TK9v{gb&cox@fRemy{UK}P(B#n+%YukM-blyMK=?j4NQUo_*X*j)q;7bhnjK zoV;go;#TE^L8_J~?A|+ANMZyr)bVnLjW;mnmnb6J0_6QD-A*tC4ZblV*&7;A7E9W6 zAeLtY1!BOkkhlwD-XzF%QF%g`xJwlKdIID_DBTp9gDT##AM}=^(Gw*-a6t)u3_Scu zseJnr)m$07w*U)CJdnCyN~fg}$8(4bC=z8MNf*WhCdnD@@WjktB5eeE?)kauG6!)t zQr9oY(s+tq<8zab^CRPPOBkeId>>@i$OryjLH>F*@&)ujax}rBWLi#2ahm1QH@7LD z9-_Z8!R~#G1;ra*Ez6V!c-0i32G$ia{d>unc93zUJNbaR@u~F`!8uvxGYHeUH_qKG*1&Bfm;+#k} zKD818lo?5A0nIn2HI$u(=(UuP4i31(SXfJ`hsstS5%)8b$5Al~$5E>)n{|09U?lCf zM3#8n-zQ+Zi6gG0eq2nR##8t+7R>7BPrdGo3)t49!%5y0%iIJ`(F>bVdt+HpjOtq(}~PfnrV$?%*1CRLRmK1DKbwcTLJ8u6n^naC3;p4G^NTP6`AT?shH^ z$kY_`=K&5=<2e>|tF-YJpiS4zb-)Df>Y6$P_+AW{U?dNt-X#Fp@E7MU0m8j*P|3-h zY)BczaTqnd+7pQMpp`*S%#onE#x0UJF%!uQ54g62$hJtX00LU0@Br;KV&Hp1cQ@$i zsJsoF8ow%txM7L7(F*Gq3r94|as4GensBrS$3M6!V6M?JBVvy-^R+Z0Aa-xB^ta|M zc_grG8WFVCu8!RUF#P60W3bO(0lANo!&VE^2*I5J#)&^*V6Q+Z!5|dj1AKr%S|T|N z_*k6c4M#kr{1RqAfIS9`c1@P8Pe8x#;#U{ii`a-D*ieCOxMtBI2EQj7YkXjX;soo# z2r*=eShv=Kt^cTKmHqis*jcF9@g^)xpnf3k5rn(i5KVSjaM*5n+DN3Gsj%=W$B*iT z;}DKpkqC!^8WMiVDN*#7wkRd&^Fj6xiuc}!mV{Oo%h$tMS6Z2f7Z&^}*agr&FoaA8+1TqE~T5JuN%9Kv# z3INP596y5MHxcOHkol7$(C=OQlV*Nv1zH0wn+O4I!+0_PZNDo58ZiReW&|`Hq8J!7 z5(MWR2+n^%1cJxrzi;NZRv>uR{DEjh2$+H71;MEG-~eWLniv=}kk$aRNW@A%MiRyh zlxhGoA_6}D{>L(ZQUv>OJqOAd-LI8~f0gVQcxl^13gGP#g#z_DTBs37& zh~WI6ia`GxGrzS0?f+BJ=z!H8n7LM#1TfoyV3y4`kqj`~0OqC}c0WiofSF7W4q&z! z%uSLQAOigxGXIWh}Ql(v}PHQj7=ovO^j1 zQf(9LrM)H`SZ**9SQH%`*l5E4OGK0y>8I_2<^PU=lE3k>#sj6aU3`ep|BQhCzgYdt zC?rb!eXMS*9NyR{Y5%~oB(;0xN05Rm_&!Oq*d!0bc=C;uXVEcCsw)g4%Uhbf}zKO~Zh5e1tNZNDd=AG-)HO)NuXLDO`Qr%z^5^#p?TCW7V>f|xyvpBr;z zfER(K8fJl%Fhc~MSpts}!FnO0I?e!5J&}&6rf5M_Z~1Jy<@EtB%%&U!5OQ4v5D$V} z2|>B z-*#6xkET(7jHBVyJsj=|6I2N}8Xh1mC(4=m_(VLr+3nqEWqM{aG)(~L;REhmLwVl? z?!0i5uL16KN%xqhC~(4T#5f?6RmxX?2S+1;Fhbrj1kQS`TP0o6w1KX9kwM&TAW&u{ zW-Bl^C^136VN!A$6@udXfW2Wm4Hh`yCc;Ubjd&jh3j``12LfO?(+Cl26M%Vy03+Xw z0MlcE07IRFh|#wjK@`XOZ_BqLoxPTx#b?#dM~+a1RrB1+Vj&3@NxYCFXLu+{p!PD% z_o|iBtupeha69|KyEw*kVx+tAM}IGLD{CpoVtO(ka@;psmEYr3B&Dz5dC`7pBxQnW zDdfY4B8wGg2}nX~Me~E#^d|=ii6<+LCwH_@rmiG~w??Tok4o7LqgIaV$FM3UP3cFS zvvUAn4Shuve1Giny!n??53=UYuQX3SO>ewffGe7A4xZ00{c>TY{p3E)b9>J=iXU}Y z2yOUU2Y-aM)VV^gu7V<^BO)TAATr!`R$E&`Kk2kG5s}?f*?p)0WlFeBXov|Liy|WG z-4xnohhl@OF18EOEp6Y@e2b?lC)`xNM(OhDM72W<`D#s6SC!FZ#ALZoQWsUFVjJ{w zmNWHTX-1TZDw%p@I#7}B?wgM_w{^5K61B>4gwzBvW;zGo7fg@so>6*wZxEZTS{fLB z|EQIP>rTlBfuF7jgePp>x#zB`^9Qcdi+aV1@1^f_mLHUCyaqp_8<`x)q&vWaQKh zRlm_a?>xXb=ChCC*@4dulH$F`7ZU#?36eoS}dME*2Pgi~9|i&6~;VmRs=@%58u-_U&$gftPOe7ThmfU%LfzOo{RAgB&VbN2V8uI@(dTJD2(o z(s8p>L08$9Z7M7h6VpgNJm#jP=N!`>`aNgy(JNGPejHkJ%Ph)GjvFetU3?=%mL$IP zw2voI{kzS{Uk>K%h1`@Y!`-FI!GG%FXYwqE`f?4*xoKuJ_|FY$etb^x(x9v#f45fi zA-|LJ@r|kZC!ljLKI*V@i@&xDt}U`B(?rc)8a3EDlO@@iSl7nB>y>E%=kS@W`>r-W zX=4k%BvA1d#c1L|85l%suBD-K+4!lk*Zn%Dyt9$hDGolH8TRDdc)CM`^V9vq4lnT& zbGs5t%6Iwj)R@^FJ~v*>GwU(^+$Z*0Th5ATO%)cSBUaaerQs%9xBdQM%`>(Xf2r<#riuNUZWPfx)zY~l8* zs34+K_u0s+RO=O>s;t2ca*HzCb?3YMAofkmOcpQ9%ALup7@|(?_D*!OiOMKRmbUTo zt1^@=@=rc@-$QH*>vHtV(rNTpYXkcKHE!5dW#%X(DLkLv;5uB zvh$zydZKN2Hn_W;!H0JcgCeTc zr6ZyTRpi@0SGQLb!QB*$p~)VoE$lGoT4gzlBI5YQ23}o>Kki3`D(ypILg&Bn{#9{^ ze$wh@j|vU&K+%PYT}M$P9$~Mem`F}JhFXGGq`?Qg5i@p05gA-GvBdKpfd8ti5R=fM z{wi}92k)3C5fc&Z0cCC556&EO3+=j&Vu3Z?xdAk@xregcKyf3%CU!HO+6ANxNr{MP Ue~{YZ5o&S+#YuMhI#5XTe~I|bCjbBd delta 208878 zcmY(p1yGz@6D$ zkMxmOI^}6dP&G2GKp0eCz>fBpvu4AqQ1aQ+)r_Cj+74SrliYW1@~ug=vN$j`lN$DU z5IF=YHT>wV-_As95sa8_b6ckjMI@c9GIu@+tRrbNcHbj0Ph7F9p|t+;-$h4RPD_>h zLStI^;`#y`_dygH-uX|eF(ja051x6+2_s=9N94^}5@PTp#Bh920uo?jvNQ6Sw;*oC zid#s+kmcIyYkgdH|B}9>mI1GS^t16*9V~5tf}ViEdbZ(8kB_fe-U8$#tssY@+hjZu zfk}5RAYVE73{@I+(!34~pv4o+)E5Pbn``Q!PWiP*r2K9}o*-W%PQluIu!>!|T)IL2 zf7H|f_hA?s`5#3g_ZGr1lR@YK~|W{lYeXEFZSG9ZW7FHjTf3`3Y-94=n+uHrUj<+%QQ9fHr9=ohxndX0M@N8wc>ihyM zud?u4FS!E0$4&ce1{a+56IUPWmVPoB+lfAwyI~fjrS_XLbgWDpKJCZ@7(EPhbPTMw zWb3td`fJ~rIIxpKU)q;g7%P!85UaBF8eAS$TbNF;Cy;X@LWjHVw{PWvwHX-KsawHw zcZk=6s^bTFU>x2Tf<326weEQp+YPuSR%Y3q@_-F<-u z?1gN~JL`#A{;>gf{ZU7!oLTl9JGS4?4`gfCTCcDb*@=5K(|de@w)Z&s=&2v~-X6v` zYT0`p8Gp50BXf8B8FaXvu75f=O*kK%y?l~2pV&zJ-GjCK8jt+gKdK>z{2O?=XlZ>p zReo5#lV#Ab-;Fewb<~Y~Yw`V-vf3GYt#CdTZHXM&1q3`f>uF>d()lh=Z)T{TH@alv zQ(f8!+Iu&mYrE`}%4Igl85(J;H@V2K4sApePwG7N-%o(t%aP9;krzAax|WNy&D;N| zV!v8od%M86qLwlSG%)68Oas}2w&rJKDn3CaK0*F&XEp6Aj*S`rUT!^VQyZk- zk{)BrzW%Y|sF`kmRCv<%7dz!YSKF7Wi~`P8)P>KH_}2;B+j*}U*Yc<~v3XBAnJ#x3 z^zP=cVLk6w#V;6pB!Dh2yP_05{N>jZ-%XO99&ukF^ci^7n>e@T=U?}HY`?j7{$1AL z=qnJq!P63XyMm3~ZpIn?{Hpd!l)27!`Q&!#R>HZr=zq5Fy*_bNotZOL<>n;p1!8d(pJ*aIPb2PJ4207a=`7?30}t(~PHTo151hc2H6z;|V|M8`3> zq9!5Q7yw>p5jW{-=|gr1(dU{sY54k0#YftrbMo{IoNHSnL3zbTTUmL5EtPT=hM|qV zc9{=mYM4({pt*Bd(48|dy?%LDJWOt@aTm8Al1wb~ddkr3QD*UECaV1k$J9J{D?E1% z^OH>?-B*2Py`YJwR=P!wShfnt?)k~~M4i#b3S5sA>dZ~EJjZFjkC{TIe+YtO|p>f}^+cEIvCK!5&j)T9M|i%Q__a?zlYkG4M1i{Ha}Dyh$kHe|@B-J62L&e2r$16p zQ90`%c8X#^32{njRQ}lGd`uA*g%A|WRjjgt~NxhK6&Tp-SIZxdS_gE*gV8A(IyjZ8+JFkK5xFBWI);vc-C|2 zOea>ziq}IEls+Jiw{-3@tZr%$f87|u57a#2POsf`dyar-O!|hQ;p8}{rdur&8AxTP z*;mq(oONEFFqO||xG#t_zQU5aoDJCS5sX=F$ignQ`|*Z`f)^|dUSJKzPB2`bsljL$ zFPc_~cbwOr+KN@-h*r6OupGqs_oOJ&-DT28X?)okM+%n|O;H%m8z>R}A%a&oF5_H^ zX;c~vhn4y@98L{S7`dqz(=vpi^|)d?xvU|wm))8YJ8o&$MYnqEfB%f&1Zr3f;72(hgVs!`t+TOu#9gS#${%0{qodQ-oSYgxZp?e$j^i92*5^ zB|)Stw%ugSeE*^T7_4VV7adgj-M1(sd2cp8jln)M5Zv#mNy82 z+1V8r0(#;X8Z-{iv>}+gW#Wkav(FRlxZX<^mKNreo89Cmx(k9 zF^e_Ab?vqrV!<9{af458qyG1#)QwM^j++6BUkLV{Zi3nf#!lEMd=uU0Wvn-|k3bmj zmu2gPC}dRXXQduB_7VG8&aDj7@*2i8ILs+iYR9Mh%x{c+0^qb%SP@?R^%UfO*$Nm= zw$(c>xmJS>tP&QI727h06#O9b$(Ib?hvZ-BCa3o&E(q%Js&L>KERZWy50#xlUmD9GafoO6}{cg7nsypjQj{8TGZTZx?kWGN0Ah%Hf`wt}ljK;`8a1@hZ} za1OW+L>YKXhc$eMa{$6Snjt?sGb`bvkr+b8jTyb!H5~$JTE^~h_Dw&C5iJGaEnhJd zt`z@0h?b~M0RLtYqf|jJg&u)>5T(C-CjA#1!8;o&q{iI+g4~e5D4Y)v&c*TuDX_ky zaQ+_@mg4eEmy3JbT@li{sd%ZZ&Dw=LS|O74Jn4L)oq}pAm{G+zKd@f2s*qh6gjhGF zNYMy=6sq`u)b{3p(mTxg7NSZ)a9s*`%^qc(f zyuStxEo720a3D8L=L4K5ObQ0#(U-l=!|&OYR$?7#(>?Q)v?C?pKgCagIc&^DP_yI@ zjRqJ6?NL@?5i13%RIZbC?A$Hq6P}_0=h%EJiEZlE#7+Vz=p>Q2UwE%Gb%WBWpF`w0 z7iiu?g!}UCD;hcGw{&>*Y@+55VD0MOWLxK~Po(L30V1F21_jWR`31gNr55thZHm0% zx0{G`HR!>ze>Tx!K)2-u)bw%u$c&|1XtY1J>gMDGwP28THJN+Ld>%)TG%^h{H06R~ z6~*}Hd>>22{gwSON-V)kPP&uXkUT~yCXLP6AMDp)w_Y8*;`jjhN0oXp3c9Sq*tEd= z(c49G`V5|qs5E7ov0@~F&)r59`SsmzMzKA4;$Vc)lwO0 zH{>e@Ymmo<)R)#kxDQndTJcIw7B&Wtfb$j>Rd5u_Ge^%C{&HH47m`kS-m-iZTz#MI z`Vc>~?OM|&EPUA(|MtSH8RMPTI9+@D;<)e(+o`_1_{>02{rtL2G$w9JbYPH>q$wpR{x2$#kph1VOfHh6zYB(dq&zZEjN}U>_kEGniR0f0 ze^y@5-iD#Ap!zNS@_PI8^SJVdVJNvgi$BQxV(lGXbTKu}YI1^CoZ9ZvTJ81>s1*w$ zSeYT8tF3AmDhlUePqB!lFkK~-g9#I9Ph|7pd8t*Ggva~ z0-TG4_u_-eMyTeZt4jAm%`6(7joFom#6?dZQ%Ryt^VMmGl+vKa zFy_vZRAPPdl|i(x%@=7>BpKVj`{KjA%l2&0T;2vvaDe|~uu$grz+XRlZ-%e(ok4;X z?l}kU90*Q7y^Mhkr7^x$Bl=%6WVAat9h3vi!AIdnGnCvRPRUfgVK^YPh5;wewZo-kf4blVb7%_eF9@$gOmoM z$^=q{$)HTqsiQ(i4;Wqe21uf-Ve z3RI~b=pV6t`uv-7!N-826SoqQ+OJkfyVdU^>18+%N+*}JywZm)^>rO+sCqRx<9%XA+69S3HT zb1UdTS+E`k5>7cwrMbk~2ObPq<9@TKy4TH#wDHuqtLE+|D8Y^Kyb|{FB0pWj1@XEm zthBKPyPoAXI>8iW@j|b7eD5dk?I$Jr$dX_jBic_7H1JcUfy2psT%$fE_)C)Qk@K^7 z^}o5=9-pw-%NJ#3@Gw&fC6IY1auqz!`ANf%sb+?b$~QN=S|MS8rr~ggrpyRai=Uk) zJYz1{TdavA(qk!gO+ay7sTH}N5fkc~OgyFcJ1d?JVzLh@&%02Ii28+SAdbC{Kp&U+Rk-F3!|09npqG8IrJi7nL;|elK z!RJ*7d5Eh@)B}3k3S8mKrz2e#;U;&^J9fz9Ku9GZf8+FvDbO*8(H)k0ak>IOlAutd zY}z$PePboqlTeYRwV7>gj#(^U_1FyZlHXkPjqUn*#O~UDZ|Dx;0+c?wRK7H_DwLdX zO#Rk}N`X0-<%Z2q{&39I8t`v<(n%0h`C)i#TFB4PtN=e#U!zWIhCSQdx^UXrBt~&Z zAj>*o;?WsS>KP*IH!y<;cg_p$Z%gnW%z>Z4AWg3wLLq(;xCxMi{3u2&0rRe>rPB7?Do(Bk zdbxMJ)v~#L?KrV;Mt#JgaT{z8@3jZA)NcVhzZ1|{r8&X`3?=p9qrjvm%InC6E<9_> zR5tz~{-cT-EoYH0VKulzq9?4+T+|x_l1wSlH9{;bOxKKx3rtZtuX5=zlC-LuLV3GU zZaF8U!iPrs>LT&A{&DWhaA!H&bZ|OA=A$RID&b$`9U|tJzgw#OA4?sAipn#1S|L40 zJ;)~2=J(I?lz$J$kLnahS^#FLU}xQPY3f;ZmM%mj2utqXUUn8!6^LvLbq={Ce;a9XvP_J7qhoUP!$0ge%7j}VE4<`deca@}5^UTP27ER`9 zu{JQ#EWy3%GxFevc#{C;73tnQ)db0z6F+WdaA-^v*V4F(w`ct~L)F}{hc%q~f+m~a zOZipLC0RymD`gn$K6nsd>P|xx>;0FRh?5vC zTY^}d-u627UP6TCKWm&<7n}iBVrd+|46#bw3j|}NCKare@ay84`{keDIMX7lyeg6O zND#Py-PfUE=7h0q#EYNXFbcdakGlb%!L#}n*fTr^KMC}Z_+b#6X@uaYw;Zy zu@H;n3+BzTyZGVv?K7U-65c1VOM{Yb@HSmXw*Vv zw$B%2ctvq6v@-`iE{ZEWfA#K7Ag1lsLus@Au6OTDX>CrIKh={zA5@Y=Bs{}ZY*^&Z zQw?DgHJv1wval^QPw@kiYHL|8HI7r+&t<=Jn%S}p`!7U_?%CUaxG%C6*^{&R#QiaH zs-LH;*x>-^OhU3tlH5u^&u~Um31~O3srE0R2s|A{gs^WDaNw2dhow*WVGDDWpxjfp zA$-8QS0{Bxdgm)DrF`T8m6x~j@f-{CGAY95Qv$BgvNfhA-w)%YJvC@1omlP`EEPSE z0O?q2T6qCgQ-ROy7gZHp^XiVOCNa?Vql6>9j_}?<^G)>{d~=8_kwgWIR@DuW=dM?D z-pS!KI5r}oeMt~ftNEc{WC&7g$TT=r<2rRXf#E7^sQdGkoS_76+A{suc$g9Xrf%Bz z+d}^lt=RfN5ty|aT%ND*PBbcqNXYDJuNM-1Uc_jpa#m8g8?n$|#_dajS;+7c7;b{y z)^vk!%(O3R4cF{j)&b{I<`~_GZn8f7fyfrYfas}0(>33Fe-JG{>)`4!0+K;hRY)SZ zhx~}hqo~o$T^PH*@;Pn~$v?8L6L4cY-xT+FJ4?jaXT-zX%FhF@{>0Y%k&rhsE3A;i z+{9x4+YeKLi&FGCE+bn4D~lRN01wYk`oC5O6Lc_it3E4R@4KZtQ}OV=9&fRnvLD=L z-e0*Hc8U7?MFQ2Y99 zf}`wZPI*=9Tz$qY+g7HnMtc*eu+iGwT7tMK?5Cj(Q4WVW{Q;O>>fAju-{^|GJX@#f z^upd-@1Q>4VE=P=MK7C4y=xiq+iB?nB2-K+0e$H0h@yesk>6(F>-)98P6?AM-05{^ zb$JHL(uK|~>+}+ZnVRY)k1iG?)Rhty(E#&42>+#MHqs*=;@DPT6%S32sm@0CL>t;j z8U)NL6vgUD&YVrT6+>B|l(M%KE;RU1)2_jy8M(30c^h>VCDc1t_B01RI+}P5EF2v~ zeL~t!=^R#4kSUshO!I39390EcZ?d;anq3M(8PD%gaTFh=Z1eoIOG!-I?YlMvk)LP= zC}$6;9si{LUfxyQb0}=XMzt=^eZ(k1_Xe=iKJA15_lj)AV zH_$;%wZU$`W3k_1fma-~jEezToT#vf9DeHY8I+%PZo0y<&o~+``JWFW*93B1oGtzu z_@~&ZQRcoFnt|%KS@l zXBHnrp>Kxs86#J}0A1jc{8SQr_5`^a6bb3n2@^_Gp0>iGZcDIIbjj zq^=EV*xk+v^p`Qi#tKeV%|&BHOyt32CQDtS^2E(8GN_ItRZdRkQu6gi7*h5u=jU<- z^t9LNPjs+M6L$29zJDlXOx405m=(n=K>#Yj(5n_~krf%OS+cjDwU?0t|1pjk1bR;h zx8!j-4A@#)|mz{22yEQ)GRaZX)OuZ)u)p zY@Mr~Fu|CJGkuNiQ(`e{UK!yqy_8{wrO}2?A}IQA^zeqRD_gG_Dduo-#q}<(F9Q*F zs;Yj|64;ekLS>20{9&?_&;j2flZuTPqOtO z9~iaR{*LKUH{DED{|rkwQkb_ux$3*K05hy;(xr13JGe?_Cp<0It`vh~z*A;5aDHIK zo=ur1^KoaZog?!X-_5dSQBWuQy0XQZ&Z*zUJVs-FjY=lm>;hZIkUt~U5V5@L);+_{ zkrJ+7B|Xr3+kd-O&1i8z`zE~ zSNONCBeg4Vp@(yy@F5_1upyBpw9o&f8Z@&!u|f+BoA6iIlb{efa3oOAq|595{?W1Eg?yBl3xQ1C6S zL;3I!)RL|nGCT8>a0OmKfAt(U2#F&+5Sb7r*33_aq@E8Ufr}E**nv<~PyqZ_e6N~p zknptMu^%12Gug9x1J<_MFUVf%zA}_@qk?{6_I_X_|1Ej*TOuLO(iDB8=U-t5xP5(;uWQCHo{FLr&s%(~W zx2OW}G~_|dwKY9!G(oY=3lGX=(~w({46qNAOr(I0N4s>Ks7y>hO`_3#E)%TcV1!ug z5Nx%kf_2cDeKhEep&ErqnVA!ka~D6 zPX6dw@j7PL!DoGUGuDiF_)ximUHQ5y)2;`k^z@C@^7Tfn_2K!+2-=A1{ z{|Qyf5IaKE^K+g+L%0pEWq|EE1%-zVrV{`D*9e? z%ih6m-&u4MMwl$71V{XtGu3aCiUF}lbb~*_H7Xb%(=*VB{b^p15i$jV7j(aaDG=%r*Rdw&^c`iig^S$vH1j^nlu;)2w-STy zuqfQ{Um<6VP_~y?>ztzx4Gw$#h~DKpG%#;YY*Ls1@N>2BZkTOCKK+F*x6mWDVsb$c zi@A)12C5JP?ZuHgF4|8^MtmW!E3EfilgXuyyE4Pct{6#KewW@)2l#F|dP-tbAL&LU zLE~emh33r}yWf)kZXX=+n}6DR$P_i6(3h6S6sQfSady+1BAxUjuqLljK~l#DiRU{@ z3lgjz)E=1s70|D0gkpL(vQhH8YV6Kmm&)HCs{M1?x{M3E+?s8!c0C;g(Z~K=5)saK z&f%%%!3d)QP;dyrc^pvPclQYmZMFt+Sn2Kz!7;z%!?AQ0ksX05GQVxuM?{+I%vh#Ag*JoQDY3fh3dCH)F=(s zw&=If^y)sug8IoHM|xv(mqSUwY$3Y#_c!C?U(f==NlJYDd!Nr7zZpQ~uwmcyJr8+O z#WZsfjIJaRAoU1ckd`f#p;~=b)SN!V`Lf^usTn|(hItv8FP$UAm(*@DqL04EmC?F9 zqKy4hlKj>#$pp61l6D_iuvfC6j_2l2SY6U)1`%5|PfW4gzY(Bxt{51aa`YoM_!Dnu zF2c*iH6nBL5yot{y-<^3{nylGSb?$al+b?he44nXv=oj9_eB63$;J5Xm-Hdm%trzV zW&V#JD4hPMFqja2|HD8JM}Bc01cYUJ=;HgAW&EUcHPwBT&zjN0PwVHs{-uIRFcx^G z0rI(g;{Z#w5|n9UdZB{A6raLqBZjMSiAo9l`mZiN2RU~Yy*+0pkU)Ub{hiY=4kW(C#bmF7ZTM#&y>Y+cyz+c{Pm#SZjq{53gc1tUZ>10@7piag%@POw=bN} z5w>%Wi{BAj=pRhCc5-@iyeaqJN~;-`xmhfELr7Kv;f9%Pcp$qnfmF-id+R-y%YTSk zv4Gl^U!_p$xyPa(aNk`2w{d9;W7>D|z@ti~BA@e37r zxMLJsJR7dnm|q045PVG;?KlD;bu=3xW%tD?Nrju+^v+)Uu%`npATpinTe*6HJP#w$ zBLxN{L>JKy#gKLj;aUQk4f6mVo|HDu;N18AnL|=Oua$P>U>BzE zS1|(eCN_d4*r@}0$#ytU*e^w={lOM9io1)%pjJsL*1Hmvv-gSBMSgtduK4>fZfktX z#%n0A|H5nyn9r<>Badq%ffI?Pe2p>*=Kxw`(a!!BRJ(&D{atoDKkzU5r~Sd1#=l!# z^v_p1h(HP;;aO9U*P`yWTKk zrxq1YOpV9|=B0a(dgC0#8SAtEGUM#z3@|zY@at>y_nHC~*LC!LU(qcVa5Y)GcOv>m zqAA*UlkxdbE?Z^b-YU4~%Ipa9;mHM2f1oN}5yQ36-g=8W6WtSg;|F6vUk$>T1U>K7u`|~%GeKJA8+{lp*=5+b$mk2n>x*Ijvy07A~ zkQA>v>I$&oqQ;u#b&++vmgqhtk()$XF{rj-PF}L}w<##r8+%$#9QhNmDCD;s?K5M? z3Z@@KzXw?PZI2ARSZAl4tXm&M&X!oT9v_GcUgr;^;QpwaIpS+-X;9>o-mwF=XAVD& z_9v8VmbHl~eE*3X!2iES0uv!TU!$kp5<5X~)A{3L2{Uu+h4CsG6@((ap_l{<)(SYgwykHIUU-1Hs= zUT9Qoly}V(U<>u)1ABDMBY&qG*FSziXD3wx6Mf;k7X@f2rr_}}5DDz)(;fX5HN=!@ zhv_C*>>oBnNy={+xSF$tH05e|kXFywYbMhp9zXUVTX@Y`^;sTTU8TKr7nGoLzv)Kj zJ3)N^3{StC25~{&FL&xBQEk&m`9O!q&1KThG^X)JLXk=FgLn@9+g{`ozDtoE zQw0L9DKa$P2HXpa{bJjlHh-)Wfk)~l;{S5dYl#6$(`JtJ>AQLF*`f+=Gt!0O%80}( zKTXjh=_)^ipcL+Yped0NoPFfMJ>&yC62)_ngdk6%YGOp*9H{+p9j|NQu-l^eU>HV@ z6B~AJYwkS>ZPv|XFOZJID`@*y+ygdl57FmRVzAJ!yTTxD`= zsdrR2#H~IHg}#ywKaP1@gcJO}tJ%~e{tlW;C^(>xik5Q5xxH)`XjRr$7<|PewpM8b+1nOMlG9b{FUfC_}2kb zExGJiXo1}S%E#daVSnV;`Cb@h7-(xk?E9~l3l;a%oXJJ5Yuju6g!?Q$R7sivzm4i` zkNl@TwFH$Ws*nCDq5@pErJ3J8S*_t(e(cE$Ge8qNU;;t5eEF>9kefuC4}Y=0-=~iY zrQwAJY;Jm9{sMn(^|1I=D}~QaUU~P;F(Feled+Rw<3Iq`7I+gzlrT}uym=rn`Vh^0 zfrv^O&zn&MH$1=$i?%aC8cW`c9;cZs&izbR?5PfkXAtnW-+>Mzo_eoLCM!#b!|b3F z6kev8b47R5e4v<3ZO=mOWP`x3#9OUoH*Yuq-SN;0b)(kbJENctHPP7|s@ze4)+ z)FBWpqq<9JD+;|h_EoVl3rDrof6;8^>vHIr9G3(-Ig9?9whXmXP6XGJmymUL1hD-F zieaC?;wPwM3 z)dP|;UQrwoi@fAN@-$B`kgFEo{Pcn^1>vYJt2L||a+_#Qt;D6UwmsO_0VHh*wL3L% z?s*Ba&r!$-qU|&OIEOm>uZcnk@3!(Rz!4Vw{HLeY?QN&?;B5|J3U~=l(06_AnGm}d z98|dnhC$HKPMc$JFOg5Kup|Y2pSo$d$V=$IXh>(0G=^g<3#_t*g`Z9&gcT|7^E~dl zuyH~D=c@uF$N)UjMG16hDi1T*W$PA-aszTnZ7Jz@6&i6&>)0U5TmaN6@U7^i4|sZK=Mh0c#OT zd2Pa#yzrZE3zTO=`l_;+h%OO7y>#mvtmhUl%ZCACLI6DApZFaP_L)694mw7Vp0>M& zkgWS*!nn-Jfl?+>7% zDDIU5(cS@RZ>ysaP_}%TnkQ_cu5fG^pG1iC$qLa#RXbUKAYRVgOcI&omucqUQBhT;&;Lc%HvAQ=42L6_Wy$i1u}LdR!9 z(MJ%`;(*ewGG`#qo5uB~_=Ey3AdJ_qTJ&B zoqipoWrm&rLQ~+31M53@`x0Am-@z*nriO1r@|)G5OYY99{qH`aM@X97=xR!T3h}`-KzO)M~zs?aSQ-kyhZ$G6v`J9Z}) z$m^i_w$={d&-&^qA&@k5&Pq79a4no?kl31Lg}#VnHgM$_O74r5(A!dmexR4WzjE>f zjt3U;U)a`vBgO#3lSKq$clkQ~1`I>_rKhj|JQ21`QqY1^5%frfd9>|jybIW)X_BP2 zUcit|XcA;*SE``MH%K3%G1S^QWCl4iUVW8LEiSugXcQA-PJo5o75rw?Mv>3It-k-f zAVD2s&S(0*nf0gad^yhyUC>c?XD?im+DUoG*yFIxb*rR$As#RHBK4gU0{^Fn<946x zKK|8`uec22I}$N=tc9iPV(PB0YeH$?H}%BxlVg(D(VNMBtF+s0b+}hP@knXV+efHl z4`swUMn9rS^BgQyX-R{&m%ZGb@hPs-)3$_84GLzy4kf#&{Jg9om;SG&&gN7+DIUxe zjdSz&9y43fkr~wI(7^Kab^P5@gG>$-t2vw5*RXxrE@n{I8burbRrmofO*mgpJePx+ z!H$G)ZtOn7w7J}W&icsAN}bM{iZ@|#+zZCKo6j9Rk-pA|wvEkFgbqTkR61a1X%eL( zmH0Xf2iwHXF1T$*vGiXjqn}L=MVch>|;j) zR(XcUsA2l5c+M*PNxrZ0tH7xClRH>P!$;e(GJvJSGT{(z zg~*u_$->#QvU8XTRUe%-^A~lf%CrNd9qf=3y+?X7T(cqoB%V1I&W8!d;k4z3P6jMn~9yU#eNC61tf;z|%;bhgEOQAcZ5}wOL9Mej`&_F1%ot#{WA%P;EGUBJF+t z6iUM|zV!pw4PQM@b_-MN3jr53#^_pyw^;)4VO72u|0}o5UX+-3cB-|u!i;C3D&9HmoY0vl8zl_&&Ed*D}}NL!s9r$k#UmLDrEq!Q7%sz3(?C1)DmSn>>R@aS17iLKMQ{nsmzlc_ab7bY!pZm@QW=#J60te^)JM0-0$>Eti zr!*Mlox}G`wv0!L2g1h5KiVO=)<_MI#(^1VAj=S|VH-n|~xbu|aUiL07aPkyF%SQd!WPMH9X5T&dd+EJ4|01vAmPO02Lx z{Y0r*nJJ_6wp^twdGCo}-#z`DS78&Iyv9&K!6zgQoiuqjXS`MW&(_}Qt(snp=Rv+? z%D4^wAm<6W#BbEw#|0^mQa^N56RqESM~flU zx4pw9nt#LJiOO7+sd|2%v`;vtgn*OdF$~QG1iWv~4>H9>Ry3Zx-$i;D2*siQrIc9lklKQq?#R0Suf5m!l zG!xw1n)}Kd4*fIr?BjZTL7?Sy+jt<2F#EfwHRh)8`?C9eg)Ns-I;Omhir3738YrNr zU~6jY&+(KpRpxD4*ZBx*u7LR8_=R5x76$5PkaD2q`)~_72mt^78?0~s#4v0_OCR+? zE`+Ar$HoU(6zpryEWN;oWldBA1{YW?(jWV=S1Y&hyp$u`x3X-}wD^TSV;_meU6oc! z!W+z4)PctQTj$3*Vp_u*?dSD77zxtUFmD(`3%-j_kBon(*(QB|E*qca*&RXbW5N|p z!}!O9B}6G}pd-qim6y~3kBi*VD20-h)403hdjSf?!{2~4Tp&!oX-_+{_+FdG4#j(e zCiW-j1`yq1z_5MVN%N4@Kz)bTNh2gEWFp4lo$d%owh*d^ZJ?2N(iNWN#k0V+Ao=6w zo8;jI%-*LAHPqpp88KsLmMeRB)c5fnuqI+bzQpmyM(+B{S6}Vge|_Py$E_?ZWjc5f zWA&}EdPS%Vc>8noy4Q50v|mtvAKwfv-KAI_Of^rS`t*O?{q#H^v*?jP)F5~5WV-9kx64I zXu@Bj(55bMrF5tOO8TfwdV}Th91EL9ls&rt>7^zJd+*uP>My^mU25ne>AfWq&M?N4 zsl6vxmh_RG*IADGeyF<#pz|~PxLiz~*kt3V$shjB76j^;ee{^92@aa=(K@c6NqCTf zN1o36)D*puX5{kGC>wkD+Xi_raqS+-TfZnkF$ZtG#AITk`dnlela~Wo8lH1bPKJMW zF&q--Q**-0&ygoL*KFC%{{pXkd;x;u?=E3D)zlXAouTRLz8T|BXu}Zdj{ng+5uzbysPgi}yV~8^V%7m`%UiXR+ad0? zg(e&2-#_=Xmeh9EnwQu$D?CRo+cDerW{@)d8|4?6DL$-wNbFqhDzvF=)Kwe$lxDVaXH^va#ZW|8&8 zin)>^tu$l^EG+MQR{bwvcvUTIN&bpy``d!73Lke!vumyzd8BGM

    Jxm4leGj35MQ z&zD~n+;-i?{JiS1Rn*F>*Uh<0Jn3ccoi8Fe1Ir9N!4&g{FD;4Q8*y3Q`-Ro4m&?9L zo%w4g)4dZ&>ud$|AgR<~qKkZbQs@1NFBl%Ky{$wzk}Lg(pGGJCXF2(OW2AL?TgA5d zz3A ziI`qouxG2N$Nt}r;pvaE4hKFb@;LMD}|)lx}d=&CwTSxxb{1 zP0k7(yB9RtC+zNGG0f+_o_Bu$f-KQPt>uNIGS(ZhmX@&GunVu*-Jc)$s#V1*xe&l2 z$j%lj+R{4IWDk9{0<4ABd0uPQh2`o&T49vPomlXD9^DuUw7iNFC6*o)I3J~9sUuAE z>X`NT5ygOrChAle`9(6nq8%mi?Iu9-Y!;&y01#2Sp zAwhwcG$vyyafTV*@P!*py6}J2#_a;b=C@Tyo5}(?DOyV#mpEd?Y%E=21{1iXiyWUe z1^wA!aOo=e+cr~p!wHZHytt~Tr3dF0HK={UF2g|ReOc!P;RA=p``Z|#4q<5FqKRJ! z@WKY_cFkM?q9S9{1I7#LMGQkG!=PF697Wy|&D<(d)O<0+zxn*h3?-f`Q<|K^#opj8 ziVQU){U$Oi+_>>&1z}W~;Us*wZMjVllJ9*!WrA;~ie60Ko}$T5exPqHb)UPq_h`TU zXJd!MDccY?f{kJa}+-4ek&m zxVyW%yYmDK?(V@If(3`*?(XjH4&T1-yC>ls4DQ^H8f&T~Mz&_T^+RJ>>4<(SJz;B5OY+g%PU-jfVh7~+LM2Aao%+)& zcjdYR@wGyY6P_FDms%Udl<9=P=i>+Xcx&X|;7!vTyF_Yw6;B3xqA#Cx%UKiD3|gCc zHA24CW}v`P%QAEuRSMC$AeerVUxHpmsN6ymwO&mSU}};%xD9(8XK5&U=w*@XZKwKG z$A1pDGnTdrhdL&5wFjy~cTqh*6llU{W`p0h3FYF8=qER~N#gST3hB!M0)%XgP|(M? z*+H_j=H`${LhtWlNs#FT;RjEagx@yD?+|`6oK1Y2aE>;yaBi3b+RXrKRd!T*AcThfHbMt%0pWI zQLyK&>r2D03UJAsexc$e&iuQ|hUBx`F;V&(Y*d+SWar081Ij@cc3RlOf`zD|8N2m|~@Te~=pOap+TvzV_a zz5z1+>7;$Sog#A=-Ae@7x&(3?47v6eU-gTw@N&nE{ZSkJV2Rw9v&xnMSH7{zpkt1B zGwW2gwk;9n@_$V#WvRGTd0iZNUzn){xG4&zk!W*C4F>CLfqt+9b3_=uA!EX4| z+EyhwOzykobQg)u@qAKOAkK)*@rq@3t}Iwi;qNA?7arbVR9tB?2%Iks4Sjv~e$pdG zAs03|CN^qUuCjQ`v&U+D$_i}_MM{vaM6kQwRru5L3|55hnLa-b(?6i+uN(_DsaR`} zR!O{wyK5UvXdn;vvC=|D;^x9Mg5tmgsz62Y1t3ZG0m$DFfyA~s?dHe)nLf-B|Mf8| ze7w7=k$mHcnLZ;w2F3C{Wd6oqF%Ff?&$4Vr4L=9M)iCZ1 z&R^X^BnYFd9$>Esb21u4?7h2*5y1J{s%**$)Djq8UoU}Gdcf;$1$5-`XS|K@H-Jmj zkJfWtZQP#L$8{_y1&ku`t~+Q^nGA3ZD??T1d;n;RDh+p92Hc+o*~8nC`tN%!Y$2YZ zTRE8b^=L!N->!PIdU8G>U|SLikhB#+*L!lLeUn&5>`}2Z`Re}3Yf+;B%bY2Wn$Lm& zS{U&TmIomxU2TfF%ifNK3LOMipwq1!h-@=?HNf3ApzS|cFW<$hzWgjoQ=vYtgcchQGwzlMO47g3?B0PUqZ6gH=VU@k0{mGdCQ0vtDQmYNYLZEjGmw*d zvP)`mX@4MRcmL0EIWy+q1`r$T5o2Pc4dm$U#2|@knb!r zXFd1kPGt-ORZFDxhuKyvZW#xYPb691bMs?9s7IqY_z+RbG*~K7zn^$%p0$?@h&+N%Xw% z;pI#IWn##-Q+<#BdTSY*HXTJ#a}euW^k_bi;1(O)0^@oR3s<|=^qS$~T4@eHzJe1) z?hM)l)u$+yAzi=MTpyEuw%WGs^_xYC@+vOfh$Sin1ClL7k&n>*Sf~oGhuMbb$i+7N z6Wm`goUQVMcezn_jL&!UtbB>oGqaeDs`vjHk?BEoEj>=W5iU>mbS8QR2x^~1Du?_; ziPC&aPls0DcC)3zaq7-qYov@DcY3=Y#Ty|NqF|0HWPkxF$1fPhCq0m}_*a;7A{pQE zhVSlO*P5zv$U0Lim9J7peI=eR zQ`J=m5ZPkOTVnd-z0*fq! zWQnK!t@%ouLOwt|JYK}yK{?~`9Pd1TA#$R4j0|1{xOQDFM>Uq3z$Y<^GD7gD_cWg#2~8X4$K1Pok|yI zC}A1ce!es32%92254H>ncVoK}8`g>f*GC^a{wBg-p}HcEPWT6kFC$FB5SX&Y@3BGT ztlnGoE@C9_1EGvQ0&(pYPaw&}qTM?sNjl`fN_ly~QCKuPDdp2t`jUCuCy1fQUoR0i z1@SY?W4v8+InSPuKox(dm0Qt$4uhqqUUV1gASbi_+EHOy=xgxflmYSNYLIP(Q}JAo zhOqOTHZ{r-=FO}CxYMthh$ipDv|r97H0qp1Hz6?70la2RSe?<*-mEbzN6DX5 zGLu3S593M-m3t&&?hSQ|*U;>byp*p!-Ve63v@&o^N9^k60RMpeQ%x_X`&AGonP4v@ z)AsPF^%oe&O%beV^qUSzWXSFzHH$u$0j+`?#$HOSPk)8dG(53jui`*-0RlP`6z(xR z?R-S8U~1|Btvbw#mIGhtm;-x#od~P_D*6*%dN^_AkIAEE`?bNc@lz%g68ZE|zF>xa zK=5YSB7mNdsUZx~R&Y#kJ^kX){7qmw5rkRr|uoYDe+dj{&<#BJ`R9dWDs{yx< znv7}{QX2=>2a?(d zB?4h0!ONhmgkC7WKKrPCg>#yIssB0(IMHhNFV8-v+w@ zn`3`*an~>()$CfRxj9kht7tt@5vc<#-O+d8$1U-1*VKNoQLohM$g!}c za>~7Xr(id)1D$Frm3-!qz#>g#rv%$a>5TfbSqB<_$GAm8I+uCxx z5ATonkV=J};+@T#)M*Swxl^4&KxF~h0U-+ut5MS|zqQD7bxFD5&#w$bfmgJ1*)@fl zula)Y)ekKf*w&e#k?)pAx?i1nt?pDkelj}E z3;jR|{zj%_peSI9YgIiz=0y)r^iBnqjWP)3@3`jSHtl*9InzPo(qoS7F*h@LX;Xj8 zUY&^delmaxi6|XA?#Vh0U{1)5_#MWqCNDZ30Za^iB|!@0>gJ>VDZyzF@0_+>XvyOG zve+~#JZPNKA-7v;+WyU5bJfn!K8jg}Ta8%}(RDaVZ^mGIvY6N#l_ z^GUW^idC0I(T^4DpyKo=iTR4>PtME^tq^UjH9uU^4c&*S2{IAMMTL53o<89G1e$=u zeS;nu?b}1#-m+5FXpC%63dfAIeSh;o>3LpXH=Rw!H6nWfZRByBhhbkk9op(_FZsV| zaX(uyJ+|ylSSl9-(Go{*QSpMS*3rUgPY0*lHbNS?BX!Z&AP3nQ81!;*2+h6Pq4^ML z&zbk6F_^AnPsky<^_Qpsk9N%!cd#^ew+^)zM|MfxXFE>>|0ep2=2yHsxsjjflqC@b zVL6TZ*kx^;I@W5uSd|+zv)#!z&1E68|38C0sHcOMH=< zizdUenY%QpFXj%_!c>_2i09Bs8!G~YR{ za337Cw+76(J-GU;8AF&}JTu?aC#_gEhL^rJT~ZTB+3Llq`EBcCI}Y(>+2^j^KDZ9$ zPv00qgWU>B$#T&Bu*?ZC3R7sfm$fpY#?U_AyxvX}pg*0WU z01=q^zj2F=yl<80i=q~rxh1wI!|@0a^SHH)WAlgV9Rg`pyXKDDfEq|;#2Q6j_|NFz z3nbU1;RRW7i!tS!^NEUwMbQQyvKEpGz;{4*{s;s~uLn2EJJ^=F!aszva*~lgNbJUa zJ6_e2j%h92Y(O2=V@-UxVFWzy^10XKDjJGusBbi1t>Z_9UM%W<2;P`hQy>qp_qJ+7z51m}HvFw1`2HcL%cz;+}%NoL%3z@oa41O1&suitN( zI?)>GKJ5DrVOXu&ZsE`6``~_%6a78LC`A3^{>Xm4_5%?or`OSwPi+9-fI&j1k~QBB zt4jEZnXgM})lFkz#*|KxO!UNKH(tR36{8Xn6W+7oJ8WS+pa5;@(L*&F^*-#|a;ag2O zORTFtDSIBec3LsW!-L*HUQzKS2|By!0$6=q`#8!gnv$skRM79q{jjCuH&x)L4#v@q zENIOj(f2JvVr^OZPKlo!_;yI?=b+CYXlsA#?ySLEs@$j}h@&2TVDb5t zq*~T0?UOVGXX8W9P{}gdb7pCQ&C~&FOS?my(xh~M5a4%Bse!RFU~pGuLsO?!iwo;Q z+1P>{0r5rf=8RNc7&vr7jO|kdJ(Qa(lQ_rBH_a@%#5p@m8Nj6B;g( zy4U*SeATEuV3=OqXT@G^o%NLqcXJ^=b{>Ie6TE6~*ByMp?)q!!p2i~8k;!@Do)jJP=T<)L*%D`AY#D_ADz+f z<%)fe;89EC`ok%Aiu*~Zje*)_bLul-CMAW@s zC|l}o)Yv}*-=rM8wiV{8WwLu&NfFH89tgn!JaEg4vQQ2odBwMe3tXZV`X-uc(jx23 z0;^x_Cq7}6*XE$qVt3zTBuNXEny0^k7@;d68*fu?GY#gsw(dqvrITui-Mva0w%?h| zFj{!UBSxp&@5+eM3C3z-bPP$RY|XA=;ud6)fa2G^Ek^9M2MzQv57PtE`BM_dMb@G>o3TEi6_Px5tu z{k4tZmsg#SXVAC-+aszCu3}53K4CP(I5DWq+Cz9l_3F-sw9Q6&w7ARXh&PGqwtTHV zL+nO(n=L)7?X;!Xcy3N0E!?;F4+Xs6wKRd@O%;o(&6-FbKT%BN9zzg_ zd!H4|BC2eIJxQ7oGyc8BM+Y^U(&eGuWH|De=GuTT6=+u-@ZWhD0D*R`+0dLFcD9FE$_HeokycdAC}2w2qOE3_D~SBQq=H~VY~*8mts%$74~AI4pkv*F1rGw0(K zyTyN(n=6Ad)6>*PEUwP#r01_U_VxgAnNZYoD=k#*m~lz)0h2b@8zawnofvUXjBT#K z`96`Nz9;dPou>d`j)vqVIIz{5wCQKTlFAqPFZ4fX1%QD*>Au=&0nB_q{e!_>;M_5_ zg8;cT&}j~`khll)^v6XbIuH+k6MU%qe;)n~zd0W|ME+r!CGjL0YybV|_~~BL!ZF`j z1NM*-O9PYo?>ZQ8t}13CWJwpP6=?Ob+0A}Un@)r{ky_<#uI@1Pk6VFv{tvWSbONMV zGlIhGOeUwbB`mrUH)m2aIh*&yzz20X49dZ6R=RZv22APQo_{gb@q7GH-DR>e{G=a+ zJ#bVew4c94YT=58EMDG=c+$;}Nt2YHA|+07^I=&l6f6~){?bH#R6xwHLX;$4F+2?Y zKi!unh&a}7G4N!noS*iGiGUpb8YZ%9-{Byhoj3p%gp>U3UD_qUkwqT-#=2voSRb%G z`S`V7J!2B@D6jTs1@Cy&^-KiB*Ew2@ELLk?g%DM|ghGQLa8!J`DVM;bOC^D= zB}s}Jh@W4UPC7!($>eYb@yDix{|SvG@;%cYN)ZL*cGilg>J(XnHH7(%hVXgU!h4Pg z%Fd{fxiCdEQ#gf{>@G~22ZO+%Smw{- zl`&S!*fRV`Xkzv!(Tbn%&}(<(j4JNC5Tt^dVDNKh{I5sORarNds(m9%3%I)Kdh5L2 zu3o-uH0gl3{**lj4!`ytc9pV~FYlljq!i?hpfa3C{x$*723GHTHsiGpT%q+ghK;7U zwmhPFGE>7x{~=7`S#XQ$7=@Y`#P_jDUd|fQHN;#(%;#~|{XXE0QC|Jt+l*^u^63Ra zd3*}$lGnlCuj1tYge(49{bwUjCccGff8+^~%Q)$iRhagwaGg&=qfJM4lNy?|^6CqK zVpD9ACXw;4U+S-`0}w|Joh;wT1_S1!y!F^ZpQ8sq^Y!I zQC1Jytk#?_^jm6Ymbo|tA$j;nadLsB~4fVu|r;)bJdj-kQc4=sRN|4w?@?Kyi z3M$pHN$Hh#qVfSpM}n6^8!ZU-c}pAs*y45G1hbDP_j~M&f5vn%y=R6aG>n zO^PETL4wawYBubY$HO)GH2rmvG?JV1(Gpqi{-7z2;}Z@}yEa93F|^dcd|Miu8k+qY z+NZgP5#@-i7m+lLL!*SJdp0(LChMp|{oJb*_MEDB?7rV=eH1tFYBxOybgy}kONZJE zf}8+E!oqpO=nuk(>KyrtY;q;uVhi9fXlH6JX^;qwNdQy2ivX%@eUP;y{hzS-^78o?H3c*!uz0>5Xo9jsCX7+%Imuzi( zJO`}(nYNM;8E)wJSLuZ0RcU*qhtooHBp5Q4B7a46B=pZWE1s z%@+xo&dC2sS^Y}@Q2NpXOGAxA;g*Je{6Qwd)a^gh#SzHdVx7KWjf1&L6fh}B=>5+3 zS_l7P%H%p;qgxG|&pa9&UzuUTrJ{+dH? zi$%}@wPT9G$|v31T7zNviaFCOLgpVvIDPTmJ_<5;a}x`YAXYg^q$i>z+(dMs&l$AL z27(3HqmwTZkHU{#1j9~FR`!4$0@_P{DndTS6a4$^R%yItOz1h^k~|p)Y^ZL@hqnnD zAT)TbIIkiIC*AIU@U;v_qO}wUGgp8Q_nr)l{D&xxU~?}&9d*mcy>J#rBPX-wy5b`E z&t?&Q0Y*tL^kA$ppR>8AcbxfZ(cp66`lE8ZNGvB0bu{n3?mTz1!nOHl>4+-_u=y4( zV(mbXLLwIj89fX&hlj?)0kco!qB21<-+rTvp0kyoL#!Ba_uyoVftaADurdZ)>%j(G z>7{qpak(l}@RJOw z=wH;ten%cS84z+XL`(|ZgU8a168r9AT`pb_s&eO50d&?3Uj*xZZ6D_?*TTPKSH+j? zU+IcjPAp$?EHZTFkY}h|JDq+4E4!xi9`K0u(ffg3JGH)bE~(c(h!hVAK36>lwXRYP z?>6c?(1?Dzt-^b#p?wwXS3G7YRcla%WSG?rVPC21Dl*8H2W0130_BF)yvqR9KKjp}#nw71nu9D7ARblwu#daj&@{ysb&S+#!~o+* zN|w~uh|{F^lmS!iC*s$(ibtl|NINdqQy3z8F_s?^WbeXBgN}Vqa7s{uMI71T)6d>` zABLrvZ@T8+d!UIIgSmfnkSLNyiLK$dda>HguizC7j;NXXZ=3=oJ|BYRF^6ZIN|_Xb zVy$}>NG8BW7r10xHgowY^eK|bG$FOubdR1^sl&6NBXf}4e4dHIFMW(V)=w~hr7T>= z8lw{ZH{fTN9H?!{*$824=hJf$IPQ`mU!}-eu}cRhaUf*7uOnrN(2PuZ?KXL6_jIVQ z6q)&kB{rA=`DhtdJ^E!frc9+v)BYV@%z7UlGdO~$%U1#w%n#g^wiB0vshi3O24@G@ zi<*)b%W(;RNkus46 z8N{bWw7LKkx?eIY5M`s^BgxqH;GgELAdPaPJ^A!{nEOc|ksAj|V9_^aBOg@(96B^}%R_Te8{x=m zEIkEfn8u(L%yEz3Z*T!T>Ol5piGTtzEfKEXq}MTM;$RrSnV4TW+iWH|tonkb=JRa)u?FEi z;GYz({_tz>N%WKf8eLzBVhM26vi-q)j(aS#lV+W?5TyCiS@WTu#vN| z#9BF87pqw;)ws&0C%+T_sSLO{R~6_i+5q!wJ~8h)h!^??KS{LO+b-iYZ^VH19TPTZ z34M4lB4-6NXU4s$oo=`*`INM5@Z@!^^HfPp{+Krz^HLDEQW2zYS`?Gdsv7;>#*aIy zFZFCzPQ6U$qFK81_QJ6+VIeAxv?wm&(KG3R`-${-iFn!#<;e6JUn`(QWXq{Tryhl? z)yRE*Q?lZUjb{Yk1eZcpX?0loMk&Lz@-+IME97I424UlOb?@ckrHl%M7^jS;qPTRA ze5Y?syEWVrc-iYM8c{A8v+S2QET3;aLN%(MM>c*$?ce*{QxOMU-bX>)-Lfg5f5^TO z?(U57G52Tye%nGPWMU5(KB`QAX*$vHmuBTy>4-1qSZiMm&3G(dRPqZE;oben;_spu zS{mmqkbw)XtR!mOl_w6bHa~2sGCPsp<7m4&olxX89KU&JgsQPF=PM}rnT0VwsW|SX zbY@^0PHFwg4{ctWit+TVu704QE!o3JN%y$o z^PoqvcYHUqQPXIZ$mjm+$mddbH)n&%C@Y$1&U|)SU4xkq=~7MgyJIi2?$6(qLo~s; z&_|RTTTFjjulk%c5dBhW+`kQH$_ik3wXc*QZH3Z#e|4H8(Xf6FSYLa)R=jvrsc*n? zsd+aOw5zS7{8_e$Qu>K)D<)67}+!pqJb z`yLKpjf)AD*|4W!@A#d+X=or(is>75?l3IGvR?LGe$lNwA=W3rfO!fK!;Ed};tE&C zhS60``<`b5slHN>lDML`POSgOSO6ntQb@o{sc`2sTpr0LB?@_8`R@$3y9<}ulD3Ve zfdZ<0#jTg|8P-Z}xYeX+nH4;%%;l3&w=9eNc44!|RS_L)sg`*Ola%2_x1L&9bzshA? z;vg>@c)!BicUx>pSRBrsh66J$stW&sV_kbetOpJ4e(drF7!fm)7{rWs2Hg+S`jrL` z4>Rf~W2%CsTL1waEDT$Q(aD>gE}5U}A- zy7M|}R7m08c8pE?Zx<(vxy(1CB;Y2kWKYmf_}?pjb^xYNJ~mJfOr*2|85aQl%`&@1 zfyx0I1^nc+|7qSFOa~N-+w!**Rd%c3h0grBX&gSoU(5M(|AHp9yppQ*Rl@|fvVrG2 zO(z&%#3Z>mkis4%fzB2)HW*+^L%k=B390@GGJnNtBh};&M%Xkvj8k{lEu@)Q!HDu& z^xmtK3P<>-M|qlKc2_=F?t~;_>N%Z0=F(}9oFrzE6Ty!xYBf=tt_g5ek zSAvXDZY9yKK-$4Wo?TUx#f-L(gb^tv6U9{GeqX zB>;;{ZD(d4NRHEOEb+8%kOw;Dwr)=Hwo-rK3Uyoog(^|0V<1AFLoXgbY&iy}*Q_W-a3K{7DK=coA zv31D-#EQgrMP|9aDOeTI&x{BL=@~IuFE1maCyEQtRCpIkJPW@S7jS#P)%pA7Hu>f`t5mAhFKi5N3x84;;jF$g+??6QnR0SD+fqdtg7xOdoma%8;oX=6AnsRshB^5;Sm zLin28%PeeHnWtuKCoe3B2-&^9Q_4qyM{WAT@5;g&w8^6C$WEgx`PgDtA9t_?Ns{+mzGTXn>mX*0gL&Rg z*K&Vl(~;GM$N;;CU<>b#l=P8b2{CJ7s)oh8XYC5m#ahlQU(7ez5{Yegnrln-p9F4i7COFW3ziPPDV)opfJco4M+5D^xWgUiwvi5iOhoD3i zGlMdENj;bf89gFXj?&1M^{119RLsIkG^mo~I&(@k;#vhJ7a2fiY7>%G-0Rw(|n^KOO>*nL(_y8uF>8)N3W$?Zs= zOP5mdg{{r#2-z4zkaiCuecOYqa?*1T`>yV5w#Y%$(1T5zuexq0(2Qj@GwjsJG_Q2V z)5yYH@AcR|tY`9ozTQROJa+Ftb`I61VQGC%qO_<2b`NBUT?gIAIQLX5Le>$fL(dQ? z79qgAP-MT5#(%HHG3RE53`FNpS|6YMC>?%nT+G-pQ_KjGDxxRJ*n$yXbd!GfV>VVz z^*Zbc@7Y!~E5usL6n347K&O>xza_x=nSjC= z`-Ck-%~3U!&2aoEF;IC#JypmNvK%)%&M-qbcq_PY=C6lHH_?=nH*l4I2YHBiWC$xr zx+8wZTi`rgHYGy`)-_0ZZ!l*<0DIVxzD51cmBXKt1VBl7-ZAQ?;HEh9^wqk_0FNo8 zwu}v-YRxsPqe)u~k=GyHK3EVLhzdE!;<1yQ1IO z`Dm&0fkV}%ex)_0MOb3Z>&ZNV5uT3AzZ+#m?dPe&*5TYq)=3eh#)2o5S zi1u!xGyzFym27P3<^uoH$q5rmXcxFtWIWbTn+v4vv}rmYMm|i)YD97z!{wig!|9)K z(T?HFp;f4?-(8}$R4Mrg+{OW1fvnef)z@}y{jnR3q=x$kVBMWz0?2ldn_ti$ixH9G zJD%N-Q&cQmB){*){xvXJGffg{16NW&`o{B2vLQJP>*=)b;}V^IZ97>|QA(R~md^8; z@?AH-V2(P1P0X`$3nQ|ud4Ierc+y*wcxo}yoJ|u8V1(xx-QIJF^0?0Sh%dL%Vv~Tr z7sw(u`+eFH8u{(2A=dQ6(oDzGz*f{qgk!Jhdgg_1#XtVo_<)T?@Q73&Q~=W@6g7lk zuPev@<`n#N1Z)^2k6oggpmc>Fo*)`Co;REMgz1(aCZXgr6ZsO&>K1z82h-?_#|l`^ z%W(lVI_V5%8<2R*B{aX1cHz%)QUB^L*9~J%%8eOLN>DB_vI4PY%j!DKp*i8-x3DJ6 zNgXtv)>&Z{5A$mN@LguUZlt@^KN5=)Mhv#y8{n20mB{^ROIvpjB&}I~N}73R9`1a0 zSOJ#*n6cBfm5o55+4d~bhrbPkpQ$`q&jmjre@HLbm7K{C$j`6nMzEA+^6@7L6K~a8 zHu!#uMf^_$;na|_sI5xQ>hV|_$~yYB*xvTiNQs{1^Vql4)0edhJRjWn+;Bk~@P$>I z;kQ3}HRx*6=DB|gt7QF7Q!kDmMS?u4PF2kbo6Dr99tU0qBc#n{t_?u6t;~JAc!vBl zYDV6q9rgg#J@#nkbavjz1^8(W?MHJB#{8=`m&uLPR!dDnT2y)YS%YZ@GYy}73=TvI zJKh=2yN{c`in9;86l>w7{&+&sz0}a%LhA>})1NsEiI=ZP{=@Cay17-q`-`zv%wnMS z6H2a)fO>Q{>>kYOWkzR4ddQ@4nzH<wkWS_~TbKymOu2MSivom=mA0|nEMe-mSe3NfRG5~=B=W$Zv+ zo3vo54=7ItcF3ch)FW!C%4Ao&;&>1~;CJgTO97^z{yKzp6HOdp3s>B?^ox`fScGwnuGs0g_sc4~t_xP_L z#&We}VCu!F2WmE(zijkYZmCV8VNoPzKFeQ1n|ELjBEK8SiDy?jL4nn zk)AfK3^bo~COrL(nay;Hr$MTp?~1XCXs$pSv|gvX;f;^y=8fo}n5ZJM(C51;O>Q$6 zzP2og7l-ayXD-Zm$Zbb^)xdOEOY>E&*#jHscuAcuh+!;6ZV_F!N4P=0k%BC!ay<6Mk=UvSPqP`7p}l(NLiXZKQd`b%?70!LQTJBV8@ zv0!UhnjlrnpGN&{2hRz3ig_b{Y-3pqiQp4x-$APd8d5?8Z!D^T+q*Q6C5b%)mv6DD z1u_>u33{yTPBS3+P8PJH{9$i9a-}jiZCf7Uo48AbTkB<7@Q1$0>`4AF(AAY}JYlZ> zp)T}PJ6S{*4#lbZta`65hH}Yp+6A#TdGhs=z(e124NQCS3T^&{=<^)naBw|_i8QxIV_rnI`bJ{{ycVG$vE%Sm-74`Zyk zs<_1ur()EYtl$#@ZBL)VAHIHs%ShR&yesfq)qg~A;WHcKC|CVZZFB^0`PLx9$br{8 z2c;b1v1Ie8RUtD+eDcQmIf{Zqj<14wHOKQiSW_lQ+nBtD!a=S4I1U+uF77K+YIpdt zvQ&#xU~&MP<>lTc7`*o-K&TB&>2iy>SY06q2Da44ohjH%JwwLm)YH2P}M&Z4=)n|}P9#sZlir;dleuu{Qe(>@ME z#)Lk~ku59SU(n!CkKdZkTj@m1vns_io74}Le@De3{W-FGQ%j-sP9W12()$P@T6$0uo}~8+9;8pKH^zx1JIvt zvZh!nMU@G}Q^)AK-G1Jsu_D?!E(d!-ZKX4cdFkmBG9{9UmoO0+(8~~>b=Z74_k#KZ z&|i2H#t#S+GY<&UaPcP%dJrm0{1J+bnZKrA4EcAK2wu3dB+_6WJ{NT|rBxBk<&&>F zbH>XS;dZv(&KGF6H!}b(1gT~T(GQ3Z)J<5U-9de0Y)oX+hFdbq+nHhC{!u!)wAmuM zI&Jrvs#!aFcIB8>pY+sUp{|#ff;If8uT-5&AfF~)2=nU6_~Z|u{au{OX1lrDdQ!u) z3la60^72^4NzgsayQ-&UlS`Jsj6EkCwQn&tVBr4C6#yttlBSc?3kKy$KTHVALkvHH zv7T-jtcQFR>{ht(vQR!#FY;yEecjzofNN%ul7=hNh9sB)W%i~jtn8+36|B*}&}-Q5 zcGk;OsY4=b<;PFps-L@kT~m|fPNs|3OdrV`H*uO=s)IW4Tg~U}>HgkjXXiS# z-$6qI@u_AqD8H{Q&nn3z5IrX&y$X<^94$>?QZBWCJlToDIJKUET0hQrrYeYsf$WlM(LNcl+Vh)O7;Jk%w(F*t^G(vq%?u zxvi3hb$l$^4;9P2H1+;m%6qZ6iW1kEOM0%KNLI9!W2fr2< zcO2NCH0$`tI0biNCIuIiW=ZZP5AjE8-X!?+PDspT&m{9VbOg|Sq!r>Mi2rDf$n|@R zpy_AlDP=2z_D5A^qzREj9Vc`V47f=!6T(lL)&!lZK^9Ml?xz7CmhP5b7?6ctC8=a% z^$7DXGDyCI%a;8B@UhuRPu&kwW)Hm6Olc%|}wN+qMttFS=_T2%$S>R9e{gQMTL&WYWn~L7G z!$>!Z1Z*V*l&0hytqtrpaeQ206USR4gM+(??8f`ccpJQSozM3T{6lsx&||7CEt+BA-2nP)-7g>cLm$QW{YY%=xE9Lh^IHPQE9nQcXk!BSho#7L0#Fd=vP1)3Tg-{+gNIUQl)<{MB$fFS2I54Kf(vXq zp)c_5UO4}>2zsRT#oejyH9d6$_X0P6Z@MAVt;wqTS+X7KR(w9x>Zh_#>?q~5L}SX# zi3qY%J{i^P00bdwSKa3H=BSm;se%2!6wisi1>lC+MMdE?8SeTxSsP|2s{9<;g>A`<=u`Q&uI4l`{rmpxsnz0^E5M*ZE=dEuEv)g#>EAUUV>Lf!IE+4#01mdBqdX}~pyTkJOI7rk zI`*(6dR}Liq{~A~^<8tMojuK;(J~w}*;_f)aU`bt8YSm)Ct|ao6DePaaG+tUAG!2o zxy8da4%Uq-EBA4^?{=k&c^ir}#5UZ4d#Du#d9(K46;GK&{$tdHjr7hLe^46j`lyZ>Z=bP?(k#^ zK7wFJb0cUb%TCYpys{A$i{7-G%OaoS$iTIO;2+RNmNBDfs+khP9`#0(k)}NoNAALh z#Wk2@LyZ_$|1^*xs0fOHz@xWUTO&=9q6yZZRmPCCLgx7nV}eeTCgt=*VOaoK-N zTu%qY#r3ET4HRKfHg-XL{^=NoscM$r=|K~qn^mG4b(Ij~{V|C_eho0ma+qVt{wF(Y zl6~MvvOAEI5)Z28xO^^&X;y?|57X%!EDLxo*U?JCzvEO8W9-cr{G*0D^M~>TFJ>l* zEFfbgBSBxwIKiDqcJrQXntZ@3-lEL#YQOg357&G_SSBJ`yOyM~$qy2E{DR4WmL5ej z>H3MyMNt3dJ0{wchuKTAxI#CLE2qkcp+>y2e#|_S23kK+Q2a8=isK531yvkn@eiuW zO}NFj>C^;u(|?9?BQCtN??Cti=jdCe4jHdHy`WTI(sCfzDCkuO1p(9Q+tJknmRGne z@#bBuTT3a!$M&;kPxt<(rL;|dj{V7R3_V9nOYD_vZ4WTnJQaf3nR{?2E6$Yv)|Mw< zJ0*VHpmB~gBblshb_xM%npLdG0L3b)|XD0ra_H}M!nk` z#z?^k6i)%i>U7jX^#3ERx!a`>QFP1ykEpARio$!^igb5NNrQAZ3yO573rI@{EZr;J z-QCh%3kWDB-3!vvjnXN+E5H8>pZ1*Hd(NGmnLF{!%)P<6=2Y(B!{XrFj;82oM}gAg znlC5k_6Z`AKZ6JLi|s_a#9Z6{+i}0^jE%F>H58>yp1!sgy(}S=6`9VzGY-UFtg}F? zsfJL(D3$Jd^IgHl47<`*@<05!GiUIW?Fi~Y1pAAUQ65Csp3PSG`M4c(4myku;B61V z3$NWau>9q`_);2kY>dWfG*;Pgsh{@eDO^%^(;38K29kQ$ zQbz|v%*I7bj7aEMBh!Nt9Sy>%&gIID6eC#PKZel(cF9cdSIZJ#!=Nk2a<)q!;rU_^ zi@x64XBp^y``pyQ@0hU4GvhDdZ#@_W&!qSf4?kD3UD!CXZloL(&#l2`GRS4?wg}1r zXJ(Wa)$WrhFXj}r^*}1Bst4`Lh*_pZ-t9Y)w2BR4l}ay_Rz6s_hZGM8_%xW@tdy^Y zE^3NAsO4OAS$OQxUGUj8q$2mnH__!k!ifVHr1dZ$_NaBSu-6P=0^Z)K{aSCER*I5B z`Go*&OS0E3L!+EflNk<^!J=DYg^T*p^YE$kn{nl?Tcu(PcIm!w{(kWu1E06jvG|69 zqjk*)VFSg9o=EV2IZ|k&GZduWg3u62ZFQq9IvuA))7Fv~*D@B{iD&K4kmZbg|pm zFB;%oY3bZu(zUq1@~50=uH}sORp`*tt7kygtMOMFR;mLg#ko4((}D$;X}`dhN|_Bo zx%{@BTWryDhgz-^tW`LkK`b4`l%va+RUv|o+CI4t!R&}VNXIX{3l~7XnP^F3n)?CR zO^qfP&{IeCK{6pBmJ(TP>%8ncJW=qYc@NEORv=FTzQ%lIAz)`gUT8E0aTP7=-j6;I zFTL@&*Dar^G6#!yLfb{o$fdWu_OX8DquX@;TJu(?EuJpCe?tei=+BHNxb9TJL+>m2 z@#=Z}zLqg~MsBYlAJ=+PI+SuRQKa2j&^tLJ7#G;|wvAk4ITbQE{gC*XT?H04Wx-?l zH78%`2Ek+D0*{lh{47Ao!vV6*6V=$Uy-C21})TO<}>=BG;duU)OvI~iQ!M^5RB^gl+q2pq@UgkR;t-j^9T=X%ui6e zlK(;ZLi(zsd*P@r0Pa<1*%?s%Jj-SMF55->PagmuUzE{DS;eAmBG``uH3?YqY5n!e z%rrsbp)tk=D3ut}kAVPq&n1#7-v*%d>#z8KxcHK2T z7vvcqhPFB7l;*0^95$3-KdYIW1}NY%Q>8_Zg;J1bR4{wiCL^gn(ljvCe_H()Yw z{;j7Hh-ZZt#*07_oY~B&JEid=4H9bLc8S^XWjsmPNKQ7lE_a!0Nnis_RQaL@S z=UhMhEd(XrqLpyfgZTuEVy4Cn=!7g{<4aVle-nLltg7^cGqaRcpU&_CSY#F!tnauZ7kaxG$ zmIoS7}Hnq*j1laqT#NRtL}U)2M6W6}+?_G)(+G>8@WIm7>;us#COlI-QZF6a-GT(NU+@feHy1oy%%`Q#t+x&!$!{qYGzg_2_l z)DESvB~PYXj!m7CLAxxvpJXH*SLT3|_wcXzG&#TW^%-O4s83;t4RZ(hx1GX!OUSt| z3-#hRz#>3XX6Giw3qquSi@|Xee782(F*J0519WlCWNM*+&V>+EoZ4v(6z;Hny*uAL zQ1GBHlBZvP7P^;Kvh@Qi=CIb>Nf3tJDWY&*)2P>O1dra#G%&lVlY-Z2l}uf8lr$7E zI)>tYwd``9I?d7)-?o5d0fcU#?oQ@k5y{3QIcBBeqq`jG^Xe;jK<&uKh$(5EOW)a{ zp)w6t*`NbWX{xU+WdP1vXOT`?`8^p(ufktgQEh0Dw|eP*6gv7*E#C#%37FuFf>kTU zC7Ql^;;M4T^5N;Km-a}qs+v6qgxtIRaBZQ%c<1^HjLcVF3?eFfB!y5y$@$++xZ*bN2sKr&&5Lp`g9e;PR*sApB&`rLdI z0>dbadRaW$gl)fhl~4$Kl__-&5ZAbLVP^O2`8+FYT^69fZ~e5P)qQCFJEHIXT|eE?f}uxwmG?rEG=@fi*S)1Xy{kw{n>;P)HWa zjM-!VNsX^O`=nWs_FgSa!lV$i_GPPI#h~BadOlSuxHLPB=|mhggyM45+VYMWh%tAwiU z1J*_Uni_j*<+p~vwKqg33xx61$qUs@- zdeT7@Hg%OEZI)sfh40~H5O{epSE2dUS0&Ngh?t6B*1(8UkpXX?l`e1RddF2zgO8YN zterc`)PFOtSxHpDSK!Qz8Z7vD&F@4kZP>NPgOh(Bwq~Cs^Vcaawx%X_ z^f&mr1k&&x87%xOSAgLH%xY70B=W6fzcVCG0JE9t}Ei z%wWOz4s_xp%%CH7tCA{4dInosNjU0MT>0}nd*KRKX*$1>J1|wOsm(utvcnptI$`6= z5^4kedpIkIRB?F?Xu5S;_PeBpfDcnW9BvQ!oQcH#>tlLbxh;6R@7lz~maT+xRgWUe z9fDLdM#Q_;o?K0(WE_GdDbQ#8#{TMw7@gR`^~oLRu_cTct!`B@#mE~HD>XaF?b*Rx z#``nDm~9@m9H;!$D!ccmhQE#rq;Lk-jE${QFUPy|6~Gbyx=UErI?Nq^RgJg-_;2q& zMPi=0D0rnyu7?FWgqtj|h;AZH7_F!x!=Uo zjd~$cx$8dJ!G^;`?kh-Rn?BhZY3T;jo6|PTsGU~J_Ml7MCJv|?Nju!`cR+2s&-DEK zZ=AA7`NEQmi1(jd3wa)zJG5@BnG4G*zr^uirMHAf=vy>`cAVs7iw2p){j1G2i2-Q1 zv78hLj`R~8=z&D?{FSxytU$2Pla=AydF#BEVwCwpb5TDb3ePCWhP~(sn7HTl*%gDrkA7u^R!+9192rFyB5}~ zh7oMCb?`M%}`BuNJFW(=08~kgSOOD+{bS(=?wU_G)P*h2i{2CVMgIisWnwyV)G3l-^ z2^p~Ew@>AGJW1f6k%Ok4J5VkonD)AKsnRP%#uwfGMGaeLM6qk-S4=VYcL?}1cqyDr zxsu+sn^gtPmifN3)a<4=v!`%yV1W2)E8yeL-b*t6iPd6u_W(b!7((VI@jHg3?yOZV zquryU&xx&a#1CaeVTW8fo!N-cmrOGUi+g%DGY792!KR4fvW<2#KMZ#B7Gn>8&|>i& zGtg%C&A6=jqWP->h*?F%S>3T~TSCj(JAr)7jM#Xb_*zT&qO~kb&V{ zE7%{j0dd9pqxZ0TfwF?I!Y*E=O%hl3-GkZV_TT`vsP>lpfeD#o5pssWv} zYZ7&LxtK5b3^j|uU%Q5ni32B5atU~{4B7!p9EJn)uaimnMe-x2>XQ()qu1217eRnK z<;n@fZlh@zl*F9R;PE#}OVpw3Ec#Px{)7I!^Pg4hcyK67WIrW~2ce@jY5qf= z$5mB4cUy1JOF5Cf``doKHPBDuk1sn{IK;t*y@{=w5PsyzVKPIw3U6UVGdZbUgri&)`w|$ZGqNjvIH3}NR85|NK5gToA{gH zD;GL(P(E{DjoC3c6OuxVLghq}@@s}ah zWN8It6L_2K`v$0bJ0(SwE>QB;yPP;q89nM#O+qHWOPKc+`e|NapK3GO- zzfmM_v^Jo2{@nZ9$8@@w5^Wd7{Ltzn_+J!3K1|AcJ!t#oI{}b4T46>c-hc|otccrj zT~K|;@aK)z=vS0*D6EZ_xJ?_Rtk;%Ilc00Mn4q9flNF);2_1 zHgPaXk3=@azFi+vRTr|I!~3f)6pQy!#YC;edNpCuxr%3DA}q|Ru%W$$V(qAUBGO$c zeqY(}vko25NU@C%NS4|xUq1fOLn*KQu6&eSMR+nFd``cD=2hi9xF_loeD-D&McXhs zw`eqhSCjCqS??w|7VC&-sd_5gKQio92aaP$$^KD2y0+nCj1%hKqTrpW%53iQ3p`&@ zx_r*PtxN4w6hXkb+{Ci9NIY9XpsA*-i=i{M{~q(rp^dZPa_pqnE`WpOj)<|ocr@Cc zbpFU6vS(Fy%sUnQ`)kr+(w^#@K8ZIx5LR_MS8#Wh)MrKh!hqG>-NJtcwt_yJQn<|Q zaNxiAu0n>trqJFiXfKT$FvF^w^42G#h9g7!SiCT13LQSZ$Y`4Z^fHOJQyDn(WD9P; zD$Hcybk4JHGH_D%D9a&vQH#q$9fdc?_s>BlHzn=a3cU1qN3SnYzJvAa|MS49a2X12 z1gjBagU8JwWgJmDX;2)r{CZQ7cUFX^DC?Y_KKgU&kz7Fb@JEwl+M>Xoj^okCPLIb) z`G#ID%bhwk#BvGHaKzvqI$-phR9-8;a_hR&iD8Pk`BhRJ{bZ8E@i$0pl%sas;cyXF zCZTpTxQ!i}7=W`m=N>+&Re~h6Ce^y9^&mq!+Yme=qDb?AkNB6&vuT|D)1L$5D$5hR z%p`sWob;Xqisr?wKMXYV1S&?8c4rYp6yBV_B?Kr>6mCxCSWH&PiSAyPOlB5=SsRu&L zECcHBXUxq5`09oL)HLILCZ-sPl3dwGQ!J_4P|yLds?K$4W+8+R?=e5q@kr(4ekBby z98xnD3oA@OJOU))PU1VT;IExmI@pP3(mBKKljaE<)&{S#u=N*Y!TMqsc~c(}#ADvx zt1xRCZUA0tcPcWMdt*j8tyyliLvJ0GIVfT3BqxL4C}O`9LXZ2n-K9q=J=d#lXTu?F z*mhMKZ>G?$~iDXFO+isVo@VXn8F& z&!Se2?R1&0*YFjLd(8`5d>;LTq~S-X(| zK!`Jt*;t+*6R4TV!RGaSLLhXKO0JX<;AILV3whK@uMP#W6dYLV^QJIN^+4eCYCKpdfs2`o4$2c3nM370)#gO!naXSO@KsR@CY^O+(XYRS8gHYl{_L z5t?guuG7Eg#7UsInB-E7xldQm}aez?pw`a8?2REn`+{MD%cn?WBz}8Eyo#+d&2ckZ8K)r zpVTnEEL5QTa&=We@R!v^_&|P_Y~cpFC_p7ujMDd;`BFR@fa4?7gsbmN*HGx`RT?ik z1V;gsPYrWQigyH~-HWAWm92|g3xs-=+x7nd=v(kkKs9mz%rBbLP_g(4iZv|ZbSJEG zoI*yW=&cTGsy8RBE18>rXd9{Zn8kUxl*Fa}v|?5%!TsO(kvb?=L)JTDbCaD?V{_+I zGCq^&z~5clNfNBqe#jRu+O|?d8<{TGQwW2H{bVl~ivM<3-ENm~;%0s}-SxMv$t^I$$IbW>bNOhz46cl z6Qh-Y7||}uy5tOz{TCp5&YxcR`gLIr_GSlFXdYz81XA-EThPLu_gT?#MLCoC*vTEI za?$3|@=|vOlXM}bjiWOn^=!Cfs@d5X+?eoVT{L1x@oOG8SxsF8s-g0d6rWE%X$eK` zQTo_Bx^a2OR@tBR{BeijoM7jRud_)p zHQ1=v-Re`LF@2*NY~{*-ql~%hZ+02ZYAkZsc>_>0&?u*v4XjrZfop%_i4oC+870BTf}Jylnb1KwiE*r?;NitgxuVoIMpwW4-W=UCid-^g zRT^!tAlngKIxkUotl90L-Dr=#xBRecAIzO&roQ?ef{%~IL7H{-N?g5l6IdqAb%i7V zehqMd)c;RQImshtw7i3^eJimZsDTk8@Fud()_~IP-rsvn@f(tu*^ET-bgXilb*2aA z`3$$c(_RAD!j)6QS(=^nj4<OG*Af(7+s_3F|;T6aPANGxMGr3s@(2$lf4#({5)?-9!(S z&`EX|AE-;j-FL#evu_PFfWJ3qK&OwtN&=3idiUuz`d7h9lw>9Q6ap4SWCpI^t3QOSjV0ziCJYlhs4gE<^(RG^z3PdLtP%TqAd#@%9e+?lgK$uZQB{ z?3nTYuy3>^j!-Qu-G_^5d~&{0q}r&G3u-Y~tiseMz}rE$)n3i{`H^nf?eDAO*eZC( zOA*&ZFh)zp*I?EKsa#5rzRosI(`Jf@O-X!u0;j2%`Q&%rN$x((DBHXzy=86$^G)nn z$zzW_&nOp&+IUNEI`NSX_0@qPu!AaUm2pPQi(OpYPLh8(bTcbya|l`8qC#tC?{^7M z;|8bUnuYyDN*obsxvl2Lczq!yjtm~)ag9a&M}v(*7Xc$hrNj|3f}Fa=@K;*^VUaU} zWgjOCcNQnk39WUUz!{4*f)sa6q9p_lA@E@e3}y26`DB)?Ibirk)@C#T6X5BZXSIt!f*! zDYWb(ePTb3a>b{z+8nO*P)gDWc89R_bU8CoAohB@+a7j zFs9DsTpoOclQ-DFW?Am}*@ZVLQo)qniGHoiiv429=Stm>cF=h$a%e@*;^ zT+q)%U7^Si>=J%eNy-@$=^bDtoe;{uCD~b8d#oc6O_Mb3TyPxfu9qYWrTVw#iLmp) z7w4k!JOOFRrrG%d0pu2DluqC|MBcg<-wcio{0zk7e&v+-JT0v(KBYw$qo421RQkwg zfvv(LQT4*s@4QTr_iXW0*qgVs{pCT|{a5XXgrfof#-9g^!RILr?7j zDf!w(WcgGmsVa3gWuBk7Z#rf(rCRQI!&mv6g`!b%{DnoElU>S z!;z=>saxyyvZBF_SVfO=vu}dPX~6GU*?gZwG>u8ivBWL=q1ZjN^}P%VIl@|e zTY@pqP@w3F1L<*3F1mB_B&;vdv#(bLsI&(AE;?qiJ1ZMN3l5ZId^1t+Cu}&*;XFG< zCpAkFHfZ_ON|5_PF!Dmdfz-;tFExl^yLFaFVx zkeTGv^4)QCSm5v6jY(Fpg;Sw^7+ARV?;mwe;@Px_yEdmp=aYDKa8f3A-16g^)(@??6K!i-)vslq}p0Pk?-~8B+CQS|%sw#vOKe{D@7yv3*szjU`=G?`d4_qz&dYB7vb3ZA z<+th;HM^wSOmuKO(o5SOec)Z5S;ILe?GlIVd2)G9&+*tjI-Xz(@9mx+^Y_)B0b-TU z^0Kzkw-)Fmwmo2>90+sf;u6ySqv%xB`5>6uNtGRsGAwb>#Hdr0&|Om_DHoZHy}=Q- z=*h}#AzoA5r=E(!xU)qL6`g`qqAoNKi7$=-S%AY}Rcs++7scV5lk`%1k=K>kdfiO(DcBBSX4fMC!XUR+ddeLgIuNeg*Opc& z%c>L4Yp{J(S{d+{V{>hl;!!Vhmn0TokEB9^(~@(t^6P_1XONhbMrbmI(x7_aPqJz6 z(oAFS;N8jn8vYpm!d^eQGmR#@gm?t$O{QWD>WljS>$D=Xwm*xAF0=3gh{l^r#wBPD z4^V}!8%0Rv);o;ASFP!|slJ@b&E$o6Jk4zCaI1`7juvF)Zqn(j6=&x5{{6UUIcA>` z)gCI|_?joPN}CD;{F_`xZ16k5LP%HH?9Ew(3r4|30`Bd9 zfqpEW_RuB7xR(K++fSROTrL`#7l24QHr#+ps^y-G{S|$cRbs>!V*JD-aG#*c5R6GF zFedfw6sN$Lr=4vTMEX~rC^S@D9sbzak12*GOK ziRJTQL5rPH(cQw~2KvFi0UPpe#x9U6$_4`I4e~Iv@G^6a#rU6pe8VTkR(pgJ8<`y{ z5i($5fXaE#vjS$#WI$Q-Au%)3m=>uIxA6j+KJtdXfFi`^)&h4H#+m{b{8^Q?Q0q%GOI@KZp2xHiw3rSqQF!AzAjd+E??(&ILC>sS+}%F0}db#&;$ z2Jge+QN>7}A?|z23oyWgH&W+M{lP2_M$YwV8g(PTVhz0&K74MTUmrEw6%PoE7x^ z1lGK2gpAYOjKoA1`P+}?e~5b6HO{7Sr*jI%mIN@ zkl(EswsYW8!u-rA@jn>d2Lw!oGK2RCm}}u!WmYqX^P5zZ9XRQF6D5|edIXN#!hdcY z3d`tAtpq<(m zX|E+IRr2<*TbGL8h>hl74P_eEHcIk~>&YfjpG)-OiNr^MVMd9nF+U=hJeUZ*S;W?H zK_2yY^w>IZyj_o%p0RYEd*(-G388~d=uHJ-3EaK%%`IAks8oOUci5$cRu*N${*?|F z0`T#NSN1n=Us}2v&jVy<+IFGna``Wc`*X!`I&Fa*(rv9B{mI4* zO|1sVFq;9E;&WK@$bB}0h7e%D7#XnTDcL(fIzW}|7+n~7t4 zi+m|n1J51R_M+N*?kX_cuXtna7VJQT0PAssX(Kxj-;|2116dUtD{n~oYeJ~brOJ_v zZN5)NbxJr#6t{9g$=?CKZ*L@@{9TnVBcmI=>OX(SE(7~G{M0&IwLY%?@;w2HQ<0AT zw~>S$$g-RTl*&H4n}zWlRQg)bDgw3ehQEQC$Ng=&YYiIsFPyB`(&*)MchJ)EUBrGQ zgfG;C*Fwb5^%Jbm5EfUj_cX{puT(@u{-oAj#(L_VjnL_DOuYn*<4>uZTGQR8%Ox`U zx8{*5z>+T?lN4SRjS_2F*#u7}n|}wY@?CWP z91#W5JrT4(Rvh4Gp@sq@Xu&Z7C3dZR!5{YAfL=k-{HlZ+$n%%~4Vk{?F9waA93XrLJAu*3n=sTD~`=&BOC}Cy%?Avw9$XkN1b0>d|EGn?ieU9x-%v+`> zQ5Fit9^4QoUh*|OWQu{RK+HLfxBVSn5-rn|C8l+f`|(1`Tg`<(tju-9&B@;j#Tdc= z5BhWt`A#vo(U)NHvTGJa0g2u!T9NBD<_D%HDpn+jjP<_fGS$q)49jGFj`<08K}V{n z1Fy<$&74$QsibK0O3})z`B$d;BW^FoQy0s%_w>3C&vBjBWJvKQbaC(@EPk*NY#3Td zTZzmS6B!#o!&vICAuZWOH3shQ6pAFdFuBSuUG>4`!``ar#?^*@I%%(v!g7A4;!93_ zrG531R}wZS9gz@#E8HMyJ0GPpRzc<>rr#ZF-O%~AIm=-=9*pOK1>NduVDrpRMVNE3Kr3P1IDamma!!^^0)Q{L6@aY&4=U7JMWuc*t0T)8 z5K;RqL)+b>d?KPywt2cGGmyqf^++S4_>#? z2E?oj>=Bl@3cd4X%LVL}+HH^UWXdUh6Ot zoc*C&ba%!6Fz_&p@}D);g#-g&qYQzbCVe#M+kW@xejyVwXK=lPLPlnS7q|3G)IlFN z3_@6Zo^mA57d^_C3SpF1OO7zjx=~rXw%K~cbEETV9qxm&`d#r)(LWxHZK_jNO-Sy~ zZq<*GqWr%#s}oTQ|K4u_pI{TstAxMp3e0Vt{x67nC=Z&AnC@SE5wZk z;h=4fzG6RGgYOJ-fh{0=3NEK4tntL+r-RZiydW_^f?j6h1?4e2+x`1UWVi;3E6Hj~ z?eyh!3yu9dM*gC6DlD^>pKb`GPK#vg-4epFV0(SEh7s=c_||HK2RYEMbS7aFH3kG! z_rTAPz#kR3Zr`wCtn(2REQuWZ3wHn6SLh6U{V0ge0^e#nFM1<1UUp~zOl^DVir#Ab z2SvA>x)PC%y$*B5ro~Rzb!~F!m|Gsazp7i@UL4w%Q0Bbl-tW|Wy*>c0neQLdhx+|X ze#n~bHN$;v)@d|eJCk@CtX{E>Y*PE%F!s8uaQ988AjOp9%$;xnfY7I`ex0;fuhT-U z0Tv<6C*+p~l3EN8R+mavh}sAlrH1Wg4o-Y?o^$D4(Zk>M9oe@y)Wd)9n2f>JssLa( zF0LLpf#dbxpH(JWnyOu$@8Y7Rl1o?#K>Gg>((}&}A=au-Vs?1(TJBOo4m3-eYU7xfURQ^zJMRl#x#@;j9K54m6r zVbKHtOK@@J2wq(oQ|TIksjKjM*MvUEV!MGf=yG&w)UmZopQ0}WB)P;tsR_(eUp3%A z!;AvJIOEeYnZ{RD3Yw1jkM>xJ2N!ie45%C9JBkc-^60yJ7}mM-lnPoe;U5gQ(8_8& zHc@s!z$L9>y8E}Tv@6ZmnSBDq#O#A%g`iyv9CmQokdzA#(Cdk%PNX5qoff#+DkpJH z4jS1iYsUr+yh?u(%U4`G69TVm+S1!*|D5Ho$LEcL2j2!+%NG|3)x|c4%l~I$DA?Fg zKp@$7A@TrKi<308{;$k|eY$GG!=M+F{Mq$7tUOW!_S^1uSa)Pzr9&4vl3yv1x>J(YWQB zSiQ#E4a}gfXuX4fP~d-GyqJ9_zoR@+j+q}&H>Au=h^X6HJ9qMPA$c%bkSHtIEgNzN z|6c_W47=Oro$y$8z-WOuECs;)9JPyQ1$2ET;%PX6Go*F>Ni@EDp;DWn=fv4k$^~v! z4R7~o1ba;1>S6wc>^Z0;)Yk@{wtyaRsk`bh4KzuiAqhyTN&+kBJ94pCIlEOY3BpnHLrWHyu^tt3+vp_ zgQ|+i7BF8q0?dMy=cn-o%5KmZb?!2U=?X;C z?cuT~D1Fp`W*z34TfD6N@C5jQr!nwZ$GMqwirq_CR2=k)e-{t13Uj(3Ga8a zDYN>+Tqjq}#U`3GWwtA$O6=L`V}iSqM)2r3sAnbWa7DrK=7DL+w5j=4fut7!rd}8u zo2_56j$My(qTRzBf800}8M{C$M+>><2)S(+1PnHcl7w?l`aM&b41)gj%&%_E-nR(f zS_@_W9ZjEYgV?#2Rbov2T86Trf)&>d59oAhfIEP8g@mR<0Fe`{ayjc3j;2oo+{VQL zBtsOWsKI$@yhdtuV^!QqUrI!9Jv3iJvqAt-e+Y?Mo~)o95+HdyHGmBkgxI|dWLp>D zxdP(qA-v$F4%XmJEm?G7Y*Mn9oLN-0Q}M&|JC3|{PQol%kc>wro-r%=tw{yA$QQ5` z3eVx2)w-@KrIEf!Iwh&cqD2zyl3M*r4Y#&CVbVM~4zo*L#l*En~-S+TpUn$Un*ALt{sL7i}xUi-7Xv_z57 zs29IC{iEv?J+}vUdRbU{a%8) zZD(jhRhos+HPkrcdZOj_O}Zdogs!dwf5S@nUo!Av#4#65yjWavfJSgb73 zZuyNq{v1UKuK(V7woE1xR{bH$M>hK?vUo9ZYpryG)v{g~=H-F9pdGnL$Nk_3I5Cok zx*?|Y^t9Y>3A-k~1s|KVf6(1`FPCep&p1I`y>R)m5=ZiQ?v3UoxbVc|O@m-%ptOAO z#~^YGi!|m}&wahzf4<-O;Ax29vujABi+|%Il>l!OrE-RK%6Be$0o}h}wNgGPoNKur zR3N}jP|)mBDC_d!br^o%UYXm;{_e&4)_PL2=$S?>5ncp{4)d&KL}gAt>_7Cf5X7Vu zArCSJgqf`Kv6fk72U=>?)<(&1f-&HdT;$f&$RFv;g*{~fqYobjOcd1T69;AB2-t*o~iR$SBegK6>+cSzwt* z84jjEN7S-^>hJzXLm8+f8fKg63&dbWcjWxfpy#tulHiyc9tHU?1C|oJk$qA?W8m%+ z{8mo!&U@7&?iv;emAfQd$E;_SX|ZI%wWBS44jKCaaO*_qxg-Euo(Cs zM6HTV1lI$>W~2|0NTozjDGq{)#J4-dOhsrLeH&n|w5n3#%9`DK16zU|NC^I4YX+kL zHeAmrEqvZ49n&@=d|vNHx|R1rHan3s?B4QSo8xaSlkL?w__~8PN}eUoiGOlizU4Tt zjK1F?L@Uj*izxFc=C=Haie+Yv zAdw>>DkU+K*O%iMYK-R9^Mx4VncIIh1pHqa_Z3oF_GK!MI4mY|l6zgJj z1z|maE<>F?qKLJe;n){W7T?k&8`KEtVVDfM9G}1onhOpH1nIH;EQJ^QqI;C~Fn6;s zWuy2YxAzP#a}>Cvt~vLrn-a64pOd0BOha2@gAUO3T~DLT1Nw$*+CKHV?6yl_!kE^D z3=EnXsJd*Ly>I_}x^mVL?hnlSby0P%zK?mZX9$0L1ufIQ|DmJ;ypj_AOXAle4}OTU zUoo=%g%u%k0!|rlK`4d%#8XS375cDYm$JuGX&{Dd`3&IE=7q|GACs4qoPLSxc#-(i ze{dgTGiyN36lDD9w+kJ(dcman0f1T0qD^M;b`AHDhf_G3HyJg^rFvTbAJW(d$g$d;WdTKF1e1h~& zQ-_E3#s5?ID*L|*etQ$i4>DJW^#`LZg39bCCt!ea%H7Ys zV^QqRWFQD0uqXzZJD%ifzpje7#(xLL!EH3NyMda*dRK*#ogKjB~{Ltr?+2w>INmYxKD zPB*2{&y068WfxUF@Ok&_L3bA&+yCNVSpEh0>f24{P9F+O;opeJ1fucU{*0_+@fNuG zcct`e${_7*-=N?3KL_+J?@L4}qzwsGg_4<50s7`y#La?9Dkw-T7+EZt;*0?&ZgVfM zFyNcFdNwt-6-xRlkfrt-T zo6wp=Dtz)FZ2+(r7|a#YSI2=)P0jU5-cOiKe*NVZ)01>eIVsb@C;?QZxx-qVa3qPoqgz#k4)MxQj*=~ zQI$#kR}Z2ClktKg75uDCaRIMPoH)<{C&$|<(<&9Jeeng^8v23u!m!_;c2;rBiG}U_ z3bwQAq$-V6ipGE9?2bt5-T*;O~O8k&}QJ}CEt4ssgk5yma;nB4wQ?|91t zypH=dksJ`yPV63DSwop*FQX1Vi7Vl{(O^-5fVn&wY4UjASh?#qOF4yRZO;7@u~Uv7xXz$|9%A z>(cj=qaI3)MF%SCa5ME*j}5ky~YPsHvy58Y@42i zfr!pwl_HZal~nJe;4#y3(IDj^6Wz6s0q$UhfqviA8UbRY|R8D1lJ z&#-t)63v?S@c6%2jW~GF5Ee|5(}8zrw$TBf$HcxE>t>>Si3_0)7C1fV4@7}of&FwY zdNJ17`?>oKVduh`x0x-%0d{K;nI>lJ@0)Y^t}pnzj21M`{M>Y+EF106nU!S>C9tU4n-s<1(;J8{Kq`DA!;ojz~a0eaylrvtUf?OWZwYKN>lR z7<7jEKURYYNKaT^7Hdyfs8y+)sNK@c1pWypy?Aq5I+Cy`jxj$hr-_n(@an9!jY$^W z$mQy}Er9G#Feze1U%aBUp zD9LHj=tY#pINuw_pZWF_Jgb9|NK;Nzc{pIvv--<798(a$2EJmyU`(5R{}^=V3&Phi zoaDpSM(Z-qk4ntviL{I5M7DMbEroX8MhwK2cDY*7ctiTj|7C#R?Y-s0_TH<>EytOb zGEw_i2CxpnWgnG42T!u(LeoSpX00KGkamPe=Y`BS25u@CEwF@G-56?o&u>f3Fv{r?XKN&Jp>kSysu^J9$F_)6^ccGkk&Z1qAm0%nb(7*8<2d zIy!jv%ny1TAGP{A85O9iL`~&54ocPxOc+Sn+@8dohXK#N!;NA9i!<^BnZX9dAoV=m z8+6PP7w)w!t3A7Y%q^wz9)I(d`0eJ~iAkc2_ImH@{v!7_iKEs={8o%*3Dfo@Lq;M? z1}?Uo+$CJtZ0qxfCN>-CUIZS*TG({>m{aL~nxrbfyITbOnlF3iWIXeHC9)#u`BQxk z+np*$Hd|H#3_HoVv#OF(k!0Oxd{}ZRwFikmj zxcgzvK(O?3_d_vAA25Nn3i@Ko_=PBe%^&ije^yC?v+GA)`F>oolf^HC`sotb4Ogl= z^V7y?iUm#*Cc&mvNH!oN+K!f`esIL?bNM5S^L6 zy$Is6R!pq*T@`M0#GmPU(oz{D515jk{!>z!mk6*-(=|``(=Qi1NPbJR?x7rAzn0vs zAcUPDU3X+Tt4|P8LvnO@r{k@~X3tNp^)qj@S!TdMLR}+7ao26@ZR@WKAtD*JwKOEd(?KmAjdAT6qwl|^WLrlXcpm>oUtA&>g zdElUgoQbXDiBkqx>-;cI*}*tvAiQhW2eN+kbIBP1!UNU6v=%n0``5Pmx4?nu z`-{UvGtGENz7@H)R4X{6Vd2M$aysk@L*F*CW^wD}3&mJ0ta68MdVv~Iu0kf(e@HHA z^c#i^bU1s=M5b82>F!pp{@2)42nl28(G+3IUF9_6CWaTEEpeH@A6}T}YmOwpYBvmA ziNuq^8!x2JdTzJhMr}>o`q~mXs<(BkTlC`1bH+vibG%P6;Dn;B$?O4-XQ&_O;{9#i zZ+bj<|1zK=#H5~`4i07Ejk>Kjsb#E6780-}Lh8@u@K~G~vu?>$MKoH)F`zPkwS@52 zaw~7X>XUEipG{91XsSC?WyXg(Y9P^aeDn5A1)*6aCclUDDm%UEg@`@9Ov0JkK!0IcJ}}_Fj9v z`IF?&}61kOFE_4P$B+MuTxzcpJS98oEGstv-XEqI*i)l z$41I5aWA569k)8Zd5OIQ<3F9eCvr+$;q0tcL&qoHwrA$h@UC50{?m+U1;F1M7jk-$ zC;aG&b9OIzL|DGI)Jz znk#e|C~iE@30*tH*Q+o5pnQDMj4nw*641)jc7ys2CEks<4hH|6o~lZ?wt3^NzUtkm z3@IF`jF8lOKMWK!TP+mVQifjl%@-$64h}EnDKf^9<34DAbk7Nf;l}}#PruVq73z$8 zn{1Bc$T9t z&}ScuYfHdm5N})$WYqy}2~?^dSCxZh%u6}n@<5~+S}>!mCVOAUh%ifgJ@LtxH^Pp>iIty3T^=qkQsGo=R!NrhRyeQu-@k z<=$sv0*+E$kx~{RmzJyh8C4~(sU9p=LLcpYx=CZAL`v-#l?ONmY_PJ}P$B(wrGr6{ zs1R#^Dy2hZ;@U5*Y|tK7d#OPAg+tlyHB(bk?`>e8;fBM?Cqw$@& z_j#$8yY4&HJ})92kF)Q)3Q+|@61-9gX3DHLVI)e{YrfUP+hLqFnZn_Q_ZqCCeg;)kozWiA+Z_FK@SjtwVIkJPNR$q-4C24k zvKi)-%Y^VD+b8en7JG;iH?uyBgYC~?n zV$G#|ViccIy;YfqxobM*deAuAW9?b*Tn%3aTCtnvTU%CVVhxp%uSx^}2-J?W_&=V-iT%33c>R7KZYUtZbFR2q&&ua^&`3D+C$XBR| z#{Ph2N;WgN;Yfh4MB#zyxpA#kcHCgD40Oq(#vs!gsSykk6jnnoi(@45biX;ev$30n zaRz9Ly*sl!2wT60J3Q?Vg`Yfc{9Lfk2TzDK`@at4BQtw{Z$B?1B-)jc3kyj^hBd=7 z#mJLhDx;BS*TjbWM9lP6b0vTuP!tjk`38U|{r?&&aPOU57msgZzEi>NfoyJY6IyZG zCW>prx0K9C@=Z6&+}vvO%iL2SoU!%j%U2g_;jCdzbCL@)E5k$EM#$$qkk;m!H`Zk` zzO1cK`hP=8ZV=oD^|ORGFm$%%C}IrhW_%VjkfeBA13JhkTd5yIeiGHiwko~NyMJJo z9fOGpv4*FEf;kr)tpLpn`x3+PtH+YI9_J@zF0F?^)><8CrN+%BDP5F++Qqfaf9ha( zl3odQkJ*@uoqOS(Os;qw^41V5ErHQyb)pG-qplm#;ZfqO9LE>ZZ+ zu~$8@ajR>VhVgbVRX<4#>%7eS;S_cS&}G&7F-0+u)DRTK+1EksE3smM{XhREN&q~o zKr=Kq*R^c!6^jGL3eE%8R~L?&L3}PSWz=N9g!@^SrTFtHSlYI*9T?xG-6C2}x`k$6 zlFrFD9L!POa^}kwGH%aOEv0>89IEVVS+!3($gxjKmJ;&%j7@8*U2dcz#uVoIWp7;K zjd`L&0(>NoX_V!RVRYU9H}g3bcBI8(dfU}~*AF&Kx2FR(W)s#A z+)iOKL`8-RaLvysG@)m*8=bmrv$F!&{~3}?3&$0D#ZDhquS!g}c)9G$A}~(V&`T3F ztf`;FM3|hs+f8Q@+cSa9G@)-4{x4U{ay!Ug&66v9X^iO`1}IZ|_a*M@DA#_=COk&+ z(7b)nO5A7cw>WahpeAskNOxL6Q=>{9<~UUg%DwFFmm~dZQ9jB4e%Ng?z#bLvW!6v5 zX?-Q9!Z?ptGG!{#cvQ9-QG=p{IW!Qtyv)c~pTw1@q4&!yxt3ban3vJ<2gp#f6gQ9m z(x>dvZ$;%7uK{ET4+I=SnvRfOFJmK$mW{El7}p*UtK_(h z8evB|$d{_flvd%@#2Xh_XPRM4{SB&H&y)oTRu}85$F=#zIM|?rpdo4JhlS?$ zQb3$0;hDlZ{B247nM#x~c?LKYnzUzV=gX$il(Z55k71DHhLLy?YX@1xRdl*mVYn{p z-H_CpODM$RA*z@=+sz^Z3nLC)hy@6%0##h;e!Nkx+LPlSYESZpc_kBKkYY4g(&M9s z=KSMnk#WbY;kia;Wigka8EJ@10f!&zc&=D8N-Cjm7&AYFg;s;0*eiX5f%{sVzPXD2$GV3a&4}K5Di%G@mhoMXT?Q%@qmbHqt?uXBnL%Q6|Pq3f(TZr3^NsuCaCAAoRu#|tU3_0N);E(3yKthU za&~_*3LGtR=sb!^G5?wlb&l|}T;6WmX_)8)i|ny+O!JR$FIVg>-jYnsmSgKY+pypN zuGqy}^Q>nn%(B<}#?tKPLFi#JN4A8zwxoy?`rxy2WXT;I;Jp3&gZ&~gvN?3Snla1N z6a8JWa$kn78&N;!`S!0z>JJEnbuw9guD7^u1bA?Mcl;&y*RlLZ-_yOkO5NSDvK)1+ zACA7)ofV_1D@n>`^1q|z-RG$KensD1d*4}pO&c_D4?}ZrMg->p$q@ieI}n6rT>Xv= zx>uhfjtj-GoIx+q zmp`itT~FNG-HJD{@Nei60h*|z*9mbMUx``%$2q_y9k$wE!hSAq*QJV8=}Z&1uD>aH zm={4m2&zw(^Enc8pEiYC%!iL%K~!ZEzsB|O*)MrGuQ}&7`2B`NqS1Od7cwy~Vh2~P zgCsO6ujaHQI}t5OMtrGlBd5bVov#FaPHz95=;gFqpUET+P^WHW5D&o|aET}b=VNyl zX_mQQZ-{_46Qm+$5s^z)|3}u#l@QSC@GvYUk2%c>c{}n;_r6c(7cfdzM#|^6H5$O! zT6G{uIp(P}&DZz6gyWXUn+^@v;AEK=p(Q9ZZ;9InMI)^4JL#o4c^4E`%aDb-b}d>@ zE_?ydtL>cwO^RJ;KWSLjQ!wqFne&_4Qn(^ytass*D8G>@^z-t~Zlw`?ccwI~_)I)*6bR&;uMv{*xl<0$3_Mx2s{=?3YR1I(7hC+9$DlC{IgZndLsP?NdLi+bG{aqUhac zD-I12r-*y~E89#{ZQ$}VOiyiaP$tv$NF{9YC$YaS8+Tw63e(=w{;)wu()Qfc9M`&% z_0UX`Q;imO3$PSUoX&J$iO;nwdH(izwWg}i+PKKn_En!Y$!*K8t&v zoZnG?&1LkGX)b|lwb_2Uo_oF1m02PPd+DjIVdS1`-hG6}@I<^uG}+)VGv?Opk{4^s zkSJpE{`rgFph1tkuIIfUurzH4y>ReCWSFiCQ#}!xr(ET?;q;Mg@~hvkM~Yk(fRPz_ zb+)wMC^jEC+FS-&*Tx~bXRZ{;T_{Ol45j|`*tlc@W88t;+|Q06rX(VgKFutAQp!dq{Q?+goEIq4xMp6E_vtCXl)015x#E zVaD7Q2vGyaxQO&D0l4BUy~OR)x%tH?1~&1`gID3VQJ&vkM6;78h9YVE7*!gH{_51ysbVQ@wprx`vAi^m^p# z92z_^N?`Zgp`D&*kUi1KVP_&3qRt$-kIw&55miljR`gnmA(|56B4;qP}fbY88^+g18 zj1bETT6FDptHP%=A(tZ_oIt2_5ir96QVBiDnD<&d(yzq6!f8cGA2FcI&QwS0OxE#2 zli0epet0EQS+fV~rH`DEG;7dumuwD%m(0t$z*>wQ;1Z=o^HliM+hgv;p&D%9NRV60 z78ooup8zm16oLYThNe@cO6VK-IiqLX@65$`P`3PPVbGRd5%Aq>XhZb`AzD$z>dfKJ z{2hg;4jQATK%C}*GQ?=Q5%IM=Gq~hJ@xOSaU01AzfiZtFPeJ)1a$FHzkBpJq?Re(- zRWX~y$D%?0^o!%@UOAA*SQISy7W)KHlf87utq3i)e<~h{kR{oa&M>+KSqpofB;73x zdhhku*MzAwwMWw}y~uNcOI|}o4AGcO*hjl)udqW9!KA`Ri-o@XZ+Pbw#U>aSo+tA~ zm@&c*673%dr~SM=xTWH?*Ar<=O}0a$)fJi)>5gRU(M41XwbO)_VLn+DCkp*jgP5{Q11}GPGTkT?%DUm zBRK7o^fLdEiXuRxRyjb!Ap^0_9Dw!t{=aqC>s@qL(&hu-VUqUq}+M)uvbT94Be@F0eVVs(l(APtEV5*!2-0n_@DRhz1rx4Y}xNnP{dX+O5>wh?yw zhNF>mgc^kjt-m~fQT~=d5wa|8Sko193r99QAd&i8SYVZj^D+n@#Y^b*_p3id2$j?% zqj-bE#W!G>+g8)0USE-2n@9j%YnYf0qy`TZNVzU;EKSbT7?ifJGjTHfSLO6`*4$Y^ z4!qGbIT15K^lN1>-2L%Np(R#*h@_cAUdOP*cPOwU=!S& zGmCvc3^+z@$y#nl%O&#UWwc(FJl^dd?4Lu3=V(_AAp6Lxu$z97btZC@6&AJupk(uU z9d-_sjZC-FOj*H&+FDQRvM!N?t;;w>&Z>7!$Th5bg0GVlhj?>LATi1$7j1GzB?Hr` zT-#|pL%AbLrS<{DUAyNi(iioXGusljcOFcx+(;Wu9L2Giq2sRq-ZK>$ zV^3ELd#ZX*Z2wg(4*&^Kh!8qb$EDt$M8UAOQ`Y2^#v!5ZxlqfZ&(r!2qP|VJarkn~ z&)+^aG_)L8CTGicpr;>%w~zX?XsaHvZXP3%e&tcyzhHg{T}1V`f1`dbWF%47dGTQz zIYzyR#iz94Jt#)vZ*(|b^&Vf9fz2rx##mY>6frFXn2C|$u(5;OY8#E^Q7OQ!psP~Z zotOI39pw7hE?c0gPjlVfU2`hb35X_P{;RNVvblIqOce=Q5K>p-LMJbYPHFZ zNq8G6>*>L016KH?s(#lwc?87cxugJXy)!`^#wmF$H1Q#^VE%hc(T$Vi=J_>Uc|TQs z)XOe_LdeERebGiJk7O;`=_dPU14Wn}1l&)8MOQmBX&apbQ7bCuqbK223-&Vro5Y3pdV zVf??O4*r|J6Zm0FO<=EbD~ubU=f5l_msEX@46N4zK3zDY{=G7N_@4BfJiJPxV{*{}We z-Our8w9v8Sp<@}ukMstsSn~GFSfSSY32H{dEp4|hJbkef{U-mp#@Mu!TkD}ci?1G1 zHGw?ta=KV!FJHe`6TR&33)DZp`nD~Uo4V%C(6at^S=&uCA zGw7Pqd1H+M)b4SzJO=rm>vaZK@gCs=^Z@j;&6tEe!3k&KTax)XZNj(&N^d030 zzuj;Qik_zEmVd^LgQ9B01LM}OkuRO|7Fz~sLd=b0c!p|_VaGCRRA#Yu*?FeA<@zkugB9Nx z@0?-=1ESwaD^f;*)*c9kC&t3Ch&Pc_26(t$zpsxE-#3CMG{jPWnZ!2~noO&-<}3$> z5B&>=l0F~(&N%pXwVWUNVYc4IHJ1PeB?{AV*1-&cd^n(OD+W3;pE}Q`cdm)<#Ybi+fWBZRR1jyTG?GW{oZh+KHUTak3mp8p<#KAE)V;2kQ-4~ z7=KU9Xg*)J*vBUUzOEP32+JvfACH~3z^Vq&pE0)YaU}Cf5^LQ5a-8SqYjX*Lgii#v z=*BdB3viq6^yxiGOs4u&Z-?oe3#`Zjdt5U&{d z=cCI$m9^*fRGVuHir*ofBH0j^i($vqMQT)Ne{ULE$F1u)x|zGjx!<+`$o!YEUNY)) z;Q8wEsa#Lzc=U?ie3|t|$LezVhE_lK=UFPbZt@}mzoySWHCfDK5wxo5;UU?dpCVsF z03}o4{{$(QjS$cckDK%f>r}!3CBEaO8YTW%@7nbJB3XMv(DMx(&M)jmjZ=hy!hDxy zAw-zazRNJdX%Ey0Yj2dIL+fX=$)w|9KMhvYriNgSynMs25b&^VHgjC(FG*TH*E6Am zGxuf4TB_vAlB}q;oR03>cki+u=uw>jGr4Akg(UHF>Ge}N$)!Olj^+f*nf0Nc8>hyG zyAP>+Sw3Gk_IS+o4Oxs`t7WxtS@x^wkW;%0rjx|M-@g6z(4|42$gDVcN|h9frdf`T zUe!<5r<^p8P4frN;TG13I9>9!CEvhql1>L%{f_8kXMEZ?xdFMQd%(eWQQVVe`7r;> zQiN*@a6GX;a?&+hMoP_-JL&wfx3Nk~et2C6%xaAF1yw&!2mLZ)o(E;fnOg8FM|)=a z2d!i-dPauGvNx!%7&uC#c~9THp&wBCtMkF|LcbVArw4UvI5)KZII|4|+Z8hm=uY7$dzTEWqwXV4(B#=MFl{&6X z*z2iMb#P&)+2^t46S!nMdt7EYEeua&i$Cam^kvY~iJ$Oz=lr!Wd35&df-Pqnf0)e? zxTD_i&ofCO1TmW)zM%kzciv=`V0^;$>SP#OVAs1NJt&mwl1xql?EKH3XuYdpS#iHe zp!Nifa@h5VeR?uVvHr;Ufg=3prk6%*eV^_xd|}|>r-`B`yb2F}wF?_Ij@s&0%VPsq zHQZE1kpgTswiU?Y724tT1y!F%fZcmIp4Ymp)`P;nU0JspGb3w*+B@CdfZ9yU%op`> zMiI1z4F7OBL{9$?$!Ha&H9Ay0EHOVwwo!O3uIDtk3lV?XY$$nUDeXHUs0eM!=UrC$ zbGkr79^$EQC5OJ``Rz91c3Kwg=?Lbquq5~yg!y3q@rxq~E)2FDxrv$DOqqZJk42v! z8(LwmDSUrX7VQz#3{c%cS8Xsm zA|kBv9h`wWy%|CfMVw5w*T$sFj8sP-HGBGTxa-pNQG^1Hnv=%*%C_;jQ419m)-;FI zMx)@qh_sE;zpy~n=zO#%SxSi_@1@WZ{CfSyLzC!mr1;0yaF=Z=Ux({n&{{zbWiK&> zCJ8?MfwmMxk%!`Sp+vO2_+>&1SIKkWLeH6Cx+SI}$@9O1U$?O~F zn&Gn2((pt?Uj*KQug16zwy|ZJw?%y%@%BzuCEI3z@2UW}Vkb>bQu2Iv2Qe=zi*{@b zQ(jUMOhSU`z!_eb-^phjaURxXTKz>lhWqCSEX*(B$n?h#VXyMC{=s|%xmWkAeL-ja_>xr#a<#SAysTP7NLnY$mFKjOrkhT6)&9bV%fe_sXMrlU zyjn{Vc%0k23rZBvn3U(qeuW~yeSQEF`0z+%3qT(>k}W$ND4f&YswBJDMvbIlEx6;V zWd3F_B!`F_>3gE^;=U))0s)V)H>uCSa!I?S3?`B*|;wM1^3BK zf%^=TC=v|?=EWu2h+m1v>g2R{!px)kf(FSRx3Or?n8%Kb$3*$O3zmZg@l`!4h>uie z`x>RtIDym72jSptXcCj5D>j0xm?_4jW0YFCu*p|{(Vo9ff5812fiFxC%R$z0t71OA zqy^}=RQ%pFySwXG1AJ=1u$fhIYm$hhH-lwo8G)mCWtUokpAzjMq3c#C;e%u|%)Gqn zwA{e?tv+EIqDbU%u_iz>yNHzF9K+WQE z?L9w@_3UY9IscSofyZ(EJ>;oepu~bH#hIzZ7p%$sHZ+9F#5Qu83H>}-O)2G!s))yN zZ)5{={ny*Sidr2z1PooSt*m39jS)_T+Yd%cqT7PfuMEuBHtedF{IURzw*Igl;;IKT z(wL%~f;I$p4@0mrY^?nmqkms_+u1~HJ7);}(|)HidK66I<3(iXW%oqNCWbn?XI5E4 z%Beq3Rz>M!@_=pdogB<}|K-&&p;|X;KIGvROc%ni=Rw_@cCq9~+eX#mw73HhTDlJeSaLV*uGg5+3 zA*xJzuk9H60iwTsA`9i6dOfVct+{-nb%r6s&HW_U-#sR^(1RX1xHjjcD9P#r%?ks# z=9`_?t{E-5UNew)-AMlTV#a%f7CmIdpt&Wu)S0JZE2d22xE>Hi} zzRApM-G}kQ$>P1ybFw^U#f<2}$f2%&)3ehD8N;*v9?uOAFn{-|1?A9X-!TGr*Pbm}pPwCtr!pDW;0goKJf(gMl9Q?`CVbZ#vAjj-MHj%F_Q_C5k_Z4iu z8Q3>MhGFq?4mh9t3!=3WkS@QMbQ3ppnmS5VXKF_w{Tira#EYD%)5jJ;xl6NM3*Rdr zrcn1M-w2{s@NDDnwdvy&`z}2RKJwW(za?7=vvq-*&yrHG9l)0oc8dzVJ|>14aN`~{ z0h7O#eL&uR4=E8ODZeB|3+{oZvJ#ym7+qs3F&sYoj;N&`@Mf@*x^2y?)LZobGaW8S z3TnEDKc-_;EJ!asLl&b{DP==8Ip;^n>dzxU#+3-RTQF|GT(VhNA@1WJIkH#o)hGa7$ysa2M;bjC*tA_*Z070 zTV<&doD?$+`?!>@`{o$vNIGJ}F6}wXgSW%}GScC`)rIxAU-i&DmOP=B%pY8>JoHT- z!6M?3%6U2A<#m_K!;^V8z%04Dz(QlY?`MRdYpy-k8C`DqQTpHtl92P+Qb($*%@N;y z_1emwBf96@;GO_-XowQ`%*f)oL!CB2A?5a|G(n_Zgq%@1c3P<|k!{wZkRi~_&nwO^ z`r_Yq*@2>jyriiFp{ChX47yS~r+~`AowwYZPY-B7@XmO+qUym|GD9Njmy~jC$${2@ zi*$&(d}>XP$~rxoIgKzvo}bw(ha=|~4r*4a_;}b8m1=pjLN0oTD5tC3e2euLHpL$9 zii1l9fp&(`Ka=hl+?x@+R$hO~M|lHB(<@1PG*5|Dr0_&@ay#Q;A>3X5NC0>IY?kx9 zbxR-*JomsqT8jn~=ogLiN}w`wD|KZ4M9Wq&^Zt0rFPZ!#`B%Ey-Wh#9mC1aDN;1Qd zb$4^O1h*0`a+vCSEo8SaBR6!9mv|3F@7pD;#^tPc1F4&JwXH^dEab|RpR4$CZLwN7 zH)7_#>p*|xd{$B`5vOOHvg?+>uMTLM{o*N*_VZ8XJ4+S&Js;?a&71s_44PD`s51yB zP2o#^`o=Wzt{bGhOOc?P*tu2%YlZ*a}%k$B$6;L}Cuvmaj9%eX1b*57L)Ph!HB=$*9PwjZr&ND1955fIbatCF8{ z`n(c1`l_|rG%QVM?!SU#hEs(3jvPf>AEujinS{cMt{yNewg=wk@=h@nrS0&!>fz3* zInSHTCw#d8djN+xjC?QyXT+^%wO)%A;?E4pFgJ(4t~51Fh1>jSoG zInBW~^Jz+Z5t~`zbJdZQS2GLU`Q(1f2R9KeULL(Sx$Eu6(x((P2Foju9>_Q9k%BNJ z5P-<^}G8XE#uW|S};Ir?G+-7!)e zvDO79k6 zNAg4EN^H99JmCd~f-++^Mma%z!aZ+G*^&!!eoTqMpavlE7!X}R=&o<2P22Nz9oasD zN^nXUiD z2nA=&Jt&`l3^5ATldg#84eDqynYoW~r=0F+kh}u&D7`2p)B9W=O*g~qq_+VF_P`g7 zzS%&(oKZ(&S>q%_+6|Se&ZVJ?FIC}A&J`8(dWGpTBjYJ&{N*>5GZ0Tq6USFDtOdYA zL7ct(1@a;N>fi=TF0RL+&93F$&kB)=?gXH9Owcyd+VAQd1(cx1EZ=ctz z7VUZ9?*5}_;^Dt*A~LX@`H1uWmZTY}@W53n1M$O(n;6VNVFSSv03lNDnFM?QboT2rqk?n_)irjlleArePZQPy|;_;1Yq z+=%v++C=q`0nI>t`le~)~> zJ#}WJ&1Zl@1DboBrCs4ftLl-dJ~}v%m@qhDnofSLdo&mn1qNPrvK+a_oU<(||M=u~ z1fZbp$J`Ty3>;iAoRH%O+!+nb7bb*1?7886i2hPz=TGknSDiz~dn3<9rjlR~-eH@1 z#ec*Ycs?CEvV}6Bicnbxar5uP-pS>wnh!spYBuu<_vYDxZ`R}|6 zkUtt;J74#}7@d!sBazBQV2r_Yd%pB*vjp%E#QQ_&M&cPy=m8m4}>DKq~RPssZVvobyY(niQ2%3|I7_oA1l{-$Yu0{ji$ESv)UU zx4_0u>l?RI9zS+%jmeca-+n3s`^E5atcs~mh^IPIi13$ptabahZ!wTa;UZVwV&q?B z#Ce281^JXYsuRZCK<~uDWr`z>%2AtvcWv-N*7K4K?s@lrQ4ZSco#pVEJSq+cP6W!t zV@5FHM7Yj=Lmb8ciCxkXvf-mAfE#nGNJ@;2-hedqCW^wy`gyjW?XJC&J@J9#EBaEa)c1a&8ozYNmDd`i7m6~ z<9-IWRjpSYy*Qnx!*APWa#^GsK2Kx?FQcMTK&FD}-QQ-VS_sKvDv zp-S|sy_hz%cssmBsntz(rrG&e&M7n_wGc)U$aS0)kZ3YBfAmV8NAic^k7dQkqPf77 zF8VuyJyryZZgGv(v5|*E1Cy*8t+`< z7G{Jd8Bw34M|l=c^yWBG(7Z*WP=dllxHX@Xg+k_TK~d{0JeK5T&$w&c9{HB9C~R(a zpVk6SGOqR{6N+7Ax6(&u6#zCDUh?v;pJw#d3Adr^#~fuB@!LGZ}=Y9RTY|e%!`+>kW~;Wn&w28ZYVL2@9t|gUG#5 zndUL2#F}>E=#SdEcCC+cl3bm<-DrC#W&)VHzS=L+7UKKW$+RN?08|s zwbu`30v)_8L_>PGvlT)t(@VVG*U0Zv9?w6jhtud*QY1jbNHB79kOP&PL}lIQ~JENq#LJ zw~zgcEoPu8yh!4YXSz3Cew_dIfEO%6v@3%=4&4JVWE*ijo#?IO%y(-W6Vh&li{NM6 zF{kQ0ax3>)l|eKL=u|MWT@Xd?vN2%y_V%~YKam4Ai7LevPy4dVzk?s5k0T4uU?i!Xl=nSAbAHA zMjALjDN&~^!WdKY9l~BXowjl83?d$GqRSC9oKp_IWir6tkT-0|#YkL6!c@4nJYAbW z@rE3xX~_t&d^Ck%vv*Cp3Y+ASeMey4JchU7xbN-kevA?2aJ;;m%WgO%9vT+m*+4+c zTT~jGx8to7_NJ}b%!!iH{lY?}wQM@HRS6&~=RIN}Dg114mUTA(?I|JaS{0eRtM-MQ#ie8} z?Yt}n3tznH5@j8y4bX*#M_tVDP^sWL#FR;aHH!pRiUb8b*beowCgdol(#gc}W8Bj^ z#D9D=L|$9$E^6%!l#lA3xQ^7)|Wr?5nH7$&0ZF;2B zH+H;u3^9mr`Y0h?ZNs`KML?EcljcHE&ZvYikwtNQSJ1=8yaL%^gA9JIJ>%Y0ty}Xb zuPC}G-sYnd;LPq5+(>dzo_`oGcn~nZ8P}?OoVA4J?Cxh#G1%QUaZ7M>lWWL&Nrke& zePI6u{7NWx__&_FkPXeHoxJi@XqH&7t5htZeB=BXVoe>h3EMyf~ab)UIqm(&WR6hGHJ@@3Z$Lfb@< zny2{+J|$I}t`l^3x!{e@+>`_yu#~7M^4=`G;h$(JSy4@@(uK0)N!gWKd`Zq ziXvwCT5zzER_R#(GC(j9!sd`JR=*6CH*rF>Ha;ST*{iZBLc)gP?`EA?7jNxbyLS4f z4JNj9rplea^i&bE%Y;e}lI>nXm{qgjnjdz>4ic`4R$tui`5Dte}~s-I(vgH0ceTCY2zBcfShc-C)! zG5@D}IEcvn({?&b*It_|_k${lLX1wC;(Y)zW{6)?fie}dQs8;wqQ3*e@N=1YmdbzWX)*OJwHZ z?kt?2ScRt!qV(>q-a_?{ohycRFX8iJd}fnouVxpuu06SXM`h;6 zfs8HZJ@mTgp9oSLPcJM_-u9Xqa7!i*ZA)<^Qx2v6iZljGCa!`^C2X=|Lq5OIosmi+ z|16Ces0D(w>D;8C3dJdv(!Q%(iw%O3~g4W*g_erRHV5Snq-Ndj^9oj^S<^q3G zys@+LD!2yAa$0YS)@SyJc*aGQz6NukC%xnP0&bm#pUe*0KMiep_yHr&W(;nR$Ar%^ zO4iIY{1hu{AroVg`695xIvm^{^f%uCS34NrW@X+GKt1G2YSndmb{&^hOd)f*jiyEO zA>DkzAzU9apQQ`WBy=j+I`KSN{ z{hkBr_Auzu4O{v6PsI)MBKjbU>S~ac)c(!T`-!8vDFggmmrknXIW1Z%l)Ych4gMpy zYGrRrB`t5_RLEz)>=FFH%r>dvDK_Mf770ir=kQ-xiVW%EB3e8hT7^Cn3_ zHFNRL*}9)EXc;(?^9KRM%<&EhlwJfph=9I0CO(rivF;Z+)D^#Fr4=#if51nE?tkAw5UIVG!ZEuc3;2mfrMb$*y9$ef^!+4SI)F?_G8m{J=Vrx+m2-RG*rRqvSQ*!+Nn?ia2j{`r_h z6+iUwu01}u_A7N-BYByGKPXRCD+dAH5eI?Z+%OR+xXI_d-A?voUM% zr)((w4K13O)^)%aW4uDdaN3)bIEcyM^=mFXL@>ylzgM?r?B9JRCD_rUSX|iw^4stp zk_Yi0jDw@UtH#+@CM$6N$3kgZYcrWYJdCCFLt_a(+lY;PRx6km$7Ph9G+=ARLR-f>u*e2>j>~QOMp(M` zt-v2PLV2*sa_hfioZlwM3d64=U9zMAae(xp($aA3qy`*Z@Sl}3v zg!xa$S&2!9X*($IrM)j+RT;Wpr(6D2zgFaL-vTkD2-*xp%n|l9&}Hp)PHOn@#sv@NwL>_H7#3fA*o?3T_+0KACI~$!m0tA0-|ZPm&O! zidLV22QJ%K>hl*%-*dlzQ{e`AL8tQYXDXHguZ5vgsr$}2fRR)zhh-S;W9NiD-vHSUM^w)tNzxBQf(hSec!2{SH-b8i=Kvi59viLadc~1Yo+0IYWm4l zT+L-Y#fQ!`Iltw-p$CY-F0U~W{MM`f?V~;@nH!J>Geh^W zUEsC6Olw5Va`!o2==cOpvz40FSJk*F4`c0+flp1dTel}_UYGo|pfqYdRIB>)Q?37; zedTv=JDmmfnApRnSr)SOiY1oEXb|J&nYM$&?P;)dvy<3RDB4t?%2t)`?c;kFL_|MqyG?7v`sRbUWNvdFyNF&m-H+7G}qXiJfxF6c@jnv~A)u zlM!0xoy>kzPrSxc(^~bQDEv*!fSy)$k0*afj2Ki<|DbS-c0u$>?V+<~PVFij#x1Ez zuQugDf)@vs>ow4)m&1?6XR^`^wtHmq5`N#bS42Z_*n)>Hsou97l5F(uj-1zaH&p16 z7;u>pMB_@QA)BvCnRFt)%J~tx8|Y}aSlx_&u-`14z&mA#^Rj;%u9+9@VhcPP`ln*q zZa_@e*l@)4S86*WVt>uz_f1XYjgCfD!JFYMK8pxfBmnK=Zx9XMxAR_lpoVFNX2I!8 zrgz6&tiP~1O7Su78xJ|7dKPci*0cRfuMS<=Clu0JCx~sZpY#sZNfc4i_O5y&h4~QI z^RMJzWj4?H*VFPmS*IUW9yApzgbQW3yBR2Grzr5Zqtn1^m6R10@7x6$o!li_3(W({ zob>9eDTfy=MwAS1Kh(ZpRrJ(oiX>G$1PQJ!tEPRwJlof6Qi8DBz0AAfLVw)aw=rop za&rNr<}f;ik}I(~ezNZJoGNH%&<-41Q{%74y1L&Okw^$ny3J@(!!I-Hh=p-y!+SY< z_T{|n_tm{cKf?+AuE$R|Xy3#{cexqxpJuQ;IsK_w8szcpFoF>Zica=|cx_=8H9Co@ z6Yu~#FxLm_Dg0O4neuBoK1G$8K^2e*FT9_LW}AlA^P+0Oe$pK^fSG6T=}^zU$lmV% zW9llS;#!t<2*KSUxN9H;hXH~IcPF^JJM7@@?!jFG!QCymySoKTBDrG!)s~e+ucd&NqJlOz`Xz+wnx&qJrJlXOcaP?#1V_qC2Djj9P*( zcRp1L&)ykOIuK<30r47a(G$2fxr+a01!EBV#J+lEoXeMohufq}ts3}&v1To>+K-V9 zYtpBz)vOota+37B24ny7Oc=F`E-MGSj|G9LcEk-8tT4AzhAFZ^v;0!p&TCUiPaNbMt(lkxT{esDwIQ@rSBH6B_ zv7>m`_j_t7_nwm+rj(L$=jONmGSg5>iw4*uZeYxhM)M&8uQ2tmf|ChL8ePSeSiti? zIV-@tK*Q~JW|Bm|9*Vo0E1=B6DB~e-lk90KsA8aSy*%ij~6D!xk0+5+23Z-co!0 z?OlU#vffoZj|tqnMpnR8zJ`yZhaiS(RXYXowTvnv>TOQ5Vz-5Cs@3f)r;{C|3VaB1_Xk`lKfG@8Jnkx8j>C*`uZu*b5$vbl`uc#in1Gc zC1IaD6^6;*!m)8V8JxRyiEEBDfv5pG2le?lL;funt9g?i%3w=ZO;R*KvOpoAmd6kh zn%+xhr8eV_Hk?Wo+)el8XgmwDs-yVJ-!KGsP$+{oIu>|iTGdo)(JXY`+WrWgMLZz- z(p>E_UMVUA-{W}raR|0xj83eH>rvx4+Z8qz`-=Bjepx|UksPTRJR!@jD#M$6ExRfFWgU=H^`W9e=Rsc}B~u>^N8dS4%-P|~1nMu~ zyA?lni7KaD`L$?!zPru0ue5Hrr^Y+n4?z@T4}^GH3k^k5olcVUs1?Gv=xi?M&`V2$ zy_hMywP_KbS)0qK{Au>&*>!G=E~0ff*~-J<8o@f8uZvWCKEOE&B0{zhg~p zuQ%n%f@s>WOFS$gWi#p3i-eEo-o$BKJO{F6EdP3eD zp>jf}1W!BsHX0tgcHR~8%=E6pbLHQj!gU>J>f|F%JDeh#>zGyoazEwKRRn`6hv5g> z687w~TZ%DM4E0ueoG_rV>>C0U|KBEKh%mIyRU8xeXP1$Hp{lbtG{^|*_nki5E7n}1 zfs_@rG~q7mP~>peYFg`bTO`7@q37+1DSe-2jZyhV8mm3{G3cuY`SUaR9ci%ls^r*a z;%*GaxcehX2G6qN{%qb(za1boLvl3yFm7(D`Fz@Ul7s;#@6yGo2DxLs6aFM1 zp$SkU+{-nZ?x&?{_`SY!#(F!ou{GI0>?7o^Kb7oB5Em-Up4Y|l;1z==;I&oiqI-du z?7vt0zG!-AU6;JurN#VOR)i5>Mqz2u@#uoj>w%hM6#)+>a0_eiL!(s1X8hu_DoI?x zXq90g2`+;pYRIN7^>7A85M_jR!*QVnydAJUP^4s@ho^1sk-OUNdFauK;~0HZH3~g4 z>;|U9>f~Mrqic`a!o6uei=2%t*tl?Ns$7q0A8tdx=tbDW@4q$T69TpExhi$z>Ho8o zwvmSE2iF+IhYDBy45i1mNexyW{G>0QJ|jS2BAt=@o8V=qN693Z zG;B!Db0%8ENr3yHVkOGH67cqT9K=i3g)iGuj-iBgLNGm@*%RYZZ<~W*{_4S5RnWS( z^t`EJ)j>d<0sm?3+JiEv&1J>S2GqqzA$2ckaavwg?sap z+_3w|@*a_m!J9CLX_|vg-P3c!drTy5 zvwcM37oJ(En}q!B%oOxpaU}|Evh)nI-o=#kG;bDXrJlP>;eFz9%)>#k$|!&)t447T z6SpAe$xIvy2JL`SF=aK#HOZk5<(I|B5J@CZ}SMey{%A`^#g;(#}(^VJZk= z@`KBl6TS=WtaQr{>@bQJWTl|IFD>Lw%i@N2$j|}IiL+RrN-t2_614Fp*STE|o7q4&n9t3^ zyI9Y(;J>h%t3PO(dQ{5Td1F8F@M)t#=<$ZfRe>hMa%&1UYN9-0BUr^dbvrIrlnZU} z-_qi*77H}^2$+mT9a?X7{THN^td;O#70cC)?Y`6~4 zqCH6GbvBq{vvx+jvn+7Fk80BX;%eXwS#N9Eb(=Hh&2C1J$nd}uup&_*s8-o>>O;JE zx!@z&A!`h0p3Xl|c(+8ft8L>XNPJdiIN!zFer8sgD2$GxX2R- zX2yxgj!SDYFlEZ99Iyp1cNr+r7=u86!weXj%e-X=^~z0*6v$30cD3OnQD=qB3=6Jdj(GFBU>365ijOjFkh;fr?+O5(GYhw+r+ z>2FC0J`#ll_lo!Aas#rtWD(D!7)VTii9h!6xJNIc0&rr$=o4zYYp2mTbHntaEs!Bf z_%q4&FVpzf+9>KP4|%%05I)BB!q$?~!_iKepvydJ-gY+oA$&C1_relVW?q|#bD9MuhLsPzLwqEs)2pl z|E<5YGm6<7(v~~MS^zIBX#XrMMYnnlBx~rH-}}NOWSTNP&-y!dcPb$2lF*Lwj6Y zImWAqRNef>FQ?MA)Z_Bw*-@?two5IJ{@CMizAP0KCgSx3t-;|Rxt<_zv)i?m=Ii?cqY+vc6$roSPTWD8u3fjX)p&uNHxxAyuBv)lLh)hRiBI?S64d(ctE^n31- ztgdBAo~!5)h)0xJ^?9L^xFi`6GPJ5AB38pO$`2c7?EA*rF~K^8*sGI2%zuIja{rcF!_(?_`s+~^TdcpZOP}7b45FAH5pKHa_w*JNwdyZ}5&Nj9ojYK2r&}Nj(tN(hc z3FWcKFXlR?_|I>#W;{=P0-N zcLzaptwcJ{Hm7zF2_Ka(XktrG`dqj^!H-15E2)kW28@3J#OX&?vOoLLdJJ;Np>@V% zADFxet5$>UyeKPDi`}!oR-x_)eSo23O-4`pAHO7YNe^C;w%kX`1w8%l?t!`z)o23% zSvrHZ)ahM>`D8pI_nWqgVwcq!ow_$k_!?70 zsHtT@-l|BO4aOobmC~MSE?!;Sj-$Oo{=~}$?r1T&VVrum@Aq=&aXph7C}%lfX7EBR z4CPwIX8rpQAe~QJHyCQGyFDFL{N-$#6Ve7{G#JN*e^q9Dk(3hY*ZtQdcg-P-2mFJf z^aAG?f=a&O+Q^2=?fr>Wh6eM34QIXInj;xN_Yq6#r5$JDX?uzvnd{91>kP;1H`ida zPzo{4;n~wxrk*D?{8l4qrj0)2g+tFp-^R~3bwMA}aZ*E~?;l3&eybpJ4ebo+?EZEt z_9unOrsKMI(?-`DcM=a`g9mVUqs?#E~l;hJRtA8BIDyWG3SkN@rRa zSUM5ywvJ<%^O8Bxxm#z6*$8gv<*Bt$bVvhv5)d=Dop5TrNyjprOZ@6)dJALig`irB zF5-<3zA#x?I@+`%+k!MACN&BOz;~1hJl%U+Ip*vhiFGt zSSwNGk$I_gB1`MyWFX7mPaP7++$nRa3ihz)%ke-o)s76K)=qlixk}Y=Zggt0KZ>Y7><6;< zoa8k=U0$ZQ3t%M>kRkU-(PVn*N@V(bej4j4_i1Uewh`i-6gq z`URM{S`?voaoo=*$f#F&iA0mIi|#E~xP3@7zFJdX_?L=fjzJ+%WodV>KLIu+L=L zv~NUY)0Bf}x)Y;ZF56g!KR68-$mnZObFIB73B5FnOaX%22$qevVeXCWL*JWyHj0#w zrI(8NX$u_goTM(HhbC^O+iP{AGPKrsBSypu?j0bLXA&G>xLCg}Nc{WNnB?h4fYxCN z;R%gO78Zv{C((n2u&GPC84T&SPrN<;##rlrmHBwv_9oFD0ua9pO@akZ@!lp6ilzfs zAeb{gXl=}39uIzY#fTqAOX%usTBi~1>5I_`19SYgSld?nO!K22Jr%Wtl3UtOQK2b6MIZu-&p8s`&27x%A~n< z>Io^{C?G`Dt+JnttT(^bJlRd$P!a<>wdIb|7fa(4Z&C9tB6%L#=6~Xv(^3SX9QEGD z@eR*80q7qc#>MF!vyM4Qn`>9nBG2`zIMky^5>+8zcG-rk+itKTJ!D@vneO%%HX7p6 zBE1}6D2O9OkHOI&F$}b3y+k&$0df^6t%v=OaCl6voh7U?NnCkm!yMk=r-0+XLoSMu zfcV*$%o#l7_#W`U-=fekcd)S8NDg!P$vDLIkL~!uRcn^Fvq2(S7s|39+ZIeKsMjvV zmzqk9N?jTwO#DJz>Rp_xcl;Gc5p<%Kj${#*{bVX`Y_}N{Nc3K&0=gXqJ*S9+kmLF% z{M|egQVrWx0D;~;m%Oupw(k&lRq;`aO^Y|6B(3A+kk%E-ILOGWjef=4SxkG!iG@Hu z8#X6oEM{b_0L7CTi>yQhKAxf9o(MNu>V=Zrk9Y^=Y_1-K&#>ngp7^Wv8_$utdqhoj z0di%7Bzu-RyiOmg?v|h+nYUtB1wnW2At|E`%&_==z`P%iE<)tenx~P#YFwg|o?{vz z5vcLN)zL%3)po7Q#!;x-k2*HU9Vv|tN4YcgyRTJUk-pmyMqiwi638aCL6DP?6@>f0 zwIM>Rz5@;gxyW|@##)nU6$By(jtMc}f1W*!@CYh6dfXt4FB;}wipYs!^EN|4$=Lwf zi;BxdgcDNEe&RGL3N-MlQxayS`ZbBKX}D;vHnqs8Ub`tB@AN0Q(BQi)+{3TM$@&pJ zKwah{g5!G{W(Bm1fxHE#lu@*il(OtKbX($!u!#)alwnhxhRRB+WsKEI+rxBL3IK`z zHyEJ=c8b5jXztxsYagQ7avM6&7i*s zu?1(T%mbYN;dmKAi|T{_ZCds%xDWm?(8R3GXZaUx*jApN8*VRyI0vn)2=;DqrNs3= z?1TisxhaFvf7o1i_k|6h3~9z|cfYU-r)aPuW_9v|p>)*Mu&?Q`+S}lr* zceZP9RcuDTa1I+g>`-A?J!!XYc1BTU(r&$fI&JP%wZWPbSM8$`?G4MOV&~_B`4<+G zic8c5rq2LDpmoIs2}Fl+>*a`ZFjN3j=~#ByALT#bYj1;!$be(#Z$ZER0(C>Uz;8hG z=-B8B3zcqcFW4BUy7br>C_Nz?)?#0v9YcrSHMxHi76Vp^UhPYcxhj7O#6`pYURXL? zdm$-|Pwhod6|jxHVqG1I97UY9@iir+z99X5lBDbH`1aq-Cr~Q@;wJ6L#du4`O&ZqC zAYc2d_frykGMvhXuy`o@A-o-YGz#!VFLvL=sQ-$E#61Dmsr;q==nO#rVpq){6Cp1| zIFpo(6HJPZ)Ubf*2Gd9@;srY3tSqK|R#Y;Md$G)(OTN0^QqKG&uDB;o?5y%c@{lpD zLJ7>Z6G-jWt0M+_%krINJxNVx%>+0|W1G}Ou+ACUdGd6epM2}6FQvhR*t3sFhWTd0 zB$OyA8Sp>~`W2>&@mN~3@DHEp)>6@bxWA=lJL~;QllLs76HUWEsh2S24Jt4+eRzRb zn1f)C4g)#3l8W`aSTFKKSRfHkB}4!>VUcID84D8&#CPQ1mWY-msdaa3`5^SDy)}D^ zmT$NHv~c|<2RipWPXh>YF# z%irkX-@GT6fy@0bkF{tJI&y`eMJ1bP4)YLhaa(lX7j|9h>MEDeV`mMZP6UmKgmw9N zY@T7Ha@kK@8dW{+<^7P^`P=|;6QORyx<}LA{#$##*5H2!cLYiy4rIDEBCLCi2^ppt zVYOPMJHzVlP{mt(g<$Dc0ujJ(qU*P zE7+~GS^`<$PDv~r$Eh2g)VF0YjO_e{lkXoR_;(xq&jizX0J*xiSj-(uF03?rJBN9Xo_>!6V8mV(5 z3e(|2ZSxK0_F!H^{KTDuSPm#1_5`2~cheQ&4;myn&9B~Hm9nsHb~!V!A=-;{B%+DG zJ*j?=Pzicc`B(bekGJ+%g^J1^lju!MpU?X}h1)-i$i&(7WOhA{pzLWDwdF1)Zg{pq zos0rt#9S)zXuUt@8aleC#~ocKITD7}s| zJPzujbwi(_LHa%QXp@|5pv_PJOFf)_Q^Xb-oX6;!Req2phyZ#dg3OWhk|2eq+y$Zf2?U zzwkdKc>b7SbQ7}SJ*RCPT*IJr%a}axnF#f7`F|?zXth7*FgiK|LR3kEI6LidYzvS` zrNUZ<3SlCxQm9OIA>B#e9p*;)qyHOaX{%28bzx~w$OS#&_LrrY32*UhD8J&)U+eHaZv0@G}w z2j7iRY7H>?J9xR=*aU3@{&FWN(*roL@n;$_O z{K%h?uHS$>fzC%gA;>0*cd8hIUErk;_L7(*BF+ z)+XGi^px2TFh8~zg{!8|Ym7B}iErG5Dw3*TZ{N|15sId<&3D*Jao3_NtSn|YW!|4d zsL!wqWyYV#o}&AFdZ4()5I9B*8;f;iVWP}}ihj0yZN}UG*t5k7-`u-L4Df~Pq%jgK z!zmZ`RlJ3EYoYkPM?>Cj;izfBw~etGEqg~XK;1){g&O23`1WEjH+e2Vi#AA)LQN}7 zi#v_PaN-k!D>{rB0fo1TpAg?4C2d*~3{ZQ@3=vG!J2oRDC$L@CWnhVSiV6bsrfsHbe5u8EP?izxZ2!=jM_7Hb@5tZh>ZC0BG0ZOR z98fJ@4G|}AQK(L-h#@N5i`C$`{&*QncqmmbPrfp0kw0z4KiWLk_2Gx9Z#@cNuP%3} z5W<5oh}5rEP(8Potu}whT2?Cwz3H&zMNZVy#%v@;q)a5o+TATMcU<0lA_QbLpI+$> z@!iCsz=;3I{}3b5FrC(Oie_ z=3p=ejiRfZldQ4MP|+s7kWm3>G7i~)4!tP$rWIfs2}ZC2VR*52bKc+C(QFyir17vb zS$wOrHsp>0Lh5V=6~M24$C zm2!J-j#Bug;cg@9b??>FUvrr1wSO#Y==GdX|FS1etLpw9fK~S=H=Kw=t%emFAR{0R zgY}on6DPO-VK`Axq^6~cL_Y~KG#e^S4Kiz?eR_;Ui;Vs&?g$U8`c*nC-VCnZr7Yz@ z5%dc*c|POejWTRe6P(Gua|$y18g(I23D?y^)8od}8EmkJY$=)>3i5-8z)Z`OfYxyt zu*mP|ZdpB&%5)qQa5=^wV3V(dD~Mzyd+Mf|B?}^9-}*W3h9$OvYn(Od>vB=ob)a6# z-F#Un72uKHDl|XBDUcAccGmzxW2Y8O#|CfTIm_?WwEYd-CgQ4EVEZq~2!_L887g5z zQ<+MmX9RGoIBDMv`!(o`V6vrAgzdNh5mHLF3@Cp*YuTZj(h}~%u%rt(abmg zfi2ra)yB%r9T(ZTRgrLo&EWHto&_)ICZn%zQz!n4J9-9sl&mkftxL@Q9RC&Oalijh!f zFi{A1xJycxgo476mVb;=B}~An;P2s1m-vP4w;!h(Y{R8&5_SSD zPMFbn6PWVbx6My{sgml$8Nk?{^m@BMJ9e#;^B^$bG_iG?wdNh`K&Bi~f|seMq$Nra znM-FLg>VkOl#sL6j#%c=fLNZo*L&1(h_`9x?KbGwC@t@*?9GnJkM^ym@FWR**vKLn zagu|pCE1IE)6((}bX?P%6-`!!kg?xOa=+4W*NZL#7}rOiSEf7*Sh`Y1_r;}5{8=*4 zMjb`pO{K67Hy|GcW5FZEVbCTHhhQRXgXp5CXp%+lS1?8$|DNSM?2||Lxl&}nlZKZU z>mcuavfaZ`qR#I}`okFM4*$$A$hD^VftNug z#(*t7@0gmIU_7_o^#%q>Ct{htXlqpkLB++K2vu7<+>`d2{!KWs3V?+b@(h zeB{E18Jzcf+ z*XP>;r@qW;e^d2KFwxMAR5%qI;+9xRjI-#kXey_`w~`45-xBZ;N#Ms)%75=#|61bm zNmH{*aM6!QChFrrDSxSLAHv29@ltbd8t)qK5F5g$Y!Xtbdd8HBM;^<0iKAAQYw*%g zn{m~VxQPB(saa$`%YMi(l=(qG6o3ee$zAxlGsSo`6Q@N^SYNf3E8%-`^;4um=2&u~ z=t&Pi7cdxlJ`D^#H(1v0jbFq)q1P#1(3q^Dc#L@3*~=PE8(gE}86djX>yOeRd|qSF zZWnD?KBjA%@Dyh6LR;7u54Q9tuSSa;5Pe66fGa};#a!w~0zpHq2f|E;2r?KOe6~gw zGyIeC?HS<;w!BIYW|+a<*v$+b02GjPtt-$XeMZkMdc1;4VheeRwU!5dkF}&ZgBDX7 zUreSKUa@gz@8Ho=6%M{WR#}~toYJu-xx3*!je4@XfMHx~Zs=(i_&4{2=_7=anU}6H z0qU5llRFd_0B4?~SqT#4O<(5B<1_N;?%y%HW;egQ&$Xac0x)--ff7c*ir+h~J#~aT zfP8H~ZbgVA=ZK}cQ*CIqP)slhVd&$@S(-eRC@HblP7+qgpG}rN)50fv`zt4PaA1R6 znHE27&D$2_8%&Zu3a_wY;bLJh6?;LB8XN@JzR7B?H!2yP4c67^k^SgsFQ|M!y)a|N zG_GA;^AaNr$TQBh*3fy~tlZ#_Us?2*lB)9_9tb3R|Yke=DbDszq6|X&sZD~0s?-#;?pn0^2wRlrr){6*4RADe3|vq!}aGus<|x)nDc#`5b6; zA^7bq;3P}azPQ$4zwDEm3$xU!IlM)>9{5GcKsw;#>*jz8Q7>d2V%aM`>Mq|pl&~Qx z_9^Td2p#6Qe_kSfY_}ZMrSOlA-!g2a>aD*hK2?I^KL2SEUsj}Xl7#;|mIA&vc-qtv zzxLpSehi-JP=zoak1JutOw}%34*NZqbhmcN(EC}gLmteM-HXPG+u9XV8z$ySbgLg` zHNsbGR9_`%xSRk6M0p{&;Qsu73Kd;@_VH=;xGMbNZg)6zG zmE~cvzv(rYYJ(#G{;?Y7erM)Uho0}@-CCC<|29@z=?IHXF~UQepzv1-uNzZ250IAJ zYOApcT?i9;{8A*ZVn_f;Q5@$&ijqw=?G@4aRUH&qoVQNu_bfEeS9UZ>Y>K_*Ymb?_ z35+8K?P?csByjp(+@<>3m$2y5H7d!;IIY_m&v0K_nj|)T>rb&_vTb8QIH=>0G^wlh z>&pip^?t{uQ`5XO#;J~{#aJk7Yko7`=v`R^_2hrw`iTx-n{!iYs`F3+=N}uG_%1T& zXvIM5j7TTXCCaYVBOKfkJmVV`bW-R9){A_5A*Snt^+!nvh;laQV;<+`m@8bwvT2b= zY)wxC+~c?RSGFt;!E6Sw5=}~HGETZZDE5mlbM?f!BPIjEQng>45O>;Yzpb0JvHdEj zo8*>UO3ZLq5KqbzMc85_5})Xdt<^lpJH01g8`Nq4xp;$u?{+ZJT(IEz{GiGQVEE$( z7PvAZZysZK&T%FCkCj-@8EBDKsY-A&hk(GAC-CuQB>{v8$x;7zVs4q z(VgOgTmGRuUoa9-{RBi2v6IMjjkLuObFNMfzGtD@VsZSH=ABqCp^jp&G+3Ihd^&5e zH16lfN8Zf|5QCY@Z^OhCzd79()hYV&5ZAP~UjUT9BBNiWqCq^leZFT}{oMg0%#4^M-a? zD}cXHq1|O>QH%fKXsPbU-V0wW2Sm=>FUR1DJ(#e#PsUJ{2GAvMJ>Kr`VQcwD2r3e! zZj3J@TsQQ_==RUW>ndiTE!!8rOFR55vQmOaB+Q-lv@M{T!Y%=En^M&J#+KtVvRi}i zirWh!&*GbAt2*;;_eS-XGUwFn&fxl!HY?!L@=J}nJt3;gyq#JO?CCjYT z5gF&NgL};$c&#r}g~a?T$V=$Jl;26}TuDYU z*xBk3WvO3!fAUr$YH7?zh;9Dd7Rfo>qG~IQb)LDRGZHSlma2KK!}<1>ufl^Zc6A@v zzg|na0M5?DDk)6b-m|5}JO*hl9K8&ePK+Rp1ZTN47oIq_x;M73S>0^XH%2$$qjG=t zMT5o@RnrQmS1Ax5`Fx;De(6%m1Es@y6`T@N2~7#GdFRsvx@%3tfNr&L%S> zP83sYSbu{Sh>CTi{dw{d#?@pqgXR_mW%#=Lk?oj?CdsN(b*a*+C3xwFJ|lGh6$4{j za)J>JZqLC24KcsKCb|pQ>;A{-ibY5E0K9DlJsF4LBms zFS6bC;W^vRp_0kFAT2u8Lhj#o1BVUM;i2;`@!!r?*|L5O4bLbK>ExJLoA4^Brp&b$ zq@nhvk1pw1-f9S0Uwcc~JkWSse+Irm3Vut`VnYRGXj#F-2&-o3SfTLC$|T6e*m1Z6Fo0!gEf-lv-imyz-W zc-+R8OEsIFMOy~ z*QS;)nl?N)6O$Wl*^1)w zLT(=Eq-{BxrabQN3KRs&HTx;mN$-opUZC&MitJKby~_H#jav=1^Z7sTz!WSeyLgPo zF<-g7KD?yK#u2Z*0#-LkQN*w8_opY|mes@5Bk{}4)a@DYl#%69v=?+K^GPdsrPVaZ zB{s}|zRm#UOl_c>=PURl+R^iQx??j~H9Sn@*Z0Ywa?tut#ycGSzcyO6^PeAN3z!Gn z=uC^Qr-1uTpvW2EPUv%~0v${~xsB^S2*K9h{%OAe! z(3h-O&wLPVcS7*Lsq{;}TNhp(wAFL)MM#Sa^B;j@w3Gq21Yy&x0x6+2IT&Ov};QqbWb3)L_e{>xNw2xjdJi9zPVk|FS zPno=QErkidea<+pQ)zScT6mWbTP1hl1hXAek(ICOsn z6LJCkhrp5zfhEhB&wGoDi#kuWk*<~rGsdcSOM zB;nU{$CXo zW!o0=CnN7XFyB|?c)l34zsnZa9DQ5;!#8N%)$?nZwu~++IQ%W9#ZuRl=?*B{x23{6&%_eS(K%tb~GSKh# zk*J0{A|HyeI{chYT%DxEj+=;SlHr_~fvSNH^RKqP=fX>mDg=G2Wa~&L3A<>d2ZfsGd4hQx>})Qax1p9#%ggzQAFj9P%A^-%oD&pQM}MSGr)*$H`J)`X)Z7ut(aGHm zBU7+)vc15{5z2k|4fI97j?PYeT-@As5w*Y&0dN=GdF$l1Dt!FDI%zGHnz*WQrV?r< zXu0>#v9pz`TPbL?pGrGQ$2aj$3kONAjc@#;6=A!Bv;a>k3Gub+kMIs=abYdd4%zGJ zSX&|;IiEs@MO3zPZdC6jY!C4N>{D6f#U2vV^MOh3Vd0QW8jR->9}+5wd~>gOW2z7R z^sa|$cmyWjCI$9PK52Mzo_>6bSbo~1sE*!gmB4b~P~#rRNtA&ryR)Y_QrCZiO#5WZ zql)+V9-sMV%}jMiNMflL`Qe^2`G@vCkd74XwU4I)HE3;P=z}8&0|BYlS*y{AG^-Y4 zs2p(pmHV++Fj3i{b5k&nLG~zJSr0qG?rVTRh-+JeJ;ERTX?Psc)KAvLYwoG>%uHR8 z)ZU~%&PDXtoEj3JBu1Z(Oz&8V0$QgpKbdN=*kzk{a=9~NN@s1TZQ8sFFGYp|O6IQ+ z>>ntlDpuT)e(;P(k}BMO!`J5qw1)g6P4u&U0!?{taB~7cf%5^8mFkIh$y8gR0pcn` zofpi*-O)89@V+!m4l#^RaLWqdSN=>y#EFQ@r;Y>SIh`VJ?vD#N|dEe7)gI|c8S0Z|a!Qs3#eGy3jB#Mu?9 zm=2L@`x@Wi!u^YjZ5LUF$$4|`-r3Ofxxk75FAvvqa|Pt`LAhcHbS#L0_y%IIWCB{6>JDbeA1BTjPe^8>07@f ziPWm7qk6yY0wWT?M;=a5_f*-U9&Bug(%jq8mpH247@RO7)Ql-xCVQ^3Z8xi3Vkx?{ z)!Bdy?j1bh_fhLT3-G6X=sYwU6z38wn!fK}ty%q+wsy~bj9YhGC9prZ91?i) zwAI%30_m7-bYv1MB4<>~8{PSfh#gf@M{5Dz>iSkTP<5t@n&)jxk)L2HsBP3_=`7qo zOMD`cA|$)2naEhJQ=cr&&%j-OpC)Z^G4IkI9g#>rM}P-PU+LiKpo-`uYjBA;#c(>JJ>|rLLc{6N(o5IV;349V+NAHS{MxEUt3mLA`rNgi%IFCR7 zkSx-19|d*`oYVIIm!KUTb;T3-XNqb!P&a|uc`bh_ZmK~rZ@~UxY)b8~-+Edld4&9Sh%(KuPX<+gS zfqNfhv+5ld!*uSIL9({7IE)F*X&2y_F%{3U-t(QW?497hlC7}c! z6C4Zh-H)VJ())b;#CR)3+i0Q`i6fp`-GHd;!5oPf73aGnPbI7}ZIux4Jk~v2J_i0NAZLIkVNIea#W4mO&*? zpTD*R*|1G4({a5oX!Idb<~6b;5pLBuG(BCF?>UmS$>*4V4k65qbAH(UNJg@ib?04+ z&n7B0ZcP0aTun9vfh}<&@1YpFm7V zzUn^pHg`G;SxhE9aN~6(+Z>9%w1LA!z<*OU_Zr zC3twn@O-kG;97D)XTn zs2Qs`EctmIR4KK{`nQ`>+@#gq*>`DE1q8a7+tblxl>(o=xDzTk1B$?-V z8B!*y-UD+uBPyj3MKKKP%PNLBHcWYIjD|1B9-bO(1v!TTylqOw9FEs;wd%pb8bZa3BeNW9lX6zr+;Q<6ds|EhkIhh6UexQ z=74!7RbMp6Ee&$4{HJwk!-u&sx%lVoBkWquQI`_zaBuWAwj)ZVQh?R`rZ8jC+I#wt zXg+FJvsTkm0+doFouPj-E7p86)37!-UPC2bJ5uGR9J&iS%yhUs4c@okI}h*W;vZpq@)9*tU1g7TwfNPJ7_PYmOa^$XrKOMY zB)i;oL!&QWwrNd?0}PxcE9U;Kv{$w68KYaKvT!7=Z6!vF$e+s_kh4B?o%xaDPHvzf z(h_w>Yh!kPuH|#FDQu3q?7C~>^STNR63Y{I6^45o&p?ZZLINVg?GMMcS0Al_{=wtiM|u~R zz{gLY)URgv=IyGPHKmq0*R~yMsk__s!*jCyE_Uur?@iwnz~woVT@k6$M>pbgB@|sp zhB*QYGj(705;EwlPC$tBf$FJ~b{F&-2F=(#{cgSuL1I05uEJ98^1_HS55%<=K4NQm z!dKE=!=XVSM1RJ9+Ev;2q)XTI{m^y0 z9Jbyq;Y&qOMT()B1P51H7%T{ov2R$tKA|kPMxNQOfA)em)ZD&$zT?tdr9f=|z{-=d zaH8^6%Kn+eCf4G;{Z9(i_x^?!jx>@N`R;t~{W~U0-#rS)m>Y^bpT{j*zvmq}ZS7V+ zIA5FwO&r;aa}A zO5S}0E4H^ccfT79G!>f>^h7}G#RzVK7yV@Ao2+_nq~A@yGCnWUl&ULzX=jJ^tzwK} zkpQj3{n?=X$ies>pNVDSNJOuVeJ;#aXd3ei(>j;<9RXjt^rt=IyeR0$yaeQKnAwN( zt$OdAuC1V=uq>czY~x&L-}Rp}N0#eTbbx1{P!EcT03i&SggUBHqt<(4%HjJQ!vrnL zSv#e7ZZVG$Fj2&U|BFsH^~G_W3oWS2^O)eF%wXw(lpMNT2k^P*)50CEQ0Q6HO1lhW z&owaZ)L*A7Ei5dpV1Fc7xI?L!i_jIGUu%On06v_(=d9@zNvkj}U%xj8hpLCJdsA7j zpHi)Qw(MVBdEBY3a4qF!9?y7oAbJ+z8y6efA`ICz4Gu$ABD}ZPCEoOd;NL{>K>2-( z_*k3g%NfGX-DTIT6d~#KsSMc%CC#eDrgH9coAU8ba(p7mnO5VV`06nIV#|Iah3e>_ zc%W(goDD}nL4^!ajr4oZwOV}Hz(qKg9qyc7vN2Z<_t0-Ox<4*fOhSf1*|}AXu7o}` zo)MuSC-v2+H2*O&L1Ky3*xZOfy4Z=|V_r*VP7>b^QIi+zc=Rp=F0AVQb0mD$Va)~_ z|9|wX>`G;fa9PWYqMJ%zf!OJF$tS5qmE^ol2bTsas z*s6-~3=g6$MeodMw;wuMW}H$f$DwBP#PaN`o$R!+4mZJyVC&_cyyHWYo ztRYrleq~AphS~l6%5_TS)z&E5hhgV!LAhbD_L*6YmeAXW1iF%~N2s!d&M=?Da3-sK zmHVasUAF_+nbhm8)s+!BUt}yIgUJ-DG^}@>PbJO~=|>gmlKX;@p80Pbwy}tuW?{FL z+XA9;-B|np*dc@FHmSfwT0gP}B%!|-;4zsCvwu`BSO^p6{7HrK+nphHnb(co6~JVA9M zvf`d*9DWY9@rfa|is>_BC?{|M}v0QvCd3-A| zUZ~-|ng0!X!39%w8KJ$E&fnpl=VOpiyysRU~09l(ACoUX7{* z{PY~JIJ5r%Q(L*baeH+`HCqtjTYfCxp*pr7lyY55G>6X{vbHSXLoq!2KwO_IwvS|f z%LjRG6CqIv^k3VPvU7j_IbwOgsrb;johO4CsnTs6Y~g|H-jJB}4MyzMusav{1bU!u zrg`XhJ~q$=VN#O|+9{wx8KurJj7T&BG%}&zb^<821-G~IWJ1dXeaTrsm@t353Ud`k zXxvvO%%HF)0Cdim-5*H7om zxvpn+cXsxkd+ymSArX0cqj#Zj`9<~A9&#hIgrNQL*vUXJk4KjG5+*E2SL+L-L~BXm zC`-E{y$8JJFFsy4_VTu(9+c?WVt8fmX|-d5R{dqrCT!U1Ak-x#=ajN_%~XTO6-Bmd zyzJRqAsoxNLDkd{ZT?t5*X#mi{WX{FL&wC~pY8d8lfUIe(5x|F-4wgyz8Eh7uJbT^ zq?=aT_cUbzjNKJHv;>GWZse|qGe2o?r=jiM6cu@cK=Rn#rmd?#dQ}q)5U@kvrDBW2 zK5cE`X>f=C1;ozXa>K^P1zW?Lc$usqDw2suZa`7z@)Obs`uUOD@zIk$eW3J_SpH&& zcLkEj{B;(pHRlXNRZ{U~jZ`S6W;oux4XpS?VIfjyh0;4KhuiKC);(S$FH=9H)(>FV zGiaEH{+CK;*xP)aybVA$t79_NQUmwLSr%@JKW1qtt?o$mUhb(`RLkBZ?xcaxf*&K( z0BRdyM-iHeN?R;SVXZO{LJlvw65hKW2TIedpPBDzgKa|gyVim%{>H!_j4*Oe&d-q^ zEHbD~kzD+J6}G9QYOiGY=#Xy)cl)<)Ba%9>&vli6`BKM$*YVD@>pGkMy~dV?NnzK@ zW2geq&Kz#LBEKk|XKYUBIFf-tzi*6f(5sp%mM5$!F4|4RZ^hMIwLyiE6my23RZ=G0 zV#l#gP;HQ`MNFK>Of)dzdM(=d=+?40bPVNi-m5DHlalxwVjFu7^e{L6J@|)DiIA)v zSwd8Y^HVdFsWPXs1z=tX`U5{@#s(R&Z^Tk5qH2mQrjpX@}V5>u!E zaqhX^z{O_EY>MiWIo2Gpu7f0#8@L!dbJ&u&rG5?Kf9Ev|EoCOqFY(XHHxJkBph4%@@= zTgY!^i0wgt#wqhg!O2K25bn(+h2JX!0wmDLU{Y#HvHx!QM5{wsy|YTF@~uR=iMbsH z0tmBJ)4C=u(KmVValMIcOtQCN6#p~?b;geSbfm3A%Hx~(C%S?=lyIt|8Es0q_au`; z$t5U1kU?lmjZfsI<;5%m)CalO;^}U@MChc}SQKB~YlSfXGyJtU;AQqO*Bv`Ocgnzz zb1Jr`&u;85j#$NHhTW5))A+tlqk>vBf)bh@;R&C+2b}+Rg~QE|X+LRxLq}a%XRcmp`Uo9mrPG@8%zN zPU~yt$O@dk<#SLz@kDQ>DjwHd<#f5R5r4;#`s|eztrJnx+7Z}2iz(rVuqW>gO0+Ru zIc-JrL37Y&mY405E0Bz>j{ueZXd|TbOP@0m9M96Qd2SyM`0_kN1 z`E$Pe0wX&Ekq0jpm{(DCf?845rBau@SKx(z(|8-+!3xnR1L;v~r#;CLyxoRsF^yp= zP^P~&ym^ed2B8sl-%C9|l!e?sZT(n#kM?(g6Iv*MpTkkSsg{p802OtfS{eheOZO9! zKG<-u$s-Sz0dY^ImA|%L4=h%6ZCQBt!1NwO`lIEx=;Dh&e6hpm&CLPPSei%r5xnLL z#Q2Vk-+XMHb~56f>xH?U1`v;N+dzr#@^OeALszSuE&QF5kYRuSdy*}~a#V3Y*%u`( zf`8`t%8T zBqg(g{-4T!$r7}XQk3zeR#sjU+=TJ$#b*yK{iNgBpY!2xJ8Ms7?XKs&OyVlR{|Pst z!w?qCLHyjZpxe0$3Q|Rz(q|!tVK0@}f?baRczVD-f4ypWooGVG6FfmWL7;o8n5i?r zUeI78xp)-N;L<(k-Ui~kxUe`~2(`Y9Pi>()DqlFUqXMlMiTQw`v#?GIY{#ta46mQVSbVYxB>C-6@?8_?>sm42-t`E3vXh-6tTOfO(dYu=%@M(0-y^8X z#jqoQD-wji!+mvrRonZIxE}GQI2|Yjoo2aGnCO;uhBqF{Z*X8Wh7uI{6$n|c*D=Rj zkCcCZTfdW{#@6d%-1)!@?x-UQG;SUx2z#rsD@P~K8A~@ikBYU#we1jKp?aG3QKS{@ zIUbs-Oafh?)pn5fV>J%qarruQvJthlTqJ@SUHYkL;_GtpPahG|d+b zHh3!UQ{E_v<$V<%HSWzGctPxwhHk@6@;9tyL5U8>YlDYHFGMCdnR@>ekoDKF*-ZAsT&L7(GwK4EcEi(%2j-)Lou5bwa*$9aU_P(M)dZHgK+|ihg z%Vvl0tmWS}+uUsW-tZUmq+gD=%Lw{ejHhgb<7PitaTc=vf)96fD5-NsKGqGZWF z%3dBtGr>XB~FVXMKjfC-99IXIWu}Al~^8+#}bdy>w9OvidBZW0fE%gqf zms2M#OT~!xYc8@ReK5==z@AFBZhH`jPW5MWOe`EFW>8eoIvCZ6w!*z5C+@FfhQ|;U z7#)McQKttz7|ST6 zLqfuEY`5s4*SH8=?6Di>mDLkQ(HHy!vLesZvjP;MF|Q8nmr+`qf{F2 zpzHMZyTwGa#doCkeE7N!<;Cl@XJs)l^jEo?WSScg|~0h5m!4<3UdGcwAWtP@t+5c`QN8^UgNWk8}i+BH0X6W`*_v|HaME)07>oru_%$8RnW;&3XF%9vm?z$+mo2H>seHZ-(je%iI z!uM5h#xdM)9RcIHAon?6?oirX3HD^MU)BU?rH_qfKZ4(muY65%*G9m2AXdIY=Cl`F z;5xL$>VR(l4U&6V75C0+p3Ghzos{iNMIr7diKQWoz|L`=9Sh=|n)pWB#so4M3q##` zf+NZp`(I&yb3yM6u7%)udeYd0GW-n}YXFQWg@y*0Lh?f7xI-tD!3D?2UnXUgSzBvf zgLnu6%lXVWR~J%D}?4no+SE(~xl-Xv(l zRgLI4$`bZkZDE5{^XAq@!8OK0-EzK7;`}0qTbXelzJbi?ZqV;enxf&PZH#7ES7vp zd}3O5ulo`&spVm@YR79yv%AUZKWiDn`H)gz;}G_> zQ+{m~BCijr!6@%gRG6O){5C}Qa}o>As|!TiY6R32k%{MnKn;q4$5(olYq_nvLCR*- zYY#ZnGcy7!w6=TCkCs;+&6#++z~!2soh$RsD$|_EF9D?W#tM19?1C0`H6ZR)?W~u@E3k`C~avhMD!cDs0nLotZj$cj&wC1;9$0iW;IaL)O}VMQw+qFmBo) z1P!nTDnt)0DEaenny@%_8Jjr#8@xB)gE-aJg*6Qy$q%4QK>r*tcPl?AxbT^OUJP)F zm&f8vtyzLHwJo=ci|1UNe63yBnZ{ul;P#Sc*ZbyD@1W#1ob}DTkYIhKjKo+FEmM5nfS5#!jzNSQG ztPz9tPJmdH8O5w_{VIvOgz%q5Mn^RM!G$3I=Pgm0*L~VS-BP8XtT|gxW#gM3*Rttr zQyFjMQ7E?&<^uxs%J1v&n&2u~G?%f*QK}Nb;rJABA)oCF+E(MZG%|vb|I29O+@<^u zr_@hLPYxcMD4LiTZwV^v^d1#bmdp`KTK_59&y1f{sLW9VwE=2M(<2SXk#-&f&in z#4AA=${9Pf2l0tbK}saz=)IxUk0mRtqqB&pu1wd*%^sj({a!G0q2h0w4#l&<1_qFG7uI|*6;EtS{KjH2kN6ea2 zlx6e%q{vUNh{^S!kEK0_`J}1<`99I@JiCB~I@pD{)9z(_SY=QbKlmdLOJ0qOCbf7o z&Ap;eu=(G3LOj8?I=c#4RfDjCnm$bs=iz6rkTrZEK!0IWIH>keIB{V<0}HFL*R6#0 zQ1N=ECmiSOG#;);aeKVIbMF^Cgko@a;?=JZnk*mUgIG2a5MH0=i~o)un_0o$)|wVGna>S z@Vi{)74GgV2qMNA#-5i=k28|6IwG~Lj!(cfP1A-pS%AueT;SeDqU6Kb#bCaBWFeiw z%%o|i0Nu*`EvIK?+|24< z$xQ_kVMS9eByK;HTs@Orx>~3s{4|jXJJV z0OI*C=|vxhmY>)|!^{wT2nwaI8pySy%oxx19L*uW$g^(o4oH3z^eyw;+%%weBR?#o z+NEDe&dBZqwS>}SFm&*%or|2Pi~iOI=4UD4C@QGwe-eam0{-7hXq%|qvP?|UFXJq( zaWqvMY|T8Ltc-wB!ym?9Mn|jITGnD|Pk5e)C?6c!VP%e>$=2t%l0HOA9q)9oRVR?VE1RV3Q{kdA!w9owh+PIEHVHG4;C#m%7E~%DAhMo(03|^ zGP+4lNQ~)e`q=dxN&CcM+6T->O|(_OIq{mTw(_frG{-#dOjGP=o*7T z+{JBXX#K4`s8!t|j#i0VRoCrhtY{epggSUI$l`*)4Pp|wN?^(f9yj`G5-Bk^8=g~rmTIRp`vgx3B$XSWg2bX^Ou z>*1|S*Zq|ek0i^hO-ID!F_Wg|T8^-Qw#AUgB#V-M(Z=26D!NXCTICyzDkek&f{kx-Q zS_)*Y7m4;3N;&dvSQ0)AZ(o|C=q>i`7xTQCe0W+KwBvT!Vu}MSNtW#ztQ3uXn~6Op&c+2*dGMgW+N2h^Jhj|v-<3AiSQ3x+SaYE8c^=OZT{DG^ zeW`KZz{5|r&&A=J<+NQe(`)K^ImNJB-R^nX?6}V zM+ra>MKzUEcEEqD-|P1V@0Z=q&#(2Iv}d&vYr8ALG>9_A>c z50O?u(wcItbAqUK_g=iWnyvL8talcJr9XW;&l$%l>?l)gCp!+DMKnhpdTs=Z;e3O2 z^~0x1ex&pil((wt2FMie2_l8i$RYXP%9;p0hk#qzkB5S2ABk|go~E|JNsG&eZpQuh z-6@Pn;P}-7PUv>dSg(XwBdJO|qZVt*YfsI+mPMznS2JU}kln{)Po~S$-JcAQy4>4~ zcV}D2p455O3wtM_o7%Hrwxj0I>cLuAGl3t4iRRqc+{an|z?ZQT{{D?At(6x+YyK_n zb{+^{0zp1v`@@a$U!sCl`Xnru`HMi%N{hgFM_Y`{By5ph4 zki3PIQ;mfK(g&~ejv40exgC4gFV1F%Tc`aOE9-u3>|Y;_2B&yP*9Q251_!;B9fKFo zNL?Stv2PZZfZG<%qt_I~7I!w%8r#;$A{yJ$Zf!$tdG~uxtL46MMPKHB5%sPdWLOUz zh_i=15NlA_dG61mST$K4UFR{)58V$@e$480N%Rk9)cM-0fZY=a`4(3}>4mz&77P!B z8qAeXB?x6f{eQ2_m$w)_35`ZEq%(7U-=Qm*u>gpW}!nwDdy{d4h#3O}^AZtNg4!8_FLtn6kX2{V@v6K;f zMScZ{{)?9s1%eb)A+db^?D;VY7^8k4pB z*u?hCIxTZ?-WJ(A&S*l8;{w8B_owt{6C83>3ihEH0v_wyA@l=2tNbFpd&sZIaF~*# z+|{Ui4Q;rnejiX#16|Cjw>x9|x`%zP2M0(u+r9zWm<~+HyU!vx1n6Ll8(v|2s3J&I zqolLOn?P2D#DnS2)FzZv|KCkzAH{BOHz+1i!RjrYkN%z#NRee-TUd^QdP!LZw&jv( zEN&i`Qpn7{ky)lEFtP1m8rA_?|;gJObVwe-)(b!wXM^y={4_^R_`(3RJ( zhrvO)F&2YFi@DJBNzR;NzM@YNYb`Z$Q$UY;ZuRttWkbf5Xx*W!JlVpWS*80cn^$eW z23%hgG(55$hPg^UoJSr(h9#~~Nt;6+OO>C7_jK-gpSBi&H>xyGCmh%2{XxLf@NudB zwdnbj?eP&SJlzZAQH{r=!NMdt>!*UIFyaV+BGCC}ggmsn+~BCJL_vH7-0m#z2fRn> z5Jr!u^;No=Aqb7@{2zhgy06K$?=fg1UcpMvkYo{l#_B*oom_<6f5uXX3<0yM5g4Z>o^5uPYgR?tEHf~*(T&hyB3pSi{)+g-r;bTa10B!I9_hsp!NX1ltDAkPGe`8B8w_@~_85oifuVxbKnw*9u3q-wNl0RD%EJ^My#SSpFuB zwgOTHagc3Y#{KkWLg}{O4{0T+9gmFpp~-dB;wx}X44_dp_3`e~T0{Bg+$#?qguO#& zPAI8n)R1(amA1U!T5z#n&s@tFH9pgoQVIQ$#TaAN1-~%=s(@9E_w7*VQHHX^YzBr} zafs;Af?B8E@rz8@)%s~E|3v&OXOlh<^RJaCiN_(t#V-MG#fo^_h zOxUxW$Rs8|=H$J$3DktA{88#};L6A*E@t%RoJ#1LB&)Y3np%r*$n5Dn<|OXht`uTr zv-PhF=~Ud!pM-H7&q5ESo2#-ibet+IC1bffm^C+s)_Ii3U~1m-@o`Mp^o;&gEQh9$ zDZKdFS*?0vwft3m6vOkRS9^Up1(1aXz;%lR`{-n<9d9VwSNKbQ4_d+(2dXZJ*^MTA z`2C#zu0D@sf`&4mpVS9cqXBB8d(xS&Y3~Ddevveb7>tcs`1FcUeYv}Pw1Qbe|8dKI zAaxd7m@%1YsV1}_7kaGC-_~BU>QLh|H&S?%#C$gq5GHd@i%)A~muyyi$Taxc|m`mZRi;sO9Aie*IXeoh#5( zVT)xP%qF9nn9UqKmZ{@{6`DYqB`m+$7yz=SLYgagLho2}lKayonbetly|4^9X;8El zqI+BM&~Vh$$K2-#G!ge#gCt-wp!Q-kLD6QESZ(*$d zScITb!%Lt8L09zE?8T7tn#+eJ*PAjJoRiBq+MOX7LPZJ)VTvoCS z(bZJ6&JGs*A&M6m1mlyri3&vI#Pyx3gKmaHOOT7sM%W!5z4V^j=p0!q*3c_vzcxx&vyp$=IJW2%ctJuT^-Wr?CI9U{Oq;dN!+D`o~?g)(B)wHX_>+Ox*WS^0ANDDLt!n zp-xNcz#p+YX|Z&$faaQMz$|CBzb~a`6z>ZX_e7GxkK8H)%-+J4E1H17m_!wnuy=c z2F%a-Tr|uR+KYCSFr5wGA9o(hot{c!AYxY2t+cqmxOJV{p54>|-_n9n4U=j?+_hq{ z(p8VZfyI{y(g#5KnnUqgeyR4R(?9N7qNSu0=VnsAZ9pJ~c3`y3z%~^&4k5LYbcL(n z`DI#j0}4##sDA-|);?yv4II0!XbokFUi@@%0K;pTDrcWJfp!o#Tw*4cBTUd_t|(9A z^77zuht>^1LF;mJGy*ivg~%%Z%0<0S>X+Y5hw9>JSccQ3xk7Bbm8c%1`Tl<(oZRL`tJ&H-Xn-^n0wi^5k7ekv>nV-sW zyz6WC%~dbYep(Y$eQvmjNJ^8ff4+vCX8enwj8^-~t%?1AIBgvRa$(&~eHq5(KI+HC zk7|f}>ibz+5HQfV#m_VnhO4ijDa{mCS?Awgl7O?dW%^g5zz`)Q(gG7oJy$5;M({T< zGE@3o?PXn#s~9hFz?If}AWBMWcb7<#;(PaMOTtc5|28Fru>_HIZF~2w*_hY+M35hL z>tWVp{->4w-{4#;Df$^f`lL(&4G{w{H^A1#HtJmn0~{U0+a(T1c?@J6+&}bqv<4|d zGZ*I2VqCa1Y=RkXjvN)XH?%5QJe{~)nS6-(n}SHvPx3@>U{jVE!G9-LlsZh3xe+26 zyBnGwodGt=|7LdZYQJpN$Yn%3OwuT;dVlFZo_rC#b1j$8$xR*56RAXsx@g6)Eaw4n z&!(P|k9!qL^|1!Xci5EEawI<|gz_D+ow?n842`6`3upN+9Ud!;%G`=y?_X?+a{`w)^)N5VSPO+iPDrs?Z% ztE~%w&s=qL41rWZg_hu;*-5&0oNFI;je8X)N8_kc$>{bv&1N;eKm%NNax@-^u5GGX24n-Z0cQ-5Q}WZa8QJyb|B~Zrrd}w-Fjhdjfm&zpyPJ2RexGQt{IHF~`#(-J z%&Z_wGLPXA^pxE!P^q*3p^wI9dI=|I2 z{SzgXhf#zgm4ZTZT(j)Lp(MN~Nd9}8f7%(l0s6@Xtz>H>v81%9My~hy4;hzmjxIWB$`&4TjbJeqnkO1W zQDoT#O$$1Q2l6il2I@k9(ii=U9=(fw;<*c!zoB&!}p z%Sh=!$Z&Gy>@moAgv{l*$Vql=77{`2*ucth-UnD)xsQM2oj$*)BB2&o@wp;<%O&KN z_(mLj)?cLD+Dqma*WX1oCFrlIqDiGc_aS;k>juf0d$a=Q&cQ$Wd^1#I&mw+vJFv9y z8B5XBl{gsgU%n(A4?u`7aN}%)>hK%*bHGF4z{Zz$L2XHVZ{auqc72o>EwyLj!XVQ+ zyt6-)hh_GZBeLP|0vnU>PMXZ9+E4eG+l`d*Eh_{TUfpL&L{0dUIZPgiIfZFVyc4V@ zdaQX?*3T+FH8}LMFCz9rT-Aytn@GPvc#UkDd-T{=-mUnSs*OjAb?-V45BJon;r-nS zC*@g6$UrGXDcAL`dgic}e(So%Kp`;*CZ{=0nq)Jf{SwE&MS}O%woV~w^;W}zwy8F# z6xeuv;dP+y*Us?WfpjDxrA_`i_j7yGKzLsR|5ehr!tg&>%8g!@M7wl7p{ePeP(&@x zC+%Tugj}0}N&0n0!wb7Cb|Ps5;SanYORj*`!%Zl`5x0B2np~*WE&&R_lBR z{lM*_0`v6{TkTus!pL11S=8%E&mge@YBH8wn=(*Sh$7|_NUuilQe%cFa{ch`HNd*p zal~2Uf#T#bm+}^wJKq?%EZ=w#JXyQEx(dG^*t={|d|1n|PCKHwS;Z;u4Pw}kRFos< zo>gQZh9UdB%hBsi^I?zaTpAj!B=8?jR`{9~7+wMi%yXrcX>BZ?) zf1o|5>&4}g7Si-5F9camnDN4onM*Oyazj+Z-}IkrdqIJuRTnZ37swP`Dlh)|QxV2{ zR83|TuienuzMR=HAvY1bJ;8}}tHhp%`W6J8O5u=e8r<+l6&`*fDB&TqtZF5wTtI~d zw*{{Imbym8)XCTNgyF@mk+kg5G24sZpfqPOc3YT90y zeZt5<*NB(lPR3AV)c79$TjZl?_m$yEP0@Scj6xt)+fP?c(RQ$c@$0GdS`e0aR2h?o zuOa0sWoT`hgpCW&-w>09E}BZB2~L%{5CMuOX*?eH-FUyE9`N04a&Ju7u{;G8MZcGp z7p_{ekm9FO234YkBb}S~Z8$6xt>8oC6|x=Akim(leICA_4-3>ebssyJuYQLXv&Shh z+)#tks6BF{ILd$(jQZO)yrS8OBx~N17M44>IO{wa5Z6E@fiYGWz|9e!t|SU{rt~gmp>m6mAxK=sP3l%KSI2Cy5wx&(oUuJguwDne6@MLY##^ z!HBQB-lh?J7^!lv9usEOF&6ja;B2lax=8dfsBy`9dKpW14)C57-@}L~)N-Za@4zME zmkj^G(~0#!F3(e;Dg4y7sIQ1Noz>_Mt@R?c_4JV~=y%VhDkd~As<8_irssr}ulf1k zjh{-yiT|(-!S{gFD8K~A_n#FY^L&WKZLfTIao)U0XRe?FBe_sE*xPS};_o9;@Ad<< zvhZNIWo%{UH$3>Jy=cOes#>WH>wbMe0FXiUN4WkIw4feuUOmF%9E_2lf%96NyGXXXkf^sW94B z&)S=G3P$T&f^^65Go`%jC)M8Y(vesSvhbHM@2rDeTo4pX35J0s%gq|-{RVHRl_{%* zP#*Z`ysm8F7k=CZ?(+Pv9bV%R;aB2v3ZZPP`-aZo%y^Z?4Syz}_>i&!v#_kH_!;-y zs3oRFNEKdYQtCNPZ|=A85~)Nx%*zol)}^Agq9rkeTS_seo%m8VEgnQ>*)XBo7>zR>y|A}1 z9QNsyMoKcaffXRy;g!jbKRb4T364#1p0;@(P{x^CVvB-3DB2mac=YW}(*Ee%r%_AwAH(D8@(xa1RQw~dbyrOz zPNq6Gm)j<_o&>*jM5fED`y=sVFH%M85s1R+XmL!nl%a#$g@7`)VR9w9)8r4Q3;|u_ znBt)(^EP##{+g2Wbvlx>M>&@BIjwF8R{RnLosaAVE!}BCi2eGouDAS~YFbttXE`>( zRcDv=`~ts2ND@B1)%=N#ALD=P@CKjtxp7Zt{&MkgDvDZJ`|U;3B#q1)^O(rErx&58 zP$K}1PX+Gb5+|Ley!20&!B6{FgY^_~yw%0l8ZKwqj>A67wnUo6)CP;CPDiZRbBl$% zjVuD2Zrd-|Gk0qU9|n9NpY7JToidx>5eN>FmW6lek`i@tq2R6``i`fdPHm;&>1jNK z{O!OndL#Nks11I21~-F<@sP9v09nV#>+G$VLtP9B6sDx|(~knfbkM4;TE$Gi(&Eas8YTTYB+3K80l+n?>crijkN5FnOPgKi?-JnUlLw-XceLP z^ib8V@3jtPuCBmq{LXc&oW^X&kFJM5oF`2g?mN zW0n$an%)62v^5eM*|KXE$G2S=jG2gf3@8~Mb;ua=$5@1aq;v& z$)8iGnXAJ){*nU&^K>!T5nVBmaC=!*x;>Bo_-+HezR5AoxhJy2?JL1utMcgeI#<(t z$yMP*p!O1JDhX{ra<@2mBjih)>U*KqQ_xz-RK_^~`>8pFB;E)FRG;5}!T z87YVOG?K)|2q+eF3PMXqUG;!3((IFbqI6J)#lkapuObd9lS0%N_oaT1rNssXmi_|uZfR<(mII7l zl7#iEkd82N3~xzdzx%M*WeLmY_bGMr`a^qaX_D(_FoI`RGHrfi1}gtxjB@QEL}!-E z@4uwub))FJ#fSR!A_Z1X5@U6>Dl>6m*6cr)WJ0$i);a?CfAPylpRAOyQbJ4d1d(r%Y-06%}!+^YUC1OFdq29y2!po`wZY1 z4z7X*RT9>dH^fu=gny}&c;3(c#Em!o7nb{N3}#QjhO>&+n1&jliRVj-l%%d!i%et> zP?)M2y$ipO`&qUe-ea=N5#M}%O`Wg4BN2c>onI@P<3K;=}Hm0Ezr42gP_tZh9mnDG=y!c5rXqr5C4&F{GXW3U>UY*tq{JdV38&g zb0XE~wFJZx!G1q3eo-vDrHH+lS}h--E6?1DZ$K zyJLqwX4r>etCH=WeD_<+kBRn-EE9Nd7KaV+GfHE_p*vL{ z&UK}bN;G+TNUHJtoIA^$Pl}l$_r>q1J`>?u)7U%iFHb3Kp7Bcc` z^VR6srnwAKHVe=t)Ux?5*)RYGYx3}%R{i}xMFh{Nh|AG#c1+<=#u4?x*~+EmWl*zz zWd+KwzDDKK4`q2TOkyT01=kcP5ubj~GP~wwR zOMq!b-4bbCHy;AeWOnJLazM)7^5%Ky+x*ZLrb{oXJ8y`zzeITJ^2mOu_ExWA%>M-$ z)&Qf=CdH;mdt_CB#Y7^rX5qF=xAMQr+E-taZChgCJFg8>C!lA*L3 zlHfriMAbnY)=aOklM8SpU3Q{n74+wE|K4)9C{jXV0v`jZXrZUidX`OdaR2InKP|K2 zTI@6(7a!9NfTdqSS2#W6pK|J;%Kcp^?f;BpjNKd%5BspKETpSqeO(Zlb}66kFgPFK zb#WOz-6wOU>qb49KAu*9a`33-`N{3XVPYU(9d5Or=G6TsAOO1>{weYkvCzlQf~gZO z@>n0q7i4T`-~UB`YjUFSNg81I=aTj@4Q)1eSC%oQz~RWKWJzt@ov4(UQdRZK46ahj zGhEvJq4&##)S;h6B}|uO!(nmCqEHA8Q&(=mzfp-{Y9Tdq$rVUoFBnfvPuQ`z#f2q>AZrwAQMl~Rd(>%^tP16vB~pIikc0&b1|S(5oz_7+smwR)$dV* zV&S_fD#0+~(kYVUW=)&h_JF#UfC}7HZ&WF?Va^J=>K{vUpt$=aU_ExNKjSqF6SO() zQe2l5I1uKzm(y#1Cg_w3$n3`vr+bLPuRu1G>pQKNz%7O7$=PXjx2LI-w+UDOa~BrE zNJ~3#IVV`lBUAs-rAD+~%9a>`MoioT6 z{jw&92=~zQUC%9YJBQ9Mr*P5pH6;d~ENv$f}STKJ9MxImV!mjc@p+?wPO~4nC>z6H{ z{ZkGz>!m*&9pzhX?tbqMht5AP>5X@Yhep2m1dcXkBf3V{&p+3{D31J`nl zcXsdSi{%xj`AK3s<#?-VitTg>E8N~2e2!k|c#;@~%tEww*D75;nrPK049!<_&v)6~ zMQ3~8RWA=KsqGCV6g_SpwPKoiT+}E(=WS1Sq4-%KUaC}JBfxQR%fqyyv!HMPc+i=b z)~RIdbv-k)YB(>YvB^5?#!YdF&bm>$k2?BAc&IC~tdx3qt3mo+BePTT<*;L?O#{Pl z!$MU!8LVe^o6Kq#7#BZGu zU;W*bUnG)oeb*r$VV_ggBD9IeAL;@N{T(8=LM-JK$TWw&K4IixF}x>bTLf$~RzA^I zC_7WiVF-FCEuO#RS5w`4Cc|tLg_O*Wgn;*#KZHD4U!z#1r?$fR4IVGQ`HdnjKG7jt z)ou&HhnsH;^t>MM&K`QcuiTbpNHy6vilMtvj~}m7H#T%F`#io*^0@ZR-@{iFLs~=7 zZld-LqN=%nH>DGf@ zIp2T(;QOC!sD3khRw_x6P&Pl9R& zR4F=|ucxws$(*(2u|?-ZA2pJCHeV%*OCaFgT0sN5Zg@w|AN_$@_|(tlc~w**$n0KD z(89ztxx$B3FLo-$Eij?-j^2Bfh;FiA7kma{11bU>-P#CDS*%C^gQ5$(_0Pmxq6rsQ z@C5s_i4XDHLj~POX=G&e$=o-Bm7L>cT04j)gWDM23qOz-kORJR?d2&;Vx_kUrS_&4 z=eV8mDoD2gdrbPbOVVgIxeSvA#TAYX39i$Fh3zr)Z`mnMnt(crc_DhUvfgV`B_)c= z2(SAi*%f(BgLmmy%P4A|y6Z#>Fc~DR3JL^G+{!nn@q3~-gi|W3HJDRV3P)>D020ph zAGiiQ7y+;DN;l}ar0gZ~rz>d?c0nrx);g?gl!StjW2Gd|U@Scu5U(34@}UWJqJl3|CKkM#KmANC?oW&Q@k z`7hVh&Y9Yzf@GaVZ4-Oe7>(Q5fY1$ZQY^anmtWj{l`XZ#QTf z#|lA>&tHqK7h02It}Z+ZI_ebE-)cJ8#*s5)eH7myiww5%4p4npSswFcw{Wx4xvR^?CLCm-wBtv$My{ z&Kx`A3D6~73wFZw`t@Dl6b8Dy$BGc8nhclZPC~X;F)PEI@Xxm(P%%^$bN)=*$D}*{+US zLQf0$S*rh|kO@b9U~Vt@5PJ|gNu_iwkAXJv)<0PwV^1>@8H}UqLmB>DwKyk&T__s4jK5#AsG#_fOJ^$dx1-o{ z@hdtj9Yjic4}Lmi2<^-s^@YN;{!&7-O(Xtue~^J>!cJ_ASk`Rlg`f1>zqhQ4X|t$6 z=2oC25G+@XN6C|9X(67x^;d}WCtik!Fk>yj&2@TjKm8N$QwPGuuVVg;8@20PV!z|V zI@yw|*#*=0QHqOo9P8Dij9Z#-dxf-~G^&d53hBo%zDZe>mZ3X0gnnrP&-IuP3Xa(P z*U0G;*GAJ($p)x|BR3Uy8F-AhK#wH+$s&o>JV za=fg1$9)AeN~u@pnq_tCwwa{(P-HQVJ>bsCaJR)=l2%)^-GlW6r7oZ;&1hNi*cC|xE#5%*JGTY+epa403`i~i{GQpZGkIc*XCvP055Gi0gp zbadOJ7Ba~Tds9htQ@X6=b1Fc(xXN^ENvG$YBs!H>l9xWa-(+M$xt!Y+g{W2_`Yl|B z!dXW>!up6`Z^VugAp2|5cd2q8x-R#r+La0LLA9}mm zTpV|&$cLY>ogTf?ZpByZU(=@lp+bB#2C1Vskt-2;vSD_^IID`}(D}93ee*nD*!>=X z3h}H2tN91o;W07wVx5yjlrhFHRBNe=h-ZXJ-hjeCfd_3yPm-&TP5DXYh?PcEMqyqFfn;~aTD?u7pvchyM_C8OLKr)@LE?csoMNQ==WR+_`Dl!NKz`#}@9Bt={Mrx7JFmtqsALDWnySWe zPD&oETZ?Iz#66cZAKapekRJuxWfJPXbv=#u&XO+Oe&X&NB0{OG;hyj2Uiw7a;raBs z<>hH_di`l7nKP-(W!;~DM%}kJ_ zjAJW*GAqEX(E10+7`1s?V-+R;@wdFKg`&3YSoX70E#_Hd1k*;J&kz_+o0PuD=6wuw zx{Fl{wN~d|oEX7m{}FB0yy7o{hAnPtzbVro_VA{*O6Zy!;KN%je(_`_V&B&+6yX6^}_gtiEj5HpB2*8z=XISB=cb z4E@k`ZxWQc;Y;WfBu8HH2aPDY_hzd|?FXywd0bm1y$wnHC+x&!_O_dvdCCD0X~!mV zn6-UAbz%@2e2xf+#pQ^>Z;;;?Rww1}mbSPDdbiW`L28T;TCX^-H#5S-4+{9b<&@+2 z(h1|l$(&&$7V@7M_|#f2rwIVBAqKbSDNoOp1s6~L zn9dFo7k?5-PH6&ofbL7+w!Ib$$Jj^y8y+GD&$E)ZX3PK9g>j>C-_xWLwnkR=2a%6l)U&xHIG^mgKrCYR0N&Ww%q?r4TWK?n_t@zv<%K{M%c zSVeOPN(M0L%iH29E0R2Yws3N5j$?h;2(_QkiO_we{+JchmC&mVP2pEXEAX8nCbZOz zxgu~>uf;2Fw;Bs=LI%GZdDc|hJ24pbfEMI^diTz4x#pvh%`CnaQ++PPh(;)Qei?@m z+kS<=gWk!DnB1{`vr+jqx>#Rh+g|VcE4zvJy`O2SULo+ zzdoDNHz6kuxsmc+^TlnzuMhj_) zBCx!nBtb`O_E&1!!f`83Y2xWZk8Gq9m96viQ^RSdD)o)5y)yOv$98KJ^*jz_U7Uhx z;n}-D+s8Vo3(Kb{=Zooaq)!0f`EtNp6~d;Z#2dMzEvr?`D|^>D6(*0)evTI8AFnzP zb~b%3Mqj+2A-$Xeh>OOJZZY1{J@%@wfD%OCdc8KAwEp#xeVf6xnLwK}bzS~qCJkq| z(3gbJdD3o4(CTYq-z;v=6@1P&vzPNxeC@y=_sb-8iq^VPu(VYvTdJ$4BL7*LBEO1lZ<}w>Pv+d0(3Y7NV^~iyC9Ntsl-H^ z0nBRDAi-3X>%$u8Xh~u4*jJOLx&|ro%83X`Y12qaaEGQg*a^HVJdxJU%bXy`%MVrX z2FV}AAUkSfM&vieI&r*8ErvQd+Twz1+*&sm3wsL8fsj7G^$5mUpWQ_!-2j3{Akz1Q zP5LVBnQjB)7Y*~leC2K6zM;{cTcTL%0Y)Yom6)CEcTS!I6$n&$Q&$v>y#BJahlEY% zwd)Ae+7Kizf$i5CFHwyfyUe{60cdh>J5(BSx!$7cKcDhY+;!rEKA(&;Jt_<&HB{2w z@h#rx0Molj?R`mOZHlRrAs;oLuP$IMiHA`xo*`~pe)$|%(~u;H-N^!=C#mB$chr#R zKoE?$6mMSEFs-Q*#Sr1DsybZD z0-Dk1BmoCpg&YD@ay%PR9wl@byO%NCe~tktY-W~9PV}*ZD4*7cS5Jo3IdPb8T7Pb* zE1s!gJPU*TvCNEa&)(rBK1b2@ovjUz4iP)i((OU!S{zPC%QdUX!5sm=^D7QU&AlWT zM1K~OW__443G~&{$M>U9o|vNk;(+OY<78QMw6ybMaSlaI!Deo%*sjQFQgp3wId{?@ z8f@3}W4W9$d(E-bp*BK|(syAhCRVqCb~_bGO7yYe)C)}Nv^&0Y>b+DuVU!^YV-)sW zUVawpn&#y2JS|7v4eFOwjCSaAmqkez`W-RsULAE6)0td-)_>@B9RU1^qm!jVLyNnv zM0D~IE=u8RzQZs}x78RcY6ZG$xW(?yBQ{aG^RuD}xg8M_Tc7rqVsTQl@VK zx#(mxv~SL7M%@R!vV@IQXx=jA1|l@Wgy+&+>+&}~p!3kY29L3gU!Po{jr5Xaq5%s@ z0~Qjb{nbBLL0*V$gl)(p7FncE{6N}QNnARb`AOLz4;bVEW>>{^cSa}2N~ZBCE{jm3 zqjEF1!pr4RqW_4Xo%N2#Qfv9hSV?D!9s1@cvn?9>l^4^Zc;~%(XI`7a^Tfnp!|oE6sCJT343sb!`CnZmf06uLti3DSc&3Y_gyVod*gOhoB|mug z)%6D*w8Wh;t+3=vZyG?v5##-J*aCW&v8su=kx0SzH5Z1iPw2{bxEYqG8T=-~4v|FZBYm&*>_D2zO znHOB&0<8ae_wRtG;D^C7!4E37TaqvnL>vyZZ3S3)y)(nQh)K}P30npixre4s?7uKc zeTr_b8hqZrqo3A;+Q|^(5qcebFT;1q)$%ihG)7yj;?tUhYw|eY>e`xn729}#EOqmFA6Dz-n0I)~M*HIxD*T(`wsnn* zb3KuS;~x|znjEeX)GK!d7o&hfJyz$Z^YWF2%Z~{-R~x%;xS{)UJPr^lK>7O$U@lvJ zYynq3r==~=@H^SBhn4P>&RjyAly_vecmro^DSbkCUKB&-0@T(YrMPB9RAv%lY|8dsl1u!0JuL75F)}ZPKZ8jm;TCg{Ne7a zfHkQR~{++bYADdWa%ZYiL$M0qJr zYA5&ULH|igbx&V%)wyJrLS1W}9vo+~iAklH83_4>?&CNACI?M)yQBm`4Or3ryNZuD zQ16g~@+Myc|HD4wJ;C+;G6m2y{x)3bP7`r<<|}wZdhxK;eEF6-eL}4wMngA8KBK4J zthMxf|5UedSih-1*`c}`E@;a6eIzVX>A&WW@xV7z`8U^3P$GH^AG zd^Pb^lpryoNaO7T3?f;h0gn_0Hl-o$3vqCm6-u(SJqYJ7+O+AQjLDh>ITo)}=*ugY zt5(Z;R@k32L;S?)qjoedYvnTA2vov(%pP|j{;KY~En7ct|7A)$-HItK9r#wbWIsu< z%_vvlAwx->U=Q(}-%cUW9;0&dcp+vz9m}~TBG^Vcb`%#K?$NV90B)HJwg`_NGm=*0 z{hjuEN^-p)J+oZUOL*88=vdADO0%w-sAB1qdZ@J$&=y#*j7%{#U{yE%H+uJfUS{uG z`F@!l9k_cIOy~?S+Xiv<)}uO)eC^qNNucG}r5Xx_1WCCs8xqDfkTaJ%Vgh#|o^=kB zT&vuX?4B%Cc=hoS{g`dU3XQIRUF|@z!unG|PxS87N5 zAXnF6x~T%=cMajE(TVfeGTl8d#sr1SM7(XaD7Z5de3+KG>KsEWbE_+9JaUjZhU{y)8GvC6|Tx)qtVFI+L;M;^VK1&ImOGn&YM?C zgMud%@JSZq?~>7a`p;B=^YtHnPflFmKED6K(=)Eq!Nn0@?{TI9-&3zNj4`P*IY%r8 z5MLF~4H@zAgwp~qkW&eXw=YHhpVA(PE>gyZyueCxkq0a7M&u_e%FO65s`oJ0rw%U9 zyNb4_o_CX~Cs!FYPJ}(H`6ZkU;t2xYYlJEYCO|^@TANT&B_jz~Rn-ayXcOp%`%bjr z?z~`ez`CNnEG;806jb(yMeexLlcT3R>zp7UMa=pD15$_A)8G4P(TZ0pw0@fm!pS zAx-69JAO=SYg&ZIqz#{iGq!f4#PG*)y36 zs!)AS3hL>8&r~uXE82ZrrV?J8{&&lahj|lOGZMDHdXQVEn0t>V7We$}( zbRNFYs#XZV09**W6$#QB_|iPeBYdtKHzFL-&uySqV{;c)h!1oKX`U*$ct)?O^jEIt z)7=t@Z!O>^nJizUToazF9IsX1{*n=_^HelPfit#hg+M8g>h7XEQsdbZuOT#hvnsrL z)cuZT>$S>_BX?8nC;h=IqtAy5sTDP*0nB znPJM%s)yZgk$4vL$q=z9-C>klc2~cxP_G~($@0gWbByAOQEK-4{2sdxclLRRMLjsS zcCb1wA1zUIQ@+P>bW^mI8`3-MG~M&wWj4tD~evryn& zW-2Es!hoMK?xY0!9u8*xc`T-KV|iqeja0vH@kn7{2S+~}FFF=Cb(MlIwshtH zw!-(A54vCXZ-S>QL}U!tHK=oZS9oBh;vThz{X}?=V?`n_-n4WwD!szTuo~hJqT{d+ zvc%HcRre^`>**cwH`I-{R00#F@um^USLR;cwNxQdsr8neqh)7j0DUCeXxZS5eoEY0 zG2e%>xtadB!BxaYt;>BwMg|WGO#@^aI?AQ+J3%rH1$R1(v}_=Xc;En&;D!_>CIVG9hXcCER?a*B`;rZk*ntO+zADwpJT z+E+FC7b*jkZ<_I!&(92hO>YY;a;(uD;Rxi3<8uWR7k^eAE*^sj(v4)B#&sgp$IjxC z{E$ZZegrhgJATER2&d3U;^6Q-VA9MaL8W>;uZh0QE_i>=vX&+|?0>l%)Ar2Ku`t6p zFq(4X_E4mC%%)kbq|V*H%&TI#dCFn9RF(r(9oq5rOTkw7iH^=0FJx@_FcCMWm+fQw z)5|R0t!`VMiu!t&WWk|EiCcL(%)Nu@;65y14}_N+f=?zT6!mrZhQ0}P3GJODDLlK~ zaQN8|j53*@-IYAi;;IH5BJqK}e{n(h(lZ!DjUag~_IAS*qv#WHUivB5S_Iaz6_8iMv;u`{ra_uOIKw`{#OS+$lKj zv-_1`a3yq$!}x&_aEx3Iv>jfVH|Y+f$GJ}~M$^HWU*qI(=JlB7Ynen@uDGgmIvzWf zpI%&Wv=(vQs2rO-Su>YDLb=KX4UH=#gs?WekzNI+TA3dfwd3TJ^a( zw~;a2)IJj}$32>O8i4fQeQ?D;sGofI)a|+(oqG&mqw>@NA=ah$xjiRJ3bbFIKW#9Y zuq6Ch9pg5xO2JrSMf5@o)07oWrXg)q*J{dRS>qK3{n}BQ3+5PsWRh@%5!!`FJpF)o z2u!#9+oVIJM5;fj#O_pwIVbBYZJPA|GX~or-cEMvbjfQM-i3H;pXpC%pH{!Mbe}A|?->bI$;aHoj(r5b81=W!r|Y>LtO-t` z?5YSkkXPTzg?v|!K{L0H>3}wxcZGXKoQ0$)zrzus!(QAh2(;2_GM?_0Z1qJPX<HnpL#N^%`aOQIkD%Nl~FpE--w(TT@Hk<;Bv!gkuhHkqC zCniacg1$X1I@LNALSuw9Z2nd%ZSfCzFdRXsdJG1~RO)hG4+8*cr+GiFwM(=(R@ z-3FO@BJJKb>*@?1*Z!lQ6f{%+3Ukc>*=rM>{Zq{DzT#lzWvrnlJd2W657^Cx&Z9Ni zGf9&~!fjnsLIBV>)!N#DGSL-}+ujit5miv3ybz_qQ51aJH7efauYsw!b&n7otE>|5 z-1qk+0a!PW)9Gb&^Z5IfMI(j$3%XcAb1nl3=Ohl6r7ieKjxc-_9Suu?^%9+wyy1gR zj~lzh`qy`5*e7Dd<6Txv9qsa}ZE;yE2$}dmyJBlm6gSpPg<2xs;95U=x`VBJVXLPn z&s21Y+Qo)AW9Q?!Ix`J}>!8ZzJbRJFO3)7N+cH8%%tl`0PrlLbI!bx@Y_gT|Jp_~+ zVR1W-GH~D~B0Hx;aou*okN0!b#U~!4I0Z40sepcU>`!0z4ZQx#h+p}SX9paMTFU~+ z=-`n@ZcRkno*wjRh!m*nQK-ntr+sLMLlkE2>w#tB@Z{1TFwwsMT|7?mrOsM<=zH+u zUxi&KBT}Sh2z&c1Bq=y3t9#ozS@wx5{#q{ZCP;oU2rCHimQ$_re6G&g+#^oY)dc)_ zmr>G|&p1G1-5>A7KN4vH4=UHn_34(!G!I}%nR$M5t!z6Hb&&ME?!i{C2aC@O>V;yq z<2a2mVj{1;YGuFJ`n%k(EW+pg>Z;E?*dmhMlPoS8C@*#2p^~G@zek;C{VxIWnfDm? zA^nkh9^c|fzxzH@ob(CCywT`VG}QP$55GJb^u$hru}NtUtQ_%Huhg5w6; ze&@yHi=IwC=wOloQe1~dxX9&6RQA!V=AnV0EKVm2&6`3j4|^@!ulC=c{rMVFyYC`7 zXjv0Mu7qOw3|6+jqy2d+rSHSGV=LL=^;N4oSp+i*tJH; z+LHt)gyXMI9!U25RlrTxCJBD6#41Xz$LWy2(A`!cuTrUhFm)$*B$C(BJefFN+q&ly zxV+W!cKVk0NvCOFu8@A>j2-}cH>X{hcU)0l-*dckS?nVn%Q0^5nVz`h43GsOk|=Nl z2`o#TbW1lQgzz>kyV!?f{JnNrH^SMs)C#48Te=)8L2R-wQZ77yeVre+)5Tn>ia96u zS&m#bO<9B2v;~wT$%k#z^0QgycdCSane#&5#wDmk3JzTVc<`8geQn}++dCD4%uXm9 zWzd^wk32;QQmFMdeNS2o@#?D*e2hPRN(=?Y&c{}UO#+&~*@=0FXeej1Z2>SfMZ3V@ zyH$e>@1Pp%TcgtOl577=#OLHvdeHepX)6eNnKD z8H?P3T)!k(dtl`qkEBFnNEuBRUcKUfy4HNhH|x2zG1*tFnv|_Zr+6>=R_(L6f)z=a z@OO7j7JVP$N7{0!b@CP1Lbcx;2>h;HE?yR?x~f_J*EFKDXb0HotL$%Io>ds1xWjwm zY02ZhBX7q5CC8({P^>67#sx?7!>H6p;1KhztTH_B_CNFij6Sz+FXweDP1eq|>0hP4 ze6AF~i3Cx@`Vp)l&a-de+R?^8Hyuf~s`L~`L52t|n+fKq99BBKAp~5fXBP9$;T&qe zJ6v&_Z5M2pKkjWS<@zUK$9jA%y`> zbh==c`{dvgQ#kIqwhLyGvnFQ+f}7(c9;-#(Qk;kG?lrm7jxoXks4853h~15qD;=(jD2NRQn-G z{KKVqU@9m2k^WYWR6#pZ2&s)eCYN?OSH}bC)ao0Zt7Ok-;=YUcNZU`c`JaYIfpYd` z>^r))4a&lg1&mQCE#uuX#WNh`Lzz7q%^=eQ^kj=ca(T+H6sr`I8LExv1?2UBfdd!Rm`vFIXtd zgx^GdXAx1D&HQJ)l@~RfoRgP^^pWc=di-RPAXrB883JGk5DgHLdeG%6)*PCBl@B>u zYrFhp{)*>-%}eq#18V?$8_a;2cwU$vLsBS+%mzAmhUd=|Vav5X6|bcmRK2cZgW(|A z`U*4Kw<{a36{Tay8X`>G;x}kbCD-)B2EvSW*{nK6p956R8BebbYG;9ei>YlS zsNqh3<~5d0g&1#aANT4E8dM(kH#wM@EpF9PJDCcGDr%C2m(AlF7Y+g5zJPQfE_#lt zXz5o-#xuuJQp=CU5OUk0itBC&xY&UAcfw<;_-k#jLZ-yGppH#B)|~r*$ByFds7+nn zo`RCrl!a29(%U!`2dncS{&uA-`%-M8Wr5+JxRZ7~y1ZfHoV+^@RmZSH%Z#^v!;x`O zkGy+y49B;$9iLjW^%Jh4?PWp0dnunujjsfjDjaT9={U|=eGy9Kol%PGp7mtwyQ_s! zCkgxp_YwZO4x3wh;F6eO9JVNpPLe%Qyu+sr;S>2z=(g2*Bnva|<$EAJTcG#1B zZ*NFj9jElGaY5sOnzLgVnA zki*ai6-N@c5Rg+`@B^WQX#P8*otFk`wra@<2gmn0?9=y^8y07*{5GH5NmpXa#|tS7 zeOkz;8GAb?R1ribLIY^ow7a%zmlzDql264?IoWg%0{RkRSDd{5WONu@<-D%EI*LcH z)X#ePdMcr+)d>s;rILDH6RKkc7%Kos=(K(L^s;U7f>$6KqFwPYUdO5ssItF`G_K_J zole6t03WNP1asNBLnH{R=3$YUN5_{RO7r$FeNUn1g{(~D3Itnl|W;CH!s7n7paQEa}@2QYL9)Q9w~TQIG(-R@AQ^2%F>&?o*O~BZxSe{#Rk!v3D z)hcjy1X-x+)8bhjIk6!Ey9$ovlc6EC)M4%I88pC?g^#}R`4 zOsCjm%fH(7GWlS?Z#w`qnI6H)0SwSFLu2|*wim>}Vh{1l=K8PxpohtG?+3rf4tr_^ zQAu1CN)tgnhs6616wV_k8vQ-Eih8x2{W-3ewIA%XzstUPcZG1ep0z@=;F|oSa2?eS z@qwfqr8v`UQUc$vto?PJsxJrrdgK5eCer9FjElBc$O`Bb4-sN9?J{7&D8@5%$^E&z?#-*I}1+Nm!@2Cnpv zZwwhhPy@=LD5ML`#hs&!JR*F^qKfR)!aq6~5AgWVI#!>~bS?XkSvrxUcc&H` zGjyh+w4zs>5z+*c4ipgGhifN~@#p0j*wMUSr2Bq~o~;s0a{#5N#vJ%nL-w=l{fn+V^W)DI)z{C!x`E6^@~~dM?s)56gj8_@JLGOU`oj8F5LV;Q1V7Sb^@P-oO`3LL;8V$ZhM#BAV9h&HTZpOe zTB)}Aa!ys8);D%h73mB6v-$rQB1RcLAHSZ-d~xlkXMef%q0z$Cc;cCS+5Y7t|ZHUdMEW*s{@G zu-Wm4(gJipi_Tkio;ywPWR0ewZB;hk8rvOy^G_H5TxdV0f;<9#jlZ0>zQyzxCfsX@ z?hePLp22HeInvx>n!e9HzdP04cJ!(6TFIo%BEC`_&_4l=boH(so3fh#;x+bn?a_;Xy!507-oS#&gKD7kZ09Y>d>4 zp!^b{j>WeOI_3++7^S8{XyDn>RWeul-m8G4@6mY)|007&-nz*wta5Nf`#H<}NlwK` zoviO;(f7hbMV_a(OWFg+Z{n=wDtBD_bxb5#KjNyBBrQ_FGt*QUQ=i-4#y);Bfb@9= zoUYOS)Ox(-uFoiHYaX^VtIMN#(~>${pi;M2`ZXo83`hy#>wMow2n1lmcX~4XY4Mcr`N7*De0bVu|{Zo$P97BjFzK6Q$+t;HXvKS13=cA z*B~`4d+1F-kD8fGDI|wVBCgKjdnre=M(};3_Yh1GYd)HvriF!MaQB&==OQ9?D!`Wa2%w>DIG zu$wG6>=Y4=RZk2CF?TX#>$O8AF*Y-k0~$2J84M^Q^#4##tRuUh?7p@pRK+%sDI21d z?&_$hVRf22L33O!GrRShdc>9C6?Lc+ANZV(IEu3gQ(zWCn)ec})sfyAuALZgeflHL ziGkdL9WvQGPw^-sYEuq8-9VcLn6p`Nd0hPG0vdBCT%>#IlWej*Iz zsS8X%Da2Y#^c~5YdrU~h)2UL`c??yy?Ij@3@iQaeA?<6kw+BX|4xL^vn;U%~4{cp* z=Xy?Y=jsRYx_oR8{`*_lvCu~!1N?XcE{3rGNVs7g15Vb(j3yK#mudLuO3qf22{0e2 zU751B3byLh{2oF9poPKk&}BrF4O z7S>O`6QY{#X|uhPzzZy~c0o%0J;pVSL;|=YuNA<~@+2|tl22#EeeK9O?tk3I$pdloC5v~f02;?xcNU(eraNcphLZqa_Wh{AS>5Ezr#X=5S3`lHHuOO+$8&cCUZA1 zjYb!IEY;iq&sh3HYOOsI4Et85KsJr9nh2mtzsHKfsoyDy(bjek}CQ%m)D2*HSs(HS!J!pihPMBI2*L67#Mi8~8O~!#r zCpv@-32Ih29S)iGU(|Q8_wDmH+4q}^*7Ho#KBL~KPq8Nfc=8Q(jwmWU%E?Yih$i~3 z?BdyPo@jO?*dm1zZ;cx7=sB8E7P)q{TbDN|05bMmy0nFT8nWL(0iI2ud_M@~Eh>)z zZlRwxYV z1l4Y2{_~ySp9FQ?TMjmY8AN!E@xhGlu)G-61Y+0e#`HGhjsf0I)ao?u>(6A6$cO*9 zqd8Xw?Q2vTr*v;3_oCU@EP0A@(2#)1>YIe6AAGL^7NW{ZJ0Cyw>g};m9dFqGe7g#b`^U%jeLHd@%#~^6PklRJsMxCp>&W8-Vv^-iO0xK z9U-w*aV)Nc<~+3D;$ZH=8xBMq@)!7bW;Zwe({7t8-*=i}?@{#!q!I`1d~*7QsPVP=BJ+in7ooi~^HZ7~Zm!_t1S8ONrhZmTgOYsAIF zV1#|y5v1UEr9h?ZQe^*ozS#zHu60@8G4;2E6T}vP z)0CS+9yy*?WQBg$@(o*fOaN|u@QRJ za`uzN;he?H27VU7WSu#)7t2vpsflqsgRMTxAsFNo@YhCN76NR#)3VbltA3gRh8$bw z3fz=_SSqN?SaP}h{|*?bg1%6b%4G&ZyDL$WeGU+M z&t$))#LR%6=$UJzxY1{ELSdsgFTEKEa{u>bs%diYmj}TgJ`V+qY2Ag`ANQ-~T~u32 zH&5EkA6c1vuv#a6s!Fb3e3$)0K!HM$cj2S5Aqqc! z7r}Py;3<1a<7504aw+1p&tlw7hPK(T;pmZ+)KjyGccXfqAO_*_H&FlaisyAugb>Vv z6@a2=iL|uWISNSA_h+oDwC~YfG+Xb{z==E)g0V_B9{-FhWC@bH0Ik5G<>dlD=zy&1 z9w~wkIl=CIBLzKFe|V3kAZsIvv=p?eu+7~HoJ3M^YsaKCHhyq3kHHMB7;44AfT^3~ zWQWims(%(>$~#Aqj{5<~xqtBKY3)m19xAAzQt64Xq*H;+Z-q%3?j6s){fgdVq36CD z+CO@xn6e)h#lf0oj@Y4!o8E=0YS6t;w64-3sd=T?p=pm9S+Sbis0_~D)-^T;MgY%S$hNTM(1wG64lT71$8Lx_u&j< z#9dgwqhb9+%*~>ZA`w<{S`{D=_e;;Wkz~uc(!uYIh<7+3LBC#c?k}(w#%>BK#nW|C zt(C5Y8Eb2dx(l06D7H9{MI+5$k?cStevnG?zW4@ggzCS^;381qH*Rl!NMJ(|NC8Qw z?`{I~@kJr&rXAQBNV8-%YT2CJC|`&{e!L*kZu@_duyhesppSkoRd`Z_1tqAF;%ikt z@tsju993}=eQ0GoFzdvnY+maZei}fbeMng@vjYVY;J5^#%9<(vfvys}50u^W@u5b_ zQk5g*u~iiGTgJdn3&LiO`g_iKQJ$hU&=p!~_dMp`#n+S&rJ;|G6o5ae#*QVMgC}%( z?0z`&>4|77w>qL&dBHvZ{%1e&cQZN%(R;TeVdD}P=DCq6#3x`~Kw=+p$rUEws zclwsK;NwL8k_38sr`Bv<&r5~CO{OVf{S*YC@Pg^j*3^Pt(AOWOMSd~)F_BTrLt*a* zNiCiV&R2zp(YpGxoV&-&q1ce61OGfp+VL6F#KB;pze6|& zUdwSZjCBFTzj%+UhhiRP3aeH0%$M0Y;?k2AUKfLeh0hx<3X;vVYa$(a}~wkd*i`U$!XM{l<8mIpGz_sPt`-3sT9A@=x6_-ex53<7tgpY$B zng$F|w}<1&QL(4drEPpCnkuq-L&=ji4}F z7loW+UxlTO0oRfqan{ok7Ht=+{yV$_&I*kOrw-UZoMOUVE3)*;F!&Ct@tz@+y!1QD zN)6PW`wv+Dl!_x5v-an0A~TI3{r}Ge&23ucrrhC`0Q{54h3FqtdR8MME%!D1m zAw%--igmH>Jczb4`WFt-*NY#Cuwnq*DnNX`9HmQ9FhEQkEv0MMh)DyMVLhk>;;4rf=Wk&h6u(Ji@2M*rm%C+{~% z+`j-)m)Zn3(8~(N0!Gj2n4WKC!Pe#|!wDF(FqLYl-h>_HfE7$gi*bqRJJjWCPD@aM zUv+Fx-)DwQ>neI% zb2wj^!T<5M3RHb%knCpqHuxZ#i;T2CKns7ON}8l7YxkibG5V}RZ30+~qEc0kpRYjz ztgBpQL0W+ek#EdC7AbBZeskj@2>9*V)q;DNnUVW@p$RZTY-k@vZ06%AlGJwK=p%E} zMfKu`u#70;FsoSzqW&Qg-QhRpvk|*D)2mkk{NSJ_5)CN{J54dDZoH07=cpL^?4Ycg z&3y}p$>%u@G)E`@9RxHAA?<~8%I>QD*~fG{8_Ms^3CU|};Vkf~1J(rj$cP)L=yqJ3 zc2mX5A{OhtE;IDsoBuzrP)O8>K0Z>e@PxL*mY|h`cP)3-x;C#!%3>nO^z8Dop3gaL z8_kLN$sCD#=KnEu)nQdVPhX@2=@u^CjdZ7gbT?8WrF7?^yStI@&P%5>NF&`{l9Ikx z{eAWQi*tGQJZE=y<}0$<;ur2O z|EwFQ`5w)Ul-D>AvkIk9ltHzp>o|2#;N8IXsP;+xg!duID%9H&VdAOgo}NWr%6#oO3MgU_s!Q{@%{H-?7X9 zJb$Q?0Q$<-0&K74z2Gss#4_fk@%EY*vyWYF~vkF*7k2-`hui z2ABpjNQJ798QvWh0(%qb@Mp98N9yW&APFYa7R4WbBLQsA3;#cxGSHsn^_WjD4E)C1 ze*G`mJzH?)vGywK!cw1;u|=`u6-C{I?u)&`?MeR4z(@dvA~OXV0_}32=w66&u*(`d zXBL$#d(BSpSvof|bjTqGwSBAR24SBf&0NQ%pGNY$>rtl-SJk?$jJJ9pDxccdqc&ugA1t`cL2t4JW9g{` z2;cmvaf|yR5|0P3Wc2(E?E}RKebYC2`r9n-5X}uyPBx_-S4ID7Vv=Dw(3^kq5_bal z(0m^uL7X8rpHz{;DlwdW3!R`ZSyj17%NX$En8axpkL<&-@~!Jsx6jVwI!(uA*y(|C zI;&KA4b1G97voygm-^QP6!C`Kz1dfCfifHWHVD518QR1sNqB=Mo-n!?*n&4kJQ2<2 z4AiR3beh^~>6A*8LthzHBDZ3KZGk43zaC;)C45pZTMwlwkas1QFH;oQwwYvA3sP`2o%!$@fAHRf-Jw4NBm_BwXd>%~Yfs^1VJNPkSL zg1WGZ##m}VMx9$8wDm#Dwf$owWYpi)i``4PB?D5dY$l>t&W~08AY>B(F7_k4^2RX9 zTRHXJs6{=e#jXacXf&dywt!N%MW?67y$pCNab!fUVq;#}-^>z1^?|n`IX;GgiX)!k zJEziGp~ykcr(P{IbwQb2)sycfG$UZN%((d*7X*~Je*h_UWe{s@lI(u~M6nbX(;z%H z-0`|6bEv%15@?B8XF%W>p_kyyp!~D1wSIVAHA3r1H#*Nq+>`O-kD3?Pq+jyozeP`9{1|qkP?J9Z3d{RV&l;2{0S`9sDoRK-YFmUDXL&8WD@S;lJ zEEv6l^4=fnpcGH-t=Po6#z=sqr~V@l$^sz6t4x-zQ+ z^%=>-S#5{%9e4hwo^}`Ree?2`j-jLu2FQ|Bi0{Z(Fh#!MkGKA~VJzbt$A}=(;F6C9 zJfCfGJrKr%M4qu?cW|Wk#mFev^R9bRVW@TfmC1U!8_Te=eG|QsoIh2q3HTJOe(+Iz zf+oz(HU)Uv{+Z3|i4ZvvjT)-G?+_06=Qs_k-wXqkEA=A0K-y(H$-HxE(yvvrx+j*T zWD8K{iV$Ny6E*%A`W|5ahhg~w;Z!NFav>O2=0NubVxEeIIAFiNJ*gVxFE<`mQU0oO zTc!Rwqn@q`1$>mIPLTY>y$}(dCO?s~Yipl$9pQtXed?y7rR2&*i_%4sQ;#sgbx=pTaeC^V(7!@@y5j9x}aNesY%-e;4_t#{q zX(xh;Q{3yDdb|r7Tf$lO#OSNk;ej-0kJ<|jRxV8aDD?TudoJM;&yMcU&|T>6vW3vq zvq3~j^?`BZtg-@f`aepOiMs~k>4MP)LbE6Wm|LSmdTlj3Wx!$d^jU-A?;%%u`J*UX z3v>Z7|Id_2BC3g1%;deXGP}Cq^9*n*~WS-Qe=& z9u$p4%59gPph?b=Cn!Rd^PWPg9`Ou6;e#Ine?3v71S_Q zGJ+3Z5d}gM&Xe3O3Kupw@ZSA_KnXM62E6PT1_|zXrq!u{a6SGPTG~Hezw|(_Z4KAO zarHWpBvn|RClZO@*!zE8njxyE6as*^+0rb)pnl)8V|&rE;)0gwA_lZp>#WORjYZiJ z@lH1ot;7g;V4><*g%___H{>Fn4qeLkM=$d+&et<+f%Hm#4ih>0&E;6G!vt6_&eh0_ zg}Su_7z0<49R1}6-p1qv-)?eE@lt81JQX2*f_ev&FSU%3W)?ik4tfYY%Yb_m6=5r9 zZh0%gQf9r6<7=54(Q?wloczca6dRN>vBDLqnCrFEVV*bx$nTQvxr+JSyA!d3{$B}u zx;x|r5(0h8F|Ny?lnc35)Ob(9ljB+0_M6;vjf=?4eM#JwYnoMTz3)m_Up8Iy=%|msd+QDo_gHY@?L%An=JLj4bu(lTdD6Y8zMm>>;dm zs6yI!$w0J-c)rqEL!uKb?iTZwL{-sZOW!JxxVoGYYj^;%Pg!Q{&35^q5D>p%@RIHq zv0AzY6E3y3q(kHAY2_>OV89r#YD3HMwL>y5aqG2L^IxS#?955$l%xT+4u6#2RfqAkd%n{Lt3!0lWFtF6(xL7lM=Q7Kf zF~r*tL)^b1g^dhO|8hzA?k6G?(;CUEu!k365}1W_TeDUn+}Xa;#PRGi7`AYfo;ZH7 z8%WZjY&5i8pWm2|$q4O)Cy{#3iH|hd$lypSVci?*!uVv6%Gkoe{tXl~P=R(1a8BJ&!&ZqJR~y{TO|74*=F;H5!?!7`y0DjF9eOT<95_rfa;|+E z;aRw!immY9SDg)YYMF(Wq2r39{g)_DVJT;kCY>s@Rr%N;b87X(7@my{h*YlVgi5$4E zmxTGC?v@=8-O;amq8n3jigOOlkM35rm)JAg_vTie@=?Ih{v19)H=Ukq{_yR!4HU}0 z{MNvE1l2b=_2MALIdK%VIZsxzm&9Y)!zgyQnI4O60VSGF;hE#PFNhtRENW>qD6ih9r)`@+hu%0>!AK(P%Y|uM|+mtSdNse!|_N zOyhdyRn?f`IL$@9S17s^ky3dlgun7AmYWI~*5S7H&T6cT;=4um zJ~kd)dv9Vl+R~U=^mKI@-cTI)taxnz5XAb>Et=_XH$h#PI(=hL#eZVQJhn+wcPt7( zqI8A$pght4HCCCq6fTMPc5Qbn0cQ(+DglS=H}lRY3Ji$jxqxgG?%mw=T=(mCN1^9F zw!*KKvX__*N?nTHhhu*7C|o)Nt4RtDapcQycUlG{mRc=qkS{WWIz;mUROwWUTWkZN!;qq_A*GX5&DbQUum`enSM;EeuriSC+n0ZNZUhW(o^L$#xsrVs!gC`jW}z9L z(Wfpb=~FLB0MG7hClx!&$r(5Ppyx|nppMdxgqP1eEzT`$JCrIBlVr(r{&I0J^i;;@oPO~ zV*#6?!QWvJ9YU&%!Ndt8j4I4hx+g}kG%D$+V)?*-O@w+*zZ=qa@p#s+uYM&q`SE7T zoyT){wQ~8cvaydd><7wPyqvl5n4PtgKU%@68n%{-oPyVOzTC`cMzg!w<@Tmt1p`#P z&zv22Jf~x&+^c);wqa~>P6u4ekQrLO2W;LbzCMz&!j(njGKTk#v;5698E}z6MgF+x z9Aw^(_~#n*&NfG##PcRMQi2pqjNjUg0Re&BQG2u^-ThFKHLIZ2p zQXM0A{6&Hjvm!&Ee>8L_`i%;rY`JUv-_VD?}8noW1)N%xtH1tHqC<71<$L_>+oJ zS9{FoJ0WJrV3c-yvZq&kTc`e|tNvW|eq9N{Y#X%-O8za*157g#Pf*a_=B&zVrTO$F z;74`cU6IC~O&Grc4U$RBw^eYeIqhy7)V$!+&Q zT3o~Ut?+vURZ=<3M8xs;75Y0L(sv_)Lp9D*6W#_FF5Ul{jh$Orjkk=3QLRi9?<@xw zBs;gPjI_sl*NY0YK6`EIJ&Ag>^(6L=qxErE0f4gyHp2Xt{DU)n`WRRVLYUJ3IDq}Z$m0uDAmTFiXT?f zO4G56oDi<7pcJ+VEH=|~LTANh0%f!_Ngka;FiKh&UmdnOD`BeUDSTr$@7waUEBzz4 zpg?6LO&2%Z!))NES)CZBn3g!D9LMW;HAuPyCb{;i&9EEq!{KAXp#H4Vqj<&G7&TOb z+|&NIPX)3pF}9k*OTq)^B(hr3KVA=)CbOaAD(&xzfEEs~AT@vm;jA(Ls{xe#cA9eD zD!V23Xjs4>5<-!NTvFjRtzr+>wD^K|_QHUCi?sn*?-Ox2oL66dw1fqHrfHd|L$B%~d1?A$=Ykj^?uElRu|z%z@2tg|sZN9`1?rbVqx=x8$t`WY@i&+l059+|D`};*SZJg>q#!v!C1vcu za=ArU=$nP}Pv_K+#Cajlsjqj0h){rdliQooEZh+*DjMw&nO}y2tYRIck;EvBIK4vb zsO*cnSV>nUn}JuVgWI3h5_#g|0R}DnL=oj)@!00sDXXdKUoT+%FPA;VUw|zIxBS zwxNKb{8#2B^uiZj85C*sB+;z)Hp6S&!LZ#SnkRt>n3-!{scts-#?G)b5Ptu!^0|WK z1nlb?Q`WD`jA&%fXd(q}*{2d(^MApSd^ zMWQMcs8EzOp;y6m5csyo$9c40co-3 zj?>AyVR%b=y%z~M%~*D1^gQW)pQ03vvsI}X9|J7vtCN=Tfe1@8MH<@tykfY3SY=4x z9z_HzMH(=BEJN5d8S@nP72c-*s{UgX&nWq0bz8Nc;kAL2w zOtLyaWuu`Zp4C4+#u2Z(m%^orQ9)QO8Fq5St5D$G(pDvQeY$!A>8edDM&)fCELCZ| z!B7TrtXp)R{Jgisn3>4INJ`7XEDU*u)^dxU?-~l*oeM6es-o|a;;p-X(vKbtP`KzuZs@Hu%b&33@#S^#hrr^siTU(g^K6Fr$ zuuUkdVzxU2GX~g{!9Wn(t~#xm|4at_b^Cd>)~|Q|Gj!69Nx4r(UW_q58gja;08Uk> zQ7zB;1U)3Lp~@XsU>knW$m>X$`)_cuOYRiSWxrcn3g^p66LEhBQ4sI=)6%*k{ovz1 zoDzqhavf)(IDX$*Z97%NJy*!XEFQpZzss+e+{zHdN!!O5kW-=vA?QU3OV>P+U(PXD zLPxjvqmdnAeSv9++{ZzvBZn(#1t|XMYL{Y#3br+su(H}mWm`@=fW|10xwK_nwpPe? z8s!l(?Fv(PmojYmPFIRoz%48L_2ynEAK|+{lX{I=Uiqr_?%Sb&kcUM}ORoKLlGw7t zmqBkFULpuZ%TH{o99iUtnqX)*2Q~6s$!>}&Hmg66$Rr}_4FW)Dk@RzY{}=fu8+rfS z$yX*(@wTQ^AAZedB<(yMJy7a$B1>hJ6M1!T`y=05k?-Y#>Bnlbs_PY1-j6$N2)nf6 zIwiG50!f6RUM|HP1u@6-VVcHPXA&H@5FINbtP*Hv640c@0J80^+F*lgCWn-1= zUIPfb5&lYFWg5M2@lqU0G0!{e6=F)7qF7xJ3_@r1wp=Oms zNAaa$rpUg+NNit2qL$~zEzM<%8ZT9*&*Gx9;t;VCmxs#1G?&z{r{7BWGRx-$K%}%W zye=Q#xH52#e()`rD&%l05#emQP`n!R#q9@_`==d>^UvMFKE1Hb{SPv@LMA!XTsXR{oE%UKvGo*qQEB{@Tjkv>)`{XvKmJce)kM zg$}k;uv35sv()CG;OQO0gTZr1cQfz0%9i`8eT6DBidxd>Ef z1CWntLmrjClmu)RV}_-_6snHXV3ODS zmsp6o7o%}9vNZz{SNXMqjVOOilDi)w73J_R-v<{RR_>2e&1MuGmSr#GIEU#+R_V>r zA2VGSaGxIwMG;I0V?|z~MtOKRE(h$NOJh|HueHg-=2m~2Nh5!0o4zBOj|xCEPdfML zwqV$foo(uHpE*;~XD|tey;3iwO>_vm)Yz+=o@B6L^f|wySVx^Y2`8aW1ZE-lKjNB3 z?LhVx{EN8qIs0;7q%OY`|J*4!AwJy>hp(>bTc5XS%U@=Cvhj9*?bwFwz8&~;U7;## z7p>;{87G3o0uj)sj(aC)1s;3_6<7O1PAn-JTTIKHIrF*&P*F$HdfW;s(o>GInp+%| z&sPiry3`g_xZpB`wK53fuUu{(1FTWPIxeo~G){XHh1zTg`&|+Gu;LYqwx3G-;B8$N z1&>2j_lqfOuY3Y(SYfHcBstLWTHPTr~cHT(HU!PG*cZx=K~hj18ZPB9_g=a*ub z+ro!ag+=z{4U$Czf@Twsh@>iED=o5x znNoMX8DF?KXGaBII_Gfw1dY%+UMO7gF&yqBh&;8RX3smq3)*GCtGUbg!4oK=gVFU` zzwSK0w4U+|SG+2Zp`WmPEKDl=>Jv1&KJ{9Ij|TXVca+&PusE0ST3x*^%ca)z{2dWj zza-pLVinluh8&YfUX&XuMEe0b4ozOTd7O+yuD?O*1vN4P%C{t@n}h5NzIVro*&70@^o zt9nAwhjdyG?c)9E<2~H7K7rNlX?s1&^BcZ*sky_OoY&lQ!(z9vQ;ZVr4YP5l8|q<;T5RV-ZqO{+B|UhJ4wh;?3B;+MVYs{q!(-b)DsZdlaJO8a8r+GEHS�M~O=FTEN}RrP za5&o-lGDTf!q43ltc7Hh_(pyNv5{tN?PAr|7mC-Ce7KHdW+yrgSez8IemP8+K1NrK;V?Pc- zuHJ&3D>Wa$t{jFvKAij!{oJZB{`8}``xvHeNlx|hkaNR*z`7*g*~_9!((3}~JhMtj zwa?|tg7;ziEU`czGgAKW4SNxS-$!elJlAfFImcv;oevZ)u#GF~9c$~;)PIAlw*f>~ z`=hd+ke%GY4KC2Y5L-QK_(6JHERi{QQh}{d z+Lc6vqVLA-v5$WCfx)9Ocq3L^N~xM;109fQI;>%T+fx)i*~D;kJI)Vk|5xiZwcnMr zGIF*J!M*}E#-FbqBMVt|CZD?<`L5K68ewx>%#;sCF6|OHU5Piv$mc$Z9+!p5?cmEQ zJ(l*|b3-g0y>yM$b$zN6VBeEUTyC&=gZW#XTCN8d+%UYEa`;rsn4WU^!bG{bog`!_ z9b3?Up&7;074&jPoQy{7WH+a(pVWn$?N8SN0MdC|qG9GeRa;8Rpw3;-r!Z+ur_lyT zi=`_B&Qo6#C?Bxf@NDYF}8-zB3l zeX3Umsj%m^F@gb15Lqp%q#Q=k({a3a5T?(cJ;J1Z-e!vK17Ugdjgd@A7I$$HV2he) zd*sRondTxoKY^f@-Oe9PUQeBr^>}@R=r2p8m_&WMFfqCQr2yn|_64@)A7~K0O)`(* zq%Whp#*U94`&&v6-}GTPnnN)ciZod-FbSHJ&Jq7?pL8}yR^)x88_%`Rw6s+AUm(+8 zi3${8=L0>zED-ZH1AcKS2Oqy!Y7nLyk;oo)W>IKWxYkx86a~hm<^ea)uwU|h@pwjO zwIsR=clN&sn8_UZWorsT8-!*fk!Eg=5_u~)X+PW5iY=~ozO(OUY?`**VNI?a_60@V z>}tC^-FK~X{^Eq{#o@!XNntY& z9YM+`_RpFl*+^x~A9Z4E?MNpkFVp^r3A9gJ|T}^VV8K8*NJt-uLUTAeaT@hcQK30*0_6-VZ5;Zr_l}D@`Hn(7vrHKA!=|{*}d>xy?w2K)QA1UgHmx&=3S_LrPh#BpGsxiLEzGi0t~Aq7?1P)9a}Z z0jvGVyl@@6Z#^Mc? zI4y<7{ee1EI|{Mk1f+X*8%#P+<;gc(+2vyq>=SYYhCylJTQ*aQZV#C|59wXS8R_x` zl*1NaG+F$tdl67)cE*$(X=MKA$>&Lky4t+?F=-48lpZDw+v(RVTuPclv|Q-pPo0K3 zb~kwI8Xr9J>~+DND}&;j8s=;~s*k+T%2>0J^uWN=t$|q4q>UYRajg9K7Y!B%+U(I; zECg|nAU4LLOIq=A+rU$s0?O84a|GK0%HEX3XansL5pF+B0XS2)a1Fyjy46iGIatsh z*z?yLb)EUolM?04xA?-$5wcRuc?tzaoO^SrJtf;18HP_>3+eAT?%d>n^-Y#YWDj-V za4w1kua}Ek*H=0V63Bu)VCcal`9uC}*hszYq}+*4>#`*X%V9BGLKRD#{s7|gLM*hj zT3xe2pkuTt?#$0u!N2|DE7NTnC^Ke`dVvg^lzxtU+YtKvoAnxv+~shITsnu9nDXbfKUr(rkaKsTk9+4G$85yiUf*dDWBejmoqHl`jz*P!7Pu5pR=9FHAz;l zZpeGuqDv{r$q(dVU0f6K>Jps7t@;JI>qiFfnCkwMMYUenekmVCrLXi$T{;`{{dkGY#?MJ-DcMQ(3qAZoKzSa~m8L%X z#e+i=uardpdidwn_M_`YXYWwUpYN6tj+<7Tx)xL$FYenW-zOYBa;?z*z}yg`t6_G{6!+s|3%+2a=OQp~ zm=zW3GbOIY%fD6Rg+nl~0ZwRlQO(C(_U{>nhdzh8!t`gJX!@$~{@q6`83t);4-@I# z^y?~3*76gQtN9k|`{NVz^zt(2x5Yj%u#K>`1#k(1wB{v{2ddWKVhEp5^`@jo8(55h zh5ULX%wuT`_{)?NVYDy`_ycPt8l`L?FW@w(u1!t?v=OpKuQ}G)*f@6Uf>Qilu-Fj3 z&x0gnZ#V*<7OE}LH>1VS_qvcH!-H=LI|C#th4R}AMSKYNbtK@%eR3eu?ukOu^2Q3nX6$9B1&VPQOr z?t;ey`Pb0MvVBpx)jtTOSc;Zyx+k*@h870?5_-%2AM0<+tjn>-%UFKB-& zsaby0AU1<&?{Tc3yhW&ZfjL`efnGYLaua|AB`=gGYZtkX8f00ieVwa<%h-4?X2jcA zY?}lBdp{r#)UCmL*_mEB#rL}7rK8Ak*53yA=8s8*;)T;A#Kgq*0o#70w$3$0^~kko zr$l();>CEIl$!4`o=hNo(Z9qp)%mLU7MoeMr7DcC+LbHok>c~G`o#%~dX$# z=1b42ZTTJ$-r2clEY(Z((^}234C{`4I;#sj!YZW(ltS-)Jhab4rAr9 z*b$+FpJ0{QjJ?;|bhq+b-$VP00r(6xU$cV^tj0L-X2vj)uH%__kR>>54pLdCbA#gh zTgK7{htTV$?!Oq-?mVX7zI*-CcJ}(d1>nWzi;sz3op1-YACEZIahz0aZ@uRl*>Yr_ zWi+NKQu9Ql`P8hJuv{{83)4*Cm5*_Mv~AW-fOP)YS4HsIYdQD(89m;Q^ar=sS&~!P zRCRpz5UU$(KEG~H&f_5%4+`p4O1{_1tS&*B&cNv!%DdFkPS8T@`;n3OA}CeS9Pp8W zWn#>j9N5K~#zJTR`c05}!8LR|>nmmB_&9kwQU17l-NG?jdQWjo`n=fg75ZuS?H6K6 zYkmjZt87JQImx82CnJ!0v3K0fSnGSrZ$8WDP8(tcrH9ZVZ#`#6U4si9-}o$FLWdKB z+w`(ToV(foFAkm5e9hkj%AWh1Hien((w?}9CM})t2EAvUlZp4ce2kSQjO|Wj2{&_2 zO+<_4t60`cv5*ml8ZxZmOmQ7G;2b%4>1SIW$5UEw^&u<&;Bossbm-~vszJHkkI)Fb z57SF0*|XdobL1@#xYL|9*Hx;dMUR#U&@O-?C=gh2JQurS?D13vGPKs!_fA49ROl@o zEz0N^4v}qFRSdpMm?}HNKwm)=-MLCPiZiOil9o6smb-58tsTO?tZG7R=&CJ8u@fH(eDwfoD6bW7L4cE~ zRbFvqPc6JS_gidq616Y6?By0b1d$|cNvN>l!$V1tm{MfEO_3HiU@Lz=)qk?h{W33f zjLzOAaI@%AK*44Svw6!2G|`!(3UIZ<_vmzZA4e2UK9#yjd|hv;2tY#M2w&~TWz;T@>FQiqca4(q(@>si zf}`P&)}&gY?f8N}67SPWxE|~6!6qy9B|Ycaj6VxPn@+Io+Bh)JkEWqW1#-llKhb219w1W`K-5)uZ(d3~b; zN;lsaj$z(Qe{o8A|6xjOR3;(>L^bNfTyc3aw+u+%W zVi9Cr)k>qEA?f!rDBeczHFlW+&(gB4d2Y*8vTouBalZCWO*x! zR~q%|-R1QxDO<%tvohZlY|ZP4IJGTPiATtizMLQ0iC?}5qyhQ{@6XMQZh@HuyQ$_r>7VDvmbAzPnyEqqG3*A=75wf9ATKA>p+KLq~z zzB)jrZ`@x->6qV;-%~m%-6t-$TH#aDe-~-Y z7N#DW6#}T|EMy1P6khfmGv@f9Mn98C2$Y~M_tPrTMUJ%RC?0mcQ{55qLoGOGv%$2Z z1ZyDh^0d}->&_iM8=J3i8u%g?jw!$8?8|G%yZ(D7#gV-Tg?QBIM!q)ZkNhK$rZ}t$ z^f(EIW2{ZmNtbwnXoyyl8~&L8@hX7NGf9@dVG8Ls;Ph5fFO)+G`QgPt1^(!)N1>#_ zqBs8LaU5b~@^v%Fn!}NFo4o=bVE!0 z^BjDa@wpkVa;~>`FsJyScp>j_S(akeMe?A9Z=NYyMS*<24-54k28}_F3C9+>$|c?f zG(qqg+xg4IY(xEi#U<0rB~nLMWqUX8QG{Z1_agQ8wM`Q6ivk`nHMUmQA`Cj)+%Ihg zI|hRq=|Y@qeZ{n^Ic)-@pa73O5OL!Ra_5vy1BQqC!D9^H@Td^Ka_KBqC+ZsY;** zUiS07PMx{lUvIeAA)s;KT|wlwTWD?G_S~DeUHKf605r>#(m7=n&~HU`h$4Kt^0ayP z!-!d0PD4a^zWfB7AUO7g_D4_q&N9B{OEn)c;<<&FKF5eFeXg<}P5XMTo48qL`hDon zorC1B3NO^noOdKr@p)`k=)Sm?Ca;xm)a)qX!7*4oALv2+5YY40R7>%EJ}K8Twq@Mx zeR?AVD}X=daPENNclGaV-_=$5jJKMwYI5*@Qv$AkX;oVo>RO}pkx&Fy`t#QCusV}s z?|K;ua_P+JSM-M^A)7TAA*WQoM*Ic1TyCQnt?z6xT97$|z*zl|IXCHfs=Ttkv!{9` zo0oQQT?G^Eh4o-V;vq1FidR=ssbIDIQ-J+h;jo{3H?|N=+NNL@ATJNbSq-mKtF&9h zqOKV@MIbyb#MJstNJs_9K&UMlJykG6jIGe8^Y9PmDE@C%Yx&(G)M#z68?6g9kLDL`sdJWlsVAV8Q#B;BjP98{V2#|u za)vX*=i!ztOP%*y>L+v|u@`Xo7R#KXUHAv=C^B?PhOq2C1vGy^-Fh- z^?q48@T>=pLIccOfXKF7fW1z2z!68rn6Gwm4Z+>@JqmthAZ?B}wALx9PuXHVH@moJ z9VSzTyj=Dp#0oBvv9+M&=*Wo{GWI{) zC`N|Sg3gu70S7GvJZS=<$TtJqv8b#F@LHWsZ((0P z_KtT`$bfeRXJl<+5&!4m(?*n;#i$Ol#i*+C#bYzW78k*J`SzMwR68}|7oq@O(I*G} z0_L@ksm=?v{o32=kHrn+47NR_F@AJXDEmDc(FQ+k_HJ3;g7cy%OCFcGPZz!;lL+z5 zHNHP}=nkq#j3TOBtgj8MbbQ96nB+&`pv>w#?>@9C|2j2yoaZE<m@1L-rjJ=QrjwuMl2GvU2jL?y?l&VG^$t4CM6(MkM zA!*@o_;gdnvRp!?+5|y{`~#pWBSZB;HbV$#s%nDcYsm0zR>Aj32|nN#{)?n0h@C*+oWn1I$|Lfp#C#^Q8v;N)W1ii29TMnlJ+~ zIPLNLnC)-s?RoopRovD&Db&OjjNA&tOL!N~ns2%k7#RJvp~Z{LV!m@pYI|iBBCwjRp_vzoeza4uA!H-7b1q(W~cv*-g^4k|y=SGWP6IK*` zCZeQb-@!zHGh44q)9*-OnV`-v{MZ~Dx11NbtPzO;dI3p{{x2S+qb00(E-Q=%nMJ9L zElG`!lYm#^Gvp<1{kg7Z z56fL$4>m8@<<-V+LW935@aqk?CuRcg;qDh7P15xaE=+IGEqzraw&nudJb8`(7;Ab! zKWQ#ZP&meO)=+z<4Q_fZBGI8_nsH4gkE~mfceCb$0zx*0LDDt@kmRo40W;c&Rx1&S zK{gQy2-wXre+Vyv^G^P`&wRRagKLShKQoP-)*j9ewALDToL(I*J2}=)KvzpEAtIn5 z7quJ{uUg-<>J*2#z=yojAV7w@0Z!MOykH3A4@@7i?iD*_n6J_6%zyXl!+yH&0UvFPMAJ(z;kAh0)H90#^7ob87ju}?=b76A3sl7?|RRQFLjP~D6d^2d2E z=q2r}&~i7N$j?8BTiME<1oTUNi7jha)rTIcvM5)J7wejlUQn3h=!&Vn(>X1_N%S#U z)`wdvFXMs@ZK~udutFjV4f`gnK9_jDNq+MqaCMo53Qhkoq-}ry8P0D(hl2%mvc}TW zpgmIunDj}>GOLzw6))&VwqylSwPGoX&w7R~s#5q-4E|!Mq2gP{XY`&_&%!Kr9TZ)p znbSplES^a?FAu;^1j{itzc27cOt+L!Q@ljxV|pK4cbU8SdfV$(;r45JQBykQQiEsl zXQjcap!Q3ptoK^mR>vQSQ_jV00+#`+(>GW3umgEBx2g03(~FYY%@_KgLn1VZabQb+ zI!$zJMi6^Fz&vDHKM6D6pmel|D3Soo^KVEq#v*>Bgpn)@GM|xe4Cu8X4G$Hf(ta3! zXttXu%4^aO`EPkjoH zTS-`Fhq)j&%N6}|wGhuEi&Xjn8sAa0lD2fHfi7)pW9$3c3v$;2M|*)e6T`db^mO*k z(k85K#Mtg5i=Z2P1C;Nba^*o0-Y}$(H5)ii2c)-0UTh4h4VBqzLovXV?O3R|!X2dZ zpznp{^eJ?fVIDAb%ULG`iJ3)EajzzBc<4xk-FwV@K@uCV}@DFWQADgF1S7qxQk~3iw*C?Em5y0?yGJ0Sk|8kjBl4^&$v70 zLcKGkLGK`Tel%&p?kur8QL4nMJlD(rx-{AjoJkxJEy1tRMmEQ+!t(YiP%r-hk$CR? z#Em>1>1ZqdO5eIMdK}mf2v@NdiE2_z8H0W_=G`pA%ezLj^38vFB!-r8lF^fDGQuJV zZ-W_jxd=|soJp>5y(Y+j?T6*U$#t@gB&pt*+%uktB)OZJ;5+;*Ay0r#a6}c-p=zhE z#aTmAWN~XJ7--|zo?PHKx<2Ud7;OaDUM$HMicHsG8DsR zBszCP;Qu0IK)l53?(W%1)9%?Kr(ir=+Ik6&v+9)|-PBS`r-;~|s#eQk`TiGm+E;qpY6A+86a2(^t1a(KojAtdOlXoOc{J zxoc`JRcgDx%SIM(Z``*(qp8s2LedE;y*hyFp0!g@uDa- zR8!Oi&#@lpBBhGT#_-ka^=MI5p#d(ciQV#4*iRa1Paa}^KdzztTC9WXZA~H{U_Wm@ zIhddvk3Eop(<7j5X;FIfVbG|X&OBmXB#Qf7+Jo2`6ri(aT%*+lL9kzfYi&tT{(^V9 zC6w(x8Xoh>+d>kIU5RAf-=n~idPl8yM83%{fBbjOF}aKu z%$`&hQ5Hcqm-*8~Go1?0EttB|GlAxn|P8P_ktK3Q-js52K+Q`5lp+M-x z*#i$beD_kzf|DYCyQiz8O(#=EbqKwIvaWox3_;Sc?td^kO zU8yn#=KE<98t48Orj1R)mLLGPl)FGW;z0|R|m*uyl742 z{YnwuX6kC(KQjuL`)Xi)rvzPgjFFSF|Hxoz_GVX?ifh#@Cv=K z2EW;-xK`Hzg&-T(xb3ovNme8obQ@wG*`8Ot{~Rk*lh+R4*j_uR@)aK6#_Mq(OL3gF z!>{_MGNwUd3Y+GRc^_)D)7%T84ZNOCg4?V=HF#OBBClQ!gr-9~cVD>*MK<$Qk>097 zjtl-nC^NCCs-8dzyLlTLo`P1uJT4JDkfM*6C64^LEC)d=^HxMlQc5%7M2WShn&a_Nc!-ZDvpJ)#+&*QQE`9tz^^6 z1R&VXIcv%vTf5noetdn?n$3S?QCL~J+;9_U@AEu?(5{@Xrk|yQ&RpksI;wOGr`R#yIwFsBVcIK##Alpbyz>z5Itd|Hsr%) zZ-at#cZ;NiAbDt!6r>~%-QC?=rMp48^U&ShDFT9YcOzZzdGPc~1I>S^ANPBv_Z-h^h zGmnsEr+w^4kw?9$lf(3frNu@s-xx)urQ?z*OJ3eTsi2|)X(}{Pw@~UWqeU*_z+oC; zXlHbTF)Q(k_h?8D^fhtXY-LYf+5VR!yN$fhuQYj|4?SuWPChvXTebs<6tEY3OL%AA z)cg5S@|~pqB7E#0=JeLmNU1qz%XySUfB2NicGj`In>>CNPl^s3TTS8t3XKX#KZnV0 z4ToM#w`O&e)Wx%#v~;=ixZXE2hJSR?RHo|XzSQ+{E@C11C$ay6ub6+A;yQO|c-6$O z*H1-hGz^e-+={ERIIyhTdIW!}n#7v%c0C77T|AuiIS6E$#c>SVYa4(-TK2z0MJoGP zcSZRZ`--v>pQvj+ZrLl6ZPlW9>AG3pJ>@WUm8lQP4q9X!?rraLT<=!r?%nImLHjpp zM)ICT_ut2=C}X7RtZtj+&!gHMHAn*T3v9N!zYC?N0e|W{Hfx`i{hzB4!Kx7j2E!_L zd@j=EFM~%pYc}7lhRf+Zup%x0D+ra1#%JY=kDu|T&{qzmVHt~HErj{gRF`T=>W%5u z4Khz;EZ%69*uzJ-KyIc(Mv8r_k=zeL7h+reNP8Kt`p)+e;!up}9K~uLdJQlDgN1`h zEh{^gVefeDyrBZvvELQ?*-aJN13jGWzx1C6^+W^(swPW~5O!lGJ0rl8re(GM#1Yox z<%imUccdnY1!>x#tt$i7^6Tf4Z*||Sck;@rX}fa{bp{3~s64Y@app&t`?pWlm|Yn> zXkDSD2-~~dW8A6FfD|!$DVa8vcPvGR5<5b#ux0n?BFH-yQTWAkuSr|kHjZ$?ZZzNtu#}jvRYGddQ(Rwp_LK} z>I6GGafU9U!cg5DR0Q~)hYk5u6SSed=qlb}xMRG}s`X(Z0Q*1O!B8_KYA`JbdMB-0 z=g4}#~Fp^w6+@otg>M*M63*FA2br`QzmQC{@N# zAjA~GtdKfI@sk~7iX zptx|`E8HU(@uw(fHHMJb@IwCNl)YVG8mfj+iE=5kUB93}c9rgm0s=sRr-=U zR;fMYfy=m+V(k9{Y2b-KL(EdAmV1||MpKkZM|kvF%bqyGeA%H%pct7`vVN8O-m39H z)&M)=!h7DwQ0JRI%202a`*_eH8d?+QG5K{=h1HTLZ^j=WWDyF4G@DQdT>b}y{Qer6 z?>)h~(xs&?R0<~IB8M164T+#dUxOt9B`TjProq+N3U>@qD?QDOJLoU zYTcfCw;3|1u+YgBHK^9Yc}QfBc|Sg60lkrLz7yQ0kS`v88D3eYbJ% zDfhgoc8}%T%AB6#N_y1meNXJA(7AeEw@av8X02}6_knJnTWsql%UOSf;_`xZ4&-?8 zO%+j~${7KH^eC%MhY9qtujwhP;RG$isfFX{@`!zovs33(?py^xQp+>HO!$3oTkZP0 z7^FM-?NnO^?Vh3jJv+Yoh<)A|6a5T5c{^4)k4L5KFU22>>)wY_>}(NU?3hN5vd{ktzL zkec}O$N8qIvZf2w@pJ?;bVZ{@f3d6ZCHrm21jy3E;&&gXu6wE47jsKqf~c;XhEp>|d{RL9ZHv!H?eybO0*lRhw}zwE9Qc=e z21QpEC_n(FuEvfvz6#G7iMDy%{hwmBy>;1{g&rzl8 z)zOcnjUvsmm)w4}h1#{X=6j^#yUqsm1tL36b+C4b!FSm5&t*+A{)q7zL>ssEO-WYw zlbMPe60}#{2c{@v>+O(OCs;)l3xl8MP$hE?`p`cj#*1p!!n;J)*F~xMDg0W4AEC0; zLEg6m{IyHhQF|W*8WtdE2DY=v^eAzGHyt;^`IWv=o=T7Icy!tJDWQW%Y{+?StvWX!WxZEo)ez$cc346- z?o>IHWAncxhYs4Y{VPm2n@0f(*X&UWN_=wKsoKF3P@#^dvl{E8Wj9_#6)CDy-fWYQzt%bguH@?&oP15j{3+4W6(gGIS5A) zikw8h%-bz5dfsM9h)K#MB|1Eq6RP%lw>-QB69&DG#!ml_7{HGoufv$kuoSP^u@s?V z)UM~wK%tWae9+?pd3@6Dpf03{)l&6YaZ$K>UDnuCBfjbynnryoM&Uf;Vn-GMv6?jB z&pTInh&_vQ)}kt;w5_F$Y+c8%vve&v+!#e_NgqV4DHEC*VXd>qkAE$eMRnjvj`EZc zScRRbi39e(l9nq_9eQBU^%Qowe~f$g_)<(e&A7Jv*Z=px-&{m@ZK#gg=-jTcx;wi!5-k^AGhH-3 zKJ({u{e5VL?9P1R`*?;Xy{u*92tW<9j5orzd`Vi$rdjiUg`l(FnJay1f|3ye0@0+5 z3uznr?+nW6Wu@cK3Jks1J)CeiVGQc|t%#kWCzoMi z81`pG_|V}fu~QW=$jeGKP9ZB-DwmrNItTNk#9qHMhw^`ND#^(@@dT?wyNQPsCU;*p zXv$`)eE2k_P0YI3A7@8BGU6I<655wZTGhodq`2i@X*RQCk6Y9Ef27#ccKhqI3>8DZ zts@hGLTPIs00*tTZzhRJ==1xm(^^HX=i!~Wa_>j2bL7o$ZF0eQ7|3pvG71Lg zkvzKgO;}>d{SmgEVKKjGpVZ|YVFK7jU2Rp!SdIIYm%=_2l z-eWuBqYNdKHUbcpDRmONTmgiQ7ihG_z2D^|F@(b1LBCffcRh9o3I#=lX`n6kl*kOw z@5U&6=A{sSWrSB*dD;<><=Zvs8&o{%24z28^<(3}$Jzdm-q9aWvC*{!8`tlg*4*8U zsr8EF3d%Tu^6x8azq|-wfthrOgIoQ+1Ek{}J#6KJvv*I2uZpj(3F^k=O#>fv`wxrV zZHq?aP5UJkt^D7MAPg9>KOH>q03kdf8)7$kZE7a~cZ_bsG=0A&I<3eZl%hg2!8#cM`-1Hkl|E&(TJ`e$IX+EA-)Uv2+F%#|dYWc2{OEJp ziSmg7dMV%kqdfuxi5u%%!a>kwSzSkY{i>1W0<-8;%JOnA^)=E*_^uRC^r3{9?# zM+6yloz#_t92;EJ$kbTqX#IVo1p&S{kuTR<@*Z5Gh3npR(@Ep zuZ93>XH_LWE^=Qjq=`{do;HD2ehtL_Sw-|LdK$+_&01Re%$Gn| z)=La&6`en8`oJ+>uVDvp06HJ?R=^-F+<=lkNeNRWf$oLOD z&O(#vLMI^}(Cf-vFV~Cz3AoWPyfArWD%!Z=Sd$r*5;|SkrwD&Y<@#+`j_@}Iv^4!9 z@WB2>K#7m;C{m!1z39lV0>1U5|I3612 z^rnYTK7D18gI!K~cVGdB6^B)gCw7xznFo146&2-VYskWvuLvkXg5kjO z6?DLXBBE^KEpo>|^7F4T11oGFlhvr@#|edPJ^!0%@IQoh4vZKM;2*JdIEyyL9;D4P z*Bt~Jdyji+OeK8W3y_(K{c<~)oJ5j+Pub^0h&z&zXD!?zs_d>16}8OEoQD9_;0x+==_Iw`q7@Y4KKcgwI^xA z3DP<(L6{ERD+9fk`uOmDiRLOd^Nf%gm(6%iG(Ixunil-mKJhw?)Pj=x0qi*h*N1)Z zDcsAxZa!RKA#|=H;>^YIeX8lUD9ru2VMDO*ms9U4;XM8p!Bh*I!}S8*TQin>4@eP! zU#F8vXl7L@UdM;`+!`I-SpzS?u7G9BS2@26WC}p}Wai2#({H1Pir~tqvLbJZ#=y!5 zk#UvgYKifJ(tB(uO5pL{k-aNW**`6*)VPv8GJ%Z0Dnqpd`A`YkR-O0LB7%SoX!TAD5}Co|B+?9WMVq55=b8-3tcv6?uw1U)6k(KVs}E zlXgPIfWY~7`30_0uNN0qMT+UY379HIRl}bApw%O@kMKtKL;`xgKtR4eQctw{?~pI> zD{v-QEOM6&Q*TzL@?C~@l#3EsAiv1DY#*0rLV@$L)fI9nTFo7TT}`t8NEwb^Ic+6} z8yM?==MJ~tK>&H~*QLWTa7o&@h4QXmy|@3b%YY-3TjnKFMgdJ>vVaBp=y$x&**lK9 zqLf89)o9*x6^&}&Vi@C@e3=*RtNc_{P`{Y&-%@qnsQg;anXxbbHto()EvT32n=BF9 z65xPo@->8>YNDKKlyCsc#6Q}HEjSa`?o(Ctw4U5YQN4kpoF7JtXFmk!5N!wlkpNah z#facdP6Tu^;%7$o7g99|(m*e>h_k<%&7 z`INjs=gHYrmUdICh^TEo&`z@Lf1D}nFsrFg^V;l|cC^7bPr$IVVg9H$h~_JMT_H$r z&N0mpaw$RN&v(6H<#!F2ZLwX-Ef^c)F7$YKk8mF3Y9!IyCUsIsw2gN( z2i_R1on`6ruKX!3pCHpUKTA1AM(kuPWXF2J@1u0{B~;aoc`Z(rZOI~<%{-d6f5Bz^ zdCKwM!f3Xu5teob7&O&z5^Ne8tg5uY%b<+~J*U_yPDF@8`qHiE@^Kf2i)0I$%BwsU zORg^Jc>v&Z!wa?CqB~HaQr_!d;&lN{$OuOd^C#l1h8Ni>zvdCuSiF{Mk{9+x=A1{V zm$Ds{vl)8*|jsa!00+A|dwSnyiel=t>KHCD*oX_>syBJM6iDV@`n zrU}?xy=r=uk9ux9x*U!Jf{1$!(5-ems-Zod2WxQX5O`2AK4!W4#FZvM&2Qwkea&S4 z^4G_MTPE2eUNqviaM3mB?~4D25yy(#b$*@tTGe0fum(3yh({OLHvkfj&-YQNZJS1* z{T(5$vcFYO4soD%xkaWMERan-o^s4WeR`XhAC3{MY%DyS!cPum;@)Os8Kj;hc9zfj zBWP<**v4i6p0f7W&^D05zn8UE239UJIqqrdX!%DeM8vdar3tN9x!x6WjM_h^GHhz$ zja5FvwYk?_GOa(1STkhQStOGilOSrlErFSfQl%@EYzLVQjtI1;Xg!!JUvTelNVTmm z%`0n3P`I1!3{`F0<0X+l97` zTc@Tnlk_XuyWRy-)6a^gN_Daz3toT!C$8&g=i6$SzVFYTiJSpqL`F_274m_>14Q{8 zajNdc=u%~+Vl%FIY-+27|6a>8)cO5um1~(psuPh1^tHSpt`7+3hkQ<-{bvVS0&*_$ zGe1okH?`IL^uPD7i2eLNMtq8fInoYIVh}n9N8-~&5Ze>*!ASvK43Gl8yeOFXx|OsE zP)p?C40+E}yJ3&if65d>vMBmW^v59F|GyxcRsXjjXMYxClPc{|jNqFB7tdjwX;aMx zy7~K&TH836d~?DO*;3T=idyfrwrVRNNr08s@Le^Vf|Az_@(fI4+CXOY81sb9jAn;M z2l)5Jv33Xxpo3Yrszh`SmJ5xWC}ex0g48g|#zEOes$Ur($-&%VzfH(;%!^TTw5pP5 z6gH-1`V|k~)R+@H&*J3|%KvEq{WX;}__gY|E75f2Py zn25yA{GxTc1(u`bet3Qci8jIOBtMVes;DKvG-=78>YP(L|6>t_T&_Ue$VR8=c2UW( zHXo$3VYbSzSk`N{oBSQ0{j&KTC!<#PFvwZ_L8W4kpu=$&^(lsE2~{+K_8KH+j7IZ* zbR&#sLigG+O1ou}_Ie|++C17!Z{FPR_4vBIko|86_}ku8!DI#OI&B89C|Y4^=aCB? zY*eME!6-OwE_dN3H!RHMJkL-zH<4(Cx$|fjj>vz9ao-X0*@9@AovHkITrad$i@(vw ziMlK0C%HG)a|^{KEJ4|Ti4QDK3j7UC9agNUc$x)bNt?uIB6eBN)YLcMyYn#;T^2>c zJJDt}pWZV$$w5R?fZu=JClpu8QFX;96LY;~YY%ZxIp&J{AQh3KUsdGPAg-Jsesr{( zLS*61G6`!orkdt#9^ps^)Z^iS%41$k;w>zvD3hG3c(_*m*df24iNUe8y~blTJ~$3r zpS;5lc7}PJ`qpjFn@CD}X6;^(QbtM8(aNr~^9A6Ypb(i3kM-L1O@U7droGSi;&%ek zg)hV5pWlM8B=T_7o`Mi!3EO9k-AKieFU#+$Usw4ee2m4?yjsN?g0Sk_$#249)TfI{ zl6D~dtI!5h;eWwP6Vt`ATW32Cc25bU>Ykv;*?@@#@$@r(p8HyM^9gP+9q23BO{;F) zvQR{mMmw}eE7w>!TZ04go~uyBEnT^L3ET#Xv-DRO8NWIWv(Xr7Vgwm5E4{|X#G#0<5`=Xp*F-TX+0Dpo%rLA2(cYL3 z;Yn(E! zMsSn0_(7(l9JKvS!Rm6ZNMiv_u<=2}{awCRAGr`SF>kHLFajZT0tgY2-9y+73Lh3x z{+Z36b%Oqfx%;{OEB8XldYvBa!|+hhBFX$Tt z)w_(^Wpr+*VK|Mk9G$*-oHNp>h7o&Fnv}=Qw%uo6E_URm$hMyOgu2*<$*SVGNKkh} z=lw}M{h0KwE}%Ct9HyKA zrTSf)Ym~@iYQ-BSdtJvkhXARg!(n?Hl}n#1=h~I>LvV;9F!wTCkCgk4h>AOWO<@T$ znAvy2jQ@|T=8|3W1BDS_b7(7b@ykg?^a#gRNm8Q?Dbq5_)FAnLiJCQq*YNZ0c7~UPB@6Xt2lb!{Mz+0! z{TibA9*er&-q6OLi6zvB?5_)kRj<$LetK(BWH#bZpda|%56n}dZjl$Z!Snmd^pTJM zN6qE*U70ZmG>D-5A`r|JG-Z^m1h~S6m=g_G(nHkZx}$Uwnm?9f`Wry6XZ^o10=S(_ z`)~PCJgDE#7*$i9gRnXaFyw{R$vK}l5cg&@iFCkuRXYrE-~0Ev&4K#gz^@a6eW-5N za;$D$eKtFIry7WhO>Wr9hx#>YR4Wynh^`tpQ%4PR_CiazIH}Pi(}Cm1vISJqjT~=w z*LTo9)2ydH({~*TqnHvrBF{ELR~Z7uBD<&y6f_7!9a!|WW0XHA#VKzzNC)|W27~@4 zhOj;FdAh3PWnX1zirapQz=8E!74m!0sPfK{GB$pZcboC<1I5K{1_=(82EulZTer%K6emYV`^SSh37Qwz6AQ_{ z1SGdbE`F#}GljSf?!Fs!`|9uEcHplnLaHtHzkEC!#;60b!rl&1BFRT7R*=Iv3G%ez z6TJVO;Bq8$$nN)Tw=4buH7T1fSx(?J`47m}M^anNxEo)(P@YuLr$;V_m zpYo2RO1r!D_;xR|?`_efqnb=&qM4~KNT%BFy|9p4k9+;a`$2(MnQ-n>gEJ4f-ecJ{ zoVuC3_ZT_UD(LJRpF?{EGlj$dOmxCc`RRxbg_)etacOD-4%&dr1@&WV2e0Z{jVSm`o5;9$`8@UUm}ubC_Vq3P1g;0EOWS`NeIfSeH-34FzgU=fAh&r>okIIhT~O z93;qgV-yrjToIIYH2fUsA;+phGH=}!I3HHfr9gL5PQOLvlhE6;{;M~d%Xh9!2foxy z$L0EYijlDoJi4~K-n!EzMA^$+&ccNN+(j)`6inJJb_mb1@}m&f@+|c??Xb!bu|>Dc zXw--U^hkpni@jXpw-HV36#iGtr^i%dvUbD|;d_lK-+(5E@Qk5~k_@pxZW9%*XclR? z=HA{=yTA%nQl(!PpXu?ftHq4@1_@)&>;?3bIAficsvB#^#ruV9LD>K=7d(r4$N>qp z{c<MsYnK5`$?S zjyOa?C&7Q+fJ#l^^fuF~Q?zoSrGI{j)OmWmL@S4YAUd@0#UM7Av20XGpOG|wRJPYp(BbtgeX2GcOl zL;d*T;MyX{d+q&$SUG3pC5o?`wEmF2SxDfWs&%un?X~DBpWE!{DwBPD$5m~fGz~e(Td=y=JKt+%@3SUb zJR7;1E?wHHnwj5keIKw+F<1&{m*Tg1oNrP*2rX5U+)i)L9@%qT*z7H&FO7aR{pk#h zUb^#1XPs;kRG{Y~OLHslbAksuhtJe-Me&BZstvQkNra?D)vpiX46#NTvj4X|$G;g@ z432|~PjlXeeGQb0FjHzPcpK*GZSBwO(AM5EPJ;kxyT4DJMO><#k|JBWM9?iF4pdK- za=3r^ev}-tbY6WPkPf`j1^~Bg>yTvd&T`gnMQ7wgP*O$b?Y=02M*Y(ApwF*N3Pb-d zmq#6YXlzb2f_En2Q#k<w9*~K3-a&RH{^?C~X2%%j+M5lbsL^1PflEouziOK#}^k3DB zWlNZhZv!!}KylgUj&O90zBpJZt`7;Vrm?N7I%9&KrfvPUXm0hsXTgD*UkhwoEHV+Z z4boR+kHljwoCZWK{eMlBv|DaC`I|(&44v4Rl;Fcc$Xna^69ys#=BE=Pa0LiS(Joc4 z?OM9i;ZYMV!+D5e?uQ+1blSXE$#omZ>Wu)@@F&007-_-_Z%fo{m6l+y!14Xfwc($K z=thjbnxTXD8LD@#G*IFIu{Z4RkbYxL|Ab19tKuK!75m#jtw>Dv0@Gq`l5=Vd=Vw~D zR`yeuTuo5Ej&&eiztw*KDu6?mnofQsiyEJJfqhx89}kEf6VSXM!LX=}*f<4pV}l6BdBxB2+$pfriZRA$d$t3f z(7uJ3LozN*#ATr_%6=1zYNaw@_wid!r*hl5zH&zLz0tzMmUcarmX2Iq^hpWHRFe-` zg1RL%Oyg-!Q=?E&NiF>B%d~$A zn}PqD(W|{Jg*Q$@gg2Ci@=dTNCn#1Bdv;t-y;OrI=Kt%Ls_~LJAa7bt?!t@999Sv! zuKPj_dAtCw8y-!Zsy^mogQwmvW=L%bz|#KPMwCkE+K?><^(QJtH0WnElCkZgv)nAVWrD z|5MR@xQt|UP)R(od9ac?;xtEmFtZn=7x6bnfbD&?zeYf{UlpCCv+=8A&jo=ryXXGXU`40_b<(4G(W%gx3mYP%^L|>$-QmNl!Mp{n^riM#g2(_BBF3^tf zxrWW`XoIcphOF0gfNZW(zIzIxF2#s0GTogr1hkdn^Z~OOpF@Bsv(i8aHLX zoBqNJk&17l44F>9ipmb&`R8iKBxuj~ zgOhKE8G7GZ|FuWt6#QPYHo{(+nvZa!C~vJ#-PQs0Ohy|=jH`LHD)NEPj08z8FNPNx z@((VYBDexpUS>znpbi0%cGG0yC!s&q5yZQ;9p4i^eRCImngVYx(c(86}T*X;U#cv)z(mzzf6kmf^bY!u=xVdm;Ed$AqpJR{~9^>-@zGRw_uj#rqz{7hYjg`afpMLYq*dTqdUyp7O|NXqV(?SP(Q`V@=hL| zddf|UmW~~J?Y`cI!3aygp{vbIuY9M~P?nt%r+2_!R>~k$Sj91-2?z)!`KNk!3CsT< z>D0UG-S?}Wck)F>oi+sa8S7`<_9f`-zXaa`O-`@uSbmnsmXGe}DQboA{gNzfXIxCz zQ?lsim}Mu>cUVd=A)K=1!MEL!7M^#s7eH2h@F>-esCfQeMD=UYto1Z{$oqB_)kqdx zBqUIslvfbls6d_r#exz9T?xzS`yF~?G+E1#d>DeM03zbZ znm3~+|MHHHdZU{y~8YD%BA`3i6~hy`m=WRl1ZcI zO;c7Lxn);Lo}E9`j(F`Dr`LI(70Q){nC_l8HPA2oT%ZiJn)@WH zsWj63%UMWKK895Zr!B4FIVO7er?wLuSW{k5@KZ$}mcHvbrmPb>P2XG7b(Dx{B57%z z7a7zMgqMR#4?=pY3Y}h%AVGAxQ<>uI)`sN58{!_Z^PSw(F}rf|8&!B zt<|no(6r+*&eP^73E86NiXLi&i%Z;c`*s5!O`;u9i$zF@bL&Y=p8~@?s`^_qu=f^z z1pb<2wY9!N;y{Q(BJ>a}k-i8ie{+5(F>?_QB;6lgwUXM&YVh|7_MCKN}ijfTZsS9Z#ob2Sn+9<4AL32$1L>uWJ`buO~}%~21e z-bm-{@7M5&qP8^%2WGS?c>=C-c~t37#zIK-u`8TVk6I#>PzoKJeXxN-RWQVdR$pOz zi|Nv^8nKGM^h|BEmiRJF>XN|CTyeEuik2%p7 zm!3S}A;rKKBD+1KhHFj;0P6+EMjsj;^_(B~$P71Q<|Bgy333VmiQ+=hEQ*1l^ zC=Ks+uOo~RwE0H>FuS#u=GC(VbgpNw3*wd~DW;lmoRdd?|3NnwZ1Y%b7+1PaXpgm1HS4e)IZ-l8w*hQDC%YHu=KExMb72n==2I-8E9Ps)EQb;k z4u%hRtQOJ&Jmg2Y4m^G;Th5ZK?HwGuO?+6Wc`;^x91N;08*|4%weQObsl%XVRP1=f zGUKQMw)h^b$wDN?u^7gcdPkdYG@!(P5_Yt|nusQ#nka}LfX=_9OcocgIhE#BOi-)y zmhDDvZ?mAU-{B%bPf&o89&2|TiJpo9Noe^)*eP$M5gUt76czmJOA^HjNxgHM2)B%S z7}^R+uyURJas;Gp8~+jKhmFUL213S-pux%Lgr6hP`Q2st^qs5fFU@Ub{}`O5Xw|l& zPJr3`SK$v^kziQupr+KB8PzWy@fylm?@se~CMQ;t>svJHcGHgc^X8UzuFo?#>MftY zWtD{}q+j`d$zL;n(t)`ysj9TCCNrgN4KH@Cr@~-TF#}j>igSo6syt&Lrh47&r(yph zRygD@&Jgv5S(DlAt!9{cBEWj=S5JI?hfn~Q9jqfHSUtsryv)F;)qrNnq!sFl+}F~N z@dYbmz;X5uX_(n>LK{ieg9h%PCno14iPu25hYBD5OC-uTt)VdCt->aPSoT&oWNdn3xxGpJ9_~{(B7zc=^+*{xbFy z+e$7<2hHwv`nn}VW1*Ngjz%_I@>ob`KCL5&a#u@scqflaIPA2{LidnP_?{d#iJV}$xFDt-9PT#Z>iK=*x1!nr@kv*PIB!$)9S3jwMhSPo0WKlP{L^Hr^;YAB_FB zEp!<-o%bro8h6qt;<&*GQnw=uykmdYz^>Mus~#4g%xIu5D6a$NaJ$7pL@P$vUg?8}kmj1$T{3yWGiI zzVU>28hbMMabI(mM(jw4`|SH|Fq0eeCJIUa#LDcl8#$o37;Gik312(J;T8&RnvnW_ zwMC`3YvAFo9CRG=M)v2qptyhJAn)3Ol;1rCq(w&dxUG@EU}hSygp|oo7cicztaB{v zNQN3IpKX(k>Uq4wtc0P=D8BP+=}W2)#C@LJ3?ZW7Ab=gDTR6HN ztd!Vywna=~cfHR^VVw2um|{bEKQ+D`_DjgqONV*=g(1Oz}NQ&-_da3u|aKyrBj~)4LRoXWsxjwfiJaDQJG#axC zl9O8Im%;aNisdK{+KUy-1=1_o1{r!MhGX)=o8Mho@2!F`{? zCDvlxbNywuUYu(hXvbz8{okJj_@>)NgfHzOo&RKtysZP;e6DLeuMZYmo6BUGr?$&H zHo~8Q`b50U=(5@!!x5fNylj}!lN?ZA3^r+m=7mxw%XAmkC2>K4N(Ga(=jItJ8UssF zGI0>}Xa81Np?%f$2f>;v)XCD@QuaYrESnA1`bKQB(5$|*1`eHF!I*t#(!>YSKZFEY+0`6SPz*M; zY$Po>O<8bFhDj~9gGM$AX;aLNhOSkR#o>}>6qnBK-!OtC{Ggat!XS~Fk7{S{u>;&6 zTE1>hR)lekopc+w=cz=Vs6Jj>o9F%G^$X>})975@ERDw^g3rdGO`C!*gM}wJOkEMs5fE2>s@0}E^j$WYL zr7wiEvC28j5BJ{_|LnfmoKg^K_kv18zN##uo&{UVGDtx2Vs1kR?CY{zOZ-qTGe(C& zedVrO3>P*&U3&qGIg#3%o}5FjEfZr>2``73dnsFBh% zQz+!Kn073ib`M_2YUAtV;@`VJQe~NYGXIVIvrmVI&t-W5ufQBb$EXxGGy!i@*ax%~ zXFQv*gMQhbLg;x(WI{NUNKCUx894S~&$Bd?y`=0Aq z)^XvXG#yh_^Wp~#K~eEkUQ1o?nMUglJK0Qnw+tM5TXg0%-Gt1JV$IJ%tE@?dPd+;nNhk@T{45jkbKsPZ&!y5+kY z85G*BvoUG1W+`q&4G=f9*{l1x)xi6Zd(gdP7;>t`bu84i%eAHoRwgF}+N#FZS@KT! z)7EQr3lnJVH*v&6yB?)Qar?g9kqlL|xTP?Q{4a>>nn?y*f-m$fiKb3>5;4v>u-pp! zB6_Ne!`uRkBaUX#_MQuYcEkD1!-d|EX`Y1rvI6Dgvva#GWZGX5y~vEdadj;i&Z9DV zG9W^R!hD@tz_k2YO^!LA9kC}4FIZeo zw>~vR@{yL8D0WG6#Mz3X!sX7G@zKitw9w+xMU^2-bzv7>^R-Bpr-sIv`tBWx~gK_-N>1W7xkf zl@8Ay_>^tH{MfmDBXiF^L!kCUEQYIDGvwx=$V{8h+l~&x*OGY8{VN-|JDZ9lZYxtV zLZNJ1Zyjgh*qpZViFXV7mvEIk8EjAOe=pETl|~VXuX8smjKj0?Z2^F96#X1y z(;RB;@Da@xk7- z56i&;B;qFhRPU;~Y^v_;A`WnVd#Ap^V975RFkMfV)SXU5ARN0v6q|C2or=hES>-$R zYVa8rm-bpinY0P$clh7>V73o@iwVn%7O0A{pPz7W^2!f44UVG+1jnIw9Th*1I#kfh zSN{eiHS-BnI!p_5UGOnYYx>9Rt`kJ~AMRxEKB>ds8X#2~LnOYR&kpQ(p@5QL!_8eT zZS?T=TC>wy+U8dZzwT8Z%-}w{3U*~X`=;~`iqe^FVwIZ@cqzD1^=2}eh+fbUHOuqc4nNaM z5`-4sAL4yU$uA1XRHh8XS!Ka0yh~irK zA?ohs`mg8SQ8F;j)?$0UT???RpqPy`zYJ1to8kRH<8mL!B7`3n>WE~LM!;no z_SyifI8_|F%M|<)Lt@9jo9*t|^S^;t&%3>6A{Y7ugaz@1D5#TXO1RYIk1uO=MsmI5 zK9s}(n>V$TnjEovr>z{}vzE7m6iS8sWH7fy$pL(q_i}rEePxm2c z!c(vu=5Q4j5L*B97?4bH7#^?A2xm+uWr?7RhoH#^ma#m1D@!3G`9an45NBibUGu0F zUrPfSuZa7=x=N=Ef%57KyQ&??4v%}dRqqcE6}+GO1tbVvHBRhZuXX$|1~h`LGliNw z8J&24tEa-EsROQ#%X}oF$9f56D^}Ryfkoho&MJXJ)3ea_qxK)YFL~1(~@sgt(4aw8F z7JdSqDxm+0SyA<7TOE`mr7I*b`ikTvZ$Bm36yt(&$t5 z(DXNPq(`ya0!j19lxg7KWL|txD*l8b%N}ps$@5BoRM6 zMCo8y&hKeaG(TErUqWzaD4ZE6731%O(I3m1m^I=EL^FHKPf>?H5_C9=Tz9Fzene#4 zsXje}_D89teJ7Eb!#OC719J*p49e(5zy*IvY=@X~;%BZ&TlqJyDP!Quki3i8f%^-a zxa6jM`#wEw^*2%#^uWO139|3*-II!1hOC_F!&vLQ)m?)O*^i5X`sv5b4|7@hNm{}TUgxsX1;8Gu!_}ZX>u41x zu|Afm!?(O3nFx_Gsg@eV!8Gtvk<)p)&zc>I$kLX%Y)J3scMnyrtV}B^(~it3A~U{;HyI+aegrFHs6Pk#`VDCHsOHZy%#2-PDj z=dF%O!`rZfCfWgeGcYGF_h>BNqCIk%2|2Q^O9lkpN*6=$@rS%1Mq$-~ zfsYiQKDV~m61o8mzfrw|U$)!&g#OHIjA?0#%#mhps8B9JbwR%fKF$|E%W;8VE^xGQ zHn(X4f+76y_)Gm-tldC~4cRkbi`CO{mU%%_)u#RCp@8T<0@+7=J*Lo#e%+C4oLsch zP@=w%IW>9YrCllS?J+}fK^SD(O1+mv&ON<1@Y(k7^6`^?i*>SR2a8`&L%5aQ%ATfRt=2}$T$P~&kp4XCQ1P%dd_w9Lxgm$Y!v=$?IHpo) z-=?qK#6w?;r=H&oX*cpoB`JjQuj%KMhfstxCcW5ZRZP&3S`X`UPGDvVAC{KE_3{8q zP_0bpnp~hB@#5g-i{V?`dsk-C?V6lP_-XZbp^~NZvfYoV7~NAhRN)2r5qD9kNh@zC z;O;PW)92Qx!?fz_?YIJ>Yq~HBCcY=S(8%YlShvK%;^iVy@Ai&UKgdhj0Av?|7%+Cz zVhS~wE*SJGR2Pu{GE6GAvbhF&TMP(ogtXH_HJ0;RnM5-;P08G$9!?X?|7MRBCc5(e zaK6&><&`>;^{>^>a(0x9f1&_oyywC&U^NbP<469r*M>|bGYc33P6>N1ypg-}Dyq!R zk=HlBXr>v`m*L2+cUR$@3V9q*Uf;pBv)@}x-<9;!uk823C}x5W#Ko{kVJSxXs4*bf z(jwTf?`0#uv8_<*pJ76IcT+yBNk% z*~=ysw)yY++D@{yf_LSkt(flSg(&<{1+H@Sxz@OkIuw`@V{!q3@!DfBuDOhtIMzmh z*wlb*!qRs%@2#pqhVPV4Y^IQv5PJ;i9=?VjD_y5%(IrppuwtbCp+^&(U#pPT;L^Qq zGS<6o@R6*%1wb6>35zz(4YHPXwjOp8P->Qn2*(z66ro?ruQ{;X(_Lv&c`W5TYgt!! zu|h!h)=$BD4De%jHZ||~$3rZXQu0UilGugSHM1#)QRt+=v8DqH-cit_KNsh+g@sX5 zv%n*I>nCBo`Gys@fqAv5q501=v~(S@Nx+~7VBS3QPN>H=zyKxlw_44pN1An>4z|cd zR81&<)hSkEU5)aO*-`!47ESy0ly8v(rq0mYz1E0As*(w@iVtzmAUnaBU^R0R>Yval zJ<*rqkk(rzyEIEwHdevHJu9KdP|`V5>QEO{PZbHJ68kI(O^?-eN&T-qfER<@`iMlE zjEP0R7^Jl=fsrX{&U>{l^EY?0TV`FsE+TdUPW@zhKC0({hDsb z;Ikbbqk7$Fb<>@P(Z1FQZ+m~}uSQGn3bNh}2<|UFvw(`-(qUTqvGSyb?-vzEC4wN3b1TU%@$9+EzTnDL0}L*z zz8*BjeY!en1Wy25-AjPZ!a}g7XtIdn1a?G}vP29~6K63|V%L;&4RDr9qMlEpOnzHW zOzjxf1E4Yf=Nhu4GTWKBGPf5OA~-cBmVtuOi)4sTr;##3U0*`|$KuT+qk553_fOm$ zU41ZL?&oCTifrB}U9pM|HhF^gPQXSac4+bYYkAkq#{tb<#NsJ#c<|j8i+i*XzL5*t zW>ityW|V-|=Wt2T<8UeU@+MV3t*Y`I;5@@YfUGD)NXQjDxKO6rE` zq2n`<2>EE#VprpB`8_@i)iW zk47FoQrM=?GZ7g-yQS=tUKRxsX-|oO#TWDD2)+wx&dE;fxgQ<=u=EeHXhC7I4KO%XvL{V>?C0L1N|2859eY%2_`!cz`h9j z9pUjzx{t*0Bvp3BhO&hv#Ge#8yQ zM~WLTf=x=AEQ+#7jc7#l650^a!NV3Ir*%(rH{U#KXH7@!p45AzrAAIhRXd%N<7r2G zKTg+ykiMAple%v|#$L5|&;(e&;_jMbzp#7^##lqDwDpb0#P))BPA<8ga1yIqGoo z!{p;?X%EwRXX6i8OejlZfsrkXl>)BI(kE?xfMHqIwrQ=yx0jHerG+4Ud3e%E{b*CW zKd>R2!^*{WC>PJzQodm}#%XaTWQNkv$!O6Vs}Ue=P7V%T3ZUgzx7@o_zjI zGe%iR(&S}C`x z%K#D7);D=hxC&^50e^*)x^WBh=(h&EqX*I*48-=!s5RD1n*&YmiH8v0;?vuNcb_#o zd`r}__ih*n*VB2ylZm5{lbT^%D(;M^;yu;r=^!0}-Q&KQjgRgViCLaKPv7u=q2Cm( z`aotzqu+uk&c3vrnGte%%)=cG= z1iSmKfAf993(T6Z^)*KSBg5Bqq+u~o+XY>`Bgi5Pj=Ik^RK*4lF9$9lV?-M#v%-uP zH(vTs5@pHwG=@L^X&?6uJHa(s;LXNF`EoxRzB?j4#ASF&DrJz?ukG9O{u=OX4=nU6 zz?5=$wrq``Uo{7k3Pn~KTu-`8WmBL(dJrvMdNyfT&De-mW1z(xrP<)-;_2FTwD+a( zA)*iOrq{X6rRoK}ru|?+fA<&}LNQnq0h)cz2ru+=38C;>`N=$L3Cy2^bkrzxHoOhr z=-54Q$W!$H8v(bl1St zvy2fH6Mzl>k*Q(yi%*)NVFAx57G}W6GElTYPZD!g{#SqG9tEfFKAXSeU zu{c2mlP0G5$V2Xn3WBh$b9-z?^%!6A_z2p+A;75W1Ne3Ue|RUoG5NRF$}gKU>T6;lBi4_Gml0UF&(iU8~F_e7W*_$a3X+eE4tWq^V4;Bs>bI zlUUqVjxso=yM~55+nE^kzfQ})ZoG&V%^*Ijk}W+3HqF~i2lODi4Y}+OUaESnoa>aw z)jLSb@t$aV9^U`1Bht6sME!!i=h+$!kd@w?KYX*_Tf%24AlfE3(#vLrg}guh1p0^F z;*$lH&!IBcTvqfP0}L+D(OQQ|$>~u5-x5DeGtw>iiT`0;k)hCjk49ohR{S8VlRYjP zR`18qfFikg>QHr~tf)H>6^hjVG9$rWNc?qnWPG1RZwO}@@9*^QDZtY&qWyAJtP6>= z-*w>+?XKxl<=Hf0wo|4$Pqf(IMEl6e&h%$1%nxw?jtC+7pp?x>Pppr?-48|mOxKd) z?2%X~ma})FwmJ9Z8t=MVZmUmsnJT%cf3(~ZT;dtJ#Ubkb^AiQ0Q1Jd3hxfJaz8A&` zxYkEp5eK=sH@)azdCWAWgH#EVVMgmMvGjSvW8hfiKhMZp%ID0yZ~|cdEgVc9(4bEQ zK0rs$MBqKMAQI9&Nds(06WTK9_@#{sJ3havQ?5CrZ2T@L_=i&rk$&O~WirFO#>G#) z-lbq%M;_4(%N+!<38hZf3e6!?6R|MBvd4Ox#opL|cn_~Ep zY?k-?7PDba$h`t@%i#r!szJ=}v6+SVC3EJL%mwG4{iJaz{3W-#1Dbq~7+vD-74t1A z#aC1_PU3VZ`AhV8qH`r0RTh#w=3ySYQI8~P_xT6c_Xz$X5UyUc)DcdXH_^S302Q+d zXvQbk$NxBYxqpf!J-|vM*`{i#YRqEIu77~gwxWdcErKJ$Yi~79D%$fg1G5@alrC4m;Ai{O6%6gQ zIsWN=53fXLOgF_4>{cRvR015_%gsvrztAz_+r4yVgHe!tC*hME)HOfkYfQgfta+M! zG!CZ9iuaL;=c6y?bN-PnPyFd#_sQYsr;>8F!#>jU<_tEf4^W@nzpGI;`1Vn~NFlYu z>uj!Z_^%_&1xPv&Q4V+qk~6iCt|@d&YF7zyGDJx#Ff%@FK)vYx5y`&5lwKVE{}}K{ z20Q7%qbb?I&$J1@XJcwE)g>3%2OCE!I9B7HXn_aP*;4U~D-(4zGmer)!0Yi(9Zci& z-uuKAxkzanER+HaZ>f)ttZ zEWoaeU5ZPxIKD0+Q-!Vj@N@CW)03%px#F1|Xabn2cYrEr+Lq5Wl66M~oK}sv3V=$F zi#<={=R1(D5Sv~d%D#+Ly*iD~9idNeiE`k8j*g|CW-0C}~({mHKB z=z+gs$E`-K%~C8T<8s;QYiBF^JId94Hv+>Rc(%_xSm*EQ?w1%)YkDIiGh2aMVtFoG zvDsy(P=RkDU>McAY7qD%zaW6>SAh@-76dxzYA=fhtJXkIz+|997x^k~7VAbH?k>hj zXQrT*lTwp1z)b{gBKSWdOHUl(t3mXRc9qT5)7=_f*K5;Zu=%E4!1m@OoTKghy#B{7 z{745_mv*dvhZ_4JK1PhxUEaf#AxFphc!Qiq6<=<-xO*7jT*3G?-KE7sE5?{(e*KwK zH+Csw$H3w!sV+u6jOOj(f%E| zb@fV#g!-SjqvQ!q#?Jl;P8HkJpqBLNVL=S{C{)E^F_(K;XFj=Ll_ot^e)WcOcDits zV7^??io<%a+r^A7M~>MJ*pYq}GIqJOe|9))vi!24O|5$@Wr@QUXJ$f#{m~o)>Q#z! zH&%zq?=v$$eh-0@_a?cr&PIM}1nVfm*A5o63pr@5QZSj-=Q5>Azu51t9h_P){5yA$bvHceee#PM;Pz-yLD=g0e&-`KI-+P>{AF|A z{=%5E+56AnZm_8Qt#W$Rffd!v&~M-3A1~8ca8QYYavT8R+KBv$F%vKU0-jQi0BS5h zj~mCxHLNK2<}#O+=oPVpP0^)N!8{|r82RT%Z@T=;#`)bwu%VuPEF=&MG7t)_J5TM% z_K9|2=4gNv3|}OfZZ9pYn2zj9{H$jm#TBu)O(R2dB@;R3V8)9xV}6y%8OPfB;xTuf z)F@-2yt-{9d9t5q#rvV5)Uevt*kUeVO_RAYKGo#qMX2!4*P{75zh+Dt^p>S%K_{)E=lZry_L*?sU zdwJ37u2?CbJ?=Z3j_VzW(w=LlGqS~Mo)z6J9rlr&g~P&m#;(6O{~9w;81Yq7TZuIby`326EeGCOK>9<$ zCT{MQ4zcw4SmzG63JJ0mv^zEE81?JkePdTlVavqXjS{OgWgSgFv&e}u8)B2oZ_PU^ zm$p3(JvpxLs{D0gtoC+IUocC_4sRw2MRbaM9O>#gDw-V<$?A}^@7u=R z!&EBZIO=cCSRDca|Lsrp&Jr*;DsbQmVij#}`&O%m21dh3wCW!XgeN`!YA}4vm-4>L zxv;BERMJ{oGvsIh7_RwDmO_JE%^EKptgMg}j;w)VCGn5aswkGR3|SK2z5iAT9Opt>;j=_^bC8=NYC6Mmk%b4D zh)mUpY{-+9zvfkxu9bA#{HAq0wGkat%_0XXX0v4{=rm0nJ3e9j{uJJ@PJ+*7NE||OG1!GLex<>Cqcb%`~-VZ#&SEp(6@tOn!8SH&N2j+E~WsG_% z=E^}Td-Hz3E}C%o>qx4c4S{Rjm1UfjRktH8LVp6R7R;>SXbW*GfVZflw<+H3;{n;$ zA-R^T?R5R}vokQqbC&(6FhW~!yRcU0Dtp`p$x+}*neHQR+e$5Pcsg(*w`lCW;pyG` zV`Ebe-hrWqKF`xPH6KOq4zb#o!mDY+^fe@qRzW^k?Kc{}e@p=%$^sk>%-EvyBG^@Z z$*SQoiGc^wqK9_ucvQ!mpflDtC`VW&d!YY>T4;Q6v0hR5T{j5ScRZwCO;yv5U(L*U zAlbBaB(_bRBrdRJ%zRJM>7;N9r52ibQ(0_-n8Y-q6VSj?v-d}2HIoh^{U4onMz35( znz9ri(ZZ#Bq(xSWo;JtF&~L3L#3d;Rty6F5 z<9Xsn`ypfZ&c4Ae8+;&{7lX)YF_p->GI(-$-W;f2YTrblI_m(vE`0^sG=QN`xp-eK5}EP+8JCBKmKl*Q%2)T(Fb;b-kj&+H!LCon&vLe zN@E1Lrx3#MO6O!F-^`bI;N9NFOLeFbBnE?UbPQnyv!OY+=xe5!C0&iJug%*y}YS1CKCo!I%5#*AHXg06WwV)iyP`4#3f7#G zzCKW)CxjqHN=ca_05iq7u)&`^@(^*if>P@1o;pX#Wf3E(+QK*@Z@Go_Ao^3ysU&e) z>0jng!#3V!<}rU2Xyp*Mwp{9-9QHAAn|aDf>I1Gv=Cqi6(4XI*+&b#5{B>UlzJUPL zA0jjB`g+0_iJq<$k3j>?mdkrF{0im*%(L$Dmh*t}%SE{ae;C~dIk9BYX+JOpNahX@ zV@elPpvmht>s85a){ikYK~LWaPjFP?6Gmr^X2-c{=l-6XU+cG2En!BuQE?}EQe@it z7$|)FdwwDPi<*Iy%>Gx^U8G62@x^X5SI^_({3s@A>rcCG_?hO5btQ()#0&dhOm7ub=u3 zqE689A7j{nTMb!xC}`O~`3;scbG-c&}2AP+B3qRT`ZyMjxD&RI{ z1G(a>nFrli5H;|c(=f??4!zujSMgb}X&aG0st88`8obG7$9FXD|1ci$JOn_&1RNU~ z!p29giM~EaWY~jX=Tm;O6~!gQlb1@7Mi2mTWkukfURdP3`ZQy{);cLxkpHVHSPP^3 zdr<=p86CJ4xz?RtoPH|SA?c$%vvOSP2g8x&z38=|xKXQfjxTj5Ntw`|$X|y?#nb*~ z?bRMg<~y9v)$0FRHgdvk!IxFp7W{_8R|1W-ocJxcry-=XVo?dZt??2eHv^!_z03&r zuidvGcVBb4NWZboH3;YO{dJy}!&AZKz0KyU)or;SCi@Q3k0slMC(mWNgS%Z3a8De) zwH6pnMb4hS-o&2RXg;tJ*7CYPTCclvvWO1fs7P0ByVUR4jD3&yCE&_y>@-3=xk zS<<=}r1FS!kna`2ZP_w6{Rq@6)f)X&!0}PL;RXMYzB zTE4t=bh|z-;iiIQWHS_izYyYE;Df%Ael{n~S^Qr2unQGP4<0X;!*R|yGV*0dEFZSV zGhemB#t56Abjal(oto^wHZU8#jo?dwR>V<#aNN~tRWY|N_=4Mu^3p=w1#MWx!^iVt zB}!e9u@@^b;|dx*W5#FGQ5sq~q@7CK#NP;N4UVkF-Kg!(j})KJmzd9^voI zSO)SzYGB1Y{k-10rWlHgeEwUObBLj2}LK2Cq^D(9-Ly7>L`^zXqL%Q9+H zIbm|;m~XItnlT)9SGQsWW;`uPS(#zyx-THP&JgaKX%3IE_#gBqi*>VmPcp2O+rza; zF5)G>z>7T`4UFv8jFvNRbYeR6@}|3*RU?B=?Er}%nqEG#=auJ%gP+f@49}tC`VZtK zIe%_Y#a*X!KS1#hRy%p#U(Kwyq&Q#O8aj!58SNQ^Nynygk3360u0IEKVlWn;HfmyV z=WcQmsT#LjCRzqfOBj(8ayPBjesGC2uJ2A0h!=vQ-@r#%fC3OT}- zW5+KQ1OLZD*UQa{*2wn?jrot*jzXt&d@hJlMVqJ&K2#VQ_)a#P<=WSUgle&i=s-rp zP1iQ7(qbdGt*~oWb>~XE>&*@lG?*(Wt5c8n>-g1kU_KG_z@|;02UDkivc9M!!Q^K| z1gUHzeXUs1uzh0v(6NS8m3+`&AZhl%ih<+eOF{edmlBM;uRVnS@1-G?@Ur z*T=1$}OhlNvem!H#an;ahurymK< z|GCo~>wT!5oR{d#SAH{lxHNbu`G~dgbRmXwm#*({etKLD`_7>EvGQiy+p&KB0AOVn z{`F-E-c=xE-8%V?M1*=b0NJp|!W~h^5L{oRs94M<5m!LuKgi>*Xwsd&ujaI4qbybU zu8D}9e~Wl)+-eI}^hr}jQTdqWY-`sJk~R3Nw@Z@QM%0KBPI@7>{>A&=ZJLM?CCGGn zT-m9r^}IZD8MDs`1g3wmc_sIWx6xp>aX{?<>G2aLfxyVrPWSf9N1APfj2LdMI6eK@ zP#NY&Nt0R}&q*|ph#5L-yt#cec~0kAA(r>xkoxAL<5V=9`>ijs;e?T&hMby>WJ`2z z&c(}*+f~h(W_7h$E!DuGXTX;K;t0n>v-#yZp2FzWA$re8>u&~j=RAuxx{P8Xd*&6< z7gyH^)xc3K(bckhlYpRQdja(G0KRdC(4lkH7~_hO6x!Qf!TxXWFJ8ILL#x-tHQOWD$_TMxcg`3+bq z^(fZSD6En=Nb1Hb1Wp3y0ol5^XBs$$<@kzbPalyF*U9}-_9oGT>Qm05zO899!b;1xw#X*W2VC|z7@2n*=iAucR@&bw74a6Db@a&U`J6fURVKW(ZtR!r2B<_Au zJ5ba{*gTJSaRUTg@Wt(Tsd-Gh^N*J}zc$!=pmE6Q+hma1-FzII2`O62F2!BHp#DPu zZ0*Yz`k?eSguJ%I3}O=d{eZY zE8A4zj=h?5vd(mffhw{*f4j$8D0oTgqN8R7{~aUHlUuuI*GBcLWRH|km(T+hBNre^ z$82h>fi^yu%LZlh^&4mz=?$Lr4Mkk1cJi8DqN8$6!qspK-=+O4fibIJcfP#OpWK77 zpiH|=CLz8e&&clj>+|*Cr)+j%S5F%%pIsEHp+9!3C)3H|-i0?`o-`h2RIeE->5nsZ zQX1nIrh?