From 83f5f9e85937fd4bdbd8f9ff92c8096b570804d8 Mon Sep 17 00:00:00 2001 From: "Grayson, Matthew" Date: Thu, 19 Oct 2023 15:42:05 -0500 Subject: [PATCH 1/6] Add log metric filters and alarms for remaining CloudWatch controls. --- infrastructure/alarms.tf | 20 --- infrastructure/log_alarms.tf | 195 ++++++++++++++++++++++++++++ infrastructure/log_filters.tf | 237 ++++++++++++++++++++++++++++++++++ infrastructure/prod.tfvars | 17 ++- infrastructure/sns.tf | 5 + infrastructure/stage.tfvars | 17 ++- infrastructure/vars.tf | 82 +++++++++++- 7 files changed, 547 insertions(+), 26 deletions(-) delete mode 100644 infrastructure/alarms.tf create mode 100644 infrastructure/log_alarms.tf create mode 100644 infrastructure/log_filters.tf diff --git a/infrastructure/alarms.tf b/infrastructure/alarms.tf deleted file mode 100644 index c654bbbc5..000000000 --- a/infrastructure/alarms.tf +++ /dev/null @@ -1,20 +0,0 @@ -resource "aws_cloudwatch_log_metric_filter" "cloudwatch1" { - log_group_name = var.cloudtrail_log_group_name - name = var.log_metric_name_cloudwatch1 - pattern = "{$.userIdentity.type=\"Root\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !=\"AwsServiceEvent\"}" - metric_transformation { - name = var.log_metric_name_cloudwatch1 - namespace = var.log_metric_namespace_cloudwatch - default_value = 0 - value = 1 - } -} - -resource "aws_cloudwatch_metric_alarm" "cloudwatch1" { - alarm_name = "${var.log_metric_name_cloudwatch1}-alarm" - metric_name = var.log_metric_name_cloudwatch1 - alarm_actions = [aws_sns_topic.alarms.arn] - comparison_operator = "GreaterThanOrEqualToThreshold" - evaluation_periods = 1 - threshold = 1 -} \ No newline at end of file diff --git a/infrastructure/log_alarms.tf b/infrastructure/log_alarms.tf new file mode 100644 index 000000000..bd969f234 --- /dev/null +++ b/infrastructure/log_alarms.tf @@ -0,0 +1,195 @@ +resource "aws_cloudwatch_metric_alarm" "cloudwatch1" { + alarm_name = "${var.log_metric_name_cloudwatch1}-alarm" + metric_name = var.log_metric_name_cloudwatch1 + alarm_actions = [aws_sns_topic.alarms.arn] + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = 1 + threshold = 1 + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_metric_alarm" "cloudwatch2" { + alarm_name = "${var.log_metric_name_cloudwatch2}-alarm" + metric_name = var.log_metric_name_cloudwatch2 + alarm_actions = [aws_sns_topic.alarms.arn] + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = 1 + threshold = 1 + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_metric_alarm" "cloudwatch3" { + alarm_name = "${var.log_metric_name_cloudwatch3}-alarm" + metric_name = var.log_metric_name_cloudwatch3 + alarm_actions = [aws_sns_topic.alarms.arn] + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = 1 + threshold = 1 + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_metric_alarm" "cloudwatch4" { + alarm_name = "${var.log_metric_name_cloudwatch4}-alarm" + metric_name = var.log_metric_name_cloudwatch4 + alarm_actions = [aws_sns_topic.alarms.arn] + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = 1 + threshold = 1 + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_metric_alarm" "cloudwatch5" { + alarm_name = "${var.log_metric_name_cloudwatch5}-alarm" + metric_name = var.log_metric_name_cloudwatch5 + alarm_actions = [aws_sns_topic.alarms.arn] + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = 1 + threshold = 1 + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_metric_alarm" "cloudwatch6" { + alarm_name = "${var.log_metric_name_cloudwatch6}-alarm" + metric_name = var.log_metric_name_cloudwatch6 + alarm_actions = [aws_sns_topic.alarms.arn] + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = 1 + threshold = 1 + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_metric_alarm" "cloudwatch7" { + alarm_name = "${var.log_metric_name_cloudwatch7}-alarm" + metric_name = var.log_metric_name_cloudwatch7 + alarm_actions = [aws_sns_topic.alarms.arn] + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = 1 + threshold = 1 + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_metric_alarm" "cloudwatch8" { + alarm_name = "${var.log_metric_name_cloudwatch8}-alarm" + metric_name = var.log_metric_name_cloudwatch8 + alarm_actions = [aws_sns_topic.alarms.arn] + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = 1 + threshold = 1 + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_metric_alarm" "cloudwatch9" { + alarm_name = "${var.log_metric_name_cloudwatch9}-alarm" + metric_name = var.log_metric_name_cloudwatch9 + alarm_actions = [aws_sns_topic.alarms.arn] + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = 1 + threshold = 1 + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_metric_alarm" "cloudwatch10" { + alarm_name = "${var.log_metric_name_cloudwatch10}-alarm" + metric_name = var.log_metric_name_cloudwatch10 + alarm_actions = [aws_sns_topic.alarms.arn] + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = 1 + threshold = 1 + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_metric_alarm" "cloudwatch11" { + alarm_name = "${var.log_metric_name_cloudwatch11}-alarm" + metric_name = var.log_metric_name_cloudwatch11 + alarm_actions = [aws_sns_topic.alarms.arn] + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = 1 + threshold = 1 + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_metric_alarm" "cloudwatch12" { + alarm_name = "${var.log_metric_name_cloudwatch12}-alarm" + metric_name = var.log_metric_name_cloudwatch12 + alarm_actions = [aws_sns_topic.alarms.arn] + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = 1 + threshold = 1 + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_metric_alarm" "cloudwatch13" { + alarm_name = "${var.log_metric_name_cloudwatch13}-alarm" + metric_name = var.log_metric_name_cloudwatch13 + alarm_actions = [aws_sns_topic.alarms.arn] + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = 1 + threshold = 1 + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_metric_alarm" "cloudwatch14" { + alarm_name = "${var.log_metric_name_cloudwatch14}-alarm" + metric_name = var.log_metric_name_cloudwatch14 + alarm_actions = [aws_sns_topic.alarms.arn] + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = 1 + threshold = 1 + + tags = { + project = var.project + stage = var.stage + } +} \ No newline at end of file diff --git a/infrastructure/log_filters.tf b/infrastructure/log_filters.tf new file mode 100644 index 000000000..c9127ed2a --- /dev/null +++ b/infrastructure/log_filters.tf @@ -0,0 +1,237 @@ +resource "aws_cloudwatch_log_metric_filter" "cloudwatch1" { + log_group_name = var.cloudtrail_log_group_name + name = var.log_metric_name_cloudwatch1 + pattern = "{$.userIdentity.type=\"Root\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !=\"AwsServiceEvent\"}" + metric_transformation { + name = var.log_metric_name_cloudwatch1 + namespace = var.log_metric_namespace + default_value = 0 + value = 1 + } + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_log_metric_filter" "cloudwatch2" { + log_group_name = var.cloudtrail_log_group_name + name = var.log_metric_name_cloudwatch2 + pattern = "{($.errorCode=\"*UnauthorizedOperation\") || ($.errorCode=\"AccessDenied*\")}" + metric_transformation { + name = var.log_metric_name_cloudwatch2 + namespace = var.log_metric_namespace + default_value = 0 + value = 1 + } + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_log_metric_filter" "cloudwatch3" { + log_group_name = var.cloudtrail_log_group_name + name = var.log_metric_name_cloudwatch3 + pattern = "{($.eventName=\"ConsoleLogin\") && ($.additionalEventData.MFAUsed !=\"Yes\") && ($.userIdentity.type=\"IAMUser\") && ($.responseElements.ConsoleLogin=\"Success\")}" + metric_transformation { + name = var.log_metric_name_cloudwatch3 + namespace = var.log_metric_namespace + default_value = 0 + value = 1 + } + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_log_metric_filter" "cloudwatch4" { + log_group_name = var.cloudtrail_log_group_name + name = var.log_metric_name_cloudwatch4 + pattern = "{($.eventSource=iam.amazonaws.com) && (($.eventName=DeleteGroupPolicy) || ($.eventName=DeleteRolePolicy) || ($.eventName=DeleteUserPolicy) || ($.eventName=PutGroupPolicy) || ($.eventName=PutRolePolicy) || ($.eventName=PutUserPolicy) || ($.eventName=CreatePolicy) || ($.eventName=DeletePolicy) || ($.eventName=CreatePolicyVersion) || ($.eventName=DeletePolicyVersion) || ($.eventName=AttachRolePolicy) || ($.eventName=DetachRolePolicy) || ($.eventName=AttachUserPolicy) || ($.eventName=DetachUserPolicy) || ($.eventName=AttachGroupPolicy) || ($.eventName=DetachGroupPolicy))}" + metric_transformation { + name = var.log_metric_name_cloudwatch4 + namespace = var.log_metric_namespace + default_value = 0 + value = 1 + } + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_log_metric_filter" "cloudwatch5" { + log_group_name = var.cloudtrail_log_group_name + name = var.log_metric_name_cloudwatch5 + pattern = "{($.eventName=CreateTrail) || ($.eventName=UpdateTrail) || ($.eventName=DeleteTrail) || ($.eventName=StartLogging) || ($.eventName=StopLogging)}" + metric_transformation { + name = var.log_metric_name_cloudwatch5 + namespace = var.log_metric_namespace + default_value = 0 + value = 1 + } + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_log_metric_filter" "cloudwatch6" { + log_group_name = var.cloudtrail_log_group_name + name = var.log_metric_name_cloudwatch6 + pattern = "{($.eventName=ConsoleLogin) && ($.errorMessage=\"Failed authentication\")}" + metric_transformation { + name = var.log_metric_name_cloudwatch6 + namespace = var.log_metric_namespace + default_value = 0 + value = 1 + } + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_log_metric_filter" "cloudwatch7" { + log_group_name = var.cloudtrail_log_group_name + name = var.log_metric_name_cloudwatch7 + pattern = "{($.eventSource=kms.amazonaws.com) && (($.eventName=DisableKey) || ($.eventName=ScheduleKeyDeletion))}" + metric_transformation { + name = var.log_metric_name_cloudwatch7 + namespace = var.log_metric_namespace + default_value = 0 + value = 1 + } + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_log_metric_filter" "cloudwatch8" { + log_group_name = var.cloudtrail_log_group_name + name = var.log_metric_name_cloudwatch8 + pattern = "{($.eventSource=s3.amazonaws.com) && (($.eventName=PutBucketAcl) || ($.eventName=PutBucketPolicy) || ($.eventName=PutBucketCors) || ($.eventName=PutBucketLifecycle) || ($.eventName=PutBucketReplication) || ($.eventName=DeleteBucketPolicy) || ($.eventName=DeleteBucketCors) || ($.eventName=DeleteBucketLifecycle) || ($.eventName=DeleteBucketReplication))}" + metric_transformation { + name = var.log_metric_name_cloudwatch8 + namespace = var.log_metric_namespace + default_value = 0 + value = 1 + } + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_log_metric_filter" "cloudwatch9" { + log_group_name = var.cloudtrail_log_group_name + name = var.log_metric_name_cloudwatch9 + pattern = "{($.eventSource=config.amazonaws.com) && (($.eventName=StopConfigurationRecorder) || ($.eventName=DeleteDeliveryChannel) || ($.eventName=PutDeliveryChannel) || ($.eventName=PutConfigurationRecorder))}" + metric_transformation { + name = var.log_metric_name_cloudwatch9 + namespace = var.log_metric_namespace + default_value = 0 + value = 1 + } + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_log_metric_filter" "cloudwatch10" { + log_group_name = var.cloudtrail_log_group_name + name = var.log_metric_name_cloudwatch10 + pattern = "{($.eventName=AuthorizeSecurityGroupIngress) || ($.eventName=AuthorizeSecurityGroupEgress) || ($.eventName=RevokeSecurityGroupIngress) || ($.eventName=RevokeSecurityGroupEgress) || ($.eventName=CreateSecurityGroup) || ($.eventName=DeleteSecurityGroup)}" + metric_transformation { + name = var.log_metric_name_cloudwatch10 + namespace = var.log_metric_namespace + default_value = 0 + value = 1 + } + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_log_metric_filter" "cloudwatch11" { + log_group_name = var.cloudtrail_log_group_name + name = var.log_metric_name_cloudwatch11 + pattern = "{($.eventName=CreateNetworkAcl) || ($.eventName=CreateNetworkAclEntry) || ($.eventName=DeleteNetworkAcl) || ($.eventName=DeleteNetworkAclEntry) || ($.eventName=ReplaceNetworkAclEntry) || ($.eventName=ReplaceNetworkAclAssociation)}" + metric_transformation { + name = var.log_metric_name_cloudwatch11 + namespace = var.log_metric_namespace + default_value = 0 + value = 1 + } + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_log_metric_filter" "cloudwatch12" { + log_group_name = var.cloudtrail_log_group_name + name = var.log_metric_name_cloudwatch12 + pattern = "{($.eventName=CreateCustomerGateway) || ($.eventName=DeleteCustomerGateway) || ($.eventName=AttachInternetGateway) || ($.eventName=CreateInternetGateway) || ($.eventName=DeleteInternetGateway) || ($.eventName=DetachInternetGateway)}" + metric_transformation { + name = var.log_metric_name_cloudwatch12 + namespace = var.log_metric_namespace + default_value = 0 + value = 1 + } + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_log_metric_filter" "cloudwatch13" { + log_group_name = var.cloudtrail_log_group_name + name = var.log_metric_name_cloudwatch13 + pattern = "{($.eventSource=ec2.amazonaws.com) && (($.eventName=CreateRoute) || ($.eventName=CreateRouteTable) || ($.eventName=ReplaceRoute) || ($.eventName=ReplaceRouteTableAssociation) || ($.eventName=DeleteRouteTable) || ($.eventName=DeleteRoute) || ($.eventName=DisassociateRouteTable))}" + metric_transformation { + name = var.log_metric_name_cloudwatch13 + namespace = var.log_metric_namespace + default_value = 0 + value = 1 + } + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_log_metric_filter" "cloudwatch14" { + log_group_name = var.cloudtrail_log_group_name + name = var.log_metric_name_cloudwatch14 + pattern = "{($.eventName=CreateVpc) || ($.eventName=DeleteVpc) || ($.eventName=ModifyVpcAttribute) || ($.eventName=AcceptVpcPeeringConnection) || ($.eventName=CreateVpcPeeringConnection) || ($.eventName=DeleteVpcPeeringConnection) || ($.eventName=RejectVpcPeeringConnection) || ($.eventName=AttachClassicLinkVpc) || ($.eventName=DetachClassicLinkVpc) || ($.eventName=DisableVpcClassicLink) || ($.eventName=EnableVpcClassicLink)}" + metric_transformation { + name = var.log_metric_name_cloudwatch14 + namespace = var.log_metric_namespace + default_value = 0 + value = 1 + } + + tags = { + project = var.project + stage = var.stage + } +} diff --git a/infrastructure/prod.tfvars b/infrastructure/prod.tfvars index 63fbf24a6..239ec7d5f 100644 --- a/infrastructure/prod.tfvars +++ b/infrastructure/prod.tfvars @@ -10,8 +10,21 @@ db_name = "crossfeed-prod-db2" db_port = 5432 db_table_name = "cfproddb" db_instance_class = "db.t3.2xlarge" -log_metric_namespace_cloudwatch = "crossfeed-prod-cloudwatch-controls" -log_metric_name_cloudwatch1 = "crossfeed-prod-cloudwatch1" +log_metric_namespace = "crossfeed-prod-cloudwatch-controls" +log_metric_name_cloudwatch1 = "crossfeed-prod-RootUserAccess" +log_metric_name_cloudwatch2 = "crossfeed-prod-UnauthorizedApiCall" +log_metric_name_cloudwatch3 = "crossfeed-prod-ConsoleSignInWithoutMFA" +log_metric_name_cloudwatch4 = "crossfeed-prod-IAMPolicyChange" +log_metric_name_cloudwatch5 = "crossfeed-prod-CloudTrailConfigurationChanges" +log_metric_name_cloudwatch6 = "crossfeed-prod-ConsoleLoginFailure" +log_metric_name_cloudwatch7 = "crossfeed-prod-DisablingOrScheduledDeletionOfCMK" +log_metric_name_cloudwatch8 = "crossfeed-prod-S3BucketPolicyChanges" +log_metric_name_cloudwatch9 = "crossfeed-prod-AWSConfigConfigurationChange" +log_metric_name_cloudwatch10 = "crossfeed-prod-SecurityGroupChange" +log_metric_name_cloudwatch11 = "crossfeed-prod-NACLChange" +log_metric_name_cloudwatch12 = "crossfeed-prod-NetworkGatewayChange" +log_metric_name_cloudwatch13 = "crossfeed-prod-RouteTableChange" +log_metric_name_cloudwatch14 = "crossfeed-prod-VPCChange" sns_topic_alarms = "crossfeed-prod-cis-alarms" ssm_lambda_subnet = "/crossfeed/prod/SUBNET_ID" ssm_lambda_sg = "/crossfeed/prod/SG_ID" diff --git a/infrastructure/sns.tf b/infrastructure/sns.tf index cb0dd789b..bc08accaa 100644 --- a/infrastructure/sns.tf +++ b/infrastructure/sns.tf @@ -1,3 +1,8 @@ resource "aws_sns_topic" "alarms" { name = var.sns_topic_alarms + + tags = { + project = var.project + stage = var.stage + } } diff --git a/infrastructure/stage.tfvars b/infrastructure/stage.tfvars index 98822439b..e648a1ca7 100644 --- a/infrastructure/stage.tfvars +++ b/infrastructure/stage.tfvars @@ -10,8 +10,21 @@ db_name = "crossfeed-stage-db" db_port = 5432 db_table_name = "cfstagingdb" db_instance_class = "db.t3.2xlarge" -log_metric_namespace_cloudwatch = "crossfeed-staging-cloudwatch-controls" -log_metric_name_cloudwatch1 = "crossfeed-staging-cloudwatch1" +log_metric_namespace = "LogMetrics" +log_metric_name_cloudwatch1 = "crossfeed-staging-RootUserAccess" +log_metric_name_cloudwatch2 = "crossfeed-staging-UnauthorizedApiCall" +log_metric_name_cloudwatch3 = "crossfeed-staging-ConsoleSignInWithoutMFA" +log_metric_name_cloudwatch4 = "crossfeed-staging-IAMPolicyChange" +log_metric_name_cloudwatch5 = "crossfeed-staging-CloudTrailConfigurationChanges" +log_metric_name_cloudwatch6 = "crossfeed-staging-ConsoleLoginFailure" +log_metric_name_cloudwatch7 = "crossfeed-staging-DisablingOrScheduledDeletionOfCMK" +log_metric_name_cloudwatch8 = "crossfeed-staging-S3BucketPolicyChanges" +log_metric_name_cloudwatch9 = "crossfeed-staging-AWSConfigConfigurationChange" +log_metric_name_cloudwatch10 = "crossfeed-staging-SecurityGroupChange" +log_metric_name_cloudwatch11 = "crossfeed-staging-NACLChange" +log_metric_name_cloudwatch12 = "crossfeed-staging-NetworkGatewayChange" +log_metric_name_cloudwatch13 = "crossfeed-staging-RouteTableChange" +log_metric_name_cloudwatch14 = "crossfeed-staging-VPCChange" sns_topic_alarms = "crossfeed-staging-cis-alarms" ssm_lambda_subnet = "/crossfeed/staging/SUBNET_ID" ssm_lambda_sg = "/crossfeed/staging/SG_ID" diff --git a/infrastructure/vars.tf b/infrastructure/vars.tf index 2e432cdfc..157aea125 100644 --- a/infrastructure/vars.tf +++ b/infrastructure/vars.tf @@ -64,10 +64,10 @@ variable "frontend_cert_arn" { default = "arn:aws:acm:us-east-1:563873274798:certificate/7c6a5980-80e3-47a4-9f21-cbda44b6f34c" } -variable "log_metric_namespace_cloudwatch" { +variable "log_metric_namespace" { description = "log_metric_namespace" type = string - default = "crossfeed-staging-cloudwatch-controls" + default = "LogMetrics" } variable "log_metric_name_cloudwatch1" { @@ -76,6 +76,84 @@ variable "log_metric_name_cloudwatch1" { default = "crossfeed-staging-RootUserAccess" } +variable "log_metric_name_cloudwatch2" { + description = "log_metric_filter_cloudwatch2" + type = string + default = "crossfeed-staging-UnauthorizedAPICall" +} + +variable "log_metric_name_cloudwatch3" { + description = "log_metric_filter_cloudwatch3" + type = string + default = "crossfeed-staging-ConsoleLoginWithoutMFA" +} + +variable "log_metric_name_cloudwatch4" { + description = "log_metric_filter_cloudwatch4" + type = string + default = "crossfeed-staging-IAMPolicyChange" +} + +variable "log_metric_name_cloudwatch5" { + description = "log_metric_filter_cloudwatch5" + type = string + default = "crossfeed-staging-CloudTrailConfigurationChange" +} + +variable "log_metric_name_cloudwatch6" { + description = "log_metric_filter_cloudwatch6" + type = string + default = "crossfeed-staging-ConsoleLoginFailure" +} + +variable "log_metric_name_cloudwatch7" { + description = "log_metric_filter_cloudwatch7" + type = string + default = "crossfeed-staging-DisablingOrScheduledDeletionOfCMK" +} + +variable "log_metric_name_cloudwatch8" { + description = "log_metric_filter_cloudwatch8" + type = string + default = "crossfeed-staging-S3BucketPolicyChange" +} + +variable "log_metric_name_cloudwatch9" { + description = "log_metric_filter_cloudwatch9" + type = string + default = "crossfeed-staging-AWSConfigConfigurationChange" +} + +variable "log_metric_name_cloudwatch10" { + description = "log_metric_filter_cloudwatch10" + type = string + default = "crossfeed-staging-SecurityGroupChange" +} + +variable "log_metric_name_cloudwatch11" { + description = "log_metric_filter_cloudwatch11" + type = string + default = "crossfeed-staging-NACLChange" +} + +variable "log_metric_name_cloudwatch12" { + description = "log_metric_filter_cloudwatch12" + type = string + default = "crossfeed-staging-NetworkGatewayChange" +} + +variable "log_metric_name_cloudwatch13" { + description = "log_metric_filter_cloudwatch13" + type = string + default = "crossfeed-staging-RouteTableChange" +} + +variable "log_metric_name_cloudwatch14" { + description = "log_metric_filter_cloudwatch14" + type = string + default = "crossfeed-staging-VPCChange" +} + variable "sns_topic_alarms" { description = "sns_alarm_topic_name" type = string From c89d2ac2fbc249ecedbe0bee29d3fa4ec535d3b5 Mon Sep 17 00:00:00 2001 From: "Grayson, Matthew" Date: Thu, 19 Oct 2023 15:49:55 -0500 Subject: [PATCH 2/6] Fix log_metric_namespace definition in prod.tfvars. --- infrastructure/prod.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/prod.tfvars b/infrastructure/prod.tfvars index 239ec7d5f..8c27ec90c 100644 --- a/infrastructure/prod.tfvars +++ b/infrastructure/prod.tfvars @@ -10,7 +10,7 @@ db_name = "crossfeed-prod-db2" db_port = 5432 db_table_name = "cfproddb" db_instance_class = "db.t3.2xlarge" -log_metric_namespace = "crossfeed-prod-cloudwatch-controls" +log_metric_namespace = "LogMetrics" log_metric_name_cloudwatch1 = "crossfeed-prod-RootUserAccess" log_metric_name_cloudwatch2 = "crossfeed-prod-UnauthorizedApiCall" log_metric_name_cloudwatch3 = "crossfeed-prod-ConsoleSignInWithoutMFA" From f9f968f36e70d82f0762dfdb342098b3bcf80c28 Mon Sep 17 00:00:00 2001 From: "Grayson, Matthew" Date: Thu, 19 Oct 2023 15:57:16 -0500 Subject: [PATCH 3/6] Remove tags from log_filters. --- infrastructure/log_filters.tf | 70 ----------------------------------- 1 file changed, 70 deletions(-) diff --git a/infrastructure/log_filters.tf b/infrastructure/log_filters.tf index c9127ed2a..4a9a97be0 100644 --- a/infrastructure/log_filters.tf +++ b/infrastructure/log_filters.tf @@ -8,11 +8,6 @@ resource "aws_cloudwatch_log_metric_filter" "cloudwatch1" { default_value = 0 value = 1 } - - tags = { - project = var.project - stage = var.stage - } } resource "aws_cloudwatch_log_metric_filter" "cloudwatch2" { @@ -25,11 +20,6 @@ resource "aws_cloudwatch_log_metric_filter" "cloudwatch2" { default_value = 0 value = 1 } - - tags = { - project = var.project - stage = var.stage - } } resource "aws_cloudwatch_log_metric_filter" "cloudwatch3" { @@ -42,11 +32,6 @@ resource "aws_cloudwatch_log_metric_filter" "cloudwatch3" { default_value = 0 value = 1 } - - tags = { - project = var.project - stage = var.stage - } } resource "aws_cloudwatch_log_metric_filter" "cloudwatch4" { @@ -59,11 +44,6 @@ resource "aws_cloudwatch_log_metric_filter" "cloudwatch4" { default_value = 0 value = 1 } - - tags = { - project = var.project - stage = var.stage - } } resource "aws_cloudwatch_log_metric_filter" "cloudwatch5" { @@ -76,11 +56,6 @@ resource "aws_cloudwatch_log_metric_filter" "cloudwatch5" { default_value = 0 value = 1 } - - tags = { - project = var.project - stage = var.stage - } } resource "aws_cloudwatch_log_metric_filter" "cloudwatch6" { @@ -93,11 +68,6 @@ resource "aws_cloudwatch_log_metric_filter" "cloudwatch6" { default_value = 0 value = 1 } - - tags = { - project = var.project - stage = var.stage - } } resource "aws_cloudwatch_log_metric_filter" "cloudwatch7" { @@ -110,11 +80,6 @@ resource "aws_cloudwatch_log_metric_filter" "cloudwatch7" { default_value = 0 value = 1 } - - tags = { - project = var.project - stage = var.stage - } } resource "aws_cloudwatch_log_metric_filter" "cloudwatch8" { @@ -127,11 +92,6 @@ resource "aws_cloudwatch_log_metric_filter" "cloudwatch8" { default_value = 0 value = 1 } - - tags = { - project = var.project - stage = var.stage - } } resource "aws_cloudwatch_log_metric_filter" "cloudwatch9" { @@ -144,11 +104,6 @@ resource "aws_cloudwatch_log_metric_filter" "cloudwatch9" { default_value = 0 value = 1 } - - tags = { - project = var.project - stage = var.stage - } } resource "aws_cloudwatch_log_metric_filter" "cloudwatch10" { @@ -161,11 +116,6 @@ resource "aws_cloudwatch_log_metric_filter" "cloudwatch10" { default_value = 0 value = 1 } - - tags = { - project = var.project - stage = var.stage - } } resource "aws_cloudwatch_log_metric_filter" "cloudwatch11" { @@ -178,11 +128,6 @@ resource "aws_cloudwatch_log_metric_filter" "cloudwatch11" { default_value = 0 value = 1 } - - tags = { - project = var.project - stage = var.stage - } } resource "aws_cloudwatch_log_metric_filter" "cloudwatch12" { @@ -195,11 +140,6 @@ resource "aws_cloudwatch_log_metric_filter" "cloudwatch12" { default_value = 0 value = 1 } - - tags = { - project = var.project - stage = var.stage - } } resource "aws_cloudwatch_log_metric_filter" "cloudwatch13" { @@ -212,11 +152,6 @@ resource "aws_cloudwatch_log_metric_filter" "cloudwatch13" { default_value = 0 value = 1 } - - tags = { - project = var.project - stage = var.stage - } } resource "aws_cloudwatch_log_metric_filter" "cloudwatch14" { @@ -229,9 +164,4 @@ resource "aws_cloudwatch_log_metric_filter" "cloudwatch14" { default_value = 0 value = 1 } - - tags = { - project = var.project - stage = var.stage - } } From 4d67c648f765fae5dd1ce14266920fd3e02a8ee0 Mon Sep 17 00:00:00 2001 From: "Grayson, Matthew" Date: Thu, 19 Oct 2023 17:03:19 -0500 Subject: [PATCH 4/6] Add statistic field to alarms. --- infrastructure/log_alarms.tf | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/infrastructure/log_alarms.tf b/infrastructure/log_alarms.tf index bd969f234..26b79e879 100644 --- a/infrastructure/log_alarms.tf +++ b/infrastructure/log_alarms.tf @@ -5,6 +5,7 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch1" { comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 threshold = 1 + statistic = "SampleCount" tags = { project = var.project @@ -19,6 +20,7 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch2" { comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 threshold = 1 + statistic = "SampleCount" tags = { project = var.project @@ -33,6 +35,7 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch3" { comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 threshold = 1 + statistic = "SampleCount" tags = { project = var.project @@ -47,6 +50,7 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch4" { comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 threshold = 1 + statistic = "SampleCount" tags = { project = var.project @@ -61,6 +65,7 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch5" { comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 threshold = 1 + statistic = "SampleCount" tags = { project = var.project @@ -75,6 +80,7 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch6" { comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 threshold = 1 + statistic = "SampleCount" tags = { project = var.project @@ -89,6 +95,7 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch7" { comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 threshold = 1 + statistic = "SampleCount" tags = { project = var.project @@ -103,6 +110,7 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch8" { comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 threshold = 1 + statistic = "SampleCount" tags = { project = var.project @@ -117,6 +125,7 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch9" { comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 threshold = 1 + statistic = "SampleCount" tags = { project = var.project @@ -131,6 +140,7 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch10" { comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 threshold = 1 + statistic = "SampleCount" tags = { project = var.project @@ -145,6 +155,7 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch11" { comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 threshold = 1 + statistic = "SampleCount" tags = { project = var.project @@ -159,6 +170,7 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch12" { comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 threshold = 1 + statistic = "SampleCount" tags = { project = var.project @@ -173,6 +185,7 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch13" { comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 threshold = 1 + statistic = "SampleCount" tags = { project = var.project @@ -187,6 +200,7 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch14" { comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 threshold = 1 + statistic = "SampleCount" tags = { project = var.project From a20074ddee81b1d8d51a77ffcf29a4330286e1be Mon Sep 17 00:00:00 2001 From: "Grayson, Matthew" Date: Fri, 20 Oct 2023 01:19:10 -0500 Subject: [PATCH 5/6] Add system shutdown filter and alarm; refactor log metric names to be more descriptive. --- infrastructure/log_alarms.tf | 98 ++++++++++++++++++++--------------- infrastructure/log_filters.tf | 96 +++++++++++++++++++--------------- infrastructure/prod.tfvars | 29 ++++++----- infrastructure/stage.tfvars | 29 ++++++----- infrastructure/vars.tf | 62 ++++++++++++---------- 5 files changed, 174 insertions(+), 140 deletions(-) diff --git a/infrastructure/log_alarms.tf b/infrastructure/log_alarms.tf index 26b79e879..7f2c05b78 100644 --- a/infrastructure/log_alarms.tf +++ b/infrastructure/log_alarms.tf @@ -1,6 +1,6 @@ -resource "aws_cloudwatch_metric_alarm" "cloudwatch1" { - alarm_name = "${var.log_metric_name_cloudwatch1}-alarm" - metric_name = var.log_metric_name_cloudwatch1 +resource "aws_cloudwatch_metric_alarm" "root_user" { + alarm_name = "${var.log_metric_root_user}-alarm" + metric_name = var.log_metric_root_user alarm_actions = [aws_sns_topic.alarms.arn] comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 @@ -13,9 +13,9 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch1" { } } -resource "aws_cloudwatch_metric_alarm" "cloudwatch2" { - alarm_name = "${var.log_metric_name_cloudwatch2}-alarm" - metric_name = var.log_metric_name_cloudwatch2 +resource "aws_cloudwatch_metric_alarm" "unauthorized_api_call" { + alarm_name = "${var.log_metric_unauthorized_api_call}-alarm" + metric_name = var.log_metric_unauthorized_api_call alarm_actions = [aws_sns_topic.alarms.arn] comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 @@ -28,9 +28,9 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch2" { } } -resource "aws_cloudwatch_metric_alarm" "cloudwatch3" { - alarm_name = "${var.log_metric_name_cloudwatch3}-alarm" - metric_name = var.log_metric_name_cloudwatch3 +resource "aws_cloudwatch_metric_alarm" "login_without_mfa" { + alarm_name = "${var.log_metric_login_without_mfa}-alarm" + metric_name = var.log_metric_login_without_mfa alarm_actions = [aws_sns_topic.alarms.arn] comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 @@ -43,9 +43,9 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch3" { } } -resource "aws_cloudwatch_metric_alarm" "cloudwatch4" { - alarm_name = "${var.log_metric_name_cloudwatch4}-alarm" - metric_name = var.log_metric_name_cloudwatch4 +resource "aws_cloudwatch_metric_alarm" "iam_policy" { + alarm_name = "${var.log_metric_iam_policy}-alarm" + metric_name = var.log_metric_iam_policy alarm_actions = [aws_sns_topic.alarms.arn] comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 @@ -58,9 +58,9 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch4" { } } -resource "aws_cloudwatch_metric_alarm" "cloudwatch5" { - alarm_name = "${var.log_metric_name_cloudwatch5}-alarm" - metric_name = var.log_metric_name_cloudwatch5 +resource "aws_cloudwatch_metric_alarm" "cloudtrail" { + alarm_name = "${var.log_metric_cloudtrail}-alarm" + metric_name = var.log_metric_cloudtrail alarm_actions = [aws_sns_topic.alarms.arn] comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 @@ -73,9 +73,9 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch5" { } } -resource "aws_cloudwatch_metric_alarm" "cloudwatch6" { - alarm_name = "${var.log_metric_name_cloudwatch6}-alarm" - metric_name = var.log_metric_name_cloudwatch6 +resource "aws_cloudwatch_metric_alarm" "login_failure" { + alarm_name = "${var.log_metric_login_failure}-alarm" + metric_name = var.log_metric_login_failure alarm_actions = [aws_sns_topic.alarms.arn] comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 @@ -88,9 +88,9 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch6" { } } -resource "aws_cloudwatch_metric_alarm" "cloudwatch7" { - alarm_name = "${var.log_metric_name_cloudwatch7}-alarm" - metric_name = var.log_metric_name_cloudwatch7 +resource "aws_cloudwatch_metric_alarm" "cmk_delete_disable" { + alarm_name = "${var.log_metric_cmk_delete_disable}-alarm" + metric_name = var.log_metric_cmk_delete_disable alarm_actions = [aws_sns_topic.alarms.arn] comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 @@ -103,9 +103,9 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch7" { } } -resource "aws_cloudwatch_metric_alarm" "cloudwatch8" { - alarm_name = "${var.log_metric_name_cloudwatch8}-alarm" - metric_name = var.log_metric_name_cloudwatch8 +resource "aws_cloudwatch_metric_alarm" "s3_bucket_policy" { + alarm_name = "${var.log_metric_s3_bucket_policy}-alarm" + metric_name = var.log_metric_s3_bucket_policy alarm_actions = [aws_sns_topic.alarms.arn] comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 @@ -118,9 +118,9 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch8" { } } -resource "aws_cloudwatch_metric_alarm" "cloudwatch9" { - alarm_name = "${var.log_metric_name_cloudwatch9}-alarm" - metric_name = var.log_metric_name_cloudwatch9 +resource "aws_cloudwatch_metric_alarm" "aws_config" { + alarm_name = "${var.log_metric_aws_config}-alarm" + metric_name = var.log_metric_aws_config alarm_actions = [aws_sns_topic.alarms.arn] comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 @@ -133,9 +133,9 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch9" { } } -resource "aws_cloudwatch_metric_alarm" "cloudwatch10" { - alarm_name = "${var.log_metric_name_cloudwatch10}-alarm" - metric_name = var.log_metric_name_cloudwatch10 +resource "aws_cloudwatch_metric_alarm" "security_group" { + alarm_name = "${var.log_metric_security_group}-alarm" + metric_name = var.log_metric_security_group alarm_actions = [aws_sns_topic.alarms.arn] comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 @@ -148,9 +148,9 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch10" { } } -resource "aws_cloudwatch_metric_alarm" "cloudwatch11" { - alarm_name = "${var.log_metric_name_cloudwatch11}-alarm" - metric_name = var.log_metric_name_cloudwatch11 +resource "aws_cloudwatch_metric_alarm" "nacl" { + alarm_name = "${var.log_metric_nacl}-alarm" + metric_name = var.log_metric_nacl alarm_actions = [aws_sns_topic.alarms.arn] comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 @@ -163,9 +163,9 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch11" { } } -resource "aws_cloudwatch_metric_alarm" "cloudwatch12" { - alarm_name = "${var.log_metric_name_cloudwatch12}-alarm" - metric_name = var.log_metric_name_cloudwatch12 +resource "aws_cloudwatch_metric_alarm" "network_gateway" { + alarm_name = "${var.log_metric_network_gateway}-alarm" + metric_name = var.log_metric_network_gateway alarm_actions = [aws_sns_topic.alarms.arn] comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 @@ -178,9 +178,9 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch12" { } } -resource "aws_cloudwatch_metric_alarm" "cloudwatch13" { - alarm_name = "${var.log_metric_name_cloudwatch13}-alarm" - metric_name = var.log_metric_name_cloudwatch13 +resource "aws_cloudwatch_metric_alarm" "route_table" { + alarm_name = "${var.log_metric_route_table}-alarm" + metric_name = var.log_metric_route_table alarm_actions = [aws_sns_topic.alarms.arn] comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 @@ -193,9 +193,23 @@ resource "aws_cloudwatch_metric_alarm" "cloudwatch13" { } } -resource "aws_cloudwatch_metric_alarm" "cloudwatch14" { - alarm_name = "${var.log_metric_name_cloudwatch14}-alarm" - metric_name = var.log_metric_name_cloudwatch14 +resource "aws_cloudwatch_metric_alarm" "vpc" { + alarm_name = "${var.log_metric_vpc}-alarm" + metric_name = var.log_metric_vpc + alarm_actions = [aws_sns_topic.alarms.arn] + comparison_operator = "GreaterThanOrEqualToThreshold" + evaluation_periods = 1 + threshold = 1 + statistic = "SampleCount" + + tags = { + project = var.project + stage = var.stage + } +} + +resource "aws_cloudwatch_metric_alarm" "system_shutdown" { + alarm_name = "${var.log_metric_system_shutdown}-alarm" alarm_actions = [aws_sns_topic.alarms.arn] comparison_operator = "GreaterThanOrEqualToThreshold" evaluation_periods = 1 diff --git a/infrastructure/log_filters.tf b/infrastructure/log_filters.tf index 4a9a97be0..4c574aaf7 100644 --- a/infrastructure/log_filters.tf +++ b/infrastructure/log_filters.tf @@ -1,167 +1,179 @@ -resource "aws_cloudwatch_log_metric_filter" "cloudwatch1" { +resource "aws_cloudwatch_log_metric_filter" "root_user" { log_group_name = var.cloudtrail_log_group_name - name = var.log_metric_name_cloudwatch1 + name = var.log_metric_root_user pattern = "{$.userIdentity.type=\"Root\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType !=\"AwsServiceEvent\"}" metric_transformation { - name = var.log_metric_name_cloudwatch1 + name = var.log_metric_root_user namespace = var.log_metric_namespace default_value = 0 value = 1 } } -resource "aws_cloudwatch_log_metric_filter" "cloudwatch2" { +resource "aws_cloudwatch_log_metric_filter" "unauthorized_api_call" { log_group_name = var.cloudtrail_log_group_name - name = var.log_metric_name_cloudwatch2 + name = var.log_metric_unauthorized_api_call pattern = "{($.errorCode=\"*UnauthorizedOperation\") || ($.errorCode=\"AccessDenied*\")}" metric_transformation { - name = var.log_metric_name_cloudwatch2 + name = var.log_metric_unauthorized_api_call namespace = var.log_metric_namespace default_value = 0 value = 1 } } -resource "aws_cloudwatch_log_metric_filter" "cloudwatch3" { +resource "aws_cloudwatch_log_metric_filter" "login_without_mfa" { log_group_name = var.cloudtrail_log_group_name - name = var.log_metric_name_cloudwatch3 + name = var.log_metric_login_without_mfa pattern = "{($.eventName=\"ConsoleLogin\") && ($.additionalEventData.MFAUsed !=\"Yes\") && ($.userIdentity.type=\"IAMUser\") && ($.responseElements.ConsoleLogin=\"Success\")}" metric_transformation { - name = var.log_metric_name_cloudwatch3 + name = var.log_metric_login_without_mfa namespace = var.log_metric_namespace default_value = 0 value = 1 } } -resource "aws_cloudwatch_log_metric_filter" "cloudwatch4" { +resource "aws_cloudwatch_log_metric_filter" "iam_policy" { log_group_name = var.cloudtrail_log_group_name - name = var.log_metric_name_cloudwatch4 + name = var.log_metric_iam_policy pattern = "{($.eventSource=iam.amazonaws.com) && (($.eventName=DeleteGroupPolicy) || ($.eventName=DeleteRolePolicy) || ($.eventName=DeleteUserPolicy) || ($.eventName=PutGroupPolicy) || ($.eventName=PutRolePolicy) || ($.eventName=PutUserPolicy) || ($.eventName=CreatePolicy) || ($.eventName=DeletePolicy) || ($.eventName=CreatePolicyVersion) || ($.eventName=DeletePolicyVersion) || ($.eventName=AttachRolePolicy) || ($.eventName=DetachRolePolicy) || ($.eventName=AttachUserPolicy) || ($.eventName=DetachUserPolicy) || ($.eventName=AttachGroupPolicy) || ($.eventName=DetachGroupPolicy))}" metric_transformation { - name = var.log_metric_name_cloudwatch4 + name = var.log_metric_iam_policy namespace = var.log_metric_namespace default_value = 0 value = 1 } } -resource "aws_cloudwatch_log_metric_filter" "cloudwatch5" { +resource "aws_cloudwatch_log_metric_filter" "cloudtrail" { log_group_name = var.cloudtrail_log_group_name - name = var.log_metric_name_cloudwatch5 + name = var.log_metric_cloudtrail pattern = "{($.eventName=CreateTrail) || ($.eventName=UpdateTrail) || ($.eventName=DeleteTrail) || ($.eventName=StartLogging) || ($.eventName=StopLogging)}" metric_transformation { - name = var.log_metric_name_cloudwatch5 + name = var.log_metric_cloudtrail namespace = var.log_metric_namespace default_value = 0 value = 1 } } -resource "aws_cloudwatch_log_metric_filter" "cloudwatch6" { +resource "aws_cloudwatch_log_metric_filter" "login_failure" { log_group_name = var.cloudtrail_log_group_name - name = var.log_metric_name_cloudwatch6 + name = var.log_metric_login_failure pattern = "{($.eventName=ConsoleLogin) && ($.errorMessage=\"Failed authentication\")}" metric_transformation { - name = var.log_metric_name_cloudwatch6 + name = var.log_metric_login_failure namespace = var.log_metric_namespace default_value = 0 value = 1 } } -resource "aws_cloudwatch_log_metric_filter" "cloudwatch7" { +resource "aws_cloudwatch_log_metric_filter" "cmk_delete_disable" { log_group_name = var.cloudtrail_log_group_name - name = var.log_metric_name_cloudwatch7 + name = var.log_metric_cmk_delete_disable pattern = "{($.eventSource=kms.amazonaws.com) && (($.eventName=DisableKey) || ($.eventName=ScheduleKeyDeletion))}" metric_transformation { - name = var.log_metric_name_cloudwatch7 + name = var.log_metric_cmk_delete_disable namespace = var.log_metric_namespace default_value = 0 value = 1 } } -resource "aws_cloudwatch_log_metric_filter" "cloudwatch8" { +resource "aws_cloudwatch_log_metric_filter" "s3_bucket_policy" { log_group_name = var.cloudtrail_log_group_name - name = var.log_metric_name_cloudwatch8 + name = var.log_metric_s3_bucket_policy pattern = "{($.eventSource=s3.amazonaws.com) && (($.eventName=PutBucketAcl) || ($.eventName=PutBucketPolicy) || ($.eventName=PutBucketCors) || ($.eventName=PutBucketLifecycle) || ($.eventName=PutBucketReplication) || ($.eventName=DeleteBucketPolicy) || ($.eventName=DeleteBucketCors) || ($.eventName=DeleteBucketLifecycle) || ($.eventName=DeleteBucketReplication))}" metric_transformation { - name = var.log_metric_name_cloudwatch8 + name = var.log_metric_s3_bucket_policy namespace = var.log_metric_namespace default_value = 0 value = 1 } } -resource "aws_cloudwatch_log_metric_filter" "cloudwatch9" { +resource "aws_cloudwatch_log_metric_filter" "aws_config" { log_group_name = var.cloudtrail_log_group_name - name = var.log_metric_name_cloudwatch9 + name = var.log_metric_aws_config pattern = "{($.eventSource=config.amazonaws.com) && (($.eventName=StopConfigurationRecorder) || ($.eventName=DeleteDeliveryChannel) || ($.eventName=PutDeliveryChannel) || ($.eventName=PutConfigurationRecorder))}" metric_transformation { - name = var.log_metric_name_cloudwatch9 + name = var.log_metric_aws_config namespace = var.log_metric_namespace default_value = 0 value = 1 } } -resource "aws_cloudwatch_log_metric_filter" "cloudwatch10" { +resource "aws_cloudwatch_log_metric_filter" "security_group" { log_group_name = var.cloudtrail_log_group_name - name = var.log_metric_name_cloudwatch10 + name = var.log_metric_security_group pattern = "{($.eventName=AuthorizeSecurityGroupIngress) || ($.eventName=AuthorizeSecurityGroupEgress) || ($.eventName=RevokeSecurityGroupIngress) || ($.eventName=RevokeSecurityGroupEgress) || ($.eventName=CreateSecurityGroup) || ($.eventName=DeleteSecurityGroup)}" metric_transformation { - name = var.log_metric_name_cloudwatch10 + name = var.log_metric_security_group namespace = var.log_metric_namespace default_value = 0 value = 1 } } -resource "aws_cloudwatch_log_metric_filter" "cloudwatch11" { +resource "aws_cloudwatch_log_metric_filter" "nacl" { log_group_name = var.cloudtrail_log_group_name - name = var.log_metric_name_cloudwatch11 + name = var.log_metric_nacl pattern = "{($.eventName=CreateNetworkAcl) || ($.eventName=CreateNetworkAclEntry) || ($.eventName=DeleteNetworkAcl) || ($.eventName=DeleteNetworkAclEntry) || ($.eventName=ReplaceNetworkAclEntry) || ($.eventName=ReplaceNetworkAclAssociation)}" metric_transformation { - name = var.log_metric_name_cloudwatch11 + name = var.log_metric_nacl namespace = var.log_metric_namespace default_value = 0 value = 1 } } -resource "aws_cloudwatch_log_metric_filter" "cloudwatch12" { +resource "aws_cloudwatch_log_metric_filter" "network_gateway" { log_group_name = var.cloudtrail_log_group_name - name = var.log_metric_name_cloudwatch12 + name = var.log_metric_network_gateway pattern = "{($.eventName=CreateCustomerGateway) || ($.eventName=DeleteCustomerGateway) || ($.eventName=AttachInternetGateway) || ($.eventName=CreateInternetGateway) || ($.eventName=DeleteInternetGateway) || ($.eventName=DetachInternetGateway)}" metric_transformation { - name = var.log_metric_name_cloudwatch12 + name = var.log_metric_network_gateway namespace = var.log_metric_namespace default_value = 0 value = 1 } } -resource "aws_cloudwatch_log_metric_filter" "cloudwatch13" { +resource "aws_cloudwatch_log_metric_filter" "route_table" { log_group_name = var.cloudtrail_log_group_name - name = var.log_metric_name_cloudwatch13 + name = var.log_metric_route_table pattern = "{($.eventSource=ec2.amazonaws.com) && (($.eventName=CreateRoute) || ($.eventName=CreateRouteTable) || ($.eventName=ReplaceRoute) || ($.eventName=ReplaceRouteTableAssociation) || ($.eventName=DeleteRouteTable) || ($.eventName=DeleteRoute) || ($.eventName=DisassociateRouteTable))}" metric_transformation { - name = var.log_metric_name_cloudwatch13 + name = var.log_metric_route_table namespace = var.log_metric_namespace default_value = 0 value = 1 } } -resource "aws_cloudwatch_log_metric_filter" "cloudwatch14" { +resource "aws_cloudwatch_log_metric_filter" "vpc" { log_group_name = var.cloudtrail_log_group_name - name = var.log_metric_name_cloudwatch14 + name = var.log_metric_vpc pattern = "{($.eventName=CreateVpc) || ($.eventName=DeleteVpc) || ($.eventName=ModifyVpcAttribute) || ($.eventName=AcceptVpcPeeringConnection) || ($.eventName=CreateVpcPeeringConnection) || ($.eventName=DeleteVpcPeeringConnection) || ($.eventName=RejectVpcPeeringConnection) || ($.eventName=AttachClassicLinkVpc) || ($.eventName=DetachClassicLinkVpc) || ($.eventName=DisableVpcClassicLink) || ($.eventName=EnableVpcClassicLink)}" metric_transformation { - name = var.log_metric_name_cloudwatch14 + name = var.log_metric_vpc namespace = var.log_metric_namespace default_value = 0 value = 1 } } + +resource "aws_cloudwatch_log_metric_filter" "system_shutdown" { + log_group_name = var.cloudtrail_log_group_name + name = var.log_metric_system_shutdown + pattern = "{($.eventName=StopInstances) || ($.eventName=TerminateInstances)}" + metric_transformation { + name = var.log_metric_system_shutdown + namespace = var.log_metric_namespace + default_value = 0 + value = 1 + } +} \ No newline at end of file diff --git a/infrastructure/prod.tfvars b/infrastructure/prod.tfvars index 8c27ec90c..940fb7bb6 100644 --- a/infrastructure/prod.tfvars +++ b/infrastructure/prod.tfvars @@ -11,20 +11,21 @@ db_port = 5432 db_table_name = "cfproddb" db_instance_class = "db.t3.2xlarge" log_metric_namespace = "LogMetrics" -log_metric_name_cloudwatch1 = "crossfeed-prod-RootUserAccess" -log_metric_name_cloudwatch2 = "crossfeed-prod-UnauthorizedApiCall" -log_metric_name_cloudwatch3 = "crossfeed-prod-ConsoleSignInWithoutMFA" -log_metric_name_cloudwatch4 = "crossfeed-prod-IAMPolicyChange" -log_metric_name_cloudwatch5 = "crossfeed-prod-CloudTrailConfigurationChanges" -log_metric_name_cloudwatch6 = "crossfeed-prod-ConsoleLoginFailure" -log_metric_name_cloudwatch7 = "crossfeed-prod-DisablingOrScheduledDeletionOfCMK" -log_metric_name_cloudwatch8 = "crossfeed-prod-S3BucketPolicyChanges" -log_metric_name_cloudwatch9 = "crossfeed-prod-AWSConfigConfigurationChange" -log_metric_name_cloudwatch10 = "crossfeed-prod-SecurityGroupChange" -log_metric_name_cloudwatch11 = "crossfeed-prod-NACLChange" -log_metric_name_cloudwatch12 = "crossfeed-prod-NetworkGatewayChange" -log_metric_name_cloudwatch13 = "crossfeed-prod-RouteTableChange" -log_metric_name_cloudwatch14 = "crossfeed-prod-VPCChange" +log_metric_root_user = "crossfeed-prod-RootUserAccess" +log_metric_unauthorized_api_call = "crossfeed-prod-UnauthorizedApiCall" +log_metric_login_without_mfa = "crossfeed-prod-ConsoleSignInWithoutMFA" +log_metric_iam_policy = "crossfeed-prod-IAMPolicyChange" +log_metric_cloudtrail = "crossfeed-prod-CloudTrailConfigurationChanges" +log_metric_login_failure = "crossfeed-prod-ConsoleLoginFailure" +log_metric_cmk_delete_disable = "crossfeed-prod-DisablingOrScheduledDeletionOfCMK" +log_metric_s3_bucket_policy = "crossfeed-prod-S3BucketPolicyChanges" +log_metric_aws_config = "crossfeed-prod-AWSConfigConfigurationChange" +log_metric_security_group = "crossfeed-prod-SecurityGroupChange" +log_metric_nacl = "crossfeed-prod-NACLChange" +log_metric_network_gateway = "crossfeed-prod-NetworkGatewayChange" +log_metric_route_table = "crossfeed-prod-RouteTableChange" +log_metric_vpc = "crossfeed-prod-VPCChange" +log_metric_system_shutdown = "crossfeed-prod-SystemShutdown" sns_topic_alarms = "crossfeed-prod-cis-alarms" ssm_lambda_subnet = "/crossfeed/prod/SUBNET_ID" ssm_lambda_sg = "/crossfeed/prod/SG_ID" diff --git a/infrastructure/stage.tfvars b/infrastructure/stage.tfvars index e648a1ca7..a5f2324f1 100644 --- a/infrastructure/stage.tfvars +++ b/infrastructure/stage.tfvars @@ -11,20 +11,21 @@ db_port = 5432 db_table_name = "cfstagingdb" db_instance_class = "db.t3.2xlarge" log_metric_namespace = "LogMetrics" -log_metric_name_cloudwatch1 = "crossfeed-staging-RootUserAccess" -log_metric_name_cloudwatch2 = "crossfeed-staging-UnauthorizedApiCall" -log_metric_name_cloudwatch3 = "crossfeed-staging-ConsoleSignInWithoutMFA" -log_metric_name_cloudwatch4 = "crossfeed-staging-IAMPolicyChange" -log_metric_name_cloudwatch5 = "crossfeed-staging-CloudTrailConfigurationChanges" -log_metric_name_cloudwatch6 = "crossfeed-staging-ConsoleLoginFailure" -log_metric_name_cloudwatch7 = "crossfeed-staging-DisablingOrScheduledDeletionOfCMK" -log_metric_name_cloudwatch8 = "crossfeed-staging-S3BucketPolicyChanges" -log_metric_name_cloudwatch9 = "crossfeed-staging-AWSConfigConfigurationChange" -log_metric_name_cloudwatch10 = "crossfeed-staging-SecurityGroupChange" -log_metric_name_cloudwatch11 = "crossfeed-staging-NACLChange" -log_metric_name_cloudwatch12 = "crossfeed-staging-NetworkGatewayChange" -log_metric_name_cloudwatch13 = "crossfeed-staging-RouteTableChange" -log_metric_name_cloudwatch14 = "crossfeed-staging-VPCChange" +log_metric_root_user = "crossfeed-staging-RootUserAccess" +log_metric_unauthorized_api_call = "crossfeed-staging-UnauthorizedApiCall" +log_metric_login_without_mfa = "crossfeed-staging-ConsoleSignInWithoutMFA" +log_metric_iam_policy = "crossfeed-staging-IAMPolicyChange" +log_metric_cloudtrail = "crossfeed-staging-CloudTrailConfigurationChanges" +log_metric_login_failure = "crossfeed-staging-ConsoleLoginFailure" +log_metric_cmk_delete_disable = "crossfeed-staging-DisablingOrScheduledDeletionOfCMK" +log_metric_s3_bucket_policy = "crossfeed-staging-S3BucketPolicyChanges" +log_metric_aws_config = "crossfeed-staging-AWSConfigConfigurationChange" +log_metric_security_group = "crossfeed-staging-SecurityGroupChange" +log_metric_nacl = "crossfeed-staging-NACLChange" +log_metric_network_gateway = "crossfeed-staging-NetworkGatewayChange" +log_metric_route_table = "crossfeed-staging-RouteTableChange" +log_metric_vpc = "crossfeed-staging-VPCChange" +log_metric_system_shutdown = "crossfeed-staging-SystemShutdown" sns_topic_alarms = "crossfeed-staging-cis-alarms" ssm_lambda_subnet = "/crossfeed/staging/SUBNET_ID" ssm_lambda_sg = "/crossfeed/staging/SG_ID" diff --git a/infrastructure/vars.tf b/infrastructure/vars.tf index 157aea125..26ca00531 100644 --- a/infrastructure/vars.tf +++ b/infrastructure/vars.tf @@ -70,90 +70,96 @@ variable "log_metric_namespace" { default = "LogMetrics" } -variable "log_metric_name_cloudwatch1" { - description = "log_metric_filter_cloudwatch1" +variable "log_metric_root_user" { + description = "log_metric_filter_root_user" type = string default = "crossfeed-staging-RootUserAccess" } -variable "log_metric_name_cloudwatch2" { - description = "log_metric_filter_cloudwatch2" +variable "log_metric_unauthorized_api_call" { + description = "log_metric_filter_unauthorized_api_call" type = string default = "crossfeed-staging-UnauthorizedAPICall" } -variable "log_metric_name_cloudwatch3" { - description = "log_metric_filter_cloudwatch3" +variable "log_metric_login_without_mfa" { + description = "log_metric_filter_login_without_mfa" type = string default = "crossfeed-staging-ConsoleLoginWithoutMFA" } -variable "log_metric_name_cloudwatch4" { - description = "log_metric_filter_cloudwatch4" +variable "log_metric_iam_policy" { + description = "log_metric_filter_iam_policy" type = string default = "crossfeed-staging-IAMPolicyChange" } -variable "log_metric_name_cloudwatch5" { - description = "log_metric_filter_cloudwatch5" +variable "log_metric_cloudtrail" { + description = "log_metric_filter_cloudtrail" type = string default = "crossfeed-staging-CloudTrailConfigurationChange" } -variable "log_metric_name_cloudwatch6" { - description = "log_metric_filter_cloudwatch6" +variable "log_metric_login_failure" { + description = "log_metric_filter_login_failure" type = string default = "crossfeed-staging-ConsoleLoginFailure" } -variable "log_metric_name_cloudwatch7" { - description = "log_metric_filter_cloudwatch7" +variable "log_metric_cmk_delete_disable" { + description = "log_metric_filter_cmk_delete_disable" type = string default = "crossfeed-staging-DisablingOrScheduledDeletionOfCMK" } -variable "log_metric_name_cloudwatch8" { - description = "log_metric_filter_cloudwatch8" +variable "log_metric_s3_bucket_policy" { + description = "log_metric_filter_s3_bucket_policy" type = string default = "crossfeed-staging-S3BucketPolicyChange" } -variable "log_metric_name_cloudwatch9" { - description = "log_metric_filter_cloudwatch9" +variable "log_metric_aws_config" { + description = "log_metric_filter_aws_config" type = string default = "crossfeed-staging-AWSConfigConfigurationChange" } -variable "log_metric_name_cloudwatch10" { - description = "log_metric_filter_cloudwatch10" +variable "log_metric_security_group" { + description = "log_metric_filter_security_group" type = string default = "crossfeed-staging-SecurityGroupChange" } -variable "log_metric_name_cloudwatch11" { - description = "log_metric_filter_cloudwatch11" +variable "log_metric_nacl" { + description = "log_metric_filter_nacl" type = string default = "crossfeed-staging-NACLChange" } -variable "log_metric_name_cloudwatch12" { - description = "log_metric_filter_cloudwatch12" +variable "log_metric_network_gateway" { + description = "log_metric_filter_network_gateway" type = string default = "crossfeed-staging-NetworkGatewayChange" } -variable "log_metric_name_cloudwatch13" { - description = "log_metric_filter_cloudwatch13" +variable "log_metric_route_table" { + description = "log_metric_filter_route_table" type = string default = "crossfeed-staging-RouteTableChange" } -variable "log_metric_name_cloudwatch14" { - description = "log_metric_filter_cloudwatch14" +variable "log_metric_vpc" { + description = "log_metric_filter_vpc" type = string default = "crossfeed-staging-VPCChange" } +variable "log_metric_system_shutdown" { + description = "log_metric_filter_system_shutdown" + type = string + default = "crossfeed-staging-SystemShutdown" +} + variable "sns_topic_alarms" { description = "sns_alarm_topic_name" type = string From 564fd8fbe17a5d65c6bed38a016ef6062eb211ba Mon Sep 17 00:00:00 2001 From: "Grayson, Matthew" Date: Fri, 20 Oct 2023 09:26:07 -0500 Subject: [PATCH 6/6] Add notice to public folder. --- frontend/public/Notice.pdf | Bin 0 -> 96759 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 frontend/public/Notice.pdf diff --git a/frontend/public/Notice.pdf b/frontend/public/Notice.pdf new file mode 100644 index 0000000000000000000000000000000000000000..19b2ce794ad98ebe78f0db16dd1096126f6d21f6 GIT binary patch literal 96759 zcmagE19)Z2wl*9)9ox2(72CFL8y&M_c5JJoj&0j^$F})p?{n_|o%?+I{&zid)vPt= ztQw<6z3-T#MlCW05ivR@dH_7x&hFG4JPZp5AtRx^krg}-4}*-QovERdrKhP0ArpfP zAt!*Hjgvv1kd=`^l#qjyotc$E?(2ri*9}%SCI$&YZ9-N~HbN$LPF+4ecvCx*zq%p( ze?IUqY=HkOL&VhB-o#YF(8<>MOQNv7jjOGlGa(y;f|IF6Co2bA0LC5rHzZJ z6N8wIp^NFinlMO;X!9_!vWtl@v2cor3b8Y?vWf}{a|!~4*#Q7C0Eh5b$;Tte$t=pj z!YRbe!OSKEU=`#PVPh0y6=Y%);^Y)!Vq@jgWstNpF?HAe8aOlOUq8(330c^`6jWl6 zF|{*yu^{AR`AZwOzlX`ppk#0FLde4T_XEmbwjl(tGpKktm@;T6nVK=EYcmnD5Hfuk zz}dyg)X)|l#$waR$ix8Az`)4BARUYttHgf<2ytWXZ!#xVZi_i zwwj)SaRr7rvaEYYNg%#P4sx6ij`Y)yW2_sj-jPNEtTY+yh97jdh5!f{0?07=8!bG{ zmzn=9>E8x-b}@8vad$E`gNI>+han>ql^27D`S&Ei!vOxn^umOktp8|OLMA4_|2KG6 z24zAPj{i0ugTIDjU}g4IM7bFYfJX_8_jb?t(~<)Xz`<3*y+zG6^M{cR>pA!+tQ_?} zMRP`L{s_?J>$dPa2zc%UR$#&0wIVcQnhMV7?d{fRge4yB2S+pj@-sx3`iBAiZR`I+ zq@kTT<;N$GD3BZw9gr%JG8KcYp_BDrllFz4zp7tYb#Zbv{eq0Fsf(eBp^G6Q^WSr& zU}$bCW9VV;>cSvzXZkOoG5mGWnULi#qbM;be>F6AQE@Ug{dEi+IfXUy}aTl|e=2tNOR1U-uQ9 z?2VO8U9=g#`~-uFsk;kE!J4Wr+U*B?lw(m+RsDS5IGRD7)DH zCqUa(w5``9P(Nr6net2yeUVUu7+kHj*jGwz-LMV>Yf54?w3%nYPW-l5NY-rYsETN5 zg>bW8?-Q5>1U0L3VGL9Pi@OscCIplq(t{d?p{v19NYfQe&=~1yIf$lT7rVSA2P2XB z)YtgpM&jG;+jJYq=9sGaDO)-@t*Y#kyCpb7mU$tR=*vF{SZzU`9hM<)PNcnc2dN=y z%WC!82;Rg-?CQ3;xuaKFKJO*$(9yb{dz860W#`s+#g#O2lIlFqC- z4YyY6_6QhrR@z(N@AnDIn*xH2IHi%>f4c>Ezj=Ay9zG4sFprHb2RD0iL{o=fghY@Q znIO%$u-O6DfD#j#&iDd~`ZD7!%bLp{YtD!Dhr|j2Eyt1zp(Z!1me}2SLlTh(&Kb#B zht;V*7WxckV^;EVL1cAp^`6t~X`3hY_RVfmmashrkDF-(BrLiQ*4KgGN8OG)2OBa1*vF}= z1dM3yJYK}gvS=#~gWUp+#M1YIG1lQ!94bUeM7jIgfNpJMaB8Gp=vf)QVngpn^b-8PMVVu{GdXG6NHv+oxF zo_cG)c;WCVZB<^{0u?_H+f)^YCBJX_wVT6;aksI(9~(5JbNV!Gt}4+J8M zzdM#Uq)uV!Gm!74WGPm3Ck!J{_`~+sTmJufYy9o4{$~RI`%TEs#P)xACJ`Q`DjT`R zh}dzceqn(Y71&*aVqusEDU2|tlx+8?prNHCb<}k!fj#2pmT+#UUdu{gzuB(% zFlY9fcJ8*;_Gfn(?ADk6n@wF7d5^#B6i!?Pl6ye;OrYk1Q{~EC?Jo`9_hsCRzQbTfLb+4yVi_z4cK*^M#g5KheRVYbi zYcpiIsyOVu?94W;dX#g;%0!9wt<^t|%6eU`hv!_Mm|g}4VguybHkIimDJr9x4i#42 z!!TA_xMv}ln#oGhVnUDS0xuNUe%#=!W?>OVe$y1dzbyad7Nfd#3ZZeYL{fO7zG0#E zUQsi8q9V=X!Sh}ztb$|-N5rZQ5S7Ss554Mk8x2M5F?Fh`9^L~|@u~Xl5DKoBSm#f; zKnE2^)J+2g^q#*DcqB7oGR|*oa4{CK3WvT6yzAz60!nEsF#ay`R8S>#STsqebSiu4 znk)lX=E?*03pz-nU)-mjifq zAY~S5@eoR6K6LT4B1_<(G|6wGexTUes9MuFFc<8;tQM_k{H{5xoQt9J3CYs$EkqIHT&f@ial4AFt?=!7U&_CC3ibm(QO0TI z0n69sx*{f%);(p@nCN(Bv<&K9tcozSZ=TZP>p2i@ghrW3p*B4&DUd1Mo7NuKif z+IQsi9{AoC$7WTIeYnIP3x3rm;Fz&DjeKi;$xUvUSTVq}b)v$E-aMAojVM7lak^_c zXENcaAX4TP3pm__^o?*~rIu-L+M0BFUKNNFO%%zo1Jefs(M69oMlkRon|X`F6LTf3 z_2g0;$CyR1QiD#>Rkk*@&3bJ#D3$4g2{|?Z!ga5lQ$QkE6cfp*LZ%nI;4SM>TZ#vTQwr4MDQCP1MS4yeaLaxg|C(a!B-H5RkqtEmViDtNr%1##^JidbBJ11+V| z*1tv?j-7~Z88cW;Ycy^>sxmX{Zr$G4rA^=9uGzZ8KWw64g1L;P;3DyD(E`42eNEi3 zXK8Q$6Vvl8e5AGrYkdt_-JR&B5VB78ilAIJU#KIG{Sy1Lu2h!Bl%ek8!z>GO-c)6x zAc7wR4(OeT`Q@Jw_E$*wzak94{I&e~ueHRN%T8PRsWCF?+%UuMLiZQEto?*h$^SfTLiAcP}V5yJgIR~M(B&mIy4+b%d zY^XWs6K}5jfe1uB-jK*d;|$YJ9Em|*r;PqB4auXOmoketeqZ zuU!a>ifI(5TvCxroG^+}q+kC8YQ1K=HlCP zsBb<|LZ-4l_#k>@FKcpi6`;kZ&}2v4p3utTOeDm=qcg(K_A8=I8u=L1Eo=SjH&7Jz zQs_?dI_C`5Woze3bWplv;2ED;$p(;CZY#>RUO8WuG5B*@ToK+lx);guo5O4vx!n(r zIkXE8JEAj%E8V0^sI6U3PM;})7)4BZqY|w3!8c-b2|omRwVfpY5W@VXz))?oek(ok zye}GyF(-Yw&b9`#EMXhQ3H7A4cMOflksE`7Jckf%iO+=REJPo8$%&+AYxdMFS05HMUSVQ_Pgy0kpkW+f%)R47K^H=MFfZGhD^oMEv$;y6 z7!QUz`)u56o~4P^cAADzM;z~#XJG)2Jz13ah~DY-Wl#s^Bu;s)e2(nXiM^5NwSHPl zM5P{vTsJpUFyJav{=J+p!y163M=r27a7r zWgelxi*V-y*%`Sb;Rfk8fJ&3Q8^Uo~nFqmN(m>q)+lDc%2Q!u1Sx5izue{HR??ryBA zbEVIzRr`IpM>ZXCoPUDae`G5DVM+L35h)}4e?rYgWy|_2BK3XLcZ@}niIJ-{#fczv z#MaO>Wb8^}7D{*7umH@O6n(y5-1VtRJsKR-W_5CJJZ6Pt81ccuAcpwlNflXPHWJPx zip{B5!S@L}vaf}~m?0pD=UHw-gVtdf?gIJV64nQ2NYl%VfM zKLFl%1A#pl*M3qAvX91swgv*t?o)Dj)qKZT0vn+Oii~QlGA?l)dQ#|SCo)d8Y!uqt z|8xyM;yI$l6x#^Rt^4P{QPf0Z#eR{fKxu|lxndSl5LQ+7VqF5&T zn}@V$o~0dY>Nn}N-mA>RpE;GYD^WAjEeqa6`xz76)zo1+Mbs3$6snhqC^@owbM{oG znRoTyBL#rU)*V-e9Ai1U36ttH&NuX-4vIV*B(cbj z))Vb+7YSPkb;kvDOsmI1Q=r}%B{T*WV&=CXX3f&;M1n;DtXN{_jU@=fvpT7Cl^#Kf#1u(8Q^Ja`kQZF57J8P#_Q zlr54U!1<1Pf@tFXZP40$1_Zp-_2mXWElT6{4#Z?Zt@S&`UCGJZA9?^^`lGyZ$)@Eo z{$G(O6NxVSKM~=tEYbh&a{>QtY38ER6N5wa6(`Ved{fE`0XB=HE_9j2ec)-bQmw45 zEW?i%ZW_H@8tjH!d5G(0YRq|eH}l~tm2A_bET}{~J^gb^!8n!}g<>I7Qb>!HtniXR;xu`)^H>2aa7&cPij zxI!V$KmgLI@R*u4rkln-IB9H}8RL#_e6Kqe6df#)cm;r~TxyJEZPG)U(r3L>MYs3l z2$4WPZB^lc_D0z)g2Ix$%t5WLWa6CX-f%LMcDo#>AOHE6%HrmhJPOXoeN#48*` zx9ex8c76ka0@+ma^!^j{{$n%XfA+zwod1y?mI(i$B5S?=l@<7F5rk2gH4{qKN4(s? zJ}p4_l@^euB(p{6Ky@0~itQBpIZ@lDIldj*fo`SBYt= z^Ksz`sQ7Fhn;UQKW8ua}kiUHl&NJN1NvR$|gF3_%C)&??t2qb)%JLVQM}j-Ln$>+J z@Pnu#J6-vW`19T#RGsLDF4}i}NP4={PXq>Q1HQ2w5nZ5Ejii(X?m3Xb_1=3Zi|D0_ zaI=wXR*%db5C**>cMza`q}?%>8>r*u9n-Mq$ZjRc@L%&nx`3gnS+7zL`d@5FZxW*H z76*w>xmH~lW3AALCVC|9OKK9KFa`dYzY1K~e_AM($#ct@C;Ws_cd1LEViGu%yFy>d zSGTAmN))Na$1@F+593s~hBaA5%DgBBpNc%r+g52`4P>5ND<;)AZ?LRtH7ZhLP6;~* zB+G4|oF{E5fRc4mMGMSFb{i-V_oy{|=dSXC#s;?fR7F#YW!;QGeCe+-g0(7IrNM7K zZIa?MXJ-$NMk@o4r>DE@^*H6q_X3b*)Ry^mIr$okuA89Idb)Po5zZ%g0bZ*s_`=r;5QlINFGxwILs^MB$eZqJk z>IO=+pn3i$-29cw{$E`dGvL21o=xOst^2;h#8dV50_W=8*m<|yyXrz5I#e~YWy3SZ z)q0z_q=u-s_Yqm`!GoZ??21RyBC;eZOUyz%%R+b#I0x$1s76wSLWK0+*b2{K$MrgF zk?6&PHf~E!idIEwrhlLyhU>JjO>N!Wkz|RYLpktaM#vnEu$?_+rHzsrHR%~F{8iU0 z#gD71f%8urjc;uQ3-X^k4Ah1kG)aO20$kNI=FylJ5$!YGT|S4RDMI`XCsC3fFJCW> zzjLphoUZ7j(t_NMiVs^X^zSauu<$*Xd%Mpr=ak+EF1(SuPF!HOoR9NL|It;5(cGuD z@ubG+5cA5t=kSqzLi*bL$kA;42TQX3$40~d%s>F^e+EJ6J-O4}{UhDoB;DQpJ>7ZT z{t&2`IEk3)n3$NH*eaMjD;k)@*r-^z8kpalbIVD=G;ng^fc?MRz2>P7nt8 zV@q2cEAd`X+6Lk_eF|)f5Ft2B07&)#a;ty7gf$(wNO0M^JAzdUA&jWay9L@Q!FlPf z3+`Zz@~>SE)nb;tw~osTU3#o-hK-I5AK$J+kDN!3?8j3H;(V#mxS$K&MMb|Y=M;<& z_;GNa>%B#~(c$g3M-<5%Vkf;L93AfJ*QprDu+c5Dn~B+^ zvW;;+T80A-{v2Zu%p1~~ot!G;0*2V^Y=t1eNq*A2Y&oSI^xl@V<%ziI;*2MDE zza8DCkASs7(hszhp$fn(VYY02Fn&>GGbE9HBhnHt@l`=R{3D`m3Emy%d7MGvN{z~m;jBZm)wFK`e(i+=YHcy=P6)Jg42v8N3~l5pJBUuz zdo@wCE+TvUgUM?9ayEJR;?mT&6#_cx!<%xx5!rn(Z-CAAG951HmG~IgmPCHFdS0Td z??-KSyio&|L};Dp&M-HYp7_?UkaxnKz>ldq)S6on;aQvI3V$FeVU z@3=?oJMXZ$<#&Mh?9HF;alYc0yFLk3T)$^@?+7RTZ%c0#wW41?-8uOsAE(3LqTd?d z;Kf<)C9`HTN>3$K_Wel>w4o)YR%SLEy;m@jeLL^-k`KsaYb*+{1#PeMr`WvR z{+OflFn)f#aJn|In|`uq zCIXFQ4pUlu4Uh?kWif3pf*9+BPEI%dg+@n~Gb;e^+8`yPx~#3JIwGlS%e5DzxS+7? zO2mNXq$vT!AVBDkE>*#Wr<#hYZd74uy&5%8aFtSdCo(TFs;n-pDNoifB~c-UH!j5% zNlG-#Ruim=Tco#1=L}{XuGiQu8!P%A;7`O60i|ET)2q{)GCO5l{4Uk_5br^FSdi`B zT&8|5>vB5&Q-EX+iDkmj?R)BkT7k_&jP-&9=YZ9MMO3gVhqWz(8zGbVbP4r=_>b*{ zQ$K5E&>0cTK*D61fa3{V|2CBA-|CNm+GE9jwKyx ziwn&jwzR_z&S6@kfWI7IT^%T*Jj>(aFG2!LfpVq4ep?6U*~ZeSU0hXyvh@9y(Iv zQR0F;Tx&&M z+ny_EueG``tv=8mBnN8kJEoc0C*un8 zCB17(LQM|)2GPOdP@h7V1LK?P+Ahkf228qxSvNqhWvwPEpykY(kUKrg#HKBh!D+!(Ksh3;8Nl`$e#n*8D0|1gfRKbde%8XK%7iSogF*ek|VJlgzxm4W*t|3BPIV888&i4ETW?~z++YRQ?)EQQ-Az< z09}951H-J7RkqjQR(2_>d^xPf$mK?QQOnsOMT$P>avs$F`8N)5MUfqkE>}6!u7fiK zLEr}RN53G0VVX(ckRXlA<|3MnB(_EhcqpT#A=;IKp_jjCf<@mF4mKIn5^@=$pz-N2 z<~Y=?+`X@Gg*rijnJW@mz6jg_fB4s`huf9r2J@C`zUhb>|}$nQukd^YPvRSi)fuGg(6beWCSY(!BSL@+?hNgZ{+L4SVTIGo6@wgP6cRtC1TT6Rz38W4E^O7D;=|zo8HB# zgwvd$y#O=Dg_$FwZnSvo0Gg6{Dd^M{6(V+Ih9Pj@Dd;0l&FiBwiAq{@xsE+H!jQj>zRO;ebgR8$LEwNxb0 zn5};cWKNYAUWWe(?8|VxI_@|tltYMj=jeP%h`S^bs-gU7jW{-BxZ02GA2k1n>oJim z8KjrF2n=0wMlveh(gBm$I}Hi&`GAD|CNV>J_}- z3Mk5p_o=U;!)gs4hS9c+#*2tFor~qNb>Hxmf#(=9#Q{Im^ozHeJP@Nb=0ihfl#d{j zE{~PF0)-f3KrGnxv~DifhRzLs?{+9K?6`waV-0%2>V-Hlg!XyZwhZx!M+&pG8#7H! zDx!`qUC!HM-E-4)@)?8U_;q+4R$YzI)l3aDSgRP3oWTN$`aF2|8XGf9;>ztRHzt2zGgGbZwq~mmxwBS7L5Ax|-cUl) zJ6n;}=xDPx$w1bnvzqf3heq-t&_CqZDbY=UwDOW;n+^F{>w$k^Dutk5aQ;4YQ+bCY z7h`nxprr!c@JJCt-Vxv3OezTHP$9p!_JCKef7OJDL+9()r{;sXJ->+0cxb~cmCyPD z+w+c5>UzFO%&<+-kWN-;ZT*O$OW2$qi1I@yRe~y@ed8d5eJdD{Nj$cu>)xy?UBb7o z+a4cfA;@`Ttx_$7Kc(=2!v5zum>hkwd;kZ>REKri~-qNyeV!|!4IM0=ZOCw-R8XUy!c97X6@L^huIqPC09A^pDgpI4m zJE%{H8eLlQ+kwk_fpWd_tQIj9!@(8E?l;r?>xb%4&dAS@Eic+!Pt5dvyk@`q@86n& zYCPtF>b7qjSSLJmo$u?W>nAEU%-yw7Ic#rQRs&yL1?s7{4KXj(I}VX^-RUK`K)&)?B{IzJgS5zpAGfNkC%m^Ik8oGvAj@`O98%iD39(? zqa*l04Wf8?14-a^QsC}*69K6kV3~LjOv$BE+WBn<(3$GsQqI;NvrtT#RM4; zP9x6MtOy92v*S(WYl=GmH@h|T{$EX(y4cz$d_McV3(x9R-W{d&BR5ZkxW}dFNBy_$xw+lqXqueeS=ZQtjzZ<*Atx=lXiY1XrVZfu3(*ZDy}4?M3UH|>bz z+iaDn0F@s|fKU)9q8AvJBLc1=-m|(IO-&njeOQfdLtq~qM&)jQ^%To<&}2qd;BH11 z3%?BoJQJv-5n5lWwl?%U_<_9R=zqYU5FKUSr8IvV?OzwS4rfI&{KmM1nx-fxNBO6D ze4(5$7^*rmQ$+|mtsq3UR1n6QM=s#c41IeT1Xt6a1lGX>IK~$mX-}uE2CkVi*bxO6$dtsU?10q0ePE_o+P&;JtS<*D z1VG@oI~=XN>KYczdj!e?2{i}G0IzT{Ihkw7!Hr6$^U4pJeMPdmI&dr3i%4M@mcZCA ziMc}x=ZG9Ty&5eP*1WXJeV`O*CwzQTJ+wM#6q*4x{F)oT*S)kh(H1&ePap0Ri`9br zOIg%{hHojP*3bl&6`R}?3I=(x@kgrWPluR!aulw%$&nfbMk2>~s~ERul3IT1w$cSq z%v40B9ppA$UaU(SRotfxfOijCOp!2yr)v0?z*BJO?;5#eGeQ>Ov8#iZxBUk-zV%{0 z&-6}QTZ9%|rGEQ?ea?