_jz`8Y`spua8kOZYC**8#r?3gzeYO1|p1bkIYB{{MrR&eO>FJcVFlp~~o z&bQQLabgAuFFpnbZWM$)S3T4VO3YMYQg)f4aEl%7nyYstM!1yC>RVzL4fa z1JzUI+)rVe>JPh3?sR%hN5v?Ky%?)Ebvzu*jpEJ9g@Dez6E(v)XK~o}GQk|RZGJehmzO=b;Fk4-#`C+(2;>?r~J zvyD}b`;yxhX_VWpzI3i;7F@08TJz}JoY+zW6U(mR*q>qn!t4E+qEP?n78@~~{ugn>?VFl7Z`J)>Ox{3&Ih`cY z3)QiM-~QXYsX7^PHp!L~ApWrL>?ouBp8k&6wVl@t;A{{_RI4!U%dzgILyc_von-ZC zf~WTpghRf{H12xzEdD?HVLM0zIAu3zPbJWXrZN>2QL&8qW7XR8d4J@xu#iEbMTq`4 zu)CPL(IxrIaRXz<93#2bzRdv%2QAgc;RV~l$J32oROdmIbw8Xe>Y`6KPbF7entH2YX{%gpOm+#N+7%@b4%9u@P2t%AeQZV`@_ZUhmD z7;`NuuQq28_}AEW>qW|vgLQYM+~~|VaTwMR^Z#uL3(`mc2m1_Z81&}7+bd`$IDBxd z-AkVH3}xhyUJ5^s*`sImMtp)# zLi!fquOpA$2wuA`ACWhl(IRF=VRh8*1ke|sko-?WKN3q(z9g4{uO?6&NEf3FW&MKe$v>TwL$93OnmGdCQv?gaI6Iik();jW zHouQNXvvqG98wXRc@8Bx6hky_+Im#-j2lY!E&U_i^3$a=GnJK*<>wr{BXfN+f z$z-E`Sq&s-;1i?9crp+q_d(Y+9#z*&e7`%aX9Dvk-)Vg`aQRNgA}Y&p=_sm&xc%r3dlr+iS))mbB2qS>VBZ8iRzO|8L%N(Av@Y;Pg6p z1C+Zov=mBCp0m4{%6x2A zO_9((gmxX!C-DE_dBIhfIGE%Exi92TY}L>no!yIfp8CL6x0W>J=M&d9Ii>ibu8AGv z2N-4~o-?8Ec$0v@N6fKwlcpPLJnx6Ajh_u1Y32)op{bR>{j^mMkxhO7QOG8w8w~=I zYm81Om08LTuqE4@YlsQ|@(B&mQl=(<4fM1h{9c8OZli-6q3;9nHW$ro>m2KrrytY- z3YT4YYj7i~Jgqj+%?)=GQTOy-<&Jm@$i8orxp^e{$tQ9C(S0gw@Q@Z~wjB@7RpBR3 z#k+rcJk`E*G>b)i!c|)VpR2jw{v}{tA3q(YGIMw#tYk~>UtmMoqy}6kBT%C3@U10Q zxVcIl{k8Pg9h~C8s*EP4!yvOEgMn2g(;d%33?I)-r+b&?NuyCc^e#liyKNF^N*7bT*DVgf zK6i>=s6I5M7*2{*#BRx;yyWNpNWs}QFbE6}byJ^Fkb+~P5Yje=)7M9f z|6bPpEKbM-?$~{u17nrkp7t?~Z1~x|b#E9fh0)C50*Kdzb z`o69atAM0)DdI~}lY*$Aq=m51nc{{BocCj=!!6OFBvk@+2Hc^4!JC-BegCw|KuEr1 zdB>z);+*zZ_IGxeche1}-R+gj%FR3##7yYBvz(2Y+>}a<>~~Qy9#hw5j}#4tr_89HS?upfM91P*Ec=c`1UJJVd@lE-7seV8tf@ zQ2YvNj*iX<6{)vUdOA>VL3Svxt`cW?O8YYOBY`_++0y;U@x&u&u=DXu+ug_KY(0ud zvOdt`J;tbuV2B6OAKMi54o$Xrh>po0@CtNgYtNXjisn0M|%l^x3# zLC!f)$~^#|Rm#FnshDL1SUbO1>0Va>osoyj$U)U{#KZ7A6eH{3$c@#N4KDYv^CaTZoUR#NI7HGj zAz10&vcPr*T6LUOfJO(cV8%v&ncfy~cWZ)@Swps;_a&37AL-Y~la1r94b8F_mT+Q| z>{Nqp9>`M1DHV{b?0{~N9@prp8Vbt!*6 z8kP1I+7fh9r3bXs&1j=mDvug!8tUAy!>6V%WHkRj3m=K8zgU?5#lk-`$&&mNJ%QN? ztulf?6^z=tZL}UPBdvQ?kHrWL>5kAY=6qaZ3xf!qZNJSyKK`|fFO79ikpI_McZv{n4jc-OJd#yh^7dvrF(Cb?fT+3Hjn|%l8EkMR5=@plROD3wIw0~cGV(-Y33JIBfNIOW|qHfN70rJ%Ce{B^D)7x{(f5GpU}w^_`8N&Bh7=nOt@lH{qtGpa7;ev z;*D;aVBs+{?R`wae#w_YQNswTHkIQ`f@Bb(H`>K)lU9pN0t=}>-viq^mD}x4_I*09 z>2RM2$5T@OkfNs&Ta%)bjajnlJ0)8QZ)Xa2Y+Rvp>J8jA*#$o1*PqyLpnow2>nT~` z*YX1TPxjq9F%IDZE{j02bj-uwY$Jac=Jqwfp;=8@c5jrX@WkiAtqF9GU}8{N|I$L6 z8Tu|A_@@`3O^=ciNe|HX3O#`#k(TQ01d%6TCx8S{9XUt4xcfUe_+a|Uzly_*o~>e)rxsnqd@6q(lnh=l_{T8?YaJeb4_;G zB)}e{?C7+a$+=JVUzWp;18_(R&soEcuFZy?R0qa^8zf} zl3l|^Un46u#S3L-PiKv{iPTScO{uN@g4vt!C$VEwxtOZlCPRlB3=GQ3{^_JSQ-~w$Lf|+9 z_TPPkaE_!j-~n0!>4hH?cPjceT0(xDqqx2YexXE$blx{5hi`*X{bft$+PN;9uX`Na zQaDtK)ri57r;W4I>^Cw%)3;AWPlc8&^kRk~$BBIly=q@JA)`r4Vit9Zxt?k>vTq@Q z3F${5Qr6FzdpagQfWi)k6tjqGFvqY0B&AWMiw3u=tH{56NFP$nND(Ji5>14XMqPtK zR7{E~L}VvRB~Vo5lYdcIILmi^)pulu|KDJ&Op&Ommv|wFs&Ky>cvx7}xiVAbZ}zSp zb+MZHTv#W(DH@NkbGu|0MJL7-IE)QfJOO$AK`3kfx#vb<#@FidBQjz`9_)a_*30!{?faX+q3KK({%nR^5XoqN`}SchtsqADd{tH_srm%1D~V6>2qJ`)D?f`{UIMB zWu_SQl2T7mL|4&BN)S!C)z@R^N8I}l0nfx^^V7$Dxu3l4Krfgf<}swNI5-)D=EQ zj|a|@UwG+W7K*M_Q-`T*rC38@aQ){xrD(D7IsyGJ8OLf%VpDI+2aRmxeyVj$k&?dW z83)L*q+PS7gF|I3t3eY8FGjt&vu7_nUa#)i84=vJ-9JI5mu8eds^;%_LBI!6)5F|m zhl2Hs2YC~q6B6~xhT+MH%J<)3l1~Afj2p;?)l>>HPDy;(9sK?CULi!B7%o|>JVK`2 z$e}#Wk2kka0!+wiD4U=G%@^((;X1(%2Hi8*vS`C!+-%14RLnIzn~~Q?J42K;rC9nn znuQEZ49ZGwwLGQGnQP({?E#CAvVuarA6a|W??2Ty9csqyQ_ZvgG^kOXc7?3-SqL5)Kq zH2)Emqzv5(7tR{;JpzcW_ydG={lR^K4c1}&L)ZYUy%7)Py}|R?Ba4#2p~@_ASO-gT zigklN!Wmz}**67$AzR}!@7a^%o1BToCcw%il3%|nrWn)sNzZZDSA*w zid*m3eP0x1SXn=@YO>a4SgAE=XX3sw$i;{VKlg%!xsLaxU?hd9QirKSd31* zI&AT|LIrJ4w6r`h6S6kB0&D$*c=gk>Lg{a&3vnRg0-jbc zF8Nkwy#qk*xq8UalXPuXU?!J5Rl);79^H9GWch6BQ>#v}mE&+F`n=pjH*=)&S(?bZ z&bs=f{4b4suxg#;6Q=E**YQy?!qoXx_RPnc(}y3*YE8Dt%js&vzC~80g`v6QW79s} zZpK}ZkY2$)N1v?N9AV~JaEyi+!CxPGF$`V6r@G3^W@Kv^7<)-aDd4Qv&3$wC)f_s&UH0 zQWBU4ek%HM&?y~|_-~^&*od?n&l3Nsl!{r4Cj$%S$CSEQ$$H;gV@`Px^1XuN3v}<) zORp+HB2U)8y_q2aYSpi6abJ;S!xU>LJ~@)U!mfpsMg~~UsN{|e ztl#W&a>prHuW9QD(ohpO!rU0PKs3CPTBt!)mQ0_DwlOC{jX!j-Cd!}fqI0g+Or?%>&JiXWMHkr7G>S0kVRxiT9$i9j0nVNHWf@vtvXC=T!9peXKkFwcOHwPnuIG zOOJIbb|smE)9I1%Ij%>H6fInchduRAU{<(Bm;9JsD?Ck9=+-L8I$~&vD45>pTR_4MH13LJV)@PaB!08B}pA_a;dl%`B8JGH_SL16i* z`6i3t_T(_9spuCMLHKq}g^$m#6E)pNjYO#_*F&l=>rIOc!Jv7s>OwtDcuV4?(uOX@ z*W6Y69#PtSz=#GiiFSw-o<<(_uOZ`!YLUcXb&QBUHKf2$GaJhn_@Mm%c$6aW|CqW8 zs5p|Y8%Riy1cH-b!QI{6-ED9P?!l!KTm!+~U4y$@aCf&Mxa%PQ?C!VO{~XS#?m5L& z&wKCQy05zX6^SNw^K04wHD9g4AMss-SMf$iVA~4MQp@U-;VSgC!P%b;6G;abQ5kpT zA2QH9T8y}8JCYw?Pbp{~(0M2FJihun+v@JTjER>G6!~2cdlBA?=1RTIs9a9;+4K-S zxo7!?58O{M9@Ke>{>KM6qc<%qPr1;Y?JIXqwM(r&D46>%IJtG6urC?c&ln!ZH{rf( z^SZgQ1MZi~mf@qqZZ3FYAo&d2^gV7c<9NG}i87$L%P; zae}H?fN2UVdl}RsFu;Q@{@_^e*92z-A1u6K2YZ;^oINV^sweC92v_h|!D%gs9U^i5 zRO?MjBs2E-hWc@IJ$K<3Gbg730159drF>B$$SXtd3+L95Xv}bZO(KnP!B)k&FN_}D z1&TG$zm%YlJ2FnIuCybux>be2g}B0 z7Cb?VBT-HB;< zUoo4Q9ewas*0{8S{mS(|%Q&|pR4)Ip6p6OfV4!)hsg;6EiYbHfozI7w*B4_IYOh`&e36pD<16<-k>V$s!`TUE28h<(8eE$;}}s5Qv? z_3mvq($h>Vyk1w%$m6z#$kz|O2^VQXVc5E*ck13afcT}=YOGd|gMWKd^eD`mo_6TC z>tA0$qljWv0|C#;s)z7w!)llRS98cDHPsaDCpER(m6i8eXl6#o=>1v)=7Ur<(Jz&) zuxv~x9K-6^tuB7Ok09yBoM&snqGfKFuyX74N$BOQ!r^M?QSpg>tCLW9)G|oJ5>AjT zVM6&Hz!w}oLO4PFjy#%~k|#DK+k$4J@A0H)}zbiho?(=HPj=L6l;~PF63w5;$~?DF{`bO9q0R zo>u1S!QeBB1&td^l~%9DCC#ITr3?i_T>H!9BHgmpK1S`KYp#w zztK2;_tClA;iA7g3ZzY-zBCZ0PQuFtOw#u7Y{uwH?ZTtL#`=NrHiZ1oOCM>vo}qsV zp{Kv**y$}mCT+vzU^4$n)$r94PV%gbKwblj4?TT7^iXiXqoB3@4;+!F3!Gj0Fc-a6 zoy0A;yFeJWm){On9MTL=-Aa|iY`6LvqiIWLiuY#-!}(=ccC<^u z*F%P<@7CzBX7_WGxjUI$uGpVmc+G~hSiXV*Ykd@plL#61r*uj)_3srE@|{F^pfqMi zC0>_`f~hm7`Cpv6PZBzHJgIRSl*Z4rwg50X-VP(>qA4(qXf%ZkQW#IhIunmST_)Ij zvt&A|4l;QsjAI|$ryo`GOai;N$0V)}u&Mj|uYY0NU78zKVyL%6uI5wfsYK^K`IJfu;VIF5tf6_v1mP_`l$k!KU3NSa0%audrYz621; zx?_L-M3#!b7eXE9q_x_T+ROT!LnQPsoSj6zhv+<0_t2>$*-C1Fv1o3^o26OXF1^OLzyjN?YOKTEKT+d=$th|tP!`QIXneMPVY7N5T{lJHuNT34FFBPU+c}+OLcX9B4{QVtQCF@D8P_Yzi*`XXnsXi_# z_ls@k^8=3yH@i0qC4`S{Gj^)>*lJl@Bh4F$GPHKo=qHk(($By6gFO)rr8zF8t(M1A=@(5mT@{S;Gy zrwU%K?KUPxkH?D?jW9In-H>lqCHTC&OZ!gqb6AIHkE|P6`*71_^V!g-fh-E^-e>jB z!CU_V9$9H}Xi3zL)cnP1iL}&0ibzpX8JYAD`KPU~YvI^m)h=h3jVvzD8PAWm zBU%T~_(B#jIeHNHUt+eWZC@YQqu>5g^&tD4nYm_nT_B*!-NZjuz>8D|)#nLDgS&ZI8}~o(wsQ47K9sEcXwo%s=zbF@UDt_wQzvr( z$xW}vEZ=Y9Gc4oRfR>%;`a)oF9Hv8GA0&&cWn zB(v;<5WQbfU3w`1!vc?q_5>dO_q^m{$*=t-ULCLE$Xm1Wa>16hD!zm^AzPB8{1EC#4d->w>yWW{+hoH{ z1kUlU5W|sr&QnrO^{rc`fjiWn>vIm=6Q{)kavIC(=`I* z8<#03V51t;HJ`QP0Rx3lmlZQbSuW=euL=Q?+5vB~@ORNh=9a-fhthrt)Q-IhXlpU+sGyZI+MNBreny<(kSd z9XCksJv>Afs7}NhpqQWZ=4isY1p)K_U355Zcu3khbq}&Sk|n6-LzF|MZ+neyMZKMi zV~~DLj?J~@hXQ5Y^p+6Zt9i7u`5IJ}NW*vjJpJncEc~0l>5(tLgxy`%>e)Znd-LSh zFno>vNpAJ@i#4!@2k3fTY^6M3)mq&DyovS~!}%GEDuseN$SfaP2p^&!Wbt7(%RgwC ziRh=GNai06EsG-}(y5k7REot*-XJUjC6%TKdFTrWO=gQ2Hq|@*^pNJm{9fQjaX!4> z8*A(ta@~I;`0A&ikfsx@fwesh<|}p!s40j#gyG<@s3`>tKaDJ+HV#Rde+W5qQ1i?U z)kIT|lf`*G`nV&SsOt7Ri0FTp?4 zL47!C#yWK{iaOFUmPXGTn%f+lFO+Z9kYzbC?&^jZ&fQtQxlfzMMtGQVsNgM>VEQGB zRG$P^GC$UoCpbzgcYUy`AN9bG+5C< z$R8Go7~@m0qN*rUiMe!P!mR%}=_f5o)7g#&1EGC2(|6m5Z)tbEOkedm;^$Fw+IUV4;(HXdwLM{S%1`$AcFNXqdxpV%Q!S zotC$Usr?7`fz^sUFv4JvyG~E)m*(Q+R(aA3X)n0m8=im^41{-I^)_gwPM3ttB*E(Q{kK%sUGh8FdWoWU7O8$C|HW+7w zc-`8?AS?Di?A%09<*if4qCv64uOW><*RWCvM4#Mk8WKgu|Dq}ei4riV*f3l{EA9=Q zAeTN}r`g{+sQ6&`U7u_Gip08w2Us!*8NNpT4crCj2a;CLknk7Dx+UjBMELDK3#N~J zff`Kl>SWL&H-@t2%KoHb)&93i8x%^4_M=%+0dN(te`uaqp0lr{s{~kA)1))+5lVp( z!z;}^K4~uME_xHYuqpQx1~0rBguliX^ezQ2ilskvFDJhe)+!J#3!Wjfu!9`R9c-Gv zi{(0nt@1}bi}`#?`T0e*MRmWd@_q_v@#<3Wv#BEr)-`T{htkJB8qZPsa2si zuqD%=MgV9iD^P3}?#_==#CYE3n`+O26$fo^(K+-Nz1LLt;X5oSz*}Y93W$U^$aD>8 zv+^l(^c``355HiA1){21mnQP1xeL!X?2(S1`1DCtkH6Dx|3?>!FvFFWsP{Ufg?VS( zf1_7KIOLsDH~i%RHVqI0O(D=+riDzxgjlQqk*)|WdN)PinU8Y_t#?RYhI4(2e*piq z1$N5O64IFqWZmV{X@OiDw;x%0tI|XkARS~NXP4lcVp;3aZPUjU4R4z_r6$_Bq>vog z!M=}d{jo>-@q@tqeh+T^n>%^ebJjAibi5U|AY%>`^KFZzmlbY}s9Qj13O`w|;arA^ zez4)5ZMB(*?k3msZ#0#X05Rvc*~?XaAf<;QE}!*M4@Ns`{;r^bvj;qJ@vjUzF zQSW8KD_ctuS(G)xLl>-~-;2MLre2GTVWsvuT*U+h(u(t$J0{A-mcrB_)YFF z!d#<$t7dLkDD0mlE&8V49W91(6j4|!8WoEyRkfv=%;VaV?bGk1 z+SF>20Bn1;f6^UVBn?dMhT``d#i7B)kg1RsL0!(U0Ma2}|63{)H?>8!)t`d7F5F4sNjnp*;8CT}1PCL_hS0i~b$TE8EZ4<$9yqHKM+H@@#vjjSJ z&M=Jsm^i)ag-RA&A|k4RG(!_wqqe9y4pSHN$M^0U76U2@^jI)|b@(Gm8VmY5RNXKQ z5KG{0Vrduyu&nQN0gj*OSX^dy2Fx&`?(^aF2m-d-`Bt82`YRFIuas7&TxgPpKb~1R z&3pY=a)0Cw!IK)*l;{Y=3PtorvLADS5rg|%u+i5jsu~(O5D8=K?PwAwNc$u0DBJv^ zMvE8fjbV(XA^VC%CyM$f3Xi*(lrZ!HD7!50fR3A)e4Xc)px@FMhH%YRvh}Tz#b5(z z&}Hnf_tcvaFMrmq*)-i3Z~pP?4_f=E*{32#-&+#sV^n0^e3qx@G)b_Bawd8MTZNmX zJ3f-;X>tCTm}CxEJxnyxSUnvx@mT>z|M4EaKz?FZiJ~mj*ju_($4B6D5M;P?{AKOo4%WRhl`v@d^cI z)bD^Gz#Qm(4>IkwuT?!C=98HO zXe{Ncs6*l7=5VWi=8|4iN8gDl-i;^mTEayB2P4mjP7)8yQ}`0N`UDy`e@tG&x7;B` zv`b72wf6u4voF17Z$L^h_;V$&7Oa1)+5BUP$o0(zBmd(HAGXtW8}B-MF5Af)b;Aas zN>9aRgHYk$k@!cZR<4IxKN1?>5w2`@esPzJq^GIM);(>~w*jMt_-INd3axf`)-zL( zSlOAxbDote=!!c$a-x3qZ&4yddfw6-UJGLSbY z2ke$tf~^-r0L%#)J#$(xx*%^=Zg$t|dtRhW>=%;%Kv@dut0>(IG_e=CjB&~dT_kZVRd&A2@K(!ywltET&=LKQtcbv(4blEd z8fqYAx_##m7oQtG6s{=nT{4+Tev@>&R%5O#{wwSs~|n_@?}}iKRAET2qD2w)utH-x|uSUP}=mvlNP>^reoA z4GJL)%)Op!kZJto78hbzpzkk)?}P%ft;&@C?c#D|peJD;)h`?Qr4y z+A_yToi`t_+VP{H$8?p)`wK|55;FYUpwU0HQ<6pcr0h9UW5;o1C*b=vd6z^y`^mJ?3X5`gLDWvWi-cwPO%Dd!kgv-~^~ zsV=T#+mDTtPdoPbb4Pc!bNf-Q_?bl8eA=M?Oj4?}o_LX-W3`(>DCrcEp`$7T!HVo` zC69~j3~`q!Ae2`OHYBP@<@+75r{sb{Kepiz$Lis*h}k8uauy)sNO1nvdy)O^ubjhay!Pu~A1XoXB(z2c`KY3=p={42ILJY()$Xobi>w(0KojChZ#wo!`g77YqJzBMz*pKHi6^%hU$~7^o=dtx#ZJf zFPT165N{TUq0Xp9i(%HVe*XWmAthpu!2|Oi3Ced#G>=eI-nf%MMkd}NJnl6ge|a#u zI}mEFIN3-7Wt1yqJAqmn9?#F_@p=j`0rBBkf%3IA+Evygd6)JF%{JI`H91_43xY{| zTtr70^w)oD8E`eDp*Bl03Q<`VcZj+2J!zH{S;ZNuHz<`k`ZhLDN$E}tuFPLclI9O2 zhrK2eYeLI~wGC@C!6GRzNhma&+nIOrBkTMGNxZ!L3tltYKI_fEhy{gsZM}eZ0dm^O zM=s%G1-ymT&SrO!eDUs&7EIb-V4VJ*>dVEa)KbFp*3CUOTXQC^=0&?dZ{#GSJ(Vq_yF4)9o~7To3b127-?UecoHc__ zSHR;0YlX{7*-yu_ix3f#i>=^ARYG3e9hU*)>FPo8aOa^M9PARqTGV}EugHp!gn9yQW zXE}-!&dy??lEV{;+(DW#M5QZ+GjB`vH^|OUGWpmeg%j~SLb21OJuXDj1P4ij=mcm! z9<;UVB$XG6XRQGCeL=z*=HP1o)LN^@coUMaVg>B+`~+bGdl~q+xNL; zv{RyVnTIk?@6z1u>j6^g)n8kuhc49J((Q>xw{PGfKFFTODzq+)J!bv>xQ0ORzvxgoqEjg3kf=x zJX#v~<1HMyJ5m*9H*;XwiuG^o!)>~=?Cmm*dpLbDib#F85jvQ5dl6}kT2H{{W6`w2 zmLorAyG|o{(3pF|x4q_=q-Xj3UUNI??ulE+r*yq$E`A$z205*v>%jPh-&yex+%4ll zGUd3!R=V>1YtS8B`Hrh*Izh=(E1|f6hFGQ7+Q@Qm4g&eZlRf_o7weUrdYk!at6W-i zaZn2Mh4zb_n2SfhkaG>TQ(54?BMU=Tt~vQ;$1{1*_02_XN%-tq1lRqE#-p+4^L7br z1{iYILD}3u#3Ij_AjUr2hWoSmx2GRGlOU5@f7|fAyQ5T7Qxw zt_5Re6Rcg|!5witlot{LB;)R!Ou1$2AFrkeoQz1}vrxA`+;-<8I+7OEF=cV*BkT4uv@_KUl~q8U3*Bf zFA9}#)oqHqFiu7zPxc2Ixzaf(2lwxWweA!d>hAXJTPsjHvm-6p)bkQ$!P9w9^Vj&| zfpNrp2E=o6T(qq1YkHsMm!pQM5>4bCbeIbaqPYT00P+S36{YYkk1;kWRi)8$>Wace zC;Z5pjXHR;MJG(zd}0%tK-0H6%?tLvOG%-dVo9MDsq5)h_vE)wJIdORk>&SZP0b~4 zJ@kL~X%~2!m=2^%<$^7lt$vUt;BTgY43?S>Z7hWm5IlyQVnG9cr=gEZ^f(o0kg}&j#YPSl$ zU}N2C{w0N4RIU#A?SrIi*`m<5i;QlaLk(&3AKTR*v4l8C111&lZ=;u@g_mS_yb)pm z4C#f7NV!eWZ{C&UFG)2ZlHTS|Y`E*qXX=P5IR=DT@9fE`F#a%^%wewLS$6KY#y#2? zn|Iqb6vtj6yJ#w&M`vr>BDawb&vO#bDYFuGW3`wZ+l!Nt__sAnjy8Xd^)bduCdt@a zwI?L_f^**T!y75;m``hfB&sM+-b^yLFIY8c4IIJ^Eu12xR3dA+N zb=R4-_q0eDGEW*ZRRqIh_7>4^m&3a#<@%b`Bl)o|hQDl#=t`5GVwH&dK^DXI_FuPs z`QS49(@Sagltwp@A!criSIo4a%u6G5?6+-!x^lEr$NX20OPjuv`pfUy>g8^7zid%%)7C>sXwE`RiU|} z7PF(eVrdtB113LscN5e2jOrlZPm{+Z5iEDDr{Dx$=Xn)AoJSJR3$$!#XU_xe^TVa zGSXihm_ov58yz=c@=89wJrXxBZy>b%9J!?8ERFrIik;#8n_Gsicl1Hv9y}=z@ zWCFT3`Kr6uip^K|{&{iSHGGFl$&DjsGam#aueA1{J3tG}-mT~tANS-h2Rn?ckjd_J zoD)!Ef1A#PKHjH0^)3lmjvm;KuQzp+A&=2vPFkLf8L&~tbzLGw$#y`EE4RRXlR~K` zgk#&KDT*6&_Y#C2Gw|+@!{uDa>mLx4mfNiEK~qOb%d0YY%{yv4sp4xu zcKdx!YPJ3sS7%G?aPK_}pJen#{Ke%+J=*-4)Kh#yfpW&PF>k#l7iw z?MHWRt1fKIaj27@?qS^{;Kx|6bj5-3x8a=YqDzsbz#h3F63HChqgUqdAG%| zCwUs~yw5qDYBc_jop^bSF$H=NiS8--1S21}Q}lt`tEFQ>u~vCXp9+=7VyU;F@AaW2 ztv*&rjB0Vp2cNzA@RLVhg9(6JL6Fp%^LlShYJGDz?s{p#z z>v9&Jez1oie_Szq=fs$8PSCeA)tX+oJo$q2-BbLs(LwhwZTr?sfM& zB+Z`vN^GVTud?^k<6b4G&&G;OihrO~j6UcBZZM03f^P^nI-M-$lGaYfBVKm0`jV8r z{)#}(d7urL-}wzWkx*|OvU)stEWfM1gzOefk<4XUkEfM-Ao8v}AGtj$7#Cga>0BT{ z9?Yq?Qtso2Wri5|@4+ZL3}g>LjzA0H%ro}$hL$Ibewp-|B!(f?slTir?{q#xD3yCH zdb5F!Kk;&Iz#;-n3wg}upYXj*b_uNq9uTQkq4C=SK7zI~(-8_~d1|#U=Y}Vc_#jLr zu=FdHPab={4^WB_XmQrrcAEbQm0-F{uncMKu?&0iWBPFVwaCK%})joxqBjct; zf;cdV>mufoT`2G_aqs!mgkHs_@k6V#H#MK4-qY2+;k2dPQsWPjyD|_Be|?1~wf+~* zIG+K@v8hHxv5b9T;(VE9?>nmN_QO&%U&)SEJ`0`Is2aMYT$_-p@@GFofve#?9o`QM z*B! zWXUtcSQm49j?jm#nX~uF;5uV1iBhU|z@+Xt#Kj8Kb)~xlr1OIl*o!Caz;=;$yV69h z>}|tqr8@PGt+7E*OE%Z3vIB><6~)}8w*9vEiv$9RCa+aeMsnFw8T4hvCid3~*5Z%1 znA(B0%Qv@UF9kq}DrF1%`dh=xO;0*!G4J~Ri+(Rvt95XM^Tbnk>z-PWx%|)sl0M$T&>S}%ULL~mI~0@{Sqk1 z;Ip9QulW^hz8hS#?*bt)uHp_j0;(nG<0PDwrg@e_D4OZ zPmKyB=o39JLoKu0!Ut_buVKWIk)1s5Cis+1Z~*3db5iXO_d#|CT?z#gk5dVbx5ezOcOq#NdVqfPEbSfR{T1V4 ztR0iF5mwmeLU}Np7+2r()%2ZljPa`I=HL%rJAw@Uj02p_yN#%Nxcz+|4+X~tS`lZ3 zuo#Exo4X=CeU4u0l%rv*+Oc`F+?~jTZt&hXo!}AKmq*pYcA33-X;*G0p1hs1n+5%= z#;@Gu^JL=hMdAbLp8*|QZ~biJm@3Gf{USg9fE6TTsQNxl4b9Hec)SAg`Tg|)$M*UZ zRI^zXd+?cF7R|;6wB6}5y~Kd0|7~_MM_U7Jvqt~9wp`+%GI zi7^QOQomn8T9pEMVTC<&r>or9)UjIqw$I`n{RSP4CeWvQ6rF;vzSWWP#=vR1lIG35 zJ*~H;=ka6@?rOB^Zu4IITnep;-_870dy#Rp99Q!FcZlS!>E) z!hUgq{qQxjT7x4sJu^c(t+nasQWPrKs_l}jP!*tR)@@E5 zQl->Omu9x!)by{`y+6YZtvGO-*dUkw_W)u6h1c9=W9^cHf*ZqxzknWdd&B18qvaYc z<(jif<>2!3;|3!qSQo%6r2E}$hA!&HNqA73t3|A?G3=_abZwh#r$R5aw|C!CAxfCU5;fLOVrAK;PhML})2j!bQdE!-mU4Wh( zS?694-MQ6kG|~)>jLO?Q&H-dSLg-#i%j7WBV-1_e>1z*1aCJX?|^Qk zzvzDMCgVEM(iJRZDl7GH; zT{K-Lhf(!KFeAm>{O*W9Tz2~#y-V;7i(O-##FYFeH;?@1Rqh(81cCYe>!uarhQ4Z= z=@smw6AiIBwx+T6R0cUU^BedU4!r^`-ejxY=JOL^hF|S_>e>?0N(t_F2}-b= zf76khztKO3=XjCkk%F(tF&jZmd&)nKWl%KL#KY@(VnW`g5<2n1{+lZNemLAh-KW8e zJcZ8U54HjX8_lnFAClcPYs+S2zij3-jcc}cEj1#x54Y5R-O8q?`s}?}yAa03#Vrl! zg^ta@1Z>Q<4Z-N56y(!IIZ$Ve^^d9XJ53Q??|d`EczK!h)rp=1&rWgp?6vdK+3Vha z4tID~$MFo|Wv?BhFq%2%gB|cx)jn*ACT*LpgA%vi{R<+IT_Zv}Mg0vozmsJCT}Q~- z>oqdHhN|Lhsn>Jo{T+Y@^$9ZJSU$EX@Y7r~rl91cnyt7p_3e)J7nkzi$m%}s-=yJi zc@gnnCPIRIQ?@x$Wxv+f9L}dua5*sxF;Sq$?wSaD-hX05a1lZab%aAb>F<=skQQt1 z*`E6*H45$hZ@kMpLQH(`5h>82;VyT+q(FX4--!j?Sw0_=g-s53cc0vcy6wU2>5CVh zxACG3sH7f$|07?2{)#SiukE?q{-n$AX#*G>-=cL_k~g*Y13wdl&~U;#3ZC)6#DpqbZ= zyr?$x0ZzuqJ@m~OCWc~Edpue%%eqbCW)D;>pAL#ZHTX%%)2kU|-(%P8AB36u8K!Oe z88Dn4gc16*JdjCiLi)Z9;Jl3{#e0)ND(_c}kVVzmAjGzd>GTQaPh`*@y+nXUhU8z7 zL2D-vwcgxw*ko7NGR*I$6!+*!2_zqe=VMx6??FKuX>+VY*6Gq&P)*Zp0e&{{M6W1E zV}-xlzUoh+>jj*TOahgQ+QO9Fv2!-87U#!mkYhO5+*VUwV@SmGIq-d{XiL6qyl1_? zYhy$Pd#4qMh^Xp*Dk=V`vy#H59H&s)_A6*&*lS$`{d_^a^C5fWlXd78pn*W1(7*2i zzJxRm_!Nb{j2jxO6P3tu$~bzRnP)VoQ|o?WcrY@Pk7(=c zIpcS#%>SDH%A8}@GI9j7IM2x&iTr4N!>gFte4jh*ZpYY%YZhhv-cRXF=j4RIa|`#o zKP6Z)xamkT*yx`_;2aMjL>1>C;=3;+o`jHcIRbQ-)i47*tg7)4s)`6-{ox<)|EOh- zx=4TMbU@kzos2o!9wmcs(8f?^_|qg2?fJ%B)KhUA^q&W!Y~qaOKs(;fiU;P-nz$x) zaokr%buUoJU%1#N1QW^*-Eud!IOmUStS)|IHv_l^IZ#54mbAb}JS7*z2~K-hB`@*7 z#1RS2z@kr8N_!F>d4t{UH9G!&AUb|1*F=^rO?O422w^DKWfpG`KN@C0GwWn0JF8XW zk^C!eTG6O&rR0KUVtJLQrc!9PKQKHoB)o^ha6AYK!xINc7Rnmg?evZ}Km}j2TYV&- z?9E0KFaNPtUFyvh^Z^#+^EtfpRCl{H0a#^*@M7nstU)2GHlZ^&F8wl=qLD|90rN}n zfuH5dDoFQw*u%NjeQx)4g7%%4g(c0-QPOkENM#|O_S|SC-%HrkAN?k&EKM7DaF6rf zSelOT#5^quSd2!M6t5qk_4j#dLoUlf9X-OV6e~F+{FH;wa_n1a-_aHO^_g}lKmEIm zIQolUBCD;73vrFjd-V6U6GpmBOWV02T|4^-ffgMf^@!qVSF!b0^(ddcSj=8f0GrpTukE-SRsTa;*!o*oJXU8%<^fZ0~dQDz6Aj1}u;eN_IdCpzMTVUpm z%D3(1qu*L{AL>ll!fK4&d!6F0w8Q9B%7Hn8B6DJ=Icimx^4?}H56{e(>X8GDHeVeX zM{VuD)-|O?=7HHPC${a#HZs<$hFBa0!0kj5uHBum_eC!yg5+O6yy^DYPnrt5qrRc= zKp$v;-?pXj159YU1a}?ofTGo*74o&-kJBP5vOc{3W&s^x7CZuaK){3B8XKS9Ayk1} z8?EvrKGQ*ry_Fvqdc5ZF4_Ry9MD|{-{L~C`cct%#bU)2z@$292e(&JvVlD^;!6o_iJox84QsMc{2xg{rmD zFE)uSf|5^~Q^JsqBBoa>&dmBfN1BhXB{~_sMbHEuRrfWoY@{BJ@^stkP3hNUl1SdU zP;4Hl+xQVL7b*9E-J|-2;S8g5@5Cd;TBdB*N|H!@{vh_GHs{;YSro4hACQZEy@-7@4Gn) zoa84U7Wdu77}xY;=cc7%x%d4k#FE*(Z_g!_Ozvo5mz3flu*p@}f?D%f1rS7i4@x73GyT<)abc}{{vf60y~+_Y zbm#F-J)yh5y9f__UvvBm&y|jBuHHops5Yt$Ggb{SJ_vSnQqQMXSjv}IHOv68QpkH& z)oWJqi@iB6&L5#Q26dSo8*bG1>xy-+8(S(iRWTC}Q4o`G0XufwgU#ufi=F$Ssmgm_ zVCG_t{_1jE?JI2dpw*X$!*(Jh5R2COeI2d+h{-oAawL#vRY!dO0u7iom_eHcChZD1#j(p?c!&T-yg!+PCZ%Ya3%@07u^DgrvI@}dpx0=(gsRL>(`;>ri?;`T=Dn%t=wwZQ;=TdFO zxV2Ri^~6I4;){J&+GGZo@|9I4VA$&MA|fO?h2Jh~kc*{BFd}VQzdyy7{Wxh; zViPA1%a&Fx8Ep|r%t&*0XlqQ5RJeXqJ5_zZlg8ov_1M_9N-8-st$KjmgSw@W=UW?* zw?4}r;l_@8Y%wwwe2teL^)mj{lO2EwIb6uJg1``S07D`~>VOuqy^6T~F` zS&~V0cQLAaLJV1e{<_brM^s~~PL+?Ubd_f90i_eci#h}GVU?NhXrs843iNuD2Po7+gyBMGjrb1sNa;nLwM(1Jr^*0 zYA5e7%aO}zMc%8m7Qb1Vgkg3hW&HH96vJ2dT3Iq^&eWIsjIHK()cxatqVB${7RuES`V{R7`oQWcGAkGp4Lp#Q?QcdfTLf${jHdl@`<^6Bkk?1@M^5>Z)V$HR)Ma6>0#a1 zF>|F!EuW7DtX6HmR5GokT!6&MQ?y>?^D8SNMm5D*?&Wko7@sHqSz5Rl8?~AR^oc4K zT;)z4n)xahJP|wx7~L?Qd#&pq^xG3Jf3znGNCuasevu2my780RGXG9m$?`sLbX4Cy z!|nBI)G*SCIrLulm>_vlz3J$O-%?<@KBH=?Y=@}iApNSf9iie_MCpj=!!AW?x{d+Z z5z>o4x7o}x(}qjhg_(hhljPM8Zl3HFyJ)s-(QIU|-$;1MzF)>e^YSXLc{Q?BM(B5= z;G)!JS-p|||oH&5b8o^139*ZN^mSvyH5|G&}@9SS2)i#bv2 zBr9TNsG4zIs+5FE{!hK-@MyY-Ltj#D{f<6UsD6}cT<|rs8qDST^ZO~X)4+*70jz+; z8e1#+*)^}k8X1=EWf^0Er@}0VW#@T_hOpDis0zoMaB!pmw+d&2j*jOVeAi>blrM{A zygy(xOcHnK6w}u#V-8*4%A)h7;pl!g-;Q~h#mR>AXhWs$Gc+VD|*-^DB*~A zI9WzpXBb_GKff)V#47Nwqc%XbQxD2^!ppe3#k)&5eg)ivf1MJ8FBcsg=h_Nb)w4H zE*(ghZBrZE*2zovDrsFlQZ0^M*bDYEAuQ-5pWvP^FhmOlQJmqVZpbHj(fqlX%bJTa zWxLOlxCI5!i`m0CEV#?y~t7^}U5)L^a z2Blk-MQH?YxaC}hFvQ#`qrEaH?Y~l(R@MGd#}_lBv(l~Za(1Z|=?5OWCA*JLcl$CQ zN|kR_~iG&0MO%(z>-u$3Zii_h3 z4uJ=5h|A?d9`L!_^TTi_2llkA-LECzf1LLzraq3@U8jh`&MG1DW{Z>FSGTYqoJ8fv zIwo_MB-y&OZHN}}l|6H(9{dC>j;w4Y+*$9UpuS}lv z=3kY-zrv*_MCDP^h{ z(zw-l(j8AoL4SYH0bx7jSaUmJDu`d#(X*}M`KTFkF^VVnG}tjyeMPh z;Qr+X;4;faU435)$-@ujO7F)_7DGGHy2u^Ui)Ym`IeNL1tD)M9^2Z-HEurby3B`#n z8;8j$0^4$w>tER5s=}aa%aFS{yCt9axjMY9n4*T4EhW1L&(G{x=sgkl3BkJ0H1}XSl0_BjT19AOl0|-RCPBRX)=w) zZj9p&J!IssD*ADo2JDpmY&E?hHvMxj}h9O`-sJ6g-O?sDXbOZ`r23=pQ- zV8uxaI$TZ6ch8<*k11o!R97>z(i0D+w`%)@N_TWAC&ui~O($CqBW$%fbwPFd3U_5f z0C(F7MK@i5o#astA&;Bwa{S`1CuArCS3~8z2L9X&n>SA7@#DkA=`B^m+U{?nPUuU# z*AL}A?6i(V>_WsB=R`k#d;gqpM=eaFj+V>r5zpR!P44ji-$1*K`icHV#jbZ$Lx9w_ z1m->z7ZwF!3~t|%Sz*MnSt_9&NF9qj627~HVqHfWz3d$9^X9Vce0FE3q^mt*m$7oU z3GM3{UBc!TlU)hfN$6A~KLOi)-UGMm9o4gDVm51UIls=i%K!EDCGb>jZ~t;6q?}NO z3?0dkA!JI1ijaA3z%_@1WQY*E(Ujqo*)e4}=7Ta6MJ1h+GKFxEO6H*?B-4NGqq+^c zzwZ0~-v9mF&$@d(>sjCDyPjw5wVu7Lea}>u(E3k{t=+T8%)DndBbjv1*_w?{<12^z z?}&1ZR(>ct-0R)Otd|oyZtS>guz%E5FCFKgY!h*}8VZ7rb00lpxM*Eqr;%991R(sWF@>OKRD`Lj&!{ilf)yH0+7Iq6Mg znD5UX^PaES?b?GKJ4ZX2pK7VcvQyGNHh9;`HH0&6>f$q`ydh z7mje34wC}*QHJ-TCM%@b$KKrvRc;G^{K07=VA)hI{9cx6XO0VtiEGqtxxjs?8r4>H z>nE;NvKEA3ar^6B2j1lGeuy4zE5+iQ!duVng#5U($Aa4Ao9kU|w>=5EDyVnj=uU+H z7^(mM;L7%{_85Do0t0(dDJ_5hd5Jb_H@2R=kL$atXEr>S}7bxJHDeixQ>hjHPT9OstEXYRYIK+*-+aUGiM0Q8g z4Kb@vmHUra@T7^#bX6Aj%y=&PH1qUqd7r!Sk-y{UYpHu3T1O^rMhui#2+}MB&)xfy zyatHl8rdt=5jR#$dXzYt2Cw-&>%%fn_ZVG1o1T3zEqi*PHp72uG}+b5Q?~G~ovRn* znNm^H)3ViAP3TBZKm^<9=*(f*(b5(3^P|BsV`7 zIC3dGq89h|eAUnaKf4NSE$w(b`G{0=!{Ku5^q@}-siD{C@|=_m75FV(%7){ZbUgR_ z7U3t2z3k(scgN{Q21R-fbR4!-3R{K(T<+EN&f6x&b-0T7o0xAcJn=fmeZ57l!;d+ z%bqLGPH*_+AGz!H*2(TB0eVHRSD#$vGG6&FX!eUs&VJY>Fd$hKLh|R&E}G*wPn@$d z%DLC2)QgoP^k;sYX~8e*p1?cSPCz=Ulg}k4VtT8&xX<5TJ+W7N9q|T=yLGzdq}vDX zpJQFJ+|^*z&eZsB?ELnUm)8~~O#CaHT6I5@+Li0_eVTNmr$=3tND`kqFC48Iakx4+ zvC{o!+b7nB^9nTt$vv4`6?gVQJ;_u@@P~^-(glLAy4;Y#iiHv;wGw9QPw_`awpgy7 z;^9y2)Ol%Y{i$7N8JAvHbO-h7t*fk(;r&5gP{(RO`q z>6ZJAx9lUiD}{WvRxixktHA-7b1w&H4&g_Gj^S5Q3KoOrCQ>Z6Dt8Wc>uPI{PSRPZ z&f}k;#+F?=@cWAf40}qY?>#TLt9{2)K8gEkUIl~Wuzk_<^L>xhptQRd$8D z-6H=nQ^(d(*S1eT1o@P*r@?<#ZTzLu8dkhQBy1UAt03*qJEC6M1|?L*S>=NErLp z4ZfzFUOT$-s~$}4o;LB2PQTvPUYHR3WHvn6;c4?8|Me5IZPNqF_u@N;aM2}qI`AFt zWe3|!xh2{|_we6ltldz4ciSuZ`fdj2*QO`D#v8cSb9au$w?Y|bH#>*82{V>$y2Pu0 z7~`Bp@0mG$;L5_3V$Zf4J$Gvy|DO8&>n~bXt7C$Xm zo%g6fbLwu_Bi9dk?_86Uu36LvdG2e+59Vk{)f6>wIrIt($tWx&o;-f?jV=yae~Z53 z`0Pt&nWrxU0wJ0{auRKKyV;$PbnBT%CcmgP%G%@D@%&Et3UEL%+E9e_#6@71C(OXR zB5t;R@_1n6$JP6y_Bd|h_~1T<_oU;4carArO!z1%J&|_>PlDA&0>g9oR%MOeihX$hDJRrptgv;EGex%1r#rX{jdEV7N25%7T zB7W1EZO<|vsR>X&n;O1qXijvWxqCHl5`j~+y-T}#0CCzAk(dHc1C4W+DZfmE`nHtl zl%)3^I`!T4qJDiV5Qk3Hv{F$9H_q~}&zmhd6kqVaOr)y!WqFX$&~=jLEde4}#dzH8 zK9zCQZ5c>-PV8MQqd!{yZj2DoamEr&TW%Z3$xFl zbL2N%xc=+UI6WFYb=j*q_(OC&ILD(LSa>y94x&k1Ic9ZOf%+)3G=IvZz{sx|cl^kW zOhbIU6;N{85%M~e9N^}jwVkTpEhr}f5TMrQx?oqc~D zAKLL(BQ|4%(94xj!=*DYJ!^yy-SC7rOWt1|8&u^d`W&0#(c<0z%#7X@yb&V5nizs# zO_+gK6Qb~|iH$MXmq9+rNNwR0F8!8FSvba*e4%!wkVxo5bFO>$ZhDA*dp9wZp6tZo zE1_typT$*(IPPELE$aKyqA1X*g{=+3l;)RvamH)i=Dh{ZQ9kiho)lhv{gQC{$Y8`i z{wV$o&#$BS< zB&2I0;G_*7U@DboIjJA2HYs|36n zua%0uH}|xmdOPEn7bIOlSB1Tw?OTxF7w8`4JX>{^C4NU9ZQ3b>`Lc{axk2EyMs517 z&lLFxUs80a*I9O9oTIk+=(A5Tx89YL>R--z+-jPBQDf2F6WUi9Rsw!?#h_5I$mOK0 zMbTERy=FpPel|UlRj3U5)yL11w~v84r}f!U;X7S{G;jQm<;my|?+6d&4GujP_}WY8 zBlRQ4LwrxaeGMVoFfLq#w98*47Sq<^AbPC0b7S%P+E@j@lQS!pow^Dh%RI=cvG{JB zmMWbs`9O4OZt^w8^n#1rY|>Vp(N=o{8`#P%J8#UFL)yX}jx8J66{S z?TNRSkrQLfWD9>A@E}EZnQcyJup>^&4VDYuQlLNn7=q8dyP#bef*e?;)B?3xrR_Sy ztULlmSj)!~T5-=zP7M2P$KP(okJxPz<>-?bD zt|>{{&gbb;#mhJ@^~!)lo8jHwEEAt_ck>t;+ux`wQ>? z7H#P7rF_*@zfRaSc{8bf2@V{KuU{Kr!M*UuE-B6}?pMDE{SqBf?4eo1CNt?P<9Hh# z?6g{#iVxemnHv=`o%TxGe#{A+M8g9`(ghH*+~mWg}hw>;&${9__C=P=f!bE z%#D}$^Y*|O(I$}%=Err*9|y_%;L)`mSTX1NVz$~rdQ&myuD##Xde1y_F$6YNpJo0d zYY5)hzMp`9M*E*x^TLz(ml?GtYbZh1;3?QRSH1Z4ue|?2TLkRlU%dF`bE)Fo(th>p z|0a&Sf5#E}d+&Zj2KjaVU0*wpM}7?CSC2^iQygu7isO?<(3*jS^?nWHceMX&tf4Q{ zZ*AJVYwkC^Pu84%U*ZTy;`=!MhV^P3k3iooQpLG9`_)7LO(2>74&?V9fiZrKqrqBn z1oyw-+JO}Rr$GLc3-H#h>5=QO+OKi^o;CC>b$mk}`XAE%m#j0_z99i?XpME`OCVt{ zejmv1X@AFhHIQT{e!C&d`_&WwERGPIeG{%pt{q4iLMB+qp|vu9AYUWwzrp^J2Y?;qhdcnrSR(=a85%l8P5^&{ z{d?Yjg8e7Z5O`1oOjqBt!uiW@c(0~(5eGY`rAZdCrQ`2@jm-GCE-v5FYR!$ATg=XcH^L3eeFb&yy+6!uO9zn zPE1x4&jxC_cBim!WEoGcKFm8hcQX^NiLK@@(BBCR&;tqA8;}q5kWH^XYqvfs7mV0x z^&@Mt8X*a&WyanioBr}>`|#f=KL^UtA4Avw8)(v>DwFr$To*$QwTC}vmSAw;u@LxG z#DnZG^1F=-+RFPQn19`^?F@=1<)bq<6PEi6mbAwqAGvKAggp#(bMMOQrf%P@-mYM_dFbiuDb4x$fn!PBp_Y1gDeZPjMEg3%l@8Ap36hfAR+rhR=bDY%6t!WcY3*b@ogbg54i^1 zBY4b5E#DUOe`NMJs*^)XVsF}=(ZasB8IH!e2#=@Yn!R`Aq}kdo}r+T`BZ)nwRR<8T?XAq?}2+m+*c>L?c<)#Td&vz$fvB# z_lqkn)t)n&&Wa2gvso#7s03Lo?ZB_hDnW~>E!DpIw8ZFmkM~TCO4m*qubRLxyx&=6zjMlS6l${+L6ch|#44qX*tX_K;(MZtnh3LoAR8j+AOQ;q+0~hwM_vWh7Y{vmt^Bd zzjIEOFxw>Q9_ir>MS8sD8tUY#CH~ZIOW)hi(QU(8Mc9X8>Q!hAQ3x#YOJee)x0#dW zpJjbK>83N@haTq|dc;-R`BO98S9n}ptEXQ$xWY5?Rxv@$?OO>2h4>|1Q3zZuq3Ss(Xnd&9 zSkGlY!ewt4c?+23Y4Vzr74l2UA~!z&vGFG1cqQR@7t}A@+g~u@7CY(oVpdjYPSy!1 z`z4hDWrao(m+}CYy-Q@Id*rQhg4!Lz@$UYNp8g~fxx7B*7U`k!n4r*@tDr~%<Q7_oIDQYcF#%GKo8@6;(Zq*G1G$z~3dZP68EbxTj%?XlnD zu;hK#uzfB1F%Oc9c;qa@-lB{REjx2l*e|(dhob4JQ_y+htUh^pk1dBYg74CWDHvO* zOBgI&QQ2v1c|aNpG`h6zHLJl^>P#C}eUXiiQv^zoL;}X41W7~0_qsmF*dMJUSMNvXQ6~b*cf|RD6g?G4zN%ru+gy- z4!#zYm_2|FR9U%lz&TK5UEqOJffvIRkVz>0P!uK!)e?$ACZqJPqAHAwXqj6)4F zxCN5~)gXy2nBf{E&2zn$VP00h!)jaC+dpyLN_>tPzK^77#Rxn=s<&bs9w38TF*y&A z#8%Ak10+owMgYLKVH_SJgWE8`6tOMuV)D#xvDrk`Abp1f<+e0%FX zIe<~gw87IwYwpc?eE7&Ij^;8qEj7w81$~b#&1K@CB<52siMZvm9T4Zx66htKv`JN5ywXEFj@ zdTj-MWvXPStdzcyj{=uBi;(Ngu^9g=5TJe;UvM6;JzP)s*}vtyX?w<4F;S1T@twt z!zP%?<*WdisM;0;@Sg${%9=&Vw23Lh)-v77I(oB~q*fT?#gM=deGRb|F>wt#K445^ zBcBF;V8{d8aecJdD*PA7AHhOdfrE1Hz@%dAhEfL%*LWW8r$+E5ly{`iQQJZLId*#uVZ+708GlQr^T zjmuksMoI}K>@6&Xxlk}(n{0)T>$M25+8IA)kc z#p$=JQu^Qqix9kabIVa!{D~}v$YM)ayyX}WpQVWnQ~2fpPnU}k4;js|X|=^F9el&G z!YyUAa!5^B{0J5+m%!pHP_Z*)2`ZAy52g%t4Ug}|^?I-uXk*A$of(lnR3>nTx% zDHQGij?9!&fqfSWq}N|;0X}`M!2^7BLKAjleh6@{qr#T8?S93Fe&X|0{{Kg;=L7Ml zJFVaSUWM$GEwEFJRXPBPtu1B1SBHNqKEErK*qM>83zUs!LxxXWpi=_9^+xzla4~L$ zcq&cOK9JieLP49x0l00805H{D1_bLo3xNiOd44b++Ipa4_Zss5Ut;JxF8^qA7nwON znK>oQJcdmCe=COm2qis6;sV~d)P%3O46P@^1g4(?V3OX>52T3!JRmC@11ekUer0GlD@*J15KU^CG{2-w86&t1T` ztC${1bCPN?VH`f8T^d7GX~N{P>zf$*jr{lG7#Tj2Mmi+{z#6@Y2X?M6(iqUr^`0dIT}L%)eECF9x(ePJEQv!Pv+7zCJT%P;~T-JjJFd$_?0BP4=BQXEaqzMYpbAc1wkd6dc zKH&qjapnwwZt1&qFrEo)A=DV)g;*QIK|V${^OG2-QnEYE$&lPAs9yl`*=V?@iw1K( z$QF0O{jrR7c_3LOqu{_OAXsD$_H6ACJOIY2bdV980K8yJ8H^wu3-Z-nm0+L$4~oMl zU{juju&F;*hyIg3x?kC|@KE@q*61eP~#ir ziogMFok710nof?;{V{$=`8B*W&FV#W(0j2*Nct=P9&?Z@dhr;OD zP7p;-&n|?G?!q`2;&UB8V7asd;u@Xai|d`$%SaWUs0fl<3UeeVw2j(pMdMWO1w2+k zqua*qwMucSy`bWZZkx2%YQw26fyya#+k1Phk2qCM=&{OablV4eE#_=h1yFHEw|%tN zlFU{$2Nh3r+pN9T{=|%GB^#doQs~9Ke3gb7ji4eggO12#Mdq|oam`RI%?xIpEg6q-_!kKHIk6jTmL zp%IdNyNxmwK}A^#O(n@EXOy7>Dk@Uw^^$xVMj3yB%3&!qwItsOql{CaqACTUH%RiK zjWPm2O-%|-BgyA$lo4^j=4MNtzGj+uOCkFV6+6@GJblA7aeX}dnf2^UBY79-MJ-ed zC_GQkOIWY(?2jFx&2xc#$(V5ualnUI{9~I{FLU;w^Q8qtJf7hq8w^ zohGQTW#=F!~A8ZIRCO;&*N&?#^|l}(IwRPO+?6jZGFQYasAtZqoMox7-bH-xDizPaXEV?iZcgpY5EGAKn{TI$himQqX5 zomf#y;m%tTs_7bB{B*Y3b!9e}=v`N5w^+CszcjztxinDq`C-krNL_}E=>feYF7O+m z^B!xQAR3^snEz?n+{Yrd{^-(}S@pQAzwEgc(UAJ8m^_z*Q@u(} zagdqP*1G=G6(v1Q1Qjy{1qBVow!C8%QzD4OBMji`c%A%y%?tzu#fFU(QGGP5kc8-2 z7w2%37WZyxl z15oRbRkuw=H^;j~2S`Yz+wBR*@M)r*x)~hNAK15x+2y|}I27=0pK@2uX= z=Ti=n+S^}ABs48{$~3qezdGt5rpX2M5aShd8|g%^DJJ3_54gq&wDD;+MlIb}C_;~I zcs^fng^s&fv79RHRHaQy6Wz-+NwXukl4sZJ=7Xwo)jqL7Zawjrq&-FoV|?9{bq~je znMDhTRYXt@&xCadsKg3~JYIaC`7}kG(_wSB-)GYznkyC5mpU{S8#bESKdHLB6*_i^ zfBYV);B;K;Bc?$O))iZ9z=wGOD<{d>*tw9QlUBv*Hj^}zEd%a&69gH)x{8_uaVOnAkfNcXUDtiB|wdr+jak?MR0 z|M?Ef5(Bx?!3Nr4h1eYZK_cz7@I7rcds1TpyJc!wNsEzbKQs`PQ&?w@X4=;lWt0&Kw@k z7Y1%OLye7MdwY60G+K`;8cSIE8x`Hg+^`luC%G+0U8c~)i8$Y+6uxHr6srGrViZq-{)xt|c-%JJg?bx1;9N)>7|}W~Mw;S@+P#K+O|7e#TTMV)Vdz%1uyI ze8xJ?(idn(g>&i~qw6j(57#R{*!by6Sx!u=mF}i6FG;58+{fIUGCjEmy~8%E6u;`L zi*=c}R+_C$GEALaI7S-bi5`{2Gh)o$k5wtJD_uBV@QT{}&CpSFoVq|b>i`rr*{aSk zDLR=rx8AcZ%ZgIdnk~77x?`#ANkt)A-v4Up38CF#4b?|mcQKcZwcv$fZYmGWEO(Y^ zIqKBV_qZkO!oNYkDzDMluIi|WJY{j zhQ42Xeu5yLiR%qS@F~J<>{vEEdPPM+AtFdYvFUq5>u&fUD9$?X@$mF^R9A>G|2-Q6M5&7r%yyKYLlyE`N#rMo+%8&pzKIs|@4pXbr{TkHGl zuRhr0IHS*+Pe=~8mh~RNrUplk7M$lP2cOyM zxD8*Z|4*D6;2?)#P<}_s;_Z&m4<4vj>&uvF`QuQy04tNHo$Ybwo20e(nbnUPEL~2q zC2(c%vc_3+Kj5_LH?o`LXPw*6av~xkUdPAtRMRa|Y3cJRtkbA#)vL=guGO1)HQO?p z$!>m{yosZ&O9h1&eaEaeqno@k&5nG2-)or@hU z|IEEJJdFc1$%hY=S0BgGWqbT{WL=)WlN2sO>H)`1t5MovL$DS`JFE z{Tlf%8WsgN{jW0==)F@nas~6A(-$dvmH8C=iDL$yo)_(z36Vwx=xfU2emw{P2lqST z&$&VFk7l`MjNevjeZu8DwcsA7>91IFEHp@*S16vkr4QGK-DRg$W1q9JF06i9ueiVz z%K|9P`!B1J-oq>MBy;5WNxS!(rxwrW4LGYc&k?1}6TF5|Yau81)pr^`oUQAIULoTf z`aWdx(+2KmZqM0!CaYpL%D(j?`s14qQrdF@hTcs^{G~|d#>E-wR@8g%sJqxcrIa=f z%{|-&ocu^tc6>P|bIgP#p6>61MXbUR6a!K}|~|M`}U_GO>t>R7f!@t5*KMA+6yL=7d=QyELW zLow^m6pkyXTsxCt`kzZI^~`0gKTk|oXiiuss2~0DF$|OdlnCxM~fMgltKW zwGOWyTN+2`>xw#&lXR+fI)#PgfwoQ@eo9|06Hu}Hfx|da1(A?Kf7-sz#wN+0_i^s8 zJ|osVxr^@xa;aO!7x=A?xahIPkiA}hTbA>CwC&5XfayGiaqgc&b;o|I^|ujbXR7XIcJ+v@w*tOa zimTtmY`zr)PRCK^@nfJM`98~Cv}Vv>B*h+owO#2St*(+!WxREqI{!+z{WV}Zj;E&| zBJbtRNEwXpv+f0N+^pAEFF@*}xEK_ACOX-z`#J~Z8tfR~1a6noms4{q!5-re%32Aj zYcA!S!is!}17TPZakEqOpW@xAq~mB3yF~hLAdk-9g?O-2;t7gbRCV$+5*(l z5BnVDD3pGs;;FGVlV+<4on;oF@)s3;a_Jl0#EIG7Zn+U{{KSxHdURrYStKQmjkwz| zszdw=*H0g)tolmHzvdzDV(j*Xq%96i1qOv?r47IyFzZJxH%I$5H{u-7`=;l!2+&-t zKKy##zIj_elP`5QZw%Ckn>vXm*kAU~1+(9B3I8(PzgQ!9TH`-^uKxmi>~+i?ifdm*Fk(1BJf1(g(8_)L9W7)1f^S;>ie3vk|Z3=}YAQ?6t_yxT>7 z<0fS(BBn~dqYE6RIeiiqU!uDR(yNs6JeWZ{k-n^*XpT(Iko1>&Hj90b(LA@fVSe1* zh-q}VJ9}~=u)+C&ab{cPKLu!-5PN%=ToX3zZ2uSz-mV!bRG`Y1Po+R}Bu;1_i)opv?ngMBwwg@~c`VwW6E4qv5(0;F zxaN3E;gZ)S1&3jjl5y><5ck-9N#g6-D0vu)1oB{BK8v$R6MZzHlC5Pug<4of1X7KZGViTeh1JO*orJ!`r*P}T**#wKd}hzN<`L?dSvsX3ubtFTM5OHY_JW znu&}5>u{Vot#D?;RS|guq%fVzb7LcJqrr)Fm}x(;q*}Rww*rRX1U-SxQQ?V~kHwSU zBBq(0<`;7PtybWd*EbS*-8QC*eYZ`#rx;EpMe9d=qP7`reZ$o(f=Yw%hs)Rl#4YsF zuJ*d2iM#&ooj0k?=GGH)am2p&2TZqD*eEc~p1ZsqUw=4!gZbs%Y9v2X8~K*8T6|I_ z_XE7DY)WJ2|ejQgcD3>f2fpG9N6k%C$J#o(5|QB|W2-lGmGXxE}H@kj-9V091c} z#pt(wZyD}njYaoXVir`T?J_e{^hPBs73!j3ai;D3??yjzK`a#n6}ev?Y^FR zdl*)j#y6`42tmb3?B-GIg9b6MeXuew>2K)N(tjtR0@`~4veO#NC#7v5id-(fM0Ih~ zO&kHb^o+b8PHvo4T&A4q8vGL0Kc}(MF6eSgG_W$TJV6O6UqKSqUsB9c_B{P)hGKt1-<*gYJwPls_jRBjlGK)cf!nD|z-^gOgsB6o(gkrlDMH4B$X0ga7 zj=9YuR*H5|U8bX8J5H^UD|?xuh49y=&N!19qfhFhimAFGqlAoO)B6;b-XKlME2*rc zdTl<6DzhSP;d6M$>)D&LZsaN7u}@s~T?E03z`8(ZUq$;dkV!w2AA`gvuRLO0wvv(! zgH@VJhm~Uy5bs4wq1T2bp|RDXlSbb$xG zNb#uJzGmaPN_JAO=DT?gyNRyLpA;Q!E@ZL+R9`|9G2yso6;41GW!O_yic*!A$VgPS z<}c{ZSlibvNEzxhq4AGgF!X)GCKLWl3y)|EJrNACXqIr<%3+YPKw5%KhoodRmfW!* z^MyYY@)fNarv<{<+!*i0ra9VUpAC#0dz?b(@YA58khk)V?j=5g$I-3H6W-ak9}{ z1AzaJ5i-WOZvp;LRsTRj~p#rly$bV)X9xCImjVy^r)|yDt zoPX@K<`YH?hU4#|&6|WuAW$j~mVr{sWTQH3R#}fJFxDTtlb7zUJ-dZ1bmC&0X!bU+ z<^_4Z8mCPpB9kSuBh)onv`~*FmfKeT%>Q?;9fMZ zO_~Hr=cZ&8AfsBkqk)?8O+^k1LZwf;LSS3H=;G9wqCAnvFLi;h%5V7TBB6Go9Kb}? z5v0$RNYC**&-l3DkJ_*{_N?(-UBso5VgY8Vp7-Wdo39z9C$mGjN9%JwE0>CxdtLLG z-QVaN6vCnib;W;yhV8pCj;odB-!PT4vJYfPG~s~XUujP8duX{4=6ukOV|uT>tgo5r zkT96*uC%t~=XEbqBf-zm0AnQ)2b@_fNmS)+X(Re*(|a3x)jpAjKBiAl6=F#bR!gRRc&X5O26hJUR}t3(r96+$xE zS=}r|!t1u5St_SQin_{`{pdRfDJA;F)+t6o!gFqqpb2{m)agbD0 zxrlbvj2pvNUA(L8msMM$vo0l6XSGAlj~vV8*;{f?zNS~gO?+dTwfhYbN?LJ zp~73$!LLM1m)O}sI8(a;oLE5`wT|L2Q%2$6eS>R_aTc6N=?c(G&tr-L9Cnw?sxHyy zDdB22_YTj%x(3nTPbZ)xA6isX;+g@v(Sl0lKY>$Y6;&C0EsdorS}~A|2Sbb$kMrZT zQQw4=T-MXh8Zy;Dlo&&epr{J;-|XqsVwM}zr2~;F*lJ)J5nb4TK&TkO6w-Lsi*%{} zWO{zJ-~aW?ulOmQ_Wshc>0{kiE^h0}lOu!LIQX^#(&|Dwv%prmIyysX>phOD$T#(L z)FTz?@aoW#>X@)0Zr8pT6vtXHQV7Y|6LAd$ax(JE6%XU+>O7A@;W z3cyd4wDB7wwlo{^7EzG^t@gFLH=vh8VwajLh*zYOmKz5ZN0yUxj!cvgC)Lyzw)fXsA?n*8~7#>K|j+sl!{bS_FLlc!9evB*;V7ti@SeqFX?4 za<6{Zww!h{UG=i4RV=uglm3gKX4~F^LzYXkzui+>et4-#_~EH2hz{wswi*>v^(-AL zBUl0MamYozVPh-}(#`mZ_`b4z`IM1qdiqS~$LBQ5vZcZeC`ur5H7Z7d-+uCP>+aT2 z+861@Cd5o>Zw$&c;q@g4pJ(loR;f=Gj&cWtFy(Sl)#8nhlw)#VE)2 z`y1fa#-loei|5E{Ue*Nk1Qz+b6n8pE!oB+ej#WT-@sT8xOvmk^>PHDrosrLcVYudi zg%b^jvWQ-!Tz{Q-)HRJ1!=RgdycJ{$-$xFS5?a*@r;nI(rc(h{D!a<4VHId{6{bZ6 zl1T%^LQ5`eC%I8ScWejYP$YsKG$b_XNHZ>Or#~c(QDU?_>Nzn$NK?DuC(@3qqsxi_ ziL^CRq@roKb;I7U{-|hO-UAX{I1O|{9EihiCo{ztfoAch|E#v(rjln=;l;~U2pEdf zo-uJJ(`ng1B=did^)6Ij^Efz1I5eGkW((H47mIF_0d@4r;I9kS&1izLu*hMnntD=P z$7VLG`MZrZ5gCTv;R0T5r(|*;qaf3aF%6fHvu6+rNmKF0A*IRxHdTiz70Luos6?q0 z$-p`_kF-nV3R4r^paZeDI&#nP^Y7OjvIzx#DcBY{SzWG%1#_R_;KCJuP#dJ-Qlc`1 zW00H7gu$&BF&u#mB$I_eToF1la<8H*Pv{rrD_e}VXy5vGm+hrfvgZlA* zVuxFa)^H>ff~9z@s7Iut9f~sv9v9yoesCTB2-+T40Is$zShcffJdMk;{DPzQVaui+ zHafap?oV1rxxTJ1lcu?r;Uk!Os||)^5LcqlL4i43zW+*-bj~DDF0RDTn|!e?iX7+{ zH}44ynlZ%!ZL>$A!SdHxcnKxgtAgJ_`Rj>?25sqZCd6D3*b}{lbYf6_zobnju7&iX zmR}BOrS{NQ-`uJZnan_(%W-_K-IUzxpB4{oH|W9%(pCJqBlgk5N%$y~UTTU;x(%Qp zub#g7Dl0=`gb*(VRA8?TlO<066HSv~wB-od<%kDb9V9HY(ZI9K5eG|&kBKJf1k_(e z(WwEyS7-j}^5X@~xjtt)xU`HH&HP-yrlc-<``%sR)JeH?hDSerl{c@OY{Upw?3T42 znnV#^dDuourLDxP(I?6lrf`q+mOSRmzFOw0d2Ru`?$^YI79jCR7y7a0!%}cbYbiNx z@L@*4PY_H47@(mr57aTy-ikHhI0kYr1PiW>6g@OCqP<-k!p-d+O zAixE&J!*{@e-X+CBXzY*Y`^hrd-QEoIqG5(&5Akt^CZe9f$p7|Sv%8e-@jJYC=)2Oh$un=B8Fb9fO+_sNL0Y87i}rYvw!ZWpkYl~ z`vNV-U(t@EA)S&>RLcU6ujMdg0ns?LUl9m;FwB636*$#Exri|ZikD6|p!~=dI-hZ9g& zI@DpLGkEd{T_h!_M#W{z1j9<@|4qyNwsNFMow-Op7_D%`3vieqw!QQd0u=5CZVvw@ zm?$hAVLxu5#ZzXD8~bfyTv&pb(9x?|>IxN1jjogcj6ZSOrW{xQ<^`?JrZYVrsD)nQ zzm?UEMdhIt%(v5i)9$72SqN577?Ef?l;y3l z_VK4rGO5uwwl&!^iDuJPMc&aXzkt(I;_Xo~dqVjqul=z>TkH$mlY(0DIR!fn@$h#D zpCro9F3oVSJ1bm2bPcC?;)1;rKtf3}<3D_q%dmCb$9iLFJ~Z#DWhX5^y{iL@x}(K4 z%x#6)?jIni=p9J_(b4o z1tH0q|2E)FijsI70jM1bFkeenkTHWh6GG#|5=N43PFJ(n_dQLwhA%IsCLqL$*ji?Q zN<7+`=8bmjj}dwbok1bx&`?%gapcsonei0{SBI& z5AFQL?pFJss62>=0MhS;bpB2t^#~_$lkcBnVZt@lWf^HPg#M16p%!;MBH=43F>tH) zuB)ISbJ873&asDEEg2uhRQF%`{geS8BEdxeE{yLW6I~g~Id`E4Psjb{ldLTyA)zec zZ|wVgo70&NBsPrd+_+MeA0xGFYh`-iHPi8dTo}z>(%K+VLumSdlys1J-S?vrIEI|- zvUNDLuCN#kpOBVZVy$aPQT>&5@bMTc6I9{5~{+Cp$D4Hp7Z&__RicGuS1($rZR zid)d@{CquR0UqbVFSQ%RODS)3FY~5^WB$o!LXapqG<{3bON&<6$A#T-;5g4N%=B4_ zCiSyBJwvO8ph&)tyWs#ecq*BfzlT49;1?7`I<(9pAYL}R;miUz^%vbP0kS-}1h^$D76JAQVD;g0pc9cF=+|VO%F)WJtw}=u`t!=pZ=2n*&e$0GQxcNH7ri zRgjjBJ8UmJBiF&WM*OpAWNk5GKY+mko0j?7-5h?@e2Bl|N}UdRW*hGn2bj>S)R6L( zsR(lG=~wg3P~`b<)|H*qRU;UiE}=(wWt2ZdN`lCZdJ^Z)IVj~)KMg1oAJAZdjB!gP z)=|;M>rqP~-Vd;7b;qjEbNSI>c}GC@ZE&!6eIa+tNJZ01C0TF^tldydeuKqas= zb%*j09Hmd<<}hAj36DzHZJ|EWIfQ`k=n)^_sKw#cjMFu+=0?4E^}kg*yEn*+0>n3n zq$nWbb0bVJL7kM!-N>Ds59o(uti{G&*WO|3ytKJnS{-I|Ukn6eY}xsHYEyO%VqEqc zMSe(2Q!nE26@qF**;k=@+qa)mX_M5)=@XlbQN1WR-jH*^p-~^dC6RoM zr;MtjJkq?LdivfvcpdgX>IMK$m729_Py2HrZVSL@wq9t71EX2E^Uhctga1VkbIrvs zfiQwPl;Mu)y7?mPz3#>V&~uy?TpLIPnbOLp8vAo?T3FTR`DL-5v7;NyhhT%gGpiQK zn6?53Vmf~2154&x?Wo}! zn-k=YFXaN0r@3XU8E2<&(EMi|^_<$pm+;tM~0Kx9~4*TPvriabJ=s{$T!Y zyPTFOq2!ANF1YoN@G45u8ijT}K;rzdl_dc|v7IfnD*JbtwxwK$ZW;cf#w+rZ&ehY7 z>`z6R4oL^nY>L?8tGo{v7yj;R_HhjFiyMYbG(d{jsNCfCA_-?}Rl=tPxM<`3BeA|) zNKoV445~kXcnB;YGPkC;0zq?ScO9}ff)*)gr4tfSZ zgmB@4;H+wY&%Bpbi(n^H&7p9)Kc$8Gk9XChFs;;UFoIRDLdEDm|C+gt$9QcF<$&SU zq!@3sO}gf+@WTid_itc;3t}c{#1-~ep=w^39EFt-;uWTcHy@v_Cs8!q?^r)IC*r#m zl2n-4lMtJFSd{@DmlMM)+C#c-+4%ZD*y71lQX2Df^diV0WmOu=jKXc>$?CC+X8=Mz zp2e;y{~QCMMQzhtbc_4rIW=`j zpsk#Q)De9b%t6AVEs+8@VV~?@B;7z3K*sg34^!49N5Iu8e9q^<9K%_1_sTRgnlsTK z=WTB>0AzfHk3CKX{iGU=bkTD>uwYNT$sT!}IE~UbJ9{WLul23@>Bqs8yY9W;?uym0 zGwpWqPCfc{tW-Yi4W-94Qr8pzi@NjYZyGu5+7JLW_XYFEtK=Z9ZJw0pkd-0aQH2%3rTAdflnsu>#$?b{t5B>1Ooh zF(U6+Yot&m=;z(moY2fuP>-sO2+(XFtGJvQf6R`s65c1nh0_H6ufSVZM`%CL@Ue?v zg1mZ)c)_jAh62Q9&xx&Evw>E3V}$3%HoPR^S;7mbDfk6iTk|*rZ=3=glMj){Em0i zcm-b`D0ns)ohZH@>VF;lf{RXKg_k}5Sj{V$_(lmE#xccujxnP$@k8d4r#Zz9EABQ=Yzfc`zY) z&`AUr`S0dGs}U1%f8tfB>aMckqBTo49iF7Qd(N1kx9a?e0i~O+d%EMSL3_#rUpJ$v zx4`$yF#Y*lGQkHrFCa%FO53Lu=W`lP5sraDVdh7X)-Rx}_k5%%W!{NFtM%xJu)o0o z)z3?cxF5ihT@>)OkENDTPA>#0?BY_Cd`EdptjUbE_uOxzp#Lkb6KNOgd9`nt! zxEk}cb$COua{hJUtXd^KlO0MJG8Ab zh2h8|rHv#b9WC|F{-)i9J^_PW3QkM|FX_Y{O?)F>7}`qP&k}6mfEah=4`e6q4Yi3? z5B9FwHMLB$Un$ojcE9f?A#228s8ilsiC;{NIG=g8&jAkvG1f6SBi~q8H@cfWOV_O? zZxGjRv@lIXk@&GCLfnK=3leaQ303Ihry%)BG5%HhcP(1#nG6Vwk7GroxuD=zpwUoy zio;mzSrGsI=!S}vau;UnD-hnb3tfRfxaCZ7d^AY?M9D`R&_!FQn&`@$AVQpwJPDKt zLes7g_iH=(DtD0MhZ^m)3)Mru-Tp)w^s8qP4M`6F_xMY)O`r!NL-KE4NepCI~D6mmTbG- z=T#uX4dbk*FZx@mfaEnp6HaTveilt6Bn9unfCo|DwFlua%9|US)Yz>SQdQW$+)E)w zTRN2kp;`vc2)UZc54BNuiXhWR2CqkQy!(xlYs#v}9U69$O0T=|?R7IN%U9+6ARq!k zOq}WmGWhr}C$!B)^v4u*IlqSJh8Gv7{9K{$^i9BYU;4<>{qvl=?SE$TDn)_wM1Pe( zw>Iq$uuV6x%^u4I7Jg8D$an_NuKkvQH3h#9q4oUTdy=D70~A5QF2g%!y$Uq4ffMA% zLr^Li%7JfpSv4>c<~P9}zl!wwTy2-BR)^{p%5PU-dR#%2p2SHYnlPS@D~#f%_^^Q`JrAZg6U?X0>YCjQT{Y(uDhCucUGu^ zNd8tlNs9pxwNXAIQY7|g;4U8*@l*h<1ASeMI&X5J5L8{t0{3-Mb6v2)*AYIi>7Ujz z9o054WOl!75odK*eRw=eZq(+ta-Vix9hX&PNQ8bEP-z$3669G03BAYh@kMB`71vJn z|BCg_KP!E!JY2SOID1;Yj3N0&fy=gEDMQN^3D$DK9p=8Jp%P1 zy1&5p&NR?G7r&JHuM+3^P~Gd7bng)-a86JuX1HF(y|dfAKC3&@J{e3PKNIRa?t4 z{kr5jINWf_EgmN;{cPH_wkyV_Xa*=AXo5OMHGns2CtZ5;7fMF~D!OI-P}Qm_lA=UP zF-K~fN=@}&zx1OtRX+_aU6f=McfVDTc?$J#k@xvuJlt5*HVPp zjOw7?U&3h5FYoSNuE{&T$sUC)zwr%rXf11pGl^@wpcocS{i-z&Q0iOq%@X1t81qX8jul+m{78SEAdnAKLz0ztS*#_*qHSFyI+*QK ze0vQ*u!;9`*yf!RF_#EIp&9>$(^-QGTpd4Dh-OMyde*%N;rg?qY3N?pyw^g$F?hF$ zqH*`0*&$bv6wjzsRU9#1%WnT-pSF4WXQ!#tQTb>;T*H$c$%b(I<>4FFR#*A#lPi$S zdQ~=mHYeWaRpYeo)6=0bFQFD+z{u@r;Chs?bQj8yRK3c3HVC3tMw9gqA*de*Y1SPD zq=EukV+q;^%Fybe#zlCV1m0CGi*;F~2SyOlN0(G~=%G$P{|#L#BlKPy`zsfa*YRlm zg3?A}99rk>k0yR&x7!_c(IS0Q-z@Z@)W7tUtGE{P zL-DDk4Ce}fV$#&8e7r(5zv;K7=g_COS$>Y3y+Nw}ecaM7G;%}V+W4irRai^3p4ze0 zVXo|JK*_R%GxyUcTLyqd@Pq$jgA2h^k}pNSsc`bZ>TCy>gMWSJjScS&|H}ZcD*dK} zsO)ESzc;^K6*mC8Du-lWm8LT)6#_TL)@EKirRvy5aJ-i(0A^lEs=_T@#`)n+AFI=^vxBy13!SL( znwb1K5rwDgw3WxGv3rge)FL5}An~zk4SL6KaV`(V3>N1PU~%r3sX-|?w2b65!YE_6 zXflAj1v5A>vX^Dh7Pw1_3TNv;!Q)MMeA`UP#`QS|5f5s>L$OQCR!Yc2r_(FF$ zTu$lm({Gh5*f(mYtvFxCAPi2uUJ+e@!s2N_=l^50AK9Cf{~+){mOg`!RfQLS<{={%Z6~ri~UEV4A;^0Y^ z1OCAbRDn232(low>qi2e9zCGWAIJZ%yt57Uw8!@ zPD>4X#Gkc`lY5g!9BAb~Vzy}P@KxhwB0Cdp?6ABNj*T-kHC%JOx5{cFlG%X$rvES6 zekG2~4lpfgV3Qd&_^(Q3n*6@cFY=?*cg_os>ZTL^awGtF0*~DJrjqP=$(xuHwjoOB zL{PC*Q#yKrQj}Q#tXFLUN|_ZU7+dX}Cl#$VB>q)v(|CLQvLvP9iTYZkK%Te1X^VPG&xn#VpWJ=j`7-;(I09aAWHpGP%8aI9Vxt(ST(S zki)noc{<7-i@M50|E$LG;1S)CyuO1bnv&`GeU8VCboM>4BM$aLC^zyp;);jdK3c9H z?vBq1$16}AjilP`6HiYyRgH`&unGHj6Z6=DdG>uW;8uCJ?k$PNcfWZF&1vnbywoeI z7Xh1g89iun-ikiV`Ph_r!atFr9EM6DRD{_41$%n66nlVB1Xq27vH`vq(pJ;tJ={2) z$N$U0XKhXKnz9;8le+HBHwLu6fijv}CIKiK``$cgW@4{>Ha98BWSFXdK6lRwrM(a-9f8UqSM0?!GbH}zQVJKwWg{$E7fYViqK^6VWPb;U z1%LfFac3~Oo#!RxDsIye9n^k90G=ORmiC5% z$KFj4bp;)4Uj5PJBEIlRZv5gz(CMoqJ;*oY7?*f*<#r;r|JJuwipjMz`HDaV9N{&! z{!q11Ahbz(T922OFZbJlV3*O!>X5bp26PAcO=;KXI(N>>ieil`2Slb^3|+L!>S{5H zYSNV=I{Uygx&%RRtKZ}>RRqtGJV;lPG)$wt#Gpxqe)d+-Ta)IgL_Nt6{qUmByN!Q9 zru6wc^3Oi|rD7T<3{?-troL|(0}!|FF-Cswrg=CJN?nTHy>Jt;Sa7FB_#rnp_lgoU58tGlIj2)=d0?s+5rRQ>*~Q7BjU)G*+% zzSZ$d-Z^rAQE|U%^IpL@xD3P{z<8n&6mW4%(D+#x>2%{K9T6fu#1ty)^OxUjz#=t z1gktp0e49R_yNXRz7gRjD+NXvbMcvPcHI9)sv|?jiT@d~g$P9KQ$bSc#9v{WrJ?S@ z)IB-P$aj6Y80Qeq{$tQ{WMInhkoJo&LKmkfk||M->3C$AbUO$d;*K<^h|Vf-myV1F zoT+CHxL6c&9-;8PCGEMIMPNgB<~#m`LHW< z^0+%4(DS<_$3Ya1^Aar-?`0Pg8SR-%-JNhJfV29;buIiJT6w!eK zJLy=t{#cEUL1E+S3M$U{i5co^a6)6vY);TkNNRNC=;M?STBQMyVZWw)8=TxNw4p$i zc$TThgH-5EP++sxWHK~@$RdHehI|1|2;wlSGAS5oBfTl^_hY_`7;-wPH9`sIorqR?{04UtVd34Y(*y zVqnkp7bUy)ea{z;I>|s(`f1}2yjY%3KK7dkz?3Q2`|J90WS|tjt0<$dwW3P?;|UDa zg=q4K#w+ocd&bZkF^yxAGD{lMH2FCprCyZ~Pv!78Y<0V&$1vCzL|YP}M7Y&34)3n6NC{a)AfrzsJ>4WBwgeNgc_gxnh*`IZMjO_`2c>Y zUstyRKdZ5#DjZN{R0Kuq2-@4y8mCF=-(9!T@-w} zHhcmT58U*>qu2v=ekNw=*V}zLCyfT&8k%)ec2~cDBNJe>XSD#d(;!o)D1G|H=+bM7 zuSO5PlqM&lMqeXU;og745QT1xR1sRZ>_Cq>K zPv_0me_+uGZavk|qBR}lUlYsA9}{+qc*xV;ob+(eY>hGTLce>vTMoTb_z;kf^Vd_C zPX%e@odafb59%4C`q7n43G1zZ*{poEdAFc8f`k7hbS0Hm$#BK^C&jLvVydm6M`!J@ zGWzdx>b+lf^9kIwAr`z(zV5xOI?3$$3^xwC*I+e^^?CT7MN-u2TeNw`97@GcRGGxF z{7~PW!&(IuZ?+qJy_jb!&ol|cQ`B~+k@t3&OJvwGYNRiz4z?XeL8Yz+;=)fFMv8A?Pr~as&4=5>B!*{W#&6m~X>U6PasYz;k7w-c4F!In7N8Hiw_2jpS z`dra{zd`5Fl>6}e?n**VTLH}Dvi!wnMF(1vl=h$|>1>KLC@V(V=(iF&4z2FI5A zLwEH5-mj}`Q=0g`DW~zVMt}8ii_rcDc{9$4J*{lP$2K|$T}LnL47CL#(tgflQ)E>o z-4#;iZzhUxI$WXy!_?nkKZefF-OnVg8<7q{%erX-);%h!bTPbDnB!DTS(`@e#jW#H zL4>6Y1C~&1fE4f600Th`UIFFc;FejpKUhPi^mHelB-^_z-}?fNKPb->W4$?u%2qa< zr5j0yf~{JWfhuFJVM)~) z?v|}fr=g~~PdrU|8S9dy6U7}xg+D6aarEw%o2h{41C{2K9+(HImh(Fd?pSNCFywJ}QAmJQ}ecvAin28?K(sA7;9WVoW4%0m1rNHy`p zZZ1mK1|@w~Y8v9chUl3qU5pR0)5cXpFD2L7{dO*tCq zcM;>Iac^XZ%U$I@!n~uMlV_s;rP@CCK=5KbWfSAhF)KpToa%TSdvC~sgiEEO5dlkz z560Jb2slY3DlHqGK*_-nTz^#69m%E`7U8r6O|ti0U&99ACPw0!=_lAy+YnzD8~z7j zd-W>u$zX(~l>;p07fh8f(zJ6()p}b8QO{O+AP*A6u1?aMN-6(cmlFP`tYB3KcopN8 zk;Agjn;UD3rBs_kOxOu2M?nWhW$_=b+U>H3EvP}HGEy9 z*{OSatO;h%gC7y+d(pM3+^Z`aZGNl9p)R^#h#m!vQ<^FbIzjlR39fhp=y)@)+-lV@ zQZY9uqnz}SIH<+6GOjN~)+WQrr#UHR42{g;fNAf4e46Mgsbz3lxw-)bYVDrrAdS-{ zF$rGSgRf~$H7It9;rL9uYJ-1^tK1oXLgQ!KtJ!+-zN#Z86-+bXqz1of1`b^vZ1f$p z$?jS%){nYi!VMEYi>Rk};TZWe?)P=%UG}e4*x1H3t>4Ah2mL{v%4Ya`fOlpr9on*F zthfU$We_4-lRRfD#~ciOO=sIz+GXyIC2w=Gf(y;%FPMcq+3M04M%e3cLf*^a0Ib20(nY1E!Z*F zJh4ay`qKC;GSD(^n%2M{`tfQYlrfutEKxD5hjmcj`KWeSyk@ow(=)h7{>>)L~PZNA^2nnT=l;nK(K3u2KBZ749~}uWYZKDtp(msYc zHFlU^UK7$QW|1t-0ni`lpC)gGNYD@zXN8-=KU@rYA!drfe0oWF-d=?*)T-CHX#FBM_dX9oGp#dMAVs~BJ2tWtOT)=al4@Y%aS5=uv>Ty0cUC%$7H0Skh6KJ7E75X_htA`;Z;d#IexrM1{c}ix&_WWX8>j-!?~fY` zc>v273&Z8S3URb2R38PYds-&ezBUu`={Q?cPf^3+grl_tU&HADQQm*Z$=em-HNno$ z1_S4=ft;p{LDXMK@mR68%WZFe62l^?bC7HL+QkH_ig)J4ujs`?`HjJ*R(rt-|5bBQ zr+ZjqLaX45`{#Rx$Fr~Q9za2koluLxc3Hbw_?}n4pZ>>s7Hi$PGiUF!_nDb<@9huzFW^eM@-z2y z!q#!}aI9gHiolez0@v*tgxI3$S9Moy1-|7R6TT8c*x6&L+)p~d&eU*7#PawSYd-*m z5Z?G>k@eRV$FsyIfGSSw}owB3cChsd3EU!cyy5!KCHee&YPF#P4< ztl_jK-?cVx?#u0`$$kEnW4@JrXRqL;a2*P_zDBmGEFS~I(mVr?IB|dH#HF#&3$6BF zV?*{FoPA99T%e?HyN+d}37Z zv5)T@v$mHA&V-G59##4~SWsZCF#{d;^l^EEOi(>S{9*sa1D$9h=@tT%gUfdx>*^V+ zR^fVM!c{gUi{R*~)9pL8PaHH4`7EEVZLpW0MG5k+)rmZMl#C5)3h&vOE3WH-(@pv| zo*+BL>rwHSo6f*t+)}eiSl?OtcKcxLxD$#7PpOM1$Y%ic=+Pe=F~v?fvDDnT3}+R* z_X`e-QJ4#xR5I3Vf4gqz{%z`2Q@UA{ok&kcgtvx~ka~^9_;0fC6xj9K5EK5VXj%2R z+eSZrR6`#v8mJ%e_5$c)mc7Gd>FV!xI4Xaw>}9V$9}z!DuJ=S3GIB9EmPvZZ$k!&O zy!MSnulQoXX+$#*UfCUKEZ1Q$!8?<#x^4_eRP-zKomWLZc0?=LS5PbW}z+P%#{~N*+^%{Ne z=S<^z>OG{Ck~gU8j95R2n%Su1fiOtEc!IC2(sGDou6@)^PGf?G`7h)APB={sc+h4v zSY=^Ah3b~()*?TKrPyw z;x}`inODr(M{_`%DkDqh+QG>2!(d#fl6$Q1X-wFDm58k#goWsIXQZO5GhFM$QJDQJw$>INt zeLCNSfNNPOYc*zHDo6S-LNB@)K3^&pZ0yFxD~_t(?FqNuiSp++?_ zRiP9k6eYT4B%f8fQ9FMR_Lbk6=+qa;5dYR%;nmJ8GZJC$U_yh4$N4jLDudDYI50wJ z18%x(2G>acACZ6x4m{EJJg>5lfGPq}n07eC00BH1GEqTD7q~A=lvd7lhWDr~n&Aq2yPwX}~ZFWQpY0MCBeAmPWQ57Rl` zo64L~)fukr2Hz3>g1||e`}>Fr0fEM#0|0&`USmJRApR$~)O2@_uj{_d4_6nLba(5p zp6x4m8S1zkU+>QFpBif|uVEAeE39(kHG(!%yrqp9c8YDZ>^?)toWG=Ob zs;wBYaO`ElZZRDlKK0!j!|zAI&e9qq30B=_4Wo^1%lCHyj{<|q;%m2|6`VH>DZXaU zBi7lvg3O0Rc)Tp4G2s3Of#mOlugGgx1*5YDXrVDZ=)RNt?s{aRWdGVAe|~zi8cczY zGk}B!g3ryYzx1%@rM{&F1`NkQ9C7)=vpP38!j0LE0#` z1aH$U$?#EHq6C{@y?ErXSnS#*7N$}OIZ;sM@Ot)W{FYhN@VgM}q?CxIeX6m*KDy`S>yEQh;L>2={Qv1FRlO;RBQfYYB$(VCbM*V{^pml9puz z4~rmEHp+rnA3EJ3;{8hcKlQ|08Wa6_b;_`5uP{m!oiw}ls2X-aXBu%y=1@?GHebex zLQ^-wyl7bHV}f?`2TU)J*!c&@?$AOAdFQL2RX)JDM2;2D+w`1p2>u%NWmxUuddSsj zzt;*_@^1=w=zf!DAA}q?*94u|RU#4_E8l`js)o>4#jd!x?^V2!u^fhR?A}j<^5aem z$=rw{^`x7zRPdT5eJ~??#RNI}fl(TWKf$LPz*am~IJTKe>EpBit|MZ2;P#y^{M8-_ zU_h+jB*ROkaX}|69Ii8NC_SK14v|L0glbNc@}YmyXVn#QD-~L3J`4fvHX}Hsd;Zj! z)xO$$A`6z)@9Y0;ySgz||C=;8X`AR+q1dHgBmpF~{sUhnxxWvT+}#A`-7N=`$s#O~ zf*450&oSM8jJAcuxp;g%10NOxRJ(GC!!7NJ)KkDA#NI~Y5_<*St{qjY> zT68+<{VK%P=S`x4_HixRbt`o`)NrfE`&Czj+$_>p@THRB2-#J*Z{&K$ z=3Td>|3Mr0ui}#s4WY*UIH6?k;uQ{2vJBm*fGj_d_nC$o4@!l)cDqB*rY!RpD0}-@ z`#~GQtpfgQN?;It2E{Ru+j_c{)4f>H?3J=ykv>J#rJ$^fX|Tc13 z86!g5{~s=M@fSJIWjv z7z;wL#g5b31s@o|Q;eq%7_)q-S$PSpN3T)!bAw*>uD=7B88tnZQgFO_)>*X0LK2k4 zAaCJXYW&*6BLv@tlC9R3wDDTzXJeQ>#AfWQihDjyJx_*lUSe4h^SEsw#H39i)rv=X zxF$+CGhG%@n~WA_2n|z6YBE4EY?d+|=`$`|Z4@e|SoVY>hIB5%3%-HIJgV-Q<&{*; zR?NjDxr$Q5JeZ0o-JLAhkaUVq7mGrxu6dn)Q@rE z*yRwf7+)l5e+wOOFjrR6y}5sZP}Yud>H}Po

    GeQPQ&{7?w5E>H` zNJzETu~t~{iqm23_H`(oG0OWh17u{B{=9(@?S2RC*%R2UU?@$d@34Q>4^)QZTA?bO z10B9SfYyW#g(o)Y{~3Jut%1RZ_tu-96F%)t?u?A#OP*EJ?AYQb!w=WH#vMj=fuyNW z3y*uX63D*3muo&k28U7E=Kepwliv#<7qn7(*nejJIFpCr;#9)?^^ePA0gu%#nQk;* ztZr$EctY5!y0_6!%pl#z<}TxHDq|D|6X0w~{Z)A>H>=X?jpEeiPimxCJ18VLZG{^M z!9v%!qVQNeP=9$aSB!gankLXJDGDQOIV?Aj#6qZ!>guhsShy9TH88V!e>PRes`BfW zX`+}0%p;{JnSWf~ZP@g_$3z)AlSGnN|6MdO3Tie;8#Wt1RI(CS@xTw2no9X{h?&r? zP5`5yJFWDtASmkT?S*P#n*}kRCe|I-WNZa40WAK8@~iAB{am!a%n}Z{9in7aC|XR@ zn9KE5Qu7@Q8a4Tqcixm|0lPxZy#!wu7l?pBlY2)RKwvcXmOmoe25btIM)Y0YSw2|vdkdjdnig4oTJH}6ahl?Kl=_HWq( zLmjz_*p)Ms6SWjmz9HDr5E7#S2Op#AcoODVDy<|I!3`F_;mZa0*Ez%YMJ)4;Hdx6Q?2r!H_HW)E2oMlgPO@x zO?$n0Gc(aJ?JH>MHo%s=G66wGiKZ%RlcgA5pf+BPzN^ZWFFHyIjsVLAE57xO?}0 zl$>+;`0Dmph!?+^ZJfti!lJSie_CAr02{q#M5;(c_oWf=Xm&4i^Ijc*dZ>R9SOqsi z;C4id<_ea;>&UCm4JhA(EtiOLK|TkvekMr<(_t+z^GBcTTw3#jc%L^n6(W)j^)3N^ zrflg4a>jj)?eNLGx61u>v4k713=Daxs+i4eY&eN>44RRCdVGP^`sWZ5l1Z)0Q{OiL zCCg!&fr%cPs?yXnjAJcQoO|C>Gf4%PTW*yxvY_W|!%1Cw;N2@)=M87KVCJl!E;HX= zwJ3TYzSp>vPewmu%E+j5GCJ7DT+-9|wX&Gs-sW_7K{g0JnzwX!xz0p}{Hy6=?-*`X z&G@KiZR!MkMGLP<45OizKCNxQ16rob&k7`3ej?BCKJJ6^GgrqRYxMqhJCWc zWY1!r)q<-;=Xz>2)&xB0ftb1*$7#wQWVP| zskMI8sT2~%aD(_-_WAYx*u$#bCFAk&x4OyI`|XjPq2xQ_dNj_(yS>fMl@>nl$WD<# zAw#{4fmm?`fN(O-wZ1rA9e4Rbk=5DeqFWiH7CodPOkfb-(UwIwPOw1DGS{=+B7dqp zE-&-8bR{#d#-Rt?vQ9|!SNGgCzYebw=Z!*;Z<~$E`K!i12kz+G{Ky4kxpmZeG7{#0 z_^MfxBrjQk@4B1XUpKqwmE=IA%&R?(hEvd%pa4sMm^xQp$U0hVTHZ^yN|}um^Y+p> z+J`3@B{hT)$0LFvsIutOquyn`y)U<6bwltxel!2{4&o(~H6!Eo$7Ksf$wICPrSy7P zt&i#W6rC57TebHD6j?{X11|JoRk*1GoOq}jJucQ8xD4!D2SRiyZ(#n%>A-n4W-@8# znXHt(sx4IYr$n@<){+FRqLWb4g7|KHyX}Uwfy##8EmKZctGRj^<1m5WCF zF;>SHGX;uJY!9ifFH6nafKtCmTQ3Z?NVmA(HqPT4yrm9iq&#&3R;H0J0e{5|a~>XQ zl-baiQb*b_?8H=iRcQ^Z&u;BfLHBJalBQW3TOtA3lm|oL6EkQDdMpwwO&<_7qmovi zHt?%CZ|?0GBb~9FxM+t-(P$SI5Kbho&jpgN7@g8@g>``2YB|11Gx{bPftQ_&Giw?W z{7=P-gTxTaW_sG-x?Q#Xyy%vb`tcUs6>3DbbF zCdST-IZS)5$9L_FTgSsXV9@y=+8Yu{r_N*toxygoS}qoCSyVPLCfleb$vOZy3z)w; z(QWR=ApFXc-Q>eH;VJ!X^%R7NV$0RyaOCOVVCQ>2b{(J)S3FndlX&%$qIRghWmcvl zrI$&#!tSXY83tzj%L7@3Y@za2-ZEP;p6uZ#eE^l8izp;=c0#{G}rD zcAxW$&wC=nc?{{#ieurPj?AEVWP0ufS9^EA)73_k}k0(P< zI0X6lu^H>Cjb2ZNLZY-1@PBU|%$pO9h&?n<5l^NQsE%3#ez!WRE+ic%#BUj;Nzf(8 z)DP0RN`n^*SifJHb7vn zVg^Tw@Pv(UM5C3nfoNwS_F7R6!(kGuKmNa#LPvJKgUxb+39FcIx+Q*a(K*HtP%L$#}z85FonOW!M%jl^tp0+G5gP);GSOH&2JAo^JlyBaF8mD zeKkn&{0qH42ubdJ0DnBe^V7Ck$JgSx8q+V}GSOrtr-ZQ$vH&|Efw!0L?8A~AUI<@= zE3O4Q2|4V<`JH5AG7RgksrA3(gh?8M(8jYc?X9g7FNTf_m3-;popb`-%v|QMWt*?Y6Ra+wCGZGY(q)xrLAK;5=!wew?4w zo-Q8!+_X+MwdHFt=o1Ae>50r6WPqjmsWrx5PSk;2{?Cf?_#`bMhU*9`Rsxwwp{}># zjQLZ{vPDKvnFLCQ>Wc5a5^WU~22luofhIne^Dhs=Q=_?1n~tE!kmqI&vt~^W+Q*8$h{LQorP*7i*A<>&B%7bQ z+kbn=k~1?P6gXMAO&mB5fRXrqT!+eXBV9VBMR5VDgg73fI#jz9b>r5TzFB*_nCaV7 zq2(TUVml<8cjU_v$MJOOQS+fbV1XRweF^Vf`9zMxK|PAY76)0FJAJY)3)z?issQar z$1HD)wwWbP8vY!9ft%ZBfce?w7D61}>7$o67V#O-shAV-@#xU5hlMPhKj}(f5RtpW z_ap1d6P?ub{MVwI{jV%zq(?{u!3B)|st@OvbxXVGdopjQ%t5hf-bMLuu$sSDHy}l-)GGZTwY8_k{uYPV#@zPgFncums$$_**xrZ0fN6H8=v0rw%BDW$1G6i@B(VWcwzaD;efaBcN+ zJ)4@%sgQyGTBPiYVjpaZgBpK4iM&d8#vg*uNPz&Hl1PI@I4IKx7Ii*Ch`z;=9g~SK z=&rC3Zv*B1e5>9~5rMabT^(t!f1bJgZ5ve|2Oc{9?^Jt#sT%ehyq4`W1}D$FpC$SF zd>_d(v^mQRbat!%+q*Wj`ci9jlr+d>&#>U;S|>%aNU~WD-v;U$=l#TB`CzRBtd3(Y zZTGh~`0{`^_uO*t;zmB}pauKu83{SMk!RG2EVXC86Dr#-IAV2<^>U=5CfvY~;qDuI zGftl=ubwaCmF6YQL{m$62~}KdJqG zQS6D$<03MZ=k3PVFEqcibgStXWq8QN#RP6kco$mAf#ClSmdwp~Z*9lX-he3$Ee~C4 z9jkm1mv80rTE!81UWEB)<5&O#vYFH-U8}zv|0hOrV&F%6))y@ossIaf)d{qmG8{z2 z-=be+0gdhQP&gIBe*(h6C5hS5S(0q{I57(!ss`9We^}^GqvLR&P!19|F#u@Hi0MO0#NT zdDWE0uKba1mvTa`;|!P7RL3vVYRh|v;)_(9tZ<}Lq%RZ->GED%S}sGPc~is};HLO` zLprXKW!dWr_l9PvLv9Uk3nV}brq88-_~ zyxjoik=e!%ss?STA(^bJUn&aS7FT?lmp+F^Mjkgro@gUrMZ7j*YH--(K;YDS^@7z> z((=-qoT{WIRpNbBqGD*e>CM|>aOjy(EUUVm_k(Zz!4Z)2Bqab}LA$ZGu8||qi?A4o zBjVhAJq(;X3g>kW`Ao0l#ncW33PAUK~8Pikm!xLEZwt>_{LBjP%-qJ^W`mw3a!$Ew#e#I7C zI))ynU^s)3jqP42jz$|dpnIKkI5gCO4HTL8MoOW{j763FW_h^#y;rHCfoN{|^d3a+swB2xXJ#zfaBd%|jQr3r3^0sm}w7u{herb*)QO}bP4o}D3agsx6RHSNt|KwAla zZS5s@!$LQfS4xlZry!Gt5)orIo=_c|VZ0yfwW_U1JER*+_#kwW?H zz3g*hFR&1=n}aBVDG<*QtHIPEUZL4!~~37(1HSS!cEA$fd|6&65~Di&g)ah4SSi)xfV z#g}^Fxon^n4s>|_2orr$L5|vL1L#g1!vNsDVY*TLz8%{erC@ZeoAz$XP(DNAbUsr` zTd9ib$xs|?`>wXHHKCgP0jTpS4WIYrrxDz9gVZCw-V6X#UP0B8S?&TCy1q0Iy7H?q zzI6$}_`U9_8C-s4+wsPR_YV348dSFK+jxbWT|KV4!ifhaVBNQXoczQVkX{1u-_3YU zM%O=;UOqMPOr^<55@biK9JrN8$?g(AmebCv%kd}WuNxtoad1wY?NYRMzm4c4d|p;^ zg@`|Lsot|TRq9*hj-sTIso(O^y4?se3D^6jzEYc4iIM>`^GuM9lP$02)0V17q(^D& z8bY?6wFVCKB$e~ealy4fbBcViW8zp;mgeW<3zy~o zy2FlE3pG0v!)gF2ccgdW3^Mwc_0g$9@iSNaxOyyS*t&WY#sdwYNZL;lWN`i_8iQGN z$CJ}~1&U=cy~+ap3lGzDU``eq&4_wws@kZyT&cPZ`7Bx))xJ}DzCRoBaEh-zU3l1A zO8ThMg~Kz-LI}^}wJC*KqLQxZBrfGj<~f>7Czhsha)GN>V*Y1r?_1xOQNo8^1`IZV zAt!}rQ*yY3k-;h8p~<|;`rurPILDW9ffxKfvL4HQ|yJ;SUc3A@p;Fvc1C0v!Lk6(*;M`V!| zeLa({L%%PybY#uDZ|E(Hkx+o?RMpG}yj*5_mtUZC(OrEyHw&txLHuOo`WWe!VczZ( zMsAGNvaIs4FOeQ*36grT2k2GFh4gvaK-g`TLn1h7RaTgPXTC~-eXe5Rn-ykhd4x|@h7#3-%KqTI z!H%3q%8o)iZicRmtX2!<_=z@es;ps{!{>(fALEQXl1^q?yM&)4XRz@SHh*v%>0yi)ugZrQp$njI@5xT2RbJylnH?b$>b6Gu3t9 z;SAd^8KY~hTNw?6E3I%3pifm7jL{I{m!X)?0;3n{rI0T5DoD_QZ z{DWv?$zXi~Dq1auUv*TMl~>K#d_`h-C-ZS|?Bt_!vem%tuE@>HEk@PAUW40rp*yYS z4XuqFC^i4>CUWS8RBC`h+Z1=^+#P~jjG+CpsuAahDB-E2GnJ?6UHkQ8JFDdZ@Kj0p ztW(c^pN)NmjN$Nddjc#HY90#S6Kd`gnsFbpsMq7&?;d7p6jWt%{7{%Ay6eL_-#(}= zXhe`c)x^?F*oKUEH~oqtGi5k+N^e>ikIHvg2bF__;9~HNG7#>K-l&BY$9`R}WhnvC zt5VnLa(^_IS4> zQa#Z^#5MsoX<}6LPjg{zMy(hnv7RnF=oEnzvaNp!?fk(?(qpN znf^ku9ar$J(1?PRWt?0^aZ~RLfAbIT#PQwR`dT*d;Y%a?IxVIEt*gfYeIqbr2iMd= z`wnXA95;i)r6KZCYL_17KQyXsxfIJ%=>&l6QKbQ^9yjmosxl}#3%`TA^Pe;r)2Rs6oVUO3vl)EJZIArfXiL*>P&W-`8X&0Xhp z_}1QOcS)L`@=C8)aDIOq%}wAc_-t%ku20fDvKkDF0@sHUD?**@LJxm=nPiV*%v=$GPsmJdI_uk>gQ}Oj!DegUw7@TEw)jf@%9`D~UZ``;5(viP zaCtUm8?NLCT2`+fN?@bFRB5zy5bAZn~Anx$eJ>c`wx9Kj*26;u#DZj>0^6kMo56N3Xpt5`0;6ehQNrp+Hyv{45d1T z-Vkg=+x3qWJVyQ;?D$oZQd+Az|FHdW1{5X{bM-oexkb+0z!b+Nck zgw`0nQ<(EHyla?p^yZ9`^_W(HcV!Cr2ou!IG#xJtWm&wV-+<%7WK^G+;b|ZyL{dEc z8Z_aCQ;0^Ef*YaYKhu;Ph-2n(N0p6Qq*c%eeFDt315ce)Zwx%6DBhZHwy`9s$>eKb zEZ4IW5N0Pztwh45r;SAS54Mjn=0@Uq*LDgYg~%gO&crD{Yis?IX00qF_R=LRgzW;s zbKn^1K?&NQI?p^|pR>A7P&#rgk{uJKHSr&^vke_6xej-;dsQN4j}XRY2*#t(M9 zMU4#{)@GaRwmHEosLd=z;VCk#P79NrKq{5z1uaz`nTf8>7)r| zI>tiztfdS`(2L1D47QybCq&{$2>>efqR-CM-fKy-s^qlJTh~>T& z9f;)9q>vM1#-_s&N|Jr5>&r_<-C%WV)5YuU#;j4?noJgB#Ahb6eY%qadf2|3?Y6a z<gDBle_-JXH>~wa$Y9+nR)FmzY4X!Hho&kOuAZ^hA$-{t`81d8heJqnVF3 z2TJSxhi{M~I#~NsIS`5}wPfm%n(wO?hpzQvauqyiWlKmX!=*DNtzz=sV+t7+7B%_% z!=ch)tFDPRo3pZC{T3hnSCuK$BMNP#`X9U1AmFRti^lFl6&A;Jyp=Ol7m|HUvW=_S z2KfOCaQL_%(=@9RU;Wh`2>X_55T%N=ufg;2RXi*SX#-jR;fmdT2h3dZv0k<&5kla$Rb>$V9Yc&YJ9qocw+uqC_A!plZ3oV= zxjWVNUm=5v@YJ=ncbY8CP2i$AUBm6l9?8;W&$LHEi4w9wRM>u~VD$}LJoO`2(!4xw zgs=F(pfk5F97W~!pWOOB258T=AF8Gw-X{qri3jSWG8ZQwV z!1g&Rq*1h(xSA@KDJ|QJTNCQdu28U$^x(EnDBFK~V)VZ${~+M%rBJzQs)Fq%?1Bov&KfVbnNlalX2xp<|!1kjI^ zsvNZDKYqi#tt~0>piW>unAz~IMp`PjjyuE3JtWh}imn1GuS#3DV;O(kku#o75Hh^* zBF5&O!@f*obWK!|($J9L4xWj@>W4v4f{wxz5=SBZ*EH|I#OIk?=}XD3PacvR)@SUa zto%INq1Msz9=S2!1*Tr_%YW@pI{?0=dDjjEK^+lI`~C5Jew8J#i$~&6N9r~v-hpUP zcW^BQ-llQy2K&w=4hW}WA8$Lwsx?M#{5g-QHy%M8o2e1POxa(tvM}WwJ9<}Qso@=I z;=J}aA1K=vTiw+@M(Y0rrvcPe$$h$ALUr*d{)xB%`j)H+yx({Q?#$q@?=CAOC+M+Z zi4BeA8ZU{$NOKn%blg%aWFEhvzsHyj7rTOEM<*gyk3jg#E|TBUuoi4pA|htg#D!g0 zB~%YO{UF0(3R1bfqU0$8vPbn+fhMveV}D>a-@66iaz|R#d-1RKKlOk*yp$KR}$(~f*azd z;WZ%!Flh$!iu!|1kZQR9vd{6iLXHMpRa|iP!3#GMGdTVLC(W90QiI*C3aSx(1J%mS z<>K?u%E;2cW&MlkySv@#k(V_-(4)R3`;zQLSInI`?d@y&(7pL&RRojVZiLHIG|t+u z=?Ira{HDAhRr=+ZTUaTA08haly~*h_rqsrIXRqkK7oQ-?f??cFIkJS!7}g%u?iC^4 za8NIy_i5jC{eyO)6RlUl9-5wWc{XbCnLSiAVt9BpjGnmKRYLD?bq2_&$rj z_(Sz_kWgJ~HKWw2@Qf>JIcFJx2+mw+bHnLZsz|1y*yRYsJA$Bk|3yk^32YcRQhLFW za)FmmHKHonnVEhAgK3AXtQw}hWjGr*#`p!9#;RJZkdD>+xM!uQE0#$-T>QdxTX!YWdIwbX?PDVC- z)Q|@xb($%nYSzV`a5{Oc5zWf*DuDRwmIS*yn((LMm1`Q6L&_NpELoL_5%bVV)+U3};EJD5?uyLZ{TzeZjniV)KDbh2a;dD~ z@@M3iQ^pxr6B*|(haJKc!?Yez2%a0N=HP4Ct6mX;MtEGy`mmSos5}tMxzTZ%{v zS3kji`#JB5(S3R7pyj{~#!LXExb_q)>5gG**FqWg=aDCba}__>dy_{{zuA*R5m%+Y z@97LdCTFQh1o(4}#qqNY8N;~j7#Zmg4HOr?%IqE0v@h|C6mveg6hd5;_3$GGG$eO2 zo`16!OX&?;DkV#VbW0o>6bl468^4a^7Yp5(I<}6@hOlc_@btHRRayH5uKk_q`;*7Zu3J#?d)BhHrj}=h%B`>zMY}MO zo}p>P(&1{P z%#*a0^pV-iE!nG<7HC#yKp4#M{m;E56n!X4v;1YD!X7=NChVuKm;gap{6R{A0voaB zyT#y-gqj66eLv(=*KgNHK2vmEP^FoH*vgyYf(pCkkglvY7zo9m?>|&AB5*g zcXR~4<#P9H_uG3fCUOCdgr3xJm4%lXYwlFwN#im+I! zeVA17Yr6BbwO9|UN@R+`x5X0MyPN_kJ$xi<{a63<^>CF@me9~eijZKHJE+U5h6cD0 zp`(caGnh!lWW}BrbkDlihj{wWusUz7MVq7kkp^hk-uSud+!*@^& z*~0x#&ys#}a^i|?=B`>Su@f-@*w^1gs(fuoSiP5_wT5fI=nf^Dkuaqt;YTIJ=yHhURrEiq_f?9FaZ{GD)n618A`p<~>Wi7Tb^BZ*&Ai!)hAVL_XL@8*GpN3kNSQ_tTf!xo_q>&ES|IG>zp*Y&T&bGhaVVVA!IVR1% zufu=t#nJF|JF&9>5d+p}v+Fu>$y>ycZ?^g;q6*(4aJX`XRFnQ>n?sC?;YY@|pKF(Q^_2Dl454_=iYZ&HBfS`z*`c5@$(IC{Ia#G( z$%-VJ;?(jy%Vlwx20MLxF|ORK008p0Tj0(O-8=bE$Jsnd3L=5mhv_L$o!q`Z4mii+JLocCAfy_F6eyT?5K*VzO{^j1DSn-t`xS3y8oktVd#_D$no@vuRT{ zY~@hn&u2sYRciy4X@b2L)7k!DwdR{L_=cpN2IU%_wH%iOXxb`IfEOGl1KrW3D$}qQ z2e6}?>n?w~bu(r7^gT*WG5TzKwO8uBA9t0*n*%ao@2elAe;l^AoTmf@g}}Vv2GKK0 zb6jm1ldI%A-Vwo#rk)$pNOe=RZ$U@jOK9i(c&mUne|-g$2>VOO)HmQwY5AeLn`SpK zK!z^KVG zHF)0b{qnP+_(#IJCBTAghPVv{xVGM>UPdL)C+IpB^;)A{TwoMEgEDa&2_luz`9_wL61{g&NP0k zigIl|kDE2SIgcx~Au`)+<$UDkebYToxZ0lGXJy2(%4^;I1ayvTBM02EW-;&`@I}j+ ztk~~saCThRL8&AUJzviv!Zg@&g}8KEVDkyn84w$W8a!|~_{fpcv5|(4?1|>^;nzZH zasG?TMAcebu1HPJsznNE>>$;k_@y`KRD4O7_|nA7b1tko@kgBUg@+gXnN?x=r;Ux~A#H;pubE+P zJ;Q?y$w!vO5L7Qh^R##j*57N?iS8W5p+Z_C{lj+8$5FgBHcKQhv?H(z>*4j$^IKZ2 zOK;0geSXF6T<4(H_6q{-dEom%JCsUsPig7hM%Cpj;U}k9LQ+@$cpRm+)g894$^_ra zOtZfEeDq&sL`D|h%GWdLbKcl)&e?3LuQj*9+It;VQbVo=`Nw$&$wTuJlwM8apwDmL z&yN3ruguRcQ~jw_tIL8X%(rq$okMBa;2OoQn04# z{t~F^P`kcBHdV5C^i_LpfBK28__3Qf3*SP`GcEY3LiFpaF6-i+pDH}-&UlGcSS@rt z3{C~odgKgcMKJ$TOPr;rXQLuNKe%8}YOKlsM1~#_qNfO2KE+u@1aKGI2ss^uxJ`l$ zB;6VIjf(b`ow{Br-05zuGARR6hbx}%y?)ChpKe*=YP&I2@@C3Z#~tF(E$Z3L0T#&j z5<=lv6(AH!IPm9~8j9;Rt9Js=1B>BHfBcjC3M$GTEs-TZz;fT+P*a0bP3XQ)Ug?}X zmN5S5KpAeS+Z1RSfNATg%@Vw%-7iQmkc*xj=YIwn0mrK23(m%`scAE3o2tfe59|gl zGPM-85P!Rmj99fYOxovU;>*(Aypad7@0G@BXo>nRBmAssktR-`#*VkYT<7kNODx=F zkOgk{e|gx=b5ES9E*tql-AFRENEUR@Nv3)u`Py!PO?k4gHCZ2c z^d6k4?a)S@c`Bu6eT%o@5i1cvr4))f55BA$IVNPoh{V@)v>NF0@|R`S@s;FmPB=;) z`Yma_f@Nthv-2T7V0G!fi`)Ag2Xs$f@jlg_oT0&TDn9)pM%Ek2z%j?6k9^y6}wd; zG5i`{28qA)a0W!nhi7Kc&n`FW65>6mIiJ68sosLdPF>E6MErTIDbN{&2tds@YF-zX z?NYq@ub#fbX%Y`hvOiv7AmSH}1t&bE$Uj#Vy6uU>Y%M`qkt5cFXtYv;pu-B$6g(M- z2=(_J{jf{1;g-b_p}JN_^Shs8ji|c)<2@+I)z8M=W_aWQMf${cUxtu z{4xvvMoYCA0`1$-N^W9@m88X*4YjZRuUtADz5kVM@n^PfZSx$x!Fy%+oI*4YBA8hk#e88iFP6gB&1f`%H1vkwp6n(=+ z%m|_hz0YnLw1h)FM(opK>8x!j4$7Yy^&DN6nx3`nE)JOEJ}2I&!wjoYT_xQ7PJP4g z0I%&HZgtIi4jC1O$b?bfAl z;O}3Q+K{N?s9}#`qpE!U;NiZFG7x|0Zo$ICA$Lo+k|pIoUkGkW!14L&Kz%BfT7>_J z=Z|vgTGeeo?z(ruoTxmgJ`y)56{|}+o}v!0de0dqV%Su&z+yC|Y~=9<6LYrmFB3xv ze=F2;!=0%Fo9gH_|Cuj9?Q5mi!wJQQy544PMgUGf{P4EHJ{}S&PWDVBdwz;Glaii~-7#F{AIL9_W*U4xA(E_Z5hmsT zePm#@u3X$P2aQy}Wx9SDDLa4riPYV@e&fA40UT`)pd*@GDH8NEig%~Xs59c%Rtp>n z>sIwtYC)H28U$|PYo5H@$BDl5$B;k^jo=a&TUVL*-fDA2x=dGL?%jml9`}L#G~R2) z_f=xp*%{UVVEeFQH;>UbUIYB76On;QzmEq7^;Cfg^ zduCh&isl~dv_aVdgYq%H9x#G{AJo-6=f&+VXUB{jKRf^L(-!YD;AzqI6TJxHQnr3{ zoG*V9n;tk1S>Gc*8)YJC#`sy2w*D=N52XUWbonnO7tg~hicJjnDF~qg>2#bu2rzE%;fbg-YDRA7b+le~G4&3Qc_lS=;FDsL zQjdNWB^NHCSsf^N(Uv~=5|)=q56Gds%x~Sua|$P<9-Tznt$HPAZtNg-^Vttx&#Jom z2GCi;A(P8M>|OXba=A|oO1-iL?+si@zM_9BrC26#waPGqixGv$9Lj(NhTBBcpYb;= zf`r^vv@oV;XY=_;X_8J65dOClww5aW-rQFsfG=QLt&df5!ZAyzI~2%-hBt5ul3U>O zlfabx;qn-<)tQH=xdtzAz3>|L=?AbMJVG_jK}qO@lF$ zxZ@P?Y6tdR^CgdCFHOWEks=qQQ zIjjE6NP@l67ufm4?wjIbart9ze5&0VxM5$4Gi@l+ZV?5zTIDjrg?hQ~(`j^^&nI2> zuv9X@LI+;~f7*wJ2Rd;FO0wqHB|^3s1O*)$Q#jHg3gb_hc?&*=s-X@qhrbOlBq zEs*|yvjYE z1a|2G_uyQUKp7L;2s@5&E_#a$D1idrAZZS*_8JfL8#CVPnOBN0Hw2X;&gNy|xob-)IK{-<+MP$J)8X)pUI)tMWRtbn3a zn-N#_;lNTsnkT4zAad0hF+j#___{NxkX$5*X_^}2!QwSP>T)ukt+qSQO$OxM(sGv%0n@5;g!F`R%9vGepS8WLNCj@{GawIZf6>K zvXDetq>9h4gGvstlMcUh?$CKxP(0kMi=l=fR$5vMqLmkc9S)e()$_ilVl5sw6GtV_ z6KToC$vNVY3%8&P2r?8$I9FLA0+MzYa*QD>h~4u;!t%EftSSxv5Wqw?Qj6B$Yrh>e zttNH?zV=R))8WJuuE}{_&f*Bt^|{4wR)P3_EBS&UB>`Rd;ZV>$*slqtC@c$^q+oHIy>H4!ogv51;=g8nE6istY!g{{A z$nBd8C}+6gZ4tyow(yO1HVn8>OAw}%qTs@$}c@Laec~pnY|XgXhqJOVaTo| zKbi%PR@s2>wqzIcy2;A0Lhhj6z8yM_mN9m1NyU?|-uwbwP|3C)4+j z-{#vHutB>7nmM-kI1yP~d}2}yHuLYPi8Ievs?d8ul8;PmA;T>_hUqs}*U3{`(eG`j=DNxi}qkIw@Yvdn=6V?RpT1jqzbSH?EPKa-zK8dFp zy2CcewmV&Y67{hr>0(EFz3!l(-iFOlbsB@@{K}1iulAt$cW!%?jYTrY`=-}M3T$|7 zkvB1G_V|=?3Nujx2P~UqYEla$?bBV1h5B$y39-Kro%71a-KVT}pMFt#LRco9@B@pi55d4Jp}8mS!KAMvyH{$xh3k1f zsV~lbZ2OB?JNAJ*&4ZT=PA#WwKmW7vARGLXtYn33+;`J1scHt%jqvbCZoFT5nUY#D zL5agY;7z@-Xwh&@_l0R9?G=ZcL~*=0wOW87%KTQIil?>Ki!HQiAX~U-)a+irQN~*! z-8SSFmljBQ-e$3lA2YdieYmMnqi~D>yWyJ~3+_y;#CXC9>1WyT1}#;G9_`bSXO*Lj zg}>cAEU@d9L#xFr_E%G(%k2B?hV_59Y?oQij9}{99z?k<3M!tK=G`zPbw=a7(!)b9 z1W1r?_?COJ_=a(9&(J5R&)cDvkK&$Y!V6$V^mTgUPCw&l>z(-?>Apem2PNj$NXVab zxfUg+d49j!p1YoDjmlKPlHY7MU{p{dc8SIs{!igNh*q_l>AOR7a|p zqC+Lg!;Q^_Am3x;WH*X5z$@q1yycAY>p*PQF!&z}`?#*Io!3#xVWrw(MZ2)|159UM zTYc|`yY77MDX5kQYS56!nM$pj)VW`|%!!+?R>YIr z4heH&nyMoq4WKDnc6>!^D5Qm=e9hA^w1N)Bx*PUw27&jUuio&I(a%KkFS)q(C55}G z%-6jA3!G`NJDcTmSPgerl^*knS<_Hz)?!~YDY(%joDiCeq#hrKT^^kjBJLjsrpi_< z1GUc(YaRtd<<6<$?XvFf;#0kq5ckh{b(eg0iU-%nX(Jt<)>LCDN@CKtu&*Q&Dto2@ zuM?Et!?)=b#U(bHQUWXoWiYCu;E%(qE;2;Ph@Lc55kCxM#`-r#wQnN1K!p?6DLX}q zCI_*M>hncaUH_1^nBXMhXfazd4O`ThKDG*!GKZGZZLu1z_exlw$A;$H;M!Sg9OKb} zN_+TK;|C_XYX;rA9Akj+mxBTR$6jB4+&_qDln)bQ2T~loRJZX248Qn|Pof3r1f}cR zXfxeU8n0Ol25u_iN&&}MMuiSPp{nmqz;EqO;KyQfNYgwqn6i3k$Q`yen6fj!y=?Du zBEeJH8_A^=#e%QK?zfId6mtb+TgO+!08s0=tj(3S4P0f7L`)1t&!*Z6I-b{f!Ol$P zc%G2m#3eyECL^lN3x9S+!Y;eEdG|+ts*w&CnWgOozczP}D{)+0_UhD{iO1`89F-9~ zY1O8hh|17-$c84(xylkHz50~VAfjLCP=kVsMh@cNM_Sa;uOOVq0v-;biwto9RROhI zBK%INUV*wqiXQ@(UF%D(X0?O`)q2`{$%9>RVR@;HYo8v6W~P<1k5dUA*c@>k{kdZ5 z%2G6)O=JkISJ&ft{aYw4Lst-=FD#xSV^dXhx^|(C_U;RP=f7WJ=#m}td8ac9tq#*@ z$7uy8P7DFdxsj`$5|mik(Mr^SOxUu+vGLR~t43qh7fvMxTOrX}6}RDf1=+qig4dY%_w#OthR@W0PnXcQ);Q=u zom@^uE@;_;QQ(t;Gw%ForBh}F9Fz+15FftrgPTkif5RMUt84CDeI2Dw>HlF;`p^`|kZ_5}! zPHHpOrGg&+Ivd~iXInv|b{+Iy3=!Nrg7%y3hLl}5OUypNvATs82J$e|)7J{qGI?uP zT&Ni)a{iBSQo#zxPHb2#8pJKN{Q}~O+{dNO@Qj=&epspd39BEi_KPHCFJ4+&ibe(9 z3Ci>92pbpSC(;X^yOdR6`Hyz!)*%35MuRctz@A^0{r7+y)lc0S5G@P%_XK*JAf;bW zpz7OOTKX~!kjNpBuVFLYK#&Gvem#fOQp8(|MMvTpJy=#pwA~c2sY@5BxF9Koh!tAZ0cqecOwh`rY=$Ltya?3m>wtjNc( zmp*f>^ff!ZS!}*dMH+)2s_s$#ywnhogGG!pVl&C$lv2zH8XV-dRJz^?RFQsK-t1gH z++?ZgwFh3{^*w5AJ9MPtNL0za>^}H1B^XXYkAleN&&mzwb2|zJ!5&M`6ZhD5s1NnP z;dKY4g;l)J-o=%=ej)VpF@SvH@0xa~!XsPelD7<1%5pjG!8*-kfn8u3!vsTO)D4p7 z>xvA))`%idlyeX=(0WtK@^{ANqqe|SEtoB$K?P$NN!o19#k|*6cM}kd&3G#zZu30agdEOZVlq)VgKGXI(h?RZ+70QElIJm+NqQZnF#$ag zG9nxo7=WzEU?D1ksD;6d$4VlA-$524#LFQ=ddBbh3Km}N(eHnn$3WzC#Yf9Xn&+y; zb(H{%iHmd1V$6l)U!!&LkJ~n-FT427$L584xb0-n{Ea(2*1=xwNc%j-4{h;~Q)XSf z+9p8F%UPcI(N(0UPs*AC_w8}~@u)xNn%Cpdj!n5$nu_LZf=hT+Z4;*lUSw%Y_H#Gl zsh!k~70Ut=;|$mF6cPFw>wXtwD!0WoS>PWuNLW?^rt|_S7b&B^b(m8*2$tAj zyG<-x`@Q@FI=f?`Q?@Hih>$aFD5V>)eEm2k?rnxJiWXRjEjfe=!L2P??iH-|i$;32 z+FfI%eeW#xZl)>!E(Cl51be~Xp{o^dZtWycE#lR)0Fz`;F3%}!Ja6pSR3gbz2(TdcDMeLq+p{WOW}wdeA<=~(Y%?)~ZR zD=Fc!2j);xsG;>#ECNH|v)Y(H-00$j|KvZ}Z%IDUWc4SczvPZi9MXz|l*Rd#R;(c) zRo^KlJ?6v{9GE)~xT}fnU905&A(8f~q*R2zeMSAL>8WWi737mnG8t=cZg;@x{Z@A& z8~%|d9~IUCj_n zp9vHB^G@A4zDwj`{v24_AxwPhOl$L&?VaBDey&iwnen`NQu^=tlj@cE$bu~JC?56p zkg=AUIgfyWsz3SEUmSO1COuZhI#Q|tEIuDq8xM*Y<=(N^|K@!J{R}*436I?ti{th+ zJ?(2hA2#u`1-56ORG+y7Pf{IX-t7!D(R|{h86$iwk6U;#=(Hjj!1w-%Fv@?NeJdn# z)*RQ?-y+Enb?V7~8WJItFDrA&VW;B(c;9d=eafVxwAlddtVLcMw^(0`Ec|{N4|X(wVli!%UyVK<8p(w9f$Bv!fkAz6-6&%AqRjn~~Q6WBnI8{vd%J zST|eLi31j8#>C{>Y<-Xuk?81n$adV>g$E__!o;#;*laQ)QFtk-g>>=CvnS=*I?!8UET zPhKzEPmVWw?w%*6%?|2WncBCkCo2OGc4*%RDjVO;ZTEzlBZk?eQyB#x7G9@mqr2yIG>WuUw3Nf4_5D&w*2t1$~C$7 zQJJ^)HdGI6pB5z?aBM7pXlZjymF=1TAzKvT`+$%+B+3pT(6XzucIR!kI^uXz2nyRL zp$+z5fjwz^fo|Oiv-Fu*dRRz(MvL^SQ^G6beCiMhudA-#{%tIn40`W#*sY$xF&KaN zwtoo)&{7I~TRwH7wCm})?s8#dWHrVq7{X9Q3fe;qZI`CIXb{0z9O-L^>(T<`tC507 zNHwwt_d!|C?|xsAg9*O_P|}33RP-0jDbI1@dKn03hLBP{gY-{v$5=yGmy~yoWv;*@()dA0D{GH*<)r{gp(>f zslL1LrUf0hg~|NYPn#e0giIf-qvf!P}cy+`VwgIn2}A9pP6Oj=Fkmo`1 zkF0KFg>V4-@OY+qA{i8fa!XD)=KN9sKfZ~2Zq|3`-%X(YIDB9Z<3eJLy$F$S!9flE zPBQkM>7B5+6et)-@AcgCql|WnO|6g)#@XI>MUJkLaE=+j-{D?u6A5CU5wn4 zwV*hso~UwhV_srQCAl9Qp6pEQ4M5pwAXavq0^t<}G4}I@TCfGRRVkC5?`48L3e1rh z>Ow8>6njgl`LA4 zHl?c5pcAHRQfM=%M6$8IlLdY*bZ5_<=eYgt-`?Xf{(S8q^8OSo)VYPChPgmgVmNmR z@hj<%JhMJxWcUO)@?lcRGk9EztM7e54_rEnV;;GbfPK!vtNC=i+kfZ#ljNl^z?J3k zhb(^aWu*2FRG-|H;8V~~?C+kSm!StP`XA4n$IwKz3S)1ee$#@rOo0#x$cE6qTp1!# z2727w!qYCjlH@Ps4`;(5B)Tzr(2PL*lymX3eQV;rJ0N=JYt)5>gG9wb*i+j1<--f7 z70Q!7gssH=ntJQZXT9cX#)6wveZJZ_8$A;61Xd7@r!|~_I8G%3pI$|0iAC^jOD6)y|q6{?Il?f zf=TZzCxAd3SdE+wbncrl53zRntP$3;z=N6rZ%4)p-$)-Ha{g>npACSHfeILFo1yIW zg?vbC*U#d;Qi2>(}Z*{^SGMkyBqfbl?OFYdk7+Dd1g)+zr zqFYrs-6QKryVy(Y`AcAA!oO|I*h~tw}w&?2^xxL5a9{R+U2o+{t#(Mg+!s1 z4|K|dHf1#qv)<%q4AIFA#f@dty@8p8`w>smjrzuDX-3toDEJ&0M))6Bb2ZZ5b%HV zZ;V>+mjX_!k6l*jR8a_O*wXIwd(349EO=;1yV_^tM_v3unduGgc3Dzid{1=RJ2G)< z^UZIgAa@F#{Q<<)`8GEIEIX(BvR7WYFBljvlUp>jQd-R?7944)v4><=x(EOEKNwKg zE`1SKEsjcYe3f?f4bxMwtRasP466!#wecLWmko&PQ;;kkJzVGxWPv?oTE68)f;W#1 z%)eJbC5AchATq5JEc^?;>#_Rc`Bf?S7O>lvUuNoAu;8*EnCebHezdX)uLd^LSJ(-n z(|@w8VuW&XD9_kCUSZl825Mi{6ytWi;xk>!w$Ub?$o;DF=2LUkp1*=5zdYvep;>95 zGKn{jCjCbg1K1NMHORiH4HHH8CZ&8RA_P+dA#^{kznV^4-Bo{-qACv-e1gCqD4|NS zcOswja38$qzGT;pr%U8xkW|RF-qsyM9e*(eE$Y?k%?f;Bs*b#Pw_l0q+OP#hF^rR> z7UwmmY^1f8AeI-~hY^4I?)a&b;9V!`^|Ai%i!g)=ztDcTqc&%K*EZ{GRH8a$T`)U>`SDHI?dhnlx%$k&zpr7u+#Bs!{N81H_k3LW-9fW9b|8{P(b5?MMXr2&bQV*$Bj1C=uu zmZHm9hO^3+zj`OO-*q14U-d~LGKQYSt$Sx!CtI)iMFrAXIA0(%X6t7lx|;wfxBH6l zY_<1#b5wlOMP}r%&og)upis__zN6b=Fiv0v*`@nKo@Pn@L6$7tlyhj#BC?~=3XvR|bpf)4 zn?-+o%0ZPMwok9Agp}B#R;{z z+kHVTs&J{>+7eQcozn(8Eywb8)vGW3u)os~@Sn|sUoT4*#COH9H)`70k;I~gI9*;2 zF)jzWSr8-iA`gpP6^|7|1)POg3pO@z6|F6o>ryBqe4s^m`S0=NSa+c)`egaec_ro_ zs)k-2A#}=J>p=dwesZ#8im73lR*Ue1`=O_U2FD_dMuM!1zPq(~=#1|q>*NVc0Kq=V zROkaSi$=Y1E6o6gVKCnIHo384BSs-wE9<05%;ps=i-z*wrgEoagM{FnZ~N zY=2Rn&O$NRz}zRIaS05i_7_pA{FYb9Qglka9LkV+QD_S65D#1oxX`UJ!wbz(Au}Iq zkVkD4ld%ntzZa5K*S?sr{SoH+cP?RSW({-AQ|#dZ>(BOk6ZY2kd*3akZVYrjMMG#! zbbO$FngViI;{+~+_2kEL$0~2+zmEzro@1%r+yc9bLdbh@+~RRzft67lRyHlWpW^rY z?o%}*ysBM(Zv~P2QLxm=h`zZNJy1mqogAlwO6KF(=r76l`%1q6Jxl|eo($cYU2cQs zAoxNZzLWciD4Ho7*GZL@mA({lQJ*01SS7v%S&!YTC?lhd7y|yt)j8c9aguTK)r;&D zptw{2@vR#AU%3bb%5YIwq?jsrsfK)SUqdlVOqGD3O^YxN#se}*d9GpYfn)&+$NPpz zm%hB*UjMfFWr5jJ!;OLT+2J9XQPiR}`p$DIdKtPqYJaR6sM;#Nb|jXM3nI_tG?l7m zy^0V9#dwI0##Yf_e}XZ^(*)$>{;aFuaR-uN%T9mq2B2PXTAjUvMm|mRJJRs0L{^_s zHA+bm#~Y~%MaQ)P(F*&wA#EfkU1i5XKQ*dLbbPB+8-W{>OBXj;OnA$; zqm4Z9G{lypm}X~Zy~m@w|HvdYkiZg36p$|5wDL376(HvHS=@#Z$)ZLDqrhyKM=;e` zC6pr&zj-HSfj~BQn+QTJZ*DEUGmJ0q&yR7c$mTwfHRWts>g|_`)Cq@UHJgFi2{t3h zEJKlkoixzntAWqtO@B+g;b(KQCb7IYu-8NN>nJpO-1Wx61VZ$DPs93#3Km`;fP?AB zJ^VrA?orauk(w^ly`O{(@N$B~A&MuCqY_8`k++dkkFO4GTpQY6A6d{|RoN`hO-+3H zFGrm;+AE3kPPE|9j^Tv(s!h2x4?DcsEX5h~lHYqWlO}g7OB4I{sm*R+B>=K4``<#l zuwY&`JI>4)__W}CfNvHHAbl;eB#m+YqX}2_9_l*;T|#;=U_W-`D7X_+rT(qJCaiaOkzIpk}bvhqO$L{*@ z65Zm5yYV2?91Y6B)$413E$27b!&{p^9U#Y6Ye-+@XYui=AK_=eL8a#iMG!hqH>^Jf zv#ekUn4`m!XUJtSpr`tW`!8bC7flplfa9{UAQc@7;wbnayF#QLnD1`)nRS2?e_fE$ zJYLG}$Bn%A6mX;yXXtJIQ^d|0IBrCZV&zIh1IB~AdptK~n$b&B}TKbtazIm6GH8*zy?O3?dg2)U;yT9z9unwc(a!l^Bk2iQtq2&@a*hCwAsTd z&>{nJx}01W;3X&o5Jr6m+Z$-<>K8v{-w1MRKL*W>g<`_VL$o>;983E`KE=g;Pxlg9 zdz8J@5lkG%qwsUaWOx? z``0Li`e7EnQlW%zxFbJZeGjX%M4+ajG zLlfNeKB8;SUtcChrf1`a1aBR!;5L`qy${?i(KPL_cD_XPmqx3)yrJ@%zPry@> zhyi7(-SGQfOl-CN=RS;8vYt}(s7bY7{^I+N*|D{0ky2V>%1*4A9_9*f4hhNd^feJq}3G+|T z{_c@kgtb6q=*gc=-eScX1B+3WmL(O)YX+KlWl8dUq|=gEyrA+=N%)XXqCwC@%zvL; z=d00v<`J=-6tKkhZDSiAD(zzTD~v)~?WN>}H(Akh%OP@CYNuhWV3N5f-harwRDw=c z!zlC`4m;smCF%FG;-zBuQ0U~5K%MvqsfXrS-cL>g)a2t>VWEyqlb|%)fftf@H9^FL z2~`OHA8j=lfiP*K0tKe6IH-<}h(Ngu9oPHw{^y1R0(kH;_gO8yBgJ!5peDBpjjqNZ zFD|XQv1)D)x44lL4Xo<+GoR+mGL?%q*|lE8N!!M9TK{lCOrg9%I?B0Hk84>#!!4Ab z+hlw$UiVK@|2ntv5z(4dRs{FpJ}6&{CX@G}ULJ16HFOICBU4Jetvs!H>(J>u0NR@L z-_d*>vmhN2tBVB_RS;VpG}3to{hnWq#+8`OSOpa7*~g9zZC+8F>YGwDJq8wLJ&w=` z>h{wQOkHzn1MV-K(eNh`3?8@V>&sqxUtROs-M~B*Y+GPZ)>yPYeod{fY?AE29s4gzRCHy@eE>C|QPg^+NKl8nDn87a9UbcYI0~k+h2$UCl>#0smTK z*OG)qekjUjEL6w{ylsIMdx8`#rx|iolva6=L?CkUb%=uQ@*l%OmlW%n7C8v+Nu~HI zG$xcrJ6*C|=F8Wl>u>rx>DLtAAyeIH7^4>xEfC6(1by%8yA^%jD}NT(p91{GB)&RG z?;bA7?2xv4P;9ffR7SJ(-q##s-K9S~D!6ykJT*jx*GvSY&x!l#kUM5I^uDD>V9;CS zzvIwWIY*TtFxj33FJGpf?R+PMDxBM&wtN`0eNJBPEyx%*AgBH1LmZ$cKMeDG;0fRe zOsPW_@@Frn$hEA4pE(x-2u>o%xe(ZbxzdCSO-rzwf-1!2%7&ofXaBu~5JE#1S|eiY zW*HqnF4*BN%&{I8x@b3zKgEj3by z>~C#sONrXyT1;am3^8Cf*f?^QP35q4FaN$3VBTbtHs zSld6@sUdd+))SNi{fL(26YA2_Ez}+So+hs6O!5Kca7To*GPHO)o=jkM;FSH&H?O=9 zG4M8i&MSJ>Xz4wp!XAX{^s;Lg08+d#*u3p1yGcfqwrTCG!n=BqtULFb+ch(z+klw) zR}YbLxtEsFZ{lJHL|xl`A=5^Z0?qBce@3$j&tdox6#70)nIH7gWu!g?nMdH<@^&Yx> z$CUVEx{Q+PciXD_CPl~~t*kEUtTLMH^z)7n9mA^!#pf~AG5v*XF$o?zc|j^Ka@?1Y zezutuz^WULJ`xK|g>%+wljSid;=;&in85sPt$P766DtlHmL98gn@3|uEx&X9VsUu} zs5tE5m{%f6CnIFN3o(d6rHPi*A7iH!c9wnb^mdz!Xo`z9<*oi)dL8D#X&0}G&pQR4 z5>6jZYRkTwa*5PW@J3cL{XE{|JEMQiYgW-zG!p*M@<_9~W`TN5%~+KfO(1_!{U4=@9zjNk^t3Cd(iwT5X_7 z{ja%N!`3XGDJnxNwXHsnR8gxx&??uyyCji}8da`D6!5fmI2L)CviG?7UMa>~l9z{X zBhn?MP?p#qQc?Ks&jf+IVsbl``%wfB)E~@7#|Gxs{WrRQo}$)|QbIZ-vh^RpV%Xkp#Gdi1BGF6^pPLj)fR88e06x#AbH9Nt>F}p<#_gvA6xYHQ>z{ zsV!`bSR+}HUT1z}>OZoLJqlshQTlhzhRwDOwT)FMvFf{O`XsA-;RLM?At6M4KVAik zmST`-pa7CZ24+mjsT~?0tbt zl%;dF8(lF9LHju&pa+WHI;wyCQ{lSk7Q@ZP1Yo1LtA*B-v83D1%XKNKY^4FK)@3wC zXjtiGrSV4?R!QL>BUZ^U!ica(vUCpS4nP37=6TQSS;9*nt29s>#fOA}JpU8U?9F zu&0H&qz+>2+Cj#}5+(vo>J>~^w}O4>Fno3>Rad%jO&Z+FVp~()r)yNxAT>|C#pp9fngRrYe2S3ZXc~4PjA&In|w74M+Y#C@&HU6_g ztP&MlwqmET16z@u?-+>sy$!Yc3Dlk^ix{fb=3}C63KYVP>ivAVdQz~eYWZb|QjwtT zyt*|7e}99U0Iek34MvXR8}7~5P`R1==qgiVxV9JoO}BpLGKt#*=EcvZdGlKz3NWrs z^8R$Tc$PgVd65vbJoF+H)GW|3{dKy{3Lsmdmjl!l4%M+aK7EJ?4vez>e|0#ID{sFR zN7d!O8P133yM7~4pK%jEpV=)Gnu2xgNaYQ91tbxz}Z>#ZJZ(8QNa$hHKxu#$u=SZnTXan zs`16AgMB=IW<1K3nSM4MUGzG6Opx@83!TcmGWazCYPd78@IiY=zr!dKbq#m#jht0d zh+k*$vxq&>4UJaUGKe)2I3D~`mxqyy56@4_GBQp<$N83-PbwhFD!6-+J$%Q^pcs4G z=DoG}zf_KER-31mw+J>O1P>dBmg1$?`|HazN0Kae^hFgZ+FXgEAz(8)&kpHYf`XRD zpC%Tm>BPyKnfD@Hy9#f+?*z$BTq2hQdZ+hbYEcfCU zEFE-@SG0pTza-V~#N*V57B{YM3e2vHOxW>k{N=2 zb^lp3_wN|wCjhXJD3&V5QmKIjx_&CZ9w@V8ouQQM_I95-dX^5dj=@(pSny`dTWdU2 zpr%y<6AudG4*Am2P*zhbm$qUXZNI_A_9CormwWkhdbe6kd5)WW2Jm=h#ZV{0f}cAw zMx{jHyWIZtag{n=s5a3*y5d_7Om*J}>mz^gSGE}xlmMPK=cC2-Me!wdjeUsw94SdAJ(Y4){<};|7f8K0dcAT|o?M-D&`>P=dypF54%@$g|o(!L( znhozP32^Llwjlkmi)qgJNWaBnWs3672&0I%9a)t~&e6Vt?YQ_0DNv0GxrzB&0h}~~ z;My7zST#t5Q8Js~&M`(c7D`y_6vJ?7nZBEv=;3agi9X5{@HGkci`;yYjMB`}4u7!>E^@J8Z z3LOJol_?r!#!S!Ev={l47O+!G+Dw^~38oZ3@N#HHSx-D@rHR6ko`udS;pgJItq0UE z!3Z@4j0UNK{yjD~mJ*E?MO8Yml|wJP+LeB8-r#8~>1FjT3KWf-u|}}WN>-M{%7$=y zAD(7=)8)?runaE0T0`nx_H*qMzCd_CCxzhGShu8M65!a2MB_Kii9aG6W+2{DF@W^! z?2^zr+(vBx*Tpgq4velQ{~{teAivdw`a)-uCrw&okuQl|z5&nkhY4;{$G>XDoDtix z7&&P0->}N0gofQ!^o+rkyMPt0SNqJ+kZWsK6C&Cm28}KSO;p$5J>+h1x(!r=s^Aw) z0n`1`Oh$y350xg{H0^su>Umw|l%mZZJA0F6s{9Z^GN}FCWbGd>wJPa=FrwFN1 zBV#ri2;Y~@+d6`uJT zkWR9rH)ncCODC#XNEh4UY(dpPdz>Y!58uGl25?bdaFdmHW1M(OUu&e6b9wP7zVJY+ z%xSRGztOdNv1}bt+}$N8lnnil`1#4*Ozk{c%~JX5(5e=R2K@c=NoPks)`n^a6JK8n z_48xB{5npca$&=mh(OzS`-kDkRiT7B4MC+h#rF}x;mYSJK|HM|O3}>3$JH!Rz+P`? z9ahx+~pP`WugiHuO z*HetGm+~(SZF9~=o-WF+bRqpSOEcQz1BiQCwM8fv#rQeS(ouCoboO6p08(5Lg_$+rj#`^$*?hxZ#b*?&-dTz^pk*h6Ou zjEIo=p@~YoX*mzAbYslQZ+GUIeON0)$0#R#gH?d}l{I2$4W7X_bBLAb-K6DaOkJ#A zRlBSGSqCqmYNW7OwT*rBj-~fVGVAvNx<|+(Q*&w&iL2r0rgoB8<05Nn=Zw_&qnN>x z2OXt#J8DC27~*TF1pi15{#I)k%l@~@U|nIy)~yuvg9TbP5RBvgw zCh3p;^kyEB+pJw4gmVPJ^*g`9mstYR&CmT1pwfGAqTsH)(hPsMeE9pa7D2dJn^jKp zVhLTH)3PZA(V{L6q4qd5tjh0(wK~XrE{G9mgZ~!gPNXra;GbfNUEq@t#-k2{b5yC$ z*hcrtEcFC7!*qD8Dp{xrmsr{uP+V#<<;2eMpf=>Rm2masxHDWCO17H;WP z%&0=?(0WWNrg~gvoggaX$fQ$;%LFs5fgibs#}mY4%JOV*zbARJsc#ls=+BWD2+~8& zj5X`_dPpL)O>Z3-T3#jt5y2WTW&|ZPLp+%}II=gnUB!T{H6KVK@hg(CxJ4@c&^3M55$S+%nhj@F z`<1?6ha~CB9M*`#wz-A&0DS$}Bh#%L|5j_~KEy1#@fdVYvRCt;nKeI|!nKFsp;qZDQ46uDfeTiE?Js=+-84-%?0qICOMN)xnomTKk#*l6gLqqdljE&@Z zbYN#W3~-2!uu5nfNhSHHq`UJe=GJlP2Xf|y%??{DeTW2P=_sZc%Dc&r(k#SHaq~@- zbvAnsF@*ueB!i3B-QR!rl+w_VVV__@2SL`@$e-gNYPEn+HBAHB5M+ZydvNhAIYUJ% zSRfWFOG`kWPY`ag-HBH{??L zcw&ztGG-41iB;uA-4)wnn~0<9+P(XEuU+c?OoQ9tZJJ$Bz>#~$&*FHsUxfan-0 z9xKfjrOzo|Sw>J+j2M3vp{(HVe}n1b%`0%lQJwmaEjcZouGKjB`Nsh@t>0e9z*Awa z^5jwIr7fu!Fmmhaj_@`&|2eEYo%xHtY{kUVg|o9N|rITmdD zPf68c2IWsF_aq&PDiy`!Ur%# zsrVu`4f2_P;gg`L%iH|9x@b4FqRW{MHELJ#y>39ri3VORiW`$K+*(b@-lD(;G4GVa zl2g6EYu~?m|C6QJxKMG08JrxKWb=7@rOcf>X}7p{5@p2h%59EYK$1w(2!I~k)zqLM zp|_n(&~gTJho5M-MliBf5hcl=^k#KCMoi+ymV$%yy>J5}$$sIr?z{)!a*x`_;7HO( z;XCx}n5f!EFd=)3t7;YXZ|P7F7CSv)E4k^mqRoT+Mm5JjVEG#MjCM*cvUArTxu_Rq zyf8iOF6IGU*oC)B0M%NMW$@^L^-m&8;4B_Pdq^3YnB2Uef#u?bI~B=IK3IgBA966r zDe!;K4i8{3`iV*#Xs33+CkggwD?x7Si1muwHpauS`v3ZhEMzO5NEr72`U)rcZ3z3`&T;&&sDo3RQQsHfcv&kJKghoz5_)(1?%=t&w6 z(s+S#{GR0hN0L$OBnqbl8~}4dZ+_K9h}}CkN4PX`eJ|vT zMnK)PS8P_7FYm%_FnEojaIhEPKlr~0UZ}q%8*c$G?;lvy)E3wTQrj^tK4 zIAOMSj;{^gX!sux;mE99*o?5^q4YV5=--QlH`W`*C+(%v4~@%CB?nVG8o*Qh&Hn~p zA|R(MRs6wNdG9;$&Mw6dvXmM9dlEQpj+3Lx5y&bL)FTaS-07*`y9Y%KxNJc2m`xPC zK~sT$KfCSH_;5<~N3>fTr}erJOwZTnE{s*K{O{ioS;W2_V*i`%-{6{Tr^)3x$$~i? zjv~xiblTZpt^QKavVd?&I^I1EC00)rB#O1#0#ya&=Xd|%lPijkwC{;Tx4RNu7{=J& z4>4YL@b$?t9Q5k}S{eSy=T)yJKfa4eLvBv0YzWC0yNa~i$2gxRBFaJUq3=VKS$b7} zXz-fs@6W{Q!hZd2s^}F8xXi(kismru6h8&NOF7~cuiW==tTiGW3isT3UeBv^nwXqa zC_R{ciPk~BNIZ8*2E+An$^os`u~@s)8dXo|P19&gi1?1Riq zwJmEE$ruF3v%zP;jNum=HiLI!o=DfUCzS`GRq?7g-**)yj-<(9MpNEDRAU*&HLUrVGm4vNb}+y zp(f4HvayZLz#Og~B+NkPHeTI&bc}uRq@~T3Lg5=H_*voeeEV9LvXy_3q3aDvGz*VJ zDCJA7Q@1~Vf1GNlwmdWRZ*ST%u*1T39SRa#e= zS;$0BiFB94h|KhGVpkWO@Iz2|DSs|msgCD>w&E{5nP|C1%R(0Z*NYO8DJWeL7B&Ti zaVS7d%}!+$x^;8D!=@ zys)yZogxwD^iwr(zZGpD(1T7rL33#&Bw|i5|Ojq)HbB$W*NRy*9)7(+5(J zAvUN$Tt3SS%W&>3a`B!C$p#ItL%7H`#gfut~NU8@El=;=Cgup6_kw;Pj zN47DNX6&W5g5DCsA^1E7y7Ye#lRpz_x(jZi?0@xG=-d9s=8ytbu{$P_K?+YE(UZ^? z7aUmw3dWA)arKVQkh%k9@*EY;^KEBe*J zGHLb1i|GTorfiR!g+AE(Ql&zir_1{xX9Fsf@N#Q-QgM+l9Ul2))+PFJA=^;Y*+Bt4}|9u<4HDVk17;JbVR zy1S}rOey-USq+IBOjBaeY;#07-=d`sTwr%Z3y4&7IEaX}f~sdY3a-A~tvYMnd6pJW zkYnB>gHoT->cs8l9TR8hcN=wiqCVN*@hqV#cz6Udi(z(Pu}{H&0s3V_jj^e7;B*|W zsK`rj4&-ne-M)tTMj|A@!|K8qM||DxQqrfY)6wd}TG2-{?$$~Nm)u#68}tHDw%R++ z2sb>hSw=kSPlH#=rW-bHj1L_4TfyEqkC>~B%VSLi-+8N>w+D{HCS|*LIU#SNlhZSC z$D*?shsFf90WA7p02dvjSr(xyc7AWt)QOu51+JHtTr>XV!jqb^_3&pW(YNr=F=>b0 z1&7UKl?TQ@VWsU z-i`%0`pv=$&!qF0rrUqah6b~AMP7we-2Dbxz6 zzXkLdQaioV2aXl|2gqkrhhzPGnZPzG8{Y2*7(Jq|wQ2FWGu}z$Oxze)N>6SZ7z(i~ z_elUs=k=I=1&f9pLk$@M27KT!c!vG(A)Vc2E%(OQbcZ5UNr@$6=#_zDDOVJ$W?36j zmXU5ITUH1JQ-c$Pzek3rwso=$YHR`F1%bn;0*8SYL<~?y+v`7+48PQkhNflY(p#mn zp;+SylnrlF+a; zt^TNz#hd-;5>MQy5SUMr3Won*RARD_?uLQQfji5Juto#}mo93sPS1Qvi~T1P10&0{ z+Ei4C5UYme4&2x1ZVf3mS@+3{&bzr>8PRAk*S3}t3Sd&)_#L)5xaIr2Q8+;^aK*&e>4s|??pY3|wNHIWKS#ghP%cP}L1)l?Usau>ijEq^6*}2^JKrw+v`G5c zlonV`{d!!&_%8meg4U_y$F)Uz^fG2?PfjwInEdmk_=+7#&C+<8A~|{bGNcekS>al` zq$D^+)>XY)Y1&18DN?ys28N`ekl-R@1$sT;)U=c%QNL)`zKAN~73uIVo6V*ZHD?A4 z^lhX*yS1cs`Ixo_ro-IZ`TfFu^W15|e`(!j~lvI*nDFnGn$@GIUCS)#ikketSXH*2QicTZEiD+J-B293(tVei#fiLkuU+O`vfDb`&E^uY zzMMH2*sO;pXp6rwDvyxH-HQ@(iGyBftz6i%{3zNhXkoZ3iQITmRhnqQX8ko8J}o~P zH0K}nX^xwmFXL99FxQkg;VXd2jM@O=GN0GxnTN0;bIa9C1<_L_UrUu*3hCFAOVvc0 z3l%`vhgT#F9fa0fH1vBNI-C8jMoi9?TiV`3rt8Pb%_XZ0_6?ScgV*9Oan(9-T zY(<5}geP&uig@qvP);pUOD*jn(yvsCp=d%45d1X$T4hEqa-~tLaVh0o2faCkfC2pf z>RF{~R|V`Ra6Eu2V<7LhX@#E>h6@TN3uE_5@M${4Dk2IAFK;zSI07v+mPh~*dY^FYiR}$0v&!3Fy?2M#R6I|Ls zqt}sVlf6b#*<{(m2`aLkxZ#*aj91B%P16BexT8l zV>wG-1Xs~Q&>mgvS}7Zw1O;;ZpuXB?dTC|ou?4f`jey^A5+Pai z1|Y?aCOh2zV%@GmNM|Sa<2l9G?Nh$Jw3N1f!vG*I-vx$AROqWH6;rHvjg<9v1Pmq{A zyk{q{-?vg$WM9zAkQs2#a%yT?;i;bbhL~g^^1&Sa<2vhp@cQ#C#cEHzYYAo zHyx5zEuC+NE?|`Gwtr#1uKL9*wHFeb`#+(zz8n=VK!7g$X~w6mOR2rk&3V4}&-Q!U ze4eRb{W-`KG&kI3%QoMy(5|f1?jyw7<$h$4kT@&KJy11K##F^{oW)(!& zJa>WC4D@|`%pGf_vV~DEITfIK!npX91a)BIwW|v}v%pH4(;(VSLs>cBVWLCh7`%3X zHAnkm=au)#dInL9YRnLPO_#r%(t;gw`y0Jqte!VJ(YVGzwv79JI8H;~R38fYdp9CP zG0%qU2^XX(ff_Ob(3t!(U+-v|I!Zmm8f=J zvL+qc{25QsZTFfux5$^@{?0YO?ExRk#HRM+3<`~!%XZkJ;>UG@vMI4qmAe#g@V|9#@~QiI+2YyVyrG3p%Lv5N}bkba0v%4X* z#`$Xyu9W(J`3BwylV+-Kb-w^fbf?GKOMNaN^jjnaGx9J9dxJ@bvK%X#%G_3W%-H*6 zzv#5BY3cNGWM6xTe1;6z;Pi~?j2qtDuxnyEtK7dOus3-3?DGJg{JJ)WcNNh_RMRDk z1NTC6t(%8+-vVi|UR9;Nm%AH|tjE-e+M%O2=|%I^7@4>0(teKn-g;AHqZdLDmsv&|!nXZ=Go}G~XOlsDBdw zU8N!S=GS=V5RC6GTNU>eOJ?qZ2g%Tw!4hlk$a6V6>h8>$lseKH4XPk z-w1yhWg=e(VyyJ?k}6*P|GJWjd%nzOR8 zil6+V05~(sX&fBON*(hGksuBN zAlRqiTz(1C=-9}%I@<8+^g2`_)wetb*0kr;+?%%*z5$wkp`vvWNWte617|`rW7e3< z&kEpk2r#NSFex)R>ba1-K6ch>S=f&p7W2inRU`GC9fHFdco5E z`31nPNC*3(MF4gE#L4h|1o_O}{1|3J-%wM>E+yOQvT>$C*oPnm^Kpync#hRLr(y9V zX%6Jjps>Xa6X<2V_AfBHC98R!X$UhWZ5I=M@&Ye??x-d^JtTwJu4E^U*n7&vm-rD) zU)Pd~S41UoX_QeV6o-HNSmTcY0RCHewi~N6mH6%bL&@Ej^$=u(tVr$)bPvB?F~Ud! zb5k0zWO8kc2ld4?MEC}`?bYINdS8pp+}A~zc~=vRj3ZOsj!Sk3==x{r-c2y-RQ{8-hz7ieq$XlG#ez1^n(8JBZ>$opmvmcrX2vomZT$F_PlT?800uQQ7ClWk znyGLq)@OroL%na-iZfT*Jjr~uJ&Rou`(`3~H_C~|9ank8h-v!8UllAT<_|om{y@M} z^2c&IyV^%E$mRYYx#mSW3L6jSDW0%Ks}Ie z@(%QC@V$;_ND_raqn|sbc=G!mXiBxSqd5DV>7{cYc&lvcBIfVNZHoFVgYAA*Z{l82Z7;rImJXy6SA zLY{yWDJf(vHXxlnSHS^@e*rtfs6kq6Y9ZXJ*!u?q<6F>UKQEybwB1lD`Acuu@DIkR zjhsY~D5@kN#NsZt64l&YPdQP72r(PW6S5}`=mGJtEoV&aqsRJse?KW>J8;Tn~2sC8#`UIa5 z8QuC;y0nY8Ry^u`rW)aWiWvm^*E?v~qq6xmb1mEM<#jOK79c zXyo0}+&y9Q22Xbnt**JtcaKo*os!+S`bZ~W#p{$ld(61~*`hB*_CDaVaeugCN*lrx zBv|&d*iz?bZAMU6{PF~?ea%dxLHhO%$n9OaiEyeTnRFs;>ui88Z@DDu-X}A^GxQ1k zvmvV$dG?BNUaD_trU70osx(QZP%6pBg*0|ztd&~8m3+9c>e;;6h*szkU%;c)jpH^fV(Y06iMZ@YPT3x^a0>-TJh%!^TXT6i-Z zsbgc-#-d)w$8Ro@DyXjCMTA#h7hnG7H(3&!zUNLbeo}(}=WO36zE`wNpX^@CX${bS z+s>PFzruDgHMSH3tlayMVp>-ljPBfT8E+9r_zmTKzGygjuXG<%cYNn_gm_kepTXNY zd-*})h{SK+i2jz^M{^;D_Fm@wE+{(LVzRNv6-E0UOU74Q=Gy5gOl_V~E3egjL5jW& z$wvT7Rk?C{J>~3Ou~Fskp3;1~&N00&XOCy~7ZJY>cCY zpCpnZr%O32mbfuzmX0^4jB^TIgPygXyStzbY8y^s7_1dh5In2GG9MEDz$~Kh6J)0h zkxm%N%r%XrMwOB>q-(&?MYnZ;jG~$kJytKvG18(6HB7BO{X_08b}q|(Zw+ASOO#o> z#{PJwne{>#M3>!h(T~6Vm*1kBfv3|m%&5kAPPwiyt_xbj=)|>%|8f*4GgUWq#h4-x zfG6#ben!@#T>lJNJ1Y!U+vAxOU(JVU_aoq)?Q-6tEB>z^i>~PWay|9axMG7{?hx;e zV$Hkra~>wHWgc*Ace868df9QEqMGZ4wTq2sJ4) zjU83T9AywzGr`eH0n1k4@&1wHW_4>^21?0?Z-+p8D;yd@2*lB$fCRTzW<%vbf znP~vw&DT~nK6jx2!pMFYi+R><>-`R&Um`hqRz9f5U1b#^M73nh&egzCYHDhN&hC2! z_7gy-n3D21Hw!B=igJ4b_mU)iw2fx-T`?>VBc-{sIDMK;pTrxx%H#0fwdkNm2xnkIg$B+Ov z_DL^F)i7^*^bcM62?;j$A;x75YBSFH1Fl0@=rOx0jU0LHUha-wd~RcgmgB(PmJ#f3 z`Ql_f0hbFIs0u;I+bv9!`hdLULHsy}tl!zz8ltoNS~GiE@xE@^P8Uf^sUG(=_1u=$ zF>ncabI4K3$m=E=oPYaL5lrMmUce-zo*9)`br&g}#I|QjOR*%krANE|5cUZn9*Ll_IP8rLT6J#QlPo-=uyCRtDn5R1RD(gBQxg+-G&3>>ZfhK{eJ z@)nFv1dWu+uP#&)j?i+ZHjWh@WL3dpG-jud8^lfh7S1c6N|OE7R>R7bWk|Wo4oWVG zzBm!4ZHRnvZkmewKd{NC;y7g@Yi`F$H*+czZ1as1ciw#5sq&9tyRVb|0VP>EnNPSw zb~Nw~@zQIC$3yO&^U-tR@BHSrsW|BM^WYHjB9y7VeWXu_%? zJf3GTx3?lLXy4-FLQww#@|qW*=Nopj9wz$mmW#;v-XTbB*fgDQ7VB&*O2I#1H~Q_^ zMIxX>@H2|ursZAKd+EZ6x>1Jud^>5etAhRl;J7BcaxA;f8DKQprUJ zvV?J|<&mfXd%lPW0+{%zzz?5?s(S=l?C;tu%r^MT!nR< z{(_39vACsnjk|o(Cyr@wlh%(eK20;V&0}u&i)7~1f})Gvn|J@JbDRoW;-0}xcN4hh z_FP0-&S$SWuSxu>SM{uR!=w=d9j!K#+z9Ef0V+03+D8ITxZyj8HAhux=?pxDr^b+0 zN6bMeU12i%q{XNWYbXPQR$skH9`Wews*n^Ct?uEPWRZ*XiI1E?G~+RLRx{7{30i`B z7+;)cZ5IdOH+k>wxW)m`N9?AU)^qp0%{P|`I(U4okC+m^F?*8z#Z{J}fqMnf zUY>&iB>az-s(Tk@3iF5>Q#McN`xFeai(6HLEpb+$Ty4u%7A!ZEV@Q&D?~?>J(lbNm zr5cGfh4Y-q4-cvJJ{hYa`Nrkv{E3h zK2Ju%hzY*7l2{kGVI-kFi^7vL*FKp@EjNtT~LMgwee9#wIdws1?)`TBGj!>Te7?1K^%Nz7)41 z=11-#Bz4$Jr8%ZNd3GT>oZfGPmfhgSVEyUnlpwuH@TYT5j?0I^Ak5TPUH;tMwuwPW z51#Z67lVa_vjVW7u8B`4p^uV^C^0R-wG;B#WE7*Liz2Y0+;1s@VM=qCM^)v0X*Y=+1ZEnh5dz(KtE2%_em#n5R ztIas3B>!j$RiONBv=pk7G11%g6`xk~!{|XCSBJ8~=jNnyl(Cz{P(|L63j1b=-Ms8J z*sNNUnB|}1s%L6wh50H_VC}{n@G__?6CygEl8;F7rJdi)!|!Z~aXiLo1DRUsig{ym zdA6}S3QJW+AZT_M-^3r@E5G1bv~KUy*E%)%{Yb|Cm#h5--Dk6N>)vZ8$GiR8sfwmZ zs6L+$Nw|~DV;>x?;rR%)Myg~UN>HM35vdjneJKeny{D^4?aF{^C;&blF70y}e1m6J zu`m9Imxs&vU^Hx$WS9OX-DIJwz^@438e9?2lqYx>zMlsa`4K6#hlf>uR5X5Vdfz+i z`jY>1$FJ3IJ46y$Ybj^L-7~UfYnUs@ohlHD~S{IOdUX zG($8-ZX|rR3I#?FIC4%`^`TS#wmw&?@A~KtsZ2nqH#l*3l2{54ENmkX5C=k|Qy`Fx zkEf2tU^9@Me4+Asv^7l7stlKn(?LwrHnZ=={S!Kce<@dDDi$Qn2ZBY)hda|0Q9R1Q z!8+B$wdc~;KSgxXefFx29kXt3ey*PYD}~htTS8_*olo!x5zRP-o}fNp$G?9E!-2w| z$hQuE-)**SjJ3R~r0oVpAKJ)xYEL$*bk`bkeNZ!fg8ILL+kl}1AG4%l}JxU%H{mK>|K{gF4n`Ykk|8othK91&$l>cqsp(b)A@dhgS!MecQ2Xc4fB zIlq8EtIUSfl7B&Xs0eJP{*bO)yqCWVd24Ls*HVeC3h>J`GZ5lPaP9hRQ-yO$Lsu)@ z2sTsxJw2Jv9}?Zm@!9XEn&bswwTabXtOvN6USvrRWemna*VW9lh9;G4G%4ajS(`*|*fF5Ct`JWT6o&+gj~i~;~}znwsGC64pOTKcJctN zmKMGpLOT8vB=9%JfA%xM^vg5PRl`G)`EkHaO^9dlwbp3k>YLh?=BZ2C{BiMZ^$_Jr zx$6sNvc+V(S>4k*H*Kkcp^tmPak?{StDiZt{lrDv-Ym$ltsv7Mp>UJ&#LTMsi*IUV zv85C&9v)=gb%_#O(9lc*#zK^6k^SYMxKPu%(nJ|bSrf+jR}=!@wO3pBFG|YiK~t|1 z1hLvwv#svQ;M@#|J^tk}>{$~=VZwdTimCS$DkkbF=jlRRN`iF6pzmh<$V<9p)N{o~ zZbM;_W@ks|-GvB7T`1-O(vy>C#Vn3Q`6rrwTid=GfVt+YaRmo)V&kr*D*IoF-6^nQ ztcWLsZIz&?ur3N#3CE{HF=M0gC=l6SYE*hNTqkdn(WqETh7kQ5k2x3$dQ_Qv_G|Nm zk=nU}!K~1R`4v%K&{yv{x8SpI$r|Dw(&pvo9PR0t0m~L4cGVi_Vqj@g5pND7(Wo30IGP^+geCmkAwbE@j7vGNk47oRMAOU` zLJ5MHriYZQ9|zW%#*O~-F)O}`0djPf_?k4)SKtr?D28{{r!=A)-`>m9&X&uyKPNu* zp@|oqNsLD~H#;k^QBO8owd}r(v67}70qdxqHKGj69m~Id?KJJeyP=MIHdqvMvtEiwItzc*DAz? zaF5tPVp^TljWtoWOYJmiV-S^>{J9p8o67X_8mWcku6|3DKA_`Wsm_yH+SRxL$Zbkp9Sczj&@Of--& zMJ-!>`L2E4WEn{ua3h%=yL$Q%*p%eaA?nmIlezjoSb|tVF+(3|BnhRmhy6M?-(FsQ z*gcu~;Td#x8Lj(`)GPPj=h8dEvv%xF!NaD>zCw{hEyH>`#$Ml2$c7(R{p&+BpDcT|li4`2Cr+j-g9 zdi|N2`OXzx7s*{+AE^u7zAV?+KuB&5s2uk%{E5z$YTvokY(K+<-0)x{S32d2RL)v6 z+8#xRGAKtIMO@f-hXEz>tmgDXi{vRyzUe&bx&Rt%2AzMd8pUVUOAbWn#X0ATR(}XV zXuKFvd|XL>Br zmd&IQW~vb2W#-?H7~qv3h+IQBi9M3Aa#{F!HypDNF2o|@ zre*Z!Y~{+rbY&Dq%R*!GFw{?O1B{d+i?p*1+F? z*_O%DpY~uBQfkw&f<&1{8Nme5Cq6z-2fP#B*JZYNj8?(EZ@SSkIX~qS0K~9G2#rGZjRzyQC@ILqOEir8AgO9&e}{8jpZPKuB8cc+vbwGP%q{jD8*Y_)DK2bz~tCVc4MTB~(*~o=^o-ieegMY5|+? zm*O$FC`)&Q$T^{h*!<5BfadTBUszu{o=i}KNLm_wEh%rMYQtC%yr@-KHk??7pIKcNTX$z{L-_pv@Ll~E2*NzjKxt42emHt0XJEa%v;l& zNpv5YyssZHPr9ZI~M$!8YZ@D6*)Q#>%gL`g%jPPlQlND=0$Rm z$UZ`74PE9)2kyLus%F<^Tllb^*;W@T&SUp4)YSL%wU$|6jR(vX2cMdb(_jr3jdzo& z{eJP})NLtc`AZ{`# z%$K|d9i)Wj!59$}b2DKXcKj}Edf9J=QU9I>sqU^MO9)-uzNzYP*@oUTC+Vr5)GnIk28B}K%;o&TEDj4|G^Z*+FTX) z3QP8B(8+TJ3vy!FIuqhSDH9N*>USox7m%u6q+I<9d|ef3vvQBvW(6Eg?MNhj&PasE z0?=35DL<2F0;*VKUz6{WpL5&5tN_w1?ohrwtNZaH9?ju%CggCS%}9Lg+vWMnd0}VJ zSw=A>_UvKgHcE1%P)>u#;ds|R?giGs94M43@NXTeBaWnc&FODJ^IOAV+tIEK3zg1e z@EfW*UaCVI|IkcCB54s4=uLyk?LTb5s?!})!Mq};*JenVunt7kY|--bBlh^=0aIN5SNhg~>IR0FJ2HvLhiw*F|9$IV`F0Z!-^U9tx?;u$~{T z&%g9$xm3!@*1Tx<3rKrUp^~)V8(MU;9!IN$#r&Uf#E6-n)5o3T6b!gmFijaof#R%i zNo}}X99U>dGwfcW=LsqXAd*B91Zo2RH@lpCZYLkdM_+(q-!%L_{t52ILV0Hw?Ui3$ z4O0p2M_%;GWwv3I1>HHsji&HHi~d0HoIGb`5Ml&|x$7sazs^U?(fLW08PX1(5N@=e z^C0d8@jCDr!q`~8jm(9W&M9$L!vD`9(v9lufltw5^!mv5P2I4@BOqnn zh+d7R!)=>c^;d+ZXJ(Gj`>OWXh7Rw8n-#fbjA%dDu&?r7GkXSA_;dfr3nfHU9hQTp z`ZMS#=>^0yvZ9gv5dLqr`6%$DaQ3;v1Q{=Vr=_Y`m^2%=d<7Y_V8-kj z=Q|!+xI&0kixp}A>Yh1&uk-03?XTar2-?`12$H!0oC*cS>OYQt}ZR*@firEjLI{UH!4G8%t(0j_w^ zcgQ9uN@p$nYDuHYQ!!pcyAYQby*)9Q_!5tjS^gqDF;|29hDpZV3OeCgDqj~cSz71^ z4)dbQu#PJ>@@+56PKQ|Bc!oyIoSCpT%{O}M$D0oSd`5a&;YNI6|7+KVr>H2yBMD_7 zS^E7$Wp6>1eGhAr7!Y>2Fw*-<%j4t)ynI!X!II&+Olo1RX>y;e9w{9^-gGX~x3??| ziFId++U6;Wnuc!pq&5mne}DAoF3I@zu+NjwCnEu{c!R{VMlF;_0vF$&j9>Q4eUR3` zV{!T{l7kQdWvok;Y3~$6w#vV132sUB<5I!uO*{GCawR$m;TF6a{n;gCc|S6|u+ZRw z=K)gQHmQyj)WrJ!pH%Y1-)l|f`(>#q1j4)KYTx7;5SBBMSn{Z36oF891(Y!bJX8Ra zVdN0^e^o4wPrg4JuOO&lenVbC-nv~EdcQfmKrK{O|0LR5*6-diCD}orRPV( zqAq*ghhavwn#B#XDe}d2I~lA$B{#S8U&u4tySw!*pP{#M#LaQCf&Eg$W;bkTU_5KQ zj8Uj94OvmJ1DG(6w~h{A%s_6__=uZsC0%20k?$0nDvSvq)c4BQ*{=K3znbp-Sr#3t zl@|=F>Fw+a=!2ipeCO)Zuf#ofkF`3`eH^`=PX!HBxv$x8Hm$V>6)dsa`qF0O#QY<7 z96}*UGo;#uZ?4qScD_`#pAVIz8OJX{Uw41(Bj+o-fKb-myz!Wm^88YCLRNV@=_~P^R?s|YZ93KT zKZAS;Q;M(bK&^r|t*|AJ&JWw;i?UFI$aeiWaBT!dfyHzMj7Ob+7VdXm0XGJ6z|b2# zzgprK#!BMqOIS-11BY*`X7z{4T@1fW%qkeetG7DfLvtr_3$KsMgHzW{|xVORc8 zn?b*I6Ide4ZV~djZqk5I$+Fa3{etb+bq`}JHeSGm(s!)ONPni>-|ibco`JDvF+=t? zTlEU;5vEttHFriH{FXXfGIV35yEzR4-T+iosnS z#Gp;tZB>nwF=tlcSN!L=*u&wKpza+i_ZE@$5Sa|psSWlnyMoVim z@`Y8-1JIu@=|Y=zh;bG*-bJNXm1!vL^AbP#M=}*pKcTi(e1bFMm@)~1quy`%hJ_(g z)1DCXhILOHZpe^il!K%v<*4gceW|5=c#qlG1khU=po9(7B46x(|F%*a^M0GXuZ;UBJiYg&gmVu9M2?>Il3+`YdsV zO!414Z3ko{{q3J76dGT53)qAxmA?(EzLOsQB})5+KN903l9uW+hj1iD9lZ%{B`SKipk&mJF<8WQ)#c5Dx%ZByG zULegj z3tREep)vG=0yCLAU%(t1DG?mFZdCX#T9EXcBEaJs<_Jmqszvz?-(w*4YHUV6RuA=? zwpRVSVJquMv*k_`tj8YXstRdSQ0u8%jfcn>;kQ`oWmB8MgyDR&bSH#}dO!{@dUaHG zP-@;^#7(6xGO5!{$|y(dmz-rLzEo|42{#hv7oS%NLFWHeeDn}=a^h$g9Kj;dEXMt9 zjtqlcVV6h;UmkK5zIW1=jDVSEr!&Umqg%?6`USNYJJ>bPlbxe=Npl~M-K~Bnl4$4rz!Znt7 zOkA;8MWc)t6X%l@t~5-5*fRFb+Zr$*@gW^$%GmtztZ{X~l;t4?ZV}B{3PGntA1c)u zr`W_APAzWWD;nk6|V3|Ff-xf(_HnU%v_3PYE2GQ-7Nx;P`y=mH-6v! z?3?)!(>;8N_6l~1)$%%cc=0(V1(8Rjel;apR}kcM$l-V_wU+^2 z1iSUAoyTXJg8qi4i;9gOq}*z9G|QFaz9CNpn=*@+aRe(65iuCP0lT|ozT$gIiZ2#k ze^p>9148Kz6HLx;v%-dDyH`@L` z?534!&rBbu##PnpVs7^X&gGp5?UeJ|)xLDuS7K;pEGT#?@C>D#v;Wvt@k$rA!^CDn zn3Gw41oeIp3w;}Z+ttz+q1BOxw@1M*%nj6w&C^~j482?$bE(BPeTC?w(Gv=|mY_W( zG^(zWaP<7=>>tWNki#G8gzuSA6fSAZL#f3!bRv` zA;K_hXnYCU#li*mFr$WHez3BpQg|x5!$4b%!#nnBC$Sq_=j-8JqS2%kh^m8Q2jw1=K)tLBdsOPYZAn8M@iNLxH4XN8Qsw`dH)lGG zz*A8M4OS7yK@fr#-4*+nhqbZKU{=>;~Ou-@CN)r-^ol^u>D_%=RO@5&h0*O~gH zZ;Z*_0I@2HO^0vZpPY^AKmE>f8v@|{6em{fG^(~omc>$hsErn4#ELGaOua8ZCWa-6 zDU)Z_oOV~(G|NiyP0JI==wzmdArz%^CjL|XOt~cUVd6&u7_YIXAjLfAmY-4kGTb-2 zB4hcL3DoFxEi~p#vdZw>%2;b$POfqLrbzSxD0`*7;6<7WtW3w$E$=#5{V>8dlTSr= zW0@oKXi>w`|F2Ao6YIN}+Q39fs;lzc6xTVM|3;2i5~$cUFf|1x4cvTklf(JxpCpIn zk}NPup1~x!RM31r=Qa_^JwB6o<#LvAG$&jIeyzyr@R>=Z^;70@yP=V;k@zt{%HyE@ zzSen}NEG5M{-RC^)nTy7lX3sGL)!~h68DCZD}NOO+UjU!g})K`7r&2z6;d?ugz#w$ z>qx8%pi>Mk7W&{aolRwfeCYaAq#0W^I->`Ja_c`g;ju4(1;uw*P}EgwDqOrg+)$Ld zF83|Aa6bJF97mvQqxQ|TP*d^8BulTK>kl5aGd#b^PI;X?DFX=#_Uvvk5jRpN+)4yV zsADABM4!NQ$uDJy@U{sGj7Jk%V_W9@Zi_%S8}Issae?cOS?Icr@c_2EyS9~?As7)K zd3tSj;+d@QUkfP8+XR!=u1$PXNzm7Sx`K&}LHez%-a$Y5HWeMyr2LuIxerXSscQs;8t(ic)F7 z&sxLI`oH=6*Sh7eJ%yFAejHlNB$>NTY=yr*=sONgFaZ4O{8mMkxXm-}zcN1`j0y5FEb~rB? zokZ1J4!=h4wG3hICGLIa^AX~Z;81m(L&@cj!%mtO*yMk4^p`*jHG0TxNURtk=JXsN z6DmgfsQ=qVT2r$&P@@zN_tWk?_MZZ=`+<-9abHOIzNmygJlDz90{i++OHSLjjzW8F#R>q;oA0OPd|9sNGzUQ|90_)CgZYtv9y4Aj@EyI=cMh7|D^!y z?xlkk&XMFYX-CvJRniI5z+Y?SQ_sV!6+`O~V-Mx!PDmBBN{vb_$^g8l_#++Wrli>> z4kj7{aq%sDOdiKz@~uYmCry1OJQ&YP$Pa?VFINZqVljh_k5MRfUNY%>s~8OI`Q3%C z3d{RTUAsW&GFO~Vs5zV`RVzDpGl3D${B+xrAC~O=t-#&$YJazs8!un4#&c6%!zc|6 ziZc`DcoZz44~AvSCF4utWvXQ5^S(}Z$tYoVIVM}sIlWLQk>mQJj~8Ov!=4;wh#4>Q zcs6;%u6%QMCsxL$Eulp}noTN)r7`{xyEPy&$FWm>CBotg1 zj4VsvN&Hp)bXi(CHz_`Ol5Oe>x-g>7#|b;CgLJCmAfns@)lE5}pD5T;&Y?1*+KVM~ z1(~Nenb_rwWQX%{uD;HDrx)M&`p{0zG}nqxiIO|Y3471=b*}{P6Qh9f*O#?x?_^(A z4IK~PzBc~s<*vUE#5zhzsP^1z2H=zbrB?5Q0<>Vl#XM1^?~z$xnn8WH5DTt-hF9sq z%5ourBKS|D`>gc)VtB#75&=T%wj(L#%vi#T8iyT4pbYsO4mk&Z&y4e$(|nHKl!im`c_*(*2boT|1e>{QY!d9~`koAb9gM8a9X_xP9-btE#p6SzVbP3y9Ds zSxH;1ypJ#`+)6-*d`rVuZpha8*gwq-hu#a z%1Yp?pjw9gO5BX0IF$$d?|_z|LaNMfivlfxLMQ}lm8PgQP*vQmCS@3J^90)%DG|F^ zL|_Reqss#S|4tla%nUHRRkXmLVfVE}#zy5XoGMr5Z|HRlIXX^Tch?CrW!&e(B^o;U zdxVxA@&@Hhm2^bJ7Uc-&(a9{bMF2&S2f;?RF}A_NrImt#op_sB|A?btz9oeWyd!V} zddfhz^oKWLq5>xV-v!Hxf+snMR3-}xKwKfM7R>UL@6AsjICrNGF&5qeY>)A4DoqA#Zm zso%?+S@hS>p4W!DEd=a&m*R}g!^Z%Z=9SlbOjliBZf8d_kT3rD)TO>mL^wLQ8Mp9v zaa^89y*X3j`21_xjH4?O@1ib@XoHjfKjIP0MUUB+$cv!Gjn86XtBx`p)a3}|XzJ{< z8&K61U?!J|1hR?0m^M-VH`CUx*PZx@*;EnMHX9{^<7>7&5aLB^-Z{!wLIEOlCxVUQe-${WQ3goDu+Kxp|Ck0p@KvE-6Rafhoi^Cl^pj0YR`9) z$051Nkapn~+5u&?1WaH!46t3Tf>i&6!blxojRj`(X4qR~H1__oZ!o|os4`rfA2Dl-}dq=?s=>BbbMGL16VyQa1w%?9>VT5 zdWaJ*amP2D-$e)xC?X%nH>0OOjicw*eh}{DJbW%y`o3Db}0ozfiO9t7& z_B!e&FE(Q8I~Bjxqf#qL)_Cv08E2oQuT_LyHL))5Wl=$!4pQ%!ePHM7HggD6{2=#V z{L+Em@l`%uK%qW!Rp}@Fmeog<2%4h_KKDTvjt8#e7SWC4Z!6yQIZ-4EOi_iuD~#&0 z_LaU}SxpAhqmliBXyo%hr2EBgA%dU&@NYw89G{2|+e8DzMRQnL+l4Ou8$GU@g4|61 zA5&i)R%P@2{YWDn(%sFW8x)WZ1?iCPkOqmH?(R@Am%D*gX{#V&aF{h@!ao|DySD~T?J0|zL$DjGs6ZGniF<{{d;9**uE(PzrR|Of zAYh3v6ZdEH`ekkvU8SC-f>9o8SL|E#CZUqyPR>8N2T}0l z6Cj%>Z*Ka98U%=e?L6yC91RlHIRLwv_k<_#AsX|v%dze!5Y93$uGH%4)ZBr&5WUP?ieFml9;nZyt;=+Qeh zK;$&i;X_|3vi8b0v%)F3a-txSaB!&KRd5Avr>4TGE~SA=XHTfI{5_9&BrSbh1E@1I+aC@%NU8< zM*J$G;&#~cu!wi(VfyKij`2T7cekq*nUsERmt`zrw{53s5kZkRGBG;>Tr0sj9G_$` zbRyIKdaiGi(;%q9D>j<~-YD9`^XLSm&|t!5#C4wR1z59^Fjj#B5YIC%rCMgk0o=ql z;Fqn0AlN`sfYJvXdOJTFhBKh8EnJM4k!zR?Yg&4o4fSf~!0fcJb4_TVHe?+0vdrjH z!9jXa8QKf}b+w{81;bI#K>S_Z*hy4S8(%)qa@G^8a?%YwDC@=|csEjybU({Tzl9)# z*d%Zeh$KoH6JUpA9FUa0V8QzOQ$4Vv^As&D>tR5F=B%fR@$yI9{81_3+2)Zm^tIo` zNdlW;+&@XtuO{%+BI#2AY*mnc8{F-OCP60n`6q1d6ofp#2hz@?{3LJZCpt<~!XS`T zOPT02OkGEay@B$9IMDL>R_o?!kjTOWwEyJY1X0@&9yU_g@gJ`L%{!nzSUFlw2pbK= z^HGjW`vC#b779>g8E>zyhg|Nio42bZaJ}-nuTUsT@i z^YRbjBLHe?NKE5Tf>Z4Ms&%>0DB~d;&90=v6m!-}%O?-Z-_;k!ritG9F;QJPjiddaMXa)SZ`YdYaCzLXiQ$PhWlFLj9STsG`jteHdH)| z%1x=J90!jimaO5>at&K{E02RgscFFW#;@VRv^B~+i!(nnUV__jet^h&fL!3uRf9-` z@}w9i<)s~e@Ul+zPnlN^vJKNFNuU;Y9wbgo!i66`vreAnKqMQr5j=!*BxOYf?OBrw z1$QqC6i!n1BgiQicytAugm~SIuTC1RR)({@qzVezjx8QU2N; z(p-GkM{btBlCKfBWyEi#%68;29hXAutAcZhjPa-(93iWh$sl4i;%%5IqsQE@g`IJi zgAmJJPZ(re{jASwq~ww~K7Vp#4=DAj2fPOBu0RCx+*y*@|CWZV)oV z$>IE~;!!1iPZ<_YAM+NH=z3w-lx|x>b&kzH<9@f8FlBt z^;;oIvUJyK({P^s>%T$UsIJ$sFQBF2pr{h?MG*u_sPn>|UlH5F2Lj+cQ1o+(5=r?B z>ArYxsxlq@Vy&t-)YnvpjnyEf1Q9&3bh-}Azw_2?RK2z zC-as&zK@!_X(~{mxokT-yOLIKR#eW+DAVlQT~DFiuNJCyhqJ7iiHS*;@aD@vcmb`# z2C97Ae{}nDTvLs0=m@-ZEx(xD0j% zmP`CL4}qV*q&x6C>OuMep6J2W+hmMS9z%TqIU{sn88ULU3>QZ@rVwFBoRu_D5h9{o zKY6{Z6Ty!rV}Xu2Ze)#r%$;a$8J)mJJ@C@f1!_qKQx)vMrEXX^qFP(!pwz0^VrC++ zQh0sg;>mI4+}c$H=}`zM2f&7dWl>9?wr<3VSIVweHuSo(L|sj6I#kXeC?thhNj?I` z;sCvyZRAfn7fkFMLXax#|B|RQFG}=P`r<1YAmLBv0O~4+!^T{6(U?XfPg?6LL-Hk( zy&+LiLC>{8B)@4MaKuloH567I^P-lzms3Lpko*hV-R`xB)}ikUzenAXxAAmExOngJ z-g2kf&O0&$$~y_D{O?pgB&S27`N|mfGGUaX$hE;m^(pA74fJ+JIMH;W2Ghr}vu} zT3`UKRjA$l8g1cYwexBFBd&@{09|*TVvtC67j5d$qi{oAlhf_pr=tQ;^Ca-oSY%V* z%iO6&h!QWiOSh5ICxsmTJwzGh!(>jABoBK9n4sl5_y#@_d)}<{_I4vZ*4nOhQYDL= zPq`aogeB!RUY>qEatCZ#ydL$cD_K(o;>X(J?iXXf1J{5dCefd!W-q}%S@;A+E_cx` z5Di?*Kl8nx_x?{OW`FTBwlZdKQzEmqN?OB$X402KT>+G7aBwd!1~T5>zx|I^_{@2; z@Ka|aS$@m2d@Tmm1b5gtG8Nij`@O~WUh%O{;d7X?h1gLc zrBzDC!p@TV!gu#S8L^_@c*Lw5h~2|bzbW%|ynL#>`(~)PX(K|!)Ye>Sd(qkr?{-q( z)Qc;1y4!2?@a|JI%=>sIrVqqE;EQdomsV@>FtVEvT#Z&H!~zC2r->vsS`#j$3lyGC z22AOwd6;H)&EWpSF&5e+JSXYje^hVYWQ~|a$kF{z_Ep`D|4**3jJCJ7bZ>pTkGrY4 z-{R@~P)2R}P5N>v&|vdEs%*O9*2;C?9XmM}1PbU~7TPVaAHn|P@A~rb(EX|Z3DRFk zrcgsF!Z7VNC#v){#y});o(INN%V#2M>5zMpBI!oto&~AfVgx$_lOq74_qwTkiceO< z<-NlWb4HY}vw~!;E_qDDG|fljg-p2NND?;l2L1mnoH z{zJkFtKa*9$l9Zfm(sOLXje?c1^X1+%Lj42)wc)*C}utwn9s0hB=^kJE)1#DR+uzU zIXcQK|E3FO)+6#SrvIl4?ad=nbCq)oATUKidu%fH4P}_mPb-aE)~_sppY40Z2*;i4 zq2kkH>y!_*b|_vgg`pnu*Hsl)Hfxzj`J2WbmzMvjK8#qb)NRBOzdVs@e=CC9QxDjC zJQ0avsmlYKOK*w7<3n_jrU7-?fzZ$g?Tw3(r3x9FF$$j zDB}SUuOw?~pQ01p?Fb{g$Mx%&c+!72a%qq-9}!Wn7&gU$+;}IWj-OX8%t_>TW|CacB`nahXwUfy za*{ID!^U_Gxu8#PF}^dfnP)dMZ30~tlrS+eq5@MPSdta`ng!*h21I^c9k2dzQ)4@v z_9XoaHHi0ioJ3VtxeJG;+Th2nsfG-zhCYS^AS%cTFbE(>W($9d_91A80R?E#9Uh?r zLsjn}?jodnELLAWUAXLflhn&(K{h*}&_w@_Qj9k;srx!+sW|F*2G;csj*y;Ugu-~v(ry2EXZ+ab31 zPaj*v?JJ-QmwykF#?ExmRFV)4(sK&Vpd!mL7pH=xRD@-aA&8#HQ@k{MzJrX{2)N%C z`pZL*kOj5axUS67h2MK;dBZY(s5UF*w%MI-8|jkW(;u;&*i&aW2wr{2QTWa@&XRCJ(K8Z~D z^?eaH4R{Qf4?NQ;&D(Y3J3TlwFPp?#{_LB>bm-K)%mBa}|Iyi0KU8_IRp>*OLo1ak z%$uu>jiHOuG!hpfwZ)7t@g5JG3h+xgp=kO*jQ{qWYQtq&7SBhm`Vx{nTn2@V4r93u#I}YKIsq>g}Oud|Ok`aQfQj zt>B?ow9;xsYcy>lp4TH4Ay03l&jRJ)uCp!Bn`(df2bPqnF7P>_!s?5YgHdEBqGgY@ znvo$=q2>&B+UP5OqeNNnE3PchRonY#)<2cVE{~$fj^S*KIX!?S4bCevuiTA-se$+V zbn*Rg1AYh?BbLF57xMdo25GGFtBLo=b?7?5VfVJ&c1G%?L^g0uMH=1bUCAD7zM)KTXV^^2cCnGl?%H1;)yDB{*0+|6l!u zBA3m8xOa^79aYpz{is|o(HdT^0nJP*4>7lG`2aMT!s~^e6$*@QgjIdqu2*dvo8}>B zTBShVbm*85l7wTWdW?@O>Leul0@8@t43ulw6&x8t#;>`dMDQ-IAx57=W}HUf%DiVP zVxn@SW7djI&9W=_*;m9b58O*OB~~~SSw0ZrfC05PZgKU`HXai6xRw_fq{FcKgvHl;8ZX2e(CzL-!JTu2!KNxYy&(@PqJuNKlo$dGa2;& z_QA+cD|qn3z{ip>l7oqPFUF;0Jxpaj6vV@rCRw5{7fv-3L047x?p4-O3W(wvQhF#Q zXWvl|9)Wqdr5>)&>GXLJJ0qAq?BnJ?=Cs%OHU^WJSo+1?SmH-#K#f&U)tnp<^O3G* zV-tQ{O#zZ7;@|!KZneMY2Dzoh4-xm!7~OQ}4a<{e=En-umcz4W!x*3jQCb9+ywRqt z1&>Di`x6LM%jVJ5LM=JH;9mA8$Nk5f_9iIykn%@unol$`sd5`~OuQ2*SAKW(Th~$C zUo&=iC|PaFGnRq7EksA*OOO4-y|l0TKoKJe2?ib1McKB3EjF7uo2QbgFd_!0xo<(xWL4Z+<~c(F0;C$ieHT9 zRUoR;QQ-NaO4O5xht8va2>VZS%4v4%j#O0wNr-YcvZ|lN{GjDS1sm!vHh-PA9)K!R zN`7#+SKN88lrq!SteNb&yV48$_B)?*&NWq<%c@($^*uEAPosp{wrz*SIFHz&sT=Fe z$41C=6Y2zk-Cc(yt4w?cFn`MRrNWHVXc;6=~|j$EwwbNx%J1yu+aPB)uRYbBH(VIf?z^js0PB@>Ae6g0(=6Fxc;Ea!LEpTCC2j0hJj zkBW7!n5XuP3>U-_s}3;M0vk^^7Dlb`h`jn=TC}-dT+g+(yDT6Dey9XBA5y~?LohK& zV{%qJK&eVks#laOp=XwB$;sNFK()uhs=tTLI*hlNq^G!CQyK;g`PK7PsLLhQOMrxy z(xEHmu5-~P`r;_ShugSXaeG!Q?96B52();y%>lu18|oa(z~_2mvV3x82_26{+Y4Mvr#YkK_{d z+z#b*D&5%XnVnWI|Eap`(!K)qc2Jsc-TXGI1}3a~WeIMF;@&9*tXe~N#aW%Io9N|l zMZc(|>u4w7$Az)8j^6gh_boKPEL-O_!#X`GSR@p?1fp0d;Hi~EsU9R_E(ROvjgk^A zn>7KoxXX-{(w+n=;-kpL>K$Jw zoHoFb4abMYj@sVv|y_kqT6-!B0@E zZynESfuu4O>=7(%EBFB}pqZqV-^=9FC0uX3Bx?6jae`M`liBEkqRUx zm7V3%Wn+BjM*KWTS}^U9F#uxbh@SVZ)t`a+M-`1i?^Lirc&gr!iiW9jB}{YWXOebvFnvdGb?{8%3v*|wfcaO}^wO@Op@tzPf~*$}c|qcHI8y6&M@QG-%V zJ%Uhg6Bh1$CA_Fr6@J*?CDkL;&}qjmP$Y^_J5r9;%VSpYmEfjO1#A1cCLUbIKFZC; zOEQB&VNf#G>IWT4Y7DQeCo$BqO@lPB%UWM*i8n(nP&n(WUf4CX+y*XuG*D8!79KH3 zypO`6Bc&X-IT-_B-Mjcz>}0-k`pI>S)i%sbB)fKF8g9h)B!|Yru!o$}Wz+xCVU!Ex zkaq~NouuHXGQ2fWbP*J@kwZmJ@m3;CK<7y}n(t1qn1O{zy{ZS4)j@*q;LChIj94c&6p(z9y0w&uYg_ z#^4$d3o1x7aF~ThLvt{Il~tph6*%Nz4;8~?ySM-_g%>7 zRZ%>orGhDt@l91^P4|IqxGQCwdnUV{0s;6q zWy%9r^T>w(C$^#$6$}>qB0m)673JI0)Yydi1vp59YAg0wp*Qw7N8;z z^CB?i?Q2dTp+uc~(2^A#EKp@@^xbt-i!me2{x|Szx1$o7u1>!g8j#f~{=jbVBGJwn zFR^oxusb-dngbl5C9=BA|Hz2q@VH~a?UHYPrK&NzUdI`O6eL*_8eEKlL|93Wd*ewW z6R(`TaO31yS`Sxv)KP?TAs38h7P#nrZ*EsyjOP8G5MIKX2&N7Zs?=27`E~ffPmJjt z2R+uv5KDo!(qaqr|A5(EV!XO%DW9Xy<{m@M<5qV!R5w*Vg*)m}YMOM|o;|T-GWv27SYk$yXutb_<}P4wISNG8J?shhg;q^!uqcf`5t$h!(Alcs0vTi=^r!MRn^ zzO|~yAAo)maBd_&K~&^ZUW9?o)WO_YG$;c%fYVo4@2dC*I%NvhQoZS-4O71&G2Yhm zg18yI1;xe>_U1 zQNI)7Q2aTRr!!%CF$p=7$`={fg6W*z40y+N$9;AqS~t@5H-9-@#^{kAH)ZOx-YZG|q4LqF`3l+AQO9hQ(@-H8+GNr?l3xqgld&aik`9Nko z3so%aR{w(j7QE%xq1ZGE5hoU-iShl9_3aH(l*pvzs0!Lenh%}7P@HQ@podJhP{1iT zNvQ;ga;u-DO{fsu3>SrFLy-M?gn-YBwo`dSnY)-vh$`cVIM^!zu(d%8kvWD z%MRgVUa`<{ol3^}Os3?>fL-wJp704%vuVGD;x`pNUjXrp>))m(H?)1e+PNfug%G`c z$@c=8{q>>fzK6riOuPrDfJ5eK{(c%Sr$AhbH#7(5uu>Jp_qE-P$#FS(Mxl$ZDY}cg ztk>(e{gESzF$-5ZsTMS$Q6wqX!ELI=jX0zQdKF*?RYj^56Ld6i7ETg@CX=nYK@|XL z5MuS7ptaD@T-T~$Fm}Spug3r-ZYK{7QXHns-d$@rAE#A@BnGMR{hvBBfDP_n(GP}D zo&p===%raM-s-8N=j$Z>T@LhwpLKNZ4=1XE?P~j3{DYCqQw;P;3zL3EAJ6}*VK#nf zRZj^s6-j<+xZPcReTkWO4kQ3_qhq9JQFPMoq+=rw9F`h3exO1>VW~P4?oG#z2gsE$ z1E;UhAHYY9yYAREP^(T=Y3Rix!Qi6o~ zaW5Q&n0Y&oos;Cz+qMbWldde-m*y5)E{^6d8TSO|13HNh2Ql)j`;PzWm&vZfNTeD8 zmagNXCTq*YQqzF@k}V} zngE6_3vLg%`vyw*Hs&Oc3<7(mIm9YBjb#&)@9?X%a@bjhzm57d*KvAA%y?Xj%ulgr zYmg(&c<6H@xWflua~t~oC6UKEHV=#3Q3FDqp+Ldii ztoLKE4WK&c|J~FHBWl^s%K&kKbLBJ0V*4HHtUG zjP``S3j}49ue5}0I4a@(UO)(NmfCn_b{Lg3)k5=8X1$0jP9f%jgB~i%o*S@ zk2PADmzBtWm#>mQgxP0Tl!_tmMkiABN&ocOh{R8L-PRx=*Y?MV{2;G^cL;RNIoi%; zrDX}>jL}9(-tl3MiB~cGTu%#q?Ss1OaT_&46c+Cp1H^AH33L8vC#|u@a~>poaOC8= zXDR(re2CP2B_;TyFyv^wRg*uDC|JadG(#EedlFWA*wSU%hF0zHxt`h|PO1rH=hq6| zlbwda^LO12R`FWCQ-L#tB5c+2t4>Ho@j>cGVPzoSC{y z)m>y0)br!F$HrnSZ*}d!nNK_+i(LP+$yJKAhvyQsk5|@uQdU9F>Zg+&Y4{aK?ed%M z65xH5u=Q>~A)HZ1Tej3gH3bWKQcvjhNHMLt3S^O2 zlweN}oLf{#n7W*<7x}#Zl(>$`27!@Dh^>2+z`1Q!iIkF1S+0=E>StrI zbA4O`(;l#}7r}&VAS7ST%tMtN(fQdAPl-bi?(Zdt*k{;4#X$uVg=jVXOKv<{ELKsj z6fi{}zlhz|8Lx*DiFBHUO?3HFIrl$f7G)6Y7oKg<31p8i#YCH-@G+g&8v?09Kn&?U z(^KBt4qY$v7@fcBIjWDBMvPfXG(0JWoXL|wYKea8kjYp1lkNv?N8+jG=<-~c!$`A6 zBzt)LRXVf34~?Yfpc%G51EBSPwsS(b0-1ITF^x7vAj2!@*L`)aEc6@iZEsOsz=lMT z-G(*FXQcE$M~GB76C#zgXcaEhaQ8nS>^r0?&_p!IhqIO!T@PA3HqS<^jajb=Y8187 z8)P4HMrE#_=-sz`9>%PhWM^aerjYE}NrF)|W^#xG&H^CUq9*M~n=9ycgZxmI-H#Kc z)D&Zy#~hPhgvux1lB$|(6d9V)-UkH}&E(^=f^~X%81}9E5DB7Sow$uZRwBWh>e94( zztgk<^*HO8{}kYU%*=gctJ42$k;Jl1r_KMl!y8N-{#7qS@~{HG?XP#?48I95l7xSC zMQAh7D8Wkgk@YCtrE$hxh`*hQZEwukg}l}mcv_MUnexnb%~-!)L5}1V#L{oJ4E?Hy zYa?`T;;zqj4O?Kid=ht`CNeSY$NKex^)B@%U8r;>+&r$jPW5k>Ro--J`(Ym&jTvTU zjW;~(KP$l@+iE}qNMN+lYQQVo?dm^V2&RVXw92Z(ollWi*^wWUIi0!DBIj zEsJ0Xs)ddT+q zoxFNhe{E205O|^uVt*UA$)CJB6eUT!^#-iVls>&(P?q`Du6DilK77JY8t*Wr1mb}q zLOT~goWgp9I1q_kmn#C|w8MQSh8xW!MFx$x{fCWIXV&ZPX~F&}`4uRfWDw#%u1&Cd zPo@uHBYg-PSyjwaMKfn>YVIDGREvS1YM!;gi|DV*_#)Y_`yId zk35j%#NCcHlz0W%fY0NoGySh+|71k+`NW+#C&&FUA{z@nAUm(O_xf~Qy!*<&bp1w9 z>jNGf;K{gTod2TD9A+!EdUx%Dcu@3{Z04~yD@x>CM9GMWr=`N* z2lw!#M54>27U{{NOQn`;b_E@6kk^J)l;+^ya93Fm`SUx!h7zijVu!kkBwT9kNSN=v z&|7@I15)x|H@nuEC3)o1@bm&Ze8!csr8XYf53_jmi6csiS&MBKqXT0HxxBX{rzunS zS!J=ds`=k4DSI3)r%9*6dj)k)TGhf_E(@gRYzn2#xLGq7o6eZW#XPu&41_j)W8N8m91)c6!*KW-4wAkx@xV<&iPubG!xl@;kvr3iNPr*cS5WsFd%ra5 z%{)HDx*}6BVniDYzLJ4q(jkb@VQ9c3hn=<1Y>K(}q-7$Z@uJ(a=7KPVH)cA3Q1=dd=9zKX2xf0sD=?DVB9;jN-Un*x&81cop(v1I=l z*W88ZR5(SkfFw_)zqud^rZnJ3nzGKyQq%b6f? zWi`0y@wLX{Ov&4jlXGklkRpc>zR+21O1itQ2K1>@D1Vc(OqRo?8gPtjyGIpzCGz6A zHA}NT^a=t$pcDy28q?@KS##6gv{%dUbXSn9jduKTi&D}C2}ztd8aWS4WMYjx^HSFZQv6Bhm|$r%YWji`vmG4<*fJ+s2kdV z9}Z2JA+W^}7SK!7BX^00S5I971f*=g1Ts1&dVJ7a1A}68LPlE4WG1gAOZPqBY3}vmEJ@UzKbsY-XA=E1LP?B>w>)&+UE%CR9T05A~@6F$S zQ>%|sR<(9b%9jnH)!#mnOxMpLCLl;Y&e<^~y`Bl?2O}}w2EmV9eoX;7xw#&;NSsrj;?k3iBde*q1?!G^H z1#7^4+prDy{cqAWzmseJaYLUvU$z!!BBO8MCsw(1AAZ#vNa4<`aj zksj)Cz6V`teTiTI!nA?VE3Mj%45RY7k9WprVQbv&f-#CKaI%-`8ymmNDwk7gMqZ#O zzNsl+>ovBSyA)?Zv`28MpHsz@HFjz0C)6Rnvu}DFoUZLn=Ocj=80zyaWqrrysk(0)=?+UXiQ(HD%6X9_%ospKBW~`ZyBcUcc*B&$x!PgCc8< z>kspP-gmW*SmlalG?_uO6roCen06@GW~CILOr-V;myPs-;}X8enS|UCc@StX2KlA>Klpc`KyRS#)0>{?8152e z{6=iHttK@w<<&CZ*Urezj?$G3Au+2M@H!W`3#p-KN8MZrMs_uAtyj|QIA=DmJ{eGJ zd}Fu|a3EA{Uvl-p(bPWCMnnTMY?N+XSOckiUt7{R-Y0Djx0I%bYBMuko3%hK`Dta?9p{dahcC()wZF&Au8RyMt?-8P_9;9}OChHD)Xj9=EkU*wg{^Q~E zOGU4bP^b8bgAYU-gN{LQ4M_R`X6uzP{W%eqE_Q{ zhww^4I08OIJCs-Iun$-F{Ht;pb2Hyt<(v7o0>Xg>-BIFer98miY4dtJR4BW1D6TV) z(J|j)eWNeT($|lFSY{pw;h*uY{ zC0f!*bw-cy1yX~eRRtVRYN$pXxuCD9$>&}yPjGjWA*+~c+OAg46naN9{2%r#+>7HO z!z}gcgg!zRH#dnw71P1V>gLAvgEfIx-TigcR~**R!pW}VW6hoaLd`7nv;1}# z^W%K21gK7U!c1>>k1OW_QWwGNcyCL#=#SP`M{v@X=KHqIv2DM*79hV4=R?Bmd1>$H8p3~Nw z2a*Pf1E1MnOu4rmyj9A~@~fT$F>fx}!|=&J7$V3uVF#*wNC3O?GwG%Bb$ zSstlc0A=1PZg*d9Y|)&N5=SJ6+@l#^0=Gnacbg)cQNr14%a(`ZjVnU{!%6#i|8xxI zSPO7I5HBM1^-g-h!O?lgOi)1N)%ZPI=7k^S$&wH06!

    q4-g%oA%+H*4XPpy@kh| zJT)~fD;0G&p?D9i+nFlr67B{$#v<)=Q9wv(&ZK>+36|zzN^&5sWsW7d0xlgM@bO?{ z`XA`shaGR&4)mI+;s?Rlb$vDB6AiZP(O9 zB=(l{3%>K-FqpV$HAmRH4*v_<^}Od-Vpo9(3aR@ZnI?;vB_XNf+}0xgEOY;(t|x0` z(hm$dk3egfCHX!RV1CLvDw)PuV}y)m@HH{kESLOB6(vWow+<5eQoz69NBtIJy?=D9 z;gXV}KW=Mn1@o+H?#L%pfRi{8dSy!jI=5i&s3dVaf>*hLgPDbkiy)d~lsaXSEWP+^ zpR?H%QKD}Ah!gWr6QP1QGNiqa{InxkKfkTI1t&me`tt9A=T4eInU;_*uQfW9Xi$W`z~nKc%p@8l{)AWNwgU#;xHY^18{$>sd4XyF}l?befRMZ|=rngO7Q z*M6FRW|E&CAxzYu_y>Phi@)fdL8q{?lC_F7Hb|PQ6aSLZuHcEzh#&8IheL^&1ya5< z;q>g4G z`RrU)AwqsIA#6yf>o^WgbLkqUD%=tinz3jUiKN<80m|?jzY^3lCWyU-_GxhPvXXS8sL<5 z2}IohKCkcnChX~OF~*o2;Y1t#pXIcds&u;TMTenGzJa!3|Az%6Sm|W9aQb)QFU_T4 zeFWz_SrfZc=q??juFdjs)H`*5z;eC}<$y28pM`ny+qhwrAvLsI<_NP!0;*=cRkCFr zb;0`qsM3Ms(LEB`*G+^Ck=w)8073yI+5R7FiTEKd5S_ws>77FtB4pzzId9q9@e3~b z+fFt2*TggnA+cZ%V$-wv1go0bhTP?c)6c;D`^Vmu&RKy00t_1G%2l-mJq~U7Cy>q> zz0ZjgZ+;S8yMNv{vw*;cpwZ^WM0^><9b)~bXLrTXfj5BC)$k1ZSHF1yncin;MQD}o zfCiCslsVU2tDnYaW6G(F7gvaxqEI3)dNh;5gJfy(d|M)I+6sQXo1>SxvAc?)xp3=p z%~YZk<;5osHP>w4IuooR^+b3GhG@vRpMr^sMzpz}wI;PuaMQwz;!i^=v;goQOm5X3 z*|}L@I`1i$frJ-(5K6a^9I8BREp-2^=yhj1oEW4Y@PF9z3k38CZtg~=RXv>tl3sV&vOdnKTNb$0T|sa6eEDK8|(}JgI^@R=l$H*pW8$ z%04u~Q4U8&!>QsRykfastYr*5HO{Nt<4rl%1+ReTzjyuT9FuWZEdf@jMsDm8%p^y(mXi z>*`j!><*rJP?%7%zko7SlO%(mU>bFly1i=r(=^|}0rq1Ez13 zw7ser^*kI*H3#TXHNT0eFLhzA-Rzby|1OR>Iz5paaGAWkrB&o(_!@O1SML5o=F}_3 z@;ss#eH9Vo>wM`F%03 z?W{EG*W+}z2srx~@GVzf)7FzLyf^#JgaW3Y(~n2^r&&{gdT-2q!!rRc`DQ*PP6&Gy zL=;{cyz!LbZb-aZ?4b(l+`Zo2cb;13xk%U@>9$9fO@cEWM`c+qVT$k<+3^tzHHt_d zY3_BMGG2ux-yD}}zb@R)EJp8WI=Oqv2xh)XfcO14=(|c=5m%+nU_-vr(x?0W?Rms1 z^0z7dWtl7h;b{!AV&|Wy6)kL@b-7cvy8vFgwm^cv8nnjh2)40 z36aq}wj(V9uco?;9Awmwd{P}$f8UZ_3aYOtS>Q(%55Buqmrs{Y+kUw9vfJEeBhM3k+N291>=Le&s_6sVF4Eqqz;z*XPx@Ub%j{_)+qk zCw=dwdvs_ys1+Xy_DQc^z*D~C4}ZOn0A&mlX}j=Vj!8u=#5|23F&tDSGA^CCWuYh8 zp_+_J`R;kW4=^w?lF=DA7xU?!C2R1F_vA^tgp*}Gvbwy0xe8wAHM~rm@9DCK5H;tN z(Rc3v8hN8eeLXCHM216+61htJH-A4(gMjscU+&#L!W(1p$daZv;)i52!T3dRcAjh0 zc15=mdK!_I&<^&=*--!3pN0ltx@m_@v~*{*Q+_%UiTBP6i6Lx`MsclsnX3k|xQaQpbf3@{Pn@ z*jRI(MrYsfdtshJ?F9(Ra*zN6g(w?e!Lho~8ij6IQwaUk1ov!BNa6@P$~Rog#Fs?1 zT>v)LKYhvm*2iGVl3WZBX2(L#>jdw7T_%Z{V>rE?{UJ36-}r)p`HO z@XaN0n$?sJb^y*#g=?+0qbAv6t`%{lh{T)9`qtCYi>`0xaiNtWGP~U_8V!s1m3|?U ztkvc7rt}@^W0X>tUdO6-<3SSuDy8!pvJ1m%t=T2kxGG9(~t`h`#d+meP2 zDk4#PiVKssO|hke+j^E$XWV7m8EsSHA9qh4qr7lox2SsSbVOoV-gW%L>C4b@zXdsp z!6=$?o0Q_~36K&wV1q*I{aZ?oB|Rw@OF#SUSlN=6xx?le!OCW9D5V%|`Oc`EO3j-86k1n2x-em;#k!~FBR z!StZ}rU@PIxW`3ZzNBr&v8bYIrirel7rHN;PL}3@L*S0^eonaY1JgdO$fvHh=Fs24 zli}Qqt5x5TBY+Sy4v2w{Z!f)p95%HlaRk-H^2$Sn{1Z z`P$Z+WwST5S?csn`!(~% zM*;D~88l=n=YNV189L~)e6l?P2?!O;dc-e@B9b+;vBtSYG5f0yTz$41V?2;%ydm#D z{S%9=BbfN{qTbQj3uioGwe=$lr!P}W`gJ@3|H;mHO>w~2-?D255(m4VIAV`i_pVJS zc0?lYV@y<6{*H6ai0I$FMLTA@+Ym1Eys0A6aV!CDABTr^E|YzhbVbpmgQVLUHW94ZM4|=1nj1Z-GX? zp|(wDL=P;qgr+nTX6Fy2@@FZTjb13ckoV;WXnn0zy@``0X zEI;nNIjhL64=WoUW^JW<_3zH7P|`2hfnIwqeY+RzRKZ?!>3Yno7_^sfuS7&vjXl-X zmj%!Kt+~q`NR>-0DdpVBfD|Zy^X<(k0n!ERIB~9lm3i^~*>Dr9oEJ3#ed138+z1W< zo)&nTg3*~cw_lYVKnaQH@if<$V&VaLa!fGE!{U&Fv=IJz9m`1_I0SX}sk6=>r7TsB zOI0NqR&a;#5}B;K5C_5E;^f|M-8SYUB|$1U9}QBPLSj-vstdOSZ^POrDB8PF+$P^0 zAi6;>Y#6cb;isNON^q=Bdb>#)QalaNJH!BrzY8bIn!P70Rnzh3!Lq*KU|e<7keP{k zrZ@@QAva0LoHzeuP7B>tGEX(Ne$nQIdHE3Y41@!;UMu&`IwRHX@PLmVEWOU!O}#kY zC&=aDf3)cEC}zWW8eW{`!*wMQROxF5+D1>*nYUstQF-ZUiANm*?+mNrGX+_jAyfXT zw80oekK*@?^E%d&b1k|it&t!2*_kLwJ_pD5vY%mn40y3BIFFNddY+`VrHkVJ$)p96 z1{$@iFm&Q+ufzF={g0v4_9-sn<67RMM9v6t zYh~+j$e%bZjDoPs5^_94RK3%gfDdrXzxoY6G)(pCB`ppvoHd82=1AO1ZUnp*u`eSsoJ~+pF%k>%#wID3(@K)ZPPbiuQ`<;G$IH zvSfFuuR_$Wkz^9RaOce)!Gg?bX88>wUf%VN(hIZgm8TZ;o>xfC@eihG+yDvdJJa@4 zqhEWWQUWT(5wxt)TpU*c0R_9ljRvel*X6~hd7}f{8^mE=juiGOJWOYKphoR@iJ#_| za(+soUrZ0k*@$^)G6`wCW?YbEekNzaj@0VeiAqrdD-qD{wuWvCYH;gl@nLqv;RlbRflEOJZ+V3 z0R?I4?rx{cHBRh_h#Q_Uy!c&+b|hc}_NtVo4^P?&ik8n-CIXwN}{%qIAADP=v3<#`t_O zxffE_=d~5f`ut|uJ}3_=S$FUCmiZ=?ugcBu8? z#eC4pJj~(;)nf>Uada7z9%h(UH>JQ6$5`inE3GhoQGZzBsjE$OhJi+={+#H$Yd@p1 z-r>2W$_dEa(5D+~Zcp0`GA5oh+1^$kh9leV+gk)4y<0Sh<&ohc#W`p$$sgQ8tX%wgi-1Bgmgy3|2q49ekVHdKjw5N;)6%K8s&F{+ z&r5KrGgx{5L08Cuc9%24Y_6P?zlm8_2K)CK0e`U7t{mR6Y|e49zZb~{-F`v^A#nA= zctdO+GvI6~)y`#q*%U~xsoyzm=?rF65R_EF7~2YoQ9Jn+d%^}T)FGK=;z;HL^Uv#g z-D;Qz5HNmsWIT%w@-fJ9C-js~pjlJu9&g0aCyXTes1X|GuY2RYzA2;U!;jBL0D%^* zW}lI`!`-7n-R$-08~3s5_IcU8&z&}o4H_^89a@4{GWGL_f^52o^Qo|Zgdd{;dV3V5 z!v|3jA&PM!)4ZsQWOxaPUWLrVvE=$Ns|C{Q2wdwJ<}4Q7&BjKR!1XU>tOu%C{VxlaYmt1%VA(Oo)U z+(q`21kgpqpwQ4>$u1pa@bGGFj|-aI{4_!w{-KYa7cm_CM@T1fv7zpBgpsIs|IU)G1MJ1MxWe02x+~+C4H+R-ve7pQ@OR_*vo=95!8tEk3tg|W256Pys zpu;x14lRmRB{tobKeqSV^Z+VX8t+o@`cJO1EK8;fK^Rw?NJ35G^XqC++)#%h%d zIR8}G?$jX61~x{p*+VR5hk+~B9fxfHTjZ~H;cpr(k0~0%tChB}$&G5uG4}8H_Eg`i z8v=00KIxNbh9&FKOZPWa9)l+JDuR}xqu-H_$C#eKrN%m8*{4Mb(rn!R4+rYdwbR>qUFD@P}v2G;6HE^5UJZ#=kbVM*?Qsg)99CUDXw|iEB%Wd1HOBTB$igS$IIynxa&5|IVs$WkzrJ~ zN-P2E4%lW+)IS1__>#>gB~ZVz34o#^Y+)k!1n(REu3yWmQrkA9yOvz$ZY<$s3{;{FbT z0X43cOY~`vB#hroc8PoJaXojINGk2Pn<3kDTgVDKM7+M8dZH&sf0~M%e6eu+L_t zH->MXb#3qt+*){mT!qq+zs}3|xB#w)CRD%z*xeor{M_(nCly^)!FHjGJTeJ}UvcSC zYOug_*nWZbd+nTB^QgjU8oh-Gh_8QzU==Y_Vf-k5a8cU}bXzx^kx+}t-(PWljzwX< zPc|0I^wQIs&3gP6K^@9YHn2(4ptoFg=o?%wVj_AsVxrA|L$RS(JF0MoLqS;n0NJoM z0eafDZMJD@)vLtCc1DPQZrD5=BgA$@526k@z-kQEhc3g|ReHaRjaC}X^p%wej;!$u zD4BU#SA9F3k=DS;>hurzYzUo16RRO`$f*I1ddZew;NxJ2^?F90Y%;qA@6^`L# z<$9%ox?dIB!+J2VhF+wRN0^kc+;>)uh+6;R`7&AQu%@}{okd6-k6eURq}^mX?kx>@ za1mgLj2Lhg8bd;oj-x%E746{{_#Inz$tRG?+#OaZuH5`- z%MMM1@n3yC5p&9R*fwImZgH8+29koBcaR1j5r$SUN#T-`$MgN<4ZFgKeIY?+Z$VUp z40!PI{ZHVZ{xt>R7d^Pc=IWe7-WfH2pkOwd>cyw}lfpCo@>=;wtv?Xo9sceUUXjOA zD^LyGQ`r-+9%?MP@|rNkJ5(F3*C}(`n43A znb#)U?*1vXm>f0f23OmQ>m3Q3UZ&%skiMfQ&NCvdgv-f~=?lRVjg*o|5HDW#;dJ;H z&mFx91gwrI0wb!G43E(5cU2G!W3?LMymLx>3C{Kh&B2E>8^EQ_Xqnkg(fww)7=p(3 z=JXRa-qR>kV{<|vs4wSD`R{BDE5|d%aDGPuw@x0W>ZpX+gP6CU#{>AXK=p<$m1+e! zNJ*vAqT9CjMWI3d6z&77pO5z5s`G>Ld2@7tR2Oy(3YPo#7scnHgDE$o3^&v>vsyW< zl9an_UxtXTiT6WS*lOBGZ6x};BA=hpa)A}zNVVAwEU9loOyUh91qanmQ@m1%RMn*#1E# zdnqB=RJgI{zJa#_2RX7un_3@RCj02}=+7u%(}7A&>sY6`XV2lpP1icFl_X6Qo3SJ#9XHBMdVwpg%gHno`USd>huV~nGk0<2X*I%{kK;>-edgp3 z1Wa}tVPET{9KLTOO4nemSRhuhu{+OP-@O)fzA8I-M&3ADVURT!S)v8cb2FWn%PGNgY}1JTM_7Y@@(nA zn-X9*`RoE?XjJ{}>lbzvH{JvTI#llsq)8-)#h_q3VKzoZN#YV~65s+{7=ZFJs5>8G z#X#)+_sR(rZD%tP9cSQIrnA-Kz&Bqz&2r{?Nf3CUF-lbds>@R6(Tn93rF^9-BTFXd zlCm-~AC`z)bmKYebEAuxJ^>3q5tBvrc*@BaNS)MCA2e57R$1*FKCSx3T&5cqw{~8P zfy~Py^ZNSjGmaOuZYy3Ad-f0IRS3s7pDwkRBzT5lqvKuUYLVg8Jq8wGP+DW1Kg#-1 zuS7_5p)^lY=6>F+XR9dHuYVE8K1x5yiAUjtKG?aZ2aK$&Ii-h63xS5L%Z$e<{-^2d z;fG6{XFW;;;$dsb!uuu{UzMclR8WWq;`uv2yP{{%yaH6d&(fvU&{F2dmIAdu#@=Q<8ZkY)1nu}zVdIA%7p zR>zOvPlycsrnYh#zFwk7($bJfZ{KIB{YFvXsHdlxY;GTg7f1X&S)DI?j)r|0>2i7TCFA=apNlfLb@ z#GoCpCj&skChpKn#5^_hDG2hc8%e@V4&CXQ-fq-0%vpKbB!sT*7`cMlY`Z0J4`EdQt%y=!ZDiP+XUk33YL4H49ax zv|s(_rMQ8;ls#K?zT9YGTqRCIF@P2WEVm*DoPY9xhOHUUlh zPf;Mbu^=p0F3megFv3Q1RxdRBvmLr`f%*UbHBexn_r}rkgu)RVn;Gh%E6l1Ogc+&o zzD7X|0;K|dBN2XC(%<~e3>~x4od~J5M^Ga0@c^F`x^suSnh|ZIr<{}W;^o{bJ{>Oy z&xB$@qe_$!%9jFS&Z z@R*!a$t=1te^=mg{4#$;z{zw$`1F1c7a>B*-!v;^`Gwxn4h$_DS{E}BktJ043fvjK zth@Frf11qt&M7^4%3n01eSXab+(Sd*m)9yY+SaDnj&JX$gdECt`#fuw5KB{WdH7$J`Ulhlw{%wi+E0=gzW7gQb=vL=sc_M8XX0Ni^^Vxi}Hp2ry@B3 zNo?y5!3TejO3OBy9?yrt1Dc?H+~xH+9E%Ad&^AtuSWqCZAD?8rFq^M^`)`8!6p=2+ zY`~fZj<5X@g&j{I$bTw!%W?EnOs9cv&o#L~wZ$C!C+bT{(*sT`v%M6knvgi-8wvRFu8w@{85rM5vBlb%S%txQ1YNw(Q%v?%@$*TaJQiT(W~N4>j0z7C!H;JS6F;l9QKz5Yc{Th$2PWi5l0uy>I)D9%-opx)v;yMsRrvWADg-7F9ZxTD~ z&EJT13iBWI2@V2aLwuZvJ;l5;lVuG{6iP0fC?6$DKS?2Bv1Et$7@ktRD{n=D05Ye5 z{~>$Gpni>tWLD;}1?Qzoi-73w0-#5EDlSu&B%*udsEfPN$YdAzxX5)nfTZO7;tB8L z{Cq(VSKy%fiH1NzuPy~swp`x;^i7Bh4{uv zfQ*UMJHZF2yEyO_ED}+Dlfm;0HGe^M@1=ni)H2$94BF|j&GH^rL@9(#X^T$nQ$7sa$=YEouavNp1(V8ouAYoUIxe z#lAe&ztp^hD>cyEbA>j%F`}3&EVWUVVV){>>Gf%}BNJE#x3h5WCJk<+l0b7dOavWc z5!zZ1CuPkA2zm@ohyf=4Ke1ANZmWW(G&vdeq5pTx#xKQxYv8Pgt;{?A$$1xWjbNut zaWeDD%h=Tn-=4zH&=H^L=vP(lS>Z6%aZp5d1hHB})zw+^b3L^w6GK*Dr~emhgedn2 z3lR~)H}LbS2Tf?{D7G7Co=!&EE`kFl0ti*sxz=QnMF0roG%#T?_TB&qt^AMufd2-5a9kUE94 zEB-~|Vs&@cXtGtRJ8U!L#gi{R;vIjg=ODmeuaYG5d;@cTq7?UNPKE77mX2)9&&9>h z3NU-RtYq-BCG-itIgAv%inK4_X<|xsec6qs1l-bVIHnhw7bY^|mdB@332=jRmH|1p z=ji(H=#(7S8JBb~yvRGQ>eFYvM=>ip!8RPH=cBvOnyLp5^M@UXfJrjw`%TiuZ<@?Vp2C zl;%nK5`!!y&V~M;U?AQ5825dV`Kr%Wf8FJa7+Sv0Tlye}b@LYBcnsURJb$1WQcB$C zZ~Bm)P%cKM_g-Pp2dhfNQJr5CzB6YpC+3q1mSNRt%oTIs71j@)5R-%Lc znT~!`x5xHAzx@cC7kN5H{2PuXn8swXdL#6o9bPW&FXN_*rpWC)Xcdr*&UTLo>De`M z?V7V{qG5ZW0(qC%E@c#$YJhW=>G}WNmWK;9G@FPc5q)(&c*1YG5!jAH^A)v z6PqK|NS_DQlP6s|FGt$X(&oIw(C3HpdRH*Nzku_3Jn|hNlN7N*5%CKvcBZ?Izz$W$z`C$K4<*U;r5gB9*zVbA3tlF zN6<53(jp-}U(ocNO=sd*ObWO~>Nm&$%c!xNr?#^~zu90#;jTcvc1lHNZ+}y zp^Q{=(n$qZL4g17ZggkxI^W4G_k-1bY)U?#2>63+a0sFapm$W>x-u@_JO6NmxwLl6 z&h58?IL~PjpvBGLb|mHZM|||Sl5uOQP)18zz8ty~JsHJK$$_ACb_otetGTg*slFJ2 zafK<@txMk-L-W&RB6J`Mywx2gYbkz6-W~@+j@ta*8V&t(054EK*yk%Tt>%s7yT<5N zX-9$Y4y1m6`xV|0FT`9aw``<%FJ){IC1vOu_PjII^SqwQ@D?7u@~}=6G^I2YoNlNv z5Ze-J4#w#f-pW7!Iy`jWs9pWQ>TGnd(#e93q1}oyssYQqB*@nod8AXlKoVZy4C28YhEr5Q8BQ;$pDAme1}=! z`>o=t#2QZ<$g3v$!LOd}$~sRJ!{tL2v^`-W6|waCW2C~?t7Oz$WT{`=Zw3E9H8K&hFoD+@L0yKy3P7Hfa7@f<1~O<_KFOHOw=uD_#B)4vI-)_$AiZY9@>WYscUMmlpl zX<;z(hbIq4QN>>A-Hpj239jF+6klh%e3d)N&R zHhncTJ2>zywE{cRh8uf3MY?rp+prEPpxRg)Ydhm_JQNi{W+J1Q)@qk9=;IgQ6L|33 z-d#4y{M@Oc!htaKIB&>=o7E?cWk+!xzZ&a#U0juO#2{p;(f|3%fCOm*;n>Bbd#Y5f`F~P8`KTCwQ zWeSsSEk`-%{iZYlKt-)1T1m4^zjKENHzV$x6L_^%ZZ` zxAFwCfNg!lQT4!=7>5fXwn;7)Rvcir@}lPP!*Q3EtIA7>9fAlLopM!&sx9mCGwNIjk>we7C4m3#+mfm>_XcF%K; zq&PUN<CA2*xpBNmU(Q{^|#D3Js1%#{+?3R|ZK00F)$-h27f?OwHYO5onRcKr^;*ytt6 z%gV*^-Hl1vQcIN2LBHb#bCvewNeH>|7MApJt_g z?|tb7pY`*r&eZ)mp!@hAFzb7f10UN@Q>|P$$W5P6y0^L2pbZTY4wS>-=pa4=jTkqq)1I=r@rnzG-_xlemgzS z+$12oLX<(;_0lYyoN|tRRY_e*!jtyPRW7#T=^=7G|9VAA`z0OXWFz{20+z8g)>|TY zbmUFE-3e`7=iQCowPHnv?+SzUhOA(%cDv*_bpH0a_WLB5AvK|8-1BU=Eb|ZPx@c;r z9IC^jY-fUnqBPPs4%EfYG|u)mCa;0Nfrg#EfQk2mdjN(GcpugWWI@e2!mMkZQz!7i zrtxk@3fFEPw>^jB|4QSS2CfB@M|?Pw4OaS@=yqVBJkU$c96>lbNkz>W~iQt%r9MuWqqjrR1Q`#n=Y z%|rB>ke8SgvDkB2XJTEn;G_slgK1&jo?F`{tjOZOGh+7bnA6RT&|-N{VUvhp6<#Bq zv;w1xN3!&%83fSuufFGxZk-TkF#UxR_Rm|XuUCtWRqO8Q>5Qjm?6|cww)a?=3|dTP zu!iLX0Lm`hZ`~urTi9iypYmjfZyhkVCpCi@UT|od(8eBu%xlO@qT6&r+8F=q%=MQ*@hm*?o|zP#Q8iixiR#ZHmCz$9;VVrkNCu1- zPx}|UYhRef+|2h}5jW(^0CxTaKbC=aY=afvDpt2*k!_l0$!FMy#I*~7hY;));m;uv zJNN?kkf8_jp}M)Oft<%{Q37M)EV8*rY#a5Oi91e&L=V7d-5KBJyu1 zB}AS-Nh%@he#dH9tu*=Qza-d($ozMe!DzA0!x_Cq6oOoCqk)zjp#PQ97HYC_Zx7vj zw~sf7`uu@5hoD*QeyTF6hK`^1rI;{dhFWBlrCupYpLx4OG)k$}+@__~Qx@^(i{YhIcaodNI5*qF1bH`=q9|Jg-BXr>HOLLoAl|R386nt z7pB$r4)nPqq*! zaP8EnMzEiz>rlM$VPH_?CrKAafWLiLfb33YtC$cVeOr^$KTe9d{SN~cCD$cKNwoBTM zN0(o|lFh)@xT}eqkChe&W?-DHE%1PrN_)im$!}uYg1hRXsUpl3*ne^sY0y$iU_cGa z+lq$S$;Y{CymhRfB12lZV1P7>9=QG4E-x+9M*5Ozo54Rl+F`#@J(?jZJm5kC>oMP3 zBZLcS(@j^EIP5^6I106pF8y|37_P$+CF|+)5Kw@{hxi9EzYV$3`MV{L56X>OmcELY zklW{|#Mr`p5{7X6GvY;?v@t|QoDaUb9v}YtV9BxMzdE&OJ?io}b;A`C(VZxbWH$Ik z@wwXaI%_K)>-ID_Qa-+fl3zA-GCr=w0IO@BRd5S4(FJ41@8rzgtoE00fbG5QuKn#% zeukd#?H~OTUn-hP)LU29g}*7C<3aIpi^8j65>)84%v~s_l+K2QL;ddVAb7EbBsr8I ziFQE?W+OS!Od~o9lGd21bWQ#4OKFWdYiF^HBB<`T$yvsm7!LI}>#0tVYE-yi?98KH!U8djd)?VagN{fXJ(*w#MgYcnip;{4X!EFjY7 zPkNcP{q{$G`;6bG05#l1D}(y3pp7UJ^!~1>sZXTQ_&>h9!{KF(LkYk~#QGPQn4^6Z zEX6QTnN5!B`B?-9PQZ~Jy0sV_wAKMlPiNo{6TcPkxK}23w{G^bhPL=P0#wjRiOy1o zl_bhn+R^y-HG+X=)Ne6Lv7ll9q}cLc^uMJer{KS7ag7j{oZ}=Zb4O(iH({`YyjgghNC?ADuR<)z88^xq>)$j%ES1FD+aW9^p3H~0t;J4q{8 zYHx(}H%1?Kl9F5{GA>I~v-4Ev{_h<#S_`o<+!ef~4eF)DA!-rASAm zXFq&tDjGwJmgeFo(aQj%td@ioiIPMgK^kc}_#j{NNSoL*;U7p-S=72Sa$j4dVftu1 z@IGDn<)O+Uq$x1cM1z9bJ|>&86g1I60wCPcO)$&mEq^MbezPr zuPGZ!-aL<=QK&;_u--64Bzs zs;wdlyGXk6$+EPxv0o7xw>~^JFNNoAo){0wzK{5hV9McAgeGec*BW8q)afO>YdhNy zSeB;7re?%LeBHA4=DImL;Gd9h3)P!mrcxq!IHt1UDaDG|Y3E31|Kg^ILUzrQICt?@ zkG>FZeN2HmFtJ7dtu`?0sdwk3#!bQmQIF{t%=_0z-h_hE8!Z%V2;YKA*}=vuWVfRa zT7K-Xbehsk^raxa;s(WQdfcCxij;^L_TG!6x zKvx90JUS)$B`}SSq7lHixFZ54710I&>w+6bm|J* zY5b#n%}+$iVRSsG0E!Dq8&({*_vZ$bQpKA%a@k9r0F=KLcE|0#cClY>t$znJZo_@) z1zXfAA?+q;U`8YeZy8ld+ci~p_|a5F^cx6pQ={;^yY+Z!U$z(&j{y$5evNSM=S8fF zb*6qG^z-aOX<_cwF z?Tiw*+t7eKayn<@Q}@wwbum_bzsY2rY9>xk|M>wsHt)wS42$K)w3vo@^1!56WtB}- zTE@lJYez6em@62nyo3(l`9U^fl`SmupQ~N?F+J{?nAO zr#Noxr9X5Fy*gDDod#Ju#z8(FDQuf+xl@O|{+^A>DqOvZ!BMY13^;^PfYh7-mw&$X z4x&4CH*S+?dA*NMuFnoWL8h6Q?t2Ip?D;#b`C|4_9$jvU1BrX=?x4fX78I>htlo;Q z=yJ>BqwZecO6~m3avtMfHq1pyU)IHYo`hoLBoQ#f>srGkwrmHxl$~kRzecXA<_ey;kP#j0 z#wtd=pWUvz5F}YbMcwmBp9$gF)_@3%E3Gc7B3O3bu1vfX*)s~JSsnOrfp-bjW{%;s zcT1P!AUbYnQ;;;+2kz^G1@7y^Bmu;bL@b=r&fW-QACx3WIfVs*xj|84NS1?4svyp! z!Cy#{8qoh5L|`TVV%oQj)2|QfNfPco2wyVP;S@1%48yL(f3$jGJ-E|mKlt1lKA?)y z*bs~Wv8G7J>Ztp%DOr*UGoY6@5tiN;?>n=J}B{ZQpi{wxDudLEEV zhv=vL|9DJ0-G*Ns`|XAL^<_P-jK81cPe}VKrBL-F3qPdH!4v)tmg26|kJct4XOlT! z1iD;co2L|s{#|zevW%B3*Mr(_#&bxI{qmjD6!BHY(*pmKB;y&xMbxftm`5WyEhx4w zaTM^Vz6Ibs7<~CGrakget<)Rz$5o|#7PpZGQ=x(uK_va#5o`73c-XxX0*E!-g<;$*bw|Nxw06uYcY5`9A!J zzSOp@?gtq!uWi=LUQTwe8V-+|v=?1kab~&&?Nf5a{MQPJraBRB_GC^zKz7BKuc3n4 z)8$^1!TM?5H@p|Y;gyOjlZ%6JSWPLHKz{oTkNxU|f|HWg<>dQ8@lEz01I=s#X_C$~ z4YT5MJK&U$JJgq*7;tloMq})E#w5H7D8YMmjAu&>wxuolatnbo7@$Vww~hgS-Js*? zcS{EmIU^>qipPMX{1leuTIosCB&XC(Uu^fpuRzjt`_#KROw|_Zq1)MuM2K!h(ubpo zqAioru|+-^UfX&xsEZhQ&yrac>rD7}9+l!eSNROmc9jY0vaR!Z6X(AM3!e~LD{xg* zkIUQN@App7WcfFu48oRc01kEuN&=hq4SHG|+o3|6&5D3)uE;B=y$In_7PxO|V0wwf z$8VZ3A}8W!9TY5{*@cYK`R}nw#&`ow)H1P(q-<%V$p>&iZlrJ9{#Q7pR`pR{uziJN zSusE@4X=|!yQw7}CMI`1MlkpoDo-KlJEAzpKY5A6{=SE4RbpJnaP+zMy4kf%uDB5U zYY~7PFO*T)Bk|#wI<2hY-~n^AlFqnGmP;LNrH|Vh*NfIYNAT?f?xHP!H`@kjWbDX9 zk6Y=%o?Egpz<-MI@J2R$)uTnLo>aLn4B4%@r;W9-DtH#c+nkQ|%I%{~nj}+c;H%kp zOb*Ki1&avM^k;7Uel!dnLAz>W_PEoT@6muQEfmNS-MKu>h{5YZ#N}_wGQ;n0)JeKyOYo38OAahpg0$~)sJFANX`U{F+FuMud`&gxVE%MU) zqQ~QakF+WFH~Zqg*J8fcSazQ5iQzs+&Pz2~hI6vAr&yE##fonb`ArNEztU~+^#Bju?ofIE4*TIX}%sD&^`F~|F=#F96t2(wuxBabxM$e zXU?JhRhh|S2sFkFp~Q_NZizAMey&0QaCeXko{T>uiq$xPyuPgGt8gr?b2(EF`r0Sl zW46-gevaez?JHf~-s%4#r~ssIxB zn&bz)S{=y(3u>=3{ItF@-kRs%9b^#7>rzGmsToJC4=q(w{I;dQ`DG$$?%0abUA4%i zGkD9ivcWz5-ZJJNpEP3(Kr)tGAwlB`Ib9Q`Z9nmoghG+jCp*UM-u(LZ_Iv9;3(Ix) z$vxqC3TIO_+>4z6R!tCSUxt0MF4RyD_SAI$pKC&^-&Y$1HHH)w$OGI@uT$bfk`$LS z4;q`on!XH02A5xFXy@4{%99$ZiLHx=u!G?s7R%XEhWL#1o*WHJIp4p!fyl&fZR5#r z?&JO2OUIcT{^OgdJPCwV0jY)v=+}eYSKou!fH8=!KYSByi@Hno)duI3`myQu30|l4 zx^%0X(~MGUo)%UW*N(e@Q2k9ZE)~(R~j*#G?4dsI<*B~ zv<+SQCx)&xv6WBI=oyH(%Tmk8N0)oSmjuwfz5jnh9M?5{b6I@Ea~aO6x>g2&qlqb9 zUD~qYxb?64VV+9}==myz5Nm9Zw$oSat zX@7T5uhaM5ceiua;Sx+h>Hb4Nkw|A{8fNKOR$l-5hkruuUhi8k0#uY$IiBdAC(S0J zG^X*ID}B4FysTH1&f=z_p3uWCjm1MY!kX&l{N>wWKx-d(!+h*L%QJU-#Lk7pZy&*R z-CGNsYqsFF(A(DT1=YD;C$#4XbA9FYntNF@zm6#Fx6+iEisK=9pJa$U7|FAwzsCoQckR&u7Hl0ZH|)$##lMR&kyV^i8Uq%ml4~!*dSr`Jl(?N&ucrg`{3;tW72b~beoe=}Ivn|?MhmOGtzWn_iW z^}(HZ`+rz0Q;$Q3uxj!UMRmkq2l&#gDZiUPR&5^U&{V{50_GskpEG@=1T|y3Na8J6 zq_lm6sjnkn5@S3O-L9MRx7#$OI8_WPRp*o|4#5|Yx<1r;Y~%qCL%$Yew;Hq@#xnaH z*yQQTvfU8|_imG3>^JV-bIF|o6@<>3iB_pQz8a3nc$b#SNC?9M94s7uf+-Y!g1&-( zhJpedE&#ZWRmPY#uMoV-?1(mT=wtOmen#c^)!JL+f1%(j|F_7NJAxeG*TVhPMTo0{ zP;I<22I?#EXi0_!kV;lF8)JO@Pht!XOn0CE&{>QHX?ZGkf1b~~Y%j{buZ^C}&eXo} zC`8zkc8QOZADD@j&2!bS^nA|+6s~I3H$80`2Qx1|x`I=hu|;{P8O@b>R&RJI^=BR> z)i%=K^PBaqSYIKR%+Qnw_-;^D1+P=FaQqpvkd*lJ%KTXwc6Gbx8;-6*mTQ*U%8 zV0sn*AmCqOo1Ja#*89#yUgAT-=TL4-CX3yahoNohw;6M;0Ku5WjXOQ#9hoV~%rq}e z@nJ+99GvChP91FDa-<%H9-Tug6XL^m{6(IZ4|4p^p(#mLc{z9v{9e}o;T@a!dk;4UEO_5ohN<8fhOZoOg8s1# zU&Ya&C96IOC4?=r!IY|}B=(y03-Q7R)2K@6+Mq$hP6IkWkbloPhk*`GaQTS@5j^L2 zY_@0t7LXQ9T?wxEy(5s^OsXPtIyfUJuWk_XIQoSu6vUvu{nE3xObus2GvTrKKI>4# zPa=$Rh}X?ZXv#SL1@tt~-2W-md%ANey>1T98w z0`wn=q(nsC?f0=$b7lMEIChdX7%(Qa)gyiU>YK%d$m%B-Ayo(dyBm8P13`@F{;qnY z3e>)Ifu{OTQai}C$#q!y3>I3hrNE2X%b}tKHnAFA9>zk=+QOI?3Q7N-t*~$m?=SnR zHOM{VGldBWwiF3PF9=xqCxYk|y5MOrI9A}*j)I|_YGGjI+pio5pW_V(%cLNLgxvb% zqz?slhvDIe`)aDkK4SBhPj{-q{+-pxemxDO<4xsT@T^pyx>R9v!cW~C)-|nd^CY40 zIrV#$uDWB3Pw2x;%t#K->=znIM^HFKYr_)i?=c3;aZdTFH{4B;a{vw)O}3X}Nnd6XYc3!~K9L$&l>@A8UfQ_7w1fzb6k- z+}6Wwj3$jme_t6u?oa+fS$+r-Bor<~33ZBN7U#`y!uyc5iUZt6gx$}qZ(%=;K-gv1 z8KGmH@?hS&F%*Rc%XZDaqf$BBrslh%FR@6|+8AWcMLjFF_ZxLuY5e5ML&+Rhf4DV$ zv_mi^cTR0=HrhpF%^s^G1o@)dss1c%E_uejkh`;^;3z(08;DQQeUW?aClK4 zqga8}$73k+xNmYu0s9P7Zv{Agw$LP|mSriTkyM4s(8=TaM8tfi)pt(Fk*ej3PhrK& zi4kS)jz!22rRRue$n$v-%kwXEUoIo*GrWYb>}hMh0NWw(xI~Is=?e5IljS33R{77= z!TC1?X-jT4R0-+=kHw)0T6~S^aq9gc1F^5}#qQ6DCl)`du7U<9`_fq?-^Wg!$iiTJ zfl3{S_74~}olC}UNcMdbf2;S|gh(`8%D^T0pkDWTBVDF;fCA^IAJBr1AIxC0XcSE} zr~+#q3IN;+LWCcBMf0!)0&eG7LL)39safIP>y8wbo6Q>FM>NhPksitN;e` z*>z45^&k57Pgd)d(O)Ynt9&gE$&ko5ZvyBeMw2A@x}>IBpVV?rgN{4!r^u{^!*u686Kj?N%9*8k(a^ zv@Pr2c63*roykI=Mdrz7;ZZ_F^k7NU;4+$Kp~=r#A#>cd~F_5pt+8m(2{v$j= zwuRh$%px-^tbWP;?r>%sQx>gZyP-SJKRD@DlHr1co6U4W+Wgz9?qJ{NZk@-S0-v3D z>J1U=XE4v#N;4!>rbkn$Wz(-@r#~AjGM45(hWq2Tf~v7kKEbC0zG97QA82EG6S?Ph z{?4%jN)kN@)zR0TXRMNuQSX5O3?{0)5M0?_z&} z@M-lj=GtHYjov`8@NETZUSyNPOT57IkRlWz-dD6jB3`WEqV&=G)=xfy86JbEeTsGU zo;7*vD20hqG0=p;RN66))Qv&e1;~4QrdcOL#}LhKJhThGhT)C?Uq6{ZutY7Agfo5d zF^%WUOE3n!O2a2?E$Yr-xJ3H^KP|Z0CPzO6bSi6tbT9HW*@a+#er`wEz;snLbW&HM z!Y7nDoaxi=c5_y-deO5+Z>FBdmYmB8}dI-hIbt!npO>mKFoo_|`7 zdZ+V*L0EC<=si0y1GN_rrqbUts&s;}wXF5Bck~<^+K+?ym_!XAq`&<0@FAVP5wTXC!7p4y<)^U8BXwSRHc5gVCsNWStj zWB3}F74UX|ktKmN^T-SI&7zMeAe}?<6PrLlmVe&OCom&3ukb~3jSc#k5(c>?OAaNt zwzp8DhVO6&cVw6{XDmuuxx$AgUjgR7Q^MDAAG=6lmW0c(cCSuX=Rs`t2^K3kpGdYc zrSE#VPw`32a{t?OJD20zpY3vZ0oVc*#*V2nnv0%k4d6!?rl{o8;k+)jJ+)4xKvfaD z)d7x<_LkUYkzF}GVf~v7^TAh)_BBSO8lJRYd*u6?9nFl-;I<^#nw1IInXB82-i*84 zW+Js?^i#Hq&N}&0%_YKnVctP}f!^b(xIfR&RT-V<_hfP=1>c`_q`h6!QNemAZn!{_ z))Mq3Nc8hI{SYTMJjSY~x{>&d<(!+cS2##0pZGWkWCgn!$2@dn1#d%q$2r12-Y%-boQTu#{O|92#a z31v)6j#?%(*bGqNq>ES*!lMrB>={$4PDCmgBawC+Me8BoKR?9jw`4KK*n0pZ(A;Z_ z=GtU6aGb95U|e*b?&U1e09OAjvYr8pEQ z4#kVRwNO~JxVyW%yv5z!i@SSqcPQ@eUfki^d++($AA8Qq?0b^TOeV=ZNf?`GP$%Qh zqJP8>ll@xfg|y7(g+v+q_pMZn=#M}vir=ItFy33lUuG<~RiyA?;yZ3rqVwJh0z87? zac}-?_6kIXNWrCNUP!PVRuK|>32#6qh@6-e?*Z$?F2;XFiq?*$bKYhV5tFCObfGwT@*%?G|WTKLkk<{&DRZ-`r=ifDHmgb_p z?tb2FTYL-$a*0Rw4WO07L7^9LHo+(%Ep-to>O#Kx(cHxaHo!e5~#IckIC@GOSgFXUMR2p6x5>$&#b+czH(ldbcFV1f23_V&u z)=be{t2tHwZuTs8SN^F9oDj@-xob`7~e(-ccnK4SmIB6&_HIeIsSw)Zlr$F?+kV>%`Lw z3tRLMA!ZCvGF95qe6itIgpFtWq+(duP4h)Fn;F?R(b){bp&ll z6*n)%l}`NMmO?4TnAT1I!7zc~mI7F^@@2ohN}ab_{?*f_*DL7#0k`}Rw(T%9QIES6 z1Nx6*aOysQzK)J_tr&HVKPdEU!3y#!s{n~oGh+>AZBG;ao(}A5f8#%dGx-jdF#?R{ zQrG6^ZoljWHw^K*nF!rs(Ub7$F%->ZiBXZ`s>1)55H)l%T>ObQ(E|hQ zv~yx+B!fLI(S^hV)km!cIEFhB^M}Og zV*uL0F@=({Gzaup!O)LtCAgyi2NjN735PFe=eI!(1sqik#yZZZO$j+9!xv8-Q{b+W zAuM^0Djd+C*>H=yzkPwH~dZuRe$h!1)Z%E;E4N)KuIoLf!GI0x9%V2hd^f2 z&&$C`TVmW-x}qz7rLtx6Yl_M0s^0MneB1MWWX6gq*Oh|Hmr7ulb-Mw=3!Q!L7w&3`7Ve`A`laYcTgAeVSS_v~q)tC>}ulHz@(e&0?0^ z49pI5{pP0KU+ev!J;}Z)PF44^A{|i){okh|7`1x1t+79*t<)bzz)ip@O0la4qd(a3dYc?^J-GQouFx! z=)wqe{ObDR#?jCxm|I58{mkY{$6GX0KVb><6FSeEi+lQn1IL7Nqz~2nbmZuBucu=+ zsH2^1;h)ueFWJQj9Bb^x$7;t(yKl>+B}RS;$437 z0oYFne&RkQHJoY>@@1AHF&5W3>?}3%2kjU94)~#xV3VKBt?U76VGV8EZ>x$xzgTpv z)=uc*VJLtd&0u}ZND@P#;c>gV6%NET_2Xp}4oxpy5dy3nBeNFr;aV^W?(&GytWvz+ zyXGH|bzl6J=(I^0aBhKL$Rfo1r}8@tAgrppLHWmebf>oIlG0R4bUIG_e2?CyKO*uZ z7nRPf`=X^0le)8Q{qf}fzFaUnJ+C&`LQU>c$4@VHYk84`xi#8cH1QttR!x4j&mNdc z1y?$>Jv&!vd2)03oOQ`3V%9RHk5DvG>`LCmQQluW)UP_vRU>t`X$KrN1!&o>`=z3J zWiw{xUuG-%Y;hT~UPuxPEVq#IgSac;Kpiyq+ohFM4qaubdu=&}(4pKmHsl`!?)*x% z>Dt!>+P|)$`HF9p>`t1dcu&NxHsDBk-%fsck*=z#pAl!!h%BvHV3!wiqg)q-w9?8o>}U?;N|UZa}mjhbr>k2KcfcftVE0y9)qHHs!MxkL4xuUwaOS zsDbPzDtzrDQ;ce}wkJ;abIWdvBBtL=e4j|&7>Tq8uVWSVBR3HEkXDq|i)An^wlT-e z^eX{ON`AC-asZUOegm?5+0Ng<08+2NxOIhCG)=Dhz7P1NE_0(!?RA8=GkpaP9jv+7lDaq{$;)5LzCk#(YyrD*zd08s-8 zPb)~jLP`BVIAw@Ll>)1kT75C3Sg^zFOG zd=)vVuwJ@N4rtHxG!M@0EuRg#g(l%MAz7;B?L2Ha%Zy6FnSRjL__m>wf4~CKFC4sv zSfRTEhJ`T=?pM77hw^w(%e`AT`r+5|R!H+CL48`NgmCSjypFrt;6B(f%Rq>aA5o4* zhBw3>9xlcX-ay2M^z7_*x{-BxlC`5+$T)ZwZm0xO*Pnt8tKV7PBZIzvnUa$lcK9qj zWfGoWLZ-~3vCZ={#b6?YLkNX42jY(zgoc?op)-J}7%BB_XV?ln{Y*lGhl;4Z)(vNT z1^$)p3Z*wEHxC5>PYEy_QdzO9H(@9J?hqGrMz7f=4* zwXu`4L#w%IEYu9cH@tAdHQ4TK$1T3|WsT{D$6oMa3JzGHbqY{jh=7Kg(dr>g{+LS? zXNbgb?l9uSvIhu;V|)Q}W67aMaZ(RE_st+2#lClFO+PZOpPMpU!RTfbT+nGAS6amozZPigFj^Lq_gfJ6h z0x;A|e9_x91XD|)+?95s4r+AVF;_Y?{z4Zy*go~9ua9H5kqJ|df`MiDLe(oHIFhLJ zgPZz-yG`GbgOM0v$ss^6F+!MEcl(Gg(-Q_*{75R+X45v()JP?{~4rX8x@ehk&n*@7Ql~Z&19K$vHf~J+ z6V!Lyyan&MO+GhSm2I%H6_lEK~2_bMMINn3-%-nEAiw$KPMc%8fD z7c4|jmbVym466N++L#ac0s6UVS+evh%qr0^!@DGPI;zQ+9w|p^rSwGD7}RhP?qzu6 z)}v7h-avAugc=WuI4U}Z{0*}-vEmnb>*vNXdtteLy!o%dcZuv_hI|w2Y7I!Ve_dZS zQVrCV@0YH~ApXce!qovpR)h6hO6HUdZ(h;M=%OOsUQ`F|k~c!eoSATcw4Ewx;<&!p z1w>zs@Su)J!pGFWX>>zs7Ak?filNM49C7r4EfalkUGg?wdUmXjmK#A=7BROl<|BjR;M1jgdWA5s6Rb5B$+rL6kYZQjl z&rSK2qb6~`I6dhqRwlyyMhg+KHr|8IYaOfnHgkny^c{j)u`iOs@UHe%F-?Ir z9MwPfO=gE4T9ZNhD~is=1DVk?DQn7%%~Z4^{^LX3)a5x>bK;Yi#_n z7^$iHq25SgGVChe=b$|jmbP<7a(O~aSN*-A6LNSB1Dje(Hm?RO_{(aRL6szn7#M7$ zgsDlN*dpe_T>mO>80J}Tp7W$ip8Ys zLFtb&FxE|Ln;`%da25NuOuPiplY12 zwfHJxU2fOK`|nm`qiUS2MKIr!40b9n3RII1NA_D0glccHK-DEF-5ZIqEM8CK%{KZOs?%TI>fS%0GS6nBg22E1M=dVv2786UHOs44lVdmqo za?L+1$HhRfp8*T62UHi_Tl%33+plSoLvKMJ~h;jYbtHnbEeq=kHpD9OxsP0@#0zuwZV0TF5WN5S%FQYu}Le>`f7 z(AdhPW@_DN6eR=oSaFrFxH|b*E?4wQ=|{B@ACBZ8&IO}CLw*oIs@+sI75}M>4Lm`y zb=D+%C(J#LgONb5oJCvWqgDI?pBJ3*BveGn?c)H(pbGH4c z^+G+WYM(-v$m!UkHRWaF^3ukj(fi4jZ!ocsv1 z!4>q7R|amfA%Qlk{y|$O6+KN@Hx@E=3cj*LC?h+D#60<2j~V;Trl?P1KM0m)_+|O$ zljZBpprq>txJtEYK5FY&u=!mk90wLUPQJJ&b8xPAA22p)Y|FQ+(P8dsd~fx7>`w0T z)a|Tr#**T68gvE1gsB-awUbnd)tAm4WYU$2KrpwH45sX#Kw-2w|ExN71&=4Rturgf zmaA+r!-6uytRO$4R!R9+F;-z03^F;($CBZf2Gvo{Y!ATVW(i|kKjNnnd5C~}^#Cnw z=Lr3~-og`~hH5FecB%()lHIt3WN*S$;^}u2$bJKks`b;W6M<#RoITuDPC~TmQ z7IubN_J_MS5gW>QWRIK^1~#VmpNN?J9<<1=6=H~iFIMtHt`F(Ln;#W|=H%8D0t-)9 zP?Lx%+i!xTJg@Lj(@BjpfSk17L05hvyQD)iLI=RLxW=)~w>&-u+7<_XCF_qJ zUdj9EUM{CDC42&+cC|PhB>?l zNKq$PRFdu{D}+$s6X!#<(L%0G#&~2D;t@q%Y}!^3EBUIA2;_{bfXw_2-Wq=JjqY^%_`)tNt!Y zsx$(*qo9Xfie5u07pz(-KH{UOmmo|5B(P4FMtx0r;S6V`SD}FYvmI2v%Ll7A7oo?Z zDD^iOw#0RX~E*0EUUhlUOtbjW=egm$+(gY3*GeWoD)3EY)uXBq6DPSpb6nrh?yf2 zGpG{dDf;eUr7SbtBVGekBerQnDCu@ff)BS;cMM#x>AGtuV>VPPk;i=uT@r)?L{p~R zv9!N<7Z(kDT7l;(-XK$+>&`dDmwop}3yH4#Z>Y+nckp-VO5DaEEbV3q$k3%4LJz`R zuGeVCqdF6aO2CP!8%aPBm}d}6IhFfB!b5bQQjp6uc-d~X_G;U~7MQ)omVL8DnH9w? z)N@y1=g9X_aieZ>p&fj_i=#3&RxjuG!Is2$L~vXB)*uYMi(<@_T0}HnGB7NU;#4`C za=*i~EmJzR%=js$>`cqLu;W%;MzFRwf_Jdt`<4eNku2xjZpgFO(mK(8O=I7TZcvKj zXXL!mkC$gut8|-45o^3Amwo%QkiI3!sd_sBDC_WO&!VhxR zrBi8z|1*1yVc>r^7iq@`Bc?N=MLrYgdZp5& znGKe4{HT_cEWpGD&baqKvRNHYW05zxq#;_w+k9JI2&x|)_*Ta*3E?Yr#&ozrt*^h{ zj8gOQ8+J^u?I%~>do&i~2wqILbSM&uKJ{()qHUjb9_6tqHoek1ExbJLlw%=GSvjtW z0+>+#vS8s%Y`TY9orwYpG|w1dcGeqve<1IH`Ph^M&RtEcHzFbAnQqf4m>L1w^KY14 zd{a1c)+&VG&=*T~GB;ah;SJgGlo9vsfO9~eGVSpxs~HlNI7zE)3yaPw3yo2*m2X8nBZ@)9Wx4V7b^PEiRP5IsHPlUI&S=U7KBr(B=% zCF>|~;Fl-rz0f|%3PKgJs)h)v~qcLDuWRC=AM9F=9fgvxDs*HIT5^)i4lj=vBU(cS34N zkanPG%CHcQel5l@8-V|ET%}-vl3c&@HCM3iFqq>Pco@>3Wnkiiv98uk-4TzXB#aS@ zXw#1?IOr%KJBiISgnua-4`sg!j09WJ{ZpH|r@u!^J|{Hf{I6 z-`81}3yocH$IfhBFFe1bf4~~kI?LowWzWx(s4xe6fcXh)IU2Vp6frfnWzcs+)qJo4 zN)GL=d+9%8>a(bWoNKJf-S2GAUu9GrkFO|e-aOfCWG}M>&xL^Y`XVQR-SA_ju*x^F zym+9X<}}VZpWdcf;Y~2pduo-Ob1^~o!RP}Micm1cX6Twx!MyYr@1h~Aq}-WuIyW`` z>QWQ%KNqEJ%fYJjYpOyTPv09o^W?C(T=5kqJhK?Q{Ch~Q2ZOTLkgf&QO(MF}`n6`! z=H%NXcNc(N_Wify&L4R*#8zwwIH1#fztEwgz#6Jiy9wb#UG~bLP@QWVZ1e#rQuP|g z?tWH-O#xmxValu2pdjBQ2f-1MO1HnaU$$rkAL^at`RKr>Z78K8>M*QWnBrn(@QEP` zEi43fOuWzt4sb|))`sO6Z*ZB`Nah1j@8k%Ie?=10D7r=Pq!Uo^a^JVyOtW~lIqbc# zXWkqVS#;vcjQMnWeYrvYqgU=}iF49S6u9|~=(x_=dVLDjs`3Y70B_dFL!xfmb&#{N)lK1WSpB{Q9_?gEOq% zE7BWtBh>>6HH5}jpZg&H%IseJl0N>Co@oMyY4d;T8{ z`+EHB<0x-yZS|ZJ=vsocuAf5VMXNpvVD$UKyIEh1FgsgWW&`!W)K$N?w$9uKOHU6L z#-i^TOy($cLm5{(s92aCLtZ^F3y)4*C>}Rq$vEHnqG2;o=v*K^iT#Eg`0RrtxIb|M zEqsF!B}>BiW^U>o!p9gFJ=}-QZBG2zjz1D?!g*8R-QX+_#fV?J5A&%AR?F?QQT4pM zxj|nN&=@?Riea}TC#Tw>D7Ri7uweF?;yKmC<7~yFXH*ZW*z3jf)pOBs8~;V9(iCQW zx$8`Ojvo!9up?o&(8@S}QaL<$ZK+ajEki!npxe}jGJI_rtkJG#?w}79osMEqn4276 z+=v zT2jgJBG&H4k)7N(l{2qxpM6hi*e;M6Mtxp9((Av3F6fPvu{ZH*8|BLB^*r3B=fIF2 z0?FZtpfFYie~t$UG|q6gVZ>Gh8a5OJsSQydS*oa7%jA|e=o+@7&>mR^1J(Ri^CfOU z)33zW*;119Zhm6tZ{&E0s~v4ko$!@r|I%u<5qEuKMRWAe2{4>HGxk!~2HnwS`iYkQ zGHWQJ=t;7H-(*<#(uHJlP~MgvA*!&mEq{qj*kC=ou`*i)6InHqo8r9iCY2-MVNEO7 zU&!S7z7~7IP{cFdVRi|3^%28DHn7wjc6mXYWO(!Gn?xmFFxc^Sf zX?MtJ`i8J;Tm>BHQrWdvJ7@8=zpHC5E4(~REo*W%;y(L&^45v>wSVGN;G{niFeBn; zuyFiY*7T#Kwo7@^7iR7@;EFUz+9yszC|3)SS#nLV9Or!yJjFb0ev-V-1ot1mYztGm z*6J+ZM3Y?wtw54SEfGa9S8_^xQ?@eRH;Hv9tVcYToL{6o!-eLWW+Zd4dIE|_ zfPG5IjreTvIU=<-tKGXa-OIsY=`Hszst5RNUDG*8xl;c|aTlpu=ak!)s+y~X+0hE- zassVDzRuy=(5(ccXudvD)S|T0l>o=H8{wbM__M7`=(g@7mF@sS@97#N={#R;Tkons z-S5oDTUz%|vS+ftH`89%v3L(RwQoK?-VB=F{d1{UG&-6#-`)-eob-|F49>i>g)e&V zE4F}Z&=~*bJ^_z3`>if0LJu+^@8M6FDB?R;QCn-Ooacg$2sCezf;Rh`;CC1g^FOEu z@#)5I0dKp?8+JqX2oQ9D7j8SP#_ZsHXhY zg9(ovQv+&YdpOq1?z*+?sI_cdI@+>9!ogeI=|huc!^;7YHve;wm%i`J0-<5s5hGFh z3VG-jIZSHv=Js>^akDtz!o@v=Q`6HMFrvE>pc+E0-1zT3#XSUhL&|iuP;L^6RN2>v zBat9-^rHHvUS>ztD5+Y1=G@pV#1=!Sl4n@PgNtPVpqhU;j4U)1FgU#(FNku|D#oCx+AH%i!3vjFoH9Mzx|$u$Oy(eZ4;I zLviEV%19J@<#!@q@OU(An*nLq6YrU-Y&`|Q7&A6Fi(R>QqYD&M14=2{ zC=@|RS%od}X{5lnqcXJD>|T7m^ek{EVF4~wUX~kVW}9Tc*P8oD{ZSZqv!kt;CHlwA ze`vj2d2#Q}wMf%`L$88Zna%%EBjqfLCgZC`cs;wp2O zL?s);CCP+fs@l=6o^lBQPIaEZtWm1XxY!-=foS0Sj^q|~94@yqAC;wdY84iIfA6$= zER&TCXYmMrb{)2@>aM*}-c0y>5ye?ULhat?m=$tOi(fi4U%474agxoQ|4}NO?cG-@9V3-+tZ(uueB!C%?+$?=va#~wAedBV>4w_xl#>O3mns? z`r^oer`_H70=>-z{|!~(VHW-bX^}L(PM2c-+%{Qk93!)BQ@D%*(<(KUkh2cL zPnKxt6>p0Dw{$|z&6w?}s{=AhWG z?hLW;kVE)s@#d%MtHEVKjYA|g{UL2dD;@sbHwO=H#7zKksEVvZoaNWNtJ%m>!Pr%% zhp78>d0#9ZJZtdxtC!GNR@?U-fKJCr&f)qp}*g@#dPI8xqk5;{ExI*IC zdXFfAK{U`TqFlKwVI^7b@vu*iXP~TF*}D@rWzSQYv6L(}e$wG)1vhKY!_4O_hlv|) zmmY+9EUdNv5OhjHaZsl>`TctNpE(2mOL1Z49gOedDq=kzV>C80xT`WI>8H2VD zdu;6L?6?!1#IrqxCf_GkedRl$!La~EGB=Z)sY*`L5m9~H(P^43np@%yi5BnZfgGNL zKHLSk-d{l)5*pcpn)2;^PbigOiBFz9A{D=?hN48KiESK}^lVY}VnLGuHPy}MrOe?s zTKug-`e6vPIt{?%tQkQsWB8ZeW*fye?~5)OjO^^7Z8d6ITyuP zMHFAP?_^`S!mkEgotp@V>M^FFiun&+{SZqa1ryVrl9CeKa zeTg?&Ly;))^VZK9U`xx5ZOBqBED}{R2&gCG-u!_6w$u|2_~X|<4V$hJ27h*eeu-BU zCkh32rqC|W#L!<9UhiNhF8WZ2)$BK(GI^Ndl01#drb7MsYkOB|_KlfpsQUX+C`@9< zph8#f7hF>J#FkRSO?q5AE`k}T8(PHYFLlvng7sN*SqHTrTWgjNkG15=Lp@l^=2j*6 zwSoHx!VILTG(DlrI?`+(g=NuPXSL4?I|@7N9>vHs5(+Unc(R0+j*;{aahdxvrXjy0 z6ZtinCOUTJ34{Ca?St`}tb*vkO)xgt$hM2KLP=+Cx;h+a>S@b)*E`-@|M8GTS=0KK zqD_oNiQf;x-`)CZzGEsIkYUINu#(pkhmhdP*tl*KML&y}C|?19e(fPiMGwMeYb zjMb22K^%UGcJQ1SCB-$$_V4vY3`%K}lg?-z*@Q-5@k(vV&rsf#`sfXp_jZnT!6O4m z*8`CbD;Ub3z+>3{+NFrn_9tSs(QSwn3%i*^4Q!GhI4?F-)HEYk~IK5IB&*;9$nci3Xl73`<1y^Yz7WKd=|H zcSvm3b20XHa)WS8(_=P(s`&G1+!TZFWl{dGD6AJ26P_s!ARP zeqKQ>1Es`Es3ZA-mUD{Uo@y%Fe-USi7e;_gG;sHk!^zf-C89c7K9+l7VF?JF?`m5P=j-&*x)_Yie{Nh5B* zuAOJQd+F#MEGw$4l*G&OoOY>)Fkc`qHN;#LrTn!X4k?S5-IiMyPcLE;`B6Ba;-7Xh z(@~ze{J>*NF=7xs?cy77m{V`3vpc>T93hvQ^O@@c>T%S&;jMultGL&uugf>J#0$u4 z$IX~dWz5ajkJ)3L+P+^VPEOKZvEV{`+;^YPPIJBH97-hE`FvbGgs6VEFQsGHdozpi zSdBkkc0P3lOO|@xS8TiXJJW*zaV}Bl=+djI&&oiiO`eQ(B4e=~r!j>pWg_l3S&z1~ z$@l->>1Z+yPLRPAVz-=DjVZ9sk=Rma)=GtN6AE)v*X?41p>zLY`l1EjAgU8qeA!ew z**=g7P7JFY;z2?gpKp+y`E~V%E5C^33zBCxh&3AT&WNIL9o2Fjpoc1H`EzhBs|U!t z@}N^6!dv4F!i!kr-4FI!Cr{)a^taB2?KK#QvH1YW{Q_w%S8wso6`}~sJvX&&MIAm@^9D6KaTmvq)BF||)QTpQ0 zj;mkSxvCApfc;QSm=lalTN$MekZAfsPBzc3qjx41)l7=c=y$#?cQLXT-Ly)WHnaQ1^%HwYHtnP3zx*PA|20 zhXgNISdi^gU7`IXxUYH7A?T=Y(-f1a$6zHF^PJ-N;9g+HVIzNA%l=Z_tf}u(jvLEf zLs%?>xnM8e1Zp1d%%2RfH(A=VF{vVlKZKtt9{-T5ie7Y}9r#6tg_&LWI_+>lCJZ*0}$82+wLcU!2jvfif!V;MUNb%>I zrLu|%y%ud>Mpv49?K-sM;CNy6szS@+CwM;Jd`iD%cIO^Hyl~BD(Ch#GWz%?yKX?^lgFgr(bw{^lKCW( zlV`L86q*bCAqvRv|6nXiDI_93&#Vtus-R+KKG5p#Zs6n`OW;Xc@O%rcQ*zrOMcQu!K_`|j{((SsDeYRVQ# zH)62U=v&!&3K5RcOvK7?@4IrxvX`JLp& zv?~dlXwMySlxCaJ4O`1pKTrn3CmZ#4B4vg6FaKhVD&asmPF4sLCq6~l?;3LZYiPVr zt6oi4QDwx>3St#M+&AnGZ+s_r6H_clo>f#pP&$b{i5kNR-EJdBqn@{>3al;O@i?lL zPZDyeVIQ_4Ejh2^d&JD15cE(99=^MTrL#=b^gy$Yo2v8uN4#{_VTI;ILTm3HaYjWf z9{hM(lHcBth*?Y-Q*&wYaL$ra^bH80?-{hD5h!N|5*5uCa3Zg4n0dMBis=nZA!!M2 zwyoU%?nw)TTR#FW))qJbhmSXDsb%e9cE=^jWZ7@=%x_$-5@8qxqBq84Yl1e1ST3t% zI51_$;L?1R#5Py&(L`os4wQ{st!$9j)}0(!A3`sHll%7D;&{OGT0lYlaZdTRxV_)w zDe(1|mo~}k1fVVZS{eDB0akJN9{k(MLV?XC1&fpn+PDb8W&*(LJX|}SuRkw_>WP6j zn(wPoCMT4SbLf4F{}Tpt(Qbnm{*P#H)z&YFmxC{f4ahKCvBh_V#3Hx+EqzGka;O!Q z7-$zbdSKs88C5qQtHyFqM#lPo1PRT5vm4bV`qh9FYS#Lg&%6n$U^*ewIw-%&d}*ok zeswhmzF|a#*)+XwV8p;mgrI8WbpAxjo?A^pH_n`?IvIBZLKg2$qoc<(qOgCH`CqXx zbvm00*ydBDd7ZqYFM7q4dFa~hJ=!*x81Cey9LBKkEXn;)jgEttO^R22`=+*@Kh6DV z!P)3O=FY0=3fYEv1`}PZSrfF|2Sl%r`(N?{8lY8C5tj6i)3k+nc<-4Va)Jq#oTCp| zHLJ4Lojq@t4tlsjaP$0vE0z7sz+8CbDWfL|Mh_<~AhegkWOmR$T<(GR`G}7BcS& zp(-X2(&XMs5~V4I$SyboCp!0 zns^DEH+cyb;6?mYnNf}7Kn3XaLSMc3I}_H{gY2(NM`PK(;@ryh+YNMvtYk3C;0(_& z=Rpjp&clJe4h0oRH1H4!!u?_(@zC{#n5y{EYD+0OZ=KKn+$BHMEZaPD z%`J{KHQ=y5D$E;*#0+ZOd{Z*0vGpPy(_}8rkyMxtld7jlco*d(QeFmeel`def^2h_{`q$1#1dZTlEH0(sBnRVn6^R@|$ z9~WB|rGd2~k^kEPjJ$Y$|tg7ivaAAkqz4-XA6PulEgPs-d_PiuCuBvez8Js1z7&%eYh-tJWy zkO+N{m&8B1jVN4$)>pk#ak~g!3l`^a=-S$~* zRg(jB(x@m`Q_yH${|=sOx(F+goa(Bt!vx=qfIUg@#)MpkxZEA1({dv>P>Tr&#s8wM z-PK;UqUe7ym6Roa9du?ETkg0kIp$e_NO}s&GFAKWd zy;q|!8Cws^*y_v05j>NWZ_&p|B6T#WL~#-Ce}R`N2?WpD*hXTEs=`Atk^pX<=~2B| z^FZ)1B{S*Fmkce0Zw7AIPV(0wCHH!Auq?VdfB2y`C!m%|K_CP36E|$w6~=miU?Q?0 z(dd>*nvYZc36M-YC#rJeBa1~wLJA{*jHojgXKTu+9X_C0vXoIe9Bkf0IS%<);mWeA zA?RFWf|k3X_7xZ;Bstmh1~)-IZNI&q&130JQ69NiIx>DFT0YKnk8F8^u^3MAHd#XV zvv=fH+a!Sym2~ZAYoQjWI}+MSENII0Zn1os#hXv+TiOe$qzjL%&kxqOJF$yX3ge3=Eg!{lza0b6UQZ?l3M*k32xvcxHY340WodiW3Hv0 zdK5?$3muOl|FpK5yURpMK5gG{&wE0s==~jRoDCQyV(OSgy8EItS;bGETD#p5|NdHw z{dR1eOAiA2bJOj;pjU$$882_3)ENc1pX6z*jY*j*ufjJM zB7lm(pCJx2<;2}4W&<2w@Ky5;6}vN1b$k8C`esO7Q?* zM8ePRpk#8ZFy(~5fQI-2?hux-;w@>j>z-ZskxmAEJ7OFuHcyC-T#>_~NQ7QduAIw1 zAaqAeXO^Nk8{7-(;El+MP))S94H zE}R%rYJFC$bOZOhG?*IEKYKeZ8b2*sCWViNFl%67*f3H&a=7n&a}_F+e0b8Oga&1Q zr&)B;(0X~?%hc8QzF_oLK<1)3fO#AY4~@!>&>%BA&5exBt=Vw|PP=QL^drB%vx+`6 zxgTn~AN)mXmdMfW9v4~?f(JXoL%5USjVw=dhMDmXv=h&W<5JqU2MGBVlj3jGx{mvS zsfLCyQny24ihz~(x}(y!!{o5ANJ-KlN$op9cUaWX5!TWi;S_p7O0~B?GE{y_*MC(R z`aeLu9~<&#Oh4Wo=t%kt8tOyH5i414C2nXVU6u@=x3@$$CxR5j0K)F+fB*%|)tI^$~$-eIyPzkY{7u z0sR&C|HUIj*|A00V<|s@sU%IcLkOGP((}dO!oe>RuYA4QdueL7-8>LRZN1-$G#HK_ z=&PU_JRncXn22eAI`DdxW{eFJLs9t_!}CIrUCC)^d-TMybha|Qi-2PEbOA0EtDHyy zAW?kElX0sE3HzxaPQ?39?)m#`D}(3f7%SwYmqcG^t1u!($+gHRCEG6sxK=QXo5=VJ z_4+1X3yTxzEgr%6P-dj07r6hjs0eE232G!$UZ}ttQgtZr6%@JT^|G-Gr+t#vCdh0H zDmg(BhfuC5LGOCcGsn=&#u%Uka1WZNQO;M%=|B$S(AOfmwFkLEjAX`Ynd%1ff$LeB zy^-I?RY-VGDVBAqf;3R%0B32I#rK*xOShn@oflGZ#h5rm z$tP`+TgtCxk>Se>!9=+JMT{eR$K4i@9wmNNe3o$dD0Qx#im!}?C}wy4na4bJUS`lH zq|xqUEF3&vVB_T4aKCo1W+#UAmv?O&*zA&?vrAe6&DZDp%vC}QdW${Sj25e}KGNTN zY}qqcJ5J@&PO1RMQwG`3l?=+Junu-7Jpx0C*oTa3^DRIsLm|52`Pg-TY9xd1%|eS^ zrpEl#nUmFIcAxR9^hdU-4PU=B*aq_^4v*OQR_^$MD@MB8@r+J;%w@X?OKiUK#_a_v zMx|4^MJl$)eN&=ek1bzk&2p31-j^H!iG+=_?e=do8^{5F-$AFzHS=h5WtxSz|L(DS zcaGQ-FNC?bl1;-x-SW=#OF_rq@9fI`k!NJ1x6H5sDYaSj8ToFlHCXfvo;DMI>Yx2&5sW8tkHUka(H1JE*QVE#*2@?NbKM ztJaL6^Q}dH>hfe%?m&SHRUzv5O2s?7f*>MEnE>bkXx(jhI~At~J;&7r$ny1QXZcXvytbW3-Gba$t8!#%IwPyaH` z7_2?ljAuSGR;`%R(hghw9wGy)|Cou}fGb_;gIwtZK9ycyEzq>8p#iar-zNgESwuc zg6C7@VUfMcPa<05#{8Qw_Py842<5cR2(|Dd4xmilCFUU;${CuT4tmlzh3R9rzWb~R z$b{!MQMPe>9%9&8WQ>eE5^?(+D{dh)IHAKSbMeZ(>*J@VYU4dfCA#a2cXxjNJZP~T z#Lg?Bf`mTbi}duxpAs8#Md**?N9`UMIb!uEeC*i`kaF0oN)seD|14Hpx%Z!7ck-@p zUt!=dahZ@aQEe?*>{q&i#zLRww*quc`+sUJUr;yUB{wD2>z>j6@9Ak?NXilXWfb(@rbn7s5U-0wvLVcA`w=)oD+z_DBvbN-JD%Tp8P>EIW4 z!f(ki*+L03O8}MoWLz#^>)G{XhDsa{h#%>G%=29^2OP8B=lODnrsMX*lV#t&r+6Px z-OW%`2!q+V8cFIZ1XLxT{786I)HsDA_CkF#>B-5d_UYGFJ}g~-)gvO6eWZf3(nyt6 z02yG5pMoEX7;2Qa7R@@xDKEh#2l2xlD^rLs6}MQw?EJzZ#rh{&0#fHKar&XsydSG0#|~kKvITa18d)`iFr7_ zOMiWCb##q@`lH1Y1(|CLRp$rmGByJII@a%7;!8o;*Oo!JaNh0Xl1(!LRF`i&`z1{w;gN$B`8A*KYj{`Y9dgdRrium zsQQ(P3-zNfI!@=~5f3@w8TeVfYYZsUmw_o?D-FRq$Y8gX_ZRN}C;K#Z3(eO0*V;IDB`9H7gw)+5tp$<282Cf?L>PJ zje0rA$j}Q1lxL+FRjYH$BAgwP-Se_-bq3+bir(ljRtU@M#>>sii`R9CEZAknbn zl;Nle+D{h}?aFH~nypE^!;t-mfW}NCwn~sJ5J0^P;!B7<>~fT=cC|0^BV1L6E5k`8 z{Xt4+Y;+CLtBprGPFno)rz!x4kv)_lj%*&UkoAY*Gk;pwpFJU*`v(e9&c0HVHFK(1B+bY)ZWpZO*9~15uD^aGhh4g}Oqxb7F%^Z6?eZ>w*xuwt1N(3;oXp?lS7(7&q}hWnG=Y$Cc(ju_ay1qa|U8V=}p zW!AAk0tLo7&oqC^Ns0E>e8l#f2bhXy?7wr3a;ODu$`ms?Ln3p}i(f2!_06b?+VIyK zjs!~Bmai7Hn3vOa2=hUy0za>GG#}H2k1CO`tbW3#F_QS?4OTUR^v}1a27gzQ%|$EJ zllh6cVhZE6M&PIOQNM*OOhvB)>xnJq?8xWbZE9yz`IzdRMyM9LS$G|0hVOrGS1~*m z+ngF)=r%J17lE9Z!9^e^QZBm1c<)eUd)vb8D=-OT2banW8`s>T2BV5iMQ}jKoLhjK zw7F9hx_HB9D7A7yKUCnWs;D0FMRt@}qcnYz%dmiHFLa3ac_d3vA2=mbq4sTdN=#6g zS0erzlC$G-hhdy*h*BH!MI9t&x?7%Uy>e@G80)T)*mk_io9tkup>Q&C zUV630NRkR z%*9FoV`|W}^FLz&6l31ax4*$Ki2C{t+!URV6TqK`;@3Z}h2V}V#Jr77H$lbU6IS{y z8{*(C!i?X)PEU+2=Jkc{6dQ1er%{zhrQ?ctlvR)>-tK5yYJTQM)TeZRaOPcXT3Nh5 zLK{Jl0>R_hHisrvY}v3N@g7spDkF0Yl0nMD<D<_l?0HAYc|iwtmfy8{MI_(|wiCIYj0@OKSC*RV zs_eIOvMhUDNI5J+)L;@iBF`&`l&L6u|I~Ms<@J<(9QRU$0#7*WmZzlfO!G^KNdP;K zt-Xj4;(GnP5lThs;yJcSUA%uio?pnM1IwgJ1rx)^Pty-GAytcV5w)B&tK`>FJAzIx zAx!7chajYlV14CY*6Yu-dxP?0OQw`$bNJ>(KBDG{a-9O=s!4-7gsd1-E zPw}pZ4_Z+eW-k8hl%)QZpJPR#agYu*x0Y;ovV^%|HxZJ6>Um;3IQAs@*qEvE^~Cso ztV7It7|MbASjAm?-T3-pkU%>fL|DnL=#-O^RS>|d4Fmw*=ENk-xLeUnZkRs|wew8h z<&$CXnN--|{k1`4JPOTOa*VPe5lZ5wm`=xeTgk3F7E2xh#ufT;El>G@&F#&LN|h)f zEv8k!5S9#}(vI%VOH*r;$`NEW5#=y_kzdrXfkNIwwy|nKNvh+#eSW>U$YtB?D$9}! zB&HE-TO+SpZf?i6okVS|Xuk|Zf|n*@Dv*`RBrb<<{EAkV&P4nj!Yvw8uL|eA6sfz@ zKnEWgPByNK^|7X9zen_(Fl@bhZQi<&k%??it(l=7D>i~~L|YVKnJwl_Ld;Sgg$haO zV5w41!w2pCRtF&=<*yzC9IWfPI}6?N_FzS}ke4^3<2xB)i(CJO+L!Ixb#KP2$ zgzT1NL{f2nOx;T%vO_pRd>c{H=v}US^xg(aH;eVJk7v@AF8nS%$rP6}wpwSmBk{6!%;UbuoY~<>F+qPau4LP#p zVamR6z7g^2Btn%@MU=4!_Jrax9P#3f5`xQ6myhXR^eu{#rmLQ+`iT}?2_qGU&EM{O z0=|;!UVT40Cnc4W{t5=7DFT3?^%7t-PCxQ$CJBC=R7MTlR(Pu%8)UuQ&lWxo7k#Ws z%3KWDU+aj(;<#F_cxklu27#Da)#G0WNogkPsu^miwIK>Pn!W(geYgAHIQptC8+z%>q6dU( zeKE+PL~5kgg4!$_cIUNx9feRvdC?sIr;!k3#W$k%Jx8w&mH)v*E}JGLOa0|yFg$dk zEYiR;oS4f1uf>sx&BfoS=bUE>h6tnv2uKlrCi1f0@LS0dYl3^89?PHbqqQ&H`K$r2 zknoq4OAV;_kK0#;$D+5!VK1Coz~QfQbN9_D`~wDy_dEx`NAVa&dhf58!5Jzfb6Wv% z_!T^Qv|9%by>tczP9sIz9EAhz^K6Mxj}%F!bD_JyV2I_PdD9q#c%qtA7`*FSff42p z{H9VuLAoj_xs0N?Lxk=axd7%hc*EwiXzIPRKL?DyonKE;RUZ{mpWVHp4KKJ@bti>MNCk1+_t46ap613*Xrjz(&TaDof*Din2jXK?(W$F3R6y zpfQOF@uTopqO*Igu^|ZItbS1L5pLa7io$PnngFjIzZUR)*Yg+DCipl=%a+Q}P=d|j zGe1e1rWk*YWC~o_+P30xyZ((TuObsJ2$V}}>$`>o6|X$$h_@4(i#CR76J!LiU@jNo zoi}OI9U74g`O?@2ecHiFAke949a`}TBO5xAt|U9$7OMP>AxsA>biK)##B>ML#G>@S z%tv6UOKmk`XbU$c1k%nkL?19C1Y$@ybuX7VsG|MTP?}`ao&(fS{r@!74kUL(87qzQ z3Q`aG(J2oDpk{?vjr+)z-2G{ApRwb=V*ku1U9Eh?Lq^A7y2)w;uJI9AI{^|x%jGv) z2imCnW%&2r#*5ysKR}ia{o9lg(6P^W73`P{t_#BFLaa7 zGp@7()`x+oCMl!u&Wl?bsvO-c9RigCr!%U!NGo^jd}RLYk1#^0Giop^qeCWutUDFX zUlq!lb%@r}pt6IQ6p&J}*POPccHyC|Gg9^VH=|jaj7o3-poSv-Cl`Cr**e&A&tWzf z@O0_-B<+o(d2KEx*uHj!0&5yLyAnrKdllK>2PshOX$mOc{?-$FKkAi(3OAX=!W&|e z&Xqi)EJ8+vN4qQ9t%roj$NYj6uRUhVZ$Y()B{zR7sA(K_2RxqoR~cY6w5KUr0dNc_ zrb*uyN5zxenbW)}=txw4|Ixh!D&JJcUKx%Wr2fr%VRofxcgEfH-ng_EM^EBY8A~c0 zNe?5xiIuRmUd$6I8j=SO=MMSkFhn1QCKlawQ<~^NQr3@c z1pELgzQ@Ih)Iw5B=>!9TMLAzbJ>Yrq1Knn1jU21KI z&>YDpVw%9Xr$N#%RcS<+Ke;>f5Rs!QVv)pFRQ{ovnLnvWgY-MBk*^j8`s&OqT}(Wa z#c%6e*c1Y{qyCym1TqIlE^j5SJUH(oNr)4SU^EpsBcbmC^enTFG*Ny~f?wA7Ez}>M z^nQFr|Jo$z6h$7DHmc#Fx=ww)IXrGN*Rs_v{YgO^^KHfpFlL;Iwh-!9)gezZ*FF68NG!J3W1R-RWmw#3GK;hb;KkGD1n z-A0(PgU{;e(|07mr7*j4C86spU@!S~n+M?ptWuYe2 z7_VINVCy*y#!gCEtudr4=pf}zdCcewUz-{&ggTSOMBo*#KDlL?|n1@(uvNfS9~8mA~?GzTN_WnAK%bokTTQ-jAn z9tzoJ@12{n(;3H0*>>^5FJ>d_b}=z!jenlLJ)U{f!K8x$8{rU~7PDO$>mkKmUAX+Q z-&iJgrQjCi09@yC99!qdKCvX1RO#%GIyYH*w77$w?^;#FcAh%E+zQRd-OL}^LhbzG z=pXX)V!^{(ZSzk~V4GFCJ{>XYF6ipL`}Ke>c=qe{nsbEH3rMc#?x+e!M7^IAJzVjW z!k_88Kx_pD!k!n>3ujxeO2+^J)a1F4DJm^$!AAQmWu+ z3oo(~QB8g?TcL@U{qMCcg6NRZGo5Y+NNRe+`s$$3!2!BIY{w|6Xyi7Qeq!l7r}zW<*(I~`EU{DGm%0MU z=8lLeW4)i5rthZjy+3t_%@d)A1sP8t439YH%=@1Nx1`|!v+824b=FDm;#(fXK0-aq z7iT4XFf_D`Wqci!3qwM}$g*{xA${S8$21|9P?7XO51s0--IIyc<_h`RqXc#G{nkBwa`?pYevwPy@ zJS?hbWUKu&=CNBi%#$gWjy=P@bXfYqy&E30)O)R|$%mc#Y$^JVqnrw%c-(BQPgVgn zG33n#SsWv;snnECTn+c^!@Zjp312dZJFB58N z@Oo|_Ui=X&MU$;Df#dKyz8rs65W{JPZr>vmwSA%|d3i2G3uDq2wXbVSr_LDl5vc9_ zfoIF==nkUw}`X!-!$bzfREuC zBn<=`DdR6f@b;>5mgua*xjuL)OxJuc5wA$ygrRiVj|n)7GU{Tn|J5lbEon$ANg9a6 z@J|{031|UB5u4ZzJUKJ>QC7NJiOpD7CcWvJ%iK3z*nubJ0_3(5ES1+VIMle_w3eh?7SUy!$*F2sB zceMMw-(Me&8zSZQFVa#7{2>eIyoL85X$05|h#lJY{fm!t@{JUuvhJj|in4rDL?)rL z`>UotH-pUEi5>p>vOcmj=;b6;KRU20qx<+#A`vffK}A}1FgGc;lExhUvwML}Zj`mQ zh)QZ#`b2w~KGX`QKoRhfj6t45!XmYTQp?F(xK2$v8d3Vc?u0rH{&0-}=?;rf3`a4H zY_F;P4MV7+U!R>gjWLazzWZZU`H>C9jI#e^gGd;}VJvD!H$|7Ijke;zU~JC!)?8GQ zo3wSDgyT6%49a2C6w3^!i+71uSI|pAmNjMO*;d)03DJ6MtJT_jodN|+o!lP}= zkCSUzp)5AP@_K9lvvN1{1e!D@ROe%Pt&!16GR334o#*agOcmR7=sHqe#T{^5Z~sIPJt z>A?;GO03*l<(vV_A3;JG&z8VP1rj3k3sp=qc62dUu^F*EA{18fE|E$tLatg_7F#M} zQ2@z~u<9qIzi!$k8g&>46@c3T!_S)Ucb4Z3C4cH`JA&HUNy6$~Jxhfc)y(O@|`S}&~6+Gz8R}uYu zQhhV+#Vp>3J&}(lRfVTV)E~0?$g0Z zF1`%ClfJgjzQ(wfGHFSL8mYV(G13xiBOY@^FclrpU2~8YzTpfXU<^nX=inj3fUy09 zOZt^&MP*~9U4?nA@3z0Rd5`8rN|>lin(U`zlMmG*qh9GsrM>!gkY$mfBKbVYq?S!7>G^%MLjIE(`g*sNAHrZ+iw zbRV4R#?eCk!XTL?-Ld7$XMYG%w(*A7JqLk{v_S)+HP!1_(S(si)s&zMPyt z=G>~IzvgEN=48*{3@nx(e~WSz6F>Wt@H95UCpp%ZedT=67fY6iE^@dZ0q86Y&`iI5 zQOoe+jguGvGi-v$8nT!>T4D`d~L3*SHyzP=zNCiZs~zuDN7f0SM;d*Hemwqo~6gK z&QshXj3u87a2Tu6`Jm*0uYu0nI@9J-1ni&v+JPeRndP!3&|>EV+&y@+7Re+sf88ae z23L*ku)W^Xdk+Ii_lxAfzR?9_hE|iDE~oVkFf`AiF14a==#Y?3v?|+pAn5?5V**L`9wEqwR)CgUh6&5nc7Ym4!FbGk!9)Bz&zl1KiHYfy_{2{Hy5XW zv3`|8px%O_+WERHspMzdH3@?g$T_Sn2jiW=s^Ot;;1koXy~anE6DyCEHZNbdswMa5 zLy?!~@9P1>AiXGK(V(+bW(Dgi_Wpp{hGL3>q?_rjhBcQ1++xmC^zVJ@v@Nlu_Isq- z?*Rln!K}^8M6}3S?J7NG@N_^GnE|+cvIVA2u%VzxH?hCn3iO`Vf3mLP%g5F1ufo?7DF4A4ia0Y6a zTzZibRNwixxy%TPMO^o6@Y=xuDbgYW`BHTbu&s|`0R{^?AZbzbw|_~EP`VO+n4 zN+coHTR#aLm3}zOlbbXZ?td-etTa|;0Ar*Qd*bt3cTXwRRj43)>}MlJ=tzB#hg@>dC%+Bw+#0(w+-Z0t3XF0@i&ziwQ^AqWD0vLa!B1BfdS zO0T~%j9>IN(CCG*>c|A*_dvTa^)@rQTQ_x`iVW?W8EYF zX=0>l_Ddr(Oi6{B@J(6>?x0E0zT~emh=7X~SRZGea0Wp6xtN5}BC+1L(0;4x`VECslxww9`G3s+V z(PKLD3|^$79-OU4RuF3tADV3-Y%o_G`U5MhCAGj5A=Q<5bSzbA5aeH*%cY{s2HV_E zu+5Q7hhUp3ak0*)R!^qyk$w{dwn%%NGiF`B50^B$rNwEq;`Kvq3kaQ=HSg@r$Q0Cj zJ?Ah_uLUjA)~;>xH&KY;z!iLIz_p_`5V zr0Sn<<(GB6vfR1V3H^jEMC7eeIiA`DEH#Lx>Vn}=&vdJbpkmQA`frZF!&UiHuLY&~ zDrEn~#PLYNDX=b^{in-bRO0nY$BYQ9YWODB@8EvQDbv=xtg~q#@fE0hUqtN$(aHtp zEt`w;05fDFI4#D;pRg|ZG{~t21T;xC@(|6U&U+Yj!Z4sjH-xDAcBuE3@_rrj++)~l zTA#7<5I@@NF1YWj8JMkQz1Lo-KvBQyMlV&Afef2L6jlWpm)|FaHk8in7pO*A;5$Hl>KHuu|stR_tk?3(OF0I^NFWigHW z<0;za!3n=Nr8q5-iFE`^5VOsuSWOc{6J!U2-&C5rhe);kgcZn?u~#hfiQ!V1CIOE; z;JE}uy2(m|rNSfo&R$6&-1j$_vhOIi#ZeAlgq?1XkUs+vw+f=1eXk4LZ%5P@vOk+_ zR^-5IFSdPe)-H=0pbp3veunZfTgp&nDLdeALMGnz2_d#q;_CPTSCz3<*XXk<(y?Zo z<9yOdXf3tFP?LgWvNGh5(wU#+k&`*>ai)Ig?_zk^>&dwaHOlL=E4J?uNVZTMs9ZOx zAeH&Yj$%E9Jg*ni{d4*RvE#>2bz%8DP<+RMZzRmto*6&@A)vJ<=^RA8IVHdb%8z)L zo?PTf@%+V!oWHz)p+7a)ffsk!N}-n?R;n%*!%+0N-8l+<{RKvUOt4NiPHU9Dg8ZKf z{tEpzP)9LiP~t{8Ada=ZVJ9G0bEx%Db#p|Q{B%c~*eSG{{=x5f*u?#|b&NtYn$!Tu zjy6a5-rY|S3P(f-#W&Q&wDHC+w>rusFxKQ+Xo3giyf*n{*TgjfYjqL|VRrBhZ!Mq0 z!8j$5uEd3>_Ug#W$++2fIY>?Sb>o4%d^gQB^VT2Z`tm~$FT)B#PQ;xpIYVSVLKX!s zK-6x>C;q@yEIVStoF8{RPZd`kNNR*H34cRTB|9RW&2D?#&x*of-y!b!|JNf=Ii?x$ zP0^WLxfuLSMKf%jJ$b_{gWnV!C%(-sAT6DSsk*b1z>7*N zlYH#`2qeG9so9nJ6|$A-gO!pr5JMeP)#7D%IN@G;pHFjmGkRU#X7O@JPJyMj-$U)3 zpQ)*Npri9>>FT=s1XqM$;I=@QyW(~2au|!V-?BQ>)vnip`eY7ZaQjAN&NyQ;QjkH>to-Q*%QkuEt3P#^sR;|X1R5T zI6@l!+3kc@P{*&{xxLSJ+UTppn=S2+bB|=NaKif=!ezgG({d)CDFb^w&s8(O%KkeU z4j=1DW-hy9AeyI8r**ZF|2rg|cAln7ig<){S4!?>)Qfc>b6vdR9#eQ7U}vlLQLaPY zZhARRY#`lC-p=L|I3OE-oO`$6-Ln)SFsxNAKwpW9vu}h(OwA0BR)YsI@0}=gT&Tq) zMfe{4lfM$y!+_PdGS+9PFAj`ZPDiGr%XA_E)!U~M`xL(yTm5j{pW2PR#k{LWK4Iil zet3y`qso7x2?Pf}KWVgxM(&ARh-x66-l!x@*`r~|mRM;aODdwu{&pz`%*#@*9eFo> zr!smNx?IlQ(1bdnRqdsO1{2ju8T1-#&W7=9HG;n4Dj;dGAs!LN4Q1o0Vju`0d@$>j zm4HPr*3^+>HB$Ueo9vpzn1`$@#j-wCboAQ zi1Rs%embmQqcTmDJ#ekBkuAJ!JCk=HR_;AsUyB%SL10>+dWMpX1j>3#3LS z5cBhQAYx?1?XGw?#+VX&!8jdiQRPHd0UiCN^W1D2NxY+N8g1sc7Z_~Az$Nc6GZM`* zLhKxeS@81n7z>I*uXWr?K7OAZu!^_+^D{B%c>G?>a)pL!q5 z3eoYm@gdb~v(v{35eGSNkUea{LntI;)Sk$9JSVS|gY(QhIbHXB9aUm{bt<*&) zlfr1@&SStf_lw%1xHYYl>%C2*<*IgGhk4J z$ljiR+xKR8FU+_U4x2|^IM7T7Xw9=*v@o_;sEwJQ({^8Kv&-z?_qua6$3q<$Ir?5! z`6Xi=&ArLwho}(GRzCybn%z6t)7SgJsp|fhuiLQ#ybC8Z!&6lOQ=k>ny8~XRV z*$T#PI-Ze| zp2ALwb(0yu>M}* zuV6xbCvpr1aL|i=qm0G?KEd4xTdIPnkjQONxR1ql)l(ERyjWMdr|%Tcajh%{+C!6omoC<@p8|ent5f2UGhfudB(y z(TTvV_LJco1D51`PFXuYH=~mLsY!SLB+bR6<)ZX0a+}m0gN~8)NX?>#InIWF)9xgJmqt^Z5?VV+*7l~gg8B<* z$&?sLYsg{mBmJkooniuGj?^F14uAY#|4#7?su;!usq6V`INP9p`286?`~6ru&Nele zf?cA48BJiV&xkfG3g0bh5|vs=kIRaLqIAE^+AS-yf9yb0RpVa}Vb>a0{()*<0``i1 z`{=dP#ZGGRgq-P6!Fm2HUrr}Xjpo||>24_ZGnz*C?{~u(TQ z1r=$oN7~1?kfWfZnzJdj>ufC2bE|7Fp04ecf+A_%t1ZJl8<&}yEXmDZ>0 z%?!<=TL>da`%!U?fuHbLnkEX&EfSC5f9Gc7@X6K<&vv7OleO6 zmAV_3!DA!rH+roNF8g=Y<`%V_h4k&zsY{y}vB_R3!qwD|bJ@CZ?Y=*6sx6jY$LCrJ zK6Yj!s5=plzu0`g8Cf6%G9(f=kGv8-1P?TdoR#KAzFzfAN#;`2xB(_)JVz*_1Fr?| zx*U+Bj3{GWZj_CDt6Hu-PdCU9ZvoTf@FlU%a|rOn^!OK+*Nt#+{ma2`w~A-bTPS37 zt%U4B0!QS13#0bv6AldV+sipHt+oEK_QBVEFB96>@N{H5MN?b=`_t~DM8ilWYEq$Z za#C*nFqzgy+Aq8N$|8ST#n#~%qi)hvo&%B2D4+fP zdFPjehq+eh)hq7CNwyz-u`Lsq*wd46lBpPEqPbKYRb~+p9dF>t^UJKi-O9ZugR9@1iIJ40ZhFp89mjnNPnY$eg$DW_&{sm16dPk z$oZC=B~CP6&$O~J|HQGQjM2#HGCY*w-oPnR-6|n?*u`*7KhY!v#TOY*-bSb)rEw0i zO(<8f5Epd`WT#Hb*T=6MPakt(KA5v@Yttm>84?A=3u~9?C#9gyBJ`;)0e*VyNobkl zzgWcBn`-a<&<8eLC-ny|BJX!cQP+njiYd|8k$f$WwIz{Kq26SA^e^c=l)l`;);8WZ z~TTi6|=QjTca~H`kYSMINou{Hpu5XOzkWQZoI6b3}u0 zeV7Gk$i;RA*f5fwig18oA<@+|sTY8aFa~qs;SJ)5Hu3xLh1-ZA~7B&g5|Jn_q2hmV_I{VOPFdyir!|?MnM-X>q z!4yxo;XW*@VSBT}Jw9%QT)J&W(p-~=uQlp36T-4I;Mva1V476l38uUDASL!47dpxf zKf?NN6q%N{JY-&%m2b~%56@=1l<(vCTH0^D8MjzvXB(|=&Y)8G!Whv;#z`=^!ey>;h-8{MMVw(N7gqYtX59jQIudjy zU6>FBy#5`{PyJvtHw+hH;g;w3hc#Wjk?G97P#Fb&Y2FU*bM-{-yJ2J{V@pUu%==(u@gv~1cys}; z5s<#1{zS=Du(7Fe`s9X(B;qh1Sf8XONxynAnz_RR*a=r^(e@LS8R>roR&qvG!f{$M zi<&l$y3)s>8E!_?PIcNo$u}cXtQUGI!&;Rk_(A*@(o!=Hh&?Se5+A7u>G*L8Jm4QZ z_nCs%>O35dVzr@oE0r+BOnd7a=`TwIj)Vvgo)9^%!n@$(6n@-6bGSyEbA-RDqH9QW z*PG6MCo&BP2B+Bjg${AJ`0-0rspSr^P5C?{m&-Ykl{95drwVS*LTg|sa_2#<*}Mrl zKpb?UFEIqZ{zv;BXl4>Vd@(8O8}QgY#+phNf=tv z*&EvL=$~3TvuQ$|PJNgwL}?DApy0kZ#Rag+=YbzJ)9YK7+)29kd8J*W9(ER1>suMX z@F?kpd+mG~hQp7Jfi@WmCTn`!ZGfB(0hqe%X#M;P={QmyZJ5IS9Pg3eeLs92>k`Q= znlJ9^3d+(e3+El2yY@ZOxt`^i#3MaW@O`e&764p=FPjn{trvWUZ+2=EUj^j#Mu)xir=1wpyl3cCx#)|;gKJ6$qE;eeyYE`m zU8>edKNjHhBq{J|5=5&v_lIn}axK#m%xxwuqQiP%eSgw1zy*eGz@Ji*x0T-(p7X{Q z9vJfel`H@_gN1V?X{yYu!aOD`kc)Qv zQJuCf@T3P{1OH=*&o7oyW9*uPW9<}q!dO;CKSVgRmMj>?vq3KMNgO7pRo34RTu{hN z#E8y6Pkp1baGGM+3jb{GW#CVAGcsZd#d&*EjDR-VAmygaUk@aV4bcY#=9y339#iWp z4LLXFY9S${%_2uHca*=ouwH-leE)6d)zvr-Fx5^b{`1DjeZO#>|{exKeQN%r7MN)vh5G?28uhhT`ll+>FpX3z-HiYhxTfe-CDPE4 zHYZ~D#21yHC0?Q*%HfQ)%#Gdu#R(%(?Ed^$!qbL)%2gW2m zk7$<81d9t$oD2qlWjfG%YQc?nN$>(UQ;*wYPM6$Drt<2uVp9|W<%@0GQt%DN+n?LT z7}K|3=nIpBPl=mFh_B3OaYy$fLdE1bJ&oat<>_Te^4+5zb^d4zM0vLjt#{fhva)JzLL9^qjJ z5a@8sq4ju?Wp_IVt}lO^83vQ%7h2={R(y6R{b|{xTNZ=)tl-Bw z^X$6hZoS1&lF3)uH0+pf{w8goqN3o|rPAQC4zj|$smS>X7xLtkoiW;qug6B6=8s5M zXtQ;OY>t$u2wdXcDXL?GAAafp+^jFK4uvvIpkOMhIqiLOTkNF2R#Pa-2z9_rqfq|V zy?9iooNIo%I20+}4TB~@o}8`ASG#I1A>43a?e7<1s?x_Tew)Af?NbOuSFO20rkXU8 zO~$*w&i)$|(O73H`(TI zc|BY}Qr@9#$c*MaQw$e(jzvqqK})qW90(=GJUZpo`CAq64*vK=$Qf1cd>?!SL#Bna zTRd4E95UYy7{p?FsSe#~6x=`O?jRSlN$Q_7D}5qwi104x|FqU;7<5!gLVfPBbte~e znS!$j8%vGCxn3p)`gyQ`fF=T^x_bU-(n*UZLNk|%&>;glLK=@5hl?H5tigYx?f^dnWN1Ek*p_oyLN z{sq9{>NEpnvaaiW*()StlSKB(tGKm9TlEh5Cw;$CY!1#ND?j`N)bE_ork+>2%>X5& zoZaEbPZ%6(5wuq?FV&VWI%$@N9S5G%^uql0(^C(BXmX(bN6`w@Q|Tr4;1|oP>(30@ z?)`V@Gso_*%U&BPwmuM2TQyRF4c|BX>nzzRe?s()$5KXoX)O5xb$I=+&e8_k!Tx-d$_!R1 zkU!AjeqH{QJGgwi9W7fLuqpd|>PaKmX(#}>~0b&{6YaLk7 zf0b`tir9eA1=X0a(Cq_>e0h@Br$L^$Mvdc_$t)7=a!7!y%`i&ZHG#5jP?+T~^Mqz4 z%D?i5(LrWg0k^&4nEJ0`L)zc)h{{qjs#ca}wl}+f)8zzp6gqzwc_+GX5ysW;<4%}z zZiE?l7k+LPaQQN8j1gnS6%=#Fzmr5512Xcl;Ut>zm;_pqHL2u^w}-ipK~2AtQO z-ys1XDn%Q|MZkOa1H7|RUx%Pz#_AX1^qc=cCKiTo7?+g}vB`M**YXL4iDbZ*F9WuG zH5V-gYJuqpx!J>N{;;kNQ+ZHm2IbWXz*TK;M%yN<{qx$nX{*oS?HI~qWfx2a6VpP* zlPDt6Z0;5mpNCq;>axFSa`)sKBhtoOREPxsA@X2_e8;(|$G0qO#F2h2=LrfaELX>X27Z?& zCT`xU5td#q${w+W1DTY$Z8F&gY02sQHHpKqhL36Qy&kH*%0#0I(7gBU4v)sspsS)$ z5N$voK;|Qjmz+=T1R_uXL+!Nvb;cpKhuUkt?2tW~ z@ky{Yrg!FBoTUEFbw57GIKdRZyQqqBDW|qh`XNDLmnKrUAe0fm*MI4-%qp3lmJcdg z2((xK2P~A}IB1`{IcSUVMRZdCb3pdgqOz3IgeiitHH)R35>3}T!OrTg2xFQy{qUs# z785;CW53fmLyvRk>r^YqA{JoN8*;EBfpOqf>wx~J8q*0gp`_Z4AvJ~{DffPCv{LYz zF5@W9V~3=f_}Iy4w_wM&vB<#do}j0@A$IB&?8PqpPShyOu&kZ9Uuecw*82K|Dq?gg zvO#iiq{r-)$wE*Lc#$l2bSzXFK=b$3(EA0&FwQ8XG32g3LAojq<6&*%uc=xnVLM%A zr0=h`M59BT>gX(~HA&=Tc=*eRvo5whSA&b{T%nnKFIPt5I0B_YcCxBA&>AscYhD{$ z6rQLf3n~rGz3Kx~{7O4X-=0NRn(tKKibtuZ6%MDKLO4t#QUVXbl~5BC_eLB66QRuJ?k$QOA|Ef=B1kc5lIsD#^6Tcu+mIx|!T<)e zul;qU4FJJ1IRc}V9RFyK+#6)KAotkAYJc9u#C=Yi+tCIE#=xum5V0qJJb-QA6(v~+j(-Fm*` zxxZLHHqV-K%&|tk@0cA0I*zd1Nnm{2WxMV#Nb0QHPzsFYu$GA*p~ zl{Uvk1&JUfZ?0_*gyypF3S#aq-7gdyE%i=E2SZnW-rUj>S2=V!YgV{yf6^kEZuD=j z?g%Y$6r#`6Vc8-H-OD7S6d41wxrEzLJ-Kt8y`w9Hmjk;%<Ilo9V_|e zO6mhVzOHaX@u7TUBah&yyQ&dAP4R-;VrT^ms z4i2rhrKv3V@JQr1;>}`ziB0xiIiA#GVk8xPU>QO zuf;Q{{809qb7;*O{Xf0p5NQe#`qUHxcJS<@p?8!y2=@+81I4Q4ZH~D~1JTK0r@!*F z*0>@(INOfPePl2&G~4?QT7>an=uH(is`cazJVdlK;_88|ooD}H?GJdkh=o_A)QUZ(r`S8HEB&s3 zlf!KlS7aJ6U4gY`=KqoEsKIu=W04>+_ivmQSVSQ;`4mD4?16}e@>RqUo2v9JNPi%0 z3`Bk&jJ~5V4SZ>G`2!(aAiA%@GgZeb-oF}WWFzlIEx=?T)r`?-7qR1Qp^bt3!*P{jq+O~xy>ceKEGUCia&`E#fd>LiBmw9KC`QI~TsfN<876K~E zw84k~p9wG`KyXf?0r5H??b}k3{v6LfvLha3RYIJtQydFo70RR$3Pq}LA?CpP-eK{l=&O~UU+*{r&a1aY4j zHE@Eto8v_pyu*IXZYZ*R{*9UYZlvAcjm`ibxTWqYuBK_}8JZ5lCRw{&P;5TinanPn!=~sgrf&@bOc?JWfM>T^~iZ9h> z=VQELnjeaoXH6VI4o5%i0a@&y+x;XvAte)S^7UAOC5pD=tIpcJ1Df!V!{ZG@Xzvzk zhMXZOEpgwyGk%5;g<+TC{Dx7*H04N69!VC@4U397&9FH`hR^e+h`b!e*W{HlG0lPB zzf~1Dr$Mys$=oU?Gi34uSP9%PFS4Sg2zQ8TBZ@X7x1!*c)kK=$9TqLX zk$v=Cp{YlGKj#oJH{B|eK!V4hSFJertM8vfFXGH5lh6lDNJApW#zv>e2<%F?Qyfqu z4_!^GwX$5#7AqI+`msVG3CpJ+>--_6dds_$)L^Q}bmx4zNDEzk{|ch|C#v~bt`)W! zvdPH0)%v%XW8>9~YYqUJ5?+izva3riH%p$7r^ z3+Y>sX#7p7k-yA7${zul`J>A17#P z+10UR*;{rY6*>p({aD_;K$}jc=`Tq7mXJ$z`gtFhLYLK#Hx?mw6hAPshjqcYdG7$sjWxp*K%TXP5E$1eo><(ffx$i$!KI4_oT`kFKlG%sG;qI#P8f=pS zKzO`&R~`Qp0>d%KXXhO>oI?CfR+3=?6gBwe1fcsB z)tWb}o=pbDcR}n|pvPL6P<6Oy)9!v(YafD!Lc&JYs#sS)i!xiJt)Q|!$SG`$ z;*Ni-LxFn-@KbIom7!oY$p`E?@`j{t-Y3vWVnz0+X-5?7Ez3g>=Cm)oM+|jD2rbf- z4uXjK4Qo_Ij?XfUwz;PGYXB(^EdeGeN3I3ZWeKyOlyXj4+D=+N*4L(F^eh8i6-cm z!x<_T^%>G;p<6Q}N2vuH^!YkIN{vPNc=mT{Q^l|Gzx8&-$AuQ%m!i))= zBA+52`kw8jl?VPmfai#ih%UcF{0x9s5F35*#iUd2lv6$}mF)ZuJ#AC}<6}v;ACW%k z?vK`n<;VppHU?%9jnPZxUk#|CaRag=UrKylYxqG6{LPwu6QG2n1S>No!8Im&_4t!; zHcJU)Q6y}CN6-g|4Udy9$b6Asy#6D^HcHagJ7LV8QABIVCoO<4@Fc#TH#G16S=|tQ zsKs0MUIxHr5>urhWoNOecrN+?=1r9Ye}Er%xYB6IatCM)vzc&c{!JpU@4vbW zU5A>haNnas4K7XDs4D-=wc+~t#pij~zth)oY``}q_=AKZ7k@!CIaQnRXsnwxjY(LrSHUKyNz;8f0WZHQqZG}JRR!UQar~W%&6cYMksa2`*DFUUIKlYelLM4|J)q2z z1S{F(z(;qb7VlTI@U*kEnqzYI_`}qLS4aq^86CoTHjnkV9_dAH=GXOH0bzVL7{-q`yOzF@h0$~ADhCa>0CnkMJPA|PMfXsl7 zYVv;d)7S2zX~JkX212pExnfcM&O(YU=oz@~zN*{TW)-BoL4BM#q?!u^_3n&_~( z6lz~+zGbF!&?PPbP4;0=u5$&Dmu(8lJvT^eGTcbJuYahCJL>|>_LZ6h3m=+mQli|> zzjKQ6y|;JuPrhr+48wjd!P+TiSH7XRvY)zcX?&S!71cL&YpLn0vkCxRl_W_viRDHH zp$&(ct;L*LMYVLqcv#?Qyau&(vZa8iUPJwk)6`Q^Ixwsm=mpnfIG& zaH^0{(zJxisRK;M;CcKTI6s4x7krxJYnw- z5t-o4rWDh_snrh8)Xkhf_7aps?J+;FF#Bf{W_y0sx3w&)>#Hw)Nx<|qGw@+R-}>PY z=If}Xad-y#A+@Ces$`NgP#urUi70xO>THi}1@J0H!&^V-k1bFt9ObG}Rzh0c#-#zq}_=*Um#qaig zdOdQi(&rABW||3O%y(vDy7&oETf;QFg zKD}h2&7n^$+04*F~HvIXz=1$$DRYUP9=xDaHrK^n@6DsJ`z3qYMNVMoodC|wVlopzsS-& z^d8u+vB=V(^D%402srY4K}wnd@#=BQve%3k03AJB5b;}2qD#O@lQiR5R0o5hHG6Zf zrOb<0c|EuiH>eN`^$a9E4J~a+63doKA#AkJ#!qM%+*|y=4-m*z@*ROX0|{1sRtJB8 z$?9swpao3O$o06vzPE#aNb8`=r%y$|v1Svx9s@+5D0&MHAGN?1ehI6z>4mJvqlCi7 zu@kdYk2%h6RIJxuM&e6X%idOrNTFyl~KUbD#O{$n$Dil^5Mqw3xtLvKq` z-eLb~rD*$zeLR+80KC%Ykapsetx%gbV)#l9Mn${3uMmV-(d4Xxj#CC4^@5W)_y*3d zCeGzm4p1g2JDLps%|i-1Z2ZbJGqmQ4_p^ZTc{(_E^`pAEavOb*C|j$WG4G0tdD|G$ zQ~o0%{>6t=>Eo#0r%S#Ril4G~=hOYB1ret`?#E|xbrqAcpB%FnA2bK3ziHBTMzhT( zF+b4D(pobCHGe=l`5w&hSQy3WfqpC?*wBB_87x$V#!n~6@W#?kM0iB?#sH2v8YR)B z=yC^Z%rPl*1!Hb=qMc{{JQAakFO2MeEFXR+9KYQ8B(2Gk{j2~UaJw#^N9~Bs`ud1Z zc07Z>C(h$xO#Jb@ptB2-skKG6JGwl%FGW3Q_PT<-wP@vt{`Tc4PrcRdm(&(M9_R9p z=tS653gzLk3u2gifOagWWGK#&0qPX;c1X{s?qyx zAo+lwZwNcrzCg3jN*z=_4h-?4op3N#UEywx^gomR}5@P z+}YDAx+Ku^Pvxr@B4OF#qr=v#m-5V@t|Eyj^jm;yr(y9HzX>cTlR40KevOTLNX1jU zQRWsCT|Z3etiP;ZYKF&NVuwfe!gdLL{J7|*jo0~ytTHu+*d5boPdq{t9gc-bcG}^n zKUeKggMnU-(tj0AjBktaQ^6GA6Si?r)WbLHAanSupYOx`-Yz9+L6w0Ud06zJ9qLD~ zsJsFR=%-XL0Up8jFZ=Afqhpm~=(WL5wav+PF>sVn^0_wf!KtC8K45q<`j*Gwm%usD zA}x7{70CKe36(MgHk1dMF>&{kkDmg;Fk?I$qHBOj4lBT=gP;{_OG7bl!1oDpu13k! z9jU6TI(6kM9qdl=C20{zq=f3)Y6OF;E=h zTWi;)h91Omdd#+f_o{VCL!UKJdeV#9wFX)K>*eX$KPdN~=I)>4TF zC*`_%PD%srpQt0mbiHaQl{$Z+pOrc~P>m%mtq@%sRT1;yWPNqvGMdoEfkmXpjBx(s z*~oQ~jYxT~cr=ArTshokuHQER*a)Ec%94zNh$`gt?c!}o`G2%AezM)-h>)upuw(d~ zo86`}!-Uxx{S*%<(`k?A)1a%eOXqTa~S)8 z(9Y;Bqj(VLM5#kTw5vi_7(WHg5TPO9ckZo|lfsMl$C?4SCVp@oFW25Wkh5C&a1k6r z84{a?FxnDmIUN)Fro3gMksbrmQK>9O5gh-OP7#DnY~@NS!3aeO988W`kgKQ#`^PRw zk^+<9#xPm02dXD(MMQ5k?hDMw5LpYp5*Ce!cAErcd1Hh>%sN$XuHob3do|6kA;3#} z>9n!{p^tgQz!^qWERC=)(f$C7iz2d3SgOL{JW`_0-6*MGzW95EDbe02C!b%A(RDRJLw z(DJkBi?IIK%I%^cp0ASOJCBJPaF9}}XvYfebaLp)H`itkCn&)=YPTa+@qYMYn<%|v zN%~1fYmZ=zMP5rw@-i841}kHd{Z4EhRkg?uCK0OGt~wkEwCCIT2SyUWfeO9jO%W3;dc_2yZ3wb3j+~ymR$83mp(axBTsX_+yY3Wonk45xrE2|U=IK!fechJR?4k$SW6il;Gg z@^&0r%<)|7sDXM>GUznvHkXRZ;Oo@7`El43WGQ)`7U$~c1PPWCs9zY)y|Pshz7goD$HD)Dpw9rp zX|VH`lz+uJcw8S9aVLLI7m%i4>l_i;(PDYBd#})HQ4nRJgNHpX#gAi=}5OSQ@5h*L^r=;igoc@jDSE^tkb* zQNApnn(Es-Fz`KIsSFklmsiXxsxmC0X_sl}$QRR@^L!-7W1v&#Ug?~^TFzh3Yvdyc zz`RX@ZbP;%O(rg zsYP=$m~m3avK8w@?ff{);5Hb({$ifQ6z*ljkR2pG=q^Pj=M1@8K?aZOYDyw|vq;0T zz_G~}gRgzmQ-$arZ{C${`afs;n}0d&M>C(Q6%UTA!VBp`V%6#XFm#F!^m71MHcDwx1wm=~-_&yYs6&m+&VvF?9F+_unm%Iq<5 zZSVpfdLx%qOt~dvQ?l1olN15a?6$=*jL5^F>OticQK$wO% zvEt{127syl;>BzmWMitQi%tt{ah>|Ao3@g!eC!>gefWQ#WAx zaJ+U-zz0GwUyZG)q;Nx{R`$-=HNTo=Sfgl@v&t651CMzvNxe-yA;_3}!t429bZx2L zMtWqKeQf=0(aT=&lXX-;g9C~f-0mBJ=5}eEn%x4|bR7r&ec;s0SC2xIwocw{<`gfT zt(an2eoU!?K=117@Ku^Qhxk8)z}RW1P~bE+!A(Z&(5(-BO6o0_0DjNKgvO$lDRfw` ze4y5ny=0qNupnsu4bLq6!T>v%-$$@$NzIW%I2d&$r^SHux4$+ZgA(=~?g#7loAPv$ z^fEw@$SN2;Gj%v4UO%BSG5e#d_q=A4q4$=t*$vsJpCloVkX({K(j8rZcYE~`b0AG| zO^F!sO$63$bc+@(PMwi_Y-Rz#Ri2`t^kUVn9f%65ySae=7I3L6QV+>KyrN3LXOL-p z3|$*32rMaIwwrcq>16fe?YZv0U3eTt#k|P@f8i4_@lovz3MEvPT*e`-JTW~6Gfm-s zd#h~Ey`-xMXj0sQL3e<=59waEr7P7j3R|x;zL+u_a;kMwMfQps&Hgfp<$=U{cJwq) z#e#w#|8PVM>O;`UUKUYr$1GJz;eX>nO6X|zM`L>Saw@G{KDL62Le()xS@W*j4XMI5 z4#Gaq9(uXbUNEomc}GEwVlKLRvHU#bcd5I1vX%A*@&xSLd;-eg#c$s6Bt+gM?bNR1 z!M8eL*BuK|ZN-P763;voYJAp4irmiVLag9f zsg^Yky>ByLW>h~0()q;dIfQKZR+v)I=Yj~cTBf>@laSCZHOCPz*nd#AZk{=)%O2Nd zMlqKHRj9wPr>=Te+^~ZsxM@}sTD?86?T3%e5(wfL4Nd9aJku|Za8`QOx1Sicfxh-2 z(*Oja4$V4|fv`JTN$6Wzg*s7VS9;{wJ)2U+-$5IZwUA$a8fUnw#_*%y+b+T(5;r1A zC$K@nKy!>-q_088*z-mn4LQ}wbGyI#4V(l1%(6jgj^;OtG<6rmtJEAPQ{qrZZQdW+ z6I+%V<-f}}cXM?$9?>G=l=s3{l3zr<$+l(SW zY?5w?l3=C)z8q(#_g(fcfaiI3Scd&{PxB-O2V)tYJIvKhK95a-p}54@3+9K6KqMRx zHVzE-Nl1*rXCqc&` zDX$Psj!Rlk$dyboo!h=k8tvc8os#cTAO)-w1$gYzK&wYx09fso)HT~0q^q}1w#Gq5 z9yBE#2M=M&`J62#teH*mlns~QTUWCeBsG$GZiccgQ^$;bGVGPKh7 zKWN|Eh+t#I>Qy;MHM)H?J9y^lbUrdkA*_nDPqgBZRM8t+btivnaP;^j^4N`RD3$Sm zzX&sfl=qOikls#6=0nS;*>-IBYS`t@v(id%S-rkO8ber!8so@|7(Cz z>?&GNZ{#Vk=?ygCUUC{czIv4-!inTQSv3CHj*{&heYnkmjq2J{Pv;=*&R}4J>Avf0 z?T@giti#tO-=-aLQfYIOg+Lc$U=c^GFKaT+^arSVkA$drtCdO`cAwT0ryRH{IOoUJ z$0fC2D}-+KZ!rsSm-nk}UM2bN{q!Xy<@zdON|_k!$3g`prdA%*NAx(6ViKj!{f8F- zH_Q#9iUtUAck(m^Iwfb+t|nFAS?Hqa?i6OF8UgMJJ3>NI`Yw|5?V5VBXtT)Wx&uAL zrwzCJriWZDH>$Z}bc0$8_h)=vO|sbVxMH{hq5Ad%8U)U@RiB^hd)dL)2AhJ+95Gb@ zmNhU2T17ywiKqRM&@f=)-pdraLyte?h8mT6J*wn~5X&9>li?oBMKO15r2JFNUa6o| z`TLfMWaB6X((f&OKV?(J(M+gpiIsfH&HS3Iq}A@|w?kaBDd^M>euN|z?{yiqp=Y_T zPl%(@v6oQ_qECdpN@Yq2roiK!awW$Hn5hV`ol4E9lMaq1L={jx)6K*~aEA`MlN_2b z{w6$`+NAnJ1hf~H?@~(Bx$>+)+1lbxAw{dLh97y>5VsjyTCexUhLDxa)?50-RKh98 z6>>%I=bDR5qb7zlKfX4JBtlp?fqLv-+F7et<=Tr~Co1QN(;-&<$OaI-Fy5PMk-aFV z#PS?}qicTMW-|S93*jSey7A^}s8?5KPhW>x6yqjOCjD(|B92F#zMwK8lQ+*czxLky zK|bS-^@co$w&)*R2Ei<3D~;DH*E-wdpG-WDKD`V*F-Qfa^9)R*W7e<~n-y*`r%)e+ zuuX%tWEpkn&9genXQFYnDsd?jt$V*% zB9Dnd{@Y4Cf3$&3woD|WwnFgHa8d6X2j#>0XmAk6=Nl#CQas8));O8se-Fth3XZb! zr^b$$Y`HmV7P=hZbX!?zO=2XK4j=5VJr^n2*l90H2gJ7_V4>F!V%O%T7?PaS44#~r z?xEs0TB}!&P}W?90q$#TR_?Pes@k&@tJ7~H3e7$W$TjS{@W6 zlq$9{6Od1#A3ypKW!+z`z}$NB4zI2@7VvZ_GS_2k-I|4CE*1MAZj~bx>&%)wXE$mF zaVXE`0HCXrnwYK=#q&3VqOs0>B;gR`6-sC@yjANY!Uh<31Cfl(jv{k&CXKO^ep9%A zqn9pxF)5203|Q@r7Gcm12Pg%!LK3>IyW^8z(#R?oxQBEtYfpn@r0tzEitls#J-Eb2 z83I_&<~7~b{n)(h_9ruS_GN2VDD&<>&45?-si=VQAn^f95Ai#1qfLPehn?zdEy=M! z5XP({Q%NF!QoCh3JhcpwS}hTW7f~TGOfC7UU|sYK*DD$n1&k5VZb*2m5OhF0GJ;>I zGRDl4JC$=8C%H{_KY3Sz0IbW5+{!3_q1{TE(KME{jum}b@5ME53uYG^NDJPJt71aa zr4WC1B2N1fwQJ=QaS|q&ho2mdTz2}_I_G5rU5?z*$IoeAO;l-Q!fMavAELMDROIM~ z{@;CkZ;TKVAfHIr;{&hM9655i@G^?KFrOHzL1bUz-a$GuJ-72$aD!dYVIAk6VmaKD zq!dB5#84-m?LAEs-FLyze9&G_Q^+5}3g1+cYVAuBWx?z`|Bvg-GGMOxlmExEB!;?7 z&7brcvLHGNZa|CJ8Jwfz&55hA89FMhZHuQiJhs-;RY-YuZY+3*l zT;a~a4~b;jC8dkT@i@Ha==AS37-3^hJebZIyF(GXKMA}iF$4ePKfjk5V9IKJ6Wgn% zpMW}TI`{#!Jx-i)By`W2Lx^{6xGn3?JcaOv)IEKw_q|xIS&g#k+f$`^KgR&1!hT&M z1hrvph(FMRM)OW5L_mSG3WHWmf-#rlMG0lG2T%ScX6_ncGsV@^QvnAreaY~LpX%5D zdboP%Dql;MWl2?B)H&y0{g@K3D53 zI5f3QJ2qM|!4w0}D6sQB7ZaRU8{eRQTzPVNmQJyghf`!5ry z23dQ)QT(JN-lS*U8IQ6VZ7cp$wlAaQTRX~fASoaHK}(a>8sq_ZoY11jtvjC8d*fI0 zPXqem3r~oif?*vh8?`%`_n@jd|P8Pm7!|!A)VKHAx;>qL=JxS#|3dPo3 zt0n_qIUY#!W*2!X4Rz?;b}kND5o2@3yqbg>W1fG$f$P=_NV2oNN?$%Q)Tiv-YP+ul z4&K$?JT<=T_50hW+edEL%W^-PZo&TQ0C^bW6zfdJLQ^wpqf;`TMVgr+7hr0GYO3{$pqF*Jg-(^!_cfLA$zcnmSn}V^gtIoL+UDtyv4n5 z%{zE{Ftji>CPqIwI+^1){wA>pUeb}U+%W5J=_uT8lef(z*KA_H<3&K%^k=yp|Ut<$pAI)icWUvqoDrP%RXRwu;A?UZ_ zUdeLpE6Qk0)QqXbksPaZAVr@s!&J@J@q_#Wp;o}fPG@tN6ehxJ%O|F+JceQoby3-G z(uY?v(&B~lT16&cwrpl{&_JRl{L9k`q$LL^2({o!uMBt4ZPzTbTh)Xl;MgpuIz`yp zGsTxUjwl)V+bUT2au`R}xn>}qZ0?iMrQO>6W9I9yEcJP3-W+Ylm3b`qfoQ+qODc>( zIo(EHk3vmRWAmc2Kw^5I8Keu{e`%TCei^UfRNBg=3?0jR4f{ZiSbQ3MJOS{V9;^cl z`rnChx;<4uVlcHDH7r<(UJ0|BaR_Fa4_?okST0{~zci{wIu;2p^VGGOEIQ%q?bOD! zbAPKt#84_9V{rCgyX>2cyWFRR)ToX3eZ;(&-g>=xfsMnPB+O=@Qg|t!vkwctbpF3w zt%aiSk}7`Y=nN7x?$V11{soX8gZ;8GM-6w%fg?j8E2RgqZDnE8y2QrU<*0ru zs*_eI=6VT~FEDQSPUwJoGW{abtmoBm_eHcRS31FHe^7)KhXR0*l>rrivrzf*o&%fg zjTX`0lzJM_jEE$yMUISU$R3I~jvR->lXXl+4=1px zT^C3I2>kG;U}aoH$SpDMjy3w*0_ni>qxh*o!w4A87BbOka1hd_D!H&-MjEPrPT!82 z-{gNiH?D*z$x2yVWCZT4u}h(~`A>9$AxT_;&+oz!#^K}M^1M#7_YITsHZhI6!|MOs zhTGxge^v0;j2pMX-mB^YS>GSMcXY2(utE7It$CQhPHTJpZ(4?LZYHm zH|tpxF>I~dF#^_Um~1f8VfV@OGd5R-ko)c9V8Ld%sIwIQr*%4s<@S5|lON<7%E=K- zqZyP$<4XbWPRMJn%8~EGR>AYtwqxDfUP!RIP&nze>KDT-LZ7Vwe*z9WymvL;q{t8w z_f(tCs`8W8-LVGvXj{+FK}hD&;dU4v%M|AbQ(SVJZ<-<)$X%6C=3%R>g6x0h?@-n~ zPR|BiHT~U`uN_otS!wk9=Qd~6R`USRo@Ke)%#|Spvg?cyG8MHVib=&CX?e9K5}_P2 z>R?9}JwTvjAdG6DraG`tAu^jTMQYs*r;V>MumBfmgVsn!xf>JV7p>xVe2|2;)RRbT z^Rq$(>#w0u^2>~_#r!b3`V9?)ZK}jUNDqNqRG$4ZscwMt$>@o?HVD6@1KbV)-_eX} z58D#(5^6`}qtN@Y9ZYxjCm=_xN(F%YjKK#IWf{N3mqr0dP)`9{n`(vwF0m?GMRq{! z1I;Z@La|2Qg9lp_>T@tTeE-H6!^Lxh9J5p4^GWNhoVd~_dwVKN1b@##VD=VuctMEpW`ig&g}p-?fJ~q z=C$a>#|nMZ&SjE|)BUsuU!0~mu~0s}0_m}(dkf~P_Ler6NbX@9@9U(mxY*x3EZUYE z9R-K)qkV4ga(a*WiWj-&>g zG!X5*7D8N-N`nVeLiz%Fo8$m(aph|g&gxIro>i-t28`|cT$lJ%Q2|At${gBzB1*06 z>rV7g?IL+v!L^r3w%wM&hp3_^BSzcr3o|wqb7@L^+DvE(?E%!WV~aDn7n}@f^}io0 zoL7SKF6u;hiEm@p`g{UJ&soG0(R&BN^oZ|#jI@){!`dx$;zZ@YeW$<>=7B=nz*iSHX}2>6e1$2I z9A^m-JCE7-J#tl<(vZf^p5S;71;#?4=oMCRlhM6VcdX0J>2m zhy^rTtP-^ly&!ptB%VESd}7bJ?Z}L4_2so}ySuDB!He8TDAg(gx+Glnl}U7S35k;lV1&4>iQ>!->3#WC-#HR97e6PU~r@s6!RfoQ?^q$y9 z)Ea0tNZ?^l)NwRVj}m1{jHbrpvSZGJ@0CZ8mAfNKY>;k5f+qW7sGCxy7jAM9v)>2z zj3r(6?w33rqj|4rj*G_ISUc%ZiD8p)!3EGJcx5Bi#%_Y>XJlLgSy8>`7O2LRl9Gw9~xm5%!4aN|8o|!JI&wm}k z`&vJ|6`z>tQ&4BT@{wKPntIwJ-%Qz%>c)He&k$czF2!=)0+7!k}c{6^1_8QZ0VUYJh?#tN|S?-I#J~+?<*$UI;Zj% zjSt+#h;&{^Lrgo?K>|v1@Km~fZg~#4qiot0wVw+{9oW&dPEK8n`2ui^*qz-< z$tU(2IZc~C^0svPy=+j1w=z;$Y7KIfpy41rOPmTn;B@mPRuBYJFnkN9Xyj|#x;H2! zU%rAM=tGeQBDch7U~Pxlj&$@cwicz3O1l1w6&R=sPr(ZfEXR|>9X<+zGn|oDsHdOs z)4({(uP%M38#IjCw|L`b^rOw{a!dHDs(cNYH<~USO9B-D_8c}IAi10k*AETG;b_ZF zAxcc|eLv#UAV3H?w`6X+I}WBohFuE-f04kK7-A1&VH69Ri1{`i$Jv&KGjkUOvQPHM z!()~M%?ShN+G#3Piw>k$V_ANmrPG;cQ3VI$FjtQcX;9jIq8=N4v>p~oZFgA;-o5pG zDov=@6pSbiS^I-}xe`Y>*do+oKB2ihuQb*PvJV)jMf~vbV-rmUU`r_O`m+wLxYVIqfr*{x=(KlQhG zQfnQfNBQ=qt(-2nyXJZm0?aLU{@9tRwo&MnN33*h;0U*&7T3jBfwAJ-a|rlm`QuW2 zAA(D3CI&upjCZKc%ZdjuISxI{u>nW;EO-0jm(n(4)ujXMLQ?{%qtMtLl6Ie`BSJ<4Pi zraf$tk}(Dg+tP-=+TlyP1RK#xo}6*gx{>;cC1m{ggjKA81IractT<|g!JO|^Q=~{a zzOL;Q+wxoS{Jmc^UF4F;ZwxRSJSG(`Cy;%ibYNx={Qd>52JTVsx`1`Lyckbz{t|z@ z4L8XrR3VZ809VXQj&dlyYsu5A~6J9Pc}z*0zp%g)9gO42IEPhU4GH< zxsl^b?a;3x6g!6n-T6c9H5N#|ofczaJ0@31YkLeIc@z-H7kZ&vWRjsv*Pr zIf%VGh|duAJ)J*HfdJR(bZ3J+M-kV7+ZW;7fhgPxh^yZ5$Uht4Lq;ITnA@ux-9wx6 zjNMRwr_Yp7ya|VGi?NSs`4VS)`^+5S<7aNMk?C-~oa?!1$tJ*vA!ICct!Yq>4a6m1 z;GLEt_&`G&a~P2{dU@R5ogUa8qXY*7NC$Y53}m{e84MU%cuU)DS*p*SrgTDV% zYH{xXzKY!WWbkuGtT{~LJ3ct+YGUfzpON}v2wNzX@uEJZSfq+>-E|pIJ&Fp?eg2fA z|2gakYN-^kNGD6cBE`4oq8QC_AyY(P9#0EeRU+4S+g#d(Vc#;UEV0Rz7^$) zC1kO;Bhnf(dBZXOf}<3En+sG`7D(gfNl*GwNGHMyq_T;;6O|3*;}+6TDch%4Vlm`U zu7eD#N(*6VC)BDx>S(f+%vv;G!IlpHwqPgciom!T$N>{5!RS~BPB{jWk!NlHx^3uf zbmv9z7qh5=m>+)Us$5^X4?jS=h%<^)pu`)dJ)8TiIj;dw)Gx+V=gGthupG?q8X6v^ zJ!L2Lg+b=|?xW!3N6$;t5lR27C9@OIXk6q=$+FdNt9P*_-=U=#XVEatC`$M9s{j>c zfRhdMS+RYKmCEo6qbnz(*uo6?sVgro;oK&es->U8K1n|Z+``|_c~4b;`S1;?#OE){ z2Y?HpEX)8)@d+$NT;rpld+ix%R$o)Ce=Fg(lIiSO2E}LONGuOHjzBGoByeu5+9lWK#*DCAA|d(PANYRQbbd5VB|} zmtpLC$@@EdJo)9@$h?IoIof@UGkO((S})48NH|x+bqu244n3qJ&5G>wQT#&fZCHo! zuF;#p&kCdv7CtmdJ72K~v<=p?NxFQszqpT0cn{YT{-VLg^8G7s_jD&{)P@JLkPdZ! z+BF{asZS8>>V_Zo{83Gc&VnQ%3b+h~vVZ8$H8+ZH?Z>U$4F}3@zygdtAHJzx&5`t4 zSEzs~=|#cA9ddMLO022)@my5h6NY8RsZZb1pT1?C4W(W_3v0kCtlco+P~dzE zIrrdTXjpbo?JA6hS{0~IAprYtg5)Oj!5{AZXl+~30rnT*aae?_5oA+ysI3JXMNoD>c?sGnPjc;Z$VlP)C1`4Y&2(;t%H-DgM3^;QC zx@;@eOutzKs}HR2)z$hK&;o9xjkmA2;#6ABiwEcacx?{3V9aBt5(hVRIJXfrgH#Hd zDzD(f2&1~MA0YRP7hM+Rc9<;SwbuSdR+v9Ulp30uW4rXh!Dbzf^je#c*4r9L;To1j z0oon-yoRR?=LNGkcKU=wybNH(+dwne1n^y(yL!t(phiA~Z(#9ex>xoJ%btE6-7Y%5 zy>&$QyIpSy`nONphD_>o7{py3FQ|-ad}E!B`$3puYVtY9U3e~TWD!m9*3uU`Zu@CSArlVCpA14NSyH*1_6-IYWciK_HO#VH2sqyZ-vW@h(+&z6I#!{- zQ5e;%7;rpP7pHl>_G)#IVCf>iFIc##MSeF#V_^5`+~s6Xe92FfIuoC9f;(7D<}eFZ zF(fr3uP+u_UPb4Oq}3V7TIrAsTz~uc$<#F29O`wq4*gPsTtaiD_swhdNW}A?$%2{& zvb)Ek^1WAcfG!0GtOxeD`mqwn>RRDgRH-%eyV&NLSR6g>kj}J$Z%cs}1bW=#o$8xB z0p>|P<~BKXA5Gxg&a$WKSpp^NRM}fPW)^L~bgl8j{6GB5nn=3;1KAc&;Tu(nwb1+= z<%aCIJ~=kR7SYHKjje_8-n>pp&fO&+8RXu%f;U9MEo8o_D^89-JjHKvE~ks)7iVrx zd2vbb0hy*`CZ`;dSA-svm5$rr8n|Ut!ptr9j%o63L7(Vu^HYYF0@b&V#ps-{HIkbv zhL+R|fsregvUyg660}O5stX#Up_G1EwYgoF@k>?E^+Mk@l zoMV|~ZFTbQXdPuh&fjB&OGBD%$BBXEL&H05oIR_xGRk?=u!4IF&bO=ScT{|k->Rp? zWE|>K(3S!dejS4!)emyu;hipCOsuSUVVl^Qi8q9nzvaxE9NMcob$0!@E4riLU6G$a zC>H&Z?2f-C>*{|OczpJi;!$3@%!j3!5%)D+&$dRPt_NdX^xh&-l^3%}`WoO)^NyUl zV!4oz$FTqx8|(XDa}EuG(X)LVM!^XVIKy9I%1e@W(9vC_`l*ELPo7#@N;4#W88aIX zk*)YZukjU^z4zwnUX$5mkqzVJkU4E&S-Limch%mz0@ zir!W$7PFF4OI|!{dR}+>T`Eb7DAm$kJWTd$V61KKLJz~5* zeR(vjPxHbv`20f)t#<-S<9gqD!dvV;0k6}=BK+h{LcDie)Ogtg&iaU$)JrH_8ewEu za<^b8ys1K$8g8-9C&k=ow_;jwDR#6vM+lXVPA6(8GR@?L3w-MnMQu!3*fVBntt$Zu z(Dm`#@g%Qs>gneZIorb`x{YK^PkFh+iPFQBAUjt#b_2o64KYop;65Xp4jdb%?MY`* zWBjPm(NmLM(D5@iHG5vX3dk#gPQ6+&!Hn!fp;!>E7?>P_ADCrj>C;W-Bf~1) z<>-xK)v1IZ#4AFh7>h(b=T;Y|XE>XT78|dx6GCAYF#&}+bdn;Y@{r68LtNSYGeF^I zkdItUyu5D6x!_vIkDP3@eaP|R{$1%V-g$H_a0@K=gts zvXX+WfhbW9 zuU~IsP;rPHn__}&48z{_+o2q_C2<;!3cjs1Dnt||Bvs2qRH#0&0jNjYO4!Y6NE>VL zY^Cr}n=l8ZEwDhRC3%i8?k^njc&=_G=M!!l2Ij}&k%j}IS7#w|1v3esg0TRq0t(aDgz%}9)&ld*F(_IBabF<8qriSr{E}i@ zda>6Y;He<&jQNS01k}Do&0}RF_#pQd0b5%KWmmWmHLEhI%ZLx+zm>9#MgFp(=JNwD z6hmV$k^~b+)-&3stsKd~AY#hwEaWx(_r*boq9Kr6;*EjUPpa|`S!5{*Ck(hIM_3s) ztu2k@pHa*n3(U+H{Mu_m^Z0aU!aP?a$VfIm4gkqR7Z8}$N=rdT6jJS*pdgvsMy(vI zH2~|38JIGEbl)aC|`bAVS>fr$s1!&IMDh}KX=dC(T=qAR#&~B*O>2NBe(5C(FREa+7C*pQ= z2XGzK8%#vxB=pG1TSigc8ScjDH9h52z6&sQXnp!3$1$iDnanhRa7y)EEl&l_u`yOa z^ikdkncPiGYSrWpswADf%a;%pY4hW4Il})j^_5Xkt?%0k0@BhA(hbrL0z-FqcXuOO zx?8%W2I-PUknTo8y1TpI@%(?s^M2cF%`}CXu^ki)ZmIP; z+urWH`ObcT6HqV|S(Mm>TWa%jmst)@J^LW-JCt`{jXWJt*c_>|Zl7@fYKMz?r4zH| z`f&dAt$kF7Eq{)kWpS_1;b;`O#GRH}MT-nG8;? zcKSlnDnk_rpoOwZ>DE;PAIQpD)n7HiG5%@HddvT#lC@Upj%-fES;TEkXnQ z#d{~uHFTk{IG&9~Vdk)LOhydu7rb+nwcS1-DwY{h*eM#>6xC}Zx{(^v|BT)H&FJ2q zfsc^otixmhbd6P%{i(aae}xi%;fMqKMIMTxgqy_}$cPn5fFNs=oA`5pNBUUq%oEci3RnYoOluRIai>2 z=H7Y)D+kx;qcSfM^ZNm^kgZ$COQ%C@sd;-S4*VL_WHxQYXZMvwA&3o$NZa2Fpz;$K z^eEdg2)Jb4wkuLo$wX!xDn=bcrl5SAU2Wt7x}Hi0%?c{06T-mwzwal9&Tq(5j*Hjd~iV6>?*F|X}d3aEn zL^;BFhAI6=(fzw6F;?%D=~99IBhk&`^x%N6xiWOkAoq*N)Kiw?uH#%Q~>t92BMaL<=tSy zRm9``YB_%WW}ZS$ss88V$G#a92aqB!CaG%+1c8JOq1}_Djb^>mwYViFoUK@sUdspJupQW-HdUE zq}c@pHjDdgbuqpxkj6}cMnJ<#_Dj@0Ov4O(yytJX*9}8ws*U3g_5TrmEA!Q{yE9Zj zFQC%1kr1(AZ~PcyTqkedo*V&b8_&r*zQCn`xo z?OW$Jdtuw1s@G4|cmC%oH&{x^`i>QwBE}B_=Y903=ici;mCy(#`f$=mO9zB-GRoI5`8k;%HHn)n9OXb+{h-A$YQT&Pv#;>GLz7-coy8Mr8cdY3oIY8+ zRnufZOrVPd=0LSMZ>1r%U(xQbScJY5N9tn)4#KT0NC&(1(_6W z+&tk?m@WHFr^9=matth2x~v~^rV)+@X=J){m}}CRs0s56$q!WK`I_KR6kk_EL5vgl zD{m&-R7c7X_++RzXo&m(tLm&s#qnHNG8UCuu&5e?my=P~o4+OkSD(8ps3i*tqh|CA zGP90JY8;2kqIVHATy}T#ecuKFXVFf6thovNPqSXS{40202X(8tgZr50%Yh=g;kWT~+C zNZ+C!&?qR?$2RFcM*T9kA?qSt(-F{);$NffJWTtbOo6FCcDdFGM#bU$^m%+46Ft7D z`?7-$n_Srs1<(JO46c@{#+Ol*s8pt8EPMb1a_Fy+pKr>N9J{lA`Xl7oI!5<#07t@f z^+4%s8BPibx&)2rBYmOe6ik==@0;RFE$Zp7RXpJOs3FUISdub(zBqeag7fi`(hfM| zBPp81C%t@l8RdJwSm++f(LH=ceBCNLcY78x>Bl9d@m>~&8C)B#3yIvNgdw(o7Q^?= z`zw~A$iqFE5PT$b!#%q9@%6h{0oBc5qp+xcmv_ZXApsxG-TIWDKHl`WLeBhW6SJI` z(LDIPBp^01f2#Z}ra!${PHnzJELa(@kp zbI;H><-$?O0sfk3J%!#a$z{f()vy|a$Z&Qq^@Kz>! zfyzikAH7A$Bh#UqlTl?P{aJHWNq?BCBgGb*$Yx?DJj)0y9qlR&mCoG3f0m~|`J%aT zVc>x5Ko)P_K6qAaMzX?jg9fO`X=``#rQ~}qY=J6M7Z+C;95wZ8^m`8N80iWUZvP<% z;H35h47PlUZ*tm;R}?EkqD)VCl7HRAzHm969yjz9zb|#Se_`CK6Fs%56oO$-cNv)! z*-tI8-A?GgBT=wUopEFgPrHfPyWWae8JP+JMAIGfj<3KXi1>Q4eXM7lorB_4bgJ)Dnc zv`MDw+@9&*(!+Gda@IPZkv#IO$!bas2wrzSztdPpt%h3pKt3g2@oPLj*9KPq)Po4~ zO?pMC{H|8XT=+KR%zwVe=S-pQCHd!f5Z~jiBmE<3jkvgn9F{bmP!zGzTXx8bA+agg zYc@VWa@m|SB0E9?q+7+Tt<8VYgsN!5G)X?w-MUD|x{UhFHu;Bq!E$vEetTrKn2(|89> z;%yZT3H@37_j+|w#E7%kYAVA;Rc^3B+8?Gva%0}nozhxlIW;7@iO;053NA$;kkp8y zTR&dFolHnKN!Vjx8LefuVO1v~5^NHB%=03$Dskz0kZEPic0^K+zSewlRe#1GBr#=ALf0u>|25HIO1(edBSQ2+ z{=U{zAFW&?DK%o@w&7P+n!wl1E4QWq;Z|>R9<`0?A5XVQf(4=I^xqH1Irh_AKw{xL zAuD=jcd%?M=mR?jd%D2K`+W+K-jJnAqgD1d%0hMu5VE(EvSfE2I&+K_jBuB_0A^EL z1QPVifD0i`S~K2!`cb1hh3iyxNH7C}x6}WeSwp30lL@=co%Dj)S(&3Ng7BlWJCk)qyl&|u)994VTIbQF~ng71t%f*F|ul0d)H{r$j~nmH=kr&EU~Pd76TxMfPaG(?;2on8W#FD-XFE_lNDtskuFcV2~Es@R~xWPJfEk z#RU0VYYER)^>{&Rc6CC|U;a;KyUPc9jyTb$WcXCD8+6FPDV!HT%gfB~(!+vzFXJ5~ zl;xd|NGHlv5yojWZOSB;0R`M^CiU`o@ku*4TI`JI^CN=d$yiab$w?l|E2WBCVH*a9Kssk+041@Y@**q)MjJrlWeX zs(2c5AZrBjE(8Jom$%RbKIs)&^_5m&@)%jgZ6wiu{XMd&Z88^vfy_b(SRG~@;9|Bj z|Nb3%NHle`^^WyU^yJvmHNsd^omt^`zV1@d_x;8Ga#+L$iYPSdG@^3diP$mIU0~BH zi4d=cxWV`ecTGlrtEFPK~`pRIq<)Qid7j+7?TpA2% z7F`L2>W5$iXDqq`86Vo#*sngo;3zkniT6bZPiwPw|DkDda0*`%=|M|^d=Z{W_QX*V zVkL@!Q7N5l7e*LeFIR6XaTs!kz{}x}@x3U-n=1OZC8$MYkyNb!` z*L=T~YWs;{)fA;Wf6@uhj=HEO?)??BM9(?RYEs!^h(Kt`z~?#&LDpCYTGq-i#%Iq& z%D5$&0{2*fEg1ArX&Cc>i4Ic%`fL;2X64S7k|?hy&*a8~SAub$%*};qqlw%2_0|7= z#NAIdp4S!4K-QZ^2)2GxaX4x1Pj3@k%cED&lH>I0fPsL1K7%p(NUwU0IBcWUGcOJ) z3Dv$r9vf%Nl@LH*7%TK=@=UWC60xF7u<`* z%dmvB->=Rw$!=`fy}*mjgo_~Xi9bCBXZoP%FgHfA-Y;)!4J`GR63C;P=21x}V6CB+ z=WbTQ0HSz5EK;!F@5(X4i4;xqu{#R7RPV1}2DRa6t>MO3tOxPSOfm=4c4Y7*X8ePv zDzU|<=F85{k}HFK)2&6D7T0|nd*SKMsZ1NoS!dmIcbbAj4|6Hv^%NrE|2W|R!EkSn z~H!@97swFCb36@sg_f|B>$(X|J8Rj})muo4Q5 zbfhZo+&>6i-ALX&P1}C4_3ACzGkrLIgWO4Qc21u5;VrAA#UzY&afa#nJghKRz?7-t5*pErb4gXQN|F^1#u5%$ zO?Y?vIo4>|k`ll7oucLykFK*x{e7eXFGQ~!V>R)shk9CFaf(jA5 zKzgXCQ%ezLlJ(+l;gWO)YWku_p~7g^;9Xpu=>3EB zSu=0cXPJc-bnlBb&5S94L?ypXoQkb*!&?B~acgj?;LBb0#killEMrwt0N@}bf z=w!{WOhIkYzC#gl7|q$o60hT7!U9p%)&AqB)eY68eRpNGKm6pIl-QRHn^TYk1l01S z_!*mCW&bXS9cPJus%wRe&zFr~IL2WltPyxNy=#*p9E#I*jJ-6Xw7K>^7poGIgZ-sf z+jTC6mCRhidS^^_E(}uqj8tp0&eQzsV{-+8-<(@`_D90ADqpm}a2do;ZJ^qa=&Ll7 zRuh(@tIe|BXD8+_T@N7A7#7eN*qhit^+z+txJl|ZNZh9;XjW2RLqGiCP0i3AKP2>? zX3$}ut8f_M^@gScZvO=`!9+Jag+qXOB!?&+!!`6@4y_&yf0{m`xK4BfGt4xA4ykQ| zf4!h>2A1ekN%(^F?~Enilwn@Be;@R5kWvguEdw51Xw`$*P=xa~7Oy|oTqry|e{}9H z10PbA(FoC+b>NH7H&Eu5dE<-!^S=ujG`IWTqnSyW#>jdHg=v4DM!k-+fkDgTA(tF{ zs{u`en9TF{#=Qn7xzqCNvrJp~+NuL)`L z7)FCt%gtV0!#W6?q58ZqVc+ypHBfa-ul?~0)t>Ap9aI-r_uKB($el{>*#2JHJy@!t zlmbV^;66r7jJ#w9rYFNY_^?AaYL3a?!Lbxf3hK>v-kBcYsbhext9EC-Q+!hj8z+$r z-z*$TV(LZB@G8?>ec%;@0z4mmO0~+cY^L@Nz|@EZO$`AzeXatHZ=IT&xW?QT%@(qj{?tp zyy(NW`gaY1R-=g1${P%JAwHM>6_Sxp{A}dwjRKP^t)`jfMTj$odR3h9Oqzji9r$I4 zGZf8+RAeBKd{7kZz~-FWClE$;96v)dtzh7|q27nTB93dpqgPd*<=O$EdvvW%9wKo| z(jZ^L)snEEBFNwr;Jh8!qdJJ?IY+I%^~uaa*q#uUC02QT9`HUr zqe~ULk9|raGkku}z<^pnj>3LsKRkm2GJ&aM-TWN{|B@ZYo5j~Xy}xuLNuxWXuvGd? zNRAM1AqFN$P*Fr)CDvR-`l}rqLov8)7Niy#AlmW9HoQ@5X7KhQ3>e=8yK0YKlb#pO z)&6$rERQxGFp;);^y|CmIOFqua%TC_fp0NC6dwc#M6=E1PzCOf${R-4!rEkVg!l4X za{P*6Ab_lg5DPJD>c2pO69eyP>&Z>Ie#|a_eD7~K;OD!{UabXrd<#f80M}TCeY8eB z$V+woehVCY z1&}>i*I_PHJe?EO=^k)SRy&?@%z}pyNDfAa0b^SL2SRkN*wD3k(Wwg+II_zd=)3@P zp8^3UGzY7z%^7@#h8e>qjz4xAjYDd4CLZIq1YFt=FIh7fVoh$q!NRepXK=$WFfL+v z4mDK%A7Ci`t#z7=4l=<^PK^=7*A zEK^~stNYpGeUf1LskWnYFJE}+S+kgRew=__{JJ+PUJs=n=3%`P=Q+C*W(pq8)UimV zsfPCv zEqaA@L|4S#AD_zlo9BlxQ8p`sxP*_+%+}{d^4W(iII$!cg&+uXo^WXTR(7oW{9(>K zQV>~NLrb%Dntu#`sOf8~RKZS}W!So-+gyveddAU`639W|FN=H#a$NVZ;|o85To-{z zJ;;~YhO#2MGtu_=XYO|qXd=$WGN7>I+CG>5F8Etn%9fL+Lg@b`Hn@Y_Zt=^yW+`|d zDvx$1so3YbT~_RbLN%h*iRyuFw|~PUq$oT@ZS`4z>n%h`d)AV7 zPtD5TmQuv6op;?_)9z<9E3<7IR=1W(B&3#7C&N8V$&xA!cSw68t9RObolG+Tyyp6({?gZsR?t?uLscU$F2A2_31^HsJ@X}*jwq(fF&MsEhWi!v#L%+h z{Iiq*jKDwG=qlOKMff3!2-T?)F&(N*Ue!g-dEff7f*g~?9^rlT2@k>*+BaYA5OkKV=x zlpNp3Xx^1~3_AQvTN;vR-lE5uhQxE7nY08;Nc99GzFE1VMSn2}$n|vfI%;5^U&d;P z?-rv~3mMmI$k>13MD(uO=8aDw^3Hu!COY%}+0o>n0rTWM=8u&pS``kM-d*$_D$ zMT+xA@__<=*c)B>pTv+X(m#ozJo!9SKy9R=*t#NEcF8RcO^ftgR8GPjw zhT?veAm)D%il_+nS3{zpDg;7(OVmwQ8$7cp3Qz!%kDU}oKRWb7CcKLzN84|{adcTD zXpR`m0b}ur*y2e^BWclDX&Fe*YDH)fZD-&SicWvd~o?nF{ zv)(6PAcI@|v&nOmM}LTkyujDDyq)dUI%z5)gTo=zIGWhcI-p+ccGKZJYCpWzMy1o~ zk4rJp67*8xqT86#K{ol@-$0+@PB4B@CgSRn$CL)^uOX_qx3%va>6sE>z8swP^&IA7 zm3$s(`^oxTR%AJ{!ZMbFL94CRMHUf^RqkbZ31nx3y+Ul()uN8#(GC6m`ODErM^G*$ zUF_7Z{O>T!EMfjiGUgDi_SI2=WfBA<8AD=x`I>28lY%UDzh1`EsCdxw4gNmP!oPGt zIq@4gOzY92!MC?lQQE^cZ0bFjemwu9F?^;j1Qr`2y!65#3XSe2*t6E#BHr7${P zEsdg6YItRWlEsw!dh#l!7yum6>&OV?wl1GpPL!AAbe)CT3IAeIxG!}$Tp_bLD&TlxvA zD2K^K3rgRQjBRq&r1}qo+-4`jA1p{w{lOqB8tAu!w}Ad+e=?K)8WDpO^KH2G;ha2G zBu;9}1+UQuqfl0#XDh$Xp^=!B^>7#8diiPa>^C@Qk7u|+-=D}{&LcZ%2J)>ZseO_& zK@_#aza2CNWIdeXSzlQ0PsTQM)yE6(DvmlE@U-}iT>T)}+s+f-1xDCFM770J4mI2*L1J?4Mz zoylI(_wgPMZRo zIC(uhBa^=)0i^rbNfuaCeor-#6s1EuhD%O${e)o`C_%6TX-f|}l{f1G@cuc=U@yWo z_)u$|DW0pR-22VB$fS`N!1hx5Db>em04M7Q_rwY5U2bCV@zT^Drjh5_!07}`o?`Qj z<)Am}-SYoPE~2$vK&1F(RhepW)FkRLj9vu^h-!cS)YlXEC?5bH(5$k8LUk7Z!( z7a52WTK3x!@F#J5B9WNM@lE=&oJ-kq-kk%6-SBcOo&zFnUw2<`_j4y^!|e2ZKKC;V zoWCESc4e**IxlgO5LAe7M4i1c>V&3zvpSY{N8XAqLJRGAJhJ_?Y|>4D>}VsLp5v;?*Q8 zEwCnyO5;#;g8wnpA%@{>U#1;J+m^ zo$rRVf-jFuu@clf;)v$`f|IEO|Cd zV^cQBqf|a-+Gf^_^_hry8%PEJ@U2!9-jmnzZ~Kms;*y4uaFPdA`Kv)_@9I$Dj&ECP zB+YW~HD3WP#kxSa=-{~=-ytl3%_`SL7GQzp_oaL6pzU_gcnZP1**|7g&->u^D)kCXZ_nM*sUKNqx8X0<}+%hyv zq6{F#2|>N~SC86;tAAEs?SMMVyikL;+}oXg$@}8Ryo@9ZUSU-8lL~`dQbGKs$7??D zkFj!5M1p;Ii|VC-?~W?`v^qvZPlX*#YUkLE z{H7p1^bK`GcpeFw9G$*K3zakZf~Y($E+|o&qF6+k!%&pyZ;;}>+Nh!hr2bYk>rWt( z4pM(xJSgoasqRUBkvp<%b*@pryjf4pla^~4QBcsQJUH60;^i>AoA&+%o-BPnN#l)~ zVQYp2^CvtRxdhDcp6?U3=1uA52N=VA7Y`HbPQvHdi75$!?lp1Xj0VIa14cr|VR)D{ zR4(S_McvzMgy;5Ea20AWfMwku*^l$aE7efdkB!?WL@o$}psW9j_VbSmi_|Sv>bCNZ zomp7w*gkUNhTLj?R`Qs3So3SD^I!2P8mG2c9yKZJ7f}os4k!3JrezV@I{1&*8<73j zmyTEHK0}|(^vxHDPd{ zag#NX{!jzTV)P2TMAlEpJmk1J1ZaqS2t>XdyXS^lthbI!WTJC1!itKA7-%8SAMDwS z)#`l*3fL~$wKRgY^?S})f{Wok-FV#~^!@61rVaKxkutwqJL?Nfd6B#=e=LMzsqy8dO$f*G>utI?tg{%~RmabPRnqpbr>q{={UJi~ zgpLfC?wON)RA(_DFFKh5@; zpz1ZS_!)Wi59@;Rvxi@0b1T17x+3d}kloa2^MADe7HTd^4bddu;0S*HjjMEi>%;pQ zePsFy;!@jAFCaiSmc@&Vy47Iz*JSC_9WH6$2o2Z|`My8HY~nw92n%uEkdIZ5*ClGb zWo3cuPuJ|^uRdFyMceS`#MYt&syx%)CrsKtx{|n<@gh|G;Lb|pMMoQ;TUdTzT3(}< z+HUpa^%)CTf2}CY>3;Tmh#+G&$Hj!x6n4ielZO_^JFqY%(8VIP5`%7U#wXRbgVMn+ zcx$IsyW^I6F@N6Tdixo?&l#xkm}Snoi*eX4pwQj`QBGc5@`12STq?yUXBSdagIk`|$H$>D6yFsC+Gx{o-{uHN6O{!Jy|WY4@3) za(uOKp$kr^@32k=2;UjrBVTE&iA}9u88B78oFj8k zl_9nB*IqBE@d{Q?M}|K^#s+y_Gu75r%YY&aYjMt~L)*tUIPSCG{Lo1NAQLmtwSgeB zcnX7c%BU&5Mca1_2A{f36zX3M5IrLD^P~}~H&$sIheUV+^NyT?-URx9tjda`7wy1; zRLt}@&)S@*m+v(rr`JL=8fUwWHGcakYx%?{?Yb{l(~fKI%{%=3KK4gFNwc=2DLoaY zKg%sfxeQ&}SmJqBK9AhN+KzHjZ2Ow8egqjuAWc!hXd;mmhx`shS|UeKIs1&5aq%B7 z0iTD`E+EV_`iGf*E+M$Im7#f_NEaN+->iJulx{%}6XOMBRu|boS} zTsKRJsr*K!<97a;x@OHyah5xUg&}0C{a+xfdn|1Ra#7lli;B8!==`o<9`CMOq37jb zeUGu+ETcEJcPE-&#jhdI{DCp4+Bf={;$fNnL^`T6=f%kJ;sbg5f|ijDYXS zTC^iC-EP=NL_o)JDy8C8g7$(dxsdzSs>~=NV#|sSD%6&>bh%Q}r*N+|uvR!{mioXn`%?Y=`B!WK&br9vS%ZWbi59rB zbzX7&X@a%zPJ`UBKBc|vHe*ir7PcLu27&I7Bu1WQ4sg-K_d(VGyeLrIi)S*%o)p8L z)^-}sSas1^);qk&hJGlGIXnDJ_A!AxzScQLo^y7PWVngJzL(!@p;7%*gIw~^U(Ju< z1tz-7#s~>P-9#1LhaZN{SrdY>U=0mS0;b7#c~(D&{SE}z}nzf54YP@ zDw(<~3iH)yi}v_}?MWw+idQs%j}|)BH;V(9Kgl*ds?S;NA>GRaK~uF8|MW_wt30Qi z@AaXzO*~q_k(=GT^MIpET#Y{s;L$a`it67 zvPIaoRRGlCJM;F~t}(+Wo9oN_mV+F}$XlkVP2fca{tU_28sC7QOd#HGKZm^r7(sh&3aOi>g0Vew3Bu*LU=Leh|Au_{hwmz)rTwO*E7Nn&nD85w=E)5 zdk$D@I-}mH2&ga@xLz`jH$V1FAX(P%Z0MM54;o^so+bqpS`r_ZL6m#w-(9!1a1vfq zEONn914*ej+ZNYjzW5`?dCONJtU`%Zx2-o5gwK2j10?1aC`7)2HNGGC+~PoVU@2eG zNnrK(lI{`JApsy|co8xOgRvf^JC~$y#-E?qLO(Fl^CcxrSa4l>p4nt~=A?JnGEuJ;#X{orR25&pDUA_$btPAW4 zu0&ozW19tT%q@P5xlg`4-|#H@eP^?Z22esqD;mr77B&2H;5{gke{2r=pj&v z6Ei)DudJqz)^)WpKMyILugDixQr*?Hi%AT>d+8MH848N(Z24chG=TZwl^h=KC~>EO zHT%)sL%!pUYD0_4Y0r-|-)rb|t!L(kQ-0%=bA?6;;AtU-Yd7^dWb*2I3=q4eq>et$ zptk8+iuks4YqzR?%KbdC2pPuzIJ@B{`nca%DKUPtxUeL*%)g?|lD=LU|Dr$72R1

    EixWY8YzZgo6Wd>4E749>yf ze{<*jOE2O@>s+N%A>oB19vF2IBI-c0rCwCodbzcHeo@8$k^>TuaeN+`N>jT7Nq6SN zABB`0ElA#QAme54kJ|4mV7v~PRiXMQ9_jdqtkv98Fs z7MygIkr0397GL?B>0Az{@)SRJ4=U*g61V@~F1jy8?-OOd8mde4D~1M`GNvfT9V)}a zr~&Pn+nHE#LFZ!`1~2Tsju$ytOtouEz6oA6P!A3LJ63xVem+$o$5smdSi{cM%`m|8 z{&96ND-*eHmZW;k{8=GaR9Tw$&LfGOXx@f_#VPg5_sP&A9jRo1yUeJg7eBC9uU?MV z%N!%$bNRN&RvQ0BG*Mn4(dvjg)V)@04j@1{UZr+vX=-B5$m)@K@9fT+l2dzJ!Ku_+ zyOvgU*!8AYKb*8MQMK5&nP z1GmZ6IbVKgu`QOq)`&tZa~TqhG^G|_%8L!Dz?&fZv9QYtLT(?!$3|xSn}{&7T$_|k zO`2q$#@F8835wIBBhaQu0k{v`T2zD+#DU~t@{5d+r;f-%jYtd0wt#$#8Q>t+<}(K= z^ewT~%HVBtHUZJ0Y$71+c8BktpMgH)^(!!LQGI&&a9ZNFPyD)T&cHe+;?%AuL$t7u z09ZOZ8(!pJdm#c;p5cL*3UCsU!)TvSp{JgJOh_t`S`1J3A-R_ovJ9e}ghxEue(EQD z{Ig+C*y{0b)|)NOSmBhdREJalp^3w;yUP*j=W9S4vUJ0h8KPPRA*!{#vzI*(CnqpJ zRO-B#+l)jhq1*gYqPv<(8>1-g`?o?nD@gxI?^zB{1sQfoN96PBsM$Gl=$O)(teQfC$i6XHFS6f_+HE|$48NU9p0z?PenvSQs%#P&mx+=v()$|%t5Fw~p!h=#F9Le3mz z4tUVsO3*Iino~4J@<;DNlgnX&U7He@Z@U&rD{U{7uFprlMOuxYE9U2V#IKd2I5!K2 z`I5UL@#`S68(?5i*zWyjE#3@hLH2m7?`prHy^z50*U|1g=4CBxcQb{Tee zr`4Ns$LdHJ%S3Cf`)L-WyAkr7$+EK=Qj?NMdSUVy^xtlQ-10!L>vqd2rE6Iq-<{h)Ocn*Yau} zZ|*V|+K+u9B8O-tg4pz^piiv{TYMCpL^!n5^4Qx?jvzt%sK|$Svl6{APv8Y}cNR=o zy!{=t)fK*Zvv4Y>;DP^|SgKi&)mG?Z8~$$^q-G_J2G=p=PiKx$KGXj}ZpTiq=@DtB z9qq300yAJ(FYuY;?3T1imD5kv8{B!@;cgk+^{TX78oatfwI#5@T3_wLmx8I-TB$3k zRCgUfaWLQN>2kD1CQ!E@pTIWo8j~?6`C8QTKp*hDxx5!muyXP|*zY~x>2&5^H$pfs zK8|l|I)|pO&33^4Qy$|cK{v-`)7hq_vYx>q2MpQc$_J5Qgtp~!Fl@qt!+qHhklCgK zzLE-#a~iEM{6%u_UypLxsGn!dkiAaps=d!to=k|spc61&BfO72X?ya4Nyova2yBu` zF~rtfqCogbz!0Cd`Z3(H6h~puA|vkLPXX1CdBzn(+&|ihpsNaI^2;qD(BO=(?vs3n z-FUnlZee|A_1nPX?Y0$&z$5Ol3vS|tA9G{`2qXDSvvqo6OT6;RK)V6P8C%?Mtw|-B zg^PyLz`tl;Pv>CY^OxPaR-y@BKLRU zQjKxfMx&N#^Z>A1GpT~T$bhv(k5^fp`8!r~a@Z_AGUuYeHjAJq$k))P09B`6No(v2 ztUGw%YqKkS#-wccMH#jp>@*&_Mt;Re%AI)c+R)vT3;&Q4aU7vs@BZo;69p;}MH>!E z$N+2mH0D&{CjDu11zw|en263)`~(O8Ca-70-dsA^MjV(%Ms}(e!r*-I|LgZQZw>?7 zHf%2g+QhL;)NC(mKGHEv;hwbB_KBwZW!qNCoB~Xb-OTj0&EN8i=V_(%AuXe(2QF$- z%5I8qz7uaH=P#%4QMq6(+Q2c(1jS1^l$-n1$|F4&1)3O#^4KnnhmVOrXa^8#voBDA ze^_D<+xCs4~Tn6~t8uQ7f{8-G%7h_aT77dVgG3zqMK|NhnH)q-r*4btDB{P?RK z0XBn-8`&A>`RZfSIia|{gj+?8IOee57cO#Bd&;&WJLqzo zLZTJxD4<3eOa0f4i0d>!D6(~ph6-nX$&NfU-=BiFcOI+nQZz}d=Sy4d!z={hEWqHM z9Y=nm^jPb$(p#|eRLSx1VbQW}7;`sb&t00Kd3%4w)%I?m`wy1TluWkT3#I;N+Da=z z;gzo?r>J?3*4SgIw`1F{&b~N&hj!H#ugpwae$le6Tj24Yo%04Hgc<^6Utipi*@22B z9RoI?25u_Fyt^(0NYX-%-iy{jZ+;UTu{j79$1G8zsW7tcoWc2zp*AwFdVK9>aI}WZ z_yyCh3V*XU7Sg>! z0w70$>T*Fb&2Tp}9kPQ5o)s%GbBi~61MA$<9PCTaeg?JJm1wIVJ5ojY_FrNRs?_#q z1(eO2!za|~ij36AP)_R}r6C;b#{-XrR%GRfmt#14fJTUc0713_`k;RwN1B5)>1SWOtyd^XGv?7zww{EPxa4x5J78?uF= z|FH}kIGmQ6bcF5b1OeNe-^byh3hqG!V%B@!dd#3?bI-P=-QRwe;Tt&hq<_21f^WBM z-vTo>wWR&pOpz-Cwr_uB7vpBNcGY{N5NK*7c#EJhXq@7qO`sOuFPGGBxWf zv>OpDh0Wmp9|ADy4__*u1*qIp>U6O~5{nl~1yop&ta?4vU%PBZ!DXIfA6T2?SjgQ;0R$kP3lcKAJYzDxwP)8}HvJ8z2(=VH?ytV}pS=q|Jo5F#ziQ zm2G9p{sSLQucm~MI-wHW*TfL8f$*7{WYT4&lp#GOG?Kmv80c}bn(pj0oS#Y-vlCGJ z@DJP&XDmagH&m;lRDvlDIV$$Hd_OYP-0#Q^?M3yhFzYHi#l^A0@tNmC8Ny%C03aw0 z6$g~hf)SD-*HD)@@YyV-FZ@ewcMkcPj+j2_`BqF!b8%zz3@6`%v7=jBfrFs4Yn7~W zFGcY8({<0a(^E^KU%^O~`jKO>b6ZYn$&-yCNu4z}N^Q{&zc3I3pR8EF*;{rQ8w~}C z>W~>DAANWWy&@Jp?sj&L{W5UF50H5I+x?EFiL%vb)v)a#Q~xX6?|x^7{qnXWQ-=t5 zu0Wb;-EX$&;ZhAPflv%7ctjh_k5eYt>C5=sWvwyqlMv)9&_NIJCxF2H5Pk;FItEDpjEF2r zr3yi_2^q&*a?@|}I8Ai=T0Svr91OD)&Ev}W*v5Y=YlGuI$gGaiJ{>~6p`1wu1d zS^@M?Qzjw>BP-J^(wWm>ou7*Ojr9hNLG>=2MWeo_Ppb{gR=vndHBy2VIAf?4z76v} z1AwzTL;NRO5svDU6DZ0|YAL=Tz`GI!P^f73_Na37qX?D|V#@t~cjOV+7fZY2EBY`) zqJ~*;#jCQmV>v<0^6RIu!u$<+Zo0Rz!v9qW<7*yTbr>tikX?W8{MZ1cB8rT~j1y(g zC1Stn77v#2FX7R~4K}VWf{7G>U?SjuV<&z&8Y>*sg$tN5rYMb=Lf*O6+Th`M6?)~; zcN!M^@}beaoMDzBrlu=)x1N~Zh$A6oJ>OE?Xtpdtn}vL)t1-NzJaThc!;ijw#dGSd z<~pqpDJ8LJX?8cpKk5ORAlZ{u5_1myD(9Fxo0yYq`V@%>ui188loRmAcmL;@o-=ofZX!sFfUGE-bWR2s1(cVb#J$x$Jqkn{n?yE zvI@SJrxg!c$j$`a_nTF&nen3N-~iUTC_Bl!Yl<}ub(+lo$JAFqW%WFND+mZkr*uC^ zN;e3Cba!_n-F2lKq`SMj8$`NGy1TpKeboQg-+Rt-IOnpQJ9l>CGqba^ONO!O0c04D zeVttDrRb`eG8s}o0kjGknQKpSyKk-n{C^n;r$PxXu~rnBG70m?@(tf18LX9TS^U`4 z$Dn~>>S?ftFl*zmf+7!9^5tLI_ql?uof-2(ZQ-~9ZN%0?6bl70lBu@H#2%pu$0%+L znNpRF^Vw@~kGtvjsogt0^tgl40a%0JuAFrOb%GpDj3=1O6V? z^a8PGraaC2+E&H&ZUpt`*iEO|ZdMS(@@#qJktknBqR&i@d-{o!k%Vxl%uyV~k!|k> zE&TC|Y}-0E$p|3};ELX1hM}@Ka+g*}NpLl8w7|EdpdljLMSp!(l2YPu4wc1!yP+6* z;b`@9<&ujO=0GFaPW+*qs;?;BPROTs(u=C?)^0!Ep@B9(V8#<@xih-k^C#?wAh@2v zF4hijIFCHpf}uApegkL2^`+totL8)q)>|L6UVp48FTi@Avkh;>{PdBAOLG6KZA`>hwT5XTMrQ*wI!ymFG4%H@euDy?$bpUDLF2CA9TFK>%*y0i|R4f!lo z2tL5Sf(7Ddb3Za7g~C6RelzntR-gi!_rbQexpks_S)&maNUdX(F`BQs|b z@@-ocV%Yz-l`$Gp?&LtRrlafFV(@XbN>o#^<&9@&N7&*Y!PD>dlyJ{gMPiDIOW%yLQwH8^;5P~>@ zkK!JMclmabn-WN&v4~y(D$J-(94_O-dQu;dn>(8aHEk{ZgOie%VwE9i9*T*4Z{$5`!NyFXx2y^ zsnN^Laij%qG^%vsG#hIazV=Lwmqt#F`$<8vh{5j#MNee*nBQ^tGkmEgJ(02{%ZCbR z0B!MpoL=gGEqXUbQ*P^;ycrv=h~03?3x%jr)@}nU;{dT!dYNDDR=4#98V(`~J##H` zUNkPCsf^IMZU4*bnt<1X$^78{H-8Oa7xqwp^3g1X71#~3LQ8{xYw~g`{kTJl%7%Ij zFlJ*DB}uyNLya(=jdpeI@Fb4ezMWp1v~Tbbi&LO4j}o9XXqB~KTB0)467YO{h?6R} zQd&Obh>Fy29Ln^pOu-JkJTfR{FnwTvjQFi=JOOt-&7kk~I-g z!_h?)c-|K5N}Yx$Ck>&W~<=EAT;>0d0bl^oH^-B@dUk-XDu_6E$OEjxNu8_+XU5 zZB=|G?Wv2M%t=6Ft*lXwJpPWQvv|3%bFcaG_DfyoEAbw~atYL@tDJQm0GtKGeX3Ac z^v_+d6QnAe_ne)O#Mp}zwa?bX;HW#v9=q%U{H+9Cv4b>;SZOf+ht0-EMSH-DfdPhQ zS$E*vQi!K&o}tp0qv^HsJ*gc54Q&BmmY&;){?3?2US#$ zD}@;_hX62(JSqm}{S{~G1PzZ0(h8fy1DHSej2p8y^^s4W7wEEk>Lk|b2O{8u|M4Ge zgB$NHEIFFZtNM-FJfaIr4C9eT+*_}m`5P3U_D`8CtDB^Sj}i)63Q6+E z#Z&Sk5y;v_Gw>}05xSo}DxRQJ1BQGWZtnhwJx+FR*Zou45}>{QFKgD{2rL&r4Djud z>D}I)uU^|?jG8+Z(N`O#tb(_{aj1;!v& z-8Z)KQ*VdNdMkpLgw{Ek3Ze9Z#4}2)S#j;$4XWYlPt)AsON*m1SO|Qj@o+tzj!QMH zM2WN4QMq5Z&s>3)`XBG2FuutDA|!TejGA-f0p9#ou!0IcZ~m;gW}4orV!yZ}70S1t zG2Z*5kg%Pe0`}eVn!}S8;wfI8{!b|XlA>uGcq4>sEv$fV$yQ~;=a~dw4ukmK9V6$W zq=kLn$B#j3az_+tj>?4;6rnBdNVbun13<%Nlj8~x=8v+xcPY{3-((O$c5xA@0H4(I zE(;4VZ(UpKV;Y7&cYjRpI8uwmD!|4hH0G$-_+NRRAi)m1wN~=Rry1KTz5J>;16@!p z@1|p>30`R&2A$N*9Cdd{FANeLf|N#<=>Vq4_-1a1`@6E2$LV`%z#wqt@!B>;;yY%U zYmA5?5+SjV<*|zR7^7B()na49e6sM(&}pgYHF{E`mn3Zw<<&8qRqrULt;c~!a>)!+ zz0y34Ssck;SRr+Aa#@UmJ{@ybPU+j`9+p-b-j{sUsA!&mmc^Da^*kAAU&O+K?*#lM zJlSnFd0slvIE`{0fL9oK6=8<2+QEDAzj3yju6__Ct~j`f+Yjbak!lBgRj(ZqQn>yc zii*fD6KU$iT7;&0Km&NnzmhkITHBwfJGJk{!NS8|8ht0RiLaUgks@r0dTAfd)a6^; zLd_(O{dt`(4aN{Yp>w+VAmTw^!c8ap+aUl;R;fBl`RY0!oLs7e#f8HAMY$>x3c=r9 zPdXVY!*=S9mmKH!I2LjW;3O^Vs%fFW`aSF4s|74mYMUFT>0!1;1@5qWVTe+GtT?{ zMxHPax0jNf4f`f#)EDYV)v^_jIvf2$_ay4f7pjMC zF75svJIQiZb2jmF+s?Y2y?c=E4Dz$oPWJCyc~ITyIL)(q17v~I&QW@ZEmuVqkMi8) zn>MsNsc*_((|}Ua?n#=>$oqFno8Sw_R)LT943V8?=KpgV1}XFNE?>>eRR_s!1?O@Z z=c9^B%Q2<^q{&vLCLw{qH@%=VbL4Uq2FA6Bv@G+CSmweX0o7XdTo{xmZj;NxC_L+n zw|n}vF^sDUS@_SXy2Z)>3qJA)18 z+@gmJ_di7a-lSBBuhkK%f~1bZ4eeyHM4|JbHgsoH%n(mAD}~QDaIyeUz~LwNN#XPO_n}-vtdAeI$LrSu7$Q zb{Uj*`Vyq`L@0is{Unl4Ux~>ur~6?Shp=08N5!(x-X(@_^L;X!PHNSqP@IJReo##3 z$Zyh+bt0=ELt^lQMCNL1iI}~SP4iYh`CGAlHy5G{=3Y5%&J0&(*CWpY&-s^wh9I^k zF%%~GM7{-(@5CTwH5NX}kK3OnqPpWjr5~mzp$!*#g1(knkjUhM^dJhzYCLsv7(dO}rfM@p&SSXsJ)6Mun?kjPp-RVjgaqv)K$6zKgrCkd^z2 zIT^#Z(po6;<`C?WuNM!1BC+wf#4vdU&je>AU`2t}Cnqbj_MMFrhi9g(72~`QgzK>5 zJEGGKJr@ECjFZZxsJWNxADR|yQv`%6#U2=^g4aKG5R`&?Z*cKW&Ua?;Ch_J50e z%)VAjD*G5N?i95>uv;c3{li{al$%#T*?S81iP=7Yk6Y_y3)hw`mKrsYQF`r`Jj_{w zlZAx4lL>GO^MFnoDj#>2zV;!5j~_|u&~B_%$+3~&gO zhDnodioVtjqT(j37~KgS6B_Sd6!(G>UdWW6iIZf1p%-$;`G(Y^tPka}<>atT2lmF;bM`Zg zfI4*%!naWXPj=1)8a&Y;eeAgCK`mc0|AP+$e{_z`Uss63N05Oga^y=}scCo~>4Lnd zw+>0_RoL72n$xlfOO>Q(3EdqNs{d>Sa(9aTOyn*>ZQ6*%WNfdSZmiy{MOY9S)>tCy4J@#r4X1E8}zX;r2 zF^~Rn+2VH<+ll-n1MwzlJfN|Xj;qKr6j<-QfIg&Csu>4vMK)5+dVHOEX!Epx%Fn&k zoU%Pvn&V=LADRcOSn5&SKPX%lem^ig3VZ{TU(l_?F?UOWT!4&|pWLO(Khv?g8<8C0 zDdoU##kN<*IT}Pi2Rl!C55wKtoKC|Wy)REjxUveB*R0?5Yw(5$%dKi8_7JP_ifr^x zO7guk7*ni*F@>{>2)c9LiHcSrUN2Fs1}T0c4hQ!QfWL6bGrd=|?mJ3HD4Qm zwj>s{1LvhontRXg#rB1*#|vbhvE;6u>DDBqTgtjzYx4jM2}ncJ(BH>BYD z%;3WgC+2SEzT-f4@GRPYJ7s~kQXU6Naw|%KwuwI+x+n>=lh-NZS;o3XK^hvR+IMN# z@U}1p21>NybSeS>^#Q-C{q*Fhck1sq`e*hj=FR!E zU3e(qIK6 z7F`mwJe37eB!BveZ=tp3@r>W!>)!k5gEz(7o4&BI^cA#-i%OZ8hA}#heQ)<^SVwt3 z5+D5}JF!N}Jm;Y1rYehTpslwNpIz<>Qu#@+j*tDbcks+NL#8^2{-TLxDflEN#;G;M za>tU+z1s7Lb&x!!xH<;EE=B@gC#d{zke0N}6;-=}3EVk>oK9u^VE?0y=w(%02&z|9unCl$e5Aw+ZDG?2QdwB^B zIfNtF`Rahme1^1{^7MPd+X7+kfU~J@!wWD^pc;0!5+sh)_{J;n@fxBaZkrs>r^({w z9mC4E=E{aov>`pNU5a3W0O;v3A(e*xt}aDo5)B9L?mE#YhZSpUnj+6{8hkP~G~k9u zrbZ^ddF+_FYgGSRV>J~ z40s+^6rJVi=ZX1A{W~IPXfy7L6&Ge_=df7X0s2n6N&pdtj^<-5kH+0`t-7>6++Q3B zZ!V#!qQ5W3oR@YiTT$!!pp4j@nx>j2d=is>}fJ0`qq6 z5E|CE=S>R1o1RL#PA&C#pf$s1NA6E6*jnyUZ%6xE+*syRit{*?9W7~I*x4UGIi{27^)B!xDg7X+j-iYcdt zEN5>J1}D9iAXGB{CXs;OeRKP~l z;2{K}*uV58NKq3v=qqjAX@@()5DepwslC#nMF0JRScjMpnYOZkS zeHDUic#>g3qAl(9_78Dq2-L`$Dqg!{=z&eM)3~w)q{9G|<2Mta}YoMBDWCF=y z6>DbBHB)D+g=>5+KQ{IfnvN3la1uO~@iZ!!k^i~aH&`G9duqe!5@Zb)Ta$1m=idwb zN(=`Zua$@0!S8JsfxEPDKB>K<8wsrrM~i*5CHe-+)s7&h0CbJ83;pDpY~;r!yKujr z-h$IIdWnpSnR{t^kuyNEC8Nzr_eiL$Psq)2yQA}t=fRkl+^^tRlTl52?1E$X z&o@(I-I--aivHNut|PhLLQovRX3~f{8`e@G z>R7B*ZcpqGLY+#7(1c&l>AKc1wYfZ7VlVR(^{z7f^Sqk*hSnIS8!O+bne7{2C@Au{>tbee4Y2 zLv>ZE!O1W_;frdCf;KC~{i$muBHG*e;6`mi*l6Eqe{EE9|5~~V38nr)iR<=Lzmh+! zk2J|Vi5hKhgn+>v6=GY5(|7&V*WUwc6E@$x<&~*b^sW`FaD<&f(eGKEyj@+uIf`q^ zwDE6+^;1*i>`vdNDYoZwi43M(cip@J_Qq~#(X26|Qno=A**;`fg=Osx@y9TR)xZ1* zifbFhSWC|a>YSjKpFZ%45<8n0cdnb8L(vz&h*!>c!c%oIN?^C3N+uLFHR-FcJ8N=% z@-J`h3lhNSt->q{pC(6zCvxVORe_zM>YOK65e~)hQQq-!GSAUH_x}mI4C|l+fGL7H zS?Ale8J2IVaPN}RPoHctG$0Z0eH3pg;p7P0LNd6u!0Vab^Jp@a=+&L*yD&rDTbDC7M{&~5|ZW%|86*39BvE@=OQ9j!`>-?}I0dy?la!mf*u3sUitp+?9@A@Z9c$mKl zeR?1Ns5z*T6Bk#UBR-5?JWP_2Lf!34Loz6s5LkyS8?d_9j7h{c@h(T*^Yd)!x4_S@ zFkfS6lB*QIF^|{5XHYUgi8hWb9e3!*#R(9iK)2~v$9}fe+sHS@g%_S&?;%UOU$M~A z%&2`QKf*pZiV;;DwdVw+!=}4k+Uy#OnBkszV&_-Ujaa(b~}lVd5(&p0{L8y;;ST@t}B75{t*J{b5Z0WSXb)wd(bi@p}p~+#rbI z%g>`@4hZixB^dm(i~6P=FgTJ<5{o1my7WQlY9!=c+jz;v}$? z_8AFGtHzFmO2TrJQgSU2KD#K#{y08s+QNG}fnr5a6&0%?1Mh?`gq*JpfySB5gsTT0 zMENdQu_Xk!i?$$KVxTwdb$XM1k2F)2TC_TW!Eddq0!YI+FP&IHG=D#827+ zQ}%91wG4x^56P#@^q$|KP~c8|zAB;c(`yab8M;nRy^=l!)=>rZZ0~3`W<+^ON|)&R zPeppE>{8V+Z4!@`WH=|};|T;yv}r4cJOpX?QrKt70Q_tp2@Jh+LY~8^q1DDX++F;J zbRkVfJGicSJC=Tz++*LoIeCdw68np7M%h?=bRe`KJ|#!(D+enKEx|d7oVfGS9B{Mi zV*HhiTiR~lGup^@Au@gOS%>fX&4QVqi}B)?t|m%CiefSVTF6SXJ5L2*-}%qi&&dozAg{al6d-PQ;p~Br4~L5yeiy zreYlxMQgJuZ=dzu=59ED4m;gBP|_isRBTpc>QZF(R=y~oHsmv2%v!9@5o!tP&tT%? zbK*7@HEx&B*4}MroUeb>2U zLZl zv^5>wdJ8j@9D8K!@ynC2cLrv&-NTaj;bWrp&!Bx#f_saV;ONdykcnB)z2uC3Kev48 zhi{P0zgM7BndF>`51Q;KB*$T|6@<(eW40#4Pdd(XS*#uFIy3(gxcPZff<3}*zKY#boY|V_uc~3U zw?IoRQ6Z$1WKMM2>5V6sK$Ybgx(i5LQOv1MO`KlfGAFzVf>cpE9Z%VEf`QM60a@;_ zdNydz572Gty};{oCN4^rg75wM%N|`d5+`}_P0J#|VvcmxwJ@=cqB!t1V4@d*ksIn=C@KH9BlCpTea*cwgx0Aq6 z)JTHm$+OsTrJI5nJ<$m5jKV7cv?AAZ~DE4NTtxcS4V^(T| zU3_q_qQ#qeUPP-(kOQ8c$dQ}tuCzI==-FwI z6ySK;flp1(c24x93hAqszx?iOn@oUvM72xC=lpPOobr4fnEPJoO{ij0AekTHv>0mz z5ux--QA;$v9e$`VV7qX{G%4Crs(#MxWUqV{oq@oj6QyW%Ml;`-8Lq;4BHss1UXe`NyKnB3 zp+v56_Jt{66sqk8)Sa*>NG5pGd{xC82hTzNi&H{Pw4QP-WA8<0WK01;=@QSV+SAUH zWl!TDII{LaTXL&>c{t(8{Xy@SWYtbqGNLugRyohKxk1fxWPYn=t|{CaZCIdnf|N(t zavPX-kABw7+tC}Cb{=BFU0SP0d*EoUI`R^!v6*S%vr9=lWre{>0rQMGRRwr|MZU!G z_Y-W2P=_Fh!D~%YU|;Qp-pXnL#AdVo&>qV>7tOP2$E#MKQxx^Xl9g~bc~6URLGIV) z<4tChI;0(=a|@IH+nvbX?U96qR}|l1*}Q)JI(r2x`mvrKdNlNj?wP8PT(MuVy~@q# z0QT2&xY&MKBV8<=M=_OMlW%WReC}Ns*Lg}IS90~xfgI!X9zfX9F;NAp!=MwCRI9gy zhCp-D@Qz0QGv&<57Rgklr5S&buCmV($*rfh;KWr=F^wmPzW(g#^7KU6vi)MH^TOED z<5W#nm_D9U%^>K!QXTK}is#KuJ#T~U?YQ!^{IT0s==tLc65Z3@X;^VU`;)~>x1D=i z7Z=draK+jF4Y&_#`lYdRy3k7KsLkzshu=1@>)_15R+s=dTo?8vb?(q%TJ=3^wFaPp z=#TK*s+G|n=*8(@r#(NePTciO0lIbN91AVbry96NlJzx z!G%?RL+D7$uR|E47(up7ZG&lq+xky^PT2bV+xOL$fHK?6%{Q7nL$nUP4pbI%V|ZE2 zi*RvFCYCqVJ&}f$&E}curG}uLIi>uDaZeI@(tC&6gKJOpHIf^ zY9-&V_naP9wAEt9F}bWYBJ1j#>^`3wL3gj)2ViN_QhaVveRqYy^>wRpZQBXhqF*~l z>A%A*1$saO5f|3aucCmFFsTC`70(cQI45PS*>q4}&y}{ShI`~AqV}^?G}E^Yqx-D! z(=K&6>q)KA1|xCMJE8`cPu3UjywyMDSz@9Lu)zg6cfCz9#mpH=8UD4n6Yf;Bc#&_Z zn)>nEYM$Yr6-M)?Y;fr%Z%D-PhTZ5pPbvib%zA#XVNHH_cDK_#njzF43E1t4>E`B4 zFV5qgP1d469%E|<>YX|23ZM=FkK;qc9b0c1ZguVZl8rf<`SL7#-lZHnQ`Om^v+9z8AEFXT1 z30PfhBCcTXuG!NrxKt^|JD1DTaW4a^Igo8;uU9lSS92q7=slE{%Gbz{k=SkX%zf(j z$e}onu0qZ0?C~J@Mq2_aR)&ofA*DO_vXy1oxqz;GA--ON=xz2%C~ z(#dLZ2n^OTmPYNll4t3;da?RTqw)auFw)}7G31g*ojaS>l6tw~^Ppmz!Gb*fEK6XI zzlIAby*BvolGUl(uepXVk2)x|bA8cMZ~%NaSk!@ z2+c+Q@)S}dK%O0Bn~`Ta_of27LU4FqmafQj*{0Am&tE5oP*swtmgor5wpX6BULDiC zwoUbG$JNj}Ml(0ECG-fr_T$>&1gE+u z(3AB9^uPyLd5}L2%1gGkibA=k_V%oo3EC$0;)312kbzad(knq(OrNX`SSn9v${TNafud%*;YQNzzbqApx*m#myVy>Oj5x zM!x%=hMz5)>?&(2Xgl%bJ7p5bBDrmgHE)Q!*oTXzq!vgT{(sy*35?5d(um6dbKfc4 z0v2afi}tnlV#OT}nu{+$sPVFSoydp9^6~|r@@viU zhp2@8Wk9|teUsz(v@6|`$Bo4*8dqk*9Ne$3i27G+3#D!XByOK?9{mvdFY$X{u-#yj zc>n7YW=R5L1wvH@o95tK!yk!`JG#%ipU#m%x&*(5Mt`}FG)+wd2$bJw3jVYHFm;sh zuD#^&NjTnK9tNsoQ(Yt`qdcuI&pTU?uanTbXH8v;DQUTtN4=>}YFt*AHn&&c1u#_( z-^wBp-ePvm0-)H}?5M^QN?&K1T`yQr(mz1lb+3mi52$h&;@iDUo*8Gf5KV!tx-PiuuB%Q@%=p(aNcr?gN)7!H_oR`FT|_2Os{Bgg zu(#^=h!3+Qi+QT+C#0$W{C3s?*43w%hRaW2zuolPZ;yZF=6btq1hsZgp}Fs@(RZSN zYEzx^4)AYia~1_1bPaEtb7t2sj)g@4)gf1l(coU(sz88d!lVBoq+x=_z;+NzsMK8 z+So3=@rEbkG&()`l#Mpupc6>Nk;~V*8FYmMrsc*O)wz%u1-860TkbwoJ5c7G%mXC7 zsYYd=XByO#OYfx6o0jdR68MtMENj7YYAhgB-l=369eu)3Z5VYL0VZHuo7p9y*I(Ox#$P(=NNO zKkt#HF?pMTJ)&uZX1HaJ=A9a2F>a~_G&^^U%E*|ejm5W>771!n@VWOk$Vg`#}c#5YWIOVpI?ptQo z&78Rz-K-8w`-HGvYrDk8_t9Z-O7ddAETsd#JYc`DRjf&9LYG^%Pq5Y57+9}Od(l;tJar&zHz)N z<;%oYH~kIs!i!f1#5s_-2Y~=i!-~F0xQT8g(eiXbJtrbPGOetpLz(|bhSJ@BvlgnJ zSJ)emN?CTPfi>3pwC!d?w;hd_ z@{(5mc09>&<}lfzRPCXnf$UlCzQ^YPFj>mKaNF;^LK-#;LgHqeWP>>=5f?M~qb+;y zUU4%KIvcfhGTAMav56ZGt>K9A){G=DAq4FhOsSK4?byN#MZf-L{6DbyY8+s?h!|u7 zTY09ANFJt*IdFtDL+FIm?%WRdLrCKoxVX_nYAzP2VC!D$L0VyWub@)6$ljqP*m792 z!Z5M}qeLGb%y73P*g~=BC2Dk^BysadZpiot0o(t8Tp5CCOSC#2rpg~$g9z-#Kn8_v zCvFIjTYM#uXne^Ga$W_J|FIE;{@w`8MkBBw{ve!V0}G<@cUlTJc>UcOpYtV&eO`9A z+62U^`d{vXclz$Pp2mUo#fDuimu5+OcB6QY&lq#8?a$qFtvzz6cca>z?JtjEM&m!Z zMyn{xl$#&V*F^SmPtN&b=(~^6XR*`+bVBoz=m8RDZm8Ja>K;uF3ek)U0CZ@6WD^w{Y=D&cakulxRe zS|ET(=jrAI38!eO%AMLG+oIK6DZ;|N6C+#BEy#do{E|G1boVMJ>EL>b>8_n-#>Z-= zf>LSB`8pyG8wM_EubHXmHVQ834|zY?WyYxTLT!A!l}wG?-2&W0QT)uMnA7t{7Lk}N zi>+0K&^A8tPyT1L^)(d69yb8FF$n~G2h6)xjRFereIM{WRfp;k<)c+cBLa6cu}6<- z&-Y|W0S*0f?)AY2L zO8B?*c|MTef$QcR@%Kl&O=v?K{IXyrS0nygaJ5WPK>!HFi{~>k+bzg+p~osh90tcb zu)`BXjX#}UX}qFdsBJ{mvb(;W$TKyMWv_?fPjm2xBwg4CPsk0qXJ%b4<2k)7?a%~a_nE}A0TjN{FlK0BO@}=D}h`cUd1L(`d6t$0U*IDk zrr&>h*Y4W%1F3oRM7u#F)F4?->B_Rio)62cw#63QJ%IYIhuJOboz$^K?xW(uG5kY0 z;CeC0REmjtP!L;OjzL{Zput)FGB@a#SQXFLL7;JG@REBI{BR9m@OteZ9gIZsfB6<+wErqWB<^y&W|paJZX)Onr8#)~$S7$%w)o=n!A6d8tJ|Xf zKq82cgIS_GamR0bD%~6vR%Yg(^AjYYGT&^7VF5e8NIX^5=4MQSfwaR%DxTKLY?YQ) zF^YDe6w_+$r0(XVT*X#C@gcjA*^8h<~dPhucyz`O@x(hv? zU8Ai2x!KzqYu*zvF{Ap%wdlg(dRdK0EL!Q?TjPDi1f@9iwZFuh zLN(aFX|VmVIUs5JQ9YR@Zj}GzAxm1Pb6d*b~FP|`4>N_p=fg0YLxv3 z?MmS^yAp*?3_7r05P&|5mbrx(%~T)1*Fo6G|@Y_C;F>ewo&SHq|^1++Q)a)ym7!*qI&#` z4$!m&!8LNpuj5W<+WVKN4YXf2Z+_YQ(CN*+s2zgOON@4rUHx7*$VQW&#4>~eqc=m{gnVs!P zRZQ5JE_9T0uJ3zC&uYi&M|{)CrH!ZYSfXaWHr>TChaosO;Yw>%!(2UdtcMQ;A;>V< z>$}#JL!Q@~W-}azs7w@v0v1N z6mtBSLVEf~nAI~(jQq|Gv3Rx7FE5;dmqb^23`s#q+M&x2x`On3zJK{diesXWA^)X@ zA9o|$Vm7r&iudQX70_Kh1bZP{_xVECv5u8gcGa|o0iuTCU+k16^c8HOS-}=siy$Dv zA}~?y7jRPSBMwjzxTb5CpkHh9?mj)QhSB?47w?e}RRDcpm!;q%#Cl_FH=0_;p`l~*cCdiS zP<~yax{)tmGyQ=&NdyY>ACoW&6>9o+ZBz~Nz#UNKPPUS!BF)T*+g~qp-h7pf^n1Zrjz{my?s=2JUh?!W~*}kFD+ca@sh&GCq1>CGPgl zhkix1C1e|NS9!pTW#wS?qPpksyK+%xoy^t!Y4KC*jq`(KsRZHfxo{lh(xpSj1B2#- z)Snc`;1?Hgh%x{UQEU@GXz9_vV-7H9Km;FE61cr&3mY( zxPL1cn^h(hAwJ6p*3<&-stH32FX?KrdZP$O&)8u{)_Trq!7V=8P%(nIQT(TAVP`D$|mmkfR>eF6|nlhByl-wC{Ps`O6 z>(XJJU3%*!_YXJ(q!cKOZ^#va5gW&5_@Qc|+ATOB1LfCYG@C6~dXK~L!D`rMxNAOs zVL2bhZB`o9X}da{1}8feKI>T5zbT5{t4XwvxO5^j7n^GNCcTV|_^m`nCrN!sHvlNCrbakiQc@XYM{*XgU#}!_e$!t)b{Q8?h!aGy8 z!~3-3R;tsKe~wNElLzFgkrrK;NeXijxdqz5IAHW_B6K}U?Keh7qq5pneIWmlUnWhul!{&;{-3rgoifO3>h#W%Drf zKQ$INlm3&!pIfj4Tj|dV60yVvd40&QiM2MRQ$Jh?@YeDI)^cK+y<2F{Rn}qt3QYZJ zua89kllBqhtm_});%>j!_??Xb)_}906IN}As<+e7&J$SisA2V_<1LsO;NDP73MK2= zi+YLvRjlk!I(py%?bQ$Ogos6m$2giE+HFs3n@4BUc-zqmBN+3qfl?*~NVh-C)+Hq<6ih(T? z_D?KNF%(H1HHsn&Gu@nBTmkyooFIjb9(T1v;VweKAP$9D)S6i6x*rUF5`CM5|2J0o6ga4z9I4CMmUrRVo+DD{hcQ8Ot-tjK?B zi1thOI1c)OzTBrnWDS(Mnw)ojPa#-6tU;HFu6UfoAVuNwO#GpShe0d@hUr>{5&$& zrqi0`wLA4Utp!1&lTAA5G=ZcvCJq;y_aobJ6lEv5K~g9!A?HWW;JZ0IcM=6cSDSMkQbw}5 zxbo{x_-yn@#p|V>C-tYBhJY951@}Y2frSq*2i!_^jwB1qBT~mD`M3+9?LDdeAyzil zs`oDwDW#LRiPd-PD~|k$OfW~(RzgMLr7;$TAK!SRawTOLaJJm*g_M_H^`yU6qdsc^SVtAgP=X?iwO&^IU|50N@0Vg)JTD$0$@*c<6#)$n| zxj1Q;5l{JO{eeLng*zhMh^>s|yRXfGM+o?~OGBj5!{>*F_!lQUEC$E4h#eQ^bCe6| zfmi~|_AA+H>&ZDJtY+F6^P0>AurkE~zqyzINr1wYB&@(v8p^SX(tkKI$ykM%YZ=37 zuElI8BDf93Gle4y|cDz;>`UrtQ+BkN@EsWoIOB;gtNx(k9V7?lVfE7<#B+!h6djNW-(S8 zhtugL!8?gnY|}Zh{x~=ZBIL?!+6XXNzn}F>pd^elr#|rSpAOUEGbTexB{kZCbV8wc z5sZ8VlRDmnNB$?f7ztjx*ig_Rn`w}fQ$%nQla)?q*rsOQ_VADq<;gOL+;`6!Azw3- z@r|tjbRjxkL|Supm~udkCfR=Lbdt%PqpPc?^=^2fwA1K$*X3bpWo5aw!(6av=KQsl z$A0okyZYgZUG5Xnfzlh_y5n3X2!t4$VuR1cTP0+({v~54%S4h2Idk&~JE{?_|Z+H}Z zZ0RwxF&^Q>?`cxr_x!c+vio@C#Ah1298vFBQ5~DMsI{=@TH=oV8~|di_iXi`N;L#% z*N2RYR<`*c>Q$wN)#~J`4CSiphQT4EQ(XH``qXEd|v)I?6vlMXJ*aJniYGmbEL!TBzs#A$L@(vSeGZj3c0b9AtA%| zV&bP9N_U^XnAwuQYe3L z{6bUPrt{}scTZ#}hi)rpJXbfWvz?w>=x~T0%rO!A_(5>4=B@D?9Z9s{^NI)2*R^BI zlRBY65Blx#>iQPGxHzR_E7CE1S>h11yecj2)(%h|MCwI_;h6;3$DGSD4riE5aV7fQFsOA@~f-FY1SQ8f`& z$mHvP4nzvtP~g+q4@vCZW=RVpN$AgCuKLl;uxNOi5k=l1#A1}Hm6yno~-;!CXfw1;hF`7gO7H@XFsiV9CAjz|*1(5_MvWdiTzR z^Z_}W-Agla7Y$YowKNwsq4;ak7E6@gE1PdK)LcFgws_Z%FMD_|Wg9OK8`BX&8`37G z$&C?pD1NEb6d`}A=}o|yUjL4h!liYuKNNl=ZcU*uKyWY_<;3+# zxsi%lFEMQ?a#Wis>*@RXR|O|&63BR-i8+wW(@n$}EtVc!b;*pBW^7~3-($Y{V^C+I z<#lm;f30AJMazId?^t<8cclA3p7r+Xx-AV|Vbj{34E=oyM^KJA@w3-1gwo=x^5r>2 z#;aD5LBjGO?>E~yunxU`38%sXxSks3Txd2dPYo=hlG2z}8{}CAUdffkqkSCoHD(_h z_)CQK*N%qvqb?lVMT351 zh_KG=AJ(wkE^ip}9Z8uJ3OrLLT7DKf)PA04P_A|B~7tCZi8B~~htL+kL z_O1DM!l^PuxbsvIB)BBgnek^|^h}=%^J=!=-tw~QSz}Jtce%77`jGP*zH3ojHA?zN} zN*d!UdsMQyCMA z*~7-`{oaDlI~G^7l+33MxA5Mbth5Ne&B26+Y>QvEit_>%+r)(!$O($Sw7hpr>tA0l z(wbCo=kk{*Q zQMizr=}mf~=EU_Kt%j`U-JR^)`4@~LM%~y?o_JR6+R(#7+ZuBG6wm3eIQsb{F;XOT zojoXj*Vz0}>hou_zdsLVAn~sLoacRA_ThQYAg;5}&B_;MM74_YhUk$efx78^{fwqn z^$(0JGiD`R2**4=Pnq$V>SHQMv)Q`l*EGyDoJ=et?pG!^f4-EZk{ot_u>c>hZ_JFk z)<(8=U~yYKXvK`5)wJ-=bpF!SZ36Sv1v|TWygdxT@W}GUf8VY152G1_@3hpYu-`hb zYddxi(!av{O7FB~Y|FC|?b)@S>(Lh)tIMblTrDf(Y1;>geke{&LR|MbkN5^q{OQq3 z!-t)D&w8xDq`0`da5Qn#@_Aa$X|x*8)9rB~!OX=*hp_F+^@kMVgqJS+wZdtK7+f6j ziM=L&lNo0}gFlBXk#LtawBy{ zUzPDY;;Z7vb>S&?rFHT-^Ba}DO7BQ=yt+SOX7<_Kt*Wnai-f&(_WWBDAMovrO!hKeK>479`GC`S8umCpc@$w>++@UI#F}oqWv9liW3kGLB)?OR!Z$zxWawQnL4N5L>p-vCztS@rDomn1$(cNPwwXnvkVG zRmN5pG+p1Kk~I~lqSR-&&9->kXu9f^^%woO?w1XAvNf}76A9%_gQQUT(L_(hfgQt_@3&6sBLyZ1tt}C4I#84m;1_$2u>SK<({Zo*EZui2}=bREY27=B#|= z%JMsA^b=3Vo`;xG?~P`0X=y$PQ!s=XW2+FVM(tnBFlgGc@cyX$nueeh8NMIm6O@)k zAG`|!W^RwXyg_CrN%n2}qbD>tJ?3~5U-4*u5g+G2Gzwdj}FKe z$1^y^Hw=xBdsDd2a%61VxBJD6WHvi!Sg>u1kt*Irvm>T*+gBGhXQ1aZKBui*$*|X7 z+Tgj#shZ~=63kvgy$MzG2g`Mxov{yIBZQ%FPE<~z#@Xf{qs zaM`;jaCOnC=apW*;yxFj@5=~^q$m_2WiCqFkf35hEro}h-#If_J?*ffFkLR2i~U@M zzSD(AL4tytWEujRm=Mxhg^kcvtS8>cL;_sgwC5_XuwGrbqcg6@xQV_lonnSD*0)-2 zp>iyb^4P?Lidp(Yn9o96{U*JSiU_KBBCj-r)R#4#xzeH8OAQ&==yTFf>(yBtj2>{3 zG6=q>xAx?6!^iK>&xI8Ot;&X8THQEWMo`RLT|rd#L~Me9#Liqfd89y5b-Wv2f3ajc zQu)!iHdl(6pc-?j8!_RzduW4CpWnYnM0*7CDMam!j_l3zg)nHPS4O_jqJlvto=Y+OH1k z%h8v*UoQKh+`~J8=0G`fpxoV}B%7ui?+p!N4$5mPJ(J>etrsuj;aj|#aiH>@A$065 znVs(l;QZ0lHWtjUZT+a?=m#7we;VG`VwS8^-<0rJa<1Bc3%c^{7MN=kb zJ1^pxDg%aUOJ&_YU*MCnP`0egMOEmtN}h8Eo_a|JG@qb1C_QiezHOkF)RWjdB8}}! z`wPz8)NL0`ICuXq`hY5b9N5f%CeB7Qam1!Ng#7DX8H3-nkW5n z!IH!lRSWSFRke3lW0o0lPRQ+yeJtnW%c4)pfkoBz<&65Zac_RBcFr6qJfKS|!%!w; z@OsXh+Jw?Z|B$FY0((l0u+jna`^}SjQsGVY1~L?3VvEl@a4+x>uPS{{vhq^iB0|i( zrb4x?)HMmQ+Ote?p{Ek8CTQJ;2iBL-WfBf+qbswcjA9fIEwe0-7{Y66k1NP5hwNc& z`K;~htnE%H!Fz!w=2YV)Ux9^ApRDkDDYKMW{)B@cCIS+$W%TUSmG8LP(W2Phn@X*& zn&posAFHW)%jfG9rF5AETQK-XS9uzRPePH4uV+YrJE*pHH}*0YE6v&2gKE8vY(W=z z2I>`x=3mOqsk9y;ZP`n@7~$n;RCH)P;^}25E0;}3HgMf5M8q^s(c#PEt;v#4C34|O z0)Ymj=6H)J8UM#*wWLD_3@lb2s(q;m@*JpZ$cHmU% zG_;Bs`m|cslBINhjL9I_ z-8z&vK^mv>&1s1^KglhJ_=BdebAId*y=P4{`Dl@30#c`Wf16Ku>}PJ1ZimswTeA^@ ztHVVPa~l?x-ZajQ_^t@C($8(pw`U*Tk3zku!G{V+UF79?Ot(f1DI-QCE5K8{KFosT zw!0lvf~h&YKd6t-ej5F%U;Vhe7^D2>)k)_4C2ZRnmqxT6HEp<0bh+(c)bK2;S8yrEwwI^U)-|hYrWBdX>H_grk}Mc=$(<~1@ksTH$Ae+ zHOM|x0b4#Ze18s#pQm6Jnjf$iJO$}kE&6$D-D|`w1xStOj|$08-BvE-8F}Hsj81o_ z(;sF;LO!1aGvxQha(;5*>g62? z>#m_x5!wpQ5|F&eQBV8n*e$_q<2R6wWUsU9!bysoYtO*HJtLeP45*LFC+hXzw+^&> z3U4M%#;B){K5Ah|YHw`o0i+4v=QjP$A|sr$;qrCy2+gN5!rBc0k` zl6s;$VnZ#mBaBh-_L6OS@ES9P)(Ky1v>ei*#IQW?S#zPeus!eXC2Fa99W3ANRj!dd zhX3lc`PKHLVIdITt9jDN&7%CXbXWlM?d|i115sM1C~~z74GHx2mS$FWl_{LfM z`GG+*FTx_FqIl*C)MknFyhUk9@2mbGzIxK2_mz;9*FG-1bKzZ>sSz#6U!d159L-3o zpqiKAz%lVuIwiLlV~bf^xf7!ATYK5*i1O2%G?xH;TCXCFL}Hi8qFW@BTaaSmB_}Dx zn&^1HJ9KO}pX^CZL1rLFa8y5iF-SE5^VV{#E8H9hGGDwHGAApg`N(B`wPTvM&xu!G z3Cgd~#R8ZI$=_3XxTeSzZeG(X?XA>x=bvZ~9RC#ikW^Y}7AnHDQF&F)hxbL1gni}k>_7U;n% z1kiaF3 zm>TWCg)nCHQ74Ni%l8i*BdkvDDVIm$f*hxun>SQbSTnZa^5^Piq_CMd$Np`GB;m1Ps63J5Am%ODrU~S`bv~uuO?GR7%owV!FBWt;9jjo1#2qz?^at6AX$_jBz^`0ck>ywn)h*v;-ttXg?J4slRq^lUjMIpck2WFbd=>AR%nllL~`2nHqmHqlZP}1UNU}plac08 zen^tX>7tYI`rppiiTl%wHM75RtH9Mf&6=AW2F+heNF1{EwD`P6)gUO__Xe*4RXwX2 zK5?bl-fR6yn%cRWYKbe!Y@&y^^JA8J-r29+E+pRe(y_W0$GRk3Ja9kbT|#}Yq8dpLN3p6dEn*{V`8#}3wsI`biOGn(0HkmYi@Z{lI=#b-xddWzR`be{~*PYF^ zo2Ii5%M~IR`=3x2Zr_{Fx0s#tZp`bqTTb{?z&4G-ByX>1$*G7eclGxbuMX7DHumwB z$Kjo8-{Y{scrGT~VPmeycc0x*0JMHH-u!5ln}Kt@yzxXz`~z0vSNE9{wInNJ`#cjv zIJl3>6PjqZ>gf}lU`A`vIfN4GI_a|>fKI0E?7UAs2FRL1uy-2~K?Z&A)P^YBLxOlr`B<rhv!#sXyF|ZY@vLi zk5LxsVMc>*ymY@k<|aEn^)Y#I4oa||>Q%h zuz4WuT)6e9ba=?8n_1LVtB#U45yJ?@p5}pV?Lk3I{bHo4W5ytZOUM4OzXL<3%Zd{Cj zdX!KmcFJ_M<Ite{*f9}+tnOfv<1G1kgUGeYwXrGF9g2ts@uFMvnN~c zaL1S#dGQDRwR0rb2JmwfNF^)UB$MXbI@RIRT6TWIU$=dc6hj`h0s%kZ@hmVINsbW| zskLf(mbI2iny)fx(?^*1l5{tHBKoIjiE=LFy-g@;6<#^pV8bz+f zD<1?2->CF33JbI-vKy-i9uZFF#Tp^3+JkI;pT){XHdC?WZzhR#5z9V)S|?|AQ(~ZW zAdP#GfF>efJ*!kxy=s&C&1QWpuZZgFr5{^KG_-~SGZsbyV5oe0!l&)Y(}6s2eC4yG z?3{^a(n-I1?a3G5+z#HkmynldE5=?a>?!SGY_k_D(l=T5WQZeE1aMI)5ZbBDyIC@; zH;Qdib-_URg~sPO(r~;I5%OJ))c<7$n;WlagMxX&w!vWkpVcP_#$g9;VE_tz$^=WXZBX=ag?tYH7V$ z>e7P)P~%v9-t{1Mr#GD^vzkVPoMVHZZIx{^r}b?vtQj7}MSHrUqwbI%dibTGEadvM zm78D;@>HV6O>mg?_KFF_}o2&9Lp9~;|f#_f4e|^SD8p$QvAd2GtaiPi#X(G_&tI|6*{cARAVPONmAyL6@Ch|Dr0 z0f#EJjzO1UeXH}Kz(YIj?~RMPJuuOiEObB-KV9%HPU#a@Z!EHlH@f0JLrcYn)n|=% z=+&EycE&+LVvVMPe1(GD?CndY9<08*) zJ|guq=2r`yzk@=K+$|-%Olb#lzHbfLqC97h@~aK3T`9fqy0nK3i+iu}-cE43QgC03 zvcN4=dnRH{x!`PQ=fF71lUPq$!N!Roo${`8DX#0$J!E^hO@lL~-#dxp6VYcIXX{M} z?i&&PZciF4|?OYc6dzgY2R;*)k%0oR9sD{y@;kPx%;6$cw~$#iRQ>F2I=UKjO%*B>9~w-bo~g-n=c zAlZx^Ccnkup^0n6pf|!7j`;S(LfKj3 z1Ml%Yzqc`AU9OhWFgOu7Fk27whVMJ}FzaK#1vUhCvMUrGu7C97@6>;TI05uW;2&(@ z`tOS#l;=(v4pr#q+!?>4-tJxiqjv{3qTTkbn z;|IPw5fZ5fUPSXA2R8aOQvZ_|Wq$MGH@|=`_J_{+ABmygyY8Q@bn~B_$PPOZ z+Lb{(;6%MUr6Sb-H{x$j#QoWc5a^3=#cnSm0(X1yA0~!=8lwLJ);nGC!*5*?DgU`E zLalx$e)i(2r#3NIyM_TUB7!&n;o-3@lyT$7HZ9!EiQvq+d+^!=Gezc5z_{P0jA-85 zSihSZLI$~g@OYVYL3RZUc=x_f0Vl7)Om>gCa_sP6im>`Aqy9nbDKMuw^ym2v_V)w= z{WRCQLcxgj$I%O6vfF;Jopz782#;Sn0g~|$iMzrn2HI_GSnZt&4#MiE3C?cwA=cY* zI^u|LN6*{hA{E6C?drOJnBPFiz7ssbq4}e+iT<2ZAOCTJbNc{r?{58JV4Pu7EWmRiXC@Y@6jcEpbf&M6O@m;<}i{!jf8PM^DteGF#0yFc!Q ze(#V-M2Y^nKf+A@ZGYSgIQ`rocWVs?w&!pC5sd%c@PdQ(dx!kBKVtvU*a(x|{SlV< zhyDoj*xeryfo-8s0z8oYD+&L>*gy40nAOky5pMJDk>gu`{MUlx#*AzlbF1H~hP88| z{x8b{Q3y2we`m|rga|O?wZ+~4VZnSY)Wqbq`@eBdDE5(qm#33pb+7^oG5W~*eWR6d zLrz1yIqSD@U9yRR^R))ZC;8G#Hm3!?EyIdCc8m%&;MXk?5xIGu1(20Q(SNSEwjM^-!k6j;#w*ONCNr${^}!xc_%w#e#h9Q^DBgv>-NoWQ z-Q*O%1JlO1uU=P0h5d$jxU9Cv&q60dsME=WED1;T z@;WM7!$oWAM*Ydc^&@K2CtbeM=`QB8xk7i=AkvZujFA4P@UGGE0KO6W=Q2xgk{_+4 z<)zkoF*u->a=E3KE}||~r^T&NmEr%K;*_ICZ-;kU{hmb!THZ(_ZK=g z<-G8VGKz~@oLE*gAmz=g#u#7B+GotynMO?cMB~W0^}KiaeA}8E8kmufg>5O`O93S$ z5T<9XUYm?QceW8{@MCzm>pQR9?V(}faK0ZT0_6BFl`OBeOy zz{B~Ou(^CSTP@~K44)wDEjdaPv;s$inSjbl+E{Pqg@^)l+Gl8Xjds8(;_>2qq_FeV z{)&TY1CKsb926LM)LL=SdEil9#X%4AGN`oTV1jvBQ^mm$^RlXngE;In1>6k`x~Iqz zDu}JTjp(}UwK6SCbjYOZxKq8YhdjnBvi;2X+57XjkNeP{CGQZcnE&u>sQVgEM6jhQ z8BZmlm5)B%n7vlRyzwx(^r`;NDxTtCD}Hc?6uGmyb4R0&C&D{y$P41B%<{8xVjr{T zw)9~eC2tgKm`8^VeL_%9J18@{F@o{P8nFf%fHfH=ryV8l|1Sj^ZcDslR(KhHR!@Vi zo_dD~qr-%OK1_Ek;m=WWExNH=>|+FEJdnF5k2}y&u8!w}SVN>%1B@iL!pruviVwDm z-$4SIXGh5m>Bi2pkKH2UalbyI4L&`1+`FrIZq)I#iZy6zHADg+Ap#5zwhHzREB_Ey z4uk=q9^Keptp-hQODXDK3Po9&evlP5``CFh9(n>RJYa|)1*y9T=%Dd%*yTDNH}5b) zPagVoKdY1}!%)zB3ca|K>D>h9zSAY zz`>8=Hnfe(I)HedKKv zuC4CHCQtIt7gMFF!~*HeYi?@H2d_2zdBta#OI076Qoer0KM+#=;QiQ2BI0g`#Bu-D zVOmR;Fj>oe1@g_$PcxAEX%B?mrp%;c%w^GKcDS}2nDVqH)tE^|=7n0KbS(|99hYBtuESO! z{}tQ{Qe(!>Vm=Agr4m2xdO@z&;rU@of+WjGRNMB9Z&x-gM}dF!l(I~STD7iiN>yE| z4rhV9wVuL4h#K?NEXm;z6~Jqlt3WxVX?=yvFg4~-C`)pLCkEDww?JM_U%@h5jX5)m zxvL?SxVP(tlYWQi+>}HG;N@U@W(=q$P~g8brTj5Mt=iEx05Y zhr6a=wS)@f_Zld0yjEjA^p=^YDV6wO_X`$-4o}=^3Cg!dqK|CP5O!xrT`llGJPj%P zMXFUlu}%5XlsYV2ApZ#9qSTlr0PbTdF=O|OWPl@?mQV+{XSQcJ0Zy#IpA7sEWwctg z4}g749To@T?kRA@s4;s2SaT}zbs+9uhv(U8i3k7-v=w%EOa=UB`3AJ@Epr#3Q0so- z1Srl=LlPB$B*gZNes?zQ%>w@m)5;%X)v8~C#{MYXgDO7B%aVdn zw!Z!`1E9bZ3l3`>aEGJmjU&qBbU;$VC288~K#6Kec86fm;8u`zPWZE&ST%%HaQD|k?CFi2M}*(azhm76B35G2|>KQ z=+VWb*Ah=S#Jzeoq#cJPVIx^;A_|^kK@@z9D7f3Q(1ie1#s3-gmq9TX><}%sSrIKt z5G~en5g%Y+|3V?d{YbMmRbVZeLkr-0-(eB#0G4&D;UGM#-bCoaG!ShUciQNJaBpBk zxUcOvq2yoOzcKe34!cW-zt10nL2igZ8)`%g3g{Z5+WuefZGfR`;_|W?Og_~Q)Wo^R zstn}fogNDUGf$lAHC>p%(j|l##rr%=L+@|gYL9|>K$jPuAx!wS5hjhn2!Bq!pZIU8 zz_*-u1XG4-G<>ANOn$)(!R*{Pjd_V+N)Vm?$6HYK--7*PC;%hieuiL2-`a_RKz{9I%!;LW(w%S_qQ@Gd3s_6WMh&5ar_%0!Vn$KF zkr6hLei}#Qw0LeN%j*>{Y(+ObGgwFfcEBb@7` z5Qz8w4cr_$ULd}36i}uIz?AH8W#uK$xQ39%l;+3*t0e0K?WRQ1Q238a3dI7@kh{}j zz+%~CXxaVn{hi9PG5PUZt36Bq_a5m3di0(|Q*nrJ_*G2Yn~enFn`GCCEQ+G5USCbMBbrUn zLOvfLpHbiw3TB+TFFx-cG6)Kyw?6~+na^m`;Oj3CqGb`R<@*j;%XLIc4Oq)nL@`%b zG1_!r!tv;<>2^dGw~j3P(Bd5`>yxQ?&v<-QoA^mlbnXco&%Ibm`?O}i+-+q%en5xV zvnU!JFMFE0is^)-IQ}zUQS67wWf^u~_2J7$$=I2&bdhBrDC*jwYFIjZ7c8B@5!gsn zmx|uJiirijM(e_wlup4W3V}7bngt_`mw|B)HNe1+2#_Bk)~BK`tzx>2Ffo9E1k*4u z8U{Xi3j+fYU<(Yi=mruY##;!rA=UmzI>d=Ep;k6bm<|(qw!?%2Fd?HlOt;S%=K2)j znh6tY=incx=GEJ9eV+WU%c+Z5TMLyFao|WpZwa(Iy}h>jy{+WULq_ktOHn@_&Q2HnnfRSk3YnLuHnH&M^XC2q-tua)WEY9HnE5u;+k<^$Pk!P&ArWwP-1_y~#s%e^JGKg`G3cha`e2uxQ&Ynf>`ig3AbaVmJTZUI-N1r{;I)QtP zE&nJ@sDgm+#!+%wL6KLN9)z6Ir8#~#Gr#iHk?2Io_7Dyms@B_)hSpDo=}Sgq$WRN@ z_L0YVUm6nq_-}kv+d^T}NiDfkOGghqK z6ICX;>rd&V42I9EGUpSPE0{eq!Y>+>e4w&tc|Nzs0~Qw zPUAg@Qo)5zYK5TlsgaimIN#bFMU8O9 z?r}b4zBT){8C}lPk#P51?Dfz*Dyu8yoTt-;j}!OuzcrA_HI!w1+E+$&JYMeZ+mZ9x zxJu029!Ft+nG2q?5R@SR6kLiCU41D|FXHf zWuX)JF(Km+Cu*G2Y!AQlyyDsZ5S>Wz8$5e?``7~3V_0l9iLZ+-q;Qd7s<)hjidWi zz~Rn}wwC)dafaBk*W_$xY8sy0ke8w|iRg1_ z=Ce=6*`5=Gv`a$1WTG*rmLiR~qK#U`IwtSb7M*NURm-q=!Ox$+QYsS2>Mz5i%!whN z?hU9`2{Eqyz_*=(5cmE(LI zYi%DIf>Vy9*y5vX95-s?$n2;yhW6V@=b#Ghg1V_2AY$q-t8o|IC)Hl#4t~W`XKeTH z?dx+sf3vF_n_CoRT$yEDX_G^xbXh6_W3zg{K4Ll#%~pHGwm4{7Vf~s$?8+#YgUe>R zV}t`r`>iHsWij~dsG9xP_>}?H4-=;crCg0%{mCALmNu`voH^XxDsVULYGmw_F?k&I zv|z@==X6-SZ~L8`rHrs>iF{TXgq1LB{P7Mtl!mtXqT;f_xvj&$wf|7i)ovVagw(MchiuPg zP*67xEj4^wpMF?y;t~#4PbU%936QzI|GBzV90(XVaEj%YMhuGKkv z6XV|{=88{xmI4VR*jQMHf02j|2%7(da}wcovi_#oggUfoz*wP+ z4X>v|e$OYJ)-LR01tx=VIQ-9`b$!|6@22Nr)DuUG8PgSuj=w*Q@?CqVG}c!s5+YWP z>Nw^h<{VDv3gNnE9gA0?ePDIZZ5%TdmvQ-!xlSRxOrX!wenY@Ea*nT!)wmhBL4`FR zk~%6&Pf+ma-USy6(*=d%dYWnm2jtX3Xa3wH}TXFo=vkJ^G+>3yuNe7uZ6)1QS=9=jkCJ*nrlxL%=^NN!oGj{ zM7TP>T}PR|+drxCdE8I%xMZCZZ7JSZz7iujJ#__gj(~gd)gyneOXR2Sr_;x)$FL9Q zT|**IYwSLit9u*9uSbx#$5IRjfCq`Dw*ZeLTfNbt+vR@3?9DZaqN9(x%dgM+k3%M> zt5IEH%dEyH4O=|hf3~0ERS5c+fZ`KZrzvxnwvH3`>yyaC(W!T|!6F@B9quX~tNr(H z?XNWqH*3nH*k`R!N)O`G0RI_>i!8o7H*5R7=el|Y5x(hmVV9fL@A1ZOKhG>#W&>mw z8OzJY4O?fyO}lha>hI!BRi>mS{yD+Wb#%Vg=##t##(KPeIQOs+My zoQzhIU!67F2@lXk-5*Ju5BXhv_1h12LG}`(?lZu`AP8y^mwkuC$0!LuR=C{c>RVyT z>Y1+UyLNX)tMd+lBt>iVJTg>0Ql8DzMI^k6 zccC@wUi@*j(QRp5Oiw!}cxQTe9Wf@X>Lz7=NEbQQF>b@~K}5s%Dn_c6^gafNLv~2M zaL`tr7mi3_Hh;@?!!2L|Jaj>JZ)%)lhf?{xanMZa!on${2|Td3_)LTWw?PkU=9hgU z4@(5&WVgjvvM&0;RL@-ee+ub4I>JkJMsm6Z+n$;(3#=JW)9dirj00}H?o~ZZPd@p; zIw*~N1|Ap$NP#)a9u?F{DS*Z3`4L?C%0YN{y}0FQ?ItWm#%1L0M|-+)-PSaD5&cP? zU-a8k1eg_fC=ys>cPMgLW3eBz%Oj3EVD;5W>h@weRzal&5%vY6%|q$-fB+t>(`4}m z3}|ByDdZiDv=fZd6O8!~0kfm)pvj-t6YeV`JHk%^`x9Qzs&iXoyFg`ShaO&vaK_a` z?Y$rD!xO>Hqr&g&%I3Q)A(d^P?4@hLv=gtpPX^huKfOjDCGLZG5GQIg5d49~Czerr z;+w~VE01-}Thz4{zT+0Y)wrSaW9*)qK~paF7IvD%Cjwk zG2&RM18lK>Wz=#T(P`p{=!nLTlt7r3eTnK-VHisQzx;O0yF=({oA2`AS83nj&1TD% zNQjY!OILeJ9a`q?(db3nVwm*~-}NfYPCAS4eU+c*3E$-yuw075dwJk@bz@TPHQ}@B za!2cWWt{9FRP48yEsc9Rf=4@Xnt5aRyPHSA0ahoZ;@#&kp`C9MJ9a1JZFKf9bWeNr zKJgN`H3tzrQK*3#wztsU8$%Pm=G%)#zLh{lF*3`9L~i-&BcqZgrSS7|2hJex^O6is zAZ5ER?=dGiAOXj!1gA84H$m9&j8c|(nx5wKh z>%n14so(0DKby=vX5F=Cux4G0M9+1SOUM7d6C1xPO1HsHzo|I8Ec_g`cISU|t>opm zDy$c_-((9NSzP7*ZdbSJ&kly_huKfxZQ7+u{H9=n^+hV2cq$7KyE)# z$jKUd;(<*j-k<<{xN?g38_=XP8tmo87G`aty6okzK0Eoy_L#Cv$c{Ur4EzY{o#xq}N(ogmSG^|KZ5P%gF$h0niJL3H9Ib}VHM)>Z zwl<$LebL<}i%(c2q~HKoEXGY2B0BCd8`SX^$#e@2>$JVFR!ciZh+55xCfUNFj#7+<$KmA%4OkH&72Oe`{mdP&-mt)x-foCTY38+vq8CQI6uQrpNW?i zUpq_O1a>FDhV}-|R>A5_n};cGAnG6Ti2*vBnG^<_4?&t5qu^du3Jtx!JT&vBHDvWj znDaqjR{0xHKI3c`_L~}*xVPc9zTrc-ypeRLnS$6LCfe8NNlvAYVXO`drjvjRjjc~o z4(qBn6%5I(s}Ns;z2pqKL{n43cWN+I5R2(XzQgyi1=s@I{JP+~@%M92rTkY!!k4Yr zNYMU4LGXePZViIX3%gyfV}o6o5cKMnkBQ6Ylg@wBsHj!s{Ij(+NX#fO7C*dP%xpu# zz=%SvReXChNz_EG6$i9YxfterJp`DXE%40WbGu%BUUk>dG1OOVF3DCcW_CaKE#j0z z`0_@8pCp<)W1J+33)|Apb=)|r8Cn})UiqZi97neG=e(!((rDEo=lB(~#2ot|Js!!Y zqr=0TEJuMDrRI)mVm2hX0cllG}w=1!i%%Tnb=i z*T~ z!E}mt_=9v_O=PQC`w9yMQAv ze_a^6yTP!j9YDZ*2_Jg4%v(=k%V11Ag6ZF|<^g4qzaqZHUSBTuEE*o!>ADhEgmC7{ zEq}NB5ND4q*Dw8Dlx@2ke1B#z-c9h4M?<3i?q_n>;})hVyu;+q`$^39NXB&GoG*J4 zT88fZ-9=+R|M^&X{Nid`8Ndu_U)} zx7{6O*C%@rfd6d0hQk3`BK9=D#O2MofWsnM&i5)Y-$g>1JDjzOn#?_AO#xeBeKfmmin|Je z#Y;Vb%*tZ;r#b=B*?Yr0%%gfAJB1F8390SDmUx#@*hd4IOsrpi+!(BI#yZ{Na{P$o zqFM&-{gT46Vvr9ImSsH`OLjRIX9z4Q&>cafQHP%e^+j)of}E3Yygxg%IQ#iRy`;z& zizcWSI>`!;94@JdbDvZE65f-lD6;J|<@3U~L;gQ!os!OagPGmjhC{{QP@>Xv{22H| z4w#-EwiaijhMXj+9Rg6+Pc@=`$MDs4y~j_v0SGRum}k03a{cF|1Y5<-)Curq80fi7 zgHk{##2HoM_)aZ+kMm8xIgAtL*jhR!U?9gDMEWJ3D;T-uHCt}HMSC2Qpk5zT6J}ga_1GbxV&0C+?F^Vt*5L@qEiUAwiiu(c_Wds zryP`~XHY+iVNYBe^Kh@pL;fOZt4k>{;#KekGhsX;;3h%UE|Mp zc?Nhb_kAsPSB?g)dV&HE7Z>Y|(>@w={ENvs!aRLRi(O9ls-&+L|I|JK?{mnwG-vTr z&}&w$WGd$~4HjznEBZ-`&x7}? zD)PY-Y$igfwHi!L8Z2;$VbZ>3Yj5l@bU`{jG)+ibD48t0Epb=h~ z=tNTURGV&`a^7N&>7|2t+FT|)$$xn@jZL0F9ww*-M2lv_E+wu^X~l{gx)1$PG7y;b z_a1bs79ee*NWr(#*YY|DCcC%#cDL6XN}5?wT{Gq%KFi~{{j@wSa9I3(QqbSU=pAb` z?!h|Po36KfY@Rj^2^$@>iUuHKQ_PaqDE$*k+k}7`C73~OInnRBa_XDvJF*0Fp*j{I zI;y3Ilyz~-G$zz-%qG!!+VFDVf62vBO0-RY`{=JGiK}fB8bPax8DK?emQFVoF@#Gu zUzC;YwrofGxhQ8jDbrD%(Cy53aw(&i(kp)I&nOnOs&ccY@Fntw>VN`LZY$@*93_$o zhA!Pd!J3g1)un?r&!T>FU`E6IRd6WIYZWcciCsD^mZofw0if4VXBT^jLj)bbz2I9s zJl-vymwnS*9O)}x*GH@}L{TJ@%Y2#B@rAiN3;}#)i3->tf9rSAy$&B9Em!wGoH*_a z>V_GMc*|oUw@ zfOMcb?6;03h$k;Fg3!zwDZgAbEZ1 zq-oeU;j!x)&kuhPm(i6>^#z!Y9VLSD)I_+5&X+5u4wjGY&yG`%KC`Zpd3=7SAevs2 z*x=Ti-jk*<_x zy-|?`3muxU^73M4@RT-K^EX%xXEJi~18DIRszgc>`AVztvfGcIt8fRkYJF_c=MvZNM)Xzef2pY;u}8O`8f|ymXr5V$t65;DoYh>gXPNF(eRG4B#nu7WjkI zS-q+Zg2Bwh0B3a^teDZ(*j6FI!%vth9v)+_uUll=MC>ouq_mS;!Y=*a*`4fn>{p&w z-}2_La%hMS$FW{WB(LuMnf|)*Bxl?pNahJs)}J~>I}>Ms+l`b*dohl))pYwOzOLUh zq%9M1(Bfq;Dd#}GS*;nuylqJ|Xf%U14Bhzd58n3BTIN3ZxF%uOEfAG!b{u!!bCf1s zwy)W{g?KAxh!4A1KgZu~kl*tD^3rQNQ7c7DH`XPpBgIpU%)UDXN2S$e*Xd^&B)Z-P z`sHDsuw{!R;j>uVtFA-7K7MmTN2rgN{?`{b^AhfrB7hIq_|@8Utmf)L*axy;eN(q6 zD`n@Q(kPI-3TEHCdH-JsPpR`CjaZFn_HOs_+ejMZ%}@xfpwXh zG^crE;~UUysWcp_kt!#_2t#FIM1Z;(*1u9>YaK+-ktP;N%0LwvRV)|PmC~+QA4P8f zELMtK&cjG+sE+a{j>!vdnsKh%Y!8I36!yQzO(c_PjXMo+!I)?N2TSg@QJ0QnAOUym z&)0889BD?7G`7sO^R;T2i$4NZXNQ*=Cu7MQIjdYFhbs?NKOr`E-ykl%-AoU~)OM3|h@)RL z9V2O%8YO9u$~2BW&x}xHr%sThOy0xWDzyMv(vL||oO4wAqUQwVzkk`V-HlrQd;VY$ zucowS7v^+VB|MrjzcwY0!4LNaVZK5wGWTDJw00{1n{-G^bwJWmX@R~*yi+hfinSNj zYe!#!Y>7$Kzt+bu)Kw=H#FSXkt-PBCQ4RGG>W6Wfu6f^ zLpp2D=lW7ydV9`?`V4`#R(IP|4)>ykjLXEJnwe87)FHh+(i&|DwR%UDCk54LqYUbS zMQ8NVQ`?xTC8;Z?E#TRgeJaqX%z`51)k`@XzH2~MyrdunE#K^$D}t^Kq{cZ?X>HK6 zuC|w**M31jiHW2eGBt*mq}I4mky7`{xXP#IUbI_6|qJNoO4AZu>+3%~?dm^x2J$ zWjO9=CAo-Y)?6+x*OB`Hg~~L8?_(`Q=Uou2F~Nt_;^B=>1UPc5Sm|2iOBy8Cd#M2o z)I%IHymAWJC`sTo^4)+=-Io%gDF&@EWr^{UKroY8gltL0A|%IqplHC=r^b}-izHdd zZG6@P2Rah9&igDiU$^hRqsQsF&#ghT$A%Cz%Nq3UwPugBV8+caGYl=JeMwBwsmryla%9NV!p_R?45~+Oy z(iyndCld6YGnOUl?P`8nctr6)lveQ<`;TtgDknp9j>7Nc_{;YIsx0s_gMyUI_^)U#8Ge9D zy#FiaUa~^(Le3H+NHM=X2A9qL0z0@BlFPR_5N~G~Npn{FA@n}yu5+zJ_juH}fRrJ` zx5pf*fx@5+M)}?qfK#igcUCqbn@A(g)I}c;Uy0R=oK)7Ysr+z+rD+<}5ByKS+6zRh zn@$iVrsi?vFRXFVSlmpIn+Q6Puzklxxbpm}S$E528!ryeB%QwETkT82jC3<3#>x-B zk{<(QEtdtx5BoAY*i*6Jpr&)ufZ21!-Xh?M467+0N^aS$b zs*QJ@hDUV)>E%S;B%rY?;FKkS#3gQ#3;f|`!VcCtC`34o@YYuiay3B7VBLFEm!o4K z7*$wwmWHKtJIf(vZrTkSgDJnQ3JTIPoY2RM1itHF&ceBdpF78_!Y3q=jT!VY2BsHV z{8pd3moK_(k5@E<8Hj#gkd8+#K20wS8G$f>UTP!kolas<{77ytS`u~_<4^A!FB;#y zGha%YOTDiA5%vpJyVVAEh4pPtfklOpQ5^nc{vg~Li@hpcaRaqpA3w<+BM*R+Gz?x` z*Q>+tv?khzP9izNvvr)QYdcl~;$V&bX6*Mlm*ndH+h2WBg8WwM;P~`ZQQWi{@DC1Z z`pRX@=5qBUPI?7nMvGihoEN#N@03UyKk_CF;?{Iz@s?~%BNtta;R-+DR z2{;D@SokRH%W%K}?1Dr9DVllaASnbC0wR!(8T8Nm8F-B#ypmimaFA2x7eOUP$&cH5 zn^V7-FTZoCR{fU)W@h=SehVz7(7|wP@FZMR-lX)WD}I$2yZ4ggz2c(khb$Auhj5GY z9vKX*WGv_gQ;faJ)Se`~AYn9-+tUK53<?U2 z4pUuI!ox*DU)I1_&NVvp@xDb>)%QQ!=mPS-5ZmN`ZO=`1hpj2xPexxSxW9s3IhXRv z2tAMgRlG`6pXC(2id|YU#p%JHz;~WSnuCJc6uX{$O;jQn?OA#Ti2WoTlz@mI_ozRy zfrAnV44As2UOG5giLHuiZSSDVJQzh$=xC*XgGV`%XZ7(tn_x9x|JQ+dNYZ1@qYZXJ z$YF_H$&1iwA^$i#OLfEzi4nOdZl`$XNyVW<6=a*w|%wyGj0y~&*Hj_#PmF?UN=R2yJYFjt=#7GZ#z z_IsHGDnP023v&lIvuaA?K`UxpOJ#mPy_#OS!))H_6OP;saGF?(6A@)#>{SS(3Jymi z$J>w+?78XX4#M^q;zNiRT~|gj#jDYTix;+=^IcRw#B=r7*0+PL#kj-tu*!k;_~m>8vs}H{Kx;7q zRaEu3Eid)$5;i-+>PUQ9xwJQW;|1zO^lryVFr2E)|7CxKU!J+&LKXFI_Gc!ig0NHC zD|9gn+n237Zd)_pY-V8X2CMH3TcGdytjBYo*w)*-n7uKUDIh%5BIVI9x=aD<7RFQ{ z0GOFur&o)X4l;IorsXmz@G{huN8%L|yFBlbPm#SO+CJ*j1X&G{YZ!zc^)9%UO?K-# z?8yh0S;Kn3SdPmx+jbQ`g-VFpP^(EOD5+`HFcsyg#aFV7H6V~Y45e(WF$zhWKg6G@vX;8Xcw!#aCz7wj2M-}#3KI`dhZy)!5T6fY92(+0a)+odvyn6y~w(wrxHlFI8s2I zPFYOw3WJ(nUNBR?0{@+GV5ppe(8+SdBwjIWcwmzxARMgiMEnLDv#uH>tv;puF_|L% zkuVhfBJcTlb8~5&Wj){?p{`@kuNB2Nz3(B@9#6Hj!?hWHIux~oBpfFGw**)7f7Jp# z*)AWYM)^9W1cN`eChCfDB<{6}GI2f^>ZDN^Y~wRWc?&R~%n*`l?!LIfA|pwEaf61^ z20h~I`9tR)Y--=d^!)4KYwC7npUCHF04I{;ppBr&i zFuMNi5|*5h@2kD)*YJRe8WSkBrU@C>5!O;(7KCMrw&W{8>N=SXlMLzu}SPSIJF zV*s|Z|JDPhsS&+DY~yVFBF1BpQo!B=bM++q(_+~5*sB(yR*LZF%*mBETJ9c=_ULpM zs{4m^Y03(T*2%NCrF?^u6lz)7GezweHNqtXFNeFq4DeY!>JQOWejbNj^X|48P6pCw z)|cu!jwPc0MFB;Pq)_Er4cW<}&z<>kxJ{}Q%zccE&LqXPSH{oUk4T78#cQuTrCfQ# zZt(ublTvsq_a-rTUE?)YPLY>(BDg{|4$D4YLMuNy1rFONvh{a#*@QsQX70_)XaaEZ zqLlX?w8YARASn`~I6|c>g_hpF@OAw94zqJ5?}HM7%^-_*|@9mX?qF$L~#S z&vQTjeITGqb-T>M*wKGn6DEEFtUg{`EE!xm4!<6>H8$E|z+BeNE;LWxCZ_K}Hbvn~ zR2#rzO_GmV`goA&>4k__@d8Pf6G`NEw`iTyszmIZOFzA#T5+`=c~+UfoU4DNjPYNb zo^*_-jd(AFo`up`Y)i%+M}`&OtyTWCh(RE7Y{rXNScQGUFAOB6NuWR)4M?IpomEkW z#ORqYWlfMvotY1^j9rr7B=4h?!hOIU+~gbO-AU_jON5a(c{%@6)bk6fd=cpXcCYej zv?1um-kk&j5#+yPA z>>pK-8XRvrDmH;?<%X)Kss)OW%;stNj7{A%h}Fx~03K*7K(u!I&&`Ycx@KR5Z}t!p zIa}oVX5U>n_MK)=(l02I7P!GGyWXlDQ=yo}Phk7ugyut|fMh!=Bhu)7|6gl?Zg5k%6$y^+w|A`d<(@Bm|K4REXl`?EF)y>&E z-IVW`dxwJkJfWXPru8p}q^z1PVox<9ACM@Io0gJ{y4`yt&hd zNnwh3$6)bf43FZP3*!?D^Ml1A8*pE`J5?BC(WDrS`%OaB@85ihbC6Etfq;e^F=>ue z)AT$5N8lS!gMyotFUcOMLj#H*W+SHO%twje=FdjKJ(oK|cW}-OMYdRMx2EWX#PTe!Mw4!0;e{@v}2B~ew z1_Wyv{L!cW4bhul0&pB(osC*JCF6zwf6AxA$C)JfW^nK|_r=vHB=?g7TvTB&UUY6W z4h{4Ur|b`i&K!vc5rZh&K@>Dz#w$?D}2p z@u>DPP7sd*lwv1c&ZVaP&fN)fyjEs5f>L$@V{`zVr&*tA_sZmG5ctvKj6g<4A{E%S zx{5I=LuQg=L7J24?}XWGhx+Z_BGo=x-qcbUp2^7O`TM@ey_{>GKz5j8zkf2x#e!T+ zu0HnAc#K-{y5Z*o@S9_FHSp^8sa@BHNZ>98eU+3=-$i5Y&yqieW#)9FQpz`jq)3(+ zGPUE4@S^kz>F?N*7y!1)kXLZ?oQ*(+^F8tphamF$;j>M@on8T;ybY9%>9D?3Z#m1~ zv>2W%J?9T|dA3dKX+a3oC2j_1II56`sH-ph|Bsc>rM{ilyZ%- z*qm`f9BouGL>q%2Z|J8>S>Or$(b0BSVE&y)WMUahHZ^pk9e;yRl?@N1Pmp*xEmVo# zkQQeL1URJ+TM2vK<9P_Q&D8O}kN@3mIt6E%!FbG%kr7iXxaY72D*i0%O9gwag<%Pz zY_I%{7LwYfgP`q1Z_l1QZ#uR&M7eXZ1-Yv*tHa?kp{Fd+49C`blePhq)H!Onxe{Xn zXT=2juP+97ksQepMA7DX9Hthapi2O1m(h1Gf@BD%NA_H8l42`$O^QUus9{vlZB_@G zxQNnTkT5Qs4^0CCoppk)L@0C(m|!LT-^A-+BkW9V*~Ab@#q=4bYFbc|;9K?xjx+f! zyNO&Iq?cYK!!^-HcKA0jO47Ky<2lm@xC2zK$0}9}^+^%)#F|Hdw+heayF{xS#(bZ+ z^kYZNt6lp2v{Wnk0QonICM0fKp;pf70MFP+1pnjL_h<*A+is5~jBx=S>M!<$S$B zJof`OI>cMO+b7~aB~}lBN%44$It|g@rVqHk6Aya2Y<32wy^2#wd}d_af?ALLW}=-8 zDXB<)vEuuWoq6lBhdH2>@2fAZXW-;I$g9Qfpx&ZRK{G2%vB6(KR# z5s{`CB?LhE$^6GCW@_zJ?7=4h2qKyjl+MXQSYv$LgofV>eOOb&vmiRcv(F?xECi#9 zxb+_P)>@I@cvJ#9zFB0Ktn&_juC;SQWarD161QCrpS{<*6)?<=I+Q*`*-5YMkYK}( zn6ScpZNzJsi-NOa#mQ}xg*%jzigOusjU*&!UfFDsRA-FjEkyVsPZJOLq`}s``cGQ9 zNX|!fqg~}gq}4F{h!NhqM{o2gT`cOL2C~BL&Uv4x)a@lj)sk`X{+^lR= zsGq#m3T1{99m2!NJ*t5Sn0mII4x5p&CKyrZI@5)XJ*HHmQ87@=+?4ODhxUE6Lnf((cw=b4jC+-nM$o4B2{!SXV= zSY7Z)IW)z$Sx6Br?#qQ;`?Z!HUDz!uDjlS*Z7>&?s~vX-Lnr>eeo5LJUwR}rHh9mN zA5(WIh@}ONObG<$pvlD6u8FHTIK!xrfbw-n{*Z8Tsbn8ioZ!%5HC;;SG*0ym(-aa7 zDZd^piRInrUn*)8vB|r|Q5B_0dKuk+jO1Wu%s0m5FRfsStQ_T1IryR$FmZ1ta9VzcLkn->1dLPoy2<4tyN;$Pxe7qdemMNC6~%_xd0>3 ze@+7@AlAgxpQ!i{uRDspGCNa3*H^&;N{t$u)m}oB_%aQ82uopWr+a8KH0)t+$bZ9S zYFN|b?aB3CwK-5`QKNE=NyGyIcK++`RKw?$bq-vF*KsV7`I@ETT(7*yIxJ+j1jYF2 z`2WuQIuBf4<%XfYa6=l~Akal)aq1W{7;f4LeqHek%-v+&W;=IF)XX*`?G`$NCf`30 z2un{XT~wM*xN7FHXv*_8qfb^0d=3utbRumDy}@2;qgrq4>C150?SPCidYJDVAVYsT zSca45tpNw|&n3UWQu{}r!a1J%Cd6~gr-%k6wd5Fv43M5DP(U9Mfq#jSG+Xh@N60qC zZy+QsNK_t{Lnl!@y@+;1exXLbO;>BLX{X_-dL8id7#eow;EKMf_4aICcc_CkBkW{E zdvoPF_MwxNij=g-rKA@kk0$jsHz1>%iQ0Y)^0MX@Y_mkZY#jl@x*EU}%}klbVy?JY?ZXU*;DIXBb) zB4+(%K>DlsO5SpU-MXi&649noflcmFITbH)B+S?Zu6TqZ1MzF4qC?zBajvZ}y!km; zl$*7wA_S&+#q(|DyKrQ6xi%lF%Bm88EhXKWRU)9q>!l{l!$I@D{K2-u5N484Oy~+z zK7h}8XPaB?d6hzw`S$A4`?giZtnKFDpfaB`_i-!tm9C3){bI)RUC-3F<@y4BB?GX7>)L^x$p?aSkv~bOp>o;Z%wi1&E3N)0g&tA!F(?v{_ zo9d>o$ul@mX5&q@2mjl6+HZWCXfNipTK&HR(1q*p$yT|{jBa{|)#DZB6}Nj*gK6ny z&IZh=jj$_>wMBGWd$xst&p0S)Q4N42c0UzavYyrnq1eh4y#U%#&dm$ zdA=S5szZsCACxjEI@=kK4<3*A&T7LBjex7h#bq)h^c~q1$hA=0+rZ`Np-kYJ6T)ya zsE#9R!8n*IO~~9STVFSh9hV%)S43<+d7jnYUK&QV`5h~t?cVooIE)=eyuE42y3Nmq zzUC)==N6okBGO=NcwOugWr4TZG~^z-W7h9kpmc#0f`B?iJ{f?3qYWR~Err)LY8CdA?vb1vb5pu;=);g?{ zjzZ1Yxo@yMheoaO2_>I%)Po<^l85NEZzz54|uQYV; zBUdw4B(67yBIfr?#U;^6jJw14=h~I7D0k45$9%hpvOA}+0e@3?1FilGGZsPf`FU~t z!9nI+r1A^0Z(aU-%6E+`@RV}cA12Ur6G-_Ue8$}@LT{&>276Z^Y`WxTz%e+J;rZSBh)@*9{KsfV4lZz$31J)V8Cx3odN9JZm4)~6;KXck-C_0+?A6! zylh)^w$3$RTdL_deC>qClKZozqc`y=;2xSkjR%5yfl6l=?Q)+(Y;hX_WO4 zK-tY{fLCH$dq>3XAP|O(P`=L5)&rLiM4PG^P(V->7hWgNS*XzM5{dn_M3U$mNF67k z_33@oV8###-j4c3PbgTcamTwNkjRxpe-^i%w55w{(0^(bI=r$^&OhL&LWn5*0^L#^ zWEEl7XvraBqpn7Qv3rEnQ3Qmm-H~QvR7DP55U9wYc=J!-nFR(A1x_S7rK@S;7nK-yt2)-)_(2~Dr zJRLg8c|Ppj;#7vWv@zmYu5e@CVRo|86gI9#Jk^*)3FvFmWx>e;Ngu$*~wz|0e#q4?yt>zwLwQxiwVJ}Siejq6)`^tcj z$Hci5+4yiY0~?Y3s2sdmM+7@h<+q3N%_ef;TZoT-iB{75IPSTKuGec0g9<8_!6U#j zxOY*y4i&k`Q-O4Ot^_qsS?+Zo9{=TQS^4xGMf7)kV?H(JLyx4SgJ}Mf*ujN-y2RUXqerjH@tfxVDs^c5bYii3y5RR!A494e)YpB1cXIH{yH4j4ZeIeF7MWVtV zDV(5F33FexLA04gl{7U#D};NidS%#t+j2N(<05RIIDJ9eN z58cBVlDcw)>zAR#^hF#gM%PVn(|0dH95Pe0_TvlI14J}?WlU9EOT! zI*6h4?+nX$ZRxrYp?^QO-i&c1HKEmJJWFyA?7l|oC`Rf{?-GK7G$0O6n6kfw-iTcX zpfw`0X@zhs>mGR(gk#6$2`b<*Fbq$sYXudSrc{ewL%p189NLLKqNBfGBPE@w5!wLh zi*G8*ME7^qwsorpUr&mm;kwT+jB3vxCX32>FX+x8r{ov^5_lcAxBGNRh%?7ElA>__ zc-81b8d)QhA9xeO!sHpz(HEi}rz zzd$l9ia74ldV3VZP3{!`{%eC%1N7mSF!qDYqhANBQTI&Hn>_{iaOC31*DTcNy8$z3w$i1mO;w~id*8mb{J6#TZ6lq#-kk6@RXtPU=f z&-8v9k29qSyqvR;c^bHE3oU*BuMZwY;HoaI%M<6hUJ7m8<*oOsUp%SZEWMQVDfF1P zKpw#@{Ihn1lDO9OtJ!3UZ?f;64!oty7M@fq4uyyUwC(lB;QzI(nb+Z_r zI+QLUhw(S0YViuHax7vrO=$E3Lj?@Ab>eUvt)rVslxe6j`)|7wwVQ5xAIFJGs1g5_ za|X%L>hVKFiJN&G!YB&L8u5Kv({7;`zQ3g2ktY-?7vJ@|uV`b+e*?O%iLpsWDC!Zu zHYPU6exm`^Cqs)}$}Bm&hx~(47;SS;2kEEzC(j#mpNFcOi$$Jiw`C02JOMedvRp5x zrcF2YP@**77=0&x68twSX6)-4JP`W-<3(hA=nzrC+CN?>C4`23wKk1)-?F7XK8~IX zh6{ZJir_90?4HLC96G@03o~xTy)DJjGqZQ<)gIj*k(*08+lk4SgK@7xM3^E8p6@a< zCHOJ4-RK?SJ}Id3vxx0AqRIAslY^UH2X&*^OZ%E9<;GjmGY|2{wdK%=?(x2$u0}G^ z)nN1u872gEI;QEag0AT!S7<#7M zq`sV}PmvS7%~z(NM^dYwT?ceP0 z1M}Cz7cqGb`6PQFsoW<}tA>&4LBYfS8c?EBg<~0yTo5sg_4PVO9Uv;KKQUA_dY_Gb zXg8NzLil2s#67V@XXFh72Bc!d)4}=cj#?2vz>`_>6ZYE64*aV}Z{=|^)Maj8X;#Vs z$I*dzTgNW`P?j1?ttrE_h|abs?@*8NN_JvA{Y_}oB*sv+ol5P;&lyz5zKRM}qU?I1 zW}hv!;sPJveh4?e@=0Z;bzhvjXI}+N6L7>7S_B<3)R*D=-qa<2d zjGEPQ2w{ud4b0w$->y|Yd%8V-%bZ0ENk>#uNrSW1)0l@!Tn)_;gCiNH=zzSu&}`^; zzz20`LB|~pE3`e49S%BQzt>o5?~eqIGM2l7S%&+Ys!zV(6Zes?(tKimyq`2QV8IZI zq1?(uRi}vOj3L~BDa}lhEn-qg8xA>D!K7DpMtiAyG(s9aZBE%wkYgPWA(NI5Bg;J- zu1fiNEoVYE_2iEcxyUYEhVSO)gCKSuQTjlfmr-+rk&N&dEQzWCP@6a9NXf_%{GnJ_ zk?@E^EM7Jpe!6$ffwKIIhD%8dq?Mdzw*CNL7K2~HtqomYU2@%~sT;{4hr;QbKx|$k zt7;+bK(t1rv6S&$G0^(Mi`Xd41l3oki`kJfYBv?5J-mEUR|5g-v4)FmGNh-QW{x+9mrqWDf-Mh#o8uo>6KXSuVNy~xayW_7 zpj6LurTO@W+g%mrzbwTF$-|Ue#6taLrx?Fv$h@4Sou{$VUC+$%HAq zd=x&2SsNP6J~}M0sT+t#1y}8T@LO>RZmYgfYCW3sQ0exID46|)o@!JQ>mcA_#sDDb znzKx=<1H&QvUlWpGAeJDd^KU8&QARP^894O@aHn#6%OY?NUM`Qo#O}W%cB#!TjzS- zxa|-!nSR+bF1-)C(-LILhb0%0hz35&i1^ks3SRedSQSkAu(r0kOUFmEv}(lie15c; z87x08_&u$B>$#05QRmhCJ^c0kI{xc_f# zcVus7+BL2=)1OWxAQU3>>(0DwZxx4zSeidVA^6PE7iERNjnw{{J_#?Uxv=NJp#_Px9V+?Kaq;T^L!c;oO%~|U_KFppc zy6@zjw-i699yT-?k$OBTcSK?Gw+I0KI*@m^i`M#Pmsb^GQuT|h{+yoY6)n21?9cR^#i#bKjhOE|ATP^rA~2bynKG(YJiGbEmAeo;?J z>huzqUCV;2gZBwX4Ao|<3(bppMI5J+h|tb==>F%HZW9f2mXtCleDIETdSMHg2o;@> zL~pxw&y=5-l19l&s7#oZr%f-85PHD8yxBj(4PH&GDl z)_W!<9w}7)b(-VAvDdP)u}+?^trfef{29A2UYUB{M`H9Z;>_ez-};tT@%Q`|505P=QgcPG^Q`HMJ|+sLXL zO3n0YyK0f>cg`D2h*i@7keCmszu{-w>Ywdq@LK8YP-rr+=GOGg+oBSl^}gQw&M9<% zrE~H~HY_Z%bn>H8c=afqE35gBc7KJ%@gb))=9?8$({w(~8%O38g7iVFT&#{T-)Mr^ z!o?7A%`tQm>94P_!P=C1vFgQ%Ga6m~(y(rOY;{3-Z_(^pe}#|dckhjuG;r!g3mVQ( zyC2$dS%P-}r4Lt}^IV4Br>#6ku0Pi=C!IV%H3DszB}C#exSIAdf|WL%pZK_z9PJ<` z7i7hVJTMZHrSV;DFJRrDU48Q(Ha2HQ)sddrdAi6)(xGzMr0U1J_(>Y6ZH44dH@ko*M4wcw3&Z<(2Lal8d!( z&%o9YlQ@)ijTDWz7^)^7m)3Qkimu&zCM|(JzV#%3cWyQ93dUb}T5nS3jXKs3j)qI$k{OfacT6s}77aMRz%8^jgk~lxs7*}Re@?b9 zDlyt_;B+kR^h#A!-3| z0aN(}GOv3wjxWXqj^u2-UA%*uww6x|q`q^JiV@2$(youDB-9zN_9OKr;>W@(c`dvh zFnoTLFxVG+M2Y3H&du%x5(Hwq`YUCF&wbC))U>t3od(p565%HpSi#wJQfaWL1i5lh zFKBf0R#Ogy;6k7c1pNdUWUX)|h#JuR++Ng@r!VIF+z{WK>KO(kQxCi!j71T*Z7``% z+User`T(zTvs^Q6Zeo=cQWsIf{+($SNrI04=abXoUW`#D$+`?^vFjYoMRs9L4?v=IbEgRVi?3LHV2Nw2n5vT4LK?x|O(kG})&S%(4#A)x)IQgm44 zmscQ_GSsuXX!)TD+_~*FD3odr-%>N&z zzACD&rRg>hAQ0T$-Q5EOcXxsl+}#2zxVw9h;O_43?(Xicmy`2@jw)>Z&s&rOS zjCA}Hh^RP=4m_30$bdM_{pVyqQ}(P_a4Mlpgf4I50;VuPNWw8rN!c%sZ@8m;636#{ zfL)=GI*Buu$pVkcME^dzo)|#QNz457TX}&O#teV!o7QYCk`~=RLx1oS8j(i=N#Df5 z(P~7$bV4d52~We#+L>k+POW?LkQedQ;cZ$@|#=uo&$5aL>PXcJSgt}tY1GGctH2>IrB1L4<9g;0z!MupVv{L$%zqEtzBH)Q4|?-npf^GE(a zyU9Y-&LPeBK16^|^<5h@HGcl?f4NKEw*JTb6La_32`H&&SK zl`A`JZBV?+1xGF8L2X$KAwBE-X19h!gcwx4pzptc-B>@pfM$8$MJb1C4f{cj(&D=* zI@{8QW2dE4>S*7}t{66r@2#o#@^hs)@QSU9lJBd60^g(d8;k?>pZXk79 z&~fZ4p=pcv+cdw4NicD|pYD?6eNvy4_^`h7pT#Jld7scFcF>^MM9C>9rnimfZ>#&M z5kW>5ZbJ@z*;7uU(tcFcVK^oN`Aa)AD0@U5_Vr={e#1io$XX=waiJQnm`3^*yZnH1 z(RlG)npE0-))M~DDc+Esoq-`b8?-@)+D>s%k?%{h$)R{5#$|7>r}axI^0s4K08sbP z`+8yIT)&ofwsW~Gtwlyp`hh@zr7Am?WPW5HBbRJ`0?89mHE`g9W)!XbALa0yVt&D! zQ%WABEwE5wbP_Z>_BW|MIJ;MLB!DTwXb`(cszO?h^6^Rd>)%=s?s*VC$MKAMuLXr^ zp*FF5nKrZBmQ~!U0H&n`RhroD&`~nj(KLiTXAi1gr--BYuH*6=^)u5m-Ilq#rM#zG zh(M?dZQyR^+={pJ686{%3c#L2n4~%VcSWQm^DEwZ&d>l{{WnMhp@T2NH^m?ISy+9$ zLqIQBj4_8QxPVG4Y zGNLNz?sd3C4)Lcr_Qbmb&y~i!JmzJl7pi9pR%CjZD4cWxbkmWM&S7VaO9FCl;@7%| zcuK@{-;*vYA{J5H9}Qb+y~pudAp9K1i0t%xYsC1wZ(k-r>+giYK(wZgM)a*g%$wem zR~x>zPIrFQ`{ON|X)A2f04O4%vgHyP#gJ=oa3O#&yiA(=5abt__Lht zaFKzkh!r-BAs@ktcP0fCgFZO@RO=T71Nj8mRnziq?g>)~O8@4UCYr0i)Nv6~scX7q z+Zb#Y90J1sw5AZ4EgS+4!mTWc_b)91f5_6}#paL)Q7{&9aDaaaX&9upa^2G@lAg?4+ z*a(EM5qBH}BiXzO$gFTo-Ml5yox-!Q`AAQ_t%}d?SRjGBh${;PyBU~HVN)q2s{TZ3%|s> zM<&p*fsdH>Jo$l!2xZQ09l6=aLT7bJAjit#M)%RPWUs^DKsUNt(QOO$mpLyY^$(mA zhncZ5t|~K}x(vCy{72OV;ZDKK@4z+@s~0WLMy`!8g``o%?avx54HL7u58vD&Elvmt z&1I8vSQxi9atayrU6YC8lG44u*GmjVn@t5-kF~V)Z!B{*eN2YHn~Qkd~7V3VWU%ILMWj!l<6Y`v+uZa zdO`#6i5S#9?JMv|+a*mEQT!Ef)zBRr-H+(&#*;Wp90OS_lyu|l(NG_97)z{SyA ztH)sD@9$%`vzaQeO{|?`SIH_oA?6>8Pu|Ps8|(2RLAkjPm?n0#d5P4N2x=a%6a|m$EK|q~YFqSBPnt5a_c^oW!_~sZ(y>m=wjmgi< zt;oqcx=7r#W|{c)33KxFIma^IX-UvD;tJ+t%6Z=?LrzyxF#r72%o|HqoeUCVu%s5C z`E%^cgIyM0Yz@5v(Y6??K7P(6Uw(y`VJd&EJ4j*J+hJ&xQ-OqM>wR6=X_dKZhFBrb4{%Pt-&G-nn? zyoWhWwQ)U3r%6CJ0UEMI_g~u8KjBD#4zg?b5yQIK)YEo`cTIX=lwZwJ3x{&K<-9nj z+8oxLQ0o_d9Y}n$D3=G!tM4>peO=}9FTiwN;v8$gjn?`F@i<(TMo^6mYCuTVCRDvQ z*JgE!1wUH}YTtyHx1MUP`}M&Xw0j~3A0rM;ChmkO1Iai-pRxJVQc|i6juTpLjMy>V z_UV^bO4c2d%U^Ti^ACroE=7GLPTCq=J6eY=FDqcj9G}_e&Ap!ibsSOMKdq$}*yyXx z7hXKix67S0sAW8Dn5&xQwlAkuCq8=Z33pAG2Qv8Do-Tt?gu)Ik%P%<-KD@7$OK-l1 zf!6NRJrf8clCq?)%WG+62A^G0CY#&+4r=6ElzfM;Vkq`Z{Y(_T3tTjwJe7cf-LiT8 zkJGZl0m{)Op{!=<30%d{0n^hJ8A0@y%Z?u^ujw?0y9Qi1DNj1(PO{!Cgmg)X{Z3wE z4&Op@tnDhyi`hHYy->eg&~(A1!;Qb{dmk8 zlbt{+mU>o3(@DBV(<3h|N*x#BMX~qxZn%pYfu@L5ry%wlSI?v*y(8uOkQV=UCXL zHnH}XI5O~E2`Z%=Ap((LlpS$#Sf9NDQ~U;|jM$7yy*u>3d6IR^afcps2?z-*I)%bo zI1R#SUV|EnDmi0abVvkVQT!+_wu#k~pJG^BoSkt58LCsg22J&Mhpq}3Y;H-Zrf;C#54wNd$vXGZavcT?+bmD?h7#(or%^W%gOY!ZLB{b@F zM2kUC8~W{+TdBByEO{I|L%+MD^`@_l*7ONE3KyRK2*`$u&w+T(0X(LkO4vjn2B2z5 z8zRZ+Vz3N^F_{S42+2z&NgU&5KWmLDs*^V6KW~FAMgOPLIC~bN#in~%Cbm&(iGzGo zao9a8p-}9+EcDs>lW>ZCw^>e)_e?p>Oftv|93fL@FM5XzCQEeMEQQT=J1f6=Mgwz8 zZ+uK|9cX!hXGGp_Mip#cf9n1X{C(@+c#l2#`&Ncl1Y3u0NzGEqR-YQ+*kl^UUDI4B zgU}59gp_5mqk|J8rI3XfNlE2d=B6`{g4%m2|ECN3cet>OQ?o$21|2ogsY=xQvZS+R zNv>*>*gFJtOQCh}G5~U;DontV3ZXESZ0sZ_L5tH4tw=Vt^AV@DaIdrHPN&(ks$MBr z3;F;lQV20DBFNGk;hR<4p+Q3bNujLG68&cCUPSOx!WV{1Iz<{Hm=0plj&lWlIa2Wzm(-;qCP` z5U$Z>(K@2-A)xNI_Dk`h0A3FnGf4IWjvW7?kbS60?2fB{aBN`Ege?Po-9j|KQ0MkF&4!(Xpx9Z!($+|ybL#Q$cK~73az(0>vKQxri(<0$KOF0 z3jP3)*1E$!Xj)dNfq`py~}8HoHy2hR_}g{o0-=$P8)ejf9?l7gsxH1`?t zoV|DqIBGzMq;{|?CHVXh(i;2_zm;J66{|VCSdSg0WdIhHi(6{eDXcg2_-y#MTsm$o z_~9)-=PyfBjOB9H!aFI>52>(ErJDQAo{9TFwL)~3#5fsdP>}DC0)g^*D!SuqN$?XV z_N~@mm?9nxztWn>r;W?vM$kw?rpMdj(HIi>ic5>E(0jr;tsPDsuR z`0~+@syZDIG?#>#@tcEY1luQdgG+myCrfK%`S76p~;ZNorI4S)xktKPxg{ zF|bN|g2G(EArC;Pg%o!9>?J_w@L8T+Q8C8?g~vCLcV}9dbV6NK-{aP!_R)3_R5!7` zf?A^{YkI=>tVi#sGyf`!)5Iuhoqmqz=zR`R3xnuN1G>n8(eZTPR$7Y{Ro_@xc^}O) zNRO25@FwlYf0|e&8JJXDd{(|yL->7`si?TSr2xwoLx6zFDYs*G=zd|vFx_{=f<@P8 zOGz@WAI6l(oEe)sGOOXM>p!nlOI(4ji_Z^32>j1fbYU7D7Resgp7?^fYDeZx{?Si! zeIP&O;SEIA3A;|6)F>_3@5gBhSyDukZh-Rr?_QfZ8aV1dns%qOeL;^k8g@h5NEYaW zzX8zHiP;a)-i~%&nYd4H+cHH8l??qJJ~n)MDu8ivnfTcSO)eEzEYtrRQn>gR45bQL zzwZVUwNNh0ufd%1F6jTzQa!aRWc2X-a~zte;d@Bs)YqkC%d1zdfz{Q6yGBi#rihBG z<++yq%>}oIlPh5u(^McyS+S@Yi*!sjz+94}bJ0OwW}Kc0YB90KjLCEcwK~oxd>evC zM^}U#%b&smBiQ9lHPpzM5$0cldRo!Nup_QBI#~m=*splQko8%L*@S{z)Ez>ARr4>$ zB<+v3>ozoms56y_RA>+aGmsh#&e8bDk8Obo`fqm*yt~3u=*E~?RT};Rzk3*0zC+8M z8wHaMwJ)7$&uQ&ihtxGaSv-}y%t`0gUFmn>`uoSHhi8_vW@T91t-xp!oM~>Bw$FQr zG*YTe$l883rWv5L#N~qOg=3aZ(}3xX`%cn)Xb57E*=%?EX^YNroq{#H1>S$@PG(2R z-!F_0KwMivh2ajl`1D6YV%|b*MGTea>0Jb@UA{PdEo-y*Gi7NMCw>MJ>_^MXqI*$c zpra%j=XjV4Mv1ISWY#%2EfnV{caWzxzxnZRdQh;9ZVDRL-1|y|NT4H7ZG-kejN*KX z;q^~5k7$q-&qtS$+m}|hTLH|TL>t#R<_K)h5SCiIwL%V7;wQE51^PNVd%kSbW#&E&F= zfm_bfLRjn8%CEMalk~bSTWDzzasIkcE<|s3e#Z`SrDUzG^?V0xCcrN)Tb2Z>HM`Z^ zUn{NAQ0vs9SIs?6uhVFS00X;=MTb_6McYP(i%^0Ay=N4^ao=;`m zFXylK8w=|nnCV)%XB)!an&>vHcm2`f7g{`(-`0#nEFa9idDe0moxztKzCBr7B%V~c zKOfpGqc2=61*tBO`yPA#YfxQ{lS zzMacNSvsA^zew$Ul@$yemAZX@-PJt#adWyz9+)zhtK(}MUrA43`VG&s^Mk`t=`?%) zFuwYVclz4E$}H7(c3tL0_f*ZLRQqgV#UZwGjO^f~A2MD%;bd9dNGUJJ1fSBHeUxF& zw(^6!gZpdvWJctQ^V^CiUzqlI=tyh{{K2Vl_1=BY)7^HE$q{Xk)=W9l;Iz(I%xCcU zeSqGdFe(gV)ag|$FpaVr|B95;olk~TJf$sM&KY;-3+e0qfM@_tIX;uOb}1yM(S@-0 zpANC#)`#A%TE=c|(wETYn%~&D557irzrJW>@$rTC{el)Tp30V`7QV!dlM6v~SBE^d zwx=$*dBy{Q^rY@A2|INo3h7IYGwozRk8X&HMDllVVITJGyzPg zQd8dMnR2Eeolyi4*?TLw`+ss93Wr)OwKW|%3@VC@FxDkDZ;v*ag1LnA4tfCF|&D@L^Bh zxxH!gp|m-QJ{P^#)VotjJJ<;AehwgBoMA>1u5fqb$TDkdx(n7I-x@B`;(kpv$@kzu{vQ~g!GhvBON{ChxZmko}#$7xjM7B2W( zSQt7}VBLgp^D^!H*BQH76K)VL1FQ>gBquAGm$qz1Lf*$w_Pn;yXWKAwJ+)VtzBKBl zTxg@H4Pwmj@y=aDdhVvP8NIzgRXjcggDQ;hj(^T=qkan-_my$PKbCvE*=QIa7d+S$ z2bi9L0Am#`%kF$tsK<4r8~pz|E8T#t zXpcil1E)yl7AIiTxAJr))yTb>jI`WdpxC%X2e~Vo#^B|i&MeS&3755vdoX7F-l{mP ziMB?@y~_)y=0)>>fPBH#bEWnW$R431c+owC!(HO{ll^`Iai6z3leQePbaq*bdDFk# zy}A-+HAZ+)%T`yGGF3KWbYbrErvP-Et90B`HHqCVW={|KyFq5C!=5^HJA-k&JmGIG zo5o#vB(?QNs=wBxA~LEgJ=#xFNk<>zhR9Uf!rE4 zqFYSwinLgS3)UR@WgWSl!QA-BE8tU1SFk+Nu!eDL8-71nsyn0pW%Lg`4;C`JrapaX zc{xSgjeZ&iLh;h+j`2Hm^O&JI(rSjUip4k!kx>Y9E8nkkQ=EQ$H2aou9nyh$>;UoC z&St^db1P z(qy4xQZ@E~miX%2>DIOm4w}k+=i`)_=}Q;rWzgv*r}|yYKFm~X)ez#(n6kf2y@IGkCec2GJMXbke$UE z?eOpSd6dC6-r;rD&S#pKsutU)2SiK3>Lpk^1s>1Y0~o3YtfCI^+$&ufk}#NKn+~7; zs6nRIjsxD%Lm)-@XZlZbR8=J<_>=|p{^3!RaAE!pjFiJEkDzX?>^0vKF~4&S>33@@!wu zu9iL#cTtls7+5#W4PJW;yUcV@*&yc$yx4A00=IM)MlV!Fs0`|;i_uLf4nrBCDh}Eilh!YXEd7z^DM)7V{oPwQjy$DDy2Lf5$VA!iNZ=Tdp__^I_JM7 zD&%EL=gd|##Pc3P0xY`*_+9d6O^hm@J>C5ix^OtMVDzq8m=TnW=%xU`NJg5%{c2f) zXRIlatwDhFz}`V(@4kwG0k@~#Nm}k}%ot67_esF?>U~r17oIb1BADBD(I0UeX{+-z ztIq%G*-lRO7K>Ut!9J}z$htC}Md3bfAKWvVbr&%cTSbwEi;H`EZ)UN7fOFnoJxJ&}>pNd7^XFQd-*v*WO`RSy|i_dK$Uf%k$+Tr8h$>*YkxbH)oK(agF8oZR)#B`ntQtrt=Qvos)7}K--)1e*GrK0 zkrS~0n=-YCiI!7AEhWE&#*TzqGm}bE`coG;vhc>4i0%>Fe?muOvv|ou<;W?Y#TWs0 zuzIww{q>a0hS4RN^DsRi>TV|%yUV8jA%#3lDcokx^~;=^-iFZfPbn}7SGSi?7+H~a z6ZC2AI(_oxfZY5<@wg7=g0%%;^EqgfzxR29rLA%RZfSix-fyf_v`&$U*pJeY+HPcZ z<{~4SHi4}8#@~^$?U9mTwbj}zo!q_@9iOp%cHicz#c0qN&74JT>D^=zfn!(8#%++w zqqDHrK08XS(ApK6zBzE3#O?R6JR4`TN?7e zd!(CJEr9BoS}FG7JES|e)_${7t{~}eqR*%t?6&UmpGjaD(ww+E zSAQ=1Lo@StzN4=Jfp8})E3vQVouR8QV=F={y51$+#n5xJ8gpp|9$sBjFCIYc+N%~l z-V%OFEL4bU$nKi)82W>Ch$WO%0%sn}0FtyIzHF>kIyp2?s8AkwRO70ZC}g)wi#h2C zvJxYqTDW9S;+Xwo3GMvcn)m;}G5eKm^k&G|@x@;v9T45+E}GG6sz&6UUlDu?V+p^~!sEm|H<}+zi7PX0GOhwnzFWvnr2a zM~5EN*mR4U^=ER_vp9_&(jXpcIJI2!veEVOx%*y!o5OL7|IIPPgkDZ@;GtM%QqI&?lWRsC%YHM~b;oA0cvadu z&qhWtST+^fMS*x&50Pugg(3cfpU4NNvoJc!l(6Ce_Q!!N9&aaWdQ9G|CG;`QW1O)2 z!p=oI-Vg(nKc=X=4>nHr)eQuQ^FANTE*@QqGoeF^5|5hm8~t0uid!SL&nH=|(kfu> z{c@6r3C?53nATsdQ~0;Cix~l5uCIfYP&mgR2koR0dL4Ibsk$f_M~Y+wt$OFa_JO*a z|9uAeKBT>pohmo;e>6Icmq6=+;m&5rF`YZbE8p#^|A6iLVEqeqau}5HZmV|)K7m** zv4Kv*(CMuCQnaSFbN4kcdbDn=KBZouDX#9s$+cU@_me>ELpSQz&j+U-O+3h@R9c8& zd=95QJv@7CqE!JEq37YOAQa&@5}0N;r?PKa(y3o*azpC|L;Wo^6G{=UNIC;3E5!?@ zV!wb4Ft-}w>cyPaaBc51cB7COe%$&U-q+%)WJDS(Sz|u^&IJ*8|a6rBW(X4>Z!Lg66qdg4%lGHkQp?MHV@ZjMsG}^Yjco=)~+A(I?@-MJ0PtI+uNC;low;pnNqwV>lcb1qx zmRxN-1f>f+T;@QWUwQE0HLo(&^%{}mUr|4WdK$N^aKk)Z1Dd?YMK`ywWiMM>Z+rnS zTaP6U3@;A#UQbh78_PdjxPZnPI)R7LtFEpRuCb<>jr>~IiIZL#`m)%ihv2g14EzJ! zypWqW{1$|^o-6%5-T1d(pNd~=f%ntZh=`G>)seS{f2hPe#=`&#$v?gOz7H6U((`S6H6HlqPOB z{JCQzDJznepM5iJye!v~PXP{Xk8{M(Vti-t^(oDjS(Fpw5&OCBJwV;#X}f{Eo9t^? z0m0h!TA+Wpu+E+0cNz=B=wjQ6kwcLeo)41X(2={2fHLyoi`o#;Y(7PH2t@Cq^dO8X zSe^2GvY5hJuveHQxEdP>i>2PwsL5pfXRAu6Ak_u1B@-)2@F4;?Nk2~F;%!~i#aCU8 z;A|v3vc}#Pf)0XU0)0_dC*v&I>rbOyd(@8P!fIiPr1MA{1r4s|kdUKA8xf3OGHlCU zGwXy(0KWYcVal=B96DIziJZJ6hE*QbYxT)FWchf~0v7HGZej`WHu>_n9-j~vLmsU~ z1BBP%nMsWno{4hpN|D>chm~w6wUkZ}M4T)q`bCs=nz_zu7PCH^X)F1FpWeZ5nkz8T zUGFYCxT(${zXm=|>_`ljL!9spyV?HMuak{)fS~7_j>48|1nb+ib{Oxzn1M}>=Y=OK z2G2w7-Np-Nll9s)zUZAXmQtuQH@JuJIG$hvI%-D@E*b^>0tJioE4$uXfrnzAF5apjnxv?s{-Qu`ps^j2&k zRfLS0fp=fM9o6_dnAiK6IJ%YQ&2wD`DEq?oOhx;amXtt`79o%Zpw$=#c9Ic8ZjlIr zX9AJ}xsM`(L0{Ms-pI;V5lj}_b7?IWF{KwTd!(%?E(+PdV~+&ASYmfm)iN6YoLMRz zyP&c2X@o0BoRX5J^7@>s1WVlnx@^7XaTB+!VxE=ANYNOCz=v~G_&C$9CYfRanA0jR z0juHeLiZ}ND4VT~R1(5CR%K~g9#6Y>dAZTn&6!FYb|H7RAhTz6B>G-CH|b|(q9f-i zzIU+~?MFxGZh8nsSED%Wq$@0p(!aPu^CmM(Qnl(Sq-oNs73WDw5wEq#1 zBB!{ioIk*poN`vL^8WeLS3^*xy~6mS-KD>VCH!j$w3&3#(vFNIZ^(dp*ym~QJ3?Ct zG&7^I4Ja9~d@>JpU*jokQMeY@REf>u<+vF)?s~!vh#tL$!~g}rgzN*;wnGPLN_9Cy zY*(2s#IieLAgFN@TJCQf!0&5pgGWd{8gj|tho1qzGm%1Alob2;)nXtFO{WPS_1P%M z^#Tj21_pE5Nnf;*K=9)IL8Y|~OC4=r8!p1u{ick#Od%6H5R;#-6Xc}b0tl~=tW z35}>B5TVJmslA=wu3qYAO39*4DC+0|A5Y>3GD+mtokOIyMAiMMLWm=8F`U&XEWgOY z5t>{*GGaCYMdJpR%vNp+o#G@C0}*MJB^snULHv#)9~zW^;eO9s*Qg|Y{95!I8JtL# z^x5ZeNb}m=I$JRpLW-_=daJg#$Gaj1_$qE&|C?D)ICqL8IMZ_N@UEB)#2eR%A&@_@ z8sC+qH^!`1kF_Z^gt{I$ZM8U9QIu!Z>TG+xRvQP|CL(&^c8(GJM9XtjQCN+)wuIIH zc~B@f1Aw>tF(q9Z@bS#&-fZ6cq3h!OdD`?Pt#Io#2y;$~)LI9BK_yjvT~?3DLFYv- zwJ2jBmY3};MMvfBZsg4!8{%yX`0;wj5VntBx1j?$`1W!(p#yp=`kX-UeAhIZ%FO&C zKJ~V`vRqP)>$CCYhrsT1+s;NGZO})o-OT(_DBwm{**iEV7$GQ&t%FqW65nX=9a_C| zVJ#LrbJHerIO*9jbGnOQqAgkA?$S}7EXaM*Qg_;qIuB^hga|f&97`3Um#1(~d;6W4 z?Z~A&PrB%`(@Zo*HSV3RndU3OXi=IuKXH-7E#pCEjCdd6=S*;${K!AhZ7O1A$w zByNN4x}IGQ^gEVi>Ti9epGsfQw!R(9=@^Qxx>_uov3>ch^%H@DDfw#trjyv5TsHD& zNe~sBet}j6{xldL>9RUoei0SD9_9hW2aK{&s0#3!fvuiR|5hsZa#3jx6No9g=c%Q zuI68qRd!b#X&;uZ_8bhIkHa5ZUE9t$B9W|P0c7QqZu#F<4fk;~a_D)xD!A)2hr3N( z#E&)P8rm2kr891ihJAyYE31LBuZy^jOI3x|+AHPqXY;@lqQ$gqZToRwuId}N$U07b zulF;hN8Y{KF@CU}Y(h>(;?yY|g(oYz#1fvm+(vZ|CO-)wYgXBh@JcE;IYo9$1tVcR zKy@Amu|vb)m+8lp+HzB47E{Eilv#|6LRKT}FrPN#36~}DHBV!!q8+D$;J1S~Ki71o z&puXK=;ZQy_}MI|ew_(TcRQHqUxWJP=8NLT3o6Eo8yVdyn1fqk6;&0g;1U+|Os-Pv zwgLqZiA+$@JH4=Qn1#bj1LLx8w~_>i0KqftZxXkQmXe_6DGO_xm`m~9A-$L!OYaro zSgvZ4s?}l>J$PsP*3y5S-*L z2{#`)Er{3`_LakedY4Z9rZ}2XzcHQ~6`S+9t&en9OuNGuPP^Q=2gJ3CWSp8f(n$Kb zsv`nIv8HbYi-^2zGB`UC_k!FI@Z#gJwzNtT*y;(~*{NPF=9AnJlTo3q@inoBnG&YP zzAbCH-T6^~#IWMw^VVx<%Z0jZXcx?^>ATxebrfIjlEZ#7dcsp18QkdO?7DN2ulbi+ zTKnv-Sw|?3`T%6NO>0W7TWiX7KmB=VbrQXO+HTjdk0|J_zBZaY6tcEqYNVbjN;&;0 z?ZpVcD&9aNfC$`X&8>d z2)g9h_gfR*i`NW%N$LqCC;BN>wtM@OtNl{JQN|`avIR6{+@4@UHqJcjpyW^{h>iMo zSERn;j@Q1~Osmi4LhyX4+wGb9#yR1XG@wFKt`XFARaf_!OnX}5Ulzjp7Vadlb$I^c z3+sv<0j#&Zu6G+B?3}K*CUh8&g;-RNqfc~W5Mp>Cg8Xq01+;kNtT-;)d~v6+E*AGc z$OQb6Gg#Y=6Z1i;SWTAI30|5*;{5%Njn^PLuG(#%)+j=`euVlYvj376&qcToL{NrT ztT~Ai9z2kccS%Z4O{>T+Y!G3^j>Se1uF!k|tW68N`6tBPwHs zf#(k@GkCmO_ro;RZ54Cw_J7#9bzU(9?7N}Ma8h^P)e6xqYV&20Jv&26s@nXvZ=FsU zBJm7?W*+6BjdoV(D^6Fw6=q&9%mzaW4vVGk6dKz}C>d<$%KUaWb;>eZ^0xsmLj;8A z6LNN^TkR22{6aGVgVC=;^N=mUl<6j&zA~IhoQY^0`>Trb9RoshTgU=|No?={?VGNp z-Xv#(?-5k5LsWs#Fe4wm2SjFmL*g#!Fvn-)x|6XVGQ6G8w%C6p)n)lABCKIf63pqH+m`?3$`?msYvi(R%XiXmuo)uI zK_gcgvFKIG8v+hQ6IY7dJOjCo_bC%-J<@IB#uE<)y(#QD&3rh=;UWwm7F{+3e5$md zrxdCiyrC_JJma4|Kz>2w@*_jTHkx*3Nkk(k*UKP~DThcr5@m5wY*IlT(tsy^2g~L6 z`OBmHVc4+AF2DJgMC^UAh6vCzdk^fs=SN)uo@K*-$DgM2*DkeKZ)_3HiGy+KZmaGz%q^B9_JD(!} zux`fhhyBXHmKue=AuMEFZJH^xkd9><%w#R$t$-8FXHh4)la*62&Jh zoqFvNG+`FGYvx*Bd-nBf0@Wo>lc54pQidxN)DKa-@8G)78 zwq;%O{EwMaJ407WkcSUu;lFv^W{?+k1~Ajdq1`e52LTSzwdW z$S9{+2BWlOB4cBY4d(r=PLi>Mwyqg-t#k%I*#64?VxT3^ti3r(g4v3oKq8K7UvpFM zfRN7yHi<7m&zmFRiP$ps0Bba9e7HLpo{^LC>L$pGi1UCdPkOmKCtyoxO4^eeWzSIJ zagl`?NNw?c^rzD9*hny-Hx_F-x9#{x-Da|vb-r5)88c+CIUBv_%K@=JCBwi0uUYO`35$^3Lk#TDppGdae=;lLqtXUywS7HpxjrX z`9y!P)}n1d$;|nEKJ#kitJ8Dkk^LPu!`Ad`GB=8Hjy6W#9|bgRt=YlRqU|H589(5v z<`P0KQJ10wm_?KhLiX2=kWz+|@mHkAUq$GRgn#s;u&S&>7cbRWX54G{$~Y<+PA*!fUZkN`9dh?#8o}&2 z*p4)kTq@9GimI2&hRT>tEyV%$Us|iOcj_I+*}N~Sz+{9CGPHEIioPIfpQ=JkB$|G^ z=ed%^D^m~!{??>?Mb(W|q6ki~Cnb7@5M=kbF|;3pSKnb?d3<6nzQ2>!HuAQ(on`lH z2etD-ThkMAlsrwS@#aU;`E-?BEpI^dkP@l(Lnon@M)4&o{ScW>@#e25_sD@snyzJW z1oKzXz_3Nojn=2QUk0CbKzN5jh*BsV?m5Rs*lcD$hzuRfP=#u98*}Sv#gx zb;z@-wU#4#W@add6&&t`x$CLukA?ntUWbK0Dv{{}M-zEar6is(XWhT!DEp4|F)rD;;<~j4GdJk%`?%gV&s;T{ot6zt|h4RVY1U zAqpAOBEU*_+72Cs_=i>-KW4z%^~t56SMWLpesBRz>`By63$=|yQIDL-CjvMXW#Jg9 z#NJPRXa}o*6;(r|d?U+c2toWyu_MU!6&Q+TG$KnThi8w2xm2|=>ffkGF?I9hqiRB9 zFMCY0JdSPX_Pv9PqS*X#QGe2R9oCC~DM-V7mZXuMW_h2)Euwa7SLi9q+$m)r_7xAg zy)ze?F*x+Ah8%SQXr&}8uFNJkXVQ8U6Ppq>>O*X!RUHNvepQ=GqeesS2ur=GZ1XQF z(G;@Tcf5ZC@^2^YpJlb&GfnM0@y`7kFN?iZa8(R3oviaH8jH3lei~T{>dz^nTjx93 z@+YLecJyh_m+&;3-$BUX(}Fa>O;)7RsQKCVfno68|RcD8qmO_1cF4mPP zZA_}sOQGCK!BQcIuTVE;14D-8(JDDA)tqpK zK@Wo?5W`sdy>tB3T!)@=C0&13Zu1PbLXE&SUNuK@N6> z095V%0ZJ(unKB~srSMnUtj~$LsTwAO9t9S@YT_uJ#S~Nq!t&zjbJB9osPen{pt+R) zk-9Ld70b>vwe$j8a_Hk+*$54Jl_)+lgbNQ1f1nBpceNuLcSUa6R!0HEL%HPFIadRG zOkrZg09+d3Yi-;5&jyaR)xb8ML<}NmBR|P{5xPG9p|D^6T)83sc}V{w2_ag^sdB8& z@|&aw%AwmZIX?GIXCK5LyP@9|9DfPju92zA_^#r|SQ1Abwr!43{HY~h;42w^2A;JV zJJLS&wZmoEm60y*l#bHaTs-EQ$5Vvr@U!3?tT1~O9%Y%z51VzMSj4FY<6P%9qG&0F zK4hx3(Y2-#F)hpL6s@|TS*o*^=U1x+``6-q7(EpymCDMh!jdgAsK#XGsyA=(`TuC= zbtud?&5cxVNyGpHYGdQv-oDxJ z^fxWO2YOmWOk3YF0`NB5l}UwX<=_PuVqUIkf+Zv#Wb3OjxebX< z%WsHLn?HzrJ4MVdrcq`76Kd=4^A?m6+7pKwYeQ|-PNZu3SRxdeCo=z>)cKyp92IE! z?4s!pi81QB6BAa#Xp0}tfDf^PMK#!&Ip~lqt(W#S&v-p$f6Ho$pe++{p7}6Y#Yobm z*N7XkEgGO1O=9*t>X~VT6Em%_V2E z?Od)eymodorWP|4v=SmsuB^Hujz#!|4R- zoj->EFiR$W!sD3&0G#>BJ|B2gMYdG+bVSFPyX>MbU&7Z^>7LTHZm4I7BZwXDj#D~% z($o2VP=r6}q+C4R;Rowj1pq50gR%~C*>g2K_h{^Ad2{6WywwD(PP9|DC8Qax*AyQ!C{ewx(_!aOQJj19Wlhn!CxkO zhz=`~arO=$;ow6r8R?0pQw$N?v;%X=2B5e!X6-l8D`hc(~)!Um@~QlpW4)tTzq;f5hd3>&kC7HBVo7hRBPIEM6 zFOI$ktj2d$XmXZTv5YE)RszuozS+r^6Xdj6e7@c!9Ag^#R?)E?SRj8(-L$k_nwa3K z5K;GCqN2_RzD80fPT?;keP?k*1tk?tV4V1&oRsOKrQyQJfJdAC+|Y}hHM&`Igic>( zq$x|%saF9f-bcUeDs$Lg?D~|Qx&_f(zV~l3W1kNI=@};wx)2^ldgD_WNQ90lnS~=5 zKCS)o>THNa;);GO+k;)p!!N_S5dTFIOQw-=pScXi?Y*1*Ej7oqwFk2vKkI0$X2;N| zl+&GPwPGFfI$fdnBM1wvFeyNO`dJ`o!n=@&GLCsfRFi9=SwQE6D9nroaloe)NMT?r zV@E?DHez60+o*A*FuWA#|76_okNy7~LB4IwK*(2xa5=?LB!QEc4!`5Y8von}O zGA5nH=%KYeD>Vj~Vj`-qRr!iulV0)pc*wzld@rL4#4Re;Ce20(0fx22p!C^|Du7Zh z9uX+ULDKkcx2xl1&)fsiZJRkBHbLdmQOECC<|5aM%JtoB#~N)ARhH3@@O5dz(L@B7 zS$ZsYjg4GW#G+VPyZ6JJ#FJ@3`UpAamn#9df6EdNIK`KR8`HIOF(M2w203j!BAnHR z->8<7*A_w44@*#6`(0d6vC!4AZSx;&!0(B`y`x5#W%h+mRsI#aB}2`RDly3Y3C5S3 z6rRl*k_*m{VxiDci+IcFIr)f~KRE|u2z^!7`922@OJ{r4%nQV#aQSkpU6>Z*1G2~J z>8VU)Jayddj0p{4S-&w+6T2*dYx@tQ&;kE?9-zy7>0Pv?BVaaYw>Frcw7NLDzcV1f zWg{6f1|gcmb-R6JM1^5)?>N@`Z;e0g4d9Kn7rJUEv?10@4Y8Muc~%^dmwu|n4oQ*t zRcj6{v+>relEVOQL~3QbRDRi2iU(0y53vz9yv|G(<_Ts$dsx$6+ zt$r%aU8~T=W$Nr%w&W?NG)n~P=LO@;vo_$s`$rdzyW!hI!KPOUv+gIAx0N!-GUK*R zR!dJNNRb>x>k4lNI_EXa13P*aWt-afqx(RI+HBzckL2fW$9m*TJk{s!Qu7x6N~ctCxWDP}KIJ-fb+ZO+IjG&m<-q{uI`QTUmsT+U9Hw}n^lIdZ ztFz%&B*|mdSzJWhO?4c$Hgg$9su{3#ZEx@$@&3SCN9orhorYcKv53#5u@lpi=I>`c z7ODC^_@Ls6obpMNsRTsDcEf8#kfNRARP(dXMyIwqhTS8VJ2bY;&*LoCa7@j6_jf(e zLAL1QYjonXoauPTdNS?x2vcvV&a-83C8)>Eiug>m6y6W34golk^~nqTY--Cov<7RD z;~G;K_HPc*qIlJl={wCdNWO1oEM6TP(z-X=q`xkenm`>gmX5ZGitUo`cGo=baw5k*|) z#v8j|5Ln;>J6Mkmke$~T@aqo}_eYyy7=xR)u{Y16v)RkogY!S`2KZp8shz0=>d@%! z>@pSHJl6MUv3k{2oU^)KZuTCF5yzKM^W7&k$Y%<>H;*w1FH4RIG(N-qq(1HGU?h}B zNOW4tAbUhw7=xV9JY`#tdugtt?n^5WBn_< zDq7;boT_&9KyKFdMtkNg6ReUJf*^AHJC+x*S49{pf*t zIlVi4Npt4m@&a*Ec+KUY=+5eJ+%i#8tzZ~zypx)s((5qEU_}AvRzZZ&MA42KD6KYQ z3u&NbD2$<@6z*y@jO(kf5C~2DF6ryXYYnAi)oxejdo*xug0zvH6$Y11p6Enzc)Z%g z2CZ-F+ug_gjF1UHFvhX|LPIW%)v#3NVG1#vsDnu55wp{4n)sb9vU^@FfAqd5#V+DI zz-)2KGBJ$bL62_>Lzb_@-UGNT74;ffNVsF{O&4fJ3|rX#9@+Fp*L=PMy`u?Gz;0_W zMQ&}(X7OXeTf$%vx8#i5F=AZ7Db!Y2n64QyZP1v*4il$f$8g%KI5qwt7S$)M$G$&r zLKs2}PRi0bCbCSRY^YrS9G#J^gtPl??rZqwu zD$kch)#C1XAVU`*lr}-xW9%dTE4sEy@!YuYMhN~x9LqinpEg^ga-0*F#;$y|v zWxzrzt3n#gi8OW#x65FA{Usl9ca)E1Q_aL7!7k}>j9kQ(%4|R^=*vjd1)Y`)pd*fo z2pYac#pf;L+e>jjc@#Yv+TADKXh@!S3Fj>uG4KdP z2gFqkUGb~Uy8%T?oana4G*CQTlmp?+XRFf)b5PliFpq09?k~&O@9Mk>HV8v8+OR$| z{YJI=2LS$2u28Lx=HNXUNxd1jFG6a8#z9}n#IQLF5B$HYQP$SLf& zV`xcSHqnxVl)^KV;!EibfljG6|GZL&yDjJ&bSJZ%xS?+qR=R<2iOca5tX;92F5>S+ zsJSV%I!6O*hA1DXD~JjZLS9g-+F!`bFCnCh^zyKv+kK@KeFjdP-)%tPHv^j)`{0PF)&wk|0d=#l*|Kinll6lz9Hjva(<>4f~FfHIT^;C;^ zdGoULq{Gjj${(|H6Gmco7(V18p}nCp3+wk?0fisEiPeSJ$uL6hBo=hvozJr^N0IVT zvA^;+%m`XA-*gMuh8=v2;;R!uuHq|eq*hiRL+U#$uAw+)Gb0!gRLYn+WhSm*7A*-b z#CPhE4Ey_B^#GRSfNE&tYWDCC=w@7%t^dGpoFeVmZ%owL5mySui^WAoqoEzA8AfmO ziuq^mPJZcReeG}hjLm2TyP7`SHFT<#QX&N&WgnoTs<;@@0_|81=-}cQeuTI7vswDv zD_n9lGI7wzeP{p56Q;!J0;LptY!3mCXj`IBumG(cqsiS>J<6fr*c(_XTGYQ)^X(BcjAB+( z%P@U%&fn5kCWCq>byvtJ+tYHdVK_AT!>6CQ`#RwLCT~VSnozmv3T*RW$Wo z+FRfoN9qLxJA15>7ts8cg}8ME>LjZU$X_=g48V!g1=V$dX=SZQ`WRz=<(A_nl2MpV zCO-HmR=Y!4=ZWTXh3G+~XS1V&GB@!HTh6?z<>q`=;|p?y9tb%ZE^%vEJKw6)S6jjIa$Y)XAk9@aCn6w zb-J3S@F3~Z0A1K2X1Du(EvM*pVnUsFL(Eu3g_XOm@rsP0#I(wkn%YJWh8=Al zm^#U3m_`lA6+?DY(*5Ggdu}lgvAmudE4jP8bIF|2k=Dx|tCY<euqLNUEFL$vXSWRXe>4w8NFgd=%6jm(TTOi8U7kG{C!1vfrNy1z zM!W!(^Gfsv(zOwv;z?mp)5H}$oMNA9u)~T;35;=+q-uf7XH_0fxQsCW=q(t@!jaN2dBabs>Hs!HAbN=eg*!hxvvIZstr<-Z6aMa;d;e_pVFj$u^)f& z8T%R@VyE)3KBI#-#O~^Dz&LaiXb2BXI)Zjy{H)jN-a|8)&n;9K_|%)->qR#YFvnWN zk!z+w`IAy$nd&)_!QGd{8C9PFrR7euX zi9!4T#mF%&AS|x7XQPEqVH-8GW@JES6d?QQfBZR7S*jwZJC4{ei@nko;v&$w3OjOs zkJbm8+Ge}S)4e9hju(;uS{0z`m6t{(*D-04?j}i|6Hi z=sRg?%R)LhX>G=$v6C;htB}bq(I}P2@TP#4N zXLbV0V9arLS<$r-U*bnmsz5znKAe6tD~Dm(WVOk+s`GunJVE1QAGy&aqbYZ!Tl1SyV31Fe8<tz35vT z(X2&V#PiXIW3e;4$_vhHj^P z6bS67O1hle^@xb=k6PZVZIUOnUHWjedk_t=e!hD9%_}$^N#Q`D?MU5?==i66i|-Gs z?JGVH(rvrbu9xJ*eKSPS*7NnvIxR;fuM3}-JWy~Hf92WuAK?mF+8Ck7&RsV9 zV^f!I{nR-~ihe|%_xp{7f-TSI;c8$&_<7={0~WkB?6Sx7F;+pd#G=;?xkI?<7_g(r zAJlNa7toKn!ya37{p}WSSuk#WRhWi9F=q-a{+y^cpi+FIVHji%H|gBM%<0;B946RE z79ggCzfu*}cI2#BG7*Qx|Sw2CF& z^~xvOY6urx_C$-EP)Hkb>7YnfktW7>c{#h(@?Z6fw~RNwy;<_-Mfe*fz8YXblPv}7 z^_>2UCTt(08{=luk)#H8Ad{HS8z6*m=W z{^oZk--o<9&D09mkuje1Cz>pp^d&8L((#~>$gUdCo&oVuGZqmoX0+DN8X@9s-ru># zcOI`4PJc3bkY(sq*y?SrJySfnl}zT)kU$r}$`-fji<=~nHD%&dzptY%J@U%pDj{bN z>vy42Ok1Fax%wuV$UmX%lx7Z7#^d+bp8l=%fC`akvUPRzK+SCIQ^t)+N|s-*Y*jes zkM3<}wiDKQ)3rkl0@2Jp3+{63L1K2?3B1VU*Xo7^fC+{%$L%|vxflPGw()ly^PP9< z+g(m!db>|Mzr06T4q$OdkKU4qfxWJ5J*UNcz_cST`~f}5Zk7?-oC*%Tr!uJ@x&V+< zXA71(DIF%x#57e?5l5iaRwlt$MHyKk6)}{mt+tR{OWIeSN2aX!R{|Qkk{f>0Fl(`4 z?@aYU2wZpl>DlV&Pcn=7SSom1XynTCj;_dJ_+$kpF0b2E9=&FV9zDx9FL=%$d0%yP zGnuF4AowG~Zzx*{Ksw!cpDJr_LL%_iCBEMjC$A*hDd;Ls+*EmwIx-P71ahXYp{6Vl zdkN+P^99cTqzK=sKYt&hYX$ZF^toF?pltYl{cyAMb*CD1E6VzEqaGf{-Xs|!AGVS` zsaRQ%n0Ccv`%3qE^Hv`{Hs_Z?9*yWz|GH^4DxX*yK43>n8hx6#R{2#>W+q4c7=OPC zq6VkaV5a1GFFjCSZz%t}H7K;BcY5Desm&0H{#>A<6!W}+gtRk&`#5g$9mh~7p3_`W z(mu#uSVT3*B0PXULK`+sjWDC`E6LdCzoxjT41I2)#$_SMX67CUQnRi<`C#dfF@Z?N zsjeLYgoZr+{l`NKN@^*eUS|9&$6wUSHOaZ@+>6^UT>C42kfHcAJM?LpDq78!%Fe88 z`XQ$m@oDp5p}NAlPD=6icn@7SUKhO3p;#1WIz;eN+y-Wboz~|H*$7<S^u!?TS;#M~L9zaKPSdWFTXnAPuHv+Ee&U;?|3lX`W{2iV0IJ9u>ja7sf8E zx$ojX3n{78Wv%@W5oJn|)SI9)1>ukSOl}Ab3qM+_5=f^2|rlW z9EyTt{)GM)IYPh+3xd-N&;2(2wB5r2sl3_^*p4K(eIdFQ30n~Ql+BJ&BF8@!Dt4#y z9;o^%DTT8ltdo>Q2w?=qEc)m`)-Gk*$p}H5nr{in;0F#!qvsv5QAfkdjm@zwmaHK9^*CNZcoC( z92D+{;h-q|wF9S*6+T~i8 zZow-&Q*W~p2dhM!KU&!&ue999KzhBeuB0}=0i6)ZJo%R02KYZB;W~M?!eR1(G2VEE z>J{!r%<2vNC=HkY)~7^?c-KzPKGu+w>M;52d~^iC;J)WDkwCW067R!W)^oB;eFE)|dN3#- zmNq}6jHO}aA^naRE+`tvK4z^jsSEk(MYAv`v|UmGO6#f!JvJZnzz-0lX%qSpf+xzM zjl@$IApYXO5n1tKC*f@~p4R#8Fs>`|o+x~}X5KDPzxr3&k*xuv_fa|F(vDDBMjb@> zR1myUkIfQEN=)j)IFCN|lCk1?B|^VZL}XLz50m0JE%tAeBy@tnOjQ#N#Ut<{^o0Yr zX^Hv7!`< z<$s*u%z~uo;Ub$OF%Du8*3j&IX3~g56$Y*ot8{(8-3oDDiX?#j&f*yd-bxM3_iJ)9 z)y=iE1f9fnykRBiR5mdC8XbCtbypTQ%Hq;v)Gmx)FX(_$@^x&HC`YC!gn|GT__SN% zNJ~5FlNotetWj3Ht?3POZYRJmn0cpwgy4i-yxGv-`?Z;cQrx<+G^Q?(QaE@7hzPlA z8sMRo%FgGvNx)rH%Yfcr$$%+(`%i+=tP@U%?os#_MCW#DUYzn>tNirSv|XM0!^Zq- zW2jr%kBh0Y#gPeUbagXD8(#UviKJG1+~mX%SE-`U`U@l3UqcS)5vB|W=^}Zk6X>y? zOCL@Meii$Bu4irTWC0Bcs^Pqc_|c|MEF^6+1_eY6ia85sTT5S^aIMg^C!~O0Kc$%j6 zVQ8gl*KxwbYLy8&=5;)6mF!dl4?c|=EiEZfbp6GXgSL~vHM>J@Pj{775ghNY+1SnK zW27vRKRdZl?I)e+(@g6npYGR>f4ua$=2#L3)IQ0l z)Au>dVp4|%#z`oWi8smh5++AyL<7)X%)1%I_6DOhmHs-i%YE&0{M1)Au2 z&VAw$NAI5=cR&?HKJ;o=WVl#Rd?|`z5pdRl?L5n_*HACrQHx<(km;e!Kpsp}cE0fp zmXx});cg;5V&y96kNueX)>Vt%oU2rlcU1V=f7jJKhOwX+IwJN9s>N56oY@STB^n-3fv&KgTPu27Ec$ zMH=7HLe^BIif9xBJfAn4cG}K6Y$w>e*2af=*2};0l}IJ#vRk4C<%cB4hhUT@l*_{E z%%m=iIma5DQT~1Gbp5!djChT+B2Wjc(*S3;Og}qSLZg_}&J~^!Ub)7Bt2~+g5avdw zfU)(f1rX7YvVq_Um_JMz_ZBp}ys1CJPUvz*q13N+Shs!utcW34pUrmHh8c$q`%qB- zB`0<#+)=)y_GJb(?)9UV7V5@VCTX_3{rq_-4zFJO*Wv|3QzbS_6(_4NYi`(FtWj)h z#t$-kvO)Zdm4RcrD7}4Bq51`0HhR0k-0yzpe(R$ceW078^u&JHu4mq!6HOm}a(`#n z3xw#(z!OI!s8Eu@nbt<(MW8qcFXCxM*k`geyd)5#&KDpia=s&TdM^Q~LirD4&x{mH zi)vG*w8?Mg!5Sr|pSN_Sy{$_mKH=;lw@i4KS^%^0MWgCXnOa8j$+14#*vI%M+Ved< zfbW2BCS*C|mg)%A!pqPupiT!wG^eh|e_j<^iER1es>KM{B+vDwltq;nAdV{QgQNz6 z`+Dr-7BNJ3YFG2d&(2GNu2k$WqsN<`g$s&z_sXFVt=FZs@kh>6&(E|57LC0%wlU?) z6YdY&Cemg;#y;NMg>XmoOp2Jy6dAn0sAAea2kb0s^e8oLLO?13=GY$8U%&07iJHQ7 zIkMLfy}w^wxpmm08{6=4^SG60Qo`;KWdMb=6VQXj-uy*zGA?(S z@Qw(s#q!DQ^;aVnnrSr@$HSGYq@$%3NqbP_0oD;O$3fjF_+_y3sNXVf!Sdn9W@0uP z+JZOozb=#U$L?K)5^?BwnAYrmw@q<7bf$Bb^nZcZjgi5P^4rXiT3JSoaGM`$GnOfC zNbrpGl$d-iD7BCSzLwebcS$V5)Qt)Mku;2RNYh^p(SaJ|=^0k_@J0&g+R$;$8%__V zvRm=FM{@|5z}-$T&PiSTi_`UTn1M*s^K>(PP8)LfZ{{}5OIMZ=864E(D|>e}N4Mf? zUrS@>_vCaX-b7JLF9RD@be9$88FOSZojHsVm>qz2YOyiKL3Nizk@20={=fZHt-U?= zL67GO)O@R6VI6Wie=!I#A9WCz6`r|K=j8w7O4!oO^?2q$Sf@QZ!9iAsARavolmnl>x6y)$wy>@$7VPgBn$2k)Y1 zU>?_-xjSqKkKE47dargofXxl*$%~he6@m5gr3_-*yXSF$K+vF3{{BlV)-jcJ^Yn_2^JnYakjiVR4T&>(--;XOIjYnRF!&`~I5YeVhsw0$1v6 z*5K#0vZ{#L`DVW#7|hQZQ<4?!zxndbKo&0v8Kk&58Zq57p>UC3V3xxYoX z!C-+u4pU&U`=D@K4^(HJrJ>5IO>UA?=QWH_=c%iDAzdgwlXrV8q{C?#fh5a+%d_!W z$#nJ_4LMv;Zx+ZNV1+rfpdUmqaYu73M;FSZ`M%hY!i{OuTBUAB7#XT?;Nzk_yqW12 zKUaWwOVI<>XE7CN3^wECgAsV$4#l`bT3Y(#!J+oNEcO`N(6fUk(|7lf#6`Il!;$XC z=h-tui)gnAe|=3_1O7YeOkcrW*f3s=SiBuAT@3*@UH^hSNYO(Ad{rb|prMUuBlmHs;6d~c_WZl!X10-~ zN~msW=Rh@~RLLMG40fny3|wH>82w_4mO^7FRjr9p@i({aXX(b1W9rZIp0TjUgBl)! z{vELKVgVhp0fq*2!uSiD-nq|v*q`lc1kZW0HzT9q{-6j?pYxeKUSfdgTWzcDJ8gZg zTw5}PXXjryKPF3@DEHqOat{b>NOS@nPVRF^jh(L-!(q?AU3(y(!XWjvc@7`@Pl7I9=xx}HL<5fci1 zNGe)-?MGo)ERPc^y!o9|J;nOnC;Q0rXg@w`8~T#f#q;3ChiPogmg-J9C!vkV?@+&= z6Y9PUiYdxRXP&ZB5G%H81W~;uj6oXfw=|v&y)g*jSm>e|$!n1yuS#J3N{VY$Zzda* z%=qsmFe@pygtgP^f-2okcLkdnkN~`9>L}e*7574$Jx%dq1v^aMz(g{I!SZ4WjuWPx zkOqO%`oi1`D({0kdl-W7kgM=w&ok#xFx(bab$xB4T!GP^7$NvX(|6K3uthf*=2MATvXsR|)H~Al05^PHVDi+g^f)z9TEt+R1f6@-CMaU*o;LG!V#{Lc{c%=`Bgdvn30>wF(O$PN&WMNmam?Eb~KT=glDh zOiW%O3UfJ$0dTc1RDuOCfc;L`U~>gBMwkK=n{vFZw+23tlPl>IgprHK*r#$*TNy{y z78NqNV-#}4j3L81?flDx#atEMw5G|%_7qtO+A{U!2kL{`h<~#$Hhd5&pAH9tYw`B zP&QmGgb@^l2F*$A(iYZhK_z2aj?G~zs*orWhDnQH(Hwat;L5Pf?I0xiH}VC5G_;o# zo=&I98`dDX(j`M+SDanzXE*bY%r%*WF~u_%LdYZ*e)d{>)RUn52%FwT zGz~dK`tL%Hx&A8*g0<*tbZa!emD#XUr8Xdd_mtmsNtrN^YN62FHBo(+KOfD7iI4#6 zZ%4E{q9gv$72=!iD8|=AvbG=A()Z#EelAxD0 zobiOhIZuRlLLjyWt^MazhtH|39iAud7X6h@Yu$YP?_54ESYKV%HmqI2&iW4xrSiT? zV~B@QlJXx5ptCn;Gn)sHN7IR=gkjK1W|JgP@I1eg4~x_pz=a%H{mV#wh4ZQmtFAdf zXo9KvH{oxgp+2UzamTJ4-fukg>5r}|g}d^V8O}!@Q2GY?zb(~{v@n!YlZF?0v*za( zv*-9;Oh$l<^xp3>)Dvd)7ZoT%Vw0>U5b3zVMK;!4AK(}x; zxukQoVx?Mt0{C>-BC!$({-BQ_yzG?ntnm0~O78q)b_)^WcXd+kwQp0?3AB@vY7*4N zC`di;XcQ&%@x^d68{Z*D!kP<28}j1*#RqW9rJdPNlVi+48(p0tP$xjms~Ff&>c@%9 zBF}Xs}Q{ zCCn@qA_haaqA~_Hm$OnDP`}R#2Kt|W0gqV5DAKUXngx^`#+l;mqM9_bd4-^FITsfN zX2;osJqnwT7qt$4o^v&y!JH$h5(uC+qBk5y%a3154WL!;KOl$tbP(W@=WIxCiX5L! z#lr)CRcpro{_W{i&*-1w2TKQuDI9c0f%lqAJ-}c@UTS4)9c=P74;lVcCx#SqUOfWZ zTAw%$T3rlW$i3#jeejd&qNZ9y05raY>sKAT{lc zp%FLV?ObSS6Q%jA{A@#Be_fk#8*}SHx3kduVzF$h_kh5`lNOU8Gv`VMf<3@YGV@7vkP ze>U@z%fkZgP*RZ1y39Z}tLD)iXYV~=48SjScFrt?BvumUv4~|3(k*?uA|9~*g3y+Y zr(1d2WJ(M;Bd&i@HS3f_IPP1JqEkTmwVXahJDyvTGv%0a*7S}o9$!x|;yfS@ZmS3j z`p=}8ez_d@0xi&IvDLvIV!$PfEm_nhv&o4eejX_;T#}dtYJBDZynnMed`Q}df97kV zVTrBQ*pCO9Z>=6=KCT}JT-E@Bo1nRn0!<7!=^b>8R65$xW~CQc<&-SM7`H|T7juKN zQW6*o)U57LKgatvAA=G5yw)?N%DA@)=o&^+V!qx8*U{1tGgNwR{xw5RBNCde8JpE;4^Usn3lgpIb_vYxV4gw#QJORmPrM5$ ztl#Qhf|G%%_bdE3X%6|E);AAS>cL&Ga`)B!eA?!mtYueFOsamr8a9O-J4XXM5}@j# z&FPVyD$1XF@b+)-19Mx7U+^^f;1k|BLm%kK(Dc=1Zypf-D4()d^vIYJN!TE4LRf8 zeZw`fbN-8+Km&p!nAwj5qz?{5B<4SQT`TG0V@^1nT=a-c`gLCYw}s7N37KRXoZhgV zSeScFC?6}r$#Z=EMjmlQ2qDu5F*o9zv@VI+|5@K+Qnp((ba9vf35}^hgy_bFV17mu89e5DD*9JGfI%+0k9%d#nV_=PYEA^O6$G6s$ry=80= zS#5D^UCWihfCUY&I5TfIdwrjXXjw!NO#tNw5|!5;!}UDUa9q^`4~#}7)i}(I>32oB z|5`G+iDIHMZ8KBW`OUerj=1U1Pn`4yK*Z)ZKFQ(1ZcPeT8djQ_cs8Gv9!})=lvVEo z)Nqoh$YAzh?ulA(!m|{zT?9o+(oUi7H9%^YE1VpPytI|Wr*0w)5_`zmGeL%EK#SHO ztt(0(baN6u?6&9dPk2Kn=tV}DJwt{2!N|mtYsac9oMI8q{H&B)UIL@5$YqL4>F{}Q z|MC>FX#L+>h3myyL2Es;&UXmAqPMr@v#3(E9k|AMUKx{g(*n$`*HVbYJxqd>@_XkQ z1UK*WJMN#eP>p!^M2kJ9w%oxYMLqiV96V-;JWp!yWRb=L9&YT3amkP{WM+MFFUMQT zNy#N6*&PvnJ&AxtzV|*h5nf!#%+nEXLQ~S~Is4e8j9=P>+Wkrx#4u3my!RgGGnP!% zdIP^pkNKiknjbKZyyr#C>pwL`!)y`P^%%<+{aI{_!q0?3rMGe71LMHguqb^}2YgNA_j1r01gW~TdN`Fms2U5Z{HbA5ZDns5?Vyx#hhzrLh23SWZ$?HpH zt53=UY&m(m(m&uX@eK36oiD_49dAeaaQmx0IOc9rMS;KDk$`t@rx4BKMZu@K;hpo) zJ2vv%dsc$=+w(phK6W~Cb8$G62IDJVYKqL7C7kI)~4?Dcy&BY`NhTbdQ82)0*xd zX%Jb}_cPCnc;;ZP8bx;%d^7QN4!hh@Q5|udk-Vr%l-`122YfCqybK?5*{y%6`&B$@ zFxQ3jRzviFL;oFsJMB0VDKKx?QyZH2M&hGn8l0NCVIR8op;x}DccP?UatXaFz4r70 zsgzoK{-S1^ojNOJq_36=QT~NZaBSyyJYRvcNd#Vg_2|^88XC*%T=%D4)t@uPKQ1$? z?(*0*4%oNbUIgfmya;(~D~@({cI2MO^cCP<#TMha6RRKqO?{-RF>v`IoPM`4hJlAi zq4vpw$>?UJ7_RtC$bFGj025KQrw3eU$_p?#Z*K4qCxjsGs8AU;yrclR8 zpz1LcUJghqLklIr#KOk4MR(pAz(Yq{&cGq8fRLIx-81NE zBOu=|Z)rpRpI)@FHGrGRtMxgwI5ec9A`aQ<1JMS+{c)EWE%kkl=F-)B55jzI>32OY z>Up)WsO0en{v23i+5g1EPA;fk0v99MjnTKPl@pH2L-Ral<#*U&}Js^OOK7u zqNcw7qtirWifsd^RZj}5=1c*Z-x7TX@pvm%*NS9@CygFTaWEQ{+mSMovxnw-{(8RHj7tJ<}BlFPyO2%%QzBJeoZ5nC+}ivsd@74)H#mx{ca30rwbU+brnPh`23eWI=?Le6uR%$ zb>=aqk&NJs`9Y$QsU_xC#?tM64x^YsHsej=naw44QD0D-3Rg@Adq*kpZ*&h>f>;!} zUU>X}3ez}xs&*Jj`4lFInd(tuQX&{?%(6Y+XaxtkRns&CF=nah7wm&K@mL9@e?Upn zoUC8BvGW~gXuyL)=%7lV??w(F(hqS`_V9}^{I=>1Yj=U95s7$&4wexMT951^)u$GL za(yDJ#X%8Dw*Nl-SL~Z4NXGZk(adnJj1njA6=1~=A6?#mrl*Ti?6Q!=q0r1aqK{*p zpM{B=IgB-;^A_<+a#J);aJe2x?K}Ql1r*BPJJKw2h2E8M#rF3WUv=>6s&S0BBI`MQ zD3o6Jx5vS&q-Lijyg0WCs7)+o=4x z@JF81!jMyeouQvih$wok1K;^Zm5T^TL1-Am|30^`2gxRbw=$tX97+l=s19Hk7FSxN zW*i~4z4~Tr)b+9ZN%7ya*->1GhHLnifZ~&HluaB{$H=SqEmyP!gXSFRC`ZU(Y7aI}rSjf^Qcma&3?SB!*lDP>8 zv-#Srkv^!pcEYNjEA$_&;U6h~G5W|W#DV0m71GzkYCS?)wn8n!{Z*4gK|KGJRZ2-! zO%5l;Lz}}a*95!{{vU3qsA`0RT179q3Yh0K!{jbOgWcAyR|e%nDdj0*9*rxuJCCwE zf1IN~+)+|MDi)$3vHC!Ke5dA-qy#M<=?is989+DP{ZxQnPb3(FIzbl+-Z7f*Skl`J z?uyCcY2mX?Trk*p)!mF&FM9yaJf`d9Zv08CTCd6K51BIT(H~)k46-O01rDevm$TPY zbqP-AA4l<-RuOyEB7I2e$%~3$g)I00BTEPI7sH1T4_B9Hn;8Kmeg1i-$S~;od2|KT zoj8!9VM8+|bcUHX+!;EwDoCNnKWdahEeg+#KY5<5W4GSPz8|=b=mLMlDQ8mg@8qEd zsWdi*2lZCX3P0Qe{5u>M*HmQ3;1UBh_}C}c;7;A2RkMRbX?-e$#|kTzjE=hLFk1xQ zriW&;9HsDw+?C^XE~12|nMYpG=ww(JF6PexHPTKl?P6H^mKV4mN5ck0x7Uw1NJ{*t z=kOSJFui{S$gt_;V71`;A35&Qwq*V=FXkBHzy}AP-3to_7&Wj8q!M_=UDT%vKM4C+ zVHRv)Jl_ z(0?hhVQU`}nclr2$aMkGs|-}_NrP@Jo-uKxpKP=lf&+j4z^0lQ_E1=8 zzqUq*rm)4k7_q4XMLTnAo+D7R$R@<-#AJv3tc#jd2h+9Xgs0%ZLt%kg_B$kEXRAr_CvW^La5FJEy0Q+^b_~lge0N8 z6nx&A$%O~{Zo3BV^#%Jnsjt)b`zAhw)V_nCJu5DeVOW=he*i;FJv=T<1>G-tQJwUR zc^?FYs3eZdzVs-h4iu*sv5j4pN~be}?w|Fy!mS-Fk2coH|3+g$E({ic+$Gh;F7Ve2 zs#3*EvveT-650db0+o`xZaB|e(_-!ZEoU+NGdBjf}F*C zt0jNvAti=9pcWoMJf;{mOItR}Ut-DDN*#O@^Do&{WCUF>T;==$1mS*M{3iS|=dJy$ z$uF1+3D|A&>P;~Zu-Z209k7x6czMtDWqLW7qS{lUkhCRviMXJr4*qaJ54sTP@~4Tq z{jiJ7UZhtN`3Gt;_g2OleCCT`1gr#dV^8P7zC%$mfwHOk1Y+4$=I)YkxP_$9UFyj^ zd=3k=Q1Y=76%My%Im1iRzcmnm+a|dSn&RaFn&O4mrU_ls6^RC1wv51bU}kkAOL3&7 z`7+>}Tg}R|48pw}t)Pn5SIl~hVR1t?8a*nuvglN)IHO0fl^;rdP(pXARjy3-V(LE_ zc0K5q|Io`%d6f}6%iKG=rJI9-?P=)#2Q+EB9sZeAvLEYGwY&oZtYg9+-1$5YoF8q+ zWY_a#s{{HV;7gS0$J5c*=FU!>VoJ;R<|Pk0*`SHoUuPvc?jMi8a%Ug5muOhG+Pmbh z=x>&9NWJQH7H$d>z61_5(cOEUJS1PXpGP2#AN$@&zW#bV7DRj;od3VE0!Whw`%Ntv zPJ+X1dh44&RRPcJYVW!H-KK5jbMxJ`xAjkr75X!EXPh!$@*KeB22y^KNC18CxoV6d zEaO!+W#O(Y;@QKikyfyI?CbsB8vjDsdH?j|xAyhla|Uda{m=C(0yK`B&q7xHV83Z= zMD-3`s};aK=HWek6CD49bigFw1-uwxY~XA(+JWwA_=qwEQxgWBbigg#R1TLk=n!Q; znlvDSy2H#i2*GTM{nsZj5XMpWe$^PMwqb8{?_v$3Agq=rkw;zI!=Y?<4=S}6YQn?O z_Sg1;bKa3-zauz;!P?EBx^yn$?pC}OB#)naV>-1syUJ6x>o<&$s`xRuld#qghHpRCBV527_>~fSria&hJG^8-u3%P87&h98&4PMt>Z{IuDq6gc=)JW zv8iWG%Qtp&T!<{+M{{G~zaFoXk_eWBj$NU|~+glEMX-S=_77qyt$OiGq3*B8t~Vl`=*< zc^^}aM%MCQW#7vcK9}xE(Eu9#*~>LbjOp!Uu_!4kV}mE3c1YOr|CqY!u&TDFEr?2Y zcXzjdbeGa0-Q7sD=?>`z>FzpogLHR;bb~a=cl7?Q_xtxe`#gK?H8bzLGqYxv&+Lxu zow5~e?M8xI;Bkom7M4K6Q5q1bYsdQ`SmML$j@EOie_}T8`wbX(LB?c;WX%OXVGm>$ z3m7HYQH7L^ulAR8{S&4msB8{hRziOPn*B%Yf?u&(!#8kd{YMSFfe<5Bw?T&)f$>?u zPlazJsRi$tV0)m-jlNE!g$pH6urMBTpNX91a}{PgR{|A~YI)a?fM^S=iqFR+9{exY z@VyuqWE|!w+J2(nTj?`9BRuKib=61R8s<+7S-absvkp%Y^kTDn#!Z8`&V^b33Fy{3 zsRpY|8zL-!7HQH2RmVCF(`p(P4&Jnvl1wxkt z?T3JB(r1nYg_OuSW~9l@$V}fkK*u%YA5vQGb%_jjbNRA_O|vOI>|ddZ<71H=T9jJg zh%nt8cPkhX8)B!T7taMF91 zvlo&{kg0R5z2El-paX|wpI_9bI(+xWXi2&ZycM|bi2T7EcW$ZmFC@a&(Gjn8DNVv%-ul;{u|y+gRJ zMhatLMWfKr)5rfMyHS|q%)X?krDlLb7^pe~2ONl1M#%x8a`lzd?u|(FsX;^OK`;qTnhZ}1z-v%fz$pg&{$Z;J~XpN(v6qRa=l@Z$Wc>Jlg{rd zIcXnH&%~35^k8xRIy78aDfF5Vy1)^zKa~VM+w^z|P%@ zcE-}Ru{reE8(=rnJ>)T2C1sax87E6Ogdn4|mMNyBMh;&VOsfn;qSwUrICN+2)^{Nw zt0zOf73us|q#^y5`9iJw#W%)yyuMm*kW*tS<3kXoKEhJFmSCD3!Mr(1A_l_Fm1t*t_<|8 zDxmiH-7;i~xNo|ztY%4`MOc&edJ-f+Sws3oU16)j$DO`+TxFCkcIphrv6+XfNBtwK z=2fgi*!PY-N?KWiuRp6N=B&V1ry>Ll`+Xz*C^O@1dW5%>`hj_*=08=x>O>s|Sg(d^ ze(Sn#rGds$A+mG^BD<&_0p#5~+($uw!jyywxL#w}f+8{8q|e*QiH!a{E*%slhALEU zw*xNgV_SN^rX9!GlBf62O-5fyGo_3FbDAUm1wXx?-p_YRSfEEtOgdJzC<3lo(0m!+ zSS~S#RWiKJVydQWG=T&MkQMlU5tekQccNQ<7P!;lwe&Etc0wBtxpf;|wzQYf7OU9h z{4F^sU2iTNpRak0ET!;&aZ7fBXuwb_YWDB4Ljt%T+{`$m%Qjq9 z+KxkNzC=Y?+dL6sb+^7anf1ptDytmcD%nt1EA^wJz0i9mPwIb0>N=>MXH!z&j_CMJ zr!e5$YXS8Z3%SLF6euCG zs{zH-SzESb>^J}Ac2XS`-QtM0z#>16>2YHG zXV@!JRwW~JX+vPcUST-OH{rF?Mn8Kc9ZP5&>UU4kODqX|rz-38#D9Ek=ZnF_hyPE{ z934|<4+?>a{4;KKsWG4T@r3a>Z7}r=AHj`X5Zvx2V1!91A8?c&Z|@_yFo6v_0EMBi zlAX$K{WU=))_@oV>B{aem`w?aZEYIqxN(CKRBSMKadRIG)J6iQYW|8U_#zVQF4-;@kHb4-+El4>!ZhchDN&dxO&R_NidyL4KqYiSvBk>eG%{#>{P zYn4tceN-Byn3x=GfD{3n?+9{Co^*JL6*J>2y#NiS|6-3$>S`U<$}+6q#d$NFya7%& zo+TY)y9`qV-> z!K1&c@A2fL?vHHO8~!}y*uC~gMpk>5d0K^;cS)Rs^*4k?{Td=nM~7E5iS>- zR4qc$Qb*zU!b*y8H|Vq0+j-~g-F5&^OeKJ2SJ{jW*>nnJn8VWeH0fKmP~5t|#)!UC z;2&_Z8nq$^Ea3+EI!M~kySqGH9;prUdN9ar)1<9Suo>UPeHkfOxH?&wKb@V5@M~+( zeJ3+w@XIz1|EfT5jS1OC2RW1W10#o`(yK}GojPGJ$8Y4Y{-=`+FJ@Am z$ISA*4X_Jh)i)tz|)Kn2tKqHbNM;_j3n^o$_wxQ2Ir{I z^BnMMu0-lMVjFOI$G6V)F-uiI;Df-^4BySczMPJiN1hZdaE#>c?RtAYzk4z3^}Lj~ zdX|>PdeosgGg_!Xzu=L!wm=cF4xaJak0gNkF?fAV4sU(nAP0O&%fo^f7cV1V%yXng zW7m5G%r`ReuucoiIAom?-QBPA?g5Z{Pe^V4fwBpT6l5B??p}hVk{T{bsfxwQtQ2Uf zJ@3`nPmx5j(GYjIo!*i#aoRoUyDI_eMfIQs;)(B(3&gGuFRSqfY!`bfyVOj^vp;90 zRX9uf3h}9W>L6epIdz*d*VpgoEoIUo*LqC=f3OmKtJh@-1N!WahVlJs0`lszNy)5f z@kkFv<7&#V&07W*S=XxGE=J6QuHOX8bH{H_-~{kF*q1T6D;>!c)pI+*usir`K}xJ$ z8y}}V60MChnMqK7H_s*i-|J8nvIl3g2b3n0T>ie3b!~^EHbQ$1yR;1C z`pzjr_s~Fb1@8OMM9hk+ip@RF!{w;QpfWC(8P(+*!%^W*foP!qz8uzGmc(62 zNfP{WSn$hlpUxM=u9-ujcsEXWlk-(O(mC0Rnd08V$qpy06*HQqQ0=Mh)7$2;;-S5w zVM|-}Jl`&eI*$xZdA0!zb_IXy#*$D+ev0A3J|}-|;YGqx?Z+E50#^m)ZB9gjD*JdC zTZ=Aq6!WYODk(NaBU-YOmhh4pm01T+LruRmKDASKHuxHD;vXpChT9WqOWeZceJC>D zV$yn1H@6nj)fpjs7Jl}>?xL?~YG715^P4iBe9qe9jD13TGV&Tavkcr+y6w7Z6=Od&}+uo4DB`P~cBLK%fx zCHEbd#{k!Bn6E(cstMWm-EdjXY8;idlWR&>Vbj{s<=Hvc`3cLy=uOckwLZ>~!~wBY zFMD#AmBP)LH#d0MB+iXJZ8v*&4$B;kI!P%}d#WoVsD!UrR+>Xo-kj`A3R*TfKW_2E zq1BtOfO1~oQfkKeO{GGUkkeSI#0J#}b85m4A;SU#k#v9ePXT18HL1{_u>SJo zJ<-3OcUHxv?|#+~uf|NkbU214JH*1_)p}UhARL%*ST%n7%gG^Eg40O!EN;EI<$k2% zha;M`9OQX%I!@vnt0gEChn43u0dq&%Hi{m6;3biWg0Tf-AT3wO^ z@VeZ%2tE3j9a;!tvY_a#cOB_u0Ed_`6jO_aV{BpohUS%YX^x=uq1g(QpD-2vko`Wq zFrhOyB{G3AWN1!Q)eEs752o|G?5L0&p22MpTUhp;g2q2 zZZD_5?vqG-yd5YuQV2=EFNYcif442s1(rue2eiB$;J-Zrk2tCYu7im`vm3bd=)YY~Y0cg^6er{Ldj#tV*JjvY(cTMA*Wc{U>BWWUHM3xGUN|1)8C@ zdWkuo=%N-TY%;lTazDl(#^*fcc5lKpfvc#Ld|q`Z$HG|0ae z%xIU6%rgXo0`$ER%J788qCZ6JeuLuY^+8@pnTIh|YcHRx+aUMwI#Tu0oi8W=!dAeO zdnHn(7g4wU#r5Uxygkd1NT;ps@$!0;3`u=*m%N86wg#tcG^~D9mLUV~;O$TBd?);% z0S@Nujj@mrDnb-xtF4efrmjgk$sMz?7VsWwM7stcr3ov5qn+V)$rd$DjTLuP;F7zw zgR1F>_CWizA0YDEpv=U{SNDccrCx5WL&z5t;bZ8J5hcktInyD$ET8ov_N_4;OyR{% z96M4lf4Hx{rdwmld%hc8b^#c?-FVWQ-|?VI>B)@IW0lfR3^vuQmHN_0<_Ms7xw@=U zqyx!ZWRlz>WK5L!tw|EE%gOMU&p9^L_fzfopr^=L*Su({%@a;ZlM1Lq;q=2l$KptB;$Xg6(pk#uWn4;#>QX$8t`I1JF(-f9i3;XicKxE?Ytu9K@={ zb7jxJ5Su)P=1e8e?n@ zo-YQOMgqI&J|zWhIYzO1zl?%fM0cv)H1qe4B1-%}1mf#J$H?Y7wH)Az{?b1~vY=j2 zRrLt1D^Y(Tc6GsCjjc@od>;I`C-6&4yj=L!|MC3(VsuXz)WL5b8>8Q(^Q3W~{>C?l z>fKf2L!nejmOjlF#e-GQ`*|yBLL%H{AInb{Am2F$1X{vI)0vE0fS|f zIkadw*mTf4@eV2_l-2-RGWc0;#0)#?fowKtH?1Cm3Yd_vXry(52NtJrqweM(A;e58 zNXgW~TenAY#cH(+<^vhk^ANjDvh)4?B=u7TuWHG%^gD)U{h|`y38Rf1Eg9joj_<6F zzW1>D#!rO1=)>{py2*F0=IwySYn31mXLuX=L^02;4rj3^w5V~&k~Tx5Xz zkMeUZu$fi`$Bs(C12+hHQ!LLu?>r*-9>n}xuxMM*8bfXhwx5+rJJvQNoJUxY=nT$n zvkm+I(3Gy|!(;|1gkL^UO|#C$hYjTMhm3U}<6_a}w9yz3c^IY;jlV@Lvcn^KD-T5c zL9g$4PeV9Q3f-HHMEtESl|k%Y!Az+xx8SH;7jc~(8293AdAt?qOh--}dRzM{pyhV6 zXA`N<@oIhxD;ckQU>PoL>Aj~>a7*PcYX!x}=K#JU^!K~J7?X=_NyPepqyN$-KKDbS zfaBd_8dBd?bP^v)Qlb3ef%9AIl$$WWP;MkHMXh$CcSCr4bpjD*OVhSUNmg;U*8*dx z96W9SZPu^Lt3r{tBmAYiw&43!g!&Ah*NGNwUoOs<1v;L+UK;1G3an&0ou6r3wG|zT zjbdVRtYV{1Q&Z8cg`}q1M8szMMx^|h2}-8=|9ZQFx*jKmntc`7MxoOOJu<+Z`mm=1 z{VePjLyLgn64La9Z_#ukN3^)y6-4~yoW^wU`cxRKH^XH2+5k*yIFqZ=IAG!_m z-2^^)KV--iT7nL)C)TEa;yz=_(&8N#n}Mu`Rb%tauu;6+H8NBX2FdqgxtukWM7RCJ zn*Y@|voYQo6z6GbjBDIAn0ov^-fZ#i*4m;#e_oFo%OdY6P9RTn5o8}XULQ(H6C$N% z(C}S044#?9+C`+_+N*D5WJFy&e<5NFv9gM=^_Vll!I8zJ=r*aW5`kSQi76#(%1RpW z8ztO}b`ozwVbbQ?nUZt*VP*>^j#5np`aTW_P$Q&!6W8zSH|UM)h{KM&VWeOcsry3c z=_saIEj9aufT&zh6#ieg9OdZrgIyZb7PiePnL}`@qlbxO-zpI9c~}^;{jJri>*I`b z4D7?_QIqtZd(%gIz_mxTgDU>hhlGRgPd^=XygtW?^vZ14O=Y;q@rZ{p+QXoZuz*x~ zwz8QvlI7~A{;X`6#W&X_ZE4D91s4$)0B&3ELQj-EHxBk{9{b!F-kRF*64;Lj0Iut6 zFXvav2wMViFAp;r5J-`p?z$e+D>6rFVpQGFzrZZu$??MGp^)e}ib3G{v;@m*Sip;X zbe$jl=CU)Z3G360^L%aLQ?>co3#SueE9@R&ig?f#E>Y07S#aIEA>`@?`6TI$U`BsaQnALa&>q;XZ`HZaj84t z6E8A(Goh~AvE>pRg+N5u<@gL9E#A(1{XBj3{Fp2jGZ9j>EKONH1g$0|EUF7Fb5%wz z$MCsiin5g2>QycX0^;|s1HXf*R-{Hl!EXwOk19l`2&gl`Em#kB5+G7eT6_D9e&ol? z?l9Ci?pe>l$o&cz=>2g-;OVsGX?FEU2+={Mcs!n@wZzEc39o_?QFHRb$*2wX>|v1i zXuB4vb-M?fX_<>JIXzfDvEQ~G@USyg5rS*a7-gWH3T&pU>MI47ClZ$Y2;!h{WFFrxq7>3)9QS zy=GAn_cF&1%A}pvd3Sh-BL@+i`qNoS;JJu5E%;pZ+BmFx_1N^KdHdjEG!2p{Eg$PH|^d?{H1Of}E^=^yatb7;kfzf^(2zfNL#LNP(>SNftrNkK0*y zl4VJI?M3>G$6r|S87&VF{o*m1>A-Jsg3^XDtfgr`d_^le_cje-Q-=ljJPbyqfTmPQ zQE4&ubht-ylIhTFw!nGW2?-SRrUU&pEc<_HjIUS#CJ*=zDrQD1>L8)X7`t0xeSPqp z0W44Z2KtQMfxt#dCK${uM+=qt!-2mAE?g?b@WzZAE^ljoGkN!a-~Z zkO-TjzWTK;9>Xv_jK{al1^ssI@9GA+qi&t8o5GFAfG zXPX67Rso{0%;~^ZEKm`-T#0g_pQNfZsj`H(SgCZ5E19$^-C$sl8`ABooPUKs;1Tr> z_$rR^L8H$@-$kbvSMXcRx&Xh^SsxY>QivJD!})OPp*3x5c{~B9-P+11<*H<}klr*Y zztE*h$AK|}I;Fcef5+u~SkuoFkFANuN^_Rtr`CAC2}plHuGR?kRJdBhCYh0rxU_m8 zg=w08u@7|Cz^FG6nFJo<>Blrd`Bt_L_$`TN$Tv}IZZr_Lu2Vh(agDNcL(N6?9qiI^f^eqXt8oho8wFa7QbcVt==b4D26&{m14 zi**)G#Ef%U!-?sJ?~YjmWmD&}`Z3O_pInWlbn$`n{i~Fg5?Felg0)y-9;!)z&c$M0 zrxz>GR4G_j&>WP(zV!xrS?YlDiy}BWeqEkl(>ckjgmbE%4>4e&5?*3bM;@ve51m;r z%4I$qqxtztoN{%K%fA@jrR?v%N*G5OCYZHZpgGQ zM#M`1R=kDl@PKI?i3qWB&HJU#lB)5`i+M6D2V%T!ZG_Pj&8F*fps(UR)C?@4J`- zTZGcelkoJ%Jl#aVQ@52&Ooij)#~WTC)DvTJNtY0czHz$bdr2Z{ij+`*9tTZ$4S5Ou z6un_&8F$TS$a1g3zp?Ny6{9G*^b->_qU7i?pB@17lxWBKc}0krjN~O zM(}Y+;&F?9m7$Z5T~;G+O>iVq1z*w{*BNxTI*y`Ko$*ylWvS-Y{8|Aut<|{#Y~W?< zn!V0+2*=PP`^tkqw=JZRwAHGI^TIZ_jStt1Vl^cQ;-$ft(@sE#Vx+1iPM`zee|~zh z7Vx-RwW69*u;6=o()!Y&j?{6DySSXrG5dKr)_6H7yL48gYe_S2wJt{%x_sF$UPGd! zSy5YZDzcWxKf@ZnF%QW7iw1>J6d5NbQsD367>54BM7*r-?G`k~*y3xlJdzRmYG~Pf z@`3iUu`7!!fu##yvuvw>i*2s@^&A>7#C(@xMH`K7eU9pNvlBU0w4NnVOg~9$HRWrL z)7T!YTY;^))_WOsa|uqh)KMtG*pRIYh?t4$!U)X+NtJ~Sn z3S!8O$yo(fBHL}}zdtX$$Y1f@44H3ttaAQZw%nc`xL{hpme2+u+~;pgHF{QemYOaA zaHZ#}u8^aCuh7r&^Mh`1VHWUE?ArR0WpWdGUwpS*I$YVtAK&35(Y+qqNoG)Pfo|Qb z*9u5spuotqRHZkN%V=s-)|_m8QHSlZOJaxpHzHm~9iSNf;wTlY8TFXhIziF)bXn0s z(U?GClA*74W2zx8L5X2F$x)187>&}bzrao~$EM!jpLdspEBhH^rJn6|ZPYgt0o~Z+ z1J3R3zNPL;LHKQ3gCmjO;f!WKFc4nHvf?@b+0Q$RULs{76mP~;K=YnTOetQ}Y^`9G zPA!ZlFy$@R|8t7$Q5R7sCarMw_yg=r>}!F%zAb&{et2wSRSJvO24(kN?sP3(E8L?y zpu8moWlYQ-1b<6-+RA4CN`NUJb)^Wiy^Te=CR7OFccK!oEQYFF>9@PZh64@2D$LWC zzmKuzy2S`BkxVIoDK4QLbj_d+Rkkq%dBFemWwiDyhE`m+>P0);v~JlR^jogvyndPm zAs?O!)+O-fi8ba-S?)(kdYQI6xa2Xq?TFOxLVMw#&Q@mejOg714|XD+=A*9kNlr33CO=BJ#K4 z&RIdez9&3dyXCnWhJK%!l6CTxKt}AhQ*^G+9iYw#8*@rDlXUrm$ESF%Tt4jadSh=O zvA6A!P#(ArqDea_Z(ao5dLBOx?LM;~1*LTOJC!c%UF+ahL~B0ecQcrv%v5j4)Q9%L zpPYbm+a1cTkpe-F9qOGg3D8UAV&#&mQ>QWs7D8cpBh4@DvYc|2YnGc#7^g47|3;)| zGCOx23pT$hKMmXKmVCMu)-4G^^=X_o0i4s>?ED9@%yRS}9Y0fh(mfVei$)w6cpPA) z8w`6t?%uz(ZT4ZJnA!8H+JT9*GmDv+Ju9{KIcg^}0gR?S>Ll`_9~Vh=_N!?8thY@6 zv8uJ+VKUYgtA0q6+SBVz9F^2M>jFtGJO;_)Qom0sbaOAjpnfe*&!`Et6Y#&%#YKT3 zr(sLVC|J8LOo}{6*0em`&N-!$h2|ojMCcBX~9eUGQ zr5P@SDbeeWKT5>l0~VHd1YB)m@U3qyE-1klQvBvaJ8pqje5X=rB0f}d`+h@VsDqk9 zP=%@cd4`@9b!GKdB{^bqBlaJ0|6&y1nd{VoO=cZ+3-l&UTe*=GOIZ8v{5{C$-y`gAESM3-pn7=Vzx6FXDP8ICsczCt$u+kdM%vC;bD zm6I8hQg<8STJ63dEiU`}#SNYe%r3sEcMk_iwjq>KE9e*(-SotRac|j{#A+W_fif6IlX{OEp?zK zp&?~$fq86}t7Sv-J61I2;7f!ufTUKl{6Gnq}zmT1G{*C8D(-e%li512v>IEt$r9*s&nFcRC0_LXkq&-^>$o4 z?F`@TbzMfg)66z!!nvV3>mgTl>9@8IxMn9s11GfUTe4B!Tm{c^uy82MFVWgAe9Tn zhgOc8K=H*;Gmc|$9&yb~J>IPpr&Z)kBJv~26 zYY~ujloGLfs-5SmsoWL|-8??@;&u1jSm}+r>UB!9eginHaH3rpFm80o9kczjLH;1G zpzRwR!m9C^92%8WlROm_DN&Vq(QrzNvRQLgOwD>&ot<5f*W17TkkILv&6Dd<7VHlR zJ+r+iS3-^XxT!D%gqrRfv-n*zR2hxQCZ`m_gH>?ePQiDSy**1>(@u+%1cfO93myYp z_5t61vpfd3jVRzb7!dh+YT_ zdGFt~Cx^{OBi2`+@>y04hNO)2cVI{tBrS#sRBYOZ!nKpxEcj`3Qg++^u||R{(0ST+ zw=E&EH`OY#RVgcll!gMSVuCYSLVX@kQWGYl&7w+1FBwwgAVLL^+WLux~%1{X0;QfHo&QpswcZ6?N1-O;+s8QdhNH4% zFN@+w{vpwMA>p|QP%#FA_^S=8$cF@T$_*4KV!0tUbW*SsaG7&_4BY9q>Dyao|AJd; zT#jAuqyd+`Q_+q#WdFtvlq7q_G$Rhcv#d2kf0G=ZVjHs@{!>(tlNle9&eVmF;={*X zBS;EM@{3C*68%<$9zV+!1dHQ(abXNJcNoVLpH$-^<v7hygqvonCYQY;jeOV@D3(s{fnr=1 z|CcF5_uwx!EXXwwSiGmLg8RbME9JXgC{}FQQc8o)jA$gEuRwsSU9ie~`}XO_oq>qc zK*G=IclQBx>=$V?SlV3r_s^G%{U1~wa@0G_&F-#@a)r^Hun~O_l(}GVu z98k-Vmt`~CZw@*ByQ`NW!wQ+mA$;|iUTEjHil4}2ne>EKj@{b^sD#Cr7+Gq|-bQRAiXQgCB&pxQul~LJ~fLs6Tjm$@KrC%yIh1?!mukZ{#?kAm_8KQZdXk&?xKne%p$r zE}+)uIUxNqs8XO$22^*79sEW7NH2+a#xH33V4F&dY5x>Y$dehB6QYq5+lN=4RFl2E zpD4wdz%IokAYetZn%ZYC#hFVOr|6=rr9e*8gqLK0OImQlG?0c~Q2?y;YH(_krXx_I zf7}wX4_UIyaO-Vp@LA%VOv(N2v>EC*c^rL@fDti4)3F*xK~)S2F*>}dy=?Mk1q7*p zie_^<25E%CbX3sTf8_xSN2gr_t_(LY+*){KkMTJ@t*&PAS7YqS4YhfzvM^TP=X@O` zWixI)ddRS|ox8Y<97XA1=spiDPGX+G_7L)buh7a$oa?_50d3wa*Mg4nf$u5CX_UFt zy@^?2x?w#DXDDZjkebV)5Yd0!W?c~7#+wQsEQmL)R%wj=j7p>`x?PNxhm2oJHA&5f zRBqp>!sPg1fglP0IwMU-^m7BQH=f`%YIlK7e5th2^vm>f4t@*C$9$6w|ByAxa}obA^e)oa~}c<$NFQeP^$(r^+_2Jw(t0 zm)~^TehfI2u`)mdpLVF5z!-d@L-aBx2>~DpUyb2*HJb%}(k#|NR6tcBrzma)aGc0o zg;adckxn55|6&k;kK_|_`KoLqtEz~{4-n4ixuZJF>F?UFyu0IdHaUM}rTw+IiQ(zE zLKBK^LP6b@^0^cKGn+=hbj*12P;y8s+*ffvUbMy3pUJUsZheT`S@XD4J%NQv<2l&q zrXwo0aXA?3c1x*O27sw2h=6!&RGWEwxfjs~EOe5P*Y@QdzQl;|X3uOX)Y{bnW~+OV zQ}kpMa^wmn;|KF!UP`|n;8$Er{9W#Ag7S`#sfWsqPKNkjU1R$A*xaYvd!vtgyOR-P zHbuNn_6$<%=HE1TI;(I@Rofr)(^(v0Ii}oeS&4x7tTFQmD=e+zAyh8z*QyKC@Os9$ zCm*2EkQtkhIyhOn<|$)6z;F&H)a!qAfB=Q^QShTKS1Yx}($_MBl8@?zq4Lx5@hKzj zBoYeL+yn`o*FXO?XLc&WgZ%^J_)PEj7XeF=q?vkq$XhT3Tqxrz%s)i&NPvi9e!%AK zXA2XZ6bj#cm7JbZ0j~?r4z@0w2ES{UFr{5CM{zV1r1$*tF=<81lWT+wP!n%p!NT-m z+(jnVu57WDnVlg&>C4Jte0)k&{2I?$W`@g1!6exH734(l*CLwj@{U-go7?>u8;~pB z@di(dZE%ZV4e)f(PkI8sPB-@+te>Z!AKi+JC)5DdlK{3v?8Ph%3fRW0!?;q-Qmo7n z^No5LWVJwKQ=FY{QFKaVEn~uq1uW$6l(ddusDl%N@{{>a!AOz>0pnI|nK>(VX3E&| zlBXi4oMEoGU*lmI>&=Bmf~+MR^)JC8^yNl%z@Z?~1%!z8r7WR*19*Z_BsV~|r@t~h zwOg6It5^npR1oO)(@z#_U$wzvkBl{I-%7Un=wl~on+e~u1NYaELB4}k_;RRN#KBpr zy-&h6qMw{5GTB49T!%i3a-Bk*m?qNw>BMzgv*cgTmj-rD0 zx6cLsoT9XCnVi+(8Joq@?3#g)4tzBRcx998@2eP-FV_vsYkp zg1ZJ^TWsb?;by8Jm?xi7Lc}NL9rq&_17SJTY}$(DdQus^v)%t{&W}iQ2?qMynQprN zpO~7PdV5tY1l(g$AMo@(d))uj#_w0x^{~=PLTgYzYHcSWveeT$Tv&=HAPGj#s5e!z zlcj?Z;XE9+39aUEyBD$QTVw%cVRF^0E>qY9z(6IPi1XdNfvO3$!a6wtCWVoGH&V4i zEgg&n<37iSS&WtNI|ozdoI>X{enrh}sF50OpyxrA6qz)cRhjPvl3O(T8#f{LdZJYtv}?LW*ySLa_G7I@C8TR z0&Nb-chuH|jS$ckv5HgDQDyaZRBuH0Ewuu-0*=HRp*b^v>3SgXO;>&`YSP${k5dD9 zP`{!PMsdJ?cak_u4viAQn@LV{a}{M8)b@=jjlWA<7>F4gqCPl=y;&6I1~09jzblSc zG$t9k8>?eG)X!uGWz)*2f`63FmNMxev;(l?$uDf(C1Za4SXmR7HJV6qeBnu``n;sc z89Hp;gG3ednKNcNr;Se&dJ9uahR&X$9NygAa+T7VPO{`M3_2q}ZzhmZPSdD)RI!hi zyFR+NzV5FS?Zb2P6L`(dMNSZHcU3VDH^lVt(I*F41VjX6gCl4453X(i`tLKet*qkB zlV1m;H>^yZJbmA4%;PmTswp?`28SwUosSyDc^!noGI}Ab4`4Shh(3hN2ozOn169V+w ztO2|oO@o}O;tt^Ym5I=ebtW`_kVwRH2Km#K1lwNqhEn)uwcL+VaFP?#ubWV--GVqI z5At%hV8l%EJVIFn_eE4X=TI|N_^R%caf%89>dnR_pz>F8l0z|-Lm59xv%lPu6el>$ zJ9Fvh`R=?y@v?!8RsSgRkV@M9S?)Qj$L}%_%g{=8`x%K|SNn<)`5T3mYkJwZ5OcWB z$u|2f`L~%CF>r`<_U5xm+R=%fhK(yXy#~#?XlD2y@1kz+R^dx*fbiY11;(fc5FM6` zsV@otH5Imh`hlcuqD)V0ZU*;8TuLi5{9m+kG>{{3vuTdw?Mst+J@qo2j>o+B^dW`C^bSL_GyQ;4+W0pzLX3n8>uNyjjlG8|>xI$eFpv4F zT$c`=AgQQYOx{XutOzv17}Ma#7Jw9S{>o|BDSqfcUV7(K%Omriw6UYCX(gLW@pp?_ z`#z!+<$iTzR4ov1B-4Ip1X9P-a^tkn@Q`7-{t?`=ixu4fRIO%m9sXJ-`S3(3JH7ii zsaWo5?@U$`Sv`|*6R);}p3=tkn-b(Xl%JhaJ!_}HHwcM(@J+sph#g8OwGU2c<={CU zV8es$t6!q2n3aF6X`OPZIHMvi8WS2NJREN}2B$bpI?2v3rQF$N8fIDlHy+IWBvG1i znm3DBk5{jN3&w;{1*`-CK7OpTr|2?g{#O52xu294qc)__(3n17m> z2{v491=@jMJIt`7z~QeQi_!b<9$HINYT4AIac;Lp9c%t_w|XWE zm6rdRhW8T>F;W+J5^q61sj`)DNaoC>9XUb+RLRc=EZ@($ACTAH1pvY<^o zqfm4PhoU(jXVQF%T~6^(QI#2K!@~Kmy1RBNlos*=#j_$O{TH3m_3rzikWS);_A}4L z-5V!Fq&S(=;*VnxL3JHkIDDstsP*w99EX@btn_rc1e#&S& zGO4E(+DDeTMWmk$-;PHIR$s|&V%??H>e2kb`^C%Hkdm@RH(;C2942aQC}ElxDQXU) zAU3c97}P74dr|)(UitPif?=N_r+g@gmD+F{KLzAd9POskP>H2EO=_wrD@K!ICxf4P z^*1v@f1(aKl|c`Y{bgI-J)eTuY2^?f64r?3^E;$rnpg7Q@$W0h25*zXpFr@0lb}}q zCwzmga=9PZe-J{Pm9g?8VDILI`*psw*}Rl-gfwC<9a@tuC$529BNijlCQOmMs)?#^ z=lU%BGuz@#i|V*i43Hmlemm-OBh~qEt@ndUt>uyvASp~THVIZeZR(w zu5GK1P#35R8n3q}F`*>v`dQg9_hS~H;foStQlA9hv@$n;k z-?kicN;4N5D)~s1H=su1EQ58oX|5p#PnBvQzBk_YJmrS7{(lz0YjCC zkv}4$zK^-T2e=fJcDcVdzW%|{1S`C|*VkBJx9QnyS>^MI6J-J%wP`|=qH7UkZ5`gR z=S5XoQbJAV(bU>3P0Z6zYY2trCD6-Eh9uG^f3kDt`zxY=t)lJejF}6th@g%0mp*u2 zetzR#5xgEdBg|%@UIpMfSndQjqXc|{L&KHcEuYQ1Dz%%pL#%9nS(>0uY@=rn?z%qS z+(TsxUKAbwUBM&?QMLQf;!CUvv%i=xT^egHof=jkie5)aD}y(6m>^w_ciUP{~ zkAQ00|2#gBcfa}6VqaIIm_^8QI=pp|^3>$!t^;VPKfHSO%MePwkD^hvSJ7z3YxD}L zJNp(oO!+u>E;!&khZ1crgkK#x_B&4{JmCZW<*naaPeId+gVWta6}h2P8Np_fwfS$< zXjACUshrAlt(fP(pZZs6*on?la%;!FOlbr!MdF@!jgh?eUKR6lP#JPsZHeWmF*x`Q}@vTY5KYr#YbD}NKQ}oFrHBqdNUwJxeswm^cAWnPfK0707 zA!_&FYC%wEQPtgF2xi^(y0|UgEl88udV@wMcboEHkSC~5%+^#Jn-0~=q?XRuKT7-| z@q<&Z+|{1`&9D>e=@bt5l1BiF@k-5Id}%Wq6D7kqO|k`iMu7q9E5{#}U$%$*l|Kx_ zS&B~HqQ6B-SF=u(MI%NyB&a~M!5M+dZqUx0>#v}VP9$4uGxAo!g8uHFugvRtX?YN} zI8u++%%b7@VXg!AN*m_8gnZ8o)NlR3dx(?AF*{=Mtf*!k|to zvMxT??!>8ABx<8bu5S8|t#ZT8%bS9}@W7cBrsY_OswgUQj(g+{3+<@KTnD`6Q#qu zELBNh!DaKQa>jBXU2BMCMh?}r^637 zFHgIt>r`^h&yz#~jRFoQRa~Qv%()v&TOktFJ_?+Zn13+D0A1^I`sUIW{WpeP4#2kg zHVZ8=p93XFjew$V{M`g=37*14K>*I1dCb3Ai~;JX2JU64&-h>$si0~RKCc~rfB2$_ zcbWYrsb~4Y@S@$~u*XG!pR>==Wj-s-V*jwT@~m_KJSVT=MSr=ql2_i0h;ZPkD;M08 zHyDla8OipHKWlO}@}USIIqg&#LHXzj;bN6z@@LC>2|%guduB&81V_tCOUhJAU}UEK zLP`z`uv5&W6h3J;Xw7SqT8@HJ|6@$2b~7W3@)o;bfLWw1io}d6rZ>NE*_0JLEy0`B0Pg$6d3AG)Y{Hue$$f@5$~M{=9n0J+ z^r?31tft3xzZQjmJ;2X9Nwm(xVLPD7ae))1fy6<*9IH4L2V;<_HY6owimRS-YHuiV zPK4=4TlP!L$kB|u#2EC-m4hss|I#BvNr~xvi)mo79QF3p3(G`(&;J8Z8Rz#7bUMRcdoZzB!5Kc zgi7)0ot0;qXEnLlRG3R7qhkTJ60I*VTtx6rm3C+-ynndg+di>l97cn2NYXD9cuQ^9 zsqxObWVN!?3f8w=3~8L!s9kt(=X*!(P5By=sLT!fVF&KQXo$^D#UIux4MK4~C zbsT4$=S(~%Mg-<3h-TxV*A`#RLwZbg+1R970BEz$Sn@8?XzjV*Uq>SyEB(K z@1s0)`jc_-^evr6fVvP9%+Rqb))2=qp9;EOoNHMK&&QDpFYtI~w~iNXXtQ(X`MVC! z&7$erjF|)QI_?bedAwG|o}cGxD;7lMW0I@(IQ*Bs`k)xInqjUee4k)Sr1V?@9B)r} z8VU-{$5*NBT%M~$X-!S?zd#BVLQW5GiM) zy62aTS}`B(YL6w$!!>#I$Fgz+wJL3iLm*$fdub?ZGWSEWqfiRH|v7$GJ8)d1(Z?$|AHvq8yOgX>NhR`0hVW1Bd?}v?PW2 zn+?OM4t0^q+bG&Pql^<5D=W%pqy)tvKv{(?-CG$+e(>5vWFlL3o^oJXnOIw)bR4E) z?vq{kKc>DqAjCI;6YgUHQCU{r&rJ zm%Y!ubLXBpGjrBNh`;G7p-T#4@;hHj@AVIKWvUSAUjyg+>Mq@&d-F{tHD!;qei2V&sy^H!Qt;kA~P`URF--51H7j)76k#|i;eJT zxRDwg%XG=a%c1G}YANkv9i@PMl~!tp;7V4^QlTchBt)9LawEwz;{Hw5>5_9m%($y( z5w1ZG(YdR{)F}0c#jAZ?1u+0pu`3Ovub2{GQLi0@F-1jM`6}EE;&5~smfSY<{#?DbdrtHK6rh6~+ z31O1eM`Wr&M$)ycUC_hX8Df|5fwV&|Dmax(udRJ&Um-%i!R85OQq zkZ){rn_Wt;L%m{{4x>&}iTZCh`QQ12cawzJ7W{kV1|>A8?-tef%!%5Po!X+oTVPVt6d*0*R~ukr4UUD-u@RKT9p7`cRUTm> zQ~%~t;^WuX#AScy^fjgK;3R43Y33X+A$S-)wKdG>fNHxrV(#4^w1&pFspb_Tzosd2 z=tx=e9L+_sR<4OzP!=@BUC|cL@KF^9pb*S%rrh1vw@cY0krgK4H#?@{%Fo45u2 zBytB+C0H_!`=Vox(KQ?V%e5%EY;W4qw0IY<(VnYSgMYnL!rG&xl~F}G?;5yy{~IiT zVSiFayWRAbi6lz12uPjqz0&MG=5E9i+ zr4Ccuhw5;c{c>FH&50uE;>S#?l)mqYItt*+A&;+wPSbiB*YcH`Su4m1xtq($qlO7g zPSHtt=ANKC5|e{mA|=EbcKKO>KUen7j$@X2e@Hw=170HvN$2CbKvEod>+B=;0?xc> z_c>;nY~)}pm@3)RGi7h5Gu-M_BhZS~-(#rLKmEQevwjln6MDmvSN1$`xs>QC-(jt> ztSdm(juerwZV4o&H8einE2g2IGF^ArV*0cExw^lZ#2$S_hDN^p)Tv#ZP*4s~lGPke zao<3fij1v{&{EV(ZQa$4`SoS%!SH`ymVxSay#Mi9>0w=^O|?&OiO)Q3=)>HPp+jf< zP=9n04!`HQkA^tesXm)dY{Q31m3FhYW2bY`h+w{75O-hks^d>|3EBK6q_Y;S8^#Un zkYy*8eREjQB{Sp60Tq11-nV$>$=CcwafqCir;>lO8i+*xRqL`FgtlH^Y3QjJHNVD4wu4PKQcF&+sW6&b&Kc78Hm1z$FRsZ$lI|$;QacS@Sqo#=D)kp1 zdOiS!_5HXVXftXx;i(Xk6K4B1y)xpXof#9AOg5l5yF+yy)I`BxCXQ$jKnMtEl^2Ur zG;e+l!M!0R(v;wPri3o31e6bayy{OWk+e!8kZX)zB;Bo%e@hGGiYZ zbW9{!gq8jL0ks`|FqcETG>uG>wZ53~jIa34v`?}YHYl8lGC{Kyhn*qZQdbgs5r3Mi zfYL-$wMcSWC2}m?IiB(FEc$oD&99Znm%;e+hz8s!lCx#HNc$qJG373mK6_JUQZ5f? z&fTC;@7a-l4X@&2X8KkBr41EhjIkNe%em>V)6EE^Rd@|u*bpmO=bL*q-eMIh_PI;h z$R3_FVya?G@-&Qa(v@g=sM446mH!!m^*%S zlwy$EVNuXoM23^+TiYq5L0ZB#%Vq>4hVF<|F|67%}b zN*^kPOw;a_$f=%WdUyCEH>17zUZ5J zzD#6rlICqYVGm+yoDj9aWaR(&WMX7KU#*VBEUr0601s`VewYQ(Kt%2 zTmC|hPuJCP7yel{B2!VCOO{Opg6!FV=lOnsTHA+K9h1u8p(*^g6ctg(OT$-$^g!&q zFaGHSfM!2NVDA(D9^)O-c^s^7T-Pfb zE*zMNuX|9WfA5-3_8BGvpXYaLWvxARn%ntrgZRbxnV&HG2gm%#y?g#-mAfjq%EBqA z;MPue?*LxTJe49|4b%=P^ma0Uuuyv!Ai(<Wj z%nLcO0mzOt+#3>MgHCKFzw}Y}YbAkNAr+PG2YTu@yKl&~vC#~E|8q&!Qi9|yw0@6W zr=o&Ap0}h~X9L~+br;lQ;Z`Aa2WN+uPa7!NPiIf*a=&{d0CGYM(=KAmL#eYpyUK|^ z?Nzf}!j93^t=SgC!tI{g8SxryU+X|8Ub8j*i~&@2cjy!P>mfXS2K54TKwQP@GEK9G z+5U&G)IDbW2*f308guuiycnBYr#7waIOkfSJ`UE~1MQ)=7uGp;hJ86zjPB!h#L!Db z@>Cg83;Ec(07d9BE>$^IwVBcsE{A+t5kn4SsP@pm9pF`}VT(7a3~zs|g)J_WB!3>_ zo2?B*)L_4wGWXvfYSj%w&wj^#k2(=unk^E`Ij`tnh_6EWL(Wz$CIdeq<9Sua=?VFw zxg8}mtuh8EYAVl`yKE%JIq_K$F_q(Ba;y!&*Csv&G!2tegf3YwxpB6uJ?xNmQ(6<5 z5aO(bD9UvOi%5Kp9BE;KcCi(is8BBfo{U7uWkkcx!$eCK@Wq#m9R?>mAg1DRB7gof z&gH*0`mZBIN^8;+@9e!uls?ex#kRw%Ge`8105{hzzg()Y;aMRcIhV|A>1P87TH8U0 zA4J@A*{AlhIB_E4QBw0VQZFoRH1e^K0{G`69pmM8j2yWjX~Pg`OS)+w(E2@B!~ zD{y7U#Qk7wP>v9;0tiwz%GH<<>f4=;egRhufCUG99|}~-$@;I0NnYBSk$wB}g3=b> z)FQ+q(s#wS{-`NC6gMM`L!$3$M3Z1Iep(Sj8;0Iqw9reE9B*SSD5gShFAZNnrfQIz z<=kQ~qiim9B!HELO*Y#4uZ&+tikGtP%M<_7$$QE=rAoj%LC4moFJ2@8_G5m1m!**= zoM(>pZ3DEuqX+8W(HlbUlu5ddO$#1hY*30&$IYgNBZiR|7nvG=@{C^^kr2PQ@+vX> zh=mO7B)xo0Q@3&{6%t9hpJZjqSvd|*rTgmUWNi+`FUIu)CukpT-d-OrH}8|Beo=a{ zxjH7*DDy5LzBMl|`jYv~go;T=%Mu^s@>_-j(f@kP_GS3p>%UkEfG6u-ue9}US~sP- z<|0MX z#V)!VTZn}~IRfC?bd=QZ3y5a4g9T>6QziiL(qYLQjcsUE>^T;EO31>URIl4YNIQ{> zHxLy^LmR(d`M|ZFRiWjZYYI`4(~j02&Z2euMU`&2{I8{d>&G1EhyUCu_^g9|c-Y?m zbeSOT)|oM(BrAGSun!RD7<`_=coWgmvzturL4V|S-^2>9B)AnbjNpXR4j2pQDbL#E zG#THo7C*xBgX{M^qNC>&mmIi6XIV(VKg1#TZU0l^fE5zC&jhWiAtK=vd?DeopdDq5 zJWW@SucnbKJAFg1m6of5F7#JM0xOvhtKm!dd+@?xH7L20EG`#BAS_J62z`mmyU1?y zPw<)Aqp|jt)deiZQVs?3VF5a)bh_4e!K8)L3i?)_ zTQv)esOp%2&~agQdBeB++#jI*;!?LBTojK{a&6M)RawOPk2-?qo6abI{>c@Xddwvn zlZDSiWkGKVkhYfMqsyh{m(M1sNNc{W<3E(`{)03De?+9d%qRC9K6+yW9iQ|a9tk4F z^W-SkEeqs7BG2x!C4Cg85818C!s{KYj8VL#e}Bz>gFGa9z zW4CpTKKi4P4)stljvRqia2a)=EJlN%MEi=oj4R?O6j&7^gfu~d2^A+uhTYi5SaQ~# zg_8y#IZN}rX^`j`q?JGha?W;CJPYE+_dyL!WAMG0fp52%Mst>b77zk!N0=5WYAVKr{+|ZLZokAkdFZua40KyBTvG%? zBr$~}$KH+4Y1Did1(e4sKZn!Fl!0@Jck?Ob9V`8^F>Sr8rm&$lV&fzcYl1!4oG&*y zClv;UHQ#OIlnc_9B4BlFe=ArrVh1$gRAa66|9s80eJW7dXF!Bt1aO6YI+M+h*f+#e zE7rP#4J${?XO}ExXX0hC)1owfM>EUXulB!8#&%7Tne#URd?GRMMyW9%qqy*p0ldA8 zo@?2!e};%vmKf)MJ-QqCHM{aqKbWkvXP0nNyNrm-1a;Wzkz|`)r^xo^hwkTd?15t_ z(5(Z!n}aC@04(4GMhFJYF`qWM!7ae(Q{}@5ns#742{DO2-(6cg{0sb>1Eey@u_Y4% z*mT4u^l$(9v9!?|^r=jH=p0WocF$meFt+K^sE0PiZSqSj=A2JPJ|j{txT5`0)t}V3 zT`<4>vBzAjRYegO9th-S_=f^YIv>#$x%2mcN!KCjQuBUYIk6zJRmD$#AyNUaBV=nL zkaX^3XZgz(ZeddL$)_n70PfD<*=YgL=@Ti1C5;<%_a`D47llB5$lggWcy)VI`2Su9 ztC^}>1Wg^95n^^lN%7&(L&Drc6ro3cv;4TbYyztZ`hPlhaeyJLSgKDa=J0S}kch=V z^&6BZ&<9Ox^f=JOlHr%HQ^;7X0o9>4s>c>sK*2Yo%U{n^V$KqL)*E2C90#ZdAUPBF z>K~}Q+zX#}K0l0iaZj!tJ49x$KS^KSJ)P}77QQ?dWd}SMu|j}0U(OQs#YBKIiK za-pL+LVjxoz<+{Ocmpo7dH>9QaLICe-vK?XN%cKWo=Y)}o?Yi$(gpKhx)pjm?ajUt z^(QdchOSqeBYDr4f1fT*#(kfy_+ZtG!-p!c>OLB_%pMsbUavdMMOB|J{)SVpgL4US zaL3tQgaIoPBr8;vNyH^?DAcMTrraL2UZe}&z?J;?`H+J&>9 z*w>0DWmzmKbN4Ulk4mZ6D42o#Odpvj6j++s|4~c6E=dROG#0+#Fv(Z9gcCJ;RYTcW z4KQ0%yIOyr=-jqJsC^7Fo#2?3+(a_7a+C1|n%f3s?KdA-Huu+$3?8DDaL&?MA02t- znx`>4AGq~D8=@uKll#BsEF=hWt}5R}uTI8^6S20Q^(iv!IvtsjJ+RybOOib*|?p&&KBa=L`<9J3c9B zG~oWnSKf&YqVkjrtsfe~ziQc=tRpKHu7V)022(aVMiuv;&*>RE9J$*Zq zdDQ`CR?>_M40+sFQvr`>OM*iFk7sT?_b+{IVYS|iALLb^dDWMI$tvaMpT}|Ruc{l1 z9Sy$!WHk8XiuS8MV4$s2rC9)~g~<2<-ulaID1HJ_g-d&CqoVN8p^XVc)n#-J_i5n8 zr8$5Am_FQVPlVICjIu)BH360b-)CYdFo{U9yi8BgHRHkP8I8Hd`P%-3#&!!c!NCC# z-WzKxh{LC z`IpP#V08-~v!@|*1Ji1-D4r+)lb>h9PNyC%>Um4Zzh2rnaOyZb?;ei3Ry*#WKtsRg3e zlV(+xL_=B`iJZgETy61$P>XquTfBUxPzK=tqLlA>Ow!9^o&Ys&aLO^SB3W+dY&dm# zCThFazy0E9AdFh+h-Y+c*P;<^Z&j3h4LJ>jKP4^v~9zmf#@LGp3< z%%YYM@UFU^IhIDo9k_RB(d#OLD$qQlN`zD@kmUFk8ca z-=f171VkTZjJV#NVLW-rO%2|ibe>Q{zt}TAG--_Zg%9rJ6+;sM)mlM`{=!NSQXUbT zDGLoRj*Q&b<1v?czqpr$i8LY8@4Wo)1peCop0%u03)oX>+lt#*VggrnMUVHI{;*?H zqLmT3`ZU%g6(p}J5(rh7|Bm;xe%mjvxph=r1i`az&R&RQu^n<2p4l?CxeMLBHX{7L z31t2xw+xL+(-r9#^qEA=)$0i_=8zmw&|CvV-?obsDm91y%UJTeNPx`{-3?H@=D%-V zu+O);e7wJ{XZXaxv^vIpgJDyz;ztxFg}IZuQpYhuh}kDvYmJkk-d-FtTG;f}{*s@4 zea^G>jah9neCF|LNAZY&LSnOqz-C9pw_!!fl~=;V8Y9)3!ytDY661JyKg*q?Cm&bb zLeuC-6mw`F#i^UkAU8$~@IMJTMScv2#zYB$xs&&tEow9GP8e09yrDAM?USza;9LeB z71Oj<@eTAdY`Oyx`0@r7~>BR@i&jz~HVO86KNMmlrJ$?cll{5TGmRsNKNutmNF?%wsN0l+zjAk?nw@2S{gl71ZboCyd6 z(}_)5wgY{cYf(+6Rse$$sc4-Z+ zDU|Xyu#3@Qryr5V?Q^lE|C9qua5QUu1?joqOhqayErrgl$&0q4iZ9UUVVOJk&Hzk0 zN<+Y(iTrnual~qUJOsFP}>Z6KKO7UwTlFxEW!Om}87ojuMj^+CLz6nkV;| z*b># zA{2spco_bzpV$cqMnd;TPY4g;vJv#ck7-q`SMw6a1i+>hFNc-?ye8~U4 z2`ryQHds)zvJ@Td31O#EtUf8mf&6UqqXsd$zKJzO&Z_uUK>)R#`lMCQE9gS8_n829 zH5jjB;5q0A5E0(fyvULY#wI1^9p3o&-QEWP{26VJ+)@Ri^NmqeE#rVIW~B&fmoD3C zeZ&RP>#^bi_xnJJu41WV@syX=m&2%PvV?x;q_WVY%vWScmn$HoLuUi`68$gbl*7m4 zBJDHbrIrPrbqFvB_p|eCE6^A+q;E`aTS_0a?<7~v?TE}TzV4jO;@=F|COm6IZy%sk zN7ejjAwK=aftwI{()Zm(n=ZlBVBRhQdELW%kLA20vtGJ;S?$pUqspc3$}jSK z+YFSCj3kuf_hsx9<7W&cq8WaeYp*%%H!~7{d~w_^QIOg!@`TNTRo`(@pTA8~qgua< zQW2?*tHJGSF*@K?&(ns#)vGh{L#UL;$iv@>vd;-IBH*= z3;xUBKw-MeO!}w5GCDX=5PxAfMg&c)lvH@aKb@`lU&`!baTSu1{pip;7#am!)%Eds zy(o18$50G~@O1eKcr_Mfkks2)!gt=?`^L4DiH6WJ%v9FpC4vmRW9rS*uYy;v z;=x(2(I|d2dE&)u01z@4hw_}FbB8L#<*b~zL~~-dBXa5dnZ34_JUb$bA!o%Pl-$=8 z!5v^zx(ocrbT5zfTv1nnW+0>+*XvYbro{)-D@n#X%Z(0E|&aiks*uW5;g`9l%N)LN1??Kgc~O0D(LlK5z`2Lu z<*=*k#2{E@Wk<*gp4P>pkM{6V0AJq`lV@%n$!F~RmE)b?HO^kAH@6O%+ zx>(3}&TEe}NkkiG!7kB}bFKX8u>IXm+Vw3CLlC$)SLC+E#-doJ?)aGy-gzgpj7#Fej@ixih1XI1pVVx~J3@qw;ZO`)FMS+C8{vq< zd=r#5mS4v_zVXvE`3R|Zcz+r))kM2$o-pH57m2ZwM?xx0dU*0R! zW^UB!n=T^8R9W&+`?4Ub>gly*N2swBkfG)FKQn`Ptl(80H^B{Mf0E)!&8Hz-ow&po z9rYS1ntiQz_2?2COSi`L)!NvIU93j8D!2|vRq41gWj*n|4e7OqC-S-;d}J(2ce<$StbqvehT3JYTL1gHC+ZMI7;O#^ecvr+23m zngYfhGE2SyM6ZGzs#V=AcZgqSx$KzU-te_T7AE_%++en^b9sd3>_a|nNF?xT^Bkq`*bW!Q#W zJV>}j+4J$h653HJ!aJuo#QKif5(}J=gvx>JtRiVOaewLbe?#zl@#nPgd$2O#LlKYD zI@iF~qcWhiikKvecx6wyEG&C4yW{>K=lA`G%d0})Kk|W7$RE_6CeJo9uwJDvBLkii zP`{u89(RzZ!m54^h+g5b0tPkItjbGaN^GSfXcMFNgNyQy>p~-ID}0cxw0<_T{cUpJ zy`m*Di(VSW!?fjzB>tQ!zR%`vFvJbhF&hpAKWn|wBp6Cbqi}L9qJ;rEFft7 z(VNHr-2j`;_9&(_Kyfhsb%-!4=pZ}U%#8o|LC$Fcj(GjlAcJmp+r*Xgwl2AfkV+e+ z${g3h|3iQ`fjh2yyPclb^vIDeRhYi}+&DKXAV6R$Q@d(p_@%aX-LM?fx9L|FB#&6| zMjuslV+0xGtL5i`Lg4}l$tAkcrt>xO)#me0V2!%A2f_;h28n7OAdlYCT%~vwI39_= z#L$p+EScCZ^KdXP#8aei;~vg??-8CzFkPO3{A2WtGnQVNx*-KNn$ZmJMuofm{$Yt~ zQiL>OuWF9OXu!E3?W5>=v9`Etn!UkASFB`%zn$@E*dn?BV890>MH_C+>FhC_#~$p% z0GqL|R}_}IyjsQcP%&~JIU>|$=V3GbH00iZri2fFIhuwn@z6X40Y<}Tf25$41(XiH4=!Y zQu|qMaRSU+*z^TxNi5=Gx-mS^I!R747Wy>x@20&)b_7GY!Cn?b`miI3 zqS5BhW84A95J1=2xsBumIEdRYF&&#AXK?Eu7s0NXlPJ?@8d)u-+bNb;Z9 z`&q3gl_g{rs+aFSsEf)CGpJd3h}&smNx~P2qBm>5`J143bZdt+rKu7DGf$5C2M}=C zL`CIMn?d9au7cVCbNhvfYQmXO+p579X3Q*?c~55qxAHdnmcxyn9X+xb#iQD=3wAZ` zk^+TvGN7LAiFn%wtW-xU;L2A87j23D$9FmU%l*iKV1W3ofijYi8rm@p4Wci2tQf16 zHX^r{Vp{LIjk@(jrhdEKUPl(u{180mud)dRKy`?f%#&RK+@DG@oeUd(Hq1jg?ToN3 zxnf2)q}kCgGfT>F1UgZ6$}~n%wJp}S_lr;rVI+>uA%%-y8{(e2?Hf6 zh~>-_E>~QyV3#}6N=_c1fu#vVU*;_RwsuVqvsZ@OZ1>Lv5W5;6ngVDR#lY)AtaqRX zm;I!@lamVV;qSSd)4>VWqi7QrwkS8t2qc$ocOCVd|GgL8%e!An$ zYB$=sqa@lAH7x9(`=Wx1wf$#kASoo`9YXz>duHJW(gFdTqoAu4EE~-$DUFJPa!ggS zI@ML}|Iai7ki^^|6Jx7HPPQ4qb}4BLZV!OQd4K4*T+TZvGlz&Suw;+Jk85MbBH%``#OyypoX@m`2OoE%Bq(c}9r=69W zlPxueDiTa>j`(L03$6;#t~8jUVEoIwpl5>um;KdH{$!7DK$lySD9-iJocr)@@6eEW z=&nD%p_&5kECzKbFC%2$qS)c!+W~*{;|PMsPBd1?cxzdvC*J5)8tZ;#E7eb1ey#Nor!K*JUXnUJWI6Aq+xVLOU#-UZbFIgDW|NEUbM501Fjmb<|a- zIVD$Qcs0ZN9sUIos$a~+;~>&+7Q4V@#+)u=pi2_qAi^>lK1! zCfwua8lfe;;e0-h(YawN!l5yI_Yy4bjo(1OH|fOVN#fr$O5%;mrhTnZ%qTK1vfaB-VtN?%#qk$;aWBicE zChZC@&-+eP^}g#)?^4|5tZHxAH~?!7U-zxwy2aXa%^B9cPT6N z{|SeX5v|om&oJE%lnu^k`$L8S>wc&C9qC&QBN|EsJQ3_BrmYiX!d-@zV&{4f^5@Z* zq?%K604A!bjhn2Y<*!JOI5a10%;O_`^xmgoIQKZ;J*2AiQU{s5y4wP116D?to@ykx z&?5yzy{LcZHoN5i?#X5}}dcY3g#4=$GvB0jw@4E6f=KTVH{+p6oRa)zjxqfM4WMj*gS5ukg2fa;(B{QY z=h5R!Z|JX{h)bZGNY_d8+eDBHq0wZ!aAYpC<|DS-?4yTl^-;bPt1@VF@l0H| zR~;B`{NKEaoYBksC9Byz%+sB7ebR3l??RL6Q(fydH47yRxi&YFn&JLc*<=A+ zC92uwpxZtbnO+qEFE#ebRk9FB_IHVL^X9{8wh&LYF*0hCW9D;wc%r`{y~ukIu5~4D z@A|NCeS_3{>d%bwc>WsP$jL^IyoH>`(y!N=j$OmUkC9R`SJ3kN7N5wGY21Yq!0JYT z*l8kfZI6k}1g5INO1gNJIb3KGW)J{mhXHKOkQB<}O(ybI6Un5~vH(QsRPu@_{*du3 zjK!(H)l|}Ev7uU0HrBXPI?;X};C~3-Pcsv)!fo5Jqs(fyr@(naQ1sI(Gx{XMJSskW zp~tVV+uKRh7nYBwD-=U97E!;G+hHB`VKcPO(EW(=Tu9}$yc$UW=?AX224ABd$+A2% zQ_6x%6Fzd{eccGa$M1nl=*cvfkXm;9_V#m1LFTZzU^6#~UBz>CU6-RLpir;yirrL_ zhM$#>3*<>j1mhs41oN?lC#T{2n?!X*S}?EXYD;#gP+KmNT#jcNlV4m6MA*@cM_f)~ zG<&lMNnI3_14YCS*1uC{-6n@>`d%U!@iikBspcjN20s@Uf=v7>Dv|2k5pe7MxTUNd zE2+Xx6n$eEx-J?T?=sPyWIk5rz}TVx*`L0`%$wua4aNYreBayKk#~OK!o4sYaGmh) zuznq{2WxEx+wgwEq{ixo=iz)&9L9ExI;rP%vh6@qL%@DG21q)n&&w@vRsqlA*}@LK z8SlRdi*??|Lh|7?nHKfIc;^nGl+Vh>GZe8T`H2_3No;qEcrcx~au2nC{d;C8H*XR$ zLqK`rk^uHh^kk?zz-vsQZw>E)+Yd5X)^zF(xCZ5x%;d0}C&wnJV-+~1C-ccBgQ(Ev z0#1=*@<&E^EkGg&7uz(XxA>P*)OB=DJUa^^3R(}Z!Ys7-TVD5I@gn2zpP{1)hZC*i z5lP7=xbw?dR_4chKamk1Ve$5>3zo(#f2vaM*^XKpALnTkj)u{MAIdjUO{2$KgP5p> zylcI0e*Ab2T1#}G8TV0Uq){hph?6Y+h`P!Z>_W`i;RZmg@Y(f+%F$=>8G}zWg714X zzA~*GCZIblgv`GW;3y3U}F7Wa+4#qw#Q1$wF)f#9+W2@D}@znM<({dE_ zhKYg)yzc4imO?}f(C)}0O~8m?cvUIBNzf@0A(d^*;6W^xx=y|=NFysNO^>SM15nOz z-@H4uVj~9v6GGn#jfutxrzVMZ!N0}+wX+_)fa06> zdBg;T{)@8;p=7m++_&}}-y2em7;|Rc1SYyeE%Wx0Pok)9Dm_yWDDOa1ba)rA9Rs2} zvR@}*KEGEoQ^32bQ40M0ez2J9`U}9*XiZ26tIhx6?4@sCONm47@lqYa0W||YLYjT_ z?eO6h-{RPJqN%I57@n$kOV(jN1@NfmJ>0$2?P}FcA2Ia=4owW{z)uBx8O8~PR&{m1 z$yp$qs=a)fdkNzVU5wOr&}!`Fh8$yn`MaTn*Em&4PGbx)4XNCK!^I1UtuA6_OnVZf zu@MH;2+!cq&Y#5%esAvx#Gi30zt+i62;h(4E3?n%Jm*Z%nv9jT5?`N!SOJ`%5=OiS z;F)yK`iY|T@l@D-9?|ZX3phZ1vLdt2JSjPc(5QB@1eJ|mKNWiE7-i*3H8L!C&_5Fw z-`E6vxrn*X10Oo8w=PTo&XT4)ii$Q&UbQ}HxkaC1#2I-lDM@fbI~BH{n1B-Bi)dNm zTyF&*0G!s~GVa5oo~&g_0U?5OMH^#OceU^ZuSafS6Z~X{wIFGTw!q**DdCe$1%glm z8WLS$btobI2qOc(_Gi}4?j$u<_fG(EX__6to9=Azg zP{$hhoLL9zej~CBynsXG%qs}E@`#nIl=|$tj+=w-#?_D+7jku3Z3vTU>%1aQ4QA*1d^3 zZ@7VH;;-h!wAB5if{75QIM!aDz_t4|=b^n+jZ55uiB8Q&tN!6dcd)nA2<1}z?-_IL zkCS#GK8UBiK)P~xk>km9SzFvXc%C8L#BWn&CNQQbPZiI{!0fmH`Mg16{H|(|91^D0dMv8f$5*F$c_~`kp|0my)-In$!!Fo{KUhRTPMa(RwN##4 z<#WW)c|s^Pa)Vm`bJ)$`$B?_Nk#LKeS(Ee{QRd^crasz;tpf- z+JJw?)m+1uv=Dq`BoQ3xlM9C>hU^y?Ji#) z(I4s3gIzEXp1sBcckENlMi>=GnqpeDu@iU?aWKd?ejgkhJa4^t-(P%C7hLuKT}LJp zV7T`3ba9Z=+|kzYc)l}vdkqK!s|SqUqTVViUI$0sHhtOuUHORlEQk`98i?X2WT*@0 zP41_!;JmD*k<*AqWtzTO{7Y~lihU28xvU)ekPj}+2{9DKc^@uJsVDBOAkK!C{a8~> zLle_k`OePZM_C_F%R-fruz4UI`{c*B`O6qKjPAy7!U((1wEzp6*8spnov4-U4#Z?Z zBC`|Jh(ao4{@U-!xB!~!>4r0NhlXyI?tIYQr5s$7q0a_Uy9EL#G~7Fx=Q+S>9!Dq;l!*uM_{GjkLtBR4hj(8>>-)`f(qL|?j9 z>}6{N9z0xtB6f3o43&-TDhnflu&Mf$0)x&9CrQnmo2y>!rA5oswbJ9v5=#tDYeZ6z zY`o3ZZT%C`1E=GM^p&MPE&S#X7>>LxR1f%0hu&z|SHE%x%aI2&7L9{$S#MroDyf@m z;6d%Sql-WVlj|$`y~Wgk+k`IZQ~LCO*8t!T)VZ@{%NrOR+t>MMLwIJFJ^|k~f$d>y zM(abI<2#ZJ{2U;TasmBiH3SIX_)AYusGX7Q^pn8z!H)%2eZBzkl<0fKrIFWd_Z;i9 zw}7ZimJF_l{vowMHL4nK5~x!Yn1Ee|ZuY@4M^m3u*Za?yzg7omXLG7a9vHOW0e`t! z0MjEcXwfRPmQJ^oq-_c4Hb!){*3#ct^byxv7?yDG+SsW0%g!E~;CBwVA*U1k@b#JF}Rk2BfXKsux&7x;izJZ%8@Wj8_9gZR)f;3SyO3=*;75tbx2BHX7sa)cq#a zsbEMFMaJr~6fA~^L58wbK29|WXIrO5riB=oL<*zE=j4;v5Ny>A`IZ{xGZ=sa_+QbQ zX?T5jpR3uXb9qMqdHZysL;WS%LjT7WN3wb>cF#-M{^Fc&%h}80zK+g4r<1oVw%#8& z6&ZftERA*feQdIu1hhFlZa7>E|9%3k%`*8~2mESxJKBA2d;GFSfnpl@agj(NVq*&C z2%-hv4F46Dn?`|QITJMis~hJJF3;J>3mqZCR!bq!r#(7MO$o=Wyb=rKQ46V&?2Z0s zE`s(oc%!angRbQr!uieL!Pktb6l6v6RUO5%uA8ChE=gzlFTXzb+s)GrF6B(*uO~uY zJaT)Q{X$`**n2`w6QBKWuhi>4+7kz~RAj6PJ7og`W@uG^{SJ6MyUOuyntk`M_uMBO zS{Wh=K@C~7TH~&=6by%S;|boyKTqV-;20?+ewJF^FKfyhNw?Gji~va;oUa|B88e5JRih=1bJ+{#8tXcxaR7WCb`q3sETb zWa(_XulrEFDwY^Hj^J@dV3E&NQ=_fs2(r9&Oe-KFW|=s^YRYl!{DHB)Tc8U-vX5@i zD$l1>z*q9V#d)(zJ!kR?MiHG^J#>2KOz?A1tb&iIYAK8Jxug^hUsM}tRR<75EaEj` zkO{42)A*78=Q9CuZ=G>GbQ~4l#WtkEI@{6poEtT{KnOImW^L*LnS{_Fz-ba0YpL-> z;++$Ek;8q;HNU}%UziRvmqll`IV}aK;-=w-=qCgZl_6dCdxMFtCX-lu9wn)LBnpX2 z-W<5y8`PXO|4j~1ZBiW!KgKR*yc?vdiWU)0O7I(ipq5ixVyl5IIYD2Nt%Pm~A(z(u zcXn}a0XTuWjta(qCI_&K7zR(SsV@2}rvaV$uwXUGO1v1vb4t916a_yP-{A;-Xc)V~ zevFY-Z&vkc@OQ-5(-+37u${~ruPqhc&ZS*j+{QjBA=j@{pl!v=5J&F@5Iq#z3P8V^ zPGF74{d-3{!RbpFwy?$XEEvAjI+f2y8$$DLQy2-Zzts6O-s9Be4?4_dg31VAbG8+En4sGJ(k4?Mcb_BEjnOpg1I z+^in*41Dnac)N81Slc+*Q`a1C+s(maNCspK2N`z#TIcK{S{K&alb_A7=ch{zaKPvz zxQv}~`xW3)u@MtY*L<#R4X@-N*7M(s@WQA&Qz`T$qa!#czLUHN|Kr$N|`%WOn7AoK-&Tn~@2C9i zqb^r}wXP`e6OG<-b$pY|i%1-a{bfWgu}L$ysyN#pkh1IC9ouy# zZhBihe#6D(%g|8rG)^2Xf_77b)9(W?AfEg zI-t#{ZQgs?0G-)uuVch4wOmvN+yT%`L!pm>$w+COH`CMxTL1YU3D#829s@0G zQ0-v>T%He*LaTZLkkD4FQsPEY$~Ra}4~BXAi3q#3|4alTe!xPL&`lS74?|4rG28W4 z9qlFSiyy75gd)<=-H=;&d0&GLir(F~hjqovgHFwObH7>?m5+XdvW%c!U4)scftUX; zCKh`;hM~zSuOX?E>ys4`nT&y*n@qrO3s|=?tNzWROGoFNqDhbRj#d8utQ z)t{B)U#JDs1eI=Hr&T>WDud3e{J*RS%2`sBWSD=YLxKF4)q|EpJ_oaI&D;+oFxxOQ<;-Nm`TNNG z1mMYef`cE~HZbXZ9@bx5ovny;`#Z&d&2RO&pwsrdk0`OJed`l!L{c!At zbL1-D8__oq=ED>u56E4%XKdlFPo^hbF|Fb?e#Egdwk!)uub}U>cd(eA(PIm?n`yC& zLXsWSe-=hyi1)&xFy4c+Z2Uj`BPe>nUXzeRAH2<=F}*_D-m15S#Ctiy!@IDz8e1*K zGKar4_S@h5=#r)G)@99&x6N?Tm8wiU2YSH@o$%aRjr$O1oQV={Y240X9mKuS>sD9} z)^9bgXoOeC`7cg{9ZS+=Ro9YCs}%#~mRm#w?_1I!4`d1fBE=+s)O%3CF#xM`m3tI) z|2lrbx$3l9TeCuYFnXBN8TE_tKNrq$wW7JVQ8kfE^C|6ovuI(Qgi=PmTl!!bde`}k zc%U)*a(;MhH5@=QVcw&6`=MI5yXo@~7!hIzB2>h8 z-<}OX+V2s677%A0iBQ7F-$zGf|fhz2Tv+WXla?^Cwl(SshM&mB2?N9 zb516}nra-?o?nLl)>Wo{se?XZjWDpEwuch{gFz7^LCSXhL*OGqVm<9qAgR>aInUR7 zINFVj1j7?$nwB+PB~2)iG$x|maRQbmj;4@vyX%QE`VW=!c9t>nPpD!(@Hf~b+|wM( zRn5c;cr#M9Q>MaWM;aV?D1n#9D9q<()hG{_#Vr2UP+Cbg#{X5;9c4aH5*Z8{YsI_;+a1pSLi^ zY?ZLy?97}o;Prq7aT?JM2c^Hm?)vRH+pq^f!jq$q1Tp1VPbI}+L9pp^0UyL+gH*+E zMx=@*gk(pmZyb7*MuTTt%;SzrAymuU)mbUJ z8~KSRmJI&(TJ*E+@u4Wx9mpp*LS0%s=Z%fbaVNeK_I=OxEG?sq5yJ5?P;;fZrV&RB zqtc=@K9%|tV{B>=cqlyL|3w-ZVhw3x$%@U1LurAMAW12cSaHy!5PPjN-NtLyX^A;>5?*ryY)923-bAq<9JDF-8T(Xy`Kiw5pE7SAHAI<@PGXqVk%7 zJ-{`5h(JiJVC;P#R;8O}JmP)O2=8dwS^fl*PlwiL%6;t(DWaNXOHv69x(jBw9HqVsgnB}*YfNhyDN|!d8(^e9(=Q4 z(t_9Ctj&sQ+|+kLgoJ%Xy&Q|4J}2mfENha;GH9-mt37gnl>n5iL^Q;{S|ESIYEO_-Wz z3F+u#`&>7c?5n#2!Uh)!LcWu1qO56EcSXtqQ&Us&9(}dw-fFlZ6q5v?GFN%PFd9Si2-2tj}TanXb+JeNp)tQP~u=~0gWa?7EOF?>FtBUzoBZvFtZ4_d#+fNfL|a5zeB+~3%dC=ia|0z zYySeF?0mw5@O^JN-dYl=iNPv2LGzw-E!3^+%i^kY<1dwnu}uv(5gp+l69H1gNp7-9p8^CMxkC1oYFni#9B_+vs}`w0G*&vHa=bX1J%7KLJNAl*^=P5Kr_$6sOzAx9pt&_?_C8@XL>pIJ-IaBTo zLYGyIX9m=iXpel6t!oiysg-Ua<#%J&BwNJ202iinvSe2t+0Q^a9rDdTYN7&CmwZ5x zazR{&yasbG!;~zyY52yYa!c0&!`Cub!|NLzvl{e?wQO&<4qS`u|H5;66&UIj?dzt* z%L9a{wAQ(iqK-B{S2lqA!PXi?EZrg}4=2)@hSXU?1yGKAB9RbGwDsgp@eEQzg{bgfN!S%J>>gB4qxzu&;dE#ti4bxSjRp3Og4QK*3czM^@ zqq8|&#qKNaJ7`P3H$1)oTeqDaEBOM?7I)X@Irp-SiW~g=YwKzXtt$`FDm=cUkK`T* zE(18l_W44sPV{{#B>k|@`l@VAaUM{SZwGMp{onp&X6WTxdE|kNK}NB$XdOfzsf&SkQ!w;%51-T$@2YSb!rkx4DKtLiIDtscTdY_!tdG4k^J*cg^?H*( zGnHU4*m9+-aE)bsq;CthHhsYJm;RRn;MuGq8y`SP-JX7nWyN68)sHKMZ$D+$K{zrd z(`XQued47KNn+M$?2FV~+q88Gu3Ha$p$68!(-Y%#&iNw%000fOO5W^f2LWwELWp{!TQD}cTSN=BvpST#<6#n$RO zmI`CxTvN{R8V40;WngjU;U>gLdwlDhO=q6|FtxZnJex7PyQ+ou1(jAPO>WlozhsMr zfeTL1oGE86Jq?CcS{n~EhKt0I5(EZn@;eQ-N{95?xPXNRZ1rT{--wGp@m`|HeEMD# zwQ(ch+mf&arWGlM1@Snqz_cW{2KMxZXrfSahv=NO4O@zarA-EGz{2z&m* z2zJfmXJ5JUdpnKc1>co*hY75aA=iXr!u|1cgx{6*_f%oRNz`fjl?G8)D9*nN#g2uf zM&Ak9%l-Z-wLSto9z!!6^6zH>pox+|%T+1EiA>;h)j{9oUFfYTzn^(&fOZ$sn~r2c#V4+f^FL5WhFxw1xN6&S{lxy{pW zgv9)%b1eIK@V@#vs{b^_{=Md}T}dFQIYNqW=)(X7gwUx(FhoAgJCtxhi78j^x@vwDl5G4!KNp?1p5#+h?4vus)UI!6aTH|JC2bW z9iTWB10_Y@^sTw*5?|Ay8};2kM}@VH6q&O}OfMoxdx!{xpvg5nUQW|TJX>>#>1?!u zTDaOGltoi$O1#KZYlD%)|AUQ)Qb{3?GEC!)n(S*HDs8hM9g#^TDWLYfCM^&~pmPv1 zp%T*z7^IR#gZ@wD10aA2ULmF&zQnJH@WBJjgbPiQ;%(MIp3|$QHdM*?$y=s}&=UZ( zWc7gnYgM}hCGsuOShSsTgZcM_ZLg-I9wv$HCCNznH7?(!Y8VB9x1bb!|9>e+Pzt^p z+pPb`JDP?r({L7QPZm}6D%{}`!;qO4+EHmosW+e%K=uFU?-*4ZIRp?iVQaA$^O*SY zMwEJ>{W&K(8Np`^f2{nixi^g>-1qV{9-xWeX9AWR*?_2?EF06Vr?8(f8&ki(5co~u zu*FDN=h`S~=H|pd9fFalV|gH`sd;p$GbvptOX>tR+hG?J{|gG`6p5+yhvVdgerkc# zb#dS8`PA}+JJ|hl8?2F3;FU2SVTL0kS%P+noa0fwf#cU30~fEcefN1-a6O>!zmOp` zv#b#)WGEOF189aT8;VKg7m6fKgX1I@#h{WN{!YcNpoVz1%q7j@TomVS!JcQ}>*dOx`G*gCj2 zqtHKddeQrMcZa0VdjAY7f+Bk)=f;DoZjwIf(f!B3gy^o*LxUAk447ZpFU-nbyTnEd zVT=0^cmr0BjN7KIgMooGC~7gA38WEa&%i2grmIRxHD@a$-Mt z`Z>|4An=89&RuIx z5vXbFJSNIbeScLDCpwo)!1N|kri&Ymj=YTx|Qxg+bjZJCIP&Hgy z$%yn&`E!&>M%|XM7DU0pfBXdehQIknip`LP<5Y(l)I#dIf*8sGjUpNG)?%?Xm_#)5 zc}QxnrP1~|51#Tq0m}f(brnY!3O}aWoIFS%66FBQhie0xZ6j6>HUPB61vhoXU2FcU zF{-ia^RmX8Q9d2J&sae+DRCL+^Rzyra+JgW$xM1fX=Y!lVSrRviasr9Cj+ynob1F4 z?s`==3Bp17s%1nw)4mtl8lr&ocbf1&th0us`DAqHuL+=b`&&%Eq(vLh!br6*1 zdA3WaU>h1O<2t(?@+->+w)@hBudc*R8f@J^xe@MvQEiSB`C;S*m9r%Z2|Vsow836n z!PdZp{wKk~;AM#^7(+8eC4bhTi+w+W+QAu)@pgkqtebw52VrNTeu>Lj`GGMM|8KSm z$$%D>E0i&D=B*jrt(%8k&l|K8aA!fTIMgbu1Q>E9-?Vqk1s{VCO+G8LeoIw|I4*FUm@@+_dajV)JDHh^x3djke zx@EZOute?2L#Nh^oLF~AdD*4bUrTBMQ4d;Qsw0>?O2cbA;g8UN5Ttp81!ZU{HS)v> zE;@68n>Awn&9H2vR-`wr5svGZejI+11iPP5Qfd(Ynh_iibR*oMjP^4Uub4VF*Xsci z09d9b0!;dyr@ZuSKIFTJc0We(&h%zVgNCrA1lGy->uan?ovZ4=_-SdYzAfSDnYZm} z)@KI2HLshcQ>-*=hffo<5g2T2-lGFkORCEU!>dlY?w7l`$Nm}TRcIef&^p)`M}G(Q zkW(t<3_93D&+Ey$HQCjo($X43)O0>WN;6rGl+h>9+DrAifGUm_{y#Vfa(Ja2@#=>2 zyU;iwq*^Vsw`u#=@{PSIB02UOuHkkh5qVtD%p(Ixd03v2Ien;+M5<=n+UjS>k<*)( zog)rJ6{B-dN{^#lnvU3Y(rAvm&!q_o)?*D)8e75O!R=|7f$MlBfFJQscFF;=AUa*~ zod)r>L(YuIIwqI0964Ks^DS}ek9S9EFhHV>{}ucPqwZ^me}}14y}wNwn)AHV`sjGM z#YuP@*iCkNi&x1WJD;D!Vb~T@cOKfR0E6e8G9K)kwe(u6kqFZYhvK>7w77fiqIF)q zNWs2ZrWq}2_Zm0KPZIg<8GF~U44%owXpaC~&Wg*)bO5(6gR{KDH4hLAz0VyiwpV56 zY^EJ(np?FCD}*K4C}`Vt}lBxXB4YH**VXrpVKqB7iOZ*WOi>ORlvO7k1 z5xSVK>hR6X(Y1OYyfM|7|G&%JuWWg-X@NS&iy>oNPG)GKl}vAVkc)}$M1KCX0o^xM z?cvm$I|@Lyt8ZKPr% zen+LKXFnAp%+3af$EvJ30`~WEB;U|c!O1CylbSy_`4ABuQMeo!%}2X}vvdz~0IR90 zc6)9`$#1h4C3y-Ud^_KX3N!$B=#5)OQg89dU zkNNCM6Zc*Ma`S3y$P}dIl{ved-9S%N`wrZAkYi(pak8gqB8Ldfa#i2xQW|_;h&$;i z{0{FPZhkz?Iyy~w->;@A31s@@2!O7>W%#f{+=;qs7svhWW!c_)9+i$~wm020?9~@B zp6Sd#r;~3Ce&{A`8s1~KOY@6^NZ^h!D=}f-M-eeGJkf-%kgd26{T6{~1;YWt z2XvqX|IA95^|*`Sn-e!ome@WV%sFkMQa(YE1?8te=FU-$`B`gE72W=NL2Y+1v{{hr^^>3hL> zY?Pi{c6>LLT&Y2ZUK33cHT;O$E}aDYrh%qXti&?7vQgLYF`)&Q{BfJ(lpgFVw~k4a|ozkZKR$f80*Be>~l_L^062_Gwb8z4~T zL~n3D^y9xZzvY!xaPn|sA9*;9(h7=g1<&A*NRrZfKkwk`*#M*?)fpEFoGR5R_pG;N z+1l-*6cx6kYCJOP=%YG+UZ8tW!HG)`-a2VlJRKX(I~lmu6Flf28^B!t-o^4Qqc8=1 z1tLWHaD8LTn>y{rD((PZVYztF^KhGXEyJ|goN_C1T#W@vpTZnqQ6TvIyrB{;k-TCR zFms%Qp|?-|gBO4ezuH&(!3!dkwBPfX9Q4AE+G4?C$rorsf(}{3OJR3vOdx4)Ml;{G z(p7OH{Z+aQ<61v>(^O^2xW>iBG^s4ui)FB8tivQ3aHPFQ#RdkjYRr^s9v1oQ^?9FK z70KC5Sn|5`YT%dJH5pxpFJGce6U<;-OJo2Cf1G~B<+V%}2oK!F$NOXE06QYbZ|NcU zRJ4xYG(!K7s-akM(WnT_W?I$2mcmjE$vW|pG02kIup^?WrLsV=D0ED&f9{D;Bbnnj zsT-HL9G;S|GQOuECJH!BuoUPdaMrI5k#33s7;<0QLmuvk5B0486pY|u$nYXLh(UBr z{F%}}L`BnHmc-9^dH*gB6J0G%^&G=qZ|X=XnR zoH{xOV(qI*aNDnyn3~CDQFwVnCeC*0KP0e!la&~1;%3N-8@x0P*;iB7_?u)ZksgW; zT)t{|uaP}$c=ta)U=vtF^`9Z-b7pQEbm@jU&jRiJoB*o;4;2B$5^QdX>l~I(;b$Q@ z^wTx()k(>(RE+3!B=LqK@gfBSxd#eepnCrXRy0*jL6gbyxWxmdX@K^5kHTMm+U4|i zL8G{K5>cTw+@*@m;WNKCL5XTBn|SmMoEPow?Mg+r5z7t#E6{GY(H7vu7jL|?j8~QM zn7DU(hD~N;&`xJbm#RQ9EXJ;Uf@T2>;s}Jc%s2lZ-DaZQqd+(?{n>s80jj)uocDL@gavt z8Iyt4gZHc_VF22vT+J+IPzkG1&q)}McJqi)4=a9Jc^4*{?WdRYHq*Lz{=B4ESSBL8 zZzlQXG=X0;mBWhhH6wa3(f*0pT8vR6KU+&C6e~KL2FLn-(XznKr}N&6fptUXpmt%m zgB|N{jQHTqBQdFhuAXn$`30_eLU>Z?)?I-YTHe;>p+qAbN*=Arm|F9e5~~HivE*HE z(Z0@$M~t7rgTuGe8}^(G!|v+}1kJ3qnf$t!-J=+_hBOA3)Q${Zi@7H$L+TH8yav!8 zb&jFrXT#}fFVYv1ZJpX6d7+?hylCDx%dG7_r`M!GL1g?+gLt>-jZrC-{n9# zD!iU?)B)>@^Jj*Z35E%()^nj5RsrvV*_76776F5{cU2aX`0i1v_rq-lcRy}iD?6SK zYav~9dT`!BHBEk8CvJEIG+^vjYFG8!`k(n;7s}3k@YfSxPH^m=WohdB^sa;LZ1v)0X29jL6r<&UM_V(%S?O^MVVymnE z@zV6SUKO~LBoK9Wq;pIeBz4!yC)`Gm&`O_ zAvppLN_FdE+IJ-SEF>#rj8o$?{ooA6-qMlPmj}Giyx3mpK)s$OS@ZTPxd>cr>)Eaf zW=n%AC2;>pTul&;6%Ct%tz3y>?#RRgBQ61eQPtp@2mw{nuP|QsiX;5v=}9{rwko+u zT%+=Qq1QQaglbIkqA;N;R%1^!zO|R>Y)s5MjeIwOM? z`TTXwx3WxIy4cxtL+X=)JT=nk`?MCZHpsgO#t}B6BH`(AQbr=sO?