(9eBqRd(WGlnQ&>0WJFS8>+)I?@ulmXl-jlPVVdUkyh?I5# zCYmb|kR)0~Bn6kH=DNNNLm|@7WeNpQ5|G=^T$??Kse|Wnh=J9a{(4|juB;gl;Lk%K z?4qC+7tf%d6GfE8F?R@kCh)3di+mETc_dYQrfdv>*(d5jb3i87Ey05KU%->g7k5?qo1su zt-?4@B?}<$Jxh}}^)dHIkk2PdIwpJ_Nf1#jfg~|pGag5g1)oLjT0t4jlSiHR8XiRp zS`5E8Ye~nfwHryLhY{L+jef{pkpKe1Qi$kOfMo~^e{A!umAeN`OR|dp)nRnUnLIPhasW+IWqATz8)0%z@}s z-)&cqgx8}3xU*e#I8y>JnK1A(m=S^_npq`ddF-5?XC2WfCaQ?>Gw4%8E!>gQ)`xe= zo5&le@tep|6ms@EKSu`G?Xyoub>H@OP6;{}c~Le#9{%*%Uq*>GzF!SL#k#2=*}w1g z>`l%{=X7y9UVi5m_r3nDPw+O^GSPQ<*y(2Sq4RllO5jgy>s~JsLnH#&QMJ0U5f7M) zA~tDrD@~fok0v)&(W~!}m>*UWLLa^E{4rjTnN}*3Dne0#_9re99ad)=8EG5!Q-ZZy zvWu456X3T}6up1qJ^;69P?phGpaH?MgOs-aj>SV#N8TPQjxa2iYWf6cZx8%xgK@kZ zhX-6r6cu=YjPOf2{wA4h3^{BdLS174r+nJ{B*NXLtQ$wMHIyHWi#JIvSuK1sto$u2YbwNdUt|=hoqUY0f`2zN{0@290zYp*Jx`ZlWZz7Ga6yB{KGfTAN6N&iLoS~&TL_jWRacr2Pt23)@~+uawoofBv2-DtI#C={N11rfsR}#9=eVj!*v>%?o;n$~Or z&Q*fz1Bwd$ctefo=<*2vcY;6tKfcuqONQOnLK7RiE0|OS!R4AyP($18!%bGLJ5#d<;Fh;* z3`kV3;f=U(ktALb0m=l&i}igIiY8|K*=@{^$ErlY|5!N4CR89+ltyV1s^r6b zFkK_Kd%=+H?%zg>XVmRty?Kz71U)vA*t=s>8R9&%(}s^MA4af0P2hFLxI>O$<5Hn` z&Y=!#!SvIb0;fr%T{D=>GmA`M+Vyq|Rg=q-Ww6@Y&2|SU{#+;~&Py5d7*eG*l|-7j zrNWi|^Gik7%N0qSrxmF`NN}`HBgMMI^rWPkLj$sZi%bu?hx>+%L^IB9ug-BH8)YTr z1urbbv;tI~vkE;|Pl3vU!9Z|bE-&3Rdq7Bca^ABX$TiFH3X2Y1*plkEJ4aBuqRDjh zxRr9c&3uLUYp_zLc1c+VZ<>VpFd$O9;>vLX0|LOquF&>z^!p*Fp511$@nUn?V3y=@ zAsmlns?e>A3)kbap{fI~v!t<}z{)jU2F{q-*7_9sk!No6I|s&vq^%_?FH!8~4s#n1 z8d0pm?OszT25y6GO?F-keZ4q}MXcTIZdgX;GTL$h7OH=AK)u*Nz1T#32$#3If;`4G zgXs);K#R2R-4C!f%7A<6YI~)hjH3|aW-{y$l&zg%bLzyLHAAy0qH~h11aIK!oZ@a| zIF-aX80HJENE(zlFeggbi^Qa<{<+~RK0HR86P8$P8<3bmei_Dw-eaqJ1k_IpLq zyu6AXs`YtSeMewjbHVWn3&oq8WxR)C<(o}KVkV!SE!?ZFwa)L0QLtS;HWxMs1eOta zA{0P1n}sDyM7Md}0r(#*jr1lf-Up9Et@4+)4Qk&>lPN;PvAFUNGv?`2s!UQG zjO$SXj61BbxTc`opC$wU3v@ZmbVq%fdLtR#S_ z!t}smEJ1ci9(>PR+O1HQSupXUwne~O zr&^XMuSr5Mb5|Z8augmhF26ch%O^Peap` zz)s>qT9?3%8dci`cgEh!S+fxvey^xbjS^XeSb%$uiTR$greLzgSmSf{W}#{{6`UoX z`O|fuZ@c=B(qU8UDxxt`&>Co^ll;6Y@!9pq&kvRaub9cKjp+@^>Y}L6Y8*$`Dan@8 zJHGynNr)eI_<7s`_1e8k%lUzJt~?vbe2L`X9Or=qf?qi?Y>5Ike>?bYy@FDXopE&* z-B~YWA|eHI0eGcEF;^+$`kO3OG1Wn;Zf?ZVmIvf}2+?unCwQ0=%I|M#q=!1|19%5e zlhsFRN102g-ft3;ttbT2)D42)$xJ~5RVEsGZ>6Fo-q4j0CtEbSIbg+8B`0k)Xq#2# zf^=wFv(ytPQD7*;~wpzGF)hdkqcvFW244GeLV_) znZ9k*fbuV^dWF9oTrZX^K`LUP!`pZo7EY=e&N=o z#owDsCX-1=7;%P^QpDUFQZ*)U5Xj;kj;*Bs3SUFrScK@qF2t(kwb2NH_rRPEwe!+g z>Iug=+$}=Ttp*-Lgp>0})tKS2v1YUoepRt4uk{+17Hu>JL$Qe`zU%<_J!XDB6Y!F` zgSO8JP2qoRc7~0N-_U~$P!WsjF8Scx=dkn#R#b6^ucgnG8lH(_niY41i75_~Ll%$S zA1uay&rM@Ht=(6U4Me4{Sl*6*QvgKlp zi+EURYBE?{!T}C`A^kZuhZ2P*jKe+f%;*Q03->x;>oA)-qTj^qp;Vg7KzAo{26$qI zs!p$~R!c3AMxo?Zj^d71y38qhVpVf}v#1M2OUJfxua+t_zGY3GWRN%NenAg&Rv%uC zv=AF0(GZsKnH2Ge(i9QA^V<-|c7QyWL+*t?z!O4{gR=;UyjDzg&JcsSr*0ZvFU@ws z>JB?+^s?-NNEuowzoh3c!+B~VQ%OWylA#yfp}hqqV}I1`?Yq~iNnt4H!wPA2#{gyV zcYKS5xg%|*O&?dQ1su<&C#a+s=lMF;p7?68=0&=vyR{s-=)g+pj{B<+`13n~7yLy3p{8qyw9ynG1lTM$O*Ncb_Ej=DEl_$O3 zz{fPNx$L~Yf%y{t3v#%&x}9G8y}1XbH+u@Z`bq7?5j2@#^P`$c=N{j4S-`J1&xH!S zNc7J|JumC3v7*WjA?k$?G1=-lzSNOI^F(R%h{=9|kwTpN&oqTL+Y#$08A{xX;w$zO zWP9JSOSuW(?@I@}^yNORud#TrZICQmPx~|s`ka97=a6>caFuHIIFIW}t-^U}Cv@p@ zHvSA+va{RJkWuK@?3Ux9&9FX)KlkC!?U9}nTR6)(%lDPMpuG96)4K%ojM!U^LE1O4 zEW$lIJy8t&naPE#-Hjx9+h-3iI9|ID9l!6NBlT~;slOm(pKa)ToLor=7NqR_^fh!5 zmuE(3cz~I0`>p_)NbF00s!Jp+=Ak3)(J*||{B^wC#I3l+BH0upWyT`$#3?rNi@6UX zir$4?iI9EcJlc0>W29eD$*Rxyk?qIlwe>Waa;KvnFl0RWzS@VDR)3%tUbsHtGLw9N zE(a(t{liVUvFA3(q#=1Q6-~7=G-s8f{GzxY%x>M;cwjkx-)9^E%A)@+&@s2NDx=bv z)$W2?cD^S6AuD%^{6pX=Odq&%KhSU1Z%{rQ2+k0ZiQ<`?A!nZz$x$vGv%+2b7UmB* zSa7kwIrP)7Tq6v`(Nh_Fq=~Z*!GjdiDqF^`e_*0beR|t63#nmi|loKU2=IsbYNo1H*^i144I#T z>$!Qi7*}F~3!4zY{z!Hf=v9LnAh9G@87L<>D44)15yT{tB36i-zK9*m4Ii5k@W&td za%wRB-SKk9a0FDi{=LZQbNrM+0w^wwyH>&_CLegIfvHERbCJRg48p!juF*avPF1hHQMk zMAqD`k6g-@;f0m129DXDUWe+5vxHAzkBQv|v3y39oCIeC0Be{*tN1?rX^TJMHw!sv z@G2bW>9$srmSCiRc)W**3Sn_lX1)CC)G`%F-*FfduGYB*NtcdMvtt_MH&V^8J?*2S zoHX837BQ{QF6z&u3;Ywp5{cOMDS8^n2pBG`ohVvOSnloS>I~dVg{8)`K&vYaHup@r z+7nM6;?_HNCAcsK(4DdF{3zPaZIzUg2=rRMB!pelKKB(yJwQ|nys^NawY?OH56;@t z6A?Bb7#r-$gQ4BNBzM`9Fm%c(Ol8`p{3CX!7A9}VJd*9+1`c56&iT~Rn9*`qb~T2Q z5R}B7L#S6VDF#ZZ->do?yrNeg9kvEGjNjcTNJ}?{=61Scde*IN-!E%h&y5homwYv_ z_&AdHcIHrux<8g^I^<~r_?wE6E4qYr1uAhxv7%n=CuO)$3f_f{74eh8(zRq~s!GCe zZmKepbVEVuE3ChxFU>U|`Ma&|GdX2y>Gw!e?W>@1X`mX@x8)0gQQ zJN{JtKHN~6sA*ha93z}|*Z!^%?YAqm2Jv3^;tX?6oeH&sR9eTtW2uxw7{P-?{z2&M zfQa?|+cNrW+%mrY?0Nq-qjPZOk^8;q9_55D zAA_tBDN^7Pl+?bHHpn=-r)IE}YuJD<%I4$;CSf>md@3mZ5ReSqG8R<8h~15)>j+Na zg=gtWnL`4nOZbd`9q3r+?4L8G+6Ha4;$Q>(+V7(>crv!2AQ_>R994`{P~2o2s&@6F zDp3#bch>|27X&zT5L`P`g=#r51g{?-ACJLzo%!tgxCpTwH6(rxx1Uc{$;*Hk zmiD@~JwC~ccpW}b`Yi-HGO0q!6H{kRZ6r(0M&qGIe=)ZcE(rwYbYj`rUb&z_u>f3{ zdVv{`${D=~4qntMV|KX=)bkzzdFFUwe9;|Y`kEmB;Ue1;K>o|rnL@s9TXk-l?!W0%+V>RSn+a15xR?{}B)E6aX=Zt5bp_&X3OFVoIG--b_m zkDdK5Q2Z}MBQ9KrR)F=CYp&QDOh9lTqLyp!$y;G*PGb;HRdQWV4qd6&xyW*31e2q^ z)mKc@+5s`w;pZ6vV9u)AJ-5V6KrS+Xo*DbJT_CHygYS@#GGAS^7F2}8{U~MJtANVBx$`G&Bl0W zRLf8_KGERrfX%(o$03XajMiyxjXu+qbiN-1lkxKF^Rf81e#VjvVaR3GVd!&pjPbXc z$E&$KARFkI`wDo*m*A9c7u4P>R(pd!zm!(_Xmt7xe%tN`1&{0DGBe6OX{XbCh2bMv zV5{biR}#yQZJ7Joa2^)&@G&?2q4tZY8+V0QB-QQ#`7~LCDRUTWCVWum!Iyo!>Cg-% z+l4;w26sm;IKGus(#XNv&-wQI=V|C+$s@W?CgoT>`?pk{)&*mG5OUo@&X$_ibuGT; zx1F1PQ}qm?>0-==U(*I}uy(?$^=I{#F!o&me67_GaQAh}C( z=H}%KY?UQQyY&_}{>k6;5bo*S{ts#A7^4dh#rgN%v2EM7ZO`1X@7T6&+qP}nw(WVw z&v^D`v%A?Z`)QLVP1~fWX`41Z>Hl|nxqPj3(*(55oaGcQve&p8y6+CSxt7p6S?ZzJ ztrCnBa{W=<)(;>q$vk{5x8?G7MiIU8%{jc9d=E=NP{uGQgqZ0$Imv9XWHRy5m_|9#_AoN{65<#x9Bh8bbx+ zf>D4@B|}|Kvhl=8jJ1tnbo-pHYOBAV38uKg<23_TBpwjSV9m5QpuwwVbJaevEm3MJ zY)d@FO5-Nh^!XGAZ~I$!rcUxB!o&8-azCd$(Td3EY_lwkk@1_re7kA_QFMV(zVz!75fx!9rVBsL=dH;MFbShZ3laZ(3Le6b%wqo^+jVF*Q z>U(leMAhQivKiB|L2Vmr`{(L-^3tW>=0DwKuFwl}JhcPv7*z&vWP>La%#bkvlGaq^ zN;8hV)qMsK@|It82SJRrXUT?NGU1b_Fqc+cM5au8!q*GZJ{84#VljwF!f*8EH)hK# z6jBZFtQWSfQhe_l+B9^Bj(47~d2!u!pO^03x?L!+#gOmOab-Wd|t-Yli z2-OpyJS?yCFQGcLiT@T=B8kE2{OD9!lD&i@e+I|=5vwH3HE?2tFj*+pv-|r{(y!50 z-d?C{KCYwQLqmVYzyH8Kj=Z&cT?`drdv_|CPN+Se((e`86&$+dW5={CWtwhl+qX{- z{T+-Xe}0>im*^@8$!#B2l@qaJh7pnvWwOX%;|4WHz*m2_JXN+nosVk!{k1>A_qI}W z-4w*30l+$Mnf)D!c054&{qKqq@>Tuw+86cewks-SmMBUT87efk?^<*c?aO_6=hg+4 zMDC2uO>J3zES!Pdy`Cb}0V{oEK@;O>kxXo-LYXEkM&L;wvuJ1CVTx|KARxe3pxzXJ#_U3D2r`D|3C!B z-|Qnke6hQ4x!_1iNU?#opx6l$ob`)B*vSlOs^JT67lno_siZs&uy?F037dW(%1(Ii zlly@{1F?8-uZ+>If1g+lt^X~4ABoH0X>!|snZ~Ke3DZ|RlU~`FCs{e(P#EZ8Vg0q` z^2=RQGzp$T1`)^g7bFWYp<=F(9PjCv5>X5^)gMMBq6lcHKe$3<_$geh9C4>-^PiYn z<%D!5`Dk!%&Y3Km%;Wkp15lZ9y`x1nhmhg=ADg<3@I$+c@Robaddu!JFJatTJz0R+ zukt|ZS39(9(`Lc)$3G`;&|Q#rLmyH(?ifbBu0<=G|4rkWR?5p8G7^|~ZIL9eN4Tz) zWnh1!)^YDOOoYL!B1-TdhQ*;$FQKJ^RXog^`8T)))UsWXej_hupjgQ>yVG-F z*}K?_4|>m-bbvE$V!tem&>sBUH3FH%V+P);kC2eEzw-b{u?%wjZ9p(6c^eiMZ$lw0 zH098Y4mjAK41FHxbWl`hMISVtEzXzbHwV;!t~+koGGa>E9U4}5G-2dksv<_SyIe5v z8RLcKz+_a!T7z6P6UV~s8EVhMD!@NaZMPJ#Xyc!Mz>xT2=T~X+!3k0)zLzHDdAddd zi9ZJPk{oEff&vdEO0)=(LFg6;(LX@5I5y$Sa z(RLKYLxAQPpw|6sWdthHKll3QH~4G`c=tJX=P{hS`z#&I7tJ{#EN&gB&lk%2TK*6( z#Q90O9oPBDuL$s$VovHYCD69C5J+nGvL0(CVJ6&}v%i$wL54BJO*knax*iz<`Zkg$<0m0t{OWm#E<@cQUE(?i5C`#n3h z$JNIN-1gGz+XH4JGD-fQHGL3K<@O zHw{}M5jExtK1(Xekm{M4Q3a`Cle8EWCvZ-nO}KvjST|2Jplgd+C2rD$mt~t6j)xpV zVSxlCw^;k(!__$Q#ITI>6jNSFxI+~ z29?yU6Dp@p!y{V}zNi1j5haA@prKE0pb8fxTSg}g&y=Cjz|a*9;`ogBDk_)NR71K* z7(T`DlR(;E1a-ur28W=ODNN1Z|7cxirRJ*r_esIXa`BBbDD#9iG9TBz3lkAZ_L0K> zVYKUAnGpFAXahn&<<%9jEzPs=_QPtYhFe{eOz|WrI|51 zmAX&p+a40G%S7K*xUP#i$93aX5Y!`vlq{_GRYPI!UDy6)ZLd?VA7b>H323OVv z2fmF5C4-V1g=HzC&U$z{STXZH272(WEF3G{4HVkjU=++Jvs$b=&<{7S1Sx4ZozF=; zbvBf1LzC=37^&hI6|H01P0^a>Ek)Zh_BQTB&k#7Vq$Xj!jJM_;rJM57#n2j#Bb6fx zKzq&VPHiQ1TX3tX&C9qY@Ary;(^i|8;aiU9BtB&~bHA92`=0=Hx^et^1owhE2fr?R zB{%*0pEvB=4vv7@R+huI-KPR|moXcCRXoV^^|0Ip7oRsgeLk*67H9_3=xe++As6Y; z25=phvO7E?!%H&X(Z}c}Tf<2DvV*z7#r0$;o!OY=Q~ca$)LhrZqy_Oz1IjyIAq%A> zvsJb^1)3ST#^Thply(+VxqHq)o7&G2ZEBq*r=EpM)GXZF=83;GK8x4Qn!CZ{``2`5 z2&~Vy+PaDO78#94(!lM~l8%8$RdlckWUczk7O=C=AV6Bk@Y&ie?>8_O;kH|w=~dHl zCHd*E-QQvt%YvaS{q)Z}B$P-Xz@|0}`G87Nn(l606gV_Gk8Icowm0*ZR$Y#7 zTG^JU5xn0#lpHpjqEcz2^VCbo(TnTF*3CpGo3jX7ceHzntw(hog;Ndz+kL){Qf+Hz z?CSj9jO|mK1j$jAXk`-nKy~GDg~5^iA_M|nPRpCKT_iuIi^LlTxz|L=%hKV7!eR3? z=VI>5gh-1Om5VXEuVpF=)S{u@5`4wKo61Sx^}o9<-@VoyE)zs9-UN#!&Jo7Nj*-bO zk;rWDt*NblrNdSVlC8rF)c(8U@kG1e8^iH7nW)g_Kw7gOsl5hh?Fuz2ay^r;&UwD5 zGz7ueJ_%F6C-E%fk?-gU`}`f@Cc&dzqV8vyGXBFIde%l|N9GFP$EI1tNj8WmGW(sN zY>xaMi8JDnX^T8_<2S*tc5Je_#+@j-bFI*PU?FK$j#HhMIZ-v_T5v<}9c8FXjv|De zZt~uxiI(dX<6UGP&=>L|6;>g6US?aMUlrgom>Php2!|dpb63?*G@{tXi4tL7+8XzT zBBm^G}%$`o0}h zhhBB~QK}Cr$>+zYCb&I9Lyz>tRP3mOz(v^`ezXfJ+6LmiY6XuX`oYZR-+=8^xc+#U1Jm4mAW=|n%&vdWQ<&?IF?+&iNx1722cS>C6sIML z)Z;AqWcjskf;f6KX%THlXHD_aDfx&sw1E`~#V?&QSOGP+_V+7|iGryj6F$BBH}Q#1 zWonrU+bAAAL6OLVkX8*z>thS-DDQ<;4$b5;S2Vs-r~aHAxtvB3>R*!P zBkGee_c4q=^jGhb!^=UcovS#j+Ixs9`2JU+w$1fp-16@N7bf_|VlE>GOFmtDIFMjk z)Ab_6hGUSif{BB(rgE zM43$vVdrX&3<5(Yw=LW(${4OXmUUKfg<;yIX>gaDUGMZCk`959D-vx*w;`62$W&&2 zyCz-Ygi){i#G54o_)VdLA|MKQI_B56e1ELyf&@&VK0>{dWnKAy<}&O7M}PYfa&0#} zAN$quTopFBggSlM4`a;;4cI&D$<3f#aAm)AVwEIYZPL|t`5Si}2_ z`)RMfoooY>CcjCR@dC+)UzkT-gRf8)ccj#rY7TAfsk?BD`~JR+ zv)q-R2n@Rh=mhMTW>1q~9HWfUv6ddF#@P84R2SG*td5a+J<&EtPnFk}d_+zMf;e2P zh(E5J`h`oYsNe!|xeUvi)|0t-+JEqY0*+>hBK^q)6hs?hYGoojE-K^@DnHwQJit#o zn$nkOu`cN24H>s?MmsiR-hCTk$hU9#Ha+oA`*qw0x5!kwXU_weGhlOah8l;PQ^@$a zCMY<_`amDV8&x#OTc_l~el)M`QfhrGU=4Z)+jM)XI#HE1 zqSJNQ8u62;+a3RW!F)TA0Bl6dc1V0!@b{}JkG%cjF#EJGy{bs}_y#(>HK7d|?-%Aj zlNxh)ExyA|t;Rg&W7lh`eGDL`{h{taFcDM?Xki>lr8>}GspH+ z3+Y>kSwC^qO(2f4K&B43QwGB`4#awp+&3k-pXAuZ)NSC!)jijYj{Pi*y+Ok@$h>!L zod^M|SzYx>#b+ld9~@gh=%3H#sR$+vCI@b*CY)F6zc!jPtYQs}3+qt!!k`T)99@OM#et7xn7a zPGEIHFM{~CdAxNS=0dwHKy4v{xs(7tFV?##$*cNW(}QCi43&46yBsgmuA`n!Yd2o9 zvnJc5lC+U8t0GbPVRb`y8R|pkGP~qd;^d_2Yh~31H6a1|p=v1lSQl`emX<&<4vMnK zT(Ww_^tDI7_njk4ls06hDEHd661|)>KVBNZS@R(3h62iYu~+cE$d^an>p5RReIc?8 zU}(#}Z5{o{G*T9Ww(i)r&H<*H$GW|6Q{gmsP0H1AlN(y0+|2EzCwL<}LR1g`*j34( z*k)vAl@Cs%ai+=&Wtk#AG`S59vWF2_`y`hg7{(n^@m(KNjzD02@(2EQT;j=Wl)bPw zuy5H3Aa}B1Jv*~;ob9)9m2kYv+os{^!0vut&I{zLIC?&=UKiPtG01}zHriF}E+mv3 z!~HYPph{U)EUnHLdnL{x~fft6E=+2<8>RPB9N^rDjiB zDDSdqSzyB(_DTdmhP=Nq>2&^h75`96!~svG)R)mLkjD(8Ms3=YgyKsu%Y)nINk=yY z6h9hY?sdj@x>xdE2{t({nS^|)Ru-!pc-(ij3H z6_uzsHm6=lt_@cZDz>vD?PNPGZaNAzqP9ickNLDo*QiMW&tP9k6u zwbcBkW~2RxP%`*}C>z@BGuES!zpMwBhI62Gq23SAihU`#>hHeMx&x>-?UrP**5~Gf z3ZP5s{zz%(4SBq`?_t`xW~cAre-712*J{Xa!ws=}rlV)PH~)l0@LQ{9QlnQrGcGVTJg=P76a!t;PMKFJRTxtT zU9qcHa0o9faTZTY(jSZWl>|#HAxsF21Ttfs1gg^vnFQuPcy$u?1JMbcry!2~)L3V7 zhBjV}wpAraU;F^u)PFB-TKqEjGk0Ac0&nAC?q`o{B@3~0C!yh`dGOr7JvX>6(H5*r zi5@LM7oGY@S(xfn%^|-jmHV)Yt{&m2r{_H9LlgAjGLkkQBfSxC{if-F4oq*q?kaN7 zp6erLnm)*;MxzR?JSf-w6)LN~HhR+K`_49^@Q<5s&I|aKZ{DJ-xBb-uc)ik{9%yHkUQ%gdr4?g`{-rK+Ma) zyS>Ci51<~cZEZ;&_cxr!uR^+6bPo0~Z%#nZW(-$9!7dQbJT`j~6f_OCPBQR@G7S96 zvE278gC3HeSn%=e#rhoLAXs*e9Mjf9S@L5(Cr3?jnt@r*^;+y+m{hrn}gG+dOQ!uTD_W{cgvZ(bDQB3 z@D+(Z;AojM-$@C%^t#zpCzOMs3Tk#PlR0w#MncK&yu?1;CHz}_t38bR03^N)m57#% zHqs|v95aMkBW!`ccUo1_giX<0>#rS zwX-^vbc(X9JLO$+AuGG=YIYdzEt=C{Im5uW{9T=# zKbG3aW=j6CFSZ^XN+$oN&q_jhBUp%fTH3PgHEASYbz^FHd6IxQbFp^y9=i)ja4klN z__yUF3e4MtH;!uzyz?OJf;~}ZbZJ4dr%uYwugbjD_k6v`)+c#K7vk1?G3z)m_@cjA z>=<84rim7tEVS6J-F%B96eLMz{Yy#iJfX^+0a&4ih_3t(&*7JAFG7*x-X zewx!@tkwU0vg-2!bN~@RsfMT(JkSIFf{TD>Q3`{3pcV*fQ`MykV-X@4D#kMpqeIql z8i-NFwqxV2FVn?`7#|@q?qenfWXVEKrOF!aub(T93pxUP&$d76eo}?IWPc_Y_B?+2 z9(SC2AAK}Eae)Pib~+ZfBDtR`btBsk;cwME3TTS(9%PAI^JHlFAp?Yrixc?@Tc%jd z#t_cSCNEjgn(sW~)uMZji0ANBxnmr$^R87wH$DU$tyCO)0>*^a2ei?Wg3-saqRoM; z3miUFi89eMEjj%-lwWMKRI~M^!`Vb@*+m-%dKyI$SSTC2>ps+PBMzjUtdQ1kvF;aAa0l! z?bXiE!_nWB`(QUJGmmZace@~&h-w)n&okOHTAa|0t;u?r@f}#-Sbxpr1!rj7Yr5>% zuYRQPmR7!lva{*69LOXX$2|;WP7$HKXFbA@M1RpTy7D%Kc~eSxay65wZCLty{r#(9 zhG#p1?{)Y#@jB-(LKE`tC115eCQ$W}m1!LJ);OTJt1rdb4%}l#zqn`()+;)JwG87v z+*jl^_QmCNp^Q1c`rsuIc~?>9EPeQ(@KN?d<|*bZ!^<7zYK~<{$0-kX?X7fzt%!H& zI6dW0iCjmcb~ShF=iR~OT!*X8}^|8ra3{~OF2tC=d75Gb`Qik zQOrqIs8C*9pMY7j4(B3#7*rH%N|1s5-7NJ4tg1OqLmxY5m`!37BzqzOe4y=YUCo`! z=*}AO62C0Gc)sdA>{hcdvYYtXTrqk#jGksV%(Gt7Si4Yt;iJM=p4>W-H@ByUzUNn5 z4M?n<)UR6>2e`>IIX9%a77ICX*{~#9;frfX_;BVmDLE=2$k#h<5c4jF#{=tDejUeWBO9(p*OU znQEyUmvEvNtGk3H4}!7*7KaO+L{sW5fr64p`i35S7O~B);pR&^Ddr`kQ0St`FVXZsZuD$)7hw7^Mxaue0;NxZ6Si5E2Oa;BrJh(ufH0%r>|%( z%Wl7p>aF;UdPt5nB|anP}U}Ry6m(wye>jLr-qY`Ky6cN^E7G+~@TxcAsd<5nvKtusMdNX&&(J(mG6h z#azC$za#5swXl3kvWQf!aByT&D;kdbqi%pve+k~F{;D`@{}H&Vn|Emma9U?1|3)yf zns(YHPldxmnQ%ZV)r~oXjZ3V#Goq9$x05Tkazvhl!=C$UzUCj$q73l9L|$R@nBTrV z%8Q*`%ZK#rw@yck(*#JlE5NwmB8(taU6r@_pVm`fF2RO|+>s=ydyAZV-(~fGxqNX} zjdQ6d0794PF)p@S0%*<0IRO*z4YkrnSC;VvO7?Di=C-=eb%bW~6ytL7&_@SiszSC- z1kDI+$@P9WR(u z_2wM*MNQ`bq2nag;+~giuCmQ>g+?N0!)^6*ysRTnLs$~?f=#quhw|ws+ce9K_Tr3( z%H%c)^Zapy{(Kw3x6luxbt|HPZ|t`p3C5k?IcIqbD-&0lY2FhdxaFa@__X)1VyV2O zRgCsvW?6+>Vwh%?tVtui(e_tjmCZ?Ziro-sU79Spz|1OF<>>TOn)s|x@0|MvcpZ-Z zPY$A45vB93&J5CpA%V!)w7Gy+NmvtV&%1PP8kxr}&h-^X;;l=3SP$$ICNk)I z*UvFpHmsiTCmbQ2%|6iL6fte^2g2llVZVVqB2_jLjNi9srf2f@Q_#jqEJCXe5G*;p zi50Fw1uMb53^xRmh|dgIC?i)(;R{_%ZrvO~fOKj+Badvr!S>M0`YpIySy%H4uzmsm zq9_;ATa`9vnLnerRZ8O2b=k^2#~9SyOV`nDlI#rrdo(d<+?#FoT_YxGNP0YGm>U(D z0fNIQrX;XOVG)?of?mn;5S+yjm9r=1yFL#p0#82g>}(inGp-wE;x1a^P=B4ucx z*AZ34yVn%T{z;}L9+V71B-U$8mLy%Jw%o*DYU&-%Mqg=G6H_-_kmE3ETBYXB&{B7; zuQ7|Bovlc#5$j@km};8qnfof~8(#n3aGE{aKHELp{n!Td?0xu5r0JBAx!v$nwJmYh z-DXDxY+tK~a?i-uDIa`_m4?+yS)XTmo~e&jeCByyHT=Y=j@Wc4J52% zywl(z+$J%%r8>=~fZo2LfAfH6B>yNlluZD$dlQl0Wg~aoGYCGRIwk$QP;gg0E+n$2 zuz#X)9DnycI?eVQ&ids}H@JFjG}KMbWurWFy9oDI?SIKlLa%)95$54uT`9Kfie@#> z_)$?ST(36U%Edf@*m>n{8o4R&cR#mR$3Ch0xZgoKqSK2gC%xH?#d{4W3)HGJt`S`3d^i6Nqm1H8^Wf}ybZ>@C7)P{cy-nj z=~L?%v3K{Qd);%4d=y~@jx3YlS8n%0^o=1jCGlhX?JM!lnYD4%Gd{+p;r{z@8T%oI z+6>NG(;Vvvzj~E8&gB|75usZ)R(-_-j!FZdocME|<(7BUmob&v%LIwAk<8G1awtgF3efdq($17%iSl4>%cq>QcB%c5g=tJ70RF-Ix zzL*g{8`?SlLt;_oxMYB9_TVxreZn#puE|nP;hvT)3owWhI~-jF=PV}}sjUvcAbZd%Aot0VxuLp;5+R|p;T7DmC{p}w8`IQ0!BcV zIhTtlc~{4aqfg~c2%FRLG$yTHN-PpbapRQ-;;O_AY^sS%0?#kib)92X8?9aQjF|0p zf8>zF4kbM@3TA4}mT086c)2O_74X>YIXWbx`?8Ed!VIR`3a$kDSayfsT=-NS5a z-YO5NId(lLwk|7`Zj2d|QL8z7VUJew7^1{zvKXgs>Hfa<;<0up&7tQi*pqa<%Qp@S ze5n86z`D3S_%K;rLHOZ;#fhkC=8>emsvVHv-_Rfk->C#m8T$(q#%n;kS4PvU)ARGQ z{#Nt8^YEjagxEAW&lZp<%o@z@I3L7@qS`t-7Kt;uwI=*(z!Tdj zX2|BbAM+PLbSqm1tCPz4^2)G6b8@>)StuaB0LY$YmqYN@ZTd#PkTi-y_gI#>>_d$^ zX-zQ@qF5RtSo`0H=G=-Xo4KUWUioTT$HiB?wgdl88Ml1=x>qmYH95@?-t(~+NFE}o zr~ijzOulYabJ%@*FgA#=7M_)!3DCYP=+2KwLsRqbEabEL2WmlGrLN-+e2nFV9LwrKgM98MNkbZSmbvB&gNkF7p&E&anOlp*`6W;>Vq`{RRoxYvL( zk%;5@qv+4RAIx3f#lqJ$hQ$>XmKxYqReT#EOrjy~HiQr11S4oK_)R{|_OBwMU*ICt z#ToZ}`9WA|<$F;ltjmMHB}0_c5tj1X3Lu#cNRJ0JG=2jIY17TmVYnEfnGJ(I-QcBu z!XZ=uzPfJ}p>qfNcj}Mwxu-4pIyRq84>d=!8Nwf8ldkhHjf809W4sR(48M~7)LKo; zs3e3iFpod<>~gTmM%$RaeIetWJX--AJq4%w$5Ok{?wix9e>YzhhJ0DZaD%h}znALD z1oYA-P6epH-Is>3fS*|}o^iE@xG0{aQ*H{1TE6NxXEJ%APLq4DQYX+% z*KCaiq8)<*fm*|PNf*F<4sjw6?W_l~y){{Fd{qgbf(=)`%2)@qBO8-zx0++0YLyy6 zz%KVXRCEQJ0o+Wq2A_#2ZBn@y`o!H0`leAxt=zawdj}&R8g#kIaO}>PP3QyBtFYAC68q(Ow-nQCut;xo69xPx zHem6+w$f(8+Dg5R^wEFiEWKAS1ve{<|t8>WN>;t*&1 z1hW0OW({{G7CsKYKy2F3%;Ji4A+E5Am&LW0xv}&EJVg}sLoe;_`9P6O_`ArE#^l?? zIt$~RAhiYgqL|G1;{ThI-X$c#d%zDj$Xo4x<3T+Av>n1_&!qIo5}7-MqD@Jvg5Se1 z{}&so^!i#sfK@LUDpQz@{}89V02y6|>>c;X4f!sQyfxzE(0sy z5a*b${`EzN|kVUoF|oUP~+B2ffy?s0{4k1TWrbY$KLT`}3+pE!yp0>$trx z4A?DL((gsbIP_5gpqvKoT_4Q7z`!Q=pXwlYvtF9q1lQ#@S5dBozw@I3+`mp-kLZN< z6ltH7dRgbDo}!fP#zURM-V3XBLglZYgPRduKB-Ooq?mQdQU>MA?aTG4k4o50THAYa zi}GFaktd0yN~=hf>?rZDfP4KOC0UO*fJGa*xFvb-wd_ zBfC54oi-4myLpKMGjBoiHbl zC-{&+>KBgQo(s7S39<6pgOBj(BYT+J{xRm*Bv>G!H{3x}JctSrOku(gLvTL^JomSVJ8qZTnO0jMKfp~)!CO`i>wDsRq^@^tl+^1L`JHIdB zD3g5H*MA)u z;6w)~doU35Yt4=zazZ}-a51`24 zpZ0IBe`HjVKxq1g*zt(UBR9-CJI$Wl$!*`|mh7|947ctP^=?WWdN%s#fPJ++Lj(9N ztmj6HOHoGwH9H6)xhJ}ge*#qwq`r(xy}E)NUL(#nUSOdW*LH{PER;j<{@ry@i{|E* zd?9xZGDL{Y?u8jx(7gHv^X11)W9y)aB4<81BadW1G_Gob{VIz;mba zDk4Zk5uB|ac9JLvnJ2MWVjYj~}nYCYsdp!p=~#i^$AQrjEMhCL~z$27At!$M2K zsZ-5*)}U!x^u^98v3D4^%8t3L;o{W1bsD#**A!l>@=tAi>y<)O5wCT@|y}U=& zL1JS^L9A;=L?H7FZmlen1Xa}nz{@o9Jt3peBA(`m#`xVs$Ek~Jq+L2fetV6{6=F3L zFVl*#&J5!XsvBZ&Z2QazAHpEF@%g5`4DM9)1s>1%<~(01+)efYK+~)m^YN=D95BS$ z?W;we@WP(p01gQIjOz?N{OVasUxh1fs{R%wu!h++@$$rZry@swK4CK|Xp2@C?&n(V zTbq~0=l`&%BH)&Jo8v~9#eL}!Py*>CP^sSID+u}|5C&O2{b+~>Ws}qg`81jyiYM7R zS>Jqadfkj*Ux(SQL$F+nt@e8qf3u4=b(u`E3002H7ZCf{;M-50vjsWydRbJ0^AP98TX|ISO>J$=SeA+#1jf30`bDnxMYiIZlXT70H7b~=)a_wYuL2e6 z-?ynJeLU9Y_oz5cSJrk#^H%;8yA8ba;~0X^D0A8bo1dtEqOc`pP3G0JTj#U4_ce&~ zr!;VG4y-EUYsWFdU${>$`QAnW=Htehhf}aO4QZcF&fYFZ-VUcsI8~3S*gn^2V*x9v z$_NQ{w#DD=qwq7uf7vx(5X5JLUOFz}GIC{Z);YKL)G0Od1WhhAe6^chFcdR%vy>>W zWcn1NECMT+*j+*PQl#x5uQ};V2owwC{}i;9xLi}J8cd^IW7hq{e-yN$?