`8u-(NhU?zPIL z|LmpqGzg6-17aguvi+OTHLkkW{47}JN9+Y7SVTZbA3|fZEB&Rb)`XLHcG^8;Vz?!J zs{E##kU{vW3j)^`_eLeJ6^x{J^2-u${Tz-i%BMUaF;5k+65qIsW{*PjPyxJ7R_ z1CPB7$&|^;-BZI$%6sadp&kSOeH>HMQHB7ULo8G)IyxHt6A(3A4V0SRe;IiM7I~l# zUEr{eoH9Os+P;Axe`;qt*-5B;D|ACXD_Xc&!6h+{rO8Ok*CtgZ{&88XFypCDu(i!n zb}^uay}Uplr>N}y10{aGE>ZVdTAy9p@VMy6?gc~o8`)ok<|01s&&v{1`Vd{8uEQjD zwyjSx;GyRVKvrz0m-22;3n%_pz+TqhVUMpl0((8c)$3s6ZM=|SmgJ^H&(U#z^!P&H zk1~mogON&pzvbKx&XvBNfNo6kV`?}wDD4!+#hw5$T3POL9$R}~ZXANc05?gsxV%&E z;kdm_ScZ&yLpZd*K3&_G-N%$FIXYPoJDa|g(#ifJ8#OE{M3CrQTQ-_ z?W*riX1ovM8o z^6r54xc58w1rgtg;8qr5DZ^k@)mVUnF1~Z`BV@QIm~t3F5!meF`Ie_Rw9J7;mu+R* ziJ|?tnaUww!P=quuT1`MLnpq~Rbz!DBOmGV%yOG8tv-O=fzGJP3Z-?VKBT)s4E{5n z5y}GbcCZh(8l4eBrP4<?bQ7R-Jvne=kq6Rm{# zp2j=Z#+F#I>sfQN)#X$AtidkXU`uZ|@1U)dxmLa-yp-0w=Hkf`D*7LL1%l!fg71`T(^yLPpX>*ePrVXR(y?_C}wQQa!r@S$5 z$LCJK2-o%WlY!XOiGp&$Lzo;V3$$ssza+`h9LwoyCV@~*i35CdU(G$MjRi*7FHI?_ zgY-p0rp1>KT~naX;E@Dsg|Is0IrakR63o0tcX4r5nqu}VsgTbutC4rdl|QI@{`aPO z(v8Q_iv_n5)$`NJ4|BH?7q(Afc#InFkG)VWvCk!bI9Czi%DCyjncg99?6l=qaQBjiYSu&Tv1-A(YHS8=Kk6*zZ&FFcj?Vg;)jF#%GW!Xt@#Z@U(m z<|&B@a|M{irkU5$`q8-zqQZct$Cof{<#AcE=4JJxg`-~?7$9%T=@T=f*Pu(?IP@bp zasJ6L+g5ck5#pBHyUvDI`Dpxj=KzA77`=?QEy2%3U+ysLpm_ywJ#T4h76zmy_=ZF$ zv$toyolUclZ}V`Eb<#`6KD(#b>LS8IY>mOO17n2_RoXEM9M!gttv`2XO3Tt^dvm;C zwKq>Z(Y&f%f=H>ors{7d*TcdO>4iF=b7HVj7 zkU95i(kcTsSSt(5284{+{<9G_wu0t2((Fmiz(nJx8|7P#75rGfUxPy4z-K`#cIUvA zD^_8>5os^^SRETEH#Rc(lx+Tzmp1>(}x^Ks1bpxBFPh8qXBB9j@kk63Ht z6hs2)MFyT^MFKz+nz7A^Cq!fbu{;w7dqcE6<~volYKbJv%^MZ)G? zV%dgu+U|I1-KW3r{yB|7@K|F#+#F%FkxGQ*{g*4bF{eKuGqQ)YAn<)F;kVZ=pzJIw zJxozNI!TZd-$tQL&|w>j-)xx*I`kAr@VHag@A65em|t9UAF- zq|PKbY!mEU&kEjaUQd7Or^|z|>lhMD+*)xSHXY3n@e^opvKXcO=U*c04_rdMhVc7L zIu4yhH=9>97q{8A2#~~5TSOOBY}Zg_d{4^d!gT3coup0$ztfltc>A=nnmZ#FD#owh z175wAwc$&p#oCMOsJ0jAIq8n1%L!?mNq#kEuQ-y;eI z#kQ6oHwv541GCa_k#IAu$z1yk8BpGPg}gWn^ViC?BQOH}Q#v=-Z?P7vbMh1YEGW>( zm`HBhm9ZQOx+;uGWGvJ_r#_6Sa7@CBv(RpK!-D5ZgSXPrnkJXRuGa!KdGTwqqaqEt z?fa|B^GR&YX()M07Bk8iD5YMwC&3B=+c!y43$htA%2#@0r2ujuI`x%Rn@-EmyDEi< zB}H`BtKGn@2hfnUetXryUPYnd52+*c8;q}!de6#H4BK^;HfjZz@KnKs>1NdYXA+Qh z1NMmg0G_PUb*itdW*H~!ZM6^giaVp}e6*DT^Nw#d4^C)P`#uFx8BxsS@GRXSCq#j) zG<)^OQN#55CxAM=9>3wwGp|vtI7C5B0)$}(N?%E?a0wM|!d4JRTr4@oR_`Qe5%^!( zk)EK*ZgpS4ZUvHv4Ui96NvzL*yGP-nw(o}*KjkWB)b^wi@?~m{ANeEh|840 z(jL#4L?O~{LE31RvAZ{a^JJ%$;>!9;%crVsfo+;K$MpjE7RdDV^d|eAD!2t?t?;8N zB@IM8mmQQmdh&M_7_mh?YeuytPNWX;B&v!M`KBHr|Q2)6ujaFOtRQ|J<~}Y^Slf+QmLg} z@mC6(S}kSufGbpMl79e#9!Ex(Tb&$%X}xUH&9$>}9j-ZNY1IoPnuPhl=-gS8PC2 z{q%bCbk}@2fz1$Rh?DHeQWI`o=Mj@V;aB*ACqYha11pkDn(9fI;VaaN(}$H~!jrdF z;ov#;ddJNAa9)3pN-#T~V=)5a>%7kFMv;?m{WERXaFC)+IZWnb>-AL@Qa3>yND z@48<2SW;`w;DXArsv1MGY@)tz%$)xu%lgP{$&FweXZxcdq1RTL>u2z_2Iut+Hte`0 zvAUGU*TjGssEd}}5K}Jkny(L?3D)kqm~5a4z?NLri4cDyiX0@>WpS5s<#8apZ(OpX zK{~A7{^~Y(`*qRf_2?_OCSYogtu~N6ArZMsYXPMiO0~_*gD1=HQI*pA`6X`AM=jy>&S(XRVOzHV{b)F-4cu3fXC4aRb`l(_&-H$Ez zv3r}-Le0nVG`$0U3NFca&&ic~X9bN43XT#ImN)&(nftthUU!(}V8C(5>)|f+rnl6i zx0pn6{nX`cu<>-VPp-lh5hs44d?;@ts>7z2JIZi$NOz|!gLV6r70U$~8pOT@@meO~ z=6T+;9$_N2s~G?;Ki1yW&ht|t6aJ`ITLd!v8TDEH`jH(SkG$~lIRzBXke*@TpxPbF zCb&r$*`hiS{c&2Y3qV3Xds+~}f4urqWTwHpk&jPqXQY(ai>Y?6hN;G7{pZoWFSn$~ zNlPtP7@-2vNKEOg-!7P8yBmXa>P}tKRx!G@(m#IWNUWhPxs;Pj zpjpu&U{!ps3U%$J6@B3FN*f7Uf^J<1KC{ELf8%nrZI-dcDOeW|e9}lB8=%PGzWddG z6#O_S;q2D*d~qu;&^Y*rgp}Cf0`m16T?M?&_*W+AS5s@WyHzJV@11!HQriM^uwx=W zU;TXjByB!$G>S6@-++Zh9O2IefaZHzg>N?~~twNl`!_GRmo1*g(ZpV??dEsjtM2lV=@fzN4q6rs4)W{49nG}B8S>{eqLicC0>NEYzPo*cl$6FP=Y79- zjX-483>ze))J@hF7?PF~e=>mK8XL~h!9bsWi z2fP75Q;dJ-3+ic7Hzi-~@Yv1-Asp>!$B^Kur(9*zp))$}Izi^;gNNZX9eYA?N61uN zFb*FoyF_D7-UghVp(sB;ff1xA?~JUrJ|NMVU79U!`^By#%3^e_d(arkT!Uv;MNZfy z>PJM_xhzLowX#`DI;UK-u7i1t2A5oFkO+(JqQwXTBx0>qqMDe9qMB4Fb^)l!4p!Av z?PDFnU_|Y?EY|0=f2MZkf#aw}nB5^Oh83MfLHc~Y49l7uM_Ha`9wE?7+(_|NceQXr zVxwvY)L7WcY_%Jv!jmPleI;Npv%__i!$AS;clBgq2g7qX?RA)IE}LN2l;DPPgxl^HFFXSO>5J#x zL^kd-HUEEr)55hvfem$}yXd=Ha8{HkpkWiuP$=@d|sdUYms#A=aI4{V@3R^fKx)vJMn_fL6wV~ zm&u{ypzq(HwL5|JN5KNiw{R0-Ka2$oA;&qG`ZlYGpgKp8{dC^^8(fo;`YDb@qlw*fjuTieC z^?ug?rcmP9Mtm&hNTt{LmY^;Rm#RLMd62EQ`&DyL4T8Ch1?CRvesHG~iQ5)(sd)d* z)i_c+5_W}H<@dR-YBv^qy%1Tu~_u>uSh|%qs@aNP?D^lTxKHcQX8h;uJz(G~vCiPls z5-9bKn$; zl@A1)Zn;0KU1MO)ZEFJo>|6I*zcH2wxMk_fRXqEy#WUs#I+iw4De$~iVn+$|{d16_ zzG8;>n1L4|lx6fa?0I!UY)KzE+BYRJAVn~?Yv|#|uHlfy(KXTkmvjX{Z9{@7lPDu3 z(1ol}$nsCUY(IlT^=w*?PHCDqJ9&^}`v}GoMiMK=;mU2q_C88zGCb|A6rM`Zsv?K= zYPYp6JSJCWN`C-{jhvIAg)%?&87vWl)AWYb8V}floKNW|e2!BYmSZ*h4|Qc`5Q!7a zX2zS#v@L2d#u7;blnjI?9HhG=ZP1wmJd1{J2kvLiiQ+c zZ<1k;4tKaW{13d3uaCC*FPKu@+Z@g|f64C7Sqy@ z335FfJGAwtgpUX0ag2>Lwk=K4sAjl``EZ)3yFp;;koi4faj?Y=${}-2qJiGBAz|!x zZcFMwK5Q$$gC^>~9C$K4trWJxw0^l9mNsQyE?>ZO|1wQ_%+Dtn^D_Mk@iL`Dc(lP0KW%nq03cV@E2Ar$*57LnWrU#!~w!;el6RstFsAoti&AV2^L zhf``H9}CU^r>YNK2$1R<4`z7G9Rr|N-td-`ROH+w$>91*%cItNEs(##W6P)9^k+JMha> zdd~US0QWyy9}9&yhV&(yT0Sku--Ft*9l=p_xZT`r2!ICf90DNygQaP3+u*6>Y?BK- z87-$i(L4%FwBMa-J;WY-V{P@qqT6U54M#HzsGa6R8<^H>iF7;EW|^p{^Sx@(=#nI#8G!A7}Es9%=rIAKCO&Baop^CE0%f8hxkuO zIT4Au-1nJ9?Q}>`Gn)~eM;>Lp6>nnMx()$o{=pi~pZu;PI1OJv>Gz9l1eR^+I?$Nv zwrD3egy?L%c{fvdv$9WwT>kvDYNygcD3pyqa?x_%z3IdP- zYWk-ch%z}e4U0bnXp*py5O(#*E|-Iq z=7_eE#xJemJ4z{}M2#8toX5VYTEFOU55CD;nuouPdRd^8l&e5Gyf-i3+<^Q`%=4XG zv$DyTsh|5yj)m{rw-k1SPdLpPTjBFmLbdalsSZvzM1g&QsD1h~S8EH6U8^Map4!R) zp1Lm*3ro{FyHZZkNiZ=yUPcXEygc5Z`Aa(&z1s={Fa#9R8)X1TGk$A?g8mm~%|qIJ z=T12{O)9t@xdclv^^(xiKLkdzn4DOeZHZYKZs|kLA*@AAfn*|^5F~xbCs882#6TrH z^%CG;O+rpXzABoOOWZ>4EoNdy9$$bW4}DD9cp(L+J(u2IY|WLcI~r&}-A2UjVqm@QMge?Vz*9{qvr^ZHs6*l(f)Y!przs=H z{W9|Aw70*0w)L^Z?XKkI{`Pdd>YIaxv>4XIit*L?oG#&)dq>a@8-xVepA`hw_|u}j zS23bnTMLTQarLAEy=5x%zrz(NJYvjNWjvHUrY;Du%?W%475xnYYt0lq&+%p_rgRMh z`VZSxq-}FF6@@f|aQP~Qj-5GGs zsb$%exdXvK7W|kP5GYf+TyzY;p zI@9hq#~%_m+&b96-#d7W)zyk*z8LH`=2_A%$8K@2L$`mjC!b4qm^ zPl3_P!&eATVKBw~K%1lWTV`IV64zD@gR4Pm%hhd-5&F9x+aR z+nimj^rCynvRy2V;y^i;EzilX znerooq_q!$*|xpLDcC$Ezl8#8;6RQM>i#cv3sHh{<`)LGZc7eP)d;OB@m~?Y?MqBjqQ93sO|a&+)IG_v z$OoXW!_}+lIp59lGqAC`{%jnI3zkj?10F5Yz?_6H{v!e*eQ7!q%72O4yYoWKFbtfb z_F;fYDEzHpEx2)Yi0k9_>D-YWR2M4``{Mm-k;8TLn;=pt`$~kdmX%*WTGIvY?&3_$ zo^Nk&bMDOzLsXEbsQ2`}Fx^+H?oKG46Vv%p;4oUVuKFdlBmwUqv~uGCpSTwYKWgdi z<=2|YX{xBo;lKxYhlpD}asja!Dd#oGm zUVYEf3W0Tjr@YtI>ys7>o|!rgwZg}R4ZySI?7`(OZ=ARFsPo|&)QwT@>bm(Vk)`;q z^wrCQvV@|NDPr$!y6fi4OUmeFTxjnPU%B7zVom9>{ukN{RAFr zN4|4RLGGcgMp3#Km%Qd7@k!`%y_Xq5GI&ypi~nvlgQ@la)FoFW0$>zbn17r&09AeV z_9LC?DX-8zVuyf7k>2-2bsC1Uw*Bzn7dzy%oKlB-)_bqh0-> z*P3`Pxk^=EkL(W-zy77YJiU+3vN#%fb971KMfAcrxBVsz*B*z`TwD*yNJXUSzMp3bNt1 ztVG&v^E)?G8bPHw@a4wRZ^lAGuN`a;$L_xeKCN1@57XO4zL+J|r}L3CdSf3gc!5T@ z*k&bqR$)#kTwLTl^5cL9Urm#v0x&X9J8FMOejcl9W1SK4b#6f}J$2uw;@4megt+>B zOO)gXro*`g)vhOO%$$F^i>R7RIC+9fIGQahsELrl}P|CNZH zqc6sAD0da^%~x%27aaw-QE-wBX}nH1>PL196-6wG;$mr_zg6iPZ! zbI%-pujP)&t|A60dEoz=?+Va~)p*H^If6d#lTNXu{4a;~*Bsqfx3rUn4IA6GjW%p-+qN2?*h$mawr$(CZ8mDyFYkNr zZNI;E)>$X(clMr{J+q%Z^Nb4FEmYa9U5ec0&B3n}2mp~c1zL)@w+Xjh9Vbm4nV`I) zx!E_B6Q2i%b--qZ1-vN|A0`fMfuB~0`CeC|K#O3ELdblg9lM&R$VA`R=g;7{TF0E(snj1X#5Us!;X^0Z;WPkv zD}x(10^?We<=na+D_^luQuJ1Bta;dxH}Q%h2M{Cf+dlj+9v~Mc>C4v+5$-(c1Ma2K zNK2uxMY|RUGv#M?4-w?*39F-ExOunt=gG=HOo@%1mUbpjsttZ$)K$iCOFbh1X;$y3Sd1VKsOQh{)pDy$Nr%--Hn_jJ!UVpqL!hFGU z`KXV^nO_C`SU@w^&zP)7ee|96E8$BYom%bRdY#1YbmJ{jGi8Oq!EO^Z2NA(n?9hYV ze$_ofTLBo@;68uA+mrR%g~N&7-BPzYzS1NvFM2uSV!W z`=!D6|AWV%0{Y|40c?lNIb61*B}VG`1QfYS!^pMdml$tMjKg`fWTy}aO0VN{??5B;AWM>#_ zX5J1Ww2RdMSY750j%m36i1r%ZGDw<|wSy#OyP+I>JRG~;xOlK}44N9tT3+6fue?$% z-d-;O$};E=_UACzSi{;&EzXk0*gQhnY25_Yy653I0d=;-TaBdc(XC&pY* z#nS-e@SGpCmioM$Z!FF%7jM2bD%&S~JiElV1zwJi?boV#FkDX~$;f|1RbjL$9XwtU zjxlgM^HCL=bdaox)GXseG~^$KpBvMLR<=PMeNlUX&;-%9Kv^dHmvt$Can=r`M~V_e z|DR-L;z_l9+mAckjf6pDBGe2Hq>kO4M^D9mym8)Of5C@#J~HS!lHkM)osmS?AyT z5}ekAHwm)iN`*n2wqM3QOOdR|c&*i!vYL=V0>xjkj)zy>eh-{}vsGLweXIB%s;sYiuW`hTQNpM~5{wbfIbX?a zE&G6?3}{Ma!@Rt))g0qU@Ae+f4>Uo45e2(G1-N2TUvcWFzHnUfEwOiHkIF-R?b~Qp z+S0N%ot!3m&vC4mL+^)m70b zK~l(FtyWw_;NYleV|8$&*ER)mz^nySKN^zfrMRVDDbOYRTjyMZ{>zrR^wH82wd`6R zDN=S_MP${Ysw|XqvO8ozMxA7WTC1_{lZZ&~Kkxkg+N#-^Uqz&mljF0mLf3{YTP6%n zUf-TEXUe>>teHcTJBoDQ({x>g5DUlFlYBXBXpc_c`XJT~Lx?61GXF%r2yYUSkVK+_ z6d@sx3W&w8K~wgwF+8<>SXO#Z?6=%~TVLuEK5UjTAhGorWToc#z#&hE>$3;0^G|gcaf3e7(qo zmJ-q;KVvPJ1pDHUh*IM`^co~Q5>Y}G=r9;Tm^chA)|_bR@ew_&_Y2CxOB))V*dO?qo*F4^%MKqw091rcC0Me^wx z$gap1*{jOLe>*5R;dT6dVZDnv3V7f?Q<3xbhipEJ%UN@O8>pRH_821C=E_hW47d!Z zFZYBwo+R{6PW(Cj0O)qO^X-!hbrGf+PHJf_Q?0w(B-cEDAaK?aqdVN>aMHS%rtZ6y zS#5Tp4ab|4k?MSIGc=Z{=|l$6;+R9GdqfUe^9y_?&tZfJ@0nBncR;0uQACo*9LJ`n zULni@7lljAb38ASn`KRwGp;bgt7tCNlgIq;1tI_;q~p>ktWPa1SWnq%E8pQH-`TUw zw*n7+QHIukj|IM}8Jvre7LT!z=pCkgy}yZ8qN*_{wG+pEDQuBOY(uZE%^s5G7%}8- zn9H;odFUNQgpv_=xQo00;$?A?5e6Qkk4e~A#9G3R6hx(lSx|xe@1Uoj6!x)~`V|RK zm=95AJN9Avrz{QGdgCf4-dei%A`J#T=r1w{no9vL(uJ9rK?<@P;~nVBG}Du~ ziQ9q8!Tc>V1B>S{T`2voreiEswFBPt<%NILCj4+VvWvDNUvsV;U%n`Ora-ifF+?a$ zCa4|nwu%k8wJnPHC$9Y|$IweBiZBk~EF)wSci9_Pg=(R-O^bLl>h9b^mIx8%Zc3 z(JnonAnyGPdK$8{+~VtdlLdK!--UFP;v!QQq+2f(!{g%x^u#mrH3?wnEnf+v4{w}x z5FwixF26&3S1{=qkdsc?@=~hfNUWaNyoLST@y0~4xLpCSTnE)SEr23{cCNgj~?_AeQ#b`IOzSr-R2%YG{uTLQd%`M1rO1nprLgb zi5kM%ti!~rbf~PQOqobVqgJeY1-B&OD-!g_-*dUeo5l`RJzqxNSkw*2wY8M#X1AqG zMWRamz%dwn3hWQUsC^+;$s8I4o_c*#A@gK~kXbmafBu$CcA-@V*}uO$IWyKo)BkRO zr1op7_P-$iC*B(a>9eIxHXsY6C^-W1#7kN92Q}V-C;}3J zW4atjWjeuR+GCxI`oDF8?_M7txX&IM5hQ*4_neoStKnxDiW=Cn>yI&%G{0xdJw+Ck zo9AvyYse{y%lrr;2?~oj44G@|aa)a7g)J$U?(M#PAGZI~--F>5ndY^ixEv#Y6W&6L z{#2FoRkRhjmioHjveD5ufOphVaO*pIjU|b~Nz=Fi!j+b_`;9L~uB9n?+2bRYWaUFe z8Ki{TRDa~?OvlBC49{E0L!5jSQvUTa%%^VGD-Ra!{j0ixk9{{&@e7&0(vn=Mc@;l4 z_c${|6=Ym_6cV&FDRW^XIbfX6K64Oj?ZqVBfc)^$BACAy-=o+6CGILKAR zjxJ6C!c>0@D*oE;Pd}n0S-LS<#Q}z%7kFy3_pisi*@bcI9U>Cc=GW~Q%gPqUWMnGE zwL3;Vj`NthA9lN-cy6X#071_%uL^rjUxQkIF;i54Z@)Gu3r>dT*NzHbE+52qFg~sJ-3Of-#oRgi{J6y(Pd{7~9`d&5@C4Q!_T3z8 z0im>O{&Mnhayx#fRo;YA@`;;zfL00aKz(EI#>Zu2$lK@XhI6?$(4k%I<0R%qCRXDn z*{XgELCosZWFhl0`9)}5;9=PhPR;O3hQVixhhov0glTnw{r88pAA@4IbpQ6Y?B)9x<`%ZZ`%Wu&hj7_LE~ z3Piy>qWamv)qP;=SNrLA0>XDK%* zn0!?J@Ls?6jjYiV<((G+csNO`L^AYzdDTgeH%7Wv8RT*T~E{Grq88#t$L^J1sJ(VsLvs;K2dF z!TB{KRMHIozV5EwK>_tf!d3|I3j#!`?V^e-K49O+GtwU;jR$+jvvs zr?@|ql%xy}u8*I8|JJX#2poi`s&atoV9#BhJ)hwfq=O2@JXngYSf8k?`Qnx49=pm- zHtfH+GNmQwaG*{~qZ8Krur|)AWPKDgv^pMe{rYul?P9&c`WhJFTDXMq_ z?l<}uBXPtreyaw6vNzcGHVvC}k~3aRUK@(029st=9T=G0W86wMxJ>*&AjPBTP&?c7 zUOqA57_LBG{=U1X1He`BL}?@Uo5U*jmppaA2!8K37jD#hVC7;gx|B!ws8u&0f+J^i z^ei_0Q0pkB7VI?ppvXmvTX1dmkb6J%ja5vUUisI^ot`KN^l2Mc%)wpc-E`+unc^9Z zrcbiz)MfJ~`fAd$o@0?8P98I4gv64PF8hN|R%9_&HIFG79{~2f-#8j8j%CDeMQB7y@8`Fd--Kx*j)exgL?(#ybaar^KGl$?}52QKB} zVJh5FRtFRL#p&iBg!%o_to$@mxnpGvK~Z-rByqzV!kh< z9`7Pm^i~YzDFvKGlZ zJk9Jq0jDs`HJXlDev^7{NvRgNXHYPhhHAMCysoIffV;;qbImR)qIK1uYvwn;#2k8 zGh3N}rY)6=Plns^d~8m4+moM?5G?9t&Ku8n*P@pwaX**A{9OF>S|{r(3KDF&<1)-Ri(Cp#>K zniwhk7$jQOD#{PPV<*9yp4e=kop~7Q1Qi<1^?EK;dXJ^fUQ2tru)&@?F!}p+WE0(W z+r}nazwhtdU8o%xgnMf6TED#l&hcvw;(!xU+l4B&mFN`Vk!Bf704IUrxikG&uu7Bi zE}_V)IkG@)gkxl^t)zwd7PW>Tn=kE$I_&beP(Qa*_%>;9&JgB%T*2^T>)lOWX4OE= z5w2H+x4v$r{$!*$4d>4Wy|aj1v?+fPtB4g@LeC zgoCJMyCQ4M#3>~?C}fX_#|#n`FVIZ%WckJUo22bX(HEHohA%XkfrY`bR4_JAJtk{e z3AH3&4@=QEAXWLSp`EYBtp-cYHvUZDRMO?2U7fUWo(-GmZaGIN^LXRk2r_s8D$}rS zaoLY@d5mR$gFu?be}CBqmIXCg$176KWk5Wr8j;vARHG;`U~7p(?;lsFid;2X;x-(e z>oq@xRpYc&q(?5_@JiDgqWA`|Lqfj#I1#euu&vO9l~J6)mWJ)Ac&K`C2-bBl=<(|M zOJ3zbB4+nK@U~ZoQ-;dHM)oN+2>LsA5q3stuR8I6_vS&`)%FPiXv6A13DnEdJ6vYctk2n6vhH04{JRo#dUjoe}5&Z&H8Bl zSWK1bS0GmA2KSE#pAR%%-pii z#wqR|)v-rxPU00)BHv83m5K5^sQ7?#&$VAbtjhy=R_>_l73`)LOB-x>u!A`+*eYVb zLI-e%x`gl4X`&Xc=b*39iIa%sF~` zrpxI2TwxiLT}JsMCoySL;)I{USQ&fzF`wY2vuQz_3ViB$6Ho|%*N4e{#HP0HuWINI z50F}&=^SC>4hFvDv%h0)e1LW_%7qNhEQbQo@^CF8YqFBMw8~YyV2v=QPE)0T59T6l za^zHdFPvL=LFdTPO+K(Mj7$x?cV7}uY=?3xew_08h(j!ZI3vX$BSu1^aUK~zV54)x zqM-FB7aft3Q-`t0%cq5gX(SbquA&wvaYHjW$S54d2Po48mPYlk3IT#3oG5728rwN+ z^eaBZy>B#9N>1M7)T_}p_W(0WymbI~CEvOND|+EzrcbJfWd7@6s%xRys)XOC8wl+D zg4s{t@HEKb3T0Fq`=!-3mD#^A)Fen4j=%qDD|zOn0x)yJq08 zo2zcRD#|%6g%rWU6aW+TVUypa!^#fGv+yXBC>)I6#T;QwSPNXpIJ%N1dR#>88)&#g z&%<`CR8dV^bI==ThRsB%-{9<%qhMpK14Y{FvhQzlawdHusU}0_JKtbaj%ZBh7`vSr;q+i%jBp)~-#!5Z5QPMwoyEM$6oiwbLNFIR2i810OM#D|D!-nSA*mTc>9-%aVsGM4=q8?a| zmYat8Z#+?=rZ1FpQ%kfQ<-3e?|9brw zAvbCi_?pBh^+z?Th63!4>;0=B(we6#2#`~8_zjCw{yWOCr;93-6nY>!UcM|m+iSOF z*73~rxSY#sKW*vvZETJeMLtnM3*D1(we)?le~d1=C+_bcR^+>Ta~(=WFyV$sM#QCQ z$hy*o>Sy0)&&F1Axw6-zdRXi_vPzPZ%1X&W)iw}RGzALMjk*4<8A4XvY#K#Xw9HB4 z4y1vE&)nG^+J;SYr(=L1q^LbJBX=lV#Ey|3YmXNSEMJ0=FA*Aly4`gW>8`h+ALl!W zfoSRt`b^HrhyGV~9P&riM=!T(4MgjnvBS4&_vVx(rPd?sYKZ$SOJ<$+p)d#|ux>wLs{KUFZQ&LZLIUfTq<`$&V$5p>XIvEw6(R?#{Trt)} zS0|&YXT)U$IdiK;kRYvDmk({gHbLxF*$(EfqJFJ9V>C-?#$LoJ97hWvn6dcrvmmtD zv?<k+Zkssj}Xn#`@*nSNBie)rsuys_^i34jSs@G-GbKAE|$Dl+0A$|WhuWQpOaUngT) z{e!;<#PsJ5NMf`~VlzT1jNf9;!jxHnPuFk=4_5i6&ocH@&(^|K+wB)sGw820(@0@8 z4PLBPRN758Q57uR5Zz?@#NMhFR`tts%A%yPZ|219)0&C3?1TgSu-{Vn$+Qb8VgV;^ znM!hzXqm>T((90EVtuAzbLa2l;XZwJaL}^qG2|jt>?l2>ezT?7IcW46yE*WbGtS(K zNApWBw-yaV=}u2sZob^>`q=(zQ69z!GTa0dDwu+PooW?#(b;X868+izBOno7wh(yL z?cnQGCnrl2K%wk}#KG}gSV2L_Ik1_6rZC;W7Qq@bz-MFj&A;yzLbLbd)Zvu3jH!%BsR5*1Cgaibn3PUD$dgdTOAQRA!7x-4ZD?6BnaiT^=-}MoZD} z)K%gUHLZ~Mk|Jyx;l8uk z_e=OX6N8Eor5Vy|;b)}u5qDuVQK87t?OysqHXB~jB$s$)kQ3`i9E`!G4PH@CE)$Lj zO*0aNOY9hIJYAuRJk{LVFRV=&vIIet&D^USUxPHi@!7BOXYOs5;B?jBq4QzTnjNfH zq`E}EjNqAPC<5*n&{fWJ&lif`jUid=C!$kLvcbsMfU3T#A{w}}l}ah@ z7(3rtO{Y<0@Q!aoCj}o}J8R2VL!v{0NJ}?{xs}bzszJj>;S2_f$Uv=ST2FPj!%+jw z-TBVl99vDKy#Y0|Oiz4M+FMCvbP=&83_0Y&j$f6e8$ggq0=hTcw{OOr=O}-TJ5t^( zbLpi{_T9MGl7`<$B%6)5rnlXkC*46&$ru>Xja#^Nq#@1kV{ywq9vK$6+{_|tYTY7T zM*)S-8#WQjmSYjWsD#njjx_ED^fSlmR(dfL^Jb3~W*5#f7HT-8sVu$=9Dh3<0(v$F?BhpVCx&m3ambDVzcg$i!cxRRV0u?|%qRE@GEz2B@o5 z+9dpzobRSg|5vu{!pf-N z+0e46)`!-1S1-2N`<$GTjq}aVvuk&14@q}#4L!f%TkE4IbBkreK#T%2UM!P~y(>TV zM|)erM`ww9VX+B3D{lu!WO22B*nXP_i3g%J!(f?m6!!~m4haA)0JIKBlI{K0@$K$l z0Et+q*v8$NGh>5qErG(zs9dwyp}r_xquis|K`8wpI1%TbLE6s5tB0Zl9{KcTpp!+= z+FT^nJPv(J!|$t3(yPyKUqW`fU7^cDzf{LUuDowWrzUNKe2JGo~{I_i=P#p?WHU` z)ZEAAbbgJ{i!eExWZ+D2a8T9^+@Mb?4!ZPf#un!3U@Uvp(?oM@&Cm^%tfo^k__+Tf zF-(zvb@w>0I@`yp`f62gLyvz=yQc|9v1t%H)QBn5(Qo&Y&V*?5XL#S}Y|Ibd?}k0a z1V1>}L`ffh(yk{E?Gpt9dMvG(+PGw5WX_pjb7$SqBY0t8K4<8rD`Kq&$YIEheeKMD4W5V1=nN5h1Q zxu*4#7R-^*%HC8-jlzULmqMj|g8B11+4!h}lG zfW^un2ly_D{+ew~xV^Kzbb3?mYJXF_!CHiyU<@P^J}`(MyS-cY#e%2>Rs@WI*{L5V8x%%!KTE-*$+Tq`>qtgDeL1Bck(!ze=EL?0HE} zg*l)vglcm@(q)qtwN2~JfqlSC<_0_-edaf>n4C^EgYO7FnF!B!F*^Gj+T%>CIs5lI zd*N1`YHqbyr9$fC2awXaN^w5)p%p}6hI(e)aE>XUdsMY_Z@2tUR6rP*IFI zyRV-cH)^VQM=tjJ-LiF1D_kg&b^|!(;6Xdn7C43h43d$BChn0=h7n4rVVZF5=xt>&{fUJK zLRG&QzP$ihOz&nw;mvF|#t*-8UF4>r^TS;~vez1R2r}-tcM$oj_3|Otp4x=p%72Xg zpC^x;7Nd<>4GQSj)*AZtHRYTM;z%JlK7-;HhrHS18PjkGAip>*{_ZOFv}kh)mjO{v z2X;DZaf9Dmak)Qis(rQR2~7Y5O2pHq#M|)SC@qi?5r>zjIN{F&H!4%y>I!ZmQA#ql zPD%(vR}A;S4b@^A5k`6Uz$g7Y1^(T4C@{Zv{NnuC-$D9ae-Dey<+X?hTkJ3K^EWfV&~+$VN^bpC*vY?U)I!WtB#mXPa;Gn2E> z9^spnK8}0Erc?L)fB|8*SmoTOQnH!jvi7OOeUNcs4VB6PHVz5&RVVLo?kSe3`O6+` zh|+$q)2baI))CtH-Xp6-1y+^Zt@vJk9j-G?>fq54kxE=AfCkrzp4TZRfQdvu$;6F1 z!y~mTE(>^nC*lukFhwb`Uv;UJZ8=Z5P@;$tX@J#NA|J#L(*rwPAG^?M)Yvk(0$5j7 zRKu%z;ONYD7D8SvQ#<+0LpM4iGCB(N5YQ*FDmN4hos{pDwEZLvb8Dy*+LkTqlP+ruc(5!rD5Vht zne?=_lR26>8C2By#wU}(9i}D*N@q4+jD3@T1)ioL%EN6j*)1cCg%VaIS)~enUsQ9&xIb{JMIAd=; z(!dhjC|nIvt4)X1B2;MA<{kF&QfAGDLYBTjXYQm%VG^yr&o$>_Q$W&JAmrA1p)w}W z;jN1YXYla%fSrv~r?7k7xCyP6;bGuWOtb`Ee|lc2w_7-^RJ8)ZM(xPF~5Kqlobc8>yl6>pQ;Ca zGJEMzg@>Tvq-5uDYyS*OKRIac_C~6ealT40arit-komcjZg%&r6u~K);Nk@E@cu?g zOLB|uJw8_2NQZYIUW>4iOds;f?&_;xu(o z9*%|kDLEO!y+l_0;euR1)_T+B;X($8U#1aHLEqbczn0reTz>>>UM&cr!Pu=xgCN7+ ztCR94B;l0`q#4|$8{VlSl}C!_MF}H>{Q-l7OBVKL+pyb5jVrRX^yFWPPtBcu@lo%t zNb^GWfn8uaEp@M&bfH!1zqaH2?vu}xBwOXBk$LFhRJcXN;2EuJ2l$p!N?eub>JdDo zn6|r8B>aAM%IsjEiMp;S+TPww$V6XR8Rl3bJ-*GfqD?$|pkxVXNB@$oSb*s2orv4; z)MIRQ!F|dJ2USyEI7Y6_fmD7Vr@ndNMR!u~Oy~{*jSpGlcb`Gvfp{lyv_CRF`9P23 z(t}*qD;hayaVMll3OrEgno#B-?ZL9&emXi)g4LlI#bkNurI{WVSwtE=sOrD7tWfm8 zJ2$TElFC`iTf{njl%w3PcYXX>Z;VX8vC%~4gU8sqj=AMC?&rT)n8%|RYj@RPyNXx! zeEYI}%lo>CaakH#j5m9;Ep|cw zgu`MwL7>|rSg~_Ajlx=(xdFlUNI_!pcnIxZ|K~>XJdCw`HymMK+^bYgaHfW7a2RQ( zXdIKkV}3#n6^^@()2=Krp;grt(w>OlMl(ZxHkXvQlMHVw>I5^Ko zeDD1Uv^qN?@O4(?miSYm-4+)Qq1@nTfm$`7gbqLWPPFR(y4Pn_?qFEJ|#D;B^}Qa>Ad1^`H&D;P}1}! zPz$}o?fc3r(!|mk2$GxxCp)kr%wRjZglwH!uBO|r!>A@xa$auSIzQUT(#DhHU23@s zq>oUxWh41qAEIy~eYMfh_z z=si?bb7=~MHEx=;rBJoMdIZ)@A)a6E#WB~npVqgsjDBqYKHfOUN8TXn(;xO-J&0<) zcL4*3oN(_VCdo9z9$-f%Vaus})tL-WIQJ!fbu7QJqJlXa3r1krsi}3zvD~ukNR^M- zTtY8s88{J!{~!{XRIM>Iimy@>d3TF*BA)b(AXT5huF+3ABK>wmrUV!;)#uvb97W3P zb1-^tXf>w-+B?xci`3lKjf#Wq@i;H!=cJ01)N@W0_R)DttjcNa`!x|_u&Z@Qd&WRN zWExe=;xMZ<)urxwO8hUT41?>sokfo?%uj>cfwfHl=r{xs9r+3a%Eju+}qE;by@ddzK%PZpac>N>Waat4I zWU=26x^A_<-%Y+`l!bDDfip8tgAp2f3)8G}Bc3Pkgg@C& zF}6K=7ghSfp|Gj*|IYcOepHR^mIWzRkFrUv^s!Y$uSE#O4xzxfi_R0>oil2-_gehc zuEDmI9N4-wTBV4&2rsQa!#&K{MZaivl2pgCE@i&Ap2uC;?cp&9{FN!Z)@rU309P=4 z$oYW#SDAPenhu)+AFZ0c85JrxUPY~$LU?>dXmiBmkhXMuMnmiMcS&DJil(Tgnzx}G zR_$^dpX+b$fOVkD+@ISsEn3H$Vg&Xj0Ng^25cAL+nv%yzXGwhqxf@5p%N=I0#5*E} zEPFkx>Mie>ej_Z#*&ve%1n)uXQ=)?=EYgYRr7r+?4F@PH9$2`{rK z;nen!)G}S92jW@6X|re}_6OC-2h8gxE^*mM+Pp$s3cmeVv3HmCrbR`NrWdaXtrA-Y z*Gno(Gh!&?iVa0-7=hF|Hp)5L_k6F1OE&mXm|$cvB>}On4f0p zp-%RL)z>4dg>E1W#6G>E)E$$B2fX3a4ZR5~j0k1N2^L!~i*xt0r}F27Z-zlZO*Ysq zDJKW-KeuiG=!@rb^6MHz75j`^^x`(v%WlP6XY>|C^rTE=~hE^p8c+p678 zQv6dQ|9hvnSXO;5eG#nqh#-OYg8A9^WfT3M(=bv~4!lj``GH>=A6ai5NOyv}Hn@Q0 z3^)o%mB2n$n=WM}a7?wS5No-)n^T`lC};vY)Zp!M-4ASCH!4-q7vrJsqB%`;MCWiulF1qPPFe?+^_( zx~bU#rw~gcBdaMtjrn}NK$}eVo8b2!0Ov+RfQTFQJ;%C(sQz6r3v2EloN_L+XKF0n zEK+-Z6IXbA0ZV;8(-@?2jOp3k-cja3#GSUn+d-_Cl3|N$p`8E*Ty3&FJ@>$Px7+n(2Rm zo{`>v9}m;*#gk2XrUX;z=Xa8|ed^HF8o&|{C`^Q;3O9iK7O~6eM)t=Dh4!iT;@3i5 zrj+;9i|4hJGOR^a;!V>76|(e=&6?vlu;5sFt6ahp31-)=Q_gK@{E9pA?)Sy%R0LC( zOH93iYb9!nOalF!EaUT^YUfaS}_aHuw#0-d}kqT&Z9eye#{tIxY2?d6QXbxcn zr3=x-`j2wejSsmal-CyZQZOzpBvgyO-jVzC7&k)7@-;gGqG9-a2fjaa+nn9H5y(B! z!w{Sj{<)y#M%HrP^2GY*KF2$noE0$)h8-ge_Df7CtWP5u*Y_}5s$RbYF=DjC(Labv zUTM^q?NR9Wy5-6ugjGG6l3s3-)Dz4%u`qj49+ib^?QL5Rxv$w+%0juwtPI^R0#`$) zz+^d|TQG*<=bzoQQ(FK2wAiviQO zhNuCZMdP`Na8saE43! zqE#W$9VTKg57U699^bR|)!`a!4cf5^_bLe`BHIkuXeq1pSI>kv^`CI~2gzaVm1RU2 z{77q;R<2t`N5_RE!-HYMClSio2uhXA*+z@lNbBn{0mX?6^#@h6_e0~9*$QB`Z-?)`&zFgg}^Y7*r)l&}Fd*?q7* z0aw=DVl{VI!|k+t#xWjlAhCqtuElJB4YQImf5A5&(>_V3T7|vk2yHc@%)MVn7i)fx zHe$AA+Sv3r-8=s>hKAl&i~deA+?VF-OKDIw|4Z}|jF7PVjo<_bpcFU+N{O8v#3 zi{^{9e>2{FFv&@sj|MRYAYPwpV(L=^U1hZ^HC#}SzPmteN;6d6C_4? zsb83v-qRyPxAo1jBi6D8nU3kk!Vw;uHSHXKcAj8jy}E8Y_^1qauqU4ILij zQ7Kk=i9;BF@mpC5(Qg7p8dtX5*Zfv+2Ge2#;eYq=6Yxp{xGU;`E`|Q2>zU0OVnTB{ zW7e=DQu~1hQpB*lh#A+@ct#ttu2Rgu-uFbf*Z}UJ%%BebAOO66VyHxh77P>jv|@ZW zB7qYxHXqot`JgN-^nAhcpp`d^gZ1#~hK;^y;+}WYK--)mmqDPj%IobR|Gn7(iGgBr z!P)84W^qn4n)~Nyh;TCd@<(+_9w_yvVAaXx@~-hy+v^>byW5lSh3Tr3snrIAg*K&8 znNYf?tnewYW1p5+K}FCrGG;4Xil3P6WmO8-JhA}UZ%rt+J>=EQ{3-S>SZjarzy?qq zGn}o!2H*E5_iiZ^{3H>NWZQ07uwY-YuG>QjKnr)e!IrwV0~`J>C|Dut3Z&!vSryWe z#ZD2{`n)#lrZJAG-g;d;PiFrS4L`5FFzKepv85qqM=4$SxBKF~?tp%zeLI#ryG zU(2I5;bP3&yP`JH2B+fclzOcrq&0=uHr|U(3IZK|Wt|+MldVM#(uH(IWBIG%!&J&+ z-D%2W4c%*TYje~lt0292Tkj>`XSV%<8XU_AWP|gV45%s&7l@avRBFLe>4%!Z9OpSg zCRC;ig*m6u;`_jugPvIM*8W%vG^Jk%?B`{4s%?2x6<-mFm^1}sVfpA<$xai5(@$+_ zSbyxjLP#(_jVrA-ZJ9kO7NL4#s6YtU1c|AW%C5*h1p2wEoJ8^4<{4-S)$E`-CzQ|v zLl9*A@Z~WP_I+C^BIp1FWYxhuwTxvQ#CnSWAbL~45TawW(wbyYPp@KoHU74H;ku-% z#3iFrNECF}mcWt*l+!&(X)DM%Fy~rV@6lh@i_BJWzaF|7r7Skmd#v%zqD?4RRmzI9 zh;8Q?c)VuQr)C4$1JcxMsS$9(1(xq?tBa?mz(vCuydKOBDcKVE*~^v zcv@H5>KL!7U4}o?>-@fc=Rf^*5nb3A?xaimc0PEy`1}67i;=SrO;hQjx*jYMf+jRY zH@YBh!>669z^MKS2&8{~Ee41M~re--ksqzk== zOCR=KGv-c}mi)ZXU&$Ax*#$4usCn`P-LSEo&Tz&2SBrr0HykG$!&J~HcS5rrN5*+7 z{GIuQwebP-o!T<%TEe$|oO_FGbHQ@2P1`%Yl*ZQ`5#^0huTF3aiaeD~l$z`9D6_z`F*4~a-gotIx^XNP5`u1X?g*ca^eCR;Bos}?gIrTAESvq zo=K;le07|9S<$u0LIMaRUOmc*a<#zS0HUA%Mb?L4n7NDlgUbHaE%#T_vfqndpB$NP))F2F;xb{#2#y7E8qoJ4Ic7sJsjiFkOUI$uqriW} zP?e7#2lJ5DBfTBD}A0a!h;?zB*%B@pIs^SrS;NcD=M8U-LrX$w`;XV zRERj|!8Vj85O_TUyHCx(ey29bRkjdy&|lgjW@c=*J?Z%0ESBeyRtGsi)k&>vXkDE2 zTQ+@cng}e*(_B%pgoOIpB}x-X-ABMEAQdk?PvPredO_QmDyi_DwdNE(1|;UC@Qx-H zKO}WVcjz_1khE*bm%!b77K^7NW4=x2d4Eu!aReGIQG)s+ZayBFU7r&H^{*QApyHZw zQXtH|tHHQ~l7!o2Ir}Fk*#xx@CFDj#P*dpIQ1C*G5q`JeN`kGcwU}KB%s1L~W?|m=q?=^p?CKkik)YZs9 z4>z6#Lu+u5xx9_X)oz=9Xq|ohHLPG{^?yuV1yCJJv_yit6WrZB1h?Ss?ykXgakt>^ z?(XhRfDqgR1b4U3d+-0`S8=PjRd=g)XV08D)2F*f(1MwCMB-bb^Wo3?he>+l{AFzX z$D!ad-Os1%f;UrOy@(FbE?hAF_}j?G$RYY6n9wfY3Jj%cLch1@2Vw=aFu9?S0)pri zCiCUVMfO|Hp~5wP7w$4OKm8C#p_=!6Sh`+{d<+WC#-*H(%E_{g-XM|Nkc+y6Unca$ z%hj#htyRvBKhw2Ul661Cfy!zH@8f!~taefTON*Gz59eW(v$b*5=E`7`VVr8&N$A4) z?$VO9;;21N;xN?}3t*bDz41{2n|0R{L@zLMcfQmU^C|1`%*R`%ME%L=RUhm+x-sCs+ObgZZ+cS_}fRUILt&F4xS-d zaAnm14mW!~$4;h_(JqGmlD%%DRr36PYnQcmMyL^{muu)wJJ2t2e~LWp8p74}xnZ-N zwn6b&N%pH`0Bk#YY(gS+>850zKVDN7R~PQzVB^K`a^<4zT6qt)n~d-?0;Znd;E(PV zrErT+oK5E4A%pGD_`fh5Zs;E0_{_XTH+0%D@vJ=okFMecv1_{_Ce$2J5GTyplE@!p z3IHHSF;*o2nNp(h{oyge35^{llMyOd8a;YyK~$j7`(y3Merk=Z-+gw2C9=G+mLh11 zF$SM?p1l*_pE96dg!=chy{uE04HG9CJ4U8mwy56DD74JR>8w_B;Y za{|s}o&P&QNOR{Rn{fgu|B_vsGu=V?X>$6F?V0%yzHEO<=^%og>+ogr^(`iZ5S`Ec zL1EGei(aC|;17beo!f4RD4W@UMhv{KiMs-OqKVFOh0E^qCWjQ_={QnA=*d@xj9MLc zM5gI_WWC=?vy)e3+i;(ljI$iJ;dDMQy`R}#I!UDB0ErS@M5KZ2pjg;nW}T81NqM8kodb**-J_gZnjQwwzz)t+&~dqAZ#F^c!O>+5SQ0whA0rZQCA57-Z9d%a(hm)KI(HPtg zUq`t&M7m7Jw~~xO+4&y;Tg;>hN> z8LU9m0vfwv|=^Jjp zAb65Q^?WC{!zTj+Nh99TS97uI7XUPt^O!X)ayW|grN|TU?zzg*L0}1O4=k^>0&h|M zf(Bx(r;~c_-D=lB;Rj!iD%l#N)5mm$+H%Yg#a467sXXX?x^M~yOi?Z~g+ND4QOqe4 zM#JPXF2%$_6j>!%#q8n&61VF6wJVljR%(c+B7!(cR^BghzZoUaDP?Y)A#N9zJ3dYJU)-Yo&Ra3d-3+sb z%`!)YkPB2g7vTaRBc)kc}K4m18YItcU@!qp}wTZa;iE_&!Hk$_h^eHH@Yvp;xGum2{ z6ZwlBOX}?-*l^pFt41v_6S%6*eCKR+islJ-2@VDa@9A{8ZbWQL|Jm=E^|lU}JCX!*%%8E)W(Z*vwZS4> zR^rCFkP>HSayM{%NyYvB3f9Mi0KLxx(Q6wQ(8h?x`09D_%Ql%1sks04d7jba_POD6 za`FCyLHAlGK*Fc}>cMa~2$1lvhK*a$Fk~}g%ALi8JYBl2Cl*(CZJYrAX%)ABJ`O%z zEiewW`%rYL9n0>o@$oad3?`o>`|UqXJtAXFpLVcu^(6m(MDx#kA=Q%*a!a_AJ3Y+%WN! zde_XtzRr~xQry(!kEeXJ}QyG z(M#H-XR8i948o1D@wc*7xIIp1-fv*N4`E;!P{)Obb;$2UE#`fHGrGOR+79|=&$p4S z`m`d)sGAXkv@0-Y0c*}2Nt4iU$= zj>Y$V^_r4|?s5I^y7o-!ZxkYBTBJ=R<6yLzua-Bm?D7i@RRkno4^F|_VUxaCnmUmW zTgn$`Lmk0YdcgQNV;I*?kdJiulHdM#1mk!DyOdKZIGeh^Gi?T9`Ztty0yqcY6ggz$ z#Y%-evl!_`luR)tP4QFH?rsP{$0r!hsLfq|70L^I#I}yU`?zkTxG+Bdq|kv_uLJv?fYcX+Hbe+`2AF*{{6#sBFh%$LfL2GN|ND1S@-=^8GcTsoK*3KyA4@7o=ZYX zQ9)V?QEm}?y8-z8_hF4n-mi6>J^kllgOw~?kL%^n!<9pnn?c={oMcSJmyILS$f^vd-x?$;QAznv!i=^7L&3O$930zX7nOIzD-ay>lGjwcM2g;hdl zTYZR`G3~Po`%-w2=Kwe(80KOvObFycu6?B)v;rv>&aHrql|74?>>xwb!7TK@W9Q_= zDN~Y;o&6aUc#ghBKBxSpDKS20fJyR%n=rc$Y%=Pa8}5RwhWi*{VzeD?vadb= zou~pyadA50M{EbOzcwTKvXS6Ruc-2hb}E`s09q`J!}&b=DlQ>IbCaCTYQ(pHetb zb52~f-riPLguVEv>Jgb((Y0Oum30Ox%#A33V5 zi10*L){l-8qE4VodH}j<%$`4M)D%az+?aMZfPlb3()~d8S!T94vx2(UEnQ!snjV3n zVxp?`n8D3R1%~fue$x-Pu_x?eo)axk-^+|3K$UpN0%KdE0hU>|9C@b!wl+vrki(5s zWj5%X$doMCL6D)hE!YuMHH)hf?9WZT>)RS&FEScn{{bHNl{FzkG@P9KoSArvaQ0$J z*f%Y?s96%kzC1$HN{tujCKK9?c{u|tBWJroJqyl(k(#0mhf{Z*X_`?BK+R@2vu61x zrlf$p*zc;GjR|ue_As{8%c#CX5`iLNzve+SZaE0;tg?C4DVOiYKr*@D@C761PzK_E zLmOs96Ac|e8^Ym(zQZ6i5Tq*f*rjE?;{R~wN|S3lir|BtNo2qH{;B!Chr!|t@=)UY zy;mWbT#3;=1^^~1yor4kHVGbMLfK78KaLw_>QG!^3q01>cMRngi}MIyMP6FY^K{n4yGa@z z4B|T<;{a7u{~VI!EvW3_p%|A`xzZeyiUoGBJY9^EnGZ6lA<{fJA_!~S2N2paSvrtg zyr)*~E;&6tJ<6n`AOyG}C=c47fm9&H#wu=7AHm2TjjhDcxwjL%(NE<9;n zSdmq75REb>`DV;|&T9JYztuDJ_&CtL+X3%(wIrwtEF{>igamgWz^y?drKpP4bFL=@mvY1KHnTw=%X!pi8PPqpPJH>iEL0 zzUp>(alI2L{R^6hudA#Np@^!>ke(b6GE-eTJST^OevCAXa1b~X>tT%71m1%g;eE=! zy~`1z7|g=iNVZ5@=gFL7!1H1ldF?ZW$TxC3vVRUvNdz=TNdHqgXw-UXr6u0AUxkDm z8_F<1J-VCF&$@*4n-cd-`Ui~(n!n~q$N2|FVg(kj#E~_Ki%aA;j07x3pr*il9xBEA zyGJn<%>5clFK-G}uMZ{6`MLD=$$;H18?s{Wgx^;GBgXDLfoZ9egPoen7}YKrFbiEt zYyK@6PGgG{&MeY!MQl`c?0hYTcF;RYqhiA@?b3E@_h%_Kei=z^%(j+aa0MsxH-qoX zXvFcAe$Y{94NQx9KUEwZCoY;_7 zNT`F$Q(qK3;MC!WLW!HRb&`&(sjW-U(U@ zB7Rm!`h2_C>#&I8t{!l;oJh~c)RPvLd%0;IUxanSKT^64~T@@gTwq!x? zrqE*EIt@nzlkmzA_HIzk|GK_*uO8DMy?4zG-n*+yKCv!zfJl0r4qF&5>^gbv`#E{etmbBueq;A1FdqQV`fCQCfdU$fx_c$4IKyw0}mJ zqnuz{c7` zQNp9~;-dX-@>F}id>85>ntv4F$>KY?3gVzoT)lT2L44TidU5k^+w>>oS9Ns zbKm)eQ+>X${QQ&-$V`12-&8wLd~-+RgjWlZc(Qq?>9EG& zQ|*mYvvD*;aml>4RZAs|);MGT5ZH0s4XW1>om>Xe+>$k|g zQC_<7=qT1TTQQyb@NTJN_#<&n?=a`WbCrBHP_m9Tncd%usCnD`4m*}t07Bk4e7I%c z>vo`}e0xqXPzpWWd$w~>d@8eO(t}OC&i#9dn7LHrp7p=1bfo`qn=@N5C467w`Q}#; z&P=o-tW&70qPR*hyRD4Hgix;1_mS5LML;fxo_uQH{t`n4fm*vh@YDMq_Gvs&q6uPoz zh1lo3&Cl+=%(Uu}XKGt+g*B~Mx-5Mnl0%Bc=t3-Qok*Is*s#gl+mqFIU$(}(Kl5aa z!x0;1hTfK=mz4d2V%M5`(!oSG%Ryu z_=#6Sj!fzb;9J$RZg^z=hoLGxz3Z((5R?gJQ|Dzkao%M8U2P=ij$Lr>Du&%a>1yGQ z9c}d>?7659Vr|4H!6*oM>@#74}6@T<0tG|jsRZjP~Tc; zW4vqcV|J1wJnVm|2?|+#($}4X%EXk@eU+IIi#*RZ@zMR!-A3D`ok38ib_w*Fo5 zS*L0zdmz2F8h98VbdI)KDIZm29OGpqaY}a!d@>Q5Rd)N5Yj5kG0t^b7^k)>q$V&ey z;788G&<)cDgj%*X(KM((YkQGAvFT@zyza#D6Bkr4(4Px8Hsk{1r$jP!%0kmB&N8?Y zE1%-vP87 zisU;kY8nD`jCT09>JZOHm{y}QhSv*zRM<4)D*UVTg;pxiuDGc4D z>vI@D_Tb>k5c9cY_ScFFFA;`y?g6!zLr0yBh!AFRV2Ef?Y$U9rwWCA*c|Fq(lMqX< zg~#8@ghoC0K!RfKdQr??sh9K}VBwbqGQ)|ic$urhHGJ&KC|6&6N<1s$D8$mDM&z@> zxxT+W*JTlF7kzH=SrHg-*qw?wHQ#QM{NK!BIKjSd8jMUwvR4k z7oji1{BoP77Y&v_$zkRKe_BbE!;!%)d4C$db+thZhxVuW-F7{T4Jx^Lbyvc1y)z|8k{7_v2V$&$o!}5xh!Nb1 z!u(1{VK;0NCAVlOIcB|Z|2aT?)99h=+4HY?#2Y zEXB8y?`Nx9W_d0%+p5i}+!ZYupbC-d3AW=$PXx0P78ThmS2fKK+pn{CXWZTAI|&yO z_+w^09WIoe2dYfEeKe~a0yic(fod(FwyXy(wauCi+So;`^lSvF@7ia1zt3jTF3}GB z=2h}$i1mTQU>L!y-a+0AF?xlLj^j67awRm8i8$Q{&TbSYhTa1QR5;$~VgD97uNZ5o zsnEq!Ez~a>LjG>)$|l+l2faNlABu^cCq}KY68WW#$nO@7vHP2qQq=3^-u&b?Kv(vbCip-7z6UH2T)VHUyZ8Pc#LTKw;*PgHn*tYqYv z!3B$V9Xx1|%&`5D_KbTfb9=FFq9}IdZ<2~+O%beQz#m%^7Wllr*aT@)@w%u@Q{*o! zWUbQOKh3>;WwL2KkY7qF8G3&usYaS3_i#`C;!{0s3b3UJ&L9d4~&1ybxVBMO4i;znyNMLl{|L6))0C$Ypq=C1D0 zF=T-$!gR>pYoYxoCjuXbG;$r@lVZzzQe>SXwa~WSXkWj`RRy_isEBlGn)g9WS-Sm9 ztX5^f)t^RYh_AYUy+Ci@$DzJNnoi(~mRQcFXBW}n zi04>{U9u>CPDR`2mDi|RGm%r7ou1ME`+@N-suSZ4>bc{7 z;Z1rJSdZY}6&V0@i%4GaI8zUYpPO$2UnhZ+UxAxH7~7z8e3pt#QWD>Lk0LN~ip(24 z($KrQn8|><_C0)Q(_pFIpCPf3760Y@gK-{^a}=r|ZQ&wjnDfm*KDxuJ=+5G_zG|eO zO95R3^RJywO86#njx3`{0>2Zy z7XP?ekejZ{Ti{>W1E~26{vbTP>Oimq7MFU#Pjm~(;<6mH;2o86U-Rm%b7*bJjjN+b z%a*OM<_#Jbk_9PNti1lAMVnPuZe)G0RZwqblakw&fN35F>IZ)i&n+?tZLr~x^swy_ z@0y^-GQpDeu{!WiZzsf)!94feMX*iuSl8iUGex!haS@yo$C%?v1V9J4{nIV*hCvKp zvIw?Su!|nmv_6k^8rEGWlu8`TD18pA9&LZjl(PJE(OJZro8<4Z>6%ErThP8UACseN zpA#Ns+QYHu^3sB^Nim0htXI+f3CJiO7Rwgs!o$K*PzLseWdB-6vD^&47L3XBA6M} zbTH8ZWNU~pw{55bgp(|}Y261Iu>G!d*LJ$Z%o;p4-FbF9>2`0I)*z!_-vmvZzvx5^ z4#bZs%04_8kY@yEEp$@1zc`#1?d4ea{Y%kZPuN}QrsRHc!4UHm=(aO^6$S^Zq#(X4 zgaw@(^UNe}-p0Z7Pezcvv~S^c&VChx-T;mx9`*F-W_OrhuCHub0pRsqIr6$9GwikZ zP1lXc%`uZ;?(^fe#8rB-9KXeDY9|+=%hQ$8*-~ye!}?ACbm zuY*i0jl-}z%wn;QILPI+li*h&O1h_r?)Epyk5b;2SLJI`W&2CXfP?4jW6<}9?*MJN zuISld;|9B)uHCWOnw9p%D?#^rzv4NpX{_p~{J6&?w=+50@9f=t1m51RQ{ZMh1F6_? zaQHzcvMH#)bM@zd@O#7P-!|7nRkKVe8VRES6 zI1-W}7N3@Jc4U~79g?@!q4+eW;cyyhNr?DEjfcBPN+Ec_XKjSto;>`uH^jHfIo9D()0cB%kko`NSa>&`}X9R9RjEOi&M$P zJ0Aovy21f1UAJWxV>14uQ!YKc6^hngDx2OR$hWY<#>)hP{hI!WxVzR4b*KqtBQNcQ!f9ks!2vep1tM7qMIJxTec8B{n_^hb!?!f$*_;0_MR70EE93z~CO;S#IJjiZD} zd1pL#J=Hyh9$qM>$Sf#R+R|Ede}@oVjZ&3|@-*{IXU+f=3_| zGn+WdWJehX9Qn67VzI0Op&4I5Tg$^~A&yE}^s&id)d!K^)-r)P>#?v3&aX*=giEZH@(c=^0DmB;KILbYhgSB&C2E5_LS{-6 z?R>-4N3R(UM-<74yI6N>X|J+8JX74sYT4Qi*h#&cB1?I{0wBvAj!>*iV$VSrZQwy$ z@v$wqOumRS*=RFIWnbT;|KGHt>5RzIGTc$0Q(+$r-BNE{h-IuHk&=uacs1~^4quen ztRsgl(onrIzry}cl*7*xP?ver&}KM);GE}+#+ce2?!VvWXyi>H^$=8Xm5%L*%6tOa z0`?9Dh1_aHR62!bI7TcItyalDd*hdZgcS_FP^vY$z{@rkYb$ff6)9!0i-fZcZrmTCbTueK7 z9+HA0lkku1)ugcU(0%uU^A>yOPBt>YBB7ul^pfPxd?3~w+tmnuINB&yAM3?b|1&2*J z$t@*|8gpbTewH%k4va4=(X$20Lo$xKxf4oNM4z#w#X8P1$!ZW}aj zoKHI81kCorBBMm5-obY_=}B(K^;4@)#uYD4F$2Y!iuf?0sCpW0(+91&@Lw64rnh`P zLj~aR{R5}mEbbY{dPY9ckCB>%J}Sxeg(fTL>X^sJ+T$nzsFV|=x^=r5?f%JN^9{{NBlI++ouF^BtoONTp(8TY-6Uq2;^b4l%tu4jS)+yY?~JNijq? zcgx@>*9@nDONY35?dfzGpJEm{wJ*u@zpstVs^qg+ldlf-1NJsQ{TI|6RK2WfR6sy7 zG1yqJlUSI)V8$tzB_@j0<~8Wmr2dzmyaFx|K}}naF|U4uj|ATkZkjT z^5%>QLH?y(`ptBSt;GT2nb$`I-6l?7g%U$1ar>U`)n##ox>A|^ShX4oo{}9^brIfe zG{DZQP7#hq^>@R<7B7?|LWxGTBxXM+O$w86%s)kMDA|NBR#F&jUW!bF%k8O$!Y_ZC zpmG0h&}h;652}%UTKn2O@+DZg?0p|SuEd|OE75VnLBvDv7`Laq`skR2!B+U`rnyFP zuvP0%4gHZuWy>}t=_#wqErMv#cKUVMHh2OJi*m~fWhl7Fvc-dqI6T@J?mN{N;`gsf5&aL+ z3xf&$Tx{E1I;y?8O@pL+6bYb25A}2=h0J|K{Fu@w&D}>ClFvHV9{sP#reBDf%9Q)# zp!GX`AQUCSyaH(BQCEv0duH7J5K{VWOTWN5KhzNCMK{k4sY(e9CkZs0KSMW(w80MA zw3LmltWSNT<0)F`-WU0Xa4sQ%u@-DiNZlaiP|!U0>Zl4F)Dw06r#_XuyATM6Pa#J!i~Z{kH>Hd9RYKR|y4DgN@4J1@ z4PK=#s6kdbtN=(jK5X{AJ$Twi)$q~s^`u$1B`Q7UFNgC2wU0hG9fh!jtbOUOM&0m6 zh@MUTM3vTMUXM+rPByl`J^JgHknuQd`2kX4>k+zhhyRdF;l03^X;1ndznvdocri@| z6XSH067mHiEwbdJUP-Ym;TqrG4;XP1--LyV{;Lya>juLsj`#cL=GorFH(OqYtCcC( zs7D9n(DAL2TJ^w?>yl;YnGSg;RCzE$eoszXMUWo|F^Z=XFd+dC$yyHDWqfCE+H5|F zK@8W+FFA^?kR@{d_rJEkpZe6#YMp2w3FTI+t>iH-PKS(3wbyAB_$w|Wmu)mg zM$a`c_l4KmlywO=?gz1Tad&mPPqTP&ldlJo7U4(d2vZni4zT@;6tYt#*~$H0m|GPN z)ZaO=-gX-@VW6h)xDU_?DzpA&f4-rfximQ{|WnsxsDZS6|j2&!@|2Pjj z!TN2>W*8A4;3-gg!7`7}kwh7P7?u2}L@W$s5E|mUc}s2AnGfgsTrKldX)(|tn|LmO z!>d-yzOqbHRb>YZYw!OiXnI`;@IJrtJ1?yn?A5kTy1x<84Zn_N(qR>|STynWYeiz` z2@`x68R$wl3p>c_uR%a`q=Omh_AJy-9Lt+zm&e-XkXX@#1a!^daC)bISXBb^zeJuBs~`~j-{*QVyA zP`dBGfPhXpOalxu^1X1I-01MdZ-*%E>IA(Vjp;QlSiT{e$oJ8)Q3 zS~13xEcz3Il!Lq6Hr{QOecp$6f+q04&b+RL$mHKgMPS}zsH6Ow2n@qqbs|on;jyCj z%TP6F#jnYv^MFV(vrJ8sa#F;qOB?P%7u?`6pOu6os*Cp01u}18v0YLGvBHXMkQfnt?nVikJYJT#Gk~ z1Zg#ySGot;&INAMz93dbTzWk@VatWFDSH zACjtbI`x<4_!6X3Y{^vuho_!7(Tl)p<2phh&P;WC1M6I*a|monwUz*u9_v>KQ3&(u zl6kwfBWDg*+vyxIQ8wC{a>4LMTx;YHH<=BU*MPI+52V(3M1+l<9}tMkW4!{?LOTDw zT?D7d1@x^7(0_z{Y?B(q6?miZbR-$O#G{HhXnSUC^m9~*Xa(p{W(a?pd&b!OLF~S= zrU*4r@}lQFKOgFAE^tS2HqSdB#aHxYE*3cVuiYp(_xn4)BI8EOh-u&hb0>yDrf9sqqQRTH{fL7I>Nk7;P0h!>Ll>KhAMmZ=2zU$x1)CjYdD?DZr^5N-lDVCYV)%*}c9~<(8sF)`5x9kq(drztf;%+2rh_;Ym-vd|bmn zMEnsZ6r1x(BaA_PQvCY-c+=B9Iu9kl^+q;K7?`UlC}?969J!N9XX=7k?q2U`uQ(c$ zA3>;laGRzxRZg#qy0Cje2Oo)=S@86F`5>ufogmf=knO>w8xd6+m}{FxQv9y$w3RZY z;)!;uuDm7iM^X(d4eptl1BwBZI4c7oK0JotDoi~!zqG;Ta#L>^0jX)zEj59EyOc?~ zi16wj)L?X-3}Bb+4I{jajL=y7(kDYZ2D+yZCMlkLiZavoJ`jJ2(S?B8J;tK3 z55#-_Bgu!X+y7;_y)!aZIMuhfaSGnbJ8yWDQCXeN_LjZ6m6TCCjmCl0G`ukD#}Q{@ zTLy6@=;4>%(pv7%sOE<@k|qZ8%P$^CNgwHMaic`Q7Sh_tEl4=^tBU8V%#$kSHYdlw z!=+%#-8`0pu9oPxT3DqC&2Z=8#?mQYENg5bTqFUSk4=l^jk-tSLRX9A*NYOsT#yLo+z{k((x}JD$_77Vjfj>OL*@ zIE}6WPwlLq5+C|&w;v%K=O+3R?FWdv*Q{q7+;s6y2b^SgFLq?T9wio5Ue(t(-i7N$ zJbKH^gh+S07ag>6dZl2W+&p-SvVFSf@6M(PvuFsBi(YTFQFM>oHnC9ApM|#l^-4D1 z|HWC2x?UshRxWzE7)?H$cs+d?R%?!e9zpgdy=1yTK!f>Q2zxVCaxd|m`4Bi};zidl(H-I_M6Plx|=N%pW6twL_ zR(>=NpDvV#S@AKkWR&|vi%HdOdD+z*z?tOdvXC@5XOgyF;)hWf&TU-{SQ}mkqbt)q z6IrJ47gk%^z#<38Sq7&qx2vtu^%!C4X<}nn=?J=at~)z|E%t0yAR)HT@qX(!HSqqA zV-`Ggd7=PPu0uQ_Gmk1>=3OXX2B~*5vQIcgD4rG(lO^u6m>mqPqq4LAmcL-4New5w(OCgdUfb|1Um)_LJ?Ug}^A+xUm&YsRP z^eZhROFZ_HpRRA`+>^60t8I~xf@s>F`whL*vzkM8G85jd08zWWx#{cVA{KTn?tH3! z%t&1hAE<)oAh)YAyN{;`)3k@B!mdt+l^MeCiU5`T_!U;QvS(9>-tS;BkIQ{6P^}KH zU?KD@0=QFsdcOab&W*&wcGp~fAoVEFA9T}Z*hsVV-aUi;{mHajeBCo@$firMFhb!% z(V+h>J8UsRL_HK}(C^F691khXhvN<0Qup;!#9^HmnV(!90Db*n_G{g{{{?{$)ils4 zul1wZf=F}CrvvBAwL;v!qpcs8Fh|_9w=%z8=iTg8^b)(}rb`P0uDOh7uRR|5bb9y6 z$RmkBH7(nfu)OU$zXhEz&Eq;r5W=O(-sy9F&Wbl?fk_WoTp?ezZ7Z=vKpcwL3maoT z9hw%TssmRW{{NEn0D*70+vrZ8(<5!0qc)4S#qw58HlC8haZ9)DS4;l6hi%i|n7n$O zro61?t24#x#YbAalJ2JY^#EtAXnYgQV{=7QP{vt*5eId0ZFAYU5xLQy(=5|h&F*nZ z>aJUh3V)N`sbWpOHH*uS_vk&v3Bz|z^(mGGmcbF@s%VHw!Re`(nl}VM@82>fOc4U z*ef5)X7nz=65PC49XCqqkwk(*{(qJrSztuQ@t}e4RZhaXI7sgJH4p?_iqtxw&Hezk zMF^8!>XJyN7Wz%m90U#9BH|E$$t3HfREgmrZw3LRbrvSw`f2Fyk5p^|^4xm*`ou6&8pkTJiL;I3%F~Kz z#=v&NP_aas_DQ=pjG?3v`>df00t3ko!itu;rI>7PLTP@v3PZd0KZ4Yih;F=HdL!A( z4~rh#_k2($EIl4m{#U~PaN@q}^nih8jIvSWSOi9HOTYteT5&Yea)_RbEZe_@bbbJM zdvhs8)Rb)7k)e&h$d+u4;*u0lFt%Hs*!<~9qZvg00CVbM5IQ3i`EWL*EgD1LehVcZ zyp6NG{`Z$fM~ax>EKdPWw?ikO@$cTovwFa)17&E}hiTaw_MF83z2&gi?XPAus z^QqcnUFTYu`rknVPW~U+5-3zUmZtr1+T5HvaX8~4$`=kkITs+ePf0C%BNl~PxVr_Y z!~%f|c<5V61rjM}S%IbU z-VOrh9lIBWpB?c6%BF|E1^lJH%oh_uy^M|szOUhBc4S|_n>^y5!@>G+>LwLUZN>+I zN8=^w_l%}NxCQ=a7L19=bLp`8%?^~H5Cw?&T6<5%(88s`Gb*uNthG()^KI7xeHZVO z2G{vtx{5;``sO$Ok8Z}ey(h*|9|)GZ%n}G_CM%OT?b!AvdW4bN5kF{13OjuEj;R1Y zbEZl7wMC!kTm13rvFy0Mq!9i58s^gst+Me&GAYApPcTX{(rO<6?mc8DkV=^em0mxi zc;0xV=Sp1U47Yk(b`LCi-s!g5(CJ;5qucv7d83#{kldsZaoJNkv{BTSkGZ(|euT&I zNYu&fbUjg0S+RhEx>{l+4@Z}9z$hJddEA~NWVJX`$)gI>W~|zeVt#UJ#(xYH2M`zBE-7(?YV~-o7!Y1^I9;_MEtQ|8CC>?{bt&`L@hjS3n zvec|!q>NP1_>$mmD;gP2!XRHe?VzlDzz2$>hK9Wi7S2&)4j18~`YksD-5f3z!NwtK zvp9o7NXx6J`!u>oRR*!-Asf$h+0+8bq|>9z=ixLc?et?)Pfbp#mfgwpS+g!R+UNM> zz%m{OgM=A|`BdY5U=ja!7ZG4y&4B!KEBO;oRf+V z^>z0i*6daeV?;us@28V9hBIX=FjXR>2DVMpYe^42cNcvAyp3A{Bj$uVjs?;l30*`O zF!||V->9%V-g-RAag3aBS^HN3#i$H)sCD9j%XD-uir!4 zGUS^}rf}8uM+=s7@9;yxwL-Z^=UQn*mRVCr>8RC@MRo8^xFj1H<0=Z>ED%FqKsRB} zr2=Hj=z1KohCGRaLj)yr%)uj?YRt_rKH^G&Qh!?_B42>^!L=e0A2oYCBhb?HRdZJY zaUp=vz}eBKft)MAy{owrPN&b{?oH%3HO$m(PByf%6z&Jz0pu9e$Vr8 zW{-NyMn$_x3tLSV<-P)oxAfV)G@(0KYYyOzoJsFLNrYL@#4~eMVKr5W%Jj~vSGkqz z>B6yVF>r$KJXKrT`Q%z%yO7uQbx}6oT_4Vqaj{!bIffLL++g5q4Jf|@Fh1@7r9a%bK4tT zOqpE0p&Z7Qzh`EeHqH!%f7ZBcf(W?UkGFIVKh%NVHr5!kx}0@&NnBv&OtL9KQ=6t< zC@$U1IOSHM_*l&WiM~ghjlnEL%K&CY##Hfb!k@jZiXddIrTa&5h*H3JuH*-ssOVy( zhnKB8jyDhC86BT&U{g7sP(-L8NYgLzyPW1kG81LCtFwNzl8iK^0E8$XIUD!DD7@dM%(2IhR*IW*f}R5!$w6-rpN3}-!=)-9MM2%lXTxi zzxnnW{5*Tugd&^W4Q;NHMWJ$ zPxJ0K4|_?a@3$5ahE9?gp==)dl}9NV)3IH_UPi_;*^0O-={jY z4(RCSfpTgv66xg$!-?Y(fy>C}(dTX(%cIFNnYABSa%PL<`0!`qexHF|j-3$0Z4+|? zaPWCiGJmr#1)&qGaUI^=GSrgt98L#_D8rZrxDq)_&j*jl?{waf?v`*~_);X(db zW+ImM_27=?_tB&iLqeL@HmmD{7fU^P7Uz6-c?Am5m}kP|*F}OYizTi(oHZ+;8J7Wj za9{V1FW3s@nt*HkJteSfN0)yIlB2T)mI(RSlo`{A+x~~CuZ*f=ZJLGP?(QzZ-QC>@ z?oMzgFt|$y4#73JLvRTaG`M?kciG70{l#Lf{bS~l>gww1o`?07;!n$Nab0GC zlF3G_D#*qgdi;z44qKM?1Tk^+viSG4&I)=~77E&>?tDgu zB^^ni6|N9IEnys*{cSPOG4@$Mmcw0V9Glh#$YKib{TQ1&8Lp};ii%a3PNmysP3-r@ z8J=cnNp4ZAziSsPHuk)4o^?5kk_@Qj;@);+{jst_XQ9dvl9bgc5e%VP`(tq5l-Y7g z<|%e;=eg$tQpT7QGbT!=C{CbYP`y6Fq(mmL*}6n@>?BmvsVAT5%(r@-UUG_~>r=U{ zD%u?0*4OVK@Pk4;%InUn{dWM=WWAlD&(Ve2dc+*es8QiE)NRv?@6D4= z;<--=tW)Bu&+Y8SnF;7_V1LEW79WNK`;cU>AR!Wzv@SGPe(SBx0sA=4cA_uj*Zd6F zO@AoC2f4Khj(e?(wUnIabD1#Gy$t*4zWnV+y zO-b)5BRUCnUj8_?W{`MmrcLreV_{;a|224#(y_Jc&efRWT)TKBqvQDQn54P9`3B}z zXyMg5+^dN%yXy6LZ`*NybEd}JP$(L(d#T=!DF70ye~TF1BtDhp%xfQBeWL2T)_#4c z@Ftjei59%O(3mY5fV-ctI&@5r3Ee1~#c^U3?ZJwV^79f+>L1{k7G$iR!29*!nZX6PDM(cfRS14i~sfTFmmLShR^0wDqvWS&l#BSSX`Z-)WpOD>_%v_2t<6v8JG=_OmF{c{3KFwP!}Z>jm-_ zFQ*hcvW&7p%Z5BR4cHYTUHVNXE3KJ51RoyG_FhHjh1KnoopYyU^W_Z0Vee5L#87b1 z4AesW5le(~5I#bLb!Q2!JX_4IjZ}X7unwWI@C{JHVoZYh(RdOY`=o+gyoWx(kB^|{ z41d!G^H?IFYu;QEewEVTaOwh&nRz%!MA*lv*%0R--frhR8FFIhvB#{H_6p;cfMS>I6Mu3Xsf41LivUnOhNn5e<+;CkaOdF;H$X*gI6c-3TxXGw)h{t62l z2~&>au~a`evM}8sd!MeEe;n}Y-=z{cPPw9CbBlD#o&(EFM= z$BZg7IPZ^fGzqqyOE;SLxHv9RGme+R-f?C9A;QOAwLF|%nS%r`N zG+D_eoXW`EJw|N|56{~Bs4c)U`v2|d1uYA}N3eT_-=ln?5c1Ggl}MlOtf@tSowYjm zevA{S6aCut>dGTqO?!Ht`FMG`X>xPeozm3HP-8!C;M}p->V@YS)V5sey`p3hb?qkC z07~2bcGJDeKeJtmefadWbH+U4dG`=JAolhhk8`6Nlg2$3lg;@lfz`~<;d6)dL?0I< z+?z1sP=4v$E7ZKAj|O?b)u^2Od>?Ns5hh0oO#Z<0&W|-wGeR1ysf=OPX8PFt#KN^! zi8?638Ew4Xv-l6Vz<`-;)5XM=AlnPT^$M)u_)4U4igU!@(psr9($~Z9@i1MnKq^(5 z*bDrHzAVj}3pXyVHO_b1G4eFE)TY}w=@k%qd(=oMgRC(}_OV-cy}v_%rL!J4ft;_j zFH|PSzgiHoaTl<#Rzl~W6F!M0Ng5w+FwBc_Xo^zR1O@r7sKLCXhhfQzePwG*qKS~2 zCB_2z#jq&JWF4nNs4fRWVGalf=OZ!v3vINtP_GJB+c^dl_fYRJE=Er?k9bV0WI{mJ z`(Y9{8KdeV=#X{403&9k^zD?mp{N*{3Hc(5N0k2I;QRT)>z;(tyn|hwYyXEk$JZyn z*UUWay-!?&gEfIYepQLN?vueaH#Z=!s9{UEuvES~gQC{6b?>&NC++3-inB{2$vuJU z8y+rw)A;e;&zgl!88WUg3_H$7@g!{$A7G-mh-kIX__lO%02+01Q37Ls^1O;FTsP3( z93BPXjby;(hW*=n&mxb54I9bM`iSJwRI@8&Q5ux6FNs={80+(}|u8n?h zqaA|<8HvWK>-Vcl1Z4Q*ZXy4dDVl^~Met`KIeW(bB6NZ_F>18p?!zEEsyccMNfyRl zJ`-0cBgtN*2wt!f)`gm}NZ(a?Bw{2I@RXp}uX*Vvm&KSS)`Wgqm@^EbG3Lx1`Ce|= zX-qZkjWlRV#?0+r&it6fk-S|@B<PH+?<7j|P0{c}A2kA_QQWTS&8^6|K>Y9L(Y&e}cdbo_Xm!7_!t?rIK z!kCof?`;I~!14+fMXcvxmA8!)AjR6MwzYPvQ5b;3Dt@l1>3vs^ik;|y{H3_An(%0y zaR+CSnJq(pZW)5_&I7tR)KllX}pVl^V}| z8$IhOC)JlTiO+^vRQ9;GQ*%}pU`jwt!0e(z9gxnMUV z8WSmc(YCPuPmtz(8+#;6G-^t}6`rU0Ukha*&cj9~-pKHk?I-H75c zkHOh(nUmKCr;*bz$b-4n3$^zOx7*izh~MJ~KOa#tP3JS*Diq;Bd4xeWUv<=S>+9DptRGi0oBeEb^=^D{ zdC)^NcJ7ExKG`C2$)!f!N7Wj$XrNViW!{m~t97@m7+z1+%0M+COThHzwED~+*PU>U z{`cyHQfLJc3*h+^9X&K}xxE1?wRN7CFIV>gATHjJ)g}=){fG^Goj@rVT=lh%ndpLz zBK+qF7UPHE(Ynw~?Zh$1hFSVMH^@VZ|D=FPBIF(u%$Orqon8u_Lld>pN+~@#ova;M zMuI`4`Wu{C2;q|iGLWb|W6wFl%*c~gfIa6TAIEyGG5vd`9emTFezGrpPb~N-k-a^A zwja9c^j?3FDow=tW5It>RtP5uY5(+jtcPbD&9UKIq3=ucJoDRVxEKgkyXBo`i^OlI zwiL>YU-S*bCAVTML;Pk-E5cG>-}%9MB;{rq#xn&1%%3Ia<2kGR@K$$WZSRlXcLTFk z23gbBad881Mf*AAy9~P-k==5mi$j%>Wt>wWBm?(wLw|A_YoQ7$MU3I~$kbfyIrnU^ znwkE2IErUDr!wJM8s_v3UJP9AcWztPC`cxRU3zprm|vu$H}3vr<}fvo{(#KFgyJW^ zSJp1(BRO{{+gb%wJ?dC9mT};;&tQuJrd`M$e}Ln}G^*GDv9b;p3yo2AnYFlJrg_;9 z*AV3|n%`l0`Ed{!{=*NCUnF=skNB#>n+BJ~AH1=_rXAE6XnsmL=XhNjJ|o-^+HRxF z)_E0y)i~q7oAx5;IMwPvQ591XBX0wp=zuHr330qEb3VjvF?z z&z+UrI%f4>SjK{UjpE?MaPsuP{*XdyYv@%mP;;CxwQ#M-rCKV^4+r<*iPUK`Z<|pS z@ql%p_H;QGULgyWw-h747)pLRfXbGj=2uicL#*x0t?@z2;)xVgu@cyS^p1rd-d&6% zldp%fcN#Z2QUjsti1JJ{vFpS07o*{LgA|1s1m_M({L6WV;VdDRniO>>Cbk+}#YN)} zUw3Ns_@qDFp<9>e^Hbps@Jt4lbOM2cNdm>Uo|Rw36`!IMcG8qdQD)U#Z=3XML5yyW z?~x!96gP^sa!btV4BL`q@PB%#yjLZ>yowK_{crTnsDhmUeliod%fA4?Y&V2O{;B>0j4b!0H3U$VJ*l!;UL=h=HegJ>M3`C)H2 z=Po?_R#?9yclj%n^p2IA_MTOfWv2PzL-EjLACeMWttZKgY$tK%vx^G41k(J6J`O2@ zV%FUrb6N_JpzY6rFHtsnrX??t#&YleCPAR0w;$Kj!RfyN<8y|L><0VdVr3VD#4Wz8 za;X8=zE%#9wxo`@ZbtvW5t7pP^g(HgFfxh8ad1d1BE(i(X>4iu@u9>^l$>PPe_D9# z!rvmO-{-whfC|z(*@uDaI-lfk-)fl)XDh}y0$uBwC8tq)IFL?5`3J@s#OA^ND2*qG z3iGHvZb%8iRb)0pp9$!Hx8#WxgOcdZXscC5!hn@p*`;J|g?X_54tZWXR%@6wmqD-{ zWM}MP$;64AFL`C~5udzO$#(F)5p zoo%zp$Lo{f788WLi;ZO<*OL)+_T7Es)rWV5I3p#BJ5}9aePt&cl$o0Ivh8J5ki(Di z;`eb@S@`E*!+|dhv&afIn>Opxo=%MQ&le-ZBDyH2))E`_Aw)O4NMl2=zgyy0eg00O z-Wyz>!fW!%O9AMs8eDZc|I8b#FX+Y?9s+$m`rvC*M{{M8GyHR28ILav)I%3lGayyh zFPclOxHR-Nz1=}$YEY_x+21iN#LxY@t*^+iqjF@sA{ZFNCPb5B=pFrcw;0p657Ep) zPXRB@kGI%AT@zc?TDuowaYkQrqZxPz34d$q{4S-ZWj7>SEf8R$gU@fRIHaU6sA(c# zPJ0FaFOOaI>W6<77s!0=;e02&OQ~j}8=E@FQ86%L^$2nN)2_Bu>+BGO(6-g|9#Fxy zXZ5HdNkhJp`@wBhML2`|>(&z@%D3->6nORr$lJmRvI)1DysGK#ZW^+V?^7r397d6w zD3rGtsZ?=M8m{x|QDroeO>bWr<1x?}YnDrY&C(U(<+AMsZG$EUB#iDdST7dhUj`@* zA;VDqIguE#kw=HB$wqItPVh??AiAf-om=MLBIxfB-8-1#6A9D2fN#L@)dwHPI}Mu5 z*0uw!KP{i33~u-^qT`~@Uaq6Ei8|~%n8^PTS2p|DUMSRw-FHs0-FK(GCHTbCP0Q5G zOkf7C2%}{4KR$?vnIgg19Q@qLopZj%#z0N2g3$^;(%8JE{%Tkaw1)ju)Pq7RaW1De zBQJ|nxH%hAa=)S=qme#b&8-76{mH@@7$V5iF`3oU7;QoLPw|5jLcaIq>g^L(S7)5`@p~h9$t8SU zGo@Y?LNhqvAR9nJeKUWH>gnk2(PfN7uC68!KaUNCp!mcu&gCnPwUL!3rY1OJWCxZA zVm*4mf63Jc+R$Xu>@m3w{6ODk1fo?hg?Wc`0cxAp-l@jax4z{-T9gZ!43ml@fyjY< zH$PnKR>fT-%RZ&Bg_-$bib&i@F2ikx(9Y7$gE=s5_I4j1?@=xEITnj%L(Lp59`<6S)e<_tNR5Jy(8f^xsQLerW5jhjHMBBoACm;z`vdQqevEKD^XW3x|mDLM>v;M#lh);}+A`9y$`%LMb6RDC2l_D0`_>eI%pGtE; zmE}i5hlQ-5=07k}p|qj2+w_Wkg~qb3GCPd~Spagl_tCN%Cf7KIQd-`#AZ`mFaaGch zPZ96?jJICW%x+d=-gGx-_3iptcAlD=>hihl3NSeh{M|jv;(_+@1Q8CR%oRhvrO}>( zqDq}L6ysJpw>ptb+KHn^|Ii0d9JX)gaWlN~CVr}B>iA(nX!m3%^D6IgIy|~o{F-Rh zM4G?JCWu0{Rlu~Q!XfTN-@#$ryDvMf{5M~U;BWD&VE!;ZG4VicbVdp(5Eo0xTBY6K zJ-`($a`3On;3&TN3o)#65P8AJ5YxGHLN2MuB+~l(AT1T>T>{JU9teKk9dr2^5x41Y zdb?>wTXW;ZWxvYVtAXWs$4=clyP9ZjmwjYn(nS}0qaG|Z=|&sDvcVBOES0k#Gepe! zHMyKW{X`wKJz&;@w%!e(kuhN|r6+|A0J|cMYg4;DG%78dGY+IBxshSRcM)PcpQT{q>82;Psij6BGKmaOsI&; zgvx03nYuXQ;-5}V6)+#g$N8BBo^t>`AH9~54)pw0R zI%~{3=>OQ2N*FvmPj>7(kJy?DwyzN{?gk}gjLHImx-%X4wA16Bgx8}}i?&3#oRxa- zPZ3`G7xN2^g5uui&_+^3#7)Kd3(Vk4sV-@eqmNE#;eUkpbtyL)Ly94-QANCpJmQpj zM?aP7a%+x1Vf1o&8~TV%rVm7()TA>!BDoUFePB0V|MKL(2SVRV5g1yQiXWU+u{Jl&=)E-pJ+tXHiQas z00w(V^}*!xg(D6@mcG+yHAmT8I{qf%eH?_423FGcROj+py#cm*~#GPnp6g|8O;fAqMvOAtwHVmT4-}L8P029_%fS~sjKXAFV z=)F6Q7_ewC|E!$%u506!Jrthh!%7E}VE5Jqxv}%VP^c%^v*lkJF zj%3f<-c)G{^m;s?@{-=}tCX64YHqYO=!iUtZiAq=32N!bZ@1jK3)>pb>AQ zhgEjOw^K;^3te>gz@9Yz+)Hez+%X*2@#Z;G$wn_-ZmcI`G$Z8#HZjHu-25O`c9)dn zZBnllF!t*k(|*AF30fo!C`Lb7r8!{X$@UVd?+vP2s1O$J{^dVB3|CsVGs;H?Nzs7w0m=M`~KiddAdc-eU27~E5 z0|#p^^v7<+T6W*siCdquLG4mo#YdlssRQ>zfbsHGK8l~%UrBLXDMKWZGp+N;g$s>l zGYfRz8O9`KGWO4YDr<$T@rxXz=ONtH13lQuqlC-)-1z4& zDD1vSynW+$BKE%AK`U8=CNhdA%UZN!6IEC7*h(Mvt_!fD` zZyiJ}hfWa=6~c?QlIau!r5}O;{s&=oyQz55QtAS5n*xyQ0tFNb+;R$GVN?V6h2T{a ze&a<&87tHMM3;kag9`Zx{g)XsgW+Sj+aV+iMU`dI_^qMF>qyV=t4oE=FQUEWN__+))) zwV>sbK(nkkL#d!pn{J-6?cdNp-_Nd8y{H3i5X9K0%Py{FItDlTxsSeq6_{bfN85+7 zG33rFWZ21%g|Cfu$+HX+$rr=oBQdOt(dVX=EX-1D(KvnXH$Q}mbJ9AbP~2A=n26jd zGkI{iHOlhe%Dl&uOgSWnv(2v^K6A=duGkK(S_iAb6B7%Zo;hh(pVzgK{3gZyY=?lM zu2cWH8~Wu-ogA#Fg0PiR-!$&go%^P)+p}A{uH8Zz`p7BQJIUds%jM;5M_}6jw$5DH z&msHz`JmR{q)6GNqvNZD&d>~F+4imqbp-3M%-8&40;y@l0#T0zLHx98$p1KEUxDhq z+?T~qR8?p#*!rc$i)O7Jz{KD->j||zLy@YrGo%36N8%fi);yz*hs>qIp}`YWg-}y$ zk%xng02um@Ck6a%SmEELSL_A~3TbpgTp|C6eHqZo;|Xn#N3JiwbVESfq3MAvWVmL_ z2dBy|O-)XtJ%m#Yx(M4bdOEj@p1Bi!1DZuoiZymL~pX zag?kI?H*c}kBm1#^oP5F)w$Li;MTKs%+s;P^Ki>HcHKP|`69K<$jB`AM0kbfT)_c@1s;rZ$sG5o_(Y$@<|f0Ak1sCoN3qgv!ydzrp!_+0MK_ z&vr2b@^uM{bbG3qCrf#PUiC_z2#6GQwL$mcT4sjcx8>)DQO$}mi~48C{)Fuoao~8KbsY zmvWRJ{2nfzYe8ppj-(_f`#9J|f_4!u?=9OQYLDt0uk zzNYvNKB$9nBWR`iHLCya*KBaU4S}r+-1o5;!}PezX|tcW!{B_TVk`i@O=95+j&6*t zq(6Hw_6OZfQbGYjGNRKOM`m|HID55A5EDaYAGMN5_XlF0K&bb#VKfz;BtV02!_->M z5Vuw9oosSg&Sh;ePwL&<=!TOE#yu;@?RJK`=K)xHQ2!pk_ySZ!s(QFEeF~@5 znud7x1nVL9)kcPRx;CZ$;!*}UfUVK1%z%3cZxE8jMteNZS;5;t6a9KF=WZ*;$#zs* zbH5M%npO4w@WH4HSboqoF~%=}L-V>@^RvH-UbE%&F`D^wwSB*t;Cwe3RE22NLjfQf z-7Y|Eoo>4!c}is1M$wQGbR4Ybmgr5w*skW#?j!U4sEq>W*Q)w%lLC*uI#=QD(iGpz z*m4bqp2eaS>d34CqC4QMQ1SS&3U;0(9kh3fih@h zv1mLo$C^UK5V+Wbj>G@KFhx{%pme+*wpKGnHEaa_Y^ZC8WG}Out`*1 z==rjEY+Qx*@*4u}?hXCfFVcj}*)-02e`jV$pv`f?_xAY!bUHT1xd0}6i>{-l3eP|w zZYqH(ea|L&j0VD@AF6Pt`vgnvXOKAP>t|*$TF5`571lhWSYF^(+2LEUOOQ_>x4lg1 z=3z9%8W2#-j>=~rTm)cB5Sx*;oe#~evRY)wQ{ur*+#u^Bh^EcGSM2g)fjZ%MdiS6$A zS=6@`8KPWuWZ3D;PySVXf+@U^V!i8QKeT7>Z}`;9_5OR+H$kRcO2 zQY2{{R?pr!YR?1H#4$g!#{(gcuK6aFyMhYywCiY~JyfX)sMQjWn3d;CPVWx$lyS&D zytDfLX0Uy9lMO1O^7BZumBrC1O|ec-V%U|?(E*Glf(ym)^vY|@v{6b&nQe|l1Lie!YP>lVQ_Ob&J~~+B@8F| zUYR`%&+i;>z%N_0F>3TV=E=UQ2^XIiMPHNw7SHE6H`1S##~Nlt@)MTHh}y}^t#_@> zg@kdEYJU87rt$n;vgOgrqlrY2pg~AF^dDZkBrrdFTBiWlJ3&JHt5atoMfipjaxi@R z=G0fI82U&-qgo!b#kIIYjY6B(|4y04{PGdfl=yfNoS1;=g?{ z0mrJ!aO2XBwS%nIXnRwbu*aN<=98-VZe^MIG_tgd@21F_xK#M*@jP|R))>$YZ<#@# zV+B$j^v2=hbV?8OBP4IAy2j3b)#2^JV5h7i!<{${E|dr}yXaKV{($EN<6 z$C60{Dq_-FCmFXNOSR`M3wvk!>EMW)=O$DqmraB{IQhV5@~zoAD6M2+8@Jq@0TSj% zOr1jW_iDS^$>``ITPj0@oUcTB4M4Fi6<}dAWJgSM>npWr}x#~w*F+&X|{&Emz zc`(ZC@52ljH6Zr^l@9_`6Jn*%<<#aK6v1QoV4sb)YlF6g`X|G*%@(i`7n*BEK_@aK z8o3&4>vCw$Y(9H^S=}82k*u|M@sc>eF6ZhbNs2z*434Z;t`deiIc)%>9YapU(ws;t zs#f6ns-h}Q%CJj`t@O7xnqN?1k&UMi{z~_X)t?Ou>t&hsDei3^Bh9g^j#@W1+|0*& z?gqDI7oQCHA+_6rYioa)Hb(gH#-E;6Kc08@YL8;*B?z3H(C}rP*)eJPEm-zSYVTGH znL`DO3nm6Zbr0+j9yX2H7v@ye`W9M z19K^Dxqw1`F0WW)xmsEf#D4)tJeeMo@W37(`OUIk=0;u=cEtA~SxhM<{!sscWBS6J zaLQ&hd7Mi-ipF4pZ{ypv}RU?im0I^aWBaHDw1 z&3C9N)h5`ifzc8(V-VaSUZn}wI(8?IRt~yl+I7IU7auBU;|8)IJOTl(Ygq9HSTl%! zMP~_iTms7*0(^Hi5tHbhTm@7p!BSpI=>`S%Buk4xr_UN_a0R7EkPQMkn@r?G>l4P3ZV~w=8^m%yOKEc#@`~U| zqKYd){*K@L=(CtxEjo0W&=?s5_eD_Nvo?&=?ZxF{%S|9CFUt2vRa_ z;NcJdU%3FWr5EP&_%4J~Y_84Q{G+5s;^{_$M?3+r*S_0(Vf*;EKl@j|{`qHTkystK z`D|{~Og~=I3G{D`@#X`1GfESv2Yku`MBNcuwtZoK$7%e-|4`(39`4&=VU$Wcjq`Lp zkEl21KYZpT+dADXni_1r>B)|D)3m66iATk@(RG+Kp=c_2IBD34Vf< ziyXI+t-q>l!hqRL-r<(02hBLU@NZ`rKY$CEev5~Y#JX5`0>uwRbRbuKyK1^CF6bbBJJon|1-1$e04k9u-lcO@_#8-4Xe59A?{T`!Km$S9pw@ zgD`|tFk6pE-#u?WjB&=mo@Sgqm`P?#eCwECzSr#k{%K<5dd5iHK=Mms9t53G z0>tWphBX4qA@KZp0`E<5P- z_vvO+XL-8#U3Vvk_PyQWjsz-4wrsdM#nzhqAtm0TVuIVs4NWa$!MIJ@-g>!EOp;~V&1b~q3WpDnB z?@o$xL()`^IX4tzQ@oN&CQr8)8BXzlWqwo{tJu{(C1CH1>7+Ue!hO-Tmt>Vx2?Cev zi^q68RD|CRbIJP!DjuOJNgknYoqybVrdd4~CK|!+WS11vaj{xsjuR0!OP6l6689Bq zn~EA$(=wvR*J`W4{9WoJ&@eIbxZ)~9_u=!S5VONkG1S^eKU1xI9|{b}lNR6G+?#sv z;KXt4%jCTX4}r+-yy;S8aRnERIXHF#C}h=EWjRa!+rR*tr7`GH`o9fICR~_W32t2F z5q6MWD?Jh^sPpdnT`!+T-(&l)?%r9f&PP7WPR)IxL8)-9c8iI&$5~j0yze*8Q$3&fpnrqeISxiIe%NE@IM#^hquk#J z#s8Vy1?51qoDMgsrq%vL{cA^>IC!^}e2oRWcQgnpf^@x+-kvJH_wr{UY zIaB42`n^Lk!9YR0j*Y;ZW|5&3?VY7T`^`FtmI~LxIX%C4mOM5pKQ4IGVaC`J?>}^N zD@dUmWm~kj#G8jTlo~U`*DBcU1RmP&i_1+emBI0O>7LVS(|ZmdMm&W(Kj`#dj>RLBF3}8CE~M0y@9^6E}$v(N6~(C%lzR)l-Cxa0XM0 zuEx)32%VuMnIMkqw87~jvLE(^f-F z_B3vo|AJN@(D}ZdchP>0a2{5_kvZw;I<0CI5duXU^_#lN7gCle@1;?y_+rld zrdf2$1@_*f);W2-)lfdTl1&qA#s-+BzDu)2+VKhq<&L#QYkI%u;KRAThe|=U+(q(F z+@9jhnlG(Op%3~iBd#&iov=9we;`V;EBh1E z>A(M5cRcoVZFT_>AS*E^kxl4L9Xrj+xd#v6lsU10hf64<2 zF|pem868*jpdZr-pDb!x5E!0f5&fthTU;WAzu=sUr||ACWvA{Z) zsKc$6jf3_Jp_j^)7sO4AXBmolk>fI4+xfa;BCB)u`_Z?DLRpeQu{;EZ0i4ihF;%5e z`GD+d-SZCPCIH$m@aVyMKB_)^FHVnQ?sWbz15LC1Ya5_bt?SNp5Qc`Xp8k_9O=qwp z^wYZtNnH1Tp$sasr}V1-9c-F6jVsI9MuS2$ZYphTKD9cAL}^62B+_=;$Bm3r8=G)y zbCxUQzZ>zamgZTvILcpzhCjgp3+gj$GsqZf-|qab#+ECJ!SZX)D-Dza)68ZBtRJ)# zH@$cl9QN0GmEz{V$N2{DX82?3E8Kn~9TBilZ6=@){w z{Lv0JXh*5YhbmuI*)ydD88Y(Q>rIXLesu&-N{bX6{Xnwys|=|=i(B!8!zdx`w%WJ` z11AGt=c*gfWj8WF3eCkr<;3J-2Ru5gKPkz}nZ$e~DwT$s&<(eJx%(cAoxQ7Y3AZA0 z0jskIF_?GmUVVn>{B`#g+~5U4Vd!_>p5RleWJKD(i}cDC9B~l+z|4Z8zPn`-Rlue= z)x`FNe79VEYB|5I*a_ISatLk z>V;qG5sb~s6(b|i0!2?!2y@+dlA|V!(?fK9Q7Z2xJSA(W7S><*uCDrtcA`?!r;@ z3XUaEX(c)Kc~<@un(J-)cHK{o4dFW9iyAky&I4^9jT7stW?}OIp5X)=s~E_>_$5j) z{vIbU`%gdcx0FVLv^0oUN=dHi-3>rCkv8@VgDBeaQG^znsANJ-8hwGgqH_|e?HOWL z&lB@sb+cG;6ZmO))%DhmEMKSe8*nz5*Uaij8T2}tdl?zwX4W>lbF4n774RW&G9TI< zmtfBw;T>g}1_A~>&z;h6OmM;e$OOxLfz6yT`xAr_FVERfI?k$jWh>mvd<;u-LlJly zVuyZ>C1@M9y%GNZg|(QEm86gLixK{BtH10+uD0&Ix~W#ZR>xC(V46ofX_Qy_@s-Fa zCyu2$mzNC9gP8i^>O#iNMW%9M^Bq4i5Z2iyJc%3J2@6U5r_^%#gt_)W*M3Emd(5`3 z?ViSpK>XWRBDzk@Mh%*Fp`KHv-<)LTo8MkvuKnLf$f^#gt6$8upNC!f#jECS#$Vv8 zuv|qaK-|oI7x!bMW+YK5)RMSoe>Sq!WpX9-!w*Vwd)!^~R84$<K-ESpC(y961 zUIQKTn!13Vs@9>c=WtE6Hy=3tR0|vjii%v&yMzWypC+Zg_Lb#iC`1pa|ErqIsAJpw z3O2}m6;#&Yk@kYO*ku2hS?6Rp&nncw`-#dD_w0fjzo@TQLQHbQQ7cp3aLvVbfLwS! znh$;e==mD*YGqX6Gfa>Ly_R8oGMnc`|bhxWGwt#~mwBwYO zGt}9!nO!hG9txql<%E5@yazM8y+H@SSiJr*W4BhbwpWX;B$MH7 zCFHf2VI&p0>xVdp)-ULKkU}?|+M#+v{jWUV05sG!!`8s8iVfYvA8Np z&=w(EER0S;R|3f3$|R6#-T#@PXraq!!@i5a@4>EwF{wxFvm3ODIW=2Al|Hj9RCO%7 zXYbn-QN9ylz9#@`mKOJTrEy=W%Ca~Ah&aGS$vH7hbSzRr|GkxSNT17ug8xe4vvW{X zg^a5HMhm?Y@$PN5v#IgXKff~hw@u6}UV4}~N6-G4&}30isB&S!?n|Bid(@PAn1)-@ zQsnii0>KkO=&)6OFE}kqdF$A^Jd(@llRcwL`3L8l%O)X%nJLrqi|k_J?p{DAUYkQo zkU>=h;m_9023vuj3_jj&{!`A<8rK@U{B(6%y?nBJ0_p;qy{}%vxz8M#+#fFPojS=V zElH?kWd4;?DtWYo;uNoVqRieb2*-C=lA3X>`HMnQys~N0s!)aF)_5j}UO2|i3=IEy z+jk?e#sKzao;lv$x(q8_w90w2&Zn!9lcUF}O}IiD$8QgMtL?sbm%DALXVT5lkK}Ie zo{BN-2&+--O)32R%Bj%ljXxF+q7xQyq?X2p{P7#hP1iH78!&3_K3}NiI0lizs$)-> znrcTIn-r1N@tQ*wgS!q{_kC7YSIZNq7E3AyL_bVrB!Md(+oCa4g#6!)9#V;p%*Wot z)_U^`YcVRl?{+i1TlK`>T*D%ocPY9KXHm}?*9x!w3JpHOEZ8}Ri&Q6pNBwqpF&C%k zjbn>27d=`E2H24A`h^xsXnQq#2y^fYzS^K`V5&AMyP%(_+s#w5*0_fUbEW|Qo9Iy6 zr*08GQCaI2S96S0E-quN}$>%pc2*Efm=$I z4Yls5PS=8mz?{R21FY33N1vO@scT>{{{s?nPKzkp3_Zw0LKB@?j>`M#Bi7}u3D4BQ zL#G*pR!Sj6l>B-NKj<3l>20d`#XI>K^WJ})Gc$fDbLMghAJ6z~+3NY;!|N88j>B5` zref0$7D`+Q(ItK+v?q@-q>HoYs@HWk&)3a7BG16+@yjALh+nJBTe5Do+E+3VS^4B+n-@&NDZh2BBcnounP%Y2Xa>C# zP>)sy#;leP_s8a`8Hl@(4<9m=5AT)$)gOArFd7YOq57FjR{~CM`eFnF@7;Ha@twY;>3sc3pPspYU~>V(-#O^ zCGt6RxfDYQ7X8;&i-71)f=%bJBQ-J!%ztu$M#TCyf!{9CD*{3qie2YzPeQN1(6?7O zoFzCe53E`{Na1PrTKWa6$Ktq~9cipX7a60i{74&l7?w@RaNUGF{Dj-&KoJ_)wMyS1 z)KxXlFB~?5Ce28i12$hiv(!ELf8`5r_`ZK)D;GlCrKGmhZiB^DsiA{h#`wI}_#!Bs zRzB8t3bc^3E5=n~5Z9BQydwvn-0#?I=vfKF92lNs?Ej*<>6K9C^sl~4CqSU~m4t*i zt|WStYVMBPGe`AqKGWzdzH4=EHXNVRtDRtxziNypAN1JFt`8Nox#fCHD}*u?!zf0W zOF1Ggp|cQlSw^dhsx7Mov5O)Zx@y?nzX$wfP`6@qLWA|u6K@TJi_ww&zsHXnf`2lo zAN4(ZH-@fZO~#3YMgs`=@&&&c!d6@pzXsXT|0u%%?HP-Pc(3@}fGaqrhD6?H?FGBF zvXALXGL&tEj5pA_C)(>#9Ce;rG?z;R@4c1_8bv_-q_0%ZRL-gF!J(1%1oM-*Hz!8_PT#h(Y~9xI+#vn+5aznFpy44E{gDgt%P{ zMtg1#7HS7T3U70v;cm8`=AZz~XJuD!*gvNn+heO;Pn%yD?+MOwnlEX%q)D_al;D=5 zoPj)5-ZQ3-!o}+sB9q(LPyk*~vwUXojlQ~h(>239dborouGT@9C(-t5U4c{72GfaJ zdo5H3$?Td(0cMnrekFY&$eH0(a1&glFM30}TL<_@u!_1dKOxcJ{|sg|Itx)o#1iAz zgM2KXMB_}%;-^2S8D?#8rkbK2ltC=2L&*JnS`i!cqg(3+(acEXe{Iu(?-y_c2tZqJ zO}2u{KN?!95(WFiOa>{*)@xEys6OMr`+Z|#z>H9nNN^Qitf8pcmr8Z z)J2x)N=5jDEd`VxFrwEbmmtdg6x%RJ+3ha{gz#L~u3nPXb4V`L{Q#STAT8mQ)RKvh z+i|m3ck8d`rZZW2vt)!HZ(0iY>CQ&cvC!i0^DJ)}=u{}a;Eg0k5tWY*m&Srlr4pj1 zGF-$^w#!!ddI$9xgG&Cb%IyNSQsP0Xik2BKkj-6trH7?8pJh50$B5okV&rbk@9_m? zN_HW#>R2i%RP_0jc8^-+48=O5pmNivjQ7NcgS;`R8GG zBJC#ZsG|2xL)HXNNMOU^fZmlQZu$Jl!G>(Pu?O{U3IARO64Y^^J^w^2=jfI86RG>-ixQpJJsZ$^bU^+w7{EJlj1A0-+&juJ*)kYhM%j z*f=9kf282tU=garBR^ zXz(w3%K|p=X;$QiHfm01k(R1B?_j&7ETxbH;1{34aLkA-?#5<9r$J`-|6}SM!z0_; zuF+T>+qP|VY^!72b}F_zwrzK8+qR94JIR-4?{jv)zt;LubzN0A#~ky<4$qVL&Fv%x z@TUJi&PBJ^>Y0eXE2|E>uT%Sj((maE|00rYKi*L+-`5e)ag zpDp+MJY3pzcHo@^Uoebx|E(Y2-wAJhaKy!*b~&bmqS-+Eku&u2jZs@21Fj?^L<4VWLN0`pC~R=XVP20_ z%pv4kdOT%~BOrGLJLLSYcrc~Gt0T?&UB1MFH6G5W{WK|wI;$2PnNGH!`>QP2vPGPF zjYD_7qB8+%-tSHrH9pc_=h#bsJ0EiQX4LROR8^07<=X(#NG+vcr=r;dBtws>TPqjR zAYz`Y0JLt@WNnmDPU|AZpuR9e?)+T5JAkRL9SaZyvY*ALb_!M14z-2#k7HQs3@-w# zTOmlQU1sgKh@1w_>gAB=?MDpJGV@tuDf^%Y6{SYHa=#-(iD~~=SYBAMtstl!+JLlN zjnuJF^VM;4w!D9|Bsc0a#sS-B>*i!5(uOJW>{%XaF=v_%C6yO#4VaKI?1+Pz2-CfA znGa&1+OEGO5b54=WmYOdahM_jB`mI(9m^go?%HarrQQoVnP%t)-E~Ti9ts__Pjf~d-!RyTTkE{E) zdi)}SL1C@m1@zbexps1sAD1W*P%$JT(g_6}rJ$&2qIeJ*q76M$H&}g)&VQ5Eduh*1 z|0<*NSB!ggAcoyEdj){ZY}E|bYx(G1ucnvDSG?agzV3E;a^hbx_~IA2uDLc{h`)6n z{?`0<=RZa_s&A6tVN`%l!DeL=WzWmfXXjB2ph0GNU$qz?Ib`Ch3W%0Bbl*8w^=EBx zmV93A+wk`HP8>e|aRXdk!}8K;?2}8&$e2sO>lyY;c(K-Kqy)veKssMnl_*6SqM^@- zl%Hp(yD7n)6cHP*4TgyDPq9vPAq8PqUXAU<+W!0Q-70JH?BwZf7gI_pRr?sh*Zyk+ zG7jGp_gH#@a~u!ga&ETJGr7UM_Hr?qV~v{kXeWaWR4&g}gNOhsd9Ch^oP%%mSSpaM z{3R2EQdE&_pgz3x8_4;>yE0v|5#LhfdEdOj2%$9h}c+g;}_ zN9~sx1il-TpSDlEXRJ?Bec7B}cLI zsTA=hfXgW~H(kYi^)uFCYGuq{=XG}*Bb)X}2lW4TcNE7|Y`VM(sc&5nr0H5alD$;X z(pytMfveAbDt$KFox{!gdql&1Kh$4;`)UPjK2^eSPwiZ+r=>w9!@7UoYyIvqifXA` z%rJ&<*@g;%@K-S>O5nV>QxE`zFU`ysq4f4&WgvV@e5vO*)Z=fr`&_|nm`oCrvJb;BYFEGDRFfY`)Z4dR|q(}!Fg zaLC$S8B@F3`B6=iK2*uu{_DVMfp@(9O&Wqx$ zw8(esC7sOT@b9^hyH0&o^VKKtKYwHBOWGKI{Epy)NoLVjw)fqJv`ZpRw1SLuCZoZT z1!0OK6c%0iMoA5uGzq#OTKA$Duucf}wX~~0B%WRTgBuYju&`7%L&^$l7D!(Gdh2}< zUpH))h3(j=ezdM9qWPLi(g-g2?E9!D2(=<5biRU43{Vum3k@8BxIWSX)juZV0+uY2 zm8?SoZ|ZPWQQc#jO##%eAdCUqMA?u!1Cx~aE)a1Jdx!+BkfkJLg$rmXEpE&Z#0-J? zPu>O)Xqc9qI3Z`)z0~lyEQ*E`QX1jpF3aR;O>0f8ssqTunHDKXcE|=`2g%muxMNPQ2Cc4ThGHk$wB^2b8x_$rObW<7bn!1f z$rcO0+`kmJz3HI)Z!BXBe7tuvcsP7C=RHhc2EFg4*a~lbx>z0A+(1CGKKy<7Glfw;)XOZg?`mPv2KV=McpS1z|JL$+}&b9!l?7A{csCKJ^<0CGiEc)!Ip(e?0}oW3mjT1@`3 z=8^9c{*#9UfC{wzSh+DpA$dAj7aZ0M#2eD+nUxL#k;(X35p8ghKWzC#NuvSQ@bA>V zq!tR(I@N`cJ9^t#0^9P}-N)x&Wvo-zUw1Bl9$Pxf#(B2*#}W*#s(iUK>0@8$+Q!q= zy3JrVtLqF>^XcnxZR;164ubM62};7mT!JI&rvM7$4RbSpo6w{bdO^^*%W_nas%%v(?|ZtwpvSXAc5Z9XsL8W5<9v6?WvS z!+xg}Q4z<+o~Vf!BUuyv;}a?()nDWGMnl^}wPGL=Q$s@M>m0~3(wjqO0ESQiOf>Gu zWqn2EFUtMLlITh;Z(cDbs3NinrHLhQ6D$T?uW06g8k?woBjMi*zI3IT0AqH|8Mc6& z^z<ok_(^x-)&-K+I`b#u8DR}V0;kjJ5)ZFl0RD2bvH^LAk(w8dJ_X1+FNs-*h z%{hfC#5rC0nE@2>CkCw@-QQ@bhB4e-#3}k>DkyD+i5$q$+HVwCE`Xvp?_dk^(!OsdFg&krwbH zCP}F3p#re~ZL>HQMOu(mJE;APa_`UnvLG%Q7S5lfISJZ}`;{C~W#sTOY?JnBMy8#T zqM#!E30POu(F(JT$R;#YV<0^2!9A&#f1%`gm45lCwM^6h_>XfwB<0JtYGuFSxBkNs zma<9E(S>fc8*W`-CpK|ozi#;+Wl%%d!Cz99wZoZFB0@OYryWeDX4C}Sf zG3Bo6PXELMVvLb~aQ#ciZ=jl29lxDjo-6A|4PD#fiVF9sliW$7HB z#3~)E7;S!G>0cXOXxj3M1JfuXAMc)h>=W+a*o1`A*booG)wu03I86`-$4g&4`?=XW zEG3hyLEoN~q9A-##YoZ*u&z~%VLb!Jc8T5%FJSLPcFIn z-@nQLnIoBdT^`uP^WQUm6aQH7h(%S;Z!^*zdQr+z@aU+4kCyJq4C$afXHgIl(GLOJ z)0dFA^N#K378Dh;5_xinR!Uc)tgL60cJLpE;miufLjHT#?F|}C>ExmF31D-dw@VkEUN!*V|hC=r#bh!dR1@Fscm6(y@N*w~W@Sn-X|b2=jzQ*9S}H z&@cV92jCFcsc(*Pay)9lA#vqJ1zN`GZ{63f3l%HHK*e!q&T%Z0%4LkzbR36VzlvRsq& zM6G=rosk0YG186H#xDCO2R@U)2%lr8p+AjH0Av+#z}?uQJm)}`E(LmRqruny?GQsB zgzrvr@4rIt8wqZsHq%|FEBG9d&jb@4Xhn@m9L}}x8R4cf!Pk99(3JwT5_8@jf+PCz z1Nx3Jn7-%o(blyNSEMj>yFJhGhgwDA6?fj%!IS){5S4I+lBpLqjlXEEc70Rt2t*SA zMOm#<_T|b38=uNEWIwd$S}<$M03>am21vSu1*$;)Bwi7B=+}!)n@>`Va9qn(lu%lh zR2ww0rqCs4Ec-vjE%QZjXNZtFBbX&t(5`sPg!Coje4$gCrC?)^E4B`E3bO|b6gb_k zr!=a+G^W$5)7Siyn*u?Okz$%Y(akL^=6-wcvLUE@y(GBHrvfZ3JvM`4PRWRH^IMgj#V7@S`djkT}@JVMZTu^faVj z;b!7H{sHjessNl{a=Z9Va~xX8$;swgtLg2mYQq)lE47Jkys9o^bk*Ra*hxhqY*zR~ zgrNAana3%g2GHk0zbpNeZx=(`?9n^_F6{=_nf8L}6!M%~W9Qgu5>7WQdw4NK+i_?Q ztb^CFU4M2!npmawCvhV#%|>(afrg;lD2S&UiVw&CbQLf{>&d>n_;ISVJ5vxkzdOI% z{Gp)U_w%!owG{l1dun7fXX}c@6u&)w66NSP$ZUEsB|~{Jl1-BFTdf=llmfg{o&SH_ z+Vd?829CpwY4q)W3ZaP;+}_>(rW50odtX$e26GWO{s#Nv_o)bH`M}G#m$1_!gQ;J! zfNAS!*#H=Dc4x2Oj0XC=;yIMDOl{?cvaNl^+-pf*Nxl<~ZHnyu1UViW%weYC*^G&4 z21_-mpGnQls9>7&<9G;d{ZH&OKrm^l+8_daBTBC0zhaez-_cdO^On;aTHONcPypIWIJnNTZ z>j8DCis<3x`k1x;2Mfs&b>rra+g1!JG0gh@xY%g(omaFr!jT zl;tW;W~P5pk(ufiQWhFNi5uTg81ISxW+s6=MgnApv+n``LueS0WdI>PppOf3klmfV z;z01*H-3=@tw6DibF1P6O*+X0&P5hl#+fmbb1=V)whTjx{>QIT6u%e0O~UZ?Lp7%H zAS)nS)C{t3$-jIoZ+LQefd-p8vwU(KtnYLqRJkQp(%$XEjFS#6eqPC%@VFMpyh8K< zTPH%C2{Qh^JW{UU>;hmhr1vSN7@}TJxWINUL?~@X#PcSAqshS(Qq_UvT(BW1e~M&* zx(`~N9XnTz%w3U&M;#Kb=C}?#AQ8D0SAmZ{1U%FQ%W=w^plXI zQCecnLj&RreG&Q(#Ld0qmfr*`K`I_V2@JC(rsV8n59}Vd9_N;`@(mF%W{*xBB9H_uQF)KJRmEFV>HO|9BQMS9Stv z=U--t_NjlVhe%L@CzI-rlFp|e=W^a6XR=9PG#`JLL=2;ig$xS#bkklG0pyOW$l$aR7UG;$NTy&^j|7xpxu4PiK--z@9w8=2gDufpT<(R zJNo2Z2~XrTWL()sIdqz((famZFKu`0@O@sf3*@9}^3*In!HIpm?d$lq>UHw*>%u<~ zq({NzVU-M>IJVren027b*ujk~-BECRu)XQpXxtCYo$Jgm?G@%T`Z_8`4j60 zES41FjB7M@Raf{lF!6m01e~yiUGZ<|C`7^@~E*C1N_F??}=VH{TT?@U+Tti~qR1Aap`-3*FIH#BcCM0+%-JYLH z+gBmvtY|r_$h<7`BSK6<6r?t*G6}bhjumB>$)KjlE`aVOrgQ@&F~xt!G+?#)hjZP? zD;cjh!(Yh-&_q}vlSGZ9DrTZmPCkKCuY#&4mR+z)U#_DcUHzTszS0ciM)5%0{d>Jx zj$bgx<{WdN$wnvko=RZjXmB^#;$abhn*rl!?!|V@Zy+HQGkJ`&B;u4#iss7+NWyr` zI`{VJ1YIk^l<65{G`pjKraYD0CuQvmoip?*zlM)>+vDF}Ud)?da4FhcIU?f|p&UtNy^^R}=U%__Gc~48Pr=+kFPwSjM$1E8j7b zK1N$Gg54lUJ4ts5_@IFjQUAjZkj-Uu9e$UP$T#7RBIJwRDu5o4}^K`A{4X2M#iia8_+lS@h^gZ_Vr zoHf*Xg*IG`QY%V@wgEiFHsDKqW-oa+5D`pPXM$Yf>XF zK18o#wJecux4Q22==P*eP&DE{%-tCX%sEIZZXEXraDQ&t9&?1EuBdFNVrHImP6#ED zB36-uVo+Hp1#9pq@PCnm+1XzRULu7A(i!fsx$H40%>!)Fq|B>&zV+k+3IQD>!b$R#X&wduE_Qm#Mp-@;~?fOWohReHt_ zS@5a_;=~Sf#1I@%2^K;MCR7Z#Y2#zp0|*kXx~seqktQBOOrmR+-%?*Y`sb6jEM|^Z zpE8#VfJ>M2NsHrEu{T>&ZP+_re+GF{LsI-nLTD${dOLo>aDP4-!y(YIu-!E|rTngg zOO6$5?^RELk^G}$Mr6~)0@Wo%`mx|-iQYn0C>a_cxA-9J*OXD`;C{Ef%WGNmdVMS$(8g)OQh_JeQDy@ zdFtyq4NP-@k)?|QXwvi{(G|W;D;*q>co;1Xa~g%#gxjCQICxCw^W_}$ay3-%;1@2( z02*n@ExlBHU8DVU$|b^;WeNy8zYl_WvpSv)H=L-0&BVgU2*ws6j)vo@Np7s_0<_or zKnY;SfR7}?b_sc{%Ri0%cEzZ<@;iDmvc>VbF_R=`bl7ZXMf0xC5K3 z`Q2R}G+b6*2^^klNqIEI`Nb@j zSVt=73Cr^Vv{b;p)-cL!e`&;LKNwXKotW}jw!|C+&e-x07gnV7- zG$}#Ths2(VD{w&($r|q?PD28Ep>wc*I^v%UK(2-V*W(IzotEShyx$>&CTH|Dlqbfq z_)}quRv*9QgQ_}|!dBLZp_>4n~r+hwQDHt$OH=_NOW;dv96485~^ z6V-_3rfIdo{X@qNJ)M||vR{qem%jI9{80`QPy@FCR0jI$Z~CNY zKfk{{x#W9G`&8Wr&4wbLg#(@VUYm@tQBt$?kuHXb4|gP6h0hf~#g(RF1WWYYvt>3@ zc(J@rsMb@F>~nGEUv13*J*9efNq&QG7H@pF2XGyBf%SY0Zb;ui&5F7Q{VqEprv;Ci z>F&?ZDI77)!Cl}Z&D0D9Kr27}9pJJ;5!@EaErHrq>7yC&XP7N))p^o3HIs$NA<=vR z$NvE3GKQnS8Y&@T=gD%s%F2gHhrB9El3*Y8VoJ`-|>E~$*K@BL8#AVtzif5%9(IHG|ApGY(5c+S2 z;Y8duRob8jpTm1_v6C=SK-}n8|BaF{w58zeSK3tuf|s#Z46)E$Ad9$H13rLO21?8? zRRmHUMEwp$351FAf39VKP-W~7zGwPsfbWEKdr|^1BsP?+ABJ#Qjb;f*rvKsBqj=39 z=~wOzK9ERJl1pN=jyP$ncDk&O!JtNe5!h@3zK@8O2Hd|cj&IQzW;A_U7oG?ms$Wvh zJWj`LU12Z6q8{&LOg$ftBw_^ENzpMhbqo^?S5Ow$wv-ORUlnzo5FhN%S2L0ig~y{S zL@-p+AE5!ori%gHO%6FFFe1ein$63EaU)n3vXKkexXFmyGPl=hfL-AC>OVmRRDAN# zzDh<|1BQnDjcdjmSN*`qxMC3DDliXCR7kLcG*-ZvU5sm*qx4C6{vICc6yq-9LEm0X zqN7p5&Wx;w4DNwx_Oru9XSP5?8SUt^+Ia+axFqt1|Jaxa@!YmK5?gG;0%^CR9F+shvTx^Y2MC+ z(^T+kR|QEg^l^3f120A_64G!Y=n?M2n!{GJUIA6lBNEKBxm z^ z`fpqiHT1d3Td21&AZ0=PR%D)${Z&J{Xa>3dJE$ z@N%mDUVv56+#g%tGT~NKtL-am?I}EGWM<7ET-_yDp`(blYZ+cqax0k#)*}vF&IA$3 z79wC7noyTo5C40QGYQWs)6$NOaV*_hMYh_RhHB;^pjSLJ-F+aS#WRj62FCaYwj*Uj`I;M>uW}hlg5- zWKvRCh^W80wi+efPgoO;DgOIx@HH&^-ykSke}kxq8_cfk0Z=|*^<*kM;wk*9gVLL~ zfM@uJ9l)1DWytOQGw645c0vN5Jn(iGpnyJ%*p_2);?LRU)iKRuRA(kh7tvMU=l+j z^nZ?Tt+S8XkeucNid-Lq$V4&Gp#un8;RoSj%~2F#PfLyYtB8m7KUi6{;ihTWxd zbRafy_BJCP8+;e_(su3<6<0V|5ef_?dH`Y(sG<8^AOdP_fY>0CO9#7y0#)Af>A222 zgi+qBGcIjanSK!#;yzKJr5gdaj_9*|I96&5Wgy zj@&u=fwkkT_!n8_l~1XR>2a{Z2HLu=XswP00H*~jYN=~f+eW4E)eO+b4o`B%f8E5^ zrvUbW^oY&iRkd^ABs~}Cj4~I9O2H>FP0T0Z@b4>MA!PIhx~>?sq&ppGHLFe7h@)J7 zu|czk^#cRGyH#nm~P3v4Xx zB5^V6q3R)AWpORa(>IW(`H0Ue-(ZKTmBcf>EJbT*^p-sp04GlMf#D-)+X@{SUX_4X z71rP=oC!D)3D5N#5_X=;q*gQIC09jWW-gbMFQky`0C*Bzgu+)Aq{0Lvwilsw<`bK1Em?&0lw5?gS*rP=zf|P^ z6WtmwEs4f_Hj8PK*Hmgwo6``kfZ2eCm;zuH9|O;R772B=I2wnR^?I{{p8YhZG!Gt?jg>Z&p=V3Z%iZIc96+Wmi|=NZjW63@>uvGhY*`%-hEU zeR2wGxRqgl_3X~xM8}1C85&u`N^M-LW-LCo$w?vE4%p4_o#XGv&Gp&_4!5@#w+;h- zi~eZ=l$*WRzdPd`eaL5>cr!%$_9h`$O)xF=`H`p*_aLnk`(4qPY0!_Q4x~{U$IJ?? zW7bG07e|pAHd9=VlJD4EN?5Sk6Zw3eY~87Zf@M?6cAEY`K{`H zpK66aKNac{Bt=0lg&!8hqpQOs;?$p;(_4y{yWfE0M=4HDZ_DAXR~2SQIg0pIZ%zQu zkh5jaJ^13$S7`-5MAj?O16NUMHrOf`WO~^dd91al8M#Q8AKqFrrCk^FSjIl3oiF-7 zkC=jvUyz5gqG~0oI`OG@5w+A(Yh_GSRQt+`8pl=9&nZBygiBWw7x$YsGPoDLax_G-v=+)W~!fi9cPkE3`a!Lx}Urc zefO7~N{Lpp+(?N_(Xf5q-Yhr*TvW1=@bFyMU$^UJytN3hal9LAg}GYq@H{`ZSAaig zS+j3pH3KyT_8vgB3PYV%TpDc_#j>&{<(7;B#+$a9>7a%4LkzWqJV%bKg-=kmW$d0u z?A(jHH0HXZ+yC6ymeSq6d87Q{AHIG2L;KGIclg=~!B?Orqg3uZs?iBWl7}n)Kv4w= z$?TBIF2dECIFoMY+2=pi$TjQlJiUSzR)n89n{%RjxE-1DNoqpIJ?*e>d4ScuaUAZhrdD}C zs5VBJcpw?f_#G&+d0k(Ma>q}To5Iy2VN(ydrWwfwW>} z3%5{f8D5MEW8Nz)R3rlw40h~9^>?9BIRAw)&uW1){(8uHf%0jL+igU7fqHol;#~!s zE>Kk*S{ag zuPGpOXYrd5pfI73e0#?f&}R0?ptt+clE7Q@D+__nY#6X0cF9WY~}Sh3JQ*3H4hRLrb7e z>?vje{^;E=Y7RveTlp)m?RB;nQ$r{6<1#&aS1)?oA7w4uD#y+>HP;z>k$JGZq3|~* zRa1GW1j^~#!Tj*;MbrIa16~DZ-Ro(37UTguR-+4wx}4&!8BRQ($r*E>uqDy!54A6I z6LjI^&*UN~Un$vZD4hJCEaP1hYMxK94IuKd8|M&AHD^{*VGgA&ye@K}FQATT>z6HOcIjhtkwn|`&l<@#?**(Oi>Zg#R} z$l~uqFH*U81c5ZM$=b2ZYAlku>ufvwFd1dCkM~l=Kjm+BbrcSEq<;X6;?8TLn9~^F*}0pZ{r2^0(a*=lotm0QiwS`!`7P11PQoYy zRXe|HAk+-498#5lMs5r+V=^fX_LmR}_mk*Dm+k&}tf4vz>Bs6q+wh#QBm(72tT?+B zQeS=kwHL{ZQyJnfzD!_DWv-Vt9J`@HL6@}dP2ANwuxptN0KN*j2hpS`8A;nJq#Jv` z_g3Oo0|*!o$|dubvE^PKXZIh#nsr09=6s`_BEP@@ls2ntf{~J!oJ_f{HGqnBSz9t9O+_;lF@>G@#!-LLdI#S0aWw~=d982P+vvr{Q?4$s=d_=S8wlkI3u1b4tmdWYJ=w(78Se2t(hs_W6C1Dv z%KEgu00b-B3{52#^3%{5vuaS!{(m?mDkJn(2-PvNqK&A?8zej`hB_fdmDZ>zz+a{2tJY@a>NaU5v&3&3B3wPC)1kpfrx9=-ySh>#{b>-cZITkp~MF zub=5?E|>nG6s?(N>k=vq75MwiU1V;&<+28n$9nA)*^}LG1bWeM57XSXg-lcG!lLVq9+jRV3C zplc-4ie)noJF*O*+mSPsK>x-QDOjoKiv&tG@3Ej?$kW98yEEtc9o-?A>Ys?YqisVQ z8mWDI#Yh*4PUu>^1kb*CzXXRyHX&0KFfaUhxuyq&nB}%@pE#rlaMo9Qxq^NGtKsc` z74+0>7y-OTd$}-z*s}q72;m)wMn>Wa6*`hQf*JYUF|D6~{DiD4FO*~i5ytocJFcXU z2D=qv&iFUPeT0(e>+BdWxIx&{R&!GVx9K__!^Z{LC*+u3LVYH5Y#EQFKcZ-We+64=D<7E4T?FImS;zYrKZ;P<`^n#C{ zFk3f?He$I=-;c!IDA7Q3o6?Y<*e0B1ibq6j)IaOXesYshcz8jNm!}@cgjlMMkx)m_ z@@K^0`#e=5_bjHS9T>o(F+ywF@u zE`IM~0<BeO(95aNpX`in}D-0sH-?P`VG-@m8n_d?zbba*K`(I^s%Q5ptkUn z&_ZK_;5i}=Sw$gMsYJ%DUAfM@HY^hLl@RE|s$SB}{K`^p=H z=Aa>Np`$!^r-rCzhK0lyDf#n;v$~v>27tv&#@7!`^VeRpdk8DP{JQpkeob*hi+lv# zk&bC1y(o5;*=7-T5P^Mx0kkaZ{8dK*`M0jmP z!g$oyniDk6m=QGQ#1nBv#|yfi7vSUfb$?DtVX#Zz`*^H)8cX$2-R!&uJlzT3KF{}$ zhZeuOZ^x}4-7dGk< zKtoc2QX)rVn5*OlsN!ZXBO1(Dqp%Yyp^QDO zHiVA%?gS5^o{~hfEyT2%-GvHfdxc%vctOWBsrO3pf`?qPuX?*jEFwQ~(WzP~FdzrW zq*g5gpG@@jO|>Ztx?`hhl>t0fUx`C*AIRf;Ewa3%)nctt)DX1D)-8_AxMZhGgtLww z-Vit@-;N#?Uu5Tg&7Kd-GkoTRw#PoH-j}~Qt+?%>k~Eu_>#Z?j(cULEdM5=HsR~PZ z982m9MymjZ9K)*om)YdJ`+DT+jPAe zf*86PT)B-i%_t@af^`^A>_E2a>;WX~d7-tc^?#x{Bk}v5PJ<;iZ+H7AT~v9c3dGKi zjx@1b=*t}ao@8XI=pN!37BU5#WjUQe4d_V~saBMFH+1C#~)JG(7 z9xJVub}NT;DyM)eyE0KHm@{DSHZ)XT#%ft8d6pScg|~`!gHLbIk--=XmFXd}GeHt~ z(n9wJmANnC&MAiqkVLUSdI$fCgqPV aa5~R%b)_?I!vlC&iHyVS0ce?0G6cXf`lQh zou-=0GgD7gxyvwDJo3CII=bJfOfw%%(_S^bhLT(aLI$8QXTMR%*<1)A$}aXCe7y+^UQ-Dp@=Q&a$YqNa8KUnX(^Dctl<&!a(UuQTYCvJl=jUy zadfsUjdOWTFV77I@huhI57|Y-`onC1tZwRmWLI#usL*{i;#L~CutA`OT!&GWHdy_O z$H>`R$B|jP!tmiCIXy!nVAzT4E925_0 zLE2^-9xsiJ=7nmwG5kkYPM#?rr6A^$$7d^C;^>L4wr2Tu0bkUKs|Fso(&x76 z7GA2XUv;J?SgTDN@i&zZe{cZ#x>t0R;B5M|S82AJR+jM(_6=RWC$ExK*)7C=pyEi& zwtXEbVI2rI(Sn=)&l7%Ltr^)05-cbtuaTeNVfw<69`c9EN6Znk#g!z<=6cZ|Nr=Mo z^_v+R@TKZC?oaMFwCZUhmb_w0Sz8SyUwusG&o<^2SO^3WrBdamAIAX9rm|IwABXs}=3lcbgV zlD{MPG;tn4l(B~XG5!RDGD5p+ccK{f0gs{9-*XX;uQNv&a!g}bx?$(fwH|;ao#TZX zp~{;##w_rL`CWOeRXup{%#LI?oRqz9NX1B39FXdrr|Zll)AJ6OP-6u z__NVqtilA+2D<3|HOftG;lkHd18B!K{Fg=BJNY!g)q-=G3&M+J-7f%&W&DBjkKs?I z3#f3ef36Yx}QB3X^BwWOT8j?jZk+i{6dAK(Pxw;g~^XGjMSg1##Cg) zm+ruO)O7N-Ila*Ff3t<}5TOWiib&YOSGJh877ROB9-yQ>zs;W_vK7lpCZDzfY^mn6 zy`A!cPRt4Wbv^TAHZ%2yP&CK|I3F^;S*v0bvSo`jTyh?7V5)s`tf^-bxozaRSRW91 z^VWuMCP0Z<3xOF`7-y_Cgy}Ez#jy=(Xj&unY;xZ;BqW!_G|IS;rnIDoX{+2xqSMLZ zSw}l0qyL9TV%XS!Xac_6xADt;8-~8zx4^fC-T@I8OzLL2KoEVmmtuAu({i066O-xL z{0h~eMQ3-WYK|2c5DOP^(oKQn5rWDL0(0uLT~S~rT9;e~(kUy#pIBC6vZFwZ`9@Sn zP6oj{{;l$o9G3W>Q!aRO>i!P0iNW;w{m)ED1>qhsG2hYH0`VAr=aNfyM8e1n-`jH4k3W?Fd4vVR$K2-<90HgmV}5r0%^QZufd^#WqzM>bv_4a~ zS$xlL`tK=WbJ^vj%LTr9tZ*$O?9E2JL219gQFTPxe$O(BQlnLNtWmkY;!W#w56e4V zO$$|(ihU7|*0arUpufAi%&GBRdB61PC&JM@nYTehro-({GrFJx)C68>wnnc9or5nv zN=5n=!l3;x$@zJ3{wO?07fmlLluU?{NckDh94_70kZxu|QeYTVL_N&)gp8u1Q|SR?GfvmSi;NC)-7%%f`Xl>M@GRH8_65m# zgLhH~0->RIh$yC2rbV-T`XVyUJjo#dwLPG~JbLwP2JI!;IM;hsj1`~da9#E?? z#;Nq=Z}X_b?=xit?LsgFd_#Mjg&?QhVyrU8VW2YRAXc;?oN*wj%|W5lX6ISU;PH9& zz7GWqq1eqe)tu(lUX{*WtRdYD7n;nuj{G0C0Z=rut|Z?{ z8*1Hs@kpAs{mloy>gCZ<3}B23>tKf{My?H}wni2^G^{ z7D`VjdanR}^b$mD_1|egA?2(xLa^{2o@~3yF(7a26qVV7M$Sj5ZooW zyF0vX6T@NVFXX=jUJpQ?RJR-;4Y+XMQ|ze zJ6teh7Wir{Ui@7$ej+>%`!iGh)udTW5Uq7TOs5Messn}tOvw{QyWsQQjHA1jI!^&t z=B7bAgjuLz9dp^x=1V$tldo?)F#%Hdrl@H!fl=J9%do$IN zW;?=?W>k&u4zVn=lEV4{fY7yW1u^y}$(yJ1J`_84nNM}bRY6M)UiIf)l)9@Lwf}%= zVnP-F0B`5t34gl04l&Fe3N-?r@ce7RP$QMYRKJN^0hBR${|dumIYtHx8xb`aIG9&D z`-lUxeyxcHnN#uFzC*?0kHS|j@k zkR=Ed#V6w$Of?jS+}?|mgsVHMbFgqQ3=A&)Z8}D%$ZC=Sre~T`N>zvn(j@?9T0xIT z2HP5^?Je!kzg%X%=0J?XjRk$Zr{#K#2f5+YkX9h`oOZa4-)u0BO6-x*?tIrKu=|DW zbYgEap8Z1=B)rJ8?O}8m;W12=5AvoP89*;Id$ zM(2p{WR=+Uu+nMv18Czizl~UeXL@NWAk~uYO zLW?7vsx^W~AckdtF7^NG{a2C61OrTo_iKP3eX;JB;KBIKnk5K}RAKCQEW2~h3XCMY*jx6LuNbQM zXY=n~Dzgm{NsAbSWI3zs9o8E-^GFM5M#?yQV{|f$DX?IGGeP|%S6%z=<$1T`2ZLvr zOna=ULV$?ImO$KEFl%pGY4^cls(4w9pszHpKp{0YT?)Yn!8E^E$zL5?Ax>)sCfdlU zn}{azFVf{96u?2>K{-VWUQn6#NK>?H9Datf zb;QLytq~2Cq=~R0{N1KUgD)X+8!O?&2wckn6GF$O0(^%}q7An%4zTg3lEZi?eCsv+Av5b;xE9iQ`Q#4Es zCzf(-(TLLXV?W(-wc}^jzmClSS4iKb968Pv9oB9&IP&$h87B{bdY&g~XNRMcmxdTn z@8lW_K-myw1pqqunFzJOj2!m?%ve;eyo_B4!fYnqs!Ii)DsT&-60%JF1hO*OKS&U2 zw?6IstA)us9+l%(B0W1j6Z%3byz(qtK_W8{i?&3To;Zy2#!dPy#~6~N$FGFIf{0jw zNLnM_#4oi4Sxm9*#OaAhf52T+(4~dR4q)}_%j)*CR6gY0<$KJ}pw@7r(=WEC?j0Qj z7(pF%GKdQT9WsbbP+ipDb&qZ0w~I|uDXDbK<65&&qeCm~NzQhJOL4*__^c%o>VDTX z!t{{&YOAqthZKet)b2GKpJRNSp zbOKJAuYz&_q<+{W!hwHe_j~)6>BqoZdA9^sJL*Q(&i+PQbCU(Nx{DQEj^x4O;YlO= zK#h0dpN&3_o6TlOP1YWsOh5uF6?a!~ma>ZOcV~iIix|pls+9c@(Y?j@g*4Zv&J~u4 zP47If-N_HmVnmwEeT6K|wd;TZ*PW4fANY}^tte7v=Il-3L_*%_qes|?nC}#uz)@Ui zcfk*N6i6uNuN$?>dTK~$e~O`IHttS-(j*gCoT9X4O9j(;ABKeLSnvS4>OQ}2Yn zEykexgua!inNlU)RU?guPWA!UGG+74p7rhNv+Z`pmAqA&a+=fp7VpQ0k;&=l_g~dh zx6ffEvq+E^J&qr7q6waktDK8Btj&q1d5WEEzok4o6I;E;5~G&sPDXxnK`RoAAe57O zdQyICZ?N!{s^2^i5Y)?2lLe5j5GnI&=fr)*i$4|tN$ArjAlN&KDpP)yD<@Q2L zgYo`eYD6l|$y~bc z2=BrEK+N++OzL?FomxL;T))g>Mr=$v>qAyPBQJIAp=gsf_ibHpd9{>f|hF9kYWzu?*uPqk{d?ML#ejr-c&6QBKAYfjitiwKI2GrH!HR% zTfSzBU;1m@z-ZCRT39r9^zIh@{z*_8IQSIH?>LV|LID`A$W8jvs&fF*k zWSx4n>ZEd3%5%T#5FNkQ@xtJc-Etfm6fHfdjbv;DBzuo*qsu7KwYuHO1q_5af zcUSl<^lhsx$U4!WG0hfxG^09HzfyiJv7yErL(h#eqS~=yZ@bTKiQli*9<^hhWlq|* zA_KtE>s8!haI(r3IOqmmT-^-s!ZR5MDBvSHUB3%Sas@Y(?j=}1zX%3DY%kYXthDMYjw0# zRsf%tCrSRqtz>SKXS-+QC7?IT#QZmxFH)}=)|10m>U5M3D*&8gBE);E8Et~P#&H4* zo7sUkLvUFEy)mVgVwuq}I5tS>Ocf`II3j!b{|4{7g8^1Mt|^5@v1l|0_YRj)XrR8_ z_q+l=;3zkh=Iw0Qf5T{V^_H-B?mkYrT*%aaB;G!j&8GD1?}8c;On|=b`E1Jdwe-D6*8f z6?F{-A{g)}VLEthGk@`MG28VoTYy~m^KY;OY^JMmOSwa z#NDtZ1){_HfTy2&(d)dvr+0AhxY+{_2~I&Ne;OZM;rH%6T=XNP&_?or-Ya)&Xq4bJ z7a~~@s@Ql6wtY$p8TG*GHH)C&+NwcMV~tvfaO^cZ7O|l>gtcrb!tRq#2VyviIE*9e zN2jYI2Qbq9wvN!Alxs^))CSzRnu|;cNLwF>ZkfpD0xn#;^)kFOLXv@4E2twfGx_){ zUK0S3VPBcws$!MwXM?Sh(!jE=2?_qX zVgo4fZ>Q?#QD=ynXuYhWOoCG>`X?R#juE?6_SUAH=)eQmfO%b2_1f&sE{PfQF}0v` zD1*-X&1mQkh=%<{a_r@kincbQ?A8-KHULELnd6v0mYogPgBbq^5F{yKK^-I?oA2E{ z#9>sTIZC3RhEBq{-0cc=DeGOsnZSm*SmSE!EP$DLMdZS;(N7?@+J@?Z4e6D>rEvbW zI0-D@fce2A#L|E9wHl73xC$x%#DqEmhjq|7DL!FdB6C(_=_j(TArVQ)-%;&^6=G?p z^vPCA0a%cZwJ9ec;VM5Xpz9FW9P$sZ;bo_en0om2n?2r0_I4hY z%yfGqnTm2#r%c?~v}Kyz8UNeQ&D?$jsYg+C^+^#KqWTkw{Cte;h~WCJ7;!FeRF({ zCP?BG(sb>`7o@3t_|?cp_I!5ycF+s5k`{OQNgtzB#saZ7TnC=0b9XHZ9jO{X@I#rs zlnp0E`kFWWnJ5Ftd%_Zt>%-!%Tz4uP1=Su3hO0iMsajpzx2mAdNz1>sM>5Ku2HU;} zZ2KDYt}P~Wra<#Vy069%H0M7EC`Mif0^{4rfug*upuEVdu2u)Dl*AMaBldw+X{k3} z-6(JI4La+QddPt`RL>9`bqsD1#hgWby2(X)@~HGM$8GgvF-4S7m%5 zq%4Rg`bi+3iZb!DM)e@2H8VJI;_k3T;0FT&p6@P;8ClHI)=mCZxRkT@II_t?{ILffI}{C;0j6R<*dDA)&@@}ReHP*d zLPAC`))${VcJmxF4;miR>65{!k6MoAR(v4E<>!;fcE$dTG6L&rci?-Px-VNul$V}I ztH)+Z14Og;%X|aiRSngbREhj6X06wC1L8YGPgSR@Eo6-7zYDYiX+W6{W4l=ZkAC)x z(&CFk_a@HfU}>-mbR*NNts=&Jka6*!@%dE|PJl=6C4)zw#U@fQ+#sENbXod?Cw|X! zX54KT5rC07*$Oj^=XM(DueVf%+rxTlqws#qj6C5bqwNAMvan+CMV_5+_p(IWB27{||9#H*o-4!ckzrG! z-#4!1@(BfW1270JTRT+_4u2YQ#r<@vB_Ie4f&F_L+i4~vnUA#=e#tJa{Y>SKL+h8Q zeHaFR=UT&O()N8Svi5&uIEmmt3fHVIr4^x3$y#X-8t88R3W$sd>ElIG9FCN!yo2X+ zbnM4L_0^28Zn>RYOQ~^>K!wxT%`N$!cZ9_re9x=!PO^>hC&sOd1FI$~z(gY6_h}vT%Uj1mwiBIe>9YrnI%Dq(k63Fl4Uj;1Tc} zReZL;`_~6m#T&e;4QDZ|X`aFaB|A0uuF?TZCL()RMOthKo0Xtt&a_=GKJO8LV^1{? z&X|w+)bkL(^$knq=%)!GfJBR1TcF9~oKWNHqZJ{6F9I(1Xek4$Y#JWSJ~=UWYWSBJ zmYwg;nXR=hB^mYoDhxE~I*5XOlx-;T3oeh3ibApC%TxAvy4X@>a=6e~Q=%i0-meqF z8O)``(27FWOfceJsabJ3U1|abiq|0mt<;k~FfW&moKc5n6MA!;~ z#TG#fluTB^RmJa2-G}6+E~Xl4uVoP3uat?fBmZolg8|6u9Bq{9wO|xSzyeGCdQ(H_ zi1n_2U};zMz=Ukxq^qmayyIh9-EKW~wEM~H%L7Nk3-O}C^03tLOS2axN&ak0g|v#s zXitv?aBF*HtQTMvenufT{PZ%cwz$UhX2k{T19#t>mA7y%dH+hwHP_N7%E}Je=wt{Q z60mB&hZrg-Ag<H962FYuHzt9zyw#s5w)LP2mSC=;myyP_D zN2`7cv?KZnHz?;_Px4|#{kcp)=SWz2vcorj%PV9u-XrRZmVx7tXM<9|inK)v3@89j zU=xY)nA*YNKPCRgrh`LRPuF)iRQ+!pV+5HP`Uy1MJmWGdEF!73KOaI>Q%OT`z%TsO zeM>I*1x(BN2Y_|o?A>XdUC$+qOmC1SkG?HQMn3Id0vkD`G2$4U!*3;f8l8XR^AU(; zy|_Iz55uD25|`b$98?YWSkm)N=krdTbVqZX)b4SNM+SSk)}azwaFZKaC?ggfS1}cs zyJgib|C)ERU7=g$UE=YHIyif$94B~3n>c?!)C{Ld>8R|E$D~ z2h*14B`~2*a#l$q{OtUXHiPCl@6o)d#hb2$H#X~(nAmj0ki=sqT-$7n{HfkY!Ga|u}z8r9(kI$8+*P$Te`RBd= zrAKK2P+^M92w|sSHtx4Qq{LnM4y)3RndzoaNxVPSbW-4ji$v?D2VRt)MXg13Lze(&j;4VofJgfJ}+vO#MGyr!M6=KO9{hym>L3`r>n z{x;y*)ygWBmYau!1{U!|@(SgxJ|F2lCbD0IbUfF!iKDl}+i5+Zc6g^_`gARJ-(F%l zF?=U?%<*h0$%-m$*%ao2$}y^4R7CB-U^_2=VKIHihgu2#SI==qBhvnA`^ zHP)veGK0`6bQ?*isHzP__<#a8*;+Qw18mDhvL(MU0lCWrB3c&CFVJ~R3IDc~QQ^neY8APOy;D3TwmLS;7L}0?m+$OOx)y5$& zMy%;^LIxE$*R0}b2MY5&8h#Uks;6Dnvgz*m3id_;iJ0n6PafK_9uYwSBATH?o?Uzl zO9=%2!E3HcRmHGRe2dZv3LkqozP;Vs_^S}dLka)|=wqURNkJClY6LWp0XBY@*>kNV zD+g}WG{Qv^)w}km`;{fVCk@P)Si6VAt!wNz-W}_+Yk}>M{}5f-nk0LL**x3;%#DNE z#BoBRXMB94&F6F?ewcO%_Cm7^NCzuq_88-?ek znEN}pn9RY2r+f%~eDARlJPPBm29Oc1AdJnFBj2C%G(FH#b2#F3nXGZ`+l({z_V2n*GK%ol)&EOwH#uj zVSJA_cqBmXIyq5-Nv`+KLINs>5ta>X|~LQ)H|z&a7^n+9tUmU;xxo05M5y*Wr4T4nN| zI`_e?nLp@DhWyhB-UqPutEtX#QdrLY#G_TbRPBU@c}qk4#~dcQ;k~4^((gmFJB#FF z>du)k&6u7_dX1GbkvtBK0yDz&meGG*W%(mc)XeqU{;c;rXTmZ}{A%3d9|fSMrnXff zK$-{8HK^H+vBZ)ez35B04G}c7@;^IDCFp$QSBTrVs|ISxEL44!hVca{XIDlQC|-Tt zAJ4~KuN; zpi9-#(<`RthMHI`IH)2@$^h|G@$wB8Oj~Rd3p6~o5PwWPus~S*W{_$U7Hn$v+q4PT zz{mg$w})1|bQ=sM!S#Wy-zy<^h8_X*Hqscopg`eB%V zQ#bN}_iZLfQ7-js$?)uk1t_oZ>GH<@^=k`;<9Qt|zGgsfq@P#NXe z(Gr@d3I^wBKm8;3DeqBndKq&R%}5Fg+%zR)26jW#8VOeu(%DF0hA~@_dbIN41F|hD zzNfEPbcmhlb)8U2#vI_;EasMbeB#LzRcxTL$3#}1&TrD7dW2Xwp83qaeEeO>Uv*Ti zpo$91U;qA{GF0s&m()=5hjz3tlH<+sTuPA@YAtO7=m*1ZA8V4|{XAhtX~nn=R(KS> z$>V6e7Fo;w=6Uz@IKS4)g1SGGH4LY8Cj7)nc83&2+6v1->AwI#r&^YNmO?idVV~_* zj`=FaZaaC+k0gtfRFux4O?Fk){5d~cMa<$ORb(x`<0o=YJk(L~KL-jlJ}d`&6QxBV z*hHi~U_L1Z!++#$6oYcXXNTm9S7@PSZ8%zPQp9+n+#Kx$hSCidOQyznn>m91?*539@P}t`x&$6+o3vc=J zW|lGJ1J;A-l^zj18znLn>y2#ydz|M?Rr^on6~1J#&1Ft(yHO#1V-KDgj^h1HM0e($ z@s-ucbi{TD!dbQJ${;Hh;ue&>8=`hJzlL&mV61}EI)JsJnpQ8R^Rj27@}{;dhnJ>$ zLAs7#;yrQi@sPlt&|Ue)dCYOq7e$D&P~vN|Ej=w%xY4Un-Q$=rdLo}V@tM{yk3#QG z)9&U;*4(vH#gi8Vpe_sVFW!Q-AY~_HgA0D)E=<1(f3!8Z{+_jtK6$R6L@Df9Mh{Xae|??Kt#B@Kp5gB(D8t;TTO;(G~dR7JShFC`R8+*T|rw*-#4^w}lj zgtpU}WcpuIgO(F;t(eUalMI6kWi38lMGuqn7bF`*h@H8!CK}ys@6_ZWT-6VRTYOf3 zyIv)22ny&a*!ILVq>?l|FiO#Svm11jw-;3S#z;%SMQZ z%hbT8>u+xFoFbH@p<9xfl+#JibSogVXpi}B4iW>fwO?N(%>F#{AQnqk<7sY(wYbMN z)r|&)!6?7?NoF-zHhWp)*>_ajo-En$RyQvi{w;p|5X$Twa*|oZ%}KhFE+vvj;hm=k z>h`n3=%+T{k>CDa$3!qd^q4r_d`@P|?b&@5njVVZPQ>lF%*@usm50xlV9oN##jrHJ z1+`oonKQql(e*i9)=_cl5&e5*2p+KuDZMv42MSfUV8OAHLz&>eih#w9o<(z&?zCF6 zRud|tB0jQ$+E0|G+Su$#vl>GiwNL|#d4B`}Q>ajYb=D`$xz!?ht;G#(O2(6OE6htA zwPBnsAtj$S@5d7jx%eVM!ud?d@(HHGwd}S%9rXFQVqFtSYPC(;x!_>&|K!3fZh~4pcpp3_?Ep6|PqW@sgL%HF zs@cy9P=_4Dmeukf6ad*l(zYc=ZZS{2I-in2*WiGV!3M zFyKI?-jY4_U9C(f-bOlK02N9NH}`}6Q6}s_k|p=f0w$FA6=EyfyL~qJ@Chm zESRCA-(tVz=8Qfz%e5m`e-*Pk_BE#dXtx{Lb-c6heO+Lx0vyFICtrr#oM8B;=_b}r zySC_Ju%@{xrU{^+gKEf7M%3IBC#~jJ z^!=NE9J+#Xn6@2PY!7xk`c5+?x<9*DQXA_@;C@Zqsoj65qjETuFJWF2EM4 z5LQi_?hL=?gd$gX%R1b60vtfL+uw~gtd(a^B?=WVhfSGucBev-|9<5!kTx)hh>gDY zsj>4%S^8AF8sQR7iGu;*_Z9(}kh>Y*+0sAwdqg=&b2$SQ{~4*R=(jzjC- z*3@pzjGd92GuR@9gDR5#n;_dSc)!XxD11@L;=WF}5Mj|4}@iJSq6haT+BJgS2=^LD;=FffAq-iJOd=uj0RT8Sj1h zMNC?CW8;KrJ1(tkXKRJ#A2D*(Fwix$Uu{1&U7V$8R?b!kbDJ~3Q^3S3zn~hQ2hp%n zAm7qTEtv4#DNa%6ga?qDecsuzaFVW&{82i2_Gu(2C83>9Q18P@>1w9BaNDcb5)Mhn z3C+*)&-jGz%nW^d1Ef;DHE~u#lnrCvZ9p(@=S%Gd`t!6qWN{ zC{Ozv@HFH)Bh=hxael||$XE|tgxssom+LlQx!1Q$*A#}I8JEW2_4enMiB{2Db{{WZ z7SfNMm19Bm1PB*0?^_=XYM4EpAJ4)1ggwqS;3VAUdas5a9;gR zwwm>5jiTR$KSXWhgET|8ioxnP-rh)i(ID&6&n=GWh`9d(_EO%(4ibaB<(?8c{+tJS zmWr1ggP|54D>F{IM+9A0Tk4H}AS)Y^QDpj0ZZhhPVE)CY);^Y$9rtkx4jPZGML6H8Cq-3ndpsSfY1j zXx8_O9M@b#DVz^zC3heWkxezS$P@Sh z+8g3)aOFblspANx2dWwH>Onknx_b&vhc9Z;wKiLiVH*boetxtzv8f|&e^y?8Ez@SJ zLel8k_Q>B3{A7rg>k|hGexI~JhUb!#*Os~&*8dTShCn65_h+OOs%(RlA9Q2n`J&KL z;O(!EgJC)e@F6*L7$i2Z%!E=x`XKP+$ZP3uhcavycS`*3EiT&~n z!#4J7F|PAaN*WHAD8?)6>|iTM5LL|uh?wQVq9fwfn<#DgJkk`Q<7Lp@xBeparFYpO zO&LaN<(0}EJZFBk%IyXm#i1529Wt71d78Gyh)UF2Vt;oH*X8o-PC+WEi@(;VU^o-(Rrz~QcX0TTmmI`T#y>mSgVcQA&PAV6=*0vWs!4Nl(7$Epf1-p1j~F5ZG;5k(y$_s0ZJxJJQdxk{FG;gzNKRcg^M(0|bmr6n z(hKQ`wQ@`EOa>MPc1p|^hk{(+m0-MSM@>CQSSh)n7n)J2%xTP$6yyKE7jxS}BvNtH zX{5( z@|kh2l(05%x%=#Uj2L2zI>}@vuF)~-;2v=U>xz!G;Kod6F$eGU2*pFfG()LCxghq+ zn|cVmN}-d8xP0OC;n^)K_Z7z76nN>!bvm32oAH@nWb(a$*4f6&og-$qjTY`#_B5t` z^=gHFbygpF?4AMjoPWU20)}>04JZ*7%Y#<9O|f1*Vi zJy!6~ z&X#xXe4~`ATX+_s+oHnUB%Az%K}@uMFF5KybwWK|izlQIp24XQzVY9qXQ3tCoa)pR z1x8XI4L)oiw&iARMZDU~4~nj8bRmVm+Al05{OQ^SDuwAw0Id2&vSn2mt{f!S6>^8> z_ez=drN~kFWxZ{(_G)=@9?9 zCWfDhGP?JjTLT)w)U0;v{OoueG+>hnG#n#=H99paF;7oroV!{G8lDlC<985p^H@-7HYAYANx32%$m> zsIAL=gr3{BNTFv9h~d1oUGl<#a4A>Bo{3+br}m(ZTarS%#$24x6FCE&mkf1@*~Yb~ z9!~JBdXJR&EXkMUc(D{lcUrsrzBo$X!!nLPI#(z$D3A5^&dut<2|g!>yI!vil=PXN zBy)mmR<}tR4_;KqapNt7y-B994@l(>sf|$Teq4TU4Sl<|)3l#c&q&e(OqPoM3@?+`+Y7*F7}yu+uX6A&Lxm|CWs3gVZ-;9;wqUY2&S|VE82IGj1QLnPL%64v1d{5-z3uWc`&8s1sUf}Xv0sct?cvVU|cp-tQ31(82j=KyJDZ@N6 z)4g)u!`ZVC2l?^NM_XmNrv>0DPsdFZlTh#rkZci0ahr$eu24dyfLJ++xLOx>gberq zqubT@6io2mP8;7%35ADGA4_OfrAl0-No)dZ#~6odzM4Z=;=U~JL4Q-X&y4n;i^qY4 zk|V~eUtvfqs)t+> z-j0GiklEeg>v3kA=2lzB z@A`J%hmDt07hkY?*vF#eara^)<>|u}N%W{~8-Ja>-Q%YIY>Q?KDB6@?cJp@S>ge~d z-gUuDtKG}i>CE#zAP+qCAw5Sr9iWXqZ@FHb&w@7FJ=O%c?$8V@1>2wR&pqzin_lam z)6}e42)BkyTkfX9aHd>ZMR9)LPx#CyX1{Q$XY02u3a$b++XR__Or5Hsgd22GZKHH%Az z-3qrFvE6+SPq<6&;7 z1^Bc}U=UW>@1TJ3L9Pvsi*n2LCsbXhw+-7A6qqLoo%2E)F9N)Lp3cvinGIGs`kqfT z^W0=E%4WyOMtGyE9zI8TqOnwXc)kS)yj=y^Ft0G2d zV`DG6B`XZHQgiAFl#e{H_iV1+er#@k2ME!PzHF_Gu2hb;U8^y-FAJ`sC>~dP+>rtw zQ=blAPPahJ{4|;?27m=h;x*2EihhWsye{JyPCO^>u~ zQ>PDh{SWQk?uUu;}L$6qe)%rD2$fR(HU z;ZO76ub)31iV$o_HOb$-cG(NFZ?D%6+9w1*0yuYfeMNgK!0TSXrw&h{vbjFUO^J>< zq^*xXt>ePnAGzBY3{vOoysP8CbiEy4on($ID0iKCX0sm~Yv&hfF!NY6aC;-hlvQP5 z+Rf)xHGSiIW$ow;wOn@BXM0frd_NN&N?TmU*-=pIXco%IgyKFe-LMBNUgw@R%8~Q* zk6&c0uI~VW#~(!K`P*?QFtEtC^eX!{zLD zXxS}wEtQKI+?vj7g)dyGcN!;-?rMt+Rt<+6TaR~r&o{4Y$6+8)%b^ZXq24n7T6%c8 zRUXlr8SUQu`V_8M05Yf~0ocH0o1(+)CJXBB?*+?sp?IkDGR*uuOj z_@ynJ?-AOP>*r|38RYN-&y=xn8e`>F*@(2Ns;pKl4&``i#M@lUQhJqmcxdtH=#PJM z7kXp+EvRrffDj7}qNcud$~E$K9=7`}V`xkLqpa<`JL?O&#?xj}N+{8a^Hg}{z5!eHhGKO1rK<^Eya3 zS4@7RfN3qv@<F_nl}Kr)w}iNi$?ia zF{$arDhWV^CsMC-30GrZ`5%NF>Z?%31L%3m_*}B4NIKCun~po@W7qj|a8OUtf0+vh!uR@oD_Ql%P1nik}W1Z5qSmR7r1BQ%>09 zW9@#WG5A`I&644=;Ifmw=t}j-jo}RS^F5HJq*YN|v`~*dS`Eo@!m)-HF>QQXi`Qwi zZuQL5GxI3mW5J%Lh?N&(cyLh?4}6*3@m?n(3VR#?V|jgEQ4dgF(YMY8*GsQ)6HKOp5vcdDun91Z)c5PM{W~K9_LC0k$Aa-P%_P@$rX>( zDS3@t$x-yhbyM^F>&m1YmlHg@3GuYjHj!`szzIYF<}5QsB0i_3$g4OmSM3r$u+001 zeyOt-ed>Z@^xubMo5;nTcPWm7)%);`#+vZ}gqgXUf!?25askN-A|1cG7*7nXqHpT_ zbj!>aEsN-Rk&(i%#9aNpNK)%B92zrLRYDOrqnCCdXfplV%evn@8McQTWo_uC(S%P& zpxtNCfYL6V@@uTH+|lb^VR70cF8@QO|DN)YSgS=P?C*dp!^PluH%V2B(M@@z+|!utp99;*~8!-hmFMhg@D7 zMvnCCB~WS&(bOT|E__nPhoMg(@x-?D&5kvzTO`y@f~J0ryIWi}zS3{-K;qJ`a;uJI zM*HMc_f9FgFWgLKw*aQiDjG*VlG|Z9NJg>n?httVyGMR|l6?9S1`&LI3OoWTOyIgt zX^Op`M%xe^zONC zxbiR+Cexki%^YIB%7ke`f{z4k}IK^t0zfQ z9ZK?&{6~SrKvPqRp~f+3y^PfOT5FhSxdqUsc+KCbL1KkIS}4++S?W{#O-4?;y1fML zQ4$y@7h1z}ajmi!k7AtT&E1FzS;F`#`-}W>WIzI%UfNGi_b`Lit3PL^5kt}nMsdfg z%V{MTxkhwmT?hYdZ{f?yO|dk>>3auN9+$lN(>zG1Tfd#857gY(c>>X}@Q4B4pm|(G zR@jF5H}-@6bN((^?Y#d75We_#X!TUhhwX!9A=G!Rjc~O35LY`;Noo<_ zHe5Tg@SLiCAb3Onx69D-c#9wAglO$3m!NWgT5Dq-qb>dw&Uir^&5c$_!h+tNL~+oi zHY~KD@4}g#i^6)UcubFRtSr!w&9h^fI1QxE;48rMSNm^^?oyEFapaWo&LZpFd)Kk- zD?22is{dElndfal0fjGH66)HJ(w6d=@d5l2N>9#p`H-3yhaSp?n+|6^nOIZs=Nh~5 zSynSO_iWhKFL?4lWa4UpSH)U#N?w**8CC>Z#{S^#)FqQ1H^+b| z$#Fc@w$m~33ASxR)?glCWWsgCb8}}y$@;v~DIxz*x5lw3aUs`((&Ro2pgOq>DNGDE zS6Z~GTIyv&LV)!*N-d%=^wm*IUQ$gpVY=-Y)i3pOHUD~E$;rW6t>TuHt1sj3sXm_O zwm3F$jz17y1Mo2)>_yrB(aMNhpJa8OWWjZ{hEe74%(98TI=K5j-jha-4h)#NKH0xF z4SFqVc{B)r)cJDm0Ni!39(#WZbQubEcQDoQN|7|f63~Qor(L8~TdXtw=vXujWJ0b#_GmYA# zEgAQ`UzG7=)T=|$r`7?@d#~*DZ(VB#nYda^edAXl>L5N}XO^bs>Z;89H=r_4-5Q$- zAbqtr_bO!X^IhkCKjA#TSxl=1=%h=JJcP1*WR1(hRFu^(;w?u?Il!($>UDhmvvt|v z{zO?82H2K6>~~0U_jP->AbTq8RAmSsU3{+A9aPVIW7!|~jPmV>?{4zt-}Uj&Q0)<) zY(=mlDYUo6Ck@`M?fbQc+WV_W)wQbTCKl>5At!rLK^{uh!vpZ&B~rK}v-9&cB=b$_ zq_uba&zm=jIGA$Q=jczRQ9A&bCOaKWhvbI2gIE4&6X;)$wdTb=L{a>rk{ z6evefkt8(TU9E56{ycFhIvnehI#FY zJ;wu{4ii0 zFpO+*H9SxP6wxvX9zrC{xkQzSmppU&u2WeF(KsbQYEo5uw zoHihMqM+6r;UI8p%0l8(F?1%djQqjns4sUjDeoo|G2i+?03lLmE>SYU~gmC%a_yh^OXs{R3ePPInwbF zHL%b2uRCCE;OK(C*XVnbojH{5Uh_ld(=3WnHBYR7*;G5?M{xn%>p%@S#~G}@Hf<*; zrgc^YA)WW(){@5GGht7SY`|^b*VLMzK<(A?nK8>6Dn_iaB`=nzI zuYty$kjVXzueAuU$p0c4ziEh|`W=z+?hHFU^r%{8=|Z<*F#tC{PD=YQtQ;A&KDN2< zX$1X#jzmy@!L$n{Sl9?*eAtl&r(}Q+4QhA3%Y)O1k1h4uMA&mKMIIaSXl*!sjhbB0 zojk=qJnSXgTY$&;poinimFME1W!DbwfF()ICtKg*sk*fE$+fqG>n_GAh;_*+I+MJ0 zAO|phGhUMw6k-qgPVC<;#|#S;MTcR+C0Lv*9zy;-FIXH#4nAHeaa%=3Ms>c{BDF+@ z(4!V{KtP#d?yBy1vA z;kOV5$aN@u1dA(I!0R0@Kd?3Zz2v$W-mdXF^#3vS)j@G=&D+635-hkwf;$9vlHjrs zWN~-*MS@I_paFtAB)Ge~ySpv!8X&lRdvo91-}lc>)z+z+Gkvk+Q!~8|sSUJ`&NHPo+iZ$EfNh$>2W++uf}3v%q4pV zLMneueDb2aZ|88!`H9pUZK##gLz^o%42%D^0mGCDhS&D`g&Ts3cP-2=aF?Ri_0OKp zo7<3#ll4>nwB=-@d_qBBc^~`?UqAGVX>9?$dW;0sAR%p$xdp;mKs0-XLn3u7Dxv;2 zldJUjd$AIs7q=%`pwb8^m9QIoeb1|xR>7`(888D zo)~SO9%w{eR8O~fWm~PqOrit#6~n~?ymC2KL!SqEj*WA559X^4hd9s0(`{yzbeELc zIj5E(=&7cCG$^rTRQ$aEU?2_uwe@kgGVD}0;L+g3eyTnbA#LtUK$rKkqZT|NsxSLL zV))50ZF%LE)-lw#^t^gu!+P>7CtTkTCp(LjS^>hrkTo`)T+Hp<@Lqf?9*I*f5k*>b z?Is^x@jGMA!P^}Bah^ce<=WXn6VWpJo?Cyf2gdJamq=zCUB&w@~=Q#vh#l-wNk zRsq;f;>DH>x=lTf;&sB#qWd>j#Nm)-9zZG1fuY1nKbZHLo)Q#UB{iN9Re^^lEw2bR z)sQ!FeA%1GtAz8P+_BAwq{a{Xzh}VQ?)uO<>>820Az(4Z5y+5fc5N`FN8w+@Z{?C4bOXp_u70bMxZQn{=`d#j)mahN)`h#aFLbGu(ka_ z(}i!-n>LBsvktuwY-s!aj^OH^yL91)=0`p*y+}8{NcRBBCB!S2 zgRBD0BL{YDQ6W71H5(&hp*u!m;R3=!b>1Hqze(QFV{M%x4Dt6FPC<*lTSaa z7&52T6yzB+S)^NGfKfAvqWBcQ4n%@+fw$F8lUzH|J7Qd!CoUth9H!cmg*g+Q^l~f> z!iP;H85!qdT$TfJmXgi3gAp8GQ6pS#H9PH7rBh5*r?&Ft$9a{;)d!!WMH`?0q+B7? zVe|C+h60}U*J8|kfd~$odVwhX3dm0^j+*#REt|-ob>2_(juS*j}XGv>mU((Z10F1Iqx#Fa;Mbi7va}WpYmr?$2 z`wrZ0tQE8y&9LnwuKr?P=NN&bjGHuf6W5_DA!5p>hfpl47j|5BOj(0GW+zVeY!VCV z7{7wIc#>6R?p`bw#cU8);<|x=ksj_|&5^)9Aw_N#uPBkN4dJCrGLP)w)*cm)R670_SvI{4|TS` zO+P+Up?TN8I8MtH!mhOawd%Hs;iB10mKq*CXmx>7qYzQJQHt(=|bnG_r;EbXnOvU2@2&M*HoF3!ZP zI=>{8kN@tzizTL=H8GEy)l4pyLqHo<%jbptPEpkcEw0^J7`Ecee+j#H)X#N3UK%^U zgn^P=zq|8GZ_?i}hfBw~>SX8xv_@>0bHL9E((rJ)m9E>Sj{)V*as8$=%H5zIIZ~$_ zAOFQy5pE2-RU|AnCqvktnVQR23C}n*Qe3vb;$RxtxR+dg>Ct`=-k*%87q1Ua;ieEC zCgWT=U^{{e_7>|mi#V8L^vxk;SsfZYvlQsawP1~p&pyfZYVCmH$}3?0I=A@_>w#J=wo(Ui76i&->r+782SHZ86DPZ{Y(waqlZecWIp)qrf7_{@X#1wjvmMb zSQSwlZGvS&{L^3L?nxV4#Np8^{qEGz`aj=0p4`3=B}8ZyYG*QdVEuewFk*{Z$_$s( zK>&`};U0Ug!O+x~1CZoWWjPTgq;%?pduZ(RI)A*~@Yq375?~Qi?#Sf}mO|ycUzEJb zz`NpFl4gUOE4+QDaIf zV`@XLVTWTKH(5up&b`7_)Ne0rL;Qb}Z}@9nEHa4MCoRCuH0*^w8s7YUewuIPNt@ue zPtj!*BNiVx&?{5Tc*{}#BixH{FZ|}j1qsVT?Y3wgp0%)E@IGrDu@#7x@wulR%`ZV+ z=mGKUXP5MUcX{kRSw8+e6SwSpQMQ4nXi6qz^Xam(bg6(}!oI~?N6B8sP z4zk-iE+4_=*Sj%FwwChCM0lZE3p}DK>_6_%?I{7-FkgZ18xRn=j)=z<)0); zeIn^bE;^nRna|Pk+cD661aPiIxbB&S&C&(;{GT54w&82DLNL>Q-W5KMkdbgwFC>AS zekUAr!Xe{!Q?AvQ$qp986rIR^Sr*Vfo#sJo)z5Sy$zM!%eNLAV2snBmF274KLNwQq z{1W1#^(xHJU>yEU@yUC~>Y5deRZbaig)%Cs1%HW`e}ahT(!60&Z5A>9ffDo}chO3! zw@nO=9Z3zKl7eraba_%{zp3GDi{bHx{ojZ`S}At(n6Bt?x*OGFvV&pYtn=MCUuUp# zW&k>!5J27eQ{NaNfJnY04iVesJCcK>eCndPvLw6#ZGUpHalQrVOYn~T;+7rnc>wSf zpO6De;Q1F+Ejki;5J#Hc3Jwv2RZKxi+?y)6*_@!1=n591n{=t=@7SzKuik-p&;P$R zF;2oE;`ROn9#6)r((V~Z`Z2So(>gI>A z-~l?&t9;rjqKwi{yIbyl837f6Fg7*Di%gHMI&CXEoR7h#4Yw#8tW2w9o69JQXVF#o zm-#v>l?hTe(W5A;o#8Y2q#}e@{9nT-FEWA&YZ|J_i5B0B+#RhhvqOYWmllT!@;Ed- zsjw-OD9QlX%PVI717g6e9#RFR#djK6rJBWTuq*unD*3MsF9&`dwZ@as#dRH{i|tdo zebj(&S{_Bg{e{6dh+8{foL(}vzR#0w3|?4yTq|9TEVT`v!ud>@^ZeoaQ;PbR@QXb! zICTF@5gXZz6VR8je{r04^}V?d!q2bBFNP~+0O4A9iS?>)!9!zo^hr5y6%*t0UqhS< z2(0xT-f;eB{Jm{N@6At*-adK!cfQ>t6ko^}LC zP7m%+o>RkFk6n0jVrb0yOU$>uJ>o`cwCDY?PVRqDX|(C~@QKfwhC!+N>-YSi%Olm+ZwA0W^3(&JA}oSs?+{CCSvM|;#4~zSnr%MjP`6ozc|># z_X_?W@j5K?amORG--M-5AIk22y4SVT+u9Z?H16l-+}>>8!pY!zpXjhKHK2{ZtZDr4 z;@A$w9kVgI3i$9at?}IOjo1|RdX||^!Y7l0%3*7L13lEYKGg{|H(xpVYfMe9V1qBW zA3GnahmNdpP5MPMemJi&}KP~#@sX3S>jhHSuAf45; zPcN*X(1s}%$#!xG&XA=F$Z54co|wi_PdK~PH;yX3RoasAJ+L@0Y|_0Xq>;^CJ=lL0Igc@t!3RaYhnzYfp{rxCWx%0-#{R+oZ|Pu+ z_md8=`W~_dS8yH^q9OtIFVBm4q9=};4VH^Rj4q`v)zIkNRq{cY{=Y0T`ogmU6pT%` ze80=gNdyw-Ao(&sbYG}wiNia!s_^T#8xoa8PDUY}cGkyA`u_B36O%DGOZUF&T3hK; zZem=TAFtAWH`Aqr>Ymc6B3H?00{257{M_McTod3VD0F2aQ?H1rn#=bU;VejWMqgWD zwPz7;zhy3_neIt;W8&klMw(xFl7%+%@Yxz!EbCEI(lpG5qkVI4{g#>8IYZs;uoL18 z89l!5Pd@Z))CMOfnv`BmveIL{d69blC2F^PB_YT{?Lp?X*mn#czjKm2N`T5(&{6o) zK&Y(lC~hck$KyqLu#|^rzQYxk-iY9EZKHQ;Zml4=LtI$?{z!osRM+U3gm&s$onjK+ ztfpq*Jw5#EOvS={8#5}mKf*QHefgc@ZV#`=4#k!H_EI8l1k0t7(8jNkPtRqy8K3G` z65O=yqjqgfP^0 zU^R5i23lotZ+rWF0vox72`MyOaKK&VdtU;txd}a1=*`_iuwOG?w{LJ~l<+t<@*pkw zC~`Y?VP|#v0i$o~CTD<_RoL+J_D^K*V+q+-0ya+eFAkBTtLza=Y#j=S?5&t=>Q*%Sn``2t*f9rJ zzlB|g?!_hiTBfp@Tfo*!^*{roOJnbqh^GUKgL~Tbz8Uq!OSAJR;Yrth5!=)JFw=^!F{B&Ku)}$&?sCx( zA4iC;kR=U%q`7f7^1tH@)99V<{;}Sl(+DEV9D68b-58tg?FWMI%;sHuID44GG_;xN zOqJ>)$8dk}aRo zyH`?@5YEUGX(n=c#`}sz!WOT(T08?Uoz(-Hr{nP9xHyaph#jGgvYPRgQq4zd|3|7b z!Bl!EA1N#;0E>JiMVe~-X$xx4(kn!NFl7P1jCfK^33*KmIqgtVVkuI424#dJ87@_l z0+n(xo>)U3Ue~Ge-CA-{GTQz9(&NXGH#SG83eynuFZ39Wwo#mw&ME@j%9C6oaVdEV zfC+i`p$9pyZHAf0h>h%uaRY+}Eou3UeBy~xK~RP^P$oHY-#{cuFiDI5*@si^XM@tJa3en9b;7*Tx5 zi)NaFgEBM{(^`%#=+b}kL+0dhZRi_revj;paB_LeZ{Hn}4bg8eO?mY**(rOTKlo)k zngC@3X<~`j29_;$hxv8)FV@Y0(d3IR=Qoag)JZ1eMIxLuUwe!ucEkyPSZLmC34T?h zS)?j|+z953`6{vua4HOZS~3CYc){lkJF^aK5Stt|TTtw#p&cLFAC}|2z-aZhC$;Hp zix6~=`^nT`o_4yvhp#gFHgjjglG*NZL=aDQE99$8&**#yyX)OkX{Ww!LjPxKyS4B4 zP5gsyK~4gZO=b9jCsO^1D|`4FsB#T4Ufv@fPeZqV#I$lWJXUZraqp zUU_Ktgo$TmP}Vy;CQ83VWgvrtEgT0J0A&#+q z1^&QX6#X5Kb&1^0=78wbG~w#_Rtqh&c+2m5-<;8wW5Roj9=f&pO^WEMLF?ds7>C%5vBZ5 z$0nMt0|Yg;DH8IF6V)e5%NN6cl{xE^lUHu2=LAZYeS6{r(AtWl`_I0r?%s)t1e;b8 z?qOd9YK+viXJmIV57np1;74Ts1pU;O)QHqE;Tx$eza3Yw0lwpWYP8}mHnozF9T&DJ zBYSSmKjpC(@bEp^gzS~K#*#XSYP4RL9eMDA#nL6O`X<56>=68*Hnq>Y^Cf`&6$^H0 z5j`N*9>)so;XgZ}saa`8L5Gu5bHJ`_9-?XhU%T@-3^WEShbCXEaOM6e5gM;~D4zw9 z1ZQ39jJvJvsenJI+{z`SxMElC_GP9>A_b$a%`SEAQ9K>Nujx6q{XSv2SG!l&yv8TZ zw3+!5o%HP$SslKBHMohqlDp;C#2dU1Nh%Z$8)7lKq;VfqYQa+RrLyi$)PLRgnBuTDkf>>G z9txSVHLJugY|P=P8kr~R=&AoDZdYirff}SbcX`5 zUa7Fk-|sks-5CQ&M!Lf?80h<}7ikW|-~<+aLYH=qN8%KO#z*bF5OP_oK6nxF^$3mk zKDrB;thdGlS^-gSCuQusXI6~E$wm>KM;Q5RcvOn*(K;*m?Z;qq!tvV-Lll{`Un*qs z4DaKL*^YpmEnpD-htRJm> zb89`wld>gV$YD2MzG5gl<&Im3{*MFFnog|UmlDgb>@L8rYHk!j^^flgd(qK=nSCIh zQ9`=HtYEN}W2P zWaA9mlqmt9X&HZMNMpIWl>MgCQTjN2qS`KCR4>Ey_JTgs#`Uu{=7@8^1j@PPu5bCK z%sj4<`Ic?}Gtyz4Mi6IC4lCHmFuuZoo#HLEbQI@r(eYc|T1VLlb(I#aU^?53I?GPZ zv%ZZq@Swl_GZ#cA)^Yc z&{y2&fd`Hm*^Z#jd>S%cgd~yPPhq&IG@^`FdC#rhDIS_m>w{>pDZ!nF9D7h|>1l3? zf+cybeFjYFF_7?Qk6<|=GZnv!#J@MqCrT?JI;aC3q7@5n)lKqLl(o(jp`2K`)&Ten z2e^Ipey@m!tswdJfkkXy2Ev34RGJDFIt{3ejwKwWpk0s1qRRIY?Kj{=PN;ilfNAaK z1P@DYvjL%LbT^%~qK(rvYPD9o1V>dxz(TnMQMawCz>EyXJEbEgQ=(ceFWL`N`8q_i z6nXb5R5lwf>pNVwSgE(0Iub|fJOG-$WSe8#tE5EBode6-@Z6r|u>nihTme%9fZ38Z zmw~~qBg~N-bKUteov7wKv(nLT#w3`)2k$QRGjnU{8-5u%f+rmZC z&h0!x3Nw*qM+dy6u>~T--Ue)(MvX&tprcEwypk6u3+2P_n|6wz0|^!IcOa;**s`?% zDlC+MDKL}qY!0)Gq|DbeXAY@huGmPWjHjw%4r;-tKCyD_!;3s;vZ`C?B_v_dLnuo! zm=_`UofO@}#Y=KT#TaCxqasKfE{U-G-7q%mn1EVo=Oc6CT0e)73S>9bJ3od+V_SB3 zQ+s;_<3XzT-d}3wlFW*r2PoGDMufgQAK9I|%Aekr)XaJ%KP5WV`%VISL zdLPKqZR=fM79JfO$%?=DE-^C9o44O5wit%5F6p*Y$>IoNICU$(yB za&qXg{CsrO=>2SHXTB9bm`W2x{cwS0)^`vV@G8waw_u|}S3*GO!6cK+w0=oG!=Tm; z$L?1}kTFDy)2VeAqnsq3!+tXJV5GEkyhZTYdP_0k2$GY|oFNDKh6k!UGo%K1@dInZ_`gqhO7qvFcZKyl%vMx_gOsZ4!*&A^_kSS{CDsIK)|pHClY zc*qr;)mk`n`h1>P^F{}fJ7}f>JiS=3i9QZwJ!^duWxZ|&O4u6&gI<16$=S zosiojCQT@aohLfcr=y)^dQY9*PBbn)-lkAlOyZmY6UA*;!hHN02sa~4&LH#6;Fc3a zCn@o!ikKDXMT*O3#B;WC%l-Grq$@7-VMit%>ce24l4ZRi(Pcvpn-Dx}Lc|rEmvoC0 z0ESAiSo~08o@AAt`G};BuKt1JoSN`}wIAZCav7lNExo)Kq&cx7|1RTgNX!5>+*W^G zdHKcLLP6>5ca;L0gbs2niA(`8G@>!RC>b}vPN~x3G6bhU(*5&dd5VQt29GbEJZOW#r8J?PQK!eaTD_(Ts5Q?ubUk zx_ak(B>p6Nm&$|+vV!19LrVw6YA=lk<)k1gd5=Kxv7o6?!$>jEriz71u0wYay;UXv zfB53hGbqbp>&VT%Q-&RthTKV&4)b0qK5B2N3&+~|KnKdCo3L_*?8-cryeyD9L(h=Ug}g2Oo9suIx*jJ;#F+?o96h+>3SdO#ozC*-0DlT>yLlBk)xnV&mgU9O77Nf%@^7MS9mj|%l@ui) z)D3D5uA!19Pv~Z1u@}W~e_^~JpQYfSZWadP?(G(CvyebcSr3suj-rUpQ;J#Ds<=^R zSEkG9+)5oxP5s|rAQH^=yq6T@FaY0uW)-e#gdutkIY!eXJTp5580*xxWue z+S4Wp5+3>Hohd57q=8m3wyEeoVjq*5GVt6g@ud^Rc4m)2uo{?<9!uW-Me<;{KJ=@02Vg6`O*!pLQGfE4V=X_x$@*}1cF>` z{S-&$p8PTvzaMB6k^aTB@T2FAH&V$#1^W^`();X!kvr#kaTa^edg$Z+AXm01k9@rq zVXieA8phy>O>NUQY&?yz#Tr|QWgS&~ko;a`;9Gf(8@h$@9mCXI_76m;J1Z`%<)uI% zBGfIiBtdetz<*FfKK=x8qaD3OK>lZdzrxYj=KK`RS+!4`|I5OB{HTpFdU{?#{< zZ#AZ3#Y3%si9ejarZdryXOP5RuD)GLFCcY@OOe*efbrHSutDHm z@Z$F(iJzJ|Cg{95>VFP2h7bA<*ecmdsNkxy4{)x<9$3a;jv^v3OVBpnCv+lUk(8jZ zNvABn6}8?RSxRVfeCYor`nWTuHwvcqW{$LIYObN8s8X-`a^5fOs}?-NKSKLwGog6) z!u4%8o0=&Kr~PPtGpyqC&AR;KGJ=XV4vY;vvB}qpSn=r5zjokvuz|t=aEcpAK`6JFcWG(GStrFD*=?p|c3W(Yp5RxCG>AkaIMrXAOaWH%&m~F)Nmd0S zgF}2y^A^^viP^mgE0ocDneDcF)Gau()Vl5>FFPGbreErGij9f%R&9=>;g_?1Oo^s` zAdxjK{QMya0kE;Zbk<`FI!&njp!Rw%GIv_f%SrRgPee{8q1TfdI4VHp3CaD#~0I54$x zTN^4Y{*@s<753#IB2jwP)AG85YxO_2RrI>8cO9NQ)atZ6%OF<5WKzximE}0do-tAd z@TMrB3NM%_R3H;5MiR!0BZV7;V>CBq@IN+km^~|>Bf35JC4$26MKOrlo5+QTOJ#v{ zpx)&HgkYGI_3b!+V@TPecWNe|;`o=nWO)j~@Zwwf+g*puY53) zwy=n1@F)*}lqqQO1)}Gz~p)>Zn#qv*`^+DML_GRbuzL`*){TsOp7xEt{ zMd&ED$4J4H$NYH6HJLCqKcFq+t!rCf)nr1qSQr)^EW`AMKBoxslZbT{p1u`?7l zY+^}j>pSSr|Bpy{@8co6GKcyV|NMIEUJGfT>1cFqEZr4PYS}%fu)7BIcnAh7+@Tb< zyy>0>7CGMFnMLJo=N)9^+X&XfpOfwok3yOqEhGW!7h*~3w1i@9ly ze2d89I1Dmkkv8ud->j@uZ{8v2<~S$sQ{CrCi@)ankjv!295rRLZ>xdN^;X%kAL-_i z>3?vlf+w`Hq609ltiZs_q+TFmWf|kwSfnJePLfZDTOW>e7W8Z&urVFaYo(=GuvR4g zq?;!l*d0Z-P7dt76uncrB+k=wc0Ai+>#X~x`*38Z0I2SaD45;qPzpVSS6B47kSB&{ zJwDi-W$H1q6SbC(x2uOAof zxYeeK-!L|*i_V2B#z{P13F9QC^jirFI2Wz{iq9~?J*}F6=-biyNS z5=a%Ag=A@?p-4gK(l9^Q0#9|*n01vdTlM)PpUC@9ml7ow2Ps(_(p1F9yB%MVpk8`- zMW&Q&=<5sown_Bij&uoG39bk<4S{h68J+bR2#n4p;<1V3OR88&}Qcj6)Ca&}mT z*HUDe_c=F-o@unCzjQ?fu6*Rn1iw718&r08loJHn&OxpyRz=D&fyI+ty;tYC29HYW zzq)kGF%FA2qzwdMG~!_J12?Fdgep@P-AO`>euK`&j~y$2k%mI*UMvQ(A4(UpK67z! zT&{2UlI&Mj*&iPYz}VZ?4-ciLYC-y%0K68G z?riKl@A@A2SLmUY`VU)AD+`@NGXmju64(ArH0^~6(V6*8FhCE9zH zzCt8Ib_QXYUzg$!OvnoV!g6nu-PC9jbNEzmL*$>aPZp|sW~5l{K%bNsPSnc775|p< zrcJi10{9np<@#rv#g;X7DYQgUsGn?0Bbv#NyMry2b$6Q%gC>R&f995Ui4>zC zhiZtZWz4Xm1idY^dy#+m&e*b5!I{99`X|6qB>G(OVx20fS#|`i~nurNB;{K+-HBF#NAooOr&Ldi>Q%%NlO}b{z(@iAwFMk6s0OfAyj4`e#Tm4F zV)LdMMp{^LWl@qN$d?;5HaZ*6rdl2vm_DyqYwmcT?)r+vSIgU zLl_11ohvX7GhS}+Kd1d8d@E!&UiY@uO$}6e6HO0?=oyM%1u}?=>0K(47PN0nTq)B% zMWhquXfOy;)LjsPKS_yv(uVeat-)1eEAut~Q(M32;;+3nkImZVWEJODO`9?EVq-7nteKd;mNCwu?Kuf$`Ja%IrMAuq-oh_0}eU- zK~*m+=YZGlU(cD-=Dq>96K3YH9OFPTqqrC%+}@%*S%GPSg_vRcFi?1(HCk#mg~MwH zdzOD6C8y!MM{CgC$jba@((+ML`4xh--x7{YYScWdJRFyJ7z%TEx>lW_aeS_iW?DMX zZH|@yDLpCCWxk(BA6uHEi_bP%LziE-R$D%RexuH2XY{r>@Z}Jed4PL=pTl?R=0JNH z9$eDL!=7bpEk?P(_~dvZ>hAiK$m-*WP|arrwxJr`u0h2O;hz0Ndi-ZAvK(+WEW16D z+d8PpVsxv|fNUO4xwf+@A$s*Y)czwkH z_eJ{kY7F4=d3g&nCoWS4pGL0Fq993v)*ufVFP_#judQNDs#7vHY4#MTNWZ?-0OAiC zMJf7zEYGGT-U!>X%5Gz`&ZW2d zPG1qvjNtfV2OuXBC+wgi6RR8QBrU{{19eM7|G8~#Ov(_S*GP@PD={ABE?inv-RlN{ zuH1jG97O2uIdw3#VBGuU1HJOHW8yL@dYQl#q$ezKRdIh80I+U|~pMIHpQw%d8hQsc5w`&cCLXrYR%$Q#`E#RF>SzdrV z4oj4*@lX>g%0BKBUv)5oOh~CwE}$Jqe@a|hxHM)!1-P3KA(2^+viHp=902ClG?s<~P_3g(9jj-V|4NDp%B z5l}1CqTE`|BiW!a$22t_`Oe_QP0u8p0ZO}B4WY_*0=UFPWJrb~as!7=&dXocZ!4go zsi7}fHZ)>-5ovQslzW{Zvx4jtc{NJ)tzH)>eo5wnwN$87;FG-JAj_anX>ff=*fY|tXg8Qgx8m&kiUAlpSf6aUu~`Sk6w;K zYv?>gN>Z&}ul<&qA^jCbJI!mKP>dmf!9A`VbwG-Co3gJxsu*fEAD(E?@Yx7dgQAQO z4>BqJ%DuAoBciZ=h(($B=$rZgl#z$blKdM`qodYB(gV#pCJ)yzVAo_by~@9^uHqEl zaSAVgh)Q;eye=`aF%n1ueZ$dP)ryAwhT1XncULQ`W%E`W@LU{_2`h4g-gMM~8sQF$ z@rKZYF+8pQLIRE+w0666ORJKLQ?R`J6mj@aE0TOzo?$!Wqg}}XH|0befX9D&yLcW* zE*#(KKjzfpeZ4k0xHx#Ou;Co(*q}p`oluR_6Z6SV>gKnQ##Ne-@iaTO&aW{9caMhH+ZzFp0Aqtys>|!{txtn&UQM5gy5h@sEBt5+!Xm=*Z{4tQVm3e)O z7#DvUZzE4>+ab%V5o2D}Tg*k2FWA?D-SvL^d@_F5|5gb>uEoPU^|U2PnD zHkefBSYCV*sHs4lKHmCMllD(c+Xj^0MfpoU;K6qkAVHx;2~-}Y&TYf2{5lW1#Lu=yY$v(gpY@S znGfc^ay0?x4SA_@ql`di-^E?b@1D9(c;2JV1?P~A&rtM8D}wB*&uYInJ>5AA%=ZNOt$u6a&{SoUjjN4tz$|1^>osd7oTFE{x zE>0oZ1lS$*f^cIR7=@S?qNx10Cix+*zX7{6w;?<&o{-syt>qFdqg5}>U$1p2dk);v zVR;>F%5DO;bSld3xpl9oN1E~6)llJ=dRZWFNRPsTFjDJin^_lZ!Cyj1-_vl_uQzxH z1Z2&HYNR^%!>g_+%H{{ilAyIDtjH3c^sF<&IO|XyRb*m{@|N@3 z7M&m~qXz+=!=u?IW*R8bheI6w zCf9tN{6!rb9FVh=x1Aly`$;Kg`~_z*90kMLpsJ3>N}{08Xl>aA>`(Ph;Bt%`Ebz;j z)2Xt5@(5tC@nlSaltlhO3Z})2@(oFwxsbe944746tOd3stQ~JkbVP!ZlLUMjpQRD~ z-Ah5pF_8aq=4=X!Q!TlOV$+rdV4>S7@W`3R3jMhkm zlOVVgDl;w=Qty4y`N!|T{z`a8U;rPA*>f7j?xH|D-r&Wo$YU+Gl} z5fc*O^-W(fnbOP_AF!3cD?SIe-a|+gk-Ql?vgGz3(+chb-2I+${09mvZyFNm)dz?E z3ABheZ8;`^3cMC8!0S5V?EJ2l@i2Nd>}@SCi#*O4hmepS_#ulUEhr?S=|xfem6gg* z728V#6QRT&WS`~+7gG1)TfWAyfurPy)uh}_ApTzo!9z#NDHy9;;&`h;En5Ov}=|y!BBUF!nLtDu3BF( zWv@;#4OO|3-ejnv@~v`hUF|^GB2idlt!9`RVa~f)=bzawErpDW!p+|f$K4}>nS0J1<^F76syD>K$~83dH12Xq}O-vjm0KOrHLZ`)_QX9pVk z=87n#oI-9vQk_N;Y_oeRtfXvt`WQQJ%Bg zHzjMdO=YH{T;bmJ_{jP=+vut{(sJL>G(N~4H{rsFKjpXvQllv&u`!f2Z0ZfbeMTJj zaH$1kRUOQg{u^sowRz({y94W&>mliGi9rB;m6RL`sX?i%ar)N}(hC&~aG9_re>3HB z+0#dA?V6X2u+xvdw7rWhMk4fSDhlO$EUiN9zpZyHh~HJN7Iy8;lSJId6B;ts&bCN~ z6>L%tDX>YI^BP+*dW)W=11y{*Ql;@SJ84IIub1aOqyEA8!6Gq8b$i39CVq{z3s^AQ96RM&VQ3@ zA2^iTodx8|;z)aD#(v zrRUccOhK6Mhes>Zs^S72z=e{|(c0A%OEqLyylAX;^eAYI&+6q>gkKdi_)Eai_vL{Y zeP-H_;j(t?Db<)X`ZWbMx( zIO6BB_L&si3kPb5_O{=j+ov>~MrKEEc?6?fYlx#O= z%)xati~EMtrG2Vf9A`{18@hr#;FZ`kxA!Cz%j-EmrEc43$Nx|o_4E})M7Az2y?bV? zVI2ahwK%P~Qj-UHt|(Gl^*(`b<~KTp1x#n1C@-#zs^K-NKOSpplgKhv;-NXn>}XZ~ zI{svb+7Y@(!A}2QG81;w&;|-nD z$J<(L98888u^;lg`z#S8p3JOb4d2S)hFHX8`CW=RcA7Y-zeA*P(5dv#xCx@`?Pm_$)kRkffnodBv7Izt)7$ zrc8P6{i4_8y|P@L0bi`<%I9c*G)-w`Gq0c#M*VGbT$h z!FdWM48DDg;#fI8Qhs^#leQNJ@k4L|ur>b~{1<0N$-21M&Y3ZCu`kCpA?jMYjB7Eh z7ZDgw<1=>TdSrPPds`T@2*Iff*E@lEfCo3Ew0r4YUmn~q_PM}a1}^p9$+kaqpX*s# zz-u?6kDe$L`pRmV1g#&q~}3<2LZ|9&lC{;%3=Eb6{o+IJCQZo z!-uI=TUP(#udNS9d)IpqvYB_GK}5JIJJ^2Wv>bw$q$ETdy`-Lr8$d7OF*xVlkvSRQ zfAUq7Wzb$?b<5Gdoe6pF?IF)1xS=MT+4qky8lGEYzAY2?$I}vsc*op;^U^7oZK*jBiGgZeH~*d6tFjTc(_EKy-XSG#Ss?uSCDslWVeHEzkO&K3Kj;}_KgZi-TZe^#ya`Y4bIz@E9MJ*NTQ5i%DM7PlwyPvO7qmNhLtU>-D*Or} zxW#9yV{>*;slQRU!<{6=`xtxPQ8&tbossS_0|Zh)-}uV{OjbbOVhCh&n&VwElT}Jy zY-A-nyW27hyeSaZf_?5g%K3q9i$>?oWZM5ul@JSiFY$6*Gx74DI0nlJ7RFHbJPNS> zzt-LYtg5E#9~LQ5LJ0v$1?g_2L{RA#kVZp-V!#JB~DmM!Mm@ z&ry8t`_|`qzvum4uglHsHNUlH)|#0$Yi92~2gb}n)UZ1R^JX!d4u$p zO%C>CO^EdGl|@O#I;`Ug}{FUx7rMG6Msz&2e0x@Tag|`VZE>+A_Xx zdo2aBwFb7O3!o^PY+li@`0kVUU?I6-fE~o0Yb|;!PR(@oMYBEsV!(L(sKczJ4mZ7^ z1}%LYqPxp;NL&rNujFhfc{S2^GFiS0UvwfYIa~gd1XbRP2ChYW&S+XK5cVEs46o?(rV~N#C{<^ZL zD0hh`MbrO?(ILW*`i4(Ss=;73_{rdC;%JU7wZBW5s8snWA(Ld4-;m^86U6FE3`?n% z>Vp*dQ>E6}?=M({smy9cs8S`hg2Bg-UFhJ;@8PPqd3}*G=Pq{R+%tAnww~vx*lCIZ zA0#`VnR7!ofh`NBIx~SzR*u4a6{d%BB43By=m@;BTVzly`U`9lWwt|(-5#-@oFS*I z8R>9p41UllrmS3e$#V8`M0ET;262b{HlBPu_!iUqIC~Gu$siT-7~bcr3g6;<=m?3oV9OxxHYW{g!n|CnV)W^=e3D zPf95Q?&mc*$L7pB!nM{-&57fL3)-ceK-%Vk{i>~=xnKvSy-)?KJ#^33CB9p&zpN`! zCt(GKBjUc>SK~;y;XYgA`Ov-73Fv2~bodg1lKA!sZg_x1NZk$5zLnR6$9FP9__C#V z`CZ~zUQ#<>Y*;M6PC%h}%HfwcjOwPidAA~;?&;}x;Ta4j|DI_?`4hx-M+W1%m4AYO zjPR|!ETN^&@M|rj`T=9bQeDiQ&z#NlVIAPFJ9@Lo5p0^AYU)VVRRDF!t&2=Ni;0_fg=P37bw4Y zc5_>@Afbg!Q%N{4f?Ct7ow{|X?KPcmj&EJBC0-!jl5n8u!&L0ge#X-s62?<+6ACz# z6zvbyV|k|R75c7Zxk5=@nP%wPv)UOR!`@FWy@@S9lp)8hv}oFHMf}V4qrS9^0du+mfDsB~P9_f|LpdD7Rn){a-kR;v zd*;%C45u@3GtQo)?ReUAB%*1;dlXSj>TA#nM)}CzT)q0+s?3J5!`|V2~s-7PV zC!TLjD*z`Zr-?z69%tcW2`5&|0`x{VXCE%B=D2O)1sA7V2}PqpBtFwz57t$C^0Zlh zhGV6bh=}zt%CG$+zk6jmQi1&u*P1A4o(ck z>*^U%E(#+iZjZjc^{}b647I^1o0P)qKH#ByX>6E~y5Wm<4QCTHqWyM3$#%JrB$P!+ zyL;*R3gbRCv+vV(&aVbjAM{6O>xLBcr<{B@z+bc!_S~4TzmyE>WE(ZbsezTvUC^X~ z7Y=_UPu)iST)gLPK*mYN4XaRB$(abNLALQ5?D<2#mPuI-=CT&-R9ZmZpsG{Dot%>5 zt=w2kN3X6cB~U$fVd6$FxA5;7F7dbZB40Ol4P&nOjTv%2d3iT$zdOC;4B|Pt9JHSvw2`=?TlwkKr+*svi_p!w&Rp^ zP!)0gu}tIrEAO@j8t<%I?J;aNu+3rmva>DzQi$8ZOU}a9MJq4Hal8e0u(-Is%Z53T zF*Y$#*XWihZz#CMO6xHxo}2vSux}}9@a_%pL=T_ur2wbOz24-HZ(E2lXw{3sPka1d zHTf6?A!~|hy|ksR=`O=Vo|VIVFHq1~Hd_{`771B|N!?jAmcFxQES`Q9!J9p0DX~&7a&+nsK$ErcOAO{5oyCh>gd+#&h?x9`}=Z2V5jq zpf#)Nt}$w;KF#e@XVC|1bECSpA|ka_9xRhi*5yad>x5OFyX`$Wd7dW_R~M^B*s!X~ zn$Olb)*L+85H^iQ~E}6e8zE);qcttzWy>+GFWN-tC>g zpc+0k*xZ)aW;_KjHLn{q6!!Kv6S8}z1B?Cn zwS`#Uz3pQ9kTlyxr{_v~h$jK`{VIu~Ud$Um#S1Fjr-ujSJ=)g|C-u1e}_l<0@4B=3Y;-2#YH zeI+!z@p30sWVN0IuEa;daTmKF+nvedp)-&*$r3cenx{-T`PLDrCaZuFK`#?uH@^-c|&l14V6&?P6GnMZ)~7g_#6W%Spm96GSBbi>)y zXFaiU7&H2_kB1Uxs(~sgJb#4qs>#;Ht^z_A3a@jMq#*(P~nS94_t}71* zWxXGMI4H;fObSwwnu8e(uTX-W^gg2bseAu?O%I#r`sYxoj zKoyr1%)FIx&*zoTd&GcreC5Mb(=A35O9RuZ6XP+7)YWV@(uRmKeEu9z;b74Jjzh>L zS$2j`?lqn1137Fs+s_wU>@wV1W*|a_U@vM*`b40L9ZAZ52O8hd`g|7f$}}as2Y+`eB8uDUH}i$_$c*&(E2g5~!2Cl|eVmRgM~5c|Hh3)Ip!L;-8p9-Pk0Q~+DBt#o9_{vft|AvR`Pb^yPk=`!mVt$V#DP93ao{ zqr)A=a{W6RdCZjrsl$)eh*6R0w=a633Y(CT@KXV!Z$ncLP%GJuzMYl(oY%OkH3!Ap zYm`jfQtd}xI>tPTsnHD+@ysPZJN7zHoHWsu)8ua$5OzFk^swStfl;V_Na%zI1)KS= zcUI?Wb}Ya~%zquX)EEJ93R&5|;|M(3nh>o;ohi8^c~WfA_K`KVPB5F&B<7+A;bbLn z#%ITKT7q_MFf;Y`P+yx&5TCa3xy8c=IlbPp=Iflm#??tNC+wwo=@9`5YzSk=7pZ^m zyL)^RNz?i45>$X$c9Y}9;rORoYD(T{M2BX+Z)FGA=~@+9#Hd{Rz!;})=e<&4*2lLi zPJw-0RNL{KAg*FGYFvf3*7WH4rIeeLYEc*UF-wA7r8S3L9S42N&5~!Qlhp=u^=Dsv zMg!BH;yrjcw{SO##f*k2+eK)eghTVrHZ@;Lb*AcWl<6J$EBn>&L~>WBuX!jMk_Q1? zX%B;*E%7I4U6o+{UeCy8_3640$BwBt*K^|{UL=Ld zJ7{>d8z#iC%~lbM48b|dyWHihcL(=2!~HC1DJ!`P3`@~O2am!vud)i?y_3=B*`*9g zX2t4>BdwJY{K^~ra#i)h8!vk&Kx4Awp=RbbNjmBpz-WZE(O|%-Nahyz_}%J{eyq%e zU*wmbejR<(R^2+%FN^bazJppZ+H6JOejcl$!)a9~)BKE^!RLq80vgr8d%4$K>WKaw zk7AnN>S3CXA>k!^|CYrwNw1vPDXlJX6$d59tO`$#0mqff0cPadr6EV7c3%<+FC)ZO zBmjPETDAnTj+y3z?#XXF84qPIQ6x?}&GxFvMw>d-#I<8ct3nkUsd)3ofTilELUXIA ztVRCk9mr@((ufryIok(~n2AUYv*Uxc%BMw3zI*73p01v!E91>atiaYDjHcq;=+=_N zKF;~>x!b&%2{k1nXt7U24k2Zt!0NjeU-KJf4$M;N0dK~cfzULJ`c$K3(z}$5;TOH_ z)<+ZYx8qDcje)%l$-hwA@|NC4+b6U#8GbdjaFI&B2W!cJrA)Cj{gVxc;*UNxwM+VS zwhEo!ew+5Ps?{*QN^*~pqseLrzr8s)E$)0hOMZSlC~p?qee`4pI7zDH)NLybVoiDU z?i{>davzG&A# zPdqZLii7<{bOc3L(0;01)xfY!TZUCRe(1RJ!s^OsRm|~rGWPaCb)ctj#kp+&B#wdb z)`wFpZDN=7ZYbAhD%17exfOsFV9{NPgvnbk2mwMndg`OPw@}}@!j=~MV?L99xCu}_ zV>_&$OZcKv!hczVcCi8i(3M3c1TLA8lyZCW)DIBMg^1m!D6F4gtk}6T`WFZ z!R7hV{j?#2?G7aux+=wDUG4H3Z`13|)tPQVsJ#sS?d{ziBKIHgAttjEWa>Ax`*+`r z1Hx8`z{yU*;Ym%bN`{o~jM%YbE`>*K-B^uHKh_5;VH5Ex?!BrSv&2PSGjRppB#8+g z!HoeG)Be37|Pj?w%4w*zj8HZLX9Ak;^Cbu2J+N84!G%*?_al>Dv9WQu1}{diofWz z-Ngx`3Ayp3R-nt~tfni1?#ZxbT+2(7HoJGd<2(+VAc7^$$P1ADHo|p3lki2tXklka zdjMHc9L5s~bDqtqF4b_1y!?2GXZoawNRgwl5$XhbX24j-FvXr?mDR4eP7I@QNmbB3 zsqo&;YRtD=FRYw8CN~?VUxu7@+p${K)N*w~cbH#PoQ-^k?e5opjn3BhTnDCU&YMrd z)<>_l%2Sn-@T>z$wzXCPIvl2#>Ay4P!?#eXj$Z2CuI|qJaJlxu)sw54O?gv3rchaS zjT^kO`#N@1@~NLDPt~ID*=mO8B(iyW;~x-QtVa*QZ&|J`jd`Mi&UR8dLN%f~GFy97 zX)?HgTCDqNuVl+Ue(CimE}g~e?P2%3LtlN^;Q^p9?84-S2XFV#3&?=|`S#oV6e2L% z%r@l5Gi&^kskJDp8)|1q*z@4=Hhd5U2ZzJeTcw)%|Efk+f zMoEuNk{K=ZjI^sFF!tM7_=^~gh~%9H^)mer5l@!idWQbsy7&f54S?!}3r64v)G4Xvs#qZmkVjGjX6PW<@*i*3qf`@w9A{I>mUYwGMEq0BlYk*))Q0=njHE z?{W71%-yUXIJQ#_9J%toQeRMQXDMvo)|EAMaj?zY?6IKdIKVso+2Cn&`K}998i~M> zm0s=(r(^7S@W<#*ID$(Z_8D+?34Efb9S=7K?%2OK&gAy$P?R&i8~?RZPQ=kMuDGSX zB9~mhl>ctklF?_m`M5;yG zhr2{lkE;>}i?Y!ku%0R%xu+kq!{n(=p6pfdK0VsityS@+f^TPU+B;w~C(;tkXpcS) z*R8$R+UlL53oz*l`^vMf$#*9LxOonTHAaCBvad)&;o+8n8P-J9l803Xei^&+)K?j1 ztB#$pR6v$YE!m0oU0t4*qU)w4^^>tS`)kpe+%^Vojd;#=scY{XrX82vdp>a-6R1n%dt>X(v44M}Nwco$ygAIMvhyQDEqU|Gt`W)h z!01}P%2GDUsljfAhv%BP9)fBzesn#Io=T>6os-GH=CwhbQM-fpau zjrj(nk$n}*g=*C|FhdhggVAfE=)W%2d}m2DDcNzQqC0s#G=umynw1h_<^;fRO|KTL z)5s1xhJw>OU1Nl5_JgXq?a=F4^IvUL>*mFHL^7V739Q|ASO9psPdOtW8ozYZBG>JR zF6UmQ?${Q$aDr6Zm1TZecV z-#D73?Q2>>zYY%E6n@&5hrWDOJ1}(tb6v-PEm)StGGzO^b1umi zr~S#^Eir5_CtAsR^-6~R1qV zv&`12*q0bF@MfQdqR8|tdC)uuLw>8vUGoDoS`iCmy(ZuNDRXdx%Ya;}sx-6Y62V=J zla5LZzQ~L1=tHZ%`1Yl-E+e=vm5orHN-Eo9(Ly=-YTsVr)6OfE@jgOxSLrpUB(LXCw4>A*@S;uzX7aC*F5dNffS zi-}Vd*TXG^zE~YnskrTaKMi{?+nq%fsB)9;|5RsySRN(4t22oI1}lh=4fVT%*^${) zr{!un+Z0ZFi`Q4&#!fo;1>O@yZrT1vlA}<`_Xd=xXvP=e7elg@p4>1G8+<|XE<*LY zVDp&wIFHJfev1BB;#u=?X{24vybOMdyYs%P=kvD6g=uKz+J*}FrjDoN`^V(!ANw7c zdJsF(CoQy7!RQHd{8U$EOC3r*ofs95J-DTY=^qj_=X_7*d0yX_Hx`qr8FE>kO9yXni(@kX(QUUtV26~OHiNTgaFoi!8eVG zPL07guBQOFuV3JhphwGzG+tS4dQ^i_t~~RwOCiT-ER1~5xmhAOqE_#b&3jo-&cKqY z18U_0mIw@SWeGg(+n;ZKV`}EIGYqzNxfxl!$grJnb-#?YIaE3xokrouk{6ApXGa(> z16Gj8PCY#ChIF`z(_sTcFbKMXcA$>k1+^O4otzqBtbQ88WucqXaBkR7s?&g6e9+Otn9i;1VzCUZR$%Rq3 z8(UwLjB6~RO;+Nn7@)OIv*M>WTz|LeKI?*4yByOoYaHvXSw3aP1R?BIPsmK|9YA^Y z5kyHA&+HRXk}4Y2K%2R|!${*DyV#E+4IOxyvnt6~XZqw%`!Gl=-Ue7iD={Yg{6PJ4 zcvjY68=8u_*R{d6zN;~;EQ|GR+f9G~g~dI5vfgfm4~52IeMDWjPejYN&9*m>osRbC zvgbPm2dg}SOyC1Eb79Rb1c08XZ0`v*wWNmM$%h4Ghc#j-Rgz4!)r2^j6s3n5E3Ei|!N`X=#4 z-s49SOV8yn`#L`F41eG@@V>NN(y=IJ(~-YPg1cyBUMX+Wt4`Wmw;Af!CVeOPs}bFU zQfx-r=U$=Gu${IDQ|{R{J3+)p{GX%qvPRn+`QbL|=xeLg6$wk!Dd+ctTw7j!M(|nj z?EM$O=w`*1%&b42@=Q6GY4k(b-fPkO&rE8Pi9$W*_J+geI4!mXx~}Ufu9tq1@5SiL zZ(qbdofgg`Y>1Lx7-5a}UwB_`r$gF(S=89urdf@kvDq-=_Hd`~oPLy+U7-tZ=jze- zVJF)=+3Xc>T{i>YaB7NGJ3oGH$eTsDA))YI1z`23x{X;us6{fAY^f!Wq6mH0xG!aU zm2m_7Tr?)^#hq-6XjRs4!F5H57bRR#D_nC{CGvU76snnW^ma9Ry!{8n4GcUJWT?A6 zSB=@%PbOoRHtf3eY2GiJm1d}JTIU}D&PKB&!_f)tjR8fb&vcnh^bFuD4N&1z-(EuD-UO4M`*}yW%SVNF z$<>fA-bc?&QCIvS*Qyyg6|@&|Mm>87NsUL9IsIc3Zn;34D6j*uLR@rgr#hQpGkS!Y z@pdR6@bM0p&oG6QPjq6&=On-8AIu`>|!$3zccs$_Gb z+bg=6iMq{!ZKgwAR5%}9o64KAvXLFt>VPfv$ozoG3SqmP>7p{wbnyEoiJSsM+x9B) zUK0*q;Yi6ah_3ILLmN-vxNxvKmc_v*)lSC`SEJAfe)@h~G=^j^{Cmt50 zl7H4aE54mdI&zU`ul>qW4s0xtWch8YhZJ8z>=;zPHq+dhPI!eD=Bm0NKnaBqjY5`hW zuBI7#_}%?&{zr2RJ$J7mR~my~z&w2%zknCWedSa5fvY~uKGy~AyWYfimq)A`>(?Gn z#m9QbcQ5h~-O#7lrhJ&FIw-3)s}dFttoTu9R^4Or63+6w;V7JP(N~D;*O!T*>tn=F za5axnnL{8qvNoCP%b@7w7LuQo+Nn;~BZ=ikTCEh{?7#Tf?OVfP3L=E~{=7&x7(5Cg zg*i5D$S*_@XEIK4941zgyjb+I!iV*{_|kB}yDI9fS&r4vmy15#04he?#a^%b!48U% z(;5mq@PEA`akn=#843waw!~sl2_XqhUQ5(mV`erV?Nrt2zco!-i*dfgCgh?s z)0v~%rLbMr&$VGUn3gx1hGmuMAjZ6(6*ki~( zVbmVz4O~sVi`c`=AdrxD+>n+AN<2<@RTw|)tZIZL7@2)s+;$V6YWAg@U9auB8+df} zv7+QKT_|(E8EQzvQ^cu3DvUx)quK&Xqu`D>q_DXD^WbX((RCq+TBmebD2q}xX|!-2 zN2ohZ?Xt{60d7(TUm1e_M{1`;?DGB234KnJ6URQC#|tY8oyM6YJomNo{y|I+StO5>idR8g4%Et0av+y zftE*oQLdHwI~qfiMPlUH4|EvgFLb$G`9#zo(7-(wi5~qQaD0+q@B-WNDzD$*^CRG= ztIc5s@_xMrS8*|aoZ>{PEcB&rzJ#HV!PVsgXT6nIMu@ub;9S(jW4mtlPTue6&q~ge_uC6; zn-wJDiBkZ$YQ105tmAoUi8PK>g1&l5orm2{=9QW*hn)=nUMi7L8f9Q3qUH-x z%eK@wjlt^wtjLT6`8%qDRY`VN8BtPSBgDab?1Qri>OV|^-xw@-{qfJ%;lpjWs{_E3 z9}PY?{~*H+^2;89^zW!#;DsaVY)gGn=b#_dzjiCoUe_OQ-3JRtSYt+l2@!q;W|IG) zlGK&FT)Q-m?0AVO7Hkp9Kx$(6b?y}(E^x7gXjb`mflY_PmyOHJ`lQz#m= z6@n)@fbE!o54QfrJ|tW_cev8OX?F-}2mG!coLu<3dT`tRt{$BF@6_`GE&TIzFSvGp zlnXrG`Y!~}!9^zEr!<2NdC}v90uj`I^dM2vR&=n^3wR_ z5@ZXU5u|*;;@Mo(YrYU1u+b0$1+>&t_?d?GGP^&h|8xho)UBXX_+kH_lk%Sg|CDR^ zOZv~X15y9|AS%>fCI)_bruVm$BS61oCi4{R^!#ZTQxZ711My#iO8=%F{iQ#thoJsN zy&ttuy7VXQ5LDpbsF!*PwD4cl`>zH6CKn;`w-F5>$iEM1q(2U6IQ91-efjT0`sav7 zP=D+5l8@ly8exCL$v;462i#ZuSuiyfyrUrm{WwkRYt&m;QhF57@_)1OKvdysr7wK^ z(KfZP|9G(W+8FMzQm_AWl!BgfM&kA_?SQ{}EI9dh^&b3DJp}dNsOJsuUO&&1gKPI6 zK-^o2vluU;k-HBdEXic}Z|m5dC5QpSu8X z7yDJHr4B(}F4TFDt0FFPR)R*wYHgAN&0_+koN9 zvDGv9_>%;~hKub>xId;x`{yWydtxQbe`p6F96f^kyLv=_R1Z%5cj~eKLp^wL|4}aR zuiz&2&w>#me+zEl)Zbmjvp>2D1obyp(FE_@v;aIH11*I(#1uYDBgnrE=^rr&!u~(^ zK;U7;p9TMLu?RUoe9(J#*&RNm%l|Y*2IwiBevChPzhKaL{>5Wq{82sJKdOhI{-)kt zgnIwf4nh5^b^s!{`k|f_d|>}Yz5ic=5pod{e+!xr)Ss>b_*YOE2A}7D3vLk9-#j5b z(jSL3ocgz!2@!oDVi1J=f5ss2sN$zw;BRsFFCPRK^wS5uHw9Z-32ynn+4$cr7sww= z{WePB!EV?e{d^bzC;zSvEbByrye+~{xxVq6!-r@E`abAe-x|)7x`OEh@k#H zq~QVS@177&{oPf-1JaA-3h=M>3Y`4=kp2;aAngAm20?@se-`}1#UjKb4z(^ijB*XU z`FQ!fE`YxKZ^n2g8xaNTq?sKDe-w&~bZ_x_2P4)*3w4PX#e~Y}Q>n6amjDh0I4C-Rp}Sa|O9u%~=Bn zbaKs|nv2((2Zn>I_7)}9HiO4PsUYbfOW;5Pki!hmu=-IZD`XdB4jI-V&8*fMUJo># z49d)-a#;ge4glYJL&Ym9NF)o9L^Mi-e8@$~>Xw&?0 zQC5G$d?&DS?|8+h-#^qX&(r<%WUwJLNYK+`dxU~Tu2#t9XnJP%u&HS@E7W=&I9%Y} z2V8d&JtC?Oiv~`MPWI=gzfE@KcIhUbhsuYYou_Z-#mOJ^8^(2?PM#DY`!IQxh0`Qwp4GQ^wL;ZnwLsO@CSeO~W3tlI?XclIPRG5Bf2V&V zd>E)aIpICGJ3C~qJsw&LN}Q}FjO4Xm;sq)Wi8qVqA0N&>4iG-Oc5sq$z8rmGEa+T* zgl@Apdz@9YvJzYCy)9X~l%`#Aer63gZ|xA)R`8u1saa#!p6xUNC#!mGoQ-Ro7Dt%0 z0ByTZ=_TPu4tOVro#)nO!~19MhttsMbWXh`X}Vex9M4Flqq28)oW?^9bR#tn~DX%;$3kz_t*0fZ)AtF2o3$5X+6?PZO*;#9l zw|=*xd$Ltp`yQS5+_V%HE*!KuthNsTHMXZ~yw=v_yUQ~t(EVeP^BuhJhn=kcS?Dlc zQ5_*5T)5hFot)k2apTszpjriMoYobwzV#1DgwZTKT^z`_cO%{5Ye6?(j#!{ai)p+au&OM# z5@kSPuK^=Hjx&h2U$qZ(=z6ukc@I|A%|FBs^XMw*;@^N1T@vlH?Yj`5Z!pr8xNTvW zIxKFVABM=%`I$r&VH@I)^yqSlw;zSY4gdS35geceAi!W63ey_mS35D(fobjYM>=#l zB-%gyV^SMV9Yz4OVH11sq-CN#nEcLY6K_8b(;DV4_2_c=M{;5aPPK$n!Q?(7ISD3# zpXp{TPZyRtV^}}+x-Yka0revfK$O_HzGOl$0X3W z>Jq; z)3@GaLwVM#M0iaAouLd@%13s^fcmfEyjMx_=ILI@6sJtFD+bj!qlnNT8NQ|rz0QG} z!!jxsEJ+kS)k6J2=7S-w6pcCu1`Qrp^qWwO1ewciD2g<9{7iAPoa2;vNI57nA=Az#uVC>1f?nd#TnKpSX5_*YC^rPgJ z7`-0qE3yGuZ$gAfV^ESYaAhC#qWIH%dH(uQs14Vb6v_KBlzr6HvTUZfVKf7c9;Ebj$21_ zg$F|)4>J~}0K-qVegvhN=9R^3!%zjDFNKn9u^&gN<7B^E-~v5p_hZG2k$P!vTfQuo zlp$fW#2r9Wh!uw*4btdazJy3>k=R(iGe^$FvbC&(+|I=+<7tE-4ZkhpnHsx3jHX30 zGxpM4?B9U2uXvj`uz1%)k_g3utF^J=ckk*U`jO((WBLBcHkKoRk)jSEpEs`o>hFmP2+XTaCdBJ|>UTTs}kS{B#GhKYP*d|DH>89V06mf1RoYmOY@~wFh zod2m-?DQBDTnNbVi{Zb7RW1?cb~=u;YQ?U7)h**$$*FDmW_1R5n-@XPt_>SkA`yYv z*Vs0YN@8ES5avVCI*wm9K@Pj(>q3M!P{D$~VS!bsqEOe0b$Og$#orx8Nn$T~B2wUW@*(i`eu29(sVKh)CH-@lU!;%@u}7oJ#8@R!@av;AAH z{}u)yYVkjaGr9>@mczg7FR<(81vu3YvYUkWt`^)po?;ZqF{kjDhdJyv+hA@s!9!}&McFV7iHR~OYYTH`Q)7m#d2yQZiHt+|<0^Seda+BdU=ml*MkSVp7 z{~WY~dNF7(CJoSDzp(#+{zuq@Xi#EO2Pjd&7?eg=1WF5g+6ZxAd(ukI!33603|9&h z084-H7R26e0I?tRL2OGth&5CPOa2S)Hy95bMq)&lYZ;bQR-*WJX6zBM-w(nEeS%>y z8@w}AZ-QVgWX+7BZ9lQKoL!LqnesaPTvqbM{fX8%fU6w7s$atZzJsj`az*8VTpem4 zR}7r16Xfz*0I{O>AogQ92>YUP*X?;Oh~oNBs2(j)*#8VG!v!?|TEliD zgtDMetGzd?mX)+E`M}s)`49RK=0wT{P`Q6tjw2hi0kJA*1I(Q%fhzNTM^0&eH0i(YO zpivIb>7Ht4$X)wxKrrkGFH8Vl7#X}UYxhKb;R91&2i4+R__1j47ALHKtA5Pnbq!cRuP;^A=Y{{;;AzZIu7UXGVv zR$|Wz&J8fDx|y-AQ*aWA7r5+iF0hYsb9hgn^0M^a1mOq|=R#LqNjy8Sk5+;eFx_md zd8;9)lZX2)MXaScrU=jY2$82n355M*@0%sct>4(->IB&9xu6{~q@7S79yr{^pO3a6>$P{uk;P1|`R= zfRfVz2eA5e6<`fi;WfwtYY+gV8+A%ZF~nJVVY{{{__&q4ZwZ9L@AN3}!3!5Uj%t5% zTH|%FM1b8M#Fn!UI_%-uZ?WXYM}>lb#_&XV5{_+*s{*kLb0C&|e0^rDwLGuP(QchF zH$Lvz&zu%kb3sxy?{w#zEpil&`}9H=C&aB&Djh30v{!qWulSf@oy)+Svh-hft#0%~1?(t~dD}5}0CwmTO z<)G*lR)fZwg-t_#f(XgYZ6EH_(J6m@ZGeXfhGTwQRIp#Udper`Q6wAK>_!{JTsbLv z#oeHBZei1z|4oEMk2CwQ8*LPG<*Z2mDWHCwh;{ka(78!N{aHTReUenJY~-G|O`H16 zFH1UTA&PY&d-*i?No2UQul2n3UIZ6SCH0&TMLI!c64dO6I4dZ{NTv-MNR|p?`8xMW zqIj~2d(hIcR?v!(%o@f3B+CzD`JVSlGI+9Y_n>8Atz0QaGH=khY}qrGpKza~j3=AE z=TY8MwT}UM{lcaAv5pmYM~jDQl=bm)lOo(8FbP8FI~Tl3agXl##Tal{UtIwE(bL299TK#}RGHSdJ!^f zz1SfnC*ODT2;%L#cf4blMBgP5M$@akD=h)rN=#17qXLLN?oG(x8! zrb4#7FD*5cC$OFYu|ot-$fIeHCg_MI^k~M)qRcA5mUmC9w5!aiGPj*>VyV)q+IHiG zPU%9KlWU%)(}VzYI7etb{%mE4VqXs3(fmU@`D*{Yxk8NN;+y5G^}?N977gHK6@Ia3 zgr^#XMaB=$)@+9-J-5$xI!B$-)vUWFwI?h2+yD<}=fYE1vvb#E)#(Ht9jcV}Q@Yx!gqI=y4#dAL5^dfcAX zFt~I$J@@UnKUQtCc^ilm5-fMowzdvDYM$@ZCk&cQ6cMDi-8R!a?{l3w!--Uz)U6f5 z6%cSgu2qmmM!~;y>C%-;H$SVFZi^znk-z~{Ptnu3&sk6|U82Cg6gqi@2;g9GwzSAm z)3#6H!9Qih6ezOBqO9R9F_}pQvUO9Xo;&aCnKS@NsEA%+N=mi- zM1HV`U6Jq%S^c|IjIN0}Eqcug)BVqy#w4s7na6A`+&Q9#C+$HLmvO(g&VLZ~&1t3Zrj*2g4!rB>J{1qL4Vx2F z;59H>L{^x=pj+H~)-+I|U5qRKg#?F8N5v*X1cD*n+ui3dX0~gzN>nXVUXq8O|mswc1gnh zmO9c_$9qNNS-QYVzGA=t*Kym91U)!_Qz(RbpR>V}=!Tof+Lpx7eDyVt4~dS>`huxr zr|N4xq?ZZQd$ShUDiG*qxp_BO327v0>!@?>Soo}+^CP}l3!b{xkCnxrA~k;g0Q zND3bX2W=D5N2iZO+KAG+C`{ka3IOkCO*|VZH@hge58kwln0&ZZU*MhFqpk0S3T>KI zFSv^VX}!np?iD`|7zgOg333lLa&O1KqYab{Szl|5KcJSE$$9gpnr~ExwUJgJWLwYL zgUg3KC7xIONIi(e;muAetq^-EY*v6Vu;U!r_l}65|BhkY&JEmR`~I#apTKYYr{5RF zCut%E1S!ro?hO|hKs=B4Oj@`1zAf#-y7N@B)v4mIN{Mf>N_@w8JkpI}pL6h4E9t?t zKx?#J7LD0v;wxm+!5VhCM^mSjpP_tOZ0?CkN8EPH%WBx7(S?abr@YgvB7b)=&4I{Q zP?13w6WJGvyZ}#>R)!(>A|XgY5y(pjl3OIQ{0~xR6tVyY+#^wpX-?%hoqPikqT12^Zi3oIP7yn+qYPxbM@_r05eq?nt@(l!UFUWiO zl2_zAO_audf#C7 z|4yE{q5a1fs;Ica{*p?TvcmvRzpMBUe;VqGV zZNBmT_+Y#%2LMA)@u={dq*mV2FGXKc+jX>VC%_$&-L+-yi$GJoqgxBkuL%dQnNP9n z-cbLapX%Wt2Vqd2JtfTE;8R8m^+H$=GjRis2-xdHa>kTOXMT8la+j@78X&H}sj*>n z-oF*AgV%;X?oK_C*-G#u9?6HX%(YE-iJQ~@g*{YpoVN*o&J}npQUg$t{hrjjhlthRV!bwO6?jvg&1KtAdRX62x-Q$T4SqYo=LlJ~H#yCE6JvlCH zpXJsg&y+U4HT0kipUM2Tc90R6H0&AWKH833|5pFO%Z%}Ie*mZoq%&Z|b&QkVbxB$YS*>%3g>U zoj)@)m)fQ6A5t)PikrLE2mtd~LB7pjdr+DDZ+3$w>@gZr+fPfbWxQMEPv92XJ8xuF zvjtB#%vO~4nXHN$M+CJm1r>5Ui!1Xpl^OLHkR)Ik;uB?)3enBV(RH;n6-LSv&Fs#C z>=)Eqw|-gCG!!D+)gf!}k=ZonGZ$(AM>1FsrdWH&DV06a2wZJ+Qo!yUvF4HZ33&M4>Mj#d3TiHiOB>{nxx_N`=Tw3iKtPJCweXnQ?pJ2IX5{R707z`q-9|4Y<%@!91s#2iZMP}~SF=y%v*XgGt?~iH|Sjje3mG2Qb zUqTCUC%;Z&!_Z_!C!j$fZAD0*qFMwES`N)23J02C_I4q#b_CZbNbvBp5Upqm`UW@*KTzIreg7TRk*Za}&;;usUP zZ=;5Kp^jEA?xirFSxXB!rwQrM*V)MS`myKhDKK7My}C-U&CU5g;vuCsnZiMljXulPU!Ef zJ07LrwB%oSq2IlMm2Xzps40FoFI-2cC7sAbqHQoP<baJX|LbPUOz7b|S&{nM zaBpB|_eKgkaQDmVx*tX)=KG`KM~*db@2G^Bj^628KGo~-^`m8!X+@zt3bU=|)#=Yd zR6<3TUa1{>z2i(HM-FbZas|I)ujhYz8b%OzAPd=r9t{ z7;*;>5y{!7)c!H2*r5JYxQuM|Q?PVB7RJ4kf>cV;SD<*B@;59(Y!0{vu2jqq5dsN0 zZkI-176T*6fCDxpqCA+6-WD~dAm2Du5d#Iy4VMJokS;Rc%PVy9M)*_Q_F0*W>BZvL z>))%ZQQMpR;lyhx$T_zK>*Ewj2`m)_XK$mTqH3;p?^altC|JwS?Xj<3Zw4|#NcaRw zN#lJ_24q!HZ4(p8XDMIC_hY6N8xg13+lOgPBAP{w36t$oBHNl0g!p@_aoMDsdu40v zUcMfAGvnkfs{UE8`g>kUD7dULM<{8^xO({sroxc#K8O5@KX&jb8 zLmnqJWs%@!PmHv}4nn{?cMN-F$Qh6QfSsR#G!$36V^n$4cJkheI*>gujyJ4@bY_dp zBb~0uvUn`iJir>!lG++om`$WM$UFg~ElIB=b@l6ZnPX97depn=2`pB>GZNyTWKVw4 zCP1JR0em-1GX^!0Pf1{B>~yeM^{T)?NiyV&?9>RP4jq;i^gs4g{bNsqYJ}DPYMyn7 zfgk%kjZhS+xTfXGP`!@?+t8iavbPQ$X%%T9GC6Y?ySsF@rZt^T*;QV0?h2$%IR48i zS>@BU8HZ_YhxvBY_QdI@z;30tz!ADkL%Yx2Pv}e3+4vJdyo4@yk->sRea7KtGASC7 zuLzkUmNaFIS-G4%bUk?(L5#(4p^DZlSuPw6jJC_PNeU!Z#U~VUmo9sF)SLnYp>5Sp z$Atkd0e`&0YgKeqI3B79dgX``^a_ngZ6R!G$^x@-Q-_ET&{G@eRzoAP`m}w}`d+ba?)^8(>wQGg;@(t(-!!T6_|nuOs|W+sRpe>^SVZ=(Me;f< zY5aP<<#_LcurgY_>rN>Q=dm!|vkxA)c?gU5&hVBg)rjjQLlCZ*; zGm!#`r6MoVUiRZkApVgNn;0Btwhd7@@hNdvhm$G$>Q3Fn3vHSs zaepyObyK1_Y8nad%D}jO%Ym{p6h?ywKwm~>Ik;QY`^VwbWWXl ze{sru34i=9MSB((o$Dfl2L3kTGOB8%ex_OoicO>^d<6w#qEec>R6#Mq5e}9tlCFm= zQ(L~p+>*=2NKGsR3r4zL0qVX9u%NJYFJ5Oyl7n|)-jQ+0xxIf?CQ0(D*nA}=rD2R_9Yi`O$zBxzk;(H<4 z>wf0TF7j1Q1#r8&pSZA@K7EB561Ji*+z>H?TBD#CP&yR>jF+gQGvkOL!H3O>^g+kNpbR_LCdG+o$0mrY+g)!d zx_skJjjXql5$}&NwRE`}sQK(>da+({=>)f)7}G>d(e}E@%jCiVw)S?oY5E95`eu6L z$)zf=ef{d}2XP9FZu4*pK;yHQJ$hbU^aF)hpUTBO%O4FhBJ4r)%VLBo8fa^TBaEan zQvx|5E5bGT64!ouNjmKX6rL4_zLX~J$xyvUZ@u^CtMs4X$D;h60riY0Z$CM@=`dE3 z>9A6rk5N4^m&4q;LNH!J=;Z4}Ki~6B)+gyb5w?D}`S?B>;E6Z;fX%aWIj0a_PvGOL zfzK}(W`ADnnFz1eeVq}@2?KcJ`gD@`v|r*EP6&lFmPt&)8O*8BM<{&(8G%*78dY09 z-b(clZ34~)Uu!xYAx(*siM0nGq7F-6BEo_pdnb*%p_N<#8Z+mQef(u|;YvyOVM^lj z0Ct=w=VkasNK~7&2z==1)CZ@br_G>-+$4$XR|wL&DkG3h!z#jbh+&NM;59U9?euiQ zxMNEsJRLQObdA|~5?o$Y0Ye(K#q>(twRkOvB1Y0b2wG89#WoXE#a3yAF3eIGA*cUv zcj^$u|8&+}?>j+J{E11V0C2b|T$6xj*?hX@zxSqCFqZ;6<$cK(33H6unP^F>=dDA% z)Q4J?+~tUlTV$K;>Q+hYZKF1Si!bvSA5E(rrY7tgbcsqrV6o;;^!nDTs*piF+Z+7q z*_hZ#Q)=^WgS_vf-xyF zigIj&ZY)l?cQ$3dEoX|8y3B;6QoXcA*W16azPpJYo7TE@{M`GXld3a%2Z>BY(^t`{ z`K=DK!qM`S#O!E0vZS}lS8~$Fj^W|pe7g6r-Q@@Odg8JYc7*fV3tYqqM{$%~zgjE_ z?splPn85ZMY|QOKxX@Ziv=}l5>~%vCm%!jD&Rn@KE#XT#>gWr7W{k8w5b^&dxq%e) zZQ3ie?XYsDcc-@GnadB`ycUM3VSR_43Ipclo78ev_Xun4Z=XRk^1B=V4# zsHGr+c}eR^{X~f*Nax_$S>ZL1=qFW>fWqM7sMBIw^3_tKD4VXcuMnw@xyrDAd;A1_K?7VGMFn%AU9DN? zL&#i@rrd%9`vSCd=mG-);kFVoXwQaINjw{#KrTT_$I4W0eZg3W+a;=JA|_!_FA1~q z1<{3X<7xXlaT2Ege*wt0UZQd>;G4ms2LbbV(gmvfTMycMu~s#mZ046B=h# z?8t8FWI%7jFP~I}4Pjt3BA>KIAqFxcK-g3TLP8`$7}GSk1uxDBozAJ0Tmc!&bTM6! z)uuSq?(|+KnxS7!SOxVDFI^QU(MqSq(n_n_K{%LWK!-={i@}sMh{%6PMF@J>h1Q^p z_Q%&-RT}MDqIRB$R}34*LZ?X{Wl;uTDXpElm(*2YUq0iO2=y7a$kJ#>exe$+8O3&F zLb;a#DJ0}dB{rWR((tX*%SZFZ_Hj$0ApamDCV2*e?rIt$yqsxk$(EN?rPeP-ftV;G zhPr`gpiaAwBun?AZ(0}CmIbmUmJVSL`89C_@M5+^cs}e4Kdhrt6BlUY&tVnq% z1trNg!lSNgqbfRGy%B#Wl0W*eM31gDmX)M6wsZw@WSsgot&HSY*!61r;;T^K4k6vc zEHH3EKVP44yfPg-L2Lrgm_WDs2~(g0!)~Kw#OYymoG7K{_#Sabp^ha%f6xrSbRUhQ zH%Ob)2Qhs3qAnJ@1Zt-vsO zn`4g=)r=u2N2spyYZi+*{=3^Gy38E2`w%3?dNL*Y5}4_W!(Wm|f@ECC-=p1KqcM9O zh^_fAx^u^FxMqhd|oxb?il z`1bwsrDyd#8NmFy8W zLddw*WTA^V{;>Syq3R62tKbYi$nxIV3OW?@DfUb8;l#;p9UX!Pn+@N8U>CYX))Sa3 z2!Gi0?^yS8D{#0;+hFEEv@-9#1Qv{W_ps40)ThH9w1vka=<&fAL@2ieV-Q+{y38vZTFR~dB?4FZu4;cq-16ZPzL5mXf56}NMb<21H2Dl2yjK2P`H2&)iX*k%0(eY&<<4(!(VPz)N%3KZ6+5Eb<0 zR-hg9rNt2O5?Jc9rH~xa<<{dhR-?4a>e192nsF9K2&}ICH5^q3HiB+$%Fy%df48e# z)f(I`>*wvNOjiIDC_1+7b0XB%)IRg1qb+12K(3w1e$G3@x>;iUzLYc*{P;4aWHn^4 z$XV{Qf(sAP!7pD&&!29LTKlRfm-2#)sTiMpJn*2PULL?-lEM&*$2V(Mlxb7;^ji z$N1%=b0pq-?}2NZ>BYx1VLJP&R_a;$;a6AF^D?2g8#wP8LJ+`Yj8f&dj}^@OE`tyY z^W-_y5L^Lue`TpzNVb}=b{p92s0M00ce~`MR^kP$@mqDKxfZW9dfK_a{z^$jKLOo! z@|^weZAG)v9#~qTdm$r#cX0juDSMqei3#ZzGh4RlXR(joSsbRL;doZi-%@1&C5}>=IDrgZQ z|49Y!a~WwRxT7$J0{AtWvDBJSIcr4Ke#VJtu*jRbYq7o39Z2anjDkK?y&a@x}vew~I@`7hxAX{;nc|I=8pCEljJ z@A$HSDIr3iV#SQwDoIiLfR^+j#*y&$Lc z+87Z&EzDnWVV{f+Wp#xH1&WJ<1zS&26_x?olVIOkxmo9_=8KGWum`A0jKsApQfP{e z=kvHL9#ILqDUs1`g>8<1bGhp}ASgP|y(&2!UZ}U?uS%kVgJAhq?;d34sE zvoZD}yC6Aj8+6jaXm`%`av7P@beXG3>^y z&d-LmO)T*DBu3Sq6BdZ2p1L~9vo_MVBX7$IZ~ZzS9zh^Az#w56jm&gNduJR(732&);zwED8X%ponFDXvS`|EGjx&ct z*p}KwL!3Bekw1G7+6fi+nuna3y#3MGp{Bg^FQv+QgOrL-dkIo1Qqr9zWVjMNVQvgv z8YWCiG$Y?d+#0*6ezI%Z*^n8<^P>MM7S5D}JIky1yRdSij?=4P=8|9}$R+NAK8vwj z7Y=~hUWYttRN`knW;w>s1m!xT_igKE5X;q)qKoefaZ{sn`=svJjW{)v?)>bW*p+vn z$Rj}$reC7xxCD|+kBjb9j?jPqIVIj@n3!CAJliSCOdt}D@<*80*CzEzWyJPLfgD3% zk$5+@5Nm27V2?zAWoSFg6!-|ZB?^Rgzx8TOo(l4uUO+n7KChXs`z$0o0YS7_;Ll31 zod|gg(-^@@0H!#Y5nC|DL78!;3!5jNw@|dnNPjdR8R~_RlvPMo=znueOqObuJNCDt zOw*J#2e-l;+=_P&j+|-HrMMotgM<3}*G}r@QXjDonE+xGjll8fJ?nDOTTfh{C7mbt zOy2lU-Htra^m;)GK~mKb2sr=rA-KT{szJSU{ykLdYEmvZvD`@!0gTB}CgoI%E)rGK z3jE9^!oi4t-rTu7sYfCswnsvp$$KHQM&w1w%l;k4T&sgdq4O9uKekT%Xnk)9V7le= z^$R4{%pXAESNiErl7yc`)$NXuBiiCsOj^U0v=;vgZG+rQDhcju^dW80%{VhP%{Ze) zc5$ejxWh8Cd=`9;N%emsm9X<#)d|~2&bYx z-9fyxLTHVRetKB@;ByFxl5)WGi#(#_0{H)=Om-kE7ZXXxNgrYp#Y!uuC-8iyiieP@ zm;3YYBZf6(eZfcgl7qd0TO3X}(nZE6>G_Yb4}lr6yZjtV=QFk{o4?~sD`h_3o|hlK zHaV6bZLe85ztQpEs|uMxICmYY9z8?E(W$_p{I1vHw#|y7o*Tvs3Gl^uN+ z|43ON53`gW)Urh{%h8cSKQLXt$y0wf-N}Zu+_gMH%cf&Z*X59)iZ`%w#vp8Mz*8p z2cn~^SRgFDRS^Z7O4B0n@L`O=Np6rhj*K)T-<->=Sd%e~w3;2pavozrI=Xw_wue^A z{U=IVvcF_53ZRcA>tF%HbSHQq<1^n+Z<_T+ zVyUU=HwzB8cr*@Ad6=uhB4MSM(2$$ zPaQQ$e;iyR?++xvX30xvvOjM-*`ykP>LVBcHhrOOGZawC=~Kele3~SD>B(Uu8+LFxb5xCiYL8a=`9PA z=rDctvk^mCg4`PLf2*w`0YU)8`L-~Y4A>B-;bo9vgIb=G2QXpU{2S6m;4DV)FJJ#4 zP1koG`&$2Qi`|Y&!j7pEg7|#`rEJ zq?S0p*gQm9O_V@8MS|ML3H2l|%5{9#86&CSFL1f!hE<~Ohg3k|Iy!UmM3ic+L2-`C zH5gE&pPi!oIzte+;8aXShh3OTLV8Rn`%N?sxXQRoNlAU*Fqaw&FQkj=G^wkjZJl(Z zeXKu3PFY@I6RwIVO@(f#EY$!Zgqy1gEsl+(Twx5?K;M+Ns?~^OI{!wXBt0s_;9Z3@ zmkV1Zop1fH5@6$}gY}0bOU&r1B3MYk8-atkiDC`9#aODf);WZlYls^l#S2HOfM}g_ za}C$~H@(-(=`cM|(|#ZBFTyOnPJ{fc4XuRK;^*Qmwbr2;wsRnwHj>9Awh@VXz%+ z-W&nbSRdD9jJ_H4RCJ;&`0&Eb@T@mJnNGmU6POg4%L_BF3fo1LUS2#zsHkLs5M~j! zLkMHU&*kh#wN&%&z3Nn^>P^8pkyZ%;Bb)panYauflh|-7m}-^3Qwx zHzg&O!K5|_{z+PA=~ss(Mygwjq=x81NG^9fY+1S*lv7-uK&EmDm?^RN%?4XSe0l4{M6|3-V@cQ__%_C$NP5{BSFiupeaq?aTmgZOzE*tNe}VTY+63 zWA8qQ&*v?TfSi?GfsG9K*pZ@ z^tnbvJ>u6BxIJe_e)14*1}b;&Ou!Qpg)fLUXPCOXHw>#T5LfuU&;24X=MOp9 zkpBhRHqpcn5(ibAUDzLpBtvZ}B*!)_Lr}OadS^;d7X>NT^fP_2kndb?z#m-o->BU} zkIp}mg~UG+MDf5lwIdpqoET~y9@FemQ0+}H5vi#AM^+o-ckRHNyJJ~z({8K}oTBef z4lz1jGKA0a3i?>yy?#3*p`|EijPp^>0Bny>gcXNZ4Z{X)5} z6;NP<(>ASF)()V`HTJ)eynLg{p)WyPtP)smO(9qB-It&^m5I?d=H@AKhV)0~)-Ev? zb+Q~5bfRe>)@v=13Pz6ppdite5~HUW3YdxAXKr()&)_1N)> zCDkt%RcbB=5>gX$2h;}g%3)wBLk-aOu|SIwO0ZeuUs}dna2!J*vA=%B$%J_qQc~_) z>i*Lt{GXNobva)$QuVPMQuIAL|I2a^_x{6nQ>t#a*}Kz7j}QE>mCS~X6P)j!*MPjY(UrM{36Rv6nwM^CvKCs`EEsK=cK85`gFv>5QfWrdEf*a{~+wD&xHzg+{@3 zC=6l2H#0*UUv>u!Kjv=yt!0+q$~u@#NI8Jhv6#=O;B;)0@rjnLmJx40W2Ul@k!Ev^ z@XB0~%tSM3AACJ<5BZf-63Gb<;7xg4m`lHwho<`%%}`We<&^^{tj!?m>17?k zpr)qn27?+SY3m~-ydrA>BAUW-I6K>QTuGVW$kDsN81r;6f^GxQe$#=B$qfo#$aJ_f%*$WeGSxK z@bvcb{yUO`Axh4gr0ER-19;ZgN3U7u3$|}06>9l`#P&x81Nn-n$*olXw^bUwbsxTkZ&Vwc)dNbZyIvdd)@q6FGWY+YW`~@^Y)lsD?c<9Pre||MMFL%Ebxqm z1j1)D$i&da?XlY^q?xx1tJC?h^UTFNlp!Ekc?%*{dWs$md^!ypdF zW|!4@db|esiIBY6!@})RW-wW9hdb=9F1J5BP+dka=Jel$%}ze{I&>LBwz@opP_Yu4 zg&IShL^I(Z0l2SOrfovq45x#$GlaysnhTh|yoaXZ&ENQv&t0D{4mLqd0?>(`?F$F( zJ1S%)6mNcvKbSVf{eVi|U*|)JFSveo$cmbD^f%i<$;r5k-AlWG*^bSTGdboWJN8pe z?!#jrk^(EQ%rp!I_UJ|f*L(cyi(ddX5nZ$4blHykyTaW~=rseI*Ug?)UvyJ=?;w4s zZ44?XJoH1{hHF~zJx%pq&BoUy#w5A_P_39XD5AM}&jU~IApXRFi^V|i@J~6lO$&l6$ZNE=rHE+E43?Zz9yJH&+Wr1quiwT@Zt)WcZ0; zUDj~1+4uRAaWy4$VsSqj z|1vTyWAc>0ptaFZ-+m?*)ASY6x{u_ua}yMV?>+07BTMmLSfxwu(o|6=LTN2El;ZkH z*&%{!|CCdWa%GN{_oa>?9Mrrx$zn>iJk7TX<$aJxn`VGzwQr0}nfBF{-g{NAZ?PwK zvYR{B5EL6$5J`+qs~GzZ_gJC%-0l}3fAI9!_smt6PJ($uD_0O!9Ggiw#{~YGrwj&G zrR+sok`CGURM;?~21_6%Ja=mP^OFB`V41dTj>))G4%i3!m|idAV*V9@J8GsV|I!M` z!F%l%up+~}%jRy^>Z9GZX7EkA3&*>oi`sS8t6`^T?Nf8WEFEK7XPw-Av`!?-VRFF! z4X;D`k5ACnUgAo5eyv!I0wCKU&fS1)172hFZ=#w1*5`50k;690L$8P;Cc80KiMhXBPn7{c=F%hv+n3B!~Qjf0uGp{m^u_eyTNQ1Ol_?iGX`x>SW+ z1F5+hNKTEpum5s8wQ@Dc?VRw}yj>3I9O*$h=N9Bu$B#q3c`;hVzbL)9pFi^VdCTgu z)!_SAKfk|x{juwaYw*Mc@z2=pD&TFnJhNsAwTE(|?*Wg*9hdtr@`qWwrZ?h(UN>S+ z9+~e*Pe=+wO@-Q6mV7edD;Pf#1q2YQaBXE0X-bHofD#iDS^$)o{sF{tlt(h^kYV;J zGX>_5rlFjYjM-@+Y&Hm757WlurxmGUL zB8-#A!>FruCHVl4=!;KM)=^PP&+jkQb>2ZZTX5K-et8 z@diaS-P*+I8Olv|91edDhAX85)#4d3@!C5E_Dk*1cRjw$h9VjWU0xJ=2jLtx&| znOGTZV2dFNpzTag3fI+L#$hQeDDOr&+kSF$i`5$-XC?N2%P$$gO9-~?x!%up^cb>3R)lj}M8wS#?S%CKUC;_A%UubN?s!4rPzQ;5&K_ zK1X{_w3xdPiA;jWkLry#TZ+7WX8^0m7e{9|$15s1ob0r(M88_3ik(y&T){&cx-8?u zR?(&N(CihoRnKA#F4R1?ff_s%iXm--uFoxb{YI?tI9*2U8%LkZHfzQuM=Lwj{~1gx z)q{g+n|}w>>=_DgDY}fdr<%MtRyw=u^3lKZe?@s97zTVj)87d(WyemDNTJg_p1b&% z-?A*;MomtJbuqJuy)@&@H^82%%O3+}6Nq@70M-o5?I~5#dKuF#vV8d6p;sz{Luyz% zUNL4{dRXPqV2Aj>lLj#X33B%HN_F3$oJFMLJ}YSXD^zi8HPiG^k03UFdXaZu^Fk{9?72TS zMg9Czkyng%6k@-uwb)94%vl-^W+LE!XJ?61X8M+{ru&`+?Y3>e$K?l+w>^809p|hk1&CHlogsoXDxLw|YyK?P0IwZ4#j42Y!5b1D=3*`ULFIR@^pRh~GGQoQ@Tmpm2i1!eXn zhfK4R^<2#OVIr+DHLGuw7)D(GRU34)i=f(2f_BPcpN7pR$hORUXHQAXC6Ek?wNHNu z02FJBwTBdoXc}I3KP6mZ-H0!&i~?U|Bg8HPBaTtB{f7E^9nqYR(>a2ZUft~|Y(Y>k z7rqHd3}%OsC4st&_0GFF*{^(!dueOp({-^GCs5H|^DXBNNzDOTh8Axz@4=*CtGox+ zGn};FYoW<=)V=+VVrcNRj{PgyX^1qXSe?)75|JXj|HMXiO_8|ZjkmZU05-GW_%ep1 z)ERl8c^<41-Sh6R2Ap3O^`7SB95lid#Ix0-_434ro)1ptTB%++UWMA4%D__xpp&T# zB7D?RAqR(>wIbo*aC0SBdWJks@BxYI5)`^d%sPW!$L{x+>?ds2z6`_aooj)fJYu&KLB@HWnw z023vgSRNvgAtLl2P!U5ug9>FC@=}>zQ`n^f3$S8`PgP2EG^6~wChyKk3oiJtV4+S$ zM_Il?Ljgyx@4nmakg2fjoFP{W5E}fZ_iRc=u_%7zXkVqrb7`f4?DxzagUdkd=J)URR(b@yBLha6dHU$Uc-T_ zXQ~vLp}tjTWH0;0=+~Dxx&nmPN4M`A+Pj)0i#uN0yA{rVh*fe>E}`_)fxiA!ss>Kn zmvR;1#j)*_OH3nOWEHe;p(^9z@e+AHz3m;EWkO7ADz?na$1UzRw1sh%{hNEgsq#{J z3Gz~b?d9uig%V17fHQrU+QcH^m8JY{Z%#8T;FDS7LH41l%slQ3I~fihS>pcsovkY; zlR#j`9%obscqaV(C5szN-kzveCry=mPLt-s+rs??*@{IoScqEpG5L{PG_S?sMU2F( zQFY}L$`f}8H3r$Nf8xc6p4L?s4OtCZwM4n>z76eY=o+Y1q;77D>d=`LEiXFpx5x9J zRJySZRHgY-kXcyMl_d(0lqHs~1ZeCo7b@l(wmc$cy;i0;?}?D<{UCyymoQV(1FRN^_WKt8ob<@;a)FuACQhETAYUM=@tt#^O3qk44fUX2xuOf> zsD@F__Rn{fmRLuqFU3!VWo|IwxO;Y4kF~RdewTsCC0G_gIP#xf(CpluvsLS~i$?I5I@A4oKJAe9TM46|YvQ_B z<|35C^luQcIJ6z>flSQwc}6(d$nl=^#r7qA%c@Ey6W;#el>p|RoEt}rd0j~Z)Gd2A zQ+8Wxf$ne$5|`!v)WZOinacKoIn#PE{ud$Y|~Yf=-h~!*CFzBC@7EcN4!( z7Kh9Ebg?a*;o<{d$Ts)c!E}0PHl$O%nAfGST*(W~>qqOO$f9LZeK(q29AZj~Ea17P z?Z+QEaG%CeUmMBIcL(#5r>UgkAfM=vMS4L8W-rJay z#uaU#iU5`auq872x)&}zkPvhP(f z;&FfBOIMv9L9F>H!VWJ9L$KtvoO_eJ{&6sI% zWEY}PxbPyK*nf78)QoN#8}vzGWrCT^8bBYGN`5wT{jQ}xXL62joaMuc!1zSFh!T-F zJFf5Tz}6=2Q*kx%eswNd$A!vm&`Dq?O>gz*M0dLpIHiHH?ULi{Bj@ZHHn~=T`TJ$O-$BPdQH+taCU*fH4A=aC3PkjC`1g= z!?kwIgO^QBaIGCZ5Iv?JtPR(NR%ugrnAqMZYvefYTwpy<;XnM9LBm6Z6ZuskLBsTE zD|Vvp{p0k!w7!ISJLzTYci1Ifr+KLF{ zypb@CCZK&@{+_SCrk5Ar{J`tnx!p6XN@ z&5*(R^OiXe9Xo@eNbnNe&ZR~nnhht%`jodiq8*l1dI|L*fLgKiO01xGl%A_w9ei$e zuIzu$?MhLN0H52lNI&=)eD0-&%OYNwbm$m)0L`ZxFN5Yo&(27XZu1X6coT1~U8Rvu zI)gfy$XzA+an=}Vg3YNoN)ZV}_*D^;jLP$tKa77Fx;;W0!oG>Cu7E%oLmkcA_sE`% z27F~14ifO^Lb~G+#gLfUMNU*7-h5crlV(D<#Y*(#O#WD-clvtP=NP@ms;7T_`;hOw zx5Q0h>sT%R<7s9^ppdfFNPVqiMuc#88GBB9E~NZYS-xFq1pdD+AJJE);|y?L!?Nsm zQCr~1*gq~A)C}cq?V4#B{bKlOrEwj z!by)LYHSgt*+*>4lx+gCx}R@^brhQ8ao80KO>8~tbn2NRGqPx^K8~s?6Tkps%&$0F zl(UPRcsxGx(|CL=-7ro;(1os1S3m!u#oOY{_w5bJ=e$T|#^1jUNz~YvZSXhRS-6*Q z9i+z(NDsk2Pj#sw^mTHD?3XXkJ5Av;8^Lp}K!)sdHFYgux85MuOBz_Iz+IWmBaONx8#f}CW9krC7M(a!#^FG7{TP(T8cV}t1y8yOfYU>`$31Ypw?H+1fej`8{ zakNsrlaAa@BMocmALKDr_9Ylmr7$WR2SYR|=>8ZkC5RJQqWQecdJ`W2rQN&4Rx=SD z@eDj{K-1X&e;!zIl4Wd7LjNk}z)|Sm_`9ex0jpSYuWWRV!hS;MTh=jT8DE;BIL14hr)>Bq2@V{SZ4YV z-&h`?uiKJ0V!MY_F-(PEB(?bAB6ZUuq=+|AIGCn%jKIS=y$8?T zfp}qZ#Q5;V!$9t5k>=ci__u+d4QRY&dh)Ft%@Q~T`RbIIKdPu*K=YM4BrP*oU`ks2 zHbdsYKa@9G$88QyEJUdxuhEoW`VGmTs=)yB4?L>Ea<6T)&?mdhSSu&5uB*y|HG`2!3f>To+^IL%z@c~8eFgh;#j0~6NixjYpAk#yBjj# z+aDv)4vMwK+?}TSW4R1m=tKDp=E9J|CFU=lY(~A^KeK>JOOEyzU&r@kJ=s)_$=m&o zO$>&3P#C_Bc4D7wYs8}Zc1H492AgS`!Q@JOqQR!j#W4Ib?nh-`C%j``%CWkjK%yOS zN*4Wz`|g7!MLiz7Sw-<(vHAD27mV+r@_7H3f> zBAY$3V_my#L%c4xmwkA(d0Ar9GTXC9FSu;vlgT(Wn1-EVraK>Jz8ZAOiyR-ELH(V- z@@w&Y<+dLQGj;C+_aFa>+&Db|+^tE1pV*frBC1l=l}2dVb1fm3p{YU%Y?IDsqrzPD z{rMaZV|$i=athA!@vsI`IU1Fi?=_>FHzU;?Dcr#!+KOpR6Z~UiBT~RjwHX0(laNT~ zji}eWgI5-6e>La%1?Y>iMCb%wfd)+5AO%zQX^yn9X_F?t=gof-$b`t>#xAe zhd*6-3-F!&Xk>0Tw_5)OleK_9s`x?+Rm+pc6IlYgu>2a?HYHKCUI$g=cyaPY{HHg$ z$%qUBbN$_(CG$|KJ%#H#X=wg!O7mg2xkva2m~7(d#qaj+yFwuoPkygai^GxVuAe4;tLvU4jI64SH}0?(XjH?(XjH?iS?ElYDP-e@x9(%~Z`kySrDf zUcGm}-^{v;9CL)tZ}zxb@c+eU?plC>*3U?-A~2bjkYsK`0?53bJ4dtM5QN4 z7v=Ids)`pMeurI%ce>p}v8=vYg@lE#YuOT1fb718$pmx1k_Z(<1#G^fQ;0@S9YT36 z9h_vHG@w+zP)&`(3{xXy<|CT5$Mi`Vb6iArgc)o0k$ctQZ1mJQ4z~cUEUW;J3iYGu=_Y0B7xQ{LzJ#{N?{qB_n=; zoFR7f3(TH*-SLn>))M43vuvEr_z=$S2;yIUBb#mtW6%d;zP_AYog%Q3U33x*vKP#y z3o_p%i9Y_XMxevmVG0o=m((+^B9LQ1jfdf#0IQNMgq|`^M{4A?dF_C!I@2{HpLF~t$W-%id95py+?1KYD$Sr^D) zyw@2sYf`k-g@ar@kR)dKBdgig!_z}B(kYfAgE%Nk7sEo) zfjpz6kN92?TEZ)x*s$F(rAl~3>PXHML%Tg=o48EJpyEO$_C_@F!8}&PUxI~e?K}Hm zL|MCj5^e3l0@7B3c!IzclKEIt@WM{Cm?9g=pAE!7*^YLq(}}KfHoyKF3gjVgnai~6 zd4R_R^2lJ2?a13_t4m^%ey8ZKb%Q3aq@vW3r>BSDgiw)zttR*h@?Y%}eVDF?O_?JwB8sE{E|1rL2a6nnYZEpjFU}gOtty-r-mGN<4cHy*-_Z zpQ+8tdf3u&bVJEI8^GQM_wsxePmGGOT}@PWE>J>1vEM>-+Vrz&VPA3LgH z{5lskWi|sQzYoRLznlN4f>Q8NA>v^8t*kbfad#5WmkZKxv1G`od&KFO^(D~P|JG|J zz^0geDWn(yT5lGsKo0bArSM05~zH5+Y8Z;YG%W@wK#pXK7o z12-9VKR1syb7!H@FfuX#!iBRzeD5<;8dt-kblr!hHTtH@8%L&*mywf=8h@%FboJ5U zZtv_2+$c|?1Q7Zl6ptZ)eIQg4|L}Mv0M!SqLv4+A$FJ9cKXX&W6)@uNjZ1yd^CBYugd%d z-V3~M#Ovo`q{K{doZEHEe4EHBdDI%_4t~VF8e^1c?Q3!-Hmt{A-wm|@;m9@w1siP< zu;N9ap+%wqcAVPAfYJ|*Lni>Ok?bIB>v~wgQjlxm#J->EY(K(U60dg4cx_2I)KLAl zY4J>&iVXg2x*N_Ht`OA^^9wT0g6A&L$P~=>5hhC2VeT1tr7mWBGhA%>|Dq}bGD}mc zv#?nfvM9fnu+PE(^iFKJDjX&AG(1cV)9G@~?N=AD;r4?JSZq%FJTnS9DB=@1@l1(W zq126SK&5*c*lY|`;$;mZR=Je3>72?`%MLb}bxXPO(XH&ex6;bKdwIfdN*ZCajZbwt z-=`=dYDH)ubhaaFUAubTUwW2!_Fb^Pe8~Nv-zb*oXlrT3b0yv;a>ZTc!$F9Kf_fR) znw_bWQ5cQ}{LV12&?r95NYL7p7e@jjel)t44UQ3kch2U8vwdjnTC^A>`BRO{t>YxA zrf0eg?8Jf#drui}WA7=zewJY~nYN-h_ZL4XL?I!3M(QMP&c# z+uiv(ggn^USAywb3Wrq=!6QYJz%TWyaocLwc}>F-9YyEY0cg6P9LwaUgio|0W%Lyc ztDWK`a!EEfaoxt)(6lfyoH9CjfO*{u@7&Nps1oD{<62(>SP%; zrz}2WS#!ZzJA;hs{O$9hI8X;>!y7AsiDE$l#;o>hXwj}H?CCSlN|VZJw;~aY#R{2H zAcPibKK9RrmtC6m=#EE2*}K5x%ECv(-zm<-isC4(4|qGP;K8Lujjf8ofJK740L}xJ zavN-jFMw#&lAAbR9$qpD-o-N;QI^Ochb$gflZ)yj+0N6BX!Osp_=BS9Aj5j1f((mq z5X%!Jc8SiN^5A>YiUb_U?T7a!JLl=X{8|^nksv zEkp ziv>oDCDN7s|1Xb^?+ty6&&&gIVFF$8fhS0{1y4eMm zv`&rm^<5keLhAwyew&Npo{#K$mP#U z+<^u&#|QuDIhHWtpDQD&bhE*1Fs6AkCW zL*BvZjC8u^M>$0ggo!BYu(AAOJbXLb%ZFGowm~M8m-6ogb%;PW#&~NbY8PVt5?j+N zG(#ytXGsM2h_~#w84VZ3owxyFda-TYLjp6L@tc?p7VYnI%7GzZR9C1sdHtUiVw}7| zdasdEmJIK1ioNJO!(c!BI8K=y4P^1QlAxG{?8RPmm;S$dlj8<87!Qim(OHVL|uMv6{#$knr@1tuf6k z^fkhl2c+yCulB{RFX`2(8k$({Uz`bUbQ)^&4+N_s3T@1P$B&rXy}m6U8ZdG0O)yp8L@@%!~ zJ};&y6Gc(x-*hJDB1wXK=u#w8i$m4?c$_v}Mx>;Z&qNVF8@AjaKjVyuyS)D+?q}S~ zay)$X3nu34?eVUs;~5I7>_7Md{HM^yW+sQLxn=R0fB+_zZ#w+yNsm%s2fxz5k*spA z9OG9}*Suib%zDm7M=@Tp<&=(-#U&b`>a9ZxE=`p5z2{w#FE~M@f%4QL3;f zXxR`d5%vKMILl^kiEkO}E;_?QwFXFtV(eAAy~O)qI~q%Al$Z(-9ohdn2p zl-OwJ|G^H+={&e8o)YG)HL!IRkF$|I<{RfvKuag0#+sOhqf0>lMaQ^upB`mozECXc z57<4F;Y*I5;E|{gSTlse!gNY!n#k(LPx)fwllwyjg(-U8vwox!pY5L>&rf(exsA`G zMZMr!+bJ_wLi!3%jDm{y7XTq$wzez))50scj zE1gBQkSL3Nuk0redXJi_LLQEygh0eaP!KPWjS9nK_D3eMPrCZ%-gXwAyj5o}cR=;| zpVEo$ZL`C~@>Y#T`>1E!pN?Xk2U5Ja>6>OXM;dI>%oeN9qdiU={=>mwPp889#?e=zS?g}jW*;7 zW(K4`2fpuZ4rv4zm}j%>{~l~PYp9|Y#I272sn6B-^3_@5k~Rthi*9EKMdzYAQ7b9= z7;@Ly%U`z3AYCOsmzVKV_5ssG;o+Q&JmaU4IDYl1AA$2##yuLg(3BCpf4WF?b-+$^ z{~?wlVUP(@ygIM({4x|2qV0fP)7$~nul04Bm}k;71V&+VWiziWebVWGz+&{`O_Z9P z{y;^=3$NeUNU6lz^J}*_o+tAcCZ(wvM%muO5PG%tab$CgE?$Z|jA;ycyIG7$b7={p zohr;vH$n#}oh6n5PK00ma7mIt_Fy*~Q-JaH_iv7Glt}*iOLNKOU_oRJOQ9GDtIUc7 za(LAhbHBO6e1;hguDb{$_CyGWr3>{*=Xi#z^>ciUO%8G+b|G{~ko0zCv_+Mg_6GYI zrle^9=}%Tn&c6l%e8pYv+I-VuS7=0*X&MF67A)_{+<^ssJc6@2Na*i(Xt8liX|B;t z$H>rU>0h4}4RNlfk^)k-zF~TnxjO`zL*O7X#tyCUfxEZ{p&;WLxKNTD(tC67~fA0Z`H{S&4;C2J*YF5&A}(q}TcWE?gd;<~n_?oh01<)jj5 zq=tgTlv@gWQJgy_?>P?Z;pKT{^G$ToTF)?p!oV{pjZAXg7TnM~os@8m8NjrxEJA&o zCUwz^YXYjz7bi{)ZL!fTVQk-U8?(A)P-WzIrQkY&%tztEs9)%3+HRQ zl4H$E7o};-kT4m0M3aG=(}PiKN?*1ESz5O#;@<8Bd#X!v-&wE&#tFTjWF4@Ci$*GCWN445bAYFSkd@6gc`f17G zB!br(^Cd}2^oy&X;jy^1 zOEjDcY{13B9tPw4ua7eB)2BoeFX)ohL6y1q9ycl74l+y<`D5gbL;&NJ=5^##&7EFl z7dg!94ph?EY6G>T84#+UdA$JfJ}6tfIsXTX_v5FEcL*HpeT*nUlsjjAQXF0f?jLO5 zPjNc1;K8!s_8D@lj*@!mzMz^T9T+7)vfgwDw$QLn3f+4^HgY%EaN1 zz+j+W!|e2S4lr znhAIL5-l~_L__?T^b2bPS<|D)Wra6yvq>V50Yx@PZzcX>HwBS z51mq6@oBbZz%g0#>bPJ^6I;K|vDf&_a+0&VJ1OU9A|8BQBx@B%-G{Zis6y4ok!qpc z0IoGM3zO^fB0gzE*k$CeWnR>#B_`{nzd7LzF=cWUV@(Dl$*-WE4p#Sw`7gBPS?~G+ zOuW!1;OF>Oz9=I5sCiV&L_{b9RaC@92J(GE>EM#>kL~oC|3vV|=pcldRiog1kc4q0 z&n%>%&=LQD#5THRmat$nku@ryxi2twqU1d#uc;aFp&PZEahfH({6yakrGNbf$xnRumo#fMik-#wyK1Z1VZg{ous<{4+BtNlD=@u219&c z{ipSa%h0sTx@5f#1(g?69mSw`uYqq;7-GUFX<@0rSvB!er9D*=4NIecW2{fd6)qVQOxB-XV5dM}Ih`e0|_nzMK-tEcO3K;JwByus01 z$~43a76#7J7pE~`ILvHJbYVV+Qj4};1lQ_=c6*u_@H!Xq`YT`KSJ~@LH}_C3-wPYX z>nP9d*{kYc`cnl&s7}OKlK0GBP|*`1(&RhEKo_yHv=kZ#c4kG+YUegbMENP z$KEs;OQzUQc0`is)q+TQaAl_#OkEeqw!B|dlIPYZde_6?#IZ}#I}oxnVNuu|6p2Ls z7_6fVn^$dM9hy+!_0{D3iiP{go*VZ&_JF3dYqGVE-b7W;>kHo*9`V9DENPTpZ+CcP zTNeICz&@5DXu_<$Sw?#~&_ApJE6KpfA^~a!l`-36{>;59Va2|J{_AMPKN{k-PeOX1 z0!@%UYa4_-prGgrYns8eF6y&s9ArOrOtE6$3EJ@KR4T=>y$xoh4_mn|0OyHl@$0e> zJfW$aQ|z+%v)YzYc!wluFh1#W_m*Zn}VMQJ&w^XA=J0t`~Us_cc4cCG7+?-1j5NnVzTG72H zK#~uC&&qn*eNg1m*Vk7jmFp!n#;DJXjpvKjU7%}wlluWiDz#;hVLoiJ%MP%RfBR7$ zCfiXGmPKEt(Ip{uqU-AtbIb%uOhx^N*kt24^lrRJ^Pmpp>_gDtWQ*WkT`JNo^!q;e z-L{Noa^#*<)cDTAil#q#2U#g#rKf1$i@OB}llT!iRFFw#yyJR&R>dJi&GfT%un4%T zEqQ?T*H`w+G{_aUnCEhU_y=BD8a|DYe++0kbU7nj75ll$4;oajJv*vZLk0OQ`-=%z z@V*?Py~U#aDgjna88mAOBsOMwRdM04?6fB&N_(cCk*qdPA4_h~pA)9>BW>iRSqqY` zU(6}`aeZO4bx((xS4qlhjvuHuIkaI0+_mLBT(|0 zefXEB-G-`WJOIQ%2>*X%_=zqz4qAM6%}AvZR6SiQW@Z|WUPQ&l9`Y1NuHw0_NzY>J zLmF>IcX$0#w_C?NbymRy$JEOaARQTO#-rU#0U{Pmue_NBO5l zB2|^H6MgqF#JU-4nYIfG!#=H5oBY?=8I^7==(2A5hv13PK}$1hM$4t3Rkx7K%8n;S zAHK0vb}qIYQVX@-w5=_50s?U%(hk2Zf(|Q&I@UX;v3p;``&ix?C-;@Nu~b4$+_795 z;(ZUxO{rG1-rC<09ZwTj3ELSk8=1zeU~g-{`l^S)7NwOVb<^$O;{0mpw!7Uc*BNp| z`0Ks@av-ivgj*q|4fJpI|70qO)5Vz3+O~dC(DXt%kbOWIN`(TrKhNRpM)-tOW#q30 zQ;=GMFA1ZdpQILGQj=)r-&?0()r|Q!;g&1xY|dP>V3v^ z8UBiHu86Y1^`HEpC0$syF_RNiVsM5Y#66^zXDxwVL!;fQkEBsM!8iBvQa@7655$=` zZkfh^2ktjd*J;BJWNR_P47nFwNq&BMkBvimsLpHP*kWRb{wG<%qm1fcVgz^$lMZx; zJJTDK%obgsH?SVQ8-ogf)$H^$EFcha4p7V{_Y4kT8xJSJVrFC$jJ?YLN(1FmL7 zDKI%`U;i7+YG5G<^WK^`v#nxXksY$Bg8BZ)zOh#L31>H^yqDP2F$Xqdc0=XO#MEaM zu&JV6Fpu9AVv{TZYWijOhtN0U;0SMol26qI6;k}G$C)B>762|?e@RN6sKBdxzxSbU z-uxAv{jxRQd%Oq{y%DHEIfDog^R5-Jo4XJ8EZF++v4ng~FOwKs3if;U1utmWD5uV# zl+H((4{JEt#y(Lozd#e1>{OqZTK0ElCvxW=wU1lEEV27yXdcUkwWwk@-6%{S9q(uY zpvgj`fR384jIn9&mIdLjr4v|?2l_J1Oe<7GzU+{xGZ44PeA$tKYKbr>mu`rQH4^qq z0RkAG@U&76OA}60+1>nBPV_Iz7ko)Z<`gw&8266k71!7d&Aop$3@u+9kU^UWwf8(u zCl|(IO7=YNmpdaC4t=Eld1FcsMl)acv7>d@53pc?Z5+0-PfJMLtHiJ1Lv66A!`hFq zz&dQSMx~h-&ftQDu`Og1195j9a@wre@okgY|J zyCh(MTcbt-7wf9vW!NDWggwN;ZW0pqt_~rrDBhydr!l* zvqqHVV|gX3tX5`@+jq3EX1nvw?Gkf=2>{kFnklNay3F=72!u-JprK9K{4oA^*q9U< zh&?o^QSAXbPox1MI?=Z#t)?n%@x;Ybfk>-70_V{*}N}DV;(+Tuk zO*a?iHy8ZC#Zi*xvoB~Sxo8gX4ozqqaKaBc(vfYh9aOFtF{<8Kr@FfH=e3< z-6`w#?Y)R$)6>3zOxf@g%5*8sCF1y6kBI%(t`}pvVpc_pB&;)lI?5}&r0h$Eh3bLH z8}T;;INaQvPI%qq045$6*TXh6f%&hem+fBnmvkp>o6+HdjIj9ahw5ya`#vUi4Go8r zhwY{3;Az$gUYZ9gmlrJTXRa5%_uX-%{erE83TtZF$cyP46Oc^|X2v#NqK0$*DG^D-7l0e&nRf>3D zlfd2>>M!1LT8pgO46h17vsn5SFX_pmPS1|)4uB`qJkyS|cQxSnlK#W#*3|-kDxQJh1Z5k- z(`b47A=_u^s?T)!XCk&nie_SnYH^Lg&+3a4vDe&tv!G_hwwI6rs$B=0LI3nM^Y3!r=YM<^(a{jqVhXt z9L~dF?lphxCf&8$!R-z-o13ed(fi&k*B$}c!$g%g3-#!6$$H?tOekBKK-ZyYJ`FDu z{8sJy{Q9Ft()b>P+Wui{1l`Jb0|ycbm+eG=< z7<65Fx6+kDuDHXJK!Si=?~t0A^U6e`fLzs*{?Q^XZSk@`q780WdwUxzvL$^4uq7K6 z&giLMk8~ycM8jIgQw9g;fR8qlvV_55)kpK!j+N1*vcWF=g(jOk1DkU0hCA1db^)xp zJ-M*VK(WL_+dm;Ewm3ZV^@@42>qYXSiBIJ{+TNlM>)c1`wUb5!Xmhwrdn3{-b0YnW ztq-A=#w+s*d!seh)-+Hz)<9g>`|PrhtMxgX5_&`x|db@3g%* zeDbpG%J0MV8zUX2#s_(2WNBJaOU>!auj{1IadOqNRc}fMa!6&ZCCpf6wljb49W>MI z_7|x+%dJU`r0`wLSTxK~kYc;7xlL=e`vCEpbY`Ez`hJa%dbZBm_}?lvy?e4jtC$2d z3R!fUvW?lzFK-J>+QO+{x2uu}qgkNuCChjw&GdQ%-7l{^&xtCXt-xCXKOvy@vy|Ht z4Eie|LEPjd8?M{fT5gZtkD9x;*>wq>N6kaH|H$K9G=AW~NYYFs03h1Us-{fNn{P|` zzU!giLeH>i@{!!ywm6kUGV80AZvq>Yj;4U|rz$S~J{ zG-r|HlP`J2bPY7kH0MJ~NwGfq6j~Gy`9X;WTSYaMj4~^~ifg`}6!Ral9q1++H7QCm zfie~#$doe>jYzcio@8a9q?oQ_bZ#rG)q@jC6}CI72|yg3JtY7PgTQuDu+wtg)H zpjS&n>wApWa`F3<%eKax0;`1AMurA^t@4zdX?EyyEW$1o48LYQLk{D;e$ALoqlJyN zl2XS}{T={&Y`4&sX0BgWy(A;IHC+OG{JRxHzXU7Rr*$(r2|}XU#?5ask^}XA|DI9y zQWw*tNfCy52CLiN{Z>VCKtMh*60OlOk@tdzI8y?8rbDZd*tBDy&Y_nj6DxN>7!OdcpTL=j&gIDTHap;=wu>v76qNX?E$#j)K-`dWa=$~wbLqQuCI0Y~E>JUW zEX?Cfc6V#5`l%|#8{>d$If1iYNz|wQTaxQIiom==dB|`06PV{IUm-+5L_Cp)*Qu{) z9mQeJ-{l-)Pr3pJ4C@ymsli`0e;6{W$wr5|6W9h-nboVxct9v-WMl^8f6Lx6z_$E8 zlO_0Uo?ZM@V59}BYQ6Uqz#3IHJnyRK=HRBYNJ)28wWG#a`Qc(%E1?zK0Hr){u1w>4 z?JMJR+-I+r!oWgz-=|F^MhDK7TUBgK)I0B!_=ntFM#?}YK$!6uzta9D=g1$NU^)LIxzdTV*+E4I8y_^kftp1-=h~-u17kHa%+{U9Lqv91 z+**&nkk6`HQ4XFrQx0BOM-hsjIEl^ML*sg*CRMT3GZU6E=Xw`Q&f34(R#Jyj#97&NF`@-=MGY&X9Qx4MmFrJTD(BRT5x-tm9 z6r@2c8)G{CUTNdg6#iv8^-ISVT;TZAKA+}Y^LTJPl8Q`c5f;N(C6&R^Ph9j0;|0I6 zT|Ca0H~(O0O!wl0RMEu;1xY#SU@I@o zRt^6`W>nu=Y}pM1xbBglq|!w}9X#G!fBRuNy6{Jaar@ifMCy_cYoRS7_?s(etbGi8 z=SKk<-jm{QQ-WD0+U3o}u1HEDGkau#iW@c-7rU=R%jA$1pR)`sgi7^(gbplwlnqOK z_0mJ6)QQdgRr}r9LboUijr|9}3jQ}U5jOX9k|!&5k>{^|?9A#Ur0dK&RkO($ZGY$) zo!gt_CNBAo$H#uDeixg=WhE3DB^@f|U}?at!iAvQ;j66iMBTp3G=iHK>ygjWWf0x1V+@p)1 ztfYsZze*t`QjmMCc7%-c*+Kj=D683F`|*MRJ1Fo*RV|&G1A^Kz+wen??~;DpD5YR! zQwuF&<;ycfjY_9CX+K#gUJSdWH|h9qp3MGo%Zmhy%d`Q{ixj%+=V{DJwZEvDs}7X* zY0On7;JWx(`qrA`KMdn=8iD;aBSOC}FOpOdFA~W8GvXEG6L|t)Z4wAlx%|{1dcH0v z6jRlC5~1-Jm*nu(TvtnA>1S`+W$_49&(v`k*Z#zKrW(S8^g%VpYydZ9A96Djsd0-5c9I zymKss$bLZm1DrC?-#SvFR;Au+%A_7_MqO}%tPmg{(O1Y9Ks_bDd=w)*$d;H?$Lol~ z7&&=GcJzQN^YAC0+6p-8)yDpa`>;hc`X=1_tf*)@@?)5Cdag_lgya^=pZ$e-xxIi2 z4XJvY5e*kyDl$EQANVsN5tnYR90tPa4*vxAJ$=E#8|A^j7)SC&MS}dS8Yqm;b1u^L z&J}Yi^mettAUJ+n$Fkn1sx=+s!`~Y4KDrW?xhvHdPcNR0`UFYK*uHwdzHxsM@o6C0 z6WTI)JRJ^3(Xp3S_Fp3IW=miN29Vzxcz2Ij|0*2jME{`_WD_(B6!;Bi*@fJ+e|lOwv}}`dmf* zGeoKTgCPU?1C*Ty_GpZ{!^?(OzD-pzmo<^QGQ(2}FApiBeTYk3X%T(@EYyG+0j~V> zYWvOJ-{SM2r6T@i*;o;fx)Ew-Njw}YfbC_$l@zl+yA(X1k=%jcbS16+xUMlc%@6EY z5f{_!XBGqmcG0wI91cyVCt*YuR{sWJLWr_wZXs{Y^dI<{ zFnAx&e|CIY%Nq~VVl78kB_O0roJJIA@@9=nXo{g_sCQKwpT%-7N8Q8uB3RO~;G3|O zPlcg!FH0+Wcga$8G%=`_Y{rkLp2Ap0nTC&;L}bwn!$QLev@QJTzV5bzj(R(nz~Osd zmZmX}>;UzW4G`FK+sb#9A!-@4&TS&m-uwNarK^a0u95xZ$ybzhBW`MnqD)(qB6_HN zu&*`;#UJF~i>y7bGD9}Tva=AlP>)`2auTq&IQ{o^zc#C{M^B!l_EVPR^kPw`cD4`&&!(IO z)6$k%vANrvEFM|vVY(@g@g$-`+Qs?nCxEFUX$vl|Ep_)BYK%GQa6L@(3|O7pPg&uR4ar;yl?sqiDwD0RbRCYbGI;u8E@j9WOe6jjrR@mLow{E zzjFP3+|9b4>wAkLXV*d&ueE?#rnZz!Z_W*?Rdnu$x4LiON*&g}0Xv6C9kLBwpnHO7 z2Q582eg40UTe9ADpjl2F?n}t9A zvM>Rhpn}a6CB+K`%lGz7D82GH?Fls6gxCSslZ3JzvQj5f5HCu2Z}NQTTdT;FS;H6D zZ%j~OAnmMgIM`|eXGG<1IDYRFV$Yh^^XcZHW1LLeQZ3qk;!YJE@CC*IGqiWPTPocq z;efdIz#hpS5&=!Q?H^EQsz^Ma))u;ha9ZZ4tfX-)tKf&h%fdjaSyd4UC1)yXiP%{m zh>c&KpOuI;J_NqCnqg%=rcll(F!_Uz80(g0n2y#n_2T)xA>9|7`AgrO=RVdKt*Z_P zMF9Z|sRs5X-Ip~2DaGAAid+Be^A=S;q^YE^7bO2g#>hw-L*TP}nD}pUreYyGs$Qp~zd)<}A~e9e$$DH>jPe*6YGIi>Q4u%k z7%xDsH!K!Eu7A79MfWB`sXzXU?}?PGHq{tMbDT1eqssG@;p2B%llib*GFBTsuS-U& z9JU+czO!dqyPOFH<3Eq1vAw?cQV+IFg1laex7dp2n1H&(#i&W7>xt4cJkCFIWj8fr zW=}4MrtI<0a-k{`Z$XxO1F~EIkdxTj+=$Y)RaR2)Q#V7kpJtcBrGppf7~S}>H+F^5 zTXA`4NN`+p6~wZNp3DJvV(U9rwI$msg}&Cv@^U-KHm`SoD^|+%YhWdXsd@WT{%dO^ zR2{YdGELsauV3Mn-gGV+-=)6B6~g%CQrP}ZAk4pdDXvHbLwBkbhWU(r7;)&lJE=a2 zRncj)NRnRW@jWUC3j^`sb07b$*g#c+=(x5JAs566P&190tKdVz(zHDlyQY#-2>bM7 zf_#ZCoHPdYMpZn|CxN; zPc%`jVI$QZ5wVa5Aew~l`EPZ7mC^8+dWVA0g9F&O_iYdT+Oo`0In-k%c6y9^(w~gR zw}}pCTCY7Xz&-9)gEB@jP)*V)QxK7ewg5OEo=jCY62>lo?JkDM z8MNIXtCtkO{?weqbFA_p?CHuG6BMa9y&QQH*}~9&3kCVjZP&kXR6t2cWDwncMiD5~ z(0B~~UwMO)Fs3f?cw9r_2HJpcT!qFYR}ptHr9tCB%u}`o6E#b9%U%z%Kso-eXQYa{ z$Bxr`xG>VW+rYzpZ~q64vdCSno4IG`3#AWA<_qRmId7#bR^OwU?m6!@pQXhi_r&G& zjd3S)*0-EHm|JgxD`ljL0zC|arW9$vD}PC)47Jz#V#2(fZ!v_~tVI=6&~o(*{TqY$ zL6lb`{oe_12=uw8iPQ%uaA~3h|1!$r%6N%cQ$Jo!fhiNEj8m6aSbZX~?>K$H zE@iH8$`<#TAr@7SqI$=@pm!7;EGe)sRdh z5)8zi4*3fdhmH0vExDFwp>5g+D4?5}H@jdEV%(Q+O`+^(@`@#9fUJ?*y+YS zBb*~{?j8_o#>6r<_fF-(<7sP=FTKHk5lDZpwmsqN#iqZOr~L z;9E`vR`iWSGWj7dGF4&a>Sp79iIPysIAe#9=6x=NwxFD(Z~JdKU0e>r`EVD3Vi_-v zw{~qY@cCr*(V_YFP$=3jy%o7kn~ORKJ}RJPT#_oTi3veJz$VzELDq<#`%???`Ez^l zOad3csUh~){bN-0>B%eR3Zvse8z>l%J43~{;z*Br(89!;wihgq2oC!DUS&b#zkiPm zbS$nsNsr&=&KLiIG-r*7CLFTZWl_YgCP_GWWw0nM8f5j(r!R;Ws~ICK@* z4z6STzY;RlnhR-o^zWW`b&q2K# z7$Kt#=l!3;0*0-aC~aVfbaSWd6O0d%KR3GfSMxC5j2|Q_rPE9tZbV@GV>Y;`LBr>2 zA;am;ML^~UP@4Nn#T2yAFfl{a3Y)N8pN12gHW1k|Y*GyMtfy-Cd9+C|p!b;w-|yW$ zw6>c}Y}f~WnXOVaRVElep5Kb?kY%z%Tg1-R1u8CrC4!3s3*?DMf_pk6Ba~S$_eK0h zd~C1gJ6cirp}s9@ng6v{BX?*~EjNG~OiNx+OWARPcvZJTby!L}_ZQMKIcwh1a`hR{ zX+4#LX@pr{4+rW?>-;X}hz#GmFos=g)%x~&~Ao&Fs>OqX-;U?7wLfyLZ z(E@gOr8kT)fN_K-p)}?aM*HU+tyvrRNDn3(+(pbeTPxzMyDy2f;t2;nK*=yet<2u& zHkdd*?U;KMVQ!)|43@;9Y(TuZm=a*mOnZSd#HjH>c6WV(?B5O=q6KkXsD*H4fS8S2 zPNLEk6-tkcO{@kW{e{r0dG*Sl2xu}uAh(IHyz1{BgDEJe=cs$Ph7g7gS~vKKsA}@XZ=TRsjEvE zXjM>CyJT;Q58Od;@8f3+3@7ANa_nNA*4rg>=pVMoXJomsZ~0Lj9{&m;^~m6CZ(vdY1lU?bHt!aM3i0^XVJwc6SDYOfG}~oyMb; z;pMuTZ$q3=6pN!xdVNDsuH-Nd9;i)yGwil_@su!zoLJX|$OMd8Y&QwP8%aoi3QI^$ zD{qJTx_e0?Z=|MVCNL7|<}XtDC?5t?Vp^*6CPP#>q9>f$W#(@G8evR})zp57{Q?e(zfWdxTO5OdcMtd5TyQbRG}5{|-G+ z-DH8oC&%WDQ>~GRSR?AQsv#dPS5z>iC4^d@=lB^gaGaWWqCMp5k)xqk>XC?NQ2bvH z6NphUA&6BHzP&R#)iE=Z+z0rW$Jp&@df_=g?C}hItr=OLzApa*6|}IFuHN3LXFN zP{IH%+GJDEkXp5HW*vo#S-K+`79j237xyUbNCw>NSlH7})je%|5P^z<^O)>_{)k*;gW)oxZ#gdNVp;h$l}g zqmUvQ+BE29kw4n|8w;za6K4|*&?e75T%`QBKqGe# zhh$PLW5;?A>|4np1;*4Cl zWD&-<3{?rYJwAsBs`FwC54VF=!FOfUVaSq67_1aw(K4FvEb+sVF@Mxs8=H2+EWe`d z+BGe$(CGI1Y$71NzN#AdyG_(YtQVk zh@m$4!OZV9@Xc!oJzc?46VR=(dxozb2-l7qX|C*E>hRB9hiV(OHYuyDheBh_d`-Ci z*I=e36Badx;uu)9(ji-@PK=ZyIevdD%I##Y=VtGsC%(<;RV^5n!~RW)cMEj?UQs^= zsy#2$Ph%kDVoTFXuT=s`L`P#J0!+ZPZ@ghpNXK&A4RPn zGAR-iOuK$VSqqLC$aV3bq(5h}1n;(6taOxEKhs!0gDA$g6wHQar)S`!nUqk9Qstpe z553hdDlzowop!=oeuv^}H3iXtKkdfI8E3X4b9ow(TR=&bKFmzhynecb+l}GH4Rh;x zL9f+rUjo#zPBpM-yRy7tiu`{}eRWh-@AI{Q2!bF;2}nqHcSJeewN=wZyx0?s?|fGqY#U91FUrv%PQB*I&w%j(f^dJ?-Iwm+q+P zjjxNMGQDEU$h=oa{dJR&KQ^@~(Vz#i6xv}2MY`!!cEfG`l1jP9Us7AhLU7`Gaww(D$$IICtgiK${Vm#6~%jXy27($)V z&ok+DRn^|hQsdDg*nE zJ?&$5ZKdP!*zXG}02bOH{DJX!TJ-pvdx0=T4J0J5>xt z^;R5X6y=qiLxlbho-jC7cZWGtEtEAspQ{WtDD6rNlj686w$xulfvt224@%vBlWZ)x8Q`BA{8rRs z_9(GK$9D@_C`spbHe^uQ6+Ra#}&nnQs-wVq(Wzl**6Mw3Z(4 znE`*jokv@t$(ORKevP>$5*=wE(P-1g7WV2LfXZE&gSF8frt?)rax-DrS*zD1rWRvC z`cz*FLDWp)b#@}%=KVQ^w+nGrDG&R%&msvG;e_dmUh?wQj5wB7hS>S9EFRnwFopSa zla!BVF{?b*2=+Zq#(TIgZI@tDzA3@4{bfD&+0~K z0D;TL8TAyewt-m@t~OJUYa+1MT+QX1J|KRdlD9|V%sL*7mgy8x+O1nvJM25dq`t-N zgVCK}CALGXgrutcOr7LSTOPy-TPSl$pR3qO2qGIg+k(7@-t9Nh2S0L8$8Q&|rL5eF zl{;NscOb7-`5ql_cI9rzb^v0Y(%)Jrbh#f-EoEU6FnfY7KY13qdkD&uUOqrWcg|I6 z%)Ho<`Bc8^!mUnQBbtu8EoXwj|yK*J)pDPMyg zXNr%SIi-X=3Eok6q1E%CEib%@h)%WCU~LcGgH%L(z0RekH&T0Js{-hf;(g^5h*|l| z9!4EQOq!y8$bAU>0yzolr7?{`Qvcs?JSg%UrsUF#0(9 zRnuwBl`44yAaF?=+#Y!(7@?xVrLC4?Z7Jf3fv+{Zut)&H^el@8bThXdrN_@bH=IAt z(AjHaa_DrjklTiTn)Vt{#Uzi#qwd2_9Lo7WDcG=aWSZt=H>5(2aX_=;nRLB7{`j(Y z|I_QumcF{%Yr zly5BR$1?BqsdxtSC4i?M)g+6!@1Mn@S5cI|f|H=hojutjr7+(wB;6)i_cjY(CKYY_ zSkH*QCkNL|7C{oPh-F4tiYIOBXi|Jmg$e)zSGWi^4L6l2(*=DGXi)njh|dOx8E>nD z90OZ0)T`3yHu}w?!1}+`iwXb3cUA=CXuKjB-3JZO+#`@mSCUlcbu4VQEzow5rjRV< zr5AE=8-wPD-eAEn9woT(`@7SaBQcZI!X?YOSyNz-{P*WXe5%T!c-kB&e+i*uc2OZz z^P>anEb9IuO`7F8<^cJjESdxs6^4wYQUNEt{q5r?mhn$Ljz$^doc4`rp5E0<{Wx#S zzi%jte3OQudFsKESf!CzbO}*>R;V=CfYL_c+%NZqKcVV1FQC$fIvL06TGoqH0kln( z3EQLJ+L373wRyk*rRs$X#?BR{*JGw0S)%f9;>cuv>JFlnZ>`;_)XR}?8>HL3Eyzbi z_A>Awo>!9$8ph%Y<1Z1{Nnf-x*qt~HWGlPf#aaUB59-$GqkIYZNV2 zOGklCemrxP`lsN?8K3%UNovZKdRk}Lr@?CHx@IP^w?u^b;QQvBsYH`B>}z(^r8#Qlvme(OT>eL+Pt_!3=hPe{g*`G0yp)X6~R|?xx-~7 zor3wNE=9YK&Y@It0a1!WL_C3DCi#IKpr)@{L)JQn>rrqZ--XYkRKI|S*5IX2ya~6j z=>RJf24byc%f-ds=^4zCM#1#2OVVkvPWC zkLzil`$nBB4fV7oll8O^tqdl4N;Zv59a>62-vZ3{P5MkJ@A_{lV@ZID1s3O*O~jKy z4v0cXdnQJP+96HLi-<|_fG0=?|NaL(XG0zJDnG$u@_Y-N$7-k}GZTAP-~HSwy^Dm$ z{5Q=iA!&0-gea_>44Fy9?`F;K|I)3kFK{};SlywPDhxzSy~X)VF+PF5_$vIYJ`Z+_ zF=qUzQcgSWfVQUg28hBFdS;RbW5V#pH6rkGAe9huHf8?@VQ#zcsVOF{Tv%irFTygD zop3T}FQhBK`@|_Na^nCVq@=kXBg1j)8y(bOcV2E)0^qm>Z_ z8o^1$;E@4o*1f=$mf5tfT9kD>Lys@L_Ij-7hPR;*#71 zeu+_tJZ@I%tQ!n=^M&QloWvTkdfF}MHZ`~4M0%4IL=!-8Pe+ezC2m)_VYe}O zur<&hATgFTl$Ggk3@~6FXGWY4|LLf^X`dhYl6QKk8O^%|d+r71ydc&4@{vGRW0KUbxzAr=lnbyZ2QF~6k^ zb=3AevpLG!2V!s>x(4KJa0G+?D!=H(z)q6`@)YhP@h1eC)E>Z~l;w}gI<`f2M+>E$C_V6fo zDZfMkD(g&4O7SSXkYe6t;$_S?PhlS($l%Whss$et5C~;+9j!gOB1tGooez1|{NVTf z1(N!nuuIhjBj2z%T~U~m*q5wSp*sGB;%_)ID(n6!hk*e_TG6svR@CCoN!tZ(gQx5) zPr>I7*<>QF_&A=r&7c}ZWbBcJp_XO6+Xz%%r0uDh?YW|(BRmaybZ3P5j%h~tX1f=O z^GmXJMR;Xlf09py0^cdHIos9b`#vp%MlI@?5D)n?5Uh`{o1&OEwP*J*LAy=dW zZ!GDLh>hR#y<}8pJQbQVV$`jesoj5{f?B8!`H0~29W9Oy(}kF)3o&m7F*jwU_|sxl z9Gs3Q-p1wKST%lm1N*`N7X7&rXC@wd?uSaX4a%C5RXxcG8n9)H+047Y=P||FQ8S}V3@rHWBz_(sI z$8kh0ypV~h(=#z zrG&+4_2FtZvezI^i0hg(LaosA{L39MN|)qneuxgYd`vU(qllx>j0f?lVI=40n&5ng z#FHRGuCJae`*X02CQeje>A(QpS>+(L%!HGGcU^Gv(Omv8%t&z zm$?UPJ)@FS(3sg7r8c@ltdp}2g!3Cq<0E@q|K%HOy!g(RJ9 zz&EnTSI(i7C@8;z@X48wt3H zSY@msYgaPV6sOsU`XSG~?$lw7TMZ`xoSq=;Op}U+dLbFt_gPFfqgPZn)(S5D_2T1Rf@bgcR4>MsPfz ze|Bz~sFsZ~F+_GH_ihxYfCRkUEc@~`byW9=3vAy9!OE}cv8n8ceV{OGp-SH5@Z8Gx z03o)m$3(KHt!8dq=?1CRptN*WXktoe!;|Pd5hu7|ZkbeTQrjQhf^wh+W|}G4`p775 zn*_%}TGt@POvL#8cHoqVC7!C&b16uwIRa`tS5aP2vhgobgtnTP3JHYemX7s(U!_E- z7=ZoZCw{n%C%M66tJffq__-W<7fHDFszVUt(5!w@UjVm@5p%!U8w$Av#E1LW<@TE+ zpg%QTdZxww#&N?euv=>2BDp9PxyoQ%l1A}V zDA(|-52E_B!SBe|{EJ141XUnemJDHviXHSQ`q>GbOIMcc#dKc>b-UfQWn!86k15%M z2Qw8d@)l*|+HCcF-P<$SrITC$S;775-O<_sUVpjWIu+|tXcv+>J0dPysTL~^r7CEu zfN2jA*QQ5v_rd)=njP4li>fI9Vv_P18hWE7jO?HY2`JHt3C3 zMd)+dTg+9U#;T!QtNoLOZ(>svMSSdYKsRWAuZvZy^!X;p5?|E| z$A4#>f0aXTZ{td7i=u95KW8lhc~_5VrArO-tOtj8qr=H|$Fa?203%Svf4!7H zlTuV`qSf{}qHYIoQK>EDuMp~DKHvLP=^}iW4N0&LyHjSZldQSbDJa=_jfo$j2^g&O zWvF1KclN58==++dGd3BODx)9&BiVHUd{%5J_SrRx5Os$r zE~3P`*<`x?4<^KUrk!}gwlOVZcRU5w=VCeLlN+tVrsW43yGu){#ZEZ0Lb2Cz=S+zS@vC{(V6KUQg?V7zBrH29EJQK^8=S99^Qn)dApU?1xPquQQrB}vh#MG*F4YbR@{B!L z6(!@smWOy?u-h_Wmy|R)=*|EV6FI$Q>41#Cf!tyl$v-2M;bCCj%y{{CcV4i_Lv7T1 z_R@VCK?E-tbneg^f9!l*X68}ajR4PejAZw{S3U$>35}TFd@Q*CIkMemb-HNLZyAUq zuac#xV6%^&@qGB!Q-n2zc#87+6|=>#C7&k1!#@bw|6|s;-T39O@55QtOrX zt^2|si6no(20y#-==-6x7o(QSU&YT=^um?K5e#xu#=4U<^uT!iB{e2UUDmzb08Z}2 zs-$Jb0dSJ0NzejP|Dg5rq|i=PEn`+mIQVbLl0eR_qL$&0o}lW#afp3mx94IIWrm_^ zW-j0EDH)}{=9U$+)o4SWKXxLewGs4;yfpOWr_7r1*YXhL)$vLun2f7#&Kplz{5GG9 zhPVoPOCyW<5&8}wj``qlH+g>ilbFF@HkZ7`Rs$OiZKXwOxW3;wbqD5e8Zd3lI&W-; zs*9@7dk!-`Wf^e`_CaG9KjPWA$r{q0=CEZMu;mrc(0nn73OL9@uyvJDa3^Nk3 zGn&v4(#~X@JA}T(_(8;*T>W=qJkGbyW?9RI)&Q{p3 zw~UF|WxQ=~LlKH5QQC8NX7PSZS&P%PF0t;hG{9T2(T%zfZrLf*9oC|ff5|32$LsA3 z1i0|=&OM&N{NyI!<+)yZ0e@ITJsB!PNcz3fYbg&hog_jz+ca&`nr1pof3t_u346F7 z((>7qv1wV*Zi}pRog|Z^^qwizobxGRO~x_hJncbwP`Sc<{OCWIN7MdBzf~l?Am&D@ zy^}SaEDN$!pPQwFL|@d>PPM;U3gC!kNZ#(uva$%=<=(N9Lz{N|2d?J*W?VxmtmzPN zoe(Bn^Hd&^K#U+5wY?mX^cqVo%jo;25Kh3miTuYtK|dcxLZ%hx_d=if3viYFMkFDk z@++O@>J~eB^sD{mozp+mfO~*~;rBq_aIEt7yREQxqLQ?2Ss=J}!=f-_e$AMM>8)S$ zUEQs3(~q*1*2S95RX_SlwbL`?Yh17E<+bhy&x<$N#aSVe%Am6B{upyAk}aBk zWuRs7*LctoU@a;)!AMKj8c*J8Zt`*jLjtL_zcJOE;0ZPwaZL%vjmAiizpG1}Xl{Nv z#rL**w3>S>O09037Pg~cNmdE~EU)hk$bgAtj9D&bt7#*hHAi)sheFJp)cOb1XD7sV zk$E(&1p^Q#WU{8(CexosjCkxSu^mS2yGRk?)SrR2HofuGnI$p;$FEtWbWy&*;!{v8 z&ifh8)x^C!0{5s)Fx45iYZ7p1NfAq~FGa8p4U%G~*;8D*Bg(o&74}#0; z^?sK8_xB-!!2cSpR@41v#3d>Lv=Q_NL6Ky#4~KbW@&2CR3edJ&qBsQ7Z0kPEt!%<2~l-G-3Si4J;Y+Fc?XF zSYEGJMEv;OFy`=^#qL4>A4G4V!w3h6NC0*J#EP+KS}pUC=g9Sjlf0%{BVGgIm)K0B z)nn0EDZ-7D8P;I_IaJE={M6%Z^)DJ`VYvO{dnk~`nX~F%{AS&PNzk`4ORcTu`hzm< zMI9tD5vZ4G%70)lg~o z#ATXjitO^_4^3KzYmIUJjE)Omu%saO>_DBAoRo!=VDz}15)Dt0nuidAhmEoP6lKg5 z(ce(rC_vW=`(>G<_rr}_u!@w$didM6jqs0^lu{kZV-hx-;6nD0)i(jSj+u7~-r zu-G3#r~SK|iKlhod?+oS&(bACaB-7LK2Nze%P-@E9;rT--)c=H#r(4~`aV}+^=hsY zvAJVR7ky3>j^K3HJl~4HAf14T{ln`U z9Im8Fn1TRDG}lD$&yUG0RKWP{ms_b7<{NEk)cUQM6x;ZMUrJ~HT@xUy5k1DKIC!Jn zmN#2u3)P6p3DYC8ClNNXYeF82i7 zUI*lZVE`~}T!Wub)hr=sncOXFq9HuG&Y~Ij>(#zCT)bj8iP^H9xbI7|IOKzN1Q9T1 z6&O8qyi+ObJ6BvgH?lJYWp4ZD_Z2oJJ3;wp>@iMq4yFKa+x2Ke8W3lGkcoJsH$1ZT|Ib2FywvW~0v zkrHHtRVD`Fg31GqNfwZZKUwpQay1ffHYgESo`t zC{KlI^ALa@M!ToI)GieE4nLpXJ63=e$5*@Zbk5{C_c-dF1um z5|w};NK7`CVYy!qqc5`Z%zEA2TvO4y;ARG+1V2ut01<4Rz)HBApEv;A-aTzR4K4v~ z{f9rT^NHrac)D`59vdc9>VV^QJvo6gD~_*BSWMn$Md`;8V&lAHcpQ$)h%ssGF*dGP zY~1;zk0**T=YrV*FH5QM4oe zTQ0nlEmFt3mtK~>sv?laLG0&W+Kn!$Qx)2i!%XDV@E;sKZ~qm_8gbo<4cN7{fBg_8 z+WC#+h)281aZVH-E|K%!*KP0X`%t1{6#1V7L5M}`5g?Gfil zBqlIaFNe}AI70m=_N>fn7S4uRZoYax?`FigPxiO^CMQbZI%5phuF#+}Yulfs=WF2R z)O=sbzbFTgCcp9>7^CZqA zdi%R^NQ(JQ(w|8!<0P3a(a32e;u_z9_Q}NOq9??_en%3rvWXPJK_kRdFA>x7N9?jdQ8HfHuNl8+`KtSG1Q|K8%5y{stn(C>tuu~H^1foN`@WW-*R-Qm zfl2pM_i%NX*yZ z+?h%N_R0_RVBe#D7J@s9=icO zyuD;nI!01|TbCP1eV7X74=aS31EuE?d0T@V_%06@CGT!ZA|Cr%l4KqlbsTGL7c3sS z>Z``oH-S5gO~AUi)Wy515x=CktM8&aZ{M}ZK{V1Uj=;{uC@&V58Q|F-M}5RF7&>U_ zKZHxqq>a#T=)gN#5xc&1!Fl_|aeGAsusGLU8QxpgT>*A|;$`504E2MTiCEZ*cL&bR z_)a>BC91J&gFB}8W50hV3-%0{a4%GKdCAmr)g#I(0obmMo zlp*^n@tqL&J|xbjJm$-`zFW-X7!`twS?%y@g&u4{s_Yc~G45ej@lCdD1cM}L{_*1w z7-}JxzRd4_wd}2OXqI4Ll={%O_ON0#w#u6Yzg=IDx@wC@%8u{fB=mA&JfH3=t`(dX z*RDz{80uH~1B;XpyAz2q_=CRp9w015vinsFF9x@;0ZR4dKMvcvm(q7%1>+~gviVOe zr1d_gUMGtkRmrgwLa(pv-+9X0zP&8<%{OjzN@w~68rwatV~36P^nkS|^K}Ex(!UyQ zRM70JS$pi7?B3P=-foFo&&JR;$uI?Dy(1+n;C(zEy;|KQ;ssU@mahgZ;yry3gF)o- zU0Bkvoqws20W2$oVA%nzdW{*fiFPLcXn`?&Xs%b37W~%%CeXktRVQb&i5(maRl+%c=-J2* z@-xu_{zS~YBl@M&tjXfoFR)?SKczeW>c;5(2L#ae2!>6{uuKqr2`q~AYXm|Khs3Nc zD#ysShM`1^@t07y%;SLo#*efGdIj34?zJNN*wrGY-F&dd-~X6(mjHxwXNH6`J@wna zRz(zzS#C(6|3wrmCVKGO9F*)gpI8dmOtm!sjX%BNDk!PZoSgbEZ)6#bV=z^iNaYrV zc1eA_sUqG!UN$ISp&3>)MoTASX-nbm+!($)xB}{K$?Gz{8p0|BxJ?m7c7BIw4vsupM*WqGd^WL(L6aF2ZRC z13rdKZGh{m*Zj41%B9kU_IW1>0%`AlwBW9uDT1j+pHB_ym1e+FV8IIx7V-^!bLj&k;~e=lwEGaR z&poufjqy}Tm@CJzj(9G!R|H!*_7&Y>UcR;nj`VuVQ)3Lrs^7!wO68GMMdAuEB;23t zmEIezB?~lY-JuX+|F*}v~H8K4?W}* z4Iro3tyb;yv-Kl?$dT9>QoAK_2_f z36i3#ED*xeOxg8vPjLyKc3v+@Ks2!#x{XjN2@sBN%ULSjYnRuZ>9ZD?9Aa$e{-UhC zoVR0=S8l#=8!B=2Uodp7^dyoTE@P?7 zzllQ8wDG3jB|F-X-Fe~lF^lod$7kQ8+lt6<;g&`n>a-_xxSN?cUHKpsIG<~hto+&D z3qEn?s6KalQpS50?%9b*=M6t6?p2#IzsBVz-Wbs(m%0K_G;&ntJ>l6!P#VD!1<@|q zT<(jg!txt)?zuJ;x>+X-)%)^5QA3%Nb2utvPx%~->WitaqFoT85&!H{eP<4#5(Ua4kQ5;v*hZ5Mc=_4tLP=%X4O=mV z5O2s^iK>EjHz%(ocfvddeXuJFL%O*YXUq&7_{8I(*(f4Wy1cJj8Hy;e>Q&c1|B(L+t_rNCNrBI8H$ z)Je8T>i2!}tD|l*im*>f-*4Acgl@{g?7dX||G4Y4JR9rq+EJce76lpe{^938h58EbU5jr8$$M;EUX2q-c!hQ61x@?_(=>w4o+=62 z8?k8oeiEOY!6K}&uO)Q>dS&hM25DY;GrstV_+0*Ha_qz-$l-KVHA!tt(jCUFn1M8v ztGT{pv-H)u)4eXI z3HUZ8>DRmMrw&@VF`L5Ek`N!tH^(gl#XXtx`MWfwUOk52Z&#~T=+itErRD*#RKB&h zV$Ls6sD7{pAm>q5Yjp%01YH9$cueDwZ^VOsVBM)~UFo5u=10jvl~VpQM=5$7ovXwg z0b)+!S5pmTwFvXn*|UkVk=;85`IEIG?xQ-~OWBXIfghIDy{aKDq3jD0l0aNS;>i~2 zHtF~;xK#RZiLbf*r5I}8iKitp;302I^*ARNqyitSSmx}Ce?@w|on7fL^8I&7R~(oG z3Y3!xA(ylZvU)Xgw=lI8IKSFL*y}&-s+YUYHD6YjkUp;blUe5-Y&72#Yc#c2K7746 zqQe`ze=cMnYa*upehn2}H%;Z8`tY=A^RewoAKs{kdPW>U!uzhF)YztJi3R{;E$PCg ze&C}s;n-gGI8R(?h5quWQr8om)*0(mOp!|Rad5Z}vlpqR0^26U zzl_gjNR`wEazqoaeU#+YiSk`Ui{wpU71*o<^QK+T1YOM_3@qcKFOM8k)?{_w;KqcX z=>L|;spJ?X9|8!C0}2}HoRbV8BD&Xj)7I=nj8PRt!e%v!laVDYsf~>%&ec%- zxg@3Lq#TK-4EE6BR1Ke_r^uXxL#R}pvIwN38n7=fZ8w*rF;xe&teU_)X3#uJSS$T!$+*ZZBI4MDny1IE-Q$zN-cPL8SXfA>By_Evc-+kz09n7X=SVy zg0`iR4I9FxG~UG;^Us5>>{G<+l%+`^9(0TyaI3$DLv5-=GO;+x+ONiTr1at%HVGopK2=#FpiE z($q+ajV0~24xjsgHlR~CvAnCop(P0}L27{svX$@fB|^?oWDk4muGB-Ni~at^+O>d+ zJgQ(}uqsVyL~g!1Wbaf>%u^2dit8b?D=!rCR-6f%kxLCG)4C@bR&r%W&3Gz>7C>2v01|e^KG4o<}IcNr72JEL&l8@V*!y3)~n ztJKw65|?i2_fAFl@I=6S&y7sF_J1|U!eVapPmfP4gQ0CQzCL>N33_u8v|}F=w&5>Lw&;*<2>l*{onl~FyaJQ(&IlUI&=#< zq&O*Poec}V`)^c`^7`~_oe!~D$Cq#e7f#Y`!xh17URhb;XBWYr#>5dc%6C8eouJU! z(0k~z<5nJq`wGk|CW8R(Sh)Dl8QNNypLrv|@y?3sB!5$xvEYyt3Pcvs%S;c|NS05mq{NakE&EE-qelRaW3 z?e|NVcBq8B(TOw#u0tz1VSAvCVayoK=tNNAlhY``oDg z=OR0aQ@b}|`#qU1-SOj0g_*khmY7cQ;*yJ<5yf+Trazs=G@&hytr4cZTOB7NgVsMOVCQag zU5)t3IXvuAWvO%vsqbRe)BT6<&~GX0AL3HXF`U>YGoN@qC$?Xip(BP!J&x3*i4kB5 zL4js^L77Gr)*w!Eot-06DU-8Q$!#;B>ZL`F34c(yw32IA2%2AHzUbIQpdn41nyQ4BOb=xrL11ffV3M*yQ>ZEF zzE=Ik?M=kjLX-b3!r+4IYBO*4_RF^FV{<3H>}ktSewCa&UD}aG9J^P)Hx`2VfvUtQ z1!Pq|HgBnkE=YF9}~EN9X4G^@jdu8GKbJLrP z$_a*VOa|_HQmbDpu^MF_U^7jg5XW!qoORhAI^g6QS5K?oS@j}t_>FQ z`>Q7Z&OhRgBa>%ew*##{-9-Asrob2>@wD3SiY9Cpp87V{cM?4J?M5YKRu1V%j>|;o z&(|N66hn1_H`>De+QW5*?-Kg%bFzVe5px1>FAi^;G8n+qBTos@E}`b|w4=|(qkZl1 zj-qT%dOPa}Ig@>TuYlxgN6$P(;uw11t>j93M@OvY8s~d_kx#tgV6U@$`Ik?KOo-eH zB^rDI(1@vWF@mBle-C;|@o&9mXLJw%9Lz-Ml7^kHUI5G*eb=C|SP3AJy6lD48NDi| zgL%VdBdW6Y8wP^wuDVqh_Mg&d#C;{92&-zSTZrv$$~p{3b+ux%@4&%viHgZ#eFU#t z15*w)iVKn|c=oL}*h-~5205dtO@`6&fA^1#i~%Rz40FsY+r>0UwZfI;4>c!78nZD$ z784m1$IPb&3y!>rZMZ;q>5$aGcv3+FTbTa%qyh0Z*-SDOKCbU`O`wC(FoWWfH508- z7J6exq@=i`EWiR749I?)EI$RSH3UaAH9Ooq@(fa>paISooDVx(Brdm>SbF9>d%if5 z7>evjO;2kY^1D0eNG8q-v&;3WD{9<*9tXcn0}>B87Y!nat5n7PghAKLn3W9%43YC17#}%bg-0|7xtoS1(;=WM<+xbaXn%CTs0$Y%DUf zTf%nU1G&LPq5a$T*c=;%W{VYyR@lXTZt$uwAN`PqrC^Nf{g^6$EYbRLi3bpS%O7lC zKi}rrJTRmsoZ$uHb6+3OLvi+EX`-NAGG`eZ2R)Gn75MbKJZd8Ho}h zUAlk0mZEc|2KAQbd%li{gEY+Br#YmJqaQG@@8JqK)0S1lj=P5T2d+yds{80U7Ve2I za$GGMI)Lo{A+66L0}QypB&>sWyjD|tpQXFqfn35o0||aB26-B~Ri;xDp%)@cV#DY6 z6+gnYVm+*~BGK`jj(;IP^Oxd@I&{??niSPJ$l40LLX=CgZ{r<5vyyJvS8%RxG3E6m zcgox^bEAf5+LIR_9UdIl@a%2$IZQeNwkHphv6n`6W5DrgY8P#{FW4&UC~74M5nWu` zl9UnDU&FCoMR3-`y zuQVTmPq%+xX!?~z5Mt7_wpP&kYMt)!GzlLd(1dk>+jPS|YSeSw#t;9o5kRqRe9gdJ zs?p{MFb3D%Y|n@JGz8#pM8j@6l0yg5RoKeF_NIcrEX2a-F>6Qy*?WIMClHJf`n-D4HLA7VQCI zLv0@qb#0OXY{)W+01B~FJugq>n`fM@(5H(W)TD?k#-yH#qRdHAD6apNwgDr&)f=5$ z6-(CZ|5DXV#OizFZ8n+A?oR@Id?C@HYW<>73jjwb@INnW{9v~9;j^&qmXVzC;6pr`$~`qPJ6D=MahS7W<$Hl!VU2i>Lauf1YTbKm>gUb zi(TfCb-vu)t;VcWyLZXpNZoimYR-3WvxWZeofO0l0*;GOn8IS`T3sCv}^ z`|sbbWE*R*L$e~SJoyE8tt~eh(MxlYkJq1Bs6Up&0w0-cAdM(hSbmDx|8_n4I-<)d z>q90T6-8KE7=YQ6SybKk)|OU1F?WR&jB#@0fYi|Ig ztA=|bDQhBPSy63{GYuD_i|v3&E5Qn-kKv_k(qol*YBWBoRQ;u zzE`=nn6GsDX%#joxiv`pX+6aUj$=ZsG88X4t&(>>!0Sd_SG&C(nqNXecHHOcDDHGs zIWsaeBZuyol~4h2Wd8laf^!^Rrwd{UN*X~1%4cdM!``*6VkDy#0vZzP~Bm_IP}2e8jJ1T%#g-*eEFw;~lEl}f6RlQK%dii3E*Z$JJEz3;dx;*K2=Ax3~d^09OWVg6>9v#GzH zf857QyKD{wC)>g>Azn%)IRQmnw65ht@*Lm(WIGHcsY6+)F0ZUa;$rQ zu!)XMO??DDSuPUcQ`~lm_hRn4T=>p!~qxFR5{mc!bUzNO+#pA8jm7h0!-tDXD+CbI1 zWnG5JWu5%S$={*&7V#r0c_l~FKYPadvx z+!h0BI=v3Z-Ja;;=1~reX#T>^+e3c*8lyW;M5cyM>Y4j*oSg@ZG}yM=zI+}Qx?a(8 z0Z-zPE>r0O(D>yhLa88DiS~6l?HbX~^~B=&Qwa8^d)@LM0{BMt{}gzr-PAF_3%(OB z-8cW7R^Q4(HAtQSW|ctxpH(H&0wuDcAHWc+N^oO@3Ow_(`Ks>vQwheEG0jIIye+e~ z@gT`@Zi#D`#`RzX2Mv_>jR-Kd&p4hebLrfLqx$}>lH2p&<# z#`^y;^^M_mK3~_rrb*g{jg2-o8oNu7`b@_ zx%+G*yMcrvxdwz1^8v%cHP;`IsCGwh^n5~auGGHcsX^G`nU+qj-Z|G|1NKn|ptFQe zI*_$n%~Is@*S!3t%Vw}`fIDk*Lu!^!LzT0)`9q0d5h%dotWWQijh$Ji74SbAjdf@a_Ij+ zal%D%>@n(d0-0gy#G@c#)h|HYV4A3@V||mP;sarV66vIIwBan@W4~W3fFm2xL2g_8 zi3|pIB11Cb|@*w9H%_E$W)gS2SEcK>j z6!LKcENNq^SWF#F4h3mL&JL>!I$ujeIN3zWcwgKAN3*cFFihBuTi`$O`-8n3Ty@j_ zJ&R!ThjS0o4M)b&%>ORn$eaut*A-nIMjfCb0&Y^J*cB-gqVSf0=g2UxP0kSu{deG+ zN8@o{PpicpP=dp&zNK-%le#q4leaC<~k-E zSi<^B&t9N)lAxUrk!lt}NbAv%hc#Bq^2wl3Ami`>(oST{9#Q{fUFw}*Bg<42uK;@i z^bqHBSG-GMLeX)yNp*)rp|4?#s`9|fbx}eGSN~;|>bEvcU10Z(GJ&|paSUcmlY?*C zNmV2LXzJwwjQ%tC!V}y>Cj99#j{7<3s{W5Ko7Ye5lv=vV>xp6ZVGoa2ZNUbTF)!_y zSr^M~-6Dpk6R>eJsB<3Th*ACECD0aC%2doUfB479A7rIgk2_LZ85p$&ZRi z%?Uz&Ra;dPyg zmHL@Fm7W(AFUf1OLTNjqpwNbL@*wa}yID$I*&D@QM1Zhq{hBK-qWcujW@T=H7I%%j zhdc|&(oGW7fX_lHvtUN%o8W}kouu#WxC6q)TS6y|r2ogr6TIYOM%PGL_U|2ag1zIj?1qlf1w&z!&!_Oh)XFGLs*j@K$rOD zsXHSsWRa5vm&WZYD>3)sM*^9>FX{64z>$x=M+UJdRtf=&Z(AZAB-&RR_K~kb!+1#C0_KiCxPEuzc*UKbQBw?Mh_5 zJSi1Zykx*{)Z$jcdjhoUrkd?4-4xQyt}Irw>M+b(<$Nw|la-5|@#HaAqLqVxxuZI4 zZ$dZQ2;~gQkj`LvCj*1s2A?#B=%gCr!<%V461XRZ3iZY>5#L!xDF2xdlbSZ@8c7$m z$Y3P!%OGPjMwJqy>m8nhZ(W)gwrzABf-5wyA~1ITgKXea?1`pa?Zc5;3mH2a$}gZC z@U613OHL`Gm}^MIoddlW-&Jl~Xj&VKh^My4U)4-&Z8}@E#o&%(2zoH^|CT(FKGIyn zLqLU%{1-(s)i3s?7b8E@09Fh_gKc7Z6>$Z_4fN*`;;M(-gF0etnVryU(q`C0;P7^F zemen)dm{H-0f#znF(9Cv8+v3lk?_MrPy*p<8T=`b)%Q4QWl(;RvpJ;ILiPpy_W%vR z4IvMq9!_5a17FMX?|_4RmTD3dZd}FyKHRs|W0+GJ@+QH?#-VskwyZVy!Xp8ui1894 z*qsubv-Zb71(}Liv~hjdSb(YSj8tUul2R~j4Q{%QW|JK#-(-_~6FYgEmVF5f`)t2a z`wMeY9(L`Z{BU=;^&$&A_?MJY1vkMVR!5CuDQOrqP9q z3fHH~uwAcU2U!Qz=SFAK7bfv){b+73Z~mKZiP&QEts0R>l;2m9onieQh}gjxrW~>y zswq~CPytjT>W#^XDm->WwTy_~SKJY4Y{DP+kpJ`VF*^dy@cjm?`$*XfBh##HSl)So4pF!Y6(zM|D;o!C z{SnJMdkfS@-<_DCos;DnHSFWgvBPe1{I;AHKd%?34u5#OI;u~xnawY_ip|{F7 zY-aXTBJ=aT16*^xs`8-s=7nfr8IYa+T39FFe#(@1(exV<3tnAy0$yz1%U%?C zRzlBPyix|e>$w_K?{CxyIR19eUsW_FbER1F8ZvCDo$x}z@2(|V2g)bPh0`k`RR>Zm_sD(*@nNnR)S2F{#vv;@?SYx2|iG21?WVpPY+EquuL1p zOc&y=JgjXzg(<{(k~&?tQI4l6RJyX>)4aahI&!OMH&LD_fm(LN=34ZKqG|m4Mgi-3 zz0B+@`NB+T`J|HrtI%Xa{U~X)vIB;lh}wN zd|yHvBHqXsA-f5a{1o^PFf{SoFi8a63vRsUm{Gq8V6!~w^xE7;JycT>KpRc+UE^j^y{8_Km9Pegt zPp0GsY#)grj;~^T=+T4;xLloA?hgUjoHIAg=`>=@=)4y-`rP3t^2({emU;b42mzaY z6v6HPTKmZwVU_&>ukE|pxDZ)Gl{|O%6Y)FMh;>WBig_uHIJ2Z$!*{kp2*jA<*Mz>* z@@(TUgYQ2tk1-IAul$^E_{+xq;2)0EHoN8;KtfY2TxU-;=qW;B0ARX}eq0 zyJx6F_+r``vm}_D7;)IfD?>qd%phh4I_L3~l7_+mRPck9*<|%FA)KzdgcYr22kk$w z1UzU>lhL)67;R!+D10R{UV9Tf%r0K*d#yF;!OruANJJ}^8=YTR1|dHCuOa zr_XeT7R8AigZ7YgI4l&3*GlraS!5J{*f{sC;Wj2jsJ2y8dOF@itTBr(?#Iz9bsg4P z0kF|8{y2iE$KK|V&O%xr^YH%hu{z40Ur)d|Jcy6?3q?q$?Z0xiHmfUTJVMNQc*UM9 z`8+Vs0=QneDU6gt$xSVbY>f|hXZ^Uy5v)stY?{{@`8(;ayUmU;SukQzGX`r*JTY7H z19Q<>zZJ5&zFaU@1E-It2I(!LhMV03j(|IEg*90=8vQ{_Fh^>bk%OkDn$Rw_nu@_? z@srHsG=&fK4Q)S#jg>J#mzr|97WV0Oy8+mq7HxNZ8Lf1P8g9Ng@J6P+>>eb%*CIpb zOuhPY{>GCfH?qVwF3R@gEphS{nYTk1NyezFuLjKK6{TB-wYhrc@ZT!siI<%lm7Zj z2A*@H=3m@Mn4AT{xSV!{$^eFg*tB_=zCC=x``CO)#~s;3t4Ot>|^ zn)>>vWtwKN50oiMj7%1=K!OH|9AP+pB$M-Ha-NrZA2F_7NIw+Q(P9 zHJ$4;$0+8rKg!RBVF4qVa=FwY z2RFgF#pUfRrje zQ7;)~$xtRzh~Z);V)#8A#Wa*GN%OCYmYHD!ameP6oBe%!+R$X?n!QcyqP9&q5SPNA z?r3E*H9p6U*HxZ5mm~Ar6e%hxuq=n-+VmDUqBR=(6`=4FUhA4PVRI5?9C~*NA#&5z zNHKqQ;)8s<>zDO^svY1JSk#Alvb^lNTL%HCS)2^D&#_Dhno#u7p64`L%!#^|C<&u< zw<@w&^uY-V@qp<-gWxaanj0V!!bOMFowf(020Y|-`{)sU;cLIJw%ne*q%7>_9u<+o z9-Ya@6|t%AJI4u{6Es2^%z`8lY6*8V(D4yGn$O)9H46ywW72u&cs zI*OI!L$Mv*_p74y@9Gk>)$}$3ojJmt9;oH({^$>S_9-Z;yk~f-$=RB3A*I2UlY&!v zx)vPi@?~Vb-A~>;DZr|5Rj##wJZUcaAmn!lm6VU}R=G&~q7-SSgpi0lBnG=W33~uE z#fJ(PlV+5{Oi96+t%e~{)w(IVbC_|QC$S&|m8 zrJ&U0++CSE{nAeO4EYp(#Nb3jUng)c=9vsFzhwz~an(J$Dl5K% zDd)7%A6{|DAo$$!5o&y@oT3})iRKiW%WVo%nT>q-lbuju@N#|ztV>>U{fLQOg$i>P zazp3otkY%e>FnNcXp%W#v2kR-T~s!=!=PXH2MM&u1SJpmht$;)C8>#_i!x(WK7Djm z)_A`o{86BPV4yGdQ!I3uqZ#@8qeNT?^XP*vd$S;=ScE9r_k0^Z9-EDVI^S|Reth2m zxBurs4d7r+PCDTB(?fyklDcqBCcg7&DK2pc0v zp`vuGrsDPvJ5>>SU9n>4JZCyw1HG!qApD29cA@l}HQg>#`D7Pn+KD;qd=g|6{xD$j zhj;0l?k0}WbE?$!3aw{o3~7m+24g zJ8NIg8vfP|g(0NwhCakTUQ8$X*3sgzO*fdmQJ}FA_H_ViX*C0?460%6%5|DgAt5vO z%Jol7_PN=%OgRYP;kJ`Gv51noqfJrG#Tyx=p_-7)e`b~cY#w$rA%Ge_I23soHXoct z9XS%Wo~XwdB@(|myMf(CJ$yc3eG})PJ(WHE*7sq*qwC7*Tk3t8rmEU7f$zQRwyU-k zafMd1kpc}QUNWv`PvFnd{=)LsoTtFxDNzp2j2ER1o>yt0Gb1%26;V<2S*l9*pz)KT z21^#!Uo@YW^cXiwMbA!!v)n_Z z&CPW@Ic!z*ym)5t>5?n;-KSA4>t5VaoGT=l6h1hqu&Km0oz5w6p=m0<)i53XGFG8!A#O|wJ)G&fuo~L#gp}d{>Bl} za`^L!B!ZQ{;)rZmjM~EUJV=+YJ(^27VLT8^jIDh}(<_Y5&O{f;k&Q5;h%P0YNBy0x z5%E)m-w7AnM?M;(O+P6rXzJ3!xUJZZ8UupuGP|X-*(-J%Q=3^m0;>4_(n02gG8p?5 z8=ZYVD5T1fh02j?+~kffU)ol-ES`L=N2}vBl4} zn0GhGA|w5>5KYd?Tboh8Ec2HvklnrSLQL5W=idzqC(Iib^Xj@W+knXZO4)fUymt3t zTxQaraxt@zX0<|vMHK0;-|RR4oT!!v&M8Q25ZRUIEwF8sI9Kmxs!iYA%#vAgd2xR| zQ+~BPy_FFJh}(pc`LHW{4y-x0pT&BXTj-ZZ6mGsza>Z}c02lXXOi^Gr?O1Lmrtxhp z4Z^!<3l8Pq@s7Ywy;P%BRVkhPjyoZkKL=S>3X3e!I7LW88@d;^Hj}$dMBfMehHDp3 zwEG%MmE4?keUsQ!qpwE@%u@xNR<1$dDti;Jgn(}fq3^ay!BXm4HR#HN|7{gXf~(}( z=~RpT(pUT-eU+Mj7px3LY1?MdK;(n!_HhpL$PB)0_3f~?0Q>0GY9nK_yWLX~YSCk5 zKzi(qG++@)-VV7#R15if6Gv(M%HC&1#tuDs56KcCd%wnlH)tZV#s5o1lmgV75H3{7 z`o?5Rv8|^`r6>1<;_6{atq9>`VPKgq6^1`w`D8~bt1V-R{>4}N9{R>9=z}t#RY}cE zIp^}^NAA-G)u=R8`%bD&=V)U0;c<=p^yZ8AYnX~s+DkW$!H*VN*NE|g{0THT_-_SQ ztSa#?Lbqr%wdp{1e@${_ zKjwU^y#WcfE3HC~o3s6{5of=PNhU}s_XJ5ZE4SmymHp+4A0Pj;hy&&)EIuCg%a&4|R`3K4rAe z=`3c;W;kxG5C^cP9>Ip{M#5qt@1En7goWY{C2HRNK*E-{$P#H!Ld5=)%wBW6*MQE$ zQh{pBK-zat2IE{9Cn#K#;73uLETBpEb2sWq)b8s%LzQ6W|6iI55P_l|gDpYI!YVW< z-6P3G7RgyFROQ~A%%S6UMSbhes|y=V6BArRl%MmnML0JYrp8cqwQ>sPEXM)C_Y(OiDNz1ggD-zL`U zdy;4EHdd&vK&T)kGhKlGBimRl??!j+FaV-fh_>HCy`?(m>-;2< z+1(}bIn1#Zf>U!yXmSs38ZLqqb>x=!e|8rcpgLH# zS5Tu94BO=5;3Fu|MkZxMWHQvmomBqxL!F%0{VBnk%u%J_gg8Rj!8>((VmrzN>4PWj z=ZMrEW1R*oZ)D^u%T(0Ai$#XoBTqjCT~d_MMjkx>ljQfnbENM(_1j?BWtH9wlR#&Q zD!0kA=}qsKVz5!eI;f?c_LZn+GpJp`AjV>7EB#NQY9%==6{6Qd@+u3_b3VVPfvP(| z9Xryvz;g~oRd|mzR8)orDgdRM?!2Vyli&fnIr^Q(!6$9(y6McZB>}EA2S!iU0gQq#9oy2?zOUe4)6xG$3r<$&LX62qeQiM?R1Gh5} zu3|$tO9Nm{Fzm1Af{3%u8!9)2sx-IWT+u4g8V(K#K0;O(`0#F3MEGEy}Qy~ zC4P7+7F&3k4kn9MRDn=D@G)Gm(gKzu$iJ)GxbSCTg=DaNR$_xm&iB4T>5x&(pXH6} za(Nn88Rl_)TG}nyKh9F^GCXztQUFyc_oJJZLJ@4Svfhl?nekH$VN`#5&Eq=AF#8~^ zPS>0DVfLTVNJh8QiNTYGa$)M*RZKaf>A%QXG0N&8IAqe$6vB;Iydd>I42`rGJY!&<9xy{L;pe9oP+cS+MhQ7jh?ArSR0^^w_-zxxPyQDXWShu=1ePE4Q zwImBz_6)A4WOO~#;-vUGr*o`_|I}d%Fx;H&Yld+x>Wq&zEf(8o)dr!DY_C87CVPXc_=U zNoHq#<*=vkta{<3@K@+U?n`;iUT8GmCu9)7a!rEqK3o^can7&4Jce}CUiYtMS;VKp zX&k|{vVPocdL8~KBha>h)jG$P0%>y@bj3JAi_&_ZYz6@Bo@UmVA5&a*$=QhuW=xa) zvYcV%6PKg?ynaK?aE}uU(@19p3P&;_sMsxUQH5emW{(pUVN}8{^Ih(D{zQ~Ky3BbN z_eyT~&d22BE}G5K7p zJ>~;-Uw`Wn#C2CJxc+FN_BuM({O*lBTj&pV5uYcCQ`h&q&KMW%%qDHzSZS7e?wS7b zyKn$_YlxeUD;7vBotW~qhM2gnkTxR^ZC59Z;=;e&)%#%c2l~CJ7L)aSd)EvG?H!0~ zRu10p^5|uO!3m(4Ae@+;M^d_mq%?*Zp9=>%tEPGAGV8DXad8VPNH{+|&|}1F=%t(Y z8rf0!HAp&6;baMpAI2%UGgC`&y<0hCCweeg{*Fi50>{H+Ga3CY2o`)+$bDq?N=%-P zj#QnvA*H5{j);n&9UbcX>({R=hO)K*?FBIHJiF>tJIo#M6w|i;7Xjv+M=we9^0|pg zE>kWW+{Vf+E$Kbaz{1o#UV)U{C!F7aTu2H6xnKyUj!``@7n3qZVt+UPvtfJ{Zc5Z;!B3A|nsCaVX#M-|gA>$q(O z2bfzmE0L;WrQww4pTs$Mk3h??QJyTav2=bTG84$3F&;SkGf`k0FnI3_?^vLGB{5kP zjJoOQj{ERq4H^jjkNlPFlYI-&Osq(01a{V7@cz-k53tT&=`-1dpwn7+YckW8C^aBe z)SY6sTCfBw?;}sCUSX4gokvf?{guU(BXN{}VbwVX?W(SV4(u9SE2lOXh6q+2){ z6L!8H%FhetKArrjuPx7>aTl1Sz>tDiepE)<-@BaEwPj{R7CvTz{lOfYojv1nxqnPH_4(&TBDm`x z;-lkFT@kV-pg(&5kMCoSJa`zak+-6ak30gU<;>ux!1|6o4oYpk?zM$W$e6;|Ygw653?4SJX;CR2_UP;a)#vl|afs19rta1q^Y zY42{%*P}Q!qV27p*onIIl1Ea+UH0aC`^P>Y3WlLmCK)vS_ z7ZXh9%#6pml^S{(j>4yL8z`akwCtSXsmV>yXMrZIkppdR70$b_1z#i@hX|=h*&;v7u;shi)G|3@CqIJ-= z3x@3T?sf7Kt_XoWp#~#~p4`5r3%3>@wrinI_37OV2%*0~_#E39?~%Ce7nLSf7UDi9 z4QTSoZ`G64^tBfVNB{&T5hm4*@VDLF=#5`f)f3@S{l`MtTUqLO?AVlv$2WL6-eo*W zbDKM1nZMhmXN97U+J!7YsplG(9R=k}{Rm<5>o(XlGF2l=7ekwK!@X=0{_*Q4lzOpH zPj4GnzQPRzdGv{W{RpgygL7*yMss|++Nz%)n;QVG!t0u8=i8F`Ng}YRDz^v1FC1Xh z%;|x%x_8+E zTz)5*Jv;Q%`rb~u!x-_6E$tS*{uw8^(NtS?;y`r}4WlNfZ=&yKu*3#$RIUT6)9&H? zt=BdoS1)!-8nI%!72>s>;plMaLN#BO_IkZtbUu@-rNfrO>LOkpqd_Y@qn{)NpucvN zH?w|wSS-Bc-Y-;jbS0g4_q4I03N$j_5ir&Q?v9RUpJ)j7P99e+ zpl{7uE*BbRo$~r^b`w|)qp6%{cdrD`=vx=4Ezk&&`l)Q(CbA}@uarPGqi6oiStwXU zbtzN+@G>yJmKLu(;RWoHE>=smCWtHJn$WZ-Z#{P#7}N9&WwN1KpK%AoKrI`}Nw zngVuQqEPW-mUE%>1hRAW(QB&SARLnLr0>aw0sligl;IkRGfH(7qVxJ46-I5J1}#mjE4csx{fuCv$84K4KuFw)$Gb(%9Wjtn|h8 z%#Wm55OQ$Wuu68*(dHe$cfiSN2Ci|?iusuZvxF>xtDxA+>jTl;R0rdiZaJWVEV7h4 z&_Nj`=8d*R>6eIsp}OP=XG03;cvGpeThOUeo0tfRo5kQQn`e{nXJj&d{f&(c8128jUS0nlMqBZ# zBoYT!4pc>V zF1FVr7zW=yi8C`-jpD&`Weh5|<~cTgMf+H>yQqZd+?~}jzPl};Wd7gbtblD&Wv+TM z<1v$tcoAsT{uc!wyR%;+gkC%(phxs*04Vk_SzZswc!Ia6C#M}3f*!~*XRk$z>Z;|` z$!QgKee2xil3RKxh}~0~Oue)5Wcv4`^d+B>LS+Fc z>-ZIC-64g6vN=X)i$TyfMamigofsQEj&i9^Y}V_yv!47ge%K)#XI7xschv&Mp)_@* zsXgGEms333C3L&tMsDCS?ADXzbd_kw9FexuoY%S3<>*K-$Knh1;5hgOj!U7vgIYUB z8@j9T!8wi@7jnmL-(=jAu!h&^&B@thQ%=o(6uk0dM8ub*5An+SC%&cU=~wM5MrD<^ zM9;IqA89eU>P0mvi-dq^=C`^;GIMpH!{ySW^^w+(I}F@3QzT{sRSs6EEsOq!Wtg01 zOIhff^}L=w^%r~N-NH|$fn8|_f*ZM(2k|l_Q&W^CJ|Xchy?Gk>xZQ9a>y}oC+_flpi)*sftmFOs5(Xs25--63PcN<@@G5C#Y40LDLCi%2h`jtLeiQOoc zz3}E;0*!}x67}M;Bx)RX9cIyN8JN$nigRxyCoNHoG2O#i;I7o`n!yWq9hpABcH$c# z5^10x_!ji{6H}+=di)Q5Vkld~bJxk~VL~m=592(3ePvJ?I&d`(O^U%rhr1umSrU?hf1i9)?Ql(v1H`-?NaDA_( z?{hFEQq=Nabjf89npcC*40}+V!Y(TH5RZqL64Vd;W`Wfu{h&7X6;~P;pU;us@LLCJ zVTw;RV&fad%?g)R212x+PsYqAx6sfe-L0^Q+VVkLYrCQM_E&M`j>fDaecb>wn&O8| zU8yhrb6gy4J@Q+#{2nPL5`}!ykWos)T9H4QKkIY_B%wFze#?F08126N{*T^|kuJWg z36S^Qdt>}Kx!Bllh+%D<)u^YfghKfMR%l#=1TL55`(3xC6uUcIUsgtqh99#rVgrqVV(Fkm7( zYOuTa&@!*b6`-J6bV^dP-2i=B21T%Fu#rm9-49U5wrcJAPX^t@Q7$czz>a*?V4epSZMpKalyNuF4t^m9rZ zv1A}X$^~tHBxm32`hp$O<-SE2VXkaWS$4h#!m59vRGQBgu3`irqnL(8^pr11ajk53 zTb$Twd3&-pZ<9N=Edq~(Et$$RB4XId_WX>=Uk}NwQTc+BBzeKqa3xUUDKYv*94;1! zRZ!W#*bpepKugDlCPb9}W}E{N-8REbMJ+WfxgiQ|RsK=k7y{agqF#*VLq~&CBYp++ zN1qLxbBg9=ep=u`^E3Y%WX?zgF9c`tHhV#%*f66ZaCrva`z zf_54mGXsi57(PVKiF8IAr4}F*DiNQ%aueIW;_cO zB8@`ZD3fcMV1>dsou~E5Z@~%>-J!MkdhY^(nz~-N;I5y?4fD(rLCFQosMMoWG}J#- z*(MuJQBkKmNnE_Xs|FXiTBKRco9kB>9+Ep671jS>p(fZDfI;A)fDOE=ifML zqD@QXC`ibw#B(Y7u_ZW(?f2RgH7_Ah$j7>rffi(|I~TkA9=t`VArY4{>ew8B^I}I( zHlN^B8TeUHU_UTWDNXN$i74UE#xTP9KqGb}S*GXtF?wk!JLWV;nmKWa6tob!A9ckf zOFDFR3|mCAns*TJrS;#2+h=F6%|+QUZcWYRa@smJ2aL?_cI&Gb+fUZh#naGRR{D_# zS)i(8K!4v^nXa79q5W3#{MDC{bu&p!q1E|RcE#~!{&IbU3A+x%&t*{_rZp2BB1QIt zV#S@4xNzO?6!sJ=sHkw4g>by#GlP?)s3hRUBdLSfNT&Wo$xN()4C!5%R5l-g!goCGvJX|Lfll7mNDOUuzsz<-$W$13G_z4#q;(-zC`sOyY*|-g zs|l&>cFpb5;NQ$cl~qUj;3vOxaAW%K_x#Isc z`>*OV1+60|s9Y)W7&Ezm+j{zbc?BX~cmMVg&bi9?ZnG6QRBDLJOGOm~dAdS{V7Kt2t`ExH+5W=WgWpeUEY~M*L%%PB;l06? z#V5_9`BG9;WeE&2St1X9eh6hNa;?FI`VC}wFu(I0Y@u-z*OsBNd22=j6+4NTcD^+X zKI-|<0?-8mSRSd3R;DDrG^;+&EZ?C2raAWOe~w=u^T#K$t>ibJ03fG2tQYZaevS;^ z8r-}0A*W4qg>%X^mBu|Pw}x##^*x67N=L zSGuS$8kaYAK?Z$UAvCl6)~-z(o&fZajH|A^Z#o$X)bDZn{zvovXx*Dg@~aX(!DWEU@JAe<=(Y4<4lp%*|HHcM5+>H{Qdx@|NnLyzUgwEx4Nmhv6`dChWj4Qdq%=-mpo-9VT%WJI8Ltq3`u^Ib_ z1AMQogp#^CbY^y+WWIrNss7>PbZ0+bp<&qq1~Uk5#!Bp;%NO+}747coO)Gzl9z#sC}RhTfC4!9Q`WMIk5Dk1{PeC zuM&q9;hT#nSo%};niAklpQu`Rj1@fC8IrLgT zyINkuYvefIr3q`BmJW}i(nGkijgp2M4iw1}#`XNd$O2NijIo#w@v;P-bMuLs4>_uj z5N8cj;7J6o#FWf4RH2x%Y$ob&gb>F7B&IGbGh_4cO;~H!=Y8K2eXa?AArbS(OZqU* zF-WgQQrn@VK{C-9pz?Q;`lCPaQ%SZ%vXzp3=O0THL2n?F4UWddRrqq0wVdT%u$7VC zCP!uAJ~Y}Xk`iq*jjahc{RT3ODLrqdE=(D9b_8?Uq7agDrLBR>(G>{Sub}@Dg@LqF z%k!=*F8x?}#VeoXyDmNBppTCZobqI8hnwGQtJkDAd(4f$`kfPZSr}KdaQEtPkyQmh zJ#9F!P@R2^E&)^PW!$KC-kc9YPMACf)uxJVjZgmLF=&h%2u7Z#U<% z?Ilth*VluY|HU8c;5|us>B=~>9R=~`)2QZ{+FPg+cADp7yoGYxYOoFBl>9syx4Z^$ zl}7sedU_n%r8#NK$W_yHx8-cS0Z2P?W$7YeKoa84p9Ry)q8-Xd&#CZnCvuDtW|TGn zYmceos*m`q5mA?jon&2pSooZOo+r}IUkc5{eFW1UQIx6+E$A)WFT8dn*Uok>##EmB zfHP>eUNTCLGrSMMtNc*08foTuffRPc#$w!jOTVhQwY_q(;^Apk9%=|!2lv##rD4OQ zEo%$!m&XiHV^2S?Ci0#f@e>y9L|g|tSJOQWQWJ)`H!-dZrB}MA97p%ulXpIbC0KN^ zNq>kb+ry2H;m;&4TSE%LlaPrEY_f+4s9L;$O*mWm1{0RN@ad*{-L2fW?(}?F{r)k7 zDd@w%3S_-**v-fpQ?U;)!z8tISi~v)!!(pV2D0YPivnG4+M=Q({Xu*_{5NGXt28QOM-Tj`^)J?SN&!G#M1_f7L{*MkyGRClMeDw-G&yU5tXb3wS?n{ zLr-z0QnjO%u{)eIbYBdTAp<#H2`_6BJ?5X|5XmfAUMvzH1wGc43IH1Jx^pW*g1KPdP8%PHX|~1rfnSCb4Q4mV2IHS4 z(bIm#d|;5`v%5Xnqw5(O7=9VAS0)@++h%|; zb3Q|4vDPVB{t#8d;A4TC9qX@}-#pl{s_e*`bamu-axOQfV^~I$tk6!C2Rrq^f+l~x zSPE2*h&SZ__OqH17PRT!hWu8~pu$J(#JdVu@jWV&lwtq7){`jGF+PGB*k!maehj?b z%zp>e4k<0A-Q+`BZPX#i1R41RP%n^~ut(LM^Z;RKYfU9A9P&5l2$<7rTO}H zGA5xoMiI>vzA4i9=F-eR2Qa;b&S4WwX{qg9R{TN!@~Fz&2X4;lX~X`W**m@c+Z0FT z3-}O{3t<`ud#rY@hK##qltYL|CQyfK2pGd!n8UQXzb|o#muHz|TWB0el-&_Gto?S3 z-PX)!hE3t&T>kEyIAI!7qpe$VeO^G|K0}fio5HO|(@NS&8q0w`3qS*|U?m$7JZDV? zeWDEIxxL5-r=vN7eg_?c)9LAJ2iCOjy5ABnVCX?85adGZ5h;Bp;ADB!tTOQ`qb9NS z4eAG52K%{-IPcEpY?QDsSMEU7JGRkhBfO!C%a{`IjbqSK$b?uzr`H_arFO}7b3m*f)At;-dFWK>HgRmV7$Z)LbA74xvOwiUSB7%(*I8lln!!M zLqG#<-NQ>xxH9TZ6$^AM0lHh5HIm0cH3G;0Qcvt7dhsw-s4o;0<#u001v+AuVPf_&I zE^rBRI%_Y>S~%GcmQ%(dY~sRuhoE*Zf{#1XZi3ucOxggFReRCI=sq)82@8dmD{|Gz z=#@VuwW?l|Np8u&$`QrhaK%Y3oE$%l*ep>j8hRJ=b@ZI@$0XtScmsTzm7UEigMXw) z4(?o4rsXZ6O^!*Im{;GnB$ppw?4$QqAtpWntQM`lBDG|OqXwT_!a%wNwCD3It;D}1 z@HN@U6&aeVmnFMuIWxCF?gjmZ%`-!1C!oLw@I>C+yi(uhQ_MG!eV`^+Z~+%5T?Cy< zO$)_Oz$LG5h(K`;C~cB^{E>v^NB03ymB1W*-k3*zYBs`>ab#HF@3xmSsiln@goPCp zrzwAL%EpT|r`)pL^Cl&;A#irx$-$~26u{ls#JQwSAvM=ke0Of1;tsd0unokaHN}ck z?qUlmL1JOiO3rlW{Nx$d!PPNp92>2Bh~OC-y3-q9z3_Tp9lh8jh1fE5 zhSE_})l#RV#;Rb3>o7roH$8A2Je?<06W;akj1>Sy1j z{~uFd6;@@}wW~-YEg&7z-5rwB-5mnb-SJ3w_oAh{yF|K??(XiA*z48*(|xo~*7eL9 z^By(FJxn#lNv1!uTn$$bSRtfo@E!X>#i^ga-O_2^dk$ar+L|`bE1}>qN}yjVnE3*b zE~`5D%wdK<03PFpmT9KFll`G(-%^s zCw%as231vBKXH4$7HO#Ga+IYx;Rk=m;F?B-Lg4?{eSEoUYnj4upI3(Qs7(u5gC>{s zOpvBsmfgjxgV9hz`nEOOy;Dv(u$?#rs?duDAI~xZe7@hcp1*cn)AV82kdTEp!K_J> zO65R%$G}j}1)1Odfa8T3{a-} zq?S@VJVQE<)%sTNY+i~6PJ>Cce>)Eftu&f3*xSJ@1e|tZo&k67kV%aFoC4xb(ZJzj zGVyRdtw;c@pKhM~`AM#DZQ33f%9M?pp+E#PoH->?j%M*`_;i2Q$S+ zG`camPT%qTmz~q|zN=J?!4ppt-kPlvH>vw+f1e#O&<+~kHJf2dh@9_NfF30>KQ$5E z9b_ie^5!yxYzPABf9y}1n2rV-^3nMP>X@Lj@q(rfPYwBSKYHqbw~0c|M?1YgRaILo z9DuWd2#IQ_txQjkC?wuVoYp;Lq7KeQNkW}PjGL<~JzEI(yDNn-UH-cUT$GPl`Q^%A zOHqv16@sbzs;^uDQH!!~O?to3&C75nmh65L^^_@qe!+qqHzlLDg1^Jc$lO|?9dM_S zyHmm8%@PG-;biCWc&|yCoq!2(+P|^7{I4i|8s$o*GbckxFI9dCJXvi$jLnNZ^kYv$P-{dDy{zq;rHqFuG^fVhEjt`{8VxL7GMd|uTnWO9XYll7^p zV5K86DVxH=i@JeJ%P%Ymp9U_$Yz-HbZr+ds%DRFXvq#FaY{kccWk1tX6B|icA=3RL zEugZ?$n4$^sSuEjZT@psIiM2Mq8$q4@5#IG%}yB9?y0s$8~L;7=E?U=2LNi;FYXT3 z{2HBdnBCg9yNf74R)(uh`Y-}WoANBr=?Z2rtvN?$O&y0%si!fFm1qcC%>%6a^Lu~4 z7HVeSyW&TE2myzI{Sj5fCMhllwmmH4WC)j^OEsy*<@Y0g>VpSOpWUgT{X&1DSFdJ!9gE%CO`OC0>u=#M z%G4sf(`bg{#B&8kp|BWuCkC2!}Wv2li9c^lpo~Ca*agDFJJTvib zn^{|+Hs~d!!kJgCtl2sQ}#ifG6 zfF#pzikY&``1lPf*&Y@(qJZ{EeN^9jjOHa_M}{r8xAH%ok+?Ow1Y8AzH|O6#VYs~u zvcl&c=i!HhQW`Crtu<9ay3#6&?P^AT|qHWV8tS9 zzU&sg9M+aUb(cbj|;Ox%a;M?%ZX`XiwLm@9|O=oGfM zoeD|^yr*-sIawurA!!s6F$XQtdZ|B$vi(kVVnERA6=ei}yM*2&|VM6b{>*UApx>j(L~EZSbBuU>u>K zM883w3<`-vTnd34$Tj^0cvA%N^x}V(KO&VRHV1|~YnR@@f^rA!_XMz8EJ&+{0Tuae zwyvAlxhZjwI&_sZ4Os^6L-&m$VPtiyNL+QxUAJOfpyIY&VHofq%^kB@x&8!5aXW#9 zQd*O*xYa(bmiwCXO(0WFX#B{)O$^tqIUd%_5z`SMfUBTVRPyVR^c6Wx_u_ioe2pq5 z0~R$`nn8clta|cE+)UH_tf|(EN7!>x&HLo4k)b(=G8NAEag`0wv&n^zuZtu!fPTX0 zg&&F=!@(x6nSn=MIIZ1X)x_kMO4_Bs8fSrhVe)YbFDH7teFRES@d8xS{J2Rzyzv#d zSV67)z1K!Oo!{BptpTPuo~HyUDXFlblBOg9rrjz$Pu7BLNSXF`V^g)1xzLkNY0>H+ z(-?UUyl*{KNk3K}U(KK8a3OO3k40uc-`%&<5&%tRr3o4^9&WQrlW{Z{#%>8_FG)Iy zf~tRsAP)Xi?eH~L84MYH=~05rZyxb08CD%+NFY~cDL}S+)kHCSGF;z06jsR5H zJ-~lO7*0>b%&$pj*z`@1f52I$lXw0|;N;bHeIo-+DHuy?**6icJS*`o0In*$pVTLY zo7A3YeF8yfF`-)TzFYAyi2Tj}%0`|%J0I9&pyfxiD!s2`U&n8X<>5d+i;PkSAnto7 zTC09gkN48)MH*hWR;$B5*Jfe z?`cLxFuX5bnx%QC9t3E2aDX2>k0K=y9tOAAR~{$S5liX`{VXg}f5s3iBOW6BP4Xpn z9Hf8GvGD3cVC3?h&9DPt)GF~p(Zu(3Mfm0-O6p3E9`=a_J>XeG?tLSWa&JODzM8yS zP~G-rM-VRdGeNH4hQEZ!+rH_LZ5RpF6ZMALaVZi8cEqi5>=EAY|1-El>(#KBk*|7F zV2ZJetxn(FCN1brH-0lSc77W=y0l8L@)Bw7I=1tglYrNVNqhx13e;g|cFRzd&ON7J ztMs$+d`AVH7o!U3k}2v^>ouYZKcc6=+NIYSCL(xE8Ba(9BTGSeWXW$d{ef6YO4s#i zh{sp3WF;GG)uVH%xIGr$p@d^Z`Qv|DD8ET1!dm_q!Tdh3Q?i=m=*PWjaasLT^?4Fe zm8Gb-;XKKw2DDZ3$iv2N_#!oIcOOyDRd%b%@HZ6kFvNgU8t*@18QRp38MC-?yDBV{ zv|2J3t>#OdQ%Qt`mF%q?vktg@=7+&%g&%A1wHF~GR&izz=NXQpFLRZ5OcT+b!$vIO z3y2d!PSMUq07u$^+Lq_e8vdbIb7Gp5)$hKRJ)b>qZo)#N4*6y-nK~htTUCAbHxtPL zAgUtqKV&wZ-4xu+Y~NsxvB^Kl7av(oYX8ZsEok-Zy|{TeKld{q7K=NLE6qAO%~I%Y zRj%<2qk=F7RpkK5#=DWEocM}cgaI0 zzlA!hJEJqcCp|z@>IYDgCF8PR=xfoNYwkkqln@%9H!r+x+xc+^`kC&4w^kQnCtK>f z{Ru04o=WvAAAQh}0}H~9V;F`zZ4&ZY_1A6v)}k9YKTrXUjK=llkraM~-nuI6 zO=irnzXQ`&)rMC<{tt+p26;cOn;Y?q%52d#M{XbyY}|e8yk;< zcL%eScfCSsUJvFp>bgkfkM8^$jo^n)X55p*;;|b6FB22F;T6`Ec-m8XdhKrOpNejSeXD`I-O?}AJA$|Gg52p+*3cO!at313 zkg-PbZ;^}`Q#|h-q$*$?LgaJ^xSwO0xhT#%()FHN)U=wfX#6S+H^Oiu=m0l#hq3UE z-WlX)zIIITYnK9e8@Gj9nn#F5yLFHIy3b2sCWsJJAh|8;XuFiYyi`c@dH+W)%Vq=l zv-Za&AosNR8n-zlncqZ_= z5nA8On=ZLBO3A#0NiYDO5{#LP{2y6m3syDGb+1N5G4{I^uaQ!*=|ycOq zxzjo(8k_!sNkd(m$dWf(Eq`BIxsR~h;jNQsWH!NE;)y1A72hPODvlNYQgVaOc|p6+z7jMP{#X_Q|vP2~}C_yf5y>5Vls9;CKN1JQy^_qsf>q;XQdu z2m2~J93XX?>H~J##+NQuh6Xk~kxvu@GI_g4O_xzeeW__45@4#7o(enyDD%NJgJxmH zNs7jDpnSSNGtPL7HVacYAtoaodrgAnx97!eWU%VS>)~rkeGn?$({G>CFDVmy0Ft3y z3=TG(hdT#^l^ld8Yw$^x6#7^&{(0McsLUAGy(yvKjl9V<$=_hL$J+2L7=j}=JtIlR zwlMKsVtxb15a$QaSL4t%4e~nF21Ds6y(7w&LGzFM9!^b;a&YJ8Ag!@|FWHXUn-sV% zXOkc1#&%UpA7$gz$~IHtiyO3!vp|4};-8s++(ws@%-LhN#(fuJMX=1l>HQgPM5fS6 zoFv`f4E|G9$aJ7WPGseT)t1@{!SbLiXk&a(C6)34|a3D-z;j26^K@gEKnEU} z0tR?`eWmPYIai_g&ILKeozb^zhh0%Hjm$10lx?7%F$YmxY#RlaqrdERMr59QZfLQo z`=lf7??(@se$e~suWi0NJ3G3A`(wJD`!#{d?p#z!#6?+o`K&e7Sg- zB%<&no6LtQ69r@;1U$4x?~jHYp&w+BfwDP=t%t}0(SLjDg*EZ*s@F^beDn{xEOe4= zvc;*TeY8UqnR|SEp6xPxo}&n_kfw4F*G_7D!!wur+x()CAYnl@uzkDY*uCfXE!_$0 z*K=6_g5z>qUt5@hxG3dy@4eAe4g){I(mXwTfF+_pQ1=}zjH9V5@M4$Y!RY$PY@?Xr z1RAh6xeT;2g|9QX$T;Agf$&LVI1R@sv+;rBeYi?(wW9Yj-R6()$IVSjW8Y^PeTDG0 zc+hjqU3oyS_)BabLoF+rM~cRU$O=)PKHKpPOw^6$S#=QrLtI!E^d<|3aEpI_Z63!f zu8(oVl|JcUR&BcwU>n&M`t3`aJrg@L$^KC2Vrd3He%x!{)C|G(G2P+u*DXgM<6!-E zUu2BkZk6)>7ISRxUm0PbR{!1vuBl^@iTwK$5VlUSoiPm;eGHZD7nRX8b)p*JJCzaz znw{@uY3XLed)!z!Sn~a6xf3xHm(<>;kA>q9PB49gc+B@`@)U-EF zlj-7aSh#3HMieh3QkjIar6K+J9qqx{K1e40Rj5ROco{crg$ ziUudTgzUw?MT?5ZYT)CV>GPmgrN4q8&k*HhkO{VE%*W8kKqrAWTjOHiUwFlMNEgeqwWARo)yN&^4N^*LKQ_XX;FIER5+ zpQ7u3y{DF-oRxatS@SFcF}L=MACL;AEPVhx-}abY&iSP$)fdzUL6}c=ZJ=m89p0{t z=0IwzO3-I4F|Vh<7bj_>erE%jQ2#C#m}O3v&;Nm}pK?}?9q6kE>P|#|$d~e5mJZI_ zCpiDmN0hOjDp;6eZJ2657ilYyY!=@RyJzF()($K zr>0;OsFmHu_%J76N*ybc_#UqP+T6m}i3?s;F7w;vbD^l|+U3x|NwKLk{-T8T5V>Z2 zU^lo4!v*We2auJknf_jk4M{KTZuh@@lo6?|VMK45`t)0PBjq^s5*!ZuxRv_>T$^-n ziV!UUI8`m1kHte17fX_{Zc;4hWk3=!jj}9hT%%I!G-jjnnr3=HGbBoc=VrRbOd&G; zPR}!u)k}}+%pO07*wen`EH)>C>NQSrsk{;HuqG9>*%- zrJS;nnWH1O4CXi{g_?(BzbKA*4an2ozA5ggG)n~p5{umg4>3SM4k(uwxZ^1EG>#|K zI@Jzv_R74{O4rEdg)3QX?~GK*RyBS3uLe&Yh~8bi4{?&s#a|kQFH6!2AxZDg=Z9yq z1@p>bs09Gtpjf>>=a%Fh%uaG)FWw~V$ZO<}ZVl$YQ+4ptlUq*atUpDixnbMT%9qu_ zX>PD*C`{b{6)rS9?=`F2^P&?Dsc*0cxsNQwg7qV0eFk% z;^F@A3wT|fy&{tpq7{m}o$~7s-j4!_c<%{mxPepbC#YR-uZiHa$IfFK31o%-mhek< zIQjU0VI?OnHu>7K7xw9b&|L<4gH>ouH(TtCWSIeGsKoySlynha(Mge6W8J7x%@r3x z*E@fsQx($#aCr?j$fN384DJj6RzsNUY5Yh7wc?%omxw$wN(>~R3{W@x-om;T!SXt^ zK{1p&PIqMM$3`EAhkp+-FjF83#w>^Tl}6;VMU|Gci$y14M{;I9r6T`Fd|2E^7a}TS z!gH2`4I3u$3DzC9{i36Tcd13Gyc1Z)Sy_7T`GkVj8PIK^QMJsJLsVe~+c47g<(@)- z3-BggR8R99rRyge+eff&6=Px%n}Rk?L@p`T{;g+y%gc zb*YKFYcfm{Fdu$^ldK-RbcC2WG*-^=Fr^DC6`oiAnWce|_3E;s<+G zQ`)rN=C|H(E9)?%Jq(L$Y5CTfA5x;ji}%Bq#lqKMR;GZ3S-(y{C+AW1y(xKCk*5od z@1`87^rQmn%myDtfZvB+_tVb8Pl-VW>U!c9iIlSkGmOrzHYI}d+QaPlYWkQ@WESK zF>0=W?>#xvQ?lTQcR#1XxTVNDXsN$e3uSWp%S6Z3+#9=Y^1l_PTE=t?3XYYJ~2# zWsVxx`kqRR(-rkDUWBPTjg8Vvj*_X!fOpZ;0me$FuB^CXTOljb6=!Zs8RvzSVNc>G z2=V-@A_Vj=MdrAqYlB={Q?ozT7(Uz?xk0_pq#;*N(BM85hVU zdFVdb@JO9JKae#_zT?)^GaZH~n!OR*j|mm4;J^N9Dd`1%SOb8=ZwimZQf?Q?PukKl zAL75SkxK^en!>!GbIm2Gu2KlTJEylD3cIvN4^_Ki#h?`naO3Sz;uq zI(^9B^j8Sabx+|8L;ZU^*oZzoU)W8UK<`tIug%DlaG|yv8&*M-aVb!Yqv=T|mg!os zI~AqCs3=X@>@F5Vj|Q&e&8(^mzq$-o5<`YrTOtRlKm3ecHM5HWaZC9pz@%h|F`0wR zd)ZxQF0FEndJfesp?!Wna?Z2S-SjIurV2yepff8O?H_l_S^aMGmFZg$b#GP~R5pRX z2upTgf=yp{!`=pgTl@N_?D8h2>c-7*K=7ZBS^!}*ZaMs(mC1hga8jCnR%x3vB*Qn? zW|WS8ETVRQS7Pqre6>Le=ep+e^=`P;;K8?}pLDlL48@1~1X4e3p$Xvs6S{YBrgJF~ z@12W(3XGE+{S@WAf0^@G++mNT)j6xsKYb!H_cQypQex7@L#$N~0~l$&5@~3&qaf!# zQ2CKe+W3mH0S^~FR@7}e@j;V7if%BUb*kP{s_npP;hWV#{bLa1nSf%+J`+ku%aD`#NPLQ12}A;T9FcBh$B1@Qx)QU%k@0ChF2pr%cJRP| z#{CGq@r@iQEHeTREcOON)G~|~q-n1?6Z6o&*@bJyYFP~vc%fg77(-8qD1oTM$v-w2 zSY=>1FWL`pf|K<|7Q<9m&y9xwlIcmPqSSe`^<33szvubp?jeU(4rbVG7v+GXy-reX z(j4#D^Ys&9cJ2Bqfg)0hXN!a44v6EqK@BL)@7r{l%6!=*j+d22zFw2BqRj1IeZA=7nJgxd#4Zir9)tFaJjVhSFge~B+ zces$qU99+UTx@c9d!XZwy5x_w0aqMbc!7uLm*bDedx1OV?KWs5OiqRi84|6eb|C;E zPYim>cvN4E!~1eMk!<$=vcEI|@Ob2V=n)GKBGYe;@l+KulL?bn$=A??rl$voOUnIG zbX3EHRhD73h5Cu-v2=)uYlS&r{klm@omJqh2Qci|u$eX%7swknn&^z+HJ4%r zQRC2Osv9=q#lE*Dh^5@K>Z>E+A#OKSVpy#4GH)ywW#wSfQ570bxYc5`14i)v3A(l* zi|NeFFj&x8mO?>IqL?GK9ZjwdCfWACzN_dKhb7E^(n-MjZ;0XrnDPr|yM&}7dAIw> zegD8|QtQuw<58rf8S50?XW^8vUVU&f-Tbx*SbslXi7dEnJfrFc{(MbTC^f@0=lR_= zU}^e&VX}ohmx8z=RUQP&Z!1@O3^hn~osm?jhpUDh^4 zj4Hzx2~nIG(TIz0Q4lcUYkkoD0?d=1JI+pOS4g<%+5hSeP^O&f{V&CkC*R2rMVz3a zC7uV$9_FWkFT#AUW_vpUX%#Zd8BwuCDwiAuKb?|=zyHm^2tDaj(Mk63(ZOKO@9Q{y zbT(*9PA|%gp_n@tUgS}@NE%KT*N*un719Skn&_O3CU~h^u$Twb_zr*zSokj`RsN1T zIh{z9*+MEtnI%3&N3>{yB+NQpQ^(wxxEk8>b}h5WHKB*Z!(dpG9&dRipMhpaV?v># zZ5DOKYQCHy0b2su$)C3-rBT9ep17nVu}ylu#O0Zja@k{r|10y&(Q(8P!TC4Dv()(( zjd809n6AhYqMj{+YXIJU^n2}_4d)LCESC!nHR-1-WP3T6`-qs`^zLX%6t8CnNCs&s zAB7hTxRhM!hcz1+rLHk3jmnyT&^l_+A*mSCX(tradP832@_WlYsIhQBIT++wupdxwg(mD^XlPy~(K^Q%ax9{&RO2-(i=u~v#g;9P z8wBS6O%Q^*L=llOu~LXL4+MXR(p>ZN&k`+Z^XGizPa0hp;WiJ}=`$MoIw$!ym9#Cf z?SR}ZeMH4-Tfj$6iWFj$7p!FlON^E@tIa0v>t^eo&SOEpKB>_sP!^l^WL{Vd zyAzLAz`3!HYoE^e)1%&SW#&_5>7CSoYrLnbqHDKfY6#06mAn!L=PJr45PyTqJo4l~ z8(+ZZqk`ykwmOkX2nymrTtRScF$r9x%rGSq+ZZy*2Qd<_#-q1?C8#o!h=;{uXjGX+ z`UGHVa!?ud#xOPoZ*DWh=2%5_zEaSyI2f2#Bh!W2;@8mkPt(<;0M)eU#bq9uYD(?q zYpG}E8t9yl*vQWF5*UZDAk?X!yB$FL716zwnlhMq%1YE(?0P^NQdRjl zUc6O(wGf=xfzO)K4}K2MVy8y++1gA4%^mBRQY@Ndh!0w+pBpjWb_v>`pDhLDksvE& zi*2TqMK6e|VIl{T0odh}taBK4s9orjw6iV+VO|I`3$Arc2gsk^xOYfJ$GF>L+uP|0 z$T7sr`Ra^C@ze=cygo(0`MG~|b#GOE{TQLJIi2SjdE~gjDtt2?IDfYP>WXDo>_tjA z4h)L~@2~J3Qn};v1Fl?09KWYriCbb%4ZRf>*NmH_qF)ux2L1>5j@13P!wVODV8D0O zRA?{2x!pL^e@lS9SzN1xe2GftGjEms!#g8D$%PSNCYPVUCUH3T>nD!#{Oe04O?-hT zJNp;G;%5)(c?sE{jVCfra%316!_Cbce=f-o&O~GF)@N8Ij*U-G@t3ha9R$KD0||mh zz$YxVnZhEaKw`pMj*SG?&gi>$nklNUz)k6MWZbMIpCK{LD4CZu^=@I>qBfx|-dFqE zh8T)vEJ+g8L?-*}pm#_#kzSPcGYi9@9d2p+4(-VoMhJr&RY+z-B*8Ls*VKp0vI%1+ zDaZe$0yiUSXuomkk`V~kdy-4Nl7ix%1zxT?OlV`A^)rw7%|D)AE?ezTEHBI4f~0$- zngUOJ`He)aI&r`xsVCDb!j!KPG0$)WjJxbvLiv`BQ>SShmFjs`Iz}{6vEbq9c6na+ zo59Y)6cZR>BTi4ld>b;iE2KuG5>vC($jC`BQW@HHaUXsbP03-mOq*MRpK&)R0UW49 z_mb>kx5d8i?;~H|3GSD zx!;Z8=|_gvtXe9Jlbtqh+eG?5JrhsCDitlIS+^Zqj4cUk47z8WmsLfj zU4A@{s1U$?`E`mLXLG6m^aZh5$hOJQj}Irb4dAKeTpk4>^1HTC%O zdUbj-KhNBciJyGH0oUk^{RJ?yN1|4}IyUpsRGcuy*6g8jHAkS7ZM1iH?=tH}Un%X& z70foFN5Ko~Jl;q5!#xthOW@2<@xEi=!tvYoJV}!2p(f_3Y067p(#t+1Zv^^_^l6Jg z@W$&_a8}X(P9s!-Lr1mr34dEHnj$-{8;-9TMh@iot4ss9(lNSgH*n)lm}q2=P)5LVkoPj1mJswMV%rB`H%Pr{%DMm;XJg370G0qeM$JCM7blR1r z?yknqraGO>e@q!3di8qS&gwigT9^<*Gue-5%a&+L$Y>iDF;ZwOOkJGyR&?=%ESin_ z*nic+TnmwUy*WZ6*yx=15bdlsUm9M3#2{6lS?6B{>X|l2;U!N^dWVPMrCTZ|l|atT za=iDFn^P$qNd+~Y_k4zdjbAmuoj6U@)xL+*m-J*8o2cis=aA61uNbAQ&(kvo2YooW z6b5nPEtlDpMYyM0R095dooAd(Gze;{TGYmM_=hrD4#5U3>`YJHq#2uLq;`B=7aua4 z;V#sHh5(upg};y`06S=2QeUkJhAaVPWz~}2Jf}U`_2A|;()X_5q7?770eGHiFv(njq=r;T~J zn58%k%&q2S%3Q-s$wz#6qIlYB0~qw1_HETypFUwbDlsYPmB6 z;Mbr`L7c8m3OkR4&P)tJnUGu1oTBY zBVmnsSK7KYm{%Fo%jvjr{1%jp!J*Q8E~CWZ5d(lzV{Fh+=5RB8Qls%~NfCC;306@k zc*2BOk_BLgg`|QDQ#3(}S-P`Z=lUOtDl>Wux`M09GD^USEkN|R$sAAp+CE37ZL2Q1 zq)4tKU+OJB1SyqDTF9pYb`D&do4whXlnzqM*Z{s=~6iF&F~8CbnW{l!PC2* zD7i#gFHdUimh#WwzZF9zHeonj&+S!f;uV`KAz3TA zrprnZU$I^H+d3Z9{t7%rnG8ikBMp&Z9bq!0_$kAXXrV!?y%+XB4-msr66Ha&E}$Kp zTxB>7)zkx~8&f>7Bz2#Ep)(d7dl8i8X7FAu`ITP;O(YfW9momeolOLIJFV&rg{HHT z^UTg^Jr4yDnR0pE)YZyLCi3yoB$3eicoAr6=SyaEjF(!hT3YrYZ#unnxiWG9ouBUV z41RKO@Wc$Px*DX9CqzG&S1oX-r!vz~g77=&TVsGuwvoXOodK=Z@_g*yh9`DGV1Co* z4-PA1Nd)B2y*-qiE7m`lEwV?E-NXCL6r`rKt87Gw6+2}-EEv@l*>(wwJdq6*(bTd&kJpNu-R`N8ndEre`+ zrVRSbUW79BkY6Aw@dXW;+aA8j6K+2@=aBVjoyLsM0T9Q!*`B)X2^N{ z%-RG(1JJPgHs5KNn$vU_%g)UDOh}-hu+*n^M`>rW2DBsD%Xan@|HC0A$f{x;tx}*E zlpU@_9jb!$9%d$koAUIA!#(FYEB9Vg5?M&=qQVAG#~Y%#n!zQ>HSd1gQQ*7NR!N73 z*9WXuGQSF(S5snOJ}|&0Yj;44TrL~?#Hb^dJ}+R>yrjggd=wK6UHsZT*s|DnV{1E5 zdN7da#_2>>^BcP)MHyfsALJtk`a;+32}O>lxKOle$tK?y9W8aBMATyEaDB z>~VY@S(Qd>%)i!zd_q=goyDOE*qTsK5nVol*!~0P@_OygugWf2>9u_2;Y{EIDoXFzWN-1D6m8*z&EUjnS$Ucla@3!|Y} zKx6>5UPsL??6+w$e8c>%;c}Wv@gS6A^cSuHUdX#X-bS)XPQ0rLMSDs zI$IL260C>&ff{lB6k+8(G3sIijLj`J8xw;?*6*O$ zk+GIig_$lXTB#_qvr!TI^k+?mR?2EsZ;n2JS24LBV?H}sl4`1Z(K2uaN1LV|M<^aH zxSBJ&<7i*twQk^vP0k3xxZ>onbsk(WO&3HDc4BYGue~`5lcZj46 zsi;-|SyZ>OaP^RP()R1SHwWwy8@3{QdCb|uU%;UGb-48A7{$xI#j^nUN(%nhGM`@iH+`VDFXRX!Iht& zlJY$L2}|Gz;Ut2#mxaMpW|PZ4dklF|X#4d8VK1)q7m8-K#W`mNHB+v|fsvs8hIJIa zWlzjDa* zoQIPVmyesN$r?0PV*QiiWTK-w3j`0~KQUGpHK;Jx&W^>rW1KI-Sw4_IT5%wzRoQcK zy|S4lU)4ds4V!gV>_oIcWf5?o9+30Xi6^^{53ljopHJ9?8Rn6EDqt z!tR?=LC*Q@`}VCJ7~rZQFT!6}zA+n(-m(;q1&8RSZ0Q6@Xvesu;Nx)t`f>uXzftEv zn!=#tg#&}>x6->+3>-_L69(I4w+yC<+$9e~$W=X|U(drCM8v_`EzXeDpv^1i#QLq;5#0stPMTKs9#y}4 zLf*h=WCQTP8SEVL=L9lnuJgTf=>q z=i_~=K~53k{<<3SUea^E)MVl(LIHanLpYi6Z9HED`+tUf5Uj6uOFfYqo3I=74~W^M z$zaK9$&|yx)Xg><*GD4{m(c?b38ZEtF;Z9l7_6rC#tO@DW< zwVETDEn?+^&qle34kF`kQJoavkp<9aI$Jxc zNm@oEY1f%&GmHm0>uw9O-HkQ5BhMH%GL%&L9VFkga|cC`rz0ty!}Hq<_&pnqS38|2 zq&%Uq-3Hb5EaTwzhk$7>7lU`}K(4Q4RcYm7LTYK(@HY+d`%g(ZxYJ5>*|-Je=D!aQ zV_%HzK|M$;)#4dC#XInAjSWV~#z@_>sI#p1k`jscCK~&o@THVX4Lc2FWJgGm8Tm4Q z5A?Y|JB=c{z3o2Z{}!RF|3Q%ZXetq@#Dp@$gBGy0 z0}Z=bGUh;+mw%r~rSa&90QogsA+bj@wsnLsNdJxV3vS|6e@UCJPuWjbz$JFNTnatM z!~pZX5Ere3X?0gdKoQg|S_y#ycHPu8+MlaX*D6g{)v;co^TR}X6-UuC??8mnq&Fl(p&*kl{X?9bjZ^p3y2`jB3kD_dQvG&7f-Hu9!)H7e7 zNk*aTRJgs{STFhe~NjC!AO&-a} zv6bOHr7OHrWjnER6wym>=chbjNTdQ~O>IX4Kue5(|8iH&M9 zw&m&uk5s;+@?0iGSyc`K3pN1Gqf!0rZo|;#I;4!R@kW{R-U#S+xQ>b zyFn3y*_TLHK%vd`|E*ay`pdSs%%KqT+2MKzRkBJy5WD)vl0FXQG!p? z{9!*NI((7;iKzseX*yzknb=_mS?*jq(_L0m$>zYhMi6kN>UWgYHGC~e_70-U-l3PR za?n(%`o6HlNA$Ok=}>R$&^uieDU^=G?gSIM8rN+JlE+^7;A0@teMX|y;5l+->84xb zSEBS6{Cv3(4wMV(xmDPNQ@GTW3yOOsx^bFfX;V0Ugq2h$lf8Gm2~#RLrO#U*S^^}j z>XSG%+U$${ECf{=ly4NvN}&FXOrtH2(A>XnUMmaWMQ#WxMDRyoC=xCE+vbsm&Nn%zc29vcVzn;R>6mrlq;y8Py&Zl@RgO_ zi+k<#n&q)%l#Q5yX;IDbkZn|@nvTcMkH-w9)eEZ`;kVwI_|?@n7Xf^bn@OkjeY1oE zw8e019 zzHlrCeXl29zWRDEOf&mfPEPmgO^Be{WNbo1MJF{Xm9%OGfON1xu_-MKdrX=zM$A!Rwyb2wsOL{+0v2GgLK;!H$* z`_0i>fFiay%5Y(PBWZ2Jf710{DSD2(j_ki1H5yDKX{oaLEby+mC!xAHl~!Sp+bN;? zj};A#Ky8eL9{u)#wxgm$kR9gS-KIaSFwNy!!NxHo$a#O(=WTUG*SROHwtQ;P&MAd` z8|lST@Sd1-gSO8+X?sCmH!z;_oyBtK$KV!EW7a<-n=z26(8(OZ91Lt`OVq_?;0dg^ z-Ez~EOpz*$y1(*z;MX8prZpt!K*T{*JlEtX+1qHCs>HgOO4m zIUF>T`<`LpIqx9?t37d~E?G_gH$21)>*bJ1l714y2V)-)KG&7UbEzyM1>ILVeK~ZT~ zw#PL8(=qY8P-^4t&2@DZU`5Fr0!2^14K>ZVBT)&uaUfQ0_mXfSY?7p2Lr&wb0R|mh zSZI%LVcs!%yN8_2i10LbH`r`GovxGIX2`X3zXzI9W#j6IF?Ym&xqgPSGqAZ{28`Xf zCyglAB9EVPUYc1BF%oy!Ym{=IjH{%}qrqg?j{_fePL~!6Ecyo>O;tRa!~u%3G)4}A zsg+hw3;VoXtg!tj_OSQF@F)w6g<{=A)nC zmK+L<_H_z&<%;%PPQUCrd+UJ)6E5rU=LpyKZ?-f*&)uFao7VRitJQciCGB6ySdV8C z;C^d75-{KFEN9l(#kci0{H zBN|yZ5(u=3ZN1iWVZ?})1pP0dQjMA0X>Daz363>ams29D>N3xI`=j>L+AyifdA=~8 zLhv-%`%N6VzOWBDNZwngc)8oO5Z4DA)6zbZAm$b%`Ad&x+Rr2M%#ynxV=Jt5!1Y<2 zW`=xnh;ac_rAZK1!A;}heyIg8Voj0fCuL=h*f&!Fd@XS;4Sr@kzf#(47$}*Ynb=NK z2ZMCPq@6^2|46?ygVN{6>R>nq<+LEu-OFZ+rjSjvGBc=dY1(wiNbr-@FXZ`Vu90St zV3%gP<)3Sn40&CyrPT&@t+Zu;#_!kLOSu!@`RCFfk0oYq32>mp_h-<=Ukgn*?)H6C zOk%zj9meW^Ok~|i&$Fs-zY%hSA+{nO+HCLOX}@k{ag+)h*`OiKRRxp$rPn~ zABH7RFgkwip~M|~8MILz#?hF*?c%Ek8@aS~n9AVo%6t9jPt9&v7dnOn^xe8dT0c#2 zHaj4aoC*2R)!E<6TxaI{4;&1}>1byh&BRiah^f)8y7)}IpAR=GoO3CCpHhOtA4Y{r zm>#uX7C~>_8=>}6XJ=U77%r? z0KVv5v`EbIF!o?~#c1y{pvr%fzM%uer~OoVq5^q1)Z~E}y9+)btWf64{3^V1XbWXM5dVjP+tIN-kB~L+T$t z|9eoBfQY5+U(r|b_DM#}7xxL(n17jxRVFTAVI`wnbtjq1aao>6s(~-=y~GCEWKe$w zdJ1Hy>AB>Yy+@DJ^52v0)P>S%(9)XyFWB0rt}t7ML-C+wmh8QY>XSaRQg^O5Sq$W~ zERLUYvy7)4LKhFn5lSx?&y!nn93C>>ALyrS>pZpcJYVLRQQC3~cFs$9Xw}rKEAgq_ z5SW4CEqr+1fa+>W3irj9r=!Nxlku>Ujc!pv-c#{mK8FCS8~ZlOT6?5E9A#L#=CcwZ z!ei}KullRA(Soo1D`RR9sdULamOyDL<0YHTvFXK6QTCih6Rm3(T8H%m^ZGyAP;0KN zFH45nD)jj2Iq=SA1Lld&&5B4Z`!1u|EX>2~%6C|phP-)4yI_jR-D=Ioe|PoJ^acMe zYf8T+s?fp_qFVp|F?E$eRkmGMk?!tPI;D{oq`T{o(%lU=k^<5t-Cfcl-QC?GUD6HT zQQt?u8D{u%&zviFti9K|-V6{ohfTTA$yuo^!*4B;I)eF3fpFTM7hmgxu@%w*8V(`O ztC+VRJSjm<;eSCbE_KxM?={^AUD2F?-rMh?+*?)9Wv|Z z53BAm&F}`^%at8fBmfahj~{VHjMmzm(-?mwx+=2D-K;sudb{&JJwT_MYigQhRvF>U zE)_rJ7&(H}93pJR^`8&1{r^r5>#$o_q+uu^b9c!qa#7J%IH~ zwxE>dM(>!}{N$?*=p-4mMCMVyw_2MlM#{MPX+nQPg0Yki6TrJN)&_YJg z`J)YaCP!C?9bczWdWVgoq9OlO^aqD|CSnV0YUAw&o;LVC&wd^>2!yShqTXfaVmw3fFR6341Ls;Cw2xe=Hn)&N?&wdP$?sKNX-nyA_D~+2 z!WhFwWlo+>@ZYj}!T$t{512Tvvpzw!)@{ScH{ZODr89o@5E1ner8}LznClR|U|3AL zU}Q(giGNoXW_T}yEj`8Q)Dz)v2G`ao)Di$_@vI7g-QVT%KTzNWmemDPSP9! zUQD?+`kRm)86{WRlJ-K5-|7;*5N}NDYg&#`+(|kuwFt6%Ci+EfE94R7WT`>`b`up| zJ_s55U_4QNJECHVjCX_=fuXzzb{jtp5&w==kV=RpP>Tmo7#zW;Dogjshb6}>zl<9@ zT5Ntb2jh!y-C5Po+C!|QgEqlp!oz3YkinjYT^Mx^pC+8CX^K}qHJmB*KMKD?&Nx+dN^XWfhw1u>YQAyLZFpmk2 z<`6x=4HZaQ?2N;CeXn<#wpHQ>o4@llv<`D)TAqZX*nFu2jA1^nGP_yFQ}ToHxU)+N z>?HlGS0)gXs@DIj6edKoH_9-z`BzPi-T?lWv2h^3R9apxJ-5_KWvKqcs*R*gCTCJv zwg!8=L~TX$H+-V?_NC0;cb*T!*?WBa{)a56tJZolAuw6d!n;yM?402ntV+6~+Yvjkupj6`_~rpm(VTx)WDM$#frNCLni?H?&R#up0_|QQ9)rlf*GdV zg@f4blCua?h=*zwVlmq_P5w*S&`jeYiqB3OWDzBV%u<82*O|7r&HF8buo-0!#J|%i zxHTh8!_ixL1GI2zor8)bK6}PCmAf>d+|h_gSjfO&JOz?&PD>yeQvb(6__Tlhw-f~1 zIR5`qDCISX_qiw2s(WCVZqqk})@z!J21i_H?{lM#^JAO;@p-xyRUm4c-%0>0*pw;9!h>qjErT{> z=AZ*8Bugzk}^KS*)kgCzd*hpUU(sW&0H9b;_ck3Rm8g1lv zKAui?4h<(R!`wfbtQy{vU`OomT~WHczk1s3UUl9cl$2vnwx8+1+Af08?a_3?+Wvj{ z2Q-reU zraEbCH|Y5thN|}=X!5DgrfCzvJ(pu&3E{jTyvrjII(_K589af4DcQU)mP%y@ATNgq zp1!Sfs&2Li=-{SfdNPWup@mKXvep7V<~QklDU1Hw`++jYOZea?VfMp_e7`43Ft43y z3?Du)G;arySX*JMa^W10zAJ06V)xp1v`C(`>Qlz{L^84%euB?cYb9qZOlWoZx-D?< zNs#IMR$F~nm#G5Z+Dyl1>b>q;thP?2m$9oO=#1sb@IJqTNYIl-4g^qQQ&tf^WXQ@c zyioXb^)fiMf z_HQBE5ojIDYvHxQ>!_ur5CHC~rx1Ba^tq^UQ7impBZmwaPW2a%)4B9i`WlB*|6uXH z3u?l+jRuOHcWlVzFs9=Ub+jpXe%A{oJ|IzeR75E54_PT_!G!;u4fH<~<=TZ>8po)5 zMW-mjzW1Fsiu&Hh;v*&sy1+BFg5I%YOrZZ+)=O~o0VQ(lN}VmLH# zgJJm4VQMuyYHR%c*n_0?n77Uub~SkzoOVJGK)^tQv5c&5y)*HDCYd%eBO~?N+yblu z6YJK1RdZfsM-$xq>M>F0d^Uq*L~t%UT;QFLarxc~7Drva+9+e{G13|xl#Vg4X-Zh( zmL+Cm7g6Z>95UbIA-YpdCJIsC#k?U^y9CBO?*57p#hFxOSj!_Hlj2LMkr_!KwVo-n z^mzSd^?JVWu=)#>uC6L3=+JI-Eoiam1v%rR8s82JP+E3D^4q8d*9Tq*Saq}Q)V$AP zfScn)g0vxcMCve3RBht&e*L1=E3r6F9MZ?$f`9o71{DjDK~kV7FOMVKloo3#>F1+7 zDia!Bv={%)bf6*@m`}kt zUKnGvgWuE4cEwW19-o>m!cJUcQ?*rXn&Z1k#C~6Xm+W2Pv=98^kMHj^BosMkQCp#A zKVc3&=|M`w`EWdBmOxGO3=nJwn82mnznI7GV*eP1Tb8HMnAu(t@x>DSnt5gS->}}W z7!EMh;#7J6?o|tu&W{cIN|i6k@$LPbDgDSXN5!?bZSX-9+% zss-3&Tx`pNZn`%*Uy(}1Y)uHXme>3eH+y46nWzz090i z)9jjB@^>veMpa#hf^VvqDa;F#qtAs_c8mC5`!hQ(1pAcA3Y`gccA)uy$5wq7F64za zFI(DGM}VxDN8~POfkO>&#J5LF7b0;u<~+0_If`vS2|LB%%y)RYMSEb&*IJ+8q@3~* zd|tNtdi}(1I?8i9d7i!KC* z*JnGSydjfdPE#B-=<6jp`TCPgp?sayWTgQsvv8rHpBy~}vGO+X-)K+2LYz*;-O`!( zuwIoD4+iHa4e7pPB>CocdU1PmUY!`V8$Kj^&)SXsAq^!@n>hazUsY;-z({q;rY>p) z$v-%A{tX2*X%2;iKscKss|B5#edA8zQ^>S?TdlZ|T)idG?V>8iBb|0Sudk}drkfdy zWs!EZ0|IieGi^Z{rm2uo4z=QDcp=fwJ9`Y65T??Tr;}Io-Zk|wL6j5)tzHytnyfT0 zb${`m%&MLFo}XXfi#VXeN0L*u*9y(r&9A3RP+RnLO}L^tKGwc+i1;v2gmgv zpXQS&!za;$ZE|W8FpaKgi=4W*d2(?MxFf2WAfQ=hqtqpmc4p)xEw!`ZTwLE8fr(1G z4|B}ot@6D7+0CEhs0)#ltJ|*To{Tf3Cc3_DBi4NB%5^r&8Dv{FHw0%+*G~@5nY4qV z;w}gWOi81({SI%QTnqPJD&bALrOQv~d7|CpY`mlh301Id8skjDkoO^fnF-__dz6{Q z^i7mhJ0zm;MRoL>@XJX^Y3fbI}E)CbvL+HxSz zM4-~tsd1C1>TV_)IHYFcVKMYpODgt?IpEe0^rX3wevwpkBal#IL@LkXhQSRF=OYmQ!AZ?|%fhrghjR1vM3*JSEd|QdLH!oG^iiq?zvXmo@&U z^{GT9mQHZjKZ=ay1f|FXFhvb9u!Ps0m|*X6;vc+RL% z)Y5J77d|RInj7<}gnXkH1F~f}Vu)KjVI5{*I2B#7^DI$I=0H?$H zT9dWsbFXFS6!FcvX3`AqO(*VaNd!E_rwQPluwrS^52KvvIL_ZqWm#mW!4!dAWWi)x zWc`DE(@3+-o>?$<;zRP+5_;b$Pix*fKh9YxlE|5h<1=;%|Mew-W%iD-a5j@m1dM1#0ouLs+Mi28IgCHV}VD4#VQT!>|c%X7Gt>Yx@;e>=*_- z&L5qRonNq;aqn0 zlK{SCFCSza#$%VTxBc4=7~ZHZn1B_fo|#ATdh) zenuC}J+y|@2vOCF&jND~t!W1ol{ZOOuC|DI2nSf|TN|OezZf6IzHsj(Dbap-!HvWw zTiWf1Ry^zAg0mng)bYN7Z`~bjYeVv|uuKQ?_u?O!y>I^9c=$w(JbKL;RC3iaX~_+( z;{mwy04z!>rth1`?W4(ABz{;p25nJroFWCa?7TKbH3)Qc@oUw4f|i_bPGWu6 z#OucVbAzy(DMATUb%l+az_|K}0XwkLa^hMC!Y``48a&p}2UH!?ngARyI6st=_0u3q zWK-khq?Jb|*!6iim$g*(U`UH<%SnXR2Fgw$(EP}#R#`3f)9;+8oUPmRA}-HtI4^&Z z&ZckG6sXU5gCfzv6hC?KdX-FK_e0m0n6H|JE9CBnW?-e-@O84h5Cm@d|NM||A-peg zX>A4=2TUwf#dM^vG^N~CC$bW0=6}3WO!jKIkwQ?jE+_*Tn>xi2{7!|GzOozm)H%y~*(d9zL4``%p@DtOD~;c9tBl*#`dSJK6QN?x90i=XdEkTf9R6I3N6-@t13%UXrq9SnV*97-zI0Bu!un$4VDIm~rp9dS!V zy=y!*J+lOYpp*pwd&he;9xfb*R}Ky=aB8ZxvWk#$BQNTaMJ~ApaWl%0p?=>YybNas zD&US&dw$_d#@y{MisQ#%4?5D@ma$NQ=*C8FM#ph1A)Mi`XmV-9tYmBPp}cjpRc9ge z?o0v#eoINTkoEw^zs0dn29TMdI)K(L_>zAypoQ1Q#_eT!an=pvkBnehp2)$R>Un>U zbDsc?stZNfGLRmsh{QWnYj*H}Yt#b6v!4i02vJyhVeQt>tMZ!bRY4_B=O*e}sH zBHVtcBGdsZ3iHSWitC=n+?yHYHhW4jSW`{qu%4H5irpde-QZE zCs9sk|A$M=-RUIHUFJ7|#ZAp%`>K=m<3?|-gfu`h62#X@8n^}NXnV-%m>hg zk4zwmVs*4&z#Q-|UBm~$&k^C=^}o*(;UE1{&Tjy{R5swjHTlwZWJHDm5QV(#VY9X=4{@$hVgy@cmX=iCDJb3-p0 zC;o7$*|(siaE7}#!}7NG(t^4+oj^0WbcWjTCv)C03tqTl#LSyqWN9||koz@mwMZgw zwnP>kK{EmW0rgm>f{{*pHAdQC!(^I~RU*Y6o}dZILnrkhr(0!NY_2QetU!xeLq9wveOl{FXXa!c5w_(SJ)i za3Ne`2zziL%_+x8d7ZX%Z76qLiTKXclQR{yvO#G>@f}+IXPL`<>W^uSuQ~pJ*J=17 z5#cIqNam!aUWYN%g9<5E5Rt4nW%iR;v~_PQN~xWJk6C!A?MR)Gknx-E8~RBRy_PE? zL&Uht?Ei%}Llgx|7YnqUVB={FC+ z#6Fe#wPWkgJ>o;ImhW9Iw5&383qo*ra7?vQjpv2xuUrO7CRrq_GNi(-CWr`}ftc6L z!TLG689UoI7#abChos^QBpPTqJy0G+0*V?b`DJ=2zc2s0qug4q6<8P?PBB5Xi}JqR z1N9p4>Tl)KDSNkU!$=&8bX8_iG7pcDw(Oa8A-rOE`+9gRs*#zy?Cjr6q$vv?z%vm5 z&qP{PVJja$0l>dqJninef0|h^U2$=%Rnc?nc^5xZxEpC?YN z*!T~vK9rYr_ZPH6p&wH`eVV-|c+)uJ8fl{lT`sT=!3xt|4Al z>clx^^3LztV0x>}pa%0tUbuaG9@d89Z%$!e^4;^B?aPOG=lHbk}%~yRTus00FAb zj$3Bu15hZlcEJT_?eSa+fD=X5Z#OB~hamX@=kekc?KR+62gceJ1;ZhB;B%N zj|yU?r*ZaP(!8TNd6-$s+I*-y6F~&_A7ezb34h5&Q0V9vx$ah8gM)pFvp+g&x$zcw6IEH; zm||@oPWU;L8ioI(mo#SP8_;4=;{i)xL9x}J#<#$N@!_jkmw8(!EAa5@em_smIG!l3%dXf6thGLO?7%(`XBaHi_ zmr8G1tnRsEcVp)1X2s#EX!Sdv*TEzpOI%rbYgRR%dogBVWPcs`v}5Q8Yd|!9q=#V` zRWK{toaRP?L|xqMqBZd9)@jF8&`F9yi!-|n^-s^Tn;^S88S&hO*iI0g0^(x44-Wz> zGx0kZbKV(_BXzbm8%;pym7A&edGx%rSeo;AwHDgq z+WuK&Xh@203R-X_V2cb*OZy2&!%=pDr{UFmWmQ3vA9iD|yV_5=7AfHvcVRDIBH3p! zq$wHM?at5RU4F=j(!f97dd%57DLcu%HB(|nu-H@wybYn)9IwCS6v{cX_eb*W=5!@P zKHhBnyq2H5hnaDtwo>n!N0sfNCh*pBpGyPU+**oOAh2`&0&d|GkO*oFJB!9s$}?zR zy&aknwQ;QI)0!F3vv~D2l>PcAC+DoYS$;3so=xQVt*a5Y&xd)J@UiFR!)xl~QZZ(U zyH|U2K!l>vo#a}~FjnWJ<8pi)i?_#}kKs~YBva zn;ycay%UShLr&v|s`PoQz-8O=1>hLB-d){E%cxpGjqeY;w^||l{o#^x5RrH9j}CY1 zV%BN&Am)oCfwX)-sZgYV>Nyz$F&D%b|2zu})}KxroY|3V404MZoi^0o3;Gyz{8_XEz-7(t9;u#}Ld(dxIJ z#A+Gs&C3gs_+}GXM$VCzTkdnI-`$VJmhwA81U5C9i}VMho!LbhCyy5|r9eJ{Cl?Pq z<>a&`@Sv~7ja%sYWeRFv|L{$u6~3p_QTfIhhT`*C`aIO^DX`>F*g(R!NwbM; z;HkH575BkdOtvX|54ez+Kh_%8h9Crpl(0llOyED13Y(5Vb{oykt%2b@rA?&8?Bj zU((gDvRVt5yC{Xkw&n!F1qgwX4Qn*l{p~Neg7Cv6fy=hSPZohl0mffRw$ZsP$?}NB zx@OsfaBDwy>LaAo^zFTzMf_Kab4O+C6tx=u)f(ttP=KeZTUo$BpbNxz%g4`KuZ`&T z$kiG3l7-H*mSw6ilvi8xpLt*)v)@i3nX$_Ua+}8Fbje%cr~@ zHw(oXe8=ed;QEY?()4sn>fr6F0iDKI@j^zHm7Ww)>4rB#Q)%JxE)Qrks45vPA*7Z= z*VTT6QGb0nr2{Vf4QtqdAjFssc4!IhlsJDj&~CQ3O}7u^>vYUGO}GCk@y#$P5fK`9 zdl}3;@ogS!I))7fAjN^WVEGo`zCll-boBnrx1l8((^Y1cRAH>NLm%sa#fbBdYXhR_ z3kX{P?7?IkBan&$V+npjDx=cO?E@UDT#=Tap!JLoOEx8!wa!NGuw!;@>l;WHB~fk~ zXe)$M5OHh6ldZi~P%f1q^rdx+!E4+373Fi7UXlBVJzFfJwGG4R;RFRyZM#3DeZ`(Z zOe&Mi)h0qlhYRRWB*YPnKQ{^jh2jTCfp2hx&}fr(G8;)zqHK$HrQ&jH^y0EO_4NO^ zN@D?}gY4#m_TYNZxQK|x@$1k$RlZxp^l6?)Lz9PHR7CxU$=p-9hmzZi@6Q1Z^d>6; zaU9PcDUH-qx*8*d;UgI??IabVz9f~S-xyysj2aRu%b!$g1&%)2`T=T<1CCBZRKG3{ zdvW6lOI|^7(jPCASCE-BEUAdpao&u!+}VcW$Cc@kjx^^4+e%#a;ebRgB9dbREmPq6 zu@5D%TqpovSH~l8wdxBk=7xqhx%67j=dX<)QJL5>dxOfq4^#X5y?&>%wxRL2_AZF! z>pD{aFr@wBqG4fmR~6YAU|-S4@;n{)|2PnvQmsnx@LRYVFSXi+Y%AY6i=(V77Xnh1 zT`Ca^KifVG<=>>>%=+P;jo>tVcxgJ~ux0-WcmGa@k%<7Kp-Sps` zNm3ESO8ij%6l!uFNe*4IXS_y08H~P2k%uKl4!bAoZ}j3lL?oKJeNkI?)!+M(Ml1cE z*J1{Hw8)q`GX&iFoC`l)e@bF4({h)Fe|U7d!kO5}A2aPh@yKlC*vkz3eAu^#E(38{ zuNi9x)BhSOEq=ZEMFj_H^W|`jGA7S-j1}_T8bKS)+nj|VsnPJ7!nKI^22XC{8#G;? zklnl>M|?kmPh?5wbL@YE4zan8B?Y=5SHZDNYS8 z0$1ZDVbdp|8VYXGhY(f){xrKpbMZI(Pk3f%Jk>&;QIv&3Dno*5Ag5Zs?Cc47s@_mx z`snnMYH2TnzN%SZ2vbB*GSfq#l#}>ojBH;Z?YZ#WRM9 zACp>}0(=HWc*uhO2p3$<0hUgCD#p1cYwAx=oInVX(i2lce$T!+sHzPA4^OSILKJQF z)&QwB+k1?yzB0-@eeG3mmHhmsu&V^eZ zH@y?pC90y}UfJ%5)*~`*)CTUjuClC>?W$N zMdjsoD#WFus@XuG&Bv#8$?(B#iK$SQ@%%Hqgyg&7G6COeNYSIJA^}M^PcNGX;7G|L z79+~QalS^5PAuOe-IIIcZ0Yv0@+)~ig#4h!<%rqHkE-IaN2c>}<19Qb_-w5K66^M* zO_&7SPoVF`{NFk3Dk}EV2Cmecy8pDN58$}Yx?m*SCBYY#6XAv1;J&OtWFXHwG3#<- zONZoeLQcv{WRn5h1|ox{y#8Gl5qL#ihbYPKw4us0HiHa`%$oX9q2b2mvxV{`IxVBM zg%Uz9PkQgGaG5-YSsC6=!N`GoOGq*sC_nfd1FWACcn+K^V{e+-ZPg}`x=?s-ZzM-- z$y&~)KXMru#PB~DJY0yGijTsB7!5k=ThuQB)B&Aar_1g?P+bSMb%$#zNQunK31amN zVx2_Fi>bR70@PMK{0|XJa~DD~4n%Gm92g0;|B?<2?3~hVAqo>L$`bUt_~dT})gAs= z+3&w5m6J-We!4j5!;gNfba1@f{$U$ob)n=&jq`27Wh?)=$3H8bFbAlN0Cfq`r?auU z5_dk_MryM3=}-wA%knpmkCklSe7C@W)p|ga^`~03%8yIDs%oeI_A+kWSt$k&aLHzV zN@;0HucEctfXYjcIrrZs_%_P$5Z+5sS|kP%MRlSm{gYaua>%0Ar%fsEO0ZMGffi>a z2)|-4-`-Q63UvbH@x-o;<@ZSzuOUAjNc`Ogi1)DWis!Czpe@Ku#n^ZZe}igYQsvqB z)@Y5Z<5b5@M%Ohnw`@mYffWGJsSvoKm<-4*H^xR1cOoQ3jhpT2(bz-Zeq)G`b^omE zijrAQoNw~syZj{nM@UER0oqYwhGW6CJC$h+fN?XZ@lNGW_yq&A0|OE?r-jU^HC`wq zzUvB4c0`GkH~$%(_g<*+ojA3aYs;sfuNX;1{+3-HNMXfg0x0dsyyYdt2XEgqYqq1% z%1}7K#!n(9&`0+Q+jc0x8jowph=K{k&U;Om3biKbOV1FrXv^QpJ>{u^kk&<4a6gY> zVb2s7l`fHw@5a)7LhAIxI`R4wg>KOPc2ITV9{(PdaT+V-RLUNPQY*H|(Kv+yYSr@fol zjU-vidrebzzIPSt_GEhSFI4+S(P(!O!=GCOERbhc(*4M6F}YqhQAc*xfWA)wzq_tUC;OR9Fw zX2j8k6(1xft0BVthy53dFz~w0n|)k$zRsoX%rjzt?z+tTYw1^18Q$BN(_lu1&J~%5 z+iR(WG1g57h_O0gg~5aTHICtGw9ETxNseLJlM3US=T?oG_7`U>lg4(P$pDjzUeAPW zn>QxuMLhIq?CMVJMZXWNX*&2Z1TTAWgLH6*Xp(;9O&SqfaBlLL*qH2R6QQbe<3raA zzI`_B+ws%@1fjp@*4GQ(S6+&&Q>%|(C3?*MUipja+)h?DR03v5SS}xaWo6cy&?>7l0*IYjeyo3-T^y>&tG1Jskn3PPt~V@Y zuP^x(GcyF>vpQQ1`a$H&F8M3w#|D5Vkt9sD^01)*Z@rJdzW6%4?viy5uovljlK68AOptcIdZ+{Z)6CU%TOc$tDz7wIF zDpkL3+Z3O}PP_4*Bp>cVvSLN-_(o&%V6c8C^6#)g_jdB>3kcCoK@J!FG0b{A3(C2uGJT4ty2kZ z;VFV}cY^hT@z8jab8+hvqAk7;GK*8f3_0{!FkMq@$*y@QL|o142-=;_?6=H;0Tyik zPE9B*zKjJ~*mkv|(Wa$mIR9vScaOQMeDV|Yfbrm7u6wTPR-=vp9aVhM^()z4-ANX~ zbVB(}NPS?I?8J0M?;UX+Nxy_(ZX{;o%%QaRf=DXU9=y8g);zd{OPlKj8eM1AOOIzN zOtg&(Z2ngSj;Smg`hNV>wU>8?>*E|h4t=S*M@`e|F?rpTyn=4_f>qRBnXlu^7so?S zb+Bh(m%XgP#FrQN$u>GB41tF|hDb@;a=;P1POb`A!bsq{o=svP%=-NEsUfIr88bro zV?~$>&1Z%7+PEUhO(g9*VBG^L8X;LEC#G(TOy@g`=AQ=h;S^SL-vNvXh4baxwuSOn z9)=%R^-hKYTd^)hCvgmLITqs&G44F05#_pLtD)+n>G>QWh*{77gy}@WM?~Uk%`_3 z2_qL`{LM!QcM|U+fP$I(t9z+{#}x_elRj;yZCzN3UTYf??Nx!sQ(SllAMaR(FwR`P z&_NHH3q>UH&gW~YF;A44G_0Lw+e+qUFY&k8#}lEgM}3pqRWNODq&*VUu_E^J7>M3j zF6^#;gu5^Mu^8`1aB=Q6W0Zq>A||UMZc3&JK$IC#I7F8C+Bo z`JskZqOiJ{f;?9fM^rJyZeoPR7P<`UO7ACunOIJb&nlPljMYt;tp(S9 zIWS2Tt-2SE@A%A^Umha&RUtqeSrY!Eqx~~wS5#HTsi#1Pfoq|RBJ7r4+a1J{0vQNEWXh)tZm$CfTGzn4uM%f%*w+G;0}&~%{mE}S?Ze-&(Rt-#!Zsddu_)GdIJ8! z!&o}_z7MmS;!j$axeCpwW%k;0Qo>ICH0;KFW0jP{8n^p1d$&n-CEGC%UK#bc{AM#P zmn-c*B7#bm`aMMol{KYLs;X*gYbWOM(?%DDLC#fMdT%~8o@6?Eq4%1;z}-W?oXlCM)tRbj=Yqe!CJ0 zTo?eIBpe(YTp@3ko};xx-Svi!xTEg06EU3889ODj*xlhc-{8(=B>W&wUdxgx@ACN8 zZnoVgz{$G;m%rZ*W5>#|^p>*X_?>MBUS!)hB=ox$5-yz#w=!O6v&{|rzm7(5-?x5A zM;xRRH&u-DTD1(}jZ=61%-)a)22jB3P_WH2Z^Nk$Ry-&6l)^h!=6bP1BQxO-$axi* z*^u9*pI(~4yZM_Jo_}f49$C`>p^vcjCfEp;en}0A^-v3M;WBJ2qt|j?2;-cs#YyWu zJ=u`i(vFRC(DteiJLo*pyt5^k4O)apyLl$v(G5+(LRqm*orB-}Y}!cF0nAsv2MJV& zXK)HHo`Y67wsP03Kwc4lOPYNe@~evog(t<)4wo$b15WxsN*aGOlg#%=26W@3}6qgG|pOB#RECQN_G~U)Ubjd#r1ZU6l?D;4@iF_|BSm_bD zbY@U!4h!A43a|&Bj95&fmOo7V04Q989X4{5sXjdCeYif8kUm8;=(Ob<4K8%R6WSW@ zBlG?`*H!1FJIOm)6{%!RFiQNd{e+y-5M>U*2t}EqVm}}%?w~_lI+yPG3XZMf_85H` zu4=_eU@7Y8lv)SRTMRr)X7s$runM#g^$$|`Kot90KCzbET6U!&Oeed}i z0L}ed?A;HjSBnU6_r((uPTj3wx0gzpA}s*T_=9%QRr(`3GqajX7Bkt0$G z!HYQ2@1%sJ6&(e3HCO*ws{{l&E#^f6=d+bBE?_1ZjfEojR7!UKr0{Lmp=f4(A%BO z+vx{)=D|Hw#Wr>fLU+AuVLO7jJS{CTv%Rf1-T*j%-TW}4hw(i)Mav0dDHA6sA;X2{ zvX^qyc{@#d&+%4nC*raac4)KGRQwWR!dcs?C9L@TNORwlKy7ESo_kfb;M|FUrAE9? zyb4d=B!BOQ9IRq|Ctw`YDA+jb$g3tRSkL`GVltSQj2f9SQU}O5wV0o=Kok{>sD<%_ z>knv%+I?z7?3HZD#Zs{jVb?cje304d7(8q$L*xUFno?(@GtYyKoS#U@gymq61(w{6 z{QAfC)<#HmPOM7PzY^K|=`r0~eY`wc9YRjz0P1{ebX-Hack*E*Hf}xdKCzl9(>^X) zI$}~q20PPAOR=ztda2L$ygMzSMKDcW)(lnK9H(m_JH&koTMdKu=AxAjB=M6_eGmZ0 z0#T3mAN*F#^|dkih-^Ugk}r&@K2~kM?LQp6-HYx07$V?~yH^Hd^5C5DPF{bMqRc3< z3z)%Jj`%oPiKsiWR3gp3|3J`fUBti)l>eyIE2h)ipo}^7%*YFAze_;Azc!q0R1wr=kpC zX3#M;e0RB+eq&4tlbGleo_7%mvOW(%NDXHi6PsEgG$snwAbps5!j&Yzk-1#-NOUGN zP=7wc&VG?ds&|Hva-DxUq_0mqsA|?}m(W*OjO1c#Re%1>a$UPD1DbC+Q5&D*yMyd8 zf|>@u2e7;7C+oW?GZ8K1GBS6q%?AfKezYW!q8#=z5;TnYdMF6v8-r`$9P^^N-wZ~2 z;T_qICyCS@vdgeajbyQ;#Z0t{WVr6(au+aNq(U*=kml_m`{nrQ6=P~YdEz|nnBin~ zwfeae#4Xt_>04y?Yf{htT+l8rxu}%Xf8A(yImng9K11IM*qlYFl8}-&&0Zj zH*UDapleyRTf4{!ef{ik(Lab$vu<)=~EU zM5pDN!z0nr9OEHWI(4t*w;Yjwj6jedL$%%wnfIk#>9QI!-L9x(02!H%2iN)m2E-jB z!J?#^do5d4j|$64nkOQ*CYTLOUcH?_T(;3dwIby-A{-O>JH$Nt7meY*`JP_6i^c4! z9;pbt0JRo5gMvrAR(Z(iLnc#Q&}>`+rOwt-oDo-O{Nky;W^NRU(O$=3n0bq5j zg2viv8*OAQ`6SQ~39@B5b|#BWV8oFV^&X{KADB=as;%t<7VZ?KGkB@%YcyNZ-V!SE zHO8e$^z*$;>%))3{;E7&ZJRb-*i}_jw#}5*ywVY>t9{^~y5&GMyTRy{d`LCRN7FEv zSaQ!IteR2LV)DLb{d0Yp22~!xBp4P#G=MJq2-UJ(>trb1Gp?>|zNUzgps84>*9U=r zK#kffOi&3AB+@hgD5PFqyD7NQOWs5YvLX-Xy9y6+ee!G7BEUBnm^`lgRJv^r% zGIE!Fc!jb~gx7|hmf>w-62nGpff5Z%#Ly&qml<5Es%7 zKjGJE`Pg1f6n5!wb9wBo9p+~1F9*qT0uk^of6TwW zwr+ohwE!23JY8!iL-&$6{qZ((*=$IBLeg!1uJ7q3OgsBIGVsi5==cK1UutphTz`6+ zd^?wql51h7iA_k&Jto{ZQv zNV}fTfMoe6=EB9sRBVr+!>3@P8R*sPphpjyeJuiOZQ_+jj;dNQf==MX&1vfZ<~ygx z$`F%v&Uq)k{ub0%2^9Vo)~4Dx8&Po)oqBdU%;b!*ZX>or0nkDn5)9IlQZf6|18QMm;W&HR)mh46?iC@H=WPL^|f3l-O1 z(Pqua){v^2Uj%*x*svF{EglyW5G-=M>8K+i0gntQ-JS-#K&Jau|Hsr6+^3%`bd}3~RFNdt!Zf$1$zIXqsWEy@la?EyS zRr4yo=_IxWet`K()oZCdO;wOcpyFw5GC z`ixGZ7VmAGtwbN$Y|o$E4}I{C2l;UgK_rhEj#1iQ!Oc!N4Y!Ao#H+QMPYj?tUZv_o zlFq8XZ*8xj+s;NX;ZrE^mXgsjlgRN&##ECN6MTceI8qeUiOL~>?xb04SZSuai*UGs8a>amBxKVEXMZj-ZiakG_2Srxx?Pr= zh{kBs&Wu)TnM}PUW-M^_=s=RqIfrIeOJ{AbFGcYxvu;O%!^aOEZJ4RACp~MludUZ* z8*TI{>TRSv^<2@8TE^vY)nijWYUVifwp;9=_=#8)TiSH9g8!eK zl|wAj8n~X(<=R*kR z3`DB?r?geCY6yj##B8XMVn5YScjv@?9ejMJn!c$8weO$?q??s>6XetLN%dJiJWGOn zHZ|_y=$M4WjT8KAbBBBeBpG|eDbr=Ufs03THEs(*QIJ+Hz@Ph#%qdTU%^^CEADgxW zawS>{VBKGcMPfkCsux;WpC?$m6sgcH<@xwR$SuX%UQhvP1)-my?n&1z$t z$cnp5>T15*<#YB*^d1A0IVh;u`5S8YkZscxi33)6e3Jv@9dM$t{1V=VThenjmAKt= zr|9DO%=i7bs>9C~tg`E%HtEf_a@^3p{vP;h^gFT2u6Xug9LuueU%ylRTtnE1`EjJ# zPuFl?=-M_Civ^+W z?d*Opzg$FcX#n6ut&#RzY9WMcf;si-`_0)Z2RDOWcDI2uagVy6cj)Tdkkh+O9D2NE znK3e*;v*53OhP-K^wI;%hS!b(-oF~N4nQ)Gfmjmr%*uveDd~Hj@VnB=Mxj`NK!#Wh+enet7_q>t0>mBDeqDi^_x;<^& zY2iOgP(_M6ZBOIjq@Mi;3!S$1$u`*xQ0DxBsik)M~|VARF!9Lnxobsvlc?PCu;N&OQYh z?uVO&4r$k3P3BCESuV!TnbAsH0?uGRfEMdl(^12p_ZIQyOpZVBBl&@Ja$=*)VC}Qr zIkMB6Io|6sc$;0|{1_Ie1JF~a4OC^QvLjil0k+v}2*3UA+49|ESa4l65im9^BW77j z_NN%*fyNbbC=v?#PrYZj)=@G;g@Z~Vgb?rq5DcbB1W}e8W^uoC-!5_oYxmh|O*xTd z8&rTl@{iZwp^)p zt<3~2tJpZ8{0IENi}4aaq()Be{muRKqR-GCJTSt#$UzIaRSHU>=}(w!SYsj591cQr zQ$J6>;o^z>)!AC&bl=mI2|;ByquR{+k5%Z(i|q(`J8oSJwFhf&2(dk=LWw-8#tm0L z*<=m@C6W#qmJD{LD(3A~2MwJ1JJc{mjN^;4hFp;BIzgrj^cNmoWWNp?REm$v&xq^Z zr<4o*-D#E(MddUFmIl1jEF-$UW9@a^GG&Yddb(2dyb)XrIV-J2P%18OUR8BkE;)VE ztA|8m^ra?D$P=Q{zSv7Bpnu&4RBFe98#`#s`2f=!7LfpysGK{4W(Q`i&}aN3@x~rp zw6>*_6wLsd#x@x{)MsP5+>*&Q5!f4b94o6x{zv&!M4R^r|1k__9U(z8`0Wm9Oz1G&a7Nxijz1ltvIZ{r5i*>7v-ym+;i+pBN->g4~|RRcLb94O~>&ZBp6g)Pk1 zj5w`1t;ILMj+1)E>dv~G%Kfhw@yPqVxpxn+Te@rNyrbzwJOVQ*4`oWOF0UE~5AYO) z@_$_N@q3EGWl0fqYc*pI&fS=J(gdZ(SXfxW{gg_}PWHU_Mn4e7BHht46}O#yzsdd; zkyXHo_pSZqZWvd=B25L(OimE^TA>uPZTSd_8CT@#=hX+9xcG;ay0KKyaH6BfA0%2k zb+P|){^CkX~LhF|{23x&9Jq0($db%$I=8Pb1x|7*{M+nekY(*be# zox?9t_eN3kDY8$+w#}~T@H~EV+Rm95F#VjT}#@Vg( zJ@;43NERFzmfsy*t&e!jyFd(kGFr?Q@vjZH88&GHRd+?g|csKS( z>xQTKe{i}t2nrycxVQe&iAVAMhOuAo&Uj@53G?4cA=pCp7x}$$<%HPY0APORefAQf z8}IC&493tTXYyDfX~pdELo(9ma}rt!-yX2##eMrvVVR*Q_K*uml`bsj@XZ!PG3Cp_?J{8*Av&aK$juEJz!nTn{!Kah7&V6e- z4KUYqQ!w9EI)U&R*Cv?zjNmqm)U$D9(gK6$8RfY)w?sL<{rM>-um1Flm z0S2=zXKxW?Uw&z-+$Jvao&_(I$+sjy3&z*7!`=|14{G8m75vj4XQa&OlJs1I7eis|w! z`gLUNymE{GKIVF6xqevoIQqi888l0ZhXs-_;YW14 zz>$)NNn;?2`Hbh7_n-vKVHHxEwwj7Klpgg3?QDo6fKUB@51sdIFmSOO*8S(yn+p_G zKsvg{-djQUREz2C?*r|#ZWR|N$;j{vqQSB!F^uq#e zq?(Q+M0zNErvfO!m+eje8x?k;_hVU)8is*&u?qxetAJIS89r=t0O@?UrBoZwB71Zp zU_H5$x9n#N1NEOQffqeRkQw=<^ep-}b$JocJ})G0i)^Cvf5sulhYM~v zl*45A%ZyGUmu#$ylzv1AJ1QY!?}TkYU=a>Vk&szgm=!O+wkr(HENh&@0gWN`Qc&t>DF#Nu9uJ>l7dLn42J zd9Uu5#*SY8^YS#%GAWfuI^`jUL-^~4jLmmdPn1WN=Bjs1D{H()ZYFMB=9=?J*bylI z;Rjc4T%t>AB9X!(U?%mnQ?j~MWJMK&Mtagt$1i6pXbz<>;GJYDggi5zcHp@S1dgqP zH;Q`qj6vv0Hy_O@;OE0l3GEk5Gcw6nK{rG)03fj@MjTXj%x4!veF28 zQz3*KcKK27S%3|K)M29ORoC{k`Xj zC0%gMu3SS}TQT0TC4v*a@YJ$4?@A!9hFJb0hmi`=dI&`s$deW+|P$5vT-d*FtUg{179>4?t1>z772-U-nOW&1;sx}^;Q39@l5F(BQvX?&On=4 zv}I2h{!$;QZ?cv3>_GAD{I?hwNTA%xIx^4&_UU*RFoIyyG}XE4x>4C%?c5PeI%%*h zTD=0@{BO2nr8A1c{MTjz+~(BDOK6(TfnbNhcXeyaxpFD#>&J`?9!2Z5sPgH(&A5>d z-%<|;ENxWQc=6D`%-OF@?oOHg*nK9QnW~x zM3zMT05)-K ztt$IAB|TqDtq|x0hvxEQ&y+TP$!F{e4ULHJzwfUn+N_x<6Gj0zhT9Gp{g8UH1u+?= znmm3V^<^N`SD+Yjg@aq0FwL{gj!5TvtY_UfU7AgEBIjV`0(7)1iMAZ9!x4!HEPm2% z;#yww<`)0Cm2hHmW~DHMxtr}wQ0Yh@FybSx_>#zMoOS-=5+j26mvo`=1|{kMSP^i) z5VJ@aZ@`g8*#p>+qh1G>V-7*)b9ks``YEG2s&Uwr~#-E zte%X6MUBrw?+kQn8s#ARf`hI4j1BKaQ35CP->jBT7s@An_}`>?Q6*GS62nNoMcHuS z$M`sn*g~K06#TBEyK~8e_&(e*7^Fb>s_ZY)E zf%ns!EjWjb*yRMQ%L`b?$LN5WA(3%N6!0Hye->ccq$jrZ6G>T=ppr3@Dy%*^eP(?p z`FSaI& zMFV#!he#7A3hZJIY}eZX1e^Z4LWD;ftuvS{NkV)ea%^i5wx5T~Hi`4blfZ8w>g)n`dDlG>RuG)~f<6b?0Nbk}033UPKG z0+fIzz~R?jUA%AJV^#?d+HGLsen)8XF_tjKK5@y=R~H7?XweFGFkCYIXbz^2Jlwz% zOrI&#?C!xY{iH^*u<;Buxs{sWy*rGG>T$S3V~bigKc>$W>{|a@>!GrqO!BHRweMa0 zdJ>yZeK=VaANM>{>W=VL8(s}nPhAMu`OV74UDe-$XeRtLk1R=k+_9$T-V8)9a=~Lt z6fV89vAMSEv^&u@;VCRAUm;jok(_FL^F5XxE+gh~%HfbYF6gz^qKW*KlgnP@&*?FX zRiAvJANd~9tRKu}Ct(ob3icgwruDKG{-hDCpaduI#HMkN$y$gOyv5YLL7<5AJiur- z=>HH0`mn-h&uT6b0WdfkR%(M8PcnB`fqFOR0JV1&4lkCEG>cQR+#4cMt2rgw6(Q@jmr}Mwo?OZ6_&l|lQ9kbL!j=r)Vl>a`* zKzC6b!80~D(X^fs1y)dyC#pW!)mO;`O7~2F0(>d{i)tIB26XtNmd6ofFA`1BQEbh65f-0Q7oo(pn;>r_qh;qg9y^LbSOJx zdNoi7Ah`+U&HH*Mrx{&02B{gcPw^p@{fA*br0EizbzhDtmL z=&pJRJIB@0l<>laigWJHdm`9I-QJjYAzLB8+$3O@tt{}nya=&n^}NOU`X|L-=k<hb*Zxzc*d4g}{I~aje4FAdVpM?h5!&;_^W#1Y(4q91{yPsSIL>f(lN3?#c|eT@Oy$!Hzb8&e ziE=kUJDRKM5V(Pkv^q!Q<4(2IF#!aB$3vyEfEp_OsE_@KH_8k6kgY7Hhabw2J?lG) zLu3MXdc(5l!4ze+4HblAi)mL&=7%00ri~@o{v>CRxd~1iMdP$2&E2T)cHVDO3nTKw zT5RRLQ|S`?^nbMhD(m6KH~4qwuktY z%oVY7+}MX7Lu_qJnwrRN^5=qPT~8IH>?!f&JiYpFAfS^RJ_pd2wBn;-#KY(ZTgtS$ zWpDjP{NLCa0O$Vny;~=gm2c)(_mVM*D(27Td>46`rVZkf%R;;w>^|2fX+B5~3NuO{4vVJkvtHHQ!oyYI+q<{Jc0G6edke^rC&6=Z5LD zA$D6fx4Ijb3g#&3yd0cYV=KgZi|K-(Sa7X^|>%t0*gc(Bui(< zX}p2Zsck+4d}_;*fXfZ($bM&(>LmI$@_;Rn6lNPrM~i0hb+W*rjN(>@0?;B|WlQMd zug~-30M`&9wn)MoC|eRh3*xPA`;Xmfi1Ek2@1dt=7>6>b4f$mOZIs9Qdz8btWrcbV zbhSHo>)##l4NGNkX9t|kd8$6QU~_tQbKf~1+0R`QPw(0`#Un>w?a|%0^*z1x^E;9j z%S7+f4}CX;fjQQ~wk(15K;u!MJVb}xcC~**miIrG(+3a!1HD6}tu192o#04St-{NT zkfDaeki9H-_Pe^i<8*cziSaSt24Atcz~r?~r&$a;!ovERWe^QW85J_xFgcn#o7CUx z1QZ*)x@18Q+%(Hk?B&fb?@GG|bE~trm-u) zk<(6M9l!B_R%ek~O$KfzKOtQjcJn6Woo}XDBDQAIzotbZ-v|tEx?5GeGsiG@J|BDT zc+wJ95xj5`DK1V$wV$p070;0UD7^{i(lr%^uAx|g?tDDwNjFAi$n79r~C0rU1ZCW z`ccWFR81XtxUXfK8}HBtck|Usu!dkM$e;G0rpmS~Sx@S*DXR#lVUDd-5lA2pjB#%h zO4?s6;J7?9H<%!f$cgIvwCegMfyCp{-66B;>WpJQ_A;mauJl+eI_8aDjcl%~WB;e) z&=tteq|*&De@$I z$Fx0rn?cC3@qU>D{o{TtOF*L!_{o>9T6Y@K2!i+BVKVV|f`)=0g!{~oDvmh&Wj~Bs zWc?r3_s@{ftGzBbM3v)UEvP?;%8;-vF#E2!!nFV?{uES>De$l@T<(})F?)`>H@FM+ z%9{EtC0aFo@X<*z%JOo0j?A>?78?ApTtQAk0Q4rlwR@=B6VOd~m4IU-)Gt|Px7P<} z!@DeA89}}?KmWpmC;xi$uIN3F%X?)ZLau4OwAI&B%ZFUixpoWHvi=c)E*_{8CdKx^Xwz2@0z>0sOgot#L&MBtUk9yW&e=6f*h}T zM7~$oZ2ZQfutwsFY+Xj{yl-Y}2hDlKHvl-b2QRMEBxozH39d}ZJS=?GV;N)deB?_r zIef*%o!=||u@b#h4Dq{8g1yO5_wDI#0Rn_HORD+XF3-pw{42!RY=n;hT>cOwtkgsC z9lGxgMXHx2TV79U<(xk+|FXf8Hr$tM^7q9T)0_v2ha)VnDOOcyXU6d9D+~t!9wu;; z77%HL$9u+NaHRm0-(%HAtXCfB92}T>D(@rIm`Qs_^nKiqHGl&fwx+u9iS_lsCdPrxA?ZU3Ldb)x=K?3udieEoOd7HHJu;-!HoeaQ z`{|b~Bb!bZt8E1IA8I#)^T;KlsFk-i0}hmE*%#;$Ko!iVh?1KfxXg%)hp*8sF-=Y2 z4C_wxPJu2br&_RiU`77jkZ+-jSMlf0t&)k8wDm9HzoI%$0cUwDDGR@y*VlC@9yue- z4%;m;1+E`D|ZL7ePJ8JBf>*%^~fxeY7+^^8HrCV9rViT5esLK{9dgm(c98eaG2+=(f$~fDwI8DXH63? z`3N}{l7O_!3w4_)AXn_BzgL_#6B}5C&K;!NqT_aT3+&h^^UE=6p2I9z+gwL4f&Idk zI8k@5ZuTXnu#R-VH|fp}2sC$+mlQ=>Y`T*!R} zz-+5C%PdS%fvs6T(RM?S-c^S|l2)GV}Z-(Ge9-v)hZ0 zClc1m1SSDT{L_wxn^8$EO4;=4zJo_l@gSVc%xsgxgf`7GnU*@ZH?5?s!pp2do4OHn zyp<~mh~HN7md<}5S&~n{J&Fw1JqU&kA)+E`|HPTPeXNhm3RnYf2S`=!a2>{<#%=?U zos7IVq$&1&-On#ve0nL~R_C>gyVoMWULPRQSVET%R2^CHY`)A1&wJ|;vG*-HSiL{v zFF1avi?4DbqYI^2IW-Qpl~a5>xp#@#LbNgKM=-s9{~n|xlYL2&my_iY8o0Ovg^o{KE3MW|J4ZXTPr=*zkID7UM6Epuy6&Nc zRQ_&d7@L`mPtNOrKEvb7MTi4J!U; zMyr9spoXu;OAEZGzRAM<7*k_T=}O6Mk8iR6`tE`Ji|%Oax4FGdMCEnz`7yz;w5FmEU|0+@nb{An2Uqa`bVz6rDhuz zh%Z)@@(a4NBg3N^Mf7yJ+`k?%XP%?0X@6pZKHaYqFsQ$8vQ&qlYoJl69=r8)a(*jC zC6cqpo~9?YM*u4rH9d`EO(_hp3k~o|+mR}8WT)UXB`fQDby;+WI z?C=gS3g#N_p>>XZ@9Rjq&JU4{UpPm@{<@N3-S$L8DB=5|q}Sum;M}h82=hnF4Z+R( zH&*P7L(g8DNUwX)PYV+oS=1Wl>)%ThU`uuohf*LSnm)lTvxPa#!5cIJhRCde3Hs}( zbJfxY<`uhr75W+hyac)4Tc!V8H5E*KQHCA@pq|Ib!&ubl(8%ST`O84$v#G|&wEUXZ z`)VkeFl?>DFSa;#BKo8a(*cJM+S-^Q~NvL>izs95Yw&E6P z*g0qNS*$V;Kn?B_Wu|BWiDrl}&cM9@r!bCWNP zCfXzFC6(_()8|{5Le%nmw>@p--tw2X@uP-O!`GDOvz!i&T~mmgcS&EQ`Tkr^Vq!XK z%+m}w>cy~|58f*I`*l{Y6ChU2s2MwSr?2z5l{SBTjhAI3kY{5);{}$K2r>(~oyc1q zKJ0#62{sx!vQCq*e=9+!Ib$=B-B~Odyn6SFWjk1emQ5p z&OEX+kRJMPuZlrwgz~?f8U+@Y@m5@--qYaoHZd(r=jBsOz8VCDJ#9GL#*A3v8Bw+CFj1I2F+m-|H6qEX@-Zgu{)0!K=%0QmbE| z>Mmoo`IF=C;b7rF^)G#8Om91$=LFp7AZKy{KjA2^h;LDASbM`uwD@mVx896un#fJ- z07n)O72#spVsjn8%bwbwUf{VkPp=ecF7hNMAlWUA#l95^!hSQAqanx{t}h~P1?w9) zzi+!0R2EFqnhSB^xR{I2Z6%G186~&aDyt=T$oB)fP0bTW!5xr8s@6xC#;*I8B%m$0>4C?ak8SKun2ji-_fhPImfw}Kg#P{nm~ zV2I?jcv3ShSE!_c>rjH0Tjqi8-y(}&ZrHJ$-i*CtfCRYjMZP=r&lSVnCvk3@tN6If z;9j!X_RoF&-1?^?DbEq4FE*{Jp(3r-S0%w0vGoI`W`r?jFO$`_AM-EDx|4i+$%dYP z$Z$ksGA2|8wp(~YUr4IbPOI*G49fZT;E;du04451zwI5{+=+60Ko?u@s;G}GHp{Dm zHwJ93vr_%ZkJI!-37 z5OtPZRxLR;Dj=ED&vFx`w!o`=%jvslM9Hu5apFVr5_VXhcG3uImjGRkBU{6MK2jw8 ze?dDk)#v$L1)p+28ANsU^UAASIs9uMgR=8oqA_Qc@2s)%_+q!9Iht_J>wmt`xD763 zF<8H-KR875i%zm7y6c_F2U&%G|L+l<((H;-VY+ZMX5kE%%1l`^2Mz1qYc!6>z)7y+ zNtZjAOG{(l)rlGL6XxR}O`!B{aISqY#cyEKuq<$AJ>9t34JUJX<2YjEcXxuLXB8L! z^FikneA_Fyq2*<-1aSuc~a$!;66^i_WOPjMFKyNJD3nk@C3WyX`A-QGq?0m_kw z_>~mCO3Qx@ZwD3Z$2!*-N-JfP!IVi}@K2H`!ckOi5<%gGf=et|^c$ck`Y?Z(TvtvB zy(0Tdvzj|yL7lv&w)&wTs2;uyi}1Wgc7E$qv&%#8+8a?^>hU2KqTMta;0GHIyp@Vk z$AlG~ag;@?ch$O9RAQ|U)NPhiF^`~#!HA<*_hqoP8aJ%_8ob3^SrdJy;RY?|U#VfV z^oHVyM1?N}4y6-K$9_Sn*04Qng2%}!QMxd?I62=f;I}iWBZ}zb#-EtAyQiJJ+3tIA zeuY8WIzGc(D`5vgd88~3`?!)d1#&hsE_)3+CRc`^<>wFW#v@77|0 zJl;wh!%u&8cD~e0T2l-*5lqXl(_WBt(c+J-kzJ+_JgX2_60*n<@nq}D{HuJP`|YUG zam>gTc%B}i6NOvhk779Ix4SvJnerErs$~zmRL4&Oi{go=F&-xZxG&{ULod5ItF8~0 zIbsNp9Pf4cpz_}tV??qO0@~9f1GI=WtW3CD1!(E66cWw7DX`696CmpzzfDyzM9_J! zT6ce9WA9dfeO|x3H9T6Vp{%Y9Z=zfxSzPE}Rfqxp1)PeqGpHXf>nC`m1u9E1&d>cG zV((cb%Q<_Gq4I56SQF)c5LpRTP5Fqjq7bYpTsd6;nTlxhFK$MnK0Ayh2wPon0JRFBzV0W)N)zVJ`L+^6kMU-=Pj6bIla-D|1vr#d1k4Sb9U?s z&_&2rSPC}wW<&>P^9xoEC8WOnco;&;;q9{%X%+m&^i#bj2aWA{aWxLE@Q7O{uRIaH zFew54(+Lylj?C8ZpFH{x*bNS7;E~|+cnN%|@)&kKlyrIbWy_$pNNYeGc3?uwRX~Tw zjbBG&^DX~Ck}iqWAU=5NJ^M2GANuKkmP5ZG221BHQtlaW;1fl7MW_XJ2f_ObA{cPfClG~`37xS zj-G1^WvQ6THcCIDC?OBl#o_hO`XsdKmifSGy~_?b6W6~d*r`WW-aM;d;0iXKIK{gi zm(-uAig0L=U(rRYS--2O>|Kmdxs4fUPE|thd?-cZ`{iGrYn!M3u~+9%yq9dx{vCBB z(#Y~ey^^~0aW7zqbsWr;AN{_qQr*7ynv_d6>dn0AJ=e?;wY|FXg+6>=V2NZy6kQ5q ztxe~=B1*3Wh7V_^xh91VB1d$+Aoym34zgt&!$S2AJv>F&UmAUeP+`6uQGVzJOIbrP z7i#aI)pl*C$fXlAdhkB)N9@sg*X!ghEn{AwMP0FP@A}%xdPk^PMe0yatQAZta(*apGkN;`uX3O91>lq=}*Lp{^wmr@} zhrv6l8MHXA^1?Ue{_omV$llC%zSV<=_M$_7V}TWM#Kq*T0o(0Boa`cK0WPO|$Xp=+ zb0U%#>YQ)>MK!nyZ{C0{z?(l7zs zbWwfw=yAMID9uV`ZBXj-laOcwm*?{YWAxkcnRz_s7mxhl*>q>Wp_4W5;TTLYB2}_`HL27udw15d;8^_Y>W?i7G+$S1#o#BcU zT!~5~@o8JRCtjM5J(78onzPlaM--F5cMGccC(XPmlAw75PljuffhX$Z$cq#9S{NBu zYH^&Hlz9H5yoD$`Sf{DpFDC2}rg@_e*eP9JSJFyh<@o4Im>pZ^Hl;kz8}X_X>*m}X zv<=bA$iQeS+fw16rY5JgrSfJ8T}oZ8&FZ4!`E2c;U&e+h3pLla4pTi4TB;|Ue1I|8+8JBEz}l4TPpeyU{a3$ zW=zYcqq4fTuqpNeL;3y?oc=YAq$n2s0|Z&zpm2YziRlLNbW52qHdqne8?6PcIl+N`srkrINmrV z%lYsT!eMpL72VCk_+pl zpCv*Gm72Y<8;OiV>^qV-l_ph`nl*g%)u_}mrJBVe6|R;!9mVS|9!=XXo4y_Lc->yMN@YEUVtZz4gZ;@+^0y%_7J2 zEkm~QCfCeW(_5hsH}S2Q6O+O8u^0{MI?NqU(TRd>*X#@u@sXBE128$Qg-3*yWfke!0R3Ttw*R+6_pbRSJroie zpBNKbv=@|9%4}^Da2t0YT5sN1a${=~f!={^^bV1E*qZV_%JbpFBLYc%W#1wG)h}N_ zlX33JMZkkAxQxfI4a8?urH!6hXB)Iy8dJH@%LRZ30v=mJnGj$J;$r{$vKa8?xkNbL zJyqh_^8140$~9ie3V0gA=)zywf&yr4Zf+DdkN*I7aBD%{RozZ_f1MuA&_&cM{+J+b z8JFG3dwAm}kEoG!o!L9K&+0?VOwf4hwjn;whJE~r&M{5jdxp~MfY4R`16qKFP~kK7 z74)_QXq(~w4YO0IO=mXmrUF<{+P;3tvcwIqrOB9Jj}Tqr{A5Wp{+%x9P(>s@{IfV3 ziyiK!Xs)P1*K9RobxM1T33H7t>pviOhxsOuj<768AqwfPglPg`URYXkVi0 zCC%qca^d_1g8Am1*%2*Vc%T%Q_4&Wy3OmNeeTgT9oK@jl!%k!=>WYUohfps#?rd5OKc7yv3)gto_!h#28}BHFBn%#b(Mv8N>xNxtH}fO?NNNf)XMt$G zxZ!B3AXAoc=@R_J?sMAsgj5_8nD02TfTMD!w(?`k=Q($N7 z%G{GPgsZNcKHieMKNu+eGV zolan=59)>>&pYa2Y)FZefzztYjY|K16NCf1wT$=kcJS7-hypy=)>I8?4j(rl<^gA+n+kb)ZUCNnp|L)HCc+?w*YrfRSERIwb6X* zl}ui=Wr;$$EhFvwGW0*gS%AB^95I#rfoCQpum4ZRXy2^gC_uFTk+D9dJQez@zQRY~ zp0h;xzK7nzvcnUt-P0kF>v%2N(9pzuL5r(Gjz4dRuecB^basXM^tj+sFwV`aheT$9 zC!e&NWjsvI?29f%QFh#o#&?DiUWt{v&^+D@guBiafTxf;H7_<&aTmU5a+O`yEpM{8 zRo?cxy0zS1-;t^nh2gfIhjf_7=|{ZmOKnqSD@JddK0$nw2rge8`hEktaIpRoG0KXV zG)0EP zH`lS!FFYqbMj&tCF5%VD^VspUNq~V#11K!&JP(sE5S{>d| zH|%dUXAn2xv7L!`*3mx}s>AFzf?4SJCzSRFvoOW~@I~E0o4#LWhcWkbkrRfqhi1I9 z#;qos!4z?scUe$XU6sLP!nPdEDORjThC5ERj}ayrEr%<0Qaa~6xSEW_(xBQA2(8W2 zXc`ZNJaO$4E)kH*2uih7{Zga=9fQ7DG{BXr-@zf%5(gad-Pp zujjqn?;m5F&DhD>N!CnOGM6juu;~eE=4m$?VHH-ub|)T0YB^BBEFVX}Ut{O7U`fFL z#GVySeZ+qqbAxLlI|OcsVk2wW`0Fh<xqK8%kRC-hSURS! ze57Zxm%rUlxPf|e%~f;PV3o=;BbZ$k(MNo|16L-hH`FhW0zCc>=YwG4Xdk=2M#2%5 z&TM`}y8!JqNR+?~(sblEjRYQEUS_a=D3+I)xr<9G2K+gUfA?#el2Mvk8whOcYvIN6%eogAPWEb*IW48|-oYNzKVd*awbf9a@KeI~Yuy6TF z<)&ExGTQTwTAQXXe)hUXCdOl%HQ_$Bh@{cKBpVimS;^hC22Z zzHr>5?03Jeb-xBV&Axqi4suU+I{IV|lg^>^;VUyO^+X~!w6B9l>KVi;MHvpy=0-Kf zm)P=&3*Ivng8Gf3A6Qd0yHF*$=tWUdUISAhmY<~5{I`l6D*eUj|9=fJq$2d3;sCY9 z=Rb&!C8`K|_vN6MqFCzQ%s*|(Z77*`>emFe-XO$>SjkgYyM>e{F#dT7+D$L*Lv5NH z+lvS~g7oI$05*W@;pcr`Q3Fn;&Tpqp?U9mv*W#etiO()EcE;YCx9u5fx20B~R=8bP zyTtY4-pi{%V+JVL6MSg1i5^yXKtvEN*q0=8Q?vJGMPXhC8#KxK=jVSWh=?ZWxliSL z`^N;Mip7N(WdN z(y3^(`F97OPY;{YvRs#Bb1#+m$;8S+o!9N4j0f@{umkDpf|Lrgm<#8@_o+5kZjO#Veuq?0A3uQKPymkViZOSset+Lif7^X>npGJw9mfZ&ac#nnZYUVzEocYV}Gk z**2r?-+A^InboT;g;-m<1_`%R;qu`J^aLG{6fk(%Th|w_-_!Muv^1#< zXXvawg)m0&uV%Syo4EX3EtYEH;oLk`Az1+(U`~Xv{Eqbdyx+YFMS>FY(USjyq$Rlq zX&nxK`P(<)=KbD}PX7zs#Tx(@G|VcO6jDnGi*cs1{XyLop(qQryMhcK|NoUi>v>*1 zJE!H*<;XmbQEl_v=0Ci7bx8(zy@r9xp`b2?|5pyxi0<&3@+V#^Oh8pJSydf!{J*5~ zTK`Y}o>Jilx39VcuM$R5aKuH%RQGK`&WPu;mAl405bTe!`EQeRf+ktvk`ieGNmIas zO7dk^q5?um=>u5c6Fer1E2oQnN=M@6T-atky}f$P3f6o4q1A6L;Be>ZJO)5V__$#I z`<#I@W2C^aLi4gzyI~4_R}7TL{@Igg-TZ+_$uUg20=G-HFe;(cqVqKZ$1s6YAcEhU zx5d7ky`_!gJ~YFqAiyk^nWZ`MCtot7jQj=BAS3Z!t?lWBX zKPTgT?8$j*BTH*0Hz$IF62njiuB^5`RtRhCDpPskn8UUD3g7)*jkT9n2&Xdw^543% zDd=~gGi#{vOw;L9P)2VuSvp~tW8 zG!!?95BG(v!|3lgkh6DcnOnHRaiAhPhRpErV^qQKfjmcdnSZ3ke4T~WYKOm%{^A=$v~o(T6e`SlXrpzxQ8wHGu9u|My=+s~{Lt zrLxm;jjp03z%KSeNRilz_9$F~+^Qh{?lpEnLREgA@qX`BKnodk1*fL4_Vy}k5y+G; z^<_v@P1@P=SSb>@v7)n|@@wuyqy8IrlvNxQ}^_U}l&e9p%DvGG) z7Kn>t1Q}-lxMRaY8S>k0EdTemEyp1X%pZ*uF0g%Hnhx-xDpP6S6Ey=KZfV!}HJ_#g znC>{}*(*J0jTy>m*w3~W+O*-*)OB8JWeM#m)>WAva!ekpQ9t^Z4U(JeJoH{|NB>U6 zT`n+yb=J=OG}xEo^)Ku&LQ|~sNy&7S04&C@4g|CC@psrS-xQofc>3Fpmffk+7v*58 z!UTO7=7CK8xYi+ao?-upz_jHuvc3KVmW)A*cfb0W2d<~TNHp3Cn|oq0^y7WNV-R4N zqM-`~^E))xTU@!iWyols{dTk3oXdHyz$cg@UOK$o%4vJ1R-&5S@@RTx#(8!|1GoV^ zNHVkycw39k{>gzhQ~CDG=Jr07ax3pm?sY$v z;!qzW&55ZuqP}u9^D%OX7F>N`XB*z|p-VJtksME(c23woqjLEmhwLCuXf8GX9TDpY z=8Lo|>H$ec(vw#QxEv0!*FK?#bSCgkN&cLdv7tCgX3_}Ua8z_?O8e~u)_jm|Bo^_3 zm?daLAfr5HH`D%B0;0&epiR)(gcx)=k8}G}z4U zu*JH5>>E_Ui8AHE$6i|=XG1d-kq1w??4huXRyPsI|7TX9`4hWXArXJicoLjHb`^U? zg`aIfrt|jtkkPmx$-pC6g#7yY-Ght$;EABdeGo5WWuiE!?wv$^OV3OO5U!t zpR&o#%TJp+rsMFC`K}ASFSBjozc%z0+;lp*^ugx(gd0@{pIz^%1GN6=k#;D8Pn$F( z6nOLV0NVsd2!1d4C;Dl!Ox5|2gM$`pK`P^K>GT_D82=nn8V(KPR53L9k3&k2k{Sxl z4u03$&^&71<}Axn;InN85&JHiHDztW& z6!Q^^0Aqv35Q2^mKAWPTz`Yj<_>Dkow~S>^kFizS#v~Mq+UzC+_Sfakk%eTwdBz(; zfR^S8`A@M2x#Y=~kHW60-VvX^{DssPJX_`f5!EXunROUMma8H8DK;wga9NXK&elStc zUgJXS`bE2_ay-=L=bR@B$@bIvIfDF5;M)^9Wef*lB>z+NTL!yCrOddzdsMd8>Yi}o zN|x~{f3NQAaW$6BtVS59Y8ts%zLR`mhr}?{RzQN+Q`1v*YQ`VZE=XD+`L^3yAx_s5 zioa^lN0}%NC^frr!u(S>RfsdtGydnNKMJRU6wYT;v41z=isEvXKVB6bdkEiEzfQLA zINE01)PD^drOX$-u=1T&c@pv9lYUJUbgS%)ua^s=OMYqxaQngaD_f^@XIJgTQlH!h zLiz2Fmk;=qSCPdEF(A%KB-cDU@mK&in7iQx*Z)=EBMTju*cf~H4!`v+6HKGU2jSN> z_bfH)a9<9(D|5H-&$_8?rm^PB=aQ@C!hZPTun=RUHrbkyxK;1-Rth&i!ThzBwL*8H za9`JWLnM$E7v?3>h1cdKCjBfQeXm=XBQMt~@H;|dE{o4js{L94PtE=_vP#2Z)lwY# zYKux5zN}8y@seh;oPEUu845`mcE+LcK_c@~^LNrLbPXB8ywiDa6L1jPu9`0z#X}yP zd{KX^yfSLp`|Y_R6QJ;5Qlsp9W)YWx^K(GP<%_hLN17_%tqeO4kJ+gz^cWu=>wfI0 z$tTbYfFUb2a1ZU&J!oeR3Y%pI0~V|jz5xRGZH3wsrV<_rvc@3)wZEEmn?V0s=8?*7 z1mPpl{PHjD+0nDtdV31V>b89LUtbS|NKMxUc1=ouHj>j<=l{%&h;J{D4j{qHC^z{~ zbT!#CS#RBh0wJdhfC{7qZ?A54M}Ubhn~V+HI5v3WW)#`nR&#wH0iKPIaaaXLHr>Dm zx6Y?$sKQw=-pEqk9yugDe}KO9_wfC|nF|ODQQZ^FYSUZ^s}ftG23567y=w>(ULZg* z@I-)XJ%Mg1ejxB&!RTczOCG1gOX@le#Cnw5X}y%u20ii@9RSekpHiDxULtdWYmh#K{-%aE7>5Utr(CA`WG2EtRaFbad8WIm^$q*f(L_wOnIs z)7BBY>UfiC#vFf*P?YU6ke?DU6mE>r-ML{%5C;OupZZy-U8Ge@DQNP75 zgrx>P;Q=dnX_rd$ga--i#y zz(IaL!zv(N-0mR*_1ii<*1nr{j0eWhOO(0@sPsW}f=3(K6@?Ja%LSE-iEbdk?QZURMvSe6`BYtqP*K#j9D7Ra%!0w_WK5pT#zo7rVr;yb6 zPB>K6@^RTM=WVj2;iy$}e0pvnznujtJ5TwMYQ8gH`rHl8WDBV28n%a8OaAj@%|>xo zNQm_SuN%!f|3X%A0^Z$CO!|M4>O+WvBn?#qNs7wOCc6AZ&%a_2Ke+@_fIo105Ec~( zu;>X8)_J{~!IfE2M}i;}epoh__1mGkYPFo{0}TMI0Go@Qs!<9i+HM)bf>Kbf%z2wcezJDYU0erF< zKeY@yd==9qAF4dPzF?zpM8cb5N9kfxVD=E+im6wk5(tK8CzFG&YPjF&>5k*u$rHap z-f0`_J$i>gF1zn(0xR5JqHhL@pzF%;NT9A$FI1GkJ#x(=+33Kf@7oHvV?>FCN0H`- zfS}2sH|V#2Q*7&`-*VOzA%y?bp81sb4;XGhoEuKAp66`><0C@WJdy~*^bEzj!|ezo z>})Z9#K;5fp2`k7)GwK5IzHf^c;F9I$%+53F9+QBYvh+$%_0cLoiCWxvEPy&IXC)1 zcaK1#2;1av{zp0h{71REOE*&-^-28xE~Z++*whYDRhK&WOQZzbniYje9wiUaFS=H_kFJ0)`>BZMgB3sjw_>P~xcD+A23kZn%r)UP z9iZr)3}(K5lA0qnm0yZvoHE#dJn4Gbf=pbkB4Eix1*ew1S29r=E;}Hm76?Y-J7_Au zf6Opmz6|$%q~G;HlI|g5CdnNj7T5$7@}{j2-#>kopr*ZtyHzyF$@1ZFvqP1;tog#v zw37AC;Z4wNs+O-|C+qho01fu*>trJgq@2I_yvP zJwE1hWgLh)LuuQiW~8lksa!wIzETX0qV0m3nN1=QY+{s!pis6#KEk5FTk%lX?EK+s zu|r|x5RcdX#~QR}hOp=My-C#Aba>SMa3?>1ugFXkNq3x5eUR~I-0#gJ`8XhZ7FddQ z0=6R_hUx`vN_ATfblrm6h$mzaYotp*GD{(XTDqJ$r4T_BI&-RZ`oq)jI0q>UW*dI5 zELULkFpUyfc-loWHaf>+{d;eN4Sa*oceBr+_gZ-$)@9~5_<)QjKbP`Q=iI?~D|7K4 zGDK%|aqyGFN!?{PFdW`Sq7dZzr{f=o3t`4Mc69K)AU>=;9A2L?X=Pe3s!UMTGeoqm zple<kKAA|K08S>d7`fp!pbkkio`qyTqB z5VRG$ta+UF+)gdE%8J-WM|0VGb932D<`rNpJBYdhc-v!@=4w4Y#9t_P%rc`Y$6WOM zH{HaC6bcSfyN8NNaQxyOr(KX=5&y+869pYUgpu&MQ*Tf92co|YbIugGVG#Kars!BE zB`5_JrpPLv>26)$_{6sg?Tx=>I%s2CJZW*11l$2*-l?S)tMiPJ9{gvV&D1`iEi;9N zEU*k&75$LCX=-i+5gou~bFOeBvb%F0R+wAvrps+R@>XCvIBeZr_D}n-S5&r zh3twR!6(|08%hD(5GN89DN0OZ31)CfKV=XddKcFIFBiD2J@mT6_xnE|#A}52zPqRK zXX9%$vkQ9M1kqQ(C9%pmE@R)jJ!_1?%=3w{ccztY@w0oekwll>8&*1xV7L2eoIVZI zRo0oN^<7N`BDsEn^mXZL!6~)Fh_7Q_WsV;IjX%ArKCO9DEU#PrCUzrn{c<~>1k)9K zm;B|{ShL@RlzbW~?{uW(^nAYMaGlCH#z!HpzOU6vywuD;&RrnlGMgyW{sAk zer3&i<~26d5YY9lUeVGrH`;4Ge5J$frco*i@Z1-#qQSJ7tFnR;rk?R5Bi>Msi~ze4 z8s*NrwDbhP4HkKcQi2SKaSy2iLjSt27?b>m?#OomCC4(0aO|iEH|OPehH>TWE8e^d zUUY=-Fz+%JAGddduhljHpIN!WJ)Qd=oEN`2ZiA>YrTt&>c-9m{0LqC%Bzv3@zgPmp4E#?jCI~}w!ImR?i7zaX z!L|d5*xi#Ek@p|sbNl|6gWh}wlZ<56!fVn zmci`Qr)y4BlRwf5nJjNd0x>(XqY1n<2wRip&Z>UQA*qX4s5=QcbA>=>b7r? zy!v(+XEt$Z=UJ*zJm|FkW>_l6#$9FamMb&bug}`)VzsLxai9R{4k*&34GsDD_0w(h9%^7BH}LEcZ&uTNBeC znp!y)+y~h!8}v|KtHJASi2yOfeeO2C*PHX&1hO!6&t^JAWqu)ywaR24^=Bc3%JzbJ z=dX6MPv8(aht04ZMqq?V zRAlx3LX5zdUlZu{jo)upeM6DjOIOvjMK*0`OTYQAp~-O$VQ$$Rz)iIdfVt2agi&mS z5K1a=#=1Zg={VqwWTmFC)i^A(pTkY~zY9A|>8sY36b;+||` zQmL3$u9rn_&nGKYz2Wc*n!pGb%TIAeVnHl(IO7_Y2>n{FOL7~11e1OmxnibGy|#_W zTg|BiA_dmpFUiP2+-{Sb;h@fb0EFSKzgyXG&9YWsMUNE`pASFw4vUh zWS|cDdr-b{F`j3UcXOH4wIjfKS!mCMRo{Um$~?8PZl%cnSnHUzDvbY zJf!%K(nb3}RZ6vnoJ;2vP zB}8m()YKf2L)xm^eLR^nq!_ZoER1DKmzu*=sabXT>G9z{4}Vz!Ypx-fP?VxNePQ~5 zbsF&tS3=n)pu+suFRB!MrRE~h6aMrrMvMnYsns*LxP1N9+08`FedgVeq?N5-y)x6! zFo_&@}Nu_%Q@Ds9HLzePQ-KlJsXnetz=%y0cfB z(AEsc5hMD7d7a=S(ySNF4u3YDnle?011SgWtlC!3aI@(ya^eBgLiR^Zp zI|Hwm9sY|lWp#d|toS^syf}NaozefV)sg^Q6C`fUA91%+5Nmk7X#=f4iN`Si)H|M% zTg@nDQ(3Y1V&5WJ^w-zR$0~GJ05xh_IVcR{r2? z#sDTY*V_+6?WeVrM>kACt^i?fCL5NQ)DlP*Owr>sdiR;5qh~BmbumMAP`OZX_STGa zug^{7SusU3f*+vF^4Z7ZFt)eQ8kJV=VgK4AD`U;@d9iBl*lrv>LFfyPS$^mub$b4V z@D^Qh_e{#_it)yF{q7F_Dw0#G)ed2@*ms;^I_eaMX_vbPH&=6JQha?XPI^)IFk85r_TUZ?F*6NWb{Nu$i8W2meZ<) z9-#<(8Ji=Xvq=8CBp9t?tGxn0?oeYKi#bhp^c-gPeG3N))U zYXWxWmwmFk7}L+0cKPdH0^r6VW@y0kh8x6Rvf%D3vS>RBkGRF!E6u!ZlRvA`g% z5>-hA-f*(a8brB3tKjux5n(qT*>a^Ip4Fz74j(vWVICVq!Rw&DAfYOaU!Y@d{m9bZ zJ3QLO60Xt7&1@f!k?`1rxiuw7tGZI)=KxxW_&6MyjOFxJZtsj`G8|v9h>_OR@ZlSj zNHaD@dioXLC7;OooxHILj|_8zWZ~yM+)BE3Y9Gy^(p18p@09Dj4V|sX0*rkHdbId!^E$|I_wRlIQgL zdioEOmirF8IqZW^1S>(bna^n?Q+o0Ot6mpyu%mr1R*I0ON0&Rbm3_e`+sc06R|Z%> z>Y^F=+KbZ8&5~lziUAT+!t-O)F8rsc7T|l(J;(lpJY|-((Dk<_jVGt`8K~=9Fiw1Ia+4L{;c?G(-LE5r-Hf-=svks%2BQ*?H5E8$3pS-mdYg4CS_(tX3FO@e4S!Zl%DVOS6qyR8(0u{p;43nIi9coCf%P?7lv?T9buu zi00cYTo)0)^=5)Sc?ji*mg)tBJ^^ZKW7FDw!lH=!at|`k&BW7P2_v8>b1GpOe0Md& zguM5guZ?&8^I7IC%C7IXmpQ;Nzb%bE>?l2cy<|5iMj?ETlnCKpTtf?@7OmQMy8W=e z6hJB`5mD7n9YG3mmQm4%w=9jcd^^=^ ze=`jmx%@+kFzLS_F?^k~(XfXK-a+eMt45yyr03$FHg&HbZ>`EF z<_}<98#b9NA7g(KCc^M6(+oa@H9l_2@+*EDc%<7`4wVn$crwG5b9HO9(2A#Di-j9$ za&QIiYSL{gZLiwjkHTu-U4`GL%Kj{@&2cKjE(AbxEU=$mlp}2UX9!((XW4gxNTbd# zx4v9P70vwK1EeniJyZtSOg_wIvQO(^Jg`~Yr^>I9RrotR0~59{e778rLxo({HVye> zpx8l4SUP(P13M*)n3V-b)Nc70V~P}HWk&X~7CFe)w#*o-AiJF5ul?aUPs$?Y|v8LL*@ybWP%#+OEQiNxlPdDODhF+w(^u3zYC6sUW z3q=8@vUxxpSCbc~JuXgu{c5a-m0A0Iv?{H&gR~$-wppi`m4;%b^Ya?*r(Z{ReY)>b zjzIjc>2T%-ZYa%T|gck3Rv(6!}Ww~tUopSQ0u zihOty5=1g>CA@@!I(z#D^7X8L7q;(R5ST2xp<+bcFq9r{0it7J`RSKQfpd@wt~kIC6K^6+tY_V&7KKBvt8ywix0PhOuq zd`&tw@yp?$2iI;zSq9CkdrYTZVXs(i>#wei@5+YkNw>X=+7%;3jHao}~NGC6aXkbRUF=&9K zD<~31Z{3x2B~;h(x@JbNBQU8s5nFF1yt7kMmvd*+%eixC92IGS(E})LFEsQMu0kZ; zUF>ZNyO66_`c;CF#8ukaSVmQcv60yup-MMPd4w}x>4jsUx9Y}lU~fmcBtV{nc>FRl za|BmL1nGX>-$q<)7uI8LeZ2H9zjC&Q^p@fMHP8#`t?&nMI2ws$M-jGGq_n_8LL~Dr zv*`PNg&v()VU?Ce1iJ+!+*br!(7s@YxjMR%nl|6?j=c66qg^j~WH`o^ZU~UL` z2fL89MhR?vlK5+&TNnu+$gYAg{Y8)q#wpRG#`iIbUrRlU54B44yZBp>oul64{ovG1 zD-Uw0N%AaQx9a{#ZHtC3;PZ68Fr;i6m6iOH@?qjzAZKQhPs%R!NPf@0#(?pUrH_O~ z6g5f3Jtd`$TYT4YY4;k#wi)U)_YSR`fY!?TDgn^wzA!{13U6Y+l(e&9fPY`k>4XQk zQ^S(oAKGGjX=Osmc9P9LdrRHvXzhr&ABLs{57~Q8;AZ~VM zBzMCYSl%+cnZ_Snr=BoR5bHg&*5SXuj&esj!8Tq~dbp%gZ^~zp=4_s`zTM>oC<0X< zpc4W1%>TpRT>n>y$(J{Xg%ucq>Dc3#|5?*MeZ6OXrh_m3IWewRsw zUgD5Mufz@8r}4xA)F-8_?lJjzZ##Uv_YvPXq<|!v8aUPg)2b}AGct`H>a`-0sNKr6 zg{2+f_P{fHHp#?X+Q4Bo_CR6t=z3Mx-jh07;`Of8K^=hB%#ke=*A}mfGN(|BK?}5n zEiRKamGCd-0gx?l3AIjJc{MjLa*D1GRi?&7RJ_c5`&hmarkt3dgsm=^Trkxu63RFMdJIZA%m|8A_G6?hg1R`nzfT;HF(}D@+A(- zTU^oE$|g;6J68sK#xq@yc6UQKA|A^Z`?3Se->5V|H>1y0JW{=`tN zDWy@4h`qcJagTQ^|1orvaq(8BL@vQ=W{xocbn!Gl@qI%NDhchWqlpBhY=SxmI8;TH zk6?-g)W%X*EpX96I_PYM$?qNU2nr274T^sYw z=L@S8%F2iDwa-1mF_|(fv@@WzDF>rE(nkeFf~HcC5|te~I>z*w5A&8Rv4C);k}jmw z^+%trnJYTr&iQaIR$Mb<1!hPL++)OX-4C>`pHJd3>deSZqu2tuh__yl4~3oMa&Cv_ zUC)SP`zbH0W6TizK28xpuzU8*-81bQpI-V%C%+yqZ&UXj>qIZDUbC0ozT!h5$HXCf ztK8Zi-!l)?w33=4$9g?-LH)VDR;emec>wIRmK#&KDAcsnk96=K16Bk6TaYfJNXx%X z8s3BF6lR@)9t8fHQ_5MqzSdC?ri?UlflY_D2owEm@ScQN?}keBg1?>sB+vKt*B(cr zjbP#U$9CbDyRqYa2Y=tZfE%w*8%MKGXB$|jqoka1-15rP+Wz!s z)5`~Jkh4y&f3!9O=(h$tBP{s zRAG@?#*@)lJ34d^)tM?^{-76*Km0jWtm$^76YK5lHsZh(EG>wh-?nRo`3N`C^IqiQ zA_F0b0j^(3kp6q*1w4uE@3`lXo~DL1Ne;$0!}r}zl8meFjtk#C*8{*X@ff*iiUZeMa16q0=dX2?Pw2&I82*7n9`n_y? zULsi?{4`xh*SpY(jk~pqPF+_WA+f}=&tu)|Iwv^)2a*DPlJf+7#+K=poKQ5K#m((h zh`<{gC)!*&ekte**gzS1AK=tXeF0zN(8uNKJ7?V6VfFnll($5mi4)<%k~v(Kz(dM9!nW7CUX_82yI25);_pFzL^v7UawjKobNWwFMETW66=f=+d3=4^A5b55$X}t>PbRVP;}_>- z3#_*->3KWmEZ*x`ZeG-55$IW>UDS7^^!s4J(yv?GPq69&sa~!5 zVG;8aQEv8>4m*U;z=Cn^Ec*f~zM8z0to6Gn*gD|cO)xANHk_V?<;S3YgKd|$(Y#TI z0A>g_=`?D1PDEaQ1L%prPE!4uoZwd~ZKRDZZr;|xp>;G4g1Ns4WIntKS=tz6_U~+h6&S7X`f}E0pg1l$yGwRnHNt}jUk$+lvy$(SofCxk zw3@fA1-z1;^EAL{g9aAiyf%?85Q5{19Q?H&c|<5^Hcm+yv6r-wj@My?grt##k%a}@ zBIeTl9YX99-Q`#^S3!)+c5modMTbaSfVfT0Uu+Cb6Qe!%1x@}+i|D<-immUAf&^k- zOQ*xb#;}XM)E5!tgL3Gwa4z9nMGn1sy``d|M_IF>!CpNU4MoA4R#8s$ zoWqQ(;#pkZBO_}1!>MNn7+p}pXs2<{518@jp3=0$B^Z|MoeP%`_oPcYzpaj&=&i$_PP_nR){IDDDUdSJsq;sV*t`J9>~+ zECY7I6U(A;Jjc-TRxB?z${U3&sPf(u-01WoA2>;k$Ri;={&JIMP{w<+|zNfy==EHX3sC=(@uh;%wQJA>g>=h;yXB6F4xwbI9xrxStv`4y> ztN86;XV`P{=_up%PyilGMw=d`<1%a5$%RHh-80$t>$ka&ml+l);>QguAO24q%JGOr zP7V`{6^*Svltu-AXMB!tO0X1&fk5I=tj+O~X0#KAIJVk(s+ERi1}8_L)c@r|-0y8h zGsEOl=eem*OV_xIK_({YoJB}3)KP~@Ko}@Hye)6!U z=%ncR^78OetPa7R0((A5eZtu%Rg@Ojc0V}XCc9DvMysKJZzE(Cix>F(pR-x^c4Oee z%3DG3hLkPHW#o+T4#+pL!B8VIlNuH$HB~1)^bm#K%msrkxA+JoovW$B)%!jjL6y{_cgyekL$I>C6E_9&BORF!`ML>+;vh=;_ zspDzr{_zgDR1r(9UZb(c4Dd+eF0~5#@qZqox^)4ME}6d&n;J%iV5EPY_z!RzMSC>#vc}9@a#Mb**`N>d3uRK#o{86c3jI3=24z#6 z>D>f!w2=*MSk-`Til@KP?XW4l1~z_maik9474Mqm{+aJI;}lawlj zPI?oMNCJOq{eE`U)Lf=sf%C?FF5_!`fQ=PiOSSfA4tA8)1x}~07{4NH7ZuUZ%d5?` zKGw#K?lTN9rOe)h4^|`3v*Wdobm!py^&xvM1gEcz=q))orH)+IA-E;JB*wyL*Tg{z z!1y+U5W{t3p*O1jT+8FKV``I0o=7h&+aC9}%?R8gC#g}R;diTav>JP{L5dH=9R(94 zv{ET4$<(zhQH&SJ^9CXB$?e(eayh4`_t?kb{)J+D+VJRh39(>{vhk*62q6{7d#ks- z#e9-LtvU9x(LE34ETAjM6QI(jUS0iI)5=Y2jrbwqi9y?(wo8J&tX2t+iAFlLluV%B z&j5i~GZPWl-XA)|fN9_=y?2ykAmk=r-3pIM=x;ctRRtsUjQNH(tC5k=kRMhA(+~KJ zt9QAFT1X&Kk6tX(lS8JD!e|+F&M#Bk1l|cyt6i!vlE4CWzkl0p5qvf|evW#vwRJKf z&Z$+}531~SD!oxxTi4OWEf+#wzbr#N;Bmw;dV3n!jw;N@3?u)pv{j{2CKtD$btYdV zATrjit36t>;<}hs_p{8Xha2$ws%Cs(mt_;b)UkS_ndnZ@>n?P|HDO?Hbl<~D!2MZ0 z>uRe16RisHzdHFXWu%`bS6FXZQNP7AJQvDvmIAWik8hp)r{T7%5T4_46ys%`@ie!= z)bUYFPB8?{%+b6(XRO5YGe)78lQ+UE{>I!7h7&~#}5c!lHMF#;zejl zUX}$qAGGc#25#iOJzv{VZq((s4SOf0f13tC7sVo5rhkiPmCL3((2%AadoCL(GkAC9 z?VVoJbtAjiqL?mHV2KL(qWHsKS@*B^Z$V)Wk7$zZin6KgLoJc$8m&J};mQE1ZbhzI zWaXZZv@xD=mF}PPmPry~*g3yQ%4>UN78Z_xJ)9Ay6%M<{N82Bk&^m{H2ZA3yZ{_@Q zg6mmshH19ELdOt|Sz44d%@icHC4`B|f<27FzjXDcuFRVGD9}uXu8uz(sn{Bo!#}~D zG>sMFXh$|~9?;9hiN3!fkuFSR?~6vJ$ic2@m<&^!LG-o5V1TZw%;~qAOCs5$bC5r& z{XYd9Fv-R>$pCb5kOmG*mv%<$EyrWK@nRt2Y{H{PMx*T&;hkkL&9VHZ&kLvN<7+2+ z8jLs-v{c7KbdvIg&FXhXHe*}%4pj+FC7RvmZMjlzuU7I}S+?Qc_4#q+&=zbP%M=ahi` zT2Y8=)LF4mIPB`BZh19=6KYL?0{D986k*Zpk=ilysmY(+yQfeD$>rUlTV`3lcVHJ4 zqfgY15))#Ow(Nb}QnVa{k?>rd_Xy|m>Zpb1Z&s*Z(8xT}dTT`_9jxMQ6$D}MT>yvwwhKU*UtSX-qf;D5&h4A(|;6Z%{y*3yD5fUQje{j&NirU(9)TT>pBC zYUZy}&Yg`2rnP+D=5B23sJ`{dM+%VerYR*#sMLq6Bo)`_#LK3dz{$0dcIW2YJ*fM^ zi=Te!WCsjS6H`sF2Fna^@R{5f4;{1aj`&uXG7mWV(>bno1z+E_qsY1clSq*^zOYte zI1Ut5ic4DN7=3}O2>+m7Y-xuZ^fEg6titc{F+=Aj+&yNag=I4~F3FRDQ)Y-ZCalR` z_V7;Aw>;1WC~{}#Eu=p<+{i1P4s~+2o0{#GR1YH30e8Nj&0Qj`S}+6{-0# zu3c%0+jnvi;*iw0DJ541Pk2>3Z3{OK0ZJbU@cG&KF7HjnS*6C{HRZQPFSTxU>uP?` zIf2+e^X$IXP>5z~{Rq9IuGehD+}FJ2ODMed2{LrGe3sL8X#{OKXLW|I#y#Af{f zk{BYE$y=C7-Jck0>1mCtw-=F6tT#scLrJ}v$ze@h|APF!Gpgf?S_u~*31mrUb;hnk z9cTQ|r3=qt6?NK+dB!)1V@gOX))LHP`wzMrGc=P=q=p|tNoks~IKAI59Z{|yKa(wO z$ZdLuY}o~6t2oj=Ax8j8{aW6&xXH?NnEPU-6UBe;Q2 zb*uF5_zW~$v}`N=s5U@2;Ho!o`YP4Z%JNW{Y$%mK<@LND$9T6PdigmNk@@DA_DU1q zeZ&q{;j9fUw&idkj}PebtobJ|qqxe3-s~$3`v){ahaQDrDqfossuC9!bX>}OGv{t)vpPz_@~C^-NRd;4<>b;8qUVzgm<2_s?X_TprjyJKRhH& zGrP`mCk&#CT(?|zB9eWfs zap>FGcUeJ(QfRpJ5*6SIwZx6i+j{AwUy1z%LP2?UYo{b!wk6fvK{JV0{6dh=xbBr2 z6wl8)DL>P5FwMwb+uN2tRz#?AWY-k}m+@1L<$RY!AC8cdPJftF zvmB4O_N${XL`Aj%5PLT;#xd8Kz`C? zbzZ1hV;L3rX{gD_*tK*6O0}E!W)`gxF28n~kQCuN%KPZ|cU>FSJ~Ojs zX3c%iY}uqaom_BK-Kz zQVc$2PXH(6lNJzDG5Cu8@iYE284GE-+YgQV=u62vQW|e)#zPVLijY{qmgI^IDeH!P zFUGLFX-=U~DB3*)+Fh(#FG_}Hn7HuCQ5$1*(!It21 z{m#b!I$l>-XZ6G54H-83sf`SK*Q?JTn)cC$oO1w}yv;i3sG>Y- zwI`V(QYnk+cEYt`@D6!2HwhbP z{(d)FTZCKk%St_bGnnF=Ed%sQAG$M++pPkW7G{kjHnwUu$b<9}r1c$Aq3;u32i&qS(vC z7cho%J)LzdYD6H_12v)lkUpNnEfbS|bC>ahIn#_+72B z2h96PRTN-XzX=kI=jQ&c`B|ubaCVCk;DaP-7FHvp=8t0N6km5I0a%6rb-+iNA( z@~|5n4@^}2X5&@D^4=uCBwqCz9=c$%ANc|5AwGEdFZ9=vcKL#G)%xP zIl59G(gdd1wPomC?n8INksQ@~&X)86)t|x5+|#ymbJPVd;BbiXz+=LXV)sv01N^4g zZE9imF6&VmD?rj3twr)(wHNlmD2!%RH=vKr9csD)Be8T%LwioD<-t~7v%@2gOg7>r z?`soXZvea23>Q-;j}DHBVEXjn*Sm6X+}g3cQs-wym?YDxATouy3SDOA`2x3t41WUD z93=e4*d@0cV%7fBi=FtpXQkOdqY2bwrDsjLx0H1gafm6jPQyhGCW%4}2a|#O@u{sC z0uK{Iu>iE}P($JzH}e|?q6g(R9&JyWD5-YF>V&~#6XXb`AYGUg=bxGL;fe1)a>2d! zr5T#)ZBp{xt!!Dsc4fKNyYeYBbX%w#f3aEVsl~TkupNra`eO9N1J?f)fR1D-KB#u# zff~|t@-NSW!kS;vqdfX85U8c@6SWsus%m}?QHc?T?WmAx>{q#_VlaD_dj3OQDdn2v<;vSdHKufDG@ZfRBVYN8T)-7%CckuEKM9JW!lb}cSD zc{KApKZ;CVu{(Awh^8rT`}xw^=iHyF6M#MyRP)W3A?St+=|TrXStfHO9@fD`LFh(| zb5=0KBSBn=3{(+2iB$5vHZk5IT}22rL~GmpWWr{~QEEy<+9Q|t-*Nw5m>4ynqS_?< z1|ZQiaS2<1`seB@@6A2gGN~xvPU|rH=y0DrZ{~i2<&E>ziAti#8x7#y`G{=s%)`#c z_SKqr)~2=b`HUVO5h*O`k$TcRmf~tL&&KY{w6^+h6~Vb3`V2qjdL|7}B>}Lq8};8<7OtR657g|Z z=jj40TwhbI2rHN-4mSiU=EC+a?K9_k-1Vb2-NBf-NYyXd2WbXBafYNc($GD}zci1$ zX#Mv#y9g79V*?lM&1zPwn6f%L>nViYC4j6)&*!YedoOn`qP78=Nw1%`JKVY<@$}8u zOWRqIvpn5(=x*eP`5#-G_cK_&og@r*#tV<*IgWBcb?fVJ;`}KmMj%T%2_o`vhb=}B zjj#nV*LX2(j%+fTc?FGWTF%ayCl#?h135RWacr~XVOqV094@-!+t+kuHz=0 zB^3(3J+R5<&THG!ukGr{#pGw3+IIVuui@ytximbO(NM@z>%Qm}P702muyb+0)TQy{ z(OEIvUu1uLBm%wD!ILNwLQD)sPp}w_nOo4&`GWE1?T(S*1O*8ic>GesE$YUq!W)37F^_lgN$1S@O;-==sxK=2{|W!Ch&xjsItUZkW(LYN?p z4(_}lA1$=A<*y5I8D5Cg{iwe29c}6@Sv@{A9Hs^?1cmj4gnugR_%Fx1+@V3-6ss~- z(4nm~^rTHmaTnhuOsM%Y^F_-?_4ENsRT{0*YXWv`puFO+Qq7F3*d+7?vAI!6;fFcapx7k_OX zPLSf~+c7)^$g5*)_0qg5OBfjySt=^@T1hKINDSmA%m@ynp*Md`_SKEUtP=Lt<$a1o zR@>Zpju-a9FeFy+afgOV#Ql6apx(Vac$S=j zgn>O@KSoHwLC#QTJ@ER<6$BOZS8nPBXojm^(6~k}n7423T&B?!+HxBBHhI_MpM6+t zf>ky5M!lIaK?1E?O`e^SxSeljyHoRGDFe||%Aa`yBv2;V)@o0ztu}Ek--JvGSq!=r zrG+oOmU=>w0zd(jR2k^6&|(ullw&nwUyu(N)u-?=vJpdb zpWs4aF1fr;KDF_P1+vAK@J^i{)D8CM{cFwE=IzgSZ!Ua!FU{X@shF6XK8B+vwBCw5YYj$UiuV*hLJo z)u^Nl{skT6LRPEFK-7=EmI(8C%zBMobNh~t;B$}dL5kQC*JVw7)D+v_S1=YrAljOc z96;L@o5bVV6}yZ|K|Nc}k>&aTz`#q~{W8(yvOO8b@0dHi7)zx^Mi5^0HyJ*QlW#Qq zDScDZtcpw0^LqSC7Mw!Kjm>+kr_)83u72jA-AD5dtG(LkRsoTIT~xbx@VZetUo6pi zWiXPcBCRh(dZQNMpB2ZyF1fjwqz{l*rWB8mR{mu|EddB5WvzB_nt`)Y|^*|PAqM> zmIh~y#Ns<7K-yXgtHQOgYGaDur}-QB(LTA@l$6{1M!g`LoD$xKaJHge-LS9Er)pMDg*Z;Ap>t-E_)^f5-Y*~PYp+`;=% zR{sj07;TSB8ReD-D^90O0Gk3`)~|TQKAL-xz#05Qdz@(3!5#4511%xtLr!ReLFS#5 zVOiE0#|nEF9a{`kZ%=7cc=|7gJrZNvb$uH*h?+=I9bcWcgvOhd{L7rEY_xFx2+D;D zbhwEjB8#Zet=HLM+Qc-XODwEKpx0_|%*B_L(bx&hsUNbG*lz09H$yQn@6!*9J>x`RM}onWyFazfK{Uv^z~)RPH6EK4#?MJ8JTj#Mx7{o@3imfDXa)P--hey33f~;G%8HE!A2}YVs^5kYKiu1A0M89p zk*iqI_XA9;Z;0m82I(V|kiQ)+atV#!E9DmJY&Dp9e=)kuo1TtXAB~FQ5EkmX7uPpM z`q*BGx*2bmXER~qE4=OGYK+TFX~o6yYqA{j%s;!AMYz~v@w?5zFRIB8>O@`0Zw-LP z_-gQu_&2Lxd2hQ2;E9|g7Tq94;|gki*~kPR@Wey#_ZMjg>!A3qY)eGENV{DrpE#nu z&^$8Z29voJq}?bvs@d^^T>byrR${Ip&jWcSL2(SqaL$ejlLuO#GR-t)}{3H>K|X4`K|$nXLFT6*KeNon-0m}gK7Y-nVxfc_gLBZNDk~_W)~}Qx$!fA` z{@}JG!JcNv6XVQTVSehi8pd319TMVR2i2yx5st{!-5grXwB`3l!mfcF%qm|Ouz;>c zP)Y&{k#NQA=n?04P18PR@J04Kb6(?@C9LtrzrVg(4+dfD6{DX6M3q$x)j)4~;U4|< zndNbzut1hqOR#YU@S*+D87Fo;lq1Nirq@Cs#>DOdw2c|W*&SDL68RXvht}>WPucX- z*5bSrWtS1P(bRXkWf~Z@7S)l1{hg>FGbwSGR*BHPXRKr-I#D&F2!4-2CHr+Mr`L-sCmRy>I25v@aplqQI}O;Lmz*A~`VC}$&8twy9A~pkP|CMHAnNr<@AESLxPk7UNOICh%fnA#MXuLOb=l+xk#u!yt>Cb?F z@VSmMe6%4tH2jQIMj0oi$RIPr5{*>)OX{dR0fBAQd~s*Jrzz(K{h%;IzMCrwjNxS$o_HbptPS0g zsk(Eil(iL02265`zUyK%?QHW4^&7e<$*P5kUii2I59A zen*6opmccPk}wb2Uo~+*wM=talx$%0H7QUtm0wzWpJK8l{Nf7H*K>I}a)O9Nhgf-` zH;`6e%qgY7w<^jK*cU(o>R3le`qFGkj8FKVaO`N$*OSKs&LArJla zoH;2LFud;cv_5mVKqW zrDES@%rJ|!VqWx)$p|d=mwx{p3r9;oBa?8K6gkhA(tq6$3ihhTZx&6$tC|TM_M-!n zdWP};$Q`_BDZ+ZM5dfhdYi<0kRcYacX)*b{AR{Q^C^07-6qo>fspKE-8fzX`K8H|F zoX%y(|Li&r_FxdbMXBz9=w`@m{SRX-A=_&}?QXyTFK^@!?bpZOs6Gt_dR)^g>8o@v z|Hec9DmKm(GhC<|!3jg}SK^G3!Syz{?UQ4*q1vWB+9q$FOH!ng&89+oN@6 zPjIdwgUZmf#T;1SG=JHEZH{^z0Mou^Hv8oO#eYz)MsvhrD5wrL;5E(vx+akZRgm66 zeR;Vcl>x=&udwT`ppy)zfJ0+&ast#O0R=7T1FlN&frJtn$F%`Uf8;w2SumsDw+{AG zI-1^s-C}162_AL*$_)Ng-V-}YLY=u`7L>b^4cVvO|26IZ_OTvNx3+*nLxAja%;~RG zxX0Ha&~cu7iKragcCUyt%dROQpk-Y%$a?#kX{0m?M!7O-FDiFvURy><-p$OCUrkIweUROCywsrzaEIX;^QEOjtwm{ zCCFHP56DxFdG$J&fy{ndB87)YE-m07gi93_eaz_`RQtMs17(UUHo;0hVV-!H;&nY8 zp>;GM1eWW$Qk^^boLOI94dII!&_?_IuXm2M$!idRJo#xR$>?|9B1ksQ-6#vo6sSi@bD4|xF%+SLDEpj@D@9NWh{Is(mg zCVV`3uW4Ly&5PqmWc|lp3xxlR?Q2T@dUpD2b{ir7RlXfK^D11JC8W?v_5;suPSki2B|K*jYmz9d2EbN zsk>!gTb*z0%s3r(d?lKa$MXgUf`&{GorceTA5FQlFqh^Go*ceYo=^x?gn5N1k&?vD zQe!eWwo^GM?*+i71e)q&wI#it#MS+ei*u&ZzL}5h(;pqNzGJfgz=k6Mfr!5fv}kQd znxAh-qCtB)5xh%=kkSL!?$;OYHNdo(Vv%LGt9CE@o@B=%nv-0Vmv;SH)C@pW!S42P)X#+!7o%tpQ7x=qrRiQ{#A&dx{DMfGVS~!?2i~q*d6GBJd z+g>2S;dYcWwfuk}45i}K+S0dY!qlz%zQvjab3=vWww_Y=>D1^eb(_)u@~2*lm>mAr zW-XubQKJT#7GUa$%|^P4%1wC3H8h*J+Vmmat)(5k?DOOzx~vHhTY)X9kMHi#@7KBU zbFZ^f%k-Ap=_~2?*m(q`k!i@Vzi;dRd9Ug=0)!kBM!zo*=gpf%{!=piW4l9^M_cf5 zwwZK@3;M1SCiK!Wv2YvP>b>mNmz&{6nMgl;$FW|^S~J%_vGI%YU=Ua2Ynjy0I!KB) z#To1X?27q@%%89?jRY}%!-vh%+?o#|90*<3w0Z|Se)KQ<$)OvKtb#WWhJ@%Z`0V`C zPSKwQ6-BO&YR0!~biDFCzMq*qRRg^*tGXsGk-d8 zZK&MdE*fLNun@nQ{8|bV(;>YY0vsS?4g?lzlyQ8iZ$x`4CDBGA;=$TxLkGuchGJ3r zPAr447c%5``9*t?dLqpZINE$S2~qyus&NauH*mr0_K@3^M*B7zD?z@;+Y7th{YNb6_bx*jaLTDg#fOPQ7O%pW-y?AN;HT*P) z2pH5Du%E!BY&XLVO6kA5pn4$*{u}uEXlUQXRKeGVSmy0|g&vVO!8=8?n7gD~Y+?aB z0v&6+Et@FN33BB&J9DzpM{m@%qGip6c!Y!Y_0?+I1s0m9PXjxacbov5%Y$M25n})D zI7@*yIsz~M#9=|$NE$p)rYYKoSf22ppcMB~f_dzk;PO7Nw56<+H|EjFRWaY3Oh$t0 zu7bCu3!n0xBgL+`aEWzkHGsn9Y7R{?)oz*Vil?TToX)i>es%4a&A>s}VClV%T>1q* zC`mk`YP@>UQTi$2(E=rzLO!=BYA@}@e=uK#R|%5gFxOG;HKw@GGQQP%rCEOH;lVuA z*+ls-wPXyGWykKKQjVCmktA@Go_3NTi_@RyEg=LD$GJn2yIxY;yWZCfbhJU3Fg#)O zukYe=7U?2N@zlPwtkGWcv1$l4BGnxYv_!3Y1V1*?vULTY9qYTqd(mbIX0|~u3rCUM zo4dZA@wK@ffAo2eyLvUL&sM>ZA}9lX*dI@^Q~CfIfK@?!G1Sh{)WFen{UP-mZfh(v z&)^Rrr(3}*z$)2Cg{_P~bIxob5~zfZOWC={OeR`qPFg6NVHBbT>=63J+Beq=+4DIrKXa3p3bDJyioLoi?-c}gUchHvv8^rB!RT%9xBcgh}Cp$88W*@9}Ne9L2WcRc-6#X4A`9>c!k zL@OmJzkK6B@d7zLNbD~up`!eYeLwj-P%-)@QZ5;?q#)cz-MX{wu_Mr;5s6d)JBtT+ zT2;5b{G4YkG29YmLS`kjEWfMG^@BrvLJ!U2}BqCKPL4qrpmY`G##W1up!nmWJq~} zC@dryf=~ihXrPC*Oq8&Y>#?R+RT_MZI%qJJGo#uzP~3kiICZ3ih8zOReuW5{`U0HD zc7w~DXDP={TW1lYrkST7yjBrz(m$7B&=AaOqbWG#JPkdlA`RSR#};*f*xT_rfr{?5 z)1vs%?Q0j;cG#^=0wke`ncmX`Px>^JK)`AySwTk^@hPQ+8>oY%v_#M6s!bRonLyd~ zM7Dg~S-yUZT*+}aVgoEjwPtby$mfD%{0Eo#ef+G<9RyrHk_ zNw~xggmN-`o_Y54Bd2!`tfnzBNVmq7RyDN8_@iOZr)1cdYE%QxJ00l%9y)vlsZ ziFGwKipwi06sRi6>N(U7Xn!b^)&>{*L%Tlal6m9Mw}zRSEWp5=V*A3abZtxvJ@`LkWBc2OV`0Ba84px* zL@flRiB1N@-)b4M4OBN8LW|D1)n1uxVq*RE%kxREl~cgkg@te6e_Fz;jPW?n>vhHS z2lMm;9`HdNs~>wi5_X`0sqea01CzFY)f;78m9B7derX~ z>PUeU=<{t0EwrXiP+z4-07nn012P2GHOE~Uv~Rgv819Xs`74qtY8ZER9A5#51rX{* z|1$Y3ZX~{TEZScwHb1q2ywH((dn;Sf;c^aqQ91i=>gIW2=;U_4UcK6Fza2`*;0=O| zE6IFP2V`aFK8IBCAk5#*C5Fd~kKmm7EBX9M$PLD&F}5{RZl|GsV(;j^b2+?2`d7hBd>)Yk_UZp!!BiJ} z7k*UToKAQ08gW~qZE@Q4WVVHz5HwHx_j=N?dA>NT46cBQ=8ZUGNCvaN@pUy}!)nTUI^kav0$~Kkao}_f zL6pcF7nDwTru)%PpvDS1 zgd_BDcyD_rng5!SgE+#X8T0dFi1M7ok(-zgcn47$`x{Ocn#WU|sdd)GGV{re#7@uI@;^b`B(5&Oo5UR z_2)v=zo0ILYZJLw{9YCz_TtC>q)LGl6E_Fb*;GC`BG#k63-{`{LCe>W)n@zVaD0mu z^F}7UClSmBPMN86_dmR;7iwYrA--$69yji5`UdPCp-ZgXlUzp;9k77WBKTAQrlit58=xs z-#}<&JHmRybyEW)Iu}Rxff3hHLvW(^N$8KTL}IIN^;&QckCIl$I?VcnWh(|X7E>EW z-F6G6(2r(#ZcYKFDD?!giBtJP zkD798#@(Z5yfa@O4n|nq^nFagIL=dBTIV_hz3)vuGe_=o-iuuk`rD}s1XGz~^D0=k zC}+dP$P;>r|Ca}t4cO7G=hnf0kFm__Ka2ZC5eZ~@oS?Bge!oRN*}Z`N8vXNNq$Tcf zX|vrd6F1q>jcQIIA`jNOcF`~5PxAL|5yFU^W6poHKYrX;e7trzo^F_xx8^}X8Vs1d zOt$&yC7;#IT!XYWJUXZ-r;!!V*PWvCSD_Ba2u@Z^eogt1lXQ&it8>uw3pjPX%6gE& z9Bgb!I!(1O>hr=ver6ccMzZV~xjOD`a{n#y$G!MxrC)N8PuEO$T4CQ7re%6kcjoAp zV8vT)D3u3_HDN>TnERfB-p`pwN29Svz%V*)C8vZM;VYnt3cYS?+E8Nt>rs-^p6_Ub zeH@G4P+tqBc)7j>>}-*9bPsq_oFM$_KEE&mv~^d5k7bk?8(_vkP;BsP;*lC8na!P( z{Bb(o4L6UH!;!t!U5s(l>;3H!yT6jRtI4tdi8|MFV)572yM=Hcl{pH1pF^yVS}-*!-lF?ftb3cSf$Ij zL%}I?MbvEAi(;Aa<)Zuq8!HT3{j02#@#_201cT9TEp^LMm!B#1j0{huVBGO)ZERa3 z=z#ZHna7$jeX+fPTH%k1XiX>_W3+63qo>VK)$e-AVUi4jXLyKuCXw_S)D z5OJu9=R+qpM`cp1?k2xD8gmT&@X86i2>e%bq(Lxv$K=P72dO#61$mKOF7qSIUK~^B zRru2ZyQmX0bi4Bq%3Ty6g!4|`u(NxHLbCl}kQwP_CET^*C2oUyzbqs2X;t5WIL70mIl)AS82wKwcZ{`%&IH$>@w{gQNmweK z)NsEtjeRLp06ULvt<(&AE&I0J$o3K*4}2Ila+F6f(iM>Y5pq|7gzVoO%_DvM$7ohQLkVCrHC4mcJUA{<-XCku(PQW ze9B!R3pKjStMKsSL>{3TK1F6IYefspl+&y>yCU3T6P5S#z#QC#CJ6dpPs!D15&Kzk zQV_)ddRoDEDNiK$)^~?Bp55QlJ<1@|OpYg@o?K)dQV&avx`S9H+vGEl>tS}E0vxP^ z;dr+%FZkImQXzQrM(^49t^PPX5ze4ytEmvLT&W$D`!(25_nI#2BL~WQEB!IH|A`R zmSUZsE``n@X&S1GNpwoRxo_ufSsT@iHO-^k><~o7u6mS>V~Hz*)8!JTktsdz-`=^Z zQhb0FIwcWg?@2Do{lYz&%WlrgR`J?}tnx^=Oc#`TQVg97ZLgi2cpLEMH%sdhCdsEp z>H0t?X9#?T4aJb3d6*Kq&pvUSYM+ao-%g%}S8w8>^m)SJRh!L5<*WZrKK)W+S*Oeu zxgiw<{$7IAPOQNmwvR1ifd7QB-={Bz25VuJVOoQqbdmycHQ*soSpJ>BU_C8eV)V#p% z^V;~PSwv#$9gUy)aI)C1jQ;oNu`$A6RpI!CL4X!KKwV5Nz@wZM0ya2WJ6`i|d z&Lk%f-JlwPm=Aco+Ibe5N6Ta}!){JqX%fll&DEm_{Yr2QIA>$^XHVfyw|mWqsRsFG zdB9^aYwybO*$H=*bFG74fES5Zhj{~))RSc(IQaGUzkHQOF7@?ql7>r>hsa0WG$mK#hyG8@ua3A@#YJn zM=GQK1~aRpkPgMy5e2r)RwE%#MH8%z@DO<)Qea@(CYRGw%#4@+aRAZ?TVM6Cdfva3 zfuqlV38tX7%GK|yF&+sA(nFw@yN_rGHII6+If4?iG{q3-vD;?0l@j=!p+F%f{O_J2q8*Ptogoqb$v2&wfPI zJn`&%oaWx9Ga}ak{+lUV*@mZgwCmi*CMeLc_Ok_I!g2i%Ma*eX4E8?vFw15P)_lcu z3@57(nqvCrz^o8fj9L6_e}g7p!yqm_C~it+>}CqI5a@#o+F;h!24AxuI3|NGzn zKQc%T@iM*kC9O16P&LnL>nv~Mnft%*`I~JT2QPbn@WkgOH^NlJaWeZA3QrFBNLZUOmU;hamk| zw)LOz#_{g9irLQVzk?%sSX>!y`uaC;2!ai)pL;tP4@9UeS-8%Tu=8KYVQX@m0!~|l zKU&_iPw#ovINZSewdZhMUxOowP8Kx^wDHe^1iTX0QFyn?fGlG71IeZ>zf%4F@XQdF zUWS=zRFEpecG?`SqK@TLyK)3vfx30NcGXMEzB*Nk%{7I@6z^VZsWp7@L>P4V@*T<` zjFh0&5B8S-Z#T&t^&<%-2FU5*Fcq_ea24*Z9!@?#lY6-L0$%VDSQ~zeqs~3R=-m6fE8k!7hWb(wb))(P3(s3(rXk5;0lSuDx!xL$tUkv>KEVAW2aJMp@XtU)>9Qkh;FW?cfxPivd_TTvr@rZU6Z>EJ<2SQRnmzhK zFvs!_Kva%)qov4sb^Ifmxt^VNuhjH-m$N6!r3B+S zW+^z& z*x5e%<$nj^ZENszc1V_%0tsk9tE5XOW|1J4{A5AHDZ&Y(mw0CPVtWNz zwcQpwL&pSL6`5kGzGnj(NzDC+LyL~-F5GXX)OIr(F4lC3Y#33K;^5CUD!?8>r%rla ze0>X{t2dDEa86rI;~D52!T&i45vT)^goON#@JEAN9D0fF%udUs=C0e28(M34z7`)+ zcq3qy`m&m(uZrSdb|eJD?}+V71iAI&8HgQ)c%WP*{R9?PAFpE4Z-hFyZm+Bys^cp7 z!Fj|UPFv8_XgrC<=f3L#Cz@PNr%Hu*Uf8YoHaB`p$0l0 z-@hWDrnzmOIyP}s$wyDt?M$nHhOSt2Q|NLKdL=!^A7PH@64*tU9 z$}L zUpo%DgdTI5LWQ**q=EZ)4QJE*&?}Tq8Js5G=9;6#urI-z)8@8@&9;~{G5ZG$XHB3N z0gx&>@HC>;wUkxlgdCR?a_ix@9eg%+md+AuEwT#e7_DI0Ef#-|hCw-Xz8(w_8;AA~&WCsCSaDU2ASPz9GzyA?m%` zU+nvTBRSZdV459ppnw%f7M|iR_ASWcM9F$yQPOJU5n&B79}Rw#H)3lPnaij7eJhjG z6KxSTl7okNe7OnZ_J+nRD4D{d|4& z8$KB4Qgm+MZE7!jhG4&lfX+qYtw#A8*Dfqx$Y2?CvyNvf9ld@c*}&&DKo`_@J9aY% zU@n#}4vcd@CSM>9pZODH_(ydRpPu)-Hi&NuKI|H-U|oKI>DEC*hYa<;jrD1`2Gm&F z);dp*Pgm2uKIESCO?+XAJPlu|M~eZAiQ6)S4EB+c;{=E3J|}nlG|GAmGEU4uNjbhj z0mpF~X`vOU6S~E5&SnWUfy94n^GTUP5J-7hLPQ*5$wIkg;^KlyS?oiUyY8)NPM?;J zPfl%d-0RG>t^(d_?Ck=ryDkMDB@2zT#b7cPi@~HKoumdTho=(+?eJ=#Pns}^)PZsB z)RlwBSb3H!c_l&)8_A@-W-Pt%&^+=u^)CK3v%==T(DIU=GO`8!)o-L4njjYBB%ncQ z8Z>0DZhn*CRx=ZkRmxOQBR3A2(XiJiIpzxKGGwe`~qKQfguJEWNz; zS=Lc6`S-hD{))iNP=#mw{Wn$FEov8+`(T39w`|4+AStnk+Hs(L(U0@#3JqD=+9ZvT z_2CSi;#!_o)ZCn{ViH17%ZM2y)tquHJmwYwy}Ad#ea6lU@2}uv?yj_EvWl0nUJ}F7UiX`e^hV zX~bBp$L#{?gK{FQm)^VHL|*3_X4hDM6P|w&Ll?nyi}`sAG+>|WbwH*% z^k*Egv4!KzBi<_M2LQyvlXR$cV#_&bS;V~zo@{Ppw$FBC(&r)LZTpd)CvK6tdI`@I z&^kDj!vFQMx*>j8P2kQjNa)p-5-SY>Jjy+G=?{cgR|yR|lp|+i5!YJ1^+3aibzwUW zY_d_pi-BDB-p>#(>eBD}iY#LsRYxD(7v;5H{#xCAa7+8y(!mrQ>ve^DVtxHsE%-1c z#*h6?egU+B~Oz!KA~ zqCB2<8%y5;?Eyu_MZV1f?H?z8nGYhMqFT}RH_Q!Mp{zl&7)0s`F!m}R@v1qj?j%kf z`Vw|jTY^gA;=qmY-_J`R3M{BpUL~KWg{0V$zf)|4=8^7N3BOKMH=l#R)6LoIXm+<< zvJXG|i0>>I2&|%kDc4^amrY>)BuQm<21_3<*$)*=s(+A+Aag2$+2n+HPV={koCVFI z#y@RiMOOmIYFf&Nt_O;Gkc1;Mj1FKFiiLr5d$oVr&8UoMLaRi!4CMHm&!D~ilsT0l zxU;a@_maibGfP6fTb!@y!ufvtYgOE1b1lH8y#*e?@Ir0l1bKdPvaI#?u3g1@JW1O! zuKxKhNwNDpD1T5{&CV0FFWx4B48KuFmGR^puI#@Kao8_W+~gR3A^9j$4@lu7tG38^k6;Qb4&I&wWtydBss_KLj4UW=!M3JZDtEcBB zB`Qs{fS(Av%@R`eyvgVN3;BW_haRWc0A77-NmuKept1_0ZOGsKEok6oz9w}ClSco} z|Bx!kd^y(|N75&T9>epWrCJLTpRW3idMR;U)KnO`s?KG9C)C_XT8hr{w!m;rw|9#( zh-&B3Zu%hf^X%NR8G=C6DX0GWCMg`1$TJ>3JI+{9W|xj%R_^riSgF3F#!js|VLQXE zpX7)Lr8`AP3+-(mw>$UhFS|^I_7=JxCt%q69Poaz01)qgU+S69;@Hm09S^OQhr~)#(<-xST33NYB#b#%>$%EwsZ()#%75xl5AmaPcOsLv zU@oVQ#>}3LQyPjWKMjA}JGt4CZ{y(o3UXG?Dj4GKg!1Z>hXxRO;47+~>rr!-ey)N2 z&-|CVaR(Y)a}M@KE4B+EpCEPKvZSeqWMcGm+I#j2PT8egkWi8wE+Pxg-Nu3P>B1^Z zD0yyAI7DGjxm0_fvx1zQBB3V~Jb(vowjCX%g)gQ2o(m5F95z7zG?1L-N8#?YA>{<5 zkR%WluHHv-qV(Puq6;)aU#xJZs1xrX!?WD4XAltrQ=1M`fY)~8cHg*qW&bV|-y!3;E->*w`+PUllS38dllZCg^zKc=h|1h< zJx{>2NTnxNb>5+Ci`bk~^d-Q7!t^&84Lhd$63c^A%b9eneCvB)b1JnZVjYFw#R(=> zpOe6);prM1-{)z3ZyR~~(Lf`oyGNPIlFGLdcfIoJnt$LxF>`1IU)8VdS6NKSCGq z^W2&rM}}ZSc`mL5Lc8V*9t`DcL}s+w=hVbIL1p}JJXa=8XzyB`v!^(%!3Q_g6E3%P zVQP(r5LNPY+fS>XY!j_yd7dC)!A;WOQ2`=GJHNjA>x-1h zy2&r;y^SrfU<3F0w=RmS<|X2I*3RR^OSqfL2JKY6o8&I~+-xR$kkBx~zVmtZTxc!$ z?LCTO`e1nRXekK2Z#317AGeY27Xt+a_%17agk`*IpIT9rXF#fi`-y7wbH$x_U zlx6drMxGB6uI~ovZ+T6NyoQ4!m)4>T{NWb6oAR%F4z0A^+5(a2djurDeSb7&8PjC7=5C+p#0nkoPiNAI77IR%lu{4q+Z zZn~hn3*(&{qN?Tr5(tpd(>>TwF`%6x)b#1pQDVGj$zKzT`|KNd37-BtVL${e4hxC6fB4kPC;y zB`Ha;k5Um>R#5i%j=`gI3XF} zy{- z+^PRq;eaK4BFA#T?G%N?HqzER5818_Fn){^hHX8(xIbe&Jn{cIp!4F}^{Q1eGvMi2 ztt&_K?7LDO*4D86xZbzSF$ztGR8$r5FK8}5rp74)-kxopCGiTmFj#97cH1Y)T&5)j zR@O6O{ZV2NYkK~c58FFk`=L?0N5a#SYqYvg(-WN0rzPn5-o?yaucflOT3h#Rs2!S6 zJ3irBo6B>KEw97_{^*n@rYs=PwWKHivw8n5BgtNk7fe=ygoF4Vv=aO9TqsfV%h1hH z>dHe?KJ#xLL7Arko=F32pu~90ak*rXs)S1!Z18YYPhH~{(Ef+V-o{Cef zLn|yr1WEe7D`p}TB;do4ECbfzt{=V}+)=8EvyX|?<(P5*$0`jryYIk2*(99*Mq7dP za&-g8z14g3oT>nM36w(l<6)1+^nj9=1hTri`idIwgXg}+g_HGGK@F6v85A*c*Y=fv zv2|&j=Hycf(QMG@q}Y{fT^;$-u5ANs5JwH(WZ7g&QjG0xt(Tu=IeZB=1cn` zmUv5M`bpIXx#_Q^%$6`pMdj+vQi0@EV&xXu_N+*n9ZX?k_a6Wf+Ty!~`TZnjZJ4+G zZaaj9KU8HUb_yKcJJWiPQ-7a0m*Br+UUe6^HxC~3Sjf0t+spbIG=aJy@sh_s=f>@; z21TS9T?b-l(UP&&y9Pd8OG`__k#h&e5e-AF%-p4__y5P#SBGWQJbxpKNGjbR-CZ}G z(%s!5-5rPSkd`j#ZlqHhq`MpGZr=OR?@!-<&$Z{;-I>{$&(!XI&opiDT#!u+#31%V z)NYDCZgUg)3gU$w4IG#rz#oDnHw75qF|W(jq%@%==QU}V9n6>Wwbxe1d~Qdaodhe` zO;kmO_;d;OdrV2;<4x|wVhkp(y6vjp9GH>;MQ?+@RjgG-uv9XKkA`E7-@)k zmeQvhi^^icTU2;XRP*_i78OAuc?a!V5lyS;J%Y{C>k8mxz{kXBf3-Hq9$4;0hP|P1 zVe3SGb==@Lj-#TG_e=v_!!l+35jYQ^kifs%JVFh!>MGX2K$$eOQH)EO zlMS)x6Ny#N#`pnjz_0L*nrACuB)KtARIf(WOxYpHZ<6E}0HRq* zd=XyFdhs&G3M(SR8G<2!X{mRm4aBJ!2g)uhR`priXIBws>*^vcW>r*X>l{u3fpAIv z+Q!;OZ|w&R_qxV8^D8qdd=;L;H;F$bb(4Oi{u*jvzP7GnIWyovdR^Iqb);KC_vEKc z@w~mNttm}N{291+d7(5VE6~f)r7v%9MoKTUO}L9SuS#+|KG$40E7J}VdITIPBt<71 zSgNq>YQ?VBVlm8rqSOA7Kjw|k@;Ms21fyNXkEz<`~x|3g~?$b_iFfbcukQzL4%y{%Sc z4~6N_;F};>{MmPHc2Eu6vq%l|w@NeyTrmkids_82Y2%LnZZ`p9vJDmy=sst`XRZ#^ zoa@e#Y_V9)^;^geG}4w~Y@NyFD!KGi7NRTyNhH;(QhnOQpZZD4lN-ekjiU6!#_ryL zn*ING907`HElmR#zvQ{}x8+uWXK5{}2D4NtcUJCCt+s|{>Cv(=wIPp&dL7g@8L8N3 zQKpTDUm((}tydKq<*!^Z=%x$WKH+9*k9)uO>SXFy=4A*4#gW*3Icq8Oxm!bjde%q! zE=HJP%4ljfPT;A=DaT-ja_mq!F!5$f@rE`rbM;J0Ke*$kJ=pm>YQGgyy@PvzvF<=Q!1uDiAmV1bLz zwjg(sK?S#}8QUw?749d+pNY(WgbQaqP2R^r#Mh769&ge`Dk-YjiYNaiG%LO)0eQK> zYSICPOQI)~5i*VWpUGjPvJ>%z4Cknd)W{YoE-|eehkvg;w>NmTttPVk79{_zDg5wh zGLhoX44Z3!u)Gh-Ctp7b*sG~XD-}OFyR0xfVZkBE5HweCQ+rUdaDO$O4C+7W-HZ>( z;r9iBATAA!4{pCvVyu+jEvd{a$I8fw97<9nJ>}+wVlUrr|1!XYGZV`M3!kl zFR5>b-Q=^>nk=udEHyu=D1G)VlQ2622JP!_M}L@)uF}!s|5JG!ybN;_emN4$LQ+P zFiI!CN%H--T9BfKyQoUU@NA(P^(G`XwvpKCGKMBnUx?CEqIwmrNWgE@q|(DkL>F3G z*b$P`A)`n>qIYeA%mpKbd@mv#0kT6Ob~x;Z@A+@gU%4>pMHWG&m`g;_tU}}c*5s}N zP*bIFgrbq-JKH|0$GpFInI9#sZxEK{-&b9;tky4T1lsseYj?NFA|+KN@XOK zdm-J=d4IM(wRoW_NsTmQc{?qTvG>q5_%I|%t)ElYo@$O%h-1Of9>6z&wGB(c*I1r6 zG*Fk&yX^#i?b5mwZ4C3r*j6l9$Xp{2eaoC(0I~W?B?Cm38q)tz+^Y^6Cxq|!O{7Cs(CR1Fs($a-hBkqYC&u|^hmVN zJm9Ekd~&bYMt_ZmKL2s0@@F3fPQd@Xy6B_WXf&fApC zMS(c{lgtbmyGKTllPJpY-aXoi-kEre-GET50|))btN8KGKVAtfA}9~UfP&^wK1+G7 zAV`Th;AUg&;VNS5r0SmD&{MCv>;QzPb2YcVzKXe1XAuKFDDhij4{NlyL(v~^;>iaz zsWppUeOds)eQ2&t_m$%WBY%W|2@XSXqmNMOajw2rB+gdo&7lz9) zT|MYH@A4dM|GK`uOR>Ht8~QSOAJNi@8NU=$7y2rFm3n^m4en3xvRCtV%53xVp%`)V z19IkuSLw@Mgiy=#OkbYUuKML*gvBalFz6ju}_BF9w+9R z;h7~=H*xE!U-Eh59{+(lQi@uJhj=3JF5j(NFe#hj{r|Zi7ZP--Fc}=aLrN6UJ;uf5 zS#*la%m7RzK0?&n$)fWx9$*3BTwQs&92#G-U~8bEGm@-`Kp;5$8EPU=^7de4%gk44 zN5~D=c-DBwVqkOacL3#14j;^x;es_gK~79ZB2H=e(tgtVjMXzRP+EdfUCy37dVYh&3~5ikQ1OFb0!Gc^UmN@F5eC=S zenW2HKg1H-jQe+X;BJRR6A zdt7t)N;B9k;mAXjKBEfzjiyIlfO8JZP<7t;fi`ubg7Z7T0n4frr}jT}U5jd?rbkH! zL!+GVhM@rmQ~mQ@kMl$TBEG**K>kq-O=Mh$EDgDM?^>j6SW0? zJ7VwG55s(GsDu2p?b2u%TPcV#aDMb4zV;Wc+D5u(lki#%RbW5w!S9+!`)dn#vXPq& zfMMbAv<@LEXXA(K&$=y&1&6Q)gws6p&4F!S=K{zKbu zb47{RhY7+pq*%kGuGHp{ATj_|VgO%yY&E)uLSpW#^aEn>LrONzf&zJa*D;m;g#J7= z{0t+KZR1gHl?L+Gc$J-?uJ$d*7_>jf*1MWRCgKD4-%AUTkj?~Q5ASxbw<>F3GA;y7;o_HnAk@x02#p|gbh=ZuSOZi z`HUOjp9KC-Ak2@c2&sQaed&i;$}5EqY?hoxo6-)0>l0V`n0sqp=#=l}%mPkII)g(2 z57wI89#Z>H13D=NHrY_c@jP)O6AK0(|A2B@+}Dh@@I7++A1PVE87dOQERq)4m(9r+ zV)S$%2g*8aUp{Df!WRC`-}s1INq{e=!w-I?qk)!b)YtMW4#3Urs!jL)o39ni^V<CA=r#=cX&ewz&S7kil2z!3-<)PelL^2C zAsG~ge3*5S7Ig_penaSG=*9+f*pY=_(;_x2G=#3IyNLiN9SEQh7XB{;QY;*R=|Cn3 z-m}zn{5yGV(Bly8?Tg10g+Gw#j4E11*4=(S2)%Xjuukd(p`}IR5<(l~Kro0XK{J#1 z!2kOcgs(3J`#KN=`91tB>t{&sA&kKhcI+~SA~|Q`{8df7DlN!WNuzHD2ezmNpc`Ka z9xdR%KxwbUQZS?GvCwqJV}wsNd*Ki&hEC(~j{vu*k&mv#@18U5sDApjzgQM%A$=u3 znT~4X!+o-iF2m|lAgVwZ9gMN&`~yrRAcw z-zV`wsZ&UWON~`;bC~AUJ-w63>y7x3@i63dgm8FpYC>83)FR@k$5uNPAhF!TB4G3ye<&_i`k1`jUba6j3y(4MS(r5n*Hmmga+ejk?8i8%=Y>7Tr0ra z-E&t@AopWvvo_k4PvZM=g=Qi9hVV+G^AtHtGM;vuWa zhEizpL+tF=`9!M!=}YjJP({*wz>lh`Y-&2UgG>i?a`r1)3JH8%#5eVCi=h^Q_4GOd zjCRHU-?6L|PWbAOF99|WDsu7K0tkhTr+dL(oD{g;kJ49{W#Pf+&eaG zIjmM2It#Vry^TtN0_U9T^)!4{9$D>2mdpPk;CuAK>En@1S)Ap@{+tnR)0cdY7 zZ>E@Cw9+trYEhhU`NIs-&9%dPfY&8GgO&z zceuE4A!7=IYHj+t5t)i^Ko>>))Q$NHxHFrUma=zcjxi;y_T0^y!v4 z5zht)&l`F8wwAm8G)--i9IH}12gwbUVM#8X9c@7Y)|;wY!3Vs9T3sbEc;?mtW`h9 z1H#B{sy-OuEpe+%*GB_Q}?sYO$2g`WA%daP>8m+3>55@bsSO7*>q5 z@c$1nP}(u>q`I6=5+N3xnLu?(7|FUB9VoJsT+ zXa@d^qNlE3!X<&h>QDNh434&vRFcUWpSjT8m=0zkWRUevzPm{iCsTaSKE_|{X3kt9 z+^*)3uM1X1Gota@o!t3Nm6)PC)E@)0B@VG_C0}BAX`E3m$lGe01PLy?1_#X<8y^em z95pnwW|*!E5@>ARp112Rs{tCiBqjS?U#v*QD`?BKf^DSthRkQF+mv|GcwK83h**Ei z-JT>^i6?0x-&TV|z>^LUAM3ycuNO}t_Y>9PYfVUY((GBe66{y6tLSNQi~fdjQyUVU*`+B!A?1O6?o}l~lD^%#;3pltREhC5 zCTv2W#Lm{v4 zjv8{e&O%vq_$ZK%|0)7+uL`H9iQHt4CN1;dnu4g$m}k=Nu#`QRx>>hPf%uyxzc8}y zvUcB2Z6;IH7|?e6jvwk#+X)~V5r)`ZtO;xof@G~J-j<+`t`ug-?TptSBK*dm?x?0VG-<6> zsE3i(P37yiWTB-!AL{|x7Zeg5VFPw}c)qF4pU4EQb+*_4-|4OGSy6K^u>pf3?uGbP zdF^*NZ#^pXUyi0<%lEdL$xh6FY&khc;Ag9+eNtT6BGDqXk?bw%Thy$XM-H}CdQVzo ztoaW5cZ}L9w7|Z~mivdo8e_Ssrq1X4o=Yk7A>e0(c>E8T(C(jAhO6IlT%(t}&cN9F ze_>RUA!K~R5v*vi?XNLb;)6i;85Q(kU-ck+HGEOR#3Gi%9P%A@aRs}QnC_9ooC=pVV?fe| z%Q7EhGF{s{0Pv6hwwsG=X)uDt_TP5p6(@w9^i4T55oTvp**Bc-8A!B<&m>}*h%UO5 zJSpSSZS@YfjkpWabv5S2Y8}K~Be#9pYO!^s=M`Wy>u`CO@Ky>cDny|zFCM#PqY$Bc zmFO!thD>bekGnmrZ{G#Qr}hyXhd%+K%+$pNad$PeHGlBob5AlFoT&;8R1LCb8;Wry z628$TU&aaYst>BM8S*FRL)XMecw{>hsJ|NiuBN9HEF&sl8F`#XRRhb&z+7;}b+!lz zw^+=gO>EH9O}Is+l$)^^vAWjysN%`a^N`!Y8O8Zp?l=lyx6BD=Djn|?*H}Vp@n;Fg zUFs;{Z!}OA8$VP&yI-c8zQOl;NVb;pqk#)OF)`b~6#qb^PC}E$`tMjBQ&o}8q^YBT zkCh86lyv-!QBC>ggUh~N)wMIWXL0&T8V?|#a#6M5In6~iA-s`Z|Lr%UfE0IVa%ph2 zMU)>)6)qRE!E(+Card_h@>#+*6f%+-r!jE(Gc&EwAzm8Gzu8tOW5BbCgJ-MW4$uD@ zdeF6r1ASM#u?MFnmiEnHmv8!gUCl7q<>$8~OCy(e`ec${&;3U*Qebw)8%dbr{K!MK z7GV#84nG$;F-!6qv9-63*oog|Q1gq59{O3}cg6of;N(MOS%a};aVms88&F(Y6>HAQ9&7PmM z<`rrMxm;sRp}&54uT8)x2LY(kb#_GmASOqNaKPLjFDUJ|7u5LkY1cv3JufNx?LeDz z1B*~W93@-i!d=Atuc5L{`jezd?hE8d4V_#&0UTbwHw9i7O={&765*)Oo429Y5<$}L z%ct~XgWGs{I0kH^v4!|bCe!sae`ukBW(tT~rjb^m(ZJxbFC@ls^dMUG2c!NVv6u2E zDc7H~+alqup3&c=f%yl_%|l76c86oZa7?|9QZlFMOH*X)viB0Wo}$Mrhn&8(%lXq) z>GAi-D;L%a1nt*`E11Le*EXA4A;k?$?RDFNe^LiFAPfWWw=!T&5LfiZfa_d*&zSd0 za|4pb>}Td9=#)oj*3d3n6lYiPFB?);CA30#OzDKDGlp%Xzkk@~xhZ1BuPS!*2>y}+ z6_x|p)8h5wy8ERSK0E+{9(<+ZbzQ@1OAdmrWv8*Ti;;g^9YnwzhG>_5JuwtHM_S9;sVz|51 zm{#dv*$z@qSE|C*Ps;VnefYSD@qlX*c4G2-`X%E{;6r$^OSP}1W(fEd8E~xiDNu-p z4Y6ttHl!CWf)S1rD1tjF~B!-ArsyS-F^rbA8g}Ec-MY&g}LjSjrXvO{%8tpm<$UH`@`iA&8mShEeqIQlB=N&7jbTx=Bg`) zf)nw%Nn_y&vkHC*DQnUGm7h(64rS6K<}xAR}cBkYXAcF zY>La%84FC*==yegSpJ)H;hF{HU;6KKmFk=9m8qk;OxHJ%@!CqO9GVvZUG;nw*|^AU z60N8Ti*@^)z?1RlfborqjeDo-S3RAefn0a@WdFrj?mzB|UfR}rY=0+JEcuz^ay0UW zNR`0hJMdk+m*Uu|*=QV5yUjrM9Qdz)I2~7u$juVUovGPhlQcZJ6~_R&#QOQR#=y8f z!?JQtoAS|}Wp08_Yi17uxIHzFxzsr%$K8>?`m|F}&+xzMJ(yrOusw;R;*d%U$oOSS z!lKV<&INNOJw)~ehs<%`bIPSxG|m!t=QqiK{|beQz3n9!qH`f+Os?aK3BPBWoCN)p zEgp*2;r2&Ozj3bHq<7I{H}d>auOYdyln`E^$L*dc#%E`D*V;RsV2o*&F|$%bRUz%Y z_cUO|sT_!M_0Vv^QPOfCTvvidUYsGgAzVQF_#3bW$!sCOrS+5gqLfTr@_0=$0FNxr zVksT_`Eyq=c(B+ck(VU!k3U1cz)B(_zWh7cv|mC}Acz?&hS1C+_nfGziY^M{)pR@~mim zKvfi6%5&d1=V@OudZ2xfT~ByKudvDi(58-5Uw4FplpZ$D_NKv?j!)<_(C<7Pn7z7z zakm$rM@ddz^buVsDsd*qoNU{LK%AOmGgc6LgChPo58U5IO}?e7`S8~=Dc=Lsx%#4*AEP0aVV zc~dLo`)@7oY#AQcKUg+Bq~JY`)mS*XFYJv~?BnnN4K@mV2$=|arKTV^F9@862j zza@RtpJ+hgUas+n(SG$^nY>nUW%hzvwZf`Y)x|Mb_Sk%yT>n-XW)5@3PcUk`ZM^T{ zm&ra1b#yGyg35jy7XlEgI#3OoNq*u0p>5aZ2{3)Hro)tP*W(vn{OJO-}H1VdP_PoO< zVQg+S=u0hxzi%*CE|*8IRBIt(rJQy%U7@hCzM(N-YQ6II{Uij#qo?jtf%MVRc0(~Z z94FfT9eSJkh|u2W|_J5vc|)*spg8OWQJRSO_!Iz+dce~ z-Pxq7bw4ZtsxDD?$7ft>FMl_rEUeH<$w3=2HcRtxFAmW4c5PQ1F7AW9?ctETo^E1> zhK?nW*8|TDezGv`O*tA01Z(R@dq_T{ir1W=>wg7fezGtR_9k6zGU%Quak}IOk)Yec zkJRSmJ$s&lj&doIpY1~Am+YJBij?1Tc495N$#AhgZaNh1efm_`)F&au zw}kb)P5w5vdYC@XI;#F8s=h(54G@Or(p?rkEV~yZF$}MtO7>SYm7zWu?kr-4E*Qmy za!Tx#Sxf$sLMkIw*&rjR+Ypk(QG_!upQyGGX#*bd51q71P9-y=I5{(UutSf5xlq-L zM*C=PMoPsIfQYRVeSD~JcOaZ3`ux zb zmIAcIoi()-e?zks^#D-Q>XGE=yRBtixwRk2yMeAfC-|c7+{(23`%>j8F z%-euAXYzMtpOl^@^8LuUr7(08rUn+pf(^ulb{*~e-i0~_8Q{)kRz*=vB=dP0z&=_s z@j##%D)&(i1oua~!?W%G!g~AE9A~K2iwL!P3A$gTn;Hwezjph+Oyn^|g1nWqUFXi1 z!i_gfb6)dtb3roiNwU72^A?%Y{_%{u@ipM7ys%eL(ASW)HEjEf?YXtennBK{`g1Pm zDUgoPY=dH&8%UT;Y;~}`9yRM-;Q)E;t{tZ58k{f@+bOIPn;d+FXcKa71d&A%%xB|a zMP(B+!>6?h{mtRX7x%1iz*?7x$1C{S#!@)Nu7u>qAM7xHmtjQ>RZW})gci=JnDEUe zV8jd*4!SR^&Gw1VeSgUB-&)MiZJ|bfY5$5nTlr8$YpSE+!)l9-HNaBvkXG-gd$lr+ zIUaVri4bn^M&?F24_up}vUjWh0cG;?HD_!Uaw2guiTfcZxIr(OGXDWL?fBoC7;}Vg zz@*>jRFC)!WEB4rZbj;QH$5VYOuR*meV6`x60*Z*B0R~Blrou^Ub@nZU8YeL*P<_9 z+ciH>OoBQ7E%8V#`;)8^e!@N-jD>)^_+w;K^@h@&z&|Az;sKW`__iK}-0 zVhvF#CLR4Er$M$4iJ3`J#sXKB$h>|Oxbnj0-Ku{ z!2wC@iJKeOs17!w3-*Ss2*2X-!RoQ{dInDcS`U9agJ?wbTYe+LidUJ@n$AC{)NUU% zjZ-3}ow7!l6V`hgb6P0g0+x}6!?yzxLIHv6(G7j#F6esQm^*?GrF)**i+-&c>$;Mu z)q6Uq*V@$rNFNSm_2EAe1R?qcx#;Ng==KY(K(2yh};^fD>H776&?o|mx?W`y@FbX~|tDu&JE7sD=g9%Fb_hSVDaD z2VPs=pJng-sw-OBek7^+vA~&2+ZNN7O&V@t+2d$s?1WdIB}A%%RL7}>EGp-g6eFJH zsnloUhVlXkkoc@*1e&h9F2jd*ol8;O<$J`ef2Jn*=5HLNQkG8ac*EVOc$&=`v$L-6#ekpxLod{K0|E)4SuFINQVXjwPAA>wl8;TNMN*j5R zknw8j+bimNF{8Kmj1m2nxXh53pKvQ}6)=CRqTls5P^HL}hohOODy)=nYGva3%5XIO z3?)p?&!~^z(W7Oenc>6yyIh-k86Kak5YlcAd7q$xgU6H6R;ROCmA~|p0&mjqp zW&NU^6RrgC?aQ3n<(ct(CyO>Z97AoHu#_|h^*_*i!vex4Td@jS2e3Bb+6@=){5$u6 z=}}iNiy3V%aLFN@td*S}MxXDp3aB!Cvx6?`bu%n3W+B&Vfx{1)`q$VQSzGyN33cBj2>#3ATDJ&!Ea;adlVo$k!zrjrPZbl>B=xH$%$o`$Nz44Kf%U z0iBX}mDGGh5Pch&OSA`aK=@|pMt&Xl%bNE>^u!UBBYkRTlqfyTN11c>9bY44BlRxa zw%qH}m2o(1bQNwnX<& z+K@@DXVdu_{*yLR4Tt8zR7q26#n71Ws?ksPC-CT*`b2f8g>PqUyn}BQ+%_*FrN0} zw0Pc52aLWnmEG!M>;l?QTSM$5Gqo?-tuNLRC)M6h8pTiNNef-di019`k8vQ)NBY%b zwXE51FHISA+_LhQ92H z_ocxZ`}j+sqy_lZERqL`Z! zGaDLibdjF1YxM^xO|87T-Soc8m~(TChP5^2whG-B2+j5ZS-|o<@;Q0dCgoz(T61N- z*Uc1zIPnE3$(t)t*jMBg^Xp1WoDYVjJ~GXZKZ9!)cwvaB?TGurYcS^zyYx-|MsCqR zOEA=M0bkXpztQ}x4N6v~)#7mZ^o0vj`wh?Y8sn-@F!e>lt)N+`vx~*0EnF?*w*slv zZ+k@5z<1I{(#zKVYVUQWGohBYTb*KUH7#kwds=NiZS5-Gj{@{G1mBG;z>gD|;CnkX zeX&uJMh}m9c(1z@+z!zclQ2CY5*+=xf5T$F#gn9&`sst^3~hFU~( z=M@I*LFX@s{P-Kt;br%b0xnu`$IuFMAbd9B#`SV*pS$+2noM8(g0wpjdH$2~ zz0svT8=dE==dEa>w)gERUGsMEjhdRF5vLSsX5_2Wvy(tCx|i2WH#Vuc@ATv?BcC5tY@vl zBUDecBdg24*sWAj3{o|oa+GxkN=j0n=(@3MNyn|`&yH0&!5t+n+z&3?|JUcX&B`$@ zD!WPTPW@|t+Tz!&Y$!e4xW^>4-Y-u$a_tI5QbIaCH^?-aDn)iec>^G&M-sW4jTnzX z{j3=pdSCwkN(c{{`>1^{R~`l2mE&Sv#=wrF=gsg;mnQX4cx_CPyJ8q^RAz=?agAs+ zE2#7}NAP>e$ph|yO&j#}@K4j)8G!*KkK`y@$((Hs-OzdP0><6i-~xw1oL9rjf5J*U%25jU0LaaeP@ z4y69>-gfJFxIfe2{cJb4!{zdNLxno?r|3_H4HIvGN~g;WbpbEDr_-i>p%KyYMa^7t z_S(&gV?m@KkL^5>HeQ9LXhc1}#k@^LsL^b&e-$32qZzW&P3T^MCVaB~p*2|OG6R6j z+0Ej91xlC`w-nM3ivRj06+xi}E5?;%YyAVyUz-H?i8N#-l~1?=Y?Hz?gf5HGA?j1A z*+rRUF~w!Pso#1qVw@Zk09Unho|xbo5zG5Bq7U&iqX9=s=vzNbb1wRoXvVi2gFjn+ zaF_dTQ>8apZ=pVxWv@66ySvbLT zh%AXimMXEWJ#_uh1DeIxyvn#jw(fX;MWFW!a_jL(rVdyH!U@avowi4GadB6D-joLe z!wocQpSyR1Eyr&^j;(17jSp*kTpBnyUgS;)OLS;dlAdvYhop9YP4Z@|6{t?`gPf76 z(MJig)m7lF8SbW20<-{P9=mAncrtG(uiAM1$4zU6`qUsrQil*&Lndb|)q@bz;L5D-esuTRfLC&!}~ zxpNgV#sMqWU$%`eks!Sh&ju`XDTsg^-`%}w?f!rPmJJ08rL(RZ!*DEz| zofz%wJN>)KIFyJ}u9uCPbEk9T>>b`NHf9>{nJ|zrtzY)@}bC;_yh)M(`ol`tK0qXm(!}qu(|GN14_PwrNPI zuFIX_HMM={W?4Ny4Li0RcESka^h?GZVQ)5kV)mdb2jZKVUM}{+?<)^)e--3DjA2DO zI-aVp2p}Pip#5Wh$y;Sk{s+y8bM#2IL4Q0_9(0N z@Bn={S?6ylfY`7aV~OnmF2yZ7Iw)muH*kuC4u8UTeH1VI_+c{_AF<~jyjzol+-SXf zeFlbio!P7(D$Ml{Tyb!IFu+w8^Kz7^aW!Zbd%v5kGcesZDwRQj<&8GthL|ew-Ncmp zMvK{cTh7+9M%@klNdI#eI}?NIIo|L%kLQ*=I{IzL03ej2SC6MmQkj~Zsq|!Eq@Pcl zr_<`fI$WDG<<_0U;IDY_Ujk8m<5Pa-&zRtCQ15^a^PrdnP)p2nMyr|jajBcq=^qR- zk%(_%2PCw?Fle|oe+rE@d@20k{ zkIvRV36S@Zzqt@6T}*y)+r6D>9be~t*yxiz>pg<>gwB8JlRo4M>_k1ni8$05b4`=G z!h6qmtGjntLd)^r4$t)uZ}>KV37fuHiqayc&_!>fCKZV#61&hcuD54G;m@eI$*IEn z26r1;viOMnf4MPTxswF(8F+@MEfyD70|x>E^rfe}5+rSIyt6w2i?{?&$Qu4umizs? zfG_HLommt#9jc(YH$`fNnIv(=r%5cr@X)V(zA<8rY1 z2R*4cvV+aP=68~iGG%ceC9){AJ{>6qV&CcoeKEnIvk?770nEE5L((>e`g_oFMs%7xhKb;&aHHjit1D{rOzx8F0^Mqi z`{?Fe46be3Qu+ops=)zdInq`(Nu1%acd}hST$Qn#RKb2+1TUyE+=Ap!PnNM1Rr?VGVZ_Km zRkB@k@BCQ8Ac;{kSI+G;u>M)sROGV5u}qc!usC~}nXxilcRN0MhxHW+nQYeBtb7=P zg&H=Nk}QJ~)13X=uTi%*Hq6zwEi{k>3%r2bNEEgsM$pURYNYiFMeLnLZu{e~VrKjS z1b_X@y~M?BoFz1HuD^~|Znv2y+tqrqipTqy*_YWyM~38x*lAD1FZZy1`uX&vfSkYU zd0emJzH0yKqVsrfC*u|~IqRXWO^TjPT3?+(8Rxk&fmo-v&h#QvEx%0GCh~!GWC7 zPDkNIGA`h*p8tFF>uqo9tff9*djjY|FDN-{QeXVwBJqv6n@}q?{Ilg@;wpSm{luoA z$oQYOuhy=&mfonmbvOl-a<6tuD_0ZIuI*IjYTuC48tT6EfiA-inx(>E&n9@(gi-8OCbmo9fMdkF)4A9)~n@QRO+}VRHW~A~w_NVALn*3-E#>!xi<$766pz7#yX2{P7^~tly>UZ1rMF zs9PwgxxFMcI||FMnRf8;OHWpP_x8FQ1oxHGMN>xV zc8?__l@FU>M!Sp8Qzwrs7*zkxLz^?>#%;&;o4`u3O{Y^xNTDSDBE6sr-i5u*;5n-4B-dwTE8n16m40`Mz z?5FuYd3MOKqJL+0xy>*#9?=!jpr}Bk*nz?1a1+1F>o<9^@|F1`S`?$6_TpReP#54! zHa34mNp|&IhXPi=9Ji9)$b=-urFFHu=lYUm|L*=^Jgdj^?S&~XID*6Do`VR( zQ*5pu>!5v1$0^SDEzV94xez+cODwy&*rl{lavCeN*{^3;fu?UCPb_1y=W7xT0V-l0@Sc{9h8j_1#6H{P)T1ClfDH>m-gF+ z;-$U~ZTTVtJP?8N#yGJl;YEw!G5^wePLilv3@9#aHBPCoZEKu_&6ne9J7SBMRtInF zf-CT)7*8g}M@*$6Tym@{6R~*NI7rkEEu}|2YhH_{@}KeI@R!r_uh&1T$k0&<_nUZg z7U~l(aZ=|j+$EIEvdv6NpnVc^RrEpzejs;MV5~7xI6M5Zy)@)lhv#0=WtWsybBll6 z^y?Pe$eK>uhh1ROel_X{Rra+U!n6qz`~g);)g%>WN-ZlF{&m!jE4q?Ad?-p2J_)}p z3KudoZQB07j&y;N9!Dr1g;LPe$=Kcmb3GUAJA4PNosNd^NzOB(wwiD0W7SSG{ zuN7+kgmr?mouciK2O9W&o7COS1;n8sSqUt#D{InG%MmP~$yu$&iSG93`wen(AAmJ*@+rrwnHtz-h~O)qVMCdyCpsogPO z(A}m(|4E;PR27X9S9kkkk3>af#1G?q(}&~F9u}^Et>nSs4i>k6y_~j>kdpv)Azepy z6GZRCIP!_@itk^e{6djK`H zbz#E@A}Sz)A_`KZOBaFA!GiQ6J#7fI!PcODdhli-?Aqc#eL7n!WqOLgK$tuj!OIv<}V% z#g5LE#cJrdC?0e;D1IRnetqu;V-J23JF&s^_)T&65Vy9N@6U=@b>~{19c3xzl&|P` z@|?g#hK7zEuFD{@jHXDT?0xy7ZymiH%w~!HXLKA#^zI5O4X*(t7r8&1cf}YIm&7W; zJ_%-jO`T-jb4_!%D+zAriBT^7>Ab<`h?V;kpi45FE2R zlbPofP_y#jz3CN~Z5DXy7p5kWdhE!^g1(z+z}w%H?#{~?(4oSE5gLT$y_{@~Gb8gW zdEArt=B#jL0N4}1`@!8bR3YtG0gnGHoV!JCf(=gA6Oex3sPs^(^ig8fo7Ju___9-% zuBqqC@zuUriFu;;ih@kEJiexFrn1LgJV_31a{AI4rCAmIc9sWKDCtP1%2t$nl$sok(4i9aVp`C z+q(HcI9n$=d&^q?>q5{orL}vA` zW?B?s_Udrgf#vQp%Sk%pXLx56`F%pANO2WwcI>`Q4IQ&EhU>19V5UV~(#-htsc61e8C( zYVuGeo}^G&Oblq)NkIXLNn}#kvozZ}gM~wXdG${j&8|M&`azT%nM&M~xO=;_KX)rM z)TaATdz-+Fr&vu!w~Qk0zbOQF#R*8zK4qPJKlsh|0}Bo3wgyOE-Ynr=I?oe1lfN{s zIBHxisr1csDTAHdkD`}o`5z6s`9Zfb9*SBp(p!?zhQoOKfk{e_RW*vJ#QgvxPP{g{ zTRB~$h1xM68J=wtqvmNy?s>g0X$oQ`7JncV_SUt-Cb!hp@ke}Lz;6ooN{6tQl+$YE zbEF!~VDhPEO5OVL(vs^Z!o)~z78$H~jtdG|Eby+pEfDQiOjsl| zx1DJXn9e;Pny+CM=0+`976<3%u#y^lmtlOm{g3I(z@<2H=_hh?&*x2p5z$r>!3Zi_ zOp|#u!MHfNnTzvq)7U*mZBX+E<&>v8ul%w}E4Nb2ChYU)*90tPPxy6O2D=;S@!k0Is1fFe<0?;;2!TZ&Ft{ zVc@XNY=z{=3i=k1_PZ`BpIBAq`B9`hx7{le>9Z`k7ut$eRX&G$T{ixtstNZ3x$ZtJ zvK^@;d^K>mHp(A5?^`QNWbpa_Vr%CurmD;xyPi+r)&jGFe%B@gyNbN+1MV4oB@1%(HMxdgW^6ngeaGmjt<&^Dlzd^MRh;!U)<%zx?@JU04OT_(g{SF(!b?b~` z(8T@q6f?oRC+msEQ~Yn!fT}HB+lTzP%k0u`ya>cUCOrB>(#l`G`}%(*EsmpY*)3m) zX@5iz;KQP)nvQALlXxq<^y!J}uFg!7z}p|@z?iaTS*@~B^9oNAhtEIbR7k~g;`is2 zBQ%C9ewptuQiWLwNB-21xfW~te;G)Qj}zb;AduTRpAI`6;Al57n%!f^xKsR1`|636 z{>j3l_NS+dpKF+gO+7dZwl)tv6-?}+ZsTJlAHxDyuX3a0MOIkuK%=Oc!=V5M5ciaP?R_OzydT@`qk z;Qe_ko$9e?g-PJM({|acM@@_WygA3?`}uY6jwr?BaWVE}w})?@ms3x8$cqTwp75tk zRM+-oKbHVgPI@TOudN1+XC-{{3euowrv;$DPRz>&Ak@zN$K~7vcN9cbf2^rTQfyS- zQNHhTm;LFWZ^e}>oi|tI+Q^{72dglKQVNh$op9*)0JAUVF;<5ET2rK`kqD|6W`#4R za8dhs3zs{Xo8?&?(jT-)*sYo?zq87qsTA_5YxOgN^wYxUsbm7Mp*@m}tH7tZltGUr z={)`nzkfc*&hy-R`*TyPdX(JwN=iWv1BfTYhJd#%kIy=zRaW5LP5`|qoo6{A6H}F8 z?jVhDY9Apdz3)FqAv=m5Kh1Nc+;*K~4uvJ~SY+OU`+0JKv*964#iMGR?gnlArGD#9 z@UAaTcV|AGuHmECZ_GUhuKGTrXlqa`XevMJa`CKqFew6x!?t>{ay6yq)dAw1 zNB&pevq$+S?%>%J5(-8}*F%w7|gDr+_Ihu_oXxJJZi z#b>HXtyxm0*&~y6NyG@KR@z%r$u7EX!f(;fnuAWa>4>ev_C9tmls!=qIWI36SOR=$ zF6^E6=h-sEYPb9LAknj_8pK&$ojzlBI>mBHPk2n)I>MtrER5*8zFWc3jIT()<(>=; zY-e!o5K#bDGNpA(UT!p`2Jj|9H^mlDZPf>dNS!mNv1n_C{(KZ-2) z%@Q&kLH6?qU1NM6$tK+k+2i>2$tSxmN&5@u+35+cb=E(-9mLJDp8KKI{7Ehgtx=;F zH*5KPE1NR$8w!Pg#>>~HoYG);*JK!w_y2H%%tt$KXxZ7BS-*x=y+kYEZZtrLmg^}2 z{5?rkPmEOz#*(;L`w*1YO6s#df#e3(>9u%o=;V_2R%!!=@^1K8JX{KH{hU{q4aeUdVtC|Gf~&I+pBY z!EgEivD!_#ag<-XKMp=PU3UMRRz*(>3_vRsnNn@wsu-6p?V&IPo+oB=Ebi?Of!~IZ@#oW%mM=%`$iF%A zES*lqkju4vq}hmj_X0OiuuiM-%|A?K#^V}#{aMx0<^kyoE*TsQHE}-r{anVSzC`9O$lHDJA$`z9u8Gw048dFvN>V5$vwYa60ENJW1x-Q*oW( zq}_)}fBeI_3U}7Z3+9GeJuzASNssOb>Vdj%McDK#@=U=bd$~Eg4B9`#3w%qOo5G1B zVONh>%yNQd7-cK3D+a!upqo>ayZX6l;u|6w_!ri%s|S{aAGb{8EoYKvN+cE5orU@@ z(0pRv{uCb*aMS+i^i$zixQ1l>pmib1eJE`qc6Vi|?0 z-KKNXt<+YYdqA_Cr0>33qF-;y_g-;qpy%nWb#@Gd*lpoew6IMGTz&jPNYFI$=b{;h zJhZ`4QxW6qF`dD`EM%R%pV5W_fmCe3$l^=ZgIG&Kebo6caqLh!z>2`&X=jj8cmuv#7{SpZ0`Br@Ocf_~)yc@(s z=5@I58K0X8gL+gON^B*ixByS5d)ItcjJ>rRRKEL+;;Vu52vC7n)j*S1{tV2%HDB>Y z|Nl5bKrpzFULMay^S_YfnZ!ka>hQkeqUAg+JVB?XBiKCdeevG^voMKU8>g{hQtq>g zgjNM@Je!oKil{v)Kd|KElc`BbEngfQ@?h}xD2|UVn&9}R!9~_M31<(zW&2u z87gk)F5sv8sCTQLhvjpR^DNZ^CXWvwpdm1OS&uh2)mZeqopKlrh1s+f?4j524?cCd zG^ZC=qNh@O?jLM5doIwQn5crr8VV(dv_D zlJWXxFxED@Q(|TpEf$rmJ}}=n`3Rx@nkR0GvR0FA8Un$Gt$Yn9`iKQG9UtBa8TpRe zA2-%P=WXs`aGMBPvhyJ6m#T<>(PRg(dt`+-Dw6sAZK9rxde+42mtzoFYFE9d$iR=s zLX%Ja49vZiUridy+Cr72zP3`pzczO`D*sA+{Yo91LAw?VnP|CNflD4uWm~*6{!Jd& zzr;h{H1t;H0V38vtp~h06K?D4d#m{LEZ|OOe!i(4N4On-jmF>G5KA1lqv`%E#dhK4 z1e7PQG4$8V;52kr|HilMC+Xhr#P86)f$ILOR!v(DEP0P&jV4P-Q z0u?gi_dz8ha&GC4TE)u6UjI&^S4J!Jpf57@SLhU>t|XA$lzE!fA{Tl<8VD`6lqk-@ zMg`HI@_MHr61s|J>+fBAl8L2fnS|g_x#RIWTlfLfNV)ni)?h`unJ53y>+R<>4NNoN zyaShw3cpV=P5nPGSm>!Le_}kXhXaF-^3FmnWrON{*DWgQ)5-)XlO(_0q0QBtl{>&K zOFzOuMkXO+D$}RAX4Q*$9pF~7lwA|NYj?Cc3v0f#PVB;OJ{iL1J7ufe z^NMjn(Li#!9V=xitRr+jO_;QhJ8@ozWxpqjh5`#9r?Zvxp z7fvV1>!4RCuFumWB#F?JFPf-ss+5gztB8bbMrc?uzWzb@BH~)cM8>y|k3f@87VE4{ z)1vtnamZ(T$qjmz{J-2_3nKz&4Sw1!pK#Uy{H`Uq2NTQ#r;~VJ6xpcUv$8~o2n^;W zuoF${xmcodj1Co6q+%m?Hf>h=8@nfZinpS7@3MD&w2{ht`ynr~G(Ks9I_8xZ;(@Jl zUuWXI_()sEJuO`NaV?&n`8yRkJVf0r@$0kaBk+Hy2(3+C=6(kMbF6fOE8ON!>I~p2 zF_7_t7@-wnMI00+6iaXw)=7}a<7h(Nti2xf&Ew4_&V>;*t^gu4&M{hrJ9K;kKmI=? zVMDq}Q?y&_So@Nj%8JMPT$pK#K>t)%hmLV0wfzd%QtB+KehrwWt^fHL5(2GmkIGcm z4tMYVOq-(a3V18IQM~9No*Jx0twp0gfAQvU^)YwZ*zHiS>5$Y@VQ96!L0vE^h_7j! zydDjyxR$AWgTcOn;Lo6dXRUEXuG89ru)*{XQP}hU5``}#!s98V|1X<#>GAy`Vl4gJ zCQ(0#GPRURfD2FE%(%jon@b+q#|etx$#22g{ZS$z3V|{{UC}Dn4N0H#pd?> zh4}ft%aiUjXOfs?JhLgXAX$GvN}~DULF6^Bu}I}&ppMK{7IfHV`Sa>bF~;1}+~(%R z2cV{vzQXBCLDhlX`5m|yX06b%@uFNPyD5w)NU~3 zzUY$$KGzXGLf7k#@mHV7mIMFwrD_Yp;u7~{dU4^~5JC4uXVz$ue=XF@wb8U~o5iIv z)5o@t|8ExK11ssx{%9^l$@O$)n}M|c**Y_y=>Y{flgh&pIa-Eyw;SbkEiNZtgY4ld z6EThfk0p&lHoz7#cYbld>mqr@c4N#wG`Ai|HZ$lSagwJveE4lQEqWquvf}l3H!d+# zkJo3);o}xQ_0&dQI<-f|<1ybL+NwK@k+zc;gR=lA3%QKN*ybLL1(zK+aqN2Q5GV>$nbRcmz0( zz&NZOVP_S)z8Ft2eNdICk`RgUi*}+prC;)`C-kwa=!jIlfg4)?3<}$CH2mmmRc>cT zEWp@H(mrI+ej1b~HM?&?!D4h56&U%w0sAIRs@nBGIh2Avl952`GaEj? zw;H7Gk@+2E!q1reoRn{TvE@iJfFC{@345V#j5{lzmGwqcFJpXkm8s2Y1f9n}0J9oT zp3A?@k{Ky;_Hj+$D7M|mkS?twOICKBW%{wRRJ#a(&Ra)RxVwqy*`uIl*8K0~&i+1i zd=rUlUXN++CwuW47~ITg&uYh@CmRd6Mh@-HI}DVOU;}XWRu5XweS;dR`uwwWTjG6s zPx-Uk!*2SvPLvy9%L2iJ?2iV5EQ@)$3_7sUo2_kfH_F+Whr$Rbs)`iF;U#88Zm)8GG1q8?aL)xLrqB3Pg-uAN6VqR}z-pNzQb4linmL;sIH7Q>58AKtAB=Eg3 zS+J)$uXLDXUFK%^KH<-V(3gLNqs;n@t(sLJ9zR)NxT)gB)T3u41ah1hxi3}M9F;js z4cJIX$eyt&-w+M{zv3_WL9&45FUs2S;U#C<;{shmWgi!5BzwWF!Hwi0#Nj_fDuc9b z)*<&+mEu(TO)A$6f;RdW)tdF!JmuJ+I>m*&JdLfh!KquN?|&3KOJe6%-}&ArB^c$& z6=Q-XmcLpV{Nt1v@`EBpH^Q@@uXwZV&hR~IfLOL202-lJvn|QRb|u(ul1e@OL|v49 zHTgyPe_r{Zk0Zkwp;R|Xf;;zIAaO`#nD+aSCO6*6&8uWd)92fFD!%s0{d}r+ZPnc? z=zIXN>fapCcyUe4?nbb$(G16y+svC3EAS2(8&62~i| z*;F!Hl9`K7-j~CcFd9mouyH7pQa+iP)4@1>yf@<(-A}IPt_*Bw)MG@uN`!m5KP4^o|FC0BkHns?BBjbyd$**7vBT@;Mp8#rKIWK^2yl+= znNx%aF-TF$JHlw?p5zNF?+?6pC_@ToShjjgW0Gss@Z98apZzL8k)u$hdaPQQJ@#uJ zPd<}#ZsCFd%!C7T>x5JFK9~}}O3_G&kc+6`U75qzk{K39M$=X1fOJ(FQSeuH+&XW{ zY>7*XVHb)MEQ&mg5wmYLk1~)5bo|4LDTB#;ozI0I``FQjPe3$c7=wodBe{@SKDJ7s zQqZ zSAjun_9OC1a=fDQDhKkf*x=ncaS?26C(EyC8Zg1w#6(&8SwptTGDPm)QT>auA~5l~ z*PAGRME84VMqq!gX9udvrhrGA2l@4FiL(OnwGQ~B^31EEU+_e~tPXv(Fw^Eq4Fe;G`(l2io_+)6+S$&ODP?+`=8Qb!-%hK!4ETG%;u@rT}m^(al(iyh0vuw zMC7!f@DCCPA{y4#8I-l14FS}GK7Bz-twH$#tgkG&ej;E3zLdWd;19>}0LA(1>+cg% z40JOQK8Rw|VzSCfq9Fr|@!_3$+z*}dE(G6bF3{C`)cSDfZ;e3TZ`j%n*z8F*1#L-f zgvhn5tcRU6O8k%u{5i?G+s|b?k;_R?5`48J_+_N>4=LkKcst|Go>C4nr`%|d1L|vV z_E}`=Kvu#HWW7*HaGl*vUEr4Pyv0n9$<)hVFK-UWbG%6HaW3uIzB{s`8JI#|N_-M) z5lhBX-yqEQqK{{bi-$*XAZiFbaHj6DmfFwVV>!O%q!l}UNZ;rT8EYuQ-7vX@;1!rT z`%?6v0;{uOUe2cM_ha<%^_&(4F&yP)0fwt2XG`l*;6BjdVLRh>AOXsnu4z-&)rZ@C zZh!F2xb11~y(RI3x-2H&AB*N1O-@ZWLFnvUZtmba@z2@hN4OEUy%Xf!qsky3Q6KdW zD~gOo8eGTqhU#l(W^6TQlRtYfj*7p~GcRPT_H`KrQN|hQ>&wo@n{$h~I9)-@;i2XB zb!FAtYT+{ic`BY3K;(W`9aq`{yPVlqOUH*iX2?J_d|lZ~n|GQ(d=~zUa*kR=Y51tP z-ukWP;Q|O$)L3E8Ud;Ka^Guy*%v9bd5oPMD>Nx|NDdx=e$LKJhj z%)>8?!xm_3+Flu9vM)v)61)qVGAV*qgzr*+8`p2!O16VloG=gcKv6WSZ&yZh;v>Yi zRD?cQGYi_LY!(y&S?C#~MuEimF;G}!L&M=w1sdOLRN`7+VZ%bkbd>(dU)|X|2)?Lw z$~P^VPG9eCrQTqVkA+M3wQ^M6TQ+wBC;tp{8?CytIUUs`b?Kna@Po)j@UbkE;Oo1G<=9O$f7kHe%%P>KAWvyUt9`Tq@~%va4m z;Xdo+{?x~8d_vC|TwIDlsc>esdGANdp@Uu5Q+_{jiI5*F?lTW4kf3O;v(6(#)d1x6 zNTjHE&B^!bCWGWbR7}rCekYlfoqACXhok_Sf7<$h23&}N?)Q6Pd~7iym|9t~TjM!> z7)iE{5s2&T29K+3pg?8tSaqLgb`9O}(I$lc?6}rKR&;6vl!MFwT{KQoF_%3}P93|C zTcxR6{N}nQsHhKDTA>YzP!d3VghNvh7sWS4DDp`GwSKnLsmEfkeb9PiYnltWS~fIX8Dy~l zcCI#vCN8sk>#}uvGRCiT5H09b9H;22619I>OcvEPV#B%@(IAqXm`q)lSK5@ zBW);BtnS9o$;yAj@Qv+4=Iz3_kr2v(*r$(Q-t9We^XXzH@z?xk(5_V=^aZUf2S&Uo z8fdD#Tm@(FhJJV1ZXs?J(Qj?xd618%TNm?QY;p%%UL&Umva-f>2^gwALvQGsX+3!V z@Obu6j%@Bkd(3L_<^`(~G(=nQ*dpVWb8nuLLG5@!t|4uW2*Sc5d#?V%P;jer9JyJq zdgVY1S$VTqxT2!?kNE&7(JSkmH`X~P-WYe!%)He`nWrf_r!wY;e9kkc=#33M6Heh( zp!EFn%zq$Usq*t6TAcGF55l0!R^eKNeI?ug-C8~G^X&ZYYCE=2yBzNS%GZeZlc8a6 zBIYxM-uPttJ+VXLNw{8&kL%3Il*cKrPNY-OaGewBB4smRh5`^$I_m+_d?DD zZcrps+rQ-T7f`o2Ud)8Z=ev_CG2)zT`4EPb;Z`kopyzz>*rVd&wBBA&!x8RrATu@U< zmM#$1qTAP^=7|7cO$WQBz`r@<2%@5X5jE()F)#Y-!1o6 zVM8~kPSJ{ns@hj-^C0-E68P2ShD*s{M5%@)Wl28ua&I18EeDTG4LzJMj{6>Q*<9%@ zi|6?!4Z8gS5pI^wsaucy443``REubPo$j*Id@OJc11${RPPZL)x6Ocy0l!hLuff7f=RmMG8u~?~KP5E&OP1y{irCjKoDYIg;(Dyj-gK|b zK;YhA(18&3Cww*kLEFrFS$NS=L0D0PpNfT|WZ!#n`JYc)+Qj2>Q`_SXp{O(Iy!=s! zRADOqxNSK&GG6;&5j(N7v{y`@RO{Y6YqN1iGzMtdpXH!_czTV!<)6wZ7po|Yk=XRO z!+Xs~2ifVDTT_nwE2$ig?OL-rw{{7iSTIZ>Q|ki?d|xNGMpG-V!`$RvR*2c>RsMsz zSGNfo;qYwVC0|MhgtFGuR>(ll7K-NE*30VhUt=JA`_nq)`o%M28)Si*f#sr3&@$jr zuv5EEFGLm~WH{UJ^}XRK8(+PrWyG+f?Fjr29> zd)ZttYR>SSlJz-@X9e10n3`bZe{YtZ+Q+?lANOWn+RB)EPqytLh|bi(`-8{zUhwzw zQ!M9^n}Fl#=2Sl5HiBkpO{`}FZS9=xcI=c#CJ-*@aXNR}30kKBh(yhV#!4TH@@LX6 z%_f`P`Hp?TUge=plW<*oEo*rO43Say_{PV)#JQToTI{jwd>)(Y$Rqke=Dm%ez=x6r z4S2@Ycp*AS5HY+R5fb|+|1{+B{Y6R8&bj%z?!5~Fm{nCLzyG3D{2k>p#={J~A+_fp zUkz@5Ax?Amn7CW=u%xB0W~oKH?pK+59rhZElS*ITNP?*fN#MQ4HZUGBeugC1$io(N zy0UwZ|Ac+-qLsZE0lqXw;QI`m07ZM!rll6S;PYKuzia4MF_` z02I5(_^p3#k0Cx36#*Kukqo_e^7*iil;rV$(H2B*|AIr3^93&2{zz;8oyi11WiRHo zSK+m?AgTO2xkk5(JZ^cqxwO|!%(W(czgVc1J%kh>6G59Jot5L2^@(G=yW_m^kcDo; zvOWYMSp?l|0hyLz42``P2B;XZcqHm2D!WzZc6#oHA(V0cImV1yK>Ql<+_OnIPN^g6 z&_GsxOu5spPow%5n`a3Y9$)Lwn0_OkwdTNXvBQ5mRQ;Md+}!0v-1u6sLVA2cAJtQ& zbNc=Js+VzhcB(_eTO0RP(tKN$LMhl+?(>bx#;3CYO5)qrh}#1rPwV~Zp}xfBgp+VD z#H}i=nzQ|5`f*k3jVU{HY5j3d$|=FHI?`_5!_C(E-&|CRfxBH=FT^X8rMfXG0DkPl z5Ccc~h#2*7TaawrJ6+eUl#+t1f*pB`DMB zegKYbcI-Ha8S`O&3u&&?lj-*f_)Z6}!^3Qb%NiS1reGwo%QYVKO>pddylS%ZgLh{t!w?6pSR^n8KCJN2#?3xY z?Z?ziBNSS0_N>;vr#=X?nNUd=N0kCf{QOzv$4<%CwEZl(-i(0ML}Vk@TJXE9@wAlZ z-a-FRqFcnQ$CSaW4hR{!d7(Ix(de^u1ShJ`x)P^fZ_I3C4Y7Cl3(UX&Lh2k7NaxHs z#=*U$L};xGB+PWZR5u*TVN_FCbE>y5$`QbGz6@lKNqdAUN5S#>xFTYBTLAVhHV_uh z$8`uNhVKr;BEuRy)%uE6rluMTRp%fxe2pD0FY*;C4}qy9IIcv9@C%2cM)x&!!VeqE3%^f}mOsGiKLS_ z9rJWmRq2~OD>;wj)jFgfTahBGJjp`dFC>E^S!>>_>DQY7(VIQgD$sQ-D6kquU>>1J zBmxpU@31Hf8XYB~?NyW@jP2QX5)MAFXw3nqMf zb-)b;3YM%6uHIM46T$MTBu(t~Slq=e76n?3zXX!09Qxt$FmKD(%m45_pB9<#D~ zYmBo+{m0JATj-#jgCdHJZ;P+myxB0Rv!~MrrgoV>4$`xV7))N}-!yNebh&utB5PKW z_{5FJWuwY=c?hT<+WA5{SB-&oua-Wy->CkpDRTmMhnwyWd7aMss}p8MJt#9XqYl3> zq2`~mPhP9B>gB)8drN-Ob8UP25{yety&O;l;*~fs&d&S|#)MZR=X^{gtK8?C>Y{dr z?Ha|8+F`cWM~QW|41AUhJbXN=RVIO0UPJHtn&)66c3$IIa17B>%Rbro#HNQukuMr? z*gPNaZ9Crg7YK1jeLtS7$)y{&kKtjgSE3p_yYO~!b=14o{X9#{sGl+SAV5xipzJB3 z0qD|&S?tG^lcUiH&~0%Tgu4b4ZlaCvePLQJfV*x2fsI`QvS}}hjM`eAXAO8wDn!6S zIjds%L^G9%il@qvTSsme;PC3b1=I79YbvFu$15Aq6vRo*&m7CAw4Ipt$!}{CXZWuR zw-WuT8_K^e|H%edL~oDXy*;KG`Auj<)aY9&Nf^7v64vfPFU4bjna9gR2Fx9>okiS3 zer|aQ@^LS;&DE3v_c>Ne@U3L5UZng-V4(h%H-aV?Vk1Bdv@6bN3 zVCT{&eLi2AO8sW3p4CHV7H+tQzdQp%iTS!grcSs39E{UD6!3IG9wLuF8Em<+R-!m1 z&zEKv8VhcA%~N%bOM0F*k72Jgb&??fmb5&+wgAjse1;y3kNv8sx9#hGu`;{Xl&-}K zni48dZ~T(PJ%cwjgs(zxWX5T^t(m<>81sY>Q6a9 znRMBJ9t5)>XfHp@D-XH2fQ&!z!USau&}o8?UcCV2%=aa}S#~=D84Gx^`#7Dg8gIFe zABiC{cf_UGXTQ->fYmC zBL2_>!N{{U!Vj-M&NdnvzbSAq+GcFOdEFbRzal+Opik_L3nVnl1yoJ_8n};ytC4Pp z)4i-R2E!P}Pu4EQkhdue3NfLYZH@)$hN|^=u9q!$eO@~;)#T{panS7oD*Y)BDAQ=X z+s25jF)cy@lL3OzBlE^7-0BuAAY$VQlFJT0$zBN2S1z}Zjlk)K{RuFXm@9;k%Cqg( zaYGXwyWuJ?tp46;lkO{YKj89WTi&;Z)WoZkEWzJ3LRR9#+-*Guew#^> zJV~!OVXyeun`N23GxZLIYkM>1>V~6mj%0InmhTiSvb zS9Slijd1Hnp>Lp*3@^Iq9UelpB0csYXG z5=qBqMymieR3CuNR4E`)U&NMvDwcC>6Yk z)EdBv=l9yUfe&Z=Mg7I<-KYbX$Nsvp)|oHfM7h_z#yxZyylzbm$4PQp7eE-Cv#f-I zPp}aalkL??&2wwn3*E~p^9`qyS-8a6s2s6gL_ac}e_mxwr5ds4Ha`KL&u7mtO11?TrQs?SgBo!eYKr(jN&P&pPJh9s1St@ov4l& z>eZK)z(`XIFUA%?Q!Y1h1{!^~L(I*JRFd;6i);XY=bW0V!Y#dx*y4m7p?sMc6+-+rb)<45Gbr|O4%(JndAR&mSs}Duq7teCAxBr`_2;%)?Nd1ptjqLi())}iO z`rn%FGmJ$$=YH^D%t#B%faYclUS~+5#%tsGFCnPB_R}m@lJh&R0i{b&ajzD@zTzXZ z*B)@xSv#)RF_r?}@%&8XzQtoS8L#!g&giW{L5$jWP+t{*Uft}(EIGPVZ#T|X@B}4_ zZ#Ae-Oiy5WYjny@x$R)u+L%a`mPrBJN%OiV2i|s#XCv=>%98T&zlEm`UYd_}n$H>? zCV!|Ff8qVr4%BsvwNet`WdhGZtf#}5TdIV3sM!A`tAE7~qnH|v#bxycc>4LqP^Q6` zOk1**`rI%Y3-lSfu|P*&xB*jftiQ*z(8`8%WtO!{G)mN|O9VY@5D}O3Mpjfx)$OfL zVP#YnZ0USn&qP&Wrh1Kv3XzAw8}UJ^(gr8zM+coo}cC(hmL(%O2p9SEgBV`3@27d zZ;Cb_&Z$lnF7f;c0@>W3Y6U*kzK@(9yKZ37=!g1|!g}(oCTZY9mYhOHzA zd%YuwnA&}Cw;=!}NM0{r#nB>ceyRc=&fGn+{0n~c9VY4@iH7RrbAGDb>V(XA?5|+8 z0dtoh6hC-7eI3U@T0g={W+$uu_L_@}{JxCwSyCU!fy3P?@7HIDdi9`Co+<0szU#8C z`9x9Iw!#9Xd;a(C!I;v0usj&|YCeFp5>cii^c-Vq#KC(uQY`~69)QeBH>gjAr`Ekr zrN20{-$O-th#XIiy-80zj6B~LQV~wWT`YK$bs9k({kN!nC!K-w+<8v{jzYHpjs<=- zXA!cu)pwi4XDOd?VHoeK^HMcvbqEZ8`%f>)9~JGwIYc}qI3~;?WmfXbx zW+1o0Z?Nyz@2-lo`_)4V@#T26sq8bO=y#nL9*`N9b06qqJtPXOxN83~Z>-pz?GeNa z$yz`!CE@9gta~9>9^ODM*M$fMfK_EkF7@ zONmt-mF>3NDb|kb?CwCFAFAeSY+^^PDx!gfbBkens#=-f3|{d~yOa&d?YE3-EuM{n zUxM{HP5-7=toSTkR}^%IGd}jkoS0{>n5(_Yy|w6Ibx;riWSBT$e~Kn=u?BCUsM$>~ z;g)q$LDxxJK^G~#{kFQC0s(ryw^-hgDL9@N2^?~sK#{=7=8=D8pEh-5!|D1&^2K3R zY=b3YruM=*xj-xC0aNWP%|Jmt^lW3RQtW*JJ@Ys(*XBcHQGZQkFr7`zIarK&@foBO zK<462N&!6DjV8G1aB-bf0&AmOZIix|`8tuC8*axO)Gp9;0@ znc?`J=R+hC>Q(R11QgQ?Ww&Eg(HIXD&$LZ7SN;HE0@Mo2Z%RR(yyerWtjPJ}<|qTg z4_f$F^D|{jhP%yl`hHxuc>T7*Q+0uXdyGpihFB!jHQ#yXxw{kPb?wWE6-|E7a?<{w zg_LIVHY+c;!D!Nd1FvJ}&pIKvyXC&2LQOM(ms)H~mWg9UHcV(3XD8AJyWYRxR_q}3 z!|vRp{`QtrI8p{88!S;?H>C47ogB z{#7-b+=o>BW1l;d6nsT4-E%p^UWLWdTm?h=zC~=PurIfPycd>P4A3D!NsS)5#eNui zvV3R54cq(VsDA1~M26vvLlH7tcg6*w(1~rGz8FmkN9+94mu$5qLSdy@kEBdCHwxOXQ&uW71^6G(Ae0xcXZIY0NH$Kcv8`jb-KH~Q%fIDXsMiT zFZw;7ifWUN4mdVR{*<3ge=8DsQRH#GR!0K{zG zE1!J6sqjO-4{Mc{r~lgwf2#Hapk7v5rjyAZD#3pfdR0B>M2jvcG>v3oNqv2b8r%l! zl^(jpttgRl%EJAEyM?$GPfV}sQ(8Cv!~QoeSc66}D?JIsi7Z;b*P;kxWQ`D|LGXn4 z(crm|e~T^k{?%;boY`6%iPWq2SBkk^qJDzF;F?#2E(xnaKzjG|iC=TP$js!?A2hXw zRX>=F?j?0*d1@X}J6=9UdH*rfr|&65YfAn8YJs(ikJT66R>4FFJ1&!@#NLXX=#=Q4 zG0@-*n1}6Qz8f9-uGd8+ZmWS%?oaW=Y6b0)W2_1$2lGp~zfilcrN8mweffu&2YEhv zKyCk0_!IMxcD8Z)#@FWSpwtK5DF1w|dq~jZ(jKZB)6BhTQktH}YDJ!nH@__FbL#vJ zDG3Bi9E3eulQ{;D%XK$V>~R}9l`W+`nPIH*{@bx zsra>wg5=|T^*NRPz8xPw;4$G%jmZqYwRcZO;9v@_151n4a;tmHjvW4)c}rY{MLF%g zW#Za5@BXiweZ@ZDu>@y8E+p*^>l}h#W9#~Icpxy5)y^q)p^M0WA4mMlcvdjdz4u;= zF|FkJ8DuhA;Qajn%s^Tam58TQRJg?S*VwCly}#fevu}Kke3>~a9`cLf37Py7m*z9- zzSw3baDP<167I)6VzpO}yDpc`qc4eDx+HGtAG^!Ty+=VUxXwKYy0Hsjzuo|U8k?3m zuR2dk(V0Sb7LJ`Q>iN4b_??+;5P@*5<*lpgCO0)R8>(CDruAh0rd)dz-{c;veIBNx zwC1@(*-yn7$NL->yEH9Mt@SLPYa~7{I+T5X#sHu4f4qaDz6@>(GQXz)iq%(?hcZ0` zj;jIi^k;!ESGvYM&b<(o5}4El(#MWR*loA*f=Jcqio~}=F+AFz?`EF zx?w0nF#2n@g$TWbbcaQ8?CyC+aYH_mEo((Z^&URxn_D(Jai#0;tvW)zKImBi07KQ?53uHg*^qzP(^Vi3VpM^y$S|C{|3^MPwg{D40|!g}4%6)w z_i*(h15MS)czw48-qvh^k9=QgYopg-5*L6yjVz>6Mo^sUZHhIVOriF{jc=Un%Wtig zi^*<1bhye?CcDHoKJJ!+c_XWjZ#Ty1Tq6ka022RCZ{HnAW&i$vL?NX_q&j)5icUPF zWmf2z*`bU=Mj6S7!riut$X=&pOZG};WM*Y0@;HSYt3!%o{oeO|=uuA3r#`>W^X(6} z>%QKvYrU`Q{l4xMEe~i~@c87u(X#W8JhBxR`fpY)Ok8(n=bN}|%ehf+?Lp3J$uDZ~Metv~IhPR?26}DS$^~+`nzwv$0F+p%#Yr?sB z)yuvY)%%o}A#~x;gH?@Ujh<^uG?XiKQCG0nEFkNQH<;>X=W|)$76|KgXZeEa=E%z8 znW?FigAvp1p|sV-?+)LXO@Pr+69K(!!5mktm+r3YG%^>nbE$Cxie>{au3~TMf0<_7Mj60(^ifl8Pk0G z%Qjok^<5VvpBvU%=N3cO>UQ1rx>l0f`uFCE@A`KU_I&J&&(0E4871*XytAR}AI;h1 z10gR?7P!&JpR4a0@w-^lC%(=haaD?`*68RSt-evEHS+8Y%}!EYTn(qDUR8~DO)4I8 zBfl?u`F3Q18BZ^;D0;w8Wj|VF^vm5(Q*GUkFZAq~BWgphj0}=b7e?}T`;0!b85T8m zyfpZkVZKGG;GDp8WcZy((csy75Q6-c_g$FxbENE)Gn{o{dbQ=2;@aK#)*<(xUh&Av zqKSt+`NYh{cUkP@JM-<2*DH@5*(JWgdZ_EO?|rkYuaY8L^R2TxONbnGGyW&v_U~dd ztBquXOb5)^So>ll-y6OYC*`VyKR~~^mft=8+<70VyCIx59NQD}%9P+9QoQg);oY;y ziC4YE@UOO&*%M5niC3@ejh}zBSED_(Ph_|yaj5;$seYyI9ea1_2Nl#hB~mj9#Oj_< zp|RK^aD%61V(!hn3#ar~$664emdOi;kpMxu2OW&X9Ih()TUt13h)q?9T3ud~8sLqK zl)5}!@}R_3y)L@|yD&80BvusuB8nq5IDaz6vd0g+YF+ehb|QZAS?;7*=+IXQxnn2e zUzm*)FZ3MrN$s|ncgy_C`oQqhljAZEE}v`6zA!P@|Ix5#%vtBn^v1{-i8)D|$p-7t zEXZvj{%rh-Q^ganh0U739Fm%F=E2{7w;nIta$PCVdFWC;$CgqDKTJ^Hv1f*ltdBeH zO6i#9k7_G!$rl6Xt+gjj6UDEUfkmCz^j(B6NM!w3-sT=|7x>+ zZZOTDjx^6^T8P^=RQS3`a{k4=#|0ei$(B&N4fgHWNvn5l=hr0RTtwa<9J8M9m+Y2v z%np0%_vIPwK1ahD>)aW+F^MPjJtozU2ucRYxv%sNrrJumxHv5k7oJ-QaJr3%#m}sc znHSs?=x()|2dSNB;!~?*f)3Y8`(Dd3kSWE)r_>%1NILzt{CSkV{=KnLcW+@$#U7|H z&+y3jQs&g&%mL%u#} z7hT6y`S3b*CTVh6e-0S4*FpVSZK1LkUv14h8}KZ*#vB9~0LIAyrVs9*Z#Pa8w#vBSjDR%->DakB!{a>*2;5V z?)Y7Kl^OOv_ubTd^%u7xm*^8)aql+6Zisv-I0n4fI-~z6=N^K9^k2?p zt&2HP^M^8P!SyH$A>ZiGhze_tT=qASFWt1O8o;~V(7~Y?Tl0crXMJZxq~ zI_G2vemu`di`06z6hFq|^z^O9$F;?hi&M44?Tn{OOop4f4cTKG#Y>zABr@CjuO1w- zeEzjj{AkLU#;d2jPYc7k*yVR&_hmr%`Mc|KbKH@QtMjfUxKm{ELXTZORM9bnw>CCn zwGq^AnH&8oIl@$H`p*dLFZJcV$1APf8#;6yccT9(ezpC#Vb1S;?m-E1QqMrGeRsin`g!b1KcN+!MyA%VN4aImw;x1J*+_oEJUHcDPp!D?Tq~sV%YB zQ_gi@;%Qx2(|0WKVzz72SODF2uB98^2Q94JfyZayRVrv=P`)#Y11tY_;_(YyTYO1t zE0o|29!#7~$!cG(qq3IDAz|#|pSN?sqblUP43<>{Rl1f(X;}36C@hVU)RWN(yfA%p zLcmeYwOV8A!|EhP!Zs%SJy&br5L7=tIBI~hM0IRTV>)A8vhx~vtm&lO*kI80=YY*E z-;wM(w8mcnPP)i<4<^678-v;|q183lgOPf>mzc8sRuS!U zLDT`1C0z$yn$Q{M67c-zC5!ku#!?Ma!M7Je#p3=toW3-CF5=K<327IqG^#VwCC9Jb zqY6iXd)WKp{yJ((x5MNLEFBVB?aNh2{=PmCuIr#l1CKa` zR&OZZ+J85ZZ2Tv=+FInJh?gyHF`G#{l%AtHP-&cJxJzDMQ$~R{lU?JJeazYV5K;$X zeZ#@$i1-sq+%wb1KU}aXUOpZIfXy0$S8ZSD2~B1c1|2pgEIr(N*)n<`TXcu8(j5J6 zI(vsg%hYqDAvcPiEP2}AZ(kd+;~B_SCzL%S$Mlig`OOcWHe$Vwa8%cRIo0pO2iQxq z>Ka4$+3)%HNpKeokbUU;;oQ}|c9krEjYI{qRvM91ryBxkAXP*qgI3tf&;M%o-8DrK(rQ1tsA=uo-FE;JJ;@^woxCT!o2;{ zOz9|x{53EJsp9XF0}=6E(ZlnNxV>Tq5fO`%0)4A7vb8zw!k2-T>ZKAJ{YmJ+XE;m7 zEKUkYX*i(26pRx}vE5jI*gxny2ep+7hbz|GRkXkveK&FGX&fRNHflwj{b@i%k!1%K zhJ1}^eEzE+&x+h&*Jvaw{4V>gl^`%Hu#A-n4X~! zx)p^2rVi{hU>-p}*N0qLUfn{JCI!NJQS>lo3&lWJtXRO1^=qXa@Z5oQ6x09$S^SO; zEa_zWTh>8Kb;Y-aVkQ|;TsT;6QY=D>9{#g~(DHryo4G$EDaABvj-j z>4Z{XH-uGRvCRBK6~<63aDRA9SXqTElqQ_4@0)`V@?|ZYc$Bvlaup(ymQ~?eipjx8 zxe6(6K|HI;RS5mC+95JlR3YN_$|{6qtgJ%B*cDYsIdbX{d80riE!!x5F&Lskt&SY> za58?k$HJ`)cykc!hhS3n#eG-baGEb$>>#8?A<1o}xCJ$@$PHxGr=0zWh!tDVe$bCK zVi7^hiqK-Ite|CW;X~gTifaMSdWvxtfzxYcoGGq${*r$Vg#mZIM>^oP(b zMvk1Jh%w7D^jCucm5Zd$$kDH;lz-@DcqvW_9~H$K+_V(v@8TTrt%-nO{a!%gz{i@`tag%7~fxGpU&3r87y>O)+fA16sWLX);K7=Us zn0%mhrLdl>Q_dy0%URiwe)I639fVA~LpojmO%EwKxVRUBP(h1}@v(Na#R)!!u54_EdjwxG z3Y?taUzi!noM;%vEI3P@p8v#dclEj9y*bkK8{a7QVmG&iuIY)s@zCO{Pp4~(uUhZF zGNxAkbYXY8Yrw)4;+X+ljpD$UhRE?Fz133n2XMQ_Iga0NnCO~_-)aa=Rr(GS<5L6K zB50lJr)QcbE@Z~LsV0nqJ9Z>lm$Q!5QBfkh?oal>-;CfJ7Hl2oCkeQ=fxtQFS>AlL zc0&r(mr@)yH$lq%I$J@|CiOXMalcepcgwl8%B18QX+N%Nl{Y1!rn?0rGH{Apo;I?Vmp2orY@_nkJT)wN8H3(PxgQpP!O1;yAEQ;Nx5tLDTHUeE)6`Bb=oxdT!!8p( z@kjbj$AW5@I|BhB@mZu={pzuTFSjriyE430s?=S%paPN%rgc|FvPwCieuu!`-$oro z;I4|KQk-ORoMghZVmn%~X__2owK+=FU2o~T()`mQ{R zlYrv~WcmAS`1X6}ib0+u1a93V6-#YgNGz$`ankcAL`-j;x~owEsT}y2ldSTMz`kkS zWtu2i^AwWwiY4tXAngt!JRT-I)&c*aVY06g%vr{$nh^Mb-HEWx3rOaGF+zB(o8+65 z>oVx z=8oaFm(c{E+ddu)=!~jHzlVZ1(pxxT>)mt^Hn? zu+cU~npIwu%iq4rNFH164>9VB40@P1b9(PWGpUH0FvW6nDY#?e>}8Y&@5=`Ic<`e$ z@|u}!W2ISjMY%EnN)hYzw5e3x-9rGKG1bgO1e~*?TxEcxge?zY)D0N)*!`N*dmoy~ zOw`0Lj+;x_9n)qn^8|cgz|GnRSHwvX6W`j-fLSwJ_NxNV9s1 za&2;`GE&2qM+2V-9_B5a-dHq~F90QSbE&&yb~?x?0Z^=uhXT+9K#9_zC)}@yXDyHS(Q!F{)P>;jZxhhZ6xmByu;NZNu8!6HW{AB!a%w+viY?HT zn7CSBD-2j@uZu7o$c!MEK}_TZ@QpZ8qkkr#UmW*u4TFB&)PKbU=syMMU(x!vQfO(8 zY{QWW%RLMxjF(KP=Z03q2bEi~VkEP9tTWFbjMd&Mdp+M`KzhoH8<*lW6!Gi~V5T=U z=%h`x_&dG40Ymn|kaZTyXA-5!zw<<;!*JqV1a9^>9Qrx_r1l^0TLrQ1q;YL-9Kh2><(-|0M*X z;QoK_&402?mz*Vw@t=m{@1PW62x3=R4pR32{F<5_lTic1X`a8Lo>(+Ji8(+E-D=n2YpBV-xCmUiGtQeQxWq|lB2NP6+D>` zc!Ky)hB!%qP=+hWA`AzbqP#R@;uw(0Tt+~IkY&`rNSv3|)2YU5?7_pEy)4?k* z4FYDJEWaHH)~jd%jJHZk0z)krMJR*W&(gk~_F&kSi2#Jam__1AK5}j<7dZzlBdWp* zkaH8rxkJT2C!n9RexI}45`|{Hvx(CF{c9D`{vz6-4v6Z;u;W+}usv@k?nj8r!Vp4j zfvJkmmp#CO7ylT`i)3AVbn&!Kw& ze{i2RaQF294v2|s-~#=RGOj5dAS4BiiHZAN4PL^4=XYU%Gdm2J5C(t;`!B&!cx`5n z;68$VM7gcX6NWDyaIzq&!X&*x(d>6+1<81Ugn{#~&E#H02rO-S7m!xH^)PHD*@`8h z1J7ZfE_~PxD>AF~LO|OqfQWJN)39yg4JY9d4VjzCBH$4p*q?#Te7`O?79R1$?=ftW z9u2&h8jdDfE6+kt=(P0YcF z;d$bSBC-uI2Dn64^h7EKHZOt~!C?4cm(1j06AmdZH$fiZs3;&|fH8zydAeZ0i7FB# zO+GF^czlh6hd9~5EJ_5T7szm2iLD|nm-Id5!JP!lT||=)(5<{QL=8joGTv0~GRYnj z%UMghUo9V@k^+Ol`UD&NTLkpqfGA_Y{tQe2*8{K#ze+&=4d{P}fqvc8|Do2ul|ny6 z%M)P*kmLA&KtRZZ{U0d$i5`gXFZmh?+IBu-A~Wcbz}$ko^;G#q6a|oNIHJnh4ptS`Mg#6EboC=b-$uZue8(@hLQKhf zMGwKYy?mxES0~Oz*7=m@Krc*?_s1QGBx}T?xIn9{F4WILF6`x#9phs9s7b z!)pVnn>}UIfK)GP@3ZL9O}q!ssyzWJ@g;a2Smkxu48ZiJR*~g8WnC7ni=3;-Bm>OJ zQeOk9`Fdy7QUK1Y9DfSPnV6M+VM2R;)M@fO#6k-HDv%Fgsbr90M5CF%M>{nkq^=Efz1?S4d9o~ zzT`3kKsZ5_-A;9%Rz^$`7<+2F4!^qG^U?s>HXsfpM+$j}K6ywHY)^g}mnB(c2ctCC zo;XYmqQog;Dn2wg_bIepz(6!lMC|gXI`H3~o@W(|oZ;x(fJ^M3RG3ViudE>8A~}j2N8KB$ z62elNn@DQSc2dPogJ!`jhJ3X*Ip#Q26{%@hP$(1~>g)!STmv)e+j5NHH(j*sPVRAP z6pDc%n3zhv1G;yz=>+#dmbuLr-i6asHIMLn$~+9%`!?xDv!vLA@bYt};@J{3qyYU` zx^(eIuieAvkBVDXs5f~zo_(t@7i}`Wq3{b2r)X(A}#)qd_fvp zr_GY_J6KYbB_6!c7S|M*pfap!oJi={bF(&F_CozuWy`cH(xLPPnsnyq14pe^hg^Fk zAtSIksgBxEc$AqcJ33qBtCNI{aGh7`7LmU45c4aW>vJ7G#hl8@c&2c%RBh`GyfJN1 zse|`P_Ol;y*JN$yhB}Qys)=-Nt-EjZX(ik`H|q8(DM>ABhi=T;{ac@%zj?6zOqE3w zO0+AmKUm~_g`KXq=8+^VR_4pc67vqqlyw-pHP!S!7!8XT;9n!e`$Sb%adm09%*Q^u z6k5eo>UW9P6YAPCZ1}IIvhPf4-Z^~j%=y$adv3k9%h{*2w?RQm6S^(TY3qC(FRZ0H zz-7@8$ey@Om71!Eng%^+S)jzvefUkMQyA(iaa~^E)ccJU0Sxrh$@|8OY2thBg4@}7 z=!w;LKgYMEx_=yr>B^=}^!?)RbLRSii<@fVH}Ixm&)2QK;hz7}k@;F1haB%6zq2FI zp9fCa4L5Xk;PP2Y=I4E(IW`-A%TVt<)p0zG29D90QZtqDP3OF2B42zQ-d$~OF+=d# zmEK3+S=SPJ{#Kysjf;7yCED!nSHCo0euO$*!Wgx%;pKsVxRE!^w*DNi9lMV)B(K>x zyCPm`-i~5cHx0Mxa)hoX|X=iNzYkEKWemfnnt=3m(`Iib%GN)((Z(+~r zrir2XUV8p^9|7E;XX$*!t+2?~A3r@^!2dD*{z?4xn^G0)CyWo)#pm~SkDOT$s9rzu zay>_!E#cixwr4>(uM5{UDVlT@4tD2|DpTd{=cQZbqSlEPe};;hy`v{?CMv{OeOezG zU0$Z+d0T`xY9Z{B0PEdNzRi$RHsn3;6dohfd1B$qi@9{d4w=-2QN!+ydJp$EuhM_M ze`}%CV0YH07{aJZAb-jYD@oa;3O~)hio|kS^AFm);_j56NXrTF@3;!FL@vnOmlF1@ zKNU9i&`vDiuZ-4Waju)M9qrweFW!9DJ!x+7HKaV8QS^0qtV;lrJ$Wr2g{`t zczxb2Tv$tVIfcKkIiozLzwJ$k<3%Fa&h|Ia9`D)rpnT8zY4DA=kl@64fO-%)_3k;f z3i;HZMbu*S@Pa}T=C52EY+pou02!K6M7@n_Hn_Ton(GgkeMBV7HE}mJ>WCf-Y71D8 zmi}G4{*vxNFWpv*sv^}Y7V2+Hm9CJ&qdu%03guuzjpAM!4UX5SVuga$im8PVv41aP zs2{}cy%HQN3la=L<8gsEjUL`;S>ngA;ey8!w zO=^_krE`{cf&%c*AArG9CDhwi$=?drE1^as`dr`>=sUroCDgkSGh=(V>2Oe?P-kdR XDCX}()4K=vmQeGq(e(g}G3x&T15fT$ delta 224316 zcmY&?x5yzQ*jxW_t_g1!mGG?EFHJFY@-*5jPUyB-_9^1j>Hu$ z3$c-={98>RWdluK!SH)3as&b6i?5XLvY?XcsBb!q)HZo7-m`C;QU!@Dr8Sia9yFlo zBgtmzBGMB7GS|I!<+H{e-L`eVz3rVj3y?@x!8OH)VY#OT=qY^?~mwE8*_ACusAyYj-wpm#%8E z$o{`H)geF*z@oh*YT&qsPs+5IxoRayk9s_*78^4=xk9Y2`e_cIozsvnN(E6E`6>a;qe-A3FyT@-WdPOl;ZX>FP&scd263@JnI*+Z- z!z|ge%5&-|-gfoI=>iIHHw$;CKnGfVJoEPX4&&L}`PJlsb?y9c^)qWHV&{}d+nWDx z*Gi!I_a@oNg3MDO*|YC!W%TDZ4d&-FG+9?D2fYHx=lbLIZ2^3&NSJP*#K{)>&!fr4%MCf!vB6b$P7W zf;6VUxYF#`vh90p8M%WCx;L}3+}6F%ZXtnBr9qPlZn-P|2?cKxy*r~+fQ0qEB;;T` zE9^<$D^H@lC*GdPdHPHz)VM~1N58NFG){qnH}_a518aMHpC)syc<=iK4S|nO{l7wZ zqL+DylIp!M(@@N3Id8*A7RjE!tUb0Ye6N$*JZBXdbnpGD@%zi&=J?Tl4%yT9rdzbM zERm;mm+27x^MM^%C%twmfSA~ee#wEAlArbtE4pM}xG7b`4bE`A7-|CvUBtm*oBDda z8Sj_Yiuq1-4wn_#uB%YdH$_2YmNJO2u;1- zV_8rdp)D+c2N5LkQvgO%;-?S%t=OufnV^!XPv*ik=TKyc+|q05%;*^VEj@To6bJ`+ z*F*GQ!PX4iC-F-s@e3#MIn5GFzN{uw4~CgTtxqfAWbw8_)?|o6j|9Nu_Uujc`Hbas zwn)p`{I^qwfVEC2|7XK1hfBe-V=w8(T{*k)Y4ul^M;4r(dFBz2;?zS;My8@r$Q=s zpa=Swpa5dXIoxla{E_*<)?Vl-Jkm0p?(*u!3O2s!Yn?@>YT_J^pNv<`8GZRPywb|7!5# zO{3n^ug~ke?-bXUmyeHSzL&i_0A`SRufl~|AL_N& zF4~Xz9=G@(#=rBVPXFL8NqFV^rsxYN)9VhG>|1Y3l2?rLS6ki-&W0!a4n8iHLQcoL zX9Mqcxhx(sT)b!L%~x<62b^+2pc5(dX$NTZbtdI) zH0pwS;a6~@xnjD{a!^6rft-|_nwE3S6CnG@Vkc_UQZl{R;hr>yErMjTGoH}~39qnb zGZmhcFgbmmz`nBcfG=L0Vu}ZVjGXqS2@?yw06j}$LwoA;M*zVJwNilf3HzP5$)?!m z*(D0mE>ZzTY)ikLhR23E8vn`<6Carkn-BJ?9e6|};v_~4#+<6paM1enUi;WkpC7O6f_c!SgTX|ZL%B23gUkj3VCSW{?-td9JD!+B|0rVU%pX#cvCY z<1rs=AZGPfS^)uYQArc`gBNWxp0kIh$_Lvdkw$5)hjhQbH!(!VMLTtdr0m%sHL6{j&pLdHok1z zhzjliJ3}HJ0^KOS0u<3*sXOx#6eS~oJ|t#lC!q+7*p5$^9Ue$L>dhWsVe<-#PuYf` zl!C+#lb+UkG-l3_fKBbaF0=QAiysvi6g`$4kJv^SWQ4xG(BuAS#qXXsWVGmw>Vj!P zrotq_gxQ}*>=HuOD`#F^`ITWHafuG5NHfi#=M;z4c6YO^<3vTXiPbZxQ8!%zD#Xqs zysuRy(^Ck=;|a;lU?}+_D(xcVP!^&Ie+ka~{4f_ysBZvO+U1m)AJ$hptOx7q*WUWs zP?KkQIYDef@u92{F0+Qw@M*ynpAi1ayWD9CSw}P``X1VaN#xOee35l;lS_a&XAzDY z7OwFk&9{vQeO?DEmnp## zx^of6_X*mPaCgaa&TXr(ayEK&CD}l=5z5|;kk?F`ni}Yb6SO}k!s2lvw#aK6DRw4` z4JES1-qe$fdZXCAn-9o4=2cq#zKiCO>$%HjTXnB)(Wu|egDQE;pkv)18l@IaJg zkwiWGVOPy=Ng-l2wp6eXppU(W%IY_@{Y^F(sMHmB?E90{h5M76v4o$IbuY&kiYf z`*G=t8>lb%uoiHHHc!`APZJfIB%GZ0Iq-+Qs7s)|k?JvQ1UuG^lE1N>kpmWIfuiDL z{^;w8{2#;E?1R{2JbNaG19coQGdD%jOo|W`?+9zyqdh^%Y@ruZRhpzp-wuQi z@#J)bccK($yij64>(%) zueZOJwJ=93JynR+UVsv><}@{l+v4=GEw{zeAd1?kXTZQodd0wzN6oiW1mFvhc;y!g!mY@s6_WGj^Dac0Q+KbO1~!_B-7&C=Jb^ z|5jcSe_LV7y5N%hySmY>9Ijw=OZS8H;%e7V*IQejO3B0gQI2*;(SZ(4N{Vu7N(9{z zqIiD$qNTirI?4Fa*~;Y;mFcj$p{M?>%NITCk0(#s3cQ=VvVh)$>6y#ZNnvJ}H_uf* z?ZK&oV0i;%6xC{O5FFzuLmc!2m?`>nA#f52Yg9f;Pz^;>Bjd}d=p<9*i(%*0ms9p~ zVAj>sB|5)v(h^Oej;Iu+hD&HbVW)C#4@vYS%`2?XAscpbA64d?J}E5@qgFj6C{Gjb z`f#ZS+fqwQ3_z_m2u(5cz8#2ZCg!G1TRf>V44tKBsLXB=a+A?1k7>@^nu^QwL0#{E zKP@Oe+hBo$$IaM1KrL|LcQZ8hh|yy3%~MN>b^#2+els}AcZ38?zWi%MxjWO|;F z7K1xZRp7?uvtIMOb42*f($FLM^jgOK*x~FItond2HV;3E+s}wQX#tM_G~qP|5r@xr zGKS2lIGsZFaYneY2k$KK_K9Q}FttzNvLiS&QY}adeqZLVvh7I%GVlEYO@-bMOz`DE za6_hao_y{NjwuuRqgP7_>c@{Vr(0^i%Pufd3zFfPK(5-68#C`6ETx7 z4}hO%%!5v7m+@K}J~nLdAP#J3*8&AH3;lqpX`-_+CY3G?#W1%?P%ZDzY&a<`$s)Iv z;BMo;x%ueBYQmNygMVZ_XS4Da3$|6+MfpNKP2;ClJ1*t`1WHP02;s7eT_(<1*Q|(f zxoJ?JgjyqtP?1*K-d0$*ayJR^YyCL)T&ig+N_L{z(Kls`#CHV|mT6`oHI?C3W9eatWA@CA$ zc5ETfU74|iKGZANQ5!?D2eE)@0hcpl+nw(VyX%Co#|hu?9NfF6?Tx-px1Y_gB~(vgNn90IY5S@? zZPj7u{dJCJJMy((q}UZlguaPNdko3JcGOSXBr|#j`HU=TW``2n0H35 zT&lS)Jcgk%a^&wv%E?}lPVk~kaWh|~3=`H&gea8hYij$F5o}0N#sI$AVRQ=G5&2(Y zqJo@T5Y!o!0_4sA;%h1-O^sl@K*OEuPzq~0c{u50&|19ET9QXBwz#9|DRmYigifS{ zu(@G(eSh2`_o|)X{V9}|!mCV9v002c{TXOg22qxq0`4+bEP|;@PH&6Y#kLeIQTmz( z11~0Oixf;C_|G~+03~Zv;VL`IMiy|gAZ3R}q?yFfAu%S?vdd)IVok-TXbv4C0V?vy z|KVoDnbT0slp`*A0W9=i^MZvw^t=_v!(^_p&69vTZ+_>m;FXg-wLTteLq1N9o;&X3 zxdsU6UpWjviDm*5-F_C@sbt;ElFa}o;m0|9T^!JH9Hm`gCCEWKL+)IZa0cSWh~{CX zl2c2@VUWe7V2?4+xuF!z)^r-_DW$||K(U6DxA@Dhe5LKwb!MbPl@&Ul#e|eN1ol7H zuODZ3K47(9j~*s4hbd0ghBz~D7C?lLc8E$6<-vX=YA2u@CzPfG7(7IJ-;54Z%?hx8 zJ~^pwGB<#=JOgVuqs6pc#C!i%yyvzK(g8lJCMx!$a9JTJ@tF;(=uti7`pb|hb=Ub! zIer<&qCDIt6DgdW3{v>gY&XEoJ_!an%9q$3Dy0ruV=QP82O_1eH!s^fT~kUMQ^SNZ zm7RSVge^m3ntTqhjpZw8>bwy`SK&kYFS&~D7iwdPUdeUf1+rk5={)CW75z&*?aPPl zd^_u_k8dg=)XxRA<3&nc*D1%a^qRdz%itZqR%JI@25BtoPge#)NN4DcFd20~q*Rfz z_Kfn>G3bGli%@C{lfVecpcg5zIIJ^dr4v%R0l-LUL|slN+Nuz!jp>MO#AvV5LTfbs zQymU%$yH{g<`oq>tQ{G}wr)l(F0yLd7p^ckZW)EHvTt$Ioo|arv?QR?Mpv&s6$p7$ zEU^`psd>oe$&ITnd&(VX#uh`xkt-oBW;9N1I+^my*1T4h9g<`qhV~j23k5)xbDIKA ztW1_EvwtXGJQP%^MTN`YI%w_GkFZN4ZNjkaX4S1iNR43H9Kk_|gHxcT!wg~G@R#)q z#aVTjGi0=0SRb)u$h!Tclw@k{@%l-v_@l}pE7dSvV21KHOp#d8B!`Zn@8tUvs2E7T58TKg8`KF5;9 z29O{Af_2L|@wvhOQFkEtr-B#I;0hiHMoR3;F?5Fp%A+f9AgVH?P>Rt>#PRTs@S0Pw zR`w9hc>OJ)i>J@N;E*8y+jn(_JwBOZE>k42JG*cW5Ix0r6$fvCR%V!l-}}=!bp@X3 zGKRy-f>q0EP_NZz>!!4Va9v|A-Stj9!dInp+SZ#idys->zlYC{w{eFflybOrN})BT zYnmgzq$-8}B~|9~#0=AwOwsZyDBVsY=*$WxC$C+D@sa9GC2AR>k8-qB%n|>Byz!S> zMk3&)QT&2()6C%+zkR2r0B`tmq4b;2B%?0_1tKMIh= z>blhD;AKeXu{zJoX$2rdtBlKxw;bj>7tJg?_#+jHx^@;}`N*Jx|Rri93A>bHOS=O>L#&5HhpD3Vm%3eO}SX3i5sUxDWeHk52u5-YfnmQJkdd&+Kg3jh)!w8#e zMn+>0H0`8oL0K*qDVP5{2k?Ok!RLT6Ct2?b&Sm2qT3LoQjJ|qt9sJjHvBRD{wWWim z6*s9tiH3iblk>;4!n84}eK)RU#fFkYblz52$JovKQ{mrkHXiYND@lzp_We8VK;bd+ zl&6wasmHB^%X&fG57Z3l(-5~a{V~u8xpE4X)-vb4uEyt2(!)RPFIJpn3Vc`5>Vl7u zm{dZKp0ovhnd{2q!Ng2oDh`{#h*%z9CJ{=kNxhA+NM0r?UN8T?*OBQ-Jr()2D;12a zmKvny;NNYFnuZmJ;}akg3I=|3a&cMwY8tKvXiJm<)b?(Fhy<-{dPFK%J(k3y=R=g{ z{x3G}$G!tNDa}NtEEBY?TO|q2Wa^2O&W52v^+Q;la`B=3>2{GCTc6*W1f?0*p6d1- znVN4~e~%@CE^M@iK4e;WPm%CRSC5JawuP#4N(hC#E$Kc?5j&?0gi(7~`|J^3 z;6dw3*EpP0+apg0s$ANY5ngnf1%9~bZzbcRZn}Z<)!vj7c?yj3UXACu$TZKrT>C%9LacB>PW8Y%VKME9_zn zwSYNidXPIqvU1ZWQx+@&>m*~>i&ciqOsD8Zzm-Q+1+{;Nz`DW3XEvuZw-uP5?+ELd zuUEcbJ8*gMpXC$$1cIL1^!wUmWRddif6E971P#_!hK{nv6_ltw)V*|L0A!SzKTI!v zSv>MIE~`K!qczH4F$ntaVDQ_}z2uAwyr{oaTlnqxSaxm*N&th74Ce2_Q1m7-PWoa{#sF;TURu?vb_#emu*%3g^@QD2{`P0sxf45L zcb3wFa#C|tn{c4Rmp`|`-0aRN6c1}RWybsecS^CM~*#F(n#<>3)FOBD-c zXZR0tL{n}PZJ}x_V*;n+Th@A8pefA&|v3C$*>78!4p5Px7t0{iC zYh}Lqpj895q|BkCxWu*?Ap0^CBq}qCvjW(3DfG3vo#W&pwN;bpV%4*yfJ(Z$3E{k8 zQ>DMm_0fg3#)30WdwRBVo;R0vD%)Kq&h+bZ{X?^-+xP0u2zFm>*Of`B_)=^;q18Z! zpV3st!?0ZOCo)Iu=Humoe+)Zwx?n=tSnaS{2`D+Q6d0UMQ@XUWm7Nkg#tldsD{Wlc zp3SN1){mknz(2<>yfzJ%BU1)yAM9n&y`2_SZY>zHIo7%_Fo@+PLh_D5AWIZ*@8hlO zhbo;zD0u9s-U`XMxec_ot`K2`Oo={ucO*tr$AAZBLn@W8@RaW`O7&y(hx<4ydZ{ev zdgLN|6%I`>0Fy-eA_5f*xU)gd$-IH0 z*u9Y-jX5;yu`Z5{Qocl>Y0S5;EBsSye_We6@HWgoX45ZHsj%$%E0b!lRp_I?pl>_q z1%1w4gA{m7bxQQM5s)}?gz!m}KR_|jvqQyn9EMU57~FX&h@xM~|6;K0n*s~|C>4O` z3O?GyOm78EpL}TEJ7twR3d+^moIernt-;`ze}h9R_95GCw?RA)iML5g0A2z!6I#Lv ztK|Nb^DDRDleC@n&}>Z}_-j9cz!ov|uTi3_##<98sWe3hZ`q?HvMGlX(Q&$HC21Hp z88)-NL>(QXsPO!ozw<9(3Pt*24;DQCgdWaS(8H8t2SMezUgJL9l48;0&!Lj|kS}-` zi^IhS zBzYu$ugsSMn~t&CgD}|4*1h5^sFSAhY$fSfVk{=~>V`!TFie1`6#e}ey@`qS+QuuX z=zqH-9_yqjXWWNLuwnXD5sSHn^;lc?QXhA-mlO13a&UanMUOfmMmtf?P51rI)pA7% z-lyyIs091CtnxSR_peFqudT-9S}Z+6gQle8WDX6RMi}h=tc*}0QL6%Jrla+E?kICP z0)UoNOp~Bbw#}rAR8F=Jk(Qx?t%5!vUt(4)FZnyuMutlEY~djv&vf8mpsMDK}uG0a?m1R)!gzCF;YsH)6BE# z45?z^QOK85_9giGtQ_pdi0S-WvvS=ExCG-=(JvsvoHk3CKH1A3jho;Xc&j<5MPq2L zB01hMq198S?$#BmVN(mKi7EQoN5krsXWD!-{vgs@BVZRW)b|ziPlA1ZT5*h)^bY4y z?K8*53U33$awf9-m#0)wu7K z^!aVw(IDf4r*i^6c0!8?0h)EDrX=_%N)Sv5w&$b7FszQy6D*vPof7-#P&|V^FxZl7 zSwKrUC2K&ia1;5cmVsXb4-WWWTQe!MO|tMzkWvjix*1L-$pa4=vfHPN#;s^FzE)xX zT3sAF(lXKQ6J^TwNT^=#u3#gpURqTDLwvZ|q7%zg_I^vvv_D%cN57a`nKaY;l{}VM zD+~>Sya)`2R9=LSs$EIQnobxgAqnXg*X*d}3jZfH0J{jj{`Q%oGr@zG*zbKaTV^(= zfBxNrJJ820bO2`NN|Fu-xUj?qhH-u|&NKLsmC{f_`GC1pf z#PE8htP#}A4I}B;@BV$hWNW9`|MJ4eZzKPD&*S&)q5boB zQ!k%*qisWK_fI0G(NJj96A&_(F?fwVc@Bc$qh^UQl0 zlchtyu;nZMin)aj$q0;&UoVu!Yz>8olKLmu-WZxrdXmH0!1U9Zh1 zIc9nk_TVA)M`)PI$VzfmZvp*By0CZFsg(FLcveCHK{1b1D>sXV)LdkHtXqroYDTZ% zCIl(6%BO=TT0t$Ix^neD+5Gg9%~Iu9k^_y@P#82G=pj#SlTEfLM13tcQCn5)BINJ} zXS7n~zhZ{=#~fcZRcy0mCjYEkW}=O&Z34}wyGb62fI=-$bVFkXU`?P`{FvX6 ztC22SZkst**~DBL;4P-$H>I)@p2zrgZ>CP$?o#}{O}&RNs!PC><_*!6HpwW1!JkC! zGrT0qmCIfBU4tM_5%l-1rSt+OR0)k@6J2OqDoqQmomWK_f2(VT%DQhY80R_*CRG>3 zr0Nz{ApkMKZSE1DHT$P^w8hX)ss}&!FAmP2dY$b;)ejLzGRGp$XZ3iNX0N#3nV!R$ z((YIFJRB&fYa*B=2kx!xeqh0^+Jcj}@#{c-eK*Qb^`iYELVt@|RY@~#?Z(ep-!Tmj zBT{8rz%Z0Ii<-Q>HKh?z(fwz1o&y(&bNv^xHZL2{8mHB9p#b4mV-`}gxmTWYWd+pp7W{84~wrTQy&XixN9`A2vwcth{yu4^wEmhSt3eQX9K` zWcR7ak@q0{>N^e;S|8{P2f>OFygv>+EtGi&xJ#WOu@g9tUKQ}7gX>KxadWvpMvTNpF{DP$Qphp% z%7f28{pJ9UmRvuFjp-KjOZVyjE?FdLwS{yI33eNU8KIs-3IC|WHLX5iuZx%`lt{)V zr81>0-9)VFw3u1KW?59Eb=#fb_U%TQG#halZa`rr0v*J)=Zrmfh9)F<2pIvG#^_(= zMG+h~;$OX|r^KsZ>Ya+MbY@JdJ*Sp32Qc1DOjusjvR5&V0Rxc zOEKxy1Gtmc`Xkk7j7uV{;Q8y@LAA7HCA2F3h-u)4WNNQDgHo0d#Rab>d7(i7p>)Kp zQx2^^T{8phqGkjP>%YV|x8G3N2}5|Rt!qwaEGU}%eh8nqfS(aaQXJOcusL#pWN`Vn znDGsVSHPxob%lV8l!gMW@L$3<>oeSYSYh?d@4u}Vb2rmprDrW6(A`~mirG`9Yo7m^SEA9& zyoMY$;(s%ImI^hK!;?&kqL7vg^fpAQ;NgUz`PZ1FhGZRb;E3CrpFPr%WK+67oP?>X zT+X^Fu?3#FVX{=sYj)j_AOq|7l;w6VJ!he(PLdBP9l3BWXFaV8Z|Vn5l&=!M>AT7m z9b2X10uR5Qj?G;>(_VGX_f=QIR3*tZ=oDiveKBt*0Cd(WwQ~$QJkK^xwJ0IEx=0-c zlqBn{gTNeyrGkY_`3|8JL76!7XT(702zsPh6d;@75}IGhL|3)a~aN5P`3l2EnWSn-!5VHcpj)zX2{u@ovo3C}IcD|v?bew{ySVdM(syzU*PNv52 zK4t-Xkqbkh(iLLZQ^>F&i^U@447{Jxf@1I_t1(sjvv|$gvW&5YvlC>?&(TpT;Bn}? zN)zwa%QaX6s} z{G07Y({AOm`t92JRHV+ww$)R6huh;xc|4Hy+$L8`RkDs|9k^`^ZbQP9X3j>00xZPk zI#n@JYOb`nT%6(rn>6wWLto0j*c2hDaQ)-ymS1Y4v=^loFSaAz^i16eOU$C^$aT94 zg#I&TmXvKhWFyJSRlTkNsoE!WmV=er*sFxS%d6tIX10C{m*s9iuTjT!+i&tWBJnFU z$c8h|t;n196?`MVfM_=5*;99liaUK2XQxirCT5O`c$`0E?FGX#TO`&V8D>#MO+*zm{2&(0q4ZEYOof6~`4@w-`G%^^cQ z^|+DgxLx;t7s2-=WVu}uZLjV@Tq8K;!zm39&}~k1%@mOLL%%**{TV7IXQvC;eTOb) z^vre_vs1mXaS(i0z_wSXok({u^O1bJm5Zn0A-YOeYwfZaAsw>~L)%_s;}O4z<@Lug z*GWRV;Me3!J<>`I>1*P-=t9C8B@HQK3|%iQHJFYr2EJ7GUYrv{A)pvo z`Xa6-6i!#fk)YI4w(UayR*gQV4#N~t-tixzBMdQDTuBkC!H9-;%EX>8K-w{!>mx|W zdiFWCW&Y7|f8DcvxH>vI4!*nYd6!DIcy-n2TeE8LG{VIcnO^^}9iaRG%iLG($ z-G;*hFCHdO;ffW6TNilpP+&8 zDs!Lq(r5*nyp$lTgH6dC4M2N599sgkl{4qw9u5~DeA9w3jpF7{iqmvx zI=~R6r#pj5sK8FXEk=#}oO;HcqG?6(X&i@9#Xw(E)1ZC|>E-wTyHP;f{vp!gl9I2F z75sm|80}-7uJ5Rx76y!)`o+t0FV^n}BJpEfGmzTPC!PvrjM2ctJ@hMS+z%n3-x6o% zKjm&x{i56{Mwp|h5zK}(%EHB5)v+Va7{uLXH8ce$`TNC8SpG8OKyw-!&nKDmL+k5G z3Sp)6Lk~+K4@t}rr5Z8fxao`q%BK-Tu>*p;n7g^hO77guY{qs?*{oWuq!Hb6+hi}+ z0`H8eiZ)rG35K4%Sp2Q96OrNFo*)u}l=t=n z?er0KUg}}QQx~*ZvDfD~3pV)xx8byR%wF=_##s8p0J!aX(ziWAKP^+H{{+v*eF?6d z#lKb0;Gdr7D#4zwnK~K3$f41LxZ3An+@7J&wa0Hugf;D`cF5{{5XF)71zu3YeS~urI{dqwU4#OubZly<@z z^l*vAihLZt^85gD1}52zlh}NIUG_>pW+FzXfZ>1r56tkiS};5pU%KMF#q{2fERWi> za(Y5?UVN>(veujx#LZJ2?8HEss0nweM}xV^5FL*^Cl_u*!^yVeIfu21Rg30|lH+4Q zi}8)m1*llZ?d6UX_zoaeDbid-XeM!sF%E$ah0fBXnsqQBab%WOa^*CWNHU}$*h+Qm<=Xk*ER^9kCHR-4GM z;hBbJVbZChq@OU^Som4^u2}?;=gzFo+7VnmE)H5U^siHc>As4+rg-bMBl%JJ^~n$O za=7{VW)Q$quQ|4iRe!-?3-BqBQ2(zBn;4e{%abJ&{E|Q4Vk-ymU9wh*nK;c~PRaG8 zbNrLX`9wqBM{&VL$xKakGMCp}%0f`J0!`H>B?f1#(YjJLY#$5GMVCKu_AW7K=$TIy za>TS(n?(3Z(+O5q|*3rnU9?(9$Q=tx`Wr6(;Vm5lR|;=2dw%&qKBLf`_K|7FYiQx z#8OQ)8^g<+s!XoCcQ#!IJ9(4KU2+ zSa+^gx_GZ6S0$P}WvHgJJS7?Ue79ee=`d;=PHTs8rNXr{uzH|sO_j;+urcaE!B%)^ z<9y9J%8&|f1%Z#JX`(gt(oAhz=n99>K#{CJb!kP~M86MhjJ6j7w!*(tSXx`})S{rN z)w?=8yQxT8(DJatwB*!@LTh;E$Nt`oYl*(&-HO`e5(_QT4?3lgVif)XRkEwq8J?@% zJW*w)IIO7r2b7hzj5Vf5Q(U>|_FuWN213V6qB!2DgdU%f@C6Ih>HwMxFF7pje#xPR zi6tsdBd#GO{Rd2Ujg&kMEt{W(C}<7dJK#6|wZ}Tn)l4ieO22@Me>TgB)A%q&Ys4i% zK(y^|5SADncF+Az{oRU$BtnKbNVv-&T${CzZA{ka%LI-5h;FVRJ4&6?)}t9WB+Uk? zQ6!KRYmpKGZjW1lB#9-fIaDZf_^3B@`63J95hvLcRJ)?Eukz)NZK36R|LTz;X+z92 zThhp8u-C$!NsHlO)UxZ{f2IPMS;(Ta=Ce))5JoIjCqX?WfB)Xi@y$X%Yu0fOS>XBL z6V}^F#jIbJUkV?8?Tj8u)ma<>$?0JQ-%rLlB<8Z2t~6NPxI}n7itOtsjy~!aI4&e?z#}!rAPD!+0Y)KTguXfGm!J#$cmp)H+*iDO4k15^>FJvw zr>a?Y4i!(-zdnD|C1#H01^hTTW2#%6>t7$HjyY5-Fe9`jfmwGHImJHi^!iFo$w33? ze7kS=$?7RrBcZut(5vqPb2<03_oF|Q)+)*S4br!8xHI4iJ(b@u=C=P>C2ho6V_mRo zxE-l(N*Vd(MAx@wFT&#P;XA(N;iw(q5O`G4N3u-TSBPQC1VHp`GFmzL=>7z`eN4KRlGSOE()6bsZ6q({_>uE<>o|*zLH=W?