=28>8$Su| z(o0Lc8T#O$o#!O{VAXNF6WKB0nZAwpg?_pu*ZRokFiM1NNKcxSq$jCT%9IN0d!@wI zC;S;!+y9nV;oej?r*Z~8L8}h$4d|#9am_2^1MVT!}u^UWvY79Z?jrI2dzNSatnczR`%C=SmM!NKmY5xwUmwQl)vdb@_M8 zpTHK>4k@}tFV$iHXJzY@)ZLav zC=+1lbE_wI^p(Nf?#PY(dg`RN@};#phu4h1?a`vcj}BNKG z&zyCl1%NXhUb+`YLiV(#`?0Jb>7>Q3}(Wewogx?Vf#3dI7fFO%5P)!x6F z7dfK*mhew{u1}A;%v}sxw$8kQ*D6ZLKD`KD*@8Eemrq|(~mPp zzyrv6YV}hIr2eYPIX&d0*OD>Sqoe}NP^*X zjxp|9h-KZfeJo!bpDE0Y#XZ*2(ouHFI=3U@Opb>}eB&}Z$9(jVNzR*obso=)zO=zQ z1h3|vbx~7boMqUf`qU+;JC;u({F23Jssrsn@54M3n0DQsYkA9&V-=q3EYLFRGtZi` z#pXSH3&-tN@W|HrsF6XlGD~g2kL_5C;ntQgC&$TWfsf{Tn|b>EkJ%-};-T=e!<6&* zch-l_VU{Bs37qXN^F{Bzi^OZ_%Ta8~~;Ocy(DHQ|X3Dnv;FdrF5ztb*>%0 zZja4xqWO3W%VE3GUE^6(-?HeV@b$XPcFkNHHUF?+wcqk(E^X>6eD;*RKZoiZge9vk zR?S*8Q6sh`3#3|#M7vlt|D&GalJG}a9ZQO&VI30VIo)uXG+LaG!gjba>o7DI&$@Au z3a{mIIv!s0zBJe;wAG9rzY6At*|)eBTKou!j|3A&v%vF~u8o+9j|5MC^XiYpbaCwW z2XBj-umYP^p(!QiN(P!o^hnfYaf*B}tc_h8Q#zwFH#$2qHyV@k$h0Nj7A#gnu~K1D zXhBRUHVH2KAou0VWqkrH*>t;)$1JuX2^wqBM4`vy6!lqZEG3NiOlI(#YmID!8_IHp zD5EtiD9ZC@rHk9V1IZP#8n>-mSaqm7qbc@8;m;CH9u33S$7xBP#N%6r`l60+FUj{2 zMZa&WOZQTF(^VUeN9ovZQeL(k*X|+>uNR-!D;ego2d_$A5masv>ztGS6^qUmvx~r5 zS;y_sJL(!m2mgQz#TuSYo72uH#>FGA%u%}K=$4_ODP2?Cy$au4aXC(2U3r`thn&%% zY@~(hC$B36f%X&&^N?O2+D9Bzm>rlaE5#F!i^V6zBgG%Y8^*&BVF*GK zor#1B&j!H;z=oQS6H5LfC16Hm{%?`Mk-nJV7C96i3(xg>j{E0YW>$Z+H*92aa*8cy%Jb zkWa7&v++Dazu?bb4_@O);{d|G5Zuu2-yT>GIOBCh3_|cizF;0m55JE+#+~Bzg>yr2 zgK_nO~!+7B~AUvQSNROe$83+Z!K4BkJ#uW$!LO&rNM8@^TkK*~_2?X(jya^g{ z9w?15j46yEjCuaWtwtJG8wV0<6YhoZ!oI;D6OEfn(io#03yrrC;SlWw^8WWmZVY0~ zXN-4@6aPV^A66aW4fmiru1*LP>V@sVcpw|+i|-<`BGeCV7VP~`6Rrbh5w-*6!DAdR zeolxVrUUN*YrKpoFK`?Djno+JSZ$mxUO^Di3-xcD@U_xEJwSs5(F^4;e#m;!|GQFJ zFy0UKAx`-F-<(0eNf7-|9utIo7X5!#{%?DdJkS;rL^qVhcp=S2@vf+gvBH~5l022x zO?2A49Bt^bSi>0|E%^*-DYjRmtASEFw)Waa^JFCoXI%laRwicE%3@44n zY<}8heo@+oDjvQmOW!przmCsT) zR|A&XF>PtCQ{%NQw~?Kvh}&qLr~1lk=I+R+z@m=;S*Vn9OQd8{5?Z;9R0Z?QL)PX* z(Si^+Ab8Eyi;WVS^&lpbToR#PH1MJ^B)s{=k^8%cdgc4Ojlgm@PyMr{4*I@aC+eTi zT{H6g-_4n4m7JNP)KXwn6eh;R8G@u#WMsy?RODjC@u=|*#vU7?NCF&ORY1_7K+qP}n=4s=!ZQHhO+qUiQ>3=4f!n_5r}nOu zwZ88Nj408H8eR5Y0(T|kE;Hruep8+?2>N(hz!*OU4j*?u=aIq=31KbZaTUU$YQ2qBMv$nsgOp3%wkYPQNV{(GXrJGLzZ95UC2ID_q-V zJ6~__l(9{i*6|8Z>|~6?F*#FVtZ27Uk`|zZol`)J~`)D2Eo`tN3P%nPq5X$x~vtVYlgwlfWRhUHP4_-nH`y0WV zU#HymL9)=Hj%>HkHmO}4TiX%LJtvtSQBAzs=)@t(wRc^{?TSCTYly--Ii?&?#!8&Vwk~KlbSkvYk zUG%raw*YIL)u`xEDkLlU$ZvykrBbwJZE~doECgl}&|i#;ilhQObrC`C?)Vec*rRa; zpyaz(#rhy>Qh|B?a}O845wy7AaRwafU6Y44C)_lt-9iDGCaL1BtqNFM+svv7J2mwSt~5 zs6-ze^pZ;red?CiF?5rWAGFf~4oneI$N7@Wie7M&9#Ckt=Oui-H7tQ_$wz;KK`F;E z`J}L)?h7Gy%u4GceRzyg>$x3FpfIsD(SYx9RnT_|Es)cRCf>r9dKa*+Rwl8vd_8Kd zwfw)VUh%lx*+XupvYVZiSYwAKIudB}Y0iqxr#(f#3-88yhHK-l9(tQlTq|4Zf3H1> zfAy;V#wJyu662g0?BRi{5?Jx0K&-g6j`M}%6N@=x`lS~?daW*aRu}WYUsZaaYglVXXea~Irf#DqJM_~ zth1?j8QoCv^5JejyVq#8g+gaL)c=Ax*=3xBx7>b`X7BVqTpX|Mvpi7Wm3tJs4{4L> z4zH!y??jw}9NKV(tpJ^RH1hezxzqCEXGhhbee7cmGMUqPVm`>_k<~SWS#>a!%+ewY z$fYKSkH}0685Jk(D=3Kv$y5vyof={sZPJ{YIwQ3sZ247>v|ZTmG`9lQu~f@jhgTqF9Jq#A9k~938J0Ed znj>01!>v9u~MiHADuzXjyzam~(*f@7ahA~OrQFs>>Qod#bS zJLbb8X8^f-}*X_)J|<8p}@66fWnuk&`J?RP3>X zV7Dhj+TP{tnwi5XYN$QBD7Mon7E3{P-bK1C$guk5S^-zkOe>yJ`m*4{ zlZ|HCMh}}R)=kVHs*32NOq?vqoSL13Na0a&7%3IygzMRR^1V(wK@YRx3!0jJr@@0M z4bKdo1RaIa@YTk`!}wR+@M*)!#^)xo&vI?irj8C?rCW+esCjci^8stYf!|Z?l78JO zs#L7p3}M1sI^I;0F} z&2NA535$uz$M=EPb+oTscSA=WCf(8#%=NJzdeTMT=`2oG)OWdEFZ;V(tw&|s&vWQT z@1f@>^QTw+-i_Q>&Clu272NI5PlMC|UR=F_OvsaFlmU)r#B#1^BW9H#K_g-n|HK?) zBQlLZgaSNEu4f}SjWE=#H#6Lnh|{b!Gt`u@ODXCUKZ`kMdPs3Tg*junsERpaxiCs8 zc2ZurIbeJ#a#HSHDLP7?pt9d^UfpQSaPFKrGG@59IWT7Qy#g*~NGCZOjEK;zJ~KFs zFiK{Jyx1Z@lh~C!C}Js%q?pBM zu%ZH_q^QJbIQD4tdakgskgBl&#AxJx9K=xGGC69KAdLbPGE*f)ji@m{=X@h3j?=q} zGl-68%B+YpK$h6atcEjamT1YWgfk${PsBRs1SnwS0Q=>Z$VMGBTe}5_b+3$IkZ~z_ z9D^bvCNp`yL|Vx>yvQP|XS)?x^bg0(m)pbl^a!4>({j4AbxBYCNHOtvP!qwI>kX5s7nx%SPkV%HwF&LCqNe-t; zJ3qvdR#AimMLRe10ptX7!tkf=XZ7zT-!tAv%-6`b(f^w!<^s(5ne#K_W5UCPfeHiV z|No@_=keBj&3GFzS0m3xA9Y`=zQ5_;c^uv&HRpLa_9HcU&G(&=%bhF^txvUI-@Jth z{ndYGo@D%=h(wuL|BHZDTWR9o0X=-@2bFUs2XwNr)IS1rY?2V{=RVUHAZ)EMbkcf- zOrdYzBU%Qo%3uC*x#kj$i*3wD0UlcN546%>N2rcS-(NrwkKoPfnvPfw#8^n39%BB_ z_wtkm?o`Q%k3&mAkMx@B#JyfzC*9tdZn^wB_rH_TQeS@ z4l1kHc4_NoTWr6#x3DM1o?WpC`DkZaPTxvizcO(WfncJg1U9|oq@V(86Xz_5tI=si=dQ&S1EtK0M0m%P`r#? zn3aLbu-q@M`XeZY%7ZRFYq$)`vzl0$caph%^_=DAMiAZ<5ddyfNk+wR1DG@4gik@AD=>Uq%}&K0;}DISFh5RZ zKNy@VHHwr%>=OpeEVBIbA>D zYZLy)Ip4sd>Z_c{`-i?Ga#G+xpxUk4kWvuq&KgN&;x52gic~x?lSFsK^fVK=9(BF@ zzmUPX^blXafwEoz&Wa5Z5p(abqD=W9aGL|%j6W0O>#m zQDz5+?rlBXVI=i9u?Bv4>-gvhr+((n0@$7faQh745a==CsX@%feF1IcgM!q83{(cH z&5v-tR~<)o}^oOhONlITUb-Vv?7~C7i>%W5wd& zs*EM51#n4YlvziCj*LwWnAU_HB=>E4#Ul$^)Cn?1=G8ef1{IHd@73S2{vAeJ^Gz78 zEvALkIyMK%7^OL4JIm+whQT`vQR@n+5fe&q?}7iG1||#79)&x_dE;}CX+b37;weRx zkPe#{1{Fjj1{NW%bo4ahjN@SI-uAIqYF(^jI^*5;4%|8QhS+YAKCx>Kq9kkg7g4;h zpV^Q0te4b&%Dywd1GX`|xnG?}&te}eb20N_6_J+ievzaqS^2aoa1~}tROd2JVoeGz z=AKi9!Bz;GYF8{YvKIwIR%h$jRni;zK80D!wpeX*JLtxXk)%dJbqx&5sm9W5)%2?9 zaH+%zhW9LQX@D|U(&c3d6ywZ`i3a1a3H^@-!?$gFQKqRR4J{gWu=FhqHw<{pe{H+X zzq^GToMjtX+S!M(7YIm;oo2gho;hBAIVl^<)25A8^+{{IwLa!fxYB&7HYryE&$!Rq z&%Dpy&+Z>&u4YQ6N(T?!Gg#SdynnC3osc<`InuFZOFpQOEG?&Z+jbPGqw5r5uR4k3x+KKnoSJyXe8$iU2abu4)v&tj{NaE~~)XdZr!k)Z$l zy4KmFS$2TV0WE>90dzBTvR9T&el>f z6?iVTQ0k9uzsOgUt_Y_?IA-1}Y9jwzIA;b;<{> zSN*wIT#(KY&plVJTtuu&7Ng5>R5Fw^DhJD-&SWXS~@InS=c`x4P^%ZW~b>L-h9f>^?waFxg&k*xIlm3bf@n1 zO#IYty#5@+89~^3UK)j}^KOuztdG>X=aMsVLkdgP;c z4CFwAtI?z_CE)RDdM3V9qy(HY7*MvS8FL zf_5&Ee$1tQ%(s3lJaf-7-GyVuvXiGh%A?bm%YmGYIo8KVG5j+%q@NyR&wCQKP?vK%k#PP^*e+qnm zMqKF(>2xYbp1Y7LXI7UuT>wtv3{d2ZFmZaLoL70Q_Nrn6^AlR1taqSCdGYG zsW$#9;~TMatVf0Q%J!*Ml)1CF)G4}FXsz0O+wsYDWb@tCslYpRL!sqSbr1XFze2I` z>T{%36u>9n{NULp$UB1fopJR3JyXvKL_h6?my>aVeeL9!?UY@a()9vuKtzaQtc3v} z2yRR#E-nZd1Pl&fOt&WWyzO<<)ly*C^r2MIgltn))y?-<)7qW#U{i{3m33pE^#FH* zQau9mYEs&Zbw{Ng&@-@efOi`+ZFS=HIr`T3hGy&def1fZk@d5SdP25&{)yJY@iTBW zJ=03Gn3sj#s{`JO^@2ap^$L0|1olF-4^SBiHa8?RdPfh*9iVbcjw>V>KBBM(0WB1T zn_Wo^q(XV-SI$gKj|G!07*R4e!h{}e#sD~DK%6~7-sv~zju7Y$QL%p%i&m}g(y2+o zQQN7gsgJYVYo(4V zEO&>&+E@IFonheQ?T=>!^$DzHNM#*mbE_2DH&aXF8(sH`xUq+33)GUgF=}(k>X6Ys zwRvm{)l#%EZgbV_V6@q6Te&f9bK`2y)t8t!1=4IFny4Ad9=a}bIDUV%F<=Ge#`QSO+6JE`Q(IlGU^19j%R zr#U_NP$l8yw$2-S=E%dFd*%eBGgfX_q*J|<0NX#m-W~)^P#J-^P@YiQd=G-C@>ZlZ z3_gxfQW)$T*B$2-0ehAbv_B6)S)mCZ+y#)YLVZcsMLA1FZAr#OjR$}C(b==iO<8V9 z>RPo+1#e01N$G3p4~u-0!cCc81?DVrdd15UK8rexf{;okW^qUb0;O)0GK6e=!hRtK z2Bkujs*!U1Zv(Mxx6&zcS;jd@rJ7!ab5dEoa`U*tfpYe^8pyP?O6k8vVHS;~Qi^ir zq%wR>BU1T8CkEwPRM$R{A)NAuzMBoPublKsN#$jRCCiKsE%Z>q20sz*&1Tr=WHM zZthr~y(BL)tU$I&qk z!80fi_UW#I&FGVHhfLT5NB1+ZgP84cWcm%*!`Kd}u7YkDfL(_0)Z)SR3a|r@>=9>% zFxkV>_KLIutL;*5`epp5;Y_C$>}3ytJ4oynIGfQhKA2(38?`TABUZ&^N!>;@WyuUi zooG3T#b`=HYB{~hq^=U@qL;H?wvy?hzrCJqO{@51HvY)5E|VZ-6tYcuI&tEV`i&sdENYK4BCg@c@y%bG z;AAw(v09ttWNgW?TboE~k?maTDa(^Y$^>I*K@?L0PXW*-KxcB6d|f)cF<5j#6;o(~ zJiJ+n@hTU2U81ZpV&0ssXaRRTw<}TNgFNC{i4`Xon^WBA3_hx0AW=$;{MWYX&MErl zoC$dfj505g&M)Hp@821-Od%6<`1HInrx=NIcJVAoyLgdv`1mQKOc51xRQ0@byXcW~ zmgy`^d2R-Cg6$l2yG+9wtPj7N1?*Nqn{&?b98kI(oCN?+e(+-|>Ku}$w44P5PeIXR zX7XG_>^X1o(IZ4vuABvlk7&gyTVpzJ3Cm;r@;q8&w6D~~nbbPJ-kBfhl;E@z^ZEGt zk~Wl%NJ6sa8GTh#NmTRt${qoL=s7t~RbYF0H7YeED%e9nTi;k;{BB_^4A@zpXBckz z!6QA7cFgRZXQJ$4flIvXG6knf$pv&)S%Y&lZiSOeHf{~nBd|_k#FH?OM9Qh6PI1Zk zS-ZBHJH$3Q-5l0c)Lne1G2M{V(|o5h-N3|SeWx|uNN$<6_CQovx%H@cfpqHJ_G<00 zZgtAZ4@GBz1dGKtOTzWfnsKVcHwM#MVyf41w}<|KO;A*wjZG$wso5%I$8vRp*QKuB z`}mL4DcSdVREygsRZl(M4cbS;7tgoLkJXReFw?O5L54k&0ijG{IIDotk}}hh42;sk zB4d*bjuKnp^t*1i+AfMGQYT>zJMn?Uws8$H@quE^WQJw&>fdxw(gou*YrDL$JG)o5 zFFWZn3MQo~W~Qyg42EQT=JYCCtJQSY<>rPf8?cQz z*ZM3Qw2dX$79#7;EDN)>C)b=VtDCitXMZ1aytS2QFTTl`ho+nNO*G$DygjjZ1>Z)z zN3nN^Z#v|a7cG_FUt@XqfD>u$3gAJ(`ColEg1zfycwWq7FP03Mx$RV~DhQv7Gz zNF*!ZOBf0PvWL|UiO4Z-rUdqM!%Lk6jt8{Lob8hboix+1F-E9K!G=-e4DPQg3dXnN zRt^K%w1wkH4y)<3hvR@Y^J~!146oz(HalEkF<>!HCTRRg%sLbGLLb8o92e7t> zt$^L2-Q;5anWcwE@2n!U(_qiIZ&^JztG1>sVz=6kjje-g7rG9$NTWuFDPyLg!_*-Ny=GA3ubEv=WkoBIvTs#9X??{|Gh~izP%b=NBCf*U+ zS3spZlHxt8%YQWtI6wWi`Pi;#0;@uaBia4^&;YAa%DvlwbusX(YRZGY`H0VGK|sI< z{Cfieg8TY=Bhm&3@Ok#7_V%f>?AopDg6P;30S<}oKs(4ucQgnAb`gKNi3IO-6hL;6 zRPKBfV8kNM*+mz7;e=&A&Y`v=MAg-m)bB_4$HLzo9AKIW%cG+*T)RBb1oc(ss~_NaoO^{ z*QGiv_)unffA?~Bf21~)mc8W6!77e4**OkQA+%HGtda)jxDI@|vPj z77$1Cj(T)@dU|4dXnLR{PQ)V)z%9Al>ms42_&Co+Z;C!TZA@BZ$0nB~RgMV1qQ;_?Q|;#P^$jqMY}7vY;$UA4NJHI*yNIm>$TumQQ; z>VE`&0wDeHa|x9J0YUM^Zv$ZDlPgdxi!_T= zD~!s;Q7RCdM5|OT7CoC3Y!ow=&@407t6fX8DCJN}2hPJd%OO?D*7I3Qy+A8hNPIMt&A8o$+EBx$hKrlUMW>>8OJ+pt#bP)>O$4k=b zkxn3X2AG+vc=o(9z!NSlat!)q;>|u$<=(1(dd@KPOeLoj8dk8GJ&wcHj9}f1#X!VB z#keLikES8biWt|}dtIWIDwra{dL9?}}d-Zs}RRfNHmrUu!Ugzqi)M@S z_&thg{HZd4G3GKzWVfL@jhX6CP9vT9-(gX)LIL*Rm{p*RaC1h78X69WL>g3^^$Oy@0NJzU;mi}tt;H!L^}I_Wlh(Rx&S zZpT4!r||p;f}P%W-n;?(>{2@i_&x?0I0r_Zf~}16+%q}{UmT`(Vt4J?dPH;r;q2pb z5ZnmoxJz%-;R&|9c6#&kMrPl+cqsEy;ic@v%8k(#n0?BB7kEQt707gx>WTfJD|brb zw2u-LiD3xSwMlqLdjR4b37C}JQ`i61^I2VBq%V&)GVoeX@0rztoJ(1Kl4 z?EL84f~!JrWar6yqKDbjkcgQrXvBPhKUKkqo=^qtDxPXQD&9=SPRgxngmLi=aovpF<_+Hn|KNJm zsSLfDvt1YB>uq6W&ei*OE*otGj^VKAN=7iXpW zA`BH8?E@8VrI<0I`fKI5=80YRu!@)_z5@7{(Qfcu8n^A3)Lc`wlGC0FtHjul%&_(} zJdE15CG0QY)XezQtTpfRvB@zCFItRh85ML>~g_~0u z`#ox4$xHY~T$^1_Bx*h12s(b33c9kBf*KOO3_N###n!NLFg_$s9Mcua#rp zr|6o^@1u5(CKi>XZ;f{vCMx6>D^HKIhQij;Sq1$T31y^ZEF#Q`$l3tOuClV^2Tx>v zX1FkV82JNZoMMrnbXESqpu?vaXnmkJ@%jO0;Mkhk;$?@$Q(6bvt?PYaT z0lL(u0g`=*fp>58f>3JELCmBgjr3O9Jh9+ng0(5sE}&2PIStJr@zaX2MY-xpyorhB z#}WaxD#0hDHp<%5B_^(a+1DpDHzMsvFCNkW3vz3RAOkDKSLZ?7W*SwbmNTWSrP@l# z6m^y>UPM#SCvk^zgLpEANek>7Q45Xn5k+L#5hiy*rDga%I@9Q2xt0T+QnhBlxhR!T>>1pV7B6V?c| z9cif)I$DXdlMX|~obl*X*yG=-a7*>?aI2a@*UGDDaRkt}| zP{IAdg_-I?67(tqeVGIBK|L_np;b%Z7)0!9k^h)?f(GJ*pvPkjC*l`~Q#1Wr3KrU= zqsa^lq6TZD>6$_>&{{}IXtCIy(>h~iY{Rn_g%>GrrR2*6kRp0O7Y9l(H)g?G1K>NLFji(`6#2 zGg+dS5)D*Jxb&<02$az_J`oC((akw)sLp6ToO(UHZP@45qW!~>Q|V!QnqD-8lU^14 zA?N`s%XmJ@o?7?(=DY4r%ZOwo%s^+Rq-y+PbOPAW7wPAYLd7gvm7e!iKRa-3L~MjzL^Xyp25`~#ef#q z+_r#TC(*25*e5+5Fp0hp1_;>XkQkUb$38&Q6i9*kzFqf6L0cRO82?pWlF%Q;j3L~R zA|tr1GMsWq7@%H2QC|X3;|frJ2o<%Zv4U}ZD7Llr5PB~rC}_4leh>-Uo)d7$Kb}9W zYBMC!(HwXb<1|^ES(7wLYMa=)8H$}`D1ijvCbf1kdoEHa!RQVfbf!%+n_$umWSa#+ zK&^#AQ?!uIB?a;imyfKSn-5;1O7aV;43K!>sP>q(drCP%Hh}9`L`kY1g>EFz zeXzDbWxjsC!!I0g6d2TO9rA0Xixr5O>hz`~K>_-o9~hHP;D_^48pSvTMHGGFpoLe| zOD=bunQlOJ;U^@KIRUjZmm7koo-R=+oM>AEi5$CyJC@DCk1~G2+bqvaP@BY*Rg*$~^5|S8j7L-ta%nM9SSo^2e35wn@zVr5 zW9Kz|yS!ZFf9bXxedwEF0|vtr_4KI$7AusIcZLY*EhRJlh3wUq`C zy#nW4!nOq<^SN*^6@Ed=wI~5JAmV*O@;s@h=0Eg_l!|cy>k2XMdl3Am_;P`}rPk(Q z@B{V0qbuH0IC%R+F=~xHD~t7YxgNoE7Z~K%)v4y5gb7BLagJ4?Da7uZ4Q{#dCFb|- zK)X`_6`jUzwc<}Ory~VdH~3mzNkCL~fhbiWr|+6otVx`WJ5Z^GNT$9Ry!X)%pU z^9nf`d1#Kue{l%$W)!^EakD#^sm$0sxe9hw1z#yK;;8f!7F88xq_fSH8T;iQjgOQ5<2HIv80vbgCW+=OGyYJr?lp>=!j^j5Y<`D9 zu)66U4Qb6O@rX7B>2CIrdd+yd+Ut3U-`RWI0PZ_>cVju5LZqIE(*YM~~ zUHyY!lgE1|WMgS@^j(PJ*7vGEpC9#;&TMs%G7I8taT7(qovSD=Y@5kXfIM_Tdf7GU z(ury!4-_4P^}dIGJsAf@c3pO8_O(In$A{~fVsFTZS1%^zzNNgqonav9er3#SWKO>K zDvaw2_}oC*_U9>#+EGq_l*3sXVjY%)AK@0FIWpW3gv0IjDLUaV@5YkX_W|2VPkqZ4 zRV_0SItWAC#cK6;9a=h50pIqDOFoy)UIn}7@Og8%qt4{U%S9;K-!^xf9-`J|s&yXL zH8ZwB#JZ~zKF@_nTQKfxRezFoKnpKf z{l>0ABQICVh?ODbFce~BHa5R&+jA;p*!+bK{0tzVgUi^PE`kF9@-z*16roR^l` z><`DkBDNOJR;shRS-*#u4rmrT)KF=k76(&rhAgvxmcHC{vwbU^6xN;3iS)-ms2(OI zR0Xl-Orj_lB1D$c@}p3FeqRd^VoK!*NeVdy8o2V%fdruPybS>xy|ku`F(|2op`nQX z6OW36RAd>fo7&AD{;T!!vE|r)5Uz)!q{fp5p-3V%Z$n?z4LK560BG@`Ju{|KrfjHk z98q7e{ctc)BNYk>f0D$ZzHB-Uu2Tb9F?sY+N@d_bW=qE~Y30M?s}YMYM9X_d ze3Y%UfxFTb^m-5uqxi(B+;HiPR`fWJ)=68($@DhH1~1Nr+urFM6xc<+*AB1m%X}9?Q*y z7&1(RI;xR^YNm7MN=h136x!96NofmXcb6|16*aW-1@FS9Zv-rI5!vnf=2bb3d% z$S}*5bq~m@^vM>1*buLR_5Q;y$j=LzI(J~mRHg;_!jJgjk0TM`yRTk zq~{V^G^(H4?Lj{YND9=Z0;@q`qw*EmRhmziOXWymkxIsLR^f<_^@r`j^UKUju1rx1 zm?aB$Q&v*wx1Unzp#zaW5$-3$GtxTHlJE`!6ZFhvaUXR+LMUZZ#oSQxMZDI?B1V~Qg-ZFudUbE=jY53 z@%iqyX}-kfiTEx*@b;EaHwQg}-J0T6*`%nd)aEstX~mPNtBlv`V`+?}thAD8H2T?L zyZ?ZW=yMhku5Lm#LZlR$%*&oVvSuIqpA{Y!nOM@V(qvJ3voYNOQ z5L<3eRzAiK#EQ0cDL_k)ZfhY{zaR5ER7D5 z-Fs$_!#l9wE@egcWa*|cVZYV2Gs|5aphW4VQx+Ov&o}TX6UA|yIc%%d*t%yI&#Ur z!YY`|1}EDz2DiFZgRYSU-2g0F_y@yPAhzV0<7BZV<*A*yEru1hu*BG;y2TsW`lQ~pi)cih#*8yKRPrk$WM8nFl_{BKqAlAsDvi9^cxPrEOFpgx8@6SW4qxfIb0D1DJbPr<_p z+nz!?u4sy3)R-V@2#%x@)RO2zudHbQW3zf7Eul^0fIy2#qC6M_Y;dYyPO3c(9INx>-* z{*JyBBOc^$FB@JiBLGDW!H>jPuS0=eGQJ1eQ!Vfrm*-6i=lylo%Ww0*Wj&b01Za>) z4I_a<(QF9G(m0+xQC#!7wd}tNP0aN;iEy&Q0&2eO)TGD{s$$|I{ey4*UhzGyb3!Z5 zi>erzuI?tEngPQL3GVX@uQHDBK&l5YG}HdblBF%oD3*5bI~_BqJ^-|_)G4`~Y1t-d zVVednEwF;-IUXXoErE{b{=2-j#6Zq-m$%^pExG6rtjc85k`|3TCHHo+mcrxa7S?|W z4szuMQ72G)*A{;dloClIQJA08`ocAVS}(@9@C*1>WvucfJ&y@^)`pB`Bn3v&}t zXS*FS-ZD}dYlOT6y2?ZSH12Ry@+GYh>`Ii+k2hj>hedNu7Rj>A0z66Ox= zkwbGFO;$O8k7Tl>gyX7F7@G!}I3NaMR)8xn+>0gub&n26u}R)*fw#W|J+&I7s@D?s zng|;*HX&fKb`~l5{XlXqf@ls0kZN%X^%1|PcoejU9`CTuQ&{{P=>KEn2j**W04090 zy(wkf{Er7k6M&LhGb&(Sm%3$b>0*xuhZG0m5PrWbliY)XCi}X^W$zoeU{`X)%OpYK-WMp3oXMxjEz` zJwc4>Q&sESW*Ibu_LFdhAokVpuq`|f~a#i`gU0W0$fQo!+V~H(m@Ln$oCcr1>Zl_j1%zjJB#H1m zunsZazE7KDo4%wnGjN1>n_#qvhUjBaIeG{7W4>o)=uby*A>iZ9KRWn$7kxtb5&<#& zoj2&bQAB|K>L4Q@PH|R^(cHAhl~`Y(v)@ZPw1Tm`0B0S7o1uKxDg|eqlJoD4K75t} zPFY1TO#>=^6$qUs6qh;8uI2|@a5R4QmM$y85Qnm?Z!mF9+P!Y$+HMk(D?YT92Zms6 zGGDX^QV?~LvYx9*3j7v1dl{)Zc07+0!Qq^Sk4P_XBmU-SHX z?`?1Q0(w_Y;|xO!K$op05lhTm$Gmy&WbEN_`fn^6D2xq>5z0^*8i-RvhocPWX`!P- z8IdU>SeVlfII^UQSEDwc%b1v=C(|-Vg%C;DR-I{2(?2+!Xaej6J|Ar!-Y%i|VMd{p z?d2+a3$Jq=ZTCf~6-39jZv8B&y(F>5Y#gV5LWw=%>us}kHF(}8brrc0etB6NL5rqM z&DdamDDwF8^15CP(MY=Dui#!ZGCmuL3x)UxeagP5bJSl=1{WaFVPnE1u~k|1bbs8< z36W(&mdpUPe=SZ3!*R2OK?0!7`$ZV%0@?Hqar@=LD6%$kLni#Hnu-zq+_zDys)G3k z%|-2x5Yt7vRsh|?-XTQee;|NrBQh=6e;^>SsJJY!BB?Bt=l{O2a{zGrxatSbXi+D zR#Q3F)PG{4ONH&Bf_=_pN=;{6hSW!D{jeQmaQc6-_Leb~G|{{7%V2}s;O_1=xVyW% z`=A@xI1DZucXxMp8Qk3l-MG8Mng6}HH#y(Vhm&+tE9pwF`p~KBTK&}TxkGkm+FQH? zfG+g9wxleF_1(*%dzb8|S{LW3ynJ?5qX0JS`3xQz=x@igH+PK`q)=U@CZ`i4}c6YU^Xa<82 z6C7+DdubxFgkW&8gOML#TpfyMO7lB`Q9q6T=lZs+CmxT9N!C64QK@)PY5=vs6l5$! zt{;evGvF4+Kkq0JVB75!m2ca4e6XhgQs1=r;yAgZh`}dRXi4Y`;jo|U-WlQEa)_rF z#;1_Nw|jff8@Zd!62_ZX_B{yj3PzzK*HwLx|4QR<6SN-+5P+%%G;n$N1fi4$$_MSq z=K5QDyd5W6q0Fx#n=pL2T7H$h?>FAhO~Xw$F_abW2be;?utZ*|w8PE@)-fm|JhSIY z(ptrfs$j>2+YMHlrmyDNX*_S$3>F~kibzO6C;v=h?C&3DU~8laPK`liV;?0cg<(Td zN6a(BP15na=F?LrPsD{xgYp14pe68`L1hufYQgj}5B`xaPrsqcFbr!Ug@*!;XOMgM zxqPB(LMyr%qwJl*CyT&K5qR~_jpMUQ`9nCg74?$~iM^8OY9Q)LSB7O#jS@(4h_zzt z7!@SRChz&R_$D5JP-X4L^rg)=819&L;Vs-4i*F}0t7yjFd$%87p+hm>(HpgpBN62p zIDEn<;B-p9=*GW^As7;*iliA#3+q$O@=`PD1?Y2s`_A%^e{$=sKEkyf43DeMqD&eC zPpd9nV2VvwUpAQ+k7PageO+0i5VHsejib6Pn5d-%>ZBIuItcw&Tz#{}Ce4krahHr= zn28e&`*>?oB7Eg)|8dd$_T)c>l(q=wy8*Oo4|=4cppI9Gs8U~fi^9-uTMTP%=ax0Y zw?jp9Z$hrpU;ML?hUBF6iThIl37U2EnjY_~Lvyk4rs0VsKWWuN={S(e$9Ww|Oj}9y zU6=jNY3r>oGVMUCUYepKKfFpX{)q0PspvO?r|b0Ji1rs`%iRF_mVOco*f>T7S+dwB zD?KyyEQ{6#Yk7U|fhA6}rl__|gg=hA7mkq`L)jv<(WNp_U^VyU{f&O4##KoQpdLyv zLuEgS%u1jIT?Pw&+dp%uYAl3?)1tB-#Q;H2JvdN9x{bby=xgxOozX}Ruj0@>hrPS0 zh{J6LNuks95S@qql;z%6Eu&SaXJ1U>6XeQcU??T|Wpdo|-cH;uMk>iN_%lQu1rt7C zBY^KL{}XkX84u~s?W-}z-4{-*Sb$pmx6PNX@}xQ)J{C_%+6=$#@-dr+(pzMKi_2Re$N_>!v6tFH`G(SVQEmLIN(o-Ta+6JrYx8+CKFD>*swC}(|2K#U zXZ#ham$lpSvkp)j1f9c)bzH$H3!_nJAK6bH&NvWbXd_ubJJ3^?_~TlE5!DwKAtIpy z(-%S}^;_qi@nO4wxMG<|NOFo;^|;aD@^lB*Sj$p5qET46J$D#!K)%_`SH}1%ryB0W z=COd!&F`aW|GyQ@OgX&Bj|E1plBITy+p9PVG5!uNALqlW@62)8?zU+0{ZV$w1n1wPQHTLCnYUWp53L==fMX_oNmGUgunS+SE)Z2RA_ zQ$oincts!ss!bStev)vCn_QPSRCbOtfi1K&k_<*CYSL(!XDcq0{#+NQVf%Y)OtwSJ z(>NJ~a%(UQVK!W4^~U9r#HfehJC#c#L1QcLyEtm;=m@`e9kG5FHZt>yKel{#n(J_U z_zGt57pp6+(n!f(U=BMc@Y@xNP6aBfuMm#-KjpYyH6S#clhyHCV533}!+!rxSKPCm z_bfapHYCMTNu!p`%8X&uZ%c%18=?9~k(aaIO@4``gq;fajg2b%B%I2>NiA`i6^_eB zase%5m!kO7#*b$5YBAhC;E?ZqMem_S;4&YcmDSg&BClnkC>cGb)sT?H z8c|T29R4Q`Ey}1sJgSwH_gl8DNR#%Yb<*9RO^$c9{N(rnxzoEJwoE2v$ENv;^~Z_u ziHQg*zs;BrCC|(z$l>{tqx*O>tm2(n3N-$XziKBnGnlt0G#LHqwF||eH%(gou>4^V z;?Tb7@#`Ekf>^okuErJh&$vwUF~kzE{&qW1n8kJYEA*kJjMsuiI#5fjMA3+e$?2}$HRI$S!mXHcr50azK$DpxPc$`^q=_9LRIqDk zz`}a*!RsQy64+f^y2&FLD?W{=ACJ7|sJKEL$5p{n{GeC}=;1ULME#ZbA@Q%-mMgK?A8X7QkHyb(V={n6Uu5^Ff}F`GG6@<4vPLUade{ zZI6-@`{)l}Z{uS!!rrR(w}a=;PEl(qN$*>}d!o!K{4zsLHz+)Obp~zMs*YfY3{lGF71s*=Ao$aKNo+cz7Ha ziNJBl_gtoF-kOM)cEhuPefRWk5Mg%nS(bmKzfF(Y3dydhL+s?*gKLSC4nLRg4f{l? zX0+mUw5)n*=ug6RX@I}!_~s2#uOp4RqJURN{wU@d9E$6oc7vN5(CSbd7#IH#bLHJ! zU0Xln^qy)XerhrLlRP6s3n*+JA&fTsfhy7d6~G9E zA&g4{tu&YmHUDCw4+ytECEZ7y>H7%KkTEp2tGdCG-C0`9-xfcg95IGOD7%!R<(%uy z=e-;RKsX=`W8!2cAw(TzI-o)GL*8wG38D`Rxx)~Iga!4`6_7$p7d(e#@dhk1?9r$% z1R`;mbc=7=16*ybi04X1`d3u=R!0HKu>ltY&7IeJ@|pJWNW%d(DZSaryFJ)rLLpSo zna3nfh3LhZ>&cFV-?*?mkfmWK`q1kz{jjgEJ#Dq3NV_6qg3p=5krw@BA1hm{Z(5%n z3>It7!oSx4tIm^&T?yv4`G|8FgK}PO6x!