(g1xv z)6WPgtEj{nQ(Y6{*JXZ|SjkQQ@Y>n7b-XBe?hbYhesd}PIO*WrA}3nr=^2?KM?lzQ zR2jlec{Kepwe6^?_t{xLaxm)Vcq?e!T_)>&WjY$ZO=-k%1` zT6Puh>KAwb++Uxk*JDL&?2&nDXE-mHi|}#fv3UyJ6_=9}eq_R{n4g|`H4`{$r3n4$ z$0Ea*A90zQh=vaf1C_&UrY4a=)Eg1!w!vzI;LFM8G&ybBlGt-c%LJvhaQ{h6Sg5eT zw2=;BTUb=rMjt2XYFdxi$F_Tdr^g4M#uuOst~2*r&IRpGwAI@|bia0+guvhKmIytb zT^X4iD!ID4_OE?FXHv0C#=zkarOGhUTXBbSjV7-|myYKPo4q zI*Or6Zn>{8xn)s6OTyhC;>nYm1a#s;$Lev>S?i(>;S<{K;>$<9J@aX4^V!D^Mk{-2 ztE|JTN*Bx9qtz{)JK^7*Jz5w2vESp@tQ|gUMXatGIDB6UlJ(8#hMBB^2yIb*XLsuDks4i=Ln;D1 zqO)#!(3}p>m%EeKHVz23EQ8~mtD@WO;}-`B7QW8Ow#ynH?G6Z?axD=G3IGGooge?)jqCw^D|TD>eBHhjoECIP(^J`oV(g7 z;=qe|idUXdBNC2Z#jPwvRe810Sip}7ZDkQtDi!6 z2Ua6pMw7W+LMj+m7R~2B=v{)CAB#D*U^Wo^f?1xb()`*Ga+M{BFUz)9Y?jVb3Gdnz zt7HI0G}uQuCGCQ}cl(M`xtRvx7rDQ!lvuyExO2Ut>_B~L;(P^1X@yR~|(2yjhwq!u!*b$D!P6jkQYB>0f4swM*1 z+Up;$OzO~!W%6Bs?rhqNo3^juhQh&#{n_JnCK<~LrE-H1d??1Oj6llGBiADD`@JD4 z649 zxelYj>lP@O0j-@g6B;~(`0^9t+?cM=Sid4TvWE_O^ur?RI7Fq?Op~?DrSr9!NFgiK zw7_E(W6ORO=8Uhamj{919f~~zE_x8@(AuM%qpoY9%Ah{mEg{4fh2I}%u6_Kzt2*i>( zf@wbP|{rO?2A0X`%td^P;gv(Q2BpxTfOKXz;R7@nr0r5-Lq)V!Eqg{ z=IPBX5t%ip^C=7JzsoD!NqkBX-%imCh4#r?GyZg;J@g|JK*7zBXrUJ?b!|_--k9(q z{c6JB0O!4R^cw~i`qr10G$>j}0`lhxD;H-<=eKWxxV2|#RIZ|J%@G!EiyN}P-lYsz zg;rwz)`tZ%j5CR$un_p>qrGBu0QZ&u4z20ZUrzy&X zRGUm2|J(f(;Ooxih;E+Cxhy?2f!ogne0c1whqe!Bu$h{PXdXaWUKuhp;*H*5zbNXy zFms;}o>S;lJ_80yK5~t75-8##Ig~mcYG6zhnNF;Cx3vTK85N@orY|p4`l@Mz+D%1F%W2%H$-h+yZZYM7i#@KkqW#j+EF> zqzt@UFRpMjR25zT(g6;w14x?d_jK z^_KqVmT%-82~lT|?DELp0WI08MRP1f{iTRz`7^ij)SvJARFb%+sn!Qr*vi6SiSntxfDBth;gNZWZE-OurA?9Y`;9TO^ z$KM~xj-j^`{vT0S8P!$ybWyq+q>*lM}3(xMcKFHPX$>@(s9z%g6QdteuwdDJF4 z&TuqUDl%WN9c=IeAQALkZJ1bNI8Y#e0?&NN{-p48$9BBFL2sww<95awEXe=}-kDQ} zjl*z6$JuR1rdK$d`-B0MD5-yVAy{X(E+qt1*H#sg>HreDZ1ran3e{9$m0#mh12zip zp~`e90<-GSv5~5^6$B2@<2ED*v=(or3vldMFIUU%C4du&lew6P#6%&}4jL=+G!Xj) z(%`KhGb^ z2bri7K@4CakzHCH5UbPJfKAAGrF`z60q%;q1H>p{IV? z@-_6#8lZ0H!zCqP3!KY39sTTt5g>>sAX+Gh5~~-Pi$#TsOZ z>)e@I`{B8^%hhs_=%e{+#!k(zTGaJ3eN|Z-8}I%wcbD5ecm$9?#bM7j)$_aS(GE|- z{Ao$F>X?6%1GmOd4nnfG+e$akvi(GhDY_U8i69Dvw+SUS)cuJVZITAH2lWCb&m)Gg z&jpS2kZdE5#}yET3MBTPfcgLWadH2R*k5ZCYOQBGi$J-g!EI+TxPNj0ddoJDU;^Y0 zHA0MzfmKvpdj)J8+-|O}WSCIyuu)NVl(j!V*0)xvEw9Ui06G)=(}W{ZKwlK z_J!%+4cP2At=^if2A+z9%X(b-T{q0k!fN3i!Fwp-V23o6eXF|H?P%%Xn(6mwq(|8G za#uFS2ctki5Vz@ICHS7oM)B?s+$pDQZy!_%>x|)7Jz6=kLFv!$mWd-TmDc0K$nk6u z{b5QFMbYBeiz4q$IP`=&Ws(MhfFKHeVTk*&jYdeM{|W64v5v;T3F@=X6!KLc2z>5C zlN~VWM@&hi*1|Fli=P2HXmv%D@|MdDjB4k}LvysS?2A%mhzDP<&E!Yw8$O=4^nDcF za#*Pd@j~XKw=dsM!eQIHJ*&&Ar+S)Hh55k#rE449^@McK}i zwL`vU`Qp{*>2$s9m#x?=DEX3slV)!xaM{MDeb}^tL&d(M@8MoFp!|%(-~z@##%TTp zJ*PDEdtnblAC5cSPb7qXkpC4QG6ua48@Lnn@XfEG<#Vk;le16~p=ZM>^$Vu$3?W5{ zkf~}j2*W^T1|xc4{N{ku%vOq&7S9)t0v0~UOOEAYk4pbDYn?<_`9A3a%=yifE2|kH zdaJSomGjn{rUxzf;v1J;tK!}(2$w(TBARU;yJg|U>ChJ~wY#bpFKS_j=REH&q9nB5K%w%p5N6b zF&J8vJKDcMHIlK%R*fim3dJxtD5`WX6=N|#l=SyMK>y=%nRM+$=vx@3i+pZl8Xv@6 z4s4Fku3BtY^y03`sAhx{?+DzE^BeL38f-s7ft8BMz`i|r=y!i;1KU3JG``fN`y_gm zfN!vaRT$8_rmJ3ID_^i}c=a{o84ifsA{gLa7&Ei^0^{VL8w8oE*cC5I(+xHmEfYIQ z#s3*8zcf^}@7*b0fS??|3Hbl(^Vw$sxt}=!xs7U9`YfWvgzBZ7=@D1*!%LNoa_6KaXx`ErWpCuw{_D*yS)p%_~(*p8)5Sf&>aYZl;(O zeBwyZah!oSh`u3o=hmAaVOqp|_+_iv6;nPfsJG1GH!Y`@Yb?g4}kqvZTVA6paNtPYR5`x8SQ9KmJ!olt7}Rv z+K4xO5bL0=5RjreqJWLRmKu?1(MKu^mRM+Ycx2sT(k{7}faJ9KjSZ;(D1oJ81M0c3 z6S;hjZY&tfiN(oxT`HsL_Z45q-FVaw!xaYQXb*UvEY)i?7OXrhAutG5r)(G2nq$0P zU%2O0E$^C*zo0=rM9{nG_5|-K)Sb*0m0zYH_|AIKD35ggYb z^xbnRW*9(Y=`A*U)?_Dsbl1pp;eOt_aCMh?YDFgbi|bRwAVMtR?wjn@*cY`F+`=ic ze#6jv>k|Pqd1;N6vK1KZR*xo^shfnVqw1!__BjC6 zwvmR~U7hx}m5$}fhX64oA*AKyEc`q|-OFVX(qY@8!&v*5?Wi>$J|E91-cJi#ThC`B zpI)ErZ?7M%Tx^G}?!P`{?1xz1*s1eq<1Y4h|M|&PZ_Kti+-<8}y**8?`IYY!o1k}I zI{nW5wqfI(z8w8}l?R?gwDA4V&! zZIY=JH4M&5yboEsR*@bI5H)mA|Diz^0?fTg&Bjj97CDG%$IaKH9w21+lrv)viQD%H zPSz-2yy%)&Wx`Pex12HZOLpsy?KCbs*!W3%7j&C+ zyAQwq{x>54Gp4WaHq}AtpCy@E!Gp7*#~i70V+4@s*M~AzbUHWA;~18P|z4W+y!s}>JLM@ zCYIkIV$!sAFui7e&?%dH#jNi9pzBY%{iekfo*h605Zf)OBN$?tVz83;)=+)o=a z&0(|GZTm2!uB0qqSsW>-c_uC?r>T=zEM2TD8~J?qqC?Qe%g$VW{M+Bo;?J7l^Tol7iL+j_)nV)Wg z39^aoDAmoEL{4=)C#sDn(L$$mGt@;<$sWFB>V`QJVC#GRuA$yoyD4QE074~^k09jg zd9SfBqxAvdAKtP%_7j9`N!4KNt65exgTAqe9gd3Nzs_uD!oh6LhRpFM;g*W}M8G68 z{7C>@On{`lfFc)1O$o;vcJtu#zXfgxbR2wsE}Zmx%b7+SyX(wj3GetZ37%!*Jer66 z{`mCWL3b&DoQl?>pvr4<*wR+XSh^)-Z_MN!Z3gou{iEauN_6+qxso=dyI-r|Y^H|% zA4GYSlM~z#>{7d$h;QB>yjvU}v7Sj~#3!yt8OKqF{!=RC`~38&11I-R%Ga!lh+m^t zaF_0AOlb$-=OeQBP5Jk|lx9=y#P)yrUV$V@?F&>>tY%Un*UKyA%DEe6@NRtg`o9M- zkRs@z?~CR(3(YHGsW|MOg-YyS**;Q>FpV_LsCRg79P3$yPM(3mXKtz!Z5!=ao|kc5 z*f~|0Oxk)8SL#dmB~xsZ)YjfEiZXvplFo4OG#*S{;+R^TDlitZ?qb#s`J8yh2JC%K zG+2WYt9<$jFG(UXzu4}-NET)>9TM{OEUB{MT$<#=e1oCx7gTKL&;sGkArb*bEXZQm zSVq;%T4>VfD4`xS``DM+;%12h>c_7@U7xonp>R<6oZ zh#tcIdmYiWzR97~(_1W-EPULamR2M(h;Nwajc|G%%vRN}z{=s(j8fdoI6Ncp}u~m|k znJUmqqsFci+xT9DlCrCjgmD%!#z8q#!s8}rido;3-xfT!iOlB5f6JOk)Bf?cEN@w5 zbIko7;zn%L{EW1l71-h8zN#2cX~BjThclN*RIkzSi} zs$FQMO=a4mULp5tCTm8&98rKrtE~UhW9>lp4+2P;W-Ig5hzztf&7fSV1iPaQKz;I3fKu-Iw31;>}PTP?s=F}{Ez)~s?8e2nIkYYL0NgOob`|O_9IwAhkUU^e54?CrF>dThD=UljW;P`a>JD|-L-=h!|l3>^mO4PS`JwUV* zi_w~d;!mvPX7n+}i>Ze)x1~-?Pj=0@v0lYC-j13Ez0x$fJSoa%W=ni)Q`8IiKrbGv zD;QOzkgnjGw{|x-&&3N%{V8nY(KnJ$$sFI0AXN4n~u;;4Exz$O=%FZ{j77x&6r|GyFQ!8 zg&e_UcCetuuekFEqbGI56HOpMF)sCR_M>H}!D~;((T1q&CDo3@@Myn)0m}wXJeSOw?BLaW|W-;LPki+6fJF7E?{;x z{Y!~(n8GLLHHi4Jf<~S}BL=DWvm6n2JgJ_KoJyV|y6_=cjXWpr3*^7jAA5%RB8t!Q zI6kY^tsU+b{l-S(cTk_~POay;`1c_)0P5Sx&i$M%!SWI(-||GKsPRj0<_QFJCL%RM zS!DSB{Odylg{LGE$Ur++Zd1hQ6t-B{KfSit*}E)_TN^(mq2h+&mLDeGYa1KXTTtyN z_MGL6sacFP{=I5S4C39A{w6+#yslD=5Ek*>oyz}`hTqz&Q+Y=g@T<@$OKWi7F@ekH zaE4RD%r+ZM6Y|TfAA^XaXD+G@z&ikOLRx}0pRHwx6EkId!e$er=iDgzWRT&wS9_>@ zW+1H@fV{M~WCqt351Izf4u42{P+_|4f(?;v{vuU~i_sh{kEu)3u#bIO9^S9Su$I%R z9B||5Ha(Uxy@~X8{y1XUZ+aj8Bj}(0ObXzKTHF@P#I4fPS}c~j53=H=o|hgs%t3IU z$BnnABgb>~>3$i7U$%aG!J=iapHs=@!cO+};d(LqzIs8)8?=u-Z_H9SN9VxJ)?dA$UGG zu0c`%;V{D)NFfy-{2b1%g0Y`X^9a9)smnPA@@_toInVL6@%nMNlh3q@ZP~j{+YaXf z(b`PG$m8F^CL=Km3t4f51ghQ#flFe3tW1Fx4fXkd9{Cu7THe}@nmVvuce>dt;Y9`+}sRN5`=p`>4EoCz!{Qd!NbaWQ^pT!^m^Bhze5WT z2K}E2;>YoWo-CZ#Od_?U?rIN2RG;rurS3jnvt~K^{4~Z#loIGxabHP+m%ziE+c~M{ zKwB~>qY@9B5(+sE5;qXZBOf?e+v=Xp;PKcczhp}c3)vfi{SYQ!e9P<@o#BPCV3j_l zY`xd`ZP(Oc*Sar=y5M1AdS;q&vy!jIX{+ZmhJ)nu4X&jt`pb%_Oh+KjjOALcKf+cv zNV#o;MM21vv=fA;JaiC&ojjAK?`A@)n~^8UBcv~7ry;e z5U722{BXIr)e$s(EVnBS*EtnHfAwcJjhm~se&P%?*pb$aXwUzAX&39Bq^)9Y{Ty3< zXj)OUmpqPHO@YaEDWXza+9TV)`jXb@Z~OC${EeQvBRRc2hx@?V&G>`nFS2meJ@p8q z^Rtj+%cc=+7PaF1m)8YL>jY~z@(}H1$VQ&G;}y?)XZO2@8)TvSXB8D0$uA!D3#X&0 z*MciRa{RBR3-$~)^Tj9ii=N)g8z2X9E90VlhlS*luLn9ryS`y|`1F)^J*41)@BCrw zaI18G(ZSHYz`&*TPGa`yb@kU0K+tM=6Y2Fh=K`|j$A_C2yi}vBZE+qd`Yf8kS=^? zGSW@t?7UxVsgS~nqeH#B9$ruO17V0k37eR%1m!C85qxtv-r3 z)2_=@=^=4^#^GVkv^vQlhwt*hu;znD!xs=o*mI-UH^EPdS2v5JhnI#xc5;@|{X)Lv zLA=fAr0=)1E)w9^%hPU-h~v5j=-B=tjk+iX3u3OWx-81)S1oQ+CZTqhd8Xj@(-a{y zD!ThL(=D{pXJL?`qXFlZ<8;TXGLVjzvSe-TWcxOgA|~MxP;I*R$E`^vSn`@RypO?; zSRLFj)4TV~E^{LlR`L_)?TR4YjPK0-_Weo`dT(d-dE)c8a{{kMDglO&(0#u;^nJSe+tonKn9qU(4e7it1f%Vb2eG z#*%`?q0=Il*#xOX=2MUil5N?F4a5I9u*pXMuMcwQ5Td@8MJ@YnNnQt%soAo8GNN|w z?bmIJnRZo9pEHI!yLV#%EFVDvE^FSM-|apblh|I|wS`_b7aN)HT_Cf<-x?+~xm<== zS;bJ6hT;uGwI1LGLZ_bgzUV&6T(&N1{rEG2j3$UY?M>Iw4heLS#PIgtO|dI!J>^R~HNq?9P?F0ePaFIYUV#k`Q0Q3&Q}4-dTuEe|v1bbPGoJ zF+c`ppYq-R$`z>9)v&w(0gH5S2@9W9N^(Ju=S`JQuBeCc&z?ax>2=`M4cSQdQ6eTz zF^&vOi+ii)* zn(`P&t}XIEySyJzB8%L{<_ zp(8z@6L>wR|0Pe;-$NkX-O)?&^aN~mfL|hBHV{5P)nJd2;Pw>(_vba_;~1d*PVQ;> zf=-Ba+q*GgBV}~?I2wvoiS|QKRfRnieJ-ezMDa-wC)4n$g5dv5!F-$!T&inX`@%-G z<6!O0T9tBS)5+5|?L(la|Rht@5DxgF4bp9_}){Fw1pSDimQ z?s)0SkN<(m=Oc=YTbMLF`z*s8#e1`F>DIGmlwEV8G=EV)VbCEuUKSOVGZb2I zo_!`aVOV(sET`h-!Qt=>gtR{|GfhlgMKwqpstk>AFIQ9R()V~BA#{G{Z{h&?(Niu*oqXhV_t!TS zjnm_rwX29_PK{Dbz4@N&CjAq*Ny;Zp7@b8QJ{BC8c9%;l=MXPt22=7SlwnfzA|=R5 z+H~H@j^`ZS<02S-&&%gvi<_k93bRghQu2A1VoTdQ?O~M$Rx0`a!JBa1jK$kzboDB# zXQH<|QXj!?xiak>TdOm32Sq}m(L`;(nWP$0(29Ax^s>oDRfopjc8#J*DS-X2sgrm+ z-}6-gjmIpTNZA~|h3oQD3%2Xkn3hxTv67n;zcfLvojyWRrBefKX*qA5Iq3*!+^{A& zl&{@V3*B5y4g!;d6ONWxDby0<`3P-N!YoZqw_&5Ksx=Vd_&6Ue6c}kJ~N?7 zZFV_-@T-knf{IrzEyoo)&UEh6^wmOi$lhog*dGx;oqK%3kr45iPctm~=8;jC!ajmi z>fsjX!6(V}KvBwQkeEjP9--Y*ks+rdLjB9#!Z~^Znd`y_z+0nC^S%&NBg|Xj*pV93 z_&CJ^77}p_jQZz|vz1m{|EV$U*VWSw4TpyS3U~*K62@Camg)Qed%?PyAbF4v^f1TV z!{OPNZ9AL>m5Em=(#iYO71@l&G`U%>r^?b2lOEIkx4OE~H`%VsnCx29kI=IL(jX~G z(xMjx%4Xj<@MY{{nDP zIT$K@Bc(|Y zsRB`u76{nvXT>Aw9Me%ps$D^WAQ;H$POZ$vGFBU+G~G?OOFvYy#&uuOvR;!lf9SuX zA+PY7wtef*&$f#o6OET`)tC$EJgOykfMvq_CjYj!bJg@oZqKDAw*LZ z3rL-sIuo%+WBl8r4`cMvtZp-3)ZQ#WxP22a1NI8_BFxr;+H!d4DfUcBr|rbr#cfnb z!vz63dW$R}(Ei&+mJ1TG#H83j4x%~&y%ncy@s%QYngdyiEd>k%p<2MtszM}{>20^}Qewz!*|9Evnr(2{|=3Lex9p}+kI{lyb{man2Y_#%=W2!Y56|bn1y` z@iU7J@TIyRLY3?KREt`ptBZ#}oLF}lfMI=RbP=LLGaILKa@sr_lkU`MZMS!EX}6b| zj6_jX#Q+ml5Ej!|SVX```fd8neX6YzfLMMAmKZE0lAky6%2Mhl?8t#kcQiBRtQbZn zc4>?dZ}v0BgnxNIJKG@P1axGUF!(5DoT;A+vdk-b`c7+$n^4VaWIj58Uw%I`eCGmz z;eiskQBy9chJuofq71f~YaxT&1E%;c>??|bDh!1U6wN)@n}8|PHPQbDmwtij5v>ZI zQ9k+X(#J3$mTo(Y?aoIgOOhVaAe(J9J8)F^s5OQ~vn!2PDKfpS2XGf|H)BiMJbs0i z%nOHQPEL^RCvnZMyGj!7%{~BcVZ4XT!wN49t-z$g{grP9-_r4&=wypL+f?dKyKP9= zS3fL-QdSo6xqdX^D2|G%CnVx)-ggSQB8fd++hs4ZE$Tyy|m@;i6>`qgjPSjDWBK|o-yQvs8FlSW-OBl1w1a z3Gpsz>R8SKkXZb99?)QZA?jAzF;T&`*2E4|hrFo5AHO>f-Je&=P{2XdaOJvMtY?$9 zFEW_!h^}*b=e*+-<(V+N&wG_=;!d|RyLXkXtrBzKMeJEWRZ$`aR?rbUq41a{7URPE z(&a0JR~=LwLXqvyC|V~)X|He$vkNZ07E!}!mCX$c5EG6-!=ikCJIP@FVM*nqpVtdm zuz}L&Y;$J5M@P8#Qx#7;39f;7=kPd;jNMFqj9rVTHP@apOYy;Gb}b93=OtO`0}|ig zmq3C146dl*u@;MbFCn(R*{jy^^{T?Q!5p8|4Ph=4Zz-vwU3a@Mrob@%mlq>Vw0#FJ zFV4?-bYRfu58`FD38PzD?SflraMZbSl}_NphntIJ6ZgRNGGxQQa~2}ei;YstDa%4t zve4AM{~z2P>ZP7@l?F@YsOL?zEKae(XgoKaY0uZs@!J|D#u=^A7dh3#oR-I7geAz8 zfzd`Hlmpa6lKz`kDm>j9vezF2k-*Aw`EvbK?k@}GWQPuBeC8w#WfE{HfHEtX`H=Hb z0#LFcc~WXKk<*I*M&>w>{bjVeo{(<~{QX;%9T%AjSVW;!9z^vNjEq|(bB28+!2juWd#ltF}t~60j*a)s}_U2sw=cP z>dp%A0D@PVAL4`YG7HUM^@rQeth)AS>{&J;Wh#Q;vkgLO+9)Sv0GxL4{tz4>j7i zYA}Hvz^XJ*De0wFW}s9S|As2eH3le)816@KoD@yZE}%p8SO43KKXv9lV>N6nc~;IE zDFeZrTXvn3>ftg9T`^BCo;hW@%TgxrLX4*r*~mje2{cfp;vwy<0~UPKC>G5 z5rcl{6(xIr*QwOXKg!}ai~!q;68NJ8YM3V5){kh<{i6m8nxQLpR_xq}dhjq!#3?i? zG!5|cADH0Ou2Ee`YhYS6avmnL^&@Z2Ox3;WP;<5?GB{J3@5AHym<}>0CMWhk!5CWG z(tap2$>;t)abx=)*Ga2x?uVv6r6ZU1M`CC;!O!hB2Rdh~pH`2UV97JC(Hid$xm+Qw zYU!9CZ&oFs6NgJ-ZUc4d+Yz8kfo;1EH(mpGO+3s$WD|Xwx(Wx0S^E{+!?c6V+gKM_ zc?-$5mo)2SwooQ%rxnID2w8FqC61C-Zs<%e?6j>0MWyHWNrS(9$$d<|C2oXn+aw~- zr&qbrVUA>cUTP0<0L>qN$!UCOiF6Sho#M3iWct#Et*6sUWd%sas)Hl>xhYmQX>@0} z8gT`79??YfA4y?-EiW1S8&8B5l{80Nt~oFaQ&NN|C5cN$scq~$%O{k*%&gSDlXVmP zT*pCA(H0UGA7Qos=+4NC=xxuV;>~NX-nS(5#Fh2(J|DS%?d6$(OWNXfpZ^*Y6_!;@8f(e+;z3Wy627CfY=h9>TbQ9;@>rNNTc|L97$T)Z5jOjbFC{3hFK1G2)< z8AIzbrWleG4-c?Mtq(Up^jPMu))0EeXhxxZh*GJ6dfEFRrmsuXoY~iC9a0K#tkbJS zs|ZbU6q(`wSia&+HNQEXW&EzkGs6ll^F>L4DWqz|;hHVKa&2nc%1vg`@g{!bIsqkF z+z|7wr!{rRBQC+14e4niZ;`-iH|qNbIUT;C;@b@EbZb|5w*&GMhoca$Won#7E~@Lq z;%s>|PoR5~U>Ws+!MzYT-r}}IZl>;dMo*eFb#sFiIqQN2dsfg)L zm*&@&&$e(|tQ5v$0`}y>YtrkV3$zbEeEn1+HZ}5HW;9ZQeiqQx?x8HN9y$MEia$s@ zW>HDx5u{;SL%I4oZ9YG}_Hz9`5t=6X+64|@_WAfbS?3`=Df29fCSfwJ@I?Vmj@T(p znIXtbOx&{PLo*LPq42ZqUG0FahZl1$m9LI0DSvi%=oh95 ztFZwPD1HTZOYb~BJ_2d{>sHsqHLvjj)Jj|X!#8bSuSF%q{?*M!W6WY!It*(3$?spG zLb|Q%XL+ne*VXVg1`?XruGXuVUi!o7$&4y3?S|r+N|^Naj&(ojw(M`-EgACtECIZ7 z)Q5EaZ__=OQ`)(zp5RP4j~-A6dkw1;@C;KhJLFMW>XlW#x{WJpGCTQ4`SVQo(NY z3o&Hb`Sr?4;2mkP!=$|%GXhGWftGYno>*2+xXdjE|C&Ky@hdU9pRk+Sp<{7uFH ze`S05)%10KjhWk<&b3X`M`D|AVrjFWj9U6qHY}yMXk@~_ab!pl3qk@@9)pD1YnuHN zpI$!!kqHz!RmfGZ?@}5fjd!BkRx*MwBjyG4gbz;tE+I$zB=76Dk9@S}ptcF~rW4wP zX$$)Y+KF1qFtES%O;L}R51JD|rxyrb^;XO^v4mZpkFxFVJ{Q8a^=d2)LJ ztzXxxm7s5LzqPZx>f{+;MYdmBE>~0<&*BI}=`hjSX(x@!q8WW^j)d&GI}?6y-}6yt zv9!PDX5;91$mkCp#g**Gj;4>!RywdcelcFuV-_nW6EuvmJ){|xm7PHr|Dsu)KsVgI zLdW`5_mJl8fR72hAP%)bWKxC$YZ{=)d5k?u&D6^h#P!~`4@8S$Fb4KE1`C%+P(t0CR=CBJuJl^%a%Bnezo|oilI)hzkd6#KBxmGKh5JTO#}%h{s$uam z>A2>9^=dDxD=Lu^!O;_=_M-z=AI6l6&&7j=SL($vujns-6#aUbnn8=t&qpvd!`P@_ zN7{l9M3M?Y+Z9IpxQ6A&);DkjvrLOlBl(tq!2kEnUw6qRC5_|qn?;Uq-QK1HyWV-t z3du+5y^URAb3PJsr`g*}yH`Hz4SqnQYppRE4BkL;MGj~Cp38|4$)t&bQW#q6OheL_ z7A+oQaAF<2;{LL$jk4n-nZFQe`1Qa!!|dZaoaIfkm1#NS*I19g`H2eY3JBHfaTofD zfvllsy-%z1?!VTzb+^DA2zeMOHvQ*BfWM@%_8oiB3feH4*b&k({OBGGlz zT0}cDqO^r1eI=@IVB+)Z@sGfTku@~Kx!Cz)4`#0GnA=Z$xzT@IO#F8#1oT#vt{i+_ zqoneIiID)BWVE7T_*T$N5bd;{0<&sBG7XIFst`-j$z?Da2I_yN2H#^a^t5WP|L=xo z320VOI7km`zaYk=v&=K;Q+T_)M9#K=zTNuSG1wQvlkOJR-kv16HYKI>t(wsp@n zr5mrZ@x&Jue9wv@kc7D8Uq7tp4=e&U&Tk&>1KWBK5Kjrt{5Q^h5J3zK5=H5(cwrhud?Kpr~3rWi~!C(U?| zP7&H|B>%Kz!uBWo(WiR$YN5f0l!QwtTD*$87fdr(ZGNQnegKpR#x%e-A#gHzv?ahQ z!zttVrOnKbo*}GqXkxq1EwS&o81Ao3Vb;oIOqJfDqaWYv=km8QL}han5TBVb^tO?r z7&48wXD5iL0JlfA z>O0hIw#kAwjg%Nh7(-FT-FA>&MIG6X3$l=vg)`%5stfk}VoBFWCu#&MZAPYR$nz3! zR=R(2vO0+RrX8*RWXOP<-Npj${kpr!?c0}B{bczBF<z+`#uBVNq za!-b};D9Tv@UNMWqAIw{r1$Nnln{<{e}!yR9qq}XX*6{E`g|58V3Li&BuD3y;xm{U4>s{)Mc7zjRBWF_UBApvC9 zwn{*5QqHpp4r-7(Hv?P~XpH&KE7lfS9+U|CgSc)fV>BnMESGdaY*3J*%0{IQ5NWRT zLel=|=a$F|lO$2A=Rs;Ny-tSwN|NXAf~4lUQBA*YXRM4N^s2&!*(PJ{pp@iV{6lJo2|Gr&8V>z`lOs2WB!Fm!Ku*q;&Jx$=DYVZ)hVZT-bc zy^e^qJ~vl71hM4>v)P*d#?$lUmq*1^Rwmt;=|{o_X2w;?Bci73bx{Mzz3)$znMXHf z(c>w+6)hD33;U4`F9HDsw|oaR)7{+Q)sru(D04P$t#tS_uA1=VZyh(_pI^NLjy=|- zf}&(+gg|O6FUm~wB{Vv}5Q#1Z4V@&1f>=>4pE*;~6qC%bG8*-NNy?})B|VrlTD!bDn#-ln<^OoAhs73;?L^Y#kF zgF1`({eBlJ0f4r0J@g+rc5*+SU};oo!DK(c8bd;#9Vw$Q$1cJyB^b*h=9l=;V;Zx; zZE`}J&7@NQAJR__$d^Zq;w*ocYcVQk_${MeCJ32aDm+tm%rWCgf)(pz&jL;MN=ai` z;=+@i;PMzO|0K7rmcw`H!kU%g<1YZ5CvMB}(fyC#ja6LpTbXKyo4YVXz|&sIb=3ra z_uaQqCtOoXMvDzy{4#QNCSann3KROR@gevpWMmRD!s$~K`}eUWS4lxa{F@D{8F3UpFoQL1i`aMlly%Ht{K2lMtp3VvX7MWnoa+lO*~cHyrHSnzzs z;)GRNHH?eRh0+`PWeWlw8X6g)1jg_)7SZkgC&>_Q8gutERS5Hw->+W%H7wAfgk%k|2A#McZ}eqSySxg7EPBVK22hT#*a?F6AmwZSGEgAAc8H5=j=z-hxT$` zq(7Ol$oFmfr;efap3JRbt%QjdBtuY zf1ebb3>zulHvN`kv^&^4-A>v-mbA2!*=;jEhrc*;d348%QXv{-O@y{J5yCZufigE* zs_ZTG`=%Gdq-F7ZYc-|K8($3I@uL4`S=5l~r%X<4rq>{~U75?ftilp^fYLYcl;DS{ z!{?sx9F{Z|`e2ee%uuxJc3CgQxHCmAa-7v$N0#voF_n%3F9uKFfcaVazxq;It5n+~ zt3LzL8u88j(Th?az6Yt2KReuP1ZX4R-r?@RGd-oi~NK%v%Z(hsrJ|2RW08 z6MKKxy}|m6AK*<1%T#4N(xfPQ?qQEce8=-k&DU%A^qoh}@*-6@)!Z>0BX?p-7;U#| z53hdE7w-bTveKq*>G0A7T}`j=WM7BG!gF#Ecy2O3M* zOFk*9;^ueoym*9}WpAfM_)RQ04jFQKOXM(~G?pq%r7L{JJWaV9;{2Glc$D2)9Pz`d zLJNctB|bt`VD$8Sx_!qI&GBhw#qVT?me8X{{_g8DJW;9I^*uXJm&m*#?VtD+e{OAL z+Y)~BAC#z%B1!dxY&)0bKCUHvZz#?VikJ0YVkK`K7DJD9@`EaQyP)s?(Y{K!=VjLG zp;Y(g&(r%IVDIF9zE1R+jZq4Xc-4DfnoPoHF0$-n6r1^eQn1~JB9DXl0CkTdOutH< zjL8D;y_jkgwAmL@$qnc0B(KstSW+{9WsWiR#L|75n)JyLKKS99fYP%T3k{3a;7%|; zX!N@41@i>{$l6_L21^b_HJ~sQ)&<_g?a2gDn5T2k0B|}|!$ptyb z3ZN-tnYqXOoFkEqQ-S6P{AT~p6#P8k)z##ow3+&51PeI9*(C#!JdY3%n%rti(fFj* z^;A}mj0zWPSDylnVi`!P3%&YI4 z8kj9ENL((e?<-wj+bqkrq7<@uV?N^E{(2JKu6MdoV6x?sC%V&WCfKN5pG`y)sNLO7 z^U8knKk3W8O>%*cn>bG5cF{q5(5g;h`}%Aym8oMd7q0$0m&Zege^_yLLvuytg2-=w zVkk{EHxoIdbNI~}w&IFwE2D`kP6T+l=lY3LPBv2>lVBI;pH}I$n<_R3=M=N$V*rm2We5Eu;=>c3LEODl)Q zURFF3Zz3KQ=SF%XWbkd*e(Cmt}vApbzc5g?lbJCczj8eadzx8TBm#t zT$%Pnh?{bXT3gNcqPe0gND9ixDt_3k9+HWlMJH1IP_3LD^nIZHYf?8O-#-IvLzFK` zo3~`-_neQ96M|zjBHRx+8j_>?^?c?|x&s%VT;=h^z3o$CS$mKRj0i}K*cfT+brnt- z!F#8Nn}_E#Sc>GzmUI!PS`=cBTfe6Z_8M5j!A625?_;F0?T;6R=!{0AHVFoSwG)8U;h|QyFY$;(V+(N0|~qgob23n3am-cgbe}NCbGLZ>sO{CZQfId`o9@ti#|$Ko+uU536E~_>m$v^L zQPHNFw%en)G#XFUc_5*Zw`-M;TdggNpP};BmeYK!H$Uy9yc^VHe?3km;A(cjy`8=t za=UF?CW>FW8fijvs|M{d$2P2a|86>6D@?nIjpW!pzr%I=E;PNrZM6t3^0@~Iy)1=^ zy(xP3>15q=v=S&nq6JnTEib8&jP2^35bv@+s84S32c6SOA%{&M%Pz!#!V`(jDjVUM zTvLJD}2k*|nb1_9X7?cj`hxSEKWaJUR2&E`y z&XyJk9h`yKb<9ZOlVavrfn?TJt5w7b_%EGNxN z4~@1~f1LO#k3P;$yP5`(roqlXiVHzBw%f+nDU7UxOs@-j4AoaCAe#w+kt#nGQJ0+k zA1E8kOpoG9hit8dcmU$>H&vkQP_~Y3?FPox=%0x(Sjr*-qCz1Kz*T}@B4{@X`LUv~lGl)0_4$YssDEK41 zD+h-Gi;JLrYzp+Z(#O*@^ro5LrB#h1IHnqI!P5dcyc?8{oN7Ej7w>L2&x}2s-t)<3vIj5L)!hKF&+ou= zmEAetrW=oAkb*%tbd&hOcD>BOS=8;iT0l05ZWyR^LCw(A*Nf5GMC|;dxM#{26*h!_ z7;Nfp`oTQYnG%O z30@4!04{FDwp)}hIJFD>l8mE+N&SD}NQ86@^fPL{mM=N1ta=u-J{F?)Arv`%Y zX{Yz~z~eYNpb{$R;H}b`=s+KrydFr;K~5Y8cQ2KEKtZudpWn505s=a~g=ov8=k>b{ z%%XPyO>jDYJ(lnR-o$MrBTH2Soj54z?Hu6QK1qGG1RL@aF+X$mE{X-6~JpfSc@Ve)DPAcym^h zU2RG>>*PzSbHSDU<`x=@{8ieg`-JYji`jc?&iF3{;iTcm0L6E>!7r8^d@1D z+2BC(FhH-Ax%SRYTgqWifl`sjx#1f2BA_+XH_W_>6YXNX~j7*w>o+C~dPuEp~<8zQ}Gr({V>oAM#QJ(kbs# zBMAJ;5Sw-`JENUp24j$=j}#!$*Q#tj@Wm-+)PQAHkd0r$Fpu8m81@9BM;_LX+fvCk z%<)8@?|*sg!Y$FOcop&Uch}I2v-G<^_pJT57HEXN$`*n=Kvz+CsELAD=wt2&^+bPc zaxgNcvk;E5%Iv1CPSO4gA^-pDYD)OW@0CB!hkWlWQMh2l#|l8?DKnNrVOLN-=(Q%~ zTC`a)^N?DuwPCkUOX63UL$sAldnM$HnlvDvkzej_F|;0Wa5jqbZlfO$Eh>Wdq~mHY zqWgBUc@>e+gKIo;lvVNTlFrL|jElY(mS*)T^7^tmwly5mk~aMkw4~Eqm!-3eqjBI+Tj~vZXN#6%%;N%@$5RrwAD8{kfO{ z5-j`H_jK(8%XU?dees&h8^Nv3+?L`CrG2~(46n+cUL~*Mj5&FUF0+`X#st`)sRP}L zK|!2W$m%`*h6p)un^_)F0?@VR9w6(yn zK2zNMdn)cXd3D*}(Cr08=}FA+*M1G5+iYg;9r1ei<=}569U%rukg>!rGax6X44-7= z0A1gDCSi)0e)#ApOdE!NokS1VXco?qsH`_Cj#vDa3?n9{^S|WF`5*$OC2aAPy(d{2+mJP`h`~m6+HQtryPp@XyVJ_R zM|dv>MBL~{NEN_}II!Hmxn;IM7akL;FX>!vJ6>cv-uf5?S^Z8$0B*No1d$P~nF8a; zCqvC#gzTS{88ZvcwmLLlzAe1@zuEv^Bn{q&ycg{p3&>UL#G4t8@JAXpp2+R`6sdVO zq@0}~*w^m0Uz$XY3Xw#$#A7fczf!qZwf^Y$Gg^4z-YK5($useh0jNTr>rMXtI+Vxb zUMjRDu;m+XJy#Ue=5(_yX>8Q_Q@iHl4}$odXWlBKRWvd0 zDL0UeoXy!3Rsvb{Xt`({W9!Q$u$m2MUZE@ea>FIyT~mCE@z=gj?O>?gZkIE|KNd~M zzW;uNb^PP*i7*7fxb=G4|F!5ZG#6WG8q5UyiJ+Rt{;hovdDPRT+E2011DQXqp=@;X zh_`5-NFSY?s+=-i@2K4BA209hmzdantFG4B5!^Ya>aJzJZ7M0+2p5roWM!G8v6Vl5 z5sKOcNt?^97g|ib5Yc>@OZG3qSegHNELwcHrol~aa zrz`ZxSSL&(RQ ztBhyJR3%wZnD(Z*wxXY8HQBCXXtQR2jfG^U$$L9H>)u4=gssYD8XS+o0L&$~j;b=13myEgJSeG2%F_3$K%JmdhBoTQm4j*YX>~4w;l3@8f~U;Q-(d*y;r&FL z3x3|Z@8whLi0o{{fSv%7DB1b3D~nfBHx>uZMx3 zet^{ded;fWLbwc3kQ@U2HO1}j2e^Eu%n7+y)Cqgn8#n$Y++aMTgXy|h8*8eVPnP3l z$7hF&&*O#ZjCBrV402*-4ZDfgd@ws8XNbhJ%uyuj9XB zK>I*s$3Ru#A%u%oQ3)ZwK6GG(`qwJdq{b~*jbY+Nt*adb8Ymzar3&Az8EeyMi~VSf z4dToT1Kr;3|+=wfvbCN>8yD zqW|a$e!G#;xmh*)DIRPU+WX)0a9{mi2Wh_f&ZrWuh!MS zEHZ6Z79uT%kD9EV(qB}bw5HXjweW=Dc0|>U5j$@_c8Q|O?+6)Fb=ZuETVla(AaoZ+ zupB8?p62?OZ~bd@F^O;~0V1wSn#quA(1ZhgN2jwxrGt3Q<+}yyqIqgYYISx2;7~9Sc$tLOe>0CzHZ>j1afzBZj0DmtO{W+obl#_ z-`12cm3b2oV7?5;Jib$rGFg2|G8VN$elg!fv5r;T=9-^ZI;F9=B(QpnTt=I@>ZHqq zmi+}a-@=2%i(T0cAFr7W2TQE$MuD4(yl*k?TRPZv{ip)3?X$eq+vBaQIiYjP-V?r} zkRm`mWY4Twetfj&hO)XPzB+`@nnA{_ad86y1aR4hL27^N2decMXgh8ruV~W|@XzO~ zrA(ESu`z69s&ZwOvYG>JV|-;%x;kT^%7A-~BO=@sdVkWB|S0Ae=)J(GQ~5Y-#B zqgsD*@YT}6W$+fBD>vhKmTc0^zHc$N(?K^sV?PFku8OmD3%H`Ij~@TBZVq!r;j;>N z13tRoD@>;pEE<$L7HXP8J1@m+dE3{4-MFQn&Qk79fO;B7>E)^U^Oa{S#q-%^9LM{r zvSh-G*X~a$<|W#M;r7q19!72MAjh)NUQ4???q2`Wnn$lT*mDQIrKg*9q=y+(z~t2T z35!?x32R=e_EfTH8N&L}ytgwiiXVNOtZrCO(bDc-|Gv~~aDFj=`H-0p*97FY()(3S zylnX%xc7%nj(f@+_JIBlSUY0lX***pfl+ob2C}%n)b~)?;UBzsE6ER1Z}-I+K09Z%$x&0jQ^8=yZaJH?P{wN+M=?W9WH2QCeHx@R*ruz*XWCP zkJzalsi8D6L(-E&g3t~0PXotgLO~6H4&(meECLhADxPS;WSzEqG!8OpzjL~Izlk>9 zSjtQAC+gsbB_=VZ1(?ixt03|}Y~!zAu~Jtz&l?-7W9 zkKu+frgL7y9UhJ1fO<)ncwbM9b0R!tr#vhX-zl6B&vcSrRO#jlyD%au(HztWq8sEd z(!c&{XC<2G{>@MesG6`7+#0@`lx&nh!}*30MJbMvOuw42S|D?@ovLg)tri-A9Eq2p z=bW9IY<^eSBAvoKDLoRj-H}VaR8|r0++t-4`=?ICT80%9SKrs%VMt+b!c9Ifx#Ki} zww4l z^JG)QJwoDW^%mauiWlo6hjErK{xHW+nlmiCN#RtZ_VP+`@ykwi^2P(F@rtwh(Eu(h zjSJP2ItK2`?ze#@b7wb~GS3F@h`5N&8P*N@S8Og5!f_blvbnU$g13sQ+ z%Q@#X2SOxGGHF#P`)NX&);F7n2xvynch0Ul7sl)tXML0QzituB4EqN;l-j^ zpDTEuh$vdNXtH)mmw5>>>#W<=L4Z(>b$9+bTTlbi!4i*UlI875BCk7-)nFI{AN z8uV4$*k#)}!DB-cJK-8(kZU$~J>lXZE>A0(vd3sy?qmA$#m4F{`A4HmTyEMY%hBKy z4}HGTeM3Xauo?nqGlYKa5AFoke(w=h^mh-&6d$q+vOkuXb^U7n^ie`A#vf1&0u2WX zZpkmSAlLtb{$Ir`$CWrz?twI^=9j;Db+TO$P!HwZj52Gp{@y6WS^*qW5?^b{JSj0p zNd2X{AWD-c)}XmqkT>Pkh+zedcI?8jSz-$uJNs2r7LI**-VWQ|ICxOx+wX9e#qWsk zK9Et@m{}*>R9v?M=)u%9vG46d^oe=0W`tFa8=JdSv%=S)qHz7qi81S)27kJAS+ZYTuA)` z6kPa@+*$OUoUkZ5tHXp>_pg5#j9)DXn=eT**@H-HUb4s9zD|84eYbVVS&jqmVHQ!l^5xE7|)MAIv;y!R$Gf zNc{xx+5-m?X0>ZG9zlwuCcw}2r~P5OGR@g=H$gya9FAw};1x{9VB))xU@OU0fI=4y zKW)L0LMDpq56OdgR7Md0l_sn6`sTA$w;>yfnm5i$`E?d9IGePK1k4pfCL_UBGJ1rB z{6Nk-4_h z2*O-@^xX_CjY~u;FXe5c)3t+NXEb8VX-`?`vNrXAJ{?K%+YIxSh+xdr3yTJzb@3Ly z+x9WYFOaJZ83?9*HNYiQPXGR&733?98-A%esDzL^ung?sq2!Cduxpm2_^X^WiUBT{ zU3iYRtOcl+4+9Uu zfg7|DG0YDw>c{Vl0#OssKFEwE`&PzJ6wa}*%dRUiPWa4%n$#E-toX@Ji8?N0L4BOiWf8&(6S&aAs>UB1d!r=XB|kw&Mvkh@frk` zd^Ol*S3&uYkNNN&q?fIVQBgWRa?!8xPB~(CsZpZ=WwEEjDu#syWH{|A-!7La++?O8Q*cn>?=xf+m%xrcfv*Eo%-)* z1CTTv;YfO^-IdZxt^NG@tF|EcDUwsx{Bm$+wuzx_adP*3m(Xz|UDHgu>Dco4>QKd< zi=I4GZl`R9nA(JU+&qT zzFBer$Cj+?oY^aXxi)z?0Qc9srFTu*Tv5`crf||orq}}ZH{`ELpJ2;xFQQ&rtnF65 zzg{MN))?8A>orvPm}iJg1`?fkv7R*~o3;trLykX|uv6duN#O-1F!?XJgo>xuYcx^% zkP0EL*H3-G9?C6!E!~tVW*1!QlX5?~@ZQzLe!tEOVQa~8sraNQ`z{I?Ce02gC)!AM8TF-bg_lx`pzi4u~PKzC!a z-~$3WSp+dCFzAawh_Ao3==A>|Eds)dD32%M2sVmMX@Jm`TQpFaB3hQJK1!lKdh{-W zPE-cuG{@39mnjDY_0|a&z?HHSzQ|qgG~eJam^BC-cKyhoWL*=%#k8+q2<52U(f2C7*$yCUT~sb@Ti6wMe-c}!$nfnv-F&!8N&v0 zI}`r@QXvuJ6P3vQuBrihjqK%LWRwk1s;6nSxh?vstJC(cK^}U*sud+d)`I~E(^zji zP4)dx>O;$GJiX9ma^oEm#E_@g0|FDMtc1xW>vH15$w?3z|ORHA>vD*cUu@H$L7P3(m(4z3yUIW zRYTvt>OnKxH zPNow!4ai{uRic9s#T?qNgis9{Z~QkL3>WO(DKg8PC3o;KbEwVJ`mM@MdLC)rF#TsS zhW|hq>L$qePeaJEUcxe-T+GMd^Cb3Hu+fbA9;#89DNxwCRH0tny*c?up4HfKS-+)! z{tjd|QOU(PDNzMMQbY$kc-x?5$ZAS-5#S>K%<|#Wln!w-z%IR!lVU0_}4>j`91JQTIIV0iIuI(ncmN79%|xAvC7ZJ5bDs9fDkm z+^*O;qI}jx(3T7c%bIqjvpYt97GE=CLB%E{h(Pq-iCVMfSX}(UeZMxX)N`C{e!$X4qrV+ zo;<1fjKL%KtyHH!3Q;wR!<67VcrF9mn6*PvP)19bs_?6Vu@L`YOpZgN7rFTVfdrs9 zf?qkvfGSO~atlILD8=(m$)f4a4CkINUGZ?6Dcuw9ufjtM?bqA<^%4a`GDIlXmp{bN zKBDJydtk0Bx|569$#APIURQdF&T!QI%lq?vXb`D_ z&I&3k>^ngljO@bxB$n@@fLiP)TZ-cEza^mlr1bW3?LkRUqlMpXLU)9yOZlZDf)2;1 za`bEi5_1s*JN@KqJP(%TT`j2NLMlMX#H7-u1cp46OA-q&Cd)LlU)|`RWxR6Jq~@2i&`n;i5NPnI??!@KQ%idzN=k#nn)}QSJ7Fk2arS`&uLep{!y;-pBLtT zLJ3||?IwYUIOOXzs&s+(8Wg^|D$>{2SQ+ivkS*ScbS)1jv|4!4k}kQIM$z)e1x3_9 z$oM0`gE{g%+Oc99x+5Aly?fO+IwfW?^8Q9mW?x3;_IIfGl_DN+Ppv){1@bv>_27VC zcn~(~+&~`vL`0V=!6Gxphhn0ChXHRShfe0C^fu7E`h?~ydIlJQq_BITp#RX;Z&JorHyFfH^JMzMZ)dd<+>}q-FI(lTr<=j%h9}Vv@0#1dEf0_UM6;FA}rK8sW|3? zj_~`gy=_L7JEIS*VjcvZfpzh)%YMr`p;nsUGsL? zQS{I=zT(y3C$Qe^u2%XYKb@AQ_ z@;|TtWmiywDCcXczTCejUJ9-^agTC{ZKMU6)nnqr) zt67Lq_a*lUUovfywc~xbT_gzE=so>gn2qf>KS*m2Afj%CCGY)L`*2? zsenrR2p1vSAkZjrAyZBB>RSdh)wsm`hZSvEP~Zo2DR*sJvWjN(4TFsy0Upls1j$n( zd-6@;8`W#+s+f{hb?2-@yIx(c#IrsKu&7 zXvJL}h~!E^ogqq=$Ii9Y?S?VLJNuQum86K-&UhDirpw{t4Nb*=!Hb(pjF!6yb&xe_ z_3pQlNYz%{i^LxNX11S8o`~6TIhCI_(_r92mB_>w)2Z3{Dvfyf9oe5EH9?OmgW5Id z7_c_6v@v)n?=7F5+jwS7ZiZ+)9%UxqxqnG#{m`Ovd%47Zz}Bw}@M^xYvL+fr?;;Ak z!goTsigXu%T1>cfRc1C_b?N+&z|fHYu4@zRI>Grq4(nlZ!B%N?k0nkDc5DJaCEp>2b1qoJ1d80xBTjsUR@StYQizgVmiPuV`&X&(iS1LCoN=hd`X?D z6ODp)Hrm>w(N@7;kUUXfL1})m=~&jgOnEm16i;n%4YX2T+XD=c`iXRYwgK^VKqzvS zgrlQxO0#+z{JXGk0b8;-*{C;E1BT`}^Qh#?UC?mgOcclcr-@I4Tzm-`ndiF3m@sk4 z#B(cOJ~f@lvwQjEFppYxzW=&in3z)a_9eim<+R)}G)@7ht=tIn2isxpyxPw)(*Z_?-I55~#8AK}t9k}85s5@Hyb?!OX@mK9AUi_i z3>&If!H@$P3NB*D)X{P)6%5R>mp$jRPA^)H7r?Swzj|z4=52fGpbdD~c7o`*SJ7|N z43L;2HjW9$P$sFups50$+S`RE-=EqTFnDaWb}w7`EYBWV)au(~?$>{P9RXj7{tf0F zSbNcpKl;q?>t&2XZ>(=;_?{7;dLuFYp=HnRCflVr%7tOMSj0YOp%crIqjU`6W;Tnx z&Jl?@iZX>akNIcS-nQtWsA-DXzuy{L4auYzz`$8!l;i!xYAQaPpD(SbU|jde9$#eX z7D6@MS;;vCc_|}YReKic4cA(y#ViK?--ozLlZdl1WnO0;#Q`RKfL27T)}CKhE@vpQ z5LaO>YIlu|zkkNeS@3B13nMM}e*zOm@;+ajl-4655Y)&H{@i_*R~I-lcA*7IJ?l@M z^;6ISt8b3CUd$CMAX14NAsEK(ntv_Ut{7pp3-J93?*9DuC|I$AeR~ds$A7$b-(Mln z8Hb|rv+s*ypWS~CyJ5J7vg5l(#qg$V@4aU=w91FyqGkUl4UrA<`&k@B3;`qDo7h`h ztx=^x(yI3SOTHf*o5`9gOh%BzKdoMrwk;h%%Cc3n`J) zv;l0ni=sl7BM^64P->v%>4XlWtJOojYgimbO;gBZVy-gp{00;DUs}x>jx0nbXoLaV zAbhcbGE0=_)OBhbW36@65>~(Q07N*=b2qOqDj!!l>mYLn}T$bXX(?j}*(}jc` z4DPlmw8{-^zMRGeSZS8N86!eQSf8*GBQ$ESOKy3?aHEh{>J zs{ckEYw=38*FJ`P+>rX=%)eLHGl=<27q}LEr<(Acr<;16rXJPTL9i|gLx`^O+rxEO z>gn(X@bt63J~LelJMa0Y6L81*7>F?Q!kOFMk=4mo69M^8m_=Po(R35Ez0$q8TsT*) zTFlOJSC_5f8SAWAVV^!yP;v=Q-U`t9%lMG!ItxwHu=kzFkUUC0nn#j=Ua zGqf!GCZZ#X{4X^sPa%ONsS@-0T{XyG*7SbS1X265B^^ju0o}GY6um#(zdDv)H6@6Q zvHO;0p}njr9jDJd9mtsrqbXe{@6XcGFKZTG6c*lukfTMK-_(PKh8xRtVJxYVwBeEL zw$y$oCjYk-06Vt85$?V_Fi zu?=I4^~7sjn_EmYFVs&L1m;A6Dixkq4z4=jM$(u%CT%(CreK?5(aE*=iZO?JCJI7y zN-L*bS;=!w&MCcKKmJZN=yB8CFZ5HX2ZOc}wW{H6zJSqXVZ8yCOUBbJI5R0Tsv()# z?Pv;o#qegPEh6}mp)|Xt`Cc3~2BI-TjQA)n6rB`7E!4cs*b#&Cd51$06qxN(_kIUh z_B)aZli zCqG(}mAyG`Y7Tabl`o4Zs0jjo+!fx;#Y2)y% z&uviV8Vyvf4rtCLQi6Q%@i;71?(}$_>mAx;;kkRbx_ermgQ~{nvPo zzE)z@uz`U1FtDx*P84rT;+Z(R9>t@86k|n*v`X&?5J*&1Iw`P=p6)RDh=o-i*ZElO z2HI~_L;PPF?K(V!4ERptcjcb!X)uMDMQy=EQ+!rMm+!hSxo|k-S9(?arikmm7bX@R z44tUBybgI`V)48mZkM6C$elF@{2xzl>z&#T<$@X|-6C;*o_EYVYMT832=^^+!q7M+Lcq5IkG)cD+8v9ZsmbYNpTl6(19T2gA9pQbbM4!s zFgGHq4V+b@IN?!p>-D6JhFtf%Fw73T+&hTxaZ$gG=!(MqbKbEA5>w(TF*QiWIo<$i zDUP(zZv%Xs&r%++!M%64ee?$f#zN4OO#^s|DL?^JQ+tT8K^@nJz(9*ts)0?|WnIFk zIv-|r-k`7FSVuKr8H+x66AvM$<2U-V@}A62^)|JZ_WWT($(#Oq6&jB6%pDWZfSSL= z!*`(w47T;A_N{XU#AE2_s{G7`49k8;*a`GHY8H(l3K@JgPBbJFGRagl!40Bu&EoY0 z-tzrduI>n0^B%zvmgt!OGX!Bi2g}l(l7zJ_x<+d!zKY zH|C^91~W-PX5mX9uLXe9=_V5~Mr2cGKDfFw^*mpD=tKVLpLKI4k_8=5CMsTS;tmH( zXh0Z|XgBCC(q^E`gloDs?}C*iiP@Xd=A(q}w>fzS`G%rv3dyA+5eHF(cWXPtZP$<5 z{(_IKw}BPP*2sr}kLKp1uk>ZhQXk;GrqgSM%LxDmuSIK!)Kk#kf~gl6pGQ&QRwHl# z*+YY-42filuuJOWX+o!z+9^`-vxeJkgHgQ0!<`%-_Y$IfbkojIv>P2{A>{o;Txj#- zXgAz4;ap2TrrV*3P0^;cHCFflz_41idg}Pxt}*6&*JOAle7}5iDc|Cx!d(SGwxR)i z4vV|pt97H(oseEH1Qffp)koX$bJNCfR4q;}r(Oe#4MBF+^S8g&tV2|n80Ng> zo}*o!y1UUnHhbI&-Yf!N3F6tGW9e)OG0C5Immjl!9WdwJ#p^$6(0N3Bu} zcWIo2Y6YrbR`zxqPpw~PSu7WOKLUM6iU#5q3y2<+Qg#>i568p3o7PzCE!*z*GqLlyYHDX-CZS zUpfxvB)lYR!-wx3+rU$hhBsQ^!DZJ% z$}mv5GEOX>Cde-u69sc-3mt&P{i#}tW@@Ho%aEa{xO|el*!90JZB($g?k{d+hrmGl zee5oPKmLS@u?Vv!u&{Bm6fJVDF-kVV13aNDvES9kl!>|G%-nY?_<1Iyv~%E9MrvHX z-K?YOK6C#$y?+swtxE805nP4TYbKxW=buBo`Q7J_pH*}ESBB1UX=zZIQygJ_?j~1_3tV4;Kf;sK95s%+6V$ZT;&`9AREeO@nA%~C zSp=Pc#&UD7zMs>fcOordCH*kDAW zOQZWhxHd*>xU|Bk*vFk$z8 zu>e}>(?4(xbp?8tZ=m!x29i=7K(w|p2pCXi0!v&BE2iDanNITLqW03}(Ihba3s?{B zWWu~8Kj;@I)sP#22M4U~B~4=Q0M55jjIOHr^Dk@inrg|f*R;<<@}>Zj@RrY~^n3%~ zN!SjUQ*J-fFTS@J6i(?sEDsoboVfjY2Nu%!n~faW1=aiL>8WtH9o3~fzjRiMyW$`G zX*Ox$xuF3|yCa6DM^82Px%tQI4qXXnz7SlSeH!J~iNbQMT``>xSTMjpIhT|HSSw&@}l0ZRv183|9c!Fg34(V6;*x@DHG#+ zf5e`+F`;}GVNkxY3Ox=SCkRXhAyjd&kt|jVH5N(XQZ)#smh7NJhRvGNseIT z+|trd*|Ndh=1!iKg8UWkpA+oKpcp}%pz601WI~((|4w2(1aJ9z(LjQwR3?{L_}a=p zB|hkIl%;&D&;5#5!cMav8G-I337aD1|3h#aDuiW5Iy z2Gvx(qhV%x~EKAyLX>4Mkidxvy`in?_<@*MmJy#mgH)K%i; zk=IPr)O7d00oqBq$M-o=WW3_&g-pp>tgF}EgKsOfA9Lt6zZ61s^+;pw$PWPLVB?zU zX+$X1I2W}0ZJFnax`rmbnh((^{REatMF677PN3gjrNXeA0sMW$-wD9L8F*$qqnw!6{ ztM=typvM{hd{(%-x0ttzl^VGd(UmhB+x52!Ogc;z7`aG!e`i?7cfKRx4yZzG&}a}K z3Idgl^n5|Igx^uTa|-2c_4fLzY8-&6>$5PH1wz-^B~^LK))uYD$qs+dg_ z-z@r@d1}K1PMw(X5Qt{96S-zwEc0g-8b&eOe?{voxhabMVly;|u?lWO#*<|mz=%>= z2eZ!ZB8*}gTTOO2NA|1^u^Vbv)hd9cgKmjN{!51G59!?|^dp5%pqWx>H ziO}b8BW{(>jk6cr*r$!Sf04OiGY2c}#RmdfQ&Ie=IF@b{Q|!%Y!*)$hTq3ne)bWHk zQ@nUXSOpBJ{~v}krjeM68pl@uPE?ysCEYdr>8RY_XjZ4KKK;~aIjSA)?QR5sP!BMt zXD-^w{hB@D@oPh=Oj*+#OsnPmvmnQtW*sLnU&4Xct3rhRpE@}%t1pbJHFLprD7ZjC)9Z=9Y0sAjmCPEY9j2xj({TjOSg(8ffi0P~mwZKP4 zBc`^zF6q&AVG)Q_n7IEU_F%fSGJE7Y(u*pkJVQlqa7?FqWVY1yGkrXn*%yp>;(vtZ z*H$|6@~?qdN~H=klr>x)n%TM<$jLiI zF)o+@Vlk1#iOT#B-(Qrqd;MNC{#TZEja3Nv88Jfb1o^yP^DzE5tn>ZDsp8g5q3#Wi zYS0-FWe5iP{TU;bqg}%z*H#sIHWoUGE#9o5{qtQ)6~{H3GVWjdjg7DWIQDiP2N>FJ zuUt;WDT31nn$^^4&=X3C+va6e{HtvgdX%PdQ?Y@Z?;Oa1{=U%vo)v&!Jm@D;s-hEw zK^h(h>3)gme$891n|`_Fm)dCOZ%8bic+N>}3w>RU>qeXS^5Ba)yBL40#Fm0-s0yaZ zS^Yz&qhl>yU->L=&SoXO=CCJ-u(@)aB6nfV^@u!3Zl}_BMh0V)U3=a=+y6Y*6Wi;J zUgBXP`^VPybKan?ZDPRdqZtdI*%_VY#MvZw6Kv?y(>~jeM>Ch=#>)PCd9OB|PvSMgn?(|8JWbbovsBVkVeOX#fZ#5Z}+pLXrZm}6$eV!NUeeF7K zGs`6cOPW<2AfsmN_L}!ce*TZj52>%P*#Xc=R*NS&|$uxLxt|++yAA+IcS34_ZTWw zudpCYJ(vzw7zyN3QUJkg&kl&TiC|2>TGYI~(YqNe8-}|}9dl}b4B>VnZYphl_1oUj zocR$g*5AUaI`RAW>=tK5?8qt*%T2_H2T=`>BxNM9n4@?k<$Z(Lyn`f1|d=|S#&?Qd5h_ilsd0Jqi)+Ovqm4d?+5ka%I4i+4{y0*pUdXgOzzLGJeaS#s4Kzi%r3?{ zk=uOnc<8%ck~N!pIkt6S%qdvz(6OoOQoaSQLHirLqfm~J+vWU*hz(&xrA!mqLE;-w zx@l1HLWbU686lN^J5&f30O5=yWUS7+T@DKQZ=D?ey9iFDYA!sa>ld;t!R4(v^|ABb zBv|DEzGl~y^)_`WFp>+_Qc&nuJWffLHIi>u#Rx8%AUijAfC&Qp zjtmUaiPFr|8|R1+^oiDJL62^Gd7d zB6f~x70EF{eUiTvPA_{rsOZT|L>Gc>b@Bc0H7{YyHI;k+`bkW%E-;aq04mz`a0O?c zmOU|mfvcP8i^cfI()l3Y+g4rzzzXYeM5mLF@yWf$HMjY_ZJp}Cdk$#pxuK%Fc+JVD zT}$BCqdOpM$b98{vY&USa*DKidGV`dPV9;2S+di)P)VxPN_+v@g=cEDQXjE5eGae* za&=O{yD7WUo69+d)~zZbh&gnw0{K@_hnCG({9aSa8|*RNQ?>$6s&)eiX(D}xeU-GO z7&`II(O6VJ1oWJq)8ivZUUI(B%8=A9hxspdlnVyMkY7YqN>mEk^{Hui*V9IB{)DU~ z$Z)Et^gWY#8FU7YCrD({(g-=8!BNb<@5$izgBDuLKhY$7_@O&XN!}sjf_b3~y>VKM z%r%|v@nG|K4OEcwN!UBY<7h|jcp>FlgoI5n`x@#RhTUVFeL$X7-1*~ng`V}F5+|RI zkKuTpmcAIoa!$Eag4V*heAu+0@)h96j=f5LVfnYUITUao!#(jcU6*`5(4UpNjdI!ReSL4u5zTkvSjJ$j#-#*d+@}O55bFSxTd#R9zf|zKbv}0-t0Wh8S&3ei zn`ot{Ig}0kq&>l;JUV=B?`&;29gL;L=%HTZcMWH`(B@&uAT*@U=mIq07q1*^Kidv^ ztSF}LK39}jJ-hJ1gLSxF4LYlz(ZAm+wU^X|rbgOato|MsUa5J$uY3Kztrac1W{0=w zv{9z3*|xU?B|L z9v&ypm^)XQKx74t*j3^0oD8J=ld`|N@B_!oPUzbkZL;Aqgh-au4u>(l`iV^rj)cEb zmA^2zeLwk7II1Y#v8ildl-oYusjF-?FA{tE#8<7(ySQWJG_ibka~y-nEu@)h{p>m@ z^wa-+Z3B22TuC#&O2O;AJzbI8+Rm(LU+|TVZ{CRF>(xkI>!zvlczgQa4G|!KJ_|-y z3^X8LdfI>R4$DTS_Y-t9JSO%3W9llS@>qgwupq&m0KwheA-KDKxCDX(hu{qE5FCQL zdvJGmg1ZOT;IiL)*?rl+b7s!;slHuxtGoKvUyaJrA~-BICbxBRO?%|294pkM(qCS8 z(H<50M?{OIw}BZ`($HUj(t9rqnfHZCg{^i8@O^~H%#Iu+_bPoHCqWV`6^g~HOB0V4 z4Prb_wJAKKt*oY{)xkKcVy4e`>HypY8GkwF$N%dw5B>Cs^V7Ou0(WD-i!$PIDQ5&K z`{rK?T~*>7v(*8-`iIa)$^*0 zvsCAWio6oJz#itvyU&52IBi1c}+-kH4-X5jM>47Nol7L5H|pf{ui zR24jK3zro-_v-3||9;y-aqj2N@6^&Lap5JjR2Ag z*--dzsXDHL_++XZygL=%I8Sd|g|KeWjQ!m=k0thHhYP)yEJBg#2Zz8#Vo?g(L7~Hw z@Qlc=bob32Dq~+%|G78VzRhP@-#8j8;Qq)nmP61(CQRn@`Dh0?G^~4nssvb3;)Y+7 zTM3JzX8RBoPmi8=Z}wL=2g^rJ3~*k%z31P8up8D1TIPSeYdCI#X!*Uk{=+eKy8uR7 zErxy^t-`q9TDTV*2C0uaq=vaHoL}K^W!$>T@~;|xqr5VMnSM#1^a^LN-xNnk_;PE- zIJT<=yfmk@TzMo=+9DU0DoEw3bbagX@*Y~ig?>jS*Hmfo+rN0@1BG*=(l2Iuy_gX{_wCPJo(k$+D(8G3e)-^19E4wH9IC6(FR7qyv^wRQ0QXjrRN^_YUK41>rM*xYQy25njB z1MjjOA8xYSs8q$nAiVH^9O4a{W%1Q4jtr=U2__m)=!mA?j4z>^GVn1t|hsIGw<{mvGA&6|#Q-9a{f)Fs1 zBPOnuUqqYQ92%EQncb#f3U0*lpLSReH!bAZitL8K5ch+5xwr=4k#`Kg5SeGfoD_52 zER!i8f}am=kwt}@X0*`kBvpoWozQ~H>gJ^eny*B$g%KYc&_#^hRpRT#yPNL)OHZ&IzvD6J2kipVrmDJnZLXJpDJ=1RAk`~&8 zGYm9&QT{M_KrnzofZl3?u;!~sEPE#?(o*Gu7EjpkG8R=Wy16?qY?!rb|Lty78R36? zOG+)KZePFVMw5`y#)e_-8^X2^Xxs}d`@w=3)3{lEL=2$>; zd{L4!tAYL*%-KqKW)}Idk!kaQ>_+uUV+FuU_-{@t4X07Ck9>ch=6$zg+ONYLK~6_v zi4SignZ7UGaW3?v^a@n|-n=7gd6U60mUt=o)eooqd>ce|e&YNhZHeEoe>4K|~;5qvfn%jpMnl3pn$* zIM#2pYWd2eM?HX2{O2#q(fP`~T3I%{!vNSg3YfN_O4rcTM_eI z)?-?S^i-j+_~n-a=Vla&>O9ePo6EV!fe0K8!U^{Xuy$K zG~g_Y^M`jy`^w_%q=3a4+_`(Nj1uSB6-j&B1Jd}q%Vp)zvemIanW}MqJgO(ap7>7} z?CmVg*8P*^mfQRwm*4>p*kP;fJ3CVmZYnpbVj|7IjuUQMyi_hyD%>=}iP-_Y`l(u) z=Z@`O+szSElvP{r=ty>yh4LAL1P>mL<6*)NRx2aE;dtt?2>iQqtAg!IGm`x?E$?li zJO_KzisQlMCj%`)8OOlX)t7gxSG4Y}<%bn30*gO)*CT+huY2bYV9hq7BbgWJi5;SB zTkZUL6z95CHYUyI^0y1C*T4m|wq~<{!|l^`T`8g+m!Op$c z26;`{DPClA;di}>#dyXFvY|Cq8%?<+<#u|3&VeUi;WZBbvK2j*_~!fB_-62Q9Z#Fe z=yjCx3IEb{TfSm>{U*t=$B=qM;YH+(hZ~~{eAOsomjzB3czSG#RgXuNG`(5EuADvv z1z_;2q5Xil*2Ced(55+>xt1o4!I;AEFlMkrxImsDDv;6)aE!aQG{&{Hvvcp1>E zhmHN&W~XD-JfEv(M}oWq7PNUVC1#)YSPzWE0^M1(;&&QvFoK>Z_;wa*7>#h#UNlk? zZD5#<8rhT6%<}p~FMGw+Sv3sRHhCop+^9M8J_ z`Lr1+aY?U9=Jp_g+>?4FmGQ#kq^{pna(p;L)%y|}ZUqrb=#^1|flVq_`qa&u8X?FX z4ZwWxZ}~v1b_i#91r2UzV`QDY(ciA`ayTjXNyh%Wc;G3sKgY%tbmvSnqK4grj)gXY zBD24GithQ&ro|R(x4iN^bw#s?u}VQmeXTGaW$kb-XJyJLk|MJr2K$NO%m+@wG|G1w z>=|ZF?-ggb9B}#d24)ajnx)6Ba#XkAN&(CL#W7q13b)XA@7_YIRwtPs;OK0r*0{fz zIqXF;+i&p{MeR1LN&frmFbw8d0)r6mA?sAGa-PmwM2hXg@Vg7-hMg`s_!x zCUnXz-~TMK0loeaO96a`9$CRv61fZhj5x`j^!$*Z$-cUPgLN(c3veA)>V5F#Q!3_^ zcM0m!m<)#u^C)332MFflbj*aywoJ^n+;vEp*@yPBft*~8PMvMZa_{KhO7AlMnWgN+ z_pV{u!|dV=Bka%eD$_OQ_JLZf?*MEbTIsZ$h<;@(arwl8;&*jBoyb4^;YU{1H3ewvlAR42**Rg&Q-4C1_)Pj4ac>wb zbWkt8MubPp(sC9*RFrAQR=|ywAF@O0jS((Xba)}cK1voyU(tpA-UzRb^>-}Ofg7^d zQNWKvH_NYdCKJ~`Tyd$P?>>5~c8cEai#`g^K?_E&lgrEcqU>veuX3&Z1MfGtmrpn**A2;UA75%5br9sR-yIN z39UYm&BW%dJ}MYTe(N@PFdCueYKOChFhMA!t<4cl;7$_l)w9ScMURyBP*8rum@a}^ zy0fU1Zg_7SIc+X_E;tea8u^k_VsI@3G>S$jMFugRU1CvbL?2{sZ-} zc;b1<@48Y4n^|fU!1p*(ar;$fv8^0&Q#o!G>;MT6Xk(7>a~u?34Ej!1XMw;MUT%48 z6?7z;`K>H4+(d^rRmwNT?7eHS@rg6ua@ksYic6P4fsDu>H`3p)}D^8a}fKLoS+!A5@W zr?f^P?nOfq@pL_6LPR|rKvfoXzgT7z8K*-A`&EQ{u>Akb4yVWgXArLQkJ-B`x8|Tn zyRs#AEV0~j^Hq)Z8RAOTeO``!waQ0zgbLl zZ^DT@dr2CLgFV!pr0eqApK!HwMKd}N<8q}VZGk-}jKw31u4iNU+h;C=mF& z`MdcOB73}dG{+QfUbfVX3j13N>fs#`6O?(9F!NQ+TCt~}air*R*jRZHXcf3X%pH_s zNq1yF@jL|Qf6g${5h-$hi`P~1gMwcY0K?Gge>b^s_1i`A;pJu1NpKFoIP z#sQTLw9kG?FVerLN5~+y7yYigaX?}doifE(AL#J1MoCNsCe95$_)$% zP2Ye==lVYn&;JgIf1cC^jC!bv(hz(w>LYubH6Oplb_~VbWRNkm%y^PAT%j-B&ZT5D zxj(lC`OLP^RzhR||G3c#{pk5Dxr*7NO%6zVqaBF$~w7<#IZJ#KM}v9MSo4bmX8 z+d~*Pq$&&8)SIe<4R%mz!%vMf?bf$vgIsL2Q*HkD8r1-!#E+km{Dilk<&ODvECby5 zY>8QWpYMww-@v*EY%^!%);{yeJ*@1xIfsw$fZ#*>H&*~~*-zkCX#5}0Ae9LCld7L~ z@56r)eElrfDJ@s2yIUCe>;62|pDmEMXG0iyMnP7`fmLeoBasMmPdB-$?R-44GW6}IPkITdoZN|&Aug`2qQQJDKUII*M|s16Oj#I3;%RqKI1R}@V zz1iWAT;TzAXy3YoXcITm_k!Px+aZirtGkk%F7-!wKKKL_5i9-X!!1S6**LJxw8w&A};O zSO!q95B?xPTsQmx+arYYBXvQ7@e4y|7Kvs?_+VK@_I#wUT+NM-m;mMAuzzS&`kP>S zja|!FGXZlR9MKZH5}o%^Z7Z>*ba;%`hUC`}o|>a#gyA_0@$+nEbyL_KhYjDu5cki4 z_4iQvq-7z|RuA)mVoMN0j%B(9RqIL=UY_nyq?@?ZyHICQM4#2`*Dp_74whxpUpDH<>=a&-P<`k5raB|1rVl3)rt63r$}u zuCjJdCcb~*xjw;9%TcMAvq?#b;{6wWX_6`rbT(w!Q)7gSE^Ur{$ts&RKL%p-D*i~~SrwF8Mi^>VO19QIF z!czlRDh^X^kjvrcUWSAp$EPQBXJZ^^g`$@cj0tom~8_k133Mxr!X%Bqe#f0?KM}CRz|KrH1@%f znTtE9sjE5|UpLV-W-E+@fXc1VQ}=87I0m@E*h(z`8o3i%c_bV~dix(eS~_F5v1@(L zwZL`R`h3b8RRu6!O)QXoQ@|ELU7QfjBO(|0_!beqc8a=8iB7VYBmg`AD{T_-(R@cO z9*xQOt&g1v!}bo?qUX(-0IAD9c|$##ZSKvaN3~4u&A#omWg8D=rywjWkA9LrBA@`! z$;(1u?-36$!}8qNMQ^uS{veN3?w*bU&G#1#mLhP_Sm%UQDKL6ygTn6z82n?&fcGLpZ!wldt_8Fu#DpBDYSPlxWB=FDcBW3&RMNa&tgPz2vi4hAd%nWv-kd$)bQAV^5$JwM;Y}T_H z(hR~gJMaZ5 zxo5Brhjzo)LhRrK@!djM3s-{QJZ}t-VqqMq0bl!PF`>YW`{dkUzcdMKjjMJ>%zOEw z2BkyIdb{X@y$eYyNw*C%-)e>5x#32h5{uo*v-9E`!7PkZbG2NSt>w_~o~zBHbKx{^ z!i>6Y2OZAQy|fqT&V0!YE3h7xfJ!p^nRps?6mFwx7Uasf{ zYcql;j2A$2wJjWLg&D7f`PXA_855G2GtH zS8_mu`cE^JDm z-L0!=oUefaDu@{KpIdoxkW-G(=l`9aVoeB)d6VSE4;~?46_ZqYCRQ~r`G`iYg{+!_ zCjeb!8$ef0`)t!TiA!1W7usEg61v|s$toTtko_l)LXN<&-uAV`&gB^Up&+ANF-{)n zt#M94q5B^2)*Lp{~zQ8!_TwGHAZ;_SfS5a zkFVyF=Xg#PS_GK)y%sVqM@#{{duCaXkd(TA|IXkZX-8No(RdSCcH-cLmf$gEAlY~` z0TIQeDBk&bR_faOjYcyjX{LHumN5B2oCZVNq@`vKw`ZiDc`|bVb3D0Q$HTPi^=D(R zBIOkoCEQpixT_5#x$@DGpq9n?DX&gcgcNWm8*8RFsI|7h5N`SHYHVO1eGnAaqu=v* zxtHn*Uo_>XqDVF0^5Vn+XNnI-9lWpkfqOh^X8J`LY0MHvywxnW3}F`7E;j~sTI@2l zLL@s50!2NK-pJGNWhJO@Vjy&`n@bS>1(;KKkUCc0P@TAk8rC$sN%EsDb*V)toE2|J z>p0qJGq7leG-P?4cpGk{4)b>_fk9hUJw#Jg{XCMOUfiIt0F@bbcC>j=VzmLkya>i& zrK{X#l&~=`^*W&v^HGXiS*au(xn@+)78x_6yfHmlC*ppQEPd+C@fG=Nf5yLB80}6%b8pDwhEF`>hCNV!_2`=yK?x|+U{hr zwc4VhXh4q&bIze=H)I!$?D`{~LPXiEJxg}m8^>MicbJD6VNqB;!KbetYMmuvk9TU( z^djIpi=OC9bZKtN>KIIKvKtp64-8=(wmq+QSk4nuaL%4g-SGkL!ExD~4|r)HD(@7g z5Z}xf7b>5P@Og?mzkfz9@)QrncdnX39E~W0zJ{`J(LABZ@ifcd_A5@uWbSN&Y3F0Z zXLmEEmzsOqXSlP>JAi{}#jQ4REj>8~>dLguQ&UwFrZkLKBz_N`6!UY)SHeCvjj5dC zdm^c=08d0mPC$4Dne)VGrpuy+*kJq1)+~2wdyMU#otCHneb(#cJXeQj>*MS}%-r!9 z0PNVl_jnk6@#vs}zbI-KF(u;VA!n7{7G9L%aMsqU@JyWMCse3LKj&I+2Oh!7VbeUn3PO2H-fah}E!2hb zP>*l)n9jI}z}@q}{@s{OZmx$JgyJ#i4$^m|0!!JXX|Qaa(MrU#1m%>J zP3M?v>0oe8c6}1~4@UG^GlTA~95orXJE^FQp|+?*oq8|4aCREisnhszQ`{n#Hoz2b ztAuwUXM<-N+4_pJqD?y;JUp?%MzsOvZpX$i53AYkz;uGz8?%5uf1{c3cxFn2krSP8#~X}?Ubxp+yv zv>jg45E=N5zZ*0FNnU?_PigguCs{B_o~=7Uw0F-pD4@__1@+*yy_uP1e2*;=R()N1 zG4T!oZ3Y4P*eDriucMA+e4@D(Tu}+m(wl1q)?e%dg)+Q8TzT4%uLedlr*w)eqfy)mk7X`&qTeRJKQ zXmGn*p(lU(&YQj6_Lu6_{KQ?KW-1Qg`RH|PYlihpGXtt>zj>MwJ440$xLhk>E14st zo?QZsGI`GPM8b!fJc!0I>%T0es8D(D+%leLebA_AA8#iZcIiudw##+9nU58&lW#w_ zI}p`_c>S!JMKT(CwSI}puA77b`!6M#Lfz{%LbzArx;1-|GwoGMc7>a4N>zcSvCA%aIPQOk1DB_K zeQt><03Ht94j%a%-#sA0us2O?EW~&-HD164V3pUErHmJ2l9Dykpes*f=k0gRq_SxPNiUJgvp-%7GnWy8|#YU&>Foz+HoT2SR7u(I~-KLGKt&sV?V0 zpoBkiP;P6#XEqre4nq`{>lf=(0%B8Q-D$7Mmoq57gVxR1;qY=n;p~#ka!=<%)u_E% zNq6AN6ELAe>$y7lJ)ZdCG-O%R6OBWDp(56+p`xlY8bcpf{i7|>>GJlYBB1!p zT__|8+-nQ@-S~TYeJOL?<8I!G7*D?4-=4Y0Xv285cm&gvLasQF6B+OnvB30AO)ulh z_5o(HV3UpSBvZ@dDL*sqini8+9Cma53G3DFw#_x`L7za!8ynU$@%v1of!a5lJ1C-G z3-wIj3Lk^7o(o%Al8jlmYk%6d12sgC=X^p{kGK0Ms{wc64%q8wAwx|1&pa<9bjW^7 zCQf+^2E1=un)qHH#@@z7)gC^SbEQT&%~(VgUR?-M({6&$5q}ha{LjPH8%4?oYMQ9tOCT=?dCgo|_jm(el^KWAYs3bfdqWo& zE$FjlFpSN^#RI7q6~wG#m42locoeacZMG}AQ%f_Jl|bV@A{O=*UYfZ4LTk}Qlcgbz ze5t!XnGiZNSVQ(og-|yXz!Ad4Nq!1p$&OD9Wy7a((YhEq(8+^ox7Fp)i^<-a8w*x^ zz6D%MVFL@+q#FS?bdlc}ml^i%O-Hrn%oM3i7Z&mGo;YK)p$@L~Q1}IBa24~PG2J18 zzs_XON0VPJShxo$(_W?)tHGjq@eEIct~m=n$o`mlAET#8e&J5d-;TG4qdjyPt*jQA z|In|w?KNv2?xz2FdT_{$w)cAFV^tp0|@b1*p=^%%BTg&b%^ ze&=IKZLCtyiV7guh z5Hg!!^|uR<8Yn0gk;8t8w7VK%icv}l+j_1Rk;-kG5p95Z`~RhLEK|6dt{nY^wmZzg zKrfd-rU^Q0C|*$;gaDqGY&F)S74lzpzQ;aCpdZPxkAH8b0jjl45p29t zkU%T)SXkUxJBZgsTBM$s$5CwF@q;Q$DUV`Np5^U3Ja@?E`@+4}S=;CnjON32G`;n2 z@=dem3O0}AuF>2WX{5Q(W2!~O44lS+Zw<@o&B2ph$pIn2)}2;K4~cNj;;nhwk^ik$ zFr(vI+uD}X)$GfNBhwanxweSa&qSnwIeHuAgwI&r5ef96CAjmaf@ip9cz=&RjIDC2 z5#wgHg4$y~8w}$(6 zv^z`8N5&NkL4S72Vgt6_z@gc5hh6TJv}YRX?4ZK2>|wK<*ZGKx zI$2_)c5`C`bh6?;@LQxl!1>ZBo?nC`6raG5zUlcSC#l|BPgP2w_=|h zSxb}UYQRgPC{V2(^-|MUf>gyOxyZj`b%v2b3_lE0YiJd-p z^y}@v-Zy*X>Leli-QG0C2Sz=`ydL|&oSYCe=}YVc`cj^dI{EI#q&Rf0Bu3vRC*W^z zn#{L9h@EY8YLDq55S<`iU(L+aHN8HA^j^#E)4~m0EHQFm`c%b@R?z~gLY>cJzRX#^ z%hkn9eL?nJlQ1uMXpFGRS5(BChcT{P&bJ4&qq^(36xP8!G2Fm7(zqwH)|{=y zSzdj%MTD#>lfLw-2rGUG&a9Z3C<0O_Hs~m%f`U1f%`g%gnsm<8@n3E|-8Oi20w~$O z++AEmd40P5>;=V}&B*)YqBFDQ z5^tHvNjAGn7PN=ifHc&2q$f^oqa9X4;9|T51GIX^**b8MQTPI(*?$q3Rfr}UHye@- zMj-zMU1;_dlOpMGwBlBV6rLiRI%9+i#S!V=L6VB@61_%dB1?E`HKO;IILf1~$I2CR zOb8kf$XMiB(R>y(tNc(>T#$3l-pJqR_U&OpzIy`Buqh0^9T)g(b zMcb@56d!HGAFY9mf&08d5~UL_X$=y$07eANvalfw=>NJ>Yt;9qETG7mU-&#<{2OCy zxL+?vk&IRBm@V+h6F%CJD(Qzg+>kTcug(4RuTOA!ct0e`VlBzu!Y?VRsQNyam**z6#WvCeT>P5+IO)O@;UJikh zk#%x3LVCs-(R@gmeb{#w*J{ve)x^$}fDn-jy`*2s{N$+y4DW&21&DxG(fuDZLMx`sj{5WjG>od*WS9kIkO8etQe@!{ zGPc!?DyUtCP!MiO)zoj%-{Y_`&v;THj$U{CfPe?pFoNLzK{B>+0l|Xr_vxKZxtX2l z5Gn29X;yIt-IhT zpgS!)oGN(kN2pawwu;G+Lo{T@h;FHB@QMlNe^M=Q)%tW~?0z|qp!^_U&2ri;j8kI4 zn6sB@xyc9`V@4xDj@5>~D`NZ(Pcbb=xpe8xM#cEyz-4XpqUBbAchgzKq;2mD zmkWJD22o80*?x#jJiWU1^=WzugN`1!Hl2U5n76C>0y z7AI!PzD4zZ@OO`Jm6c~g&%3Ko$c&bb_Zej)RDS@w0n0T`%DfotIw)v5WU${zt-QPk zLrPIlL~9kcl|y59`>MW0`G}f)43+Zre~(FFyx%Vdmr2}QL=wF9*5n*d0o+azeTkT# z2(Ld0egu9h`fp`oOrn>|V+GtmemC~TDiFdk9r`uV_B4~Je*hD%^%Ez`CaF_aktV7| zGf)70Mw%x__2GyBwuTZ7^{^e0>Zb>x{W2XP3hKwFUWgvfox+-F0gN*d$Su}UmCMR- z)Iuk{MD#yK-i7WrP39N#+yUQT;Vw6c-%13CV|yuR$)YBul?&v**QC^+ZZP-`iT*Wm zV_8h_pydt;*vO5?U?V3z$0==DYja!&68G-P^sQ0!f$}OWK~i0hWFA+R#i(rD|f_^C2_wV$P9;D{MH;0YmraQ@Bj<~sV9h)b(E!KH>&F=PsJbVZrzB|Jgx_GKz&7+HgLmsbI2CjNuJO9Rm3^5@Eaa{l=nA zi5DtmHvw%jx>DHL3;d1rymMhkLzaEN!Cr9gBBAg171M-Zlh);=rK+MBr^?Mb0Thkp zXuM?U1`8CHZuHGt=Km~CXOs%p`2>b z3?)T}al;#o#^LqX=|G>gX7!gp@#A`f7J$^e$52cF#K|-?xJB{8--~JKWsy?oS>5DC zkq&?3z(UmwE`9pDrT0;>^pdJn{T{rL4b?_h`t%&PVa`!&A1fdltf9_0I%5d~h}G`9 zIVr5t;WHMaG#2?JwAo05EA7A@L2uDcx{bX_qrNb&JYTWC6dpugcdgNiF zwYJ1%!CUeTcwH5g{}51DQy1%Aqb=QLyHhoIoIvp#V%-J4Nz@A%pe51ku=pi9KL4wd zv!mmAtQ21!xe^1`9^j$GxG_N6SFu|&R~2N?Xk2MMrzCcPE!^q0hh^Nq6}m-T0X3w7 z3ogOzVGCJzoJpQ>BHA$PtVI(wL)&P`9{5f|Rk6!l-PBb76LcTeK}o)O_=CAH-mJ5R%5cihF=Lrc zKjpu9NY*rh#LO&$1h_Jh2U!z4;(^NO_EF<-bK4IX55&$>Lg~;w;r`jWpS!k59@fO- z@S{3Ah%q4`LzHL+T9WvDkw`6MCy|oXh3-%QL;8#$eiD+DB94wh{8;tpgaK()Q0@m^ zviIkmP*Ji+b0PmG7b-vft;AFtCD?!e45?=rh>vQ)E3^)TGlijD<^|UwSj2KjOJFqA z*a8UiA%Cf7c7_I7N`(g5AwJKjKue9pPa*h82-YEi=f^bJhi_`a5kEwN1$3&vNDZ%O zjq$kaDqH`AfzmTm!`u7?7NI=IDw2g__{}IJ^#kJZ? zPIcPa>w{dmys`kh9ocL`U2Xf>QDmtkS07_mdRp?vTm@@6^w3SC@^Pu41jRiNDngP2 zOE5OcK_%tMQlduPH7uj;D?#u^T^?|{M<-`1w4JHL8+R84Do(|2Yw`zLU|*gL4&dgX zLa@bWZn7X^sPYF7Q=skb0`1L`6msEcF%>r!F&%Y=z%G6Lvtqevj#r~IKhB>}9O#$!yg z5$vfPjP!~)OsvKbG)BJ2F?O2EY55h|O$5+nE%1NEyMZO@g9WAPgW%d(J_S7x$x&ti z+j@Z46~O1;?ybsHOJ+E8t+!P@5{P=YikQk zBK%S}&`%KMQh9lR7o`|iLGw)PLbt$0L9IBRi>w@MkSv!9ijI3%*CG);aMvr5;qz9P z&3}hgm@@Yxr>_Gb&4qGhgKxeA;6qMQ>og$$TepFo69Z=V64N^$$!6G}$7)Tb6E*N; z!YiDW#^0YB&oXQ!rD0mcW1=a+rgb@Y{v~VXd9x6oOJ^a#@m4gK?#Rb${gtfLhUl=P z`l_*@rSa72_}u%B6_1%NRBrZ@q$Aok&uB_-g-hqlS?9n;AL2C5s2sfx{ zdV~%C=lGJqCp>_yQHuKt6TX3+49ntud>)5{=gc5lIe6Q*)}pk&D5t=o^yg>080P={ zGB&cgc=z{0C+ElWtG$NIk}<{OtC;82wvFf6%FWegsJ(6d^Ox99fKDhbb`s`WH-cCd zsgjP3#x({8X^Ir`tsf@u?7ZFSX1}4p=4YoXz78d^#(U)AU@RGD^lDP2|-{BGmSSnXpsL}Mtp^FgQuHF zSS1D-_2nqh^v?{?2aVLQHPZ84#hX%Dq~@~-m0wUvq8eF8h4GFl_kXjKjuEFAS@Enu zWE}ZhUD9n_{?8ZHL59^G=wIJrKkje$8v|&KVfP{LQ>)`$Ejs3D0P5fB5~(gi);q$r zu#ogWj8YgYJa~G3_d~ewbk=D%to^AYV*K2=#_fL;$)?!GVkF-!g_m6r)o3Md5=0xj zOKnY>7B3%D(97@=+x5HuFB(TcrCj6uzw<~&c(Mw(JbA$X*B^(78?4P8+mgWmX_Doz z)c{_Xc|!@rXc6u&xy1fO0t&DLB~n4d9noX>74MK6UwmfUZSuys2~s2o;s4{bCX{ue*WW-DgFAEb;%&z>?JrByFI zU)fjQylGqR>|4zw9Pai4;tvVd)_$C-);}lFYQLV$3VrG7*{y?^ATjK!)Y1RrFmU*F z^;5fc>%LdE)_*CzkbCC^%y z$%on7=!@Cm7o}d)#X!e0OfKatZ{e53oIehW+sYXiSaxHQt`a-k+vpv}lyrRH(w32V zQeA0g{Ak2UneL)k$Bp7-``KmAX@w=SCIR^@=mWH>qVOY2^fp4hy&t2}w?O!)lu2xb zZGcglD=f`pJ=W*mLhsdQ*}~_Z-4%!Z-Jzy_oQ=cfEz6<@uQ$2@JH+$l{o@;! z$Hyg>U)CFh(k8wY8nk(P4g8vUo+sMHKX-mUx4&CH`i3%A$oJL#*;Vpv>SBAF@Nw{T zB7~FZ+pTA+p<VjwdWzpNvPPkne5IoQib$^)zwd5PShtf?cz9`swhrr~ zEk$XkrxC#;Ib+luhPD0pwXw&^m?M}{%)(#rBJwog#hV}aNTh?{D#^Ux&(0$wdXzlH zUXD6MeH$e;l~a<1xGO&{)yEY}Te`Z2HrfR7-x?%zn9H6dK;DDZ^>q&VRJSp z6k6P2^7UkPPGYBM@K-oRkY7;D4Qa#Ymaz{Z9y8corkL-vu$tkY!aq)4UUD=GbnbVH z%5Iu|d1Z4H(?o7)`7R{Dp9bXJUJJB5f6Uansuwzait@s{rM92z@bXw*cW+ycej@Z8 z!J#`@F$Ore!rV5@qu8UYf8)i(6jyhPe+fz!+i9{v`C3XDd&+c(F-O>V>~F3T5!X_* z=5;jRde$Cm91%E(J1%a3GYi#axyU}lQ zrZl8Tbf}TB*a>biN#t}X^tm=f(3B&8Yb_p#nl35M8q5)*yuFG~XiLjd&6 z{JkI5Xm3u-k<~J07Ir!-ttB~sFsVIyFPNaybQ4b4HwN9?;TT@QJ{(khOXoB17uBYc zt#bSNRmSb`u{4Jn<(kOZfA*N%{C41S%=KX9H_2|LfdkhL-FfiCw>T0QGChb1pGwG; zf&54Rne^+{ilk}H?UVO@0sW>xuzk)km-C9ib^Q2w)X*nvJa(6U>~FI9Dw6lYO~j8I z%7ET?tUYD}9`Q8Qqfe*WCtfWiiJK+jOyY~Ki3+x%2^?u?ujDC?`=PLqA=@0Ttal=7OzVh!>IqiGh(w`gxJz9908gSIZrKCi<8Gu91JQX(@hnvb5o}2XDIi7a0xmDE9?0IIBpTXM`pZlb&lT*gnvb0d) zESo?-GQ)Hbw#J4=1_nl8kN%QT0~7mpR&c;U=)G zp8BL7yu)tc)B%{#SbEPIjF-;2kIwNbFs2T8j z_ql!AWkWg3t|m1cQ`VVj68NdFEDqBwe@L@%4kYL+I)Hj*XF&0aj|3^yb zD@EcC1_dA?ui6j*K(gyiC8?)|O=Y(beA5J|u&d(8Keu`o2^I8i{gBD*qfgu(d$~2W znK_Zq5Rwd=_7o5Qqh@C{7dyv?C5y54ubD|jXv&D^Qi8M?vRS7s=To#f{w z!*9qK=sppc?BY|pQA?X8YT{c@F%rfwLD#<;oxN&}vrQxbhc7L**IU>31$7gK2BW9) ztXixhtEv_!_j@b{AZ9gtrk0Coy{W4odk9{FJ55TZ#y!1`6$e&+j1$?P<0?x($Mv{# z-mANFw%fkuq9as&RXCj*r=c0CsVNA-EIWEo$}8%|%?+3>D=NXIib=hQ>sjLYi!S6? zpddZYgB-NSCp9rO+UStBOqE_UMHe!QW@h zJl2)r*9AQD1|G*0Q8LE|9&i15{Ris+>IrFh`s)PI$BEwGyx&(x3(jz^+bmdxq50Kf z@nt{A<-uQvnY6{Qes9ZdX<+GyQtjlduZU7bKH}chJm9`>Cv>kOvMBZB;P-Sd!F#xS z*~a^giPRng(Sk#dmEe(=W0_K~JlCJD<>CjI3!g(#fo7vMZkLwtyj2l2YE(=O{D+FN zRoS?(VF7f}Gp%o(kA=Y#12Y$!8I=YwBRJ6i!_-?wRn>iO!=!YV(w)-X-Q6IKBHbX( zraL60ySqCM-6fJrw{&;C=coVY_Wi^eXPnJgd#%~?n%6S(?pvirHTBDhvS*=lxU>Tf zSI3?bFkoFQ->=J5nc&b7n>IBIA3Zcuj0Itq7o_#YJECvB8bs0Uyp*>_rIq&)ziy+U zoyNKv{dCQzjo)IT(o@5)>k6MfISNJebw2Q%SoC^56#S6f>S{>n$M&o15vcu8a2cav?|A%2S8m8iqvRpmOc zf0ArR6s?L;lYz43d>u_~o^l6C-dPUKVmRXbnCGyxx=9@(taxravonBDs{-o3cm#?_ zv6lXJn2-@Rb5Eo80%aFA(=V&7$)Wjs5g|-jRFq-Lots}DH(Qgw5 zifR%{@7oz3ss^go_I(lXFaGuN7+n>!Xl}zu-y0nG+6KRqUtv#iD}AJ)m=$ul89PIb z%)0q_XT)?&jyr%<_ONYgcz%5B#_XCm>UNtQtBiKLlDav!>kMFGreczJP!7cPe9$%# zivG3psW3QlKhx`=O7t&U*|%1kl6x7HRmOFF8&>a_8Qf8+wychp;MFk zOVG*hV!ZCD?FsK2dq5s#TeT<;b&2)-4=*)LeS~S$ZzOk8EFY?|g`*efaP<_!2LXKh|Ucp?4W6cpx&!dJhgvNr;>U0W&@ z^0Z*8U2yA+6tY>9(KtpdR_-@TOLJxULC!jhBQL>C?U7xk===UHwW{- z`rG@j-z^M-L$PYmDYNQl4wmWKM9FiG%XWB>@8cH|#KWM4mLqioAxmfu5_8NTMk#67 zc`u&2h3aV@vTRom_M?Se_oEfB&H7F(T^BOZvftXaaSR`Z7Ei2Y$Lui){%CgkVlIjp z7IN-0T#w=)G;bE?_Xn}85BNXU;<8NVpP>uFTOKqFXcmVAV_4?FsE#6PNV)#lnKJ;B<d&8`5yHPx5{2>cG=IPh|G0DIBwx>6kXrPx-www6*xxR>ezq4zy48dkH;f#lDNM{r zz=_HwJA*1idlC913)6kxwllGQ1%PL8uwyp38e#Rl^xdsu6WX>Hw2UQm4V+>V&^4NL zd;C)$b1N##ibj_mkQa#mb(eZ-wZIQVNaFRLJ0}rOW#$pY2nHg*Ysk*FSRy{0Ae9i3 zr|3VbXaA}!q117yyi$(Gw29IZ2wCp7LT>oC!Q{C?z6wAwZ88c-c1Vuuj3l#I%@jx# ztnUp(6tbGWqe!IoSi)>xR)NGj|5u!@G^`A3KAY8I((jzo?c;ZgIGHK1ZqBq5cgz#$_!kD$ZV>RCtkk0`e z#I>_ZYSuF4-3o(^VkZHn?5o0I8*i)R_h<)bLVaAqvv^pT{&_~EH-D510xlUA&q3E= zgAQquVX&HtStV`ZsX?axEl!jxY#^PP=GZ}E+gJcn%lo(g`U2|>b?d$Ast;J!F+_#8 zE*<=JRi8USQ8rV$r~n}cH+O~yh;BXVB66QX<5}h*A_M#0u!z;-ZB2a1uTNDU??%ft zi(HCnoYw5FBmGH>5^6K(&0m&&pqVt@h8ZoDwpw z^0YVeYLDIPEX6CXM1b^1TV(dBIGa#eLKr%A6{`o#^!M9k_wi z!L9MH(z5~c`G5g7+$t@LAiv0CB;{J4!EE1%`l@L?jq}&ixAf^jWT1KY$@&nD==LQ& zNW7)Lq6GYpH^VmPL#@w7X=YZtzmR#H&-dkJf|9-TNk!S)GR@0a4$e>S*H83va`F^# zztPcUj`{wQ#r!3UeAJ4)r-{N+fc`NHjX!c+C)!r8#%~;wPE$NwHAVFcDzj}5DnGf^ z@!Ks(30pF=0N3}NBR`TcBpgUGo}`a^EX!&)BkqA%xK#!r{?c#c7v`5<%@4i>>V5GC zAD_KLnXaA>$+lVEkS`Sc45v249COa>UQRcPwmR0ASmZ1d$<$^D&nI|AEyp+OEHPisRurC~sH^_DeA{V!$HFrQoL#$V z--Es=M!rvWCyac4+|ITAAE(vO3RcBm{JCpKS-DB%X-qsW23+ z?3p=0a5KbOU#--NOkYE^eo#|hP}gG1mvcv&Wt+ZxJS0+h2i!U-o17JyT}o=MtEIfP zLaqG4!!7nO|4@0aEY19}_M0E$YSUS>x_(54GE+ZxFk&UYvC9qxI_iUauhXH#)rnI^ z^j?&s%5__!oo0ZDs+o;HA9b4<4i1gVt&)js*MUEBS76UM)ZNUXNw{91#sz*#0P1|yv<*GNC#y3YGNV=`|venDJk&gDJp)OEWoKhzcHI&g!%ILL~$H=9G!2JsgNbymsuUJx{Ft&Lu-9SAZ@NBp7Q4SyF2DhY| zB^=K83W@=5&TlIvN8)(v`B*k;Jfd;n1TJ z6+nC$;at1~N(7ArvZ_KuoP)_3y4j~iJGkmX63K!)(_+(gx-r9mXGX`+8ZtvlI8L$v zMl-8Op)87}V@1SzWTh=B&vGvVYDnTvpag`9ouIg*stc#4`fl z!dI7#J)yfEwSAb8ypK6amXdzAp9vhHzi`BsEB&O;^k5aWsm@ubqB6@KnoBnun)*Z? zwAQ;p^){i;;kVT10oFJJQyN!0QdgWXF+&KNeaCTc+Fy=?D>#~wHwvTZ;|!iY8<-nl z_M!P-=Ax1|2fG5|#O*<;osj&xehUo%Q$60FhPS68OMNr=>%!2V1j(9Xqtud?SQsaq zRGjo!+sT>`ZOSwZ^~=tixS7Xl|* zA8e!EjDFOTm^X-vybnBy7-v>)Iykwo(^%AsOinIR8FODwAd1A*k1*K%c;`@$FZmM_ z@ylyL!Bh!=uO@?10c5cOjQ|*i29E41=g6ZU)Qg8!-CApZn`Z za%}o3XG|~M`q%*3T0^|5*xw#$;(ZdwdYNcRjQH=rPiuGLaB^$ElC>`V@)W_7qe`;z zW(oa;CPPNB)<$UcH+(ram?l4Xl8DXht+M(u?Ca6t_4^mmjUw71vB-3|5IJmC_3O}g z;e!dREeh{XwEL$vUAuj90~VT>&#;M-|Og$QiVJ1eZD+J=$xBAFF_ zW`)gvCCOhNoS1I=WJqvF9foa=!;^>EAzphZ8=o0?UN_ud_mj`x-VJT}T%NfN#MHSl zQT+PNhakt9d0z5X>S=$FBriEL2V4a&zU&)%310Djl@PA$5*Bz?ynO@X`L6fmLm^Pj zHBucyF(#tCuiQ15xk?RMxgR9O?P{aMaqrH5YgG@n4&1m9;rciK5j zL3be_pvxSEyuqv_DjlK>TN|8gVQFpbJAa z34j_Lf#N}tZkJ^}e*n{P1FN#JEM`?|k%kf3rZMOz2WNsTLTQ%a;exkr3&p|edIDxU zbR?3rHnGB27d?nI61a{Fmn6+(z!7dv8w88uEQ3ci4uR$|>?@&{3<*w=%N4K`9rrXoYL=y`!fYEY3TRQ1Fwm0-R#-7~&c>-L0%d3+geJsd+ z<$Ir8;1q^Xv>_8{D|K?N4nLL5Yn=v5dYWxL=6YJ@i$_M97xD9}*BY+ZRPKzjJMF|i zH015JcB|u^eIB>Jp+gW1sv_UgHFZ+fFb3Y6c1cumPT}B1Vy`n0?>z$g_JKEk)NI&O&mH-wHv3Pv7xSYKkY8+Ph|$iziN2_gCz}-JDx{W~qbY!^jH_ z*9~-ntP&m7cYdJ55Iz%#4bRs|r1-BzBP1;FZWIwxc0osJP4N;}R+xoONN~1x{Qj@m zIx9G7-uG6QE)Pyd%J#tijQF*Ruz)YCK6NUqY#6pL#U^3;u$$zK5|(p9m70d!jhs!K zm;_{0%hmowd%%e0X63%dUG5??gL>7N?qA6tqMT|DR3nbPdfK>3Tgh%ykiOpUAL7YW zd3FGVRsp`OuAHr*A^v&EXjNx{Y4v0T4@~)ivU&0O2dIi6owlo z@993bq3TCT%pHky_n!a##lMn(Q0!nbv!MPKMD`vp-33@N9tB=xhd+<|nw64eS2}Vr zYXwXsqg+~rLd;$jLR88%)yNQ!FD^yGf?$2lJnH zcz4HsDueGPGj!|0xZ7(R;PxbB#`;y*TOM?MlELQcWDzQ!qZ5(v3ytCz?b8pF>Y?6= zB%zSsW)-t4(Ah;^;=zR&Q1c$$bUp@_Fn?kVy6((3_vdcB}?TQkJu8NU@5#8Vs6cUidV>S&XaEf&Nb% z2f5_)R4Z~HZx5SvPvM=Letz9=Y5M6W>*5h+O8PcMmTu&IsF$#eXA1`ZT*}l($yG_j z=j{y7k5tas55Vo%7S=5_;Cbir8QL!G2h^4jQPC=2mK_Z4p)laE6)S3S1X!u5tKK8NtSBCGW}!o!|=a035};g|S2)<6xe z$cs}UZug~L$wmMlt4lA<)%`i~G*+3#bF*^nb5kyWEGR@IJj3qw=_uS@u*z1+?#h%aicP=jyr~LqEuWLEj$#B?SNJvni zt{B{Y1mQMi@8~@78M+*gGkHrGjd{!5jHR9e=}T+Rho}3}F9^@&#a%uR4_U9*<&#gB zae|5yPexgwU&w*bU1h%Fm>g42`A*#@5aZleGrI%8lJNP@GmMwaxxIC7(nJ# zDWP;%h){vX#GS0$$rFjinGT9lW{bH?+C%MN7$kh_Oe93+YlQ7zZWq*dy2DF%opRwf z|Lo>N)bxacQrvU;T|DkuVIp(lb+S+=V%492sZ0*_?0?)MF6PkR2oo(mVQLj(Op*1e zRP~EWBDSiSsx2^fVo-V|gBearfJ6>AdR{P@*5Vs_-v37-*JOgSBw+IlVdEu*6AG5J z+6iF<_S(EwkS~c_eEZf57i$?SwLW36hb5U-*RWuLrPFy$x3DD+2;tWxOaGI`OmK>p z@O-;{RlC^hN&*}~d-FO=Jp)Z1nA=;gljrxRPHk$CP~fDb@NgP%hj^e5CNlGeb!7q* zuvHUhM$+1T^kuU_SIWnY3)?B_nuFjc+wfTRuUbrA?e2}MmC*<8j z6h0mq*iBk@n=R|SM{48>HSRtAd4IgMwfne5#Bb}e{y`_*QM63ER#-ifhSu`Z;WF7{ zG_(!RO%;%y0lBMacx+n@`fsBi{!Dqh1GqtXcWdhI{Mke7eDF{!&f98X0RfkdXi;&f zmD;HzC6?oppQ%DZc}-qTzxzH$-vKK`hh&H^`1wkP``$KPIU#dHSg#bD(r4^md~J2T zUFx@e!P&%vUVXRyEmqF`Mp_Xv^DZ569iobWo^vQ?X(~PaCL4&Q5#IF7)T4KPg#6~S( zw18?^JxWGn$gTvMZtx$;nM$&iiW}p=B7d(yiJlZEYHARIE3iH}J@%8POB*o_v;umR zmArf)Eqd(#`TF&mQ8GJ0BJd>SEn#_h!P}lr^P;p{MXgSagEnMqI}K=$HnL_;h&ipD z{oX&tPYtB)ec%l?3aXIaV>q;WsLj<$|8pG^oto@UP*pYS?bLzuElKZ2I#p)QNg%gR zV`^p>U*}>8Ho9#Z)4j{1%psGBi?0P}SzV}Gp3$`c*qz%hf25fw1`zH~76!Q&O9>9Q z%x}gh8fn;`+wX9+#mcbA!51h~;+UD2ficrm<3|`oz(`H0^)mnoj1*PH9HyD9JHyD?x>Sb9Y`URe6v$k25#o?xruuDRN%)4g$ecWFZ7 zxt|5k&2Id1xt=3(DPWt{vJ5+}iBTmyAHJ|b_Mm`VR?7eG&G2E!f32Qh4Q#eEZArkw zF_Fn?QDfA?@oSc0GckI`cMFf{?v-zRZdgsO)#%gDZrJ?gZwBlQ78iH-;<;|F7bC(9 zDz{+Gx`fWZg|#Stg3D{?SR(P&*oz)uZyqxWxg0vX;^wB8AGWtOL5!TV?iP`B4|7xw~03woTUzgWo%MPf#0HAN%v3U_v3@CF;%zSOKJ zvlle4bzuGcN_MS_`w_<$&dZx095q~4UV$<-!cq4TUWz)Plq^ZL1wQ?RyJIhR8UV}O zH_OqA#3Fz#BrvV^ux5uW*BPEcCqbgb42B~9D=vJfNH~x&xoCoY5M|`<9;XZ#Xf+XU4=vjjq9{muLlZmo>oa@%VW6_1D>JX7}SPWKG)S zm#5Bj`9hj{Uf52U8Vn$*KI=5>yJ{M5b~Sw=GA5*>M$MPo-?0_HI{34Qy@Vh4e{d>= zr`B~y+gUhC8<8?vR6;mMdW75@gV`hPSV=vM(vpZ%1=kESasA@3DKmV{@s$L8JiWc$ z`64OqK8@=Z+pB=O*%a;N;v`fJ&ZC*8>JTwba&zei-$kSqS+oNH10A|1%np+Ae{O@T zO>F6R)i>s|7#90{J!&I#mv?VAW8p%Kf6}W|2y{xx3omaZTWL@-FVp0tHlF1;3 zGxK?@2e@u3ayydJKFQRI{UG4tMtUyri3-jptQ>Rdk1g2`xg+d% z9tx3p%q&Biy78sSyERI)GHiLfoux+|szwQ%IuZ<(R566WS7AvwrswhSI$lOKQR2XM&u$Qwhy&36uG^!#Eg)34g((#3HbEg-g1vfKDoE^^Q0elluZ zO4yDsfns(5&cfR-Xap%Lk0xh+X%h3wa?Mtt3?8*vd%@)lP3Z4~b& z+RiGY+N^*Y;VG}HRg1szJ{E(HjsX8|kg^O>3r{h?|AGH&9%}mk8-;5n7{Zqn1f}Jj z5SYx{5wZ~N*#Sq7s{@%DL$|6~f|%AqF_Iby6eHFsWtzV}$Fs7s0exH)XgPUwK3x-0 zgf{Km4so)&(f-7HYbfJeQw`L*fgXBhs1b;$fh7^27nqN-7l*crV=rhFN`37g(`vA- z7Zbb$Q#URJN*M$yWR32{^o46u#}OjZs@rRM-@KQ8-38uO%e()H;)B!kPnWc>^fvSm zD}RS)Hgp$1r8BqfFNba`Ivj}?jntye=_=@?=DnYClA!mcuRxSj(Y-K>qePjYcLOnn z@Gky~(;vSM_QX{08b3;Qb#*lM7^xy!%U3{e_J|+y2uDn64y#EaPm|y@rJK0p zj{qZxLlI|E!T@kgoZ^_ zVO`qxz3Aff*S%IaH^Y2c(fx8NxY7p4>K_H%6R79ksTlBlyP4qNR1{opwrKZjs+ChacpVy1H~^y!aS#|tt*_{9sM<;j@w(iGQ4};Q~Brey+o~Lki^{XB~O=EbD2MY(t-Zs$11|@9oGdxZ}EfY>$NsP^%v5t zw7oXQzJ3~Rb7M0y(XO%>XTXG`Zht~p$hR`O(5Ufw?wkzeGUJ#1$z+#reRyVUg%@@L zTrtR6xMO6odT^-4<7V#;MUdzaZ_og>v+EZ@i*3~2h4#=bNQes;(zZpkZ-Q4iV=~iy z7m)w>U3<%5#wgjY?RD~WZr6V3@g($A$Lr*ZK6`hSR8(~NOLU>$Xcx?C*w$7v+U@cA zb8#`Gx8KzB+>8Dq(r#<*!LI&YZkH9;6xun>bf;ReGKuhy;w_+Ng5vcs_UPll8s>}j zbsxVF}2l}u%!rj{ucpw&D z>?iw{u5IJJt_+DUDI8|~c|w_cTnEQ=f6CL0d=;q*O*f{TCx#>^s=mq zvKa|)3nk-8e`vv|Ce6Zg+bYHL$RENC$Mn$4{<8(>1*Mb&+U1n@QYmnvNSg6b)Em*Q z49MslhZWr!UD!1kKOm^!vi##v3d$}6loZ3L?H-Ul<3Haj2b3a3o+Mj{8QnjmB zRtlP!HE0{xDB(~vxocijuK+9a&KoP8GrILg1c(Dy*zCVJ4HeOnvFm?mt7>#kZ+J9}+{d8mQDcf7K(V8p&>_3x>;=zPS}@Y<=FS z#K?ndGeRl?*T69Dvv!d?=-gPsAzaashTZn^oI2Vcl7YMP@-xNL3+d>}kto1b`DS+~ zEr7KGgi~_>)s*5o*ZjAvhD-70OPJsgUDOFNYe4|XOMRV^N+NsANkxq6T$4d7exHYC zv*j2BHzBV0KLC-Kn<6q;8j!)#AmCy|8-mS(@RmZ%V403is=KkQs}?JNlvVSjaQv|q zC*eU;^2!hBE~t{?q0o3Z;8qe1(e9B}*_ZtJ#3rro2Rhcfi(5+aOJcvD z#fP5@+^@NZP`=h=D0lN?L3}+Nz5i=B{Jc>IvN?SmbRKAKWL{@+B7c;b!b_V4!qZV` zsK)0{ZgdxfZ@p(;rbUr|{nyXSZ2+jBv5Xj>w+Kv#<(Ly+5K@955|!?#xKR&$AjM*F z)x4Qx`=HPgBKm8;G^{~=z7afO#X5ZcS_PlP(}(^%FwD0}E5Ca%)?Wis=*Bv8g9u-k zOa41So#GY@8b?17oE};zbKkh$n(1R6iZw9l+cKb8{*EJWX>t?~QoK~+258)BlPW1l zpEystCOz`n3P5_4wNwq36L%7IH3;ef~`dO z_6o-Nv;}5e-ee+ti=H5Zh*~8ZPWV>+(8u7NMyoNhseyH?=@I9mf{mMrOnVI|`A5ym z<@s8_H?3sIjdS{&H{JANkmy7XvwGT+f6-lSf>WjB4TGv^^O$UkGo{J8N;-ya=Iw0a zPg?-%rUQ0viOqexW)Y>oPJT@i`hPo}q+Vc&0MD+M3ry^fG;nv>T+1U?&_C}jEEqSm(A4Tm6tJ8aXYS`Xm>UAqg2jW}Le9O7s)HC%PALu@9aeY${%M5F%Tmc#~Y5L5qAgDE(8d1U?|L zy*8*JT*Mo^-HVeeu}af$>{pp>q9ae73!7&ZKASJFGR0qT{L#jWnj{DDU;5h1qeu^F z#Q1F;thj@WiE?K?Qxw|J#Q8-|>pc(9n=0=;0r+oe6ZY5Soe-ICC7Y8V7Z?g1hTJzv zA+duJ==EuJ_9>3n4#fefG__fdhxFCo8;UqK#8QV{?Wmj9AH1Z>P2==x@(N~(Ig~$* zb~<*0dC_oolu@@_WzYW3N^j|e!@MFBz=d$5qPfO#QkIWWN}FY{NaVGMm}Q!1P@0LA z(~jt-wQ!@Rw88&tJUCj+N_um;PJ`WL^hYvRfYlgt<9ym0o?R|{xwuoC@3QE#mJ23j zMv-g}cG5T-3OfB)HK_ccpDx>iD;7N?`_z1NrMUcI<0c+E=Esx4AB&}4?Ss9}S-!Ea z!y-Uzxt3=9ox+R4;?Y>om3zS^M|1GNbPa@N z+ZlN`dXQ-ZJidCniehZmnwQzH+9>T6r)3#|*0)})`lP>ZwZGd3S=-ceeB_l?)o8}q z6hae+HKHhy$8NwL;xsC^(+Sx{jp&eRI$3gpB(RUlxV2 ze&P?GS3kp=Xhx4V5&i~(=3(~u5=m|Fi* zLD^ws*&9vAi|}k;-oU1O4;KuYq-7p!nIK3kH1n5HmkNWH95*=N>(fo-LU5JmH%a-9 z@J|MrErOK1Idj3U+5z~OkmX{D_cxy!&)kx!qv<3asy+M-0O~pde(dEnd*|F@`@Dn^ zhxRe?W#V7)W;L>zV3OQ?y}Kx|qb;{iRg^?PBd+@D2VNNgf#4V4Y>d2y$Tv*H0j|lD zLXL(j3p#{P;`j`nsmNurpUMbTjLapqH|0=x-AkGcgg3G!u=s`)0^5a3CA7#y)Z{HZ z0>+KMYf{V$iz6cMO24V7@k9A!;QJQ^x*}4wE^Wy3pv*@Y!1w(FLD`7g(@HUm0#MaY z>|}VS)<=U-DrE$%DXZPebNjKRx^%0 zZkS=-ZjJu|dVv4CJBcb!)%I*ogJ2DQD~bQe^`x-&t0@-S^Aa`e=r~O08=c)xm;si|m(eTPX+FBFms_EE1M;QXF=c39U;{rYS|hKVWC8CsuS(oWA1BSu}csCv?$OSB1^xl?#rryf`8Na6&^!lhb1MT==E#VF!FpUr!n}U zguk_CF2tPgitXq894cyOOt^dAR`2q;Ra%+aXUrJa!Y!u7fbLXNo9!+c2HFOj-|V0F z4abyYUlQAcy!AmGGQ}Q39o~KN`SB3mO%EovkDd$WZ^o4rpQ_@Wo>TxYEKx|j=fF?( zOmtQi7feqLDf>n{r;=p8D!Vk@$kAnXb&KgAswl!UK9(leWXI_4y4c<-?}b=E1=Nzg zf%w*uS;L=RAy4p!P$(E6$Rk{=C6i0|D9)i6b7#6dtE#~rMoG1MVxx^cV&oc>&nKs= zC5@mWmeAcm_8$VP0!1|+g-UxS#G4|>HVkQB?1d!Rc9mDEFl0UiGl+-^_FCkJyr5qq zUf#X~Hj=KEUOG8EdV8e@L_F_7xF;=Y`Naqlqx%3X0f4Yrr_N!wgVI8 zmEzvn)B6HVxXrYoFLc0wFj%aP=l)uL|KWFV`d6`NIqSXi9PSFallFa3TacM5y@ZTu zo`LhzIb{Y;Ph)eCddH+(w-9yFiE@-Y4)* z(*^!GsS~*>YPWl-w}vpHI6JT4|BNJSfY8r+kILnPmhL-~KJUF@qNL!2Lo;}LoDOAk4ssqSQAy-&vT{~jTEsk7?T-E8JvEF<%H&^$xY2D$}pOlZz zPjqJVz6hm8!?^|$E?Y2__!wK*HT7sw-4W=bzDQ{Wbxn`;t_|m%ITnx*9|&c>l;aug zvp+gtC0CyYjTo?=w5!^RZxvZ#&CZ%d$cVoP->f!{I1E|<_mph!i?VZ#zX-}e7x25Cf)x_hz3 z4eyO$V-%$)PP3%AyXs5SwtlAy3I|iAA*5^7SlV)2i%5|{1t)}yG+``@e5QmP-q_9~ z*BdT9|2$fktc(5Wm;|u+oorbfn?u00uli2qBGcorCZA6#?7LP*;dFrb2g2iWPH$UM z*Jjd!QcP`lG26xY!L4Ya@D4&ILRzR|6B0`18Fl%*ga-Y$GRLAv2(A#SYzXfyK*xe~ zM3>c~KM?HYe}K~w^rG6;jkM?a{=w6t0-*re1H=j~uHYri9)I9ud2Anx9QJu11LtvN zzh*7X2VvQlvEj`2_v6mv6}yOLie{AkRxK88$v9@)Q{-hH42P6hiam5%QjH~S`n;4n znjj8Hktfw2OAI-Pn<+4zb=q@TSvYH|ue9|y*Xu(Gd060&p{*F3t_-dL$D7aXK(23l zE7p;)c{w95_|}2GndhVQWQxpR=ffXLlI9#Q9T#5g6phAb{D}ncuD{3E5b z;V?eVC)IE^g}^%UiGYe>A7(oL9OTc1ennI^A9{)!r)L8JoZxSmN}mgZROTKCl6xj< zOa)Icbxe}aRz3rZzt`@nHH98urXnxb?%NNpti^$}@RGuJ6qwWU?sG{7+WoL82#{$Y zdxhqwUnaidJmG7`{10;eigM8D2P!r(vn~9ZBxu`|ri5x4T-mxf%l=hVw;d0PPJ81U zDB}U}jPJt$mM|F{Sd3BGu%DYOQj}#-*mq=fWt3CT5b*ZKxG)wUdW&#uJ`gAh5~}H- zZ+yZHvW00L*pRsqhp#6QnQ=o^|Kd2^Y$go8tx;yCd*mgZW#u6a9_qk$ z*~1mEw7?U8zRvbMS+8Dg&4hjq)#wN%AL$-5$2jjE1V?OF?r%Ly-;Hy1L$d=V)?Aqb zF5!ZOEUu4};rFXa9JD?+$%lj8L(<5Ema;f$)$kFFq_Ay&<-X7`-{@fN0@2Td^euM8 z9E>Kw3?f%$bP=%@o$KYscALi%yqykbo#Cq412$t@V`SY)j*(UYR}Nn4Mia6>vw}NH zP}TnQ4Y}3VJ%wpaBW$D0p4MINOQn5TI?)(GXk3uj<(ataFvEj^ptnxvZfTVo@ z9X~VE>=qvVuc6=IVq#TIf9=!dQJn+Q96LnZWwQe}84-vDR{Vf3iFHYJSGcs9CyYwQOwJ9RfQ_V7)5UI3HviO-}yJm zCn7rrOZL4YKQfDZ$O&L;>Gm$IrUB{VAuOHH;FI`s5Y*2z-H4sg%0+IAQVtIsgheJ# z9QsAf3sGzVAA~>|LIyQPW_kzvvr)AD-uYP!ENH>vk9*d%rtIg(9ByTEVjv#r6|K`l z`JEj-C-M)f6_d)^qXholmza!Xw-#c6JHGo*BYL>A-e$&uKN1rMtW&+=@=IoU*DcTe zE~U^hUdl|LB7VRHBXuAsKpUS-xYF^L%elMFS;(6K#INgI zT);#r>|dPf8mzOLbtVA59jD14ng(SLMmmoOPkBU!6R*d-`-|=Ajmk+U&Z^RP)ahV? zEUlKA3Zk(} zKsvUuyscB*c0t4i{LaukpRfu=;JtP_Z0oRKD7LHA*t&|l@6X0KxmMG+9JNRH$MP3w{Su7SRr;-diS=1P*kTV(+i z`Sh_x3s29=l|g@6Qye`%FMqZB^Y;k7FZEO%90aiGd1~z#>M$GM?2iotbzHy4f$lwAnGAv7 zg#zvy$G-*LW#sc2@SF7KRNwHDAE=5m3=usWriD5Sdl+eBTtq9^DkKVN0Ekl7;zfu) zR2pl!-)r?IL~whvkTmsPD#XIIlo!?@Ij$a{*i9H|_%D1W;bQNy%-YlUF$KyY?Pzo= zZT9GvEI1@4Jr&X3yic*_p=-HVLL~;6ln$D{t*u|-^>WP1_Iz7=TlF-UGoiVL97?z0 zNT12pClGej*D#EW_ZX)_j-m~BvEjK7x2mcuO2I;k@mEC^(jZmzW(KSG-z58Y$!-Eo z-skU70*xY9<3ve50{y)Nvn7PX*Pl#!$Fc`49aFWi{QO#uNVt)j>7Wgp=C!T22 zE!zS;V`_c0+u4r%Qs|#H(YRpWJTlg0Yun=#h8%bYh7G-SpS1w+s;p z!Z~kEDDV8fdJ(ke{^XYC<5P@8K4PNBTTpH8F7+F7-Cii`h2wI?O#0dtqFpmJP7X`An-UT$zb1+M^D+bmbhOKy7fb9mU8hDDR8g0AORMCPM z6^E`%z=jS0sp?1qM{aZC<MU$=g9jxWY8yl0>Y#r8^-h4dL?@)WyT>8o#{koFu5v?XMR~6K$i3tb|+`2XBC)$n zZeOoVB`U1xvi|l`k5NgE!BDUuL_BR|?+Y`yjr^Zgg~_gb-LvRx|_>ZE45=esRS*=5ChGs*l^sA~e3*`36_ z&qpVmGlc5QW~ym|ew7r+cqw8E&#)Wxh$=}5HF1D!KE3fK^Jg>&^^pIz*8^)kW@*V3LZzef(^Z%I~FB+c}l_jhH1> zt~SP0xc@1;R9?lgg_p}Ry^@RPq~go^+4micJ1|`|LNQMM@vfyaz}8pU@(I3ep7{|A zl0|#!Tg|6|u~JX;&5@x{a8{s40kJ|{Ktb232V}2wn(jxUMf8}rMrhv#cEL@oy;BhO z`3y$Q%)ELo-(JvXkK7cdaW3%pWi41Lb35NZeZDrQ7MzHAEOX~2{O$7?OynqRU3EFM z+cN(`Qk|x1_`LTF9KD(}xw-J>6}kOdW0~96t~9<%;)|(!ckFuFP#&?$pVXf#ZU37s zFMaIr^>{{B=&Z}lIftU5S%H_c^QZ94>(9wmZIb=xoY!gObE_udjMtyBk89JH{v$M* zpsvqw4!e}mGueYmT=u02l%5=xderqd9OV&s=^gv~cFp&$wX^CA z0IW6KLCRUQH|iEIu`Np^9g{o;5M`JqIJPDxeeQ4QX03rF=y?);#B%-3iMf*W3Lds1 zQ~21)KK>eM{9^QJ;}r*|N|tyQK9mgQVT@LslKdT_JT9r0q0Y{(&=AJ>EA)S^3{DU6 zl{szvwH_Rp=uzAQHwl3&Kg@tfVbz@qmk$j)au444Z#zv@nS&J95T}l484({Z*~a(u zITv(|)w?EEhrB|3;Gr|yZSQ+{*! zi11e~W0}hkg5NSG534`No`S$F@7UfHG=CHYp9Wz#yqZ?VYm7fGFkm8Ro-QeKq!>`7 z_&%u4?BOaf9n7U}{Sk*knR#hu*JCW6%ZALigA#$bCu4kga3rd{JMtMO*b$#X!78eb z@=`VPvx$V9Sib7z|6Ygf-&%8XdPl%(WdpA@cU?xQ=y}_-ctJOvZ5Jw`CDe29xknUZ zwS%EGnIP1lk2>lbu*1zk8aUN-L5_&xmF%`=)3lU*d&^GMvywxF1sU8}wV8CcNO=C> zTchZ~?Y8);UcjNIx_%_v(rQm3xjL8bTJ7T_Tq0|;t|e1zm4xfoNvf7TWUOR>w!k!c zI_NIwgsz&r!ueKFeJh3rNp6YhQ-qjh`(tFOI!yc}%klRe0H;xlTdKK`DBw@T3unUn zu$zfTffT5E+`&_UY~#k|#=LaA0(6*4hE~5^x>oa&A4a;bDPK?a*C@i8F0r432o^KS z8ppAGFZ8}|P(^_5XoeP7ptgrsyycL|s7 z?rxA41f;v`NOyO4BQ4#CbazX4NH_2O>HF8`(;WlO9rv8G_Fgg9oNJdtEJ+zYNZQp# z`In(oXOK@@Qv7G)Vynz~BG(6>ETynDmndCl zUXL`aL6Hdt?b>TYd1_=3W@UX|v#L+{5zq!2q02oS8Z1f3MRiYp#fu!Fgz{}`2(;Ps zs-k%@U;UKu#g(4_sK1sn7$D5I;ozeHN~7_;rcRQRT^!z&37rz26pZFIk@x{y49PV! zvv3j8j0#`-g!9FwuWaw5E3_vcKa8Q9&DoQ=*DO?bO-l!jEt1rAy#EI7KKz%#u_tTc zc1;iV3x7py`vT>pmj~*a_KGeRCl4o6H7ZbeY$O(Xb#w&&-oO0qL?lODJgy`G9Fvvl z$x0HCscse>C4m;T>FGv;oaW9p!8}AK`MNk8Av1e7ROF^al$`>YjqwUp=`TU!C6p%1 z^>f2S{LA=*-U>RTi%ZN{f3oVJtWNM>eQ9bG*KHM*i}UHU(PE+2i_4Yt=9tc($jf87 zJ2j0fHX}aL;{RO(ZEy8+y2av3Z0k`0hOl=M${YBU20KL~EewK=1xpV*ONus)*yPPG zZ%D;1p6c}LIB3gj7#nTff90s{uQO#RPC^#fKVEfg7CB90JbGaPR{34EuQl&O9{Z+T^^UJK)%G%n~POIK6^ndlALcb^6JOxyAI_+YN64!dv^w|^SDbPmj(B@`UnR%ES>Gz6y{2#Qn@-Snv)yOSRRq|H zt!@r^cblS*t-oSNx?dfM z=G>dbDWyX~(~sMEw+H#9jFAcMIa@SDE@>^+QFS%FAPdNy3+gR$(%aIKwk}xKmlQ9P z&Fwul4nD*m*ZAIsVXX~6d4`vJtqF`VO8f4=$#qlYso|oh-&m@V|83`dSj^Y&c#A=} zyv5ddnJfye!R_fZp-B)mKO#%2k2;tlO8GI`TgVdY(%zgQ$Y|385Dy$$M%XJwZqg zC2|AOmh?=1DVh-$- zL(HQn1NDlj7J2mM4rkg;J^Q!p$wY6T{fQsGAwOaysjVxwsV38D!tT&Y3mEj0aT@BS zG2p1yc54Eqf@-YbnxiS-dH`l3Q^3yKT>nglCpJDT)bz>q)QneD`2i(f*VyAE7U*k< zi+}Q+m|6QvW94eVV|B8Ygv9&2PCzY`|Hv4GfR6A9p&GRQevPJkhpSudh(x&%%1wI6 zg=M(=yYN5X2P#8B*c|vS3^odgC-%dhZMuI6`~8zy#}bf!9kg>nv;c&EN`Ml2|7*Bb zm2eCvC`ZwvpL?c-XJY71Paic+a)jvlab5c`Q#Z(*XjZ`YRcRAu3cn3W#cT7-Rfy;g zu>4}Jo%MKHtHG)9%_4zFdE-M}Uw4|;Bn+D5j561uT;jWd6)SCks(%|QC z6^Iqyw@rsiR{tiiBDGDt{!}7D3*8Kp=7|EC$O&D3J^!?yn zSqc0kP5<*Z*u^nuyN0zUu+UTV|JEZHb$|)3LZRlOxUGXC*?vOeCb5{EZJy$q;#3zm zT1~A^Qhf<;R++n0>3xRiG1hnWhvULq`_+WbrmPd&lp$==hHmWvakQRQkptdc-2xi< zxGD|)AwX?PCF{laR1x0rZFX3hNqu%VX%m8U(4Z))io;WG+fz1Eo7TzJq02!lYxaf; zcLbiUn)Jycq|3_DtB-hPPh_^5Wy^^_;D4v(1f5WL78e|&8&t5(tDI`Ra1$y7{l6St zY2=6DKq;CPRu+Md$+39a)Fr5KFrT}BDv==qkuu>mtfh*1NTZmFBhknz%Kx5Ns99Jl zf=WgCza4llNn3i%Ie=|EG`mo_rRr(Og{qdS&E>PNqj-pbqWdbHU(Io#YDKxI%Ujr)f|jFi_x)Y>vrB`U_4AA&^defbHFbM- zQ7Ha?%OILzUr>7XE&wZlB;vsHjcDtbi3=OSfX&dJUN#(>g$WD)JMLh2vv>rdjPj%c zIqM<8caXuq#4Xc7=}p-$qwZ2GD2`p`*s23t`#xuM-k*sy@F|KvgNCk6{f^=5(e03@ z$wKw;%Scm9VeL)vXWRqM36A$`!jxQZ4I2usN)3U<(hf;K(J7p~-95FdOKieLnC@?} z%plac=W^Yun|e{5->t2%HV`UDU`S(iKyVt!PK445hs8`prwC)5R5@3CB|1zo1p_4OJnUmrS}R(i>>_r6uOwRc39IZ78i>=Qd#3TelI-#Xnm2}%#v zLoA)&MrFNtb(D=q@h(3CP0WyeZ_kV31pG%{-m>Ku8mop3U5cvG7`l3=JE{O-U_Y z4M4+GQcQ^bynHf`TomKD0Z~mb)Oq;BC2FrDBKQP^M3&2gPsOxN^^0MIU$q7O zY5f{LA3eJEmVk z)aNmlO1rJb62x{0NjzKS)wr*obg(8QBqinqBXBgnSz%3g$J_P)Q3+uP9rxyeUtCi) zfVwPqd??g+Mg~t;6p}^gpI2#m69AVgYvQ{op4^h301y-!IHOj`jtkkq`at{T!e$$I zHCUKfe25~ec1IDa-I8_33t29=E9^2ufi2*Oh^u~%)Z77`RF#&3dg@Awy3Gl&gjW=@PC^jW7X8HvqsF7;DT_9wcJhbU+&%|Do39jIJu(#;gThDJAUux|BYA?)&( z2)g-BveEK>{SQ>JF~J5G#qIOtx=3XD(M3}cb_xd_A!0&?8ZuESxI6ZEB)~XyGM|(h z`H5Fb8ZBm7_LJ;Ky#G^eAcB=B14ejx;0^}0IeEmy`qpd0rGo8t<(VqAkG=p}?m>-v z_N{xnN=|6K;~Oh1Jh_a@zBmE6KEq;?*EEh8ooppG)OO_?n^j9L3fH!h@WZ0QB#Np? zBXoB%SFf+=*5&Cp8fFrqO{Ms)?9wD%>omrNO~{gp3W46tulboeI#jC~?nel4gA0Rc zJNpe>L#gHA^t#t*?rIE^7goSf7DG%8-_w30%`TAw(A-6LU1c+ReP&B8`!%GPar|th z#b;U&@`8ilRd?6LYGMc6??}tX7^ndW(qOK(rI5<(%O8aoT}y&o&%IW{o8^M{E2nhY z*HFVqYa<>`fcgu7?LuQ#7%`{NnZ4^8L5SRv=1xy{u>+#lS}z6KZLDPiYgMJ{BCQ16 z7|Ks;p%|}+Mqqh3g5gEtqbCMCojZ+f`dj#P4Xek}8O%(IEm{f{rsM5SM0GQ+T}O!D zIN%Vhz72Bhx8e%_gHAw^;XoNU8yFg3W9da#!JHKrRx%zArRDG<%3zonUxL-(wgQ16I) zJaQ;V#1M{-Cw-zZ?RQFvqs}rNDjFD^b;Syuc&-8NyptB8@Z0s*?%8ih$BGu7icLtU zqz_o1raXN9YEM+haiHZn`EszzGex+Et1MSpP8s3JM5kRreVOaL-F4~}g^_=lI2_nf zH&miC2PpKYO2N+CpG`FsNdNIl0#;o2=~>ToLV%Zb*mt6Pu?^n!0Cs*xilp2y+u-D8M7q_lah;?o>KZ|3wu&Y8~@kM8tzvD8on`EhqX{|zkD z7X$DDEGffdbrB$!QbhcLu{r|aMqsJpCEH3P8PyCBz{iOhu)>Y`vxFY;abv8FCxg7m z*6P-Bc15o0xY&o#tlG{Wb}pqXhbEH<32tS8g;Hor`Gdmst9Uc@Bu%Yc;&Mu7z{5vAEyg9EImDClhn z2l@TEi!6R5!)$+dwiIlS>N;LwTvH$zspu99GQ;T_cg9y3a9oZEb3T%#lko~+V1^>4 zw~)_~HXZ6bK5ltCvff7c$*(8D96+U*xBOKD&9&Ua+C#;V&@_`i)k-IXqVZlVNh?-r z=~+njn~ME6g^5GoUGK6X1}pU5`^#)!qL4P>(RU5fQcqTj-^@}-4T|r-irVhx5T@+< zODyKUz7lrVl)^tB38hCZt(2zPb!#9aagY#UZ+%wQ_3YBMX_{r4a;er88wWhXXHXZm zf2EIadx`a(TEA_Fd-`UhUnR5Z*zO+2^b%zfJ3^ObddJfkT&}-j6W!)mS$)u^`;EEln zzq8Nz(jQN^Vxr&sOALq!I9I9dnPKl_3KZBdL|TusWeo4k4^ll5V1J zrNYT@e-z8Y_}T@D6HSBh&5yQThoEnz;Z=N#AP>ys!^5*x9@m5=d#^u*sYVm!+>MqV zv^9WSmWCKmDTG(x6id1mX77JUE$Al9jIpgZ(mo6o)U;66Nv`$J8|sOXOccgR)zzam zZx_6V9yQ=LIW^4kSB!^aP7#Vf7O*W!1=-Y#Ph#QBAnj2SacJC_+cWhId%qZ@oU0ovz9=gWS1jjWP1;W0I!H&t7=?royh z{Cw&8_tPv|ce5hKv6-X8jxjx_xJ~|Z9~ZB!7Y|RdD7SlAFUo}k*@%rMZcxfp%)`zj^wDP(wRm@Hl~v!SQ-`5rQ_!t{kkkZtjp4IT`qvplFKeo%w+A24zGB zwU)}CYY%yBP7g6=HPH_|5enQs`?V6|_pIvWL_UTDl%HNxg>DO>-Lvj7`LPa@E4-Jr zpJgWxW(n^Gv%e@UEf{E+4824|9UNI8yJYSEErmDvpn<6YS$l9`ge#2!f7qux=nt50XHqSX3vp;TX>h?_r`tf&Aj8p6s_ ziPoVr!)ZR9kIUWqP02A4(8G_oC-L$*`8ScJU4KEMF?H02&VJ5w zSL!BRjwH{d(@xF!c}+~gcFJxKd+z;Y{N+Q%C6QM{$8K*<5mK+7ricvASx9n4G{-zz z_xuWU@RLMFG8g**OkC@6=Xwp`*z|tj-S4JCb3L4#`_j3|1m?3#jmpcr7|$2O6Psu) z>J59hjdt!FDob@rF9JTRfpLa6?Of5izxH?eUT%DRnmI7wYT%f7=x?UfwsE3`@#YkIP@qdmV^`W!f1CiO~d=gJ|GYJ z&5$`VY?6v$7cRig`RJD}^ACd!j&F3txR-~=YS)N1sf5~RI=YM;3p`)Pto^+2`DFZ(L}b0d|o7)>oZSU-$Iwnz82D2twEEGApte_~J^EI+{IZCDzDC<6l`

    RhTdq#&0X&-0_Hl6^TqDCW+V*cojm zv2goF&bCUiF)Tp@5Z^}iZ&(-(nn!xXQ2Tn*#?-x>O*euS>iSX6q@K1szpZkLOCK2a z45V0J{%Gon>(3#&Oo`64d#`M=Yed8{gl{QE@NZ(E!9AWb6W~cp$VA`3CnPwQqn?Ww zL0AG6TRx zn(4V4a7e~8+gHmFU91ja5~yXTOqm1VB+?(&WK=@no|We3 z`zCb_j$)pa$$Q`=8u{@{fl8~2gZ3SpLh^O#c}JA3kWM3X54}zefAq!8t8-5(7fSOxzjgWGXjoqdjaln^S{)s%7uw(9#9429+Jb*`DW!2=OX@(qic+>^J$_<8rxQ*#S6J?z9J&ddDC>I+VS+g?JhiGI_>w3(~B3g-qArWWT{p-^bOA!fXa zfmP1#GRGgWo`e}Eu7x+=AZE81Att=#nnzWlyZem%#Z^Qd0Clqz&7?r!jC{TpF6T*&t-=*_-o&qRr~1yxHuJGEdnfVIC8kV)r9DD{&m4Ue2m__XUuw>b8ooK zon8Q><#1YlhRk|w9`X@nnl@t5WKd47&Y%ApL>y7T>B%jlo=NSAW; zm8=!mlMAgAp1pL^@lIPOJ4Y>d4D-%g#F5QW&*fSvg0+!*Qi;%zxIXo0LTg%Bmxme9 zeI4rWyjQDOv!~ixKflvX`eV69A|2rs!_otEGm(147}lF@Y6M80-MN>Qgo|*!oC^K6 zHRlj4JVZCt!~}^{Ayvz|6N>QQbUeu#CSFGsY8-Brv-ja&1T|g)=TS2L6D(= zMBCNmoFs_(&?fTH%D6&zzPB!&gnFC^Dc$IPe@MX22~|+IQ}CeLn*hQ$sKMN~_?96Z zR~G(*BS`y;fTQ%Ei@M;!lN_qu=EZ7}AbkFbef(b#^`!*Mgu zOD{gGID$7M4Cp?f7f~f48D9o0ZUQu{0;i-#u^-sSZ3oV+KW2NC-0D?mki$(GqV@dO z{6Z_sxnv&YR~d3D1U&cGIVC8ji~gyoC8Oh$PbOY#=Ju5=U{@kHPiw)_`poJ>8?Yc7G@OD}BerT6OSwY4h)qm9T zOgZPx_}lz!*20dYtK{`nE}v>wop8A0uNESP51pdnyr#t>{kYqtx-ixug5A&^%FwF7 z0gA`2$hO4wSXTPNEgg*4E-(Y~40LC#s}#C`(>^ynP4czHhwHT}4xBu8!5$Yu^DYTP zS6hr%=SS&%RGMaDgEoG+H}N|v+epnWf4j>W%&1Gt;hbRnStQ%^LvzaFlY}G{2Tq33 z^r|DHQb8M|tnPkI7J-_$u5KJfp_9g3?g4{1$Fr-FnlRQE@PEPq_kZ>o%ANY16O0xj zO4hXhyP&vr$7DelI%TT|SrXKCm2iAcFz?ti;q^|Rt zvLG5O83~RH^aM^NhMR56KQ}#~v`1qrfj{AxfHdElScO0xV}2?u4JlEc|b2n&>;e41ZSPbLl)*E1qBWs4zbh#U%+U zAH5+zkPn-m0_ZW}G$l)`P4_vRYQeiI@0V7n0Muw|)!kRzqSe&8 z5Y>vj#FRR`+DO7!)lk-4#PZJTGF=6+Z(9_yFqx;8O~lF}P9QbiN zrvZF=J6Gtz%oT~!{p<^NVTXJ-=#0Gg8+c~W%dzXDeg z7ze`9Q=q2^Pz3fxQ3j>Z79xo6TJZWU%5b?@V8P&=RKDwVYdWa{t5^vT&@y|22~-}= zey+;}cKw2G{vI-!Zn>LqY+pu^{F_@=;JyLZ4!+JzfAmGA2-)fMf%dPX^pdP95bii& z2G*E!pV7J)J$(y_Vog*XVi_Af_aj86SVZexR4IQ1#UWH8cJN+5Xu~u~LUJPukCn4p z;?PmhUdNh!9x0gpqL^9iL@+N&oWa12!{1l|q(-cUH0>VkPv1vhIhR%~jO8WE#qQPo zkf;*=ITyDrdI?T=cH&Ui4H$J+Z7Dc64;YZ{NKYfBzQVtMt@JNUElxD&_+SISk^F&> zLB4|!0T=9zekbS_^I6#2C$M`OIk-7|R=pEub*1!xG|&gJH1NV8uYNu%0& z{u!LvL1oGcjVmdmD%`ce3A_%%Aq%|@=A^CXDD0N5j03SEJ}sNSu`A-bt`S-G913#EoO?Tfl5Tr(f6U zO^9dd;k}IQoD}&7s#7C&!kTtZ(rHv)Rlc?V=w%eCw0^@f=oIH0!gGG2C)kiG6Z99{H-**-*hs%rl^crbeuqaDK{RA{|iD!JO5@d8s+S zH-@R|!sc0{vkKSHX~DR>=p!26%y)pia9Cdn8Gv@*mhMYZ2D!4T6?vEUPSGKuW>?#~ zZ1`^=q_}Rsq42Pn{GF1rltyU>z*SFr0)J*_Y`^wO__@4jO?cBI)S~?%r0G_bRyfpC z2c@TMR8=-mO?lees8R%r*!X{cjxi#3=+v7Jx}G@i4%fbt>t52{Y252>Z8adCIh*^V z&s?6d#skukZ~6eL@G3HXOr!#jcstU9EG@9UH<$nZzI5m;Xd?*&wvSftF(fyWoe6{L8>2h2 zS>fz<3JW(MyI0>ozF%5bh&^A;SwV=JNiB}gv~_zDqFgh;OZesji)U+XwQry^uKUtS zX68rUjlaen_`^uc5+5%B^{#<7+VSX%PhS6(909S`NE|z_va1AHPzA?zMGKsDSz#z{^10-Gvk|sYXY#-Ep#(E==nF0bUXytO|!&gCm}zQE}|ea zOr(KUR_(wkX;2Y|)8f2RyhI9*L$zSWT|X!rVcu$fk@VI$SsEG;@`TZk`zTj@5tO2{ zz9ZO(ExGgdnv5$f*J@Oe%VrTLr@S~#4-!8XH1b{&I#d(F7ur*W>kqRNAaw;sP+lnV z(}cU}_s>|~6`MM02p~@-eQ)_}n7z8<;4#n`WJg3P}vAX zbAzXIx);4=DrHk%P1!iru;Xf*6dnIw zB*DYq`62L$Iy*l1`V>g9gsRRNrEmyw?%;*;ku^#2l%U2U#@UPB)#Yh6`}i1>-}ffs zKCK%)03QF4EC`nU9g*>#EAF%Q#jDL6%Sa5al||Tjy{v`=W_F1PvPqvCZj-+XHf;u? zQk)O*`vZ=*Csn)E@dA^v_$V3jJAxB^#mF*$ooVy4_kxRG9b_R^7@cr&;?ks5j#d~4 z6jm6)A&QOAFuG$^P~>wj^%ATE#{zzLcG5;ndSr0&;oXHoX-1cfNINcjXv*6K?~QPm z*IFH7VEJ8fa-gJwd-JAE38>#*HfJSNl#!;Q4>%@nZ=|_!UL3t4)igQWU2pfO?l2Oo zFcG_a`gYuic3S=Si%!FOQKGSP-%_WJ!a+P&P&fH~scpJk?Zj&#$}?U+`N-&ZP)}s7 zRJhm?#Qb=50!5UJ<`7QADJ%K>lndrp-GrKk$cjNIDFzlIbL9KzAwoel% z1yH*u`RZN&+G$(n|7@!y+sgXH6XREKRd=-#*nLz=)N)jZ-oQx~@L_oH zdVtGZyM7&TP|r;j9kX^^USHvYhuqGrHuBhRJao~JNS5(*tTwWqmM%;6l#n-88U328 zL@-hx8^^o-K{rcIu9>uFF22hy1I3|t2bkrU7MqcQp?gC<0cUgm1`L#DGbfoZ`nZ|L zypmm1~aeL!6_6)ImHsK#C^?-sbHFz1XdRIAszOkxV zUKB z=Zh-GA0wLzEpBz)-68;lL^WzB6-!^Q6bmZEe0F4h<=+1SW_J&wk zfC%2a3BI9ZMjv|d1!|v-y)(Y8MfvVHOoBd4SyZa1FZqV38-IIp$AV+9 zl>R+<#yRdVd&=Z^RC`)AU})9VKpLC~O3MCfz`~K19=-+8cqfaQ1ju+CkF)$v43F#O z)xQZYtGbHxK;2GGwJE>TS57WO`MP_-RvG>UG?BQ=KYz6vD{IOpLn zBFUveJ|YX7s=N-{*LGU$_mZ2XsuFWa=2GK;F>wOL|FN+35Tmk~g>WARwuzETnS<)f+7)5}*+ z-c>F;xxhl+oki|J4i1?eT)`{g;IZ&Y0p4<_@($;UfUlzmF6;BD zUPnymghbzqu}5Em^Kj+CCWn1r`+Cw2d9KxDP_rOF!x!}=rYAL}kp#JGW-QLEmgnv58>J}Pixxw${+Y+ z6zdMgiS4^*Tr#9+{t*8Eo}f}&QjDnDB@a^jnjP&Hv6lM9ctUD*2tr{e1m`0 zcqo|zn8oVGA|)!%+2}@{HWB=882bS!r8U&T5NsYak|ZzCHZ}>osQD3LDRvO!CzB+hzk*x!B=iFW1#_uyA)}I_UUl50L zv}B|WCHK}bs_ndC)B@9ev#{QmzhVf%WZMi>wj&Be{f^BxA#y~83K=ajX6;ueL5(sY z%q}AdN@y6XI*>N0*^!UanjfJ^yL9j)gCtxW`@<|009vF%t@!EKKR|`1CQ^|=SpF>| z0QXchBWy0Bc^8orY`tk#28L-?3513ishaIu^;V(U-Dq5V%5$xapm6=Lk?1M?s{}y$ z-C*GRo~35Lo-+>~N=0^sdG#R8VYf|Z*_xqOlfaBu;X)tOEH8C1-@C>e|8xEpM4+Sw zF6m~pW3dh59G!8d=t3qb-1qg1lTj@4lGv6>_V^)5Sr99HV2%CH3{xq~`~nx!K$?wc z27c8fXG(rHhL?A03+oKHnU^zOe`0{hu@6dq2j}N?BKhg}?P%6@q?|6QfC#3Eu6!z6 z6uCueV;|~U*@Y>LEk0Hz6to4@PFV%{il>JV(#3P~YUi9JVOdaYJnv6EAw{(~{wcq1 z=hH$)T*VJZ;(9ig0n4Ic!tfHoCHi;@>CDqK)ATWS4y(V8$ zPXDDkN#O%65=w|IK}s@OtllY(|r8}9QVDXxK}SQZLL z=H6()V4Q@OHQ|S0#Db5<`U?VPrVl?19RF%Ligx6kz_?ZM#%Aj{K>&ty1?D}YiDuS1 z@x03TBLow&u`22F)OTa6b!17WlXj$PlpE0%E)uf8Ee=D|bTf%8iZy?|zfJfw@-c-T zxOeJngr)m9SlM5BNHAHlk#{&%Pg?v}eJ?UKTzMufy;6Zp5&Yio8 zZ~IF|4n~`IZbF(uko@I65q#=!MJ{~_%>r|>8Zs46wKHwM=EAjV5?wVrYKK3ax~N#@ z;v~fL?p_1LhcJ1*ii+Z-74?;+L6zgO55sT0ZPyyky!Ev`pDom|*maDD zY9dFcw&@?;MY6Ddg&K{b!HE6dIrLDJRp#64ir8zJ58@*yK6TLu{j5lvrDFsFx;Ex798n_JHc84&tuf!x+;Ks>J z6OX)l&M4idJWzI9{*f)p(pX#any&?8VF}3LpLxJr?pa03+{%el%R8x)l-^TzQyrN0 zs0{{ZTVJ2FEgaj*mAe~m4S(SGr+1z!C6bCh`md85on)+TcsD2ASmEVqwdo{-9o>s< zH%PrsDjCak<07J4mi2x=R8{q;&HLwB61dxZRfoWR1I~`R;hvFq9vKZQHIHlaKh&iJ zSC0`O+sx>}wJ3!gt^e@FZt5H}fFsBLGtH*^;DU~IWj$8!N$LTlus&>N`&?C^wJUfc zvI4QN=>kwLm77Im14(38e7sjr#FiXWd-8ugmLMOy=!pCrcXnG#{JTtJ~rFi~kS;r)4LQV(Lx zA1BA6Qsb?x2V^LcuMG$!-+2m}ZA7yKdgxQ7YQWs%hR%wTOJil zU94H+fET`|7e*RS!lx`3obmovFrO7dGTO@CHz_NL#`CEu$;}0^@j`tchdOQajS3Kk zWh$*jn1qx5KA|-g2AX`|z6_lIaA67`@!eSi@sRlcDG%`^!x=b9Iuy&D=(^5r#&Oxo zClF=Oo?sZXfyF9af;z=Kc-$1u7rQ#1XL!9{GvWX3ZO-A5Nxc7*>8p<~UMnoEDefXt zEt`ZJD@fQM4BDqJW7o6bMDWEWDgv57qK5|Ht?>s8Mlm8AA5spT>v?Z$s!^o45s?0Y zLYOy-&?VM|J{u3LLL&bTKDMf$=^db47yOYSFSKOzIc8G~sk=B^Fd4?*jLtrf=Q)r* zWS7T`zo&<+n8ac3QH%Qqq0uHLsj%ONj9L=M9D_1VB?e(O7MpViCp>2bhz7Vm6^1?E+D*eZz`1N)!}u6eC^vF)H(+IK6%Pk#E7L5 z%UD3wDN@ z>`!$RA$x$>wEvN`hamNR4eN62)#lX~>#%js_l$|x_P&dPyayqy3p1FCi@a>NWI{eg zzlR@R#;^9R-40~MvV%mnQ|64)>$9x~jTi=E<_O&7nzt~!-Zh7L&j6Gi)Rb&n;?@%} z?r%$5n^%0h`ZyIWzy=xgW%NwK4y*_>c$lZSy)un7OHvhHG7okvE9x zNs`jE6{TPysJvqSNqXk2`*M|uw^WPTT|2ii4estT-bK+g5MwkMZ#X>Aui-cREE1uj3RZN8DXvgaVjbVTTC1=CSiMq-k_7yX*%g_l)Z62tv!ty?n4 zzvoq&z}%N6lVT+h9Zg_2wU??&d8$QhV{L>~P+S*zFh;mb+5Jz`UG*2kzOk;5`=4+I zNftXm?`lVR^hBZ0I#U`vADyfG&W}x`jUc3rF0Heb41mu?XRjBgQr_S;k5=iMTp(@9 zzoii0nKft}6S38#bvE3OVTr8Ygp>VJl50+PZnQkJd#9|Frw3#p2`JIhGrk^QoU@qvTX2=U~`PG1u;(sBgLpR8=fv!p)TE*R$2f)LvtmMqiLp1rS1nHEuPlS zzd%={!hoA#Cx0pkVvVj)A}{*q2=G8@1_vu#?50cnC>31lyVnoR>{Q|(M3=lAhG+MP zw&MLwX~U6|kJ9tqF&~!r8yZY2R>UU{l>OUKl}(|A8e%=#AmxugVncXmJx|RT zGyq#YHWmNW4|h+KK$?K=ZT^c%JRa3lLSk^`R>d;CB4w1BajA=TUs_8A*zChD+kf(< z4k}US&%!k;<62fRnDNfN>6D43UnKgpX00ODMzs16%*JxfB4PpbK)1t=lGH|FRn#hPYLz~Gv zYh^G@1oH!&nGt|UWYcb>Ki)g7jTzRg6v|Nj<>WZXx*wj!OSRX#OH09 zZ_Mwp!s3$y`}Vc};s?q(ZVUHOa%uv^qs1mdI3h)a1m=sKr0fnvplx(6$Aon5859V7mGYs>eg=i#?)f2@}y5 zz${V4{%`CEoy&we*_$?c8El$g{a(0nbt5jbdnV}hG-k4P+u=uhosKjh($#1NOoL&c z(m1~<-~b<$3`%JHR?^}rR2gsU*Y>V!HZ4@VBN-4s0U_%JH322LCc?vW5j zS#o|85Bp8Ty{x*%Lg+t4ipc!2@)0G(86)qQTMiYg_QHzj2nysPeIx~Tjl`4z2#+?U z&+m_Cjv0T+UaVR`wr}|>l3+^<2tzD`GK!8Or^w5zhK$2Sk$6PS=`nNz}d1`NpKs%U9n?B=a1(V>kwbB5>;ymOmoeL{b~0BHWBm(-8|AV)(} ziPk)^{}&8ZHM^V@2?&C=Kv8mH#4K)-`j^EHX8w80vjHCSXB)GJ_8~_E$u!vhhkX8w zuxL@1B(2b&_}z6uFmPKVj-v9g|IYb)&5Gj#Ltx12a*TC^ zNMuA-my<3rszR3FfQt@MmK!_@n#f#{YfpCT`4L$=q<4^9a zlxdYElgzjYzRPFGotTN}T5Bp%F#heqUwjD-;iOFnFI3b`Xp!Skqv50WQnM7KzxU#` zrJ<7K$6-y6Km^Y}k`0fZ+{SEZneCUTS$yA9Sh?1*e{_^q5IhaQf<7DcaNW>Hl!Q9; zZGYYLkpNXV*7N7_B=oOhHpu^Cil@%yTmx+%d0wHZ)7Kr^-LYvJJ5fua$#hQU*TG6M zqGN@>Rx~u^;GlA)pZc>j?sx7_!f3phy7`DWjNqo*ri>BS1-HBkW&(F)Y}s_b(P@7S zibkUFfbkILFcE-HV7yrM!WKM^h0bLG4TH}43)O8w{FH;FIO5{GuOc3m|11@!)p%M# zoKkC)MgBkV9i{ibpAzbFNUM&e@Jeija5;9~YrXpU#aRoDTM+9_GZXvvEKO#t^9BK5|L_A!OJ)Lw^9N@|XQ^6he z2dvGh>&{Vy94$xAUE$*&LW}kgjhTxaOT+f$Ljy`3ccQ#LRTYQsKjrJi`&d*sDbLHD zY6^EWd$SSb2(!1*`=N|j9>+_Xp${`&j{47#wXD@%Es01emDspLidC}Bd z8e?Qih9x;v_rSoKEu`_mzjk|O+BqV3w2HrKY+-|Fya98j91>z)D3hY@(XeV* ze)xsF{Fk}*g0sdXCM<}=uDKepJa>ORooC#;Vh>SICxi^#5?zvfd&L?DW@%;& z36kwD`rEAtufb-^`T@!%xztgC4z`ob5)kj>r4h%0{~Ay?{cBdoQf7dItq@G@s78XR z9Xc?zLuYe8rtGlM#dzv}oHi51{h&n~;n~3OuPe+gD_Lw!DAX3!uRMeq1{fs{ws1qguRKx`gfnMl+kL5 z{1#(QXFAhLrvm3LN8>A7cb~<)&_d}r{0wQj3zySuLHUBZXrRyu=MbKdizihc0UGwk5H z+LcFD7 zbq3g>i^lxQGYUO=<>3n2^?!PSLoa}J&Q#bUb)0l+{sZQ!Q8!;cUY--uY1(;34a=t( ziC9@8$8VG(5Fe&iCx9BCIHI;@y(1ek@Ax66lXd%lM7Y6SV8D2gdROz~)g%-T$F zVX7?QY~^G^c{tPApw1Vj0gkw2u+IwNEM^a=w=SHzwXXUAK`Q}O!QZynE=YUeXuTx# zmXHSOk9H$NSxj39PGFR(JEBDJ+woEd1;Ii$=HG>Tob#j}aH``-fc0Y+aSf5@m~!^Eh?rzcY1AxL*l(H~ekWv10u-xTenJ*t6$*YeP6z42z1 zRn7nR3J@yUpAGkT2iZj1f7Y$fd?7g@^6rg92qNOu!tHZG(F~S^x$F@VyrXVq>vr@m zGkVQidFzF4ng{Dkx>;D8O&2ooApg6c0mQ%3(yEOFT_d3`M;PxFf((YgZK}A9Mm#F?)qlQYYP%_cG8d>u zg2+)`*%>9qEOM0IA}#a%!J)DZs!}M5!7(AAZ{oIp%EV}U_T_es2uyN0p#N5Xy&nJu ze=5-GSAMOp;&mq5$9OHqH|ltkFTFvMycx7ESeNzc-XMcM6qT2_sx<%RGYK!K{H1Qr z=uokwKJtkyF+A*r%tK07FhKQw#&Q2c(?zxs7Ii-au@=F{x$Jd`rQ2`?B>S?__rv4Q zeqv-~?r!0%JXpjhvVO|p%a{soX3z(a?Qb{$`AjV$cgF(*TLNTOFJsmJ9GLa|t>e;G z)^Cx1TVBuoS);&lm9Y;|Tc&TlyP^~-U;gb`8e=pcB&I22Prchp;$3S6`JgTFTOvBE ziW}$k&hb-u*Tjm^6!ZJS2aoQNN_ifz?a^Q$awa$M2UmUIYLeKu=r--^#&i)tZ+-)k zoVA~LRw8+ki2C-f!>`5Im0BG%)Bf7$x4lcmMT4D?zGoiVc{v!b$2p$L?tN*F8s!0OPPzz_s! zqnbXUAy3??xJ%G3;K!9MWdy!1UP=g7?&`+Qdtop5UY{RQDTzl*>^5X zE<*7-mVX90*tEeS9k%dB%bwf{+Cnel=)&_{=cuR`lq>hIsB@(D8_WUL>SZoG#)GvE z|E!H5WWxO1ocxfrOH%R%bCO9k=Qv624mOE2b%u1~o)wdlsfx{IcG?sWJ_^ZIalb(3 ztVI^r=E@y{M{?4h0o?UfLlRUjVb&1Q1IfpJcSolGUaE!9RbbRQ=|oj0{ap)Ipeo4e zLGF|C8XSd_AG!+Dy?;F$P8uVtixhO7xycQS0e80m+2n{*jRZfTMVA!_;g&Z+JgF6P*$# z6;`$4&l((95oWrIuenxM$=IsdX=saBS#KHR{qNvg`>l(W&%qHSSG`47DxA2|W|$wb zee23JPB=pNUs1Lzayhaale|ebG#vl!?wwEd`t)y5wUks|f<8tgXw=7+OnUmZo@Tx8 zLrNO_`ax;{M$=p9MkQVF5ZRvvbDBA;I_?`fx2U!fQBrC=Oa$KP$wL#vT6(i!Zfi-? zZbaFQ>DaJqYf{!^sY=cq=P&%4+-VW?QQ!mOD^EG2jRjo3Bp(LkXA78s!3n!C8d9?> zU^rF+bS=u1UY(-dKBQKj1iIYsYWc|oOPP}1_E-Sa_E|w?-6d>~`YYa)GJeA3Ru$U` z5*w4;!E10-7b8)P8TjYpx;>dqLttJ*j=80)xcEk6Dey^fu z#IeH4LQWh18u}GX?57bCU~<*>AusT9$l7czt;tvq3Pht^x_7RCAU*;v`Z2IGrLBsD z`;~vjPt4HYd#vEK{Tmto@>o9Cd(3TXE>#4S{-*B#OyH*vwcnO7;=jK>{1thoI93hr z`O!jAvhkZLhr@Nt*6I1cJ=r@mTF}{4FNEq2zXcNePM~o5r(?&_<;X>Y5@Txq-g3V?AL2 zU^UXI{hsvvc(fbOJEhINxcmz%Mq4%L{WMHqn#z+szGAv!drkE*sP?-xRL?bdp;R*u zYK;!4uI5tVLg;p{jpO25kiq?%>S~n0uoyGzbLx0MI@mUTLF@Q|rD<;{gRLR?bwkSS z5?_ceQ9^5)o<`-+5XClbB4qzql>#ycI9wFkQxf@cqxm5TeHXTl?f!ZiR@mVNIEqVs zIk9h=*?+NK&03r_utSuC!m-7AmyTrB(FqqZWM^w8PZ}b}#>XAyT|>XIWA&kc{X^6J zdrO|hy|&k;b3>PybQz9yc_%t^%e>gl{;ZGQY*P7_2HS=K@7zV=mr$2x9za>y!1GR= z8`dkqz-;`=(hNu|8A)9kSB`Y@?or2Cx8jRP&R;)*D6F(*Pu2?V3xnfT&5DbcM3J52 zE$uD;b+TNSIzvY_qJWJFMrsPJsxm4ZH=l`Yz@duX=0!=0*(YEk7GkxNh-QGj!HLrS zA062U=V;i(EA83U{!;Niu$%|Pjz2Va#SoX~t@oD(e;jAswW(DLpJVhpa0Rw-=4YVz zy`QQPQyjluP3Cu^b2SM9;^Rxmr`WxM-?Md zdSQeS=RD(B^3h(h8I3a%n7sFJq-@T$;C4o`S;iA+e1sn-mDvR1SDk5f_5BwYgp!hTDOX&JwVe2FU|gZxO}JCXexo`6q8H1ELI)n$Fn?REoANBQ{+fh}%$(d@ zAczrIxXv9LB60y@yx}Lu%tGS*PFR76l?J|a2TIPe#c}#z?RX%?)%Q=dHTK19yH+5A z2zn7}r)*X==h)cD1zoH!PMT^i@!!i6sAkh-Fu|O6uIL&^5ENJa$;j>}$Y-kqI{3y; z+>YJ1C+Xu%p^M~id5?Vb?jLYu*0D@$W71I8Pg)77-7mo3luRxkQ_xeT7;@Eu=Ohp+ znA8QeAH@*v(s*rmC3%t#r}s^F#^;(AI@xnB!(^|&-iJ_YdRQS06;60=yE+DE{+N?6 zbi!9y1&mT}3Xw@_|D98sQiKvPkZIkH{BPl}_iYWpuB}$^YyICR(e; zQhb*sS<*~+I@k@^z;M<32(Q7kcTAq1-jVD;#L;v(#EgkFDmR#F z14z!xvG5PgdWgIYN9*@q>yejMeC44n)@2{kVoc2tcl zz^nd)ql1mi@>$kKit?v*Z58MCP{YnGv~H-1`X$R0LsWv8SuM^bOQnlZEgTJ=<{g*r z_VSfxx9{DCYx`M-#Nqs_ICq%p8h14KhOZk1b`(o<4_34^Z zlD_cyd8>HF6f!LuG{EN?g7nU7qStmd0Q3${wK*Ua^K5KfowW~b@DabyH)llJPfcz4 zzwc$CI6$k(;)EcL1@W4qQ2Xz}`A*79sIhlZ{ISxa!I7VB;LZUR@<%acMGS;C?eZVy zxpK;(De^7BV%^wt+JxfGiYj84RT(y9tj{%JT~lxMuVnLzR7ULMZ_44!DQaI`0h>k8 z0b8sq`uGEQyM)kFozsRqh^t z>ll?5btoDHUQis;J~F`WPOeyx2@a3r9`k6%Ke|q~9-_1U=KI0gT~L+4l=Y(PtZ6F9 z3D04mA6{SwPHfH4SsW{1bAThjRjxi8v7r5`cj-#YuS62LBN@4iiM$a&k(KBcYKJ`F zqtJM$p#BS~yZ!#m2>1c(2Q2E_>(Q4xlbPP*(Z03=bORQf&qwVxc&55vIDKJyT(y}c z*NN%wgG}a&>ge8~mf85L>i)|aVV8^hpsB6PBHBE=WykT-i~1HQAXvFAiOo`pSqbOL zy73$EV`ZU&&%G*I7F0mGB4e4<#v)vaE#dU;#CDCu=E5O@_LmJUHZ?P0+c$d?5_4r` zsp=o$`0KK+$DFl7VCE|vUxe`4LC1RPOBSldg_%NEl``~ORXNjXT67uOI8c$dK)p${PB7Lx*t8XqzQ7hCU~`~2f8T?- z-4D;b)c$8!3G9V%;4XD179n;qi<*e5w|Ea) ze9`&fNS?`D@Xf<~`UNNEB?-PI8-mCg`)GgDFS6ESP0JP>D-^1N7yHZ4dJ(%5Mp*R% zj=$sn?QgEfB;R21>?DU9Y=z$Y*Q%y}j2Ip@-j>-P05b4Q$iJk;FBoTCp`vaJwnsm{ z(G3(QvM;_08d6G<_JpmJ32NM`a(ymx8~o{cB2887CJDlB5f#H(Ip{d$~_^CTHIBhJHBmyY-y zQ16XvpP$>kQ7D@6krY{YEj|GCfSBV7)zwLOWrYoEv2gUAE$E-jge2@GVpw zSwFv9Gt`f-y-%F1sp>3J-vK8#H`==$IpSE#<`@#Yg0qWU3-f;MF)#QcSDnmjgx^m< zzr$!SsD*FX+CF>G)!l<1tDVSh$c@lNn+x3JyM!&F{4@J+6Pl&E6FWR4lztjb8Hch^ zO=r38Kg+Ng@ih$iDVY}?{VlrrT*N*S)4~4`Xwzyl&k- z!PKb2e7q>vla)NInY2>I2w13?`;kWI;`Q2z5Ik5-FH> zDG7eM>ELcl!L3>%m6s^C5$mT+iH_S#h#zX@?SlBn*j4K*gqG5q!`V_JbLEU>#;5Oa zkNk93ZaefN2#Qt;(B{%?SmPU-Us5eOFvh{R*G>k*leH6r_443dA@sWd=+2k*$QO?O zk#uPEkOUmBG(Fj!uJjUQ{~iPY$Wn%|SK@W#3YP$rL4U#4IsUjO3RI&&4a0)!+O5 zl*ly4SF@r(tOMSQIy=Ey42B!qu?eAA)q zyIVET43PTjSG*Z*2%ThqvC_m~;i8U|&TU5MWm!G*`OKNhutKZdMB_o&EJud-R>ynE zO|1J9>j}U%>Tor0l>CtC2`Hilod%d@YSwt@g*r)~Y^SZ;kDo0Y=N1uX9U2`GwUF1(Fn|o}ij{ zIoxj)|H#>`v$X6K0- zbQ%9X4NO$UN}!)AsELTr|20uYlQx+=Wnns20OsaUD}{h62*w>gR{0DmM1R?aR3;m! z3XOB6r&p>KY9=GK*$GpW0jm`roet(EdE;$yGmXeh)_noJZT?&CpH(PR;-Q|UEKYfC zyUJ4+^2Ms_b_YY!U2yd9ZuSQZ1}3Ms?_FcA=dcm zW3y)bV?sbi#C|k5L&TowV=tLjZ_g-*tj3H%>N*Ay7(vV>#Xw(Vq- zY;4=MwXr6)ZEtKl+1R!=wzIMBoI6kR^jCLPb$9Wrg_v2@-2};Mmfi(#I{4tL`*|ySK6ix!@ z=_N*xbE@|x<&6v`ncCRgi?3sVbva)%;4P6-cxgmGq4(SQPBtoYO$!dD1&F%F;P10Y z*etXkOvE?XQ1OPyAl5-2uEVxF-?qJ0gP+@e8ToG0=Gvv|7AVkU8O_AxT`WP+xtQ8y zJ<$$K)(41I-x%YS7>ltdQ8kk|C$J`QE6cg8gh&HtLK9}UptI#FWljUc%7KQ>FsY1V z^FB&b^Q`+R=iNHeZ?&gN;r)>2t=pqJ@Lid&8stc?2tJWz2g(T>=VoV+=!cnF5`*!7 zpX7<`V>Sr(O#E^ms2lTKvEkP2-!oS4R;ND1n8f)_pXwDwJq7CV5LeV>4(gh5}79b9DhNY7Cz;noAl3?%yWz*ytXrCy0JWT!U2@Rx)=}JRB563&TfW-SRi|2H1&sKbWBe7a&X&ml$`5%nv$6vW?--cyx zk8hA9G7)-wstbci6w#Hlpxl?i#seF?-#}{M7N*buk%NY=O&RxH1^!OdMI=;;xsw~l zF*IwmS#Q(eoQD_HIojJVWajpS`!55W*wQEAz`tCBrok#|+A7@Dq|#XG6bivnbIoJY zS=5l<-xTBEzlg+Y*%$6JajdQQ1cSkL;eMF=U)Xrsvv3d>Wb!dY6%sc3I@W*mzvM2w zJDey0T0!X+m5AJwg~yS2=xnh>ytGcgY(hQPqWU^6FzZ*C_&P|}2d04)Ik!%`(baWy zYYGKALc+-}(y8`?dMNHqP}qkvs*`1ROLoV}bc#`d0}FU_0@Uh>W$L&|WD#I!)U=dd zIF=OV&hr$`LiEwi9<|AB_nBk5R(wF5d0YbkJ^~}n;FSOC+4QFDY#e6_fjB7GGapjW zql5%gE_sc2A!ENvm2{Xi4=eSF{R}G_{6wOxCn6)j#q@7+umKmtH)EoeKghB#Y;BOp1|zPlMnq5L zFZ2S(8L2HcNyBN$e8>w+pC1_#3TQPA%}w5G`7;N`XBr;MBRVb*M$hK$vvQJ)WPr>s z0PY6*24R~TE3}>jol(g~_pZU{VIMx~(z9JleDqB46=VNG^Aw1P^uGf}oZx)?0-o@+5Jv>}&M^lLSO7WoN&{}_EH-;W56<8Ep-uC}xf z<125<2(0WU@2wXYRmK>W#}QS=ia|HCE4PA)qT~B=Xe!61kY5mR8Y_$HQPK!wL$Rp#|c>U;yPi zzyF_nn+qV>(Osz1cXmo#FIOOWW9~mdkJE{i^atFyb$dc905;0k0n5}LRJ%F*kq)iV zHf<&N9Y#rI=s|@g>5qxV`}I14A)Wa(+-u{xI*ze_#omW1A)O2lc@@s{+C)fm0lFS< zu5=sAR4QLrVSsl?s}o%b;!RDWLy~|HKFqBM;l-n4%{zF9PlgZa$+c+AvUBf~yaJOY z6Mmk1x*c!;ATr(V)-={kk%_CAHlLd$Oq1e{QD@!0SBEf6L*2KEcu88|X4d|C7aVnja_fY;-$tVY*pl6^otf7JBj(G7Wx zHnu-`mrU+O@`mER&sjCseu#TFhk#2wY>yW@f-*TDLbUY~EzkxJCfztGxIN&XFa?vO z;)kh_Nx}v-B&DWB9N-B?M`uTH8&PIOKY+0xg%hP7v<)tV3>!hhcMjLy;ULogIT=L7 zxW#z@pxG3NSCm}i7HH5v_Y8S;B4M0d5>N^b0*>2DW|{n1FNq+@WJU(uErC2a`hS6! z5-)Guq~gQmZ@fs_25HR`XuqZdL{5+~+3&*V z+^bPs*t)rJbVx$7a(R=D5ryr%S4piog8TqT)kqweH(*uBI!QsHKi|uB9J$CkK2!WC z|E;jN-pWOt8~Wm&kH3&1eAKFP46`#{={ zzEyTLYAT6NR$WgS2s6gsJaukFV!OWl0alB4GJWgMK~i%6Hr)I9Q&?H)kkDOOQ6v@+ z=NV32uOfh3tEW6tJ`0B?#3exh#Ltl)lhVgfUkV|W&tCgLy4XrEp>lxPhy$j7j=~DU z(mdAIj1Tx?w6k`M#SeTps>K<%LTO;0n;`^9s=qjyr_!k{%X&^N*Rrn%u!LjdJQu0! z#s8y`;*3`U8ZS0c9fH;fIc}YL59kj`)lLv2AU{5+6)CgFV4vp#a?6p|;zf~P3?+Lt zD3KcMhk)KkqT}AM(2jp~L)*nu!Z=^FbUvH!`grX`lLcCxX%UB7qGM<&KrdDNHp$& zxwL`v&sJ`UiX3?b0N67vIMq;V>71~r6X7Kk*-SSjO?1r9gM_9rq&##_#WtvSQi;Lt ztPWf}izK2wi--E0FyhV2(M!+0_IrBQ{E~g*vM|2y^Obea`h<3uBD|938KvQC+lE+Y zo3=sZ0F2@KJ-i{st!6Aa4p{K;!GQxk(!TC;7C+8Y@4z|$T|2tT?wZ~P2J<~u7?sJ_ z!sXhaMl&Qn8G`_HcMzH%W**jHOx28 zM(2GMuBC|Y54gLobV47A)qfR>z!M#z->+1iCL>soTwWs;V=feS>b(brlMRF(WvvY0 zI}?*N(Y~kz{3`iW5@@U4tNG)t9j5$uX!4?Hbsweag5-i`=u>CDJx@Ua zZ2xrUn?;hAtflrjW~G%a1?H`EB+_j5pm}4CNh5Zzw2VV=^B~A=$#G(oF!2y1O5c3h z|5){Gw$}Gwzv{mozFDXm-@5F^>`F-X+XB!mhitxb_d@ksCqA3+4{}1RGw-x39i+yw zi$4To4TrULLL!xYOK(L94IUCCZ{4eJMG&W1=^U&=Q;wn}F*gTwQQcTl_v37Y2`C0e zkO}DT%j;I1Td=3tw`yQHX2ei{y`~&Zm{a&`QTnK4>Xg?`TH(*ycbMp4Xvh>$i2!Ig zGGsi%`Szc>FNsJQUNkhGd>Z`)VO;%2VH*8fwGki?O<)18pk2^!<@W`CgR8%)7zyHG z5S;}oL<9o0MDM&x_d$Esl;0&y+D=~2IFl2i%U8uyoXKW>F>fo6!%l8yUQ?_B)s z+a?B8X{D&l{w8NZcr(0x)l5ji5jY>FM9MUA0Kw;E;KOd?8Gx2ca%#xh1Po5^C1j3? zS`;B=8V)8?ZlEubE3MI%g~N^cvc*8jYbPyf%L|=^LKm6~xhQ!@4q&(%giJ-Rvr=@L zW`xs(w3)gglow93?jn#!o7U^0-hpK-$MP_mZ8y{O&(Ag>$1n-Y>_;!Kq1F&#pQh97R^b6LjiN&-1bbV2F5x@rw3X9vpVpTlD*laLaPs|Fz*J-fpAPX{|svKm)1law|lq0Ef9)Bx) zhtVj@hRXmXYF(1@z+}TkQZ3UQ?zCRTwe;vEw}X|Eo1PZI+Rf;Z0yWAGyW;rQxPb?_WFzR6-fnMYb?juLjg%kb<2R9H`$GehBhzLV6KGSc&#R%tEFQvaNIP9^TFS3Y24^ zH+2-)fDdTpU*jjziG;oT$hkk6bPA5G+0TD4suq7xTAFZbq=2c`vbF(1i8VD zP=xP<4>QmJs=Q%`3feH}nnxS(64sm-#!pcRVcf(w2S(pJ+ayh(!>@ft?=n8O3o4b?FLa|rbz=LOiKSFZz zf*B>3Gi&^k3~4#u< zHkxy{vl>KXv=T+Mw`$VAV;NJbN=HwG+e}GH^qAE+4E5q5<3N0LVhlm7;Z#h6Ql*7o9Y;xLt@?uB4SH3UAuYk%@n zA^B>}us1PLFO4+3X-(}BxlFtT=a{GH3ro=KU+H8htc0c28#Idu?IRwwS`3(422Qu( z*^jd)nvjJ-#oJVG~S&i+EB?|$HiLKuxfy5pSB!Nfw*A;>_L#6c17fOpf zbiQNd2qc{OsU`owzh+|;b;Ly`dD(CDp?GnrG9nRzfsShqJuVbyv&f8#ID|_^Y6L7L z{^b?8{`O>WP&OvPPodASFM_?vpg65nFf~WDcF!LhjSz0apo?jsZzSDYKmRmFFZ%(~ zu%^O348#`6I)a&3ySWpVC&6WY_Q>wKx0?_bIIKRCX(NDF!^1;!@`BYbYVmMAB$vw4 zSaw}&IuGt9X8CCg7A6ey{;lV&Oe!Je2;H~#N<)#k$P#NVQC8*PjAm#mQ5c1_C^{&( z(jvW(85KsXNodi#gW&?*7;53y1v~)m%DDFr3+m7cr}G0^zB~&BhiyqeQoPjPz~aYR zcW-Aep6A|z#bKR#2C_iP=T2%N5&KP>{hoSN62+D^T*t$#+k6F5mIFc7LQz8S2tjwP zLrAi{pp62@HJ|x?w^Qq|E}XB)&mbzytTqQQy3O%>X-XyqS=LPSOF0x|pv(b@S@p;D zj4A?)jS*(r11cIr42V;FDS--*zmmxptXZea4Rt>Z&xi&(UwTk6TU0 z2F%QUo#Knyj*I>~Jwctt-50?6 zqWo=I^ZP#km!s>;1pr@HDEh&6@eB15-O)T2O`i2{nYMp7t4>+EhO6y6pm?xIq z+k#%*p|zjzL&L^B4;TD4=lmq%Xc`o?2QhV^l}VCc;)mGA16c`~`Z)?5Ko|o&py2cg zEIf0f2dl4`9R4o&)V#7(uX{B5_e+VG4TkX_id2&_Zj)$-PtUWM?bcx{;mqA@DYJtQ`mJ{KifvsFjM?S z#}BA})heYuEXe{#JkC)If3&xhdd0SUp)6y?S4a}p!@``Lq+`rmlYrL-9+X9Kc=e@(%I8r*a)rQv zD6lS?(Ao85^il-oLT)u)AEm#8GeHa4or5wnc!1`=E47{~wpvZoOJ?V(UEwcjrwN2HQCHJ3moIEdzD;4GocemOw(^XXtES%Fg3@CUZk6{AAC4w{9!yXj^?M!;o#8 z??MlmO%pSl6c*t&O{|s3jR_?8lQ|;(75-YMpxQhNCdt z_al3e0srq{_(JlHD)tYffJ?W5mV!>6b1t*#OYMgX{!W?oO*d$+fGu$s@UZZM;tCSP2I!yxJ^HWG z`6OTql=lTRVWh%9fRF=+q$YY2e+*59mO-j8j<8KLu0F3MZBAryNUNzhwl}za=;$qID?n^Yeo*i0xnRg^nW5nPzN1Dp)B=Ul;}eD+!{L zz;<=hKxj;tNx(z6rkx%c;2^6i=vA!!Jykqk_wN-GAor}4r%g~Y0IoV(e2?`XICdKE z%qAnGAGsCc*Y=z_{X{u)h+}!?#+Ag0rX9%bff~>cc2zuJ0LI29?F$vjoCue@pkCd- zgv&ev3i0p*yUQy>AVCW`YQ13ag^w1>sSxSm1s17{ZL-U)}}wM|^OR0Ys=FWmF{G^bSuKF5Mve5w;TIZ&qL zarwfP%L&&--~Jc3u`6weu{%}`0W`~T=?pUAkBmrm0Su36YaaNi{AYyrn5U#r(|?R7 zB|&+izd4&!AM1zkQd8$dCIf99P(<%nQ=tQ=X%FZri2`BA2u1N(qQ@_zTORKIo-14M z$bRJ=mhi!X+eLc@qk1ROy#k{rXWwgl^TFl`OF1g&6BB8h1a#Ds`K%h-?%!Md(g&*hVcI_3U&z;+;_AS~GZCyX#kx2qX$D4GB;BsU806^$M z>+jwUqKLz{8;A4B`5OUH=1&=?>F>e!=SPzxKZEM?DoWed3&I?&+-HIpR>-f3#p_Ju z7y|4&L+85l4I#sHv8OwIJsIDo)H-Hm*2p!@TS6t|M9H_itk^hzrA>FWu0Lapb} zPuMT*tIq}PUmt*Ro1YADTNtOp^CH!SS%^u|lgkQ0d>)@phOc*|J7Gx!^e z6!!d14B!ib3d{Nn_CueB_6k~d`$t`Yn9Og#RG+R*A?<@WY1$vSElwZxDyy={&t~>N z(j&NR9Q6nABfPz_OEG})qq6*w6d*FsUnTepcdZ4AsicGeE<8{-4iRk)bmbm|sPyHI zAJilZ(kkw60boVvBEV)k(QaMHFY zt8*M`29#JigsF_jW;ka)hgwBHCyd1dOh6x5P!od?>}T)gKJ~bMH3?`h>J|;Io^Y;G z=V3DPcU+y%YWzlN>uIdVFGjNuR;{93)<0;Rje~4i5}Ck-YHAe$wy&39U?a*CdCEX( zv&g86@bEB1Wq&>B;Q*(XHUBCbK(ieMlhso{)6(MAd&#Z%y9Ni-mhc0Fj?xk&R^c-B zA{FypCOt37S|ii3D`_^6oE>ttMuv6w_Bekz{=;qmf>0F-DyHTWWTL2UUA>|!#tTiC6$u{NYWfG?!kvGIfazmq z$q~cxwC2f$)peP2x4ttRQ!Mi1>A8$WfYm;B*O~N3p@d|BCEoZru)&oJS^!s~AeoFp z=nPVLJ19k(07dx>7Vf8cCZ+e%xct1_AyqRWyd6u^f$@P8urI3AUv%wdle)F%pM%%w zsNpRzGG_@P{jxo&a~q8)Cnq}}TD#Oj7rvV8_geI2-4nn|hmUFpRuVQ_a(bQa5UxiU zctywpN;j;?0@GPe4P1zj6CMya{(69&ph%2!L_hZTCmqAu9vUwJp-&!2S^AK$SfLsd zc~L*wl4d19wuwZiWHG5I(@Gk6*7;2=Mi1uq25#g&q4+B)bCqpi?f3H4RXk=dYYR5O z^?TJK1ZjS(m37|<7@ni&>rIWP=C;`ihlrnvoNC6Tv&vec_7poLjcTJ=|4#+5lPZYtdZI_bz;0#G+B}A zz-LyNy4J~+fp@!H+_Nu!V^?gtZaryxFogTkPG-#xyZJ`G4_wt_k;u1mQ&xYu3PYsz zx$>xrw-hdQ9Pz<4sb^l7lWaaW7en5ZdVPvo-S<>B4mVhI< z9RQ1lB$h#6=m3`@Kdxm4RWzd(Wnn@GwBG|FCjSw@i*a|N?Krx&gijFAhN9()RHf0} zkNj3CueKesl;v`*S+AkXH2PbS3yOENLb(}({|cu=uTM&j;L5Z`4cz~n{DA;4MSAl@ zxpEa(BD^aXKZJ`YZGgclJ&`q{jPWNCkcVr;J5HMwc?jGx=$ctl@?_}W%r{00Ueg^; z8z1r#x1Kr{Sm*ZCY=aZ;Pq*I+Fs%t9pD@28yDKXjo@jU?S_h^0GN(1s%rB zw*StbuQt)vUP-Ib%wEa@8_wP8R|ElaH=`Hbw1_2Mvs&4 zi?gRtizP(54~NJtjRE4OJn?RZExrz(<>wnB)TMR7eAp>0aLFMJjg$1~t!*VL6v84c z$p(P|45jmu$6r_OJswa^wks@J4zbe9;Y?pUb5Xqdmv|35A~mLUU6eQO+YXRwqxT;5 z-UQ11ta8Tb!@sPRlF3mxW6w?41?_7u+Wy#ZHjAYtUR!ok{{S@OWYl-v2I?bjoohK& znF_pOild+i*J;=(v1hoJ%JQQx0`r<+RMfxoY}+n+*fVmWsB-ejFR-o#&paq~$|7}q z+Vq+J5pMbhRwHQn5W&-5LLt<jAYq77 zDGLlG&I(zj#sL1(7(XDosD!T$l|P=Ov`W@*VUt{R^x2`v|HM2c-E^{X<$Z%-Q3g6S z5c&hnpr(|QC1sHZ(z497G=zz$PF_O9eXKRfkm{kAAsyJfTg1+O5|r>i|dh?ROvOx)dkAaX`Ng z7sx=aHkzVo+S*i^)Km*y9D4W~iwOZXJdfwan)@jkEPfnIZFF;tZxU3DBA;^#8lDEtQn$6OOtq@&LjZAF%yp^ z@Pw!13e}579Dl!Q8lIKPiUE{!Oc8wNOO4_zkFw{EEz!DOegD48&EOY5pHXW@e8rL@|esn+J7K2!(rlMH5S73JZNn&u2 z+LZ>|@QhlKcg>(Xlrwj!Y}6RV!{XM8sPjm|tJC3?af|El$y$%Ft3X3OPGrQD0q5il zW>+yuXYzCtOHg7hZ(5FXcX< zD(?FFa_D*e3fUO)rjcsWY7x4#Hhhjl8lwI(Jl^^G;Xojb|DoyW*nQJVV7&GLB5cBa z%(azd_d4SK&Jgc&;6GTVcA=8m3eci#qhh*t6r>odEV`5l5U+G_bZ;%Qr$r~pK)$=< zAG=iH`>?X$eZ}8u>x542ur{!#bW6}S$tE+k?ARvigD!qtSVj4neTKb>fVW#Ko8;`S z#-07y<DWZc=AW<@X-5pp|@htzj?nFg3H;~+^e5wpwZaO0{~WWcs3G~-$=CA zX)~Ld)ui^3`y_5ng!%7H4!}hUI<2|_gZa{N=(zl4bt`jG;Veaw@TZuGdv%0`oKHGv zlhTw47r2Q#AE@x&*^SHVY9cA01Wzy?BFsAMK&E0~np+-h-bq%9OnZy70j$bNP-0PY z>J)pnG=8s`+7l)H5xca8lHgu~__PTrUun-|fVR_Sq)yr8`{r;Y zmZmXKEWfq3yxfWr))a|0q72p@~x4>-@37)ekjjti~G-}2ahsOXcC<_7P4+pH&)CUbpvuSG& z>dx}#wFEpkgw6piV@#>nRXqszj*14V@-k+H?1asDYNI&Mh10sGU&?IBo6x5iNMNPF zKmbnJYyWgmK!g?l5?AhVaWiGWV#9nI%fB`qw1&yJHh{;TtxUBpX#=d#nddsR z4I79Ix*2gk7^5X6wurN=4HRs1AZYC`bLp(g?$#hpvRL2E_qV9~%zv2W`BF5{(^GZN zv59j;WvxQfVDv9Ss`dGLf>-Qj%^QAuJ}y!Il~vH(%n`?YcrByRG)l>!%6#%-sO$i! znYDyZ5RXXFdcZmeK9ogOibcXsr5bJ_M^gxR>~GK9K%9hmHn758*CJo4Gl+9)Fw!l% z>?Nq)_L?Wx>{jByc^=kbW(z-7$n!<`7l-W#rm1)_enzW%Q?C3$(wA!yCU1RQH{y+z zA_?$YR$Oi$ep58^L48Ap+zeYht@c@%?17)s$>Cq(#KUk9uZ{gZ=sxy%5OJVTWe9cn)%(m-&81nIC8L=*k!c!>XEvjV6Sq-G)_~vs#tSuaJHca< zt0dUbnYs&h)uD}W`Wx0#iwl%oy!?ONVD$_r9k&oHj3yC(7_78a9UYg}?0}3Dr@3eU zBP5zA^BOIP{)vaQefQ7t2V=VE)Wl*ypmN_W)(?q{_FZXq_U_vI0NRV_>%5WrmGXIz5_#EY6n4RDIDlO? z^^pU+;q3LcccY-5*<$}T>={?yGofgspE%7&z4Ex0wV5?fVsnARaW&)~RT)K3Hbd@Ux&d<|qPHTk`?n^GJWm;~%C|c9SS9arsDj-?@oPwu zFfnswim7vr8kiL|PVh<>X+@j_r)N{0#29S984w4{XFHlK_qUV_7Bx$x<2e5Ek=pj<3eNPjsE&B9|v(#IQTL>Ca23K$c{(%dts*@;H_0Q_ep5O3gVR>BLPhe z@T&mvp{f8mw^Um@fJG;o^7XnIJQGZrC7v(;UcVh5K*Gj;u}=ypu-Z7% z&Hk?K!sL5MmXKw=s=c!Y@Z8D94B9BQDcbz2GQbl^nB3|J_n7~72(u2FXM#FTzgqy~ zlGg#M#6HI0YJ0d1IWn9AYyCPz4Vwu-{tq0FE(1MuRd=aaWfH3JLp1|}x;9?vfR>>^ zf1b2Jz#A?k{nR>ZJznbK-hIFxx|XqlM++I{*7@z~L{IO?7XP(u?ez?5>bpH@x$@{*XkL7k}!$2I{oTR3@f@}>fYAaSqX(&lc3g%LyYG!!~re1jB zx~6iyrHXQazXU0|;xY?CX7PgT|8EjG*Y@VYVDRHl3xU7VbZ=|joDV*2$ZXGk39mmC zx1)w*H>tNXF;CC7!hJG<5HS#<3pjruZ8$*W7TJV`rsDY)ZHKcMy+~lSMtr zOMJ*_*5>$8I#@1T14=$T_S)z)+BqtZ3bM67Yw)gCcPFEcSnfhXAro<;;J*uI+N z5POi?NEDLveIQY>Qv7XoCuqXhs;x=k%a&dBFFM~l{5e855NtF)7QjrfD+~M2Kf}(P zlqK|Qg+hgL{4VbwbesC?)XrkV#Ebdz zPEBm5#XV5O_S&g8^DH~=o&yM<<)+B^%JAj%P?E3vDfeNcK|epCz#F&hHm#YylN`KcD<58oOXEpa_M*^54iLzR}?8Vh#fy zj|tc358PmG9V0R8Va^jV+21gj4tJCEx@f9rMb+CO43$od%qy!s^_B}g|1I1{Od&8j zKpSI05MLmW!+(30Dz8S4H5Ifu4siZ$nv<5M$1O_?N}Z4;3ChTC3OZgOnut z`zh@4x}=*gx}DR(`8dr9hKKc}FW-=WuFQ>y&3O{gKm8L-XzDcD+4Pb=h~(aH$;D7- zZ}V{y!v4d)U)22=q_8F5zuMCsrj0>b;AQu_d721Fo z1hf(W;j&Bj7xM{34xi*)=X0bl;mE0-QZeY?aO-u_xiqg~yTs@yjEWf;RS}fb=#)ci z^Ogy1ZS%e2^~yT)iUFN8YZ|fK1DYXuBT&$X@mH6IJVvh5oCxm-5j5gx95iKFL!Q&= zn^lljjmCQnm~iK?&dp?EUBRpAoI%w1E?6-DzYRwGi%rnKBh>=)DjQ?^L{y%43MyvV zqDCE2uOoi!spC|{NrlSZ%M!Rr1u6;tV}6vo^6}k>QT`!vBEo3DA!s_KqGRkD|9hn& zM@=`xL$?b$euqEKFNpp6T3Q%yaIQY7{651(S*?f zcq^nFv8$D8=*@IM!&EkTwMDlgQRKuaFaSO&aw#EbUG6xPAp<7gTEnkU3KJ_zP7M8+ zKY(h2i&tWRhjQFp_ot@ zmX}Mga7b89n9Fw6QE{1hC^%z!PkXiJQLl86rWI)tgZQ7cEUC0&Ic_fU;r3!OIBe;h1X>Dh#xd#iKk{j04|*XnAi@ z<{oU0G!_PS_pv)E|C?LuhHrlAJxfHGx%LL{tI$WXw`7;W+1sDN>^XusKL z!+v)%#%k~B+S-D0J}PUeM6Ib3PPC|Qw|oFDE;6A%2bv@>iW^Dp z$izez{Km(Q$4dVyB&2G@J0F}B zLD5!ia~_A6l}&UpB|kldCjnH}gP4%9tovlNJ?^tJo%jv)quA9KQl-?4?+1jXzD4^mr40wyQr z9$lTZdRdm)1{TGnTOlH*h#CVzc&||b96S`&04Pw6z_Z9rNeJc`0NBbr1>~q<;5I8l zPlJb_CuYkwM%>Yvo9cs48}Qe2T7KA0aO_IgEao-ZUVj2t=-0a2jueGpzXx66+gAV& z3yUeo%%G0fhRFaUSuOUc>`7y)nYf0@}n|GM_$DK zBg1EuKZa@9EwFzWQjYeweQCGfPNPScvB0qn!5ZF~b{qZ{m(}w50VkxU+f24j6A3Xa zjqZHfxI-rslh_Gj68V4T^FfViivJ_)H#^FL%3Rql)fNrL103pX$|k_C&bU1OT;EZ9 zO4ky)TQDlKH*E%e$&LSlTqq=JoP0OW>r^IB`#o$*6VO9o|e|p7KSV498V3- zaC>LePSdz&%i$}%u0lRntwdHj0cQ!-@Hq85M@1-n1#lPPz)c{NG4{m@IyUlg+17=% zOGzl9PZWUO-PEbJ3Z%pDzqxVSZkgOqneGku4(+uHL!g;bKmctHDY;~n0!H0ql!S&H zDP=g3U$wBm-Wg3oF*ECb*DTzARbI=&oU6*f04b6Lu6RUM>1uFItEo#R9W|3xltWZlRYr`*jCCwI5M!3|U-U*52>gx$ zaT5R`q!A>Rgw7%)kBSS3F+$-*c|WY{dhL4yfCu$`BHtQoARhxhZh+&Qt|xAu@Lw6){^5Td+o*r6!K=0O18}DUpiw_^7Ea{DCLT@C_=f&Lhu&6AdFTE(KI@M zAiO|OE8$Dz;-m2yut1ptQ9*mJ4+T@`JaM0QB)&F@PpAeK16(CVRj2|+%e3^Vxg@RQ zD#81OtGzv9l`*=ij?KU&V}^gJKs`(a>LI9Bzg!&`+g;b=;hX;}VK8`>H5puZfxzx2 z^{-RqzfhO`6xQ%+ZQK4XOEE$qzgGZ%nrStuAT-n$7dpWtLJYyr?kdF)=f!<7E@EIG6{y1uq0H4D*v7C3BHMAaoQ> zP)O$NP?UurI=&tA1wVcN5%j|xpXX}f(7%Nv0vrNgKeK+OtGxk+NSA&jQo9ah}XIi36^i)lX%^EvE%iM0b0%fl`qI=f&L6z-q z`2!D=(&D%2FAwH)fLqhhO_4B?EEAYO5y>CP-#v^moNru4Z^K)RtH%{`5J&>Z2Jk-E z=fR5pog&+m$n5iQifL6XPUV5*l=&t80?&O9PS?XpND8ap!o6=-+}@awSK=_7<;nz{ zzIbi1t$OBwu;mGikkt;--?X^W?0FpkGiy3m8yxuPPS5#a>nP?~`LB;6NZR7>`$`-GzJ+P?@hLd^|&somKz(tE*x6RLFEAlEWuA zQ^)jaJkzJS;~*#8S)T{%Zte}Xrk1_XG1%X1;N(SFh_?wftzW? zai8KD=zd7{pHNK2uui^e{CWZ-{XrVmYZeS$>_zel$mmdW-iAy9)b@#w`NuF2d@s45 zN5R1|i&T>AD{dq*js2+ev;BI6EHQlS*a6aWbq^=iir=ZDu=)`5A#RP zIV8qn}Pd7KVZ8o;iut^%*YHYi~jcwaT zW7~F`G`4Lg@BRJXk6G(knS18U9PGX4j8?uLZ}lX+Emv6djVxd8a8V&+W>TuwFoRUF zdeAt!8)Nd?po19RGF5}=a|p{7`^kHfEFWm-Tr4WB$lxXb@VGflK0(wS9nzhcfTI24 zBd*TYL3)whdGy7j((1%Oql60|;PB-z;=A2fO`K8(d?QZKut!3+0>#Q)O1XNYd@%Vq zjU4+KOKnrxASt&^>XjE-DYwNJFpFO$Xckds%Qyc2>LLK%zlM7O?TWq^ zbJIqrbaWiw>{I41gF-OX=$*O6XF_r9DMU3VsVTO?O?KzuL@0ukXT z^R*X_W+L0RNe<_Q@^4L2&iz4XKX5YI%f&QP{vu<>pWSuNG~cPzUw|C#*DFimhZ|r1 z#l``@7QTBBGbcuhX4CqiNl_QuT-{PSw8oi0ExP?O18q|?qIg<1=jV_sQ4Vq*IgV;w z1SSX#G=-u{ck()CTTTL6QUx=w&KMW;^{)^ za{OqSi+(?ZepM6|Y_H8(Fq&Udr&)OpKB7%#2(K;xXYd&Pl+OWZshRImE=s4GEuyQ&0FeMIp@b387)MzyVVObEzxD?6SxsQ9S z+K+>Jc=^r-u0JrcKsYk@{l&^X2eQK-1;<{nV^ip*qbD<&qw+w+0n&SKJIsX!GG@tz zg9n^(LU|%W!+{zoCao;9(`zU#BWrltSamjDUD&@p`nt_SBu?x=41ifJMde{Bgyrey z?uOWg-I#rxJ8^ECX=+uNZq|+oWEU&LAmB!7jaPo-J7-zoV0K5pPg&(}{X}_23VGMe z=-|vozfH?_Lhy!P`;~|wBORx7AmP;V>F(v9vE+)~nQ+7*aP$!;L^MU@Kn&;EsE{8Q zt2FU*G}PV&MpV!R=j|x&sep=MbBS+(}*l*6yBe!2TwM-j^7^r){_u+!*((6gN z$=aak+2&}LnvWJH{;ss#;2wc&s%~Aguha74xMnSC$D$MGV*MQ0DVo=Cl>5urVS{Ld z>r?bJc14%IZvIk1ad@SAFhkEX;p&i;Z0zL#hvn`4G0%x*Ru`4snD=DK1>USSrC7;R z4_<1%zfZg&3nLAC9Y{yJAbMc8AS{+%l4ZU+GI_#t;&%sY#?k<5CXuEWBJnFUJ#{Q~ zYb%RlR0Ly;KauN8D|5D7hP)|@M4lAu^h;Yfruia#4#xqY&2ZF`&FS+3dxW=!N;ty? z69xU_6ElT(md#ZMOkP|bUJa8{rkuQqmS(JJRuuk^YAt^G9Z>g?;>(4>88rS|)`p+^ zu`C^k(Y>{!k`1L|`&*1nH@Bg7l752%!ik^&j7U(P&$3M_73g5I_cz>Ywfh zac8DKW*{M=k0ee23ITCxqD(N_DaerIfwXz3S(r&G%E{?su+@#zu0v_a*?D|3RVd*L z@e_a}w4Zqzz@&jVTthcJe1F3@VK|r3+!u+CUk_v#*l)Xsr0D{alI~z@FvDISD;iN& z@8C9{u(bb%$XUA^-$cJ(+DsP(F1b6g<4pBItXB%-1RUc|Ft?Pb%=$O!5@@UOwG_D} z!qYa&!!dJEl(Q&)eoJhN&MQ1E+;e$%>h**q3ez�LJ`+Hn$2)6G`mk&$7Wdfo>)~ zPUIH+IJdFO3tET?u$b8O2;Tg2$@Y6P;>GvO4gO+%SLR0_+Eusk;*7mh=CiZcLlZs4 z0oAVHfn~#`bm~?hSFL5|ucgX$Gg8EtSOaaXH}>nY~9+OKB^$ z{UQ!JPGHkiv{^i-)<)>R6WlY<%nzbAIHD2^7{W|Kiz52m(hLqt%q(@+-;c{c?!^tP z{$4BRkNdH3B~;*5Sn0P+syocK3HtY~zZgq7r#KlI^V7?uvNe)Sw6qe|*$O8TPRSz) zJ#GYbBzA4ms#On7CeO{h-X zOUn_qRX0C=d?t){5NRO(5Lu#}@zh)jy>azVEKJKvC!=-jFjZcRAT@1#B^j{=#eU+W zwwVm`Qj;mAqqhebaQsP!r*1TI$E+Pwpao&GyYW^PCU}BhdBZt#^Yp5c>mO7>w1=je zwCBT#wo;55{>!0!-q$r0I%oEp_%1|yS@NYfCIKmKybl0f?l9#NVL&&I z^vs5e3eu7?L(x6FF$?t$t!guMpei^jwuF)aaa^`Cu^(S-0W5n|fko1esRbdjMi7do z_exIGRO%^zGtWTOj&L45amCb!_X}*`;_X{>D%jODKIx~1LWWgoQ}cA^nyKdtOH!uQ z#BQ(mA%*}Vja4wIMU*BO2tLWPGy*gpOeX2p1z<4Ii$Tgz(IPSbRJzdyn)a`<^`n^j z)Cs#u*MWfsP6`@$-v0(Jj22V@$)&jF6CME5FwhIZE!DiccPZMD$@9BszH+UE>sVw{ z?bs)XltrI2PEG|Wk8znxBMD9KXa=%vH@dXC*^74PZ$L<^0Eq$q%eogrB5Zfih9wJ|cTzp;vlJc%g z={^kp)%D>*_kn|Ox?id7h9DB_0SaM-77C&4j;423KNu_oPaJ^Vi9iCaNeSxd#{;@| zvIKWc99|MneBnA+eXX%_NW_CK%e}K4;^3=n3zl{b2^c9F8LGP4JpKo zb2O_Hu081#-kE00?dz**zRr zgu8($3w(@@ohy1Uv_(*ZGVcsbfNeUy8m(!uPEfL<>7pDrP<1hGuX0pXdgHiEk&EJ} zjahtDfmU2NTaqlGG|av>7}pA8NK!EvjPda><1E@{9s7Xz?g{(J{TVht^ZO5{23@O` z1;^I5HEWz^tK9Tb_6_Aq83*_03)KCvomS$e?wz(bI(RBCw`1^w|`8owX`D&M|lysr0)HhrPop z)%If27U=^ulj+k+^jnn*bkLj#8-?H$v^}^8fREP|Kzif;?kG$hqizUEp360=wnNzr z@gi_=?Vbs6U*?l_*>>Cv)@=&K;lC?MebEuoCGzzGx_eRePfjIsx1`-;0v*Y!qLzvG z7aCzKCTKA&cD_+1J4FhBbeWjRi$PZ3+9oMAu#k+4Yrc;vlz#{Ls4f7{S98zUyG1{ZDTI6s|vU$@D`4p}a8J031~iO6`qKXL!KEyC&nA)yx_|XN2E!AJ>*IY)JTqaW zt=BLt)-^W~%s-BN&?6F28;>oNM(MZ;7sWtm=YRAKLVQ>HqH0l9T z=>3|!bRz=;SOV3VGm#m!Yj!dmS~d0=9*S0OprQ=bliVZKeu76C_JBC)x7V!KkF4x zUMV<$|G0$D;LbesB`7hQkh^=8pIigpEkDK8i)iH2z=EN0MnKf0rRrJ05CS_d>0j$% z8@*=0JL~FU7q8bwgogSs32^|0H0J^BVJx7l9m>X!gPNJC!6~DaDwJG>ZUm1uoAAGp z*$`J()48sfhoa~IQ2hIFS^wLUpce*V%d+#Jl7kt-rzSFrI2ps|u_)T-Q}A?_1dwV@ zBD!%wqr&~qp8&Iek1#<0K20icLFho_4yC(N^GSQVch31oY0J!uk89kmUOt8rSRWjc zjZ%W_{Yh9?1UvJ{UNXQXM^M5ITaZx(BEWWKoFh33K^X`7)I^;(KMAj2RXF8$Vl zFSmeMj7FYTOgP)!%ZHFEjjZ-SFSz*az#WlkPnv35%ztBNm;s1fGb_lbakjR+EYsTC zUR~2!9rb>g+Yu31`+GGNQ4%b`^`W1};5P{`$c@uIkBtctD@ZvP(Ikc(vxwaNK=)`2Pw%qR)%SFy(qCJ?;Y2ag) zs^Wt(qqPq)bjPe}5{x8@d6|g!^<<3zQmjmNyM}oT7`yVi6zqL#*PX;9-_yGahKKir5q%c@)J0DVUTZb+KuOuAZbqiwV46T}9_PB)_8#MJ9F+tH>~eIFO+?RQ zBq&GN<_K2|{>E_xwPRZ0V|tr0ubkwWcERwf9I%_D3=Zl}LzuS1;t-XLxg9v?579TI zr0q`)M2jMYJR8YvF`JuW$PWAy*Z=3=5jZSfn&me49fvKj<3<`V`iI8uolzP1^Kmdf zQxj}>&FDmsdOc^5*O_9w7xdU#j|Y?p7~TQS**;9;{5Y~86N*|&H@tu>s{5WA^bkif zV70!fUbPtg$7u$JHGA2;7FH29)n8NX)-RL^;8sNUcpgvjIG8K(5Rvvy9>1kH822AS z2tjC?d6vitg6-49w_+WdY@$Dpgtebs7zzj3UA8kaLO4DlZKHD0iXyCSTR&SuyuR?l zpID28K8JU21f%aIb+9?Al^Ho`8|#Xut>h3}u;N4JRn5!GUG^6%6<%>lDL<5s<~$@P zfJi}mKDxG$-iW_e9^9IAtC&+rb-kQ{Uzanpq6|wHgYXBjLHT7mEI5Ee_>SR63??^g zj;#}0ov{u#>=V2G=Gc;rLb8^n*&{enGl3TaS&FZ@6r|ENCwBjVFjQpj^@PSryd5@k z>C})ra$T7A+R4+W>6O)0%pEgVmhW_@h-yhZ48fsft z%?&vCY&{>YDXYgdtQuNuShA;LW1Bnk=-N^DKILNMb2i#%07rsgj>U5Q-9UYgn^0E0 z1aXsoTuL0QNp5>Dor*g>f-rWH$sV_5weJu6dGGB<%$8i}W~VFQLe`z|_l%Hg0{;pW zi&KBuf|fk9PzwWTVFg+$&_0(R0jj9t>py4Xfd1DQrY$Vt5pRK`G_D~2^d_yNXGrRC zSwhg=Fk}Du!%foyArIrh69t*Qmbqn!>;t>G#*eA=yZUt=yNo<*xe91B zjknIHvyy^4z)17YvM)9qGz;Eer%^HEB7F0?0Q+9-28!xvpULYro2HQSV_-LLqizo@ zP*Wm6Fpt0?5^H&VV#AIY05}AQE_2(V^Tc2M86;GN|5b)tfa&0c*J7#dFSIR5G|BZA zV&4G?)tk}(qmKXWUqGmhi~~2T@+sYHE@{HB4DvC@7+}@OP%9_7krbaYGeRAYw)|I7 zf~Q=Yi9ktzzRwuod+|Q#r--AQ;Y!W}dD;Mih&q&H&z=%gz!i>}m7Dgv!>tSWv;xWxuFu03I#FQ|64qe!(xm+oJ$K z|7IgM?zgawS&mt3N87HTds4YjULGglJ%&od$u0XIw3QQ}ZHn~{5bIAN*T={vl{Sy4 zU9{j&)UZ7$WS5LyfNk46?SZ8>Iz?oHVjqHXNdaXr16v>C1RJ*c)LeJ3e~$9DAD<9* zm<2Tq0IeYg0C=$lxQeu2EHms%J#EUs$=4Iw|ZD#%PAzM%Yz>GP)eFgMB_{A4kWWu;!#z1tt#NX1K(5LU3l=<0&L6nnxF-5{5(2!DPq=OVE^6#7-YwJV+>dCF( zx=Z_2?-!;JQV8hxRz(Qh-Md}S7zv?TeZ6{W=o3GcCM<@ zraH29Qjc}k1AmNHb8QfMG~c~|&*N?ID`*ofXPQFfJ7AYpxyBUIi zIqp7#lG%-rcB$^qa?>j^GVf;YpREG^aZ>q_;+wX%^|JV_bS;KAAfB}!?)_qrl}(Pv zzj<;;kQ6IrksOE8Tuq*ijGnxFv?xD#mOLQ78|Y9VQ0xE>3PK49I2I=G5XUG&#{Ay3 z05*4FEs=k|cM+lcYoXk^sNsC4Be}4T$Y+l#(+lmp$b8k)1+3f`<+(kIt^D=ReC+fI zwyw?0-`Dx7{L9>OI$z$2<>50qlcY{Nea<T4d$Vq^{m*yxi95^3NQx}wB5Z2@;2UcXM z5_=hVHSBPBCDdE$6B)>qR~HU-q2r}v3>6+`&*fYf0zaha*J&;8syjbvBNIjzzCDW_ zaE)6NO;c(~F`E*-=3&A>52q2~DL)zi2 z3LWc*4lV*|f1 zTJ(fOEn7hq{x$37*)I=h@!UZUf(JQ>Ca)Z$K#?cI0HyJ-PqqDe z|A(Mf7(WI-m*@oUddAXbb>***uLGiMw9D*gFGz2Nn~2 zQ>T;dRA`~D@h$|0MlvesTG~vuREV5AGeT$12j@w;yr%+$cdaXaX_C=}tiV_lDD1nk zp`kyCcF{)X=QSWd#xMm7QC^@HdHY)-SxKTA+8Wl9Bw#}tZ8Bgyb$jE@KQLlW*z(Vf zNrQ=ovIaa-1c7j@7&NZvAqgFM+lo8YgCa~kYPIR@XBq{mace8m3C!i4Ma!xgqXw1w ze`R;D5)SYlU=l2QJQ6X}K!BgN%cS9MY@8cG@Z(`u>_MA{fCtoSLN{h;sj?hrIgRa0(K@o@=6ba|emo{`^+j|LQ!OT$}1?ihoQKrqQ zr;=k~PEVS#z!TVor5g0{$}}TrH|8Y%)7j8BSa!0lI#ryGJB{AznqiHx8;3JWm(|A? zi!M~<#b>lufj&{W9S4n%wB&lc)ls&>9|ek!9+Dy9tmlh@_bknD*|NcJ{O2g6>EhhW zg%ezTggulO@Z{?S@3VArO~_j=q2UqumEs*-Nu_xlo1dvv2*?+Twv*5~Oe)V{mtatE zZjod{5Vci`=cu+cJm-(U)3knwCoC; z_;b!|6Y}$Nsf+u0D?NAuPs+JteUh`cF1g#yrR5R-`xa(z!Hp|mxsoa(gw=!t1O^~2 zj9N6BW=>QnE+&YolqKc!&^Ar|q_wt9X5y&^z0jJdnHyzRN?8b+Iu2Q~LdU&h8+6jb zjsAmIgn;nEQ$QBN6E}Nf5&CK34j>}MNv@a)ZqekMKn)pfL&6|%RKQutnLQpZHNw;fJ1aW@N-|q=mOU6sGJ5Zr z_cejf%#kPRNn_M&2)uLt?}yGBtBqOz@1@-I_V+rLwJHsxW(#iR)a5T$YYe{g`pTYj z%$DnxY$bQ9mZ8)&_6{-^d$MqVArE~2{g z`O{MGti3{ov0uYUD_7gRv}j4`$e+^d2+%MQto?m+kJoUd(H##TqNnu@#JcE7{>6SC zxul!hnliqXvpLKb^=T%x{j1gB#fNC7Dbx}4v*&f?Z&1LXWXV_J)nVO=DdCgeZ;Ot7 zdu7H^9^g@Pv&l*2xP(uBKG5}`CK@Wy5ki<(0qFxnH)t`vVAHUmP zIo26Y3?=N_5iSwtztLvQbU*QxnNK}^)(kL>e|Nrp*u5R9+&>2?`AeyRLiz)iL-;He z(NNc9p%}-3!Pg=9LpSPjd!KVDYTr(yu#kT>HB+jEU?^b)D8h*gT2~_w3!eUYT?e{K zUy^{*hQJJaXsvbd>lxPtV>vE^pbUc>^t1?gZ+~eWhm|QyKZYv=>E;Zx-PrQ9cs6@1 zdY#r5lSTtD;$w0DD1R8(T1=#ydG$wZAo?jdz~t8(<*)B2-!rHdxY6;#D|;y*{kilF z6y+9hKol7tRudz;@>##_K&n;HfYYQ`5WWIwVIlw7LrPCs zgl}n2O6EYI!4F0PX9E$UMW|2ihLODTU2Hki#Cgl?^VCj_4D1Jx9e&au<8|-%)r{@& zVs+{!NHXKj^Qso(H=TS9(_-A^?`o9k^YKaoTQyvU393t|%_so@;U&!}p70IoOl&-8 zjXyMdP%wfg)78nV2Wn3%F)LImFcpu`G1u}ELnmX+>1mu}UaREU2kz%`X!4^@;vbC$HfiW#v~9FL}@^LP21YU$#)ylDyxJVQ6uX%K1v9?14H z@32~Fgu-X#$dhM_%2T-4|FLumzwWyv%=Sh751TWvoCoEfKj(0-=ltN?<*MIr`g4qr z0LFvxKoH66A&Wtu$0$?msy~~7$;bJFl~yX{HValHc^cA~PuZ;SG!m;qB?3$Fs9Fb- zFm0~+d^|tjAja*%e45GN>t*+#n{JBajl7xJ+aK^e zVf#?BVeo7qna3jG2%`P``Z$we#-=?sV6_KF&w zGWl{I;cS?EKfIwlzrzv~u^o$Sk_6(2;|jQdOSZjG^latp5w!iPkF;N>Nl8Md0%530gfV0$_uqee zqbdgd!amx-t56VVpADaZIYq!|V+89Rsj+Ck;swtuEP^y3eK|fP7JeuSK%11)DcLWy zw9EZ;smuu>CUd|OJKwuvLQb_D6kM(6Xk%-i+_0jn4rjup7*~%dN~(wgW@e>YYLclu zg@YuogCO|;B+eoYG|nPR1#lP!5Qt!PGsKvs&fcW(bvdM`$LEoo{inm_#4`?BVKuDz zy1R=2tj1J_j$F$w(U|)pd)$^@jy`O&vQ*D|m zY_qN0${k>UGx2F@ORzmQa!?8c)p;O_#l*S^^p>*jTTG14D;FnV zl$5zl(9lawsY+?u$w{fCl+$J9lwGp#KhWYiEqb!_DlxS_*@8e$(RX@#v$H^rdM42r zQO^@*G2?(?e(7=d#ulBg8Z#i3IZ#(@@j0B#G4~cH^uGIQS1+_}yG|>!!^Do*53X?y z@xCio5Im4IitB&W1FmhOsTOUfX)`I?1QKmS2F5hIh;oT-dTRN!TH18wTa=rRv;=`G zaS*`Fg#%F$D9MUT=mQ{WY7KddH7ZU#96?MF^`PyF%ygB(Jst^e%`D$gKvUed-0RR8 ztX2mKZgE4{SKr0-8X|T?gHmaL!;Qc;J!R>-6B3#{F)u|rJo6iFJl&Kn*$yF>w^#jT z!`cJwitVB&DstM~oCB^8JqZaWCQ91SWi#bDUJfBJmpngKLsHxTI&Yz@@x}`DhS%^-rljL>Z?FI90^c zLyfy&ydQ~};@-tDgfG5GbaNIf+1a`+(k&1k`-dz}P%#I!Rt45yyN*1Q{U2otip!;x zWlBeVev;vbzj_NFj*I~$meVlrGTf*?XZK?N`3BX@)ND~lzx@_VX_F)PP#`CU^LTIm z*aq2<{(l>^(akm{cAoKVSMAAmVx*Dt7w}G?SCx}#l4P|~f+4yUq(L@{m4N>lIZK6s zAg;b6MtJ_|T<13e+BBXKTHMvn_CH8E#AI8NbOd|(xECW!jFF>(4HEi0kJwFKoGZ(3B){Ee0nh4!1WXt5&JgmPj-?PI{xn2E16 z8=fn11aOfC_p3~e;nR2uYL|pFSgku3%D1D($Hq*061bWs+84b==?eu_e=fPkYo97u zi;8ZiV_2;PU_MvqL@fb(z!C*mVM+pWQ=fuBddu;*C>9|qiYPvm0 zpUxczvwqe{Wi^ppm3}?;7v9YpsBr^ii(^cIu~OdPfu+;$D`zdSJ)Chv+Y2NH9ThO4 ztHItywqt>pu@2hS?_1?pwtZ!`WXD_Got{9E`u&UL8p^loRMLF$m*uq;@)M01i9GI* zN(hN)=+um07&4$|ZY4{mWL2xn#L;zI>^#&DEt1>{8M-@P+^x63 z>8x>Yrh833h(y$qT2Ke(5zIv0Sx)k-Iw@%xN7jE!j!Weafk6e1dM}#~ztE;Tf>PUs zXMzxXLla+M3B<1OY_ka257}($(P=Xu4cjXQ+z}lfoA0~DjQy7Kbwb>>k`Zjd;kt}E zfecdkHXh81ACFLw4I5x8U_V`Yb7(OkfnVN`gkjhAt(^&J%)~C7XV?+R8Dx-w2Ix!(i7?(g(u;1%)F=*bnhm@=sWzzb|KkR=%z)qcb|qTV*QR7NcerjB z8@v`p)e-mPs*KzPDwsnaRs@O9!3bpwr{_}GEl&j!+pD+Z%w^;HF*EiHFe4nNPk+vd zZI(`Zrttwgv>I`qdeTDEU;Kmk5BHw#xW?}Cy|In}z>dn5Dcjq_J|E1RH7p#!+i_Qv z0Yl<)*Y)sKv=|!qSD*gNd0xkye*{u(DHvI6k9oDo?vBs`I^<5AUSpS%%g0VE0R3uv zlr)|%r{{3t*}Bm*1E*^=mC5-PVVQHCO2I4koK_EZM@gJxB&5 z(pgz=8iQPBZxBs|3Nh4ZCXN8U@t{1>lRC zd5TwvCKuC=S46449r}c%h2rfRqJ_VNiBtZ5a{u)srn@vs=-~tS@i0KvcC+R;=d~sS z2^V^A=RV7DRKOTew{YKcpBk$-XqV0~%IXO0>EQER>9})!Jbb+szf~m7C&cHWj2mI^ z^u`~EY?h^uhc{d=ZL-6Gz}vx^3EP4CJB+C&rN$HYhRBS<-Z=n{cZY^xGHGW)8rv-& zCFDvIcO!80iMk7H;r<`)|Ec*bc5Qn|`us0I7|5OUC%Uw}`F9^;GGg2|5)w9g=iZ5y zV04bS&U8iRs5SBnZrd9?0U4}gapt?R?Fr`8icy_h%hWogg6 zK7ud)W#$lJvz^_@({cC)r_I}X!V2E{44NbU=0Wc~1a|~<7dH{fy~hLxmbiXJmMR@* zkki1=DHkNQAOxwVadtf2-zJtzD6cF8{0zrRBwfnnIQjE5M*!-hD}!7EQYE2;fRDem zEx5y7m%tW#UmK>$0TL!$J(upx>Kd+kIr}cQU1UUzEqjz#2~Fn)|23V@;~hAzMP(9s z`(Sqp+?qmKS$jSzeO7*2%jt2|_|7VheCd*+X=jmoaLBuQu1RPFD^ttO*kzXBm&3a^ zE+|QzDgoT4v{HA)8yo+1Dn1lk{a&^CgD!h5QD8{fTe5@wtHanpq+g-Mb3x$s%Lmvg zddpUJ>A>v@m{!_)J8aIISYu4Py~3*9p$y#E@9p^bXQDpnT?vR?cXWcVmMVIAb~&hW zO6SO^`sSiPY|>6TYud$BI2j>(EypAFX-J@lXIT~Io`(=)W47X>e*Hp)9<~qa4TP$9 z{tGB>NoooLbUr@=ZcQA<*|J zV0qRpgyR&*x35#g%PnXZ0B13gdBf(hMB>)*>nr43~m(7q!4jv=!4Fs*HyjMQ!i1a&)D}`l_!wK!!NOh@MT|FiW<}Kw^ zL{zJ3@=KWVV%Un%Fih15q*U-b39^gTgmedFH&}NfJR>+l=%qD>`d#-QW_!g@U^OP) zbN~hJq<6k^y>(h%-EJ^fI+;yrePnm5%#q8LViPHqvuQ!8aM3W-!0NX?{BJigaO#sP z9GY|1p>@BAJe%0BXCVTx8a579gQK&ws(tjaHSyQmP%d&TL%>{f^(cSDeminV1OWKL zvj%jSWGe5ZrNLK1VX*`#l-r21-oi54nTib!ZB0{def>hl+Kj<5?-sGeLdoY5vO6s& zxUYQ3MIw1S{NS^mfR&~iMbP2vN@_p|<2k!6?}x#m-&Aq4(Q)qjB2`>dzdciR4S+wB z5R7qzE+^JDX6{W+en15J&yrEq)Vh{0$liiz#gTzHTCXuCV)f zoq`~*Mb|{B1vg@+eeh#3nJT?pEd?&!iCC~<^mSby`|vR)4Cu4CkoGT@kDu_qOpE9E zM&w$AB+PyB))_&8$3SQE<+b&&Cy&^!<20C}mEGVc4wv7dcq(NX(XCk4v|1jmz;C5Q zk9)I)pL~s`19w%so#e%)mlJx9a;No1Ma^xq&C=;g@y8d5E?Q|t{NH}FDijuQA0mct zDm~ai1foW7Dgs?sW7&CVbyi)^$UK2ND63qT6rGxH%v>}f>Qh_@y6*iJ>SN|D0~oL` z{#Az*;v zEYWkNA>OmB)Z*MIqzC1fkmBCIW)z^qeHt#Of9&;@s1G;7hK+UmGX)0?Qmr4V8~wqQ zC<1p73$UR6V?*!3s4-U~-w-MI!ULQ+Q(`-xv9!v}Gd+cJS+{k@K^(4BQN5mtF1@56 zPfhbUnn2Y$>@#h9(e_Efx*^TXtLA>V947-oIo@UX;jR?fb~h)383td{Ypq0Wu_Bz&U$$m4A0S zdyIS1uW%^i*tRXTrA#gsg`5J3I3}#f$92)TrC3F(*A8*wQ7=K?G{m=qVj0#r zBrY3TbaCXOO|gZhE3!RI(mHJ``YMg(ExX@w=`v*muapULvkN>&&`_$}G^sjW_g@iMHe zMOUR>=;C_I^isPC^dQ;Iqu4w1y;vm$*3rC>5s^dkZCW?qkXX?PO@Y>F16vbzFt@Tw zdCtz`2;|9B?pnFFVC&j07E5Mg&f574#Zv->JXe9IHMP7AlnF6r;JHsPc}$Bpeh26n ze55tb(^9n5=*MQtTW&inrInsw2IXq~_^Y~};i_TcrJ-&DG%GeJG}U}8%_G>BNQeWq z;gBsoJ-I^dCx%VBHAfwpE*tHo3ge7i?(^dHYqD3Wn7!=WcGUI4je^f%FlMMAEb)iJ zcDm5uRBVO_pCv9(78^;6>0Ney&66UnKf_HZUL7k-Q%OoxWjbsh#PX!bnkpCH9DzcZGRi z)-<2#%h^RFo18mmfjeR|b|pc>=lsjth}9v!Q%@IkywlhDYwDKQ4fuWU7Y5&hRZ0HI z*U7@?$7|+jI)U&0p~Cv)#>eZ;`LfxE{W*V1*J_E0quo+vH18uSvX7&3N;3^en~a?@ z3(w`Xjtf+7kQT<~prz1~yX}@B19C-!pVGck^&`f9p(9-fd56bnFywvPIPo+-Oc9Qd z!hzs6vh{Ay!N$D!cUo+T-P1Ny>EV|-!uXP0_EK-@jMafM|Ck2h7B`9qEqI=PHRpjO zCMY-H*Q~2DRvwp-M0jZ~%^Y4uuiT17Z=6-X8U&<@_cR!Y6Uqz$JYXVOH=^2&#Q0{X zi)oNBftSod@V>X*@F16C`x-j$2ox>^h%{c_z8KE&O5}oI=&)(aS4a>emZ2>JlE;~0 z<>xt8Vf_u77hpaU)iUhYlD_R01dYfCG$Q=$)|lQa#suaZ1Y!9oh^0EP=rYuTHJW=M z-%UZ+lzjUY&Ei9P%gOsI%$Traqv1wsf&E>DolxtPAkj5O%mS295u$FHB*W%N89Io= zxDmY2XI*vrW<6yk0%r_gK$yfEprVXBKwDfcCYIJT^H$~aX;bwbWcP}vWAo2W0!l;2 ziippd_$(jxm7$$r-mW+!(7h5Wmk+pMYt%ads{R;x^~JglymKoX^YhDca|W#xY?qqUdEM~V-)qGAVy2GtyAFvnR?;NQ zP(l=q{bl51O8VF?z4qcsY|XyMq-Ek|z03av^eP<>cTIxXM;zdzlkIG!0w^b?WipmI zH8niN>zScK85T>OtCR>35%Bl^#I?X%BmNR9gd*?CzIJ=>sFnKUZt)48`$TffxqR|Q z%OxXFsCt4R#m$#}UG)64S>!#Xg%@eOX0X}#^S*>6vSl$$2(%&eNgJDaus}ZN$%SPO zPSxc4U1ydod(mX+|~b%z1uW<4-P{I=3I!caag-x(}riH`;%VR{yNolYcgr< z{6#t()F`w}j0`A*6!5>CeHC(*$>E|E2e#FSy@=I-UqIm;?zP=}16RAu8xJZbTWPIY z(5kIZ$UE|a*uTL|;JMSgnOPCXoEOaK;LHr`6y``saGf$cSY8@st$-@zynh0nQ9#V9 z(!eEZ?FU24NwY}%HnQFZO=t$ z-^BPEH%4=wuKb9AjFytQ;+ER42sK!HwE1dqQU}U#?QS`A!)n^WoI&Eb29lw#9*6~l z7e5hWTEl(*#}^^P@o9TN~bO1B+_-9O95hN^Dh-URLU*U4Pp-tB7{Ff{-M z&%?wdS3Km@wS%CO)t5Wz?MDHY+m{i`q9Pz5A|O&CB3+8~9+47?5D_8t&?6;*5FkJZ`S#$s$6L?! z-tV0I{atEKbbdxQZyg|ET@&i(~U_VPa20lEg20 z^E|Bah%bLx7oK<`;|(O5v^g-=h#H!1`L>0hFS7O8H67i}!N(((6+Fqd3bGT{dj%YY zyw(ZSjg8hZ9p1(~H)wK1%(qUe{`&j;h9ZNFOisAT;P?}LfmhvsA#dM|eN%Nd&n|oA z8!WPfYf0ew5&W_;m`)L!4p z3J*N*J9H09Z`M9-ObE(pO@~n&wiE69%0y1UjNalTR17m>TuFkt@|27o~axC zx91x_wHZI%yJuf;Rb)4G=yac}{;2F2^2RW-SE30&fg094;nuaJvW@ zY}30GtS?O)QdZhsmw6QrUX#WAKtRmyEUS!2@2sIml30FB!skoDLkSuwCeS4#H#Wox zRiiy3N8Wnu4y-?og`QX%T#7jE%F`9zs-&of0qb47tCf;Nc^;Bkl`a zR7I1lQbQB1=S5OXnz&xKDb}3JvwEV1QKT56w3*Uv8uj(F0q{~<@IvJW?gttI3ymYK zlTzOWq}mc6=!t)(-X!7g)J}@1X|rcNyFe2-<}3A_eSR;q=^Ru_np*96m$S&DoHV2r zgb}mMtytNFQ+(w*%jj?`!iI5S;-?wxSwl5hJPCzYq7AhA=L4P{Z*qI*io?lagh{?Q ztrz=wcUY-}*u|ld_qQ~Rn{CGn`N#TN7+hcfE$jGe^4WbN45AiZvBgGdVlgur7gjuVSZt``CSpQ z_b`QoH^KLt26LT%z>bg-c5w{1dODBGEDTmI>_eha_6RB8m!?ZS-RW9t=k0r1Qs$2> zoJTkm$+U>q2{(xk#mDcTe3|L3ne-}(d(NFuIe$LszubHDx=3Z8gF~|HN%Tt& zv3R|stD}thZIX*!El){NDI&wJV);X1Vm-@W+!b}Lt=a;2yXqGli5h0ieYGjfS*hV! zaC$DLWbmAoI#=^8xtXLUa$M{xeZDD#TIOQ5n1(?YkKWZlImozi=!K$|t>zW#Aas1B zN;zK_-!-VEEyB}qY>_;{QcV>cSL*%7xp9$wywU;7y~G%M(M%&T#uJ4z2U0Q>Go{N4 z4cg`CFQ*hW^60cXz9r~hVn(ecgmg3H78V{37Zi5V(u%czIr+*;_(RFU13x;cw};LCUbKS!$&Fn2^V7NOMAEp zv~J@oDcTsml3U&m8Fq)(R*S;FgSw5)#NxssnY^ex1d|wcYu)7O2Oc9czJ*Px$MQ`0 zFgJR#x`piY%51Gs7Iwb$hw7o?56&{jh4MsbSq;bYMi5LzD;8&OuV1(Sr5KWf+F*L` zzDf*zJYick-Cyar;S7UspCt;a;@c+&y(D1}3S6>*6PtaaLVs@R!` z2_~jAk(3k*u@%^**!T1yX%p1c=KVb$AE?x0KIPux!Nb)96~0Hbq;$e!Bd3a?#oGLD zzNL$!cdKUzF*bX~)MlR+w~E&hCug5}jF{sTJ9vj9JVeq4X{Fs$jX8}CIMX-Ogjm$& z0~pV`fg%-zeeV~fl4Wmv#x+{3lUff#(H=GN=zJ#k{_=d{@S~-kYPAd~+RTt1N{;j) z+Y_i(Zu3O4O*TVjYVd~0k|Tt^(ClUCIJl5=nUw#ebJ<~d)R#(a)uw94lY*8s*jMZD zkNV69Td8=)42j<7k0G*JwbA_=$c5gD$R}jIfdorzap*MO*kS7jv4*grOIVpQ)2PF> zhaEcP9cc6R5x(*|)_p`hJ6uP`yw`9^$X?W$qOa-r z%MKz|S6&z^iO-}GT3C9&jf)>fi`E7z+aIN6X&h6h_T9C#^=X&(HnRKDJ#njVj?Sh< zqBsRgwqa{N z-|Fn0(pkQaOK8P+mQvY~ThJGts`p(&1{=^}*j)1o{6f}QwmJh327}(=s61+ZsCS*Zr6t>U6&eUi}t3L90NHex0?<5Jj5O<1nj+mR78kOBgp@3P&*h ztVl`T1*BpP_Etg-HZ*%9imzoLk@jhNb#8R=;wo`@$e$kLKHOht^p#Z>Q_Z^gg1fk@ zY2$E4&-n=d@v2&SUhtz(Pe#rS#YdK}IvJfzZO}%VXMY1t+CL46n0}g#EJbm8P^&%O zIr(8(rCYTRxRh0vERE+pTr6%c_KO*P)@SULc93^70l8!rpNGwE>KYEiU8TNPqqSRV z(~h(>RdyQ}mWueIwiIa;G*N~=VPt9Q4Q-(n>WU_5%i~RZBOBv`5`&=w$}QBpVQ(@~ zP~~OwAqHuA%<(j`STY{5&A31&5h}i;SngI*f!|K=Mxic|2aUZwus6ItUdf!LEL4W{ z4yJwb=OWMhw~gKLiddMQlx`bmRIgTx@=C`h?^7@H@-BWK-%>p9q3SR_MsXICG)-0w z&y|^MNPIns=?v9tmUiIf_==Qiq3?YR_0Y@a_jXD93$!iI5E>e(IBhwUS?-jS{oGT^ z5_{g>)w#Jbf`|?G>Vm$m1q18uP-l@@CtBH^#Ve$f&AX>GGmixyM0hMwm7b z5X4-`tc1G9F^tI0a@R6dzb(y>qStADdx^xcS`k-gPkMi=+%r0e;JMQfB1~FE`7>|8 zBRqT*P>e;l)#&(c-_@Mf{EX@Xi}Im&DQdMV%zUD9)S`nF_8X>tbE|uDmd0i z#U--u`M#zfWIv6+VbV*)A>tw4WyheIgt_`*Wm%=MX5^ce>Yj)G+lT4W(PDmxEQV}< z)QZPf`_(C`%aJiok+#P3?ucFo$N7bvs_`mPim`^nKnSjdtMqQgP2@IEGd0|?v6PkZ z@n%%z-3lW--H}%7W41DQPV$naBvvIcgWY%3wacMbtm)4F*~*$&5!*SH?5gD_2(EWwZzBJ%Vysp`O+MWg z1Ct7qJ`;K|RJ=_cu_|073Z)8PQU66KV(@%q3BLa)$>VysjR4{b^C)kv901M|wnjn(++ z6tQJWPa)Yw6Z;D3b;QaU;bdFdRR+EEDt>i1+%#8o9Z24$?O5{6TJn&Q>mt1?yKov) zwK#l7aYsOV^ZcUOSYVX2g;v|Gz)HHPk6~11W?>n0G_6m1Si^|ZA$`KF?YQ%cd}!#j zt3vRRVYPW&kvkqgg{DD_x!&#V!Y?mBqq_CPOI;`$u=?X=0K8#VY_)uwYxr^8H@~yIp zxv)31a?^|54!XYSt8ICN3In@}SSVbc56jXh5jH%`G$s6!3ue3LORnMXea>{;jx6&F zD|5F$%haNFDedI>+oy4QXu8+YlofyRGDykW+;>SG{IhBF8IPM<#E-GSh05V>KtN4!T-+GuVl z0DR*Ri2rofR^YXEsb>dD4o5gfEHMQ$K|T_8?@h zL4~8_%cI#Y*QFmB%kXJ08Q=f+w-2_b^IcU;eC@N}Fsi zn{RKn5SKaD^4NUo-3N_$rDKhgmR|?LimE%(9o#a^^{4A-Pb=g5A5|Ee*k_p7UsI#` zAX^_eDXOI(C~wD~>%o_KaT-!dExe{;1VvY?i0DcR|eKsagkC>D>_3MI61_ zBr!fRlRxRW{e4A=oN+SZMftR09i}bkW=hk*+n+r!Tpe{>+ovl< zdiFD>TyyA4X`!PYQmTWu8c>Sd)*MXE2ZPxJVu(cgoDaWOh|pY@2BkwcnwY4c_;UaTDUCLi03#fm?Xq{ zS2HqVGKhG4RD*PHoAS&KDw(@-uudy87%ZUi?&w@F#7^%x#;0YC^hoTey;`{?a~f%jT#oXl^{@!2`$!omR#fe%k!B@aV|y0UZrJ6yh2H8X43>oR{}%UKi?1O4tWJjZUqU zatxB|+dlI!*_#D##Oa+1>20^>X=_X-L<-MsAd$B@zXhSluWi*WV@N;$Y+I_ z2@==S;wF7Ek}e)~N2qJ9L-yh`S+{fdp#}2FN)=YV;Cak!_%KV=6ERTnGHvx_#VwI{ zPMw&8%&gT*f(>F|1694`+90Mdn~XuCs8MYhH>I##21WS>NyMzFFSkO1;~>9EZejE` zQB!&=SlzG*pn+e1N>I3|7Pmcj3%=D+DevB5PxUK1|Jwc(L0MMHeqO!}#ubXZt*qL$ zRLYgrzUnKh3jql$&uI>#7sAQyDCvN;8X-@YhHCLpBv<3e(S47J= zI<)P^quc|0h!=>nhAdPkw>K`hhhitHPlUvxzdadtSVzWYUWDiQNd z*h7&Qus^Mok$h~VRGH}LmJ`p&QTB87GIV{p!ySzeLi>~~)6FW4I*HTRizCZ?4p544 zKILhNG%hAFW8Q=6LwA$TtSmu`B}kieGG<3TUSOgbRPpwKDUXIGBG{O;gy50}XX;%m z45ls0!Ed3->b~!5Z})Pb=^QJNz`DjzmSV!ZVjpL`d`#=i+en?;ZN)?y?(MqIrReGA zvocue>72Oq_GP1Zv!3I-%d`ICP}z|3&Ekf(jk%Sg8y_o+N;*)GcwNu7*(VitCc%2s z#5>b%Mx%CZcT7=y&oG=hft)#^yw6Yrna-;cDb$#gQf9Gxt51-(a2Cn*@@u8#U|4-A zj^PSsX6V>-I}-XODIc(G+Xwl<_SNZby|3LV__=Me^%HdhKowBX*2C5jURlPhIWaV0L#e#D{0$%5@JmB|iw4Qw{^Xrw&GS_MC01qSrJNTNcUOD0#`&f(Xpc`{6_e-3 zlB}ZQ<34awo^u3&b0-!O&u;oU7)J5RBNm3VBa1XMIx{gwVMMnT$<9lCks5Z^-b&}M zg^IgIP_9s;-c9p1R(;CQMYxXnJn-p@#?CFil8==a)9j$zHVvyYlNO35oys-ZI{Sm8 zR*L*3Ne-;pwLF%?+`8*LJgguu2GM^Wp8~}MKIXeKVOtkQ4}~)NJaDIj7h+iP_Qm;^}ptB$!Dn8}neTJL9#{i$+@X>-U zv+};_l+m-i_>So9bAuaLAQ_4zb|tx7!B5{T>TJzn2Wi(L`<|wDFB97p4HeIVka)dY zMI={goyqO;5QOBm+I5W3Z|a8hd7v-^Qu?|?9#TJKzl3v`){9!C%zI3sS`@C-m~gAU z=C1oz9y(sr#h00dpkGpG5qZV6I^VNol1{s^p0;#COlEb z?Ow%K`cOjWwTd#v8x=GbP)rk${DI-n_NU3`USVVR2P-Se-!_Y1ewVH0I|PMkn3^9X(G?Lf996o0-L}YtWR}*RED9#_R!+b+V}Kxi7BGq;1Y~ zr&ZTOQX<8+yU)MfY8oY6mA3GlMHJlNw27{q#tP0~`=yQ+>GUja^_!Q=UUowpj6SJv zpma|K$iE(Du}`|*>AN`t6;Inc&o<)V#OJ>(#{sPzXvyKQa>VlOf?CA7EuRx(CX4Xd z{l+}@4Gbjxip7Ehtq2vm(VJFHSN-I|gRQne5eL6UGkm<~EvH^dvj+IFPDdy{9@5f_ ziIMDQlnXEgaVc8(phcO2l>605eI4cz)HKc7Nin?`I>}kG#9h9Ox+0Esi}ka6VL+=V z2h*0G0I@jR1Z9g==Hf+J9eO7k27`^_Is1#7i?$zo-f!y5aC4n^^Qssd8=B3jSzS&j zUcBBigG|US5&GPhEvmV23f*5!%fVE8%lWgb5a_%+PZNDS(f(#RUWLR7H=?1FNU-05;_j8D9msmT$TqeX`z%r^(+)1XI=&6z7RCaRb_q$HG=|cAw%$Z z;jM0xc2^u~s6Rx!E?B7_6R(8gH+xExftG(6Td3Zk<+%JglAy`wlQ^66xV6@U9xqB8 zJ{e02Llz?$mTyS4tYGWnZxlEFs41Jlw?9EFZR{zi&%;X5-A|PlDhN}P`gTTfLOD_T znUM7G$pVwEWS{8pc}kl=kJF*z!KV9svgZ(I5A3HpAs<%CFh4bl=So=IHvA&T>z$xP z_SVI=^4s0^r5hMS6M8f=UnN23?6F6;2~CvYWs_lz)%kg9+lH@g?e1RgL?`P;vyb#UXQFUprHgw=O-{5FjHKNXj&jl7smvjZmCXlS|FzBeIlWa`Z6C*l zGnSj1m_ssmUOXU*B->vndfZZcYvO>2x+d(e6Gjl+uY_71t>)s*ZE7f!Sux8sgieDK zS$x1%MPI?0^N^ugQTweKh4ih+LlX-N^lCeb{mtXZ2T334)WTk*ARYPMl6*HRS4lm=xS1hi{3$d@WA}{d^YyjC z@ux1BMXj$rjH_&@ATDGy5%W_G3W#^udiol_Sf<*|I7eeSVs2wNKVO2ZQ$u;)p!g{P zw3pyM=d0MR@98tgT0K|0grz9^o2&Ntlz^umO*yAmrV)$h!P91C^P$sYX&cJ=+WU+h zM-%RL*Hn*3FZD&=UwM8(7!>pVO6dh*-V)mzE+v${J6<3SGKwW2!9Km4+r*5^;DzHGeBdC<^jKjItuViWtpSG$>@h z>~%kyt;ACMeDnTQypI%;+=mcj6w{im+9Z9wV&_+zm(3uum{|d1d5nbC(t#MG8A`Lm zgXpKI`J6T@VlS_Iyg32oTUb0TwhukXX0}2l;?QQxLp`903YAA-+Yx1A7A}f)P7E|? zk}5#RYx2u)QNEPb=F#>TXaM%N%YZGBh;=_tMnjRh0<`0`U%XiDUk#z@6^JK zk#LN;8RBXuQqkmKiu&wg7`n0qDP2(~>pM}+x4O8{M=Nu{h`X;ydaVpk+uLV3gn%Db zELqBso-BgojZcm_NYd9KpQtY5@Z8J83+R<5J;n_*FC#_a(vd!>mK8;^f}s6k4-iki zD>$~yBAYyS;o3nI}lXS``vTzt#_!lX~iD{xwVZgfbhqPE5|Bzo0 zK(Qt;^x-BtxAPk@stY$Y6qcdq%}4|pUjNEotWz)cUrMMKyHw0-QG&`dJ`qKe<)fM( zr@APSs`W_(pI-m>f0?C_-9tx_Ef|aAk+hP_41ft+H6RfVA%vUg#vwFe;8B)@D(}UP z7DKbnh^XOHkx{e~?$GyZDij4)AzJ`8lqL(XiX;Mu3H$F8JZlqfy;#>0RF4w^H;S}(_RH_Z5{prj&WNI6WL6Ws zH-uIqN_CMZ5la6uLH#}vx;B9z5ej>;bf_4`)hoqEbul6lMBU#2J1~8M>hkM!F{;NI z0qpD@sS4cgcl~ID!QvFI-m|P2lfJ=yUNWS~oz&0OPFC*M8l4>69UJ-GSNS6bi_!A> zw`52&I}JHQyvxsr24&056>rS|gZDebjBN!s?SGBEXy~smTDS+=!t(a~{SWKn@S4DGy76ws7n^&PdOl(MBg}4I+PpvY)X}OB!797AIIAbWcvQ)8Q}DCJ z9!tR)i#@jmcinU*>U{H#GTnSp$lPdyve12_4JtwjMjOijL|57s8?ex@2M^L~wf_=34NdQ$}R zNc6)9=BemFr3;DveqX2qSb<`7{?7vC>c4yz_@Ms!vp|jdz-NJab^cZX=#%;{tpcCb zU$+W;RUc>-=v3$ba=k!ryzAYZNU8+0Fk7(%^AWas3Ff10of6Ct$4^VIs=8Z$4?IdGfrUk^|WM!^3oNJ zv8$J^w|Tx~i>OR_mwKe_h*)~V*~X`Lyq-BHzT$s7m72WuC?Z|u9H2f8yuDEe-j1{Z zZ;i0Gf2V?e4)(h!I6=c!Q*cfq4itCPgl@@_Bq!dt(O9`XV8{lm1Wc^K=oT1Vhz65a zlfmQ*ScNzM{ZoU#S3Pj$sQdN+3dK0d+{&Q7<=;^zFl!eE5^3Zvv|6B$AqvhnLYmS*H^@EQp5z!a6 z`DV9W2JYBYtjDr71(Qn9a?yLO7^?WT6|=Z2s^a%tRgX5W-^VG}ya5&)fhg{{_;_cQ zYgmGxjmgb#1BM*Gr-J?#Cdhyd5P+jL6mXCe0msTutD?XI1~w)y#sS4GIE-jOaW(m$ zt8!m}$@i%cm_0rL41!>vZ`O2wQT;8)U&4^80g(ltrETxu#F>wdq$$CF?|>sc4laq<{DCF!aZJW{jP%SE=PU=!$vUseYDRN;4T8(ovV&^ zsTaZAz8$b;qcPWw)^)hY`Vt@hKo#^eWR+W(vv&CI-eb%qoPF*b9#zi5?3Fp z@;QNuQIUN+ys$dQ56mTJRGJ1%m#X52d$PVz=PENQZ>l(y2mW5@&>x%5&t$Xa(GxD^ z6Uh%y!ND7FdG$egpL4(?8!#H`UWc=Evb$%KS1k3Rz`&Smp!;|hnB0fkQY;k&5HYm{ z>$95w3G7|d@PA|l{SCV%?Bahapg-7M$Ee@!6T&8Ep6I%K5qx-CQP||d6WzOV2A8%j zn{w=VqZ4=c=s`oA3J2Sph`7752OS~1j?ItY630~ij;MJBX4k}VFe8{0FQ6a-)LxNH$>}i z(!IUe0v=ZD$Lcz=Ta4>C+J(I{T91odTQwOJZOA(D-1S&~{QH;Lp9AaQVeoX_cX zhpNv_9tdLDo@smh^zngiksks!${fM~0pMU}?eFKV5E!Q?9sN+CQ)Bo)7q#26pv*%Z z+p_-e1oY>6H|*VLY*bLrR9txHKC7c$`yRf5Zm(-28<$O+eD2v~>|2J`;dD>Tug}Uf zoPv?P02!!%>{p>``Tl`TMseXaUtTA>q-}~r-KvsaH3bprb5CplCg68O$5dElN;+)e z>J2PJsKBC~v>T_J-hVhN^Ez7D*eLBmXmKHQZ3kaw>17?CngVv?p8vJjVGIGEJ7CBE zM*{l4a{Q}b=&y6ne|Av?l-W1oW3c{w{=zkHN&6$lwL{KnYw`fytWK)KOJX zG4B4b(qWk=Vfx}PFzmk-aT7Rb=eZos&9+RZ^i#GK`tiThX6`xb)1LO2$p2yDdX3vI zbJz46@+{pYO$YbKs7znu={ftXJ?$Bhzj5MvgWE1kSCL!tPx9p2b9puy#szlmJd~-~ zZp)OQo8nyPr=Ov%*mE|gJ?%A-zkA|(tJ^MnR}pLZCq;7Y`8=D9;{v;P9?F6=b?lf9 z>ZRls`n}B1Ht9M0xjik1$UiZ0y~}Nvo2!VO{F5@d_ClUbrg4EiI}c@Rw%ai!=%vgS z`gLabd1Ea1Y`!<$ss3i&EKiKe-g}i6;sF~v-ED=gu3HId7TES0|33Nx_yz1OlKU6e zwCh5FmVW@&ZdH&9KXMPc4|ANEfjPGE!W>l=dBaCOp<|kerG<$yPcUOYVqx3rM%7SaK4V?mQAr|VV6Ib>#(HK=eJzxzxg0vwdN+1M2F6WJbA5+}JQU3I z8Ca6n8N+@*Ou~Ne#a+XBtb31fJHUEop;L2s{U0;`6BYC}m$o!rWG73#w5(qM7_Jx}d<)OLZ{l5v;&7nG!3oe!a63y2EZ3kXSuvd53YZ>hI-@%}t#Qj+?=wBq^au~$l3r|YJ$pwSF{uCATC-eV1dg%AE z^h^bb^TLVy!?j2NWPh{@`jh$p1-&qwQ3J>ba)(ojgJHkv{+BA~dl>&qm%n+`MaeHg z3K<~#_;!M(5*99j)qF`fHV=jv_>x8_@037fFz(NSL4Sx>RB@zFyq2+=5>|MpAd0}| z{~VhqCs9u@=-Ur+ux9}|NN)i-aQT5$gU^Cg>-bStt`^U*kc;d%BGA9|)X#wP{tm_p zb27o4elTYh;GF;E88*-BBw$m7UGu`Oe-8%zB<^ov<*C4{=~v)Y4ED+adkuoUUWC2A zfxTV@UVj1x{Uq+sfqSX^+#ihy-ir1`f17UuI z_8eP4nqBGiDgg_?*^&;^cs|HTtf&on5M@IjU3x$7EYAatxMWr-APP|BlHVlU2;=)f_&ng!5{4@%p6% zEbe@=Bx4A3ADqF$Z^?L43Oj!PySoni__mErV8I9i!YiaOMS}HVJpuf8#u_sc1o7xQ z8!g%=OXn3q;-j-X(F%llC%$bfcp3!NKrqbo)I5B=5Nac^01SJ~ZLG%x>)f#v$kXD71-MDLS^zEccc1)=7xAzbVrW%6eN z(<7g(h_wjH-Vl%QF0Z@>hR8KTTmih+6m@hQ`OWV zeq_h4_}dW>^IAJ{@DZ^5LEQIO#I0+ALGVd7pZJ6M@(<>)AIyS3n2&yEUOUOYSAqr( zpH4i+Z7-{ zArzI35Qe1%Q0fWv8qX05a!6s;6XC?WRF0Af^~rJ#))oW>9fYq!9-Rh)iSP9WLPflf zQlP(AGPs=`4a9T=dro>vXXH9AIH3Ycy;?u1n zByYBW3nah9yO*^Boj%~w_Ub(x1k`T^8?<-A2~JmwEcWKxPl1RMmO{5FNoR7)!=E<3 zCLo%Q5FYp=rZVdRRwDxg6Tf1l0-ohHo-qV$`rxlj55lImR}*1){cmvjw8KVK1h;F- zg%7aAw;{IBW>k*~PuDi3qHwufb{~7cHKHxe(Dj*;9bRU}RRpPTzD@x2npz7__jBm| z(~0T^-&2ddniI>qV0tYuE(yj}V7(TBolJ=X6ROA28NXAh=q!Z~FjY6u6&HKAK;JzH z?_395z&RHU)@&be`PDeKcmqHN9Q#0!`nloXgfFbQ9{3#E3nKcf;VZ^%!2eZz2gt@N z8M=?P`@EvO5qKwAula2S&Op#V^!;}RT+}8qwm)b-wJhv43@8wQAKn09O zC;)y*No%4TT9ZJ0*RIzd zw{(_pPw5K74bVX_9UAtEhrK!guggWiE4>GJT_pmqe*_HrW9j~5Ht0W1LIMF-T@$Xl zFkJO;xJ(UjnMOdFT%AFg%=gy(Qp%KqzqO*LP+b&iPMhIA_DaFq5)l~b3ulji`zNRZHQP0vseMm!i z&r$$cNAc0mHm;q}?Z_rW0D#8o1czAsz4Q~9s8eq~LUUKyP zs)GKB?pGBKhDicTci7Sdw){O6D~vi1JO2#(h1Ynz-C)HU8orw7QKQ1Rs&EdD-vBMP z)SCw{f31idvn7xfyyC^ez`qj0bY=1pxz&1t>D`quYz5qaGlc^dgV(wou%jTbZXjKR zy}f}`h1+EncVHMCa5fCngJBskOb3R+?J{q;UA6}6hr{a!-B4(#HJ?#W=>H++z$(3B zeDN^K8wb|q-Z(O-d=^}OH(A$oxyaS_+o|0?=auxEcsfLziYf zV~fLlctL~HhgY~#0JIuThhfkAMuQGYrTPfvikT4TIf$_>DSV9zfcqa!7nE4%Zyoww z+)u%R0|2ZJu(_H7HaRiiH7*KxZBYYW(Soy{iw)EykJO?)!1Yxan|c9K3jMtJ9DBYZ z0^mYaM=13N%w|1D!l%{9SCoOpNH{XVV@;$c{*@VUp$fYY48tbI`mhEn%P#rsWt~3< z>-d50`&tN$&htD2#5*s80GI?o+8Y5$`fAHF;BjpN0yDSa!~I==^MG_S?d1CE2I?aa98Gi9Q>jEt07VF=U4Vy-!|+fJ9--m)6$WjGU(FFJN?6c5hMliPH!Xm&@m=sVq&kYiD1T3$CgZ+IBXenB7b8-2+^O;PwL_Euv3}Nyp#*y|$%?j|U-$_!YGLaB>iZ zl27?@u;YFlY+(Ka{v#}TGusr<6fEfgr^e5qzc&}w!UMb0AECkAre6t=Cg}5k1UTTS zAh_>%5$-#_f%}eEL5}5ca~9x!8kP;S>A`FnFq;m{mJYM&z-;L-8{F*t3k>>6+@A%5 zemA;*>nwhKbr7AcD~S!b@O>q0_96K#m;YyA=+C46DQ4(Di<*5c#Ro7o=!1cJ zY+I{G6ZC?l^?fN)Ib|=OH9c@9AWX!r|OQ8MC$J!_y1y(|8kOyfG2qpE;eC zgIjQw&$@Mw6rzfjm?St~!)yGg_2b+#MT(RWd8XbY&5Ky5oCKJM_zWLTNV-8_s)Y+bZ`v zt`s+&G@q;#6+jjozyB=F@b0>;mpL~F@SRsdS4ny7qvk5NP1g&uig&Rx1Uyv zG^}lfMGTsPKbrC1G;Ux)SpUY}_Z5H=h8ms@Zotg|8A+IwRM(?y` zYkzRIVtwgnlA`&M;DR^S?K@ZXH=IP;e%q8YtoE@&Pa^s2NQ+BTD1Vaq)N)I{VdO`H z(;22wk8XRFCC$tpzAQYmb6~dLE%`x|LX23AUw8Of1?0#Pr>=#*eGcjl=`7F8%N_*r zlssR$`gVFl44;~+U*D^1T_{MdBp0zv7ZHgB9G5psf(j;TA9r92GzbF== zCYjmapcyb;gsNWDEx8W6mJ;?st+I8BK`)RzBQdPR* zTaN7|;c{MgYV@>^nbVR_onT*AGOV0ydYVPo^^L>Iy8QGH_f7~sA2*z;T1G6MjJ1^S zdvyR(lvH0?>{5HojBYOVU4I*rwSQFTLc0)h_UvL{>8|r{Sdiga-mkLpWDDn&x^IRx ztmB-q^SUbJRSJO>{IUsczHC&U3Fo%Q`uNi-c^RfW&C#9%@lkK?9d!96<{C+_PGQkJ zxTgNWS^g$PpAJin=?4v*5$_rT*45#CBue&f)qFbL#V>QU)XHz5rsmMrX=rR0t23Sd zqPbjg%8~uCmvJXKENpEy8*O^IeUFEZ=B1Me$3wciS!_R-+}RoSq0;1y`8~X5!ca~4 z*6Uvm?NHtE4jQ;%cjTt8Rr-tiW+qMJk*+c>VX@t(#JO0`sOOvfMepck?uHMXmuD_+!$Nvm7fohdc4TvU5uF6K6UI(NxoV{BgGMfMx5O0) z#;SQ`hJTq?au(RF+pg>G<-hOdQN8s18^kZ&lUbYmJ}af3D;A(`QX+?mqa39p`WhpL zcJj%(Fzv`I=z7l1#3y@gbFs=zYpHYl>PF{;{07xI_nhi=8QB_!7w{WU*>htvr2M2- zTg8s5;8}HWn~bQ28Y+?+%X}{gbw@_nca>_9*{FKHH;h^ZB$XEW>cuZgPNrMWExL~WT=z-Z*UNZ-yl zkY?n(Nv3rxV#Bd$#GJ;WaOZ)t3Fyt%VMXB^PR^z$N(Fe|eH$pNmmR7(-tszt*^*c1 z#{C{)&AY>gehJdl3APT47}&m7Q}gMFjDq{#51ObmngXMrHnn_CaF=4|5^j8cFZe-q zz_W)F_AEh{{HIn7W(Ayv4p|8ujSBwcL@wAS8>LmRQHu$Ez0x0}d1E(ndrGb&7P`j1 zMTvZvOF3^ob@HQvAyqrD@?jjF-R;@u#Zx+jtcn`!q648;?2q$-;_evoZh83jBpKlG~Ym&K@nCcbu zSnpu+kpMSMA=M8LxNP=)Q}i+gYIiqkdpuO}ZF9ms@-TObkfxpvzU0M7+@=q^ zd$o{=rQNbBn-OnjAe!0D_LU4ZeXe>{^~PCL%9clbx16FY605z_`vrr1bsJ01tiK?! z<4vRg!>HVV12q9Y<-?y8@7!Dri!%tD{A3v@cID;b)p+Gco6nJ{$JEC!=^02_dTfPE zst@Ft^vDnFy@32`C8wQt^NX(Jt#<(~4oNxW;WN3M2W@Yr@Q$v2l_c!Bz-nIZ!Zd_C zkt}9@nyBkgIJCiNc1#hm$Muf>n=nB)wLQBL6L)i{?{qRgXUkXE?p_#ZfUX}?PuZDL zXhz-+f%{!&w5sOi5hi#;%m&lnLbUbhPN}UU2 zzj3?$h5YfN`(v&<;iv5zhJr`)0(e(1RfP4JEg`jPXDGw^Nnx8`A8Q@6%X_$72S@ppyJjl-gUp?SJ?FSF%17R^6a=Bp zO>92Jx=}~ifBmX&^F-WUBb7rV%E6A|0agDeGLA))iRJC>rw_Z%^xC0w zJu@mSw%8Ta$EuoG8-9sST<5%pbXJ^2Dv3u`_REze@|!$l!MV|U9gEGb>CZYEnzs<4Ds z0tx5{QSSi%HYU-tXC|+`zlSIJr5vOkHKjT2=O!GZidDDgzTI*!@yu-N1t#|Mo6kQ8 zGiTedZsyAkkE8vcJ7VNh1^iVy4-VwCJ8tA>PKXvzCXXcU4oK2G?EX~Ff>gh)A!$G7 z?Hv_c7T+I#m)LbQ=T_B|+NGAABVSMA?;>qA%4MO03G2cIKc4xT9GT0Hxz8s|6MgY0 zkwyHz{1o}oz3Hs{+VHr?OZ#3%r|E4uF(Biokuhm3oohUjd5-#40ohO@_mRouUIHbc zapd02u!A1&vmy*R-t}-fv$KE2$WTqdRn+}W80@Gki)gCl2gam*t8|R+zFz`ttJ$|5 zI-fL_2kjbU(Ovgi)9@ur#49Ye?+WA8qaz=0YR*S|-V!drY>_&kPDB~fCn{>h3$qBuDw6n@qf3Z&mRXBZ=|+!C8aD6oyZQ7`n)vzl zvHER=s*!zecNZ548-z-TLuWj)cQMbNm=UD*x9-~p9VpCE7VMbqKY871RZ037LU*L> zTa7@F$^)On^1Y$bt1km^7r&JrK3;x3{iQjhdR7ZF?Kr%T>foWAAN`&qcKWh9Yp2mK zhF2%uCicb#@x7|l-JVAWj(&v ztVJA^po>8d20yNKFwg$Z9vV+YfJ5^`5+Og%M95;KS~ILfs9#U;@9u&x zBu9r6(ZP0vnQU|%k+Ij{F!8RM#kHp>#DgNeTMYHJ=Nqr%q;Ua+^eZ=YF)Fx_eWAO7 zEyxhmBZ0FgK?i0c&ZZ5P<#D>`nB9(^ef6c$!QM;~jK5(h$9*^&aPMCZixY1;d-I0q zG+tK4MMD2KSAWyz9-(bu!|7M=w1Jr_!v3S`4Ipy58Do3YpgU)JI}@BK)DF*PfdXef z!Xif1I`~1kZrm8596$)cSWFWjL){EDy=QUW2++$VgEbitjil<_<V1V|7AJ6`px}K=-a-qu znG0o$pta{7H~p$~0mJd5xMRq}*dRGfoY-HI75nUhM}`{gFYVuO!%%+x45nk1$W+xi zhHB~;W1KV_jAufs+ABlJ^rQgrGj32$EYAL3W)wvw@&Cd;^kQfcAm9~ItbW3y{707} z3J53xSGP+F2x$WWFSoS~2n_)N@0Y_42x$Remn{zn&;fCm{tpP40k@Zz5C~HNahK~5 z2qk|K2;bk3@QI%{t@0{f;+Mbu?ChEU=|bWnywCmw)4loehD6PYFeS{QaB<*7ClSMj z87E3gu+T24LWW_-i&va0?v$r#%@<5v+oKaJ_q9<2%cam=t?9-0LC25sT*WY9)!5=9 zHiXs8RbO^mSWPBvv+8DX&FSXHfYPSB-2#7waNbVzkqK#YD^NhR(6Tg}4R}>b1|P*oU~mf;P1!$gj8t!2odF1i2T9NVXDU4)w)rf3R!zUp!(932Hn)9 z0b2}iGT5YS*Y@6d4d-tG4=pMU__z{Tl6$qT6hy*J+Xv^DY^Diku1>Answ@gKi#>nX zouO1MH`Zg1@zC&jyNA_)vd6ORaFI7Y|7Ll!eE;#DOu*sTbK>NkJjgrSLhMMJjbo#U z*MP;3J<(C^SV~NSEg4-<7=f{-3CwhK7=?J}*Sc2Fz-aUVeQ7I)|5_PD?ATjbIO|OsfTI>lESM59a(GK16 z{mp&${yw`|`an0Fm6*hddy*>~^#U#KaK+bw0~a=zP3Uv^<=uz(pQkkhmLwV+TS#0w zw~I*v^z04jIyER%LyiJJ2i4P~;7;MhwSCL5*~6SuwA#rS4x8>GMrg2ea%g{52@{KN zBe7nKKZU-t1H?k@uzE>tRQAiy|KXb3WRlMNABV51trUP@=|C1WjyJgiHVCa(Dx(2x@;a3g5?f?y5{%O_1h3$_p zQ8K43`&))G{ljGG{K31i$ZS9YJ?GE{%Xza)w^JsV`5 zrm=a;P~_g1UXS!=kSLZw2PpBuTUKiHPvmdQ+}7wlLb*X)s3~*xhIq`0^*Ny{7+f87 zl}X(EXv+mr)zl#R?bUSTPi?NToYJ67qy-MT6IlCA@1gvNN(r;mZB1`gYAxX{E17nW zqHhW(@8NEu*8PB@FM)ruG_u1?tBudHj@N~Mzm3kokdF1k@=wR_$YrUL2^=c{_ft1x zDJ$toTu^}_5%CP3h5a#er(TFUglqE(SrQ*VS~H(9Al;)F^V-8BLGj})vnk5ZK_5+b zd@KqDbajt^k;KN2!i1tE@rauZY(HZ%{IDjIH;`+wn2E3TX9s`km!JOw<0I~g_$6<3 z(|M_n|JC6suCe<;t5Eu0*V+HqOFY^Cgbh(hh;NUuq?GgCGL$iw#ZFt?CH=p`Hzh!A z;}-k-v}1`j3639gvFPKjRT+{D;{K6-tMQ{TnAS731YmAT3u|Z_OKI;j9KUCvJ1(u@YNI~)Je))gl=ALR3aLZ7G-0DsZ>BRGA z1DnO$xNA)h$C2F{LvnV8n&U-bY)t+^_xHi`WER0tRs52@c{p-SV_^H*M=`%4RfNRP zkVSn@{0w!&DS8#;d6JhnLw)e4SQQC}6Pt3~(U9U-2HlP}n}$5Xu@mR-QP$b>iqCHu zigzF9iidwn>}+hXHF#Fy5V-T&$Dc1SURjBEpGba~0N(a1VH@)Rv;K(PP$q99QNE!7 zm`~*K%X_XS>uzS}=hO|hIdT1`X;Xof4ENDZ9g~dbZEB_wd7qIPG%aTg?74S5Kg#tT zR|7v%mL^kHs8Ve(lI2_8kU05~ucU2#s1i|+vMhgp>P-IQ56i#0tMG5U4iDj#cfVOv zJHhSMxp%E_0p)F9ttKC##_nqR+o`NZeQAvK>G!aIVCp9rpzxc97MzLtnYRpewI9`L zCaxbRGn245(wQkk4ej&D)-b2|pLBE_N!#np8$Uv}ZcW`4#{N zP3nI^Mv4BYjY(1phPv3_u21hRL&fZ;WXfD3)ecxv@|xwxkq&1wT7N_TVc(krqnNrA zP6w1kc`b%isi6R|Hdr;de1G%d18(V0|6ulF*Dp~%y1km@^|PnrS`6daKbRkBNKXeP z!SUk_Pgh-%fcO!ImnE395|sXS0j;Y^OT&Ln(hM7eQ@i}-=l}Ti-+uldKmYn4fBX5L zfBm2T_I+2M*8PPMBhepP3ZVI))WV$Rz~iYC6S_3JkDejI6pG}CmQ zJV}pcG8CykejnVL@#y1|l<~{TVz5tU!%HlDh z`r~S%)Zar0k)iVRcjgWJh|^T9CRXr+LGXOZnmbn7)5D#+0w%PrBqrg7JOZmq7huEi z;gNqy#Mc+ARxBfpiZOp!d^`f*%`iKhg|;Cx$L;&2wAQn7Jt@ha2j&-R`MVHs!t8(WfH?XP%F?bv+?yOI zP7LwAbhbJf6$*G@iC-#CpJKLY33w?*ALcp zAPXn>Z+QP7$id)82VZxx`LVqd-aH`p0WzuBe-F7Fr$c7Jnv$5zw(GR(<);F}<6vu;aPb=aZP zp7Glq+c)ltGll$D`!K?y(zUK&zd`>2jFwHgA>IVvJLrE{BxRAl9Nq-sOWP#jN3sq> z22g$_6q6+&=BXn#H4EmBp)z^eMle_dKM`BxBkYJUW_(+o?*WjykjI{PSo;J#K}7&Cqj8C$e`#Q3L1r6ci6-g_C}Q; zuzSZ)iv8rFQ0VRwCnrZG_Sb;LmEH~EO>6zBVm*JAL6Qf@5{Zi;6MKc}Vko@+D$~VK zWc_t;aUwHkmtoXInP+z;i%Q*HO;i2(?vo2dFz*fQyZ#z{vTS66H!>&N% zEwk9!Z-*kMDnLVnwj1)ggmV_cy(+30-&*b)3>-)gLzUWdcPU!uX7n0ezYnM1AgxOm@JNT zztH)2@NUw-$55DkTo{96FI0k`Kk$;b2!<-{&p7!G?g!n7ofU@y_Om^dUI_mscpXE9 z_Y)|GnM=;`;Hcex{x%N#_R*F`qU1#Az8!x`epGF6tF1AC6u%nH#=Hm8S}8nn^M{rB zl8*3A@U)}|oUWSE2O;6;t#jR!E(iyI$bAM*s#4Jr0#-`wFHh3emAIYgXvrdW5O$qR zO)ac7hmpvzrIRDYkFL#PO|4q1R=JXl$z_|Nc>N$D=H;O??3XztWp~djSGr>;&^~{` zIs{(D)>!8k#8w3~D1I!h9UG}+m3DDbF#$>cu>m_xMuEe7wRHtAxB>A{=P z9B_%kbxGsp$Find%;fP!+YDD`1;l^RrLAK>^THL77w#xnguGum%Fa-U{S|jmhO}lD zEkeFBlcP@M`V5uY31m2bg=`DgV40*USJP@wTb5JaIfy!lfu+*$c=MJQ!{g0d#)iVy zmSUp5LE>V_VqR<&FqDCxf%0k_m_q17dhyJYxUDR(by=d3%TONv*Mmgy{ZxJG zhvlE}TPdgP>uTM?CpZ2(IkI9-h^gC^_j8}g0Rcs^JGseM+NtE(?r%Y zBV@>83j+a0OR6ElP~81={tWzi=VMMNL1U=vK8s35RYtTdB^V(sm{zFNTBsdhH;qL} zUH3T>DQ_Y)*d&c>l?8uyYTMVSa8BalO??JjqiIYZ8w@$lacBpdnUPQ!Dyfg^u9=C`)8oIL#>J0@;9r7|ue)q(9y>EtS3;5% z(i>&@Q=@mLvp>q#_#HhjNh*Cco%9sABQY7$6?+=dwMa%`a{qs&?#DYoqp!AsFTuZ* z-MzcHJCF&1KT*LBA|Cpcl0~KKln#$~S5rez#(A4f^=z>5`for=d?Q=*S2%x6yqbpj zS`_3G%=5YJF~L@}E19PuUU!87!tEXje3(9Q{FzW_H!@uIN6Ltmgvgowc!<%7FVv=`6I4DhlmI_NUt>XR zUiL0;`0fjdji0OKI2eE8l9-kalOP#-S!SmDfX_~#>e_$m&9+08V3(^R+dMoh;sn!6 z_gd8Ff`cO0c>yPT6RNFx^m@CjR41%6Y(v94(hd%WWan6=uTZW=Y$&F)LtSMocc5@G zRR2D+H_0d<=$bK*xZVQ8f!_`{Y`7Ku(_!l^b)`Ge%6gNyVy~v`{aoAg_uh0e{u85b zqQMV&`!jzH_O%$%1+Xg#cW$kIome6`5_`mpeQRtk(Rxe6%b6b8zQO!J-bxyEu66 zZQ7lJrEM@P80c5o7qFw%vawr3FZZh{XJ1TD8dF4Sf)9~v8Vt@S&Ggl@t}o#vQ(BGg zQi~~T@TMLYdfJL+rCEK66}(aC%@{}-iSrGRt<%ePht*)Ha~AoQYSU)+T6F8Vta>UE z;wgVe8qPOBvrf0-Jqn*z)I;Y{}JZ{*7K-LI!VOpeeSi0Jtd z!XHxfF7oA}h70(17?931zJ-Bp;QV%NAFOMSok&y|ieryN#pQ91{;fq!Jt!6M5+OIO zN@+mw;c7zJkB^V*f28 zpFRp~?0$p&Zhw9Mt|`_Oa)w&k$FUTcMl6+>a%>V8zl0`&UXzHfMX!9(#&nq$;frFD zNbxJY^6P-_*I~c=7v z8Jicw2{88fbRYb+-5N4U@x#@WyiaWXvNhQ)=EVN$o!t!xO zQ&HGTb%XJoVTxQ^E6mXNz1R7JJF9<15Fd{53=$!Gm)QH`My#+nRhJiO3zDDHi>ewL z-Mg0*4SirMl6|mPhY~mWu*0mC7Pu9Lo_289kn5GBGWLV3AW1Euu{@~)OBGVZD`n#MKdEZf7?h@xtu=@8M0z4+u~8WUY~GO zx6VO8FJ^XB3f%$uL$=NJc%K(7W&+!Ng<(f0+hcJb_kU?IGD?w47!nNC>1riQ+%w1l zV8^~r4Zzxoxpk%l&~Rzd$d-Q=GX20xOZ(NA_M+MDt#kWNj4EcI538>RiIFAfd1$W8?(- z(myq9#3aOPk*SUDw*AT>8*pZYwhy)`;KqE=+5i6gUrVJ(A3Hyl?8$#5g_0pu70B&Q zq^&wmgy`(5L%GaB8DVxT*hh`^=&D+&qEM(^D=Xj4nx0F}Y{;K-W8a@HC*iyaZW94* z`y#nihMxlVMQfCV$BCsJ!o&SO155&=vclhO%Eez{@;0iV!10s8K6$D|a(Qx(@kOQ{ zdznxrbTw)0lgHdIfBt_T*{U=vI3Cb_oBeqdy2$>CuBCqzm3-IO8xj^Lf^xv7Cnbiq zsE3oVDP$KLV7OW@Ll=wklg2(i;^A}yKyV>SE~lmD@>9n?h8Ft?IB>3el2@x;F1Jg8 zRzLhn+NsM=GW(k$<;-FN(vUD8^IB5ReTGumek*bR2)F|$c!huazTsRv%&b1Bn4oV} z&YUMqD;$V*%5lh<-^@>n#1JPxG3;Z@VJAynBzREx$yXoGj=#K8wOVWXl;fvbecDD> zHEar|c4;84mMCH2y#a1=;bgI+B=a(Y?S9qjBAadWa9$VmRIy_qiNF?4k;XKguF_gs zeBh{8{jH#Kq9lJrL?Kjz!1Gq2k1Wv^};g6!SqM$AA+dJGwUpb+O4^Fg6Ghn_jlX(S;yIMj~g&*Rs-V zu#~%j&xhvJovP)eO*_h}H~F_hh&VpAO&=(ASS`Cc4Xczd5q?0vYX)fY_4R%9E1 z4-DnDC-{F?c(P+YASO)dx<|Z6O=Jb8<70}+Po2qs{9*Z5_cicuI~L5tGkEdcZ`RcR zBCFVi=+=PNBpksEb-qu7#P?a3+X*y- zwz3&Yet(0>YWVxqo1&2!0;? z5PhwSnA9O;=^&wqI0g12D>-n5PS_JVWs}EZWvC77i9$DeATf5yVz9WC`*wk74k)ek8329r0%{!U0c`;AsuI76I z)~PD#`<5TEa^-hI7RGD!tXo+rbb)8+3E5|5D11li5hZ@nQ|`wkc;2w5g{jh3KR@#I zDkD&$&g9m>sYZ?fKVtUW5eR{D-|u50^5NSAqRTxh|184CaL1_NLg9ZhIad659N&Mj z;>Z5@juk($c!e%H9~la+zs{0@U!>Zm)o5cJE|vKKP7V<#R?2jUI1yT=L&T5fvKylR zJkc01Q7m_yRDTh})18xl(n$ ztt8x29$%H)m5>&b>c%5@AuF*I7>P1mG;c5 zC^o+83;1sP(>xXR94&yCeszhdhncJgIj>KAJ~5T`BSRhf=d$D>D?Z4IPTy!3|*hji;Oi-A9(!CdD?K-l1@JEK?_eV|2LuDE2m$|$PFO-ZaDOgmr@j^riB@!R6 zri*_8SXc5ja0CHU4PWJw>fL_=AR+RjZO0H5CWqPB7SC@(K2O2D7jc(nW5uj{9*LY2 z#|zmCFqc7$KHR<-^?<9%=jGLu=r5Q~z*OkYrI!Sl>G1gRxg&T$3bwcp`?%GxQmeH@ zMMdpv@kpTjNZi>oEBN|y_+u?*45?V4n&6eWnk@YV6N*a4x>Qa+B%Xh;ldg@8u7>7M zq<52{N%nM5+v)I!Q0n zVoxb!%Hg}HA>=53e>j9|tZc(SAxnGos@SxqZ|u;dC)jpvC#fa}9~r9RzY>*QG_7*- zZdl)Ky+Hh&qzdso$M1jDXL+@@+ujm4fWQySiaW0QLtKir0{ zc-s#-iI_j969pK~E+5`|rIHx{Lp}W0!^V)jO%q33wT62X=!}?Nw!^KQ$)d2n%R>Beb?tA9uDQ>8DamRYN)T)&2o}Ws7_NZ23y2-6!R32qnW^!HF>`|^^@faj3 z#vFD)TEONHqZn0eQR*92YFyUy2%3^TYB_;o)+D(Spg_F@oYgf(KrLg4#!Z zLjP_ERxNgn%z{?f@E~}sj`r{n(9A`L0qENO0unhtGI)O+aQ4BVY=d>TgS#$N7NqpF z`N*#yz%&valyWCLCDrKU*9u_hM)4@oSJ)mtpTvPuMXNtvP5htQvj*lED#f$O6rxVw z*f!E{T`2)?RxJTungPO3_&0UrR^D6(dP~;%0J}qIgiB4XA{QwTmR}a`(PFNT1 zyxAlueuRH0lJ99(WmB(=Y^nY!ANk4qzaG6~sPCVYTkN}UgyQz`gz(7&@W}6)$Qyz!$% zQ}^q!x@tNyeiY}hCsTHT4&p~vg8xzeSr#I6LT~5KlBbE47XQg<5;m7k)~`#?cVMN$ z?@@ob2o45t4)~dq_JeQ7i-67%Y6~^oS3LNQ=Rt;Tv(Ucymrgh_N$s~ zW&M$%hW_~&_6Gi!KA-#u(Q6^&M~J@fnZ$pOK)uq;G8Ee%XBMpGjY}Ez*}mRad18xl zC6bNana=(=$u^0NQebhYO83=5eStRuAG^p&!BDpUqMRG=rx`MjNVxpy*V$WL?u^F% z?$ydQ4mr}7M(cbW2@*L!-t^=q=Z;)pqA|0&#>bAH4s(wK;4;kookWfRKc01V1WF%hv* z8hz*UBW6#oe?U2hN+aY)(4IsXsY+Mci|7i&_5d$Q6D`yleJL?j_P}*6u^zY}GnE*2 z4R~_yF*UX`{vT3q{GL^tfRuX|K8}Cz+}B_RsY^7c+1Nd+-T?$qRl5@k&uLh;Br<-) z>m@gB*H3O)5<5TY^`w1uY=XFrDReLq&M8vrN_Tb+jZW!FJo4vT$CzaZu_jpal|r7DG$ZM$=-k2dxnzuBd`u;35Xq>TfpqJwLKa@lWR^~FQHNUJwq}3 zvrBQYytT@yu?jq&YB~|=o}rBWVYKO|gg8?0A#YI)6upq7X5u|VP5Ke|1ZwW`mPq=^ zP&WRWfr5L6%JbuR94_A|0U87(No@Rx)XAm$sLLWpm`NHt_Y7s`Uvhs(G8CGpS0HA` zxBdtr@$us|c~NJb#*7lZNlGQSXQ(27q6cayEJi`uO=(uL6bIbgW~iwu8F(U-J) zf}^l{WD@Qs0g|;paY{!@b)w0#bb7+5M%df&U9vX}9JyAg3hA)uV`SBrV9Jt!Z0^@oWoxpd0HO2C$QEZw% z9OkLE9Y-N@oDLV4v7Ko|4ZplGhE6+Vs5}0ILPe;Az`TOd_7`2*dlLkFwbaJTk%kINE~Vh!Id ze5zqFzDh#n$r8@lHqm9GttpeZ|JAg!H^9~Um4o$jT$ZisES|N%@pG$D{s&Gij7{!z zfrV=c3eoor<*&Up?L=1rqSJ|&^rp^G>N?(J4;9==U0%TLl(+jPX`S&S46a}%%!UiP zxjc^fW!!%!EIJ)iONZ|nDqa_At!li1T*WuqR|l7d@I=@jNsRpX#<2g-n{d!a89&m2 zP$CQ|DSgp3-=siP`>2XFv>=OH#kT~8Jb4a~m7z#!sEOZe$ zy_vBOOUyqI*dr~Mq`Q})di23ou&ABX4E*rWiN=44D(QN3e3gbSXuszu8hrpXrl(Q34Uqb!lPhkS{#fuDdSof!AzC^UV59#81wmcGw~%a??> z?8t$N#FUxjRm_u;oMKm@M5$?2NL?@dE~L7PiP+Vor5(a|!5r1*WEtxu7X(ZMOwP-k zgm{1EyxV0d)E8}?^+3VoC^Zd}i|?8hnuM%&5)MC-6U8P&!d^CL1ftt#Na9Pj=NQUO z(NBNbR$<#AQSoFnBW3jzEw43+geQf04icW; z6=wt@gDzJT0)~3f&zuW}8qo3dTJ22|0-j{z?D=cGYO`qi6);0g`iH;Z-+>#uE3Y2k zPon3^K4KNd?#cNt;SvWxZ#iGUw{II|@zihV6BtQjez!~yCmV<;Eh1ghR50WN<6 z7fek7WGJ@mI6W$Q2<7a{RCx=A>dG#6v(e7)fiA7S+nQE?MPEQ8T3K)C^dg4J%7`j* z_1Gbmgu#fx>Lq+6gL*YpyUT8cpR49H8RQxEzp?|3;jKv(4&P&)O z+wcr!g$GX{!1+S52!=YqzPi%6+be%%w?eK=PqG1q3csHJ#HNP21{%KYCUvADUP9H8 z*3l!CAX>ms=~oszZLx8q|5t2~#bM61BAuBG^?V(R9VLkc>rtQGmhP)m1KJ|BM@QN&80 zY^93Uz#R^r;aCCaBC1}1MO16~JNe5Qat2&fA&umcRxY2erW!jQDj0V!Odg}^@C`~@1CWrQaG%AN|#RMHZAlCh8`BTb?8oXR+B7 z=2yd~e7&w$i;2P^!B4b&|8L75mVb&@Z{E8r)c7!zcXdfmp1LRGF@0hv$vSN9F6wS; z+1Rb2?5Ix+gg;-;mU(a5DeKuvPGNdKl#K^`t*MrfMm!sW*{e9 z{Rx;7!0f-$>y@Ej;#nc;PYe}Jk9uSWxj|QGht?x}r~4Unk^U!!3a8IbhWo@&p45fT z93Da1Jek{?l=~p&ywHIfJne9of zC_Y_Htn`GP*-1Ow;2VEaj8@C!I_h>hr5#k_@tQl%JKZ-yGMThaIjWmpOei@DlOhP$ zz1Wlci(DQYg+wo(lxuN~RcSWwTpe-O8r%%u!OaEVv3#H1yw8@m+2dB{Td}Kr%P+7U z`?3&P}!Q7SD z-%j9@XG}al#&irZY+@EQ5n#i9CQ^O`DjBgH-~yL=oN%A(FE zd;n;(NVKxxlnZ0<)PXHGx*Xm}js-tAP#6n*!45sG!ci5EIrt0DnD=Y3vt#P%<_P{? z+lR+uhu&m(N`hd`v)V2zq}_&f{Ctaup{VNo7F~bI`~le*ZdRgiJkJUjp8=OGeF|{F zOlZNz&7AtlxIIO49;;w;6%74XFeX@vvz}Sx$T|e_>zu%@Yu{+_3+eq}sM{LgH@b1X z@NDe=wbm_qv%=-4;QuCf@`vT0y0sO{_cxyeCXuEt2eu4t9FJA6%OdMqz1gVt8RU$i zJnVn*oR3uO?1WP|8Op{U;hYq=jaR27Z)euIPs;ca<&!G-g@ylNi@@8*Z^E`f8|>dK zaz_esFBZC%bY>Srwc4ZM3)B;K#;Pf?e(TI|gu+h7#(vM=Zm3`1?(vx5LDW^;A~ z+{U<<6`AhLQ1kXI;z2l+L=7i^A084uTRMMu41XtEjheVA=vT7K$*e(!YPsj<-m?N1 zu5(lSl9Pfh2^?|93aC&}Gl(;JPxGlYK%#yF+%MX7-befljBkL?#T6|Z>}w*+CvRu? zx%q==B<*jxntbjv7WDuRwmg6A z*i3gNE}hO%#k_zovp;nv|M7?AU)|^6U;jyXFpLvChWEVt&6?UR_oMMybePJ~Dht~_ zDuF3fL=V9%wj==(vb<`-`gZ-C?hqrpgw|0jjur8zhl>I4&1 zr}BxXrf*K24kX?;K<%(Ot?TV*Cxw3r0sS)&UyIhANgHs*WonWdkWJA{Zt)V{(8`UI zVtWw)aaJ_JUdjr%jCbPkp zci0c&RG95D)C^^fPfU5PY8#r$<$c@Y=JuOeJvrr-b*bF+NzYIY`TV@UC^vtKp=|Pb zq!_q+8QM3%;3R6C$-J99dLmDCT-hcm|af9EM~;HY7sT$ ztOgwqy64I#RtnGuXsleTi6(#GIB6s(P8{k0)Yd$T;SHf?5e%oawZ}>h`f#?!O!8DT zoG4L11OEUJeB_%Zi{U~@ardc(Bs6|x$CY*qSs1VKux@3gT*|DQICZcuX6T*l4BE3| zgB-9(9{r>i=?LvKU|h`Zdr0K`sE*VzAJ*NZwbbJw=zUe9Qr3UUjfy!ZvKV@J z;@%7QGS<7V)K>1aY2oUomn~|5l3igwT}_law0y*2_}SgCzql#4+0Xwj{(Dj*l}}fb zpoV3-#blr!PVfD}oOU0wwX~gcpN|zc!4K!BccLFYoc{tYyXqb1kS`Rj^pzA%cK3ey z(dD)iW5J2-oL$#=sCIuQ8(}X(qHU6b`e%-!)(Idt*k?D~0B!s8Q;lp#x+@h5x)X z=#o+3&3)!4irb2Ohl>`rqJ^%z))c*O4hTDzd!0mlEna_wCFOIx07BseBj5iG=GaLG zgd{H9s<%C`0^xj0fI>Q)^xgfIxX=pg>QEp8Nv^JY3|$o3N+(%}MR`DW$u-PSZ5+$W z`zHL8+LGWiL$UF&K>a_LY%Ht<#+%-afBcvH?Qep%gj)zzB)w#m?4;L&QYAe-{9HWq zr8Yz|lW%_>hOFl7q_qYs&fqvNgv|4}0k&ilozD#A!sAS3>%J}|el^w~xzz}iwB7qq z=RC4W!sJIw3bj^s0ml-a%r1_L^J{8Xtdd~fUQJV+@|ZjB7(13YkGXTHqG?zfEP7XM z1&=mjNH7*?M%H^VoZdLu-Y{I=eZF&Tz=^@&O;UdjTyBGb_?y(_s#Wqq6e={OrjRm} zAVK#S{hN1^VUE|_J-;S5$+SMq8 z5kpxwx3_p$5@T{L4)lbX60D-y0CcxemDR-I??ZSYh=QvfzQLy0P7HO= zUoU^~bu|_AXRh*r0UoGtuU#*5=d5gCAItrZ7}GCAG{Jm=#l1`VCWeL|tMa4rRM((R zZid&b_ljWMD~XjKwK|&>=fd=1C=OENhLMr073w4V-#~)r9TY3H+|J(3Kd8Of$-e9|*m8eVE6eOML*{DQ>E962wb;@m{t-^XPCsq^HZt~ z+)=sN0NK$ybt2eU0Cis@Nyo?qiH#vMAs8t@vz=X_A%<_nJ{uT3M&MuK1()gE^)-L2 zg|wh6LxJQkKR7l@fIyi*Qg<>>)dCCV&%br-hq7u)>Ck? z>)PFs`m6G&QGZ94BD^Unn95L#JSCZOQf5+?71k9^JqFLrtGt?4`EwRKrk-i^iNFp# z=Gjf$*$2xXwL{K)rU5f-i<`aM$;p3Fx)v3qybwC(e2-)1{SaZz1YhDjUCJL`!Pjte z_wgRf>4*W~N7|meWrFkDL!B12cSE_4uZl7}tabj|GzF1^2I2v%# z>LRiEDIfGC-zWpVYI+v|gjuZnQnq5PRDlUBq}TjvI_PZk zUazK@ew-p|oS$4*7(7|QPOt0iAAkAz&wu~RyNZ%Q`pi(d{5+$XY{s6>c73}tKP>;$ z?7JMAuWZ*B+F*ZXe&~>)-QMnU8P>4%jb&vk7cnOj_8H2aCmTQ{HhxYu zva&JU?j$sR9PK=`n5?kYCEy^>ScclY-XX3t*w(E0L({>5WUz!qVew#gDAFXNjO?(+O z>qGI1>3t?_xJ+W^M_1;U*QPAZqiVfLklU?n>4nOVnan|*syGUFWK;lIOk3ihQWXYD ze4M%ydD+_(n$1x+`{I9rXq8W}i}`0x0T9zfc0d;BOc9Rq*_Vz1g^{CJHiJNl zakBXkq-9TWl*E1x4DM_y5e7s4RAZ+tUt|K0(G{o5Bw;0vlGK0C2g8rdv|~B;^f3l5 z@DIkKfupur^|VhGg`1T)_3fPvRFY>mpR)-&TR_>;i4b|TD z^VKx7F_`}d)~J7Zw2`wGx^?+_`*CoEEZll=h03n~w{B%ln#8SRUMYm z*>~HHY&7usYO>l#!R@usw&wu{wue+Ofg~`8= zi1|^Zrxmq_&WV#==oibXFjUj_fq3cGdlu@y5^H>~riFif-8tmPz`h4+epKza=;{cS z%Rov{fxLOoQ7YRVJUN`R%AGr{0(_Z&9ujDghv9YHjA_0NC^=CwRg2!HVAUHqTPO5$ z0e{A7iv=MG6U&LHJs)xu6Nw=%{KQ4Wz|Xmqu)a6Si0Ck<-A90u4UcmF{nO9?6hHs( zU$U-M%9DSmT6I{3O=q_P7KRMzfFGkYJmxQdagX9G`6~;Y!lSFMS2ATe0(O2p>HA^l z$EqIHY6fQwgYYQJGL!4VW{+}>nVhgG6$W=DY%RGT>>nC0KR)HqAee(P?uFbLjb)eB z%4e}2c!gYM^EebVbbh4jEOgYw!-^#f_U_d76;6L$Vwim#0VkbjTD{Tqj?GYh`|J=P zy~Ng8TO~_h+O|T|f2&*{Xt0`LEXut=PUg`&<&-);aecz+0pUc^hyk&xgw0TFj45V= zG72Zra5>Slgj)b$&aoyybV?K{Yg)DQ`hqkxew6D3wBt*me#Em5 z8YMq+m4IC8eo_DUpOYt6kQ2T`Yk{^*uT)ZDa_GnxX3W3FNT^D1|2T^d;jz)jeuVD4Y>&ctfn_yoj#=}1J3F!FIt`m~-^Ggw`71LHXB-DSa zX^vkjLjxf5qgdZQ&<(Kpajoa)XaF33^y$0IB0u`{U10O$POqA#!BAEFTNgC~Xnv&X z#Z`@fiXSz)N?9X}1Vb8i@kqR^uJPtQL!t85E^Gvl{3zA;tZaktC&4B)YMGE zeiw!18ET@RPnp}m|5Dpg+`MNfd_K-?NNkF&Cqjs0f;!}wOhqCmxnk}lku6H#s!I3O zA{xb)ZL16g)4yrLBtud3@0BolHKlVt36l)9&aay=$xz_@TP930lsSLxgh_vflI7nf zo$zW3=C5>e9p3KB2}Zl!4Bt6B#)Y)5UlBbh{K(vsvp;Ek(veM!^)+h@uOfbxpA>;*l^p@;Q0W*KtR8duqUmpV|&Ey zPObXA$6>%`O`$=-B3@gWVh>!zHmOU0ogXQC$$AKP1MKG*w-arTfl8G?P8bTIzrr}I zOg9Z`;BX`i1wWqllA(y!Oz_>fF;IgKCt*1Fak`fbhb)Ro`?{2JUWOvb_${^mC9Sz)<4-B_n_bre5#ePSMv7wRx<6#n-Q* zG>P^5429uex=T#@k4Fz5(rGJqBjvK#nw-8}7^=&^XtB6nk;ae5@Z~T{7=I(X9>Q?& z*VL z8k$_gDYTtR2*NRxoyY;W1UG6kIV>p+5{n{ge=53a;fX?8weFNh&=8 za(>KhL_Wcq%aqR8fQKLJx^4u4q2ByBAcreB_Reh;=8n?)5<@ZhldJbpmqm^^eW;Aa z#g7cV=&od_{!TAKcrRRWCkYLZAH&IuI_orMo#;(svH?SB_Y+-%MwzjHY*U(*EX4s) zw^^k<0mxg8C90)}z4WkqZBnfPLwR`ANguq`@^ksr& zz)%D}t-AM8UCpbhvp)e8YkP$(u=}{nsFIb!GcSu3b=FO?vgKFT;!tcb=d#9)+pD$X zPJu7b;Q0|3L}ua8#>BG6T2v`{6&w}U0mi23efd=Sxyn#Q-A#ypbCB82G@^!|-WZdR z4#H4FeY{aJpPD-MRSv1D80Q%eS{frm0ugwS-P=x8B5|(xIZmE~u+#NnqA@gxX;eN$kl1~58NHJP$A@Z<=%!#z}1s4g#rs`GZ=q%AdmM8W06hWT*r zGZ&bdUq<#|1prSj6S`q28h(KikI%EBLGtAhm+BYZFqHmAED?v41qp$nbT>i>!Z^Xc z!wmF9v9242(%a*l1V3cElBCD(hM}nTQye1sreUb0jkwT%?NAyy-u+`dL0Gt!OVX8e z!%#x|U_V&Y2BWL+%YztzQzF*&=uIh2LIK+iLk;aiq%rD@d23~Cxs$Me@S_`t$VM^N z-+;H{>^U!PWbq*Y;=38T{RUPwRwzokamfusZS6z&cvPPdCVeJezI4RpJq)BIM#0h- zGEZ`HifDy@MC7JbAvLY=TaoH6=VVtC({>Qw1^X1W;7*jROafbAFksLf?ANYuGUqle zOQF7K>ud=cCr_T^D$SR!{AS6I^;fix8_~*oL#J`vFcfS?SdqA<$}Qh8lv|Fwe(Wyd@@x`RlW!QR zCO;nwPeSohTY{nF@vFe%M;;EHE=6Im1*YkLyoyV@Rm)JUcyN%pR^l`Qo_r#BqAO*$ zLat0t^8$ui!=4I-{$J>R)thZ+C%Inn5|-Pxjwz{xO1&F~a>TOOX$v63zha}D{&(9c z+R4XImDo|*QJ_!2){vI7#!z6`-A7D@@+#n@ua}B>fwP+P+V>En2CfHTgsQ7cC1@xiCken$qm?rz9*zeq_R%zm*gH z*Y(akBupMp+TfNU&I^|ONZl@m3q_kyX??>`U>9Mn|w^HyA@dJ z)&^5Ze|2Axg>v69!X^CSs3i|rUNDH%Ss(&ZrOAFG9f_h|Y4-+*v_Bj1#iABK{)!w&C4)3%n4-5T1iVyIy27;R&^F@!;*;L0091jE&TXwoPc z@`hv^H`%GeP#gAJpk&B6W+*2+{t29}3+dN{CCkuP@ys|jLt)nF$gG@pkir;;lihKZ zYG_Wvce?wcSYNSmt+g-f47E*a{QIux$qpQrklxj`5Tkv?ZyuEjc5rP;i5<+xpIa7%m# zHyC`!@_lymK3m>qk6WE@#jf&=F~FGY%R*?8Z;ioH3tyOw^OkT2@uVJqzxM{V5n&&C z>*OZj3m0)q46mWrH*t4ls2-|zDCD5ErMN{wiEs&PYQA|lnIRq zGX7vLRN;b=h0`QX0K|}kJlmzsP!sgX_9`?m4$;APB}@)a%7Ck_FS}L>2Zn~hlQWzn z@LoR5@8mQ#p7i0YapEn1ei{}(FNU*=cT$(q#}dR>Q)5#MzwN<76i2Tnrwd@dI3+by1PG^B7T5;~m!SqI0ki}Lg%yrCt68CZ;R3vr`J1&(u2T{0TF``jHTIH&S0k=Ns@cRL~bdL4m}wB=+Z$kdpcb=o_!Z5>n=Hp?!G*q>!;4-Kb~1k@Y1{Atf?2L|Bg6#Kdz~?G>9cfS>HE1 zmi!1Qu`318aU-G;a$=j)_#J$a4iU-eV=+rt_Ek}vRyNy(3tP6TK+j}N1}>MZM1#L8 zaDKFZlj3BR%&j8jo|adW4SwQoZ3f}s3@D>QHsJon7ouQN>b=TPF8Dc?AqHHWOrCDw zlZ9(roPwSoL;RlT`LV$7iJl)nbaycZeX&LJm~`xXU8>Sn`S!&Jo{vSVFhhOEY!^kASm6#vZYSxTnty?fB$}*Gd!n*%lFj@R~)OmOt_}>N4_>rVngT{~w z5kassu_GEPKZ5iW)h*Oo_GKqb->pnv7pWNv3>BQe*^FL`9vyWV{>vDv|HZ}XAN7OI ze*WA45&sdCkr%mX8xj#ispsd=qG?ip!eFY>;Q3LP^WMY6zEw+x%FyRQIl11$m_~Fm z+Mj&vW>;L_OBy6U>hs*? zOJn87g}&qF%a0w+Cfd*K8qBUn(z-iKhQid-cuh#^n1|PVCP!j7nI%KH>M6p1$z!qA zn{Bxdep*^LW64mo`uwJ&TA!errggvMC}Ta%%p13u!4erm4D(@_M38CNZ;1wtdGSHr z-zLiYFBxiF&tPuNqi~6cG0$$2OqQDF&rkt-hS3*I;^d*{9ou|6(TW&P^PN3s^BsJ% zAy&R{HFx;gac7>LsnN4fkJMX#B2Q1JsM1*Zk*9OVQJ{&FD^_)A%sEr0CmTF2uO`y{ ztUCZt-?<9I(H*b|r553zaZ^ax@%Ry~myHFDm>=;ve^;;8q}=9`p=S51Zs_y?@Z)4> zskGaroicymBDC_CtL?eQKp_up(fJzQM zG1Ll=Aciz@*Vk~L9!_JZ41RRwI_WVj?nwcvR@JAYriZR6);9>UF<906!qoP>F z@S5}DNFkOVhc@M!ZhEm~C|5+^VGqiKo0?9f`SR-1(x`f2~)|JlZ?k%q2;DFw$ph6Abxb@ zQ2~ZwfvO?~Or2j!g{p!JmL6Z?5nTqyQqGNeRIS~r6nvamh=Pq`_1dC43{}UE%r~zU zGFF|SM?DB6gm6E94U->hnHJX!PgGqr2C!Z*f&7RICCL!?oCx-Uf{pL4H-2KS0`o%I zBm73sH80#a8483`QFd7r15r5=gTfbOGTCOR4Su+0;~MScW?Y_&AstLiU#Ic%V>T}; zR-ej*PwwiC6F^QfNf@eqAFhBASBNz@n;&lmp*xYJ`MYF)DE}Q{JxUbjZvE-HE&-KO zPfg#6IZ>lmlU1T&^W{qzmW^hnkhRaFt`l}+e%$CeyVEoxeW*IRIQ8P`Mg_D7jG>VC zbP4#=I+cmsvQp_jMiYYo>(*4R*4)>brwXRtveN55hBs3V9E1XCRD224VR8tDJG2$6 zR@V8}b%pSMk7ijhuu#D$FHlcl@>zNq`0=XQ5^308du5 z*YB30hWArT`4JnOXl!(%#*+hkB%%z4m-m4!N&=xMdY8_DFSyE?1X_H{Q1E+$jIhR( zwUAhpoGf+AP`UdhX!y~jm!RQCVqSoTm9BO)7_$|BZ1CGk0&VpGtK7mSVJ#S3qfN4q zl~@XFglXz>kNOxbz%G(qo3{+5vR^Wj{Fu#oG*Mu8C368^Txo0ZPdQ<0_exsc$}K}l z>z7O+C&r@dqPLyv9|JGLU4~99_}=C1qui-wurw`#Q(z5t*uug&_`n>L)9Ya_T|YSZ z^E7dPW2ifQN%y}2`pnx$qvph5hRL7KZV==i<)QGw7iw^|rlbC=7i9Wbk4+=dBNU<6k7fG1P`W z1r9giR(0@aaKmzm3p?e-zP-e#xcOoEr|@upxj^UqJetU}1=Ueg){8_+{^#cJb0KT{>HICJyZwmAqPTn~0=}eCnKT>wR(fR{DT%1_n z=}_0f^QmM)`aSgKSY6DN!Rkww<&{lv`>u-c$nU9681C0Q772DUL#gRwyE#hX zXPX`amb0^)M94~b`dc4DlYI%ZOlBh`idL^_TFX#Ldfpge_AGr*VyP;fKlDxbN8}3C zL@xluk6k@2Ed40g7=(t^TNqfJ^W+16m;W}Vh7Z~-uDy-iDX}+w3%p}(lgjgM-;^#j zJvvs^zAh2RWB76yC9uNMb)OwLLF>>tN`w<%7(hiu|}3g$d9TFcb|8+WHbhTyyW#_*sMgI zr@06xs_a8bU}TnHRV(-@3!Fzd^7U6$glj055Q?~6VQFq!_q!66oo-p_H=kq!0Jye| z#Ps)lA|_4@XMQJUYYbMn!pG8PIiNKaY_X-uA6Di|x<8bmJoDN3%|3i|mj!*7Gn90edhBh7e^u%+oM-p8QN~0 ztEn`@y|~5uwTF{-e=w`vhYY*%z{1TRMj4SnN&Ey4MR?Qn5V#x;W8jzt)@@}gxbd^Q z_sfr;km^%|!H|X>FYS<8FydZdslp)IO{3(*$I?;KxHwU&*Ti*yEm}p~qOxhMFtLUL z4(Cngju6;Ng&Lbyx&ung?%kn(`9zaNHrn5;x1ZnNf52^t8kTEOv9sH5KsUjzWlrPZ zN4TC?w$6=I2;5z}gyu}Q47H+Tdaip1dIW(PR*hHJh+T|Uefc0dbnvR3EPGel4ln52#T&^hAlh+%rd07C`p^EWcODqyY_fgYD=8@MEbezR@pHW9ZBm8og4x^h*U z({)P&eM@X90$pM1bPBh)nk4m6o9o%uGM41h2$-^?Qw9uw8t;|<>P(d>TGARL05G6XIK@c*f5RxG+ktV8 zz2kV>SJ*OtOFKndm*Zh-`VMEPjeUMjSG`5J7Tsl?u6qnv9(BN@A@k!