+hPblohAX>pvR!`PdA^L6SE$~HF)|fuV zZ=rw)WlrYTK*LBMmmNRUvXo(W8hnt+3Qg{XIkUY<#d#eCG{@9o$Cfj=vkDi>`{`2+q=b~UX+xu0>qesjHWz!4N+ zrmFRZ{{9BUn{rA_b;2jowySjzJbi224cuP)X4rBrScl4?x1Z8q$8~FyorI0J5h!p% z@e;}ss;RqLlr0`pm9pGGwP*`FrTnGf=N{kWx~P~@?IT=%$_hS~yQOzmue4_q{IglB zZYHD`Yv&|qIsW!5?pEO3Go!>ugm#a}ojJyITe;$@kNo4T&o(8}^JzB|noIhN_L@L$#D{71 zC+fZqR%km$TTv}!mWt8fNAG{7MOSjy?eH=Ae&3mP)=~Nxt&z(GiI^ZTl9ckq90Qc( zuNe@aJzE6o_()HG|E+nCdo08F=KaSS3oj(Ou=g^bOik?mOXi+Kjrsmd_1^Md(+lZP zCw>}0o`iS&q`mLb7=}N0OLXt>h}9Ia7B`?{^F(U^vKAs*IKXsSf~evzb9E>lh9;xG zb!dvbN%+ST1T3Q`?FdYX2oOnL;m4hA3CDbUm|2Cy+F|ckswd`*uQ^nX$}n>a&hDdq zO1|^#d8ivvKBHqaN4!!rR=QS$0W5fI_M*Skn%56Kvw1J=>7Z60EU-DSF%G(RHnT4l z5SBE5Yt}iO4|GRwpVs2!W>GQCVQ3SLc3BZ;;K#dpVMP4 z1A~AzRnu0$)@xAO7NlcF$J{W{$PDx94A9Pv!;i-a($dnBIFRrz#=a(4ElI8MKN*nfQiW*uqlb@0FP7gVWZnxv(A04mQU0!h`J`LI_7 zm|eKJoC_+yhUR}xg!uJ0wjhA?B$nk8i)E$*Vl=D2|HYg|b0}Nmvc7coL=Mwoez(|E zi#zkSPR#k%&5m)07dhuK2!MT$$}!y*?FAd#=l#QK(-^{D!xV(k&&Pevl$sfcJGh$| z^_tF6dV^FTva!iu|NX9ref~2Gb?3!nTT75pK_D=79vD+lTOU=%-B(DXt3|6?S&Ao! z@5?ZFs(~R~axU}+!x47OUJpj?o?g!sIClc?e_WegNiw$F>aU5F+N_jooQ?Pp@iY}* z`+oO}T^9`5ew2z9Dv;^g^d#|Szr8TYys^hBTjGW~b^eo2R66m^Bk(cEc1%clqw<95 z=g9KB;(ZX_qH{@^&2>(hlLIl~@2k9PSO%AS^ig>2i6{U03I5T@)5yWnH;-O!RQP6` zSqM_mRhbYH5)-L4Tw@rv^MMcxVKj6PQS^b5P!rnt!2g!N2Pc*MS~dNlW~%)SD+*nf z0&W+DtOP2a@<+*#OWHKR5zy-ut*v@MZ1neX!?)G-O5o^Sx6NssVU;-55R1nM>xqSM3%C>)M2TU71veCGq$^);F;g9xD}DF`>l)WAh}+QVVtLgIc@GS1Gjo&6`na!eXf zj`(}ck^9}2`}A#$DeYe2Yi>o31^cj{z$sP!hBpx&?b23Dgmi0fGiNUMtcGi(eQU)K=(aX$i+!JY%TD=59&PE#k z(5b@ac5far_surdZPV*K_dc4B1n%dD+4Qro>I!{A{iXB!tpzS@dsZCGA#u`$dEg5< zj~?H<2;a1a`w1kUF^qgrm@%1r;0?>_?avk+S{+L?zh6|Jb?SJTW0PhmT*vf`Joq0| zhPabHF2u1eC$vf8tKid9>0)q=u-?V~@P$M&&pi0c zhjFNZM(c~)h19uQjmlwh%A>)}%h=PzW&~|TKHcYBP2Iz>jH8xs6BPBUyr9VOZspi+ zLYvqJWGbQlIL{WzU6V4jMY`JKn+2IM6AUo+S0{=%jon0cclK*zd1mf{&on`(D)Jr(W*kv3e9qB6egcbqC^5mf! zRj6pnCD+(~{{t69Lik!%(6(XjJmd|n(7;j61a6(gtuoYQlxq)bEt?6!({w5}mS57T z$hGGWjmdvRhnuxOSc`tqkoH;u>A@yjZ_2+KiRxf1(^wWJ61JeM5Kikgr=%PJ3%txv zwQXSy#P}^O_@&qcMoy}`+c)lw?48Ldn$njyoa1N?I|w3rN4#TRrz~5iIqh=^7_$=! zo8_fCs1#uW2O1-e53>?AQxN8L<1^>QoD+wjiX+YG6OsG$V(ZfK2I? zWtI;YZi;p>;cYu z@yzz&SU?lFr`J7loqepoB)ZOA@9#2fr<$RnCW}$w?!9nCGz#9@yPA_CteT1Sb;Wbu zlwO3}x~m+c`OPyG{lWiXWnP8!w(KNxc;-9m>UzP~hBchHL%z&2^)RjxWwB6GxTHH6 z>|14qx8Jl_@77Z>vRKM;1aX+*7QL@>@LX^c_&MV#5QK0DS8gUq3iD$O$_c*ZBI56| ztk|&c7-Kwzt`$FCDVJYYtN{uyn`!VV|6^GbTXZ{zDQi=p#Og+k%2Ar68l#RDUs}x@ zW_`L>vZ&r@*texjR@>Z-vL?Yw5qxoPPIE`w8Tvb!wl7w|=7{JXWS$xyeT4}ozSWbA z0?_bZ`M7^a!cCQsaOU!l+pxfl;XO%-12wUCa7SrT#3|GD_fzNC)eOx zjA-_F{+-Ac=QwEgzh*AAD=@^fk~xi5jY#cJZ&hlpC-#Q~2Ly9JgH`wAA=@U*yPt5+ ztYRWK6LLKR>qpR5Gzw3>c`BPOz#a%a%8P!E0oBuqQj>MMR-vC~o5I_igZ}S1?4etW ztmK{aGZmN3Ew$phOhsVp6U9`?n^$rw5u_Wi%$f$7`|ka8W1s3!3WLs8~WB*eAizSzfi@ll{~Y_J8-L=d87`r*BFLsLi~sT z0WGC<+WgRV5d}~Bn{?0U&u)k5R@LP{F9z~iz}LdyJ6>+S-ooQP8h|-s#J@K_g5Rap zxnWIj>Rk{8IqZdo=SdWIN1sV(OuIMFz+mH1wl3LS-k6}?jMd1A=!NAamuGTQt1gr# zS7Ab9&^c9{=f>G49L3sH5-K-6H_u(*eN1-CX%_=4f!Zzq>VOx^U9Jev41D6h8K(N! zwzw7M(_Y{^*Fs^6_o4VebxY7dL$|_~dN_;I5iBf}ILO^R#Xk;;xdsU~ZXJS3-*D;! zUQz;t)vVK`>qgLQTQ|zOE(e#nC_TQ!I{Ivmp6-m5HqVytbg`y#&Xu~53+Y=Lv_@*M7~j&_8&l!=cny2WQAfDaL3tlCTubO|yKKESa z$2Eg*tF?Qa6cfbwP2CNSORrI$+weDc$pGj*$D-F2Z^g?uA38o;p0o|x+t>t67oq?4 zOjE8VL(LQ{pzSh8LH*DIYfoL z1;4Cr>jhMW8 zpbJqm`O>_MG1$96z7Zw7e)`xO#0b0zT^xMNl5mIKY3u|%jRb_4LXnP=!+7zC#`kMB z$%2bTzN3P!;o(BQ1@RXN!)eF|+@7l2l!b_LB4UjSGe!@t!Xq}3{Kzg)EdS~Ds%(;1 z%*i_t&F}H{xAU#k|C66@$^S6Z_3CfqlhD(pz){YfoSRksNba}*OYTFCiV~DnmJphn zYH(b;9fF44p^u(rB6dl61(c%&loi{_-~O6&FYzS=?z=M_5}kqs z*hU1I2i2L^j|RCokCX?|PgSSn<`*)kphtOZ33#y)gD=qLx22J;bctOJnQqPrc)FMM zD6`K;4m96bE=c+5lP?v~j_7k=f4@{!MjJ)m@9|CsE5G|H1d-21y)M&r!mtO>{Ko;!SM@nL6mcpnK8S#=} z!2~wDHN?u)EGW5D3v&r8k$;iUb9%J@=qI?1=vOXkumBAcQRZ&!*O6jds|ANT2s}Ex zf3G+yOG=<<*roP>0J1~BX{UZL0Fpj)HE$Qp7ZW*6&Q;8P?-gNu89S*4J%Q$oI5VQl z5)Fh8Cl;K>QU?0~a=V+a^|`(-0IA(vfbZI9hjj(v!-XqV0~XRM>o*;2&hs66Oj~)! zZfK$LM8kV6i7bw;(ROebuhiI89NFC9*A{r~P<)ZRUn9nB!qRsbDg9V8A+9Aw$W~r| z=|=4>Q*flI8YP$n>I>$y5-)r+Eq{({nS{Nd=Y}~UJkG9D_u5G0IkzPDx+g;=@t^qs zDYA8V{6ZTs!p>Zq8DUG9rqgR;sNdhlf_VD2XcwyJyweX;3d)T zTsvw6`@0DjVXL59a0|fns&NW3`Zgi|R@TdFdljH?8ftXVbClZ0#ywM8RoDwTYi5K$ z_YkXWMR-$bn)!~djn%0Zw{*TSUfUpaFK3)?plsz2Yu}*3@-3x(5OSt_FV&Or-E`q| z(|_9aL*nw+7st5@u3xfiKeOwG>4?K;o9P-65K#a zPR{dh=BeDx+TCqH^Fy?N`-p+_RWKColzDwFwRl3(6r=qypITO%4qtuV^LbMCLHk1t zB@LQ=pU18{#IHm9=tdd6z9H7n&KjD&z$zoK?ms`{)5uyl0~9~Pwq8d9D`?Im_|v~2 zut$B3LFQ;z$*~s-SFF2^V?7h>Z#0SKHxc@?27fr7Y^$Kn{{&1BC$*9nxsdYA%JP#Q z&a~f>$95tcu@Z(O_St)6yRJAD)lB`=_I|1DX{%kvf;|=ABEWvto@s~Ji{WAS`!7=b zN3%SNF+ODV*&rqLBNWDgu7KB_H|I^X^Fi{2f-9gE%)_Oy{ofe@zet~JjhvXUwS>zS zkUDpwzDe$RgfGGx{Um)Gw(9;~|AbIhw&0=?9j(+lIHPdrA~?rk;5qfOw`8oqZn+@S z)CUU?vd@E3iwAtQV9V219N_fDgkrwvkX8!UW&Mu`+i2oC?MRfcc&#i*k5+HjO$PDO2YIgg{3q2D z>!Rd)afgaO@JOobqYp?>M0up&vEOmMD^mVPVA`{@`Msy<+uBZaD(AED|ID^a$lCVB z*XJD{(TJ*FDe)>jhQhI1F@O=zg_l@?Vpn^*BOs37YJ7KR(3M-N+eO%vhm6sK@J=QA zNx|cUc(V-eouidN*op)ZWVaFarh`j=yGU0(n502DrbSS>@SqOemb@PM_s~ZF(ki3s z*gCbXzhw>dsexA?W0J)5RWT-4a`{$5?PZ@7^(f8~fe}8ux0{eIFw)7aeZtKLgsxWM z%F%QRB6hCE6I!LASPjUnmPe3NbiJ*!c+yMgCl>x>`W78V7sDRH>uWU7X;l9S;B&+} zk0(^S;~!Q><@;sTwtoev#KONDXQO0gJ`&iVG(76RN+ zMm-kraILy~bZua(sdRsKCLi72H3Au$^}tAfYHYAmWG(Q>@^PNy-#40|ZHPt3yhwf> zT^o#suXC1_V%gY8Pd;otGe_{~h#GRny@Soa^FDwv&e^wsjRFjT@nkE$ZNmW2tA*I6 z5B3^0*jpLDuod=E65X*x>R!&&c8DGAE5BPlpt556zxQ6?rSFx9ng}9ak-do#1!V&T zg9J%PNc<>z3u;IjItfKngG@X!Bs&vHaDa3**$%q(uVD{V1b9ZddFM?{fV`He?&=>t;*M1uP(vZa;|IzB%D+ah@Gy zcw-0GSY-X-ddE# ztddS(7HaQt*Ju9X88r|P)%MBN4YQ2b1=U9({tm?t9o3m)XW*V>;lEJ3tyVgD3nd%; z5zLdCd4y&H)x_1r-c&AZ>Q!*`G;IPR{bQUw!l&oEbw*dW^{e#p5;OdGh}Vc(*8jX# z%ekwxQZs2lYRMex5GC3&E~p@ zc!T$u#VXib2bNN0#O^sY7y9;ZubvTxo_+j}X1RpxC|5`;N@`W_8&<(7ufSD4ql_~g zZAPne;v0kZbF;{%I%0|v+|XWcdDX%4p_yh2pP!n#P*&s5vnJydxWqmw53pN?d)(|d zfrH`1r)4phM@fHd$$QvUYf1ks`}kO=EW%~|s^vSm^a6K8E9KaK84fR7GbBb7jwJ9c z)_1mJk5P8;W$)Gv!5qo*vksX1=H}zPKV)v&Wld^CR6WHaY84OB&Ad6YIm;8<0}5ho zmiUI68N<=inN=G~O_!p55fjYgTu1e3>W51AIhQG9JZ{YkY#Hpt&U3Gtv+i`mo{_$` z^&QAlrKxjHBpD<=^S{)9I?O@T#2q?+P23Mg6 zQ*&P-uBQd9&~nC0xM~!|tW^9McW-5n(&$CAO%!eB$(PW0+VduA&9l(x!nxvL^kAZU z)hWtBox=li8%4Ia?r6v6>yu?FEAl3w`-8ll-nh&jK{*L0`XE% z5=$?4;=ZppB9*G`O+(Fm>B{KsAif~H_mt<(lY1fEwTPeSoJPR$R6Xl{nHOVjP1*I; zpX|ZS5ifdI(QnA$#OIKP)sF3f_tJvz&tC(x(4Qs}HMbQ%A5n@0Z*um&yf=OI_I|zx zM9nyR%{e-lcA(#1V*Bi$ZPu_5v_J@s6T+`fHVCY?`cf?upOTN*2thrwa6`bP^NgZz z!ujR02`JUzCK`XvJiZ+pr8{2v0f#i!W;PaD_?oUrb8*U^;uQK}SEF9Y6MsHftVbdu z={SYD%V?gccx1>omyW5sYw&7o6_aw626pSGtoJ4q2QG9~?=Bkc+gput0AuAB9Kc3M zi{8&^UG7Z0A533g$Xf#*j`3()ZF2Mdej@7$rOVA5Af@{dv;?OkR3#yW8W%&nhDTMt z;LY%ttYWYky?MB=Dp5T%sL;WJ5b{M0=rV!qZTLvM=-_Q=6$@VD!|4q6a+J1mYlsjd zeiO4nRi9KL3+8_*FpnO^jbBQ{)@h#9^p9Au^L#UknvyX5dpL&A*cgwG&!SOi(L-CC zf`Qvyl@pEj0-8#k8$B6|%+fWyoudM4C}i6mKQWys@(UeWmVZEd4B!oSDuFbnAseK7 zRjj^oSqD;t9GRqI+z@|kCfc?Fq281yc&IsptG(n_@04+X@6=n*sf%6<&(t%>XZjNp znQm{DO~gAf#D(1vZcS1Rsb+gWU#IN%rw9(J9SXMnEy&te%`XHnL61wXDf-CNY# znEcgiY=pA!4>TjMPp-&cG~fR7JW9!Z_P0(?PUNV5wOg6oUV>2vf33Flt7i2b>3Ij? z)36Ce{pC1INUCZfh$pNNVS=K_Ax;2G*E712c|q%Gp@lcJ7Ipj@CS_vkaS z`C{2)!)6AMqNUW2@?%gL$jL>tUG{-|S7rK6<#6T6zK$|fe~3ea(F+{#*rrjcTUvB3`34=&xqVGWtK z4z^{$R+`)1!;cBJDkZ^IfR0^52={l~h8DXK79TN&zr{qOWlsG4$A3is5UEJ?|9~_w zqrhddOJEfP++>0g`H^az0bqyuwn2(9-3hwP4zDikr=x!}?J(T> zJJeFY>M5Jv$^->0!Y?02%Yw&?<3fV_Dn^AEsxu2q)n^tu4T69qfqp%40@k|4c(Qz4 ztTgA+z2Wr)`e!)ZaKBSRH0n_OBm=gN$Kx$7VtQ;zHHBR@Sinu zM9-DGR)({;kHP*G@EcEQrBCk(ReJMi;^xbBR=QnXTlO&^n(a@PSYWITjsJg)QyIEjnwEbbEt$tk za<{g{P#Y{U3a2or>%{j=OpJ4YKNMk8+PJGcYkP>1p{F~DVWz_ss^Xy$Agwn2`)GSG z@Lucea2AaDrnctF-HF=sB0}S0*GXjQ+41oZxQaj-glz$D|1#U)d^?_Td2nD4V*O+ORb2T`LbsI+Np@7kIe-F{@GO&rvwF*nF$Zn2FM7b zgQZkSNQEg#>4MCs9a*gE-%%b$^c%^12vmiknrBZT z|6X)n=w|dL9SH-q2KpiT=J>{lU)Pb5hs>GSuN)5vRGaO$USW*@*oUuq6Mx_m_NOtT zdv%Z~u`gpAuNGdHoZ~WV&l)Ytq)ArVgYm2jH28Bgab4rDzW4Ds?1gUSfK&6Yg5`&~ z+a7)&W7J)(wH4m6?on7Du(L8#QilhM`)&2>DV^lt$fC$@3)!Rr2n2T1rJxU;$&9#Y zepvbbZfWuv4C(VV+B#_eg!@nr`UeQPx0c)LRq9y&f^OO!7`2ab*eHFCZ6#E4|9*K? zh3IMI^(Mo%aRaAXdrMh)>nOpw3iHk6 zy)xPGqF}hV^J4(L0c864bymtgCuwne&NbZ=JQ)>`ZK9d7|?d_x&?+ zV>bpXA$h0SC+YV8B+{y5%KCp3RSf+9iAq}cF^UWi>oez`9!R?`7E9FR*5%)-X`DjumBnSEM3`emKNbeHRmX&tu9YpxEJTm$)w(G z4MJtxmqg?K0N3cz%!R|8MNu9RM3htPGCtHEjV-71&J!@- zO^v=55rlkU8HLp`=EC{*rUgRb>F`t^(`F&wL}J5))$pY|Mvx4MHx8q(Dc!e?te!CZD&laU?E|AKapf=>@;NNRf5Y>ywXb0|r@7I} zFOqa8YI)PTmn856$3SG!&o`}pr9PB?24#4fqM3@`Wfd)dskYaOR~ybszws^}la zbh_!kE1TE8$$rb2qZSoLBIdn*<}**M#>i=T%Y6}N^Efh_XQa1#%rBCG{9UQnRCgX2 zQ(KgK>_(B+kC;(2lN?>R)B#be`<5o#Z|oMH`~9Tj*Ob9#JLE|-VjdE{WbZklU)s&R zu^~M$E)Bu)`^H<)J&@j{mRz3j=l`V={@pN0<|etq-eJBr2x}$2z7I7-;el4~2MB^* zgX^xGi+rfP3rMW`G!Oa!eERhG$n)E6+wm=a{qa2}|9SY~5J<`Mo}*dY{db?7Cv^T5 z@CB)8NREArva(UXPw|2*NuV9n7Kq$H=;i4771MPzt4TWc(5n?oepS&u)H#18g6xUM z04oGr8z^6XhH?D;u@7^z$VU_QQ`XBKQo$maHo`aJ$pCFDLhe`&1pOM=pNBmP)o|&@ zB4s3;Dgx~ZWghtBnt}$J)i~LTN&+ZYVx2;FSO>!zhaExIqdR#+P+;vuaoW%?3zCZ1 z>Lm4tdlOL9ImI#C2(6Fd+WxhMcICBv^FSG(C5&YKZ6bgetekLVH;TD~p^@TE`4hf{ z{1cn0GdlO^`II@_W!<{iwzEn;TPMA$lQTG3C+JXldhG* z9;}VfmFU|P`XsBwwP8P9%{Hud`D(DAIg|-|#Oj3jA#57)DZvBcpZ9LJZu>Nv8IRjB z0w0XShR!ZrukrArUR!n|aoTR8Ca)2gD?Iz97$>2Y*U(n=>uT4FsokD8jAqjhZI>@U zR5!IFQtLlkKAc1p!Bj~~kXfvnkfU18FEwot$R1hI{RTU>a?<+PF4Kn(r}hK`nax1* zP}QoTwz$VzdSPX>-tT$%3&bMxW(oG_Ac`O5#}v9suQ;EVB*>OYGW0uu4Wsg*mUJU;P&c#NtutV?Ng)_z0ll3h!Fj9h?8^*F!!ObnWg=GKI^$GM-Og>V<&I!7D zV=BhOD3>H=W*XOaVqI#BzzOd7ye~17#BdMhx^vam;uWCY4YQ{G3YSGJ2yn)(K8X1t zoD2ExK4;1=PHB&{JePPMxdz*EkreX^W5$k&FJSVe+mr@rtS67u_5E?7uD00z5$T~1 zhw~a!y|0p$3bRbE7@g0s6w-$y`PRi}`zydXSJ$&OL8YI_gy4JQY|2Xp+#;lec|A4y<4rVGY!cO<+5^TYLhvFu=;Y)-7e z1oF#c&m%gCKTo3$Bw^}XfMTIT5Lcv`X|xec2Ms5HUwRY#fg=?M5b>!vg;Je zDVQJ;-L*0n1%rM{^!ChZsMQDO#bHA-qxkfr3;qm6nwU>;t3Gp|CC6f~D4SViiN`xT zT?E=Aho*Fr{Ev<+lR4s2J@Llb(9Ax_OwdJKg*WP%xYObrk%oKdt}7KO>hdUFgEL5@ z4;2dnVvZu56d@3`&w!epdyF%2@~51s{x8P$DMydSmSRSOI>u@(TboL02ZXl9+JdsS zpthYL{QKUgT;?P!A5jMz-y9+S?XD}GOP-^xOt{{R{4V0|Yaxv72D31~C_z^l0k`ua zi>wfWcefJ`4KkjaqAS50xAYqI6~2vBN7y*UxWh+Evzsq~ca5!)_XS_V7VKB&NvBcy zJcT|2xe(VYT{W_~KYa?zDP#l9EN)+^J@p6hb=S{(ONCQS4(L$K_ku+!AmOgmE^tx~22cvbyk8ap)YViqXXUdq6zv}6 zc|dN}F7vz;e@i<`k>tJMAL10f>AZC27e>z#6pv&&br>}yV>F;`qcg-c^X)N}RWLPK zWve6Aj97KlCAyS^9#+j2=yE0DHNrn}H6(o9D{_WS4JXKSIXcq?gE<;A=}0T{iR7AR zqh)oc3OFk?Dy<}w7sjib90xX7#Wjzzhm;36N|S5;5S3g^LfaCo&9*FybB=FpE76Nv z*W~+tG{tpF3Ug8%rKncsc>kS)%4S~n5L#Mv0zRSgUV7Pf9~rBoHQQMaT|5Alc8`Hz z_kl4!&MhW5JS5MjsL~D570K=#s3~}Fr730q?iHoB%u3Xs!pB! z;zaNu@5v^CdO&~wVWbOSyP$LZ7`qw9M^vh|>Sht0BU%sOZUInxZ1_HRtF>PV9bcT} zbo6)jt`|m6S*E-U8IJ2yc}=Ss)qULAVrXH>Xbs#N zg#Rc7poqt0eQ{_Y!n%*`(pm3aWr89jNON)Mj8ToXaXo1RqLS89ft7WFP17s}6H!+L zW6uzy$uzKx(AjBbgWUShhX+lHk-83NVU?+Qy^#5e_=S=!qBMVU*5w+u#Crjp66TeI62rTip` zgi^6Rcs}s3rl_8>so>vUcjES5-oRG#*)enzsvXS*66`%HI_eIxBV7@$32hRs32G9~ zAcd1AKo8c3ix3_FQAv|iK-mQ7L)4Q#fOw@Dhk~F;A*7LpP}&JxaKWmhl%Ob5Y!Rjq z{r`A~8~$S>WO8 z;WEbqGmNT_{unhM{YUTuMS$Qy>?Hf7`y^(hW+c#{Igrmkt2q@=JO~Z6Kr%==NFqim zMiNXKOj0TeBZ_GL9|cMR!dRfWSOduiX*$Rc)B_R(ZGj9yIUqF>To4iH666S~0WpE5 zL2lC2(o)iRMUWJj3Eyr+IK(L>h(ig2d=Ov0-;#nMN8dofpeK?m(XGHPB%c4g5N@f! zNTX+<56}w98wrrKR@5-C3(*VimJAF%N;G;0IwF}7^$^PmBj5b1$!$G9~Z1(0lq`XJmYj1q#JgnN)*@W7RzT4Bd9 zAKY8YQEXD903RY3e6Z#y+2|1o4Ul7;D5gQG@OSQ&v8l|^D0&Ne>MF7 zhF~jIxIS0r!BIgN^S_1I+h^nO+l-1^O%Uqrd|tlaxt-4>sh!w%VH^!+w2#5=l=>sp zcDO4nHI_}h?Y~1Rvo=jd5en1ecj|w({__$77@mN!(8!`$3L{E6*hHgYsE_mqFcC9V zX3ESKd3hG#uv&wn|0@jLwbGw%i*}|p0>HI0S?Uk9ft(@seTKgc`wa6-a+)y}MzV&n zW~z*({V6j}VjssTR(zBnke7@|G?4un$2vI1M4okKo{CYz9*HZ#uQ|GsJ@_-THgouA z6l=1TqKW+B#EiMTsl2(oaaMm+j8*i$#xUD33%qCjT(nQmrQ0ygu=McvVVmgPXp^pc zGWme4-fW7y z^@x%vm*>;R!^h)h1~}QcC;ZD1bMf(q_qhtkJNLO_(iTO(O5^l0^7)Skqs6vAKhu{&TC*qHLm)T3qi(47k%)lVdT+S3tdBRVhQpPcFYx;o z!*bEsUgHRx>x2IQMGpk~I>U}cz|b2Gz@;hwpVhI|ezg`?JAAXs1t$oTs0AlM6LvEU zfTOv+ag|loKCKd4&d&4*ZX7F-1^<8=k!97vG-vcubg!D;_O3!Q@V}9n%pXG~HVFw$ zNmxpl5cL6h-&FcSF(vbhXCVodHEq_&9aeugsH_362qnE&ft{F7qR>xR>YIg6_$^CK;yjY;5p(7dQ)CrO!vs!x&sjK}|_bF+w>4o-TCp z5O>jbk#?DlRw6IK%~hhKFd2gw^BWT!GnA2T7>Ty()$FuLF-XXEaR@W-G|x1zG>Wn|Zl12MN7u*@&yZplMS(zxKygQT2cD)r zIENeCPiRlzNmwf>6-u}8h5@A~;Fgqz%csh-3&7BF3)m0aR-D*KmPn6-Z^mvnDaOPX z)TF6K_xCCHDaw%H_=w9IxNM z>P^Ot)fY3=P2fzT<|!ZP-^07hYjB+1JH6o|iy11YiIy0Sr#bcbpXEE6;!fj3&?Dtw z4D5L_G6@OeBf!S@CEReBI-kje`I~f{&3K=X7l&rTK`Y3?{v@i6h`V75#Iq{eE!AM6CZFx zw$u7_@e@XD{!^*PTFiOF=J{E}o_>-gy5daWfXHJ1X9BXv>Uq(N*&Cn7jVm`I4@Ey0 zA6S0sKJ@>z4@SR@a}*H%gqIi7a0_a1^un*O9XYA6!Tvd(P5HN?M%7!;sAu{OoA^|V zf|=A&-!>+`CcDM=5_F-7rO-H=Zlw2azTnpDDTmH+n8v5E z8~mhITgFjD4uaID&Y@l(SvN$)H!93GOj%$$6_QXa@-=Ec=V!!;P3YUN{-G9MwL&vn zl4KXpmL0hpWVgA+%A+O{tCVwuIP@IWCerKps`z?bb&M-7Tyg~JUB24c77Ot}=d-Pl zA|o*)KrX(f7S>5VOLbdUZYM>&?f!+rdxO_e5!L3eMag&*XngT?BUZ9?*sRjuVMo)P z&~QI}hocP{2tUV4pm{w%$~((Q!oGc2(L0XSwfJI$&K^mYD6CAAC>VW<6%&|{*k5E* zGG^*TLPSlE(}RQj*UnpIOONLz%uAyum(wD*3PH;CVxuR+f6Mf&M^j9|-UK!wuZsBC z7IUrb1b3Em-F=^wG356!CTbNWDHAk&a+=LrP0b(Y88>kJjAO@sr`pWET<(=BaQbFp zx|AEjljqAnPJdikwc5NCz+T;&6X&A0zcdsTXP}Y@7Uk=uzi0T)_{5O1o?{ChTYaTo z`Dv_SSn5D`zph{`AmIz@^5b^1{{p9`$6tmrz5eDO2TMRq+qTYs4VE|{3^Iz-%kzdz z5`)Qj-e0v9IKUUHozx%;7~RG9`iq?vF*SaZPis2%BxP6|dTYBqmpiPd$0ld1Uc1P< zM`4<$$+{MsZa;^t{QmJsb$q&KBIB)bUar})@wq%^l5JG>)8)a$7^JyiO-)Qc&aO0~|Gelu?jQS>9-sw*?3NXlLhm0uX1w(Uy;1bQ z#NYfphtjv;z+YzSe~&)zNc;-ftN8jUvh2_Ar9VI4|Md7P?9ZPMM2Q@!i=7L?y5Q!i zK3@$5iE6_W<)V8)p2%7e9*x zh~@}-Qr=5{W+mvEqr%6`<7}ryxsNI0cNP;b%mef1C>VEDf}0ggo8=MTlcPuHh#>RW z@AoMJ=RwnR&z>HzNXK$IAqnOPN#_Ao?a%MMo}U%*pY2*KjmWe!@XUG9y08FME8`TG znQ8oo`l6k-;#}Hs^tJJ{>%c)R1K4<)U_E5j#~a#z4L$$P_;Jth zcf^MqD)&8=-(g?8sKl-rdxyoo(_8MThlJ1G0A+{&z4tI16%7gdcEeP^Z{8i*c0;o> z#1P2%*kg1@WO?BU>?w7J9p8WohD8GDU+oF=@3HdlO3&=^&Fn(8_Sm&{#gq29lXeBk z_Lw#Fn2|VZ??cxT$RDi4{H?kCt)yD5!L3#zFl#oLmCTAYWW`F_^RXTiBh}K7tp{aRb_1e&QI`XeiK(5j`yzQo}9GQzG%k-E9|E8Ny+pj-3!`vJhR2Dsb zM01GErOu;LoIBt2zF+xk+py%==Q=3I;Y@v#%pw!`Cz7^e9ddNq0pxGK`7O4Ze15Sk z9ZG$icr)AP^}DFx!WBF1xV$Knsz>htv7C0Z+UT}^{YFf{H0j6YO$XAh*bh{#Ap?ab z>TA|x3~w=ErtTQ3wk@{J-=^TB;Ups1jyXm9IbXDyARr_nA^Ha-|A36_ zA3;t|O+`ZW>=8hE5C}y7{6B$3fR9grPe4RSNJRP{2_BP>laNx7k&!N4Iv0O3Es5 zRW)5beFH-yV-p)&J9`I5CubLLA74NJfWV+P5s~krqGMv?;#1SoGcvQXb5O-4rDf$6 zl~vW4rskH`w)T$B{(-@v;gQj?@rn6`#iiwy)wT7Fz5RpFheyXJr)SqUw|8IfAHIG6 z@sk38^-pmKaHX{Wy-5FRnDI{-=N5v}am9qCtTPGa?+VKl)hBB=Okka1y*Hd6wN&NcLpg#B z{S8Tn<&NUv93hm*25X4tX_R&4(X#c17*(u$6KC6y`F)gUHBiWmFDb|0!d^SH_or9U ziX==eiI0^}qHckeRWnFYQMH(LU_z7P5j1k08Eyn3Q-+S7MAC0D@F_nl3cC5}=?-r| z&cwp*3DO#2W@l!{pYcp7BWl=3>762qm6d&-f`T&^(-;Reetco9sC48M8ykyBAWRsT z;A7RKu(zg-EB-V0fB%+By#xL)TRWrLSGc6bWyw`Z8)~O;OFdjEpg_lfD!dpTBK@Xd z2tKy}S_-V+%#xo#Gm__ADbFxzodjQZe>~7}%3m>R%jIt13J`IS4;ZZ4`C*bD|AY(5 zsqf|$Qg}XhXufr>pY;NV-(ost7qP{H83@pOPqqQciXla6wg&Ua5>s86B6o#-hADcFC24z&>K0s)G91$xre^la zPK(IhMP$2daWL*_2|xF!v*)Nj2J$Z+^u2Ghz(}J@wpT4j=B%k|E|hkQm&KEE;Eg-* z6Eg)?y=9~Ys#=R@Np4gN+n(DLA%P^Z~I@b5zI^*@a z{#{MbEAUL&FZJlVLoOLb0a0--%`3+Mvc0br%K^1wQecRGGsR{|Qg4D5Fx?^j z5ER+<-g$hZUc?b4O9U2b!`lYT_soEYRHG#g?CindDM3bx!nN!IV|V|T(UDZ6&XqSC zW7j`<7ERf z^M2js^abIF_-Jtqkl+c0yUq_0aezGz@~J%|-kC4SU}3!EnYevQnCO56AY*0^;8kzh$`HBtY;sRu{AWfxUOq{XM zYS8yGt3Ut^!M4_ktsc+X+pl(1vAm2uK^lVQ4mk(4l0`*mxKnXb4uv(X&AG9nsZ--m ze4Xq1Y(2O-KPwEOfO-pu-bk?MjEdsm}tMrKA9FQfH#?J^Jo4)`v%U9 z4AK5pcWH{R?n8}t372H7^cP^qT6Lq<1Wa)wF$2Yjofs|1F?suGmc5hJfD_sJK6JnC z@0VU<~4g>0~)> zT$XQE6>Vr1C#K)2Ys&h>STA|QPujge8rMRgS6B^pW(H=?6aLrw`0Hhj*o*o73Ul8HGmQ*I;(=6L5v z%2_AC6E3fw_BzZeZ7*Am5jc-8E!-C0XaiW*X0J8oIRyXGyVpeoXh^&jcQ~%M;I)RYE5b4x-4PYunqV2_8avqPLATx} zLK7;>X9c0yi%MA(<`L->FZNU4Ve=a!m5fkbd3eodYb_Ov^z{r(<3+M5FDjV6!jn>w zM=OBYaGJG$1jYFnzLRy_6X3VvXKC@2RB-dfb{+Z(*y(P?V#CuP#LY}&W>mN5Rc-H< ztqxn{)T77)c;*%;k>#BrdwurnMXcM3lZN(ne z{%)~#**e`lsE}aLw~{)};}BdLn^J_>%awX67eO6^He2U0h5ELaSob?lf!2$W<5B9I znIa2Y*-!3hup!;eQ8SQN`Y)aHid&WY>ioH%MGcT@2Q4dvIfrWfh%?N+1xnb+In#|& zySY3BJKl^awMsE)lMUJ4`?WyZ-59Fbpx@JMJZ;+;gX?XqB$OnUb&S=6jC|R!`NbqM3CHl_AZ~F5 zwz7=c4xt%2h8E6mci5G54xLt}BDu;&hkb3*%TcTPdhe|T_XP>G<z+mr5`rib|CG{)mK2R`&?_Y)`8+DXlUoYJ??~OJ}soYD-6n|c1 z?JODm2vkaen+_9>HtsYbVy&8mw{LtqA(v0z==$xC2=2wrb&^ZocL%;NjNw9bu>HHb zxhSc2`pvuR`l4<5X>Q7iacgImfguL+AVOoz%Ct^2KbSb%nH@hNZH$(6MP=>#%tc9n z%iBg~k(cZIq=~ajPWay#0cKY#fiX2*50zpt&_A-@kOl`NWxk`HqYWpg zfNfV$_z0Q}auLf->`@V}$g1Es(@KnL#eqdVk_xiXdDhtup0Js{xv#`Ql3e;*Du6|D znZP|~#&y$ml~*M@lHf`G^dWVWx;%~37gg%zy6mR8<(*1)^A?oKKUL|y4a1LT;n_)~D|&k9-J3^l z__{r0#NlP=)-m?>5IJ6KOIv+st*!&Ftt(l7X_D(@({2Vj!SR5Ya9oVuMYAoc!ZzQg z5#@bwP&Xv^B;T{K)3ckmjV7tMJX6Ac*M>i(KX($|xDzb)#==l^$_vp?Mo;d`Tr-%{ zD}yF?{k?RpOJ~OB>tUA~M`rDVSntkU*862>EU%xmG%L@bp}6r4#_l0W-iCa~fXz_B zlMqDJSYfFr%V9_z6|LF$W*x$7?z1OJVs$C7nHr(;&B?=Q{yT9TgyvO}d8$_4D#TLx?X5MO%!Gk0M6t7Oj{oG_mP@7#^U zLI?J%oyXBu2&Q`N)p1{Y+WNxR})wkx0fxn&gzM1Zp8nzsPy^S;)BA* z>1O?