$^OW~w{?1S( zJFHRv&tV`O=-M6-~v`z<&Tqg;^LA-2^l%>%AC`ahz^%C@$|l-`(T%QKP|| zt{gbx27~c8smoQX-~r1B8h*cNtSg4IBS=4Yu+i_(2AR~16{RXBTLf;TyH`;blbrC0=m3(OqA|YDkO9 z-Z7N5e!cXFJBBjXY12$2=*%r5ax1ZC)bS+Xw`6YBr6CVf7dnUrF2_D9IUX?$?g7@L(?&Cc= zyr~i3N8g^jYhvBM!#XX7@uq}hJD9QJ)0okquT79b%(6&la5yf1lNG+> zD7^gy(t*T>rJ?E#U{|;heroj2bZ~^UX4A^5a!y)_ZrhDdV)ELKDsf!i1m7FRrN!M) z$ts2HT}^lU*w4O|UpiyT2R+G4%7D6>-o*!D9_zl8tyn8nV44f*PQSaFOg7sz*}JPr zVIL=y8s|XQl`Cb`nk^)?nAq z$A6Jk^RG{BTDI#8Z7`c3STR<%Yq!I@bO+afa;QjKxsW=UtUaIv8=F{CEbnx@cXrY}3VR7?0Xaq~#s{29`dMo*M351tCuwpiH%)?(?pdt>7d zoe*7TC|Z306a`>Zp}PTplQ$3Whb*u@!3F(P>4yQE9jGpL6`VK*Ox1nf>@jcl|F-w0J(A;pSeEEtalnv`c|b7~ zzPtAzUm!9fv%4@|)%hy3s~htrL6c}^D%X~xWage9=C{9lxk!|3A?2HHGzQ2Fx83ZJ z6nXA;u6f0$ri{P;?&2r)KKwg)Jv^YiU(3_4K@&8I>o#A)9r(Zxm}rZC95T+o)KLZ5GW5^!H{qAal^5P-T zj191^%QhhSji9dh2qcD$MB&%_ydtF_9zI`H4ZjCAM9YQsg{t#t{FuoT!h@KNlDe|# zO#f^@RPrQo1C)sIEl;z+;`b|3isQ7;FJtqwLT8HDHi5i<3Lb0nOtcnF{bbBtKO9PY zGyKZO%3!fo_uFN_o=%D2g`kv5Vw0^h@t7{*MtHlsD}sXNK~$=3N*VLaAG{{0Rvvgj z>x4yY*s_8LC5n)*!*r{!D5{VTLATYq=7~_rDQY4Ydyn{0ew*Cu01sI(AkK}F`GwOZ z%T$k1{S?oCm?5K`$K5|L1PPkAM%0KrIPH5ZV3W_Z7>#CNQadTxa<{?C*om30Rj$5l zw&%(V-E93Sr=--%Pk=kHiG|mUQIswp!gIO?51;X4qr|9alksg@H!W<3g=nzgT4~R% zb;h!Pm?=>@+QV#zxBE`z)Cmr&kP>XCJ<`VMVuVp!TvW$LmlB($J-R5?h{jOWF2T0# zc8x$6Geuqc5x3N>iB!#s&L)|7^bi!9KPs*vV^Q!rEpbIv7%XV;*X)J1&Ew1&8#E_$ zP4>cc=o@vy@{bciHa)}*mLeXPC~OEcKFp?G|LU;)P${wKBi3D$qT$2J9ha3_%%**& z9~>p_dh96Lz;2@xaAde)H=Ahv3s%49Czh@}AX}xi*zwHI+-B<+5ST(;i5Wb+5JG z`K=wKen=FlX+Kf6f6gl{P(%d9G&X`~*gAD1V!xAyRCj>`=rn!N$qarl1lgy%%Q!xQ zzCJOp+Q!D5Tv~dqG|kY!~1TO;eXGEOEIh%Z3emI|N+Y z1nJO#&%)7SuH^{#t1V70AoByG&4apYSG7)>kP&xHf3U%T3(TbJpsr8Bn=WT`5<=RX zs7J_Ff-Bef!ZZZ4ajy`k_cf_b0w*UDAGQ;zRI9Cp()9%Mf~DA5;0@-KV&8zH*4Hvs zI@@v~3iur`olPbg>`O8XDs6J)fvP^tkC8Sh8VBTT?wDG$n5yCjNSoR?tgp;-6ocp< zFfD~pfAa_J(}208$8-+#eH}dH&ac~=-j9_Y`AL#es>~a$FFC#+?1897s zOp-3U*^C63Fu`UCK}r9^4V&TXmGe2Eto53r6u%p_lx5bc^$M0I2a}`*ODn^kdSVOU zG2PV)(|Dm$)Z#y6p;Xvbh{4rbw_u3n0l;XJf1nOnZ!7yxkJ(i8C&hg-Q3r7G*+lb? zV_D;*6sl>oRy2r$&x6_Y?oYMA2Kwb>s4deBYx=$NwbukS?~h@@p2_uAe|i8g0-YQ` zD?IAoFQ0#9pa1?#)YL-gz68Ai=*L2kfW%7XBuQ)4N$W`$+tlTwy47VUsz(;6WV`n$ ze?#;ETL(SP@qXCpQIlgSs1aW!GTQMKa|)b|erT}4L{Q9Lp+PXCPO=NWEmLgzm@jqH zjHc%J3#?p$N;dC@!VjGugEh% zK@I$)Ltuk^CP@h{YIp(LZP4!62so)!e;ysfRAr4`k@UjeQFYS(0inm5jt+A1ux3BS(dG8Y+Dq<1j76X>G^?9PNEIt zq9b}r9pN=8rTu}N$|z&ByJf_aI%Bk4g=Gv~lM>*6W2lrEmkae+dUFSPUz~G+f1f3d zHq?Ihw{G^w(#9NB(Ylo;5lRsP%*@M}`) z{HG9NuQ}cG#BDX|uJAZZ7jnZ<7uvqqG!^k*Ie-7jqG~av1QhxoVkDj)0eHT5pJ;5aUD<%eN9oL-i<&RpN|~C z9~SC5&rDLyz9uMQe{8Wk7`?Cv%GMuPyR5~)zbe;Jk$)|KWS6iXBqheQe-F}0ObwMo zy(Xwv??Tco;he;C_##om3&4^!uhY6%f$G241V!r);FY3jt8gLbYf`fH`>28gjie;u z17tER72ngx@FS(fe9Vk#Fp#$i3#&EwTL5+B;kD7Bh#Bt`dG6V9nIO7rvSH}9w zy<@O{ZMm9meGycVAI-Ejf4aJ~IL8>(o30-sJx*gGVk>vJPT@%an2E+TcMsl?2&%<< zposzlHGW_Oxy(^ueMM3D#1SMm0r)~^k06a1ZYo(BKXiR>?cVCgMUco0W-ZP0wo#E# zyG@3#NJ`}9y1JpsE2jTZ^5ESDc zZoi73+9hDJs@3FKe+BaeZ?PA-r42kZ34@?e_mPEfp}~AgV`&}?WUH2;T7I(J$|N-SS(LZVm$ zBvBjDou_44K13#iqHLvGdX8l}ct*1l<0nddc-T@gPAfG?e;7)!>crUAz#r?SDE56! zZqc|7Oj`_=786$JAF-1cX|r=hoamS3=p@N z@IO-NDw2sxe_f;`r%x<#Oy@9p>Rk{3FKayQz{;#8v#UatjAJE$W@~-;CotMdP_Fuz zf!4{7#Pw4ZHrxNS`8a+vRS8XuBZvNRqQnD( zj9SyCc;BG)W2Hm@J-%_>h#|n3BdD%@1k`>OGs1TNX}jp9zl9`6y88yT{XZ7?6G@I zP@MZXZA_IpTxGolf!X6yR9tn9v6|B#gNqaQatqQ%qh5=9yNf~Q@PNW_yZQmX`w z!@O$T5W=S_-IfiQP&Mvvd5(UTj2G)xrDkk+gDMkn{Wl?7-VH?s@%?epiQUnG^3#1@ z>W4fR5pym94i_^2M}*V0hUwKEvljY~R>81O0aQ%P;DOUgkA=B^(G@QoIi*9r$o2#SdxtBV?| z++&TyxK{Vs1onoY`1nf(LJIT?u|X5dSXD{tO=9q7=2Wr!2Z|o)d&xk(jd;NgK?!t% zqcod#`m;!-JVq*NzmzgB<<}pANhLus^;ltG$uipWaV%u!4?y1#R82pHsTN9Hj+JeL zVM#wcdS19w@H%6DSEtIT4RU1M5L8Wn`NE_}<$6p?dIUC8Je)JJ6a3_%WA}cL*DQ=Cn*;mJBfKF`6RPe?w64d~n@atMDZlDJq@2xse!Z z6OlR$V2|POHAAhVNIeRBkIJ+1?>z(s(6tZ&PfDE~(Px8VD!@~ean&D1Swc21l*3bc zP?#ANyDx=IIYFND8bgr5>Dp}Ig7EKM1ZCErI|SOqG1A|x4@h@OHXIdyckrh!%-hiD z$>D({(6japskrNhA}u)01c&j&8ZRX=1mCzYr+QHu`AX|vyp`mjR|>OHw1O)pSzKDD?w-8E~;86 zF#`!!ht0!v-^>_$CYvItRlm0;jJ`o1iw@oB2rAPLtjSueU|wMhXG2v+JN*$)5-czU ziy|?j;Kxjl7EbBA;>Smi((U1^OVk1$R{8sZ(c@v0n#SxkmVh;Xi;cyV`?9kGRg3Pz zUxIc+O1yqQ;5P{1nb?OKBlS{0I(igLpS8A09L`*%vKed9;G7{e+@!XH!Vz}<-NhGk z^FsAZa$b&=cIqv7OyRNT9Trj&^?F#8%e_wH2MMQni(%UCh9PF-mEZg18?3u5!rWk_ zWbBWb7$*H|jR~E99W6C}3&q&{FzJ!B-d7p5Rf4qB;orergOobG24*|P?yxPVsK@tR z>5_1m1Syr;xW>Adku!-(#Ld3I_JvZMZ@pY{#~K{fh;{W>H*4r)I#dThs`0fy!ncAtX@6w(IshM)-j z{%O%wHXI;veuVT$&a-2+eYmdkD1#BBN;XnmP1|3@=y4m;-K0)e{=JN%puJ9C(}||T zd*LjQl)(LeNeQby2Q?Zb6$O^45Y)HVFf5u_MY$%-96dthx>fe-4Z<~GZwM;X@9FhV zDRsUfs7IfbJYh?o;Raa`?}bkkK{5K#MCm@1Na-d-8wg6#pKPI;VZYSIstxNiZmcXc zrM2n}L9P1dvV+c>0Kd)6?9m3=V($?w1nLE~2BA5B4B=%+FaiiaK|Ore|8M&Zcl}wn z7k)_eDA4O{VgxDBfvFm@*0g{tKsI%&XwpKee2SHB3g0dZ;b*i2wegQfsn+n{gc+qr zjb07fT-4|Vbz%EuVV@^dgw3Xn?;!3&M?m?cbC;oHh!+Au8GI)g)@cJ9?PDvFEMxdN zey%Won}|J_h#O3iX~DRE8i8!CqZMqAO^xCnD$7Qj%tk~r7Y%m>UXpaB@;4ghOf9kt zS#cD>QIh^(sIe-#yt%!-4@6LJPdH#oqf27}0USnjTr z(ynh<=Hf-W-R?t=L5&9NRBQN@i}UE?75t5Vc+=pxm}4{%87vT>ooKr9HEd`=u@4mZ zx^}LX33Ds4<%^zGsn`Y&{f~YVX)2kaKY4k zT}#%9zTxt?xcYc`i%xLgfY9S&&Q6I+@=aN0GD?d?JhC`tapK2Bk7zlVhJ_3!>M>n^ z0cJKS{Ntyz?vm(FWFRGPujfZ>@hk#d@(sET-H;NuHwW`m!7EJfhhO^Cq_ONCu|Z>- zN%;xOYQ$qR&^jK!8y+(+>u-67g_HpP-a6=~`;cg~4oUtm@x=bl+bjSpJrCD`CD0L5 z^Hj&k+_u>})aSxHP1J8;g%JK7nUpAhzWhDwK7eOkVYmaoE_b>DzPtE8p{@8myi;8s zuoU3`^BbiC{&trKJ&)F;C1bCaZ6TV&!tEJ+?M!JkqN3!}zh% zWN~c8b*8$hvymcOu}ul&Eg5LN)h(Q!xykr--{=QU&zW{&lCA!o?N`=MwrY-lqmYZo zRhn7Ci>*dPn4|$g{dIY!35SDh?m7FV_D0T&VjPo&7E0X4 zU{Q0l0}M)grxWyL`}VLO9wlBg-axF2OSxj7f$nxT1^U2K!M(HR(DS2zqr_y!bLSY7 z!FVXq5zmolQnQ>?$=BwW(WWUiU+# z&k;X7$}FaX=laPc(=Q9oPq`(f4)4Xd=LnksloHE1u;+HuX!2og$>2y?-XpeCvb^h_lX4%@sXYMo1`UwaR+!7Q)KTg5jEzysR z5^FhtOm~kw7!~(pqr_GYVAHzGaV-?d=9#Ka=v-=lIx`GA2TIpWNHpE^8*tml94-aqH5PIDN**SRaQt8XBt4=Yi6SSnCLMl_rgWXuc(=VZMh9uEJWH z%MN}|nn!+El*rK$SbeBQiUuXTWYm!dCyaxy4VXtt#L08@jaI538zpXZ92;2hGCJh( z379>4WazaKQesNS5t_qZE1Mv-h|1lNP%rXoXmR<7;2Fg-YI*e(pg^P~4rev}{-c zA7TEo4QENc*z39L2S|xry$L`{-0Hu<9!81Cz2Y85kGBQaS^L3JB5dyiinwMR;|G> zYA=d^#QIP4j|U}Iwl^L|{n`Pu)FYL_3L$f_233TLYIjqFovU7fz~Pw zD>IJCkLu@y@YmTy%hj?S;Z$0hCIXG|guO+rtd9fkD96ddF8rR<*%ZxZ1w9uNniVu9 z$~3x+$IZUG`h9c#9zdVeX+W*bY#QjZf~Lo@FkApk%KkNBgJ&2q1ohDmW9weYQaGYg zj&&3(fQu99M@f%W9Y(1&(M`|1BmfwHB_j29(?^LhokEF-u&0*9gTAm=eQz24K6t*j5vITMbyqlt|9ei&M2O z)Q&J6HHouyVcKtjZ7NgiObP%@kKpVBR)+@|+oBQS?lFSG;;)5_9;FFgq*+Awg5EDnts^Dh{c4H91m(K(Cv4lX!d_p?Oqi|-;l<1Z#ko%-I+C$~-QkMFnl{hy z{1KGs_6!8<@36gZo|bi*u(D=eZR1U z@GU7F@7HS~d`n8v+mFkVj%Qu5^w`%sbW6S^rS<))EroAMNq--o(LR!<%{+GCMJ!3m zfF(?cB^?KR2p@+*kTK7?p7hql@UGxHf+FD#hqv7taaKFD{uAYnlsLG5DFTKy==dVW z_k%CYJ5oa7ue#^lky83TA|Qq<5vJ{NcqOVw7N{w>_o$YV@MEV(g5D21J)%_brrUDy zcE|L~wpn71Iyy26p@kv61z>jsb-_=I<@Wl@$?G zE^@iBk1fkY$^KTMLqd;#KAoKKK|FoYw1sM%TI0C*vC?Bsr?6^yvhIrhBmrkEzDFly z4nHCZi;LWm(ir!nu60EeENWzl!ACMF)$!+|TnryhL<0tHzzly|Olx!vV>wD!D8{BG z%-j(aEbmrnFx(N;8$WzS?rQ7;t|n|Fc!HY5ZS7|_ zq;$ZI&^@Y~CS_S0om0FyVW*)-RbC@ren(K``_MvExgC{%5-*>S6@5og==msLyjOPZMf@W`iTl`Jy_Xm5he3(ryZ{Cz zV)FtRlz5DVp`{(!17AIG;G0cAdfOc-x$JH}RKB>9!k8G;ASILS>3|fMS*AnH0k|k} z6AvyfF-Vc6D-l1%ncpo-N*&vWt!*$26_Or6N)!8k`8ypcEo#r~tTW(AJOmU)PGCWy zn{Jhrer8Wfayqcxn;#TKf^Y;Be2~BsSCdq?39la}MFMeb?qXgP0aCPgq~xJ}r?2YD zV;$jsXcUQs6opK6dLjd>SY(o|lqbJvvL`r)A4I~GUq6UrkWzde&z`QZ+60sd-;t7e z9^*)VVaC>*CSW!w(g)k6mnUVVylmlcDAR~=6cl-bWjzyM&?F9dm8Gi5xi)0|VJ%YH z%ExiQ0a}Jgx!;kJQyyO=y~-|b#pSLLuCAJSwP_5@tUJ>SnUtXN7_t=E%K9EPY|~gm zqx6HLNE-I%Ge|Z0j+AP$i2-R{6s2&Dx~iCe(IF#!ACn-OaxBN;M@fl13|cRp!a5F( zEGkS91w%hTS?+E&rR3LzEWz$l##kJeZPBQAOd1AC3?+DdV+!~LZGpSl#FG6MUX=z-+L3x70$AQomjmRt5X=^3!>`he6D<0z#tOeRr zIz=lSAwAOads{YKM(|EJrC3ww8pSx8W$cmygd!G9EZhOGg0tmKxP3! zmEz;*@R49(^q9vX3q}+hG|Up_;^fP+_2(rKlq5C?weFwl$~Ej3Y#eKTX!Ll0$f3zg z^So_vHEMBU3-5@Qf)Z*~!nPfOu}Pcy{r+L0M`M!0>En}NyHeA37WdZ-wf#ezh}@CV zE;gc+jacgnsi>=6G`?<|Jijmg8D}l#5BX^TL9OCZlRev6&V5)$N&ZJvY&qL-KSY8| zhgVSyABaIGUctVbwdxbY%LPb(DG6&(T4S|~Ij?G-3rv#gN{XezEoAmb*96na)Kk?1 zfk6&}io-jRW&IiziNb0+ZSY!v5uz?<3)~Np9w~AiGNW3DzMx0F)Q^rHGs5}8<%%V9 z@DY1kYLNWu9YIlG@mRr*DQn)>vRnbR_aBiIMS~T)EkuLb6RQ;U>GvP%qW+oKiU1ucf-1qoZD)UB z;w(BnMvTA5kCYPW`3GnJs74+v(+GKdUjkSE-H-0uW`3T$3%}04Kd+d?UOwXawk`@ z&Sp-6qNw)-rGtI6RwL~?4vYjN#uB?h7c4!7bV?Ls!(e5nlSJwavR7e!+4XA=|N z?RFzLU|wPoMX`>OGRA}>v5S5&-0$Cz`?1gKS_u3u$$t5_&&s-I`S$`Vf0%il`~(xe z{{Gw#n-X<;?RuQ*!-MSn;9t}Y)@%~xqb#OeZM9pm-G zqt19<2#+55na4~asP7xdi%{EFhZ1F)_;J#sJ~K@?JuVbB;q?ZW;fx3+e;Q3JPTMwT z@cqWa5RQ!=HS&2Hy5@dr78jvNXVd6as1AAu#bcF~=)cZNFwI6C;qV;B^m@sbPbTQ( zRg}7)O|%z1dncl2U5$HePDp zFP~sNOv*qyk<)Hg)b`Io(#t6Jn~3qWPUwtf?ipaSsg;G)N) z{BiG4O_6(wlD^}{TPsXO#joI*?6uNO%jC4io<(q3!d?sns(Es=cl_|_ai({LPmeL} z!I$2R2pA@dM=i1Q#s~P-3f{%X^V{g-ZFGL2L*Yiq6E`N^6;E|3RfjA-50@N{2pfN= z&hEm7=L8$R06nTDrqcR{fu7Uq^f0K?ICyyz6d-(^Ra9GF{N*XdwZ%)3;;w}hcXxNE zI23oexJz+&m*Vd3?(XjHGWq@2%vv)q^LUaxB)K_R=kER4`%4fL#u4AW=7#;pPpGZg z*8IxItJ0pSnDuqkX~|HkSA~kHT=;h6AXC}ED~`rOjP7?G^Cy)ICJdvn_xqiL3gGEV z@cd!vOB~_7R;_uHd527*=n{St8;Z+J-cCTpu{GfB@f1Xacm9j7KG4RfR7kqk4nHC7 zWRNz^a0TNfJX^d-G?%uz5T1lT${GJoJqMiK_NS<`sys`;aZ-I} zg1Hfk#(iIKe+Dulcbnf96`g3g3q2HrCq*@vz017(OGst)8^b5cC0?ZYhZ^Z&ZKaHj zA2N{fUR$>1GxkvLwFo{I1sxaAL=e{U($Q5y!`e`3|H7O1-|+&a?+UihEj*OOOiN}E zY}-Y_=_IA_@tV5r4$eY43Bi?0CN!$~A^f@!7pKV_eB7_1oy=w7*E`6F+q}LdJN|-= z)V|MmmhwZt+g%}NG&Z+=jN?$-Je-&84$YA&m? zMePHz!7@tulU70ien8&uRCh7s#PHc86G*iED*cdugg>}_f2RG^+l2ITBAOG=xdNW# zrwkeW#6u??ts`9L_*yRLcVI=MMw9Hw>wEA;f1&(@zg??F+7RB~{uzmSUn6h_zSvAo zIp>wS+Z=r=reX^3xm`P4(8Key0z&MvVTT_U>;zZ3AmV#fnZMJ)UVXls?g|D|``wcD z#l39`A9c9-W|8eeN@It^t!;;5M}R=8nc#&p5p!(tWL*(L`>NOw|M#2hxCjgE&ePw6 z?8+K)d2_*PJxsh`L8&aX!qHg@wS{a-UoBuZh(jOEG_3Hcx(-!G2T1b~-ZJXXEjcDH zR}{%K({n)r$sRZ&t31K?udkn*fAho%Lw00|IY28m$-JGWw4c{F%+u0Nu>t7vnM_%P zdRlIG(&r|M&R+UXIDz5(Pv{SMaKQPf**U`$% zh0L}73s;?ku2Gb*w4J{?YlK)Bvl^G5*@+(aS0+YbnUu&OJnB4X2HqEUTG8q7{E)5` z?VeHl%Qku3Bdqt2Ot+0skM}@ug8WNz_T~4O&|?vt18SJ+e=7 z7d}JIfl4KMT+zBLLj!mJm_na^Rq1@B4@ZNezgsAiq+EyFU!tua>$Q^PrPrVK@yR{1 zA`XL|kOKxBx}$WqddB}A`>LEzU<7N#Wa+5~uklGdxLtJDs}E80tM3BE7ywF(?E?+#QJYlGo?P?>Rx~Md>&VG zQ#y{jO&)GshSWvSsfP+^7`QQu;Ma62tNBp=`_n3E8t1MjEsO@(%c0Swl_+CxeRT2i zj9~xOt}B(E)hZ=!22wvekR8<0+Ii|oBJhNpAh^rT9rz)mYW4heD)$S6lmrEt##`W4 z`O z^`x|AS44|cwX_rv)5^%qq`wO1%!W#mnxpv!Sai!P2h4s%eGgX*onIZ#cpsvIa83{1ajM~W~0h2JJ0bh3+euA8u zwe;?x;-`z9@R3mr>#g10WPby%zV|Thcgbts^8^z}kjexEq9RRC5rm7Rijx{snO+`8 zT=MXmLgwF3h~2!lzHJy0Ep{B0(cYK-ZAbp%wWhT@STyPEo<-@f2BYRd-Hd8tO@CI( z@$;9jax{0bk`7ENZYyB}8}D!v+#I5!7K}Qb$YDCT;ExpvQfv7E6uWnS%(3a45$1VT zwPmrWMehj=n_l9_4PxTu{Bsa947{)%w!vJew)_o=?xPFB-dRq?mV#^+CfI!GyVaug zSt6DAeTcfwN$wUR!C>x7y>Q`^g2wBHbsUKY6T11y*lqUUjA;guU3%!t33r4kHWu}b zB1Om^Icgs-{lWb|luS{#@d8{{Ynv0PO5s*agCJ2(WaSqK92&CAd+&dD zsrix>b#>zfj-JE~T4h4fIMTwbcvHL@Azdo-c}Jy25jybv0zwdpXr*?VeCO7iJxV_=qiZZ(RoS+40Z8|Sf1dh8ql#{zv?-*9yWnRuDA0ec^ z4aKB)m_mv85G=W|hV+F+LCyW!Nap*3QSVe|U4{ao20MY>`6&*{EXJ0DR&&UX&Erv{ zlyI?m2WQbf*-#{v*%ke_v{zc(;}lg|Wg@l$bRP3N)Q^^UT7*Yw)5{)}%m#KCRij`) zFfeQPPJj12H)bT@sLuii4r@KJZpvmB##U@LJ#PB$N3FdLQsoi4&OCLt0qMorfW(Bl zBTl}bWF!AjfH)h@-_bXz->)nmdU82tg)q4*4e2HpdX#l=9Ql;CRf>$I9BbPSJB8|H zUJkcx3BZMf@{|e*WSlfT4_aJxy_yQ(pO_TD`a0XNF3!Kpg@!-}#FUH~KSxesG5l z>I+bmGzong@TLcAN-&m+TY80c>suO}1$w$E&yl85p4h;mC%}vU zoz#dJ$ON3%3CQJYSw_oQE$4d_M@406G<`lVGOQ5go~sj;Yg_$f$?c>a+B2CQw7r2x zf?2V1NK)j=gBv!!!@3UTn8hpTwMCH#wKpL<*5tGr(X#f0=lMqQJOKC+TsZXia6CK* zkw4zU4d-!AX6#LpQ2ssVvokh}LAM6!-?kZ)EB8d}6eLe)|J%${PuTOT#aEgkE~%W@ zMQ9Pn<(O&<_I$t61y(WuvEj!lRPfAJ4z6ekb>wlSlPdL7?1U4HkRusd-<0Fe%<-x= z<<;cSpsfLc6i)V=CIE{}@>smd7RqP_)lf4;NDaC|4tB?K`q0OWvKa#h-{NzgRrYI0 z(NeK9jnoLg#33vf_9wTsF%bPi$B-3mkF%DWP*9=g9IY3P?38~Pv_$63?=Tspxf-?# zT=G!X#hYWUH>LcQYM&9+#La!v6XRC3hC|!%U#(MS9K^JK0YH}Jvybi6dz9&tL>ciy zMpdopRb^LF$F-;0KX~5VCbhVgLeC+?_b9kR3*?#7uuW_cEdH0rQAG$$Cy+&4vUgRmPjVWQGiZp3nxPH zH!S>dFY2qG2#XHNW=jPQSFUoI{*GFZ4Wln0aP7E}GuSqU7w)A7RlN7U98e1S%36|8 zJfaf6A${ro1tZp(pPWh;yOFyu`}q+frO{xP29DT$U5V)7^KWg&nDP0*u(y{tP1UMMhZhn|qRjwxQ6F4<5?dAtiC zcw>bQ;H-a(6JbtedppT;k{N=2oqYUcMF~FN*B;>W&FpYqK%@|ScY~e0U7X_dE*QvM z$Gc_cuk!%lEtfzZ5mt!OrkeBxK_cVg@cX=kO%iG;xZAuGl%W@}AK|b0H%tDPpWo1P z`*Vw&N2qmvQF(=+sa$w4g>~)3k|6@)Cg{V!95fiCi%NOYcZ#Ck*M{D!PMaY2=RNTe zj*5CJ#O6_YLkS1vxhnVE2Xu4>9~f8*?G0`_cK^Qaq<_uji^^&XD4%BM4|so=Qs$s2 zn*Q)=mN>|pecn(}Jxa@x_^<>oq4vNzEATQ$#JR2$KP{*uSJ-C?SuYqu59&9SMXoww3AME_a z?}-A$MQtAidk+Ut!uNY%fBtlJQ98%7_dHK~ioGB&WMKd0g5FEvBA~8pV{uY*$&cH}98SO#AoaS9 z6Pun&D8PShUadk(5SZ6~4dP6AN1rJDcmg}}{O7DjLyM(Gn!)?7__`A&7KoR_f_hC2 zbJ2+t_^7`0HB>vsdK|Y|vOr%vvpB|Q0KWSjpIDP=l(!F0yD+%o z58~;vVe>7U_3dYh!N*A1YH666+^+N?6?1rmCKn<1Q6!{F_gl)KOLE^f=t%K9ylC2M z!8}pq!qVGE`DsHpiUfxSe=@`i6Bn5(+fD)zq;~q5x zCYBHdUPGcqfPXW9L+BuH84`~zVDx@vo3_-VrlQ-Is$7^vJzj;lXZVZbQi;f!*J50- zsw$#ExvYzQhD2?vBPt6ou0-t+RtWYb5$an&QK6#}G#1?d<;&0ORyfE=>}^13pZvA{ zC$K99iE~=mM2JYm4fqL^+Z0P(n?<`x_;+0zHXgak%dGhOy?zo!!lVG4y~VrCu;R_* z6cq`n!{al?1%`QO5R1~#}TA_r)xy!|*LKQ9uAk57EG`$gBl8t44m_#X zuUDmWT2GUj$D@u8ATLRro&=Rz{(|5BksynIVnI7X(MCa+e zwnxusfTvDNb;D@kLlhA?3!VIb-Nvt*q~&^>KQsnw)p8+!H`A-}tt0TSxxl6(ObLU1 z`eE3wa>~+jR9>jxv;yi_67gR%SfXAlDWh{qDxc*dFpwqeOWx^HxY+dZJghpo6o_Rq zO08=Z-WDlsb9WXyeG{jMqGUTyr$_`VBL1Q&vT;OC;@wY`1onl@5=+py3&FsHz9^aT z2FxT~Pmvzb@XO!7!qcdzB)dpiC4Q0*x^eMUI4b;#ZhP-4=QHnQ^K>`20mTP88caAsge;bvmsak(A zL{JHkLP8vZ6?CAn=jt(AS%=Xjg6Pl|azGO|`6w3mumjxUqU_AK z&ckB$U89^-UXq_3rI;XirCDC^g$|vt^HGxd=WAu^;A-- z|I4Q2m-BrE+muU8@xva0dpO~dS-4MK|9S?22uOK;Tf6g)cDRzrAQ%~+@j+&1P4M_rCyj)L;feR%4yH~TD!cOrs+9p+nw)w<$> zH!gniKGTk^zGP*@n)w!+(N(1kRz~L!w@67ss;G0ssHGpPUIa*Fr8!|?r7clvbSK{d zVqdMnGh#{t*YbNtLl@yU>T1@RYjzsHAG~g;i?@`s@8@3%ZPAj`gcW~n!iq$3;xFD) z>+p8Ij~kAzc5~Xi{Sj7Cp?<6G6ChKGi;$zUd`&u!k-{;_VCpM-33BoxlYW`w%KL9y@dav$0u^4?M#gnzR+BE^A3Ms@km)-fy_Fdpfi$ zsEGusVUo#-Hr2G8n?%aQ*mYXyOPMV0g&-39{MFw31j$6^ef@UcBIcs9@q#1aEP z5ZHuE^v%hz?#}nbPw0_A(QaVw2jdL$UE%;y;dw(eP(OsC_#cN<7?%EpEtxTpzro9D zbP6i9o#xmg;Ck93tfp16NZkv;rmsRGDPQq8Y8~NCi-Sw%Ov9OBRQP@Q2>Lf7;3*mE zF^U?7hCfr8l2RD($2wULj)S=%mM2KnD*HM=uR-9>H?FxcqfADYS|dzg)}thC9GZ&g z$}lNXw_C>}ueYyoXC{Jze6|A6{u}chfZ4=MQ+xbNXI<9EL8#KN$_ED%<6!>OnaB%MP>Z)CAs90uT_o#!@8ybA}SPs8`|>MI1)uz5JXtiV98)X>5$Y1JOmB_3E7ly)3B&kMdH>S%^%R}=i8Gh<);wR zaZijsy8XP$aZD!5(K91p3At4pD(%bxbGczM#PC1Aa-}~tdT;o@3uG-^iyJgZ z$7_8;RK;NKe36yQaF4P`_S!aQMxH}BjJD;MsC~JtO|k0B>$dO)rT&2U!JRl-sudXr zsgNL#`+30Ow*j!P&ycXxTfJabW0r`}UGcr^{m=ehDbpB$$raU)`tClL*Ay@NT8AXo zMpBf>t>fd=f4iV>Ke-0-X%n`UuKR(#CW#O|TSOjN}Z5$8ipgPso?ptx?CKHZ}kUY0|=+ivXU0%y24)yRRJxCsmOWE) zL%;C4^|h3izXyev)~hq`kL&i>V(&pt8FI)JX~-4CqMa8GnJl&74e$pZa^n)Dc8U)p z?c*ZQuEs~RB`Xqao1i@A0ylYgQ@vTASJjg9aZpmw+voX!ap$0m+a7XRVYf;dI-6kUsJOqiWL+W*9ayeQ za5sgiT(M&`1MYMjE1y*uJw-zg?C@vjVCwFgvx?~c;mxNPbfDPH$yaP!BZe*Kho2~6 zQ!Hgni_l!#6 zE-G2kFq*wOXnZ`@r2!&K`}%SXUee}I^eaQfCq2YyFN>sAO1>QPJ7$OjVBD+i^7wmV zPDBQec4Ym>_Cb8!SBxP729!BcX6EkwQKSOGMJ>y7J-3U;!6Pkp1q7z zyna}Elh_;{ghNaua$a*gT2mXSIRi3tc|AY%1O26j;C*r8WC*RIYNdUyy9~6%8Z(6; zYi^E;oQLUTmc6tE)SP1G^NR0nY0~b`0K{+!)=I6VQDK^uy3p^hA7!;pBzvoj=~GMO z&>3(w=hFGDq-1p55>0$eWuMA6p^_ziQ>L~;w8fxpc)Nx1AmTkX$98|ybnX7YUfr{F zn-pb2wl^H(PUjpxjT~mP%$trAaA885^+(ao!Kx-CYx|+Ss8m1Jf1k#R3h9HK0cg67 zXE!8iK6i1Yi3p*SXW59$k+^kNWrrOJO;;G4cwJsJLgnYmPV9A4a#A_7#yB5g7B!I; zk-h26NYbyFuC`Ak{b*BN7js}Y9VtVu5rvnKyP(@Al?_t@9olW&7jJ;k1W22pBLc4g zY-FmrBduLZhdC@h`HYFB<3Dc%ac~eqj&XkS02FXe76EIl}Ychxusn9>w+dqG7L>BRd4zH>S2tS<3 z3#@ps!!P4x)Qbl`TZ)}Ya4i*7&*s;lFAM6##Q0~_Ug2_o*&(_5oPPlabnAL=`@{Pg zqGM*4k`4~ArlQ>{nVcq=6ze3l>CS^mgei9F_f`B%>QS2C_ppMXAl~8?->RkW9Ls(6 zNH*SM1+REq4WGUpBtpffqhf^QpGbSBI)aw=;W-fMxAM$smcmqDs-nYwr(aL)8AW%0 z?o`n#uBdckOss+DfR)V!sM6}X#Ig*f|Bo#`vmvH2&$G23fySsBw7%Oe7t+ED)rd`sT+`qnf^A1+P(S9gSyja z%@T=S_#r5={0cn4BZKXqPrdjtOUs4MFye1l$M1}g4t{FdZ6K-h&sk9?6k{HOHxCRZ z=-OWQ8oUZT2XKoZ#?nKL2^Y=Y_mT8Cp&DuGRjW-JJ(~3>#30@==(0;eHTo-DBZjndteO!PuF4kYds|YXVX?HIu-nW zgQ#St0CGYt;bg-=ZmrAxr)KZOl56@Wc|~F={-Pb`k;yN6RxzN%DwM^bL3aOpsamqA zH^z4Md&4EZ2}6ACfKI2j#F`F{)YE|{#gb$ zI=Awwp+)(?Ko>@_ReIDl8Es(17;cu6>nl)ME7A!AQaCDx z>Li*lPy+6+hHrPCVNAzrz`xi%t}VXZ4u(nB9?}B9rW%P?EZxUVF9!khGmUF}b4Zd?@U9Lp1i0n+N*}xbShajo^pM88*y*CR)M3Lyz-z~QeZzLYMy}WM+$ER3W zl)#oP^CAONbEIb)@r-jykD^9?QkPoiJ1%nmCOJ0NC^<8jNtrIReF^f8F+9W!`q3kF zBn>~?!wVHBHa8N;XFp_=V)W>6k+XoSdI-R4F9`IBSTQ^dB_fg0->3NH^Y$g2ZMV1d zrSC262vO0BddbUg`xsYN-WM{U)L)KO;T`QH!jG>mA6Ba+8MaWSI_w4Fx!`?iBF|rZ zO9_MViY_YUfEKi|u9AwiZzC#iUq`w ze`{EduymrNNn^gIYN353f@E=M-D;cYe|C<7yK)Aq{!SN&Kp|@CqRkQk=V*s@v$txE z3~^!aOF7@^OisiRF$X3`20bZGeosmQ{&88mPi$XGup&-xtf(P0A=G~Il~NpRe>ybM zWI+=(A^nlZ105LttL#hVdrAx)bS%(P%kTK9wX_5rk@&f;rwR9>{?3#)koC}SL;0Nv zh1Ft8d}YX8p^1@S{g(T(a)6Y|i*jN#fJMJ0d%*nR64`O1Yy;oEcCo-8Iuemn?;9Yv zI(zvKr@d_dTi_pge(qDP))Z+$&+a(irYh;5RZe}Ucvk1sV=bM2i3U1jc8o_JL4G4gINQyif#jc@&gfgp0O#{P~j>O9q&p~?<+Lk*A|;410SpM4!nMWzu7@cbC%6#)(FSnvvlkDIQFP(912-}m0(eKY?xo2BtB&WpLZ>K z*SB7Mqo@ts;a`}%K0`^-II985UZp=NGeeVx0xN8PP1oIf)!vFNMt{RM{_F1Z6~lhx zU@HE&@22RFW8e4Vui(2&ypt72Nv*GOK|tzMuX)kXs()75YYh_4*`LYCZ(7pYzlh(y zfSlmjKHw#$-RDDX-%vo4MW1yqxw2-iG5NWl4|Is}9UiUDbG()3=rIUW3=c z+jKtyeNs-PTNjF@>>N>z1ydd@wK?pwPav+gnWy8xLJNfYzd2?$lvAFS+g9_Z$f?e9 zVpIcbyn-%6ERbS*?bO!BW}$s zzQ-i4+QYF8hMdCW$Nx}W*6v^@cA9MW(`NUAOCJF{)f`r!GXAfpUw9oh2Dh7CsDq6IwzcP2%9-DXBWD{EK`{WPhw1jk_hn9vg5;~v+amlE+((g42og zrTvvqAA^&*0e-i!<#&qCc+0Te++tAfM6JHCM~aI58-(Br@7W+=uv!i8odD#{N3a`=<3{OPS6rX}*M-asbtD31sz>wOzN>D9NE z=usnI6is)RUW~@Y#5We-H$y2i=s{FA3c8)b&FxiAyDtgSXS`geSIWpYlq+6MSnb>u z7ORd=p99v5Pl2|${A-Z9n8qE|lXA=GvxUG)Ps<)7ux$N$j&3{az@S$#Emv27_D6hWbvM!Aj(xEbnfaf0 zX)Hk|E`t(=wxG3NJS14X?ad=^%ty^+HzvLO?nqMyNz?JY3S=H$bRYKq8t?#C*sPcH z0XGSiJ;8<=RPMa@t$fkl1g&j~#f~ji-Y#PdL)yc_*fX^K;iy1@v2HJ+KiT37-fbEYlwk{Tr){rc2q(^gEU-JaSsnY4ycV14#P6tur3HUjL9j%tFmp~)cXVmH7 zOtO5zuhglg!zrDZ=_t>~cWlh|jeJxy;Pz?b{nyKqgQ9k?(V6U0#=o=Pla%d083HCH z&s{UQ^aE`{`RtV_4$O%+qXd0(B#R#0GP#2 z7%x}2v9nA_6-QDiH)y;9ZtXt|FJo%-1^kJ{6kTs0f0g zZ@>5NG^I>JZixc77}>u5X0Y_-rihd^tBCHgo0>JF{buvb@uS#JPdDV#s19NO?h^aZ z@9Y>}sPCdkjK|G}Xp`y~8+EH|&;XrhD$T&$sxmq&w*>qGqn<}o(Czt1H{=W_v2x>T27&j&Y_GL7_ zW8ZZ^SYExi!3$TVZcW$N-Cr$JFH62R0}zL{)wxO!r{0w2_#~a#(&d|GcvCYkVY$iSS{6_GWVTE;fwqMVISiXnj2 zxQcI3Uq4*QHX(G4SgZsy7qC0`HhGjIswqQqOF}#-=&|(23N2&YSz7L)eS_naXK8MY zLgLF3YA8X=;>yj9!#@^uZ_Z;dkuGA?_x&kB1K5UN|H7f8q^3~U zx+2>MkSKx+kG7%+N2LSJ8mp(@>3Qp|Lmc#C^pIlf1N)9Blol}JH`XTOTz1(*-v-q% zT4hECImA|l#7^GS5FT9(94K9ayt70+ezherX6S{;?q^E)YFxe)I>%f)$`6xAe1@3H zCE@&p(+o|G_MLIg4p1&A(d(YhmE^LyP^giflX<11pd6~_ zgvX2qk>^}U%sjJ#1;^@tW^Y|%A8Sua+T~ELs0K<7ny^AVqaXU;sa#r~Z1|Q~jmj+} z%7u$^C@;Noq)Z_uidUhrED8cxsJ<4@rq5jB9M5$WwgIxhwH~@JxDLi;Y?*cW(y@aJ zTRY~vedfbXzNod1k}t1m%Z%=v#cKf9;3P5SEB8aN9I;$bMF>G+2-VRalqAOl5N#3s zDJws`4Wh+Bm7@JW^;zoAN+pImmrFu&(65-gHLsON@-)9*|E$4>V{_=X!?9%^+Lj!g z%KX{yQnPUaY!8Qe{z<)Mj4$o>_9S@kGjy$nXW2D|^~1QUI409bfBHx9g_;0dVnVwb z@JlZE6pHAr=up1QP@E5EUV=<>zBTw)BU!Sh-zkM!(H@HX3g)P51%PvSRnoPKBGG7b zr9rk@0;VPn^G4!i479xWen7UiqXnWh#Yje_)80 zPCH$~D-&S~gux$sacYY?)N->?ou_2kJV;JX=87}$3r6*}LLgHqTUs!RNG@*vVuxKW z`LtiXK>sZnOC}p*tz<$ z53UW2X;qVXz5rsyzqximgl=3YjCx?^i5FH-b` z$g@SG-e?@h>#_z1WkiQje0qMCV z)?G87RQ&)ov6_~&&q)Ffp^(S9J+7$yPe%v!Y|c)KYuSv-+^w5_rL=uj8nw#4oW(cY z`lUZVOyvzi?4#zBfyTqCAzM;ghYe){_>Mrzse#EN1C@T%HN?Di9zPj(-?7jrrr+itqHBg(h=4u5e%ZS>hj zf`1FF9-zOoJT)2c-tvRuA)`=t<*2#|ZoCKs!cn})2wEab-`;ZWNODCTfl4N!^080< zIIzrUuowB1vln9sF}MwG5FCEV8K1d*c8_6w-7Afu+d%O6Ao}okw~pxyR>Vaw}xTjC@G? z4b!0=SPcH2at)X&LQ3wGJbg8ms!kC!bmK?@VU9IL(*f0_M1({$g>GfG->oHLMGe{< z>N0anan{i8;AXZi(LqKdEMK%GhHvji7QbzT~HF?TgfSl zJ@Jq&K#of+>cL|&a-!~pi#CY=`PP4RB0~r`-Pp<9gbw$T4sEj&!4K-)GpTRLK7@lO z@sM9@C<;e8IN$*m0X(S6W@$rkk1B6@W^mTticf`MSrWHlg<)~zw_UwL{);WFuil4K z@G~-e4+B)n0!+=4`LX+xKPhg~2r0NjZGT8hQFQ2+C%Fh|#isQ^Dd(YAb?5xkcp0Be zswx*Xp6=rOW>&d2XCtN7e7iXKsa0ZF|B`K=Cs?C<1E~h!x`g&ByHy+BYNAt;Ep6Kd zc=;sa$go}WxZ9qZBg2al<9}M@2XnCJ>s*dR{UvZeN+%!o!FghuG^D9W5cd$2FkT*m zLp*kZ%CWXCjZFE6AwWQ1EYrTJ>e7qxz>Nn}L+8~9CZ zMFWXf4{qW4mr1Bn2^pr=Slqq8=Ki+B7xgjv6Xh0Qo3$VKRPF-<5S-N9ds|yd0`)h@ z{6m%#lt?FH#1XNqz6aBxr1=8$C>GjJ1Ab@|Ibb4I!8N0AQ?@&n)X za>@$gnetU`q3HKIKeyD2#_Jo_vVTcKD|6953R45UFk_A8VVxAq)!KQN9|{0o zxTUnEUGJI#u+QxO6Zw#qZagJ|Ew(ak!U6a?`Yq8U$;#vY>7pY|8jc&>b;>ir)&5KI zWrAg7ygdcw(ggVF`eD+M7jbz0c66%S@w)IH_U>>$vhi-GGH*Vv4AfubD`VB#u=)8{|E3M2MPf_fkGx9G4YZaUF#D&W3V4;)An=7^eKO6 za9Ff8Xu@r(Ao{nAc44I^-tPOokD6v9oo6Jf&Z*3LAj`o(C~RG7f+RB|Qj`CI-oi-p zc@jxC{EMCiBx3!Z*rblwgzf#iA>V{P=o}@#HmEGaRE_!+nSbogYR>VS6JY&wX1>d{ zcfP_+K4#hg;EcP))3El5Y1|n$byPiLmNcA0tnYU+=7M3y^^U|)rY5Z?42*!Ltg~a! z*vQD-(EZ*;)H3&)JI1LiO7T-S4!MA>*s6Z}70lhgwS1*Yb}A*zV!VwT@?OvCw%;U| zlyl-PtI=z`UqGgc2G5qR0;Wlr)^U}%Iy=U(c7xckk(bY$2!~t63^V%ZS_{iChpYKR z6yy0#?J2Q8UV-$NHs5s+KeofJB3;>6`{SqIo!`l*)ESY2^!Vzp!-hi^)~Jt-+H~so!lCF#cg?1sV-*Ga5Q|>yS-@ zodo3+-*9BKiIZsa( z4;qBJbfcY(glm+M#YVutN7huF_2JHkU4x%^~MxH^I%Xcncg)R3z<~37_w}1=ECsnic5Gojmf&r0roJ;qc*bv0OXiaRDRI^4i z!mchch0xExX7esbYa=ErQ1ikt$U5gPU|;B&16Nd3^w`4mfRNhMrP+=snC{FCgezmv zoV6@uk9~78t=qLf!xf?G1^x3I_WO_V$!K43+hxb1oAqIBTa|{sYFff^2mf_(KTaA| zoRSAl1>>0quQ`l}KgUmY>S0#6YELYw`_4Ahk?N@hQQbE;5GFGpUO=Ax74~fvt}Z;i z>aCANz{B^Wqp~9NA4v4&tbd4;KK+ZdZdGhZ{!5+P)Itzj^Ktb}bhFHz z!cr>H(N5*6+4UKCg&VR>Du!+OyF>`$S?dc*(uP?1g8E=7v1Z-+G+r=&*2Q`bRp16B z!(}@GzJ~?KkU^eUm=jcpi z!hY~#*o~*e(%3M${E)n1;p4IcOfi64(Qs`oR< ze@jMEHJx6bZrEFz+qg|0up4-*2|L!;*L7CCo{mlqMk?cMeBIXll%{xgesE#xbjp& zdX;IgIeaac_q{yxSC)3W&7y|gf97S2jC`0@78I(vYZEqH&_ljoC@<*UkA}i#R@Lxa z+>MGHj)%vwcr_;Ou8x!6y)~aqPCa%5d)VuJ?+IB#jdVW;9+1zWR0-DFTWBBikSaA5 zLf0=@49<>E@eFkB`c%RnI>5ZdVyxn?=kb*M)dvVt$aR9hw7` z(0ZQ|rq5bRtv;qz#7bugB2_W!?=2Tne~#7J>~9*Ge2-Q(DQzB|;2E%8!WvrwDtz6A zk*znhSzl-_`%rwRb#3$1TaYLgLBn(sk3(W+Rg}q?WVuF4n%%+sXAPvjo~N`uG?-2v zR4n=iC#jJTXH9oq$-Mzn_j4k}Q7(266m@&@~rGWsY;=Hkhn7X7y)RXXHxDnt=!iD4c z@jSlq?HhoC_JuI`6l5l(RAC&+gaGMFFSZdF*&Hdal0Dq?qcr&{GMdAr#lw zV%9qau*P;dVRZ*~kVPE+LKInVZ!x%?fY1%CVQ`^Me;Yk1fGBu0)EcJP4EI8NJ;$B+ z$Z?0xM0QUqs!W~b39SLzIj@)eTw>PIf;6{>$J`fEr*}4yt6Kx_OyAgs$QDi?y!Yvb z`9VI>Gnx_xVt$4;r<&@DvYR=lE-A7d`DvV*>_r13}dAr+F_7t`$2+`0B0c+#r zU3g;iR`~(R#8P5v7WC~!=Gk~%hpE>$gl^3vK5TD;`#I!bbPQ~Y+REM z1IzrEr}+@#bgoB)=b!12I;OUkmhRd{8tfJS$`_?>E2XIbUKLU7AOl-fH1 z?^h|F@7FV^3%?jIc-Ot)p?GLIQn_|?fyd{bxrH0T#jydxKRBz+`VWbf5am2TQ&aDI z*#n_qB8Tlo(vqL;7rR9~8zf&#VPB0&!8_n{*)o@S+-wbN8V6q2X2a}JF5zBTya8O3t zxyZlm^UAldd)6-7hs5#h2#V}?gj|A0_O6+)`AqrTB3oK-=mlCS1H7FZsDzgrG>;z? zQg|y4ZoZ&zqR72LUrdmMjm#f#6~Wk`l zRefITlf4{Bb^;HEpGDBESMnIaP$7Z$%ZG3ZF)(s8aQUtkuMo{B{Le-`c`+*{lf{CJ zVa~#War^c2uhOV-ciZM!35#eC#&ti`%TLb;Z!Yh5*CVp34W~D2n0S>B&d#UjuRCNf zufWyu`Tfb*+}zW_g#N*3OPH?iJp46ckO!Z3-?_K6f66~-NRru>`rJrRL0vEL6QWTvb?kG2k<#9u9BpBy$E ztzzjQ@e18nqA(Q%%V*-G!CS_xgmy*-PXmLI8WmBuVU8;c=M4pn5Q4}+{(4_Y)-t$& z9Esa63ObO9QXi8yzgu&_y=;w2g8+0hm2)MVZ5K){2us`UPq5t}ov`N-#Nr^O0$n$z zcQhJ(K680@*~xp= z`kVNgX~(weew>Ny!J<)sZ65s zm5Q^;m*5qIq=U@o_(LV(6m+V;TI%A!nQHSelJyN9q)o65E1toe^Ov^1?p}~+;sIq` zRk`QF2U(s=kmmJ4@yXrC_%8K1UOUmoEc}4<%s*i{!Tc_aF`j$?A-d|wVHYf zT9vg=M2BNv`BE*`BnPN7JuaN&8@8n0WZ+6?do3$hk0&G}^Tm!t8|5XhKmK1;oo7@N zSsTX(LSP6{0RcgRD@COfL_}UtmK8zi0)~!&^bm?7p-DiI=F&@$CLK;dTIj`PX)Yir zLLihN5Q->OnzZ$u@E-T;I5Hl`vBqXHi9UMFltHSl7T~o(Q+V1P#tbdj@%Jo^Ty-(pdnKZurj#1c_E+LP6PpwPANxVKr5bh3npTDfnnR4>j(dMw0 zIw=#>05L?;P_r@;G2iUOy*`sDcV0pyo=5Xo&$=_gUdd*|>|ShFtGw>!;7!F|1!Yxy z;pTHNvL`3}sSxa*%+HHUdN8~YY@|qWcU$~4g`SvMd1KsI{`8p^d8vXBD2lVvA;cP{ z6MQ79%*XRz^k}#s1qQLrWiX*7p68#nCaX=$uUKdp$DIq@?KN7X5(uNAaAMKA; zo!-O@3SCkyofzvfKbxFIxSTO^RNAp~v#>KS&J3>?9ezp*Z-sG_R}w^?U=7Ldw2l+H zB}m2jq$ePimYtHi2r~%ETNz(jar)&XY5l5oDcg%bRd zzv-x(ympX|#pi~w{Z=lfT@btT{VP%IT?rzhpm|_KXnI1BfgB+mGe_RJ+I5sMM-f^U zXA8g9jMeBUzSFL|V4;YrpzuUNc(}4XfLQlqlLo5 z{SMEGM`dZ-n6IDuN1jfH(eluh4vnvTD&qxqZB+1UQ@>6-rn%*gNJ&kwrUn420VZ2K zs-?1>zO{TA1hWYKXgqma%&+hHow%T#G?SGWcdsEkf%I@Dzt4B|onvcuN^x;rg5?Ob zE+u|NJF(jxJ`~CLH=3J{>X6}3b;7N3ax04k75;%ZTBTWX>4w5R_4`!zi1W1)O`&$P@234^qydog?H_UHbMTlDO#swMK`{ zV}vH*mbU#Vr8jB@mCerB^y%}M%m&DA8EupLv9WK?nCn3J!-IR*!={`a4__|GCCMLV zh9pIl*smje3yWB@OY%%LJH0#Zs%OvV%~&{C|I&D;$s+13&3jj@FdPO%7vY?xJ-sCCj(ZTt&}E zpBQgt?-&&cce^FncGiLo4$fF}FRFHgaV6Ge zvN&*o`}7U_!gxDv(~NKGEMW^ySY0oXA(zP*e}67ZJw@6^!5L+WL_8rlIT?)2))*~C znajai{A7f0$(0Kjuq1R(nFB&O<3He$;jn;21L4n!Vbp!OUn2vdI# z5(nuZ4>4#C@>D*Y`C#)<4gOWdGq^bcK4c{d7gdF zb>q6vxzAZe8E^;;5D*X;5JO~BE%5<4$)xvhWAAU2_qVCNiK3IegEOO%g9C$yt&QA- z9DFwu0@QkkvRgxHB++jqQU1uR)(HmJka`;1;K#EQ2thkf&q4e=h6qy1`k!JK4BNJ> zECYyN0A!B>Bg46ox!c|q%)o%?YCPoM#6;jddA9TZAPHQ9KosfbHg2;flmyeI^s&}Fz&K104msf=K%WbF>yKbt~!KsRG6{(lrO!>e@R zK;Op>1_FZmzZ6XDoy`7n2#Gh4>0!d?>ySS1PXFx}8d`x&D-aIZ6}YJ*d0KBg6TB_m zU~jM9Vkgoykl}oKmgVr-vWX2zKcjlR3Y_@FRnUXsglCmRTRuF6ce1;Xgc-uwBm)a4 z%TA{3d$ut=`7akSwj4z;NNzCn7L+aA;_bj%gNkerX|#Qz9{;SW#CT_{F3Y#Q&TYD( zwzK3}uGoX03Qd#Y@proquC&=MK@!Z8;YZR^41_Rj6}~J)d6cz;vSJL^R{C#b{*m2i zvC!~G_uH*IcgQCux?kB$V9lh|>uvh3eqeJFO91Acaf@OOIe>n>q(-3HwTTy($tqq# ze4vN4x)s<&=~|7vx_)~N{Fd_r6&;}ezu~II5RX%#-t9&L0)qZ-I1d{}7Yj36v;X^K z{%g7uEuA=YP7L45**C*6@1Ncb;r>6Qx^1yhS`;t#Gr4flC%9@d^+ zz04A7M>lcKJY;CoDHe&z);DsvThz491ne)yCRO(;exL= zyR>1Pk@Aq`ekgI2*O>Bl)A-hQIz-oRdl#EK2^D=GQF`q6|qv{b2I8SKn6#PVD`-R$+MruqbKG13IAUGryqN3M>jP7y*{J%ViiOhFckm33TWZ(^0EPE z0PLL4P^T)gya!8UN{iu`l-IoZ)n}FR9rSBT^tm|Bwbd#?yYOPZWctw8LoUaZ%@*Bj z5M3_3&uJv=gbARrLX_RnL@<$V`%D3!2)3eS_TBgj_wLWr{em_t&KU$`9HhJem?JS2 z8Tdb{b4=!HEBw_2vGOjSxS>Pi^opNWp#rg zqJIa!a6@~7El7iq2eAZkQ_BOblw)SySQ6#jum#oXfoSDwDs=?P^olBhpIiN~>eL(8 zN{8Qas@Qc-N?{!e-5u)t9o-Ufk!yKsG1dhf!s*UVQx%7uvRE}-x8)cz+eT84h}d3L?M>^-2U9?X-6~q9Qcg3ih$lsQHG zv~h+!s!nTQC55H6A_y`mo)vbBLwLXvXql<&W$n|7?Bf`l7xx-;*+^t9m_DK-vMf%F z{5F#&rJF({kPN_w1$5Ke%Q&~ni`~|HBbc7H2O)S`<4PV6)Q<_6_YyEY;lLrNG(*Nm zXpyhUhb;6`b53%e3?trZwxcnqw)w>|+qTpsD>m;PuR!6Ma%lL&jS}9Z0?% z;ET)?C7x^eux**qdGgH)krSh_Q6jLEu}JzBjW3i2XdIfGQA#Auwu?4QZC!erhmiie zrB(3A71-A!kJ4#1hitZxM;yt)epC)nSGY+&i~=Yo!v=>;ZzWL66(pP^l3TrANH&g3 zRa@X_&I0GFt7P;8g5WluA3SkJafJ4TJnozY$F{Lo`5hJPSqs{2CaPM+9gMR8l8N1N zR7!9?5J*36PSI~&e;K*eef_Oe>IY-6oZb{*<^@mKm31Yeh`!}GgV#w+-6%JZqp+(5 z|HlYWYs}7h-C~+t{kcgittZJG)MSBrD4?0nGe$eJw|Ny|IS8 zTQu`JF=l)!58u4Rga-uu6~==^fD)6QL6R-YMpuYOT9W3%;{gjAX+i3O#0)#(j$>1UpJWfJ9jCCpKP{&ag^ z2W-*~@T8+)8g6ezH)QDxi;FC$WZ1}6F}J3|Nzusy*ELujq3sZ*zTz;T^g6VBK2iO% z^k)R02K;9E!V`XwUq$4uJ&P;+_gfPMS1He8Z~alPE=q3M5uR38d6f0=8=GPsM}%i$ zf_aAdPimF(=lCa9`5O&hNjWnW8hA=|dIze%vYEG)BAKGy_9UEPt z`wmfxBa;{UdswfnX7`VQjem|PtWHkxW$M#rSyHX7?M48`T{eCvGQQuvwz|O~bU)tF z{G5|s$LmI}B}a$%O^H15LL@+AC$zkYg0U3S_Fk~`N#mx#m<>HdeMDp26s=Wz%J`*+ z`0bNGx`w*8`7xPZ^}OIp7ZnF*(z3Z$87?Pac`j02!G59U`SB6@3Hqk1aPu`6mALhB zii4u^Y%*&rT5!240c;0akr23@Flz|_gD_z zYG@I}qwoW9+%dh*rM*Ge^N&}RTZU(&d2i~bH}|m{&tH zy253%KTmY00#B;GFA;T|bd8r{td>n>eSYPYmq#3xWI%vilhsJim|fO7PbP7hS~XU7 z*?#3=#aWVT#%HQaTS13!wP-Eny_TOHV`(E|%z*V}-kKb@70(WvOH@l5*c)}O9$~JH zt4Swv@_Ksl6obQ5Z<_tBfN?zB?L>F9PUJk_+8d%^lhpQ#jA>~kHBc<(sNx*L6OmU)_jxFWe4p`lz8 zjIcTx`g(z^_ApnH!&XV~dPz3hGvf6e^c>eQxsyEicG>^XQ~Dg|=aHyZyY?*Qn_vJ~ z<@DpZ-~FubHxF}$vtQVArtiMSqohXI=w=FikKQTB060f$v8J_S@R&#!T%B%y(4D%D z>NAK3+}JNiYS|NOKALIGjuGp#x60ic&yR7|2zW4g`dEA7cb#LguGB)EO`cb<--m_j zjGmi#Gy9&|H8-~$?4K5RZ`w5j37yTzB(N``SX=uLI2qgyer^oZm*lvIWSzq40WrO( zDkc*qq6km<883I}iSBx!VXW?2(l;}GqhGyztn&+r@U>p|z1B#x*FI%;hzNApKDoOH z@&jM4UGHXQfC@m)!U3Os;NEFL+eIHX@K=<$Ku3Hwv;=m{x7T0KD+jI*ayczr2JVi{ z_VRI0fR@IbmPU{!uI;Pzf1laky$S~Rh`0B0rhR%OMwxmLoJXrBalG8AY$z5x@D7dK z+(pDz#zw@$qcT;^M6?_x?kITp{3gQo6 zYIsyL0PfQA1RKOme(%R&0{Jwf=u2Jh4%&*Z4GK8ZjEPN|-2-1)XyVw|AO-Q@+Ue_% zm{{wew~XYPnu>L+mn`5J5Fq`UPq7b&L}%M0f=bZ?bjWW&pZb;+%XK-QQ@$qML;#&_ zi?Zn66H8=5&~v-TB~u%xM4f%VwtKd;A=`z;h}u@2m<7nqoII`79> z_4;B}R#3}20;^>+8yw$47k)&Ai`N(9Esnj#)*&A7GOagYq?9NpS(T^o3jV0x+ zqUq?8_Mq8@$YcH?W}SEzQLpe=no2K};jNb#I@88zZSSS-%kgEP8PD7yd&3(~64X2q znY3-b#Mx%Hj>tC)k2O|;2JwW2SUoBV$E^O|k>lV=>NFJ2Q6DUF&$M2iug{-KT`48b zd_SBfPl)Vzc>ly*mwTupZ+n=uT8x;#T7LJCb+Fx^ylRiK zYAvjFM}UbEwp4X6Z!(`2LVMp@>{F)aBcNghuQ||@?zSwQkE5TDL!igRWc2TAYlbNO z0e$|iJJB=?8!b)@DZ-YDl&zL3VMX2&Z@=PHB-)eC{HIYUx4EVT0)Je{1OK0q?uPc1 ziL^t3o!WligEqi|sbj~kef8)gWY!qfsp?5cmrRvs)%}xPD``3QGibpx3vp%&&j5Sf z)q{{_&&2W2BP14N8TP#3+vW6T<+AMVaVbql-4XnEXsZ zdySjk{PQ8>y^o*e)K1N_wvNIMR$8u{h{{x9S_H?#LY}chs)N$=mf+OdtE&35U+wG6 z@|}ue4W@lFKpd%nHwrdBrmuvO;*hhEQLNl71FP67u1``ccCN^NYB2ujLH@Xa96^`p z3xu6y(b+Qj%}m5VYXsp_yL{}D7rR%mwt10RtTq;pj6uS&P@1WqgdEGPk8*s z%SO*)63*42ele22>~PC4B=go3#+yIGUAfF-FKyc=T)Q*qWX$Cx^&dOFyVwC>(wEBfnq2u2njMm=3pHqzR3n8kGC-)80KNQ7%} z9(b(rTKW}B?sE=u**qZa%@Ou3%lz3uto~{IG%TJ~ZKbt%7;y`kw6xLb+fTx9w0_3F}m27pEP4O#yh2|bNgeyTjv2<27hj--aSQvuz7|3ce*+Ya6;;b z+%ugk%m{0C97K=5XzJI5(F>{swwvzWs5)W0U&66k|5DA?IGVa+bKk6$l#k*Rp}D5mApA3aWHI-g*$_A`j1^I5!|$l@V$1^JEAoBKqnJvl>6l(K_99igc|8HNeL-Co?RARIFbpiJWa9T~u;Dy8^-| zkvCov5bLfuhBZS=yH|>#8lJX#Aqky!5R9DkDav*0kN;4~fznh0Hk*@aZEa zVQyPz&oq+6+uH+8(2o{%y)ETB6k ze>bJd-Rld<*S~Z^8VXz3A;Z|pU3dxsD5oNoR+LWFC6ibHZ z5upC}!VmY3lnP4fznoE5zPoq0^xeI!c#*Df^$hb0rA{N+mfsiAa}PS8tGjo9b?;`A*$B|uyuJw-@nU5A$f*b-v^phLI8rR70}fsG7uowA;C~*8 zI})%EwdL~#!~gj{$%YJrNMN;Gjs5i4H}h_|e#8F^H~-V{dq2dQk_m!q_AJi3;bNFE zRDLK{%V}Zr344*c4rdS8V1K_rE!4L~P#dW}>@wv2tku?T(Yq~xBEHNA%?8R0*ef=ZDW+byCMrxKiH)-G%X%qAeqO-i<2r z5smIcLQK^!gqFrCKq@^a0tFjd0CZ%fpbtv$CvcW3pQ|oW(Kr4QR|OH?KQ}erDJ65x z4#O4feKcK9*Nsxl$eBXdEvw9t&l3B|Ys=WD1riEY_Cw{xrBtC9CaIgg3H-zYVYKRV zRx1QMkxy7-7FqIqyc4>cz5X=)O2VX6k&>GQpf^E@6zzqs&WUv5^sKWi67=wy`DeR9 z=f+RGmwg5An)1Nay`Wl_@AoHgwNgfaTE^O1Yjy4DuB(;R;ERbZ=d({!=|qVZnYntO z6SLo#{&C==dlj}nvhWVZN#E0thEjnogT1%icn&>*2sqUBX+jsG(;PBTbRNkpMlADNt%qt1#CCtgz zr<{u_G0ubLYUSeWiuFzQQ)Rj;jFHpP@v~82o7_^g8WktOAx5VVqhB9A2=mjG{?kf( zRANys-nDoKjyWG`_UM=C($M0CWq@;}tFqm^o@SYT{U(1!;K5y=Ha24it3k4<#u9T= z+5i;sn$1J@fl=v+vCEZW((+Rn_>%n)(c*O4c#}>?gJB99xMx)fJ$46nRqe~gsYL1W zn1hb$@n`Iql=JvaFh*5Lwv;hHoAeH>u^?mMnzQv-rNErnV?)8`{-kc)5yHFl6%DvO zf>TX3?=p;Gr!owm5yzm|Oi#Dnds7xEk8jMdG*ZU>Z(DL6vm3n$OtCJ~8#yb?R;jtk z+*VrqbUyhwy@c)T~?t|M~zh8;`!q zgEi!;NIuUE{SO}20=9<(Z&FU?v_Cbqp0^r*_Pt_o8%aj#uFKYT7ko2oU?B1PT3iiW z>UoVUeHMN)96CFZZXlSc8=bmIvu3-t_UY(oof4qVzAyD3sMKg9H8#2dR`PAirUwn5 zC!x#5z3tSwPQAW>teR*_ef%FB(>WXZ22DhcGWko-Iuh^XPaMW#sdUts; zC{P0s#K;|-!dP}6+GXl^qK$is{>x@p4-}5$ZxS{Os&`U^L}7^Ok)Y+!te^MQ9JA5! z8Jiuf4T#IJz1xd{rRG)!@>jJzB|Z}K4Pli}X?Q#&BPK#d(2yaS&R_llAvn@=1}{Y; zLjx}bPsnNl-+kY@23q#7$oaVoFRBx&dyJy0qL#uhg-*6Hlr*d>g?ur(oNoMR6i5gH zfBYwBCnD^5tGB!z6OXXN2r<$>(udJ3sLFDW*LdbVeWVw;Y?f5ZGHaTRxc#smcE0SN zyEXJ-?WRtvC_}ILtuQ=%RXw(6to8IopK`vS$_bfc2xDZpje`~vzJnKty*-{zd+W({|E7$gsFOTZEk7EL}g80 zl-1-y7rM`xFuLl6)#_pKLJ^sLGB;~)d9(m20CDemhoB`mG(cvv6Va%L`4hE#D_z{ID{YdSo|as&q#O}9r@_b%1nQYuRH7y$4mS3AiF6YIy zLebgTph0UH26-<3>41Ns9`F4%#Qh>_wEif%VulKczndA<<91l*|TgR9)Q?L%Q)F(-Z4bL`E5ZzojcJ z{UJfR>OJLeRiFT3H?Pxa70tV4(w>^w_9OSEz0}YsA%15%{%|+5!weDR5-awsi0L4o zD04NM{Miwe^;;u>erG~73Mt9U?~wW^tc)^xlt6aXi57Ms(6@w8^jLr8C>X`egrSnYFes}A@stw zp+G;Efdi{fVbv?yq%a3wb){wRpg)C0mF0Jf_-u5;;C4E7pR#bh2mdOXFIt z%RgK*g9gE?ZHNkqyiu~{$#cZ3V_ zWN1koxr~OrMgWL@{8FTe9XXBmmOd~+)pl}YMvNra+?-x0!y!$34n_>`z;P%9LN~9t}7X!$98-4CC%pqZJkR45VqM4hEBY?)Ayoo zUSAy^sd4PT;tX`dPlnU^(Y2)B?9}y!}2sbG$a= z!wM9753Pv+LtTtOMF;t075U-*LP7Y5 za6deVu13mm;|xJuEB1$k+S8Yt#1bdN(cA&y) z>A05FTAOx5k7m4%3Nh;SD4|Sw4u5L%9(j_pQdOT=7uGyTJwz(2)bl3_-!CSc5Akw& zTtiZcVxtN#)RMyVu7`Ps@E;?n#D}PFEP&A6Y8_WB9XdkjQ}E2p-7nXbP{f|`LX2ZC zy$+BlEar;~j+CRS5+JF8reK;{Br(*+?iq~L*+T3$>8t(;yOdh&Eg#B?O`)WlDC&qv zE}dvzd@_^xJK;Mr8*UVA9T1kl4Xe)==MU55KqPfU;D2qAwGpUz>WY9YoCC8xBbtKE z!q!p6+MAk&XJkrF2|eP6d5}V3ON_0T-b^dHxIj1a!>pcPjnr|Qd3=%9>q>cChPnK? zL0kaeSqBLsDHF3IgGh?`2f;KIz)#p6LLvV98N zNx2qBs`GW4?mAf9GTGA<_?wc{p~kIYjbt&9N|WQVK<6(Q*pN!P81HO8NpFIo9H
    I~$Hs=)zl*D?g7k$uFeo&^f?X4*7#jC1bQIjYKq3WF*2Qu8D}H!jRZMuso+S1%Jc z%0vX_Rf(0<{u+{hT4NJlqP`_djX&LBabD_nk=FT0a3L&Um#04(p55Ek>q@AZHN%5G z9GdfA^>(JTN5S9p!RF{yE$vEuw-#4I@qSlEZ=4mV4A=B?BH4}gsyq1>zbN4lzD#&d zW~$d73TerbiG*^piNv9f%M6keVtS`G=EbptaNei!K4Z)>wJznP@p!&O6rm3-lMI4E zJ!?TBEzp*WWy?Zg#;EhvqxaLWw;0xct18B^nKu_a9xUxho=ed+MVW0zgNyvh6D|A0 z+k_jnmP+M}K)zRm8x?s+ln{$yF`u~whWy0ilAO~e=-&+fqp91+R z>gda>s%o&pqM>5(S!tpR4G3?6@ z6LH=Sk7iUdx2>@i52K<~r@7o?f($Iv)DZ+@ZVe?&0<@OlHP1d`!3pEoe?HYQ5&FL; zp>&G~!5~AD@PWhR0?c5`xKSruzX=y_p$H;6#mRwbI!*t*BP0i2V}HZv?Gz^-0ZUpT>5mI`MnO~NA!PR0N#6|uTKWE?y2Muh+Qs0xK> zSlELaegjt%rcPGIkR%ehY$dVREeow$2;nxY`b$gZw20RKM=d<$of`cAQPYA^nbPaV zkM}sLpy}&~WM8DC@e?vzm%ahV8~_gwLWn)}2aG5xb}x{aqB+n}1l*b)W{OC8P*ZH= zCI)}aA)jSo2-u-nu)~f2Nr_JC_Pq#i&8{Q0sk=W#k1AB`|0C2`V)GrrOh|9eD_M3EKyc+e&4-*uzaVshsXjJPM= z^vP%_(c_#zL{-l`{wFP2N*=(>0iStPm|6Aj?jDN!Geq&$@E>=%CiY_F1pJjo_L)scw=uU~HK%@KK>|BtC zaEx9l{dH4sUwC3=Dl*okn5-)V=A;1u*i|R_x0S}<@YrM`1>PGE<3LW2g zFxmJU@oxlN-4Yux#35wgzzK2zHn4PGP~$>CbCn2Cs)t~2xhTS~avc6A7WQxH;iZ|R}lD`Hzf_)TK8N@u&=QClkpH}QmvmUhFsjF*kp5cZRTZ?|1}W#PbNk_}|Ea6|cf{$W{8$tJ6PopOA-c zc6@7WnehtG)%AucSc=HH+$*$$Fw&?-q^IRJ8vr1mYni`Xf+}k0uOro{s{=!<^@b;} z*;grb=9f$O`R!YL4P6%b_*@NwbfpmFm$YruDBie&Y)seXjopZlq;qL9%-ixp2IY|< zpz5pyy0^BPw}wH+sR00$rt(i@)E!)}YA23*1)sZr8`1@C{DKMfL;44Cq&V%MT`;L9 z1-HFaLi^ws5 z+_2NkunwX<#9H@sm_Dt|e9G0$?RGl;_L#k#XUqho#uQF|+zEQ!v9fpqX0_a*D6#7_Z^Okq&F|rz2i`sBukIoG z3|t02noPy}2JsgPLK7;@S!EE3Njzf7&1Q(@N{Db_^IA;w$=mpW?HSK}>YV7iRdRv& z82Svdu*5gAZRXyC2{JL+KGZ^DkcgtKnI`9Fvqja};mF4*7pzle5 zOR;&x1PLR-Nr_d(qYdKUVLe?%){+oZ$ylB^ok`|H7C=qMZyOJ5v89=L^&wkeds-LurnvQ+ z3OI6~7B+jX_EU0|&G>kNpTP)FGb?}E#>$Rpn}kUYKg@$lV>riV9rD|kx-_&?2}d1h z_hbER&9#XVpUb2r6cXUp(97XdWnpW(&g)qnd{ui?>GJCp>B$EBtekhSL|KcEbis5e zX~7dz!(9{KVn}FBxjD3VCU&)VCyFYWqH~T0@yWKi6)qEol)6Ee$I=I&@IYjQNT_YLC z($|N~;+F;rtz;CQ!Q^SDxI0II`gsln#bAy9wxU_cmynA-2C6pGE%JurGeT@{sgQpoV1sn8%Q^ zzH&}TgkcI9XZ4w~AAZ@448yQxXdPb*RtRKs@mFz$A>ABij;e+O(m(K5)(Z$YytKr5 z(E5&!1x<6Y>F-n+%eR@|l+Fc9thEO7J(5(qU{{^*n zo!}pUh)sfl2V#-WN>L#ZU=xb)sKou?+F};G5@D2?A&(NF|3sJrgZD9&dm|3cffU!Y z34hC$$ViPOd$kW9n_a?bMK*Fky1HU_SN5=NzdwjTt{h^l+(lM^EQ{}W-09IETIfhj zMf9(Jxb_6N%l(X=Y)n??K**d?HDLy2m}R0w3H$D-vA302@tLui(U(De^u2nZ{CR5~ z0Dd=fZ$eg(QZwC@PAF8*`T_;|#sFA$(s4I|KoO<>QFLjETdzY+dVA@c`R@#jBJ^>-}Q!XMrkf-NKv%jJ(Nm-B5Yv^|+z zHpf(23W`pK^1s9Ud^F(;Mj@^GW`#}CY#x8AKU@b>q%%f!{T1x~=daZ&)oF>7LCH$6 zE$VJVIx(CajCaHR1Apb{b2)*_K#W$_NJLg~6%dlh~fZi$) zNb~MX&K+`y?Vd{y`6w8k&zw0IOp9x7A{C;86=un#&!KlVR0OIBvHR~EL=<#P7`kLU z{Odx(K-DUbNqUMe?zEVG=MKV5PdQAJP-jsVp%VCB`8YnG)R~f55fsOnxWfLy7w(?U zPTU%Q?u1T-aG4%|34|sIi_S0tx=7$p^I3Q>+mb?%9fXh0eN^A4aV8I>@k!kw%W9lH z+%)MIvCD7Y6kj_f9@Y`hwvF+TH#s}sE}=^@p%!%FXG(%|^M7H%Rl|Jhc||VEHO^eG z0BVuB{7z5xmuR+%+s%_|vMoEIq}LeaA-TpDf}^iclWFoNl`IGnIAIIrlv8uaI}Jji zYd#Pss@omc)o#`3E4fE3nTTv&vTGKSu13S2rB!Bhpt-UGidPDUrbqRCHYpzP_2!4= z3G-5&vm%GdCwkv{)Row!)ZbUxEF_`OPh&zGkP_BhH`BsUAi%PWvx8MUME#H=2*f<1 zpuHTTv80UTPw4v8DIj$`rqqwOxpX?Z#%h2u0sS&8lolyTZvLhLUAb`-cvwR?xO7&2*1U{0uc-@!7Y z@JB&k2Bk0Yozw)o&GfVlh$F8-vE0yeGoD4ZmBlRFCO-2WI*s+v>wDhK2_C4~UT@fS zX_ow1GgVj^&*f38!!r^o9&Z;5a&BN{AeY&o%j6rCB!FVh9YxLyZdTe=DzC~_rTR}p z_>JJ9l`=P+6*G6G<>Atc?_rHtG23=8!0w!nLg}@@(en;cIO+q#!8;kNjUstz-#1M| z=;N8XQoH86GCfRlxaeIu+T=&0fkj7~?Rv62`;jY_bM`%6hB6CziDk4m;v=s8Oa+5zRpkY0_t350_+I;k2Cb~q_>IRx~=mwf68!RmB zv$hYnmP~;-^~4JMYtNF5a9_x6IoTfH>YqSv!@|N zrrZh(7l4^kVHi{?wZ0y}$Bkv>jh$iXpOazo@r`yv zXt-rP$M$Owj2e_m?J>w!O{}7Z72d4XD|1mS;8GTmm@`jLjjE0tn#Qc65o6~B{{V%8 zLj=6Km{Jc`wjRYE?LN4fjU050|EEnr6IOZ0uU^XkEbZe*ENT-vA!L*GKEpqI@8>=P z6)`UEOtmPz<~e5XLa}GP+4ZglSU(d*Ay9tF0p)(`l#2r~ixT_kCHKC|0INb|s9XGi zO#$Z^sa&4p#uW&hp)S1UQi+wo}^dOo=vgISnn%BZm$} zs7|Yj4}e!qgUM;GL8HTvrUyHydY$MwIrd3cy$X;o)fO}7OTk}MWrswtMZ-gTX&E}a zxaX!ShG7;Lb;cIw2K_b;rR49=b#g<+yryu*f7 z^mIk4(FknEAxUFilF_V2rDO$NJZ^2^msG`%Wn?pRI4ojz5G=cflQ!pjYj{62ciW{- zYq%T*3_!k&$01^q9#&(8&TuRjb^1fRR)@=)t3iWBy;E6j2Q67(iQK&EOcrbZ*2;q2 z3`K=Dy}jtdj@FQFZ)b>~ZlR_^!%0jXOPJRk*4ucb@)H@oO97>lQQBp-W{o#xLt%pk zGWxJB=NI$a{pv0J1rGDH-#94{%mgwyq0|9*St9=+55mgglVT>@6&RdE$XlR{Jv`DEzwuJobxghpBQc$OZ8B|k0p~aV{~z} zrl}a9nL0{hSrw3klGUNM-8A*nAv6pv$SUyEBaJ%bx|fdp=L$=r+>r+O`AESwHqgi< zzGwixF04})YFnqVf}Gd5WvQ-0;o?|=(M`2s`UD~`Sj}{n2bFs~ABl}^>s~f5*rWi( z+uE$Bq81xn5;rs%I7FKk&I$ej%8s!JI(B-2lBqXIDntTGs4h*eOShzfRBu z39=Fc)`uYfMBFs)*;_Y$7i26}k&E=WrB<&3V_u3aOwEQ!`h<*LSmKTPoU4bLC z1Z}WW%BR?#8?MoQ1jhVn4mpr1MHzzbtkE8N|HGB=(zSk}9jr_1GR)y;kmY!P`)%P(zB?=-%iw|Ow)|Th3%*1HJhn%ou=$ctmvseXzxabm%Q%RxN~+MO z#KEX1+q!i0fK10W#1`#0&g;WUWEHM$-2`K}B~5dah2^=BOcA4GjjUZpUsBQZ1oWa zoH}2iydzzapvy|;sIi7Y@96RRq-}U3(Ncbc-mJGOh!>q*bUbkUF`;tiR}k!oaq9d~ zPE2bQXac;SLjtJ0+pQofG43bV;p#2@=v@VQ_IGVh!ukNaf=~bgoTT877+s5-L6;VY zEcXt27Su1{2Ur#k?$^T2bPbF8BhO~%Re8Ef4>_{o;2NaQEcSAQT&U*JX1Y&uw;8tt z{c7*aeeFcYllSHRC;{gv4zXcl1R)CY_`RgCv{VL!KGQ`jb-|J-1<7#Z$E4JG$pU2y zFLi&^-c4I2rZ5AbiRG@XGBs|wGa89^d39%s-$^X=#8dcEzns)L8zf5vVee>VTR-%p zW3kZr=SjIHy$J{ruk3?&z4o6_)#w6braumIWA?|*)X7Pmr8`czDbTk^1uOXqidyLN zEN7lqRe#!&h9+-oG9&y=#+uFQWnPEsPbtIKDI=D|x^I+)Z*A|E#}7sOT!N~&KH)_T z+~TjKB<>UNsjGR@(F_N|4xA#rshBl*FEJh6_-SEhx){_6&XwLyBo~)4HnWJetumxA zZV%^3;!X)vpDh&%?G*3E-N?w;)iU{Atx>)?&OMPL!-BSK3f}60Pb_t`*6Zu8*gk-F zu_Wt-rx_63<;(qc&t&l2vTX)dC|`X4rn-g_^}EtQ2OEtpfah(9m~QZiCK>Y6wtd-r zUQ*3Na+H9L`?H$Jof|g)b)a3Om%Er2XnK%}0LmbP`+UA<&1!m9_KI^2lQBsID;Hr_ zC_`?n$dG=&&B?(zDxA`<|Msr@E)W8X$iUTkH~UP4^Ay@V`nP5a@@%0_oM0KVdl1o$ z&zeRD;RC(nBZDebtWzYh0A~xz_(EyguY>KE*r3POVTOv!wJdfmLT5LH$P(oS+O9Nf z*ndy`w$<)qCDU#|PW{%%Ba#GT_}csDv-MkItawpst8^pu01!o|uIeaR1>}aKc%}q} z%<)9#tBXF+f-avhH_^=n=^q3uFU1E;yHSlIs-&P&A(8B;Z+_?UPt=K)6CFRLo~b|; zr_PW0C|8P5N=xyeql6^Xl)I0KInjG{a$-8d&YVcCM%;7>YI;1rb63b%8N&W%C^L0}^S)A4< z&(z07o%a*bQ)=;!Pl6u0ram-)#UqLl{MV?9?DG&Smxj!}99N=)vSz@XY0qaO+x%z5 zD(vctgOZrv=UK)5O9Fb@w(QyPt4Z_FQyDC+!9Fu@;LYD$znN8*zbOTv>7J{RxjYwBEwmVW`*G-nEZ?2ZZbect+yH zR%G-~?ZyY-de}G8<1n*m%yJY#IY4q~`Xe=Wwp5}RiW#y**|>3%f1t?1&+`4?wfClt zX-6pmo8>e|=nE-T9(k=A-lgnWI(2I7e@o#OA?^6bm#04QEu^wm?LSBa?p1{jswsNn^Z=H9usA>s&qx;cXH8Cxq_bJR=FwT zS#(&5@rk)~aL4UVFN@f^&u?m#q-c2S?g|aFPOVIRC4MI&{6vF+-p$pILMLpWE`e9~ zKF*2etAtAYs7Tv#Z*FNVmSmE;BtpY$@b~DDaWV{^xbc90pt#S+@@3D??yEqQ@Fvq5 zs6_yLL}o#699o=L#K|)H3l2ia_{Ulle(2LaA6|0yolbD?J1r9CBz_X|(7b(K0sf}X zs|&w^UR+z2kY;e)E1!VwbZH`@25h{hInFmexJqI>p-VRxSxdlOG@n5x76nJP;A_Y)eyPJFW$S&BmneC-a5%Dpz#ku-7O&ML2iUsEVhSnn(cIH_RWjR?h zg`$XD3w(AL+yIh^BrYq9NzwA$OV2qfv_4NcAaMxRqUsT?Ha=ceNp0K+Cxtwo|~ z?U=~uZn$hYc>7i7SIXa%d@62iMBJySjp(`wa$%fZkp4k1>1aHt(Jhe6Sg2oemy6`0 zW|XozL00lRj~iCMqb&G|R2XU`(}#xL9SOlWn;HsB+}FKFx34X&cXuVCSPQoM)X918 z9(pLiwc7MZF$RM^bKzZkr%ZmMk6s z5VkUa3+63$4g1cHL0N5^Z3`3&lP=~|PF3sl99HaAxct~HobHRBhP|Ym%$-&)^WmfP zl!r-Sq9Vh0@7?_z&01lj#-<|0Xvl&m#M|Ia0z+-JQdBr_ET2=ny4dGsom*S?hgm`P zv4U5+yV0?A{_|$N@E38wxC49Vj9IZn1Zx09sL|n%-Ut!n<%p9<`Ts}MH2_!I1lx^m z+qRR9ZQHhO+qUgwW1Ab>=EmAsFaN&xcB^jHRNbWRH#mLzbkFpBfMHQ88*-yqfAw}w z>rf#6)zd10?UyPToK!Fcc^+0C0WLcM7&s=sp%o;wu zjoj_+E=1Kg&$PR8$u?DQ5V*j5K0M*yEvu}M;62aacG^104tG7U=yRZwC1(T7^th64 zk60Vay-(QvnqOy?{l^@zsqbkR2k+-O7SHKOTBeM9iA$@F#knObFfLv#t0exwJr&|;;IXhckfr|TiW{M_KSqpXqg zpYnj1QS{-r78xMHD?7pQW>&_EEw(UBs)(M>|I^4kszJF8K2w;xItz`_T#lUM-c=<1c8>j-BTsjG^mMG2M{6tC3J2&?~;K zw6rwOY>#_~EinF4kN&G(Y5N1aG%iU<({R{`#y%nnCa*4t4fJ>3)iGb^!v1+c9IT{9 z4j-47g|AWIV9DlYL2 z1_a687yssbipZc|l1R?yEmMj30^*hDP{S{ zJA_7D%QEE&_L(ljlnR9!5c#?TPxDRHLl>eHp9gY;C-f~#hbCc?^c`=_(jidTV8o7z zA=JCBk0!_ZMW2{-mj@#fQhYU#Fo?H~o!q$>NpItDeHG7sNzTI#PwvXQ9HWS(A}idg z3ymy`RTD`R&8YVMayL;uLeo!l^7mgR%(a-YhsuUYs?iJw|D6y%Mh})Z1d4*}EjJC+ zYh}P|7h(>;8Ab?4VuM2DmAX^vC_*Zvr~Eh7i|D|G!_%;Z85UgSnEU!lit@YLjBh<1 z-9S8nhd=zN-C)(Ox>AME*mN3ejaJdkfi!M|xtm0lZm)isvdBL2^H#MrGi&=5qo(%| zTFTC#_6#(A+p5Ye*dxkHs2q-bxXVoSY(Qbu4;eLGH0fSj&e0YyWYLF8HO$}4)8ZNP zl#6~a6Lasc{ZUgLvP^yZ()Y~lJOM`$YpJ{WA2~clr9bNbtFNL9kEoNZ-f21fcV-!XkG$kZ2n&) zlUl*gW&L)}RsF@o3M@ILEGUcA@3;ZjT9FU%s0hYpA=uVM*MM9K`Q3G zzqZW3kAt0Dz=M4_-zd;FhZPNv7nr-1k=&A~QEZO>4x(Rc`FN50mPN(bG|qf+CU9gQ z`ZFi=HaYEXQXL4)A8Nw)j(8VsX^YT*vCKCju5$9*XRmDpd<`weZAkJPTyohDIN;fm z@(5rDAZyE3W{O}+2!f4usZu#bEcsuvI$VOwh4pQwmr2g@Cw zL@fZg)|E??1-ldiDE8Dy*o9JdUa)@}D}3Kva~BCKxGp5P`396oXL ze}-`t&R^v8c3#x@HHTN>H(%{9{$^HpZM-5O$osg6HQccV^||}4n&KC%Z={N%dfzWJ zNE+O9w_3{N&3|UYJtsN?2*BJmXf+<n%y&Uf<=AdrBj>{$LcIAfSPs1=~I0A~R$*>HpCkj}O z12M@RS`-&bB|+Bv-C_~wuoOtCIB^JZH;VP0JLlDt;oD zD+v^PdBIk19e?`TRTCD}fR_3_I5|h~?-(b=7WJZz6?xz)KR)g{5gTk2?-{VEmXbSUOAB|16@{Mvq$nbSTaE}mkvXY6#coB#tmA|#bu?ud_Q#q6%}c^O93d&}?vjBH+LiJI2G;I)ATh zEvi0usxuKOkCA^uD|Pp;nwwHwD||H^~JHgb22OYG|I&lQGN|Ro7F8g;B*_B4#4k zo|`e{0yrG2yV3EZT5$Zi@SWdZC0;V|~01y%E_DS%Eq@0v^w9U8WVV>^<^joZ25JI!^3U)KUx>3pJ*%^LO@~8w(IZ=aw zk;3F`5RL-x2=CQRkc9KvhmYDHdJz1G{LU?hVhIeuHfcAH%|_E$0wj+POc7bj-9nz_ zPmu|giwGj9ZkgS0- z+f&KCc-Mp;^HueYhm8A~S}Xe1v{L%82h|vwD`|EMCb*$60#cq=nCa`=#l;a)!ZS5= z_5{$V=v6hjK~$zmt9eW&s>Zy33+!Ih&~nbY<}`lvWU#DzW&SzsEL1Hpm-4>FX(P#* z>BH|xc7Z*R&oWMu25l6zS(adN0S>IyFz}v9@|q<#om21mnIZFGJ>JK|_^@+%ABT`& zTo(aYx(8Op{vJ=>?PQk84uU=(-A5A>C8-~1Am`Q^ZuU+iw9frb6#n2Sj^{hY+RAh+ zt{SjbdT^k4G2fgQRPt~F&}~Ur8z>=Tlo*prR7&b3LT(qb#Y>Gqht=}KfJce;+#iC7 zbFh$j3*;fw>k+*pG?nXAe#(uZvrXF13s`=atLHDOds=g(TE(cUYrCc(VM?jS|Cl~h zcT{e`dKnKKTrcA#f-{EfE?X`D5WCBmjrbPdz*`A`!7ykL%g(cDvCf`RxRSe=*53)F znq8X|34|X^uPd>5@bfauVTE-|t8tzpLBMQ;ZjUkl@FDKEG|0~>MKLyO1_pB?MEzbu z&&A#V^Y}`^K>kzU%pn&H23RmF)g{q41(2skBb`R5P0=BRF&T-L-9*U1 ztPd;9gGE1}>|}BEXb*h{;oCh0nzzr?`L&{cE=1f!up-WsE5v#iE}ES-jN!Pi7D-(Z z(FEytyZHau1cWxI`og9rz*Jt<7d9#U^3QEnhP``u?42Ev>EIj+IzwKMq*!p859?@`P2YR2t%Xk&Gv!jwhw0WEmA2q%YWL$ zQb;giUF}gsqf0X5F|RF$Ii?-e7-Wm&Dc$*>v`%tCA(4%_S?#>|beznIJM=&4b{QoI z*OW>lRZ%Wk07J6wmvGo$Wn#R2M|Z6&R>l1z1{pKG@cx0I_I1V|L0UPN&@{`>^cC(clZE;OFYGl@{-{gtp2 z{<8TxljEA;Dt@LJ+i$sfT89B3JSFf6wUTTA%rv->rKYf?_J%3t(~Qf2#m!&M_BUdZ z)F@DcaNU7}L?LHBx;~3glWKBLc|+YZdW~1P_Vd$U21Ho$yH_WP-G5vx&KTf^v|F0+ z^tNY69@hwBaziZBT12@@83EaI=>IUIWCZ_0`Gpxu2hcZ*FU$x_8Qbzs`;xT?<3j(Y zOEH#64HzpkMznjfaSf{dRtthv=~b1jC&=o)bbA9o6n}9u@#4GC>+iUh@r8m(Ye;3wqbvJ7}FwCN)-l!mB7T}Wp8`X<{ zLdh4z@IaTCjoYw9n*|dl_66bDq``~Lh0H8Q7$g%`O4hiUD-5cA@){{@GWJV?mll@c zJkjkeczNwCDsGE>(4lf?;1pM}(qy%6;D)^Xvnb(3pIJSr#Zqms`Y)ou=Azg1=eU%j zBxABT{Cd$Pf8I`QB)&Hj_zv7sc~`hvxBTq<+S(qigU80p?bE;i!J-a>;j*2I1i$x6 zPyIBOGEQ}7qZ#h5S$$f1C1DFpr^M#9T|1l8y_|wa!53Iw*ESteD6}L zUlo1u(;ygq;G&NH0vTqMwo0V>QKDx|O%=gOkQi?3I_2<|t~$~~bgxm6HU2l)l(gSu zixl>6;Es`CyUY8^P1!crj+!ShO^o7;3&<x2WQk_Q*Q1di?X|h?X;e|w6UuP)sn3aiaQz8D^J_>E&&BCY{qGHxKtNA z18Kb|QmdJ7$r$s}h#lbaFof1R-;Rj-(KA6LgdEObWI~wGTRN$X#Jrz8s9fmQ*Z-ig z{1q*DSRy-X)3Q4m6r=^(+4Jf&%BvcQ~2Pd@{c_p+^Me=b``4W7{?8yOq7axs{cV&D*$u z;#!bfs=+8rB4^Uzm6uxUtU0&&Xz)uk4+KLYR8$albc$cB3ael7EezZt#~Ul|%i6D` zqXa{zy$R@Xe$ZBe87=nIf3&w`J73wwKUftPLIr;G`?R5GyRc}h+wD*jPsMjc!9_T6 zyeqRxF`!F6JyCk=vGfob9HxcdY4QM9LiMHKF8Bwn8@9=KGB2C&Yn6JV{%NfJ*m^`| zt_P4Mf0VJH!M&wZ#7C(jJuw(}?VoRkuI3B?kc2^sHe?@U;Hvg5taWp%D6>+ z@{0F2@`~~?*{Dx;!a}TqD$|*=lKLwE3M9nR!OPhbG1r@g2&L^RfFDKD?Nl*_DSRj8 zF+H4Sop{seFTqqpW*uH)fTn&(nSOJrr&-(=!F#w)NFD^8i zBgcnuVfa~gfqCHn=zPNl{nMP6_tU&$?w5-xeqKp^_WC<`B&6>vv0o70t}Kc}S@9>B zPbDxng{xYY9V@hUC(8qJb0Dhr7VM63S=;dr&9~@=Cn-jehcwkr&TrNX<8qzScp_eUhAv0Q5=mg7$Hu%V$6it>x z{;V7B|Jn}$_Ov2tHWbD+*J+TB48WMA!=-@z(OsPVUi^Y|*GkO%piG=RNz8G63C91D zsnd?Yz%|#pP_Fj0G_GNp{t`*#5@%E!kcTP8AWFCKS&8%$q^d&dc=d$l``*h%Hdluq zWtspsJ>d!5TI0!mK0I;$RvZalENykI@x8DWq5}AEG6+i3{dFCjxdfmf{-Oe2o8|m$ zME2+f@T?1s=YtZPl`;^P;O+uRyzE06i*v%RVSKn%GT_fz3~ic2uE!L(8cgRflRBN$ z*u7lUrB9-HLNypGq=Hoc`Ew+5~hf4IgCiDLA@1rGW zJoRRwH_k1?x;IJq(MRtyA5zKYRrnYZyv$$u&dW_@0+U?CPFNR6#l3*R~F`Y(h*wK{`89bHv91K8IA0iRpgg$VM>LFLXqN0fqiAIuvygvh{oO4FTVxBFrlK^1^_==P3&*wxNnD zqBCsXo~1${>?AM_A#K2zfBAkRloyQql+?_nzglLdvJuL-Pg6;P1ebq=K!O$F%>I8IyVV zan-;+CAQ;+aYG)PZt!&nSA$?iu@5tZ;k(;b-wFFaN*L5f$2m?jV{Twahb!Xc?nR#g z>iUj8Ho3k}SWeOm8gC#iv_h>0IZ7jg9h7yXOhYEc9BA#;LrkDOq z4(4nYNI9ILv2=TKcmAlRI5}S;W^6;2Zk=yadhLd$rkt!y1DlVyMuK{z>CqBwYP;pt z+JGzCy>R|FUnJa+F8;OJGt=_Vl~;^_6qNvX)##Z32c@Qn1{7`vo_ zwP7Khh7e%8oy4s)IqorKv{CEVNZxy9VrT6O{$mrE5PPqf@Jyyk|9sFw%rwtDRUpB( z=^uHZ-AOaQ$6e-YjHw=xG3M|mzj3w6&NUGvc3xjibqQ-E78o#=e0%oW1ZIRGn>n=@ zRYbG%z|>|+kLHt^RrJ5Rrc)ZV!~+A6UUnIi6%F+J>S4BcV)Zwc_l(GsRQiz*+VxpvHBt+8kT*b@Wy6S27y`3bye?D7=J?hp`N-2940)_=Wdu9Wu3kh?q zoZoZENJec%k}y@agXKDiMRylD9R>wjW9U*}jQ~!{T9H79*&z9>j2t@>NFBkolx>`i z<53aUkxkP+3g(mNQIMVErIkqm)1u8+cRL;@Yox=@xGw_Rt=p^)xz;K@8N`HtFtox2 zoYt=fDbsgJ30DoO_TGie&^nxZ%r)}yf|T$~<5Di8y4t1Yxb!S`c`17a{cOHwjS4D3 ztDhpavPjK!`{i7!i9R1Ail%qA@0xIl2T~2FmKpQNGX6Qd631z;VDLi@y`9 zSKb&-BJz)FNF5fTF7_}F{jRxK_v?kk82?8}!0iWYHj?-&&OyieAi3?k@LbXl;_PcU zK_NZ+Ex3O&#UE$*m4mc(iu#A?o;Q$39@+|lIl<#JcjuO1SXEE5CC1Ur?|i*jMCMa@ z5kk|Jrad;BRB6wj#rD~kz+X3Y91M%6@92ityvR`=*cNEp_r{vZFOkFIob!RwPI;lH z)JvHW=&jGp3SmoisLv^lcKk*y@7tb(iBAufWMt3zeuC=a8<|ty6+#Fu8YWN5y<{GFx&ngsd|&mQ0{3kTE7xtpmm62#waxhEVmC9#;Fps0J&|0J z0)mK+OeYSMIA;Y{Tu}}FuI*dNi!~7}tVY3K&d+ll;FBB?V#&C_l&W#ygZu4aI&lm^ zaa`rv14yjwOSwyas_pT~iXik=KGJ)As=XH?tz2bxPwdY9QO1w|ydY8Hv3?m6YJKiH zBv{{$ES`sN{*>Tb3Uh$Jm;=B09&?T(Cf86BU;bL9dxY0x2zP%PtXNR;8YyaANFo1c zB`dW<=1LnSBj6HybU=ExsBpIv*UEqHn@F2UAFS~GTKZT9C;r^2ZGb_ds`kjn94o^m zsOXTXc^*%dJgoe0tLHAK1v)SYO4-47M9lKF>U3|}9^mFPy!M>83k~Ph{lQDzi>>D}PbgLTenPHH(MQ zulvjaxMw_z@;9>TPRVCDV67GgwO{)!!II8ZAq^uX8AOAnBDKd7UDnMTGTB0v!x>CA zVHtPtX+*PTiuY|6KzxaoN-G4pa6)~h*?ukb+B3gJ{=sPW*EcxWAI{L%SA)~mp8f9| zH)LLEtoj7v_#JwPLAcUy5aWpNyRxvbpZ}n^b3U-6J0i4}k^L^U(**$QLIKcWmGfQl&ZIeE?}u8Lkh2V zm*?np`t1$pg9~bpXR8>#E=XXEzE=}GvCTLY$HT8CG?$%DFf$*2w)ZZ=;;{?B3+1v> zsAn@*?QsZ`x=7|lz!gKWTcZ=#k5p9tMVjS%c^N7r4UO$|)ZU$aKmd^yhDbO1?HqzB z;gBMhWP@0Y3;4W`!|b19TrffhyU3d4&$OVg_$dazrgT}D<#a;o{+POgnZi>wZtVW) z6z45k1*7K8VQyT{G;`v0Q>YgCO52>f*a?g>x&|UYBjZi^O|9s6+>-ETa z*2VsInHf_{l5e>Gtb!{#VT zg^2R14attLWub4G02S=J&ck4z6F?bzYoWXLpN>($mdtJcIHwT|#CCD50`641TjrHI zBC+uNRy`LA7=se(+h{-3asemzs4rykZNBr&$HMP{x{7n9%DU^QHvQaO+8w0poZEBT z-CYSeW{=7TN8zDDHDFP0`858$JwFtOtt`GTi7ur(8hC^e4R@4u;E0s z3;g@*;&^20l8&z@29l9(qhou?Hup6UXKZI&tNI=i-82y*XClOn`B90@UK_w79Hn;F zmB>G7@EUrvdAaJnaIai#u~IUg zO1c}meFhO$<5)m>)|gC0rF|npy+D`8snSJz5^&Iu!M4tay2p<{4+U-9c!bq2r21~p zXFUg#h^=g*?Xh2`tD>@7>q^zSYxI$N-!s86{?b#P8?QqR3Z;j2|q!*jlAf1zd;|_bT zO-H7H-hY4k4t=SJkaadtoi--7@ULUQR~fi=e6)JoPzsc<64^U0anRnAuqR&TNdhS= zSs7h7Nd1kA%8liWS-T=fD3cw4O=sX+!~VTiT}fxy)JesfUCONdZ6PQ znMl#Wk7XOw!(}qrQO9Fp-HSq6&Gt9Hp&nQ7$A_sGUDVH7Kw^!u#vsEs zrAWDhT55mdWGn;}d?0JIksawr^wj)Wc&vhT?w=IH*pg%1jVTNb0tFJxXQk(R?G(*tZi)NH2`~BcNXTdT_x?}H_Wn=o zWel^4u4J4S)kl-K_Pxe#%Yu8yv4EiBK?s3NH-^J^>AF@_{Kl*hyEOE9|Xx1J$;VsI}Zw7Y}p68v6!dg^Us;ft+W&1bL_K@h4-QD^X3M$SDU@)zG}TK5|b z&EUP_DB{DJ<)y73mb4bftTOckeYwz-h=w;Q5g@EsY#VID=KDMsd*sN3v9)$Lr+xcW zjBX}@N^((_M`ks_X8xEJ52nQDr^R%eug>^b8YSRtx#>P0g`^+SzT?DJJcl7? zDIEw6Gn*~jcKaR9q`cmf+b1aAFRuyJSDB$`oh7N-vM;)Cbe09d{zqJ}>Z`SMYpg>p zbZfEM%P`bT-D#bjjhG&A*()`>;lB1;&f|!ieH3yM?&FS|sH-=HnM4qja|H_GH`O%f zQRh!bXqlB=?GLptKYm?`CcJYse@+|Uy)LIzzyI7RWq;XiuMg$jlHa6rqJ`_~@s!IDu+u(5J=lwtn;$eo!_ z@FCetq-?87#q;nCvl8U+>|c!-My;c1;5ikU8V6Ik9lu!{`l0d4(gnQ@M`PJVTV$sl6ku1rK^D%$A#Arx2Ozr{8n2toT88zlM;N* z?Q2iaasX=tch%=;l$_iSm4Sp_6YiM(m8D_{X;@@IPpa2k+T*OHrAUETb z5I}S>5#Q8>2McHA%whzgur)05!?knKqEWT5qfJix%$8GT%}QK&>nkQXR)?#`NV@lj zSU(c3$Ukdv1|2dN_HR+&K!9+~XmmkK#tsk(OKw3UB%SY%)GMnLOA%k;w7X(&=7^B$ zX!6W)KcF$D<4#C%_e|Qs*o)OdTk{LkDMnKix=q70OLs^w>Ve$@Hasj@J$};_B6C$( zL*u}8fhQJ#SNbXCV8zqlLM4PC5UJy~isKf^M+r57xG7;lPTHIK3rf;3mn2BjW&%;4OFUIe6cgmfG(i`{JfzNL8&pStXVcHZP}_~~tkAnlcov^Bg-4m^ z#3I1G3lea|*4UX*fRawz?My4Z-b*7>gcC9O5#`R<HUn?n5f_xVBBhJ+yfqgx84v^e6EGpVz5AUHmOd=6L|JG1g& z(g}N=ZwhYq-xA8fh#b{G@zdAdr)gb%IGtx?F*0ba#5l|0pA+CL<+Eh1{jFUydC$oB zgvkrYi|@bP46KA=$6hmN4~A!{qZtP{FHrsQ`P)$joc65zrE0 zli?Ddzb1BU)dv5>6z1dzFBgk^j3gppGy;v$Az>RanbpYAucCkv?w8A*v_;m6jcXhe zPP}YXit%O&pcO@8=CQ}*TEFiG&vJ0s8ZdW2C**krU(U5P(XpO)U1Gp?8`u<+C%F{h z8DAVP-mFrv8+`nUbRQ1w89w2ENLp1mdxR!@@nqL>BbPS=CmGu#HWCNGRY6Uhk>pM= z>6YB6f)wP9?Efa88sbKd@E7|8TXzEC{gHyS!ERIdN=^uN<;aIb43WA$ z$bO-Wc{A9dsO*gk0!WbTbV&rA>`8qKf$@OUf*4X4QoFK@_2Nmxf%vp`q1zwe>b{|{ z*USK7r*&0$!F^GI4Uvous|CU_<+zoWUa}OgB*qoTGpJmD~ zz(}V@?9`QHBz&I8JPMf6!QWrNC(GU1jP%#V$W6PiOFb0?YgJ$vP!{>kjTQBuWL;^dTNjNlhfzvu=`>O zDZH;vZrJY?NRakBAm7oBfXiB)8=udmIRiZ6I9nH4rRyN(Jc)kv2xZs0?oHY9U;f_+oWLz_-ms zCIxqF+ho(s>`$J0e_wYoRMTA#=Va-re&U33*X?1y0K08+Y;k=W-yEG>eeN1&^N!PpK&m`}5TYu7?jw-le9oj^AF$yBn0 zcCc@*orM-3*)9Xq7L~sr-!7iwuB?#2KBj<}k}g?Kf8CncUn*ILl?<>5)+gNR^KY`_ z#@$~Qe;K_0H`#4!r>fEye8Ec@Z5mN1A0r~=ldNZp4UE3mKZ3iJCyj-UK;SJJhcpP_ zR+yY_*LFpg_WW*Cm!I3!adO-|^Rp|IeaH z^7`f)eIBbWVjW0v$z0e|mp8s;8 zW1<<9zT1=siJzMlT@F!FP@zFr%6OeRDB!BddlN{!%3|fa0((l_#J|uOu$nKy>@xqV zo>%H$6ul=wy8LZwQADe1l(Q1@`^gCu+Iof!xs2|Tf#x5lHmB-GnLAoU6l9)hj?q$QW*KnwOXgjjZydEvqV|~5r0*g)h{jxbEmqXg#{oR z!IU+5#g6nh6aFy?yOYC+K6Y964wJP~%utZTOQZ@1iLLFPix#gF52gEzYCWWQNY0?Q z4{3Q@Snr%WlZNl3%&FNf#!!(B28?;A%J>hu=jbr9;NqYQ+q^yAoc562i*NJN#yc=t z2k)VrB-2>rrhKb&DKLQ$Q5qJgsvU?3Yz^xizqSa5O+8m4lTl#9@Y9?D662fu(GTu0 zs5Khympxk414}nH8nth1y=V-xL)jqmNwrigJu2{6w|{pURaXdu{pT#`b}QDvRTo7- zm96)ZgU?V&AOa_jw_V~Ijr2vlTI`5W(QN$AiA7s0Q2+Al^_+Xf+Ajm;>T$lV6{NcUAX{}_K$svk7VQq9G7+Jff}%Swsaby-vS|=%#S^9OLWRoRw`8> zuHxWp3Dp4v-z_R0ck=JVuT5HP?+Sl2FZL>oT;Uy#*-t}Xg)zTn+Jp;cmFWt1pQ0A{ zs?_<}TJi`UNj-SMFpt!NXOu^i3ER_v0aS;_nIY`|;?|#nrA1`rhD(yKV(I^-_vN~c zlh93(wTiGXgxb|Jh?U_%24fjxgQzFPF^h2Z)3HENsJNHE^88vwk$)E%{g5l(#;Hzh zc?F0HmeUEPPa)sZ;xVR&iF2jMndjZ@aoBw=$%>?vPX-zE#%_OZUs^X!YiQgbZKl{@ zQ4^~siX|E;H%s%(;E$nN+H4D=QJpE=Q$?OmC6tDia+AqE*Zhja5(SMu3lD00HzTL9 zUC00BLSY{F*hb^-0=G&bvYH<1cj}eo?{4Qe@$KvhNqrMeLh~^&VfmeYVdXs!*~MEH zkCn0J7EfmrTJ&N1vZqt0DNe`7v|V0Vyo>SpuC;!Y5HUqxf_xCbbR)gM1_ez%>fCK(?FQOGJrTv?Ej-w;T_&Jz%AD2AI;2dvruoW_B!%O@%kASohR z;pJSkxg#!2RLKm(oYC!Y!$J}T*Ff}wG^cIlL3RpqcsT8mslSFoY_!2jgD|vTqniQALAwR}KuWiP4 z256uUD&8W$Fbe?6m?L9TtcDa!??JFgvKWw-6v7+MaH>s%#C5+X) zWpnBY9Ik-A%e;=(a*aP@ceP!=FMI8X#f!s$saavsKBFM4Q#mi#|1TI7WAsu8lr$NM zGf5|QFu$D5Y6Un@`J!wig3moP^CMH?%Qo?FuN(WH)PEH)>)I37Pb;rFqotJribC%F z-x`H1P4k!+wN{^@3wi?*A}3yk90mhdXOlITQrB=k8?rroQfrDC0;ltdFTbIPhE@8PM9nVLQ{j;`#E zXp*qcpl&vPkUO80*`U{+CjgCF!f{URXVOUP(m((Gqu*U)`N^QVvMw~SN{_;crRjBh z7_v2Qp7}trN{{A5XoTr3uh91NQ*LH^{a_z0!wW=K*!HqDi-~oVgDFK+UtBVwh@r~L z1LS9dUjpT*<1$PIpn2Xi*V`=#hJ5@{kX;2bVLZXFSZrJ6cj-8Ljk&~t%Hlk-iAxOunfidR^nO#ulvIy6qKW8xJe)F$tr(`TcTSq91j zWoupXmubDt=J`dZ0wVyCh<3jDGK+#;N4}%Lf!nxedk8M3=DFE&6g)yiKBPcBy8#mO zle|N=O9>KATn(^u?sVHs927D-=_#E~jUaeAC`3OV1X(S)U3UehR`3sg1JT`+!-S^> z@j&cT6RRs12h|rzjloB#lXzVA2WOEpkK}{E(lpHkbxa{S45LADL~~~y&`L6tmT&sn zFAr@5OR7t=eImQ6ORCS_d?~@R%w2^g^wj!cPzp<}BKLSz0)!#b{*_6w9EDV1YRNSX zq!+I{23q5Pc1Z1zlf=@kHfHfe3g(mAIQ(rarDatQBR&x$k@tOr!Io)m2-` zz(;)30@frp>u%=2F(_|LCx#y>m*!}G0coVPhs@fu6!VQLj(^N-iP@gTG^&!rFfap2 zqEpCN3n633%OPPXDboZKfv&n==|Eiiowxj5PbGhP!Qub0+J{mkC z-H@7`#XEVqEzbK@gA&+5cEi!Ji${Glv8JAx0JzzL5LU?Tb`Tj7i6x!tJjPRf82!ub zzvyxrxJ8!h%ET&e4Mki=JxR5wNLi$x_(4oXh@qU3ce0b&@!3hmHn(-*Up8>%*j=IH z$)G&@t4j~&6irM`Km(W^VT9aL$HdLWlDjTW#Y)CqjM>a^w?CLYM~~;Y`pFRMIJG!T zF)t}P8dRq8|KqczONEU~yW}uBs7?0@hX~@)&&#nxy;yEK6KdDZI-P2Vd60TT> zl`Z~aY4CDNv3v-vav_R4tC3SOIiozgO6JXC1e8;Q*GK2K__v)v@B)@5ojHx8nD_Pk zt)GWU=`T_J6Yw9al-i4A*A_0WzT9dZCn;Hj5c)O{oD5dna-A6MNsKL*id(W|kFoHj z#Pi^diDJihhBOLx*;Ch$OZN7iew+&;{{FDO+ zhdGSN#_Fh^)G>!XeRxvBUOr$j9_sy%jM|5SQJ4{BlzC;>z= z<0B6S>3xYSA+lB(n7{Z!pK$-)bYPI3@wJ$shUJP(P4nIpS8#jdPdWXtdv;*LxPZD9 zALEOp02GI!l3w|kAKCk0-7X(-=@28^b68Jn{-!eHbLtJYu$}=2&r&JBX0v-FUn!?S zSU6RuD{{)K#C*&iONF}cc?vOdc{m*r1i+<1`+nA6$XC)PcOVTSJTYKxy~_~wT`|gA zI28AZ=VQ;Zi9vq7R@_S-OZ+^1iK_K7+m6dgwequ(thHkLx1TISa#ID|pZHfQ*c{OJ z1RqBcgV?1;)mawSg617l3UV$DFV*or_xgwPJm?Sb{uJ=UvMIQa69?rV^cZK%xoHD z7Fl(#de&Y+iJjgkEu92)=;PsBjJUMTx;K%#Yu&4MHhJH2yH#wqtX`G0o78cLH%01)!p6YgCBRIzkLzn}KF&r5SyELYa7>FwiLL=CSi-)n!LKcwP z0e-wLKl4&a>(}NhduaIrWFu2W}oNdNV1z@8T*K3BZH6H&f#} zLsey=w)3)Uf&H=JOcj{xYbU^vD-`R#@>#fl5|}E@27O9gQUiz4M!*}0M!ExS5+n@p zi1_tNGWdJsNGSAwG0sp9nVu9aDt(3ry?j-1(CmVYwfOZTHZA4`^~YYd8i$LokaK+v zVVD{xM(4AE{oz>&ZO7a%r^9PBw_1rf=rX0w&a9axo2!nWZX+?V)*(ZK8n9u1HUdsN z`54HVIwOAA3XDe+_gakLK^r-D9d4K0KD!7DL+S&96x$dhlkZ+qbzLxW+l^t{m+_!j z8O#8}juW$lmXfsxo+|bCbqjg~v&$})jelgO4Jm!lzJvVZ$ z*YS@U<94rzvx>`CrQ*){l~@%K#y4 zr;AL4{*vL2-F*@HhiSv(6RgC@`{)u}DK3+8JLV=&GDoq`b^V4?IWQx#g)s-Vu*)DL zw+a405QgK3t|R2eV`9058lCEc5g*W9O{K-yC z7@1i=L>ken=1xnv<#eoX0a?eQOXICa^VL`6o^lJwgH9eG>ck-l6Nwsb;y#?Kki=Tp zz`@|H|FAd+^Iltvr_aaoVdYNi>T2hB*+lCBYU1_|W@hOP{9LmlWtyyYa@LD!)gg1* zqkRr$ct*kIrL&Ku@}_?2uZNLBrGAc{UvO(TFN?Yu=FZNHZw zozSqarxCVYPMoJ*fprlQw&dAwJsoj)_x13KYq_|3M|Xp}O@Wb_w0$tux6c()ar=Oq z9imd(;&xvF6Vqx7jN5*1u(<0{y8Lm&)OPZ{{RGT?KK9JSjhpRMeEaQ=suipDBlxRK z5-bM#bK&i-a<>k9f2+Mls2^;fs>}f-j*^0rhptwOhvbp);{t*lreI>k01`>7`CmZS z&3^pTB{9;t<7;Vju_bqF$~R4UCQ)q@fOeS(1rFysUZ?ly>R|F&S@_lmO}BI{AFS!e zQ?A^Ij3TUkj%1FmO*-p<%9W{1C-pc3E_33m!L=}~+7YS4%?)UvME(n+FG9gmLC9LE z*%?LypiotqAE^*Q0UiOy$%&Z1E-;aphVl9zs=hJ2?&gcOX>7Z(ZQHih*tU(vMq}G% zlg37a6Wd9XG)@}b)4ung-upb~+wa4f*)y|e@3q%na{xiRs39WdpvCxpwbYMXoAizj zHW&bFQc+E45Sc5J6}{1@fDTr*PW#x3j+fU54iS*rA;zns`1* zU8m^x5X{$VOEH4Mg;uUM1zz=7qYK5QoV@y;_o&gbVgqt0 z;UA{Fq7knM_v*U420she&#<_gd$0*`m=~V%G7O5UlGt7`p5x;obE*U27yeBg)8MM# z&W`~LDcMPOFPemeY2O#WES#L=>IdF!E%fLrFc*k0-((*D7QYXJAqtXB_M3CB($8g# zW;OX7@AX-fFc1owPg?4LjOcQg7OsLi^qI(OsvmsuJu3TpJ$ntdcsv+nt%6vx5^o+Y zDB}gJ%Qh~k??1*Xmpfvo(ZdTee0oX1&_~eO=RL;DzO{NENW48cSR4F&83+4zdlu(6jKJZv z+>n-xn1xu+yZlp(bvVN=a~OWW!A^Z@VO`%H{MiM5oWc8dDEz)u!GPXsjpeFPOnXa= zh{mKiT^{RMTgT<6+DNyv?;5AVO@41j4v^PMMd$_A-^tm|ZnDBo+vM(_LNb%JPuu=x zHse-pu{uKB=Zr^fpo^t`DH^1b!c%yx6;SXy;b>aNN(}U67pIE~D!Ril@B6)Nmlx07 zt3GyhKG-nTW$44ryrIQnP5#eQ3UV;ZDb#h$xT@nI?mz@~C!4(Egkn>}oT3KD(Oe|l ze&?bLh_EMkfR*)Mj8pq-oDNpb7gn|r50M@?l-$l;);wtF!UkebwZVbw!~n7s0yEiK zWhqB&hJVhX?%Jg5c#!$C3gS?0V{z=_{P~&Li}WB>vfkO9pjhyxZFAwTig}>3<_?oM6)gpY?Of`BPoAk>ObY_D1E)gH) z*|6s0FrEnf0Z3*L$QX*j4Lv1=N+UtZdwzH7uC6gi;5BsY>l-Qr#@4P(e`DwJ9q$8@ zvr?=$mn_uunOo=d9vl2Xb38ftjxAzJlnhLIDPBowj1nfP#(=kR(`QuOAtkh<1$e3& zSn+poT-G&*p7Wa~rp*Zm9h3J^`7N3$ui>fL1%h>cEY0%bDxZy6g{-tPZ0m;2tC4NB zWSQBdKAVt0UCkSq@T6PyZ5_Xw1^-}iS4p5zL+HHrXcWR9W`oSIigO8(ofX6}H9Sjg zRb;%0VgTFCw}5HDw-844cCD{!T3Dy3&n0ax|4@&wE1t6pH%7<6szuVOEtMWyv$grp zirIj8xRK5en?Ikm{OndkJG9B!f|Dh8X**_D_`lnFul-VZI4#sSk)JMk@p9KG(z{C( zCo@WfU#*zcOH4W!K^TkVcaNN5kDya!+tUzne6u!hac}wJn<*)Vv8>V!pPQc+BS}@Y zvhk~3Tu29TPpgfD=gt)r7Mhs`F2ubyckq*#6&Zr*H-YYCjd(bS9MV4SHrd6SCi!+O zfUw?QECdBH$AdM-VTXwl>v|x@h(TWJr)hi%-7n~vu6Q)loF`LN6S1Oc#)KW1f1!ym z?;#b|ToigV@ctVxE;nFpeyVP~-E1M#Y>57XPVWbTNm>e$Wr@%y?Y%!B^od~+rJaUw zcBy|Bw@B572aC9B>F6-~1`+ke@$ zG<>x_EAm6%QtJ1Q7eCZLCd5_yEUSJV0SG9fC^EwRTSTVbf1B* zHyE;qS0dh!d`q>|oX;S7o?jHhKg#EVJ^MPd$MVa$Wtu}#6q__lIYa3Tt0?5BN*6J0 zP$h|+M(h-0)nLM3gt$2VLdnigdsP(tnAi5sCVqL_^f^$5MJ1S(#nKwl;bg=arD2Jz zNtVhHvKjK`&!>Nvjei!!q%1?K88Aq{{8G$1H(%qbsUx{y{KN~KvC)?}1_&mi{UN3t>{!XMpm@i^O0QKSxBM_An55XR~P+aR8bfk|lqzqE`n(RyGy0fPiE(mHNBWyi4Urwt_B!eTR2|WW;TdT4| zMg!1OR_&UDo}r12`9g|$nY3uSKi>~5vSWcfc+` z{=Dnm3LsYg>l&3;?vWDkDRkqr1_5!u2F8e5nOvWsdtSb~Fpx0wmY-wImVH}6xhMUS zMQ4~UMjF=_L>i28??v3tmh*^%~>AAQBXmIAm%atpiRuuG-qyq{89~GwCG~4V9iHAGO}s*jC!>A9CwX9qKU53sIUFBUHc?o=*HoF=UqMk+%h zF3O$4{^9dD19lDhzvX&%%E@5u)Rg>%yN-_sj~!C3 zqyw53g7h8bx1)GNUWFugSzu);k?z-jwKR((UPCLldd7wM;D|8V(DD*DSg!4Dl}i8J zYwBM@dlQn5k>S>sgSL7`6eSgr(LG+o=#ZMbjaiEDabM_Yw$b_SEBPzzmoY_)x%E`3 zg&Epr7F_a6j|R0*{w|4*S8s6*Hofa4obn==ur1LHdzj#Aopk%8coQixpe06bZk3ka z^`Fhzy>sT-IyFzMP7Ht4VjRT)luxXzD2ghY6w$ATpc&naz{Pz>Lp!P(>kDr%2?cAn zK%?$g_i!!NZHm{ zLQ4^|z!2LVKnLVH_uY~BfA1hVG2ok%bU*f-Z96VhwXa`bb%q9QwYuvQ8Gn47@w*XV zIfH$caZl&2VGNhsZ2_Y%x4=lM+j>RLXOdUaR8oj>D80U%ORI9~?fMN7c$VG8x04vzQ}^AjGvf6X zEx3DCB2NEC)a}Q6pRox@C7ZSge*M-cGFxWJNk(b)1#2x^(Nw-pn(_(O$IoPKN3AW$ zSG~n`B~R{S_I2w0fA4`*zix@ot8TU;j6XP9v=i*ogHwWwh`ok-*;>MA>0tTI zsjlN$VhPkkhQuV-!qLfO3W%>RJ&~B8uFnV6yH+6uZWWZ9QKl#HiZozmiqH zZhY*W#im(jf%Pn&NXA`n(ngxkrMO&}j4ey>Ji9Hd2hx%kdH!Lj5BtE!M0gmFqeqCe zm4bHyP&b!?Ri++oGuy3!c5hwsO2$faB>QhdmuEuj>Bp?%Nom!OhEUfS;PWOfc~F(> zLJ18*X1;0*)iGd4`lITPS74seCltT3j=T_47FO^+L3S0mNiWbR&s!%jweg~7CvC&% z&Y|ZTAz6dd|93m=c~d)3qXcs~2>ZeN-u-IG+7v33IVNm~93NJi7cF{UiQ5*4 z5ZNf+g`WUacc~m5aa5QNG}O!1tlnHabS)zYRfloXOs$%2iXQ=DsRU7z@ww1@s^6j9274^TN zQpVo>d`s-YO^mLA*D@x7MpY~kJUnR@*cc_D5HwAZP%Nyt>(ny(ARs0}_!0s*5k~_h4LY1KrlG5Gye| zH2#4cJnhFHrCE(z+9~+PND@ zbVHL$UMwY|)U9--D9?uefW~aziew!t+a7g@gaD!H?##RB{<7p6ex2H>+=sl4FKvDO z^4Ju{(_WCjjl+PE4jt~Mt{#O54Aprm&$#(pRuH&bR-j#cruuGCM>OOsX5fi(?ZvMM zDW&35>Isw>CX8&cYECqbn>qhiz#6cco;3oFu}ND5QM|Gl)fi`0?n=KU)tMp<>{QrR zFLuZF;#}af%nL`WU5av}K3j5TMZ8^qS32IW6Yn8+(j6)C6gfP%@QPIh?3VZ^Fp81=- zsz6H8hXv7{|G1~Zkmi=egNB&1y`DRwSqMKx6NcO_R+qg?GnF4ZRK@jId^d_^g+m6V zCu5faJwl$hh&3GK2mpiyvro^Uk&lHj{b(oA5CDQ4uHom)7xc?z6@A)Vi;{Zxz*psBA|`P)=%ENHF<{&EFz zakO)d`u&Ud^jmG0)5^sQvu6@AW)Iwc?I5eGxe~DodL4+Q6r&z_lnE({nkH+6uowvT zjnPSc7N?KUo30)ULgydyDQiIc@;{7U+{B{2V^dF;| z!>k5WSm^L{QXkNxsYg=5y3I>w)onyX^WA}(34PEwo)UH6ivTi@EaWFb-zFr4U4ei6 z;5EitIYvttLBPmwIwq1fGht5pYn&H$hf)|NqcXNxHt^O7q3I|@i-+5%n)Tgf1`iN74ZMOwh%YcTV= zXMZo$4^=?DI-v4Y9!Zr7c1%d6T-<#tld6QT_KQ;2^VLIBygpG@L71?jt>>58=V^GG zyrxd6P5kZQyM{b|xSrX&lL5Sp8jx1vCa-CG`}@GulNLPG?yqecmD;p~{rGdSh+1V1 z*cKMKt+IPSj@*?ih$m?RQs<}&!CZNBgBojdk&5ba1)&c2OU@YJQv9YP%Bu}NB53O} zvYD#f1dv2sVU{hJ(M*w%5}1iOFs>qBK|3M!IR!n!c~Pc;aFV5DT~Ha%S_)mQ@qdS} z!n|Ayc=!@e#H;{+47k98GJKbU4}92R1drnw#my0b_@%=$`G>!aCPd@*bG-d)my#}c zPmp+uE#xgzsQJQ+FI}s#UP&r z`wDc?a@XA)Wp!e*hh1_~U8GMU1uKctxw;{ii4@kJ*SXMO$-8?C@lFKk)vcgpyE9Py zmd)~!uODka6FfyL5??*@lXR=&lWR-#*-EG}k(GUR)o+@S6)}^E*k-8@SQHdUtx-5^ zs;c!krlcpUR2PuXz&4;b{2XPNP>!x+7TrptK13*x9+uAs1Y3sXg2J4SznCG(9ta%; zL_q`eN!O_)M^`$tX0vcoe5E9GFJgkZ2IX5SmPe(Af4W3i0hU&nHC8qJ7^I#)d~R7W znb}29d)(aOA$`_6{NnHa`8L>^V9)l+V8PjUaFy40pLf|0=TSrdVd%`z_W49OwgbED zQD}JcGu%8-Le>6>!*_L2`Ar}ivyGVp2Tp4K>w~Y$QnoDLQ0>k2d0w^3ORvYh1yY1? z5g2ts;!F%*BDi8efI87$#0THtoGv9c7KH!xa}Zs)2yUcFr^fJMxs#ufjt{vte#?+* zUEtmSR7WQTgSw;d-*f8W-myW?{BX6Y>T~yY|2Bs1!Pi?5X|hXsdF!sj$IPDrY(p45 zm*r#5J?3zs;Y487n5@nP%Q-y8sPH=$ue>gXt1yx*1>64)Jr7Dj6zW=E1P8sRqO8?< zdk|g`>G(e)WdxTQsB@Ppx6RL9R;@-A1l-kLlWH=P!?;d;Na(vS-E!X!J`c3wo`av^ zo3L#GE>C=5AAbbVJ+K*P>kkPOBTch74i*)%Ud5T%*7=POBd5QJ{fxW*l2z$At9YJK zCH^3X#)(#%qy~vdESTucHDy>S4^O?jeo&_oC~kXOAS4gT*+^}tX&b^ICgeEMbJ*E% zeZ!46xYa_)BB&~6gY0LXXPe?xEb%CSW&g<9^NE6Fec&DO7}8gQA}xCan*fg&}d4 zLJUdR7cDoT=}P*1z7F`PM|I>!M=M1xw)cfHQ<^^0n(x$Pu|4ViUSJL~lOrqS(urC6{ywb6zEqG4Xoj$feus%ayL$92JQ+h({QMA^F?v2-~5j9EJ@l)OQ zA38x;I^9Jn-4B2(iPHy>Nj9e1z2y6fLKY@lJB3x}LeO-AMci;cdsHW3eU3=7!KsMw zpB@XGKu3T!R>vQRFPqu6NnYljj8LlQm#JKzBR|~gCt6xk>J%i;XYI-HCy1s!o}d3+ ztfD@$x3&+k(SVc$PoD|#`^X>3Koc{g*D*x)NhCwCF({>7V=#od>?z}sOUjvnh$^>I zEg{p}v7CYhQ6s(ZJp*9It=ja)lo^%d`#LhAEM;fK;R0!j5+vS34zS6;DcH-c*rX%t zA_{EBelXP$BhWaNJFIM`$2n}qQ!1}dPP&`!`SxuX#tSOt3$c z&+9&@5kHZEtFPLSxELeqpPoHN49~IKr$k-^uQTGj$3x&u8V}%jDt|A$WZK;~>))#E z*Gg2z#GBNuPwu~=c_Ss6^)>Hj5l7NN39ugu_*TkH1y=qp-xx>2=6l+1@R~E`9rOb< zc>N8f8#eFb7ijKwr?vL*&=@R+1GBqsik-Y%e{gTGj2>GmwOJygiZ_ObI36WT&`2vQ zaTqJ1%rGyiD=Xqzdm^UI75*17^?APr+|vUlaJ@N;A$fLhyZ|iFw}@Qs>RHPL)td#( z;jgdtNmKnPt~kIaIIZ(c1ZlC-f-=KGYJ@xi!VZ4{qm>JA;a?D4yv26>o)6<#GKO45nZZ;wtMlN1p=KTeWmZH?HcrLkM*b3T5rtt$>L;2 zxJ_%Vo&2rqF6)z?(7i_Ot5ng@H?Ly9$4m<{#KV{MuAtAg+y1NgE>!*|@&x>Hc?$Rh z87G)RGSIFC{;UcMiAXvuW!kc!}XBD0f@9ZY<-SVLzER3;gfELw<~dATFlNHE^q2^eboCTe;u6s-)SHvdCtuyL4td49CL6RLD{l z>>2Ekp(ZyB59H(5G;_qj93om5^Kt+2#gDt*)Mq`V0%6wYd`SoVw4xx~AJLB_kI2bJ zKMD{lN=YAI-aEx*9g^tbF}g;%JmFL!<;b8ul-n$d_ZQoocP|me<2{sb)v}8`xO;6K zG&76lFfPO%}pxMOABZtLbJJCa{(;0r_^vZP`j zGfMc8Ha6KDHQSeVSeM_j30UQ>0owi+TaZFuT$;{eusG;P*!7mEc3VzTZ2eS zbiU%GvE+sgHw!UyCrTxVCa~#%#T5cZjLjNFhL1SMof{%V&Y`&Z_%7QB)w-DNFX*(q z_p$g^%u?lZQ%R6nY>wdYuEr_@SgMDVW)ZejBQZrzX0p)Ck3{GuR&$G4a zeOALc@Uv?X1L&3wnd-VD#Us16#*f^)ct@0A^V2h8IjBrDV~Dp_(}!;_BQPB)zd;H6 z)Lz7Lmn>P*%bR)+MpR9G8pWTDJK`uFhFep~{~9~dU$**9 zAc!MMNsa`wz%R)YrHY{Crsv(=6O(r%_X&WyHu%?bFV6>4`Q1b#A5o3Woc9m|y4?p> z9%AD>CqA3})QO7zul#JhsbUg+KzpgnJVgD=SZee|lh1McYKO^%*B}*)Y?mJ;qVmHD zythv`#v_v)uQ0%pZc^6>~{{cjt$9}z*RlJPLHTyeMWyG zrj8)!0M8W5^f(gv_DWnxYOvGu@i#IRN()T~I$%>u%kb03*KDrfU~?!1_%+)tf4xAmQSMO+qa_Q?G?uBJd# zPls%aa45}I$+ot?QuK#@@=}y)5O_M2a_^%+>wGQ1IVm(Vu?0+?n_VLNnpVR9k>jvQD1Z=28E*MKJS{jjz8HG6AP9xQ$P}O4Zx7w;u|94* z?w=1mMA#dC9lSCIc2ArCQ1-X6x<{t0nVzL72j9p;A1UBufh*8!?<{#JsFt{U8WsoJ zL_l?tPfF-|x!ipz=RQp$ik;k4uluP3oBCf9$MYr$v`3{@>gTyY9Y#(5x2AYyw3zV} z2{yR>2GS2ap^g0XMK2dsGVLpn{&4KS_s3lqdwhECF7R)3E@4e;V}%(?Qc|Z+m1r;+ z^;k(+?!E;i29YVE1FogC$-o0`hNSO{O4)UZ|B(;MYzY(Y7*ZvHq0+IuHcXM+8F?2u z9@2RiT5R=7=Q%7HA4cY;74Bh*GbJMiUd%9x)_yXrPDxF$kuhRLp zOfL;m8XZ+M(#si-<_qh3=+}|@D0=SiO?mu&f?>n_hw6&0Yg&W{ zE5pqu9P=6K>uSA|N;P!rZbJVtF@W4_@^*f?Qyjr27&|uDav^b2VJGHUUmnzT?8;or zG=RNhg^3^Eatq?ePf zIk^OPy0aiO+_tg_jNGGA!4+C{$UM(i-t~B4bf0zmt$8_@kOCUDcBfLvO)g}>A)?*# z=Amg`+aUHYR}-dF(18A1mQgcTa!9I^eTFKJU2zawM$mMR+igjp@@{LD)(cyVv?qp^ zWSEYW7k&R+>Jx-#>yxn~o7%*L7{ zUW@&VVP!bH-MOWxFhjLu>ThV|M@B+C@spEKW&WD}e^ikJ{u#q3%+oqx@nLdZInvgO z0#)yg`;Ax91%A`2Jjse?p>H2PMe+lBjGR*D>Z2p5*5E)_ zDJo7l6miR!YSDAAprgzMWxEA;qP_J}7@xRWH(BB^+`uPTK%eb@rRWjxzOy$*e-KQM zxcuF1Z_9*(dX0G2NQ2ZZand-h;z!3%;>fU-iq@nAYQx$ed%-s-|5N5b8WG$&)2IE# ze*4R;(DvaVOXW1Ze@341i|iqHMbcfHjA@$skJ z0DVq>C)uz*NY(WQx`eQp5=RtM!y6mPDmAFCF3H)>l=x^m_N^4y0>L>E1ml?IpvU#T zrOi4G@@Nq00VzOIUAxTxC6_f;u-#wUrR3!z-v0hodhHN^^%OH<@e$bj96g=56-0I# zusmLfP8DwAV#C0q(^J!`-@o`|^u(dW?5vR65<|k#7Qm;=ha3Hc-w1S0E#C%7bG+-n zeq@Le07H_edtbJMG$%OJsd=(KHpkN;v;PmP+71(V$Y`QTn26IkT6kk+@z12zph}c7 z%E^JJS5l~lA6_~v0<8b-a%f1nruE*z6+2_ZQn$D%&Tly%;LbK$`}P$YpWIt7Hr5b1 z8tpsmzc~q?m?@7}!&8G6PH89_IFW8+uohGtMk=CdMK;`$Lby_{awT68GUPE5nT_ZrwNp6@H^>huhM9@p_xPjY-BFb$L)w_|oho!)}{S;+Hs8AN*)kh@v;H z`gFPhKG%pwzstV<8+DwQ68EboOqwGk=4hMRaBtJDKDVR<8U&qdhNxw-33Nok2#Fy! zIO#O%`Kk$#aXu!QP}wvh)|R%_d-x%Y21@7ZP@lRo56aEPy*uxf$k_BW&<*&RS(lc3 z;rHzno*dI_JO5<=K5oRzA^_G&u5?)75a6WycOPU##AQO$`@_RsEmlN!5l+b{W1xSH z$c+N?3E`O+`d-lhL$c=`Ij;ZDU!=qB)%FfvX{aE!rE8vimOD#MpZ6h$o3k9jn2`|U zw*}n#kyM6{Oo4r-75SB`IlcKGvSlB9vvPMMf~I2(m9m%w5!&JVk_- zo9*4cbQkz!BPY~aRp}psg-9>X3J>wNqbY;@->uC}WXIk1%D{N^rraZY)nrlxw-tq| zoK_T=nM7#XJw7>98rq#@5^(zVPu%7h?#91&@V5Z4d_GsN`T+ z415mZX&9gv{1L=un$VZRh_h{eiZxk9AJ4iR?{73LN6{w-si2O7C2A;k0%?h&xN}%V zXt=GCIBY3drcsyNFu#wGx#8lVg!O*7n6d*YY1=f>fO0w}+^HFiDxJL=rR%y}vHLcr z#N&uoxl8Wfuv*vV2=mZRtNJQKx$42YNG4XRx#fiG<=fLODWGDazc2TObWk9G8~xFc&iEp z(WNxS>8Hx9$B_Q-U(8U}%p6>m4HPN%%cplnswJ}q$e{ToXL3Wy$|DIWEzlbJ=1P^I z9b8e~=Tn~^$W7IznQa1`4@>F}sY)k({AnCs6|xIa{hH)=MSkHC-XdufLtQ6*dC5=& z1;w2Q8Ry&1QUyIe{>!B>8&~1LW_c*Q$*SO3n=SvX83w!}7R2B?a;T&}hNz&ruf3^F zxQX+0#3)aSFbjpOcgW^&iyQw`H?FZP?1Q43Ie;A0&L62LpHw=h>lS!nL_(@cq-&yl z_#J+PAG?(D695{J|Aq&C{LE|o4$VVYvp)O{oLA2UI|MOUsUuw>ds+yl8(nP^d?zZT zuo?lCZ10<--ZuoaS=^&uyC2Ae=AXg}1n|qAof{aVyQn)rUmV%pK0}(kxSc;}h^C5z zWYYxX@$Z)eo8{uT8p_DR13 zl{v%(&k!d$WOkOq^5nPJNKoG`$~Vg$Bk*@0Wt0J0FYHmT2~|2pI_wo_FM3v7qOD@xbP|Fhca>dEmC2%?N6j^` zuc7u+C9Zg>D?=cZQcmWaLfhy;{%!36!8D}LRWgjX22D^hoOowt2 zi+FA@r5!UeIY~8AGH9*AHss&*ms$s6hKUqHVVcDBu7d9XT`FfhcL=5o9#G_l?uYWJ zffdKX9NUwKmi@zCjKXdmG%mdvWA<6HrPet1%%46>YwflyqJe$5e4(lMdfMrJVlrA- zVLN<7`7%s2(wanKs-Wck{3*TXGHyTyB)z%de_fmdybw-dzl^wofvfDPd4fH~Yi~~w z7hNMLg`hFlgn;|O-UD3Ax zdq8xex;YCG&T-K$&g@{nG&w#s(FV@Tkx02ZAAEb;-_OSA0Tz= zeJ1q7H~gq8X4G+`B5P1hEc7>vMa@dLE0yz~ofKI9eRrJR)U)BIW#3(``S{&D;`w;p zO$uZXl-&BRnybD&FiK50SaVRWaYTkUjTHMRux&!B# zk)>u}cEzn))EmZ8PUL)5ek%9?sj>Cd?)FQ}dFNA-g}D@e+lSInn^DNcBTC6(7>JnI zv{KLb&}c=B>rt-I^(k5?NhC7QJ;>+|G_B4)Htu&{6@m_dll{vmCKlN22y8c>VQThX z&3MUO?Lk*Cy&h4gkyPj335ZlGLt^ADp#!Qqxd5*;$fFhOCQ3FO$C-S0+Tw9)3 zNl`a`o*ckVF#Wa}^qCE)$=d!%G`C-{(l(=wAM!VMn&V}uocNLGvgMVYYr2%kN>7I) zGHf1gfufSO>exFL9TKfZT4*RpxT}US9M7+idq+J`EcQOmrK-ZfCdv*?ZIhqd$y&LN zUe#KeE8lc5I}gu3OQ8%gZCnK}-xQxAY@NFgSC>=f46o3CcQ+s0)!xJLI$KLwV|>@&rjrK)(N8GbYn)Sj5&03TBn{Iu9oC>D=oZI~G(->Ow z;Zl%V1B8MS`hDxeVK?E~>o1&!GLZ3~x=qmes_vXNRAONx?8Z90Qf;H;s1iL9=AbH> z8I}f#Y=Xx-W!*0an8i)#E`1Gq;h$y}SLo2|-j0y((xH;0#P@!3|5?dR&JdV7=Y^ zAUiSIY3?)iWImtB`R-K&xt;n!)d?VMWb^H)k5BdXX8|KnuNU1;ek+i}L6X zTgr_48cy%g@Ft|CR|{pc(@I>`;_~Z1E7y(_s8_AnBh<;b79)5xYF#{P_KxFW&;xOD zNK=`P#M;*W6^F?>m$et7w-g>efg|Y=z2IP;*JITLG(VBO7o;~HZrD%0a~N!v(`D^E z1kvuL23nsXJmuFuHhF{C{A^gGKw=!hDi%sU4z?xH?fmlIhVs=qZ#{}0aE=W`OLSBF z_*8h(=X?@VANrps8G@_2UOKx&eFi6msyx)c7`k!`xi=XhLQ-nU6FksNBl1-p8@{zI zFZf@^MoDz|8BAJBsHIqyO0K=^Y@~8hs7fG}tTPwWk~Le(fZ8v|!s$EnZ(3OuFUK!G z4@9gKz~G)U04b?nB-hVeos*G7JAF`?m>G6kREs0py5WDWPMxV2d@(-sLnq9peN8cg zv+j#?Q`IOMRFYt3rdyT+7I~)bG%(WWBrK=EA=0TX-ieQ8Sw)+mu@0uh?*Zd>dLT1X zhi1A3P(xr^a|}i945M>$v7@{*G-pErC6m_Z9?Z%u4GsnuYIhUg4e=Ycdt)B4vqsUtBRrzK<+-c=9!Q9OLCNem76@j7I0P~kEKE;TVm#RAPYHEUl=)oF(8;RT>s4?p8U!0S z+r-N6VOJj%C^Ar`D107x@DlPxZ2I2%LlF%I+tAtJ0VV+sv{ zaJxyZ8fMDJ)AUbChhn-2x=L0ZhMb+6r~gTcjnkW-NEtHJPG)xd=QPN=bn;XMnv0eP zZtrj`S3$dD+IK<}*=*wUt#E|#rbPeJkX*gXRHfTINVc&Lp16L|Oe?!hJBK*_I+7<> zY?w%DIkKLJ^6_k!luYYbBShR0d9Vp?PO+9d!oimMeZ33|0@>L*G&BE5QJ`vBsQ}gM zuG;&8k-oGzMiP!&VWJj|6CO~!jrkL@`Cpz;l%VNni69+#fv%=NL2hX)&nY@0)Tt*H z{ArF%1*NB4^I$zj>THYl@x_tj z&1=jWNw@y<@AJ}j&V$40T+Dkfx9=%AC6$B8ISI|PsCW}VNwYlz3tK>NnYoJ&UR!ps zgrvs0Ivu5`>ddG=!K-@2x{lE9mD-FmC_Ou#2u{7_mYJARGO0B4>sj1x)=Us8*oe@) zSxpY^|Hmy43tVFD(6squVGhkmIiQ85FTrWa-8O%@U1@XcFE!HgG^{V27HrHeD024c zw+oL=g>b8)v6<*G86ber6S3(Hl)Fk=BUAm&nX6xeW<&hnTqSiQxx-j< z)7=D;zMFwT`>Layctb<)kcLe{Ek(`X^3jXE8+S;Y0I{g-a!^?n2<$|^M$cKtY|Ni? zC}}-ffEta9pHN@k8&nHDe=|lbtFiJ~NdV6j59zo83hAK!>8DP;v$lHaS@2s>drQ+5 zp;%;G$7@!THc$u+sWJ%hYL|HaF2jctT31|9T!)p`_>Y_ngFB+N8?|2r42PA!7H2KY zpI?igMLbohdB)9m@a1M@zKN|FfIt|yYkb))vB^?<33Yvh5jyqqe`{=m2(fp>t31Bj z_OY%u68m%Q({1`Gpj-bSXE7`gbsq1=M5d>=1~StJe{_xP5YkE^hsCSqn1+Z4%4p(* z5nUUd%cFa>^qN+`2Q?wK5DkC_BdtGLKQ_ix)@;q*g{*2uWU3*~X;!x?KW5NvYCcDS z;;1>)#2s3;WHQ*?)T8dW{&rP~$~jSN2igZymS4b2kak5ztp zxc3z$ZxKKW14`700FO(PuZ&??`FhoI02Q~rz-y8Vy5Gx7EbaqPfJ$A~y}-$P0enp) z<$%v!q!Tel+4!f4`Xvy99FMt@;;i#hpNdNMkz`i-=KB2OTZI?-chk(0@&5Gh+D#FE zqeAjF!KP*Mqh<6sHp#s$L?wev@2D&U2my}P{W<-0b=X7WzPHz&dschD5BISr*RBI? zZY=B;91HxEfq3XBzoi5lh(k_3%qy%n1i+*7p>M6oz588ZaL_X|pL(}H8Z^{(^L804 zmt2l2X~a}Rnl(Z|B$p?t(w?v~NPj?pdpA4mM@8g?LUNCrHJ}07ULW)JU`Fy7j3NT1 zBf*3y$?+$Fd$f`86c(ma20h#=OGLF=*57Wm{QwrVtiBD3Pw}s4Rl>C zafqyX0R=KHj6iuN?O*puder{iek(Oa6Ag2`w+f+x21E6{C#L-T^!?HB%oE}J{9sZct9kdOR4`JxC?zca)~X&<9>)m%aJZzi{ehJ1PPucp{6GKJ8eIy^#V zSmhb5U$w`-BO;R%r=mf;D6DYn4COrp$>M|g|7uAx#(~_KfA|vLe9RL|j(^e*B~rF; zOZ`N%j_>4G*wGmc#WlaIU;6oEN*mqMywLfqov)Yja>> zhvJwEG4s<58Hj_)4f(8&e4;@QEPzqXJsam3Vb{+2 z59zWY_bEsv0P*p6M|opzl=PQgr$al3?)ztx%>csM*EVne>JzjY(fnI}qNAp{M$4~bSN&G?P{P^kW}sR#?%sCJ;19O( z7?Naoc+amHb5UdIYr~^utfmFimKsYdFf|fv>#?XiO-tH|{{hR=?ShG3MoxfPaSbF{ zu%ZANP=ag-9S2Y3<}IrQVCTA=mYRuSviU%a&r(!Ax|A>G16k~IWV@dlp*K+F>0d{% z;<#Wn4lY`f?RLPKx(P%T?1*jPUdh{!rDckiidF4CuL36c5`wVvX`?+NoJn6{k>6{W95dK{;XS*LM-g1D5&4?3M)PF9Est{2eZzIOUQd4KrCs&ZXe z+uc|@$eZxS%~d;wU2}-tpW?S=mpbCee$wOt5oy!N*ykE|%F|kdN^1~NP5nci(?)&} zF_ZYf{SkBKJ{8(~A)tLKNxu2?;cIoXjITQ6HBy^ftX3foE(J(VMx@d1R)H9a>wNE*`Mf(;xy@G4u81T zqSYLZnvMe)3e{M0Wo>q++DjdNi6Pzr$MuAOM7{e1$K^bSS3(7~sxId=dsdFEq zuk%4~)05U>nY1nO2ykjlruAE268b;%dM@zyX#Ap;2=E%It?}e2mMm2IncdNK{Ck$# zUkf7vO6yd#|@7M^K2KYZJ6FE*<5Na^at*NX@m6V+U@ti@ltjSSc zZcMC`O|e-rkkx?N(M~_Njp~*x|X9= z_;j)}Pe>{p=B0ej{t?WI5&;0k^L!Xuv}sqMrJTrX6M<5e_It#SK!Q8cQ?xN#u*ncL zR(xAwmpC*-^e3Flh~_P>UhwHru^{t>`dAIP1|z>koX3y1Iq5&xD)03Szz#A4E8(Mx zo?Vme3m@p|DgO^sR~c1T)2rL!?(P(aBE{X^-J!Ul0DvTw4V!AOaaPW*5_r-9ON%IH%_|I zbo;M(kvYmb)Pg`7X(gr- z7aK|$yQ#?-yIBrL)l=BTija&Zb$9RlpQ0auI^h0CJ%s08SZ$abjFS;S(cKvw$34{g z=9tgX$Ywb!JYfM)W{tpzrqNCbIub3L-(Gds`1n@rBa4({hIc2P9$NRWH9g5|Vl>(6 zg$p+|9JlcAm1{y%@UTA#)1BA!`+4(MqO5DUZqEYOm~m%y_2JnZXW=z%&k%PRw75sP zX1`v6Ca02P3=AvxaqM=Yt%ZqS;1vrW)cB8=`DUmaNt9$Ok%${4Ct*1a;ifKagxkDR zOBWYNuZun+Sx2NBY$jG}9~0*1tCYa?>#*!h0sOZuO3jvxPgj5_ifxYd^iRMV%MS!* zCYKnwP%ncVRsQwRq2Ai9XYgqw`{|v;FkJ${5o+h9m_5azs2if?Ykb1tx<=uf6Uyvx zO6EHqVba~)9XLMKXRdBX=6!v&oRE3;rdzFkHL|MDHAWiM!4t)3fh*2isWi3+sRIh! z*=pr`C|cavS_N6Ect@d7$z|l=rS3Y9Oi}s%jb@0k^w$b;d-BjQ8>ymA9SIPLSt+)q z|L%Vf75OP~Gl)g#ibw^IM)nwDN5-bW;^87qjUy-=%{HeF#1v{2cgN0vHKnflG+L}= zuYTjqbJa)8&|y`pyHDozl~(R-w)ZYkjWKj|gtO{h5@FPdiYM8!5U#46^y4{Jqc&*s zA8N*T<$n^L{c#HW*+(?+hUtmr1<53byn5Oh{b1gF3B|(7!{1^lKH}#|nE~F>I`LHx z;nynv$to^%WS%|fCe8%8t|l_#;l02u47(i@zbq%)*nj8!dYOLxTnr@QZiV-DJ0Wq&j6EceX_0XFCuzRaE1=y|(gY9#A3`QoSM`tDp^yk6jVW z_sz47htKiYHrSs&+HT&e>t^Fuv?#Ug%C#RuLUhwIpBw^f53tQR3Yj4Yw`ZG;Benbp zx@n*;wkvHbBhts7J$XzA%-=rd>`NMjS?g3c+r){@hiZLzjrd#)`<)Ra(QH1hJyDyH zfyxK*70{jvjc&L#6}Ay#+1_lOH|ziWn-kpqyeEgm8_NagB=#XdCpo1*$XjZoKPghh z5q`RYsn3=nu8xZ>8K|6yJL z9VE!*k{fNcXf)E$uC!}u+K(7!sv$95x%>!x1M`jC(z@R8D=cIB1sOv0RP;?2^V3^) zTZ5H7j_9QD8??*aaFUlzE=_wp;|Ax(tz<)ei)h@?6iTfJ3mG4B#pX|m>F~IfIy-%z zC;m^M!Zk4xsZ^qt%ku~)^+!lL{gd%xA7qWG4p|o4)=m#^#RQk|Oesb8Z9o@~Je+dZ zB&-n?1BzM62wp)0$cNG=9){tV5<44P7x-AfQ7(76Xg!gVD7UPsurls>B<=AT8v1Kf zk4U?26gUIy+!&#OZ9>8Xsi~O^Z71Vd$;T*dia7EyrDTHj>1X`PV66<+<@aD4n7v|$ zQ30AwtQkwb9@9Uo<2wy&A~7?3;)BRA**W2Fqi-eU@4r!p1PJ`PKv;&`-k}cP~EGEDJeOkK^OU!3J0WWqX6~ybH zinmGbLF=NkBf9p%RH4C4I(UA$+g!_$Xz!N!zE$_x4%Okq_)JBzX}UHhev9OKu}-lY z0u^-$G`m{)P=e0Jp10a-6yq8}V#DDHe^Y(Ssg5cFbUkQUuQRU-v~I4C9;cWK&B!-8 zpOSkk&2kWwP&-7qC6Hx|A6P9A%s;$P_}j3qE54@E3`yInTieIduyz_XLD3FLL#kVE zLU74?Mf2Awqw}@RfF4#p)~XqSM}L~jLi`MT=+9LoQuxY>@qYMQ!=?d;LHp8CnWaui z<|ZYGZxBA#Fmc0vRD&y3(Wut7N595?t9*csG`{)uJ$0Bn!B0R6sZb41R^`zKVMZiX z3T=R75oFfmfTOxK*#E{}|8UB4g`yh-y54zfY6Q_9UNQibKr!|zX^;5~^b%Y-YGxf* zlmi>rsMZlatgJS5v>N{KA@~vG!P(Y{2u7<1X@7_D;7jC(iM#D3%<^fTWkXAAuGN76KtYR+mXf$Hl_R zRDCAAWln@6%44|8;&WzCPMWNn1H3aFwZLis;Iv`aVg<3tZH9(3`=oVeq8;E@;e2Up zilOUgeOTIhaI1)1-!NL;R=^a!XCxKu;A`@6{f}If;q}`p!0XNc=CWDQ4^4=*qOGkc z5W@q8X4d|a4)GBMKyZyn+nQMmh&e2g97CZH-xl0lfl!Pf)bSYAPGyC=uR_#QOb8U?=%CD&Y9`ZnS0X?d+{m zG!Wo@cd)l}rbFCHw(Au>7oS)O1+bK+Rj4OxtYPj1j&d#0nvriJAB@tf3CEz5M8f*= zLQUB3@^YkNuPn3{!rvuzT~Vwj8!NRemTiM>Z?~4oi55Sk=SX2G^INkImW4kP zzy6KdixG2YCjB-+J$gYxeF@|q54U#L8(<$q#WPD*26s?yuZCpE9<27?9a75%Ky~4CtJ8aN&)Idxi9+c_Q|%gF zT0Uz|q~Mt`EQ8=)sTDt0naJthB=(3vnm?zLhUM-QdXfe~vtM{ibJhcdCQ1z9w9j|yjo$y59V;ixo5fA$g=S{K48*b2HR*6&d#2=> z2Fs?*v(=EA^r?7<`eCh7e^^(j=*w*RQUmYj`n@H%5?T6b%CYtH`+m;|8>gT0&1Dfh zk_W;(=7LNy`{g)yuO~?yRtwCs5|@to*EYk1YmS#c)#B+|8jJ%D+E|A=Kj5Nmlr#n27iCMDE0yMDzM2AB1Z3$7xXTp|; zPPG5w;pb~qAP-ah;oeURl zMts7wT)3XWbV7@sC)upqWHGDx?aH=2PNrSJz=F4Ai40)C7f5QUa$f5VXQEbHH_0$^ z>rBlK`j~JzXq+P5#r*r7ZO6$9xufhJGq4THYU5eLGN6p&OW>0r>gW_IVt?nl`}S+K zy-dhH)OYiQb5eL*&0j|I>gBA^%QMCV4=fkg{m`C%tG);PPfZU4$Cz%VP8?n4jICye075|HhqQ8*0> z!(e2k`S`On81k6g^pm@W_02%CEdI%F zwoJ5ZCHDF)R=XOw`UIQc&v>TosGb7R8}2I8jn5=a#@Gg%mt z2jdPVM9D;gaPo|Mt-tg$+`<>E|HO>QuWTfMf0@p)J0bbWB5jWiuNz&=`x~BOK;Pt( zMz#=CERM2$ImYS?{#DsFLfgcW1YCEkhPx*C0$NYAP-O2l>aPRC3ES|9;He0qZc18g z8M_HviO^vFMdT-bvJ)YSxAmBv(tZi>MRW&QYgY6|Q_S~R3o9bal+8U| zu)%ySM6=AVi)T6;eb5HDZ9~U4|Qt;q$mNGPISM{2G@snLp=6J=>N!O56ZtHf(#y0vl&=q*!ztSLq@j zltR5(ne|mQzOJ7VAS^>SNnG5B&fW_gggcZ zn62FQNKG+12!?5Ly)he}5T2yqV7k$X<-7I)Dv6WFeob3);70+M+2Cig5MzgNCo7p~ z84(0i*L8_GoVhhk>hYOYE;A-*d=oD}I4%6Iu2@WxJ?+-HN0VPjuyzZe?4A6CE7lh) zxNTHv@$^50>0+R}X3LiH zRwkM0onjB94ol^+o!siT9M)DtKv9Nyhw&OtU;7deY*o|sWWwrPCA+fY}Bd$U_ZQm1h0(y54qX-YtWj2)?y1VyPy zbul~uD?_XHS5TLd_b)7=UO_oeT4ck!Q0mfu?!OX0tz|K?9& z?C&zjK-ufnUG;Q@!cg7;%pM%{?<<%K9oUu{ddW`5iX!DO2pThzo{Y(JijCGY=k2;o zdmWcU48vc%@p8dY#!paX9$ zLq?sWsP!>Zr@&Xn4$LteI1>1n*_1Vy*-7XIUVw{G$bJD9P~r?}j!|t>6%?}xZTb&; zGVaj(*X(HHf3P=D2yI#xkRSY%iU@k@Y4X1U1NrsVk-2lFL_ogzwI_w#ts=Dknp& zr$IC6hLV-)I#;6F?XKlk)Y$tnZNkgXQnS3pjjuqoyk%@Y?xD`{76-mAL-hvSWHho7$A&y7-qo69AGGKlpkaY)XSK{ZH~n@{iV9vm-rlX8pq zqZhF7jVnmcl4Y>`7Dy{_cOZ8ryL3b>cQSa~FSMc#H?KlCXlY-Zzc*mMRhaYlW5OBX zepB8j*=eik%0@VXYn2fjEXf;7FB+vLty39Os3L;m!x`{v66t~AcDm+P$LGd%G|i-q z6HWhaH5)e0w-oNgV^cYrT|QFmbQSUH^nA7QicqzKaeid(q=4|T8KfVsi;x`>riSf~lngMWEZ@W*p9Wpu*cTdn=#Utx zX#uTp8p7F=Ho41*0MyL5A%G19Q56;oOca;}M<#5yU%QH@3{)kD^G(<^D0&~oQ!BSi zNMAMAU9GseC+mv4H5cVPt$gnW`|Uk;rOU9zp}dnRqvD1Tf}1uQp|o0LkZwj=u)G-B z{(<`Ov2G+-r}XSGLYMks?`Uo`@n^5h{mG!)LtOpOyQi0W_5QWXqq(OQ ze$T=v(k$?8?3my{etcx~g4zrtc{TcRixf7VmZ;vKgZEJ5*YC&Le0sdsS4)87jL*x*s#3UzEyRjFiddzcOQB!;c*;fe7Kb6h4&j1Moa}&T{d238&+NZ6O&S7WgF@sOtz4o>+GBuJvC|R71AK z2>L)^Yq3-Fbi4Hm*-LM~Ymu@B;FUyU)tAN0I?aWEis%)kJbjNpeQN((D5=`ANUVo*F4xBjn~0^N?2W@n4%}|PllZ~hi(_Ev0z#Yh#s9llF|E)rXG+Z z58)5tm}*pC(isN7TJ0|W9yIDE169EWHMOnI!4>?bnjSM~y+USjqC6FL3pcZfV_N1V zSa*wO=ui$>*%oWc5F`DA@Vi1%7==FKm5DjjycJkk-QQj~f3x)ZuCs-3lj%jEW$Mu| z%ufd3VT0DbSZ5l!%sE#mPm7fPnjxnUIWgX>n47^H@9RgKu90jDFzs>&PTefqJXJBrXH>o)I9u!!xYa2;5%XZ^SHNRHKj3 z2Je-|RAOZyg*g86(BDqEe?#VSwCjplMv2pbQ5nrj7*b#h&s$W;!;}X~B3WY*zWUIf z`zd6?P#KBK5*c4YqE8vH2WCFj#a6?D&cloJ=#}Y55i%X-<}B&9edQgkZ>P?$2QO<$ zKCcJG9V0&8S1(T;U%cJkE^IoU4_=C?J-~zfFvz6mULz3mQGZo(Ik`w3*mBjM*~d!e zLlP|F*D#0jvV7A6tM|yrsM2K4G%b~LYxOJApi;tL<7bf+?%#?Miu8*K0OJ|M!Z7-k za~?*i|E)o(gbV*qd)2?2f9hpFOiHul@nxNz7ZtQAqRBa9oIk*;`Su7*=0w%WqY-M( zm7)2h3*!UV6?#eS(wk?!UkVpoRW7{@bO84g)sc8w-_;h7o=Y(ZVawCS)|X1GCX6Gi zt&$o`+tn8#wu!NUbK!GcR&$Kvu};mq(c=^7hv=HqbTKx$s@!FKeO|IXFjZ;tMFgc0 z>zvYC5an8zm=SL|x6Y+N8CZC0HAJ$k#lXIG)oO|ycm93MFS!WwWSA3MFQW7qQX_-#IEvPzHz_{O?gl=ZitoCTa8u&$u zIocZu-;$1Wm-|Va+F>qaylrZ?hDCU3HEiq>t$ew~szy7Xg4szX*eso@5#B;sBU2Ac z6YnASQM^?4k>10e$7aSckDY(!7(C5fMvmD7Vqq96*O-;k0ZS{Dp^?eJ?663R^uZb= z^<)=Rx%MA|9FXsZ2N;3%p@2zkJj~3oAp~Inhvh=M@vn7SoVbF+G@DcSABjz;MqR23 z19(1&KR#C*8xe`(mW$*P%TFnLDANjS;;Jl$u6k~hoNo6c@Hs3k14QE$PrLXZ5m|q1 z`Ol+2q&W$Q2^|%cS@QQP76vwcPT7Q#k zV)>^az1i3=u6(WZ<47iY466D8cqtCne!_*_)C3s1aYtM7uWL;942jvks4>c`xHdA5 z6c+ggoQow0BO{qqUFHp6_Kq57mR_4ivZiHf8KH`cO7M;8IoXdomw!5dKy(wTuV{4WT+v;nF33K>d`|tdfDpIws<+}JU<^yiF!0KUy^3j z&?(N${%f`8A8opH!T7d01KqlNcFG zsVwqO*ZDtNk8mduOYu}KW0cB898c}kJ7&yu+gcP?_975*WRI~)+H#p;zxQ{nt;&;g zI~_xba)0xx{PyN}tPVV~!=KClRFW^wHM3e`ttSW)QjymHb2Mz4EIy|u6M%ux=v9sKJg1>MOma?*k%AlCp zR*91yy7Pq_W^!FlJVR4f&r~eUi&5+i66FU}x9? zyyL*2a@^WU25Wa_`aRtBh%L|4H2V;IFJ9oQ^HaKkKJyQCdz)HHr5ekf1HAw88N3nFU6OaI-{I`0eGD06bM=xALpIyJopPoZiUcEb|T%x z)oTc&9Fp7~q_CsnT8z>Ppz=l?>`3X}4|r-YxJj#?G9+}$7?*Xl$~Fr*)FgTbEsV7+1PBtl2;nH7+Sbky0e&cA$!esPK!~}5Bh<_5m44F+ zyrQ@Vm`&OFAW@YX00ay1>pkaInJ+|t@befX3Pk40%_n!ExEo4W~P~X zW=EwmDWoh4zeTiiG@FB zd%BI@lf5_bw7J>W5w0wfHU7ftr!|D>4>TKGdc=3@Neq$k{eWyoyBCu8`8QQ%c@L0l z8m=CM9fdBBj>G03gd@nEg3(V~gSJR+E~7wN+Ru(qSh?vKT;Jp3>}t{o0lYRIqmB; z3Vb(8s0cS!u4I4PXfe_Rl6XE)ao``Gt8_{T#b0quR;MjUH;&9U9nrl?v~~HVKQN4< zKfK<{@AalH-O*)^)q6sniC$q{TI$!U&Dau;*?MJq#I}$2-Z;?$svMxav^Sfqi7#Wq zh^f?LM4==D=8cHc(YT}=(;uAmA|sBD-dz}J%>9ugSxzu>j4>}?7-Q6;cwyn{$5f;_ z50{P?IZr@|^5wyk`CB)UB4y$oXD2~U?v?ZF;R&Z#T$iMsi*KVq-AB&TNj@(Na?GNe zM?RU$>D1qbCs-WWO@2iRuya{Wjkm+3KTYh`d-Vnclfu=BDbWS>1DNyyju0;esMc(? z=o$2Qnv}s7V{-qUw&tnHdh8;H=eWHL_?@kn#*f3GnV3j*%9K0IXpN@7S|8}@HGt0O zONrAWa+^+o;mWtu2MvW>0$ALJBsnYTgQg(tEZX9Q2%K?tck@P+8XMAgLk!Ud*9D;tZDJ zkN9xYyG+}AjK&{Tl6xlcNx{lEP0w{HNI0v}!vGfNhdR9j9B`jx?p z@E`fwBNQb!4Vh8?zQ7s`RYt7--#P*#+aX4%&BS_)b0F-_ShXYw2IxUy=kcaV(3UPC z<*D!1B=Ts>N*nn6lf>jl@}a-}8Bp|^Wb?b>J>u>S@a0@%e}KoTAwN7vdXpd7*FHx} zJs{@~V+ka|ILqG?i~r{QoR852R#+mkS)*X*l$i2r|H z(&KGO5%b424eOO!HX5@)l_l-z@Ucsnp%3XCn zFsobn{nhljYX%)3P=5|tC%m4d^=Jw#V=SO=l)=1jX!X=)9d>=5 zfsS`|&IR4FFfrQ0D%{!!)Mw#$nnd?~;xK>MOy5i_NHb0)D#|oyBn(JHYLAmfH_WL` z#WAJow&f2Ff%(cM5Q79NjGvTsjbPH==dTYws1^IeG3lu=dCb)}f$`jyAN-wSffOIJ zfpq8_2HPT+c~Mte!x*{09iWkMEuEwQMHRcw+_SfD_+o`9mu`gr6_>rNYZb)v#!>Q1 zn2l}}t(e?&-h$SN^rg1bA%Lz&=;KEJozq9v4__qjIEv%Ub*-Q;aJEgy{XAVhO;%f; zl`q2@n=sM7)!~ny$H^p=woxai2Z)2%*H-Hir zEw|P;J485SN=976ehU3(#mF?8ul##|R%?+BVib@COyN+eIJr=z$?(M7>>=&KYd1!u zW+@@!_2uZHuRnAZJsSH#-~EK4jQs0Ge;{K#rc>_e-$_wP1ty@#_&}f%_coq-q93M2 zqq#$bFGMQsB^GCFOKi)I5+y#BJwYv`YH;EuMwU+oHSy^+Z7l7!uO9is*$f z5lR$m7z_~rD0A`Q*0N+&68^)QvYl|4pQREhDybdWaw-NnO(fBAuqdr$;JJESu$EzA zzo0cj%Z05l)H~D)%GMMU?gKFed>lH;@5sZcyhLvWOYTwiLe=Jv@AJDOxNvbEc>{*h5bJ!Da`ua!%KYtGf)U)M5g2sCn@ygqCGFIa<;@a z?gST3Q-`$-6=RqBZT$3pFXehbhD<9&U}O(9m5f^c@3e_hjmW)yi4;7!LP+vzp+b$r zbczRpyXu{jV%C#NR%#S*nnkxk1HdQ#@uL(sX}FJy2x^=Z2JjQ(TawiFTgr?TemVh; zBciD{2mD{8N|a&d;tefMnc^~VkjC)b*0{?3q8ynwdR3Pxe3J{i8b;id=4@;$q4nNn zqd!Y(>&hHd>mH8gEZg0hF~8>_)Hh3nz)S2aF>xS2=hW=f4`3-nsW^#rYgk=hJfq=@ zaP*)Ji^98Xd72)Dx4kiPUBnl+)=QO__tw7=?|tk|7>2ShOeh?E0#U-B0hjEURXtfc z`5s>Ptwox~CDMX-wAkxv;bPAFa48d=*3xeVd}1f zz{@W<*v`ES!>8sN@~>CJeWvBUv^$8E6^mY0YThxMFuJ{K8Gg0iMT=R;USgf&q2(5M z-@6R1Cg;8skCm-;LFX`udzHvuRmq;pUSUxneQ>mAYtbfIYzI*#4uQUC{uwOOzVfh3 zc81%scGfU*rrV}~hGg@-H?*+jBD`DlCi|G5)fEiQjpZr4DqVHG^2Zh;Z1A^lWr#*w zPZI?pS{XW7!rBWgzDsDTIGVDVXTF&yY zA}Zv??Qh)1-ip*;X~G~VY+F@4V7{58vm%*KC)f2H7xXYoPdm!Q+Se38{e5TRVHRng zT2tF7X+?aewc5PU>Ko+#V1Bw^n~eI^V*6hNTfBZSLd`MdzOVOWH%!tzrTC8$WSJA$ znc_m-y59A*p{BPo6}>v7b#gpcChKrEX&iHU-&bA^BJ#|=6TiQS7{yf8_t|fKpWnN+ z)gw@)lb_<~EgE&f{;o=R z%XqzrC4kWn#x-BiTyw&Sdj_#;)v^(9f~~DhV)NNzNLF>Nz`v_!V0W)D4=wE_l%0Hn zaqGFks4J4h9o?A0?;y<|Y~gwH2wPl`$3cW%T3Uhct2E>s3dTc0{a-O}!-*SbNDxX(&RuI{2B9@4#3^X-tv$v%J=$rrN|3_G zd{&mb3zFPxYCN6e@*Uj~sb~2*2w*rioO!9f%tV`W3Xy&xT>nLz9F2fpLG82PeAX&v z(gCa#G6E*#^YE%m$n7*5c?iX|z5m31PG&BJ#S691Cl1J_pFj6S9R%%wm^za&Y3Px!f4dS)W!y1b*4(JLRSWw?I%^?ltl9P_yR znvH7jRmjbo&)dRX+@n@}%sz4JrMVL%n0C#nyrzJ?RSEcHaQaEZ;zA$|rqMrUS867J zv2P3E#>9(`2#!y$mBujLUvjj+n5*+}Adc}rP%=*}{&*Zpren3|o+tR4i}?aZ<@S1U zbu@xd-m&ZR^4iy(eQ_1&6Cm4g@=gp@e&iZ-n9V^roTe(&`mr}DyxGW zn`)oX^pV;K_LEI*=O{o%o)2!eINpeXfKUsY`r-X3!cXuN{7NS=-2>IhMUZt7i z?8K?dH`V42bOd(MV%6TqSrhs+!Q)fv=m5x1r$sc-ie@y=OopvA`sg0wX{6qm!D0&` zALg$A@sPp9)HRsNw9XTi0YhC9&J3a*RH(5t=LO@NGTUK}A4Yb$2w-1%YDNmREGF%0 zXv_*M>GoImsIJzmDEAoUt4z|(UszK4*s1IK4n2Mnm{lEKPEEeb=%gC{)C6Cv1n91a z8Tt`ZPEXV2%(GF$^A5S5;;affwtSWa)eAH8O2#sx-{g4N8dY*YPs4s^m!>~#Ui=rs!jvp$S=aaADJr#P; zIQ{9e8F3BD8`1atdQR>5C>z%phwAa0Rq9!#lvw=u3PceNJC!Hgf|Dgv!n@X4sz|B} z-~z4I*-1#laQJKT_+lq1_buj!;&@-&q(;d;LrIu%15yu;l`u%O6{5>b*7GY3q0OA8 z7%UX?zK_BgzeV5&m9@`Kn9E#?GNr(zDeEg={Eov%+H4rwxG}IsPugF=5m7dbB5fDN z0OlP^Qx1e#m%@hI@J&QTXszY0d*RB5jZ60T7h~w_e%Z91y5q2SZNkbYBslyb)7n^f z+{snlW3=cLwmzgSX^G9o`~J#>PuDB+hawuHa&vB7?lfowsfpA5N#aZ+#eTF$7IT%0 z+<7MN>dUAHjL!)EQPE4ejQ{l0M|}&_7(E!1*)S8}DO<=^=C_Ua+c1;gSmVt8 zwm@5mQ+d0I*u7Zdq|rN55>0KRDUP(R-!WMlt;H62=On&y#6mAp$j^aJF`GCS)taYk z==!i*wN`%E{i*Z^?m9OAVVEpd-~cxNU%{Cn8%5}UG5deaMH)89G9eaIPlBT0Q00@4 zoird0+hT*tD}Y4G+r;L7H?h!kmI%G8anw5d%R-n0Q%|S_lcwct^k~`{AwzgOlZEzy z^@i8Wn9CEd*s51qyC9(Tlh(c{oKHA&e317(ut#*-Ahy;%#=1a0zD)Ww+!;q2;47Q0=(~&_M~Nv)43Ywt^p@i7i8*D6J+wp|61-+*sSg$ zr*)UrKZ>eVBMj#jP8mMvRHkC+wRk;~RoNtJ-uHG!TucfN_wq?-0UjI5=4npx#zCe=_+6 zEz|3Dp)3RYKEk^ni+see_y?B!aTE)%F`8M9V%`?{6tda8G_U56k<6>NGzT@&)A8GN z@7U45<-AK>0bgS z4w33ZhsWyg$|W+ilfSAE+nP4`QEuS3JjXzL=M*_)rA_JL^rN)ao}$M|;9s62$PH}5 zJGO z{kM;I3csfW=$lk_7?JjL6y|G>gBtxI-`@vAWicUiwmQF~jE{4Xd{gJSuVLB2*v+2K zuZwzsFMXVK_JdxV3EA;mgjQ8g4&ObU)*2+SR+oc#EDA?w;ebBoe+xMB#G~8gTwo)B zjKqpR2^^~^XD{aE{4yr? zC2>IavZ_8H*u^B0)0WJp;ZhUc#rCl|vucjYqPD0AD!k3^I~Mr%C8g>BM1MIvT`p}) z(3JNQ`sN_Id0DX-r}~2b-)Oj?H}MM*z!D0|NKyxsiZIHEefoG%?<4Bufs{7>eUKwt z6JJU&wdOw;nsOgZI!{gf^2dd+C(gU|;tj~%&qi%d==bt{V`^GgEkPHzp5&ti%cNAx z0^<{@{`#s!Vnia<{Km<*nWLA03#*xDJKeo1pFJ-*?f$pVnPNiT=euWc$WiE<#K|#; zP1|m9jr?2&6EsOUqO4*IO#Dp_6!V{oj#(9q|LuTqpj66EsJ|S~B%Ph5-vUA~CYxf` zzT>UUwIpT1g7Sp4eT$ns90hYQvs0H8>(^+VznP+m<&<^-FMJ{dt6ML8E)E?eITsEU z>lM_R^?$cd$wGWx;24d?ANw$u3V0Nkx>;M~6v?#xa(N0qs3GZUdUTy<+W~mn)=$!QXZJ*Ca(aO9$&seT-87zcz`gvm%xY- zdw@jO?WVVYWGFCe#&$#6J7`zoRF+f2yLlKF5@5jl_nLlx%8cRd*z4%R&tZ-AZl~+X z?sMXsraMefPOkv@FP$wH`B_w{@r2_sBaB}YHDA8XNYxfJPb31XiWL+%ND<17@M#Gv zBYj{+0I8-2Eti9BXj0%;b?Qp!2G!?xdN=HGr^-K1RTlXZHs}ipc7u%^QRzCsx3AQS=)F3zpty$Pv++{@VvAIEG3C(iqd9XdppI&_6-Q zLOCq2&5?Od#QlVaZ0qRDiieZwZBE`G6|bgt z`c~c{Re{w5yuZ;pNC*TTOl{(K->Xm7J}t&~_O1`SLBB9mM55+pY+>u{REoU^c%;!_vBN9PqjMt4*_QcGRh21HV|zux3O>>)RNQHz z#Gq?R4kyq)*Q>PXorpmDB!p|G)hEQ=N%<;0%kW<~{AP<6?`Qe^*-N6Nzt_ zA>Ll(kaA>`Ud$zplVFF~@pHG6)H@T$_{hulp>o%LKgf8kc+SVp+9jBI90_1_S+A%Y z>9OzauvObBgRr|1Z7WroaaT50X)5+wt}je;y(+hyM3zJwf0ee1Zo0b7Zgx^D4xu&| ztEETS<-r*>|YOo7QiNU3!`No={X5M5qgVRI+T-sWRH>q+Bnw>7CBzK;~EVa)$AwHo?AbLefjq>4!6CobzWZc_2 zyHI@<5t(-jnmxJQbH*W#POFAqK_iFB0#w|U{+GTPTJGE-4kbGIP$Drb_pyWph>J1ECDOR6k& zs{>IE9&GbR;GsD)30vjF$?92|{7Qc>*k3&++V?&?Cjs;rKbHB{Z zmt;?)k0g7ANSL>$BgUf3~wJ;D!s12Y(-HK4|2mDdQ za;0u)H_ES;=c{va3PL-(K{L}bI9eEDa9-go@lJmKEylnfFgKcig^q*$?sB=JpjAuQ zCWRr!uMTXXl?-5t45x^SSkAhj>T>dXXMj)^ZtZW^!_B{dvDlQc#&2qSE;JIj2iEDR z)`f&JZr*|kc@y*>a6BSOCE;9jWjG}UCxL)7PhGEK54nihB;LUw`-35)@fRhpVvMd+ zvJX@X`AFZ80L%qhTc|H&7I6Q4r|a#yFaU{hDI6FR?U8rBIcyM=E<{72J&H_st)_w+ z6pD;bQvH(0-4*2dPcUz8BHim@f%ZRwMVq?X&k#f4m8>aq6Sh-lEG@YNd>Aa`S^Q{n zId=5&JsLjdIHBvtd-|u0ym`$k!r!2nGH5R`-1ei65ac;@EQI*BG0h!O$z-NoQg8J) z9TI=yZErIBmPzg|FxP*RDsX?)xgP%13Y=6i+|)HrA>kRoqawG_6ux8w$n?H8)C7=r zRN<6Bs~$MmsU75m;!fMmABJ0Moq=9?h$+wX2if?vN{^j^t=03VBWlm$uUoFee`x-x zYcJZU5#g*dfLX;4JQ>hi(; zUqg-t{>5nI9_}^!sW*l|XzY(iLU(ifi&7stuBCygrUU&X3%k!wD!i7+a(X~CM5FWyX(F?>_P>Jx_Y=zn(s zkRdUQu=+&^1rn6+b+CKPy1vdytHt!gVI#Qx%F{B`Lj=vG*5dTDl}CS{lvqwS0gbzs z;s`h?Xj&3kxT*2j-J8r8iQ$LkT@X36hr^nsBs>h-kLCG`8868XAXhW(62Yu+4IBGGN?$7( zmy0vSX`swjZos7yw6!+-veJ3*~~@j>d$H>^EP%G0frt>;!IrPVtFS|YlMBJqrO$s zR2+QY_JM`N0`f{6GxA?^XepHS9J`pm0JF>qv;Sl28pGp!zIM~tw#~+7!^U0<{-lp=kh^L{Umjl)v>( z&xbqSR*(L~G?YtbV$@3-)j|&#ng8?7e+--9o|<@@!uBVqC_)`SCClg+TQHg2B@nW0 z^r%x9AV6Z-gH8bqF{`a=y1`!QFdsxKZ2-_mL4`qeh#Xln_}Vp%x6zbUy_8{x{PX?s z*5RLD{5K0LzCek`VVF4JENUZxI>l-#+nwRsR{f-`B7fP}#GIT~M8k>(UyYtaKkKft z6fqK`fJnJ}ngn>(qhMB}`FG5cfHF}7zy}mmb7Tjvkv0BE@Gpc+$M^iv*@RJ~+vjb0Bs zNrM&vt~OK}g`b6+Y6A_>3L(+8V1&%X4;347xAhxr^c*OXI>kJ4p-}B&ps!eqk~uXD z|3;b8o`v~}G!_1OZKo(r*%h>$?B7k?L+qfXq{Y>T6FB|Dd7D7tU=zixbF9z1=jr@C zczMR`pkd#px$Y*{4V-4c7I2!pS*kdZ<`DDo&3MI~>*lqXEz5%Z$hYM_RV*q$XTSzn={-oYWIjA8U zXyx4mS(02B0jbOs{Fh}H+s-b^49(Ku19opXJ1|yk<4zxb?wG*cw2uyGKt)t*mj9ei zvSL^O`&X?2AM`d(kW<9dZ!>3h6=dg&tuY<%Fon00oqs0i&dAQdX`J{k-c`seas>YO z-k*5a90{JuT%H88QSfEUq+W)uE~=%(#nuAyB?$c#B-57C9%?}?O@hb4HWZdEP-!@Y z&hBpnyp2@Ru^bx+YYI%obESB=Lb&+Tg^2byQUSI_-Iy-;5Y+sgb=KeirxALGGJSy> z0pyQHaO0BsD9nb7MhX5BUr#N9CQ4}DBvs)eX;d*0VEFzr?e~c^N=ziME*GrD*>C>j zFugBZJ5x6+VAhaSU;HMuMS^lG~3^h!Kr^e(XP- z*xtkiC?EsnRgavP{I(+hA&(hGhr9yUGBS30qB_+MgvYp|RI@A1aMoC+6gg17~wU+x5Cx5j#m9mqz zGW(=$ft4ZPbh0dKkh>E&aBg(Lvl=@RT8E{4(KPB*uh(kH zN7bbLEH&+mB!(7bqgk!n`mk*X#cqBm70;5ipNrRvH`ljiC-4Y?Xfx z@o9RS2*h+G+p}*V$Ad?hWYc|p`sn`gJW3o)e|M`@9C_ZykGAT~NW@?tQCFb|Av%7+ zF34B5BCu>hZlh~JntmKx)?Tb8wW51D-}bL0LB!E-QZj2Z+d^9ozrtuw^SHHMsW_0v zX(#0O(rj;@E>WNU;#HfVGkvBAfUiMyan11u!?aL{vKu6k#jtpdk4r^)YZuly&NHFL zXEiW5PBfNikEmYUZI9hH041xJke_oa-Bm5~KFC#@X-O)5uiDyHKg>V!a{JI>RH2_} zVR3QZtn}#BQHB`(RTjrug;m%)Fn=o!R4BNrMfDt#;}n%~$)~C;l2ljXY=Ii_fX(px z0vAI%D(s-e;h9bf?^O^y-^O!b(tc6YzQTeVUd3aFHvY)tbjQnL!sD%?7v8f1y4uV0 z`J4(V{E&`w-t%gus2bnW{laF*1lCjJiSy%G;QfUSyt0qa_;uk-!)C$pfzgQ?ah8NE zpsk~*BjMoLfr~+ZV=`FoS**%K8}Xj0qw1OAC-$@R=>2rv>a|+IK-jgYVOtwOQ=RAISvEIrL&BX5vtH28 zwcfIKWIZ;h((O0X)to8}rzzYoo((VlEEaJ{0vQ_NH><7oiLwu30Z(XlnvHfCECLt2 z7^l&-tQbrip;UguS4uX7>&y2AcrY4|^D76E1(dlWfP>#*g zM;RqA6C`G;L-V-Tr1}eFhaa=UI*dI@nf9cv2)io-p{CD|FCRxChC>}GoD*Q4hh-34 zGe|_PwL?bos*yvuIs^NrHlE~{mlq?u3^kbkl#LeRfC5z0krsa2Yz5*V3j5GLJ6;}L zB5n@`TRipXB36x9Z!g54KGwS}JCH=C<=vnNfbcp#>tyZN>6D$Ugd&2{nLM9rJbn*! zk{iiyFv1?*s28${H!*waLT0vX;gdIy?!sx-RP+P{VS53Po*LBTr7H5taNmHs;A_-Kp?I&zBYANkRA@d#~ zuu#fJdsPyYE3l;E|F9OyR^y5(0|@Tlm&uup%4vF)PB7|Ul@#3rhE5)xM;uPk1nLnM z#>~^I9hmJ9akVF;dQ`TjZW}c+%b7mCR+-jDP%=wHmE1JBfcWR7xvMP?tiq%druay= zW9{A)AS%gbp1v$jw=Mblr*z!A><|*EHFK-BHJc@wv>`5cN!mM&N^~suBQaQExQQm; z0)f!QDLF3kEi}%3M_PNGL=*3k6`y&#uFl?!Uw{AQKspW2e7jzM@<0uWa2h3Pq1ZWkOA|oz7eSTq7`CiRw2P*-05 za9~%=WW?~>%#zS`V!HnY2cWT!cwCGiFt}J?xgOYgwH~zZoM(s@AAHmTy^5QA=y@(Efy!8V!Sl^c!`?mPi z9BC8l)w(U6GO;Xg!ON^?ijvq^44%2%Fx?RC9)Fl(w`XOa>a_X+Wbj=>;4!25%xQ>U z02J=6jlm3^P7=h_^qN}Q&y6F!`uWc3$-XEzql`KE=<)TN);mG3hNRPJ)kHU?6OQ03 zcRjl(LZ-#DqNr0ZZ8E3RquKN%(tiRKKeBbjgw zEs+?D>V!>1c@i{ThkOG=^!U$9q!ng3Bqugtr&q@g$rKp$c2%uVAWSxutAJDHjZmj; zlhDTWp9UFpwkFS81PE;yt^L?DM=}gHuUHpc-2NHF-K)G69oVC)1X1OZ?=sC9=!@oN z07~iJ@9r18ATQ^#Ut8YXH^VhlvWIvS%!SF5PvyxZ0+jCQv#mt2oUve6G6O z3St{3-c#zFkPo0ksGW!!qC>^b&F}jh`sN(u3`luYi%=u)GcRu{@S%c0D?4=O40t=_oWQ=uFQpbodq$Mk`goj=lhu9i zaCSA|v%j*B2Y-wEu=Xvks@nI#X|h49t*WQ<)a=XdEL%V@do>VJnZu`NBz5|oV#j-( zLj6p4a9V>g6G3d-M2d+ADTA?#wvX|mdSgr}>&P1aN%XsGl9~w{j2O`?Y3$A+lA7Y} z6QYrfU6Y0VJ8Pnl0YPj#mtRVboSVxuy^$BopJ{9TeRRr-=^N8r-_5|TC?9+Z#=LSq z5&yj7YpY~bY}r#AU()LT5Uq2(r5X_I9z;#xDayAQ>ZQreb^G_s*NT+DGXcTC6XKyR z9_qy|PWhDeJUL4U%?O41Ca^XdbAWE3trhODh=!Wr`9B8WT!ej*=+L-DoW2;a5G`fu zn`7zr*-Y)ZX7ewAY{lqR_#*cnj*>3+2kuCvn1ww0#)T6(dow`L$K>bL;2dVDGf(5S z_k^qhFHVR%&5~OR9&EsCkvv!*Do0VkFHc2AScdT9se^>lTmJdLJr}l9y-k-*ShW;({y<8RUo-b#3Z0--!sRB>tq{B&?qzTTTeIV5>}!5HnHa)Hi7V(M?W z*V-#ypwBoPA&9baT6u&dM_O^jF9ZFmUyarKZsQB+6llhI3QGnx% zkMwCE1y)0P5|-?G!}cgAqL2M3g!Pdd^a){a)unoNvBsC-_^e!JOXa z8-AGv4v^=|Voy&3evWuJAy__);F`=se2zSUt@|{Xfxo&`!tLVOvBRZ$Mbr10q8NL< za(6Qs+L0YtX)aCM^^SwkiSh6 z-w6Sv-IUkqXZ9ZX z^nGQ*KMy9LC~=5gT{a?GbfTGN!*dw5Fsi3+c(*Afkd1W`w+ghWfcJB`{FfE0%Ut7o zGWK%;E?=ZY`bd_I(wR}7D~xdF;drL3>B|C^oX=9Fh57W*Otj2<^X<-~xq(P{dY>YS zuMV~~&-fW5e_9ek4pt|zc8G{SASh;16eKall<_i13{P~zYxFK_u&1FbU@frh7d6)X zhgM|wjq-zRM@n7t{v9hM!z8-W2sMK7dALWb{4r-y3RLze`4qGKKpZ-JmrX@=jbe`k ze95O_%%T;;48~W_O%ZVx8n<7JPl)mmg30BHM33M`5`#>q)0OIls)r1&_SewFyE7KM z48}Kx%hi#iO!sEVV4S`%+t;Q*DNIfKHd8<7V_vkXermVj$tu8Q2}@qN!Ck+pKjL!m z^STK95S-XdQZ1{6ep>z9%tfB@vk#&Z?$)og+<`lc5+YttKVrEe%5^!)p^(36{*uOs zxsU9HDCaXI^yegFitMzC#r8L;z%&BN}Th*b5WUBMn!+8$WYW2JTz939|o`nDJM9DBjD4>>e>|EfK!#BWWve< zc92YBEjc~Lci~^gcaZ|~ry4kJECSFeX_$WC)`~S#2|RL{V4fHSp=t{asld(wf4hGT zvdI3+1pXZf{BehOto{s&Cb1*>6>9cM!6Qn4nPmZAmAsa?_FO;%kUfy4 zH59OPTCGfVwp5J6)=QPQ6C`=Ip6j>0R(iXN{l*M7Lb>M_Ws2L4N3HlN?etM6ud;ec%Z&3MTxrOdVAR;EWTx1)CpSr$r7Tmb>2spZwCG-QyM<$)Dlujk zV9$~K8_0E6kLshfk`yAB3paiY%j)KVFmZD!6wT_1NwE}Un>J_?In$yK+_`>TBOU^; z+wCm;B`i7Ro#tUQ>E3t`oS78w4)ua8dh_qsG`E#Pjuzy+sZ>auAK+9EV^lpI0vVRG z|4a$F+H$)|<8a4&SEEm&@H4HIf*s2Lpgrs0J?frR*U4&3!oFh;#Px4C5Ea*2hoi?7 zv^>-*ut^$Nk?9Av4KAAI6BmU@q_0mY3nKIX>FczIK}U0nj#LWBrh@KfrXyyvKW?H6 zF(_u)4x}3vjUA1(rD#pbP%6%bdP9e>quICH*Mbh~&kVhkG4u#i7P)A+ajN*5O|%Ju z!QX_jGApV@CmoE=dQVp*A9_istZ~7Y&a=$7zc|D2{;Rjh_;(c(sk=5Br-m}-ko?`p z-x0$4Kiu<9JT=dVrWDk)`?H{KvGBxo2|uYxmFwO6NGdcYTI}F9RjRTb!XzJGvFHlZ zLnN>aUM>}X*@Ps#J+5A+xuJC_#(O?mQf{OB#-yE#>y@|yHLpExF}4-I8MoOnSm41s z@WCeanQnCkQDb_Lrh(Di&U3)(8M@JUaWhK08syeAjjVc+|Kp0U@v2u{hPOjaY3Hts z0INgq?0S4k8qH4k>lrmm@L&^nzwtH{S5lS{OJ)EFsy*r0`>`u^RWiT3ExNIF&Z~Sx zeGZ4>bl5j~r8G5~Y_}(*haaY}I$%;a_it0sBO3O{4s{am9j;!Cg+&(P8KiwhIj(Ue zP|7%ZS6oR_-QZL~H+B!}6JR?zmV01}C^^iRe`RjzwtvYEdfbLfKE64@p9*0+q1L05 zY16#qBI`Ab`ZUXa@t&*}QuzJ#eQU}>#d{hC(p8c|I|X>k1u$hDeep8#4d>UP6!vS^Sl+b3M;>09x zB4abZqhI~7dYD&ZE0k^5ZAejTkxyQUyXKcqU~vDarE-#7QIA{bRiLZF;Bd+Rp)0xV zZhz4A_>xHazU<_JQ&P0^94~j)1dk?1Bt5|_@nTp;^s7~p!X4QgHiYIy>`LlQ#b%u0 z*k-Crj9;uJLa-D-f-&C$v7GY<`c0*EeH1J#BptuK9qqHXX&tJ0D*Hk{)j*=PwPGM% zPkKfq5_o#lo>Y163P1w$dB9p*7iH(5IUyN8E|D{Zsw?}Zb(Ot(vyIzoaVAX+4^y~3 z@wjHNuz+7Lf7W<#2KTZQFF%IOqFD2%))9*QN&zgFytVf+hZ^dRC$X1FY_a?G{}8#Ve&TlQA&~xIWoBi z#mJB-jY7>G4@iUR$5P5sdi5k2_SK29>G{r03MbN?`FY4bt^&$={H*Ree^Q9O1W%9^ z;m&}CxSmmUjl}OLU2&C1o}z)dn->}D2g*5AuOfVojvnS59a$A1KNVTad@h`HM*^0j z0W3}%WmXMnO*Z;+3ag*snD({e&oBQ6PIEqe1TDI3LxEP{&hHi~!$#3B8CAha=2(#9 zp#s0XxA3yp-VkWnd+Y%I+zP-#Ja~Vce20ltR2OzsX{_+Fwy!YD@E*Rwl$4QZTqZO8 zXho4ijm`h-;UPZ%v~SxKXqH|Tj|N%TYi9nC4PR@{f(X_lIC|@N2)35_0+`HUPS9fy z*GRM<*eG5zqwZGczEiz!ZWKrRuL7`v62++_MLd50uHrFqA;lx*W4t-S`|A;D zHJ;M1zcK}Q(8Y)W0EtM?Frm1yk-GYCtJ_V*Nb~3y{dMRjon8Q)PmU zrHkt3gg)f9zyx9&{PRLcVXk@;jyX`(6!|vLnx)kx*a*?96v0KO#;Nlgv<3K9j~MV-x9Q`^y3_=r{y`E~nvb&J)D|kf6DVqXaaed*y|2R@6u9Q=8^RinQ#e$mHzpePd$lx|UXn-aPo}mB3N8fJjt^M{ixI(?!kUQqze2n&HIc z1}q(}uNx;JaR`?LQ^}GfVg?TR5mBk9I@|>l+HzbqVt$(O)tjtN7;kLE4*c6{E_Ty9 z0;DmA5}#585aLUkE%<3Y$y|H0v#SW)hR9b>i$jK74Ix0XaV;6=0WE<7_Um7t68K=Q z5Bw)RIS>`o4SUFGJj+g^fH9pZb3ov{E&^;!8+x&d69BONk0ixYsK9PNXAd>YzjA6)4)q-bsM>p zQ^%;iWmF;aUfqliTc>Z~W&YYi_~~Oc>H#@=Mx!hPRa6EVU4f6Ew+m{S*Sqhv@8%sX zw=gRa#Qx{2>GC;!dl;GOQXY#R@=W1OHeXT6^)5cv!_i!uvND{WQ8@{=@p-J}N>TaL z6lQNTn|(KyMIUV?OG_0$vzB%L9-EUnno-cxcQ7V_k6YkE+xx_og+XjCyv()ar>IKn zu^~FcYkXsmsdm;J5O1e>{UDZvxvyr*ieJLJr}lFE=)VurPTfotR1p*-X|pWwg>-C* zO5Zp!gl=HV*zYGlY$GNULP|Pm%vpZ_7UKI=YinD5inkz$nS)Qi@L?n%1vr2EFmt*2 zw8@eG*X@U_>TsI#a%LJ(r*Jn#5dKsyIeUzkVVhA^0Q>$FmG-@^CO!U*Bu@E<)g!`; zhLdN*uM5uGgoB|}2?$C&$aj^BTS0Xg;Xd2b3nA610L$CTQX9M$knV)&sRN!ZerZ*q z+*jWn8u$dFrU@|sg*nV&HEJTcNq@VB2!ZcMAd+QbfkrY}AeDnf3L{W}#u`yj{wF~E zH}TQO97;mK3qVv=wJH3`QWpmvF;7R>VjyXso>u?}Qc)k3&)JN3j+(4WmiCU1z{I#P$P@-8pQ%z*~#DyKeOb- zNq=Tw@N3o6Ngh#;?qf+5BQf$b5md!!UqU95qyn8dN6~kG2cOaT*4$H$OiXETGwr8V#ngjv_kM>K>c-5zR?D%n!*H zEP?nu{Zj8}Ir-#|m@F~^s|0Y3BM*Pg1B;VQRtJhh)F7Dwk&NO@atND^dLMgt=%B#U zH3wvzw;{Z@#Y8cN4>1)8=ru&%%&o}21V-BhSvXish-@(^jXerh%&0u&^X>C8?i~6F z0&W8Lr|D#aK3V#sG}5#~<*w<_seURI3Mtg_fj_`AG>xp|Jq4iz#4?*Y%(UmshI@37 z=wj-OO`jZ7bPL@w(FNn(oza7WrBL6{T#;4WCqzzo%}4~%b5YmJL(@Tj#IuCCcWh`m zS&=k82J;8}8ckOcpC~{0Aksb;>Q{DK{6!>JK@)Y6YC4xCX_cuCXtk@+{~a~Tg>=JV?nScjc9r)MY_v?Tiy3 zB2;__Gt8BhmS<6tU?~!fC8|cyYLplrN@_A(^O{T|(O;ru*+It!OGWbv`GJ{r#0`&W z^!6l!yQS2!LcPam?%wkL4Ve>VnQIIEA59G8*DvFE~!7`Jc|~uD&oR>23ExeByZ(P_u!db#7fphu!sTQ-)_-_BAyS zuR^gGNNd3h(AYp8#1V)h6^Qi2xL`E=q81R*f<(aQFv)lsryg*f%!sHq^Mo=V2u7 zW6eh@!c0YW7i0dzB@P3B<4n>J(ss6nYU=8W;6+SKb$o#H{tu6LC{0Z&Aax%F(w0tb?##HPXIXU>jixq z72+DRV2bi@3Q1!}?`zFY$26mlD}-eM$5>??e)n&=1=_jD!$`~Tjn`%LYJD;GjBYXBR0LqZw(`R2$71{~{fhA`~ zE_X2(hQD1s;qy!Le*fD%0Y}l5d;0#z??=uocqub4xw>bgk3qU}?~EP?IE4LtPuh8o z<@OI$cblrRO%2m&mov6QVMOtQVve;{==Zsy^4w4 zbJ?3t8KiuTMAjVps$?-N<1Z8MrO*=-WzE)8kcUx#`wATK7+Wqjkakx0m~VNKMfmdB z*|OHc#bqVJ)`qA(i+5*&@p;~g#HJnmhmz*NEK9OYD9Isq5QRi6x2zFzxF`RZD4hz$ zzI0#i*V=s9v{vhb(Iaf>xQ}LE3Sgw9idfHvLnuP61>=Cbas!76G6!cuDCzptkN@LC zmYfBjNKnar~gGQ1CW_BQpl-qM*+D)N1e;&B} zMmMs^nxK*S-8!AK`xjI^hI;9@I!8&=xQOhSU5sB)Y6DJjw#eCE1F3KL#+A&0uKBie zUflzQ*YhDd{MATToy`%{(W1W2Z=8ybEZ&O=fp%%}&5?jkQ=sB$hGZc|HWnfYf;PKa zE3@(k1h82da^xIa?h9#&7uqdsDd>pbfP8~uA%5GrB^CprTrEao0Qv0l#z5dVM7Dlq zfnbFZZzA-Eo4Yvo)Te0xxkJ0h+49d=6oS;TE76g8j9I(!n>Z8Q=6-=P$xZlxPFLXA z_fVk3$Phv#5Kt1zQ_d0uu+vDlix?@<3K?O|W>+ti4l4fTqQDoj>pB$!3ksA{Z%x4h zL>k@+HA+@K^rOQ39?WR!i|V0HH1AkoEz1Dhj7PcAD`G7zRbyZ z9$KD|>~eo%^{ChJ0#-4{TI*{He369_CIi$p#+?_6>#+hQU?h+_7D|Z>SvY3uqS(r4 zA&kr>6m}FgrorlipW6(DhNgIeA2C6p_}grfEkt5O8nVTKvq>9@Bl|rV8AUbpoef_p z3$FL{V#a=dPM&1f_{H#-M}rw7f48Vzh1~g%Pp_M8<$s1u+hp0ZMoLp=gfSpKjH=1M zd*0N)V@4UvXmMb=LZ$LY)Jp7D+!59@plq|*iWeEBa%qlz#7Hv3 zMPvfe3vqd<4Tu25_jGa%A0*z$xW--2A@V9E7C3M*>H|hN5F`pRl?Ld+1_XW8A^z_4 z`@AwD$N@2f;bc~%-vlCvQT{0udKuIxqS#vuBxtn(mC0|&?XvLg9DlM0#J+;@}aG|{Dgp*`G#aS~Pa}0+B zrJo+bmMCdBx8ow&4=nIE?oEqe47yuFU_%?wHxt8R@ zs!8a$h!=kfZB>3xE(Fj0BwmO#Jw%r;W zQCPldoZ7qn$WAyKk%HdUVAGM+=H5=dwL}0Hc)7Dgi^&v3(CAy~6u+_r8c|diTXn#6 zgT!LnW2JragT{!5^O+WZG$3=Y+B$Aa(l9=sP1cCU9(!Us%`yJNhh3_)#ox(8zHj>I z6gdfb)o%!BXO3;<=>2JL^sgGZ7nVXCPiwsZRzZ2$jtlPB`#Si2t_6xv7ub4M5hk`V zfZFdInIIcL9cTgk-itLBg3T)&lmWxCOkT=3wu@Ge<`$0x3p_cc-RB%z<|qWd@iwAC z2686y>iaR^h}QUH(u9Dfp;5aQ-6#G%T%YHjMHlNNJ$`?WUA83G3+z{$P2c4y7I7Dm z{F^1-e4PXycU;7&>}QPNhkd#Ok>pa50;l{%dYAX7SQprDL-T2 z#ZG#hOE!puEMiBq{yir?RG-2S!!ZM9-#OFw8NBwt!O~d_fP;PeGg!vPfU)h??tQuW z;^?5a*OuA!cfx|m@9nZXq&CehcRR!#yAB|H3mhkKKg^TI)`VJSVBP+=N}cY1t6Y#D zS1M<{3 zK+dj4Ra|l>#2~ZBr&Wj$ai6 zs?#ohtjH}8(%SsH-An+uex^_k=vVc&hox2B!=!4@xvgj)O=Op5mX=RKyD!@-A*J>- zf;wK@YEeU^B)FcbL7oiupBIpf3>~}V2lmGcz>-4=px$Y}v;bbZ&?Xl|PKIP}HLs31Y$KKH-@ogXxpiiuF^4iInfF_Y+OU(HG>> z)8!WKE-6)jJkekDR}c`@{r8Hm7M?@A?f8 zzGy@(URplrQSu&_$ofG;&<9zxpHX1FS|%@l=pZmuIA~!;R;RQfig=;Y=A5CF0;+Y@ zuPR;Y|gB|5qYeeMcUpIZ4+ z+U6UqXfe`wNHuF*;O?L9ex8rLDAC?{q{3$)LPt3aodlQWSDLrjt*&P3;rN9U9Pd)B z(1At#q4_E!Yz$*(&ruwm&d9f0Ti#)-l890ZQ~LPb1(EA5q|Z$>83_PS=>#HY1JjN;}>F z>Vzn)sJioI4k$wNa>08v;e7v}6A1NA!WzWaHsRZHEhT7oLM`Sy#lc6_qc!GAC(6? z!j?T;c8~rb%?^Qnw)*aes4Us4tItOaceHX#wpFS_gG+JQQ(Fz3N`5(f{ zOY(quiH04f;`jezoZbskdGaRk;%*gtFYJC)<==yRW1mN8TOS=1) z2s91qXF+^5J_M;YhEzJGt^9)dWAtoLeRC4PglVBcD+2V@%F=6IX3qe zmYBN(b06M;dVK55s4{-c>>kD^eqHjdpYy*!A{+v5ynGjJk^_EscWiUmpg_Dj=fLmP zu|qa+1`{GO%B-UF6V2?vO(<9d#2ws`oSfc@z83= z%RSCK5y}?LMPe>mwfe0rixqNUDw!-#I)%o(E)MrQ?#UP8^B9_pA$>?Nn1lqq?n+dQ zslcf6Yd2aLP`}RC46IE*Pd=Jo)eg(x>hf3`>4=TCu!>X3NtRtIvkma@Sr)V<=MLl% zL3MwJ7~)Az`!|=p8hG(fOVaMJ)o}Wxk>F zEP&B+xz9@tRAWsI&_k(EY>VQBHcFAk{9Mr2r|rpwKF9`f`>HfN|HiC#b0M`7HeK^T zW<|IVv1+s*ZTjtR&aXWeEd3b>45U+E%5tZb*VOV!h6&Kq=eN8eGyA{jVUmry&_Xe& za@?Vttg=UFsz!z6Yd)G&w*9zBlX)1G%;d1lY<_a(zh#@PXCiCIt@u>})h{=tA?e4N z-zX{S2XGwnAvLL9SQVWaMJ`X)MV{^7`>p|1rfKn>VpXdzaLN1N*->16tV=y!zb40l z*BZ!19r!r8ld(^dRzmb zBas@a-jM1pPe>`W|GUnbzgFC+RK|a*jV8mO6Xu^?mAK$~Up}GrP8C4Dgq8*WzCIh^ zjDs_nR#B{9a5yhg+qSe+7GC{SHXRe;(ZS~baAavUF&tsVVvlC}i7BM7FAS1$1q5 z$mUzcg>%lX^n;>@(aA9{gP=D%*y{!)7`Q_HTU@B1*r~ibtZPVFK*oc6w=kedg8AV0 zlDJdpY*|nTXT`RO0c8qHhi9Z7CfQojI2nYe;I)Jb(+Z;70rH_P!D9QT);P@_MOV zoXb@xf(fNI&8b)_5*B!T@)I^ftQjLhj~W-=3)H$k+f3G`wxCc_`b%2e>=F(Kuvgce zV;HZ1`aAB=LyAIovyr#tTk@hW2v!l5&%5Y&!?r&AMW>06SBDUVJB9xobv zo)5G%B^%WEQ{OS9q<_kdj&gKsTa?D?`EAg1V84Qe@XEvqj6t6ZUL4^}cpHC3aqopa z9M~@YewDX;8%xp$#eZqGrLMO>pzV`v<&c&t!^NV9&}q&Rd5Q)EM-@3LY~6&N4@k~#`I65x-3uwj7`0L?;wd&IGVuz z1YwKkdiKF(6UW;mW=@} zyRDV94j4W&_x9k;nmyN4tC6SmS~ahp^9naLj-Gh^pwMtoM5R`23M?5j^3`il7HMoy znkUF52gp(Sl+`V@QPJciiF0;~a}qQwEl4lx2NEe*K1_+p+!(t`gPVKtpc2|Qo)sfh zP@DfyObevC*iC+AqdhAow%em8U>pJQtJV|bDpG*7&)v^9G!sYU;0N#XIjNxskfUUq3uyt{UNX6mfOuZrF1K{#dgFRkejUZelj0+f?nJnz3E$CmSvwTs6Gv> zs{xmI zZ1|up2fpIO>rEiWvg&>O(i-HW)0#_g#Jy6Jh32zrZIh!7z)p{NM`#}k|F%i5Scc_)Zk`O;$#hl?ZMkmU#envf*H>uwv04bdR@JWrB2nk~9o3uswWahws>oh1vHcDOg zW8R|CIHYo5@0zfda&zJct*1CMh z%t~1JdV~1M1OGAlw!#PY8z7)WiC(c4uql(#{U=qe39D43YOfLgn|-o;$S_AUW=er* zoqjMdqFEfx4QWO{T})<&|1eeG8ucHWN?B}?TC;S3Hw>tBtA|H|sE5?0-xW@iN0c&lD`KEFf$1+z<3`^!>$4c4N$@56oup!W+^$WA#fSfND!3 zoN^7Wlf}lErpDh>JP8C!qap{@K*J=AO?LCm4KW!){Ud(wN78=A4sgSMm2O~k#j-gF z?{SOP%8TESn{y{^a?Uk!3HGtuUx@1mOp}RFl&ezUt4Sv4Qr0KXi(+KdCNpA}o8UT< zFx-p*OwpK&;%wK1$8uYypWMY&%{u3RGAGFfQH zb;nK}Ui8#2T7J^`F1#`-H^#GhA9eL{k_i9ATxx!t%44pqBV$v?h3lY*XOg94H9ym} zY}Tdj!3D?uy%y<0Di3+oeVT(7lCaAmZO#{+K;p>k!rs)r-poSTD zzEJHA9R?PVx=R+2@I?+@5DhMI055lCedGG|E@ZRBRX^4Zn%}&;1F3dfrY5J813Iw} z`t@8-Gn7o&5eB1e>|oiZ45?GjPuf;>L4sMRWuM%9p6eE6lRs|c_BfwY{CZ8#9|b_y z@pd~KxK`E;r8W{%mWYg{t;g3e22_hv320-8xMj4AC2l6~_`Pvr5%O5Vs^88!&F{la z2}irFTY9T>-^wuz5eRN+AO=jrJ?qif(sp+_CN3>&62}4fALD01KkUAhd^LzYLz|6D z5bG&RSC^?2Sb|ocj+wjXM`jUDA6YwW1$^nv#xTu>Tn*ZEx!Wb!ZlCA3HQMixUp`FR zwXjs0Pg}Qn;jG@6B{NtsrWKay^3G=Y@K!|8S`{8(o^E5oZ5RYNFxt?=LHs#oQc8v$ zV!}*h0nG6xADF2|!xZE;g@7i6agPb-#LD-XVbxjfw|jB?1YrHMv8Zy9jo%(I09b0! zJJfQ_5wslhiMdJHPJ9kOoG;uSB*wc}E?e^#S+S5e{Co?~wtHS3U>X0rZ@hhl`b6pM zQnlZpm0}7mqMhycYKXDJiDbJYj-Mn^)VvG-Se8jWD9Ha=mQ>_`xYhUFziEC;Z-o8^ zrdj(}tv_(!@>wZnjp+X#0C#glUpYLIxZzwqA@9#f{Y(=K`wr(v+TiPfGaFo?{W%Gvs7~xyC0LwUlf3x8uVWT8xk83v~ zpy{MuYGyHGfXcJuNg5N;5{EmOAuUhBT~3&#geR?Mpqz0y6*8{4i;nZ~-m_}Kf(_p@ z4|DE#Ec9jsZ-0l-q-v9r>p|=V`?%n_D6ZH|AoOCwewcP`K9&RjZ<>Wm`jh&=7T4FW zraRiSwXy+%@{`yT(wk1DU={mD3Ti(!z__WUKfO8QXG>@ddojXT}#1GrAUe~;b8@XIf=qV=R+YP<<*gKB*^@wT2_ z8KI}z@Aj5Eyp1G39IMn6e-%m*7mR?=243crF%<*VOl6Zx4{WVDvWPJLH@xHCfkA*V zTEj<{|6}Sa!=mcmuT@$J>F(~74yhreL6Gk5mX_`Y>F(}shwknH>F$z#NBsYI-VgI- zu5(@IoW1W{Yu)=aN@8i(Fu&2Z-)dh){BjziEO1@iL1N+%7Khj>e`3Nu_Ox{*OBjTs z;ka+(AiK;!_T-D}9`p_DGz7*9 z9yI)4^p2bWsKJ3MsjR4xv5Y;K8Q$WqZL7avDHrfojukoTuR5h&J?0< zg9VOeMqqS)e#dG6BAkc$?B%M64VBLl(h)jH z#S|~ELzAOZ7?vxeu+ZBSwBtgl7w?}Pq$gP#Kg%+_V>#6{Ws06S_zL{5k0Hm)FZ&Gs zrg15FCIO9JZZbF8Z9vqp>1Ur2;5Vn@v)eg;pU9yZ@SDKD`*ck3R0LSpr1kc*;-@zp`M2OOv5@(qRBcqF=HmIg;m!+iAGjaW=Dd8lw%Wj0?>H=rTzSz{?gK6Qy zYeY?GSymgYN?{e zTIn~+^D4ug*%fTo&APX^V0?avn$L8kv~6pb8S}uG{z)c*<3v)bPrlA6Au8Wj)?f3@ z$X2U>IvGt*{FPvpxM%Va0b2u!2D!%lZ@6HatwRlKcbao|tOdFpPDIj~4nUWnXS@-vKCS@JYUFK^tg-B(?L~+nY)7V#xM6&+?v0`Kig=HTyaBS7sl8CX{;wRX%_QNp*?N(%Xsw6zI zlrU-=mTOO|fldr>j_&Jnw_+kCk5gcD*uo-hZ1rue$H=%A_9K> z^@%+F2fWIt)A&hoM`A~s*i|D)U__>G#`Vh0OHXGh4V#r|wI>z+{tvC&&PpNtOP!eV zLmnH<`DjD)Rl&T29Px16DG`!aTsbHDFhxhNl#uVg#EixFzjxmI#XRtU&6oB3)PfIG zwgWM{!&~)LZjIhFrCIa0rSKs#+;#NRwOE=TOOoTckNm$+r22?S4rj4gOaiOi2mCvHpC>kToVoK)quH zBI|AH+aV(ccUD@S`zmBUk3^6nd(Q^Y(~WmO3pwr2gyYIyMrr?Gfg_JP?Lx9*X$nY7 zy@D(GkfP2tDnn)I5kLG-Ku(D(ycm7Asj;@CSBU3$u@Su~E@0`@STlw8eg)|v;d{?b zyTiz4Rzmx;+itRb55uZ(vk?gw_XyEIj<^K!06PlvmQF?23$r}_URU1SS-I4?sO@+>g>l1f zx*qKVw}zt5)owTSTV!!Vh%@)~Op4P}-=dnUVk)YL9PNK<^y(Gj@;#(tS}FyV$5*9y z7$!y8VuiB9PSVLHSH_NNdZ<_Zy}s+8I0K6o2m1he8bKY-m`-3nfd1x8iO_*ig?2yD zf{?>a&aR9;kAALTiAC%ePYa^?Xu~?ZW2~_jcM#l8vafp+7T#ap3r3J(o3073+lD#m zI6Q7pAv#x-UM~qdS7x*{RrSnUhK==Zx%2qcKCG z@Pc|OP*C*5CYTc;x@79epL9#Asj|@_8$yW$eO?Cr=cru5j1N*_MdSU-3*E1Xpy;<~brT z*ui#gl$uAD;y|R^6f=lhI!{it#2}iY%3(FrlGe!;#*XCw)JrFuq$kTiP<3gG?hf(e zPJosK0&;%zHwnaNCpIO`621DaI80}OCNTH8<{PZqjSzi*t7QC-$DCiDi);d)K6$Wp zk>FT4Mzm%PRp<(D&cpsHNDY_XhX{#Jh(h zz=hXbW|$xPTK?cm8)+3GfRau$&N7)4;%SL^Pkh0P$|B*bR?os<#?Xb0qF)*tI@uj)X{eLUjLe=KJC3a z2x}k6zvR}`a=l()Q`sigl$K-!b6K3Ayt5>lWp-b!!$ne9@;5ZWiT+H)rA`l}G3CQ* z_}8{zC=52{HwGk}3Ynslw#PAHfgJld;2#7U}}Kx0z43$G4$Oic@RK;lM*1GXkU9*%~*w zNZ0dLb`41ZuXyR4S+*?YBa22gB^4Kr64`C{JH=-_5cOd^-eOSl{NaMun47Ezei=^D zw1%AAjaySz?ZI&gzL$=5A>q|x#L@k1=|#~R(t=`n zksYVlU1QW6YW&Cpt0!xmqkn`iNeOgFKPmQ(Iukq)#MsY)hT?F83Sj64X^|5 z{Di4Af%I+hZS%f#BnLBU>b`U}N!ulP(0P_BY{j!$TTTNI!$~&CId2_*BP9J3;lc}3 zybX|g2h9?E?#{1Lgr+b8fjnkN6;eK1BNyNAQXIpHkk%9pwx>|te#rl8jjE6hP?q1Z zfGI`#ZHXkCt@N=zq(-=ft;V#rg4QvCV-?G1?Z69zIAtb+wMVPi9ZlCh#v@6T?;GU* zYPGKK5qq9)=(qKq-{Ef1T3vsKC%hC|ckedH-vXl^@ZF$V9Qm@_XH<4Q*e)@Q%+dMbAu4GUV^`w)^TQXY+5pSC@HdY**2TY0*ZKE9ME zy4*cM>}#{)(@tV)M_#?mYR&R$Z%@$-;BIM`=<;xLVBsxsoQlS9u$EAO$rk^mHa>9* z{#qrkb9(&4fbyXQHal7ZTYfS9$t}RR#t8{fExN;xZ034(*%P5bij}^H56p5))RBdnS7KlHi zLtu#^Ri{3jy??moPyq;LQk#*`{Ph4$HB{K0hF=~f&o*QemmHZdM-q*our02_?n9k3(y1~1DZ6g#q@)||u~_@s58uLNPcuN!_g3OfO3 z<-H5u@Rc(Whk3hv`Vo zP-e_PfI(n+WW^FGQXSM)tiK`kiw$mPQf-A=1?A6Nf6E65zOGfM%lQz^V;^c2iWq%_ zx}g|O^LNobs$b^fchjjy^7?%^BVw8nLNH1nb)=wQQA1~cQYng7C<<^b+!TuNt}&FB zW3cJmHwn@MFCt)-j}c0>Xt6}>5k|)9{-^Sfrw3nb&WIMa#ZS)mhbNR-8l0h_=OHyh z*2yni&y*@Sh}V>E+RWx{CNK5qX6;M)>6Y&}$>*oVvxSRSbN{r(-xNG-h3!{9wEK@g zH4ZmPKE+@|0Ph93+6tiM7%;kg#Flfp??5EAmk&XG%(|!|V=b9{Oi6ug2VJt(APFG3 zs0{lZR4iTX$v^5EqGUbfhCbeS{Vd5L(0!_0B#bz@n-;%cNxDDUnGuYnzfZ3rwA^pL ziL0!v@M_`M7=1P*oG93;uflV(W1-F!>RdSmkY1NG8(CYk|C3s*B!ItV}kR|Cpm+sh$M5Dz!$v+4ZRa&T-5fUaMi=Ml;_o5UehVSsh@`S_wBf2e-R#1)ZLU2%|SxzGFhdr_A@^hM{zoj#Y zcuM*3@?(H@=D&dg0-P?!wb0)QnBRBvB$Ty&6SvdsW+hBAfe$BIsW=a|dOL;MI#N0N zr=G?uSw6w=gb^p^a9_oGdRzRUV6$3HJ}XJJjBS7d{#l|ya@eeC7UJ!NwF`;D5ht1L z-rTo_n;W9EC$h^g`YhJ|;d|1vFL4S7HTDxRg}G2bsp&=`>^TXhH176dVjYU3+JS_g z;!f5vDCToh1Dmka?5j^OZwHmaX^YIZb|x~8fX?6PpMMq9XAxaZsqJO=!n(2;^zzCaq7QOl2+Di(_feqY>cO)UoIM3J9*r{j`J*|i@S;PA*XR=^Cm9wyUb4= z7H)2MPc9axpVkKAY#IU57GgEG;zn$*lKRaSwaldqn@QbR0=v?E-M%EpFquzY}=z4h#U%Rs5Y&qd`#f-$H5Z!b{nZ3 z2elI*!OlPz5u^mNY02_1CtNTg8Z6Zhrp42AyQBWEn2LqA?B?)iTu;#&&un8`9sPjA z)=o2@$t-GFytZ*2n{D|;?d#;oqSb0n9YnV9fyDh(IbnVSxPKI!QaLXaSkObN0#XOK>Ic$i-I5*m1v~DCf3>>j1r>gox}Vu z90eBvHf8^iobN#8yPDpmVJ3!DyiX3HZY~?(*mw7jO`6{asBm<{fT|7zC_%*I7@@YH zwPW~Ac^rh*`S4E~E`|AiEbj%|>Va+~u0Sp&ji%!5j|b*(P!b%po@?a8^tiQz+f$ey>Ti z>{T@+r+O?}c!7qG8_X@)eMbqV<&p4JTvP9uN^i^ATc(&s+4_&1ItmOwH*q}_Uk7s3 zAW7nSEB`RD?8|+lO3j*BHVk_Oqeo%_%O_IUQOIHStmhu&=5nZQ{T=qNh;6O|iy(xF z7mfK;u5_KDA3W5@CEp-1^&Z==$RybXt)HRDcQh@P;n(SZwaatF@2p+G=|>f$Kp4BN zill4Ti3RJ(gJ&zdJFlBnC)Y~xA%W+kg@MQB;(AL%YW|sI^=X+Kq{SE@?DP>iJhE+t zZ`&pU@;{;rPFMsvAczE-MDl`{F@_46=Ka+?3nPoXm>~URsdSARxhPJvU@NS!$m<%m zviSsM;|hvs@M%wB-U*9nOguqJMb>5e%O|HVd`gH>HjXe#5OR8NAtHixwU!=!v=M&y z60sLya`=$}9wg9L#J?yjzS2%6TfH;c*VwE&PJ%tFqViqh$GZA2p=KcOqk>?s*7kK< zNW9tuY46(hFJ;4wr@vEi?OQXzMAh-aHwt!aoJOA8-pKAiiQ6-uY?#?|7wf7TI0_7( z1PJ&4!SRL#3N5Sa+_(URUVy`6V5OX&ZdQ=DzfWe+Ij1G{+s{+R)T3WtTuw0S@#ObWrPe(+7RL;55Rk&SZFV)4q=#R>OpST4X63|r z9PfUJs?Db@Lgn0Yb!#M46FSe^uiwUp^GnRx>+a-H$89hE82$!dllIE!`bc7htnHZ&el0N?bGt-;2O%iAKkjO46pJ^CQR4Vq_7xAkL{NU~`0hG_)h?jP&QIA1z-y zyAfWayt1yyvIqx>Rio>?au;FET1dM9o=W62GOeU+D~T1rO)_wj;Eq0oKM=nTH3e`p zm2wo-*7&n;yKAM1lV?1y^XBpWLDSsIk&3z+lqV}|5u6l%)S8&bd2}c@HD+yY+mLj| zar~@9x&T98#!&{J&4(S_p!=bI6^Fd2{b_5E9EK!2a=*R*`M zoR|b?kTXOG*?Do*mH;w4DEsrKE`2P~mtVCuCtiR=?pIEB{Sw&`4HU$^zOS2h9EoEq zI#h8wrh8p{x5XGZN19sbtQ3islrOY9(TD~9_=0DVrz;;z+Frp`s@|%+vE_-jCu@%7 zyfI0z75l2f*#*?d9p$F0=29a|tX7z3xqkHx$Bo4AtIE%HI$|&zqRSkPWgIsYVK3Q^ zF9ME~wuyK2BjC(E{Y!iui6WaxWZhC|?T9FdT{C7nToQsq7ftuqfAYdUF+X_+(qBO( zfme+J%H8N5HL zJvULAl*?#`9=)@xW}z~=n{_@StbjopoTHKz7i3VP86)82VRPNdhsXyTz~NMyeqnNYI1 zxdIQ#GH3!p^w1x#=5gP@^o(`z0X};0P(AQyafOAumj!+n$$)OlXz-*u(5%^r_RDrP zG?8#v7SU_?`H3wkcov>X1P(tePjcY!!%O$TaB@ zJ1D9Nqsumio8)lJ_8EN1D=mX%+6~>qq37G^+WxN0P4MfuqSVCOvID_WPgT456KzW) zFE(TJh6CA>jl-u}v$45)6s*t2MJBr4Z(!IhgKv>=;M6Yg?`pNIPIMW9KHMkYvEBIfA;~?=}$Bh=$ z;Ip9ImW8$z4TPH(Jj&(jv!-g>Fx5}M&yS^A%*h#pKR_!1O7STm=m7b8H4rctKFPY+ ze|iz|rT@~94r@wITr;a?5Z6PO;H!}Qa8$&LreG*3B8amopKNS*yb=(~tn#Y2>{cW# zr)Wo30nPwj2Qy062t8!yz8^3Y{TwNn8oiWvn*o|P>n~O8imW$xNd9h2EAk{VeWDf^ znz_y2Xx9*KvA7m%#A=@YET|HUzZ(?O)`msD2qqM1Q5aeU7)>Z z@kR*eG!S@QYi0aNx4PD`ftgCG!}0VCsDAUd1Pe&JytKB3X8j%Nr6N+p(h9~F+7fL# zywmP)czj-9N8GCBapz9rxiEUpJlMUK^w7r{k`HOgLhurkI52wt?)6Y`Vl*+ASH7`Q zEWS??PmgaJjGNW+q_*jpOIhjibC$)T`J>~X#Fp2`oumnCO!)&?Mo<}>X@$^OGnam+ zcnMM?K#a4hIqBHTCIV$u+{Gn3vx1VQj(>L+@l#S2%DA!4lzkP$z$PEdbt!f&{rbg) z(e3xOyyv97%3V5aMizY9lq?_R0m~TI`05!|1plKP;ogt&mL>eKX`5AuWyG^>(-&Pz z3jXlaw}F`)R`8cOhkeB<%7SpvLpej$`QDbRH>Xp@6_w%!*9$Yr{%0F4r0HPWkOj`z zgIb=L5L7N7^A`k;BHA2fMLH&hCdRD24mB^&HtwzW)X@2aI5K#4KJG;VcZnYepA63^ z8={#Ifl&TDHr9AAgA;QSSb^Y45(#)jROd4I#b#9brF~QD$=*c?Rnl`36I?zEnWb)z zRI*;qSEM~bMiRg&Wk-q^P_k1T+xSZ*wHqCuUD)&XbfOe)uLF~h{ou%8ShOhrCgzT` zCDXu@H*D<~kh5cqtB@_pO-HkmeryU1N|^?@=ULt@UYZl~KZpR!`=++l=A3S! zF(Wp$5V={-^7UT|e0)<{C(cPpL@_WQ5FRg7Og3OHFB11m%3vp7Nc2%~e%4ZX$mL`6 z#SK|v#OtoE_ao!Sf(0vU`%TBT~*w-;R;OhPG3~nL=(p2qz4UuBuk}Ek7F;4P=hC0xDo;Nc zz3%gA%=Y5i_dIrXBRF@PDMG+6$3av|8Fs3dwb&~NB$lx!55Z$ulTU7)vU0~)$k_73 zAla*z0%7%!?4O$8_{I+yEXY6Y0Ig<9hokqOWH2S;#V~(f?G(1pV_wYY#3o~==RWVyuZ%>`I76TBZ~4M6~Dj<(;M327m~ECtD_?X{~BcTNA7%wr=9^ELs~;AHL?dv7nPF>w=^Q#w}y6kZiRM$dbwmN8XX zq=soqKdLt$T(FX&S@Mk4b6X*1YEYe$sd}5bGMpX=nJ*z1x0>7GuqKaBSbwzU!tUWd zem#A0h+t^7x}1`xVIS3k|1(r2CFc+|vtO}=#kgJh;3A(H_NHmX#trX6etFKZjP_JFXZ8XVxN*M%+L=ITa|;;g*eKnLKx6!#;VyOr&=X`3^5Zzy;7N5r2I5Z z$b>yJ7w8u2ABug_JG7?TZtg7>`SHsLxGJWbkKE4O_!MT-yjrqu&+M%iGe$f)HsKyj z&LNu{yivnsZ5cyazFL2O{}Oj?u+k-&c;lH)iyVG z3ar;d`&|-rn-^V4gY^lO{5;neW3Q@#eb%j#eBLy-X5W=m+w!6gGM5~aPhXBlU=W=Y zc(tH-ZhqyEiHvC$;Qo|kqU-UXobO*LM0=TUh-RjV*HNO;m7`8Fl!&Dv4~iHE{49%d z!3zb5I(`%5>O!_6)mM5Q4+@SJD^#*0RSGHDX^wv6qAuUPzc%ZRnYQUa_)l|b1$xIkdN zDxdGi{Qir}o5%bK0gWD^x)iUqU^{-7 z)Ihin1=!!(uL6_6{-$8YflH5wR9_hgLG|HV34h6zlW}kB_GEyr;e6DunjWJ^gY$dS zp|S$n>5`E~D;jqkjG;}V78lp)=b3A!3&4_M1I&(Id7xIQ286R-YVbXUO~b(mYnRC& znBArbhzHXf6cDu3Mcdwz@%v@izLG-KiDHseoMpCzLt$=+px-#R*XyWVM} zv3vYVb5Ya(ZFn(!WJF~Wa@DzZm*hH)!M-3R-g^0{`5flPZC1HgfnlwZ)?{_r>gIlI z3*zr(L%%80JTPo?0gLWkerm|{R>s9^$QbDqeI~Dh|3Dq0EK0&~>6Z`%kGyTEDB|jq z6ky*F%S`v`K6$ZI$aL{5us^}(yKhi_icV=S>cz}?LSgR}yNlzi)HzEjDFs{YcX${1D`efebre`6H%LwtCT6Q= z>WAZ_EK!2<2XN49lj0`R3>kY8(Ox?w^$4b-OF$wTIH;=M=_^<~P}KPLU>&)R3Z}@X z==Hb0Yc*pEF=|oNeiPzH;b~tfV002H!ThV+KN4XJf$1+K^NL-gj)lL;zXZHN1>bk<7D7s6!g)u1 ze?%D$gj8kfyfhPa;Q|Stayg0tQD2}1qdsw}5UDis?i7GeeGt8*nTWUkuIKoiBJd@V zfcyut;<|jtCFZ;`JnZ>p{%qriYnco)X%Km4hN|wR?yunjEj)V`zU`PQa})7!!|^;A zwh}%uU1kjDug35sPSrf$JYV!IEP#q;Yk~!Cyx^?wJEFbDD>B)uXQ!gAwRpyc>{g`{ z9aS|8g&^zRi!37(7X8!pTY`1{2+a;*GOvzhss-3pawT;D$1T^3^+*|8(bXGcUnAj~ zs>NwYiFv81M}Y`8KDybO3Ek$!v9I@-&w@8I9fMbkXn%%o1a9!#B(PUAf*-@H(GfXh zK}g2_!-UkkAm*9wHaIJ<)+F%s57={nhVXQGSl=YEbtKrEEPS#*7Ux^eeKu3C>(O9S z@RyF=5sYiX{HXv>_xf08v#{SJts&|D`uk6TY%pSwA05Dupqw;(WW0l)kmbfdg|xx& zaO?h&D>z~%yj)|7bf>OqTrfQXX{l|Y#DyPWdMASmzO4ODih119zEgynglE8mf-9+KaLEqn+GctN&#~f^ha34WqHHS}IVs!WkJTK6H=ExgEf6v3&>xr< zyr@ZdnR;a~dbE6Uz35#|4nDa@OcSSDU`$~j0qLcaMT}ioX&`2RI9ybfu=j&^!5mw1Rv0NNWh?Ev4 z1oj*`QAQclv1{)ztsU{5J!Wg$r+6#@kNT@w%?o~LvBJxkemwlvR{v0z87z89Y|q_} z;cjQgd5g%DDc47{Kf>Q#5%NohaiO|+EevAc|6;t1Qp?L8-HbbK{u9MPoEM{{C>2^z3gcB)QQ zI@5ot7AyYszIuzuG~j?74-UvyYF=?)ID=pBgoPu=MG1 zU{ac2$r5bch3eOLV@yeITeP)xoDi~_Zyt+l=a$XPw-Ju+Dtk}rVihYqOIst}=~4s% z_nBnQT>&vFDZLK-o$FXp>+L1x7&p+lI=ow|b|X2=M26%EUf7=ph2(rH;rSwE6y&Eb zlsDzUve=5?L7RI_h}W2`dB=hKR$(Fh4Rv{X$D{YY451z7ey<5&`x}1R=IZkg9zpMUCvpC>_ND6Me9DQ0Vns0HR6t|!%0no zD_iEqly>!0ctVBq8sK=OqLKN+2wWb5pRW;F(u?~GA_ur3`da4gl^wU;%t3!HgJwxD zin|qJ0`J3|YBkJ+`8$+H&ZZ+o3Cfj^H#KO_}D%^CwU7-^#Sj zTxR0@P?$ehhiPrIGUIZRILaY?!NVb3Y$Hq)am@3Rp)B|uPB`v=Ryh!6I~G0NZk`{X zJDuonXnt0s`1$XabIuCyac6{*nO$TLeaIGC-tL3^kJ-P7ge^S;Kw_wj%_Xj8^tmo9 z@uqkgJr4%hJ51-T9JrjGuuq4(=OQ*QSn=ObQ!a1J!LurBh*u(?0!m*xW!$%6-wd&; z2C=$nhPLI4QOGB`%SB5U#is{&Q6y4738EQWLfDCbulUb|ijno=L9kWp`?olXw-72C z6MqHkHGJbP9DFWp!s8S1?}RDump|~<03moboY1z58^8ZPx7!~1`of2(y|@3W>PO$B zBYMGB4uSsmi*D&FL>Zh1_$Kc}S{hWca~C&3NUImp zTvPKP!M6Z4qjEqGYO-&FzfX>#njq(ljEu`0+0>tE&%U?q{{~d8fAU`$HnQfy8M~&r zGRv5r`iy>q)P%cr-`1H4(-9AyWWaF6PgiR?`e5z~ zJczZBt{eA%qnDHE;d14N04hvyY`7jK+|tYVVvHAHVMXCmvtU<0z!-q1@c2c6_D01; zjc|2%1w0_V+j!iLK2nd5QlE|_9)?JlwAdSVo$x`c`Q0Z2PqyIsz*Ov=kHg4?5|F|g zk=lnTEh!Ykp0?UZR>`dkj4zL$54WL<-3w$vL@J3b-Ah&?lSrM^vLiAOq5Kgm4vTwqdU74+7bi=|v;JS_AlKB2@@UL*dpTdTZHiQ@XIcJJeZ%XQu`=xg7 zmk?U;v4DO2zPvt`k>x?V3ODd0_G=AP5l&Qn2>6JtGBzY9RsPdFUq1vT#6`n{+e+X{ zK3;eTF!>w3kB14v z*F&Dh3uJJs(UCSrc6jE*{7|JU8&Vjr)#$0}79Uci**tj%w`0@AQ+Ry*2uh0=vKA_w zj8bl9o*(|4U4bmvsOQqwv#>{L2Wf|f5`U~~q3}$lc)ds!94WRlN;mB&fC4?be6qNM z2=VCtK_8mKiH`IHZx!h^kDS04yh0zG_T2)89P1fi=!0h}!)ramEw?1yGGOv4DiYr< z-Kh-U?RZn3XZ#%T;A>mL{fv#JY{rObqe}8m@aX|TgqpqfdyK0~$1K)={v|r?L|HJM zpbei9w>82WuS#ZsH7PwVO7cElGP*&U4%l>zp3;BBI86D!qQzma!o8bvi(@?&j4z}}%RElEhGzQERPfb2hV9DPeV4yZK+Txw zbHf^ga5EDgCOw^11;T6;leH@t2&663q=w8^>nQrj$xk<5y< z#5K+Zw2An#an3fEQ@Yz?5_7|sW0ovZ6t=orU4QJXIpO~1*f}FCnL!8(R_JTfoO}e| zW>iS3AkMGBg;U%Zb!Iv2Nn+iUjg|qrgs;scJ8l>MZMY6$c{=9eaK^=2$Ws?QJoTp- zZagGsVEw$z*nskt8pxvxujpQPLQWZa@a#6zfXBjIVX>>tOg64Rg&}=1gD3|_Z3XW< z2QLTc6FRw)R}e!C^6ZZKc*EZ~b&>D)ua*v?&cag^;u3~aMG^nFM6^z~TZ`-qC?qmn zDojCL{Ov@V@AqmSjkY3iTO8Sbjjmd|0I$zMw0Bh<2r}1c%eIWT_5zzs9IQJAffw|F z?XgoiV)m=%Uf(Pm8O-9cqpYHo4nU_hSyC63N46{cwvkQ4&^O^&jO#1gYOA{lSTA*4 zGcp8#3p&gWnyLC@bY_|hGNmg0d+a%qAYT_;F(}L77EsVz($^KT!g~w24Sz!lUZLiR z47T-<7~HKx`6r{@RQ?M&ucI>yd)Lw{zet6%$u}3DAJ=~~xOuD}#xvYj_*w*HV{XAC zWk*~$8>ZM?Ug6#kdU&}pJy)d_wPR`~E&T=yk!9t6UpqXHXK3W8YpV>;gmZ2CHd?PI z$F{){zc3b*`a)EZRk2*P6w)b9>Hb1auJ5tUAwDEwHbqI~x=m9Jg$}oIC+pX~>iB|V z#Z06UQrXe;uyeCv50q=mVw%D(N^Py`p1@LzWEfUDxql~dUW8%& zd;q|I_?y%FGECM&5NjHhClF+}JL`^t3|ePgf^BSWu6&l)s>dU@duQkjW5K9^hPLG- z)^uklIkS@pu2d%n;kc%E`iwUL36Em8jrWwlOlt*4xyDw8@6djMQQ_Kodt;Jss$cjDO9UpvSp7i?W2zMH z(Wy);5_yidbm(bXlBXl*7o|Asl@YkC}p89XPNMRSZaG`^W?(+(;aH<`gCN` z{d<*7&7UWtEQRjsO4fh3E*L|S9!eb-g-jAP?to^+j z@%El~T^a+f1WO0p>?4X}&=Z9%9ppd;^4MF%T+&_s5effQSvfuC-uGyFa^q|DF&W0}lbPeg*S!o4EQHHutmCy`t+NNN z8+@u)&!puo&j&dIzq}5II@djtEbvOLoix0aZ=X_SSbBPx8&gSf2;zkfjgvtt< zGGGX4ju55DA&I$gC-B#ah0b|h2Tj*1tgO#H;c{S{y5bZJkqT*ThNR!~ZM4YOL)K*G z@;R#!ig8Tvu5Qd`prlSbhDGidw(u0RF%Wv`GBQ-tUemO85&lJ&@Php_FAHimPe=1E z4J&n#jYYL!NCxack^X|j2C3{qGZJ`W5+BL^TL@{HX8z-Ccu0#28j)v!GZ&v$&cxgr zvkB{$WLaH!QF(F(a;7(gO`)S)^BYtq@mOjf6}^fV!wAQ2awfe+Lo3Z1?8o+#<^A_5obQEd0EVjzuC8t!`*R7-PuHI)_}*zAvXSwku!q5Ht~uY zYnF1jrrtz})Wlw)yDWWqtD05>zx%DF%;ZY$l2+pXr|hXfK2Tf^0xNr(T=jfu-ACl4 zCNijRgJL4J>sIA-U<2J&KBasY=6o?e_O6dI-o&Xs-ZqEVt^Ga$QH{#)7aSDOOsRZx zgF-nS3AyN){Qg^S3Q}0`di(ud@3ts`U?7^~&O?zy23WbkrRbKi?Nk2llO|eMe(j3* z2VzWod8Cbx>SFk_f=MWGa|@PyQX@8u?jx=%(=UU56<1836m`to&^*h#lQ+%M?1@L%y2sme@1-zPLfH0&_9jTCE1EC-)mH@oFJ^^XrH=ys6y-b?n$G7nMyd+w+R zS}pTdXov_hWO%=C>9K(dhwbn7(V9+&SD_LrQp9fZI=}(U(2kk4?bj&(aLE!-0ixsE zS;z%C@>5t`pI+{CSBjhUHt;=2fB31Uj^w1qrx0i=dGkKcB9^^HscmJ}W3UJ;$jfh} zcH#K2eX$_xl{q>y-Q2;7Z*=Feh=;wT#9u>-1nL>wzxtDeNNwe~S{dT$QR7f)D1(P_@_ zbdc^E|HNnlx4cmLUTW@jZB5|-4$`)y%>gBWmT(WzIOQf@n7RT{p8{p>xJt2kZsLYn z{g+x+*WVbES-Vpi)^Y8HXgw-CUb^nOz*tAjWJu%{9B#%&1wLoAIcwYD4ovcDLn*Vj zy-)HF4C0Y9uV&6;P(73)7nF#fnbOxcMC`=&#_-ia&W(#!RBdN9HX-UZgDowj_b>gQ!obQk$7aNw}uP;6M7r*}YIi zMzNnnWLRuTVB#?vQXoZ<`vs%i>dE zGhZL(zolKyeM-L?VA z`>bd=dt@nNuwmQq8LDHq(ml!N0-SO}_PrWw-E#{JoS!?n*{ zC64W=4Ww8_WU0gWrC=D>}v{&a=BOK@24ZrF~TefU~lbxKABt?ssf$N_P?qwIO zXtaDA{;p!Z@L94<^S4>PUE&VqbAc$a+_Z|$6US#88kiuLK;k zI^tVB9*c$5UDi+a)dqR*;-!{0QqPtRI}<`bXa(bH@sl44qMO2L`}p|^qA#nk$djog zPq_eX=tIK|44vh{%hxNxlrM%&V9`)h%ZtYJO~-u3Dh?{$p{w;S-HM|Q&OUMY{g!XP zSVw)3bq+LRfWP*Dg?rG;1)Y0nIs?sab6IbOdo5;+{euwH6&tT^K=60TuO$Hl*vci*gJ4sniyP^gdh zn?IoOz=~C3NCP`f4`6EM{mE_a^%L8lxBIg$O0Y}21}qa9u+qKl_VvEkF)B4s@aW35 zrYxq6W|jzB+u+}UhN=izTzq4PH{nF{Uh*SiF#x8~b3Pq-cI| zAd?L3pOxjvQ0zOhc)`Po&e|JMvSRy?gnIf_68$deLKV~|#jA^1okcGlh_AZ;5x^hj zAF($vRP4s&Rq-5k@g`i@r{qSV)t3LV_?`F}VrG~E{`AT~f)=e(496&+pKJ_aB;xm|5kHQBKaRLr5kiV`FZi=PU&{jMs0|Gf9sZf+Eism@xK zz#T=pAB|&D6q5AI(e3&XrQ9>R%~z0_@eb1=+czo1W$kbDF@y2d(@HZq(19I32t(|3 z{cb^1@5Ds4?f=hB3w?v#@P`R~U81j27rLYZ+WNCIy7|7JS8}}(yZt@|>K1YRaj_wN zRC+K%uVI6(!5zPD+|fFC;OP22KM z08R0+r+G_k{gD+q^`N};nAehXbl2tX%7=Mc%%jQf5+L*GN%(~k$N|~yYo71#8*bRF z_Y|#WrUOm~I`r%f_dMomV-u_hN8H$T;Qd`h7cC28n<=L_+**3vA^o} z=7zN6A1hr6+3|A&0~}3x+(1P(2I?M}d14yk^iu*&-06Nr%xG2=g&G*!Z!8p5Mtn8u zlpCD6$hw)LA(!|bpO)s+c-*VK?TZ5W*EF129{m5NiQv&s=<2EFWTE!p52)VolGcaf zOWNB0Kc=oSuFB?V)7_0UC@3Hu2PtXk29a**&O>*1ceiwRcSv_hcXz!<{Xh7Ax<8!z z{APD{X7-wEX7|2DeBG2%7QNe+s@BRJKJ&G_NV=6doFnETA2zpO_RQK%A08=DQs*%Y z!6R2CCnAizC3T8sS$$YtYgVzR)zlIZJuwx}AHv=O?{uO;lX%RdBLcT7 zdlM(zWPbMLdW@~7ONrFR-chy=Y8)* zoUxq-T_CxK7!Wkjy0(X0bptKPt!camR^JZ0(g;&0pgub0H8h^~W6D(s@8|4pEy_0G|3gt~rRgD=HXWtE*h#RWeo0J-3wOLA|7qx`=c&X=~QV)HhvsCV!DhY*n zHq8w4G1EHgiuYL@_DnZAW9uaB=gK4O#+WXXz&*wePoB9pKPd@Qv6l1q4p&N=AyY>1 z3vjR_U3vA3)5-e|Ej6&yiS{c1cX>l#U!6zp7~eH;q_$~mUZb#;IEITS^Kc}?AcDgTPQO6b6T_AoaadUV#20Ekdp_W-o+LJ1kGq%`U;fcwk?~T;H;rqE zKGJ0{9rtW^mYdbZrNWG{rR;PhBQh)J$(}vQ_zZUK*$+48UJc;5v}=(mO@8{FQ>F6o_}_g}bL_30F<%YV zxu3XYFHOioYL6^1Xn^?qx4}l}afW!3zF5+0U<(%C=XI2K3?mUXdBzr})qQCz=0DX9 zc)xRKe5Jd~K-yQqmh?SxkO z*@tmseAuuR_muyw(7JQK50oL@>st1kb8k;@2REeXuxIH^n1fbw*<6s@h7}@l9Im%H zOMUo2VjPX)P1pfys5{P+s(|S;)7?ETdjS}+Nht2V_(oowUj;U*Yk(AdP zlh{DwLe5x!Gw0{sQ?Z93evp|uLqF^agjDlZ{zJYfyAt=4ec4*3^QM^Y!U$9hz@OQy?k zcU9){xkBlS1H(J%&(y#?;hs{?&e2B9Ps=A-3LD{KNpmM_1vwA23KKoDqPQaO)FEP# zDAHl|L7y$PCoCuRbnCkS(5MS(p1nsn4Db)mjw<*M*-f2X%81_3Dp-rP2`EThbN=?+ zRkD3gH^aH*U5_CmzFa~iDry5>^Jby>YjO8TO?$he5AFcNXMPq$uEpY8S^p`8o9U#J zkgdShirM^>eVH&r=4EffF;U}bVb(3DB~E0MM!(_O*o6<=D_aaybB(-j+C1k~mf@De zw{$E^AeWVZ8CA=QH!icW%~snFY;*Yw26jongw?$?lsD7;8mbAa``qr|=_5X0O}D-q zUoToZBc9hVGreY$Nai;seY&wDNYk`y$SPU;`Z9MEMm*50KhAj?y_%!8i!&ga<>j|< zDU;g1Rm*(LP(}E?D zBvoR=u6D}HD;=AM^0hzr7F%gGG?I%AEmM{XN=3PwJ3SU=htdOM4@s|&3Wpryio$Xn zehER+C>+>aQziC9dN7?%iaD%iJ;juw5KPk?-#QQ_I6*!}9A2(rPIKxXIWL671gUNN zF<39uGbK44)+n`hgs1axD)RMkkR0=%)Y;eMX0t$Ey5%p&SsI2%rR>Y9~{VZT>JIRIll2UkWWyC2Rj z3I)G?A_}k6dl<{GT%Ee@(lCsA}OIY(GH zl?m$UwSUzMVF7CiU>?mTHDd>j1yJs$J(UD zsk0vvhh%#){g6Mx`oAeORoDhv`8c;VAyR~$p_ zR3Xw*7V@omB*MY4Cc04n0ocq*cb`TXMV)?As*2RRm=~ezWaY47t1Pq~Zmw_Lphw-q zXaXH6tTVNe*<_V4n~Zdk6+0TrGQBLgcd@)|S9W+z7B5bm7cO^=dI+qEq`C1cq)p)L zJ^^qXqHkJ8<xcx|Ewszf-;NZ!T@4PEWhiI1xEvwcWpr$XwCe#WDjC zC-SKw0{O%!sm@Tg2#`kmKxlDg=!BsWd})mMyEAGmSw@=ksU+lS1yfdBl+>)hnG%yS z>ZhwwL(X)AQbVSEX^Z$}H9=OixV0PSY!tQy?gq0OY!g<*IGV+4%daO=_|H$FJj>&_ z@z3gU!hS-8A99m?^~n{XslFk@O0^h*gQTZ811$H^+Y8|gKVcf-Lop)y5O&JV`b*>x zhiF67A9A#TSeD}T_7Bv5S(f4}5BU?9(hDOcAf?6qrTzR5`^Gmw49io^rs;QvCA_D< zXi`u+$B*;FM>YCYVi1~&Ym?k#UN|<(7Pfc!%X!@w({2|e19Xd~Y|`JHQR!v9zJ{S+OwwG? zo~4I%m)wM4LjO4v1@kqS%!$kBxsibj<;xvN7b9PUbOc>sajQ_h7kvmSUNlZx?Hy&N z)1HiH&e{@4D5m)i!RG5Z*`*=xP$s)-==T-h){J!{ZYlfEMeTG<<|)c zEm1l_u=cmAv4LX{ys?l5Q9#=B!2;S&#a-uXNEKB7cmM1#oBQhoXS%3Ml1Tc1*l%rw zV@wY#n|&`y@9ttR#cwpnnqo}leR+f_nQ8glc#4PGij298;d$-v{z-_VOYFTOS zi(o;wI(?_u^6`>PADJt24{`9@w`XnleE$8Z7L+_1+ewlK(YMu}RJY&lKP`@I zL7;eTLMnqQ?WVki@6z^m7H|MZB8uiZhMqRAD^>M8@)bX-+8bIkFK@Y97`{X+DpaP# zS5^gxk2_Irfcxc&nbDwp*<;oT=EUpuCm zp9d3UD-~?Px5Tq1L!K|Z1{*ANPyw%j?Q3te3$LrCwKBkRp(TYm7XC3hjc-Yo z!NFkTba6rn=JQG1s}<90L4d(^m*tyOMb7~XObN&5wXU`1#2W(bJcfPQh)I1eAF3$%frsIA$#68?#&GcT7eMy%_wTt z8bcu9TS>MW_{EgtY)gH7biT>n7Li3LaIPOkACl}OG&NVcsVTiN*wb8O7A0>bx#)`3 zpDkx9^rAaEB*F>uaRy1l&mB<$&V5Y^Z7^!Ehb%9&7YY<$IkMMZW@+$F)wvW z$cEbvMnxwwS960hr<%9K=aYRM4C!E9g2X_LUw5?I=KT4Dy<(}Yd$0;Bq@+=r53j(LnBi68+UH^bl7F9|=>5x5az z&pd!-)o&yhHO#796^$s@1fI4iX~*r;Wf6QkVSTH^*1=e3U8yyQ+Nu6+wMC(ux|?(d zdr3f%<4&ukb79g~Bwllqi+{#64KGgM$TZI+%u9JI%Xo4{qj|9qifjWFg-w*`%lzUP zkbnS7Q1u?A&xa+>yTGVKv<(V{hnMna5a+*8U2?_qY!oUnWAl>H@2 z3Wq=OW1(UFjM+8C>jEAjjLH`m+i27!d`L(#A)c0g^9_|`{egey%?4DW#Tpjjzf~~j zMi}J{W_!5WaJWr#XNx~)d2po`2Uk29XkOIIc6%~CSqrc}VRd=lUTzwbQW2onqKhx- zk@9WuWex9?3+K~E*4bn6Z~kCEJ%i`mHT`6H1wX&+r)#AkK8_6K&V=P(Yp^03zI0wz ze<@EjA0mim(Mq-UQ!{r!Y?GGEGr6xS1v`_Ixi8Y5V!fN-by)a?BF%S(k@}b+f>XeS zFACWV6zE&`!p2kWxijs~7H#_T%4D^cpyq#AxA8juZeA1!j45glHCHZLW!y%4 z{?$k0lwxD~5>)D%+N%rThxi*a!bD8AZcmPV4ryfP=tz!g?h6ogjlQ$)lHz{>PfUkm zDEiHjIWDg%3c3)tYAMy1RBl}-QQg<3PL0M?bA^Ub&C;-o_ z%$V-|ertz~b6qVt+{TQjqb9an)HQIg78>sF zmXi-J#G5=VwL*>83(<|3%Kd5$LBbK&S(3shzw_{AW9L$dyp^qd@1TnlfB`un?uC`w zFqLHm*T<*&O=!eNwPz}7vA7tkL61i`at@4lA9O(P2)u5KL28--fe2}>fC068lI^8x)wqWtc%J}4!D7At32zDzHCV3>_{?P0zAkd^} zi4|ZxR9Ioagyi!_^Hpm(;gO~WWM4?=3_8ORJAC2?;gb)xX>SC=u~RO%q-@wF50&>_ zQZD)alPypM#XUhqIu~4Mkh#xogi|RSpi*Ex_)fK=sVvC=D^xU$Ik{zpNM?vAl~wuZ zs)Mibk+It_Qgf2O@4VXC@b($Clw;ennX{BEn=s46L-Cy8JWkUf% zG0<4Vj7ovHEe9*aYB%=ERAoR|K&aQNxjpZXzwb~P_n^EDF1V>~D-hOxCLe4$5kmC- znSNt-{L!&Cub|EVeQMEG#(c>esFmHcqS$6KwR}vN;-8V^$7#rf?D@yfcGe06JhD;1 zJwKHU+OpCpg9k@dYVo}hp_O(T6ztxx#TE%vo|~+P1?+pg3Lo9eMCtIAfh}4�y?B zPYbMuR5V{fV#-@289TIe_cnuUQ8MoSmQK|1Npw1+gz7S@PzIfKoo=r8`lB1K@yt(o z`9gm!rYnzH0}$=*6InQCz)2W_ClSiEWv zSmW1%Qas@ggZe)E5@(LH-FWdc;HHfa&u1HRGYY)=Z1ymI#Yhg3dy1eIy0(0LbJa@9 zQPYCjRhplKzGat4uqNs0J6pR7Y|(oC9c47iADt8Yw45Mo7xnibB@!fVVm|IG=|_x* zu42#=Rq+eSck3prx2xcXVM($5Hx$FGFaB%%IgpC&!n{+jSSnnjVnGy7*$z4S%fvqUa3B|szOf-BWJ>10 z0cBs~1+DQTK`YYhPX%H@D;@_5ABB63T@|vBU&IhSV5&C3TETfcx62c!AZdf@?+#HT z-T)u;H8kPRpYe*@KZ5SB=*`mFsv=GF1#9#l-f?=b?8`hG9MOT{&mi+3J>Bok4M$Or z=EFBF?qo^s#~1ssnEKOm);C)Kg5dDif{)hf)O{=RPmeIpoYWEA5l zH{i=66|A0JZZ7fH+x?OJF=yC|+$Rh%4{w4g`E{GAfjO9kBqyqQQ-56o@Gvtds9JPk zHy)|L-G>N_$aJYdytO%)*PU>_)ZYvWx09{FS=vHbs++CA`l5Hh-nv@_5zcOM94~1_ zMg_eQY~|=WXk}EP!)l7VwrUh5tZZ<9Sp&sKd18qAJ=)YbZ39r z%50=L+H|JV2%TcSMCd2E5Gk&M8&pUDNkvA8dR*yJLhiT(9OKX=VFL;AS~cA3#J|xT zj+3wZen&4_iJl=R@ckN0J?r};8>TUD1co!ghB_niVCgg3cjLa)yQXU$F{e%6a1+5$ zKrJ+n`(spL@qAMyE}F?>N2^hlD>jN?ydrz9Qzk)8;SE^v?%r*vjXn``6H{npI2V3IHO4KwY+6q#m=H7z0U64`!V^3f0Bn@#BbiQ!iDzzcOY$RfyxLP?GrgElM|B$W| z9J?qn-!FL}0AV2wWPL6^6x3v41wK$&a`zgIL6bgwcnotNKj5Qkk5xvP)RCSF)KycV z!&wPJzXE2LDFKB}L^5iHmV8&1Na@VM5i(+#Wb!w1EXo9~nod;as3xu6jv7}Q9LRp; zrG8n(Gqm*BK1x8J6GVvHIQ#j=x& zBkms5MQaI$)*#2#XLL~6#nDcKC2y~6@&(xa+YqGoWvSME3owgTCZ&@4Q)ISC(jSIehO=6rc>6sZaJ2!T7mIsf><->UgQres>==5FVgB`AU+V_+uZ&mVC+%D< z;z+jOU360|O<75-(9mYL0mo)paG_UEmsce_WR!Yqrpn&e?`xUuREPdRup@p@Rb=!7 zCfSQRt!WUF?j@EtA>e#b*RqG?ito~n#x>&Pf~XX!Uwd>lb~NsU)LC_rP|rS~i*$<0 z1640t7Ok4~H$=t~;o~QShKI-U0X7dWcN*sI3^izXE7P8JdYzG?naB7QS5|9g!dqcM zy_yQrf&gD9VkRlbRFHq)BRkZg9giSe<*Bt>x1WOl3oazAu}D&bBxbgnApC6p6VqK} z#nuqxdyL2B5yqpqE=IKdM9U$`-p@a0e#1i!LP&Tkq_=Mw&^i#&u^NWNB4KI4PN_dU zV$&>rhD&>p-KQ90B!qm$Nfbj@3=yaNcyNj*MnjU_pLf|6MMPo51d)_Ut||Js8%eZY z6n;jRMIKC1=6r)KC3Q5a`Vmyb!%}v<^+xt-WIg}3e_bBsNz?@_-{40yIQpMVfddOx zFhtMhJ$Qg);i>O?u5C)opw#Y^cU1s`rJ*jYUl14VC;>hI(tk#Ras&>FU|^sKHi?o7 z7XUJn{p01P`zpUYz%aVQRqMOh5u@tIgNId~7O!B=BPdLAusVFyv+vnmb;Jt>&IJ*c zOpkwe$;Gu(|HyJ2yK&W*c?0b^UQ^$Tdv^eRql*Q5+irDq*|(^sC&LFucKYYNC3jux z*o^Jx#X9d8#WHY7>?YTDNy!!0(zo2tuxj>GZG}#E&YJANUC*-KvX;H+Y)x1BSbE9i zV&T%S-B0!}mik3e3+_|p%PvULi|(DXWtvM4V|DmEnh#^!zBZ=XiWq92XGaZIg&;5Jud41{JEv&QQybHCTZXY#@GDweT^q%ym z`v-QSSG4A+Q>*g5Qi#h^X$}rF+w3(C9bnHog-stN+%#Qzzs43%>HF@$q6IJLav^Zz z2;5WmYhZ8oThU6reNBV3HHohRa(4LzF+j;`YlM7;dg<+j6z2dPw4Z6H+iH(@>} zi?SPp(n@xBVBy6)M6q7FsCqKH~237=y* zEqK~oIX<~3*`8vp+oE4#<(sl4((^AepS(>Tv21Ofn}DqmL0c9q!t|4+p;)ya9=BjTL)udT$VGEc}?oXR)#MP)gd z6+Qm$j|-?^iNuo=st3W@et-+A|FW6F{IPxrqJKK&-umq(`K4FN10VjJv_A!*`oDB3 z`1)t=F8?lQk&J?+1mg>=kC1mxF4u8?R*!&7)lh#1SA3?c_+XFvDOAQuX3=}1$y9S0 zamQHQ)fbb|9uas_?sC82&N2L%m)_mJwHf$w-rI10eK$f6iEn?D+%jrc>$Q0hz-omP z8pNf zkq2Z=VTB{vVGDEC#vsioQ6 z6gE0Qu|JsQlq>wM)3=@ISmN7QdPVn^(OR!3fzC{q74@t2R%)Q;2hsV+%U;PjIS$xs z9|Ltz$Xk6`S4$!K3gK5d69ld&zO4p7sjJ%?DVFlIB(@zu*c7WvcZ&cn1Z&Wt8L|e3 zG5_FNH6Lb>0=R^rE;fS|hllF5WcT`LPhB}Ye1(P`BZEo%ZO}&!tpMaHPXBa|dzFyC z%Rh{%NWYgAIESfdewc;Y{7t}b!1d#cJ2IJ*Ps;KSnp7O(Uoc%Cwe1*4yEUk^mCTt{ z_SpGJN#%XKB@}3^NF-qr|Lhmr6oh&~mJuJwKj$%tdZ|>Ns~q-NvmgZdo8QvPFnUP#zd-fr5m-gFzc*}4};mE(EVI&k{ ziW<>{3R0ll8^jbH{sr(1=-?ZWQ>LqpDi2WNLcU<(ucfub`ezSZGXjxWh?!p$S_BK& zDpeAC0<2wwYp7JN|Xa+%ZXpQc@TC}wO#8bOp@;(u&|`3(v^i1T3a!h{#+MbB*0v25-2VhY5& zA-_w{TGJpbS#umQXGy_)-A@Iwd$^_EwxUt-PmAM)n&RlN6s6eFZWz4jcL?fL)M)bV zXUruW)vALOrX4?C!$qB?PHfO|W}ncP^WNL~W_gD@*P$%Ce0d8;zYuUTnnxE2knO@j zeH7*%hHvYMHu}52-Xh1k?Y|9P^_$q}P0BV-U>_9v8ks{Yia5HYsNmO1(5aF*ZNVrN z{0|PTI#+*jA^YZ2bo1l!(_$)HBv$629lD3bmdra5=DoZJUDNkAJ8f;Jozf{P4>pbg zZa#%x7Q>+iO?8%nKE}@G@tOOz9A6DD*p#$QSuGSQKDG^_0P zYG8GJh+hW1;Q7i!tn5_~ocYcngR-G~RlRJ67qqR$$&U$jH65c1-y56u304uWZEEg{ z#@uU+jK3P!l-&t=%YW8Wgk~%5IzuS3$`?)>@PYn={Fl5jafB-y{7Gqt@94dwsX1yc zxZ-ZDkK$ZJKzyt1B116czFQ5;8z(?VCd<$*M|8---W(Z&R)S3zFxSc zNt&lZfC))Ea|&eEs_D*H=&^MxWB*lDK_b}$_{LX*vV0s&RfYYR??D|^>ISHyW10#j zij)#G5eHAGw6EDCY%I~^M_e(JwBNUn{_F#&{+splUIjL2)(9X3l|3d{>qR}wbV+Je|1*FLeZxmk0u6&N3K*#@T=KpX8!CbU^%9vs1ovj;9M%Lv0GR88RtXjc=O|iFB0kcC;keB+#gc1|wPiU|~l>*=m zY!iD~!U-mhiqYi&gP^3mA>y`WM}KvHv~ILLnkt!}RT!0_QpV{7SUaP8YD-&Hy$%DK?oOy!zz>dXRsViR2fJ zEL@2nLQW7>jntV?H5H7Ab89p_F=019Oyh`eMW=?FIJ~Y0`5LR=(C$Sd5BT=OfSf^` z97KY)6j+zPC1=NyAdKa|+=!Yk-dX7;VKdjFEn21uiIot>`{U(0w0|&N?;Ejj0vezA z-qPf%2~=*-2YQE`G*c>(DI9?@zRGI2|ujAVTG7b?u+FYGBQ$Ma&>HL z!a)^cDrOE^A(}V@juX`_C+b1VZGS#f2UL^~|6iXG{MKY&JVE#kNa=+D%JI&GR~=>z z`7ISiT{aH9r4C{GiYIu{IPx|y?0+dix5Y?#d8@cIDi>|xi3L*unm)6>Sq}U{*@gJm z=de)d-vXK=&`$Zm@fQStF@CW^F!EE68&jgAaYT>(B#`V{6u))~@v2;>B3SyjxL&v* z!U&Y9}ApDSMiJu5pBHpJMJ zZkgd}%y67P0D$}h1s;7ikc2Dm0uk`W4Ity(yd*jTlNoq6nB#CWIWaxQmb+W4;@1HG zR`#yYpZP6rCq78{gAw`A=U4)DJNJh(s-68GVuzIOdD@d0Ui`Zm`uqH(dR(?ev5jc& ziGTdC_hP@=E^;zz(~4Zvf}Ea`zi1iw{@1peeX^0^!`R+JEs*Bh_!7V}(gZW;bkIg= z1TB9aeeBG#wF{$einpu=f5l?WQvw80h?&R=E!{jM^R&Z~3Ttqw_!XNY>KYfRD14>i z-*ZLmztSDKrPvzvfsSmrqSAL%z!d4%xHVJR@Y+yGSF4Ugo_3&t5=&0an$*kJQM zn$&#IEbB4WB)Qgcu#-~1s8x2!4d1zn*F}5R@?rl6Uhk6z8xg%_rr=^ySkl z=Zbqnf`j}XFt_!aUv@V^8)MGeE#Zvq(~B+5JkOiA_wn>w%BQ>?6srpFd=8$aIUQ3< z1CNsJBU?33wsxvd6v1YFN;Mv9BC9Ic&yz`C9IcL;9n0wIlvcYJk1}sI9276E%0k~W zS9pg6oKD8mzwGtLj&ZN<(V%a;9v6=&-ju~hs1;SZcDYfup~Wr zS^oIjfx1-$CE54Hmo|r|mv1LxE@Tt$C4AF`X%peUTz<^2Z~o$nBdo19+U!!ppS48^ z;PHLk;#*8m)5Yj~q(KP0BwH3y#KymHPJM(m(=8o+i&)c-$l78FgS(e#G)I3wwJi}Zz{j^w< zeZJ7{@9=T)183_U;B4fy&YIgLYK0zbdi9$U?mA><;vvqmZR?@3IA5! zC4T38Za7se@I0u;D<0>R&E(`_d~(ITH|e^N>=egN;0mMOJZ}_kfr6EGiq=P-_u)xF zVQ^t|uC3R&Wk6+h;z>05ZWNW$x{to&G`A(Ziar5#OSVpF%75hfhnvEWQomIF zc)EkekGe_IEzi4>cMJ61v)4(BEiP;6BJW_NCxF2nHxIHOE)vu|H$eA%eY9=pTJ^h^ zS-{fs&Mb?^MLBZO?5Y!c=e9^Vb5PuuZa7>2j9QkO_~>+lzOcXhwBXPCQ@=^1Cici} zc>`5A{^;eCX^;PEsR%D~=*f%Up)|uI+c!4^#V7ejVw6d(_lLw*r}o+8%k(u^lH=@) z2O@L_aoAlJ%%<|6s@TLGAATG?l>oh0#_ly|`Oco%V|n`uZ{czGF}CzeHXkpp<0)M@)`8=fajy;X=$5Iu~9I3TmZN8_EgkP$_M@O||-= z2_hpYotG_{wz-?@_MY?OZzWXRJh9(BJr0p6o1{^6YHR*n>;5$TC@<0z9ccH5X!vMk zsk8j0_JYpq>lo;JBooqjJNo?)ZSTJ(A;iauVhL4{^a=$KVsCVRdiCi~v`6R%d%gj7 zMH-#jdR1utvRm6U^E<&mI8J@J3$Eu|T~}&9d~G_#aJSzMy*P?ib8Z*hnbX;=(*%## z&S8rz(XG9-<$8-5koENQxoXUu2Rss%PH<2*_)Wp%TD{-o$7Z;<_JS)A+WSJL2~NYqZiE{!JYQu>jj*zig7COZ_LN# zUoLe15H9JnTxk8HZ+J~{s=RxS^MHDFV5{M0@=64UtZ$RT{8lV(ZuV6Aeu1ST=w9#L zYuzKt&UyQyP^vuNJ-tREvoTO5hplt(8Y_QM-piaFic{PL^;fU6S8n7%CAn3!ORw_h ztpzim$)i^^s+Uc?oTd?Ap1+@K$`WajKUl+NTo!72AnfVMk15T-P*dmKMALCPN1dNs zJ*8cy6Fyzs!QimbT&4ilMmM0E{HQPkhrRnYc(GA~xj;<`>ZEkPngGpzy)d6szkL9} z^%p<}Y@C7sWJLQq^7-gQ*5%iT9FC!(_lD-Ef}ofC*8jE3d2kc*w4k9#PmAMQlA}q- z0%PW5Bz9n4>Vf?Zit~ON)UXu>WMcBX{%5gw;7QOZI{YV7u!jDq@+q15X~!|(RLqxu zGicJ$pZNfRbPS}HKHpRCpN49mOORHjRWROi$diqc{!-Z`#}rM;eC@uafV{@LzvM^a z29+$^13?e-Byd$0v&|Omf;V%UGrTVanr05TDD(1?yj!IM3EY44G+*884`K89PzLGF znW$C}Dg*KyZ6J7iMt-WIAt_U|ssllf zW4t`(NuX~;j8?X}FBuQ#x60)*i@u^!p;?0^Ib6L>Erai&x=J)n ze+sqV0Wzt*_2Y2WGoeDm(MQ;h*N5(T9h2@rMiW1?H}`?xk3aBA8kmj$ZZz4ZN~vLu8j*&&2Olb9 zxa3g94n)nI%889y(rwwoWwKn~g?;rK5EgaI!R6;Ia4rnV*K1-BPsJ^fv0x#-IU1qd z*mMOF?qqzk9b}ERLirQ28esZ3K;;2sPn+tYqA0#cJDl!!hFqsMGpb5tO*nwj*Q6Gv zG|*5a1@hSqem3F?qcn3--vL?Wn4Y?H$N8xF!8Rp~qX8}14Mht&l!X06ky6;src_cc z*Q<7?+!y?AU13iSY+89RSGnbGY}Ebfac`s89UFKzDUF@F$<++%c5*)CQUlT2#GDpyRdmb)-upWmBS94L<%EJwBoDsBg$fKZ z(CE}X2uv)T`^Ba9U)k3>ZP8{$e+{KlW5Q{27o~E^D)$N>CX+6=HmDrtprCKQ_9mh9a*U^o|DR@DYHzR(VE z7Q`hcJ*Qv55}%(kX!z7tm`%YlE|Bs6os3u8yi&8pckwQXw;gA3^QO&L%b_qXuvPjY zUu#0=&)9FU1?L*1R_2$t57T7g?_PXGHV2+%ce-r?IobUnUs@QQvl$O< zldlZ*Ke4n}m$bI{)F83dKUru&VsXxMJ}S{Pge@GB{klYn`!W*O)pDeE*cNQxI14l0 zqJ&6&M&Lh%;BLP(A9~-WY@VZ}ZN9%;FRSCGcUrW;Sv@^B;)j8^>AjXct?&$C@w+as zBybljRjCrXMn6nR;+?I7lM|?AG$5ZhF^KJnO4VauocRb%_uu^iDjyG3j+h>yRp^as zjKE-2jxDA^Ci`NB_jYOJ7?BZLIEZ@jxRNOq8}eUJQb|X`Lb52YR?B2O z#k{XC^V@0*CcmOos?}}Xc16IqcGqTKoQaeu3X`gAfbZb|c?u=O4nx166f@Rlxr*F*N}+^+84q?-vP{Z9<5-HhT(ZSa z`RyB%ELq;P4ug{31avMot~p!_+%5r8WQHLGK(M26AnFh1#3dOas&BCGKu%~t6te_! zLOVEXim?qx7!JR+FCoyyT!v~fWb#IS3)LU&4>C4k{;fFGk;)F!CJboBQ;k3ma}-)( z0!4vka?j#84*(w_c)~%Uf?&Hfd1vivGU!2POdA?e_K*Eec z$!e@1JCMW4y`KT8QC#+`2+(7A%>`*<6`S^>e8&`#WPKLCB_aYc@tW*E0{Qfvnl;{(?QSe4*Ze8T9hj!`Ep8c3NC zL*Fo*qD-?5a~|t4K$;CVN7JtG<)(ic_?4P@SzqxHY)qvRfeR3LLIiGhcW>1ohym``Z8M#Ckd{Bx)Zu{yUd3fRi(jY)D{R!o(if@z9=Rz z1a7`7s}Uqaf$yfY1jdg)rEF!SA=oYJMf?$MTH3{jf(y%`2C@0w=r%Fseq=3&mX35- za?qKj*;V;x4o z0+$YRnLh_w4!1jGk&CPfoG7E;eAflle3((CjOzh~>vB25DMj7ANK6D(q*vU%li0&| zON4UugFUgVGBKdDl*B1hpZ|B3GL5)!T_a!$L>3M+qfccFrZPy^`4xc=dW1xE-t}cF zCBCNtaFwPSjM=>*C;Ggv;5Q>H?ng=fCNSwcQ?V!8@9tI1^%B2GQ%dr$p>ciKNEn1w zq)0mTI)n^88;!;sHI>P5hOGaZssy=}x?0eRK}}VO-^q*kV!I@4kKi!A0gU-7@zi$1+*9boLsWQR6eW$FRskL;oDRJ6=wxBJ5+sFQI1g_jJpb@l!M$lkE-oh7~ zoGcV;;}B6yzXOK*W~;yYgCdR?+Sxy=dtHZfgau=ilem8t;{snwvmW5Oj&bRG8bppfJlT*Hm+t z-vt&-4hrYy%T8q=kjV?M_RLlU0MV+-H`o&2+5I2XG&4PkwOVjY@{f5wnRH%`8!}YW zpPgk~r-nHHUCUO${`#*1fAI`r$|NxFp-EZ~&<6*Wzg7}|H}$_)C%pQ{+do{(px*Eo zz=AO6YG4km;<1HR2OD#h_4m5(gv38Yn;y^aR_Abyc2r&K^NzEvV98qsIF91Q4igTR z2D4W0x>!Tfmpd(C`(P|8Ic{6$5jBz)Y`>tB+-G9PGhy`j; za)f%X1A)N+$kOe5uSf(Sv{^L={qR~Oqu99mjDEwP0jFqTFClL3up%hqL!F*4~}~#%AV$z z2mBT2n>!yb5v7{Y4JAOxl43Lg#LNqOF)|viBZVDrGQcI)k;TNGa=PHnS9IWGz6KK8 z>{(rjW<*9x5TQsgU{7YAGnl&5Ys}2B0U~TR4zbJ{@wkNt5f13U<>{2lKOG_0hBn5k zXQUCZIj?c-J4rc?CJ*QR?S!-Wlksw~$Iv<$E<{_xP`S}sPWo(dNqq}uQ z@sjK$)sDKIR0q3^&;g*{8}fFmwGnp|+w$WP#AW$PS8q6|f!}iVp&nch`H9=PB$Fl| zmh6nOiso;z;@xPeBcSOQ`e6`4V8VR zj<`C?pz^M=l#ggP@{c% zjMkuYcZ95TR_U%R8~^ps9ZqMfHY1LIRA|X*q5Snxp~1clYxo`Myot8o$GJ_e!&Kn2 zs-1iN>|*T5nZbAZ>n}T{$AFbqAd~6fPtnP)NXKY&+`p|z@FHp;i@@-#k6EEb%_i5g zqT_GSLsaiIEcUqzB*FRJ#l|gMR5-W)me7jtZ>ZnQA^!DC9nLCq|D8SEfPuC!`5+PM z{0Zn_j{_{AJ({`i+Ate?$*~qbFkumQuqL6g5|UT-%y^mZ%t!1DX_2nUnZ_{7`hD~M zz6<;gj;c!ZXQTiMx~a)jrZv4m=s(l|O!o&|)OV@_ z(`Ue))%ptvRjdZw|LpHc;!usKeZ11$P#gF)I(BNzy7IJj)W-3`nlM7R{r$UvvIgg| z#M7E#t2d@M-G0Bj0A(cLlAjy<4Pk$>L<^{}MljH)EJ zKmF}=d3$>WN~P_?KJckZ`Nj@jeY^OWz4P{DzwMoTdId~a!r_w}&{5y0OM1C${vOP$ z{X-|qbr6%5&|ZUe4Io&BIzHSKdREihMe#nDXy)1y;@?GI_a4Na8|ne=pcQ!V2!umX zG+%=4Z=g19`dof)zYAqCB+^{QYS#!(<-k$dV*#u%I>o0Q1$`{8%Zv*@g-?~4eL{f% zGuMc~;_kWBX zb7SbeV{7v4UXs}vS+CRJ792c?xe%8PE0_Q8Ova8)#DFO4AQBjee~kbpJ}!|TvzKU2 zzxbq(MuvMa-Ss0Ku|Zc41NI-~X{Yfe_lh=P8mz`prb02{mCijccxP>0%oObG9apMW z=I=&$%m|6kOQ8s?^|9-BfTP=^SBBOgrM2^qDu(4+QyIi1pJ-!*RdF{F)dIK2;6SQ{ zWo!VzKidJ>7=gEQf;0w)!K5MtaShoERn`cjdhBX<3XJO+U(bQ#aku#V#n|YNfK0i0 zMFXzr`o_R+;R0AdRHLa17rY*`cip5P`yXVxZ_VfNAbM^o%PvNuV)+%Uw4L8m-kjQd zs}#3=Tx+Y^b+52?zQL65*aU7%N5;)dN0pf;ZXt~)MFs@|;sUg~QO6?zpH__y(9X{Tg(DO>q{Z}PD zaubU5Cd>&cNoHOb$_b)cWLt;k2s8BXhTfmS$)idqmgFkO;|>b->Oius3Uc#P5Ke0^2&JPWkMoIRA=9iJc=vuZv4iR|X z%Y8>Xq#Z1{k?gVU;3kvQ)NwEJ+y1X>b~9rK^t3@Mvle~o(v*7=c!d>Q!bw(X#B&S6 zC(mT$ZJ>$s@3=$RDN%UF_wly4bu8dnMG(I9={H2<^Kih1D7v32?sNHdCVLHb zTD{hLu*ZrSw=H`m1jmxm$^WmBlVaiCVO)H2dk?>{&tU|i*F^?mTIe*t0x5U;sf@A_ zKRdsurI6eFIV)(;Sxye3W{x`9 zjdlq@r~_>0VBBTn?jxL%y`~qkSvGJL3_R7%$4wI%Ey%$8zCTYlElG}KuvyWKK4cwj zN3I);Z8A$wW6bY6#$-zY^(T>cy6CU>49m{|HjXc30t|}Hd|h77F)E@5&oh*rEB!=z z>}m1YD`7ZRjO70uET~t1>YlxR8)Z%$DbFzFdxB=CgW7L*!ksmcYK#aGg|Qs6dL}Rz z9PhBFssGOi8Z_b6Z)=CBgKrX^Eml2yq?kqn-T?0+uHpQoeyMn;RrqvktbM#V-yg*c zsy;KN6g=^{>f~(rE38z#KGp^4VoL~i*<#K;-WC0yo5YK1yJx@NMj4V&3t^Ui(TK7N z#67ipXq-di019nE30#T>+?r$ZMz#G%+&j0SaBuYMYpp<~w^2eqQ?{Iv$sG1m*-E6q zR`jJL*^8lVMECL-eRWSdr!f*5aN8kjN>030al06rQQdp&x+NYHvGo?qMVs5pg}zj- z&h^T-vYLsG*VzX656^`n_!g~h7LV4Nl~Cm^w!5IXsRgTpWLrfl{R-ltY-O}kSIodHn`oq{D3!b_mKG<)ZmBz#+oa?o6qKMPA>9kfC z8XJwyEUR5F!A}*Ckg3d;o7X=k*s+%ooV@nG*dgoT^)^3V0}qnTtfqtLtu1)H_{uGF zC)=mr8#&5baV+|pv-G#fzZWAACVPiPzq1@F@V$d|eze#`t0p$eooUvW3HX@WWZN+} zXkG$tnCqG=VUTg8W2Z4nL3rZRI-PDWE|((1P&QQNFR&!X9@v9BZS^>K6?p*~&%2MZ z)ptldp-Ww`vC@>cxP)vz*gU7N0p;s1D6|`B-K~o`&6+SnKwY!GwBC$UEFQDE*UFv;f}(M{taiUASsX*)dtT(x`v>9Cu`SiHvE<*XQshVN4VZeXFF2O z4mpL-A);_M>h4^fzs*%G8@6tw*c&R0mir-27L>gPrEdAw?b(j46jfmSd@i5@51!s$ zI$w<;HH|#Izxb+*o`0HM?sYdykY;hy^i=v{LMFhKUTJ?BT8e505>{?eiQg8NGEg$! zXjO37c~*L<*=Tbuq-c)}tA#5!hfHX+zeqoqlGi4ee96 zE--(>{L+&^>P7RxLIoq%Gn}StnD397KUR0&)wV%@aMoHB?{DT@u9xq_o32Ohcl20P zza@T9*WhEUnO&O?cKl2&YkxLM!@6pnBy1Lat_*CP4$dXhtMNbIOKjcQ9AjLV603n# zRJyLW2R%fld9zp^g31xvX}!HXh9wT2ZdSj0mmqKS!ecGZclDj)X!p7|vMdGr&t^t= zvfs0NxS;f^v+ZK$wV1ebhtO2gws-SpKWn%N4qo*?`p+v3y@o5|>`@RO-&|=W;j~E}_t9S$~Tv;FY9HLYy4}7jqx!TJ9N~c5o0qd)c5DNjKQs$G~P_JKq+mIT8 zU%*uxoSJNcZOgR~^5AWG)H@NyKZPk1heN`WZncnO*IY=s`J-uH0g2FQUkZfOrfaUb z)AV!dT$S}IN3yxL@r_1gP>Gy~lxz2EJK(e)fW?XUF?{{J=~=KJd-LMB9+C-@pzX4)71>Po(jX-px@5>HR!t5eNQo1rCOh`^LInB0V+y{Qb z=QU|$DE8s-Kfd;hQuHqT1d;3HNo7ch^qq>3Zb@fO*hvf#xMqURiJq>Nw;oZ(x+zp! zY1R6%MC|)zb>t;!y7uLn){n0(7*&AcT+iW^6joIG*~tKB>K7Vg5-JTEz63kcGOf=) zytYd#HC|>nczCZG8C(<|2>KsoZ?~65c*Ps{e{v14)=et}Nj2N@@>p3u^&xb&uZR9j zhp*ahOjY+%46M1Y7(ax@C(Bd30KHk>t%m<{GUO$%S1WC(1!s&j#Uz<>Mi5>e86x;I+$Fq-NIftXct^qX03v01} zuCkATpSH8=f+rAc;;{eN`o~T@v9D=Ai*6{3_uQ{EFTLM-rEHMnPm7G=rO}1Rgfe-!)VTtN9o5d0xmj3%# zxPS{u%z+ZyeVnEPl3NRC#56PIWcAnkIZm~0uR%iMptO^-PS|NH^_7+}TYCe3$Mnu= z;AFRMdpvO49HF~^72C=n)eZWoUcLD^(3)!z*K=ghNEs2mGN=xsD)?t9ys|?i7Z0xi zJ(l7Z8(AI~^djlRSHAjz{_J}npKZYmjJ2KjC}5z;GL5P{3VHOT_j%C~3XOHarEoSB zc>f)K3=b7Q?PGuDqA@b~@JyjSikV`l7mt#OWZxapIKjVstUFC7EIn&BqJ|l2TRBM& zfLW-8)IkKi%dkSRL;c95e=VgvFYS?h#(iG!zT|`P#SU%1+E*tt1!>+uFHWDYTORHi zp0GjXXK#6yoRSM06PuoP6&n?-2u0VD)ST-!0Z~GBvWLF_k|GM! zEBgyvY+i|sY53+qD(-y#_HT1f>DRjk*Z6-UB=LmCzrB}!h5qnx(Q5b`hEFd>Ns~5U zJB`#Mu~wiWbfimWouq!#0oLXk{|{;5W{KbYYlq%|a6rkWOez_ypph~&IN&}`<$|SP zns?<^gyck>;}lQ77VaXm6H2-l@smz@F}&c#`Ipv6gkAbP-nk5zD)Wh_&YOL-uW))q zQI?KTl8&rN`~fw+FZI9)A>-ztt0#M$&#Mp5v)c1R@8?|K|M*vZY{! zvimH+{zmZV%Dur=ov3;L%O2*}7D@@_&_TWQLek0hK0I>zE)KUp*0M$+I`_*fdsIeA zSluj8)~&>)VgFHQOGNJHc2S*yWHx=DBrX5eB>#qKYi@}13lV%8ehDaJSod0auB;Wc ziRq#(4zlVwrV>UADpmk9=f)BZ^wagS+ zCy03qq>MF-rr;_#R0iHWaSb^eey?t6_vOf%h05e&BqZ#ByALp6bma3G)&25FbG)Hw zal&s)>qW7Au393*#f07~<{VS8J7+KeyC6~LFDYt6`$yE_-KVMs`-8o4F=Ui}fU*=_ zbD;CX1ixS5k4fz|wu+b2q_OchoU7ZeSdy>2^5138J$aqmW`ApVJ)a$lo^m}$m7|S> zqh>&RZj;0Eex!z%x=94xNi|9{a0uv}<m2pnd-U6kZahL zD^ovETHI>>ayC)S{48JmI(OyLsCDZ2yk7^i;${4nyO%&^ANtB*<8PbygtnzjJ`jWO26r z2fBE`)kt=^uyNFiASb2!%9n#lw)a-e`qJwLN>D^98UaVTKn2_?0)~u}b8%QgG!_^1 zqXez>WF~42DVK5woxG;)Q3iy7RB|rc4baG|*X7t1!v5I#sAGnF!tNs}r#YtF-oMbe zM3Cm6yTU7j%YoWHL?gQ?PT_qia11q$H3e~n;XY$BNP_|A zW&)b!&Z`Ncz_6_1^lUOfdMOD8LA&ok>=FM#i4GifhY*TgNik0_^|t)=r5(h1+~iWX zO4tSUDk!(MH)l}qs&l56Q!>&vBVrJ~?;dA1EBKNy<_oFLfm z6>JY;pGQYlOx1|KT-)JDeJ~w{z)PfoAN_?Uc6`O?Y|LQ9n`ZVO_zDnI)DY9xO_p*2 z$kxi-ply8!F?-BiSmo+?V|apih3G(A7xLsQaWu&}vQS|MoPmcK|H@r%5&jg!ZG-uI zIdUh^5w^Qq`J4Y81_AMa;1byq;7TbEuEwxj*Cr?M-OAi$^W z`#b^pc5}c7*xb&1&BUNH43+m{DV3^rF1c=@Hgc`Y9KLN0P5w|jqhG8_N^|)fKw8SE zSId~xYn*V;6lHO^lYsgsjK}H}5eqbylaG&hlQc0CA3Yr)r-Il?4o>H&TDYR*RWa|f zs1SgLc;5|pD(?w(HfhwkK)YP)Q>>K+!Ng}{{|(@EhGtVVAnL7JDa(D1!0JfZ@f|aK z5n=P}zISuatnK#`_19p$?QiQ2biTY>uQ>7cBpY;;-YdB07tJuNpx%m&XW9+N&9Fu) zi%oNpz>89470u$*9kv5wP`~TTifgvS=mfcUOgh4hDWUb%3V^42mWX%bC>u=CuvMy3{2*xbqPrUN6IUzmnxu#yuz1jvmi zk6T*7tWZX^%K~foo}t;0PBc4Qop{X%TQr<3D`(fh>^cYA%DdW%1Yajik~J9*B= zxht4Rsf?W9#6DHHd?hzE&_#yd=)MlI>ZJuVZBL^b?v~Yf&6*wQv4BL6zdI33r7>P- z79sfckh%DC*x8*plFXim z2JlNg=*WOvO0)4nj1?Lm%? z_NttYgF(vT_z&0mg;?2M+epfJK#E=J=8^`59tH%ioEhX~I}LTUd|wO}ox%IEvGDk| zA{3Rrw!;A0<@Tc144x)N8_k-U1t=%`!?ImI!%tZ8uS$9(H?c`o+^bA0hZNN;0iC?O zjLkSC&jtrTZsrrOoRhwkF7lNlghmGb2>+5lcQ~ zJGJufr5W|eZ^0m_;5|kz%}+rQO?FA=zl5b=ud$DtPL%oD3QESW%%@S&lPfDW)@ti4 zy`xqNXIw{aG`~u|tqHpdDlHugv@w|ljp-Y4gD1+scSyRb@rj&KKW!-DtB}!dutziU zJ&AN&LVy||rtZ^0fNQ9V5igbP42o8j@?E@w3ZTFpvc8)`VVC3D>g0~^fJD^vAUBv*%>D0 z)0N4BM)vlP?Xk$Ee{|>qu>pmsC2Yf}na{Bft&>QdKER?1XYPFrGGLL3H@bQXXWI_9 zSp=}C+FvB{z$-;ajlYM!z{7=3{G4+?f+RGvW{KLAQN+o>77y(Y%{79%a|et`Kc?++ z;(m*6jrzP^(~2M>SlQ1|Ehh>`b{I38Ec2^>Zq*BMo$QNBYF@1{>bw~y+krlE2I2wd(EbkHi~h_$~p44htNvaanY^j zkC`-iW15*eNMogtYj`4-2GJi)x;H4Lh|#{pjTI_f`wV0Xjeno#n8D_l)hVm~?QLLm zE)oMrugiThnYpf2YQsi2vG#eM#s7*OHaM?L!10{KH@`jIE4`as z1trr^8gY7I1m&5p2>>fM%r!*OTb1_kv*@G0pLAW^Q4tb(p_5l@Msw~PlgBUpvt46b z!)(4~DCF@al$<0hJsMN;3 ztF2CkjvB$I1XvUuxl;a3TY?kn0FrV6sZH>#g zY<*nUoRkJv^)fs}X&ne5+i@WMt=uDsBykvw(?lKHQyAz|H0zi^ zTXtovmiK_GCnj)gUO+77D1RwT`mxjaOYOMyf;>er&!m<5;VUr#J@#Cp>YNik1;-`@HS=yHj0R~n2`*w@8s3^)SU!Zo}SgMK#8JoUHlsnZWMWXD z3v$&6absofr*B7-@CFhiR>9vKm~O0MtR18w*=JEPh=s!iGb;*lm{x|T$X7B0lM1lE zO$3s?x2i)pth(K1yn*P@%9#Bnv-QBu8`-pnuC{ILh4q11px~0-A>_~f3Y&iq9(E1b z+|lY&;^Af0FRs>%Y|ataSj1Vc`gzF42Z#T*yT6pIN%sL=SdEO4+HSNhw(Z@i#TD9R z@{^-$WobQ|QOdjiA8P^=>`3rXgLG|)%bQDHE>L*ApWBmMZKD8*vbKw(VFD3vUU z`QY}jeE{N5XraB5bpAZS+tLxtpv?&I1Y4Y`8AWZs+Gy}gGK5=(3VHNWqX{)UAz zBIY!VzSKoqqy^hEVl)(#G*6*F>OfnsDtg#8YYWh^+d~suagyG#n~E}}PayPrHfA%ytZr4xmZTs6h$=b!%bv&#~+nQ;RkG?P` zz~Z0H5ch8leh9`#fqquSFhmjv%%qV#U@SG4TObrWC_WJ3jYJ`VRrTwQ{=*77c~H;4 z(nPQ_O!F}Ivm7)pnB@mS;pIV3t8N@@wX@^_)h$#0L}LRu>7zNE*S?PKO>()fkhwp9 zd~#es$TR3vH4Xpj==j~;lvYSiHW9D42MqjMPwK}|Z0 z$)KjCqID-vpE7dtFQm#rsq32dko8q}CpGCM5Eyn`KkGtew7gs>`7Ezn*FG#d-vyuN z$XLd`Ph9c|&7*96Db#Cx3W&612km*(Af2R1dj8`CJ8sVwa8>#$2&lA9eG->=Y<-hbupNSiH)8If?Ln@Hv;L<50 z@xUH}H`W>x+rt2s=<)N=#a6=`7yj#b%Wt~L`=^Uf`X@}(;;HDfL$!Z7!(U`f4kPMA5wIpW)lg8NByXhCEls#2D    hC7-L>uGu(-DIdCyW!#ch$1bb8K_0SE4&m8#0GhHok zoK!qt1UYA0XeIj(S~g5IqfT_!4J~B3kL^Hv=UcvKqbwvqMN@Piq6Ft11s;IomhO7U zPzvi6`BGj95lyvD^$wv=C>JjbEuY8KIAK9ZyhH^#7S_qk@GkP->Pnp$fi0hXErIiQ zK?$v?raiFqSt!Dhw{f73$X3-&>FZQL(k-qMB?4RaAOD&K+eYD7C}y|%MP`smBBTii z*B7}Xo6X7ILF3Cl#mQL}&-4QZZ*}4Fxm@|6!4F$EMBVimOKJOVKUrByEDOGUwu;or z4ql5_0&%CeduPsvwM}?>SeMa<3?3Va6CbEtlr@oGFFPj^00OArqSgMjPc?xD&9NV+ zf7sp_Er22Mbf@9GbrR14y>lX4nY0JS%h-E_tzbEK@GVawSFs!04_5(u^X-ma)`#3W zj2MaA8j5a67<(;`uQo0gub12XLDMg{x7qL>yTpFatKq?#j%!u>AK}nt2aSkp-XW^< zlr@^aQ~I14Z2BR6=<)?4siVyte`fy}mq0n?a`~eaHDDnZSAG&T#8*(o0$IstL~ zG|aXix_aT)C+|_#qF4&IFy^rUw+WVeYVkck^Ni8Vi8nUJTGL0p&|4=@oo;OhpNKc@ zi5dOr{kgn#6!Z3C#rS>)l#i3mM5CSYzc5FmbNd(8cI?-Ro_7SB=AN za&}f#4{sWbeCwxdydfGHcLY7qsuB$a%!FMMI&C7l)b3^%gmm^}waj%-{m36QK}92p zpuB6;RgWjik04R%=^>KLA!L)(^{ORzLeK?GkCjuS)aZxe4Gvq zD4cmY)qOt*Z6voKB#FBSA-8%?0Ah$(bO8St&S9 z6FTB;ymkB#1HbIJ6tGwg)%9$|!(N>2m{~MWy$zA!`O`K1e;qSo|79l9zURUPrpSA_`j`V@1a_B518dPey zu~mAM*}yC^wKy_0%t9sHReu=yG|K<%!KN8~U@`2@lhNj}h0R!F#wJdywW9_d?%IyD z5oPQ9C{eQVg9$kFY{(PO0nf;gBdkx8fzIzb2|{w5_+fDz+&O=?HS{5`q}RbBaa%TP zj0N8^9A440Kq6q=V_(n0%uAj2A3U=Qrv(NcO?^YvYMoT`qdRd7!?HOcO(PDq=8$9 zFO*T0f075?E;_$Ui66;^G=_GHkJk<2SHVlqvhZGyo>SMHST+ouuxD~TX*oR zoeiA68FkVdGn3V`Sq3(yGzy;ICcNdEDV%-gtGHvn$5nZ_W))p<`P^8$_KUjGa`h{b z6;xc$n)zcpWi!_2JA^3D_VWAGA_9O;a)hu!p-!W7W34w&4KY5)m)1eY&(me&)g~h^ zk8%^iX9$Z|q|dgV#?&frwM{lTt^L_cH$)T*V0k=G^7LH0{2A-VdJ=cov^}vCc2f~j z+kdq>7q|(=t`af*p^BOhb~8>J@Qw0BAt!;)B}K^Y4O^&#)^dN+O!`>&mdBE(59N3# zagy1aQ#h@Ib{drw;p6A$(x{3|)5z@zl|e zPjx59_Q@|Vq^~Gjn>Y8mXcH=h2puT`t|NIt_9fU5F$aXs(O&&;jT5h*WA#L76>Uu6%Ro%IORn_^l?Ms#{>DaLjas1ExGG$m=SwN*BX><9?xA(Dn z4X174ZNfBk^L{95Ivuv4tF@h{3XQ}i*!&iWwc+WK6+veq!zAIVE%yzDo`a;l_QNF_ zK36*c@{d8@<66e*qK1c=S%fQztxun32)iTdoRjF{x-k%E^H<*Kt+U^4hLU!0m&!9u zcBh_mwgeIN=R{FhT%PwK(6q>LewC0R*FSnmz2({eq1tkC{8rM>9o2P53Tq^)hHFep zsyiakK_pEqf8QYk!HZY$W9y+Cm*Z>@$wg6pTRuvHx|G=_3ko8Wv-rx|F)MkO>jljH zUyF7g7ko!_#L~$P4aQAzX-AKLN0$ZUnFZxSBzGSOIgA<$I3;szP#f^Tr~2uQG#YEW z$h5{^R>Tdwgn9$!2ir;ToR6^xrFc&PwAYimorC+@ig&trcV<_QjmxzvI4jIKA&Hlr zyP)&;RHiQtTs@Dk94@q+4OAI;$T89gpAR?dE}Cg!KHF$|o@-R*Cfo@4aIf*;hG^{& zAizd*9!eB`r8ZTZ+*u)(8-YM(q=-#?AibhaqTdY9W&9rHa9ITT@9E~8RRKtjF&wJ* zi&b%^{7LN&YI{Yab}SsnHE9@pmPf>8N)N~9p>*A+QKR!C)+_tb*B^xN);=vkAlIu>Ybe5A#kz>O=W> zsv$?8!}*Q0@|RsVaR+VMR9xoiPQ%GJli@fW8B=4(PB5ryUmtKJAwWw$ zCSlK%?f!Y zHd(^mDFJiySW1{z12!v>($4d-zA@~Q*(3eiGUBg+w%4HK-%z^W6prSiXVhCsWJBId zM<)!CiHP4=udsE86OlUfvQqaGlRnNI@pwl6G~E+1;9XQ!H;C{{Tu?$Z0Dh>I=az@~ zBN}CMAqhjc5s#?U?Ig-Qu2-%*KrAGbl+8tIxoRAJvOpzc*+=F+t4`y!!%h#1^o&@R zR9x4Xtyt*gAFY(Bs z?0Ms~O$A}y$BTv|Ftwg-6f6=3l&s$lJQgr3hQ%<`Qm3`;_riA9dEz=p&-mRPvo$lV z?Xky!Wi?^bq$a^?KBy3H#4eo1L9eG=;1%=mUaSZscB)cOU^FDw=G@o|HIFjf;>%UI z)sop6yKsc~KlOnX_y~6U?}-X!FUT=Vj@9NQ4jQkTz21|}4_vo5Si&m>xpw^?pn1BB zQ*^ekZsTNvl~@SvMi~5+;2Tie9u{SS9v>d*W0t6l`1CD6%?&U(&Zry9V@K6%D*dnA zFw;x;?~maguA|nr1sphNd2A4PK+P8)2Y>I2tS*?{ooFcchubOZpnf%#>k-7Y6+^Aj zi;jpMUu^}zm>uLA^$s3EIr)9Wn>_TVKz}D#_Kwq#Dy`wi5gzKC2RFgf)WKey(t2U4 zQDJCt!3(uF;(IJ7{&$a88Qnl$417c@AtjOG1;_DQA`kSaYlLlpgE>CJpjmrsdVBEh zSxFMio4u`uH9`QN!78RD!9o^BOaB{H0VmsY;AvF!b0)o^?2pg$GKkkn2`3^&BQv1G z(HCjllf9bLN*Gq38L2u8b9y^ESbmIaBuC%hW|zyUY}ya$2$HV=Z+NpYQdCNJBFKPC?D(v$crE`r6ij7jGGxDcF1sL2sc&F zzonVNno#@WGWk+sry1@OOc(sxCe6zSOOE99bXargo9igTfTWl~3jM?|XbpOazkjz3 zt;vLqVX!>7``E}O%dMe-NjNUz>1$S?T~H16qRrkT!RsnJOU(FlMb(ft%gp`N>u$6r zQzBCSQhT7|YzIE?*F#5{{?;!z8j#r?zP&;#3-u=}wKt~gWJ}gd!V}zmL<)F(Fm9#h zUA*qUq~*ZW9eI^{qCFuBlV`KAS7TpZN~S3l@1ftzWdSe^?Eg>- zHZ&FKWlFR7&(}^ijEMw5@~3Xs(CXr7VzjbaP89v-ebAXQ=$(Hx4iC5hT$)lHFP)Ed z=x@fL`R+vBwrf_-ORY(IA7&NXc893F0tux=lTKb%J!iQ)H|k-#>D?ot-UP>3+9ynq^tR z%$WOTq~DHQ@O~SvU~2YT`p_xg+s>wpR_44l`{p}d48&yVYh3@-lngDY^Y;3x5KmU^O}DQ$Fq zn%_8nXJU`YVaoNP-XyQq%3iN^1HLPh=-xLip5^Ro2xsu>V2jR~cgT~KM~X6BHv0%3m+@1tn!ZPdoldBH}zh>1Uh zz!^8{Y9K2Mf#CvyW>$38SvU=kA5dxksS%j|MuF%h*Z4~7z{+usLhA>cp6m?tKyjZr za1HYkU_)!HUHn#Te)o~W^YCx|76_-E}Q0uR`x=C1Zc;QTq__8^FxU3-K#TE9mfRLCktnfAwFOREd*vjV6J(3x{JgdCq>D;JW)^Fo+=S;37vBmGIe&9g zmDv;jGt*7ZOec%y^srEPtChw_3Hs^=-BkVW4As5{YT^ZAXo*T<+?jL)y>@utHC%*X zDrt9^B}`FOOPh{^%A?-*_u2f@^}rs~X9K4)*q0_1#Ra7jCpdV2(stKJfZH1UU5?IJ zV>M-!mXj;615H-I^eHe^x7FG&#LI4*Rm%xt*BxDZcQO%T5L5ZFpqps<}8_dCJ zP=^t>-TKG7uS%G!N+?y(m>?Vc)^A%qDvz7o$sEnq5`=G=K* znAjof20|UXC$wda3NL(iYU=U^apyYN*&nI>`Vc9*-|UVm&~ z$0vd|x$F;`T4s(mTIocrmixF@*t;*<9lRW!@uB-7rSI9j{q>o0iVs(R7kH9;eSTbE zwEzMs9$8~(B=Wq&fhD15*C9=A&P%O+Xj6-u)74L*fQVSe!|q~VqN z@ID_dO$J=L0h+cPDVjxn0Liy~2FhnwEMqm{9r}i+FA4p<|GM>_Z(CS28P1;Qlk>Yp zZ#G&U3(BKvGN6KR!-cJJJF|Q7k3x+NK!gTDT>%E+%ud@4(3#uh#q_`)X7!xMHOZ|3 zOzo$5q$o?&K~y>3D*P6ImhAlUSmP?}j?zWqpbM$}-AA@FtPW=+@D~U+DY)TJ>-EO78$U z46KOWZBD^uyD24bjZ!{^4cw~QBwebbgV)eJgFdoUr1BL`=;A#^-K(&3O(AW5@Wgkr z3*YHIZbzD+hP+D@nNF;;p6hh66QFzRT~sRD>&webHk`cwx)S<9?niTpTD^9!l3p!8 z+bk(pE86hXvQ{2Muvci8o}7U0FO954zapg1Toi-7pK(K)0K;lf{rM>Ca0n1?7`{Gu z;0ODsLyqrV>=Gl4L)<-7(J~w`okXVCiw4p>d^cewCBHn&x3&lf{t(}V2=c>C#TST{ z6x=(ZWM7}C(W~~b%|=N()DxpdB#({~Ln47NPz6(?3Xg9U7dh?+2cD&0o>EZn!S!zS zVb+Kpf~;VFpA5(k0bNgwdA#rO5F>(Zcf|Jlaj??XmyKym3xUG=%|lRG@%w3~f~$QI zK43K-6s+%y2X*^G{I`wYYK94)r576sizSkLDB43K)uu?s!>?DxW#ZG*H8e)xPJ0mi zR}LV1nSSwIJdS0S4%_y&Mm*T_MhRKV=qrMlD?5wJuYVj-Qd=~fglS&*UKaz{mD`bk zTl?P)x2abeHtnu*aw0iv&2buY1Mq}5+Z}n=mxkB?P=D70=K!P#aBl4Mhs{3xR;i}_ zn3RGPx2NDHyU`JHEjerhL@4yna%b7)& zz*1n^vH+mtjlZ4%xFn-r)_Y~%n5f=~5HG{K#Lhz-7`wTfIqi*?7 z`J=A#*ZvIU)n;0JTxSIOfnGk+k5f)KYTu;?-`a-nGlO@$H-7y6z>9iwMR<;eN=Wp= zLKeLj=xO>DPZL5dFN6e)qY3h$b7C620uRmoFIPiv5BUaW_P4*7-CiZA?w01@+qe6a z39I8M;jX#2wS7?&p!~7;$qO@_C4d4ceq1|v{q$>NLi>E-YKcKrOYEAZ)t4TjEAkya z>$zZje600G69h$~AbqO&%f~LfxvRQU`a1?bn-l*^2@4aZ2c-1W>n1dJd7BST(DbpF zWTLO3QP?GmHqYhXWReAvmTZ$91Pq3E*-jR#4_?k;rhvj!4gB2GyCkmLGocxujLF+2 z;&$udSGkd*RNN5SYCgdze^e4WCfLrP*gEm0+07`5*ly08=_@twL)mg6{r@shc~cRs z^0y4oKAzCXFmHV7$R_=cW<@^wZFNd!%s~b!WHzwL?BIjZEmBlj3WoLK??nelr^-DS zVXrIqCe@q$PlA@bG;z&kKQ?_Gi94sB0L6M!e}2f|a(Z9MX%f7}Jj6pct^@ zpsCH-UZ|o7EZT~kurO8Qx>bc&cJgr|}wH}6w9pyV(2WAKPm@t^JtBdaOL4bTy% zO8kz|xnJD`qrC{RpYlQsv-TX2!);cYwuOX=iofYTS5NbTu&cp(AG)PeKQ0Tsx3Wc? z4em(4qiTG>>M|w~$rwIQj)d-T-U8{xY{UFB1RyA~#*ELkE~)y`9C9ZsTP?8w#6 zzeCcTk%$gj9@oShiQ4IjkIVet%szGQWv~XnR0ovfo9D0IR$F)t@NWeMl2iSRBM6sA zHZm2H=aUjcN??eLtD)6**QgFwaQU}dReWLW;ok$Sl-UCF5{RiHeDa#9LU<)an?vRB z8?~Y<1cQ(Hg3<>(2x>Y3Hl0TPvDF{Axy{ejkH{*ks=1#_HB>GX`2qQtp{}4K!Xf@wMu5#E2 zTzEm-nHbBAcmY|j*c-k6Sjs#(zBn1X(N{}T)2?B!l}!+a{WK>`tozQeHJ+V74VQ#D z?3s#+r<4h3TZ8y-I0c^u;75O4B!>mdE*BHVoKq5$J@d7ekn!yuNguMvHOt92Ok=*$ zx7nm?{B5y@H$MBP{n=vSLS&8`bVed|GGQ^?*!E3z<|$VJkL_P3)K&bZDuNH4pSQh7ijSkW zcbxA0fl(d)&JmcXfnmfD+3+M0;=(YKGNMYZ+1g|JAr@7w_-W4ng`9W#mr<`ER}nBP zoezF&P2cmvjZ8c73dp8=;Okb!%4D%=Bx+>q*D4PQPJ5}VYE5Q3M$2r%00y;yoQyzO zGebj_IqkP~)=n~v=|nf=|HsrfN9Xl?UpGmcG`4Nqwi-KW)HHUU*tXpmjg!WV*w=`(4#`jbJ%WWS3T{yt`c zy$_~c6okSlJr(%#Ty83+JclOv3H3=UyZkMhX2ixy?)e6pLogVKcdWmmgydJ|Op<`{ z7nWo&ASvG@E%o0f`LQ)fzCW$x0^@|Aqahs6a29TaiQilh4b@Pm)%1P~0kNX5(ECo{ zMb^{guMIo3zVHdZGFOnD;sy6?x%|PfUlGbAMi%xpeqJT;A@wI#PTsB}--U>01xS7! z706e(g&#g*z77)PNBJf3!F_*BXddv~6D$b(#Gh zEOicq{l{?j%JUG!@*E!{o%LfAeZ;Bwi;sVP&bA6(odeka>(R1U6%c!Tbz7(XY-u~*45Bv>?*906mDZqRX&6^zpk<=mJD0OE{|AKR zD26PzCvgdK2VT&P212`_IXGpdEY@rS)SMC40d9|OC3Z5rl5xVGQrz<@81im;Vm=T~I|lr)FzDme+RvYKHh;_xt#)TOr+{*16I5#~Qi^@q4J6 zRaK%|6DKIc8aR&kQ;WMcncLT(#mvWX33nM<81>6!0%!dsz?^-nY3@9ZKaRb&3N^3W zDCYpg(p(|Zd84Jz0ouTZV)fZhrKwZNr?{2M=&c)_U+5|%$aU&zaInvD*_*)hnCv5w zi8?SnHpIcQ@`HwZEcBgR06vbPm@2l)Mf4|?WDC{J2fR9NLmaGst(*lG0^M)7*?K@X zCHt867B0Jy=9HO~ucbwBJU!~^@~jBHfGt{WUrW<`?s#LS5Y`0-r4S<-vpFN;FM7va z?PgFl1L{v-MDn$n4ms!|&#VNB&O+%mlq~?Lb&&aryPPO@@hzA=NxlE87RMy|#z{q@ zg}D%qQ+}dF;Mq?{l}j#AL!Zwm;6yAT?y+K^_Sacd(W?^xGxYz3fm>K!hQig2rt>M8RmKygT{3v%za2aI^qp*o}<7X$dd7oV5 zP@mS<`e4o#22QhrRFNIp1l&8|$e1gEg|%>&hTxD{Sj`i4DKzdgsYD8V)Is47-Q*v( z;%EklVvS4>pG~1q+GZocaMVTr0$Xl2@7ax~j$)w0;^r&h*9WVs24U?ptF%P;@TEofYk-(Fk2=~c(Rz^gXVG+%uRh6MljaVq@IQyX zl!W7N4Wr1SZkRn&D}nN7{r+T3S)D}+z|Xa z1H0@FC2I^0$EDQYg&538NO(;#NX2&_35pdji6amkvRbfV|E~l60mW|&rcBQGcbuWz zzcIGYb!5GG4-skr2^4B`;Oj^tloezC?^POx2!+NR*@*CY%SiV(o+{M? zi|XaIPGA2scy0AIiaE9eMier?Z758R66o;IF}7A6$Lxv$i|<^tSkn2TU}310rDkHLhwFmPb4&c;khf>(G3^W z^bzI~zy@n-j@o~n&Yrzls(!~xCBT67I>cJ2qDH*R7g|SL(nxVn6yc8YZgYp#3M;K* z{{+j)4)&o|A)m^K*$<}QyB$hOW#Gq$FQ<0JYypI6x}dvjI1gG9JuN3}Q^^PD(e0I~ zFZQ6oX=Q|$t{*?7?X4gtfB@lp<~Hu=qr;JbPerXIKnz~bkL?18k|?3uspJ6Bfs zSn_}b`dq&8{_8nXjWt0Sw^yCu(!Hi;cLbG(`%+Q*Qa#lI@9N9|k0Dn#mb8&NSehOz z-S^_*cpo9?=r6TIpZr%PqZD1`jXTfOYy$sr8eT#>E5PTC)q!~TIl-La zSD6^s`gc_+h64I@`boF8W_s6MA}25F<}N|^TrjU3{-S(Ti{Vpua>dLg-l&|oV$4d0 zL!2()y&@OEk8YpAmfy7@>(O~Vxjh5tkjCmNcJAIA+QXT{N~P2;X|0eu4E5({7QWW{ zn~MA&U5WhDlq27m0v6j%*GsiT^qR`vtn3JJE>ENiw5eL7nV=*;{iGt*OHhbaP(@mo z(!c=+Fh-q9egeh0{0HVT4GA(jZxQ8y7Rq;w<)Wt@Vb3>=#AWh5b;z&O{EXFLO#N)( zPLAqGv}k>&aBNV$v7!* z4)yf@N)5p4b?OKeSxUO+Ray=UTN<4InfQmTx2tj{-UXYtol0tPIcNP2ml|jNv%z%7HWpIr z2NbDbt>y+lg#>Fccf|wRL0rMfsJe9)!lW9TD&^xUus3;^;DReKlg%RB{F`6T9zI9r z+2JiUruolP(A$Dd(kSat78`0bhy-RI!+yc9#d9ULNC#jyE@%%)x1Zo%@??c8}G>$=658Oh_Tm* zFYcfoO%zV)B(EW0l0G82L5fh6L>gdRo{YXFLi-o#b5Qsd!j{X;06nmi{JaFnv6%=r zh1G@Y_v?c7HEhw+Z>at}>)6J}Na9&_(vQ}wkV4AU*9U zceon}8>8;&Q>8CM?F%CYf(fw2r4HUMpn<`emC2Bdk4)^A|)T zz?1ygeS^gW{HieHpppw>?Vwk-rh$K-?a?^j0ON5POYvGgp{kX*PnEjbqiF&{6V@1099RPeDQ|!`GBG-sJqf z(rYT`-bh7j#EKhv^yDsOzMz{{q1n#H{vk(p`<^WJi;a2G;2E{1C-m=CxP2R< zu3aQItAV#p^LRLv#LbeJ*K^zvdqQtwb-PYJn{UZnbnOtKy=ygIl${X8**JCY>3` z;eoYvL-{8V>2V$?C9BiGNbG!yQGbi0fq8uYD2n)81pH_>J53tjzsT9mbTEDKbW`*@ z84294oInRzus}V`!-@9EIvn;VvE`IVm%up2afE)JT7zoZmOhVQ{lsjr>hK5GmZXC4 zi&gQG~;F;YD+WUOdqZ8 zP7*ReQo-+5tn?z6Yc~mOnI3y&WX8)wCZA+7tv`Yv{Vv^Rhtl{@2uZr-vB<&BeBb#| z6LzH5-V)azQ}tPx+apNhnf4wnBFUws)Q|qBZJ8ELcXhjwCZO-WDk>sON!mrq;Fc#n z1BQG$j!;%E5PkB`z`={jbuh?9?cQcE_Syd=Ho83dks>Ykqw1)RWL#+e9St_{$NyeQ zGsD3kaEE?h!<_)KUSg{O$7cwKEN;0n-D;i)UQ59G-w5hHw^e9+_k!s?JVx^UoQpY& zuqH<`vWVMn(g@fW09cnoTbltR0TgL#ORzvP0a738?zW{$toM@-K6${oc+sl2P5j?t zIV{Y8z+=~Ojyn(?z#dFlM3jNQ&0H~;W+$=b+NF#=(9UIwu4y#ma$4n#kBS)lO#Xt+ zHn{t0lzF&EQQvS7a#^Q&;~wvxq|)Eo;o-2qGsi5A{_p{EEQ>qByg4E~ZrY{AhACJWSDz2TucOz^eu` ze+j?7(V3aRj}OeWa{1J#U&u257KvVP)_Y zzzm-gx-po=BLF_V@)>4c3DRA~(BYHjuIhcm_MXZwb|x?nHJt68$gSKj2{VcTHA_5) z7nzO_zWe_6d{@D{GDb@iziSIsjRAjdBdTz|G-aU_#oRW$2pg_s9k&xwB}8IVXd)bf zfqzpXMurFmledsez#wnrz$VCMrdn2jl``wYmYG7w%z1J-z+s=|M8h>*F2#J%GGHq&Y>r>tJY(&z&0Sj%{WX%B)iwwI(^|v(aFq{?j zqelP>x`ETr!7~>w^nwxr#{!H++|8B$kKt0$86i5q-v=yYXetO}p;795>1%$I?*DvEth;uw+Oah#OEdKow|NX5B#f_!> zF<$H`QdE?2C~CLn<)f(yLR@!NR{hyLBXAak zz*zwKN4UE-k(6DW`2)R-lo>!(=3=3!>i91=92kO8#A*8fh&?4N9Qg-NIB`H9Qo_R> zwpOUZ_0FoQthVGnudf@} z1q?>5b;gE`8AmH+BA8uD7ccN?nGfA|ttR49&cNOGAs6@!MsYctoIwthrBqSsMQ~Z1 zpimneD%%bD6g>hP*g|@jqW`pHjGye(hfhA+ zYDlh(nU`oPqEuo^9G(HwYR$kO{Cj!o<$~m*^96CgZMl4Vi@9|ER@t`xfH!AU(0?wN z5O7yflEhMUPjnOs>+ zWH(}9t9#zZLNlg2^1>@kHFu**>oGaT{6%}WBt9+HE^+_l(QNubaqnR$mL|u2mB};+C14#BAxp*au`%AXVqjWyX)vqQW$_d6Jt2 ze{&Q?N~U2of5}Rrl^jbY63PjF_&A2yI6EpV6vjYE6p7r$@!A9Txrf8a@9)7>HMU{D zylun=9!ymy)U&=v<*l2{<+*aRH1o_0;~0sv#d3U4PrB*GBBl_gg~nu$#(i@R2a|Pb zdYf3^=f0|JeMw34LmU|;040HZ8eFC3P{ zHRwlK>}(DsQVlI8qVH0KH7wVN`u(N^|4h-*4?MJ74(zun-jz%Ul&PX|)o1k*EX&Na zsbB@H9Y{Y1udBfM|A>l8W!?D1?plv3tLZP!AZBTUbxPw3&E0U?7V~D;x`u=C?M^8i z8_aI4Y5gb|AO{`*bm>5PbOS)1qE9e;0R+nQi+9H)Ii#OIsNe=7;tEt{se(x+e?JF> z|KHu|v-B3aycHw_?oOWvs{FvCa_lxYtKM_S7d3nra-@;TQt6GFY`JKaVyk=0M$2=9 z^lsZ~@O6+z{fMgQ=GP~yR#XRmkuuE$rcXZ={f)uxxwq%Aj9Q&hekk?|izTPvlPa-zDI@Fn*Z5 zjZC;@#%@VGidZo{P@Jw2g_EU6LzKJVZyi*}mL~+ob-jcYJF>Gmzfv`qIHZ2L9)t%r z%Xz+5@X0qGw=KgR5!mxLR2sNORn^mfflNSjVD))`vfWUUealaIULDJj={J=mhVx)T zLfe*5cSrm)gcIvkftW8u2L2xpk`W*Z z7jB0_+B4fN7%h9rEm5Y@4f&Sl4oX^}>F9LWFlpd+S||CQdL{toH9^WAa>6s&%#!~8 z;a!d4R;BU?etp_l+IVSeP+Bvb*^+UrCVQ$`wTknjnrmq;MF|mw#107YQFUxCVaewR zjd&FsiA`cS5aXqP(;&o<)^zvCAN@Uz2B_&hvrmzGr^_tg(a6yiv;o8_S%bfX847df zpuPCWO-;h>EXLFrz8l4Hvi;}WQvi{)eVla*os}v9=cF{U64GHQ{(v;ZFWvDK!A5}7 zXHRdO>VA&?e*hrS#Kz+CmXi%=EQ!vjk)xACC&%4;@IP~3qrCbHrazQdv_G$-5d}Is z%JDN3GpUdC^?sLBQQ0M4G1kz?*?>+9J(K$xr4qwh8QGw_zG}VED=4eQH!+0ziG&=X za=L=EI2vP8sB!r^0Zh7I6uaW#VF=e}Z0@-OPT79IYBkcyX%3@xyW~ed807u1W{jY-?>J4uzd8HY z~}!$+6V(ah`dLhEcHI4RoC9-A1Ea4cxX%8#35SI!%4 z3KNxz+IQY+c};+m?IOJ5mH7BeDymr!JlHei79|9?-~~~}PUJN4H1y}k?=x>VMqrvM zmLRwv(C{DqCE65$l_a;kpP3M~{jAQ~wqeaE&+PIcs@5ro-G!K?dSkaK2`AYb?^~km z%wA^@)y5xCj^T?WeB43G@_csT-2+F6neIEb!}?b&+b28%9vTlZ=e7pDzlVc`GQv^( z{B3V8To74FGd}3zh5{x~o4>9L3EUT%(8B==f*!{`8LyOmAfkU=*M&WJ7KSdqJTM1) zc31{Vk#VcMq8+@`u_0^Vie}n*8sC*ZTH}@Z_NC_*C_%=QEDr4400za%4W6IC2(h(+ zXwLtOCyJhVs_;fq{kl<5Rg5uPBWY~kv@>=Hj}Cd8=U=@NBdn9SZ+;&Um=VJsR&nmB z&KQ#T!d3Gl>YRV1MRWObB~@_Q11vcbwJ)wx=nrJV{5%F@HfTfuXEY&qlslj<*5d23 zBH$Z8(F7-v=<2Bu0FWnAm}VS<`Frhh!eW1wZ#XtRC_p*w-pc*x&7eb6iE=@q~1g!3+MH0u@=5Qfm&j&Q)igV&v z)WXsI#b<3(T8{^#iI_H8nf}|@!3MmgOdv%11!;VVl-4VSL!+ZbzS}}WQKSK*lC%{( zQ4A#+Uoj%rLO`v^9rj~`2JbJLRFCW2BAqwB{0&HeFp)=%`Y~|mn=u#lUASk;swKe> z3p?-C<>mq_Yy*sNmv5R)yekV#fKI%Aj>GFh3w1W3wqR%3+IG7FrBBFs)$9jL6Uv5NW<)%HT(t*!NIA>CHzJCUr26{k;M+W=7)Ym?L1-5;CU^YA^ zkWVj0Hz?#>E!ldVP12^}-~F*A0OX!@9{AlOnMk*=k`51G1f??lHAKG5iq$jOaiUv| z<;ZZ~<=3)w5?QBvmD-8>>~~^6M3pS90pzaN#9Bu80>#o7NBVr^T@-L#JkjDP1{9I1 z8i+)9AxMg-=x?Cu={(%fvObCz{`0jKF#c4Hd_ucGM_@5_03Q!sD~qVxO#ki)m^kbA z%M#amRBsF3auak&E(vfk#{)5%XELnLwPZO~~SdGk+!>>p7W1~u8*kOqfm0ln~&WE!bcVV8KB{}()jq-8LS zmpQY3*FI%T+(TUortSRM8Al&&}H z+lL0!H`8owas7|MADFVbmK)biq}2$x7DqC6>G|2ldq>{t+41>8_ny!^n3q2o(4Li5 z<*c3u`mj&%nm}IB4My=zlphCegS9sp5gn<5pL!^;w=qupRhPe%1eWp?t&Y7>V6Z|u zRMzd`oZn1uWBCST7#vZ6@J-yQUbPalD{~WXjD0kQP~b3sQxk)a{f1g5(+9VUFwup* zgWRBKZ$5e#ES0KL!;}mYPRhZMpIamgYdnOMMk$3Ot?|2m&q6j9=E^jeQulerP^7Ad zzNF%pd$~Z}F(4o2f3O)gEu}Lacru58HqTwl{KULBlXm~s_bGUFlk@ERR9W9ga|ZFF zG`VW#bJ`AS2A%Dxx{haN2G6?$&;bXqOe77hY^GCiTYPAw2+PNw7(qm-2EV2v8!m*Q z`NYtm6?>awvjXU+1L#gAZ#NfD{k!Z{XN!%2Xgq@(?ddiJKLzFt6b@Yl^-ae*j^MH~ ze31|9sss(ot3E}}l5g?$UK8-^gkH9Wt~qNm*qSc=nrmG%(Q-f~{*m>KzTUIy6b-hB z;NI*0HacU+9Kl^N2e@7;Ct8{7@LT(Bjl5_`ug9yDV>yQ}5{+TGZa!?{|RuF>dpUCa7;9hVQ86TBHDq$rMvH#`$HZ^5lGzCrr8 zO8gP@R@kD3T03MNiM`Fiq%6L9bM1@M3WHrt$c-m4?@-Wk0ddP_g+aZ_0@HXOqokQnOQ&K*-w9|_SoL1CB9@q*)dt4uaCXW z9Jn-MKsVGYOk12;VQ`o=>0XoZl|RA*^+ejxtP3i>J9C46qv6t+5~qSv9K3GK-(kLg zbuEb7v{zd91z6u{xV<_e?7_poCAjrMywxBCY8UZfOx>2&XA(X=!S$tVsP;RCfYjXA ztilKC{V{)M6>GcrpH~kTX;p%0TYoGW^?0hZ$Z0rt(w$KaTq;B4$7<-g z)Ak%DSvjjLm`)xv;HvhTZX1`SPx0ISP>^V0wF+W0_8L#7qaC+IjS1NrJl^T&Dq9?! z7or=$2aQl436}N`Y|X)XGdJ>e{LZD8W=>`@)}J+KiExb%jUtlenNdOB;yv2;v~9lk zE$(EFOr19EI)=%URxVgl341&q@zSgs2HM473E_pggOumyZ@Qh%M6}>Gzv5a#5N~=Y zzxX*LA9+-&3sch?&K$T~u)mYuRpKH^Z%FTCQ z9}QxB>lw>(vDY$>Bx{ReLr1Xq&dUzkknGG>b8)yIZaiNpVw2o8tl3U&vhd{+?>^m+ z(EAfOAl4N;lcZ&;OMKv?@Fu&Iof(eKG@|Nm#mZA2o8TYe`?WUyHu5}9-U7R=3)OS$ zGrr3|$qVe3xYD{Oa3#{ow^FrgUEp6+i11b3**-q|oO#@q;V9s1h-C5nVhVki_l3(r z|L2lVEcdO5eVbdE_OtRSn8SSq_v4{IfGL^b3`n)z0d!&fi8p@SpY_M7hbbt9gt|c) zXsu;K8L~*e0Lf{dDX2cDgr1YIn!Fsc7&(9XhG*_KiUctV=E=i>@Wb`O?umJ;Q~Sqz z{i(&j%%{lYwuV$2%;&TULTWbLZyEi#DQCTzw-7o*;3FS8^&pnj>#j1a z2rI1a=Cv7@Jr?VxyMqEP`HpRES7?3P_^tHZgw}Okr{aFSboGa5d%NNG{$j%Krfhyf z7^xRUj7)xAIV-(($R574XF^&9@@%;&Ot(1~2A;Sw-OfZ0FRH%_piOu>9XK5#MI(Z7ABfYv=)Cj^(T09x0A@YW0) z={&cUSi5kA?`j^$68^gB#}VW`+11z@=vb5UuyqjK1mNBHykP-7#q+YiKsM}ma{gt5L#M| z*jCv(Gh$-S*cx#TW!^5lDNC?u>*)+H5XE^`(L&l-YM{SljujOYQ$$nybp_V3bkg?G zxbI($;RnWuv#W>E3eYpra{@h6+fMk^z^g+bs0R2k%=6IH>=X5BmAdkc=FVE^dc${D zNCMeP(JHk=qr$H%oiEuwkRQ`kj+>0!9#&LISWGLqt|uhv%9jdK1iPY^7v1>uIE64< z&n6^rjHT{vHt@e&(xKW2TmEVv5$t%U;2!JIW0iK!=${m-T9G!>-Tlz z5l8K-M(+Wlx4{D_MVLe%(wC`X7?4;HvA#1qn=72Z@y2w_1UA2?;An%y%%WR${H=!*okLuGgMmv?5nV+1c_t z9tSBkQ!61OH6LMqX;O8SJtg{3jq4Y2Q6(;nsYzHjs-=!2NHn19h&JO&@;b7nsz5wK zBmL+e{b=!%Cds;07~Cu1K7f1r74`;fuHj`YEY+<9Dx7=Zw?1FDI);E562!hYY02-7i^VU?L7H zwEjv%a$s_N?N8K=p%B;Us@^V&R^{Hcs$_8L7Q|*sW zl?`-W#M7ttl1CzFoVAx_FW#%uTv(nZa261Y=kc#TYH>BU5kp{9Lc9;@_&x<86)ZRAVm-@KAWXWS63b(0=> zlkt2p7MrY=h@rb(aPPzwrX)G#YbOPk*N%2J*{gpnuihQ%Iaz?ajL%+VVK_FICuewb zq~lb^ZXr@1iXu`|;{Exvi1@oGv(LxR$Vg;5qaHD8NI-5Z>Wtk7=@U4}D0RWVO>IF2 zBENFyqtpSv+cW9H)B)OWNMCBzY2{!ZEfr-NzsEAeZ`&(irLF2~JMISxA_cAC^b&lL z-4k`S+W-jHYd;pEogPF=xjM61?7bexV3R0OTZG-QY+p;R`H)}w)U^zI)^n%rV4*_5 zUqCVjaGn~5HDI>E7?nI_J1sZkIx8*QMf+c$o@CC1$G^`!K-D?rjmR11ZgMnctA{(; z&C@NXI+yoBpSJSHSjIzd#6y4eKVzEc^A8Bhg;x&9D% zllamBX(;x%T^BDX+N(g4t4g}j>-hnn`Oe8#l#$()fS1NkKjU_@aD9MP$VsbxjPab0 z)1JIn*l8+E$Vrjs&!39o2a#f6kQ3x2;Ybp(SZF=at(?$cP!}Pq&D+`B{~*h1#6>7JJ*IGzEbp$A zQne4@Ou`35DrLR}LgIeKhe0Ij2)z-fYP{Cu8KhUTke$PQgSBDO?J4m!_+WI7x4}H+ zF~(=g(+rO$_^{}Luvq9&L1SQY z13qBaD6zjb-(tvK7IKhmwt9f|t*Lwh{Jg)EmhfG3f8227P$tq^^6~+VRK~&8`LlFr zP)BYg0tUY%)m|P5CC^ZL1~3<8#Ig;2%8*eI%|TRpDhm(q^UsC~jQu-u=iz;R+t3Xi zv=2agjT6fuFgstgammrGea(|;=o6gT0s-DQKyDbfsd02LaNQF^xq@L~Rn=*nCX<}) zK;*S&*)zv%x|$cI$mr8M#{2Xpv_4vN9&{~d^3JOLWcbt7bVyd4qBMGMrj;>&kzA%5 z_Os^ZnkR(TckDViowhJmwV0sVq~OplvhVr*5Rjik{kKViU3|2qVJ*XcEZG}|qO`1R z@%BBp#tdXf{yKN4SafK{uLyBjIa)z`qP@j;bSIsf{*`$c5xhq6T&lFRm^qLt)f@gT--fh~Wrk=kaE zo%d2Kp%D`^MExy_ghB#qI(ULY?~_ak6%B$d2z=Y$o$~|f{oE$0&GCjzli?KyHdu1$ z(=$0^ZBeaCXnR-L189B84ue~SKvvs;O&jPydOr>HK;2gY%AZAux-pxKIComFmRs~F zl8G~9{bBv*Z3w~vt3aW|1B4Pv686Z5iDUaDxe0Pr#c&e1%8Z6dQV5m}l4EEh^`X|?ciCO5i_XQXWjCM?hOvNIP(~Wi-+E|H`Y7rF{#ge{YJ8OqV zyO~N=&$l}WZaYeK*=2I;Qt^=(#&J6SCkaT3<1lVB!)upyhBw?59VicEG)Z7o_@k(t z#4Nyv5=5Hpk=}(mV@5Xpdnhetq1&E7$S%D4EG2S#)BFkvU$PwcHOZqcexj_T%E%zhl^}<9 z5rcqRbw|g`di1CpoAs7x%9YQjI?P2gQHKG$edkN$T_=^)tS{D2zYY&$Mm=8ucf#|~ zwWC*E4X5cZwyF3J4pGmmx_SXEWmY|8p!fI7-6!Ir*usN}%X`z8j?j~$EAM>In|@Fq z-iM9fgHjjay*wY$-cDWGi|R;+?OL7q)KEStU`-}X_>P9`3v!;OxEh=V@zL^n@ntR# zGZ=8JMg9c}o_!t5%n&?oKADaFwockFcmsQx2Z5kSCig6nXumSVMCy)2Kv&xBZ!vb< z4pz}Hhc01`%jhCpG6%Dm{^$+5;^Qcf;jmn>KSFHGLcb0vj9+Y5cf(O+zcQbqW`y0@ ze+|aZSf*W@oR0papgn__th5)$K>P5Wof1>>CqXc%Dr$oGDO!}>^j}x{?Gl_ly-{HM z5X}pc@3iRwCd{d3LgU5r+du^@HC4x56iX-lOGJ72BTJia%BsBGeZy)8z<)%Ml$rKj zricE349oocF1z2_?W=Fjw!Wtx6Jyw)(wrwqkQp;h@hFbGB^tQriCcWGU|+!l00k)} zpD!eoDPoIA&%taxbJV5~?JxL*ne;ZRuAWMgW9pGw_-b6QrR3g!`%V%#Jx%EWX7@zL zYLMC)D|eQnUm1Ym3KDIL?6Feq`kJ6gQ7>TS>K?u}@rp~*1QY~ZgkDc1-W<)+_kd25 zjR6W-DE?=&0{ye=*4i5%6i&C_qWCk~slMq3q$ctQi}ucg1>qu4E;k$ZbqQ!!4%`w} z8%({qywTV1T?w+-HkW~$`3uJUTi#H*@jj#`e@{~0%&1K$>KhPXIY3eR`I$XiGWIJf{YqBq| z>bb30WE73rubQ1dx=W|i$9x1sa%yc?hEW}MgU%@>xj&&Q0@ zM7+N4UGRIRJrX*jEVp{5^%B|_AQerFe^ub3`B^+{qEi3~*`pVVpGX27>svup+{$7k zc_@0P2PKcToGj`zvoL5@DysCPxh+CRl*l5x1&(0(&du13q+YlQ(y-*ZB`pc~qk(=^`f|FGVayI48C8t69#IkR+> z`B67>aclcAD2?q@Zd0ra55~8Ko%=E}yoIS%C^*9E%<(Q%&~<6_$=X%J`uR)v8zqrg z%gMM6$(*?cc;AJ_;1w=|Hxq|=^+j*ohM#h4Dp(G@W76WSSw9(OoZcQxP;zzHH=}u= z1;qN~OeKRQz^TaMD7q-fbPZfX1|*0i&H+@I2SWVPkT(kd>3}cE zv`G7--a!lA05!eUv-LR(A1tjz9V@ty-C16sIfX4w*%Qh>WQVaYRY6DP*CS#VLpQ@> z{TN+T^1Xot`X5&{x(v8wPjT8GgZxc6B*J7>L%{AI+!zrApI_tA*TIcOy2AFaMUR~+ zCs6ZLe)8N1m|ej;N!&DG_**MjXb=Q9Hr6YRvsjs|x=vc1W&V+z2@i??NR+<=#)Wbb z4aj9c^obR^5zJ347LB!An2f`OY*Q~0Z^2xtvF@Ih9JFAf4Eb|L*-jdso?$297LbgDPOE7%x;u;9}^f96L0``C04M}0bW&ADo__Q;1OrOv!*~PXuMGHIJjqH|d zJ#NnuP1MaHh(v#Cu70LSQ*gM|8xfZ=QvOeAT%5D)&697)r_s|3pEN&t3V!l6gYVUl zxGwo-y>oe_#oC@NGAO10nrUn+TBMEQx{nvGblNu;1RA>iOAbLzf2a{hbJ+j9uIm_C zs?!PG%kw>eZ7i`LO<*i+y$i5;a%*MGJ8ZA>W(@oUsgba@)K-DPH7}6ln_-D}yCrc# z*ZM$k7btScSP40WmatLsvut!3Sn_!^RTVTLow~_Lke(4zV&o+f5dBz(F}l#QvOy_B zzwZvx@B^r3aAoWKTN7k&H%-lJepdNey`ZGX$H3>+oL`DJQ%>BMgFtWa;iN~3Nl`>Y zwbBLE@XmJyC~@1}@$Z7Li3zt&!{Qv<-2n5|QRiI&Gl^y;fCEk(y8^&u0%4&Zkx<<{ zTIL^R@xl1p^Ducs#Tk{Rq6pIS2&LJ$~nH8KYGJq83wDmRLl8u^-HHWyjaUagVS zaU;NWnpAf9WzX~|hC#wCwz6RdTt^KgY)=p6tG+XkoLepCWBNaBkW*}<*H&*+m2Lq=>TGMtKm~Bu zfUwGw|5Rl~u?1ug)_dMnTR%l|u!^{YrF6RyXav3x(SRoA`v)qB38{)kk2aG5FjO5B z#ESUq=Lmp#H4iW-&h7vB_!qD~o7ipWJ0}({E9@MIhBNFOWiOwrua4A*NaU8cg+UIL zj@WiH3agg|Kub!Y*3^oWN3Qp7RjXpn)SFCSeZD%U?MgJHde>C^RNNQb=Tc$a?j4#R zK-;$eHedioT9$rpYJtj_(9ris#=C#3;c4YiOq0L!h78tc70P*6#1p!7T#yGQCES%j z!;!Ehmdx-ph9X1=DbQ0C>MIHftw|aQU)WGb({2%Voht@Pao-=^eA5j*q3&*X`a+<_ zy`2JpQti|td)W5!csS~`??YOzz^db!gKNF__YEqg&*6ZsSCo?vvjTh_w-pdk{Nt&D z)=zVMjOP_Voy*c3l-k7nC9W?D^;4)6!*L6tj{R2+yfjfk>l@ThmG#`FILQaritb08 zRqKo9PzX(r?3SinnQT&px@vkO`{cc8&MGpJF*Z@L38q-adT44P30c5Cpma#6!2jD} z8?u;9={9tXGYc2@CR#-FE!kS z+AOnc3>z~RhwDb8mzzFk^IrPA_>ThZe8+ruINn{gr^c6SkEo9hLyA$T@;kJon=4U| zxkDwAOy$+z@n+rU40+dq=9Eqtiu}LD23Bsuw4=-ZHYZG-KxFQ6wNA6+ujI3z4kmuVTR_U3i5Sl*kdkJu&oI21bdAL0VVJ zMe5FiU3#C=dhm`PzrOr(GM94d?MLkRITZjZ?>sabs46|>rp&r7@X}GHQIfvfhPzjk zjiqIK(U6@|($OnkeUQ}{2qlxYES%qpE`&GSUHoO6>YDsOi0^Bvld>^6aS^9`>rFkQ5!VK4c#+n0U(9Qp4?X)G!GlU&q0YjL$1J$MPCT7W)cs9NlhQ>`=$6);!9mD)H1|ZG?oYVWT=eKBGkWM z`0ZWwt~~FpG)r`L-W)GWsLp+Pp1bzhU7i1XAROvqtdli2M+$XSZ~yO2%7>HrxGYSj z=8F&)C^#w_FG{oPGcLqGj1k4$xx#fZ%m7827c&a3EFCH=g);;&G4$`#x&!~NcwQ1B zS(H(#MHVD#lWbyL_VK6i3EoaPoW@c>?yMLD^)l{zoQ(I^GyfPC0&Y4s5QpM$>vN z+>dU98i4CUkAljXA@#WJP5$|NZ3Iz?36@t=N1DWPThenkfaenl9}~eOg?D9|IAIgS3vB@gB6oW-w2DTeg+<>XJ(p(0 zeJu3X&WKdWOwc>Jj|RliCYLdW~`SLb7ya|zNA3Vd+f=eqihw}O`=3+#z)lSsn3izEvK{AWBZUOf zpF6cK*{7RSvVSL~cPG$$=)sCg4xH5DOa+Az@@XghJf|0&4UB~IdMO&{njwWQ`TX)K zd4BEMmK+mo}y{^aOx`W z-qjYCgqapw#;B^`&utC+39XDxDhc`?7cmL&W0sqhq~{Uz5}lIMk)xdl@#U* zqI+3l@IPRFP9O!@;(W!-h8zcv6+ADI1TV^<%t)ui%3WITO) z0j&nAm{VD4UWbP8+fetapyxqd5y$9+{1P7lIEj_RT_PW8!kOS%Og>4KP<+{T;BS>G-JGQsJ$2te@3+N8hER)hD)E8qr!EU~%A# zhRgD!wIO;m3~+}eRO;JIME#P~+f|xHqcJo^;g3WvpCC<#MQrELUZzj%2FON(`p-+< z!TEn(Q$sdW;8i-|RVo&(eJ^0E7WW)Fne5*wM9pj1&+}>fTxqk2%8GzpX#`z9@#p1M z+H58SL6`FgIjgvZPykzKrMf>38O@{xC zfa`Y_y|q}6=2UV9K1%j9^R6fbVhfBwrE^#}3ud4~DKL~ix0=6?&%ZE!8|lO`eEkyN1wWr;*qEimlt zsw!4T3r%`-KqLP&KE);K_|3)z35pg#(Vv}wm=bMIAa~W4!V_||C_BZxE2;eaPQ*J} zmlV8^_`F}xU9|UNC7~=nh~f`}eH^9A zUDrOtj|V50Zg$yiRXxdeb42gu_{ z;eGZ-S$SM_TNo~kflv9_=aQ2Obv9Fkv1$1H>uCAnL3lGhChk$HLeBPhB35<|@GwZ{ zOgmUGaN!yxb@fMYZd6k_<0M2+GsQzM$X|s(kQ(#st(3P?$Ux~wzL)7Ehsm3S2>*GW zzbIHy%=>JvnDV$IS~?}`&!u+~+$oPAWk^Pr57%QO7+PQ=9$~$wx5mTX{~3g_4Q6!I zu(!Jq_|BKFGlq!F^%Vb)sc#I=^Lg5Cn#Q)-*mje~wi=_cb;q`CHnwe}QDfV-`QE?w z|FrLie93X;$n5Uy%sJ=G&U`^1FeP5xo-d<`V+yXBx~IM#-QH#*{CC?&zk=_0v0@?4 zGFKl8!iVd_P2#h8sIP|t(9DKc&oCC=eT1S?6~5PJN{o=;ZHk<>G`v+;ROY5{SBN0x zfidwVT9a>ME828u4`!9m^Zz!7sC~CwycP48Q0+4EeQL1-MAxB+<8LlwGXgC3BTVBQ zLB6_1&|9u}e}%~2_*%K`#o7)(TkEmJrC2FgZ#|uy?&y+k_G?~)<5RKHCarR^5%tZm zy;i7p%IA>#yxz*da(3Dw=Ei31N$$$4T zsflcGkd>1+`)BbnA@tYgGhslt0G&eOtYM!s_9bD3Z!*N*jR0@OPyTGu|DgtLcoxn# z)#)9%FN%uWDXF+6uMiVeJ_Y5RLu#@o_a*r29_);4u}Qz|nBx5`Hi~Rt(~53JAr)?3 z)h#5ahc}mh-bX@-80j!mPrNRw<2o>e!KaSUYldxatK()(Y{i=*yVk=9fGpfxOnt4G zffjEhM6rtfB&<&O(o@etQP-D^8>Av)(o^Y!KKO2?j$2~<+~!n(9Ax%xS#OnO*8YYw zetw_h66=pK?zfRpQV(B<)utw?ed;92n%fPySUV-Sy+-UzL~wVbCuH0(9s=gHil{`C zv`X6*m@#ZG;Q^p*><$gi5Wj8c6cWbyLzD9$c^@|byIC1?zAUoDKOi8fidaf=AZ{i> z2u@4K*@$av>;F5h?XPXXdW$i<<9C_8QI^GWUxBw#~Ag7kM!&7@8Tk9qg@#cYHA zdajxF#UU<@Qol&!Nq+mEq2>U0&C+cYbv#qKk*+xNf#_D&cz9|x>{pkH3yY4MH97z0?#?lqp`5NjaCjRLT(bWu47tct=cDX$r1}gp-Spy5-cj)UL?7 zPTr(}>d!_fK&tLOG*JzbD{*>)hltjwSL_qwDPRfF+$u&rrr?l@qvnYlCHg)$Q9=Cm zCKN1kyAL|j34*s4PJF+VcI8fG*U_%y8ktaveK#FA^Mk5|BIo7^@vKY!2}4+^~i zF^@u_dxe2IzxVKxm>Gidsc8lLuNVvL(aS(Ftbk$|ucz4I0M!+Qlu&o1uetSkjgp^5 zzBC6ulGoo^N#5T>EmS3LI;4$y@*O2z_#2g@D9ZPg$Q$x|vMG0Ntj*-m>$t~<+Ip@( z7Cp2{rO;1GiKLHQp4OLxN*_Hx`Uf*oLOSwDs<1Zh5UXBvOYlSAU_bd^rIqT}CFF(b zNPX}>T9gpB`}PT~_^t%kk6#*^SzDvEn3I>19)G|A8GG6%5OP=mm7W($PHq2YlKt19`1n7|9O%AnU4E`cthtTki0 zsS?0xs^UGO_|Iq>gStq3rJ&)31`H<%f|GOTg0G)ce0h2j*YCNJa2IrxMB~j~qIcxu zes`uxj}npoDO&TIu}~Cu1950u(x$L}el|}kC(D_>%D?^-PFY?F%wLc{BDZrtO7?wY z#iLVcIsdpll?bV0^9bE6`Tzu90y@>EsezP3av4~0CB>bj73V0?B@*Vy@mN!#U!%w@M$R7= zooUXWk;zS;z`-L15w1(9Z7zRkaG$Fm2&|v?>NTsB9bhcLVH8TYss+&eF?Ci=k)&M! z8j$So#oHwkH6(hO`w%o`ez5R}3M$6h2f{pXpz}&oXF)*pv1)?{^FQ>_0_Q*jLKK@U z$)2MTYbE3c{CP&us^>d%UpP+%wDL}FX#G8u*4hfjp;WWt}QL9)+sP>+D?{lK(_4Fepp@Dz)*Z)_U z{SbhHH0;w<$xx$0+<-h13aJup?ofSH z%wDOup=l+*I6YL@AA4@KuFQ}v@HhhcA*^XDtL8S{1`aU1F(5pgg2yQQ)Wktb*hh)x zWX=xxskCh-;3tg{);)KcKxx(Twguk|j^dPQkjHtU=Ct~~NFtP9cb^J*Ec z;pVgC{OT+O!E0~H|J)_prZ~gqaz9SK9-qTn})I5S*n*rT$Gz$oqg_f zl+d8xkak9ExnOd!2Hk-N=td<~HRq5wY7)Jp>q)>6O20mpiGyIlyQnjqC4yX+D*3A& zx|r(oj=|Wd!Ti;-2>_uvls2h3(SgJb|5SpB>_mbI+-#U$CW@sp&aT}XaqCMSN7?n= zk^PsSTZxHB5B%1nCO^p_Rd-0Je%5=P#rV}CY09)~?+l}nqKfWiJ=Ui4L_gqa#`%kp7{Ndzq%Wu< z;Pjw_dBqgJ){#qrOg`npqn_+-tif5Czx)g^S7o(IZ!XW(PqS$H)lk_>Nu@>fYM?Na zuG2+LX*xt*P@`0=pE2wFL8s?v&9;fJLN8F%E+C4aJ9+NPlz%g0E`Ayg0aH+*v^hD&I`(&NwMOkzDaXpJmWWROGG_EBQj;+`amdzBl{bgKAY-C%77sj34 zNG~Oz3=)N|JT5Ib+0Ae#H6NX*!cyQbT1;b^U<;^}Xct__V-Ao~a_b>$ulO-3OaoZ9p1;b*!fYd90p`Tvv45#C>Jvo!Vv@q|b5R;ZqQ;c;nBbu3!OOu&4a?#Kh=TON#7R$M9W zQQ^m?6zalzxRc`Z-MrTqVaXe!fRJVsRcU$lkPzSA#T?4t5LQxJlLc)nr#Ko>Izf00 zII(FrhiCK~a89nFoi_9Rs+>JxDzr|*OVE$K6lltlFZ|La zbo0PxV7R*a%p4gdYvtN;onJPm*ptEodQvhz5kSsE$ep*$MJ)jm>D+c&#!)O*>sgUz z#tG*oeXTqgw6W{xfK@uLn}qmTEmJEQ%rBt@cBw(-y&@U77PCDdcKK}p^dl0G!1p@y zRMxVOg!Z9q2+=KK&ES>zl=@;e*_gL+KLQOJWMJ_|fgS=IS(6-ni>o?%A|!+*vS#@D z8?k0qKmrRTWu7&~HpNYeF9xHLm`w)e-}PX|`pD3@D>o4LM5j|i=PscH?$nnj0K5Ut z8UX9-mBjWy)EdN|>8Wq0xLsy%Rci>qE}(uzv(uR$Few)D&%YJjL!!ZP6SKLFY2R=| zA6t@k-a(@AcAoj-s20l0!tFj;*kW@f|7Uf%=wx7QZPmqsr+bQSK5rUtkj|JzjBz*# z?#-EE1sTdGTAAztzY+Yah7|~XrkkZqvMlb>oGS8vy&Mwyt9Q6U3uX z@goCiQc14UzJ__T-yL9_*$U?!jGlc-g_Qr$GG1z4~o@wr!5cG4| z(CiK&Y)Q}@gGUaFL@k$N(r60>e}{%_ACrJhZPV#Ub{woug>4VeX)c6FUO|v*S+<}` z-4Br-Se{RiIr08(`9iQyI$fK0dgM_rcBdpO8SJP0o#(yRpkn#xGV5FGRn8wT z1~oc&r26SGd6B8vwzIeZYPOH#b7R@Rsi==zEzQx0gST#s+t8TrTxH%wUX-_j?TYV~ z6}TlQ{Th}MUa`Eh&)b`N+!cAoDlK~A6Y33mMu-jul&p;#&2TNikP zt?hRf-lD*4J?f6BL~WCxYKJ>`-IxR4#d%h}9pJQL*9F(Teg~mKwl7?P?65ZXlib%j zgne?}<&VFjbb+7N2}1n^Ws5`rP-I(X)aVQP9UfUiOg?SeIGcIipW*SWpDxGAN5^|O znZyZpx~(XSK8CeTZ}OMD=YLa_NSmnA*9t9k;^n@3mXXqd<`Z{|(R1)RuwLHblj9O- zyvd;%`PxwiSZoAdQrA&!4hNt-zIwaZ6P5-^(lK;z_jDynZK2Xtalpadmh)kxKSY^u{FfpWWu&EvrGU$Cy5QyHU|DN3`iQ)q_s}l?TYs5D?K#dFvHzYJaCoqB! zNmyLHHHSqN3d(kt;Qv$@8-)YA=q*RJ_)S|9x;7V9Hz09ryt$G&nheV(W_Q?fr! z^5`+?q3JNj<+p_82f{|%6o8-nGYW_vKPtks^DEp~CqvdwgvhZqf@PGC{RC-~%@Ppz zDc)PZIHWMovYll)KI`ayE~6xHbOrTvvS{ogd?|Ql*IaG`ta$;6zq=0zt~|6w%P?a* z1NHVZ541RjlNOJ-e{c}{WNLv^qa>NfNyH14%7u|u4O?Ebo))%>bLAsP@0uWYK1;(_$V4!^ z&|{Zl`0L8;%c1Xb`Mx2iEnkK5s-&(p*#69kDgBOd4wfdI=2>Ik41ZHkI;+^qjSg^* zN1E~BIA6*42e?mjU;J41O?#^a8z7U~b?hvP~-4=@@>xvBxqn?R5ue z&Wc1}-_IJ4Ed4qAl#sc~tWhFaChq2wLOdjuOiwEAZd*Jpp@V~*uX!nHc4RMg271_u zQWYcLRY;1{(A8*jkcl`da{swDUjzq-$x;W0O0ow|Wr*Sdbl*5y*6v$diLnt-Ij58E zeCQftKlzJFM3V7)Sza z^x?U6(8TEZ^*8e<%|gFwhz&dTT|AYaLlB1?B4HN)-QrVFA`J(5BAnT@jMG{}3#Ad^ z@?k@ZWt)1D@wr{Uar(;+C1rEoiu)X;mb$2xXpOWam9f1gmO8YxmeU_NqV8L1xx-my zvF2ZfcekJ7yP?@Gp2~J1uWjLQ0HSPrzvim`xYNC?Y&{(2_njd=9*pN(@4Kw|WwZNc zy_Q4_0T0b`bR@I-aSdaJ?OM6`gnWKX$*zF|8)J!X@D!=n@r)zq}!n)fvy>du65-Y3B=_2n8qWf%=?s! z?T%aXx(Bl5aGMd_ZQqC@Su5QaBXdEej*&5uH!>U7${tOAi(=W6=Tp!OU0KhJMdytx zjwAV{@Ii}!Kby{qZ%nbH4XF$9aegjD?k-C?cykB-Mo;9Bq}xqBmQOn%1*ut zVQMJ}iQO7GRT)V_7AJIA2+(XSWW^&)V2% zsUMia8r-wtEtIU*a}k5&LFzZz6I#a#B#rYPpo*0zd2+Y++1cif!~0X5g1rZXr_MP-}$)`9&umO}_>3sp#ks4N1rHosP zWvTg09P4BS)77O?4f~2^SR#?c$2;DNcckqbowEzFD9<(WX3FjcV+Eb?-#CDqT`p+= zLpe#Ieera~0zf%?wJl?)El1h`ZWp)bqVe&Vdpi5!ZA#T|z9FHKB54qHcv0+E#Q8jT zxte9BP%+Jj(e;XpnK%CANDPnjyB zo&uw~#cmcg?~CY4^n7ycQ+=CqS!NbK5J=gA3`m0fIVYvb{A>sUq#cW0FRx0 z$ca@hVQ$WJ$+xt~bnJvQriQmsCv~C68`jeBY<#XtyTtjj z+gRJi0@YbT5EUiUj?~#et^-+Z3rEGOf>Uj5E;soneM_ImfBL;e?HPsPF~O~wWPt#X z-k9>U37M5FzKEC>TAK{X&l?%tNV5Y+84yWR>Pa1G1EeD( zIy+KpyK%E-O%-R;T^X33xhfq>$AP6)iVJ|D2WzS&qwwn>-+nYh_q`q-L#W4#oZMw6f~U60llK zK;5yq>t&Rv^O)e80OFksP4=;(6peH>fbQ*Okgr1(UF1;zh7uvpy5!mv*yH-K0H<5S zSbn6_FKqb!SIxBabe6x@%Vh-to<4)kBF!z&1?|tp8nxdT-<)nddQ5vdm4F8bf?vS&mb8o)psQfQBf1e?^3owQ&H zb~Iz=uSK%T-M;H`9a7!Xg9!r*wp=t_S|0-VAvYA|t~HF2SC>0Jmj;SKU~LP0Gpl05 z&}~3O|DAxd!f-Zt%&%r3t5)H^qzqy1(>V$WkAQI$nl9T(~~EZm$2RKU!_ zspY;4_^5|6z?bCc3a8kiC-NF=qLPlduc$fl^>_QGZrdM{55Tlisrj`1eD>i#U=S~ z;=}Nmv_DH{d`_)pe0kZYr1lm#a?(8OE=yu*(Uf6+HsUQiZP}-)_Ek*#{sF3{gYtUK zi_K)&^Xc=>R_iI9ODSu{lTNc|zs$ylxwCTj%#`-jv2+kzr>cO0$s0-g1iRqDK(nh8 z;MMq?{uLAxes8W>p|aL9?HtvYw2;l6C|KDVkMFU^VrC{P(M6aH0}pA0hv+r0gyx&N z8*8ZxF|7q^kgX{&Q4h>||0QRub3r437A=BuR)g-&=4x<^6Ou3b^wI-1XVb~=bI4{+ zy>ikWPU?1C#GMc*I;CY!8J!lO^|aW|$-)tAUCN0fot)^dWC^ez;u8XH40D!k8n@s3 zW=8$ed0vx46y5(%kqxM4AfbZ;@l>YX(ZTDNzQ=|b&$8Fa zmRDGk(9TxDxP4(U-VrA0b~(Bd;7b#=g9OrTE4QN*6=l@?dQLBoa7o_37I{IR1oWq| zo%~PoS)7=qM6*b2*pf}kTFXLm2=?Q_yD#$C=Xdr$D%0b-IOV3-`IXB`XZKg#z_z5d z%9q3rFLg!Y3kFQH9hfvoL;iCT%#_mgZ+51N^xqE}NMx6+nNwQbn4?`_+i|s$A3PHt zv8dYxWZn(YYG+D6qoecgY$5RvjN!yWRhSF?^WQK z_~q^IMDvDI3MXAZ>^yY<`ZT8gf!WF=wUjV)QJFpqXPmPgJ*JG^y zFlE$bIlrnxLQi2nJGE%mR3;V$ZHDIED1x|zZ6yaF8IZz4C(Y{N1_h`Z>X{%@zfAxv zSdyC1Q3HOLK!r5pn()Vknei8|iP?+S4UUm2KVrkCIO@8V<~Q(QllCcj0SE&^sOqT4 zDD=~8LpH(8R`U%auIZN{lMYk z!JxP3>%aEVLL}62O+7KhpoM69g!rNX?7x1(qpg#JxHp_>pgNz+j= z<-2~SozTpnoW00eni-7XC^`VPs(dnW{&noCMvsh!eih-8~}Dey3QO&D0Uhj0Hn5kvxMN96O3M>9O^ zpRCq|13*~^{*x77?LAF(oZTH%W2K-5kKiYM*Uc(_DpE&fy1di)D#4rhxvG7BlA)VC z-Y!7Sv6;TvX?q1KLHjFjcn6LN$C-o$!3MqD*Xm9^Q`_Bmcly@%zWKDX-Z&=JVqaNG zGb;n~h=%II%6Xh4D(TP;?LrQ@mUZuZcG}kg#Te9_hw3_~OcR z0XP-Xfw+v5BXuw=%Z%3Z_0NvDsvi|)@fx>l0bRcnsPmEA0m~=?zR$vQXrBH#9(wVX zmKrB)aum#(< zpHA+i@vA;@TPxKF11FwZ*vS7Zh39@m|LFrq?`cc(_EeIY!}lxKbYO}{@$ixjX?krv0L~Gs>!Z#*uuk$m$@!wrSC9iTkFD%zt3v2 zD?;g7(8MVDYwW;w%_Qih2~48n@qHTRvhksPgZsmyb&b#Uh^xkGMWaS_lI(RSLBRFE zW6pkYP>rXV>{S0oN<-(n^a3?3(T67loTQ&b(FO-2aL6~>$@qbgm9(iCF{ z6E9FWw7V?Rm5&KD#GT7mO^a;uI^bgCQg@~S{a>D3)EsdnT9YNw=P1IVF8Hp}rfx`T zH6ql7s~LNWp33NDgyUh%qua47&6!6?+@aX7y0vJEN#)>RWz(`(p zw1t0FJ?di^qtu#>V_||=a5w)#PCIj=nP0Gz5f|7b=$sCEYhmML;+PKlI|B;{B3{8G z7Jy|if2|x>CIElG8|*&0AG5hLFSjDf9H>=$_G>_qqFc}F7P^c0)VZqiG`(D{mh>gV zDC07qG18nR#>E_W`CLg=r=H-s5yIJLt!aKKeyaBE_^dU-yuP+Qb-5*BARj*r{~;{M z{)-)X=xvf`FBB?0!P}GR0U7MM>(Y%YaM%ln&X&6Oo|;kpPlWl#j5lZcrw-oN@S;Y> zXQ!9F{OP-;eQsya1a{s9c*Z)n()5YVw=mDIPn)=o<=ae0H%~V+ft4e(6L@htu%6&2 zH0PZ+AoW&Q1|%!au>G-TS z!i|+eEbE;p2)n1-2_5r=xGRvtFRFvO76so4YzeYWY7<2ti)1LsFjIw!* zFuh{4hM{UZ{1fWQpRg3vSiAk^{<0>0^thkONipEmb6smCPKyT&DBxy&ptaoA@G9?e z(AJ~kF}dcSBkYGG?|YvSA}G2OmQSh06l(4J8dmuD@Sb|1E20$GU(`;poV{@l_bo+Q zCiJu?OGUEsPHzjA5uDaNpXVOcw3W&q+uijt_CT&u@$u)R@0A&_hLC3Lup*s(o!xP7 zg)GRcYqz(5*YH))JBwroV~FC?vlyw1Q{CWXdy?#ggCg`x2FtZcG%3fEf>4)M8R+f0 zg}0gxw-Ew?T#}yJ=R4pR|LC%3M#z3iI_yx~g_P#+Eq(YEcMIYx&^}DC~FlfSeylNJ% zzp06sB3)Kp5ZiZ@eL~p$CuA!F^?UT`X7Yu}rdxsi$9JZ<&L zMb%lwIVzOp35RUw7;;5a+BDp*O5{GU{Ze$f^~_fb`uc}rO#20S!_8-};-o<)gR*IW z_zLoPhDp-)J)8b8{YiODiLt1mpf+XNnFH%@=w#!HD3hqkk{*6EHh$P#ZJ;E`@q>>M zBeYh4l|s3wos>D4d+9~Rt)t!gxY5y`!619RRCkn}&*Q%Pl8L^*Z`HX7gH>$VpND$} z<~NL2cu>gJzNV1+WSc=PZq~@K)VK{#)4nuNoY|=9$iQQdqiz41V@ePq*?2VaP><p(A@cH5ItymB%^n>iU z$w6{gvQ`?UpT)1AR_dJtj*MYblr7bY@CcOhyAm#Tyr{IJ@8azxmM})wu+GeYTVL;t zPGQTPO}icsLxSPO-yZT+>=o6ja&Xin_-)7P)|HMc%{yC{pPZg8>l#i6`7ZX7cu{%} zrqUG2!2Nvi+1{U@d-*uDEz)rc6uS%pF}*&=1p7P*`*~keAyZOsD^&!xQ^k~Sa_ISB zpz7iAyUQD}3{&EVg!}~oA})v_DcUT^aYqpfI&!DBxi4U>WTVuZF@tTTk%ba!fumJZ z-w0FRP+^2#B5^-kxfllt=loZtt2yH4SRG6!{xP2XwWbYnRT?X?B=*(N%pK^fHVtew+@@yVWiLIL_- zB^>~&@xe`=$8YhePNnn8ua0C`yFS&$2lc1KrI`3pP+!FC35WQf*tcvvI1W|AQKyY3 z_gGe6XQ?dNG$_+Fg;s;F`mQ_{FBuLSN%mnnsYslR>$_YW#p4?NVB^&4a;XYmF`jk@ z){$rZL^AqY(20^`=vz+95UhWcZf!Yr3{MT_iPiF&)Kiw(dY ztX;d;YZ;&7kj^>7a{cPe3*zI7Hq}~)6U01huB>-)3CR0c+29XPrbgH}E~)S6qPAe1 zgUpGEJ|jY;M@3>T=<$0;pD6J^{==pyV}zer+D#xSfH8}AklEX%sQr~-2_9}(LYp3!ER+>Bhuh}EvO1(4%mPP)<2=L>(Ka$uAN|13t3QH|_ zVyV6}J$A5`9n{toibMo5H7=L2Cf>hDcIC=&lJ#8;7U=!!FIeDxgX2HRU+J z#>PXY+$be}XE&596?)1w9r~|CiY|6WI;;#mhO<~FG)U@igd7rp=`U4)0hf~JTASG; z7a{-rwazWy12dyg=9m0Dx!`2}@noVwYuvTj@hKEXxy#ZBc<=DX$WR^kN~*3#;s`uc zVvZD?rY2_24R#A&Q$VszCJ2Rlqlp9E*Hxp!3QYLwXNl^;#AfHA&$p14bB2x+pMMiK z^>j%zo=oEV>XtZjnd8+S&l*II;FX@S$Vh_OEM{tGEi@Y`zj}VaeoOR6v)7uJbiulo zYBJ*X6NUZD*@t9c3Bl%LL}2E)=JFtw#6uaG20J>*uRWjRPRH(1Bm1Q=snuilhI6sizE@P6w~S~?GY$Hu{Wtp} z3%}_p5u@?#k5)%2mvA|YSC+r;lH?Qf&ayE*kMSh2WES=GBuIOX7 zaE=ltRqb_BTJlXa5+36M2uB!m@;^&h0INNfFB}X>;u5xS|0J1k|IsZ&U(#LRT6>O) z7}2>o);*dYWw5NscHV%Yn>Td?!&!VE^5E2hUgAMEAUr!mVL_5XTl(i;l6(e0#G@?|GdNro`VBLQm3oCxKVig=$*z=zzt5GjqDbU#bRP(hI(sOL zHmhXq7>FEE4(kz6nhK{fdkUnjcD!d_DGAq!7qhSH{L1tN z@MuhEC3Nz|-cWYx=_5s2gkj6P=9cxH;Y1rm`S<0eP+zvL+--^92P#_Twd*N2j25rLAe_samoBedFS zf4g`+1hez>3PtfkOe>6h!YkixokM59NeS1Mvpsq*zkaQF=`Y^U?R{c(lZWO&I7QYu zX|S`+_ubZZFlEDOGDvdeS?CsF)2I&nU6^4x5P;gMW5sOKe1^$%a0;`&kCY_iE7s(I zEYx4~QAvqk9lSm(Kht{camc2b?yp)eg!^c+w-#w89gSHr2M-jD{aErDi;h@^ymEX- zs{0g;sDEEtVqQe{uJTDQ>(v^3KRv4OI&2P4SAvfp1^xu`f*pbXLwfhiihP+l^ zAmIuK`uHi$y4y(NB*Q62z7eg2@@L|R*(*Nc>wmFmDPn)|!yrB4;ROo_n|#v0LM{0COfj_L2bDqc)++cMf=S)12#!p;TH-!du>3{ACh84Q^DC3YMxO8N7Fh5$#tX$u4n2tZ+^3R>Nps5 zJd_aKZVcJKIyiReevGjPtD^BAqi4=Mp#jui4WRzE!{;zsnH9MeQ6(JOwVK0E1=oRf z#d}SDeN@>EJLwncH??rQPkrFJ%heGTJNStx@gTyQNRT1HiGYhm;`zCEH*uzYgC(oH zQRu(yS~CluptTD~<;NslBmYme7sE6A{9`X&NgYDU_K8LzzmVyAW)Oy1U`8P@vFN)0 z36zOIlDsHPnhZ2TnJ5wV3mh!0uVQSc*R^%>7@Fq-yxeU*ZKV>4q-r`Lr?r#}5AUy? z)M!pb#@BuZFq%tqiuRr+vx(Mt5a^6ss?9%4X8JlRWCQuFJuL!?J~@NQfC^aKXudsw zHgt6>swD4B}ky^C|x>)T8VZ*D)Y z^C37AKYJG^u6vDoS!|e{nSgwRtRY%`zAU!BfufC#-OQ0R>uabTUd)mFO?8eO)e0vW z@Ar?}oEnOl(ECwP`;j05hk7lvEf`}V?5sQQk>&U|uhCQkKlrDo7j8e=N9ju1^ISjQ z!w287bcVpU%sd^9R?o{tVd_-e@7mJNpZ@4Mt1#&$l2x<5E#77COzP;`tkS_KL1gWd z=Ea+f(jqcr`N_&U`c5ngnIfV@vX2K^h@MlM>Hmh+q;PbTcu?z2Wps2*ddVg_bUA75 z4I9ZjsF%U6)l{rVu-hYS$n!CmwYl(C<-Dq^+gug-!+Vb2f{8UDT+{~l71F}Vl10YR zgXEy&DNP2|?31vUF##r6h)r6i74*(O zu5Z26qR;LpU^~xjC$^MOF@rFZ$4o`32-{iiCd@$lR@DX=BbZOyH@BP%xET@#J6}nVS+#3{FDvMPPNYpMEjC#<`+2}E zt;t8#Ghqy%VQL1i_^#rtJvK}u(K8yRMPDIZP%SRV^p^2VN}TqdVD8nomZwWY!fz^GrX4qsG`=jEfxTO|KyJ&M=bOd}6QTt?V`? zGHhzeIYVk&lBV~{vr!M1=Nc`4scN`1K`4t@x6GrMLeX1lL@3SL3lF1u#qgg8T0HD+ z2Iq}+d|9;one_HFX}R8`wJrtZTE7$--+5S{%c3biA6pYVR$4!K73Y+gPq)5)c^#S0 z7GvVulZxjjX7Nd;Q5fXWalbhUNEvK5>5l4A$77drY z8k8O&BhtY+?;fpPOV%0=`}Lod`p|Nob-eyeGiLp;3?cpll{|L zdE)nqnH8oypr$n78W)Yx8*$1_KBBsDc1+#Zmcdddq9UO-*h(e}%lGMb-i3Yjm&di~ zv-?qF57SVm+YF|WQeC_o9GJKryJg?P?W!h1IdM&Zfc`Vdsn~5Y5eW z@rPA@3He1++zT(7@tNfy&S}9tz-(0D`ml>kiX7b1@JX}2*-$JDKW*$rlH@`73iGES zg1Hxc__lwEyCYMsC%|awds;>N8{`P{bFrV^BjC$7(#v)2blT`rf~~n;DrsLDC^hvV zQn>?Fn{wTrM2)HhthCfBXOkYf;?ly_TxrZn5UZZx zK;52!Imv)2U!1w{mo#?G1P15Ace&lb8;FgzAwGG<0IJQyZZ+vyP1d&G5?YqfQ3k); zDF&2m6(;+P$YT#GXVlcl@T31?RzdACwk46Emzo+K39nh~FlJ7Y*J}eCpJO!`1TQ<`ANgA?=?U6HYPPk-&eI({;2fh$6-~CA3 z5)v-4d+1h`{yvs4tnr^&T8w|!sYv8o&5U{Q*XF&Ps)6+LN3%L%;*(%bERY{{j{)PM z+U8)`r#f?ELm^Ne)u>wWEgxNoe>jYONQxhuUR})DKA5W{d^b0^&X{mpJz;y|@v7r? zSsKDUwR8Xz+i>qhk~5YiT}V-yT|H~?lMQ4|xWPBBuP{FxkcrCW%DtLX!*ytDlXwTY zqRI|XcdfE>F2`Rlc8nS}Rjw~#$9c^CYMXazwaQaV3wa3hO{6?cM-J5Abf_~oD|hxd zxzwx?)^zfFt@OmZo!;}|T{u~AbVH$4ksUOX7}Zcup4c~)2VOrR{b*4dw1ny#ec<_h z%HDGPzw`THVd6_yY*W};J1>^K+}Q&uuYbAf=n=hxJGc*bs=hA|N`)_Dj1*`n+zR5j9W0V0wajzRsu<`7@6n>*|F$h3c__Q;6Y;j@Zpq5^ z-`&gSn|-n7e?PmEx*_;ZKZt<_NLMi&_{fJ$BNgY321u>px^0)6=?JD03ffc48>0BX z%SZVdq+oDfqhL_NZPyrmw1M_Q?&^%>yMB&aG(9{mp-V+?wG=w+I#|sTv?SZ<)nlP= zpThsDeK0~oFCHV{+f7R)y3ON* zoxcV@Ct^62R|Y+83$ya9_zd1|Et5%XZ{J;-2^yn)?DG_5>u2ipJN_tZlAXze5)b zZz^ZdNEXc)GLatBa_bSDFM47$5g-@FL8V43krbfTr$$v0YiNu7SfTOUCXncpDa;(E zFZn-}LiQ|5xuq*j$#2Pp@@gebeYsHy#g&tDolquA3%$4l;8iaB;OKlm^e=T9) zC38tz#|=r!;Ue5yqB+lg1onufU6!q5NHGp*sk%K6XKfI%-c{ZQd#hPfX~dByP{PLB zACny*5BAq7qF1SWJ9x|($hDGPJv%V!>P_gtc{xsdChs3?%m3gU;-}GDsW84#HGhdh z&}`#OZ}WZqQaTqE|JVrF`;kUf=Q}S!aq8Vl5sl(N^9BuS&v(-ln*nN_Cts*a$w(nm zH}qMSP}=`_9WF3f<>@s;z3N~Jw2xtr6181nWQLl zyXP&Y0`9(epohd)dRsIXc(X*C+2&OIrs3zpg$mK@Kk(A@Y8z%;_qn;&&z)Hx&h~st zS=L<@fnB@sMRrGadL&OJ1S-0+&khGR(|SRJyU4G|Ib^?pE#WzGTWr;s)D@FkrZnwQ z*G+=Zx?0@z0e-q~7(bMt$25or*OgM-I-`@(j5q!2A%Xjb{^V<@jMrz2`Jfll=j4JO z!}fPUW<`O-mghCZmL=Rva!5dzE+_xxM$I3OQ-fO;;nx`Uj`UTFPAadWujy{F`_vrI z!Ati9f9E1Gm1!7Nwq&zY@quh)S)Pq&y`{?}7=-#ldc-v=)8C?=zl=x?j2`B+zmaWPV^ven}gb& zeya>sud9df@|*e~D=Hjx92Y!uBikI@fg4-xdQO~3^&hwNDwt6R+!B^qykc!G4NB?T zi|n+%pj$ts076<0^ys&;%o5B(G|6QT^YA5fFeX;s;~8EZpK$p9T*%K?>#sg5Ku@^h z|BhWh_m&E_Czpw)y1T1}=1(AjS4 z1?ig$+kFdC3~d7~PU+3qML7VhO!1~{G&>J|qvfky_%HNgMpk0#tbNIdNg|*!vSq!) ziAA(7Ghd}dV~ctcisR0d1%HkT&{nRVq5VR}cNd#C)Hd}X=LKBr^&&Cr|JLgN>rKw= zL`TI;3Ltuwa&9x-*lvu*wrw=Flg374TaA;(XpF|T zjmDnX$wcpb+V|W3{+qRC)_Tsp=iGhv+2`D6>_jQS&x|v2{V$wq^fl0`yxO6-YPPE( z;vrzV%kjbmEhl~mPBp3)3jY9dmfEg*IQd5*t_f6SniVS)OEl*3Fme)<-<`Udg5E+n zBee-A_dTS_10Y~ruq?Sj4#pbW=$A;`zD(R4zv^*hTIzt>vz|6T9FAJp2`t>w!f%Yn zP{jL2)69EJv%|O$W^)scucfQI7~AQtd*>pfZ(o4f(FGEJ!CFcH9s4O216yTnnGC0N zVWaYXhH>2nWu;SCtHQqc80Ntj8BmjLH4E%M<=XW0io^QaW74`>>-YS4@Vu7wtf(5*Xjww`oPigjsdq3zAt;adv!CMQJpS1)dsnfX!dwnq+u*6hQ;U@v>4LBKR@iZKuG5t# zFnQyi5`xJ%P*4FUNZdKzsm{DeG{z&^2knmRU3fn?u1_6$?>)(_vq;aB!g@0UFi=opS^S*NByCx*!UkN`*tZ9jXZ89P+@Rg!jtQ%!KOHDq5?= zmKpl}VZqghbV@ds-Hr&2%*HARpXRiHsq+S7$VSLdR$aR7 zdLBRV6Bbp$>!pA|7%E7JbmOe`Jrh&%W4ArKSqyEv|x zMNT}@!jc>qVYN=K3#7j@BYZmgX|Lp*{}(zxI+PsVFqR({w2;Y?PNy@4S4p<<)JSq2 zj>X0rIIQ5Wwv{bZc9h@eS^YFi8duCPjyF{{u3gG}%$NNg)wWIy*=kMW?-#N!oKxP_ zaiz+X^Yre6xVS35!V|#T@`w+BBt2P4sxVhEQ7g->uhbtA&?>uvt&!9t*TW=47cIsX z@t4kgPS3NN>#VR!0>o6aidy%~pj0Z1)`hn}K7!rlB$?MOSDdRQy9`5PBwZ1rlaJT} zsTwCoPI0lnyEX(9u{~j`QL*VoVx(8WiNX9=ZKzW)$hw9x${n|^`i&AT_){qh%4jak#Qk-JDS(y zN7)}QAshyFs|rdM~#C;N+RUbG)Z+ z>tQ1PwBh|1x|ItoHnyyFoE=)W%%3;@b}L3%jQR!LQ$ubeUn&`VSjJqTo5;&@+yGpH zmZp3G?5oR%8h9~vPtACreld)#^qv8Iq?7%7m!?l!er%LzNd7le=R(7Ii%)az`Q=jDgqBhWh7K#u zJK&*POBWVUA}@ASB-xi~A3y((nlKC~s-Nqtt1Gxj^p7c?!chjcd@I8hA7MSU^U;Tg z6gIb8p(FnCYj$tU;f&jK^nzEK3!lT2;6_-HNSA6_IHxkq*o?GTbhri}JRF(a~eBx)AP^{l!ER2OruY78LvUcvTBv zM_dGsMqHGhQQfJWo}Ltceyi@-2%M1@>yTdp8bYiz*YZ(8FIPOMO^`1d;L1y|NJoTL zdpw^Sv#XHxrh<2SZ}D*dr_Jp#&p*>T{cL4HOC3zJOl5XGW@gYFLdXeLLuGlC8VDed z;^j&;cZvSORc&$n4@w!38*aNz8*WwI?#98(*t&N$ERKI(PsA45(*SO(tdP`~tv=SD z;adjPVkYyjK_ZwQl>hooq1jC*6@Tg*NYu90Rdon`nXv1ks>x^3335^Vq2GkY`GBjZ zMvP;{c!b5&8?q63`mzO)~xYl=O4v z_oL0OP}kd2<|MIv1MLL{cKc5atdORd1{qkG;~f7gD2R~s^Ud0Hdr$=hok{WZvD3Fo zC1^v+m;2GqFK)CM##c48=}Q7f33~~{S3xYxPX+fN(L=%8X%4L6or~pbOWpe{G{Jc? zb*T|3zh8pHG8#YkE9<7ZUCI>Hz~KTM?|Ah1VF^Urv;=-2b4&m){=1x3c=Dm|J*`qO z?wCPItl}(sZCn*mVSBt=&@yf$ewL@Yx;Be`T+Htsw;k6&EAXqStl5P}f}MB!K(40- zoY@HDo#+XInQ6Tj#za`8t&Iqk3VOW3oc}+ovJNQ&t*Y$5RV`#vJQscLEU__;;rMx! zFX#LEisXpIr`3@8Rcu)faj4dbTYotk$pTby9N8$j!qfyC1nF_Z?yx#XCVAN5ONa7f z&ZJHnVPfi`wCHVXpel>ARv#ArJFx+Xw=>+rUR;*P zh0Gd{ECnojU)5WXZEevs{5NwG(eYgsjz8Sa(C1rP8CbY`GU>BKgYF|3*LkF9x|%NrCD1VRk_zp1e-$H)`iodsHdM$+47A9g!p_4r zML4Z3Lwqms5J9I))MX^eZHL$Pp^<(>JK~nIaO>!UQI`Dkh5(-n|8=B^7c3M#uD;cn z`hiQw2-a_QS{G;WDmG!QZ<6bx4Kw{#G0q+3@uM{OB1n@F(^;QhoeQTY7Xwa{p>WbGrp*vHw9za-YfNp_5y~M|`?TK;9_o zN+>GcuJ7LK^?5OxyO%Ho+l4;eTCINBVRC5VqAE`GmP#*3B%yexk8G%i8zuh(-Hzia zev9P@v;J!(6*FOfe8xP!)Eb_qYT#deEgT0vw5Z@w zjZ@z&?7uK_qQ{+o&d025MNS<2G@ysnS1!#Fl^>@zb8BL#ixn06%|HpK_-mZ30&U+8 zEPcK(y7uS)FX943lnmXqlt|_Yq;Bg>f>n>jQdf2NT0+P!^fZ=cRSBHQ=IV#wN~^>d z0bAZ|B%qP0*m1Lcin$;Nvk^l2v3ips0^^VdK`QcN-R^*yXstBy0E~pv3UoE)P$f-F zd?{&^&*WBr*H6t7`k~>X_5)iPPwgDWJeZJN{;dRt97|Tf>R40k;JA=!??KLk=WNW( zque?(d2LqEqi}b*nc@TB?CBm6@)-6d*ENo?2}kt&83NM0hh*t){RR=B>B}31cVJ1W zJKg(PZCzKO%saLA_~i(-Ed2GTJ|{r#4igpswvR6H#TyR)ccNscPL1noUnxKdXk>)9 zQ}e=miGb8vf9`n;N#TVtzO@SRr^OPvxyi3ndRRiW zt6al-;Mrx~%hk~?a+m+Ka+5~--efty0++5}9WNB4&`VON!`+}2xCaD)(G}@XRw5ri zHKq^qh0g5(TU9@Y>Fa%d<^TDmDRLBn%m^1V8iRcH4QxXseaAbMo)A3>{d%P z&N7eVXO1s#e^N+=#k2)?A#gbE?x zH9;?0ODg5+CHbR3BGQ4gasp-_k@L07`p7z#JDhzI|dxmnH>;qmp<;bmRS z1vZIcoVcY$&3-LPeJyvX6W}LkvBG?BhWV*<5eg3#xbKuD<5xA}AQSP%ku@b5ynk`z zy^;ypXEm}H^Q8WAp0#Qwr`(z{5$o2e!GrgCU&F@L5&U#u=kT)LymU#rKmQ|0#y0KA zsG<=6T^^yW2Pf#{NW(RDVjj;tbv$h})U>OmlF494#&D85_a)cksnIE?JdhgYF$&^u zC09hv|iPlDH zk_VQZuaI^>GZ8`Wr16`gMEVZMU!$-UFKC*WL_UT_q9All?iDy)NFIskv|Sic(g?pu z&VJCeQ6&)0azm^`!=zwxscR%#{?hRQ`!|$pN3bMyrIzvIerD|=$pZ_q!c%(B=26CK zXc#91UO;N5X!rdppZm)DM5i|&?4MYF+NTHs+G_}qhP4Ej&qh~<3Yz?UZeGSFcs7F0rL$#~)r&-R%EfVbQt`*D+3Kr+Eg(^*?4}2wUnlKU_ zAIF6#hNSh#hX6Zbr!iS#*Yb!x+e_mbZGZIH*P@hb1YxV!bIbCQdbOQ`g(?NjLgbN` zT^Y5XbByXwnHu5maDL!b$7xW=7{@_-_$or>O|l^KR5n7w{2wB3hmDV-$Ib~N^3^V) z$3*A8v1y$7d3w`l!8bB1XckMYdiE~vx=o(*-zwz8z27*wbpaY3Fh5j((rmU@VLVB# zqnlyUgF(%8(VIE=a)SK<_{eYlbQ8*Nc;iOq$g539dWD2NSG{f;F9p8qso$Qr%>Am6 zE}=tis=lj}%@(^VsL>t~o^PgWGLGdZ1s68lfN6tx!eQRqJ&>oh@rAzvVc))A!z(+NVsmv`d?LJ?pwB>Q~qEDxXoRIOYi4xKvM# zQhJ(O+v#WrDikAcPDk@AP8vPKMPcwC&FtQD-AgEJk@w*GR20<&voj@XwdO?HZDgK- zgDcN*>18`{lVvNL<1;HT&QJW$Jrt&J$;M~6l?BsEvt zVs2s}WmrVi8&NS~Xb^4wyTc!yELo$zgfrl63A>o*$doP|>PWK%?FHC8*ZO)knNGuN zYgb*06ObWHt+6A~eOmWP`IW6#F%iK2{BB15Kn@1;Y8=z(*k(ndNG*1Vm51=&J-zU3 zxX}+~Jl0Vt6r||f#EK2pQJ+k6lR*?FsuQXU{9WG;M%V%YT^ooh3a?yJmSeo+cV1kE6pil~#{ zLPp0qjoY+YB^mUCt{I-1S8Oo{Ud);ZoUU!Vq8{#^rl*u;EYPM?WVM1PX!g|=qd!ZT zef3(d=}6~T?u@^`$Ltu1|?;^u#lD6v47H*@C zujFZ^)P)7p{R|4SC-(a9+F%PjCX|@fGEWb`EI)n}Qk?Vp;`Idu+EN+pSe~R-0e&te zEQMsnN(T=b+$%@bebq-<)j^b)_(uo?n1f*=Lw7~K?;I_MK*MS{ZD}k|TPiXe>4VJ9 zB8TVOrKN7#RPLom`$NI(Bf;@TITxX+TV3(v{XUV#PlDxoQ9fwE-O*}F7Y#kPZS87K zwQabd_vcmpS|Q~`1w-P z;rTZPHRZQfa5an9C$&uY+w#FhAVP`T*kYh}d9i98gQ-{Anj(8E=-<4?EI^5uW$z%rnn#-otoulhALn{RSG$Zib!h^sj60LS$`0U}^+n+I zK_C)E)xde+eVaA8-;H!dMrEhbi)UM#_td7jtXppBxP9`jua5LSl%zGH-*Mg-@ z>9U3tEdY3F0qQemUD?PBojdMX>Ge9zpBrgih?vM=tBKWXWp+@%ub9c7{m2p7x2IWW zF}1K5h~88cnq^=n&VJ&1pIoUh2KhPHC9@gE);S#_Gp_;W`F3$Hl=i?nuXpOU$3izj z4`F^o%pg6*Q*cpXtt(On6Ih753u8Ls*a@#0PtITU%rp++e}^1@DxBLWTK|4peP@M9 ze0epvXVnfXKjM3BqT=H5tkqX+F`d%E$A#sCvW5!FnD4krk-eV93LL4O$6If}`e~G^ zv*JB7ZAG-An2*xSrWO`DesnIKXz#U$1_;X*ESAzc8eo1eB(##!{!}PN(wb~Vqb8X9 zYA8E9ZfO?HU1vZoovAazxuu5K431F-vrsH86e^Yz25ARAo{#UZX;XW5+1VG3UY;e} zL#)NBU}59ow8u_}wu$RGPP6AFIhVxeW8J;2nCi_1{73W^B^!!aX7ecxk<52{xAMe> z?AT>JXY8#y^~G4)O(EN0wO>O$d07c%H@YCyEvGFLce;sEM&1B%{x%zM;io)?aT1mc z()&-s=UZ?TXktlBrQ%dd==~iB5XC8>Lw5v<+N7UDEXo~hu|J%g@@&~Qoh$aECVI}@ z5pWVJetUBZl>uCc)z$sT2&zj^N(<*_A*sr~H%)A}7>cUOFa?{ZS2TpOxd5$C)ki5% zVPpP}5s1Fub@|W~n2{)L54si+*bt)nAo@%-J(=U^t^&fK zK(7pCeUGM|>@XI{s=!%4%PD$S=fCn{npspk+PW9T2~i|O3*6k0J|(IJdYhM zGRqO~ulCt_Wta0NNRFHXU_p#0DQpBGwffCK2m>(ROKe`MDiSY9Zuq&chS8XK-XY9} z7_5OJ-!!ZdcQJ&ai6btkX-!ZVLt=snWs&S-r_r&bz_-hMUF110iIY#^W^m~n(@qFw z-=<+yju!UoSI^m7d7SF2f_0C}^|%KUIkPgZhkX-4%F5si5a~pL7s2Z7$V>4L484Sp znpgV;Eafbzbdxb|cZ6x7M1$6(1oL?H#`=rdoLcS=g+j>teui6}kih*I-<&)Y@ZMlxE@Wjvv7RZ$2g?tp2 zjp-vF9C>PM0?N2RXsAv5|IyIiLAiJKm+vWb%yAv8w{1e34@~yGydl$S#72769AoQ# z=QxK9V{;T?pCF=8n0dHIMGNtau}7J?P!JKz)|I~pFa4T7OeWS83S{1#kZrgHPJZP; zgOGECjWk~ieW5&tgg9l{J5FvTjr8?l^OW$!VbdaWvDH0<_HH$EM}`|aiQ8nQ0iL5h zl)4CQ+uieH?^(KoyDR)7c{%8D$GhX%SP50#8h3O#%Bk-E@Y{+vpW$t1N9pNHldQFo znQ)1Ff$z})Ffz$ygG}WlV-h%ex1=e`CxKIt|79(#6fAKxpiNRM9U6|-=LqzU6(Njw z5QVT?m47WYq^tEfK5T4bQ^O~S393{hhKfO;OIT-_YLt| zN@=1VAE2Y2tW41Rk_Qt6-7DVrFjGmNc`=xH2311;jkcnuWx!#h4af{z&-{0NH*<;j zsroISt%uLa#@H-A#;kX;LbnA7WK{= z1Y>5gFE2K6UT;};WXH(sw?fX6FFn|FyyGjvl5970QoeAutqm$p^W9GkpKOvK?1jB=u~ML=n6rs;yY16Er3Vd zJ5GW`DBAkN`eCpOxHLMCl^>6pdE-X$vCbB-xvX?EG%9Hn+DB=MWykT18f%WhZ z3h0WjkFa3Ue;u87X`9R1La!)|A%UIKjLXI!YzBWi*jnefd!|SvG2aL+mU^my_hhk0 zU(s&c)7`=kCZfMsZOY@ropMC+ZIsxFjFVc++~yZE0VP!Vf41EDg3AN5+RvTKPAh!{ z=ESF9yCuoM$>`C##lCrsMUI9+@yDi>kWTanLwSzU;{0GqhYEv%i! zoibHX%QV^+#(_181lm*gux!C)Daxdf_ih{~*Q(4=dU(GE%u8b%FASc%=eZ+CYa3@>9kd zep5`R27w7^SmorF^Tr^mQz_7YpVRu$tA>kc6(#;$zIaWfl1LvQM`?>|Fti8DBdtbo z)S^Hs(GC9}?HbGxjNzZ&LEUx;7`#Etmd<*eiEI;PJ6Gya-h!r!fpVK=g>^bC0Kjg2 z`nN@cwuCG#^s!Q)Ey`@hz2$T`4W6^Yz4PP=<0?BkeraiLa*8~zvvVn5JN2@M_}ZTO zcI#HzQNwHE2su^&Kq7P^kSk{H2Gafae0wQV{)rvfXdF~lv&|=8#Y@4Qqk`6puY-`2 zPzWCQS5%1Li%>IHVzAM0Rx+ZaD7I`r5c%w8)23}LWy?5wcKYT^2CH&EU0-`T86Del z=r0r%E|r?CF(Gmn&$_>tf4tgd`3jC*vXL!p@mat8Ya{m+p> z9PBOXrP76DA^zWGGW}Med_P4S4pZ4 zL0`kml^|4*m8-A-DUH_-8KQ-@O&dqzURgP8lDY~xM=t&CoS6 %M+jVJ&)ctcpd+ zo6+-GccYmoCU@n4<)Yz_)+GSPU!z8q9_^lO`b6lCtP&Aa4M}(&<}tD5GS!}#(tK36 zk?T>;3ENu_Bhyc-H{U3GrnFPhog($e>`Tf!zgf5@UA2A--$%0u+>u$kKk^g5)y?#} zwOtvKL9ev3^YJ;n{i+JKufoo=y*LQ0F}3vR8HY>X^AUk7Jy<3<>vMhCu-%+TR*n$i z;)c75_r*CB9du4;@LLt~_Q4&N)_sK;SVRx6f)(1gBZYYd-yXcVPV!za`)Ew6cy)_qDGZvAe&aQ7TH8o2H-gNMHC zM1-85blMD)wr4|Tn{_pF=%UDr?f+eX(Qz-+{0#?4Ko5AVRzy(SS@>izVfYDB_Ba2wwrHuBw&60MAf5*Wae27)?bN2z@%}o5 z%Mraz9Y-(XxY2O};AWnnPU{2-CXxQ&({<)2a3kdg2|j*;{y%mQ+D8!boKfzFVZcc; z$vaN)<<#*`;p~%fn3GcZsH;n1Jds9>f^WhZL4JVzpL;^o>q)vF8smu7@D2MZ1q0?9 zN-*5|mmiL<5YE#Z!gODA%*sWg-??6cJ+xns+He18@J9*oTz5DdB zXQ3ZbJ9S@ZS1cP4y6-RnE+D5x8X@T-V@l|ims7xB{Xj@&L-4n5Vl5h9=x;JTF4-<& zrJlQ$i$Lqj(4erKtA7%A4Oet#@EkOOW?$vKnb8T{W|c4`SRFnc=itjAzb`i9IuDp+ z=Ycy`for9BIk;tfe!d%T#bUfvI+JNHU49-A%66V9%xZ9d$UP`hnBf{}pK^aIY}|at z=sAhcVKM_AjS>FFdiEEzw03S|7e2LlZ!*1Odr_~Vz*nAf33{Ly7=#|=S|pq^qgBj> znb27)U7T-EkQG47ieL*-6ccg{;;*;j`^E3KSM$A89dWn$!L0*0&Mn&>WMPZ}NHuI2JyPk!Cn+Mx&lf=y zyh;Rkj7gT8Pt2v>#LvX4B!9j0UVvQRNO*4YYTj= zh?spzW8Z00u3Yaoh-qgsm-9)^V4Qg@>L{V{K3tyxZf$upL-y8CSL#W-bpX^@8(GTV zXcUuAgeG^-c`7c2oC;MBmGil8Tc3U0f6+`!r~A7NEuLAUM2K<@iqt>nz@BrQ~F+ zLECl&!OWLVUEfanz1;LrpUjqJDr@b{+0Zto-l?S)K)C>jI=OOO$1RRkRCLaN(MpuO z4h>WHb(}39O)IumZ}j2%0530jT!(H_*m;!F-AnQ{+f}5aH&x|g4`47{RnMh0@-!OZ z>;UJK7^x8RzpGP`DKyQoOQ%n(yYEl7&bCBtBW!YPSYJ^D z&3cWY#||9&0+@%j^qNWP++|Dr0^fc6TQxJiE(w}>YZE8Z#6$_G`pQtfqAcp($v*qo zn+btl?*Wq~D^He6Nx*)V2~#RgzIuDveM9+Lvz~%$JGT~{v#@%7J^_01v`INN+!brW za6%ac;OOX?=npZvL3`-*oO5J951hYzy7-JNdAoT0rvB2ugDi)c3bScab=NIUFURDM z2tK5xDV_^pGH0Ft# z&*!y99*P#Ed5)39G0KGCkBc9IF8>`+^(LIo-Nq;)HGE4KK-$xOMc979=dSxje2)#r zp$cQbqf~oYspo;NE09*cT%OqGj7%3}u5VU~{|~fnQzm+EptYQKXO1tA3EsE*lqf-< zaq9OThR7Ze7=4}KC3oH@iJXQ~=lB45@b9V6jSd~Vjhz2I)d1eQw+O2=vQxmYr@}z> zmM|As0=LFMRFEAKM3M)&bu|Rjh0l{U`Uk#a+D#++NYpnNFyEz!Rd)t;y{6j^aLtOC zV;+u2m9CFrm)1CyhD>6m9~d&2mW{!Riz;&V#Rw&LgqEI)g#n)pza zrqGF>iK|7PE!Q^o!aw{_Yngf;-u=1-ot{C+P6G?NAtLB)q*BE%a^~d>EGiMsXEI37uL4VMfD1Y;a=gK~O;;Lh? zszX6Bbw1K9tHY(h*6u-9_qV@4Jd5eOE6FAx0s|p&()sS}mX$ zwz{k+H-+biP}#6rla8Ta{X#WrAF3o`a`L|s`ksOv?%S`FAP_!yP?Y&Mjhr6vp-6{W zS1KwCsOv7th|nLM3ALVo^&vWMtq9zAl0_ zoJg9HLg@E!QvSMUBJZU|MBu`O4vu0F?}^F8qQsn~4tZP$DvDk^O+&h&(YVjp&5gZo znKfSs(?VKfC_NO{5FsLk%B|tR89zd{Q8~qON*3JPQX#gT+b;Yu?~Yx04)9h_Nb!r{7hwSE^lP_sCdzMJZ!omzu!jCU zoG_3A@@TQ>-i$d~g$+8)xajp8ivSW|yi>f_6lMq{$;-dc)Ucfah2{|`G~JWA$8fFy zF5bC!vXL@T${eX3e!aimWqX>G^_UNS6u&uNR%DeZM#8~eD5V5no$I5gn7aX2B@*sv z@w%PSDvJq%I&G_0Aa^$;=yl}k@6D85+vi?eG*0%#E<-Lkt)xyLSLKd0!V4V(S64#J^9Qp#qBped*7&%d~Tm`Eh%G!)(pDhxBhPWd!DJfTIb`Yhen zY!W|7mUW_Yzzq|C9f0<)WG6P;2^zL_5H90%BsC_Lm(+C&r_EWUe1Ub@m|L29)*;f- zeiQaW(H4Ow%xaW4uIF1hBL?o!9;AA)b(Pdrx=@cJ)gm#?^ne8~Pfytd9eD94$gQ7-mSkNB*;wQeB~X^CKx}&2RV@DK2NHs_Ipty&!TjQ| zn#SObv;U!gm+wF9=U%GTchp{r1z|r@-|gXCUqctsYPxaQ3N7YMVB7)&y<<21v`CgB8(zU1@==IJW_nl z{H3eqIp=_tqZH+Hh^lilxiCQoC@|tu1=!=(f>|)hKVq1cokN0i;&`>eFBdJR0yhHX zx#~JSQ9gD?RCqdA#O1|~DkB}JG8U9l9tmC}A;n$UX1$(gVul1}`L%q=sWS9DlD}$z zp+Sx1&`l#Nxf(t{l#K4n`Blbsxn2fj!00@yiALN}ZRXAWBK9LyWS~u&P*)NFR9fh6D^^{O$uvpByCXl5(br{x)0K+}BGO-7^2 zt5}WqiO5GWY@$+WpD_W^kOyn1(HGUC6u zoWBfpbYAbm<4+EU@!l6HR)FD=g@{lrr(@%$e8&B!l{dB zmh!oVm=Q|GXJheO4TO(m8j*WfxB<2B*+1NJ9sKAvyPD7nY74fC=*Ttjs0vS?z3(&} zoEClORF*?12w-uSXOn0ZAUdn~ZVyPNPuyL{Uo}2}tI*IHb8NHglEpDiq(isSL)lO9 z#I5)EHu39EqTSz189V*nngwf{@u8l6GMMWr_DGjY_I%V(cz}Y1i{4o}l6e^HiL9Rf zZ(^peg&M?qi|+l|e5%FLX1UpOkSDHGiqt&p?TvE>#&1~n z0wQxiJWbn)Q!OUt>a5cLl!dVMMDQKCQp|zUOA0Q!XPbm>#>vz9cWN_iN7&lw_dr@} z^S9=7M;3?2P~hQ)mCuyz-M~_#T=uewp5H?n?Vz9joYu+JB8Rl&xM~xM{SZRl`R`3o9>8`vUc= zY&zL%T;03dB!4IV#_*O!?fHAgv)05Gm$KM1xLnS! zC^d6Cc@9S0s0e==gMIYjntA%mexpiv?Wv7}#FUD0f@w<~cRsf5&8$3zX(7g1iedhR z%u$-S>X}aZ7VMa?A7IfC{wIFk1_m8`maTXlL=1$~!p9{aD!(Ka(tFjj+s!%y(@BA| zg2-8rGeT_VpOPna9Yi|H$%a|II}vdR9`(DCx5!!85r zYvMZCeQw<)m$qq+&gW9^bX|K-Y@+}{YGm$tg;`ynJ-U@2l}?J?5=3yjhfv|IpnA>C zr8f7rF_PF!srHv`P8R>`y3@o=@-)?8bDysosmy7 zzR=vp?4ko3FvfG_N~r3k{57G4x;n$-;u3Lt*7?JN4i6iDH@Qu@T#P~!v0)B>|1{sW zg(j)ulB;dN(Ki{)lDzk5mYFPxMHR!i@Ie&V!NGqu8N={Z!=oZ9IxT$Elzqjd!TNX8E^otU^_*kRe0UqS6HOzd z(68%Qqq@%cy->!r+ZXA{ALC3kp@aDgEZDa$x!s1q<{!ui>?uQ zul_EM9SkHeiQH=BoFo2dQAqWuUdM9Ho(Mm(O$~%d&_2!$1%Atu=$(ML3;86b`M-9w z#d%lbz1%0UTF##JzWH-g3Kw(yFPsi8bq3Rz+ij~S6NR%2L&L5TPDTsGzE}8sMTcNx zafOE4aTPetNSPBph3zASN7hOb|8ee{(yj0bVK zk={Gw9|nf2Od5yq*lmh-Ei(DRTK`Y(_aRv6=%DtK#FThQZ%)5pb8y+Q{^WcokY2zk z?@AI@7hUpcd-Cc+%-()#HhPg8UmSXvn-nSM{rjH(n3+lF#s_TPD(v`At@H8rXE5EurT9b&T|Ln0jT&rD;3P3=t-v0en?aE5;- zF>X9fyk3f^NVM>`T&~C+=8pU3cWgO#Z+0lo)tgH998y9(glfye_9$lqzWi?ZT`A;3 zy-AMtE^UI2(1-*6MYVEDs@RWJ_bp};vF;$oh^70;{CCW{^%Sw%gagq3|1tI6HrlU6 zOT=3EhL4t9Lc_`(Xcs{CGs(W2b59Nl%uSB1=FraA3w0=tI1v$Kv zEA37quK3@q39G$P#(h!Je~;GNwwh`~S6Qs)=f-pOdX4c+-)Y*B;@6Sy#y7h?&FU&N zA8jqt{$}w&~Ad+2kL7PqSM{vb0S4bMxdt$2iEZa4R!<1$pK*7s*#VXL-SE-d3-+$ zV8$&aQsKUZ?Po!Bh1=yf2sd`K&RD6>gZLtV6L#ywiH_07s#l5|sXJX0#m@EJg7QSG zisPXBpY@S84>^q7T6d4`QXa)m7&%x({9Kc*cor%IgbcZPS}e8fq%jn=4@}RHz{_Bu z^JZQU2LTG?f6dg==|XzX-LM$>z&7t@Qn&~gTw|{ez%fI|aVC}AKz!Ap%h7Z0edsA0 zJVR_1pnd%+7cIN~n|2HBDo%EA$6@{INykXnpDJ5ys{P=xo#ahL zyE4|}K{ePmgljbzLdnl3tUC3ugy0Fb;Agf})q5>MxO_2z#X0lZDT@?PmW=53|x;wy|f=CEW1m&IV%upw_KnUdF?i$44r>v2Yg zJAyq}S{!gS5zW2{NK;dy(o$@p9=#5zqX`R$cuJ75Q0f=ql=#~lJ!H*ry0IJO0?`(E zvL6GPcaQ@$4xd*6Wh7dc+8s|X@!}!|;$@B{(?z{ezq$Of1^y>oaBNRV15HPTg3MGp zx*%M#OU>$_$goF4jDuh0ZEd(4z_}D&J61?0$cEpOOj8!@28U~yOrWYPN?f-xq`Qn3 zRx`Q)EjnvVvB0vEX0I#+eIWyPl`NQqmSl<8#mNMPnE>~V~L;Im@x7sX;Vaf`@s>x$lFTNjxl*lMR5__P9iT$ zX+3@gz%IjB{mDL1wzZS3^vfV|1>aFfPr;@;k6}^s)ihA9HM&Sf+J_N|g4T6kDHdp; z=VTJiH|WNTbq^e~vtEq8ZW~v*n#yi>%V+(aifZ5)VpIrS_lspY$eqpzI6}N zEq40)XE@@A!Y26FB%@ea$|b%v3squl!AZH1DLIvoyj3PbC_!|LiJ4Ndk%~ozn+{Yo z#Q#U`je=)~IMnTb=gVt<%;mvKiX!$x$8qdQ`F@T;pp3!TVUJID$b7y9lX4cGXsl@S z40LC}Lz{;1gzdQeGEf;=bDX{H*?Z1afcuS(@a}Ef`_-~^<@k-e3V9!aQ#}#6H~sxH z9}f6Uk%<2vLpLster2&+@dorEH0P*(&0uB-9t9WBShMFC!NIZwU|Etv#$AiGY+(Od{Z>NM@he~v~}uSm0|+lQTfCORj74qxQUkUN+TQg$(WjS$e`LhIu81US| z1q}4zO6V3|je2t3rX#{$!u+Steg&gMUwuYxD~x(J4|nLb`XuP8a3>EkK-XX=`&c9Y zoU1IL`ryGi7vaA~QjzBmde1SZO7{Jq9qf(3NuO-0L^Y|h6<%scnY9sP-!m8wjN))Q zurG;ZnTUT&*c(tA;G&!}l5PLqd4Nnc_;(%;`71$|>q4Xas_)Onsyc zSzPwI?QUlgPMuy>@zac(wzagViF@wRRz2`}G!Cnz5{4yvai2>=&Fim9Iqv`$N4ZG9 zE5t?`aKIPHxh=>NwC0`z!)`5|W*{UKP7OH?n)=1kWMJ(kA>@BQ_&0Q?-XKKai&5f~ zr52uF(hxVO2IWYjG-UePpLD0^t93U1psO^;O=Jjc2I7*m>J9rmG&oT%hRJ0+>>GQv?GEGM7Dy@Df~< zkzOIKGd&z@;{{xRb6>t*T=VLQW4n_OmkY!aJc&n%XKrKq#MSQ^L=)}Duu7DP5VTA= z&_y*3=zxBY0$`4zat-+%_&|AqG(3l_7@W!SF047k|0*y_YXPSxqPmQGTpRX3@%1Q?IePXyY1|);3lWS25kS2y|)ajBWTlv(V)R4 zLa^WvAOzRo?jC}>ySqzpCpZKS4#C|CA-G$B;BJ9~%l3hHlXqukWp;MI>)Y#^Kh=Hi zdg^|ps_Rr&S9NE+K0;N-olqY?e*Q2Aw?_w;xs1r$h2-&VaG^6IH(EJ?h;6f@$+gcT z#l9{2Yf{td=0Od46cYZX>6bxvzu^!=y?(hRAt!-r}4MX9-lomVSIhn z39|8%#niT=8!DP`TiOcRESbCW*Z>;w;|M4UE+A*V*h?Nj|m@J zn@a;XA6Z{1Zd6Xm&g@rdse(!9q~SW|ell<*$+eyLJIm|+xUt97)|(n5g?T>3ytFCd zs*f3x_Kjt7tF;0Gyh1v-MJom9pjDd3wh)Y1)`|Hs5W8MtnNo{%ELyneR-YdOflmB~ zUthQM2{DZ@5_#kbVj0Yzy6`kvrMaOIT6@b&hD_!uri^&D?6{q~Sl+Xs@>;iN^ztWx zkls+lr6yO&B1eJh!QL9SPaOtYU=eDi0b{x#^h0McB*2anX+xE^BDXRo4Wn8?N)3az zb=!~=AGkP$^DT4$mQ4)Wn1lfN&o%0hIGB9|e59tA{S#HR1D-Na5#0$9Rf`igNv0KZ zJcs$&ZX-*j3K`uW7-rH3eD)olX)InaHqW*z%eKp2INZQJjC8J%J7hmtPN>3p#R?Uw zBJt_+Q%O$RPlUglzP2-z&j(&boCgOb8TpIy&)8~2mDQ`WTmblt18vUxF;%5N9qrMS zxScLqf`{jDxwrf*+W2Xb?&2&)KB*Y-0gXIkBGRJb?GG!xk}%@GOp3G!Ws&KsC2$Yf zdpRFTs8j2*D^~4f&dXLj3qQu7-%d@|rtD_K28iT`MjBEedVA$vfbc zdjYoHv0n2^Bl%90&~4PE8F!+H@cITWBiRY&7VMvT_%IN}d!r#pq~sgWL-CquBH>UN1~4!2J=@ zU9N<|GlW0`Zd>I;#y41r_Ud1$mTf;bg{msGFAwu}djDDSEf_p|6YOn%=T8&;`IMLz z&ON+dflc39_&D`vq9{ng>m6)e`fE1xNzD>jW%}WHh0Tx&^t9A(24l@JYa5ZZhx-oKCk4KuxBAYQB3Sjc##0_ij_br z=1C+bz4Ces;m;+`oD$)6Q76Jz0Mqx1#UMf_2~%~);`5=mm+6Q$?Dn)K|7BL|Izk8*r||Jj`n5B6ika!1exa z!xbKA@|3sUQfMnj&to{{nl`vWM{_28B@(i!q`x!vDaR)v|1dL=Gr?=6irGOp?~bS* zx}v93)a9SHK!{jq^|rB;3*w3e$Mm(MIU3dxn90bEA{1|PtStD8n`R?SY_{0Xq)*m8 znRznP)AZ!j(kX)a)AxU|3oM;)% zN%HQ=E@gOoYn;4H3Ue)=gYzv)9$%&-;=&ebY2!wxu4tOl%)$5brlxwB*!dFq<1?R|6$A@8Hu=oOPs9w zUPntj>)R3OuzK=N31Wk8LR|8tnGL3}DF!)~P6AL0=FcqmP}SS=UsK8W%ETPDB2$P? zi@0gi&c(}aF-0Wg(}T~uDHJ)@C<8Wg4x+A1IfvmNI)dAPqmR&?_V94S>&i^jC&UJw zlfC1n6dcqro`h(dx-0kz(eGIsp_Uu|4(Bs1G5~*v0e`PenMQ;)8)l|lUDd`}3!!s= zPH^16*;{xT+-z(=>P@A7dm$s5` z^=ry5?TG|yW!dB6MdhNP@y2*#QPFn;BZNLs{Ivxd9p*(H4muAvcN8xXplkgQ-=aB| zDJeDBZeL5OypTma-7!m`pbJA`i}+L_g=|uZoSpX9Pg{#0)b%XuLbzftjhWVkG%wF@ z7x?3)&*f^^+-wTkibWU7wspN~<}D^b)#|F17qv0vX{+0xK>R`e+@VTdytUDHx@s}L>lDUENcrQ^k3$+e#04CwFR6D+eGYLf{u8as+Nt2o|k0%`DnL zQ}6cev%z&V#73x%n2eHUnFA(>?$0jE8BUu^`ks1nZ|>lyx_)SZDQ^`q%8lxi-c3Wx zDVhq5)h;%=>R=vyFUlrVPh0fEWF~n?^P$Zc91{Q?Gku2%~AE-%^X#oWr^lYuvRdOswlr;KVMM(@%GIL5eN4! zTMp;#=!A8yw<*fqycO-6R+E{^!`(x%Yg~EhYZbilvn>T#q8?u&lnh2fdt5a*1~vLm zvA6;O{4qAcNi;X#N=Jfzl6|4BhtmWlJ5LC-_7j{Oiw?F2zzd+eHYP( zg)D>shn!=DFw7e`9z$Fq0NLsF5`&D2tRnM1Vy0rIC|`$`b(ql7ai^e?N?NE;R&GVS z(=SVI!Fd>$Zm=sksZ&-ET1q4svFmSxDYbehwOsm~qUgODEf#Q>z1N+PIeoON7(IO zl4_`VCtI`&y1u;6jx*f~a?2$m;5;Q4f}-5%kjs=oNPC>Qlf`VO7J>prL!}|}A)QE6 zNt@=~g~WxBXUIg*^mC(!F`mH|fIdOV{Hc%;5bH0T#TPa?z`ZtSigixeKzy4MMQ+8A zMNM&<_OvLE@9m`n{WRBRx}C{BTpa3Oq>{^Ckd+ct!CxiWuMEb48*As8DWlgXuFogc;e7T{h~k*s0-?HJ>w(E{rzf(u}fM5Vt4l{Fq3A{e~e zKT~oh8NpB{na~{1{>Siz9`1!%jl47F2nN3VM>pSL?rBv#+K-d_pFD?hx~0d&BARKo z*3K||gZ>1}w~6%Si!iIFPvzlP4oHh(8$UHxrmVS~RZSE&By{Yc6>tc-d44e8nN+`9 z9o!t?w$PB=Oj=kx{+Qk&95#Mz=TO}z;KcB0DXsiP&gAy}jz1T;QMjL=owDiNe7=qx zOqTp6cY6!-!SfnJjnm{e8kPfzz|y`PCNvnn5&^uB_mub8@cn`ZUzvV4XMOKt@}+oB z8nFELmZY}&dB)ZhD!MYUZhs#tx?`TMp)yx37c;2(JhGTQvgGL=jd5YQ%?0gxf4Uj% zU_i**v~(UQMnafFIY;3LwpWXfW6f`ZztRzXok?L9kp$W3{kU~W%diZanSd9Eg6z-{}&!{A%Y1tG&-+s0TMk+s$diJb}@(R}F8_ zmd-e{BQCvOeO_lvC%q=F?FDZqjMI-F4pG|c8GE{cD7e;+snC{ATXVbTScrJqsxPlTLEC3(z08o>BW<2@$-dhVDF4kSM$^cHP-QC4x6D zlu^+p%PW6}BEbevp-u`H@Ha*jHT=n2Q^cr1jK=ziQ62MIWOsp8bx+hXrxAuGDEpf) zy3l_{U{nMZ@vd}l>pXo><3tKGCB(ZT^jnNY{?hOTWBD5Awf0^mSqKeSbSKaDJ1ikg zS1;nS(x0}HjcqAI-pB$Hz!hV+Wy%xKEKKch#Qwm!t1#S{HurJztRZV>i7OqW_3cVv z?N~$xZ)?8!1ymgg6bkT~0e8+YeJDjnj0zb6sPB_ zRczkjc4;~_c0!57^AqAEs8d1`gTFK2sBo<6*bARavXRMPItBxvLBsUP)d+o9+zvr~a6b|bkrbOG zL`sO5DXmFZE+j-ahC*nS%9vwVF#p3xOiHGr-(*ivgNd2`Uhg)nq}Z6hzBMfz>pFYf z*XA`XZuk9&2s89q$oLGsHFpJ7mK*7Fy&mBf%?ZtaJlMy&qR~2k`{WtIvSz`{?1(Lg zMfk^o3ILD>IENxGk{=m%F5pcxJDO6q zt^=19oeB-T_%%ox5R+~8iTUF=(({LZ!#&=B=uiv+3R1)rg{wlU)3Y_d;-F$Wg#|@a z^#RQcRb>njXqzF=0E~YMfhQ{oHl|ds{(>luXw%`3E2x89D{m_%i37Gd({Eb6XYAJs zX#p~r+uYNXgRVm;3-1QdxJ+oCkQf3p>-%#K3QrzqoKQ#%fsvXz9QA5qArT^Nwv&-K|p&Y{xoIMs}-pFz*vtbLyo{p6tk z14GW%)4}uLh06mkZ(dD2Dve$?T2eDqDkX9yjkye^k{`g6f!|-PfA!L4K-ph9=z+ZF zefu*-_Ns-W8VN|8uI3QYDJA$~atyMyam;?HN+iaI>IkfPJ#*)eMlQG&3i&&S@ay*s zg_9l(y6czz!WFS3ZH-LZBt_LWRb0Lj`*f>@chR;X2j!9TX*9o2v@FsaRoq?~I4@>Y z_;(I!bq5~`cGU|Ors|_bfV#MD=g(ff;Cs4g`iaoqq&R}3y4=%yz8mG1X%rzXFVD&3 zpo%#uZ9U_cE$(JvKq93++~VIRgjTbhp8QLUa91veeJ)#d3c-fT5qv9?xukoBL@1rw zY}@){Fest&!>-c^0ig@?<e9!Qcary#!4nl`Vqdo|fFJnT>+Zs+ndb zEo-msFPzgw3T}zTUtVBOKdlPmXxe}E%O>aZ5h82G5MmGF zYaG4^%rHz5Dv@W|$vOdJ5;bk&(Ts!=>(&f5>RK0R$LvxDWO;;(Fn1!)Nd68-ty3|> z`t&;qH?0BVmjL6B*lfWF_Av2wQatD5^nN?A&fwW*pQOS7?xOkPrdFAMe8EBPt%HR`Y2qN0rXaU6Nc>EzHZ^FOWR$wt=f#+i9rf=bo~u8HO!Cw-mZ41J4fj zMu}rCc$8qUh;r*QM{|rBYn+`x8%c|A^)>2gjs~#yhRtXmcoWmNdFw%X|M8Z_q{d%) z&o@lWzF-7*vDsIrH%j2zJo7dTX0bW=-Amhws+MWOS&94lyUGo-0j)@M=`;RXJ(yW6 zemeiLIJ)80czCab%4P{Yyu2}c&y3z?m<>7+Q~_ z&oU+XGGAOnfgPBrop(id^eF3`rI)d;%EmDo(vlS-czRh9M|ePEo<>HWuenRWt=%nx zkm>G9ozo;|Z_rp!`uxbG4Fy*&Oz{=2!J(Q7i_i{{$-CsCpN`k=$^(lQjs6RB*UZgx z@&|!eJcGF@KTEHA-RSc|H{_UIJ29<~9rox%Dyl9_XP!H9I8~QksymmJ-gvgjpX=?s zDM6V!Al82~+{sL84;NV%f!Y3s0*Z}KY@GBB_r|4HABTK4R$m(ox)k*_mTx0tu?4D+8HIe^EFn717RptIKawM##Nl zjH8%aTO#n>Iw;%+r`R{`%)Y9sRX-IbKqdDV2S3qZ+KP8}e!X~RA z`V--}X~&00txa{hg@4p6UJjJYv%rR5Qn%r^JoqABb#qo;_Xyv5rK?lz+m<}Q2d;0wn0No;m{F<}LR)eCJA& z?CKc-b0LQjwY*r^6G;$C-IiA#)xPdIz~AgW zc?Nr)L62r$KZRS7`>P>Eemo`CZ5My6Bq5%`M+)P%2vtf<3EOlkzbpE2vdIq-b=E8w zk4#5Qwb2V#qR)>?PM`h&pKcgThjTtoY+F3>i3Ej|@$aU$3LU+!Xrw@NEld6)vN6A? zVq{bPqWZcqOl>fCUzr_mO|D1nVwtRY+^0OvyK?-S$gzRK?@R01YDBxUM+Y=KeRhny zcDv)3v3Sx+zn=NMXEt{^tQy{Nj-uqL8aD{SpEvp~nz)ZM*teEu6SlBS9CfXkj(;a} zFr!t1zEBSBbjatlbTAWZm0tK7q4GaY`5M62(GLe;e%V??>#6|4gKPJt68sZwy zv^?W#zE|%G+re{Q8jud_nqw}ZhyWW=O6cs<`}%Z7IcQ>JN>dVaJUo;g#^`*@kJuYP zOyDU`PMU;iug@Zf>XLI+@3m7^fH)C#JF|{8qaRHi@ON|ZX^J#E#af@Y>h)fs&FX5A zz;!s4mArbx%hT9B$f}u_<6nO4CxLbACJSk`I5%^bbqJ@NgDH;tQ*T>y$@o5cO}gG~ zoCMH~-M2L<(lHVXX9BWciVXuFMPQob%ios{bWeSo{ z#r;GUr4Ll23@cu8=JfPW4##(t<3333@&)`PZAdR5DFnYDkCW zg#zU03JiohmA|jHy*y4nusFIi9}2>dd?4CRB~|%66z==5RF{^d@CR1Fngn8O{|7Cb z!QXz(POc>UVt*&cO~_M$T+)qW6*roGN9hPeTFsc60jAMS>-n!q=elYm?VR1xUN3lP z*UQ0yis}9~LVe@xIkj8zo5TgO0@=J}O0W1lW5quN(ILjAA@R|tWPan{b|plR9hAhF zK=?Z)+$-XV1(V~_Y@dOA{Za9CCx;Ny(~a?TM2DZB1e`E*Qc>z=(gydwrDpPRP+nHB z^*QXmGN8}^+0y}=LAl&u_(_SjcXazv`W&ntZwBVk`i>Haxy1#J$mT46m{Tiiov3FG ze6w3;&ELmEk$3$F(`!eLDEs#@x25q38B&K3_o9>Rx_DV3rY=`b!0@>n;cxzo0P5n| zM9nhVadPh22=&b$X94j<)7oFMO~LA2`KVp1&>Mm}I7P7qm-$^(kMnXKh~crsj1mIv zRIV??p8t@bRQtuUNQ1>-tR*j!ry9sVJKjKNsQ%I-4aS;DZ~*wy4OT0BC&{ zMb&X&@j`5VWIZqbx{<-vS^=G-M}(mQwpKt5cjv62G{5Q}3rAECi^t4zYf04-h|hm8 zBf_0@Db40CP& zcWPwcy=es69=4v*_P#@94=Y+a*i~Vun7pQ9ZTe}3Ik{zB_XdnfWvB63leF>p<}#vD zy{^AzwvDmX+P9IzYOErhYxHy`E&2>Yp9rNDNdcW_BAmNne2_bbc9X60{Kkho6|G7ajYq0mZGD!~HyYO+8rxSlEf~YIX!##DGc1J{Bfk|}R1qTnfhrhliv<^`PI3jT*4et~DM7kJ{rfV0J1w_U+)|KS?; z{_mpYks;QASggJ79PvDx(v-}wEID|OnG7`jm=hk)LZ@S+x)%MH3mAlJNt*6CC)Re? zW7I;nOJq5vvKcJ%^PlcHcf&0=dV9elp3hQi3tJec7J^U5Ir&0HsZMm&+W4EU0=h-F z9YX#wFM#Q*rU0iWjub*Z+(3l)wO?Snr-%=DxpETl4i!>AQfdixxM*C=5cog6(TC9> zH3h#OmlE8}unIZ&X4jKN*Zw7Fqc3(7;Rd4IWrwvEEt41P9feW?PAz&SXkJs4>Z}be zJ8^z87#P=*+0d0r$vM3Cy@_nMg4sd~Hj1aAxpN{5Uued+s>{xs zPVy&a%MP4HrFC|HvJEwzd&AxYK(S2h%kxPim_1I}W@2Pf2>X1Fhcffn4$dyW`YMcN zo<)J2{5_%29{b*i?i@MeRMOQKkVXGGBv%I@r_^@5v%caklJ_KPEY!k5APuCpI z9%o!qadfQ}0$Rk8&M55siN%FGi+qykLa_VBzSyYK>G5rTgd>F;ikHSb`=^?kFtS#F z!Er4S&y-k{gO8@j`<}jVHd{FO#6I@^OU7=j!xC8=8};ur@Ue>(g7f-^2pBN)SNogV zHwWlV`&VsW1F-`7vx|a1SaBvjzI5_Uunk8ks~Lx1f6Q009}4yyWlEl7^+)PMI3oGZ};)A&>qB*Y3kO9rZ28-Tr~#!WKI;Rh3m zLv;$8a%4V7_CK~tN|Ji1;t0;rPQx*7sW^qoqLJBTJ*^6EDv56`KO?ZGqlz%tbxDP7 zp8wa;eCZ+C!H4>AVB=i65S}PUC>@km9x;QbV&c>9`63~Q&R0^O4=grT#ku!(EmjO0 zcqccTtBq&38xjV~tbTp7WUY4|HZo|zNKG*Z&7zh;UZpx$LhIITl+LPG<;yxII^f?- za~r!oE6(#yy+Y`=&j3@HP&ObVji5$d<9G6)&Yu@)406vK!7UuCrSimpNKo1>L_QYb z!=@5upQsOuz9=x_R{xb%;cFf8GP^Zppu7Fynf6k`*ngdK8)EY5)7gT? zy*I}G62sgU8_XE57BHD6^}a;TF2YHKqJUo8ba>DCWn~&usNPW)kK(}py(IRo$6y} zWQL87M~^OKUSFpR6mwZ)?!U@u5v@iKIl~r zCn|J}If{pGd79p-xR?$UCD{kmwJExcy_kA@H>&gJxkH@K=N_L-4l(w5ay;KxM}?fd z&Ur&Wx5X7msm%ox6_^9byz~Ygol=)PyvOv(;Y1Zkmd7M^|6fO2{}5;5?lvc)MNtm$ z2ngVxj~XFCLm@>ZndpsrI8?ArzKPWZg$uHhT+7VD7MYRqz!v=*tjKTd0y-82qa*| z`e`*Y?N+yit3-Bb;&#$lo@l;V5gdE(h?mO8v3@w2bF(b#=2Fr(aw2jwpUIoSHtALs zvz~becD(NL_S8(0S?qCMZVEWl-0K?@XZu~|od)7Y54K)C&)5W~imzYWT>hl@Zb+IR zec4QS>xH46Dm$vJGJ3?7`;Mv^7oo|`*XsS}OmnsK-Euv9l{T}vgq{AfhTpmi9_yt< zp-ZXOhen{*G3SObOrqEK>E-s=W(drAykPM~GH>;W=kM=Y`M&4!j#i#?Yn^YqO@Xd& z?k_I8dcChU2e-BFE)Px_Hi#I$Cn5dxb#}Jt;JVqC&Fv8+^0_ORKxm^+&3%dbMV*gd z+l(*1jl%oV{M~Hf;_P*oRk^+T){7J(y4vfL?YN?*`nUyjJ_58R|69Sh*o}P=3-9qd zGr|w$Cm#v>uj_~g@K-Kmy}hoD@9@E*6Ff=N&8w38t=ApLOLt(c1h<)zy0%$wXD{y= zizsjTpb=xuyLIrczAXb$_i=*V4;9lVdVGc6ga=xOMP{1c&zn|C6m8o!%3ikcewWs~ zyLBu7X~Y{FXy%6ItzJBBrxu@aiG26XIveUnJxQI_vmsl- zrAA%m-lwp;LB|AasHHC{?0+&=S|tzJc4Ztca2%L$Ev3Gmu$jMFBHaEHZr8k-7D?&+EE74W(Y^?z9_Hgz_BIYZw|dk>+6_d zOnZ;{D38eG)%n4Vz2Bk2;TPA>7zYh1IzZ^1Z~sTzz?{VgL{Ivlok4s ze4+zLd&#Q+0}R*3g?)EgdnCu*|5Da|GWGzbedl6Y7a(4(FT)5hJz@e}8*l*ANF+zc z|2V5sUxr+3Kvs7o$1zaqtG*1k=zut26A+Ww#n^*?iT#`6`^j-Y zFci2p$f|TWoCd@f=6LedRQzxiNHN3$F$jO64ASdrm#eu)KHLtxBg~E6N#c1f9gwMucq?D#)`jnF_CU z<~C8xhSItRu2;3j^O@a^DPN>RteV!>Zc!&TDi>`7$_;3ZEWy4Twkp-))5VLQ-F;iJ zNXJ+;ovYKLZevv5+u>FPHK-L805;Jjk|;mWo8c?qGpX( z4HW#kNM}=pf9AY8SY=y{A8Z7j)Uehq0w#Q{!av=p?7Iw!K@fNwd53C~*ji~)xdCsN@(&fJ&_*-)1^~)|g2?+l zw*>H2-Pwe?K%SsG&o>}1fntkvEK&m#k zi&?NpS6`iUwlYH3UOm04)uJA4S}xk^R`q^dE6NjW)REspc)K$QBje6<2UK191`iYv zw2TcN7~qh(!2<^zvNm|00Eg@i9z@`fv%!Nrl^U4CN@@G?fCEKj(0!|v4MlX&eGfQ@ z4Z0rz2k}AoQ{W&m=zaklBnPi=_URZ|4o~W;MkbnvmxlZlPk6n#P-F+)Z{B1Ef;M>W z5{Ek#PYAvHjh72uquSQ1jwYIWmwv0em@TeaU(#{29Ihulf;SJKzSjfzw#@@C$8`|32%g?USiyde&E$XXz+<8F3ylX` z|CjwXEc$1^`&AyTdbjZqq30(L5ek0@hV8e9V6f{yC`fzz5ZIyQhrk*SJOuXt?P7C> z4=(}0)Dfe;0+6v7U% zKd@!H?D)JxgHYO1WpMrqe^5sd20~+BebD(I6g_y*Rm%bBsu+amvV`b*L^C)6^k@Qt zf*>fjBgBG2hy}8*01I4pAQmV>Ecj1RNCeU!f)xM>7Ue^*mLb7Hf&@$EAy}P|U}67< zL}@ZOmkSjktmzM|O5Bc}il7HpT!;aME;|7rnFj;@Q}q8g5rBu(7QM?3P+J|4+Cs_T z#Ff>2s4YK8ZQ*k}(quILf>iAPu4od3wGjuxn&-0P2cmyqrG~IdLRd8)3{Zd=@c)8n z*`Tr5HU^yq;DC-0#DUiz00*9pLL87u1blU>1biLbRN2PZGk^$D0z#8F9yG7~(&+%# z|AO#b>OjevzW=slMI0nb{{zvt5G9dc0VOu!5K(;yD}g>Fpw9qREEaxaB<$ZHq!39q zNRC_A|JBo1xqzO3S3UOM+CcerSPTn zOc>~ZkEc!~_)2!TbToUzzSw0asBIw(WOXqQNd0?GH@x|9WfzX>0BujboBo5R5$@jr zp8sC@w5tW+uYc1Fq>Miy3Lk)n(+I9M09f#_NxaKn!xH&1lrEuLFGk zzi^rg@VZ~9%X2c{lu*5T;iVFe_KJNKh#%|;5D3p-)<8Zw-5yXSzLG#}d2I>-6OE4> zSU4Tm-78C?T?YYY^FVp!#?#;sDu4fp!_7`Z5tRHSz?joq()U zK_IE-1`-DrAYrEecO(@=5c94_fg=BOYV!<&218IrOyE?}BPbrtl2=e7_-L^e@Z>SI zaW93Ozw-qw16>*yI}}_F7djvweuP+h$oG(v0_o-v5c;j7=L(zw=Y{~A|G!Q%@n->D zE~3+a()y|i;QTRldCdJ+=|e7I^SwonBKiSc%}OD{gKmE=NkB`7`yvp$UqcE&gFmur zz?J3shxjlMJ@iFmAifBPRe*W_5a&AmBW`0{2#8m}04%<^CV+Iwdw@g-{=@MEEbT}b zh)~TJkZnh<1}Idr08w-Yu|GW02@sxq2}lV(NC`-A34f}a0X)s(0BTd74-{dfhuGNi z8A3D(Av!mM2=|Xe=rbVbZwQ(Qf>^>0v1Hv8V4#zQ@VfpH{aFk_4mE! zcCytKxWOZIK!5b8%RvDk<)r>2$O?2{{_ZS)4EUub4X|!4;>hwiSOcPsY=G!ODnNN4 z4M@J^03@?(6alyBhvomR^c0&l0d3j%J0Vamdxu7+dDu%S^kV@f8^bS`T9(DdzB&i5;QEP5N zOb!6seW?IoLh3RA7DFxpq+>~or?E}I@+RO{!ZA1+o}%((@TyDlIO3y|&N#vfE)THw z1FQytF{dDK$OEk3lHpSlOgqk&Op>*oI#upgzyIHLSWkmnD_w>eSq~K z@Yk7Lq-WPu&#ocfeS`3Jeub!WdEg~}fWNoq-fMr67dv}p8O|vT^MerHaA~xoK#{Cs zPhRcpmF6?YFt}tM)UwM#N)@<&`9@hs5n8t%V1fk5Sf>0hkQ1ZI-K$}FtR6`KN zeTeZw4@yQMf_@J$)dMW`0FOgpm>P(**ghDphzEHRg6KUUIuC*$AcDx#5P0PQ_IZHy z9^hFBtY3>iaK>)r-eD2-pQryH!~vM@`(|c8X^J&*Hf^u{ZO3M^5bNjJv_EjVQZ!Ef zeZQQtEqwAYTZ5N#aSCe<~?}5>*Qp&?jBZ75*7{z3JMAlN(bFQ z9UscTpj;LTimU<_>NSA6STHzS+nL*&7#cd*GicixTG%r@{CG?6VrfAS`MvKsAG<1M zw_aZTv=m$|UtqAPYF0COHc(=~RrNWYaGRe&pPyJP2m5^%22_=rcH4n%M<5%zkr6IW zjro+OxF6Yf?CDj)gWmh?@}g+VGTN#k^OLTm%7OveHjO&V+oibfFXqY;C;ZbzeyWL$ z)P^Xssmcodr{ZNwO!pVZ^rqj=FBbUj$ARyx-&krCCv)wrGs#XKI?g2&nW6t=SMN&y zOj@4db>6jPP^D1XRO)+;C&4-y%q08L^0e|cdWR`SyGew+uu zYGljsf|oVE4F1-LbvIQ*zoze&C5t~x;I&;ZYgc7@P2ZS1ft!f1&g#z?kgm1lcS&XI z;JPol0%x2`t?bkhppUy~wZVhRJ%dJ(o$ zP`}oEnw?tl+L334yX(^%mT>F)Od-#68F{uwxs6Q~`T<$1LWxglK5qAfSwAFHfyD?F zJr2So2A^s4jgGzy9kkjP)o1C;$9M_726;ca_lNg(zK*axSCd&5H zShI`4fB)%QRLj?Qr=XHuO{=$YFH`WBVYMCe0=9QPu)Uc?y?Hie{<)(-#i7RBN5oJw zp^s*vvmQfZfrX1GXu%?mt+7*EmIa&7>Fl#nXVdd0dMNVVypd|BbTP2Va*?{Bj?Ie; z_GXmBc-2>fljRqf9A1_V)GNWKsAq1uUoI{#T$+-XJU)6Qdso;<)5i1&y!7z#WHeQ7 zEc@k3!eqjPQcJ()lnstEpL!pTnhaYx(`hWN;A|t#LmB@r2pbx;&9&T~8YAu5(kFhK z90!Ic9igG{7(+cI8Ee1A!=&mMK~&Gu#8j8?i|9}BtZDEngnSx^eN{V3KdW7-=vvvhr&L2|Y$;&3#k(NAzM74qh*v-YMrD9r>(c0XwTKy>2U>=xE)ZnXW4 zg~?OZX-_FG(6~{5k07=Mt%i4%(%Ei%%{TT&Bu`Ute9S!3;1?oUeN5-=q`bWQMnk|f zGtU`&Y@q&a;*X*q#klaHuWi|Dr|~Kn)+G<=K|Z!*m?Fv))+bLtL=nOH;<#j%K z1OF^wL);K1Bjp*d?O=-RjJV-cWp;fRi}69Upmpign^|mvLKrD5^{s^Hl(PK>Q@UqE z@g!JXPemg!E~J?eGsv<_K7AChzOcUt66lD--^=mYS71A}a_vfinmHLKI1_KW*x8g| zsk+1NY@5%lM7}4n!?4Ro5W(&LCGL~+S2PV6^Ea)&3S1Iomx{=;^KMtLh7Uy@;2<4SO~qpzM9y4m&p`%#-gOR`x2+1-j9Qzof~c6 zpz~AB;|B4^rcB)!*^&56LZBx_3GKJ&FBgeKvopJ;o6SE?tG@D)?;@*RTJjgW&JZAD@y&gOEgUI~csZdtxw1E=DflgX@pzR0dNOAO<(Z3#gHe&( zKD*R6;d_Odi{tRsnIj1@Ixo7_=!l#mmKRzn&vN5Y7UbU|I^QG*^{P4vr+ymJNmH3F zbByzLoKIq_qt>}$@6C?v@2@ns6#Fd#^9$<0xGv)+Ani*4QB1?(9fJDQy$S4;TP2oX z<@`f`UFN^h-%gaNAwO#*1LhaCZjUtikcP1XQWa^hJg{%rCD7#oz+N7~XQc<@C04yc&->;hRHm*S;roF`%Tq31suQ7~C?e z#TLJ6R!L}|Xu@5LHY1QZePX|lrM{WXA0*V+I-hysw6Did`V1{FlB?w_H?u<U={@=BfNHe`JuZWL*dBC%8QA#Uf>d1Oi^6MM>^b%Q-pPGeQWA8|&yI(WW z;O+P_=p#o!pWIm}rOk|uhN2i%M)>*lGwKe9>bTeAXuOCn)hXS^BeHvX8-JN6s!R*@ zWshus+{@GJ-Og3GXG+T4uM9e750V>8rCrhbTjdCelQ~w*tD69K|Bh%Q8p(?oqJ_`( z%t=q>LGx0%PyF^Y zms$CC-QDABoWTM@j<-erMj2Hfl3d>=m%S%qITF`|(~M71udVSpq_Ou;gpJ1Dazo~H zZghNcrI?pV3+=)c*lbQZ5bTB*x2jx3&HlCm+yA97Hx#yonZFVa?#f;Sc`JRFzjoW*W(*+zFangAEo>nj+^al>5H<##j)Ad!TKrsD z1?le#EUc(O{BgKb5z-kwp_N*mYrV7ihzO<%Grd}r zRyXn=>DLa9iDsqJ)U@N5=O*8uSHX(VA|+rixu=?R7e}R0Er?59hbb4+i-v#6SQl-* zp?|STnKXDlCHs6 zVUh3=vdHLtHhIEYMDMn{L%UC3uU8Nm-V&%^Gs5JrvDZU2C-epjpKmC)bwcOqXA$Sp z-(8qbJM%yuw4s@V3mtkF%0fU z=*|sAk2P3^pa`FM$rDW_|3=EseJO3zC#-Ch+xW-2=35-%j7TFL4wXq-7lIBNq&tLj zVKM=))6Mw-RTa(-1YdfIRU4!>|Jdk@uUXV&dxf4sn~c1vhA(6~NUNWesTHF1%Bv&b zI7%|j8o(@3;8nhVGJ&Y$iL#*V)T&||_Eoi{J5=+f)O+d7(3)y1|Csq3o1N!KsYH%$ z5e6NTJ*VNBnVHTbJ{+M~0h2U+4q*!1I~77O%JRLO!m=m%6^>O!NNy3k;Y!6bu4%Ct@AoY%Een>1pv_2)`d@buNi zG@!9?6q<@%1xv~f*7i1OI`90FH5S|oXJcS+Rv31d;2K?G3XCn)7D{v(hdrE!`p=s! zjD`}e^`^x^j$$gJPUcthk9U~zd%A^KDNLW5$#tX3yaSvj6C2WIW2HI$hOqdtC;C)7 zvhc_&RXl%%rmRd0$^X+*i|#C((AY9PE_(|)7T-oLBmifo0zb6tU4!7 z9~#+jwL2M1(L?$jP%gR^qS3wsiZw-RI-6hNin?LKu{(LS*(jK)hc=*V3|$r5_=e!e zwvKuyG0kL~;0}#oG01XkT_k-X8~nCW#WT^4ocUGQ0IoDZU zVfr^PC?}yGmp5`Th3`X7)HipZG8Fng=M-zaH^?e3m-~vZ_;*i#Fiix7bfd(~uNaDc zAB^9Ysj1L=6kk>9ilKD(IpcFgSMYFkkc1*}^P??ioT^42qF+qT`_STAH+hQTW^iNG z7_0Zw;%-TT;73#ntlGKOol()bgbW3_yE;R$7OzM>st;4k79*`zF3LJw7w-KgI0Jn+ z){paF_TORa_{BC2Lq+fDWGrMU9f>Q7s4bAAE;k_Z>tkYfJ%8%puT3*#Nqqch&9ujW zbSwDPl@;SzI(Q@~e!OMUMF~3SgXxZsMW%qRZt)vQZ2TyUPf8NcxY)q*GX%r;V={UH zxfF{T`C30&P``fq3!abIC*s$%$!ip;18VZ`E$-qu@U*s3DnYH_?a)Ya+`zzM^S+rW@B{~gJ-=j~_Cc*JzE(U$vl`4FYL0CWHry4&R zgJC^mO91+&K%QyCeG;caMOnp!?;6t}^%qRp#=L^eQI_H7numBUvfK zfQ9jy7Pv5lXaILXNJDCpTug)emGPD^Lv>e$oDMu!_Btg2JAASItysHD;SbGmp#n?M zawHdVd3`^>wVNih&zhd3)mZkkn*a5%B4wgK}QDSoNZ z?P!wmk%!-QLjOI>DtTe@IV;KSW3l2voY;?3Y?Ux%LlfBj+MPe2VZ1U_=AHyUi~z5@ zg)p^#f?kL2o|Fb9QNE)CFc-+f$!_mW>JVgX zGgyCpeN!9AZ%;AvR#+WS66M9J$*Dd8vC^0|2;1=OE#}yq{=w|Uu3w{kG{2bS^^3dX zQViq8KbRkBhz|!P!SUk_r?W0eK>Ucqs{+jDtOTXM*@4#lV$#wuN$P%KuxgjTe)`Mb z|K-#F{`B|1{OQx*{`hZy{d1DuWcTU){k2@)$QyN=E!1LhcYE`Y-KlwYv%E>v_0`o? zHiyf%_g5dUZXR#1KBg&Z#N6C1me$WU@Mw!Jz{iG`K@4u4m!Iw-NKh*Zex%~il zBVSniTCH-L5VMk;+(yu;JYOj7;*U z(M9+lr}*i1VW?8=Egfj1{c+)9ixMxTq%uDc9CrIb_#BCuL6ZCn0yjTx{!>><{K*Ad ziN7gBu6-BNu=eWk{qmXCh(Sk^1kH~YeFxB- zSka3>_lz)7t!~axuKJrp=69%cPTbevQba?rvay^l^sDp{CS(KfJ9~Po!q#(!iq-p- z*TWnTHvwnp+>XYedlw0WsQ*H4caryqhr z0Jb(fvj&)?PpvK{Rn27_a8#l`ytxjWs=$S=1V9BC-mM!4QNlrURsz-IDvbL}_cT0@ z1jdge4Ui_9uA?XMrQuqIU26%1I#ZTcf?VixOX% zvyzo|j-kCkVGB@+O=%_p!9AT&SOWfqA;EK2n$!I=aea5&6Q*Ieg@0?E!&eP&+!$ucKnxL`<*tr=N6MzZ*vW4wp0@WuPWWd@xD#ThFTd4(;8fZ}bxYH=* z3YKLIaZzFfltjdjE{(e>%*Fn6My!=AU=vOwRBh%Q^`yt(tZT`iY?D|xF{J|w%xDt{ zhrGB&bZzjgjgiOa3C=kxK=1eAUd^wWe_&xF-M1<@RYBwB$A!jA%;@o1%M3pfW-g;bM5Y)QVj^)dWHGO{3K*(APe3`p90sVl zN|a&Gv+|HLOmg;qNfIbOZgQ~qc8cxbQ{BYL%g-6gL60#yO+|5@%b%e*^Z`u6qLN}+ zDd<00m>Dwbh4Y{1=}ym5xEU%x9~`gFh{*bCQR8!}ALqZ|T}h}6>CC|mBkfG9%i;WW zX3MtkGyn>s)?HDEyhQ72*}x|pI~vYyu|$Sx$qMIlhGNp=mKg__V)61-gJ_{gkCN#=EUn*%G z;4^LlSbfZfp>cbA*X&sG~HywJb9_3Atrsmcnx25*XOjYnZ zQg?I(OOlB}%20Xw45apEBt+g+X!pdePX)vQD`cIM_;?eV5!JI%S);1OA@|9s7VS~G zC;9Q41CfW5OXJ=>qf*wKp#t?AsqxM)raAp4rirX3M#v!8>KX!!mRLiCqpoxa@mbNMV7Vt=Y#dTL1uvIYphMGb)6j9PEI72PwF*enTt`?KnyL5Y?356?ChF$*9=9H z4?`QW1fWaX+{RWd0WD5t5+pz3a~LGP&-i-n@SMcOj{|*!&f~|94ueEM7=B9v;zx^& zLPOX88CQ**?TI;(==c$%w?xN}_8dpIw;KpAokgPLM@o*Pw7ST3F{oUl7se9&x)Mj=u2qd3P=4?2gy@bJrnzy^kT zq*^ywUP-G0`nih;Z@uOy$$S(%ZZT-wVcr~`@@PzlC@iEl-_SjMF@tf<`df!do}fv67;;~N34i?Pngw=!4yb6!1Olx3hSLI>Dt75 z-hwJ?%;@JwzTTt-3Sgn_TEnhJwg5k3_R<#cI>pYfECvJ7ott8=+p1C4`8@LHRKeqxU2+2In;rg`MkhN`^*SzXnU}nMsOQ`#O`f|j8)30tsej0 zP?;{YR1+~&vu4*soJb?nCgQ|FUwOKEeKB?H7xcGZJyANRK_;!@rEIS+rhR>aLt<<@ zCV}H-pqp(1qjQrNYLe105|XU*a>#Ze@$w^)dw3_|L%XlK3Q-2LdaO8woy<`pY}Xf4 z)PDOltRDw1Jb6|(3Vj_p);=*VbWn^xEQEL&iDD?~y*DBrLq$` zKap8xgaTYu<{N>8%#RH2O@BOo#u8-qQD2ABUZLPIRO#M>XT|x>Q(3%bD8+rc3hJ|5 zicyu#DcYIA0gEYV=&l_sKbzfEku}1u8R~M6-Cq-TSEGg|iir%pW+==(4L8JoOYBiY zqfm#&BE$7*qsE!0;_AowFaF_th6No*Z-?%8AHn?z_dBvx_|Y`0r{Co1lYw2lLzia% zz|*naVILe_set#CctR23^I|CXy>C@u_qIA&;bBY9MZKHC@-z}9KWa9(C6m6oPS3ex zDF#Ei?~rm}>m{jX_j#D-rKAy*i~kBhVx;ejI1C`+IWZ34IAhPeiuqH7hCZ zW7~v}LNJGz8wrpfwR!Pj>~JF2dyc_u8APdPqY3QmeT*n>*5pfi8RN&1PL)lLCJ_AC z&=Db7pn71RV+~Ya0NV#pIlvT7hKk(2jJF5l3I{~@8$&_uu@7ZGk0BlzKQ6RakocU4 zV}_dASYul(WPwX#Gkq4{P5j8rPB#gI)zOj1#UCj!)YZ0bSoFf~@G~1kTVQFNHt4;$ zy)DGw1R1q)6&(^kKi2b7QqcPj;J1xqcAP~v+q+`Rg{{MhFSj#ILmElBzoV)A55@pls>wKeI^V8_a zxYwtz8&&3AIa6QYjfFbTNx@Jd{H%j>=ckF4IJ;)39e#AG%Z<)$;je{F(cjDDLhF2J z2@*L!-gI)2vs*4O(Ga{;;bTir`@Y8p*a8I=ZYGf}z>jAgZGj-e?Td%hjfOXf=e4pF zxu3!Pz}vZ*7-IX^1)n$h5=0<7e&?o{W!;$$=MV_JrpT<z)qPjw|152s;5dnSK{ke zQRt{rTh|Ol-e0>yjEXS@Zys`JBR2!nGBI_Ut{E!7UoaVnp=SJGQ#87>r4mcku60KD zEI-~jVENo(u1hPMHss#MduJKS!VkbEHPdoqIy8Vr*KDoJ2ub8?hDz~AhvIC0ZIrPG zY`8yF5rIey)#G!nu%Ar&Tu$)#l}sNzhO8oL8BC zHey{<9*G-<+VZ<)8~R7$sawF$S15k-q%uijyA%b=WZitoHC1rphM`2f9YQr00TZU6 zTbLj5KmabiYtIQG@Yi645Xu&~VW|JUU&Q>tB~;ZNi;<8x`B9Rif&3;_m27ftY!@q2 zd=*w`bI5me<%)5Uz!ymD{OAe-bLl78FzX5xmSpgW>i)t#4nj@?cfinH79u&yxE z>RMFr%WJL4NRJy<((7bWun#`Pqnu%XB_T4T4W9g%t!Y&$;(CgoljKD(`0r7}{JW5zzL zdgxBvpuTUEGTRM9J#oj$tvD4xw6c&gVo~793~+6GDveNWnh8~<&9;siXB@@5F~-&R zhV_%#qnGJrvXRfJx((NiQwzU(2ya|iWR5(-ZS5nxD}kqG#a z2Sk8_s?miv=d948^WTwp_|b@=N4&eSSxC||$56-m6my84F#KE&2n$^dHbs2UUJpkG z0;>b0l5`qz6q=qc1+&U#hr6JA!1@vZ;x}OGR*eFEwSl+$BM#f2ZmEGGZH0KBX!QJ;$1Zx@p`it`9PjHo_T_N- zk`Nov&{L6c$`w6|c~X)??8-+K*NyVgW|>=sRC_iNyO?&gMfky+qq#nqc``b<0uuqx z(-SKknON^=Q3&-VH`aO}Ve(`*Hd$#W6fk$t&sp`o(sXB8UxNL{0wE1EvLmKRH3YW6`7HF!%!g^ zp~yP7c0amwx^}Ib{43hRwP<9uqQf&7sv{$+z*R#fB@zZt@_@^IsHbD2XYz<1;mIOi z1cfJ!c%|{cP}BG=Q1PP-yZ)6d(*|QSTBo`aZNoBD9PT|~F=Z@oIBE-H#G`XJm&&Y# zT$fO7Ak9W`V{^OU+xOV<4~B59*6uWgfn)_5>42= z+UO^`>v)m{I|i{=Flk5T&8)wWHFSdX4MXu;M75Nksb9`e$W}h>R`!ikAHTVnWbLr2 z;JI_A({QQ`cTmzO7+&xid8EuwiWV6REL#{hyH0c9HnMK63r8w@7@N?hrnkxMg`1P@9DM2pC@spK`^dT!M4R^7VeA`Nw~m|2Y38T)p~euaND- zlVy179uvpIP;Rzg+U=>csbp=|nzW-Bs>@muTkCc>q#!|XWefg{!lqY}AQ-ZRXp1)1 zf5K3=_3c42lw_TP94+++U`hb9{Ys8khEl69JfdbOnz~ok(JSQGL^HG=;hy$qL?k&g z6hM7>Fc?EIQ+sswglhG^s-II7Ba!f=5U-Z8V5lMbHn!b0xpi?fzH5P?leXx17ZKH89`~Z^+?lJ$ETzyRD*U9rb zPuF5ox+)c5J9b4Ta*?jJ#(W8vP>j7s&K`y;px9BLI}Iy{Fi)Ma`Ver#Sy&AHYv|jJ zTNfEBd#a7H6@&B4KXgAK#+|`X%X6H*y3kE4+y)+Vh{aICGladk{Ww#ZJ!;IXR4|Q) zA@g{t-sGr!=$C=`3IMn?YLUQAN+1ll~(ne3ZA?2N8(p|_HU9;|0@1x zR22K|#l$;Xm9FvlzQcM1JAK;TCQE5rSTEBjnN}}Q z7E;v7&ByuO1IDWpZNZSI?2l`w$(;-QS#HPpGAsMn7l?{Dv@^Xl7+ z$%GzVa6PyY^qds;xn(F3dSc9;C&h5fP#n}76vDm(br$MImvt+ag?aiKPV~;obAcEm?e>cal<g|umWLyN?sLHSM=f=aAc6em&gV=bYluoPY<@z%01 zi5-nY1%;jSOA;nOT5_Py0Q9e}7Fsr0gn4^0ZB)u*?sM8)xVZJ0TbC-DhJ}WI07was zR{t#+p0=oG*G53OO6)aA*21CK3u5fUoZwK#a#Ky{} zg`=#i>uWTEPPfU$L|9LlNfvxjl<>h-C&4PJG(fitRZ)%{{_Y6RAEKl~jc9VXbJS>k zvxBdT$+o_5l=lp9C-iA)g=DO=a#T`!2)_`)1akov_YV*BVCToG=#-6CuKL$~Rq5Xh zy&*AFj6GUa)gIIPrkIX`q;DCyfE{_0M@9VJauk^zP4Fz2t4bR{h=gku!74dw&W-?~ zJS478Q3Zc*8A`}Lsjb+^u4ofja#SOW8y< z?1?!Uu+LEgIo1H8uyIsLrZOA-bSI(l<7mgBgqgwF&rn&} z1u%c93!wQ;@`PfPSvz84#Q28;F zDX2pkM}9^I1(2D4-WN^AgA#X6-Nu&oxMir?e11bT$_3bk_%r-D0>eZ$Ko;mo5rzuS zXSV@~kst4&F@^w>ne9s@rhm@SX}rCd?(;Xme;#mt^yz%yYu!3U{l)e?^b9ql&p@v$ zu(fT0Hv6HFXnJN7@Z)6DCWwokx|q=P8^hqvrXpc*k!(zsc4C;kuqhRFA-4;ypUmhS zp_US(@iFVqh2ZyZ5}$tm$G>l`K4d!mLL%lzlup;Jv}JGFJT*z3*FIbS?3{Im($nsg zLt^mHHu1srkqJ~Bg{QwmAM&F<-vc#2-m@RkzK6;l??y;$-Eow-wug?XgfF%y*^L5t ziF@vYldMWIT*tMTR=m4oC3dYU(U};i`D#7UhMv_}e$rs9E#0l0SkB84hcxZrJj73& z(+d1ZQpDh1DO-WKh|40nW21WQ{{7|C-^8c?_%&%8r5tanREybdbkxw@#YC`A^p`Un zv%FD`DahJZOZs9Tg+6juX4rvyR|SHni0~ap&Fk+4ogbTeR*MOmCA7h_EQ&-fGm|{a zC5FeqdX#BgkTkq+D~xI}H=Bmbk49NAh-D`=ZYDQ6$5fVb;Ua_DM&d6B>A5yqY-kA* zIX^0O6gkQaVGy{HB}@U03z?|!u}#?R`yLy>suAfXUy(K9?=B{o{el)iPPr&T)ka?- zPCTz+H;0A+QyH3~*a~D~4!q4pufmg6qdV&OUxjcil16*go8w=sL}sae6-q zjWszML0hVjZ5ykXbH`9$dvaihTLRnyD8K}0SJ|Wxt9fP@s#atQc_4|Gfl|{OEVHRz z{oQO*6T8;F5Bcuzom_p#Q1biR76!Pxm?ZdU{L6(*C8^m93m`F$t3&h4L81QZAZ2?W@!E=DLrUpH1Jl`?4@k z9X;mxv92BTJ0SbQ_p+8L9^YqO6DTvxdUQ;}GLLef1|{L}c*TE&YzlrXZKo;xl;7>= z^UVf^66B|Q9hGiI=@PNz^kO39FU8r|Vlc&!GAhRPm?*dx(-(j32sW*36>@Y@p_F3_ z-!y9#Dn`g=>k8P%m8-vFs5Tzg1VaGJ%;#lRW+j@gpl9>NM95z{%6G)a!|B7!aTC#p z9!^e^u+fg}1)IESJ6VXJxn)vmrx1Nw%21^IWle{HBwIWgpH^uQ1#E?It-#iE%y?*0 z>*ux?54S7Xc>D+=wYvHc>=kYx6XvG zCqrTOi7(Jc+?fgb@jE83xLjpeG*&UxiyzZ$hQfm5$6^GLLd8+zeShGJK~@#7+jzNn zHwQz(_c6v%`HEl@kcb%a!4aZC`_+eTWIqh^XyBKs;5Vgbhkdb>Wj_Rb zeAP(vCV^h8gxbgXPluZz#99{`79ep}6`?zZI_!r*PQu$p{GAH)8r_X*i;JnPpW7B8 z=xh9Hbkr9^N%g}hUlIVuP!pYAw$2F#W2lAxO~a2FikzEmC2OFxLxOm?5<0byy0t2% zU)rC3od3~&7XI#i8m{@b4UfoH;m5wB1MFRV)&Ejk@gL|4CZRH9VEY3g)b0u|+0?~a z!dMuYu+JESV(ad1btfvNC{6LZi%Fv&0&hMS{SAO;paKRS!;jE6U=bBqp{<|zuB-)o zQn+v}oc33DR$Ba<%?(cE?F9oSOcg9ce7O0@7GTKfUeW@4#hPE%91Nw`&uR`!4_pQ@ z36&qWn+W9uxjiDKF=#*t)QGFDhx&7UzvWzQ2l+f{rH6!Q=8qq90F3HgB#Tv5wyPI zg?sN@98D z(V-ix6yiNjcpruXHbD9kyY~xNNlO|ECr0C;*dBTY2x|>%Ngt;!_U&I19Va%kyLJS3 zmdr})SU(#aKNd6D4#rRRe0L-`PW)xJ=SIe3EF4Z`goZOd+Bx^CZ#TZ+g7|_3M z*#1y($Z0Z7RRPI{;lye7XQ-#8A+T*|DYt=;=s0ti9^Kd_Wy3!602JJ0^x z5B_$Sbi>`Vl4<{bs5x<-gOkFQCLWI+;`on*%!v>Aj0_Cwz+i}M$8oo#s!2lQM2YIo z+8s$+NU)$&cib^brW@JTGaGgJ-+uVvJ2n+3u60E6d}yr1`XdUL`#mdx_kLi& zfGG58vWcU$hRYoMAu(}cVUd_-Arix8En}T^AfzyAyG4QAI>zp~XC>j@$8sof z+X@zYZyQ;aZW=E?-qtJf$Id@i((6Q@`EDX1@#9P5N!MpJ?7D#l$C0g^aFTp}htbVS zmL2ZW$Rv2bPwcfrdJtGDE0mdwT)Y@+wA(;bScacQAt`t~kjzY8tuWa=UsZyPNV#XI z&OU->58;xXZfy0FBIVES8OpKm0fQOX7(eCU_vB?lqT)n}j-VQjV?uqGq~{EyqZ)iK z-HV*)5;603hA9b+6C*kf4GeaZ9CGi_eaDXiy)8h7BI$g7T= za}p6ha#U!UfiY5`JFJ;Li*|!C)LTCV%clLwCVR8|G0vXMY`EkRemv=TF~=4B7d>)0%B&yg&pwpZr!|NJZxUIi$??lkKm7pSL-2x> z4{G8}N=1{y_hJ(2aav(zjwfwaJ);LpZzT-H({TWf5^r{&$4^Rrl<2LN8-|SL`xFGe zXDEFB-JtWMM{im{^PZu+`KbxJ&~1F~?ma_I^OLL5fvpp3TQ}-+hsP|I{S|qcw`LZu zEp%q%*y^|zVJLfkvb(1hRNJmnPK6nog@nqFFP(zwtCok^{Iio<{t0W%l<*^bSt1fN zKfZJdbmM$zFrtwf#%{$7mB`NrIh$V2R0{?z-M{aPU+v6aEC<)?a*6YzlNjoUpF$2$ z;p?%?kSjVAQ=QBc!Xq_DKeZ`L`9m2Kil<5s#bj!?2ow>?8_{F%5AhGZ^FWCV6SQLHGgZJoJ1Bs9y zRXT{!QD470^G+Cs#bLM^avZ{{P$u}oZe~(R+&}m3o3Of zI`@HQ^sLym0}mLY6jNxfp$lY)wu) zY22DGt}Ac zbIOyIs#GJ-&8lUnmAwz?`1B>=@ncNqz;g<-X9Tt~)Wtpv?-I5uycD9IUCBmz6!YU) z2PURWpSs%Zy>8`6i+q+To2>?$mC31Jb2@K? z+C$*Tamk6%d^?n!7|uC^bXIq8!!sh3SSei}L)t)x+8spg^eKgomGrek=W<(z>iN2KR)^hjg{6mC599YiXTJTi*~l+P$L0U7@lZ;&zw%hayyE;@S@CC zU(Tk*=e9^a-p>{GY_WzKmQKTCwuKVrId1`>eQM=9uqDJJ0zc;RaoT4EGiP!)E0AMH#-^tH zIu8s5!yO8*gY&sVRi{=q?ZAu0_#NKHoArfcCof)+`1x_Oo!T(F&$0H;=UFN%kq^~# zYvmHO!t#%0o-|y?VnNo80K4YW&Z*X)ACe8jkh+bjXOhEASgl*r?}On&?D^9JE1~f* z#N8Dj8Ci(#9j05Dw8`DR5o%<(JYyTZb7UxmD4f~h@7XO&gd@t`lx#|dZ1KG|B|m0L ztVkYnScFJ`TxsVhd~N(#OahbLdD^Ox^?G)eFwO%j$@A}tn;+Svs8}geqf!bOD?M~S zQ|nQ-7)F|7GAsVY7lHz2pFZ_<+`EkGR2%aA+ zv@p?USD71S^X+!M0kZ}LDyk8B((CuYP$hkreB|}uf%hdx#t3J7q5ULg zeuOKlOs`iAj|F_pR}GIl(tO~klMa{=OTdMUx!A;KdOa`{NGDD83YIB{v~%kgtVWyC zSRajzd$9EkE7~9bz)?MYXOv$@RJ4jhv9VoS9?1DoImBsr$7Ct_zNm6DH}LWags2)$`a zV&_L#j{6Dy2`q_;A9Fd5Nx~x2?jBqOccM8WZ#r8&o2QO!2Y#ey(hk;DcI<;Q@&-?Gb(6HU6=_3RSttXj5f5)D7@Gd`2? z0UOf;G#8~2Csp{sP#}E_aP(MU39n-7{jmi(5E%-cA75`&<2C;5@Fbz}qc)RxyJ2DWHx zx#8$aQ0+wHrCX3tnKPv6@IPEQb29vAK9j=#85RV3vExUtUe^>PV19J#_>5jGGYStw znesPX%1QkEnAlPJY}aR3|J6~EWA-g(=8?deld)ZBll?bR+U$X$==oTte)KrbZeS>Q zey(Wy14D81fT0fxKd&0X14Fs;JxE^8v28koVMBxPglyW1rgseW%KMSG{G3&zqC{cE zh^g1}z)-Zj$7O^0x>78aj5__|s8D_k%Ph}oBXDoG&*M6ap=9}KfFvM>?1Ktn>$3O| zJ%)Pa!>SQh$i6mr7E{>ifuUCU-eMn$8UtT+TNw$8F|p{;VNBKYdMh%mg6>5Bn)TR7 zA?A0!s=6(;Ny2^yTm)A}uv}Gx9$LC1`BD)KWpScRBnZZ2qb~;EcT@&j7>S56%?P2U z${Ew6;>0AX_e40_!o*kEePF2heHYfj)}NFG7AxfeF@NBJa5eq3do zBGW%nRaWb~iY}}8z)-21Qc?)ZO~4wTc=6qZyASk~r&}mfgm-lO^1LOJq0%;Wf{t~h z13lT(Zo(I3EWc(bvb{TC!vJmNY8acdKE_LoUnk-6<1?>HGaoCCk7o4BN*2c$Aq>U2 zcl&>U<3v|R)*VniOVrVB+^)JT0F>1{jb4K}5u!I!K_XG}Wl59T z;IeW-(G|T8^J7FWS(wJh&AVcuvqLZXDhWFo9;CC2q3-s00JvQ`mVmGl)!qjaJpIc? zmo`h>Wr#-#e?G91*WO1rQTXcx{YX%JY13}h2OeqUMl2dxrE6Qg!9AKpyTB*~8$3fD zfYE2kR^Z2`CS5y8(7}-#L`>^G`ICgmmmi&kI0J61X#XBV$?a3)_!+B^dxw!{m(3^NS zvL;`WT$Z8A^R!yQT zD>kS^oUBv@3t4pX|06?b>EmETyKZ#b7PO4WBSRtSeOzZ1e12r88vSZW{K(R4Au$w) zel;Y16z0{C_|cbrNFmIse}zQFkHoyXqxeyeS3}~&9}XVVAi}{mBJuE}5MDRWDZpxb zw2J;DGxDqrq{6>O!sN#&GPT5ruEyD>Xaon#Uid@fUQ`I|0PBN_?^S+m;{aTn+A+EA z>WUlqTVSRWzJY|wkA)oW*~;n}@1+A!_*m&Sm#R#h8>L(|iO=~A$*!GINuNbHo?j>Y)#fZc@#gcxQFvYO$&jE|r@piPZ2 zSBuW%6=uG`v}yCIqswGGvQlQA42HU|MF`h7d7~@)Ex?`|O`_t;%65l%rZPO`!P43= zpl7ncf>DBA$ysSLp8^;*?dd{39^Pq@&&*n)B4&8AOjF%ewA+G}y0dEq*pzZqkO!8X zp~`G8b+pqiBs6|>OxC#=r|wUl3e_}N^Z=Hj!sb=_!jmLUeynT~%GaI{VwAG2PXBgO`1s2?4J8i_UBB_9aoJwL8mn)7`CYgTcU$sZZ&Z%3_P zlB%op$WVtn2AQu%8YR>H$WW$x2O|b&s*3hBF_h8-lKIO4V^z+>kG37I_&JP6s_ zZY8Ylx%a$KNEu3b?;zc)OGiTD#QS(}TtU08k~T&oglo$>wyD|k&qlS)Hd0oBp=5Z> ztOr{NEO-07Tac?cLmlzcAdM5eUl!_1j!FyhamNf5#iIyR*J^u!K;nC!Gz!&fa%0^W zs#wBBTXQW=_4kpX%J>fEu3j}VQ}%$vodfM%Awj-R#&v*x%!Ctv#`gpA!lrq+mt-M4 z1C16gVyIF629mL}oyLq3l70N{66Wy-VN-vl*Wfhm=E}O8+s&NB#)-k5z;0&Y8?mcYc>r_6ipM>bbiPKhk_OSTM-!8yhxM!x!PN**m=U z*Ttx5(1ys=M%QL`Sb&~vCWah(3LA_=+!9UOWw{n9;1Hp%Bn6J49{mnD*LQYkkK;gF zRbp?`CJ;kS`WVx&>@3Y09ZnjbPLs!kWiS-2e<5lTDJSlH#Gq?)GGoVfOK~% zA>Cb)n~*Lk=@e<$lt{Sg?oMfhO}Bt_gQRq~lr%`+t!JI%cevkO>&{v;^Uplb%)GyR zXU#lgQ<=`f)(!VQXpXj5&EA^kTapf`S^xVG!~xXB}zP4#9} z^z3AXZ~8${mr$BzTvY>GMf(yMYv&VgOQ<7C zoVFJq&siR;Lqg4>|8e?TtL$x#V$s*bhu&pAEppBbZ%QLWFEb6VHc}=6zdnK+x*uGx zWURITwBFy&@Cu}7R~enBJ7l83y-|Ldz81>HM=NKa9dke&a#P?~@(0hmwvFBwhzh)8 zT{W!Lge)CMLbumDy2MjO04PVu6dYjCUItr0rLB46cOjO^ zKQNYids;^MLQaC5I3KZOc83%*waVEEWTI!E;DS-X+FfE`>~%=G{BgLViLGEk6lf#h z7+0ul)C~Rq+NFB3ZNfO#&&pz$j+LsDVTA{+WIS)Bu3;wzLHIo5i0x1M@S@&`W*%wG z#u`?nD+tg%%b}uqY;(lh&+8Mn=dH(CT=M@^y@} z+aMe3=(mby^CnH-^Scv^U=d_=-p(BP>$Us7nUlz&&lO%u5CP<%qPN<~4w*b?cj+!28jfLba3Z@!x&8nuBpcL^3=Dejn*XhFWCD_h9C>WZZ(2>4B20dmHe9V76n`6 zZ`j{l7dnA78Svy3Zda#WgSi;dGx-aY5?K?D!i=azijXeZB^Vy`y^Jf93&p#8icl}) z=tV%G()}SOpOwfwcw^h*b@doj6|>t-%_k|`H8nS+baDqkSnMD6m)6$dEsxTLbSAKc z%H--atKLpKxDD2-(HLc#D4O3mtq6pinsmeLS1h($@<|&KOJ_ZIcT>^zb^&vQhl_9& zs;2_Z@`)y-#0^7<^zpdqPO7;gxFTr1K3*jF9}TmAz|0y+O%JC9jHb_wxxpRGsBuc$ z-d{by{#)2xZUrK)wn)*)jj97O};h7%Kdu11*DurtH|_+w^Rh_74WN`J`*6w+ zM~O1iK3je1NmxxRsfwUN=K`=v23qJT>|+1m0>RQKF3>Ls$SZ#UBz>d1?* z##wgNR%}N3p0kaS`yGPGxSuq7ppELHF{U>Q4mqw7P8JO3JK`lkf%(JHQ44Xg^u=~u zBA-3WP|5A3{3`@O(I--o8R!5u3;-KHFkkWQ@F3i%E`2+Az(-YbD@slKEU`LhJ`J$g z3+J44x5bV}PYG@n1h)n?YwGOEiS-35Bd+l2X*}(AMe?{~ykuy$v6I|`iZXa-sO#30oh99(atO zHjFPQpD=thsY+AvBQXO$&N?9Lh<;k}{e2TxG|9W1ng@$ukv)ih;{;}avCR}>s9uQ= z&BruNQnOf2KdSdexxS;6YPP_yjKu?X`)|-f&H|K^!mGVCJ~(E-3oTu3A*g#Ttkg}1s=A6!ZZ&}*mp^lC2hfD9)=klUh z_VMAHab*J(|3F7;7uLRwj?a;PFDOw>7DTU}p(-JwDw+1@X;I!48ay;1eJ_rS_uwSD zn66AQuxVNTX?xvFX@NorGQ%zWI9{?JzIS+SZb(GyTZxnQpnAx$Yh(TG)}|bkbc*2Z z(&69zQ3?}xz`9WkZvnESE-nzD693J_>cH2u z+0=<+*yfO(a^aSU#&Z^sWl>QT&%A+Rk_>y==v^yM000&S008~32zGLIw=sA66}AUDucOxZvF@2vm)t<&IOPCK zQse`frrelDt+{D2H0?dIv}A*1!&VU>Mi!7C$dwD@g4?8b?!}sfIS>x2%l+vR!7)*X z9dTOO@`m|tlKrHcT#k0{$5p?<#3&~mxDxh2OQX)^7KW$16|I?v! zbB%jNo{G?%6`h$-nRK(NDHZm5a7y7QZ*hFwJ1NK3pL}i?_~keycjs4DHC(Q>T4XWq zz)n^G;*zsHg$SF?!c^Erb_3RWvE%2y57TI)-Cm^J;VC+h~TN7^*3jbRlKK3u| zqpk!y_$Rq5qMJbf*C?p*P+B+;_zbliPW`+^7F&JEAKrd{=?xr8mgFSDsUBejj7 zOd=Pke@V}BiJ1op?Wad4>U=G<4xdkL9cA8qI?uZK4#GV1`a1s_biI=C)xbft+B%pd z**!55n3~mjhDLba;8EGF%YkQmDfU#u%(S~G7r|a9_V81V4%}0gXAQW7$>Una$A{)S zvO)8UtUN9R_hbWLJo%J&8&d%{VLIjo^h6bjE(x0GgJstEOzs(tyE0!eUFGQ%l9l9^ za4)J>Tf)q*mK8gWrqS5?H52OxPn)04ct#gEUy{;5_&ZMKCEdFE>1XyV_o$yQ^QX=@ zNdk7~UJMhx4(5!)*S}#y9p`H{&#$f{%i9XMX!kS}p!$vx3TUo?A_ z@Lw*o=qgdWiHaJu?;Igrp`~MtWQ?@!993LvE5SK~a-WJ!Nb7C~dxM%sI_5!G`;CSP z$VHrlG+eJD;&om_LOg;h@1+)GCgze7uL4!1*LInPvU?7j@GRoH9=?ICu0NlsPYvn6qX-$W!b-E0 z3t374Rv60)5KL#2ZB{_OogKsX?rb>InMQ0}qPs>Oirew=rYRndc7`Q~JP2KAvlli9 z*f&@OC$$Gw)vNJOLAFI5Wq4!s>#iBMtjCJq-%C(0gf$5eGm(`vSS1rk4cALAFdL|? ztK|I{24H{6_Xo=$i8Dtde9Au)DSnRgJR!a=loBb~?9`Dv%zMkYOhJ&KlNi7keFz^GTt57!sulwJ%<CI~Llme=(8H_R=bF>+GvBaIeLhPWZ)bRh&1=%S)E)yh0Woy~bp z)kuV+UwC&d>zW}zq;e)Jl=tr4yF5jU#q64kXtG*P?*kBRNUBTfwVdzP{Wz}?u(VFe z31#%)mF~25du^!>df>Q?$V0lIO8O`XTjjBhkq2s$J(kvDTl~ZQVcotWw+PJhzPOJSu>l_d>F)v_V* ze$|_wF_(>8Y414pMy$}rGsw~4NGu1-DCcBtt!AvdX*OvVBzz;RYd4PU<`~$qAg0+Z ziXZ8HH))bt>bqB}rbT%<;aRVjj`mbkxfCLs2DIXX9A->vk>0>f4IHiOyR#dY%ko!$TjwH_PRZKx9yU)~kB5hmLSlWpa-f zRBuTS4p+Wq5f+G?OSl6_o^#lZ|7`o=WM9% z?qKeu|I3HF)d!V2*|BaD`lcCOcYNTi-e>D&BYL+{r}cyyp4iD>U)td4Kwt4Jrf>|w zKinUB*L!kujs;Ua{5mS&ZSb0(nl|qW_W)MAQ$9w&<=S$MhH6sjlCRFt_GK|zX4@+z z;UI06X_dW<{QaVJTkdv3Dj%sB;m9@v2$rC< zD|E$zu759J=qLjKX7;8kAbSTVHe&~eUxWJ?jUQa0hw|%4sPAF_4TbK(FrEL2Hnj(t z|2KH06#9M&0u)X8mpT7t0K?ouNud(*&Tq|a&Hvi|){TFBet%#5Qdb^0Kw3WD?^)W%{09FYdFe6F<0${b eGm{GU-(p@x9v}hC zJ;we~YgW~qwQ5x>%0NM5eERh1^CxyYEiLgOImx7tw~3GE%g1A4XRPRGXYa&lXm8Kp z4zQ7%l0)oeLW14wQg&@h3nwf@5#4Dn$*qe}FsH(uqOm#PF@2dpDTyO7&v+{VQIo7l8GpP4V&|iwg&RimNV5_j{0PkBUBx zTE3b-&21&Bnp)v^%-bSCSopa=L^G@jt6UBS{xC`|=+vyBE~l5r%$=QtG$*XHA|wJd z66&e+WUs;6FC#|lCCfFI;FWW=qi^vD=04-@;^_;ClE=M|Q-ZvqQ)NMg(Ei>OQ`^N! zRO|xQt1Kb5bW<11BL+6zV&Rx<1Jh@S-q4;ZW?s=MjViLNh^AaHjf-$lxahmwRWUU7 zmwXL5zM>y|sV|1PzJHt%XepuVuTf>1 zZphp=Uj93^EJIQZ8cyEz9583##5#y+7nVmtO%4$H0z1E;+{HQD6?VMPI&bR&tp2pg z6{6M#o5jwEu)l<6;c7h%2D*4_^rhT9<2|US`mwin^}^vj=rL+9*FdL(L+~DIz!q-K zuUiQE;O@mtb;?r92gpRG^eB#LdCl8`0jrc)2=kQ43vuilt9ATN;pHO9j1luAE{Bxu zwx2hjesbZ`rjxJ}BtS$9QS?R@uke`KIAvMuZ~&+^P-q6a*J-J6rHDh@wmv2L&l;3LCPq9WQM z6-F|0qnbZyl`-xiC!%r=&F3f(yaYAB|?e#AeX7>E{b|s*zUS&e|k?5qyj4ZPU$M8a=J-X1W^2*#ss^5)oqz= zK2CTh4!$Ljn~{{)8-tvS0FQf?j@p=U>}wE}IA=3U{N@wN$m%9sCcxz$AU(GVIM#{v zABTvKkqxqx`BHU0M2%-)q`Zy>OxD#2z%3}?$Fa)m5c%9E(X8;f)nz&8udywK54nGZ zV_2$<6U=dKdK2q+cp5AGKx5#Xuxkv`<2Qk}*~Wg>0j=->j)_Ha&td1SMAqUz$8?02 zz{GIx*>tI&DbxbV3wZDgy)GdIFWE^44jy+WQ6bEag`N41$-`4TVFVFRZzdr$A~_-a4uP zvR!{)RGtX&JcGww%gpXmZ!2U@jOJ#EfO5uC={q#O5NfbdNM2?+p)}h*+9;KE`B^?v zMqyjK;IRvMpillwx79qV=~6yXI0yT2<$}7xZSqmXf?_g!Q1G9f1S+}WgbQRctG7$Z z=1Hkq3vA6f@M3L^jGliW!q&^92lhC&(1DQqy_4X?F4j7~gMuAvai`5xO}n_gQTBpl zVy_&f5<(v|O8o5^`khOGp=+agp;EcuXZ_WT7JpMuM1r2|YY|2C9fw)mZX&8?xuINz zeJ#X#!-WPTcFvnNljPdivOrUoKunSP+Y;5U{@8LP3uCqh%i$Tv^O*`MKl>hU=*+8m z(~w}v)O9@7<*+lTnWH-?x$G|BW7lP#Bo2Pb^~)iJAXwYlb_*m~SxyLG7H#TjIne7) zH09r+nKg&+;ERJLy3FP@{PICyizT&Z^Vj!f8aCi))uQ&9C$6Af3e1!%jC& z4vrs?72BFF%{%uOvdsXyjx)`DOcOUd&(7&!`DV(hA+t;5Ugcht5rJD?2fb ztY15|tBwU#t9_fnww!+Mk9Cu_1L5r-Npi;Rr@|b=5V3W zxUHJjenYEpE5|H9^TQasdM+o*Bx*$!z~XGux$PMfe0Auv?Z>Kp9TVq>_3N~ue?N?A zkNuGS>PqR|YG3!$7sIV)`B_Py!$o25>X^4KwT?^y}w^94!wX?5D|)G1w<-d?nfPk{qsldfZ@TlMbm%YUz)74m%ydK#-4 z5|YNWU#)%YI?p8WmaEp2%R&5nC#U>tCC`D4Gz&)wn9m(vM-l+t`;{o~A=IBl?As0E zYYV@<%*Z%Ew=1A^%hgo9=e$#HsKs;J01(Fk5IIJVcaE?%crs`s{X#)*xP1l=7JK=DwI}(eSciWoN`NIIbA&9~A zg8O>+)RBbT!6Elt|Lha!{r2tgh2ZM(d7-QRuawKw>>|HHnOAnJ-Q=Xt0sr4uk>?o= z{hLW!+{YKdwTHdy?C@Wr^eJ%mm>_Ix#Ly!$Da7R6lddoG6-v#c$p()E121wk1oUG{uJ&i0 z^z1`a-X)e2c%(<8((-9x`lfz(GztI0o?USk+ufY$LVZq4%_er?JSux5tZZrBI^CCv z9b9)R?=~iw=1bwy*Ggn*X7LD2^s%d*l#yE%#9J9@PSuJM%b0adq(X?Ph zNdtCzvaothS=N!OSCC_!68B4!HN#C0>B7eCq;7;x&8ULgF_dfTpR3XYG$3Pzga~$= zaUKPSm7azL9{cyxTWv$#MKl4mTh>SQ^;8$k9Y~EuTUZ2jzR|GkX0W#JqBcE#5wORO>A071Q znv%j*7Z(`!)HPRiD7xHq<{T4iex7x$r^eaArcz(;pKB{?q?;T&deQ2ppbGmc+AZ^- zFSbsb+CNf0@*MPjyYo4$hUsBogkBV@T;Gdsn}xl|q!t3QdoEzTuR&f?U(~{7>PHpT zqI=njZ}UaK@5xJRVl4L~I_X1OW*5~)N9N$xSNSa58+YSFp&@Bn{2~PIFc(JWM9;y_ ziWG8q6j3(j&9~itElF_HG6^OdnW4HqVQ?8Ibo&b08CZyK88p-Sv{TWR&+x|xUV*No z3EErcE_!HkO>i#h9#(^C(CEB1td@Cj=>c+Z5Zl-|vi6e6xW&#(0GYLy8W|olPR3{` z>N6t2>SR`=ssGuTzyP)}vq3ZjJS-jCkC63Z!sy)3uKV{GfQ9G#?S7%UhRT57@AbNx zk!~4$X4R7ynB4XI1+w1i5aZ%LDe(#HQ@$bgBU7e3yfs&y3l&Z$Gz{3$E|KT1- zH5IZW{R=LP#^DCdxio%MaRNuesHfi)_#Sg^#*Czfn-!L9}}kL+ThB_K_#SJof-);E@&abOH+J-hF| zO4UiWI{rpo(PX=IsLg6%H2#gx&p;BTXgdehlNToc!wa*us*>oujeM${!;F}N#NhNC zb^A*s8}^!0M=*YI7^Vv=mPoX1vpSaLW*;f{+hCI8XJNCB)#0rZ=_n7}Y92UZSq=p? zSW$+0>PHA2!U7prMjD?VEPU$<0a$HG9At+6ec18%Y-HRiL1b{qQj_+Zae^u>}h+c)H6y_%F$Mh4a$^SZnT-M6DPBQ2OCsNyIz8PZgg#EF5|R)xt{?+opg$j0}QqlG}sGM(I=n`vVL4*BLp)v=~%w z#J4nxXc$@tu>wgQN~(9+ zv7;X`qRR0YthhW~k)fiS%o68cxc{wrUQtx8lC4nXBdtdk@{5v^`$DXHewDXOT6fYc zTr8!^R(Bh<1i~+`9P!XeCbiDNUe!N=*66vBU<}(!DFUFoK*Th^h4*ar$Lx#%Qr6u* zkl#7h#eO9%ttYpi1;i&mz%D9n8`B<&Z+lT)cF6ob&+EUZFc&EI*{>(k)Cf$Ad5W92 zdjUQ3dwC#3Nxr$Nv7QfArZDc&UTTaCo27TYmdUPJThl{-l$~DAi}7hO(r(%8kMbEW z?Z3uK_cY3f+pq|6@ATS5tQxxhsAY6xvIwr!;kgT69qTM-0p`v7aN@UGN_xNPkqtri zMu`X$P?7_&+{uh1iwrY)9162MtWS@6X+p-8$b{m8Q4T}ZcxWpAP$HFopk+A!kx}Y$ z6ISe$w>;&<)U|JvI)FEgYmJmF)jefLIoKbc^&Fd9K(;iG2*ATr5ofxy)?bJ~`HY9P zF%4&?6c(-~{gPR6!_Q3>4)4QCjpGZt4QWn(*ULO6KYuLww~uaq#nn5UyO5r_kY&d#9lh0>MBS~MZ!NncnQ%9Ds;4v`?{V+`L>96q5>p#C{5 z(p$$zOlP0A)6aHy8&OiJs~g!9%Nou#>=7*nzsVxo zK;SL~$Uy4+f(3obf=3K_BpfEu+GkGLT}$#-&=tz3Y6$DYUvyJRQ`&pV{Ql!Hn&iJE z>WwOK$?q-PiD!d)1>VK#brY#?GODLLZxa(@w;s>c2R1=2Se}KK{UnXwbRz}i9HMC( zjm4?b*dk)P_pm(@toGt#Z6pSh3DW%?A$!^!)3!0hD@|^M6;xaZQPIN7uR#8~{fZ;z zd-esHyw6a&SdWG!MkU^BEDOBHY&yUr`OWt?2zN}#W5fKmC9@=>U)i2 zXX)vjY<=Yk5vO6_MYyQ^m#=qY=YY_*Lm*{i%x=fXyg$i+s+_}nJU@zlKF!&Fd>GxKP8HY60lSGVopnQr-6PmbBZVP8d<|Dzt6p$IG-ClEEkS zBFgV5caXzE7OY~=C&tv(t3DK64DZQl96IZ?O_~Yp=4e%9)h)kBb`2{lZnfp|sz%wD zQv3q`)RZbT1kqP02bBFhTU-DQ5WM*QA^!O}K#{W>6b_(IZqaKscBg<+GA^rX@f*>b zYZhHzOPd!(R$X0_V541(6jvIA8L`0la#XBU?|54H9m$FFOXu|8POv6S=WWqpak%TLJnr9-a9Zw~?D6qspeu6a@%+a2XW5j)E>18rA@v%tb?1#dhBVkK z?5vs9i;$XUmrwa7?i#Tbr3A&z$7mHe&Ug|V$M)@t$ZD*jFY1&j+BvRQ%w>p*MIsJb z>>E!Z5w-YXG?;RZAj1Y#JlwL?ScNr+^}(t~Gw=ypaaU6|Uh7AJ`VM^_^5tR2NE`%6 zK54hLlx(p>H2ye0{^var$p`>_Z42d{W!UG!z@S$uM7wGSX~B zR+bnv%oc~H!HDag(4~OB^@*|EVWPnkkNYnRaq&rWoCxIEESY#Qp(rFEXQcaUqnfEt zx5a0w;4$7EE;x8MWD_~4v}sH@znZ0&5U3NN>-zC~gBP9i{A>8ss7~^Q4e!zNY9bJV zbp!DqnBAm@o7c_~mn04fV&S^5U!;$m*tSmr?L0wu5IzXlbVsi`xe<<)Vk%Uud?kDl ze2jNgVaiyrIUhuM?X=Bnd-B8^xw=DOpJ<`Yg3@g_y{#5(^-?*Vzbl4 zd7Zd1H>GuyLKHg`9UH@JYCHs&i`O==vhU#B+numZ%3pAE$;$P%MM3q8%nN{$bOr5O z+_5d)swA-O@MLnnz7goa(8<~IP&@ZpOf-#VGWg>+LJ3$VXqJH{)71-decj>@*{SIo zBKO$mTjfWESa>uC?m`oXqd(onY~iwTs6>#D6s3J6xW>tAwtl)!)=Fq%yOW`` zf8ogN^L3&ZQF5UQ|F15yIw$hX`3Sp|j@%K8lmJEKCJZubS7QNEzu0RU>VkW>Zj%~K zjxz}CZxF6J0Pw;3n7}J(GtaWZmgEjnhR<4M?O$xJlkEf&VXF=Ajd>elz4;wQ^q$4_ z>|sRbTby0C6S6_DB}|o}ylS3D`F~WfRASyfINQ}Hu>rQlRO3^?FHnY}zH2#<)af{q zH+#&Hs1U6EC*M)#A1_j#QneKEO54KUhF9LRw5O;IDT{3B2QE(uqqwA}%V>`ZEYZ>j zBC87s4@i_w-n|`LduX^oth&{E(Q4IsQTh3)-i+7--582#z3m*0ayK$)97VIzT2g-F z>#FV^@I$pk+TwJfwdwtf-WWpYFSN7pxV+;)q&st&K{X~MMlmNKy0E(?m#W{zl0}A z$xeOho9-Ecb9l*N8iF=75Kb)HaAKm|+JSlL_)V|Fb#`rXtV*ws35}TLQPOmHQhjib zQw%=K6ECIW1D>?D>8B~l$x*4j=N*T|a8KPpN0GU-G_SC=8rJeHQX0+^(!W@dVrLgW zMEjj!kWhp1ad_m#zf(#Rn3bfRb7>3YJBs{s#@`*Pmb?#VJlG51j;B977*scS)6C>lVJqmWcQO$}*D*TgB@1=*N6EGuxbw3Xlb>ygofeFKWQw#WLEOj-SG=hlway8*5#}Hl`|2`O7lpeI^wDS zYjPUvRCo7vf(dO7*MCTIk~BtcYVP1yLc>9@SD;ZdYT@(vfXmhN9#FW0qE44rBVboLobEvG zNP8~Ml{en*`@AlF7pU2Mm&d@|kEYj4xXM6bzvSnJ`g}YWK0-2mf~QN=2>129^RsSK zCIV*-7N4dLj)@g*pii@Xez&@u>d5gCg}q!;P(^0`8izQt>hfRR{F7@%)11G#N`1NS zM?qhqlNAjm_(>x@sYe22x%fqkHife6rHKZm_Askqt?hg2>jZHzhD9_eVR5kWnEEJijfXWm*KT;9UhB`^FeM8aq#S$O*qWkD>jfQ67U{s}o z|Amr}VPgC!Udf|}yCTyPJ4|qBTM;rsF>YMZE~Il#cO7jme`=io0>vy$d`eB2{JK48 z4Jax|yXfIiUp`&grIKx?BM$``r)Imt-ySMcFUR>>34+v-*;`#ND!vhac2V;!z|qNk zTBoYmM6y;6V7gV@m!l`AEtonIY0wIz4-~B0n;Ku3kP?&7?}*U@hw>Es0K!P?8OmMS6`vXWXkiys8NTz^GtetQ_EI>dRdbVnYoDgF~^rkFo19tF;} z=#ce2Rn$y^YxDpEj?_nO8lQ0K1Y7LHKLB{7S|t?lu2|K|w6RZoL6H#@W#fntAvDQ! zj_Wv7R>ZJSBZU;g+>@Rw98WFe!NMR0fGy_&J#${|=(~ZNAd}!K8115c4M0Mhw8IH| ziw_bb_nfH$PtjkuS}kS*KRqq$VA|4mmZxW>AK7Csk?PGMojs3gf7_UQgX<|fJ>76+ z0jlOzrENW}R#`+3Q>V1O`Z|K_z+$90brGjk1X|ZSzbZM>ZN=(?$QG=w=z<-%gX$|r ziudry7+cQdYy9oXMaZ*96y33(%PMX!tO*c)H0i?gfgyQ__sq|+)^2=-d`kNZ{fOFu zR>E_;<86gYC7}o?{Hpc`IMAU=n}yUiKisI$gX(^m)eFRYj!7GG-{*<*rEUHA=>G~G z)o3()&jRRBbm5{8990EAa4co>oKcdZ_&x+Pw|a$=J9kQM-3?|(vdT~`E^kF4I=3S3 zqUq5QK8UTI-5~M&pd2Mr$&6jHB~DA2O=QAl z+8!Vr>sxaY*3d!g`S|KzwLO)o#Ph?hef!LCyhZjiR}VeC6O!3_-(YQ-;wiI#Qr^HmQ+YRYAb6e~Lt^$TUOWfGhRUG)l@IYAL-$P@>GB?rxR(`KbEYjx( zQ5xR_K3ba;?wOm(93bp*gP)?kL)2p#TYH0i><0ECL_+E4?A`UQcM0sBH*d3cuH>Qf zIx=$0-;UcHJ>Xn^)_!HGFa{R)Zu5fpA~WV~iBhc+bJ%u{Y%~bUq|_&Z%*YF749#5W zQ+dR%n2<^CmXS})^?Tq^fn4J?pcxCMPli_GsOzf!lva-Wy5BEO#;qW~&|I95wx-F% zD4~e0YDvOJ5r1l7AYBVPU4qyAau7p#qv%ih&*N~pN{|Y6?TJ^05C<&5f1#TiAchTK zAr%GByu0XkyK}RgcaT#INs2Q%c(bN#pym{=1~kHxZhS?>jW49L1bk||zNH-*snKc8 zJ8XO*jR_c2G~uo|I62>`X;r2nQbThlEPhI^`mv&1YB?|8RB*#)1qYbG67>=1Kxjx~fS^p}u#YAa6PdogO9=mA!TQB@fLYMi0`dB;|TCZ66 zv`+QbO$-K)Y1y;fOen@o<5;#rOD$2la&ADc2T>6QfBSrd-X&!`IvIX1f()!m=uj$* z5Xw=xMIVo|`*xK!9cm;S@Z6J8b|fY@*)F5nk)0;mSKQ1?Mse4 zF>}!@GJEbQo3h)pLp@yiYf@$V_j>U$g0@-a_V$X`V4$_djhxb|i%}50B@$!RwQ`@$ zPK|aY$z8o~Q_U-5$kN>Pi?R!DS$o({zK`UTn>8jO?Vau;#LxjMv>8h!ft4Ho zKB9}gP>JeF4t~iUJfR0I*kySs6qswgKW?bM{v>hmsFCuvMGD z={|SU{Ir@=e1}Z+E5|cBdH2{JY5zVr)0zLEqEJLPiodFJT=OD#N`SxGkEN69KZ&^*vLWN4o zPs${3^BZ;C0~1m8G~vUhCpO`m-l5u5ODGrt9{$;|z{XL`^R~!Fv}tC1$6&+(Y*#fVq`u;{0oBzFGxU>1LLsE^pP0IBwp8A<`86_oAW}HWESboZl@)S*K(I*&-WYI;qNV z{+Z}w7V{@^mhw+z#z}hWD_6QhLK;zU(z(GAIj!Boz=mNg$q?7ZyhY(^JPfORn-RPY zkEgDE*2o!uTL@%W=;G)O6d z)iX?XY0jN*;{I#$+Iop2v1qHv_{hBxedsm2QpOoA|D}=~3%f;p0o!D7j?(rL#weCj zMn9cnScV5%A^s@Pq9lQ;OzL0%!)H6@5813zz|x`w?WP^M>HKs{rFylX>7hiz*5kCt zxt(m~h6alcXg#?o`#fZ!(&C%?UdG?=p-W)Ucr{U%CJx5@R1##h?w*~3>au?0auUMh zLw!t{*+%`2xGqGOHM?~jyM9IZ6JAh~IuY^p^O>`nhh?gdActZYdnP!43X-Yu$ZOVT zhj-*q^^oppJW}s_R#B;QGA?u-j(!Y}(i3tDX;9fX;%{chSjDhY2eC_hU#o{Ab9-fx z4w>WqVVKfmfIhYE)46HYn>WbrZF}G?e8`-askHBN*v9R84Ckr!{r*J;>5%3z@`y%> z$GIe2NTi4=k;dMXLyNPz)JHYO5crvGIR4G zn&D!A49+a5XeFL9@FJqTFORFvt#WT8i;`&9z}u;pdNmfU#>p z9?$VH#0Tqe#?fd!JGJDocIDAMW)sXkT8=339HvETj1;u`cz z^CaSMZX2tH-t7j3{oBF(jETmSgF@xINBygQa^-fyWc@cm-zyqxT-kV}EtQ~;p%OE( zQS!vc$o{;~@Db1@KyyUKKkCKB2Mp-{PS*#U`lT|qx#r-pI8~uGGEi?uuN7V3i*9+I=PUu$JVa*c2_`eCF;aDIkHsbR#Z%3hJ~X{m6r#}tkvE6NXK|`I4clykL#INVW&2k6sgCx&G*iNLH8*i77lQ~VJY&pTvM_{Onv17HpcX6R4U(X*~*j}wluCXF1R*Bvf5*;K{O5+?T zyHNmhD(73^V0AQzHJ60bVX`A*u8v-Uw5s!#(NE1MirJ_M0NoFvC(EI89dA;qJ)OZs zQZ%R(>&kjTxD`D2rU4ToE1Ei&y&o+sXW8h@-S0YwO;r)GYXOXuY%br?_HZbv_r4~L zsP7+@!>c%3fBgsi0I%QN!gs$p!fg1z`auiaHGE`%QfS2<4hWV zj2*$%24AP;RSm4-@o&`VgwUdXBV@P&fvyLR97}@ZF)ry znBD=ucM%@2OYxZh-I%(Nl+x{e^oaY~`g!NT`{9CQ9%96*01ak`cEN9-r4X?SjJS`1s;@2gCaGPTV5 zF$LWtg)LcM)9s8${*Vl_-KdN14`d^9f)EJr)t70-i7B((JasSV)GkfBpkn^XyT9VtKUd;?qo%=oe<~QLva+Z@0XPtbBTxein&H8H1kdc zWqtc2C(f}O35e%|L4tqAm7JDF@xGN3u&7vAGue!uAWa}QuxC#ZSLCdB_Ve1pdcG6SHaa_J3+>_nFc2Mm*MK zoY|g#?n}Rl9&Y4VvXD<30T++zA6Dh(R;#aIf26^f?(M;t%mTj|_K+SDhlNfd&-meCvS$?`1NBRyQTeE4>zQttoK0FJ9x5-dOSVMc;`5JNqxDB07k0|LIU~9<&hUcjNs{p@mS5kSsBTzvD+odvu~@2fm)jJnvVDtHGN}@ln==|MdNned@+z2BiNeUK zqvl2coyWqy=8D&)Iv#{hvg_tP13TMi`Ss~bnC&qOc)R?q0X%Y5Ay7+AmgF zS+#_pv9f^C(Q|slf?Q zHGs4v889g0_`15I*(&DkYx{F4V=k{qb)xixlg_8Bhc^BnId)mRxsKoG(Z1!U)2mEP zRj=6ODQ|eeK5D#c8;G1>TFz4TA`5oW@?{j!kqaP`3TH8q#w7&&=r_znIQuN$xP=Yw z{q;{yx7_Ex!M+1QOsPnyAv+Ntt9JQeL$yBo=h%x4#%F|*XW{q1agQ=y7V0fF(c9Mf z_MUzgtN6cKmBV*#*K5)d4~aNRWBL!0p=VE#OypFW$Z{vgUt~aJ&SvbjOEt8cIkgYH znvtQ?h~G;OyD>7DkLokIgksU9S*5qv5G8T#^-+}5WGx%j5PY0z;ro8h>Yo_Elg)bQLPkA>ArV~Cl#S{ANp*F^UmGTxZi#w`1mH*z=! z#xA90eUArY3$)_(RzBe`->hu-(3XbyshtOB=Ia{Q6psVo*LgE(@AFH+>xbpJBhw1|M9z>T`b~ZP` z2nwruGJ=T7=jBoVdRg;SQA`%Tkp`%5lPaKvLq)TXu_`j`N49cRwH!~fm^^egIsK?CRsp^^oYggn3?VB0zGhi{ip#k^V1zT# zL4}hxx9Y<+9JC*cxa zDcg`WtUC6oS~9@#YGcoLv-@mc?oREUmD4y&0#C}MOA`_|u}M4**{fMWGeneMa*s@A zE4QpEdsO{dj>bQb$i>fv-0K#jw*E4C6>H8XV{CNIm0TeH_^v#toFDyI1A}E)k(G<8 zxJCCbB~)A!?K#|Owkk$0h)o&eCvfe;oDfks>XQe`ERre4{12a|I;zV|8rQ2Gq|M5t zZ;xap)bcD>W!cJ54T$`CG~(6lKdm50{-piZgopZr7nTxMO^54SVJrdDui+NGb4XQv z>()I88U?kb{K@eE84M6aSq(B@;wbE%IWAn)shEHR3&UrZ{LKDn{H(g)EWE!-ITukS zpj02j{-ug4VbKdxw)CSV3!mg(gmX^u!t^tX3t9dV5_v-M&o-Ir!_a%#8B=vU`n-`Q)Y}S&f69rU7Lsfpdg`>jIMueQ1;QZlISga#-2M4QST3AZ?VHJ+$uTe=TqP-F!!vnFe*Uj|5CrTws zv4Y4zDk<)nZL+^*AB1&|8Gc}f{4;85>f`@LAJG`{5sfeHl7<%Tb!2jJ8|9H+O>dwO z+`*~$(+xe%c#{eGvN}3A1VSe_zq%>`4ZEX*+jvJ^&dzhs`6M%Vo6XX66<=1^p{WwN z&lbl&54EDK(Bx1Ja(A-Iq&{xzVNxv6pi~pEp{Z(-dpTFlaAGuN1GsKXS>&D2W|l~7 zX&|Sf3zlRWC2V0zFOdJWUc>mMAHMM=T}+s`yW=GT8~s;87VMV9>6;nGGWIpslVZU} z#f9Byno!7F@`$eW45n9^T3&ha>^kOS1X$0cgsM^7yf}G@jkLt<_=4*%Gv!k=+gFaU zyM6kL23RPt<}yl#=*y+QCY@8DUb1NNME=K6$pc7LVXPo3Kjb>fba-*V28E$4lrWCu zyYbi9IoB+<8L?T-lfNsMF%l*IFYR2>gqaTgh%ahSpqf>VBTO@520!I6tw87gd31|H;&{58aMMOrp8{m|PN{n|j4R;xVrhvG~&a zXj!H3A}d-;@CdSRgqwjaRfYct%Lu!483tdH>WImbqQU6gS~r8pF=vx0aKAh~p};QJ zt)1S(>$7%!QJw%l??PDW*OApm`lCM z+!6X7Wfc5l*stmyw!8VQqf?==3BN=O2Wqd`#kvxDX>5kr!6O14VZdj#`Lg<-<%lDU zRhljvC?zqd-<2r8Hgp1ax`~%gXfN1UFB)U_AC$aYs%%H=?CMwrT^#$4o|eWq_h{&~ z_x53{Mp02)DnlX4osUm^{Y)Ue8!P`d6KVb64)kn$w>tLacjpj(FF7CJ?UP~ta$bxu zplEK^LoQr9SwXR$CtNF#kF!?-ocNxDMgsR7)EX_LObEZd=b9X1crsccjCZb>hy9P# z2HNZs73sWb@=`}?NY>NRQHOX{j%_uFC9}za{<4nv_G4!l^ljIKtJ3K;7z=ZHfHKBU zf9FFkX4q53+b(ldz9{+7r_GiJNYJ+8>*X(uAsk}FR zs<=|zeR^+5BF-ff6vgH{TIqv`T_1!?oWw%Hsx zwxseF?uNT(K|`3vc(M~QT~_4-XZIWU;KLcL@R!H0(}Z~LrA%#Ivd@x4&cp{J*K;;7 z{8vrfPg7}~Fmn(4UUW!CLQ=^+6rLG9Jq!?}9+_rzE=F;O5`Rc&#{ciCYtk-}iPf9N zuy~{fc-``p#2D_(>oB##ftC1e=qkAmjjG~EWtt8MG)5M zZbdRE8C8{yU-0**(~B7Os&YmO-)x9CDwxg3>gFp5!b>%Q!zArQdwl@paUFKjChEmT zuA6WhYIF;=I~kum6*o5qYpl(Pc8w>{v8-C?x|KoqPh;VYh>zK$*%*JyW|cE z7xl)?-=6(~nG*tgX^B4+cU~OO9E~Mh8;y;^aq-*SDfF)p!>(V011x4v{(lqIHxuWh zX3dfIwqmgfXT>^HkgME4&^(58%_{2pVupa7GRD^g)Swuuwm#ewP^7w|)|GZ?4y_^> z7Z`Tl;~1JMI-bvbP}8*sVJfvfSZptH%%<$ z(#wX*w?UG9A=H%2ONKC;XrJT2ThzNFT#k#X1W)rXM$z38q1nA@;LAoXrg58rmHv%` zw6rW?`_M%?E=v<092d8D7S37`M^(Qf^<9(N$V17k?g&H~Dyh8vzRh0lF8DYxpbz(p zwXH(YT$rRS*|1YWm75tzDj2K!TD5{9a21krJ`}fCX19cdMi5!)(b6I|M|n}r%S1DOB5_sPJrt#7ihnpbStiIDIhC_hN#TveMsd6nv2EnG7*tL*qa=czV}SrH#>fIBsg6{ zzjnbmq!#3d03RVOb#y~MD>!CUQ#VP&0+rauAP*sV$i=CGX;h#6W4Opt3*3J|c?~J$ zA6@`OXDRyrKccQWEXwX_OLup7cP|Y~BOtMK2?Em6NGjdk&5}!Z3rKgDbfdI_w8*#m zem}e}{^8kYuQ_MV%suzanRB*pg7oiJ0iq|*I zVKPf0ij5d&%UyY~nG++;>C}KlVBxKD=JfQLJ+8y~QVfyk%MN$XZ_BBW2Hxche?yC_ zv1_#ZGt3m#EXvPPJEGcxF(Q0uTnVaS5PK0>%Q>*LAO@2zycvFcv}>5UvTy_+t4<=u^M&soNuo|M82O>PulQ%W-?W zab&I*Bzf6wA4W|zg}3mJ^%RZMuv%hju((<$@@k2W$t-Jm3npb>_+{0CekTohQR^Kj z>UDDmDrY>mIOJ&+7L9LfDP^dJVtj?o%p_B^oY#04MX;Cg_L%m=YEPBGh?#4;EMJVP zLuc9t`@O!8RS$*`Ma;sHDosT~A-nhDajWHR^8^o%-*{_1YuRRLVj>+OE1s{BdJA(I zh96dBWYLKgvDU zLGEXX+Ec7EXHKx@mlqGDtYhU$b%OAR5ur!1svGFo4&`UW?pA~*1)|Vq^Kj_Hhj7NM z<~jA-E^4nqO{GR^YL>Ua-)}nVa*$N4H{)N?l#4#^XNecc6}k=0XdT8vQ>F$Rtz)y? z41@EyT@wPKE!o2K6)ca1@69B9AMWnB*7>V5Z?xBZ8iE}Vmc7!Jb=CvvwrzhIZh~nQ zQ8Ssp1m>5&FTPo1(y?qwwd(+<4n7)+l++zs@%TCMYg0wH^G0#bAbDC%DXr1O8IE^5 zPQDV6NUrBA8tsyNz&bWfMtCom86@Er#$R@{HZceGRa`4oa~No7A~MQ70aCktm$qU z@5eqGQh}L$JJGOfC5lx;ebvYJ&B-h%pWkl7o0v1Y-UH>UF)EsG7PDHq-7a0UZ^D$> zT#CQj&qh|V&U-1xv_`GhnJ<@h9Q|z^SV|Sd1(Uv4O4{!ebIdu7H3{`S17*&P+d{FSuI~% zhaQk#H0i90q^1Z0qD_q8c$*iJs?6=mXhoNyszB+2TLdg0kRTnW{Btxq>NvoSPmNE_ zNU{km9{NKc?nI{_F~<)4GQmwx_P(???xm-PDguYr5^GgR;##V_l6 zv!g6k&R@UeUYg1@=x-cmtoDAqp!8>3B)1xXBDd{vY5fMHc3CU@t^;EgsGJyk@1n!t zfwntJUAkz5O|~6JRa>SYcf8=`d^}EhXtcV3g@w9I{rrtD6IM8pSG2n6XYw@ih*Hce zO{OiDrY1Cf=v&W>!cRFyQ$~JwKE5xS_Y1emTM}a_Vgcao?PW(xjoCM&)5UT~oQO%( zcV&;OW4NluZ0V4=l4JAijB;;T@eH{%2qhipiWpozG@S2k;b?KmexqdnHvjm$Z~~lC z*n6*ROO{gU6I*u*9O(Q1YY*_7jMfyF-v!0>W%GRD9#_c_lVaxEiN0*HFHALtPx`>m zN2FTt)_Ek?vMu0I&|okhR(j5oXHbOz`R^>@194cfqkWTkO5n2fpWXa>V45rk^2seMA)OzfG~rIWQi_D>Zg=L zvNidPujSN5smzeZVK*MPa6WB4X!$OR6NgX^Qp?Oc9EQnPT4O?SEOpc7h!e4m1kn>}DC$cpLNt{L(^7a3<9t%N?>N52&2#i6 z+q;fx!27H~lj+$kzMe6cY4NKa@sAq^Vc>bHa#F8RfZuu>&M&A%*i}(^{z8oXb+q?A z>pB};NULiEIW1Id`NauDP-E1s<#Z}AI91yEHi6l7}1d$!uqg?b+#~FSK=jdaUs{5%yW5#RBHrujn*^CKf%S7Yx ztNo{_N2yw?GNUmTP~P(fqjz?s!lCPq^L@6oT891WY+e(?DHbihEl>{6@(kpv>gO`2<2rc%A48%+(9>oVD3;WTNbZw zSp-;@l=1|>V&!;02pFd*kSekJBPQ9|cU4jOB^Trr=XB^1Uh*Fx5+o?;?vfqEDddeM zPI2x>BneYlgcX)Br%$0!an<2Pd#}bT`kFt)l}bxIMxEqet#!^iIhu}=X_vSpp$Ac! z4muZ7lFSLrD2;J%wlfp|5ZcL8vDAVEuKGTuQ5O`=Y1@a3vF0`FvLI9j70%b|Q=lC9 zqYrOZV`>&d12f3bVYfOG1jG;-jdIpw7l zsJQ$V#{!p;Oh%b$_X_8XI8%CZu{Af@<%L^KFs|fSz^f+0)e?(jy$aG%ioEtaD z4&nv5bTN`|ekICu(A@I}!)!QlihMsJOh4VL0ivt+wQA3?eP;p0L9aGPPv^1jt(J92 z-t|BPJL%JbyJ6qfLWM&U9#-a-kazL@#uP>k<3?ooU0$vZjO*?DJi(ed;=(G}|e zWvPFCwFc3NAN%8|VR)8_qY3AJQXRY;jmDREQkY|K*OjbZt_F>mcr;kp%_!2EIqq5d zahdL>kX{Q|`ZgxOX@{kMA`K_kLZF4xm|NTc#b{Jn^C0xSz+vacAh0Qt+`>zZ?xBiZ zh!fqSp<-(L@U#$^^y>6uLecE@g?QJVyF|sQ37qSD6e?GEi{P;thAYiq;@;ma}8e zSjW0>qA;$sdAt6sF74?a>p5-25Jo+J7Wc zpGg)(6ilo;vRp!}%DSaenbbKV4lo1Reuxsyhi?)`f1#W41~1ZWW$TmO@DWdPCtoGj9M?G)cL=kM3XumdK#<@B-3|~Y<4UgVWDO2c zdoQG1U(n?td>%bCf$_sJ(`Dex+52|_yGB>9Rn71ij?TX@H2CDtLa<#bgzw03yAVEPe;)I&1i|k^)fse*KSOa<@ zBJ2Q=yfqC(%i*?7_LlQIb&)q#ckVxd8HC`lrp9XMce_lJVgG6oCnR_8T6U1rosoLQ z0va}VgUi6tJ!QN=S*UlL21$TzQ^kvRlcc9;>lM|djm>?MagT}wl?p#I)$MxIMm~P@ zSs^%@tWA9dDL@FrB{#4J<4MG5HbFH%S&HVyVTHvlL9&tq+Vo~~0Y@&vz1uiRQ@#2r zEyq4sfqA8-Wz^!-aTXjiV?f-w8Wgj4@B@Ww#>- zsV5*|PB=67fI|pH%%+)(!|qr1(c7ht&8}a(nGUz5s>=Or+fJ2E+#;33P8?>w^fic6 zJWt&wYzE1_=z=!WRzsw%EK;iR^iXL4w(Y2A|rdz$@sC6|SN?N`6#?MHqXvCKdWD9Gg!r9KXBK^J9G^x}K=4pjPT1yjGIIiUxM@I1~C|1r8 z_&SMb#{~Xe<{}^hi;toLYZ86PLGF17iL)3f_9!1j>o7DpL@gJMX}>w{r!s``pOeJf zCUgIB5=~=jRp_)5M%_N)kjH4c*e$ADt{K*3HJ)25y=&QIVHPdhToI`WLv*nKpOGm2 zRu74sX##iImCGaCyj_&mvI!jpUB|~-A%amoLnizvaUpRE`9R7D3PTS||8z}xE#|n= zQj&5|4_FwJ0nj)N^ve|9ooAhV1JPEIN3^l}`2w6#w*JtJde?4*m(Ez0e$sdr+{C^B z{vpLfY+5FX5q)G@KE#|v1Q+eXc&x7e!HR-EK_kZuqfkV#4xb?2(RO=ZyWl#oF4@JhIOnA3MNP6G)m#%p?dbvG&nsPozJ!ab720=L8Bt+ z;R(YQ0@AI7;<;}gG0eG1?*Pzs;WoZD=$~nk$ zXwHnq5Cn@mXrl(1+GbZ=Wy%P@V0Qy<-`;Cv2OXRLQ)kBDp*d8Y15kA)*%WXNPOE)j zUpq9@T9?*x3JU8h!7R>tC*kK+C0=#9ci|VQD$1nLl%>dH#J+1ppX%&X7cJu)nGwuX z&-Yy~9p}J{5=>hhEL=^#g|fZxcw*@si+=31je`0=00e&lY)4!Y_u?fbm_@4M=ccdp z$fBHxR9y>%sL{{Za|s0;J{EsDdrNzj-OIqls2e)ym&CvX`2)7fY(_3Sw}2}2L`)_u zim;I6_tM`+VN!Au`IYHOk!s%;+wPND7B3U^V z8t?qg?c-|sW7c3St*I+SYkHX!lk@R=mJ0lSe)k!o?r<&Yl54szalyQWIMUG{DA0sH z0JP@z@q81mPgY=eB{8F&*aA4on~#z>zt8j$3o@8osn5tU<0y6#M?(GUA56)lrC*&W zWv0w{&5Pz`mBPx_S3_lN15`G8UYT|?E`D_>O)WHaRXaFlL-6Q5d{ei_MP=3f>s`be zi2GvY{I`TeY`(23k4?Fe>G4Roos7yxVbqsN3rpmqi9Z9v(G3M4-VN=hZID-Xcy+8h z#!mJ+nuZajj@wawIZ%)0dpmXy<|_^@h24)zM;1mwPz58WztW4BgFhm2*EamAflM@z z{~Q#U`PJ~Drp7#I(eK1tv5dlwO0v=^N$N(4n9a&;nK2$O?K&71Xa2#{CBdJZ$LIq@ zD~~-)`Vnf_^NN9EW+IA9Wn_EYW~026B|IbcOKCaY<0zMHFOBk$Y!0-z4is~v$ISj& zT+ZN#S@uwTUwSmL=v71{u~x?!wlW|hpdr$*M)J3{_}eCJM?p)Dj7AQE-1_$6N*9iJ zOK+oF^NSbf=}coL>hGY~k)qamQXKSKn&R@$?Mia)YkW0X=}V`+fuC>b41pi3yL?wW z)n+I4IY9zyfGewSc%8<9HRrxs;6BS3!1j3lNQPdMA=Ee`o0O$EZTf> zvGh2(D+BihJYQ+b80}ZL;<(!?;y35|tt|XFP~{9u!?~Ul`RWh2|9N19R9YbIl;o8` z^wwE6kYAgi$QbvIhb~rTu6j5#H?nmLG30;5OWiqpYtRq9CuSs^psKQ;_c$SX3W6*JfIZ@hP`Y)LVbI*E4q$?|^ z?2%AA7o(u>2ZyrnnUiya^p-~0M?CVH3bOQxEl= z6)WIxqQ6gC$u_k(3rExH!juws6HD;2skpQgkS#imUy&$uX&_;fK{AGeSTWYbu=?)Z zGNJ6mckR1Ao=GzX;}jOrJEdevbT#H0UI1^YaBpSC$ZFMAD5`Mu;qu3XNq^dHADZ(n zT;H?^lTRUZQ>zK2MSKcc7^#kRzdL_$dMe!UQ?v0+kgT6{4l*vC(8(3hXFNXdeNNywE-#?gw`JXefrg<)8IP6o|`My8a?i&)Hs(}NegYqfRc!_EmmHk{R--LqAZatx*(-#g8wt4-W+F5)*GH85F_27^R+BX zO4+&+%eBXlTK&s3IYbIQA^l>^@6v*!S2Z)GiQ5;DHRuUI`S%&T8pN`@A%bEM{vS;X~$2WAGR(3jBnv zfhhmOud9r2F=LNUy}Ldl=kt^IF6hc-!{QOzn^GCX=u*K~xvhg_)4CAGUl755 zCC&;2=16_!LCKb-y$(P3!gbpD66?#+B4*Sb{7m3l1=PCt#6$f@Ec%D5B5)bCM7I`K z9|R0Xe#LWuF*SrtD;R;6nR+^(4llnL>woW?XDLeBxiMs^5R;wxY_<{axqqg_G}Cv<|rjUwC{TO&OL@2>JcpEjrRgB^q-xu8OJuf^9ew@OAAsnHG(?s?iRk{acX$cy1)?p6R60)5WX~!>VcUgw zfU0N(s-nJ8S?MfrPM5^Gv)79y5A%hJw&vqzgb``D>(G(pvbFO%W#v1j>|10n4OXeg z!7GMiF%{FF8}E~3Y-TJv@%|E5d1|BcJrY^fr)Vjvm?>sFvoqkGgiz|!G&dUZZXgcf zp4Xn77zV6`GCq+%_?ZqO^Q+zNi-&$6v#lG$5``eM6NmTD$`1EH&{svYsg07nv;_{;8R;{ANQu;jy6`+-8Et={Fca(XW zQ?AIw2)Z+Izl#$dyz`(nJu@#+klpk%Dk`B9mr7q!$^=>Q@{+?b+D@ySzIJkzeR`yv znutb%+!lbp8kx{Ji065;K4SSW^V+tU?_Iq-#@|&agsIlJbc)G*I}MTRaxz}R zQ+E*wX~ItH7X*!6xiSq?NaE(I*<6+JRqhj3YsmaZFMmdEMK0$EO=*@e=fusRduoCKim&-axg$TWVVpmXqYqEJJGr_>!MjNQKIjA%ievNdfwA7Q$RMSc> zl^c`Je2)DV8O6STSBqY-9f=unMj9l|kI4k}X-4M~~Dx3}sJOpXs#^z#j;B zTTZU+{UD?32dJ1ZohwrA#kxZ>U&!h4rVcOl zNDMZ`bT?bOlJW#YvaQ~k{#4j9Z(81vJST;{UBXqflR3Kr(7bcaPxG8OUiiJ-A(tUx zcUDjGv3s8ZeWc~W$K{*b-o^HryQ#190$|lgNxX=iCS@Xiio{A9L zu4i_I^P|9z9COh4UyVTtM8(un97oe4Ktd9GgxAzu;_*%mEAY^R5L$Ar80?GQ?77Bv z6d-pnV^(T5^pv~OeF&<$@_SL;CU7Sdzcx3LY4{heP7$3ZI0gh-=JVSKocA8qO5jo9 zfEhLEwbZH+S;E!3L+D4aM{S{Yj?a=&mIiGc58qfjs>&abLAEf9^U)gF=nt*>1ZjuF~zTKLwlUZ9}s9| zd^J}dH4Nl*Rk-y@Fe$0Ot{ka!Zs zcM@Md6W`t{=fs!y#ECDHaPV3fBRN%14IE$rQy!~{7Tg}A+R|JvF$Ia+v7&ZpU(N|= z+^a0={atWYKc^UmVt^m|EHJKa`WlW*M-`a=N>+2*8MhT@OkC2P@6^x#2;J^5=p~xQ zf7Mv<6u^eY58Vbl5*{IeHxN?dAz3G?=VSlCn6CBBcH~r0h+x-&;mfj zzX=&YlR={{Q%}urQcfVLH@fALc-?%$zlpf2UmvdjvC_ov&XixzVF3zM3QsO=c%YVuTwn7 z1MpYCI)xwldJc4ixp*m_B_6evcMeMwz{fhhbN_eB3ytKOSqXg8Yl@lWk>L|FA>1jj zn{)$_>nGh+Z%M0%_`JgS9O@~t{$gWB=54K%MY_d3_|UkNcVG9EY*oJ&&1V@tTeGO4xGqG!ZYJgpf))VO)4-PVXY_^a=%>}->H6{ z-#uj15zlk#S$i7WSmkbup|c745c1%xRV{?7{p)vnM7yYGhj^i3u65tp0rYVBH+hMNh_t3d#Cpp2+i+@_X>tz<)fS6FXOs(3Q-tdp_I~t)njG& z*yfi?zX6mr-7uAL7f`^jiqOL)G)}28FKv3#Ube~NU>uGpGi0foTIJU^k`LZtayVgP&ld>Fe=f=PPhj_qQ7q1NQqHDZld~d{%I$# z)s?1uS|II%L79Ri`re5h9S^*lC1K1#Wd5uQI=>EubG2fys~l}4n`WE)KvL#iuCCPh zyWUw^LiB5jq;1tgr_Q(guj`FMGN{b>Xa#|0v6NkTNB2sG1wV7SfI&@-Eh@IKTIgS`D3al!F^IX#-Qt zW1C5`M@Ld#AJ)_2<6QOvRM;egWrRDLw<__U=QN$VtH&}Utj7YKQ**RMvHIz6=KiG1 zV(rwATRGuVzop%-Qwf*)&0?NVB9RUM#T~6QIe!{I%!NEt9~|IFp}-O`Da`^F0lV4J z7YEyVBH4v0RL9N|Ry@da9Z}bD{&GjjV)uT3t~+*T)f8GNw11}bp_b5Yt6&&S6h}y{ z!N6W4lYwFKmFwB3jLV1O`7N)*wFnIQU`O%|F8pwtE5i#!$WiP8L>8dHAQDlCyG@>g z{1qY#ufV`skgjVs3KXi+XU5I5lt#Y$vJ?1FW|-0>j%FC_3R1U@lo7_9sGOE^kK2XF ze%*qo=lF6->U7M;T9m4vw%1M7iohY^?!3*h8p+EHBWV8BE6g}gq0vO5$|D_;L2O;Q zvW1_7T$(NmKR}Pk7FTLE9-QYw2*g~7MuG`O?w1C6HOEWn)diWh0*pvMIl$oMR{S^>f?e<@TfQgu>yfk*k&sJ8W@+^t(h0i% zgsN?e;leGuMQ$Y|EC3Q(g` z_~Y;Mij*h|j-^`E{#mTj6@<(w*=3`z)as1;2roO0W1Q}h-QR&?4mXlEM!qEG7nUk0!&AYAq zaZm|EHOA{{EA=vi#ZcyGW9tx@)iRz3qpc zWLK<{zZ||}(+eL(pusl|D)ZraqNhHLv%jHkR=o8xP0Wn}2g_nz?9O~51!YDA$di)H z)eQ_25A*8Y&=^|FkQR}=(#yGbsnaV8{L$z}l6J;*Lq}Eb^|fVpFlnf`kG*FE0jQJn@!Yxv!|k;iDG8it8eu8!q! z26R^*Es6HEem28+6e?H5FCem+DNaAY7&)W_ki0uRj*3w^?(7D>C3mAK#~U4uE<)2d z9dG>Y_nYZTUp#VX;eL79@gVAMN<`<4_WAJp>n8W;hS1^FUAKVu{LaXKG3Ef433EU~ z!V*uG951rxbq+_V{dNOv{h3b$6_YdL5n%FUG#JnMpS@?q((UwrrQT7`Q6J?`43}wI z)s|S(ChT&dG(>oil#0vMNhy~@x47h}HOX6n$aa`)^OGwl%6JQ8h6auPiFcj7HUJ*A zz6cc3*r7iD@b@G2(>MCaBsXn}#yao)w@N7EfK!wX#Jl|D&z3)3v1<+ZA#4qRVvk8o z(YE^OIK4n89MwV6<+)*(W8$tXhUxSxb>_V)Usx*|hU+--F5I8N! zLfCVF+?1 z&<@{QgA_in;iE1L8aPlY0UqXZ2ZH`yADKugf_T>mTI>D)7{QG)J$Stq9pD_ zJK3hBqt>a6nN+$OZD*HTux`AsB$80c=;ve4O<~P_olF*=o9!zFVS$>2-7myU)Eb(U zvu!iv^q^d5^g1G+l#X=9)KqbbFOodA(vGid-vJx3F{12(sp>~Bcj#l3yAM2QWujf< z|E=WL*j?&@uUpg_IqD)pi9xbW9jk;f*(7K%a~T;VIY>Q3nyW>ENAQlU-@64x2UtOO zQX>7tZ}vYi3aVt8;d+ML-8(0UX&{WS`M3nm_Igg*XT1T?Qi9!iEl?SgW? z8YjPQ*~M7E%YP=Dd<;lc_r*-bUO*`}qH6fN$0OPp z`VKa#sx$KtID>!`GV44J^^b9=e<-KO^M*k@B!{t(tV-7Lug+H&LRLLBrs$ZdRDWoF+*(g_;iUr-3#CZ~m4#*f~bOZR(;C`zK)^ZFIv76F=aH?9)) zXZcX$9w!Nm|4s0SP0xiqk5L#YFZ3u_om&%8wg=+j^Wl8`SA$;fZ-iT)+HN7;58_q2 zA=62OrtB*}ZL!7~epHIE=}3m_TtCcxAE;Rx zOoW5ByYfbk+?BCj`8#_oFgE$qE2l;D{|P6BEI3zY?2%WJlqVUz^$0NH_UI&4$^x%E zmZ=&(`i&(8kgM7H*Plz$17u=DAz+=*?RmJVd~jo7sXzbV2W&RZuEcd3mVn0#^k&G(J{ zrD8D?VgjPcVQIwFC?HAM6rN<)CX<^Idbb`MrB%qfp_-G`v!Y3vADzcD_sGXd%keZ1 z6*TRjQODq^&sO}2M4~q&siu7L1T#cBt;6YM$Ly{z>CtuA!TpRc>3{AiK3S^dB%uoY zZeu&ySqVWHD_0a5QP+=0vK;2+Vr$dAO$iIuVFctMKF_c55FnxIf+>Lkou4WliU6p? zn4H)Y*z0JMxa6uxQE4?HuU4gd!iE1*p(e#kKN5j`LvFtj;e%zG zu3DY8K637r-yW!*@RI-)g8F7olhK=Z?o=t?@?R@SK^_E5f#NVe+6ygvuYVw1Sr@1V z;yENHg$tsnH7Yq3r~ zT%l2EQo0cu%pC?4OE4B3HAUmTBREhN)rA`^Ii#ewD5SV*eMM{xBf1QkC!H?Y=Pu^` zl3AV^l*PG_PK!tnI1WuDzM59ha{P~V_yP7Adsu`}q}xzt=iTMTNrOrKDNOHhV`t~{;wDMV;{P6 zb?>_~*L#TsH7S4GN1#l$fMul@Z26ZF{~DETNRk6?wtW(|MHahq&}`Kk!j3W{HN=Z< zKpdLR0t#ql*r=wqK>;t@J_x8qKI&|36@qB%PQDEF+GVKMf+`a1$;v74U+7g9u~xN= zF+k==vteOE3@1T3hc=RNWtuRtzYd+d#PZDnXkoZ$+I2JZ}tPPl5oc&E|f zs~uJjeUda1v`&Dz%^*TllGMDT@sdgCxDfya>DjJ8CjeYE7ff7Cs9l-U=>tF=ju#aH zOpu`~!~&Z6ol~re6274AZSqIMYk{bE#D&V4`Tu0u5~@w`#H%(S+p3X7QvV42xL`th z42m}bWw@bt(tbbIYyEPDp*Hc%)8L@lNM=%YP^OGK&~{PL5fhq(0dF2?9JX)^cmT_x z?Py&QJel@?!ACEpXG9S39syG%cd_CF-hHMuiZB4WoWOYRgQJX zoWdj0T`w-BP z1(vHkOx)i*i>I2x_&Pmu);vem%h`rt+QWZ%Qk|>g}dWJYbyfQacCS|Kz*xI zOj)f1Z^kk_${q6(Mq9>~u)U5;w^zIWQzLUhyK+6G{+(bkzzpTt$mWj#y_(*bz0l%B znGPMwON)-F3a@=%+#QsIMk_cz-7MLBccz;8wM9s@DZ!@G)@)zkve(u9SJ5heU6%!4 zAs^3u-)>trrel`YRa%_s~!65 zlt!nXMd-;j1BJh?rE%W9raS60+>h{J0#c)X>4Wzt4xiO+|FKr!#^3TEXI2h#jnd3E zOvYWKl|+A3!AH4#1Xa@o$+8-QQrVRwCB;fe1~C zBYjJ_t&n2im6gJh*JD~qp=bPWd6UK{0xdRxFq_NQuM3(ru$zxx4)!#nI`VX)P77}x zs}uJ=rA_!hyp`BgOuIVuUAOOAB57JQuvw~@x|A2G@a|eTt2pt&cn7@cHege@<~kr0 zDf^UA?6nhwz|0Tir>c3B6EBy^l+0ua{!7FshBAOGllaOgCF-OW8l!WGcRcuGY_NGh zXqEN!)0~Mz>WF05s_y_=|EL@P6QD%h8(-@i#ZpH8Z&=eK8ayWhN6PX$te0)04XZB- z7*5ooS9Bn~rAw_%LSZfO&@i(W5gwir*$mi-53VZNhXroZBVS8PF;<6c*?EmTdcZ*Y z&ZV8vYPp<@J0glkNy;{)4KuooT^*KmvUOxJj^dkRtq8#ve+w27i&$9`T9>O?WbeDi zj?V^fb|(;(H^y4rE?di+FJjidZOJtIXjQW4zPiXWH;F7I%X3JZEvh(Cwx=rnVq%eS z7T006ijFAlsJu2C#cRVh+8?L?Ee(ZjjTL%77rittLB{zCR=sBS+CQT~+y%I3dE>Vo zS_e5BnA4Qs!30S+!Uz2@u{l?8U^h9pR>{mCA44)$?6Q;G$f{`;;7<~o910qZOUh%0 znR$fF>@odCYFmk!`}hO2_pw6pM7~`(4C=M-+T~M}@@yuq<@UZ9nQ%GCqHrAzRv!X3 zSs8A1oVTnpj9_Z#Z(5D;L6mIutZ$Tz7fp`tLyW+y0u)~j|5;TD)liFa+>Rkd)nTcn za6u;3v|9m#wYMn#dw481r#`cbv$CfLzZ~HHFE$T}5BQn`JnMt{y2*;SB$L)F1gsNK z4^PRm_ET&V7Q4VZ2IGz^_@X5i#6Aa#n6T89T^BM1 z%k`a25)BoHTJ!+Wg#HXoZg&7%eQ*4x6Ki8e?+(0u!U&m%Tzg-sypdFq5K>S7UuRc0 zu|`Od2(m96$T_=fif0d-$tP?LNv`?r(|b~uCMnn-e^#5$4I|Ftf5xB7St58+JV)Pf z$5k<#6IHV)91N^@vZf{btJsA+sA3-%-U+?(y_{Yfr^+MrMisL2xPJe{oVIuRHTd@E zy?MEWg>W_I{?Ahd8a6+G0GeOVdkv>H#W?6)LA)jw!{y{mfzONGg)tmU7ig(~(-YeS z1A2$#@M3|u1qL*B=<=hI(b}o&ju3b+=n!Z+kmmOLlfefU(AFj#zCdcjqwVThzw{vM zrI698k?1|X5fz41+{1v64_N#B0eJm0H}UDSzp-FucE}%GP@E_=n9F=8cw98s72jfx z@a}-Y?ydqOOZWS4!6}tatPU9N!Up1x5y1f2%8I~f6EsvtM?!wS z*;F`6c?-b!r*-tt&iu6}%%opt5I?dacuv2-j=>^+QT{!L=f#b8IijS=)WIuk*ad#u zb`KL>^_xKP9vE*p1|ARHpv-fR1D)xt-fS-p3be<(hk=qgv9YV3Le|f9dNLVkfO;Q; z@3{In7R2CV4&i#45;OiD^uKkDk^pPJO0E37s}1bW9-SryG>b3Z)?9(pXhY<(3Dn=v zZG8&d_Zxkmje4N1L_QQ@M1p_qW=Jw=BJ*s)c249z9HNn(9*qLj-lFyx;e$w(Fw2@; zDC}8hn>DEqt^S<{9}GAS_Sg1mj95kM7k#|!j0-hakRFZtFD`vM4a(6ud>Ix#xHCH((Jntznpi~x;&L*9!sd@k0HYvRC{ner$78C7d6d3880=0EoV$4Zy#`Ul%U#_OY|!+#*!JK$Q>XhtK|8_%$FZ3(XrC`VkR%-%xpD6{hhyo<-2%A%!K zbk%7rVR2o>Gca-HK5CspG{`S*6|_#(y`Y50jy!yE$OraFMM~s_{f%|SBkb$$TVVE! z?8P*kMhULy!bVhD!eVy>?QY*xOSw_ssmovG*LXD8OfO2Wp8X|&1`xZLmXormaOLp@ zJDTxIgM&$+a!`PaFj8VzxXah+=;}yAlN#pgnH5x z#PRC+6gr8^0YX}H5McaBgH!vf18$vm)in-H&8GPP+qmgx62JLyOp=h9Xooj-C6HoZ4c%ma}kwsFSCnLX)d4P4?VKCUPa`wW{!T9&BpLtQ}LRbQt%H1kM+VS?J1NB53?w3|+M?w652v zp6Q>fj=?2}IvHi#j8;2rAChmZxu$FEJ=M&FgyFTE6jVHZ_boI1baH%`qo#~CSwZH< z=USuId~yBI5rlQNcxZ9@4YtI!%jEKFH&_3K|K;~`*Pi0btbqg1*iEGo@P#u(mVEM4 zdycN|Way?)%XdlL&q>>Hxk^jUb?1lc%3M?aKF$j%CpBlA)kGW?QIEa~63i{-K%57h zu~FdE3d#&o0CLc}Rn`p+S?iYy-2yvJfQ&G&bTwccv|f zK8EU$M+S#p>b5C}jW?*=6jW<{W3h5^wDc(11mhs&MB_a42n0Ati`#ez9ao*C)aV-O zbyl6FOgNx%R21xE53;M)9bKZPo3T!8+~;yZYY^JzUN5NvEWGnn17Y^rB~a@QLp}M| zMN=vUfXSI;)gVu}jWOGZ+b{r6vUg+H$*r|5^IukbdW$kY-4i?eTb$Q;g9u`gMKIlY z)lxDc@;>@|2+wV=f$N5#cK51-uo~$E@+?Gm(J?_Mo52x=K1sPfj;2Q6z*1j7EuICt z&IDkC{~Ylumz;}cPAZEu%3Jyt?f9LOt!-{7n5_I@GXOLsGo3EiE2p&KFAULsN33%J zPAF}z!+FW-qXgwj&3Qir;G>3y(lSlHsyIDZ@p`&;&k8VUM_Ikn{QRRyOYD3Wi3Aqy z#G+!hLrXZ}p_^aJ9#7V9|OE&6Jya?(bTgM;iV?B$%OZ213$ezvSx1h?YUOmBW-TeUH7t}iPS{_$I zTcI$(c{5fgxm{|gSWJB)gA%n~I!I#dlU{X+7p{WXCGPgJ@K2J-4!LL0cYRNOE-1=& zo_cgzD@;DoQEbqqU)D=zNFdo!I?q2frU~*vD^%%u`3|e=TWUdJHlv}G1D&5_S8fe| z7LjcPTVaEq*tu){gittJNRm@o0EJ7j{G8K&Ze*!evVBJPcH7}Z=!-{*9Or#eakoNx ztCfXdg%po7osgnzc0Kz?@#fhmJsf&Ui^cFywU}e&@|CcY{m%mwuh{BP;Bj8CeA|F( z@h+?qcA2>8|A@NA_`15M+cvfuyJ>9OYU~@^w$-Fjlg74jV;hZa+qRv&X`c7re#)1d z-`Qu*oY`xywPp^q!61mcsr;cfFA(n2HqqAMv~taG?ibsfdzF62%o}}@o-!Vcvz0^Bc_VZH{=utI(SiW zqR0OcOF6troK9%=(rU`S_p6s~W9hd{``kGZi?TO@?B(iwp@!BXLHh9l7tKh+3tQ_m z-S7&?g_aq2*4xQH7H50!f6DDeHe2ICB_jpp0f00DbmmuEgavy*vRYf&Aw^PO0@x>r|X+Wzg$sL$!c8> z{o+520?ZqAzw}i>h&h+w@e!QSr`r8*-7}k@Bc~yqb!o1viIG|?2u(=*{jG0H_7IbE zGmPjSLLj_h9gznJi4A|M+p&&q%&nU2rQM&^k2K z(_&#nMwt}i*?Ru$@SD+|CtB}<$cblkHkn!*1FAGtjQSPZL#x#*E|n%}Ir1eL!I^U( zQQa3gxPRB@_*Y>75jB)J8OxZ8gx#miJC8WfTzCY65Mp5AT*&kHa{_qPKE`;%tSw1D zAXy<9RZ&-x@NWl;ny+Mz82_*K60-+$6w`2K6BD`-EhA;MOud=k2^WB&FeL?au-P}b zonPAW0*Q-x2mmIz)E%)JL1Y(U9933}9%zGRHLWHokH^ivnh-+sa=~=uM})n)RKghV zd2tYCw7JC3Lj2XFsRNxnzUUL0P+^)x41Lg&F-2a!bXDQoWRzX0UI4L>Y199UYB6VI z3#E-mzrkFXB!%&BQ1ix zHe1!%ZF0W6-Rp4{^|BN>92{RFz+4df3QS4(;m7+Lmp6I^UABqJjUbX1vHPX*kYfD*b_d z2MSqFCQ@BewTr|XCxv+c)sv+=sB+?i`&rHFyc0uNE0vLnpfA}&D)JH~SJRhpz2+P7xf-n*sip+8R~$g;ByFQ|LFuztY`(swXXCSVYVC0uJ^}q^NyC;} zmFBf}!%NqVP92_>QhV{FR;B)i6Lzb@XLXa8ub#8YntKBc^$qn;MYna!AbZgEhZ+T= zs@}uS&<%V8hpJYPOe^ZWG8y%6Y#oc;coBq0xfHYojfp=~974$8A9)hQ>l1#hGu>obvcYKGH zA4~qP!a&VDAo@VA$`J`MOiQJ~lI5u3WMObt^~ez#h+*@_U&5#R8zidg`GlfhWCGdYTaSZz**(JMJqJi}m3&}X%tWlP3lWSIjO!%3<72e$hl;-R{ zJ^7Rtlr`xlrM&=Q*%2si$7h8l2*s!}r>%$8G>yH1DC@$(@@PLOM| zJXp;$P9}qbpChqmvi$t#EE!q*)9kruj)bw1@rVtGUc5qU7P~N-Y3@HIv+Df=?tn=a zjV!2b{F9s@JcX%a&b96rO5}zIWH8FYMk60m%~}<#=8h`spYCjMXn#=|m8|jVA}8f+ z>_KQXpZl6o{45VVnk05y^a;a2Uvw6Bq#l)wQvnqVpF# zm%DiNZluQENnDGlab-O>p_Zkb-hHaAxAa$AiQxXe&*)g1s^vVgjQ^T*TjUt2S&KFe z&?4n+^PKLX+?6gkg1*o_YV-+sF73Mb_yS^Pa{^99U78YgYIvJ|@1g6pRP`Md#5KKn zSKMjB1iPuNWkpsQ%HZmnqw~iG#%!hXoPC?q%U4nA_~ljpfJaJ5O*8iX(0Qpq4_)a@ zKc%1GhNMM}09{#$-IHbWuCUEw{R7}zLjcn*#`~GqX-O0)h{u2XOmYZKn`y#}VW__N z#-%rQJt$q877eZCUdmK96as9N0rfjX&p*SYX8tjtJ2oN2Q zZxu-^Kcp#BxDu~Ida|$qx0I4&pMrCAmP530LbOJUJU7K&(61d=oeWz5+Re>IQKR8| zH>T=TJKJBqOTq;mUtjH+wWU`aum-iA5o}hdat|-=s$IR9F@#Q&j`hw9X?Ka~j@Ql==6uyV^# z4?F?6#n4lY7g}G_kISBS+ZV0yCz?*(5cs^#hQW{Qdzl;3c(3u!nd^CI#yTj^9hDT6 zwU%_s4mK|2d3vF^exV~=Adm3AI1+A+Eyg<>J{1kncrLTldz|+tDXKS7siPmDyp~+* z=90SJOTK*KtVBOXeW5{^T?7ajM{#l!65`JK+mFvebd7(3H3h^f9f{I>-SE9q2Rbyk z0Llx#buz#oP83;+E}g#Zw4yNK$$bA=Y1T}@a77P`+mRHlbFzi2c{|3xL}#&5w3?lo zeQPUN+a|qpNCOmgQv&rO+icaw2B8$Ee68`Ru9FO4rGUbTUn2pEMa#YVluq&Z~GS&=IwXoKGya2Dg64FY0TZVMaBGT4-s>Na1 z%dgaX+w1wI)oWY;y2f;n0f)UDH`|1>*^JPF2hM5X5Ym z;agvQsjDeV8#RL78WwY(qc^^m^Adyz*W7X^yG?eRGu?*B>_X;o3dw->Dh%7L=>zt? zC;yE#f~Wd&S_}f)QD%`)YDm+=4|D4}=O+cMGGnK-l?QRm^4|J&2FS#n6N~nDClS5f_T3a+qI7#cu2pMq3VJwzv>vG#!(e}gxj)8 zC8B?I{JOzFW!~lW_KUw`Qu8nl%0nxCFwYZRw;fGA8g1h?G7M zcXFFN2E-!0ckc?vjChL1PyK|Q!4z-2;?WlDh+!JUanCGhjj~`c2^8&ex~SLa?zG+k z2Jw)fK!5akMmJX%2mHTk-<*HFKKck&#~-$fMz)6eTN5AJuB^M%VC=*&n75lRy_8-4 z@`IxyyrFx-PoC!k0~BUrPy%4%0K5v}!>`_Zxr>cQ-fWQP|7gl#QqYIgwBLgvwy7i? z{R9sn3>Wm@`g;Ym3+)e-nH9Qg7TlJcQhPf4|58?b`JC$pE2^FS1uO7}S92;1g@ia` zr_AW$TLMtjHk+XgAPw2Wxive3kF~+2i9ZOTUe&<#TOZDkZ^PnU$pubs&SYuD`vg%g z_GD?_xwOKw27#6yARSVdBLy*Vxx=I_jI;d83_IUV%Wj_kcBsUCcsnGo$wZ^ll9x^S zROKW=j+;H#0OVmx~UzT9l;nd$KZ?C__htye0YQnAxkZ^XmxQy^YDE2 zHCng=SdWCF>!aa>A7yv-YL<`NdcN}_HLIk(*Qo|=KkHjw+ur5}46k19OwynTo=y~b zl7NT!oUptOKfiHn=<2%x>!0Zo2p^okBGb!SGeNSIeTl4Oklr?%D?)C-3PVA2;YXT5 z>OvQG%Kjy)m-QFI%AE-5xfzFc<+u^eqw5pV0|S;nVcx{rjOuGCEqZ3sNua5jQqf8C z;$evO2dS@&>qh>!ux3)_MmjO%jJ(6TZDG0}mDHX;=YDfQD#$$|Z2`qIB8o?YtI067 zssbElFlmomk+`^65dQ~_u2JVsyTBieL*a7VvOg!7rBfad?k%5mO%{#{@!mXWb3=35 zjPkqdb{+NNzI|esl>?AJ%%%C8=1!~d`Cws+fGKjKNDV#1`mvS4!cmDs6f2(i5!1v+ zS^6=&n#i;AsRqq(83oK~!a*sZ;Xv%PlfQ8>4i2{Y)+oDwZ!{ny7vqGQ{SdnL!%UV7 zc-6IQ>B_~A>aPP@H7TyTv@gsq1Kj$;E#Ib8?z1<)%Drpz#RW5gA>I{_8{3%6Ctq)J zhl3NH_7d~vEALUv+bHIJrZW+NWGFhc9=Ii}(r*3=$~^`<$>XohILl}og0+-z(eKelLf zyw-BdPHCQTEVgd%dBcD%;VLafICIWAWXtd=D1p3GrH1pjFx0_Db4co=iQ0nQ4>QKa z`3wpX9~69ZMT@!l0>y*(Dfq8Ejv_@0I>l=aNj8lg`909=W#fJwynMI(!Ijy3 z04n*ltPrz`DphU3bw(iPY!4RNBVWeYv~;1B?<9+&05J~4Zsnu|wt~`6|L>F2EOuf_ z3Ybf$N>$YOI%y5E8sE(`AS7xaU>tocKHjOY?W$i8;>>kjiw4GLy`Kvj(~BYoAeE0h019 zxLp33SlKr|CeAsYd#U;GqjJ0Mg1QseCK8nz{jN3FH=rpqTqTA-tbm_HyJ=f#l$On< zCRF$hf3!6CgoO5gY|}kgt?G2RfaP0X$r^9?;FuiSm_?b@kgGy8sDY2*nuE7ac*wx9 zhx9Hm&1|Rm1Hkt+iVQm!CfRGPR#Ekg&%`Ntkmx^)XU8dJ4t`3zr-B{$ZYZWgKkL{M z6Hh1Gf0dE_`tenx=RH$_JeF5sJ~hj}YvY;UJq zL50qK^7FVHcLCiSgF1a{A0tSb^p52Tjae@hkWUPSG4Ra7l-rEl3Hi`xvmAd4d4H|6!2X?x8>Q5m>M zE~;By9NkCkCWCca)g&{)MMXvh?9QYRI41+3om*Y}Vl2+CwgL$I)?oOKcJ{mDV0g5v z4KH_x4Pud$ZB9!quary!EtkhQ6QTzBu)shmsnKd(*$Zbbgz}yZ0{egU3vQ~pv;Agt zpgqrxvsr@diIaK_$Rs647n( zl)#)rpy%Vd?uY+gUWbA6$>_EC$>>dGAc;14+MTsN-ib1)V~wYnkG(Vkll*v(+7F+a zk7|I5a-hR+FXyBbyp_&Z=4s2Mheluil1Lje4RE>+49CArZqn?(ujN8IjSUpFpdWF| z19$2}3*X^>e3*4&)=e<_ zm4DIZ(eMjN4B#pjIfsh3JMwQ^>u|2GdQoktQnU_4O*8pL!8Hxfh4%KI_Qhgh@-?ohudOQ7+Z*Cw zy)AnaRxCCHG}kU;KSIZUX};S&7Jf0(JGCtvtvM|77_2X%w~i9gq=H7;?0*dkHUuj# z@U4b5^oQ&7C0W!zez z_YzA!RCT+fG(5~v@&P9?n6YAg7|k?hEfDp?3j@ubuX^9RnQ#;jwORTGUxA=&hWv=6px>0g4oH{qdzE43KQ)Tti<<^F=C43QrP<3jiNcJSQguQMQQ5BR)-}V zh%}1ce4dVyT-MPaY+V9VWe87;{3m^b| zoSWJfuo!xS^XpODiBbMw4njvY=+QVIv8J?xEaf=*iDrHMvw8bErNaP3(1&KHJc(Ut zE=$D#QBs>SoYiY08v(OcO^ch`NnOsQQtDP%GdU`P@w6)&7S6bQwb*YEAZT3Jll4dW zmrTcsv1n8+(%%(mfxADGlgGOx-VdQk$@a*!2!4liC2%8ku#l~W>)^WkZWD)R8vBl2 zAB}|(VH%8}I#h(jjvsF@)<5j3|4ZST{WIzxRTtE6a;7`3kp9w?tbPGS?7m%t8Ouaa zHQ4VM?{U6+z;;M+w?MZk72sCw-0`T_3YRdGRDx`sa$4o3ns$51)*#|8^h3V7yng$% z2h%F@J6~ev^=b72RtrqJ9TpPWXgwA<`XfoqFsfBZ$v)2L=O{8w#}vW<6U-3=#z*P) zf05=sm8JVpB~SOZphNa?w!lz9^+{HPNlmXfmIL2I%|7Em)(B^%@yeVTWxaa~7}%HL zHkXRWCh=~qK1@#{W^fv7^FsDh^`7mT&EEnd9&b)k47Zz*kh~jhhTGXu_D_sGJ%@@{8TFuSu#EV|=zcJ40Fwd5zZmpVqaad&EiyPjUf4=RZX|-#23@>S6FN}@cFzQhxL(}%yas|PXeBCVD zT|nq`Van*u)Lk$xG#iufDj^OzFQUk_iwn|=_N6+_&kIhY!qF*iFXX$p(ZP-UIhuOk zWyK=sK92W|AZM9mA5g)1dqdce`%^YE#-s<(S#|AfItJ{w^%NZLGUm5IA{PlBUqL5J zCS~T|4TbGu8cK!NWxBIAGiH3{fJG3+^mcYAnDv~m{?SongOcnY+(F&GR{{P(v{FZv zqIOl)qBoLfRiHZm_^n4klk8K&l#$YmEHO6&z0UHAH3#Ms_I?JF+q_&K#JQmsKN>U{ zK{b9Dd$Q7EVi0}j&$5`gz!(pvbJTb6CGKSxwKf_1qyl}!N}9y9+U0LLubW#tCmL>sN#-O(6PI8cP#wSe6Q8pd1*ENUS4jP@fX1oRdOGmFB-2n{t{f zZC8DpPi(zfhP4>|nr88BQKj&QG{>rze_l!Rm2E2$YSCSQ{>s;shavNAk5VvN{Dq0+ zo|8hWSIb3<-{s7fieBUpAsCt|>*Apxt6*5e*8fqu{oFpQZmo9WMlQyXTze}+9@rQV zZR#_PJK>kzm$@w40&eSBzTw9L`4;oq5OMO_U=p$2-4VqyDzthTKMzHPF&>J;gh}FC z9EYGsi&PVZ#S&aA4!diX-PWfx|M9w7xCd4?fCHLoY^#=_fa>ck$im-Ej6jf;_PR_D zp@y}?dCKmrlG@x>_#*_3EWr02`xdj|xf67SDbqTRm3T-%e2c-|tpOh_&PaD|KrnXw zxPiudWy7jR>8m$pvH^X*!G_fcENhUVn75t3sb5yc5mHzloIjtDx4CM()>>4UiUU32 zryi%g)ciudZfN{e)Y|GgcMpg9tSki z@{P(WRN|_<1ZMA#zBfKGO~37vy7$&SH>-oM)@m<;QHtzJEF;~AZ5qE+E;``~{CTg< z)Z9#mnhCZiq8@181TKS)5Ghk(_qVSD?PmO4h7a+v%~)rZ-57ACfE!TAZ7CMs2iZ(p zvM|_Qr`=NrHA~#+z%_gCd7c9wMPa%x-i>j&ggxq*_$em5SSE@}SQ*Ja#C{0)5r?5J zTXpAsY0Pz`RYNkYb!^kk2&#aA)*uh0Z;rPEQT}pj<-Y>KF29VT=>E=*Sv-{RW1GhL zTY#oo1ep;=#hLTnh^A9bWQsV)eK;tz`gT7^jvC%C4bKz>b6DVQ<=elWRWGj@r;ls` zN;6>gb%Ej^JUeZ+AydK5sI6JpQ_csBx-U_zlhAirIMFSY59N-TJNoJLNNw!cm@fpK z^q9DD-d|y-4N$kch9gjEWCW-vm;FaoKme*lFyz5lJ@H@`nO=qVqcA}S8GQY+^x9Y3 ze<_QC8|C5xh+><@Zup($vT+a5_Js z=(`70AsRRRd$#Qd<;$H_mCL}DZ$E^qMd8rK;b8%*0N@_LraUR_^dh*Z@Du9;zS75U zuOGsGKA|&8veBj@A4lk74NHo?_etq;kTO0e!=a2wBS1MdYWQ{8D&-d!E9m53{zCOX zdmBVL0Ta!1$-wE(+%>=d7mQ^z;5xav0Gv3cvE5umnR8~pC?>5n=3=STLjBI5O?D+l zM~^eVB3}&iAIqzfHSYXj&yKPRZtOJ&pp{n07x|vn@1HGp@Qw$S&b+zAxVyv-2>In@ znyaZg2z33in})(Ce&w2eX4E$L7(T!TAMv%FP+DH}FYIDIjhO1Jikf-@0|D7`p{7c_ z0hv~8)0ajyW26Ty++EL3`qnZXQ;*+KZbbN0Ib%nSWV@Ui)SSHb0CISeIcM^y4Nkxic}z6tudTzTnjql_7Nt_ z^%9Da)g@2=fE@3FOr)y!KjV$f%lXkcqH%a2s5_UVU~FSJ{|OHoiEu|{$1Ud8p|67` zu;2(4UND6_?C*IOJiikUVRQiR?PU;;kR3LS7OW_L>oON9)Z;xXQ2NS5A|1`QXz}GR_hCye;0GqiolK_dHj+ zL2((_mB0C{?BqLxjp~>JFzorni%caM{TTb}2L!o}*`pzBthpI!O4)~mDn0+oVpTuEUe@8?)< z9(LA~eYYp=s1S9pRK>ca2u@6?K4G;NXul;Wfj-aKLLa5l+Au&V<6PNgYuAO|H!}pYraOxaw4a%rkNB#%E(*e*221q&m z%u}&&S}AUDC=^2NFG2jI6kJiBY?H6z64h5RouU*H_*{ibku zi(iWr-U6Q#3V-~B$J=hIS6G>`TO~tQ9bC31)zVzv9dO-B|2}HH0e}mUWS(m1)#=zg z+RFc zMZr37{RSLlrRZvKt?cw9JqB;*xDEkN$JpdfX<+>DX2E-d`xf>T4E!dJ7E8D^fpzd$ z&vxxVqKQ}3Gxq0cgPdyKFZ*^?GQZvlhV@^{tyh=GTJcMGMcC`G27l`}-5oBtodW=z zVH(@?OvaEv0ar!lxop8fGF6Jrer1NMxHbfOu4lUH>1lV{dN_xGr*lEO(YraB75YiQ z(WZ`GikPhAw1tlAqbtO5qeF7dbWf=EUbFgnq5bKOPm$!T8)JovC7v5<^Om^yF^NE7 zGtKDUz zv0Nhgun%h9)y>6fhmSOB*3-;s{*#6Iw{7d%9zN1Re|RT%;;g8+eB?%_hJH@xax^=? z=uDs-j+$2(iQs>{)3JBE~6eJA6VX37h&{kAWP68c_9 zi>^o!Lq~J3*p}J8?Df=~H7E;x3^~lw)5Rn$4w4_4C=lP`=!%6wL-v zMq39!BmFcs@G8GD3<$6G@Ox0DOS)ew;WwcijYr?A)6SfT_@LG{BADA1#(IjrxYtq{ z{xG}9yS<_Gb(6gpX@orta>N$L*#A^GCH4!f3dUDFiNpGU0aji4UfrFUo37ippZqJJ znx{5l*;RI7z!k_^#OV}(W7dz;VbEo2&+OnulZ(>t23pqUr}NY8CKz-*)5Hc28A^Hw;RzLBLNFJOT7O{aOZMxko- z{A2kGoQak3YRz}W%j}dltrmN|dO0ZLSj3A!iKRdlNfZyJrBDy3?k4$iL@XBRntSc~ zr(Ln;?SHfW8#gny0&mI6L1`KP_T;s)o&%F-opOm6YQz^I1q+tDKk#cV?&@)ufxldO zKuu}nR>0ewu=*-1Bl`qL<{1rFDo#_~?ZX=-iy$?j|?g z6jd&jV()*jaV)wOfm7^H{gF3DZsOt~2H++xN$5wn)Fw)a)Oe1Fa<=U24j zV+8S1z#qPQkPFEkEsvjgb~;waN83$xClH9fI5;fKri%U-b}BXt&V-JL&*ZvsVyucX zdvR(@pgUKTQ{E#{X>y}Y!kOH1+f+FPGgIktlJR+iox2|);PdXVI$wx-TJCyCDLdZ# zuqG$-h8R_qjWB3iTv0qtYoxE1%-njIesWtN5CE=Ye{F8#t!*6$8}7vpCHas&@u!>2 zScc?7y1f4c?4S`E*@Kb9xPh!NpHj8a5`th}6uiJldza|YC+XF{G=XOoqVrzzx$1uM zTj$O2r|G*4)eJ1}GP@t_OAXq^!I~N`BSO`}YPXr9%?8I(>YbH5qIQ3HLV+cdAmqZKn; zoG2;~Z#j@vABZ0G$aR;owHARR66M(G4yJfD(c^g(D%7Bp%;qFaB6FWVTbOC(6yv0yUB;tDHMqvU_g=GCyhhYRcG~Nb zARdv^{4$O9zNL9(C(>hGBDDqdrWy z3sXGmd*k%Y+SU}1bRLAu+zh`mg-A#aG!X$ahsPk|DdN0bJaK>x9IE$;qIMA^r7Gxu zJ39DHMyKkp(E-(*x1Jn?pq{|vkK-6KEEJh4P0r;3+;n4#Ef+2g<&m?BpAvW<9w5k= zKjmnqwi;L~`5uJ3r?Q~46@!MOg6VqIkhShJTMtBRi z4`f(6sbHmTbG~*^51IH9y|0XVXuhhY7PE9g0X_RJ$e&%iaTW=!C#GKZoaUJIGSq*u z;A2dhx^P;7YN}zPLvdCxDwuO(HCZW{f3lyhUL7SH2+H3#^GH0<2Qxj^N9@f|Q2N%f zwTPN^?v=@0PJ@rHv--`II;8ta3w1LNE5nyn3q)VALCCu6LbX8=cXF~cd8~5246qFVwB-pu05?9op&R%4QuFm>%L6%1I9KTxU7{h4`;z zDr&Jvn}&(gV7tO(M@X;qBV&KxLy+t-U6USTLz6eXj|Ez2vs1(;&uAgEV@t}buIf{^ z1OBeMyuf-RZ<6)TcPVL^*T>ow-22Cx!b{~2Sl2R({0y%7>%+N!;y#-0*CAN?gfB%) zg#iMyN~o3P#qx1^S$c8@t`)mzUh723&1~%d8YzY(197m@V{yda!ZGv~j%3WjiiP0u z%zx8Pb7V(pL zpBI*QYx>p0Rp?So#6!{Rbh1tJ{!`9%=ucV@aYkPYpKQoSc5f=JJ*-dd@^jaRDw~iKkcrW&lEX;^E*!416 z@qW=W)eab!JR)@I><(dB(;L#Jt?@GboJ<2K9o+DUL$(AUEM|pb$f1nCBv*LJFT0Av zI838CdE65^3K6xD57so+i?ceT!@f<`R6bzm8`q@fPi`u@ooTd7N)PR#(@4l}T0Xu( zR~mpa7p=Q&^vdNSJbyF8&HNmmvM*>J9JzytPh6#K@=bX44LBy9jT}CaFF3Ta<`+-x z>(D6kc0VUSJr!a5?03Jx9~F?8Tuud-0V=gYKXUliHTPM_kwTocMl`OQO&IrYGUEip z3v=^O3a1`~2C-x&;X9ERL@Fw=_T-q>%{Xt966|di4!eI0WFTSwWp7+hysSX9t);Qg zJR-p&k!yxe=>)w&u~zJ4h7*YKC0q6Q9VIxTNgLIqJAD6vvY_ufmgXWC3(nu&(Iusd zaW8+Usl`xsCeS9iL`QLSeXf@>_U~-jxI$RnYfN1IrlmGYGw~K53T@tAJ~GoSDst`d zv9@V{KrgXCu=a_eXdUR^K!$C9`5-K}in!d(z7?ZUpUj&i6!xCk!^CQ@9Z4aVQ;!jr z&h$=)3^XczFzNnENR0OqJ-%Omak0x7JBFIjj41p&m=7PHO>I_P{5hD@KFX{E6+%(t zI~&gR_br0mUX+H*D6j|leuf%bD9fhMOGAC9+%xH6d#@{~SD-z2m`=!}@zf7z@~<(D zp0wl{lbX_)WV5UDct=YC%Bbaz3ldHekyf3~daiA*-*?QQ7W}saE=6dVTH16mp)Cj9 z4BGXZwo5j9S5@?)-HcncyEEgV09`y&pa8;pv2G38B3EQX{v?90h$#c%|Eu>8ag6)2 z_t91I_iqFl0Z-vG|E3tcVatw0pJ6sma@++pWg^e!Gp2wWU?lv4V)t=cZ#-{Qj?*-0 zh~@iLc+!2XJom`#L>2ODtI~A8as(CPJkoKrax|!)Gm$}u-#bQB&}}kPW-;gkHN0YUKmW|A%+D3G z;b8xJT@%GX>9mwsY3XYbvnldlc7?X2;ob4~Srqq;W{L|c`O8Q#SfDV`toT~q&5O!y zPxuF8HuuHI+eyvU9CXL7s}o&g5`$$Iv;91DxLxEcQ;_icYbH^w?>dI#Sqjk59VXG! z)x4#Pt_cy2A#h{f5XF~QGe8$}wp2$8=YeXgqPIT&^U$zITb!A;k&ovjVf+2$-|Z~p z9QVb+4)DVChWyX-WefU~%N(-~IDw(kt!ma=6h}VR)8rI5Ku5D_pag-C&;rDMs3!Xc zqqc=(0y!Uva4Ng@nC*F?e2I80_1)$t0X|8~7<1#SA7hH?g_ZDrRmIB99*7*(PW0X> z)}<-;JAeAjv@SRee-b1Cqxyv0mv5@|I#}i*u@~z6pfm~FE5_flH3jVCeY+Iz+oh)W zKSMK2W1ux_3$62sJ-D-z9~#mqs}d>JJZxX`>{Ut4eh7Tp!SJqfONvhz4ULWqF_G_V}>;5*I zfs`DKSw>e)SibR>B^>^?67acls-K+kny$)|;vPV2GqhSlQ9tZ~ZTyR&X!W?En|p(~Ir;j)mvC%Xth< zW^HzBPA8Wr38VXbSTmrc#d6NPIr-U8=KnFglPHkpoZPX4caB8YF|R{^+%Gg)p`Z|O zn}FAR`w9sU*JoYC@Mz}^TL+^5T2rSQY*}%7t4(N>K5F-J6Oy)j3zUwQxFC^zOZlcC zLjZHg7bIT(YmnJ`FOPiC<6c`h@|-Mesd(q6x)N%n<6i@L_N4AQv9aO0TniEvSK+;G zl^|0<2KI1gRj%lGTgxn``7uc%gTk}W+3mn&#K|N06d*TB{o-weV50>bXPA&2ujoLrbYq_p^U-)X7(v!$uvhA<&QkHaNej z!)k$MsFa+*{}oa2;AO&nVq@ZcxfZ!#PiU!dGcNkXZlxJRHm8;ID<^RveEe~6(Bx$S zcDDJ^_z~B;dEsE4ea;n^`)UbsR*=ix9KX`#Ix_<61R5>IYN&$=xj4eDUtEsZ5yRiG z{W$XuO8Wlq@CQ$BNzRzEtKt~iLe@eR% zl4ISFSVU2LDH@w9=hU*o%g6ka_t=^L2*vd^^XdrVx_Rs;7p@e!;2-WF=VPW?`sDWn zevdIna6$>xtLzh&$DQX?8VQgH^I|hy`ghher*A>?8viWFV z=38_$5^VUuDjAPq{FX(S%UEA_6EAha&?A_`V1GA7rHBg(Cka5zL@HDfoxX62A(e!X zqQ8lV<?d+FxjXiH?KkWXg*uSsQR&W-78Py)-X!dITkNV^k{f&A2a5LN&;##z7enmQ5Z9 zl*Zuw<{3a8^Z1%hDMt z8J*>AGEX%01P#HsX?xwV zEMBTV%Zid(we=^yYUr`Ur&zlwDAkzVuzZ0)ZP?@1!2rCj-&~?Pq#qBCIE~(RPx|0b zEhRcAB;3FhKpb# zcI!sEUqb4uN6Y*sf~H_V1OOK~LE=c=wuZchlD1~le|OHIGF&rD zH-H)SpIQPbAM<>l=IO;9rlvlee0^i8Ur0umAlj7y{@H?jFLIZo=y74n_?0!aTGYSd zZ2f5d2&%!%cRS3zIT?&D!T=;mlBhC?a+tl)wItO0`|q3k3$ zrAg|YV{)EKAcZ@N-QZ8U43>Ps3TEW(XPBN$xoGc(lq8Aj7e}KjIn%Id-$M`Jr$_U0 z{b*?->F=GbF*ZYH(4G zmQbUqT>FcXd`$Tu&D|gfzhnZ>_Kw8zeNZlB)2*?7&+m}8v&aZ_D9HI2LuwFe)>j*- z9vf3#KXo8%WPGl%>_1<5>wTkVTg37IZ-(;E{qo_-s>I)K`)}k_YT?IuxGBfe-Xdp6 zgymiT*s`2~bbPhoK%Fx>o(A0sUqv2cHIvD~I?2<2B-8REeHqKC6LnV!%^bN}Neh=sp`qbG^jb@MCnoUrSq-UP(I`=omu6wGP%qaPnwY`^{QJxWYr@tYf-w#*tsqmac`c^6`$&< zbX}@Lf7O2l;c8q#I8eRv{;0Z+9$oGk|J-u>`G%=rWz=jU$z+frA={a8^tkAmjG$hy z*Yz>V`SZ(~f3L4So| zywB%6s&*6T>Wk$3c+<^`^u^B2F!Ch|bn)c46lyA}>puVfg10RbQR38ixco=2O@aI% zamOG%7$b*z>oTwiH%(5VX1AE~=Lea5;$zql6V*7aa4f-4d@mw2Q;8yDoiiDO5Oq>yCX=7@-IwpMp3CXwT7B(cWW z7C^g8>cC-BN5_KH2lvv?e?FOuN^LM?L&|D7i+l*b4%(_oXqz81JmaCu60%5f(9{JI zGL3Gb4T->z)#Kdf79PeZu>EHa=`|1G$llk(&|aKBvw>{c90M6|5l5Cf=gL$7u1E^K zC$^uBOhZ%P*Xc$77x{v+8&%RBGEVa$r0GTentUvMGnpFmXvhMPkvf~!ixI!&nNQ+- z+(DvJ{f~2IyXHZY%R>@|kl$0_MTH_#O2=nSNkSE^P#+&_-p2SWpGYiBTACq3IB;U) zetI9w_H8*&EuF8DUc7bG!bI7gv9`))4&jIvq^e0{G+pP*N3;q(Cht+~^T~+q;{5~8 zv|1swtQCyB+NZXbZx^p&83@&{UhB#7S_@0R;~@yQ-5OTTeVNX47{De1%ArTTALL!= z4s_p&td`Bk5gX7&P+o_zEhi0nc+#@uEllOee^rFswxO{a6E#WLV6`mUp|7nxWxrEP zb}GF4fhnN;$)vg|tM`I+bZ_)wzPX#$B3){?+f#AV?fe1$*AsG2){7_y$}6<>^+UI@ z&EeA_mPKF9Gf!ZPnUqUiE!UPnC+ST5rrB%8xUnRAZ;X*r&DoC}h=x}2_qK*%)ganC@Ph&@~GIyK+#%}0CO5ImF%Yzb+4zfd8#PgMKVOI1H( ziK-P?T#dXL$|K!t|6x|id8J1UHioppMqQtiVyF0%2hIj=yL42_G`QaQMpCv4zwoiv z7V*$gI0n|Ms9<4!;`l?|*orR&f`B~JwORfc)XY?g^z}^E|7DAbP9#Sr>%6L)D{kGOK;*Ffmb9zi9d=$6VZwFL{ z{J4U?C3Lz#Z6&Iafr21$-WyN%{(RW*@P7k3Q%|~j4U9v>Gu^VIoaB#fb4joc)Lb=V zJ?78`^2b0lLfn-KoD3mBAN>egHW6I?uY9*148x=whaDB+lrvo`s~)=x*YXxDcV~ib zHrwf@*5FNF_jEA+6S7`utiJH}5>AsDDSsf(&tvcFC<+DXFF8g4JblbQZtm7|_z5 zeXfY*$7n<(w>9hOb_{JOBunDk{l`=XPPsbx!M<;r)Ay1{44V|IM%e=T@aOF7v0tit zo^|#AkEv@6ud8d?QDZhX8#Qcn;>NZcyHSJ2Zfqw_W81cE+qTW`w0)oS`<Ryi=?@=z^!y@NR1&>1Q=EXB|s^aFIJ-OUZ|Jc*k+1(EwqK4SFJA=bkbouFwzYB-` z)diNc{)S`Kns}2Z8v5yzu(U=G1L`}BYR05JA@o6C4Mjn&;7blEfyjl%d!K~eX9uwqEv805hZR>up?7ZNkgCZwrIZ_(n*teM1%=31N zUa5G$87g4+L4i4-_FMv1vGHfqv8xoQg^VtlisdS)cbkLLfHE@p?Z5@I7Jmn63KJCsZBCN&{GGzgZ8 z__jdHH{~4$3wJrVt863|gdPP4TsUgmf?q$Mpnkkp>pt*mmiV3pg2_h=YmM*|eEU|= z`50aV?EtTOIdHXRx`bCYS@7luj6~qE&;~Qx^hEYb@2?%>f3w7gh!s{aMGFP zspmX=_=4L=`Uf=+?}2r=tOB=Nm=;6&W2b=LuNg_Rg-RV;6UN;c1tV%HBG_j9Os0S*sRKtw8)jM+)Y??nl{% z%llE5imp4l9jnAHbMLlVv`>Dgwl~Y9{%NS94nCXxikCkdNR7F$e`|C0WRJiExuuY^ zgMB;SKy9x}P2SMD%S*PzI-}}Z4Z}K>MQ%yZ4%O!cwj3}*l{ta)Q(R*~H9N4ob2?VR zuXS~F!@$C)yZ<7-d%t&2(fvrwGjI$d9zd8A7W<0fY^-pE^s|=&T02wEvok4k)V!>6 zmn5FW;7GqBbZ*#8X{^87(F_Ro`goe>aQpK!1BX;ajag>5h(MVGHr{pp$TQSUlRj)c zlh6)@@Q;mt87VJl8S;*=g}bfeCdf@hNkg(FzhE&asJBF-XHAx>G7PP8W@yBp63)p+ zRinD=pFHr4Tdt#G^XDdl*Z-4UjeaNGx!lDj%fLbcs>wh%Hgpu{<1d;AKGDickxITo zGcT)!h+9W>0UUI|s6{QcZ3V0bmv|T1&4ro!9JuF$PRG}MoS^5MrdZTudJgLf5+q`) zcm8Puy*w^N6U*siRQJq|4!c1~8^u&1TMNr>P&VQ_rb?-0&+^k}f~(TXMp3?-d6zW# zg`V5)dzF;ZfI%-x!@z(G)-YGC#m$Vwpkh{$b;KN-c9iXevTfB%GD!LuspE4>?;sc#U(Zo>ydSCyo;HUnDxMa!mBsl4ujARGndignf88|xb zLR5LX>vOdQ=x>3^h!eP@0&|}3pHC2Rsv_uL3pO=z6u^0{Gli@0NT~CM3HB8- zl&_q9LRSwB%lKKRxG~W~Jsd(18saW<6;)(0zbCltv>cZ|ZGAqcUAC6aF_{)rU6Z}9*Ox?*L^E4rDKH@WuOuvf zy65WZvBASz^)bgNVQ<&~+)$w*Gq3h@+rDALh}3vK4Tii$mo!&_xj}>9cots)MZWuw zU=HK<)W%u@jR!AgT#a0=%sITWs*Cc{^x6Q>*8{gxBb z8jVBB;H!(12F|1(WeF=9z*>&4^n;DAKyUXk6LV9#B1gXixG$b>PIG?xLYdsM*Z40;A4*lqSvt!!0Kr<%_5qguI!ACEi8=`0R_<}|`v++&CjE*g>{B(a zOW}BQ_zFyu2POO@x%~ztE-D?phE(g#5i(eVD4ALVR}~^u%ijTUa}~AEHS(Nk=?-FP zZ?}*Vt}>uKKO;$a8hy})*T6l=iZ?(Wpjd@V=!c+reRPzm8 ze4z_UphQ+vI_C&2HZhRwRz}LaBKeyvC?GwOI*+%0Y!;oa+0!jJ^YYKnU>JNgXySBA zAa?DXTX-G-r8LSDgOVe->wU1|$e*L9p9@W5wc7Yva10lAlUy!b1!NICd<*Iq*7PAF zwGg&g8i%L~YUn2h9VH04;b^69$0?s8lS)RLEx0lJeMdj)NUT~Ek(xNfW`wRWvsTsYhyQP z!Zy{qo{Px4Q?6bLgN2mmsM;fxg;jcT@w+seb|e(>8RE}?p^Gv1x#P_w9O~l#vD3U& zSN^@j_Eg?NoVR;K_hSIQJ;e$d7joWNGFFH4=dtfH@3NH~h}Nu%pfn!@#gpf)SKNHL z39Y$qp-ffIs#>LTQRfjv_DZke++Q{u30JvjN~HwFRWiepByo1PKH|3kAX4K^!#*f)i%bUIep3l)7|sbs~-o%!`OKnw3XzL zf4Y|uklMBu#S_aETwv8rf?^ahsGGE%sW@`u4$-^zrn@3SY+b7tO-4Wg>p=p(l6yHR z@xTk&fdy$At}L;jVX8H@1MTD-KVc3&e8?fP+n5gycizRdm}jNGPPR(08Kua>;3L?1 z2VL?lC1N;*yQ|kCLry~Nii;Mn$ra+uMHgo{n^g#TFCKhxFx+nlJTw>fN%2tO4=)H!sFG#8k9)wO zep$2Z?c6WQrRr3Qm#JWl&y0`Xk;fm#GkRR99#Fh0oO452QMuoaNq#rvQ!_gHvyud| zp@r4W{`eVoSM?|@Y|*fGs?2y!lNT{y4fq+cD+5E1Ii~yey*BZ&-ZrEZq)^-3hsc9N zG|oO}lFz;>yup*0VHTb1vP9Qn>G6@LlJ7G91um^s0e||5i0e@v(H%_tElVTB~ij@TuoKU2v)EqP)U?I3e2UrSt%gLLEp}$?7 z!m`O%%QYjQJD}`a1nA8+zVqNNScY?R+k?;@1<~dbpg7;-hO4icvureGQMvnh+yW|% zob#Tr=5f$+WtFFZR!#|ZLx;J8WWMJE6lbOFACWljI8`~CU+VH!Ats-%_Muc2J8BO+ zqAS}@klZArjLk5BXS~fJ$sHRAa^X~$$UuXmX!M<;OXi?+D<}JTMkdq$OL~9(5aCMp zP)P|Z2>rw$hsVSqcN7N6qcMVi^b?+I#gYH~M3Js=>5h2=7@8oS|hC= z=|!f6u@l7&S11VgE@Kun-6g(Uns6VGq1dCWYsigM`rqvugl)_>O3@xlcc*KAUZ?<| z?|NXOi^R5YU(Ux`u)yFv#x(T_;)rbKL~U=$PZl$J$FtLT<+0;s?1bzoZ*_r+Y`*cq zR7pE@DBMX{H>#%B?H2N1e7U5hvPsUp^ol0aOs~k(FbBcNArPLox zn|{A5+f3g4iB;d!La5w8b5i*B9%L6W+$pPjxff+bG4^;^E^rPFDk zVPpT4$|nM?X{F-xTd9;nzi6>zC?AXY?xmAPI)y%+${juSv@<)p9xJyZGt!I-xTMJuKtNG2jvk&SN8KNwG z=wGLU@yYXswquxDzz<<^e)FlFHIz)urP%RI(@Z=`P*Vv+@`0DZ=($_CNy6=*8#%(S z=#TUl!4Sj;?(FAZ@cjh7jh*MzUR*Uc@Mxg*k>=cYG*P^~8%s{ko8B%PL=pZv4!`?4 z#@APqS1_%Xf;ZpnP@#Y4yfUM2^_lo&)?w?J6Y-a1BmqS4bDzxjbSUed=RZI><~zYY zN1SNH^8@31^1#h7ebw}Uiy^sdF+@b6nj^ylV9t+YsTvMBv!%|0+-u0FMh|L(PqueD?Ir z*ic)B1P$K68L2g8cgfp`d1pskP&P36Wv(<43IP3&0%iz*c(!ZueJ-dGDoLddF%MJd zE}4Aph4X2`Rn@GcTM5UYR=&PI`Qq{to7#2d`s@t(QX9_E=FH|(&Eg%NWWKW}$|#V(s+BW@x@o;@ zx|XTrl90bqWzrF9PD@q)l@7tzhsnAALyLZNVX@ z&%XLifcWnI3#ceov$}D{Iu1lG;oA1q=O#DT$F<^ZJYB&qt`P90R_yJwIwLRHet)U9 z;Y=-C$w$28SX-OC+;3QXR=kt@d7I7W*QBwS*QD<&{hpG6XQD>FYI$ZlwL7FcDefoc zV61`xiR@9rrn4!A0HnKVG$uIpu35lmk?QaLvm+q* z3%^t5mKI}%2F@ewHBrsa#CFbP;aFrnI&w>pG;sVQL?t{v)7pkCdKP&30&m?kv+#(9 zwGvT$C0s*`jJwvR$LQtRDFJ3HgmB&yq-AU`{e*cQ!66@gFtyT_y~z~BQB<^+$U}GT zy2OB`#$#h9le=gQl%(cV!~y{Z80(c#@mIC5o7Rg`%WV-zDhFxKIyZR2lm$&@mEZ#k zIgc3!`w`=NrI|C%N*WA~&j#iv` z^9gh&WZJ4*M9@<}aO^S4&bS9_fAaF~&9tjRv!z})hT4CM(1P%X$saW~(b|AV&G?;v zE`%?Us#_5nmKwF2c0c$GH-JY#jL@^T_R zKv_C~vdrfR>UQL@A^Q#2SP+*zIek+LMbX?I7fegU!@-hNtrQWkGP_S+a?lvwZ!X#4 ztf%zUS=gCgzOV9K*Xm{SI^ny85he5#2%Zw4gI~&<-O~c`$LKuu!pNT}i8*iCFTGfr zBSu!t5Ss(x+uTazC&{&LIpclOjiGe~h(72>-L6fy3iQB0U+vj<*J< zzTlTcd^T?od-2I|if=key=OAO_s?2=J$XLVZM@~Nyd5UA&)_DcE6aUesA^6$0=#wt zI_sYtuW~bA3Ktey*|tz-vAc7N9XH!=T`w}vA6-_LJx?y4hGZgib|2QYv*=&fsJ@S#UV0-5^R zn6EOy#T1^uvW#+*XK;~ApBfAT!c+8`TTL=Zwoh-aqR7b~&1W|rQon~X6ab5nN>KbDqHpyYD&#~^NuwI@N;-)2sERV3>vwljPK7QBFL>87qGZ2k=gAv^CpB#+xzZcNINzG zJoM~XNE@Qn#{KOhMU;Pd9PtI}gM)j%gS8$rS%BPk+E`FJ$e$zMmAfNO>%W<I+xka+AmTTS^#4l)8ssQ>UxpwkuT z=ddjZRD=si2E#b`5=f92i&P1$Q52~MDou}bwrgD|N%1oS!RqyaCjEA^gt3=^<*f~d zHZQ_{JaJ6-8Hi}9=VbO&C+#)th%MD0^)z>I@5>{$7PZ2CWZ{9~&qPMbl4!f1h**<& zu99OD#`4UeDRAntL7|`tUnGL&M@-6Z2L4_CA5z{6yP7zvw8Q|BA^}8-CYam>#8! zh#*h`Z{{lk$NG`JuGubIP_vEbNhxUyV#{h!w}1U{P64Nm10m87vGwFp>Vatq&c(0J zdPVCY`+a5`^Rp&{sx0Lo+XloBvxog%^-=}}rBkv-98t>6cH;KT6U_#1M7PRiq-S3a z40FUs6=RtZA_F@DN$2#5&TX33C)xdQ8GmqdB>oqidG>r-$Yj5rzS>+fu*7|-+8_Eq z9DG8%jR7`4zZ2i*^o6eM=dvA#F6B>*{i6Qk8r5tKP)g4J#V~julf~mQyI-0-+h0h6 zw=#Urxr*aq%cn&us~q?N%0d4H;+$kz<__`9M!jrBi{NBrCC7Ty3~~Ao%}uHi3eT~o zO&$+d=PqZHCY9tTIbWLAPWrGv|9R2)vf}=0>XJpu=*G$KxKFA@p%gV^BTf7hQ*LpG z232jKKna*XXDLn3u@R6a3B6&D$st^IYOjQbT4}MOF|gyHX!+y_7ofQKt2vO1bMV}T zA(FnEi#un6N;bCV4Cb+HeeoY7f-vblx(6tetzoH0ULh$vhzX$H`B_{eK7CyvBl zFkAFq!Fg5)==Q+cIXJ|+-cQFAWn5v`o@uj>@Sp!X`8)|Z2)zJ%V#AVXFJe_-JJa^O zsJ@TDuLb+xZk||~a7_}Fa@kThPV}14V5#CuLhE$30h&ds;hGWOvsb!&{XNB6xJ@}) zA*#%IO)kT6r%*v9ygr4nW*oT?f*7m?)4{Y_7F};Z$;updOQq7Qg?c`s>rvx*1Nry! zfbHOufeT>L-WX5WbflMIb*jg6d)|6QtkrZeuoA~v0=gt)BZX88s-tiw%)5DqKh3{1 zI&y~pC;f77p>TEhp$%o;#`>J(Y-EP&>#uqKwQC*_hl!%96@SLOCfBo2gKpy*rc5J~ z8B^?tUK&LivN_;B&e>7U^-qc$=)vHVpzYtKL!u;R^Oku=nVV~m>$0Z4FajHomVs4L zb0$s@?$WO&0rlUEySB==@(hj;M(T+2V-2`KqN|v>F7G2&>wS=QyIGHbR<5q-Vi}!j+6V0o()k{D8cz~MqP?)pXQqf4n-(P3c zOkuzlyf}4TX=)b_NmzY#gu#Hg!s%fi|6$Z@IHqh8=BHsB? zKW2s{F&Stu+^)9c7 z{C<<#rC|pS;%kfT?3y`)@ttDR>s~X#3W%$%a|^%A!I66P+lZ0SLjw* z+YEyOdR2EL0{+8roFu64i2w4sinVjI#Y#NG2U$(Rz^&`xgn7+Y3|@G%M3o#e#S`xH z5f?)Zl`A9`=l5Bm6=t#a9u_#9&hiq0Y?g6^4?TU9H3_<6=J)rnM_5!JT|&?fIQurq z1}ms_^842E4AILABAL3V2crOe8%kqy^qPVIoxuOd(5SN)x-8@bR#m>57Ku=B-FMxa zvc8LDzmI|=ZYFZ@bw>LddP2JtM-}G2ctdq+&;&eZxt22(i~Tb2Z?(C`zVc&pXic$V zSwqxyU4+UkTD2@sZM&%8z_VKJeKj8?*bjW$wIQN6q&`p+FnXVB{^A2R6tv}ht+nMo zSf0gVt8Q-;ylCLNyF?b}obr~VPglKD?;g=1`VEV)8sJRS+>k7|IA@~vbRL3d)H_Yr zdU)HELX;i2yR?kq+a&dwdaLO%rk5Vx%)gpaJyfUpuB40r$h*aP9X9A6DIDzeBhykp zg?~}J(pUJ%J;hXGRX$1NusIIT$#H-S*f0S#KfEuKX=djt|0rT@zNik#=zX z98Q36Rw?Em7v$^7fG9aAii$aBmQceG5mVl_TlTwI8)OVy`R52MB72&yDp$W9AwhBd zgV~Dk$}~C6E?GrNKQ8b0eCf5Ul2%98fHa3NFe%E*P1J%D~6^@DqraAbGFB3e$R}kQ?%H7BCF#+&p2YJsCD4R8AjrX zFrid%i3(sSso|(BjehYkyhRQx`e!76;l3}fs1^3!{sGQf8^jINQv!nHgpZ5s0u^bb zys6zLt0F$GDj0;^SOX_mcxYYU-Nt7&Zxf>4@kp6_56bBTc5g(U5KlyY!s`bB!5p+ zTu2kJL3!i*Y);Yx%JQZwrX6V6U`w#6Zwx!d``(reS^Z5zl+-9Fp3Z{$Qs$dTph>zcikxweBl$Hx)ao9S(y@mS_LF^wEtp zF``+mDp;FF2dfLXx8_e16G`hvVqYn4(|5CmW!xqK6<=q6ur@UQz4K&^(tNx17ou4U z?dHn0QT#5>Nw%;4hD56_4Dq1F={IIXfg_k{Y+GkrCIsa_NG$?N3W!nfn^vI@z-Qh1erdeAC1LRP4Ca0T%U5{ zchBQ5Hh+!LIp!2faN>539Ks=51=+iyDjsAozf?- z$Gh2f^$hHh*;?ZAymy|cK-Yd3IhvS*64)%z$jKeYEBz0HRU3&q4;i=0g#LyDh z$kMoPtoX{#mH1<71 ze}H;SWHmG-TB8QW_iDf;KG_g?c|aMRb5WSEt#mA*5J-l?wkQ2-rw;@~5dMhOY9&}x$h7uPnue2*oV52P0 z^XtyO^Qeg`gGG#7@3+?FltX_2qWHHA@2{(J*G+8>Y>K}3VbrD_czO8>gjEBNCWC~x z{?eM&481wgy(hb(mdzPT>xhjKi~JQ8&-c2})|4W`vAcaPM{JctiVdToni!eLl=zaV z>ahaq(xnuqA9|(Y?^XOSql13j!B-#98o7ZVS+VmHtohr3ImKAg8Jwo=hDXSoxbUbK z-?-n5OBTtvnGzz_tlp<8v9qma{%(KoxhRwaj|^Abx&IzlTTEBUX+lXto4n+Sp~g+8 zk0ua(TPz5APq3h}4HHKHj|Wag?&NJyTWq~g1A#o?0_1^PHVFKWK)AO0m}z7YE2rXx8Z-RCU~pWvd1_e=RqAe=lBum(~$ZLwwK z(e|x2?xTcoY~IiLAJd@0rk~K*8MouI&hn&O;L7=yt4A!Xim5P2_f zQ5aAnA>AfZWhWy4QrR%0A5Xac@JVWTIb31S93@9x+Q3KNh7&uvD4sD(5Jbysx$5JY zxWY`pAFiobRzmOUz!-S*aI6Ce|H0if7&xol&I9{0x&AI@y6)Bq3ABk2iPMDD?y(Hj znB8t^!0AAtb+>Vukp7uV;lsJNi+@C&+v+o{oM00YKMtt9CpjO-wn2>|(-bc#DyYI< zi|<#-R|w;nJpbP3!y(G_-(y%Hf8Np~B7K11LJQ2ht_0}u#j(-^9r{`GimGas@~75X zZ<8{(d36f>lYJG1D`p9XAmf0l)TlghCK-z)$hnpK^rf)D<<9@rH6~hU?&W?|h2qdn z$z+lEM@@^iYaJJln8Xc}Y~xR>fBLAX5@DF$oM&hL&GLB= z-Ni2W~_dv zg6}!8YeMhi6ZFdDnR3~@u@-jw8>5iI9>@R((a3p7$UJHvaN-oLoU%$j#R=IMfOYkz z!P`Hs3zwk=|L}KU+$xM$h*E$v*TFipo#{3$+iY}+c@KV zaeaC&1BFqL?Mty?4|Z3FIMFE(+ZB6SG<2D8NwL3OFGIdYt9wk+CH@l~mi;^VVG!Xy zK+tSGI>ieG+G?lF&=l~C{usNP2;ti_7K1ZB`twh3qSRYLzSr@|I$$@- z>m(Ahll+Tr#gAZilZLIe!c}g(k07~jUM^gPUB3wU|C~luY1>aH>vnnPRmZ4^050w+ zl&?XctQ1q;ReDfX;N}T&)C?xQl=fdgS*?_TfUDb>M?$8j*!g?N0}JV_QPMyE%Jsds6?dtOe)FP=fA4eHD~+Drgdh zGolNI=%DjUMLiR^&!2P1!`6^}qO6Ii@Db~-M1o8{21urH!9;qx^2Hqt`9H+U7V(Td z|DkV(6cUI&aKUMTg(dtaAT;CNL#5>J(0XzKGsC#6OjMwsBk5zFoY$ z`#N=Em&BRD!|0lDDvAHsRc(_vK1B`hL)bx3DP=Igt4@h~i2OP|{8~nx9hBO`7e%_8 z3b1?Qwj600ktsQ6ii3axe;W=Z_x61tc;3D2H_dL-dnnB|h5oG0WR}lrfF(EHEYdb? zeaU{hGcw>{krt5j$AAQWHi*at65!YTUJUtR-AeA4+%?=9#hSC)VqJxHs!xk5(P9=R zX|i(&>ee?*(YF2lUPf!cwHR&4PCk?FAH8PwN_As|Ner@zeq za!6fu-mZBm+J131qfc=pMYMpMRrNqGTi}Hq=jvmx!iyU<{jM`-bhyvE$IJ}zgbO*F z3-~6;{hnhfXQb{g>nL|wXQK6n%7d}J$G+`k9aW9n@e~n681yDHRGT0xq?S40s)o{* zv0j3H%L9r49ibDP>%xlMS?J4wqy>At=kyFS?N!)h+wJEs=#J6}z23=|_AN)l#mb%} zQv=sxqJt?qv+&5P=Yt?&a|cq5ISzN$=X|T9UpQHa&WR*4)0xu$;_sa`KUFtOb_`LB zq~AA4s)ip{eb_%ge!P38(+x|%- zN=~GRb$n^)ure^-pQwS(_G3_H10`_j%KZjXVHWu`l=vW@3C)M~cS>w%MM>G6o)+Wj zrH8U(fp?EgQD!6;og3nB(oxWm-@&YP4hxDcj|a>D-&BHWFeEMQN?I0K3CRT8fii&l z3w&RPSlb6Hx3UMayOSrf*)P|-?iGOGhzTfuDme8|8Ml=V$q#+8(BjE~M1Pns)CZN1 zN*W>?0!6X7qiJ2NbE6J4i+E72Co$;0uqv>VXvad2S5eBEuSxTjTU}N%)og$wuu;|R~2d}@VB2Gy|6U$HIo0hVBr(Zr}#aN+F~_&;3mdfQa#S^My9hMRHAF# z@d6_T?UbSLFPgxyy?5ZiUA$j|;f_>%-O|3ZpRH}A&n3xCB<$BMQ@+b*fztwkrS}Bf-k+wA17pyHnI@SaJ8Pb{LLaMo9_*) zX5p#{SJE^HK&)Cg#Q9O0w#u<+Jnup9PRj_m7F=QgrcU;)=2@t-GdLO+KcWc};=4Ya zjkvd)E`;URYplmkVQcaI=|p}3H0foX1{vmh5cBTwN)q~aR~+(auM`w{zlzO_r}#K# za}3G_G`1j}PVRH3c)UWH#m40s+3W%D2>RN9CT5Fudp97IffDY1 zdvoL}l|JDmDSL_&zXD^%6A&fGbcwW}m%2?&sCCxsJK9!8au{zfm2DlwTyO4NX9QVU zEoswy^*{`oPp~O4hl=MKfsh+orfWC9JmSn$ViES&l9eFm<_k;O8>Sv@&$tPy1^fvo zXpd2x&03k<=EPbB+z{uiMR$fK(|+gcbI0*Pw98?UG^7uT6^?A$_r&427&9b#ayTqD zpc*VR5=5t1rKVwc{ssUU@3(Y$1^=9RKG_kcAjR;sp_5s0{PywT>e_K;rWxcJ7FUS3 z^|8`^JXhw_?%*>wAyxpS;ZOeORXf z05KW`AUValWLXgBD@FRV*&0=hBAaEWZc(sz_z zweAb#4G%%59-H;YA*6%?v5zem;4V)o@VWZ`M2jTl0E&kHTQpGzWzCG$wDkslv4Rb6Dm?7x0I4m)bamW zafBd}Z~iwcrWhJG>hmd%x29|ZZXLc8UQmn&xn)+Wbo!d2&yR!zh7Oo4*D7QSuDg+O zK}S2VhfNaiQ&NN=9xRw*D6Q&~&!G`0ES*AF|j2RL87O$qUO$m?++p z_`4>_C3*KNCZ!ex2+2@cy}VS;q|`D9rtps`6Czsm!SJuFln7DRjmqdSLKvc^-z zbI&-q0;?B*koDpn2J`C5l{7*Qou+ZX+NjGWE)(XUZO0R{$tPvF-L+PA%roe)*C5c` z?1fy=XLtYTu04p6@9HJ9fo-&TtP2GynPcHaw<9aCJJ#3zlKpy;1Z zt>Cqb-zV$*_9@GTPM}ZmH2mcEZ|#Gjj{gSLvga3?4C4gox|XMEUZ3`kthG^kQ1_rk z^b^($51TgWpy0}LC`4~6TDdGcg)7j*0W4|eiwV1(o^hDS+ zeF+>$n*eFA*k#~D|F9uV&@K-Y`ZqQx8asj5&_)~KgiZXI>=FlV30&a?C+6M8UQ%;3 zCzd?s#8rAz56Q{M*eta%cDu$-S{Sex%MiSh{EGm%o4#*s3SS7ppp3&YiiOIm%UpYr zHgHpMYLi}V0z2=ocu@e_*v%?M=`ne}=^#pJ66N9qNoiM7lM%}3I7$9UW~quGHv_9~ z6RNicY~@x!+`y@zgxoca`b2VEM$ik*LFXnxPR4<`Vb7`u%Jsb!j>3&8wJQt7Q9x3P z3sdUVK?Q0f{lw4C;1%aqE(?TPfClVFG0i-5@{^?QqmhTi_Q6gWG34Nv;*S~=-g8Y9 z^}t;{s1*5mNT8{g9MOtj&4TzU=HK^b+2BPFz(@x9i^UjQbR-0^O~n1uX$lljo;9I; zBHvD0%sko#kpEL;4W2Ggkqo~TsotP3Z}6yO0Oie?@SG%_AeWF4-sI(|q>FaFPT2yA z1}fz`{fjXAUe5+kHzOe&cK}=Gk7HY(vi5@J;6cUPfa$<)PKA@Oa~4-9(Qs4r3al8h zn;lfab^>>x)Dm`V0owk-E(I4<@;(`a9QfkVdT>d_aYBEZ>w`Rq3xT7=P2I&_R|3#Z z>ZZze&*9?P6=jCz7$&7^&?Zdd0A~XSOld?pgzn{SNyNW3K3x*t01Ov&@%D=#yJ+=q_Z70uJXTB@qh?ur*(Nb||KN&I-6j&mYT&d3 zrG)xHSCd$PBTV|O7FWCd#GiY?nXaJ7J-8gq$svU9R(cBQ zF*yCTRb$#r>3Pi~O8>glwN~NX%fsZTbD9eA=5_MiD$y6+RHuXT){j{&S$%t93Q|+i zYtP|KlRh;$SY(T~*idmcc&Y<1I)Ss;rO#Z(8D9D-sS@fe_d(Md5O&Fi?(rnJ5`eOQ z+Fro{mAFs#{Nv>Hq(CSC7&?ViUpAOkk%~Y;_k6}RhO|liRrY@ul=2s8YGh#ymJmlujivpgX_MdkX3VbY7_A{==K2T&@Oa51e+<%UwS? z?u}F=RN|q(ge^lqM;00O2MEg5xjIaJCX!5-<}VkZcGgX0l505h)~M8)YEJIm6yq4H z`S9R=qpaYKT&%kA6}a-?Pw|sXvUvua70{8arB{V|aSTI9RN_#6CirZwnYvxL1l;md zNnW|CF>LMluWHs{_VT~rY!?6;Ei;~z3)n%S`dp3jSVD7^rZ$?n*Ui0D&)&&*y+slGQvJbr1?Zn7L}N@%m%i_D>ic-{L3}I=%&$)!VR$5Qv-Y? z4$}mJE4s(=yF4gGAE~x};sfvwC?4Z)(0@ANDw|&;BVRh{U4h3VtyZ+{8)u&}*AHczPtPfNWLW?{ge_@(oOItplD;{&`|#lZ>p;9QJ-Q03n0&IxRx!jCBLJX%GJ1!pR! zup@oXM*?U#zLXH?R63O!H($PV&A8+hp%rbH5puh5PaEodx0<%lL=j;cBuvsfG%*SX zoS5|G_8KD>P%4DEoPy6 zVz5po1kvVnzg3Zw52TYTP_ZP3YOKXf)Iu1~_V`>4VucjzlaF;aNvm$pjaXXWSktDe z=bpEWil6$KR^7f2W6bHz^oNXT7T0>j~5*4Yi3_th~6&d--mKnT9~jQNpvF@OAjl${$Ee^mxp(x$0@jI4P2;4x zB!s@3ex&&m;h0d8RM-B{5_7bb6uk)ZZ-VoAd=>SPI+^gV5X8gVUlWXJ2NQ!T$%i1u zut4i)Z)wbNs@)$>>;XTV*n?cJPBJ(bAD9qRhNaxHsWRc|3-4>`b6uP( znt&Q(8~>IpUVpxAY_TdHs~V7=Wr^)CGa)eO{=1j>ix=nDD-Q&Q+Ni|P>5%^N9ka@% z%Z~cYYNj{wwOon!>$il4-BE_mv;NPR_%>j_S~Eh>=gF#2t%QosdVq87V+h$U(+G1? z>L04v`_z(xG^+AK=)r=h71Ub3G+`49NSRgn$BY@k3#SU{0qFnRPNC3Es;~@IPIBlJ zn4k3HW5u3~`b!IM zMyi-X9J0i0=%TOa23*&RaWI4@g%8%91!bD$H4q6=4#ZkWlSAF?@Nb>Dil{tQ+uy%U?ED8x)yRe=^-CBmQD=ab&ADbp+x zkwL8&d*>AG!KIyo?pwbcDAKKeVivorD)MvPrH{!#HLP|9>r*Atw*?dcm~=s!zKAE7 zG*FY!vXG_`FP*7Op;rAbAMZe0s;qjT?NVhhe+)GSQd~VZgiTWGaTVyS9G9x1`?3c! zrA+fhY%6_zv~y!dSAS$e+wS<^mA};N%$Fk`%Ku~P8>8dwzPH=hb|z+%G{(eMV;hat z7>$j_Xl&bdV<$~x+qRQ;p7#H1-!ECS?lqHhpM5s3jf1T*Veh>gZa;Yj?*e!f9rxO8ht& zMT6o_#A0aX*8;|7DY#a#XEQ!_qJuu{6+?u)%GO+?_j{IvvkWyMyF>#gTwt(@oo1s` z_a^YuI^BXPPXPW8yTKkVscxR?0yt2q3~$8d=l|>I;7O0*@g(92FEd@38dt{AxK6Jx4ONeT7 zCJG5J+oQyY1DPL35d{IJiKU6X9@BI;WK!mgbyc3x+YQt7YuQW^&6g)ei!#2jz_C&# zQ+7CFhKdyf>Pb;{w8kXb$-v)J3;N`9ETgTk$bM3<){#okc8Nq6(rG?KU$Y~rLq7GH z>z3CbBvSdinU4E)e42LrYi+yQM5wY=KlqM2 zIW5_;rk&p^DSzHSj2=zcla$*-FmY;N>Z)Znh&zowJ$k=gAB_2PXnr3NtS)_e3I(j` zX7CO5CQl3Jj9;feQ2mE31JccD8h}$0Sf-%PhBX$r5*0;Zt0LA3jqk$jet8i%y>e`h z^)tzQlDRi;b9gNTa^ zHVBbEK!*)$s-Yy#qdufijdb$b{XqWDSC|WtyFBZq0;TiUpLc^wkQ79sOyS5Owl>F*RT*g1>e*{o}d&?(A?wuGEsevu?L=LcAeLOexA*RzJ zhcVdSwH4p)$3IVQ83-2s%>5pea^h&2OlQpr^}}zz8}(LljEv;Tn<8}oZ@2@t2TCY5 zWfDPnSbMAVqsUo3-GldCO-iWj@CQPXG?^A-bldAOt*b$|wv%Z+q>P`r`>MwNOBYjQ z0=~f`TX7xDP#SuTBgOcpQQS^74w@V))00C$l5KBnlI^X4=*)H5f}bhm#i=TIjH|;G zd4MjD{#qVG9;BTRyaJ63($-v{=09*)mN1(QB=aC}IPrM3$)8<$(thC1a9phG#K+3j zTPa3lCc6#ec()4{>(DcCbZfLK>%ZP93&OO|7j{8?R5%HY60tNe1_@ohLcK2mJAyM+ z1*kk*3JJ5bxwBEAaU`y`L6GskhXp0OiXnt~Qw0T<>{0C6QE7sbA~Y4K(HoLFO$mnc z+o+ZA51YBBrs@{3y%g^X2R>+5_@av~=n_s7OhB`IU~4vP89`+hDaOE|@=|O&KD)oV zxbvBk@JC>pSastHI1ff9nj5fo;{x@xfCv0iB|EfU3VpO}N6&q-IA<(r_EwEz?%s-) zWE!8BC)!rDS(je;y^}@!_3sfeR_*Tv7nBte?o|kCN^Y|`P%r@jZtd;Z^PufA zv9sfbFa6=5jEto?)4ww~fb9~qYAbJVx~2Q$S2edhzEWcNDQU$O)h}TFdRj0N^FQEK ze7=K7RzUMo)|ho*qk0{PkzcYmJi1jTrSz z-^$h|_^QnH*5Saj$FtqR08p2m@KDT{OKzZ#DW9-#LQG3}5G)eDahWP?sf8CFghJX* zd@L5}b1>5N=@Izr%P*oskl|1_p(B8Dm42>Wh$^2~-m5t7BmH21bB-zfd8M|G@fbnT zen}8jxOkR+jB-e|&qibSsxp`<9d1J8RQM$s7-6y7U4#$Z;{C7cmD6oZ+3F%ChE5mM zK0fu694^ixzJ}3!8;m`Y1YJ9$N(D5|W~Rj7Bh|Kx z^dv7DF-JH`Y3pq+obDl8Sc&KG1(LtCjF|@I04Vw3FIkUpu=Z6)Z`)DBIM)3TS###w z;VD>d&Po^%MufLN7CT+x4{Y5Yk}L2&5)2Xo4rBPhSc!rUUXfp40j*M9R|QqdH7VF5 zzP$T~mjwDc^}pPrt6cyXq>GR*2sPalb-@Us;R<&jcF8q^wGftcJFVf4VxH8#YC6#J zBiuIiz%u1rUN{Lf$bhu;0%Of z#kH(osZ@}O$FIhcnP@)Pp^tDw5G%5q;k;fVauW zcRV7q{Tf!CtvKsu{~uwT0-!*I`7i0Zsp7&1B21_azw^)EnFs-48uGPTk8d69Jj|A* z>JAR%-@+Y$2g3DML%QQ-$iLIPx7`|V_;8Sb%9p3S`(WxHb-|4>8EW zaklK{jo9Ole``^a+r`S{Y^i30OH42Np;W#O$%{;8lH7-^PcU%Vz}UhByLD2e0)>Hp z`avLqZNUKDurM$KfQj1a%J<(afm==^8W|AFQCHMaXixDy?}Bar5uB0?21M`x5W!;= z2Ge^iBTE^+Q;Ml#-T3A9C063-BE*<<*L4|6(5Kf3$<_ku zU$Fv5j)@<)0*f+lBf*VAJzaC8m4LT&V>4jf!$X@dt)lZr-*4U{a6hX4&gRfbzezKV zxMk+XeyYlfTjm$w9XnDbYNsH|M+aG|cKF~|dt;dD%X`_1$4CEWyM>cx^j0h+1bmn@ z$Xdma#Ow;540k#LFXjhN0aaLGIWc^oUX5o@{1#3G_MGVZO zw4QN7Rt-ieEf^wxi`9N8CU)Ecb-Myq3dui6Ul^+f^7F>aX z4&IO{wxU0?z<7W;mVVrmY|6a+VJoWQy#`K&=A-kmfs0ts!^$A`Wsz z=exYmLdF5GIqF5~TdBA4rDM2M#1ay`KlLr8Ao#xdh!l!*8dn^0@$B(cRZ=cXYQB?8 zcwL6Tyu#Nds5aKrimrbF@9;|d5H{`LPrBb7EUkhmwj6Y0O$xpnm^*9fyF$yqtXW3| zBkm~km8vDEB=``v=n|gyy^8W4=`^~A(}76k=b2>?p8x;MkG@gfri|(Xoxk2 zQhPh0dFClQxh{ThLdqQ&!R0Abof%$s&fKU&Tv&w63I05B9Cjd~ohzlP{67#R9*nSQ)% z;6}PU02J(8iI<$mmKHT}Rgt;JgmszP;X%=3#(iyDOoN={yh(<;h<`P1=G`Y1eNQQ zM2Yj###h9d zSBfRhEw(>84Qaqq$S?chw9Ngdu-EGFn*d>qR|i<<+|^t@sKqxT5!uMlW*_GGAyf!( z|5r9^BlRJk16;toirf;o!CclsvI%~Q($_SxK9!mO1Ml1;0g{kt^dO}11gX^$?yEzu z{dV+c2Y#gb<)@A)xH?Y{F89qwD*E7CNi$+6%CKuBpo$3ZwBp&iH0JMFPK(^@$_gP$ zq9lTtE9;_91d%9(p?{foG>oi-x(!`LWX1u1QDCOV=u^(V9M`!Ip_5A0$DQQh4U3vc zTd#%cNCd;UC z7^~kTK~dCX)2TGticf~*FT>@Fy7I9Iq;nfIADFU-KfVRb4<32r==Rl z-Dpj3Oww!KSKB`y77%9FxA~;85hesU5t-T^u}ie#{24#+NuS7=GEQf6G|_LJ?kplF z^JvkCtLM^NvG?>K#B?hc$p~Z^txcvkwx$mp6_(><6^S`&4RWyd7e;R8Z9*)P#NE}d z_14ANMSaEKij)6+@p=em<3yauA*o=hL4+xMFvTHm*B@*?y1ueo}|)!Y%G7{~`Z2kHA*+`e7}`nwvMC z3S{&qx&UqjSCMBdgQt8E`B|GOOeQ%$;Z4*A4dAW2k(qFgP(0TUap6xWIxN3XQc=RQEwy&>XiGWH(Gf2>|pge2Uok+ zldvD)HTU(?m>7QBNNya!6?1I4KM7+cJ{QjRInF@azkT`Re%9ScXJq(qUpOxFVKk4m zU!ml5Z?V^@J69Yzm|{A*A1+?kPmrF(o7QQ5xG}Q5Gx#LRu4FFI`1ELhXw%?!nGbz` zgiel^=-mKTO*F2mFs4_N$)XkbyMFY=wqaO;{R!1-2Ju#S{JUKP-2V)*%n5eHe96A7 z6{gC>m)l$mjVhvrckRmwVxU_YUS_?hPJqiair;fnGTxjCN&OEdJu#}(=oj<9Ese09 zpJ|<~RN#}|mVBb>I&(r1!jx`0F(2|e(xZe0yI{iC`FWw4* zu$|dr`zn-%4CeT}aiwZo3>3P-6E2{vskXgH(K6T;a%U<~BQ^iwAUfhjDvngsp(T5e z*yz?pa5r=c7!8vSRe)CDSvN@UL6==Xrb#siTWT9lW31ag2FWXJD-I zG^rcM2ANF6`h=Qow5{%>7Z&JiRkD zMfV27U-ZS{6y`P5+OKmR>0sc>!Vh3i%X$ zAAKl2JE^1OX?+KpDf(mh+@aD(Xc_IumW^|0~~kFoO^iAv=hDZKo)ws1D(^^I)nlCFP;@zD5j61t zUWnA&4;hX3qW|`*D0{vY!cb+9`hDHBBj}r7L@zTZjUX zrhWZeRlpJ#5mLBM3Gx>yTiG(u446wei-tn{0$U;rP7R4%JSy4Q*6GJSGmKY#DDIj6 zv?gF=_LYn6$$jR?BQ0zvzHFy05Q2v0+<#x}LjSm;$Bv?8L8`)`KmNDDb|Q$R6$Msc zpf)KIn0WPHB~jR087h1iqZ>&{`DPWbrts^WvbvA{#f+w*1!*8&{?DM*X6pc2QI3sI z47Mxfu!AUb3S)vg;us#CYI_&_UmmsyBexF6pUB4kC7fTAB&%k@|~$R zq>*MYSlJb}rMG|kyoY3IgWqgPsYpWr8SJHWns%zDPQ9ctf#D$E+-_`(6dF`Gl0@GIsodrvlX!bc4cqO4U!U z%;RMEf-|<8Xl`dTPD85SeBS~yARBJvfa;rWBzfA%6M)D+ImoG>!9pnV!BTW(TLZm6 zqUe~uyBhtUFigU5f3xnE)mpdG0h+fP}EqrHI;)VmV*l8B)2rc5m!*%O$Grb&_j&aHJ2GgE4JCHVsR_aAt3{zC3EtW{ytP zpQ{;#$KY(j|GS2dHKTamfQRhAxt$%J6O2)@Dl^KXQJx?@FE!OsCXeLhF z{h7wS{`p!LV#neh=ua15Tc|f5@uMsdEO>JCUAfX`Ru()xzXlP6kvL2eZX3;S|1g{!Z*5cpF5n_2_9_YmvVECYwmqI`*ljRUwRe7_jEwtac!_;d(Pg99` z#YW}zSMdcss!qT@!N*4D-q>yt;72yU_dbcaSP;HQCx1uqFBv$feRs z15;S96-;F3%HDl?%`iFb2kRO^Hz#qpONnYs(~H;%lZ63;BUj(raZg<{8KI!(RhEDo2(;+QA|vI3sQ)6FnwK;3S+< z%zybxifc;p{IjAXvp3SWgs+LG5W-%)=7G!eS4lWN&mFFngcNYkR<=A z5_%#{{YH{;8dWu;bL{G^@9BCYeZ?LqEXd|MWIv7o`CB0;^x%Tdox(bFyFY5lk~Ej- zu}BN0NaopjmL=3OykSoF?%~oIc^Ow(@ldZe@_zSA>&r%4=dp9;XUuo*T{-R}sV1d1 zMjpUx*q7C|n0SupAv1ntaMOo(e9>|mu=KxxiSYdeG40|w@bO9*Xl5jgyvet{}ee{<@s6 zIvtO4NX(!FC0P@sh;mW&< z+57BZmQ%m~@;;VSK3nu+HDfa$mh)j#Xi#xSHZ>!wJ2IIFq1oaLZM$>XC9Y7IkRn_E zNw=L?laz<)a$rdmYb5QN5GH^g%j#xPO?I5;wBFv#IGRF#UgYs;g6Q#`{f*LuXpc2I z`Fd=n3W?gi_1wbQi8MZwQ=&Ug{5)=`;D6m$GkQP_L-N#47-~v5(VCLWkbKNM6C~Fk zKpRcUMGH(e$-!KN1>Np!oWI)sMvd9eAeLL0N!hda7Ht7As;k`f`l(BIUtXlOhfLZk zb32+T@?%kDq;qaa(Amt%iFb?gOFSoc0jKBPx5}a*PvAV?Ab+X7b%78*=mjQ~3k<@F z!;P3`lxq+)eLFv0wi#=n2Z9<1eT>U9Yk`<{+rcqukM*ib6u@)8zvYkxc<&j8(tWW@ zI_#OacB35K<<%4*qXt&y6pYS~A{rMKHeWBbB{_yD*2#0VsJ6q7Q8fIf7?ew~f=YUm zz5i@oMdYCH>S6w6j>s!I?0o9=1UUS5g-kg&gggDBnZ0~611Lk`%kS&y}j@lL{qC%(eqw9Y!yht#;vsyPmomJ^18XZ;TFoTEyQ z2#mc{>bv?ky(|TrM#Q!oZ_chI&!}A zim6JQZ-!?lsY_xtjuVxB5$(JQ?BCfhkgfx^f|eL`(r8k%cARBK+c~(<1cWw|NP!UM ziCkQ#rfWRkAd-A8&j+JH#TBQX#TCDV$I zyj)QDn{`EB9xnlKL*krQQo7Z|LFR%q5K=iwRHs%6d-v%NG#_n0^yKHO;E4)? zM}%hJM&vA#<*qApg|^5u*mD@@Fi8lxm0_%z&DBL|&gS^q|NL@k(2l!{VJR_Jp@inb z;;8R=GIa(cUQpzf5gHg5^P!IaN;U-#-p+`oJEk~9pdeOYyxldUmN5|hrP;tOF6qHO z1x3^xg`#`>S`5e>_z7Nn*w)-UUW|_=x_Cc1=0gdug=^R`@?otwqY|=nW@!WCN5-J_ z0-~E!{BUZb;%Ag0z0ksOKU1H7g62m+&xS7pN@IEUtp;<