-&)VS+sFlV~kKW$y!hNhn&6h=TO*5g}eP&hU;ighNsR z%~wmdNYl5Ooeje2t_&RmA(qYoQg{Q^oZ;IE{Z7;UfE{gqU{jbRwAxaQM9 z{NZkSRRhj(`AF3yLpOyp+lqdeBoq3uE3Ku`+Ry7b-8 zK_Iq`dIKixgNFl@@u%VuvB3{wwbK*P6HOU@A??6Ak1mIW5!b5iMeTZ91(P<3>$?-{ zTgr>l4V}4gvqNgitLkzRegF1ha{<_kvFsI5>Z!5_r$M&pYx@}xx^LRkgD^!93E$I4NkA<{6Xskavd%n z@~w52Vm08jr3ddB0t~Z>F2hL7l8&6Sa6uI3uS#RTJZmffn{Ll^C60I04k~QX!vV?s zmxJZ5WC@JI9`hV#A+tZihZA=_-DEfRwFaEd1{u}0wvZ_oK~11RAZE4Tsi62ywqyVANlCr^x-LO z1afP++)rI!Zpj5C1{wUK9uR!8Gv)ZKFrwI1_HJ0Jh*BMBtJ=l4aK7nD#Mn$%zT)$u z#1Sj*wT&KyXt}&0AgMY&r&Mr?wNxms$gR)cpt%`Q*;7(~RFSZ%J8P~IZ=k2EOT45R zZG}5bD?qP?8V#>dgosz|k9frn3aXZBZCB$Fd!AL3YOM^$$pc>7yKKdk`Rz+@|3JCP zQY7x(`wEjZ`}F3tG>)cL{eUA(9i>}7Co5e91w`GHVgm@?GD zyl<=88>||Pr2lCz~4RMJXzhETf}_J>H3jky_9D`f>Iq+HLH7%0i*c zmV}?iENO9851MU7kOy1$!#cAk!I5k+VwD1Bvm4cIGxy?Irg{IzbsoXC)#lrgXOV~Ug6TLH=fzYiMDi~Bvqd| z>dmsuyd&Nd7nclI-d#GleYxZ#uN`>_CL?ZfE3-=(W>i>P_3Td* z#X!R|4QPo|`+_@kvuCLF!)=zcA)X)^l3RHehB({UDM^*UQ|jP@!%buPmTdN!0o%7M z@|?UAyc+WDQD%Wr#3=Q$Kqo*aEE-=der}W4Trb!Cs+pw^mKA(s#>=@R)ui{jV=0wt z5fYaqqo1bT9tYhw&aY}69!Jg@Q6sSM25E-s##h|Oj+V?RXuMbdn?^hTWCQ7?)g2h_ z>%J-3Ui9D!v{-%~;ix;YZn|BeJr64KSbG>785{I(H{)LcMuqDQ*7^=dF4k#@HGTD& zSGQDVKmHeWTU22?e3cXqV4!f*dp&eS$=U5c7a_iS1{NV1auGy*_af2}hnstX_!kJ# zxZV*&b+9a|hT2ht3&Pfo?{?x?QcyfoD&du`-%4*C!YcXq*jgiJTU#RIy*de-eVC5M zR0WIDaR2Ng82@#^*H?P=8&4|As@%-M7_Lb-FbU9u(8eNgLbL zmxFl-oDBgl#CCsoOl9M9z1Q}FZYHVQm~twr6q?Ivb(qzQXM<;rM60w5Lfz~TShtS! z*-@@#GBrJt4&Ze|J#hJz@M7B{Cdjld&xf0rGgU{0O1@xkg{>&`MV0dU>u)RKEyI^H zaE{Jovhs~9qh+Xy!h2AAnh;6rR-^ETBue8JJ(yxuwKD*$VbD1*&buoeWWXddRovzH zKm(~6ay)ivQ|srTRyMj5+D+-pVi>y?^-o<*^~yEa*z##b8?8NBHgoJ;AdG|G(G%b-r=cPBD9FYOY} zlj(02URez#5GL)Z7;&oP@ig{O#c?@Cj%_WBtV4tVnPYtrfQW=Z4P) zKbH@>IHaUwR9)8<#+-r!T2@-4f{TwL+c@&hgd~%CDl(!DuYA`*tJ2{--HA(P^n&lge(Sz4W@A}7;=4HH#;~da8N~V3robA9jZJ0~i5)hUd5PUl?{*uFe3ni3A zyChfury4Mw8r2roqw7for1HVBH_i-;-}Oyoc9u1S$bqJjVRz-3>=Zo+ux)BVbs+sQ z7O26=Lk^lOR<8%T_Fk;Kbe zc)RN9-Kl=_t4(myX43FTb5Q$&YH7b|EJ=pJrzhc;8j`(wWGXs9B zdY3v@*@f7tUyh3%g4pDAu z#Dx&D?ZiW-`oPS5EvlckX9NWZxcaCX#9#=Hb+!36m+Ju*u83cOZj{;T3nuJvXcBLF zZg2jSAuHZfk2WyKArZ^nqs~{H#sdBY(N`u|{nP|cC z)>HgjNrzHjiVyUa_^oP7@4aYI1=O~Qp~Q1OAXL$ zWe!#5n#xjN@*^Qy2Sje3n085A=b?H0INQ#NEd{8*l}!-hR=c@IO1Ra1H>(271#5qgDmOGbIp+Iqc*ME)rPMhY07;Towo* z*Nd#X=TN!I&i58yraw{Au{G@LPql&d(8P_N{E^BV4Fi;m8V_Dc4I7`k@Q@wSve}$=%#p?S!jj4FjiVRy?hI%Oh&)E!Nj$b|iD@EOaBByr6Ku+PrL#YpkiQ znWPt=jdXmWwc7Iavms97$g5a&5tn_T>z5C(re<^pz?*jzagbW$T!T7>ef^PlEO4*(s;+o+5{hk)#!(g#NRXs3X>FMtf&SYg` z&Y0NXX=3^|=H<51Od8qn4N>^382MQ(ul?A2cBah=zg7yIDmRfy;}H|bm$h`fgn8qI zw)I_n>kieq+d+TxYk3mC;fU`$fJCKG?*HnRBl0JVSl^r|Hh_Ph`bs zSC}#4k&U=mi5;Mq|4l&s$*@(})bADkiA9HvpO%@w62I|tiWmxEt31Q4qraNx+t9lDd-|c$MazO|JN7Q;2~mu|0wk>~ ziNs06SDm`hw!YT4U9P;1)$!xZmE|QBiQ(-YCTNV1+L{T-*^HN&xx1(KZBFfVOURDP zb26F<@^8}WiDRoWBUgcig=OJUqv<;;OjQOJTus0HkmKh1VS0<01g7}-H*W?FwQ-w4 zAXhOv!6x>4{;n%C5le7;k)g~G4by|RtoiTL_i9XU^qZjzE!$O52hApdLO9j&*;Eo* zagmx1oaV1(8Qqi&#i0=3K){N7@X8T;MDw`JS0NT+Rd*8s8 zzn~;cA8R5?@v-qmO^kHAhax9aR5fzamI+6VPMjdbs!!aufKs1OBQ3s z=OsfMF^{MGHdj4(tInS876Q~O0KVM$VAREv6wSkh*JDG7^jqyW{aecQNCFPXXM0o zJ&!5zd%gv!euQMl0;VAUR<@}CB}@Y<=i9Igcv46og*nQIUEK>Nj##yBq10JYYF=AW zE%riezKNgnPHA6Dd5em*4%VC|>oqzp9Yw>p1@WctDFvm@+YUfkEfc8 zA<2Uf3A>bu0l0gP<`=)iiVd0f2@W+6#`#V#J}t?!7i*7FspyT;=AK9C549f~=8I7<597s&imo9$Eg>_()1jW5@2bo?nA};D>z|vP)ST zvC=x3_^Q2!NyN#H$1_ulMZ{);8MyMWjk}$#oA;NM|ET*-54!LAXJXNirPj~ZaXm&| zPK$uZhVtq93#8xD$Ly}M5ib&5`pI&k=A~Ij9ee|WkKF{Yzx8^!vigHO0nIQSk}H?pEQvW!a3RP#k7AH=M%V?@yv_ z89CS(#jTQNgMudZMHs3BXx|UK=-=>z8jXO}WYmsyRNe3VZeQT8h1Ra4s!4QeoLpR- zs}!DFs+~5;C(BDzjxmx;Xyj4Y%F_UL&JUsmSiUqg+FX+Q3&k&opO8<$zwEeo>(wLn zQ^(cZ&{D!77Y)>=7GuI8$6V{!L+fB7zSsnZ7VgId!v8L`ifd}dl?Q#Qk!^-}PnsQx z%ajk7?|vP)B|)wdA}Q!i-juq%{enmd)8Y;4~-<+{@ z8CRCtgU(B2*)U4$98C7$)eOHF88N)T7eUT1F2$ovs>Q8BuAFh+QPN`LDE047+_({l zB7L3@R$rf1JuX#<<})Lnyw$w>?x{?AlR$Vbl7{9lJ-h*U0pmt$#d?Q)Wi?Q z=C?|>hs-U?lC(+Vq4Zvx%-1^k0#HVnm^fiA4;W0{7+{)(xnxIXC*~IT@Y{NCrN%9I zOb682B27llykl@|C#(Exmi3NNks@sTVlYPiSZ2G=!bWyJCIjBX>EcvxbwIu!c~3n( zU2j(~i^dR7{!EJ<)(zXhayCsZ&naVMbY^dX7?9DhfvazR*O8&{GZ+8PF_Nsp7ay?K4%swEVaWX)z!rS7s`p3&u%1@UopI!g$1i?&S<*tgya8O zi70XMPii6>d)LsXvb$%S z?yYUakk2HLXR5w~xw)Fq>EM(7coS!Zf^`!tTSD9LJtnA_z^MnCcxH=dW&#(XlwQ4^n|tmmGVBNA!RkLb3CI@NeODqP=P+FRWr{mNYL zcORk10JI<4MV^eB>?x^=s@qoV*m^b>f9{BQaM!l=7H;&|>b(BxB5|H5>QfrQwcW8c zKlCO&H&0F&At<_mv^M~$lZ~332(gR5%4B9F!mP?-;)k!XWKrfV>iXC;ZvI= zo;r83qE%-ua32Mgt?ftcNjI88`B!*ewq=wFV@zB1?ul-F%Y_N&_Lzdq5Gn=~N`Y^F zUNcp7gAcTG*}=Klg1H$srb34^zf)W77@`eRu?}DczS8$ge(34HLW|fjW%EDK$kg%W zvlCOEuGa2B^{HnZfUgf2BB!O8=GMtfH$}ITE&0PJ1B~G?8%)RdJaGqzxrwup`n#u3 zeXtPfSQDr8SOBAdsM_Jr5rjFqaE2!wdD_Y3yEqA92s%J-WYFnJ&zkhT;H9Q<#1=zd zpxDUCIOLIITBv{Xm;TC0np>(9Ob$Px`S5nKTaIOS44V)w;^1F72?moo5S~?!s`Ayx z(>oB5kr>zWJCQY}Z{-@xqt7IH|1PYFA*l??I39x!nvQoL2c39BmcH-M61$k{#!DtO z_N@pD&wY~)aGDx{Lbn4X@joJhMl=pD%j}Bo@WUb5+hocFX8HVP0g#~TNYDemWM|8e zp^b0rlflqF*``Mi^;eBsE3?Z6pdH z{I5lf5(%`GU@mP=tp=?iOVSTdDMv`xTu!~4r2=p0ucXb-7tLGOGH0w>7-XVVarWv9 znm!nv)PHYR=nq?^3YKX5G&isCIXWIiZ>XyRogHJZqHKypm}%yu^k4CNaI+Jqb-20& z&KJe+{!}fF8+UOTdu@|CFhvsUIoY7Rw7-_`FQIK5*GapiNB&Ln2?M*oR2ZL6?((uP z{7KiKf^sC-eUrfhb27wpx^8iDN>cw`aN=~0Er<-gTr`XG7mIH1cLRfgi8z+batzHZ zNF!JsHQA1zD^ns>OWGFRJDGM?xM)tX)VW^lKXHRy#!sD`D+d5TOo%8g4%Sd)m)|~L z1{rec&saP!kG`Z&mV9~aonz=~%gyVe_!UFsqDs%7w9PCx9ZIdNBvp)kGVu* zgvX0zn=YuI_ztc1E8;hzg7(!Fj5;U6N!1Ar%8ar4d*V_2JaWG?pgtUm=L(o{A(ESO%!i`GR0ThNUEo0b+TNkZq+!5U`U*zRW7TXRuPHHUHQ z`N@ec|3Ta|mj}Ih>~)tKXFUASZ^MGcKb$qce3n+0d&=$ehF26VoovWS(78Ozpb<fMMSz1Cww~L@r$URi95AS0pb;t9Z?A0j}W<2aQ{Nrbt6gjQU_=I5zQeyVah0EtCfOQ@-a zK|VUdzrA3#Y$hQJe&cMA;gY6JnOJr6PvDJ#aiJi(qeWf8<4Dq|Uwg4vzA;)f=2w!$ zP(Zi7zJkpJhiJW3;d&>5j#m~6RT`>gj+<;YijvQ6KTTlcgKX-}Y~9Ih@SK>dCVYgk z>F|1K(C4R8;o>c-Yn#hK9D2<#af+E;w-P0CMdE(SKt@AiV>U(CnXwT=nYLhCryx=v zkO_`?d!#q*#ARt8&%=8XKU|D#fq_igg1(A7C90SW#gp^apg?oTjPZ#j<3obuusb-O zgieRVmUMPygh4e^9nPm|4%Tv=>--jC9?#_kZ>{MpNgA8>u`z?b#)C4|b?e8y5e30L z?BI&pS-5FRlkC20@e;2X+0Lpt%cMD^&bUH=ql~pItzzT?enE=+)Z~QaP}`S)VA`>3OoA#-jvNQ z`L0Lgm5tZc@dFL%D|uHFmO(2rItmG5=%UhcDJ!2*^e=HXR*g~)`J5)^mbtm%#!Z3P zgZgY$QzR^ejnG|ZwUzSRU}-IJ9S~RQ-TsxjrZJm+lLIr~pRQsmuW>T{_1bVmTnhS0 zy`L~vst|M)5pz*bo#56wzvwn2s=~m^7|>)SRnI($)n)HF7Y`RGP$?Ms8*d!bJWUFc-eSI(Icrrb;THB+lE_^~Q~F zEK?P(-W2n}9r_$?q~{XZG*egpR8hmTq!%rs^?qiBU;Ade z`*+zpOVdm#(+2xbrP|Vhb8&6cM7vsazW4GNChoUnPkZ$!`QGZOyY(-Kw}&s#HlFfL zq@=H^%@BiBdnFxVG_5s32%IMs#7KuP&sk95vDgGrtN+G7@sC*vI56n;P4~CourF2y z5p8jAY|rW44dDnKG^zOh#Pb*2Fv`%A=@mgx>n;7hSBX~#RQf;X&We=TnYr?KRZO4= zA%On&j&T->y&+*LkQ6s1W?(ZO<`_-iG$ozTYoRt3idq`g=j*=4u?-nU299~R%(5BW z_yIgjy4LC=iT-vyR}Tw`5@~#@jck(`DaP<2_F4Kx>jlTX(rY^~HwUm1y%vlzKAWa9 zT_6385MBfSlyG$Z{$R6YsrxbJET#qh*r@|{`urq)J8Lk)JiKz@`;v0P$fEawG#&m$ zg`LMQdps4H#?ETkgZF9$COIxtom;kc2FvaNb--A9A^Sz&vvvi3cGI)(hYi6hWLUW5 zoBlOTq}dCd#%2oPZRBJUE8p-po4>&3;r?PoeQ5JiH>SBI!pgN(`_vyknJEsRirkgN zk2)gd6=LRI;1BM{7YG7s+_kgG`AB~}<(;(GvV1b{C`W~@3x0BMYQ0QSHL0=XxtOMe z8?Tx6NGB9rQI{E1?73&MKXd69)-#3_>cpyQJgLiP;Lnk1YCFr0HUDXVxmK9qcOCKf9aGmM}g2dS%XJNt61&>|qgU$eqI(POJP zDO=`d%Ks`_cDpeU-^Yx?L86e9sh)O)P=5MNrpzAw!diUbHf~}Q%0zT7sUgTLm!fEa z3Tne&iR5UW*W%q8jK(_PL+q|~p(M95wFs@0Hfh1WLx0Q@_v_L%-r7EQutgSAP&7HQx6Pd2KYctO$FGvhATbCoC@oM ztF{L4q)dUNGvAPPL9tm5z&z2#YQE0vPE|%w>Y$LbFEV~UvS3u?4)&6M<$JV*JoEj_ zJ&m(YqiqF|?f#Ga22F<0qtyu3{oO>l9scg#Dp6&8k#OcX+NU6=E{Ek#zQ7nA;R<^1 zaUzG6!`p)ch`B5d9=tmL-goKs2;)#@InyJ-mC|Fod|T)ww^SD@!}MGqY&6bE5;V!6 zRF;((q90!+WIpo~1VOhzA1DYo@Q_)U% zaJxsx2F0GPN!Fax9e@qyVQ@ zVmhW7Vdrk{0sIev^tlb6$NYfh!Ex-S>NoL6W=bDG?1ssG-l|3p)bCmq`VA#Vb?IU^ zwPKgZ+jLxW286gBBTyl#<(WX#_k+K%M>U8ORNsqP(;L-^$_83ECSH;uk!`e(^MU-L z)4GJC>S01oH!GH;#KJZ{4P1wI>|bHn$CaI1-wdIKMC0P(;tZ*!zy$wQ1l`;!Ibo=e zIy_}^CQ{jC-o*KOV*Cbw(Y~NMAPb8Sv2~N4i!OBZYCH*uI;&Xk{9cYqEk~&Z9vfq4oB9&6lb0$tE(IZ!r2JLqidnoIc)bZRz_6XHL9Zf-Fh( z+m4yg;m&s%IlBFRdi!f$U^%MBSDGB*2FoPf4}@qVa}gI~-i(B2&hd1NF^gpWSl!^M z{?B6mJ_DQGfVR}j86o5NHd>*aNa!gQRu=V$0 zbcd>GV)0Zs!NNC^}3;D3?Dv&nFTQY$bRYeEDCfEp>8`Gh?QD1N1T-R-)eat8{vwS8;Enb~H? zts0Z?AwO^n-fP+*s`wgSSMF;xZowZ&j;yP)w4D%}{4{_{vX?km3Y=oewt}T z{Q@TF!BWyRcpKk*%PUSGZ^RL4YX!Q}-)+~E{>5VGKspU}dHCSK+bXRq3u!E*T(HsW zzlg4eBZZZDossX8WT_kYeEOy8O}hmWO~3NmM_#hijTM)VAo8PZjhqmkiN(%-Yrr+0 zvq|>@x~*}gN&Fc)($J#H9Ft>){S(WPwSK{j7fI2~nFgd1qj z82}4TflL(eG5d|jgF1J}nPi_y?rAw6UT0(R-NOUgE|@{YTVncA&HE;0EVqQKkPcFRUJp$-nt%h#QHhLhyIE>)4sdl*xRpIi7tOpgkH9vDCUNhrI zFZnbA(PvImH<|7Jbc|%4JK;fSP-I4kSE;*1%&Lm<%ZZ6MW0nIdd~PY2mcO&fMa(V5 z4PKbf2rci^al9}Q5dD%`PB0lcc4XZ=6>6QVBdcjDh1B%AkhAEA3x=3fPz+xqX)tN@ zWtAg5HVyAYfCWaz@S~oEu~Xre{tH%Ergv7Np)cJ$FWf$Ym^3GaQa2-wm9w*CX_>>6 z`~`1u>k!InMz;|QQI@OU`y|$FM2r|sza10NMDEl+f}sCNq}zF`haREh@N8VU{KyUV ziN2s#ma*6_-Q@l5A6*uO9{FMBe9fz#E0o7ValK0khzHPXMQzlr2sF2YU2dwmopzJj z2#2bwX4ovjH)2XJfBe{RnIS7z!IzZ4i-iHirMz!F{c;_3SE2Sh&1aOy@VGH5xe^G+A+pj6MCkYWm$)Fy zV0N)P!oi#^3%ne=@9Q4=7DxtRq-MC@lVwYoran6>v@R%6d-KLo@njQMzytrMSH_^| zm*A}6hZq$8i>W^V`zjdE0G~RdtOfrWk7~+7AHYsDRat567CNTd74;?aj2;$AIG~s- z(72R*X#xGgU~pPy>o{;dktrzbQXRzQZnbJpCXt`g3bI9T!-SgAyB>9P7R+9uMMDZX z@t36I2>Khxeq}iRke8)s)F^eBnC=WUd{wojo!kNIS#J3nFlfEGlQ+KOb0^!U2v)@e zfCGevyI2S97SvkZ$;TRY;fDvW$yvPHc@ZnRKCJIK?S%T*RXk{h_UbrG$}e40%!$Iy zXrrIcCkw1jal}?(WrV{=K|#yW|KD-e<-hWv4P}%s&r{v5P)SNXQEcoMC%`6+C=H9? z7bWmAZ@#CLv+QqgduLnXg_{V1jJ;g3)|WVdevx)?*~$G&J2*=`d0p?NuUK45Uj#pO z*yvCdTg!#84~STcBdS|OSMEU^F1m{XNy@xAhti~Zm52Me@h`c~FkSeN4qdP6t?Fxi z)0y-?54I%9VS3JKnyhuX74?Q8eqm&SjpSK>^3aGR zaL10;9YHzL+;3d~UYyo}ej{M}(sO23qTF+0vf)9JB`FLL54# zAudx&3r%sN$fe|^)sL0OlM`J##U##k@CIWbFu=x4zUkyv9XH!Vmq_YoRaPHemG~FvmAXDL(sk;bfKEXkCx~|0R_|L0 zHcKX<#%p2_X^wr_!HV9SR5m4SZ)i@dUOZ%Wl)GFkZaVssuc7!aX$i~|28WI^4AbRl z$~?nrd<_k%6Z57sFSo~^VAe{C~F+hT;DY>DmA75}J-LAO7&{UteM5)Ksxmo@bNx%QAz3Yx@GHd!M2vQY9 zkfxC)ExnM$fFKY+dXp}MBtReuAqibwiWEUmnsiqXP!NzV#YR<8iimWPqM(Qf_O|*3 z)K&L&-*a~Nd;i;TPENS@&Tr<<+?nTQo;-8K_i32dM-miauD3GCihRPlJR?``nGLz7 zZ8=3alX&MQyOR4VQC8tV8O=+gK~OGe^VH4ic`EUgN4TE3e2Rfh%T+~ruk$FKhwtk~ zL{9Cd8Y<^hG%J)VB^}Y{_thaZHd7adu>Q3T_pO>5=kiN}BlCN?_^R$Bi#yxJ)&!hi zbj`%0I&C{7w%ggPQ_;-o6Ix{Opfy#))>VMRUJOZJnH>_K%GQ-tFNkuxI?W45UyQF# ziL zK(0-Q*f$PTfVwz`p-nEl9VrYW%bwDI0e+aL#AmZ=T-X)hYgu_E=HZQDlC>akX6X9N%p}H%0Jm`V90y=azRI`s{&*sOE5JL zURyV&8hiNh?3s=uRxK@av=9x=I_miesnNWoxV4tU=Vi>fhQ zIhC@GDblg3s>(k1;uJ?|ZfTw#R!(mCUH-ub{_>?IccV5CvUuNDFvMWhyfpuKAD_zl zw=CJwTWZe+v-Rf`5|l``)Q|kNiSc!5X-K7xBzQ~9#o`^j$;_=mcWt)J?IMKfT6V2( zQz|M+o~%2iyQ#+}?V%2r>g@FaYD{ZmL&s)w1=gVYrTp3W;$H z=)#y@0`)m`6nOF|UwP7pkl@g`QfKv1I;gX9S?6|gKzspIxmIg(NJuVn$_JlI?oP+4 zxW`^hMDy>xX5`T)E|9^~zKk>INiVvyZq{&P|F*!$XA8}>H%c?6etTA?C$i<&4cz#B z{LgM~HAyPWL5a1v3tzc^hkj;Tlwqywv!?hx?jtwC+wP|#Xlu@I*nwv3VEK(kUmVfO zA0B>HeQIlm%4FNA^tq_;>#~*j_1us+NkoKi!uUDiIJLv}@gsYM!&uq;H9kz&TYyZU zQgj6@EapTdy6c!mS4f@H^I~wknVDIVw$a3O69To$aHCQW*O4}b!-@{~0^>V7>O)f{ zTAYX>lMj7?2*+oap~SfOr!z8=J_arOKCmbZ7el%1%lsXTWm&V7l9+0~YqGCIy<<0D z!MyGh6h@90Z0Q^|=2fx*Nvo>q&5CtcZP{-|0c=$#1-kPQ){d?zPLRN1>(zB4yT(OR zqg;3*k^vHj%}4{ur4Gnq1b&lqBz0E($dNOM8)uQVErDv;8REzHj1sM#mO05a3Zo0Y zL>hxmCl~eVhN>-NsqoEn0=%`R*A!yZyid${MGo;@X9{_YKGdB*Gcs1T@5EmGb?=fq z4~%vYwV(UMrp(nXDqH9G za0x~xl^3Or4Me**$+!8cQ@93GrYZ0pK#d%?PlI2-t#F<)H@ML9s#&y6<=xe@@v`>( zAP}17YclPd^jd$?SrPm~oWx!%e6LkI%qbg74eYn4o}Hk7*eOaWZ_AyzrkHs2_Q0}R z-<}HwgKsqUKQZr)6j6Z-Hm2*1s57fbqH+517gYn#(@L|{$yWmXD2}+zh-bagg9bv? z2F_^%k;8MoZH2&fR{@&N4R23ADMJnfAKKroE@P)_^iItyz66cZc`n7GU3s9rUDKu_ zVJ5`ad`aK|%hzQrKOo6R0^3c8N9P)HRU16is#mWXr8-pi+s)b6Ia5qu59rl|Y1UYT zmAcGdFt6CrJ?Z~;9<)t6h)-^^s_mGdpvu8rwG9UWgEdrCb`3>ehY`G2tj#dC1{6_j ztdQ7%joRH*!a{RZVboP=EK zCMg+p&Dwis`<>t1r&iVP4U`m&mU9+TJFVUg?@79ox6f*{f(nBthQFZ=8^e zw)T)QjIpyv$31HB6b+*&($`LORS$S=FF7%ve#aCuq(d^4h`_!Yl!odiOI>Iho7;3Y zN1&W$D9LZDE#u^+HZ;T~LNz6l(?oK%w2v7IdElE4PtHd4Xfz962L?p!>{%{-y5Ej5 zxpBG}r73cN`eK32bp5crr3b{{o2nii3v5!qXAm=W^h|qYNJIIi77L*$d;D!1FVO?w zbR+29_zsj8*J-3J?Es%s@&G~-9b4CTjQc!#-@7qpMry*fm{#MKW9v2-j^u??s?W(q z(1ow?CX0{`5Aoit6;!k$_>d2($K0_H!TAEt2*D8slDw^*PZ=!dv|9Rf;)k=>eyi>n z+Z((eUy@baxBrfp+|^68x%uz?O-Yseb6Vxa|j_GNm56y&dNZZs4+)W2lPP z$)i4~x;vsB-W@jHdRL}rInS@@-nN`XIL+E=2y?YmXpZF?Av5hczhuMfB;yP+#KaBx zha_^A5d8M0$u9ix8u`-rnA-#WP4rs1-VkFAZo|~T`_d5^fki&HQaRvCpn855Vj z$FmL7;cJFm&7X+pCT`DL4+5-Dk**PLij2`N11bORmhML-;4ghgg zij74sw#rV@POIImmnu^>UmFCINKuFm<~f{mS}8bYlSYr|E_JsoPA+E6!9|lCI!YQ; z0=YhwK5)BJH^~rX$Q>wl>l9l$xxDKY;TeDFqm$VM4q1v3)fZ2}v#~%)TCXt`Du8X0 z+<8JNsQ`6dUB6%uboj_GL5Q5=7uHQP184`5-6PY(>ziu(m{Sx}YGPs6mA;|-!t$dL ztb@NA2iZ*Jc@JJS)-zP>A83dVK2^DaQFnFEjeEukUBmZ;*tg7Evh5i$?GjO0qqwz? zU3?@u&r+f4HjNEbcFlQ2l?At~BI`nXL*O#qgx<6?+n$@_OwWFt<%11qt(EbT!dKlr z(NWI~lpYOHxp_QAy+OwL1+&m+1P;#nTp^%J9>DK|WPe)|kaCVS9WrHd&`IWZ?#`0W~n&Xi>9$#O4xTf=A zUSsRfL$<(C6Vb%QB;8I*m2;QCL#P_sw z;sWZ7ZxMh3Af77qs%OcEo5Nz2x=!@F=OEpBJcTexCrq&dHG4)IWm+#eMTuYVx}4Bb zRrE?uCMUdEs%i{lW5x|&Ic}OT4Nfi9P`>W0;di96Sw)r`ZF)t}=|f4nu!L@nx|CUcKbB+-Iex#SkmQpXh)vfSj2Fm zu7ke8<)Sm2At-a#9=WxWEElKA*&NX`>c+9Q&o8`n2~P1|OunzqZg%pGR(F+(+4Qhr z*h+11fbeFl#UBShR2CxHUH)>wN93h;`KWN|=(|u;<@%xvf`YJ!EfmbUoG?kc)d!EL zUrVAg`GnW>ZnLP-tdo0UfzlHoJ&mDYMUP1XFXo%u)oEMX>6VH4jy^I0>W^jHOJ>+- zUwZB)rf^zp(};^OT7Lb8?!#|h-ixOmN)Jxj;ybUV?5iM*lj_3fjdjqPTVMB4leXz; z^y?aGG{3nc5!O7KN)+7!-DB(sKeDEbP%K1|YG}W3;mGT{80V2N#W{z9)MJ<4IS1+4 zMcGtUCg?HmnhtiBmTt4A5N-6%IeXCRQ6ey=kZQgy@J#I8Xg-`|z4DKbNU4&&%?6E-5TT zQptk@(ELME;Dei@t3$G-3(#akW9wODu8fgylrBn>FSWRKSmxA`$mN3L zwjSb}EK#yo57DP-=?f zO(s|gD2yZb5M?Uf*KQpL)71sLjgKAM{T#KoQsTwlexaw8YtWBTaGf|$o+|O@e1-W@ z8IvF@pca_$=Vaqn!9hw8$EIw6!nl-(6?@BJzsDrUf&znv&{wUMK(mG@g>x{MycmC-1VpP>yRQft#}PpaEhJwct;Ft z6macz^U1p#WSl3uz=S>%k;q47?4_$`a~$nw$kB2x{V7+YrXW*K$u2aS`{4&SLBFh5 zB*RHSTHZ0)o<UBv@W8iqaFgmVVg4+K5nwmUkoDp z3(R7kl02+s5KIOr&hd~;z2+=~_ccoE(3$c`2e9PW=@`|6^$wQBLM^WXQVnFyeQ$UY zz|^Btu%?n*DK4^G9Hhtm@xH^0u39Ab{`Htz*^r?PLrJPo`J=G(W1@J))8siu9A*))0>*YZ4 ztcnc`|4cErPa{7m>IVH*)9p*GHawNUCV#2chNp0Xcz`;4uC^GmuBNs zX0u__zSU#%o+z_3J35Bi_{1XXl%%&=@<8lnp4~$u!cAuL$THU#lW(r1OF6q{i7BeZ zeLAq!V9YpqE9oSkFYbQM)u|aFDH|RBWu3kw!CS2N;6#^Hh0y-yR^nok;)3Cd9q^mc zh}0$d?C!PG&>~e{x!5CdQA$QjYc@#c@@&M3@c+`dUQ8@JUInn7U}L;?!Mam%qgra3 zzR*F_rU$KCf-Mb<^uodM@+p%E{b`DCrY%!=+;ApFkzju42JMXFCQ1fWhMQwTe6Urv5{!}Xp|puO77Z6La{=2Kf%;L~o2``N(p zIjv_O7qv1=5!id`3r`LmTqu`$PI15d;A}-$81sEbh4+owX;jm1{*(Np-H*?K!d_A9 zn=V4gBhnAx3p-yaFMG~*pR7{PZejQx((KQ%Y1sB+H2KlluJk^xrS{fMf)*OMsu%73 zhRYB6N)vasA?F}R!Jis9*~nKjAA0SM(}oSnfvN91{CeLC_YB5XJrK!bVrP#Qg}m&j zoNd8qw)_&Gw#xw2OPIP0d+&y5+ACSxQ9@)Me?09n(K75h-c-!yKA)Z^gnX%9H>t}m z+LdK7YyRFtH$8Qpc0i{^va~d*_BQ@}*ZdQ(rh^sFr;9gBcK@oZIoBftgp7tDY?ESR zX7XQFN+Ii?w<*=cJtHX=64Bx0|we7&SMt{Wef9^yNeDrziBuO zWy$m&2+6Nm$l>DVnrA`x{lqz8-<~XFoI}vk4>uoAAvOal3*! zl^8i`FMtQxi$d3uf7*Om9zY>!$=f5%AZ83bvNy#jlu5P;HMb>(`VuiD`CZxqxL|BB zjX~p}0fK2%Itv@DB~MtXu88G)UTFr)16GHyeYNCQ%Ps;O%q#(VeoQg|1A+pH5C{~Y zi2=a~5E7b%(Ez|8oX`P*gP{l@6pDpnum}|3%S&Ecfb$8*Bza=3_3>Z$asJbi_hz#h zSTHy!C}!XvkAdKI!oa*$X6VFGKWBVf6d!%fx7m-x<+apw&r&h<-G1Fo6Mvf*{~OAu==j?_@OEPbo>n-^myO zOzP^SNJKE1N~Up&XR2vh~R%l#If5KE&h=z_%qq6@;~bY$1yq9 z%#TFz4AJLAe$MfnFgOqj0YWjh9Gk&3u}~BcqKSn-aNs|T{HE7c3_VW0SI(8==NQQE zF}@r52aK;P`A<-Ol;q2*Umg1goK+5fOj|!csE}UU11$CNW&~d{699t)JpGse zdp{=W^PIjP{UeZ>8CKtq7_ed`V}0#_0164~K_GY{J;)qUh$sROL52{47$VFA2=l;@ zP*4aQit_vn`y=gt;2P6eYyzD~{)$V0pio2t6bAHw!aacqPdFNghQQE3xF?DX^VEcr zJqVtw;&O1mqx}zDR={e#)bA|JvGb~**^vEzZ2j6nrD#K8IPi+ka6W!RT-xrEWjve0rjq}_bVU+fD*MOQZ_=(r z3oMnuIoe)67|1C838q;HYq4=DdjNq)|CMIPdcEBP^h zBFm4K;Hc!ARbI{2yO;+f(MmM(q=OQ$g9%`#{ON1AE*7-acs!!9|IrE7K*?^;8-Zy>2Hem74n~o z#tF>cek5&6CMA$UC3}%MA#T-xe^pgqaQ>+{E9IiK@th!T;ps^sQV3Ll9g7UGpi@Ht zDtHS!3(ms-TjH(a{!`&>C~UGZNgGb<$J>aV`%C6bXn}4ecJ91fVBpw*^5XU~nXY z@HfT$!r`9^s!Lo6&m2*a5Htz`LqdRP4Cexbz@VW(f`U;0*Rj&n2u35Gy9e-KT5GzO1G>uW+0cwGnr zrmG18h?-*A5y#y$u2|H=Ee zIsZ@KKZE|uSfuD_&#zcl#Y)%CBs{*ng%(%^qr*Z-Tk1iq#0I7jAa$p>)~ zaz9B4!oQ^i|1@8Z{F<#ta?Vu&K>sXP4@22NEGw&S1@(Zt)vX`{uX{{YlTc7D0p5=J zSX+t0c|OJB(-LDNYk0PB%`FJt`-wFF{ZOCJcMpD-2C;hY;7`TLO>y%bgNS!rj-T*p z8!)P-n&gX*H^o$Y@|)}-h(~^O@f(#rd*)gF{`c4O7fQgYp%@qThS;!!28rvNnw$_e zAExx`BdreX4hpnx34M`!ckz<;+}r8FZ6c7)p#?>^fnZz-w0LUq&Dz%}gq+g^AHaDV!V{hoo$ z$+~#&+kxsY1=o74n?Imqp*_5RSt{w5l+38|`qw$XMfF1#Hgi98BtW?xJ$kaPSa0U7 zNwM2|JbSOp6B&4{(RCAfwbnh6(S<@RRh7L?_L&Y=d)5}9Mo;*C3e1zqsKEEQU6x7T zdc_lJ%J}$7z&Zyt#`Ahicu7wC*rx=n&R~(=x%U%Nr+Htz5%AU$xq8Up{6Uvqmt5bb z=wP1%i?TM6s$*7{6gyJl{kAb!{>tYdox5G7G(yNw`x5#}plI%9CHw2+W3R){ ze&jySKVi-*=0E708KSqroNsdyf8&jL>%DJ19-npxI5ticG5g*7ceS(^27*M6Js2AL z#90Zv#xK2ovJ$>K8|d@BBTE94#=_xNjs*&!(OCc_*pf*mQHY$h1^^1v*8X}l(D%2S zjP;#yP=qF49}36l8|>DEAP@$+dKg`lo+b)~N1^pN@7g$B49oxx$L!{8#F4vE2wjXm z5`stQLXo>MnB7n$LfaK=O!xEyz%@C(V*R@>z`@pjery07v)XDy2_*yI=+D04U`_S} z+dD%6Z~)ZxTN2%S!o!1WjWWKoL7G>Ym-l!hz*>KcKI}z=kuvDy!Y2{u%JtkcmhxF! pqm1yp;hZ$S%g8#LpXi2@=VP*inPg940VotDETE)hV1XAF_&*t^LaP7( literal 0 HcmV?d00001